The post Jok3r, one tool to do all hacking appeared first on Information Security Newspaper | Hacking News.
]]>Ethical hacking researcher of International Institute of Cyber security says that jok3r comes handy in initial phase of pentesting.
Jok3r is a popular pentesting framework which is build using many popular tools used in pentesting. This tool main goal is to save time on analyzing of the target, demonstrate ethical hacking consultants. So the pentester can enjoy most of the time in another challenging part. This tool has been tested on Kali Linux 2017.3
On Target we will use DVWA:-
- On Attacker side we are using DVWA to test the tool. For downloading DVWA iso go to : https://www.vulnhub.com/entry/damn-vulnerable-web-application-dvwa-107,43/
- After downloading iso, open iso in virtual box or vmware workstation. Then start iso.
- For getting DVWA ip type ifconfig
ON ATTACKER WE WILL DO Jok3r Installation :-
- For cloning type git clone https://github.com/koutto/jok3r.git
- Then type cd jok3r
- Type pip install -r requirements.txt
- install-all.sh and install-dependencies.sh permission needs to be change. For that type chmod u+x install-dependencies.sh and then type chmod u+x install-all.sh
- For checking if the permission has changed type ls -ltr
root@kali:/home/iicybersecurity/Downloads/jok3r# ls -ltr
total 176
-rw-r--r-- 1 root root 35149 Jan 24 00:02 LICENSE
-rw-r--r-- 1 root root 348 Jan 24 00:02 Dockerfile
-rw-r--r-- 1 root root 461 Jan 24 00:02 CHANGELOG.rst
-rw-r--r-- 1 root root 2519 Jan 24 00:02 TODO.rst
-rw-r--r-- 1 root root 41498 Jan 24 00:02 README.rst
-rw-r--r-- 1 root root 1934 Jan 24 00:02 jok3r.py
-rwxr-xr-x 1 root root 3126 Jan 24 00:02 install-dependencies.sh
-rwxr-xr-x 1 root root 129 Jan 24 00:02 install-all.sh
drwxr-xr-x 2 root root 4096 Jan 24 00:02 docker
drwxr-xr-x 3 root root 4096 Jan 24 00:02 doc
-rw-r--r-- 1 root root 249 Jan 24 00:02 requirements.txt
drwxr-xr-x 2 root root 4096 Jan 24 00:02 pictures
drwxr-xr-x 3 root root 4096 Jan 24 00:02 webshells
drwxr-xr-x 5 root root 4096 Jan 24 00:02 wordlists
drwxr-xr-x 10 root root 4096 Jan 24 00:24 lib
drwxr-xr-x 2 root root 4096 Jan 24 00:25 settings
-rw-r--r-- 1 root root 32768 Jan 24 00:25 local.db
drwxr-xr-x 5 root root 4096 Jan 24 00:25 toolbox
- Now type ./install-all.sh
- Type ./install-dependencies.sh
- This tool might take time to install dependencies as its an big tool some of the files takes time to download.
- If install-all.sh and install-dependencies.sh are not working properly or showing error while installing dependencies. Consider using docker to install all the dependencies.
- While installation it shows to upgrade pip for that type sudo apt-get install python3-pip. Then type pip –upgrade install pip
- If docker is not installed type sudo apt-get update Then type sudo apt-get install docker-ce or type sudo apt-get docker.io
- Type docker–version
root@kali:/home/iicybersecurity/Downloads/jok3r# docker --version
Docker version 18.06.1-ce, build e68fc7a
- After installing docker type cd docker
- Type sudo docker pull koutto/jok3r This command will install all the dependencies/ tools that are needed by jok3r.
- Once the jok3r tools are installed type python3 jok3r.py –help
Attacker :-
vroot@kali:/home/iicybersecurity/Downloads/jok3r# python3 jok3r.py --help
____. __ ________ `Combine the best of...
| | ____ | | __\_____ \______ ...open-source Hacking Tools`
| |/ _ \| |/ / _(__ <_ __ \
/\__| ( (_) ) < / \ | \/
\________|\____/|__|_ \/______ /__| v2.0
\/ \/
~ Network & Web Pentest Framework ~[ Manage Toolbox | Automate Attacks | Chain Hacking Tools ]
usage:
python3 jok3r.py []
Supported commands:
toolbox Manage the toolbox
info View supported services/options/checks
db Define missions scopes, keep tracks of targets & view attacks results
attack Run checks against targets
optional arguments:
-h, --help show this help message and exit
- Type python3 jok3r.py toolbox –show-all
- toolbox is the list tools that have installed.
- –show-all will display all installed tools.
root@kali:/home/iicybersecurity/Downloads/jok3r# python3 jok3r.py toolbox --show-all
____. __ ________ `Combine the best of...
| | ____ | | __\_____ \______ ...open-source Hacking Tools`
| |/ _ \| |/ / _(__ <_ __ \
/\__| ( (_) ) < / \ | \/
\________|\____/|__|_ \/______ /__| v2.0
\/ \/
~ Network & Web Pentest Framework ~[ Manage Toolbox | Automate Attacks | Chain Hacking Tools ]
Toolbox content - all services
+--------------------------------+----------+-----------------+-------------------------------------------------------------------------------------------------------------+
| Name | Service | Status/Update | Description |
+--------------------------------+----------+-----------------+-------------------------------------------------------------------------------------------------------------+
| ajpy | ajp | OK | 2019-01-24 | AJP requests crafter in order to communicate with AJP connectors |
| ftpmap | ftp | OK | 2019-01-24 | FTP Scanner detecting vulns based on softs/versions |
| halberd | http | OK | 2019-01-24 | HTTP load balancer detector |
| wafw00f | http | OK | 2019-01-24 | Identify and fingerprint WAF products protecting a website |
| whatweb | http | OK | 2019-01-24 | Identify CMS, blogging platforms, JS libraries, Web servers |
| optionsbleed | http | OK | 2019-01-24 | Test for the Optionsbleed bug in Apache httpd (CVE-2017-9798) |
| clusterd | http | OK | 2019-01-24 | Application server attack toolkit (JBoss, ColdFusion, Weblogic, Tomcat, Railo, Axis2, Glassfish) |
| wig | http | OK | 2019-01-24 | Identify several CMS and other administrative applications |
| fingerprinter | http | OK | 2019-01-24 | CMS/LMS/Library versions fingerprinter |
| cmsexplorer | http | OK | 2019-01-24 | Find plugins and themes installed in a CMS (WordPress, Drupal, Joomla, Mambo) |
| nikto | http | OK | 2019-01-24 | Web server scanner |
| iis-shortname-scanner | http | OK | 2019-01-24 | Scanner for IIS short filename (8.3) disclosure vulnerability |
| davscan | http | OK | 2019-01-24 | Fingerprint servers, finds exploits, scans WebDAV |
| shocker | http | OK | 2019-01-24 | Detect and exploit web servers vulnerable to Shellshock (CVE-2014-6271) |
| loubia | http | OK | 2019-01-24 | Exploitation tool for Java deserialize on t3(s) (Weblogic) |
| exploit-tomcat-cve2017-12617 | http | OK | 2019-01-24 | Exploit for Apache Tomcat (<9.0.1 (Beta), <8.5.23, <8.0.47, <7.0.8) JSP Upload Bypass RCE (CVE-2017-12617) | | exploit-weblogic-cve2017-3248 | http | OK | 2019-01-24 | Exploit for Weblogic RMI Registry UnicastRef Object Java Deserialization RCE (CVE-2017-3248) | | exploit-weblogic-cve2017-10271 | http | OK | 2019-01-24 | Exploit for Weblogic WLS-WSAT RCE (CVE-2017-10271) | | exploit-weblogic-cve2018-2893 | http | OK | 2019-01-24 | Exploit for Weblogic Java Deserialization RCE (CVE-2018-2893) | | struts-pwn-cve2017-9805 | http | OK | 2019-01-24 | Exploit for Apache Struts2 REST Plugin XStream RCE (CVE-2017-9805) | | struts-pwn-cve2018-11776 | http | OK | 2019-01-24 | Exploit for Apache Struts2 CVE-2018-11776 | | domiowned | http | OK | 2019-01-24 | Fingerprint/Exploit IBM/Lotus Domino servers | | cmsmap | http | OK | 2019-01-24 | Vulnerability scanner for CMS WordPress, Drupal, Joomla | | cmseek | http | OK | 2019-01-24 | Detect and bruteforce CMS | | drupwn | http | OK | 2019-01-24 | Fingerprint Drupal 7/8 and exploit CVE | | dirhunt | http | OK | 2019-01-24 | Find web directories without bruteforce | | photon | http | OK | 2019-01-24 | Fast we crawler that extracts urls, emails, files, website accounts, etc. | | angularjs-csti-scanner | http | OK | 2019-01-24 | Angular Client-Side Template Injection scanner | | wpforce | http | OK | 2019-01-24 | WordPress attack suite | | wpscan | http | OK | 2019-01-24 | WordPress vulnerability scanner | | wpseku | http | OK | 2019-01-24 | WordPress vulnerability scanner | | joomscan | http | OK | 2019-01-24 | Joomla vulnerability scanner by OWASP | | joomlascan | http | OK | 2019-01-24 | Joomla vulnerability scanner | | joomlavs | http | OK | 2019-01-24 | Joomla vulnerability scanner | | droopescan | http | OK | 2019-01-24 | Drupal & Silverstripe plugin-based vulnerability scanner | | magescan | http | OK | 2019-01-24 | Magento CMS scanner for information and misconfigurations | | vbscan | http | OK | 2019-01-24 | vBulletin vulnerability scanner by OWASP | | liferayscan | http | OK | 2019-01-24 | Liferay vulnerability scanner | | xbruteforcer | http | OK | 2019-01-24 | CMS bruteforce tool | | dirsearch | http | OK | 2019-01-24 | Web path scanner | | wfuzz | http | OK | 2019-01-24 | Web application fuzzer | | barmie | java-rmi | OK | 2019-01-24 | Java RMI enumeration and attack tool | | jmxbf | java-rmi | OK | 2019-01-24 | Bruteforce program to test weak accounts configured to access a JMX Registry | | jmxploit | java-rmi | OK | 2019-01-24 | JMX (post-)exploitation tool in Tomcat environment | | sjet | java-rmi | OK | 2019-01-24 | JMX exploitation tool for insecure configured JMX services | | twiddle | java-rmi | OK | 2019-01-24 | CLI-based JMX client | | jdwp-shellifier | jdwp | OK | 2019-01-24 | Exploitation tool to gain RCE on JDWP | | msdat | mssql | OK | 2019-01-24 | Microsoft SQL Database Attacking Tool | | changeme | multi | OK | 2019-01-24 | Default credentials scanner | | impacket | multi | OK | 2019-01-24 | Collection of Python classes for working with network protocols | | jexboss | multi | OK | 2019-01-24 | Exploitation tool for JBoss, Jenkins, Struts2, JMX (Tomcat) | | jok3r-scripts | multi | OK | 2019-01-24 | Various small stand-alone scripts and dependencies for other tools | | metasploit | multi | OK | 2019-01-24 | Metasploit framework | | nmap | multi | OK | 2019-01-24 | Nmap port scanner | | patator | multi | OK | 2019-01-24 | Multi-purpose brute-forcer, with a modular design and a flexible usage | | testssl | multi | OK | 2019-01-24 | TLS/SSL encryption checker | | tls-prober | multi | OK | 2019-01-24 | Tool to fingerprint SSL/TLS servers | | vuln-databases | multi | OK | 2019-01-24 | Vulnerabilities databases from Vulners.com, vuldb.com (NSE scripts) and exploit-db.com | | ysoserial | multi | OK | 2019-01-24 | Tool for generating payloads that exploit unsafe Java object deserialization | | odat | oracle | OK | 2019-01-24 | Oracle database attacking tool | | nullinux | smb | OK | 2019-01-24 | Enumeration tool for SMB on Windows | | smbmap | smb | OK | 2019-01-24 | SMB Shares enumeration tool | | smtp-user-enum | smtp | OK | 2019-01-24 | Enumerate valid users on SMTP via EXPN, VRFY or RCPT TO | | snmpwn | snmp | OK | 2019-01-24 | SNMPv3 User enumerator and Attack tool | | snmp-check | snmp | OK | 2019-01-24 | SNMP enumerator | | ssh-audit | ssh | OK | 2019-01-24 | SSH server auditing tool (banner, key exchange, encryption, mac, compression, compatibility, security, etc) | | osueta | ssh | OK | 2019-01-24 | Exploit for OpenSSH (versions <= 7.2 and >= 5.*) user enumeration timing attack |
| libssh-scanner | ssh | OK | 2019-01-24 | Exploit for authentication bypass (CVE-2018-10933) in libssh 0.6+ (fixed in 0.7.6 and 0.8.4) |
+--------------------------------+----------+-----------------+-------------------------------------------------------------------------------------------------------------+
- This tool gives an options where you can save all the scanned services on the target. You can also see which service has been run on the target.
- For saving first you have to create database. For that type python3 jok3r.py db
- db will open jok3r database.
- For opening further options in db. Type help
root@kali:/home/iicybersecurity/Downloads/jok3r# python3 jok3r.py db
____. __ ________ `Combine the best of...
| | ____ | | __\_____ \______ ...open-source Hacking Tools`
| |/ _ \| |/ / _(__ <_ __ \
/\__| ( (_) ) < / \ | \/
\________|\____/|__|_ \/______ /__| v2.0
\/ \/
~ Network & Web Pentest Framework ~[ Manage Toolbox | Automate Attacks | Chain Hacking Tools ]
The local database stores the missions, targets info & attacks results.
This shell allows for easy access to this database. New missions can be added and
scopes can be defined by importing new targets.
ok3rdb[default]> help
Documented commands (type help ):
Attacks results
results Attacks results
Import
nmap Import Nmap results
Missions data
creds Credentials in the current mission scope
hosts Hosts in the current mission scope
mission Manage missions
services Services in the current mission scope
Other
alias Manage aliases
help Display this help message
history View, run, edit, save, or clear previously entered commands
macro Manage macros
quit Exit this application
set Set a settable parameter or show current settings of parameters
shell Execute a command as if at the OS prompt
- Then type mission testproject
- After creating mission. press ctrl + c
- Then type python3 jok3r.py attack -t https://192.168.1.105/ –add testproject
- attack is used to check the target.
- -t is used to enter target.
- –add is used to save the results in jok3r db.
root@kali:/home/iicybersecurity/Downloads/jok3r# python3 jok3r.py attack -t https://192.168.1.105/ --add testproject
____. __ ________ `Combine the best of...
| | ____ | | __\_____ \______ ...open-source Hacking Tools`
| |/ _ \| |/ / _(__ <_ __ \
/\__| ( (_) ) < / \ | \/
\________|\____/|__|_ \/______ /__| v2.0
\/ \/
~ Network & Web Pentest Framework ~[ Manage Toolbox | Automate Attacks | Chain Hacking Tools ]
[] URL given as target, targeted service is HTTP [] Check if target is reachable and grab banner using Nmap…
[+] Target URL https://192.168.1.105/ is reachable
[] Results from this attack will be saved under mission "testproject" in database [] A matching service has been found in the database
[+] Updated: host 192.168.1.105 | port 80/tcp | service http
+----+---------------+----------+------+-------+---------+-------------------------------------------------------------------+-----------------------+
| id | IP | Hostname | Port | Proto | Service | Banner | URL |
+----+---------------+----------+------+-------+---------+-------------------------------------------------------------------+-----------------------+
| >1 | 192.168.1.105 | dvwa | 80 | tcp | http | product: Apache httpd version: 2.2.14 extrainfo: (Unix) DAV/2 | https://192.168.1.105/ |
| | | | | | | mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 | |
| | | | | | | mod_perl/2.0.4 Perl/v5.10.1 | |
+----+---------------+----------+------+-------+---------+-------------------------------------------------------------------+-----------------------+
[?] Start attack ? [Y/n] Y
[*] HTTP Response headers:
Date: Thu, 24 Jan 2019 09:55:41 GMT
Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
X-Powered-By: PHP/5.3.1
Set-Cookie: PHPSESSID=c03n54d2gciu1rh9niscqmij67; path=/
Set-Cookie: security=high
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 1224
Content-Type: text/html;charset=utf-8
[] Context-specific options set for this target: +----------+-------+ | option | value | +----------+-------+ | language | php | +----------+-------+ [] [SMART] Running initialization method…
{'Perl', 'Apache'}
[] [SMART] Wappalyzer fingerprinting returns: ['apache', 'mod_ssl', 'mod_perl', 'unix', 'php', 'perl', 'openssl'] [] [SMART] Detected option (no update): language = php
- After executing the above query jok3r has started the nmap scan on all services. This tool will scan all the services.
- The above service has detected the language and the server of the target website.
- The above information can be used in other hacking activities.
- For scanning all services simply type Y whenever it prompt to scan another service. Do specific while scanning
[>] [Recon][Check 13/14] crawling-fast > Crawl website quickly, analyze interesting files/directories
[?] Run command #01 ? [Y/n/t/w/q] Y
cmd> dirhunt https://192.168.1.105/
Welcome to Dirhunt v0.6.0 using Python 2.7.15+
Starting…
[302] https://192.168.1.105/ (Redirect)
Redirect to: https://192.168.1.105/
[200] https://192.168.1.105/login.php (HTML document)
Index file found: index.php
[200] https://192.168.1.105/dvwa/css/ (Index Of) (Nothing interesting)
[200] https://192.168.1.105/dvwa/ (Index Of) (Nothing interesting)
[200] https://192.168.1.105/dvwa/images/ (Index Of) (Nothing interesting)
[200] https://192.168.1.105/dvwa/js/ (Index Of) (Nothing interesting)
[200] https://192.168.1.105/dvwa/includes/ (Index Of)
Interesting extension files: dvwaPage.inc.php (13K), dvwaPhpIds.inc.php (2.5K)
[200] https://192.168.1.105/dvwa/includes/DBMS/ (Index Of)
Interesting extension files: DBMS.php (2.4K), MySQL.php (2.9K), PGSQL.php (3.4K)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Starting…
https://192.168.1.105/login.php
(200) ( 154B) https://192.168.1.105/dvwa/includes/dvwaPage.inc.php [13K ]
Warning: define() expects at least 2 parameters,
(200) ( 156B) https://192.168.1.105/dvwa/includes/dvwaPhpIds.inc.php [2.5K]
Warning: define() expects at least 2 parameters,
(200) ( 154B) https://192.168.1.105/dvwa/includes/DBMS/MySQL.php [2.9K]
Fatal error: Call to undefined function dvwaMessa
(200) ( 626B) https://192.168.1.105/dvwa/includes/DBMS/DBMS.php [2.4K]
Notice: Undefined variable: DBMS in /opt/lampp (200) ( 154B) https://192.168.1.105/dvwa/includes/DBMS/PGSQL.php [3.4K]
Fatal error: Call to undefined function dvwaMessa
[>] [Recon][Check 14/14] crawling-fast2 > Crawl website and extract URLs, files, intel & endpoints
- The above service used is crawl where this tool tries to analyze files and directories which can be used in further hacking attacks.
- While crawling some of the pages shows the dvwa directory named as includes has pages like mysql.php, dbms.php, pgsql which can be used in other hacking activities.
- Scanning further shows vulnerabilities mentioned in CVE.
[>] [Vulnscan][Check 01/29] vuln-lookup > Vulnerability lookup in Vulners.com (NSE scripts) and exploit-db.com (lots of false positive !)
[?] Run command #01 ? [Y/n/t/w/q] Y
cmd> sudo nmap -sT -sV -T5 -Pn -p 80 --script nmap-vulners/vulners.nse --script-args vulscandb=scipvuldb.csv 192.168.1.105 -oX /tmp/nmaptmp.xml; ./exploit-database/searchsploit --nmap /tmp/nmaptmp.xml; sudo rm -f /tmp/nmaptmp.xml
Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-24 06:02 EST
Nmap scan report for dvwa (192.168.1.105)
Host is up (0.00046s latency).
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.14 ((Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
|http-server-header: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 | vulners: | cpe:/a:apache:http_server:2.2.14: | CVE-2010-0425 10.0 https://vulners.com/cve/CVE-2010-0425 | CVE-2011-3192 7.8 https://vulners.com/cve/CVE-2011-3192 | CVE-2013-2249 7.5 https://vulners.com/cve/CVE-2013-2249 | CVE-2017-7679 7.5 https://vulners.com/cve/CVE-2017-7679 | CVE-2017-7668 7.5 https://vulners.com/cve/CVE-2017-7668 | CVE-2017-3167 7.5 https://vulners.com/cve/CVE-2017-3167 | CVE-2017-3169 7.5 https://vulners.com/cve/CVE-2017-3169 | CVE-2012-0883 6.9 https://vulners.com/cve/CVE-2012-0883 | CVE-2009-3555 5.8 https://vulners.com/cve/CVE-2009-3555 | CVE-2013-1862 5.1 https://vulners.com/cve/CVE-2013-1862 | CVE-2014-0098 5.0 https://vulners.com/cve/CVE-2014-0098 | CVE-2007-6750 5.0 https://vulners.com/cve/CVE-2007-6750 | CVE-2013-6438 5.0 https://vulners.com/cve/CVE-2013-6438 | CVE-2011-3368 5.0 https://vulners.com/cve/CVE-2011-3368 | CVE-2012-4557 5.0 https://vulners.com/cve/CVE-2012-4557 | CVE-2014-0231 5.0 https://vulners.com/cve/CVE-2014-0231 | CVE-2010-0408 5.0 https://vulners.com/cve/CVE-2010-0408 | CVE-2010-1452 5.0 https://vulners.com/cve/CVE-2010-1452 | CVE-2010-2068 5.0 https://vulners.com/cve/CVE-2010-2068 | CVE-2012-0031 4.6 https://vulners.com/cve/CVE-2012-0031 | CVE-2011-3607 4.4 https://vulners.com/cve/CVE-2011-3607 | CVE-2012-0053 4.3 https://vulners.com/cve/CVE-2012-0053 | CVE-2011-3348 4.3 https://vulners.com/cve/CVE-2011-3348 | CVE-2016-4975 4.3 https://vulners.com/cve/CVE-2016-4975 | CVE-2010-0434 4.3 https://vulners.com/cve/CVE-2010-0434 | CVE-2011-4317 4.3 https://vulners.com/cve/CVE-2011-4317 | CVE-2013-1896 4.3 https://vulners.com/cve/CVE-2013-1896 | CVE-2011-0419 4.3 https://vulners.com/cve/CVE-2011-0419 | CVE-2012-4558 4.3 https://vulners.com/cve/CVE-2012-4558 | CVE-2012-3499 4.3 https://vulners.com/cve/CVE-2012-3499 | CVE-2011-3639 4.3 https://vulners.com/cve/CVE-2011-3639 | CVE-2016-8612 3.3 https://vulners.com/cve/CVE-2016-8612 | CVE-2012-2687 2.6 https://vulners.com/cve/CVE-2012-2687 | CVE-2011-4415 1.2 https://vulners.com/cve/CVE-2011-4415
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.72 seconds
[i] SearchSploit's XML mode (without verbose enabled). To enable: searchsploit -v --xml…
[i] Reading: '/tmp/nmaptmp.xml'
[i] ./exploit-database/searchsploit -t apache httpd 2 2 14
- After executing above query shows the cve vulnerabilities which can be used in further hacking attacks.
- It show many vulnerabilities in which are listed CVE recent years.
- Further scanning it uses nikto to scan for web vulnerabilities.
[>] [Vulnscan][Check 03/29] vulnscan-multi-nikto > Check for multiple web vulnerabilities/misconfigurations
[?] Run command #01 ? [Y/n/t/w/q] Y
cmd> cd program; perl ./nikto.pl -host dvwa -port 80
- Nikto v2.1.6
Target IP: 192.168.1.105
Target Hostname: dvwa
Target Port: 80
+ Start Time: 2019-01-24 06:14:56 (GMT-5)
Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
Retrieved x-powered-by header: PHP/5.3.1
The anti-clickjacking X-Frame-Options header is not present.
The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
Cookie PHPSESSID created without the httponly flag
Cookie security created without the httponly flag
Root page / redirects to: login.php
Server leaks inodes via ETags, header found with file /robots.txt, inode: 9210, size: 26, mtime: Tue Aug 24 15:45:32 2010
Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See https://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var
Perl/v5.10.1 appears to be outdated (current is at least v5.14.2)
mod_ssl/2.2.14 appears to be outdated (current is at least 2.8.31) (may depend on server version)
Apache/2.2.14 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
PHP/5.3.1 appears to be outdated (current is at least 5.6.9). PHP 5.5.25 and 5.4.41 are also current.
mod_perl/2.0.4 appears to be outdated (current is at least 2.0.7)
OpenSSL/0.9.8l appears to be outdated (current is at least 1.0.1j). OpenSSL 1.0.0o and 0.9.8zc are also current.
mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0082, OSVDB-756.
OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
OSVDB-112004: /cgi-bin/printenv: Site appears vulnerable to the 'shellshock' vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271).
OSVDB-112004: /cgi-bin/printenv: Site appears vulnerable to the 'shellshock' vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278).
OSVDB-3268: /config/: Directory indexing found.
/config/: Configuration information may be available remotely.
OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
OSVDB-561: /server-status: This reveals Apache information. Comment out appropriate line in the Apache conf file or restrict access to allowed sources.
OSVDB-3092: /phpmyadmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
OSVDB-3092: /phpmyadmin/ChangeLog: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
OSVDB-3233: /cgi-bin/printenv: Apache 2.0 default script is executable and gives server environment variables. All default scripts should be removed. It may also allow XSS types of attacks. https://www.securityfocus.com/bid/4431.
OSVDB-3233: /cgi-bin/test-cgi: Apache 2.0 default script is executable and reveals system information. All default scripts should be removed.
OSVDB-3268: /icons/: Directory indexing found.
OSVDB-3268: /docs/: Directory indexing found.
OSVDB-3092: /CHANGELOG.txt: A changelog was found.
OSVDB-3233: /icons/README: Apache default file found.
/login.php: Admin login page/section found.
/phpmyadmin/: phpMyAdmin directory found
OSVDB-3092: /.svn/entries: Subversion Entries file may contain directory listing information.
OSVDB-3092: /phpmyadmin/Documentation.html: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
/CHANGELOG.txt: Version number implies that there is a SQL Injection in Drupal 7, can be used for authentication bypass (Drupageddon: see https://www.sektioneins.de/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html).
/server-status: Apache server-status interface found (pass protected)
8167 requests: 0 error(s) and 39 item(s) reported on remote host
+ End Time: 2019-01-24 06:15:35 (GMT-5) (39 seconds)
1 host(s) tested
- The above tool shows that many of the configuration is not done properly thats why bruteforce attacks can be done easily.
- Some of the versions of the apache, perl are outdated. There are certain HTTP request which can generate sensitive information.
- This information can be used in other hacking activities.
- It also run tool like changme.
cmd> python3 changeme.py -v --protocols http 192.168.1.105:80
#####################################################
_
| |_ _ _ _ _ _ _ _ _ _
/ _| ' \ /| '_ \ / _|/ \ '_ ` _ \ / _ \
| (| | | | (| | | | | (| | / | | | | | __/
___|| ||__,|| ||_, |___|| || ||__|
|_/
v1.1
Default Credential Scanner by @ztgrace
#####################################################
Loaded 113 default credential profiles
Loaded 324 default credentials
[06:28:15] Configured protocols: http
[06:28:15] Loading creds into queue
[06:28:15] Fingerprinting completed
[06:28:15] Scanning Completed
No default credentials found
[*] [SMART] Running post-check method "changeme_valid_creds" …
[*] [Vulnscan][Check 05/29] webdav-scan-davscan > Skipped because target's context is not matching
[*] [Vulnscan][Check 06/29] webdav-scan-msf > Skipped because target's context is not matching
[*] [Vulnscan][Check 07/29] webdav-internal-ip-disclosure > Skipped because target's context is not matching
[*] [Vulnscan][Check 08/29] webdav-website-content > Skipped because target's context is not matching
- After scanning target further it shows target context is not matching because this tool detects default backdoor credentials.
- Now scanning with another tool shell shocker which shows if target is vulnerable to exploit.
[>] [Vulnscan][Check 11/29] shellshock-scan > Detect if web server is vulnerable to Shellshock (CVE-2014-6271)
[?] Run command #01 ? [Y/n/t/w/q] Y
cmd> python2.7 shocker.py --Host 192.168.1.105 --port 80
.-. . .
( )| |
-. |--. .-. .-.|.-. .-. .--. ( )| |( )( |-.'(.-' |-' '--'-''-`--'' v1.1
Tom Watson, tom.watson@nccgroup.trust
https://www.github.com/nccgroup/shocker
Released under the GNU Affero General Public License
(https://www.gnu.org/licenses/agpl-3.0.html)
[+] 402 potential targets imported from ./shocker-cgi_list
[+] Checking connectivity with target…
[+] Target was reachable
[+] Looking for vulnerabilities on 192.168.1.105:80
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[+] 3 potential targets found, attempting exploits
[+] The following URLs appear to be exploitable:
[1] https://192.168.1.105:80/cgi-bin/printenv
[2] https://192.168.1.105:80/cgi-bin/test-cgi
- The tool shell shocker shows that the target can be exploited using above 2 links. This information can be used in other hacking activities, as per ethical hacking courses.
- Some times if the tool gots hanged while running press ctrl+c to start further scanning.
- Scanning further shows some of the tools are not supported as shown below.
Category > Exploit
[*] [Exploit][Check 01/11] jboss-deploy-shell > Skipped because target's context is not matching
[*] [Exploit][Check 02/11] struts2-rce-cve2017-5638 > Skipped because target's context is not matching
[*] [Exploit][Check 03/11] struts2-rce-cve2017-9805 > Skipped because target's context is not matching
[*] [Exploit][Check 04/11] struts2-rce-cve2018-11776 > Skipped because target's context is not matching
[*] [Exploit][Check 05/11] tomcat-rce-cve2017-12617 > Skipped because target's context is not matching
[*] [Exploit][Check 06/11] jenkins-cliport-deserialize > Skipped because target's context is not matching
[*] [Exploit][Check 07/11] weblogic-t3-deserialize-cve2015-4852 > Skipped because target's context is not matching
[*] [Exploit][Check 08/11] weblogic-t3-deserialize-cve2017-3248 > Skipped because target's context is not matching
[*] [Exploit][Check 09/11] weblogic-t3-deserialize-cve2018-2893 > Skipped because target's context is not matching
[*] [Exploit][Check 10/11] weblogic-wls-wsat-cve2017-10271 > Skipped because target's context is not matching
[*] [Exploit][Check 11/11] drupal-cve-exploit > Skipped because target's context is not matching
- The above tools are not supported as the tools are of different context and target has different functionalities.
- Using another tool wfuzz. Wfuzz is a bruteforcing web application.
cmd> ./wfuzz -c -u https://192.168.1.105//FUZZ -w /home/iicybersecurity/Downloads/jok3r/wordlists/services/http/discovery/opendoor-paths.txt --hc 400,404,500,000
Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.
Wfuzz 2.3.4 - The Web Fuzzer *
Target: https://192.168.1.105//FUZZ
Total requests: 36942
==================================================================
ID Response Lines Word Chars Payload
000431: C=200 101 L 135 W 1480 Ch ".svn/all-wcprops"
000432: C=200 572 L 151 W 2726 Ch ".svn/entries"
000434: C=200 12 L 61 W 803 Ch ".svn/prop-base/"
000435: C=200 11 L 52 W 667 Ch ".svn/props/"
000436: C=200 25 L 175 W 2455 Ch ".svn/text-base/"
000437: C=200 4 L 39 W 538 Ch ".svn/text-base/index.php.svn-base"
000438: C=200 14 L 76 W 1010 Ch ".svn/tmp/"
001959: C=200 129 L 594 W 5066 Ch "CHANGELOG.txt"
001973: C=200 622 L 5214 W 33107 Ch "COPYING.txt"
002936: C=200 119 L 706 W 4934 Ch "README.txt"
004298: C=302 0 L 0 W 0 Ch "about.php"
004948: C=404 46 L 113 W 1118 Ch "admin/FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector005061: C=404 46 L 113 W 1118 Ch "admin/fckeditor/editor/filemanager/browser/default/connectors/asp/connector005062: C=404 46 L 113 W 1118 Ch "admin/fckeditor/editor/filemanager/browser/default/connectors/aspx/connecto005063: C=404 46 L 113 W 1118 Ch "admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector006673: C=404 46 L 113 W 1118 Ch "all/modules/ogdi_field/plugins/dataTables/extras/TableTools/media/swf/ZeroC007150: C=404 46 L 113 W 1118 Ch "apps/trac/pragyan/browser/trunk/cms/modules/article/fckEditor/editor/filema010085: C=403 44 L 109 W 1122 Ch "cgi-bin/"
010087: C=403 44 L 108 W 1108 Ch "cgi-bin/awstats.pl"
011523: C=200 12 L 61 W 776 Ch "config/"
013659: C=200 11 L 52 W 650 Ch "docs/"
013930: C=404 46 L 113 W 1118 Ch "dreamedit/includes/FCKEditor_/editor/filemanager/browser/mcpuk/browser.html014071: C=200 15 L 84 W 1101 Ch "dvwa/"
015076: C=403 44 L 109 W 1122 Ch "error/"
015477: C=200 12 L 60 W 772 Ch "external/"
015653: C=200 1 L 6 W 1549 Ch "favicon.ico"
015697: C=404 46 L 113 W 1118 Ch "fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx016920: C=404 46 L 113 W 1118 Ch "galeria/zp-core/plugins/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder016925: C=404 46 L 113 W 1118 Ch "galerie/zp-core/plugins/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder016955: C=404 46 L 113 W 1118 Ch "gallery/zp-core/plugins/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder018593: C=200 167 L 1300 W 18876 Ch "icons/"
018642: C=302 0 L 0 W 0 Ch "ids_log.php"
019087: C=404 46 L 113 W 1118 Ch "includes/fckeditor/editor/filemanager/browser/default/connectors/asp/connec019088: C=404 46 L 113 W 1118 Ch "includes/fckeditor/editor/filemanager/browser/default/connectors/aspx/conne019089: C=404 46 L 113 W 1118 Ch "includes/fckeditor/editor/filemanager/browser/default/connectors/php/connec019142: C=302 0 L 0 W 0 Ch "index.php"
019762: C=404 46 L 113 W 1118 Ch "ispcp/browser/trunk/gui/tools/filemanager/plugins/fckeditor/editor/filemana020212: C=404 46 L 113 W 1118 Ch "js/fckeditor/editor/filemanager/browser/default/connectors/php/connector.ph021551: C=200 65 L 108 W 1224 Ch "login.php"
021667: C=302 0 L 0 W 0 Ch "logout.php"
025961: C=404 46 L 113 W 1118 Ch "photo/zp-core/plugins/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder.p026010: C=404 46 L 113 W 1118 Ch "photos/zp-core/plugins/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder.026053: C=200 4 L 20 W 148 Ch "php.ini"
026339: C=302 0 L 0 W 0 Ch "phpinfo.php"
026390: C=200 0 L 0 W 0 Ch "phpmyadmin/phpinfo.php"
026389: C=200 72 L 206 W 2726 Ch "phpmyadmin/"
026673: C=404 46 L 113 W 1118 Ch "plugins/fckeditor/fckeditor/editor/filemanager/browser/default/browser.html026675: C=404 46 L 113 W 1118 Ch "plugins/p_fckeditor/fckeditor/editor/filemanager/browser/default/browser.ht026676: C=404 46 L 113 W 1118 Ch "plugins/p_fckeditor/fckeditor/editor/filemanager/connectors/uploadtest.html028932: C=200 1 L 4 W 26 Ch "robots.txt"
029580: C=404 46 L 113 W 1118 Ch "script/jqueryplugins/dataTables/extras/TableTools/media/swf/ZeroClipboard.s029817: C=302 0 L 0 W 0 Ch "security.php"
029987: C=200 51 L 292 W 2787 Ch "server-status/"
029986: C=200 1253 L 8719 W 120232 Ch "server-info/"
030080: C=404 46 L 113 W 1118 Ch "servlet/Oracle.xml.xsql.XSQLServlet/soapdocs/webapps/soap/WEB-INF/config/so030101: C=404 46 L 113 W 1118 Ch "servlet/oracle.xml.xsql.XSQLServlet/soapdocs/webapps/soap/WEB-INF/config/so030182: C=200 80 L 227 W 3549 Ch "setup.php"
036787: C=404 46 L 113 W 1118 Ch "zenphoto/zp-core/plugins/tiny_mce/plugins/ajaxfilemanager/ajax_create_folde
Total time: 110.2424
Processed Requests: 36942
Filtered Requests: 36874
Requests/sec.: 335.0979
- The above query tries to find directories, files which are not linked directly. After running above query wfuzz has found ajax, servlets and some plugins.
- This data can be used in other hacking attacks.
As you can see that this tool comprises many small tools which shows many vital information. For scanning further you can following other tutorials
The post Jok3r, one tool to do all hacking appeared first on Information Security Newspaper | Hacking News.
]]>The post Scan Github popular tools for hacking appeared first on Information Security Newspaper | Hacking News.
]]>According to ethical hacking researcher of International Institute of Cyber Security, stardox can be used to find the detailed information of any github tool used in initial phase of pentesting. As it shows information of any github user.
Today we will show you tool called STARDOX. Stardox is an information gathering tool for stargazers. Stardox scraps github for information of stargazers details. Stardox creates a tree view of stargazers details. For showing you we have tested this tool on Kali Linux 2018.4
- For cloning type git clone https://github.com/0xPrateek/Stardox.git
- Then type cd Stardox
- Type python3 ./setup.py
- Type python3 stardox.py
root@kali:/home/iicybersecurity/Downloads/Stardox/src# python3 stardox.py
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
sssssss ssssssssss ss ss sss ss sss ss ss ss sss sss
sssssss ssss sss sss sss ss sss ss ss ss ss ss
ssssssssssssss ssss sss sss sss ss sss ss ss ss ss ss
ssssssssssssss ssss sssssssssss sssssssssss sss ss ss ss ssss
ssss ssss sssssssssss sssssss sss ss ss ss ssss
ssss ssss sss sss sss sss sss ss ss ss ss ss
ssssssssssssss ssss sss sss sss sss sss ss ssssssssss ss ss
sssssssssssssss ssss sss sss sss sss sssssssss ssssssssss sss sss Made By : Pr0t0n
Enter the repository address ::
- The above query is used to start stardox tool. After starting tool enter the repository address.
- You can enter any repository address. Enter repository address.
- Type https://github.com/0xPrateek/Stardox
Enter the repository address :: https://github.com/0xPrateek/Stardox
[+] Got the repository data
[+] Repository Title : Stardox
[+] Total watchers : 1
[+] Total stargazers : 10
[+] Total Forks : 1
[~] Doxing started …
Stardox
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
|
|-----ZankoyDll1999 (@ZankoyDll1999)
| |
| |--Total Repsitories :: 3
| |--Total Stars :: 15
| |--Total Followers :: 12
| |--Total Following :: 0
|
|
|-----Byungho (@tais9)
| |
| |--Total Repsitories :: 0
| |--Total Stars :: 26
| |--Total Followers :: 28
| |--Total Following :: 1
|
|
|-----IraqNoPhobia (@IraqNoPhobia)
| |
| |--Total Repsitories :: 146
| |--Total Stars :: 120
| |--Total Followers :: 6
| |--Total Following :: 11
|
|
|-----Anurag Batra (@DevelopedByAnurag)
| |
| |--Total Repsitories :: 7
| |--Total Stars :: 1
| |--Total Followers :: 8
| |--Total Following :: 2
|
|
|-----an0nhax0r (@an0nhax0r)
| |
| |--Total Repsitories :: 3
| |--Total Stars :: 6
| |--Total Followers :: 0
| |--Total Following :: 1
|
|
|-----c0d3r001 (@c0d3r001)
| |
| |--Total Repsitories :: 0
| |--Total Stars :: 2
| |--Total Followers :: 0
| |--Total Following :: 0
|
|
|-----jackhacker191 (@jackhacker191)
| |
| |--Total Repsitories :: 1
| |--Total Stars :: 3
| |--Total Followers :: 0
| |--Total Following :: 0
|
|
|-----alex0019 (@alex0019)
| |
| |--Total Repsitories :: 2
| |--Total Stars :: 3
| |--Total Followers :: 0
| |--Total Following :: 0
|
|
|-----Prateek Mishra (@0xPrateek)
| |
| |--Total Repsitories :: 4
| |--Total Stars :: 7
| |--Total Followers :: 5
| |--Total Following :: 0
- The above query shows the stargazers, watchers and forks of the github repository.
- In github, user can watch releases of the projects in a repository without being notified of every single change. Watchers watches the github repository for changing in watcher list.
- In github, any user can star other user’s repositories in there own repository that user is known as stargazers.
- In github, stars are used to save or bookmark other user’s project so they can keep track on.
- In github, fork can copy project and can freely experiment on copied project without harming the original project in github.
- In github, when you follow people. You can see their activity view in your news feed, you are knows to be as follower.
- The above query shows the many information of any github user which can be used in initial phase of penetration testing.
Trying To Search For Popular Projects :-
- For searching popular projects, you can search on the internet by typing top github projects, or popular github projects. Take any one the repository for further analysis.
- Type https://github.com/karanahmedse/developer-roadmap
Enter the repository address :: https://github.com/kamranahmedse/developer-roadmap
[+] Got the repository data
[+] Repository Title : developer-roadmap
[+] Total watchers : 4593
[+] Total stargazers : 68246
[+] Total Forks : 10657
[~] Doxing started …
developer-roadmap
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
|
|-----Anthony (@xero88)
| |
| |--Total Repsitories :: 26
| |--Total Stars :: 69
| |--Total Followers :: 3
| |--Total Following :: 1
|
|
|-----Rickon (@gs666)
| |
| |--Total Repsitories :: 25
| |--Total Stars :: 61
| |--Total Followers :: 9
| |--Total Following :: 21
|
|
|-----Jia (@jia2)
| |
| |--Total Repsitories :: 10
| |--Total Stars :: 88
| |--Total Followers :: 4
| |--Total Following :: 3
|
|
|-----Reyton (@Rey70N)
| |
| |--Total Repsitories :: 5
| |--Total Stars :: 5
| |--Total Followers :: 0
| |--Total Following :: 0
|
|
|-----Vinny Wang (@ipaste)
| |
| |--Total Repsitories :: 866
| |--Total Stars :: 192
| |--Total Followers :: 5
| |--Total Following :: 30
|
|
|-----Shun Nishitsuji (@Asuforce)
| |
| |--Total Repsitories :: 62
| |--Total Stars :: 51
| |--Total Followers :: 18
| |--Total Following :: 23
|
|
|-----XiMiMax (@duyangs)
| |
| |--Total Repsitories :: 18
| |--Total Stars :: 176
| |--Total Followers :: 3
| |--Total Following :: 3
|
|
|-----wangtiant (@wangtiant)
| |
| |--Total Repsitories :: 0
| |--Total Stars :: 17
| |--Total Followers :: 0
| |--Total Following :: 0
|
|
|-----Əlişiram (@eelishiram)
| |
| |--Total Repsitories :: 6
| |--Total Stars :: 13
| |--Total Followers :: 5
| |--Total Following :: 4
|
|
|-----xinple (@xinple)
| |
| |--Total Repsitories :: 0
| |--Total Stars :: 2
| |--Total Followers :: 0
| |--Total Following :: 0
|
|
|-----Samuel Aniefiok (@Cool-sami12)
| |
| |--Total Repsitories :: 26
| |--Total Stars :: 2
| |--Total Followers :: 6
| |--Total Following :: 23
|
|
|-----xixi (@yiuyiu)
| |
| |--Total Repsitories :: 30
| |--Total Stars :: 213
| |--Total Followers :: 1
| |--Total Following :: 16
|
|
|-----Barry Lu (@barrylu1999)
| |
| |--Total Repsitories :: 7
| |--Total Stars :: 14
| |--Total Followers :: 1
| |--Total Following :: 10
|
|
|-----Michael_M (@ManspergerMichael)
| |
| |--Total Repsitories :: 36
| |--Total Stars :: 3
| |--Total Followers :: 6
| |--Total Following :: 4
|
|
|-----Harun Raşit Pekacar (@0hr)
| |
| |--Total Repsitories :: 1
| |--Total Stars :: 291
| |--Total Followers :: 10
| |--Total Following :: 11
|
|
|-----ansiz (@ansiz)
| |
| |--Total Repsitories :: 45
| |--Total Stars :: 590
| |--Total Followers :: 17
| |--Total Following :: 23
|
|
|-----Kilian (@KilianTarb)
| |
| |--Total Repsitories :: 20
| |--Total Stars :: 4
| |--Total Followers :: 1
| |--Total Following :: 1
|
|
|-----dyadyul (@dyadyul)
| |
| |--Total Repsitories :: 0
| |--Total Stars :: 501
| |--Total Followers :: 7
| |--Total Following :: 3
|
|
|-----Irfan (@irfan-dahir)
| |
| |--Total Repsitories :: 11
| |--Total Stars :: 217
| |--Total Followers :: 10
| |--Total Following :: 12
|
|
|-----Dharmik (@dharmikbhandari)
| |
| |--Total Repsitories :: 3
| |--Total Stars :: 1
| |--Total Followers :: 0
| |--Total Following :: 1
|
|
|-----Warren (@TheYon)
| |
| |--Total Repsitories :: 4
| |--Total Stars :: 25
| |--Total Followers :: 0
| |--Total Following :: 0
|
|
|-----edwinxx (@edwinxx)
| |
| |--Total Repsitories :: 0
| |--Total Stars :: 3
| |--Total Followers :: 0
| |--Total Following :: 2
|
|
|-----vstammeg (@vstammeg)
| |
| |--Total Repsitories :: 6
| |--Total Stars :: 6
| |--Total Followers :: 0
| |--Total Following :: 0
|
|
|-----Omid Golzarian (@onooma)
| |
| |--Total Repsitories :: 4
| |--Total Stars :: 149
| |--Total Followers :: 10
| |--Total Following :: 7
|
|
|-----廖泽恩 (@liaozeen)
| |
| |--Total Repsitories :: 14
| |--Total Stars :: 142
| |--Total Followers :: 3
| |--Total Following :: 75
|
|
|-----ZoomZhao (@ZoomZhao)
| |
| |--Total Repsitories :: 20
| |--Total Stars :: 341
| |--Total Followers :: 47
| |--Total Following :: 18
|
|
|-----David Cifuentes (@dcifuen)
| |
| |--Total Repsitories :: 12
| |--Total Stars :: 226
| |--Total Followers :: 23
| |--Total Following :: 29
|
|
|-----Budi Salah (@BudiSalah)
| |
| |--Total Repsitories :: 8
| |--Total Stars :: 10
| |--Total Followers :: 0
| |--Total Following :: 3
|
|
|-----mike (@mike-sino)
| |
| |--Total Repsitories :: 6
| |--Total Stars :: 282
| |--Total Followers :: 6
| |--Total Following :: 8
|
|
|-----zhang xin (@Alex-Daocaoren)
| |
| |--Total Repsitories :: 13
| |--Total Stars :: 252
| |--Total Followers :: 2
| |--Total Following :: 35
|
|
|-----Bronco (@bronco)
| |
| |--Total Repsitories :: 3
| |--Total Stars :: 14
| |--Total Followers :: 0
| |--Total Following :: 0
|
|
|-----Pokemon1025 (@Pokemon1025)
| |
| |--Total Repsitories :: 3
| |--Total Stars :: 13
| |--Total Followers :: 0
| |--Total Following :: 3
|
|
|-----dinglei (@dadingSaid)
| |
| |--Total Repsitories :: 57
| |--Total Stars :: 252
| |--Total Followers :: 10
| |--Total Following :: 25
|
|
|-----fwt (@137942170)
| |
| |--Total Repsitories :: 9
| |--Total Stars :: 28
| |--Total Followers :: 4
| |--Total Following :: 23
|
|
|-----拾肉觅 (@ShiRouMi)
| |
| |--Total Repsitories :: 10
| |--Total Stars :: 300
| |--Total Followers :: 11
| |--Total Following :: 59
|
|
|-----brandy (@xiaoqing-yuanfang)
| |
| |--Total Repsitories :: 30
| |--Total Stars :: 424
| |--Total Followers :: 6
| |--Total Following :: 172
|
|
|-----afewnotes (@afewnotes)
| |
| |--Total Repsitories :: 23
| |--Total Stars :: 22
| |--Total Followers :: 25
| |--Total Following :: 80
|
|
|-----HISUN (@hisuny)
| |
| |--Total Repsitories :: 10
| |--Total Stars :: 38
| |--Total Followers :: 0
| |--Total Following :: 0
|
|
|-----Syafie Mustafa (@SyafieMustafa)
| |
| |--Total Repsitories :: 0
| |--Total Stars :: 5
| |--Total Followers :: 0
| |--Total Following :: 1
|
|
|-----RanjitMane7 (@RanjitMane7)
| |
| |--Total Repsitories :: 3
| |--Total Stars :: 1
| |--Total Followers :: 0
| |--Total Following :: 0
|
|
|-----Allen (@viciwang)
| |
| |--Total Repsitories :: 22
| |--Total Stars :: 147
| |--Total Followers :: 7
| |--Total Following :: 14
|
|
|-----convee (@convee)
| |
| |--Total Repsitories :: 14
| |--Total Stars :: 355
| |--Total Followers :: 2
| |--Total Following :: 8
|
|
|-----Shaun Thomas (@shaunthomas999)
| |
| |--Total Repsitories :: 24
| |--Total Stars :: 42
| |--Total Followers :: 4
| |--Total Following :: 28
|
|
|-----mew_151 (@y0sh-S)
| |
| |--Total Repsitories :: 4
| |--Total Stars :: 5
| |--Total Followers :: 0
| |--Total Following :: 1
|
|
|-----Javmain (@javmain)
| |
| |--Total Repsitories :: 50
| |--Total Stars :: 556
| |--Total Followers :: 13
| |--Total Following :: 55
|
|
|-----Eric Zhang (@my101du)
| |
| |--Total Repsitories :: 17
| |--Total Stars :: 12
| |--Total Followers :: 20
| |--Total Following :: 17
|
|
|-----NEIL (@Army-U)
| |
| |--Total Repsitories :: 17
| |--Total Stars :: 533
| |--Total Followers :: 10
| |--Total Following :: 127
|
|
|-----wilx (@wil-x)
| |
| |--Total Repsitories :: 1
| |--Total Stars :: 20
| |--Total Followers :: 0
| |--Total Following :: 1
|
|
|-----MahoneWei (@MahoneWei)
| |
| |--Total Repsitories :: 1
| |--Total Stars :: 1
| |--Total Followers :: 0
| |--Total Following :: 0
|
|
|-----未枝 (@soyaine)
| |
| |--Total Repsitories :: 25
| |--Total Stars :: 208
| |--Total Followers :: 155
| |--Total Following :: 102
- The above query shows the large no. of list of followers, stars, repositories.
- The above information can be used to find tools on github for your hacking activities, according to ethical hacking teachers. Various developers, security researchers and users who uses github. They can be easily watch as what activity they are doing.
The post Scan Github popular tools for hacking appeared first on Information Security Newspaper | Hacking News.
]]>The post Find hacked email addresses appeared first on Information Security Newspaper | Hacking News.
]]>According ethical hacking researcher of International Institute of Cyber Security h8mail is used in initial phase of penetration testing.
H8mail is an OSINT tool used to search emails and passwords. This tool find breached emails through different sites. This tool uses data breached emails. For showing you we have tested this tool on Kali Linux 2018.4
Before installing tool you must install nodejs and update python in Kali Linux. This tool only works with python3, according to ethical hacking courses.
- For installing python type sudo apt-get update
- Then type sudo apt-get install python3
- For checking python version type python –version
- Then type sudo apt-get install nodejs
- After installing all the above pre-requisites clone h8mail.
- For cloning type git clone https://github.com/khast3x/h8mail.git
- Type cd h8mail
- Type pip install -r requirements.txt
root@kali:/home/iicybersecurity/Downloads/h8mail# pip install -r requirements.txt
Requirement already satisfied: requests in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 1)) (2.18.4)
Collecting python-cli-ui (from -r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/71/76/4772ff1c2c982c3e5cd75f5e01ae575adb979afc3473d267915de39813f4/python-cli-ui-0.7.4.tar.gz
Complete output from command python setup.py egg_info:
Error: Please upgrade to Python3
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-install-oC2WCX/python-cli-ui/
- While installing pip if it shows the above error that means you have to upgrade pip in your Linux Distros.
- For that type sudo apt-get update python3-pip
root@kali:/home/iicybersecurity/Downloads/h8mail# sudo apt-get install python3-pip
Reading package lists… Done
Building dependency tree
Reading state information… Done
python3-pip is already the newest version (18.1-4).
The following packages were automatically installed and are no longer required:
golang-1.10 golang-1.10-doc golang-1.10-go golang-1.10-src golang-src
Use 'apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 1554 not upgraded.
- After upgrading pip, type pip install -r requirements.txt
root@kali:/home/iicybersecurity/Downloads/h8mail# pip3 install -r requirements.txt
Requirement already satisfied: requests in /usr/lib/python3/dist-packages (from -r requirements.txt (line 1)) (2.18.4)
Collecting python-cli-ui (from -r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/fc/32/e63370450c69ccc06aefb8e55926011a7eeb3824787fed8d3d12149b4e09/python_cli_ui-0.7.4-py3-none-any.whl
Collecting cfscrape (from -r requirements.txt (line 3))
Downloading https://files.pythonhosted.org/packages/ee/5e/6f36d5305b4c5abe793a7a057003f342300e9b853384a11fee8dc58e6816/cfscrape-1.9.5.tar.gz
Collecting unidecode (from python-cli-ui->-r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/31/39/53096f9217b057cb049fe872b7fc7ce799a1a89b76cf917d9639e7a558b5/Unidecode-1.0.23-py2.py3-none-any.whl (237kB)
100% |████████████████████████████████| 245kB 576kB/s
Requirement already satisfied: tabulate in /usr/lib/python3/dist-packages (from python-cli-ui->-r requirements.txt (line 2)) (0.8.2)
Requirement already satisfied: colorama in /usr/lib/python3/dist-packages (from python-cli-ui->-r requirements.txt (line 2)) (0.3.7)
Building wheels for collected packages: cfscrape
Running setup.py bdist_wheel for cfscrape … done
Stored in directory: /root/.cache/pip/wheels/4b/7d/70/32db6ba6ac95be8d24d5563436fc4ffe52f271adb2da153531
Successfully built cfscrape
Installing collected packages: unidecode, python-cli-ui, cfscrape
Successfully installed cfscrape-1.9.5 python-cli-ui-0.7.4 unidecode-1.0.23
- Then type python3 h8mail.py –help
root@kali:/home/iicybersecurity/Downloads/h8mail# python3 h8mail.py --help
usage: h8mail.py [-h] -t TARGET_EMAILS [-c CONFIG_FILE] [-o OUTPUT_FILE]
[-bc BC_PATH] [-v] [-l] [-k CLI_APIKEYS]
Email information and password finding tool
optional arguments:
-h, --help show this help message and exit
-t TARGET_EMAILS, --targets TARGET_EMAILS
Either single email, or file (one email per line).
REGEXP
-c CONFIG_FILE, --config CONFIG_FILE
Configuration file for API keys
-o OUTPUT_FILE, --output OUTPUT_FILE
File to write output
-bc BC_PATH, --breachcomp BC_PATH
Path to the breachcompilation Torrent.
https://ghostbin.com/paste/2cbdn
-v, --verbose Show debug information
-l, --local Run local actions only
-k CLI_APIKEYS, --apikey CLI_APIKEYS
Pass config options. Format is "K:V,K:V"
- The above queries are used to gather breached email addresses and passwords.
H8mail Uses Various APIs To Search For Breached Email Addresses :-
- HaveIBeenPwned (https://haveibeenpwned.com/) : This website checks if the email id has been pwned or not. This website collects large no, of databases dumps and paste containing information about all billions of leak accounts.
- Shodan (https://www.shodan.io/) : Shodan is an search engine for web. This website pings all the available IP address that are currently using the internet.
- Hunter.io (https://hunter.io/) : Hunter is an source of h8mail. In hunter is used to find and verify professional email address. For using these services you have to pay some of the amount in hunter.io
- Weleakinfo (https://weleakinfo.com/api/public) : Weleakinfo is another breached database search engine.
- Snusbase (https://snusbase.com/) : Snusbase is a database search engine which collects data of sites that have been hacked. And provide those data to their users. For using these services you have to pay some of the amount in snusbase.
Finding Breached Email Address :-
- Type python3 h8mail.py -t puti@reddcoin2.com
- -t is used to enter target email address.
root@kali:/home/iicybersecurity/Downloads/h8mail# python3 h8mail.py -t puti@reddcoin2.com
.. .. ;;
| .. | | .. | ; h8mail.py ; | !| |||! | ;-----------; !| |_! Heartfelt Email OSINT
.||| |. Use responsibly etc
| .| |. | ;____________;
| !! | | !! | ; github.com/khast3x ;
!! !! ;--------------------;
Targets
=> puti@reddcoin2.com
Lookup Status
Result puti@reddcoin2.com
=> not breached
Target hostname: reddcoin2.com
✓ Done
- The above query shows, email which has been scanned is not breached of any databases mentioned above.
- It shows that HIBP (HaveIBeenPwned) could not find email address in any database. Nor its password is available in HIBP database.
Find bulk Email Ids for testing:-
- For getting bulk email addresses. You can use TheHarvester is a popular tool to find mail addresses or details of the employees.
root@kali:/home/iicybersecurity/Downloads# theharvester -d testsites.com -b pgp
Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.
*
| || |_ _ /\ /__ _ _ _ | |_ _ __ *
| | '_ \ / _ \ / // / ` | '\ \ / / _ \/ | / _ \ '__| *
| || | | | / / / (| | | \ V / /__ \ || / | *
__|| ||___| \/ // _,|| _/ ___||/__|_| *
*
TheHarvester Ver. 2.7.2 *
Coded by Christian Martorella *
Edge-Security Research *
cmartorella@edge-security.com *
[-] Starting harvesting process for domain: testsites.com
[-] Searching in PGP key server..
Harvesting results
[+] Emails found:
mariot.chauvin@testsites.com
lauren.emms@testsites.com
danny.daly@testsites.com
amy.hughes@testsites.com
jon.norman@testsites.com
tom.forbes@testsites.com
niko.kommenda@testsites.com
sam.jones@testsites.com
regis.kuckaertz@testsites.com
hannah.devlin@testsites.com
joseph.smith@testsites.com
calum.campbell@testsites.com
jacob.riggs@testsites.com
michael.barton@testsites.com
akash.askoolum@testsites.com
peter.colley.freelance@testsites.com
nicolas.long@testsites.com
alex.hern@testsites.com
thomas.bonnin@testsites.com
richard.tynan@testsites.com
mat.heywood@testsites.com
nathaniel.bennett@testsites.com
sally.goble@testsites.com
jennifer.sivapalan@testsites.com
michael.safi@testsites.com
justin.pinner@testsites.com
jonathan.soul@testsites.com
jasper.jackson@testsites.com
oliver.holmes@testsites.com
hilary.osborne@testsites.com
rupert.bates@testsites.com
caelainn.barr@testsites.com
christopher.lloyd@testsites.com
susie.coleman@testsites.com
chris.whitworth@testsites.com
andi.elsner@testsites.com
calla.wahlquist@testsites.com
paul.farrell@testsites.com
james.gorrie@testsites.com
simon.bowers@testsites.com
- The above is the list of the email addresses which can be used in scanning if the above email addresses are breached or not.
- Save the above list. Type nano emaillist.txt
- Then copy paste whole email addresses. Then save the list.
- Type python3 h8mail.py -t /home/iicybersecurity/Downloads/testsites.txt -bc /Downloads/breachcompilation/ -k “snusbase_url: https://snusbase.com ,snusbase_token: 5sxxxxxxxxxxxxxxxxxxxBuXQ”
- -t is used to enter tartgets.
- -bc is used to give path for pwned targets.
- -k is used to enter snusbase API key.
root@kali:/home/iicybersecurity/Downloads/h8mail# python3 h8mail.py -t /home/iicybersecurity/Downloads/testsites.txt -bc /Downloads/breachcompilation/ -k "snusbase_url: https://snusbase.com ,snusbase_token: 5sxxxxxxxxxxxxxxxxxxxBuXQ"
.. .. ;;
| .. | | .. | ; h8mail.py ; | !| |||! | ;-----------; !| |_! Heartfelt Email OSINT
.||| |. Use responsibly etc
| .| |. | ;____________;
| !! | | !! | ; github.com/khast3x ;
!! !! ;--------------------;
Targets
mariot.chauvin@testsites.com
lauren.emms@testsites.com
danny.daly@testsites.com
amy.hughes@testsites.com
jon.norman@testsites.com
tom.forbes@testsites.com
niko.kommenda@testsites.com
sam.jones@testsites.com
regis.kuckaertz@testsites.com
hannah.devlin@testsites.com
joseph.smith@testsites.com
calum.campbell@testsites.com
jacob.riggs@testsites.com
michael.barton@testsites.com
akash.askoolum@testsites.com
peter.colley.freelance@testsites.com
nicolas.long@testsites.com
alex.hern@testsites.com
thomas.bonnin@testsites.com
richard.tynan@testsites.com
mat.heywood@testsites.com
nathaniel.bennett@testsites.com
sally.goble@testsites.com
jennifer.sivapalan@testsites.com
michael.safi@testsites.com
justin.pinner@testsites.com
jonathan.soul@testsites.com
jasper.jackson@testsites.com
oliver.holmes@testsites.com
hilary.osborne@testsites.com
rupert.bates@testsites.com
caelainn.barr@testsites.com
christopher.lloyd@testsites.com
susie.coleman@testsites.com
chris.whitworth@testsites.com
andi.elsner@testsites.com
calla.wahlquist@testsites.com
paul.farrell@testsites.com
james.gorrie@testsites.com
simon.bowers@testsites.commariot.chauvin@testsites.com
lauren.emms@testsites.com
danny.daly@testsites.com
amy.hughes@testsites.com
jon.norman@testsites.com
tom.forbes@testsites.com
niko.kommenda@testsites.com
sam.jones@testsites.com
regis.kuckaertz@testsites.com
hannah.devlin@testsites.com
joseph.smith@testsites.com
calum.campbell@testsites.com
jacob.riggs@testsites.com
michael.barton@testsites.com
akash.askoolum@testsites.com
peter.colley.freelance@testsites.com
nicolas.long@testsites.com
alex.hern@testsites.com
thomas.bonnin@testsites.com
richard.tynan@testsites.com
mat.heywood@testsites.com
nathaniel.bennett@testsites.com
sally.goble@testsites.com
jennifer.sivapalan@testsites.com
michael.safi@testsites.com
justin.pinner@testsites.com
jonathan.soul@testsites.com
jasper.jackson@testsites.com
oliver.holmes@testsites.com
hilary.osborne@testsites.com
rupert.bates@testsites.com
caelainn.barr@testsites.com
christopher.lloyd@testsites.com
susie.coleman@testsites.com
chris.whitworth@testsites.com
andi.elsner@testsites.com
calla.wahlquist@testsites.com
paul.farrell@testsites.com
james.gorrie@testsites.com
simon.bowers@testsites.com
=========== SNIPPED =================
- The above query shows that above email addresses has not been in data breach in HIBP.
- If you see snusbase error, it means you have to purchase their services to search in their database.
Using Single Query :-
- Type python3 h8mail.py -t targets.txt -c config.ini -o pwned_targets.csv
- -t is used to select target file. You have to create target.txt file.
- -c is used to select config file where APIs has been entered.
- -o is used where data will be saved in .csv form.
root@kali:/home/iicybersecurity/Downloads/h8mail#
python3 h8mail.py -t targets.txt -c config.ini -o pwned_targets.csv
tuckerkaren2000@yahoo.com
tuckersadie@yahoo.com
tucko100@yahoo.com
tucktunes@yahoo.com
tucsonclint2008@yahoo.com
tucu.ionut@yahoo.com
Lookup Status
======== SNIPPED ===============
- If the email addresses has been pwned data breach.
- This information can be used in other hacking activities, mention ethical hacking teachers.
The post Find hacked email addresses appeared first on Information Security Newspaper | Hacking News.
]]>