diff --git a/config/live-host-scan-profiles.toml b/config/live-host-scan-profiles.toml index 88f2696..c187e45 100644 --- a/config/live-host-scan-profiles.toml +++ b/config/live-host-scan-profiles.toml @@ -3,55 +3,55 @@ [default.nmap-icmp-echo] [default.nmap-icmp-echo.live-host-detection] - command = 'nmap {nmap_extra} -vv -n -sn -PE -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_icmp_echo" {address}' + command = 'nmap {nmap_extra} -vv -n -sn -PE -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_icmp_echo" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [default.nmap-tcp-ack] [default.nmap-tcp-ack.live-host-detection] - command = 'nmap {nmap_extra} -vv -n -sn -PA21,22,23,25,53,80,88,110,111,135,139,143,199,443,445,465,587,993,995,1025,1433,1720,1723,3306,3389,5900,8080,8443 -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_tcp_ack" {address}' + command = 'nmap {nmap_extra} -vv -n -sn -PA21,22,23,25,53,80,88,110,111,135,139,143,199,443,445,465,587,993,995,1025,1433,1720,1723,3306,3389,5900,8080,8443 -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_tcp_ack" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [default.nmap-tcp-syn] [default.nmap-tcp-syn.live-host-detection] - command='nmap {nmap_extra} -vv -n -sn -PS21,22,23,25,53,80,88,110,111,135,139,143,199,443,445,465,587,993,995,1025,1433,1720,1723,3306,3389,5900,8080,8443 -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_tcp_syn" {address}' + command='nmap {nmap_extra} -vv -n -sn -PS21,22,23,25,53,80,88,110,111,135,139,143,199,443,445,465,587,993,995,1025,1433,1720,1723,3306,3389,5900,8080,8443 -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_tcp_syn" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [default.nmap-sctp] [default.nmap-sctp.live-host-detection] - command='nmap {nmap_extra} -vv -n -sn -PY132,2905 -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_sctp" {address}' + command='nmap {nmap_extra} -vv -n -sn -PY132,2905 -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_sctp" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [default.nmap-udp] [default.nmap-udp.live-host-detection] - command='nmap {nmap_extra} -vv -n -sn -PU53,67,68,69,123,135,137,138,139,161,162,445,500,514,520,631,1434,1600,4500,49152 -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_udp" {address}' + command='nmap {nmap_extra} -vv -n -sn -PU53,67,68,69,123,135,137,138,139,161,162,445,500,514,520,631,1434,1600,4500,49152 -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_udp" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [default.nmap-protocol-ping] [default.nmap-protocol-ping.live-host-detection] - command='nmap {nmap_extra} -vv -n -sn -PO -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_protocol_ping" {address}' + command='nmap {nmap_extra} -vv -n -sn -PO -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_protocol_ping" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [default.nmap-timestamp] [default.nmap-timestamp.live-host-detection] - command='nmap {nmap_extra} -vv -n -sn -PP -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_timestamp" {address}' + command='nmap {nmap_extra} -vv -n -sn -PP -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_timestamp" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [default.nmap-netmask] [default.nmap-netmask.live-host-detection] - command='nmap {nmap_extra} -vv -n -sn -PM -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_netmask" {address}' + command='nmap {nmap_extra} -vv -n -sn -PM -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_netmask" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [default.nmap-top-100-tcp] [default.nmap-top-100-tcp.live-host-detection] - command='nmap {nmap_extra} -vv -sS -sV -n -Pn --top-ports 100 --reason --open -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_top_100_tcp" {address}' + command='nmap {nmap_extra} -vv -sS -sV -n -Pn --top-ports 100 --reason --open -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_top_100_tcp" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [quick] @@ -59,29 +59,29 @@ [quick.nmap-icmp-echo] [quick.nmap-icmp-echo.live-host-detection] - command = 'nmap {nmap_extra} -vv -n -sn -PE -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_icmp_echo" {address}' + command = 'nmap {nmap_extra} -vv -n -sn -PE -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_icmp_echo" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [quick.nmap-sctp] [quick.nmap-sctp.live-host-detection] - command='nmap {nmap_extra} -vv -n -sn -PY132,2905 -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_sctp" {address}' + command='nmap {nmap_extra} -vv -n -sn -PY132,2905 -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_sctp" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [quick.nmap-protocol-ping] [quick.nmap-protocol-ping.live-host-detection] - command='nmap {nmap_extra} -vv -n -sn -PO -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_protocol_ping" {address}' + command='nmap {nmap_extra} -vv -n -sn -PO -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_protocol_ping" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [quick.nmap-timestamp] [quick.nmap-timestamp.live-host-detection] - command='nmap {nmap_extra} -vv -n -sn -PP -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_timestamp" {address}' + command='nmap {nmap_extra} -vv -n -sn -PP -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_timestamp" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' [quick.nmap-netmask] [quick.nmap-netmask.live-host-detection] - command='nmap {nmap_extra} -vv -n -sn -PM -T{nmap_speed} -oA "{scandir}/_nmap_live_hosts_netmask" {address}' + command='nmap {nmap_extra} -vv -n -sn -PM -T{nmap_speed} -oA "{scandir}/{addressname}_nmap_live_hosts_netmask" {address}' pattern = '^Nmap scan report for (?P
[\d\.]+)$' diff --git a/config/port-scan-profiles.toml b/config/port-scan-profiles.toml index 262f008..c52e5e7 100644 --- a/config/port-scan-profiles.toml +++ b/config/port-scan-profiles.toml @@ -3,33 +3,33 @@ [default.nmap-top-1000-tcp] [default.nmap-top-1000-tcp.service-detection] - command = 'nmap {nmap_extra} -sS -sV -n -Pn -vv --top-ports 1000 --open -T{nmap_speed} -oA "{portsdir}/_nmap_top_1000_tcp" {address}' + command = 'nmap {nmap_extra} -sS -sV -n -Pn -vv --top-ports 1000 --open -T{nmap_speed} -oA "{tcpportsdir}/{address}_nmap_top_1000_tcp" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [default.nmap-top-1000-udp] [default.nmap-top-1000-udp.service-detection] - command = 'nmap {nmap_extra} -sU -sV -n -Pn -vv --top-ports 1000 --open -T{nmap_speed} -oA "{portsdir}/_nmap_top_1000_udp" {address}' + command = 'nmap {nmap_extra} -sU -sV -n -Pn -vv --top-ports 1000 --open -T{nmap_speed} -oA "{udpportsdir}/{address}_nmap_top_1000_udp" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [default.nmap-full-tcp] [default.nmap-full-tcp.port-scan] - command = 'nmap {nmap_extra} -sS -vv -n -Pn -p- --open -T{nmap_speed} -oA "{portsdir}/_nmap_full_tcp" {address}' + command = 'nmap {nmap_extra} -sS -vv -n -Pn -p- --open -T{nmap_speed} -oA "{tcpportsdir}/{address}_nmap_full_tcp" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [default.nmap-full-tcp.service-detection] - command = 'nmap {nmap_extra} -sS -vv -A -Pn --osscan-guess --version-all -p{ports} -T{nmap_speed} -oA "{portsdir}/_nmap_full_tcp_services" {address}' + command = 'nmap {nmap_extra} -sS -vv -A -Pn --osscan-guess --version-all -p{ports} -T{nmap_speed} -oA "{tcpportsdir}/{address}_nmap_full_tcp_services" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [default.nmap-3000-udp] [default.nmap-3000-udp.port-scan] - command = 'nmap {nmap_extra} -sU -vv -n -Pn --top-ports 3000 --open -T{nmap_speed} -oA "{portsdir}/_nmap_top_3000_udp" {address}' + command = 'nmap {nmap_extra} -sU -vv -n -Pn --top-ports 3000 --open -T{nmap_speed} -oA "{udpportsdir}/{address}_nmap_top_3000_udp" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [default.nmap-3000-udp.service-detection] - command = 'nmap {nmap_extra} -sU -vv -A -Pn --osscan-guess --version-all -p{ports} -T{nmap_speed} -oA "{portsdir}/_nmap_top_3000_udp_services" {address}' + command = 'nmap {nmap_extra} -sU -vv -A -Pn --osscan-guess --version-all -p{ports} -T{nmap_speed} -oA "{udpportsdir}/{address}_nmap_top_3000_udp_services" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [quick] @@ -37,33 +37,33 @@ [quick.nmap-top-100-tcp] [quick.nmap-top-100-tcp.service-detection] - command = 'nmap {nmap_extra} -sS -sV --version-all -n -Pn -vv --top-ports 100 --open -T{nmap_speed} -oA "{portsdir}/_nmap_top_100_tcp" {address}' + command = 'nmap {nmap_extra} -sS -sV --version-all -n -Pn -vv --top-ports 100 --open -T{nmap_speed} -oA "{tcpportsdir}/{address}_nmap_top_100_tcp" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [quick.nmap-top-20-udp] [quick.nmap-top-20-udp.service-detection] - command = 'nmap {nmap_extra} -sU -A --version-all -n -Pn -vv --top-ports 20 --open -T{nmap_speed} -oA "{portsdir}/_nmap_top_20_udp" {address}' + command = 'nmap {nmap_extra} -sU -A --version-all -n -Pn -vv --top-ports 20 --open -T{nmap_speed} -oA "{udpportsdir}/{address}_nmap_top_20_udp" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [quick.nmap-top-1000-tcp] [quick.nmap-top-1000-tcp.port-scan] - command = 'nmap {nmap_extra} -sS -vv -n -Pn --top-ports 1000 --open -T{nmap_speed} -oA "{portsdir}/_nmap_top_1000_tcp" {address}' + command = 'nmap {nmap_extra} -sS -vv -n -Pn --top-ports 1000 --open -T{nmap_speed} -oA "{tcpportsdir}/{address}_nmap_top_1000_tcp" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [quick.nmap-top-1000-tcp.service-detection] - command = 'nmap {nmap_extra} -sS -vv -A -Pn --osscan-guess --version-all -p{ports} -T{nmap_speed} -oA "{portsdir}/_nmap_top_1000_tcp_services" {address}' + command = 'nmap {nmap_extra} -sS -vv -A -Pn --osscan-guess --version-all -p{ports} -T{nmap_speed} -oA "{tcpportsdir}/{address}_nmap_top_1000_tcp_services" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [quick.nmap-top-100-udp] [quick.nmap-top-100-udp.port-scan] - command = 'nmap {nmap_extra} -sU -vv -n -Pn --top-ports 100 --open -T{nmap_speed} -oA "{portsdir}/_nmap_top_100_udp" {address}' + command = 'nmap {nmap_extra} -sU -vv -n -Pn --top-ports 100 --open -T{nmap_speed} -oA "{udpportsdir}/{address}_nmap_top_100_udp" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [quick.nmap-top-100-udp.service-detection] - command = 'nmap {nmap_extra} -sS -vv -A -Pn --osscan-guess --version-all -p{ports} -T{nmap_speed} -oA "{portsdir}/_nmap_top_100_udp_services" {address}' + command = 'nmap {nmap_extra} -sS -vv -A -Pn --osscan-guess --version-all -p{ports} -T{nmap_speed} -oA "{udpportsdir}/{address}_nmap_top_100_udp_services" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [extreme] @@ -71,31 +71,31 @@ [extreme.nmap-top-1000-tcp] [extreme.nmap-top-1000-tcp.service-detection] - command = 'nmap {nmap_extra} -sS -sV -n -Pn -vv --top-ports 1000 --open -T{nmap_speed} -oA "{portsdir}/_nmap_top_1000_tcp" {address}' + command = 'nmap {nmap_extra} -sS -sV -n -Pn -vv --top-ports 1000 --open -T{nmap_speed} -oA "{tcpportsdir}/{address}_nmap_top_1000_tcp" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [extreme.nmap-top-1000-udp] [extreme.nmap-top-1000-udp.service-detection] - command = 'nmap {nmap_extra} -sU -sV -n -Pn -vv --top-ports 1000 --open -T{nmap_speed} -oA "{portsdir}/_nmap_top_1000_udp" {address}' + command = 'nmap {nmap_extra} -sU -sV -n -Pn -vv --top-ports 1000 --open -T{nmap_speed} -oA "{udpportsdir}/{address}_nmap_top_1000_udp" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [extreme.nmap-full-tcp] [extreme.nmap-full-tcp.port-scan] - command = 'nmap {nmap_extra} -sS -vv -n -Pn -p- --open -T{nmap_speed} -oA "{portsdir}/_nmap_full_tcp" {address}' + command = 'nmap {nmap_extra} -sS -vv -n -Pn -p- --open -T{nmap_speed} -oA "{tcpportsdir}/{address}_nmap_full_tcp" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [extreme.nmap-full-tcp.service-detection] - command = 'nmap {nmap_extra} -sS -vv -A -Pn --osscan-guess --version-all -p{ports} -T{nmap_speed} -oA "{portsdir}/_nmap_full_tcp_services" {address}' + command = 'nmap {nmap_extra} -sS -vv -A -Pn --osscan-guess --version-all -p{ports} -T{nmap_speed} -oA "{tcpportsdir}/{address}_nmap_full_tcp_services" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [extreme.nmap-full-udp] [extreme.nmap-full-udp.port-scan] - command = 'nmap {nmap_extra} -sU -vv -n -Pn -p- --open -T{nmap_speed} -oA "{portsdir}/_nmap_full_udp" {address}' + command = 'nmap {nmap_extra} -sU -vv -n -Pn -p- --open -T{nmap_speed} -oA "{udpportsdir}/{address}_nmap_full_udp" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' [extreme.nmap-full-udp.service-detection] - command = 'nmap {nmap_extra} -sS -vv -A -Pn --osscan-guess --version-all -p{ports} -T{nmap_speed} -oA "{portsdir}/_nmap_full_udp_services" {address}' + command = 'nmap {nmap_extra} -sS -vv -A -Pn --osscan-guess --version-all -p{ports} -T{nmap_speed} -oA "{udpportsdir}/{address}_nmap_full_udp_services" {address}' pattern = '^(?P\d+)\/(?P(tcp|udp))(.*)open(\s*)(?P[\w\-\/\?]+)(\s*)(?P[\w\-]+)(\s*)ttl(\s*)\d+(\s*)(?P.*)$' diff --git a/config/service-scans.toml b/config/service-scans.toml index a65f724..515e4d6 100644 --- a/config/service-scans.toml +++ b/config/service-scans.toml @@ -10,7 +10,7 @@ service-names = [ [[all-services.scan]] name = 'sslscan' - command = 'if [ "{secure}" == "True" ]; then sslscan --show-certificate --no-colour --xml={webdir}/_{protocol}_{port}_sslscan.xml {address}:{port} 2>&1 | tee "{servicesdir}/_{protocol}_{port}_sslscan.txt"; fi' + command = 'if [ "{secure}" == "True" ]; then sslscan --show-certificate --no-colour --xml={webdir}/{address}_{protocol}_{port}_sslscan.xml {address}:{port} 2>&1 | tee "{webdir}/{address}_{protocol}_{port}_sslscan.txt"; fi' [cassandra] @@ -20,7 +20,7 @@ service-names = [ [[cassandra.scan]] name = 'nmap-cassandra' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(cassandra* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_cassandra_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(cassandra* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_cassandra_nmap" {address}' [cups] @@ -30,7 +30,7 @@ service-names = [ [[cups.scan]] name = 'nmap-cups' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(cups* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_cups_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(cups* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_cups_nmap" {address}' [distcc] @@ -40,7 +40,7 @@ service-names = [ [[distcc.scan]] name = 'nmap-distcc' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,distcc-cve2004-2687" --script-args="distcc-cve2004-2687.cmd=id" -oA "{nmapdir}/_{protocol}_{port}_distcc_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,distcc-cve2004-2687" --script-args="distcc-cve2004-2687.cmd=id" -oA "{nmapdir}/{address}_{protocol}_{port}_distcc_nmap" {address}' [dns] @@ -50,7 +50,7 @@ service-names = [ [[dns.scan]] name = 'nmap-dns' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_dns_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_dns_nmap" {address}' [finger] @@ -60,7 +60,7 @@ service-names = [ [[finger.scan]] nmap = 'nmap-finger' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,finger" -oA "{nmapdir}/_{protocol}_{port}_finger_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,finger" -oA "{nmapdir}/{address}_{protocol}_{port}_finger_nmap" {address}' [ftp] @@ -71,7 +71,7 @@ service-names = [ [[ftp.scan]] name = 'nmap-ftp' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_ftp_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_ftp_nmap" {address}' [[ftp.scan.pattern]] description = 'Anonymous FTP Enabled!' @@ -80,8 +80,8 @@ service-names = [ [[ftp.manual]] description = 'Bruteforce logins:' commands = [ - 'hydra -v -L "{username_wordlist}" -P "{password_wordlist}" -e nsr -s {port} -o "{crackingdir}/_{protocol}_{port}_ftp_hydra.txt" ftp://{address}', - 'medusa -v 4 -U "{username_wordlist}" -P "{password_wordlist}" -e ns -n {port} -f -O "{crackingdir}/_{protocol}_{port}_ftp_medusa.txt" -M ftp -h {address}' + 'hydra -v -L "{username_wordlist}" -P "{password_wordlist}" -e nsr -s {port} -o "{crackingdir}/{address}_{protocol}_{port}_ftp_hydra.txt" ftp://{address}', + 'medusa -v 4 -U "{username_wordlist}" -P "{password_wordlist}" -e ns -n {port} -f -O "{crackingdir}/{address}_{protocol}_{port}_ftp_medusa.txt" -M ftp -h {address}' ] [http] @@ -96,7 +96,7 @@ ignore-service-names = [ [[http.scan]] name = 'nmap-http' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_http_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_http_nmap" {address}' [[http.scan.pattern]] description = 'Identified HTTP Server: {match}' @@ -108,65 +108,65 @@ ignore-service-names = [ [[http.scan]] name = 'curl-index' - command = 'curl -sSik {scheme}://{address}:{port}/ -m 10 2>&1 | tee "{webdir}/_{protocol}_{port}_{scheme}_index.html"' + command = 'curl -sSik {scheme}://{address}:{port}/ -m 10 2>&1 | tee "{webdir}/{address}_{protocol}_{port}_{scheme}_index.html"' [[http.scan.pattern]] pattern = '(?i)Powered by [^\n]+' [[http.scan]] name = 'curl-robots' - command = 'curl -sSik {scheme}://{address}:{port}/robots.txt -m 10 2>&1 | tee "{webdir}/_{protocol}_{port}_{scheme}_robots.txt"' + command = 'curl -sSik {scheme}://{address}:{port}/robots.txt -m 10 2>&1 | tee "{webdir}/{address}_{protocol}_{port}_{scheme}_robots.txt"' [[http.scan]] name = 'wkhtmltoimage' - command = 'if hash wkhtmltoimage 2> /dev/null; then wkhtmltoimage --format png {scheme}://{address}:{port}/ {screenshotsdir}/{protocol}_{port}_{scheme}_screenshot.png; fi' + command = 'if hash wkhtmltoimage 2> /dev/null; then wkhtmltoimage --format png {scheme}://{address}:{port}/ {screenshotsdir}/{address}_{protocol}_{port}_{scheme}_screenshot.png; fi' [[http.scan]] name = 'whatweb' - command = 'whatweb --color=never --no-errors -a 3 -v {scheme}://{address}:{port} 2>&1 | tee "{webdir}/_{protocol}_{port}_{scheme}_whatweb.txt"' + command = 'whatweb --color=never --no-errors -a 3 -v {scheme}://{address}:{port} 2>&1 | tee "{webdir}/{address}_{protocol}_{port}_{scheme}_whatweb.txt"' [[http.scan]] name = 'nikto' - command = 'nikto -ask=no -h {scheme}://{address}:{port} -output "{servicesdir}/_{protocol}_{port}_{scheme}_nikto.html" 2>&1 | tee "{niktodir}/_{protocol}_{port}_{scheme}_nikto.txt"' + command = 'nikto -ask=no -h {scheme}://{address}:{port} -output "{niktodir}/{address}_{protocol}_{port}_{scheme}_nikto.html" 2>&1 | tee "{niktodir}/{address}_{protocol}_{port}_{scheme}_nikto.txt"' [[http.scan]] name = 'gobuster' - command = 'gobuster dir -u {scheme}://{address}:{port}/ -w /usr/share/seclists/Discovery/Web-Content/common.txt -e -z -k -l -o "{dirscandir}/_{protocol}_{port}_{scheme}_gobuster_common.txt"' + command = 'gobuster dir -u {scheme}://{address}:{port}/ -w /usr/share/seclists/Discovery/Web-Content/common.txt -e -z -k -l -o "{dirscandir}/{address}_{protocol}_{port}_{scheme}_gobuster_common.txt"' [[http.manual]] description = '(dirsearch) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:' commands = [ - 'dirsearch -b -u {scheme}://{address}:{port}/ -t 16 -r -E -f -w /usr/share/seclists/Discovery/Web-Content/big.txt --plain-text-report="{dirscandir}/_{protocol}_{port}_{scheme}_dirsearch_big.txt"', - 'dirsearch -b -u {scheme}://{address}:{port}/ -t 16 -r -E -f -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --plain-text-report="{dirscandir}/_{protocol}_{port}_{scheme}_dirsearch_medium.txt"' + 'dirsearch -b -u {scheme}://{address}:{port}/ -t 16 -r -E -f -w /usr/share/seclists/Discovery/Web-Content/big.txt --plain-text-report="{dirscandir}/{address}_{protocol}_{port}_{scheme}_dirsearch_big.txt"', + 'dirsearch -b -u {scheme}://{address}:{port}/ -t 16 -r -E -f -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt --plain-text-report="{dirscandir}/{address}_{protocol}_{port}_{scheme}_dirsearch_medium.txt"' ] [[http.manual]] description = '(dirb) Recursive directory/file enumeration for web servers using various wordlists (same as dirsearch above):' commands = [ - 'dirb {scheme}://{address}:{port}/ /usr/share/seclists/Discovery/Web-Content/big.txt -l -r -S -o "{dirscandir}/_{protocol}_{port}_{scheme}_dirb_big.txt"', - 'dirb {scheme}://{address}:{port}/ /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -l -r -S -o "{dirscandir}/_{protocol}_{port}_{scheme}_dirb_dirbuster.txt"' + 'dirb {scheme}://{address}:{port}/ /usr/share/seclists/Discovery/Web-Content/big.txt -l -o "{dirscandir}/{address}_{protocol}_{port}_{scheme}_dirb_big.txt"', + 'dirb {scheme}://{address}:{port}/ /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt -l -o "{dirscandir}/{address}_{protocol}_{port}_{scheme}_dirb_medium.txt"' ] [[http.manual]] description = '(gobuster v3) Directory/file enumeration for web servers using various wordlists (same as dirb above):' commands = [ - 'gobuster dir -u {scheme}://{address}:{port}/ -w /usr/share/seclists/Discovery/Web-Content/big.txt -e -z -k -l -o "{dirscandir}/_{protocol}_{port}_{scheme}_gobuster_big.txt"', - 'gobuster dir -u {scheme}://{address}:{port}/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e -z -k -l -o "{dirscandir}/_{protocol}_{port}_{scheme}_gobuster_medium.txt"' + 'gobuster dir -u {scheme}://{address}:{port}/ -w /usr/share/seclists/Discovery/Web-Content/big.txt -e -z -k -l -o "{dirscandir}/{address}_{protocol}_{port}_{scheme}_gobuster_big.txt"', + 'gobuster dir -u {scheme}://{address}:{port}/ -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt -e -z -k -l -o "{dirscandir}/{address}_{protocol}_{port}_{scheme}_gobuster_medium.txt"' ] [[http.manual]] description = '(wpscan) WordPress Security Scanner (useful if WordPress is found):' commands = [ - 'wpscan -v --url {scheme}://{address}:{port}/ --update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "{webdir}/_{protocol}_{port}_{scheme}_wpscan.txt"' + 'wpscan -v --url {scheme}://{address}:{port}/ --update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "{webdir}/{address}_{protocol}_{port}_{scheme}_wpscan.txt"' ] [[http.manual]] description = "Credential bruteforcing commands (don't run these without modifying them):" commands = [ - 'hydra -L "{username_wordlist}" -P "{password_wordlist}" -e nsr -s {port} -o "{crackingdir}/_{protocol}_{port}_{scheme}_auth_hydra.txt" {scheme}-get://{address}/path/to/auth/area', - 'medusa -U "{username_wordlist}" -P "{password_wordlist}" -e ns -n {port} -O "{crackingdir}/_{protocol}_{port}_{scheme}_auth_medusa.txt" -M http -h {address} -m DIR:/path/to/auth/area', - 'hydra -L "{username_wordlist}" -P "{password_wordlist}" -e nsr -s {port} -o "{crackingdir}/_{protocol}_{port}_{scheme}_form_hydra.txt" {scheme}-post-form://{address}/path/to/login.php:username=^USER^&password=^PASS^:invalid-login-message', - 'medusa -U "{username_wordlist}" -P "{password_wordlist}" -e ns -n {port} -O "{crackingdir}/_{protocol}_{port}_{scheme}_form_medusa.txt" -M web-form -h {address} -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"', + 'hydra -L "{username_wordlist}" -P "{password_wordlist}" -e nsr -s {port} -o "{crackingdir}/{address}_{protocol}_{port}_{scheme}_auth_hydra.txt" {scheme}-get://{address}/path/to/auth/area', + 'medusa -U "{username_wordlist}" -P "{password_wordlist}" -e ns -n {port} -O "{crackingdir}/{address}_{protocol}_{port}_{scheme}_auth_medusa.txt" -M http -h {address} -m DIR:/path/to/auth/area', + 'hydra -L "{username_wordlist}" -P "{password_wordlist}" -e nsr -s {port} -o "{crackingdir}/{address}_{protocol}_{port}_{scheme}_form_hydra.txt" {scheme}-post-form://{address}/path/to/login.php:username=^USER^&password=^PASS^:invalid-login-message', + 'medusa -U "{username_wordlist}" -P "{password_wordlist}" -e ns -n {port} -O "{crackingdir}/{address}_{protocol}_{port}_{scheme}_form_medusa.txt" -M web-form -h {address} -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message"', ] [imap] @@ -177,7 +177,7 @@ service-names = [ [[imap.scan]] name = 'nmap-imap' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(imap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_imap_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(imap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_imap_nmap" {address}' [kerberos] @@ -188,7 +188,7 @@ service-names = [ [[kerberos.scan]] name = 'nmap-kerberos' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,krb5-enum-users" -oA "{nmapdir}/_{protocol}_{port}_kerberos_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,krb5-enum-users" -oA "{nmapdir}/{address}_{protocol}_{port}_kerberos_nmap" {address}' [ldap] @@ -198,11 +198,11 @@ service-names = [ [[ldap.scan]] name = 'nmap-ldap' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_ldap_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_ldap_nmap" {address}' [[ldap.scan]] name = 'enum4linux' - command = 'enum4linux -a -M -l -d {address} 2>&1 | tee "{servicesdir}/_enum4linux.txt"' + command = 'enum4linux -a -M -l -d {address} 2>&1 | tee "{servicesdir}/{address}_enum4linux.txt"' run_once = true ports.tcp = [139, 389, 445] ports.udp = [137] @@ -210,7 +210,7 @@ service-names = [ [[ldap.manual]] description = 'ldapsearch command (modify before running)' commands = [ - 'ldapsearch -x -D "" -w "" -p {port} -h {address} -b "dc=example,dc=com" -s sub "(objectclass=*) 2>&1 | tee > "{servicesdir}/_{protocol}_{port}_ldap_all-entries.txt"' + 'ldapsearch -x -D "" -w "" -p {port} -h {address} -b "dc=example,dc=com" -s sub "(objectclass=*) 2>&1 | tee > "{servicesdir}/{address}_{protocol}_{port}_ldap_all-entries.txt"' ] [mongodb] @@ -221,7 +221,7 @@ service-names = [ [[mongodb.scan]] name = 'nmap-mongodb' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(mongodb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_mongodb_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(mongodb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_mongodb_nmap" {address}' [mssql] @@ -232,7 +232,7 @@ service-names = [ [[mssql.scan]] name = 'nmap-mssql' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="mssql.instance-port={port},mssql.username=sa,mssql.password=sa" -oA "{nmapdir}/_{protocol}_{port}_mssql_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="mssql.instance-port={port},mssql.username=sa,mssql.password=sa" -oA "{nmapdir}/{address}_{protocol}_{port}_mssql_nmap" {address}' [[mssql.manual]] description = '(sqsh) interactive database shell' @@ -248,7 +248,7 @@ service-names = [ [[mysql.scan]] name = 'nmap-mysql' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(mysql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_mysql_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(mysql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_mysql_nmap" {address}' [nfs] @@ -259,11 +259,11 @@ service-names = [ [[nfs.scan]] name = 'nmap-nfs' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(rpcinfo or nfs*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_nfs_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(rpcinfo or nfs*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_nfs_nmap" {address}' [[nfs.scan]] name = 'showmount' - command = 'showmount -e {address} 2>&1 | tee "{servicesdir}/_{protocol}_{port}_showmount.txt"' + command = 'showmount -e {address} 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_showmount.txt"' [nntp] @@ -273,7 +273,7 @@ service-names = [ [[nntp.scan]] name = 'nmap-nntp' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,nntp-ntlm-info" -oA "{nmapdir}/_{protocol}_{port}_nntp_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,nntp-ntlm-info" -oA "{nmapdir}/{address}_{protocol}_{port}_nntp_nmap" {address}' [oracle] @@ -283,23 +283,23 @@ service-names = [ [[oracle.scan]] name = 'nmap-oracle' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(oracle* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_oracle_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(oracle* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_oracle_nmap" {address}' [[oracle.scan]] name = 'oracle-tnscmd-ping' - command = 'tnscmd10g ping -h {address} -p {port} 2>&1 | tee "{servicesdir}/_{protocol}_{port}_oracle_tnscmd_ping.txt"' + command = 'tnscmd10g ping -h {address} -p {port} 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_oracle_tnscmd_ping.txt"' [[oracle.scan]] name = 'oracle-tnscmd-version' - command = 'tnscmd10g version -h {address} -p {port} 2>&1 | tee "{servicesdir}/_{protocol}_{port}_oracle_tnscmd_version.txt"' + command = 'tnscmd10g version -h {address} -p {port} 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_oracle_tnscmd_version.txt"' [[oracle.scan]] name = 'oracle-scanner' - command = 'oscanner -v -s {address} -P {port} 2>&1 | tee "{servicesdir}/_{protocol}_{port}_oracle_scanner.txt"' + command = 'oscanner -v -s {address} -P {port} 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_oracle_scanner.txt"' [[oracle.manual]] description = 'Brute-force SIDs using Nmap' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,oracle-sid-brute" -oA "{nmapdir}/_{protocol}_{port}_oracle_sid-brute_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,oracle-sid-brute" -oA "{nmapdir}/{address}_{protocol}_{port}_oracle_sid-brute_nmap" {address}' [[oracle.manual]] description = 'Install ODAT (https://github.com/quentinhardy/odat) and run the following commands:' @@ -326,7 +326,7 @@ service-names = [ [[pop3.scan]] name = 'nmap-pop3' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(pop3* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{servicesdir}/_{protocol}_{port}_pop3_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(pop3* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{servicesdir}/{address}_{protocol}_{port}_pop3_nmap" {address}' [rdp] @@ -338,13 +338,13 @@ service-names = [ [[rdp.scan]] name = 'nmap-rdp' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(rdp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_rdp_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(rdp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_rdp_nmap" {address}' [[rdp.manual]] description = 'Bruteforce logins:' commands = [ - 'hydra -v -L "{username_wordlist}" -P "{password_wordlist}" -e nsr -s {port} -o "{crackingdir}/_{protocol}_{port}_rdp_hydra.txt" rdp://{address}', - 'medusa -v 4 -U "{username_wordlist}" -P "{password_wordlist}" -e ns -n {port} -O "{crackingdir}/_{protocol}_{port}_rdp_medusa.txt" -M rdp -h {address}' + 'hydra -v -L "{username_wordlist}" -P "{password_wordlist}" -e nsr -s {port} -o "{crackingdir}/{address}_{protocol}_{port}_rdp_hydra.txt" rdp://{address}', + 'medusa -v 4 -U "{username_wordlist}" -P "{password_wordlist}" -e ns -n {port} -O "{crackingdir}/{address}_{protocol}_{port}_rdp_medusa.txt" -M rdp -h {address}' ] [rmi] @@ -356,7 +356,7 @@ service-names = [ [[rmi.scan]] name = 'nmap-rmi' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,rmi-vuln-classloader,rmi-dumpregistry" -oA "{nmapdir}/_{protocol}_{port}_rmi_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,rmi-vuln-classloader,rmi-dumpregistry" -oA "{nmapdir}/{address}_{protocol}_{port}_rmi_nmap" {address}' [rpc] @@ -368,7 +368,7 @@ service-names = [ [[rpc.scan]] name = 'nmap-msrpc' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oA "{nmapdir}/_{protocol}_{port}_rpc_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oA "{nmapdir}/{address}_{protocol}_{port}_rpc_nmap" {address}' [[rpc.manual]] description = 'RPC Client:' @@ -384,7 +384,7 @@ service-names = [ [[sip.scan]] name = 'nmap-sip' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,sip-enum-users,sip-methods" -oA "{nmapdir}/_{protocol}_{port}_sip_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,sip-enum-users,sip-methods" -oA "{nmapdir}/{address}_{protocol}_{port}_sip_nmap" {address}' [[sip.scan]] name = 'svwar' @@ -398,13 +398,13 @@ service-names = [ [[ssh.scan]] name = 'nmap-ssh' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oA "{nmapdir}/_{protocol}_{port}_ssh_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oA "{nmapdir}/{address}_{protocol}_{port}_ssh_nmap" {address}' [[ssh.manual]] description = 'Bruteforce logins:' commands = [ - 'hydra -v -L "{username_wordlist}" -P "{password_wordlist}" -e nsr -s {port} -o "{crackingdir}/_{protocol}_{port}_ssh_hydra.txt" ssh://{address}', - 'medusa -v 4 -U "{username_wordlist}" -P "{password_wordlist}" -e ns -n {port} -O "{crackingdir}/_{protocol}_{port}_ssh_medusa.txt" -M ssh -h {address}' + 'hydra -v -L "{username_wordlist}" -P "{password_wordlist}" -e nsr -s {port} -o "{crackingdir}/{address}_{protocol}_{port}_ssh_hydra.txt" ssh://{address}', + 'medusa -v 4 -U "{username_wordlist}" -P "{password_wordlist}" -e ns -n {port} -O "{crackingdir}/{address}_{protocol}_{port}_ssh_medusa.txt" -M ssh -h {address}' ] [smb] @@ -416,45 +416,45 @@ service-names = [ [[smb.scan]] name = 'nmap-smb' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="unsafe=1" -oA "{nmapdir}/_{protocol}_{port}_smb_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="unsafe=1" -oA "{nmapdir}/{address}_{protocol}_{port}_smb_nmap" {address}' [[smb.scan]] name = 'enum4linux' - command = 'enum4linux -a -M -l -d {address} 2>&1 | tee "{servicesdir}/_enum4linux.txt"' + command = 'enum4linux -a -M -l -d {address} 2>&1 | tee "{servicesdir}/{address}_enum4linux.txt"' run_once = true ports.tcp = [139, 389, 445] ports.udp = [137] [[smb.scan]] name = 'nbtscan' - command = 'nbtscan -rvh {address} 2>&1 | tee "{servicesdir}/_nbtscan.txt"' + command = 'nbtscan -rvh {address} 2>&1 | tee "{servicesdir}/{address}_nbtscan.txt"' run_once = true ports.udp = [137] [[smb.scan]] name = 'smbclient' - command = 'smbclient -L\\ -N -I {address} 2>&1 | tee "{servicesdir}/_smbclient.txt"' + command = 'smbclient -L\\ -N -I {address} 2>&1 | tee "{servicesdir}/{address}_smbclient.txt"' run_once = true ports.tcp = [139, 445] [[smb.scan]] name = 'smbmap-share-permissions' - command = 'smbmap -H {address} -P {port} 2>&1 | tee -a "{servicesdir}/_smbmap-share-permissions.txt"; smbmap -u null -p "" -H {address} -P {port} 2>&1 | tee -a "{servicesdir}/_smbmap-share-permissions.txt"' + command = 'smbmap -H {address} -P {port} 2>&1 | tee -a "{servicesdir}/{address}_smbmap-share-permissions.txt"; smbmap -u null -p "" -H {address} -P {port} 2>&1 | tee -a "{servicesdir}/{address}_smbmap-share-permissions.txt"' [[smb.scan]] name = 'smbmap-list-contents' - command = 'smbmap -H {address} -P {port} -R 2>&1 | tee -a "{servicesdir}/_smbmap-list-contents.txt"; smbmap -u null -p "" -H {address} -P {port} -R 2>&1 | tee -a "{servicesdir}/_smbmap-list-contents.txt"' + command = 'smbmap -H {address} -P {port} -R 2>&1 | tee -a "{servicesdir}/{address}_smbmap-list-contents.txt"; smbmap -u null -p "" -H {address} -P {port} -R 2>&1 | tee -a "{servicesdir}/{address}_smbmap-list-contents.txt"' [[smb.scan]] name = 'smbmap-execute-command' - command = 'smbmap -H {address} -P {port} -x "ipconfig /all" 2>&1 | tee -a "{servicesdir}/_smbmap-execute-command.txt"; smbmap -u null -p "" -H {address} -P {port} -x "ipconfig /all" 2>&1 | tee -a "{servicesdir}/_smbmap-execute-command.txt"' + command = 'smbmap -H {address} -P {port} -x "ipconfig /all" 2>&1 | tee -a "{servicesdir}/{address}_smbmap-execute-command.txt"; smbmap -u null -p "" -H {address} -P {port} -x "ipconfig /all" 2>&1 | tee -a "{servicesdir}/{address}_smbmap-execute-command.txt"' [[smb.manual]] description = 'Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:' commands = [ - 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="smb-vuln-ms06-025" --script-args="unsafe=1" -oA "{nmapdir}/_{protocol}_{port}_smb_ms06-025" {address}', - 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="smb-vuln-ms07-029" --script-args="unsafe=1" -oA "{nmapdir}/_{protocol}_{port}_smb_ms07-029" {address}', - 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="smb-vuln-ms08-067" --script-args="unsafe=1" -oA "{nmapdir}/_{protocol}_{port}_smb_ms08-067" {address}' + 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="smb-vuln-ms06-025" --script-args="unsafe=1" -oA "{nmapdir}/{address}_{protocol}_{port}_smb_ms06-025" {address}', + 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="smb-vuln-ms07-029" --script-args="unsafe=1" -oA "{nmapdir}/{address}_{protocol}_{port}_smb_ms07-029" {address}', + 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="smb-vuln-ms08-067" --script-args="unsafe=1" -oA "{nmapdir}/{address}_{protocol}_{port}_smb_ms08-067" {address}' ] [smtp] @@ -465,11 +465,11 @@ service-names = [ [[smtp.scan]] name = 'nmap-smtp' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_smtp_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_smtp_nmap" {address}' [[smtp.scan]] name = 'smtp-user-enum' - command = 'smtp-user-enum -M VRFY -U "{username_wordlist}" -t {address} -p {port} 2>&1 | tee "{servicesdir}/_{protocol}_{port}_smtp_user-enum.txt"' + command = 'smtp-user-enum -M VRFY -U "{username_wordlist}" -t {address} -p {port} 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_smtp_user-enum.txt"' [snmp] @@ -479,59 +479,59 @@ service-names = [ [[snmp.scan]] name = 'nmap-snmp' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/_{protocol}_{port}_snmp-nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oA "{nmapdir}/{address}_{protocol}_{port}_snmp-nmap" {address}' [[snmp.scan]] name = 'onesixtyone' - command = 'onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt -dd {address} 2>&1 | tee "{servicesdir}/_{protocol}_{port}_snmp_onesixtyone.txt"' + command = 'onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt -dd {address} 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_snmp_onesixtyone.txt"' run_once = true ports.udp = [161] [[snmp.scan]] name = 'snmpwalk' - command = 'snmpwalk -c public -v 1 {address} 2>&1 | tee "{servicesdir}/_{protocol}_{port}_snmp_snmpwalk.txt"' + command = 'snmpwalk -c public -v 1 {address} 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_snmp_snmpwalk.txt"' run_once = true ports.udp = [161] [[snmp.scan]] name = 'snmpwalk-system-processes' - command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.2.1.25.1.6.0 2>&1 | tee "{servicesdir}/_{protocol}_{port}_snmp_snmpwalk_system_processes.txt"' + command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.2.1.25.1.6.0 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_snmp_snmpwalk_system_processes.txt"' run_once = true ports.udp = [161] [[snmp.scan]] name = 'snmpwalk-running-processes' - command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.2.1.25.4.2.1.2 2>&1 | tee "{servicesdir}/_{protocol}_{port}_snmp_snmpwalk_running_processes.txt"' + command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.2.1.25.4.2.1.2 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_snmp_snmpwalk_running_processes.txt"' run_once = true ports.udp = [161] [[snmp.scan]] name = 'snmpwalk-process-paths' - command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.2.1.25.4.2.1.4 2>&1 | tee "{servicesdir}/_{protocol}_{port}_snmp_snmpwalk_process_paths.txt"' + command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.2.1.25.4.2.1.4 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_snmp_snmpwalk_process_paths.txt"' run_once = true ports.udp = [161] [[snmp.scan]] name = 'snmpwalk-storage-units' - command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.2.1.25.2.3.1.4 2>&1 | tee "{servicesdir}/_{protocol}_{port}_snmp_snmpwalk_storage_units.txt"' + command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.2.1.25.2.3.1.4 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_snmp_snmpwalk_storage_units.txt"' run_once = true ports.udp = [161] [[snmp.scan]] name = 'snmpwalk-software-names' - command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.2.1.25.6.3.1.2 2>&1 | tee "{servicesdir}/_{protocol}_{port}_snmp_snmpwalk_software_names.txt"' + command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.2.1.25.6.3.1.2 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_snmp_snmpwalk_software_names.txt"' run_once = true ports.udp = [161] [[snmp.scan]] name = 'snmpwalk-user-accounts' - command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.4.1.77.1.2.25 2>&1 | tee "{servicesdir}/_{protocol}_{port}_snmp_snmpwalk_user_accounts.txt"' + command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.4.1.77.1.2.25 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_snmp_snmpwalk_user_accounts.txt"' run_once = true ports.udp = [161] [[snmp.scan]] name = 'snmpwalk-tcp-ports' - command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.2.1.6.13.1.3 2>&1 | tee "{servicesdir}/_{protocol}_{port}_snmp_snmpwalk_tcp_ports.txt"' + command = 'snmpwalk -c public -v 1 {address} 1.3.6.1.2.1.6.13.1.3 2>&1 | tee "{servicesdir}/{address}_{protocol}_{port}_snmp_snmpwalk_tcp_ports.txt"' run_once = true ports.udp = [161] @@ -543,7 +543,7 @@ service-names = [ [[telnet.scan]] name = 'nmap-telnet' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,telnet-encryption,telnet-ntlm-info" -oA "{nmapdir}/_{protocol}_{port}_telnet-nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,telnet-encryption,telnet-ntlm-info" -oA "{nmapdir}/{address}_{protocol}_{port}_telnet-nmap" {address}' [tftp] @@ -553,7 +553,7 @@ service-names = [ [[tftp.scan]] name = 'nmap-tftp' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,tftp-enum" -oA "{nmapdir}/_{protocol}_{port}_tftp-nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,tftp-enum" -oA "{nmapdir}/{address}_{protocol}_{port}_tftp-nmap" {address}' [vnc] @@ -563,4 +563,4 @@ service-names = [ [[vnc.scan]] name = 'nmap-vnc' - command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(vnc* or realvnc* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="unsafe=1" -oA "{nmapdir}/_{protocol}_{port}_vnc_nmap" {address}' + command = 'nmap {nmap_extra} -vv -Pn -sV -p {port} --script="banner,(vnc* or realvnc* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="unsafe=1" -oA "{nmapdir}/{address}_{protocol}_{port}_vnc_nmap" {address}' diff --git a/intelspy.py b/intelspy.py index 1708509..fbe19df 100755 --- a/intelspy.py +++ b/intelspy.py @@ -27,9 +27,9 @@ # Created by @maldevel | @LOGISEK_LTD # https://logisek.com # https://pentest-labs.com -# intelspy.py Version 1.0 +# intelspy.py Version 1.1 # Released under GPL Version 3 License -# March 2020 +# 2020- import atexit @@ -58,7 +58,7 @@ ##################################################################################################################### -__version__ = 1.0 +__version__ = 1.1 @@ -314,6 +314,7 @@ def calculate_elapsed_time(start_time): async def read_stream(stream, target, tag='?', patterns=[], color=Fore.BLUE): matched_patterns = [] address = target.address + addressname = target.addressname while True: line = await stream.readline() @@ -329,7 +330,7 @@ async def read_stream(stream, target, tag='?', patterns=[], color=Fore.BLUE): if verbose >= 1: info('Task {bgreen}{tag}{rst} on {byellow}{address}{rst} - {bmagenta}' + p['description'].replace('{match}', '{bblue}{match}{crst}{bmagenta}') + '{rst}') async with target.lock: - with open(os.path.join(target.reportdir, '_extra-information.txt'), 'a') as file: + with open(os.path.join(target.reportsdir, target.address.replace('/', '_') + '_extra-information.txt'), 'a') as file: log_line = e('{tag} - {target.address} - ' + p['description'] + '\n\n') file.writelines(log_line) mp = e('{target.address} - ' + p['description'] + '\n\n').strip() @@ -343,7 +344,7 @@ async def read_stream(stream, target, tag='?', patterns=[], color=Fore.BLUE): if verbose >= 1: info('Task {bgreen}{tag}{rst} on {byellow}{address}{rst} - {bmagenta} {bblue}{match}{rst}') async with target.lock: - with open(os.path.join(target.reportdir, '_extra-information.txt'), 'a') as file: + with open(os.path.join(target.reportsdir, target.address.replace('/', '_') + '_extra-information.txt'), 'a') as file: log_line = e('{tag} - {target.address} - {match}\n\n') file.writelines(log_line) mp = e('{target.address}\n\n').strip() @@ -359,7 +360,7 @@ async def read_stream(stream, target, tag='?', patterns=[], color=Fore.BLUE): if verbose >= 1: info('Task {bgreen}{tag}{rst} on {byellow}{address}{rst} - {bmagenta}' + p['description'].replace('{match}', '{bblue}{match}{crst}{bmagenta}') + '{rst}') async with target.lock: - with open(os.path.join(target.reportdir, '_extra-information.txt'), 'a') as file: + with open(os.path.join(target.reportsdir, target.address.replace('/', '_') + '_extra-information.txt'), 'a') as file: log_line = e('{tag} - {target.address} - ' + p['description'] + '\n\n') file.writelines(log_line) mp = e('{target.address} - ' + p['description'] + '\n\n').strip() @@ -372,7 +373,7 @@ async def read_stream(stream, target, tag='?', patterns=[], color=Fore.BLUE): if verbose >= 1: info('Task {bgreen}{tag}{rst} on {byellow}{address}{rst} - {bmagenta} {bblue}{match}{rst}') async with target.lock: - with open(os.path.join(target.reportdir, '_extra-information.txt'), 'a') as file: + with open(os.path.join(target.reportsdir, target.address.replace('/', '_') + '_extra-information.txt'), 'a') as file: log_line = e('{tag} - {target.address} - {match}\n\n') file.writelines(log_line) imp = e('{target.address} - ' + p['description'] + '\n\n').strip() @@ -390,9 +391,11 @@ async def run_cmd(semaphore, cmd, target, tag='?', patterns=[]): async with semaphore: matched_patterns = [] address = target.address - reportdir = target.reportdir + addressname = target.addressname + reportsdir = target.reportsdir scandir = target.scansdir - portsdir = target.portsdir + tcpportsdir = target.tcpportsdir + udpportsdir = target.udpportsdir servicesdir = target.servicesdir screenshotsdir = target.screenshotsdir nmapdir = target.nmapdir @@ -404,7 +407,7 @@ async def run_cmd(semaphore, cmd, target, tag='?', patterns=[]): info('Running task {bgreen}{tag}{rst} on {byellow}{address}{rst}' + (' with {bblue}{cmd}{rst}' if verbose >= 2 else '')) async with target.lock: - with open(os.path.join(reportdir, '_commands.log'), 'a') as file: + with open(os.path.join(reportsdir, target.address.replace('/', '_') + '_commands.log'), 'a') as file: file.writelines(e('{cmd}\n\n')) with open(CommandsFile, 'a') as file: file.writelines(e('{cmd}\n\n')) @@ -431,7 +434,7 @@ async def run_cmd(semaphore, cmd, target, tag='?', patterns=[]): error('Task {bred}{tag}{rst} on {byellow}{address}{rst} returned non-zero exit code: {process.returncode}') async with target.lock: - with open(os.path.join(reportdir, '_errors.log'), 'a') as file: + with open(os.path.join(reportsdir, target.address.replace('/', '_') + '_errors.log'), 'a') as file: ts = datetime.now().strftime("%d/%b/%Y:%H:%M:%S") tz = datetime.now(timezone.utc).astimezone().strftime('%z') hostname = socket.gethostname() @@ -454,6 +457,7 @@ async def run_cmd(semaphore, cmd, target, tag='?', patterns=[]): async def parse_port_scan(stream, tag, target, pattern): matched_patterns = [] address = target.address + addressname = target.addressname ports = [] while True: @@ -475,7 +479,7 @@ async def parse_port_scan(stream, tag, target, pattern): if verbose >= 1: info('Task {bgreen}{tag}{rst} on {byellow}{address}{rst} - {bmagenta}' + p['description'].replace('{match}', '{bblue}{match}{crst}{bmagenta}') + '{rst}') async with target.lock: - with open(os.path.join(target.reportdir, '_extra-information.txt'), 'a') as file: + with open(os.path.join(target.reportsdir, target.address.replace('/', '_') + '_extra-information.txt'), 'a') as file: log_line = e('{tag} - {target.address} - ' + p['description'] + '\n\n') file.writelines(log_line) mp = e('{target.address} - ' + p['description'] + '\n\n').strip() @@ -488,7 +492,7 @@ async def parse_port_scan(stream, tag, target, pattern): if verbose >= 1: info('Task {bgreen}{tag}{rst} on {byellow}{address}{rst} - {bmagenta} {bblue}{match}{rst}') async with target.lock: - with open(os.path.join(target.reportdir, '_extra-information.txt'), 'a') as file: + with open(os.path.join(target.reportsdir, target.address.replace('/', '_') + '_extra-information.txt'), 'a') as file: log_line = e('{tag} - {target.address} - {match}\n\n') file.writelines(log_line) mp = e('{target.address} - ' + p['description'] + '\n\n').strip() @@ -507,6 +511,7 @@ async def parse_port_scan(stream, tag, target, pattern): async def parse_live_host_detection(stream, tag, target, pattern): matched_patterns = [] address = target.address + addressname = target.addressname host = '' livehosts = [] @@ -530,7 +535,7 @@ async def parse_live_host_detection(stream, tag, target, pattern): if verbose >= 1: info('Task {bgreen}{tag}{rst} on {byellow}{host}{rst} - {bmagenta}' + p['description'].replace('{match}', '{bblue}{match}{crst}{bmagenta}') + '{rst}') async with target.lock: - with open(os.path.join(target.reportdir, '_extra-information.txt'), 'a') as file: + with open(os.path.join(target.reportsdir, target.address.replace('/', '_') + '_extra-information.txt'), 'a') as file: log_line = e('{tag} - {host} - ' + p['description'] + '\n\n') file.writelines(log_line) mp = e('{host} - ' + p['description'] + '\n\n').strip() @@ -543,7 +548,7 @@ async def parse_live_host_detection(stream, tag, target, pattern): if verbose >= 1: info('Task {bgreen}{tag}{rst} on {byellow}{host}{rst} - {bmagenta} {bblue}{match}{rst}') async with target.lock: - with open(os.path.join(target.reportdir, '_extra-information.txt'), 'a') as file: + with open(os.path.join(target.reportsdir, target.address.replace('/', '_') + '_extra-information.txt'), 'a') as file: log_line = e('{tag} - {host} - {match}\n\n') file.writelines(log_line) mp = e('{host}\n\n').strip() @@ -562,6 +567,7 @@ async def parse_live_host_detection(stream, tag, target, pattern): async def parse_service_detection(stream, tag, target, pattern): matched_patterns = [] address = target.address + addressname = target.addressname services = [] while True: @@ -582,7 +588,7 @@ async def parse_service_detection(stream, tag, target, pattern): if verbose >= 1: info('Task {bgreen}{tag}{rst} on {byellow}{address}{rst} - {bmagenta}' + p['description'].replace('{match}', '{bblue}{match}{crst}{bmagenta}') + '{rst}') async with target.lock: - with open(os.path.join(target.reportdir, '_extra-information.txt'), 'a') as file: + with open(os.path.join(target.reportsdir, target.address.replace('/', '_') + '_extra-information.txt'), 'a') as file: log_line = e('{tag} - {target.address} - ' + p['description'] + '\n\n') file.writelines(log_line) mp = e('{target.address} - ' + p['description'] + '\n\n').strip() @@ -596,7 +602,7 @@ async def parse_service_detection(stream, tag, target, pattern): if verbose >= 1: info('Task {bgreen}{tag}{rst} on {byellow}{address}{rst} - {bmagenta} {bblue}{match}{rst}') async with target.lock: - with open(os.path.join(target.reportdir, '_extra-information.txt'), 'a') as file: + with open(os.path.join(target.reportsdir, target.address.replace('/', '_') + '_extra-information.txt'), 'a') as file: log_line = e('{tag} - {target.address} - {match}\n\n') file.writelines(log_line) mp = e('{target.address}\n\n').strip() @@ -616,11 +622,13 @@ async def run_livehostscan(semaphore, tag, target, live_host_detection): async with semaphore: address = target.address - reportdir = target.reportdir + addressname = target.addressname + reportsdir = target.reportsdir scandir = target.scansdir nmap_speed = target.speed nmap_extra = nmap - portsdir = target.portsdir + tcpportsdir = target.tcpportsdir + udpportsdir = target.udpportsdir servicesdir = target.servicesdir screenshotsdir = target.screenshotsdir nmapdir = target.nmapdir @@ -635,7 +643,7 @@ async def run_livehostscan(semaphore, tag, target, live_host_detection): info('Running live hosts detection {bgreen}{tag}{rst} on {byellow}{address}{rst}' + (' with {bblue}{command}{rst}' if verbose >= 2 else '')) async with target.lock: - with open(os.path.join(reportdir, '_commands.log'), 'a') as file: + with open(os.path.join(reportsdir, target.address.replace('/', '_') + '_commands.log'), 'a') as file: file.writelines(e('{command}\n\n')) with open(CommandsFile, 'a') as file: file.writelines(e('{command}\n\n')) @@ -661,7 +669,7 @@ async def run_livehostscan(semaphore, tag, target, live_host_detection): if process.returncode != 0: error('Live hosts detection {bred}{tag}{rst} on {byellow}{address}{rst} returned non-zero exit code: {process.returncode}') async with target.lock: - with open(os.path.join(reportdir, '_errors.log'), 'a') as file: + with open(os.path.join(reportsdir, target.address.replace('/', '_') + '_errors.log'), 'a') as file: file.writelines(e('[*] Live host detection {tag} returned non-zero exit code: {process.returncode}. Command: {command}\n')) else: info('Live hosts detection {bgreen}{tag}{rst} on {byellow}{address}{rst} finished successfully in {elapsed_time}') @@ -680,11 +688,13 @@ async def run_portscan(semaphore, tag, target, service_detection, port_scan=None ports_matched_patterns = [] services_matched_patterns = [] address = target.address - reportdir = target.reportdir + addressname = target.addressname + reportsdir = target.reportsdir scandir = target.scansdir nmap_speed = target.speed nmap_extra = nmap - portsdir = target.portsdir + tcpportsdir = target.tcpportsdir + udpportsdir = target.udpportsdir servicesdir = target.servicesdir screenshotsdir = target.screenshotsdir nmapdir = target.nmapdir @@ -701,7 +711,7 @@ async def run_portscan(semaphore, tag, target, service_detection, port_scan=None info('Running port scan {bgreen}{tag}{rst} on {byellow}{address}{rst}' + (' with {bblue}{command}{rst}' if verbose >= 2 else '')) async with target.lock: - with open(os.path.join(reportdir, '_commands.log'), 'a') as file: + with open(os.path.join(reportsdir, target.address.replace('/', '_') + '_commands.log'), 'a') as file: file.writelines(e('{command}\n\n')) with open(CommandsFile, 'a') as file: file.writelines(e('{command}\n\n')) @@ -727,7 +737,7 @@ async def run_portscan(semaphore, tag, target, service_detection, port_scan=None if process.returncode != 0: error('Port scan {bred}{tag}{rst} on {byellow}{address}{rst} returned non-zero exit code: {process.returncode}') async with target.lock: - with open(os.path.join(reportdir, '_errors.log'), 'a') as file: + with open(os.path.join(reportsdir, target.address.replace('/', '_') + '_errors.log'), 'a') as file: file.writelines(e('[*] Port scan {tag} returned non-zero exit code: {process.returncode}. Command: {command}\n')) return {'returncode': process.returncode} else: @@ -750,7 +760,7 @@ async def run_portscan(semaphore, tag, target, service_detection, port_scan=None info('Running service detection {bgreen}{tag}{rst} on {byellow}{address}{rst}' + (' with {bblue}{command}{rst}' if verbose >= 2 else '')) async with target.lock: - with open(os.path.join(reportdir, '_commands.log'), 'a') as file: + with open(os.path.join(reportsdir, target.address.replace('/', '_') + '_commands.log'), 'a') as file: file.writelines(e('{command}\n\n')) with open(CommandsFile, 'a') as file: file.writelines(e('{command}\n\n')) @@ -775,7 +785,7 @@ async def run_portscan(semaphore, tag, target, service_detection, port_scan=None if process.returncode != 0: error('Service detection {bred}{tag}{rst} on {byellow}{address}{rst} returned non-zero exit code: {process.returncode}') async with target.lock: - with open(os.path.join(reportdir, '_errors.log'), 'a') as file: + with open(os.path.join(reportsdir, target.address.replace('/', '_') + '_errors.log'), 'a') as file: file.writelines(e('[*] Service detection {tag} returned non-zero exit code: {process.returncode}. Command: {command}\n')) else: info('Service detection {bgreen}{tag}{rst} on {byellow}{address}{rst} finished successfully in {elapsed_time}') @@ -813,10 +823,12 @@ async def start_heartbeat(target, period=60): ##################################################################################################################### async def ping_and_scan(loop, semaphore, target): address = target.address - reportdir = target.reportdir + addressname = target.addressname + reportsdir = target.reportsdir scandir = target.scansdir pending = [] - portsdir = target.portsdir + tcpportsdir = target.tcpportsdir + udpportsdir = target.udpportsdir servicesdir = target.servicesdir screenshotsdir = target.screenshotsdir nmapdir = target.nmapdir @@ -860,7 +872,7 @@ async def ping_and_scan(loop, semaphore, target): info('Found live host {bmagenta}{livehost}{rst} on target {byellow}{address}{rst}') - with open(os.path.join(reportdir, '_notes.txt'), 'a') as file: + with open(os.path.join(reportsdir, target.address.replace('/', '_') + '_notes.txt'), 'a') as file: file.writelines(e('[*] Live host {livehost} found on target {address}.\n\n')) for pattern in result['patterns']: @@ -874,12 +886,14 @@ async def ping_and_scan(loop, semaphore, target): ##################################################################################################################### async def scan_services(loop, semaphore, target): address = target.address - reportdir = target.reportdir + addressname = target.addressname + reportsdir = target.reportsdir scandir = target.scansdir nmap_speed = target.speed nmap_extra = nmap pending = [] - portsdir = target.portsdir + tcpportsdir = target.tcpportsdir + udpportsdir = target.udpportsdir servicesdir = target.servicesdir screenshotsdir = target.screenshotsdir nmapdir = target.nmapdir @@ -949,7 +963,7 @@ async def scan_services(loop, semaphore, target): info('Found {bmagenta}{service}{rst} ({bmagenta}{version}{rst}) on {bmagenta}{protocol}/{port}{rst} on target {byellow}{address}{rst}') - with open(os.path.join(reportdir, '_notes.txt'), 'a') as file: + with open(os.path.join(reportsdir, target.address.replace('/', '_') + '_notes.txt'), 'a') as file: file.writelines(e('[*] {service} found on {protocol}/{port}.\n\n')) if protocol == 'udp': @@ -994,7 +1008,7 @@ async def scan_services(loop, semaphore, target): if 'manual' in service_scans_config[service_scan]: heading = False - with open(os.path.join(reportdir, '_manual_commands.log'), 'a') as file: + with open(os.path.join(reportsdir, target.address.replace('/', '_') + '_manual_commands.txt'), 'a') as file: for manual in service_scans_config[service_scan]['manual']: if 'description' in manual: if not heading: @@ -1012,7 +1026,7 @@ async def scan_services(loop, semaphore, target): if heading: file.writelines('\n') - shellscript = os.path.join(reportdir, '_manual_commands.sh') + shellscript = os.path.join(reportsdir, target.address.replace('/', '_') + '_manual_commands.sh') exists = os.path.isfile(shellscript) with open(shellscript, 'a') as file: @@ -1117,13 +1131,14 @@ def scan_live_hosts(target, concurrent_scans): start_time = time.time() info('Scanning target {byellow}{target.address}{rst} for live hosts') - livehostsdir = os.path.join(TargetsDir, target.address.replace('/', '_'), 'scans', 'live-hosts') + livehostsdir = os.path.join(TargetsDir, 'scans', 'live-hosts') target.scansdir = livehostsdir - reportdir = os.path.join(TargetsDir, target.address.replace('/', '_'), 'report') - target.reportdir = reportdir + + reportsdir = os.path.join(TargetsDir, 'reports') + target.reportsdir = reportsdir Path(livehostsdir).mkdir(parents=True, exist_ok=True) - Path(reportdir).mkdir(parents=True, exist_ok=True) + Path(reportsdir).mkdir(parents=True, exist_ok=True) # Use a lock when writing to specific files that may be written to by other asynchronous functions. target.lock = asyncio.Lock() @@ -1150,19 +1165,22 @@ def scan_host(target, concurrent_scans): start_time = time.time() info('Scanning target {byellow}{target.address}{rst}') - scandir = os.path.join(TargetsDir, target.address.replace('/', '_'), 'scans') + scandir = os.path.join(TargetsDir, 'scans') target.scansdir = scandir - reportdir = os.path.join(TargetsDir, target.address.replace('/', '_'), 'report') - target.reportdir = reportdir + reportsdir = os.path.join(TargetsDir, 'reports') + target.reportsdir = reportsdir + + tcpportsdir = os.path.join(scandir, 'ports', 'tcp') + target.tcpportsdir = tcpportsdir - portsdir = os.path.join(scandir, 'ports') - target.portsdir = portsdir + udpportsdir = os.path.join(scandir, 'ports', 'udp') + target.udpportsdir = udpportsdir servicesdir = os.path.join(scandir, 'services') target.servicesdir = servicesdir - screenshotsdir = os.path.join(TargetsDir, target.address.replace('/', '_'), 'screenshots') + screenshotsdir = os.path.join(TargetsDir, 'screenshots') target.screenshotsdir = screenshotsdir nmapdir = os.path.join(servicesdir, 'nmap') @@ -1181,8 +1199,9 @@ def scan_host(target, concurrent_scans): target.webdir = webdir Path(scandir).mkdir(parents=True, exist_ok=True) - Path(reportdir).mkdir(parents=True, exist_ok=True) - Path(portsdir).mkdir(parents=True, exist_ok=True) + Path(reportsdir).mkdir(parents=True, exist_ok=True) + Path(tcpportsdir).mkdir(parents=True, exist_ok=True) + Path(udpportsdir).mkdir(parents=True, exist_ok=True) Path(servicesdir).mkdir(parents=True, exist_ok=True) Path(screenshotsdir).mkdir(parents=True, exist_ok=True) Path(nmapdir).mkdir(parents=True, exist_ok=True) @@ -1216,8 +1235,9 @@ def scan_host(target, concurrent_scans): class Target: def __init__(self, address): self.address = address + self.addressname = address.replace('/', '_') self.screenshotsdir = '' - self.reportdir = '' + self.reportsdir = '' self.nmapdir = '' self.niktodir = '' self.dirscandir = '' @@ -1225,7 +1245,8 @@ def __init__(self, address): self.webdir = '' self.speed = speed self.scansdir = '' - self.portsdir = '' + self.tcpportsdir = '' + self.udpportsdir = '' self.servicesdir = '' self.scans = [] self.lock = None @@ -1254,12 +1275,12 @@ def createProjectDirStructure(projName, workingDir): ReportDir = os.path.join(ProjectDir, 'report', CurrentDateTime) TargetsDir = os.path.join(ProjectDir, 'targets', CurrentDateTime) - LogsFile = os.path.join(LogsDir, "_logs.txt") - DatabaseFile = os.path.join(DatabaseDir, "_database.db") + LogsFile = os.path.join(LogsDir, "logs.txt") + DatabaseFile = os.path.join(DatabaseDir, "database.db") FinalReportMDFile = os.path.join(ReportDir, "final-report.md") FinalReportHTMLFile = FinalReportMDFile.replace('.md', '.html') - CommandsFile = os.path.join(CommandsDir, "_commands.log") - ManualCommandsFile = os.path.join(CommandsDir, "_manual_commands.log") + CommandsFile = os.path.join(CommandsDir, "commands.log") + ManualCommandsFile = os.path.join(CommandsDir, "manual_commands.sh") Path(CommandsDir).mkdir(parents=True, exist_ok=True) Path(DatabaseDir).mkdir(parents=True, exist_ok=True)