Automated running of dirb and showmount on finding web server / nfs (2049/tcp)

app/settings.py

@@ -86,7 +86,25 @@ def createDefaultSettings(self):
 		self.actions.beginGroup('PortActions')
 		self.actions.setValue("banner", ["Grab banner", "bash -c \"echo \"\" | nc -v -n -w1 [IP] [PORT]\"", ""])
 		self.actions.setValue("nmap", ["Run nmap (scripts) on port", "nmap -Pn -sV -sC -vvvvv -p[PORT] [IP] -oA [OUTPUT]", ""])
-		self.actions.setValue("nikto", ["Run nikto", "nikto -o \"[OUTPUT].txt\" -p [PORT] -h [IP]", "http,https,ssl,soap,http-proxy,http-alt"])		
+		self.actions.setValue("nikto", ["Run nikto", "nikto -o \"[OUTPUT].txt\" -p [PORT] -h [IP]", "http,https,ssl,soap,http-proxy,http-alt"])
+
+		# -------------------------------------------
+		# Custom Implemented Scripts
+
+		self.actions.setValue("dirb", ["Run dirb http (quick)", "dirb http://[IP]:[PORT] /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -f -S -o \"[OUTPUT].txt\"", "http,https,ssl,soap,http-proxy,http-alt"])
+
+		self.actions.setValue("dirbs", ["Run dirb https (quick)", "dirb https://[IP]:[PORT] /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -f -S -o \"[OUTPUT].txt\"", "http,https,ssl,soap,http-proxy,http-alt"])
+
+		self.actions.setValue("dirbe", ["Run dirb http (exhaustive)", "dirb http://[IP]:[PORT] /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -X .conf,.html,.inc,.ini,.json,.log,.php,.py,.sql,.tar,.txt,.zip -f -S -o \"[OUTPUT].txt\"", "http,https,ssl,soap,http-proxy,http-alt"])
+
+		self.actions.setValue("dirbes", ["Run dirb https (exhaustive)", "dirb https://[IP]:[PORT] /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -X .conf,.html,.inc,.ini,.json,.log,.php,.py,.sql,.tar,.txt,.zip -f -S -o \"[OUTPUT].txt\"", "http,https,ssl,soap,http-proxy,http-alt"])
+
+		self.actions.setValue("gobuster", ["Run gobuster (exhaustive)", "gobuster dir -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -k -l -e -b 404 -x .conf,.html,.inc,.ini,.json,.log,.php,.py,.sql,.tar,.txt,.zip --threads 1 --timeout 10s -u http://[IP]:[PORT] --wildcard -z -o \"[OUTPUT].txt\"", "http,https,ssl,soap,http-proxy,http-alt"])
+
+
+		# -------------------------------------------
+
+
 		self.actions.setValue("dirbuster", ["Launch dirbuster", "java -Xmx256M -jar /usr/share/dirbuster/DirBuster-1.0-RC1.jar -u http://[IP]:[PORT]/", "http,https,ssl,soap,http-proxy,http-alt"])
 		self.actions.setValue("webslayer", ["Launch webslayer", "webslayer", "http,https,ssl,soap,http-proxy,http-alt"])
 		self.actions.setValue("whatweb", ["Run whatweb", "whatweb [IP]:[PORT] --color=never --log-brief=\"[OUTPUT].txt\"", "http,https,ssl,soap,http-proxy,http-alt"])		
@@ -111,7 +129,7 @@ def createDefaultSettings(self):
 		self.actions.setValue("snmpcheck", ["Run snmpcheck", "snmp-check -t [IP]", "snmp,snmptrap"])    ###Change from snmpcheck to snmp-check for Kali 2.0
 		self.actions.setValue("rpcinfo", ["Run rpcinfo", "rpcinfo -p [IP]", "rpcbind"])
 		self.actions.setValue("rdp-sec-check", ["Run rdp-sec-check.pl", "perl ./scripts/rdp-sec-check.pl [IP]:[PORT]", "ms-wbt-server"])
-		self.actions.setValue("showmount", ["Show nfs shares", "showmount -e [IP]", "nfs"])
+		self.actions.setValue("showmount", ["Show nfs shares", "showmount -e [IP]", "nfs,nfs_acl"])
 		self.actions.setValue("x11screen", ["Run x11screenshot", "bash ./scripts/x11screenshot.sh [IP]", "X11"])
 		self.actions.setValue("sslscan", ["Run sslscan", "sslscan --no-failed [IP]:[PORT]", "https,ssl"])
 		self.actions.setValue("sslyze", ["Run sslyze", "sslyze --regular [IP]:[PORT]", "https,ssl,ms-wbt-server,imap,pop3,smtp"])
@@ -156,11 +174,18 @@ def createDefaultSettings(self):
 
 		self.actions.beginGroup('SchedulerSettings')
 		self.actions.setValue("nikto",["http,https,ssl,soap,http-proxy,http-alt,https-alt","tcp"])
+
+		# ---------------------------------
+		# Custom Scheduled Scripts
+		self.actions.setValue("dirb",["http,https,ssl,soap,http-proxy,http-alt,https-alt","tcp"])
+		self.actions.setValue("showmount",["nfs,nfs_acl","tcp"])
+		# ---------------------------------
+
 		self.actions.setValue("screenshooter",["http,https,ssl,http-proxy,http-alt,https-alt","tcp"])
 		self.actions.setValue("smbenum",["microsoft-ds","tcp"])
-#		self.actions.setValue("enum4linux","netbios-ssn,microsoft-ds")
-#		self.actions.setValue("smb-null-sessions","netbios-ssn,microsoft-ds")
-#		self.actions.setValue("nbtscan","netbios-ns")
+		self.actions.setValue("enum4linux","netbios-ssn,microsoft-ds")
+		self.actions.setValue("smb-null-sessions","netbios-ssn,microsoft-ds")
+		self.actions.setValue("nbtscan","netbios-ns")
 		self.actions.setValue("snmpcheck",["snmp","udp"])
 		self.actions.setValue("x11screen",["X11","tcp"])
 		self.actions.setValue("snmp-default",["snmp","udp"])
@@ -430,3 +455,4 @@ def __eq__(self, other):											# returns false if settings objects are diffe
 	print s == s2
 	s2.general_default_terminal = 'whatever'
 	print s == s2
+

sparta.conf

@@ -0,0 +1,119 @@
+[GeneralSettings]
+default-terminal=gnome-terminal
+tool-output-black-background=False
+screenshooter-timeout=15000
+web-services="http,https,ssl,soap,http-proxy,http-alt,https-alt"
+enable-scheduler=True
+enable-scheduler-on-import=False
+max-fast-processes=10
+max-slow-processes=10
+
+[BruteSettings]
+store-cleartext-passwords-on-exit=True
+username-wordlist-path=/usr/share/wordlists/
+password-wordlist-path=/usr/share/wordlists/
+default-username=root
+default-password=password
+services="asterisk,afp,cisco,cisco-enable,cvs,firebird,ftp,ftps,http-head,http-get,https-head,https-get,http-get-form,http-post-form,https-get-form,https-post-form,http-proxy,http-proxy-urlenum,icq,imap,imaps,irc,ldap2,ldap2s,ldap3,ldap3s,ldap3-crammd5,ldap3-crammd5s,ldap3-digestmd5,ldap3-digestmd5s,mssql,mysql,ncp,nntp,oracle-listener,oracle-sid,pcanywhere,pcnfs,pop3,pop3s,postgres,rdp,rexec,rlogin,rsh,s7-300,sip,smb,smtp,smtps,smtp-enum,snmp,socks5,ssh,sshkey,svn,teamspeak,telnet,telnets,vmauthd,vnc,xmpp"
+no-username-services="cisco,cisco-enable,oracle-listener,s7-300,snmp,vnc"
+no-password-services="oracle-sid,rsh,smtp-enum"
+
+[StagedNmapSettings]
+stage1-ports="T:80,443"
+stage2-ports="T:25,135,137,139,445,1433,3306,5432,U:137,161,162,1434"
+stage3-ports="T:23,21,22,110,111,2049,3389,8080,U:500,5060"
+stage4-ports="T:0-20,24,26-79,81-109,112-134,136,138,140-442,444,446-1432,1434-2048,2050-3305,3307-3388,3390-5431,5433-8079,8081-29999"
+stage5-ports=T:30000-65535
+
+[ToolSettings]
+nmap-path=/usr/bin/nmap
+hydra-path=/usr/bin/hydra
+cutycapt-path=/usr/bin/cutycapt
+texteditor-path=/usr/bin/leafpad
+
+[HostActions]
+nmap-fast-tcp=Run nmap (fast TCP), nmap -Pn -F -T4 -vvvv [IP] -oA \"[OUTPUT]\"
+nmap-full-tcp=Run nmap (full TCP), nmap -Pn -sV -sC -O -p- -T4 -vvvvv [IP] -oA \"[OUTPUT]\"
+nmap-fast-udp=Run nmap (fast UDP), "nmap -n -Pn -sU -F --min-rate=1000 -vvvvv [IP] -oA \"[OUTPUT]\""
+nmap-udp-1000=Run nmap (top 1000 quick UDP), "nmap -n -Pn -sU --min-rate=1000 -vvvvv [IP] -oA \"[OUTPUT]\""
+nmap-full-udp=Run nmap (full UDP), nmap -n -Pn -sU -p- -T4 -vvvvv [IP] -oA \"[OUTPUT]\"
+unicornscan-full-udp=Run unicornscan (full UDP), unicornscan -mU -Ir 1000 [IP]:a -v
+
+[PortActions]
+banner=Grab banner, bash -c \"echo \"\" | nc -v -n -w1 [IP] [PORT]\", 
+nmap=Run nmap (scripts) on port, nmap -Pn -sV -sC -vvvvv -p[PORT] [IP] -oA [OUTPUT], 
+nikto=Run nikto, nikto -o \"[OUTPUT].txt\" -p [PORT] -h [IP], "http,https,ssl,soap,http-proxy,http-alt"
+dirb=Run dirb http (quick), dirb http://[IP]:[PORT] /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -f -S -o \"[OUTPUT].txt\", "http,https,ssl,soap,http-proxy,http-alt"
+dirbs=Run dirb https (quick), dirb https://[IP]:[PORT] /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -f -S -o \"[OUTPUT].txt\", "http,https,ssl,soap,http-proxy,http-alt"
+dirbe=Run dirb http (exhaustive), dirb http://[IP]:[PORT] /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -f -S -o \"[OUTPUT].txt\" -X ",.conf,.html,.inc,.ini,.json,.log,.php,.py,.sql,.tar,.txt,.zip", "http,https,ssl,soap,http-proxy,http-alt"
+dirbes=Run dirb https (exhaustive), dirb https://[IP]:[PORT] /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -f -S -o \"[OUTPUT].txt\" -X ",.conf,.html,.inc,.ini,.json,.log,.php,.py,.sql,.tar,.txt,.zip", "http,https,ssl,soap,http-proxy,http-alt"
+gobuster=Run gobuster (exhaustive), gobuster dir -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -k -l -e -b 404 --threads 1 --timeout 10s -u http://192.168.30.179/ --wildcard -z -o \"[OUTPUT].txt\" -x ".conf,.html,.inc,.ini,.json,.log,.php,.py,.sql,.tar,.txt,.zip", "http,https,ssl,soap,http-proxy,http-alt"
+dirbuster=Launch dirbuster, java -Xmx256M -jar /usr/share/dirbuster/DirBuster-1.0-RC1.jar -u http://[IP]:[PORT]/, "http,https,ssl,soap,http-proxy,http-alt"
+webslayer=Launch webslayer, webslayer, "http,https,ssl,soap,http-proxy,http-alt"
+whatweb=Run whatweb, "whatweb [IP]:[PORT] --color=never --log-brief=\"[OUTPUT].txt\"", "http,https,ssl,soap,http-proxy,http-alt"
+samrdump=Run samrdump, python /usr/share/doc/python-impacket/examples/samrdump.py [IP] [PORT]/SMB, "netbios-ssn,microsoft-ds"
+nbtscan=Run nbtscan, nbtscan -v -h [IP], netbios-ns
+smbenum=Run smbenum, bash ./scripts/smbenum.sh [IP], "netbios-ssn,microsoft-ds"
+enum4linux=Run enum4linux, enum4linux [IP], "netbios-ssn,microsoft-ds"
+polenum=Extract password policy (polenum), polenum [IP], "netbios-ssn,microsoft-ds"
+smb-enum-users=Enumerate users (nmap), "nmap -p[PORT] --script=smb-enum-users [IP] -vvvvv", "netbios-ssn,microsoft-ds"
+smb-enum-users-rpc=Enumerate users (rpcclient), bash -c \"echo 'enumdomusers' | rpcclient [IP] -U%\", "netbios-ssn,microsoft-ds"
+smb-enum-admins=Enumerate domain admins (net), "net rpc group members \"Domain Admins\" -I [IP] -U% ", "netbios-ssn,microsoft-ds"
+smb-enum-groups=Enumerate groups (nmap), "nmap -p[PORT] --script=smb-enum-groups [IP] -vvvvv", "netbios-ssn,microsoft-ds"
+smb-enum-shares=Enumerate shares (nmap), "nmap -p[PORT] --script=smb-enum-shares [IP] -vvvvv", "netbios-ssn,microsoft-ds"
+smb-enum-sessions=Enumerate logged in users (nmap), "nmap -p[PORT] --script=smb-enum-sessions [IP] -vvvvv", "netbios-ssn,microsoft-ds"
+smb-enum-policies=Extract password policy (nmap), "nmap -p[PORT] --script=smb-enum-domains [IP] -vvvvv", "netbios-ssn,microsoft-ds"
+smb-null-sessions=Check for null sessions (rpcclient), bash -c \"echo 'srvinfo' | rpcclient [IP] -U%\", "netbios-ssn,microsoft-ds"
+ldapsearch=Run ldapsearch, ldapsearch -h [IP] -p [PORT] -x -s base, ldap
+snmpcheck=Run snmpcheck, snmp-check -t [IP], "snmp,snmptrap"
+rpcinfo=Run rpcinfo, rpcinfo -p [IP], rpcbind
+rdp-sec-check=Run rdp-sec-check.pl, perl ./scripts/rdp-sec-check.pl [IP]:[PORT], ms-wbt-server
+showmount=Show nfs shares, showmount -e [IP], "nfs,nfs_acl"
+x11screen=Run x11screenshot, bash ./scripts/x11screenshot.sh [IP], X11
+sslscan=Run sslscan, sslscan --no-failed [IP]:[PORT], "https,ssl"
+sslyze=Run sslyze, sslyze --regular [IP]:[PORT], "https,ssl,ms-wbt-server,imap,pop3,smtp"
+rwho=Run rwho, rwho -a [IP], who
+finger=Enumerate users (finger), ./scripts/fingertool.sh [IP], finger
+smtp-enum-vrfy=Enumerate SMTP users (VRFY), smtp-user-enum -M VRFY -U /usr/share/metasploit-framework/data/wordlists/unix_users.txt -t [IP] -p [PORT], smtp
+smtp-enum-expn=Enumerate SMTP users (EXPN), smtp-user-enum -M EXPN -U /usr/share/metasploit-framework/data/wordlists/unix_users.txt -t [IP] -p [PORT], smtp
+smtp-enum-rcpt=Enumerate SMTP users (RCPT), smtp-user-enum -M RCPT -U /usr/share/metasploit-framework/data/wordlists/unix_users.txt -t [IP] -p [PORT], smtp
+ftp-default=Check for default ftp credentials, hydra -s [PORT] -C ./wordlists/ftp-default-userpass.txt -u -o \"[OUTPUT].txt\" -f [IP] ftp, ftp
+mssql-default=Check for default mssql credentials, hydra -s [PORT] -C ./wordlists/mssql-default-userpass.txt -u -o \"[OUTPUT].txt\" -f [IP] mssql, ms-sql-s
+mysql-default=Check for default mysql credentials, hydra -s [PORT] -C ./wordlists/mysql-default-userpass.txt -u -o \"[OUTPUT].txt\" -f [IP] mysql, mysql
+oracle-default=Check for default oracle credentials, hydra -s [PORT] -C ./wordlists/oracle-default-userpass.txt -u -o \"[OUTPUT].txt\" -f [IP] oracle-listener, oracle-tns
+postgres-default=Check for default postgres credentials, hydra -s [PORT] -C ./wordlists/postgres-default-userpass.txt -u -o \"[OUTPUT].txt\" -f [IP] postgres, postgresql
+snmp-default=Check for default community strings, python ./scripts/snmpbrute.py -t [IP] -p [PORT] -f ./wordlists/snmp-default.txt -b --no-colours, "snmp,snmptrap"
+snmp-brute=Bruteforce community strings (medusa), bash -c \"medusa -h [IP] -u root -P ./wordlists/snmp-default.txt -M snmp | grep SUCCESS\", "snmp,snmptrap"
+oracle-version=Get version, "msfcli auxiliary/scanner/oracle/tnslsnr_version rhosts=[IP] E", oracle-tns
+oracle-sid=Oracle SID enumeration, "msfcli auxiliary/scanner/oracle/sid_enum rhosts=[IP] E", oracle-tns
+
+[PortTerminalActions]
+netcat=Open with netcat, nc -v [IP] [PORT], 
+telnet=Open with telnet, telnet [IP] [PORT], 
+ftp=Open with ftp client, ftp [IP] [PORT], ftp
+mysql=Open with mysql client (as root), "mysql -u root -h [IP] --port=[PORT] -p", mysql
+mssql=Open with mssql client (as sa), python /usr/share/doc/python-impacket/examples/mssqlclient.py -p [PORT] sa@[IP], "mys-sql-s,codasrv-se"
+ssh=Open with ssh client (as root), ssh root@[IP] -p [PORT], ssh
+psql=Open with postgres client (as postgres), psql -h [IP] -p [PORT] -U postgres, postgres
+rdesktop=Open with rdesktop, rdesktop [IP]:[PORT], ms-wbt-server
+rpcclient=Open with rpcclient (NULL session), rpcclient [IP] -p [PORT] -U%, "netbios-ssn,microsoft-ds"
+vncviewer=Open with vncviewer, vncviewer [IP]:[PORT], vnc
+xephyr=Open with Xephyr, Xephyr -query [IP] :1, xdmcp
+rlogin=Open with rlogin, rlogin -i root -p [PORT] [IP], login
+rsh=Open with rsh, rsh -l root [IP], shell
+
+[SchedulerSettings]
+nikto="http,https,ssl,soap,http-proxy,http-alt,https-alt", tcp
+dirb="http,https,ssl,soap,http-proxy,http-alt,https-alt", tcp
+showmount="nfs,nfs_acl", tcp
+screenshooter="http,https,ssl,http-proxy,http-alt,https-alt", tcp
+smbenum=microsoft-ds, tcp
+snmpcheck=snmp, udp
+x11screen=X11, tcp
+snmp-default=snmp, udp
+smtp-enum-vrfy=smtp, tcp
+mysql-default=mysql, tcp
+mssql-default=ms-sql-s, tcp
+ftp-default=ftp, tcp
+postgres-default=postgresql, tcp
+oracle-default=oracle-tns, tcp