terça-feira, 14 de dezembro de 2010

[Shell Script] Enumeration and Scanning with Matriux "Xenon"

           1 comment   
Bom, devido a ociosidade de ontem à noite, resolvi criar este script simples para enumeração e scanning de serviços para ser utilizado com a distribuição Matriux. As ferramentas presentes no script já existem, apenas fiz um "amontoado" delas, alguns resultados são interessantes de serem analisados.

Segue o source do script.



#!/bin/bash

clear
echo
echo "---->> Enumeration and Scanning <<----"
echo
echo "Roberto Soares (espreto)"
echo "MATRIUX V0.2 - 14/12/2010"
echo "Suggestions? robertoespreto@gmail.com"
echo "Edited on 16/12/2010 by L30"
echo
mkdir /home/tiger/Desktop/Matriuxenum/
echo "Generating Directory /home/tiger/Desktop/Matriuxenum/ "
echo "Usage: domain.com.br and/or domain.com..."
echo "Enter with the domain:"
echo
read dominio
echo
echo [+] "Perform Whois scan? y/n "; read whx
if [ $whx = "y" ]
then
echo "####################################################"
echo
echo [+] "whois" $dominio
echo
whois $dominio >> /home/tiger/Desktop/Matriuxenum/whois.txt
cat /home/tiger/Desktop/Matriuxenum/whois.txt
echo
echo "whois completed on domain $dominio"
fi
echo
echo [+] "Perform dig? y/n" ; read digx
if [ $digx = "y" ]
then
echo "####################################################"
echo
echo [+] "dig" $dominio "any"
echo
echo
dig $dominio any >> /home/tiger/Desktop/Matriuxenum/dig.txt
cat /home/tiger/Desktop/Matriuxenum/dig.txt
echo
echo "dig completed on $dominio"
fi
echo
echo [+] "Perform TCPTraceroute? y/n" ; read tcpx
if [ $tcpx = "y" ]
then
echo "####################################################"
echo
echo [+] "tcptraceroute -i eth0" $dominio
echo
echo
tcptraceroute -i eth0 $dominio >> /home/tiger/Desktop/Matriuxenum/tcptrac.txt
cat /home/tiger/Desktop/Matriuxenum/tcptrac.txt
echo
echo "TCP traceroute completed on $dominio"
fi
echo
echo "#####################################################"
echo
echo "Scan with DNS tracer? y/n" ; read dnstx
if [ $dnstx = "y" ]
then
echo
echo [+] "dnstracer" $dominio
echo
echo
dnstracer $dominio >> /home/tiger/Desktop/Matriuxenum/dnstrac.txt
cat /home/tiger/Desktop/Matriuxenum/dnstrac.txt
echo
echo "DNSTRACE on $dominio completed"
fi
echo
echo "#######################################################"
echo
echo "Scan with DMitry? y/n" ; read dmitx
if [ $dmitx = "y" ]
then
echo
echo [+] "dmitry -s -e" $dominio
echo
echo
sudo dmitry -s -e $dominio >> /home/tiger/Desktop/Matriuxenum/dmit.txt
cat /home/tiger/Desktop/Matriuxenum/dmit.txt
echo
echo "Dmitry scan on $dominio completed"
fi
echo
echo "######################################################"
echo
echo "Perform DNSenum scan? y/n" ; read dnsenx
if [ $dnsenx = "y" ]
then
echo
echo [+] "perl dnsenum.pl --enum" $dominio
echo
cd /pentest/enumeration/dnsenum/
sudo perl dnsenum.pl --enum $dominio >> /home/tiger/Desktop/Matriuxenum/dnsenm.txt
cat /home/tiger/Desktop/Matriuxenum/dnsenm.txt
echo
echo "DNSenum completed on $dominio"
fi
echo
echo
echo "#####################################################"
echo
echo [+] "nmap -v --source-port 53 -sS --send-ip -n -PN -p- -f -sV --version-all -O --script=discovery -oX target_scan" $dominio
echo
cd /home/tiger/Desktop/
nmap -v --source-port 53 -sS --send-ip -n -PN -p- -f -sV --version-all -O --script=discovery -oX target_scan $dominio
echo
echo "#####################################################"
echo
echo "Scan with Nikto? y/n" ; read nikx
if [ $nikx = "y" ]
then
echo
echo [+] "nikto -update"
echo [+] "nikto -host" $dominio
echo
echo
nikto -update
nikto -host $dominio
echo
echo "Nikto completed on $dominio"
fi
echo
echo "######################################################"
echo
echo [+] "./skipfish -o /home/tiger/Desktop/output_file -W dictionaries/complete.wl http://www."$dominio
echo
echo
cd /pentest/scanners/skipfish/
sudo xterm -fg green2 -bg black -e "sudo ./skipfish -o /home/tiger/Desktop/output_file -W dictionaries/complete.wl http://www.$dominio"
echo
echo -n '[+] Want to see the log generated by skipfish now? y/n ' ; read resposta
if [ $resposta = "y" ] ; then
    firefox /home/tiger/Desktop/output_file/index.html

echo
echo -n '[+] Want to import the output of nmap with the db_autopwn metasploit? y/n ' ; read resposta_msf
     if [ $resposta_msf = "y" ] ; then
        echo "db_driver sqlite3" >> /home/tiger/Desktop/autopwn_msf
        echo "db_connect ./home/tiger/Desktop/owned.db" >> /home/tiger/Desktop/autopwn_msf
        echo "db_import_nmap_xml /home/tiger/Desktop/target_scan.xml" >> /home/tiger/Desktop/autopwn_msf
        echo "db_hosts" >> /home/tiger/Desktop/autopwn_msf
        echo "db_services" >> /home/tiger/Desktop/autopwn_msf
        echo "db_autopwn -p -t -e " >> /home/tiger/Desktop/autopwn_msf
        msfconsole -r /home/tiger/Desktop/autopwn_msf
         fi
fi
echo
echo "######################################################"
echo
echo "..: Enumeration and Scanning Complete! :.."
echo

Agora basta deixá-lo executável com o comando:


$ sudo chmod +x MATRIUXv2

e Logo após executá-lo:

$ sudo ./MATRiUXv2

Basta ler a saida dos comandos e analisá-los. :)

Obs. 01: Podem baixar através do pastebin no link abaixo:


http://pastebin.com/pmZDAvc9


Obs. 02: O script é um pouco demorado, então pode ir tomar café e relaxar um pouco! :)

UPDATE: 
Realizado algumas correções por L30. (Variaveis e logs)

Att,
Share This:    Facebook Twitter Google+ Stumble Digg

Um comentário:

  1. Anônimo27 de janeiro de 2011 às 14:46

    boa tarde chegado...

    ei cara, estava vendo seu twitter e reparei nisso

    Quem nunca, em algum dia, foi salvo pelo chkdsk? Fui salvo novamente hoje! #win

    o backtrack tem chkdsk?

    ResponderExcluir

To get the latest update of me and my works

>> <<