RomanNum3ral
/
AutoRecon
mirror of https://github.com/Tib3rius/AutoRecon.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated Manual Commands 

Manual commands function manual() now requires two arguments to make it more advanced.
This commit is contained in:
Tib3rius 2021-08-14 19:41:10 -04:00
parent abbb455a8c
commit 37a5cfb4ee
11 changed files with 76 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
autorecon.py
View File

@ -86,6 +86,7 @@ class Service:
self.port = int(port)
self.name = name
self.secure = secure
self.manual_commands = {}
@final
def tag(self):
@ -95,6 +96,20 @@ class Service:
def full_tag(self):
return self.protocol + '/' + str(self.port) + '/' + self.name + '/' + ('secure' if self.secure else 'insecure')
@final
def add_manual_commands(self, description, commands):
if not isinstance(commands, list):
commands = [commands]
if description not in self.manual_commands:
self.manual_commands[description] = []
# Merge in new unique commands, while preserving order.
[self.manual_commands[description].append(m) for m in commands if m not in self.manual_commands[description]]
@final
def add_manual_command(self, description, command):
self.add_manual_commands(description, command)
@final
async def execute(self, cmd, blocking=True, outfile=None, errfile=None):
target = self.target
@ -209,7 +224,6 @@ class Plugin(object):
self.tags = ['default']
self.priority = 1
self.patterns = []
self.manual_commands = {}
self.autorecon = None
self.disabled = False
@ -264,20 +278,6 @@ class Plugin(object):
def get_global(self, name, default=None):
return self.get_global_option(name, default)
@final
def add_manual_commands(self, description, commands):
if not isinstance(commands, list):
commands = [commands]
if description not in self.manual_commands:
self.manual_commands[description] = []
# Merge in new unique commands, while preserving order.
[self.manual_commands[description].append(m) for m in commands if m not in self.manual_commands[description]]
@final
def add_manual_command(self, description, command):
self.add_manual_commands(description, command)
@final
def add_pattern(self, pattern, description=None):
try:
@ -470,8 +470,12 @@ class AutoRecon(object):
if member_name == 'configure':
configure_function_found = True
elif member_name == 'run' and inspect.iscoroutinefunction(member_value):
if len(inspect.signature(member_value).parameters) != 2:
fail('Error: the "run" coroutine in the plugin "' + plugin.name + '" should have two arguments.', file=sys.stderr)
run_coroutine_found = True
elif member_name == 'manual':
if len(inspect.signature(member_value).parameters) != 3:
fail('Error: the "manual" function in the plugin "' + plugin.name + '" should have three arguments.', file=sys.stderr)
manual_function_found = True
if not run_coroutine_found and not manual_function_found:
@ -913,6 +917,7 @@ async def scan_target(target):
heading = False
for plugin in target.autorecon.plugin_types['service']:
plugin_was_run = False
plugin_service_match = False
plugin_tag = service.tag() + '/' + plugin.slug
@ -971,18 +976,26 @@ async def scan_target(target):
continue
# TODO: check if plugin matches tags, BUT run manual commands anyway!
plugin_was_run = True
matching_plugins.append(plugin)
if plugin.manual_commands and (not plugin.run_once_boolean or (plugin.run_once_boolean and (plugin.slug,) not in target.scans)):
with open(os.path.join(scandir, '_manual_commands.txt'), 'a') as file:
if not heading:
file.write(e('[*] {service.name} on {service.protocol}/{service.port}\n\n'))
heading = True
for description, commands in plugin.manual_commands.items():
file.write('\t[-] ' + e(description) + '\n\n')
for command in commands:
file.write('\t\t' + e(command) + '\n\n')
file.flush()
for member_name, _ in inspect.getmembers(plugin, predicate=inspect.ismethod):
if member_name == 'manual':
plugin.manual(service, plugin_was_run)
if service.manual_commands and (not plugin.run_once_boolean or (plugin.run_once_boolean and (plugin.slug,) not in target.scans)):
with open(os.path.join(scandir, '_manual_commands.txt'), 'a') as file:
if not heading:
file.write(e('[*] {service.name} on {service.protocol}/{service.port}\n\n'))
heading = True
for description, commands in service.manual_commands.items():
file.write('\t[-] ' + e(description) + '\n\n')
for command in commands:
file.write('\t\t' + e(command) + '\n\n')
file.flush()
service.manual_commands = {}
break
break
@ -1281,12 +1294,6 @@ async def main():
# Remove duplicate lists from list.
[autorecon.excluded_tags.append(t) for t in excluded_tags if t not in autorecon.excluded_tags]
# Generate manual commands.
for _, plugin in autorecon.plugins.items():
for member_name, _ in inspect.getmembers(plugin, predicate=inspect.ismethod):
if member_name == 'manual':
plugin.manual()
raw_targets = args.targets
if len(args.target_file) > 0:

20
plugins/databases.py
View File

@ -23,8 +23,8 @@ class NmapMSSQL(ServiceScan):
def configure(self):
self.match_service_name(['^mssql', '^ms\-sql'])
def manual(self):
self.add_manual_command('(sqsh) interactive database shell:', 'sqsh -U <username> -P <password> -S {address}:{port}')
def manual(self, service, plugin_was_run):
service.add_manual_command('(sqsh) interactive database shell:', 'sqsh -U <username> -P <password> -S {address}:{port}')
async def run(self, service):
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="mssql.instance-port={port},mssql.username=sa,mssql.password=sa" -oN "{scandir}/{protocol}_{port}_mssql_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mssql_nmap.xml" {address}')
@ -39,8 +39,8 @@ class NmapMYSQL(ServiceScan):
def configure(self):
self.match_service_name('^mysql')
def manual(self):
self.add_manual_command('(sqsh) interactive database shell:', 'sqsh -U <username> -P <password> -S {address}:{port}')
def manual(self, service, plugin_was_run):
service.add_manual_command('(sqsh) interactive database shell:', 'sqsh -U <username> -P <password> -S {address}:{port}')
async def run(self, service):
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(mysql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_mysql_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mysql_nmap.xml" {address}')
@ -55,8 +55,8 @@ class NmapOracle(ServiceScan):
def configure(self):
self.match_service_name('^oracle')
def manual(self):
self.add_manual_command('Brute-force SIDs using Nmap:', 'nmap {nmap_extra} -sV -p {port} --script="banner,oracle-sid-brute" -oN "{scandir}/{protocol}_{port}_oracle_sid-brute_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_oracle_sid-brute_nmap.xml" {address}')
def manual(self, service, plugin_was_run):
service.add_manual_command('Brute-force SIDs using Nmap:', 'nmap {nmap_extra} -sV -p {port} --script="banner,oracle-sid-brute" -oN "{scandir}/{protocol}_{port}_oracle_sid-brute_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_oracle_sid-brute_nmap.xml" {address}')
async def run(self, service):
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(oracle* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_oracle_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_oracle_nmap.xml" {address}')
@ -98,8 +98,8 @@ class OracleODAT(ServiceScan):
def configure(self):
self.match_service_name('^oracle')
def manual(self):
self.add_manual_commands('Install ODAT (https://github.com/quentinhardy/odat) and run the following commands:', [
def manual(self, service, plugin_was_run):
service.add_manual_commands('Install ODAT (https://github.com/quentinhardy/odat) and run the following commands:', [
'python odat.py tnscmd -s {address} -p {port} --ping',
'python odat.py tnscmd -s {address} -p {port} --version',
'python odat.py tnscmd -s {address} -p {port} --status',
@ -118,5 +118,5 @@ class OraclePatator(ServiceScan):
def configure(self):
self.match_service_name('^oracle')
def manual(self):
self.add_manual_command('Install Oracle Instant Client (https://github.com/rapid7/metasploit-framework/wiki/How-to-get-Oracle-Support-working-with-Kali-Linux) and then bruteforce with patator:', 'patator oracle_login host={address} port={port} user=COMBO00 password=COMBO01 0=/usr/share/seclists/Passwords/Default-Credentials/oracle-betterdefaultpasslist.txt -x ignore:code=ORA-01017 -x ignore:code=ORA-28000')
def manual(self, service, plugin_was_run):
service.add_manual_command('Install Oracle Instant Client (https://github.com/rapid7/metasploit-framework/wiki/How-to-get-Oracle-Support-working-with-Kali-Linux) and then bruteforce with patator:', 'patator oracle_login host={address} port={port} user=COMBO00 password=COMBO01 0=/usr/share/seclists/Passwords/Default-Credentials/oracle-betterdefaultpasslist.txt -x ignore:code=ORA-01017 -x ignore:code=ORA-28000')

4
plugins/ftp.py
View File

@ -23,8 +23,8 @@ class BruteforceFTP(ServiceScan):
def configure(self):
self.match_service_name(['^ftp', '^ftp\-data'])
def manual(self):
self.add_manual_commands('Bruteforce logins:', [
def manual(self, service, plugin_was_run):
service.add_manual_commands('Bruteforce logins:', [
'hydra -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -P "' + self.get_global('password_wordlist', default='/usr/share/seclists/Passwords/darkweb2017-top100.txt') + '" -e nsr -s {port} -o "{scandir}/{protocol}_{port}_ftp_hydra.txt" ftp://{address}',
'medusa -U "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -P "' + self.get_global('password_wordlist', default='/usr/share/seclists/Passwords/darkweb2017-top100.txt') + '" -e ns -n {port} -O "{scandir}/{protocol}_{port}_ftp_medusa.txt" -M ftp -h {address}'
])

24
plugins/http.py
View File

@ -29,8 +29,8 @@ class BruteforceHTTP(ServiceScan):
self.match_service_name('^http')
self.match_service_name('^nacn_http$', negative_match=True)
def manual(self):
self.add_manual_commands('Credential bruteforcing commands (don\'t run these without modifying them):', [
def manual(self, service, plugin_was_run):
service.add_manual_commands('Credential bruteforcing commands (don\'t run these without modifying them):', [
'hydra -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -P "' + self.get_global('password_wordlist', default='/usr/share/seclists/Passwords/darkweb2017-top100.txt') + '" -e nsr -s {port} -o "{scandir}/{protocol}_{port}_{http_scheme}_auth_hydra.txt" {http_scheme}-get://{address}/path/to/auth/area',
'medusa -U "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -P "' + self.get_global('password_wordlist', default='/usr/share/seclists/Passwords/darkweb2017-top100.txt') + '" -e ns -n {port} -O "{scandir}/{protocol}_{port}_{http_scheme}_auth_medusa.txt" -M http -h {address} -m DIR:/path/to/auth/area',
'hydra -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -P "' + self.get_global('password_wordlist', default='/usr/share/seclists/Passwords/darkweb2017-top100.txt') + '" -e nsr -s {port} -o "{scandir}/{protocol}_{port}_{http_scheme}_form_hydra.txt" {http_scheme}-post-form://{address}/path/to/login.php:username=^USER^&password=^PASS^:invalid-login-message',
@ -85,28 +85,28 @@ class DirBuster(ServiceScan):
self.match_service_name('^http')
self.match_service_name('^nacn_http$', negative_match=True)
def manual(self):
self.add_manual_command('(feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:', [
def manual(self, service, plugin_was_run):
service.add_manual_command('(feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:', [
'feroxbuster -u {http_scheme}://{address}:{port} -t ' + str(self.get_option('threads')) + ' -w /usr/share/seclists/Discovery/Web-Content/big.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -o {scandir}/{protocol}_{port}_{http_scheme}_feroxbuster_big.txt',
'feroxbuster -u {http_scheme}://{address}:{port} -t ' + str(self.get_option('threads')) + ' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -o {scandir}/{protocol}_{port}_{http_scheme}_feroxbuster_dirbuster.txt'
])
self.add_manual_command('(gobuster v3) Multi-threaded directory/file enumeration for web servers using various wordlists:', [
service.add_manual_command('(gobuster v3) Multi-threaded directory/file enumeration for web servers using various wordlists:', [
'gobuster dir -u {http_scheme}://{address}:{port}/ -t ' + str(self.get_option('threads')) + ' -w /usr/share/seclists/Discovery/Web-Content/big.txt -e -k -s "200,204,301,302,307,403,500" -x "txt,html,php,asp,aspx,jsp" -z -o "{scandir}/{protocol}_{port}_{http_scheme}_gobuster_big.txt"',
'gobuster dir -u {http_scheme}://{address}:{port}/ -t ' + str(self.get_option('threads')) + ' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e -k -s "200,204,301,302,307,403,500" -x "txt,html,php,asp,aspx,jsp" -z -o "{scandir}/{protocol}_{port}_{http_scheme}_gobuster_dirbuster.txt"'
])
self.add_manual_command('(dirsearch) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:', [
service.add_manual_command('(dirsearch) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:', [
'dirsearch -u {http_scheme}://{address}:{port}/ -t ' + str(self.get_option('threads')) + ' -r -e txt,html,php,asp,aspx,jsp -f -w /usr/share/seclists/Discovery/Web-Content/big.txt --format=plain --output="{scandir}/{protocol}_{port}_{http_scheme}_dirsearch_big.txt"',
'dirsearch -u {http_scheme}://{address}:{port}/ -t ' + str(self.get_option('threads')) + ' -r -e txt,html,php,asp,aspx,jsp -f -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --format=plain --output="{scandir}/{protocol}_{port}_{http_scheme}_dirsearch_dirbuster.txt"'
])
self.add_manual_command('(dirb) Recursive directory/file enumeration for web servers using various wordlists:', [
service.add_manual_command('(dirb) Recursive directory/file enumeration for web servers using various wordlists:', [
'dirb {http_scheme}://{address}:{port}/ /usr/share/seclists/Discovery/Web-Content/big.txt -l -r -S -X ",.txt,.html,.php,.asp,.aspx,.jsp" -o "{scandir}/{protocol}_{port}_{http_scheme}_dirb_big.txt"',
'dirb {http_scheme}://{address}:{port}/ /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -l -r -S -X ",.txt,.html,.php,.asp,.aspx,.jsp" -o "{scandir}/{protocol}_{port}_{http_scheme}_dirb_dirbuster.txt"'
])
self.add_manual_command('(gobuster v1 & v2) Multi-threaded directory/file enumeration for web servers using various wordlists:', [
service.add_manual_command('(gobuster v1 & v2) Multi-threaded directory/file enumeration for web servers using various wordlists:', [
'gobuster -u {http_scheme}://{address}:{port}/ -t ' + str(self.get_option('threads')) + ' -w /usr/share/seclists/Discovery/Web-Content/big.txt -e -k -l -s "200,204,301,302,307,403,500" -x "txt,html,php,asp,aspx,jsp" -o "{scandir}/{protocol}_{port}_{http_scheme}_gobuster_big.txt"',
'gobuster -u {http_scheme}://{address}:{port}/ -t ' + str(self.get_option('threads')) + ' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e -k -l -s "200,204,301,302,307,403,500" -x "txt,html,php,asp,aspx,jsp" -o "{scandir}/{protocol}_{port}_{http_scheme}_gobuster_dirbuster.txt"'
])
@ -136,8 +136,8 @@ class Nikto(ServiceScan):
self.match_service_name('^http')
self.match_service_name('^nacn_http$', negative_match=True)
def manual(self):
self.add_manual_command('(nikto) old but generally reliable web server enumeration tool:', 'nikto -ask=no -h {http_scheme}://{address}:{port} 2>&1 | tee "{scandir}/{protocol}_{port}_{http_scheme}_nikto.txt"')
def manual(self, service, plugin_was_run):
service.add_manual_command('(nikto) old but generally reliable web server enumeration tool:', 'nikto -ask=no -h {http_scheme}://{address}:{port} 2>&1 | tee "{scandir}/{protocol}_{port}_{http_scheme}_nikto.txt"')
class WhatWeb(ServiceScan):
@ -182,5 +182,5 @@ class WPScan(ServiceScan):
self.match_service_name('^http')
self.match_service_name('^nacn_http$', negative_match=True)
def manual(self):
self.add_manual_command('(wpscan) WordPress Security Scanner (useful if WordPress is found):', 'wpscan --url {http_scheme}://{address}:{port}/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "{scandir}/{protocol}_{port}_{http_scheme}_wpscan.txt"')
def manual(self, service, plugin_was_run):
service.add_manual_command('(wpscan) WordPress Security Scanner (useful if WordPress is found):', 'wpscan --url {http_scheme}://{address}:{port}/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "{scandir}/{protocol}_{port}_{http_scheme}_wpscan.txt"')

4
plugins/ldap.py
View File

@ -23,7 +23,7 @@ class LDAPSearch(ServiceScan):
def configure(self):
self.match_service_name('^ldap')
def manual(self):
self.add_manual_command('ldapsearch command (modify before running):', [
def manual(self, service, plugin_was_run):
service.add_manual_command('ldapsearch command (modify before running):', [
'ldapsearch -x -D "<username>" -w "<password>"" -p {port} -h {address} -b "dc=example,dc=com" -s sub "(objectclass=*) 2>&1 | tee > "{scandir}/{protocol}_{port}_ldap_all-entries.txt"'
])

4
plugins/misc.py
View File

@ -131,8 +131,8 @@ class SMTPUserEnum(ServiceScan):
await service.execute('hydra smtp-enum://{address}:{port}/vrfy -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" 2>&1', outfile='{protocol}_{port}_smtp_user-enum_hydra_vrfy.txt')
await service.execute('hydra smtp-enum://{address}:{port}/expn -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" 2>&1', outfile='{protocol}_{port}_smtp_user-enum_hydra_expn.txt')
def manual(self):
self.add_manual_command('Try User Enumeration using "RCPT TO". Replace <TARGET-DOMAIN> with the target\'s domain name:', [
def manual(self, service, plugin_was_run):
service.add_manual_command('Try User Enumeration using "RCPT TO". Replace <TARGET-DOMAIN> with the target\'s domain name:', [
'hydra smtp-enum://{address}:{port}/rcpt -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -o "{scandir}/{protocol}_{port}_smtp_user-enum_hydra_rcpt.txt" -p <TARGET-DOMAIN>'
])

4
plugins/rdp.py
View File

@ -23,8 +23,8 @@ class BruteforceRDP(ServiceScan):
def configure(self):
self.match_service_name(['^rdp', '^ms\-wbt\-server', '^ms\-term\-serv'])
def manual(self):
self.add_manual_commands('Bruteforce logins:', [
def manual(self, service, plugin_was_run):
service.add_manual_commands('Bruteforce logins:', [
'hydra -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -P "' + self.get_global('password_wordlist', default='/usr/share/seclists/Passwords/darkweb2017-top100.txt') + '" -e nsr -s {port} -o "{scandir}/{protocol}_{port}_rdp_hydra.txt" rdp://{address}',
'medusa -U "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -P "' + self.get_global('password_wordlist', default='/usr/share/seclists/Passwords/darkweb2017-top100.txt') + '" -e ns -n {port} -O "{scandir}/{protocol}_{port}_rdp_medusa.txt" -M rdp -h {address}'
])

4
plugins/rpc.py
View File

@ -23,5 +23,5 @@ class RPCClient(ServiceScan):
def configure(self):
self.match_service_name(['^msrpc', '^rpcbind', '^erpc'])
def manual(self):
self.add_manual_command('RPC Client:', 'rpcclient -p {port} -U "" {address}')
def manual(self, service, plugin_was_run):
service.add_manual_command('RPC Client:', 'rpcclient -p {port} -U "" {address}')

4
plugins/sip.py
View File

@ -23,5 +23,5 @@ class SIPVicious(ServiceScan):
def configure(self):
self.match_service_name('^asterisk')
def manual(self):
self.add_manual_command('svwar:', 'svwar -D -m INVITE -p {port} {address}')
def manual(self, service, plugin_was_run):
service.add_manual_command('svwar:', 'svwar -D -m INVITE -p {port} {address}')

4
plugins/smb.py
View File

@ -10,8 +10,8 @@ class NmapSMB(ServiceScan):
def configure(self):
self.match_service_name(['^smb', '^microsoft\-ds', '^netbios'])
def manual(self):
self.add_manual_commands('Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:', [
def manual(self, service, plugin_was_run):
service.add_manual_commands('Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:', [
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms06-025" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms06-025.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms06-025.xml" {address}',
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms07-029" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms07-029.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms07-029.xml" {address}',
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms08-067" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms08-067.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms08-067.xml" {address}'

4
plugins/ssh.py
View File

@ -23,8 +23,8 @@ class BruteforceSSH(ServiceScan):
def configure(self):
self.match_service_name('ssh')
def manual(self):
self.add_manual_command('Bruteforce logins:', [
def manual(self, service, plugin_was_run):
service.add_manual_command('Bruteforce logins:', [
'hydra -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -P "' + self.get_global('password_wordlist', default='/usr/share/seclists/Passwords/darkweb2017-top100.txt') + '" -e nsr -s {port} -o "{scandir}/{protocol}_{port}_ssh_hydra.txt" ssh://{address}',
'medusa -U "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -P "' + self.get_global('password_wordlist', default='/usr/share/seclists/Passwords/darkweb2017-top100.txt') + '" -e ns -n {port} -O "{scandir}/{protocol}_{port}_ssh_medusa.txt" -M ssh -h {address}'
])