Plugin Updates
Added global option "domain" for use with DNS / Active Directory. Updated DNS and Kerberos plugins.
This commit is contained in:
Tib3rius
parent
2921dc283d
commit
ca18ac9403
|
|
@ -5,3 +5,7 @@ help = 'A wordlist of usernames, useful for bruteforcing. Default: %(default)s'
|
||||||
[global.password-wordlist]
|
[global.password-wordlist]
|
||||||
default = '/usr/share/seclists/Passwords/darkweb2017-top100.txt'
|
default = '/usr/share/seclists/Passwords/darkweb2017-top100.txt'
|
||||||
help = 'A wordlist of passwords, useful for bruteforcing. Default: %(default)s'
|
help = 'A wordlist of passwords, useful for bruteforcing. Default: %(default)s'
|
||||||
|
|
||||||
|
[global.domain]
|
||||||
|
default = false
|
||||||
|
help = 'The domain to use (if known). Used for DNS and/or Active Directory.'
|
||||||
|
|
|
||||||
|
|
@ -22,13 +22,12 @@ class DNSZoneTransfer(ServiceScan):
|
||||||
|
|
||||||
def configure(self):
|
def configure(self):
|
||||||
self.match_service_name('^domain')
|
self.match_service_name('^domain')
|
||||||
self.add_option('domain', help='The domain name to perform a zone transfer on.')
|
|
||||||
|
|
||||||
async def run(self, service):
|
async def run(self, service):
|
||||||
if self.get_option('domain') is None:
|
if self.get_global('domain'):
|
||||||
await service.execute('dig AXFR -p {port} @{address}', outfile='{protocol}_{port}_dns_zone-transfer.txt')
|
await service.execute('dig AXFR -p {port} @{address} ' + self.get_global('domain'), outfile='{protocol}_{port}_dns_zone-transfer.txt')
|
||||||
else:
|
else:
|
||||||
await service.execute('dig AXFR -p {port} @{address} ' + self.get_option('domain'), outfile='{protocol}_{port}_dns_zone-transfer.txt')
|
await service.execute('dig AXFR -p {port} @{address}', outfile='{protocol}_{port}_dns_zone-transfer.txt')
|
||||||
|
|
||||||
class DNSReverseLookup(ServiceScan):
|
class DNSReverseLookup(ServiceScan):
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -11,4 +11,7 @@ class NmapKerberos(ServiceScan):
|
||||||
self.match_service_name(['^kerberos', '^kpasswd'])
|
self.match_service_name(['^kerberos', '^kpasswd'])
|
||||||
|
|
||||||
async def run(self, service):
|
async def run(self, service):
|
||||||
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,krb5-enum-users" -oN "{scandir}/{protocol}_{port}_kerberos_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_kerberos_nmap.xml" {address}')
|
if self.get_global('domain') and self.get_global('username-wordlist'):
|
||||||
|
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="' + self.get_global('domain') + '",userdb="' + self.get_global('username-wordlist') + '" -oN "{scandir}/{protocol}_{port}_kerberos_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_kerberos_nmap.xml" {address}')
|
||||||
|
else:
|
||||||
|
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,krb5-enum-users" -oN "{scandir}/{protocol}_{port}_kerberos_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_kerberos_nmap.xml" {address}')
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue