rolisoft / reconscan Goto Github PK
View Code? Open in Web Editor NEWNetwork reconnaissance and vulnerability assessment tools.
License: GNU Affero General Public License v3.0
Network reconnaissance and vulnerability assessment tools.
License: GNU Affero General Public License v3.0
When scanning a host that runs Apache 2.4.18 on both 80 (for http) and 443 (for https), the scheme doesn't appear to change to https, causing the ssl enum scans to fail. My initial guess was that the service was being misidentified by the nmap scan, but I've attached the nmap scan (with some info omitted) as well and it appears to label the service correctly as 'ssl/http'.
My other guess is that perhaps once 'http' is chosen as the scheme when it first scans port 80, it doesn't do a second check for scheme when it's scanning port 443? Looking at the timing for when the output files were created, it definitely look like port 80 is scanned before port 443. Not sure, just throwing it out there. Please let me know if I can provide any additional info.
-rw-r--r-- 1 root root 447 Jan 9 17:56 443_http_dirb.txt
-rw-r--r-- 1 root root 741 Jan 9 17:56 443_http_index.html
-rw-r--r-- 1 root root 915 Jan 9 17:56 443_http_nikto.txt
-rw-r--r-- 1 root root 7537 Jan 9 17:56 443_http_nmap.txt
-rw-r--r-- 1 root root 17621 Jan 9 17:56 443_http_nmap.xml
-rw-r--r-- 1 root root 741 Jan 9 17:56 443_http_robots.txt
-rw-r--r-- 1 root root 761 Jan 9 17:55 80_http_dirb.txt
-rw-r--r-- 1 root root 368 Jan 9 17:55 80_http_index.html
-rw-r--r-- 1 root root 914 Jan 9 17:55 80_http_nikto.txt
-rw-r--r-- 1 root root 4215 Jan 9 17:55 80_http_nmap.txt
-rw-r--r-- 1 root root 8534 Jan 9 17:55 80_http_nmap.xml
-rw-r--r-- 1 root root 565 Jan 9 17:55 80_http_robots.txt
Nmap Results (ssl-cert and ssl-date NSE scripts omitted)
PORT STATE SERVICE REASON VERSION
21/tcp open ftp syn-ack ttl 64 vsftpd 3.0.3
80/tcp open http syn-ack ttl 64 Apache httpd 2.4.18 ((Ubuntu))
| http-methods:
|_ Supported Methods: POST OPTIONS GET HEAD
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Site doesn't have a title (text/html).
443/tcp open ssl/http syn-ack ttl 64 Apache httpd 2.4.18 ((Ubuntu))
| http-methods:
|_ Supported Methods: POST OPTIONS GET HEAD
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Site doesn't have a title (text/html).
Example 1: Missing https:// when scanning port 443, causes gobuster to return no results
root@kali:~/Documents/recon/results/10.0.0.105# cat 443_http_dirb.txt
Gobuster v1.2 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dir
[+] Url/Domain : http://10.0.0.105:443/
[+] Threads : 10
[+] Wordlist : /usr/share/seclists/Discovery/Web_Content/common.txt
[+] Status codes : 200,204,301,302,307,403,500
[+] Expanded : true
=====================================================
=====================================================
Example 2: Missing https:// in index curl causes an invalid request to be sent, when sending to 443
root@kali:~/Documents/recon/results/10.0.0.105# cat 443_http_index.html
HTTP/1.1 400 Bad Request
Date: Tue, 09 Jan 2018 22:56:07 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 439
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
</p>
<hr>
<address>Apache/2.4.18 (Ubuntu) Server at vulnerable Port 443</address>
</body></html>
Example 3: Missing https:// in robots.txt curl causes an invalid request to be sent, when sending to 443
root@kali:~/Documents/recon/results/10.0.0.105# cat 443_http_robots.txt
HTTP/1.1 400 Bad Request
Date: Tue, 09 Jan 2018 22:56:07 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 439
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
</p>
<hr>
<address>Apache/2.4.18 (Ubuntu) Server at vulnerable Port 443</address>
</body></html>
Nikto appears to work fine, but I believe it will automatically try https if http fails. I noticed you had a note in the code about # -C all potentially slowing it down?
Perhaps the nikto_ssl variable is not changing to ' -ssl' for the same reason the scheme is having issues and this is causing nikto to test with http first before https (causing the slow speeds)?
'443_http_nmap.txt' doesn't require scheme, so no issues there.
root@kali:~/Desktop/weapons/ReconScan# ./vulnscan.py 'Apache 2.2.8'
Traceback (most recent call last):
File "./vulnscan.py", line 24, in
from libnmap.parser import NmapParser
ModuleNotFoundError: No module named 'libnmap'
What libraries this project needs? Please create a section with this information, I couldn't use it because of this error:
perl recon.py --help Traceback (most recent call last): File "recon.py", line 21, in <module> from libnmap.parser import NmapParser ImportError: No module named 'libnmap'
└─# python vulnscan.py --update
[] Using ExploitDB links from CVE references.
[] Using SecurityFocus links from CVE references.
[*] Extracted 0 vulnerabilites.
└─# ./vulnscan.py -u 'Apache 2.2.12'
[!] Failed to find vulns.db. Use -u to download the dependencies and build the database.
@RoliSoft , I could use your help figuring this out. It only occurs with arm64, not amd64.
Installed some dependencies:
$ apt-get install python3-libnmap python3-colorama python3-lxml
Cloned ReconScan:
$ git clone https://github.com/RoliSoft/ReconScan
Cloning into 'ReconScan'...
remote: Enumerating objects: 132, done.
remote: Total 132 (delta 0), reused 0 (delta 0), pack-reused 132
Receiving objects: 100% (132/132), 1.67 MiB | 442.00 KiB/s, done.
Resolving deltas: 100% (66/66), done.
When trying to --update
, I get the following UnicodeDecodeError
error:
$ ./vulnscan.py --update
[-] Not downloading CPE dictionary: file is less than 24 hours old.
[-] Not downloading CPE aliases: file is less than 24 hours old.
[-] Not downloading CVE entries for year 2002: file already exists.
[-] Not downloading CVE entries for year 2003: file already exists.
[-] Not downloading CVE entries for year 2004: file already exists.
[-] Not downloading CVE entries for year 2005: file already exists.
[-] Not downloading CVE entries for year 2006: file already exists.
[-] Not downloading CVE entries for year 2007: file already exists.
[-] Not downloading CVE entries for year 2008: file already exists.
[-] Not downloading CVE entries for year 2009: file already exists.
[-] Not downloading CVE entries for year 2010: file already exists.
[-] Not downloading CVE entries for year 2011: file already exists.
[-] Not downloading CVE entries for year 2012: file already exists.
[-] Not downloading CVE entries for year 2013: file already exists.
[-] Not downloading CVE entries for year 2014: file already exists.
[-] Not downloading CVE entries for year 2015: file already exists.
[-] Not downloading CVE entries for year 2016: file already exists.
[-] Not downloading CVE entries for year 2017: file already exists.
[-] Not downloading CVE entries for year 2018: file is less than 24 hours old.
[*] Initiating XML parsing...
[*] Parsing file nvd/cpe-dict.xml...
[*] Parsing file nvd/cpe-aliases.lst...
[*] Using curated ExploitDB references.
Traceback (most recent call last):
File "./vulnscan.py", line 734, in <module>
update_database()
File "./vulnscan.py", line 521, in update_database
(names, aliases, vulns) = parse_nvd_dbs()
File "./vulnscan.py", line 235, in parse_nvd_dbs
for line in file:
File "/usr/lib/python3.6/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 5050: ordinal not in range(128)
Python:
$ python3 --version
Python 3.6.7
Version info:
$ cat /etc/*{release,version}
DISTRIB_ID=Kali
DISTRIB_RELEASE=kali-rolling
DISTRIB_CODENAME=kali-rolling
DISTRIB_DESCRIPTION="Kali GNU/Linux Rolling"
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2018.4"
VERSION_ID="2018.4"
ID_LIKE=debian
ANSI_COLOR="1;31"
$ uname -a
Linux localhost 3.10.73-g5a2a297 #1 SMP PREEMPT Thu May 10 21:27:35 UTC 2018 aarch64 GNU/Linux
$ dpkg --print-architecture
arm64
$ ./vulnscan.py -u
[-] Not downloading CPE dictionary: file is less than 24 hours old.
[-] Not downloading CPE aliases: file is less than 24 hours old.
[*] Downloading CVE entries for year 2002...
--2020-05-05 17:00:15-- https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2002.xml.gz
Resolving static.nvd.nist.gov... 2600:1f18:268d:1d01:f609:5e91:8a48:f546, 18.235.227.114
Connecting to static.nvd.nist.gov|2600:1f18:268d:1d01:f609:5e91:8a48:f546|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2002.xml.gz [following]
--2020-05-05 17:00:16-- https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2002.xml.gz
Resolving nvd.nist.gov... 2600:1f18:268d:1d01:f609:5e91:8a48:f546, 54.85.30.225
Connecting to nvd.nist.gov|2600:1f18:268d:1d01:f609:5e91:8a48:f546|:443... connected.
HTTP request sent, awaiting response... 410 Data Feed/Service Retired
2020-05-05 17:00:17 ERROR 410: Data Feed/Service Retired.
I prepared your script with "chmod +x recon.py" and ran it with "./recon.py -v 192.168.10.10" and received this error......
Traceback (most recent call last):
File "./recon.py", line 21, in
from libnmap.parser import NmapParser
ImportError: No module named 'libnmap'
I did a little googleing and eventually found what I thought was the solution.....
"sudo python -m pip install python-libnmap "
I am still receiving the error listed above, so I googled some more and ran "help('modules') at the python prompt. This listed my installed modules, but libnmap was not among them.
"updatedb" & "locate libnmap" show libnmap is installed at
/usr/local/lib/python2.7/dist-packages/libnmap
Do you have any advice on why libnmap isn't working for me?
Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory:
ReconScan: https://inventory.rawsec.ml/tools.html#ReconScan
An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.
More details about features here.
Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.
Mainly because this is giving visibility to your tool and improve its referencing.
The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.
Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.
If you want to thank us, you can help make our open project better known by tweeting about it! For example:
That's all, this message is just to notify you if you care. Else you can close this issue.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.