Coder Social home page Coder Social logo

silentsoul04 / penum Goto Github PK

View Code? Open in Web Editor NEW

This project forked from drtychai/penum

0.0 1.0 0.0 2.14 MB

Parallelized enumeration tool for red team engagements and bug bounty programs.

Shell 24.25% Dockerfile 29.11% Python 39.29% HTML 1.34% Go 6.01%

penum's Introduction

Parallel Enumerator

This project is still in progress.

The current master branch version performes the full subdomain enumeration, with JSON output to ./api/logs/subdomains-<tld>.json

This is an active enumerator. We take no responsibility for how or where this is used.

Overview

Give a host or list of hosts, the following actions are performed in this order:

  1. Concurrent subdomain discovery via:
    • subfinder
    • sublist3r
    • aiodnsbrute
    • gobuster
    • recon-ng
    • amass
  2. Subdomains resolved via massDNS (saved in database)
  3. [Not implemented] DNS flyover to discover, screenshot, and output list of HTTP servers via aquatone
  4. [Not implemented] Scan all valid HTTP servers via nikto

Installation

penum requires docker and docker-compose be installed on the host.

  • Linux sudo apt -y install docker docker-compose
  • macOS brew install docker && brew cask install docker

Usage

From the root of this repository, start all services:

docker-compose up -d

To stop all service and preserve the database:

docker-compose down

To stop all service and destroy the database:

docker-compose down -v

Backend functionality is queried through the Golang HTTP server at: http://localhost:8080

Specific Functionality

Enumerate against single FQDN/IP:

./penum -d example.com

This is equivalent to: curl -X POST -d "<target_host1>" http://<hostname>[:<port>]

Enumerate against newline-delineated list of FQDNs/IPs:

./penum -f /path/to/file

This is equivalent to: curl -F 'uploadedfile=@/path/to/hosts.txt' http://<hostname>[:<port>]/upload

View execution log:

tail -f api/logs/flask-api.log

Custom DB query:

psql -U postgres --password postgres -d penum -c "<CUSTOM_QUERY>"

Tools used

Subdomain Enumeration

  • subfinder
  • aiodnsbrute
  • sublist3r
  • amass
  • gobuster
  • massDNS
  • recon-NG

HTTP Enumeration

  • aquatone
  • httprobe
  • nikto
  • nmap
  • gobuster
  • dirsearch

Network Enumeration

  • nmap

ToDo

Network

  • Determine if network scans should be performed after subdomain enumeration or concurrently with it
  • Detect CIDR/ASN and expand range(s) to separate file for nmap consumption
  • Add nmap-parse-output support and sorting logic based on service
  • Add direct calls to shodan APIs

HTTP

  • Add in dirsearch/gobuster for inital spidering
  • (if possible) Look into possible integration for populating/producing a .burp with info

Misc

  • Integrate custom recon-ng module
  • DB integration for:
    • Subdomain enumeration to DB: Write function that ingests amass JSON output and updates DB
    • HTTP enumeration
  • Map out other core services and their port enumeration tools (e.g., SSH, DNS, SMB, RPC, SMTP, SNMP, etc.)
  • (Way down the road) Some way of visualizing data

penum's People

Contributors

cyrinux avatar drtychai avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.