Coder Social home page Coder Social logo

srand2 / zeroscan Goto Github PK

View Code? Open in Web Editor NEW

This project forked from b34mr/zeroscan

0.0 0.0 0.0 216 KB

Zeroscan is a Domain Controller vulnerability scanner, that currently includes checks for Zerologon (CVE-2020-1472), MS-PAR/MS-RPRN and SMBv2 Signing.

License: MIT License

Python 100.00%

zeroscan's Introduction

zeroscan

Zeroscan is a Domain Controller vulnerability scanner, that currently includes checks for Zerologon (CVE-2020-1472), MS-PAR/MS-RPRN and SMBv2 Signing.


CVE-2020-1472:

Uses a built-in script to check for Zerologon (CVE-2020-1472), but does NOT attempt to exploit the target, it is simply a vulnerability scanner. Codebase borrowed from: https://github.com/SecuraBV/CVE-2020-1472


MS-PAR / MS-RPRN:

Uses a wrapper around Impacket's rpcdump to check if the print services MS-PAR and MS-RPRN are remotely accessible. This check may help to determine if the target is vulnerable to CVE-2021-1675.


SMBv2 Signing:

Uses a wrapper around the Nmap Scripting Engine (NSE) script 'smb2-security-mode', to identify the target's SMBv2 signing configuration.


Supported Python versions


Installation:

git clone https://github.com/NickSanzotta/zeroscan.git
cd zeroscan/
virtualenv -p /usr/bin/python3.9 venv
source venv/bin/activate
python3 -m pip install -r requirements.txt

Menu:

Zeroscan
--------------------------------------------------

Usage:
  python3 zeroscan.py -t dc01 192.168.1.10
  python3 zeroscan.py -iL /path/to/targetfile.txt
  python3 zeroscan.py -iL /path/to/targetfile.txt --database
  python3 zeroscan.py -iL /path/to/targetfile.txt --drop-table
  python3 zeroscan.py -iL /path/to/targetfile.txt -r
  python3 zeroscan.py -iL /path/to/targetfile.txt -v


Primary options:
  -t TARGET TARGET     Single target using netbiosname and ipaddress. I.e "dc01 192.168.1.10"
  -iL TARGETSFILE      File that contains one target per line using netbiosname and ipaddress. I.e "dc01 192.168.1.10"

Secondary options:
  --database DATABASE  Filepath for database file.
  --drop-table         Drops database table.
  -r, --rpc-message    Turn on RPC response messages for CVE-2020-1472, helpful when troubleshooting connectivity issues.
  -v, --verbose        Turn on verbosity, helpful when debugging code.
  -h, --help           Show this help message and exit.

Sample Output:

╔════════════════════════════════════════════════════════ ZEROSCAN ═════════════════════════════════════════════════════════╗
╚═══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝
Impacket v0.9.23

./zeroscan.py -iL targets.txt
CVE-2020-1472
DC01 192.168.160.134  - AUTH-ATTEMPTS: 26
DC02 192.168.160.133  - AUTH-ATTEMPTS: 1
DC03 192.168.160.137  - AUTH-ATTEMPTS: 2000


Impacket v0.9.23

rpcdump.py @ipaddress
MS-PAR/MS-RPRN
DC01 192.168.160.134 - MS-PAR: False, MS-RPRN: False
DC02 192.168.160.133 - MS-PAR: False, MS-RPRN: False
DC03 192.168.160.137 - MS-PAR: True, MS-RPRN: True


Nmap 7.91

nmap -Pn --script smb2-security-mode -p 445 -iL ./outputfiles/targets.txt -oX ./outputfiles/xml/smb2-security-mode.xml
SMB2-SECURITY-MODE
192.168.160.134 - MESSAGE SIGNING ENABLED BUT NOT REQUIRED
192.168.160.137 - MESSAGE SIGNING ENABLED AND REQUIRED


                                              Zeroscan Database
╔══════════╤═════════════════╤════════════════╤════════╤═════════╤══════════════════════════════════════════╗
║ Hostname │ IP Address      │ CVE_2020_1472  │ MS_PAR │ MS_RPRN │ SMBv2_Signing                            ║
╟──────────┼─────────────────┼────────────────┼────────┼─────────┼──────────────────────────────────────────╢
║ DC01     │ 192.168.160.134 │ VULNERABLE     │ False  │ False   │ Message signing enabled but not required ║
║ DC02     │ 192.168.160.133 │ NA             │ False  │ False   │ NA                                       ║
║ DC03     │ 192.168.160.137 │ NOT VULNERABLE │ True   │ True    │ Message signing enabled and required     ║
╚══════════╧═════════════════╧════════════════╧════════╧═════════╧══════════════════════════════════════════╝

Demo - Multi-target:

Zeroscan Demo

zeroscan's People

Contributors

b34mr avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.