Specify targets and run sets of tools against them
autopwn is designed to make a pentester's life easier and more consistent by allowing them to specify tools they would like to run against targets, without having to type them in a shell or write a script. This tool will probably be useful during certain exams as well..
- Execute
pip install autopwn
- Clone the Git repository
- Change into the newly created directory
- Execute
pip install .
- Execute
docker pull rascal999/autopwn - Run
docker run -i -t rascal999/autopwn /bin/bash - In the container run
autopwn
autopwn supports a number of options, including:
-h, --help show this help message and exit
-t TARGET, --target TARGET
The file containing the targets
-m MODULE, --module MODULE
Specify module (tool or assessment) to run. Autopwn
will not drop to shell if this option is specified
-d ASSESSMENT_DIRECTORY, --assessment_directory ASSESSMENT_DIRECTORY
Specify assessment directory
-s, --with_screen Run tools in screen session
-p, --parallel Run tools in parallel regardless of assessment or
global parallel option
autopwn v0.17.0 shell. Type help or ? to list commands.
autopwn > search
Assessment Description
----------------------------------------------------------------
assessment/nmap-common-ports Run nmap scanner against common TCP ports of target.
assessment/nmap Run nmap scanner against all TCP ports on target.
assessment/drupal Run CMSmap Drupal scans against target.
assessment/dir-brute Brute force web application files.
assessment/webapp Run web application specific tools against target
assessment/udp-scan Run UDP scans against target.
assessment/windows-audit Run Windows auditing tools against target
assessment/ssl-audit Run SSL auditing tools against target.
Tool Description
----------------------------------------------------------------
tool/nmap-common-ports Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.
tool/dirb URL Bruteforcer - DIRB is a Web Content Scanner. It looks for hidden Web Objects.
tool/nmap Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.
tool/udp-proto-scanner udp-proto-scanner is a perl script which discovers UDP services by sending triggers to a list of hosts.
tool/enum4linux Enum4linux is a tool for enumerating information from Windows and Samba systems.
tool/testsslserver TestSSLServer is a simple command-line tool which contacts a SSL/TLS server (name and port are given as parameters) and obtains some information from it.
tool/httrack HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility. It allows you to download a World Wide Web site from the Internet
tool/sslscan sslscan tests SSL/TLS enabled services to discover supported cipher suites.
tool/cmsmap-drupal CMSmap - Drupal instance.
tool/nbtscan NBTScan is a program for scanning IP networks for NetBIOS name information (similar to what the Windows nbtstat tool provides against single hosts).
tool/sslyze Fast and full-featured SSL scanner.
tool/arachni Arachni is a Free/Open-Source Web Application Security Scanner aimed towards helping users evaluate the security of web applications.
tool/nikto Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items.
tool/skipfish Skipfish is an active web application security reconnaissance tool.
autopwn > use assessment/webapp
Name: webapp
Long name: Web Application
Description: Run web application specific tools against target
The follwing tools are used in this assessment:
- dirb
- httrack
- cmsmap-drupal
- arachni
- nikto
- skipfish
The following options are required for this assessment:
- target_name
- target
- port_number
- protocol
autopwn (assessment/webapp) > show options
Options for tool/assessment.
Option Value
------------------------------------------------
target_name
target
port_number
protocol
autopwn (assessment/webapp) > set target_name test
target_name = test
autopwn (assessment/webapp) > set target 127.0.0.1
target = 127.0.0.1
autopwn (assessment/webapp) > set port_number 80
port_number = 80
autopwn (assessment/webapp) > set protocol http
protocol = http
autopwn (assessment/webapp) > save
There are 6 jobs in the queue
autopwn (assessment/webapp) > run
[+] Launching dirb
[-] dirb is done..
[+] Launching httrack
[-] httrack is done..
[+] Launching cmsmap-drupal
[-] cmsmap-drupal is done..
[+] Launching arachni
[-] arachni is done..
[+] Launching nikto
[-] nikto is done..
[+] Launching skipfish
[-] skipfish is done..
autopwn (assessment/webapp) >
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature - Commit your changes:
git commit -am 'Add some feature' - Push to the branch:
git push origin my-new-feature - Submit a pull request :D
Developed by Aidan Marlin (aidan [dot] marlin [at] nccgroup [dot] com) while working at NCC Group. I'd like to thank the following contributors for their pull requests:
- Selfegris
- 0xsauby
- berdario