PAKURI
What's PAKURI
I've consulted many pen testing tools. I then took the good points of those tools and incorporated them into my own tools. In Japanese slang, imitation is also called "paku-ru".
ぱくる (godan conjugation, hiragana and katakana パクる, rōmaji pakuru)
- eat with a wide open mouth
- steal when one isn't looking, snatch, swipe
- copy someone's idea or design
- nab, be caught by the police
Description
Sometimes, the penetration testers love to perform a complicated job. However, I always prefer the easy way. PAKURI is an semi-automated user-friendly penetration testing tool framework. You can run the popular pentest tools using only the numeric keypad, just like a game. It is also a good entry tool for the beginners. They can use PAKURI to learn the flow to the penetration testing without struggling with a confusing command line/tools.
Presentation
- November 2nd,2019: AV TOKYO 2018 Hive
- December 21-22th,2019: SECCON YOROZU 2019
Abilities of "PAKURI"
- Intelligence gathering.
- Vulnerability analysis.
- Visualize.
- Brute Force Attack.
- Exploitation.
Your benefits
By using our PAKURI, you will benefit from the following.
For redteam:
(a) Red Teams can easily perform operations such as information enumeration and vulnerability scanning.
(b) Visualizing the survey results is possible only with the numeric keypad.
For blueteam:
(c) The Blue Team can experience a dummy attack by simply operating the numeric keypad even they do not have any penetration testing skill.
For beginner:
(d) PAKURI has been created to support the early stages of penetration testing. These can be achieved with what is included in Kali-Tools. It can be useful for training the entry level pentesters.
NOTE |
---|
If you are interested, please use them in an environment under your control and at your own risk. And, if you execute the PAKURI on systems that are not under your control, it may be considered an attack and you may have legally liabillity for your action. |
Features
-
Scan
-
Exploit
-
Visualize
-
CUI-GUI switching
- PAKURI can be operated with CUI and does not require a high-spec machine, so it can be operated with Raspberry Pi.
Install
-
Update your apt and install git:
root@kali:~# apt update root@kali:~# apt install git
-
Download the PAKURI installer from the PAKURI Github repository:
root@kali:~# git clone https://github.com/01rabbit/PAKURI.git
-
CD into the PAKURI folder and run the install script:
root@kali:~# cd PAKURI root@kali:~/PAKURI# bash install.sh
Usage
-
Register the OpenVAS administrator user and password in pakuri.conf:
root@kali:~# vim /usr/share/PAKURI/pakuri.conf ...snip... # OpenVAS OMPUSER="admin" OMPPASS="admin"
-
Faraday-server is started. After starting up, access from your browser and register your workspace:
root@kali:~# systemctl start faraday-server.service root@kali:~# firefox localhost:5985
-
Register the workspace you just registered in pakuri.conf:
root@kali:~# vim /usr/share/PAKURI/pakuri.conf ...snip... # Faraday WORKSPACE="test_workspace"
-
CD into the PAKURI folder:
root@kali:~# cd /usr/share/PAKURI
-
Start PAKURI:
root@kali:/usr/share/PAKURI# ./pakuri.sh
PAKURI is not fully automated and requires the user interactions, to make sure to proceed the pentest and to avoid any unintended attack or trouble.
Keypad Operation
By operating the numeric keypad, it is possible to scan the network, scan for vulnerabilities, and perform simple pseudo attacks.
Operation check environment
- OS: KAli Linux 2019.4
- Memory: 8.0GB
Known Issues
This is intended for use Kali Linux. Operation on other OS is not guaranteed.
Contributors
If you have some new idea about this project, issue, feedback or found some valuable tool feel free to open an issue for just DM me via @Mr.Rabbit or @PAKURI.
Special thanks
Thanks to @cyberdefense_jp for contribute so many awesome ideas to this tool.