rolisoft / reconscan Goto Github PK

View Code? Open in Web Editor NEW

390.0 390.0 99.0 2.39 MB

Network reconnaissance and vulnerability assessment tools.

License: GNU Affero General Public License v3.0

Python 100.00%

reconscan's People

Contributors

Stargazers

Watchers

Forkers

cys3c shekkbuilder awesome-security awesome-python minkione pirate-sapce securitywarrior mgcfish lubyruffy chennqqi sh1nu11bi dobbythefreeelf haziqpkpps maskedfox irivera007 cs24 h1d3r av1080p nimdakey rum3ch peval 0x4e38 grukz uvbs pombredanne 740i tobey123 backupmanager joaosanto alpha0king raimundojimenez ro9ueadmin terncgod zuoshouxu hybridious ambrosektal yeyingtomorrow opt9 c0ntr07 yipingshen2018 strunz983 faspl aarandomhacker michaelwayneliu w1ck3dth1ngs ikszero xv-igor-g pdelteil sneezy-ladybug seabreg bruck1701 natrix-fork jjsdub556 qing-q xpelican rpsamuel wojtekwm jasonjerry th3f1v3 5l1v3r1 zorroroot rfma swastikdey175 kelvinlener danzee1 pagosasia bughunter001 tounsi007 v4quero tamjid0x01 hartl3y94 manoj04418 yangjietadie mskott83 sashka3076 roh03 seronsecurity thomasxm jrhenderson11 hxlxmjxbbxs jpgress shivbhproject m0lw9re capivaracloud cyberdefender1 bp-red-team

reconscan's Issues

SSL Not Working

When scanning a host that runs Apache 2.4.18 on both 80 (for http) and 443 (for https), the scheme doesn't appear to change to https, causing the ssl enum scans to fail. My initial guess was that the service was being misidentified by the nmap scan, but I've attached the nmap scan (with some info omitted) as well and it appears to label the service correctly as 'ssl/http'.

My other guess is that perhaps once 'http' is chosen as the scheme when it first scans port 80, it doesn't do a second check for scheme when it's scanning port 443? Looking at the timing for when the output files were created, it definitely look like port 80 is scanned before port 443. Not sure, just throwing it out there. Please let me know if I can provide any additional info.

-rw-r--r-- 1 root root   447 Jan  9 17:56 443_http_dirb.txt
-rw-r--r-- 1 root root   741 Jan  9 17:56 443_http_index.html
-rw-r--r-- 1 root root   915 Jan  9 17:56 443_http_nikto.txt
-rw-r--r-- 1 root root  7537 Jan  9 17:56 443_http_nmap.txt
-rw-r--r-- 1 root root 17621 Jan  9 17:56 443_http_nmap.xml
-rw-r--r-- 1 root root   741 Jan  9 17:56 443_http_robots.txt
-rw-r--r-- 1 root root   761 Jan  9 17:55 80_http_dirb.txt
-rw-r--r-- 1 root root   368 Jan  9 17:55 80_http_index.html
-rw-r--r-- 1 root root   914 Jan  9 17:55 80_http_nikto.txt
-rw-r--r-- 1 root root  4215 Jan  9 17:55 80_http_nmap.txt
-rw-r--r-- 1 root root  8534 Jan  9 17:55 80_http_nmap.xml
-rw-r--r-- 1 root root   565 Jan  9 17:55 80_http_robots.txt

Nmap Results (ssl-cert and ssl-date NSE scripts omitted)

PORT    STATE SERVICE  REASON         VERSION
21/tcp  open  ftp      syn-ack ttl 64 vsftpd 3.0.3
80/tcp  open  http     syn-ack ttl 64 Apache httpd 2.4.18 ((Ubuntu))
| http-methods: 
|_  Supported Methods: POST OPTIONS GET HEAD
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Site doesn't have a title (text/html).
443/tcp open  ssl/http syn-ack ttl 64 Apache httpd 2.4.18 ((Ubuntu))
| http-methods: 
|_  Supported Methods: POST OPTIONS GET HEAD
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Site doesn't have a title (text/html).

Example 1: Missing https:// when scanning port 443, causes gobuster to return no results

root@kali:~/Documents/recon/results/10.0.0.105# cat 443_http_dirb.txt 

Gobuster v1.2                OJ Reeves (@TheColonial)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : http://10.0.0.105:443/
[+] Threads      : 10
[+] Wordlist     : /usr/share/seclists/Discovery/Web_Content/common.txt
[+] Status codes : 200,204,301,302,307,403,500
[+] Expanded     : true
=====================================================
=====================================================

Example 2: Missing https:// in index curl causes an invalid request to be sent, when sending to 443

root@kali:~/Documents/recon/results/10.0.0.105# cat 443_http_index.html 
HTTP/1.1 400 Bad Request
Date: Tue, 09 Jan 2018 22:56:07 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 439
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
<hr>
<address>Apache/2.4.18 (Ubuntu) Server at vulnerable Port 443</address>
</body></html>

Example 3: Missing https:// in robots.txt curl causes an invalid request to be sent, when sending to 443

root@kali:~/Documents/recon/results/10.0.0.105# cat 443_http_robots.txt
HTTP/1.1 400 Bad Request
Date: Tue, 09 Jan 2018 22:56:07 GMT
Server: Apache/2.4.18 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Length: 439
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
<hr>
<address>Apache/2.4.18 (Ubuntu) Server at vulnerable Port 443</address>
</body></html>

Nikto appears to work fine, but I believe it will automatically try https if http fails. I noticed you had a note in the code about # -C all potentially slowing it down?

Perhaps the nikto_ssl variable is not changing to ' -ssl' for the same reason the scheme is having issues and this is causing nikto to test with http first before https (causing the slow speeds)?

'443_http_nmap.txt' doesn't require scheme, so no issues there.

vulns.db error

While using the "vulnscan.py", I am facing the following error:

I have already updated all the databases with following command:

#./vulnscan -u (To download all the dependencies)

Tell me, how to download or update this "vulns.db". Thanks.....

Inventory notification

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory:

ReconScan: https://inventory.rawsec.ml/tools.html#ReconScan

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool and improve its referencing.

Badges

The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make our open project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care. Else you can close this issue.

vulnscan.py --update ( not working)

└─# python vulnscan.py --update
[] Using ExploitDB links from CVE references.
[] Using SecurityFocus links from CVE references.
[*] Extracted 0 vulnerabilites.

└─# ./vulnscan.py -u 'Apache 2.2.12'
[!] Failed to find vulns.db. Use -u to download the dependencies and build the database.

Project System Requirements

What libraries this project needs? Please create a section with this information, I couldn't use it because of this error:
perl recon.py --help Traceback (most recent call last): File "recon.py", line 21, in <module> from libnmap.parser import NmapParser ImportError: No module named 'libnmap'

. /vunlsscan.py -u erro

$ ./vulnscan.py -u
[-] Not downloading CPE dictionary: file is less than 24 hours old.
[-] Not downloading CPE aliases: file is less than 24 hours old.
[*] Downloading CVE entries for year 2002...
--2020-05-05 17:00:15-- https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2002.xml.gz
Resolving static.nvd.nist.gov... 2600:1f18:268d:1d01:f609:5e91:8a48:f546, 18.235.227.114
Connecting to static.nvd.nist.gov|2600:1f18:268d:1d01:f609:5e91:8a48:f546|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2002.xml.gz [following]
--2020-05-05 17:00:16-- https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2002.xml.gz
Resolving nvd.nist.gov... 2600:1f18:268d:1d01:f609:5e91:8a48:f546, 54.85.30.225
Connecting to nvd.nist.gov|2600:1f18:268d:1d01:f609:5e91:8a48:f546|:443... connected.
HTTP request sent, awaiting response... 410 Data Feed/Service Retired
2020-05-05 17:00:17 ERROR 410: Data Feed/Service Retired.

Required modules

I prepared your script with "chmod +x recon.py" and ran it with "./recon.py -v 192.168.10.10" and received this error......

Traceback (most recent call last):
File "./recon.py", line 21, in
from libnmap.parser import NmapParser
ImportError: No module named 'libnmap'

I did a little googleing and eventually found what I thought was the solution.....

"sudo python -m pip install python-libnmap "

I am still receiving the error listed above, so I googled some more and ran "help('modules') at the python prompt. This listed my installed modules, but libnmap was not among them.

"updatedb" & "locate libnmap" show libnmap is installed at
/usr/local/lib/python2.7/dist-packages/libnmap

Do you have any advice on why libnmap isn't working for me?

UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 5050

@RoliSoft , I could use your help figuring this out. It only occurs with arm64, not amd64.

Commands:

Installed some dependencies:

$ apt-get install python3-libnmap python3-colorama python3-lxml

Cloned ReconScan:

$ git clone https://github.com/RoliSoft/ReconScan

Cloning into 'ReconScan'...
remote: Enumerating objects: 132, done.
remote: Total 132 (delta 0), reused 0 (delta 0), pack-reused 132
Receiving objects: 100% (132/132), 1.67 MiB | 442.00 KiB/s, done.
Resolving deltas: 100% (66/66), done.

When trying to --update, I get the following UnicodeDecodeError error:

$ ./vulnscan.py --update

[-] Not downloading CPE dictionary: file is less than 24 hours old.
[-] Not downloading CPE aliases: file is less than 24 hours old.
[-] Not downloading CVE entries for year 2002: file already exists.
[-] Not downloading CVE entries for year 2003: file already exists.
[-] Not downloading CVE entries for year 2004: file already exists.
[-] Not downloading CVE entries for year 2005: file already exists.
[-] Not downloading CVE entries for year 2006: file already exists.
[-] Not downloading CVE entries for year 2007: file already exists.
[-] Not downloading CVE entries for year 2008: file already exists.
[-] Not downloading CVE entries for year 2009: file already exists.
[-] Not downloading CVE entries for year 2010: file already exists.
[-] Not downloading CVE entries for year 2011: file already exists.
[-] Not downloading CVE entries for year 2012: file already exists.
[-] Not downloading CVE entries for year 2013: file already exists.
[-] Not downloading CVE entries for year 2014: file already exists.
[-] Not downloading CVE entries for year 2015: file already exists.
[-] Not downloading CVE entries for year 2016: file already exists.
[-] Not downloading CVE entries for year 2017: file already exists.
[-] Not downloading CVE entries for year 2018: file is less than 24 hours old.
[*] Initiating XML parsing...
[*] Parsing file nvd/cpe-dict.xml...
[*] Parsing file nvd/cpe-aliases.lst...
[*] Using curated ExploitDB references.
Traceback (most recent call last):
  File "./vulnscan.py", line 734, in <module>
	update_database()
  File "./vulnscan.py", line 521, in update_database
	(names, aliases, vulns) = parse_nvd_dbs()
  File "./vulnscan.py", line 235, in parse_nvd_dbs
	for line in file:
  File "/usr/lib/python3.6/encodings/ascii.py", line 26, in decode
	return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 5050: ordinal not in range(128)

Python:

$ python3 --version

Python 3.6.7

Version info:

$ cat /etc/*{release,version}

DISTRIB_ID=Kali
DISTRIB_RELEASE=kali-rolling
DISTRIB_CODENAME=kali-rolling
DISTRIB_DESCRIPTION="Kali GNU/Linux Rolling"
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2018.4"
VERSION_ID="2018.4"
ID_LIKE=debian
ANSI_COLOR="1;31"

$ uname -a

Linux localhost 3.10.73-g5a2a297 #1 SMP PREEMPT Thu May 10 21:27:35 UTC 2018 aarch64 GNU/Linux

$ dpkg --print-architecture

arm64