πŸ”’
There are new articles available, click to refresh the page.
Yesterday β€” 17 October 2021Tools

Fapro - Free, Cross-platform, Single-file mass network protocol server simulator

17 October 2021 at 20:30
By: Zion3R


FaPro is a Fake Protocol Server tool, Can easily start or stop multiple network services.

The goal is to support as many protocols as possible, and support as many deep interactions as possible for each protocol.


Features
  • Supported Running Modes:
    • Local Machine
    • Virtual Network
  • Supported Protocols:
    • DNS
    • DCE/RPC
    • EIP
    • Elasticsearch
    • FTP
    • HTTP
    • IEC 104
    • Memcached
    • Modbus
    • MQTT
    • MySQL
    • RDP
    • Redis
    • S7
    • SMB
    • SMTP
    • SNMP
    • SSH
    • Telnet
    • VNC
    • IMAP
    • POP3
  • Use TcpForward to forward network traffic
  • Support tcp syn logging

Protocol simulation demos

Rdp

Support credssp ntlmv2 nla authentication.

Support to configure the image displayed when user login.


SSH

Support user login.

Support fake terminal commands, such as id, uid, whoami, etc.

Account format: username:password:home:uid


IMAP & SMTP

Support user login and interaction.



Mysql

Support sql statement query interaction



HTTP

Support website clone, You need to install the chrome browser and chrome driver to work.


Quick Start

Generate Config

The configuration of all protocols and parameters is generated by genConfig subcommand.

Use 172.16.0.0/16 subnet to generate the configuration file:

fapro genConfig -n 172.16.0.0/16 > fapro.json

Or use local address instead of the virtual network:

fapro genConfig > fapro.json

Run the protocol simulator

Run FaPro in verbose mode and start the web service on port 8080:

fapro run -v -l :8080

Tcp syn logging

For windows users, please install winpcap or npcap.


Log analysis

Use ELK to analyze protocol logs:



Configuration

This section contains the sample configuration used by FaPro.

{
"version": "0.38",
"network": "127.0.0.1/32",
"network_build": "localhost",
"storage": null,
"geo_db": "/tmp/geoip_city.mmdb",
"hostname": "fapro1",
"use_logq": true,
"cert_name": "unknown",
"syn_dev": "any",
"exclusions": [],
"hosts": [
{
"ip": "127.0.0.1",
"handlers": [
{
"handler": "dcerpc",
"port": 135,
"params": {
"accounts": [
"administrator:123456",
],
"domain_name": "DESKTOP-Q1Test"
}
}
]
}
]
}
  • version: Configuration version.
  • network: The subnet used by the virtual network or the address bound to the local machine(Local mode).
  • network_build: Network mode(supported value: localhost, all, userdef)
    • localhost: Local mode, all services are listening on the local machine
    • all: Create all hosts in the subnet(i.e., Can ping all the host in the subnet)
    • userdef: Create only the hosts specified in the hosts configuration.
  • storage: Specify the storage used for log collection, support sqlite, mysql, elasticsearch. e.g.
  • geo_db: MaxMind geoip2 database file path, used to generate ip geographic location information. if you use Elasticsearch storage, never need this field, it will be automatically generated using the geoip processor of Elasticsearch.
  • hostname: Specify the host field in the log.
  • use_logq: Use local disk message queue to save logs, and then send it to remote mysql or Elasticsearch to prevent remote log loss.
  • cert_name: Common name of the generated certificate.
  • syn_dev: Specify the network interface used to capture tcp syn packets. If it is empty, the tcp syn packet will not be recorded. On windows, the device name is like "\Device\NPF_{xxxx-xxxx}".
  • exclusions: Exclude remote ips from logs.
  • hosts: Each item is a host configuration.
  • handlers: Service configuration, the service configured on the host, each item is a service configuration.
  • handler: Service name (i.e., protocol name)
  • params: Set the parameters supported by the service.

Example

Create a virtual network, The subnet is 172.16.0.0/24, include 2 hosts,

172.16.0.3 run dns, ssh service,

and 172.16.0.5 run rpc, rdp service,

protocol access logs are saved to elasticsearch, exclude the access log of 127.0.0.1.

{
"version": "0.38",
"network": "172.16.0.0/24",
"network_build": "userdef",
"storage": "es://http://127.0.0.1:9200",
"use_logq": true,
"cert_name": "unknown",
"syn_dev": "any",
"geo_db": "",
"exclusions": ["127.0.0.1"],
"hosts": [
{
"ip": "172.16.0.3",
"handlers": [
{
"handler": "dns",
"port": 53,
"params": {
"accounts": [
"admin:123456"
],
"appname": "domain"
}
},
{
"handler": "ssh",
"port": 22,
"params": {
"accounts": [
"root:5555555:/root:0"
],
"prompt": "$ ",
"server_version": "SSH-2.0-OpenSSH_7.4"
}
}
]
},
{
"ip": "172.16.0.5",
"handlers": [
{
"handler": "dcerpc",
"port": 135,
"params": {
"accounts": [
"administrator:123456"
],
"domain_name": "DESKTOP-Q1Test"
}
},
{
"handler": "rdp",
"port": 3389,
"params": {
"accounts": [
"administrator:123456"
],
"auth": false,
"domain_name": "DESKTOP-Q1Test",
"image": "rdp.jpg",
"sec_layer": "auto"
}
}
]
}
]
}

FAQ

We have collected some frequently asked questions. Before reporting an issue, please search if the FAQ has the answer to your problem.


Contributing
  • Issues are welcome.


DorkScout - Golang Tool To Automate Google Dork Scan Against The Entiere Internet Or Specific Targets

17 October 2021 at 11:30
By: Zion3R


dokrscout is a tool to automate the finding of vulnerable applications or secret files around the internet throught google searches, dorkscout first starts by fetching the dorks lists from https://www.exploit-db.com/google-hacking-database and then it scans a given target or everything it founds


Installation

dorkscout can be installed in different ways:


Go Packages

throught Golang Packages (golang package manager)

go get github.com/R4yGM/dorkscout

this will work for every platform


Docker

if you don't have docker installed you can follow their guide

first of all you have to pull the docker image (only 17.21 MB) from the docker registry, you can see it here, if you don't want to pull the image you can also clone the repository and then build the image from the Dockerfile

docker pull r4yan/dorkscout:latest

if you don't want to pull the image you can download or copy the dorkscout Dockerfile that can be found here and then build the image from the Dockerfile

then if you want to launch the container you have to first create a volume to share your files to the container

docker volume create --name dorkscout_data

using docker when you launch the container it will automatically install the dork lists inside a directory called "dorkscout" :

Vulnerability Data.dorkscout' -rw-r--r-- 1 r4yan r4yan 49048 Jul 31 14:56 'Pages Containing Login Portals.dorkscout' -rw-r--r-- 1 r4yan r4yan 16112 Jul 31 14:56 'Sensitive Directories.dorkscout' -rw-r--r-- 1 r4yan r4yan 451 Jul 31 14:56 'Sensitive Online Shopping Info.dorkscout' -rw-r--r-- 1 r4yan r4yan 29938 Jul 31 14:56 'Various Online Devices.dorkscout' -rw-r--r-- 1 r4yan r4yan 2802 Jul 31 14:56 'Vulnerable Files.dorkscout' -rw-r--r-- 1 r4yan r4yan 4925 Jul 31 14:56 'Vulnerable Servers.dorkscout' -rw-r--r-- 1 r4yan r4yan 8145 Jul 31 14:56 'Web Server Detection.dorkscout' ">
-rw-r--r-- 1 r4yan r4yan   110 Jul 31 14:56  .dorkscout
-rw-r--r-- 1 r4yan r4yan 79312 Aug 10 20:30 'Advisories and Vulnerabilities.dorkscout'
-rw-r--r-- 1 r4yan r4yan 6352 Jul 31 14:56 'Error Messages.dorkscout'
-rw-r--r-- 1 r4yan r4yan 38448 Jul 31 14:56 'Files Containing Juicy Info.dorkscout'
-rw-r--r-- 1 r4yan r4yan 17110 Jul 31 14:56 'Files Containing Passwords.dorkscout'
-rw-r--r-- 1 r4yan r4yan 1879 Jul 31 14:56 'Files Containing Usernames.dorkscout'
-rw-r--r-- 1 r4yan r4yan 5398 Jul 31 14:56 Footholds.dorkscout
-rw-r--r-- 1 r4yan r4yan 5568 Jul 31 14:56 'Network or Vulnerability Data.dorkscout'
-rw-r--r-- 1 r4yan r4yan 49048 Jul 31 14:56 'Pages Containing Login Portals.dorkscout'
-rw-r--r-- 1 r4yan r4yan 16112 Jul 31 14:56 'Sensitive Directories.dorkscout'
-rw-r--r-- 1 r4yan r4yan 451 Jul 31 14:56 'Sensitive Online Shopping Info.dorkscout'
-rw-r--r-- 1 r4yan r4yan 29938 Jul 31 14:56 'Various Online Devices.dorkscout'
-rw-r--r-- 1 r4yan r4yan 2802 Jul 31 14:56 'Vulnerable Files.dorkscout'
-rw-r--r-- 1 r4yan r4yan 4925 Jul 31 14:56 'Vulnerable Servers.dorkscout'
-rw-r--r-- 1 r4yan r4yan 8145 Jul 31 14:56 'Web Server Detection.dorkscout'

so that you don't have to install them then you can start scanning by doing :

docker run -v Dorkscout:/dorkscout r4yan/dorkscout scan <options>

replace the <options> with the options/arguments you want to give to dorkscout, example :

docker run -v dorkscout_data:/dorkscout r4yan/dorkscout scan -d="/dorkscout/Sensitive Online Shopping Info.dorkscout" -H="/dorkscout/a.html"

If you wanted to scan throught a proxy using a docker container you have to add the --net host optionexample :

docker run --net host -v dorkscout_data:/dorkscout r4yan/dorkscout scan -d="/dorkscout/Sensitive Online Shopping Info.dorkscout" -H="/dorkscout/a.html -x socks5://127.0.0.1:9050"

Always save your results inside the volume and not in the container because then the results will be deleted! you can save them by writing the same volume path of the directory you are saving the results

if you added this and did everything correctly at the end of every scan you'd find the results inside the folder /var/lib/docker/volumes/dorkscout_data/_data

this will work for every platform


Executable

you can also download the already compiled binaries here and then execute them


Usage
dorkscout -h
Usage:
dorkscout [command]

Available Commands:
completion generate the autocompletion script for the specified shell
delete deletes all the .dorkscout files inside a given directory
help Help about any command
install installs a list of dorks from exploit-db.com
scan scans a specific website or all the websites it founds for a list of dorks

Flags:
-h, --help help for dorkscout

Use "dorkscout [command] --help" for more information about a command.

to start scanning with a wordlist and a proxy that will then return the results in a HTML format

dorkscout scan -d="/dorkscout/Sensitive Online Shopping Info.dorkscout" -H="/dorkscout/a.html" -x socks5://127.0.0.1:9050

results :



Install wordlists

to start scanning you'll need some dork lists and to have these lists you can install them through the install command

dorkscout install --output-dir /dorks

and this will fetch all the available dorks from exploit.db

[+] ./Advisories and Vulnerabilities.dorkscout
[+] ./Vulnerable Files.dorkscout
[+] ./Files Containing Juicy Info.dorkscout
[+] ./Sensitive Online Shopping Info.dorkscout
[+] ./Files Containing Passwords.dorkscout
[+] ./Vulnerable Servers.dorkscout
[+] ./Various Online Devices.dorkscout
[+] ./Pages Containing Login Portals.dorkscout
[+] ./Footholds.dorkscout
[+] ./Error Messages.dorkscout
[+] ./Files Containing Usernames.dorkscout
[+] ./Network or Vulnerability Data.dorkscout
[+] ./.dorkscout
[+] ./Sensitive Directories.dorkscout
[+] ./Web Server Detection.dorkscout
2021/08/11 19:02:45 Installation finished in 2.007928 seconds on /dorks


  • There are no more articles
❌