From f36b6ac070d2c0493c0a2bf0869bc1cfe1ae9665 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Fri, 4 Apr 2014 22:11:37 -0400 Subject: [PATCH 01/31] Vulnerability Analysis / Database Assessment Complete --- tools/oscanner.md | 24 ++++ tools/osscanner.md | 24 ++++ tools/sidguess.md | 25 +++++ tools/sqldict.md | 20 ++++ tools/sqlmap.md | 248 ++++++++++++++++++++++++++++++++++++++++++ tools/sqlninja.md | 46 ++++++++ tools/sqlsus.md | 29 +++++ tools/tnscmd10g.md | 26 +++++ vulnanalysis/index.md | 18 +-- 9 files changed, 451 insertions(+), 9 deletions(-) create mode 100644 tools/oscanner.md create mode 100644 tools/osscanner.md create mode 100644 tools/sidguess.md create mode 100644 tools/sqldict.md create mode 100644 tools/sqlmap.md create mode 100644 tools/sqlninja.md create mode 100644 tools/sqlsus.md create mode 100644 tools/tnscmd10g.md diff --git a/tools/oscanner.md b/tools/oscanner.md new file mode 100644 index 0000000..2cebbf8 --- /dev/null +++ b/tools/oscanner.md @@ -0,0 +1,24 @@ +# OracleScanner + +Notes +------- + +Help Text +------- +``` + Oracle Scanner 1.0.6 by patrik@cqure.net + -------------------------------------- + OracleScanner -s -r [options] + -s + -f + -P + -v be verbose + +``` + +Example Usage +------- + +Links +------- + diff --git a/tools/osscanner.md b/tools/osscanner.md new file mode 100644 index 0000000..33a450f --- /dev/null +++ b/tools/osscanner.md @@ -0,0 +1,24 @@ +# oscanner - OracleScanner + +Notes +------- + +Help Text +------- +``` + Oracle Scanner 1.0.6 by patrik@cqure.net + -------------------------------------- + OracleScanner -s -r [options] + -s + -f + -P + -v be verbose + +``` + +Example Usage +------- + +Links +------- + diff --git a/tools/sidguess.md b/tools/sidguess.md new file mode 100644 index 0000000..76fcb02 --- /dev/null +++ b/tools/sidguess.md @@ -0,0 +1,25 @@ +# sidguess - SidGuesser + +Notes +------- + +Help Text +------- +``` +SIDGuesser v1.0.5 by patrik@cqure.net +------------------------------------- +sidguess -i -d [options] + +options: + -p Use specific port (default 1521) + -r Report to file + -m findfirst OR findall(default) + +``` + +Example Usage +------- + +Links +------- + diff --git a/tools/sqldict.md b/tools/sqldict.md new file mode 100644 index 0000000..71a1150 --- /dev/null +++ b/tools/sqldict.md @@ -0,0 +1,20 @@ +# sqldict + +Notes +------- +Compiler's note: need to add visual screen shots of this tool. + +Help Text +------- +``` +Usage instructions + +Download the exe file and run it. Specify the target server IP address, the target account name, and select a password list file to use for the dictionary attack. +``` + +Example Usage +------- + +Links +------- + diff --git a/tools/sqlmap.md b/tools/sqlmap.md new file mode 100644 index 0000000..e4671b1 --- /dev/null +++ b/tools/sqlmap.md @@ -0,0 +1,248 @@ +# sqlmap + +Notes +------- + +Help Text +------- +``` +Options: + -h, --help Show basic help message and exit + -hh Show advanced help message and exit + --version Show program's version number and exit + -v VERBOSE Verbosity level: 0-6 (default 1) + + Target: + At least one of these options has to be provided to set the target(s) + + -d DIRECT Direct connection to the database + -u URL, --url=URL Target URL (e.g. "www.target.com/vuln.php?id=1") + -l LOGFILE Parse targets from Burp or WebScarab proxy logs + -m BULKFILE Scan multiple targets enlisted in a given textual file + -r REQUESTFILE Load HTTP request from a file + -g GOOGLEDORK Process Google dork results as target URLs + -c CONFIGFILE Load options from a configuration INI file + + Request: + These options can be used to specify how to connect to the target URL + + --data=DATA Data string to be sent through POST + --param-del=PDEL Character used for splitting parameter values + --cookie=COOKIE HTTP Cookie header + --cookie-del=CDEL Character used for splitting cookie values + --load-cookies=L.. File containing cookies in Netscape/wget format + --drop-set-cookie Ignore Set-Cookie header from response + --user-agent=AGENT HTTP User-Agent header + --random-agent Use randomly selected HTTP User-Agent header + --host=HOST HTTP Host header + --referer=REFERER HTTP Referer header + --headers=HEADERS Extra headers (e.g. "Accept-Language: fr\nETag: 123") + --auth-type=AUTH.. HTTP authentication type (Basic, Digest, NTLM or PKI) + --auth-cred=AUTH.. HTTP authentication credentials (name:password) + --auth-private=A.. HTTP authentication PEM private key file + --proxy=PROXY Use a proxy to connect to the target URL + --proxy-cred=PRO.. Proxy authentication credentials (name:password) + --proxy-file=PRO.. Load proxy list from a file + --ignore-proxy Ignore system default proxy settings + --tor Use Tor anonymity network + --tor-port=TORPORT Set Tor proxy port other than default + --tor-type=TORTYPE Set Tor proxy type (HTTP (default), SOCKS4 or SOCKS5) + --check-tor Check to see if Tor is used properly + --delay=DELAY Delay in seconds between each HTTP request + --timeout=TIMEOUT Seconds to wait before timeout connection (default 30) + --retries=RETRIES Retries when the connection timeouts (default 3) + --randomize=RPARAM Randomly change value for given parameter(s) + --safe-url=SAFURL URL address to visit frequently during testing + --safe-freq=SAFREQ Test requests between two visits to a given safe URL + --skip-urlencode Skip URL encoding of payload data + --force-ssl Force usage of SSL/HTTPS + --hpp Use HTTP parameter pollution + --eval=EVALCODE Evaluate provided Python code before the request (e.g. + "import hashlib;id2=hashlib.md5(id).hexdigest()") + + Optimization: + These options can be used to optimize the performance of sqlmap + + -o Turn on all optimization switches + --predict-output Predict common queries output + --keep-alive Use persistent HTTP(s) connections + --null-connection Retrieve page length without actual HTTP response body + --threads=THREADS Max number of concurrent HTTP(s) requests (default 1) + + Injection: + These options can be used to specify which parameters to test for, + provide custom injection payloads and optional tampering scripts + + -p TESTPARAMETER Testable parameter(s) + --skip=SKIP Skip testing for given parameter(s) + --dbms=DBMS Force back-end DBMS to this value + --dbms-cred=DBMS.. DBMS authentication credentials (user:password) + --os=OS Force back-end DBMS operating system to this value + --invalid-bignum Use big numbers for invalidating values + --invalid-logical Use logical operations for invalidating values + --invalid-string Use random strings for invalidating values + --no-cast Turn off payload casting mechanism + --no-escape Turn off string escaping mechanism + --prefix=PREFIX Injection payload prefix string + --suffix=SUFFIX Injection payload suffix string + --tamper=TAMPER Use given script(s) for tampering injection data + + Detection: + These options can be used to customize the detection phase + + --level=LEVEL Level of tests to perform (1-5, default 1) + --risk=RISK Risk of tests to perform (0-3, default 1) + --string=STRING String to match when query is evaluated to True + --not-string=NOT.. String to match when query is evaluated to False + --regexp=REGEXP Regexp to match when query is evaluated to True + --code=CODE HTTP code to match when query is evaluated to True + --text-only Compare pages based only on the textual content + --titles Compare pages based only on their titles + + Techniques: + These options can be used to tweak testing of specific SQL injection + techniques + + --technique=TECH SQL injection techniques to use (default "BEUSTQ") + --time-sec=TIMESEC Seconds to delay the DBMS response (default 5) + --union-cols=UCOLS Range of columns to test for UNION query SQL injection + --union-char=UCHAR Character to use for bruteforcing number of columns + --union-from=UFROM Table to use in FROM part of UNION query SQL injection + --dns-domain=DNS.. Domain name used for DNS exfiltration attack + --second-order=S.. Resulting page URL searched for second-order response + + Fingerprint: + -f, --fingerprint Perform an extensive DBMS version fingerprint + + Enumeration: + These options can be used to enumerate the back-end database + management system information, structure and data contained in the + tables. Moreover you can run your own SQL statements + + -a, --all Retrieve everything + -b, --banner Retrieve DBMS banner + --current-user Retrieve DBMS current user + --current-db Retrieve DBMS current database + --hostname Retrieve DBMS server hostname + --is-dba Detect if the DBMS current user is DBA + --users Enumerate DBMS users + --passwords Enumerate DBMS users password hashes + --privileges Enumerate DBMS users privileges + --roles Enumerate DBMS users roles + --dbs Enumerate DBMS databases + --tables Enumerate DBMS database tables + --columns Enumerate DBMS database table columns + --schema Enumerate DBMS schema + --count Retrieve number of entries for table(s) + --dump Dump DBMS database table entries + --dump-all Dump all DBMS databases tables entries + --search Search column(s), table(s) and/or database name(s) + --comments Retrieve DBMS comments + -D DB DBMS database to enumerate + -T TBL DBMS database table(s) to enumerate + -C COL DBMS database table column(s) to enumerate + -X EXCLUDECOL DBMS database table column(s) to not enumerate + -U USER DBMS user to enumerate + --exclude-sysdbs Exclude DBMS system databases when enumerating tables + --where=DUMPWHERE Use WHERE condition while table dumping + --start=LIMITSTART First query output entry to retrieve + --stop=LIMITSTOP Last query output entry to retrieve + --first=FIRSTCHAR First query output word character to retrieve + --last=LASTCHAR Last query output word character to retrieve + --sql-query=QUERY SQL statement to be executed + --sql-shell Prompt for an interactive SQL shell + --sql-file=SQLFILE Execute SQL statements from given file(s) + + Brute force: + These options can be used to run brute force checks + + --common-tables Check existence of common tables + --common-columns Check existence of common columns + + User-defined function injection: + These options can be used to create custom user-defined functions + + --udf-inject Inject custom user-defined functions + --shared-lib=SHLIB Local path of the shared library + + File system access: + These options can be used to access the back-end database management + system underlying file system + + --file-read=RFILE Read a file from the back-end DBMS file system + --file-write=WFILE Write a local file on the back-end DBMS file system + --file-dest=DFILE Back-end DBMS absolute filepath to write to + + Operating system access: + These options can be used to access the back-end database management + system underlying operating system + + --os-cmd=OSCMD Execute an operating system command + --os-shell Prompt for an interactive operating system shell + --os-pwn Prompt for an OOB shell, meterpreter or VNC + --os-smbrelay One click prompt for an OOB shell, meterpreter or VNC + --os-bof Stored procedure buffer overflow exploitation + --priv-esc Database process user privilege escalation + --msf-path=MSFPATH Local path where Metasploit Framework is installed + --tmp-path=TMPPATH Remote absolute path of temporary files directory + + Windows registry access: + These options can be used to access the back-end database management + system Windows registry + + --reg-read Read a Windows registry key value + --reg-add Write a Windows registry key value data + --reg-del Delete a Windows registry key value + --reg-key=REGKEY Windows registry key + --reg-value=REGVAL Windows registry key value + --reg-data=REGDATA Windows registry key value data + --reg-type=REGTYPE Windows registry key value type + + General: + These options can be used to set some general working parameters + + -s SESSIONFILE Load session from a stored (.sqlite) file + -t TRAFFICFILE Log all HTTP traffic into a textual file + --batch Never ask for user input, use the default behaviour + --charset=CHARSET Force character encoding used for data retrieval + --crawl=CRAWLDEPTH Crawl the website starting from the target URL + --csv-del=CSVDEL Delimiting character used in CSV output (default ",") + --dump-format=DU.. Format of dumped data (CSV (default), HTML or SQLITE) + --eta Display for each output the estimated time of arrival + --flush-session Flush session files for current target + --forms Parse and test forms on target URL + --fresh-queries Ignore query results stored in session file + --hex Use DBMS hex function(s) for data retrieval + --output-dir=ODIR Custom output directory path + --parse-errors Parse and display DBMS error messages from responses + --pivot-column=P.. Pivot column name + --save Save options to a configuration INI file + --scope=SCOPE Regexp to filter targets from provided proxy log + --test-filter=TE.. Select tests by payloads and/or titles (e.g. ROW) + --update Update sqlmap + + Miscellaneous: + -z MNEMONICS Use short mnemonics (e.g. "flu,bat,ban,tec=EU") + --alert=ALERT Run host OS command(s) when SQL injection is found + --answers=ANSWERS Set question answers (e.g. "quit=N,follow=N") + --beep Make a beep sound when SQL injection is found + --check-waf Heuristically check for WAF/IPS/IDS protection + --cleanup Clean up the DBMS from sqlmap specific UDF and tables + --dependencies Check for missing (non-core) sqlmap dependencies + --disable-coloring Disable console output coloring + --gpage=GOOGLEPAGE Use Google dork results from specified page number + --identify-waf Make a through testing for a WAF/IPS/IDS protection + --mobile Imitate smartphone through HTTP User-Agent header + --page-rank Display page rank (PR) for Google dork results + --purge-output Safely remove all content from output directory + --smart Conduct through tests only if positive heuristic(s) + --wizard Simple wizard interface for beginner users + +``` + +Example Usage +------- + +Links +------- + diff --git a/tools/sqlninja.md b/tools/sqlninja.md new file mode 100644 index 0000000..1417870 --- /dev/null +++ b/tools/sqlninja.md @@ -0,0 +1,46 @@ +# sqlninja + +Notes +------- + +Help Text +------- +``` +Sqlninja rel. 0.2.6-r1 +Copyright (C) 2006-2011 icesurfer +Usage: /usr/bin/sqlninja + -m : Required. Available modes are: + t/test - test whether the injection is working + f/fingerprint - fingerprint user, xp_cmdshell and more + b/bruteforce - bruteforce sa account + e/escalation - add user to sysadmin server role + x/resurrectxp - try to recreate xp_cmdshell + u/upload - upload a .scr file + s/dirshell - start a direct shell + k/backscan - look for an open outbound port + r/revshell - start a reverse shell + d/dnstunnel - attempt a dns tunneled shell + i/icmpshell - start a reverse ICMP shell + c/sqlcmd - issue a 'blind' OS command + m/metasploit - wrapper to Metasploit stagers + -f : configuration file (default: sqlninja.conf) + -p : sa password + -w : wordlist to use in bruteforce mode (dictionary method + only) + -g : generate debug script and exit (only valid in upload mode) + -v : verbose output + -d : activate debug + 1 - print each injected command + 2 - print each raw HTTP request + 3 - print each raw HTTP response + all - all of the above + ...see sqlninja-howto.html for details + +``` + +Example Usage +------- + +Links +------- + diff --git a/tools/sqlsus.md b/tools/sqlsus.md new file mode 100644 index 0000000..b9577f1 --- /dev/null +++ b/tools/sqlsus.md @@ -0,0 +1,29 @@ +# sqlsus + +Notes +------- + +Help Text +------- +``` + sqlsus version 0.7.2 + + Copyright (c) 2008-2011 Jérémy Ruffet (sativouf) + +Usage: + sqlsus [options] [config file] + + Options: + -h, --help brief help message + -v, --version version information + -e, --execute execute commands and exit + -g, --genconf generate configuration file + +``` + +Example Usage +------- + +Links +------- + diff --git a/tools/tnscmd10g.md b/tools/tnscmd10g.md new file mode 100644 index 0000000..07343de --- /dev/null +++ b/tools/tnscmd10g.md @@ -0,0 +1,26 @@ +# tnscmd10g + +Notes +------- + +Help Text +------- +``` +usage: /usr/bin/tnscmd10g [command] -h hostname + where 'command' is something like ping, version, status, etc. + (default is ping) + [-p port] - alternate TCP port to use (default is 1521) + [--logfile logfile] - write raw packets to specified logfile + [--indent] - indent & outdent on parens + [--10G] - make it work against 10G + [--rawcmd command] - build your own CONNECT_DATA string + [--cmdsize bytes] - fake TNS command size (reveals packet leakage) + +``` + +Example Usage +------- + +Links +------- + diff --git a/vulnanalysis/index.md b/vulnanalysis/index.md index 618ace1..df664b8 100644 --- a/vulnanalysis/index.md +++ b/vulnanalysis/index.md @@ -18,15 +18,15 @@ Database Assessment * [mdb-export](../tools/mdb-export.md) * [mdb-hexdump](../tools/mdb-dump.md) * [mdb-parsecsv](../tools/mdb-parsecsv.md) - * [mdb-sql](../tools/mdb-sql) - * [mdb-tables](../tools/mdb-tables) - * [oscanner] - * [sidguesser] - * [sqldict] - * [sqlmap] - * [sqlninja] - * [sqlsus] - * [tnscmd10g] + * [mdb-sql](../tools/mdb-sql.md) + * [mdb-tables](../tools/mdb-tables.md) + * [oscanner](../tools/oscanner.md) + * [sidguesser](../tools/sidguess.md) + * [sqldict](../tools/sqldict.md) + * [sqlmap](../tools/sqlmap.md) + * [sqlninja](../tools/sqlninja.md) + * [sqlsus](../tools/sqlsus.md) + * [tnscmd10g](../tools/tnscmd10g.md) Fuzzing Tools ------------- From 254bc7ac33c3cdf6eb922873631ef64c564e6de1 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 5 Apr 2014 10:05:30 -0400 Subject: [PATCH 02/31] Adding Bed --- tools/bed.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 tools/bed.md diff --git a/tools/bed.md b/tools/bed.md new file mode 100644 index 0000000..36e92cc --- /dev/null +++ b/tools/bed.md @@ -0,0 +1,31 @@ +# bed + +Notes +------- + +Help Text +------- +``` + BED 0.5 by mjm ( www.codito.de ) & eric ( www.snake-basket.de ) + + + Usage: + + ./bed.pl -s -t -p -o [ depends on the plugin ] + + = FTP/SMTP/POP/HTTP/IRC/IMAP/PJL/LPD/FINGER/SOCKS4/SOCKS5 + = Host to check (default: localhost) + = Port to connect to (default: standard port) + = seconds to wait after each test (default: 2 seconds) + use "./bed.pl -s " to obtain the parameters you need for the plugin. + + Only -s is a mandatory switch. + +``` + +Example Usage +------- + +Links +------- + From 30659fed4b53b1845aaf8e85892fc331bab968cd Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 5 Apr 2014 10:05:42 -0400 Subject: [PATCH 03/31] Adding Fuzz Ip6 --- tools/fuzz_ip6.md | 49 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 tools/fuzz_ip6.md diff --git a/tools/fuzz_ip6.md b/tools/fuzz_ip6.md new file mode 100644 index 0000000..f8dd7b9 --- /dev/null +++ b/tools/fuzz_ip6.md @@ -0,0 +1,49 @@ +# fuzz_ip6 + +Notes +------- + +Help Text +------- +``` +fuzz_ip6 v2.3 (c) 2013 by van Hauser / THC www.thc.org + +Syntax: fuzz_ip6 [-x] [-t number | -T number] [-p number] [-IFSDHRJ] [-X|-1|-2|-3|-4|-5|-6|-7|-8|-9|-0 port] interface unicast-or-multicast-address [address-in-data-pkt] + +Fuzzes an icmp6 packet +Options: + -X do not add any ICMP/TCP header (tranport laye) + -1 fuzz ICMP6 echo request (default) + -2 fuzz ICMP6 neighbor solicitation + -3 fuzz ICMP6 neighbor advertisement + -4 fuzz ICMP6 router advertisement + -5 fuzz multicast listener report packet + -6 fuzz multicast listener done packet + -7 fuzz multicast listener query packet + -8 fuzz multicast listener v2 report packet + -9 fuzz multicast listener v2 query packet + -0 fuzz node query packet + -s port fuzz TCP-SYN packet against port + -x tries all 256 values for flag and byte types + -t number continue from test no. number + -T number only performs test no. number + -p number perform an alive check every number of tests (default: none) + -a do not perform initial and final alive test + -n number how many times to send each packet (default: 1) + -I fuzz the IP header too + -F add one-shot fragmentation, and fuzz it too (for 1) + -S add source-routing, and fuzz it too (for 1) + -D add destination header, and fuzz it too (for 1) + -H add hop-by-hop header, and fuzz it too (for 1 and 5-9) + -R add router alert header, and fuzz it too (for 5-9 and all) + -J add jumbo packet header, and fuzz it too (for 1) +You can only define one of -0 ... -9 and -s, defaults to -1. +Returns -1 on error, 0 on tests done and targt alive or 1 on target crash. +``` + +Example Usage +------- + +Links +------- + From 482f6d41e748fbb1bd62356434694af2e3e5a822 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 5 Apr 2014 10:05:53 -0400 Subject: [PATCH 04/31] Starting Fuzzing tools --- vulnanalysis/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vulnanalysis/index.md b/vulnanalysis/index.md index df664b8..d5dc001 100644 --- a/vulnanalysis/index.md +++ b/vulnanalysis/index.md @@ -31,8 +31,8 @@ Database Assessment Fuzzing Tools ------------- - * [bed] - * [fuzz_ip6] + * [bed](../tools/bed.md) + * [fuzz_ip6](../tools/fuzz_ip6.md) * [ohrwurm] * [powerfuzzer] * [sfuzz] From 21c0b5d58ad8c3e1d429243642c35a0375a68e4a Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 5 Apr 2014 10:09:35 -0400 Subject: [PATCH 05/31] Adding ohrwurm --- tools/ohrwurm.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 tools/ohrwurm.md diff --git a/tools/ohrwurm.md b/tools/ohrwurm.md new file mode 100644 index 0000000..c3ad338 --- /dev/null +++ b/tools/ohrwurm.md @@ -0,0 +1,31 @@ +# ohrwurm + +Notes +------- + +Help Text +------- +``` +ohrwurm-0.1 +enabled kernel routing. + +usage: ohrwurm -a -b [-s ] [-e ] [-i ] [-A -B ] + + -a SIP phone A + -b SIP phone B + -s randomseed (default: read from /dev/urandom) + -e bit error ratio in % (default: 1.230000) + -i network interface (default: eth0) + -t suppress RTCP packets (default: dont suppress) + -A of RTP port on IP a (requires -B) + -B of RTP port on IP b (requires -A) + note: using -A and -B skips SIP sniffing, any RTP can be fuzzed + +``` + +Example Usage +------- + +Links +------- + From ea1018762f3580c88dd3e21fbd64c4ae5c3ece33 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 5 Apr 2014 10:25:20 -0400 Subject: [PATCH 06/31] Starting Spike Tools --- tools/generic_chunked.md | 20 ++++++++++++++++++++ tools/generic_listen_tcp.md | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 tools/generic_chunked.md create mode 100644 tools/generic_listen_tcp.md diff --git a/tools/generic_chunked.md b/tools/generic_chunked.md new file mode 100644 index 0000000..15122ae --- /dev/null +++ b/tools/generic_chunked.md @@ -0,0 +1,20 @@ +# generic_chunked - spike-generic_chunked + +Notes +------- + +Help Text +------- +``` +Usage: ./generic_web_server_fuzz target port file.spk skipvariables skipfuzzstring +Example: ./gwsf exchange1 80 owa1.spk 0 0 +http://www.immunitysec.com/spike.html + +``` + +Example Usage +------- + +Links +------- + diff --git a/tools/generic_listen_tcp.md b/tools/generic_listen_tcp.md new file mode 100644 index 0000000..f82725d --- /dev/null +++ b/tools/generic_listen_tcp.md @@ -0,0 +1,20 @@ +# generic_listen_tcp - spike-generic_listen_tcp + +Notes +------- + +Help Text +------- +``` +argc=1 +Usage: ./generic_listen_tcp port spike_script +./generic_listen_tcp 70 gopherd.spk + +``` + +Example Usage +------- + +Links +------- + From bf4134303097b8deedfd9b2cb5635d1b3736f917 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 5 Apr 2014 10:25:30 -0400 Subject: [PATCH 07/31] Adding sfuzz --- tools/sfuzz.md | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 tools/sfuzz.md diff --git a/tools/sfuzz.md b/tools/sfuzz.md new file mode 100644 index 0000000..c90c1e4 --- /dev/null +++ b/tools/sfuzz.md @@ -0,0 +1,46 @@ +# sfuzz - Simple Fuzzer + +Notes +------- + +Help Text +------- +``` + Simple Fuzzer +By: Aaron Conole +version: 0.7.0 +url: http://aconole.brad-x.com/programs/sfuzz.html +EMAIL: apconole@yahoo.com +Build-prefix: /usr + -h This message. + -V Version information. + +networking / output: + -v Verbose output + -q Silent output mode (generally for CLI fuzzing) + -X prints the output in hex + + -b Begin fuzzing at the test specified. + -e End testing on failure. + -t Wait time for reading the socket + -S Remote host + -p Port + -T|-U|-O TCP|UDP|Output mode + -R Refrain from closing connections (ie: "leak" them) + + -f Config File + -L Log file + -n Create a new logfile after each fuzz + -r Trim the tailing newline + -D Define a symbol and value (X=y). + -l Only perform literal fuzzing + -s Only perform sequence fuzzing + +``` + +Example Usage +------- + +Links +------- + From f070e154f21511d28222d1b990349d01afe4d82a Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 5 Apr 2014 10:25:39 -0400 Subject: [PATCH 08/31] Adding SIP Army Knife --- tools/siparmyknife.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 tools/siparmyknife.md diff --git a/tools/siparmyknife.md b/tools/siparmyknife.md new file mode 100644 index 0000000..764d128 --- /dev/null +++ b/tools/siparmyknife.md @@ -0,0 +1,19 @@ +# siparmyknife - SIP Army Knife + +Notes +------- +SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows, and more. + + +Help Text +------- +``` +-h, Enter host +``` + +Example Usage +------- + +Links +------- + From 05cb09b5ea9b2440b61abab9bb720909672727c5 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 5 Apr 2014 10:25:56 -0400 Subject: [PATCH 09/31] Adding powerfuzzer --- tools/powerfuzzer.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 tools/powerfuzzer.md diff --git a/tools/powerfuzzer.md b/tools/powerfuzzer.md new file mode 100644 index 0000000..4f14281 --- /dev/null +++ b/tools/powerfuzzer.md @@ -0,0 +1,29 @@ +# powerfuzzer + +Notes +------- +Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working. + +Don't have a clue what a Fuzzer/Fuzz testing is ? Not a problem, read on [here](http://en.wikipedia.org/wiki/Fuzz_testing) + +Currently, it is capable of identifying these problems: +- Cross Site Scripting (XSS) +- Injections (SQL, LDAP, code, commands, and XPATH) +- CRLF +- HTTP 500 statuses (usually indicative of a possible misconfiguration/security flaw incl. buffer overflow) + +Designed and coded to be modular and extendable. Adding new checks should simply entail adding new methods. + + +Help Text +------- +``` +Text output goes here +``` + +Example Usage +------- + +Links +------- +http://www.powerfuzzer.com/ From 1457898f6aff64c28f76bcac8e6e705834fdc100 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 5 Apr 2014 10:26:07 -0400 Subject: [PATCH 10/31] Almost done with fuzzers --- vulnanalysis/index.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/vulnanalysis/index.md b/vulnanalysis/index.md index d5dc001..42d7638 100644 --- a/vulnanalysis/index.md +++ b/vulnanalysis/index.md @@ -33,12 +33,12 @@ Fuzzing Tools * [bed](../tools/bed.md) * [fuzz_ip6](../tools/fuzz_ip6.md) - * [ohrwurm] - * [powerfuzzer] - * [sfuzz] - * [siparmyknife] - * [spike-generic_chunked] - * [spike-generic_listen_tcp] + * [ohrwurm](../tools/ohrwurm.md) + * [powerfuzzer](../tools/powerfuzzer.md) + * [sfuzz](../tools/sfuzz.md) + * [siparmyknife](../tools/siparmyknife.md) + * [spike-generic_chunked](../tools/generic_chunked.md) + * [spike-generic_listen_tcp](../tools/generic_listen_tcp.md) * [spike-generic_send_tcp] * [spike-generic_send_udp] From dc7c36629a48794331da0c114ce8b91fd1035d53 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 5 Apr 2014 10:57:12 -0400 Subject: [PATCH 11/31] Spike-generic_send_tcp --- tools/generic_send_tcp.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 tools/generic_send_tcp.md diff --git a/tools/generic_send_tcp.md b/tools/generic_send_tcp.md new file mode 100644 index 0000000..2269fca --- /dev/null +++ b/tools/generic_send_tcp.md @@ -0,0 +1,20 @@ +# generic_send_tcp - spike-generic_send_tcp + +Notes +------- + +Help Text +------- +``` +argc=1 +Usage: ./generic_send_tcp host port spike_script SKIPVAR SKIPSTR +./generic_send_tcp 192.168.1.100 701 something.spk 0 0 + +``` + +Example Usage +------- + +Links +------- + From 540e4ce4cebda4fb18be9f18a3132889208f7481 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 5 Apr 2014 10:57:27 -0400 Subject: [PATCH 12/31] spike-generic_send_upd --- tools/generic_send_udp.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 tools/generic_send_udp.md diff --git a/tools/generic_send_udp.md b/tools/generic_send_udp.md new file mode 100644 index 0000000..80b05e2 --- /dev/null +++ b/tools/generic_send_udp.md @@ -0,0 +1,19 @@ +# generic_send_udp spike-generic_send_udp + +Notes +------- + +Help Text +------- +``` +argc=1 +Usage: ./gsu target port file.spk startvariable startfuzzstring startvariable startstring totaltosend +./gsu 192.168.1.104 80 file.spk 0 0 5000 +``` + +Example Usage +------- + +Links +------- + From 51fae90646ccd4afc9e561e6014099a8435a0fc4 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sat, 5 Apr 2014 10:58:02 -0400 Subject: [PATCH 13/31] Fuzzing Tools Complete completed adding tools and links for fuzzing tools --- vulnanalysis/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vulnanalysis/index.md b/vulnanalysis/index.md index 42d7638..cfe1873 100644 --- a/vulnanalysis/index.md +++ b/vulnanalysis/index.md @@ -39,8 +39,8 @@ Fuzzing Tools * [siparmyknife](../tools/siparmyknife.md) * [spike-generic_chunked](../tools/generic_chunked.md) * [spike-generic_listen_tcp](../tools/generic_listen_tcp.md) - * [spike-generic_send_tcp] - * [spike-generic_send_udp] + * [spike-generic_send_tcp](../tools/generic_send_tcp.md) + * [spike-generic_send_udp](../tools/generic_send_udp.md) Misc Scanners ------------- From cc3c019a84406087b2ec0b8b2f3146e9e5c7166a Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:15:54 -0400 Subject: [PATCH 14/31] Finished Vulnerability Analysis / Misc. Scanners --- vulnanalysis/index.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/vulnanalysis/index.md b/vulnanalysis/index.md index cfe1873..3b248d4 100644 --- a/vulnanalysis/index.md +++ b/vulnanalysis/index.md @@ -45,12 +45,11 @@ Fuzzing Tools Misc Scanners ------------- - * [golismero] - * [lynis] - * [nikto] + * [golismero](../tools/golismero.py.md) + * [lynis](../tools/lynis.md) + * [nikto](../tools/nikto.md) * [nmap](../tools/nmap.md) - * [unix-privesc-check] - * [zenmap](../tools/zenmap.md) + * [unix-privesc-check](../tools/unix-privesc-check.md) Open Source Assessment ---------------------- From 5ae4f1b48b4a6d49142a5ce65332d8d488980e8b Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:16:10 -0400 Subject: [PATCH 15/31] Added golismero --- tools/golismero.py.md | 81 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 tools/golismero.py.md diff --git a/tools/golismero.py.md b/tools/golismero.py.md new file mode 100644 index 0000000..a2e014f --- /dev/null +++ b/tools/golismero.py.md @@ -0,0 +1,81 @@ +# golismero.py + +Notes +------- + +Help Text +------- +``` +/----------------------------------------------\ +| GoLismero 2.0.0b3 - The Web Knife | +| Contact: golismero.project<@>gmail.com | +| | +| Daniel Garcia Garcia a.k.a cr0hn (@ggdaniel) | +| Mario Vilas (@Mario_Vilas) | +\----------------------------------------------/ + +usage: golismero.py COMMAND [TARGETS...] [--options] + + SCAN: + Perform a vulnerability scan on the given targets. Optionally import + results from other tools and write a report. The arguments that follow may + be domain names, IP addresses or web pages. + + PROFILES: + Show a list of available config profiles. This command takes no arguments. + + PLUGINS: + Show a list of available plugins. This command takes no arguments. + + INFO: + Show detailed information on a given plugin. The arguments that follow are + the plugin IDs. You can use glob-style wildcards. + + REPORT: + Write a report from an earlier scan. This command takes no arguments. + To specify output files use the -o switch. + + IMPORT: + Import results from other tools and optionally write a report, but don't + scan the targets. This command takes no arguments. To specify input files + use the -i switch. + + DUMP: + Dump the database from an earlier scan in SQL format. This command takes no + arguments. To specify output files use the -o switch. + + UPDATE: + Update GoLismero to the latest version. Requires Git to be installed and + available in the PATH. This command takes no arguments. + +examples: + + scan a website and show the results on screen: + golismero.py scan http://www.example.com + + grab Nmap results, scan all hosts found and write an HTML report: + golismero.py scan -i nmap_output.xml -o report.html + + grab results from OpenVAS and show them on screen, but don't scan anything: + golismero.py import -i openvas_output.xml + + show a list of all available configuration profiles: + golismero.py profiles + + show a list of all available plugins: + golismero.py plugins + + show information on all bruteforcer plugins: + golismero.py info brute_* + + dump the database from a previous scan: + golismero.py dump -db example.db -o dump.sql + +``` + +Example Usage +------- + +Links +------- + From 11cd98b4acaed6190968acbed8f7b4ea52f94ce2 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:16:18 -0400 Subject: [PATCH 16/31] Added lynis --- tools/lynis.md | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 tools/lynis.md diff --git a/tools/lynis.md b/tools/lynis.md new file mode 100644 index 0000000..8645034 --- /dev/null +++ b/tools/lynis.md @@ -0,0 +1,52 @@ +# lynis + +Notes +------- + +Help Text +------- +``` +[ Lynis 1.4.1 ] + +################################################################################ + Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are + welcome to redistribute it under the terms of the GNU General Public License. + See the LICENSE file for details about using this software. + + Copyright 2007-2014 - Michael Boelen, http://cisofy.com + Enterprise support and plugins available via CISOfy - http://cisofy.com +################################################################################ + +[+] Initializing program +------------------------------------ + Scan options: + --auditor "" : Auditor name + --check-all (-c) : Check system + --no-log : Don't create a log file + --profile : Scan the system with the given profile file + --quick (-Q) : Quick mode, don't wait for user input + --tests "" : Run only tests defined by + --tests-category "" : Run only tests defined by + + Layout options: + --no-colors : Don't use colors in output + --quiet (-q) : No output, except warnings + --reverse-colors : Optimize color display for light backgrounds + + Misc options: + --check-update : Check for updates + --view-manpage (--man) : View man page + --version (-V) : Display version number and quit + + See man page and documentation for all available options. + +Exiting.. + +``` + +Example Usage +------- + +Links +------- + From 67682c60ad79197dae479f3434bbf79e0c1155e5 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:16:25 -0400 Subject: [PATCH 17/31] Added nikto --- tools/nikto.md | 109 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 tools/nikto.md diff --git a/tools/nikto.md b/tools/nikto.md new file mode 100644 index 0000000..2a08a6a --- /dev/null +++ b/tools/nikto.md @@ -0,0 +1,109 @@ +# nikto + +Notes +------- + +Help Text +------- +``` + Options: + -ask+ Whether to ask about submitting updates + yes Ask about each (default) + no Don't ask, don't send + auto Don't ask, just send + -Cgidirs+ Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/" + -config+ Use this config file + -Display+ Turn on/off display outputs: + 1 Show redirects + 2 Show cookies received + 3 Show all 200/OK responses + 4 Show URLs which require authentication + D Debug output + E Display all HTTP errors + P Print progress to STDOUT + S Scrub output of IPs and hostnames + V Verbose output + -dbcheck Check database and other key files for syntax errors + -evasion+ Encoding technique: + 1 Random URI encoding (non-UTF8) + 2 Directory self-reference (/./) + 3 Premature URL ending + 4 Prepend long random string + 5 Fake parameter + 6 TAB as request spacer + 7 Change the case of the URL + 8 Use Windows directory separator (\) + A Use a carriage return (0x0d) as a request spacer + B Use binary value 0x0b as a request spacer + -Format+ Save file (-o) format: + csv Comma-separated-value + htm HTML Format + nbe Nessus NBE format + sql Generic SQL (see docs for schema) + txt Plain text + xml XML Format + (if not specified the format will be taken from the file extension passed to -output) + -Help Extended help information + -host+ Target host + -IgnoreCode Ignore Codes--treat as negative responses + -id+ Host authentication to use, format is id:pass or id:pass:realm + -key+ Client certificate key file + -list-plugins List all available plugins, perform no testing + -maxtime+ Maximum testing time per host + -mutate+ Guess additional file names: + 1 Test all files with all root directories + 2 Guess for password file names + 3 Enumerate user names via Apache (/~user type requests) + 4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests) + 5 Attempt to brute force sub-domain names, assume that the host name is the parent domain + 6 Attempt to guess directory names from the supplied dictionary file + -mutate-options Provide information for mutates + -nointeractive Disables interactive features + -nolookup Disables DNS lookups + -nossl Disables the use of SSL + -no404 Disables nikto attempting to guess a 404 page + -Option Over-ride an option in nikto.conf, can be issued multiple times + -output+ Write output to this file ('.' for auto-name) + -Pause+ Pause between tests (seconds, integer or float) + -Plugins+ List of plugins to run (default: ALL) + -port+ Port to use (default 80) + -RSAcert+ Client certificate file + -root+ Prepend root value to all requests, format is /directory + -Save Save positive responses to this directory ('.' for auto-name) + -ssl Force ssl mode on port + -Tuning+ Scan tuning: + 1 Interesting File / Seen in logs + 2 Misconfiguration / Default File + 3 Information Disclosure + 4 Injection (XSS/Script/HTML) + 5 Remote File Retrieval - Inside Web Root + 6 Denial of Service + 7 Remote File Retrieval - Server Wide + 8 Command Execution / Remote Shell + 9 SQL Injection + 0 File Upload + a Authentication Bypass + b Software Identification + b Administration Console + c Remote Source Inclusion + x Reverse Tuning Options (i.e., include all except specified) + -timeout+ Timeout for requests (default 10 seconds) + -Userdbs Load only user databases, not the standard databases + all Disable standard dbs and load only user dbs + tests Disable only db_tests and load udb_tests + -useragent Over-rides the default useragent + -until Run until the specified time or duration + -update Update databases and plugins from CIRT.net + -useproxy Use the proxy defined in nikto.conf + -Version Print plugin and database versions + -vhost+ Virtual host (for Host header) + + requires a value + +``` + +Example Usage +------- + +Links +------- + From b56a0eb3294f3e693d7ba2a34d6d3d15915e137a Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:16:42 -0400 Subject: [PATCH 18/31] Added unix-privesc-check --- tools/unix-privesc-check.md | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 tools/unix-privesc-check.md diff --git a/tools/unix-privesc-check.md b/tools/unix-privesc-check.md new file mode 100644 index 0000000..75c32cf --- /dev/null +++ b/tools/unix-privesc-check.md @@ -0,0 +1,38 @@ +# unix-privesc-check + +Notes +------- + +Help Text +------- +``` +unix-privesc-check v1.4 ( http://pentestmonkey.net/tools/unix-privesc-check ) + +Usage: unix-privesc-check { standard | detailed } + +"standard" mode: Speed-optimised check of lots of security settings. + +"detailed" mode: Same as standard mode, but also checks perms of open file + handles and called files (e.g. parsed from shell scripts, + linked .so files). This mode is slow and prone to false + positives but might help you find more subtle flaws in 3rd + party programs. + +This script checks file permissions and other settings that could allow +local users to escalate privileges. + +Use of this script is only permitted on systems which you have been granted +legal permission to perform a security assessment of. Apart from this +condition the GPL v2 applies. + +Search the output for the word 'WARNING'. If you don't see it then this +script didn't find any problems. + +``` + +Example Usage +------- + +Links +------- + From f42ce0f1ced8600a6c3d4f97d8b643eeee0228b6 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:20:48 -0400 Subject: [PATCH 19/31] Completed Open Source Assessment --- vulnanalysis/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vulnanalysis/index.md b/vulnanalysis/index.md index 3b248d4..ea8e5cb 100644 --- a/vulnanalysis/index.md +++ b/vulnanalysis/index.md @@ -54,8 +54,8 @@ Misc Scanners Open Source Assessment ---------------------- - * [casefile] - * [maltego] + * [casefile](../tools/casefile.md) + * [maltego](../toools/maltego.md) OpenVAS ------- From 955832442afededaed8685589edda8d71c55e76a Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:50:34 -0400 Subject: [PATCH 20/31] Menu: Vulnerability Analysis Complete --- vulnanalysis/index.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/vulnanalysis/index.md b/vulnanalysis/index.md index ea8e5cb..845e09e 100644 --- a/vulnanalysis/index.md +++ b/vulnanalysis/index.md @@ -60,9 +60,9 @@ Open Source Assessment OpenVAS ------- - * [openvas check setup] - * [openvas feedupdate] - * [openvas-gsd] - * [openvas initial setup] - * [openvas start] - * [openvas stop] + * [openvas check setup](../tools/openvas-check-setup.md) + * [openvas feed update](../tools/openvas-feed-update.md) + * [openvas-gsd](../tools/gsd.md) + * [openvas initial setup](../tools/openvas-setup.md) + * [openvas start](../tools/openvas-start.md) + * [openvas stop](../tools/openvas-stop.md) From 73dbff8ad22e7cd7fb58a86197c7bc132c374bcc Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:50:44 -0400 Subject: [PATCH 21/31] Greenbone Security Desktop --- tools/gsd.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 tools/gsd.md diff --git a/tools/gsd.md b/tools/gsd.md new file mode 100644 index 0000000..7f5c6ad --- /dev/null +++ b/tools/gsd.md @@ -0,0 +1,25 @@ +# gsd - Greenbone Security Desktop + +Notes +------- +The Greenbone Security Desktop (GSD) integrates vulnerability management into the desktop user interface. Parallel access via web browser is still possible, but not mandatory. + +Compared to the web interface GSD offers a faster processing as well as a seamless integration into the desktop environment. Nonetheless all data remain on the Greenbone Security Manager and are only downloaded on request. Therefore concurrent access from different GSD installations provides consistent data status. + +GSD runs on various Windows, MacOSX and GNU/Linux operating systems. For installation packages please contact our support team. + +Attention: The support for Greenbone Security Desktop is phased out, Greenbone OS from version 3.0 will not be supported anymore. + +Help Text +------- +``` +Text output goes here +``` + +Example Usage +------- + +Links +------- + +http://www.greenbone.net/technology/gsd.html \ No newline at end of file From 025678b543d4cd859fadb01656a848cf5be1e481 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:51:03 -0400 Subject: [PATCH 22/31] OpenVAS Check Setup Phoned this one in, need to review --- tools/openvas-check-setup.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 tools/openvas-check-setup.md diff --git a/tools/openvas-check-setup.md b/tools/openvas-check-setup.md new file mode 100644 index 0000000..9bd16b2 --- /dev/null +++ b/tools/openvas-check-setup.md @@ -0,0 +1,30 @@ +# openvas-check-setup + +Notes +------- + +Help Text +------- +``` +openvas-check-setup 2.2.3 + Test completeness and readiness of OpenVAS-6 + (add '--v4', '--v5' or '--v7' + if you want to check for another OpenVAS version) + + Please report us any non-detected problems and + help us to improve this check routine: + http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss + + Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. + + Use the parameter --server to skip checks for client tools + like GSD and OpenVAS-CLI. + +``` + +Example Usage +------- + +Links +------- + From 72eb1dea7641e64a66bf6291e7974fd3b3650850 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:51:21 -0400 Subject: [PATCH 23/31] OpenVAS Feed Update phoned this one in, need to review --- tools/openvas-feed-update.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 tools/openvas-feed-update.md diff --git a/tools/openvas-feed-update.md b/tools/openvas-feed-update.md new file mode 100644 index 0000000..55e47a3 --- /dev/null +++ b/tools/openvas-feed-update.md @@ -0,0 +1,27 @@ +# openvas-feed-update + +Notes +------- + +Help Text +------- +``` +Updating OpenVas Feeds +[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'. +[i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'. +[i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed.html'. +[i] NVT dir: /var/lib/openvas/plugins +[i] Will use rsync +[i] Using rsync: /usr/bin/rsync +[i] Configured NVT rsync feed: rsync://feed.openvas.org:/nvt-feed +[w] Private directory '/var/lib/openvas/plugins/private' not found. +[w] Non-feed NVTs not migrated there will be deleted by rsync. + +``` + +Example Usage +------- + +Links +------- + From 81cd235ce0fa3db2126ffac86f87787870541c82 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:51:43 -0400 Subject: [PATCH 24/31] OpenVAS Setup Phoned this one in; need to review --- tools/openvas-setup.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 tools/openvas-setup.md diff --git a/tools/openvas-setup.md b/tools/openvas-setup.md new file mode 100644 index 0000000..2be7592 --- /dev/null +++ b/tools/openvas-setup.md @@ -0,0 +1,25 @@ +# openvas-setup + +Notes +------- + +Help Text +------- +``` +[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'. +[i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'. +[i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed.html'. +[i] NVT dir: /var/lib/openvas/plugins +[i] Will use rsync +[i] Using rsync: /usr/bin/rsync +[i] Configured NVT rsync feed: rsync://feed.openvas.org:/nvt-feed +[w] Private directory '/var/lib/openvas/plugins/private' not found. +[w] Non-feed NVTs not migrated there will be deleted by rsync. +``` + +Example Usage +------- + +Links +------- + From 50beffb7d0bcfa5c6a3df713e874199e9e1a9b24 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:51:59 -0400 Subject: [PATCH 25/31] OpenVAS Start Phoned this one in; need to review --- tools/openvas-start.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 tools/openvas-start.md diff --git a/tools/openvas-start.md b/tools/openvas-start.md new file mode 100644 index 0000000..35bd677 --- /dev/null +++ b/tools/openvas-start.md @@ -0,0 +1,18 @@ +# openvas-start + +Notes +------- +Start Script for openvas + +Help Text +------- +``` +Text output goes here +``` + +Example Usage +------- + +Links +------- + From 7eccf43a760789cb087f79a45b50af36fe490a8e Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 09:52:15 -0400 Subject: [PATCH 26/31] OpenVAS Stop Phoned this one in; need to review. --- tools/openvas-stop.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 tools/openvas-stop.md diff --git a/tools/openvas-stop.md b/tools/openvas-stop.md new file mode 100644 index 0000000..79c3a6a --- /dev/null +++ b/tools/openvas-stop.md @@ -0,0 +1,18 @@ +# openvas-stop + +Notes +------- +Stop script for openvas + +Help Text +------- +``` +Text output goes here +``` + +Example Usage +------- + +Links +------- + From 675502f7bd8793fdc8ab0f729ab95eeab1b5a37e Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 20:02:26 -0400 Subject: [PATCH 27/31] Rename golismero.py.md to golismero.md removing .py --- tools/{golismero.py.md => golismero.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tools/{golismero.py.md => golismero.md} (100%) diff --git a/tools/golismero.py.md b/tools/golismero.md similarity index 100% rename from tools/golismero.py.md rename to tools/golismero.md From de3a3757bab35fe5d8a004f4da4ad7457e29b4c6 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 20:04:50 -0400 Subject: [PATCH 28/31] Update gsd.md --- tools/gsd.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/gsd.md b/tools/gsd.md index 7f5c6ad..334bffd 100644 --- a/tools/gsd.md +++ b/tools/gsd.md @@ -13,7 +13,7 @@ Attention: The support for Greenbone Security Desktop is phased out, Greenbone O Help Text ------- ``` -Text output goes here +This is a GUI tool ``` Example Usage @@ -22,4 +22,4 @@ Example Usage Links ------- -http://www.greenbone.net/technology/gsd.html \ No newline at end of file +http://www.greenbone.net/technology/gsd.html From 300fa2f1803ae3a3508c4e96c1507c4c05a335f3 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 20:08:01 -0400 Subject: [PATCH 29/31] Duplicated file Fat fingered the filename --- tools/osscanner.md | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 tools/osscanner.md diff --git a/tools/osscanner.md b/tools/osscanner.md deleted file mode 100644 index 33a450f..0000000 --- a/tools/osscanner.md +++ /dev/null @@ -1,24 +0,0 @@ -# oscanner - OracleScanner - -Notes -------- - -Help Text -------- -``` - Oracle Scanner 1.0.6 by patrik@cqure.net - -------------------------------------- - OracleScanner -s -r [options] - -s - -f - -P - -v be verbose - -``` - -Example Usage -------- - -Links -------- - From 4f23a8513af3078e03f7eea47130895507a683db Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 20:10:23 -0400 Subject: [PATCH 30/31] Update powerfuzzer.md --- tools/powerfuzzer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/powerfuzzer.md b/tools/powerfuzzer.md index 4f14281..6cb4d53 100644 --- a/tools/powerfuzzer.md +++ b/tools/powerfuzzer.md @@ -18,7 +18,7 @@ Designed and coded to be modular and extendable. Adding new checks should simply Help Text ------- ``` -Text output goes here +GUI Tool ``` Example Usage From 8f0a5c5018a5c6fa9ea22347a75a9817adb4e431 Mon Sep 17 00:00:00 2001 From: Will Pennell Date: Sun, 6 Apr 2014 20:12:53 -0400 Subject: [PATCH 31/31] Changed golismero.py to golismero --- vulnanalysis/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnanalysis/index.md b/vulnanalysis/index.md index 845e09e..4feddec 100644 --- a/vulnanalysis/index.md +++ b/vulnanalysis/index.md @@ -45,7 +45,7 @@ Fuzzing Tools Misc Scanners ------------- - * [golismero](../tools/golismero.py.md) + * [golismero](../tools/golismero.md) * [lynis](../tools/lynis.md) * [nikto](../tools/nikto.md) * [nmap](../tools/nmap.md)