diff --git a/CHaS.pl b/CHaS.pl new file mode 100755 index 0000000..64d49e5 --- /dev/null +++ b/CHaS.pl @@ -0,0 +1,87 @@ +#!/usr/bin/perl +# By NaN +# +# Requirements: +# aha https://github.com/masukomi/aha +# sslscan https://github.com/rbsec/sslscan +# testssl https://github.com/drwetter/testssl.sh +# securityheaders https://github.com/juerkkil/securityheaders + +use strict; +use warnings; + + +my $sslscan = "sslscan"; # command or path to sslscan +my $testssl = "/opt/testssl.sh/testssl.sh"; # command or path to testssl.sh +my $headers = "/opt/securityheaders/securityheaders.py"; # securityheaders +my $aha = "aha"; # command or path to aha +my $browser = "thunar"; # your file browser - remove to disable + +if($#ARGV < 1){ + print "Check Headers and SSL v0.1\n"; + print "Usage: ./CHaS.pl \n"; + exit(-1); +}else{ + + my $dir = $ARGV[0]; + my $url = $ARGV[1]; + my @children_pids; + + if($url =~ /^(?:(?:https?|s))/i){}else{ + die "[!] Not a valid URL!\n"; + } + + print "[i] Directory: $dir \n"; + print "[i] URL: $url \n"; + + print "[+] Creating Directory\n"; + unless(mkdir($dir, 0755)) { + die "[!] Unable to create!\n"; + } + + my $pid = fork(); + if( $pid == 0 ){ + push @children_pids, $pid; + print "[+] Launching SSLScan\n"; + system("$sslscan $url | aha >$dir/sslscan.html"); + print "[+] Finished SSLScan\n"; + exit 0; + } + + my $pid2 = fork(); + if( $pid2 == 0 ){ + push @children_pids, $pid2; + print "[+] Launching testssl.sh\n"; + system("$testssl $url | aha >$dir/testssl.html"); + print "[+] Finished testssl.sh\n"; + exit 0; + } + + my $pid3 = fork(); + if( $pid3 == 0 ){ + push @children_pids, $pid3; + print "[+] Checking Headers\n"; + system(" echo \"curl -Is --insecure $url\n\" > $dir/headers.txt"); + system("curl -Is --insecure $url >> $dir/headers.txt"); + system("python $headers $url | aha >$dir/headers.html"); + print "[+] Finished Headers\n"; + exit 0; + } + + my $loop = 1; + $SIG{CHLD} = 'DEFAULT'; # turn off auto reaper + $SIG{INT} = $SIG{TERM} = sub {$loop = 0; kill -15 => @children_pids}; + while ($loop && getppid() != 1) { + my $child = waitpid(-1, 0); + last if $child == -1; + } + + if( length $browser ){ + print "[!] Launching file browser\n"; + system("$browser $dir &"); + }else{ + print "[!] Complete\n"; + } + exit(); +} + diff --git a/CHaS.pl b/CHaS.pl new file mode 100755 index 0000000..64d49e5 --- /dev/null +++ b/CHaS.pl @@ -0,0 +1,87 @@ +#!/usr/bin/perl +# By NaN +# +# Requirements: +# aha https://github.com/masukomi/aha +# sslscan https://github.com/rbsec/sslscan +# testssl https://github.com/drwetter/testssl.sh +# securityheaders https://github.com/juerkkil/securityheaders + +use strict; +use warnings; + + +my $sslscan = "sslscan"; # command or path to sslscan +my $testssl = "/opt/testssl.sh/testssl.sh"; # command or path to testssl.sh +my $headers = "/opt/securityheaders/securityheaders.py"; # securityheaders +my $aha = "aha"; # command or path to aha +my $browser = "thunar"; # your file browser - remove to disable + +if($#ARGV < 1){ + print "Check Headers and SSL v0.1\n"; + print "Usage: ./CHaS.pl \n"; + exit(-1); +}else{ + + my $dir = $ARGV[0]; + my $url = $ARGV[1]; + my @children_pids; + + if($url =~ /^(?:(?:https?|s))/i){}else{ + die "[!] Not a valid URL!\n"; + } + + print "[i] Directory: $dir \n"; + print "[i] URL: $url \n"; + + print "[+] Creating Directory\n"; + unless(mkdir($dir, 0755)) { + die "[!] Unable to create!\n"; + } + + my $pid = fork(); + if( $pid == 0 ){ + push @children_pids, $pid; + print "[+] Launching SSLScan\n"; + system("$sslscan $url | aha >$dir/sslscan.html"); + print "[+] Finished SSLScan\n"; + exit 0; + } + + my $pid2 = fork(); + if( $pid2 == 0 ){ + push @children_pids, $pid2; + print "[+] Launching testssl.sh\n"; + system("$testssl $url | aha >$dir/testssl.html"); + print "[+] Finished testssl.sh\n"; + exit 0; + } + + my $pid3 = fork(); + if( $pid3 == 0 ){ + push @children_pids, $pid3; + print "[+] Checking Headers\n"; + system(" echo \"curl -Is --insecure $url\n\" > $dir/headers.txt"); + system("curl -Is --insecure $url >> $dir/headers.txt"); + system("python $headers $url | aha >$dir/headers.html"); + print "[+] Finished Headers\n"; + exit 0; + } + + my $loop = 1; + $SIG{CHLD} = 'DEFAULT'; # turn off auto reaper + $SIG{INT} = $SIG{TERM} = sub {$loop = 0; kill -15 => @children_pids}; + while ($loop && getppid() != 1) { + my $child = waitpid(-1, 0); + last if $child == -1; + } + + if( length $browser ){ + print "[!] Launching file browser\n"; + system("$browser $dir &"); + }else{ + print "[!] Complete\n"; + } + exit(); +} + diff --git a/PEaS.pl b/PEaS.pl new file mode 100755 index 0000000..9f8249e --- /dev/null +++ b/PEaS.pl @@ -0,0 +1,229 @@ +#!/usr/bin/perl +# By NaN +# +# Requirements: +# aha https://github.com/masukomi/aha +# sslscan https://github.com/rbsec/sslscan +# testssl https://github.com/drwetter/testssl.sh +# securityheaders https://github.com/juerkkil/securityheaders +# nmap https://nmap.org +# nikto https://github.com/sullo/nikto +# dirb https://sourceforge.net/projects/dirb/files/ +# wig https://github.com/jekyc/wig +# davtest https://github.com/cldrn/davtest +# wafw00f https://github.com/EnableSecurity/wafw00f +# whatweb https://github.com/urbanadventurer/whatweb +# metagoofil https://github.com/kurobeats/metagoofil +# spaghetti https://github.com/m4ll0k/Spaghetti + +use Socket; +use URI; + +# command or path to pentest tools +# comment out to disable - e.g. nmap +my $sslscan = "sslscan"; # sslscan +my $testssl = "testssl"; # testssl.sh +my $headers = "/opt/securityheaders/securityheaders.py"; # securityheaders +#my $nmap = "nmap"; # nmap +my $nikto = "nikto"; # nikto +#my $dirb = "dirb"; # dirb +my $wig = "/opt/wig/wig.py"; # wig +my $davtest = "davtest"; # davtest +my $wafw00f = "wafw00f"; # wafw00f +my $whatweb = "whatweb"; # whatweb +#my $metagoo = "metagoofil"; # metagoofil +#my $spaghet = "/opt/Spaghetti/spaghetti.py"; # spaghetti + +# misc +my $aha = "aha"; # aha +my $browser = "thunar"; # your file browser - remove to disable + +if($#ARGV < 1){ + print "Pre-Pentest Enumeration and Scanning v0.1\n"; + print "Usage: ./PEaS.pl \n"; + exit(-1); +}else{ + + my $dir = $ARGV[0]; + my $url = $ARGV[1]; + my @children_pids; + + if($url =~ /^(?:(?:http?|s))/i){}else{ + die "[!] Not a valid URL!\n"; + } + + print "[i] Directory: $dir \n"; + print "[i] URL: $url \n"; + + my $uri = URI->new( $url ); + my $ip_addr = gethostbyname( $uri->host ); + $ip_addr = inet_ntoa( $ip_addr ); + print "[i] IP address: $ip_addr \n"; + + + print "[+] Creating Directory\n"; + unless(mkdir($dir, 0755)) { + die "[!] Unable to create!\n"; + } + + if(defined($sslscan)){ + my $pid = fork(); + if( $pid == 0 ){ + push @children_pids, $pid; + if($url =~ /https/){ + print "[+] Launching SSLScan\n"; + system("$sslscan $url | aha >$dir/sslscan.html"); + print "[+] Finished SSLScan\n"; + }else{ + print "[-] Skipping SSLScan\n"; + } + exit 0; + } + } + + if(defined($testssl)){ + my $pid2 = fork(); + if( $pid2 == 0){ + push @children_pids, $pid2; + if($url =~ /https/){ + print "[+] Launching testssl.sh\n"; + system("$testssl $url | aha >$dir/testssl.html"); + print "[+] Finished testssl.sh\n"; + }else{ + print "[-] Skipping testssl.sh\n"; + } + exit 0; + } + } + + if(defined($headers)){ + my $pid3 = fork(); + if( $pid3 == 0 ){ + push @children_pids, $pid3; + print "[+] Checking Headers\n"; + system(" echo \"curl -Is --insecure $url\n\" > $dir/headers.txt"); + system("curl -Is --insecure $url >> $dir/headers.txt"); + system("python $headers $url | aha >$dir/headers.html"); + print "[+] Finished Headers\n"; + exit 0; + } + } + + if(defined($nmap)){ + my $pid4 = fork(); + if( $pid4 == 0 ){ + push @children_pids, $pid4; + print "[+] Launching nmap\n"; + system("$nmap -p- -A -Pn -sT -oA $dir/nmap $ip_addr >/dev/null"); + print "[+] Finished nmap\n"; + exit 0; + } + } + + if(defined($nikto)){ + my $pid5 = fork(); + if( $pid5 == 0 ){ + push @children_pids, $pid5; + print "[+] Launching nikto\n"; + system("$nikto -nointeractive -output $dir/nikto.txt -host $url >/dev/null"); + print "[+] Finished nikto\n"; + exit 0; + } + } + + if(defined($dirb)){ + my $pid6 = fork(); + if( $pid6 == 0 ){ + push @children_pids, $pid6; + print "[+] Launching dirb\n"; + system("$dirb $url -o $dir/dirb.txt >/dev/null"); + print "[+] Finished dirb\n"; + exit 0; + } + } + + if(defined($wig)){ + my $pid7 = fork(); + if( $pid7 == 0 ){ + push @children_pids, $pid7; + print "[+] Launching wig\n"; + system("python3 $wig -q $url | aha >$dir/wig.html"); + print "[+] Finished wig\n"; + exit 0; + } + } + + if(defined($davtest)){ + my $pid8 = fork(); + if( $pid8 == 0 ){ + push @children_pids, $pid8; + print "[+] Launching davtest\n"; + system("$davtest -cleanup -quiet -url $url >$dir/davtest.txt"); + print "[+] Finished davtest\n"; + exit 0; + } + } + + if(defined($wafw00f)){ + my $pid9 = fork(); + if( $pid9 == 0 ){ + push @children_pids, $pid9; + print "[+] Launching wafw00f\n"; + system("$wafw00f $url >$dir/wafw00f.txt"); + print "[+] Finished wafw00f\n"; + exit 0; + } + } + + if(defined($whatweb)){ + my $pid10 = fork(); + if( $pid10 == 0 ){ + push @children_pids, $pid10; + print "[+] Launching whatweb\n"; + system("$whatweb --no-errors -a 3 $url | aha >$dir/whatweb.html"); + print "[+] Finished whatweb\n"; + exit 0; + } + } + + if(defined($metagoo)){ + my $pid11 = fork(); + if( $pid11 == 0 ){ + push @children_pids, $pid10; + print "[+] Launching metagoofil\n"; + print "[+] Creating Directory\n"; + mkdir("$dir/downloaded_docs", 0755); + system("$metagoo -d $url -t pdf,doc,xls,ppt,docx,xlsx,pptx -l 100 -h yes -o $dir/downloaded_docs -f $dir/metagoofil.html"); + print "[+] Finished metagoofil\n"; + exit 0; + } + } + + if(defined($spaghet)){ + my $pid12 = fork(); + if( $pid12 == 0 ){ + push @children_pids, $pid3; + print "[+] Launching spaghetti\n"; + system("python $spaghet -u $url | aha >$dir/spaghetti.html"); + print "[+] Finished spaghetti\n"; + exit 0; + } + } + + my $loop = 1; + $SIG{CHLD} = 'DEFAULT'; # turn off auto reaper + $SIG{INT} = $SIG{TERM} = sub {$loop = 0; kill -15 => @children_pids}; + while ($loop && getppid() != 1) { + my $child = waitpid(-1, 0); + last if $child == -1; + } + + if( length $browser ){ + print "[!] Launching file browser\n"; + system("$browser $dir &"); + }else{ + print "[!] Complete\n"; + } + exit(); +} + diff --git a/CHaS.pl b/CHaS.pl new file mode 100755 index 0000000..64d49e5 --- /dev/null +++ b/CHaS.pl @@ -0,0 +1,87 @@ +#!/usr/bin/perl +# By NaN +# +# Requirements: +# aha https://github.com/masukomi/aha +# sslscan https://github.com/rbsec/sslscan +# testssl https://github.com/drwetter/testssl.sh +# securityheaders https://github.com/juerkkil/securityheaders + +use strict; +use warnings; + + +my $sslscan = "sslscan"; # command or path to sslscan +my $testssl = "/opt/testssl.sh/testssl.sh"; # command or path to testssl.sh +my $headers = "/opt/securityheaders/securityheaders.py"; # securityheaders +my $aha = "aha"; # command or path to aha +my $browser = "thunar"; # your file browser - remove to disable + +if($#ARGV < 1){ + print "Check Headers and SSL v0.1\n"; + print "Usage: ./CHaS.pl \n"; + exit(-1); +}else{ + + my $dir = $ARGV[0]; + my $url = $ARGV[1]; + my @children_pids; + + if($url =~ /^(?:(?:https?|s))/i){}else{ + die "[!] Not a valid URL!\n"; + } + + print "[i] Directory: $dir \n"; + print "[i] URL: $url \n"; + + print "[+] Creating Directory\n"; + unless(mkdir($dir, 0755)) { + die "[!] Unable to create!\n"; + } + + my $pid = fork(); + if( $pid == 0 ){ + push @children_pids, $pid; + print "[+] Launching SSLScan\n"; + system("$sslscan $url | aha >$dir/sslscan.html"); + print "[+] Finished SSLScan\n"; + exit 0; + } + + my $pid2 = fork(); + if( $pid2 == 0 ){ + push @children_pids, $pid2; + print "[+] Launching testssl.sh\n"; + system("$testssl $url | aha >$dir/testssl.html"); + print "[+] Finished testssl.sh\n"; + exit 0; + } + + my $pid3 = fork(); + if( $pid3 == 0 ){ + push @children_pids, $pid3; + print "[+] Checking Headers\n"; + system(" echo \"curl -Is --insecure $url\n\" > $dir/headers.txt"); + system("curl -Is --insecure $url >> $dir/headers.txt"); + system("python $headers $url | aha >$dir/headers.html"); + print "[+] Finished Headers\n"; + exit 0; + } + + my $loop = 1; + $SIG{CHLD} = 'DEFAULT'; # turn off auto reaper + $SIG{INT} = $SIG{TERM} = sub {$loop = 0; kill -15 => @children_pids}; + while ($loop && getppid() != 1) { + my $child = waitpid(-1, 0); + last if $child == -1; + } + + if( length $browser ){ + print "[!] Launching file browser\n"; + system("$browser $dir &"); + }else{ + print "[!] Complete\n"; + } + exit(); +} + diff --git a/PEaS.pl b/PEaS.pl new file mode 100755 index 0000000..9f8249e --- /dev/null +++ b/PEaS.pl @@ -0,0 +1,229 @@ +#!/usr/bin/perl +# By NaN +# +# Requirements: +# aha https://github.com/masukomi/aha +# sslscan https://github.com/rbsec/sslscan +# testssl https://github.com/drwetter/testssl.sh +# securityheaders https://github.com/juerkkil/securityheaders +# nmap https://nmap.org +# nikto https://github.com/sullo/nikto +# dirb https://sourceforge.net/projects/dirb/files/ +# wig https://github.com/jekyc/wig +# davtest https://github.com/cldrn/davtest +# wafw00f https://github.com/EnableSecurity/wafw00f +# whatweb https://github.com/urbanadventurer/whatweb +# metagoofil https://github.com/kurobeats/metagoofil +# spaghetti https://github.com/m4ll0k/Spaghetti + +use Socket; +use URI; + +# command or path to pentest tools +# comment out to disable - e.g. nmap +my $sslscan = "sslscan"; # sslscan +my $testssl = "testssl"; # testssl.sh +my $headers = "/opt/securityheaders/securityheaders.py"; # securityheaders +#my $nmap = "nmap"; # nmap +my $nikto = "nikto"; # nikto +#my $dirb = "dirb"; # dirb +my $wig = "/opt/wig/wig.py"; # wig +my $davtest = "davtest"; # davtest +my $wafw00f = "wafw00f"; # wafw00f +my $whatweb = "whatweb"; # whatweb +#my $metagoo = "metagoofil"; # metagoofil +#my $spaghet = "/opt/Spaghetti/spaghetti.py"; # spaghetti + +# misc +my $aha = "aha"; # aha +my $browser = "thunar"; # your file browser - remove to disable + +if($#ARGV < 1){ + print "Pre-Pentest Enumeration and Scanning v0.1\n"; + print "Usage: ./PEaS.pl \n"; + exit(-1); +}else{ + + my $dir = $ARGV[0]; + my $url = $ARGV[1]; + my @children_pids; + + if($url =~ /^(?:(?:http?|s))/i){}else{ + die "[!] Not a valid URL!\n"; + } + + print "[i] Directory: $dir \n"; + print "[i] URL: $url \n"; + + my $uri = URI->new( $url ); + my $ip_addr = gethostbyname( $uri->host ); + $ip_addr = inet_ntoa( $ip_addr ); + print "[i] IP address: $ip_addr \n"; + + + print "[+] Creating Directory\n"; + unless(mkdir($dir, 0755)) { + die "[!] Unable to create!\n"; + } + + if(defined($sslscan)){ + my $pid = fork(); + if( $pid == 0 ){ + push @children_pids, $pid; + if($url =~ /https/){ + print "[+] Launching SSLScan\n"; + system("$sslscan $url | aha >$dir/sslscan.html"); + print "[+] Finished SSLScan\n"; + }else{ + print "[-] Skipping SSLScan\n"; + } + exit 0; + } + } + + if(defined($testssl)){ + my $pid2 = fork(); + if( $pid2 == 0){ + push @children_pids, $pid2; + if($url =~ /https/){ + print "[+] Launching testssl.sh\n"; + system("$testssl $url | aha >$dir/testssl.html"); + print "[+] Finished testssl.sh\n"; + }else{ + print "[-] Skipping testssl.sh\n"; + } + exit 0; + } + } + + if(defined($headers)){ + my $pid3 = fork(); + if( $pid3 == 0 ){ + push @children_pids, $pid3; + print "[+] Checking Headers\n"; + system(" echo \"curl -Is --insecure $url\n\" > $dir/headers.txt"); + system("curl -Is --insecure $url >> $dir/headers.txt"); + system("python $headers $url | aha >$dir/headers.html"); + print "[+] Finished Headers\n"; + exit 0; + } + } + + if(defined($nmap)){ + my $pid4 = fork(); + if( $pid4 == 0 ){ + push @children_pids, $pid4; + print "[+] Launching nmap\n"; + system("$nmap -p- -A -Pn -sT -oA $dir/nmap $ip_addr >/dev/null"); + print "[+] Finished nmap\n"; + exit 0; + } + } + + if(defined($nikto)){ + my $pid5 = fork(); + if( $pid5 == 0 ){ + push @children_pids, $pid5; + print "[+] Launching nikto\n"; + system("$nikto -nointeractive -output $dir/nikto.txt -host $url >/dev/null"); + print "[+] Finished nikto\n"; + exit 0; + } + } + + if(defined($dirb)){ + my $pid6 = fork(); + if( $pid6 == 0 ){ + push @children_pids, $pid6; + print "[+] Launching dirb\n"; + system("$dirb $url -o $dir/dirb.txt >/dev/null"); + print "[+] Finished dirb\n"; + exit 0; + } + } + + if(defined($wig)){ + my $pid7 = fork(); + if( $pid7 == 0 ){ + push @children_pids, $pid7; + print "[+] Launching wig\n"; + system("python3 $wig -q $url | aha >$dir/wig.html"); + print "[+] Finished wig\n"; + exit 0; + } + } + + if(defined($davtest)){ + my $pid8 = fork(); + if( $pid8 == 0 ){ + push @children_pids, $pid8; + print "[+] Launching davtest\n"; + system("$davtest -cleanup -quiet -url $url >$dir/davtest.txt"); + print "[+] Finished davtest\n"; + exit 0; + } + } + + if(defined($wafw00f)){ + my $pid9 = fork(); + if( $pid9 == 0 ){ + push @children_pids, $pid9; + print "[+] Launching wafw00f\n"; + system("$wafw00f $url >$dir/wafw00f.txt"); + print "[+] Finished wafw00f\n"; + exit 0; + } + } + + if(defined($whatweb)){ + my $pid10 = fork(); + if( $pid10 == 0 ){ + push @children_pids, $pid10; + print "[+] Launching whatweb\n"; + system("$whatweb --no-errors -a 3 $url | aha >$dir/whatweb.html"); + print "[+] Finished whatweb\n"; + exit 0; + } + } + + if(defined($metagoo)){ + my $pid11 = fork(); + if( $pid11 == 0 ){ + push @children_pids, $pid10; + print "[+] Launching metagoofil\n"; + print "[+] Creating Directory\n"; + mkdir("$dir/downloaded_docs", 0755); + system("$metagoo -d $url -t pdf,doc,xls,ppt,docx,xlsx,pptx -l 100 -h yes -o $dir/downloaded_docs -f $dir/metagoofil.html"); + print "[+] Finished metagoofil\n"; + exit 0; + } + } + + if(defined($spaghet)){ + my $pid12 = fork(); + if( $pid12 == 0 ){ + push @children_pids, $pid3; + print "[+] Launching spaghetti\n"; + system("python $spaghet -u $url | aha >$dir/spaghetti.html"); + print "[+] Finished spaghetti\n"; + exit 0; + } + } + + my $loop = 1; + $SIG{CHLD} = 'DEFAULT'; # turn off auto reaper + $SIG{INT} = $SIG{TERM} = sub {$loop = 0; kill -15 => @children_pids}; + while ($loop && getppid() != 1) { + my $child = waitpid(-1, 0); + last if $child == -1; + } + + if( length $browser ){ + print "[!] Launching file browser\n"; + system("$browser $dir &"); + }else{ + print "[!] Complete\n"; + } + exit(); +} + diff --git a/README.md b/README.md index 5511e58..cca0ef6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,56 @@ -CHaS -=============== +**CHaS** -Check Headers and SSL \ No newline at end of file + +**CHaS.pl** - Check Headers and SSL + +**PEaS.pl** - Pre-Pentest Enumeration and Scanning + +**Recursive_PEaS.php** - Run PEaS against a list of hosts + +*** + +**What required programs do** + +**aha** - Converts ANSI terminal output to HTML + +**sslscan** - Gather information about the SSL certificate in use and identify vulnerabilities / misconfigurations + +**testssl** - A better version of the above. + +**securityheaders** - Check for missing or misconfigured headers on a web application + +**nmap** - Port scanner with plugins to enumerate and fingerprint services running + +**nikto** - Web server scanner that tests web servers for dangerous files/CGIs, outdated server software and other problems. + +**dirb** - Web application directory brute-forcer + +**wig** - Web aplication information gatherer - similar to whatweb + +**davtest** - Identifies if webdav is enabled and check for vulnerabilities if is. + +**wafw00f** - Detects if website is behind a waf and tries to identify it if one is detected + +**whatweb** - Identifies underlying technologies and versions running the web application such as server version and CMS + +**metagoofil** - Information gathering tool designed for extracting metadata of public documents + +**spaghetti** - Web app scanner designed to find various default and insecure files, configurations and misconfigurations. + +*** + +**Recursive_PEaS Usage** + +1) create a file containing 1 host per line + +2) edit PEaS.pl to not launch the file browser at the end + +3) edit Recursive_PEaS.php to know the location of the list file and PEaS.pl + +4) php ./Recursive_PEaS.php + +*** + +**Ports** + +Richard Clifford - Python: [https://github.com/richard-clifford/CHaS](https://github.com/richard-clifford/CHaS) \ No newline at end of file diff --git a/CHaS.pl b/CHaS.pl new file mode 100755 index 0000000..64d49e5 --- /dev/null +++ b/CHaS.pl @@ -0,0 +1,87 @@ +#!/usr/bin/perl +# By NaN +# +# Requirements: +# aha https://github.com/masukomi/aha +# sslscan https://github.com/rbsec/sslscan +# testssl https://github.com/drwetter/testssl.sh +# securityheaders https://github.com/juerkkil/securityheaders + +use strict; +use warnings; + + +my $sslscan = "sslscan"; # command or path to sslscan +my $testssl = "/opt/testssl.sh/testssl.sh"; # command or path to testssl.sh +my $headers = "/opt/securityheaders/securityheaders.py"; # securityheaders +my $aha = "aha"; # command or path to aha +my $browser = "thunar"; # your file browser - remove to disable + +if($#ARGV < 1){ + print "Check Headers and SSL v0.1\n"; + print "Usage: ./CHaS.pl \n"; + exit(-1); +}else{ + + my $dir = $ARGV[0]; + my $url = $ARGV[1]; + my @children_pids; + + if($url =~ /^(?:(?:https?|s))/i){}else{ + die "[!] Not a valid URL!\n"; + } + + print "[i] Directory: $dir \n"; + print "[i] URL: $url \n"; + + print "[+] Creating Directory\n"; + unless(mkdir($dir, 0755)) { + die "[!] Unable to create!\n"; + } + + my $pid = fork(); + if( $pid == 0 ){ + push @children_pids, $pid; + print "[+] Launching SSLScan\n"; + system("$sslscan $url | aha >$dir/sslscan.html"); + print "[+] Finished SSLScan\n"; + exit 0; + } + + my $pid2 = fork(); + if( $pid2 == 0 ){ + push @children_pids, $pid2; + print "[+] Launching testssl.sh\n"; + system("$testssl $url | aha >$dir/testssl.html"); + print "[+] Finished testssl.sh\n"; + exit 0; + } + + my $pid3 = fork(); + if( $pid3 == 0 ){ + push @children_pids, $pid3; + print "[+] Checking Headers\n"; + system(" echo \"curl -Is --insecure $url\n\" > $dir/headers.txt"); + system("curl -Is --insecure $url >> $dir/headers.txt"); + system("python $headers $url | aha >$dir/headers.html"); + print "[+] Finished Headers\n"; + exit 0; + } + + my $loop = 1; + $SIG{CHLD} = 'DEFAULT'; # turn off auto reaper + $SIG{INT} = $SIG{TERM} = sub {$loop = 0; kill -15 => @children_pids}; + while ($loop && getppid() != 1) { + my $child = waitpid(-1, 0); + last if $child == -1; + } + + if( length $browser ){ + print "[!] Launching file browser\n"; + system("$browser $dir &"); + }else{ + print "[!] Complete\n"; + } + exit(); +} + diff --git a/PEaS.pl b/PEaS.pl new file mode 100755 index 0000000..9f8249e --- /dev/null +++ b/PEaS.pl @@ -0,0 +1,229 @@ +#!/usr/bin/perl +# By NaN +# +# Requirements: +# aha https://github.com/masukomi/aha +# sslscan https://github.com/rbsec/sslscan +# testssl https://github.com/drwetter/testssl.sh +# securityheaders https://github.com/juerkkil/securityheaders +# nmap https://nmap.org +# nikto https://github.com/sullo/nikto +# dirb https://sourceforge.net/projects/dirb/files/ +# wig https://github.com/jekyc/wig +# davtest https://github.com/cldrn/davtest +# wafw00f https://github.com/EnableSecurity/wafw00f +# whatweb https://github.com/urbanadventurer/whatweb +# metagoofil https://github.com/kurobeats/metagoofil +# spaghetti https://github.com/m4ll0k/Spaghetti + +use Socket; +use URI; + +# command or path to pentest tools +# comment out to disable - e.g. nmap +my $sslscan = "sslscan"; # sslscan +my $testssl = "testssl"; # testssl.sh +my $headers = "/opt/securityheaders/securityheaders.py"; # securityheaders +#my $nmap = "nmap"; # nmap +my $nikto = "nikto"; # nikto +#my $dirb = "dirb"; # dirb +my $wig = "/opt/wig/wig.py"; # wig +my $davtest = "davtest"; # davtest +my $wafw00f = "wafw00f"; # wafw00f +my $whatweb = "whatweb"; # whatweb +#my $metagoo = "metagoofil"; # metagoofil +#my $spaghet = "/opt/Spaghetti/spaghetti.py"; # spaghetti + +# misc +my $aha = "aha"; # aha +my $browser = "thunar"; # your file browser - remove to disable + +if($#ARGV < 1){ + print "Pre-Pentest Enumeration and Scanning v0.1\n"; + print "Usage: ./PEaS.pl \n"; + exit(-1); +}else{ + + my $dir = $ARGV[0]; + my $url = $ARGV[1]; + my @children_pids; + + if($url =~ /^(?:(?:http?|s))/i){}else{ + die "[!] Not a valid URL!\n"; + } + + print "[i] Directory: $dir \n"; + print "[i] URL: $url \n"; + + my $uri = URI->new( $url ); + my $ip_addr = gethostbyname( $uri->host ); + $ip_addr = inet_ntoa( $ip_addr ); + print "[i] IP address: $ip_addr \n"; + + + print "[+] Creating Directory\n"; + unless(mkdir($dir, 0755)) { + die "[!] Unable to create!\n"; + } + + if(defined($sslscan)){ + my $pid = fork(); + if( $pid == 0 ){ + push @children_pids, $pid; + if($url =~ /https/){ + print "[+] Launching SSLScan\n"; + system("$sslscan $url | aha >$dir/sslscan.html"); + print "[+] Finished SSLScan\n"; + }else{ + print "[-] Skipping SSLScan\n"; + } + exit 0; + } + } + + if(defined($testssl)){ + my $pid2 = fork(); + if( $pid2 == 0){ + push @children_pids, $pid2; + if($url =~ /https/){ + print "[+] Launching testssl.sh\n"; + system("$testssl $url | aha >$dir/testssl.html"); + print "[+] Finished testssl.sh\n"; + }else{ + print "[-] Skipping testssl.sh\n"; + } + exit 0; + } + } + + if(defined($headers)){ + my $pid3 = fork(); + if( $pid3 == 0 ){ + push @children_pids, $pid3; + print "[+] Checking Headers\n"; + system(" echo \"curl -Is --insecure $url\n\" > $dir/headers.txt"); + system("curl -Is --insecure $url >> $dir/headers.txt"); + system("python $headers $url | aha >$dir/headers.html"); + print "[+] Finished Headers\n"; + exit 0; + } + } + + if(defined($nmap)){ + my $pid4 = fork(); + if( $pid4 == 0 ){ + push @children_pids, $pid4; + print "[+] Launching nmap\n"; + system("$nmap -p- -A -Pn -sT -oA $dir/nmap $ip_addr >/dev/null"); + print "[+] Finished nmap\n"; + exit 0; + } + } + + if(defined($nikto)){ + my $pid5 = fork(); + if( $pid5 == 0 ){ + push @children_pids, $pid5; + print "[+] Launching nikto\n"; + system("$nikto -nointeractive -output $dir/nikto.txt -host $url >/dev/null"); + print "[+] Finished nikto\n"; + exit 0; + } + } + + if(defined($dirb)){ + my $pid6 = fork(); + if( $pid6 == 0 ){ + push @children_pids, $pid6; + print "[+] Launching dirb\n"; + system("$dirb $url -o $dir/dirb.txt >/dev/null"); + print "[+] Finished dirb\n"; + exit 0; + } + } + + if(defined($wig)){ + my $pid7 = fork(); + if( $pid7 == 0 ){ + push @children_pids, $pid7; + print "[+] Launching wig\n"; + system("python3 $wig -q $url | aha >$dir/wig.html"); + print "[+] Finished wig\n"; + exit 0; + } + } + + if(defined($davtest)){ + my $pid8 = fork(); + if( $pid8 == 0 ){ + push @children_pids, $pid8; + print "[+] Launching davtest\n"; + system("$davtest -cleanup -quiet -url $url >$dir/davtest.txt"); + print "[+] Finished davtest\n"; + exit 0; + } + } + + if(defined($wafw00f)){ + my $pid9 = fork(); + if( $pid9 == 0 ){ + push @children_pids, $pid9; + print "[+] Launching wafw00f\n"; + system("$wafw00f $url >$dir/wafw00f.txt"); + print "[+] Finished wafw00f\n"; + exit 0; + } + } + + if(defined($whatweb)){ + my $pid10 = fork(); + if( $pid10 == 0 ){ + push @children_pids, $pid10; + print "[+] Launching whatweb\n"; + system("$whatweb --no-errors -a 3 $url | aha >$dir/whatweb.html"); + print "[+] Finished whatweb\n"; + exit 0; + } + } + + if(defined($metagoo)){ + my $pid11 = fork(); + if( $pid11 == 0 ){ + push @children_pids, $pid10; + print "[+] Launching metagoofil\n"; + print "[+] Creating Directory\n"; + mkdir("$dir/downloaded_docs", 0755); + system("$metagoo -d $url -t pdf,doc,xls,ppt,docx,xlsx,pptx -l 100 -h yes -o $dir/downloaded_docs -f $dir/metagoofil.html"); + print "[+] Finished metagoofil\n"; + exit 0; + } + } + + if(defined($spaghet)){ + my $pid12 = fork(); + if( $pid12 == 0 ){ + push @children_pids, $pid3; + print "[+] Launching spaghetti\n"; + system("python $spaghet -u $url | aha >$dir/spaghetti.html"); + print "[+] Finished spaghetti\n"; + exit 0; + } + } + + my $loop = 1; + $SIG{CHLD} = 'DEFAULT'; # turn off auto reaper + $SIG{INT} = $SIG{TERM} = sub {$loop = 0; kill -15 => @children_pids}; + while ($loop && getppid() != 1) { + my $child = waitpid(-1, 0); + last if $child == -1; + } + + if( length $browser ){ + print "[!] Launching file browser\n"; + system("$browser $dir &"); + }else{ + print "[!] Complete\n"; + } + exit(); +} + diff --git a/README.md b/README.md index 5511e58..cca0ef6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,56 @@ -CHaS -=============== +**CHaS** -Check Headers and SSL \ No newline at end of file + +**CHaS.pl** - Check Headers and SSL + +**PEaS.pl** - Pre-Pentest Enumeration and Scanning + +**Recursive_PEaS.php** - Run PEaS against a list of hosts + +*** + +**What required programs do** + +**aha** - Converts ANSI terminal output to HTML + +**sslscan** - Gather information about the SSL certificate in use and identify vulnerabilities / misconfigurations + +**testssl** - A better version of the above. + +**securityheaders** - Check for missing or misconfigured headers on a web application + +**nmap** - Port scanner with plugins to enumerate and fingerprint services running + +**nikto** - Web server scanner that tests web servers for dangerous files/CGIs, outdated server software and other problems. + +**dirb** - Web application directory brute-forcer + +**wig** - Web aplication information gatherer - similar to whatweb + +**davtest** - Identifies if webdav is enabled and check for vulnerabilities if is. + +**wafw00f** - Detects if website is behind a waf and tries to identify it if one is detected + +**whatweb** - Identifies underlying technologies and versions running the web application such as server version and CMS + +**metagoofil** - Information gathering tool designed for extracting metadata of public documents + +**spaghetti** - Web app scanner designed to find various default and insecure files, configurations and misconfigurations. + +*** + +**Recursive_PEaS Usage** + +1) create a file containing 1 host per line + +2) edit PEaS.pl to not launch the file browser at the end + +3) edit Recursive_PEaS.php to know the location of the list file and PEaS.pl + +4) php ./Recursive_PEaS.php + +*** + +**Ports** + +Richard Clifford - Python: [https://github.com/richard-clifford/CHaS](https://github.com/richard-clifford/CHaS) \ No newline at end of file diff --git a/Recursive_PEaS.php b/Recursive_PEaS.php new file mode 100755 index 0000000..fd71dbb --- /dev/null +++ b/Recursive_PEaS.php @@ -0,0 +1,24 @@ +