-
Notifications
You must be signed in to change notification settings - Fork 132
/
attackplan.ini
65 lines (63 loc) · 2.34 KB
/
attackplan.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#= Vanquish Attack Plan Config File ============
# Each section represents a phase of the assessment cycle
# the values under each section represent the commands that will be run against each identified service
# the commands are configured in the config.ini file
#= Phase Ordering ============
# The following section defines the scan and enumeration phase ordering
# Scans Start = The scans to complete upfront before any enumeration has started... these should be quick
# Scans Background = The slow scans that will run in the background while the enumeration phases are executing
# Enumeration Plan = The order in which the enumeration phases will be executed
[Scans Start]
Order: Nmap Fast TCP,Nmap Fast UDP
[Scans Background]
Order: Nmap All TCP UDP Comprehensive
[Enumeration Plan]
Order: Information Gathering,Web Content Enumeration,User Enumeration,Password Enumeration,Vulnerablity Analysis
#= Enumeration Phases ============
# The following sections detail the specific commands that will be run (found in the config.ini) at each enumeration phase
[Information Gathering]
http: NMap Http Shell Shock
https: NMap SSL Heartbleed,SSLScan,SSLyze
ftp: FTP Nmap Anon,FTP Nmap Bounce
mysql: MySQL Nmap Empty Password,MySql Dump Tables
smb: SMB Nmap Vuln Scan,SMB NBTScan,SMB Enum4linux,SMB Nmap All,SMB Nmblookup,SMB Client Connect,SMB Nmap User Enumeration
smtp: SMTP Nmap Vuln Scan,SMTP Nmap Commands
snmp: SNMP Nmap All,SNMP Onesixtyone,SNMP SNMPWalk,SNMP SNMP-Check
ssh: SSLScan,SSLyze
rexec: Nmap Rexec
rlogin: Nmap Rlogin
vnc: VNC NMap Scan
telnet: Telnet NMap All
dns: DNS Nmap All,DNS Recon
finger: Finger Nmap All
[Web Content Enumeration]
http: Nmap Web Scan,HTTP Nikto,HTTP Dirb,HTTP What Web,HTTP Wordpress Scan 1,HTTP Wordpress Scan 2
https: Nmap Web Scan,HTTP Nikto,HTTPS Dirb,HTTPS What Web,HTTPS Wordpress Scan 1,HTTPS Wordpress Scan 2
[User Enumeration]
smtp: SMTP Nmap Enum Users,SMTP Emum Users Namelist,SMTP Emum Users Unix Users
snmp: SNMP SNMP-Check
[Password Enumeration]
http:
[Vulnerablity Analysis]
http:
https:
ftp: FTP Nmap All
snmp: SNMP Nmap All
ms-sql-s: MS-SQL Nmap All
[Vulnerability Validation]
http:
https:
ftp:
[Brute Forcing]
http:
https:
ftp: FTP Hydra
# use any credentials discovered to execute exploits
[Exploitation]
http:
https:
ftp:
[Exploit Searching]
http:
https:
ftp: