Add files via upload

Fix for FTP vuln scanner code hang
frizb · Jun 21, 2017 · 0e08b53 · 0e08b53
1 parent 5d16269
commit 0e08b53
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/Vanquish2.py b/Vanquish2.py
@@ -426,6 +426,7 @@ def execute_command(self, command):
         self.thread_pool_commands.append(command)
         process = Popen(command, shell=True, stdin=PIPE, stderr=self.command_error_log, stdout=self.devnull)
         process.stdin.close()
+        #FIXME: Process wait is causing the application to hang in some fringe cases - need to find a better way
         if process.wait() != 0:
             logger.debug("execute_enumeration() - ERRORS EXECUTING:  - " + command)
             self.thread_pool_errors.append(command)

diff --git a/attackplan.ini b/attackplan.ini
@@ -56,7 +56,7 @@ http:
 [Vulnerablity Analysis]
 http: HTTP Nmap Vuln Scan
 https: HTTP Nmap Vuln Scan
-ftp: FTP Nmap All
+ftp: FTP Nmap Vuln Scan
 snmp: SNMP Nmap All
 ms-sql-s: MS-SQL Nmap All
 [Vulnerability Validation]

diff --git a/config.ini b/config.ini
@@ -34,6 +34,7 @@ ldaps: 636
 nfs: 2049
 james-admin: 4555
 ident: 113
+tftp: 69
 
 #= Service Labels ==============================
 # The following NMAP services will be replaced with labels in order to ease command mapping
@@ -70,7 +71,7 @@ nfs_acl: nfs
 # <*list section name*> = Execute the command against all file lists
 # <*list item name*>    = Execute the command using a list item under any section
 
-
+# ls /usr/share/nmap/scripts/* | grep ftp
 #= Network Scan Command ====================
 # The following commands scan the network for hosts
 [Nmap Fast TCP]
@@ -118,6 +119,8 @@ Regex: /anon exists/
 Finding: Anon FTP Exists
 [FTP Nmap Bounce]
 Command: nmap -v -p <port> --script=ftp-bounce --script-args=unsafe=1 <target> -oN <output>.nmap -oX <output>.xml >> <output>.txt
+[FTP Nmap Vuln Scan]
+Command: nmap -v -p <port> --script="ftp-proftpd-backdoor or ftp-vsftpd-backdoor or ftp-vuln*" -d <target> -oN <output>.nmap -oX <output>.xml >> <output>.txt
 [MySQL Nmap Empty Password]
 Command: nmap -v --script mysql-empty-password -p <port> <target> -d -oN <output>.nmap -oX <output>.xml >> <output>.txt
 [MySQL Nmap Info]
@@ -198,6 +201,8 @@ Command: ntpq -c readlist <target> >> <output>.txt
 Command: ntpq -c hostnames <target> >> <output>.txt
 [NTP Nmap All]
 Command: nmap -sU -p <port> --script=ntp* <target> >> <output>.txt
+[TFTP Nmap Enum]
+Command: nmap -v -p <port> --script=tftp-enum <target> -d -oN <output>.nmap -oX <output>.xml >> <output>.txt
 #= Slow Enumeration Commands ====================
 # The following commands can take up to 20 minutes to run
 [DNS Recon]