Add files via upload

Fixed benchmarking csv table headers
frizb · Jun 23, 2017 · 6cc001c · 6cc001c
1 parent 23ed016
commit 6cc001c
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 9 deletions.
diff --git a/Vanquish2.py b/Vanquish2.py
@@ -233,7 +233,7 @@ def __init__(self, argv):
 
         if self.args.benchmarking:
             self.benchmarking_csv = open("benchmark.csv", 'w')
-            self.benchmarking_csv.write("COMMAND,TIME")
+            self.benchmarking_csv.write("TIME,COMMAND\n")
         sys.stderr = self.command_error_log
         self.devnull = open(os.devnull, 'w')
 
@@ -415,6 +415,7 @@ def enumerate(self,phase_name):
                         else:
                             logger.debug("\tenumerate() - NO command section found for phase: " + phase_name +
                                          " service name: "+known_service )
+        self.phase_commands=list(set(self.phase_commands)) # Remove Duplicates
         pool = ThreadPool(self.args.threadPool)
         for _ in bar(pool.imap_unordered(self.execute_command, self.phase_commands), expected_size=len(self.phase_commands)):
             pass
@@ -434,7 +435,7 @@ def execute_command(self, command):
         logger.debug("execute_enumeration() - COMPLETED! - " + command)
         self.thread_pool_commands.remove(command)
         if self.args.benchmarking:
-            self.benchmarking_csv.write(command.replace(","," ")+","+time.strftime('%H:%M:%S', time.gmtime(time.time() - command_start_time))+"\n")
+            self.benchmarking_csv.write(time.strftime('%H:%M:%S', time.gmtime(time.time() - command_start_time))+","+command.replace(","," ")+"\n")
 
     def get_enumeration_path(self, host, service, port, command):
         ip_path = os.path.join(self.args.outputFolder, host.strip().replace(".","_"))

diff --git a/attackplan.ini b/attackplan.ini
@@ -13,7 +13,7 @@ Order: Nmap Fast TCP,Nmap Fast UDP
 [Scans Background]
 Order: Nmap All TCP UDP Comprehensive
 [Enumeration Plan]
-Order: Information Gathering,User Enumeration,Password Enumeration,Vulnerablity Analysis,Web Site Scanning
+Order: Information Gathering,User Enumeration,Password Enumeration,Vulnerablity Analysis,Web Site Scanning,Web Site Nikto Scanning,User Enumeration Brute Forcing
 
 #= Enumeration Phases ============
 # The following sections detail the specific commands that will be run (found in the config.ini) at each enumeration phase
@@ -23,6 +23,7 @@ https: NMap SSL Heartbleed,SSLScan,SSLyze,
 ftp: FTP Nmap Anon,FTP Nmap Bounce
 mysql: MySQL Nmap Empty Password,MySql Dump Tables
 smb: SMB Nmap Vuln Scan,SMB NBTScan,SMB Enum4linux,SMB Nmap All,SMB Nmblookup,SMB Client Connect,SMB Nbtscan-unixwiz
+ssn: SMB Nmap Vuln Scan,SMB NBTScan,SMB Enum4linux,SMB Nmap All,SMB Nmblookup,SMB Client Connect,SMB Nbtscan-unixwiz
 smtp: SMTP Nmap Vuln Scan,SMTP Nmap Commands
 snmp: SNMP Nmap All,SNMP Onesixtyone,SNMP SNMPWalk,SNMP SNMP-Check
 ssh: SSLScan,SSLyze,SSH Nmap Enum
@@ -42,17 +43,22 @@ ntp:NTP NTPQ Version,NTP NTPQ Readlist,NTP NTPQ Hostnames,NTP Nmap All
 pop3: POP3 Nmap Enum
 imap: IMAP Nmap Enum
 [Web Site Scanning]
-http: HTTP GoBuster,Nmap Web Scan,HTTP Nikto,HTTP What Web,HTTP Wordpress Scan 1,HTTP Wordpress Scan 2,HTTP BlindElephant Guess
-https: HTTPS GoBuster,Nmap Web Scan,HTTP Nikto,HTTPS What Web,HTTPS Wordpress Scan 1,HTTPS Wordpress Scan 2,HTTPS BlindElephant Guess
+http: HTTP GoBuster,Nmap Web Scan,HTTP What Web,HTTP Wordpress Scan 1,HTTP Wordpress Scan 2,HTTP BlindElephant Guess
+https: HTTPS GoBuster,Nmap Web Scan,HTTPS What Web,HTTPS Wordpress Scan 1,HTTPS Wordpress Scan 2,HTTPS BlindElephant Guess
+[Web Site Nikto Scanning]
+http: HTTP Nikto
+https: HTTPS Nikto
 [Dirb Web Content Bruteforce]
 http: HTTP Dirb
 https: HTTPS Dirb
 [User Enumeration]
-smtp: SMTP Nmap Enum Users,SMTP Emum Users Name,SMTP Emum Users Unix Users
+smtp: SMTP Nmap Enum Users
 snmp: SNMP SNMP-Check
 rpc: RPC Enum4Linux User Enumeration
 smb: SMB Nmap User Enumeration
 ident: Ident ident-user-enum Service Users
+[User Enumeration Brute Forcing]
+smtp:SMTP Emum Users Name,SMTP Emum Users Unix Users
 [Password Enumeration]
 http:
 [Vulnerablity Analysis]

diff --git a/config.ini b/config.ini
@@ -228,7 +228,9 @@ Command: nmap -v -p <port> --script=mysql-* --script-args=unsafe=1 <target> -oN
 [SNMP Nmap All]
 Command: nmap -sV -Pn -vv -p <port> --script=snmp* -oN <output>.nmap -oX <output>.xml <target> >> <output>.txt
 [HTTP Nikto]
-Command: nikto -nointeractive -host <target> -p <port> -C all >> <output>.txt
+Command: nikto -nointeractive -host http://<target>/ -p <port> -C all >> <output>.txt
+[HTTPS Nikto]
+Command: nikto -nointeractive -host https://<target>/ -p <port> -C all >> <output>.txt
 [HTTP Dirb]
 Command: dirb http://<target>/ -S -w  >> <output>.txt
 [HTTPS Dirb]
@@ -258,9 +260,9 @@ Command: wpscan --url http://<target>/wordpress/ --batch >> <output>.txt
 [HTTPS Wordpress Scan 2]
 Command: wpscan --url https://<target>/wordpress/ --batch >> <output>.txt
 [HTTP BlindElephant Guess]
-Command: BlindElephant.py http://<target>/ guess >> <output>.txt
+Command: /usr/bin/BlindElephant.py http://<target>/ guess >> <output>.txt
 [HTTPS BlindElephant Guess]
-Command: BlindElephant.py http://<target>/ guess >> <output>.txt
+Command: /usr/bin/BlindElephant.py http://<target>/ guess >> <output>.txt
 [HTTP Nmap Vuln Scan]
 Command: nmap -v -p <port> --script=http-vuln* <target> -d -oN <output>.nmap -oX <output>.xml >> <output>.txt
 #= User Enumeration =========================