Add files via upload

Adding post scan data collection and list generation... still a work in progress
frizb · Jun 22, 2017 · 92a0b7e · 92a0b7e
1 parent 7802462
commit 92a0b7e
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 3 deletions.
diff --git a/Vanquish2.py b/Vanquish2.py
@@ -198,6 +198,7 @@ def __init__(self, argv):
                             help='Thread Pool Size (default: %(default)s)')
         self.parser.add_argument("-phase", metavar='phase', type=str, default='', help='only execute a specific phase')
         self.parser.add_argument("-noExploitSearch", action='store_true', help='disable searchspolit exploit searching')
+        self.parser.add_argument("-benchmarking", action='store_true', help='enable bench mark reporting on the execution time of commands(exports to benchmark.csv)')
         self.parser.add_argument("-logging", action='store_true', help='enable verbose and debug data logging to files')
         self.parser.add_argument("-verbose", action='store_true', help='display verbose details during the scan')
         self.parser.add_argument("-debug", action='store_true', help='display debug details during the scan')
@@ -234,6 +235,9 @@ def __init__(self, argv):
             logger.DEBUG_FILE= self.debug_log
             logger.VERBOSE_FILE= self.verbose_log
 
+        if self.args.benchmarking:
+            self.benchmarking_csv = open("benchmark.csv", 'w')
+            self.benchmarking_csv.write("COMMAND,TIME")
         sys.stderr = self.command_error_log
         self.devnull = open(os.devnull, 'w')
 
@@ -423,6 +427,7 @@ def enumerate(self,phase_name):
 
     def execute_command(self, command):
         logger.debug("execute_enumeration() - " + command)
+        command_start_time = time()
         self.thread_pool_commands.append(command)
         process = Popen(command, shell=True, stdin=PIPE, stderr=self.command_error_log, stdout=self.devnull)
         process.stdin.close()
@@ -432,6 +437,8 @@ def execute_command(self, command):
             self.thread_pool_errors.append(command)
         logger.debug("execute_enumeration() - COMPLETED! - " + command)
         self.thread_pool_commands.remove(command)
+        if self.args.benchmarking:
+            self.benchmarking_csv.write(command.replace(","," ")+","+time.strftime('%H:%M:%S', time.gmtime(time.time() - command_start_time)))
 
     def get_enumeration_path(self, host, service, port, command):
         ip_path = os.path.join(self.args.outputFolder, host.strip().replace(".","_"))
@@ -534,6 +541,28 @@ def main(self):
         self.hosts = self.hosts.readlines()
         logger.verbose("Hosts:"+str(self.hosts))
 
+        #TODO: Post processing - Scan result folders and create lists of usernames, directories, files, passwords from results
+        print "[+] Post Processing and List Building..."
+        # Userlist
+        userlist = []
+        files_to_process = [os.path.join(dp, f) for dp, dn, fn in os.walk(os.path.expanduser(self.args.outputFolder)) for f in fn]
+        for file in files_to_process:
+            base, filename = os.path.split(file)
+            file_segments = filename.split("_")
+            file_segments.pop()
+            config_command_name = " ".join(file_segments)
+            if self.config.has_section(config_command_name):
+                if self.config.has_option(config_command_name,'Userlist'):
+                    regex = re.compile(self.config.get(config_command_name,'Userlist'))
+                    with open(file) as f:
+                        for line in f:
+                            match = regex.match(line)
+                            if match is not None: userlist.append(match.group(1))
+
+                # Passwordlist
+                # Directorylist
+                # Vulnerabilitylist
+
         # Start up front NMAP port scans
         print "[+] Starting upfront Nmap Scan..."
         for scan_command in self.plan.get("Scans Start", "Order").split(","):
@@ -589,8 +618,6 @@ def main(self):
                           + pformat(self.thread_pool_errors) + pformat(self.thread_pool_commands)
                 continue
 
-        #TODO: Post processing - Scan result folders and create lists of usernames, directories, files, passwords from results
-
         try:
             self.write_report_file(self.nmap_dict)
             print "[+] Searching for matching exploits..."
@@ -604,6 +631,9 @@ def main(self):
         if self.args.logging:
             self.debug_log.close()
             self.verbose_log.close()
+
+        if self.args.benchmarking:
+            self.benchmarking_csv.close()
         return 0
 
 

diff --git a/attackplan.ini b/attackplan.ini
@@ -13,7 +13,7 @@ Order: Nmap Fast TCP,Nmap Fast UDP
 [Scans Background]
 Order: Nmap All TCP UDP Comprehensive
 [Enumeration Plan]
-Order: Information Gathering,Web Site Scanning,User Enumeration,Password Enumeration,Vulnerablity Analysis
+Order: Information Gathering,User Enumeration,Password Enumeration,Vulnerablity Analysis,Web Site Scanning
 
 #= Enumeration Phases ============
 # The following sections detail the specific commands that will be run (found in the config.ini) at each enumeration phase

diff --git a/config.ini b/config.ini
@@ -274,6 +274,8 @@ Command: smtp-user-enum -U <List Users> -t <target> -p <port> >> <output>.txt
 Command: nmap -v --script smtp-enum-users -p <port> <target> -oN <output>.nmap -oX <output>.xml -d >> <output>.txt
 [SMB Nmap User Enumeration]
 Command: nmap -sU -sS --script=smb-enum-users -p U:137,T:139 <target> -oN <output>.nmap -oX <output>.xml >> <output>.txt
+#|   SERVER\backup (RID: 1068)
+Userlist: ^\|\s+\w+\\\\(\w+)\s+\(
 [RPC Enum4Linux User Enumeration]
 Command: enum4linux -k root,Administrator -r <target> >> <output>.txt
 [Ident ident-user-enum Service Users]