Add files via upload

Bug fixes with config and attack plan
frizb · Aug 19, 2017 · eaf770e · eaf770e
1 parent edfbf66
commit eaf770e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 9 deletions.
diff --git a/attackplan.ini b/attackplan.ini
@@ -42,6 +42,7 @@ always: Nmap All UDP
 # a special "always:" item can be specified to always run these commands against a host once.
 # a special "run once:" item will only run the item once per phase regardless of the number of hosts.
 [Information Gathering]
+always: XProbe2 OS Enumeration
 http: NMap Http Shell Shock,HTTP Nikto Fast
 https: NMap SSL Heartbleed,SSLScan,SSLyze,HTTPS Nikto Fast
 ftp: FTP Nmap Anon,FTP Nmap Bounce
@@ -100,13 +101,15 @@ https: HTTPS Cewl Password List All Urls
 always: Nmap Vulnerability Scan All Host Ports,NMap Vulscan and Version Detection,SearchSploit Nmap
 http: HTTP Nmap Vuln Scan
 https: HTTP Nmap Vuln Scan
-ftp: FTP Nmap Vuln Scan
+ftp: FTP Nmap Vulnerability Scan
+ssh:
 snmp: SNMP Nmap All
 ms-sql-s: MS-SQL Nmap All
 smb: Samba Nmap Vuln Scan
 [Vulnerability Validation]
 always:
 http:
+ssh:
 https:
 ftp:
 [Brute Forcing Lite]

diff --git a/config.ini b/config.ini
@@ -63,11 +63,11 @@
 [Nmap Fast TCP]
 Command: nmap -F <nmap dns server> <target> -oN <output>.nmap -oX <output nmap>.xml >> <output>.txt
 [Nmap Fast UDP]
-Command: nmap -p 123,161,162 <nmap dns server> <target> -oN <output>.nmap -oX <output nmap>.xml >> <output>.txt
+Command: nmap -p 123,161,162,137,138 <nmap dns server> <target> -oN <output>.nmap -oX <output nmap>.xml >> <output>.txt
 [Nmap Fast TCP with Port and OS Identification]
 Command: nmap -sV -sC -O --version-all <nmap dns server> -F <target> -oN <output>.nmap -oX <output nmap>.xml >> <output>.txt
 [Nmap Fast UDP with Port Identification]
-Command: nmap -sU -p 123,161,162 -sV <nmap dns server> --version-all <target> -oN <output>.nmap -oX <output nmap>.xml >> <output>.txt
+Command: nmap -sU -p 123,161,162,137,138 -sV <nmap dns server> --version-all <target> -oN <output>.nmap -oX <output nmap>.xml >> <output>.txt
 [Nmap All TCP]
 Command: nmap -A -p- <nmap dns server> <target> -oN <output>.nmap -oX <output nmap>.xml >> <output>.txt
 [Nmap All UDP]
@@ -85,8 +85,10 @@ Command: searchsploit --json --colour <target> >> <output>.json
 [SearchSploit Txt]
 Command: searchsploit --colour <target> >> <output>.txt
 [SearchSploit Nmap]
-Command: for f in <output nmap>/*.xml; do echo "Processing $f file.."; searchsploit --nmap $f >> <output>$f.txt; done >> <output>.txt
-
+Command: for f in <output folder>/Nmap/*.xml; do echo "Processing $f file.."; searchsploit --nmap $f >> <output>$f.txt; done >> <output>.txt
+[NMap Vulscan and Version Detection]
+Command: nmap -sV -p- -O --script=vulscan/vulscan.nse -oN <output>.nmap -oX <output>.xml <target> >> <output>.txt
+Findings OS: OS details: (.+)\n
 #= Fast Enumeration Commands ====================
 # The following commands can be quickly run within a few seconds
 [DNS Hostname]
@@ -180,7 +182,7 @@ Command: sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 -
 [SSH Nmap Enum]
 Command: nmap -v -sV -p <port> --script="ssh*" <target> -d -oN <output>.nmap -oX <output>.xml >> <output>.txt
 [SSH Nmap Hostkey]
-Command: nmap <target> -p <port> -sV --script ssh-hostkey --script-args ssh_hostkey=full -oN <output>.nmap -oX <output>.xml >> <output>.txt
+Command: nmap <target> -p <port> -sV --script="ssh-hostkey,ssh-auth-methods" --script-args ssh_hostkey=full -oN <output>.nmap -oX <output>.xml >> <output>.txt
 Findings Services: open\s+ssh\s+(.+)
 Findings Sshhostkeys: \|_*\s+\d+\s+(([a-f0-9][a-f0-9]\:)+[a-f0-9][a-f0-9])
 [Nmap Web Scan]
@@ -284,7 +286,8 @@ Findings HttpFormFuzzer: \| (http-form-fuzzer:(\s*\|\s+.+$)+\s+\|_\s+.+$)
 [HTTPS Nmap Form Fuzzer Findings List]
 Command: nmap -sV -p <port> --script=http-form-fuzzer --script-args=http-form-fuzzer.targets={{path="<FindingsList UrlsHttpsRelative>"}} <target> -oN <output>.nmap -oX <output>.xml >> <output>.txt
 Findings HttpFormFuzzer: \| (http-form-fuzzer:(\s*\|\s+.+$)+\s+\|_\s+.+$)
-
+[XProbe2 OS Enumeration]
+Command: xprobe2 <target> >> <output>.txt
 #= Slow Enumeration Commands ====================
 # The following commands can take up to 20 minutes to run
 [DNS Recon]
@@ -308,8 +311,6 @@ Findings Vulnerabilities: \| [a-zA-Z0-9\-_~]+\:((\s*\|\s+.+$)+\s+\|_\s+.+$)
 [SNMP Nmap All]
 Command: nmap -sV -Pn -vv -p <port> --script=snmp* -oN <output>.nmap -oX <output>.xml <target> >> <output>.txt
 Findings Vulnerabilities: \| [a-zA-Z0-9\-_~]+\:((\s*\|\s+.+$)+\s+\|_\s+.+$)
-[NMap Vulscan and Version Detection]
-Command: nmap -sV -p- --script=vulscan/vulscan.nse <target> -oN <output>.nmap -oX <output>.xml <target> >> <output>.txt
 [HTTP Nikto Fast]
 Command: nikto -nointeractive -maxtime 30m -Plugins 'paths;outdated;report_sqlg;auth;content_search;report_text;fileops;parked;shellshock;report_html;cgi;headers;report_nbe;favicon;cookies;robots;report_xml;report_csv;ms10_070;msgs;drupal;apache_expect_xss;siebel;put_del_test;apacheusers;dictionary;embedded;ssl;clientaccesspolicy;httpoptions;subdomain;negotiate;sitefiles;mutiple_index' -C all -host http://<target>/ -p <port> >> <output>.txt
 Findings Vulnerabilities1: \+ (\/.+)