N0s3p4ss is an automated audition tool for Internet facing services. It gives visibility for the following informations:
- If it is possible to access target via TOR Browser
- Open Ports
- The absence of critical headers or disclosed information through headers
- SSL certificate
- Web Application Firewall detectionYou need to have a TOR Browser Bundle instance running in order to enable N0s3p4ss TOR accessibility verification.
Also you need nmap already installed.
You may need to customize the proxy server IP address at n0s3p4ss/config.py.
To install dependencies, run:
make installTo clean all enviroment dependencies from pipenv, run:
make cleanN0s3p4ss audition can be executed through pipenv, run:
pipenv run python3 main.py --domains 'target_domains'For additional help, run:
pipenv run python3 main.py -hflake8 is used to analyse the code and provide corrections and best practices, run:
make lintTest coverage metrics is provided through coverage. A coverage test percentage for each file will be shown, run:
make coverageEach test can be executed through unittest, run:
make testIt may be illegal to use this script depending of the intentions of the user. The contributors of that repository, the organization that hold it, discourage illegal practices and are not associate with any present or future illegal action.
This software is intended to help auditors find vulnerabilities in their information technology infrastructure, so those can be fixed early, before an legit attacker exploit it.
All said, use of this script is at your own risk. Use with caution.