Sunday, November 1, 2015

Using masscan with a configuration file

Recently I was doing some scanning with a tool that is available on github called masscan.  The tool allows you to configure a configuration file and use it by executing 'masscan -c my.conf'.  Below is an example of the configuration file that I was utilizing:

# My Scan
rate =  0.01
output-format = xml
output-filename = scan.xml
ports = 22,23,25,80,443
range = 192.168.5.1-192.168.5.50
retries = 0
http-user-agent = Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.89 Safari/537.36
ping = false
banners = true

The above configuration file allows for when it scans to also pull the banners for a web server.  When it does it will pass the above user agent.

Test Authentication from Linux Console using python3 pexpect

Working with the IT420 lab, you will discover that we need to discover a vulnerable user account.  The following python3 script uses the pex...