-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
JonnyHightower
committed
Apr 17, 2014
0 parents
commit 8e61c0d
Showing
81 changed files
with
34,957 additions
and
0 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| NEET - Network Enumeration and Exploitation Tool | ||
|
|
||
| RESOURCE REPOSITORY - NOTHING TO DO HERE | ||
|
|
||
| This is a repository of resources required by Neet. Users DO NOT need | ||
| to manually download this repository. It is automatically installed | ||
| by neet-update whenever it changes. | ||
|
|
||
| Neet is released under version 3 of the GNU Public License. See the LICENSE file for details. | ||
|
|
||
| Copyright 2008-2014 Jonathan Roach | ||
| Email: jonnyhightower [at] funkygeek.com | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| 1.1.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,325 @@ | ||
| ########################################################################## | ||
| # | ||
| # Neet: Network discovery, enumeration and security assessment tool | ||
| # Copyright (C) 2008-2014 Jonathan Roach | ||
| # | ||
| # This program is free software: you can redistribute it and/or modify | ||
| # it under the terms of the GNU General Public License as published by | ||
| # the Free Software Foundation, either version 3 of the License, or | ||
| # (at your option) any later version. | ||
| # | ||
| # This program is distributed in the hope that it will be useful, | ||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| # GNU General Public License for more details. | ||
| # | ||
| # You should have received a copy of the GNU General Public License | ||
| # along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
| # | ||
| # Contact: jonnyhightower [at] funkygeek.com | ||
| # | ||
| ########################################################################## | ||
|
|
||
| # This Template is provided for use as a basis for your own modules. | ||
|
|
||
| # In case you haven't guessed, this is written in PERL. The code is run in a 'strict' environment, so | ||
| # make sure to use "my" to limit the scope of your variables, or the module will fail to load. | ||
|
|
||
| # The only code areas you should modify are: | ||
|
|
||
| # * The "Customise these parameters" area in the "new" subroutine | ||
| # * The code for the actual test in the "activate" subroutine, after "Beginning of module-specific code" | ||
| # and before "End of module-specific code". | ||
|
|
||
| # The rest of the code should remain unmodified. You may wish to remove a lot of these example comments | ||
| # for the sake of readability of your code. | ||
| package DNS; | ||
|
|
||
| sub new { | ||
| my $pkg=shift(); | ||
| my %struct; | ||
| $struct{'Name'}=$pkg; | ||
| $struct{'MainScan'}=shift(); | ||
| my $self=\%struct; | ||
| bless $self, $pkg; | ||
|
|
||
| # >>>>>>>>>>>>>>>>>>>>>>>>>>> | ||
| # Customise these parameters | ||
|
|
||
| # If $struct{'Enabled'} is 0, the module won't be loaded, and therefore won't test anything. | ||
| # As this is a template module, we don't really want it to run. | ||
| $struct{'Enabled'}=1; | ||
|
|
||
| # If your module only tests a UDP or TCP service, put a lower-case protocol name in $struct{'Protocol'}. | ||
| $struct{'Protocol'}=''; | ||
|
|
||
| # @{$struct{'WatchFiles'}} is an array of files to watch in the "services" directory. | ||
| # You can specify more than one. If any of them change, your module will be activated with the new services. | ||
| @{$struct{'WatchFiles'}}=("domain.txt"); | ||
|
|
||
| # Cost is used to determine how resource-intensive your module is. As modules are started, their cost is added | ||
| # up, and once the budget is reached, no more modules will start until some finish and release more budget. | ||
| # As a rule, 10 is a lightweight test, and 100 is something intensive like nikto or an SMB brute-force. | ||
| $struct{'Cost'}=15; | ||
|
|
||
| # $struct{'OnePerHost'} should be 0 if more than one instance of this service is to be tested per host. Most | ||
| # modules will be set this way. If it is set to 1, then your module will only be told about the host IP, and | ||
| # not a protocol or port. Services such as SMB are typically need a setting of 1, otherwise all the SMB tests | ||
| # will be performed on both 139 and 445. | ||
| $struct{'OnePerHost'}=0; | ||
|
|
||
| # $struct{'MaxInstances'} determines the maximum number of instances of this service that are allowed to run | ||
| # simultaneously, even if there is room in the budget to run more. This is to prevent some modules hogging | ||
| # all the resources. A value of 0 means that there is no limit (apart from the budget constraints). | ||
| $struct{'MaxInstances'}=0; | ||
|
|
||
| # $struct{'ConflictingModules'} is an array containing the names (without file extensions) of modules which | ||
| # should prevent this one from running. | ||
| @{$struct{'ConflictingModules'}}=(''); | ||
|
|
||
| # End parameter customisation | ||
| # >>>>>>>>>>>>>>>>>>>>>>>>>>> | ||
|
|
||
| return $self; | ||
| } | ||
|
|
||
| sub activate { | ||
| # This is the subroutine that contains the actual code. | ||
| # First, some code which will be common to all modules - setting up the environment | ||
| my $self=shift(); | ||
| my $MainScan=$$self{'MainScan'}; | ||
| my $target=shift(); | ||
| my $file=shift(); | ||
| my $threadID=Neet::threads->tid; | ||
| my $cost=$$self{'Cost'}; | ||
| my $name=$$self{'Name'}; | ||
| my $Config=$MainScan->Config; | ||
| my $Log=$MainScan->Log; | ||
| my ($host,$protport) = split (":", $target); | ||
| my $socket=$host; | ||
| my ($protocol,$port); | ||
| my $BasePrefix=$Config->GetVal("BasePrefix"); | ||
| my $outputDir=$MainScan->ResultsDirectory . "/$host"; | ||
| my $resourceDir=$MainScan->ResourceDirectory . "/modules/$name"; | ||
| my ($targetType,$interface)=$MainScan->IsHostLocal($host); | ||
| ($protocol,$port) = split ("/", $protport) if ($protport); | ||
| $socket .= ":$port" if ($port); | ||
| return 0 if ($protocol && $$self{'Protocol'} && ("$protocol" ne "$$self{'Protocol'}")); | ||
| # Don't scan if the host is cancelled | ||
| if ($MainScan->IsHostCancelled($host)){ | ||
| $Log->Status ("$name (thread $threadID) -> scans against $target CANCELLED\n","LOGONLY"); | ||
| return 0; | ||
| } | ||
| $0 = "Neet - GSM: $name thread $threadID testing $target"; | ||
|
|
||
| if (!$self->IsScanComplete("$name","$target")){ | ||
| # Tell the user what we're doing | ||
| $Log->Status ("GSM $name (thread $threadID) -> Scanning $socket ($targetType $interface)\n"); | ||
|
|
||
| #>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> | ||
| #>>>>>>>>>>>>> Beginning of module-specific code >>>>>>>>>>>>>> | ||
| #>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> | ||
|
|
||
| # These are the variables you can use in your code: | ||
| # $target - the raw target specification as it is supplied to this subroutine by the scheduler. | ||
| # Unless you want to process this for any particular reason, you're better off using the | ||
| # $host, $protocol, $port or $socket variables below. | ||
| # $file - the filename from which the target was selected. This is useful when your module is monitoring | ||
| # multiple files. You can use this to alter the behaviour of your module accordingly. | ||
| # $host - the IP address of the target | ||
| # $port - the port on which the service is listening (not set for "OnePerHost" modules) | ||
| # $protocol - the protocol on which the service is listening (not set for "OnePerHost" modules) | ||
| # $socket - same as $host, unless $port is set, in which case it is set to "$host:$port". | ||
| # $name - the name of this module | ||
| # $cost - the cost of this module | ||
| # $threadID - the Perl ithread ID for this thread | ||
| # $outputDir - the full absolute path to the directory of results for this $host | ||
| # $resourceDir - the full absolute path to the directory of resources for this module. | ||
| # This is normally /usr/local/share/neet/resources/modules/$name, so for this | ||
| # module, $resourceDir would be /usr/local/share/neet/resources/modules/Example | ||
| # $BasePrefix - the full absolute path to the neet installation - usuall /usr/local/share/neet | ||
|
|
||
| # These are the objects you can access | ||
| # $self - This module | ||
| # $MainScan - MainScan object, which provides most of neet's method calls. | ||
| # $Config - The interface to the configuration file | ||
| # $Log - The interface to the logging and screen printing mechanism | ||
|
|
||
| # The API for recording issues is as follows: | ||
| # RecordIssue(target, label, text) | ||
| # RecordVulnerability(target, label, text) | ||
| # RecordCompromise(target, label, text) | ||
| # StoreGuessedPassword(target, level, service, username, password, label, text) | ||
| # MissingPatch(target, level, service, patch, label, text) | ||
| # ConfigError(target, level, label, text) | ||
|
|
||
| # Include any Perl modules you may require | ||
|
|
||
| # Set up the signal handler for exiting cleanly | ||
| $SIG{'USR1'}=sub{ | ||
| $self->SetScanInComplete("$name","$target"); | ||
| Neet::threads->exit(); | ||
| }; | ||
|
|
||
| # And now the code for the actual test: | ||
| my $dig=$MainScan->getPath("dig"); | ||
| if ($dig){ | ||
| my $command = "$dig \@$host -p $port -x $host"; | ||
| $command .= " +tcp" if ($protocol eq "tcp"); | ||
| $MainScan->System("$command > $outputDir/raw/digdomain-${port}.txt 2>&1"); | ||
| my @results=$MainScan->ReadFile("$outputDir/raw/digdomain-${port}.txt"); | ||
| my $answer=0; my ($fqdn,$hostname,$domain); | ||
| for my $line (@results){ | ||
| if (index($line,"ANSWER SECTION")>0){ | ||
| $answer=1; | ||
| next; | ||
| } | ||
| if ($answer){ | ||
| my @params = split(" ", $line); | ||
| $fqdn=$params[4]; | ||
| $answer=0; | ||
| last; | ||
| } | ||
| } | ||
| $#results=-1; | ||
| if ($fqdn){ | ||
| my @params=split("\\.", $fqdn); | ||
| $hostname=shift(@params); | ||
| $domain=join ".", @params; | ||
| $fqdn =~ s/\.$//; | ||
| $MainScan->SetStatValue("$outputDir/hostInfo.txt","FQDN","$fqdn"); | ||
| } | ||
| if ($domain){ | ||
| $MainScan->SetStatValue("$outputDir/hostInfo.txt","DNSDomain","$domain"); | ||
| # Try a zone transfer | ||
| my $output="$outputDir/raw/axfr-${domain}-${port}.txt"; | ||
| $MainScan->System("$dig \@$host -p $port axfr $domain > $output 2>&1"); | ||
| my @results=$MainScan->ReadFile($output); | ||
| for my $line (@results){ | ||
| if (index($line,";;")==0){ | ||
| $answer=1; | ||
| next; | ||
| } | ||
| if ($answer){ | ||
| if (index($line,"Transfer failed")>0){ | ||
| $answer=0; | ||
| last; | ||
| } | ||
| if ((index($line,$domain) == 0) && (index($line,"SOA") > 0)){ | ||
| $MainScan->ConfigError($target, "vuln", "GSM-DNS-1", "Obtained a zone transfer for the $domain domain"); | ||
| $MainScan->System("mv $output $outputDir/"); | ||
| last; | ||
| } | ||
| } | ||
| } | ||
|
|
||
| # Try an external resolution | ||
| $answer=0; $domain = "bbc.co.uk"; my $record="mx"; | ||
| $output="$outputDir/raw/external-${domain}-${port}.txt"; | ||
| $MainScan->System("$dig \@$host -p $port $record $domain > $output 2>&1"); | ||
| @results=$MainScan->ReadFile($output); | ||
| for my $line (@results){ | ||
| if (index($line,"ANSWER SECTION")>0){ | ||
| $answer=1; | ||
| $record=uc($record); | ||
| next; | ||
| } | ||
| if ($answer && (index($line,$domain) == 0) && (index($line,"$record") > 0)){ | ||
| $MainScan->RecordIssue($target, "GSM-DNS-2", "Resolved $record record for the $domain domain"); | ||
| $MainScan->System("mv $output $outputDir/"); | ||
| last; | ||
| } | ||
| } | ||
|
|
||
| } | ||
| } | ||
|
|
||
| #>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> | ||
| #>>>>>>>>>>>>> End of module-specific code >>>>>>>>>>>>>> | ||
| #>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> | ||
|
|
||
| # Don't modify anything below this line. | ||
| $self->SetScanComplete("$name","$target"); | ||
| } else { | ||
| $Log->Status ("GSM $name (thread $threadID) -> $socket already scanned - skipping\n","LOGONLY"); | ||
| } | ||
| $Log->Status ("GSM $name (thread $threadID) -> $socket FINISHED scanning\n"); | ||
| return 0; | ||
| } | ||
|
|
||
| sub SingleScan { | ||
| my $self=shift; | ||
| return $$self{'OnePerHost'}; | ||
| } | ||
|
|
||
| sub Name { | ||
| my $self=shift(); | ||
| return $$self{'Name'}; | ||
| } | ||
| sub Cost { | ||
| my $self=shift(); | ||
| return $$self{'Cost'}; | ||
| } | ||
| sub Enabled { | ||
| my $self=shift(); | ||
| return $$self{'Enabled'}; | ||
| } | ||
| sub Watching { | ||
| my $self=shift(); | ||
| return @{$$self{'WatchFiles'}}; | ||
| } | ||
|
|
||
| sub TargetSpec { | ||
| my $self=shift(); | ||
| my $targetSpec=shift(); | ||
| if (!defined($targetSpec)){ | ||
| return $$self{'TargetSpec'}; | ||
| } else { | ||
| $$self{'TargetSpec'}=$targetSpec; | ||
| } | ||
| } | ||
|
|
||
| sub IsScanComplete { | ||
| my $self=shift(); | ||
| my $name=shift(); | ||
| my $target=shift(); | ||
| my ($host,$junk)=split ":", $target; | ||
| my $MainScan=$$self{'MainScan'}; | ||
| my $scanName="GSM_${name}_$target"; | ||
| return $MainScan->GetStatKey($MainScan->ResultsDirectory . "/$host/.gsmcomplete",$scanName); | ||
| } | ||
|
|
||
| sub SetScanComplete { | ||
| my $self=shift(); | ||
| my $name=shift(); | ||
| my $target=shift(); | ||
| my ($host,$junk)=split ":", $target; | ||
| my $MainScan=$$self{'MainScan'}; | ||
| my $scanName="GSM_${name}_$target"; | ||
| $MainScan->SetStatKey($MainScan->ResultsDirectory . "/$host/.gsmcomplete",$scanName); | ||
| return 1; | ||
| } | ||
|
|
||
| sub SetScanInComplete { | ||
| my $self=shift(); | ||
| my $name=shift(); | ||
| my $target=shift(); | ||
| my ($host,$junk)=split ":", $target; | ||
| my $MainScan=$$self{'MainScan'}; | ||
| my $scanName="GSM_${name}_$target"; | ||
| if ($MainScan->DelStatKey($MainScan->ResultsDirectory . "/$host/.gsmcomplete",$scanName)){ | ||
| return 1; | ||
| } else { | ||
| return 0; | ||
| } | ||
| } | ||
| sub MaxInstances { | ||
| my $self=shift(); | ||
| return $$self{'MaxInstances'}; | ||
| } | ||
| sub ConflictsWith { | ||
| my $self=shift(); | ||
| return @{$$self{'ConflictingModules'}}; | ||
| } | ||
|
|
||
| 1; |
Oops, something went wrong.