New repo for dockerized/standalone vautomator
Перейти к файлу
Cag 10dca2d703
Merge pull request #33 from mozilla/fix_tenable_stack_tracing
Fix tenable old / new scan logic, admin-merging to fix a bug.
2019-04-10 16:18:51 +10:00
lib Fix Tenable stack tracing, no cmd line arguments 2019-04-10 14:46:34 +10:00
tests Add standardized test support 2019-02-12 18:10:06 -08:00
vendor First iteration, working scanner 2019-01-17 08:25:49 +11:00
.gitignore Add DStore files to gitignore 2019-01-25 13:19:45 -05:00
.travis.yml fix docker image name & deps 2019-02-12 18:27:39 -08:00
Dockerfile Add documentation and some minor improvements 2019-01-21 17:45:28 +11:00
LICENSE Initial commit 2019-01-16 14:58:20 +11:00
Makefile Revert makefile to single scan option 2019-04-10 15:51:51 +10:00
Readme.md Update readme 2019-02-26 18:22:05 +11:00
docker-compose.yml Add documentation and some minor improvements 2019-01-21 17:45:28 +11:00
requirements.txt Add support for WebSearchTask 2019-03-21 13:44:59 -07:00
run.py Revert makefile to single scan option 2019-04-10 15:51:51 +10:00
setup.cfg Add standardized test support 2019-02-12 18:10:06 -08:00
setup.py Add support for WebSearchTask 2019-03-21 13:44:59 -07:00
tox.ini allow to add custom args (tox -- myarg) when running tests 2019-03-21 13:28:21 -07:00

Readme.md

vautomator-standalone

Iterative automation of common VA tasks using OOP.

If you'd like to contribute, please reach out to me and I'd be happy to add you as a contributor.

Install & Running

  1. First, download the repo: git clone https://github.com/caggle/vautomator-standalone.git && cd vautomator-standalone
  2. Build the Docker image: make build
  3. Run it!: make scan TARGET=https://example.net
  4. You can review tool results in the ./results folder while vautomator does it's thing

Example run:

$ make scan TARGET=http://192.168.0.1
docker run -v ${PWD}/results:/app/results -it vautomator:latest ./run.py http://192.168.0.1
[f2769b83b62b] 2019-01-21 06:23:51 AM UTC INFO     [+] Running all the scans now. This may take a while...
[f2769b83b62b] 2019-01-21 06:24:23 AM UTC WARNING  [!] The target has recently been scanned by Tenable.io, retrieving results...
[f2769b83b62b] 2019-01-21 06:24:30 AM UTC INFO     [+] Running nmap port scans...
[f2769b83b62b] 2019-01-21 06:26:54 AM UTC INFO     [+] Nmap port scan(s) successfully ran.
[f2769b83b62b] 2019-01-21 06:26:54 AM UTC INFO     [+] Running ssh_scan...
[f2769b83b62b] 2019-01-21 06:26:58 AM UTC INFO     [+] SSH scan successfully ran.
[f2769b83b62b] 2019-01-21 06:26:58 AM UTC INFO     [+] Running TLS Observatory scan...
[f2769b83b62b] 2019-01-21 06:27:19 AM UTC INFO     [+] TLS Observatory scan successfully ran.
[f2769b83b62b] 2019-01-21 06:27:19 AM UTC INFO     [+] Running dirb scan...
[f2769b83b62b] 2019-01-21 06:31:48 AM UTC INFO     [+] Directory brute scan successfully ran.
[f2769b83b62b] 2019-01-21 06:31:49 AM UTC INFO     [+] All done. Tool output from the scan can be found at /app/results/192.168.0.1/

====== SCAN SUMMARY ======
INFO       [+] [\o/] nmap scan completed successfully!
INFO       [+] [\o/] dirbrute scan completed successfully!
INFO       [+] [\o/] sshscan scan completed successfully!
INFO       [+] [\o/] tlsobs scan completed successfully!
INFO       [+] [\o/] nessus scan completed successfully!
WARNING    [!] [ :| ] httpobs scan skipped as not applicable to the target.
====== END OF SCAN =======

What it does

Using Python 3, it runs a bunch of tools against a URL/FQDN/IPv4 address on a Docker image of its own, and saves tool outputs for later analysis, as a part of a vulnerability assessment.

What it actually does

  • Determines if the the target is a URL, an IPv4 address or a hostname/FQDN

  • If URL (note: it could be a URL with FQDN or IPv4 address) it will run:

    • An nmap UDP scan for about 25 selected UDP services
    • An nmap TCP scan for top 1000 services
    • ssh_scan (if an SSH service is identified)
    • A Nessus (Tenable.io) "Basic Network Scan" (provided if you have valid Tenable.io API keys)
    • HTTP Observatory scan
    • TLS Observatory scan
    • Directory bruteforcing against a wordlist
  • If IP address, it will only run:

    • An nmap UDP scan for about 25 selected UDP services
    • An nmap TCP scan for top 1000 services
    • ssh_scan (if an SSH service is identified)
    • A Nessus (Tenable.io) "Basic Network Scan" (provided if you have valid Tenable.io API keys)

In the current implementation these tasks are performed sequentially with the intent being "run and forget" for a couple of hours, while you are doing other important work.

Port scans

For TCP and UDP port scans, python-nmap is used.

SSH scan

For SSH scan, ssh_scan is used.

Nessus scan

Nessus scans will fail unless you have a pair of valid Tenable.io API keys with administrative permissions. If you do, populate the .env file with them in the below form building the Docker image:

TENABLEIO_ACCESS_KEY=<ACCESS_KEY>
TENABLEIO_SECRET_KEY=<SECRET_KEY>

Technically admin permissions is not required to initiate a Tenable.io scan with API. This is required in the code because the tool checks if the target had been scanned in the last 15 days before launching a scan (and that requires admin perms). If it had, then the results are retrieved. You are OK to not provide API keys if you wish, and the tool will simply not run a Tenable.io scan in that case.

Web App scans

If you are running the tool against a URL, a number of additional external tools will be utilised. These will be installed in the Docker container when you build it.

  • observatory client for HTTP Observatory is used.
  • TLS Observatory, by means of tlsobs client.
  • For directory brute-forcing:
    • By default, dirb will be used with the common wordlist.
    • gobuster will also be installed in the Docker container, however a command line switch to use it instead is not available yet (you would have to modify the code).