5G>> Kn0ck>> 返回
项目作者: telnet22

项目描述 :
Automated Tools Pentest
高级语言: PHP
项目地址: git://github.com/telnet22/Kn0ck.git
创建时间: 2019-08-04T19:44:11Z
项目社区:https://github.com/telnet22/Kn0ck
开源协议:
下载


ABOUT:

Kn0ck is an automated scanner that can be used during a penetration testing to enumerate and scan for vulnerabilities.

KN0CK COMMUNITY FEATURES:

  • Automatically collects basic recon
  • Automatically launches Google hacking queries against a target domain
  • Automatically enumerates open ports via NMap port scanning
  • Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
  • Automatically checks for sub-domain hijacking
  • Automatically runs targeted NMap scripts against open ports
  • Automatically runs targeted Metasploit scan and exploit modules
  • Automatically scans all web applications for common vulnerabilities
  • Automatically brute forces ALL open services
  • Automatically test for anonymous FTP access
  • Automatically runs WPScan, Arachni and Nikto for all web services
  • Automatically enumerates NFS shares
  • Automatically test for anonymous LDAP access
  • Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
  • Automatically enumerate SNMP community strings, services and users
  • Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
  • Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
  • Automatically tests for open X11 servers
  • Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
  • Performs high level enumeration of multiple hosts and subnets
  • Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
  • Automatically gathers screenshots of all web sites
  • Create individual workspaces to store all scan output

AUTO-PWN:

  • Apache Struts CVE-2018-11776 RCE exploit
  • Android Insecure ADB RCE auto exploit
  • Apache Tomcat CVE-2017-12617 RCE exploit
  • Oracle WebLogic WLS-WSAT Component Deserialisation RCE CVE-2017-10271 exploit
  • Drupal Drupalgedon2 RCE CVE-2018-7600
  • GPON Router RCE CVE-2018-10561
  • Apache Struts 2 RCE CVE-2017-5638
  • Apache Struts 2 RCE CVE-2017-9805
  • Apache Jakarta RCE CVE-2017-5638
  • Shellshock GNU Bash RCE CVE-2014-6271
  • HeartBleed OpenSSL Detection CVE-2014-0160
  • Default Apache Tomcat Creds CVE-2009-3843
  • MS Windows SMB RCE MS08-067
  • Webmin File Disclosure CVE-2006-3392
  • Anonymous FTP Access
  • PHPMyAdmin Backdoor RCE
  • PHPMyAdmin Auth Bypass
  • JBoss Java De-Serialization RCEs

ACTIVED YOUR API-KEY & SECRET-KEY ACCOUNT CENSYS:

  1. ->  knock.conf
  2.     CENSYS_APP_ID="REDACTED"
  3.     CENSYS_API_SECRET="REDACTED"

KALI LINUX INSTALL:

  1. chmod +x install.sh
  2. ./install.sh

DEBIAN OR UBUNTU INSTALL:

  1. chmod +x install_for_debian_ubuntu.sh
  2. ./install_for_debian_ubuntu.sh

USAGE:

  1. [*] NORMAL MODE
  2. knock -t <TARGET>
  4. [*] NORMAL MODE + OSINT + RECON
  5. knock -t <TARGET> | -o (Osint) | -re (Recon)
  7. [*] STEALTH MODE + OSINT + RECON
  8. knock -t <TARGET> | -m stealth | -o (Osint) | -re (Recon)
  10. [*] DISCOVER MODE
  11. knock -t <Target> | -m discover | -w <WORSPACE_ALIAS>
  13. [*] SCAN ONLY SPECIFIC PORT
  14. knock -t <TARGET> | -m port | -p <portnum>
  16. [*] FULLPORTONLY SCAN MODE
  17. knock -t <TARGET> | -fp (Fullportonly)
  19. [*] PORT SCAN MODE
  20. knock -t <TARGET> | -m port -p <PORT_NUM>
  22. [*] WEB MODE - PORT 80 + 443 ONLY!
  23. knock -t <TARGET> | -m web
  25. [*] HTTP WEB PORT MODE
  26. knock -t <TARGET> | -m webporthttp | -p <port>
  28. [*] HTTPS WEB PORT MODE
  29. knock -t <TARGET> | -m webporthttps | -p <port>
  31. [*] ENABLE BRUTEFORCE
  32. knock -t <TARGET> | -b (Bruteforce)
  34. [*] LIST WORKSPACES
  35. knock --list
  37. [*] DELETE WORKSPACE
  38. knock -w <WORKSPACE_ALIAS> -d
  40. [*] DELETE HOST FROM WORKSPACE
  41. knock -w <WORKSPACE_ALIAS> -t <TARGET> -dh
  43. [*] GET knock SCAN STATUS
  44. knock --status
  46. [*] LOOT REIMPORT FUNCTION
  47. knock -w <WORKSPACE_ALIAS> --reimport

MODE:

  • NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.
  • STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.
  • DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a knock scan against each host. Useful for internal network scans.
  • PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
  • FULLPORTONLY: Performs a full detailed port scan and saves results to XML.
  • WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
  • WEBPORTHTTP: Launches a full HTTP web application scan against a specific host and port.
  • WEBPORTHTTPS: Launches a full HTTPS web application scan against a specific host and port.