Skip to content

sneakerhax/Ruby-recon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
parsers
parsers
 
 
reports
reports
 
 
scanners
scanners
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Ruby-recon

  • A recon tool written in Ruby(collection of scanners and parsers)
  • This tool was created with ruby-nmap to automate the process of scanning with Nmap and parsing out results.
  • A list of options for ruby-nmap can be found here

Ruby License Twitter

Features

  • Templates for different scans with timestamped output
  • Parsers for parsing out specific information
  • Ability to scan and search for exploits

Requirements

gem install ruby-nmap

Basic Usage

Scanner:

ruby <scanner-name> targets.txt

Parser:

ruby <parser-name> <report.xml>

Example Output

Simple Parser output example:

$ruby parser-template.rb ../reports/<report>

[sneakerhax.com][198.54.116.174]
  [80/tcp]
    [http-robots.txt]
      * 1 disallowed entry
      * /wp-admin/
    [http-server-header]
      * nginx/1.10.1
    [http-title]
      * Sneakerhax | Hacking in sneakers

Scanner output example:

$ruby exploit-search.rb targets.txt

############################
#        Ruby-recon        #
############################

Report name: ../reports/nmapscan_2017-02-02-00:45:18.xml

Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-02 00:45 PST
NSE: Loaded 41 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 00:45
Completed NSE at 00:45, 0.00s elapsed
Initiating NSE at 00:45
Completed NSE at 00:45, 0.00s elapsed
Initiating Ping Scan at 00:45
Scanning 192.168.1.1 [4 ports]
Completed Ping Scan at 00:45, 0.05s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 00:45
Completed Parallel DNS resolution of 1 host. at 00:45, 0.01s elapsed
Initiating SYN Stealth Scan at 00:45
Scanning router.asus.com (192.168.1.1) [65534 ports]
Discovered open port 53/tcp on 192.168.1.1
Discovered open port 3394/tcp on 192.168.1.1
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Discovered open port 4443/tcp on 192.168.1.1
Discovered open port 18017/tcp on 192.168.1.1
Discovered open port 5473/tcp on 192.168.1.1
Discovered open port 50764/tcp on 192.168.1.1
Completed SYN Stealth Scan at 00:45, 35.16s elapsed (65534 total ports)
Initiating Service scan at 00:45
Scanning 6 services on router.asus.com (192.168.1.1)
Completed Service scan at 00:48, 141.28s elapsed (6 services on 1 host)
NSE: Script scanning 192.168.1.1.
Initiating NSE at 00:48
Completed NSE at 00:48, 20.12s elapsed
Initiating NSE at 00:48
Completed NSE at 00:48, 1.01s elapsed
Nmap scan report for router.asus.com (192.168.1.1)
Host is up (0.041s latency).
Not shown: 65528 closed ports
PORT      STATE SERVICE        VERSION
53/tcp    open  domain         dnsmasq 2.72test3
3394/tcp  open  d2k-tapestry2?
4443/tcp  open  ssl/http       Asus RT-AC53U WAP http config
5473/tcp  open  apsolab-tags?
18017/tcp open  http           Asus wanduck WAN monitor httpd
|_http-server-header: wanduck
50764/tcp open  upnp           MiniUPnP 1.4 (Asus; UPnP 1.0)
Service Info: Devices: WAP, broadband router; CPE: cpe:/h:asus:rt-ac53u

NSE: Script Post-scanning.
Initiating NSE at 00:48
Completed NSE at 00:48, 0.00s elapsed
Initiating NSE at 00:48
Completed NSE at 00:48, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 198.05 seconds
           Raw packets sent: 66845 (2.941MB) | Rcvd: 66842 (2.674MB)

################################
#    Searching for exploits    #
################################

Running: searchsploit --nmap ../reports/nmapscan_2017-02-02-00:45:18.xml
[i] SearchSploit's XML mode (without verbose enabled)
[i] Reading: '../reports/nmapscan_2017-02-02-00:45:18.xml'

[i] /usr/bin/searchsploit -t dnsmasq 2 72test3
[i] /usr/bin/searchsploit -t d2k tapestry2
[i] /usr/bin/searchsploit -t asus rt ac53u wap http config
[i] /usr/bin/searchsploit -t apsolab tags
[i] /usr/bin/searchsploit -t asus wanduck wan monitor httpd
[i] /usr/bin/searchsploit -t miniupnp 1 4
--------------------------------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                                           |  Path
                                                                                                         | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------------------------------- ----------------------------------
MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities                                                | /multiple/dos/38249.txt
--------------------------------------------------------------------------------------------------------- ----------------------------------

About

A recon tool using ruby-nmap

Topics

ruby security pentesting ruby-nmap

Resources

Readme

License

GPL-3.0 license
Activity

Stars

6 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages