Automate Your Initial Phase of Pentesting

Image for post
Image for post

Different automation & manual tools/ techniques are used in pentesting. Considering on the target web application scenario scanning is performed. Security researchers/ pentesters always tries to found the vulnerability in source code or ports which are vulnerable. Ethical hacking researcher, Delhi India of International Institute of Cyber Security, recently demonstrated a critical vulnerability using a very basic tool called goscan, which we will talk about in next sections.

GOscan is an network scanner which provides automation over network scanning. This tool is used to find open ports & services on the target. It supports all main features of enumeration. It uses SQLite databases while scanning. According to ethical hacking researchers of international institute of cyber security Goscan tool can be considered in different phases of pentesting.

  • On attacker side Goscan has been tested on Kali Linux 2018.4 amd64. And for target we have used DVWA.
  • Download DVWA iso from : http://www.dvwa.co.uk/DVWA-1.0.7.iso
  • Open DVWA-1.0.7.iso in vmware. Open Vmware click on open. Go to location where you have downloaded DVWA iso. Select that iso & open in Vmware.
  • Click on Power on the virtual machine. Type ifconfig to know IP address Open browser type DVWA ip address.
  • By default DVWA username : admin & password : password
  • And your DVWA has now setup. After configuring target, now setup goscan.
  • This tool build on GO environment. If GO is not installed. Download & configure GO before using GOSCAN.
  • For downloading GO type
    wget https://dl.google.com/go/go1.12.1.linux-amd64.tar.gz
  • Type tar -xvzf go1.12.1.linux-amd64.tar.gz
  • Type cd go & cd bin
  • Copy the go file type cp go /usr/local/bin/go
  • Type export GOROOT=/home/iicybersecurity/go/bin
  • Type echo $GOROOT
  • Before running an scan, add target IP address in goscan database. Type load target SINGLE 192.168.1.105
  • You can also add multiple IP addresses into goscan database. Type load target MULTIPLE /home/iicybersecurity/Downloads/Iplist.txt & select the txt containing IP addresses.
  • Type show targets to check for the added IP addresses.
  • Before finding any services or ports on the target IP addresses. GOSCAN needs to ping on the added IP address.
  • Every pentesting is initialized with PING (Packet Internet Groper) is most common utility which is used to check the availability on the internet. So goscan also checks with ping. For checking type sweep PING 192.168.1.105
  • Type show targets to check for the available targets.

TCP SCAN :-

  • Type portscan TCP-FULL 192.168.1.105
  • portscan will find open ports of the target.
  • goscan offers TCP & UDP scan. We have used TCP-FULL scan in which goscan will use most common network protocols.
  • Goscan will scan for
  • TCP-STANDARD : scan for top 200 TCP-SCAN
  • TCP-PROD : scan for T3 RMI (Remote Method Invocation) protocol which is used for transforming information between weblogic & other programs
  • TCP-VULN SCAN : scan for CVE listed nse scripts & tries to found vulnerabilities in IP address
  • Then write target IP address 192.168.1.105
  • After executing the above query it shows, how nmap uses different queries to scan for open ports. After scans has complete type show ports to list open ports of IP address.
  • Above shows open ports of the target. The above are most common ports which are used while scanning.
  • Goscan also saves the output by creating an directory of scanned IP address. For accessing the directory type cd /root/.goscan
  • Type cd 192.168.1.105
  • Type ls & cat tcp_full_192.168.1.105.nmap
  • The above output show detailed analysis of nmap scan which can be used in further hacking activities.

UDP SCAN :-

  • Type portscan UDP-STANDARD 192.168.1.105
  • UDP-STANDARD scans for the common ports of nmap & tries to find open/ closed services.
  • After executing the above query it shows, how nmap uses different queries to scan for open ports. After scans has complete type show ports to list open ports of IP address.
  • Above shows open ports of the target. The above are most common ports which are used while scanning.
  • Goscan also saves the output by creating an directory of scanned IP address. For accessing the directory type cd /root/.goscan
  • Type cd 192.168.1.105
  • Type ls & cat udp_full_192.168.1.105.nmap
  • The above output show detailed analysis of nmap scan which can be used in further hacking activities.
  • The above output can also be accesse inside goscan output directory. As shown above it can be accessed by going to cd
    /root/.goscan/192.168.105
  • Type show hosts
  • The above query shows the hosts which are scanned & also shows ports which are found using nmap scanner. These tests can be used to do hacking on IoT devices.

Enumerate :-

  • This query will try to enumerate detected services to target.
  • Type enumerate ALL DRY 192.168.1.105
  • ALL will automatically scan open services.
  • FINGER : This command tries to find information about computer users.
  • HTTP (Hyper Text Transport Protocol) : This is most common protocol used on the entire network. This protocol is used to communicate with web browsers & web servers.
  • FTP (File Transport Protocol) : This protocol is used to transfer files between client & the servers.
  • SMB (Service Message Block) : An Windows features which allows to share files remotely over the same network.
  • RDP (Remote Desktop Protocol) : This protocol is used to transmits screens of Windows Based platform.
  • Dry will only show commands & will not enumerate using those commands.
  • The above query shows that what command can be executed on the target IP addresses. The above output shows that nikto, sqlmap, hydra & fimap can be used to further enumerate the target.
  • Further analyze of the tool shows that goscan consumes time and it uses open source tolls in the backend.

Originally published at www.securitynewspaper.com on March 26, 2019.

Knowledge belongs to the world

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store