A Quick Script to Update NMAP on Debian’like Systems

 §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, Debian, Lïñµx, ßå¢k†rå¢k, Ubuntu  No Responses »
Oct 312012
  
#!/bin/bash
 
# By Ed Wiget
# This script grabs the latest nmap, zenmap, ncat, nping in rpm format and converts them to deb
 
# 20121031 - original script
 
# the version we are grabbing
VER=6.01-1
 
# the architecture we are using
ARCH=x86_64
 
# our working dir
TEMP_DIR=~/nmap-files
 
# check if it exists and if not, create it
if [ ! -d ${TEMP_DIR} ]; then
	mkdir -p ${TEMP_DIR}
fi
 
# check to make sure alien is installed and if not, install it
if [ ! -f /usr/bin/alien ]; then
	sudo apt-get install alien
fi
 
# cd to the working dir
cd ${TEMP_DIR}
 
# 386 files
# http://nmap.org/dist/nmap-6.01-1.i386.rpm
# http://nmap.org/dist/zenmap-6.01-1.noarch.rpm
# http://nmap.org/dist/ncat-6.01-1.i386.rpm
# http://nmap.org/dist/nping-0.6.01-1.i386.rpm
 
# x86_64 files
# http://nmap.org/dist/nmap-6.01-1.x86_64.rpm
# http://nmap.org/dist/ncat-6.01-1.x86_64.rpm
# http://nmap.org/dist/nping-0.6.01-1.x86_64.rpm
 
# no arch
# http://nmap.org/dist/zenmap-6.01-1.noarch.rpm
 
# grab the files
wget -O ${TEMP_DIR}/nmap-${VER}.${ARCH}.rpm http://nmap.org/dist/nmap-${VER}.${ARCH}.rpm
wget -O ${TEMP_DIR}/ncat-${VER}.${ARCH}.rpm http://nmap.org/dist/ncat-${VER}.${ARCH}.rpm
wget -O ${TEMP_DIR}/nping-0.${VER}.${ARCH}.rpm http://nmap.org/dist/nping-0.${VER}.${ARCH}.rpm
wget -O ${TEMP_DIR}/zenmap-${VER}.noarch.rpm http://nmap.org/dist/zenmap-${VER}.noarch.rpm
 
# remove any deb files currently in this dir
rm -f *.deb
 
# convert the downloaded files to deb
sudo alien nmap-${VER}.${ARCH}.rpm
sudo alien ncat-${VER}.${ARCH}.rpm
sudo alien nping-0.${VER}.${ARCH}.rpm
sudo alien zenmap-${VER}.noarch.rpm
 
# install the packages
sudo dpkg --install *.deb

Script: Auditing over anonymous networks

 §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, Hå¢kïñg, Lïñµx, ßå¢k†rå¢k  No Responses »
May 152012
  
#!/bin/bash
 
# By Ed Wiget
# This script sets up a proxy so that you can audit web servers anonymously over tor
# 20111113 - initial script (better method)
# enable next line for debugging
#set -x
 
echo "Please enter the ip address of the target host or a domain name"
read dom
 
# this checks to see if we set a domain name or ip address
# it sets the variable IP to the ip address of domain or ip entered
# if you are auditing more than .com, .net, .org, .edu addresses, you need to add them below
if [ "`echo ${dom} | egrep 'com|net|org|edu' | wc -l`" = "1" ]; then
		IP=`tor-resolve ${dom}`
	else
		IP=${dom}
fi
 
# for debugging to make sure we are setting IP correctly
#echo ${IP}
 
# here we set up a socat proxy listening on localhost port 8080
# it forwards any tcp requests to ${IP} port 80
# via the socks tor listening on localhost 9050
sudo socat TCP4-LISTEN:8080,fork SOCKS4:127.0.0.1:${IP}:80,socksport=9050 &
 
# the sleep is required or the check for listening fails below
sleep 2
 
if [ "`sudo netstat -ptane | grep 8080 | wc -l`" = "1" ]; then
	echo "proxy started successfully"
else
	echo "proxy not running"
	exit
fi
 
# here we are going to check port 80 for a web server which will likely tell us the
# operating system too via the results
sudo proxychains nmap -sT -PN -n -sV ${IP} -p80
 
# here we need to set up w3af_gui running as root in order to connect to our proxy
echo "when w3af opens, click on advanced target settings"
sleep 1
echo "set the target ip in w3af to http://127.0.0.1:8080"
sleep 1
echo "set the targetos and targetframework in w3af as returned by the nmap check above"
sleep 1
sudo /pentest/web/w3af/w3af_gui &

 

So now you can audit a web app using w3af.  If you wanted to use nessus or metasploit, just plug in the address as 127.0.0.1:8080