Call Of Penetration (cop!)
Doing some penetration testing automatically.
- Information Gathering:
- Tasks:
- Whois IP
- Extract
network range
,network name
,description
,address
,country
,city
,phone
,fax_number
,fax-no
- Tools:
- whois
- Tasks:
- Network:
- Tasks:
- Check host is up
- Scan top
100
ports and discover states ofTCP
andUDP
ports including:open
,closed
,filtered
,unfiltered
,open|filtered
orclosed|filtered
. - Scan all
TCP
andUDP
ports, from0
to65535
- Detect os
- Detect services with version info
- Tools:
- nmap, masscan
- Tasks:
- DNS:
- Tasks:
- Performing DNS lookup
- Performing reverse DNS lookup
- Getting name server records
- Getting name servers bind version
- Getting any type of ns record information
- Checking DNSSEC
- Checking wildcard DNS
- Checking DNS allow recursion
- Checking DNS zone transfer
- Tools:
- dig
- Tasks:
- Brute Force:
- Tasks:
- sub domains
- Tools:
- dig
- Tasks:
- Probe Services:
- Tasks:
- ftp
- Anonymous access detection
- ssh
- Detect ssh authentication types available
- Username enumeration time-based attack for OpenSSH
- rpcbind
- Connect to PortMapper and fetches list of registered programs
- ftp
- Tools:
- nmap, ssh, rpcinfo
- Tasks:
Tools
- whois https://github.com/rfc1036/whois
- dig http://linux.die.net/man/1/dig (On Debian, it's available in the dnsutils package)
- nmap http://nmap.org/
- masscan https://github.com/robertdavidgraham/masscan
- ssh http://linux.die.net/man/1/ssh
- paramiko https://github.com/paramiko/paramiko (external python module)
- fierce http://ha.ckers.org/fierce/ (* only using sub domains list, currently added to
lst
folder) - subbrute https://github.com/TheRook/subbrute (* only using sub domains list, currently added to
lst
folder) - rpcinfo http://linux.die.net/man/8/rpcinfo
Usage
$ git clone https://github.com/omidraha/cop.git
$ cd cop
$ pip install -r requirements.txt
$ ./cop.py