Skip to content

Commit

Permalink
Add information on README file.
Browse files Browse the repository at this point in the history
Signed-off-by: Fernando Fernández <[email protected]>
  • Loading branch information
Fernando Fernández committed Jul 3, 2017
1 parent fcbe8d9 commit d48a1fe
Showing 1 changed file with 23 additions and 2 deletions.
25 changes: 23 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ Well, now you are ready to use the script, so enjoy it!

## DNS record query

**Usage**: `$ python3 pentesting-multitool.py -d <domain> -r <record>`
**Options**: `-f <filename>`

**Warning**: _Not all DNS records are implemented so check on this table what DNS records are available._

| RECORDS | STATUS |
Expand All @@ -35,20 +38,31 @@ Well, now you are ready to use the script, so enjoy it!

## Whois function

The whois function generates a dictionary with the information but I recommend to check the availability of the keys for the specified domain, anyway if the key isn't available an error message will be shown.
**Usage**: `$ python3 pentesting-multitool.py -w <domain>`
**Options**: `-f <filename>`

The whois function generates a dictionary with the information, you can write the information on a file with the -f option or print it.

Sometimes the information is hidden so keep that possibility in mind.

## Shodan search function

**Usage**: `$ python3 pentesting-multitool.py -s <search query>`
**Options**: `-f <filename>, -u(full information flag)`

_Note: If **-u** flag is set, you will get full information about the devices or services found. Otherwise, you will get only the IP._

The Shodan search function (ssearch) uses the Shodan external library in order to integrate Shodan browser in our script.

The script implements a "simple search"(is simple as you want), for the search query parameters we will put exactly the same that if we were searching using Shodan website but with the filters separated by "-" here is an example of search query:

```"ip:8.8.8.0/24-ports:22"```
`"ip:8.8.8.0/24-ports:22"`

## Banner grabbing function

**Usage**: `# python3 pentesting-multitool.py -b <ip> -p <ports>`
**Options**: `-f <filename>`

The banner grabbing function first creates a socket with the specified IP and port, so we can use a list of ports (separated by `:`).

**Warning**: _Not all services are implemented so check on this table what service is available._
Expand All @@ -64,18 +78,25 @@ The banner grabbing function first creates a socket with the specified IP and po

## Flooding using PCAP function

**Usage**: `# python3 pentesting-multitool.py -o <number of sends or packets(generator mode)> -f <pcap filename>`
**Options**: `-g (Generator mode flag)`

The flooding function have two options. The first option is the generator mode that creates a PCAP file with a specified amount of packets and name. Those packets have two layers IP and ICMP (Echo request).

For the flood mode, using TCPReplay, we will send the list of packets included on the PCAP file in a loop of _n_ iterations. It's recommended to add 200 packets to the file for DOS Attack and 100 packets to generate latency increase but that varies between networks and AP's.

## Fuzzing function

**Usage**: `# python3 pentesting-multitool.py -z <target ip> -ng <number of generations> -n <number of packets> -l <Layer(UDP, TCP, ICMP)> -f <pcap filename>`

The fuzzing function will generate a number of random packets with UDP, TCP or ICMP layer as indicated by the user, _n_ times (number of generations parameter). After sending the packet it will wait for a response one second, if there is no response then a default packet will be created. All packets will be stored in a PCAP afterwards, where the first packet is the sent packet and the second one is the response of this packet.

Also, is obvius that you have to set the target IP because it useless to set it by using Scapy RandIP function.

## Man-in-the-Middle function

**Usage**: `# python3 pentesting-multitool.py -m <interface> -v <victim IP> -a <AP Gateway>`

Well, first I want to clarify that it is not a tool designed to attack, it is a tool to check if our network is vulnerable to a mitm scheme attack using ARP Spoofing.

Using ARP Spoofing we indicate to the router that the victim's IP is in our MAC Address and at the same time we indicate to the victim that the gateway's IP address is in our MAC address so we are intercepting all the traffic between the victim and the router.
Expand Down

0 comments on commit d48a1fe

Please sign in to comment.