If you're like me, you don't want to spend your precious memory on remembering awkward command line parameters. However, lots of tools require exactly that: awkward command line parameters.
To simplify scanning of hosts for network vulnerabilities I wrote a
simple wrapper
script
around several open source security tools. The script lets you analyze
one or several hosts for common misconfiguration vulnerabilities and
weaknesses.
My main objective in writing the script was to make it as easy as
possible to perform generic security tests, without any heavy
prerequisites, make the script as informative as possible, and make
use of open source tools.
Note that the latest version is the Python version - please use that one.
How to install
Clone the git archive using the command
git clone https://github.com/PeterMosmans/security-scripts.git
Needed
Linux, and nmap
Optional
curl
- for fingerprinting and to test for TRACE
dig
- to test for recursive DNS servers
git
- to update the script
nikto
- for webscanning
testssl.sh
- to check the SSL configuration
Usage
Oh irony - the command line parameters for the tool:
usage: analyze_hosts.sh [OPTION]... [HOST] Scanning options: -a, --all perform all basic scans --max perform all advanced scans (more thorough) -b, --basic perform basic scans (fingerprint, ssl, trace) --filter=FILTER only proceed with scan of HOST if WHOIS results of HOST matches regexp FILTER --dns test for recursive query -f perform web fingerprinting (all webports) --fingerprint perform all web fingerprinting methods -h, --header show webserver headers (all webports) -n, --nikto nikto webscan (all webports) -p nmap portscan (top 1000 ports) --ports nmap portscan (all ports) -s check SSL configuration --ssl perform all SSL configuration checks --timeout=SECONDS change timeout for sslscan (default=30) --ssh perform SSH configuration checks -t check webserver for HTTP TRACE method --trace perform all HTTP TRACE method checks -w, --whois perform WHOIS lookup for the IP address -W confirm WHOIS results before continuing scan Port selection (comma separated list): --webports=PORTS use PORTS for web scans (default 80,443) --sslports=PORTS use PORTS for ssl scans (default 443,993,995) Logging and input file: -d, --directory=DIR location of temporary files (default /tmp) -i, --inputfile=FILE use a file containing hostnames -l, --log log each scan in a separate logfile --nocolor don't use fancy colors in screen output -o, --output=FILE concatenate all results into FILE -q, --quiet quiet -v, --verbose show server responses -u update this script (if it's a cloned repository) --update force update (overwrite all local modifications) --version print version information and exit BLUE: status messages GREEN: secure settings RED: possible vulnerabilities [HOST] can be a single (IP) address, an IP range, eg. 127.0.0.1-255 or multiple comma-separated addresses, eg 127.0.0.1,127.0.0.2 example: /usr/local/sbin/analyze_hosts -a --filter Amazon www.google.com
Comments
comments powered by Disqus