Garito


...... Bienvenido ......

Entra y Comparte


PunkSPIDER

Comparte

grupoed2k
colaborador
colaborador

0 / 1000 / 100


Cantidad de envíos : 290
Edad : 36
Perfil : Patience, my friend, is a virtue...

Una cita de Georges Orwell:

Libertad de expresión es el derecho a decir

lo que nadie quere escuchar.

... .... .... .... .... ...
Tú firma Personal :
Barra de Respeto :
0 / 1000 / 100

Reputación : 45
Fecha de inscripción : 14/10/2008

default PunkSPIDER

Mensaje por grupoed2k el 31/1/2017, 1:37 am

Mass Recon has been around for a little while with the advent of our own tool PunkSPIDER, Shodan, MassScan, ZScan etc.



Today we’re announcing the beta release of our new tool punk.sh. Let me tell you how it’s different.
Mass recon at its massiest

Along with a much faster, better web app scanner (Ferret), we are running several hundred nmap NSE scans against our targets. Our target: the entire Internet. So far we have a few million domains, this will quickly be expanded to several billion in the near future. What scans are we running you ask? For web app scans, they are largely the same scans as in PunkSPIDER, that is:
bsqli (blind sql injection)
sqli (sql injection)
osci (OS command injection)
mxi (mail header injection)
traversal (path traversal)
xss (cross-site scripting)

However, this is old news, we were doing this in PunkSPIDER, and even though we’re now doing it a lot faster it’s not that exciting. What is exciting (we think) is the nmap scans we’ve added. It’d be difficult to list all of the nmap options and NSE scripts we’ve enabled and distributed to run across our cluster, but here is a snippet of the command we are using:

script_arg = "--script \"(safe or malware or discovery or external or version or vuln)
and (not -traceroute and not traceroute- and not intrusive and not exploit and not dos)
\"" sudo nmap -Pn -O -sC -T3 -sV ' + script_arg + ' -oX ' + nmap_output + ' --open --top-ports=100 -iL ' + nmap_input_host_list

so yeah, lots of stuff Smile.
With that in mind, let’s talk a little more about how you can use punk.sh.

Exploring punk.sh ~ https://punk.sh/#/

We’ve tried to make punk.sh search much more powerful than other tools out there (including PunkSPIDER). To get started simply go here. You should see a screen like the following


EsLaGuerra


_________________
________________



_________________________________________________________________________________



    Fecha y hora actual: 26/2/2017, 11:06 am