Automation is a critical element of a robust and scalable application security program. Penetration Testers are now not just required to run tools, but also find intuitive ways to automate the running of these tools, saving them critical effort and bandwidth - custom scripts being one such approach. Custom Scripting not only goes into the depth and scope of your application testing coverage but also enables you to perform rigid testing within the designated time frame of your test cycles.
We had earlier shared a set of 4 payload automation scripts that could be used by penetration testers across the “Mapping and Exploitation” phases of the penetration test.
We now give you a 3 in 1 script, written in Python, that helps testers run three different tools/ scenarios (NMap, Metasploit, SSL Scans) that are used during the Reconnaissance phase of penetration test.The script’s purpose is to reduce the manual work needed while running customized port scans against target servers through the Nmap and Metasploit tool and conduct a deep analysis of the SSL web server configuration. These tools are essential in any good application security penetration testing and are usually run manually, one-by-one. In addition, you need to specify commands and rules to trigger the tools to perform their respective tasks. With this script, you can run scans without giving commands for all the three tools. You only need to provide the target hosts list when the script prompts you before triggering the scans. (However, installing the tools used in this process is a prerequisite.)
The three tools are customized in the script to perform the following testing tasks.
Nmap (Network mapping):
Nmap is customized to include Discovery Scan (identify new directories), Vulnerability Scan, TCP Scan, UDP Scan, Poodle Scan, and Checks if the host is up or not.
The Metasploit tool is capable of many tasks during all phases of penetration testing. But, this script only includes TCP port scans module of Metasploit, to perform port scans on the target host. While Nmap also does TCP port scans, the purpose of using Metasploit is to cross-check its results against Nmap results.
This tool is used to check for weak ciphers within the SSL protocol. The results clarify the strength of ciphers used for transferring information within SSL connection, whether they have a strong or weak cipher suite or hashing algorithm.Since the tools yield results that aren’t always reader-friendly, this script also converts the results into a tabular format, presenting results in a structured view. For example, results obtained from the Nmap are parsed, beautified, and presented in an HTML format. The TCP Scan results from Metasploit are parsed and stored in a text format. SSL Scan results are saved to an XML format. Happy Hunting!