Kaboom: Automated pentest script


Kaboom is an automation for penetration testing. Performs many tasks for the first two phases of the test: gathering information and assessing vulnerability. All the information collected is stored hierarchically, which is very simple to search (the same in the case of multiple targets).

Characteristics

  • Customization (see above)
  • Multi-target specification
  • You can specify up to 254 hosts (C-class network)
  • New CLI interface
  • More powerfull Nmap scan
  • Better directory hierarchy
  • Automatic research of Metasploit module associated with CVE code found
  • Recognition of services exposed on not canonical ports (ex: http on 7000)
  • Print out and save credentials found

Details

Kaboom performs several tasks:
  1. Information Gathering
    • Port scan (Nmap)
    • Web resources enumeration (Dirb)
  2. Vulnerability assessment
    • Web vulnerability assessment (Nobody - Dirb)
    • Vulnerability assessment (Nmap - Metasploit)
    • Automatic Vulnerabilities research (Searchsploit - Metasploit)
    • Dictionary Attacks (Hydra)
      • SSH
      • POP3
      • IMAP
      • RDP

Use

Kaboom can be used in two ways:
  • Interactive mode:

kaboom [ENTER], and the script does the rest

  • NON-interactive mode:

kaboom -t -f [-p one_or_more_phases]

If you want to see help:

kaboom -h (or –help)

Hierarchy

 

Download the program from here..


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news