SecuLab

Public download : https://www.arachni-scanner.com/download

윈도우환경 :

zip파일 압축으로 풀고 bin directory에서 arachni_web.bat를 실행하면

로컬 웹서버가 구동되고 web_ui를 확인할 수 있다.

설치 및 실행의 반응속도가 느릴 수 있으니 인내심이 필요함

http://localhost:9292

1 TOGGLE BY SEVERITY - 발견된 취약점의 위험 정도를 구분하여 확인

2 NAVIGATE TO - 발견된 취약점 종류에 대해 구분하여 확인

3 URL - 취약점이 발견된 URL을 확인

4 URL 좌측의 물음표 - 자세한 정보 페이지로 이동 (새창으로 열기 권장)

import sys
from pysnmp.hlapi import *
import csv


def walk(host, oid):
    for (errorIndication, errorStatus, errorIndex, varBinds) in nextCmd(SnmpEngine(), CommunityData('public'),
                                                                        UdpTransportTarget((host, 161), timeout=1,
                                                                                           retries=5), ContextData(),
                                                                        ObjectType(ObjectIdentity(oid)),
                                                                        lexicographicMode=True, lookupNames=True):
        if errorIndication:
            print(errorIndication, file=sys.stderr)
            break
        elif errorStatus:
            print('%s at %s' % (errorStatus.prettyPrint(), errorIndex and varBind[int(errorIndex) - 1][0] or '?'),
                  file=sys.stderr)
            break
        else:
            for varBind in varBinds:
                print(varBind)


def checkserver(ip):
    walk(ip, '1.3.6')


with open('snmplist.csv', newline='', encoding='utf-8') as csvfile:
    reader = csv.reader(csvfile, quoting=csv.QUOTE_ALL)
    for row in reader:
        try:
            print('IP : ' + row[0])
            checkserver(row[0])
        except:
            pass

import telnetlib

infile = open("list.txt", "r")
ips = []
delay_second = 2

account_tup = (("admin", "admin"),
               ("admin", "password"),
               ("root", "root"),
               ("root", "password"),
               ("root", ""),
               ("guest", ""),
               ("db2admin", "db2admin")
               ("db2inst1", "db2inst1")
               ("db2as", "db2as")
               ("db2fenc1", "db2fenc1")
               ("db2admin", "ibmdb2")
               ("db2inst1", "ibmdb2")
               ("db2as", "ibmdb2")
               ("db2fenc1", "ibmdb2")
              )

lines = infile.readlines()
for line in lines:
    ips.append(line)
infile.close()
total_count = (lines.__len__()) * (len(account_tup))
now_count = 1


def tryConnectTelnet(host, user, password):
    global now_count
    with telnetlib.Telnet(host) as con:
        con.read_until("Login:", delay_second)
        con.read_until(b"login:", delay_second)
        print("[Try Action] input account completed")
        con.write(user + b"\n")
        con.read_until("Password:", delay_second)
        print("[Try Action] input password completed")
        con.write(password + b"\n")
        now_count = now_count + 1
        if con.eof:
            return "Closed connection"
        # con.write(b"ls\n")
        # con.write(b"exit\n")
        # my_text = con.set_debuglevel(1000)
        return con.read_until(b".", delay_second)


def print_result(return_str):
    tag = b"[[[Return Result]]]"
    if len(return_str) <= 5:
        print((tag + b"enmpty").decode())
    else:
        print(len(return_str))
        print((tag + return_str).decode())


for ip in ips:
    host = ip.strip("\n")
    print("==========[" + ip + "]==========")
    for a_value in account_tup:
        print(r"====[" + str(now_count) + "/" + str(total_count) + " try to " + a_value[0] + "/" + a_value[1])
        return_value = tryConnectTelnet(host, a_value[0].encode(), a_value[1].encode())
        print_result(return_value)
        with open("output.txt", "a") as outfile:
            outfile.write(host + ":" + a_value[0] + ":" + a_value[1] + ":" +return_value.decode() + "\n")