Skip to content

dreizehnutters/vide

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

vide.sh

Tool to probe and crawl targets and enumerate their attack surface using varous engines. Inputs can be:

  • .xml files generated by nmap
    • vide.sh nmap -sc -sp -eu -ew
  • a list of targets
    • vide.sh scope.txt -sp -sc -ev
  • stdin
    • echo example.com | vide.sh -sp -es --config custom.sh
  • direct
    • vide.sh "10.0.13.37:8443" -el
      _______________
  ==c(___(o(______(_()
          \=\
           )=\    ┌─────────────────────────~vide~────┐
          //|\\   │ attack surface enumeration        │
         //|| \\  │ version: 2.2                      │
        // ||. \\ └─────────────────@dreizehnutters───┘
      .//  ||   \\ .
      //  .      \\ 

This is yet another ctf/engagement automation tool, born out of curiosity and boredom. This tool was inspired by six2dez/reconftw.


Usage

Usage: vide.sh input [mods] [options] [misc]

Required:
    input   Specify an input format (e.g., file/path, string or stdin)

Mods:
    -sp     Skip probing with httpx
    -sc     Skip crawling with katana

Options:
    -es     Enable screenshot
    -ew     Enable whatweb scans
    -ea     Enable wanalyze scans
    -en     Enable nmap script scans
    -eu     Enable nuclei scans
    -ei     Enable nikto scans
    -ef     Enable ffuf brute forcing
    -ev     Enable virtual host header fuzzing
    -ej     Enable js crawl
    -eb     Enable bypass scans
    -el     Enable testssl.sh scans
    -eh     Enable ssh-audit scans

Misc:
    -h|--help                  Show this message
    -c|--config  <config.sh>   Config file to pass (default: custom.sh)
    -o|--out-dir <path>        Out-dir to work in (default: $PWD)
    --verify                   Check configuration file (default: config.sh)

Example:
    # skip crawl, skip probing, do virtual host header scan on a list of targets
    vide.sh scope.txt -sp -sc -ev
    # skip crawl, do nuclei, do whatweb on nmap output directory
    vide.sh nmap -sc -eu -ew
    # with config skip probing, do screenshot on stdin (default to HTTP)
    echo example.com | vide.sh -sp -es --config custom.sh
    # ssl scan on target
    vide.sh '10.0.13.37:8443' -el
    # verify current config.sh
    vide.sh --verify

Example

CLI demo

# skip crawling, do httpX screenshots and WhatWeb scans on nmap -oX data
$ vide.sh nmap -sc -es -ew
[...]

$ tree .
├── nmap
│   └── init.xml
└── vide_runs
    └── vide_22.02_23301708641003
        ├── host_port.txt
        ├── http_servers.txt
        ├── https_servers.txt
        ├── httpx
        │   └── scan.log
        ├── screenshots
        │   ├── response
        │   │   ├── 192.168.42.131
        │   │   │   └── 628362c5635403dbffbf03eb624e464b50915bc4.txt
        │   │   └── index.txt
        │   └── screenshot
        │       ├── 192.168.42.131
        │       │   └── 628362c5635403dbffbf03eb624e464b50915bc4.png
        │       ├── index_screenshot.txt
        │       └── screenshot.html
        ├── vide.log
        ├── vide_targets.txt
        └── whatweb
            ├── brief_all.log
            ├── brief.log
            ├── deep_all.log
            └── deep.log

Installation

The installtion and maintance of used modules by vide.sh is left to the user

$ git clone https://github.com/dreizehnutters/vide
$ cd vide
$ ln -s $(pwd)/vide.sh ~/.local/bin/vide.sh
$ vide.sh --verify

Configuration

One has to edit the config.sh to adjust the location of used binaries and configure extra parameter about each engine

cat config.sh| head -n15
# ---= bins =--- #CHANGE ME
NMAP=/usr/bin/nmap
XMLS=/usr/bin/xmlstarlet
NIKTO=/usr/bin/nikto
WW=/usr/bin/whatweb
WA=/usr/local/bin/webanalyze
SMBMAP=/usr/bin/smbmap
ENUM4LINUX=$PY_PATH/enum4linux-ng.py
FFUF=$GO_PATH/bin/ffuf
BYP4=$GO_PATH/bin/byp4xx
SUBJS=$GO_PATH/bin/subjs
HTTPX=$HOME/.pdtm/go/bin/httpx
NUCLEI=$HOME/.pdtm/go/bin/nuclei
KATANA=$HOME/.pdtm/go/bin/katana
# check the current configuration
$ vide.sh --verify

Scanning Engines

Software Version Install
xmlstarlet >= 1.6.1 XML parsing
httpx >= 1.2.5 server probing
katana >= 1.0.0 crwaling
whatweb >= 0.5.5 tech discovery
webanalyze >= 0.3.8 tech discovery
nuclei >= 2.8.9 web server scanning
nikto >= 2.5.0 web server scanning
ffuf >= 2.0.0 directory brute forcing
byp4xx >= b337580 bypass checks
subjs >= 1.0.0 crawling js
enum4linux-ng.py >= 1.3.1 windows enumeration
smbmap >= 1.9.1 smb enumeration
nmap >= 7.94 extended script scans
testssl.sh >= 3.2rc3 SSL compliance scans
ssh-audit >= 3.1.0 SSH compliance scans