├── .gitattributes ├── .gitignore ├── EyeWitness_remote.bat ├── LICENSE ├── Login_fast.rb ├── Login_slow.rb ├── README.md ├── README_en.md ├── README_rus.md ├── RPCPublicKey.DH ├── Template_SVM.dotx ├── _config.yml ├── acunetix_scan.bat ├── acunetix_v11_scan.bat ├── androbugs_framework.bat ├── android_comandos.bat ├── apk_install_local.bat ├── apk_install_remote.bat ├── apk_sign_local.bat ├── apktool_build_local.bat ├── apktool_decode_local.bat ├── apktool_decode_remote.bat ├── apktool_remote.bat ├── arachni_scan_remote.bat ├── burpsuite_scan.bat ├── ca-bundle.crt ├── cert_install.bat ├── changelog.txt ├── curl.zip ├── enjarify_local.bat ├── enjarify_remote.bat ├── install_upgrade_tools_local.bat ├── install_upgrade_tools_remoto.bat ├── install_upgrade_tools_remoto.sh ├── jd-gui.bat ├── jq-win32.zip ├── libeay32.zip ├── mobsf.bat ├── nessus_get_policies.bat ├── nessus_scan.bat ├── netsparker_scan.bat ├── nmap.xsl ├── nmap_scan.bat ├── nmap_scan_remote.bat ├── omp.zip ├── omp_cracked.zip ├── openssl.zip ├── openvas_get_report_formats.bat ├── openvas_get_report_formats_remote.bat ├── openvas_get_report_formats_remote.sh ├── openvas_get_scan_configs.bat ├── openvas_get_scan_configs_remote.bat ├── openvas_get_scan_configs_remote.sh ├── openvas_scan.bat ├── openvas_scan_remote.bat ├── openvas_scan_remote.sh ├── plink.zip ├── pscp.zip ├── qark.bat ├── qark.sh ├── qualys_get_reports_templates.bat ├── qualys_get_scanner_appliances.bat ├── qualys_report.bat ├── qualys_report_xml.bat ├── qualys_scan.bat ├── qualys_scan_report.bat ├── recon_ng_remote.bat ├── run_avd.bat ├── scripts_all.sha256 ├── ssleay32.zip ├── svm.zip ├── svm_en.ini ├── svm_es.ini ├── svm_rus.ini ├── svm_screenshot1.png ├── svm_screenshot10.png ├── svm_screenshot11.png ├── svm_screenshot2.png ├── svm_screenshot3.png ├── svm_screenshot4.png ├── svm_screenshot5.png ├── svm_screenshot6.png ├── svm_screenshot7.png ├── svm_screenshot8.png ├── svm_screenshot9.png ├── svm_virgen.ini ├── update_all_scripts.bat ├── upload_file.bat ├── vbRichClient5.zip ├── version.json ├── version.txt ├── watch_git.jpg ├── web_proyectos.bat ├── web_vulnerabilidades.bat ├── webshotcmd.zip └── xml.zip /.gitattributes: -------------------------------------------------------------------------------- 1 | # Set the default behavior, in case people don't have core.autocrlf set. 2 | * text=auto 3 | 4 | # Explicitly declare text files you want to always be normalized and converted 5 | # to native line endings on checkout. 6 | *.c text 7 | *.h text 8 | *.frm text 9 | *.vbp text 10 | *.vbw text 11 | 12 | # Declare files that will always have CRLF line endings on checkout. 13 | *.sln text eol=crlf 14 | *.frm text eol=crlf 15 | *.vbp text eol=crlf 16 | *.vbw text eol=crlf 17 | *.bas eol=crlf 18 | *.cls eol=crlf 19 | *.ctl eol=crlf 20 | *.c eol=crlf 21 | *.cpp eol=crlf 22 | *.dsr eol=crlf 23 | *.bat text eol=crlf 24 | # qark.bat text eol=crlf 25 | 26 | # Declare files that will always have LF line endings on checkout. 27 | *.sh text eol=lf 28 | 29 | # Denote all files that are truly binary and should not be modified. 30 | *.png binary 31 | *.jpg binary 32 | *.frx binary 33 | *.zip binary 34 | 35 | #Certificado en LF 36 | ca-bundle.crt text eol=lf -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.exe 2 | *.dll 3 | Thumbs.db 4 | -------------------------------------------------------------------------------- /EyeWitness_remote.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set File=%2 5 | set Documentacion=%3 6 | set Timestamp=%4 7 | set DirApp=%5 8 | set Server=%6 9 | set Username=%7 10 | set Password=%8 11 | 12 | set Proyecto=%Proyecto:"=% 13 | set Documentacion=%Documentacion:"=% 14 | 15 | @title=[EyeWitness] - %Proyecto% 16 | 17 | rem git clone https://github.com/ChrisTruncer/EyeWitness 18 | rem cd EyeWitness ; cd setup ; ./setup.sh 19 | 20 | echo "Generando script..." 21 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C "%File%" %Server%:"/tmp/EyeWitnessReport_%Timestamp%.txt" 22 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "mkdir /tmp/EyeWitnessReport_%Timestamp%/" 23 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'cd '%DirApp%' ; chmod 755 EyeWitness.py ; ./EyeWitness.py -f /tmp/EyeWitnessReport_%Timestamp%.txt --web --timeout 20 --threads 10 --user-agent \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21\" --prepend-https --active-scan --resolve --no-prompt -d "/tmp/EyeWitnessReport_%Timestamp%/" ' > /tmp/EyeWitness-script_%Timestamp%.sh" 24 | 25 | echo "Ejecutando..." 26 | @echo on 27 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "export TERM=xterm ; chmod 755 /tmp/EyeWitness-script_%Timestamp%.sh ; /tmp/EyeWitness-script_%Timestamp%.sh" 28 | 29 | @echo off 30 | echo "Generando Reporte..." 31 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "cd /tmp/ ; tar -cvzf 'EyeWitnessReport_%Timestamp%.tar.gz' 'EyeWitnessReport_%Timestamp%'" 32 | 33 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/EyeWitnessReport_%Timestamp%.tar.gz" "%Documentacion%\EyeWitnessReport_%Timestamp%.tar.gz" 34 | 35 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "rm -fr '/tmp/EyeWitnessReport_%Timestamp%.tar.gz' ; rm -fr '/tmp/EyeWitnessReport_%Timestamp%'" 36 | 37 | echo "%Documentacion%\EyeWitness_%Timestamp%.tar.gz" 38 | 39 | pause -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | {description} 294 | Copyright (C) {year} {fullname} 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | {signature of Ty Coon}, 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. 340 | -------------------------------------------------------------------------------- /Login_fast.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | response = http.post( 'http://testphp.acunetix.com/userinfo.php', 3 | parameters: { 4 | 'FormNameHTMLUsername' => 'Administrador', 5 | 'FormNameHTMLPassword' => 'Password123' 6 | }, 7 | mode: :sync, 8 | update_cookies: true 9 | ) 10 | framework.options.session.check_url = to_absolute( response.headers.location, response.url ) 11 | framework.options.session.check_pattern = /Logout|Sign out|Cerrar Sesion/ 12 | -------------------------------------------------------------------------------- /Login_slow.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'watir-webdriver' 3 | browser = Watir::Browser.new 4 | browser.goto 'http://testphp.acunetix.com/login.php' 5 | form = browser.form( id: 'loginform' ) 6 | form.text_field( name: 'uname' ).set 'test' 7 | form.text_field( name: 'pass' ).set 'test' 8 | form.submit 9 | framework.options.session.check_url = browser.url 10 | framework.options.session.check_pattern = /Logout|Sign out|Cerrar Sesion/ -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Spanish | [English](README_en.md) | [Russian](README_rus.md) 2 | 3 | # Simple Vulnerability Manager 4 | 5 | [![](https://img.shields.io/github/release/simplevulnerabilitymanager/svm.svg)](https://github.com/simplevulnerabilitymanager/svm/releases/tag/v2.1.0) 6 | 7 | 8 | # Descripción 9 | Simple Vulnerability Manager es la herramienta perfecta para cualquier analista de vulnerabilidades, ya que con tan solo un par de clicks se podrán tanto realizar completos análisis sobre las debilidades de un sistema como generar informes sobre los mismos que ayudarán a comprender y solucionar los distintos problemas que estas vulnerabilidades puedan estar causando. 10 | 11 | 12 | Esta aplicación incluye una base de datos que contiene la gran mayoría de vulnerabilidades que un equipo puede sufrir, organizadas en **Web Scanners**, **Service Scanners**, **Static Scanners** y **Mobile**. Dentro de estas secciones, junto a la vulnerabilidad pertinente, los usuarios podrán encontrar una breve descripción en la que se especifica que es lo que crea el problema, el impacto que este tiene sobre el sistema y los pasos que se han de seguir para solucionarla. 13 | 14 | 15 | Una de las características más interesantes de Simple Vulnerability Manager es la posibilidad de crear y gestionar proyectos a los clientes a los que se estén realizando seguimientos. Estos proyectos servirán para añadir comentarios personalizados y capturas de pantalla que servirán como prueba individual para cada una de las vulnerabilidades que hayan sido detectadas en las web y direcciones IP. 16 | 17 | 18 | # Instalación 19 | Es muy simple, descarga el instalador en https://github.com/simplevulnerabilitymanager/svm/releases y sigue las instrucciones. No tienes que configurar practicamente nada para que lo comiences a utilizar inmediatamente. 20 | 21 | 22 | # Capturas de Pantalla 23 | 24 | ![Screenshot](svm_screenshot1.png) 25 | Pantalla Principal 26 | 27 | ![Screenshot](svm_screenshot2.png) 28 | Lista de vulnerabilidades disponibles para agregar al proyecto. 29 | 30 | 31 | # Tools 32 | 33 | Simple Vulnerability Manager se integra con todas las siguientes tool externas para poder ejecutarlas rapidamente con un solo click, lo que te permite ahorrar tiempo en la ejecucion de los escaneos automatizados. 34 | 35 | **Web Scanner** 36 | 37 | * [Acunetix](https://www.acunetix.com/) 38 | 39 | * [Burpsuite](https://portswigger.net/burp) 40 | 41 | * [Netsparker](https://www.netsparker.com/) 42 | 43 | * [Arachni Web Application](https://www.arachni-scanner.com/) 44 | 45 | **Services Scanner** 46 | 47 | * [Qualys Community](https://www.qualys.com/community-edition/) y Qualys Enterprise 48 | 49 | * [Nessus](https://www.tenable.com/products/nessus/nessus-professional) 50 | 51 | * [OpenVAS](http://www.openvas.org/) 52 | 53 | * [Nmap](https://nmap.org/) 54 | 55 | **Android Tools** 56 | 57 | * [ApkTools](https://ibotpeaches.github.io/Apktool/) 58 | 59 | * [Enjarify](https://github.com/google/enjarify) 60 | 61 | * [JD-Gui](http://jd.benow.ca/) 62 | 63 | * [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) 64 | 65 | * [QARK](https://github.com/linkedin/qark) 66 | 67 | * [AndroBugs_Framework](https://github.com/AndroBugs/AndroBugs_Framework) 68 | 69 | * [Uber Apk Signer](https://github.com/patrickfav/uber-apk-signer) 70 | 71 | **Information Tools** 72 | 73 | * [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) 74 | 75 | * [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) 76 | 77 | # Preguntas y Respuestas Frecuentes (FAQ) 78 | 79 | [Wiki](https://github.com/simplevulnerabilitymanager/svm/wiki) 80 | 81 | # Presentaciones 82 | 83 | Simple Vulnerability Manager fue presentado en las siguientes Conferencias de Seguridad Informática 84 | 85 | * [Ekoparty Security Conference](https://www.ekoparty.org) : Ekolabs [2016](https://twitter.com/SimpleVulnManag/status/792072988204134402) 86 | 87 | * [Andsec Security Conference](https://www.andsec.org) : [2017](https://twitter.com/SimpleVulnManag/status/871576216112963586) 88 | 89 | * [Spotify - Secure Podcast](https://open.spotify.com/episode/76DLj25Z3gWWFnfTlbpNrN): Episodio 012 (Minuto 48:40) - Las Vegas [2018](https://open.spotify.com/episode/76DLj25Z3gWWFnfTlbpNrN) 90 | 91 | 92 | # Links 93 | 94 | Sígueme en las redes sociales para estar enterado de las novedades 95 | 96 | * Twitter: [@SimpleVulnManag](https://twitter.com/SimpleVulnManag) [![](https://img.shields.io/twitter/follow/SimpleVulnManag.svg?label=Follow&style=social)](https://twitter.com/SimpleVulnManag) 97 | 98 | * Facebook: [@SimpleVulnerabilityManager](https://www.facebook.com/simplevulnerabilitymanager) 99 | 100 | * Instagram: [@SimpleVulnerabilityManager](https://www.instagram.com/simplevulnerabilitymanager/) 101 | 102 | * Youtube: [Canal](https://www.youtube.com/channel/UCDXH-m2SqQsnb91UUsQxlrQ?view_as=subscriber) 103 | 104 | * GitHub: ![Watching](watch_git.jpg) 105 | 106 | * Homepage: [SimpleVulnerabilityManager.com](https://simplevulnerabilitymanager.com/) 107 | 108 | 109 | # Licencia 110 | Solo los scripts para Windows (.bat) y los script para Linux (.sh) son OpenSource con licencia GPL, el resto de los programas tienen sus respectivas licencia. 111 | 112 | El ejecutable "svm.exe" es de licencia freeware y solo deberia utilizarse para uso personal. Para uso en empresas debe adquirirse la licencia **Pro** de SVM. Mas info a [contacto@simplevulnerabilitymanager.com](mailto:contacto@simplevulnerabilitymanager.com) y en [SimpleVulnerabilityManager.com](https://simplevulnerabilitymanager.com/) 113 | 114 | # Autor 115 | Ulises Cuñe [www.ulises2k.com.ar](https://www.ulises2k.com.ar) 116 | 117 | -------------------------------------------------------------------------------- /README_en.md: -------------------------------------------------------------------------------- 1 | [Spanish](README.md) | English | [Russian](README_rus.md) 2 | 3 | # Simple Vulnerability Manager 4 | 5 | [![](https://img.shields.io/github/release/simplevulnerabilitymanager/svm.svg)](https://github.com/simplevulnerabilitymanager/svm/releases/tag/v2.1.0) 6 | 7 | 8 | # Description 9 | Simple Vulnerability Manager is the perfect tool for any vulnerability analyst. Just a couple of clicks and it will be possible to carry out full analyzes on system’s the weaknesses and generate reports on them that will help to understand them and solve the different problems that these vulnerabilities may be causing. 10 | 11 | This application includes a database that contains the most recognised vulnerabilities that a computer can suffer, organized in **Web Scanners**, **Service Scanners**, **Static Scanners** and **Mobile**. Within these sections, along with the relevant vulnerability, users can find a brief description that specifies what creates the problem, the impact it has on the system and the steps to be followed to solve it. 12 | 13 | 14 | One of the most interesting features of Simple Vulnerability Manager is the ability to create and manage projects to clients. These projects will be used to add personalized comments and screenshots that will serve as an individual evidence for each of the vulnerabilities that have been detected on the web and IP addresses. 15 | 16 | 17 | # Installation 18 | It's easy and simple, just download the installer from https://github.com/simplevulnerabilitymanager/svm/releases and follow the instructions. You do not have to configure anything, so you can start using it immediately. 19 | 20 | 21 | # Screenshots 22 | 23 | ![Screenshot](svm_screenshot1.png) 24 | Main screen 25 | 26 | ![Screenshot](svm_screenshot2.png) 27 | List of vulnerabilities available to add to the project. 28 | 29 | 30 | # Tools 31 | 32 | Simple Vulnerability Manager integrates easily with the following list of external tools and It’s able to execute them quickly with a single click, allowing you to save time in the execution of the automated scans. 33 | 34 | **Web Scanner** 35 | 36 | * [Acunetix](https://www.acunetix.com/) 37 | 38 | * [Burpsuite](https://portswigger.net/burp) 39 | 40 | * [Netsparker](https://www.netsparker.com/) 41 | 42 | * [Arachni Web Application](https://www.arachni-scanner.com/) 43 | 44 | **Services Scanner** 45 | 46 | * [Qualys Community](https://www.qualys.com/community-edition/) y Qualys Enterprise 47 | 48 | * [Nessus](https://www.tenable.com/products/nessus/nessus-professional) 49 | 50 | * [OpenVAS](http://www.openvas.org/) 51 | 52 | * [Nmap](https://nmap.org/) 53 | 54 | **Android Tools** 55 | 56 | * [ApkTools](https://ibotpeaches.github.io/Apktool/) 57 | 58 | * [Enjarify](https://github.com/google/enjarify) 59 | 60 | * [JD-Gui](http://jd.benow.ca/) 61 | 62 | * [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) 63 | 64 | * [QARK](https://github.com/linkedin/qark) 65 | 66 | * [AndroBugs_Framework](https://github.com/AndroBugs/AndroBugs_Framework) 67 | 68 | * [Uber Apk Signer](https://github.com/patrickfav/uber-apk-signer) 69 | 70 | **Information Tools** 71 | 72 | * [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) 73 | 74 | * [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) 75 | 76 | # Frequently Asked Questions and Answers (FAQ) 77 | 78 | [Wiki](https://github.com/simplevulnerabilitymanager/svm/wiki) 79 | 80 | # Presentations 81 | 82 | Simple Vulnerability Manager was presented at the following Computer Security Conferences 83 | 84 | 85 | * [Ekoparty Security Conference](https://www.ekoparty.org) : Ekolabs [2016](https://twitter.com/SimpleVulnManag/status/792072988204134402) 86 | 87 | * [Andsec Security Conference](https://www.andsec.org) : [2017](https://twitter.com/SimpleVulnManag/status/871576216112963586) 88 | 89 | * [Spotify - Secure Podcast](https://open.spotify.com/episode/76DLj25Z3gWWFnfTlbpNrN): Episodio 012 (Minuto 48:40) - Las Vegas [2018](https://open.spotify.com/episode/76DLj25Z3gWWFnfTlbpNrN) 90 | 91 | 92 | # Links 93 | 94 | Follow me on social networks to be aware of the news 95 | 96 | * Twitter: [@SimpleVulnManag](https://twitter.com/SimpleVulnManag) [![](https://img.shields.io/twitter/follow/SimpleVulnManag.svg?label=Follow&style=social)](https://twitter.com/SimpleVulnManag) 97 | 98 | * Facebook: [@SimpleVulnerabilityManager](https://www.facebook.com/simplevulnerabilitymanager) 99 | 100 | * Instagram: [@SimpleVulnerabilityManager](https://www.instagram.com/simplevulnerabilitymanager/) 101 | 102 | * Youtube: [Canal](https://www.youtube.com/channel/UCDXH-m2SqQsnb91UUsQxlrQ?view_as=subscriber) 103 | 104 | * GitHub: ![Watching](watch_git.jpg) 105 | 106 | * Homepage: [SimpleVulnerabilityManager.com](https://simplevulnerabilitymanager.com/) 107 | 108 | 109 | # License 110 | Only the scripts for Windows (.bat) and the scripts for Linux (.sh) are OpenSource with GPL license, the rest of the programs have their respective licenses. 111 | 112 | The executable "svm.exe" is a freeware license and should only be used for personal use. For use in companies, the **Pro** license must be purchased from SVM. More info to [contacto@simplevulnerabilitymanager.com](mailto:contacto@simplevulnerabilitymanager.com) and at [SimpleVulnerabilityManager.com](https://simplevulnerabilitymanager.com/) 113 | 114 | # Author 115 | Ulises Cuñe [www.ulises2k.com.ar](https://www.ulises2k.com.ar) 116 | 117 | -------------------------------------------------------------------------------- /README_rus.md: -------------------------------------------------------------------------------- 1 | [Spanish](README.md) | [English](README_en.md) | Russian 2 | 3 | # Simple Vulnerability Manager 4 | 5 | [![](https://img.shields.io/github/release/simplevulnerabilitymanager/svm.svg)](https://github.com/simplevulnerabilitymanager/svm/releases/tag/v2.1.0) 6 | 7 | 8 | # описание 9 | Simple Vulnerability Manager - это идеальный инструмент для любого аналитика уязвимостей, поскольку всего за пару щелчков мыши можно выполнить полный анализ слабых мест системы и создать отчеты по ним, которые помогут понять и решить различные проблемы Эти уязвимости могут быть причиной. 10 | 11 | 12 | Это приложение включает в себя базу данных, которая содержит подавляющее большинство уязвимостей, от которых может пострадать компьютер, и состоит из **веб-сканеров**, **сервисных сканеров**, **статических сканеров** и **мобильных** В этих разделах наряду с соответствующей уязвимостью пользователи могут найти краткое описание, в котором указано, что создает проблему, влияние, которое она оказывает на систему, и действия, которые необходимо предпринять для ее решения. 13 | 14 | 15 | Одной из наиболее интересных функций Simple Vulnerability Manager является возможность создавать и управлять проектами для клиентов, за которыми следят. Эти проекты будут использоваться для добавления персонализированных комментариев и скриншотов, которые будут использоваться в качестве отдельного теста для каждой из уязвимостей, обнаруженных в Интернете и IP-адресах. 16 | 17 | 18 | # установка 19 | Это очень просто, загрузите установщик с https://github.com/simplevulnerabilitymanager/svm/releases и следуйте инструкциям. Вам не нужно ничего настраивать, чтобы сразу начать использовать. 20 | 21 | 22 | # Скриншоты 23 | 24 | ![Screenshot](svm_screenshot1.png) 25 | Главный экран 26 | 27 | ![Screenshot](svm_screenshot2.png) 28 | Список уязвимостей, доступных для добавления в проект. 29 | 30 | 31 | # Tools 32 | 33 | Simple Vulnerability Manager интегрируется со всеми перечисленными ниже внешними инструментами, чтобы иметь возможность быстро выполнять их одним щелчком мыши, что позволяет сэкономить время при выполнении автоматического сканирования. 34 | 35 | **Web Scanner** 36 | 37 | * [Acunetix](https://www.acunetix.com/) 38 | 39 | * [Burpsuite](https://portswigger.net/burp) 40 | 41 | * [Netsparker](https://www.netsparker.com/) 42 | 43 | * [Arachni Web Application](https://www.arachni-scanner.com/) 44 | 45 | **Services Scanner** 46 | 47 | * [Qualys Community](https://www.qualys.com/community-edition/) y Qualys Enterprise 48 | 49 | * [Nessus](https://www.tenable.com/products/nessus/nessus-professional) 50 | 51 | * [OpenVAS](http://www.openvas.org/) 52 | 53 | * [Nmap](https://nmap.org/) 54 | 55 | **Android Tools** 56 | 57 | * [ApkTools](https://ibotpeaches.github.io/Apktool/) 58 | 59 | * [Enjarify](https://github.com/google/enjarify) 60 | 61 | * [JD-Gui](http://jd.benow.ca/) 62 | 63 | * [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) 64 | 65 | * [QARK](https://github.com/linkedin/qark) 66 | 67 | * [AndroBugs_Framework](https://github.com/AndroBugs/AndroBugs_Framework) 68 | 69 | * [Uber Apk Signer](https://github.com/patrickfav/uber-apk-signer) 70 | 71 | **Information Tools** 72 | 73 | * [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) 74 | 75 | * [EyeWitness](https://github.com/ChrisTruncer/EyeWitness) 76 | 77 | # Часто задаваемые вопросы и ответы (FAQ) 78 | 79 | [Wiki](https://github.com/simplevulnerabilitymanager/svm/wiki) 80 | 81 | # презентации 82 | 83 | Simple Vulnerability Manager был представлен на следующих конференциях по компьютерной безопасности 84 | 85 | * [Ekoparty Security Conference](https://www.ekoparty.org) : Ekolabs [2016](https://twitter.com/SimpleVulnManag/status/792072988204134402) 86 | 87 | * [Andsec Security Conference](https://www.andsec.org) : [2017](https://twitter.com/SimpleVulnManag/status/871576216112963586) 88 | 89 | * [Spotify - Secure Podcast](https://open.spotify.com/episode/76DLj25Z3gWWFnfTlbpNrN): Episodio 012 (Minuto 48:40) - Las Vegas [2018](https://open.spotify.com/episode/76DLj25Z3gWWFnfTlbpNrN) 90 | 91 | 92 | # Links 93 | 94 | Следите за мной в социальных сетях, чтобы быть в курсе новостей 95 | 96 | * Twitter: [@SimpleVulnManag](https://twitter.com/SimpleVulnManag) [![](https://img.shields.io/twitter/follow/SimpleVulnManag.svg?label=Follow&style=social)](https://twitter.com/SimpleVulnManag) 97 | 98 | * Facebook: [@SimpleVulnerabilityManager](https://www.facebook.com/simplevulnerabilitymanager) 99 | 100 | * Instagram: [@SimpleVulnerabilityManager](https://www.instagram.com/simplevulnerabilitymanager/) 101 | 102 | * Youtube: [Canal](https://www.youtube.com/channel/UCDXH-m2SqQsnb91UUsQxlrQ?view_as=subscriber) 103 | 104 | * GitHub: ![Watching](watch_git.jpg) 105 | 106 | * Homepage: [SimpleVulnerabilityManager.com](https://simplevulnerabilitymanager.com/) 107 | 108 | 109 | # лицензия 110 | Только сценарии для Windows (.bat) и сценарии для Linux (.sh) являются OpenSource с лицензией GPL, остальные программы имеют соответствующие лицензии. 111 | 112 | Исполняемый файл "svm.exe" является бесплатной лицензией и должен использоваться только для личного использования. Для использования в компаниях лицензия **Pro** должна быть приобретена у SVM. Более подробную информацию можно получить по адресу [contacto@simplevulnerabilitymanager.com] (mailto: contacto@simplevulnerabilitymanager.com) и по адресу [SimpleVulnerabilityManager.com] (https://simplevulnerabilitymanager.com/). 113 | 114 | # Author 115 | Ulises Cuñe [www.ulises2k.com.ar](https://www.ulises2k.com.ar) 116 | 117 | 118 | -------------------------------------------------------------------------------- /RPCPublicKey.DH: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/RPCPublicKey.DH -------------------------------------------------------------------------------- /Template_SVM.dotx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/Template_SVM.dotx -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-midnight -------------------------------------------------------------------------------- /acunetix_scan.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set DirApp=%2 5 | set URL=%3 6 | set Documentacion=%4 7 | set Timestamp=%5 8 | set NRO=%6 9 | 10 | 11 | set Documentacion=%Documentacion:"=% 12 | set DirApp=%DirApp:"=% 13 | 14 | set Proyecto=%Proyecto:"=% 15 | @title=[Acunetix Scan] - %Proyecto% - %URL% 16 | 17 | set /a SLEEP=%NRO%*20 18 | ping -n %SLEEP% 127.0.0.1 > NUL 19 | 20 | 21 | echo Escaneando... 22 | rem Acunetix v6.0 - 10.50 23 | set Doc1="%Documentacion%\AcunetixReport - %TimeStamp%-URL_%NRO%\" 24 | set Login="%Documentacion%\..\Login.lsr" 25 | :whileAcu1 26 | if exist "%DirApp%\wvs_console.exe" ( 27 | tasklist /FI "IMAGENAME eq wvs_console.exe" /NH | find /C "wvs_console.exe" > "%TEMP%\acunetix_scan_count_%Timestamp%-URL_%NRO%.txt" 28 | set /p CANT=<"%TEMP%\acunetix_scan_count_%Timestamp%-URL_%NRO%.txt" 29 | goto Acunetix1 30 | ) 31 | 32 | 33 | rem Acunetix v11.0 34 | set Doc2="%Documentacion%\AcunetixReport - %TimeStamp%-URL_%NRO%.wvs" 35 | set Login="%Documentacion%\Login.lsr" 36 | :whileAcu2 37 | if exist "%DirApp%\wvsc.exe" ( 38 | tasklist /FI "IMAGENAME eq wvsc.exe" /NH | find /C "wvsc.exe" > "%TEMP%\acunetix_scan_count_%Timestamp%-URL_%NRO%.txt" 39 | set /p CANT=<"%TEMP%\acunetix_scan_count_%Timestamp%-URL_%NRO%.txt" 40 | goto Acunetix2 41 | ) 42 | 43 | 44 | :Acunetix1 45 | if %CANT% GEQ 5 ( 46 | ping -n 61 127.0.0.1 > NUL && goto whileAcu1 47 | ) else ( 48 | mkdir %Doc1% 49 | "%DirApp%\wvs_console.exe" /Scan %URL% /Profile Default /Settings default /LoginSeq %Login% /Save /SaveFolder %Doc1% /SavetoDatabase /GenerateReporte /ReporteFormat PDF /Timestamps /Verbose --GetFirstOnly=FALSE --RobotsTxt=TRUE --UseWebKit=TRUE --EnablePortScanning=TRUE --UseAcuSensor=TRUE 50 | ) 51 | goto Fin 52 | 53 | 54 | 55 | :Acunetix2 56 | pause 57 | if %CANT% GEQ 5 ( 58 | ping -n 61 127.0.0.1 > NUL && goto whileAcu2 59 | ) else ( 60 | "%DirApp%\wvsc.exe" /scan %URL% /profile Default /status /login-sequence %Login% /allow-interactive-login /save %Doc2% 61 | ) 62 | goto Fin 63 | 64 | 65 | :Fin 66 | echo Finalizado 67 | del /F "%TEMP%\acunetix_scan_count_%Timestamp%-URL_%NRO%.txt" 68 | 69 | pause 70 | -------------------------------------------------------------------------------- /acunetix_v11_scan.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set URL=%2 5 | set APIURL=%3 6 | set APIKEY=%4 7 | set Documentacion=%5 8 | set Timestamp=%6 9 | set NRO=%7 10 | 11 | set Documentacion=%Documentacion:"=% 12 | set DocumentacionHTML="%Documentacion%\AcunetixReport - %Timestamp%.html" 13 | set DocumentacionPDF="%Documentacion%\AcunetixReport - %Timestamp%.pdf" 14 | 15 | set Proyecto=%Proyecto:"=% 16 | @title=[Acunetix Scan v11/v12] - %Proyecto% - %URL% 17 | 18 | set /a SLEEP=%NRO%*20 19 | ping -n %SLEEP% 127.0.0.1 > NUL 20 | 21 | 22 | rem Acunetix v11.0/v12.0 23 | rem Add Target 24 | "%~dp0curl.exe" -s -k -X POST -H "Content-Type: application/json" -H "X-Auth: %APIKEY%" -d "{\"address\":\"%URL%\",\"description\":\"%Proyecto%\",\"criticality\":\"10\"}" "%APIURL%/api/v1/targets" | "%~dp0jq-win32.exe" .target_id > "%TEMP%\acunetix11_add_target_%Timestamp%-URL_%NRO%.txt" 25 | set /p TARGET_ID=<"%TEMP%\acunetix11_add_target_%Timestamp%-URL_%NRO%.txt" 26 | set TARGET_ID=%TARGET_ID:"=% 27 | if /I %TARGET_ID% == null ( echo Error: Generando Target && pause && exit ) 28 | 29 | rem 2 Config Scan 30 | rem data = {"excluded_paths":["manager","phpmyadmin","testphp"],"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36","custom_headers":["Accept: */*","Connection: Keep-alive"],"custom_cookies":[{"url":url,"cookie":"UM_distinctid=15da1bb9287f05-022f43184eb5d5-30667808-fa000-15da1bb9288ba9; PHPSESSID=dj9vq5fso96hpbgkdd7ok9gc83"}],"scan_speed":"moderate","technologies":["PHP"],"proxy": {"enabled":False,"address":"127.0.0.1","protocol":"http","port":8080,"username":"aaa","password":"bbb"},"login":{"kind": "automatic","credentials": {"enabled": False,"username": "test","password": "test"}},"authentication":{"enabled":False,"username":"test","password":"test"}} 31 | rem "{\"excluded_paths\":[\"manager\",\"phpmyadmin\",\"testphp\"],\"user_agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\",\"custom_headers\":[\"Accept: */*\",\"Connection: Keep-alive\"],\"custom_cookies\":[{\"url\":url,\"cookie\":\"UM_distinctid=15da1bb9287f05-022f43184eb5d5-30667808-fa000-15da1bb9288ba9; PHPSESSID=dj9vq5fso96hpbgkdd7ok9gc83\"}],\"scan_speed\":\"moderate\",\"technologies\":[\"PHP\"],\"proxy\": {\"enabled\":False,\"address\":\"127.0.0.1\",\"protocol\":\"http\",\"port\":8080,\"username\":\"aaa\",\"password\":\"bbb\"},\"login\":{\"kind\": \"automatic\",\"credentials\": {\"enabled\": False,\"username\": \"test\",\"password\": \"test\"}},\"authentication\":{\"enabled\":False,\"username\":\"test\",\"password\":\"test\"}}" 32 | 33 | rem https://127.0.0.1:3443/api/v1/targets/9ddc2900-915b-4a47-8c0e-b592d23102de/configuration 34 | rem {"authentication": {"username": "test", "password": "test", "enabled": false}, "proxy": {"username": "aaa", "protocol": "http", "enabled": false, "address": "127.0.0.1", "password": "bbb", "port": 8080}, "custom_headers": ["Accept: */*", "Referer:http://testhtml5.vulnweb.com/", "Connection: Keep-alive"], "excluded_paths": ["manager", "phpmyadmin", "testphp"], "custom_cookies": [{"url": "http://testhtml5.vulnweb.com/", "cookie": "UM_distinctid=15da1bb9287f05-022f43184eb5d5-30667808-fa000-15da1bb9288ba9; PHPSESSID=dj9vq5fso96hpbgkdd7ok9gc83"}], "login": {"credentials": {"username": "test", "password": "test", "enabled": false}, "kind": "automatic"}, "technologies": ["PHP"], "scan_speed": "moderate", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"} 35 | rem {\"authentication\": {\"username\": \"test\", \"password\": \"test\", \"enabled\": false}, \"proxy\": {\"username\": \"aaa\", \"protocol\": \"http\", \"enabled\": false, \"address\": \"127.0.0.1\", \"password\": \"bbb\", \"port\": 8080}, \"custom_headers\": [\"Accept: */*\", \"Referer:http://testhtml5.vulnweb.com/\", \"Connection: Keep-alive\"], \"excluded_paths\": [\"manager\", \"phpmyadmin\", \"testphp\"], \"custom_cookies\": [{\"url\": \"http://testhtml5.vulnweb.com/\", \"cookie\": \"UM_distinctid=15da1bb9287f05-022f43184eb5d5-30667808-fa000-15da1bb9288ba9; PHPSESSID=dj9vq5fso96hpbgkdd7ok9gc83\"}], \"login\": {\"credentials\": {\"username\": \"test\", \"password\": \"test\", \"enabled\": false}, \"kind\": \"automatic\"}, \"technologies\": [\"PHP\"], \"scan_speed\": \"moderate\", \"user_agent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"} 36 | rem "%~dp0curl.exe" -k -X PATCH -H "Content-Type: application/json" -H "X-Auth: %APIKEY%" -d "{\"authentication\": {\"username\": \"test\", \"password\": \"test\", \"enabled\": false}, \"proxy\": {\"username\": \"aaa\", \"protocol\": \"http\", \"enabled\": false, \"address\": \"127.0.0.1\", \"password\": \"bbb\", \"port\": 8080}, \"custom_headers\": [\"Accept: */*\", \"Referer:http://testhtml5.vulnweb.com/\", \"Connection: Keep-alive\"], \"excluded_paths\": [\"manager\", \"phpmyadmin\", \"testphp\"], \"custom_cookies\": [{\"url\": \"http://testhtml5.vulnweb.com/\", \"cookie\": \"UM_distinctid=15da1bb9287f05-022f43184eb5d5-30667808-fa000-15da1bb9288ba9; PHPSESSID=dj9vq5fso96hpbgkdd7ok9gc83\"}], \"login\": {\"credentials\": {\"username\": \"test\", \"password\": \"test\", \"enabled\": false}, \"kind\": \"automatic\"}, \"technologies\": [\"PHP\"], \"scan_speed\": \"moderate\", \"user_agent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\"}" %APIURL%/api/v1/targets/%TARGET_ID%/configuration > configuracion_target.txt 37 | rem res = requests.patch(tarurl+"/api/v1/targets/"+str(target_id)+"/configuration",data=json.dumps(data),headers=headers,timeout=30*4,verify=False) 38 | 39 | rem List of built-in scanning profiles: 40 | rem Full Scan: 11111111-1111-1111-1111-111111111111 41 | rem High Risk Vulnerabilities: 11111111-1111-1111-1111-111111111112 42 | rem Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116 43 | rem SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113 44 | rem Weak Passwords: 11111111-1111-1111-1111-111111111115 45 | rem Crawl Only: 11111111-1111-1111-1111-111111111117 46 | 47 | rem Start Scan 48 | "%~dp0curl.exe" -s -D - -k -X POST -H "Content-Type: application/json" -H "X-Auth: %APIKEY%" -d "{\"profile_id\": \"11111111-1111-1111-1111-111111111111\", \"target_id\": \"%TARGET_ID%\", \"schedule\": {\"disable\": false, \"time_sensitive\": false, \"start_date\": null}}" "%APIURL%/api/v1/scans" > "%TEMP%\acunetix11_location_%Timestamp%-URL_%NRO%.txt" 49 | findstr /C:"Location:" "%TEMP%\acunetix11_location_%Timestamp%-URL_%NRO%.txt" > "%TEMP%\acunetix11_scan_id_%Timestamp%-URL_%NRO%.txt" 50 | set /p SCAN_ID=<"%TEMP%\acunetix11_scan_id_%Timestamp%-URL_%NRO%.txt" 51 | for %%g in (%SCAN_ID%) do set SCAN_ID=%%~nxg 52 | if /I %SCAN_ID% == null ( echo Error: Iniciando Scan && pause && exit ) 53 | 54 | 55 | rem 4 Get Status Scans 56 | echo Escaneando... 57 | :scan1 58 | "%~dp0curl.exe" -s -k -H "Content-Type: application/json" -H "X-Auth: %APIKEY%" "%APIURL%/api/v1/scans/%SCAN_ID%" | "%~dp0jq-win32.exe" .current_session.status > "%TEMP%\acunetix11_current_session_status_%Timestamp%-URL_%NRO%.txt" 59 | set /p SCAN_STATUS=<"%TEMP%\acunetix11_current_session_status_%Timestamp%-URL_%NRO%.txt" 60 | for %%g in (%SCAN_STATUS%) do set SCAN_STATUS=%%~nxg 61 | if /I %SCAN_STATUS% == null ( echo Error: Se detuvo el escaneo && pause && exit ) 62 | if "%SCAN_STATUS%" == "failed" ( echo Error: Error en el escaneo && pause && exit ) 63 | if "%SCAN_STATUS%" == "aborting" ( echo Error: Scaneo detenido && pause && exit ) 64 | if "%SCAN_STATUS%" == "completed" ( echo: ) else ( ping -n 61 127.0.0.1 > NUL && time /T && goto :scan1 ) 65 | rem aborting 66 | rem completed 67 | rem failed 68 | rem processing 69 | rem queued 70 | rem scheduled 71 | rem starting 72 | 73 | 74 | 75 | rem List of built-in report templates and their IDs: 76 | rem Developer: 11111111-1111-1111-1111-111111111111 77 | rem Quick: 11111111-1111-1111-1111-111111111112 78 | rem Executive Summary: 11111111-1111-1111-1111-111111111113 79 | rem HIPAA: 11111111-1111-1111-1111-111111111114 80 | rem Affected Items: 11111111-1111-1111-1111-111111111115 81 | rem Scan Comparison: 11111111-1111-1111-1111-111111111124 82 | rem CWE 2011: 11111111-1111-1111-1111-111111111116 83 | rem ISO 27001: 11111111-1111-1111-1111-111111111117 84 | rem NIST SP800 53: 11111111-1111-1111-1111-111111111118 85 | rem OWASP Top 10 2013: 11111111-1111-1111-1111-111111111119 86 | rem OWASP Top 10 2017: 11111111-1111-1111-1111-111111111125 87 | rem PCI DSS 3.2: 11111111-1111-1111-1111-111111111120 88 | rem Sarbanes Oxley: 11111111-1111-1111-1111-111111111121 89 | rem STIG DISA: 11111111-1111-1111-1111-111111111122 90 | rem WASC Threat Classification: 11111111-1111-1111-1111-111111111123 91 | 92 | rem Generate Report 93 | echo Generando Reporte... 94 | "%~dp0curl.exe" -s -D - -k -X POST -H "Content-Type: application/json" -H "X-Auth: %APIKEY%" -d "{\"template_id\":\"11111111-1111-1111-1111-111111111115\",\"source\":{\"list_type\":\"scans\",\"id_list\":[\"%SCAN_ID%\"]}}" "%APIURL%/api/v1/reports" > "%TEMP%\acunetix11_location_report_%Timestamp%-URL_%NRO%.txt" 95 | findstr /C:"Location:" "%TEMP%\acunetix11_location_report_%Timestamp%-URL_%NRO%.txt" > "%TEMP%\acunetix11_report_id_%Timestamp%-URL_%NRO%.txt" 96 | set /p REPORT_ID=<"%TEMP%\acunetix11_report_id_%Timestamp%-URL_%NRO%.txt" 97 | for %%g in (%REPORT_ID%) do set REPORT_ID=%%~nxg 98 | if /I %REPORT_ID% == null ( echo Error: No se genero el Reporte && pause && exit ) 99 | 100 | rem Get Status Report 101 | :doc1 102 | "%~dp0curl.exe" -s -k -H "Content-Type: application/json" -H "X-Auth: %APIKEY%" "%APIURL%/api/v1/reports/%REPORT_ID%" > "%TEMP%\acunetix11_report_status_%Timestamp%-URL_%NRO%.txt" 103 | type "%TEMP%\acunetix11_report_status_%Timestamp%-URL_%NRO%.txt" | "%~dp0jq-win32.exe" .status > "%TEMP%\acunetix11_report_field_status_%Timestamp%-URL_%NRO%.txt" 104 | set /p REPORT_STATUS=<"%TEMP%\acunetix11_report_field_status_%Timestamp%-URL_%NRO%.txt" 105 | if %REPORT_STATUS% == "completed" ( echo: ) else ( ping -n 11 127.0.0.1 > NUL && echo . && goto :doc1 ) 106 | 107 | rem Get URL download files(HTML/PDF) 108 | type "%TEMP%\acunetix11_report_status_%Timestamp%-URL_%NRO%.txt" | "%~dp0jq-win32.exe" .download[0] > "%TEMP%\acunetix11_report_download_html_%Timestamp%-URL_%NRO%.txt" 109 | type "%TEMP%\acunetix11_report_status_%Timestamp%-URL_%NRO%.txt" | "%~dp0jq-win32.exe" .download[1] > "%TEMP%\acunetix11_report_download_pdf_%Timestamp%-URL_%NRO%.txt" 110 | 111 | rem Parse download link HTML 112 | for /f "tokens=* delims=" %%a in ( 'type "%TEMP%\acunetix11_report_download_html_%Timestamp%-URL_%NRO%.txt"') do ( set DOWNLOAD_HTML=%%a && goto _ExitForHTML ) 113 | :_ExitForHTML 114 | set DOWNLOAD_HTML=%DOWNLOAD_HTML:"=% 115 | 116 | rem Parse download link PDF 117 | for /f "tokens=* delims=" %%a in ( 'type "%TEMP%\acunetix11_report_download_pdf_%Timestamp%-URL_%NRO%.txt"' ) do ( set DOWNLOAD_PDF=%%a && goto _ExitForPDF ) 118 | :_ExitForPDF 119 | set DOWNLOAD_PDF=%DOWNLOAD_PDF:"=% 120 | 121 | 122 | 123 | rem Download Files 124 | "%~dp0curl.exe" -s -k -H "X-Auth: %APIKEY%" "%APIURL%%DOWNLOAD_HTML%" -o %DocumentacionHTML% && echo %DocumentacionHTML% && start "" /WAIT /I ""%DocumentacionHTML%"" 125 | "%~dp0curl.exe" -s -k -H "X-Auth: %APIKEY%" "%APIURL%%DOWNLOAD_PDF%" -o %DocumentacionPDF% && echo %DocumentacionPDF% 126 | 127 | del /F "%TEMP%\acunetix11_add_target_%Timestamp%-URL_%NRO%.txt" 128 | del /F "%TEMP%\acunetix11_location_%Timestamp%-URL_%NRO%.txt" 129 | del /F "%TEMP%\acunetix11_scan_id_%Timestamp%-URL_%NRO%.txt" 130 | del /F "%TEMP%\acunetix11_current_session_status_%Timestamp%-URL_%NRO%.txt" 131 | del /F "%TEMP%\acunetix11_report_id_%Timestamp%-URL_%NRO%.txt" 132 | del /F "%TEMP%\acunetix11_report_status_%Timestamp%-URL_%NRO%.txt" 133 | del /F "%TEMP%\acunetix11_report_download_html_%Timestamp%-URL_%NRO%.txt" 134 | del /F "%TEMP%\acunetix11_report_download_pdf_%Timestamp%-URL_%NRO%.txt" 135 | 136 | pause -------------------------------------------------------------------------------- /androbugs_framework.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set PathAPK=%1 4 | set FileApk=%2 5 | set Timestamp=%3 6 | set Documentacion=%4 7 | set DirApp=%5 8 | set Server=%6 9 | set Username=%7 10 | set Password=%8 11 | 12 | 13 | set PathAPK=%PathAPK:"=% 14 | set FileApk=%FileApk:"=% 15 | set DirApp=%DirApp:"=% 16 | set Documentacion=%Documentacion:"=% 17 | set Documentacion="%Documentacion%\AndroBugs_Framework - %FileApk%_%Timestamp%.txt" 18 | 19 | @title=[AndroBugs_Framework] - %FileApk% 20 | 21 | rem $git clone https://github.com/AndroBugs/AndroBugs_Framework 22 | "%~dp0plink.exe" -P 22 -ssh -l %Username% -pw %Password% -C %Server% "mkdir '/tmp/%Timestamp%'" 23 | "%~dp0pscp.exe" -l %Username% -pw %Password% -C "%PathAPK%" %Server%:"/tmp/%Timestamp%/%FileApk%_%Timestamp%.apk" 24 | "%~dp0plink.exe" -P 22 -ssh -l %Username% -pw %Password% -C %Server% "cd '%DirApp%' ; python ./androbugs.py -f '/tmp/%Timestamp%/%FileApk%_%Timestamp%.apk' -e 2 -o '/tmp/%Timestamp%'" 25 | 26 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/%Timestamp%/*.txt" %Documentacion% 27 | "%~dp0plink.exe" -P 22 -ssh -l %Username% -pw %Password% -C %Server% "rm -f '/tmp/%Timestamp%/'" 28 | 29 | echo %Documentacion% 30 | pause 31 | 32 | 33 | -------------------------------------------------------------------------------- /android_comandos.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | rem https://developer.android.com/studio/command-line/adb.html 3 | setlocal 4 | cd "%~dp0adb\windows\" 5 | %* 6 | pause -------------------------------------------------------------------------------- /apk_install_local.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set PathAPK=%1 4 | set FileAPK=%2 5 | set Timestamp=%3 6 | set Documentacion=%4 7 | 8 | 9 | set Documentacion=%Documentacion:"=% 10 | set Documentacion="%Documentacion%\apk_install - %Timestamp%.txt" 11 | 12 | @title=[ADB] 13 | 14 | rem date /T > %Documentacion% 15 | rem time /T >> %Documentacion% 16 | echo Kill-server 17 | "%~dp0adb\windows\adb.exe" kill-server 18 | rem >> %Documentacion% 19 | echo Start-server 20 | "%~dp0adb\windows\adb.exe" start-server 21 | rem >> %Documentacion% 22 | echo Installing... 23 | "%~dp0adb\windows\adb.exe" install %PathAPK% 24 | rem >> %Documentacion% 25 | echo Done 26 | rem notepad %Documentacion% 27 | pause 28 | 29 | -------------------------------------------------------------------------------- /apk_install_remote.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set PathAPK=%1 4 | set FileAPK=%2 5 | set Timestamp=%3 6 | set Documentacion=%4 7 | set Server=%5 8 | set Port=%6 9 | 10 | 11 | set Documentacion=%Documentacion:"=% 12 | set Documentacion="%Documentacion%\apk_install_remoto - %Timestamp%.txt" 13 | 14 | @title=[ADB-Remoto] 15 | 16 | echo Connectando... 17 | "%~dp0adb\windows\adb.exe" connect %Server%:%Port% 18 | echo Installing... 19 | "%~dp0adb\windows\adb.exe" install %PathAPK% 20 | 21 | pause 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /apk_sign_local.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set AppExe=%1 4 | set PathAPK=%2 5 | rem Generar el certificado 6 | rem del /f keystore.ks 7 | rem "c:\Program Files\Java\jre1.8.0_161\bin\keytool.exe" -genkey -keystore keystore.ks -alias android -keyalg RSA -keysize 2048 -validity 365 -dname "C=US, O=Android, CN=Android Debug" 8 | 9 | rem Firmar el apk 10 | rem "c:\Program Files\Java\jdk1.8.0_101\bin\jarsigner.exe" -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore keystore.ks %PathAPK% android 11 | rem $ java -Xmx256m -jar C:/Users/u544786/.apkstudio/vendor/uber-apk-signer.jar --debug -ks "c:/pentest/Android/keystore.ks" --ksPass Ulises2k --ksKeyPass Ulises2k -a "c:/pentest/Android/Android_test.apk" --ksAlias android --overwrite --allowResign 12 | rem "c:\android\sdk\build-tools\21.1.2\zipalign.exe" -c -v 4 %PathAPK% 13 | 14 | java.exe -jar %AppExe% -a %PathAPK% --overwrite 15 | echo %PathAPK% 16 | pause 17 | -------------------------------------------------------------------------------- /apktool_build_local.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set AppExe=%1 4 | set PathDirAPK=%2 5 | set AppExeSign=%3 6 | 7 | rem Editar segun corresponda al entorno 8 | rem "c:\Program Files\Java\jre1.8.0_171\bin\java.exe" 9 | set JAVA="java.exe" 10 | set PathDirAPK=%PathDirAPK:"=% 11 | if %PathDirAPK:~-1% == \ set PathDirAPK=%PathDirAPK:~0,-1% 12 | for %%i in (%PathDirAPK%) do set LastDirAPK=%%~nxi 13 | 14 | @title=[Apktool_Build - Local] - %PathDirAPK% 15 | 16 | rem curl.exe https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.3.3.jar 17 | %JAVA% -jar %AppExe% b "%PathDirAPK%" 18 | 19 | set PathDirAPK=%PathDirAPK:"=% 20 | echo "%PathDirAPK%\dist\%LastDirAPK%.apk" 21 | 22 | :retry 23 | echo Want to sign the apk? 24 | set /p respuesta="Yes/No(y/n)" 25 | if %respuesta% == y ( 26 | call apk_sign_local.bat %AppExeSign% "%PathDirAPK%\dist\%LastDirAPK%.apk" 27 | ) else ( 28 | if %respuesta% == n ( 29 | goto :fin 30 | ) else ( 31 | goto :retry 32 | ) 33 | ) 34 | :fin 35 | 36 | -------------------------------------------------------------------------------- /apktool_decode_local.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set AppExe=%1 4 | set PathAPK=%2 5 | rem Expands %~n3 to a file name only 6 | set FileApk=%~n3 7 | set Timestamp=%4 8 | set Documentacion=%5 9 | 10 | rem Editar segun corresponda al entorno 11 | set JAVA="java.exe" 12 | 13 | set FileApk=%FileApk:"=% 14 | set Documentacion=%Documentacion:"=% 15 | 16 | @title=[Apktool - Local] - %FileApk% 17 | 18 | rem curl.exe https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.3.3.jar 19 | 20 | rem mkdir "%Documentacion%\%FileApk%_%Timestamp%" 21 | rem cd "%Documentacion%\%FileApk%_%Timestamp%" 22 | copy %PathAPK% "%Documentacion%\%FileApk%_%Timestamp%.apk" 23 | %JAVA% -jar %AppExe% d "%Documentacion%\%FileApk%_%Timestamp%.apk" -o "%Documentacion%\%FileApk%_%Timestamp%" 24 | echo "%Documentacion%\%FileApk%_%Timestamp%" 25 | pause 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /apktool_decode_remote.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set PathAPK=%1 4 | set FileApk=%2 5 | set Timestamp=%3 6 | set Documentacion=%4 7 | set AppExe=%5 8 | set Server=%6 9 | set Username=%7 10 | set Password=%8 11 | 12 | rem Editar segun corresponda al entorno 13 | set JAVA=/usr/bin/java 14 | 15 | set PathAPK=%PathAPK:"=% 16 | set FileApk=%FileApk:"=% 17 | set AppExe=%AppExe:"=% 18 | set Documentacion=%Documentacion:"=% 19 | set Documentacion="%Documentacion%\ApktoolReport - %FileApk%_%Timestamp%.tar.gz" 20 | 21 | @title=[Apktool] - %FileApk% 22 | 23 | rem $wget https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.1.0.jar 24 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C "%PathAPK%" %Server%:"/tmp/%FileApk%_%Timestamp%.apk" 25 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "cd /tmp ; %JAVA% -jar '%AppExe%' d '/tmp/%FileApk%_%Timestamp%.apk'" 26 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "cd /tmp ; tar -cvzf 'ApktoolReport - %FileApk%_%Timestamp%.tar.gz' '%FileApk%_%Timestamp%.apk' '%FileApk%_%Timestamp%'" 27 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/ApktoolReport - %FileApk%_%Timestamp%.tar.gz" %Documentacion% 28 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "rm -fr '/tmp/ApktoolReport - %FileApk%_%Timestamp%.tar.gz' '/tmp/%FileApk%_%Timestamp%.apk' /tmp/1.apk" 29 | 30 | echo %Documentacion% 31 | pause 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /apktool_remote.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set PathAPK=%1 4 | set FileApk=%2 5 | set Timestamp=%3 6 | set Documentacion=%4 7 | set AppExe=%5 8 | set Server=%6 9 | set Username=%7 10 | set Password=%8 11 | 12 | rem Editar segun corresponda al entorno 13 | set JAVA=/usr/bin/java 14 | 15 | set PathAPK=%PathAPK:"=% 16 | set FileApk=%FileApk:"=% 17 | set AppExe=%AppExe:"=% 18 | set Documentacion=%Documentacion:"=% 19 | set Documentacion="%Documentacion%\ApktoolReport - %FileApk%_%Timestamp%.tar.gz" 20 | 21 | @title=[Apktool] - %FileApk% 22 | 23 | rem $wget https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.1.0.jar 24 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C "%PathAPK%" %Server%:"/tmp/%FileApk%_%Timestamp%.apk" 25 | "%~dp0plink.exe" -ssh -P 22 -l %Username% -pw %Password% -C %Server% "cd /tmp ; %JAVA% -jar '%AppExe%' d '/tmp/%FileApk%_%Timestamp%.apk'" 26 | "%~dp0plink.exe" -ssh -P 22 -l %Username% -pw %Password% -C %Server% "cd /tmp ; tar -cvzf '/tmp/ApktoolReport - %FileApk%_%Timestamp%.tar.gz' '%FileApk%_%Timestamp%.apk' '%FileApk%_%Timestamp%'" 27 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/ApktoolReport - %FileApk%_%Timestamp%.tar.gz" %Documentacion% 28 | "%~dp0plink.exe" -ssh -P 22 -l %Username% -pw %Password% -C %Server% "rm -fr '/tmp/ApktoolReport - %FileApk%_%Timestamp%' '/tmp/%FileApk%_%Timestamp%/' '/tmp/%FileApk%_%Timestamp%.apk'" 29 | 30 | echo %Documentacion% 31 | pause 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /arachni_scan_remote.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set URL=%2 5 | set Documentacion=%3 6 | set Timestamp=%4 7 | set NRO=%5 8 | set Server=%6 9 | set Username=%7 10 | set Password=%8 11 | 12 | @title=[Arachni] - %Proyecto% - %URL% 13 | rem ################################################################################# 14 | rem #Editar valores segun corresponda a la web 15 | rem 16 | rem Habilitar esto cuando tenga HTTP Authentication 17 | rem set http-username=Admin 18 | rem set http-password=Password 19 | rem --http-authentication-username=%http-username% --http-authentication-password=%http-password% 20 | 21 | set scope-exclude-pattern=Logout 22 | 23 | rem set plataform=linux,mysql,apache,php 24 | set plataform=windows,sql,iis,aspx 25 | rem arachni --platforms-list 26 | 27 | 28 | rem Plugin: login_script 29 | rem --plugin=login_script:script=/tmp/Login.txt 30 | rem 31 | rem Guardar esto en un archivo, llamado Login.txt y configurar los parametros 32 | rem With browser (slow) 33 | rem gem install watir-webdriver 34 | rem gem install selenium-webdriver 35 | rem ...................... 36 | rem -------------Login.txt----------------------------------------------- 37 | rem browser.goto 'http://testphp.acunetix.com/login.php' 38 | rem form = browser.form( id: 'loginform' ) 39 | rem form.text_field( name: 'uname' ).set 'test' 40 | rem form.text_field( name: 'pass' ).set 'test' 41 | rem form.submit 42 | rem framework.options.session.check_url = browser.url 43 | rem framework.options.session.check_pattern = /Logout/ 44 | rem -------------Login.txt----------------------------------------------- 45 | rem 46 | rem Without browser (fast) 47 | rem ...................... 48 | rem Guardar esto en un script y luego pasarlo como parametros al plugin 49 | rem -------------Login.txt----------------------------------------------- 50 | rem response = http.post( 'http://testphp.acunetix.com/login.php', 51 | rem parameters: { 52 | rem 'uname' => 'test', 53 | rem 'pass' => 'test' 54 | rem }, 55 | rem mode: :sync, 56 | rem update_cookies: true 57 | rem ) 58 | rem framework.options.session.check_url = to_absolute( response.headers.location, response.url ) 59 | rem framework.options.session.check_pattern = /Logout|Sign out|Cerrar Sesion/ 60 | rem -------------Login.txt----------------------------------------------- 61 | 62 | 63 | rem Plugin: autologin 64 | rem set LoginPage=%URL%/login.php 65 | rem --plugin=autologin:url=%LoginPage%,parameters='uname=test&pass=test',check='Logout|Sign out|Cerrar Sesion' 66 | rem ################################################################################# 67 | 68 | 69 | set User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 70 | 71 | set Proyecto=%Proyecto:"=% 72 | set Documentacion=%Documentacion:"=% 73 | set User-Agent=%User-Agent:"=% 74 | set User-Agent=%User-Agent:'=% 75 | 76 | 77 | copy "%~dp0Login_fast.rb" "%Documentacion%Login_fast.rb" 78 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C "%Documentacion%Login_fast.rb" %Server%:"/tmp/Login" 79 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "chmod 755 /tmp/Login" 80 | 81 | echo Escaneando... 82 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "arachni --output-verbose --output-only-positives --http-user-agent='%User-Agent%' --audit-links --audit-forms --audit-cookies --audit-headers --audit-jsons --audit-xmls --audit-ui-inputs --audit-ui-forms --checks=* --plugin=login_script:script=/tmp/Login --scope-exclude-pattern=%scope-exclude-pattern% --platforms=%plataform% --report-save-path='/tmp/ArachniReport - %Timestamp%.afr' %URL%" 83 | 84 | echo Generando Reporte... 85 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "arachni_reporter '/tmp/ArachniReport - %Timestamp%.afr' --reporter=html:outfile='/tmp/ArachniReport - %Timestamp%.zip'" 86 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/ArachniReport - %Timestamp%.zip" "%Documentacion%\ArachniReport - %Timestamp%.zip" 87 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "rm -fr '/tmp/Login' '/tmp/ArachniReport - %Timestamp%.zip' '/tmp/ArachniReport - %Timestamp%.afr'" 88 | 89 | echo "%Documentacion%\ArachniReport - %Timestamp%.zip" 90 | pause 91 | -------------------------------------------------------------------------------- /burpsuite_scan.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set burpsuite=%1 4 | set scheme=%2 5 | set fqdn=%3 6 | set port=%4 7 | set folder=%5 8 | set ext=%~x1 9 | 10 | @title=[Burpsuite Scan ] - %scheme%://%fqdn%:%port% 11 | 12 | echo Iniciando escaneo a %scheme%://%fqdn%:%port% 13 | 14 | echo Burpsuite Pro con Carbonator 15 | echo https://www.integrissecurity.com/index.php?resources=Carbonator 16 | 17 | if "%ext%" == ".jar" ( 18 | rem java -jar -Xmx2g %burpsuite% -Djava.awt.headless=true %scheme% %fqdn% %port% /%folder% 19 | java -jar -Xmx2g %burpsuite% %scheme% %fqdn% %port% %folder% 20 | ) 21 | 22 | if "%ext%" == ".exe" ( 23 | %burpsuite% %scheme% %fqdn% %port% %folder% 24 | ) 25 | 26 | pause -------------------------------------------------------------------------------- /cert_install.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set File=%1 4 | set Timestamp=%3 5 | 6 | rem https://www.sslshopper.com/ssl-converter.html 7 | rem Convert PEM/Base64 to DER/Binary 8 | rem openssl x509 -outform der -in certificate.pem -out certificate.der 9 | 10 | rem Convert DER/Binary to PEM/Base64 11 | rem openssl x509 -inform der -in certificate.der -out certificate.pem 12 | 13 | 14 | @title=[ADB-Install Certificate] 15 | 16 | "%~dp0adb\windows\adb.exe" kill-server 17 | "%~dp0adb\windows\adb.exe" start-server 18 | "%~dp0adb\windows\adb.exe" push %File% /sdcard/ 19 | echo "Once your phone is on, go to Settings -> Security -> Install from SD card." 20 | echo "Follow the on screen instructions, and reboot the device once it says the certificate has been installed." 21 | pause 22 | 23 | -------------------------------------------------------------------------------- /changelog.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/changelog.txt -------------------------------------------------------------------------------- /curl.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/curl.zip -------------------------------------------------------------------------------- /enjarify_local.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set AppExe=%1 4 | set PathAPK=%2 5 | rem Expands %~n2 to a file name only 6 | set FileApk=%~n2 7 | set Timestamp=%3 8 | set Documentacion=%4 9 | 10 | set PathAPK=%PathAPK:"=% 11 | set FileApk=%FileApk:"=% 12 | set DirApp=%DirApp:"=% 13 | set Documentacion=%Documentacion:"=% 14 | set Documentacion="%Documentacion%\%FileApk%_%Timestamp%.jar" 15 | 16 | @title=[Enjarify] - %PathAPK% 17 | 18 | rem $git clone https://github.com/google/enjarify 19 | 20 | %AppExe% -o "%Documentacion%" "%PathAPK%" 21 | 22 | echo %Documentacion% 23 | pause 24 | 25 | -------------------------------------------------------------------------------- /enjarify_remote.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set DirApp=%1 4 | set PathAPK=%2 5 | set FileApk=%3 6 | set Timestamp=%4 7 | set Documentacion=%5 8 | set Server=%6 9 | set Username=%7 10 | set Password=%8 11 | 12 | set PathAPK=%PathAPK:"=% 13 | set FileApk=%FileApk:"=% 14 | set DirApp=%DirApp:"=% 15 | set Documentacion=%Documentacion:"=% 16 | set Documentacion="%Documentacion%\EnjarifyReport - %FileApk%_%Timestamp%.jar" 17 | 18 | @title=[Enjarify] - %FileApk% 19 | 20 | rem $git clone https://github.com/google/enjarify 21 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C "%PathAPK%" %Server%:"/tmp/%FileApk%_%Timestamp%.apk" 22 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "cd '%DirApp%' ; chmod 755 ./enjarify.sh ; ./enjarify.sh -o '/tmp/EnjarifyReport - %FileApk%_%Timestamp%.jar' '/tmp/%FileApk%_%Timestamp%.apk'" 23 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/EnjarifyReport - %FileApk%_%Timestamp%.jar" %Documentacion% 24 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "rm -f '/tmp/EnjarifyReport - %FileApk%_%Timestamp%.jar' '/tmp/%FileApk%_%Timestamp%.apk'" 25 | 26 | echo %Documentacion% 27 | pause 28 | 29 | -------------------------------------------------------------------------------- /install_upgrade_tools_local.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Tool=%1 4 | set UsoProxy=%2 5 | set ProxyIP=%3 6 | set ProxyPort=%4 7 | set ProxyUser=%5 8 | set ProxyPassword=%6 9 | 10 | if %UsoProxy% EQU 1 ( set Proxy=--proxy %ProxyIP%:%ProxyPort% --proxy-anyauth --proxy-user %ProxyUser%:%ProxyPassword% ) 11 | if %UsoProxy% EQU 0 ( set Proxy= ) 12 | 13 | @title=[Tools Instalar/Actualizar (Local) - %Tool%] 14 | 15 | if "%Tool%" == "Nmap" ( 16 | mkdir "%~dp0tools" 2>NUL 17 | mkdir "%~dp0tools\nmap" 2>NUL 18 | "%~dp0curl.exe" %Proxy% -o "%TEMP%\nmap-7.70-setup.exe" "https://nmap.org/dist/nmap-7.70-setup.exe" 19 | echo "%~dp0tools\nmap\nmap-7.70-setup.exe" 20 | start "" /WAIT /I ""%TEMP%\nmap-7.70-setup.exe"" 21 | ) 22 | 23 | if "%Tool%" == "GreenShot" ( 24 | start "" /WAIT /I ""http://getgreenshot.org/downloads/"" 25 | ) 26 | 27 | if "%Tool%" == "Enjarify" ( 28 | mkdir "%~dp0tools" 2>NUL 29 | mkdir "%~dp0tools\enjarify" 2>NUL 30 | "%~dp0curl.exe" %Proxy% -L -o "%~dp0\tools\enjarify\enjarify-1.0.3.zip" "https://github.com/google/enjarify/archive/1.0.3.zip" 31 | echo "Unzip the file %~dp0tools\enjarify\enjarify-1.0.3.zip" 32 | ) 33 | 34 | if "%Tool%" == "Apktool" ( 35 | mkdir "%~dp0tools" 2>NUL 36 | mkdir "%~dp0tools\apktool" 2>NUL 37 | "%~dp0curl.exe" %Proxy% -L -o "%~dp0\tools\apktool\apktool.jar" "https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.4.0.jar" 38 | echo "%~dp0tools\apktool\apktool.jar" 39 | ) 40 | 41 | if "%Tool%" == "UberApkSigner" ( 42 | mkdir "%~dp0tools" 2>NUL 43 | mkdir "%~dp0tools\uber-apk-signer" 2>NUL 44 | "%~dp0curl.exe" %Proxy% -L -o "%~dp0\tools\uber-apk-signer\uber-apk-signer.jar" "https://github.com/patrickfav/uber-apk-signer/releases/download/v1.0.0/uber-apk-signer-1.0.0.jar" 45 | echo "%~dp0tools\uber-apk-signer\uber-apk-signer.jar" 46 | ) 47 | 48 | if "%Tool%" == "Jdgui" ( 49 | mkdir "%~dp0tools" 2>NUL 50 | mkdir "%~dp0tools\jdgui" 2>NUL 51 | "%~dp0curl.exe" %Proxy% -L -o "%~dp0\tools\jdgui\jd-gui.jar" "https://github.com/java-decompiler/jd-gui/releases/download/v1.5.2/jd-gui-1.5.2.jar" 52 | "%~dp0curl.exe" %Proxy% -L -o "%~dp0\tools\jdgui\jd-gui-windows.zip" "https://github.com/java-decompiler/jd-gui/releases/download/v1.5.2/jd-gui-windows-1.5.2.zip" 53 | echo "%~dp0tools\jdgui\jd-gui.jar" 54 | echo "Unzip the file %~dp0tools\jdgui\jd-gui-windows.zip" 55 | ) 56 | 57 | rem ADB Android 58 | rem https://dl.google.com/android/repository/platform-tools-latest-windows.zip 59 | 60 | pause 61 | -------------------------------------------------------------------------------- /install_upgrade_tools_remoto.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Server=%1 4 | set Username=%2 5 | set Password=%3 6 | set Tool=%4 7 | 8 | @title=[Tools Instalar/Actualizar (Remoto) - %Tool%] 9 | 10 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C "%~dp0install_upgrade_tools_remoto.sh" %Server%:"/tmp/install_upgrade_tools_remoto_1.sh" 11 | if %ERRORLEVEL% NEQ 0 ( echo ---Error--- && pause && exit ) 12 | "%~dp0plink.exe" -no-antispoof -t -ssh -P 22 -l %Username% -pw %Password% -C %Server% "tr -d '\15\32' < /tmp/install_upgrade_tools_remoto_1.sh > /tmp/install_upgrade_tools_remoto.sh" 13 | "%~dp0plink.exe" -no-antispoof -t -ssh -P 22 -l %Username% -pw %Password% -C %Server% "chmod 755 /tmp/install_upgrade_tools_remoto.sh" 14 | "%~dp0plink.exe" -no-antispoof -t -ssh -P 22 -l %Username% -pw %Password% -C %Server% "if [ $(id -g) == 0 ] ; then /tmp/install_upgrade_tools_remoto.sh %Tool% ; else sudo -n -H /tmp/install_upgrade_tools_remoto.sh %Tool% ; fi" 15 | "%~dp0plink.exe" -no-antispoof -t -ssh -P 22 -l %Username% -pw %Password% -C %Server% "rm -fr /tmp/install_upgrade_tools_remoto_1.sh /tmp/install_upgrade_tools_remoto.sh" 16 | pause 17 | -------------------------------------------------------------------------------- /install_upgrade_tools_remoto.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Script que instala los programas que utiliza Simple Vulnerability Manager. 3 | # Instalar en Kali/Debian/Ubuntu 4 | # En Windows 10 con "Ubuntu 18.04" o "Kali" ejecutar antes: (Download from Microsoft Store) 5 | # 6 | # sudo apt-get install openssh-server 7 | # cd /etc/ssh/ 8 | # sudo /usr/bin/ssh-keygen -A 9 | # sudo service ssh --full-restart 10 | # 11 | # sudo nano /etc/ssh/sshd_config 12 | # Agregar lo siguiente: 13 | # ListenAddress 0.0.0.0 14 | # 15 | # Reiniciar el servicio 16 | # sudo service ssh --full-restart 17 | # sudo update-rc.d ssh enable 18 | # 19 | # Error: sudo: a password is required 20 | # FIX: 21 | # sudo visudo 22 | # ulises2k ALL=(ALL) NOPASSWD: ALL 23 | TOOL=$1 24 | 25 | export TERM=linux 26 | export DEBIAN_FRONTEND="noninteractive" 27 | #echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections 28 | #dpkg-reconfigure debconf 29 | 30 | userid=`id -u` 31 | if [ "${userid}" != '0' ]; then 32 | echo '[Error]: You must run this setup script with root privileges.' 33 | echo 34 | exit 1 35 | fi 36 | 37 | apt-get -yq update 38 | apt-get install git -y 39 | apt-get install wget -y 40 | apt-get install python -y 41 | apt-get install python3 -y 42 | apt-get install python3-dev -y 43 | apt-get install python3-pip -y 44 | apt-get install python3-dugong -y 45 | apt-get install python-pip -y 46 | apt-get install python-dev -y 47 | apt-get install build-essential -y 48 | apt-get install ruby -y 49 | apt-get install ruby-dev -y 50 | apt-get install rubygems-integration -y 51 | apt-get install rubygems -y 52 | apt-get install python-setuptools -y 53 | apt-get install gcc -y 54 | apt-get install gawk -y 55 | apt-get install original-awk -y 56 | apt-get install xmlstarlet -y 57 | apt-get install unzip -y 58 | #apt-get install basez -y 59 | 60 | #Web Scan Tools (Arachni) 61 | if [ $TOOL == "Arachni" ] || [ $TOOL == "Todas" ] ; then 62 | echo "===== Arachni =====" 63 | cd 64 | apt-get install libsqlite3-dev -y 65 | apt-get install libpq-dev -y 66 | apt-get install postgresql-server-dev-10 -y 67 | apt-get install default-libmysqlclient-dev -y 68 | apt-get install curl -y 69 | apt-get install libcurl3 -y 70 | apt-get install libcurl4-openssl-dev -y 71 | apt-get install arachni -y 72 | gem update 73 | gem install watir-webdriver 74 | gem install watir 75 | gem install selenium-webdriver 76 | gem install arachni-reactor 77 | gem install arachni-rpc 78 | fi 79 | 80 | 81 | #Information Tools (Recon-ng) 82 | if [ $TOOL == "Recon-ng" ] || [ $TOOL == "Todas" ] ; then 83 | echo "===== Recon-ng =====" 84 | cd 85 | apt-get install dos2unix -y 86 | apt-get install libxml2-dev -y 87 | apt-get install libxslt1-dev -y 88 | apt-get install zlib1g-dev -y 89 | git clone --depth 1 https://bitbucket.org/LaNMaSteR53/recon-ng 90 | #git clone --depth 1 https://github.com/lanmaster53/recon-ng 91 | if [ $? -ne 0 ] ; then 92 | cd recon-ng 93 | git pull 94 | pip install --upgrade -r REQUIREMENTS 95 | else 96 | cd recon-ng 97 | pip install --upgrade -r REQUIREMENTS 98 | fi 99 | fi 100 | 101 | #Information Tools (EyeWitness) 102 | if [ $TOOL == "EyeWitness" ] || [ $TOOL == "Todas" ] ; then 103 | echo "===== EyeWitness =====" 104 | cd 105 | apt-get install python-levenshtein 106 | pip install selenium==2.53.6 107 | git clone --depth 1 https://github.com/ChrisTruncer/EyeWitness 108 | if [ $? -ne 0 ] ; then 109 | cd EyeWitness 110 | git pull 111 | else 112 | cd EyeWitness 113 | cd setup 114 | chmod 755 setup.sh 115 | ./setup.sh 116 | fi 117 | 118 | fi 119 | 120 | 121 | #Service Scan Tools (OpenVAS) 122 | if [ $TOOL == "OpenVAS" ] || [ $TOOL == "Todas" ] ; then 123 | echo "===== OpenVAS =====" 124 | cd 125 | apt-get install sqlite3 -y 126 | apt-get install xsltproc -y 127 | apt-get install texlive-latex-base -y 128 | apt-get install texlive-latex-extra -y 129 | apt-get install texlive-fonts-recommended -y 130 | #apt-get install nsis -y 131 | apt-get install alien -y 132 | #apt-get install rpm -y 133 | #Tool Extras 134 | apt-get install nmap -y 135 | nmap --script-updatedb 136 | apt-get install nikto -y 137 | apt-get install ike-scan -y 138 | apt-get install lsof -y 139 | #apt-get install clamav -y 140 | #apt-get install clamav-data -y 141 | apt-get install pnscan -y 142 | apt-get install netdiag -y 143 | apt-get install ldapscripts -y 144 | apt-get install dirmngr -y 145 | apt-get install killall -y 146 | apt-get install hydra -y 147 | 148 | 149 | detectversionlinux=$(which lsb_release) 150 | if [ $? -ne 0 ] ; then 151 | apt-get install lsb-release -y 152 | fi 153 | 154 | lsb_release -d | grep "Kali" 155 | if [ $? -eq 0 ] ; then 156 | which openvasmd # para Kali 157 | if [ $? -ne 0 ] ; then 158 | apt-get install openvas openvas-manager openvas-manager-common openvas-cli openvas-scanner libopenvas9 greenbone-security-assistant greenbone-security-assistant-common -y 159 | dpkg --configure openvas 160 | openvas-setup 161 | #openvasmd --create-user=admin --role=Admin 162 | #openvasmd --user=admin --new-password=OpenVAS #Default password en SVM 163 | fi 164 | else 165 | CODENAME=$(lsb_release -c | awk '{ print $2}') 166 | cd /etc/apt/ 167 | grep -R mrazavi * 168 | if [ $? -ne 0 ] ; then 169 | echo "deb http://ppa.launchpad.net/mrazavi/openvas/ubuntu $CODENAME main" | tee /etc/apt/sources.list.d/openvas.list 170 | # OpenPGP keys: - https://launchpad.net/~mrazavi 171 | #apt-key adv --recv-key --keyserver keyserver.ubuntu.com 57A42CB9 172 | #apt-key adv --recv-key --keyserver keyserver.ubuntu.com 90A921F1 173 | #apt-key adv --recv-key --keyserver keyserver.ubuntu.com 4AA450E0 174 | apt-get install software-properties-common -y 175 | add-apt-repository ppa:mrazavi/openvas 176 | 177 | apt-get update 178 | 179 | apt-get install openvas9 -y 180 | apt-get install greenbone-security-assistant9 -y 181 | #openvasmd --create-user=admin --role=Admin 182 | #openvasmd --user=admin --new-password=OpenVAS #Default password en SVM 183 | fi 184 | fi 185 | 186 | cd 187 | 188 | # Configurar la Web de OpenVAS para poder acceder remotamente 189 | which ifconfig 190 | if [ $? -ne 0 ] ; then 191 | IP_ADDRESS=$(ip addr show | grep -Po 'inet \K[\d.]+' | grep -v 127.0.0.1 | head -1) 192 | else 193 | IP_ADDRESS=$(ifconfig | awk '{ print $2}' | grep -oE "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v 127.0.0.1 | head -1) 194 | fi 195 | 196 | which gsad 197 | if [ $? -eq 0 ] ; then 198 | if [ ! -z $IP_ADDRESS ] ; then 199 | sed -i s/--listen=127.0.0.1/--listen=$IP_ADDRESS/g /lib/systemd/system/greenbone-security-assistant.service 200 | systemctl daemon-reload 201 | /etc/init.d/greenbone-security-assistant restart 202 | fi 203 | fi 204 | 205 | /etc/init.d/redis-server start 206 | service greenbone-security-assistant start #Kali 207 | /etc/init.d/openvas-gsa start #Ubuntu 208 | service openvas-scanner start 209 | service openvas-manager start 210 | openvas-start #kali 211 | 212 | #User y Password default SVM 213 | openvasmd --create-user=admin --role=Admin 214 | openvasmd --user=admin --new-password=OpenVAS #Default password en SVM 215 | 216 | fi 217 | 218 | if [ $TOOL == "OpenVASPlugins" ] || [ $TOOL == "Todas" ] ; then 219 | echo "===== OpenVASPlugins =====" 220 | cd 221 | greenbone-certdata-sync; greenbone-nvt-sync ; greenbone-scapdata-sync 222 | openvas-nvt-sync ; openvas-scapdata-sync ; openvas-certdata-sync 223 | openvas-feed-update 224 | fi 225 | 226 | #Service Scan Tools (NessusPlugins) 227 | if [ $TOOL == "NessusPlugins" ] || [ $TOOL == "Todas" ] ; then 228 | echo "===== NessusPlugins =====" 229 | cd 230 | /opt/nessus/sbin/nessuscli update --plugins-only 231 | fi 232 | 233 | 234 | #Service Scan Tools (Nmap) 235 | if [ $TOOL == "Nmap" ] || [ $TOOL == "Todas" ] ; then 236 | echo "===== Nmap =====" 237 | cd 238 | apt-get install nmap -y 239 | nmap --script-updatedb 240 | fi 241 | 242 | 243 | #JAVA 244 | if [ $TOOL == "Java" ] || [ $TOOL == "Todas" ] ; then 245 | echo "===== Java =====" 246 | apt-get install openjdk-9-jdk -y 247 | if [ $? -ne 0 ] ; then 248 | apt-get install openjdk-8-jdk -y 249 | fi 250 | #mkdir /opt 251 | #Download java 252 | #http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html 253 | #tar -xzvf /opt/jdk-8u101-linux-x64.tar.gz 254 | #cd /opt/jdk-8u101 255 | 256 | #3.This step registers the downloaded version of Java as an alternative, and switches it to be used as the default: 257 | #update-alternatives --install /usr/bin/java java /opt/jdk1.7.0_17/bin/java 1 258 | #update-alternatives --install /usr/bin/javac javac /opt/jdk1.7.0_17/bin/javac 1 259 | #update-alternatives --install /usr/lib/mozilla/plugins/libjavaplugin.so mozilla-javaplugin.so /opt/jdk1.7.0_17/jre/lib/amd64/libnpjp2.so 1 260 | #update-alternatives --set java /opt/jdk1.7.0_17/bin/java 261 | #update-alternatives --set javac /opt/jdk1.7.0_17/bin/javac 262 | #update-alternatives --set mozilla-javaplugin.so /opt/jdk1.7.0_17/jre/lib/amd64/libnpjp2.so 263 | 264 | #4. Test 265 | #To check the version of Java you are now running 266 | java -version 267 | fi 268 | 269 | #Mobile Tools (AndroidSDK) 270 | if [ $TOOL == "AndroidSDK" ] || [ $TOOL == "Todas" ] ; then 271 | echo "===== AndroidSDK =====" 272 | cd 273 | apt-get install android-tools-adb -y 274 | 275 | mkdir androidsdk 276 | cd androidsdk 277 | if [ ! -f android-sdk_r24.4.1-linux.tgz ] ; then 278 | wget https://dl.google.com/android/android-sdk_r24.4.1-linux.tgz -O android-sdk_r24.4.1-linux.tgz 279 | tar -xvzf android-sdk_r24.4.1-linux.tgz 280 | cd android-sdk-linux 281 | 282 | echo "Ejecute en la terminal Linux el siguientes comandos:" 283 | echo "tools/android update sdk --no-ui" 284 | 285 | #wget https://dl.google.com/dl/android/studio/ide-zips/2.1.2.0/android-studio-ide-143.2915827-linux.zip -O android-studio-ide-143.2915827-linux.zip 286 | #unzip android-studio-ide-143.2915827-linux.zip 287 | #cd android-studio/bin 288 | fi 289 | fi 290 | 291 | #Mobile Tools (ApkTools) 292 | if [ $TOOL == "ApkTools" ] || [ $TOOL == "Todas" ] ; then 293 | echo "===== ApkTools =====" 294 | cd 295 | mkdir apktool 296 | cd apktool 297 | wget https://bitbucket.org/iBotPeaches/apktool/downloads/ -O index.html 298 | UltimaVersion=$(grep "apktool_" index.html | head -1 | awk -F '"' '{print $2}' | awk -F '/' '{print $5}') 299 | LinkDownload=$(grep "apktool_" index.html | head -1 | awk -F '"' '{print $2}') 300 | if [ ! -f $UltimaVersion ] ; then 301 | wget https://bitbucket.org$LinkDownload -O $UltimaVersion 302 | fi 303 | rm -fr index.html 304 | fi 305 | 306 | #Mobile Tools (Drozer) 307 | if [ $TOOL == "Drozer" ] || [ $TOOL == "Todas" ] ; then 308 | echo "===== Drozer =====" 309 | cd 310 | apt-get install protobuf-compiler -y 311 | apt-get install dex2jar -y 312 | apt-get install python-setuptools -y 313 | apt-get install python-yaml -y 314 | apt-get install python-service-identity -y 315 | pip install --upgrade pyopenssl 316 | rm -fr drozer #Opcional 317 | git clone --depth 1 https://github.com/mwrlabs/drozer 318 | if [ $? -ne 0 ] ; then 319 | cd drozer 320 | git pull 321 | make 322 | python setup.py build 323 | python setup.py install 324 | else 325 | cd drozer 326 | make 327 | python setup.py build 328 | python setup.py install 329 | fi 330 | fi 331 | 332 | #Mobile Tools (Enjarify) 333 | if [ $TOOL == "Enjarify" ] || [ $TOOL == "Todas" ] ; then 334 | echo "===== Enjarify =====" 335 | cd 336 | rm -fr enjarify #Opcional 337 | git clone --depth 1 https://github.com/Storyyeller/enjarify 338 | if [ $? -ne 0 ] ; then 339 | cd enjarify 340 | git pull 341 | fi 342 | fi 343 | 344 | #Mobile Tools (Qark) 345 | if [ $TOOL == "Qark" ] || [ $TOOL == "Todas" ] ; then 346 | echo "===== Qark =====" 347 | cd 348 | rm -fr qark #Opcional 349 | git clone --depth 1 https://github.com/linkedin/qark 350 | if [ $? -ne 0 ] ; then 351 | cd qark 352 | git pull 353 | pip install -r requirements.txt 354 | 355 | python ./setup.py install 356 | else 357 | cd qark 358 | 359 | cd $HOME/qark/ 360 | wget https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip -O sdk-tools-linux-4333796.zip 361 | unzip sdk-tools-linux-4333796.zip 362 | echo y | tools/android update sdk --no-ui 363 | 364 | pip install -r requirements.txt 365 | 366 | python ./setup.py install 367 | fi 368 | fi 369 | 370 | #Mobile Tools (MobSF) 371 | if [ $TOOL == "MobSF" ] || [ $TOOL == "Todas" ] ; then 372 | echo "===== MobSF =====" 373 | apt-get install libffi-dev -y 374 | apt-get install libtiff5-dev -y 375 | apt-get install libjpeg8-dev -y 376 | apt-get install zlib1g-dev -y 377 | apt-get install libfreetype6 -y 378 | apt-get install libfreetype6-dev -y 379 | apt-get install liblcms2-dev -y 380 | apt-get install libwebp-dev -y 381 | apt-get install tcl8.6-dev -y 382 | apt-get install tk8.6-dev -y 383 | apt-get install python-tk -y 384 | apt-get install libssl-dev -y 385 | apt-get install libjpeg62-dev -y 386 | apt-get install libjpeg62-turbo-dev -y 387 | apt-get install wkhtmltopdf -y 388 | apt-get install python3-django-wkhtmltopdf -y 389 | apt-get install python3-venv -y 390 | pip3 install --upgrade scrapy 391 | pip3 install --upgrade cryptography 392 | pip3 install --upgrade cffi 393 | pip3 install --upgrade pycparser 394 | pip3 install colorlog 395 | 396 | cd 397 | rm -fr Mobile-Security-Framework-MobSF #Opcional 398 | git clone --depth 1 https://github.com/ajinabraham/Mobile-Security-Framework-MobSF 399 | # wget https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/v0.9.3.tar.gz -O Mobile-Security-Framework-MobSF.tar.gz 400 | # git clone https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/tree/v0.9.3 401 | if [ $? -ne 0 ] ; then 402 | cd Mobile-Security-Framework-MobSF 403 | git pull 404 | pip install -r requirements.txt --upgrade 405 | python ./manage.py migrate 406 | ./setup.sh 407 | else 408 | cd Mobile-Security-Framework-MobSF 409 | pip install -r requirements.txt --upgrade 410 | ./setup.sh 411 | fi 412 | fi 413 | 414 | #Mobile Tools (AndroBugs_Framework) 415 | if [ $TOOL == "AndroBugs_Framework" ] || [ $TOOL == "Todas" ] ; then 416 | echo "===== AndroBugs_Framework =====" 417 | cd 418 | rm -fr AndroBugs_Framework #Opcional 419 | git clone --depth 1 https://github.com/AndroBugs/AndroBugs_Framework 420 | if [ $? -ne 0 ] ; then 421 | cd AndroBugs_Framework 422 | git pull 423 | fi 424 | fi 425 | 426 | #Restore 427 | #echo 'debconf debconf/frontend select Dialog' | debconf-set-selections 428 | echo "###################" 429 | echo " Termino" 430 | echo "###################" -------------------------------------------------------------------------------- /jd-gui.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set AppExe=%1 4 | set FileJar=%2 5 | 6 | @title=[JD-GUI] - %FileJar% 7 | %AppExe% %FileJar% 8 | -------------------------------------------------------------------------------- /jq-win32.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/jq-win32.zip -------------------------------------------------------------------------------- /libeay32.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/libeay32.zip -------------------------------------------------------------------------------- /mobsf.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set PathAPK=%1 4 | set FileApk=%2 5 | set Timestamp=%3 6 | set Documentacion=%4 7 | set Server=%5 8 | 9 | set PathAPK=%PathAPK:"=% 10 | set FileApk=%FileApk:"=% 11 | set Documentacion=%Documentacion:"=% 12 | set Documentacion="%Documentacion%\MobSFReport - %FileApk%_%Timestamp%.pdf" 13 | 14 | @title=[MobSF] - %FileApk% 15 | 16 | rem $git clone https://github.com/ajinabraham/Mobile-Security-Framework-MobSF 17 | rem Levantarlo: 18 | rem (windows) c:\python27\python.exe c:\MobSF\manage.py runserver 0.0.0.0:8000 19 | rem (linux) python ./manage.py runserver 0.0.0.0:8000 20 | 21 | "%~dp0curl.exe" -s -k "%Server%" 22 | if %ERRORLEVEL% NEQ 0 ( echo MobSF no iniciado. Inicie sesion por SSH a %Server% y ejecute && echo python /root/Mobile-Security-Framework-MobSF/manage.py runserver %Server% && pause && exit ) 23 | 24 | rem Peticion 1 25 | "%~dp0curl.exe" -k -H "Referer: %Server%" -D "%TEMP%\mobsf_auth_%Timestamp%.txt" "%Server%" > "%TEMP%\mobsf_token_1_%Timestamp%.txt" 26 | findstr /C:"X-CSRFToken" "%TEMP%\mobsf_token_1_%Timestamp%.txt" > "%TEMP%\mobsf_token_2_%Timestamp%.txt" 27 | set /p TOKEN=<"%TEMP%\mobsf_token_2_%Timestamp%.txt" 28 | FOR /F "tokens=1-2" %%A IN ("%TOKEN%") DO set TOKEN=%%B 29 | set TOKEN=%TOKEN:'=% 30 | set TOKEN=%TOKEN:)=% 31 | set TOKEN=%TOKEN:;=% 32 | 33 | rem Peticion 2 34 | "%~dp0curl.exe" -k -X POST -b "%TEMP%\mobsf_auth_%Timestamp%.txt" -H "X-CSRFToken: %TOKEN%" -H "Referer: %Server%" -F file="@%PathAPK%" "%Server%/upload/" | "%~dp0jq-win32.exe" .url > "%TEMP%\mobsf_json_%Timestamp%.txt" 35 | set /p requestId=<"%TEMP%\mobsf_json_%Timestamp%.txt" 36 | 37 | for /f "tokens=1,2,3 delims=:&" %%a in (%requestId%) do set getchecksum=%%c 38 | for /f "tokens=1,2 delims=:=" %%a in ("%getchecksum%") do set checksum=%%b 39 | 40 | rem Peticion 3 41 | "%~dp0curl.exe" -k -b "%TEMP%\mobsf_auth_%Timestamp%.txt" -H "Referer: %Server%" "%Server%/StaticAnalyzer/?name=%FileApk%&type=apk&checksum=%checksum%" > NUL 42 | 43 | rem Peticion 4 44 | "%~dp0curl.exe" -k -b "%TEMP%\mobsf_auth_%Timestamp%.txt" -H "Referer: %Server%/StaticAnalyzer/?name=%FileApk%&type=apk&checksum=%checksum%" "%Server%/PDF/?md5=%checksum%&type=APK" -o %Documentacion% 45 | 46 | del /F "%TEMP%\mobsf_auth_%Timestamp%.txt" 47 | del /F "%TEMP%\mobsf_token_1_%Timestamp%.txt" 48 | del /F "%TEMP%\mobsf_token_2_%Timestamp%.txt" 49 | del /F "%TEMP%\mobsf_json_%Timestamp%.txt" 50 | 51 | echo %Documentacion% 52 | start "" /WAIT /I ""%Documentacion%"" 53 | 54 | pause 55 | -------------------------------------------------------------------------------- /nessus_get_policies.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Server=%1 4 | set Port=%2 5 | set Username=%3 6 | set Password=%4 7 | set Timestamp=%5 8 | 9 | @title=[Nessus] - Obteniendo Templates 10 | 11 | echo Obteniendo Templates... 12 | 13 | "%~dp0curl.exe" -s -k "https://%Server%:%Port%/" > NUL 14 | if %ERRORLEVEL% NEQ 0 ( echo Nessus Service no iniciado. Loguearse por ssh a %Server% y ejecutar: && echo /etc/init.d/nessusd start && pause && exit ) 15 | 16 | rem Login 17 | "%~dp0curl.exe" -s -k -X POST -H "Content-Type: application/json" -H "Accept: text/plain" -d "{\"username\":\"%Username%\",\"password\":\"%Password%\"}" "https://%Server%:%Port%/session" | "%~dp0jq-win32.exe" .token > "%TEMP%\nessus_scan_token_%Timestamp%.txt" 18 | set /p TOKEN=<"%TEMP%\nessus_scan_token_%Timestamp%.txt" 19 | set TOKEN=%TOKEN:"=% 20 | if /I %TOKEN% == null ( echo Revise Usuario/Contraseña si son correctos && pause && exit ) 21 | 22 | rem "%~dp0curl.exe" -s -k -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" https://%Server%:%Port%/editor/scan/templates | "%~dp0jq-win32.exe" ".templates[].title" >> "%TEMP%\nessus_scan_policies_%Timestamp%.txt" 23 | "%~dp0curl.exe" -s -k -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" "https://%Server%:%Port%/policies" | "%~dp0jq-win32.exe" ".policies[].name" >> "%TEMP%\nessus_scan_policies_%Timestamp%.txt" 24 | 25 | rem Logout 26 | "%~dp0curl.exe" -s -k -X DELETE -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" "https://%Server%:%Port%/session" >NUL 27 | 28 | del /F "%TEMP%\nessus_scan_token_%Timestamp%.txt" 29 | -------------------------------------------------------------------------------- /nessus_scan.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set IP=%2 5 | set Username=%3 6 | set Password=%4 7 | set Server=%5 8 | set Port=%6 9 | set Policy_Name=%7 10 | set Timestamp=%8 11 | set Documentacion=%9 12 | 13 | set Documentacion=%Documentacion:"=% 14 | set Proyecto=%Proyecto:"=% 15 | 16 | set DocumentacionHTML="%Documentacion%\NessusReport - %Timestamp%.html" 17 | set DocumentacionXML="%Documentacion%\NessusReport - %Timestamp%.xml" 18 | 19 | set SCAN=0 20 | 21 | @title=[Nessus Scan] - %Proyecto% 22 | 23 | rem Detect Service Up 24 | "%~dp0curl.exe" -s -k "https://%Server%:%Port%/" > NUL 25 | if %ERRORLEVEL% NEQ 0 ( echo Nessus Service no iniciado. Loguearse por ssh a %Server% y ejecutar: && echo /etc/init.d/nessusd start && pause && exit ) 26 | 27 | rem Login 28 | :login1 29 | "%~dp0curl.exe" -s -k -X POST -H "Content-Type: application/json" -H "Accept: text/plain" -d "{\"username\":\"%Username%\",\"password\":\"%Password%\"}" "https://%Server%:%Port%/session" | "%~dp0jq-win32.exe" .token > "%TEMP%\nessus_scan_token_%Timestamp%.txt" 30 | set /p TOKEN=<"%TEMP%\nessus_scan_token_%Timestamp%.txt" 31 | set TOKEN=%TOKEN:"=% 32 | if /I %TOKEN% == null ( echo ---Error--- && goto :exit1 && exit ) 33 | if %SCAN% == 1 ( goto :scan1 ) 34 | 35 | rem Obtener ID de la Policie 36 | "%~dp0curl.exe" -s -k -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" "https://%Server%:%Port%/policies" -o "%TEMP%\nessus_scan_policies_%Timestamp%.txt" 37 | type "%TEMP%\nessus_scan_policies_%Timestamp%.txt" | "%~dp0jq-win32.exe" ".policies[] | select(.name == \"%Policy_Name%\") .id" > "%TEMP%\nessus_scan_policy_id_%Timestamp%.txt" 38 | set /p POLICY_ID=<"%TEMP%\nessus_scan_policy_id_%Timestamp%.txt" 39 | 40 | rem Obtener Template UUID 41 | type "%TEMP%\nessus_scan_policies_%Timestamp%.txt" | "%~dp0jq-win32.exe" ".policies[] | select(.name == \"%Policy_Name%\") .template_uuid" > "%TEMP%\nessus_scan_template_uuid_%Timestamp%.txt" 42 | set /p TEMPLATE_UUID=<"%TEMP%\nessus_scan_template_uuid_%Timestamp%.txt" 43 | 44 | rem Add New Scan 45 | "%~dp0curl.exe" -s -k -X POST -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" -d "{\"uuid\": \"%TEMPLATE_UUID%\", \"settings\": {\"file_targets\": \"\", \"description\": \"SVM Nessus Scan\", \"launch\": \"ON_DEMAND\", \"scanner_id\": \"1\", \"filter_type\": \"\", \"name\": \"%Proyecto%\", \"text_targets\": \"%IP%\", \"owner\": \"%Username%\", \"filters\": [], \"emails\": \"\", \"policy_id\": %POLICY_ID%}}" https://%Server%:%Port%/scans | "%~dp0jq-win32.exe" ".scan.id" > "%TEMP%\nessus_scan_id_%Timestamp%.txt" 46 | set /p ID_SCAN=<"%TEMP%\nessus_scan_id_%Timestamp%.txt" 47 | 48 | rem Launch a Scan 49 | "%~dp0curl.exe" -s -k -X POST -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" -d "" "https://%Server%:%Port%/scans/%ID_SCAN%/launch" > "%TEMP%\nessus_scan_launch_%Timestamp%.txt" 50 | 51 | rem Details Scans 52 | echo Escaneando... 53 | :scan1 54 | "%~dp0curl.exe" -s -k -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" "https://%Server%:%Port%/scans/%ID_SCAN%" | "%~dp0jq-win32.exe" ".info.status" > "%TEMP%\nessus_scan_status_scan_%Timestamp%.txt" 55 | set /p STATUS=<"%TEMP%\nessus_scan_status_scan_%Timestamp%.txt" 56 | if %STATUS% == null ( set SCAN=1 && goto :login1 ) 57 | if %STATUS% == "paused" ( echo Paused && ping -n 61 127.0.0.1 > NUL && time /T && goto :scan1) 58 | if %STATUS% == "canceled" ( echo Canceled && goto :exit1 ) 59 | if %STATUS% == "completed" ( echo: ) else ( ping -n 61 127.0.0.1 > NUL && time /T && goto :scan1 ) 60 | 61 | 62 | rem Export Scan HTML 63 | echo Generando Reporte HTML... 64 | "%~dp0curl.exe" -s -k -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" "https://%Server%:%Port%/scans/%ID_SCAN%" | "%~dp0jq-win32.exe" ".history[].history_id" > "%TEMP%\nessus_scan_history_id_%Timestamp%.txt" 65 | set /p HISTORY_ID=<"%TEMP%\nessus_scan_history_id_%Timestamp%.txt" 66 | 67 | "%~dp0curl.exe" -s -k -X POST -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" -d "{\"format\":\"html\",\"chapters\":\"vuln_hosts_summary;vuln_by_plugin\"}" "https://%Server%:%Port%/scans/%ID_SCAN%/export?history_id=%HISTORY_ID%" | "%~dp0jq-win32.exe" ".file" > "%TEMP%\nessus_scan_file_%Timestamp%.txt" 68 | set /p FILE=<"%TEMP%\nessus_scan_file_%Timestamp%.txt" 69 | 70 | rem Export Status 71 | :doc1 72 | "%~dp0curl.exe" -s -k -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" "https://%Server%:%Port%/scans/%ID_SCAN%/export/%FILE%/status" | "%~dp0jq-win32.exe" ".status" > "%TEMP%\nessus_scan_status_report_%Timestamp%.txt" 73 | set /p STATUS_REPORT=<"%TEMP%\nessus_scan_status_report_%Timestamp%.txt" 74 | if %STATUS_REPORT% == null ( echo ---Error--- && pause && exit ) 75 | if %STATUS_REPORT% == "ready" ( echo: ) else ( ping -n 11 127.0.0.1 > NUL && echo . && goto :doc1 ) 76 | 77 | rem Download Doc File 78 | "%~dp0curl.exe" -s -k "https://%Server%:%Port%/scans/%ID_SCAN%/export/%FILE%/download?token=%TOKEN%" --output %DocumentacionHTML% 79 | 80 | 81 | 82 | rem Export Scan XML 83 | echo Generando Reporte XML... 84 | "%~dp0curl.exe" -s -k -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" "https://%Server%:%Port%/scans/%ID_SCAN%" | "%~dp0jq-win32.exe" ".history[].history_id" > "%TEMP%\nessus_scan_history_id_%Timestamp%.txt" 85 | set /p HISTORY_ID=<"%TEMP%\nessus_scan_history_id_%Timestamp%.txt" 86 | 87 | "%~dp0curl.exe" -s -k -X POST -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" -d "{\"format\":\"nessus\",\"chapters\":\"vuln_hosts_summary;vuln_by_plugin\"}" "https://%Server%:%Port%/scans/%ID_SCAN%/export?history_id=%HISTORY_ID%" | "%~dp0jq-win32.exe" ".file" > "%TEMP%\nessus_scan_file_%Timestamp%.txt" 88 | set /p FILE=<"%TEMP%\nessus_scan_file_%Timestamp%.txt" 89 | 90 | rem Export Status 91 | :doc2 92 | "%~dp0curl.exe" -s -k -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" "https://%Server%:%Port%/scans/%ID_SCAN%/export/%FILE%/status" | "%~dp0jq-win32.exe" ".status" > "%TEMP%\nessus_scan_status_report_%Timestamp%.txt" 93 | set /p STATUS_REPORT=<"%TEMP%\nessus_scan_status_report_%Timestamp%.txt" 94 | if %STATUS_REPORT% == null ( echo ---Error--- && pause && exit ) 95 | if %STATUS_REPORT% == "ready" ( echo: ) else ( ping -n 11 127.0.0.1 > NUL && echo . && goto :doc2 ) 96 | 97 | rem Download Doc File 98 | "%~dp0curl.exe" -s -k "https://%Server%:%Port%/scans/%ID_SCAN%/export/%FILE%/download?token=%TOKEN%" --output %DocumentacionXML% 99 | 100 | rem Logout 101 | "%~dp0curl.exe" -s -k -X DELETE -H "X-Cookie: token=%TOKEN%" -H "Content-Type: application/json" -H "Accept: text/plain" "https://%Server%:%Port%/session" >NUL 102 | 103 | 104 | echo %DocumentacionHTML% 105 | start "" /WAIT /I ""%DocumentacionHTML%"" 106 | 107 | :exit1 108 | del /F "%TEMP%\nessus_scan_token_%Timestamp%.txt" 109 | del /F "%TEMP%\nessus_scan_id_%Timestamp%.txt" 110 | del /F "%TEMP%\nessus_scan_policies_%Timestamp%.txt" 111 | del /F "%TEMP%\nessus_scan_policy_id_%Timestamp%.txt" 112 | del /F "%TEMP%\nessus_scan_template_uuid_%Timestamp%.txt" 113 | del /F "%TEMP%\nessus_scan_status_scan_%Timestamp%.txt" 114 | del /F "%TEMP%\nessus_scan_launch_%Timestamp%.txt" 115 | del /F "%TEMP%\nessus_scan_history_id_%Timestamp%.txt" 116 | del /F "%TEMP%\nessus_scan_file_%Timestamp%.txt" 117 | del /F "%TEMP%\nessus_scan_status_report_%Timestamp%.txt" 118 | 119 | pause 120 | -------------------------------------------------------------------------------- /netsparker_scan.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set Netsparker=%2 5 | set URL=%3 6 | set Documentacion=%4 7 | set Timestamp=%5 8 | set NRO=%6 9 | 10 | set Proyecto=%Proyecto:"=% 11 | 12 | 13 | set Documentacion=%Documentacion:"=% 14 | 15 | @title=[Netsparker Scan] - %Proyecto% - %URL% 16 | 17 | set /a SLEEP=%NRO%*20 18 | ping -n %SLEEP% 127.0.0.1 > NUL 19 | 20 | cls 21 | echo Escaneando... 22 | echo Nombre Profile a usar: %Proyecto% 23 | 24 | :while1 25 | tasklist /FI "IMAGENAME eq Netsparker.exe" /NH | find /C "Netsparker.exe" > "%TEMP%\netsparker_scan_count_%Timestamp%-URL_%NRO%.txt" 26 | set /p CANT=<"%TEMP%\netsparker_scan_count_%Timestamp%-URL_%NRO%.txt" 27 | set DocumentacionHTML="%Documentacion%\NetsparkerReport - %Timestamp%-URL_%NRO%.html" 28 | if %CANT% GEQ 2 ( ping -n 61 127.0.0.1 > NUL && goto :while1 ) else ( %Netsparker% /auto /profile "%Proyecto%" /url %URL% /report %DocumentacionHTML% ) 29 | 30 | echo Finalizado 31 | del /F "%TEMP%\netsparker_scan_count_%Timestamp%-URL_%NRO%.txt" 32 | 33 | pause 34 | 35 | 36 | -------------------------------------------------------------------------------- /nmap.xsl: -------------------------------------------------------------------------------- 1 | 2 | 32 | 33 | 41 | 42 | 43 | 44 | 0.9c 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | generated with nmap.xsl - version by Benjamin Erb - http://www.benjamin-erb.de/nmap_xsl.php 66 | 67 | 348 | 349 | Nmap Scan Report - Scanned at <xsl:value-of select="$start" /> 350 | 351 | 352 | 394 | 395 | 396 | 397 | 398 | 399 |
400 | 401 |

Nmap Scan Report - Scanned at

402 | 403 |
459 | 460 | 461 | scansummary 462 | 463 | 464 | 465 | 466 |

Scan Summary

467 | 468 |

469 | Nmap was initiated at with these arguments:
470 |
471 |

472 |

473 | Verbosity: ; Debug level 474 |

475 | 476 |

477 | 478 |

479 | 480 | 481 | 482 | 483 | 484 | 485 | 486 | 487 | 488 |
489 | 490 | 495 | 496 | 497 |
498 | 499 | 500 | 501 | 502 | 503 | 504 | 505 | 506 | 507 | 508 | 509 | host_ 510 | 511 | 512 | 513 | 514 | 515 |

516 | 517 | 518 | 519 | 520 | / 521 | 522 | 523 | 524 | (online) 525 |

526 | 527 |
528 | 529 | 530 |

531 | 532 | 533 | 534 | 535 | / 536 | 537 | 538 | 539 | 540 | javascript:toggle('hostblock_'); 541 | host_down 542 | (click to expand) 543 | 544 | (offline)

545 |
546 | 547 |
548 | 549 | 550 | 551 | hostblock_ 552 | 553 | 554 | 555 | unhidden 556 | 557 | 558 | 559 | hidden 560 | 561 | 562 | 563 | 564 | 565 |

Address

566 | 567 |
    568 | 569 |
  • 570 | 571 | - 572 | 573 | 574 | 575 | () 576 |
  • 577 |
    578 |
579 |
580 | 581 | 582 | 583 | 584 |
585 | 586 | 587 | javascript:toggle('metrics_'); 588 | Misc Metrics (click to expand) 589 | 590 | 591 | 592 | 593 | metrics_ 594 | hidden 595 | 596 | 597 | 598 | 599 | 600 | 601 | 602 | 603 | 604 | 610 | 611 | 612 | 613 | 614 | 615 | 617 | 618 | 619 | 620 | 621 | 622 | 623 | 624 | 625 | 626 | 627 | 628 | 629 | 630 | 631 | 632 | 633 | 634 | 635 | 636 | 637 | 638 | 639 | 640 | 641 | 642 |
MetricValue
Ping Results 605 | 606 | from 607 | 608 | 609 |
System Uptime seconds (last reboot: ) 616 |
Network Distance hops
TCP Sequence PredictionDifficulty= ()
IP ID Sequence Generation
643 |
644 | 645 |
646 | 647 |
648 | 649 | 650 | 651 | 652 | 653 | 654 | 655 |

Hostnames

656 |
657 | 658 | 659 | 660 | 661 | 662 |
  • ()
  • 663 |
    664 | 665 | 666 | 667 | 668 | 669 | 670 |

    Ports

    671 | 672 | 673 |

    The ports scanned but not shown below are in state:

    674 |
    675 | 676 |
      677 | 678 | 679 |
    • ports replied with:

    • 680 |
      681 |
      682 |
    683 |
    684 | 685 | 686 | 687 | 688 | 689 | 690 | 691 | 692 | 693 | 694 | porttable_ 695 | 1 696 | 697 | 698 | Port 699 | State 700 | 701 | javascript:togglePorts('porttable_','closed'); 702 | (toggle closed [] 703 | 704 | 705 | javascript:togglePorts('porttable_','filtered'); 706 | | filtered []) 707 | 708 | 709 | Service 710 | Reason 711 | Product 712 | Version 713 | Extra info 714 | 715 | 716 | 717 | 718 | 719 |
    720 | 721 | 722 | 723 | 724 | 725 | 726 | 727 | 728 | 729 | 730 | 731 | 732 |   733 | 734 | 735 | from 736 | 737 | 738 | 739 |   740 |   741 |   742 | 743 | 744 | 745 | 746 | 747 |   748 | 749 |
      
    750 | 751 | 752 | 753 |
    754 |
    755 | 756 | 757 | 758 | 759 | 760 | 761 |   762 | 763 | 764 | from 765 | 766 | 767 | 768 |   769 |   770 |   771 | 772 | 773 | 774 | 775 | 776 | 777 | 778 | 779 |   780 | 781 | 782 | from 783 | 784 | 785 | 786 |   787 |   788 |   789 | 790 | 791 | 792 | 793 | 794 | 795 | 796 | 797 |   798 | 799 | 800 | from 801 | 802 | 803 | 804 |   805 |   806 |   807 | 808 | 809 | 810 |
    811 |
    812 | 813 | 814 | 815 | 816 | 817 |

    Remote Operating System Detection

    818 | 819 |

    Unable to identify operating system.

    820 | 821 |
      822 | 823 |
    • Used port: / ()
    • 824 |
      825 | 826 | 827 |
    • OS match: (%)
    • 828 |
      829 |
    830 | 831 | 832 | 833 |
    834 | 835 | 836 | 837 | 838 | 839 | 840 | 841 | 842 | 843 | 844 | 845 | 846 |
      847 |
    • Cannot determine exact operating system. Fingerprint provided below.
    • 848 |
    • If you know what OS is running on it, see https://nmap.org/submit/
    • 849 |
    850 | 851 | 852 | 853 | 854 | 855 | 856 | 857 |
    Operating System fingerprint
    858 | 859 |
    860 | 861 | 862 |
      863 |
    • OS identified but the fingerprint was requested at scan time. 864 | 865 | 866 | javascript:toggle('osblock_'); 867 | (click to expand) 868 | 869 |
    • 870 |
    871 | 872 | 873 | osblock_ 874 | hidden 875 | 876 | 877 | 878 | 879 | 880 | 881 | 882 | 883 |
    Operating System fingerprint
    884 | 885 |
    886 | 887 |
    888 | 889 |
    890 | 891 |
    892 | 893 | 894 | 895 | 896 | 897 | 898 | 899 | 900 | 901 | prescript 902 | 903 | 904 |

    Pre-Scan Script Output

    905 | 906 | 907 | 908 | 909 | 910 | 911 | 912 | 913 | 914 | 917 | 922 | 923 | 924 | 925 |
    Script NameOutput
    915 |   916 | 918 |
     919 |            
     920 |         
    921 |
    926 |
    927 | 928 | 929 | 930 | 931 | 932 | 933 | 934 | 935 | 936 | postscript 937 | 938 | 939 |

    Post-Scan Script Putput

    940 | 941 | 942 | 943 | 944 | 945 | 946 | 947 | 948 | 949 | 952 | 957 | 958 | 959 | 960 |
    Script NameOutput
    950 |   951 | 953 |
     954 |            
     955 |         
    956 |
    961 |
    962 | 963 | 964 | 965 | 966 | 967 | 968 |

    Host Script Output

    969 | 970 | 971 | 972 | 973 | 974 | 975 | 976 | 977 | 978 | 981 | 986 | 987 | 988 | 989 |
    Script NameOutput
    979 |   980 | 982 |
     983 |               
     984 |           
    985 |
    990 |
    991 | 992 | 993 | 994 | 995 | 996 |

    Smurf Responses

    997 |
      998 |
    • responses counted
    • 999 |
    1000 |
    1001 |
    1002 | 1003 | 1004 | 1005 | 1006 | 1007 | 1008 | 1009 | 1010 | 1011 | 1012 | 1013 | 1014 | 1015 | javascript:toggle('trace_'); 1016 | Traceroute Information (click to expand) 1017 | 1018 | 1019 | 1020 | trace_ 1021 | hidden 1022 | 1023 | 1024 | 1025 | 1026 |
    • Traceroute data generated using port /
    1027 |
    1028 |
    1029 | 1030 | 1031 | 1032 | 1033 | 1034 | 1035 | 1036 | 1037 | 1038 | 1039 | 1040 | 1041 | 1042 | 1043 | 1044 | 1045 | 1046 | 1047 | 1048 | 1049 | 1050 | 1051 | 1052 | 1053 | 1054 | 1055 | 1056 | 1057 | 1058 | 1059 | 1060 | 1061 | 1062 | 1063 | 1064 | 1065 |
    HopRttIPHost
    --
    1066 |
    1067 | 1068 |
    1069 |
    1070 | 1071 |
    1072 | -------------------------------------------------------------------------------- /nmap_scan.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set IP=%2 5 | set Timestamp=%3 6 | set Documentacion=%4 7 | set AppExe=%5 8 | 9 | 10 | set IP=%IP:"=% 11 | set IP=%IP:,= % 12 | set Documentacion=%Documentacion:"=% 13 | set Proyecto=%Proyecto:"=% 14 | 15 | set Timestamp=%Timestamp:"=% 16 | set DocumentacionBasename=NmapReport - %Timestamp% 17 | set DocumentacionXML=%DocumentacionBasename%.xml 18 | set DocumentacionHTML=%DocumentacionBasename%.html 19 | 20 | @title=[Nmap Scan (Local)] - %Proyecto% 21 | echo %IP% | %AppExe% -Pn -O --system-dns -vv -sS -sC -sV -oA "%Documentacion%\%DocumentacionBasename%" -pT:1-65535,U:7,9,13,17,19,21,37,53,67-69,98,111,121,123,135,137-138,161,177,371,389,407,445,456,464,500,512,514,517-518,520,555,635,666,858,1001,1010-1011,1015,1024-1049,1051-1055,1170,1194,1243,1245,1434,1492,1600,1604,1645,1701,1807,1812,1900,1978,1981,1999,2001-2002,2023,2049,2115,2140,2801,2967,3024,3129,3150,3283,3527,3700,3801,4000,4092,4156,4569,4590,4781,5000-5001,5036,5060,5321,5400-5402,5503,5569,5632,5742,6051,6073,6502,6670,6771,6912,6969,7000,7111,7222,7300-7301,7306-7308,7778,7789,7938,9872-9875,9989,10067,10167,11000,11223,12223,12345-12346,12361-12362,15253,15345,16969,17185,20001,20034,21544,21862,22222,23456,26274,26409,27444,30029,31335,31337-31339,31666,31785,31789,31791-31792,32771,33333,34324,40412,40421-40423,40426,47262,50505,50766,51100-51101,51109,53001,54321,61466 --webxml -iL - 22 | "%~dp0xml.exe" tr "%~dp0nmap.xsl" "%Documentacion%\%DocumentacionXML%" > "%Documentacion%\%DocumentacionHTML%" 23 | 24 | del /F "%DocumentacionXML%" 25 | 26 | echo "%Documentacion%\%DocumentacionHTML%" 27 | start "" /WAIT /I """%Documentacion%\%DocumentacionHTML%""" 28 | 29 | pause 30 | -------------------------------------------------------------------------------- /nmap_scan_remote.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set IP=%2 5 | set Timestamp=%3 6 | set Documentacion=%4 7 | set Server=%5 8 | set Username=%6 9 | set Password=%7 10 | 11 | set IP=%IP:"=% 12 | set IP=%IP:,= % 13 | set Documentacion=%Documentacion:"=% 14 | set Proyecto=%Proyecto:"=% 15 | set Timestamp=%Timestamp:"=% 16 | set DocumentacionXML=NmapReport - %Timestamp%.xml 17 | set DocumentacionHTML=NmapReport - %Timestamp%.html 18 | 19 | @title=[Nmap Scan (Remoto)] - %Proyecto% 20 | rem apt-get install nmap 21 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo %IP% | nmap -Pn -O --system-dns -vv -sS -sC -sV -oX '/tmp/%DocumentacionXML%' -pT:1-65535,U:7,9,13,17,19,21,37,53,67-69,98,111,121,123,135,137-138,161,177,371,389,407,445,456,464,500,512,514,517-518,520,555,635,666,858,1001,1010-1011,1015,1024-1049,1051-1055,1170,1194,1243,1245,1434,1492,1600,1604,1645,1701,1807,1812,1900,1978,1981,1999,2001-2002,2023,2049,2115,2140,2801,2967,3024,3129,3150,3283,3527,3700,3801,4000,4092,4156,4569,4590,4781,5000-5001,5036,5060,5321,5400-5402,5503,5569,5632,5742,6051,6073,6502,6670,6771,6912,6969,7000,7111,7222,7300-7301,7306-7308,7778,7789,7938,9872-9875,9989,10067,10167,11000,11223,12223,12345-12346,12361-12362,15253,15345,16969,17185,20001,20034,21544,21862,22222,23456,26274,26409,27444,30029,31335,31337-31339,31666,31785,31789,31791-31792,32771,33333,34324,40412,40421-40423,40426,47262,50505,50766,51100-51101,51109,53001,54321,61466 --webxml -iL - " 22 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/%DocumentacionXML%" "%TEMP%\%DocumentacionXML%" 23 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/%DocumentacionXML%" "%Documentacion%\%DocumentacionXML%" 24 | "%~dp0plink.exe" -no-antispoof -ssh -P 22 -l %Username% -pw %Password% -C %Server% "rm -f '/tmp/%DocumentacionXML%'" 25 | "%~dp0xml.exe" tr "%~dp0nmap.xsl" "%TEMP%\%DocumentacionXML%" > "%Documentacion%\%DocumentacionHTML%" 26 | 27 | del /F "%TEMP%\%DocumentacionXML%" 28 | 29 | echo "%Documentacion%\%DocumentacionHTML%" 30 | start "" /WAIT /I """%Documentacion%\%DocumentacionHTML%""" 31 | 32 | pause 33 | -------------------------------------------------------------------------------- /omp.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/omp.zip -------------------------------------------------------------------------------- /omp_cracked.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/omp_cracked.zip -------------------------------------------------------------------------------- /openssl.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/openssl.zip -------------------------------------------------------------------------------- /openvas_get_report_formats.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set OpenvasServer=%1 4 | set OpenvasUsername=%3 5 | set OpenvasPassword=%4 6 | set OpenvasPort=%2 7 | set Timestamp=%5 8 | 9 | @title=[OpenVAS] - Obteniendo "Format Report ID" 10 | 11 | rem http://docs.greenbone.net/API/OMP/omp.html#command_get_report_formats 12 | "%~dp0omp_cracked.exe" --host=%OpenvasServer% --port=%OpenvasPort% --username=%OpenvasUsername% --password=%OpenvasPassword% --xml="" 1>"%TEMP%\openvas_report_formats_%Timestamp%.txt" 2>NUL 13 | 14 | findstr.exe /C:"OK" "%TEMP%\openvas_report_formats_%Timestamp%.txt" 15 | if %ERRORLEVEL% NEQ 0 ( echo ---Error--- && pause && exit ) 16 | 17 | echo [Config] 1> "%TEMP%\openvas_report_formats_%Timestamp%.ini" 18 | type "%TEMP%\openvas_report_formats_%Timestamp%.txt" | "%~dp0xml.exe" sel -T -t -m "/get_report_formats_response/report_format" -o "ID" -v "position()" -o "=" -v "@id" -n -o "Nombre" -v "position()" -o "=\"" -v "name" -o "\"" -n -o "Extension" -v "position()" -o "=\"" -v "extension" -o "\"" -n -o "Ultimo=" -v "last()" -n >> "%TEMP%\openvas_report_formats_%Timestamp%.ini" 19 | 20 | del /F "%TEMP%\openvas_report_formats_%Timestamp%.txt" -------------------------------------------------------------------------------- /openvas_get_report_formats_remote.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set LinuxServer=%1 4 | set LinuxUsername=%2 5 | set LinuxPassword=%3 6 | set OpenvasUsername=%4 7 | set OpenvasPassword=%5 8 | set OpenvasIP=%6 9 | set OpenvasPort=%7 10 | set Timestamp=%8 11 | 12 | @title=[OpenVAS (Remote)] - Obteniendo "Format Report ID"... 13 | 14 | rem http://docs.greenbone.net/API/OMP/omp.html#command_get_report_formats 15 | "%~dp0pscp.exe" -P 22 -l %LinuxUsername% -pw %LinuxPassword% -C "%~dp0openvas_get_report_formats_remote.sh" %LinuxServer%:"/tmp/openvas_get_report_formats_remote_1.sh" 16 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "tr -d '\15\32' < /tmp/openvas_get_report_formats_remote_1.sh > /tmp/openvas_get_report_formats_remote.sh" 17 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "rm -f '/tmp/openvas_get_report_formats_remote_1.sh'" 18 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "export TERM=xterm ; cd '/tmp' ; chmod 755 ./openvas_get_report_formats_remote.sh ; ./openvas_get_report_formats_remote.sh '%OpenvasUsername%' '%OpenvasPassword%' '%OpenvasIP%' '%OpenvasPort%' '%Timestamp%'" 19 | 20 | "%~dp0pscp.exe" -P 22 -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer%:"/tmp/openvas_report_formats_%Timestamp%.txt" "%TEMP%\openvas_report_formats_%Timestamp%.txt" 21 | 22 | findstr.exe /C:"OK" "%TEMP%\openvas_report_formats_%Timestamp%.txt" >NUL 23 | if %ERRORLEVEL% NEQ 0 ( echo ---Error--- && type "%TEMP%\openvas_report_formats_%Timestamp%.txt" && pause && exit ) 24 | 25 | echo [Config] 1> "%TEMP%\openvas_report_formats_%Timestamp%.ini" 26 | type "%TEMP%\openvas_report_formats_%Timestamp%.txt" | "%~dp0xml.exe" sel -T -t -m "/get_report_formats_response/report_format" -o "ID" -v "position()" -o "=" -v "@id" -n -o "Nombre" -v "position()" -o "=\"" -v "name" -o "\"" -n -o "Extension" -v "position()" -o "=\"" -v "extension" -o "\"" -n -o "Ultimo=" -v "last()" -n >> "%TEMP%\openvas_report_formats_%Timestamp%.ini" 27 | 28 | del /F "%TEMP%\openvas_report_formats_%Timestamp%.txt" 29 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "rm -fr /tmp/openvas_report_formats_%Timestamp%.txt" -------------------------------------------------------------------------------- /openvas_get_report_formats_remote.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | OpenvasUsername=$1 3 | OpenvasPassword=$2 4 | OpenvasmdIP=$3 5 | OpenvasmdPort=$4 6 | Timestamp=$5 7 | 8 | #which netstat >/dev/null 9 | #if [ $? -ne 0 ] ; then 10 | #OpenvasmdIP=$(ss -p -l | grep openvasmd | grep LISTEN | grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b') 11 | #OpenvasmdPort=$(ss -p -l | grep openvasmd | grep LISTEN | grep -oE ':[0-9]{1,6}' | cut -d":" -f2) 12 | #else 13 | #OpenvasmdIP=$(netstat -anp | grep openvasmd | grep LISTEN | grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' | grep -v 0.0.0.0) 14 | #OpenvasmdPort=$(netstat -ltp | grep openvasmd | grep LISTEN | grep -oE ':[0-9]{1,6}' | cut -d":" -f2) 15 | #fi 16 | 17 | Server=$OpenvasmdIP 18 | Port=$OpenvasmdPort 19 | 20 | if [ -z $Server ] ; then 21 | Server=127.0.0.1 22 | fi 23 | 24 | if [ -z $Port ] ; then 25 | Port=9390 26 | fi 27 | 28 | which omp >/dev/null 29 | if [ $? -ne 0 ] ; then 30 | echo "Falta el programa openvas-client(omp). Instalelo primero" 31 | read -rsp 'Press any key to continue...\n' -n 1 key 32 | exit 33 | fi 34 | 35 | openvassd_status=$(ps ax | grep "openvassd: Reloaded" | grep -v grep) 36 | while [ ! -z $openvassd_status ] ; do 37 | echo $openvassd_status 38 | ping -c 61 127.0.0.1 > /dev/null 39 | done 40 | 41 | omp --host=$Server --port=$Port --username=$OpenvasUsername --password=$OpenvasPassword --xml='' 1> /tmp/openvas_report_formats_$Timestamp.txt 2> /tmp/openvas_report_formats_$Timestamp.txt 42 | 43 | -------------------------------------------------------------------------------- /openvas_get_scan_configs.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set OpenvasServer=%1 4 | set OpenvasUsername=%2 5 | set OpenvasPassword=%3 6 | set OpenvasPort=%4 7 | set Timestamp=%5 8 | 9 | @title=[OpenVAS] - Obteniendo "Scan Config ID" 10 | 11 | rem http://docs.greenbone.net/API/OMP/omp.html#command_get_configs 12 | "%~dp0omp_cracked.exe" --host=%OpenvasServer% --port=%OpenvasPort% --username=%OpenvasUsername% --password=%OpenvasPassword% --xml="" 1>"%TEMP%\openvas_scan_configs_%Timestamp%.txt" 2>NUL 13 | 14 | findstr.exe /C:"OK" "%TEMP%\openvas_scan_configs_%Timestamp%.txt" 15 | if %ERRORLEVEL% NEQ 0 ( echo ---Error--- && type "%TEMP%\openvas_scan_configs_%Timestamp%.txt" && pause && exit ) 16 | 17 | echo [Config] 1> "%TEMP%\openvas_scan_configs_%Timestamp%.ini" 18 | type "%TEMP%\openvas_scan_configs_%Timestamp%.txt" | "%~dp0xml.exe" sel -T -t -m "/get_configs_response/config" -o "ID" -v "position()" -o "=" -v "@id" -n -o "Nombre" -v "position()" -o "=\"" -v "name" -o "\"" -n -o "Ultimo=" -v "last()" -n 1>> "%TEMP%\openvas_scan_configs_%Timestamp%.ini" 2>NUL 19 | 20 | del /F "%TEMP%\openvas_scan_configs_%Timestamp%.txt" -------------------------------------------------------------------------------- /openvas_get_scan_configs_remote.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set LinuxServer=%1 4 | set LinuxUsername=%2 5 | set LinuxPassword=%3 6 | set OpenvasUsername=%4 7 | set OpenvasPassword=%5 8 | set OpenvasIP=%6 9 | set OpenvasPort=%7 10 | set Timestamp=%8 11 | 12 | @title=[OpenVAS (Remote)] - Obteniendo "Scan Config ID"... 13 | 14 | rem http://docs.greenbone.net/API/OMP/omp.html#command_get_configs 15 | "%~dp0pscp.exe" -P 22 -l %LinuxUsername% -pw %LinuxPassword% -C "%~dp0openvas_get_scan_configs_remote.sh" %LinuxServer%:"/tmp/openvas_get_scan_configs_remote_1.sh" 16 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "tr -d '\15\32' < /tmp/openvas_get_scan_configs_remote_1.sh > /tmp/openvas_get_scan_configs_remote.sh" 17 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "rm -f '/tmp/openvas_get_scan_configs_remote_1.sh'" 18 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "export TERM=xterm ; cd '/tmp' ; chmod 755 ./openvas_get_scan_configs_remote.sh ; ./openvas_get_scan_configs_remote.sh '%OpenvasUsername%' '%OpenvasPassword%' '%OpenvasIP%' '%OpenvasPort%' '%Timestamp%'" 19 | 20 | "%~dp0pscp.exe" -P 22 -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer%:"/tmp/openvas_scan_configs_%Timestamp%.txt" "%TEMP%\openvas_scan_configs_%Timestamp%.txt" 21 | 22 | findstr.exe /C:"OK" "%TEMP%\openvas_scan_configs_%Timestamp%.txt" >NUL 23 | if %ERRORLEVEL% NEQ 0 ( echo ---Error--- && type "%TEMP%\openvas_scan_configs_%Timestamp%.txt" && pause && exit ) 24 | 25 | echo [Config] 1> "%TEMP%\openvas_scan_configs_%Timestamp%.ini" 26 | type "%TEMP%\openvas_scan_configs_%Timestamp%.txt" | "%~dp0xml.exe" sel -T -t -m "/get_configs_response/config" -o "ID" -v "position()" -o "=" -v "@id" -n -o "Nombre" -v "position()" -o "=\"" -v "name" -o "\"" -n -o "Ultimo=" -v "last()" -n 1>> "%TEMP%\openvas_scan_configs_%Timestamp%.ini" 2>NUL 27 | 28 | del /F "%TEMP%\openvas_scan_configs_%Timestamp%.txt" 29 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "rm -fr /tmp/openvas_scan_configs_%Timestamp%.txt" -------------------------------------------------------------------------------- /openvas_get_scan_configs_remote.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | OpenvasUsername=$1 3 | OpenvasPassword=$2 4 | OpenvasmdIP=$3 5 | OpenvasmdPort=$4 6 | Timestamp=$5 7 | 8 | #which netstat >/dev/null 9 | #if [ $? -ne 0 ] ; then 10 | #OpenvasmdIP=$(ss -p -l | grep openvasmd | grep LISTEN | grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b') 11 | #OpenvasmdPort=$(ss -p -l | grep openvasmd | grep LISTEN | grep -oE ':[0-9]{1,6}' | cut -d":" -f2) 12 | #else 13 | #OpenvasmdIP=$(netstat -anp | grep openvasmd | grep LISTEN | grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' | grep -v 0.0.0.0) 14 | #OpenvasmdPort=$(netstat -ltp | grep openvasmd | grep LISTEN | grep -oE ':[0-9]{1,6}' | cut -d":" -f2) 15 | #fi 16 | 17 | Server=$OpenvasmdIP 18 | Port=$OpenvasmdPort 19 | 20 | if [ -z $Server ] ; then 21 | Server=127.0.0.1 22 | fi 23 | 24 | if [ -z $Port ] ; then 25 | Port=9390 26 | fi 27 | 28 | which omp >/dev/null 29 | if [ $? -ne 0 ] ; then 30 | echo "Falta el programa openvas-client(omp). Instalelo primero" 31 | read -rsp 'Press any key to continue...\n' -n 1 key 32 | exit 33 | fi 34 | 35 | openvassd_status=$(ps ax | grep "openvassd: Reloaded" | grep -v grep) 36 | while [ $? -eq 0 ] ; do 37 | echo $openvassd_status 38 | ping -c 61 127.0.0.1 > /dev/null 39 | done 40 | 41 | omp --host=$Server --port=$Port --username=$OpenvasUsername --password=$OpenvasPassword --xml='' 1> /tmp/openvas_scan_configs_$Timestamp.txt 2> /tmp/openvas_scan_configs_$Timestamp.txt 42 | 43 | -------------------------------------------------------------------------------- /openvas_scan.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set IP=%2 5 | set Server=%3 6 | set Port=%4 7 | set Username=%5 8 | set Password=%6 9 | set ScanConfig=%7 10 | set FormatID=%8 11 | set Documentacion=%9 12 | shift 13 | set Timestamp=%9 14 | set IP=%IP:"=% 15 | set Proyecto=%Proyecto:"=% 16 | set Documentacion=%Documentacion:"=% 17 | set Documentacion="%Documentacion%\OpenvasReport - %Timestamp%.html" 18 | 19 | @title=[OpenVAS Scan] - %Proyecto% 20 | 21 | 22 | rem http://docs.greenbone.net/API/OMP/omp.html#command_create_target 23 | "%~dp0omp_cracked.exe" --host=%Server% --port=%Port% --username=%Username% --password=%Password% --xml="\"%Proyecto%_%Timestamp%\"%IP%Consider AliveT:1-65535,U:7,9,13,17,19,21,37,53,67-69,98,111,121,123,135,137-138,161,177,371,389,407,445,456,464,500,512,514,517-518,520,555,635,666,858,1001,1010-1011,1015,1024-1049,1051-1055,1170,1194,1243,1245,1434,1492,1600,1604,1645,1701,1807,1812,1900,1978,1981,1999,2001-2002,2023,2049,2115,2140,2801,2967,3024,3129,3150,3283,3527,3700,3801,4000,4092,4156,4569,4590,4781,5000-5001,5036,5060,5321,5400-5402,5503,5569,5632,5742,6051,6073,6502,6670,6771,6912,6969,7000,7111,7222,7300-7301,7306-7308,7778,7789,7938,9872-9875,9989,10067,10167,11000,11223,12223,12345-12346,12361-12362,15253,15345,16969,17185,20001,20034,21544,21862,22222,23456,26274,26409,27444,30029,31335,31337-31339,31666,31785,31789,31791-31792,32771,33333,34324,40412,40421-40423,40426,47262,50505,50766,51100-51101,51109,53001,54321,61466" 1> "%TEMP%\openvas_scan_target_%Timestamp%.txt" 24 | findstr.exe /C:"OK" "%TEMP%\openvas_scan_target_%Timestamp%.txt" 25 | if %ERRORLEVEL% NEQ 0 ( echo ---Error. Revise Usuario/Contraseña o levante el servicio en %Server% ejecutando: && echo service openvas-scanner restart && echo service openvas-manager restart && echo service greenbone-security-assistant restart && pause && exit ) 26 | type "%TEMP%\openvas_scan_target_%Timestamp%.txt" | "%~dp0xml.exe" sel -t -m "create_target_response" -v "@id" > %TEMP%\openvas_scan_target_id_%Timestamp%.txt" 27 | set /p target_id=<"%TEMP%\openvas_scan_target_id_%Timestamp%.txt" 28 | 29 | 30 | rem http://docs.greenbone.net/API/OMP/omp.html#command_create_task 31 | "%~dp0omp_cracked.exe" --host=%Server% --port=%Port% --username=%Username% --password=%Password% --xml="\"%Proyecto%_%Timestamp%\"" 1> "%TEMP%\openvas_scan_task_%Timestamp%.txt" 32 | findstr.exe /C:"Failed to find target" "%TEMP%\openvas_scan_task_%Timestamp%.txt" 33 | if %ERRORLEVEL% EQU 0 ( echo Failed to find target && pause && exit ) 34 | findstr.exe /C:"OK" "%TEMP%\openvas_scan_task_%Timestamp%.txt" 35 | if %ERRORLEVEL% NEQ 0 ( echo ---Error(1)--- && pause && exit ) 36 | type "%TEMP%\openvas_scan_task_%Timestamp%.txt" | "%~dp0xml.exe" sel -t -m "create_task_response" -v "@id" > %TEMP%\openvas_scan_task_id_%Timestamp%.txt" 37 | if %ERRORLEVEL% NEQ 0 ( echo ---Error(2)--- && pause && exit ) 38 | set /p task_id=<"%TEMP%\openvas_scan_task_id_%Timestamp%.txt" 39 | 40 | 41 | rem http://docs.greenbone.net/API/OMP/omp.html#command_start_task 42 | "%~dp0omp_cracked.exe" --host=%Server% --port=%Port% --username=%Username% --password=%Password% --xml="" 1> "%TEMP%\openvas_scan_report_%Timestamp%.txt" 43 | findstr.exe /C:"OK" "%TEMP%\openvas_scan_report_%Timestamp%.txt" 44 | if %ERRORLEVEL% NEQ 0 ( echo ---Error(3)--- && pause && exit ) 45 | type "%TEMP%\openvas_scan_report_%Timestamp%.txt" | "%~dp0xml.exe" sel -t -v "start_task_response/report_id" > %TEMP%\openvas_scan_report_id_%Timestamp%.txt" 46 | set /p report_id=<"%TEMP%\openvas_scan_report_id_%Timestamp%.txt" 47 | 48 | cls 49 | echo Escaneando... 50 | :scan1 51 | rem http://docs.greenbone.net/API/OMP/omp.html#command_get_tasks 52 | "%~dp0omp_cracked.exe" --host=%Server% --port=%Port% --username=%Username% --password=%Password% --xml="" 1> "%TEMP%\openvas_scan_status_report_%Timestamp%.txt" 53 | type "%TEMP%\openvas_scan_status_report_%Timestamp%.txt" | "%~dp0xml.exe" sel -t -v "get_tasks_response/task/status" > "%TEMP%\openvas_scan_status_scan_%Timestamp%.txt" 54 | findstr.exe /C:"Internal Error" "%TEMP%\openvas_scan_status_scan_%Timestamp%.txt" 55 | if %ERRORLEVEL% EQU 0 ( echo "Internal Error" && pause && exit ) 56 | findstr.exe /C:"Stopped" "%TEMP%\openvas_scan_status_scan_%Timestamp%.txt" 57 | if %ERRORLEVEL% EQU 0 ( echo Stopped && pause && exit ) 58 | findstr.exe /C:"Done" "%TEMP%\openvas_scan_status_scan_%Timestamp%.txt" 59 | if %ERRORLEVEL% EQU 0 ( echo: ) else ( ping -n 61 127.0.0.1 > NUL && time /T && goto :scan1 ) 60 | 61 | echo Generando Reporte... 62 | rem http://docs.greenbone.net/API/OMP/omp.html#command_get_reports 63 | "%~dp0omp_cracked.exe" --host=%Server% --port=%Port% --username=%Username% --password=%Password% --xml="" 1> "%TEMP%\openvas_scan_report_response_%Timestamp%.txt" 64 | type "%TEMP%\openvas_scan_report_response_%Timestamp%.txt" | "%~dp0xml.exe" sel -t -v "get_reports_response/report/text()" > "%TEMP%\openvas_scan_b64_report_%Timestamp%.txt" 65 | "%~dp0openssl.exe" -in "%TEMP%\openvas_scan_b64_report_%Timestamp%.txt" enc -base64 -d -out %Documentacion% 66 | 67 | del /F "%TEMP%\openvas_scan_target_%Timestamp%.txt" 68 | del /F "%TEMP%\openvas_scan_target_id_%Timestamp%.txt" 69 | del /F "%TEMP%\openvas_scan_task_%Timestamp%.txt" 70 | del /F "%TEMP%\openvas_scan_task_id_%Timestamp%.txt" 71 | del /F "%TEMP%\openvas_scan_report_%Timestamp%.txt" 72 | del /F "%TEMP%\openvas_scan_report_id_%Timestamp%.txt" 73 | del /F "%TEMP%\openvas_scan_status_scan_%Timestamp%.txt" 74 | del /F "%TEMP%\openvas_scan_status_report_%Timestamp%.txt" 75 | del /F "%TEMP%\openvas_scan_report_response_%Timestamp%.txt" 76 | del /F "%TEMP%\openvas_scan_b64_report_%Timestamp%.txt" 77 | 78 | echo %Documentacion% 79 | start "" /WAIT /I ""%Documentacion%"" 80 | 81 | pause 82 | -------------------------------------------------------------------------------- /openvas_scan_remote.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set IP=%2 5 | set LinuxServer=%3 6 | set LinuxUsername=%4 7 | set LinuxPassword=%5 8 | set OpenvasmdIP=%6 9 | set OpenvasmdPort=%7 10 | set OpenvasUsername=%8 11 | set OpenvasPassword=%9 12 | shift 13 | shift 14 | shift 15 | shift 16 | set ScanConfig=%6 17 | set FormatReport=%7 18 | set Documentacion=%8 19 | set Timestamp=%9 20 | 21 | set IP=%IP:"=% 22 | set Proyecto=%Proyecto:"=% 23 | set Documentacion=%Documentacion:"=% 24 | set Documentacion="%Documentacion%\OpenvasReport - %Timestamp%.html" 25 | 26 | @title=[OpenVAS Scan (Remoto SSH)] - %Proyecto% 27 | 28 | "%~dp0pscp.exe" -l %LinuxUsername% -pw %LinuxPassword% -C "%~dp0openvas_scan_remote.sh" %LinuxServer%:"/tmp/openvas_scan_remote_1.sh" 29 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "tr -d '\15\32' < /tmp/openvas_scan_remote_1.sh > /tmp/openvas_scan_remote.sh" 30 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "rm -f '/tmp/openvas_scan_remote_1.sh'" 31 | 32 | cls 33 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "export TERM=xterm ; cd '/tmp' ; chmod 755 ./openvas_scan_remote.sh ; ./openvas_scan_remote.sh '%Proyecto%' '%IP%' '%OpenvasUsername%' '%OpenvasPassword%' '%OpenvasmdIP%' '%OpenvasmdPort%' '%ScanConfig%' '%FormatReport%' '%Timestamp%'" 34 | if %ERRORLEVEL% NEQ 0 ( echo ---Error-1--- && pause && exit ) 35 | 36 | "%~dp0pscp.exe" -P 22 -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer%:"/tmp/OpenvasReport - %Timestamp%.html" %Documentacion% > NUL 37 | if %ERRORLEVEL% NEQ 0 ( echo ---Error-2--- && pause && exit ) 38 | 39 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "rm -f '/tmp/OpenvasReport - %Timestamp%.html'" 40 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -l %LinuxUsername% -pw %LinuxPassword% -C %LinuxServer% "rm -f '/tmp/openvas_scan_remote.sh'" 41 | 42 | echo %Documentacion% 43 | start "" /WAIT /I ""%Documentacion%"" 44 | 45 | pause -------------------------------------------------------------------------------- /openvas_scan_remote.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | Proyecto=$1 3 | IP=$2 4 | Username=$3 5 | Password=$4 6 | OpenvasmdIP=$5 7 | OpenvasmdPort=$6 8 | ScanConfig=$7 9 | FormatID=$8 10 | Timestamp=$9 11 | 12 | which xmlstarlet >/dev/null 13 | if [ $? -ne 0 ] ; then 14 | echo "Falta el programa xmlstarlet. Instalelo primero" 15 | read -rsp 'Press any key to continue...\n' -n 1 key 16 | exit 17 | fi 18 | 19 | which omp >/dev/null 20 | if [ $? -ne 0 ] ; then 21 | echo "Falta el programa openvas-client(omp). Instalelo primero" 22 | read -rsp 'Press any key to continue...\n' -n 1 key 23 | exit 24 | fi 25 | 26 | which netstat >/dev/null #En Ubuntu para Windows 10 no anda netstat ni ss 27 | if [ $? -ne 0 ] ; then 28 | OpenvasmdIP=$(ss -p -l | grep openvasmd | grep LISTEN | grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b') 29 | OpenvasmdPort=$(ss -p -l | grep openvasmd | grep LISTEN | grep -oE ':[0-9]{1,6}' | cut -d":" -f2) 30 | else 31 | OpenvasmdIP=$(netstat -anp | grep openvasmd | grep LISTEN | grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' | grep -v 0.0.0.0) 32 | OpenvasmdPort=$(netstat -ltp | grep openvasmd | grep LISTEN | grep -oE ':[0-9]{1,6}' | cut -d":" -f2) 33 | fi 34 | 35 | #En Ubuntu para Windows 10 no anda netstat ni ss 36 | if [ -z $Server ] ; then 37 | Server=$OpenvasmdIP 38 | fi 39 | 40 | if [ -z $Port ] ; then 41 | Port=$OpenvasmdPort 42 | fi 43 | 44 | 45 | if [ -z $Server ] ; then 46 | Server=127.0.0.1 47 | fi 48 | 49 | if [ -z $Port ] ; then 50 | Port=9390 51 | fi 52 | 53 | 54 | 55 | openvassd_status=$(ps ax | grep "openvassd: Initializing" | grep -v grep) 56 | while [ ! -z $openvassd_status ] ; do 57 | echo $openvassd_status 58 | ping -c 61 127.0.0.1 > /dev/null 59 | done 60 | 61 | openvassd_status=$(ps ax | grep "openvassd: Reloaded" | grep -v grep) 62 | while [ ! -z $openvassd_status ] ; do 63 | echo $openvassd_status 64 | ping -c 61 127.0.0.1 > /dev/null 65 | done 66 | 67 | 68 | #https://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/timezone.html 69 | #http://docs.greenbone.net/API/OMP/omp.html#command_modify_setting 70 | #omp --host=$Server --port=$Port --username=$Username --password=$Password --xml="TimezoneUTC" 71 | 72 | #http://docs.greenbone.net/API/OMP/omp.html#command_create_target 73 | omp --host=$Server --port=$Port --username=$Username --password=$Password --xml="\"$Proyecto-$Timestamp\"$IPConsider AliveT:1-65535,U:7,9,13,17,19,21,37,53,67-69,98,111,121,123,135,137-138,161,177,371,389,407,445,456,464,500,512,514,517-518,520,555,635,666,858,1001,1010-1011,1015,1024-1049,1051-1055,1170,1194,1243,1245,1434,1492,1600,1604,1645,1701,1807,1812,1900,1978,1981,1999,2001-2002,2023,2049,2115,2140,2801,2967,3024,3129,3150,3283,3527,3700,3801,4000,4092,4156,4569,4590,4781,5000-5001,5036,5060,5321,5400-5402,5503,5569,5632,5742,6051,6073,6502,6670,6771,6912,6969,7000,7111,7222,7300-7301,7306-7308,7778,7789,7938,9872-9875,9989,10067,10167,11000,11223,12223,12345-12346,12361-12362,15253,15345,16969,17185,20001,20034,21544,21862,22222,23456,26274,26409,27444,30029,31335,31337-31339,31666,31785,31789,31791-31792,32771,33333,34324,40412,40421-40423,40426,47262,50505,50766,51100-51101,51109,53001,54321,61466" 1> "/tmp/openvas_scan_target_$Timestamp.txt" 74 | grep "OK" "/tmp/openvas_scan_target_$Timestamp.txt" 1>/dev/null 75 | if [ $? -ne 0 ] ; then 76 | echo ---Error. Revise username/password o levante el servicio ejecutando: 77 | echo service openvas-scanner restart 78 | echo service openvas-manager restart 79 | echo service greenbone-security-assistant restart 80 | exit 81 | fi 82 | 83 | xmlstarlet sel -t -m "create_target_response" -v "@id" "/tmp/openvas_scan_target_$Timestamp.txt" > "/tmp/openvas_scan_target_id_$Timestamp.txt" 84 | target_id=$(cat "/tmp/openvas_scan_target_id_$Timestamp.txt") 85 | 86 | 87 | #http://docs.greenbone.net/API/OMP/omp.html#command_create_task 88 | omp --host=$Server --port=$Port --username=$Username --password=$Password --xml="\"$Proyecto-$Timestamp\"" 1> "/tmp/openvas_scan_task_$Timestamp.txt" 89 | grep "Failed to find target" "/tmp/openvas_scan_task_$Timestamp.txt" 1>/dev/null 90 | if [ $? -eq 0 ] ; then 91 | echo ---Error-1---- 92 | exit 93 | fi 94 | grep "OK" "/tmp/openvas_scan_task_$Timestamp.txt" 1>/dev/null 95 | if [ $? -ne 0 ] ; then 96 | echo ---Error-2---- 97 | exit 98 | fi 99 | 100 | xmlstarlet sel -t -m "create_task_response" -v "@id" "/tmp/openvas_scan_task_$Timestamp.txt" > "/tmp/openvas_scan_task_id_$Timestamp.txt" 101 | if [ $? -ne 0 ] ; then 102 | echo ---Error-3---- 103 | exit 104 | fi 105 | 106 | task_id=$(cat "/tmp/openvas_scan_task_id_$Timestamp.txt") 107 | 108 | #http://docs.greenbone.net/API/OMP/omp.html#command_start_task 109 | omp --host=$Server --port=$Port --username=$Username --password=$Password --xml="" 1> "/tmp/openvas_scan_report_$Timestamp.txt" 110 | grep "OK" "/tmp/openvas_scan_report_$Timestamp.txt" 1>/dev/null 111 | if [ $? -ne 0 ] ; then 112 | echo ---Error-4---- 113 | exit 114 | fi 115 | 116 | xmlstarlet sel -t -v "start_task_response/report_id" "/tmp/openvas_scan_report_$Timestamp.txt" > "/tmp/openvas_scan_report_id_$Timestamp.txt" 117 | report_id=$(cat "/tmp/openvas_scan_report_id_$Timestamp.txt") 118 | 119 | echo Escaneando... 120 | salir=0 121 | while [ $salir -eq 0 ] ; do 122 | #http://docs.greenbone.net/API/OMP/omp.html#command_get_tasks 123 | omp --host=$Server --port=$Port --username=$Username --password=$Password --xml="" 1> "/tmp/openvas_scan_status_report_$Timestamp.txt" 124 | xmlstarlet sel -t -v "get_tasks_response/task/status" "/tmp/openvas_scan_status_report_$Timestamp.txt" > "/tmp/openvas_scan_status_scan_$Timestamp.txt" 125 | grep "Internal Error" "/tmp/openvas_scan_status_scan_$Timestamp.txt" 1>/dev/null 126 | if [ $? -eq 0 ] ; then 127 | echo "Internal Error" 128 | salir=1 129 | rm "/tmp/openvas_scan_target_$Timestamp.txt" 130 | rm "/tmp/openvas_scan_target_id_$Timestamp.txt" 131 | rm "/tmp/openvas_scan_task_$Timestamp.txt" 132 | rm "/tmp/openvas_scan_task_id_$Timestamp.txt" 133 | rm "/tmp/openvas_scan_report_$Timestamp.txt" 134 | rm "/tmp/openvas_scan_report_id_$Timestamp.txt" 135 | rm "/tmp/openvas_scan_status_scan_$Timestamp.txt" 136 | exit 1 137 | fi 138 | 139 | grep "Stopped" "/tmp/openvas_scan_status_scan_$Timestamp.txt" 1>/dev/null 140 | if [ $? -eq 0 ] ; then 141 | echo "Stopped" 142 | rm "/tmp/openvas_scan_target_$Timestamp.txt" 143 | rm "/tmp/openvas_scan_target_id_$Timestamp.txt" 144 | rm "/tmp/openvas_scan_task_$Timestamp.txt" 145 | rm "/tmp/openvas_scan_task_id_$Timestamp.txt" 146 | rm "/tmp/openvas_scan_report_$Timestamp.txt" 147 | rm "/tmp/openvas_scan_report_id_$Timestamp.txt" 148 | rm "/tmp/openvas_scan_status_scan_$Timestamp.txt" 149 | salir=1 150 | exit 1 151 | fi 152 | grep "Done" "/tmp/openvas_scan_status_scan_$Timestamp.txt" 1>/dev/null 153 | if [ $? -eq 0 ] ; then 154 | salir=1 155 | else 156 | ping -c 61 127.0.0.1 > /dev/null 157 | date +"%H:%M" 158 | salir=0 159 | fi 160 | done 161 | 162 | echo Generando Reporte... 163 | #http://docs.greenbone.net/API/OMP/omp.html#command_get_reports 164 | omp --host=$Server --port=$Port --username=$Username --password=$Password --xml="" 1> "/tmp/openvas_scan_report_response_$Timestamp.txt" 165 | xmlstarlet sel -t -v "get_reports_response/report/text()" "/tmp/openvas_scan_report_response_$Timestamp.txt" > "/tmp/openvas_scan_b64_report_$Timestamp.txt" 166 | cat "/tmp/openvas_scan_b64_report_$Timestamp.txt" | openssl enc -base64 -d -A > "/tmp/OpenvasReport - $Timestamp.html" 167 | 168 | rm "/tmp/openvas_scan_target_$Timestamp.txt" 169 | rm "/tmp/openvas_scan_target_id_$Timestamp.txt" 170 | rm "/tmp/openvas_scan_task_$Timestamp.txt" 171 | rm "/tmp/openvas_scan_task_id_$Timestamp.txt" 172 | rm "/tmp/openvas_scan_report_$Timestamp.txt" 173 | rm "/tmp/openvas_scan_report_id_$Timestamp.txt" 174 | rm "/tmp/openvas_scan_status_scan_$Timestamp.txt" 175 | rm "/tmp/openvas_scan_status_report_$Timestamp.txt" 176 | rm "/tmp/openvas_scan_report_response_$Timestamp.txt" 177 | rm "/tmp/openvas_scan_b64_report_$Timestamp.txt" 178 | -------------------------------------------------------------------------------- /plink.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/plink.zip -------------------------------------------------------------------------------- /pscp.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/pscp.zip -------------------------------------------------------------------------------- /qark.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set DirApp=%1 4 | set PathAPK=%2 5 | set FileApk=%3 6 | set Timestamp=%4 7 | set Documentacion=%5 8 | set Server=%6 9 | set Username=%7 10 | set Password=%8 11 | 12 | set PathAPK=%PathAPK:"=% 13 | set FileApk=%FileApk:"=% 14 | set DirApp=%DirApp:"=% 15 | set Documentacion=%Documentacion:"=% 16 | set Documentacion="%Documentacion%\QarkReport - %FileApk%_%Timestamp%.tar.gz" 17 | 18 | @title=[Qark] - %FileApk% 19 | 20 | rem $git clone https://github.com/linkedin/qark 21 | "%~dp0pscp.exe" -l %Username% -pw %Password% -C "%PathAPK%" %Server%:"/tmp/%FileApk%_%Timestamp%.apk" 22 | "%~dp0pscp.exe" -l %Username% -pw %Password% -C "%~dp0qark.sh" %Server%:"/tmp/qark.sh" 23 | "%~dp0plink.exe" -P 22 -ssh -l %Username% -pw %Password% -C %Server% "tr -d '\15\32' < /tmp/qark.sh > '%DirApp%/qark.sh'" 24 | "%~dp0plink.exe" -P 22 -ssh -l %Username% -pw %Password% -C %Server% "rm -f '/tmp/qark.sh'" 25 | 26 | :retry 27 | cls 28 | echo Ejecutar en el server %Server% el comando: 29 | echo cd "%DirApp%" ; chmod 755 ./qark.sh ; ./qark.sh "%DirApp%" "%FileApk%_%Timestamp%" 30 | echo Solo cuando termine, presione una tecla para obtener el reporte 31 | set /p respuesta="Desea continuar? (y/n)" 32 | pause 33 | 34 | if %respuesta% == y ( 35 | 36 | rem "%~dp0plink.exe" -P 22 -ssh -l %Username% -pw %Password% -C %Server% "export TERM=xterm ; cd '%DirApp%' ; chmod 755 ./qark.sh ; ./qark.sh '%DirApp%' '%FileApk%_%Timestamp%'" 37 | 38 | "%~dp0plink.exe" -P 22 -ssh -l %Username% -pw %Password% -C %Server% "cd '%DirApp%/qark' ; tar -cvzf '/tmp/QarkReport - %FileApk%_%Timestamp%.tar.gz' '/tmp/%FileApk%_%Timestamp%.apk' 'Report_%FileApk%_%Timestamp%/' logs/ exploit/" 39 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/QarkReport - %FileApk%_%Timestamp%.tar.gz" %Documentacion% 40 | "%~dp0plink.exe" -P 22 -ssh -l %Username% -pw %Password% -C %Server% "rm -f '/tmp/QarkReport - %FileApk%_%Timestamp%.tar.gz' '%DirApp%/qark.sh'" 41 | 42 | echo %Documentacion% 43 | pause 44 | ) else ( 45 | if %respuesta% == n ( 46 | goto :fin 47 | ) else ( 48 | goto :retry 49 | ) 50 | ) 51 | 52 | :fin -------------------------------------------------------------------------------- /qark.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | DirApp=$1 3 | APK=$(echo $2 | sed 's/"//g') 4 | 5 | cd $DirApp 6 | 7 | rm -fr report/build/ logs/ exploit/ 8 | qark --apk "/tmp/$APK.apk" --debug --exploit-apk --report-type html --sdk-path tools/ 9 | if [ -f build/qark/app/build/outputs/apk/app-debug.apk ] ; then 10 | mkdir exploit/ 11 | cp build/qark/app/build/outputs/apk/app-debug.apk exploit/ 12 | fi 13 | 14 | if [ -f build/qark/app/build/outputs/apk/app-debug-unaligned.apk ] ; then 15 | mkdir exploit/ 16 | cp build/qark/app/build/outputs/apk/app-debug-unaligned.apk exploit/ 17 | fi 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /qualys_get_reports_templates.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Username=%1 4 | set Password=%2 5 | set Timestamp=%3 6 | set UsoProxy=%4 7 | set ProxyIP=%5 8 | set ProxyPort=%6 9 | set ProxyUser=%7 10 | set ProxyPassword=%8 11 | 12 | @title=[Qualys] - Obteniendo "Reports Template" 13 | 14 | if %UsoProxy% EQU 1 ( set Proxy=--proxy %ProxyIP%:%ProxyPort% --proxy-anyauth --proxy-user %ProxyUser%:%ProxyPassword% ) 15 | if %UsoProxy% EQU 0 ( set Proxy= ) 16 | 17 | rem Reports Template ID 18 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl SVM" --user %Username%:%Password% "https://qualysapi.qualys.com/msp/report_template_list.php" -o "%TEMP%\qualys_reports_templates_%Timestamp%.txt" 2> NUL 19 | 20 | echo [Config] 1> "%TEMP%\qualys_reports_templates_%Timestamp%.ini" 21 | type "%TEMP%\qualys_reports_templates_%Timestamp%.txt" | "%~dp0xml.exe" sel -T -t -m "/REPORT_TEMPLATE_LIST/REPORT_TEMPLATE" -o "ID" -v "position()" -o "=" -v "ID" -n -o "Nombre" -v "position()" -o "=\"" -v "TITLE" -o "\"" -n -o "Tipo" -v "position()" -o "=\"" -v "TEMPLATE_TYPE" -o "\"" -n -o "Ultimo=" -v "last()" -n 1>> "%TEMP%\qualys_reports_templates_%Timestamp%.ini" 2>NUL 22 | 23 | del /F "%TEMP%\qualys_reports_templates_%Timestamp%.txt" 24 | -------------------------------------------------------------------------------- /qualys_get_scanner_appliances.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Username=%1 4 | set Password=%2 5 | set Timestamp=%3 6 | set UsoProxy=%4 7 | set ProxyIP=%5 8 | set ProxyPort=%6 9 | set ProxyUser=%7 10 | set ProxyPassword=%8 11 | 12 | @title=[Qualys] - Obteniendo "Scanner Appliances" 13 | 14 | if %UsoProxy% EQU 1 ( set Proxy=--proxy %ProxyIP%:%ProxyPort% --proxy-anyauth --proxy-user %ProxyUser%:%ProxyPassword% ) 15 | if %UsoProxy% EQU 0 ( set Proxy= ) 16 | 17 | rem Login 18 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl SVM" -D "%TEMP%\qualys_get_scanner_appliances_auth_%Timestamp%.txt" --data "action=login" --data "username=%Username%" --data "password=%Password%" "https://qualysapi.qualys.com/api/2.0/fo/session/" -o "%TEMP%\qualys_get_scanner_appliances_login_%Timestamp%.txt" 2> NUL 19 | findstr.exe /C:"Bad Login/Password" "%TEMP%\qualys_get_scanner_appliances_login_%Timestamp%.txt" > NUL 20 | if %ERRORLEVEL% EQU 0 ( echo Mal Usuario/Contraseña && pause && exit ) 21 | 22 | findstr.exe /C:"Service Unavailable" "%TEMP%\qualys_get_scanner_appliances_login_%Timestamp%.txt" > NUL 23 | if %ERRORLEVEL% EQU 0 ( echo Qualys Planned Maintenance && pause && exit ) 24 | 25 | rem Scanner Appliances 26 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl SVM" -b "%TEMP%\qualys_get_scanner_appliances_auth_%Timestamp%.txt" -G --data "action=list" "https://qualysapi.qualys.com/api/2.0/fo/appliance/" -o "%TEMP%\qualys_scanner_appliances_%Timestamp%.txt" 2> NUL 27 | findstr.exe /C:"This API cannot be run again for another" "%TEMP%\qualys_scanner_appliances_%Timestamp%.txt" 28 | if %ERRORLEVEL% EQU 0 ( echo La API no se puede usar por unas horas && pause && exit ) 29 | 30 | echo [Config] 1> "%TEMP%\qualys_scanner_appliances_%Timestamp%.ini" 31 | type "%TEMP%\qualys_scanner_appliances_%Timestamp%.txt" | "%~dp0xml.exe" sel -T -t -m "/APPLIANCE_LIST_OUTPUT/RESPONSE/APPLIANCE_LIST/APPLIANCE" -o "ID" -v "position()" -o "=" -v "ID" -n -o "Nombre" -v "position()" -o "=\"" -v "NAME" -o "\"" -n -o "Ultimo=" -v "last()" -n 1>> "%TEMP%\qualys_scanner_appliances_%Timestamp%.ini" 2>NUL 32 | 33 | rem Logout 34 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl SVM" -b "%TEMP%\qualys_get_scanner_appliances_auth_%Timestamp%.txt" --data "action=logout" "https://qualysapi.qualys.com/api/2.0/fo/session/" >NUL 35 | 36 | del /F "%TEMP%\qualys_get_scanner_appliances_auth_%Timestamp%.txt" 37 | del /F "%TEMP%\qualys_get_scanner_appliances_login_%Timestamp%.txt" 38 | del /F "%TEMP%\qualys_scanner_appliances_%Timestamp%.txt" 39 | -------------------------------------------------------------------------------- /qualys_report.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set IP=%2 5 | set Username=%3 6 | set Password=%4 7 | set Documentacion=%5 8 | set TypeReport=%6 9 | set TemplateId=%7 10 | set Timestamp=%8 11 | set UsoProxy=%9 12 | shift 13 | shift 14 | shift 15 | shift 16 | set ProxyIP=%6 17 | set ProxyPort=%7 18 | set ProxyUser=%8 19 | set ProxyPassword=%9 20 | 21 | if %UsoProxy% EQU 1 ( set Proxy=--proxy %ProxyIP%:%ProxyPort% --proxy-anyauth --proxy-user %ProxyUser%:%ProxyPassword% ) 22 | if %UsoProxy% EQU 0 ( set Proxy= ) 23 | 24 | set Proyecto=%Proyecto:"=% 25 | set IP=%IP:"=% 26 | 27 | @title=[Qualys Report] - %Proyecto% 28 | 29 | set Documentacion=%Documentacion:"=% 30 | set Documentacion="%Documentacion%\QualysReport - %Timestamp%.%TypeReport%" 31 | 32 | echo Generando Reporte... 33 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl Sample" -D "%TEMP%\qualys_report_auth_%Timestamp%.txt" --data "action=login" --data "username=%Username%" --data "password=%Password%" "https://qualysapi.qualys.com/api/2.0/fo/session/" -o "%TEMP%\qualys_report_login_%Timestamp%.txt" 34 | findstr.exe /C:"Bad Login/Password" "%TEMP%\qualys_report_login_%Timestamp%.txt" > NUL 35 | if %ERRORLEVEL% EQU 0 ( echo Mal Usuario/Contraseña && pause && exit ) 36 | 37 | findstr.exe /C:"Service Unavailable" "%TEMP%\qualys_report_login_%Timestamp%.txt" > NUL 38 | if %ERRORLEVEL% EQU 0 ( echo Qualys Planned Maintenance && pause && exit ) 39 | 40 | findstr.exe /C:"This API cannot be run again" "%TEMP%\qualys_report_login_%Timestamp%.txt" > NUL 41 | if %ERRORLEVEL% EQU 0 ( echo This API cannot be run again && pause && exit ) 42 | 43 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl Sample" -b "%TEMP%\qualys_report_auth_%Timestamp%.txt" --data-urlencode "action=launch" --data-urlencode "ips=%IP%" --data-urlencode "echo_request=0" --data-urlencode "template_id=%TemplateId%" --data-urlencode "output_format=%TypeReport%" --data-urlencode "report_title=%Proyecto%" "https://qualysapi.qualys.com/api/2.0/fo/report/" | "%~dp0xml.exe" sel -t -v "/SIMPLE_RETURN/RESPONSE/ITEM_LIST/ITEM/VALUE" > "%TEMP%\qualys_report_id_%Timestamp%.txt" 2>NUL 44 | ping -n 11 127.0.0.1 > NUL 45 | set /P ID=<"%TEMP%\qualys_report_id_%Timestamp%.txt" 46 | 47 | if not defined ID ( 48 | echo "Error en la generacion del reporte. Revise las IP." && pause && del /F "%TEMP%\qualys_report_auth_%Timestamp%.txt" && del /F "%TEMP%\qualys_report_id_%Timestamp%.txt" && exit 49 | ) 50 | 51 | set state=Submitted 52 | 53 | :while1 54 | if /I %state% == Finished ( 55 | echo Descargando... && ping -n 21 127.0.0.1 > NUL && "%~dp0curl.exe" -s --compressed -H "X-Requested-With: Curl Sample" -b "%TEMP%\qualys_report_auth_%Timestamp%.txt" "https://qualysapi.qualys.com/api/2.0/fo/report/?action=fetch&id=%ID%" -o %Documentacion% && echo %Documentacion% && start "" /WAIT /I ""%Documentacion%"" 56 | ) else ( 57 | echo . && ping -n 21 127.0.0.1 > NUL && "%~dp0curl.exe" -s --compressed -H "X-Requested-With: Curl Sample" -b "%TEMP%\qualys_report_auth_%Timestamp%.txt" --data "action=list" --data "id=%ID%" "https://qualysapi.qualys.com/api/2.0/fo/report/" | "%~dp0xml.exe" sel -t -v "/REPORT_LIST_OUTPUT/RESPONSE/REPORT_LIST/REPORT/STATUS/STATE" > "%TEMP%\qualys_report_state_%Timestamp%.txt" 2>NUL && set /p state=< "%TEMP%\qualys_report_state_%Timestamp%.txt" && goto :while1 58 | ) 59 | 60 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl Sample" -b "%TEMP%\qualys_report_auth_%Timestamp%.txt" --data "action=logout" "https://qualysapi.qualys.com/api/2.0/fo/session/" >NUL 61 | 62 | del /F "%TEMP%\qualys_report_auth_%Timestamp%.txt" 63 | del /F "%TEMP%\qualys_report_login_%Timestamp%.txt" 64 | del /F "%TEMP%\qualys_report_id_%Timestamp%.txt" 65 | del /F "%TEMP%\qualys_report_state_%Timestamp%.txt" 66 | 67 | if /I "%TypeReport%" == "xml" ( 68 | type %Documentacion% | "%~dp0xml.exe" sel -t -m "ASSET_DATA_REPORT/GLOSSARY/VULN_DETAILS_LIST/VULN_DETAILS" -v "QID[@id]" -o " - " -v "TITLE" -n 2>NUL | more && type %Documentacion% | "%~dp0xml.exe" sel -t -m "ASSET_DATA_REPORT/HOST_LIST/HOST" -n -v "IP" -m "VULN_INFO_LIST/VULN_INFO" -n -o " QID:" -v "QID[@id]" -n -o " Resultado:" -n -v "RESULT" -n -n 2>NUL | more 69 | ) 70 | 71 | pause 72 | -------------------------------------------------------------------------------- /qualys_report_xml.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | cls 3 | type %1 | "%~dp0xml.exe" sel -t -m "ASSET_DATA_REPORT/GLOSSARY/VULN_DETAILS_LIST/VULN_DETAILS" -v "QID[@id]" -o " - " -v "TITLE" -n 2>NUL | more 4 | type %1 | "%~dp0xml.exe" sel -t -m "ASSET_DATA_REPORT/HOST_LIST/HOST" -n -v "IP" -m "VULN_INFO_LIST/VULN_INFO" -n -o " QID:" -v "QID[@id]" -n -o " Resultado:" -n -v "RESULT" -n -n 2>NUL | more 5 | -------------------------------------------------------------------------------- /qualys_scan.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set IP=%2 5 | set Username=%3 6 | set Password=%4 7 | set Appliance=%5 8 | set Policy=%6 9 | set AutoReport=%7 10 | set Documentacion=%8 11 | set TypeReport=%9 12 | shift 13 | shift 14 | shift 15 | shift 16 | shift 17 | shift 18 | shift 19 | set TemplateId=%3 20 | set Timestamp=%4 21 | set UsoProxy=%5 22 | set ProxyIP=%6 23 | set ProxyPort=%7 24 | set ProxyUser=%8 25 | set ProxyPassword=%9 26 | 27 | set Proyecto=%Proyecto:"=% 28 | set IP=%IP:"=% 29 | 30 | if %Appliance% == External ( title=[Qualys Scan [External]] - "%Proyecto%" ) else ( title=[Qualys Scan [Internal Appliances]] - "%Proyecto%" ) 31 | 32 | if %UsoProxy% EQU 1 ( set Proxy=--proxy %ProxyIP%:%ProxyPort% --proxy-anyauth --proxy-user %ProxyUser%:%ProxyPassword% ) 33 | if %UsoProxy% EQU 0 ( set Proxy= ) 34 | 35 | rem Login 36 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl Sample" -D "%TEMP%\qualys_scan_auth_%Timestamp%.txt" --data "action=login" --data "username=%Username%" --data "password=%Password%" "https://qualysapi.qualys.com/api/2.0/fo/session/" -o "%TEMP%\qualys_scan_login_%Timestamp%.txt" 2> NUL 37 | findstr.exe /C:"Bad Login/Password" "%TEMP%\qualys_scan_login_%Timestamp%.txt" > NUL 38 | if %ERRORLEVEL% EQU 0 ( echo Mal Usuario/Contraseña && pause && exit ) 39 | 40 | findstr.exe /C:"Service Unavailable" "%TEMP%\qualys_scan_login_%Timestamp%.txt" > NUL 41 | if %ERRORLEVEL% EQU 0 ( echo Qualys Planned Maintenance && pause && exit ) 42 | 43 | 44 | rem Launch a Scan 45 | cls 46 | 47 | echo Escaneando... 48 | :while1 49 | if %Appliance% == External ( 50 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl Sample" -b "%TEMP%\qualys_scan_auth_%Timestamp%.txt" --data-urlencode "action=launch" --data-urlencode "ip=%IP%" --data-urlencode "echo_request=0" --data-urlencode "scan_title=%Proyecto%" --data-urlencode "option_title=%Policy%" "https://qualysapi.qualys.com/api/2.0/fo/scan/" -o "%TEMP%\qualys_scan_launch_%Timestamp%.txt" 2> NUL 51 | ) else ( 52 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl Sample" -b "%TEMP%\qualys_scan_auth_%Timestamp%.txt" --data-urlencode "action=launch" --data-urlencode "ip=%IP%" --data-urlencode "echo_request=0" --data-urlencode "scan_title=%Proyecto%" --data-urlencode "iscanner_name=%Appliance%" --data-urlencode "option_title=%Policy%" "https://qualysapi.qualys.com/api/2.0/fo/scan/" -o "%TEMP%\qualys_scan_launch_%Timestamp%.txt" 2> NUL 53 | ) 54 | findstr.exe /C:"This API cannot be run again for another" "%TEMP%\qualys_scan_launch_%Timestamp%.txt" 55 | if %ERRORLEVEL% EQU 0 ( echo La API no se puede usar por unas horas && pause && exit ) 56 | 57 | findstr.exe /C:"This limit has already been reached" "%TEMP%\qualys_scan_launch_%Timestamp%.txt" 58 | if %ERRORLEVEL% EQU 0 ( echo Se alcanzo el limite de escaneos && pause && exit ) 59 | 60 | type "%TEMP%\qualys_scan_launch_%Timestamp%.txt" | "%~dp0xml.exe" sel -t -v "/SIMPLE_RETURN/RESPONSE/ITEM_LIST/ITEM/VALUE" 2>NUL | find "scan/" > "%TEMP%\qualys_scan_id_%Timestamp%.txt" 2>NUL 61 | 62 | ping -n 11 127.0.0.1 > NUL 63 | set /P ID=<"%TEMP%\qualys_scan_id_%Timestamp%.txt" 64 | 65 | if not defined ID ( 66 | echo La ip no esta en Qualys. Agregando... && "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl Sample" -u %Username%:%Password% -G --data-urlencode "action=add" --data-urlencode "host_ips=%IP%" --data-urlencode "tracking_method=ip" --data-urlencode "owner=%Username%" --data-urlencode "comment=%Proyecto%" "https://qualysapi.qualys.com/msp/asset_ip.php" > NUL 2> NUL && echo Agregado && ping -n 11 127.0.0.1 > NUL && goto while1 67 | ) 68 | 69 | rem Details Scans 70 | :while2 71 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl Sample" -b "%TEMP%\qualys_scan_auth_%Timestamp%.txt" --data-urlencode "action=list" --data-urlencode "scan_ref=%ID%" "https://qualysapi.qualys.com/api/2.0/fo/scan/" | "%~dp0xml.exe" sel -t -v "/SCAN_LIST_OUTPUT/RESPONSE/SCAN_LIST/SCAN/STATUS/STATE" > "%TEMP%\qualys_scan_status_%Timestamp%.txt" 2>NUL 72 | set /p STATUS=< "%TEMP%\qualys_scan_status_%Timestamp%.txt" 73 | if /I %STATUS% == Finished ( echo: ) else ( ping -n 61 127.0.0.1 > NUL && time /T && goto :while2 ) 74 | 75 | rem Logout 76 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl Sample" -b "%TEMP%\qualys_scan_auth_%Timestamp%.txt" --data "action=logout" "https://qualysapi.qualys.com/api/2.0/fo/session/" >NUL 77 | 78 | 79 | rem Export Scan 80 | call "%~dp0qualys_scan_report.bat" "%Proyecto%" "%IP%" %Username% %Password% %Documentacion% %TypeReport% 1075927 %Timestamp% %UsoProxy% %ProxyIP% %ProxyPort% %ProxyUser% %ProxyPassword% 81 | 82 | if %AutoReport% EQU 1 ( call "%~dp0qualys_report.bat" "%Proyecto%" "%IP%" %Username% %Password% %Documentacion% %TypeReport% %TemplateId% %Timestamp% %UsoProxy% %ProxyIP% %ProxyPort% %ProxyUser% %ProxyPassword% ) 83 | 84 | del /F "%TEMP%\qualys_scan_auth_%Timestamp%.txt" 85 | del /F "%TEMP%\qualys_scan_login_%Timestamp%.txt" 86 | del /F "%TEMP%\qualys_scan_id_%Timestamp%.txt" 87 | del /F "%TEMP%\qualys_scan_launch_%Timestamp%.txt" 88 | del /F "%TEMP%\qualys_scan_status_%Timestamp%.txt" 89 | 90 | pause -------------------------------------------------------------------------------- /qualys_scan_report.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set Proyecto=%1 4 | set IP=%2 5 | set Username=%3 6 | set Password=%4 7 | set Documentacion=%5 8 | set TypeReport=%6 9 | set TemplateId=%7 10 | set Timestamp=%8 11 | set UsoProxy=%9 12 | shift 13 | shift 14 | shift 15 | shift 16 | set ProxyIP=%6 17 | set ProxyPort=%7 18 | set ProxyUser=%8 19 | set ProxyPassword=%9 20 | 21 | if %UsoProxy% EQU 1 ( set Proxy=--proxy %ProxyIP%:%ProxyPort% --proxy-anyauth --proxy-user %ProxyUser%:%ProxyPassword% ) 22 | if %UsoProxy% EQU 0 ( set Proxy= ) 23 | 24 | set Proyecto=%Proyecto:"=% 25 | set IP=%IP:"=% 26 | 27 | @title=[Qualys Scan Report] - %Proyecto% 28 | 29 | set Documentacion=%Documentacion:"=% 30 | set Documentacion="%Documentacion%\QualysScanReport - %Timestamp%.%TypeReport%" 31 | 32 | echo Generando Reporte... 33 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl Sample" -D "%TEMP%\qualys_scan_report_auth_%Timestamp%.txt" --data "action=login" --data "username=%Username%" --data "password=%Password%" "https://qualysapi.qualys.com/api/2.0/fo/session/" -o "%TEMP%\qualys_scan_report_login_%Timestamp%.txt" 34 | findstr.exe /C:"Bad Login/Password" "%TEMP%\qualys_scan_report_login_%Timestamp%.txt" > NUL 35 | if %ERRORLEVEL% EQU 0 ( echo Mal Usuario/Contraseña && pause && exit ) 36 | 37 | findstr.exe /C:"Service Unavailable" "%TEMP%\qualys_scan_report_login_%Timestamp%.txt" > NUL 38 | if %ERRORLEVEL% EQU 0 ( echo Qualys Planned Maintenance && pause && exit ) 39 | 40 | findstr.exe /C:"This API cannot be run again" "%TEMP%\qualys_scan_report_login_%Timestamp%.txt" > NUL 41 | if %ERRORLEVEL% EQU 0 ( echo This API cannot be run again && pause && exit ) 42 | 43 | "%~dp0curl.exe" -s %Proxy% -H "X-Requested-With: Curl Sample" -b "%TEMP%\qualys_scan_report_auth_%Timestamp%.txt" --data-urlencode "action=launch" --data-urlencode "ips=%IP%" --data-urlencode "echo_request=0" --data-urlencode "template_id=%TemplateId%" --data-urlencode "output_format=%TypeReport%" --data-urlencode "report_title=%Proyecto%" "https://qualysapi.qualys.com/api/2.0/fo/report/" | "%~dp0xml.exe" sel -t -v "/SIMPLE_RETURN/RESPONSE/ITEM_LIST/ITEM/VALUE" > "%TEMP%\qualys_scan_report_id_%Timestamp%.txt" 2>NUL 44 | ping -n 11 127.0.0.1 > NUL 45 | set /P ID=<"%TEMP%\qualys_scan_report_id_%Timestamp%.txt" 46 | 47 | if not defined ID ( 48 | echo "Error en la generacion del reporte. Revise las IP." && pause && del /F "%TEMP%\qualys_scan_report_auth_%Timestamp%.txt" && del /F "%TEMP%\qualys_scan_report_id_%Timestamp%.txt" && exit 49 | ) 50 | 51 | set state=Submitted 52 | 53 | :while1 54 | if /I %state% == Finished ( 55 | echo Descargando... && ping -n 21 127.0.0.1 > NUL && "%~dp0curl.exe" -s --compressed -H "X-Requested-With: Curl Sample" -b "%TEMP%\qualys_scan_report_auth_%Timestamp%.txt" "https://qualysapi.qualys.com/api/2.0/fo/report/?action=fetch&id=%ID%" -o %Documentacion% && echo %Documentacion% && start "" /WAIT /I ""%Documentacion%"" 56 | ) else ( 57 | echo . && ping -n 21 127.0.0.1 > NUL && "%~dp0curl.exe" -s --compressed -H "X-Requested-With: Curl Sample" -b "%TEMP%\qualys_scan_report_auth_%Timestamp%.txt" -d "action=list&id=%ID%" "https://qualysapi.qualys.com/api/2.0/fo/report/" | "%~dp0xml.exe" sel -t -v "/REPORT_LIST_OUTPUT/RESPONSE/REPORT_LIST/REPORT/STATUS/STATE" > "%TEMP%\qualys_scan_report_state_%Timestamp%.txt" 2>NUL && set /p state=< "%TEMP%\qualys_scan_report_state_%Timestamp%.txt" && goto :while1 58 | ) 59 | 60 | "%~dp0curl.exe" -s %Proxy% --compressed -H "X-Requested-With: Curl Sample" -b "%TEMP%\qualys_scan_report_auth_%Timestamp%.txt" -d "action=logout" "https://qualysapi.qualys.com/api/2.0/fo/session/" >NUL 61 | 62 | del /F "%TEMP%\qualys_scan_report_auth_%Timestamp%.txt" 63 | del /F "%TEMP%\qualys_scan_report_login_%Timestamp%.txt" 64 | del /F "%TEMP%\qualys_scan_report_id_%Timestamp%.txt" 65 | del /F "%TEMP%\qualys_scan_report_state_%Timestamp%.txt" 66 | 67 | pause 68 | -------------------------------------------------------------------------------- /recon_ng_remote.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | rem https://www.youtube.com/watch?v=p2gpjTZgOa0 - OSINT - recon-ng information gathering example tutorial 4 | set Proyecto=%1 5 | set Domains=%2 6 | set Documentacion=%3 7 | set Timestamp=%4 8 | set Server=%5 9 | set Username=%6 10 | set Password=%7 11 | 12 | rem MODIFY WITH YOUR APIs 13 | set google_api= 14 | set github_api= 15 | set hashes_api= 16 | set shodan_api= 17 | set pwnedlist_api= 18 | set pwnedlist_secret= 19 | set pwnedlist_iv= 20 | set fullcontact_api= 21 | set virustotal_api= 22 | set twitter_api= 23 | set twitter_secret= 24 | set bing_api= 25 | set builtwith_api= 26 | set flickr_api= 27 | set jigsaw_username= 28 | set jigsaw_password= 29 | set jigsaw_api= 30 | set ipstack_api= 31 | set ipinfodb_api= 32 | set censysio_id= 33 | set censysio_secret= 34 | rem MODIFY WITH YOUR APIs 35 | 36 | set Documentacion=%Documentacion:"=% 37 | set DocumentacionReport="%Documentacion%\recon-ngReport - %Timestamp%.html" 38 | set DocumentacionNetworks="%Documentacion%\recon-ngReport-Networks - %Timestamp%.txt" 39 | set DocumentacionSubdomains="%Documentacion%\recon-ngReport-Subdomains - %Timestamp%.txt" 40 | set DocumentacionIP="%Documentacion%\recon-ngReport-IP - %Timestamp%.txt" 41 | 42 | @title=[Recon-ng] - %Proyecto% 43 | 44 | rem git clone https://bitbucket.org/LaNMaSteR53/recon-ng.git 45 | rem pip install -r REQUIREMENTS 46 | rem Otros modulos para Recon-ng 47 | rem https://github.com/scumsec/Recon-ng-modules 48 | rem http://10degres.net/subdomain-enumeration/ mas tools 49 | echo "Generando script..." 50 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'workspaces add %Proyecto%' > '/tmp/recon-ng-script_%Timestamp%.txt'" 51 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'add companies %Proyecto%' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 52 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'workspaces select %Proyecto%' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 53 | 54 | set Domains=%Domains:"=% 55 | for %%a in (%Domains:,= %) do ( 56 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'add domains %%a' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 57 | ) 58 | echo . 59 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'load recon/domains-hosts/netcraft' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 60 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 61 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'keys add bing_api %bing_api%' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 62 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'keys add builtwith_api %builtwith_api%' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 63 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'keys add fullcontact_api %fullcontact_api%' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 64 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'keys add github_api %github_api%' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 65 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'keys add google_api %google_api%' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 66 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'keys add google_cse %google_cse%' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 67 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'keys add hashes_api %hashes_api%' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 68 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'keys add shodan_api %shodan_api%' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 69 | echo . 70 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/domains-hosts/bing_domain_api' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 71 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 72 | echo . 73 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/domains-hosts/bing_domain_web' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 74 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 75 | echo . 76 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/domains-hosts/builtwith' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 77 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 78 | echo . 79 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/domains-hosts/brute_hosts' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 80 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 81 | echo . 82 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/domains-hosts/ssl_san' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 83 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 84 | echo . 85 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/domains-hosts/vpnhunter' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 86 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 87 | echo . 88 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/domains-hosts/certificate_transparency' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 89 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 90 | echo . 91 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/domains-hosts/google_site_web' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 92 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 93 | echo . 94 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/domains-hosts/hackertarget' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 95 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 96 | echo . 97 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/domains-hosts/mx_spf_ip' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 98 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 99 | echo . 100 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/domains-hosts/shodan_hostname' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 101 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 102 | echo . 103 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/domains-hosts/threatcrowd' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 104 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 105 | 106 | 107 | echo . 108 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/netblocks-hosts/reverse_resolve' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 109 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 110 | echo . 111 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/netblocks-hosts/shodan_net' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 112 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 113 | 114 | rem "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/netblocks-companies/whois_orgs' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 115 | rem "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 116 | 117 | rem "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/netblocks-ports/census_2012' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 118 | rem "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 119 | rem "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/netblocks-ports/censysio' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 120 | rem "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 121 | 122 | rem "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/ports-hosts/migrate_ports' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 123 | rem "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 124 | 125 | echo . 126 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/hosts-hosts/reverse_resolve' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 127 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 128 | echo . 129 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/hosts-hosts/resolve' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 130 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 131 | echo . 132 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/hosts-hosts/bing_ip' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 133 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 134 | echo . 135 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/hosts-hosts/freegeoip' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 136 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 137 | echo . 138 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/hosts-hosts/ipinfodb' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 139 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 140 | echo . 141 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/hosts-hosts/ssltools' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 142 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 143 | rem "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'use recon/hosts-ports/shodan_ip' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 144 | rem "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 145 | 146 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'back' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 147 | 148 | echo . 149 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'spool start /tmp/recon-ngreport-networks - %Timestamp%.txt' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 150 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'query SELECT netblock FROM netblocks ORDER BY netblock' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 151 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'spool stop' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 152 | 153 | echo . 154 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'spool start /tmp/recon-ngreport-ip - %Timestamp%.txt' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 155 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'query SELECT DISTINCT ip_address FROM hosts WHERE ip_address IS NOT NULL ORDER BY host' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 156 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'spool stop' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 157 | 158 | echo . 159 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'spool start /tmp/recon-ngreport-subdomains - %Timestamp%.txt' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 160 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'query SELECT DISTINCT host,ip_address FROM hosts WHERE ip_address IS NOT NULL ORDER BY host' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 161 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'spool stop' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 162 | 163 | echo . 164 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'load reporting/html' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 165 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'set CREATOR SVM' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 166 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'set CUSTOMER %Proyecto%' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 167 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'set FILENAME /tmp/recon-ngReport - %Timestamp%.html' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 168 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'set SANITIZE True' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 169 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'run' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 170 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "echo 'exit' >> '/tmp/recon-ng-script_%Timestamp%.txt'" 171 | 172 | echo "Ejecutando..." 173 | rem "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "/root/recon-ng/recon-ng -r '/tmp/recon-ng-script_%Timestamp%.txt'" 174 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "which recon-ng ; if [ $? -ne 0 ] ; then /root/recon-ng/recon-ng -r '/tmp/recon-ng-script_%Timestamp%.txt' ; else recon-ng -r '/tmp/recon-ng-script_%Timestamp%.txt' ; fi" 175 | 176 | echo "Generando Reporte..." 177 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "unix2dos '/tmp/recon-ngreport-networks - %Timestamp%.txt'" 178 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "unix2dos '/tmp/recon-ngreport-subdomains - %Timestamp%.txt'" 179 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "unix2dos '/tmp/recon-ngreport-ip - %Timestamp%.txt'" 180 | 181 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/recon-ngReport - %Timestamp%.html" %DocumentacionReport% 182 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/recon-ngreport-networks - %Timestamp%.txt" %DocumentacionNetworks% 183 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/recon-ngreport-subdomains - %Timestamp%.txt" %DocumentacionSubdomains% 184 | "%~dp0pscp.exe" -P 22 -l %Username% -pw %Password% -C %Server%:"/tmp/recon-ngreport-ip - %Timestamp%.txt" %DocumentacionIP% 185 | 186 | 187 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "rm -f '/tmp/recon-ngReport - %Timestamp%.html'" 188 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "rm -f '/tmp/recon-ngreport-networks - %Timestamp%.txt'" 189 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "rm -f '/tmp/recon-ngreport-subdomains - %Timestamp%.txt'" 190 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "rm -f '/tmp/recon-ngreport-ip - %Timestamp%.txt'" 191 | "%~dp0plink.exe" -no-antispoof -P 22 -ssh -P 22 -l %Username% -pw %Password% -C %Server% "rm -f '/tmp/recon-ng-script_%Timestamp%.txt'" 192 | 193 | 194 | echo %DocumentacionReport% 195 | echo %DocumentacionNetworks% 196 | echo %DocumentacionSubdomains% 197 | echo %DocumentacionIP% 198 | 199 | pause -------------------------------------------------------------------------------- /run_avd.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set AndroidSDK=%1 4 | set AVDName=%2 5 | set Proxy=%3 6 | set Port=%4 7 | 8 | @title=[Android Emulator - %AVDName%] 9 | 10 | set AndroidSDK=%AndroidSDK:"=% 11 | 12 | echo Primero inicie el proxy(Burpsuite/OWASP ZAP) y luego presione una tecla para iniciar el emulador Android 13 | pause 14 | "%AndroidSDK%\tools\emulator.exe" -avd %AVDName% -http-proxy %Proxy%:%Port% -debug-proxy 15 | pause 16 | 17 | -------------------------------------------------------------------------------- /scripts_all.sha256: -------------------------------------------------------------------------------- 1 | b8c878c4759e99d57f13bb965858e580b7e98315d76c555b6f79603e1e47995a *svm.zip 2 | 1f882c765382adcbd9fb068b6765bdb5c9352ee27751d0c8c49da9de3aac83e5 *acunetix_scan.bat 3 | 91baa629b0bf7cc431a37ce27674b092f4cf36c8764472506c57d84ad7ae31d6 *acunetix_v11_scan.bat 4 | 04ae1b2adca43503fd3557ec5e582570775bfa009abb6d81663002053cb5e9fd *androbugs_framework.bat 5 | 5eaf3d09b98d7b317e182624ae48753085cf185f8e2397de67e14ce4d4407f58 *android_comandos.bat 6 | e928b2946c1964370918036e09e671dd8edba8ba4e246676882d985c9077ee0e *apktool_build_local.bat 7 | 7a36bc8452813126130938ca1ef2310c59aa7054cbacf6aaff496a25e6626c1f *apktool_decode_local.bat 8 | 2356b08656dd86d3fc164edeb8cd1df32084d809183743b2b92e326d694cbe15 *apktool_decode_remote.bat 9 | 4fe213123eaacf10f397299d385848fcccebc08b41f1f99b5143fa2be1a16b24 *apk_install_local.bat 10 | 6895ada5b0347a40efc9daf784ca00cfb7d4633510bff5600f245788ac1bd378 *apk_install_remote.bat 11 | adb7b1e34526c9e4ae0f26717c953ae9ce218fdd0f3986db9f53a4efb75fdb5b *apk_sign_local.bat 12 | b22984214ebda308149aa981395ea0c21288711e86203b445a6d3b20b173aaec *arachni_scan_remote.bat 13 | 0b094be776257040a2a30dfa1925b4ea314d98aa627288e03a51aba171754ce3 *burpsuite_scan.bat 14 | c1fd9b235896b1094ee97bfb7e042f93530b5e300781f59b45edf84ee8c75000 *ca-bundle.crt 15 | 2d81a88f430cf755d61cae4f15819898497838883965f0a09c431ad762e2eb17 *upload_file.bat 16 | 4ca79ad9cecdc8d5cc8a66d588f216b7f3ad805fb3301ca48318b7835f4c29f1 *changelog.txt 17 | 1b9536e623864d8a0e67f97660cde644e92bc0ae42a772f3783aadb6cd21cf26 *curl.zip 18 | aabcd33c565205e21e5b1c7d4c8a53852c90be192a434ecdb50e33993b62b3b2 *enjarify_local.bat 19 | 8d3d3d2de32ec7634fc4ff52d112ddd5212fab4380df146b32555a0adc3241f7 *enjarify_remote.bat 20 | f4f50db9717fab704707320b034c3db5f174648637ead728f3f79f9c7b293bd0 *EyeWitness_remote.bat 21 | d0b45b300fec41d43643bdea7ad040853814e4b1f0ad75cd6071bff3c4ed8630 *install_upgrade_tools_local.bat 22 | f94828e891079c712cc7420294accb217a4c52be0ec1e1e311ddd1fb3a71ce41 *install_upgrade_tools_remoto.bat 23 | 173e6d4f579e78761dc904914c81b844e6fdc98f4d006c5413484cbc63e1ccac *install_upgrade_tools_remoto.sh 24 | eed0338d4f24644161ae5ffd789f90e24a1dd726b6a5e6d8a935a1a2418a34c7 *jd-gui.bat 25 | fc33445c2f28feb32ea554569be431bfffd7168193a2834a3efbced8b97dfa2f *jq-win32.zip 26 | b3bb2dd0144090726c835cf377398b9467b32f36a0ff24caf67598facc6f7bdd *libeay32.zip 27 | 99d435a6ff957c1df635b8ff140c9ea86d8d8b658b9c2e2b2129dfeee7afb829 *Login_fast.rb 28 | d3135397e7def15d31be2132322c94a35e7476c33ad543fb811264aeb937918e *Login_slow.rb 29 | 6e45e643cd692dd1e18a586003dbfe9bf43c30095bc6fa8bee7353ae795b0caa *mobsf.bat 30 | 80ed413d0a2ebdc7ac97cd6d90888b8da639f7f20f44b4bebcd9ee250bdb87ef *nessus_get_policies.bat 31 | 8653c704670858d06746b27e6c479cd40d887ac9d1ce8587a745567961717fbb *nessus_scan.bat 32 | 69e67389f9cc415e6ac7dff2275d92b478161b3438e3c82eac018cd3f05c1c79 *netsparker_scan.bat 33 | 7015751b5490a493f4ab1fbe3b1f683330fec52cda6a4f98b6c59d01a9f2aa12 *nmap.xsl 34 | 0305539062313a7549eaa23d06bb716d13a629af7b1f5d844f2f98c145322c94 *nmap_scan.bat 35 | 97a065be5be19ad92f1447eb3125cb7c55594eb62e4a1d969e03beff3bd68c46 *nmap_scan_remote.bat 36 | 287c54a6a7bc86f1e322965ef4270c7dd06829bccf233b79afea842f75fff51e *omp.zip 37 | 49ec2a731c5cbc34fb4c02f0ea99e933939957c1df19d166a78abf7b525a4485 *omp_cracked.zip 38 | 404ec93531d05656c6f29e4057398474f72000724858ed6f8274c5e05bba6902 *openssl.zip 39 | d5a8c01748460e7e5488f54e993d457870acdc18e1c69240a8bed335482d8ddc *openvas_get_report_formats.bat 40 | f683e6279bce13f4215cf4622c8dedc899a503aee0fb87faa674cd267901b4ba *openvas_get_report_formats_remote.bat 41 | d8020693da9ecf88582e37942a2b57088a08db75d5020b20779ce5a911a35305 *openvas_get_report_formats_remote.sh 42 | b081815593cc1159a471f20c92a20becbbaac2ec6bcb05b856c0d1a78c90a2e9 *openvas_get_scan_configs.bat 43 | 15f0f9b7e6b1649fb91db38b5764bdd4d0117e46d475172d0397a19123fd45bd *openvas_get_scan_configs_remote.bat 44 | 735fad130fe99e0aecdc9365cec49ba0ab91d0c72a08404331175dfaabc27154 *openvas_get_scan_configs_remote.sh 45 | 1e8f53010033d41288cc9f2e7b769467a482b156aecc84405b690548260656c7 *openvas_scan.bat 46 | 3105ba2eb4ea26a1cb08453f0ea77fc41aece5f67a8f5f890b294b85126c585b *openvas_scan_remote.bat 47 | d2cded7dff3f3c41309bff107daf290f45cbebd1fb5af1300c61f7ae352bc05f *openvas_scan_remote.sh 48 | 4750b778cf205c77e6b2d128048fa66feaf7240eca5071b571c8f9691bfdc6c5 *plink.zip 49 | d5d41592745f9a30bef88f36efdb261939e7f9ef81386a7cb95bec63dcaf7a11 *pscp.zip 50 | 7333cd1a48eeb6826e9422a2240108de1b1b9818bef0b95a424fdcc44578a17d *qark.bat 51 | 1d0f396c8d2a8c542b931a2ce716953acda5362ced5c5bbcc94367c35eb17985 *qark.sh 52 | 5d4bf3daa2c194d0fd96db6ea878dc31aa8a753d555ed9d8f2928ed17ad6b58b *qualys_get_reports_templates.bat 53 | 677d621bfb08568742e94d9ef3695afbbf0e064ffcdede1ee8976e856e5cb9eb *qualys_get_scanner_appliances.bat 54 | 8c951e72ecf5947224fef814c6b25ce5832aa734e2a5ca17b55c35ba93f6d499 *qualys_report.bat 55 | c74f5ad6e75d980ae708f2a7ca5409bb549eb213c9c75cfde3b7239c409b11ca *qualys_report_xml.bat 56 | 8660af06f61be99a09b9b752477abfe7802a5e81ad618021cf11fea095e1b0a9 *qualys_scan.bat 57 | 926368db9062fbaa3a5db9002e6013d38a3cd2bc8781b1f50c61dc7a696db2e8 *qualys_scan_report.bat 58 | 08c24bdb0bffb535b795786b1fe83e799a24a99cd4a702ac2ff12284b7af0e3a *recon_ng_remote.bat 59 | a410926888d5537c6f347a8b7a5445afee6f047843d3d7ccdc5c9012a7d9a0a6 *RPCPublicKey.DH 60 | 4ec49c6961aa723556536d1ce6f2b21c0c2c19eae4d6e143cc22b7961ed8a372 *run_avd.bat 61 | dfc70509f15b1768b91142b5e09888c30a581d0614814a36172eb4dd0a98ebb2 *ssleay32.zip 62 | 03a00f06a3c5a70ed41118149b91eab46b421572568099098602b82f145addb8 *svm_en.ini 63 | 968f4c46f1fcf66533c07f106782f4769d4fe4e8aaf048177a72312122965c5b *svm_es.ini 64 | 043391385a1e83b330c3b5c546d697d932f3300782684b88cce965907c057013 *svm_rus.ini 65 | aaa8b85159921e25448e3b9c5f55d59000a211fc3bc87095094cc484d5356bcd *svm_virgen.ini 66 | bfb7900ec1743a670525d6c5b6b2ba3a49946dca886d62c787780db02ccaf403 *Template_SVM.dotx 67 | f339f103a5fb4e5589c231be90778b2bbcfa52b338499255a060e5977adea184 *webshotcmd.zip 68 | bc8b3cf5a2304a2b13b2b0e5e72a57f686729d6e06dd85445f9d3d01184cb8c9 *web_proyectos.bat 69 | 3f5d52ed35e261f04164022fcb33f2099746f69e9dd8f832ccb228cf6b1609f5 *web_vulnerabilidades.bat 70 | 50b0cabaad4d2a968984d18f7d7e7916fd9c5daee88e948efde8ac36762dd935 *update_all_scripts.bat 71 | e9b57e4ce1871a574ba8e0f2e054e7d8279fc54ab45fde007d5d8d5e804a9afc *xml.zip 72 | -------------------------------------------------------------------------------- /ssleay32.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/ssleay32.zip -------------------------------------------------------------------------------- /svm.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm.zip -------------------------------------------------------------------------------- /svm_en.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_en.ini -------------------------------------------------------------------------------- /svm_es.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_es.ini -------------------------------------------------------------------------------- /svm_rus.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_rus.ini -------------------------------------------------------------------------------- /svm_screenshot1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_screenshot1.png -------------------------------------------------------------------------------- /svm_screenshot10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_screenshot10.png -------------------------------------------------------------------------------- /svm_screenshot11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_screenshot11.png -------------------------------------------------------------------------------- /svm_screenshot2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_screenshot2.png -------------------------------------------------------------------------------- /svm_screenshot3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_screenshot3.png -------------------------------------------------------------------------------- /svm_screenshot4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_screenshot4.png -------------------------------------------------------------------------------- /svm_screenshot5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_screenshot5.png -------------------------------------------------------------------------------- /svm_screenshot6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_screenshot6.png -------------------------------------------------------------------------------- /svm_screenshot7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_screenshot7.png -------------------------------------------------------------------------------- /svm_screenshot8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_screenshot8.png -------------------------------------------------------------------------------- /svm_screenshot9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/svm_screenshot9.png -------------------------------------------------------------------------------- /svm_virgen.ini: -------------------------------------------------------------------------------- 1 | [Config] 2 | UseServer=False 3 | Server=svm.myddns.me 4 | Port=8443 5 | Timeout=50 6 | Token=svm_demo 7 | UseEncryption=True 8 | RememberPass=True 9 | Language=en -------------------------------------------------------------------------------- /update_all_scripts.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | call :actualizar nmap_scan.bat 4 | call :actualizar nmap_scan_remote.bat 5 | call :actualizar nessus_scan.bat 6 | call :actualizar nessus_get_policies.bat 7 | call :actualizar acunetix_scan.bat 8 | call :actualizar acunetix_v11_scan.bat 9 | call :actualizar arachni_scan_remote.bat 10 | call :actualizar qualys_scan.bat 11 | call :actualizar qualys_scan_report.bat 12 | call :actualizar qualys_report.bat 13 | call :actualizar qualys_report_xml.bat 14 | call :actualizar qualys_get_scanner_appliances.bat 15 | call :actualizar qualys_get_reports_templates.bat 16 | call :actualizar burpsuite_scan.bat 17 | call :actualizar apktool_decode_local.bat 18 | call :actualizar apktool_decode_remote.bat 19 | call :actualizar apktool_build_local.bat 20 | call :actualizar androbugs_framework.bat 21 | call :actualizar enjarify_local.bat 22 | call :actualizar enjarify_remote.bat 23 | call :actualizar qark.bat 24 | call :actualizar qark.sh 25 | call :actualizar jd-gui.bat 26 | call :actualizar mobsf.bat 27 | call :actualizar netsparker_scan.bat 28 | call :actualizar apk_install_local.bat 29 | call :actualizar apk_install_remote.bat 30 | call :actualizar apk_sign_local.bat 31 | call :actualizar run_avd.bat 32 | call :actualizar upload_file.bat 33 | call :actualizar recon_ng_remote.bat 34 | call :actualizar android_comandos.bat 35 | call :actualizar EyeWitness_remote.bat 36 | call :actualizar openvas_scan.bat 37 | call :actualizar openvas_scan_remote.sh 38 | call :actualizar openvas_scan_remote.bat 39 | call :actualizar openvas_get_scan_configs.bat 40 | call :actualizar openvas_get_scan_configs_remote.bat 41 | call :actualizar openvas_get_scan_configs_remote.sh 42 | call :actualizar openvas_get_report_formats.bat 43 | call :actualizar openvas_get_report_formats_remote.bat 44 | call :actualizar openvas_get_report_formats_remote.sh 45 | call :actualizar web_proyectos.bat 46 | call :actualizar web_vulnerabilidades.bat 47 | call :actualizar Login_fast.rb 48 | call :actualizar Login_slow.rb 49 | call :actualizar install_upgrade_tools_local.bat 50 | call :actualizar install_upgrade_tools_remoto.bat 51 | call :actualizar install_upgrade_tools_remoto.sh 52 | call :actualizar update_all_scripts.bat 53 | 54 | pause 55 | 56 | EXIT /B 0 57 | 58 | :actualizar 59 | echo Actualizando %1... 60 | "%~dp0curl.exe" -s -o %1 https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/master/%1 61 | EXIT /B 0 62 | -------------------------------------------------------------------------------- /upload_file.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | set File=%1 3 | 4 | @title=[Upload File To Android Device] 5 | 6 | "%~dp0adb\windows\adb.exe" kill-server 7 | "%~dp0adb\windows\adb.exe" wait-for-device 8 | rem "%~dp0adb\windows\adb.exe" start-server 9 | "%~dp0adb\windows\adb.exe" push %File% /sdcard/Download/ 10 | 11 | echo. 12 | echo "copied to /sdcard/Download/" 13 | echo. 14 | pause 15 | 16 | -------------------------------------------------------------------------------- /vbRichClient5.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/vbRichClient5.zip -------------------------------------------------------------------------------- /version.json: -------------------------------------------------------------------------------- 1 | {"version":"2.1.3","download":"https://github.com/simplevulnerabilitymanager/svm/releases/download/v2.1.3/Simple_Vulnerability_Manager_Windows_Install_v2.zip"} -------------------------------------------------------------------------------- /version.txt: -------------------------------------------------------------------------------- 1 | 2.1.3 -------------------------------------------------------------------------------- /watch_git.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/watch_git.jpg -------------------------------------------------------------------------------- /web_proyectos.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set WebSVM=%1 4 | set Username=%2 5 | set Password=%3 6 | set Timestamp=%4 7 | set UsoProxy=%5 8 | set ProxyIP=%6 9 | set ProxyPort=%7 10 | set ProxyUser=%8 11 | set ProxyPassword=%9 12 | 13 | if %UsoProxy% EQU 1 ( set Proxy=--proxy %ProxyIP%:%ProxyPort% --proxy-anyauth --proxy-user %ProxyUser%:%ProxyPassword% ) 14 | if %UsoProxy% EQU 0 ( set Proxy= ) 15 | @title = Descargando Proyectos ... 16 | 17 | echo Descargando Proyectos ... 18 | rem Login 19 | "%~dp0curl.exe" -s %Proxy% --compressed --insecure -D "%TEMP%\web_proyectos_auth_%Timestamp%.txt" --data-urlencode "username=%Username%" --data-urlencode "password=%Password%" "%WebSVM%/login.php" >NUL 2>NUL 20 | 21 | rem Proyectos 22 | "%~dp0curl.exe" -s %Proxy% --compressed --insecure -b "%TEMP%\web_proyectos_auth_%Timestamp%.txt" -o "%TEMP%\proyectos_%Timestamp%.ini" "%WebSVM%/proyectos_exportar.php?cantidad=10" 23 | 24 | rem Logout 25 | "%~dp0curl.exe" -s %Proxy% --compressed --insecure -b "%TEMP%\web_proyectos_auth_%Timestamp%.txt" "%WebSVM%/login.php?logout" >NUL 26 | 27 | del /F "%TEMP%\web_proyectos_auth_%Timestamp%.txt" 28 | -------------------------------------------------------------------------------- /web_vulnerabilidades.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal 3 | set WebSVM=%1 4 | set Username=%2 5 | set Password=%3 6 | set WebID=%4 7 | set Proyecto=%5 8 | set Vulnerabilidades=%6 9 | set Solucionadas=%7 10 | set Timestamp=%8 11 | set UsoProxy=%9 12 | shift 13 | shift 14 | shift 15 | shift 16 | set ProxyIP=%6 17 | set ProxyPort=%7 18 | set ProxyUser=%8 19 | set ProxyPassword=%9 20 | 21 | if %UsoProxy% EQU 1 ( set Proxy=--proxy %ProxyIP%:%ProxyPort% --proxy-anyauth --proxy-user %ProxyUser%:%ProxyPassword% ) 22 | if %UsoProxy% EQU 0 ( set Proxy= ) 23 | 24 | set Proyecto=%Proyecto:"=% 25 | @title=[WebSVM] - %Proyecto% 26 | echo WebSVM - Actualizando Cantidad Vulnerabilidades encontradas... 27 | 28 | rem Login 29 | "%~dp0curl.exe" -s -k --compressed -D "%TEMP%\web_vulnerabilidades_auth_%Timestamp%.txt" --data "username=%Username%" --data "password=%Password%" "%WebSVM%/login.php" >NUL 30 | 31 | rem Proyectos Vulnerabilidades 32 | "%~dp0curl.exe" -s -k --compressed -b "%TEMP%\web_vulnerabilidades_auth_%Timestamp%.txt" --data "webid=%WebID%" --data "vulnerabilidades=%Vulnerabilidades%" --data "solucionadas=%Solucionadas%" "%WebSVM%/proyectos_vulnerabilidades.php" -o "%TEMP%\web_vulnerabilidades_vulnerabilidades_%Timestamp%.txt" 33 | 34 | rem Logout 35 | "%~dp0curl.exe" -s -k --compressed -b "%TEMP%\web_vulnerabilidades_auth_%Timestamp%.txt" "%WebSVM%/login.php?logout" >NUL 36 | 37 | del /F "%TEMP%\web_vulnerabilidades_auth_%Timestamp%.txt" 38 | del /F "%TEMP%\web_vulnerabilidades_vulnerabilidades_%Timestamp%.txt" 39 | -------------------------------------------------------------------------------- /webshotcmd.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/webshotcmd.zip -------------------------------------------------------------------------------- /xml.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/simplevulnerabilitymanager/svm/c154c68d121f98628ee0abef72bbc138eede657b/xml.zip --------------------------------------------------------------------------------