- When using --cat-only: [Check 01/total] => total is taking all checks in account
- cmd> java -jar jndiat.jar datasource -v -s 192.168.142.41 -p 7002
- SEVERE:You must to choose a mandatory command (--sql-shell, --listen-port) to run this module
- Run custom command
- Session / Restore
- Indicate checks that need a reverse connection (IP reachable from target)
- Products SMTP (eg Exim) https://en.wikipedia.org/wiki/List_of_mail_server_software
- Web UI to view results in live (Flask ?)
Not done yet: * whatweb
Summary : Script, HTML5, Drupal, PHP[7.2.3], HTTPServer[Debian Linux][Apache/2.4.25 (Debian)], X-Powered-By[PHP/7.2.3], PoweredBy[-block], UncommonHeaders[x-drupal-dynamic-cache,x-content-type-options,x-generator,x-drupal-cache], MetaGenerator[Drupal 8 (https://www.drupal.org)], Content-Language[en], Apache[2.4.25], X-Frame-Options[SAMEORIGIN], X-UA-Compatible[IE=edge]
Summary : PHP[5.6.40], X-Powered-By[PHP/5.6.40], JQuery, PasswordField[password], HttpOnly[89f8df32fa3e404e00d734d41437761f], MetaGenerator[Joomla! - Open Source Content Management], HTTPServer[Debian Linux][Apache/2.4.25 (Debian)], Cookies[89f8df32fa3e404e00d734d41437761f], Apache[2.4.25], HTML5, Script[application/json]
- davscan
- wpseku
- vbscan
- barmie
- snmpwn
- https://github.com/Coalfire-Research/java-deserialization-exploits/blob/master/OpenNMS/opennms_rce.py
- https://github.com/AlisamTechnology/PRESTA-modules-shell-exploit/blob/master/PRESTA-shell-exploit.pl
- Sharepoint -> https://github.com/TestingPens/SPartan
- check https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html
- https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-0227
- http://pentestit.com/apache-jmeter-rmi-remote-code-execution-vulnerability-poc-cve-2018-1297/
- Wordpress RCE https://github.com/opsxcq/exploit-CVE-2016-10033
- https://github.com/peacand/winsharecrawler
- https://github.com/Bo0oM/fuzz.txt/blob/master/fuzz.txt
- Important note: need to be reachable directly from target for exploit with reverse shell !
- NFS
- nfsshell (sudo apt-get install libreadline-dev ; make)
- MongoDB
- DNS
- LDAP
- POP3
- REXEC
- RLOGIN
- RSH
- IMAP
rvm list rvm use ruby-2.4 rvm gemset create ww
rvm gemset list rvm gemset delete whatweb-test --force
rvm use ruby-2.4@ww or rvm use ruby-2.4 rvm gemset use ww
rvm current # show current env ruby -v http://masnun.com/2012/01/28/fetching-changed-files-diff-between-two-git-commits-in-python.html