Shinobi will contain a series of features that will help testers collect information about a target by using passive techniques (i.e., subdomain enumeration, google dorking, OSINT, dark web search etc.). Once the information has been collated together, the tool will proceed to assess the target’s weaknesses by providing Common Vulnerabilities and Exposure (CVE) numbers from the National Vulnerability Database (NVD) (i.e., identifying vulnerabilities and possible attack vectors).
Shinobi will focus on acheiving the following features:
- Automatically identify domains and subdomains of the target web application
- Identify open ports & running services of each domain/subdomain
- Report potential CVEs affecting the running services identified
- Search for information/data leakage in the Dark Web using APIs