SubZero would like to be, at the end, a free and open source vulnerability scanner based on python
Pentesters do not like NASL (and shit they're right). Today, everyone (ok ok ... let's say many people) want to script in python.
OpenVas is currently far away from Nessus because its community is not as huge as possible... and I think it's because of NASL (... and money)
Here, I propose to replace OpenVas with a better scanner, written in python for python exploits with python lovers.
The main steps are defined as:
- create an universal vulnerability descriptor
- create an universal module template
- create or use existing fingerprinters (TCP/UDP services, OS, framework, etc.) and associate with the CPE database
- correlate with known vulnerabilities on these CPE (with a database like vulners) and associate with CVE and the others
- discover vulnerabilities without correlation by using effective exploits
- discover vulnerabilties based on configuration flaws (default password, TLS not enabled, telnet present, etc.)
The extended features will be:
- a web crawler and a web intrusion engine wich associate flaws with CWE database (even if arachni and burp are so sweet)
- a network protocol sniffer for detecting poor protocols (Netbios, LLMNR, ARP) and try some attacks
- a wifi scanner and attacker
- a complete active directory configuration scanner
- be able to attack modern infrastructures: docker (especially vulnerable intermediate layers), AWS, Azure, etc.
Feel free to contact me at contact[at}astar{dot]services
TODO:
include brutespray like with patatorinclude eyewitness like- include whatportis
Today I put here the python scripts that I actively use during vulnerability assessment.
So, it is an unordoned set of scripts, far far way from a comprehensive tool. But every journey start with a feet.