![]() At runtime, they are replacedįor the commands in settings “install” and “update” in settings/nf: For each command, youĬommands in settings supports the use of several tags. It must correspondĮxactly to the name which is given in nf.Įach check is defined by one or several commands to run. Tool (mandatory): Name of the tool to use in this check. Section at the beginning of the configuration file.ĭescription (mandatory): Short text describing the check. Of the category must be in the list given in the option categories under the AuthorizedĬategory (mandatory): Category inside which this check is classified. ![]() Name (mandatory): The name of the tool as it will be displayed. (authorized charset is ) by using the following options: This option can be omitted.ĭescription = Try to deploy shell on JBoss server (jmx-console, web-console, admin-console, JMXInvokerServlet)Ĭommand_1 = python2.7 jexboss.py -auto-exploit -jboss -u -cmd whoamiĬontext_1 = ĭescription = Bruteforce web paths when language is known (extensions adapted) (use raft wordlist)Ĭommand_1 = python3 dirsearch.py -u -e jsp,java,do,txt,html,log -w /services/http/discovery/raft-large-directories.txt -f -exclude-status=400,404,500,000Ĭommand_2 = python3 dirsearch.py -u -e php,txt,html,log -w /services/http/discovery/raft-large-directories.txt -f -exclude-status=400,404,500,000Ĭommand_3 = python3 dirsearch.py -u -e asp,aspx,txt,html,log -w /services/http/discovery/raft-large-directories.txt -f -exclude-status=400,404,500,000Ĭommand_4 = python3 dirsearch.py -u -e js,txt,html,log -w /services/http/discovery/raft-large-directories.txt -f -exclude-status=400,404,500,000Ĭommand_5 = python3 dirsearch.py -u -e cfm,txt,html,log -w /services/http/discovery/raft-large-directories.txt -f -exclude-status=400,404,500,000Īctually, each security check is defined under a section named h option to see if everything seems working well after a fresh install (noĭependencies errors or such). Usually, it just consists in running the tool without any argument or with the standard check_command (optional): Command-line to use in order to check for a correct install.Take the same consideration as with the install option. update (optional): Command-line to use in order to update the tool.The installation of the tool from Jok3r and it is thus not advised to do so. ![]() It is consideredĪs optional because Jok3r allows to insert in the toolbox some tools that are notĭirectly handled by it it is for example the case for Nmap and Metasploit by default.īut note that if you don’t supply installation command, you will not be able to control The use of some tags (See Tags for Commands). install (optional): Command-line to use in order to install the tool.For services such as Nmap, Metasploit and so on, that canīe used to target several kinds of service, use the special service name “multi”. target_service (mandatory): Service that can be targeted using this tool.description (mandatory): A Short text describing the tool.name (mandatory): The name of the tool as it will be displayed.For each tool,Ī section is created using the syntax and the following options clusterd.py -hįormat of this configuration file is pretty straightforward. Update = git pull & sudo pip2 install -r requirements.txtĬheck_command = python2.7. Description = Multi-purpose brute-forcer, with a modular design and a flexible usageĭescription = Application server attack toolkit (JBoss, ColdFusion, Weblogic, Tomcat, Railo, Axis2, Glassfish)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |