nacs: event-driven pentest scanner

by ddos ·

nacs: event-driven pentest scanner

  • Detect if the target machine is alive
  • Service scan (regular & non-regular ports)
  • poc detection (xray & nuclei format)
  • Weak password blasting for services such as databases
  • Common Vulnerability Exploitation of Intranet

Highlights

  • Log4j vulnerability detection of common components (such as spring) and common HTTP request headers
  • Service scanning and utilization of unconventional ports (such as ssh on port 2222, etc.)
  • Retrieve available assets from fofa as a supplement (TODO)
  • Automatically identify the input box of a simple web page for weak password blasting and log4j detection (TODO)

Mechanism

  • Environment configuration
    • Weak password configuration, public key to be written, bounced address, ceye’s API, etc.
  • detect alive
    • icmp ping
  • fingerprint scan
    • Determine which port corresponds to which service, especially unconventional ports
  • Vulnerability management (sent to the corresponding module according to the fingerprint information)
    • Detect or exploit non-web services that can be RCE (redis, EternalBlue, etc.)
    • PoC scanning of web services, such as log4j
    • Unauthorized and blasting of non-web services
    • Auto-explosive login (TODO) for web services
    • Key services OA, VPN, Weblogic, honeypot, etc.

Download & Use