渗透测试工具(KatanaFramework)

简介

katana是一个用python写的渗透测试框架,基于一个简单而全面的架构,供任何人来使用,修改和分享。

下载安装

git clone https://github.com/PowerScript/KatanaFramework.git cd KatanaFramework/ 安装依赖 chmod +x dependencies ./dependencies 安装 python install

使用

ktf.console

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
[email protected]:~/KatanaFramework# ktf.console 

                   [email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@@[email protected]@@@Mm              
       ||========mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMm===========||        
       ||        @MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMm         ||
       ||        [email protected]         ||
       ||        @@MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM         ||
       ||        @[email protected]         ||
       ||        @@MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM         ||
       ||        @[email protected]         ||
       ||========@MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM=========||
       ||         /TT\mMMMMMMMMMMFRAMEWORKMMMMMMMMMMMMm           ||
       ||        (____)@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@Mm                ||
       ||        |# P |                                           ||
       ||        |# W |  Core     [ 1.0.0.1, Build: 0069 ]        ||
       ||        |#_N_|  Date     [ 25/12/16:14/03/17    ]        ||
       ||        |_  _|  Banner   [         SPACE        ]        ||        
       ||        /|__|\  Modules  [ 37 ] Tools [ 2 ]              ||
       ||       /__\/__\ The Hacking Framework                    ||
                 ()  ()

 [ktf]:
  • 一些常用的指令
Command Quick Command
show modules showm Show modules
show options sop Show options module
show full options sfop Show full options module
use use Use module
getinfo getinfo Show information of module
set set Change valor of a parameter
back back Backing or return
run run run Module
update u Update framework
exit x Exit of framework
invoke Open a module in one new console
help h Show help
session Session command
clear c Clear screen
s:: s:: Save Variable
x:: x:: Execute System Commands
f:: f:: Execute Functions

其实和使用mstasploit是差不多的啦

说一下最后的f::就是执行一些内置的函数 看一下内置函数列表

Name Parameters Description
get_aps() Interface, timeout Scan Access point’s
get_interfaces() None Get Network Interfaces
get_monitors_mode() None Get Monitor Interfaces Wireless
start_monitor() Interface Start Monitor Mode in Interface
get_local_ip() None Get local IP
get_external_ip() None Get External IP
get_gateway() None Get Gateway/Router IP

比如你要显示当前机器的ip 你只要输入

1
2
[ktf]:f::get_local_ip()
  172.17.0.2

其他的同理 还有输入 x::ifconfig 就是执行系统命令来获取ip了

更多的使用方法看wiki https://github.com/PowerScript/KatanaFramework/wiki/How-to-use

实战

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 [ktf]:show modules

   CodeName			Description
  web/cp.finder			Administrator Panel Finder.
  web/sub.dns			Subdomain Bruteforce.
  web/bypass.sql		bypass SQLi with Cheats Injections.
  web/bt.form			Brute force to Form-based.
  web/bt.http			Brute force to Http Authentication.
  web/whois			Whois, DNS Lookup.
  web/clt.lfd			LFD Vulnerability Console.
  net/sf.arp			ARP tables Monitor.
  net/sc.hosts			Hosts live Scan in LAN.
  net/sc.scan			Scan [Ports, OS, Etc] IP.
  net/work.sniff		HTTP sniffer.
  net/arp.pson			ARP poisoning Attack.
  net/arp.dos			ARP D.O.S Attack.
  net/dns.spoof			DNS Spoofing.
  net/dns.fake			DNS fake Server Spoof.
  net/web.dos			Web D.O.S Attack in LAN.
  msf/back.door			Generate backdoors with MSF.
  set/web.hot			Gathering Information with web.
  set/em.boom			E-mail Boombing (SPAM).
  clt/cl.sql			Mysql Console Client.
  clt/cl.ftp			FTP Console Client.
  clt/cl.pop			POP Console Client.
  clt/cl.adb			ADB Console Client (Android).
  btf/pr.ftp			Brute Force to FTprotocol.
  btf/pr.sql			Brute Force to SQL protocol.
  btf/pr.ssh			Brute Force to SSH protocol.
  btf/pr.pop			Brute Force to POP3 protocol.
  anf/af.imagen			Forensic image analysis.
  fle/bt.rar			Brute Force to RAR file.
  fle/scan.file			Report of Virus Scan file.
  fle/bt.zip			Brute Force to ZIP file.
  mcs/gn.words			Generator Dictionaries.
  mcs/i.settup			Show Properties of System Current.
  mcs/ts.login			Test Credentials protocols.
  mcs/px.checker		Proxy list checker.
  wifi/ap.dos			Access Point D.O.S attack.
  wifi/ev.twin			Access Point Phising.

 [ktf]:use ney/arp.dos
 [ktf]:use net/arp.dos
  +[ktf](net/arp.dos):show options

  [options]	[RQ]	[description]		[value]
  ---------	----	-------------		-------
  interface  	yes	Interface		eth0
  target  	yes	Target IP		192.168.1.223
  gateway  	yes	Gateway IP		192.168.1.254

  +[ktf](net/arp.dos)❌:ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 0.0.0.0
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 51570  bytes 76514794 (72.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 34792  bytes 2667790 (2.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

  +[ktf](net/arp.dos):set target 192.168.1.100
             ↳--------> target = 192.168.1.100
  +[ktf](net/arp.dos):set gateway 192.168.1.1
             ↳--------> gateway = 192.168.1.1
  +[ktf](net/arp.dos):run
   [run] The module was launched...
   [inf] Tue Jun 27 09:06:34 2017
   [inf] Starting ARP D.O.S attack...
   |   [press-key] if you want to stop ARP D.O.S Attack (PRESS [ENTER])
   |