Posted on

Sharesniffer – Network Share Sniffer And Auto-Mounter For Crawling Remote File Systems

Sharesniffer – Network Share Sniffer And Auto-Mounter For Crawling Remote File Systems

 

sharesniffer is a network analysis tool for finding open and closed file shares on your local network. It includes auto-network discovery and auto-mounting of any open cifs and nfs shares.

How to use
Example to find all hosts in 192.168.56.0/24 network and auto-mount at /mnt:

python sniffshares.py -l 4 --hosts 192.168.56.0/24 -a -m /mnt


Requirements

  • Python 2.7 or 3.5
  • Linux or macOS
  • Nmap https://nmap.org in PATH
  • Nmap scripts (.nse) in PATH (on Linux/macOS they are usually in /usr/local/share/nmap/), if you don’t have the ones required are also in the rootdir of sharesniffer.
  • python-nmap (pip install python-nmap)
  • netifaces (pip install netifaces)

Download

$ git clone https://github.com/shirosaidev/sharesniffer.git
$ cd sharesniffer

CLI Options

usage: sniffshares.py [-h] [--hosts HOSTS] [-e EXCLUDEHOSTS] [-l SPEEDLEVEL]
                      [-n] [--nfsmntopt NFSMNTOPT] [-s]
                      [--smbmntopt SMBMNTOPT] [--smbtype SMBTYPE]
                      [--smbuser SMBUSER] [--smbpass SMBPASS] [-a]
                      [-m MOUNTPOINT] [-p MOUNTPREFIX] [-v] [--debug] [-q]
                      [-V]

optional arguments:
-h, –help show this help message and exit
–hosts HOSTS Hosts to scan, example: 10.10.56.0/22 or 10.10.56.2
(default: scan all hosts)
-e EXCLUDEHOSTS, –excludehosts EXCLUDEHOSTS
Hosts to exclude from scan, example:
10.10.56.1,10.10.56.254
-l SPEEDLEVEL, –speedlevel SPEEDLEVEL
Scan speed aggressiveness level from 3-5, lower for
more accuracy (default: 4)
-n, –nfs Scan network for nfs shares
–nfsmntopt NFSMNTOPT
nfs mount options (default: ro,nosuid,nodev,noexec,udp
,proto=udp,noatime,nodiratime,rsize=1024,dsize=1024,ve
rs=3,rdirplus)
-s, –smb Scan network for smb shares
–smbmntopt SMBMNTOPT
smb mount options (default: ro,nosuid,nodev,noexec,udp
,proto=udp,noatime,nodiratime,rsize=1024,dsize=1024)
–smbtype SMBTYPE Can be smbfs (default) or cifs
–smbuser SMBUSER smb username (default: guest)
–smbpass SMBPASS smb password (default: none)
-a, –automount Auto-mount any open nfs/smb shares
-m MOUNTPOINT, –mountpoint MOUNTPOINT
Mountpoint to mount shares (default: ./)
-p MOUNTPREFIX, –mountprefix MOUNTPREFIX
Prefix for mountpoint directory name (default:
sharesniffer)
-v, –verbose Increase output verbosity
–debug Debug message output
-q, –quiet Run quiet and just print out any possible mount points
for crawling
-V, –version Prints version and exits


Source: FeedBurner

Posted on

Prowler – Distributed Network Vulnerability Scanner

 

Prowler is a Network Vulnerability Scanner implemented on a Raspberry Pi Cluster, first developed during Singapore Infosec Community Hackathon – HackSmith v1.0.

Capabilities
  • Scan a network (a particular subnet or a list of IP addresses) for all IP addresses associated with active network devices
  • Determine the type of devices using fingerprinting
  • Determine if there are any open ports on the device
  • Associate the ports with common services
  • Test devices against a dictionary of factory default and common credentials
  • Notify users of security vulnerabilities through an dashboard. Dashboard tour
Planned Capabilities
  • Greater variety of vulnerability assessment capabilities (webapp etc.)
  • Select wordlist based on fingerprint
Hardware
  • Raspberry Pi Cluster HAT (with 4 * Pi Zero W)
  • Raspberry Pi 3
  • Networking device

Software Stack

  • Raspbian Stretch (Controller Pi)
  • Raspbian Stretch Lite (Worker Pi Zero)
  • Note: For ease of setup, use the images provided by Cluster Hat! Instructions
  • Python 3 (not tested on Python 2)
  • Python packages see requirements.txt
  • Ansible for managing the cluster as a whole (/playbooks)

Key Python Packages:

  • dispy (website) is the star of the show. It allows allows us to create a job queue that will be processed by the worker nodes.
  • python-libnmap is the python wrapper around nmap, an open source network scanner. It allows us to scan for open ports on devices.
  • paramiko is a python wrapper around SSH. We use it to probe SSH on devices to test for common credentials.
  • eel is used for the web dashboard (seperate repository, here)
  • rabbitmq (website) is used to pass the results from the cluster to the eel server that is serving the dashboard page.

Ansible Playbooks
For the playbooks to work, ansible must be installed (sudo pip3 install ansible). Configure the IP addresses of the nodes at /etc/ansible/hosts. WARNING: Your mileage may vary as these were only tested on my setup

  • shutdown.yml and reboot.yml self-explanatory
  • clone_repos.yml clone prowler and dispy repositories (required!) on the worker nodes
  • setup_node.yml installs all required packages on the worker nodes. Does not clone the repositories!

Deploying Prowler

  1. Clone the git repository: git clone https://github.com/tlkh/prowler.git
  2. Install dependencies by running sudo pip3 install -r requirements.txt on the controller Pi
  3. Run ansible-playbook playbooks/setup_node.yml to install the required packages on worker nodes.
  4. Clone the prowler and dispy repositories to the worker nodes using ansible-playbook playbooks/clone_repos.yml
  5. Run clusterhat on on the controller Pi to ensure that all Pi Zeros are powered up.
  6. Run python3 cluster.py on the controller Pi to start Prowler

To edit the range of IP addresses being scanned, edit the following lines in cluster.py:

test_range = []

for i in range(0, 1):

for j in range(100, 200):

test_range.append(“172.22.” + str(i) + “.” + str(j))

Old Demos

Useful Snippets

  • To run ssh command on multiple devices, install pssh and pssh -h pssh-hosts -l username -A -i "command"
  • To create the cluster (in compute.py): cluster = dispy.JobCluster(compute, nodes='pi0_ip', ip_addr='pi3_ip')
  • Check connectivity: ansible all -m ping or ping p1.local -c 1 && ping p2.local -c 1 && ping p3.local -c 1 && ping p4.local -c 1
  • Temperature Check: /opt/vc/bin/vcgencmd measure_temp && pssh -h workers -l pi -A -i "/opt/vc/bin/vcgencmd measure_temp" | grep temp
  • rpimonitor (how to install):


Source: FeedBurner