📜  SIGIT - 简单的信息收集工具包(1)

📅  最后修改于: 2023-12-03 15:34:58.882000             🧑  作者: Mango

SIGIT - 简单的信息收集工具包

SIGIT是一个简单的信息收集工具包,旨在帮助程序员快速收集目标主机的信息,识别其安全漏洞。该工具包依赖于Kali Linux中的许多工具和技术,包括nmap和Metasploit。

支持的功能

SIGIT支持以下功能:

  1. 端口扫描
  2. 操作系统识别
  3. 服务识别
  4. 漏洞检测
使用方法

使用SIGIT非常简单。首先,您需要在Kali Linux中安装SIGIT。然后,您可以运行以下命令以收集目标主机的信息:

sigit -t [目标主机IP地址]

此命令将执行端口扫描、操作系统识别、服务识别和漏洞检测。收集的信息将输出到终端。您还可以将信息保存到文件中:

sigit -t [目标主机IP地址] -o [输出文件名]
示例输出

以下是SIGIT的示例输出:

Sigint - Simple Information Gathering Toolkit

Target: 192.168.0.1
---------------------

PORT     STATE SERVICE     VERSION
22/tcp   open  ssh         OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
53/tcp   open  domain      ISC BIND 9.10.3-P4-Ubuntu
80/tcp   open  http        Apache httpd 2.4.18 ((Ubuntu))
139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp  open  netbios-ssn Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP)
3306/tcp open  mysql       MySQL 5.7.24-0ubuntu0.16.04.1
8080/tcp open  http-proxy  Squid http proxy 3.5.12

[+] Operating System: Linux 3.13 - 4.4
[+] SSH Version: OpenSSH 7.2p2 Ubuntu 4ubuntu2.8
[+] BIND Version: ISC BIND 9.10.3-P4-Ubuntu
[+] Apache Version: Apache httpd 2.4.18 ((Ubuntu))
[+] Samba Version: Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
[+] MySQL Version: MySQL 5.7.24-0ubuntu0.16.04.1
[+] Squid Proxy Version: Squid http proxy 3.5.12

Vulnerabilities:
------------------
[+] CVE-2016-6662 - MySQL Root to System User Exploit (Linux Only)
代码片段

以下是SIGIT的代码片段:

#!/bin/bash

function usage() {
    echo "Usage: sigit -t [target IP] [-o output_file_name]"
    exit 1
}

# 解析命令行参数
while getopts ":t:o:" opt; do
  case ${opt} in
    t )
      target_ip=$OPTARG
      ;;
    o )
      output_file=$OPTARG
      ;;
    \? )
      usage
      ;;
    : )
      echo "Invalid option: $OPTARG requires an argument" 1>&2
      usage
      ;;
  esac
done

# 指定nmap可识别的操作系统名称
os_name=$(nmap -sS -T4 -O $target_ip | grep 'Running' | cut -d ':' -f 2)

# 端口扫描和服务识别
port_scan=$(nmap -sS -T4 $target_ip)
ssh_version=$(echo "$port_scan" | grep '22/tcp' | awk '{print $5}')
dns_version=$(echo "$port_scan" | grep '53/tcp' | awk '{print $5}')
http_version=$(echo "$port_scan" | grep '80/tcp' | awk '{print $5}')
netbios_version=$(echo "$port_scan" | grep -E '139/tcp|445/tcp' | awk '{print $5}')
mysql_version=$(echo "$port_scan" | grep '3306/tcp' | awk '{print $5}')
proxy_version=$(echo "$port_scan" | grep '8080/tcp' | awk '{print $5}')

# 漏洞检测
vulnerabilities=$(msfconsole -q -x "use auxiliary/scanner/mysql/mysql_version; set rhosts $target_ip; run; exit;" | grep 'VULNERABLE' | awk '{print $2}' | sed 's/(\|)//g')

# 输出结果
echo "Sigint - Simple Information Gathering Toolkit"
echo ""
echo "Target: $target_ip"
echo "---------------------"
echo "$port_scan"
echo ""
echo "[+] Operating System: $os_name"
echo "[+] SSH Version: $ssh_version"
echo "[+] BIND Version: $dns_version"
echo "[+] Apache Version: $http_version"
echo "[+] Samba Version: $netbios_version"
echo "[+] MySQL Version: $mysql_version"
echo "[+] Squid Proxy Version: $proxy_version"
echo ""
echo "Vulnerabilities:"
echo "------------------"
for vulnerability in $vulnerabilities
do
  echo "[+] $vulnerability"
done

# 输出到文件
if [ ! -z $output_file ]
then
  echo ""
  echo "Writing output to file: $output_file"
  echo ""
  echo "Sigint - Simple Information Gathering Toolkit" > $output_file
  echo "" >> $output_file
  echo "Target: $target_ip" >> $output_file
  echo "---------------------" >> $output_file
  echo "$port_scan" >> $output_file
  echo "" >> $output_file
  echo "[+] Operating System: $os_name" >> $output_file
  echo "[+] SSH Version: $ssh_version" >> $output_file
  echo "[+] BIND Version: $dns_version" >> $output_file
  echo "[+] Apache Version: $http_version" >> $output_file
  echo "[+] Samba Version: $netbios_version" >> $output_file
  echo "[+] MySQL Version: $mysql_version" >> $output_file
  echo "[+] Squid Proxy Version: $proxy_version" >> $output_file
  echo "" >> $output_file
  echo "Vulnerabilities:" >> $output_file
  echo "------------------" >> $output_file
  for vulnerability in $vulnerabilities
  do
    echo "[+] $vulnerability" >> $output_file
  done
fi