Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of how to use the enumeration toolkit 0xsp-Mongoose under Linux, the content is detailed and easy to understand, the operation is simple and fast, and has a certain reference value, I believe you will have something to gain after reading this article on how to use the enumeration toolkit 0xsp-Mongoose under Linux. Let's take a look.

0xsp-Mongoose is a weighting enumeration kit created for Linux. This toolkit can help you perform any possible privilege attack against a specific target system, from the information gathering phase to the reporting through 0xsp Web Application API.

Users will be able to scan multiple linux systems at the same time with high performance without spending a lot of time looking for information in terminals or text files. Mongoose will send this information directly to the web application-friendly interface through simple API endpoints, thus shortening the process. The project is mainly divided into two parts: server & agent. Server has been encoded by PHP (codeigner). You need to install the application into a pre-provided environment, and you can use it online or on the local host. Users are free to choose. You are also welcome to contribute to the enhancement. Agent, which has been encoded by Lazarus Free Pascal as elf, will be released with (32) 64-bit, while executing the agent with the required parameters on the target system. Users are free to decide whether to communicate with Server App or not. Or you can use Web Api Connection to run the tool.

Agent usage

1. Make sure you give it executable permission chmod + x agent

2. / agent-h (show help instructions)

-k-- check kernel for common used privilige escalations exploits. -u-Getting information about Users, groups, releated information. -c-- check cronjobs. -n-Retrieve Network information,interfaces... etc. -w-- Enumerate for Writeable Files, Dirs, SUID,-I-- Search for Bash,python,Mysql,Vim..etc History files. -f-search for Senstive config files accessible & private stuff. -o-- connect to 0xsp Web Application. -p-- Show All process By running under Root,Check For Vulnerable Packages. -e-- Kernel inspection Tool, it will help to search through tool databases for kernel vulnerabilities. -x-- secret Key to authorize your connection with WebApp API (default is 0xsp). -a-- Display README. Server Web App (http://host/0xsp/)

1. Make sure that the PHP version is at least 5.6 or above

2. Mysql is version 5.6.

3. Make sure that the folder name 0xsp is used in the root path / add Web application. If it is not configured correctly, Agent will not be able to connect to it.

Agent will connect only if:

. / agent {SCAN OPTION}-o localhost-x secretkey has an example of WebApi. / agent-c-o localhost-x 0xsp {enumerate for CRON Tasks and Transfer results into WebApi}. / agent-e-o localhost-x 0xsp {intelligent Exploits Detector}. / agent-c-e localhost-x 0sxp {will run two scans together and send found results directly}. / agent-m-o 10.10.13.1-x 0xsp {RUN all Scans together and export it to Web API} does not show WebApi Example. / agent-c-k-p {this will run 3 scans at the same time with out sending results into Web Api}

Agent features:

1. High performance, stability, and output results are generated without delay during execution.

2. Be able to perform most functions using intelligent technology.

3. The result will be sent to Quick Web API

4. Exception handling

5. Built-in Json dataset for public disclosure vulnerability exploitation

6. High speed

This is the end of the article on "how to use the enumeration toolkit 0xsp-Mongoose under Linux". Thank you for reading! I believe that everyone has a certain understanding of the knowledge of "how to use the enumeration toolkit 0xsp-Mongoose under Linux". If you want to learn more, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.