Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to use Bheem to realize automatic network reconnaissance and data collation". In daily operation, I believe that many people have doubts about how to use Bheem to realize automatic network reconnaissance and data collation. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts about "how to use Bheem to realize automatic network reconnaissance and data arrangement". Next, please follow the editor to study!

Bheem project

The Bheem project is a collection of small Bash scripts that can run and execute tools iteratively, and then reprocess and store data output during network reconnaissance in an organized manner. This project was originally created for reconnaissance automation tasks for personal use and was never intended to be open source. But taking into account the needs of the community, the Bheem project is now officially open to everyone.

The majority of researchers can modify it according to their needs. In fact, the Bheem project is only composed of existing commands and tools, and all scripts are written in Bash, which can help researchers to achieve automated network reconnaissance tasks.

The Bheem project supports a scope-based approach to network reconnaissance, and the current Bheem project supports the following tasks:

Small area (URL range): performs a limited number of reconnaissance scanning missions, targeting a small range of URL.

Medium scope (* .target.com scope): perform network reconnaissance missions and enumerate more assets, providing more attack options.

Wide range (all entities within the definition): performs all possible network reconnaissance vectors, from subdomain name enumeration to fuzzy testing.

Some features such as port scanning may not be supported in the current release, and some newly released tools may not be included in time. Our developers have also been working hard to upgrade the tool, and users in the community can contribute their own code.

Dependent environment

Ensure that the latest version of the Go environment is installed and configured on the system, and that the path is set correctly.

Tool installation

First, we need to clone the project source code locally using the following command:

Git clone https://github.com/harsh-bothra/Bheem.git

Then run the following script to install the dependent components required by the tool:

Sh install.sh

The arsenal directory in the project contains a series of scripts that can help Bheem automate tasks, so we need to give executable permissions to the scripts in this directory.

Next, change to the ~ / arsenal directory and run the following command to see all the options supported by Bheem:

. / Bheem.sh-h

If you want to perform a network reconnaissance mission on vps against a large number of targets, you can execute the following command:

Screen-S ~ / arsenal/Bheem.sh-h

At this point, Bheem will run. Even if the SSH link is disconnected or you turn off the local device, the Bheem task will remain running.

Docker installation

Of course, if you don't want to configure various dependency environments yourself, you can also use Bheem in the Docker environment.

We have integrated Bheem with Hacktools (https://github.com/xavier9909/IIEC-RISE-DOCKER-1.0-HackTools):

Docker pull xavier9909/hacktools_bheemdocker run-it xavier9909/hacktools_bheemcd arsenal & &. / Bheem.shor just simply type bheem from any directory

Next, we can operate directly in the container terminal window.

Sample use of tools

Small area network reconnaissance scanning mission:

Bheem-t targetfile-S

Medium range network reconnaissance scanning mission:

Bheem-t targetfile-M

Large-scale network reconnaissance scanning mission:

Bheem-t targetfile-L

Where targetfile contains a list of target domain names that need to perform network reconnaissance tasks, such as targettest.com.

Exclude out-of-scope subdomain names

Bheem provides a parameter to remove out-of-range subdomains from the scan task. We can use the "- e" parameter and separate the subdomains with commas:

Notes for Bheem-t targetfile-S-e sub.ex.com,sub1.ex.com

If you do not want to use a specific module, you can comment out the relevant code directly

To modify the XSS blind Payload, please modify the / Bheem/arsenal/autoxss.sh file. You can visit XSS Hunter to get your XSS blind Payload.

NucleiHTTPXGF & GF-PatternsSecret FinderHeartbleed OnelinerAMASSSubfinderAssetfinderJSScanFavFreakWaybackurlsGauParallelasnipdirsearchgowitnesssubjackCORS Scannergit-houndShufflednsMassdns project address of the tool used by Bheem

Bheem: https://github.com/harsh-bothra/Bheem

At this point, the study on "how to use Bheem to achieve automatic network reconnaissance and data collation" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.