diff --git a/README.md b/README.md index eaa96fe..38bbce0 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Interlace A threading management application that allows controlled execution of multiple commands, over multiple targets. -[![Python 3.2|3.6](https://img.shields.io/badge/python-3.2|3.6-green.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPL3-_red.svg)](https://www.gnu.org/licenses/gpl-3.0.en.html) [![Twitter](https://img.shields.io/badge/twitter-@codingo__-blue.svg)](https://twitter.com/codingo_) [![Twitter](https://img.shields.io/badge/twitter-@sml555_-blue.svg)](https://twitter.com/sml555_) +[![Python 3.2|3.6](https://img.shields.io/badge/python-3.2|3.6-green.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPL3-_red.svg)](https://www.gnu.org/licenses/gpl-3.0.en.html) [![Twitter](https://img.shields.io/badge/twitter-@codingo__-blue.svg)](https://twitter.com/codingo_) [![Twitter](https://img.shields.io/badge/twitter-@sml555__-blue.svg)](https://twitter.com/sml555_) # Contributions Contributions to this project are very welcome. If you're a newcomer to open source and would like some help in doing so, feel free to reach out to me on twitter ([@codingo_](https://twitter.com/codingo_)) and I'll assist wherever I can. @@ -25,22 +25,33 @@ Dependencies will then be installed and Interlace will be added to your path as | -c | Specify a single command to execute over each target or domain | | -cL | Specify a list of commands to execute over each target or domain | | -o | Specify an output folder variable that can be used in commands as \_output\_ | -| -p | Specify a port variable that can be used in commands as \_port\_ | +| -p | Specify a list of port variable that can be used in commands as \_port\_. This can be a single port, a comma delimited list, or use dash notation | | -rp | Specify a real port variable that can be used in commands as \_realport\_ | | --no-cidr | If set then CIDR notation in a target file will not be automatically be expanded into individual hosts. | | --no-color | If set then any foreground or background colours will be stripped out | | --silent | If set then only important information will be displayed and banners and other information will be redacted. | | -v | If set then verbose output will be displayed in the terminal | +## Further information regarding ports (-p) + +| Example | Notation Type | +|---------|----------------------------------------------------------| +| 80 | Single port | +| 1-80 | Dash notation, perform a command for each port from 1-80 | +| 80,443 | Perform a command for both port 80, and port 443 | + +## Further information regarding targets (-t or -tL) +Both `-t` and `-tL` will be processed the same. You can pass targets the same as you would when using nmap. This can be done using CIDR notation, dash notation, or a comma delimited list of targets. A single target list file can also use different notation types per line. # Variable Replacements The following varaibles will be replaced in commands at runtime: | Variable | Replacement | |-----------|-------------------------------------------------------------------------| -| \_target\_ | Replaced with the target that the current thread is running against | +| \_target\_ | Replaced with the expanded target list that the current thread is running against | +| \_host\_ | Works the same as \_target\_, can be used interchangably. | | \_output\_ | Replaced with the output folder variable from interlace | -| \_port\_ | Replaced with the port variable from interlace | +| \_port\_ | Replaced with the expanded port variable from interlace | | \_realport\_ | Replaced with the real port variable from interlace | # Usage Examples @@ -58,17 +69,46 @@ bash ============================================== Interlace v1.0 by Michael Skelton (@codingo_) ============================================== -[14:33:23] [VERBOSE] [nikto --host hackerone.com > ./hackerone.com-nikto.txt] Added to Queue -[14:33:23] [VERBOSE] [nikto --host bugcrowd.com > ./bugcrowd.com-nikto.txt] Added to Queue +[14:33:23] [THREAD] [nikto --host hackerone.com > ./hackerone.com-nikto.txt] Added to Queue +[14:33:23] [THREAD] [nikto --host bugcrowd.com > ./bugcrowd.com-nikto.txt] Added to Queue ``` This would run nikto over each host and save to a file for each target. Note that in the above example since we're using the `>` operator so results won't be fed back to the terminal, however this is desired functionality as otherwise we wouldn't be able to attribute which target Nikto results were returning for. +For applications where you desire feedback simply pass commands as you normally would (or use `tee`). + +## Run Nikto Over Multiple Sites and Ports +Using the above example, let's assume you want independant scans to be run for both ports `80` and `443` for the same targets. You would then use the following: + +``` +➜ /tmp interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_:_port_ > ./_target_-_port_-nikto.txt" -p 80,443 -v +============================================== +Interlace v1.0 by Michael Skelton (@codingo_) +============================================== +[14:33:23] [THREAD] [nikto --host hackerone.com:80 > ./hackerone.com-nikto.txt] Added to Queue +[14:33:23] [THREAD] [nikto --host bugcrowd.com:80 > ./hackerone.com-nikto.txt] Added to Queue +[14:33:23] [THREAD] [nikto --host bugcrowd.com:443 > ./bugcrowd.com-nikto.txt] Added to Queue +[14:33:23] [THREAD] [nikto --host hackerone.com:443 > ./hackerone.com-nikto.txt] Added to Queue +``` +## Run a List of Commands against Target Hosts +Often with penetration tests there's a list of commands you want to run on nearly every job. Assuming that list includes testssl.sh, nikto, and sslscan, you could save a command list with the following in a file called `commands.txt`: + +``` +nikto --host _target_:_port_ > _output_/_target_-nikto.txt +sslscan _target_:_port_ > _output_/_target_-sslscan.txt +testssl.sh _target_:_port_ > _output_/_target_-testssl.txt +``` +If you were then given a target, `example.com` you could run each of these commands against this target using the following: +```bash +interlace -t example.com -o ~/Engagements/example/ -cL ./commands.txt -p 80,443 +``` +This would then run nikto, sslscan, and testssl.sh for both port 80 and 443 against example.com and save files into your engagements folder. + ## CIDR notation with an application that doesn't support it Interlace automatically expands CIDR notation when starting threads (unless the --no-cidr flag is passed). This allows you to pass CIDR notation to a variety of applications: To run a virtual host scan against every target within 192.168.12.0/24 using a direct command you could use: ```bash -interlace -t 192.168.12.0/24 -c "vhostscan $target -oN $output/$target-vhosts.txt" -o ~/scans/ -threads 50 +interlace -t 192.168.12.0/24 -c "vhostscan _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50 ``` This is despite VHostScan not having any inbuilt CIDR notation support. Since Interlace expands the notation before building a queue of threads, VHostScan for all intents is only receiving a list of direct IP addresses to scan. @@ -77,7 +117,7 @@ Run a [virtual host scan](https://github.com/codingo/VHostScan) against each hos This could be done using a direct command: ```bash -interlace -tL ./target-list.txt -c "vhostscan -t $target -oN $output/$target-vhosts.txt" -o ~/scans/ -threads 50 +interlace -tL ./target-list.txt -c "vhostscan -t _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50 ``` Or, alternatively, to run the same command as above, but using a command file, this would be done using: @@ -86,7 +126,6 @@ interlace -cL ./vhosts-commands.txt -tL ./target-list.txt -threads 50 -o ~/scans ``` This presumes that the contents of the command file is: ``` -vhostscan -t $target -oN $output/$target-vhosts.txt +vhostscan -t $target -oN _output_/_target_-vhosts.txt ``` - This would output a file for each target in the specified output folder. You could also run multiple commands simply by adding them into the command file.