From c52fb23b09560d6c586f8277b3ad2d1e6d554834 Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 17:15:12 +1000 Subject: [PATCH 01/18] Update README.md --- README.md | 40 +++++++++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 4f16067..4425f4d 100644 --- a/README.md +++ b/README.md @@ -25,22 +25,32 @@ Dependencies will then be installed and Interlace will be added to your path as | -c | Specify a single command to execute over each target or domain | | -cL | Specify a list of commands to execute over each target or domain | | -o | Specify an output folder variable that can be used in commands as \_output\_ | -| -p | Specify a port variable that can be used in commands as \_port\_ | +| -p | Specify a list of port variablse that can be used in commands as \_port\_. This can be a single port, a comma delimeted list, or use dash notation | | -rp | Specify a real port variable that can be used in commands as \_realport\_ | | --no-cidr | If set then CIDR notation in a target file will not be automatically be expanded into individual hosts. | | --no-color | If set then any foreground or background colours will be stripped out | | --silent | If set then only important information will be displayed and banners and other information will be redacted. | | -v | If set then verbose output will be displayed in the terminal | +## Further information regarding ports (-p) + +| Example | Notation Type | +|-------------------------| +| 1-80 | Dash notation, perform a command for each port from 1-80 | +| 80 | Single port | +| 80,443 | Perform a command for both port 80, and port 443 | + +## Further information regarding targets (-t or -tL) +Both `-t` and `-tL` will be processed the same. You can pass targets the same as you would when using nmap. This can be using CIDR notation, dash notatin, or a comma dilimited list of targets. A single target list file can also use different notation types per line. # Variable Replacements The following varaibles will be replaced in commands at runtime: | Variable | Replacement | |-----------|-------------------------------------------------------------------------| -| \_target\_ | Replaced with the target that the current thread is running against | +| \_target\_ | Replaced with the expanded target list that the current thread is running against | | \_output\_ | Replaced with the output folder variable from interlace | -| \_port\_ | Replaced with the port variable from interlace | +| \_port\_ | Replaced with the expanded port variable from interlace | | \_realport\_ | Replaced with the real port variable from interlace | # Usage Examples @@ -58,11 +68,27 @@ bash ============================================== Interlace v1.0 by Michael Skelton (@codingo_) ============================================== -[14:33:23] [VERBOSE] [nikto --host hackerone.com > ./hackerone.com-nikto.txt] Added to Queue -[14:33:23] [VERBOSE] [nikto --host bugcrowd.com > ./bugcrowd.com-nikto.txt] Added to Queue +[14:33:23] [INTERLACE] [nikto --host hackerone.com > ./hackerone.com-nikto.txt] Added to Queue +[14:33:23] [INTERLACE] [nikto --host bugcrowd.com > ./bugcrowd.com-nikto.txt] Added to Queue ``` This would run nikto over each host and save to a file for each target. Note that in the above example since we're using the `>` operator so results won't be fed back to the terminal, however this is desired functionality as otherwise we wouldn't be able to attribute which target Nikto results were returning for. +For applications where you desire feedback simply pass commands as you normally would (or use `tee`). + +## Run Nikto Over Multiple Sites and Ports +Using the above example, let's assume you want independant scans to be run for both ports `80` and `443` for the same targets. You would then use the following: + +``` +➜ /tmp interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_ > ./_target_-nikto.txt" -p 80,443 -v +============================================== +Interlace v1.0 by Michael Skelton (@codingo_) +============================================== +[14:33:23] [INTERLACE] [nikto --host hackerone.com:80 > ./hackerone.com-nikto.txt] Added to Queue +[14:33:23] [INTERLACE] [nikto --host hackerone.com:80 > ./hackerone.com-nikto.txt] Added to Queue +[14:33:23] [INTERLACE] [nikto --host bugcrowd.com:443 > ./bugcrowd.com-nikto.txt] Added to Queue +[14:33:23] [INTERLACE] [nikto --host hackerone.com:443 > ./hackerone.com-nikto.txt] Added to Queue +``` + ## CIDR notation with an application that doesn't support it Interlace automatically expands CIDR notation when starting threads (unless the --no-cidr flag is passed). This allows you to pass CIDR notation to a variety of applications: @@ -77,7 +103,7 @@ Run a [virtual host scan](https://github.com/codingo/VHostScan) against each hos This could be done using a direct command: ```bash -interlace -tL ./target-list.txt -c "vhostscan -t $target -oN $output/$target-vhosts.txt" -o ~/scans/ -threads 50 +interlace -tL ./target-list.txt -c "vhostscan -t _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50 ``` Or, alternatively, to run the same command as above, but using a command file, this would be done using: @@ -86,7 +112,7 @@ interlace -cL ./vhosts-commands.txt -tL ./target-list.txt -threads 50 -o ~/scans ``` This presumes that the contents of the command file is: ``` -vhostscan -t $target -oN $output/$target-vhosts.txt +vhostscan -t $target -oN _output_/_target_-vhosts.txt ``` This would output a file for each target in the specified output folder. You could also run multiple commands simply by adding them into the command file. From e940acacb5dc2cf5524a681d488631647d8a5dfb Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 17:16:30 +1000 Subject: [PATCH 02/18] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4425f4d..4d731ea 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ hackerone.com You could use interlace to run over any number of targets within this file using: bash ``` -➜ /tmp interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_ > ./_target_-nikto.txt" -v +➜ /tmp interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_:_port_ > ./_target_-nikto.txt" -v ============================================== Interlace v1.0 by Michael Skelton (@codingo_) ============================================== From 3eb1fd7da16c940fbbb36e65b8b387b91cec8e3a Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 17:18:31 +1000 Subject: [PATCH 03/18] Fix ports table markdown --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4d731ea..524265f 100644 --- a/README.md +++ b/README.md @@ -34,11 +34,11 @@ Dependencies will then be installed and Interlace will be added to your path as ## Further information regarding ports (-p) -| Example | Notation Type | -|-------------------------| -| 1-80 | Dash notation, perform a command for each port from 1-80 | -| 80 | Single port | -| 80,443 | Perform a command for both port 80, and port 443 | +| Example | Notation Type | +|---------|----------------------------------------------------------| +| 80 | Single port | +| 1-80 | Dash notation, perform a command for each port from 1-80 | +| 80,443 | Perform a command for both port 80, and port 443 | ## Further information regarding targets (-t or -tL) Both `-t` and `-tL` will be processed the same. You can pass targets the same as you would when using nmap. This can be using CIDR notation, dash notatin, or a comma dilimited list of targets. A single target list file can also use different notation types per line. From 9ad69c0c8578a1da69a13e7e0845177d3930eb53 Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 17:19:18 +1000 Subject: [PATCH 04/18] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 524265f..a80d329 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ Dependencies will then be installed and Interlace will be added to your path as | 80,443 | Perform a command for both port 80, and port 443 | ## Further information regarding targets (-t or -tL) -Both `-t` and `-tL` will be processed the same. You can pass targets the same as you would when using nmap. This can be using CIDR notation, dash notatin, or a comma dilimited list of targets. A single target list file can also use different notation types per line. +Both `-t` and `-tL` will be processed the same. You can pass targets the same as you would when using nmap. This can be done using CIDR notation, dash notatin, or a comma dilimited list of targets. A single target list file can also use different notation types per line. # Variable Replacements The following varaibles will be replaced in commands at runtime: From 97db95ac0433adf53f9b8cdfc042d02d2d68251b Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 17:39:52 +1000 Subject: [PATCH 05/18] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a80d329..b474997 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ Using the above example, let's assume you want independant scans to be run for b Interlace v1.0 by Michael Skelton (@codingo_) ============================================== [14:33:23] [INTERLACE] [nikto --host hackerone.com:80 > ./hackerone.com-nikto.txt] Added to Queue -[14:33:23] [INTERLACE] [nikto --host hackerone.com:80 > ./hackerone.com-nikto.txt] Added to Queue +[14:33:23] [INTERLACE] [nikto --host bugcrowd.com:80 > ./hackerone.com-nikto.txt] Added to Queue [14:33:23] [INTERLACE] [nikto --host bugcrowd.com:443 > ./bugcrowd.com-nikto.txt] Added to Queue [14:33:23] [INTERLACE] [nikto --host hackerone.com:443 > ./hackerone.com-nikto.txt] Added to Queue ``` From f5db987b30a2089a779523d67e6c80d3a5446fe8 Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 17:41:23 +1000 Subject: [PATCH 06/18] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b474997..a181f1d 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Interlace A threading management application that allows controlled execution of multiple commands, over multiple targets. -[![Python 3.2|3.6](https://img.shields.io/badge/python-3.2|3.6-green.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPL3-_red.svg)](https://www.gnu.org/licenses/gpl-3.0.en.html) [![Build Status](https://travis-ci.org/codingo/Reconnoitre.svg?branch=master)](https://travis-ci.org/codingo/Reconnoitre) [![Twitter](https://img.shields.io/badge/twitter-@codingo__-blue.svg)](https://twitter.com/codingo_) +[![Python 3.2|3.6](https://img.shields.io/badge/python-3.2|3.6-green.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPL3-_red.svg)](https://www.gnu.org/licenses/gpl-3.0.en.html) [![Build Status](https://travis-ci.org/codingo/Reconnoitre.svg?branch=master)](https://travis-ci.org/codingo/Reconnoitre) [![Twitter](https://img.shields.io/badge/twitter-@codingo__-blue.svg)](https://twitter.com/codingo_) [![Twitter](https://img.shields.io/badge/twitter-@sml555__-blue.svg)](https://twitter.com/sml555_) # Contributions Contributions to this project are very welcome. If you're a newcomer to open source and would like some help in doing so, feel free to reach out to me on twitter ([@codingo_](https://twitter.com/codingo_)) and I'll assist wherever I can. From 13f6f34e2e579cafd59863a9fb041527a4b32ee9 Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 17:44:37 +1000 Subject: [PATCH 07/18] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a181f1d..5e8f4b2 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Interlace A threading management application that allows controlled execution of multiple commands, over multiple targets. -[![Python 3.2|3.6](https://img.shields.io/badge/python-3.2|3.6-green.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPL3-_red.svg)](https://www.gnu.org/licenses/gpl-3.0.en.html) [![Build Status](https://travis-ci.org/codingo/Reconnoitre.svg?branch=master)](https://travis-ci.org/codingo/Reconnoitre) [![Twitter](https://img.shields.io/badge/twitter-@codingo__-blue.svg)](https://twitter.com/codingo_) [![Twitter](https://img.shields.io/badge/twitter-@sml555__-blue.svg)](https://twitter.com/sml555_) +[![Python 3.2|3.6](https://img.shields.io/badge/python-3.2|3.6-green.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPL3-_red.svg)](https://www.gnu.org/licenses/gpl-3.0.en.html) [![Twitter](https://img.shields.io/badge/twitter-@codingo__-blue.svg)](https://twitter.com/codingo_) [![Twitter](https://img.shields.io/badge/twitter-@sml555__-blue.svg)](https://twitter.com/sml555_) # Contributions Contributions to this project are very welcome. If you're a newcomer to open source and would like some help in doing so, feel free to reach out to me on twitter ([@codingo_](https://twitter.com/codingo_)) and I'll assist wherever I can. @@ -25,7 +25,7 @@ Dependencies will then be installed and Interlace will be added to your path as | -c | Specify a single command to execute over each target or domain | | -cL | Specify a list of commands to execute over each target or domain | | -o | Specify an output folder variable that can be used in commands as \_output\_ | -| -p | Specify a list of port variablse that can be used in commands as \_port\_. This can be a single port, a comma delimeted list, or use dash notation | +| -p | Specify a list of port variablse that can be used in commands as \_port\_. This can be a single port, a comma delimited list, or use dash notation | | -rp | Specify a real port variable that can be used in commands as \_realport\_ | | --no-cidr | If set then CIDR notation in a target file will not be automatically be expanded into individual hosts. | | --no-color | If set then any foreground or background colours will be stripped out | From 1dc6a6d40386c454645d1803b4c328a6681f6a73 Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 17:47:44 +1000 Subject: [PATCH 08/18] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5e8f4b2..d9e7ebb 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Dependencies will then be installed and Interlace will be added to your path as | -c | Specify a single command to execute over each target or domain | | -cL | Specify a list of commands to execute over each target or domain | | -o | Specify an output folder variable that can be used in commands as \_output\_ | -| -p | Specify a list of port variablse that can be used in commands as \_port\_. This can be a single port, a comma delimited list, or use dash notation | +| -p | Specify a list of port variable that can be used in commands as \_port\_. This can be a single port, a comma delimited list, or use dash notation | | -rp | Specify a real port variable that can be used in commands as \_realport\_ | | --no-cidr | If set then CIDR notation in a target file will not be automatically be expanded into individual hosts. | | --no-color | If set then any foreground or background colours will be stripped out | @@ -48,7 +48,7 @@ The following varaibles will be replaced in commands at runtime: | Variable | Replacement | |-----------|-------------------------------------------------------------------------| -| \_target\_ | Replaced with the expanded target list that the current thread is running against | +| \_target\_ or \_host\_ | Replaced with the expanded target list that the current thread is running against | | \_output\_ | Replaced with the output folder variable from interlace | | \_port\_ | Replaced with the expanded port variable from interlace | | \_realport\_ | Replaced with the real port variable from interlace | From 7660c5bf8f9dd2e21b7e76993294a2a6f232c65d Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 17:48:31 +1000 Subject: [PATCH 09/18] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d9e7ebb..0d0c50e 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,8 @@ The following varaibles will be replaced in commands at runtime: | Variable | Replacement | |-----------|-------------------------------------------------------------------------| -| \_target\_ or \_host\_ | Replaced with the expanded target list that the current thread is running against | +| \_target\_ | Replaced with the expanded target list that the current thread is running against | +| \_host\_ | Works the same as \_target\_, can be used interchangably. | | \_output\_ | Replaced with the output folder variable from interlace | | \_port\_ | Replaced with the expanded port variable from interlace | | \_realport\_ | Replaced with the real port variable from interlace | From c827cd8c43451fe2541cabdf318449fc8db13906 Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 17:49:38 +1000 Subject: [PATCH 10/18] Add _host_ --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0d0c50e..4be4b4d 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ Dependencies will then be installed and Interlace will be added to your path as | 80,443 | Perform a command for both port 80, and port 443 | ## Further information regarding targets (-t or -tL) -Both `-t` and `-tL` will be processed the same. You can pass targets the same as you would when using nmap. This can be done using CIDR notation, dash notatin, or a comma dilimited list of targets. A single target list file can also use different notation types per line. +Both `-t` and `-tL` will be processed the same. You can pass targets the same as you would when using nmap. This can be done using CIDR notation, dash notation, or a comma delimited list of targets. A single target list file can also use different notation types per line. # Variable Replacements The following varaibles will be replaced in commands at runtime: From 1532369fc38e415cd29d88691bbc31b6d52c0b91 Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 17:51:04 +1000 Subject: [PATCH 11/18] Fix Nikto examples --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4be4b4d..851d043 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ hackerone.com You could use interlace to run over any number of targets within this file using: bash ``` -➜ /tmp interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_:_port_ > ./_target_-nikto.txt" -v +➜ /tmp interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_ > ./_target_-nikto.txt" -v ============================================== Interlace v1.0 by Michael Skelton (@codingo_) ============================================== @@ -80,7 +80,7 @@ For applications where you desire feedback simply pass commands as you normally Using the above example, let's assume you want independant scans to be run for both ports `80` and `443` for the same targets. You would then use the following: ``` -➜ /tmp interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_ > ./_target_-nikto.txt" -p 80,443 -v +➜ /tmp interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_:_port_ > ./_target_-_port_-nikto.txt" -p 80,443 -v ============================================== Interlace v1.0 by Michael Skelton (@codingo_) ============================================== From a673b35a1cb02cf2a163b6030e1ae9f0f19f75f9 Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 18:01:27 +1000 Subject: [PATCH 12/18] Update README.md --- README.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 851d043..154caea 100644 --- a/README.md +++ b/README.md @@ -115,5 +115,18 @@ This presumes that the contents of the command file is: ``` vhostscan -t $target -oN _output_/_target_-vhosts.txt ``` - This would output a file for each target in the specified output folder. You could also run multiple commands simply by adding them into the command file. + +# Run a list of commands against target hosts +Often with tests there's a lists of commands you want to run every time. Assuming that list includes testssl.sh, nikto, and sslscan, you could save a command list with the following in a file `commands.txt`: + +``` +nikto --host _target_:_port_ > _output_/_target_-nikto.txt +sslscan _target_:_port_ > _output_/_target_-sslscan.txt +testssl.sh _target_:_port_ > _output_/_target_-testssl.txt +``` +If you were then given a target, `example.com` you could run each of these commands against this target using the following: +```bash +interlace -t example.com -o ~/Engagements/example/ -cL ./commands.txt -p 80,443 +``` +This would then run nikto, sslscan, and testssl.sh for both port 80 and 443 against example.com and save files into your engagements folder. From 55f8f04554f75a463edd5284d4ba7f7c495df311 Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 18:03:30 +1000 Subject: [PATCH 13/18] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 154caea..e070eac 100644 --- a/README.md +++ b/README.md @@ -117,8 +117,8 @@ vhostscan -t $target -oN _output_/_target_-vhosts.txt ``` This would output a file for each target in the specified output folder. You could also run multiple commands simply by adding them into the command file. -# Run a list of commands against target hosts -Often with tests there's a lists of commands you want to run every time. Assuming that list includes testssl.sh, nikto, and sslscan, you could save a command list with the following in a file `commands.txt`: +## Run a list of commands against target hosts +Often with tests there's a list of commands you want to run on nearly every job. Assuming that list includes testssl.sh, nikto, and sslscan, you could save a command list with the following in a file called `commands.txt`: ``` nikto --host _target_:_port_ > _output_/_target_-nikto.txt From ee11e912aa3a5677b1fca37ff2bf08f41e51d4a4 Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 18:05:38 +1000 Subject: [PATCH 14/18] Update README.md --- README.md | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index e070eac..9d98502 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,19 @@ Interlace v1.0 by Michael Skelton (@codingo_) [14:33:23] [INTERLACE] [nikto --host bugcrowd.com:443 > ./bugcrowd.com-nikto.txt] Added to Queue [14:33:23] [INTERLACE] [nikto --host hackerone.com:443 > ./hackerone.com-nikto.txt] Added to Queue ``` +## Run a list of commands against target hosts +Often with tests there's a list of commands you want to run on nearly every job. Assuming that list includes testssl.sh, nikto, and sslscan, you could save a command list with the following in a file called `commands.txt`: + +``` +nikto --host _target_:_port_ > _output_/_target_-nikto.txt +sslscan _target_:_port_ > _output_/_target_-sslscan.txt +testssl.sh _target_:_port_ > _output_/_target_-testssl.txt +``` +If you were then given a target, `example.com` you could run each of these commands against this target using the following: +```bash +interlace -t example.com -o ~/Engagements/example/ -cL ./commands.txt -p 80,443 +``` +This would then run nikto, sslscan, and testssl.sh for both port 80 and 443 against example.com and save files into your engagements folder. ## CIDR notation with an application that doesn't support it Interlace automatically expands CIDR notation when starting threads (unless the --no-cidr flag is passed). This allows you to pass CIDR notation to a variety of applications: @@ -116,17 +129,3 @@ This presumes that the contents of the command file is: vhostscan -t $target -oN _output_/_target_-vhosts.txt ``` This would output a file for each target in the specified output folder. You could also run multiple commands simply by adding them into the command file. - -## Run a list of commands against target hosts -Often with tests there's a list of commands you want to run on nearly every job. Assuming that list includes testssl.sh, nikto, and sslscan, you could save a command list with the following in a file called `commands.txt`: - -``` -nikto --host _target_:_port_ > _output_/_target_-nikto.txt -sslscan _target_:_port_ > _output_/_target_-sslscan.txt -testssl.sh _target_:_port_ > _output_/_target_-testssl.txt -``` -If you were then given a target, `example.com` you could run each of these commands against this target using the following: -```bash -interlace -t example.com -o ~/Engagements/example/ -cL ./commands.txt -p 80,443 -``` -This would then run nikto, sslscan, and testssl.sh for both port 80 and 443 against example.com and save files into your engagements folder. From eddb21743ff1761cd7a192b52942d2d5ee056f16 Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 18:06:21 +1000 Subject: [PATCH 15/18] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9d98502..07089ed 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ Interlace v1.0 by Michael Skelton (@codingo_) [14:33:23] [INTERLACE] [nikto --host bugcrowd.com:443 > ./bugcrowd.com-nikto.txt] Added to Queue [14:33:23] [INTERLACE] [nikto --host hackerone.com:443 > ./hackerone.com-nikto.txt] Added to Queue ``` -## Run a list of commands against target hosts +## Run a List of Commands against Target Hosts Often with tests there's a list of commands you want to run on nearly every job. Assuming that list includes testssl.sh, nikto, and sslscan, you could save a command list with the following in a file called `commands.txt`: ``` From 70fdde32ba430f7e29346b4783c978aad4b9898e Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 18:09:42 +1000 Subject: [PATCH 16/18] Fix CIDR notation example --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 07089ed..9d728ff 100644 --- a/README.md +++ b/README.md @@ -108,7 +108,7 @@ Interlace automatically expands CIDR notation when starting threads (unless the To run a virtual host scan against every target within 192.168.12.0/24 using a direct command you could use: ```bash -interlace -t 192.168.12.0/24 -c "vhostscan $target -oN $output/$target-vhosts.txt" -o ~/scans/ -threads 50 +interlace -t 192.168.12.0/24 -c "vhostscan _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50 ``` This is despite VHostScan not having any inbuilt CIDR notation support. Since Interlace expands the notation before building a queue of threads, VHostScan for all intents is only receiving a list of direct IP addresses to scan. From 074e18037323d7a8ed4681a5cf00ee8f35f94989 Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 18:13:34 +1000 Subject: [PATCH 17/18] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9d728ff..cd20c12 100644 --- a/README.md +++ b/README.md @@ -90,7 +90,7 @@ Interlace v1.0 by Michael Skelton (@codingo_) [14:33:23] [INTERLACE] [nikto --host hackerone.com:443 > ./hackerone.com-nikto.txt] Added to Queue ``` ## Run a List of Commands against Target Hosts -Often with tests there's a list of commands you want to run on nearly every job. Assuming that list includes testssl.sh, nikto, and sslscan, you could save a command list with the following in a file called `commands.txt`: +Often with penetration tests there's a list of commands you want to run on nearly every job. Assuming that list includes testssl.sh, nikto, and sslscan, you could save a command list with the following in a file called `commands.txt`: ``` nikto --host _target_:_port_ > _output_/_target_-nikto.txt From a1b09b9a1e3bcd3fef2b16b753cb549d547cd2fd Mon Sep 17 00:00:00 2001 From: Michael Skelton <886344+codingo@users.noreply.github.com> Date: Sun, 6 Jan 2019 18:45:13 +1000 Subject: [PATCH 18/18] Update README.md --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index cd20c12..38bbce0 100644 --- a/README.md +++ b/README.md @@ -69,8 +69,8 @@ bash ============================================== Interlace v1.0 by Michael Skelton (@codingo_) ============================================== -[14:33:23] [INTERLACE] [nikto --host hackerone.com > ./hackerone.com-nikto.txt] Added to Queue -[14:33:23] [INTERLACE] [nikto --host bugcrowd.com > ./bugcrowd.com-nikto.txt] Added to Queue +[14:33:23] [THREAD] [nikto --host hackerone.com > ./hackerone.com-nikto.txt] Added to Queue +[14:33:23] [THREAD] [nikto --host bugcrowd.com > ./bugcrowd.com-nikto.txt] Added to Queue ``` This would run nikto over each host and save to a file for each target. Note that in the above example since we're using the `>` operator so results won't be fed back to the terminal, however this is desired functionality as otherwise we wouldn't be able to attribute which target Nikto results were returning for. @@ -84,10 +84,10 @@ Using the above example, let's assume you want independant scans to be run for b ============================================== Interlace v1.0 by Michael Skelton (@codingo_) ============================================== -[14:33:23] [INTERLACE] [nikto --host hackerone.com:80 > ./hackerone.com-nikto.txt] Added to Queue -[14:33:23] [INTERLACE] [nikto --host bugcrowd.com:80 > ./hackerone.com-nikto.txt] Added to Queue -[14:33:23] [INTERLACE] [nikto --host bugcrowd.com:443 > ./bugcrowd.com-nikto.txt] Added to Queue -[14:33:23] [INTERLACE] [nikto --host hackerone.com:443 > ./hackerone.com-nikto.txt] Added to Queue +[14:33:23] [THREAD] [nikto --host hackerone.com:80 > ./hackerone.com-nikto.txt] Added to Queue +[14:33:23] [THREAD] [nikto --host bugcrowd.com:80 > ./hackerone.com-nikto.txt] Added to Queue +[14:33:23] [THREAD] [nikto --host bugcrowd.com:443 > ./bugcrowd.com-nikto.txt] Added to Queue +[14:33:23] [THREAD] [nikto --host hackerone.com:443 > ./hackerone.com-nikto.txt] Added to Queue ``` ## Run a List of Commands against Target Hosts Often with penetration tests there's a list of commands you want to run on nearly every job. Assuming that list includes testssl.sh, nikto, and sslscan, you could save a command list with the following in a file called `commands.txt`: