aljaz/Interlace
1
1
Fork 0
mirror of https://github.com/codingo/Interlace.git synced 2026-01-25 09:54:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Michael Skelton
2019-01-06 17:15:12 +10:00
committed by GitHub
parent fc946f2a7e
commit c52fb23b09
1 changed files with 33 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
README.md
View File

@@ -25,22 +25,32 @@ Dependencies will then be installed and Interlace will be added to your path as
| -c | Specify a single command to execute over each target or domain |
| -cL | Specify a list of commands to execute over each target or domain |
| -o | Specify an output folder variable that can be used in commands as \_output\_ |
| -p | Specify a port variable that can be used in commands as \_port\_ |
| -p | Specify a list of port variablse that can be used in commands as \_port\_. This can be a single port, a comma delimeted list, or use dash notation |
| -rp | Specify a real port variable that can be used in commands as \_realport\_ |
| --no-cidr | If set then CIDR notation in a target file will not be automatically be expanded into individual hosts. |
| --no-color | If set then any foreground or background colours will be stripped out |
| --silent | If set then only important information will be displayed and banners and other information will be redacted. |
| -v | If set then verbose output will be displayed in the terminal |
## Further information regarding ports (-p)
| Example | Notation Type |
|-------------------------|
| 1-80 | Dash notation, perform a command for each port from 1-80 |
| 80 | Single port |
| 80,443 | Perform a command for both port 80, and port 443 |
## Further information regarding targets (-t or -tL)
Both `-t` and `-tL` will be processed the same. You can pass targets the same as you would when using nmap. This can be using CIDR notation, dash notatin, or a comma dilimited list of targets. A single target list file can also use different notation types per line.
# Variable Replacements
The following varaibles will be replaced in commands at runtime:
| Variable | Replacement |
|-----------|-------------------------------------------------------------------------|
| \_target\_ | Replaced with the target that the current thread is running against |
| \_target\_ | Replaced with the expanded target list that the current thread is running against |
| \_output\_ | Replaced with the output folder variable from interlace |
| \_port\_ | Replaced with the port variable from interlace |
| \_port\_ | Replaced with the expanded port variable from interlace |
| \_realport\_ | Replaced with the real port variable from interlace |
# Usage Examples
@@ -58,11 +68,27 @@ bash
==============================================
Interlace v1.0 by Michael Skelton (@codingo_)
==============================================
[14:33:23] [VERBOSE] [nikto --host hackerone.com > ./hackerone.com-nikto.txt] Added to Queue
[14:33:23] [VERBOSE] [nikto --host bugcrowd.com > ./bugcrowd.com-nikto.txt] Added to Queue
[14:33:23] [INTERLACE] [nikto --host hackerone.com > ./hackerone.com-nikto.txt] Added to Queue
[14:33:23] [INTERLACE] [nikto --host bugcrowd.com > ./bugcrowd.com-nikto.txt] Added to Queue
```
This would run nikto over each host and save to a file for each target. Note that in the above example since we're using the `>` operator so results won't be fed back to the terminal, however this is desired functionality as otherwise we wouldn't be able to attribute which target Nikto results were returning for.
For applications where you desire feedback simply pass commands as you normally would (or use `tee`).
## Run Nikto Over Multiple Sites and Ports
Using the above example, let's assume you want independant scans to be run for both ports `80` and `443` for the same targets. You would then use the following:
```
➜ /tmp interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_ > ./_target_-nikto.txt" -p 80,443 -v
==============================================
Interlace v1.0 by Michael Skelton (@codingo_)
==============================================
[14:33:23] [INTERLACE] [nikto --host hackerone.com:80 > ./hackerone.com-nikto.txt] Added to Queue
[14:33:23] [INTERLACE] [nikto --host hackerone.com:80 > ./hackerone.com-nikto.txt] Added to Queue
[14:33:23] [INTERLACE] [nikto --host bugcrowd.com:443 > ./bugcrowd.com-nikto.txt] Added to Queue
[14:33:23] [INTERLACE] [nikto --host hackerone.com:443 > ./hackerone.com-nikto.txt] Added to Queue
```
## CIDR notation with an application that doesn't support it
Interlace automatically expands CIDR notation when starting threads (unless the --no-cidr flag is passed). This allows you to pass CIDR notation to a variety of applications:
@@ -77,7 +103,7 @@ Run a [virtual host scan](https://github.com/codingo/VHostScan) against each hos
This could be done using a direct command:
```bash
interlace -tL ./target-list.txt -c "vhostscan -t $target -oN $output/$target-vhosts.txt" -o ~/scans/ -threads 50
interlace -tL ./target-list.txt -c "vhostscan -t _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50
```
Or, alternatively, to run the same command as above, but using a command file, this would be done using:
@@ -86,7 +112,7 @@ interlace -cL ./vhosts-commands.txt -tL ./target-list.txt -threads 50 -o ~/scans
```
This presumes that the contents of the command file is:
```
vhostscan -t $target -oN $output/$target-vhosts.txt
vhostscan -t $target -oN _output_/_target_-vhosts.txt
```
This would output a file for each target in the specified output folder. You could also run multiple commands simply by adding them into the command file.