Questions about this topic? Sign up to ask in the talk tab.

Vanguard

From NetSec
Revision as of 06:06, 9 January 2012 by LashawnSeccombe (Talk | contribs) (Local File Inclusion)

Jump to: navigation, search
RPU0j.png The end-user is liable for his-or her own actions with the use of this software. Running this against a system you do not own without written authorization is a criminal act.

Description

c3el4.png Vanguard is a comprehensive web pen testing tool that identifies vulnerabilities in web applications.

Features

Main application features:

  • Fully Configurable
  • WebCrawlers crawl all open HTTP and HTTPS ports output from nmap
  • LibWhisker2 For HTTP IDS Evasion (Same options as nikto)
  • Tests via GET,POST, and COOKIE

Web penetration tests:

Usage

 perl scan.pl -h [hostname] -e [evasion option]

Installation

Application Dependencies

c3el4.png You must have nmap from http://nmap.org installed to run this application correctly.
Notice: You must run this application as root.
Protip: You can undo the root requirement by removing the check for root and modifying the nmap configuration.


Perl Dependencies

Configuration

Main Configuration

c3el4.png This is the configuration in config.yml.
---
rewrite: 0
use_whitelist: 1
module_whitelist:
  - WEBAPPS
  - SHELL
  - NMAP
  - CRAWL
  - XSS_GET
  - SQL_GET
  - LFI_GET
  - RCI_GET

WebCrawler

c3el4.png This configuration is located in /modules/recon/CRAWL/conf.yml
---
depth: 20

Nmap Module

---
flags: "-P0 --defeat-rst-ratelimit -sSV -F"
Protip: The S in -sSV is the reason this scan requires root.


Local File Inclusion

c3el4.png You can find this blah
---
lfi_test: '%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'
lfi_match: "root\:.\:0\:0"
lfi_exits:
  - '%00'
  -

LDAP

--- ldap_true:

 - ")(&"
 - ")(&)("

ldap_false:

 - ")(|"
 - ")(|)("

RFI

--- rfi_test: http://asdf.com/ rfi_match: 89asdf.gi

Command Injection

---
entries:
  - '|'
  - ';'
  - '&&'

SQL injection

c3el4.png You can find these configuration files & options in modules/test/SQL_GET/conf.yml and modules/test/SQL_POST/conf.yml.

This file defines several variables for automated SQL injection testing.

---
sql_spacers:
  - '%20'
  - '+'
sql_entries:
  - ""
  - '%27'
  - '%bf%27'
sql_exits:
  - --
  - /*
  - )--
  - )/*

Download

Other Tools

See Also