AVAIN – Automated Vulnerability Analysis (in) IP-based Networks
A framework for the automated vulnerability analysis in IP-based networks that enables its modules to work collaboratively by sharing results.
AVAIN can automatically assess and quantify the security level of an IP-based network. Its final output is a score between 0 and 10, where the higher the score, the more vulnerable/insecure the network. Additionally, AVAIN keeps all of the intermediate result files to empower the user in investigating the network’s security state in more detail. As IT and IoT security is a continuously evolving field, AVAIN was designed to be modular and thereby easily extensible. Therefore AVAIN is comprised of a core and several modules. During a vulnerability analysis, AVAIN’s core invokes all (specified) modules which return a result at the end of their execution. Currently, there are three results types: scan results, i.e. reconnaissance information, vulnerability score results representing the outcome of a concrete vulnerability analysis and the mapping of a web server containing discovered sites and their parameters. By sharing their results, modules can work collaboratively to help AVAIN achieve a more sophisticated vulnerability assessment. As of now, AVAIN only supports the assessment of IPv4 and IPv6 enabled devices. Note that IPv6 zone IDs are not guaranteed to work with AVAIN. Also, the two Hydra brute force modules do currently not work with IPv6 addresses.
While AVAIN can only be used in IP-based networks as of now, it is possible to extend AVAIN to make it capable of working in different kinds of networks such as specialized IoT networks.
Features
- A highly modular framework for vulnerability analysis in computer networks. Entirely new modules or wrappers for other programs can easily be written using Python.
- Modules can work collaboratively by sharing their results. This simplifies the implementation of modules and enables AVAIN to achieve a more sophisticated vulnerability assessment.
- Various levels of detail for output:
- Highly detailed output: All intermediate files are kept, even the ones from modules
- Less detailed output: Aggregated intermediate results and host/network vulnerability scores
- Highly configurable
- Automated installation on macOS and Linux (Ubuntu / Kali)
- Fully automated vulnerability assessment without requiring user interaction
- Users can provide custom intermediate results
- Current modules:
- (Post-processed) Nmap reconnaissance
- Correlation of discovered CPEs with CVE / NVD entries
- Directory brute-forcing of a web server with gobuster and a customizable word list and search depth
- Credential check for SSH services by using Hydra and a customizable wordlist
- Credential check for Telnet services by using Hydra and a customizable wordlist
Install && Use
Copyright (c) 2018-2019 Dustin Born
