Vanquish: perform multiple active information gathering phases
Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged for a remote shell.
So what is so special about Vanquish compared to other enumeration scripts?
- Multi-threaded – Runs multiple commands and scans multiple hosts simultaneously.
- Configurable – All commands are configured in a separate .ini file for ease of adjustment
- Multiphase – Optimized to run the fastest enumeration commands first in order to get actionable results as quickly as possible.
- Intelligent – Feeds the findings from one phase into the next in order to uncover deeper vulnerabilities.
- Modular – New attack plans and commands configurations can be easily built for fit for purpose enumeration orchestration.
What Kali Tools does Vanquish leverage?
| NMap | Hydra | Nikto | Metasploit | | Gobuster | Dirb | Exploitdb | Nbtscan | | Ntpq | Enum4linux | Smbclient | Rpcclient | | Onesixtyone | Sslscan | Sslyze | Snmpwalk | | Ident-user-enum | Smtp-user-enum | Snmp-check | Cisco-torch | | Dnsrecon | Dig | Whatweb | Wafw00f | | Wpscan | Cewl | Curl | Mysql | Nmblookup | Searchsploit | | Nbtscan-unixwiz | Xprobe2 | Blindelephant | Showmount |
- CTRL + CCTRL + C to exit an enumeration phase and skip to the next phase (helpful if a command is taking too long) Vanquish will skip running a command again if it sees that the output files already exist. If you want to re-execute a command, delete the output files (.txt,.xml,.nmap etc.) and run Vanquish again.
- CTRL + ZCTRL + Z to exit Vanquish.
- Resume ModeVanquish will skip running a command again if it sees that the output files already exist.
- Re-run an enumeration commandIf you want to re-execute a command, delete the output files (.txt,.xml,.nmap etc.) and run Vanquish again.
Custom Attack Plans
GoBuster Max is an attack plan that will run all the web application content detection dictionaries against your targets.
Vanquish -hostFile test.txt -attackPlanFile ./attackplans/gobuster-max.ini -logging
Hydra Credentials Scanner
We users love to reuse our passwords across multiple systems. As you explore a network and harvest usernames and passwords, it’s probably a good idea to check where else those username and passwords are also used. This attack plan will do exactly that for a single host or across an entire network. Attack plans will also leverage what has been learned about a network from previous scans and will automatically use the discovered services as part of the credential testing.
This attack will use a list of known credentials for a network and test them against all hosts and services that have been discovered. Store the credentials in a file in the root of your scan path and name it: credentials.txt
python Vanquish2.py -hostFile hostlist.txt -attackPlanFile ./attackplans/credentials.ini
Hydra Usernames and Passwords List Scanner
This attack will use a list of known usernames and a list of known passwords for a network and test them against all hosts and services that have been discovered.
Store the usernames in a file in the root of your scan path and name it: usernames.txt
python Vanquish2.py -hostFile hostlist.txt -attackPlanFile ./attackplans/usernamespasswords.ini
Copyright (c) 2017 Austin Scott