Scripts
enumx
My tool ๐ฒ๐ป๐๐บ๐ is now available (๐ฅ๐ฆ๐ฎ๐ฐ๐ฏ๐ด๐ต๐ณ๐ข๐ต๐ฆ๐ฅ ๐ฉ๐ฆ๐ณ๐ฆ ๐ธ๐ช๐ต๐ฉ ๐ข ๐ณ๐ฆ๐ต๐ช๐ณ๐ฆ๐ฅ ๐๐ข๐ค๐ฌ ๐๐ฉ๐ฆ ๐๐ฐ๐น ๐ฎ๐ข๐ค๐ฉ๐ช๐ฏ๐ฆ).
The tool ๐ฒ๐ป๐๐บ๐ is a framework that uses a plethora of existing tools as plugins in order to simplify and standardize the enumeration stage at a simplistic level. It is designed to automate the simpler tasks of enumeration in order to save the Penetration Tester valuable time. The goal with ๐ฒ๐ป๐๐บ๐ is that, after identifying what protocols are open and available, the tool will make varying enumerations by default based on well renown HackTricks and Exploit Notes knowledge bases and will also include more as the tool continues to develop.
The future for the tool will include many more features such as utilizing known usernames and passwords in order to enumerate deeper and enumeration for receiving hashes that can be used for persistence and gaining footholds.
Feel free to contribute to the project as there is so much more to come. You are more than welcome!
Example output
/\__ __/\
________ __ __ __ __ ___ ___ \ \ / /
| ____/| \ | | | | | | | \/ | \ \ / /
| |___ | \| | | | | | | \ / | \ V /
| __/ | . ` | | | | | | |\/| | > <
| |_____| |\ | | `--' | | | | | / . \
|_______/|__| \__| \______/ |__| |__| / / \ \
/ __/ \__ \
Version: 1.0 Author: DaddyBigFish \/ \/
-------------- ----------------------
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 21
FTP 10.10.10.240 21 10.10.10.240 [*] Banner: Microsoft FTP Service
FTP 10.10.10.240 21 10.10.10.240 [+] anonymous:anonymous - Anonymous Login!
FTP 10.10.10.240 21 10.10.10.240 [*] Directory Listing
FTP 10.10.10.240 21 10.10.10.240 02-19-21 02:06PM 103106 10.1.1.414.6453.pdf
FTP 10.10.10.240 21 10.10.10.240 02-19-21 02:06PM 656029 28475-linux-stack-based-buffer-overflows.pdf
FTP 10.10.10.240 21 10.10.10.240 02-19-21 11:55AM 1802642 BHUSA09-McDonald-WindowsHeap-PAPER.pdf
FTP 10.10.10.240 21 10.10.10.240 02-19-21 02:06PM 1018160 ExploitingSoftware-Ch07.pdf
FTP 10.10.10.240 21 10.10.10.240 08-08-20 12:18PM 219091 notes1.pdf
FTP 10.10.10.240 21 10.10.10.240 08-08-20 12:34PM 279445 notes2.pdf
FTP 10.10.10.240 21 10.10.10.240 08-08-20 12:41PM 105 README.txt
FTP 10.10.10.240 21 10.10.10.240 02-19-21 02:06PM 1301120 RHUL-MA-2009-06.pdf
Authors / Creators of files found:
Kaorz
Microsoft
Microsoftยฎ
Unknown
alex
byron
cairo
saif
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 22
# 10.10.10.240:22 SSH-2.0-OpenSSH_for_Windows_7.7
10.10.10.240 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8JBaZj1WpRiiGaode9OB+FM92SWwpleMC2t1USTLMdMrAuQFFtASp25ihsCgjiGcn/aLJ/+zTFHSM5KkbRB78bfLI/t2wX1uw+ILCD4wMr+7QYIhE9vAGz99autCh76rrivSxr7cznPFePdr8BE9813K1urIIoAAx0d/r2THGmafGdBoMGsA3iKOzheT5kXX1KR+QNSu5GCFvMaifP6VFZhSUN2NNtgda3+1HAVrnFfgdXygB1iQ6MhHnQde8Hb5sDPCMvIU+MXV1ZQjr5Fy+7Xq/lc67iMyYaKS48NHuz6RYrHi+74oLB5FVBA0ISwBxHvVlHm54nQdQkV3aOhUV/jaJgYEdTGInkoMuTg9mHAAC266U8rbmDw1N95ne5ZiFah+/ipUgdpHfy/4O3cTcYAxQvgGPWCOIwwK63fwzU9Kl0ReYjtKyDjtefnDDjVWcDhg4REKNOqK55h3w8ws0GF62nN/eDwlcE2jTS3OQmKRjO51rzPGbfvo8Ppig/GM=
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 53
;; communications error to 10.10.10.240#53: timed out
;; communications error to 10.10.10.240#53: timed out
;; communications error to 10.10.10.240#53: timed out
; <<>> DiG 9.20.2-1-Debian <<>> axfr @10.10.10.240
; (1 server found)
;; global options: +cmd
;; no servers could be reached
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 88
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-01 18:38 GMT
Nmap scan report for 10.10.10.240
Host is up (0.024s latency).
PORT STATE SERVICE
88/tcp open kerberos-sec
Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 135
[MS-RSP]: Remote Shutdown Protocol
[MS-NRPC]: Netlogon Remote Protocol
[MS-RAA]: Remote Authorization API Protocol
[MS-SAMR]: Security Account Manager (SAM) Remote Protocol
[MS-LSAT]: Local Security Authority (Translation Methods) Remote
[MS-DRSR]: Directory Replication Service (DRS) Remote Protocol
[MS-SCMR]: Service Control Manager Remote Protocol
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 139
Doing NBT name scan for addresses from 10.10.10.240/24
IP address NetBIOS Name Server User MAC address
------------------------------------------------------------------------------
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 389
DC=LicorDeBellota,DC=htb
CN=Configuration,DC=LicorDeBellota,DC=htb
CN=Schema,CN=Configuration,DC=LicorDeBellota,DC=htb
DC=DomainDnsZones,DC=LicorDeBellota,DC=htb
DC=ForestDnsZones,DC=LicorDeBellota,DC=htb
PORT STATE SERVICE
389/tcp open ldap
| ldap-rootdse:
| LDAP Results
| <ROOT>
| domainFunctionality: 7
| forestFunctionality: 7
| domainControllerFunctionality: 7
| rootDomainNamingContext: DC=LicorDeBellota,DC=htb
| ldapServiceName: LicorDeBellota.htb:pivotapi$@LICORDEBELLOTA.HTB
| isGlobalCatalogReady: TRUE
| supportedSASLMechanisms: GSSAPI
| supportedSASLMechanisms: GSS-SPNEGO
| supportedSASLMechanisms: EXTERNAL
| supportedSASLMechanisms: DIGEST-MD5
| supportedLDAPVersion: 3
| supportedLDAPVersion: 2
| supportedLDAPPolicies: MaxPoolThreads
| supportedLDAPPolicies: MaxPercentDirSyncRequests
| supportedLDAPPolicies: MaxDatagramRecv
| supportedLDAPPolicies: MaxReceiveBuffer
| supportedLDAPPolicies: InitRecvTimeout
| supportedLDAPPolicies: MaxConnections
| supportedLDAPPolicies: MaxConnIdleTime
| supportedLDAPPolicies: MaxPageSize
| supportedLDAPPolicies: MaxBatchReturnMessages
| supportedLDAPPolicies: MaxQueryDuration
| supportedLDAPPolicies: MaxDirSyncDuration
| supportedLDAPPolicies: MaxTempTableSize
| supportedLDAPPolicies: MaxResultSetSize
| supportedLDAPPolicies: MinResultSets
| supportedLDAPPolicies: MaxResultSetsPerConn
| supportedLDAPPolicies: MaxNotificationPerConn
| supportedLDAPPolicies: MaxValRange
| supportedLDAPPolicies: MaxValRangeTransitive
| supportedLDAPPolicies: ThreadMemoryLimit
| supportedLDAPPolicies: SystemMemoryLimitPercent
| supportedControl: 1.2.840.113556.1.4.319
| supportedControl: 1.2.840.113556.1.4.801
| supportedControl: 1.2.840.113556.1.4.473
| supportedControl: 1.2.840.113556.1.4.528
| supportedControl: 1.2.840.113556.1.4.417
| supportedControl: 1.2.840.113556.1.4.619
| supportedControl: 1.2.840.113556.1.4.841
| supportedControl: 1.2.840.113556.1.4.529
| supportedControl: 1.2.840.113556.1.4.805
| supportedControl: 1.2.840.113556.1.4.521
| supportedControl: 1.2.840.113556.1.4.970
| supportedControl: 1.2.840.113556.1.4.1338
| supportedControl: 1.2.840.113556.1.4.474
| supportedControl: 1.2.840.113556.1.4.1339
| supportedControl: 1.2.840.113556.1.4.1340
| supportedControl: 1.2.840.113556.1.4.1413
| supportedControl: 2.16.840.1.113730.3.4.9
| supportedControl: 2.16.840.1.113730.3.4.10
| supportedControl: 1.2.840.113556.1.4.1504
| supportedControl: 1.2.840.113556.1.4.1852
| supportedControl: 1.2.840.113556.1.4.802
| supportedControl: 1.2.840.113556.1.4.1907
| supportedControl: 1.2.840.113556.1.4.1948
| supportedControl: 1.2.840.113556.1.4.1974
| supportedControl: 1.2.840.113556.1.4.1341
| supportedControl: 1.2.840.113556.1.4.2026
| supportedControl: 1.2.840.113556.1.4.2064
| supportedControl: 1.2.840.113556.1.4.2065
| supportedControl: 1.2.840.113556.1.4.2066
| supportedControl: 1.2.840.113556.1.4.2090
| supportedControl: 1.2.840.113556.1.4.2205
| supportedControl: 1.2.840.113556.1.4.2204
| supportedControl: 1.2.840.113556.1.4.2206
| supportedControl: 1.2.840.113556.1.4.2211
| supportedControl: 1.2.840.113556.1.4.2239
| supportedControl: 1.2.840.113556.1.4.2255
| supportedControl: 1.2.840.113556.1.4.2256
| supportedControl: 1.2.840.113556.1.4.2309
| supportedControl: 1.2.840.113556.1.4.2330
| supportedControl: 1.2.840.113556.1.4.2354
| supportedCapabilities: 1.2.840.113556.1.4.800
| supportedCapabilities: 1.2.840.113556.1.4.1670
| supportedCapabilities: 1.2.840.113556.1.4.1791
| supportedCapabilities: 1.2.840.113556.1.4.1935
| supportedCapabilities: 1.2.840.113556.1.4.2080
| supportedCapabilities: 1.2.840.113556.1.4.2237
| subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=LicorDeBellota,DC=htb
| serverName: CN=PIVOTAPI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=LicorDeBellota,DC=htb
| schemaNamingContext: CN=Schema,CN=Configuration,DC=LicorDeBellota,DC=htb
| namingContexts: DC=LicorDeBellota,DC=htb
| namingContexts: CN=Configuration,DC=LicorDeBellota,DC=htb
| namingContexts: CN=Schema,CN=Configuration,DC=LicorDeBellota,DC=htb
| namingContexts: DC=DomainDnsZones,DC=LicorDeBellota,DC=htb
| namingContexts: DC=ForestDnsZones,DC=LicorDeBellota,DC=htb
| isSynchronized: TRUE
| highestCommittedUSN: 317335
| dsServiceName: CN=NTDS Settings,CN=PIVOTAPI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=LicorDeBellota,DC=htb
| dnsHostName: PivotAPI.LicorDeBellota.htb
| defaultNamingContext: DC=LicorDeBellota,DC=htb
| currentTime: 20241101193825.0Z
|_ configurationNamingContext: CN=Configuration,DC=LicorDeBellota,DC=htb
Service Info: Host: PIVOTAPI; OS: Windows
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 445
SMB 10.10.10.240 445 PIVOTAPI [*] Windows 10 / Server 2019 Build 17763 x64 (name:PIVOTAPI) (domain:LicorDeBellota.htb) (signing:True) (SMBv1:False)
SMB 10.10.10.240 445 PIVOTAPI [+] LicorDeBellota.htb\:
SMB 10.10.10.240 445 PIVOTAPI [-] Error enumerating shares: STATUS_ACCESS_DENIED
SMB 10.10.10.240 445 PIVOTAPI [-] Error enumerating domain group using dc ip 10.10.10.240: NTLM needs domain\username and a password
SMB 10.10.10.240 445 PIVOTAPI [-] Error connecting: LSAD SessionError: code: 0xc0000022 - STATUS_ACCESS_DENIED - {Access Denied} A process has requested access to an object but has not been granted those access rights.
Doing NBT name scan for addresses from 10.10.10.240/24
IP address NetBIOS Name Server User MAC address
------------------------------------------------------------------------------
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 464
No test command for port 464
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 593
[MS-RSP]: Remote Shutdown Protocol
[MS-NRPC]: Netlogon Remote Protocol
[MS-RAA]: Remote Authorization API Protocol
[MS-SAMR]: Security Account Manager (SAM) Remote Protocol
[MS-LSAT]: Local Security Authority (Translation Methods) Remote
[MS-DRSR]: Directory Replication Service (DRS) Remote Protocol
[MS-SCMR]: Service Control Manager Remote Protocol
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 636
PORT STATE SERVICE
636/tcp open ldapssl
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 1433
MSSQL 10.10.10.240 1433 PIVOTAPI [*] Windows 10 / Server 2019 Build 17763 (name:PIVOTAPI) (domain:LicorDeBellota.htb)
MSSQL 10.10.10.240 1433 PIVOTAPI [-] LicorDeBellota.htb\anonymous:anonymous (Error de inicio de sesiรณn. El inicio de sesiรณn se realiza desde un dominio que no es de confianza y no se puede utilizar con autenticaciรณn integrada. Please try again with or without '--local-auth')
MSSQL 10.10.10.240 1433 PIVOTAPI [*] Windows 10 / Server 2019 Build 17763 (name:PIVOTAPI) (domain:LicorDeBellota.htb)
MSSQL 10.10.10.240 1433 PIVOTAPI [-] LicorDeBellota.htb\anonymous:anonymous (Error de inicio de sesiรณn. El inicio de sesiรณn se realiza desde un dominio que no es de confianza y no se puede utilizar con autenticaciรณn integrada. Please try again with or without '--local-auth')
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 3268
No test command for port 3268
โโโโโโโโโโโโโโโโโโโโโโโโโ PORT: 3269
No test command for port 3269
GitHub project
https://github.com/DaddyBigFish/enumx
git clone https://github.com/DaddyBigFish/enumx.git .git/enumx
cd .git/enumx
chmod +x enumx
sudo mv enumx /usr/local/bin
enumx <TARGET> | tee enumx-output.txt