Create some new modules

[Ali-Razmjoo]

Hello everyone,

if anyone would like to add some few modules to the framework, that would be great for our growing framework. some of a few ideas:

• simple udp, syn, ack port scan
• simple icmp scan (ping test)
• phpmyadmin scan
• wappalyzer scan for http
• a few more brute force modules (http (basic auth, ntlm, form), telnet, and so on)

let me know if there is any question.
Regards.

[ravindra1307]

i will take this. currently i am understanding the code ,i will start working on adding basic module in few days.it will be helpful if you provide me guidance on this .

[Ali-Razmjoo]

Hello @ravindra1307,

Please check the documentation, and also you may analysis the present modules to get to know the codes better.

Regards.

[omdmhd]

Hi @Ali-Razmjoo
What do you mean exactly by phpmyadmin scan ?
is it going to find the phpmyadmin by searching through directories for names "like pma" or "phpmyadmin"? and after it found the service, detecting the version number and other stuffs ?

[Ali-Razmjoo]

Hello, Yes, It should be like dir_scan (this module has a few more options) but for detecting phpmyadmin only. Sincerely yours, Ali Razmjoo On Jan 20, 2018 2:43 PM, "omdmhd" <notifications@github.com> wrote: Hi @Ali-Razmjoo <https://github.com/ali-razmjoo> What do you mean exactly by phpmyadmin scan ? is it going to find the phpmyadmin by searching through directories for names "like pma" or "phpmyadmin"? and after it found the service, detecting the version name and other stuffs ? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#12 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHUha3VcZiWGwwtUJE_7BKD4XMnLviK_ks5tMcpGgaJpZM4RaXL3> .

[Ali-Razmjoo]

Hello,

Thanks for the recent module(s), let me know if anyone would like to add wappalyzer as a scan module to the framework.

Regards.

[ravindra1307]

i want to help to add this scan module,kindly provide me some guidance on how to start working on this module

[Ali-Razmjoo]

Hey,

wappalyzer is a framework to analysis HTTP response, (you can see the browser version by installing it on chrome/firefox...)

it's using some JSON library to detect the technologies using header and response body and it's awesome for information gathering.

• Github https://github.com/AliasIO/Wappalyzer
• js libs: https://github.com/AliasIO/Wappalyzer/blob/master/src/

I also found a python version in here https://github.com/scrapinghub/wappalyzer-python
it's using the same library. you can get help from this tool.

please keep in mind to import JSON files in python module.

def extra_requirements_dict():
    return {
        "lib_1": {data....},
        "lib_2": {data....}
    }

let me know if you want more help.

Regards.

[shaddygarg]

Hey, I would like to contribute towards this project. Can I take up the issue for adding icmp scan?

[Ali-Razmjoo]

Hello @shaddygarg,

Yes, feel free to contribute and send PR. in that case you may also check the lib/icmp library that used for --ping-before-scan switch. you can use it too.

Best Regards.

[Tikam02]

@Ali-Razmjoo I built a admin scanner which scans all admin pages, checks for robot.txt, big path lists.
But the problem is i don't know from which original file it has to be imported so that it'll run in the main script. @shaddygarg help me to implement this script as you had recently done it.

[Ali-Razmjoo]

Hello @Tikam02,

I'll contact you through the email to get more details.

Regards.

[Tikam02]

@Ali-Razmjoo sorry for the trouble, now i understood the whole framework.how it works and in my scripts passing arguments were the causing errors.I'll contribute and make PR asap.

[shaddygarg]

Hey all,
@Tikam02, I was busy with my exams, and hence could not reply. Let me know if you need any help now. @Ali-Razmjoo, I would like to work on the telnet and the http brute modules. Can I take up the issue?

[pradeepjairamani]

Hey,

I would like to add SSL vulnerability scanner, if no one is doing that currently.

[Ali-Razmjoo]

Hello,

@Tikam02 , I am upgrading the documents. please be patience.
@shaddygarg, yes, you may work on http and telnet brute.
@pradeepjairamani, feel free to send your PR.

if you have some troubles with creating new modules, please wait until the documents are ready and then you may ask questions.

Best Regards.

[shaddygarg]

Hey @Ali-Razmjoo,
I was looking for a way to implement the http-wappalyzer module. I saw the link to the repo(https://github.com/scrapinghub/wappalyzer-python) which you mentioned but I encountered some errors in setting it up. I have found a similar implementation in python (link to the repo). Can you look into it and see if I implement the scan module using this repo?

[Ali-Razmjoo]

Hello,

I just introduce the repo to show a sample, I didn't mean to use any repo.

Regards.

[mzfr]

@Ali-Razmjoo Are there any other modules that are to be implemented, if yes then please let me know I would love to work on them.

[securestep9]

all modules mentioned here (wappalyzer, brute forcing) got implemented - closing this issue