Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
At the Setup page, you can:
- Add addresses, address ranges, and hostnames to scan
- Import Nmap XMLs
- Add specific URL paths to screenshot
- Take screenshots of the added hosts and URL paths
- Test default credentials on all hosts with Cred Test Modules
- Clear all hosts and interfaces from Kraken
- Delete screenshots
There are three ways to add host data to Kraken:
Add addresses, address ranges, or Hostnames to scan.
This functionality allows you to specify addresses to perform Nmap scans on. For 'Add Address', enter a line or space delimited list of addresses or CIDR address ranges. Individual addresses will have a /32 appended. 'Add Hostname' requires a line delimited list of hostnames. At this point, you must select what you want to scan and click 'Start Scan. This performs the following scan on each selected entry:
nmap -sV -oX /opt/Kraken/tmp/nmap.xml -p80,280,443,591,593,981,1311,2031,2480,3181,4444,4445,4567,4711,4712,5104,5280,7000,7001,7002,8000,8008,8011,8012,8013,8014,8042,8069,8080,8081,8243,8280,8281,8443,8531,8887,8888,9080,9443,11371,12443,16080,18091,18092
Live hosts are added to the database. After sequential scans, new hosts and stale hosts that were not found during the most recent scan will be indicated in the Inventory Page.
Import an Nmap XML.
Browse to and select an Nmap XML file. Live hosts with one or more of the ports listed above open will be parsed into the Kraken SQLite database.
Add specific URL Paths.
This is useful when you need to screenshot a specific URL path.
Step two is simple, take screenshots using the information in the database. By default, this will not overwrite screenshots that have been taken previously. There is a checkbox if you wish to do so. Progress will be tracked as a percentage on the Setup page, and can monitored in the Celery log at /var/log/celery/krakenworker.log.
Run default credential checking modules on all hosts identified as having a module by Kraken.
Delete all records in the Hosts and Interfaces tables. Addresses entered in Step 1 will not be deleted with this option, nor will screenshots taken by Kraken.
Delete all of the screenshots taken by Kraken. Screenshots are stored in /opt/Kraken/static/Web_Scout/.