-
Notifications
You must be signed in to change notification settings - Fork 0
Modules
Scans for VNC instances on TCP port 5900, identifies servers that require no authentication before connecting to them and taking a screenshot. A separate log file is also generated, which logs the number of VNC instances that do not require authentication (this number is often different to the number of screenshots gained due to some VNC displaying blank screens).
Scans for TFTP servers on TCP port 69 and identifies openly accessible servers (TFTP has no authentication mechanism).
Scans for MongoDB servers on TCP port 27017 and identifies openly accessible servers (MongoDB has no authentication enabled by default).
Scans for Elasticsearch servers on TCP port 9200 and identifies openly accessible servers (Elasticsearch has no authentication enabled by default).
Scans for Redis servers on TCP port 9200 and identifies openly accessible servers (TFTP has no authentication mechanism).
Scans for Emby server on TCP port 8096 (HTTP) and identifies accessible servers. It is unable to differentiate between Emby instances that do or don't have authentication setup (Emby has no authentication enabled by default) so Positive results will show any Emby instance found on port 8096.
Scans for WordPress servers on a user-specified port (80 or 443), it will pull results for all WordPress instances found. WordPress does require authentication by default, but it is a common attack vector for exploits.