Skip to content
Automated enumeration
Python
Branch: master
Clone or download
Pull request Compare This branch is 10 commits ahead, 80 commits behind Ohmjones:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore More fixes, revered to old replacing square brackets method Oct 17, 2016
LICENSE Initial commit Oct 14, 2016
README.md Update README.md Oct 14, 2016
darkenum.py Restored full port range for unicornscan, reduced pps to 300 Oct 21, 2016
http.py http.py now takes three arguments: protocol (http or https), ip addre… Oct 21, 2016
mssql.py Fixed file write and other changes, mae files executable Oct 17, 2016
mysql.py
samba.py More changes, fixed SMB and HTTP/S Oct 17, 2016
smtp.py Fixed file write and other changes, mae files executable Oct 17, 2016
snmp.py More changes, fixed SMB and HTTP/S Oct 17, 2016
ssh.py More changes, fixed SMB and HTTP/S Oct 17, 2016

README.md

DarkEnumeration Automated enumeration

This set of scripts were written in the hopes to alleviate manual enumeration processes. The logic of the script is as follows:

  1. Do not actually exploit or automatically obtain footholds to a system.
  2. Test all 65,535 ports utilizing Unicornscan (currently doesn't support threading, waiting for Unicornscan to follow nmap's footsteps in that regard)
  3. Once Unicornscan completes:
    • Take those ports and run a far more intrusive nmap scan on each service/port (standard implementations, only).
    • Multi-process the nmap scan so they can be done simultaneously.
    • launch each standalone python script against each standard service/port found.
  4. Each new script/tool that is launched, does so in a new terminal to keep things clean - not all windows will remain open (i.e. those with output flags/redirection that do not break the script).
  5. Thoroughly investigate all output and any errors, bugs or otherwise should be manually investigated by you.

Please do not use this script in any publications (blogs, tutorials, etc...) without giving credit to myself; this script will be useful to many and I'm very proud of my work - thanks.

(In addition, if you modify/update or otherwise fix these scripts please send any suggested fixes or tweaks that you've made to it, to me, so that it can be reflected in this repository so others can benefit.)

Try-Harder! and use Google to ask for help - cause Offensive Security won't help you and I may not have the time to help, either.

#Installation for certain scripts to work:

  1. All scripts MUST be in /root/Scripts/
  2. Go to http://itsecurity.net/ and download http://itsecurity.net/debian_ssh_scan_v4.tar.bz2
  3. Unzip debian_ssh_scan_v4.tar.bz2 into /root/Scripts/debian_ssh_scan_v4 (/root/Scripts/debian_ssh_scan_v4/debian_ssh_scan_v4.py target should execute the script)
  4. have fun

#Understanding usage darkenum.py runs off of your sweep attempts, so long as you output your cleaned 'livehosts' file to /tmp/ ./darkenum.py <-- no system arguments needed #WARNING: This script is pretty hefty, I do NOT recommend running it on anymore than 4 systems at any one time.

You can’t perform that action at this time.