Vanquish – Get to Shell
vanquish is a Kali Linux based Enumeration Orchestrator built in Python. leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged for a remote shell.
So what is so special about Vanquish compared to other enumeration scripts?
- Multi-threaded – Runs multiple commands and scans multiple hosts simultaneously.
- Configurable – All commands are configured in a separate .ini file for ease of adjustment
- Multiphase – Optimized to run the fastest enumeration commands first in order to get actionable results as quickly as possible.
- Intelligent – Feeds the findings from one phase into the next in order to uncover deeper vulnerabilities.
- Modular – New attack plans and commands configurations can be easily built for fit for purpose enumeration orchestration.
This tool can be installed on Kali Linux using the following commands:
git clone https://github.com/frizb/Vanquish cd Vanquish python Vanquish2.py -install vanquish --help
Once Vanquish is installed you can scan hosts for leveraging the best of breed Kali Linux tools:
echo 192.168.126.133 >> test.txt vanquish -hostFile test.txt -logging echo review the results! cd test cd 192_168_126_133 ls -la
What Kali Tools?
| NMap | Hydra | Nikto | Metasploit | | Gobuster | Dirb | Exploitdb | Nbtscan | | Ntpq | Enum4linux | Smbclient | Rpcclient | | Onesixtyone | Sslscan | Sslyze | Snmpwalk | | Ident-user-enum | Smtp-user-enum | Snmp-check | Cisco-torch | | Dnsrecon | Dig | Whatweb | Wafw00f | | Wpscan | Cewl | Curl | Mysql | Nmblookup | Searchsploit | | Nbtscan-unixwiz | Xprobe2 | Blindelephant | Showmount |
- CTRL + CCTRL + C to exit an enumeration phase and skip to the next phase (helpful if a command is taking too long) this tool will skip running a command again if it sees that the output files already exist. If you want to re-execute a command, delete the output files (.txt,.xml,.nmap etc.) and run it again.
- CTRL + ZCTRL + Z to exit Vanquish.
- Resume ModeVanquish will skip running a command again if it sees that the output files already exist.
- Re-run an enumeration commandIf you want to re-execute a command, delete the output files (.txt,.xml,.nmap etc.) and run Vanquish again.
Command Line Arguments usage: vanquish [-h] [-install] [-outputFolder folder] [-configFile file] [-attackPlanFile file] [-hostFile file] [-workspace workspace] [-domain domain] [-dnsServer dnsServer] [-proxy proxy] [-reportFile report] [-noResume] [-noColor] [-threadPool threads] [-phase phase] [-noExploitSearch] [-benchmarking] [-logging] [-verbose] [-debug] Vanquish is Kali Linux based Enumeration Orchestrator. optional arguments: -h, --help show this help message and exit -install Install Vanquish and it's requirements -outputFolder folder output folder path (default: name of the host file)) -configFile file configuration ini file (default: config.ini) -attackPlanFile file attack plan ini file (default: attackplan.ini) -hostFile file list of hosts to attack (default: hosts.txt) -workspace workspace Metasploit workspace to import data into (default: is the host filename) -domain domain Domain to be used in DNS enumeration (default: megacorpone.com) -dnsServer dnsServer DNS server option to use with Nmap DNS enumeration. Reveals the host names of each server (default: ) -proxy proxy Proxy server option to use with scanning tools that support proxies. Should be in the format of ip:port (default: ) -reportFile report filename used for the report (default: report.txt) -noResume do not resume a previous session -noColor do not display color -threadPool threads Thread Pool Size (default: 8) -phase phase only execute a specific phase -noExploitSearch disable searchspolit exploit searching -benchmarking enable bench mark reporting on the execution time of commands(exports to benchmark.csv) -logging enable verbose and debug data logging to files -verbose display verbose details during the scan -debug display debug details during the scan
Custom Attack Plans
GoBuster Max is an attack plan that will run all the web application content detection dictionaries against your targets.
Vanquish -hostFile test.txt -attackPlanFile ./attackplans/gobuster-max.ini -logging