Security and Technology

swarm – A Modular Distributed Penetration Testing Tool

Swarm is an open source modular distributed penetration testing Tool that use distributed task queue to implement communication in the master-slave mode system and use MongoDB for data storage. It consists of a distributed framework and function modules. The function module can be an entirely new implement of some penetration functions or it can be a simple wrap of an existing tool to implement distributed functionality. Because of the modularity architecture it is easy to customize and extend new features under the distributed framework.

Now in this version 0.6.0 it has five modules:

Subdomain name scan module

Directories and files scan module

Nmap extension module

Sitemap crawler module

Intruder module

If you want to write your own module, you can read this .

Install
Zipball can be download here . You can also use git to get swarm:

git clone git@github.com:Arvin-X/swarm.git

then use setup.py to install swarm:

python setup.py install

Swarm works with Python 2.6.x or 2.7.x and it need MongoDB support on master host.
If you do not have MongoDB yet, you can use apt-get to install it:

apt-get install mongodb

Usage
Run swarm on master host to distribute tasks and run swarm-s with ‘-p’ option on slave host to finish the subtask from master.

swarm-s -p 9090

You can also establish a listener on target port of slave host to receive command to waken swarm-s by specify ‘–waken’ option when you run swarm. Otherwise you should leave ‘–waken’ null. To create a listener, you can use nc or socat like:

nc -e /bin/sh -l 9191

And use waken command like:

swarm-s ARGS

You need to leave “ARGS” in your command and ensure it will be cli args passed to swarm for swarm to replace it with some necessary arguments like ‘-p’.
Basic usage of swarm:

usage: swarm [-h] -m MODULE [-v] [-c] [-o PATH] [-t [TARGET [TARGET …]]] [-T PATH] [-s [SWARM [SWARM …]]] [-S PATH] [–waken CMD] [–timeout TIME] [–m-addr ADDR] [–m-port PORT] [–s-port PORT] [–authkey KEY] [–db-addr ADDR] [–db-port PORT] [–process NUM] [–thread NUM] [–taskg NUM] [–dom-compbrute] [–dom-dict PATH] [–dom-maxlevel NUM] [–dom-charset SET] [–dom-levellen LEN] [–dom-timeout TIME] [–dir-http-port PORT] [–dir-https-port PORT] [–dir-compbrute] [–dir-charset SET] [–dir-len LEN] [–dir-dict PATH] [–dir-maxdepth NUM] [–dir-timeout TIME] [–dir-not-exist FLAG] [–dir-quick-scan] [–nmap-ports PORTS] [–nmap-top-ports NUM] [–nmap-ops …] [–int-target [URLS [URLS …]]] [–int-method METHOD] [–int-headers JSON] [–int-cookies COOKIES] [–int-body BODY] [–int-payload PAYLOAD] [–int-flag FLAGS] [–int-timeout TIME] [–map-seed SEED] [–map-http-port PORT] [–map-https-port PORT] [–map-cookies COOKIES] [–map-interval TIME] [–map-timeout TIME]optional arguments: -h, –help show this help message and exit -m MODULE Use module name in ./modules/ to enable itOutput: These option can be used to control output -v Output more verbose -c Disable colorful log output -o PATH Record log in target fileTarget: At least one of these options has to be provided to define target unless there is another special option for defining target in the module -t [TARGET [TARGET …]] Separated by blank (eg: github.com 127.0.0.0/24 192.168.1.5) -T PATH File that contains target list, one target per lineSwarm: Use these options to customize swarm connection. At least one of slave host has to be provided. -s [SWARM [SWARM …]] Address of slave hosts with port if you need waken them (eg: 192.168.1.2:9090 192.18.1.3:9191). No port if swarm-s on slave host has already run -S PATH File that contains slave list, one host per line –waken CMD Command to waken up slave hosts, null if swarm-s on slave host has already run –timeout TIME Seconds to wait before request to swarm getting response –m-addr ADDR Master address which is reachable by all slave hosts –m-port PORT Listen port on master host to distribute task –s-port PORT Listen port on slave host to receive command from master –authkey KEY Auth key between master and slave hostsDatabase: These option can be used to access MongoDB server –db-addr ADDR Address of MongoDB server –db-port PORT Listening port of MongoDB serverCommon: These option can be used to customize common configuration of slave host –process NUM Max number of concurrent process on slave host –thread NUM Max number of concurrent threads on slave host –taskg NUM Granularity of subtasks from 1 to 3Domain Scan: Thes option can be used to customize swarm action of subdomain name scan –dom-compbrute Use complete brute force without dictionary on target –dom-dict PATH Path to dictionary used for subdomain name scan –dom-maxlevel NUM Max level of subdomain name to scan –dom-charset SET Charset used for complete brute foce –dom-levellen LEN Length interval of subdomain name each level –dom-timeout TIME Timeout option for subdomain name scanDirectory Scan: These option can be used to customize swarm action of directory scan –dir-http-port PORT Separated by comma if you need multiple ports –dir-https-port PORT Separated by comma if you need multiple ports –dir-compbrute Use complete brute force without dictionary on target –dir-charset SET Charset used for complete brute foce –dir-len LEN Length interval of directory name or file name –dir-dict PATH Path to dictionary used for directory scan –dir-maxdepth NUM Max depth in directory and file scan –dir-timeout TIME Timeout option for directory scan –dir-not-exist FLAG Separated by double comma if you need multiple flags –dir-quick-scan Use HEAD method instead of GET in scanNmap Module: These options can be used customize nmap action on slave hosts –nmap-ports PORTS Support format like ‘80,443,3306,1024-2048’ –nmap-top-ports NUM Scan most common ports –nmap-ops … Nmap options list in nmap’s man pages, this should be the last in cli argsIntruder: Use indicator symbol ‘@n@’ where ‘n’ should be a number, like ‘@0@’,’@1@’ etc to specify attack point in option ‘int_target’ and ‘int_body’. Use ‘int_payload’ option to specify payload used on these attack point to complete this attack. –int-target [URLS [URLS …]] Use this option instead of ‘-t’ or ‘-T’ options to specify targets,separated by comma –int-method METHOD Http method used in this attack –int-headers JSON A JSON format data.(eg: {“User- Agent”:”Mozilla/5.0″,”Origin”:”XXX”}) –int-cookies COOKIES Separated by comma. (eg: PHPSESSIONID:XX,token:XX) –int-body BODY HTTP or HTTPS body. You can use indicator symbol in this option –int-payload PAYLOAD The format should follow ‘@0@:PATH,@1@:NUM- NUM:CHARSET’ –int-flag FLAGS Separated by double comma if you have multiple flags –int-timeout TIME Timeout option for intruder moduleSitemap Crawler: These options can be used to customize sitemap crawler, not support js parse yet –map-seed SEED Separated by comma if you have multiple seeds –map-http-port PORT Separated by comma if you need multiple ports –map-https-port PORT Separated by comma if you need multiple ports –map-cookies COOKIES Separated by comma if you have multiple cookies –map-interval TIME Interval time between two request –map-timeout TIME Timeout option for sitemap crawler

It is recommended that to use configuration file to configure swarm instead of using cli arguments if your requirement is high. The configuration files locate in /etc/swarm/.
Download swarm http://ift.tt/2cyf2LD http://ift.tt/2aM8QhC

Deixe uma resposta

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s