Inguma - A Free Penetration Testing Toolkit
As we have discussed about different automatic penetration testing and vulnerability scanning tools before for both windows and linux plate form. In this article we will talk about inguma, inguma is a free penetration testing and vulnerability research toolkit.
It is written in python it is available for both command line and GUI (Graphical User Interface) interface.
Inguma project got the second award by security database as an excellent/recommended tool in their "Best IT Security and Auditing Softwares 2007" contest.
Inguma framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits.
Inguma firstly used for oracle based system but now it can implement in any system, it can scan all the port and it can tell you about the service running on a specific port, it can fingerprint the operating system. It can brute force many services including http,SMB,ftp or smtp etc.
It can download the latest exploit from exploitdb and run again a victim.
Download
inguma-0.2.tar.gz
Copyright (c) 2006-2008 Joxean Koret
No module named cx_Oracle
inguma> autoscan
Target host or network: XXX.XXX.XX.XX
Brute force username and passwords (y/n)[n]: y
Automagically fuzz available targets (y/n)[n]: y
Print to filename (enter for stdout):
Inguma ‘autoscan’ report started at Thu Jan 27 15:23:47 2011
————————————————————
TCP scanning target XXX.XXX.XX.XX
Scanning port 17004 (417/417)
Open ports
———-
Port 135/loc-srv is open
Port 139/netbios-ssn is open
Port 445/microsoft-ds is open
Port 80/www is open
Port 25/smtp is open
Port 3389 is open
MAC Address target XXX.XXX.XX.XX
None Unknow
Checking if is in promiscuous state target XXX.XXX.XX.XX
False
Identifying services target XXX.XXX.XX.XX
Port 25 : Unknow
Port 80 : Microsoft-IIS/7.0
Port 135 : identify: global name ‘s’ is not defined
Checking what ports are nated target XXX.XXX.XX.XX
Ports are NATed
TCP Port 135 TTL: 56
TCP Port 139 TTL: 114
TCP Port 3389 TTL: 114
TCP Port 80 TTL: 114
TCP Port 25 TTL: 253
ICMP TTL: 114
TCP Port 445 TTL: 114
Detecting operating system target XXX.XXX.XX.XX
nmapfp: ‘NoneType’ object is not iterable
Gathering NetBIOS information target XXX.XXX.XX.XX
NetBIOS Information
——————-
INDC-IS2 Workstation 00-1C-F0-BF-CA-FF ACTIVE
WORKGROUP Workstation 00-1C-F0-BF-CA-FF ACTIVE GROUP
INDC-IS2 Server 00-1C-F0-BF-CA-FF ACTIVE
MAC Address: 00:1C:F0:BF:CA:FF (D-Link)
Is a Windows based server.
Connecting to the CIFS server target XXX.XXX.XX.XX
Error (‘Cannot request session’, 240, 130)
[+] Trying a NULL connection …
[!] CSmbClient instance has no attribute ‘smb’
Inguma Tutorial
root@bsd:/pentest/exploits/inguma# python inguma.py
Inguma Version 0.0.9.1Copyright (c) 2006-2008 Joxean Koret
No module named cx_Oracle
inguma> autoscan
Target host or network: XXX.XXX.XX.XX
Brute force username and passwords (y/n)[n]: y
Automagically fuzz available targets (y/n)[n]: y
Print to filename (enter for stdout):
Inguma ‘autoscan’ report started at Thu Jan 27 15:23:47 2011
————————————————————
TCP scanning target XXX.XXX.XX.XX
Scanning port 17004 (417/417)
Open ports
———-
Port 135/loc-srv is open
Port 139/netbios-ssn is open
Port 445/microsoft-ds is open
Port 80/www is open
Port 25/smtp is open
Port 3389 is open
MAC Address target XXX.XXX.XX.XX
None Unknow
Checking if is in promiscuous state target XXX.XXX.XX.XX
False
Identifying services target XXX.XXX.XX.XX
Port 25 : Unknow
Port 80 : Microsoft-IIS/7.0
Port 135 : identify: global name ‘s’ is not defined
Checking what ports are nated target XXX.XXX.XX.XX
Ports are NATed
TCP Port 135 TTL: 56
TCP Port 139 TTL: 114
TCP Port 3389 TTL: 114
TCP Port 80 TTL: 114
TCP Port 25 TTL: 253
ICMP TTL: 114
TCP Port 445 TTL: 114
Detecting operating system target XXX.XXX.XX.XX
nmapfp: ‘NoneType’ object is not iterable
Gathering NetBIOS information target XXX.XXX.XX.XX
NetBIOS Information
——————-
INDC-IS2 Workstation 00-1C-F0-BF-CA-FF ACTIVE
WORKGROUP Workstation 00-1C-F0-BF-CA-FF ACTIVE GROUP
INDC-IS2 Server 00-1C-F0-BF-CA-FF ACTIVE
MAC Address: 00:1C:F0:BF:CA:FF (D-Link)
Is a Windows based server.
Connecting to the CIFS server target XXX.XXX.XX.XX
Error (‘Cannot request session’, 240, 130)
[+] Trying a NULL connection …
[!] CSmbClient instance has no attribute ‘smb’
Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.
