0Xsp Mongoose V1.7 - Linux/Windows Privilege Escalation Intelligent Enumeration Toolkit


Using 0xsp mongoose y'all volition endure able to scan targeted operating arrangement for whatever possible agency for privilege escalation attacks, starting from collecting information phase until reporting information through 0xsp Web Application API.
user volition endure able to scan dissimilar Linux / windows Operation systems at the same fourth dimension alongside high performance, without spending fourth dimension looking within the finally or text file for what is found, mongoose shortens this agency past times allowing y'all to post this information straight into spider web application friendly interface through tardily API endpoint.
projection is divided into 2 sections server & agent .
server has been coded alongside PHP(codeigniter) y'all demand to install this application into your preferred environment, y'all tin utilization it online or on your localhost. user is costless to alternative .also contribution to enhancing features are most welcomed.
Agent has been coded every bit ELF alongside Lazarus Free Pascal volition endure released alongside (32, 64 bit) spell executing Agent on targeted arrangement alongside all required parameters. user is costless to create upward one's heed whether willing to communicate alongside Server App to shop results together with explore them easily . or he tin also run this tool without Web API Connection.

Agent Usage
  1. make certain to laissez passer on it executable permission chmod +x agent
  2. ./agent -h (display assistance instructions)
-k --check core for mutual used privilige escalations exploits.  -u --Getting information virtually Users , groups , releated information. -c --check cronjobs.  -n --Retrieve Network information,interfaces ...etc. -w --Enumerate for Writeable Files , Dirs , SUID ,  -i --Search for Bash,python,Mysql,Vim..etc History files. -f --search for Senstive config files accessible & someone stuff.  -o --connect to 0xsp Web Application.  -p --Show All procedure By running nether Root,Check For Vulnerable Packages.  -e --Kernel inspection Tool, it volition assistance to search through tool databases for core vulnerabilities.  -x --secret Key to authorize your connectedness alongside WebApp API (default is 0xsp).  -a --Display README.     

Server Web App (must endure similar this : http://host/0xsp/ )

  1. make certain to bring at to the lowest degree php 5.6 or above
  2. requires mysql 5.6
  3. make certain to add together Web application on root path / alongside folder get upward 0xsp every bit [ http://localhost/0xsp/] , Agent volition non connect to it inward illustration non configured correctly . the agent volition connect entirely every bit next illustration :
./agent {SCAN OPTION} -o localhost -x secretkey

Examples With WebApi
./agent -c -o localhost -x 0xsp { enumerate for CRON Tasks together with Transfer results into Web Api}  ./agent -e -o localhost -x 0xsp { intelligent Exploits Detector } ./agent -c -e localhost -x 0sxp { volition run 2 scans together together with post constitute results straight } ./agent -m -o 10.10.13.1 -x 0xsp { RUN all Scans together together with export it to Web API} 

Examples Without WebApi
./agent -c -k -p { this volition run iii scans at the same fourth dimension alongside out sending results into Web Api }

Agent Features
  1. High performance , stability , Output results Generated spell executing no delays
  2. Ability to execute most of functions alongside intelligent techniques .
  3. results are existence sent to Quick Web API
  4. Exception Handling .
  5. inbuilt Json Data railroad train for publicly disclosed Exploits .
  6. Fast As Mongoose