0Xsp-Mongoose - Privilege Escalation Enumeration Toolkit (Elf 64/32), Fast, Intelligent Enumeration Amongst Spider Web Api Integration
Using 0xsp mongoose you lot volition live able to scan a targeted operating organisation for whatever possible agency for privilege escalation attacks, starting from collecting information phase until reporting information through 0xsp Web Application API.
user volition live able to scan dissimilar Linux bone organisation at the same fourth dimension alongside high performance, without spending fourth dimension looking within the lastly or text file for what is found, mongoose shorten this agency past times allowing you lot to post this information straight into spider web application friendly interface through slow API endpoint.
projection is divided into 2 sections
server
& agent
.server
has been coded alongside PHP(codeigniter
) you lot demand to install this application into your preferred environment, you lot tin utilization it online or on your localhost. user is gratuitous to choice .also contribution to enhancing features are most welcomed.Agent
has been coded every bit ELF alongside Lazarus Free Pascal
volition live released alongside (32, 64 bit) field executing Agent
on targeted organisation alongside all required parameters. user is gratuitous to create upward one's heed whether willing to communicate alongside Server App
to shop results together with explore them easily . or he tin also run this tool without Web API Connection.Agent Usage
- make certain to plow over it executable permission
chmod +x agent
- ./agent -h (display help instructions)
-k --check pith for mutual used privilige escalations exploits. -u --Getting information nearly Users , groups , releated information. -c --check cronjobs. -n --Retrieve Network information,interfaces ...etc. -w --Enumerate for Writeable Files , Dirs , SUID , -i --Search for Bash,python,Mysql,Vim..etc History files. -f --search for Senstive config files accessible & mortal stuff. -o --connect to 0xsp Web Application. -p --Show All procedure By running nether Root,Check For Vulnerable Packages. -e --Kernel inspection Tool, it volition help to search through tool databases for pith vulnerabilities. -x --secret Key to authorize your connector alongside WebApp API (default is 0xsp). -a --Display README.
Server Web App (must live similar this : http://host/0xsp/ )
- make certain to accept at to the lowest degree
php 5.6 or above
- requires
mysql 5.6
- make certain to add together Web application on root path
/
alongside folder cite0xsp
every bit [ http://localhost/0xsp/] ,Agent
volition non connect to it inwards example non configured correctly . theagent
volition connect entirely every bit next example :
./agent {SCAN OPTION} -o localhost -x secretkey
Examples With WebApi
./agent -c -o localhost -x 0xsp { enumerate for CRON Tasks together with Transfer results into Web Api} ./agent -e -o localhost -x 0xsp { intelligent Exploits Detector } ./agent -c -e localhost -x 0sxp { volition run 2 scans together together with post flora results straight } ./agent -m -o 10.10.13.1 -x 0xsp { RUN all Scans together together with export it to Web API}
Examples Without WebApi
./agent -c -k -p { this volition run three scans at the same fourth dimension alongside out sending results into Web Api }
Agent Features
- High performance , stability , Output results Generated field executing no delays
- Ability to execute most of functions alongside intelligent techniques .
- results are existence sent to Quick Web API
- Exception Handling .
- inbuilt Json Data develop for publicly disclosed Exploits .
- Fast As Mongoose