Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [Linux]
- Bluebox-ng - Pentesting framework using Node.js powers, focused in VoIP.
- DISCLAIMER: Pointing this tool at other people's servers is NOT legal in most countries.
- * Auto VoIP/UC penetration test
- * Report generation
- * Performance
- * RFC compliant
- * SIP TLS and IPv6 support
- * SIP over websockets (and WSS) support (RFC 7118)
- * SHODAN, exploitsearch.net and Google Dorks
- * SIP common security tools (scan, extension/password bruteforce, etc.)
- * Authentication and extension brute-forcing through different types of SIP requests
- * SIP Torture (RFC 4475) partial support
- * SIP SQLi check
- * SIP denial of service (DoS) testing
- * Web management panels discovery
- * DNS brute-force, zone transfer, etc.
- * Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
- * Some common network tools: whois, ping (also TCP), traceroute, etc.
- * Asterisk AMI post-explotation
- * Dumb fuzzing
- * Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
- * Automatic vulnerability searching (CVE, OSVDB, NVD)
- * Geolocation
- * Command completion
- * Cross-platform support
- Install
- Install Node.js: https://nodejs.org/download
- npm i -g bluebox-ng
- Kali GNU/Linux
- curl -sL https://raw.githubusercontent.com/jesusprubio/bluebox-ng/master/artifacts/installScripts/kali2.sh | sudo bash -
- Use
- Console: To start the console client.
- bluebox-ng
- Programatically: To run it from other Node code.
- const Bluebox = require('bluebox-ng');
- const box = new Bluebox();
- box.run('gather/network/geo', { rhost: '8.8.8.8' })
- .then(res => {
- console.log('Result:');
- console.log(res);
- })
- .catch(err => {
- console.log('Error:');
- console.log(err);
- });
- Developer guide
- Use GitHub pull requests.
- Environment: Get a copy of the code and install the dependencies.
- git clone https://github.com/jesusprubio/bluebox-ng
- cd bluebox-ng
- npm i # or use yarn
- Debug: We use the visionmedia module, so you have to use this environment variable:
- DEBUG=bluebox-ng* npm start
- New modules: You can add your own features to this environment following this tips:
- * Add a new file inside /modules and it should appear in the pentesting environment.
- * Use the most similar among the actual ones as boilerplate.
- Tests
- We still don't have a proper Docker setup. So, for now, the test have to be run locally. Please check its code before it, they often need a valid target service.
- ./node_modules/.bin/tap test/wifi
- node test/wifi/*
- ./node_modules/.bin/tap test/wifi/scanAps.js
- node test/wifi/scanAps.js
- Conventions
- * We use ESLint and Airbnb style guide.
- * Please run to be sure your code fits with it and the tests keep passing: npm run posttest
- Contributors: https://github.com/jesusprubio/bluebox-ng/graphs/contributors
- Thanks to
- * Our mentors: @antonroman, @sandrogauci (SIPVicious was our inspiration), @pepeluxx, @markcollier46 ("Hacking VoIP Exposed").
- * Quobis, some hours of work through personal projects program.
- * Kamailio community (@kamailioproject), our favourite SIP Server.
- * Tom Steele (@_tomsteele) and the rest of exploitsearch.net team.
- * All developers who have written the Node.js modules used in the project.
- * All VoIP, free software and security hackers that we read everyday.
- * Our friend Carlos Pérez, the logo designer.
- Download Bluebox-ng: https://github.com/jesusprubio/bluebox-ng
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement