Friday, January 17, 2020

LRL Github: Release Party!

We Been Codin' Like Rabbits.



Lost Rabbit Labs Releases New Tools...
https://github.com/LostRabbitLabs/

It's a new year and we've come out of the rabbit hole to release a few tools and scripts that have assisted us in recent adventures. These tools should all be considered beta and works in progress but worth sharing to error on the side of helping others. In addition, we are making an effort to quickly get our Python 2 scripts upgraded to Python 3 due to the sun-setting . Below you will find more information about the new tools and how to use them. Please contribute, provide feedback, and reach out to us anytime at lostrabbitlabs@gmail.com





About LRL Tools:
The scripts in our repo are meant to supplement existing industry tools, and have a focus on 'Full Spectrum Teaming' (used by teams & rabbits of all colors). The tools were designed to produce rapid result sets which include high amounts of actionable information, in easy to use formats. We share them with the hopes of helping the community evolve tradecraft through providing coding examples, showing usage, and discussing ways to improve them and used techniques going forward. ;)




WisQuashttps://github.com/LostRabbitLabs/wisquas
A simple 'URL Revealer' (fast and lightweight scanner, enumerator, fingerprinter, fuzzer, assessor, and collector). Assists with finding vulnerabilities, anomalies, unique servers, available files/dirs, HTTP methods, and accessible web containers, in addition to auto-decoding headers and cookies.
  • Lang: Python2 - tldextract, urlparse, colorama, base64, binascii, codecs, ssl
  • Purpose: Penetration Testing / URL Scanner
  • Input: Provide one (1) URL with protocol
  • Output: Color coded console output

Example command:       ./wisquas.py -1 "http://www.lost-rabbit.com/"

More information:          New Tool Release: WisQuas



GimmeCookieshttps://github.com/LostRabbitLabs/gimmecookies
Python3 script to generate CSV output files from domain-wide crawl for digital assets (like cookies!). Cookies can be further explored with another LRL tool - AnomalousCookie.
  • Lang: Python3 - sys, socket, subprocess, requests & Sublist3r
  • Purpose: Penetration Testing / Digital Asset Management
  • Input: Provide one (1) domain name
  • Output: CSV output of headers & cookies along with discovered subdomains

Example command:       ./gimmecookies.py lost-rabbit.com

More information:          Github README



nmap2csvhttps://github.com/LostRabbitLabs/nmap2csv
A wrapper for Nmap that outputs port scan results to a CSV file (and an output 'targets.txt' file for use with 'grabbit').
  • Lang: Python3 - uses python-nmap
  • Purpose: Penetration Testing / Network Scanner
  • Input: Network or IP Address in CIDR format
  • Output: CSV output of Nmap scan results & 'grabbit target' file

Example command:       ./nmap2csv.py 192.168.0.0/24

More information:          NEW TOOL RELEASE: nmap2csv



grabbithttps://github.com/LostRabbitLabs/grabbit
Grabbit Like A Rabbit! Grabbit is a Python/Selenium based fuzzy screenshotter (png format). Provide a 'targets.txt' file with host:port (1 per line) and grabbit will provide service info and screenshots for all discovered hosts/ports.
  • Lang: Python2 - requests, socket, sys, pyvirtualdisplay, selemium, os
  • Purpose: Penetration Testing / Fuzzy Screenshotter
  • Input: Provide targets file with one (1) 'host:serviceport' per line
  • Output: 2 directories with PNG screenshots and TXT output of requests

Example command:       ./grabbit.py targets.txt

More information:          NEW TOOL RELEASE: grabbit



domaindoxerhttps://github.com/LostRabbitLabs/domaindoxer
Quickly gather information around a provided 'domain name' in the areas of leaked code/docs/info, malware associations, pastebin dumps, public containers, and general OSINT.
  • Lang: Python3 - uses google search library
  • Purpose: OSINT - Find Data Leakage around a given domain name
  • Input: Provide one (1) domain name
  • Output: URL results from google on the CLI

Example command:     ./domaindoxer.py lost-rabbit.com

More information:       Github README



wabbithttps://github.com/LostRabbitLabs/wabbit
(W)hois (A)sn (B)locklist (B)ulk (I)nquiry (T)ool - Create a CSV output file of Domain name and ASN Whois, and Blocklist status information for multiple domains. Uses URLVOID, SiteAdvisor, Fortiguard, and optionally Google Safe Browsing API4 (requires your own api key).
  • Lang: Python3 - whois, IPWhois, bs4, pysafebrowsing
  • Purpose: OSINT - Bulk Whois/Blocklist Lookup
  • Input: List of targets in a file
  • Output: CSV output of results (1 domain per row)

Example command:     ./wabbit.py targets.txt

More information:       Github README




Thank you to everyone in the community and hacker family who has inspired, contributed, supported, and dedicated themselves to making our world (the physical and virtual) a better place. No matter what color your team is...remember that we are truly on the same team and in this together!


Happy New Year & Happy Hunting!
-- the Lost Rabbits --



Tuesday, January 7, 2020

NEW TOOL RELEASE: grabbit

Grabbit Like A Rabbit!


What is Grabbit? 
Grabbit is a Python/Selenium based fuzzy screenshotter (png format). Provide a 'targets.txt' file with one (1) host:service pair per line and grabbit will provide service infos and screenshots for all discovered hosts/ports.


Where can you find grabbit?

How does it work? 
  1. Performs socket connection to service port and logs output
  2. Performs HTTP request of service port (with screenshot/log)
  3. Performs HTTPS request of service port (with screenshot/log)
  4. Performs additional HTTP/HTTPS requests with a handful of fuzzed payloads with non-standard characters, script tag, and a flood.


Example commands and usage...

./grabbit.py targets.txt



Grabbit Walkthrough


1. Clone the 'grabbit' package from Github...


# git clone https://github.com/lostrabbitlabs/grabbit
# cd grabbit
# chmod 655 grabbit.py

2. Install the following libraries...

pip install pyvirtualdisplay
apt-get install xvfb
wget https://github.com/mozilla/geckodriver/releases/download/v0.18.0/geckodriver-v0.18.0-linux64.tar.gz
tar zxvf geckodriver-v0.18.0-linux64.tar.gz
chmod 655 geckodriver
cp geckodriver /usr/bin/geckodriver


3. Prepare 'targets.txt' file (see 'nmap2csv' for more info)...

NOTE: In the example below IP addresses are used but host names may be used as well (ie: www.lost-rabbit.com:443)


4. Run 'grabbit.py' command on 'targets.txt' file...

# ./grabbit.py targets.txt


5. Grabbit will perform requests on services and log output as well as perform screenshots of all successful requests...



6. When completed, there will be two (2) output directories with results (/services & /screenshots)...

Output of /screenshots directory ('ls' command):


Output of /screenshots directory (GUI):



Output of /services directory:




Monday, January 6, 2020

NEW TOOL RELEASE: nmap2csv

Port scanning to spreadsheets...


What is nmap2csv? 
A wrapper for Nmap (Python3) that outputs port scan results to a CSV file. Also created is a 'targets.txt' file where discovered services are logged one host:service pair per line.


Where can you find nmap2csv?

How does it work? 
Modify the 'nmap2csv.py' file as needed to change 'nmap_args' (default below):

nmap_args = "-sV -T4 "

Provide a network or host (in CIDR notation) to 'nmap2csv.py' and it will perform the following...
  1. Perform Nmap scan
  2. Output CSV file of Nmap results
  3. Output 'targets.txt' file of all discovered services


Example commands and usage...

./nmap2csv.py 10.0.0.0/24


nmap2csv Walkthrough

1. Clone the 'nmap2csv' package from Github...


# git clone https://github.com/lostrabbitlabs/nmap2csv
# cd nmap2csv
# chmod 655 nmap2csv.py

2. Install the following library...


pip3 install python-nmap


3. Modify 'nmap_args' variable as needed...




4. Run 'nmap2csv.py' on desired host/network (be sure to use CIDR notation)...


#./nmap2csv.py 1.3.3.0/24




5. When complete two (2) output files will be created...

  •  NMAP-output-network.csv (all Nmap results)
  •  targets.txt (hostname:port)



6. Using 'cat' to view the CSV file...



7. Opening with Libre Office will allow sorting and filtering...
Select 'Semicolon' as your 'Separator Character':


Sort by port, protocol, service name, version, and more:



8. Also created is 'targets.txt' with all discovered 'host:service' pairs (to be used with 'grabbit.py')...