Grabbit Like A Rabbit!
What is Grabbit?
Grabbit is a Python/Selenium based fuzzy screenshotter (png format). Provide a 'targets.txt' file with one (1) host:service pair per line and grabbit will provide service infos and screenshots for all discovered hosts/ports.
Where can you find grabbit?
How does it work?
- Performs socket connection to service port and logs output
- Performs HTTP request of service port (with screenshot/log)
- Performs HTTPS request of service port (with screenshot/log)
- Performs additional HTTP/HTTPS requests with a handful of fuzzed payloads with non-standard characters, script tag, and a flood.
Example commands and usage...
./grabbit.py targets.txt
Grabbit Walkthrough
1. Clone the 'grabbit' package from Github...
# git clone https://github.com/lostrabbitlabs/grabbit
# cd grabbit
# chmod 655 grabbit.py
# pip install pyvirtualdisplay
# apt-get install xvfb
# wget https://github.com/mozilla/geckodriver/releases/download/v0.18.0/geckodriver-v0.18.0-linux64.tar.gz
# tar zxvf geckodriver-v0.18.0-linux64.tar.gz
# chmod 655 geckodriver
# cp geckodriver /usr/bin/geckodriver
NOTE: In the example below IP addresses are used but host names may be used as well (ie: www.lost-rabbit.com:443)
4. Run 'grabbit.py' command on 'targets.txt' file...
# ./grabbit.py targets.txt
5. Grabbit will perform requests on services and log output as well as perform screenshots of all successful requests...
6. When completed, there will be two (2) output directories with results (/services & /screenshots)...
Output of /screenshots directory ('ls' command):
Output of /screenshots directory (GUI):
Output of /services directory:
No comments:
Post a Comment