Discovery …. done :)

Posted on Thursday, May 7, 2009. Filed under: My Life, Open Source | Tags: , , |


السلام عليكم ….

النهاردة جاي أوريكوا مشروع اشتغلت فيه أنا و صحابي في الكلية

المشروع ده تبع مادة الـ

Software Engineering

المشروع عبارة عن ايه؟

المشروع ببساطة هوا

Penetration Testing Framework

ده لو حد عايز اسم رسمي ليه

المهم بقى بيعمل ايه المشروع ده؟

نفترض اني شغال في شركة … و وظيفتي في الشركة دي اني أحافظ على الأجهزة اللي في الشركة و كل شوية أعمل

Check

عليها عشان اشوف هل هيا آمنة ولا لأ

عشان كده احنا عملنا ديسكفري … نظام بسيط جدا بتديله آي بي … و يرجعلك ليستة بالبورتات المفتوحة و يجرب ينفذ عليهم شوية

exploits

ايه هيا الاكسبلويت دي؟؟

هيا عبارة عن برنامج صغير بحاول أشغله بحيث أخترق

service

معينة … على حسب ما الاكسبلويت مكتوبة

احنا حطينا حوالي 300 اكسبلويت في المشروع بحيث يجربهم كلهم ورا بعض ولو عرف يدخل من بورت … هيطبع ان الـ

service

صاحبة البورت ده ضعيفة

و بالتالي المفروض أقول لصاحب الجهاز اللي عليه البورت الضعيف ده عشان يإما يقفل البورت يإما يشوف أي حل تاني بحيث مايبقاش الجهاز فيه ثغرة أمنية

طولت عليكم في الشرح النظري ده … بس خلينا ندخل في البرنامج نفسه بسرعة كدا

login-interfacethat’s the program interface, you may want to login as Administrator, or Manager

the Manager’s task is to manage the Administrators’ accounts, he can add, remove, search for, and show the Administrators’ accounts

manager-cotrol-panel

the Administrator’s task is to scan IPs and get the final report of the program, so he can see the vulnerable services and whatever

just write the IP in the textbox next to Discover button, and then click on the button, next you’ll just have to wait a while

discovery

NOTES

before you test the program, you should know some important thingies …

1- this system works on Linux Operating System

2- feel free to edit and distribute this program

3- the Manager’s password is “discovery”

4- you must run this project when logging in as “root” (the super-user) so you can use ‘nmap’ for scanning

5- this is a Component-Based project, which depends on other systems

6-  the Developers of this project are some Computer Science geeks, not professional programmers, so please be tolerant 😀

*you can watch the source on

Google codes

*and the download link is over here:

Download

Advertisements

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

20 Responses to “Discovery …. done :)”

RSS Feed for BooDy's BloG Comments RSS Feed

Tamam ya 3abdo
note: this project developed for certain category of people not for script kiddies
and our hands out of any wrong use

this is our code google site
http://code.google.com/p/discoverypentest/

A python project very cool 🙂

Good work 😀

If you are really that interested in security give a try for this security tool “Scapy” … it’s completely written in python and is also open source so you can simply use the tool as a library for your apps .. ( it can help you to rewrite the whole thing without depending in any other tools )

And I think you should consider tuning your application a little bit to work like a server instead of working as a desktop app. ( service start discovery ) – so you start the server and it wait for someOne to login and use it
this will solve your admin access thing , since one admin will open it and many users will use it ( create an RPC server to listen at scan(IP) ) .. and it’ll allow you to create applets in your panel to use the server as a normal user 😀

and also hash the manager password code … don’t put it in a plain text at discovery.conf like that 😀

But after all very nice project , I’ll give it a try now .. Well done

ThanQ KAM for your quick reply! 😀

i really didn’t want to announce that but …
we finished coding this project within two days!! 🙂

but actually we were planning for this project a long time ago

i’ll be trying Scapy isa … i just have to work in the other project 😀

and about your suggestions, actually we haven’t planned to make this project working on Linux only, but we didn’t have much time to make it cross-platform

you’ll find the developing mistakes yourself, as we were supposed to work harder to get it working well

i kept trying to include threading in the project, but all in vain

many things to do … but no time left to make all of them …

🙂

that’s why it’s not that perfect

i’ll be posting the “dominoes” project next sunday (i guess)
you’ll forget about Discovery when you see the Dominoes
😀

thanQ again for passing by, and for your nice comment 🙂

Nice work..
You shoud have tried Metasploit’s Autopwn !

we already used it in our project

Okay, seems nice to use it, but i cannot figure out what is new here, is it for only educational purpose ?

for the moment you can say that , but the project won’t stop on this step we will developed it more in the coming days and add more features isA

Cool then 😉 RBNA M3akom ..

BTW, I took a quick look at main.py to see how the flow works, here is some notes:

A failure in getting a reverse shell doesn’t mean that the exploit actually failed, may be you have to encode it using the encoders within metasploit to bypass an IDS/IPS..
Also there is a lot of exploits aren’t designed to just give them an IP Address and they will do the job, Autopwning cann’t help you in that situation ..

I think metasploit can offer better APIs for you to do the operations needed in autopwning instead of opening an msfconsole and running the commands manually from within it.

May be you should start thinking of Integrating Discovery with Nessus later 😉
take a look at fasttrack, you might have some inspirations there too ..

Keep up the good work ya shabab ..

thanx ahmed 🙂

and thnx “abdelhamid” for helping 😀

yea .. we’ve just finished the project .. but i don’t think this is the end

as we’re interested about those so-called cracking issues 😀

ألف مبروك على البرنامج يا بشمهندس
وعقبال مشروع التخرج بإذن الله 🙂

ياااااارب!!!!

دا مشروع التخرج هيبقى موال لوحده …. 🙂

Congratulations 🙂

ان شاء الله المشروع يكبر ويكبرر لحد مايبقى مشروع تخرج كمان 😀

احنا فكرنا فعلا اننا نعمل مشروع التخرج تطوير للفكرة دي …

بس غالبا مش هينفع عشان ده هيتطلب مننا فهم حاجات كتير في الكراكينج و الـ
basis
اللي هنبني عليها …. و مش كلنا مهتم بالمجال ده اوي 🙂

ما شاء الله مشروع جميل جداااا
وعقبال مشروع التخرج ان شاء الله يكون اكبر واحسن كمان
بالتوفيق
GO ON

ربنا يكرمك فرحتيني 😀

و ان شاء الله ده مش هيبقى حاجة جمب مشروع التخرج 🙂

بس لسه الأفكار المشعشعة مش عايزة تظهر دلوقتي 😀

شكرا على ردودكم يا جماعة …

و شكر خاص لأحمد الجميل و كريم الله 🙂

جزاكم الله خيرا جميعا على المساعدة و التشجيع 🙂


Where's The Comment Form?

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: