Kaboom is a bash script that automates the first two phases of a penetration test. All informations collected are saved into a directory hierarchy very simple to browser (also in the case of multiple targets).
Kaboom performs several tasks:
-
Information Gathering
- Port scan (Nmap)
- Web resources enumeration (Dirb)
-
Vulnerability assessment
- Web vulnerability assessment (Nikto – Dirb)
- Vulnerability assessment (Nmap – Metasploit)
- Automatic Vulnerabilities research (Searchsploit – Metasploit)
- Dictionary Attacks (Hydra)
- SSH
- POP3
- IMAP
- RDP
Usage
Kaboom can be used in two ways:
- Interactive mode:
kaboom [ENTER], and the script does the rest
- NON-interactive mode:
kaboom -t <target_ip> -f <report_path> [-p one_or_more_phases]
If you want to see the help:
kaboom -h (or --help)
For more screenshots see the relative directory of the repository.
Dir Hierarchy
Customization
It’s possible to customize the script by changing the value of variables at the beginning of the file. In particularly you can choose the wordlists used by Hydra and Dirb, specify another Metasploit scan script and change the output file names.
#KABOOM_PATH='' # THE PATH COULD BE SET HERE INSTEAD OF IN BASHRC FILE
if [[ "$KABOOM_PATH" == '' ]]; then
KABOOM_PATH='.'
fi
# USER WORDLISTS
USERLIST_HYDRA_SSH="$KABOOM_PATH/user_wordlist_short.txt"
USERLIST_HYDRA_POP3="$KABOOM_PATH/user_wordlist_short.txt"
USERLIST_HYDRA_IMAP="$KABOOM_PATH/user_wordlist_short.txt"
USERLIST_HYDRA_RDP="$KABOOM_PATH/user_wordlist_short.txt"
USERLIST_HYDRA_SMB="$KABOOM_PATH/user_wordlist_short.txt"
# PASSWORD WORDLISTS
PASSLIST_HYDRA="$KABOOM_PATH/fasttrack.txt"
PASSLIST_HYDRA_SSH="$PASSLIST_HYDRA"
PASSLIST_HYDRA_POP3="$PASSLIST_HYDRA"
PASSLIST_HYDRA_IMAP="$PASSLIST_HYDRA"
PASSLIST_HYDRA_RDP="$PASSLIST_HYDRA"
PASSLIST_HYDRA_SMB="$PASSLIST_HYDRA"
# DIRB WORDLISTS
HTTP_WORDLIST="$KABOOM_PATH/custom_url_wordlist.txt"
HTTP_EXTENSIONS_FILE="$KABOOM_PATH/custom_extensions_common.txt"
# METASPLOIT SCAN SCRIPT
METASPLOIT_SCAN_SCRIPT='./metasploit_scan_script'
# NMAP FILES
SCRIPT_SYN='script-syn'
UDP='udp'
SYN='syn'
New features
- Customization (see above)
-
Multi-target specification
- You can specify up to 254 hosts (C-class network)
- New CLI interface
- More powerfull Nmap scan
- Better directory hierarchy
- Automatic research of Metasploit module associated with CVE code found
- Recognition of services exposed on not canonical ports (ex: http on 7000)
- Print out and save credentials found
Also read: Vulmap – Online Local Vulnerability Scanners Project
Twin Brother
During the development of Kaboom was born a parallel project called trigmap (trigger Nmap). This tool performs the same tasks of Kaboom, but with a different philosophy; infact, it uses only Nmap to execute his work. Generally Kaboom isn’t better than Trigmap and vice versa, but simply it’s a good thing to use both the scripts to gather more evidences.
For more informations about this tool take a look to this link.
