Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ARPSyndicate/kenzer

automated web assets enumeration & scanning [DEPRECATED]
https://github.com/ARPSyndicate/kenzer

aquatone arpsyndicate axiom certex domlock favinizer ffuf freaker freakerdb jaeles kenzer nuclei s3hunter shuffledns subfinder zulip

Last synced: about 1 month ago
JSON representation

automated web assets enumeration & scanning [DEPRECATED]

Host: GitHub
URL: https://github.com/ARPSyndicate/kenzer
Owner: ARPSyndicate
Archived: true
Created: 2020-09-17T10:55:15.000Z (almost 4 years ago)
Default Branch: master
Last Pushed: 2023-03-07T09:20:26.000Z (over 1 year ago)
Last Synced: 2024-05-21T08:25:22.948Z (4 months ago)
Topics: aquatone, arpsyndicate, axiom, certex, domlock, favinizer, ffuf, freaker, freakerdb, jaeles, kenzer, nuclei, s3hunter, shuffledns, subfinder, zulip
Language: Python
Homepage: https://asm.arpsyndicate.io
Size: 1.55 MB
Stars: 286
Watchers: 13
Forks: 60
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - ARPSyndicate/kenzer - automated web assets enumeration & scanning [DEPRECATED] (Python)

README

        




KENZER - Automated web assets enumeration & scanning

[DEPRECATED]



  





## Mentions

[A Conceptual Introduction to Automating Bug Bounties](https://g147.medium.com/a-conceptual-introduction-to-automating-bug-bounties-ft-arpsyndicate-yeswehack-scanfactory-f2468f345d7)


## Demo

[![kenzer](screenshots/yt-thumbnail.png)](https://www.youtube.com/watch?v=pD0IRloikz8)

## Screenshots

![kenzer](screenshots/kenzer0.png)

![kenzer](screenshots/kenzer1.png)

## Instructions for running

0. Run `git clone https://github.com/ARPSyndicate/kenzer /home/ubuntu/kenzer && cd /home/ubuntu/kenzer` **(preferred)**


1. Create an account on [Zulip](https://zulipchat.com)


2. Navigate to `Settings > Your Bots > Add a new bot`


3. Create a new generic bot named `kenzer`


4. Add all the configurations in `configs/kenzer.conf`


5. Install/Run using - 


   - `./install.sh -b` [if you need `kenzer-compatible` binaries to be installed] **(preferred)**


   - `./install.sh` [if you do not need `kenzer-compatible` binaries to be installed]


   - `./run.sh` [if you do not need installation at all]


   - `./service.sh` [initialize it as a service post-installation] **(preferred)**


   - `bash swap.sh` [in case you are facing memory issues]

6. Interact with `kenzer` using Zulip client, by adding bot to a stream or via DM.


7. Test `@**kenzer** man` as Zulip input to display available commands.


8. All the commands can be used by mentioning the chatbot using the prefix `@**kenzer**` (name of your chatbot).


## Some Popular Features

- Subdomain Enumeration using Subfinder, Amass, CerteX, TLSX, DNSX, NXScan, & ShuffleDNS

- Port Enumeration using NXScan (Shodan, Netlas, Naabu & Nmap)

- Web Enumeration using HttpX, Favinizer, Domlock, Gau, GoSpider, URLhunter & Waymore

- Web Vulnerability Scanning using Freaker, Jaeles, Wapiti, ZAP, Nuclei, Rescro & DalFox

- Backup Files Scanning using Fuzzuli

- Git Repository Enumeration & Scanning using RepoHunt & Trufflehog

- Web Screenshot Identification using Shottie & Perceptic

- WAF Detection & Avoidance using WafW00f & Nuclei

- Reputation Scoring using DomREP (GreyNoise, URLHaus, PhishTank)

- Every task can be distributed over multiple machines

- Every task can be executed through a single HTTP/SOCKS Proxy

## Built-in Modules

> - `blacklist ,` - initializes & removes blacklisted targets

> - `whitelist ,` - initializes & keeps only whitelisted targets

> - `program ,[][][]` - initializes the program to which target belongs

> - `subenum[-[active/passive (default=all)]] ` - enumerates subdomains

> - `repenum ` - enumerates reputation of subdomains

> - `repoenum ` - enumerates github repositories

> - `portenum[-[100/1000/full/fast (default=1000)]] ` - enumerates open ports

> - `servenum ` - enumerates services

> - `webenum ` - enumerates webservers

> - `headenum ` - enumerates additional info from webservers

> - `urlheadenum ` - enumerates additional info from urls

> - `asnenum ` - enumerates asn records

> - `dnsenum ` - enumerates dns records

> - `conenum ` - enumerates hidden files & directories

> - `urlenum[-[active/passive (default=all)]] ` - enumerates urls

> - `socenum ` - enumerates social media accounts

> - `keysenum ` - enumerates sensitive api keys

> - `wafscan ` - scans for firewalls

> - `subscan[-[web/dns (default=all)]] ` - hunts for subdomain takeovers

> - `urlscan[-[cmdi/crlf/redirect/sqli/ssrf/ssti/xss (default=all)]] ` - hunts for vulnerabilities in URL parameters

> - `reposcan ` - scans github repositories for api key leaks

> - `bakscan ` - scans for backup files

> - `cscan[-[critical/high/medium/low/info/workflow (default=all)]] ` - scan with customized templates

> - `cvescan[-[critical/high/medium/low/info/workflow (default=all)]] ` - hunts for CVEs

> - `vulnscan[-[critical/high/medium/low/info/workflow (default=all)]] ` - hunts for other common vulnerabilities

> - `idscan[-[critical/high/medium/low/info/workflow (default=all)]] ` - identifies applications running on webservers

> - `portscan ` - scans open ports (nmap)(slow)

> - `shodscan ` - scans open ports (shodan)(fast)

> - `xssscan ` - scans for xss vulnerabilities

> - `appscan ` - scans for webapp vulnerabilities

> - `buckscan ` - hunts for unreferenced aws s3 buckets

> - `favscan ` - fingerprints webservers using favicon

> - `vizscan[-[web/repo (default=web)]] ` - screenshots websites & repositories

> - `enum ` - runs all enumerator modules

> - `scan ` - runs all scanner modules

> - `recon ` - runs all modules

> - `hunt ` - runs your custom workflow

> - `disseminate  ` - splits & distributes input over multiple bots

> - `upload` - switches upload functionality

> - `waf` - switches waf avoid functionality"

> - `proxy` - switches proxy functionality"

> - `upgrade` - upgrades kenzer to latest version

> - `monitor ` - monitors ct logs for new subdomains

> - `monitor normalize` - normalizes the enumerations from ct logs

> - `monitor db` - monitors ct logs for domains in summary/domain.txt

> - `monitor autohunt ` - starts automated hunt while monitoring

> - `sync` - synchronizes the local kenzerdb with github

> - `freaker  []` - runs freaker module

> - `kenzer ` - runs a specific module

> - `kenzer man` - shows this manual

## The Beginner's Workflow

![workflow](screenshots/workflow.png)

Although few more modules are available & much more is going to be released in the course of time which can advance this workflow, yet this one is enough to get started with & listed below are few of its successful hunts.











**COMPATIBILITY TESTED ON UBUNTU 20.04.5 (x86_64) ONLY**


**RIGGED WITH LOGIC ISSUES**


**FEEL FREE TO SUBMIT PULL REQUESTS**


**THIS IS A VERY SOPHISTICATED AUTOMATION FRAMEWORK**


**MEANT TO BE DEPLOYED ON AWS UBUNTU 20.04 AMD64 SERVER**


**ABILITY TO UNDERSTAND PYTHON & BASH IS A PREREQUISITE**


**WE DO NOT PROVIDE ANY SUPPORT WITH INSTALLATION**


**ISSUES RELATED TO INSTALLATION WILL BE CLOSED WITHOUT ANY RESOLUTION**