Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ARPSyndicate/kenzer

automated web assets enumeration & scanning [DEPRECATED]
https://github.com/ARPSyndicate/kenzer

aquatone arpsyndicate axiom certex domlock favinizer ffuf freaker freakerdb jaeles kenzer nuclei s3hunter shuffledns subfinder zulip

Last synced: 22 days ago
JSON representation

automated web assets enumeration & scanning [DEPRECATED]

Awesome Lists containing this project

README

        



KENZER - Automated web assets enumeration & scanning


[DEPRECATED]



ScanFactory LinkedIn ScanFactory Twitter ScanFactory Telegram Recon Bot

## Mentions

[A Conceptual Introduction to Automating Bug Bounties](https://g147.medium.com/a-conceptual-introduction-to-automating-bug-bounties-ft-arpsyndicate-yeswehack-scanfactory-f2468f345d7)

## Demo

[![kenzer](screenshots/yt-thumbnail.png)](https://www.youtube.com/watch?v=pD0IRloikz8)

## Screenshots

![kenzer](screenshots/kenzer0.png)
![kenzer](screenshots/kenzer1.png)

## Instructions for running

0. Run `git clone https://github.com/ARPSyndicate/kenzer /home/ubuntu/kenzer && cd /home/ubuntu/kenzer` **(preferred)**

1. Create an account on [Zulip](https://zulipchat.com)

2. Navigate to `Settings > Your Bots > Add a new bot`

3. Create a new generic bot named `kenzer`

4. Add all the configurations in `configs/kenzer.conf`

5. Install/Run using -

- `./install.sh -b` [if you need `kenzer-compatible` binaries to be installed] **(preferred)**

- `./install.sh` [if you do not need `kenzer-compatible` binaries to be installed]

- `./run.sh` [if you do not need installation at all]

- `./service.sh` [initialize it as a service post-installation] **(preferred)**

- `bash swap.sh` [in case you are facing memory issues]
6. Interact with `kenzer` using Zulip client, by adding bot to a stream or via DM.

7. Test `@**kenzer** man` as Zulip input to display available commands.

8. All the commands can be used by mentioning the chatbot using the prefix `@**kenzer**` (name of your chatbot).

## Some Popular Features
- Subdomain Enumeration using Subfinder, Amass, CerteX, TLSX, DNSX, NXScan, & ShuffleDNS
- Port Enumeration using NXScan (Shodan, Netlas, Naabu & Nmap)
- Web Enumeration using HttpX, Favinizer, Domlock, Gau, GoSpider, URLhunter & Waymore
- Web Vulnerability Scanning using Freaker, Jaeles, Wapiti, ZAP, Nuclei, Rescro & DalFox
- Backup Files Scanning using Fuzzuli
- Git Repository Enumeration & Scanning using RepoHunt & Trufflehog
- Web Screenshot Identification using Shottie & Perceptic
- WAF Detection & Avoidance using WafW00f & Nuclei
- Reputation Scoring using DomREP (GreyNoise, URLHaus, PhishTank)
- Every task can be distributed over multiple machines
- Every task can be executed through a single HTTP/SOCKS Proxy

## Built-in Modules

> - `blacklist ,` - initializes & removes blacklisted targets
> - `whitelist ,` - initializes & keeps only whitelisted targets
> - `program ,[][][]` - initializes the program to which target belongs
> - `subenum[-[active/passive (default=all)]] ` - enumerates subdomains
> - `repenum ` - enumerates reputation of subdomains
> - `repoenum ` - enumerates github repositories
> - `portenum[-[100/1000/full/fast (default=1000)]] ` - enumerates open ports
> - `servenum ` - enumerates services
> - `webenum ` - enumerates webservers
> - `headenum ` - enumerates additional info from webservers
> - `urlheadenum ` - enumerates additional info from urls
> - `asnenum ` - enumerates asn records
> - `dnsenum ` - enumerates dns records
> - `conenum ` - enumerates hidden files & directories
> - `urlenum[-[active/passive (default=all)]] ` - enumerates urls
> - `socenum ` - enumerates social media accounts
> - `keysenum ` - enumerates sensitive api keys
> - `wafscan ` - scans for firewalls
> - `subscan[-[web/dns (default=all)]] ` - hunts for subdomain takeovers
> - `urlscan[-[cmdi/crlf/redirect/sqli/ssrf/ssti/xss (default=all)]] ` - hunts for vulnerabilities in URL parameters
> - `reposcan ` - scans github repositories for api key leaks
> - `bakscan ` - scans for backup files
> - `cscan[-[critical/high/medium/low/info/workflow (default=all)]] ` - scan with customized templates
> - `cvescan[-[critical/high/medium/low/info/workflow (default=all)]] ` - hunts for CVEs
> - `vulnscan[-[critical/high/medium/low/info/workflow (default=all)]] ` - hunts for other common vulnerabilities
> - `idscan[-[critical/high/medium/low/info/workflow (default=all)]] ` - identifies applications running on webservers
> - `portscan ` - scans open ports (nmap)(slow)
> - `shodscan ` - scans open ports (shodan)(fast)
> - `xssscan ` - scans for xss vulnerabilities
> - `appscan ` - scans for webapp vulnerabilities
> - `buckscan ` - hunts for unreferenced aws s3 buckets
> - `favscan ` - fingerprints webservers using favicon
> - `vizscan[-[web/repo (default=web)]] ` - screenshots websites & repositories
> - `enum ` - runs all enumerator modules
> - `scan ` - runs all scanner modules
> - `recon ` - runs all modules
> - `hunt ` - runs your custom workflow
> - `disseminate ` - splits & distributes input over multiple bots
> - `upload` - switches upload functionality
> - `waf` - switches waf avoid functionality"
> - `proxy` - switches proxy functionality"
> - `upgrade` - upgrades kenzer to latest version
> - `monitor ` - monitors ct logs for new subdomains
> - `monitor normalize` - normalizes the enumerations from ct logs
> - `monitor db` - monitors ct logs for domains in summary/domain.txt
> - `monitor autohunt ` - starts automated hunt while monitoring
> - `sync` - synchronizes the local kenzerdb with github
> - `freaker []` - runs freaker module
> - `kenzer ` - runs a specific module
> - `kenzer man` - shows this manual

## The Beginner's Workflow

![workflow](screenshots/workflow.png)

Although few more modules are available & much more is going to be released in the course of time which can advance this workflow, yet this one is enough to get started with & listed below are few of its successful hunts.





**COMPATIBILITY TESTED ON UBUNTU 20.04.5 (x86_64) ONLY**

**RIGGED WITH LOGIC ISSUES**

**FEEL FREE TO SUBMIT PULL REQUESTS**

**THIS IS A VERY SOPHISTICATED AUTOMATION FRAMEWORK**

**MEANT TO BE DEPLOYED ON AWS UBUNTU 20.04 AMD64 SERVER**

**ABILITY TO UNDERSTAND PYTHON & BASH IS A PREREQUISITE**

**WE DO NOT PROVIDE ANY SUPPORT WITH INSTALLATION**

**ISSUES RELATED TO INSTALLATION WILL BE CLOSED WITHOUT ANY RESOLUTION**