https://github.com/dreizehnutters/vide
Minimal web server enumeration & attack surface detection tool based on results of nmap.
https://github.com/dreizehnutters/vide
attack-surface autorecon ctf enumeration-tool pentest-tool pentesting recon vide
Last synced: 4 days ago
JSON representation
Minimal web server enumeration & attack surface detection tool based on results of nmap.
- Host: GitHub
- URL: https://github.com/dreizehnutters/vide
- Owner: dreizehnutters
- License: gpl-3.0
- Created: 2023-01-18T21:55:39.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-09-17T19:10:29.000Z (over 1 year ago)
- Last Synced: 2024-09-17T23:40:44.247Z (over 1 year ago)
- Topics: attack-surface, autorecon, ctf, enumeration-tool, pentest-tool, pentesting, recon, vide
- Language: Shell
- Homepage: https://gist.github.com/dreizehnutters/5c315b2088a1666ff877c3cea363d775
- Size: 8.11 MB
- Stars: 38
- Watchers: 2
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# vide.sh
Tool to probe and crawl targets and enumerate their attack surface using varous engines.
Inputs can be:
* `.xml` files generated by `nmap`
- `vide.sh nmap -sc -sp -eu -ew`
* a list of targets
- `vide.sh scope.txt -sp -sc -ev`
* stdin
- `echo example.com | vide.sh -sp -es --config custom.sh`
* direct
- `vide.sh "10.0.13.37:8443" -el`
```
_______________
==c(___(o(______(_()
\=\
)=\ ┌─────────────────────────~vide~────┐
//|\\ │ attack surface enumeration │
//|| \\ │ version: 2.2 │
// ||. \\ └─────────────────@dreizehnutters───┘
.// || \\ .
// . \\
```
This is yet another ctf/engagement automation tool, born out of curiosity and boredom. This tool was inspired by [six2dez/reconftw](https://github.com/six2dez/reconftw).
---
## Usage
```txt
Usage: vide.sh input [mods] [options] [misc]
Required:
input Specify an input format (e.g., file/path, string or stdin)
Mods:
-sp Skip probing with httpx
-sc Skip crawling with katana
Options:
-es Enable screenshot
-ew Enable whatweb scans
-ea Enable wanalyze scans
-en Enable nmap script scans
-eu Enable nuclei scans
-ei Enable nikto scans
-ef Enable ffuf brute forcing
-ev Enable virtual host header fuzzing
-ej Enable js crawl
-eb Enable bypass scans
-el Enable testssl.sh scans
-eh Enable ssh-audit scans
Misc:
-h|--help Show this message
-c|--config Config file to pass (default: custom.sh)
-o|--out-dir Out-dir to work in (default: $PWD)
--verify Check configuration file (default: config.sh)
Example:
# skip crawl, skip probing, do virtual host header scan on a list of targets
vide.sh scope.txt -sp -sc -ev
# skip crawl, do nuclei, do whatweb on nmap output directory
vide.sh nmap -sc -eu -ew
# with config skip probing, do screenshot on stdin (default to HTTP)
echo example.com | vide.sh -sp -es --config custom.sh
# ssl scan on target
vide.sh '10.0.13.37:8443' -el
# verify current config.sh
vide.sh --verify
```
## Example
[](https://miro.medium.com/v2/resize:fit:4800/format:webp/1*37G-LKGZgEAx-0JFcn4fKw.gif)
```bash
# skip crawling, do httpX screenshots and WhatWeb scans on nmap -oX data
$ vide.sh nmap -sc -es -ew
[...]
$ tree .
├── nmap
│ └── init.xml
└── vide_runs
└── vide_22.02_23301708641003
├── host_port.txt
├── http_servers.txt
├── https_servers.txt
├── httpx
│ └── scan.log
├── screenshots
│ ├── response
│ │ ├── 192.168.42.131
│ │ │ └── 628362c5635403dbffbf03eb624e464b50915bc4.txt
│ │ └── index.txt
│ └── screenshot
│ ├── 192.168.42.131
│ │ └── 628362c5635403dbffbf03eb624e464b50915bc4.png
│ ├── index_screenshot.txt
│ └── screenshot.html
├── vide.log
├── vide_targets.txt
└── whatweb
├── brief_all.log
├── brief.log
├── deep_all.log
└── deep.log
```
---
## Installation
The installtion and maintance of used modules by `vide.sh` is left to the user
```bash
$ git clone https://github.com/dreizehnutters/vide
$ cd vide
$ ln -s $(pwd)/vide.sh ~/.local/bin/vide.sh
$ vide.sh --verify
```
---
## Configuration
One has to edit the `config.sh` to adjust the location of used binaries and configure extra parameter about each engine
```bash
cat config.sh| head -n15
# ---= bins =--- #CHANGE ME
NMAP=/usr/bin/nmap
XMLS=/usr/bin/xmlstarlet
NIKTO=/usr/bin/nikto
WW=/usr/bin/whatweb
WA=/usr/local/bin/webanalyze
SMBMAP=/usr/bin/smbmap
ENUM4LINUX=$PY_PATH/enum4linux-ng.py
FFUF=$GO_PATH/bin/ffuf
BYP4=$GO_PATH/bin/byp4xx
SUBJS=$GO_PATH/bin/subjs
HTTPX=$HOME/.pdtm/go/bin/httpx
NUCLEI=$HOME/.pdtm/go/bin/nuclei
KATANA=$HOME/.pdtm/go/bin/katana
```
```bash
# check the current configuration
$ vide.sh --verify
```
---
## Scanning Engines
|Software|Version|Install|
|-|-|-|
|`xmlstarlet`| >= `1.6.1`| [XML parsing](https://xmlstar.sourceforge.net)|
|`httpx`| >= `1.2.5`| [server probing](https://github.com/projectdiscovery/httpx)|
|`katana`| >= `1.0.0`| [crwaling](https://github.com/projectdiscovery/katana)|
|`whatweb`| >= `0.5.5`| [tech discovery ](https://github.com/urbanadventurer/WhatWeb)|
|`webanalyze`| >= `0.3.8`| [tech discovery](https://github.com/rverton/webanalyze)|
|`nuclei`| >= `2.8.9`| [web server scanning](https://github.com/projectdiscovery/nuclei)|
|`nikto`| >= `2.5.0`| [web server scanning](https://github.com/sullo/nikto)|
|`ffuf`| >= `2.0.0`| [directory brute forcing](https://github.com/ffuf/ffuf)|
|`byp4xx`| >= `b337580`| [bypass checks](https://github.com/lobuhi/byp4xx)|
|`subjs`| >= `1.0.0`| [crawling js](https://github.com/lc/subjs)|
|`enum4linux-ng.py`| >= `1.3.1`| [windows enumeration ](https://github.com/cddmp/enum4linux-ng)|
|`smbmap`| >= `1.9.1`| [smb enumeration](https://github.com/ShawnDEvans/smbmap)|
|`nmap`| >= `7.94`| [extended script scans](https://github.com/nmap/nmap)|
|`testssl.sh`| >= `3.2rc3`| [SSL compliance scans](https://testssl.sh/)|
|`ssh-audit`| >= `3.1.0`| [SSH compliance scans](https://pypi.org/project/ssh-audit/)|