Presentation is loading. Please wait.

Presentation is loading. Please wait.

Battalion: Automating Recon

Published byDulcie Cook Modified over 6 years ago

Similar presentations

Presentation on theme: "Battalion: Automating Recon"— Presentation transcript:

1 Battalion: Automating Recon
Created by: Stewart Olson Patrick Garrity

2 Agenda Who are we? Anatomy of a Pentest Existing Tools & Issues
Introducing Battalion Future Development Questions!

3 Who are we? Stewart Olson - @Abraxassc2
Works at Nth Generation Computing ~5 years of experience in IT/Sysadmin Recently focusing more exclusively on security Pat Garrity Works at Nerdery, Inc. as a Sr. software engineer Published: Lock-Free Algorithms for Thread Safe Programming Speaker at CIGCSE & MICS This project is independent from our jobs

4 High-Level Pentesting Process

5

6 What is Battalion? It was designed to answer the question, “Given a website and the companies name, what useful data can automatically be gathered?”, in short, it attempts to automate recon Why? Save time Better allocate time and resources Sift through large amounts of data for key information How? Use scripts, parsers, tools, and techniques to take resulting data from one action and present it as input for another tool

7 Where does Battalion fit in?
Recon (Duh?) DNS Enumeration Address Scavenging Scanning Open Ports? Vulnerabilities? Gaining Access Exploiting vulnerabilities Phishing, etc. Reporting

8 Structure of Battalion
Some of Many Outputs: Subdomain & IP Lists Users involved in breaches Open Ports Versions of technologies and associated vulnerabilities Two Simple Inputs: Domain Name Company Name

9 Battalion Domain Scanning Process (partial)
Collected Data Vulnerabilities Data Open Ports WPscan data Subdomain & IP Lists Host data (apache, nginx, etc.) API data on IPs and hostnames More in place and more to come!

10 Brief Sample Domain Scan

11 Battalion User Scanning Process (partial)
Collected Data Current and former employees Whois Data Likely valid addresses addresses involved in breaches Phishing targets and, coming soon, automated phishing campaigns Breach Detection Process Google dorks for past/current employees Name to transformer HaveIBeenPwned API response analysis for valid format detection HaveIBeenPwned API for breaches

12 Existing Toolset Future Toolset Many Custom Scripts WPScan DNSRecon
EyeWitness NMAP DNSTwist Ruby whois Whatweb TheHarvester Shodan’s API HaveIBeenPwned’s API More custom tools PassiveTotal API Recon-ng XSS Testing tools Gobuster/Dirbuster Metagoofil Twitter API SET Joomscan Better reports More Dorks More Scan Options Passive->Aggressive Integrate with other tools and services

13 Repository https://github.com/theabraxas/Battalion
Try Battalion!!! Repository Contributors Welcome! Special Thanks: @Viss @Sneakerhax @xcc @001SPARTaN Questions: @AbraxasSC2 @eidolonPG

Download ppt "Battalion: Automating Recon"

Similar presentations

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
1 MTvScan (Malware, Trojan, Viruses Scanner) Enterprise Class Security Scanner.

1 MTvScan (Malware, Trojan, Viruses Scanner) Enterprise Class Security Scanner.
Gone in 60 minutes A Practical Approach to Hacking an Enterprise with YASUO Saurabh Harit Stephen Hall

Gone in 60 minutes A Practical Approach to Hacking an Enterprise with YASUO Saurabh Harit Stephen Hall
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.

Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.

1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.
Automated Tests in NICOS Nightly Control System Alexander Undrus Brookhaven National Laboratory, Upton, NY 11973 Software testing is a difficult, time-consuming.

Automated Tests in NICOS Nightly Control System Alexander Undrus Brookhaven National Laboratory, Upton, NY Software testing is a difficult, time-consuming.
The Business of Penetration Testing

The Business of Penetration Testing
Penetration Testing.

Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
AGENDA Welcome and introductions Brief introduction to PSI Mobile Technical Overview Demonstration Q and A Next Actions.

AGENDA Welcome and introductions Brief introduction to PSI Mobile Technical Overview Demonstration Q and A Next Actions.
ExactTarget State of Indiana Partnership Overview November 21, 2006.

ExactTarget State of Indiana Partnership Overview November 21, 2006.
Phish your victims in 5 quick steps. Phish yourself today In less than 5 minutes What is Phish5? Phish5 is a Security Awareness service With Phish5, a.

Phish your victims in 5 quick steps. Phish yourself today In less than 5 minutes What is Phish5? Phish5 is a Security Awareness service With Phish5, a.
Account Integration for use with QuickBooks® and Salesforce by Dynamic Ventures, Inc.

Account Integration for use with QuickBooks® and Salesforce by Dynamic Ventures, Inc.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
End-to-End Methodology. Testing Phases  Reconnaissance  Mapping  Discovery  Exploitation  Repeat…  Report.

End-to-End Methodology. Testing Phases  Reconnaissance  Mapping  Discovery  Exploitation  Repeat…  Report.

Similar presentations

Ads by Google