Site hosted by Angelfire.com: Build your free website today!
logo
Gather Modules
    Gather modules are used to further existing information about a particular host or network.  Not only do Inguma's gather modules provide numerous reconnaissance tools but also ones which can be used for offline cracking.  For example, you can extract the password for an md5 has using rainbowmd5 or rainbow.

The following is a complete listing of gather modules.  Please note that as of the 0.0.6 release, not all modules are implemented.
portscan A port scanner for SYN, ACK, XMAS and SYN+ACK scans
oratool Oracle wrapper for all related stuff
winspdetect Detect service pack using remote registry (LAME)
nmapfp Os detect with Nmap fingerprinting
firetest A firewall testing tool
rainbowmd5 Get the password for a MD5 hash using public rainbow tables
mssqlcrack Crack a MS SQL Server 7 or 2000 password
tnscmd Interact with an Oracle TNS Listener
sniffer A simple sniffer
protoscan An IP Protocol scanner
rainbow Get the password for a hash using rainbow tables
xmlrpc Interact with an XMLRPC server
tcpscan Simple TCP port scanner
oracrack11g Crack an Oracle 11g password
appslli Get information from Oracle E-Business Suite 11i
nids A simple network based Intrusion Detection System (IDS)
osifuzz Fuzzing interface for IP, ICMP and ARP protocols (Random)
p0f Inguma's p0f interface for OS detection.
oratt70info Gather information from Oracle Times Ten 70
oascheck Check an Oracle App. Server for the most common vulnerable URLs.
arppoison Poison target's ARP cache
identify Identify services using discovered ports
Please note that at any time these modules can be displayed from the Inguma prompt by using show gather

Gather Module Usage
portscan - A portscanner that supports SYN scan, Syn/Ack, Syn/Fin, and any kind of format supported by Scapy.  To specify a scan type with Inguma's portscanner, use the scanType option.  For additional information on types of port scanning techniques, please consult the NMap documentation.  

Example Usage:

Default Scan

inguma> target = "127.0.0.1"
inguma> portscan

Portscan results
----------------
Port 8000 is opened at 127.0.0.1
Port 8001 is opened at 127.0.0.1
Port 8002 is opened at 127.0.0.1
Port 8004 is opened at 127.0.0.1
Port 6666 is opened at 127.0.0.1
Port 6667/ircd is opened at 127.0.0.1
Port 111/sunrpc is opened at 127.0.0.1
Port 22/ssh is opened at 127.0.0.1
Port 7070 is opened at 127.0.0.1

ACK Scan

inguma> target = "127.0.0.1"
inguma> scanType = "A"
inguma> portscan

XMAS Scan

inguma> target = 127.0.0.1"
inguma> scanType = "SAFRC"
inguma> portscan

oratool - Ora(cle)tool is a module which serves to interact with an Oracle Database. Oratool allows you to open a remote SQL terminal by supplying a valid hostname, port, username and password and execute commands.  This module is implemented in Inguma so that you do not need to install Oracle SQL*Plus or any similar tools.
Example Usage:
Coming soon

winspdetect - A tool that connects to the remote Windows registry and reads the o0perating system and service pack keys.
Example Usage:

nmapfp - Performs OS detection on a target with NMap fingerprinting.  Please be advised that this feature is currently very unreliable and may be removed in future releases.
Example Usage:
No additional information as this module is currently too inaccurate.

firetest - Firetest performs various security checks against a firewall: Syn/Fin scans, ACK scans, XMAS scans and scans changing the source port, etc...
Example Usage:

rainbowmd5 - The module connects to a public database and executes a web query using the specified hash.  No additional information as this module is subject to removal in future releases.  Please use rainbow.
Example Usage:

mssqlcrack - A Python implementation of the MS SQL Server 7 & 2000 password. It can hash any valid
MS SQL Server 7 & 2000 passwords.
Example Usage:

tnscmd - Tnscmd is a module designed to interact with an Oracle TNS listener offering many options.  For example, in a preauthentication fashion you can gather the full database version.  You can also get the full banner of the database (with the processor architecture, database version, operating system, etc.).  Tnscmd also supports NV strings (not NV events).  NV Strings are descriptors sent to an Oracle TNS listener to communicate with.
Example Usage:
For example, the following NV string is used to ping the TNS listener:

(CONNECT_DATA=(COMMAND=ping))

user@host:~/inguma$ pwd
/home/user/inguma
user@host:~/inguma$ python
Python 2.4.3 (#2, Oct  6 2006, 07:52:30)
[GCC 4.0.3 (Ubuntu 4.0.3-1ubuntu5)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from lib import libfuzz
>>> nvString="(CONNECT_DATA=(COMMAND=ping))"
>>> dir(libfuzz)
['TOKEN_TYPE_APPEND', 'TOKEN_TYPE_INJECT', 'TOKEN_TYPE_TOKEN',
'__builtins__', '__doc__', '__file__', '__name__', 'fuzzCallback',
'ignorechars', 'numbers', 'separators', 'sizes', 'strings', 'token2str',
'tokenizePacket']
>>> tokens = libfuzz.tokenizePacket(nvString)
>>> print tokens
['(', 'CONNECT', '_', 'DATA', '=', '(', 'COMMAND', '=', 'ping', ')',
')']

Every token will be replaced by fuzzed strings to discover vulnerabilities in the Oracle
NV strings processor.  If you try to fuzz that NV string against an Oracle 8i, the TNS
listener you found will die miserably in almost seconds.

sniffer - A simple but efficient text-based sniffer. It also "supports" an ethereal like viewer called Scapereal.  Scapereal is not included with the Inguma package and must be downloaded seperately.  Since sniffer is a pretty full application in and of itself, we'll only cover the basic operation.  If you have ever worked with a packet sniffer this should be nothing new to you.
Example Usage:
inguma> sniffer
SNIFFER> iface eth0
Interface is: eth0
SNIFFER> run
Sniffing in iface eth0 ...
(...)
You will notice the verbose output is dumped in real-time.
Sniffing can be halted by issuing a ctrl+c
(...)
SNIFFER> packets nsummary
As you can see, the output is somewhat similar to other tcpdumps.  For additional options, use the help command from the SNIFFER> prompt.

protoscan - An IP protocol scanner. Workstations and desktops will only have support for ICMP, IGMP,  TCP and UDP while other servers (specially routers) will have several other protocols enabled. You can enumerate all supported IP protocols by using this tool.
Example Usage:

rainbow - The module connects to one public website and executes a web query using the hash you specify.  
Example Usage:
inguma> hash = "5f532a3fc4f1ea403f37070f59a7a53a"
inguma> rainbow
[+] Password: microsoft

xmlrpc - A module to interact with XMLRPC servers. Not too much to say.
Example Usage:

tcpscan - Simple TCP port scanning utility.
Example Usage:
inguma> target = "randomserverX.org"
inguma> tcpscan

Open ports
----------
Port 80/www is open
Port 7777 is open
Port 8080/webcache is open
Port 21/ftp is open
Port 9090 is open

oracrack11g - A pure python brute forcer for Oracle 11g passwords. It tries to crack the password by  using Inguma's supplied dictionary and encrypting all the passwords.  Stay tuned for additional information regarding this module.
Example Usage:

apps11i - The apps11i module allows you to gather information regarding an Oracle Financial instance (formerly Oracle E-Business Suite) version 11i (from 11.5.0 to 11.5.10.2).  This module attempts to gather information such as the installation path, databse instance's name, host, port, server dat and more.  Please be advised this module works against 11i instances but not any 12 releases.
Example Usage:

nids - A tool to check IDS signatures based on regexps. It may parse Snort rules.  No additional information as this module is subject to removal in future releases.
Example Usage:

osifuzz - A fuzzer for IP, ICMP and ARP protocols. "Like shooting bats in the dark", this module provides random fuzzing.  Please be aware that you may find a bug from time to time specially in embeded devices.  Osifuzz also comes equipped with its own help command so don't hesitate to refer to it from the osifuzz> prompt.
Example Usage:
Please be advised that as of the 0.0.6 release, this module, while implemented, is not currently completed.

p0f - Passive OS detection which only checks incoming connections (SYN packets).
Example Usage:
inguma> p0f
P0F> iface eth0
Interface is: eth0
P0F> run
Sniffing in iface eth0 ...
P0F: 192.168.11.3:56991 - Linux 2.6? (barebone, rare!)
  -> ww.xx.yy.zz:https (distance 3)

This shows us when an unknown OS is fingerprinted
P0F: ww.xx.yy.zz:47994 - UNKNOWN [5840:45:1:60:M1412,S,T,N,W5:.:?:?] (up: 1 hrs)
  -> 192.168.11.3:ssh

oratt70info - This module tries to gather information from an Oracle TimesTen Server.  This module is still in its infant stages and does not currently offer many options.  It has been added as it easily uncovers many flaws in what is currently a very buggy product.  In the words of Joxean Koret, "TimesTen really sucks."
Example Usage:

oascheck - Oascheck is a module which checks for the most common Oracle Application Server urls.  This includes those most often susceptible to exploitation.  It searches for misconfigured DADs, vulnerable applications, documentation (banner, version, etc.) and many other things.
Example Usage:

arppoison - Poison the target's ARP cache
Example Usage:
Not currently supported in the 0.0.6 release

identify - Module which identifies active services on a target based on previously discovered ports.  In order for this module to function properly, you must specify a port.
Example Usage:
inguma> target = "randomserverX.org"
inguma> port = "80"
inguma> identify
Port 80 :  Apache
inguma> port = "21"
inguma> identify
Port 21 : (vsFTPd 2.0.5)
~Wiki Quick Links
Discovery Modules - Gather Modules - Fuzzing Modules - Brute Force Modules - Exploits
Inguma Documentation Home
Questions and comments regarding application development and collaboration should be directed to joxeankoret[AT]yahoo[DOT]es
Comments and input regarding documentation should be directed to Andrew.Brooks85[AT]gmail[DOT]com