portscan | A port scanner for SYN, ACK, XMAS and SYN+ACK scans |
oratool | Oracle wrapper for all related stuff |
winspdetect | Detect service pack using remote registry (LAME) |
nmapfp | Os detect with Nmap fingerprinting |
firetest | A firewall testing tool |
rainbowmd5 | Get the password for a MD5 hash using public rainbow tables |
mssqlcrack | Crack a MS SQL Server 7 or 2000 password |
tnscmd | Interact with an Oracle TNS Listener |
sniffer | A simple sniffer |
protoscan | An IP Protocol scanner |
rainbow | Get the password for a hash using rainbow tables |
xmlrpc | Interact with an XMLRPC server |
tcpscan | Simple TCP port scanner |
oracrack11g | Crack an Oracle 11g password |
appslli | Get information from Oracle E-Business Suite 11i |
nids | A simple network based Intrusion Detection System (IDS) |
osifuzz | Fuzzing interface for IP, ICMP and ARP protocols (Random) |
p0f | Inguma's p0f interface for OS detection. |
oratt70info | Gather information from Oracle Times Ten 70 |
oascheck | Check an Oracle App. Server for the most common vulnerable URLs. |
arppoison | Poison target's ARP cache |
identify | Identify services using discovered ports |
show gather
portscan -
A
portscanner that supports SYN scan, Syn/Ack, Syn/Fin, and any kind of
format supported by Scapy.
To specify a scan type with Inguma's portscanner,
use the scanType option. For additional information on types
of port scanning techniques, please consult the NMap
documentation.
Example Usage:inguma> target = "127.0.0.1"
inguma> portscan
Portscan results
----------------
Port 8000 is opened at 127.0.0.1
Port 8001 is opened at 127.0.0.1
Port 8002 is opened at 127.0.0.1
Port 8004 is opened at 127.0.0.1
Port 6666 is opened at 127.0.0.1
Port 6667/ircd is opened at 127.0.0.1
Port 111/sunrpc is opened at 127.0.0.1
Port 22/ssh is opened at 127.0.0.1
Port 7070 is opened at 127.0.0.1
inguma> target = "127.0.0.1"
inguma> scanType = "A"
inguma> portscan
inguma> target = 127.0.0.1"
inguma> scanType = "SAFRC"
inguma> portscan
oratool
-
Ora(cle)tool
is a module which serves to interact with an Oracle Database. Oratool
allows you to open a remote SQL terminal by supplying a valid hostname,
port, username and password and execute commands. This module
is
implemented in Inguma so that you do not need to install Oracle
SQL*Plus or any similar tools.Coming soon
winspdetect
-
A tool that
connects to the remote Windows registry and reads the o0perating system
and service pack keys.
Example Usage:
nmapfp
-
Performs
OS detection on a target with NMap fingerprinting. Please be
advised that this feature is currently very unreliable and may be
removed in future releases.
Example Usage:No
additional information as this module is currently too inaccurate.
firetest
-
Firetest
performs various security checks against a firewall: Syn/Fin scans, ACK
scans, XMAS scans and scans changing the source port, etc...
Example Usage:
rainbowmd5
-
The module connects to a
public database and executes a web query using the specified hash.
No additional
information as this module
is subject to removal in future releases. Please use
rainbow.
Example Usage:
mssqlcrack
-
A Python implementation of
the MS SQL Server 7 & 2000 password. It can hash any valid
Example Usage:
tnscmd
-
Tnscmd
is a module designed to interact with an Oracle TNS listener offering
many options. For example, in a preauthentication fashion you
can
gather the full database version. You can also get the full
banner of the database (with the processor architecture, database
version, operating system, etc.). Tnscmd also supports NV
strings
(not NV events). NV Strings are descriptors sent to an Oracle
TNS
listener to communicate with.
Example Usage:user@host:~/inguma$
pwd
/home/user/inguma
user@host:~/inguma$ python
Python 2.4.3 (#2, Oct 6 2006, 07:52:30)
[GCC 4.0.3 (Ubuntu 4.0.3-1ubuntu5)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from lib import libfuzz
>>> nvString="(CONNECT_DATA=(COMMAND=ping))"
>>> dir(libfuzz)
['TOKEN_TYPE_APPEND', 'TOKEN_TYPE_INJECT', 'TOKEN_TYPE_TOKEN',
'__builtins__', '__doc__', '__file__', '__name__', 'fuzzCallback',
'ignorechars', 'numbers', 'separators', 'sizes', 'strings', 'token2str',
'tokenizePacket']
>>> tokens = libfuzz.tokenizePacket(nvString)
>>> print tokens
['(', 'CONNECT', '_', 'DATA', '=', '(', 'COMMAND', '=', 'ping', ')',
')']
Every token will be replaced by
fuzzed strings to discover vulnerabilities in the Oracle
sniffer
-
A
simple but efficient text-based sniffer. It also "supports" an
ethereal like viewer called Scapereal. Scapereal is not
included
with the Inguma package and must be downloaded seperately.
Since sniffer is a
pretty full application in and of itself, we'll only cover the basic
operation. If you have ever worked with a packet sniffer this
should be nothing new to you.
Example Usage:inguma> sniffer
SNIFFER> iface eth0
Interface is: eth0
SNIFFER> run
Sniffing in iface eth0 ...
SNIFFER> packets nsummary
help
command from the SNIFFER>
prompt.
protoscan
-
An
IP protocol scanner. Workstations and desktops will only have support
for ICMP, IGMP, TCP and UDP while other servers (specially
routers) will have several other protocols enabled. You can enumerate
all supported IP protocols by using this tool.
Example Usage:
rainbow
-
The module connects to one
public website and executes a web query using the hash you specify.
Example Usage:inguma> hash =
"5f532a3fc4f1ea403f37070f59a7a53a"
inguma> rainbow
[+] Password: microsoft
xmlrpc
-
A module to interact with
XMLRPC servers. Not too much to say.
Example Usage:
tcpscan
-
Simple TCP port scanning
utility.inguma> target = "randomserverX.org"
inguma> tcpscan
Open ports
----------
Port 80/www is open
Port 7777 is open
Port 8080/webcache is open
Port 21/ftp is open
Port 9090 is open
oracrack11g
-
A
pure python brute forcer for Oracle 11g passwords. It tries to crack
the password by using Inguma's supplied dictionary and
encrypting all the passwords. Stay tuned for additional
information regarding this module.
Example Usage:
apps11i
-
The
apps11i module allows you to gather information regarding an Oracle
Financial instance (formerly Oracle E-Business Suite) version 11i (from
11.5.0 to 11.5.10.2). This module attempts to gather
information
such as the installation path, databse instance's name, host, port,
server dat and more. Please be advised this module works
against
11i instances but not any 12 releases.
nids
-
A
tool to check IDS signatures based on regexps. It may parse Snort rules.
No additional information as this module
is subject to removal in future releases.
osifuzz
-
A
fuzzer for IP, ICMP and ARP protocols. "Like shooting bats in the
dark", this module provides random fuzzing. Please be aware
that
you may find a bug from time to time specially in embeded devices.
Osifuzz also comes equipped with its own help command so
don't
hesitate to refer to it from the osifuzz>
prompt.Please be advised
that as of the 0.0.6 release, this module, while implemented, is not
currently completed.
p0f
-
Passive OS detection which
only checks incoming connections (SYN packets).
Example Usage:inguma> p0f
P0F> iface eth0
Interface is: eth0
P0F> run
Sniffing in iface eth0 ...
P0F: 192.168.11.3:56991 - Linux 2.6? (barebone, rare!)
-> ww.xx.yy.zz:https (distance 3)
This shows us when an
unknown OS is fingerprinted
P0F: ww.xx.yy.zz:47994 - UNKNOWN
[5840:45:1:60:M1412,S,T,N,W5:.:?:?] (up: 1 hrs)
-> 192.168.11.3:ssh
oratt70info
-
This
module tries to gather information from an Oracle TimesTen Server.
This module is still in its infant stages and does not
currently
offer many options. It has been added as it easily uncovers
many
flaws in what is currently a very buggy product. In the words
of
Joxean Koret, "TimesTen really sucks."
oascheck
-
Oascheck
is a module which checks for the most common Oracle Application Server
urls. This includes those most often susceptible to
exploitation.
It searches for misconfigured DADs, vulnerable applications,
documentation (banner, version, etc.) and many other things.
arppoison
-
Poison the target's ARP cache
Example Usage:Not currently supported in the 0.0.6
release
identify
-
Module which identifies active services on
a target based on previously discovered ports.
In order for this module to
function properly, you must specify a port.
Example Usage:inguma>
target = "randomserverX.org"
inguma> port = "80"
inguma> identify
Port 80 : Apache
inguma> port = "21"
inguma> identify
Port 21 : (vsFTPd 2.0.5)