Saturday, January 27, 2024

Kunyu - More Efficient Corporate Asset Collection


0x00 Introduce

Tool introduction

Kunyu (kunyu), whose name is taken from , is actually a professional subject related to geographic information, which counts the geographic information of the sea, land, and sky. The same applies to cyberspace. The same is true for discovering unknown and fragile assets. It is more like a cyberspace map, which is used to comprehensively describe and display cyberspace assets, various elements of cyberspace and the relationship between elements, as well as cyberspace and real space. The mapping relationship. So I think "Kun Yu" still fits this concept.

Kunyu aims to make corporate asset collection more efficient and enable more security-related practitioners to understand and use cyberspace surveying and mapping technology.


Application scenario

For the use of kunyu, there can be many application scenarios, such as:

  • Forgotten and isolated assets in the enterprise are identified and added to security management.
  • Perform quick investigation and statistics on externally exposed assets of the enterprise.
  • Red and blue are used against related requirements, and batch inspections of captured IPs are performed.
  • Collect vulnerable assets in batches (0day/1day) for equipment and terminals within the impact.
  • Information on sites involved in new-type cybercrime cases is quickly collected and merged for more efficient research, judgment, and analysis.
  • Statistic and reproduce the fragile assets on the Internet that are affected by related vulnerabilities.

0x01 Install

Need Python3 or higher support

git clone https://github.com/knownsec/Kunyu.git
cd Kunyu
pip3 install -r requirements.txt

Linux:
python3 setup.py install
kunyu console

Windows:
cd kunyu
python3 console.py

PYPI:
pip3 install kunyu

P.S. Windows also supports python3 setup.py install.

0x02 Configuration instructions

When you run the program for the first time, you can initialize by entering the following command. Other login methods are provided. However, it is recommended to use the API method. Because the user name/password login requires an additional request, the API method is theoretically more efficient.

kunyu init --apikey <your zoomeye key> --seebug <your seebug key>



You need to log in with ZoomEye credentials before using this tool for information collection.

Visit address: https://www.zoomeye.org/

The output file path can be customized by the following command

kunyu init --output C:\Users\风起\kunyu\output



0x03 Tool instructions

Detailed command

kunyu console


 

ZoomEye

Encryption method interface HostCrash <IP> <Domain> Host Header Scan hidden assets Seebug <Query> Search Seebug vulnerability information set <Option> Set arguments values Pocsuite3 Invoke the pocsuite component ExportPath Returns the path of the output file clear Clear the console screen show Show can set options help Print Help info exit Exit KunYu & ">
Global commands:
info Print User info
SearchHost <query> Basic Host search
SearchWeb <query> Basic Web search
SearchIcon <File>/<URL> Icon Image search
SearchBatch <File> Batch search Host
SearchCert <Domain> SSL certificate Search
SearchDomain <Domain> Domain name associated/subdomain search
EncodeHash <encryption> <query> Encryption method interface
HostCrash <IP> <Domain> Host Header Scan hidden assets
Seebug <Query> Search Seebug vulnerability information
set <Option> Set arguments values
Pocsuite3 Invoke the pocsuite component
ExportPath Returns the path of the output file
clear Clear the console screen
show Show can set options
help Print Help info
exit Exit KunYu &

OPTIONS

ZoomEye:
page <Number> The number of pages returned by the query
dtype <0/1> Query associated domain name/subdomain name
btype <host/web> Set the API interface for batch query

Use case introduction

Here we use the ZoomEye module for demonstration

User information query


HOST host search


Web host search


Batch IP search


Icon Search

When collecting corporate assets, we can use this method to retrieve the same ico icon assets, which usually has a good effect when associating related corporate assets. But it should be noted that if some sites also use this ico icon, irrelevant assets may be associated (but people who are bored with other people's ico icons are always in the minority). Support url or local file search.



 

SSL certificate search

Query through the serial number of the SSL certificate, so that the associated assets are more accurate, and services that use the same certificate can be searched. When you encounter an https site, you can use this method.



Multi-factor query

Similarly, Kunyu also supports multi-factor conditional query related assets, which can be realized through ZoomEye logic operation syntax.


 

Feature Search

Through HTTP request packet features or website-related features, the same framework assets can be concatenated more accurately



Associated Domain/Subdomain Search

Search for associated domain names and subdomains, and query associated domain names by default. Two modes can be set by setting the dtype parameter.


 

Encoding hash calculation

In some scenarios, you can use this command to perform common HASH encryption/encoding, such as BASE64, MD5, mmh3, HEX encoding, and debug in this way.



Seebug vulnerability query

You can query historical related vulnerabilities by entering information about the framework and equipment you want to find, but you need to note that only English is supported, and improvements and upgrades will be made later.



Setting parameters

When set page = 2, the returned results are 40. You can modify the page parameter to set the number of pages to be queried. Note that 1 page = 20/items. You can modify the value according to your needs to get more returned results.

The configurable parameters and the current values of the parameters are displayed through show.


 


Pocsuite linkage

In versions after v1.3.1, you can use kunyu to link the console mode of pocsuite3 for integrated use.



HOSTS head collision

Through the HOSTS collision, the hidden assets in the intranet can be effectively collided, and the intranet service can be accessed according to the ServerName domain name and IP configured in the middleware httpf.conf. This can be achieved by setting the local hosts file later, because the local hosts file takes precedence. The level is higher than DNS server resolution. Support reverse check through ZoomEye domain name library or read TXT file to get the list of domain names.

HOSTS cross collision



Data result

All search results are saved in the user's root directory, and the directory is created based on the current timestamp. All query results of a single start are stored in an Excel format under one directory, giving a more intuitive experience. The output path can be returned through the ExportPath command.



0x04 Loading

​ In fact, there are still many ideas, but as an Alpha version, this is the case, and it will continue to be improved in the later period. I hope that Kunyu can be known to more security practitioners. Thank you for your support.

​ The tool framework has reference to Kunlun Mirror and Pocsuite3, which are all very good works.

​ Thanks to all the friends of KnownSec 404 Team.

" 看得清 " 是能力的体现,是 " 器 " ,而 " 看得见 " 就是思想的体现,那最后关联的是 " 道 "。

​ --SuperHei


0x05 Issue

1、Multi-factor search

ZoomEye search can use multi-factor search, dork:cisco +port:80 (note the space) can search all data that meet the conditions of cisco and port:80, if there is no space in between, it is the same search condition, it is that cisco is satisfied and the port is All data for 80. Kunyu's dork does not require quotation marks.

2、High-precision geographical location

ZoomEye gives privileged users high-precision geographic location data, but it should be noted that ordinary users do not have this function, so I hope you know.

3、Username/password login

If you use username/password as the initialization condition, the token will be valid for 12 hours. If you find that your search cannot return data, you may wish to info. If the session times out, the initialization command prompt will be returned. In most cases, we recommend that you use the API KEY method, there is no invalidation problem. This design is also for the security of your account and password. After all, the API KEY can be reset and the token will become invalid. However, with the account and password, it is possible to log in to your ZoomEye account.

4、Cert certificate search

It should be noted that, according to the normal logic, you need to encode the serial number of the target SSL certificate in hexadecimal to match the sentence search, but Kunyu only needs to provide the Domain address to search. The principle is to make a request to the target station to obtain the serial number and process it, but if your host cannot access the target that needs to be searched, it cannot be retrieved. At this time, you can also search with the sentence in the usual way.

5、Favicon icon search

ico icon search not only supports URL retrieval, but also supports local ico icon file search, which has better scalability and compatibility.

6、Query data save path

By default, your query data is in the Kunyu folder under the user directory. You can also use the ExportPath command to query the path in the console mode.

7、Autocomplete

Kunyu's auto-completion supports upper and lower case, command logging, etc., use Tab to complete, please refer to Metasploit for usage.

8. Regarding the error when using pip install kunyu

The following error was reported when using pip install kunyu: File "C:\Users\风起\AppData\Local\Programs\Python\Python37\Scripts\kunyu-script.py", line 1 SyntaxError: Non-UTF-8 code starting with'\xb7' in file C: \Users\风起\AppData\Local\Programs\Python\Python37\Scripts\kunyu-script.py on line 1, but no encoding declared; see http://python.org/dev/peps/pep-0263/ for details

solution: Modify the C:\Users\风起\AppData\Local\Programs\Python\Python37\Scripts\kunyu-script.py file and add # encoding: utf-8 at the beginning of the file.

Then save it and you can use it normally. The bug appears because there is a Chinese name in the user's directory path, which usually appears on windows.

9. Pocsuite3 module POC storage directory

When using the pocsuite3 module, if you want to add a new POC module, you can add a POC file in project directory/kunyu/pocs/.

10. Pocsuite3 module POC missing issue

When using the Pocsuite command linkage, if it is a packaged Kunyu version, the poc has been fixed. At this time, modifying the poc directory cannot add new modules. At this time, you can repackage it or use the project directory/kunyu /console.py Run kunyu to update the poc module in real time.


0x06 Contributions

风起@knownsec 404
wh0am1i@knownsec 404
fenix@knownsec 404
0x7F@knownsec 404


0x07 Community

If you have any questions, you can submit an issue under the project, or contact us through the following methods.

Scan the QR code to add the ZoomEye staff member WeChat, and remark Kunyu, which will draw everyone to the ZoomEye cyberspace surveying and mapping exchange group




More info


  1. Hack Apps
  2. Pentest Tools Find Subdomains
  3. Pentest Tools For Ubuntu
  4. Pentest Tools Online
  5. Pentest Tools Windows
  6. Pentest Tools For Ubuntu
  7. Pentest Tools
  8. Hacking Tools Pc
  9. How To Hack
  10. Hacker Search Tools
  11. Hack Tools 2019
  12. Hacker Tools Windows
  13. Pentest Tools Free
  14. Pentest Tools Apk
  15. Hacker Tools Free Download
  16. Hacking Tools Download
  17. Hack Tool Apk No Root
  18. Hacking Tools 2020
  19. Hacking Tools Windows 10
  20. What Are Hacking Tools
  21. Black Hat Hacker Tools
  22. Hacking Tools Software
  23. Pentest Tools Review
  24. Hack And Tools
  25. Computer Hacker
  26. Blackhat Hacker Tools
  27. New Hack Tools
  28. Hacker Tools For Windows
  29. Hackrf Tools
  30. Pentest Tools Download
  31. Pentest Tools For Mac
  32. Hacking Tools For Windows
  33. Hacker Tools For Windows
  34. Hacker Tools Hardware
  35. Pentest Tools List
  36. Hacking Apps
  37. Pentest Tools Find Subdomains
  38. Kik Hack Tools
  39. Hacking Tools For Windows
  40. Hacker Tools For Pc
  41. Underground Hacker Sites
  42. Hacker Tools Linux
  43. Best Pentesting Tools 2018
  44. Hacker Tools Free
  45. Hacker Tools
  46. Nsa Hacker Tools
  47. Hacking App
  48. Hacker Tools Github
  49. Hacking Tools For Games
  50. Hacker
  51. Hacking Tools For Pc
  52. Hacking Tools For Windows Free Download
  53. Pentest Tools Url Fuzzer
  54. Hacking Tools For Kali Linux
  55. Hacking Apps
  56. Tools Used For Hacking
  57. Hacking Tools Free Download
  58. Hacking Tools For Mac
  59. Hacker Hardware Tools
  60. Usb Pentest Tools
  61. Hacker Tools Software
  62. Hack Tools Download
  63. Hacking Tools Kit
  64. Hacker Tools Github
  65. Hack Tool Apk No Root
  66. Hack Apps
  67. Pentest Tools Android
  68. Hacking Tools Windows
  69. How To Make Hacking Tools
  70. Hacking Tools Github
  71. Hak5 Tools
  72. Best Pentesting Tools 2018
  73. Pentest Tools Kali Linux
  74. Termux Hacking Tools 2019
  75. Pentest Tools For Android
  76. Pentest Tools Free
  77. Pentest Tools Kali Linux
  78. Physical Pentest Tools
  79. Hak5 Tools
  80. Pentest Tools Open Source
  81. Pentest Tools Tcp Port Scanner
  82. Hack Tools For Ubuntu
  83. Hack Website Online Tool
  84. Pentest Tools Kali Linux
  85. Nsa Hack Tools
  86. Hacker Tools Mac
  87. Pentest Tools For Ubuntu
  88. Tools Used For Hacking
  89. Pentest Tools Subdomain
  90. Hacking Tools Free Download
  91. Nsa Hack Tools Download
  92. Hacking Tools And Software
  93. Hacker Tools
  94. How To Hack
  95. Top Pentest Tools
  96. Pentest Tools Review
  97. Nsa Hack Tools
  98. Hack Tools Mac
  99. Blackhat Hacker Tools
  100. Hacker Tools List
  101. Hackrf Tools
  102. Github Hacking Tools
  103. Hacker Tools 2019
  104. Hacker Tools
  105. Hacker Tools Apk
  106. Pentest Tools Download
  107. Hacker Tools Free
  108. Pentest Tools For Android
  109. Best Pentesting Tools 2018
  110. Pentest Tools Website
  111. Hacking Tools For Games
  112. Hack Tools Mac
  113. Hacker Tools Free
  114. Hacker Tools Online
  115. Hacker Tools For Windows
  116. Hack Website Online Tool
  117. Best Pentesting Tools 2018
  118. Hack Tools For Pc
  119. Pentest Tools Find Subdomains
  120. Pentest Tools Port Scanner
  121. Pentest Tools
  122. Hack Tools For Ubuntu
  123. Hackers Toolbox
  124. Hacking Tools For Games
  125. Tools For Hacker
  126. Hack Tools For Pc
  127. Hacker Tool Kit
  128. Hacker
  129. Hack Tools For Pc
  130. Hack Tools For Pc
  131. Black Hat Hacker Tools
  132. Top Pentest Tools
  133. Hak5 Tools
  134. Pentest Tools List
  135. Pentest Tools Open Source
  136. Hacker Tool Kit
  137. Pentest Tools Website
  138. Hack Tools
  139. Kik Hack Tools
  140. Hacking Tools Kit
  141. Game Hacking
  142. Hacker
  143. Beginner Hacker Tools

Networking | Switching And Routing | Tutorial 3 | 2018


Welcome to my 3rd new tutorial of networking (Routing and Switching). In this blog you will able to watch an interesting video about basic device navigation such as changing device (router or switch) name, configuration of login password, configuring a device information, router IP addresses and many more.

What is router?

Router is a network layer device which is the 3rd layer in the OSI model which is used to communicate different networks. It is an intelligent device fixed at the boundary of network that connects to other networks and responsible for end to end delivery of the packet that requires an IP address which is known as the logical address which is the basic identity of the device just like our identity card number or roll number and so on, for the identification of source and destination devices. Router is the gateway of the network having two interfaces such as inbound and the outbound interface through which the traffic comes in from different networks and comes out traffic to the different networks.

What is an IP address?

Internet protocol (IP) address is a numeric label given to each and every device in the network for the identification of the device just like our roll numbers in collages, universities which identity each and every student uniquely everywhere. So same concept here, it is a logical address which is used whenever the device want to communicate outside the network that means to another network.

What is Switch?

Switch is basically layer 2 device, which is used to connect two or more than two devices with each other in the same network. It is an intelligent device which doesn't allow the broadcast. It requires Media access control (MAC) address to communicate within the network. Now let's move to the video for further.


More articles

Top 15 Best Operating System Professional Hackers Use

Top 10 Best Operating System Professional Hackers Use

Top 15 Best Operating System Professional Hackers Use

Top 15 Best Operating System Professional Hackers Use

A hacker is someone who seeks and exploits the weaknesses of a computer system or network computing. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge, enjoyment or to assess these weaknesses to help in removing them.
The listed operating systems are based on the Linux kernel so it is all free operating systems.

1. Kali Linux

Kali Linux maintained and funded by Offensive Security Ltd. and it is first on our list. Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through rewriting BackTrack, its previous forensics Linux distribution based on Ubuntu. Kali Linux has a specific project for the withdrawal of compatibility and portability of Android-specific devices, called Kali Linux NetHunter. It is the first open test platform penetration Source for Nexus Android devices, created as a joint effort between the member of the Kali "BinkyBear" Security and offensive community. It supports Wireless 802.11 frame injection, one-click configurations MANA Evil access point, keyboard HID (Teensy as attacks), as well as attacks MITM USB Mala.

2. Back Box

Back Box is an evaluation penetration testing Linux distribution and Ubuntu-based security aimed at providing an analysis of computer network systems and toolkit. Desktop environment back box includes a complete set of tools needed for ethical hacking and security testing.

3. Parrot Security OS

Parrot Security OS is a GNU / Linux distribution based on Debian. Fue built in order to perform penetration tests (safety information), vulnerability assessment and mitigation, Computer Forensics and Anonymous Surfing. Ha been developed by the team of Frozen box.
Parrot is based on the stable branch (Jessie) of Debian, a Linux 4.1 kernel hardened customized with a branch grsecurity patched available. The desktop environment is MATE fork of Gnome 2, and the default display manager is LightDM. The project is certified to run on machines with 265MB of RAM minimum follow and it is suitable for both 32-bit (i386) and 64-bit (amd64), with a special edition that works on 32-bit machines of age (486). Moreover, the project is available for Armel and armhf architectures. It even offers an edition (both 32 bit and 64 bit) developed for servers only for pen testing cloud.

4. Live Hacking OS

Live Hacking OS is a Linux distribution packed with tools and utilities for ethical hacking, penetration testing, and countermeasure verification. It includes embedded GUI GNOME user. There is a second variation available which has only the command line and requires much fewer hardware requirements.

5. DEFT Linux

DEFT stands for Digital Evidence and Forensic Toolkit and it is a distribution of Linux open source software built around the DART (Toolkit for Advanced Response Digital) and is based on the Ubuntu operating system. It has been designed from scratch to offer some of the best computer forensics open source and incident response tools that can be used by individuals, IT auditors, investigators, military, and police.

6. Samurai Web Testing Framework

The Samurai Web Testing Framework is a live Linux environment which has been pre-configured to function as a web pen-testing environment. The CD contains the best of open source and free tools that focus on testing and websites that attack. In the development of this environment, it is based on our selection of tools that we use in our practice of security. Hence, it includes the tools that were used in the four steps of a pen-test web.

7. Network Security Toolkit

The Network Security Toolkit (NST) is a Live CD based on Linux that provides a set of security tools computing and open source network to carry out routine security tasks and diagnostic networks and tracing. The distribution can be used as an analysis of network security, validation and monitoring tool for servers hosting virtual machines. NST has management capabilities similar to Fedora packages and maintains its own repository of additional packages.

8. Bugtraq

Bugtraq is a mailing list dedicated to safety issues in computers. On-topic issues new discussions about vulnerabilities, security-related notices providers, operating methods, and how to fix them. This is a mailing list of large volume, and almost all new vulnerabilities are there. Bugtraq computer freaks and experienced developers are discussed, is available in Debian, Ubuntu and openSUSE 32 and 64-bit architectures.

9. NodeZero

NodeZero is an open source system based on the operating core derived from the most popular Linux distribution in the world, Ubuntu, and designed to be used for penetration testing operations. The distribution can be downloaded as an ISO image live DVD, which will also take place on computers that support both 32-bit (x86) and 64-bit (x86_64) instruction set. Besides the fact that it allows you to start the live system, start menu contains several advanced features such as the ability to perform a diagnostic test of system memory, boot from local disk options, start the installer directly and to start in safe graphics mode, text mode or in debug mode.
Default graphical desktop environment NodeZero is powered by GNOME, which uses the classic GNOME interface. It has a design of two panels and uses the default software repositories of Ubuntu.

10. Pentoo

Pentoo is a Live CD and Live USB OS designed for penetration testing and security assessment. It is based on Gentoo Linux, Pentoo is offered both as 32-bit and 64-bit live cd which is installable. Pentoo is also available as a superposition of an existing Gentoo installation. It has conductors packet injection patched wifi, GPGPU cracking software, and plenty of tools for penetration testing and security assessment. The kernel includes Pentoo grsecurity and PAX hardening and additional patches with the binary compiled from a string of hardened with the latest nightly versions of some tools that are available.

#11 Live Hacking OS

Well, this Linux distro actually comes with some useful hacking tools which are often used in penetration testing or ethical hacking purpose. Live Hacking OS consists of the GNOME inbuilt. The operating system is really easy to operate and it can work on less RAM.

#12 Knoppix STD

This is another best Linux distro which focuses on tools for computer security. Knoppix STD brings some advanced tools for Password cracking, Firewalls, Network Utilities, Honeypots, Wireless Networking and more. This is one of the most used operating systems for Hackers.

#13 Cyborg Hawk

Cyborg Hawk is a new operating system which is based on Ubuntu Linux. Well, lots of hackers talk about Cyborg hawk and its one of the most powerful and cutting-edge penetration testing distribution that has ever been created. The operating system houses more than 700 tools for different purposes.

#14 Blackbuntu

Well, this is another operating system which is based on Linux and it was specially developed for penetration testing. Well, the operating system is very famous amongst hackers and it offers an awesome platform to learn Information security.

#15 Weakerth4n

Well, this is another best operating system which is used by professional hackers. WeakerTh4n actually comes with lots of hacking tools and it's actually a modern operating system for WiFi Hacking. Some of the wireless tools include SQL Hacking, Password Cracking, WiFi attacks, Cisco exploitation and more.
Related posts