Skip to content
This repository has been archived by the owner on Feb 26, 2021. It is now read-only.
/ scanner-infrastructure-ncrack Public archive

Part of the deprecated secureCodeBox v1, see secureCodeBox/secureCodeBox Repo for v2

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

secureCodeBox/scanner-infrastructure-ncrack

BranchesTags

Repository files navigation

title path category usecase release
Ncrack
scanner/Ncrack
scanner
Credential Scanner

Ncrack logo

"Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts. Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more. Protocols supported include SSH, RDP, FTP, Telnet, HTTP(S), Wordpress, POP3(S), IMAP, CVS, SMB, VNC, SIP, Redis, PostgreSQL, MQTT, MySQL, MSSQL, MongoDB, Cassandra, WinRM, OWA, and DICOM " https://nmap.org/ncrack/

About

This repository contains a self contained µService utilizing the Ncrack Credential scanner for the secureCodeBox project. To learn more about Ncrack itself visit [https://nmap.org/ncrack/].

Example

Example configuration:

[
    {
        "name": "ncrack",
        "context": "SSH Credential Scans",
        "target": {
            "name": "Local SSH",
            "location": "ssh://192.168.0.1",
            "attributes": {
                "NCRACK_PARAMTER": "--user root --pass 123456"
            }
        }
    }
]

Example Output:

{
    "findings": [
        {
            "name": "Credentials for Service ssh://192.168.0.1:22 discovered via bruteforce.",
            "description": "",
            "location": "ssh://192.168.0.1:22",
            "category": "Discovered Credentials",
            "severity": "HIGH",
            "osi_layer": "APPLICATION",
            "attributes": {
                "username": "root",
                "password": "123456",
                "ip_address": "192.168.0.1",
                "port": "22",
                "protocol": "tcp",
                "service": "ssh"
            }
        }
    ]
}

Development

Configuration Options

To configure this service specify the following environment variables:

Environment Variable Value Example
ENGINE_ADDRESS http://engine
ENGINE_BASIC_AUTH_USER username
ENGINE_BASIC_AUTH_PASSWORD 123456

Local setup

  1. Clone the repository
  2. Install the dependencies npm install
  3. Run locally npm start

Test

To run the testsuite run:

npm test

Build with docker

To build the docker container run: docker build -t CONTAINER_NAME:LABEL .

Build Status License Known Vulnerabilities GitHub release

About

Part of the deprecated secureCodeBox v1, see secureCodeBox/secureCodeBox Repo for v2

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Jan 22, 2020

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages