Merge pull request #4 from 01rabbit/ver1.0.2

Ver1.0.2

.config

@@ -1,20 +1,20 @@
 # Version
-VERSION="1.0.1"
+VERSION="1.0.2"
 
 # My HostIP
-MYIP="192.168.171.190"
+MYIP="127.0.0.1"
 
 # Working Directory
 WDIR="/root/demo"
 
 # AutoRecon.py
-AUTORECON="python3 /usr/share/pakuri/plugins/AutoRecon/autorecon.py"
+AUTORECON="python3 /usr/share/PAKURI/plugins/AutoRecon/autorecon.py"
 
 # PAKURI
-INSTALL_DIR="/usr/share/pakuri"
-PLUGINS="/usr/share/pakuri/plugins"
-DOCUMENTS="/usr/share/pakuri/documents"
-MODULES="/usr/share/pakuri/modules"
+INSTALL_DIR="/usr/share/PAKURI"
+PLUGINS="/usr/share/PAKURI/plugins"
+DOCUMENTS="/usr/share/PAKURI/documents"
+MODULES="/usr/share/PAKURI/modules"
 SCRIPT_DIR=$(cd $(dirname $0); pwd)
 TARGETS="targets.txt"
 

README.md

@@ -1,73 +1,208 @@
+# PAKURI
+
 ![logo](https://user-images.githubusercontent.com/16553787/70399114-c4db9c80-1a64-11ea-8d8e-5cf2f4f43ee0.png)
 
 ---
+
 ## What's PAKURI
+
 I have imitated the good points of many tools.  In Japanese, imitating is called “Pakuru”.
->> ぱくる (godan conjugation, hiragana and katakana パクる, rōmaji pakuru)
->> 1. eat with a wide open mouth  
->> 2. steal when one isn't looking, snatch, swipe  
->> 3. copy someone's idea or design  
->> 4. nab, be caught by the police  
->> 
->> [Wiktionary:ぱくる](https://en.wiktionary.org/wiki/%E3%81%B1%E3%81%8F%E3%82%8B "ぱくる")
+> ぱくる (godan conjugation, hiragana and katakana パクる, rōmaji pakuru)
+>
+> 1. eat with a wide open mouth
+> 2. steal when one isn't looking, snatch, swipe  
+> 3. copy someone's idea or design  
+> 4. nab, be caught by the police  
+>
+> [Wiktionary:ぱくる](https://en.wiktionary.org/wiki/%E3%81%B1%E3%81%8F%E3%82%8B "ぱくる")
+
 ## Description
-Pentesters love to move their hands. However, I do not like troublesome work. Simple work is performed semi-automatically with simple operations. PAKURI executes commands frequently used in penetration tests by simply operating the numeric keypad. You can test penetration as if you were playing a fighting game.
+
+Sometimes, the penetration testers love to perform a complicated job. However, I always prefer the easy way. PAKURI is an semi-automated user-friendly penetration testing tool framework. You can run the popular pentest tools using only the numeric keypad, just like a game. It is also a good entry tool for the beginners. They can use PAKURI to learn the flow to the penetration testing without struggling with a confusing command line/tools.
+
+---
 
 ## Presentation
+
 * November 2nd,2019: [AV TOKYO 2018 Hive](http://ja.avtokyo.org/avtokyo2019/event)
+* December 21-22th,2019: [SECCON YOROZU 2019](https://www.seccon.jp/2019/akihabara/)
 
-## Abilities of "PAKURI".
-- Intelligence gathering.
-- Vulnerability analysis.
-- Visualize.
-- Brute Force Attack.
-- Exploitation.
+---
+
+## Abilities of "PAKURI"
+
+* Intelligence gathering.
+* Vulnerability analysis.
+* Visualize.
+* Brute Force Attack.
+* Exploitation.
+
+---
+
+## Your benefits
 
-## Your benefits.
 By using our PAKURI, you will benefit from the following.  
 
 For redteam:  
-  (a) This saves you the trouble of entering frequently used commands.  
-  (b) Beginner pentester can learn the floe of attacks using PAKURI.
+  (a) Red Teams can easily perform operations such as information enumeration and vulnerability scanning.  
+  (b) Visualizing the survey results is possible only with the numeric keypad.
 
 For blueteam:  
-  (c) Attack packets can be generated with a simple operation.  
+  (c) The Blue Team can experience a dummy attack by simply operating the numeric keypad even they do not have any penetration testing skill.  
+
+For beginner:  
+  (d) PAKURI has been created to support the early stages of penetration testing. These can be achieved with what is included in Kali-Tools. It can be useful for training the entry level pentesters.
 
-**NOTE**  
-If you are interested, please use them in an environment **under your control and at your own risk**. And, if you execute the PAKURI on systems that are not under your control, it may be considered an attack and you may have legally liabillity for your action.
+|**NOTE**  |
+|:----------------|
+|If you are interested, please use them in an environment **under your control and at your own risk**. And, if you execute the PAKURI on systems that are not under your control, it may be considered an attack and you may have legally liabillity for your action.|
 
+---
 
 ## Features
-- Scan
-  - [Nmap](https://tools.kali.org/information-gathering/nmap)
-  - [AutoRecon](https://github.com/Tib3rius/AutoRecon.git)
-  - [OpenVAS](https://tools.kali.org/vulnerability-analysis/openvas)
-- Exploit
-  - [BruteSpray](https://tools.kali.org/password-attacks/brutespray)
-  - [Metasploit](https://tools.kali.org/exploitation-tools/metasploit-framework)
-- Visualize
-  - [Faraday](https://github.com/infobyte/faraday.git)
-- CUI-GUI switching
+
+* Scan
+  * [Nmap](https://tools.kali.org/information-gathering/nmap)
+  * [OpenVAS](https://tools.kali.org/vulnerability-analysis/openvas)
+  * [AutoRecon](https://github.com/Tib3rius/AutoRecon.git)
+
+* Exploit
+  * [BruteSpray](https://tools.kali.org/password-attacks/brutespray)
+  * [Metasploit](https://tools.kali.org/exploitation-tools/metasploit-framework)
+* Visualize
+  * [Faraday](https://github.com/infobyte/faraday.git)
+* CUI-GUI switching
+  * PAKURI can be operated with CUI and does not require a high-spec machine, so it can be operated with Raspberry Pi.
+
+---
 
 ## Install
-`bash install.sh`  
+
+1. Update your apt and install git:  
+
+    ```shell
+    root@kali:~# apt update
+    root@kali:~# apt install git
+    ```
+
+2. Download the PAKURI installer from the PAKURI Github repository:
+
+    ```shell
+    root@kali:~# git clone https://github.com/01rabbit/PAKURI.git
+    ```
+
+3. CD into the PAKURI folder and run the install script:
+
+    ```shell
+    root@kali:~# cd PAKURI  
+    root@kali:~/PAKURI# bash install.sh
+    ```
+
+---
+
 ## Usage
-`root@kali:/usr/share/pakuri# ./pakuri.sh`
-### Main
-![main](https://user-images.githubusercontent.com/16553787/70429943-08fa8b80-1abd-11ea-8729-659262982bb3.png)
+
+1. Check the OpenVAS admin user and password set them in the .config file:
+
+    ```shell
+    root@kali:~# vim /usr/share/PAKURI/.config
+    ...snip...
+
+    # OpenVAS
+    OMPUSER="admin"
+    OMPPASS="admin"
+    ```
+
+2. Start Faraday-Server and set workspace:
+
+    ```shell
+    root@kali:~# systemctl start faraday-server.service  
+    root@kali:~# firefox localhost:5985
+    ```
+
+3. Set Workspace in the .config file.
+
+    ```shell
+    root@kali:~# vim /usr/share/PAKURI/.config
+    ...snip...
+
+    # Faraday
+    WORKSPACE="test_workspace"
+    ```
+
+4. CD into the PAKURI folder:
+
+    ```shell
+    root@kali:~# cd /usr/share/PAKURI
+    ```
+
+5. Start PAKURI:
+
+    ```shell
+    root@kali:/usr/share/PAKURI# ./pakuri.sh
+
+    ██████╗   █████╗    ██╗  ██╗   ██╗   ██╗   ██████╗    ██╗
+    ██╔══██╗ ██╔══██╗   ██║ ██╔╝   ██║   ██║   ██╔══██╗   ██║
+    ██████╔╝ ███████║   █████╔╝    ██║   ██║   ██████╔╝   ██║
+    ██╔═══╝  ██╔══██║   ██╔═██╗    ██║   ██║   ██╔══██╗   ██║
+    ██║   ██╗██║  ██║██╗██║  ██╗██╗╚██████╔╝██╗██║  ██║██╗██║
+    ╚═╝   ╚═╝╚═╝  ╚═╝╚═╝╚═╝  ╚═╝╚═╝ ╚═════╝ ╚═╝╚═╝  ╚═╝╚═╝╚═╝
+
+    - Penetration Test Achive Knowledge Unite Rapid Interface -
+                        inspired by CDI
+
+                                                        v1.0.2
+                                           Author  : Mr.Rabbit
+
+    Sun 29 Dec 2019 22:25:07 PM EST
+    Working Directory : /root/demo
+    ---------------------- Main Menu -----------------------
+    +---+
+    | 1 | Scanning
+    +---+
+    +---+
+    | 2 | Exploit
+    +---+
+    +---+
+    | 3 | Config
+    +---+
+    +---+
+    | 4 | Assist
+    +---+
+    +---+
+    | 9 | Back
+    +---+
+    ```
+
+PAKURI is not fully automated and requires the user interactions, to make sure to proceed the pentest and to avoid any unintended attack or trouble.
+
 ### Scanning
-![scanning](https://user-images.githubusercontent.com/16553787/70430090-570f8f00-1abd-11ea-956e-656d24b5e2f4.png)
+
+![scanning](https://user-images.githubusercontent.com/16553787/71568958-dc132480-2b0e-11ea-97b0-13989b045ce2.png)
+
 ### Exploit
-![exploit](https://user-images.githubusercontent.com/16553787/70430110-668ed800-1abd-11ea-8df5-051b2bcebd90.png)
+
+![exploit](https://user-images.githubusercontent.com/16553787/71568975-0238c480-2b0f-11ea-9092-010b78e34bd1.png)
+
 ### Config
-![config](https://user-images.githubusercontent.com/16553787/70430127-71496d00-1abd-11ea-8801-8d45383d6ee6.png)
-### Command
-![usage1](https://user-images.githubusercontent.com/16553787/70429539-1a8f6380-1abc-11ea-992f-9bb1e57fc8bf.png)
-![usage2](https://user-images.githubusercontent.com/16553787/70429582-2d099d00-1abc-11ea-8ae8-2ea2c75b9a8b.png)
+
+![config](https://user-images.githubusercontent.com/16553787/71568995-1ed4fc80-2b0f-11ea-9afe-315a055b8a76.png)
+
+By operating the numeric keypad, it is possible to scan the network, scan for vulnerabilities, and perform simple pseudo attacks.
+
+---
 
 ## Operation check environment
-- OS: KAli Linux 2019.4
-- Memory: 8.0GB
 
+* OS: KAli Linux 2019.4
+* Memory: 8.0GB
+
+## Known Issues
+
+This is intended for use Kali Linux. Operation on other OS is not guaranteed.
+
+---
+
+## Support
 
-**This tool is not yet complete. It will be updated sequentially.**
+Feature request / bug reports: <https://github.com/01rabbit/PAKURI/issues>

documents/learn_omp.txt

@@ -0,0 +1,65 @@
+Vulnerability Scan
+-------------------------------------------------------
+The entire control of the GSM appliance is done via the OpenVAS Management Protocol (OMP). The web interface is an OMP client as well and accesses the GSM functions via OMP.
+
+Create Targets
+Commands:
+
+    omp -X '<create_target><name>[TARGET_NAME]</name><hosts>[Target hosts]</hosts></create_target>' -u [OMPUSER] -w [OMPPASS]
+
+Options:
+    -u: OMP username
+    -w :OMP password
+
+Create Task
+Commands:
+
+    omp -C -c daba56c8-73ec-11df-a475-002264764cea --name [TASK_NAME] --target [TARGET_ID] -u [OMPUSER] -w [OMPPASS]
+
+Options:
+    -C: Create a task.
+    -c: Config for create-task.
+
+        configs:
+        8715c877-47a0-438d-98a3-27c7a6ab2196  Discovery
+        085569ce-73ed-11df-83c3-002264764cea  empty
+        daba56c8-73ec-11df-a475-002264764cea  Full and fast
+        698f691e-7489-11df-9d8c-002264764cea  Full and fast ultimate
+        708f25c4-7489-11df-8094-002264764cea  Full and very deep
+        74db13d6-7489-11df-91b9-002264764cea  Full and very deep ultimate
+        2d3f051c-55ba-11e3-bf43-406186ea4fc5  Host Discovery
+        bbca7412-a950-11e3-9109-406186ea4fc5  System Discovery
+
+    --name: name for create-task.
+    --target: target for create-task.
+
+Start task
+Commands:
+
+    omp -S [TASK_ID] -u [OMPUSER] -w [OMPPASS]
+
+Options:
+    -S: Start one or more tasks.
+
+Report
+Commands:
+
+    omp --get-report [REPORT_ID] --format c402cc3e-b531-11e1-9163-406186ea4fc5 -u [OMPUSER] -w [OMPPASS] > [report].pdf
+
+Options:
+    --get-report: Report-ID for output. 
+    --format: report-formats
+        910200ca-dc05-11e1-954f-406186ea4fc5  ARF
+        5ceff8ba-1f62-11e1-ab9f-406186ea4fc5  CPE
+        9087b18c-626c-11e3-8892-406186ea4fc5  CSV Hosts
+        c1645568-627a-11e3-a660-406186ea4fc5  CSV Results
+        35ba7077-dc85-42ef-87c9-b0eda7e903b6  GSR PDF
+        ebbc7f34-8ae5-11e1-b07b-001f29eadec8  GXR PDF
+        6c248850-1f62-11e1-b082-406186ea4fc5  HTML
+        77bd6c4a-1f62-11e1-abf0-406186ea4fc5  ITG
+        a684c02c-b531-11e1-bdc2-406186ea4fc5  LaTeX
+        9ca6fe72-1f62-11e1-9e7c-406186ea4fc5  NBE
+        c402cc3e-b531-11e1-9163-406186ea4fc5  PDF
+        9e5e5deb-879e-4ecc-8be6-a71cd0875cdd  Topology SVG
+        a3810a62-1f62-11e1-9219-406186ea4fc5  TXT
+        a994b278-1f62-11e1-96ac-406186ea4fc5  XML