Darkjumper
Jump to navigation
Jump to search
Description
Darkjumper.py has been developed by mywisdom & gunslinger_. This tool will try to find every website that is hosted at the same server at your target and will check for every vulnerability of the discovered websites. Some probed vulnerabilities:
- injections: sqli, blind sqli, lfi, rfi, rce
- cgidirs
- user enumeration
- portscan
- headerinfo
- daemoninfo
- admin paths discovery
- hex and base64 converter
- ip checker
- ftp anonymous account checker
Installation
You first need to install Python:
$ sudo apt-get install python
Then, just download and uncompress darkjumper:
$ cd /data/src/ $ wget http://ignum.dl.sourceforge.net/project/darkjumper/darkjumper.v5.7.tar.gz $ tar xzvf darkjumper.v5.7.tar.gz
Usage
Basic syntax
$ ./darkjumper.py -t <target> -m <options>
Options
- reverseonly
- Only reverse target no checking bug
- injection
- Checking for sqli and blind sqli on every web that host at the same target server
- inclusion
- Checking for lfi, rfi, rce on every web that host at the same target server
- full
- Checking for sqli, blind sqli, lfi, rfi, rce on every web that host at the same target server
- cgidirs
- Scanning cgidirs on the target server
- enum [number]
- Guessing possible user enumeration on server (4-8 chars user enumeration)
- portscan [startport]-[endport]
- Scanning open port at your target
- headerinfo
- Show http header info at your target (grabing banner host target)
- daemoninfo
- Show what's running daemon at your target
- scanadminpath
- Scanning disclosure admin path at your target
- converter
- Simple data encoder to hex & base64 (usefull for injection)
- checkip
- Use IP or proxy checker (Usefull for checking your ip or proxy)
- ftpanon
- Checking target for anonymous file transfer protocol (ftp) access
Log files
When running darkjumper, it generates log files:
- cgifuzzer.log: list of probed URLs with HTTP status codes
- darkjumper.log: sum-up of the scan
- reverse.txt: list of discovered domains/sites
Example
Following command:
$ ./darkjumper.py -t foo.bar.com -m full
Generates some logs:
- darkjumper.log
################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ \ _ \ __| _/____ # # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ # # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ # # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ # # \/ \/ \/ # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ \ \/ \/ / # # \ \___| | \/\ ___/\ / # # \___ >__| \___ >\/\_/ # # est.2007 \/ \/ forum.darkc0de.com # ################################################################ Darkjumper.py version 5.7 Developed by : mywisdom & gunslinger_ Date version release : Wednesday, 24 Feb 2010 $ 9:13 PM Dedicated to darkc0de.com, devilzc0de.org,jatimcrew.org,flash-crew.com, jasakom.com, h4cky0u.org and 0c0de.com [+] Target set :foo.bar.com [+] Trying reverse your target's ip... [+] please wait... ---------------------------------------- [+] Starting Full Scan to find vulnerabilities on website(s) at the same server as foo.bar.com [+] Total Scanning Thread : 1 [+] Total Target(s) to scan on this server : 12 [+] Working please wait ----------------------------------------
- reverse.txt
It has discovered some sites:
- cgifuzzer.log
And also some interesting URLs:
