• Stars
    star
    500
  • Rank 88,178 (Top 2 %)
  • Language
    Python
  • License
    MIT License
  • Created over 7 years ago
  • Updated over 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

Vanquish – Get to Shell

Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged for a remote shell.

asciicast

Vanquish Features

So what is so special about Vanquish compared to other enumeration scripts?

  1. Multi-threaded – Runs multiple commands and scans multiple hosts simultaneously.
  2. Configurable – All commands are configured in a separate .ini file for ease of adjustment
  3. Multiphase – Optimized to run the fastest enumeration commands first in order to get actionable results as quickly as possible.
  4. Intelligent – Feeds the findings from one phase into the next in order to uncover deeper vulnerabilities.
  5. Modular – New attack plans and commands configurations can be easily built for fit for purpose enumeration orchestration.

Getting Started

Vanquish can be installed on Kali Linux using the following commands:

git clone https://github.com/frizb/Vanquish
cd Vanquish
python Vanquish2.py -install
vanquish --help

asciicast

Once Vanquish is installed you can scan hosts by leveraging the best of breed Kali Linux tools:

echo 192.168.126.133 >> test.txt
vanquish -hostFile test.txt -logging
echo review the results!
cd test
cd 192_168_126_133
ls -la

What Kali Tools does Vanquish leverage?

| NMap | Hydra | Nikto | Metasploit | | Gobuster | Dirb | Exploitdb | Nbtscan | | Ntpq | Enum4linux | Smbclient | Rpcclient | | Onesixtyone | Sslscan | Sslyze | Snmpwalk | | Ident-user-enum | Smtp-user-enum | Snmp-check | Cisco-torch | | Dnsrecon | Dig | Whatweb | Wafw00f | | Wpscan | Cewl | Curl | Mysql | Nmblookup | Searchsploit | | Nbtscan-unixwiz | Xprobe2 | Blindelephant | Showmount |

Running Vanquish

  • CTRL + C

    CTRL + C to exit an enumeration phase and skip to the next phase (helpful if a command is taking too long) Vanquish will skip running a command again if it sees that the output files already exist. If you want to re-execute a command, delete the output files (.txt,.xml,.nmap etc.) and run Vanquish again.

  • CTRL + Z

    CTRL + Z to exit Vanquish.

  • Resume Mode

    Vanquish will skip running a command again if it sees that the output files already exist.

  • Re-run an enumeration command

    If you want to re-execute a command, delete the output files (.txt,.xml,.nmap etc.) and run Vanquish again.

Commandline Arguments

Command Line Arguments
usage: vanquish [-h] [-install] [-outputFolder folder] [-configFile file]
                [-attackPlanFile file] [-hostFile file] [-workspace workspace]
                [-domain domain] [-dnsServer dnsServer] [-proxy proxy]
                [-reportFile report] [-noResume] [-noColor]
                [-threadPool threads] [-phase phase] [-noExploitSearch]
                [-benchmarking] [-logging] [-verbose] [-debug]

Vanquish is Kali Linux based Enumeration Orchestrator.

optional arguments:
  -h, --help            show this help message and exit
  -install              Install Vanquish and it's requirements
  -outputFolder folder  output folder path (default: name of the host file))
  -configFile file      configuration ini file (default: config.ini)
  -attackPlanFile file  attack plan ini file (default: attackplan.ini)
  -hostFile file        list of hosts to attack (default: hosts.txt)
  -workspace workspace  Metasploit workspace to import data into (default: is
                        the host filename)
  -domain domain        Domain to be used in DNS enumeration (default:
                        megacorpone.com)
  -dnsServer dnsServer  DNS server option to use with Nmap DNS enumeration.
                        Reveals the host names of each server (default: )
  -proxy proxy          Proxy server option to use with scanning tools that
                        support proxies. Should be in the format of ip:port
                        (default: )
  -reportFile report    filename used for the report (default: report.txt)
  -noResume             do not resume a previous session
  -noColor              do not display color
  -threadPool threads   Thread Pool Size (default: 8)
  -phase phase          only execute a specific phase
  -noExploitSearch      disable searchspolit exploit searching
  -benchmarking         enable bench mark reporting on the execution time of
                        commands(exports to benchmark.csv)
  -logging              enable verbose and debug data logging to files
  -verbose              display verbose details during the scan
  -debug                display debug details during the scan

Custom Attack Plans

GoBuster Max

GoBuster Max is an attack plan that will run all the web application content detection dictionaries against your targets.

Vanquish -hostFile test.txt -attackPlanFile ./attackplans/gobuster-max.ini -logging

asciicast

Hydra Credentials Scanner

We users love to reuse our passwords across multiple systems. As you explore a network and harvest usernames and passwords, its probably a good idea to check where else those username and passwords are also used. This attack plan will do exactly that for a single host or across an entire network. Attack plans will also leverage what has been learned about a network from previous scans and will automatically use the discovered services as part of the credential testing.

This attack will use a list of known credentials for a network and test them against all hosts and services that have been discovered. Store the credentials in a file in the root of your scan path and name it: credentials.txt

Ex. File containing host list: /root/Documents/Vanquish/myhosts.txt

/root/Documents/Vanquish/myhosts/credentials.txt

Store each known credential in username:password format in the text file Ex. credentials.txt

elvis:Password!
jamesdean:rockyou
justin:12345678

Note: this attack plan does NOT create the >> .txt file so it can be run again and again without havingto delete the output files. This allows new credentials to be added to the list and the network to be rescanned frequently.

python Vanquish2.py -hostFile hostlist.txt -attackPlanFile ./attackplans/credentials.ini

Hydra Usernames and Passwords List Scanner

This attack will use a list of known usernames and a list of known passwords for a network and test them against all hosts and services that have been discovered.

Store the usernames in a file in the root of your scan path and name it: usernames.txt Ex. File containing host list: /root/Documents/Vanquish/myhosts.txt

/root/Documents/Vanquish/myhosts/usernames.txt

Store the passwords in a file in the root of your scan path and name it: passwords.txt Ex. File containing host list: /root/Documents/Vanquish/myhosts.txt

/root/Documents/Vanquish/myhosts/passwords.txt

Store each username or password on a new line of the text file Ex. usernames.txt

elvis
jamesdean
justin

Passwords are stored in a similar manner in the passwords.txt file.

Note: this attack plan does NOT create the >> .txt file so it can be run again and again without having to delete the output files. This allows new credentials to be added to the list and the network to be rescanned frequently.

python Vanquish2.py -hostFile hostlist.txt -attackPlanFile ./attackplans/usernamespasswords.ini

More Repositories

1

Windows-Privilege-Escalation

Windows Privilege Escalation Techniques and Scripts
Batchfile
762
star
2

Hashcat-Cheatsheet

Hashcat Cheatsheet for OSCP
588
star
3

Hydra-Cheatsheet

Hydra Password Cracking Cheetsheet
365
star
4

Bypassing-Web-Application-Firewalls

A series of python scripts for generating weird character combinations for bypassing web application firewalls (WAF) and XSS blockers
Python
272
star
5

MSF-Venom-Cheatsheet

Single Page Cheatsheet for common MSF Venom One Liners
235
star
6

Linux-Privilege-Escalation

Tips and Tricks for Linux Priv Escalation
217
star
7

PasswordDecrypts

Handy Stored Password Decryption Techniques
128
star
8

FirmwareReverseEngineering

Notes and tools from my experiences reverse engineering firmware
Python
104
star
9

HackingWithCurl

A list of examples and references of hacking with Bash and the Curl command
50
star
10

WordListGen

Super Simple Python Word List Generator for Fuzzing and Brute Forcing in Python
Python
48
star
11

WindowsShells

Information Repository on Various Methods of getting shell access into a Windows machine
16
star
12

BloodHoundCustomQueries

List of Bloodhound Python Custom Queries which I have found to be handy on engagements
Python
16
star
13

Powershell-Cheatsheet

Hand list of Powershell commands frequently used during penetration tests
14
star
14

Active-Directory-Fun

Notes on Active Directory analysis and exploitation
11
star
15

WindowsMeterpreterSessionDied

Some exploits are unstable in nature and only allow for a very short shell command window. These scripts can help extend your remote shell session by quickly spawning a new reverse shell.
Batchfile
8
star
16

SQLMapExamples

A list of sample SQL Map Injection Commands
Python
7
star
17

Wordlust

Wordlust is a Password Base Wordlist for Hashcat Mutator Rules
7
star
18

Python_DES_Decryptor

A simple python script for decrypting DES that has been generated by a .NET application
Python
6
star
19

Directory-Traversal-Toolbox

A few handy scripts for pulling important files off remote machines using a directory traversal or local file include vulnerability.
Python
6
star
20

DirtyStringInjectOneLiner

A one liner dirty string with many common injection techniques
4
star
21

CTF-Walkthroughs

A collection of CTF Walkthroughs
4
star
22

OpenSSL-Enc-By-Example

Examples of how to use openssl-enc for symmetric cipher encryption and decryption
3
star
23

MouseJacking

MouseJacking on Kali Linux with CrazyRadio PA
3
star
24

SSH_Sample_Keys

A collection of Public and Private SSH keys for reference purposes
3
star
25

SiteMapMaker

Creates an HTML site map based on a specified base URL and a folder path. Handy for exploring for hidden content in Burp Suite if you have the application’s source code.
Python
2
star
26

MagicPing

Python 2.7 raw socket ICMP ping to send a embedded message or a magic ping to an endpoint
Python
2
star
27

KaliTroubleshooting

Handy Tricks for Troubleshooting Kali
2
star
28

XOR_MOAR

Simple Python Utilities Developed During CTF Events For XORing Data
Python
2
star
29

c2

C2
1
star
30

CLISerialFuzzer

Serial Connection CLI Command Jail Break Fuzzer
Python
1
star
31

VR-Industrial-Control-Room

Virtual Reality experience that transports people into an industrial control room environment.
ASP
1
star