• We just launched and are currently in beta. Join us as we build and grow the community.

autoenum – A Automate Enumeration Tool For CTF Challenges

aLEX123

Game Exploiter
A
A Rep
0
0
0
Rep
0
A Vouches
0
0
0
Vouches
0
Posts
86
Likes
31
Bits
0
1 MONTH
1 1 MONTH OF SERVICE
LEVEL 1 600 XP
Black-and-Blue-Modern-Business-Take-Two-Medical-Presentation.png


If you are a CTF player or bug bounty hunter then you will know about enumeration how important it is and we waste our time executing commands, But in this tutorial we will talk about a tool that will save our time by executing the command automatically and will give us the result. It will automatically detect web applications’ service, vulnerabilities, hidden directories as well as their exploits, which we can use to take advantage of them. The tool is named “autoenum” which is available on Github.

Requirements
Kali Linux

Lets take a look 🙂 !!

Installation

First we will download it from the github page and install on our terminal. Then we will go to the directory and give some important permission of this tool.

git clone https://github.com/thatonetester/autoenum.git
cd autoenum
chmod +x autoenum.sh123git clone
https://github.com/thatonetester/autoenum.gitcd autoenumchmod+xautoenum.sh

1-22.png


All thing is complete ! we can start this tool using the bash command. After start the tool the “autoenum” will apear on terminal in which we can use the help command to see the features of this tool.

bash autoenum.sh1bash autoenum.sh

2-26.png


First we have to enter the IP address of the target machine that we want to enumerate. Keep in mind we have to give only the IP address.

3-21.png

Aggressive Scan

Now we can enumerate the services one by one. First we will use this aggressive scan feature.

4-21.png


As you can see it has given details of open ports and their versions.

5-21.png


Without execute the more command it will automatically find the NSE vulnerable script for open ports.

6-20.png

Aggressive Scan and Vulnerability

Now it is time to find the vulnerability on the host machine, for this we will use the following command. It will take some time but we will get complete information about the target machine.

7-16.png

Results – Ports Scan with Version

Always first it will enumerate the services because some time port exploitation depend on the version of the ports.

8-15.png

Ports Enumeration

As you can see, anonymous login details of ftp port have been found in it.

9-12.png

HTTP Methods

We can use the following method to send the request to the server.

10-11.png

Exploits

As you can see, with the help of port enumeration, we came to know the exploits of the port which can give us control of the web server.

11-13.png


Continue Reading…..

12-10.png

SMB Enumeration

As you can see that it tries to find the well known smb vulnerability by execute the nmap scripts.

13-7.png

Web Technology’s

We can see the details of the front page of the web application in the CLI interface.

14-6.png

SSL Testing

It is testing well-known ssl vulnerabilities on the target machine such as heartbleed etc.

15-4.png

Fuzzing

It is trying to find the hidden directory using the Go buster tool.

16-3.png

HTTP Methods with Nikto

As you can see that it has provide us the deep details of port 80 with uses the nikto tool.

17-2.png


It will continuously tries fuzzing on every web application protocol.

18-1.png


Done !! As you can see it gives us all these details by executing only one command. So it can be used when we are playing CTF challenges so that we can save our time. Also, you can check more features of this tool and get more information.

19.png
About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact On Linkedin.
 
You must log in or register to reply here.

414,034

309,575

309,584

M Maikel787
Top