Using 0xsp Mongoose you will be able to scan targeted operating system for any possible way for privilege escalation attacks,starting from collecting information stage unitl reporting information through 0xsp Web Application API .
User will be able to scan different linux os system at same time with high perfromance , with out spending time looking inside the terminal or text file for what is found , mongoose shorten this way by allowing you to send these information directly into web application friendly interface through easy API endpoint .
Project is divided into two sections server
& agent
.
Server
has been coded with PHP(codeigniter
) you need to install this application into your preffered environment , you can use it online or on your localhost . user is free to choice .also contribution to enhance features are most welcomed .
Agent
has been coded as ELF with Lazarus Free Pascal
will be released with ( 32 , 64 bit) , while executing Agent
on targeted system with all required parameters . user is free to decided whether willing to communicate with Server App
to store results and explore them easily . or he can also run this tool with out Web Api Connection .
Also Read – Scapy : Python-Based Interactive Packet Manipulation Program & Library
Agent Usage
chmod +x agent
-k –check kernel for common used privilige escalations exploits.
-u –Getting information about Users , groups , releated information.
-c –check cronjobs.
-n –Retrieve Network information,interfaces …etc.
-w –Enumerate for Writeable Files , Dirs , SUID ,
-i –Search for Bash,python,Mysql,Vim..etc History files.
-f –search for Senstive config files accessible & private stuff.
-o –connect to 0xsp Web Application.
-p –Show All process By running under Root,Check For Vulnerable Packages.
-e –Kernel inspection Tool, it will help to search through tool databases for kernel vulnerabilities.
-x –secret Key to authorize your connection with WebApp API (default is 0xsp).
-a –Display README.
Server Web App
php 5.6 or above
mysql 5.6
/
with folder name 0xsp
as [ http://localhost/0xsp/] , Agent
will not connect to it in case not configured correctly . the agent
will connect only as following case :./agent {SCAN OPTION} -o localhost -x secretkey
Examples With WebApi
./agent -c -o localhost -x 0xsp { enumerate for CRON Tasks and Transfer results into Web Api}
./agent -e -o localhost -x 0xsp { intelligent Exploits Detector }
./agent -c -e localhost -x 0sxp { will run two scans together and send found results directly }
./agent -m -o 10.10.13.1 -x 0xsp { RUN all Scans together and export it to Web API}
./agent -c -k -p { this will run 3 scans at the same time with out sending results into Web Api }
Demo Tutorial
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…