Easily flip single threaded command line functions into quick, multi threaded software with CIDR and glob help.
$ python3 setup.py set up
Dependencies will then be put in and Interlace will probably be added to your path as
|-t||Specify a goal or area title both in comma format, CIDR notation, or as a person host.|
|-tL||Specify a listing of targets or domains|
|-threads||Specify the utmost variety of threads to run at anyone time (DEFAULT:5)|
|-timeout||Specify a timeout worth in seconds for anyone thread (DEFAULT:600)|
|-c||Specify a single command to execute over every goal or area|
|-cL||Specify a listing of instructions to execute over every goal or area|
|-o||Specify an output folder variable that can be utilized in instructions as _output_|
|-p||Specify a listing of port variable that can be utilized in instructions as _port_. This generally is a single port, a comma delimited checklist, or use sprint notation|
|-rp||Specify an actual port variable that can be utilized in instructions as _realport_|
|–no-cidr||If set then CIDR notation in a goal file is not going to be routinely be expanded into particular person hosts.|
|–no-colour||If set then any foreground or background colors will probably be stripped out|
|–silent||If set then solely vital data will probably be displayed and banners and different data will probably be redacted.|
|-v||If set then verbose output will probably be displayed within the terminal|
Further data concerning ports (-p)
|1-80||Dash notation, carry out a command for every port from 1-80|
|80,443||Perform a command for each port 80, and port 443|
Further data concerning targets (-t or -tL)
-tL will probably be processed the identical. You can cross targets the identical as you’d when utilizing nmap. This may be executed utilizing CIDR notation, sprint notation, or a comma delimited checklist of targets. A single goal checklist file can even use completely different notation sorts per line.
The following varaibles will probably be changed in instructions at runtime:
|_target_||Replaced with the expanded goal checklist that the present thread is working towards|
|_host_||Works the identical as _target_, can be utilized interchangably.|
|_output_||Replaced with the output folder variable from interlace|
|_port_||Replaced with the expanded port variable from interlace|
|_realport_||Replaced with the true port variable from interlace|
Run Nikto Over Multiple Sites
Let’s assume that you simply had a file
targets.txt that had the next contents:
You may use interlace to run over any variety of targets inside this file utilizing: bash
➜ /tmp interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_ > ./_target_-nikto.txt" -v ============================================== Interlace v1.Zero by Michael Skelton (@codingo_) ============================================== [14:33:23] [THREAD] [nikto --host hackerone.com > ./hackerone.com-nikto.txt] Added to Queue [14:33:23] [THREAD] [nikto --host bugcrowd.com > ./bugcrowd.com-nikto.txt] Added to Queue
This would run nikto over every host and save to a file for every goal. Note that within the above instance since we’re utilizing the
> operator so outcomes will not be fed again to the terminal, nonetheless that is desired performance as in any other case we would not be capable of attribute which goal Nikto outcomes had been returning for.
For functions the place you need suggestions merely cross instructions as you usually would (or use
Run Nikto Over Multiple Sites and Ports
Using the above instance, let’s assume you need independant scans to be run for each ports
443 for a similar targets. You would then use the next:
➜ /tmp interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_:_port_ > ./_target_-_port_-nikto.txt" -p 80,443 -v ============================================== Interlace v1.Zero by Michael Skelton (@codingo_) ============================================== [14:33:23] [THREAD] [nikto --host hackerone.com:80 > ./hackerone.com-nikto.txt] Added to Queue [14:33:23] [THREAD] [nikto --host bugcrowd.com:80 > ./hackerone.com-nikto.txt] Added to Queue [14:33:23] [THREAD] [nikto --host bugcrowd.com:443 > ./bugcrowd.com-nikto.txt] Added to Queue [14:33:23] [THREAD] [nikto --host hackerone.com:443 > ./hackerone.com-nikto.txt] Added to Queue
Run a List of Commands towards Target Hosts
Often with penetration assessments there is a checklist of instructions you wish to run on practically each job. Assuming that checklist contains testssl.sh, nikto, and sslscan, you might save a command checklist with the next in a file referred to as
nikto --host _target_:_port_ > _output_/_target_-nikto.txt sslscan _target_:_port_ > _output_/_target_-sslscan.txt testssl.sh _target_:_port_ > _output_/_target_-testssl.txt
If you had been then given a goal,
instance.com you might run every of those instructions towards this goal utilizing the next:
interlace -t instance.com -o ~/Engagements/instance/ -cL ./instructions.txt -p 80,443
This would then run nikto, sslscan, and testssl.sh for each port 80 and 443 towards instance.com and save recordsdata into your engagements folder.
CIDR notation with an software that does not help it
Interlace routinely expands CIDR notation when beginning threads (except the –no-cidr flag is handed). This permits you to cross CIDR notation to quite a lot of functions:
To run a digital host scan towards each goal inside 192.168.12.0/24 utilizing a direct command you might use:
interlace -t 192.168.12.0/24 -c "vhostscan _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50
This is regardless of VHostScan not having any inbuilt CIDR notation help. Since Interlace expands the notation earlier than constructing a queue of threads, VHostScan for all intents is simply receiving a listing of direct IP addresses to scan.
Glob notation with an software that does not help it
Interlace routinely expands glob ranges when beginning threads. This permits you to cross glob ranges to quite a lot of functions:
To run a digital host scan towards each goal inside 192.168.12.* utilizing a direct command you might use:
interlace -t 192.168.12.* -c "vhostscan _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50
Yet once more, VHostScan doesn’t having any inbuilt glob vary format help.
Threading Support for an software that does not help it
Run a virtual host scan towards every host in a file (goal-lst.txt), while additionally limiting scans at anyone time to 50 most threads.
This might be executed utilizing a direct command:
interlace -tL ./goal-checklist.txt -c "vhostscan -t _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50
Or, alternatively, to run the identical command as above, however utilizing a command file, this is able to be executed utilizing:
interlace -cL ./vhosts-instructions.txt -tL ./goal-checklist.txt -threads 50 -o ~/scans
This presumes that the contents of the command file is:
vhostscan -t $goal -oN _output_/_target_-vhosts.txt
This would output a file for every goal within the specified output folder. You may additionally run a number of instructions just by including them into the command file.
Auhors and Thanks
Originally written by Michael Skelton (codingo) and Sajeeb Lohani (sml555) with assist from Charelle Collett (@Charcol0x89) for threading refactoring and general appraoch, and Luke Stephens (hakluke) for testing and strategy.