blacklanternsecurity
Add legba module for bruteforcing various services
Hey there!
Saw the discussion on: https://github.com/blacklanternsecurity/bbot/discussions/1689
We developed a Legba module internally and I did a thorough review. Would you mind include it and/or have some comments?
Best wishes, Christian
Supported protocols
- SSH
- FTP
- TELNET
- VNC
- MSSQL
- MySQL
- PostgreSQL
Screenshot
ToDo
- [x] Write tests
- [x] Support all distros
- [x] Manual tests
This looks great, nice work! Legba has been a much requested module.
The trick will be writing tests for the different protocols, and also getting Legba to compile properly on all the different platforms.
@Vinnie64 may be able to help as he's been working on something similar to this
Nice! I can start working on it and see how it goes. Input from @Vinnie64 is also appreciated
I think the distro tests are now failing because deps_ansible run before deps_common:
- See test-distros (debian) L8572 following -> Ansible tasks for building Legba fails (L10095 "msg": "[Errno 2] No such file or directory: b'cargo'")
- See test-distros (debian) L10124 following -> Ansible tasks for installing rust seem to work
Is it intended this way? At least I expected it to be the other way around @TheTechromancer
Codecov Report
:x: Patch coverage is 84.32836% with 21 lines in your changes missing coverage. Please review.
:white_check_mark: Project coverage is 93%. Comparing base (848266c) to head (a2315a6).
:warning: Report is 65 commits behind head on dev.
| Files with missing lines | Patch % | Lines |
|---|---|---|
| bbot/modules/deadly/legba.py | 79% | 19 Missing :warning: |
| ...test/test_step_2/module_tests/test_module_legba.py | 96% | 2 Missing :warning: |
Additional details and impacted files
@@ Coverage Diff @@
## dev #2530 +/- ##
======================================
- Coverage 93% 93% -0%
======================================
Files 404 406 +2
Lines 33387 33521 +134
======================================
+ Hits 30922 31038 +116
- Misses 2465 2483 +18
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
deps_ansiblerun beforedeps_common
I think deps_common should run first. I'll see about fixing.
EDIT:
- https://github.com/blacklanternsecurity/bbot/pull/2549
@christianfl that fix has been merged; you may need to rebase from dev.
Hey! Did a bit of work again :sunglasses:
Feedback welcome! If you'd consider merging, feel free to squash the commits into one.
Saw that you are in the process of deprecate vulnerability events in favor of finding events here. Changed code accordingly. Even if severity and confidence are not yet supported attributes of finding, it still runs with the current changes.
Saw that you are in the process of deprecate
vulnerabilityevents in favor offindingevents here. Changed code accordingly. Even ifseverityandconfidenceare not yet supported attributes offinding, it still runs with the current changes.
Hi, yes this is happening - but it wont make into stable until 3.0. Could be a while before that happens.
Going to try to test this out next week, from what I had a chance to look at so far, looks great. Really appreciate all the work writing tests and supporting all the distros, etc.
You're very welcome! Ok good to know, cool to see those event type merged. Feel free to ping me in case anything's needed here.
Fantastic work on this module. A couple small changes and then it should be good to merge:
- Let's use the scan's temp directory instead of
/tmp - We don't need to specify defaults in the option descriptions since they're already shown in
bbot -mh legba
diff --git a/bbot/modules/deadly/legba.py b/bbot/modules/deadly/legba.py
index b6d7da6e4..91d7b5488 100644
--- a/bbot/modules/deadly/legba.py
+++ b/bbot/modules/deadly/legba.py
@@ -41,15 +41,15 @@ class legba(BaseModule):
}
options_desc = {
- "ssh_wordlist": "Wordlist URL for SSH combined username:password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/ssh-betterdefaultpasslist.txt)",
- "ftp_wordlist": "Wordlist URL for FTP combined username:password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt)",
- "telnet_wordlist": "Wordlist URL for TELNET combined username:password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/telnet-betterdefaultpasslist.txt)",
- "vnc_wordlist": "Wordlist URL for VNC password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/vnc-betterdefaultpasslist.txt)",
- "mssql_wordlist": "Wordlist URL for MSSQL combined username:password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/mssql-betterdefaultpasslist.txt)",
- "mysql_wordlist": "Wordlist URL for MySQL combined username:password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/mysql-betterdefaultpasslist.txt)",
- "postgresql_wordlist": "Wordlist URL for PostgreSQL combined username:password wordlist, newline separated (default https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/Default-Credentials/postgres-betterdefaultpasslist.txt)",
- "concurrency": "Number of concurrent workers, gets overridden for SSH (default 3)",
- "rate_limit": "Limit the number of requests per second, gets overridden for SSH (default 3)",
+ "ssh_wordlist": "Wordlist URL for SSH combined username:password wordlist, newline separated",
+ "ftp_wordlist": "Wordlist URL for FTP combined username:password wordlist, newline separated",
+ "telnet_wordlist": "Wordlist URL for TELNET combined username:password wordlist, newline separated",
+ "vnc_wordlist": "Wordlist URL for VNC password wordlist, newline separated",
+ "mssql_wordlist": "Wordlist URL for MSSQL combined username:password wordlist, newline separated",
+ "mysql_wordlist": "Wordlist URL for MySQL combined username:password wordlist, newline separated",
+ "postgresql_wordlist": "Wordlist URL for PostgreSQL combined username:password wordlist, newline separated",
+ "concurrency": "Number of concurrent workers, gets overridden for SSH",
+ "rate_limit": "Limit the number of requests per second, gets overridden for SSH",
}
deps_common = ["rust"]
@@ -120,7 +120,7 @@ class legba(BaseModule):
]
async def setup(self):
- self.output_dir = "/tmp/legba-output"
+ self.output_dir = self.scan.temp_dir / "legba-output"
self.helpers.mkdir(self.output_dir)
return True
Thanks for reviewing! I applied the suggested changes ~~but the test is failing for me locally. I'll have to look at it later.~~
My fault :grin: Works again. I squashed commits so I think it's ready to be merged!
@christianfl thanks again for your work on this. I want to merge it but it's adding 30 minutes to the tests. I noticed even when running it on my laptop it takes upwards of 10 minutes to compile 😬
I hate to ask since I know you already fought with the ansible stuff. But now that legba finally has precompiled releases, can we opt for downloading those directly?
No worries @TheTechromancer A colleague of mine was working on this already, he'll push the changes to the branch directly.
Sorry for the delay, we were exceedingly busy. We'll look at it soon. Be assured, I can only rest once this is merged!