search

cybermouflons / ovisbot

Discord bot focused on managing and organising CTFs / Security stuff
GNU General Public License v3.0
16 stars 25 forks source link

Enhancement Utils #98

Open xmpf opened 4 years ago

xmpf commented 4 years ago

URL Grabbing Mechanism

Zolos should be able to grab urls shared in any channel (using a regex to match the URI) and post it to a dedicated channel #links (only zolos should have write permissions to that channel) for archive purposes.

Exploit Searching

Use websites like sploitus.com, exploit-db to search for exploits. This can be useful during CTFs and pentesting eg: !searchploit wordpress

Reverse Shell "Generator"

From a list of known "payloads" such as pentestmonkey, dynamically configure code with LHOST,LPORT and send it back in the channel. eg: !rshell 127.0.0.1 4444

Attack Vector Payloads

Find attack payloads for XSS, SQLi, XXE, ... eg: !payload SQLi MySQL

Hash Cracking

Use hashid python module to identify hash format, and try to crack them using websites like crackstation.net eg: !hashcrack 098f6bcd4621d373cade4e832627b4f6

Reconnaisance

Use various tools such whois, nslookup, traceroute, ... to provide information about a target eg !recon website.com

s3nn commented 4 years ago

If we're gonna do this maybe put the info in our wiki or something and use Zolo to just retrieve it? The info should be decoupled from the bot

apogiatzis commented 4 years ago

If we're gonna do this maybe put the info in our wiki or something and use Zolo to just retrieve it? The info should be decoupled from the bot

Totally agree on that. The data should be decoupled from the bot and configured at setup. We can always provide multiple integration options i.e. fetch from github, wiki, database etc..