Skip to content
/ mithra Public
forked from pablosnt/rekono

Execute complete pentesting processes combining multiple hacking tools automatically

License

Notifications You must be signed in to change notification settings

BarMol3/mithra

 
 

Repository files navigation

Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email or Telegram notifications and also can be imported in Defect-Dojo if an advanced vulnerability management is needed. Moreover, Rekono includes a Telegram bot that can be used to perform executions easily from anywhere and using any device.

Why Rekono?

Do you ever think about the steps that you follow when you start pentesting? Probably you start performing some OSINT tasks to gather public information about the target. Then, maybe you run hosts discovery and ports enumeration tools. When you know what the target exposes, you can execute more specific tools for each service, to get more information and maybe, some vulnerabilities. And finally, if you find the needed information, you will look for a public exploit to get you into the target machine. I know, I know, this is an utopic scenario, and in the most cases the vulnerabilities are found due to the pentester skills and not by scanning tools. But before using your skills, how many time do you spend trying to get as information as possible with hacking tools? Probably, too much.

Why not automate this process and focus on find vulnerabilities using your skills and the information that Rekono sends you?

The Rekono name comes from the Esperanto language where it means recon.

Demo

Rekono.mp4

Telegram Bot

Rekono.Bot.mp4

Supported tools

Thanks to all the contributors of these amazing tools!

Installation

Docker

Execute the following commands in the root directory of the project:

docker-compose build
docker-compose up -d

If you need more than one tool running at the same time, you can set the number of executions-worker instances:

docker-compose up -d --scale executions-worker=5

Go to https://127.0.0.1/

You can check the details in the Docker documentation. Specially, the initial user documentation

Using Rekono CLI

If your system is Linux, you can use rekono-cli to install Rekono in your system:

pip3 install rekono-cli
rekono install

After that, you can manage the Rekono services using the following commands:

rekono services start
rekono services stop
rekono services restart

Go to http://127.0.0.1:3000/

⚠️ Only for Linux environments.

⚠️ Docker is advised. Only use that for local and personal usage.

From Source

Check the installation from source in Rekono Wiki

Integrations

Telegram Bot

You can follow this steps to deploy the Telegram bot:

  1. Create a new bot in Telegram using this guide and the @BotFather
  2. The @BotFather will send you an authentication token
  3. Configure the token value in the Settings page or ask your administrator for doing it.

Defect-Dojo

You can configure your Defect-Dojo details in the Settings page or ask your administrator for doing it. The following properties can be configured:

  • Defect-Dojo URL (/api/ endpoints will be appended to make API requests)
  • Defect-Dojo API key to authenticate API requests
  • Tag to be assigned to every items created by Rekono in Defect-Dojo
  • Product type name of the products created by Rekono in Defect-Dojo
  • Test type name related to Rekono executions imported in Defect-Dojo
  • Test name related to Rekono executions imported in Defect-Dojo

Configuration

Check the configuration options in Rekono Wiki

Support

You can reach us on:

If you need more specific help, you can also mail [email protected].

License

Rekono is licensed under the GNU GENERAL PUBLIC LICENSE Version 3

About

Execute complete pentesting processes combining multiple hacking tools automatically

Resources

License

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 77.6%
  • Vue 19.7%
  • HTML 1.8%
  • Other 0.9%