Skip to content
This repository has been archived by the owner on Jun 20, 2024. It is now read-only.
/ bluebox Public archive

Pentesting framework using Node.js powers, focused in VoIP.

License

Notifications You must be signed in to change notification settings

jesusprubio/bluebox

Repository files navigation

Bluebox-ng

Black Hat Arsenal Continuos integration NSP Status

npm info

Pentesting framework using Node.js powers. Focused in VoIP.

DISCLAIMER: Pointing this tool at other people's servers is NOT legal in most countries.

  • Auto VoIP/UC penetration test
  • Report generation
  • Performance
  • RFC compliant
  • SIP TLS and IPv6 support
  • SIP over websockets (and WSS) support (RFC 7118)
  • SHODAN, exploitsearch.net and Google Dorks
  • SIP common security tools (scan, extension/password bruteforce, etc.)
  • Authentication and extension brute-forcing through different types of SIP requests
  • SIP Torture (RFC 4475) partial support
  • SIP SQLi check
  • SIP denial of service (DoS) testing
  • Web management panels discovery
  • DNS brute-force, zone transfer, etc.
  • Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
  • Some common network tools: whois, ping (also TCP), traceroute, etc.
  • Asterisk AMI post-explotation
  • Dumb fuzzing
  • Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
  • Automatic vulnerability searching (CVE, OSVDB, NVD)
  • Geolocation
  • Command completion
  • Cross-platform support

Install

npm i -g bluebox-ng

Kali GNU/Linux

  • curl -sL https://raw.githubusercontent.com/jesusprubio/bluebox-ng/master/artifacts/installScripts/kali2.sh | sudo bash -

Use

Console

To start the console client.

bluebox-ng

Programatically

To run it from other Node code.

const Bluebox = require('bluebox-ng');

const box = new Bluebox();

box.run('gather/network/geo', { rhost: '8.8.8.8' })
.then(res => {
  console.log('Result:');
  console.log(res);
})
.catch(err => {
  console.log('Error:');
  console.log(err);
});

Developer guide

Environment

  • Get a copy of the code and install the dependencies.
git clone https://github.com/jesusprubio/bluebox-ng
cd bluebox-ng
npm i # or use yarn

Debug

We use the visionmedia module, so you have to use this environment variable:

DEBUG=bluebox-ng* npm start

New modules

You can add your own features to this environment following this tips:

  • Add a new file inside /modules and it should appear in the pentesting environment.
  • Use the most similar among the actual ones as boilerplate.

Tests

We still don't have a proper Docker setup. So, for now, the test have to be run locally. Please check its code before it, they often need a valid target service.

./node_modules/.bin/tap test/wifi
node test/wifi/*
./node_modules/.bin/tap test/wifi/scanAps.js
node test/wifi/scanAps.js

Conventions

  • We use ESLint and Airbnb style guide.
  • Please run to be sure your code fits with it and the tests keep passing:
npm run posttest

Commit messages rules

  • It should be formed by a one-line subject, followed by one line of white space. Followed by one or more descriptive paragraphs, each separated by one line of white space. All of them finished by a dot.
  • If it fixes an issue, it should include a reference to the issue ID in the first line of the commit.
  • It should provide enough information for a reviewer to understand the changes and their relation to the rest of the code.

Contributors

Thanks to

About

Pentesting framework using Node.js powers, focused in VoIP.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •