CTFEnum is a Python-based tool designed to assist in network penetration tests, particularly for Capture The Flag (CTF) challenges. It performs reconnaissance by scanning and analyzing open ports on a provided IP address. The tool uses various modules to probe different services associated with these open ports. Employing multiprocessing, it concurrently executes different modules to identify potential vulnerabilities across multiple ports.
Scans open TCP and UDP ports using Nmap. Utilizes modular design with specific handlers for different services (e.g., FTP, Telnet, SMTP, HTTP, DNS, Kerberos, etc.). Provides recommendations and potential actions for specific ports (e.g., brute force attempts, service-specific commands).
Python 3.x
Nmap
Gobuster
Dig
Crackmapexec
Metasploit
etc...
Required Python libraries: subprocess, multiprocessing, sys, re, etc...
curl https://raw.githubusercontent.com/josemlwdf/CTFEnum/main/install.sh|bash
Run the tool by providing the IP address as an argument:
python3 /application/path/CTFEnum.py <IP_ADDRESS>
If installed with install.sh:
ctfenum <IP_ADDRESS>
Replace <IP_ADDRESS> with the target IP address you intend to scan.
The program will perform a comprehensive port scan using Nmap to identify open TCP and UDP ports on the specified IP address.
CTFEnum will then initiate module-specific handlers based on identified open ports to analyze and potentially exploit services running on these ports.
- Retrieve Nmap information using this service specific scripts.
- Retrieve Nmap information using this service specific scripts.
- Enumerate users using this service.
-
Identify server and possible common technologies.
-
Detects VHOSTS and add them automatically to /etc/hosts file.
-
Test automatically for Apache Server CVEs if the version matches.
-
Kerberoast Automatic ticket Extraction.
-
Kerberos Atuomatic Synchronization with DC.
- Suggests POP credentials bruteforce.
- Suggest Hacktrics page as reference.
- Enumerates IMAP version.
- Suggests Hacktrics page as reference.
-
RID Cycling usernames enumeration Attack with founded credentials.
-
Bruteforce using common users and passwords.
-
Bruteforce using options NULL pass, User as Pass and common passwords.
-
Shares enumeration using NULL creds, Guest and founded credentials.
- Check if TFTP server allow PUT files.
- Automatic Nmap SNMP targeted scan.
- Community password bruteforce.
- Automatic strings extraction.
- Perform dig scan on DNS.
- Automatic DNS registration on /etc/hosts file.
- Suggest Hacktrics page as reference.
- Enumerates the hostname
The tool suggests actions for certain ports, such as potential brute force attempts or specific commands to execute. For optimal usage, ensure proper permissions and avoid using this tool on networks you don't have authorization to test.
This tool is intended for educational and ethical penetration testing purposes only. Ensure that you have proper authorization before using it on any network or system you do not own or have explicit permission to test.