Hackbot 2.21 RTFM/RTFINTRO/RTFFAQ/RTFINST/RTFLSTINF/RTFCONTACTINF/RTFBUGRPT/RTFSRC RTFNWS/RFFRESHMEAT/RTFMIRRORINF/RTFPORTINF/RTFLICENSE/RTFDISCLAIMER/RTFKNWNBGS
###############################################################
# Authors: # # # # Marco van Berkum - m.v.berkum@obit.nl # # http://ws.obit.nl # # Kristian Vlaardingerbroek - kris@obit.nl # # http://www.obit.nl # # Pepijn Vissers - zoef@zoefdehaas.nl # # http://www.zoefdehaas.nl # # Martijn Mooijman - foobar@obit.nl # # http://bitch.obit.nl # # Herman Poortermans - herman@ofzo.nl # # http://www.poortermans.nl # # Guido Barosio - gbarosio@uolsinectis.com.ar # # # # Port maintainers: # # # # OpenBSD - Herman Poortermans # # herman@ofzo.nl # # NetBSD - Niilo Kajander # # nk@atki.net # # Gentoo - Martijn Mooijman # # foobar@obit.nl # # Debian - Michiel van de Garde # # garde@benben.com # # Sun - Sam Nelson # # mail@sun.com #
###############################################################
Hackbot(1) Scanning tools Hackbot(1)
NAME
Hackbot - Host exploration and bannergrab tool
SYNOPSIS
hackbot.pl [-OAitfmsSdrX[-P <proxy:port>][-a <NN>][-z
<NN>][-l <c|v|d>] [-w avociun]] [<host|ip|net|range>|-F
<targetfile>]
DESCRIPTION
Hackbot is a vulnerability and bannergrabber meant as
auditory tool for remote and local hosts. Hackbot requires
PERL (http://www.perl.org), IO::Socket, Net::hostent and
Getopt::Std which should come with your default PERL
installation.
PLATFORMS
Hackbot should work on all UNIX platforms which have perl
and the necessary modules installed. If you want to get it
to work with Windows fix it yourself, I simply refuse to
support it. Microsoft is evil and should be removed from
this planet.
OPTIONS
-O log to output file.
-A All scan types.
-i Ident scan.
-t Telnet fingerprinting.
-f FTP scan, grabs FTP banner and checks for
anonymous user login.
-m MTA scan, grabs MTA banner and checks for
open relay, EXPN and VRFY.
-s SSH scan, grabs SSH banner.
-S Check target host with spamcop's database.
-d DNS scan, grabs DNS version.
-V Print Version and exit.
-p POP3 scan
-r Registrar whois lookup.
-P Scan via proxy.
-l loglevel sets loglevel state, see LOGLEVEL OPTIONS
below.
-g <string> Google search, uses strings from google.db
when -A option is used. See GOOGLE SEARCH section below
-w Webserver scan, various options, see the
WEBSERVER OPTIONS section below.
Marco van Berkum 2.21 1
Hackbot(1) Scanning tools Hackbot(1)
-z NN Set time in seconds between each CGI poll (to be
less conspicuous).
-a NN Set alternative webserver port
-X X allow check
-F Reads hostnames or IP's from a targetfile.
WEBSERVER OPTIONS
Webserver scan types:
a All webserver scans.
v Check webserver version.
- Check for webserver PUBLIC and ALLOW options.
c CGI scan, scans for commonly exploitable CGI's
i IDA, IDC, IDQ scan, scans for path revealing NT
problems.
u Unicode scan, scans for NT unicode vulnerabilities.
n Nimda scan, scans for eml files in website html
source, works best combined with -c option.
LOGLEVEL OPTIONS
Loglevel states:
c critical (default)
v verbose
d debug
c Critical only list information that is important.
v Verbose same as above + might-be-interesting-stuff.
d Show all normal scaninfo, All socketinfo, data and show
additional 'tagpoints'.
SCANOUTPUT
The output of the scan is placed in output.host files or,
when the -O option is used, it is placed in the given out-
put file
SCANOUTPUT EXAMPLE
output.127.0.0.1
output.www.yourdomain.name
or, when -O option is defined, output is placed in the
given output file.
Marco van Berkum 2.21 2
Hackbot(1) Scanning tools Hackbot(1)
EXAMPLES
FTP, MTA and webserver options, CGI and IDA scan
$ hackbot.pl -f -m -w oci localhost
ALL scans
$ hackbot.pl -A localhost
or from a file
$ hackbot.pl -A -F file_with_hosts
or with ranges and output file
$ hackbot.pl -O logfile -A 192.168.1.1 192.168.1.255
or with CIDR's
$ hackbot.pl -A 192.168.1.0/24
NOTE: CIDR masks < /24 are currently unsupported.
or with a higher loglevel
$ hackbot -A -lv 192.168.1.1
GOOGLE SEARCH
The google search is issued with the -A option by default
(using google.db), a manual scan can be done this way:
hackbot.pl -g string host
For instance:
$ hackbot.pl -g britney www.geocities.com
Hackbot will search for URL's containing 'britney' on
http://www.geocities.com via google.
It could find this for instance:
http://www.geocities.com/britney.html
http://www.geocities.com/~user/britney.txt
AUTHORS
Marco van Berkum - m.v.berkum@obit.nl
Kristian Vlaardingerbroek - kris@obit.nl
Pepijn Vissers - zoef@zoefdehaas.nl
Martijn Mooijman - foobar@obit.nl
Herman Poortermans - herman@ofzo.nl
Guido Barosio - gbarosio@uolsinectis.com.ar
BUGS
All bugs can be reported to m.v.berkum@obit.nl, before
reporting bugs please refer to the KNOWN_BUGS file first.
LICENSE
Hackbot is licensed under the LGPL License, see LICENSE
for more information.
DISCLAIMER
The author of this program CANNOT be held responsible
for any illegal scanning activities initiated by an user
or unauthorised party. This program is meant as tool to
determine your OWN network security. Any unauthorised
probes with this program should be reported to local
authorities and/or to the attacker himself. Complaints to
my address regarding the unauthorised use of this program
will be moved unseen to /dev/null.
Marco van Berkum 2.21 3
RTFINTRO
Hackbot started in August 2001 as an attempt to write a CGI scanner in PERL, just to see how far I could come. That worked after some while (with a lot of bugs :)). So I decided to add some more functionality, like bannergrabbing and Anonymous FTP login check. The structure of Hackbot 1 was very different from the current version. It had no CGI database, instead it was all built in. Also some stupid bugs that I didn't discover yet where present in Hackbot 1. Thats one of the reasons why I started Hackbot 2 . Another reason to start Hackbot 2 was to make it easier to edit CGI's and have information about exploits and links to advisories. So I created the database.
Hackbot 2 was much better than Hackbot 1, so I removed Hackbot 1 from my website. With Hackbot 2 I also found some developers and betatesters who like to give suggestions and program add-ons. Also it was added to freshmeat as project and a mailinglist was started.
RTFFAQ
Q: why doesn't hackbot work?
A: because you're dumb.
Q: Why is it written in PERL?
A: Why not?
Q: Does Hackbot run on windows?
A: yes, if you install cygwin and perl it works.
Q: Does Hackbot have stealth options ? A: No, its not kiddieware(tm).
Q: Why does hackbot say my server has relaying enabled? A: stop scanning localhost sucker :)
Q: a/s/l ?
A: 28/Male/The Hague, The Netherlands.
Q: I want to become developer, is that possible? A: RTFLSTINF.
Q: Does Hackbot contain non standard modules? A: NO.
Q: Can I Distribute Hackbot to my friends? A: RTFLICENSE.
Q: Can I bug you about an intruder scanning me with your tool? A: RTFDISCLAIMER.
Q: Can I report a bug?
A: RTFBUGRPT.
Q: I have a question that's not in this FAQ, can I ask it? A: RTFCONTACTINF.
Q: Do you have a social life?
A: NO.
Q: foo?
A: bar
Q: How does google search work ?
A: RTFM
RTFINST
Type 'make' to install Hackbot.
RTFLSTINF
Hackbot has a mailinglist you can subscribe to. The list is meant for developers, betatesters and for people who just like to be informed about next releases and for making suggestions to the developers. If you want to develop also read developer_guidelines.txt.
To subscribe to the mailinglist you send an email to majordomo@lists.obit.nl with 'subscribe hackbot' in the BODY, without subject and without signature. You'll be instructed then how to proceed.
It is a restricted mailinglist and subscriptions need approval.
RTFCONTACTINF
Marco van Berkum - m.v.berkum@obit.nl Website - http://ws.obit.nl Mailinglist - majordomo@lists.obit.nl Project page - http://freshmeat.net/projects/hackbot/ Project maintainerpage - http://freshmeat.net/~marcovberkum/ Online manual - http://ws.obit.nl/hackbot/manpage.html
Online documentation file - http://ws.obit.nl/hackbot/documentation.txt Fingerprint submissions - fingerprint@obit.nl OpenBSD portmaintainer - herman@ofzo.nl
NetBSD portmaintainer - nk@atki.net Gentoo portmaintainer - foobar@obit.nl Debian portmaintainer - garde@benben.com
RTFBUGRPT
Bugs that are NOT in the KNOWN_BUGS file (RTFKNWNBGS) can be reported to m.v.berkum@obit.nl
RTFSRC
A lot of questions can be answered just by reading the source.
RTFNWS
RTFCONTACTINF, RTFLSTINF, RFFRESHMEAT.
RFFRESHMEAT
Hackbot is a Freshmeat Open Source project, for more information RTFCONTACTINF.
RTFMIRRORINF
The hackbot project currently has 3 sourcepackage locations
http://ws.obit.nl/hackbot/
http://www.xs4all.nl/~mvberkum/hackbot/
http://webs.uolsinectis.com.ar/gbarosio/hackbot/
Thanks to Guido Barosio for setting up the a mirror.
If you want to donate a mirrorlocation please drop me an email
RTFPORTINF
Hackbot ports are available for the following systems:
OpenBSD
Maintainer: Herman Poortermans
Email: herman@ofzo.nl
NetBSD
Maintainer: Niilo Kajander
Email: nk@atki.net
Debian
Maintainer: Michiel van de Garde
Email: garde@benben.com
Gentoo
Maintainer: Martijn Mooijman
Email: foobar@obit.nl
If you want to become a portmaintainer of a system that is not in this list yet drop me an email (m.v.berkum@obit.nl).
RTFKNWNBGS
Known bugs are placed in the KNOWN_BUGS file.
RTFLICENSE
Hackbot is licensed under the LGPL License, see LICENSE for more information.
RTFDISCLAIMER
The author of this program CANNOT be held responsible for any illegal scanning activities initiated by an user or unauthorised party. This program is meant as tool to determine your OWN network security. Any unauthorised probes with this program should be reported to local authorities and/or to the attacker himself. Complaints to my address regarding the unauthorised use of this program will be moved unseen to /dev/null.