|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Company Profile | Services | training | Research and Technology | Vulnerability management | Contact Us | |
||||||
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||||
Introduction |
|
This page contains detailed information on the various modules of BiDiBLAH 2. You can visit the BiDiBLAH home
page here. BiDiBLAH is shipped with
SPUD and is dependant on this application in various modules.
SPUD is a small application that runs in the background and seemlessly integrates with BiDiBLAH. Best of all,
SPUD is free.
Further documentation regarding the methodology used in BiDiBLAH can be obtained in your installation folder of the application. |
Top Level Domain Extractor |
|
The Top Level Domain (TLD)Extractor will attempt to mine domain names by brute forcing a list of top level domains with
a given root name. For example, if you want to find domain names for "Playboy", BiDiBLAH will present a list of domains
found using "playboy" as the rootname.
The column on the left is the user input column, this is where rootnames are specified. The TLD list (bottom left) will be populated as soon as the scan is initiated. The middle and right column represents domains found. Note that on the discovered domain list, entries *don't necessarily* represent the target you're looking for. I.e, playboy.net.in might be a sedo parked domain, not belonging to playboy industries. 
The TLD list file can be found in [Application Folder]\misc\known-tlds.txt. This file contains approximately 1400 entries, and can be modified to remove / add additional entries. In the TLD setup tab, you can select the number of threads you wish to use to speed up the process. |
Bi-directional Link Extraction |
|
Bi-directional Link Extraction, also known as BILE, is essentially a spider, and then some. It will determine the
importance (weight) of links on specified targets by comparing them to hosts that link back to the original target.
For example, when we're running BILE against host www.sensepost.com, the BILE module will use SPUD to search for sites linking back to the host www.sensepost.com, whereafter it will spider www.sensepost.com (target) and match the links found on the target with the links found with SPUD. Corresponding links (found in both SPUD, and the spider) will have a higher weight than links only found in one of the result sets. 
By doing this, the analyst can mine other possible targets affiliated with his/her current one. Not only does it broaden the scope of attack, but it also gives an indication of the size/magnitude of the target. |
Sub Domains |
The sub domain lookup module will mine the specified target hosts for email addresses and, well, sub domains.
The data extraction in this module is made possible with SPUD.
Simply enter a target domain (or import some), and hit the start button.
By doing this, you can enumerate users (from the email addresses) and subdomains for futher scanning. As mentioned, make sure that you have SPUD installed and that it is running. |
Forward Lookups |
|
The forward lookup module will brute force subdomain names for the specified target domain and display the hosts
that could resolve. BiDiBLAH will first try to do a zone transfer of the target domain. If the zone transfer
fails, brute forcing will continue and the brute force files will appear in the list on the left of the screen.
The location of these files (.bfdns), should be setup in the configuration tab of BiDiBLAH.
Simply enter your target domain (or import some), and hit the start button. This process is not very time consuming and should not take longer than a few minutes. 
Note that the hosts listed above are fictional, and serve to demonstrate naming conventions commonly used in corporations. Brute forcing domain names have proved to be very effective in the foot printing / host discovery methodology, as many corporations apply themes when naming servers. By correctly guessing these names, you can add more targets to your list, increasing the range of attack. |
Virtual Host Extraction |
This module will try to mine virtual hosts from given target IP's. VHE is also dependant on
SPUD obtain the required results. More specifically, it
will use the Live Search module of SPUD, so make sure you have a AppID / key.
Configure this AppID in SPUD as SPUD can not scrape Live Search results, and is dependant on a key. Simply enter your
target IP's (or import them), and hit the start button.
If one or more results were found, BiDiBLAH will prompt you to export your results to the BILE module, so that further link extraction can be done. |
Netblocks |
||
The netblocks module will allow the user to alloce IP ranges into various blocks, and will essentially be the primary
input for the next modules. Forward en reverse lookup results will be shown for the selected netblock, and a
whois lookup functionality is available for the IP range. Define your netblocks here and use the "Import (App)" buttons on the
reverse and porscanner modules to import the them.
Example of forward and reverse lookup results: 
|
||
Reverse Lookups |
The reverse lookup module will use the netblocks (as previously defined) as input to resolve hostnames. BiDiBLAH
will use filters to distinguish between matched and unmatched DNS entries. You can only import ranges to scan from
the netblocks module, thus ranges cannot be defined here. You can however add matching filters if you wish.
|
Portscanner (Qalive) |
The portscanner module will probe specified targets for open ports. Select your network adaptor and the ports
you want scanned, import/add some scan ranges, and hit the start button.
If you're running an XP firewall, it will temporarily be disabled. This is required for the raw packet driver to work properly. Remember to install the raw packet driver as per documention instructions. |
Banner Grabbing |
This module will use the open ports found in the previous module to probe for banners. Select your adaptor, import
some ports, and hit the start button. Once again, if you're an XP firewall, it will temporarily be disabled.
|
Targeting |
|
The purpose of the targeting module, is to define your targets for vulnerability scanning and exploiting.
Targets with their hostnames, open ports and banners will display in a treeview format for easy selection.
Make sure that you have at least some netblocks defined, and hit the "Update Tree" button.
Once your tree is populated, you can start adding targets to your list. Choose between all hosts, hosts with open ports or selected hosts. Once you've added your required targets, go on to the Nessus module. 
|
Nessus |
|
The Nessus client provides integrated vulnerability scanning into BiDiBLAH. Make sure that you have access
to a Nessus server and hit the "Launch Plugin Selector" button.
Plugin Selector Enter the server credentials in the top-left corner of the screen, and hit the "Load Plugins" button. Note that loading plugins can take several minutes, so please be patient. Once the plugins have been loaded, select the desired plugins using the long vertical button on the right of the available plugins. Once you have selected your required plugins, hit the "Save Plugin Set" on the bottom left corner of the screen. This will save your selected plugins to a file on your drive. You can save as many plugin sets as you want, as you'll have to oppertunity to select them later when you initiate your search. Once you're done, you can close this window. 
Nessus module This window, will allow the user to initiate the Nessus scan. Hit the "Update Sets" button to update the dropdown list with your plugin sets. This button will refresh the file list in your plugins directory. (You have to configure this directory in the Nessus setup tab). Once you've done that, import your targets (or simply define them in the "Targets" box, and hit the Start button. 
Depending on how many targets you scan, this process can take some time. When you're done scanning, hit the "Update Tree" button to summarise your results in a treeview. |
MetaSploit |
This module is designed to integrate with the MetaSploit framework for exploitation. Note that BiDiBLAH does only
support MetaSploit up to version 2.7. No further development is envisaged for this module.
Firstly, load the Meta2Nessus file. After that, load the available exploits. This function will connect to your MetaSploit web server (usually listening on port 55555) and retrieve a list of the available exploits. Click on an exploit for more information. 
Configure the exploit and select the payload. The payload will be displayed in the bottom left corner of the screen. Hit the start button. |
| Top of Page |
