English | 中文文档

RequestTemplate is a red team penetration tool for both ends and a self inspection tool for Party A. It plays an irreplaceable role in the process of Intranet penetration. The scanning end is made of golang with its exquisite and fast features, which can quickly find a weak link in the intranet. The reproduction end is made of java with its characteristics of ecological stability, cross platform and beautiful UI. The minimum contract amount and the integration verification of the platform are fragile.

• The internal net weapon of the red team in the red blue confrontation
• Party A's assistant for self inspection of Intranet during construction

• Network segment detection: detects the connected network segment of the current machine
• Horizontal movement: various weak password blasting modules can be accessed through config JSON configuration
• Web scanning: integrating more than 300 kinds of POC detection of Xray
• Vulnerability verification: use the Java side configuration agent to verify the screenshot of the replication of the scanning results

root@VM-4-13-ubuntu:~# ./App_darwin -h

 _____                    _       _
|_   _|                  | |     | |
  | | ___ _ __ ___  _ __ | | __ _| |_ ___
  | |/ _ \ '_'  _ \| '_ \| |/ _' | __/ _ \
  | |  __/ | | | | | |_) | | (_| | ||  __/
  \_/\___|_| |_| |_| .__/|_|\__,_|\__\___|
                   | |  by 1n7erface
                   |_|
Usage of ./App_darwin:
  -a string
    	auto check network conn (default "false")
  -b string
    	only brute , not webscan (default "false")
  -c string
    	auto check 192 or 172 or 10
  -e string
    	print error log (default "false")
  -i string
    	IP address of the host you want to scan,for example: 192.168.11.11-255 or 192.168.1.1/24 or /22 /15...
  

• -a true :It will only detect the connectivity of the network segment. The detection includes 10.1.1.1-10.255.255.255 and 192.168.1.1-192.168.255.255 and 172.16.1.1-172.31.255.255

• -b true :By default, the scanning terminal will scan for web vulnerabilities and blast weak passwords. If you need to perform frequent tests on the collected passwords, add this parameter

• -c 192 or 172 or 10 :Test the connectivity of 10.1.1.1-10.255.255.255 and 192.168.1.1-192.168.255.255 and 172.16.1.1-172.31.255.255, and perform vulnerability scanning and service password blasting after the test

• -e true :By default, the scanning end will only print the information about the vulnerability of the surviving IP surviving port. In addition, this parameter can output the detection information, which is usually used for error debugging.

• -i CIDR :This parameter supports CIDR expressions of IP addresses, but if you scan 10/16/8, 192/16/8, 172/16/8, it is recommended to use the -c parameter. This parameter is most commonly used for /24

• The difference between -i and -c: The -c parameter will detect the connectivity of the network segment, and scan after the detection. And -i scans directly

root@VM-4-13-ubuntu:~# java -jar RequestTemplate.jar 
 _____                    _       _       
|_   _|                  | |     | |      
  | | ___ _ __ ___  _ __ | | __ _| |_ ___ 
  | |/ _ \ '_' _  \| '_ \| |/ _' | __/ _ \
  | |  __/ | | | | | |_) | | (_| | ||  __/
  \_/\___|_| |_| |_| .__/|_|\__,_|\__\___|
                   | |  by 1n7erface
                   |_|
Opened database successfully

• Agent management

• Target management

• Exploit

• Place config.json in the same directory as the scanning end, and you can add the dictionary and port of the scanning end
• Note: The program comes with a simple dictionary and port by default. To add an account password, you only need to add the complex password collected from the information. The port should exclude the following default ports for adding.

Ports = []int{21, 22, 23, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 98, 99, 135, 139, 443, 445, 800, 801, 808, 880, 888, 889, 1000, 1010, 1080, 1081, 1082, 1118, 1433, 1521, 1888, 2008, 2020, 2100, 2375, 2379, 3000, 3008, 3128, 3306, 3505, 5432, 5555, 6080, 6379, 6648, 6868, 7000, 7001, 7002, 7003, 7004, 7005, 7007, 7008, 7070, 7071, 7074, 7078, 7080, 7088, 7200, 7680, 7687, 7688, 7777, 7890, 8000, 8001, 8002, 8003, 8004, 8006, 8008, 8009, 8010, 8011, 8012, 8016, 8018, 8020, 8028, 8030, 8038, 8042, 8044, 8046, 8048, 8053, 8060, 8069, 8070, 8080, 8081, 8082, 8083, 8084, 8085, 8086, 8087, 8088, 8089, 8090, 8091, 8092, 8093, 8094, 8095, 8096, 8097, 8098, 8099, 8100, 8101, 8108, 8118, 8161, 8172, 8180, 8181, 8200, 8222, 8244, 8258, 8280, 8288, 8300, 8360, 8443, 8448, 8484, 8800, 8834, 8838, 8848, 8858, 8868, 8879, 8880, 8881, 8888, 8899, 8983, 8989, 9000, 9001, 9002, 9008, 9010, 9043, 9060, 9080, 9081, 9082, 9083, 9084, 9085, 9086, 9087, 9088, 9089, 9090, 9091, 9092, 9093, 9094, 9095, 9096, 9097, 9098, 9099, 9100, 9200, 9443, 9448, 9800, 9981, 9986, 9988, 9998, 9999, 10000, 10001, 10002, 10004, 10008, 10010, 10250, 11211, 12018, 12443, 14000, 16080, 18000, 18001, 18002, 18004, 18008, 18080, 18082, 18088, 18090, 18098, 19001, 20000, 20720, 21000, 21501, 21502, 27017, 28018, 20880}

Thanks to @shadow1ng for answering the questions on the scanning side. https://github.com/shadow1ng/fscan

Thanks to @j1anFen's project for the reference to the reproducible end. https://github.com/SafeGroceryStore/MDUT