So I whipped a talk recently to give at BSidesLA about how to stack tools voltron-style together and get some pretty gnarly successes. Here are some light talking points to give you an idea of what the subject matter was, but I should let the slides do most of the talking for me (though they may be slightly vague without the video, which isn’t up at the time of this writing.)
- Use shodan to find things online (ec2, one-off sites, etc) not brought to the attention of IT or InfoSec before going live
- Enumerate attack surface without actually performing active scans (many shops forbid infosec guys to scan their own environment. Crazy, right? I know!)
- Use shodan for red teaming (enumerating attack surface quietly, finding “hidden stuff”, all without actually actively scanning)
- Bolt on the python api, pipe out results, do crazy things
- Screenshot 50,000 webpages using a threaded script
- Check for HTTP 200 OK return codes for direct object access vulns
- Pipe output of Shodan directly into metasploit via an RC script
- Leverage metasploits powerful auxiliary scanner tools to do enumeration
- Launch very targeted attacks on huge attack surface with NO PORT SCANS
- whatever else you can think up python can do for you!
Screenshotter script: PYTHON!
RC Script generator: PYTHON MOAR!