FireAbend automates various pentesting tasks such as:
- nmap port scanning (tcp + udp)
- ssl/tls auditing of starttls and tls (https) services
- http response header analysis of http(s) services
- SSH auditing via ssh-audit
- nuclei vulnerability scanning
- converting various output formats to customer friendly result files (html, xlsx, csv, etc.)
- maintaining a strict methodology with less risk of human failure
usage: [-h] --targets <file> [--nmap-custom-flags-stage1 <nmap-cli-flags>]
[--nmap-custom-flags-stage2 <nmap-cli-flags>]
[--nuclei-severity <info,low,medium,high,critical,unknown>]
[--min-rate <rate>]
[--dns-servers <server1>[,<server2>]] [--check]
-h, --help show this help message and exit
--targets <file>, -t <file>
Newline separated file with hostnames (recommended) or ip addresses
--nmap-custom-flags-stage1 <nmap-cli-flags>, -n1 <nmap-cli-flags>
Custom nmap cli flags for stage 1
--nmap-custom-flags-stage2 <nmap-cli-flags>, -n2 <nmap-cli-flags>
Custom nmap cli flags for stage 2
--nuclei-severity <info,low,medium,high,critical,unknown>, -ns <info,low,medium,high,critical,unknown>
Nuclei severity filters, comma separated; default is low,medium,high,critical
--dns-servers <server1>[,<server2>], -dns <server1>[,<server2>]
Custom dns servers for nmap, comma separated
--min-rate <rate>, -mr <rate>
The min rate for nmap packets sent; default is 5000
--disable-fireabend-update-check, -dfuc
Disable update checks for fireabend
--disable-nuclei-update-check, -dnuc
Disable update checks for nuclei
--check Sanity check, print binary paths and defaults
# clone this repo
git clone /~ && cd FireAbend-NG
# install helper tools - Kali Linux recommended
sudo apt install xsltproc nmap eyewitness
# create python virtual environment
virtualenv venv
source venv/bin/activate
# install python dependencies
pip3 install -r requirements.txt
python3 dist/<your-python-version>/ --targets targets.txt --nuclei-severity high,critical --dns-servers
You will find your scan results in the scans/
You can upgrade FireAbend by simply issuing a git pull. This will fetch the latest stable release.
# remove local version of nuclei templates
rm -rf helpers/nuclei/nuclei-templates
# pull the latest repo updates
git pull
Nuclei templates are automatically updated each time runs. Requires an internet connection.
However, this repo also provides a somewhat deprecated version of nuclei templates in case you are on a box with no internet access. In such a case, you can use the CLI flag --disable-nuclei-update-checks
to prevent freezing and timeout warnings.
- Run basic nmap scan to enumerate top-500 open udp ports. No version detection, no nse script scans.
- Convert udp nmap xml output file into convenient html report.
- Run fullrange nmap scan to enumerate open tcp ports. No version detection, no nse script scans.
- Extract open ports and probe for http/s urls via httpx.
- Convert tcp nmap xml output file to convenient html report.
- Pass enumerated tcp ports into advanced nmap scan. Version detection and nse scripts enabled.
- Extract open ports and probe for http/s urls via httpx.
- Convert tcp nmap xml output file to convenient html report.
- Run shcheck to enumerate http response headers by passing in the extracted http/s urls from nmap file.
- Convert shcheck json output files into convenient xlsx report.
- Run eyewitness against the extracted http/s urls from detailed nmap portscan results. Save html report with screenshots as output.
- Run for auditing ssl/tls configuration by passing in the detailed nmap results file. Covers TLS + STARTTLS services.
- Run for auditing ssl/tls configuration by passing in the extracted https urls from nmap file. Covers VHOSTs.
- Convert all json output files to colorized xlsx report.
- Update and run nuclei vulnerability scanner against extracted http/s urls. Save identified vulnerabilites into txt outfile.
- Run ssh-audit against identified SSH network services. Convert JSON results to colorized xlsx report.