Tentacle is a two-in-one proof of concept of a vulnerability verification and exploit framework. This Exploit Framework combines the two systems to create a single framework. Tentacle supports calls to external API’s such as Zoomeye and Shodan which allows the user to scan for multiple targets at once.
Tentacle: POC Vulnerability Verification and Exploit Framework
After installing and running Tentacle, the user has the option to run more than 50 scripts on various targets. The user can also import or create their own scripts. Users are first recommended to search for vulnerabilities using the various scripts and then import their exploit scripts for further action.
Features:
- More than 50 scripts are already loaded in this framework
- Detailed help menu
- Multiple methods through which ports can be loaded
Supported Platforms:
- Linux
Requirements:
- Python 3.7
Install
Clone the GitHub repo:
$ git clone https://github.com/orleven/Tentacle.git
Navigate to the working directory and install the requirements:
$ cd Tentacle
$ pip3 install -r requirement.txt
Usage
Enter the following command for all available switches:
$ python3 tentacle.py --help
To show all modules placed in the script path run:
$ python3 tentacle.py --show # Show all function of module by -f show or -f help $ python3 tentacle.py -m script/web/web_status -f show $ python3 tentacle.py -m script/web/web_status -f help
Load modules by -m (e.g. script/info/web_status,@web):
$ python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status # Load web_status module $ python3 tentacle.py -iS 127.0.0.1 -m @web # Load all module of web path $ python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status,@web # Load all module of web path and web_status module $ python3 tentacle.py -iS 127.0.0.1 -m "*" # Load all module of script path
To set port scan scope:
$ python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status # Scan top 150 ports and then perform bulk vulnerability verification for multiple targets. $ python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status -sP # Skip port scan and then it will try the default port number server $ python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status -lP 80-90,443 # Scan 80-90 ports and 443 port and then perform bulk vulnerability verification for multiple targets.
Example
.___________. _______ .__ __. .___________. ___ ______ __ _______
| || ____|| \ | | | | / \ / || | | ____| {1.0.0#stable}
`---| |----`| |__ | \| | `---| |----` / ^ \ | ,----'| | | |__
| | | __| | . ` | | | / /_\ \ | | | | | __|
| | | |____ | |\ | | | / _____ \ | `----.| `----.| |____
|__| |_______||__| \__| |__| /__/ \__\ \______||_______||_______| http://www.orleven.com/
[19:25:21] [*] Created task: b25fc1e65c6294d8
[19:25:21] [*] Set timeout: 5
[19:25:21] [*] Set thread: 100
[19:25:21] [*] Loading modual: script.web.web_status
[19:25:21] [*] Running task: b25fc1e65c6294d8
[19:25:21] [*] Loading target: www.examples.com
[19:25:23] [+] [script.info.port_scan] [https://www.examples.com:443/]: WEB [port scan]
[19:25:27] [+] [script.info.port_scan] [http://www.examples.com:80/]: WEB [port scan]
[19:25:27] [+] [script.web.web_status] [https://www.examples.com:443/]: examples | [200]
[19:25:28] [+] [script.web.web_status] [http://www.examples.com:80/]: examples | [200]
[19:25:32] [*] [b25fc1e65c6294d8] 4 found | 0 error | 0 remaining | 0 scanning | 152 scanned in 11.13 seconds.(total 152)
![Cyber Jacking [Attack Types]](https://cdn.cyberpunk.rs/wp-content/uploads/2019/06/cyberjacking_bg-500x275.jpg "Cyber Jacking [Attack Types]")