Tentacle: POC Exploit Framework


Tentacle: POC Exploit Framework

Tentacle is a two-in-one proof of concept of a vulnerability verification and exploit framework. This Exploit Framework combines the two systems to create a single framework. Tentacle supports calls to external API’s such as Zoomeye and Shodan which allows the user to scan for multiple targets at once.

Tentacle: POC Vulnerability Verification and Exploit Framework

After installing and running Tentacle, the user has the option to run more than 50 scripts on various targets. The user can also import or create their own scripts. Users are first recommended to search for vulnerabilities using the various scripts and then import their exploit scripts for further action.

Features:

  • More than 50 scripts are already loaded in this framework
  • Detailed help menu
  • Multiple methods through which ports can be loaded

Supported Platforms:

  • Linux

Requirements:

  • Python 3.7

Install

Clone the GitHub repo:

$ git clone https://github.com/orleven/Tentacle.git

Navigate to the working directory and install the requirements:

$ cd Tentacle
$ pip3 install -r requirement.txt

Usage

Enter the following command for all available switches:

$ python3 tentacle.py --help 

To show all modules placed in the script path run:

$ python3 tentacle.py --show

# Show all function of module by -f show or -f help
$ python3 tentacle.py -m script/web/web_status -f show
$ python3 tentacle.py -m script/web/web_status -f help

Load modules by -m (e.g. script/info/web_status,@web):

$ python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status                    # Load web_status module
$ python3 tentacle.py -iS 127.0.0.1 -m @web                                     # Load all module of web path
$ python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status,@web               # Load all module of web path and web_status module
$ python3 tentacle.py -iS 127.0.0.1 -m "*"                                      # Load all module of script path

To set port scan scope:

$ python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status                    # Scan top 150 ports and then perform bulk vulnerability verification for multiple targets.
$ python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status -sP                # Skip port scan and then it will try the default port number server
$ python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status -lP 80-90,443      # Scan 80-90 ports and 443 port and then perform bulk vulnerability verification for multiple targets.
For full info and available options/commands, click on the documentation button below.

Example

.___________. _______ .__   __. .___________.    ___       ______  __       _______
|           ||   ____||  \ |  | |           |   /   \     /      ||  |     |   ____| {1.0.0#stable}
`---|  |----`|  |__   |   \|  | `---|  |----`  /  ^  \   |  ,----'|  |     |  |__
    |  |     |   __|  |  . `  |     |  |      /  /_\  \  |  |     |  |     |   __|
    |  |     |  |____ |  |\   |     |  |     /  _____  \ |  `----.|  `----.|  |____
    |__|     |_______||__| \__|     |__|    /__/     \__\ \______||_______||_______| http://www.orleven.com/


[19:25:21] [*] Created task: b25fc1e65c6294d8
[19:25:21] [*] Set timeout: 5
[19:25:21] [*] Set thread: 100
[19:25:21] [*] Loading modual: script.web.web_status
[19:25:21] [*] Running task: b25fc1e65c6294d8
[19:25:21] [*] Loading target: www.examples.com
[19:25:23] [+] [script.info.port_scan] [https://www.examples.com:443/]: WEB 	[port scan]
[19:25:27] [+] [script.info.port_scan] [http://www.examples.com:80/]: WEB 	[port scan]
[19:25:27] [+] [script.web.web_status] [https://www.examples.com:443/]: examples |  	[200]
[19:25:28] [+] [script.web.web_status] [http://www.examples.com:80/]: examples |  	[200]
[19:25:32] [*] [b25fc1e65c6294d8] 4 found | 0 error | 0 remaining | 0 scanning | 152 scanned in 11.13 seconds.(total 152)
Documentation Box
Download Box