Author Topic: ngh0st  (Read 3336 times)

Offline trevelyn

  • Administrator
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 1687
  • 1337 13V3L: +183/-22
  • He likes cans and taking pictures in cans!
    • WeakNet Labs
ngh0st
« on: January 14, 2008, 10:52:37 AM »
a new script i wrote that enumerates EVERYTHING it can from a WLAN/LAN.  Quick and easy, and is super useful.

http://zombie.el.cx/ngh0st/


EDIT: whooops I failed to Mention this is for Gnu Unix only.  The fractions of a second in "sleep" are not supported by others.. - Trev.
« Last Edit: January 14, 2008, 11:25:11 AM by trevelyn »

Offline trevelyn

  • Administrator
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 1687
  • 1337 13V3L: +183/-22
  • He likes cans and taking pictures in cans!
    • WeakNet Labs
Re: ngh0st
« Reply #1 on: January 14, 2008, 03:51:00 PM »
i added a video to my tv station of the cript in action! XD

http://blip.tv/file/599431/

Offline trevelyn

  • Administrator
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 1687
  • 1337 13V3L: +183/-22
  • He likes cans and taking pictures in cans!
    • WeakNet Labs
Re: ngh0st
« Reply #2 on: January 18, 2008, 10:43:16 AM »
I recoded the whole fucking thing, Its not just a shell script anymore but I am keeping the shell script as an option because of its quickness if you are in sumns backyard and and enumerating data and here police sirens.

The new one is a GIGANTIC Perl user interface that uses a lot of unix admin tools.  I am cleaning up my grammer, punctuation and getting rid of comments in the code and will update the site later this evening

for now here's a sneak peek at the new net-gh0st - it's much sexier in a Perl uniform, dun ye think??

;)

http://blip.tv/file/607584/

Offline trevelyn

  • Administrator
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 1687
  • 1337 13V3L: +183/-22
  • He likes cans and taking pictures in cans!
    • WeakNet Labs
Re: ngh0st
« Reply #3 on: January 30, 2008, 10:59:10 AM »
i made a new module for the new version 2.2
it scans blocks of IPs (N.X.X.X) but starts the X's at zeros.  I will make the scan start at variables in a few days, i am very busy nao. - that would be for IP ranges that start not with zeros like say 192.168.1.100 to 192.168.1.150 etc etc.. and makes a nice report when finished. I made one of these before but it sucked and scanned randomly with no range but 0-255 per IP bit value and was pointless.

anyways, it's tidied up a bit looks nicer and spelling errors were fixed.
 - piece ouTTY1

http://trevelyn.blip.tv/#641167

Offline trevelyn

  • Administrator
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 1687
  • 1337 13V3L: +183/-22
  • He likes cans and taking pictures in cans!
    • WeakNet Labs
Re: ngh0st
« Reply #4 on: February 08, 2008, 07:33:07 AM »
okay so that last update was nothing.  I completely rearranged things.  I set up an IP Block scanner that allows you to specify the start and stop addresses and Also a new module i made from the ieee list of MAC Vendors.

now when doing a pentest or just goofing off in someones backyard you can find the vendors of MAC Addresses.  kinda cool.  check this out:

http://trevelyn.blip.tv/#659924

The new version will be out Sunday night. - Trevelyn.

Offline trevelyn

  • Administrator
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 1687
  • 1337 13V3L: +183/-22
  • He likes cans and taking pictures in cans!
    • WeakNet Labs
Re: ngh0st
« Reply #5 on: February 10, 2008, 05:30:34 PM »
okay v2.2 is out. :)

Offline ekimike

  • Junior Phone Loser
  • **
  • Posts: 31
  • 1337 13V3L: +3/-5
Re: ngh0st
« Reply #6 on: February 16, 2008, 04:09:37 PM »
where might i find v2.2?

edit:

scratch that its on the site above  :P

Offline cricket

  • Bandito
  • Junior Phone Loser
  • **
  • Posts: 47
  • 1337 13V3L: +6/-4
Re: ngh0st
« Reply #7 on: February 16, 2008, 10:22:37 PM »
why aren't you using libpcap?
straight automated dns spoofing

Offline trevelyn

  • Administrator
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 1687
  • 1337 13V3L: +183/-22
  • He likes cans and taking pictures in cans!
    • WeakNet Labs
Re: ngh0st
« Reply #8 on: February 17, 2008, 08:04:54 PM »
hehehe I LOVE libpcap, but this application is really just for info gathering for services/clients on the LAN.  version 3 is looking pretty cool, the strong point of this baby is the reports it makes.  They are impressive.  I am adding more stuff to 'option 8' in the full scan-report creator section.  :) my SATA drive is now officially dead.  100GB SATA 7200rpm.  :( i lost a lot of stuff, im hoping I can somehow mount it with Helix and recover my stuff. anyways. ekimike, did you try v2.2? did you like it?

Offline ekimike

  • Junior Phone Loser
  • **
  • Posts: 31
  • 1337 13V3L: +3/-5
Re: ngh0st
« Reply #9 on: February 18, 2008, 07:00:22 AM »
does this need perl to run? n sry bout your SATA drive that sux
« Last Edit: February 18, 2008, 07:03:12 AM by ekimike »

Offline ataxicwolf

  • PLA Underling
  • *
  • Posts: 103
  • 1337 13V3L: +18/-7
Re: ngh0st
« Reply #10 on: February 18, 2008, 07:37:51 AM »
Nice job Trev. This thing looks sweet...

Offline trevelyn

  • Administrator
  • Elite Cactus Squad
  • Ninja Phone Loser
  • *****
  • Posts: 1687
  • 1337 13V3L: +183/-22
  • He likes cans and taking pictures in cans!
    • WeakNet Labs
Re: ngh0st
« Reply #11 on: February 18, 2008, 08:17:08 AM »
does this need perl to run? n sry bout your SATA drive that sux
yeah it's an interpretive program so you will need to run it was "perl -w *.pl" or you can install it, by mv'ing to your /usr/bin/ directory and aliasing (adding to ~/.bashrc) "alias ngh0st='perl /usr/bin/ngh0st.pl'" which works well.

Nice job Trev. This thing looks sweet...
Thanks, i got good feedback so far.  This is the first program I have written past 20 lines. :)
make sure you have the depenedencies when using it, they are normal network admin tools that come with most distros. 

And actually since my HDD died I got to test drive some new things like KDE 4.0 and Fedora Core 8.  Some other stuff too.  But, configuring FC8 was hard and I kept a nice log of commands and such I used to get the system smooth if anyone wants it.  I put everything in the /texts/hacking/pdfs/ folder on 2Dial*Phreak.