This package has been deprecated

Author message:

UNMANTAINED project, no time :(

bluebox-ng

1.1.0 • Public • Published

Bluebox-ng

Black Hat Arsenal Continuos integration NSP Status

npm info

Pentesting framework using Node.js powers. Specially focused in VoIP/UC.

Features

  • Auto VoIP/UC penetration test
  • Report generation
  • Performance
  • RFC compliant
  • SIP TLS and IPv6 support
  • SIP over websockets (and WSS) support (RFC 7118)
  • SHODAN, exploitsearch.net and Google Dorks
  • SIP common security tools (scan, extension/password bruteforce, etc.)
  • Authentication and extension brute-forcing through different types of SIP requests
  • SIP Torture (RFC 4475) partial support
  • SIP SQLi check
  • SIP denial of service (DoS) testing
  • Web management panels discovery
  • DNS brute-force, zone transfer, etc.
  • Other common protocols brute-force: Asterisk AMI, MySQL, MongoDB, SSH, (S)FTP, HTTP(S), TFTP, LDAP, SNMP
  • Some common network tools: whois, ping (also TCP), traceroute, etc.
  • Asterisk AMI post-explotation
  • Dumb fuzzing
  • Automatic exploit searching (Exploit DB, PacketStorm, Metasploit)
  • Automatic vulnerability searching (CVE, OSVDB, NVD)
  • Geolocation
  • Command completion
  • Cross-platform support

Install

  • Install the last Node.js stable version.

  • https://nodejs.org/download

  • A better alternative for developers is to use nvm, to test different versions.

  • Get a copy of the code and install Node dependencies.

npm i -g bluebox-ng

Kali GNU/Linux

  • curl -sL https://raw.githubusercontent.com/jesusprubio/bluebox-ng/master/artifacts/installScripts/kali2.sh | sudo bash -

Use

  • Console client: bluebox-ng
  • As a library:
const Bluebox = require('bluebox-ng');
 
const bluebox = new Bluebox({});
const moduleOptions = { target: '8.8.8.8' };
 
 
console.log('Modules info:');
console.log(JSON.stringify(bluebox.help(), null, 2));
 
bluebox.runModule('geolocation', moduleOptions, (err, result) => {
  if (err) {
    console.log('Error:');
    console.log(err);
  } else {
    console.log('Result:');
    console.log(result);
  }
});

Issues

Developer guide

  • Start coding with one of the actual modules similar to the new one as a boilerplate.
  • Use GitHub pull requests.

Conventions:

  • We use ESLint and Airbnb style guide.
  • Please run to be sure your code fits with it and the tests keep passing:
npm run-script cont-int

Debug

We use the visionmedia module, so you have to use this environment variable:

DEBUG=bluebox* npm start

Commit messages rules:

  • It should be formed by a one-line subject, followed by one line of white space. Followed by one or more descriptive paragraphs, each separated by one line of white space. All of them finished by a dot.
  • If it fixes an issue, it should include a reference to the issue ID in the first line of the commit.
  • It should provide enough information for a reviewer to understand the changes and their relation to the rest of the code.

Core devs

Contributors

Thanks to

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Package Sidebar

Install

npm i bluebox-ng

Weekly Downloads

2

Version

1.1.0

License

GPL-3.0

Last publish

Collaborators

  • jesusprubio