N0s3p4ss

N0s3p4ss is an automated audition tool for Internet facing services. It gives visibility for the following informations:

- If it is possible to access target via TOR Browser
- Open Ports
- The absence of critical headers or disclosed information through headers
- SSL certificate
- Web Application Firewall detection

• Installation
  • Install Dependecies
  • Clean Environment
• Usage
  • Main Audit
• Tests
  • Code lint
  • Code Coverage
  • Unittest

Installation

Install Dependecies

You need to have a TOR Browser Bundle instance running in order to enable N0s3p4ss TOR accessibility verification.

Also you need nmap already installed.

You may need to customize the proxy server IP address at n0s3p4ss/config.py.

To install dependencies, run:

make install

Clean Environment

To clean all enviroment dependencies from pipenv, run:

make clean

Usage

N0s3p4ss audition can be executed through pipenv, run:

pipenv run python3 main.py --domains 'target_domains'

For additional help, run:

pipenv run python3 main.py -h

Tests

Code Lint

flake8 is used to analyse the code and provide corrections and best practices, run:

make lint

Code Coverage

Test coverage metrics is provided through coverage. A coverage test percentage for each file will be shown, run:

make coverage

Unittest

Each test can be executed through unittest, run:

make test

Disclaimer

It may be illegal to use this script depending of the intentions of the user. The contributors of that repository, the organization that hold it, discourage illegal practices and are not associate with any present or future illegal action.

This software is intended to help auditors find vulnerabilities in their information technology infrastructure, so those can be fixed early, before an legit attacker exploit it.

All said, use of this script is at your own risk. Use with caution.