Leviathan: An All In One Security Audit Toolkit!

Fresh off the GitHub repository – Leviathan, an open source, wide-range  security audit toolkit that helps you with service discovery, brute force, SQL injection detection and running custom exploit. One of the guys behind this project is Utku Sen. If you remember he was the one who wrote open source ransomware – EDA2 and Hidden Tear.

Leviathan
Leviathan


Leviathan is an open source mass audit toolkit written in Python, which has wide-range service discovery, brute force, SQL injection scanning and  custom exploit execution capabilities. It encompasses other open source tools such Masscan, Ncrack, DSSS (Damn Small SQLi Scanner) and gives you the flexibility of using them with a combination. By wide-range, the tool authors mean not an enterprise network, but a they are talking about country-wide ranges or a whole IP range!

Features of Leviathan:

  • Discovery: Discover FTP, SSH, Telnet, RDP, MYSQL services running inside a specific country or in an IP range via Shodan, Censys and Google. It supports Google Dorks too! It’s also possible to manually discover running services on a IP range by integrated “masscan” tool. Masscan is a very fast TCP port scanner.
  • Brute Force: You can brute force the discovered services with integrated “ncrack” tool. It has wordlists which includes most popular combinations and default passwords for specific services. Ncrack is a high-speed network authentication cracking tool for services services such as FTP, SSH, RDP, Telnet, MYSQL etc.
  • Remote Command Execution: You can run system commands remotely on compromised devices.
  • SQL Injection Scanner: Discover SQL injection vulnerabilities on websites with specific country extension or with your custom Google Dork. This is done by implementing DSSS, which is a fully functional and minimal SQL injection vulnerability scanner.
  • Exploit Specific Vulnerabilities: Discover vulnerable targets with Shodan, Censys or masscan and mass exploit them by providing your own exploit or using pre-included exploits.

The Python libraries it needs are paramiko, shodan, bs4, lxml, google-api-python-client and requests. In addition to this, you also need your Google Custom Search, Shodan and Censys API keys and add them in the leviathan_config.py; specifically under the Google API Key, Google CSE ID, Censys UID, Censys Secret, Shodan API Key sections.

As of now, Leviathan has the following exploits:

  1. Apache Struts Remote Code Execution (CVE-2017-5638)
  2. Shellshock Remote Code Execution (CVE-2014-6271)

But you are free to add more! Simply implement them as mentioned here and add them to the /lib/exploits folder. I am adding the DoublePulsar detection here. The project page has well presented video tutorials that explain how Leviathan works. As of now, this project has been tested on Linux (Kali Linux, Debian, Ubuntu), macOS.

The only problem that I have found as of now is with almost all open source Python projects – KeyboadInterrupts are not well handled. But otherwise, this seems to be a well rounded tool with a promise.

Download Leviathan 0.1:

Installation is simple. Simply clone the GIT repository and run pip install -r requirements.txt. Additional information can be found here.