So today we will know about the special technique of web penetration testing, which is named Rebel Framework and can scans networks, detects live hosts, does port scanning, finds common vulnerabilities, sniffs network traffic, obtains network interface information, and halts connection between two or more points in a network and run any kind of malicious code in Terminal ( Kali Linux ) and how is it works and installation process?
The Rebel Penetration Testing Framework
Rebel is a testing framework that can perform various penetration tests related to networks and web applications. Regarding networks, Rebel Framework scans networks, detects live hosts, does port scanning, finds common vulnerabilities, sniffs network traffic, obtains network interface information, and halts connection between two or more points in a network. The web application penetration testing features of Rebel Framework include website information gathering (IP address, email server, phone numbers), website/IP address location finding, sub-domains enumeration, email information gathering, CMS detection, CMS vulnerabilities detection, hidden web directories scanning, Open Source Intelligence (OSINT), and fuzzing. Rebel Framework can simulate phishing attacks using the ngrok application. Ngrok application helps in tunneling the local port/service securely. Besides the penetration testing, Rebel Framework can perform additional tasks, such as data encoding and decoding, finding hashes in given files, hash cracking, and recovering lost files and disk images. The rebel penetration testing framework
How To Install
First we need to install this framework, so copy the link and paste into terminal.git clone https://github.com/reb311ion/rebel-framework.git
ls
cd rebel-framework
ls
Rebel Framework can be launched by running the following command in the terminal.
bash rebel.sh
To Launch a Framework
bash rebel.sh
show modules
Rebel Framework displays all the available modules with some hint about their application.
In order to use the desired module, type its name in the following format.
use <module name>
To see the available options for the set module, use the following command.
show options
The above command shows different options that can be used to customize the selected module’s operations.
Network Example
To demonstrate network penetration testing features of Rebel Framework, let’s assume a localhost network with 192.168.10.1-192.168.10.255 address range. In order to scan the live hosts in the target network, we use the net/map module in the following format.use net/map
In the next step, we will set the target IP range in the following format and run the module.
set target 192.68.10.1-255
The above commands scan the selected the range of IP addresses and fetch details about live host in the following format.
we can run the net/scan module on a specific target host to find out the open ports information and running service on the target host.
use net/scan
set target 192.168.10.2
run
Web Application Examples
The Rabel Frameworks performs the web applcation penetration tests like information gathering, Hidden directories scanning, and identifying CMS related Vulnerabilities. These tasks are performed by running the web applications modules. For instance, we can gather information about a website by using the info/site module in the following format.use info/site
set target www.vulnweb.com
run
Rebel Framework can also simulate the phishing attacks during the red team engagements. The phishing modules clone the well-known networks to trick the users. For example, we can use the phish/google module to clone the Google account page. The following commands generate a link of the cloned web page that can be shared with the victim through any social engineering method.
use phish/google
show options
run
Rebel Framework can perform various penetration testing tasks related to networks and web applications. The tasks are performed automatically with very little human supervision.
I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)
Disclaimer
This was written for educational purpose and pentest only.The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing malicious or damaging attacks. Performing any hacks without written permission is illegal ..!
All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.
All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.
- Hacking Truth by Kumar Atul Jaiswal