-->

Sunday, 12 April 2020

The rebel penetration testing framework

The rebel penetration testing framework



So today we will know about the special technique of web penetration testing, which is named Rebel Framework and can scans networks, detects live hosts, does port scanning, finds common vulnerabilities, sniffs network traffic, obtains network interface information, and halts connection between two or more points in a network and run any kind of malicious code in Terminal ( Kali Linux ) and how is it works and installation process?


The Rebel Penetration Testing Framework


Rebel is a testing framework that can perform various penetration tests related to networks and web applications. Regarding networks, Rebel Framework scans networks, detects live hosts, does port scanning, finds common vulnerabilities, sniffs network traffic, obtains network interface information, and halts connection between two or more points in a network. The web application penetration testing features of Rebel Framework include website information gathering (IP address, email server, phone numbers), website/IP address location finding, sub-domains enumeration, email information gathering, CMS detection, CMS vulnerabilities detection, hidden web directories scanning,  Open Source Intelligence (OSINT), and fuzzing. Rebel Framework can simulate phishing attacks using the ngrok application. Ngrok application helps in tunneling the local port/service securely. Besides the penetration testing, Rebel Framework can perform additional tasks, such as data encoding and decoding, finding hashes in given files, hash cracking, and recovering lost files and disk images. The rebel penetration testing framework



How To Install 

First we need to install this framework, so copy the link and paste into terminal.

git clone https://github.com/reb311ion/rebel-framework.git



The rebel penetration testing framework


ls

cd rebel-framework

ls



The rebel penetration testing framework



Rebel Framework can be launched by running the following command in the terminal.


bash rebel.sh



The rebel penetration testing framework



The rebel penetration testing framework


To Launch a Framework


bash rebel.sh


The rebel penetration testing framework



The Framework uses different modules to perform the aforesaid tasks. In order to view all the available modules, use the following command.

show modules
 
 
Rebel Framework displays all the available modules with some hint about their application.


The rebel penetration testing framework


In order to use the desired module, type its name in the following format.

use <module name>


To see the available options for the set module, use the following command.

show options

The above command shows different options that can be used to customize the selected module’s operations.


Network Example

To demonstrate network penetration testing features of Rebel Framework, let’s assume a localhost network with 192.168.10.1-192.168.10.255 address range. In order to scan the live hosts in the target network, we use the net/map module in the following format.


use net/map

In the next step, we will set the target IP range in the following format and run the module.


set target 192.68.10.1-255



The rebel penetration testing framework




The above commands scan the selected the range of IP addresses and fetch details about live host in the following format.





we can run the net/scan module on a specific target host to find out the open ports information and running service on the target host.



use net/scan 

set target 192.168.10.2

run


The rebel penetration testing framework



Web Application Examples

The Rabel Frameworks performs the web applcation penetration tests like information gathering, Hidden directories scanning, and identifying CMS related Vulnerabilities.  These tasks are performed by running the web applications modules. For instance, we can gather information about a website by using the info/site module in the following format.



use info/site 

set target www.vulnweb.com

run


The rebel penetration testing framework




Rebel Framework can also simulate the phishing attacks during the red team engagements. The phishing modules clone the well-known networks to trick the users. For example, we can use the phish/google module to clone the Google account page. The following commands generate a link of the cloned web page that can be shared with the victim through any social engineering method.



use phish/google

show options

run



The rebel penetration testing framework


The rebel penetration testing framework



Rebel Framework can perform various penetration testing tasks related to networks and web applications. The tasks are performed automatically with very little human supervision.


I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

Disclaimer

This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



- Hacking Truth by Kumar Atul Jaiswal


Video Tutorial :- SooN

 

 

My Self Kumar Atul Jaiswal Urf HackerboY and Kumar Atul Jaiswal is a name among millions who struggled failed and surged ahead in search of how to become a Hacker ( passionate about Hacking just like profession an entrepreneur ), just like any middle class guy, he too had a bunch of unclear dreams and a blurred version of his goals in life 😊.

0 comments:

Post a Comment

Contact

Send Us A Email

Search This Blog

Address

Contact Info

The page name itself is a call-to-action; Treat it with some respect.!

Address:

15, Ranchi, India, 834002

Phone:

404

Email:

kumaratuljaiswal222@gmail.com

atulthehacker222@gmail.com