• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2018
  • April
  • 28
  • Flashlight – Automated Information Gathering Tool for Penetration Testers

Flashlight – Automated Information Gathering Tool for Penetration Testers

April 28, 2018July 27, 2019 Comments Off on Flashlight – Automated Information Gathering Tool for Penetration Testers
Flashlight - Automated Information Gathering Tool for Penetration Testers flashlight commands flashlight osint flashlight pentest tutorial flashlight scanning tool

Flashlight is an automated information gathering tool that allows you to scan networks and gather information.

For more information about using Flashlight, “-h” or “-help” option can be used.
Parameters for the usage of this application can be listed below:
  • -h, –help: It shows the information about using the Flashlight application.
  • -p <ProjectName> or –project < ProjectName>: It sets project name with the name given. This parameter can be used to save different projects in different workspaces.
  • -s <ScanType> or –scan_type < ScanType >: It sets the type of scans. There are four types of scans: Active Scan, Passive Scan, Screenshot Scan, and Filtering. These types of scans will be examined later in detail.
  • -d < DestinationNetwork>, –destination < DestinationNetwork >: It sets the network or IP where the scan will be executed against.
  • -c <FileName>, –config <FileName>: It specifies the configuration file. The scanning is realized according to the information in the configuration file.
  • -u <NetworkInterface>, –interface < NetworkInterface>: It sets the network interface used during passive scanning.
  • -f <PcapFile>, –pcap_file < PcapFile >: It sets cap File that will be filtered.
  • -r <RasterizeFile>, –rasterize < RasterizeFile>: It sets the specific location of Rasterize JavaScript file which will be used for taking screenshots.
  • -t <ThreadNumber>, –thread <Threadnember>: It sets the number of Threads. This parameter is valid only on screenshot scanning (screen scan) mode.
  • -o <OutputDiectory>, –output < OutputDiectory >: It sets the directory in which the scan results can be saved. The scan results are saved in 3 sub-directories: For Nmap scanning results, “nmap” subdirectory, for PCAP files “pcap” subdirectory and for screenshots “screen” subdirectories are used. Scan results are saved in the directory, shown under the output directories by this parameter. If this option is not set, scan results are saved in the directory that Flashlight applications are running.
  • -a, –alive: It performs ping scan to discover up IP addresses before the actual vulnerability scan. It is used for the active scan.
  • -g <DefaultGateway>, –gateway < DefaultGateway >: It identifies the IP address of the gateway. If not set, interface with “-I” parameter is chosen.
  • -l <LogFile>, –log < LogFile >: It specifies the log file to save the scan results. If not set, logs are saved in “flashlight.log” file in the working directory.
  • -k <PassiveTimeout>, –passive_timeout <PassiveTimeout>: It specifies the timeout for sniffing in passive mode. Default value is 15 seconds. This parameter is used for the passive scan.
  • -m, –mim: It is used to perform MITM attack.
  • -n, –nmap-optimize: It is used to optimize nmap scan.
  • -v, –verbose: It is used to list detailed information.
  • -V, –version: It specifies the version of the program.

Installation

apt-get install nmap tshark tcpdump dsniff
In order to install phantomjs easily, you can download and extract it from https://bitbucket.org/ariya/phantomjs/downloads.
Flashlight application can perform 3 basic scan types and 1 analysis type. Each of them are listed below.
  • Passive Scan
In the passive scan, no packets are sent into wire. This type of scan is used for listening network and analyzing packets.
To launch a passive scan by using Flashlight; a project name should be specified like “passive-pro-01”. In the following command, packets that are captured by eth0 are saved into “/root/Desktop/flashlight/output/passive-project-01/pcap” directory, whereas, Pcap files and all logs are saved into “/root/Desktop/log” directory.
./flashlight.py -s passive -p passive-pro-01 -i eth0 -o /root/Desktop/flashlight_test -l 
/root/Desktop/log –v
When the scan is completed a new directory, named “flashlight_test” and a log file, named “log”, are created in “/root/Desktop/” directory.

Directory structure of “flashlight_test” is like below. PCAP file is saved into “/root/Desktop/flashlight_test/output/passive-pro-01/pcap” directory. This PCAP file can be used for analysis purposes. ls /root/Desktop/flashlight_test -R

Content of the log file is like command line output:

During standard passive scanning Broadcast packets and direct packets to scan machines are captured. Besides this, by using “-mim/-m” parameter, Arp Spoof and MITM attack can be performed.
./flashlight.py -s passive -p passive-project-02 -i eth0 -g 192.168.74.2 -m -k 50 -v

By analyzing captured PCAP file HTTP traffic can be seen.

By decoding Basic Authentication message, credentials denoting access information for web servers will be accessed.

All parameters during passive scanning are listed below.

./flashlight.py -s passive -p passive-pro-03 -i eth0 -g 192.168.74.2 -m -k 50 -o 
/root/Desktop/flashlight_passive_full -l /root/Desktop/log -v
  • Active Scan
During an active scan, NMAP scripts are used by reading the configuration file. An example configuration file (flashlight.yaml) is stored in “config” directory under the working directory.
tcp_ports:
- 21, 22, 23, 25, 80, 443, 445, 3128, 8080

udp_ports:

- 53, 161

scripts:

- http-enum

screen_ports:

- 80, 443, 8080, 8443

According to “flashlight.yaml” configuration file, the scan executes against “21, 22, 23, 25, 80, 443, 445, 3128, 8080” TCP ports, “53, 161” UDP ports, “http-enum” script by using NMAP.

Note: During active scan “screen_ports” option is useless. This option just works with screen scan.

“-a” option is useful to discover up hosts by sending ICMP packets. Beside this, incrementing thread number by using “-t” parameter increases scan speed.

./flashlight.py -p active-project -s active -d 192.168.74.0/24 –t 30 -a -v
By running this command; output files in three different formats (Normal, XML and Grepable) are emitted for four different scan types (Operating system scan, Ping scan, Port scan and Script Scan).

The example commands that Flashlight Application runs can be given like so:

  • Operating System Scan: /usr/bin/nmap -n -Pn -O -T5 -iL /tmp/”IPListFile” -oA /root/Desktop/flashlight/output/active-project/nmap/OsScan-“Date”
  • Ping Scan: /usr/bin/nmap -n -sn -T5 -iL /tmp/”IPListFile” -oA /root/Desktop/flashlight/output/active-project/nmap/PingScan-“Date”
  • Port Scan: /usr/bin/nmap -n -Pn -T5 –open -iL /tmp/”IPListFile” -sS -p T:21,22,23,25,80,443,445,3128,8080,U:53,161 -sU -oA /root/Desktop/flashlight/output/active-project/nmap/PortScan-“Date”
  • Script Scan: /usr/bin/nmap -n -Pn -T5 -iL /tmp/”IPListFile” -sS -p T:21,22,23,25,80,443,445,3128,8080,U:53,161 -sU –script=default,http-enum -oA /root/Desktop/flashlight/output/active-project/nmap/ScriptScan-“Date”

To run an effective and optimized active scan, “-n” parameter can be used:

./flashlight.py -p active-project -s active -d 192.168.74.0/24 -n -a –v

“-n” parameter adds additional NMAP options which are shown below;
… -min-hostgroup 64 -min-parallelism 64 -host-timeout=300m -max-rtt-timeout=600ms -initial-rtt-timeout=300ms -min-rtt-timeout=300ms -max-retries=2 -min-rate=150 …

  • Screen Scan
Screen Scan is used to get screenshots of websites/applications by using directives in config file (flashlight.yaml). Directives in this file provide screen scan for four ports (“80, 443, 8080, 8443”)
screen_ports:

- 80, 443, 8080, 8443

Sample screen scan can be performed like this:

./flashlight.py -p project -s screen -d 192.168.74.0/24 -r 
/usr/local/rasterize.js -t 10 -v
For example, assume that by running this command three web applications are detected. Screenshots of these websites are saved in “screen” subfolder. These screenshots can be used for an offline analysis.
  • Filtering
Filtering option is used to analyze pcap files. An example of this option is shown below:
./flashlight.py -p filter-project -s filter -f 
/root/Desktop/flashlight/output/passive-project-02/pcap/20150815072543.pcap -v
By running this command some files are created on “filter” sub-folder.

This option analyzes PCAP packets according to below properties:

  • Windows hosts
  • Top 10 DNS requests

Download Flashlight

Post navigation

Polymorph – Real-time Network Packet Manipulation Framework
Mercury – Multiple Hacking Tools collection

Related Articles

Orca – Targeted OSINT Framework

- OSINT
August 31, 2019

OWASP Maryam – Framework for Open-Source Intelligence

- OSINT
August 28, 2019

Email2Phonenumber – OSINT tool to Obtain a Target’s Phone Number just by having the Email Address

- OSINT
August 19, 2019
hacker gadgets
hacker phone covers

Recent Posts

DefaScan: Defacement Scan and Alert

DefaScan: Defacement Scan and Alert

February 2, 2023
curio: finds risks and vulnerabilities in your code

curio: finds risks and vulnerabilities in your code

February 1, 2023
Monomorph - MD5-Monomorphic Shellcode Packer - All Payloads Have The Same MD5 Hash

Monomorph – MD5-Monomorphic Shellcode Packer – All Payloads Have The Same MD5 Hash

February 1, 2023
A Guide to Crypto Self-Custody

A Guide to Crypto Self-Custody

February 1, 2023
CVE-2023-23924: Critical-Severity RCE Flaw Found in Popular Dompdf Library

CVE-2023-23924: Critical-Severity RCE Flaw Found in Popular Dompdf Library

February 1, 2023
wa-tunnel: TCP Tunneling through Whatsapp

wa-tunnel: TCP Tunneling through Whatsapp

February 1, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW