Contents

Tentacle a Poc Vulnerability Verification and Exploit Framework

  

Tentacle is a POC vulnerability verification and exploits framework. It supports a free extension of exploits and uses POC scripts. It supports calls to Zoomeye, Fofa, Shodan, and other APIs to perform bulk vulnerability verification for multiple targets. 

Tentacle is an open-source vulnerability verification and exploits framework that is coded in Python3. It supports easy addition of exploits and even facilitates bulk vulnerability verification across targets using search engines such as Google, Baidu, Bing and internet-connected search engines such as ZoomEye, FOFA, Shodan, etc.

This tool also supports verification of commonly exposed default passwords for the following services and web applications such as ActiveMQ, DB2, FTP, MySQL, Oracle, phpMyAdmin, POP3, RabbitMQ, Redis, rsync, SMB, SMTP, SQL Server, SSH, Sybase, TELNET, Tomcat, WebLogic, and Zabbix.

Tentacle also checks for common vulnerabilities such as storage of backup files, existence of crossdomain.xml, cross-site tracing, open directory listing, HTTP OPTIONS method testing, information disclosure via various other files such as web config, etc.


 

Tentacle supports verification of the following exploits

  • ActiveMQ: CVE-2016-3088
  • Apache Tika Server: CVE-2018-1335
  • Atlassian Crowd: CVE-2019-11580
  • Axis2 remote code execution
  • Confluence: CVE-2015-8399, CVE-2019-3396
  • Coremail remote code execution
  • DedeCMS RCE
  • Discuz Server-Side Request Forgery (SSRF)
  • Django: CVE-2018-14574
  • Unauthenticated docker access
  • Unauth Druid monitor access
  • Unauthenticated Apache Dubbo access
  • Ecology Weaver multiple vulnerabilities
  • ElasticSearch: CVE-2015-1427
  • FlexPaper: CVE-2018-11686
  • Unauthenticated Apache Hadoop access
  • Apache Hadoop YARN remote code execution vulnerability
  • Harbor administrative account addition vulnerability
  • Java RMI RCE
  • Jenkins: CVE-2018-1000600, CVE-2018-1000861
  • Unauthenticated Apache Kafka Manager access
  • Unauthenticated Kibana access
  • Kindeditor unauthorized file uploads
  • Unauthenticated Memcached access
  • Unauthenticated MongoDB access
  • Nexus Repository Manager 3: CVE-2019-7238
  • NIUSHOP Shell upload
  • PbootCMS SQL injection and RCE
  • PHP7CMS getshell
  • PHPCMS v9 arbitrary file download vulnerability
  • phpMyAdmin: CVE-2018-12613
  • phpStudy backdoor account
  • Unauthenticated Redis access
  • Unauthenticated rsync access
  • S-CMS arbitrary file download
  • Seeyon Officeservlet & Htmlofficeservlet multiple vulnerabilities
  • Apache Shire RCE
  • SMB: CVE-2020-0796, MS17-010
  • Apache Solr: CVE-2017-12629, CVE-2019-0193
  • Spring: CVE-2017-8046, CVE-2018-1273, CVE-2020-5405
  • Apache Struts: S2-005, S2-016, S2-019, S2-032, S2-045, S2-048
  • Supervisor: CVE-2017-11610
  • ThinkCMF multiple vulnerabilities
  • ThinkPHP multiple vulnerabilities
  • Apache Tomcat: CVE-2018-11759, CVE-2020-1938
  • uCMS: CVE-2015-1427
  • uwsgi: CVE-2018-7490
  • WebLogic: CVE-2017-10271, CNVD-C-2019-48814, CVE-2018-2628, CVE-2018-2894, CVE-2019-2890, CVE-2020-2551
  • WordPress: CVE-2019-9978
  • Zimbra: CVE-2019-9670
  • Unauthenticated Zookeeper access

source


 

Install Tentacle

1
sudo git clone https://github.com/orleven/Tentacle.git
1
cd Tentacle
1
pip3 install -r requestment.txt

Install Tentacle on Linux

After installing Tentacle on a new setup off Parrot Security OS, I got two errors. I managed to solve both of these by these commands:

1
sudo apt install python3-openpyxl
1
sudo pip3 install aiohttp_socks

 

Usage

When you run Tentacle for the first time, the configuration file conf/tentacle.conf will be generated automatically.


Tentacle conf/tentacle.conf
conf Tentacle]

 

1
nano tentacle.conf
1
vim tentacle.conf

 


vim tentacle.conf

 

Show help for tentacle.

1
python3 tentacle.py --help

 

Show all modules, and you can see it in script path.

1
python3 tentacle.py --show

 

Show all function of module by -f show or -f help

1
python3 tentacle.py -m script/web/web_status -f show
1
python3 tentacle.py -m script/web/web_status -f help

 

Load target by iS/iN/iF/iT/iX/iE/gg/sd/ze/ff

 

Scan port and then it will try to send the poc

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
python3 tentacle.py -m script/web/web_status -iS www.examples.com             # Load target by url or host
python3 tentacle.py -m script/web/web_status -iN 192.168.111.0/24             # Load target by network
python3 tentacle.py -m script/web/web_status -iF target.txt                   # Load target by file
python3 tentacle.py -m script/web/web_status -iT dcc54c3e1cc2c2e1             # Load target by recode's target
python3 tentacle.py -m script/web/web_status -iX nmap_xml.xml                 # Load target by nmap.xml
python3 tentacle.py -m script/web/web_status -iE "powered by discuz"          # Load target by baidu/bing/360so
python3 tentacle.py -m script/web/web_status -gg 'intext:powered by discuz'   # Load target by google api
python3 tentacle.py -m script/web/web_status -sd 'apache'                     # Load target by shodan api
python3 tentacle.py -m script/web/web_status -ze 'app:weblogic'               # Load target by zoomeye api
python3 tentacle.py -m script/web/web_status -ff 'domain="example.com"'       # Load target by fofa api

 

Load modual by -m (e.g. script/info/web_status,@web)

1
2
3
4
python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status                    # Load web_status module
python3 tentacle.py -iS 127.0.0.1 -m @web                                     # Load all module of web path
python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status,@web               # Load all module of web path and web_status module
python3 tentacle.py -iS 127.0.0.1 -m "*"                                      # Load all module of script path

 

Set port scan scope

1
2
3
python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status                    # Scan top 150 ports and then perform bulk vulnerability verification for multiple targets.
python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status -sP                # Skip port scan and then it will try the default port number server
python3 tentacle.py -iS 127.0.0.1 -m script/web/web_status -lP 80-90,443      # Scan 80-90 ports and 443 port and then perform bulk vulnerability verification for multiple targets.

 

Use function of a module by -m and -f (e.g. -m web_status -f prove), and you should make sure the function of the module is exist.

1
python3 tentacle.py -m script/web/web_status -f prove

 

Show task’s result by -tS

1
python3 tentacle.py -tS 8d4b37597aaec25e

 

Export task’s result by -tS to test.xlsx

1
python3 tentacle.py -tS 8d4b37597aaec25e  -o test

 

Update by git

1
python3 tentacle.py --update

 

Show help for Tentacle

1
sudo python3 tentacle.py --help

Show help for tentacle
1
sudo python3 tentacle.py --help

 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
┌─[bullseye@parrot]─[~/Tools/Tentacle]
└──╼ $sudo python3 tentacle.py --help
[sudo] password for bullseye:
.___________. _______ .__   __. .___________.    ___       ______  __       _______
|           ||   ____||  \ |  | |           |   /   \     /      ||  |     |   ____| {1.0.0#stable}
`---|  |----`|  |__   |   \|  | `---|  |----`  /  ^  \   |  ,----'|  |     |  |__
    |  |     |   __|  |  . `  |     |  |      /  /_\  \  |  |     |  |     |   __|
    |  |     |  |____ |  |\   |     |  |     /  _____  \ |  `----.|  `----.|  |____
    |__|     |_______||__| \__|     |__|    /__/     \__\ \______||_______||_______| http://www.orleven.com/


usage: tentacle.py
                   [-iS Target | -iF File | -iN IP/Mask | -iX File | -iT Task | -iE key | -gg key | -sd key | -ze key | -ff key]
                   [-sP] [-lP LIMIT_PORT_SCAN] [-m MODULE] [-f FUNCTION]
                   [-p PARAMETER] [--show] [-t THREAD] [-tS TaskID] [-v] [-d]
                   [-o OUT] [--update] [--help]

Tentacle is a POC vulnerability verification and exploit framework based on Sqlmap and POC-T. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.

Base:
  -iS Target, --target_simple Target
                        Scan a single target (e.g. www.baidu.com)
  -iF File, --target_file File
                        Load targets from targetFile (e.g. target.txt)
  -iN IP/Mask, --target_network IP/Mask
                        Generate IP from IP/MASK. (e.g. 192.168.111.0/24)
  -iX File, --target_nmap_xml File
                        Load targets from nmap xml (e.g. nmap_res.xml)
  -iT Task, --target_task Task
                        Taskid (e.g. c81fc4f8f91ab191)
  -iE key, --target_search_engine key
                        Load targets from baidu/bing/360so. (e.g. powered by discuz)
  -gg key, --target_google key
                        Load targets from google. (e.g. intext:powered by discuz)
  -sd key, --target_shodan key
                        Load targets from shodan  (e.g. apache)
  -ze key, --target_zoomeye key
                        Load targets from zoomeye  (e.g. powered by discuz)
  -ff key, --target_fofa key
                        Load targets from fofa  (e.g. app:weblogic)

Port:
  -sP, --skip_port_scan
                        Skip port scan
  -lP LIMIT_PORT_SCAN, --limit_port_scan LIMIT_PORT_SCAN
                        Limit port scope scan, e.g 80-100,8080,top100,*

Module:
  -m MODULE, --module MODULE
                        Load script module
  -f FUNCTION, --function FUNCTION
                        Load function of script module, e.g show,prove
  -p PARAMETER, --parameter PARAMETER
                        Load data for function of module, e.g. -p "U=username.txt&P=password.txt"
  --show                Show all poc scripts module
  -t THREAD, --thread THREAD
                        Thread Num e.g. 100

Other:
  -tS TaskID, --task_show TaskID
                        Show task (e.g. all,c81fc4f8f9ab1902)
  -v, --verbose         Show verbose
  -d, --debug           Show debug info
  -o OUT, --out OUT     Output file e.g res.xlsx
  --update              Update
  --help                Show help

 

Show all modules, you can see it in script path

1
sudo python3 tentacle.py --show
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
┌─[bullseye@parrot]─[~/Tools/Tentacle]
└──╼ $sudo python3 tentacle.py --show
.___________. _______ .__   __. .___________.    ___       ______  __       _______
|           ||   ____||  \ |  | |           |   /   \     /      ||  |     |   ____| {1.0.0#stable}
`---|  |----`|  |__   |   \|  | `---|  |----`  /  ^  \   |  ,----'|  |     |  |__
    |  |     |   __|  |  . `  |     |  |      /  /_\  \  |  |     |  |     |   __|
    |  |     |  |____ |  |\   |     |  |     /  _____  \ |  `----.|  `----.|  |____
    |__|     |_______||__| \__|     |__|    /__/     \__\ \______||_______||_______| http://www.orleven.com/


[19:09:54] [*] Created task:
[19:09:54] [*] Set timeout: 5
[19:09:54] [*] Set thread: 100
[19:09:54] [*] There are available modules as follows:
-----------------------------------------------------------
| Module path, you can load module by -m module_path,     |
| and you can see module' description for -f show         |
-----------------------------------------------------------
| script/activemq/CVE-2016-3088                           |
| script/activemq/activemq_burst                          |
| script/apache/CVE-2018-1335                             |
| script/atlassian_cloud/atlassian_cloud_getshell         |
| script/axis/axis2_file_read                             |
| script/axis/axis2_getshell                              |
| script/confluence/CVE-2015-8399                         |
| script/confluence/CVE-2019-3396                         |
| script/coremail/coremail_config                         |
| script/coremail/coremail_v5_getshell                    |
| script/dedecms/dedecms_win_apache_shortfile             |
| script/dedecms/dedecms_win_find_manage                  |
| script/discuz/discuz34_ssrf_Weixin_Plugin               |
| script/django/CVE-2018-14574                            |
| script/docker/docker_unauth                             |
| script/druid/druid_monitor_unauth                       |
| script/dubbo/dubbo_info_file                            |
| script/dubbo/dubbo_unauth                               |
| script/ecology/ecology8_admincenter_sql_inject          |
| script/ecology/ecology8_download                        |
| script/ecology/ecology8_download2                       |
| script/ecology/ecology8_mobile_sql_inject               |
| script/ecology/ecology8_mobilemode_download             |
| script/ecology/ecology8_mobilemode_getshell             |
| script/ecology/ecology8_social_sql_inject               |
| script/ecology/ecology_bsh                              |
| script/elasticsearch/CVE-2015-1427                      |
| script/flexpaper/CVE-2018-11686                         |
| script/ftp/ftp_burst                                    |
| script/hadoop/hadoop_manage_unauth                      |
| script/hadoop/hadoop_yarn_rce                           |
| script/hadoop/hadoop_yarn_unauth                        |
| script/harbor/harbor_unauth_admin_add                   |
| script/iis/iis_short_file                               |
| script/info/port_scan                                   |
| script/java_rmi/java_rmi_rce                            |
| script/jenkins/CVE-2018-1000600                         |
| script/jenkins/CVE-2018-1000861                         |
| script/jenkins/jenkins_getshell                         |
| script/kafka/kafka_unauth                               |
| script/kibana/kibana-unauth                             |
| script/kindeditor/upload_json                           |
| script/memcache/memcache_unauth                         |
| script/mongodb/mongodb_unauth                           |
| script/mysql/mysql_burst                                |
| script/nexes-manager/CVE-2019-7238                      |
| script/niushop/niushop22_getshell                       |
| script/odin/odin_download                               |
| script/pbootcms/pbootcms132_rce                         |
| script/pbootcms/pbootcms132_sql                         |
| script/php7cms/php7cms_getshell                         |
| script/phpcms/phpcms9_download                          |
| script/phpmyadmin/CVE-2018-12613                        |
| script/phpmyadmin/phpmyadmin_burst                      |
| script/phpmyadmin/phpmyadmin_setup_deserialization      |
| script/phpstudy/phpstudy_backdoor                       |
| script/proxy/proxy_unauth                               |
| script/rabbitmq/rabbitmq_burst                          |
| script/redis/redis_burst                                |
| script/redis/redis_unauth                               |
| script/rsync/rsync_burst                                |
| script/rsync/rsync_unauth                               |
| script/s-cms/scms_download                              |
| script/seeyon/htmlofficeservlet_getshell                |
| script/seeyon/officeservlet_download                    |
| script/shiro/shiro_550                                  |
| script/smb/CVE-2020-0796                                |
| script/smb/MS17-010                                     |
| script/smtp/smtp_burst                                  |
| script/solr/CVE-2017-12629                              |
| script/solr/CVE-2019-0193                               |
| script/solr/solr_template_rce                           |
| script/solr/solr_unauth                                 |
| script/spring/CVE-2017-8046                             |
| script/spring/CVE-2018-1273                             |
| script/spring/CVE-2020-5405                             |
| script/spring/springboot_info                           |
| script/ssh/ssh_burst                                    |
| script/struts2/s2_005                                   |
| script/struts2/s2_016                                   |
| script/struts2/s2_019                                   |
| script/struts2/s2_032                                   |
| script/struts2/s2_045                                   |
| script/struts2/s2_048                                   |
| script/struts2/s2_ongl_console                          |
| script/supervisor/CVE-2017-11610                        |
| script/supervisor/supervisor_unauth                     |
| script/thinkcmf/thinkcmf223_sql                         |
| script/thinkcmf/thinkcmf223_template_1                  |
| script/thinkcmf/thinkcmf223_template_2                  |
| script/thinkphp/thinkphp5023_getshell                   |
| script/thinkphp/thinkphp5131_getshell                   |
| script/thinkphp/thinkphp51_52_getshell                  |
| script/thinkphp/thinkphp_debug                          |
| script/thinkphp/thinkphp_url_exec                       |
| script/thinkphp/thinkphp_v6_file_write                  |
| script/tomcat/CVE-2018-11759                            |
| script/tomcat/CVE-2020-1938                             |
| script/tomcat/tomcat_pages                              |
| script/tomcat/tomcat_put                                |
| script/tongda/tongda2000_lfi_getshell                   |
| script/ucms/ucms_upload                                 |
| script/uwsgi/CVE-2018-7490                              |
| script/vpn/svpnrcico                                    |
| script/web/back_file                                    |
| script/web/crossdomain                                  |
| script/web/cst                                          |
| script/web/directory_list                               |
| script/web/http_basicauth_burst                         |
| script/web/http_options                                 |
| script/web/info_file                                    |
| script/web/web_content_key                              |
| script/web/web_status                                   |
| script/weblogic/CNVD-C-2019-48814                       |
| script/weblogic/CVE-2018-2628                           |
| script/weblogic/CVE-2018-2894                           |
| script/weblogic/CVE-2019-2890                           |
| script/weblogic/CVE-2020-2551                           |
| script/weblogic/cve-2017-10271                          |
| script/weblogic/weblogic_burst                          |
| script/weblogic/weblogic_ssrf                           |
| script/weblogic/weblogic_xmldecode_bypass               |
| script/wordpress/CVE-2019-9978                          |
| script/yst_dlp/yst_dlp_unauth                           |
| script/zabbix/zabbix_burst                              |
| script/zimbra/CVE-2019-9670                             |
| script/zookeeper/zookeeper_unauth                       |
-----------------------------------------------------------

python3 tentacle.py –show

 

Tentacle Show all function of a module by -f show or -f help

1
sudo python3 tentacle.py -m script/web/web_status -f show
1
sudo python3 tentacle.py -m script/web/web_status -f help

Tentacle Show all function of module

 

Load web_status module

1
sudo python3 tentacle.py -iS 127.0.0.1 -m @web

python3 tentacle.py -iS 127.0.0.1 -m @web

 

Video Tentacle


 

 


Here is the link of the video: https://youtu.be/49yQy-7UMaI


Become a member on LBRY
Plus earning LBRY for watching videos ♥️
Here an invitation link, so that we both benefit.
In this way, you also support my work.

https://lbry.tv/$/invite/@hackingpassion:9

Follow me on YouTube


If you are a beginner, and you like to learn more about Linux, or how to set up a Virtual Environment, then follow the links below.

* Install Kali Linux 2020.1 on VirtualBox
+ Best Linux Commands Hacks and other Cool Tricks for Beginners
* The best vulnerable websites to improve your hacking skills


 

IMPORTANT THINGS TO REMEMBER

✓ This Video and Article are made for educational purposes and pentest only.

* You will not misuse the information to gain unauthorized access.

✓ This information shall only be used to expand knowledge and not for causing malicious or damaging attacks…!


Read also the Disclaimer

All the techniques provided in the tutorials on the hackingpassion.com, YouTube channel and on the website hackingpassion.com are meant for educational purposes only.

If you are using any of those techniques for illegal purposes, hackingpassion.com can’t be held responsible for possible lawful consequences.

My goal is to educate people and increase awareness by exposing methods used by real black-hat hackers and show how to secure systems from these hackers.


 

Finally

If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, please feel free to do so. Using the comment form.


 

 

By Bulls Eye

Jolanda de koff • email donate

My name is Jolanda de Koff and on the internet, I'm also known as Bulls Eye. Ethical Hacker, Penetration tester, Researcher, Programmer, Self Learner, and forever n00b. Not necessarily in that order. Like to make my own hacking tools and I sometimes share them with you. "You can create art & beauty with a computer and Hacking is not a hobby but a way of life ...

I ♥ open-source and Linux