Kaboom is an automated penetration tool

This is a script I found on Github and it automates some processes of a regular penetration test approach. It starts with the information gathering fase, then the vulnerability scanning fase and ends with exploiting. So lets examine this tool.

First download the tool from github, easiest way to do this is:

git clone https://github.com/Leviathan36/kaboom.git

Next adjust the rights to execute the program:

chmod +x kaboom

Then start the srcipt:

./kaboom

And you will insert some data into the tool so it knows what to do:

When you hit enter the script starts and it will perform all tools from the different fases. Some tools are NMAP, NIKTO, DIRB, SEARCHSPLOIT, HYDRA. The tool wil display results on the screen, but it will also create a directory with the IP_ADRESS you used for the tool to scan. Inside this directory you will find all output files from the tools Kaboom is using.

The script took almost three hours for one host. I ran it from a virtual machine(kali) to the ipadres of my router. I believe the full UDP scan takes a long time. So it’s not the fastest tool but it does provide decent scan and recon information. The exploit part was not so much. I only found one empty folder from Hydra. So the tool was not able to brute-force the login page of the router.

So Kaboom looks promising. The recon part is fine, the exploit part can use some improvement. Let’s hope its work in progress!