r0x is an automated enumeration tool written in python.
It uses nmap to discover open ports and then enumerate them using the set of commands provided under the scripts/ directory.
The main feature of r0x is the interactiveness. After started, r0x provide a simple menu where you can check the scripts status, list them, and show their output.
For example, using the command show script_name you can easly watch the output and take your time to analyze it (in the meantime that the rest of the scripts finish their execution).
Here, I provided a short video that show the basic behavior of r0x in a demo environment:
The name is due to a collegue of mine, considered one of the last real hackers out there. His name is Rosario (aka r0x).
To install r0x and make it works, you need at first to clone the repo:
git clone https://github.com/alegrey91/r0x.git && cd r0x/
And then you can launch the dependencies installation:
sudo pip3 install -r requirements.txt
Once you finished the installation you are ready to launch r0x against your target.
To avoid common dependencies problems, I decided to setup a Dockerfile to build r0x container by yourself.
From your local repository type:
docker build . -t r0x. This will take a while.
Once the build has finished, you can launch the r0x container using:
docker run -it --rm localhost/r0x /bin/bash, and run r0x.
r0x is very easy to use.
sudo ./r0x.py -h
___
_ __ / _ \__ __
| '__| | | \ \/ /
| | | |_| |> <
|_| \___//_/\_\
version: 0.9.5
by alegrey91
usage: r0x.py [-h] host
r0x is an automated enumeration tool.
positional arguments:
host Host ip address(es)
optional arguments:
-h, --help show this help message and exitIt needs root privileges, because to scan the target, it uses SYN and UDP scan.
To start to scan your target, just type the following command: sudo ./r0x.py target.ip.
To increment the details of information retrievable by r0x is quite simple.
You can just add some scripts under the dedicated directory and start r0x to catch them using a smart nomenclature as described below.
Ex. If we want to introduce a new script to automatically retrieve the /robots.txt file from a web server, we have just to create a script with a name as http-robots and make it executable.
As you can see, the first part of the name (http) indicates the protocol we are going to enumerate.
The rest of the name is left free to the author's imagination 😎.
Inside the script we can place the following command:
curl http://$1:$2/robots.txt
where $1 is the ip address, and $2 the port number, both passed by r0x as script arguments.
Remember to check if the commands you are using are available into the Dockerfile. If not, plase add the right package to make it available into the r0x container.
The scope of this project is to automate the scanning process and the information gathering during CTFs 💻😆.