DEV Community

Cover image for Vestigo v0.5.0 - Tales of Port Scans
Médéric Burlet
Médéric Burlet

Posted on

Vestigo v0.5.0 - Tales of Port Scans

#security #news #devops #javascript

Introduction

After other side projects and less free time I had to leave Vestigo for a while

crimsonmed image

Discovering vulnerable endpoints on API / Websites

Médéric Burlet ・ Mar 9 ・ 2 min read

#security #api #devops #testing

With Hacktoberfest I decided to revisit this project and start to make it into something useful. When doing simple API tests I find myself often repeating the sames tasks.

  • NMAP on the target
  • Rust Scan
  • DirBuster
  • And more

The idea of Vestigo is to have a one tool that does all this with ease.

v0.5.0

Scan

Since the last update on Vestigo on dev.to there have been a few updates to the Scan command. It will now save reports in HTML and MD.

Those reports will be saved on the user profile ~/.vestigo

The scan comes with a whois module

Ports

v0.5.0 introduces the ports command which lets you portscan a target that is either an ip or a domain.

As of now only TCP scan has been integrated. But I plan to add UDP + reporting for this module.

I also want to add the possibility to try to curl the ports that possibly have a webserver. And in the future be able to detect the stack (wordpress, react, etc.)

port scan

Example command:

vestigo ports --target="127.0.0.1"
Enter fullscreen mode Exit fullscreen mode

Going forward

The project is open source and on github so anyone wanting to participate in the development of this tool don't hesitate to open an issue based on the TO-DO list in the README.md with what you would like to tackle.

I hope this project can help many and that it can find some support and love.

GitHub logo crimson-med / vestigo

A tool for exploring and investigating APIs and websites.

Vestigo

A tool for exploring and investigating APIs and websites.

IMPORTANT

ocliff with npm and vestigo is broken to use the tool clone the repo

Installation

You can install it globally with:

yarn global add vestigo

npm i -g vestigo

Then run the tool

vestigo

Running

Scan Example:

vestigo scan --target="https://127.0.0.1/" --method="GET" --no-shortlist
  --report="HTML"
Enter fullscreen mode Exit fullscreen mode

Port Example:

vestigo ports --target="127.0.0.1" --protocol="TCP" --report="HTML"
Enter fullscreen mode Exit fullscreen mode

As of now reports will be saved at:

~/.vestigo/<domain>/<ts>-vestigo.<extension&gt
  • <domain> = hostname of the target or the ip
  • <ts> = timestamp of the scan finished
  • <extension> = extension chosen for report (md, html)

Functionalities

Report

Vestigo will by default generate a mardown report. You can use parameters to set the report format to HTML.

Dev Run

To run the tool in dev mode use:

View on GitHub

Burlet Mederic
https://medericburlet.com
https://mederic.me
https://twitter.com/crimson_med

Top comments (0)

Read next

zahidrahman47 profile image

uploading file into pinata

ZahidRahman47 -

sainsec profile image

Information Disclosure

Hussain -

saiafonua profile image

What the heck is SSH

Saia Fonua -

nr18 profile image

Compliant infrastructure using infrastructure as code

Joris Conijn -