BlackStone undertaking or “BlackStone Mission” is a device created to be able to automate the work of drafting and submitting a report on audits of moral hacking or pentesting.
On this device we will register within the database the vulnerabilities that we discover within the audit, classifying them by inside, exterior audit or wifi, as well as, we will put your description and suggestion, in addition to the extent of severity and energy for its correction. This info will then assist us generate within the report a criticality desk as a worldwide abstract of the vulnerabilities discovered.
We are able to additionally register an organization and, simply by including its net web page, the device will be capable of discover subdomains, phone numbers, social networks, worker emails…
Set up Docker
git clone https://github.com/micro-joan/BlackStone
cd BlackStone
docker-compose up -d
Consumer: blackstone
Password: blackstone
- First we should obtain an Apache server to host the device, in my case I take advantage of Mamp (I like to recommend following these steps): https://www.mamp.information/en/downloads/
- We are going to obtain the content material of this repository and we could have 2 folders (BlackStone and BBDD)
- As soon as the server begins we’ll go to c://MAMP/htdocs and paste all of the contents of the downloaded folder “BlackStone”
- For the appliance to work we should import the database, we’ll go to our browser and write “localhost/phpMyAdmin/”, you’ve gotten the database connection file within the folder BlackStone/conexion.php
- We are going to create a database referred to as blackstone and import the info from the downloaded BBDD folder
- Log in to BlackStone with the username and password “blackstone”
First it’s good to go to profile settings and add Hunter.io and haveibeenpwned.com tokens:
After having vulnerabilities within the database, we’ll go to the audited shopper and we’ll register a shopper together with their net web page, as soon as registered we will go to buyer particulars and we will see the next info:
THE USE OF THIS APPLICATION IS FOR PROFESSIONAL USE, THE AUTHOR IS NOT RESPONSIBLE FOR A MISUSE EMPLOYED
- Title of enterprise proprietor
- Social networks of the corporate proprietor
- E mail and phone variety of the proprietor of the corporate
- Uncovered password verify on the corporate proprietor’s deep net
- Subdomains of the web site in addition to info of curiosity present in google
- Emails of firm employees
As soon as we’ve got the corporate that we’re going to audit registered within the database, we’ll create a report, including the date, title of the report and the corporate to which can be audited. Once we register the report, we’ll give it edit after which we’ll choose the vulnerabilities that we wish to seem within the report:
Lastly, we’ll generate the report by clicking on the “overview report” button, and later we’ll save the web page that’s generated as “.mht”, then we’ll open it with Phrase to have the ability to work on the generated report:
