Use cases
The framework supports some options for configuring the scope against which the chosen siddhi will run. Below are the main options.
Before that, a note: Vimana is not a portscanner, so the best option, especially when the number of targets is very large, is always to scan with nmap by exporting the result to XML, which will be passed as an argument for Vimana via the --nmap-xml <nmap_results.xml> option:
python3 vimana.py run --module dmt --nmap-xml scan_result.xml
An example of nmap's XML scope configuration is shown below, in the item Multi-Target(--nmap-xml option)
One-Shot-Target (--target option)
Well, imagine that you are conducting an intrusion test and in the midst of all the uproar you end up finding a target in which no vulnerabilities were pointed out, but even so, as a good sniper, it left you a little smell[ing?] a rat.
Suppose it is an internal analysis and the IP is 192.168.0.102 and that, in addition to the known service ports, port 8000 active on that IP has also been identified. In the case of the internal testing context, the pentester will already have some information regarding the technologies used by the developers and this will allow you to infer which siddhis can be used against the target.
So we already know the IP in advance and also that the port we want to evaluate is active, we can then run Vimana as follows:
python3 vimana.py run --module dmt --target 192.168.0.102 --port 8000 --verbose --debug
If there is nothing that can be done by the siddhi, an informational message about it will be displayed. If any, the initial panel will be presented with some information about the target, as below:
Multi-Target (--target-list option)
In another scenario, you have some IPs and ports to check:
python3 vimana.py run --module dmt --target-list 192.168.0.1,172.18.0.1,192.168.1.119 --port-list 8000,9999,9001
Multi-Target (--nmap-xml option)
Now imagine a scenario where you have entire ranges to analyze and you don't know the hosts ups or the open ports in each one beforehand. In this case, the best approach is to perform a scan with nmap and pass only the result in XML to Vimana. This point is important, because as already mentioned in the repository, it is important to know where each tool comes in and Vimana does not intend to be a port or vulnerability scanner, so whenever the scope is undefined and there are integer ranges for sweeping, this is always the best option:
python3 vimana.py run --module dmt --nmap-xml nmap_results.xml
Other scoping options
In addition to the above options, vimana also supports other options for scoping:
