Front Page
Scan Page
NMAP html page
Recon-NG html page
theHarvester html page

Project FullxTest

By 404TeamNotFound

We wanted to create a web application which makes it easier for people to perform passive and active reconnaissance on any one target, with the option for full attack (still in the works), and then to categorize each target on a vulnerability scale from 1 - 7 (low severity - high critical). The end result is a report as a summary on each host, compiled on the information gathered and if the attacks were successful or not. By exposing vulnerabilities, the host/system can be secured and further protected. As of right now https://fullxtest.tech is LIVE, and it performs passive and active recon on host then builds a report to show details, and can usually handle one request at a time. We will work on handling multiple requests soon.

Team Members:

Jonathan Rosett (Jon.#4125)

David Acuna (Siinatra#4753)

Petar Lachkov (kaiz3n#2441)

Robert Casillas (The_Robinator#4139)

What inspired us:

We were inspired from using each of these tools separately and wanted to try to create a simpler interface for others to use, hassle-free, and without having to set-up a host with elaborate settings and libraries. This way we can automate penetration testing for people who aren't familiar with Linux to make it easier to scan targets for threats with the options to perform full attack (coming soon).

What we learned:

Team collaboration, back-end and front-end connectivity, and that we don't know JavaScript. We learned how to use NodeJS and ExpressJS as well as Nginx with SSL and hook up to fullxtest.tech. Also we learned how to set-up an instance on Google Cloud with custom DNS.

How we built FullxTest:

We first created a Google Cloud instance running Debian with Nginx, NodeJS and ExpressJS and the following tools with different sets of modules: Recon-NG, Harvester, NMAP, and Metasploit and created a python script to run each of them and get or generate a report of the programs results. We then created a webpage and tried to connect the webpage to the python script. This proved to be quite difficult but we had some help and got it done. Kudos to Jamal! You know who you are brother.

The challenges we faced:

The main issue was getting JavaScript and python to communicate a single variable, we weren't able to figure out how to, but we were eventually able to get NodeJS/ExpressJS to communicate with the back end and make the magic happen.

Original Github Page:

https://github.com/TempSchoolAcct/RowdyHacksProject

Built With

Submitted to

RowdyHacks 2020
- Winner RowdyHacks Cyber Track

Created by

I worked on setting up part of the google cloud server and I learned about python and JavaScript and how to get them to communicate.

Jonathan Rosett
Created UI and helped set up the backend. Also worked on getting our UI to send
data to the python script on the server.

David Acuna
Helped set up the back end (Debian, MEAN stack, theHarvester, recon-ng, nmap) and wrote a small python script to perform passive and active recon using the above tools. Worked on compiling reports from all the tools.

Petar Lachkov
I helped configure our Debian OS by installing Recon-NG for reconnaissance. With recon-ng I configured some options as well that will collect some data and also create reports. I also installed python 3.8 so that our python code will be compatible with Debian.

Robert Casillas