WarBerryPi – Customize port scans

A lot of WarBerryPi users wanted more granularity and controls of the port scanning phase which actually makes a lot of sense. During a pen-test or red teaming engagement we want to remain covert and sometimes we have some intelligence about the network therefore more control of what we send out.

Since the WarBerryPi V5 came out customising the port scanning phase is much easier.

The file responsible for the configuration can be found at:

warberry/src/core/scanners/portlist_config

The file looks like

../Results/windows,windows, "[*] You may want to check for open shares here\n",Windows Hosts,445,n 
../Results/ftp, ftp, "[*] You may want to try log in as user ANONYMOUS\n", FTP,21,n 
../Results/mssql, mssql, "[*] Default user for MSSQL installations is SA\n", MSSQL Databases,1433,n 
../Results/mysql, mysql,"[*] Default creds for MYSQL are U:root P:blank\n", MySQL Databases,3306,n 
../Results/oracle, oracle, "[*] Default user on Oracle DBs are SYS SYSTEM SCOTT\n",Oracle Databases,1521,n 

The structure is as follows:

{Location to save the output}, {Informative message to the user – Optional}, {Output message}, {port/ports},{TCP/UDP}

If more than one ports related to a service then you can comma separate the ports to be scanned.

The last block defines if the scan should be on TCP or UDP. “n” stands for TCP, “y” for UDP.

Through this file you can comment out any ports you don’t want to include in your scans or define your own by adding a new line at the end of the file.