Changelog EaST v1.0.3 23/12/2016:
+ Security Bug Fixes.
+ New Modules:
+-+ TP-LINK TD-W8151N – Denial of Service
+-+ WordPress Plugin CYSTEME Finder 1.3 Arbitrary File Disclosure vulnerability.
+-+ NTP 4.2.8p[3, 8] Denial Of Service.
+-+ Serva 3.0.0 HTTP Server – Denial of Service.
+-+ Horos 2.1.0 Web Portal – Directory Traversal.
+-+ ConQuest DICOM Server 1.4.17d Remote Stack Buffer Overflow RCE.
+ custom listener port.
This software is necessary for learning and improving skills and knowledge of attacks on information systems and to conduct audits and proactive protection. The need to develop domestic Pentest framework – accessible, affordable, high-confidence – is long overdue. Therefore, for domestic (as well as to friendly domestic) markets IB was created EAST framework. EAST is a framework that has in its arsenal all the necessary tools to operate a broad range of vulnerabilities from the Web to a buffer overflow. From other similar instruments EAST is simple and easy to use. To master it, and begin to develop in the field of information security can be even a novice researcher!
+Security framework! Software used for information security must be a high level of user confidence. The EAST is implemented open, easily verifiable source code for Python. it is used for all components of the framework and modules. In this relatively small amount of code simplifies the verification of any user. During installation no changes in the OS is not performed
+ Maximum simplicity of the framework. Download the archive, run the main python script start.py, implementing the start-stop exploits, messaging … All management – locally or remotely through a browser.
+ Easily create and edit. The ability to edit and add modules and exploits “on the fly” without restarting. Code module body is simple and minimal volume.
+ Cross-platform + minimum requirements and dependencies. Tested on Windows and Linux. I should work wherever there is Python. The framework contains all the dependencies and “pulls” ext. libraries.
+ Full functionality of the classic framework Pentest! Despite the simplicity and “no congestion” – has in its arsenal of all necessary means to operate a broad range of vulnerabilities from the Web to a buffer overflow.
+ Great opportunities for capacity. Server-client architecture, API for messaging, support libraries – allow third party developers to create their own open-source solutions, or participate in the development of EAST.
+ ef_bitdefender_gravityzone_dt.py Directory traversal
+ ef_cogento_datahub_afd.py Arbitrary File Download
+ ef_e_detective_afd.py Arbitrary File Download
+ ef_easyfile_webserver_sbo.py Stack Buffer Overwlow
+ ef_fhfs_rce.py Remote Command Execution
+ ef_joomla_gallery_wd_bsqli.py Blind SQL Injection
+ ef_solarwinds_log_and_event_manager_rce.py Remote Command Execution
+ ef_symantec_pcanywhere_host_rce.py Remote Command Execution
+ ef_wincc_miniweb_dos.py Denial of Service
+ ef_winrar_rce.py Remote Command Execution
+ port_scanner.py Tools
Installation and Usage:
git clone https://github.com/C0reL0ader/EaST && cd EaST
python start.py -p 1337
then open your favorite Browser for GUI: http://localhost:1337
git pull origin master