Installation:
-------------

See the INSTALL files for more details

Usage:
------

        -=[[ Depant v0.1a ]]=-
   -=[[ Midnight Research Labs ]]=-


usage: depant ( -H <host> | -f <hostList>) ( -c <userPassList> | -u <userList> -p <passList>)  <options>
   Options:
        -H <host (or CIDR block) to scan>
        -f <host list file> (each ip or CIDR block per line)
        -e <exclude hosts list> (each ip or CIDR block per line) 
        -g <output file for default password list> (Gets list from Phenoelit site)
        -c <combined user:password list> (not in conjunction with -u/-p)
        -u <username list>  (used in conjunction with password list)
        -p <password list>  (used in conjunction with username list)
        -o <port list>      (e.g. 21,22,137-139 default is "safe ports")
        -O <output file>    (CSV log of any user/passwords we find)
        -C <second phase combined user:password list> (not in conjunction with -U/-P)
        -U <second phase user list>
        -P <second phase password list>
        -A (run all ports hydra knows about)
        -D (Do a dry run only, map network, and output what things are going to be checked)
        -h (help)
        -d (debug)

   Examples:
        Downloads the default password list into dpl.txt:

                depant -g ./dpl.txt

        Checks for the user:pass combinations in dpl.txt on all ports for ips in hosts.txt:

                depant -f ~/hosts.txt -d -A -c dpl.txt

        Checks the network services anywhere in 192.168.1.1/24 (excluding hosts listed in exclude.txt)
        with the users and passwords specified, and if nothing is found, it will check the 
        larger user and dictionary list against the fastest service:

                depant -A -H 192.168.1.1/24 -e exclude.txt -u users.txt -p passwd.txt -U more-users.txt -P big-dict.txt


Depant works by downloading a default password list, and then mapping out
the local network to see what open services are available.  Once it has a
list of services, it will test each service for default passwords.  Once
it's gone through each of the services, depant will determine the fastest
service (as recorded in phase one) and use it to perform an optional second
phase of tests with a larger (user-supplied) set of default users/passwords.

By default depant has a list of "safe" services to test.  These are tested
services that hydra seems to work well with.  Currently it's a small list as
depant (and hydra) needs to be tested against more networks to see what are
good default services to test for.  Alternately a user can specify '-A' to
scan all ports that hydra knows services for.  You can also specify only
certain ports with '-o' (it supports ranges, and comma separated lists).  If
any errors arise from running with extra services, please try to run depant
with the '-d' flag (debug), and send us the output.

User/Password combinations can be entered in one of two ways, either with
separate files for usernames and passwords (this will test every combination
of username/passwords), or with a "combined" file that has entries formatted
like "username:password".  '-u', and '-p' (or '-U', and '-P' for the second
phase) specify the individual username/password files, and '-c' (or '-C' for
the second phase) specifies a "combined" username:password file.  Only one
of these methods is intended to be used at one time.


Platforms:
----------
Depant was tested on OSX 10.5, Ubuntu 8.0.4, and RHEL5.  As far as I know it
should run on anything that has hydra/nmap and python >= 2.4 (it appears that
the ipcalc module needs some 2.4-isms).  It's known not to work on RHEL4 
because of the older version of python (it should work if you update python, 
let me know if you try this).

Warnings:
---------
Of course it should (but obviously didn't) go without saying that you should
only ever run this on your own systems, or systems you're legally covered to
run it on.  That aside, you do have to be somewhat careful because it will
hammer some older devices.  All the devices I've tested against that had
problems have eventually come back, but usually people notice when their router
goes down for a few minutes, :).

Bugs:
-----
Sometimes hydra just gets hung up on something, and seems to run forever.  At
some point I'll add a watchdog for it.  Hydra also some bugs in the ssh module,
so if you see a stack trace pop up, it's likely from hydra not depant itself. 

If you run across a hydra module that doesn't work or causes general problems.
Let me know and I can remove it from the "safe ports" list, which means that it
won't get run by default.

Sometimes on a re-install I've seen this error "zipimport.ZipImportError: bad
local file header".  I think this is something with setuputils, and if you
re-run the install, it should work fine in my experience.

TODO:
-----
- Add auto-parsing of web-pages for login forms to test
- Test individual services and remove any from they hydraSafePorts list that
  don't always run well
- Real hackers do it in parallel -- It would probably make sense to add better
  parallelization.
- Add ctrl-c trapping to make it exit cleanly when interrupted
