08 Sep 2021

Kit Hunter 2.0 - Scanning with Crontab

Filed Under: khdocs

Kit Hunter 2.0 with Crontab

While it wasn’t mentioned in the general usage and installation blog post, it is possible to use Crontab to schedule scans for Kit Hunter 2.0.

During testing, the way I got this to work was to place kit_hunter_2.py into the folder I wanted to scan, and to use a simple Bash script to act as a wrapper.

As an example, what I did was place kit_hunter_2.py into the /steved3/Kit-Hunter-2/Scanner/folder.

This is one level up from /steved3/Kit-Hunter-2/Scanner/home/ which contains the user account /bob/.

Within the /public_html/ folder under Bob’s account, I’ve installed an outdated version of WordPress, which I then installed several phishing kits into, along with several phishing kit archives, and a WSO shell script. Essentially, mirroring a badly compromised website.

I intend to use Crontab to call on kit_hunter_2.py and scan all of the accounts under /home/.

Right away I noticed that calling kit_hunter_2.py via Crontab was problematic, as it kept trying to scan my $home directory.

So what I did was use a Bash script to callout to the Python code directly. I created a directory called /kit_hunter_cron/ and placed the Bash script inside.

This folder is also where I tell Crontab to record the output, which is dumped to kit_hunter_cron_log.txt.

When Crontab ran, the errors went away thanks to the wrapper, and the scan worked as expected.

The final report was generated with kit_hunter_2.py just outside of the /home/ directory.

The Crontab I used will run daily at 01:30 a.m. The code is below.

30 1 * * * /steved3/Kit-Hunter-2/kit_hunter_cron/kit_hunter_2_wrapper.sh >> /steved3/Kit-Hunter-2/kit_hunter_cron/kit_hunter_cron_log.txt 2>&1

The Bash script I used for the wrapper is only three lines, not including comments. The script is below.

#!/bin/bash

# Set the path to Kit Hunter below via 'path' and add any arguments you wish to execute.
# For example, you can use the -q or -c switch commands, as well as -m and -l.
# NOTE: You cannot use the -d switch with this wrapper.
# The Kit Hunter Report will be located with the script.

# Set the path where Kit Hunter resides.
path="/steved3/Kit-Hunter-2/Scanner/"

# Change working directory
cd $path

# Run Kit Hunter. If no switch is given, a full default scan is executed.
python kit_hunter_2.py

As the comments explain, it is possible to use the -l and/or -m switches, and either the -q or -c switch.

Just add them after the call to kit_hunter_2.py in the wrapper code like so:

python kit_hunter_2.py -qlm


That's all for now.

-[30]- a.k.a. The End


-[ Return ⬏ ]-