08 Sep 2021

Kit Hunter 2.0 - Scanning with Crontab

Filed Under: khdocs

While it wasn’t mentioned in the general usage and installation blog post, it is possible to use Crontab to schedule scans for Kit Hunter 2.0.

During testing, the way I got this to work was to place kit_hunter_2.py into the folder I wanted to scan, and to use a simple Bash script to act as a wrapper.

As an example, what I did was place kit_hunter_2.py into the /steved3/Kit-Hunter-2/Scanner/folder.

This is one level up from /steved3/Kit-Hunter-2/Scanner/home/ which contains the user account /bob/.

Within the /public_html/ folder under Bob’s account, I’ve installed an outdated version of WordPress, which I then installed several phishing kits into, along with several phishing kit archives, and a WSO shell script. Essentially, mirroring a badly compromised website.

I intend to use Crontab to call on kit_hunter_2.py and scan all of the accounts under /home/.

Right away I noticed that calling kit_hunter_2.py via Crontab was problematic, as it kept trying to scan my $home directory.

So what I did was use a Bash script to callout to the Python code directly. I created a directory called /kit_hunter_cron/ and placed the Bash script inside.

This folder is also where I tell Crontab to record the output, which is dumped to kit_hunter_cron_log.txt.

When Crontab ran, the errors went away thanks to the wrapper, and the scan worked as expected.

The final report was generated with kit_hunter_2.py just outside of the /home/ directory.

The Crontab I used will run daily at 01:30 a.m. The code is below.

30 1 * * * /steved3/Kit-Hunter-2/kit_hunter_cron/kit_hunter_2_wrapper.sh >> /steved3/Kit-Hunter-2/kit_hunter_cron/kit_hunter_cron_log.txt 2>&1

The Bash script I used for the wrapper is only three lines, not including comments. The script is below.


# Set the path to Kit Hunter below via 'path' and add any arguments you wish to execute.
# For example, you can use the -q or -c switch commands, as well as -m and -l.
# NOTE: You cannot use the -d switch with this wrapper.
# The Kit Hunter Report will be located with the script.

# Set the path where Kit Hunter resides.

# Change working directory
cd $path

# Run Kit Hunter. If no switch is given, a full default scan is executed.
python kit_hunter_2.py

As the comments explain, it is possible to use the -l and/or -m switches, and either the -q or -c switch.

Just add them after the call to kit_hunter_2.py in the wrapper code like so:

python kit_hunter_2.py -qlm

That's all for now.

-[30]- a.k.a. The End

-[ Return ⬏ ]-