Kit Hunter 2.0 - Scanning with Crontab
Kit Hunter 2.0 with Crontab
While it wasn’t mentioned in the general usage and installation blog post, it is possible to use Crontab to schedule scans for Kit Hunter 2.0.
During testing, the way I got this to work was to place
kit_hunter_2.py into the folder I wanted to scan, and to use a simple Bash script to act as a wrapper.
As an example, what I did was place
kit_hunter_2.py into the
This is one level up from
/steved3/Kit-Hunter-2/Scanner/home/ which contains the user account
/public_html/ folder under Bob’s account, I’ve installed an outdated version of WordPress, which I then installed several phishing kits into, along with several phishing kit archives, and a WSO shell script. Essentially, mirroring a badly compromised website.
I intend to use Crontab to call on
kit_hunter_2.py and scan all of the accounts under
Right away I noticed that calling
kit_hunter_2.py via Crontab was problematic, as it kept trying to scan my
So what I did was use a Bash script to callout to the Python code directly. I created a directory called
/kit_hunter_cron/ and placed the Bash script inside.
This folder is also where I tell Crontab to record the output, which is dumped to
When Crontab ran, the errors went away thanks to the wrapper, and the scan worked as expected.
The final report was generated with
kit_hunter_2.py just outside of the
The Crontab I used will run daily at 01:30 a.m. The code is below.
30 1 * * * /steved3/Kit-Hunter-2/kit_hunter_cron/kit_hunter_2_wrapper.sh >> /steved3/Kit-Hunter-2/kit_hunter_cron/kit_hunter_cron_log.txt 2>&1
The Bash script I used for the wrapper is only three lines, not including comments. The script is below.
#!/bin/bash # Set the path to Kit Hunter below via 'path' and add any arguments you wish to execute. # For example, you can use the -q or -c switch commands, as well as -m and -l. # NOTE: You cannot use the -d switch with this wrapper. # The Kit Hunter Report will be located with the script. # Set the path where Kit Hunter resides. path="/steved3/Kit-Hunter-2/Scanner/" # Change working directory cd $path # Run Kit Hunter. If no switch is given, a full default scan is executed. python kit_hunter_2.py
As the comments explain, it is possible to use the
-m switches, and either the
Just add them after the call to
kit_hunter_2.py in the wrapper code like so:
python kit_hunter_2.py -qlm
That's all for now.