1
00:00:00,870 --> 00:00:03,210
Welcome to part four of this module

2
00:00:06,240 --> 00:00:11,610
this video is going to be a quick look at goalless marrow the web knife.

3
00:00:11,610 --> 00:00:17,910
This may be one of the shortest videos in this class because this tool is painfully straightforward

4
00:00:18,630 --> 00:00:20,640
to bring up goals marrow.

5
00:00:20,700 --> 00:00:24,510
We should go to applications vulnerability analysis

6
00:00:27,170 --> 00:00:29,780
and then select goalless marrow.

7
00:00:29,800 --> 00:00:34,810
You can also launch it from the terminal window just by typing goalless marrow and you could launch

8
00:00:34,810 --> 00:00:36,340
it directly against a target.

9
00:00:36,340 --> 00:00:48,000
My typing goalless marrow followed by the target website domain or IP address for legal reasons I will

10
00:00:48,000 --> 00:00:52,080
be using the IP of my own met hospitable machine.

11
00:00:52,080 --> 00:00:55,240
As you have already seen me do in prior modules.

12
00:00:55,410 --> 00:01:04,130
This is because nothing about goalless marrow is subtle stealthy or even particularly legal so to do

13
00:01:04,130 --> 00:01:11,990
this to launch goalless marrow against a target type flawless marrow and supply the target information

14
00:01:12,020 --> 00:01:15,710
which in this case is my own met a spoiled ball machine

15
00:01:21,660 --> 00:01:29,700
so right away we see that this is another auditing tool like Sparta goalless marrow is a kind of all

16
00:01:29,700 --> 00:01:40,870
in one Swiss army knife of a tool running multiple other tools such as Nic to and map etc. It also brute

17
00:01:40,880 --> 00:01:46,790
forces looking for vulnerabilities in target Web sites.

18
00:01:46,920 --> 00:01:53,530
The idea here is pretty simple and that idea is that you run it against a Web site although it makes

19
00:01:53,530 --> 00:01:59,370
lofty claims in its documentation about having multiple stages to its scanning process.

20
00:01:59,470 --> 00:02:05,980
The first of which is billed as being non-intrusive that is in fact an accurate.

21
00:02:05,980 --> 00:02:10,550
This program is anything but non-intrusive.

22
00:02:10,670 --> 00:02:16,820
I can't even run it against scan me Dot and map dot org as its pension for brute forcing willy nilly

23
00:02:16,820 --> 00:02:22,440
against targets would violate the terms of the web scanning permission.

24
00:02:22,460 --> 00:02:29,600
That's why I'm having to do it against a metal splitter both machine Gulf's marrow comes prepackaged

25
00:02:29,600 --> 00:02:31,560
with Kali 2.0.

26
00:02:31,640 --> 00:02:38,640
This particular tool can be run on a wide range of operating systems including but not limited to OSX.

27
00:02:38,660 --> 00:02:48,470
Windows Linux BSD and even the Raspberry Pi with the correct plugins installed.

28
00:02:48,670 --> 00:02:56,100
This tool will check showdown spider foot open VHS for the tool to work properly.

29
00:02:56,110 --> 00:03:04,240
You at least need Nick to map open VHS and SSL scan spider foot installed and configured

30
00:03:07,520 --> 00:03:12,510
unlike other all in one tools like for example Sparta.

31
00:03:12,650 --> 00:03:16,910
This script is not particularly easy to configure.

32
00:03:16,910 --> 00:03:24,560
It is about as subtle as firing a cannon at a wall to look for cracks and half any halfway competent

33
00:03:24,560 --> 00:03:34,900
administrator will spot this sort of a probe and much of what it does will be logged as you can probably

34
00:03:34,900 --> 00:03:41,650
tell I'm not a big fan of this tool because I like to run powerful tools individually and control the

35
00:03:41,650 --> 00:03:44,820
levels of my exposure during a pen test.

36
00:03:44,890 --> 00:03:50,890
Of course if you plan to run all of these tools against a Web site anyway I suppose you may as well

37
00:03:50,890 --> 00:03:51,980
use goalless Mario

38
00:03:56,020 --> 00:03:59,780
the tool has four principal scanning phases.

39
00:03:59,800 --> 00:04:09,970
Phase one is reconnaissance followed by phase two which is falsely claimed to be non-intrusive scanning

40
00:04:10,690 --> 00:04:19,290
the third phase is exploitation which it admits is in fact intrusive checking for things like open SSL

41
00:04:19,710 --> 00:04:22,930
Heartbleed and other such attack vectors.

42
00:04:23,040 --> 00:04:29,040
Its fourth and final stage is reporting in which you can see at the bottom of the screen when the scan

43
00:04:29,040 --> 00:04:29,910
completes

44
00:04:33,320 --> 00:04:37,030
because this program takes quite a long time to complete.

45
00:04:37,040 --> 00:04:43,660
Even the most basic scan like I said it's throwing the kitchen sink at the target and without any subtlety.

46
00:04:43,790 --> 00:04:47,310
I am going to make a small cut to the recording.

47
00:04:47,310 --> 00:04:53,990
There's no reason to watch this brute forcing process go on in general against a single target.

48
00:04:53,990 --> 00:04:58,550
It will take a bout 15 minutes to complete.

49
00:04:58,550 --> 00:05:05,450
Although I have seen it get stuck in the high 90s of the third phase the brute forcing process

50
00:05:09,990 --> 00:05:16,890
penetration testers who rely on goalless marrow are being a bit lazy in my opinion.

51
00:05:16,950 --> 00:05:23,640
Yes the tool does what it is supposed to do but you're relying on a script to conduct and map scans

52
00:05:24,210 --> 00:05:31,790
and running to and these are things that are part science and part art black hats on the other hand

53
00:05:31,910 --> 00:05:38,690
may find it useful to perform quick and dirty scans against Web sites that they wish to hack and therefore

54
00:05:38,690 --> 00:05:45,490
it is viable to run this tool as part of a pen test to make sure that nothing really obvious jumps out

55
00:05:45,500 --> 00:05:53,940
that the script kiddies can then grab on to the one salient quality of goalless marrow is that it can

56
00:05:53,940 --> 00:05:58,080
be run on virtually any system including a Raspberry Pi.

57
00:05:58,170 --> 00:06:06,000
So it's pretty easy to setup a cheap ten dollar pi connected to the Internet on a connection that is

58
00:06:06,000 --> 00:06:13,650
not related to the tester such as for instance a coffee shop and scan a large number of sites on the

59
00:06:13,650 --> 00:06:17,060
web quickly and with little concern.

60
00:06:17,080 --> 00:06:22,930
This is in the vast majority of cases illegal but as a security professional you will need to be aware

61
00:06:22,930 --> 00:06:25,360
of this sort of tactic.

62
00:06:25,380 --> 00:06:32,340
It is also possible to use this tool in conjunction with methods of anonymous using such as virtual

63
00:06:32,340 --> 00:06:38,700
private networks and proxy chains both of which are subjects covered at greater length in the modules

64
00:06:38,730 --> 00:06:40,840
dealing with anonymity.

65
00:06:40,890 --> 00:06:46,380
In summary this is a script that does a lot of things for you that you should really be doing yourself.

66
00:06:46,410 --> 00:06:53,820
However it is undeniably effective for some users as it distills the use of more complex tools down

67
00:06:53,820 --> 00:06:56,070
into a single command.

68
00:06:56,090 --> 00:07:03,140
I don't personally like it but you may find it to be a useful addition to your toolkit thank you.