K2HackBot

Automated tool for detection of exploitable vulnerabilities.

Introduction

K2HackBot is an offering of K2 Cyber Security Inc, that works in conjunction with the K2 Platform to automatically find exploitable vulnerabilities in Web applications and APIs.

By running K2HackBot on your server where your web application or APIs are running, you can quickly find exploitable vulnerabilities.

K2HackBot tool generates use cases by crawling Web application/APIs or using test cases from Swagger documentation. The use cases are leveraged to find vulnerabilities that can be exploited. Details are provided for each exploitable vulnerability that includes vulnerable URL/APIs, location of the vulnerability along with proof of the exploit.

The K2HackBot tool is shipped as a Linux bundle.

Requirements

• Linux System

• Firefox

• Docker

Note: Depending upon the OS, the K2HackBot provide the steps to install the Firefox on your machine at run time for the underprivileged user (non-root). For the root user, Firefox will be installed implicitly if not found on the machine.

In case if the K2HackBot utility fails to install Firefox for any reason, then please make sure to install it manually.

Installation Instructions

Step 1: Download K2HackBot Bundle

Download the latest K2HackBot tar from the below URL:

https://github.com/k2io/K2HackBot-Release/releases/latest

Step 2: Untar K2HackBot Bundle

Untar the downloaded K2HackBot Bundle:

tar --no-same-owner -xf ${PATH_TO_K2HACKBOT_BUNDLE}

Step 3: Installing K2HackBot

K2HackBot tar includes all the required packages, dependencies and other utilities. Use the following command to set up the K2HackBot.

cd ${PATH_TO_UNTAR_K2HACKBOT_DIRECTORY};
bash install.sh;

Step 4: Verifying Successful Install of K2HackBot

You'll get an output similar to the one shown below:

Complete!
Pre-requisite 'firefox' installed using OS package manager 'dnf' 
Executable ./bin/k2hackbot created. 
Environment setup completed for K2HackBot 
[IMPORTANT] K2HackBot has been added to your env PATH via /root/.bashrc file.
[IMPORTANT] For current shell, please run this command : export PATH=/K2HackBot/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin or spwan a new shell to use the tool

K2HackBot Commands

Syntax:

k2hackbot [command] [options]

1. Get the K2HackBot version

k2hackbot --version

2. K2HackBot help

k2hackbot --help

3. Help for respective commands

k2hackbot [command] --help

Below is the list of commands supported by K2HackBot:

• create-config-file

• deploy-k2component

• start-application

• crawl-web-application

• probe-api

• extract-results

• full

• scan-web-application

For example:

k2hackbot scan-web-application --help

NOTE: The Hierarchy for reading config is as follows:

CLI > Environment > Configuration file > Default

Use cases

K2HackBot offer five use cases:

Deploy K2Components

• deploy-k2component command installs K2 components.

Deploy K2Components

Scan Web Application

• scan-web-application command will scan the application for potential exploits using the K2 component. It will provide a complete summary of the scan.

• This command is likely to find all the vulnerabilities present in the application along with their proof of exploits.

Scan Web Application

Probe API

• probe-api command fires HTTP requests corresponding to each API present in the supported API documentation.

• Used when there is API documentation present for the application. probe-api is likely to give the highest API coverage among all the commands.

• Note: We are assuming that the K2 component is deployed where you are probing the application.

Probe API

Crawl Web Application

• crawl-web-application command crawls the web application and will list all the crawled URLs.

• Consider this command when the user wants to skip the scanning of the web application.

• Note: crawl-web-application will not deploy the K2 component

Crawl Web Application

Log4j CVE Scan

• K2hackBot is capable of detecting the Log4j CVE.

• First, use the create-config-file mode to build the config file for the application.

• Pass the config file to the scan-web-application mode which will crawl and report all the log4j vulnerabilities in the application.

K2HackBot Logs

All the logs related to the K2HackBot can be found inside the logs directory. This logs directory is created inside the K2HackBot package.

For each run of the K2HackBot, a new log directory is created. The format of this directory is a combination of date and time. For example:

$ cd <PATH_TO_UNTAR_K2HACKBOT_DIRECTORY> 
$ ls logs
2021-10-13_08:25:00.976282

Here 2021-10-13_08 is the execution date and 08:25:00.976282 is the time when the K2HackBot process was started.

Each log directory includes the following files:

File	Description
config.json	This file includes the config JSON that was used to run the K2HackBot.
crawler.log	This file includes all the which were crawled during the execution.
k2hackbot.log	This file includes all the detailed logs with related to complete execution.
newman_result.log	This log file includes all the logs related to the probe-api mode. This file will remain empty if the K2HackBot is executed in some other mode.
report.log	This file includes the list of all the Vulnerable APIs and CVEs found during the execution.

Hacking a test application with K2HackBot

To run demo exploits with an automated installation of K2HackBot, checkout below pages

Running SQL Injection Exploits with K2HackBot

Running SQL Injection Exploits With K2HackBot

License

K2HackBot is released under K2 Cyber Security License © 2022.