[ Beneath the Waves ]

OTORI - Instructions

article by Ben Lincoln

 

This article describes security testing-related software whose use may be restricted or prohibited in your place of residence or your workplace. The penalties for violating laws and regulations regarding security testing-related tools can be severe. Ensuring that you are allowed to use this software is your responsibility.

The software described is a "preview release" which is not yet feature-complete and which is has not been tested on a variety of systems. Even if you are allowed to use the software, you should do so with caution, on systems which can be easily restored to their previous state if they are damaged.

This document describes all of the command-line options for On The Outside, Reaching In. If you are learning how to use it, I recommend going through the four tutorials linked at the end of this document first — this should answer most common questions about syntax and whatnot.

Important: if you run On The Outside, Reaching In with the --help option, you will see a number of options not described in this document which are labeled "this option is not currently implemented or supported". That label is the reason they're not discussed here — the code to support those options is not implemented. The only reason I didn't comment them out entirely is because it involved many fewer changes to the source code.

Basic Options

Option Arguments Purpose
-h or --help Display the built-in help
--list List all available exploit modules
--module MODULE_ID Use the specified exploit module (this option is required for all modes other than --help and --list)
--console-verbosity debug | info | warning | error | critical Limit console output to the specified level or above. Warning: debug is extremely verbose.
--log LOG_FILE_PATH Write a log file in addition to the console output.
--log-verbosity debug | info | warning | error | critical Limit log file output to the specified level or above. Warning: debug is extremely verbose.
--reportfile FILE_PATH Write a tab-delimited report file regarding successful and failed downloads. Warning: is probably buggy, hasn't been extensively tested.
--no-ansi Do not use ANSI codes to make the console output look awesome and amazing and like you are a "l33+" super-hacker hacking some radical "zero-days" and "pwning" some "boxes"

Mode Selection

Option Arguments Purpose
--clone Clone remote content
--dos-lulz Attempt a "billion laughs" denial-of-service attack
--dos-quad Attempt a "quadratic blowup" denial-of-service attack

Overall Behaviour Control

Option Arguments Purpose
--module-options one or more module options Module-specific settings (URLs, etc.)
--swamm-url-base URL The base She Wore A Mirrored Mask URL
--swamm-url-read URL The She Wore A Mirrored Mask URL used for read operations
--swamm-url-write URL The She Wore A Mirrored Mask URL used for write operations
--swamm-url-append URL The She Wore A Mirrored Mask URL used for append operations
--swamm-url-delete URL The She Wore A Mirrored Mask URL used for delete operations
--swamm-url-store-add URL The She Wore A Mirrored Mask URL used for adding stored request/response pairs
--swamm-url-store-delete URL The She Wore A Mirrored Mask URL used for deleting stored request/response pairs

Behaviour Control For --clone Mode

Option Arguments Purpose
--singleuri URI Attempt to download this single URI (file:///etc/passwd, etc.)
--exacturilist PATH_TO_EXACT_URI_LIST_FILE A relative path to a file containing a list of exact URIs to download
--rooturi REQUESTED_ROOT_URI When exploiting systems that support returning directory listings, attempt a recursive download starting from this URI (file:///home/, etc.).
--rooturilist PATH_TO_ROOT_URI_LIST_FILE Same as --rooturi, except each URI in the list is iterated through.
--outputbase BASE_OUTPUT_PATH Write output starting in this directory.
--uriblacklist PATH_TO_TARGET_URI_BLACKLIST_FILE Use the regular expressions in this file to filter which directories will be traversed. Generally intended for use with the two recursive modes.
--preserve When downloading content, do not overwrite existing local files with the same paths.
--overwrite When downloading content, overwrite existing local files with the same paths.
--version When downloading content, if any local files exist with the same paths, name the new files with a version identifier to prevent the original from being overwritten. Note: existing directories will be renamed instead of the new directory having the versioned name.
--noerrorfiles If the module reports an error for a given file, discard the results instead of writing them to an output file.
--noemptyfiles If an empty file is returned, discard it instead of storing a local copy.
--nowhitespacefiles If a downloaded file contains only whitespace characters, discard it instead of storing a local copy.
--noemptydirs Do not retain directories if no content within them was successfully downloaded.
--maxdepth D Do not recurse more than D levels (3, 10, etc.) in recursive modes.
--retries R If a recoverable error is encountered, retry up to R times before giving up (default is 0).
--request-timeout S Wait S seconds before giving up on a single request.
--request-waittime W Wait W milliseconds in-between requests (to help avoid triggering IDS/IPS or rate-limiting).
--request-waittime-window X When using --request-waittime, vary the request time randomly by X milliseconds on either side of the fixed window (to look less like an automated process).
--http-user-agent USER_AGENT Specify a fixed User-Agent string to send to servers. If this request is not specified, a random (realistic) value will be selected.
--http-cookie COOKIE_STRING Send this HTTP cookie with each request.

Behaviour Control For Denial-of-Service Modes

Option Arguments Purpose
--dos-lulz-base LB When operating in --dos-lulz mode, use this many "lulzstring" values as the base (default: 10). The total repetitions of the DoS content will be LB raised to the LE power.
--dos-lulz-exp LE When operating in --dos-lulz mode, use this many tiers of "lulz" (default: 9). The total repetitions of the DoS content will be LB raised to the LE power.
--dos-quad-base QB When operating in --dos-quad mode, use this many "lulzstring" values as the base (default: 10000). The total repetitions of the DoS content will be QB times QM.
--dos-quad-mult QM When operating in --dos-quad mode, use this many "lulzstring" values as the multiplier (default: 10000). The total repetitions of the DoS content will be QB times QM.
--dos-string DOS_STRING Use this string as the "lulzstring" which will be expanded in memory (default: -- Summon the Lulz --).

 
[ Page Icon ]