When I do external network perimeter assessments, the first steps almost always end up being exactly the same. I scan for open ports, check dns records, get whole website and look for interesting files, compile a list of potential usernames, and do other types of information gathering. The thing about all that is it takes time and time is one thing I don't have a lot of. Running tools such as nmap, httrack, and nikto all at the same time is not a very good idea and running them one after another requires monitoring their progress whole day long (and sometimes even longer), which I can't do. Manually running the tools means downtime between execution of those tools. Most of the time I have more than one project going at a time and because of that I may forget what stage each project is at and skip a test and end up coming back to it later. Wastes time. So, to save myself time and spare myself the hassle of remembering things I decided to write a tool that would do everything for me. Well, at least the initial part of an assessment when my input is not really required. And so lazyfoot was born.

As of right now it is still not complete, but it does most of what I wanted it to do when I first thought of it. Lazyfoot was not intended to be a tool all by itlsef, but rather a means of running other tools without me having to issue the commands. It was also not designed with only one target in mind. Lazyfoot is ideal for when you have a list of targets rather than just one machine, which is why all inputs to the program are text files.

Here are some possible features that I have in mind and might implement in not too distant future:

• goog-mail.py (gathers e-mails from google search results)
  I may rewrite the tool in ruby to include it in the lazyfoot for better portability.

• dns hijacking
• e-mail notification of completion
• compress (+email?)
• reverse dns lookup
• search saved sites for forms
• banner grabbing from nmap scans + telnet
• searching milw0rm + securityfocus for banners

And anything else that would make my life easier.

I was also thinking of, perhaps, splitting lazyfoot in stages such as "passive", "stealthy", "intrusive", and "all out". This way I could put things like grabbing dns records and search for e-mails in the "passive" stage, and nmap scan in "stealthy", and so on. This seems like a cool idea but I am not sure if it would be all that useful.
Another idea I pondered is to write plugins (httrack, nmap, whatever). Also seems cool, but having one executable with on/off switches is probably more practical.

Hm.

Anyway, I'll keep you posted.