class DnsBruteThread(threading.Thread):
""" Thread class for DnsBrute* modules """
done = False
def __init__(self, queue, domain, proto, msymbol, dns_srv, delay, result,
counter):
threading.Thread.__init__(self)
self.queue = queue
self.domain = domain
self.proto = proto
self.dns_srv = dns_srv
self.counter = counter
self.msymbol = msymbol
self.result = result
self.delay = int(delay)
self.done = False
self.logger = Registry().get('logger')
def run(self):
""" Run thread """
ip_re = re.compile(r"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
ns_resp_re = re.compile(r";ANSWER\s(?P<data>(.|\s)*)\s;AUTHORITY",
re.M)
req_func = getattr(dns.query, self.proto.lower())
while True:
host = None
if self.delay:
time.sleep(self.delay)
try:
host = self.queue.get()
self.counter.up()
check_name = self.domain.replace(self.msymbol, host)
query = dns.message.make_query(check_name, 'A')
result = req_func(query, self.dns_srv, timeout=5)
response = ns_resp_re.search(result.to_text())
if response is not None:
for ip in ip_re.findall(response.group('data')):
self.result.append({
'name': check_name,
'ip': ip,
'dns': self.dns_srv
})
break
if len(self.result) >= int(Registry().get('config')['main']
['positive_limit_stop']):
Registry().set('positive_limit_stop', True)
except Queue.Empty:
self.done = True
break
except BaseException as e:
self.logger.ex(e)
time.sleep(5)
class BackupsFinderThread(HttpThread):
""" Thread class for BF module """
queue = None
method = None
url = None
counter = None
last_action = 0
def __init__(self, queue, domain, protocol, method, not_found_re, not_found_codes,
not_found_size, delay, counter, result):
super(BackupsFinderThread, self).__init__()
self.queue = queue
self.domain = domain
self.result = result
self.counter = counter
self.protocol = protocol
self.not_found_re = False if not len(not_found_re) else re.compile(not_found_re)
self.not_found_size = int(not_found_size)
self.method = method.lower()
self.method = method if \
not ((len(not_found_re) or self.not_found_size != -1) and method.lower() == 'head') else \
'get'
not_found_codes = not_found_codes.split(',')
not_found_codes.append('404')
self.not_found_codes = list(set(not_found_codes))
self.delay = int(delay)
self.done = False
self.http = Registry().get('http')
self.logger = Registry().get('logger')
def run(self):
""" Run thread """
req_func = getattr(self.http, self.method)
need_retest = False
while not self.done:
self.last_action = int(time.time())
if self.delay:
time.sleep(self.delay)
try:
if not need_retest:
word = self.queue.get()
self.counter.up()
url = "{0}://{1}{2}".format(self.protocol, self.domain, word)
try:
resp = req_func(url)
except ConnectionError:
need_retest = True
self.http.change_proxy()
continue
positive_item = False
if self.is_response_right(resp):
self.result.append(word)
positive_item = True
self.log_item(word, resp, positive_item)
self.check_positive_limit_stop(self.result)
need_retest = False
except Queue.Empty:
self.done = True
break
except ChunkedEncodingError as e:
self.logger.ex(e)
except BaseException as e:
self.logger.ex(e)
class SFormBruterThread(SeleniumThread):
""" Thread class for FormBruter module (selenium) """
queue = None
method = None
url = None
mask_symbol = None
counter = None
retested_words = None
logger = None
last_action = 0
first_page_load = False
def __init__(
self, queue, protocol, host, url, false_phrase, true_phrase, delay, ddos_phrase, ddos_human, recreate_phrase,
conffile, first_stop, login, #reload_form_page,
pass_found, counter, result
):
super(SFormBruterThread, self).__init__()
self.retested_words = {}
self.queue = queue
self.protocol = protocol.lower()
self.host = host
self.url = url
self.delay = int(delay)
self.ddos_phrase = ddos_phrase
self.ddos_human = ddos_human
self.recreate_phrase = recreate_phrase
self.conffile = conffile
self.false_phrase = false_phrase
self.true_phrase = true_phrase
self.first_stop = first_stop
self.login = login
self.pass_found = pass_found
self.logger = Registry().get('logger')
#self.reload_form_page = int(reload_form_page)
self.browser_create()
self.counter = counter
self.result = result
self.done = False
Registry().set('url_for_proxy_check', "{0}://{1}".format(protocol, host))
def parse_brute_config(self, path):
""" Parse conf file to dict """
to_return = {}
have_user = False
have_pass = False
have_submit = False
fh = open(path)
for line in fh.readlines():
if not len(line.strip()):
continue
point, selector = line.strip().split(" ")
if point == "^USER^":
have_user = True
if point == "^PASS^":
have_pass = True
if point == "^SUBMIT^":
have_submit = True
to_return[point] = selector
return to_return
def run(self):
""" Run thread """
need_retest = False
word = False
brute_conf = self.parse_brute_config(self.conffile)
while not self.pass_found and not self.done:
try:
self.last_action = int(time.time())
if self.pass_found:
self.done = True
break
if self.delay:
time.sleep(self.delay)
if not need_retest:
word = self.queue.get()
self.counter.up()
#if self.reload_form_page or \
# (not self.browser.element_exists(By.CSS_SELECTOR, brute_conf['^USER^']) or
# not self.browser.element_exists(By.CSS_SELECTOR, brute_conf['^PASS^'])) :
#self.browser.get(self.protocol + "://" + self.host + self.url)
self.browser.get(self.protocol + "://" + self.host + self.url)
if len(self.recreate_phrase) and self.browser.page_source.lower().count(self.recreate_phrase.lower()):
need_retest = True
self.browser_close()
self.browser_create()
continue
self.browser.find_element(By.CSS_SELECTOR, brute_conf['^USER^']).clear()
self.browser.find_element(By.CSS_SELECTOR, brute_conf['^USER^']).send_keys(self.login)
self.browser.find_element(By.CSS_SELECTOR, brute_conf['^PASS^']).clear()
self.browser.find_element(By.CSS_SELECTOR, brute_conf['^PASS^']).send_keys(word)
self.browser.find_element(By.CSS_SELECTOR, brute_conf['^SUBMIT^']).click()
time.sleep(1)
self.logger.item(word, self.browser.page_source, True)
if ( (len(self.false_phrase) and not self.browser.page_source.count(self.false_phrase)) or
(len(self.true_phrase) and self.browser.page_source.count(self.true_phrase)) ):
self.result.append({'word': word, 'content': self.browser.page_source})
#self.logger.log("Result: {0}".format(word))
if len(self.result) >= int(Registry().get('config')['main']['positive_limit_stop']):
Registry().set('positive_limit_stop', True)
if int(self.first_stop):
self.done = True
self.pass_found = True
break
else:
# Иначе старая сессия останется и будет куча false-positive
self.browser_close()
self.browser_create()
need_retest = False
except Queue.Empty:
self.done = True
break
except TimeoutException as e:
need_retest = True
self.browser_close()
self.browser_create()
continue
except UnicodeDecodeError as e:
self.logger.ex(e)
need_retest = False
except BaseException as e:
try:
need_retest = True
if len(e.args) and e.args[0] == 111:
self.browser_close()
self.browser_create()
elif not str(e).count('Timed out waiting for page load'):
self.logger.ex(e)
except UnicodeDecodeError:
need_retest = False
self.up_requests_count()
self.browser_close()
class SBackupsFinderThread(SeleniumThread):
""" Thread class for BF module (selenium) """
queue = None
method = None
url = None
counter = None
last_action = 0
def __init__(self, queue, domain, protocol, method, not_found_re, delay,
ddos_phrase, ddos_human, recreate_re, counter, result):
super(SBackupsFinderThread, self).__init__()
self.queue = queue
self.method = method if not (len(not_found_re)
and method.lower() == 'head') else 'get'
self.domain = domain
self.result = result
self.counter = counter
self.protocol = protocol
self.not_found_re = False if not len(not_found_re) else re.compile(
not_found_re)
self.done = False
self.http = Registry().get('http')
self.delay = int(delay)
self.ddos_phrase = ddos_phrase
self.ddos_human = ddos_human
self.recreate_re = False if not len(recreate_re) else re.compile(
recreate_re)
self.logger = Registry().get('logger')
Registry().set('url_for_proxy_check',
"{0}://{1}".format(protocol, domain))
self.browser_create()
def run(self):
""" Run thread """
while not self.done:
self.last_action = int(time.time())
if self.delay:
time.sleep(self.delay)
try:
word = self.queue.get()
self.counter.up()
url = "{0}://{1}{2}".format(self.protocol, self.domain, word)
self.browser.get(url)
if self.recreate_re and self.recreate_re.findall(
self.browser.page_source):
#self.queue.task_done(word)
#self.queue.put(word)
self.browser_close()
self.browser_create()
continue
if not self.not_found_re.findall(self.browser.page_source):
self.result.append(word)
self.logger.item(word, self.browser.page_source, True)
if len(self.result) >= int(Registry().get('config')['main']
['positive_limit_stop']):
Registry().set('positive_limit_stop', True)
#self.queue.task_done(word)
except Queue.Empty:
self.done = True
break
except TimeoutException as e:
self.queue.put(word)
self.browser_close()
self.browser_create()
continue
except BaseException as e:
#self.queue.task_done(word)
if not str(e).count('Timed out waiting for page load'):
self.logger.ex(e)
if str(e).count("Connection refused"):
self.queue.put(word)
self.browser_close()
self.browser_create()
self.up_requests_count()
self.browser_close()
class HostsBruteThread(HttpThread):
""" Thread class for HostsBrute modules """
queue = None
method = None
url = None
mask_symbol = None
counter = None
retested_words = None
last_action = 0
def __init__(
self, queue, protocol, host, template, mask_symbol,
false_phrase, retest_codes, delay, ignore_words_re, counter, result):
threading.Thread.__init__(self)
self.retested_words = {}
self.queue = queue
self.protocol = protocol.lower()
self.host = host
self.template = template
self.mask_symbol = mask_symbol
self.counter = counter
self.result = result
self.done = False
self.false_phrase = false_phrase
self.retest_codes = list(set(retest_codes.split(','))) if len(retest_codes) else []
self.delay = int(delay)
self.retest_delay = int(Registry().get('config')['hosts_brute']['retest_delay'])
self.http = copy.deepcopy(Registry().get('http'))
self.logger = Registry().get('logger')
self.method = 'get'
self.ignore_words_re = False if not len(ignore_words_re) else re.compile(ignore_words_re)
self.retest_limit = int(Registry().get('config')['hosts_brute']['retest_limit'])
def run(self):
""" Run thread """
req_func = getattr(self.http, self.method)
need_retest = False
word = False
while not self.done:
self.last_action = int(time.time())
if self.delay:
time.sleep(self.delay)
try:
if not need_retest:
word = self.queue.get()
self.counter.up()
if not len(word.strip()) or (self.ignore_words_re and self.ignore_words_re.findall(word)):
continue
try:
hostname = self.template.replace(self.mask_symbol, word)
except UnicodeDecodeError:
self.logger.log(
"URL build error (UnicodeDecodeError) with word '{0}', skip it".format(pprint.pformat(word)),
_print=False
)
continue
try:
resp = req_func(self.protocol + "://" + self.host, headers={'host': hostname})
except ConnectionError:
need_retest = True
self.http.change_proxy()
continue
if self.is_retest_need(word, resp):
time.sleep(self.retest_delay)
need_retest = True
continue
search_scope = ""
for header in resp.headers:
search_scope += "{0}: {1}\r\n".format(header.title(), resp.headers[header])
search_scope += '\r\n\r\n' + resp.text
positive_item = False
if resp is not None and not search_scope.count(self.false_phrase):
self.result.append(hostname)
positive_item = True
self.log_item(word, resp, positive_item)
self.check_positive_limit_stop(self.result)
need_retest = False
except Queue.Empty:
self.done = True
break
except ChunkedEncodingError as e:
self.logger.ex(e)
except BaseException as e:
try:
if str(e).count('Cannot connect to proxy'):
need_retest = True
else:
self.logger.ex(e)
except UnicodeDecodeError:
pass
except UnboundLocalError:
self.logger.ex(e)
finally:
pass
class CmsThread(threading.Thread):
""" Thread class for CMS module """
queue = None
method = None
url = None
counter = None
last_action = 0
def __init__(self, queue, domain, url, protocol, method, not_found_re, not_found_codes, delay, counter, result):
threading.Thread.__init__(self)
self.queue = queue
self.method = method if not (len(not_found_re) and method.lower() == 'head') else 'get'
self.domain = domain
self.url = url
self.result = result
self.counter = counter
self.protocol = protocol
self.not_found_re = False if not len(not_found_re) else re.compile(not_found_re)
not_found_codes = not_found_codes.split(',')
not_found_codes.append('404')
self.not_found_codes = list(set(not_found_codes))
self.delay = int(delay)
self.done = False
self.http = Registry().get('http')
self.logger = Registry().get('logger')
def run(self):
""" Run thread """
req_func = getattr(self.http, self.method)
need_retest = False
while not self.done:
self.last_action = int(time.time())
if self.delay:
time.sleep(self.delay)
try:
if not need_retest:
path = self.queue.get()
try:
url = "{0}://{1}{2}".format(self.protocol, self.domain, clear_double_slashes(self.url + path))
except UnicodeDecodeError:
self.logger.log(
"URL build error (UnicodeDecodeError) with path '{0}', skip it".format(pprint.pformat(path)),
_print=False
)
continue
except UnicodeEncodeError:
self.logger.log(
"URL build error (UnicodeEncodeError) with path '{0}', skip it".format(pprint.pformat(path)),
_print=False
)
continue
try:
resp = req_func(url)
except ConnectionError:
need_retest = True
self.http.change_proxy()
continue
binary_content = resp is not None and is_binary_content_type(resp.headers['content-type'])
if resp is not None \
and str(resp.status_code) not in(self.not_found_codes) \
and not (not binary_content and self.not_found_re and self.not_found_re.findall(resp.content)):
self.result.append({
'path': path,
'code': resp.status_code,
})
self.logger.item(
path,
resp.content if not resp is None else "",
binary_content
)
self.counter.up()
self.queue.task_done()
need_retest = False
except Queue.Empty:
self.done = True
break
except ChunkedEncodingError as e:
self.logger.ex(e)
except UnicodeDecodeError as e:
self.logger.ex(e)
self.queue.task_done()
except BaseException as e:
try:
self.queue.put(path)
if not str(e).count('Timed out waiting for page load'):
self.logger.ex(e)
except UnicodeDecodeError:
pass
self.queue.task_done()
class DafsThread(HttpThread):
""" Thread class for Dafs modules """
queue = None
method = None
template = None
mask_symbol = None
counter = None
retested_words = None
last_action = 0
ignore_words_re = None
def __init__(
self, queue, protocol, host, template, method, mask_symbol, not_found_re,
not_found_size, not_found_codes, retest_codes, delay, ignore_words_re,
counter, result):
threading.Thread.__init__(self)
self.retested_words = {}
self.queue = queue
self.protocol = protocol.lower()
self.host = host
self.template = template
self.mask_symbol = mask_symbol
self.counter = counter
self.result = result
self.done = False
self.ignore_words_re = False if not len(ignore_words_re) else re.compile(ignore_words_re)
self.not_found_re = False if not len(not_found_re) else re.compile(not_found_re)
self.not_found_size = int(not_found_size)
self.method = method
if method == 'head' and (len(not_found_re) or self.not_found_size != -1):
self.method = 'get'
not_found_codes = not_found_codes.split(',')
not_found_codes.append('404')
self.not_found_codes = list(set(not_found_codes))
self.retest_codes = list(set(retest_codes.split(','))) if len(retest_codes) else []
self.delay = int(delay)
self.retest_delay = int(Registry().get('config')['dafs']['retest_delay'])
self.http = copy.deepcopy(Registry().get('http'))
self.logger = Registry().get('logger')
self.retest_limit = int(Registry().get('config')['dafs']['retest_limit'])
def run(self):
""" Run thread """
req_func = getattr(self.http, self.method)
need_retest = False
word = False
while not self.done:
self.last_action = int(time.time())
if self.delay:
time.sleep(self.delay)
try:
if not need_retest:
word = self.queue.get()
if not len(word.strip()) or (self.ignore_words_re and self.ignore_words_re.findall(word)):
continue
self.counter.up()
try:
url = self.template.replace(self.mask_symbol, word)
except UnicodeDecodeError:
self.logger.log(
"URL build error (UnicodeDecodeError) with word '{0}', skip it".format(pprint.pformat(word)),
_print=False
)
continue
rtime = int(time.time())
try:
resp = req_func(self.protocol + "://" + self.host + url)
except ConnectionError:
need_retest = True
self.http.change_proxy()
continue
if self.is_retest_need(word, resp):
time.sleep(self.retest_delay)
need_retest = True
continue
positive_item = False
if self.is_response_right(resp):
self.result.append({
'url': url,
'code': resp.status_code,
'time': int(time.time()) - rtime
})
positive_item = True
self.log_item(word, resp, positive_item)
self.check_positive_limit_stop(self.result)
need_retest = False
except Queue.Empty:
self.done = True
break
except ChunkedEncodingError as e:
self.logger.ex(e)
except BaseException as e:
try:
if str(e).count('Cannot connect to proxy'):
need_retest = True
else:
self.logger.ex(e)
except UnicodeDecodeError:
pass
except UnboundLocalError:
self.logger.ex(e)
finally:
pass
class SDafsThread(SeleniumThread):
""" Thread class for Dafs modules (selenium) """
queue = None
method = None
template = None
mask_symbol = None
counter = None
last_action = 0
def __init__(
self, queue, protocol, host, template, method, mask_symbol, not_found_re,
delay, ddos_phrase, ddos_human, recreate_re, ignore_words_re, counter, result
):
super(SDafsThread, self).__init__()
self.queue = queue
self.protocol = protocol.lower()
self.host = host
self.method = method if not (len(not_found_re) and method.lower() == 'head') else 'get'
self.template = template
self.mask_symbol = mask_symbol
self.counter = counter
self.result = result
self.done = False
self.not_found_re = False if not len(not_found_re) else re.compile(not_found_re)
self.recreate_re = False if not len(recreate_re) else re.compile(recreate_re)
self.http = Registry().get('http')
self.delay = int(delay)
self.ddos_phrase = ddos_phrase
self.ddos_human = ddos_human
self.ignore_words_re = False if not len(ignore_words_re) else re.compile(ignore_words_re)
Registry().set('url_for_proxy_check', "{0}://{1}".format(protocol, host))
self.browser_create()
self.logger = Registry().get('logger')
def run(self):
""" Run thread """
need_retest = False
word = None
while not self.done:
self.last_action = int(time.time())
if self.delay:
time.sleep(self.delay)
try:
if not need_retest:
word = self.queue.get()
if not len(word.strip()) or (self.ignore_words_re and self.ignore_words_re.findall(word)):
continue
self.counter.up()
try:
url = self.template.replace(self.mask_symbol, word)
except UnicodeDecodeError:
self.logger.log(
"URL build error (UnicodeDecodeError) with word '{0}', skip it".format(pprint.pformat(word)),
_print=False
)
continue
rtime = int(time.time())
self.browser.get(self.protocol + "://" + self.host + url)
if self.recreate_re and self.recreate_re.findall(self.browser.page_source):
need_retest = True
self.browser_close()
self.browser_create()
continue
positive_item = False
if not self.not_found_re.findall(self.browser.page_source):
self.result.append({
'url': url,
'code': 0,
'time': int(time.time()) - rtime
})
positive_item = True
self.logger.item(word, self.browser.page_source, False, positive_item)
if len(self.result) >= int(Registry().get('config')['main']['positive_limit_stop']):
Registry().set('positive_limit_stop', True)
need_retest = False
except Queue.Empty:
self.done = True
break
except UnicodeDecodeError as e:
self.logger.ex(e)
need_retest = False
except TimeoutException as e:
need_retest = True
self.browser_close()
self.browser_create()
continue
except BaseException as e:
try:
need_retest = True
if len(e.args) and e.args[0] == 111:
self.browser_close()
self.browser_create()
elif not str(e).count('Timed out waiting for page load'):
self.logger.ex(e)
except UnicodeDecodeError:
need_retest = False
self.up_requests_count()
self.browser_close()
class SCmsThread(SeleniumThread):
""" Thread class for CMS module (selenium) """
queue = None
method = None
url = None
counter = None
last_action = 0
def __init__(
self, queue, domain, url, protocol, method, not_found_re,
delay, ddos_phrase, ddos_human, recreate_re, counter, result
):
super(SCmsThread, self).__init__()
self.queue = queue
self.method = method if not (len(not_found_re) and method.lower() == 'head') else 'get'
self.domain = domain
self.url = url
self.result = result
self.counter = counter
self.protocol = protocol
self.not_found_re = False if not len(not_found_re) else re.compile(not_found_re)
self.done = False
self.http = Registry().get('http')
self.delay = int(delay)
self.ddos_phrase = ddos_phrase
self.ddos_human = ddos_human
self.recreate_re = False if not len(recreate_re) else re.compile(recreate_re)
self.logger = Registry().get('logger')
Registry().set('url_for_proxy_check', url)
self.browser_create()
def run(self):
""" Run thread """
need_retest = False
while not self.done:
self.last_action = int(time.time())
if self.delay:
time.sleep(self.delay)
try:
path = self.queue.get()
self.counter.up()
try:
url = "{0}://{1}{2}".format(self.protocol, self.domain, clear_double_slashes(self.url + path))
except UnicodeDecodeError:
self.logger.log(
"URL build error (UnicodeDecodeError) with path '{0}', skip it".format(pprint.pformat(path)),
_print=False
)
continue
self.browser.get(url)
if self.recreate_re and self.recreate_re.findall(self.browser.page_source):
self.queue.put(path)
self.browser_close()
self.browser_create()
continue
if not self.not_found_re.findall(self.browser.page_source):
self.result.append({
'path': path,
'code': 0,
})
self.logger.item(
path,
self.browser.page_source,
True
)
self.queue.task_done()
except Queue.Empty:
self.done = True
break
except TimeoutException as e:
self.queue.put(path)
self.browser_close()
self.browser_create()
continue
except UnicodeDecodeError as e:
self.logger.ex(e)
self.queue.task_done()
except BaseException as e:
try:
self.queue.put(path)
if len(e.args) and e.args[0] == 111:
self.browser_close()
self.browser_create()
elif not str(e).count('Timed out waiting for page load'):
self.logger.ex(e)
except UnicodeDecodeError:
pass
self.queue.task_done()
self.up_requests_count()
self.browser_close()
class BackupsFinderThread(threading.Thread):
""" Thread class for BF module """
queue = None
method = None
url = None
counter = None
last_action = 0
def __init__(self, queue, domain, protocol, method, not_found_re,
not_found_codes, delay, counter, result):
threading.Thread.__init__(self)
self.queue = queue
self.method = method if not (len(not_found_re)
and method.lower() == 'head') else 'get'
self.domain = domain
self.result = result
self.counter = counter
self.protocol = protocol
self.not_found_re = False if not len(not_found_re) else re.compile(
not_found_re)
not_found_codes = not_found_codes.split(',')
not_found_codes.append('404')
self.not_found_codes = list(set(not_found_codes))
self.delay = int(delay)
self.done = False
self.http = Registry().get('http')
self.logger = Registry().get('logger')
def run(self):
""" Run thread """
req_func = getattr(self.http, self.method)
need_retest = False
while not self.done:
self.last_action = int(time.time())
if self.delay:
time.sleep(self.delay)
try:
if not need_retest:
word = self.queue.get()
self.counter.up()
url = "{0}://{1}{2}".format(self.protocol, self.domain, word)
try:
resp = req_func(url)
except ConnectionError:
need_retest = True
self.http.change_proxy()
continue
binary_content = resp is not None and is_binary_content_type(
resp.headers['content-type'])
if resp is not None and str(resp.status_code) not in self.not_found_codes \
and not (not binary_content and self.not_found_re and self.not_found_re.findall(resp.content)):
self.result.append(word)
self.logger.item(word,
resp.content if not resp is None else "",
binary_content)
if len(self.result) >= int(Registry().get('config')['main']
['positive_limit_stop']):
Registry().set('positive_limit_stop', True)
#self.queue.task_done(word)
need_retest = False
except Queue.Empty:
self.done = True
break
except ChunkedEncodingError as e:
self.logger.ex(e)
except BaseException as e:
self.logger.ex(e)
class ParamsBruterThread(HttpThread):
""" Thread class for ParamsBrute modules """
queue = None
method = None
template = None
mask_symbol = None
counter = None
retested_words = None
last_action = 0
ignore_words_re = None
queue_is_empty = False
last_word = ""
def __init__(
self, queue, protocol, host, url, max_params_length, value, method, mask_symbol, not_found_re,
not_found_size, not_found_codes, retest_codes, delay, ignore_words_re,
counter, result):
super(ParamsBruterThread, self).__init__()
self.retested_words = {}
self.queue = queue
self.protocol = protocol.lower()
self.host = host
self.url = url
self.mask_symbol = mask_symbol
self.counter = counter
self.result = result
self.value = value
self.done = False
self.max_params_length = int(max_params_length)
self.ignore_words_re = False if not len(ignore_words_re) else re.compile(ignore_words_re)
self.not_found_re = False if not len(not_found_re) else re.compile(not_found_re)
self.not_found_size = int(not_found_size)
self.method = method.lower()
not_found_codes = not_found_codes.split(',')
not_found_codes.append('404')
self.not_found_codes = list(set(not_found_codes))
self.retest_codes = list(set(retest_codes.split(','))) if len(retest_codes) else []
self.delay = int(delay)
self.retest_delay = int(Registry().get('config')['params_bruter']['retest_delay'])
self.http = copy.deepcopy(Registry().get('http'))
self.logger = Registry().get('logger')
self.retest_limit = int(Registry().get('config')['dafs']['retest_limit'])
def build_params_str(self):
params_str = "" if not len(self.last_word) else "{0}={1}&".format(self.last_word, self.value)
self.last_word = ""
while len(params_str) < self.max_params_length:
try:
word = self.queue.get()
except Queue.Empty:
self.queue_is_empty = True
break
if not len(word.strip()) or (self.ignore_words_re and self.ignore_words_re.findall(word)):
continue
self.counter.up()
params_str += "{0}={1}&".format(word, self.value)
self.last_word = word
return params_str[:-(len(self.last_word) + 3)]
def request_params(self, params):
full_url = self.protocol + "://" + self.host + self.url
return self.http.get(full_url + params) if \
self.method == 'get' else \
self.http.post(full_url, data=params, headers={'Content-Type': 'application/x-www-form-urlencoded'})
def run(self):
""" Run thread """
need_retest = False
while not self.done:
self.last_action = int(time.time())
if self.delay:
time.sleep(self.delay)
try:
if not need_retest:
params_str = self.build_params_str()
try:
resp = self.request_params(params_str)
except ConnectionError:
need_retest = True
self.http.change_proxy()
continue
if self.is_retest_need(params_str, resp):
time.sleep(self.retest_delay)
need_retest = True
continue
positive_item = False
if self.is_response_right(resp):
param_found = False
for one_param in params_str.split("&"):
try:
resp = self.request_params(one_param)
except ConnectionError:
need_retest = True
self.http.change_proxy()
continue
if self.is_response_right(resp):
self.result.append(one_param)
param_found = True
found_item = one_param
if param_found is False:
self.result.append(params_str)
found_item = params_str
positive_item = True
self.log_item(found_item, resp, positive_item)
self.check_positive_limit_stop(self.result)
need_retest = False
if self.queue_is_empty:
self.done = True
break
except ChunkedEncodingError as e:
self.logger.ex(e)
except BaseException as e:
try:
if str(e).count('Cannot connect to proxy'):
need_retest = True
else:
self.logger.ex(e)
except UnicodeDecodeError:
pass
except UnboundLocalError:
self.logger.ex(e)
finally:
pass
class FormBruterThread(HttpThread):
""" Thread class for FormBruter module """
queue = None
method = None
url = None
mask_symbol = None
counter = None
last_action = 0
logger = None
retested_words = None
last_action = 0
def __init__(
self, queue, protocol, host, url, false_phrase, true_phrase, retest_codes, delay,
confstr, first_stop, login, pass_min_len, pass_max_len, pass_found, counter, result
):
threading.Thread.__init__(self)
self.retested_words = {}
self.queue = queue
self.protocol = protocol.lower()
self.host = host
self.url = url
self.false_phrase = false_phrase
self.true_phrase = true_phrase
self.delay = int(delay)
self.confstr = confstr
self.first_stop = first_stop
self.login = login
self.counter = counter
self.result = result
self.retest_codes = list(set(retest_codes.split(','))) if len(retest_codes) else []
self.pass_found = pass_found
self.done = False
self.logger = Registry().get('logger')
self.http = copy.deepcopy(Registry().get('http'))
self.http.every_request_new_session = True
self.pass_min_len = int(pass_min_len)
self.pass_max_len = int(pass_max_len)
self.retest_delay = int(Registry().get('config')['form_bruter']['retest_delay'])
self.retest_limit = int(Registry().get('config')['form_bruter']['retest_limit'])
def _make_conf_from_str(self, confstr):
result = {}
tmp = confstr.split("&")
for tmp_row in tmp:
field, value = tmp_row.split("=")
result[field] = value
return result
def _fill_conf(self, conf, login, password):
for field in conf.keys():
conf[field] = conf[field].replace("^USER^", login).replace("^PASS^", password)
return conf
def run(self):
""" Run thread """
need_retest = False
word = False
conf = self._make_conf_from_str(self.confstr)
while not self.pass_found and not self.done:
try:
self.last_action = int(time.time())
if self.pass_found:
self.done = True
break
if self.delay:
time.sleep(self.delay)
if not need_retest:
word = self.queue.get()
self.counter.up()
if (self.pass_min_len and len(word) < self.pass_min_len) or \
(self.pass_max_len and len(word) > self.pass_max_len):
continue
work_conf = self._fill_conf(dict(conf), self.login, word)
try:
resp = self.http.post(
self.protocol + "://" + self.host + self.url, data=work_conf, allow_redirects=True
)
except ConnectionError:
need_retest = True
self.http.change_proxy()
continue
if self.is_retest_need(word, resp):
time.sleep(self.retest_delay)
need_retest = True
continue
positive_item = False
if (len(self.false_phrase) and
not resp.content.count(self.false_phrase)) or \
(len(self.true_phrase) and resp.content.count(self.true_phrase)):
self.result.append({'word': word, 'content': resp.content})
positive_item = True
self.check_positive_limit_stop(self.result)
self.log_item(word, resp, positive_item)
if positive_item and int(self.first_stop):
self.done = True
self.pass_found = True
break
need_retest = False
except Queue.Empty:
self.done = True
break
except ChunkedEncodingError as e:
self.logger.ex(e)
except BaseException as e:
try:
if str(e).count('Cannot connect to proxy'):
need_retest = True
else:
self.logger.log(str(word) + " " + str(e))
except UnicodeDecodeError:
pass
except UnboundLocalError:
self.logger.ex(e)
finally:
pass
class DafsThread(threading.Thread):
""" Thread class for Dafs modules """
queue = None
method = None
url = None
mask_symbol = None
counter = None
retested_words = None
last_action = 0
retest_limit = int(Registry().get('config')['dafs']['retest_limit'])
def __init__(
self, queue, protocol, host, url, method, mask_symbol, not_found_re,
not_found_codes, retest_codes, delay, counter, result):
threading.Thread.__init__(self)
self.retested_words = {}
self.queue = queue
self.protocol = protocol.lower()
self.host = host
self.method = method if not (len(not_found_re) and method.lower() == 'head') else 'get'
self.url = url
self.mask_symbol = mask_symbol
self.counter = counter
self.result = result
self.done = False
self.not_found_re = False if not len(not_found_re) else re.compile(not_found_re)
not_found_codes = not_found_codes.split(',')
not_found_codes.append('404')
self.not_found_codes = list(set(not_found_codes))
self.retest_codes = list(set(retest_codes.split(','))) if len(retest_codes) else []
self.delay = int(delay)
self.http = copy.deepcopy(Registry().get('http'))
self.logger = Registry().get('logger')
def run(self):
""" Run thread """
req_func = getattr(self.http, self.method)
need_retest = False
word = False
while not self.done:
self.last_action = int(time.time())
if self.delay:
time.sleep(self.delay)
try:
if not need_retest:
word = self.queue.get()
self.counter.up()
try:
url = self.url.replace(self.mask_symbol, word)
except UnicodeDecodeError:
self.logger.log(
"URL build error (UnicodeDecodeError) with word '{0}', skip it".format(pprint.pformat(word)),
_print=False
)
continue
rtime = int(time.time())
try:
resp = req_func(self.protocol + "://" + self.host + url)
except ConnectionError:
need_retest = True
self.http.change_proxy()
continue
binary_content = resp is not None \
and 'content-type' in resp.headers \
and is_binary_content_type(resp.headers['content-type'])
if resp is not None and len(self.retest_codes) and str(resp.status_code) in self.retest_codes:
if word not in self.retested_words.keys():
self.retested_words[word] = 0
self.retested_words[word] += 1
if self.retested_words[word] <= self.retest_limit:
need_retest = True
time.sleep(int(Registry().get('config')['dafs']['retest_delay']))
continue
if resp is not None \
and str(resp.status_code) not in self.not_found_codes \
and not (not binary_content and self.not_found_re and self.not_found_re.findall(resp.content)):
self.result.append({
'url': url,
'code': resp.status_code,
'time': int(time.time()) - rtime
})
self.logger.item(word, resp.content if not resp is None else "", binary_content)
if len(self.result) >= int(Registry().get('config')['main']['positive_limit_stop']):
Registry().set('positive_limit_stop', True)
need_retest = False
except Queue.Empty:
self.done = True
break
except ChunkedEncodingError as e:
self.logger.ex(e)
except BaseException as e:
try:
if str(e).count('Cannot connect to proxy'):
need_retest = True
else:
self.logger.ex(e)
except UnicodeDecodeError:
pass
except UnboundLocalError:
self.logger.ex(e)
finally:
pass
class DnsBruteThread(threading.Thread):
""" Thread class for DnsBrute* modules """
done = False
def __init__(self, queue, domains, template, proto, msymbol, ignore_ip, dns_srv, delay, http_nf_re, ignore_words_re, result, counter):
threading.Thread.__init__(self)
self.queue = queue
self.domains = domains
self.proto = proto
self.dns_srv = dns_srv
self.counter = counter
self.msymbol = msymbol
self.template = template
self.result = result
self.delay = int(delay)
self.done = False
self.logger = Registry().get('logger')
self.ignore_ip = ignore_ip
self.http_nf_re = re.compile(http_nf_re) if len(http_nf_re) else None
self.ignore_words_re = False if not len(ignore_words_re) else re.compile(ignore_words_re)
def run(self):
""" Run thread """
ip_re = re.compile(r"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
ns_resp_re = re.compile(r";ANSWER\s(?P<data>(.|\s)*)\s;AUTHORITY", re.M)
req_func = getattr(dns.query, self.proto.lower())
need_retest = False
while True:
if self.delay:
time.sleep(self.delay)
try:
if not need_retest:
host = self.queue.get()
if not len(host.strip()) or (self.ignore_words_re and self.ignore_words_re.findall(host)):
continue
self.counter.up()
for domain in self.domains:
check_name = self.template.replace(self.msymbol, host.decode('utf8', 'ignore')) + '.' + domain
query = dns.message.make_query(check_name, 'A')
try:
result = req_func(query, self.dns_srv, timeout=5)
except EOFError:
time.sleep(3)
need_retest = True
break
except BaseException as e:
if str(e).count("Connection refused") or\
str(e).count("Connection reset by peer") or\
str(e).count("[Errno 104]"):
time.sleep(3)
need_retest = True
break
else:
raise e
response = ns_resp_re.search(result.to_text())
if response is not None:
for ip in ip_re.findall(response.group('data')):
if not len(self.ignore_ip) or ip != self.ignore_ip:
if self.http_nf_re is not None:
resp = Registry().get('http').get(
"http://{0}/".format(ip),
headers={'Host': check_name},
allow_redirects=False)
if not self.http_nf_re.findall(resp.text):
self.result.append({'name': check_name, 'ip': ip, 'dns': self.dns_srv})
else:
resp = Registry().get('http').get(
"https://{0}/".format(ip),
headers={'Host': check_name},
allow_redirects=False,
verify=False)
if not self.http_nf_re.findall(resp.text):
self.result.append({'name': check_name, 'ip': ip, 'dns': self.dns_srv})
else:
self.result.append({'name': check_name, 'ip': ip, 'dns': self.dns_srv})
break
if len(self.result) >= int(Registry().get('config')['main']['positive_limit_stop']):
Registry().set('positive_limit_stop', True)
need_retest = False
except Queue.Empty:
self.done = True
break
except dns.exception.Timeout:
need_retest = True
time.sleep(1)
except BaseException as e:
self.logger.ex(e)
self.logger.log("Exception with {0}".format(self.dns_srv))
time.sleep(5)
class SFormBruterThread(SeleniumThread):
""" Thread class for FormBruter module (selenium) """
queue = None
method = None
url = None
mask_symbol = None
counter = None
retested_words = None
logger = None
last_action = 0
first_page_load = False
def __init__(
self,
queue,
protocol,
host,
url,
false_phrase,
true_phrase,
delay,
ddos_phrase,
ddos_human,
recreate_phrase,
conffile,
first_stop,
login, #reload_form_page,
pass_found,
counter,
result):
super(SFormBruterThread, self).__init__()
self.retested_words = {}
self.queue = queue
self.protocol = protocol.lower()
self.host = host
self.url = url
self.delay = int(delay)
self.ddos_phrase = ddos_phrase
self.ddos_human = ddos_human
self.recreate_phrase = recreate_phrase
self.conffile = conffile
self.false_phrase = false_phrase
self.true_phrase = true_phrase
self.first_stop = first_stop
self.login = login
self.pass_found = pass_found
self.logger = Registry().get('logger')
#self.reload_form_page = int(reload_form_page)
self.browser_create()
self.counter = counter
self.result = result
self.done = False
Registry().set('url_for_proxy_check',
"{0}://{1}".format(protocol, host))
def parse_brute_config(self, path):
""" Parse conf file to dict """
to_return = {}
have_user = False
have_pass = False
have_submit = False
fh = open(path)
for line in fh.readlines():
if not len(line.strip()):
continue
point, selector = line.strip().split(" ")
if point == "^USER^":
have_user = True
if point == "^PASS^":
have_pass = True
if point == "^SUBMIT^":
have_submit = True
to_return[point] = selector
return to_return
def run(self):
""" Run thread """
need_retest = False
word = False
brute_conf = self.parse_brute_config(self.conffile)
while not self.pass_found and not self.done:
try:
self.last_action = int(time.time())
if self.pass_found:
self.done = True
break
if self.delay:
time.sleep(self.delay)
if not need_retest:
word = self.queue.get()
self.counter.up()
#if self.reload_form_page or \
# (not self.browser.element_exists(By.CSS_SELECTOR, brute_conf['^USER^']) or
# not self.browser.element_exists(By.CSS_SELECTOR, brute_conf['^PASS^'])) :
#self.browser.get(self.protocol + "://" + self.host + self.url)
self.browser.get(self.protocol + "://" + self.host + self.url)
if len(self.recreate_phrase
) and self.browser.page_source.lower().count(
self.recreate_phrase.lower()):
need_retest = True
self.browser_close()
self.browser_create()
continue
self.browser.find_element(By.CSS_SELECTOR,
brute_conf['^USER^']).clear()
self.browser.find_element(By.CSS_SELECTOR,
brute_conf['^USER^']).send_keys(
self.login)
self.browser.find_element(By.CSS_SELECTOR,
brute_conf['^PASS^']).clear()
self.browser.find_element(By.CSS_SELECTOR,
brute_conf['^PASS^']).send_keys(word)
self.browser.find_element(By.CSS_SELECTOR,
brute_conf['^SUBMIT^']).click()
time.sleep(1)
self.logger.item(word, self.browser.page_source, True)
if ((len(self.false_phrase)
and not self.browser.page_source.count(self.false_phrase))
or
(len(self.true_phrase)
and self.browser.page_source.count(self.true_phrase))):
self.result.append({
'word': word,
'content': self.browser.page_source
})
#self.logger.log("Result: {0}".format(word))
if len(self.result) >= int(Registry().get('config')['main']
['positive_limit_stop']):
Registry().set('positive_limit_stop', True)
if int(self.first_stop):
self.done = True
self.pass_found = True
break
else:
# Иначе старая сессия останется и будет куча false-positive
self.browser_close()
self.browser_create()
need_retest = False
except Queue.Empty:
self.done = True
break
except TimeoutException as e:
need_retest = True
self.browser_close()
self.browser_create()
continue
except UnicodeDecodeError as e:
self.logger.ex(e)
need_retest = False
except BaseException as e:
try:
need_retest = True
if len(e.args) and e.args[0] == 111:
self.browser_close()
self.browser_create()
elif not str(e).count('Timed out waiting for page load'):
self.logger.ex(e)
except UnicodeDecodeError:
need_retest = False
self.up_requests_count()
self.browser_close()
class SBackupsFinderThread(SeleniumThread):
""" Thread class for BF module (selenium) """
queue = None
method = None
url = None
counter = None
last_action = 0
def __init__(
self, queue, domain, protocol, method, not_found_re,
delay, ddos_phrase, ddos_human, recreate_re, counter, result
):
super(SBackupsFinderThread, self).__init__()
self.queue = queue
self.method = method if not (len(not_found_re) and method.lower() == 'head') else 'get'
self.domain = domain
self.result = result
self.counter = counter
self.protocol = protocol
self.not_found_re = False if not len(not_found_re) else re.compile(not_found_re)
self.done = False
self.http = Registry().get('http')
self.delay = int(delay)
self.ddos_phrase = ddos_phrase
self.ddos_human = ddos_human
self.recreate_re = False if not len(recreate_re) else re.compile(recreate_re)
self.logger = Registry().get('logger')
Registry().set('url_for_proxy_check', "{0}://{1}".format(protocol, domain))
self.browser_create()
def run(self):
""" Run thread """
while not self.done:
self.last_action = int(time.time())
if self.delay:
time.sleep(self.delay)
try:
word = self.queue.get()
self.counter.up()
url = "{0}://{1}{2}".format(self.protocol, self.domain, word)
self.browser.get(url)
if self.recreate_re and self.recreate_re.findall(self.browser.page_source):
#self.queue.task_done(word)
#self.queue.put(word)
self.browser_close()
self.browser_create()
continue
positive_item = False
if not self.not_found_re.findall(self.browser.page_source):
self.result.append(word)
positive_item = True
self.logger.item(word, self.browser.page_source, True, positive=positive_item)
if len(self.result) >= int(Registry().get('config')['main']['positive_limit_stop']):
Registry().set('positive_limit_stop', True)
#self.queue.task_done(word)
except Queue.Empty:
self.done = True
break
except TimeoutException as e:
self.queue.put(word)
self.browser_close()
self.browser_create()
continue
except BaseException as e:
#self.queue.task_done(word)
if not str(e).count('Timed out waiting for page load'):
self.logger.ex(e)
if str(e).count("Connection refused"):
self.queue.put(word)
self.browser_close()
self.browser_create()
self.up_requests_count()
self.browser_close()
class FormBruterThread(threading.Thread):
""" Thread class for FormBruter module """
queue = None
method = None
url = None
mask_symbol = None
counter = None
last_action = 0
logger = None
retested_words = None
last_action = 0
retest_limit = int(Registry().get('config')['dafs']['retest_limit'])
def __init__(self, queue, protocol, host, url, false_phrase, true_phrase,
retest_codes, delay, confstr, first_stop, login, pass_found,
counter, result):
threading.Thread.__init__(self)
self.retested_words = {}
self.queue = queue
self.protocol = protocol.lower()
self.host = host
self.url = url
self.false_phrase = false_phrase
self.true_phrase = true_phrase
self.delay = int(delay)
self.confstr = confstr
self.first_stop = first_stop
self.login = login
self.counter = counter
self.result = result
self.retest_codes = list(set(
retest_codes.split(','))) if len(retest_codes) else []
self.pass_found = pass_found
self.done = False
self.logger = Registry().get('logger')
self.http = copy.deepcopy(Registry().get('http'))
self.http.every_request_new_session = True
def _make_conf_from_str(self, confstr):
result = {}
tmp = confstr.split("&")
for tmp_row in tmp:
field, value = tmp_row.split("=")
result[field] = value
return result
def _fill_conf(self, conf, login, password):
for field in conf.keys():
conf[field] = conf[field].replace("^USER^", login).replace(
"^PASS^", password)
return conf
def run(self):
""" Run thread """
need_retest = False
word = False
conf = self._make_conf_from_str(self.confstr)
while not self.pass_found and not self.done:
try:
self.last_action = int(time.time())
if self.pass_found:
self.done = True
break
if self.delay:
time.sleep(self.delay)
if not need_retest:
word = self.queue.get()
self.counter.up()
work_conf = self._fill_conf(dict(conf), self.login, word)
try:
resp = self.http.post(self.protocol + "://" + self.host +
self.url,
data=work_conf,
allow_redirects=True)
except ConnectionError:
need_retest = True
self.http.change_proxy()
continue
if resp is not None and len(self.retest_codes) and str(
resp.status_code) in self.retest_codes:
if word not in self.retested_words.keys():
self.retested_words[word] = 0
self.retested_words[word] += 1
if self.retested_words[word] <= self.retest_limit:
need_retest = True
time.sleep(
int(Registry().get('config')['dafs']
['retest_delay']))
continue
self.logger.item(word,
resp.content if not resp is None else "")
if (len(self.false_phrase) and
not resp.content.count(self.false_phrase)) or \
(len(self.true_phrase) and resp.content.count(self.true_phrase)):
self.result.append({'word': word, 'content': resp.content})
#self.logger.log("Result: {0}".format(word))
if len(self.result) >= int(Registry().get('config')['main']
['positive_limit_stop']):
Registry().set('positive_limit_stop', True)
if int(self.first_stop):
self.done = True
self.pass_found = True
break
need_retest = False
except Queue.Empty:
self.done = True
break
except ChunkedEncodingError:
self.logger.ex(e)
except BaseException as e:
try:
if str(e).count('Cannot connect to proxy'):
need_retest = True
else:
self.logger.log(str(word) + " " + str(e))
except UnicodeDecodeError:
pass
except UnboundLocalError:
self.logger.ex(e)
finally:
pass
