def from_facets(search_string, chosen_facets):
"""This prints the result from a shodan search with a given facet"""
# Developer Shodan API key
shodan_key_string = open(
config_params.SHODAN_KEY_FILE).readline().rstrip('\n')
# Connecting to the SHODAN DB
shodan_api = shodan.Shodan(shodan_key_string)
facets = load_facets()
try:
# Use the count() method because it doesn't return results and doesn't require a paid API plan
# And it also runs faster than doing a search().
result = shodan_api.count(search_string, facets=chosen_facets)
menu_utils.highlighted_info('Results found: %s' % result['total'])
# Print the summary info from the facets
if 'facets' in result.keys():
for facet in result['facets']:
if facet in facets.keys():
menu_utils.header(facets[facet] % chosen_facets[0][1])
for term in result['facets'][facet]:
menu_utils.mixed_info("[+] " + str(term['value']) + ": ",
str(term['count']))
except shodan.APIError as e:
menu_utils.error(e)
def from_domain(domain):
"""This prints registry info about a given domain"""
try:
""" Consult IPV4 registry """
ans_a = dns.resolver.query(domain, 'A')
""" Consult IPV6 registry """
ans_aaaa = dns.resolver.query(domain, 'AAAA')
""" Consult MailServers registry """
ans_mx = dns.resolver.query(domain, 'MX')
""" Consult NameServers registry """
ans_ns = dns.resolver.query(domain, 'NS')
menu_utils.header("Response of hacking tools for IPV4")
print(ans_a.response.to_text())
menu_utils.header("Response of hacking tools for IPV6")
print(ans_aaaa.response.to_text())
menu_utils.header("Response of hacking tools for MailServers")
print(ans_mx.response.to_text())
menu_utils.header("Response of hacking tools for NameServers")
print(ans_ns.response.to_text())
except (dns.resolver.NoAnswer, dns.resolver.NXDOMAIN,
dns.exception.Timeout) as e:
menu_utils.error(e)
def _ftp_connection_attempt(ip, port, user, passw, my_queue):
try:
ftp = FTP(ip, timeout=config_params.FTP_SERVER_TIMEOUT)
ftp.login(user, passw)
my_queue.put(passw)
except ftplib.error_perm:
return
except OSError as e:
menu_utils.error(e)
def results_in_google(query):
"""This will return the number of results found in google using the given query"""
counter = 0
try:
for j in search(query, tld="com", num=1, stop=1, pause=2):
counter += 1
except urllib.error.HTTPError as e:
menu_utils.error(e)
return counter
def from_domain(domain):
"""This prints GEO info about a given domain, retrieved from the given geoDB"""
try:
gi = pygeoip.GeoIP(config_params.GEO_FILE)
menu_utils.header("Info retrieved")
menu_utils.mixed_info("[+] Server country code from domain: ",
gi.country_code_by_name(domain))
except pygeoip.socket.gaierror as e:
menu_utils.error(e)
def _ssh_connection_attempt(ip, port, user, passw, my_queue):
conn_ssh = paramiko.SSHClient()
conn_ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
conn_ssh.connect(ip, port, user, passw)
my_queue.put(passw)
except paramiko.AuthenticationException:
return
except (socket.error, socket.timeout,
paramiko.ssh_exception.SSHException) as e:
menu_utils.error(e)
def from_ip(ip):
"""This prints GEO info about a given IP, retrieved from the given geoDB"""
try:
gi = pygeoip.GeoIP(config_params.GEO_FILE)
menu_utils.header("Info retrieved")
menu_utils.mixed_info("[+] Server country code from IP: ",
gi.country_code_by_addr(ip))
menu_utils.mixed_info("[+] Server time zone from IP: ",
gi.time_zone_by_addr(ip))
menu_utils.highlighted_info("[+] Server complete info from IP: ")
pprintpp.pprint(gi.record_by_addr(ip))
except OSError as e:
menu_utils.error(e)
def from_pdf(pdf_file):
"""This prints the metadata from a given PDF"""
try:
pdf = PdfFileReader(pdf_file, 'rb')
# Extracting info from PDF
info_pdf = pdf.getDocumentInfo()
menu_utils.header("Metadata info")
for metadata in info_pdf:
menu_utils.mixed_info("[+] " + metadata + ":", info_pdf[metadata])
except (FileNotFoundError, utils.PdfReadError) as e:
menu_utils.error(e)
def from_site(site_name, google_hack):
"""This creates and saves a list of Google dorks for a given site"""
source_file = join(config_params.GOOGLE_HACKS_FOLDER, google_hack)
menu_utils.header(source_file)
if not isfile(source_file):
menu_utils.error('Could not find source file!')
strs = [line.rstrip('\n') for line in open(source_file)]
if not strs:
menu_utils.error("Can't get data from source file!")
exit()
if site_name:
strs = append_sitename(strs, site_name)
save_output(strs)
def from_search(search_string):
"""This prints the result from a shodan search with a given string"""
# Developer Shodan API key
shodan_key_string = open(
config_params.SHODAN_KEY_FILE).readline().rstrip('\n')
# Connecting to the SHODAN DB
shodan_api = shodan.Shodan(shodan_key_string)
try:
results = shodan_api.search(search_string) # apache
# Print results
menu_utils.highlighted_info('Results found: %s' % results['total'])
counter = 0
for i in results['matches']:
counter += 1
menu_utils.header('Result #%s' % counter)
if i['ip_str']:
if i['ip_str'] != "":
menu_utils.mixed_info("[+] IP: ", i['ip_str'])
if i['port']:
if i['port'] != "":
menu_utils.mixed_info("[+] Port: ", i['port'])
if i['hostnames']:
if i['hostnames'] != "":
print('Hostnames: ' % i['hostnames'])
menu_utils.mixed_info("[+] Hostnames: ", i['hostnames'])
if i['os']:
if i['os'] != "":
menu_utils.mixed_info("[+] Operating system: ", i['os'])
if i['data']:
if i['data'] != "":
menu_utils.mixed_info("[+] Data: ", i['data'])
if i['timestamp']:
if i['timestamp'] != "":
menu_utils.mixed_info("[+] Timestamp: ", i['timestamp'])
print('')
except shodan.APIError as e:
menu_utils.error(e)
def from_ip(ip):
"""This prints the result from a shodan search with a given IP"""
# Developer Shodan API key
shodan_key_string = open(
config_params.SHODAN_KEY_FILE).readline().rstrip('\n')
# Connecting to the SHODAN DB
shodan_api = shodan.Shodan(shodan_key_string)
try:
host = shodan_api.host(ip)
menu_utils.header("Info retrieved")
menu_utils.mixed_info("[+] IP: ", host['ip_str'])
menu_utils.mixed_info("[+] Organization: ", host.get('org', 'n/a'))
menu_utils.mixed_info("[+] Operating system: ", host.get('os', 'n/a'))
for item in host['data']:
menu_utils.mixed_info("[+] Port: ", item['port'])
menu_utils.mixed_info("[+] Banner: ", item['data'])
except shodan.APIError as e:
menu_utils.error(e)
def from_image(image_file):
"""This prints the EXIF info from a given image file"""
try:
image = Image.open(image_file)
exif_image = image._getexif()
menu_utils.header("EXIF info: %s" % image_file)
pprintpp.pprint(exif_image)
if exif_image:
metadata_exif = {}
for (tag, value) in exif_image.items():
decoded = TAGS.get(tag, tag)
metadata_exif[decoded] = value
menu_utils.header("EXIF info detailed %s" % image_file)
for tag in metadata_exif.keys():
menu_utils.mixed_info("[+] %s: " % tag, metadata_exif[tag])
except (FileNotFoundError, OSError) as e:
menu_utils.error(e)
def _banner_scan(ip, port):
""" Method to obtain the banner corresponding to the port of the IP """
category = ""
banner = ""
try:
menu_utils.mixed_info("\nBanner grab: Analysing port: ", str(port))
connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection.connect((ip, port))
connection.setblocking(False)
ready = select.select([connection], [], [], config_params.BANNER_TIMEOUT)
if ready[0]:
banner = connection.recv(4096)
print("Banner: " + str(banner))
f = open(config_params.VULNERABLE_BANNERS, 'r')
category = "NON-VULNERABLE"
for banner_vulnerable in f:
if str(banner_vulnerable).strip() in str(banner).strip():
category = "VULNERABLE"
break
if category == "VULNERABLE":
menu_utils.super_highlighted_info('[+] The banner is vulnerable')
else:
menu_utils.highlighted_info('[?] The banner seems NOT vulnerable')
else:
menu_utils.warning('[-] The banner is not available')
category = "UNAVAILABLE"
except (ConnectionRefusedError, FileNotFoundError, TimeoutError) as e:
menu_utils.error(e)
category = "UNAVAILABLE"
return category, banner