def check_status(path_to_wordlist=False):
if path_to_wordlist:
local_wlist = path_to_wordlist
else:
local_wlist = internal_wlist
if utilipy.isfile(local_wlist): # local wordlist
wlist = utilipy.loadfile_wordlist(local_wlist)
location = 'local'
else: # remote wordlist
print font.color(
'red'
) + '\nwarning: wordlist not found ' + local_wlist + font.color('end')
res = raw_input(
'\npress [c] to download remote wordlist or [enter] to exit: ')
if res != 'c': exit()
wlist = utilipy.downloadfile(remote_wlist)
if wlist:
wlist = wlist.split('\n')
location = 'remote'
if wlist and location:
return location, filter(None, wlist)
else:
exit('Local wordlist not found\n' + local_wlist +
'\n\nRemote wordlist not found or connection error\n' +
remote_wlist)
def get(target, verbose, test):
text = ''
result = subscan.start(target)
if result: (alias, host) = result[0], result[1]
else: return
# Detect alias
for item in alias:
found.append([target, item[1], item[0], 'alias'])
text += font.color('yellow') + str(item[1]).ljust(18) + str(
item[0]) + font.color('end') + '\n'
# Test wildcard to detect host
if verbose and not test:
for item in host:
found.append([target, item[1], item[0], 'host'])
text += str(item[1]).ljust(18) + str(item[0]) + '\n'
# Test subdomain to detect host
if not verbose and not test:
for item in host:
found.append([target, item[1], item[0], 'host'])
text += str(item[1]) + '\t' + str(item[0]) + '\n'
# Test root domain to detect host
if test:
for item in host:
found.append([target, item[1], item[0], 'host'])
text += str(item[1]) + '\t' + str(item[0]) + '\n'
return text.rstrip()
def start_scan_zt(domain):
text = font.color(
'bold') + 'Getting zone transfer for ' + domain + font.color(
'end') + '\n\n'
text += 'Ip Address'.ljust(18) + 'Domain Name\n'
text += '----------'.ljust(18) + '-----------'
return text
def show_resolved(domain, resolve):
# if [knockpy domain.com] -> resolve is False
# resolve is True only if use -r option
# return alias and host
test_host = subscan.start(domain)
# HOST NOT FOUND for:
# [knockpy domain.com] or [knockpy -r domain.com]
if not test_host:
print font.color('red') + '\n: unknown ' + domain + font.color('end')
# if [knockpy -r domain.com]
# bye bye
if resolve: exit()
# if [knockpy domain.com]
# prepare query [c] -> continue, [enter] -> exit
query = 'press '+font.color('bold')+'[c]'\
+font.color('end')+' to continue to scan or '\
+font.color('bold')+'[enter]'+font.color('end')\
+' to exit: '
# prompt
res = raw_input(query)
if res != 'c': exit()
# set values
host_not_found = True
# I don't test wildcard, so:
wildcard_detected = False
return
# HOST NOT FOUND for:
# [knockpy domain.com] or [knockpy -r domain.com]
# get alias and host list
(alias, host) = test_host[0], test_host[1]
output = ''
# if alias exist
if alias:
for name in alias:
(ipaddr, aliasn) = str(name[1]), str(name[0])
output += font.color('yellow') + ipaddr.ljust(
18) + aliasn + '\n' + font.color('end')
# host always exists
len_host = len(host)
for i in xrange(0, len_host):
# get hostname by ip
(ipaddr, hostname) = host[i][1], host[i][0]
if ipaddr == hostname:
hostname = subscan.hostbyip(domain)
output += ipaddr.ljust(18) + hostname + '\n'
print output
def cogito(found, targetlist):
# print found # enable for debug
ipaddr = []
subdomain = []
subdomain_in_wlist = []
subdomain_for_ip = []
len_found = len(found)
# ip address discovered
for i in xrange(0, len_found):
ipaddr.append(found[i][1])
uniq_ipaddr = set(ipaddr)
# subdomain discovered
for i in xrange(0, len_found):
subdomain.append(found[i][2])
uniq_subdomain = set(subdomain)
# subdomain in wordlist
for subdomain in uniq_subdomain:
if subdomain in targetlist:
subdomain_in_wlist.append(subdomain)
uniq_wlist = set(subdomain_in_wlist)
report = '\nFound '+font.color('bold')+str(len(uniq_subdomain))\
+font.color('end')+' subdomain(s) in '+font.color('bold')+str(len(uniq_ipaddr))+font.color('end')+' host(s).\n'\
+font.color('bold')+str(len(uniq_wlist))+font.color('end')+'/'+font.color('bold')+str(len(uniq_subdomain))+font.color('end')\
+' subdomain(s) are in wordlist.'
return report
def show_wildcard(domain):
# host_not_found is False by default
# or set to True by show_resolved(domain, resolve)
if host_not_found: return
# test wildcard
global wildcard_detected
wildcard_detected = False
wildcard_test = wildcard.test(domain)
if wildcard_test[0]:
wildcard_detected = True
# set a new value for code
# from random subdomain response headers
global wcode
wcode = str(wildcard_test[0][0])
print font.color(
'red') + '\n: wildcard detected: ' + wcode + font.color('end')
def stats_summary():
return font.color('bold')+'\nSummary\n'+font.color('end')
def target(domain):
text = font.color('bold')+'Target information '+domain+font.color('end')+'\n\n'
text += 'Ip Address'.ljust(18) + 'Target Name\n'
text += '----------'.ljust(18) + '-----------'
return text
def start_scan(domain):
text = font.color('bold') + 'Getting subdomain for ' + domain + font.color('end') + '\n\n'
text += 'Ip Address'.ljust(18) + 'Domain Name'.ljust(21) +'Count\n'
text += '----------'.ljust(18) + '-----------'.ljust(21) +'-----'
return text
def status_wordlist(location, wlist):
return font.color('ciano')+'\nLoaded '+font.color('bold')+location+font.color('end')\
+font.color('ciano')+' wordlist with '+font.color('bold')+str(len(wlist))+font.color('end')\
+font.color('ciano')+' item(s)\n'+font.color('end')
