def populate_site(site, args):
"""
Parse sites in XML files and return objects.
"""
try:
xml_tree = parse("%s/%s.xml" % (SITES_DIR, site)).getroot()
except Exception:
print("%s parsing XML file \"%s\". Skipping...\n" % (ERROR,
color(site, BW)))
return
site_properties = AttribDict()
for _ in xml_tree:
if _.tag == "multiple_params":
site_properties.multiple_params = True
site_properties.multiple_params_url = _.attrib["value"]
continue
if _.tag in ("custom_search", "time_parameter", "invalid_http_status",
"custom_response_header"):
site_properties[_.tag] = _.attrib
continue
if "value" in _.attrib:
site_properties[_.tag] = _.attrib["value"]
if "type" in _.attrib:
site_properties["%s_type" % _.tag] = _.attrib["type"]
if site_properties.multiple_params:
site_properties.multiple_params = []
for _ in xml_tree.getiterator('param'):
params = {}
for k, v in _.attrib.items():
if v:
params[k] = v
if params:
site_properties.multiple_params.append(params)
match = re.match(r"(?P<type>[^:]+)://[^.]+(\.\w+)*",
site_properties.login_url, re.I)
if not match:
print("%s unable to read URL for login in XML file for \"%s\". "
"Skipping site...\n" % (ERROR, color(site_properties.name, BW)))
return
if args.safe_urls and match.group("type").upper() != "HTTPS":
if args.verbose:
print("%s URL uses an unsafe transportation mechanism: \"%s\". "
"Skipping site...\n" % (WARN, match.group("type").upper()))
return
if(not site_properties.login_parameter or
not site_properties.password_parameter):
print("%s current XML file is missing parameter(s) for login. "
"Skipping site...\n" % ERROR)
return
return site_properties
def populate_site(site, args):
"""
Parse sites in XML files and return objects.
"""
try:
xml_tree = parse("%s/%s.xml" % (SITES_DIR, site)).getroot()
except Exception:
print("%s parsing XML file \"%s\". Skipping...\n" %
(ERROR, color(site, BW)))
return
site_properties = AttribDict()
for _ in xml_tree:
if _.tag == "multiple_params":
site_properties.multiple_params = True
site_properties.multiple_params_url = _.attrib["value"]
continue
if _.tag in ("custom_search", "time_parameter", "invalid_http_status",
"custom_response_header"):
site_properties[_.tag] = _.attrib
continue
if "value" in _.attrib:
site_properties[_.tag] = _.attrib["value"]
if "type" in _.attrib:
site_properties["%s_type" % _.tag] = _.attrib["type"]
if site_properties.multiple_params:
site_properties.multiple_params = []
for _ in xml_tree.getiterator('param'):
params = {}
for k, v in _.attrib.items():
if v:
params[k] = v
if params:
site_properties.multiple_params.append(params)
match = re.match(r"(?P<type>[^:]+)://[^.]+(\.\w+)*",
site_properties.login_url, re.I)
if not match:
print("%s unable to read URL for login in XML file for \"%s\". "
"Skipping site...\n" % (ERROR, color(site_properties.name, BW)))
return
if args.safe_urls and match.group("type").upper() != "HTTPS":
if args.verbose:
print("%s URL uses an unsafe transportation mechanism: \"%s\". "
"Skipping site...\n" % (WARN, match.group("type").upper()))
return
if (not site_properties.login_parameter
or not site_properties.password_parameter):
print("%s current XML file is missing parameter(s) for login. "
"Skipping site...\n" % ERROR)
return
return site_properties
def login():
"""
Verify credentials for login and check if login was successful.
"""
if(target.username_or_email == "email" and not
credentials["email"] or
target.username_or_email == "username" and not
credentials["username"]):
if args.verbose:
print("%s Skipping %s\"%s\" since "
"no \"%s\" was specified.\n" %
(INFO, "[%s:%s] on " %
(credentials["username"] or
credentials["email"], credentials["password"]) if
args.load_file else "", color(target.name),
color(target.username_or_email, BW)))
login_skipped.append(target.name)
return
print("%s Testing %s\"%s\"..." %
(TEST, "[%s:%s] on " % (credentials["username"] or
credentials["email"],
credentials["password"]) if
args.load_file else "", color(target.name, BW)))
cookie_handler.clear()
if target.perform_login(credentials, cookie_handler):
log.write(">>> %s - %s:%s\n" %
(target.name, credentials["username"] or
credentials["email"], credentials["password"]))
login_sucessful.append("%s%s" %
(target.name, " [%s:%s]" %
(credentials["username"] or
credentials["email"],
credentials["password"]) if
args.load_file else ""))
else:
login_failed.append(target.name)
def login():
"""
Verify credentials for login and check if login was successful.
"""
if (target.username_or_email == "email"
and not credentials["email"]
or target.username_or_email == "username"
and not credentials["username"]):
if args.verbose:
print("%s Skipping %s\"%s\" since "
"no \"%s\" was specified.\n" %
(INFO, "[%s:%s] on " %
(credentials["username"] or credentials["email"],
credentials["password"]) if args.load_file else "",
color(target.name),
color(target.username_or_email, BW)))
login_skipped.append(target.name)
return
print("%s Testing %s\"%s\"..." %
(TEST, "[%s:%s] on " %
(credentials["username"] or credentials["email"],
credentials["password"]) if args.load_file else "",
color(target.name, BW)))
cookie_handler.clear()
if target.perform_login(credentials, cookie_handler):
log.write(">>> %s - %s:%s\n" %
(target.name, credentials["username"]
or credentials["email"], credentials["password"]))
login_sucessful.append(
"%s%s" %
(target.name, " [%s:%s]" %
(credentials["username"] or credentials["email"],
credentials["password"]) if args.load_file else ""))
else:
login_failed.append(target.name)
def main():
"""
Initializes and executes the program.
"""
login_sucessful = []
login_failed = []
login_skipped = []
version = check_revision(VERSION)
print("%s\n\n%s %s (%s)\n" % (
BANNER % tuple([color(_) for _ in BANNER_PASSWORDS]),
NAME, version, URL))
args = parse_args()
if args.update:
update()
exit()
if args.list:
sites = list_sites()
for _ in sites:
print("- %s" % _)
exit()
if not args.password and not args.load_file:
args.password = getpass("%s Please enter password:"******"(?P<type>[^:]+)://(?P<address>[^:]+)"
r":(?P<port>\d+)", args.proxy, re.I)
if match:
if match.group("type").upper() in ("HTTP", "HTTPS"):
proxy_host = "%s:%s" % (match.group("address"),
match.group("port"))
proxy_handler = ProxyHandler({"http": proxy_host,
"https": proxy_host})
else:
from thirdparty.socks import socks
if match.group("type").upper() == "SOCKS4":
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4,
match.group("address"),
int(match.group("port")), True)
elif match.group("type").upper() == "SOCKS5":
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5,
match.group("address"),
int(match.group("port")), True)
proxy_handler = None
else:
proxy_handler = ProxyHandler()
else:
proxy_handler = None
opener = build_opener(HTTPHandler(), HTTPSHandler(),
HTTPCookieProcessor(cookie_handler))
if proxy_handler:
opener.add_handler(proxy_handler)
install_opener(opener)
with open(USER_AGENTS_FILE, 'r') as ua_file:
args.user_agent = sample(ua_file.readlines(), 1)[0].strip()
credentials = {"username": args.username, "email": args.email,
"password": quote(args.password)}
sites = list_sites()
if args.only:
sites = [site for site in sites if site in args.only]
elif args.exclude:
sites = [site for site in sites if site not in args.exclude]
print("%s Loaded %d %s to test." %
(INFO, len(sites), "site" if len(sites) == 1 else "sites"))
if args.load_file:
if not isfile(args.load_file):
print("%s could not find the file \"%s\"" %
(WARN, color(args.load_file)))
exit()
_ = sum(1 for line in open(args.load_file, "r"))
if _ < 1:
print("%s the file \"%s\" doesn't contain any valid credentials." %
(WARN, color(args.load_file)))
exit()
print("%s Loaded %d credential%s from \"%s\".\n" %
(INFO, _, "s" if _ != 1 else "", color(args.load_file)))
print("%s Starting tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))
if not exists(OUTPUT_DIR):
makedirs(OUTPUT_DIR)
log = logger("%s/credmap" % OUTPUT_DIR)
log.open()
for site in sites:
_ = populate_site(site, args)
if not _:
continue
target = Website(_, {"verbose": args.verbose})
if not target.user_agent:
target.user_agent = args.user_agent
def login():
"""
Verify credentials for login and check if login was successful.
"""
if(target.username_or_email == "email" and not
credentials["email"] or
target.username_or_email == "username" and not
credentials["username"]):
if args.verbose:
print("%s Skipping %s\"%s\" since "
"no \"%s\" was specified.\n" %
(INFO, "[%s:%s] on " %
(credentials["username"] or
credentials["email"], credentials["password"]) if
args.load_file else "", color(target.name),
color(target.username_or_email, BW)))
login_skipped.append(target.name)
return
print("%s Testing %s\"%s\"..." %
(TEST, "[%s:%s] on " % (credentials["username"] or
credentials["email"],
credentials["password"]) if
args.load_file else "", color(target.name, BW)))
cookie_handler.clear()
if target.perform_login(credentials, cookie_handler):
log.write(">>> %s - %s:%s\n" %
(target.name, credentials["username"] or
credentials["email"], credentials["password"]))
login_sucessful.append("%s%s" %
(target.name, " [%s:%s]" %
(credentials["username"] or
credentials["email"],
credentials["password"]) if
args.load_file else ""))
else:
login_failed.append(target.name)
if args.load_file:
with open(args.load_file, "r") as load_list:
for user in load_list:
user = user.rstrip().split(":", 1)
if not user[0]:
continue
match = re.match(r"^[A-Za-z0-9._%+-]+@(?:[A-Z"
r"a-z0-9-]+\.)+[A-Za-z]{2,12}$", user[0])
credentials = {"email": user[0] if match else None,
"username": None if match else user[0],
"password": user[1]}
login()
else:
login()
log.close()
if not args.verbose:
print()
if len(login_sucessful) > 0 or len(login_failed) > 0:
_ = "%s/%s" % (color(len(login_sucessful), BW),
color(len(login_sucessful) + len(login_failed), BW))
sign = PLUS if len(login_sucessful) > (len(login_failed) +
len(login_skipped)) else INFO
print("%s Succesfully logged in%s." %
(sign, " with %s credentials on the list." % _ if args.load_file
else "to %s websites." % _),)
print("%s An overall success rate of %s.\n" %
(sign, color("%%%s" % (100 * len(login_sucessful) /
(len(login_sucessful) +
len(login_failed))), BW)))
if len(login_sucessful) > 0:
print("%s The provided credentials worked on the following website%s: "
"%s\n" % (PLUS, "s" if len(login_sucessful) != 1 else "",
", ".join(login_sucessful)))
print("%s Finished tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))
def main():
"""
Initializes and executes the program.
"""
login_sucessful = []
login_failed = []
login_skipped = []
version = check_revision(VERSION)
print("%s\n\n%s %s (%s)\n" %
(BANNER % tuple([color(_)
for _ in BANNER_PASSWORDS]), NAME, version, URL))
args = parse_args()
if args.update:
update()
exit()
sites = list_sites()
if args.list:
for _ in sites:
print("- %s" % _)
exit()
if not args.password and not args.load_file:
args.password = getpass("%s Please enter password:"******"(?P<type>[^:]+)://(?P<address>[^:]+)"
r":(?P<port>\d+)", args.proxy, re.I)
if match:
if match.group("type").upper() in ("HTTP", "HTTPS"):
proxy_host = "%s:%s" % (match.group("address"),
match.group("port"))
proxy_handler = ProxyHandler({
"http": proxy_host,
"https": proxy_host
})
else:
from thirdparty.socks import socks
if match.group("type").upper() == "SOCKS4":
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4,
match.group("address"),
int(match.group("port")), True)
elif match.group("type").upper() == "SOCKS5":
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5,
match.group("address"),
int(match.group("port")), True)
proxy_handler = None
else:
proxy_handler = ProxyHandler()
else:
proxy_handler = None
opener = build_opener(HTTPHandler(), HTTPSHandler(),
HTTPCookieProcessor(cookie_handler))
if proxy_handler:
opener.add_handler(proxy_handler)
install_opener(opener)
with open(USER_AGENTS_FILE, 'r') as ua_file:
args.user_agent = sample(ua_file.readlines(), 1)[0].strip()
if args.only:
sites = [site for site in sites if site in args.only]
elif args.exclude:
sites = [site for site in sites if site not in args.exclude]
print("%s Loaded %d %s to test." %
(INFO, len(sites), "site" if len(sites) == 1 else "sites"))
if args.load_file:
if not isfile(args.load_file):
print("%s could not find the file \"%s\"" %
(WARN, color(args.load_file)))
exit()
_ = sum(1 for line in open(args.load_file, "r"))
if _ < 1:
print("%s the file \"%s\" doesn't contain any valid credentials." %
(WARN, color(args.load_file)))
exit()
print("%s Loaded %d credential%s from \"%s\".\n" %
(INFO, _, "s" if _ != 1 else "", color(args.load_file)))
print("%s Starting tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))
if not exists(OUTPUT_DIR):
makedirs(OUTPUT_DIR)
log = Logger("%s/credmap" % OUTPUT_DIR)
log.open()
def get_targets():
"""
Retrieve and yield list of sites (targets) for testing.
"""
for site in sites:
_ = populate_site(site, args)
if not _:
continue
target = Website(_, {"verbose": args.verbose})
if not target.user_agent:
target.user_agent = args.user_agent
yield target
def login():
"""
Verify credentials for login and check if login was successful.
"""
if (target.username_or_email == "email" and not credentials["email"]
or target.username_or_email == "username"
and not credentials["username"]):
if args.verbose:
print(
"%s Skipping %s\"%s\" since "
"no \"%s\" was specified.\n" %
(INFO, "[%s:%s] on " %
(credentials["username"] or credentials["email"],
credentials["password"]) if args.load_file else "",
color(target.name), color(target.username_or_email, BW)))
login_skipped.append(target.name)
return
print("%s Testing %s\"%s\"..." %
(TEST, "[%s:%s] on " %
(credentials["username"] or credentials["email"],
credentials["password"]) if args.load_file else "",
color(target.name, BW)))
cookie_handler.clear()
if target.perform_login(credentials, cookie_handler):
log.write(">>> %s - %s:%s\n" %
(target.name, credentials["username"]
or credentials["email"], credentials["password"]))
login_sucessful.append(
"%s%s" % (target.name, " [%s:%s]" %
(credentials["username"] or credentials["email"],
credentials["password"]) if args.load_file else ""))
else:
login_failed.append(target.name)
if args.load_file:
if args.cred_format:
separators = [
re.escape(args.cred_format[1]),
re.escape(args.cred_format[3])
if len(args.cred_format) > 3 else "\n"
]
cred_format = re.match(r"(u|e|p)[^upe](u|e|p)(?:[^upe](u|e|p))?",
args.cred_format)
if not cred_format:
print("%s Could not parse --format: \"%s\"" %
(ERROR, color(args.cred_format, BW)))
exit()
cred_format = [
v.replace("e", "email").replace("u", "username").replace(
"p", "password") for v in cred_format.groups()
if v is not None
]
with open(args.load_file, "r") as load_list:
for user in load_list:
if args.cred_format:
match = re.match(
r"([^{0}]+){0}([^{1}]+)(?:{1}([^\n]+))?".format(
separators[0], separators[1]), user)
credentials = dict(zip(cred_format, match.groups()))
credentials["password"] = quote(credentials["password"])
if ("email" in credentials and not re.match(
r"^[A-Za-z0-9._%+-]+@(?:[A-Z"
r"a-z0-9-]+\.)+[A-Za-z]{2,12}$",
credentials["email"])):
print("%s Specified e-mail \"%s\" does not appear "
"to be correct. Skipping...\n" %
(WARN, color(credentials["email"], BW)))
continue
if "email" not in credentials:
credentials["email"] = None
elif "username" not in credentials:
credentials["username"] = None
else:
user = user.rstrip().split(":", 1)
if not user[0]:
if args.verbose:
print("%s Could not parse credentials: \"%s\"\n" %
(WARN, color(user, BW)))
continue
match = re.match(
r"^[A-Za-z0-9._%+-]+@(?:[A-Z"
r"a-z0-9-]+\.)+[A-Za-z]{2,12}$", user[0])
credentials = {
"email": user[0] if match else None,
"username": None if match else user[0],
"password": quote(user[1])
}
for target in get_targets():
login()
else:
credentials = {
"username": args.username,
"email": args.email,
"password": quote(args.password)
}
for target in get_targets():
login()
log.close()
if not args.verbose:
print()
if len(login_sucessful) > 0 or len(login_failed) > 0:
_ = "%s/%s" % (color(len(login_sucessful), BW),
color(len(login_sucessful) + len(login_failed), BW))
sign = PLUS if len(login_sucessful) > (len(login_failed) +
len(login_skipped)) else INFO
print(
"%s Succesfully logged in%s." %
(sign, " with %s credentials on the list." %
_ if args.load_file else "to %s websites." % _), )
print("%s An overall success rate of %s.\n" %
(sign,
color(
"%%%s" % (100 * len(login_sucessful) /
(len(login_sucessful) + len(login_failed))), BW)))
if len(login_sucessful) > 0:
print("%s The provided credentials worked on the following website%s: "
"%s\n" % (PLUS, "s" if len(login_sucessful) != 1 else "",
", ".join(login_sucessful)))
print("%s Finished tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))
def main():
"""
Initializes and executes the program.
"""
print("%s\n\n%s %s (%s)\n" % (BANNER, NAME, VERSION, URL))
args = parse_args()
if args.update:
update()
exit()
if args.list:
representations = list_representations()
for _ in representations:
print("- %s" % _)
print("\n")
exit()
inputs = []
params = {}
output = ""
representations = list_representations()
if args.only:
representations = [representation for representation in representations if representation in args.only]
elif args.exclude:
representations = [representation for representation in representations if representation not in args.exclude]
print("%s Loaded %d %s to apply." %
(INFO, len(representations), "representations" if len(representations) == 1 else "representations"))
if args.load_file:
if not isfile(args.load_file):
print("%s could not find the file \"%s\"" %
(WARN, color(args.load_file)))
exit()
_ = sum(1 for line in open(args.load_file, "r"))
if _ < 1:
print("%s the file \"%s\" doesn't contain any valid input." %
(WARN, color(args.load_file)))
exit()
inputs += [line.rstrip('\n') for line in open(args.load_file, "r")]
print("%s Loaded %d input strings%s from \"%s\".\n" %
(INFO, _, "s" if _ != 1 else "", color(args.load_file)))
if args.input:
inputs.append(args.input)
if(args.params):
params = parseParams(args.params)
print("%s Starting tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))
if not exists(OUTPUT_DIR):
makedirs(OUTPUT_DIR)
modules = load_representations(representations)
for string in inputs:
print("%s\n\n%s applying transformation...\n" % (string, INFO))
for module in modules:
transformation = module.transform(string, params[module.__class__.__name__] if module.__class__.__name__ in params else {}) + "\n"
output += transformation
print(module.__class__.__name__ + ":\n")
print(transformation)
print("==================================\n")
if args.output:
f = open(OUTPUT_DIR + '/' + args.output,'w')
f.write(output)
f.close()
def main():
"""
Initializes and executes the program
"""
login_sucessful = []
login_failed = []
version = check_revision(VERSION)
print("%s\n\n%s %s (%s)\n" % (
BANNER % tuple([color(_) for _ in BANNER_PASSWORDS]),
NAME, version, URL))
args = parse_args()
if args.update:
update()
exit()
if args.list:
sites = list_sites()
for _ in sites:
print("- %s" % _)
exit()
if not args.password:
args.password = getpass("%s Please enter password:"******"")
if args.ignore_proxy:
proxy_handler = ProxyHandler({})
elif args.proxy:
match = re.search(r"(?P<type>[^:]+)://(?P<address>[^:]+)"
r":(?P<port>\d+)", args.proxy, re.I)
if match:
if match.group("type").upper() in ("HTTP", "HTTPS"):
proxy_host = "%s:%s" % (match.group("address"),
match.group("port"))
proxy_handler = ProxyHandler({"http": proxy_host,
"https": proxy_host})
else:
from thirdparty.socks import socks
if match.group("type").upper() == "SOCKS4":
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4,
match.group("address"),
int(match.group("port")), True)
elif match.group("type").upper() == "SOCKS5":
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5,
match.group("address"),
int(match.group("port")), True)
proxy_handler = None
else:
proxy_handler = ProxyHandler()
else:
proxy_handler = None
opener = build_opener(HTTPHandler(), HTTPSHandler(),
HTTPCookieProcessor(cookie_handler))
if proxy_handler:
opener.add_handler(proxy_handler)
install_opener(opener)
with open(USER_AGENTS_FILE, 'r') as ua_file:
args.user_agent = sample(ua_file.readlines(), 1)[0].strip()
credentials = {"username": args.username, "email": args.email,
"password": args.password}
sites = list_sites()
if args.only:
sites = [site for site in sites if site in args.only]
elif args.exclude:
sites = [site for site in sites if site not in args.exclude]
print("%s Loaded %d %s to test." % (INFO, len(sites),
"site" if len(sites) == 1
else "sites"))
print("%s Starting tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))
for site in sites:
_ = populate_site(site, args)
if not _:
continue
target = Website(_, {"verbose": args.verbose})
if (target.username_or_email == "email" and not args.email or
target.username_or_email == "username" and not args.username):
if args.verbose:
print("%s Skipping \"%s\" since no \"%s\" was specified.\n" %
(INFO, color(target.name),
color(target.username_or_email)))
continue
print("%s Testing \"%s\"" % (TEST, color(target.name, BW)))
if not target.user_agent:
target.user_agent = args.user_agent
if target.perform_login(credentials, cookie_handler):
login_sucessful.append(target.name)
else:
login_failed.append(target.name)
if not args.verbose:
print()
if len(login_sucessful) > 0 or len(login_failed) > 0:
print("%s Succesfully logged into %s/%s websites." %
(INFO, color(len(login_sucessful), BW),
color(len(login_sucessful) + len(login_failed), BW)))
print("%s An overall success rate of %s.\n" %
(INFO, color("%%%s" % (100 * len(login_sucessful) / len(sites)),
BW)))
if len(login_sucessful) > 0:
print("%s The provided credentials worked on the following website%s: "
"%s\n" % (PLUS, "s" if len(login_sucessful) != 1 else "",
", ".join(login_sucessful)))
print("%s Finished tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))