Beispiel #1
0
def check_internet(url):
  settings.CHECK_INTERNET = True
  settings.CHECK_INTERNET_ADDRESS = checks.check_http_s(url)
  info_msg = "Checking for internet connection... "
  sys.stdout.write(settings.print_info_msg(info_msg))
  sys.stdout.flush()
  if settings.VERBOSITY_LEVEL > 1:
    print ""
  try:
    request = urllib2.Request(settings.CHECK_INTERNET_ADDRESS)
    headers.do_check(request)
    # Check if defined any HTTP Proxy (--proxy option).
    if menu.options.proxy:
      proxy.do_check(settings.CHECK_INTERNET_ADDRESS)
    examine_request(request)
  except:
    print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
    error_msg = "No internet connection detected."
    print settings.print_critical_msg(error_msg)
Beispiel #2
0
def url_response(url):
  # Check if http / https
  url = checks.check_http_s(url)
  # Check if defined Tor (--tor option).
  if menu.options.tor and settings.TOR_CHECK_AGAIN:
    tor.do_check()
  if menu.options.bulkfile:
    settings.TOR_CHECK_AGAIN = False
    info_msg = "Setting URL '" + url + "' for tests. "  
    print settings.print_info_msg(info_msg)
  request = init_request(url)
  if settings.CHECK_INTERNET:
    settings.CHECK_INTERNET = False
  if settings.INIT_TEST == True:
    info_msg = "Checking connection to the target URL... "
    sys.stdout.write(settings.print_info_msg(info_msg))
    sys.stdout.flush()
    if settings.VERBOSITY_LEVEL >= 2:
      print ""
  response = examine_request(request)
  return response, url
Beispiel #3
0
def url_response(url):
    # Check if http / https
    url = checks.check_http_s(url)
    # Check if defined Tor (--tor option).
    if menu.options.tor and settings.TOR_CHECK_AGAIN:
        tor.do_check()
    if menu.options.bulkfile:
        settings.TOR_CHECK_AGAIN = False
        info_msg = "Setting URL '" + url + "' for tests. "
        print(settings.print_info_msg(info_msg))
    request = init_request(url)
    if settings.CHECK_INTERNET:
        settings.CHECK_INTERNET = False
    if settings.INIT_TEST == True:
        info_msg = "Checking connection to the target URL. "
        sys.stdout.write(settings.print_info_msg(info_msg))
        sys.stdout.flush()
        if settings.VERBOSITY_LEVEL >= 2:
            print("")
    response = examine_request(request)
    # Check for URL redirection
    if not menu.options.ignore_redirects:
        url = redirection.do_check(url)
    return response, url
Beispiel #4
0
def main():
    try:
        # Check if defined "--version" option.
        if menu.options.version:
            version.show_version()
            sys.exit(0)

        # Checkall the banner
        menu.banner()

        # Check python version number.
        version.python_version()

        # Check if defined "--dependencies" option.
        # For checking (non-core) third party dependenices.
        if menu.options.noncore_dependencies:
            checks.third_party_dependencies()
            sys.exit(0)

        # Check if defined "--update" option.
        if menu.options.update:
            update.updater()
            sys.exit(0)

        # Check if defined "--install" option.
        if menu.options.install:
            install.installer()
            sys.exit(0)

        # Check arguments
        if len(sys.argv) == 1:
            menu.parser.print_help()
            print ""
            sys.exit(0)

        if menu.options.level > 3:
            err_msg = "The value for option '--level' "
            err_msg += "must be an integer value from range [1, 3]."
            print settings.print_error_msg(err_msg)
            sys.exit(0)

        # Parse target / data from HTTP proxy logs (i.e Burp / WebScarab).
        if menu.options.logfile:
            parser.logfile_parser()

        # Modification on payload
        if not menu.options.shellshock:
            #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
            settings.SYS_USERS = "echo $(" + settings.SYS_USERS + ")"
            settings.SYS_PASSES = "echo $(" + settings.SYS_PASSES + ")"

        # Check provided parameters for tests
        if menu.options.test_parameter:
            if menu.options.test_parameter.startswith("="):
                menu.options.test_parameter = menu.options.test_parameter[1:]
            settings.TEST_PARAMETER = menu.options.test_parameter.split(",")
            for i in range(0, len(settings.TEST_PARAMETER)):
                if "=" in settings.TEST_PARAMETER[i]:
                    settings.TEST_PARAMETER[i] = settings.TEST_PARAMETER[
                        i].split("=")[0]

        # Check if defined character used for splitting parameter values.
        if menu.options.pdel:
            settings.PARAMETER_DELIMITER = menu.options.pdel

        # Check if defined character used for splitting cookie values.
        if menu.options.cdel:
            settings.COOKIE_DELIMITER = menu.options.cdel

        # Check if specified wrong injection technique
        if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
            found_tech = False
            # Convert injection technique(s) to lowercase
            menu.options.tech = menu.options.tech.lower()
            # Check if used the ',' separator
            if "," in menu.options.tech:
                split_techniques_names = menu.options.tech.split(",")
            else:
                split_techniques_names = menu.options.tech.split()
            if split_techniques_names:
                for i in range(0, len(split_techniques_names)):
                    if len(menu.options.tech) <= 4:
                        split_first_letter = list(menu.options.tech)
                        for j in range(0, len(split_first_letter)):
                            if split_first_letter[
                                    j] in settings.AVAILABLE_TECHNIQUES:
                                found_tech = True
                            else:
                                found_tech = False
            if split_techniques_names[i].replace(
                    ' ', ''
            ) not in settings.AVAILABLE_TECHNIQUES and found_tech == False:
                err_msg = "You specified wrong value '" + split_techniques_names[
                    i] + "' as injection technique. "
                err_msg += "The value, must be a string composed by the letters (C)lassic, (E)val-based, "
                err_msg += "(T)ime-based, (F)ile-based (with or without commas)."
                print settings.print_error_msg(err_msg)
                sys.exit(0)

        # Check if specified wrong alternative shell
        if menu.options.alter_shell:
            if menu.options.alter_shell.lower(
            ) not in settings.AVAILABLE_SHELLS:
                err_msg = "'" + menu.options.alter_shell + "' shell is not supported!"
                print settings.print_error_msg(err_msg)
                sys.exit(0)

        # Check the file-destination
        if menu.options.file_write and not menu.options.file_dest or \
        menu.options.file_upload  and not menu.options.file_dest:
            err_msg = "Host's absolute filepath to write and/or upload, must be specified (--file-dest)."
            print settings.print_error_msg(err_msg)
            sys.exit(0)

        if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None:
            err_msg = "You must enter the '--file-write' or '--file-upload' parameter."
            print settings.print_error_msg(err_msg)
            sys.exit(0)

        # Check if defined "--file-upload" option.
        if menu.options.file_upload:
            # Check if not defined URL for upload.
            if not re.match(settings.VALID_URL_FORMAT,
                            menu.options.file_upload):
                err_msg = "The '" + menu.options.file_upload + "' is not a valid URL. "
                print settings.print_error_msg(err_msg)
                sys.exit(0)

        # Check if defined "--random-agent" option.
        if menu.options.random_agent:
            menu.options.agent = random.choice(settings.USER_AGENT_LIST)

        # Check if defined "--url" option.
        if menu.options.url:
            url = menu.options.url

            # Check if http / https
            url = checks.check_http_s(url)

            if menu.options.output_dir:
                output_dir = menu.options.output_dir
            else:
                output_dir = settings.OUTPUT_DIR

            # One directory up, if Windows or if the script is being run under "/src".
            if settings.IS_WINDOWS or "/src" in os.path.dirname(
                    os.path.abspath(__file__)):
                os.chdir("..")

            output_dir = os.path.dirname(output_dir)

            try:
                os.stat(output_dir)
            except:
                os.mkdir(output_dir)

            # The logs filename construction.
            filename = logs.create_log_file(url, output_dir)
            try:

                # Check if defined POST data
                if menu.options.data:
                    request = urllib2.Request(url, menu.options.data)
                else:
                    request = urllib2.Request(url)

                headers.do_check(request)

                # Check if defined any HTTP Proxy (--proxy option).
                if menu.options.proxy:
                    proxy.do_check(url)

                # Check if defined Tor (--tor option).
                elif menu.options.tor:
                    tor.do_check()
                info_msg = "Checking connection to the target URL... "
                sys.stdout.write(settings.print_info_msg(info_msg))
                sys.stdout.flush()

                try:
                    # Check if defined any HTTP Proxy (--proxy option).
                    if menu.options.proxy:
                        response = proxy.use_proxy(request)
                    # Check if defined Tor (--tor option).
                    elif menu.options.tor:
                        response = tor.use_tor(request)
                    else:
                        try:
                            response = urllib2.urlopen(request)
                        except ValueError:
                            # Invalid format for the '--headers' option.
                            print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                            err_msg = "Use '--headers=\"HEADER_NAME:HEADER_VALUE\"' to provide an HTTP header or"
                            err_msg += " '--headers=\"HEADER_NAME:" + settings.INJECT_TAG + "\"' "
                            err_msg += "if you want to try to exploit the provided HTTP header."
                            print settings.print_error_msg(err_msg)
                            sys.exit(0)
                except:
                    raise

                html_data = content = response.read()

                print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"

                # Used a valid pair of valid credentials
                if menu.options.auth_cred:
                    info_msg = "Identified a valid pair of credentials '" + Style.UNDERLINE
                    info_msg += menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT + "'."
                    print Style.BRIGHT + info_msg + Style.RESET_ALL

                try:
                    if response.info()['server']:
                        server_banner = response.info()['server']
                        found_os_server = False
                        if menu.options.os and checks.user_defined_os():
                            user_defined_os = settings.TARGET_OS

                        for i in range(0, len(settings.SERVER_OS_BANNERS)):
                            if settings.SERVER_OS_BANNERS[i].lower(
                            ) in server_banner.lower():
                                found_os_server = True
                                settings.TARGET_OS = settings.SERVER_OS_BANNERS[
                                    i].lower()
                                if settings.TARGET_OS == "win" or settings.TARGET_OS == "microsoft":
                                    identified_os = "Windows"
                                    if menu.options.os and user_defined_os != "win":
                                        if not checks.identified_os():
                                            settings.TARGET_OS = user_defined_os

                                    settings.TARGET_OS = identified_os[:
                                                                       3].lower(
                                                                       )
                                    if menu.options.shellshock:
                                        err_msg = "The shellshock module is not available for " + identified_os + " targets."
                                        print settings.print_critical_msg(
                                            err_msg)
                                        raise SystemExit()
                                else:
                                    identified_os = "Unix-like (" + settings.TARGET_OS + ")"
                                    if menu.options.os and user_defined_os == "win":
                                        if not checks.identified_os():
                                            settings.TARGET_OS = user_defined_os

                        found_server_banner = False
                        if menu.options.verbose:
                            info_msg = "Identifying the target server..."
                            print settings.print_info_msg(info_msg)
                        for i in range(0, len(settings.SERVER_BANNERS)):
                            if settings.SERVER_BANNERS[i].lower(
                            ) in server_banner.lower():
                                if menu.options.verbose:
                                    success_msg = "The server was identified as "
                                    success_msg += Style.UNDERLINE + server_banner + Style.RESET_ALL + "."
                                    print settings.print_success_msg(
                                        success_msg)
                                settings.SERVER_BANNER = server_banner
                                found_server_banner = True
                                # Set up default root paths
                                if settings.SERVER_BANNERS[i].lower(
                                ) == "apache":
                                    if settings.TARGET_OS == "win":
                                        settings.SRV_ROOT_DIR = "\\htdocs"
                                    else:
                                        settings.SRV_ROOT_DIR = "/var/www"
                                if settings.SERVER_BANNERS[i].lower(
                                ) == "nginx":
                                    settings.SRV_ROOT_DIR = "/usr/share/nginx"
                                if settings.SERVER_BANNERS[i].lower(
                                ) == "microsoft-iis":
                                    settings.SRV_ROOT_DIR = "\\inetpub\\wwwroot"
                                break

                        if not found_server_banner:
                            warn_msg = "Heuristics have failed to identify server."
                            print settings.print_warning_msg(warn_msg)

                        # Store the Server's root dir
                        settings.DEFAULT_SRV_ROOT_DIR = settings.SRV_ROOT_DIR

                        # Retrieve everything from the supported enumeration options.
                        if menu.options.enum_all:
                            checks.enable_all_enumeration_options()

                        if menu.options.is_admin or menu.options.is_root and not menu.options.current_user:
                            menu.options.current_user = True

                        # Check for wrong flags.
                        if settings.TARGET_OS == "win":
                            if menu.options.is_root:
                                warn_msg = "Swithing '--is-root' to '--is-admin' because the target has been identified as windows."
                                print settings.print_warning_msg(warn_msg)
                            if menu.options.passwords:
                                warn_msg = "The '--passwords' option, is not yet available for Windows targets."
                                print settings.print_warning_msg(warn_msg)
                            if menu.options.file_upload:
                                warn_msg = "The '--file-upload' option, is not yet available for windows targets. "
                                warn_msg += "Instead, use the '--file-write' option."
                                print settings.print_warning_msg(warn_msg)
                                sys.exit(0)
                        else:
                            if menu.options.is_admin:
                                warn_msg = "Swithing the '--is-admin' to '--is-root' because "
                                warn_msg += "the target has been identified as unix-like. "
                                print settings.print_warning_msg(warn_msg)

                        if found_os_server == False and \
                           not menu.options.os:
                            # If "--shellshock" option is provided then,
                            # by default is a Linux/Unix operating system.
                            if menu.options.shellshock:
                                pass
                            else:
                                warn_msg = "Heuristics have failed to identify server's operating system."
                                print settings.print_warning_msg(warn_msg)
                                while True:
                                    question_msg = "Do you recognise the server's operating system? [(W)indows/(U)nix/(q)uit] > "
                                    got_os = raw_input(
                                        settings.print_question_msg(
                                            question_msg)).lower()
                                    if got_os.lower() in settings.CHOICE_OS:
                                        if got_os.lower() == "w":
                                            settings.TARGET_OS = "win"
                                            break
                                        elif got_os.lower() == "u":
                                            break
                                        elif got_os.lower() == "q":
                                            raise SystemExit()
                                    else:
                                        if got_os == "":
                                            got_os = "enter"
                                        err_msg = "'" + got_os + "' is not a valid answer."
                                        print settings.print_error_msg(
                                            err_msg) + "\n"
                                        pass

                        if not menu.options.os:
                            if found_server_banner == False:
                                warn_msg = "The server which was identified as " + server_banner + " seems unknown."
                                print settings.print_warning_msg(warn_msg)
                    else:
                        found_os_server = checks.user_defined_os()
                except KeyError:
                    pass

                # Charset detection [1].
                # [1] http://www.w3schools.com/html/html_charset.asp
                # Check if HTML4 format
                if menu.options.verbose:
                    info_msg = "Identifing the indicated web-page charset..."
                    print settings.print_info_msg(info_msg)
                content = re.findall(r";charset=(.*)\"", html_data)
                if len(content) != 0:
                    charset = content
                else:
                    # Check if HTML5 format
                    charset = re.findall(r"charset=['\"](.*?)['\"]", html_data)
                if len(charset) != 0:
                    settings.CHARSET = charset[len(charset) - 1]
                    if settings.CHARSET.lower() not in settings.CHARSET_LIST:
                        warn_msg = "The indicated web-page charset " + settings.CHARSET + " seems unknown."
                        print settings.print_warning_msg(warn_msg)
                    else:
                        if menu.options.verbose:
                            success_msg = "The indicated web-page charset appears to be "
                            success_msg += Style.UNDERLINE + settings.CHARSET + Style.RESET_ALL + "."
                            print settings.print_success_msg(success_msg)

            except urllib2.HTTPError, e:
                # Check the codes of responses
                if e.getcode() == 500:
                    print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                    content = e.read()
                    sys.exit(0)

                # Check for HTTP Error 401 (Unauthorized).
                elif e.getcode() == 401:
                    try:
                        # Get the auth header value
                        auth_line = e.headers.get('www-authenticate', '')
                        # Checking for authentication type name.
                        auth_type = auth_line.split()[0]
                        settings.SUPPORTED_HTTP_AUTH_TYPES.index(
                            auth_type.lower())
                        # Checking for the realm attribute.
                        try:
                            auth_obj = re.match('''(\w*)\s+realm=(.*)''',
                                                auth_line).groups()
                            realm = auth_obj[1].split(',')[0].replace("\"", "")
                        except:
                            realm = False

                    except ValueError:
                        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                        err_msg = "The identified HTTP authentication type (" + auth_type + ") is not yet supported."
                        print settings.print_error_msg(err_msg) + "\n"
                        sys.exit(0)

                    except IndexError:
                        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                        err_msg = "The provided pair of " + menu.options.auth_type
                        err_msg += " HTTP authentication credentials '" + menu.options.auth_cred + "'"
                        err_msg += " seems to be invalid."
                        print settings.print_error_msg(err_msg)
                        sys.exit(0)

                    print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
                    if menu.options.auth_type and menu.options.auth_type != auth_type.lower(
                    ):
                        if checks.identified_http_auth_type(auth_type):
                            menu.options.auth_type = auth_type.lower()
                    else:
                        menu.options.auth_type = auth_type.lower()

                    # Check for stored auth credentials.
                    if not menu.options.auth_cred:
                        try:
                            stored_auth_creds = session_handler.export_valid_credentials(
                                url, auth_type.lower())
                        except:
                            stored_auth_creds = False
                        if stored_auth_creds:
                            menu.options.auth_cred = stored_auth_creds
                            success_msg = "Identified a valid pair of credentials '" + Style.UNDERLINE
                            success_msg += menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT + "'."
                            print settings.print_success_msg(success_msg)
                        else:
                            # Basic authentication
                            if menu.options.auth_type == "basic":
                                if not menu.options.ignore_401:
                                    warn_msg = "(" + menu.options.auth_type.capitalize(
                                    ) + ") "
                                    warn_msg += "HTTP authentication credentials are required."
                                    printprint_warning_msg(warn_msg)
                                    while True:
                                        question_msg = "Do you want to perform a dictionary-based attack? [Y/n/q] > "
                                        crack_creds = raw_input(
                                            settings.print_question_msg(
                                                question_msg)).lower()
                                        if crack_creds in settings.CHOICE_YES:
                                            auth_creds = authentication.http_auth_cracker(
                                                url, realm)
                                            if auth_creds != False:
                                                menu.options.auth_cred = auth_creds
                                                settings.REQUIRED_AUTHENTICATION = True
                                                break
                                            else:
                                                sys.exit(0)
                                        elif crack_creds in settings.CHOICE_NO:
                                            checks.http_auth_err_msg()
                                        elif crack_creds in settings.CHOICE_QUIT:
                                            sys.exit(0)
                                        else:
                                            if crack_creds == "":
                                                crack_creds = "enter"
                                            err_msg = "'" + crack_creds + "' is not a valid answer."
                                            print settings.print_error_msg(
                                                err_msg) + "\n"
                                            pass

                            # Digest authentication
                            elif menu.options.auth_type == "digest":
                                if not menu.options.ignore_401:
                                    warn_msg = "(" + menu.options.auth_type.capitalize(
                                    ) + ") "
                                    warn_msg += "HTTP authentication credentials are required."
                                    print settings.print_warning_msg(warn_msg)
                                    # Check if heuristics have failed to identify the realm attribute.
                                    if not realm:
                                        warn_msg = "Heuristics have failed to identify the realm attribute."
                                        print settings.print_warning_msg(
                                            warn_msg)
                                    while True:
                                        question_msg = "Do you want to perform a dictionary-based attack? [Y/n/q] > "
                                        crack_creds = raw_input(
                                            settings.print_question_msg(
                                                question_msg)).lower()
                                        if crack_creds in settings.CHOICE_YES:
                                            auth_creds = authentication.http_auth_cracker(
                                                url, realm)
                                            if auth_creds != False:
                                                menu.options.auth_cred = auth_creds
                                                settings.REQUIRED_AUTHENTICATION = True
                                                break
                                            else:
                                                sys.exit(0)
                                        elif crack_creds in settings.CHOICE_NO:
                                            checks.http_auth_err_msg()
                                        elif crack_creds in settings.CHOICE_QUIT:
                                            sys.exit(0)
                                        else:
                                            if crack_creds == "":
                                                crack_creds = "enter"
                                            err_msg = "'" + crack_creds + "' is not a valid answer."
                                            print settings.print_error_msg(
                                                err_msg) + "\n"
                                            pass
                                    else:
                                        checks.http_auth_err_msg()
                    else:
                        pass

                elif e.getcode() == 403:
                    print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                    err_msg = "You don't have permission to access this page."
                    print settings.print_error_msg(err_msg)
                    sys.exit(0)

                elif e.getcode() == 404:
                    print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                    err_msg = "The host seems to be down!"
                    print settings.print_error_msg(err_msg)
                    sys.exit(0)

                else:
                    raise

            except urllib2.URLError, e:
                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                err_msg = "The host seems to be down!"
                print settings.print_error_msg(err_msg)
                sys.exit(0)
Beispiel #5
0
def main(filename, url, init_test):
  try:

    # Ignore the mathematic calculation part (Detection phase).
    if menu.options.skip_calc:
      settings.SKIP_CALC = True

    # Target URL reload.
    if menu.options.url_reload and menu.options.data:
      settings.URL_RELOAD = True

    # Check provided parameters for tests
    if menu.options.test_parameter:
      if menu.options.test_parameter.startswith("="):
        menu.options.test_parameter = menu.options.test_parameter[1:]
      settings.TEST_PARAMETER = menu.options.test_parameter.split(settings.PARAMETER_SPLITTING_REGEX)
      for i in range(0,len(settings.TEST_PARAMETER)):
        if "=" in settings.TEST_PARAMETER[i]:
          settings.TEST_PARAMETER[i] = settings.TEST_PARAMETER[i].split("=")[0]
    
    # Check if defined character used for splitting parameter values.
    if menu.options.pdel:
     settings.PARAMETER_DELIMITER = menu.options.pdel

    # Check if defined character used for splitting cookie values.
    if menu.options.cdel:
     settings.COOKIE_DELIMITER = menu.options.cdel

    # Check if specified wrong injection technique
    if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
      found_tech = False
      # Convert injection technique(s) to lowercase
      menu.options.tech = menu.options.tech.lower()
      # Check if used the ',' separator
      if settings.PARAMETER_SPLITTING_REGEX in menu.options.tech:
        split_techniques_names = menu.options.tech.split(settings.PARAMETER_SPLITTING_REGEX)
      else:
        split_techniques_names = menu.options.tech.split()
      if split_techniques_names:
        for i in range(0,len(split_techniques_names)):
          if len(menu.options.tech) <= 4:
            split_first_letter = list(menu.options.tech)
            for j in range(0,len(split_first_letter)):
              if split_first_letter[j] in settings.AVAILABLE_TECHNIQUES:
                found_tech = True
              else:  
                found_tech = False  
                          
      if split_techniques_names[i].replace(' ', '') not in settings.AVAILABLE_TECHNIQUES and \
         found_tech == False:
        err_msg = "You specified wrong value '" + split_techniques_names[i] 
        err_msg += "' as injection technique. "
        err_msg += "The value, must be a string composed by the letters (C)lassic, (E)val-based, "
        err_msg += "(T)ime-based, (F)ile-based (with or without commas)."
        print settings.print_critical_msg(err_msg)
        sys.exit(0)

    # Check if specified wrong alternative shell
    if menu.options.alter_shell:
      if menu.options.alter_shell.lower() not in settings.AVAILABLE_SHELLS:
        err_msg = "'" + menu.options.alter_shell + "' shell is not supported!"
        print settings.print_critical_msg(err_msg)
        sys.exit(0)

    # Check the file-destination
    if menu.options.file_write and not menu.options.file_dest or \
    menu.options.file_upload  and not menu.options.file_dest:
      err_msg = "Host's absolute filepath to write and/or upload, must be specified (--file-dest)."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)

    if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None :
      err_msg = "You must enter the '--file-write' or '--file-upload' parameter."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)

    # Check if defined "--random-agent" option.
    if menu.options.random_agent:
      if (menu.options.agent != settings.DEFAULT_USER_AGENT) or menu.options.mobile:
        err_msg = "The option '--random-agent' is incompatible with option '--user-agent' or switch '--mobile'."
        print settings.print_critical_msg(err_msg)
        sys.exit(0)
      else:
        menu.options.agent = random.choice(settings.USER_AGENT_LIST)
  
    # Check if defined "--url" or "-m" option.
    if url:
      # Check if http / https
      url = checks.check_http_s(url)

      # Load the crawler
      if menu.options.crawldepth > 0 or menu.options.sitemap_url:
        if menu.options.crawldepth > 0:
          menu.options.DEFAULT_CRAWLDEPTH_LEVEL = menu.options.crawldepth
        else:  
          if menu.options.sitemap_url:
            while True:
              if not menu.options.batch:
                question_msg = "Do you want to change the crawling depth level? [Y/n] > "
                sys.stdout.write(settings.print_question_msg(question_msg))
                change_depth_level = sys.stdin.readline().replace("\n","").lower()
              else:
                change_depth_level = ""
              if len(change_depth_level) == 0:
                 change_depth_level = "y"              
              if change_depth_level in settings.CHOICE_YES or change_depth_level in settings.CHOICE_NO:
                break  
              elif change_depth_level in settings.CHOICE_QUIT:
                sys.exit(0)
              else:
                err_msg = "'" + change_depth_level + "' is not a valid answer."  
                print settings.print_error_msg(err_msg)
                pass

            # Change the crawling depth level.
            if change_depth_level in settings.CHOICE_YES:
              while True:
                question_msg = "Please enter the crawling depth level (1-2) > "
                sys.stdout.write(settings.print_question_msg(question_msg))
                depth_level = sys.stdin.readline().replace("\n","").lower()
                if int(depth_level) >= 3:
                  err_msg = "Depth level '" + depth_level + "' is not a valid answer."  
                  print settings.print_error_msg(err_msg)
                  pass
                else: 
                  menu.options.DEFAULT_CRAWLDEPTH_LEVEL = depth_level
                  break

        # Crawl the url.        
        url = crawler.crawler(url)

      try:
        response, init_test = url_response(url, init_test)
        html_data = content = response.read()
        if settings.VERBOSITY_LEVEL < 2:
          print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"

        # Check for URL redirection
        if not menu.options.ignore_redirects:
          url = redirection.do_check(url)

        if menu.options.flush_session:
          session_handler.flush(url)

        # Check for CGI scripts on url
        checks.check_CGI_scripts(url)

        # Modification on payload
        if not menu.options.shellshock:
          #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
          settings.SYS_USERS  = "echo $(" + settings.SYS_USERS + ")"
          settings.SYS_PASSES  = "echo $(" + settings.SYS_PASSES + ")"

        # Load tamper scripts
        if menu.options.tamper:
          checks.tamper_scripts()

        # Check if defined "--file-upload" option.
        if menu.options.file_upload:
          if not re.match(settings.VALID_URL_FORMAT, menu.options.file_upload):
            # Check if not defined URL for upload.
            while True:
              if not menu.options.batch:
                question_msg = "Do you want to enable an HTTP server? [Y/n] > "
                sys.stdout.write(settings.print_question_msg(question_msg))
                enable_HTTP_server = sys.stdin.readline().replace("\n","").lower()
              else:
                enable_HTTP_server = ""
              if len(enable_HTTP_server) == 0:
                 enable_HTTP_server = "y"              
              if enable_HTTP_server in settings.CHOICE_YES:
                # Check if file exists
                if not os.path.isfile(menu.options.file_upload):
                  err_msg = "The '" + menu.options.file_upload + "' file, does not exists."
                  sys.stdout.write(settings.print_critical_msg(err_msg) + "\n")
                  sys.exit(0)

                if settings.LOCAL_HTTP_IP == None:
                  while True:
                    question_msg = "Please enter your interface IP address > "
                    sys.stdout.write(settings.print_question_msg(question_msg))
                    ip_addr = sys.stdin.readline().replace("\n","").lower()

                    # check if IP address is valid
                    ip_check = simple_http_server.is_valid_ipv4(ip_addr)
                    if ip_check == False:
                      err_msg = "The provided IP address seems not valid."  
                      print settings.print_error_msg(err_msg)
                      pass
                    else:
                      settings.LOCAL_HTTP_IP = ip_addr
                      break

                http_server = "http://" + str(settings.LOCAL_HTTP_IP) + ":" + str(settings.LOCAL_HTTP_PORT) + "/"
                info_msg = "Setting the HTTP server on '" + http_server + "'. "  
                print settings.print_info_msg(info_msg)
                menu.options.file_upload = http_server + menu.options.file_upload
                simple_http_server.main()
                break
              elif enable_HTTP_server in settings.CHOICE_NO:
                if not re.match(settings.VALID_URL_FORMAT, menu.options.file_upload):
                  err_msg = "The '" + menu.options.file_upload + "' is not a valid URL. "
                  print settings.print_critical_msg(err_msg)
                  sys.exit(0)
                break  
              elif enable_HTTP_server in settings.CHOICE_QUIT:
                sys.exit(0)
              else:
                err_msg = "'" + enable_HTTP_server + "' is not a valid answer."  
                print settings.print_error_msg(err_msg)
                pass
          try:
            urllib2.urlopen(menu.options.file_upload)
          except urllib2.HTTPError, err_msg:
            print settings.print_critical_msg(str(err_msg.code))
            sys.exit(0)
          except urllib2.URLError, err_msg:
            print settings.print_critical_msg(str(err_msg.args[0]).split("] ")[1] + ".")
            sys.exit(0)

        # Used a valid pair of valid credentials
        if menu.options.auth_cred:
          success_msg = Style.BRIGHT + "Identified a valid pair of credentials '" 
          success_msg += menu.options.auth_cred + Style.RESET_ALL 
          success_msg += Style.BRIGHT + "'." + Style.RESET_ALL
          print settings.print_success_msg(success_msg)

        try:
          if response.info()['server'] :
            server_banner = response.info()['server']
            found_os_server = False
            if menu.options.os and checks.user_defined_os():
              user_defined_os = settings.TARGET_OS

            if settings.VERBOSITY_LEVEL >= 1:
              info_msg = "Identifying the target operating system... " 
              sys.stdout.write(settings.print_info_msg(info_msg))
              sys.stdout.flush()

            # Procedure for target OS identification.
            for i in range(0,len(settings.SERVER_OS_BANNERS)):
              if settings.SERVER_OS_BANNERS[i].lower() in server_banner.lower():
                found_os_server = True
                settings.TARGET_OS = settings.SERVER_OS_BANNERS[i].lower()
                if settings.TARGET_OS == "win" or settings.TARGET_OS == "microsoft" :
                  identified_os = "Windows"
                  if menu.options.os and user_defined_os != "win":
                    if not checks.identified_os():
                      settings.TARGET_OS = user_defined_os

                  settings.TARGET_OS = identified_os[:3].lower()
                  if menu.options.shellshock:
                    err_msg = "The shellshock module is not available for " 
                    err_msg += identified_os + " targets."
                    print settings.print_critical_msg(err_msg)
                    raise SystemExit()
                else:
                  identified_os = "Unix-like (" + settings.TARGET_OS + ")"
                  if menu.options.os and user_defined_os == "win":
                    if not checks.identified_os():
                      settings.TARGET_OS = user_defined_os

            if settings.VERBOSITY_LEVEL >= 1 and found_os_server:
              print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
              success_msg = "The target operating system appears to be " 
              success_msg += identified_os.title() + Style.RESET_ALL + "."
              print settings.print_success_msg(success_msg)
            
            # Procedure for target server identification.
            found_server_banner = False
            if settings.VERBOSITY_LEVEL >= 1:
              info_msg = "Identifying the target server... " 
              sys.stdout.write(settings.print_info_msg(info_msg))
              sys.stdout.flush()

            for i in range(0,len(settings.SERVER_BANNERS)):
              if settings.SERVER_BANNERS[i].lower() in server_banner.lower():
                if settings.VERBOSITY_LEVEL >= 1:
                  print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
                if settings.VERBOSITY_LEVEL >= 1:
                  success_msg = "The target server was identified as " 
                  success_msg += server_banner + Style.RESET_ALL + "."
                  print settings.print_success_msg(success_msg)
                settings.SERVER_BANNER = server_banner
                found_server_banner = True

                # Set up default root paths
                if settings.SERVER_BANNERS[i].lower() == "apache":
                  if settings.TARGET_OS == "win":
                    settings.WEB_ROOT = "\\htdocs"
                  else:
                    settings.WEB_ROOT = "/var/www"
                if settings.SERVER_BANNERS[i].lower() == "nginx": 
                  settings.WEB_ROOT = "/usr/share/nginx"
                if settings.SERVER_BANNERS[i].lower() == "microsoft-iis":
                  settings.WEB_ROOT = "\\inetpub\\wwwroot"
                break

            if not found_server_banner:
              if settings.VERBOSITY_LEVEL >= 1:
                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
              warn_msg = "Heuristics have failed to identify target server."
              print settings.print_warning_msg(warn_msg)

            # Procedure for target application identification
            found_application_extension = False
            if settings.VERBOSITY_LEVEL >= 1:
              info_msg = "Identifying the target application ... " 
              sys.stdout.write(settings.print_info_msg(info_msg))
              sys.stdout.flush()
            root, application_extension = splitext(urlparse(url).path)
            settings.TARGET_APPLICATION = application_extension[1:].upper()
            
            if settings.TARGET_APPLICATION:
              found_application_extension = True
              if settings.VERBOSITY_LEVEL >= 1:
                print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"           
                success_msg = "The target application was identified as " 
                success_msg += settings.TARGET_APPLICATION + Style.RESET_ALL + "."
                print settings.print_success_msg(success_msg)

              # Check for unsupported target applications
              for i in range(0,len(settings.UNSUPPORTED_TARGET_APPLICATION)):
                if settings.TARGET_APPLICATION.lower() in settings.UNSUPPORTED_TARGET_APPLICATION[i].lower():
                  err_msg = settings.TARGET_APPLICATION + " exploitation is not yet supported."  
                  print settings.print_critical_msg(err_msg)
                  raise SystemExit()

            if not found_application_extension:
              if settings.VERBOSITY_LEVEL >= 1:
                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
              warn_msg = "Heuristics have failed to identify target application."
              print settings.print_warning_msg(warn_msg)

            # Store the Server's root dir
            settings.DEFAULT_WEB_ROOT= settings.WEB_ROOT

            if menu.options.is_admin or menu.options.is_root and not menu.options.current_user:
              menu.options.current_user = True

            # Define Python working directory.
            if settings.TARGET_OS == "win" and menu.options.alter_shell:
              while True:
                if not menu.options.batch:
                  question_msg = "Do you want to use '" + settings.WIN_PYTHON_DIR 
                  question_msg += "' as Python working directory on the target host? [Y/n] > "
                  sys.stdout.write(settings.print_question_msg(question_msg))
                  python_dir = sys.stdin.readline().replace("\n","").lower()
                else:
                  python_dir = ""  
                if len(python_dir) == 0:
                   python_dir = "y" 
                if python_dir in settings.CHOICE_YES:
                  break
                elif python_dir in settings.CHOICE_NO:
                  question_msg = "Please provide a custom working directory for Python (e.g. '" 
                  question_msg += settings.WIN_PYTHON_DIR + "') > "
                  sys.stdout.write(settings.print_question_msg(question_msg))
                  settings.WIN_PYTHON_DIR = sys.stdin.readline().replace("\n","").lower()
                  break
                else:
                  err_msg = "'" + python_dir + "' is not a valid answer."  
                  print settings.print_error_msg(err_msg)
                  pass
              settings.USER_DEFINED_PYTHON_DIR = True

            # Check for wrong flags.
            if settings.TARGET_OS == "win":
              if menu.options.is_root :
                warn_msg = "Swithing '--is-root' to '--is-admin' because the "
                warn_msg += "target has been identified as windows."
                print settings.print_warning_msg(warn_msg)
              if menu.options.passwords:
                warn_msg = "The '--passwords' option, is not yet available for Windows targets."
                print settings.print_warning_msg(warn_msg)  
              if menu.options.file_upload :
                warn_msg = "The '--file-upload' option, is not yet available for windows targets. "
                warn_msg += "Instead, use the '--file-write' option."
                print settings.print_warning_msg(warn_msg)  
                sys.exit(0)
            else: 
              if menu.options.is_admin : 
                warn_msg = "Swithing the '--is-admin' to '--is-root' because "
                warn_msg += "the target has been identified as unix-like. "
                print settings.print_warning_msg(warn_msg)  
            
            if found_os_server == False and \
               not menu.options.os:
              # If "--shellshock" option is provided then,
              # by default is a Linux/Unix operating system.
              if menu.options.shellshock:
                pass 
              else:
                warn_msg = "Heuristics have failed to identify server's operating system."
                print settings.print_warning_msg(warn_msg)
                while True:
                  question_msg = "Do you recognise the server's operating system? "
                  question_msg += "[(W)indows/(U)nix/(q)uit] > "
                  sys.stdout.write(settings.print_question_msg(question_msg))
                  got_os = sys.stdin.readline().replace("\n","").lower()
                  if got_os.lower() in settings.CHOICE_OS :
                    if got_os.lower() == "w":
                      settings.TARGET_OS = "win"
                      break
                    elif got_os.lower() == "u":
                      break
                    elif got_os.lower() == "q":
                      raise SystemExit()
                  else:
                    err_msg = "'" + got_os + "' is not a valid answer."  
                    print settings.print_error_msg(err_msg)
                    pass

            if not menu.options.os:
              if found_server_banner == False:
                warn_msg = "The server which was identified as " 
                warn_msg += server_banner + " seems unknown."
                print settings.print_warning_msg(warn_msg)
          else:
            found_os_server = checks.user_defined_os()
        except KeyError:
          pass

        # Charset detection.
        requests.charset_detection(response)
Beispiel #6
0
def main():
  try:
    # Check if defined "--version" option.
    if menu.options.version:
      version.show_version()
      sys.exit(0)

    # Checkall the banner
    menu.banner()
        
    # Check python version number.
    version.python_version()

    # Check if defined "--dependencies" option. 
    # For checking (non-core) third party dependenices.
    if menu.options.noncore_dependencies:
      checks.third_party_dependencies()
      sys.exit(0)
      
    # Check if defined "--update" option.        
    if menu.options.update:
      update.updater()
      sys.exit(0)
        
    # Check if defined "--install" option.        
    if menu.options.install:
      install.installer()
      sys.exit(0)
    
    # Check arguments
    if len(sys.argv) == 1:
      menu.parser.print_help()
      print ""
      sys.exit(0)

    # Define the level of verbosity.
    if menu.options.verbose > 1:
      err_msg = "The value for option '-v' "
      err_msg += "must be an integer value from range [0, 1]."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)
    else:  
      settings.VERBOSITY_LEVEL = menu.options.verbose

    # Check if defined "--delay" option.
    if menu.options.delay:
      if menu.options.delay > "0":
        settings.DELAY = menu.options.delay

    # Define the level of tests to perform.
    if menu.options.level > 3:
      err_msg = "The value for option '--level' "
      err_msg += "must be an integer value from range [1, 3]."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)

    # Parse target / data from HTTP proxy logs (i.e Burp / WebScarab).
    if menu.options.logfile:
      parser.logfile_parser()
 
    # Modification on payload
    if not menu.options.shellshock:
      #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
      settings.SYS_USERS  = "echo $(" + settings.SYS_USERS + ")"
      settings.SYS_PASSES  = "echo $(" + settings.SYS_PASSES + ")"

    # Check provided parameters for tests
    if menu.options.test_parameter:
      if menu.options.test_parameter.startswith("="):
        menu.options.test_parameter = menu.options.test_parameter[1:]
      settings.TEST_PARAMETER = menu.options.test_parameter.split(settings.PARAMETER_SPLITTING_REGEX)
      for i in range(0,len(settings.TEST_PARAMETER)):
        if "=" in settings.TEST_PARAMETER[i]:
          settings.TEST_PARAMETER[i] = settings.TEST_PARAMETER[i].split("=")[0]

    # Check if defined character used for splitting parameter values.
    if menu.options.pdel:
     settings.PARAMETER_DELIMITER = menu.options.pdel

    # Check if defined character used for splitting cookie values.
    if menu.options.cdel:
     settings.COOKIE_DELIMITER = menu.options.cdel

    # Check if specified wrong injection technique
    if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
      found_tech = False
      # Convert injection technique(s) to lowercase
      menu.options.tech = menu.options.tech.lower()
      # Check if used the ',' separator
      if settings.PARAMETER_SPLITTING_REGEX in menu.options.tech:
        split_techniques_names = menu.options.tech.split(settings.PARAMETER_SPLITTING_REGEX)
      else:
        split_techniques_names = menu.options.tech.split()
      if split_techniques_names:
        for i in range(0,len(split_techniques_names)):
          if len(menu.options.tech) <= 4:
            split_first_letter = list(menu.options.tech)
            for j in range(0,len(split_first_letter)):
              if split_first_letter[j] in settings.AVAILABLE_TECHNIQUES:
                found_tech = True
              else:  
                found_tech = False  
                          
      if split_techniques_names[i].replace(' ', '') not in settings.AVAILABLE_TECHNIQUES and \
         found_tech == False:
        err_msg = "You specified wrong value '" + split_techniques_names[i] 
        err_msg += "' as injection technique. "
        err_msg += "The value, must be a string composed by the letters (C)lassic, (E)val-based, "
        err_msg += "(T)ime-based, (F)ile-based (with or without commas)."
        print settings.print_critical_msg(err_msg)
        sys.exit(0)

    # Check if specified wrong alternative shell
    if menu.options.alter_shell:
      if menu.options.alter_shell.lower() not in settings.AVAILABLE_SHELLS:
        err_msg = "'" + menu.options.alter_shell + "' shell is not supported!"
        print settings.print_critical_msg(err_msg)
        sys.exit(0)

    # Check the file-destination
    if menu.options.file_write and not menu.options.file_dest or \
    menu.options.file_upload  and not menu.options.file_dest:
      err_msg = "Host's absolute filepath to write and/or upload, must be specified (--file-dest)."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)

    if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None :
      err_msg = "You must enter the '--file-write' or '--file-upload' parameter."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)

    # Check if defined "--file-upload" option.
    if menu.options.file_upload:
      # Check if not defined URL for upload.
      if not re.match(settings.VALID_URL_FORMAT, menu.options.file_upload):
        err_msg = "The '" + menu.options.file_upload + "' is not a valid URL. "
        print settings.print_critical_msg(err_msg)
        sys.exit(0)
        
    # Check if defined "--random-agent" option.
    if menu.options.random_agent:
      menu.options.agent = random.choice(settings.USER_AGENT_LIST)
  
    # Check if defined "--url" option.
    if menu.options.url:
      url = menu.options.url
      
      # Check if http / https
      url = checks.check_http_s(url)

      if menu.options.output_dir:
        output_dir = menu.options.output_dir
      else:
        output_dir = settings.OUTPUT_DIR
      
      # One directory up, if Windows or if the script is being run under "/src".
      if settings.IS_WINDOWS or "/src" in os.path.dirname(os.path.abspath(__file__)):
        os.chdir("..")
        
      output_dir = os.path.dirname(output_dir)
     
      try:
        os.stat(output_dir)
      except:
        os.mkdir(output_dir)   

      # The logs filename construction.
      filename = logs.create_log_file(url, output_dir)
      try:
        
        # Check if defined POST data
        if menu.options.data:
          request = urllib2.Request(url, menu.options.data)
        else:
          request = urllib2.Request(url)

        headers.do_check(request)  
        
        # Check if defined any HTTP Proxy (--proxy option).
        if menu.options.proxy:
          proxy.do_check(url)
        
        # Check if defined Tor (--tor option).
        elif menu.options.tor:
          tor.do_check()
        info_msg = "Checking connection to the target URL... "  
        sys.stdout.write(settings.print_info_msg(info_msg))
        sys.stdout.flush()

        try:
          # Check if defined any HTTP Proxy (--proxy option).
          if menu.options.proxy:
            response = proxy.use_proxy(request)
          # Check if defined Tor (--tor option).  
          elif menu.options.tor:
            response = tor.use_tor(request)
          else:
            try:
              response = urllib2.urlopen(request)
            except ValueError:
              # Invalid format for the '--headers' option.
              print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
              err_msg = "Use '--headers=\"HEADER_NAME:HEADER_VALUE\"' "
              err_msg += "to provide an HTTP header or"
              err_msg += " '--headers=\"HEADER_NAME:" + settings.WILDCARD_CHAR  + "\"' "
              err_msg += "if you want to try to exploit the provided HTTP header."
              print settings.print_critical_msg(err_msg)
              sys.exit(0)
        except:
          raise

        html_data = content = response.read()
        print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"

        # Check for CGI scripts on url
        checks.check_CGI_scripts(url)

        # Used a valid pair of valid credentials
        if menu.options.auth_cred:
          success_msg = Style.BRIGHT + "Identified a valid pair of credentials '" 
          success_msg += menu.options.auth_cred + Style.RESET_ALL 
          success_msg += Style.BRIGHT + "'." + Style.RESET_ALL
          print settings.print_success_msg(success_msg)

        try:
          if response.info()['server'] :
            server_banner = response.info()['server']
            found_os_server = False
            if menu.options.os and checks.user_defined_os():
              user_defined_os = settings.TARGET_OS

            for i in range(0,len(settings.SERVER_OS_BANNERS)):
              if settings.SERVER_OS_BANNERS[i].lower() in server_banner.lower():
                found_os_server = True
                settings.TARGET_OS = settings.SERVER_OS_BANNERS[i].lower()
                if settings.TARGET_OS == "win" or settings.TARGET_OS == "microsoft" :
                  identified_os = "Windows"
                  if menu.options.os and user_defined_os != "win":
                    if not checks.identified_os():
                      settings.TARGET_OS = user_defined_os

                  settings.TARGET_OS = identified_os[:3].lower()
                  if menu.options.shellshock:
                    err_msg = "The shellshock module is not available for " 
                    err_msg += identified_os + " targets."
                    print settings.print_critical_msg(err_msg)
                    raise SystemExit()
                else:
                  identified_os = "Unix-like (" + settings.TARGET_OS + ")"
                  if menu.options.os and user_defined_os == "win":
                    if not checks.identified_os():
                      settings.TARGET_OS = user_defined_os

            found_server_banner = False
            if settings.VERBOSITY_LEVEL >= 1:
              info_msg = "Identifying the target server... " 
              sys.stdout.write(settings.print_info_msg(info_msg))
              sys.stdout.flush()

            for i in range(0,len(settings.SERVER_BANNERS)):
              if settings.SERVER_BANNERS[i].lower() in server_banner.lower():
                if settings.VERBOSITY_LEVEL >= 1:
                  print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
                if settings.VERBOSITY_LEVEL >= 1:
                  success_msg = "The server was identified as " 
                  success_msg += server_banner + Style.RESET_ALL + "."
                  print settings.print_success_msg(success_msg)
                settings.SERVER_BANNER = server_banner
                found_server_banner = True
                # Set up default root paths
                if settings.SERVER_BANNERS[i].lower() == "apache":
                  if settings.TARGET_OS == "win":
                    settings.SRV_ROOT_DIR = "\\htdocs"
                  else:
                    settings.SRV_ROOT_DIR = "/var/www"
                if settings.SERVER_BANNERS[i].lower() == "nginx": 
                  settings.SRV_ROOT_DIR = "/usr/share/nginx"
                if settings.SERVER_BANNERS[i].lower() == "microsoft-iis":
                  settings.SRV_ROOT_DIR = "\\inetpub\\wwwroot"
                break

            if not found_server_banner:
              if settings.VERBOSITY_LEVEL >= 1:
                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
              warn_msg = "Heuristics have failed to identify server."
              print settings.print_warning_msg(warn_msg)
            
            # Load tamper scripts
            if menu.options.tamper:
              checks.tamper_scripts()

            # Store the Server's root dir
            settings.DEFAULT_SRV_ROOT_DIR = settings.SRV_ROOT_DIR

            if menu.options.is_admin or menu.options.is_root and not menu.options.current_user:
              menu.options.current_user = True

            # Check for wrong flags.
            if settings.TARGET_OS == "win":
              if menu.options.is_root :
                warn_msg = "Swithing '--is-root' to '--is-admin' because the "
                warn_msg += "target has been identified as windows."
                print settings.print_warning_msg(warn_msg)
              if menu.options.passwords:
                warn_msg = "The '--passwords' option, is not yet available for Windows targets."
                print settings.print_warning_msg(warn_msg)  
              if menu.options.file_upload :
                warn_msg = "The '--file-upload' option, is not yet available for windows targets. "
                warn_msg += "Instead, use the '--file-write' option."
                print settings.print_warning_msg(warn_msg)  
                sys.exit(0)
            else: 
              if menu.options.is_admin : 
                warn_msg = "Swithing the '--is-admin' to '--is-root' because "
                warn_msg += "the target has been identified as unix-like. "
                print settings.print_warning_msg(warn_msg)  
            
            if found_os_server == False and \
               not menu.options.os:
              # If "--shellshock" option is provided then,
              # by default is a Linux/Unix operating system.
              if menu.options.shellshock:
                pass 
              else:
                warn_msg = "Heuristics have failed to identify server's operating system."
                print settings.print_warning_msg(warn_msg)
                while True:
                  question_msg = "Do you recognise the server's operating system? "
                  question_msg += "[(W)indows/(U)nix/(q)uit] > "
                  sys.stdout.write(settings.print_question_msg(question_msg))
                  got_os = sys.stdin.readline().replace("\n","").lower()
                  if got_os.lower() in settings.CHOICE_OS :
                    if got_os.lower() == "w":
                      settings.TARGET_OS = "win"
                      break
                    elif got_os.lower() == "u":
                      break
                    elif got_os.lower() == "q":
                      raise SystemExit()
                  else:
                    if got_os == "":
                      got_os = "enter"
                    err_msg = "'" + got_os + "' is not a valid answer."  
                    print settings.print_error_msg(err_msg)
                    pass

            if not menu.options.os:
              if found_server_banner == False:
                warn_msg = "The server which was identified as " 
                warn_msg += server_banner + " seems unknown."
                print settings.print_warning_msg(warn_msg)
          else:
            found_os_server = checks.user_defined_os()
        except KeyError:
          pass

        # Charset detection.
        requests.charset_detection(response)

      except urllib2.HTTPError, e:
        # Check the codes of responses
        if e.getcode() == 500:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          content = e.read()
          sys.exit(0)

        # Check for HTTP Error 401 (Unauthorized).
        elif e.getcode() == 401:
          try:
            # Get the auth header value
            auth_line = e.headers.get('www-authenticate', '')
            # Checking for authentication type name.
            auth_type = auth_line.split()[0]
            settings.SUPPORTED_HTTP_AUTH_TYPES.index(auth_type.lower())
            # Checking for the realm attribute.
            try: 
              auth_obj = re.match('''(\w*)\s+realm=(.*)''', auth_line).groups()
              realm = auth_obj[1].split(',')[0].replace("\"", "")
            except:
              realm = False

          except ValueError:
            print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
            err_msg = "The identified HTTP authentication type (" + auth_type + ") "
            err_msg += "is not yet supported."
            print settings.print_critical_msg(err_msg) + "\n"
            sys.exit(0)

          except IndexError:
            print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
            err_msg = "The provided pair of " + menu.options.auth_type 
            err_msg += " HTTP authentication credentials '" + menu.options.auth_cred + "'"
            err_msg += " seems to be invalid."
            print settings.print_critical_msg(err_msg)
            sys.exit(0) 

          print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
          if menu.options.auth_type and menu.options.auth_type != auth_type.lower():
            if checks.identified_http_auth_type(auth_type):
              menu.options.auth_type = auth_type.lower()
          else:
            menu.options.auth_type = auth_type.lower()

          # Check for stored auth credentials.
          if not menu.options.auth_cred:
            try:
              stored_auth_creds = session_handler.export_valid_credentials(url, auth_type.lower())
            except:
              stored_auth_creds = False
            if stored_auth_creds:
              menu.options.auth_cred = stored_auth_creds
              success_msg = "Identified a valid pair of credentials '"  
              success_msg += menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT  + "'."
              print settings.print_success_msg(success_msg)
            else:  
              # Basic authentication 
              if menu.options.auth_type == "basic":
                if not menu.options.ignore_401:
                  warn_msg = "(" + menu.options.auth_type.capitalize() + ") " 
                  warn_msg += "HTTP authentication credentials are required."
                  print settings.print_warning_msg(warn_msg)
                  while True:
                    question_msg = "Do you want to perform a dictionary-based attack? [Y/n/q] > "
                    sys.stdout.write(settings.print_question_msg(question_msg))
                    crack_creds = sys.stdin.readline().replace("\n","").lower()
                    if crack_creds in settings.CHOICE_YES:
                      auth_creds = authentication.http_auth_cracker(url, realm)
                      if auth_creds != False:
                        menu.options.auth_cred = auth_creds
                        settings.REQUIRED_AUTHENTICATION = True
                        break
                      else:
                        sys.exit(0)
                    elif crack_creds in settings.CHOICE_NO:
                      checks.http_auth_err_msg()
                    elif crack_creds in settings.CHOICE_QUIT:
                      sys.exit(0)
                    else:
                      if crack_creds == "":
                        crack_creds = "enter"
                      err_msg = "'" + crack_creds + "' is not a valid answer."  
                      print settings.print_error_msg(err_msg)
                      pass

              # Digest authentication         
              elif menu.options.auth_type == "digest":
                if not menu.options.ignore_401:
                  warn_msg = "(" + menu.options.auth_type.capitalize() + ") " 
                  warn_msg += "HTTP authentication credentials are required."
                  print settings.print_warning_msg(warn_msg)      
                  # Check if heuristics have failed to identify the realm attribute.
                  if not realm:
                    warn_msg = "Heuristics have failed to identify the realm attribute." 
                    print settings.print_warning_msg(warn_msg)
                  while True:
                    question_msg = "Do you want to perform a dictionary-based attack? [Y/n/q] > "
                    sys.stdout.write(settings.print_question_msg(question_msg))
                    crack_creds = sys.stdin.readline().replace("\n","").lower()
                    if crack_creds in settings.CHOICE_YES:
                      auth_creds = authentication.http_auth_cracker(url, realm)
                      if auth_creds != False:
                        menu.options.auth_cred = auth_creds
                        settings.REQUIRED_AUTHENTICATION = True
                        break
                      else:
                        sys.exit(0)
                    elif crack_creds in settings.CHOICE_NO:
                      checks.http_auth_err_msg()
                    elif crack_creds in settings.CHOICE_QUIT:
                      sys.exit(0)
                    else:
                      if crack_creds == "":
                        crack_creds = "enter"
                      err_msg = "'" + crack_creds + "' is not a valid answer."  
                      print settings.print_error_msg(err_msg)
                      pass
                  else:   
                    checks.http_auth_err_msg()      
          else:
            pass

        elif e.getcode() == 403:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          err_msg = "You don't have permission to access this page."
          print settings.print_critical_msg(err_msg)
          sys.exit(0)
          
        elif e.getcode() == 404:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          err_msg = "The host seems to be down!"
          print settings.print_critical_msg(err_msg)
          sys.exit(0)

        else:
          raise

      except urllib2.URLError, e:
        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
        err_msg = "The host seems to be down!"
        print settings.print_critical_msg(err_msg)
        sys.exit(0)
Beispiel #7
0
def main():
    try:
        # Check if defined "--version" option.
        if menu.options.version:
            version.show_version()
            sys.exit(0)

        # Checkall the banner
        menu.banner()

        # Check python version number.
        version.python_version()

        # Check if defined "--dependencies" option.
        # For checking (non-core) third party dependenices.
        if menu.options.noncore_dependencies:
            checks.third_party_dependencies()
            sys.exit(0)

        # Check if defined "--update" option.
        if menu.options.update:
            update.updater()
            sys.exit(0)

        # Check if defined "--install" option.
        if menu.options.install:
            install.installer()
            sys.exit(0)

        # Check arguments
        if len(sys.argv) == 1:
            menu.parser.print_help()
            print ""
            sys.exit(0)

        # Define the level of verbosity.
        if menu.options.verbose > 1:
            err_msg = "The value for option '-v' "
            err_msg += "must be an integer value from range [0, 1]."
            print settings.print_critical_msg(err_msg)
            sys.exit(0)
        else:
            settings.VERBOSITY_LEVEL = menu.options.verbose

        # Check if defined "--delay" option.
        if menu.options.delay:
            if menu.options.delay > "0":
                settings.DELAY = menu.options.delay

        # Define the level of tests to perform.
        if menu.options.level > 3:
            err_msg = "The value for option '--level' "
            err_msg += "must be an integer value from range [1, 3]."
            print settings.print_critical_msg(err_msg)
            sys.exit(0)

        # Parse target / data from HTTP proxy logs (i.e Burp / WebScarab).
        if menu.options.logfile:
            parser.logfile_parser()

        # Check provided parameters for tests
        if menu.options.test_parameter:
            if menu.options.test_parameter.startswith("="):
                menu.options.test_parameter = menu.options.test_parameter[1:]
            settings.TEST_PARAMETER = menu.options.test_parameter.split(
                settings.PARAMETER_SPLITTING_REGEX)
            for i in range(0, len(settings.TEST_PARAMETER)):
                if "=" in settings.TEST_PARAMETER[i]:
                    settings.TEST_PARAMETER[i] = settings.TEST_PARAMETER[
                        i].split("=")[0]

        # Check if defined character used for splitting parameter values.
        if menu.options.pdel:
            settings.PARAMETER_DELIMITER = menu.options.pdel

        # Check if defined character used for splitting cookie values.
        if menu.options.cdel:
            settings.COOKIE_DELIMITER = menu.options.cdel

        # Check if specified wrong injection technique
        if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
            found_tech = False
            # Convert injection technique(s) to lowercase
            menu.options.tech = menu.options.tech.lower()
            # Check if used the ',' separator
            if settings.PARAMETER_SPLITTING_REGEX in menu.options.tech:
                split_techniques_names = menu.options.tech.split(
                    settings.PARAMETER_SPLITTING_REGEX)
            else:
                split_techniques_names = menu.options.tech.split()
            if split_techniques_names:
                for i in range(0, len(split_techniques_names)):
                    if len(menu.options.tech) <= 4:
                        split_first_letter = list(menu.options.tech)
                        for j in range(0, len(split_first_letter)):
                            if split_first_letter[
                                    j] in settings.AVAILABLE_TECHNIQUES:
                                found_tech = True
                            else:
                                found_tech = False

            if split_techniques_names[i].replace(' ', '') not in settings.AVAILABLE_TECHNIQUES and \
               found_tech == False:
                err_msg = "You specified wrong value '" + split_techniques_names[
                    i]
                err_msg += "' as injection technique. "
                err_msg += "The value, must be a string composed by the letters (C)lassic, (E)val-based, "
                err_msg += "(T)ime-based, (F)ile-based (with or without commas)."
                print settings.print_critical_msg(err_msg)
                sys.exit(0)

        # Check if specified wrong alternative shell
        if menu.options.alter_shell:
            if menu.options.alter_shell.lower(
            ) not in settings.AVAILABLE_SHELLS:
                err_msg = "'" + menu.options.alter_shell + "' shell is not supported!"
                print settings.print_critical_msg(err_msg)
                sys.exit(0)

        # Check the file-destination
        if menu.options.file_write and not menu.options.file_dest or \
        menu.options.file_upload  and not menu.options.file_dest:
            err_msg = "Host's absolute filepath to write and/or upload, must be specified (--file-dest)."
            print settings.print_critical_msg(err_msg)
            sys.exit(0)

        if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None:
            err_msg = "You must enter the '--file-write' or '--file-upload' parameter."
            print settings.print_critical_msg(err_msg)
            sys.exit(0)

        # Check if defined "--random-agent" option.
        if menu.options.random_agent:
            menu.options.agent = random.choice(settings.USER_AGENT_LIST)

        # Check if defined "--url" option.
        if menu.options.url:
            url = menu.options.url

            # Check if http / https
            url = checks.check_http_s(url)

            if menu.options.output_dir:
                output_dir = menu.options.output_dir
            else:
                output_dir = settings.OUTPUT_DIR

            # One directory up, if Windows or if the script is being run under "/src".
            if settings.IS_WINDOWS or "/src" in os.path.dirname(
                    os.path.abspath(__file__)):
                os.chdir("..")

            output_dir = os.path.dirname(output_dir)

            try:
                os.stat(output_dir)
            except:
                os.mkdir(output_dir)

            # The logs filename construction.
            filename = logs.create_log_file(url, output_dir)
            try:

                # Check if defined POST data
                if menu.options.data:
                    request = urllib2.Request(url, menu.options.data)
                else:
                    request = urllib2.Request(url)

                headers.do_check(request)

                # Check if defined any HTTP Proxy (--proxy option).
                if menu.options.proxy:
                    proxy.do_check(url)

                # Check if defined Tor (--tor option).
                elif menu.options.tor:
                    tor.do_check()
                info_msg = "Checking connection to the target URL... "
                sys.stdout.write(settings.print_info_msg(info_msg))
                sys.stdout.flush()

                try:
                    # Check if defined any HTTP Proxy (--proxy option).
                    if menu.options.proxy:
                        response = proxy.use_proxy(request)
                    # Check if defined Tor (--tor option).
                    elif menu.options.tor:
                        response = tor.use_tor(request)
                    else:
                        try:
                            response = urllib2.urlopen(request)
                        except ValueError:
                            # Invalid format for the '--headers' option.
                            print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                            err_msg = "Use '--headers=\"HEADER_NAME:HEADER_VALUE\"' "
                            err_msg += "to provide an HTTP header or"
                            err_msg += " '--headers=\"HEADER_NAME:" + settings.WILDCARD_CHAR + "\"' "
                            err_msg += "if you want to try to exploit the provided HTTP header."
                            print settings.print_critical_msg(err_msg)
                            sys.exit(0)
                except:
                    raise

                html_data = content = response.read()
                print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"

                # Check for CGI scripts on url
                checks.check_CGI_scripts(url)

                # Modification on payload
                if not menu.options.shellshock:
                    #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
                    settings.SYS_USERS = "echo $(" + settings.SYS_USERS + ")"
                    settings.SYS_PASSES = "echo $(" + settings.SYS_PASSES + ")"

                # Check if defined "--file-upload" option.
                if menu.options.file_upload:
                    if not re.match(settings.VALID_URL_FORMAT,
                                    menu.options.file_upload):
                        # Check if not defined URL for upload.
                        while True:
                            question_msg = "Do you want to enable an HTTP server? [Y/n/q] > "
                            sys.stdout.write(
                                settings.print_question_msg(question_msg))
                            enable_HTTP_server = sys.stdin.readline().replace(
                                "\n", "").lower()
                            if enable_HTTP_server in settings.CHOICE_YES:
                                # Check if file exists
                                if not os.path.isfile(
                                        menu.options.file_upload):
                                    err_msg = "The '" + menu.options.file_upload + "' file, does not exists."
                                    sys.stdout.write(
                                        settings.print_critical_msg(err_msg) +
                                        "\n")
                                    sys.exit(0)
                                http_server = "http://" + str(
                                    settings.LOCAL_HTTP_IP) + ":" + str(
                                        settings.LOCAL_HTTP_PORT) + "/"
                                info_msg = "Setting the HTTP server on '" + http_server + "'. "
                                print settings.print_info_msg(info_msg)
                                menu.options.file_upload = http_server + menu.options.file_upload
                                simple_http_server.main()
                                break
                            elif enable_HTTP_server in settings.CHOICE_NO:
                                if not re.match(settings.VALID_URL_FORMAT,
                                                menu.options.file_upload):
                                    err_msg = "The '" + menu.options.file_upload + "' is not a valid URL. "
                                    print settings.print_critical_msg(err_msg)
                                    sys.exit(0)
                                break
                            elif enable_HTTP_server in settings.CHOICE_QUIT:
                                sys.exit(0)
                            else:
                                if enable_HTTP_server == "":
                                    enable_HTTP_server = "enter"
                                err_msg = "'" + enable_HTTP_server + "' is not a valid answer."
                                print settings.print_error_msg(err_msg)
                                pass
                    try:
                        urllib2.urlopen(menu.options.file_upload)
                    except urllib2.HTTPError, err:
                        print settings.print_critical_msg(err)
                        sys.exit(0)
                    except urllib2.URLError, err:
                        print settings.print_critical_msg(err)
                        sys.exit(0)

                # Used a valid pair of valid credentials
                if menu.options.auth_cred:
                    success_msg = Style.BRIGHT + "Identified a valid pair of credentials '"
                    success_msg += menu.options.auth_cred + Style.RESET_ALL
                    success_msg += Style.BRIGHT + "'." + Style.RESET_ALL
                    print settings.print_success_msg(success_msg)

                try:
                    if response.info()['server']:
                        server_banner = response.info()['server']
                        found_os_server = False
                        if menu.options.os and checks.user_defined_os():
                            user_defined_os = settings.TARGET_OS

                        for i in range(0, len(settings.SERVER_OS_BANNERS)):
                            if settings.SERVER_OS_BANNERS[i].lower(
                            ) in server_banner.lower():
                                found_os_server = True
                                settings.TARGET_OS = settings.SERVER_OS_BANNERS[
                                    i].lower()
                                if settings.TARGET_OS == "win" or settings.TARGET_OS == "microsoft":
                                    identified_os = "Windows"
                                    if menu.options.os and user_defined_os != "win":
                                        if not checks.identified_os():
                                            settings.TARGET_OS = user_defined_os

                                    settings.TARGET_OS = identified_os[:
                                                                       3].lower(
                                                                       )
                                    if menu.options.shellshock:
                                        err_msg = "The shellshock module is not available for "
                                        err_msg += identified_os + " targets."
                                        print settings.print_critical_msg(
                                            err_msg)
                                        raise SystemExit()
                                else:
                                    identified_os = "Unix-like (" + settings.TARGET_OS + ")"
                                    if menu.options.os and user_defined_os == "win":
                                        if not checks.identified_os():
                                            settings.TARGET_OS = user_defined_os

                        found_server_banner = False
                        if settings.VERBOSITY_LEVEL >= 1:
                            info_msg = "Identifying the target server... "
                            sys.stdout.write(settings.print_info_msg(info_msg))
                            sys.stdout.flush()

                        for i in range(0, len(settings.SERVER_BANNERS)):
                            if settings.SERVER_BANNERS[i].lower(
                            ) in server_banner.lower():
                                if settings.VERBOSITY_LEVEL >= 1:
                                    print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
                                if settings.VERBOSITY_LEVEL >= 1:
                                    success_msg = "The server was identified as "
                                    success_msg += server_banner + Style.RESET_ALL + "."
                                    print settings.print_success_msg(
                                        success_msg)
                                settings.SERVER_BANNER = server_banner
                                found_server_banner = True
                                # Set up default root paths
                                if settings.SERVER_BANNERS[i].lower(
                                ) == "apache":
                                    if settings.TARGET_OS == "win":
                                        settings.SRV_ROOT_DIR = "\\htdocs"
                                    else:
                                        settings.SRV_ROOT_DIR = "/var/www"
                                if settings.SERVER_BANNERS[i].lower(
                                ) == "nginx":
                                    settings.SRV_ROOT_DIR = "/usr/share/nginx"
                                if settings.SERVER_BANNERS[i].lower(
                                ) == "microsoft-iis":
                                    settings.SRV_ROOT_DIR = "\\inetpub\\wwwroot"
                                break

                        if not found_server_banner:
                            if settings.VERBOSITY_LEVEL >= 1:
                                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                            warn_msg = "Heuristics have failed to identify server."
                            print settings.print_warning_msg(warn_msg)

                        # Load tamper scripts
                        if menu.options.tamper:
                            checks.tamper_scripts()

                        # Store the Server's root dir
                        settings.DEFAULT_SRV_ROOT_DIR = settings.SRV_ROOT_DIR

                        if menu.options.is_admin or menu.options.is_root and not menu.options.current_user:
                            menu.options.current_user = True

                        # Check for wrong flags.
                        if settings.TARGET_OS == "win":
                            if menu.options.is_root:
                                warn_msg = "Swithing '--is-root' to '--is-admin' because the "
                                warn_msg += "target has been identified as windows."
                                print settings.print_warning_msg(warn_msg)
                            if menu.options.passwords:
                                warn_msg = "The '--passwords' option, is not yet available for Windows targets."
                                print settings.print_warning_msg(warn_msg)
                            if menu.options.file_upload:
                                warn_msg = "The '--file-upload' option, is not yet available for windows targets. "
                                warn_msg += "Instead, use the '--file-write' option."
                                print settings.print_warning_msg(warn_msg)
                                sys.exit(0)
                        else:
                            if menu.options.is_admin:
                                warn_msg = "Swithing the '--is-admin' to '--is-root' because "
                                warn_msg += "the target has been identified as unix-like. "
                                print settings.print_warning_msg(warn_msg)

                        if found_os_server == False and \
                           not menu.options.os:
                            # If "--shellshock" option is provided then,
                            # by default is a Linux/Unix operating system.
                            if menu.options.shellshock:
                                pass
                            else:
                                warn_msg = "Heuristics have failed to identify server's operating system."
                                print settings.print_warning_msg(warn_msg)
                                while True:
                                    question_msg = "Do you recognise the server's operating system? "
                                    question_msg += "[(W)indows/(U)nix/(q)uit] > "
                                    sys.stdout.write(
                                        settings.print_question_msg(
                                            question_msg))
                                    got_os = sys.stdin.readline().replace(
                                        "\n", "").lower()
                                    if got_os.lower() in settings.CHOICE_OS:
                                        if got_os.lower() == "w":
                                            settings.TARGET_OS = "win"
                                            break
                                        elif got_os.lower() == "u":
                                            break
                                        elif got_os.lower() == "q":
                                            raise SystemExit()
                                    else:
                                        if got_os == "":
                                            got_os = "enter"
                                        err_msg = "'" + got_os + "' is not a valid answer."
                                        print settings.print_error_msg(err_msg)
                                        pass

                        if not menu.options.os:
                            if found_server_banner == False:
                                warn_msg = "The server which was identified as "
                                warn_msg += server_banner + " seems unknown."
                                print settings.print_warning_msg(warn_msg)
                    else:
                        found_os_server = checks.user_defined_os()
                except KeyError:
                    pass

                # Charset detection.
                requests.charset_detection(response)
Beispiel #8
0
def main(filename, url):
    try:

        # Ignore the mathematic calculation part (Detection phase).
        if menu.options.skip_calc:
            settings.SKIP_CALC = True

        # Target URL reload.
        if menu.options.url_reload and menu.options.data:
            settings.URL_RELOAD = True

        # Check provided parameters for tests
        if menu.options.test_parameter:
            if menu.options.test_parameter.startswith("="):
                menu.options.test_parameter = menu.options.test_parameter[1:]
            settings.TEST_PARAMETER = menu.options.test_parameter.split(
                settings.PARAMETER_SPLITTING_REGEX)
            for i in range(0, len(settings.TEST_PARAMETER)):
                if "=" in settings.TEST_PARAMETER[i]:
                    settings.TEST_PARAMETER[i] = settings.TEST_PARAMETER[
                        i].split("=")[0]

        # Check if defined character used for splitting parameter values.
        if menu.options.pdel:
            settings.PARAMETER_DELIMITER = menu.options.pdel

        # Check if defined character used for splitting cookie values.
        if menu.options.cdel:
            settings.COOKIE_DELIMITER = menu.options.cdel

        # Check if specified wrong injection technique
        if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
            found_tech = False
            # Convert injection technique(s) to lowercase
            menu.options.tech = menu.options.tech.lower()
            # Check if used the ',' separator
            if settings.PARAMETER_SPLITTING_REGEX in menu.options.tech:
                split_techniques_names = menu.options.tech.split(
                    settings.PARAMETER_SPLITTING_REGEX)
            else:
                split_techniques_names = menu.options.tech.split()
            if split_techniques_names:
                for i in range(0, len(split_techniques_names)):
                    if len(menu.options.tech) <= 4:
                        split_first_letter = list(menu.options.tech)
                        for j in range(0, len(split_first_letter)):
                            if split_first_letter[
                                    j] in settings.AVAILABLE_TECHNIQUES:
                                found_tech = True
                            else:
                                found_tech = False

            if split_techniques_names[i].replace(' ', '') not in settings.AVAILABLE_TECHNIQUES and \
               found_tech == False:
                err_msg = "You specified wrong value '" + split_techniques_names[
                    i]
                err_msg += "' as injection technique. "
                err_msg += "The value, must be a string composed by the letters (C)lassic, (E)val-based, "
                err_msg += "(T)ime-based, (F)ile-based (with or without commas)."
                print settings.print_critical_msg(err_msg)
                sys.exit(0)

        # Check if specified wrong alternative shell
        if menu.options.alter_shell:
            if menu.options.alter_shell.lower(
            ) not in settings.AVAILABLE_SHELLS:
                err_msg = "'" + menu.options.alter_shell + "' shell is not supported!"
                print settings.print_critical_msg(err_msg)
                sys.exit(0)

        # Check the file-destination
        if menu.options.file_write and not menu.options.file_dest or \
        menu.options.file_upload  and not menu.options.file_dest:
            err_msg = "Host's absolute filepath to write and/or upload, must be specified (--file-dest)."
            print settings.print_critical_msg(err_msg)
            sys.exit(0)

        if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None:
            err_msg = "You must enter the '--file-write' or '--file-upload' parameter."
            print settings.print_critical_msg(err_msg)
            sys.exit(0)

        # Check if defined "--random-agent" option.
        if menu.options.random_agent:
            menu.options.agent = random.choice(settings.USER_AGENT_LIST)

        # Check if defined "--url" or "-m" option.
        if url:
            # Check if http / https
            url = checks.check_http_s(url)

            # Load the crawler
            if menu.options.crawldepth > 0 or menu.options.sitemap_url:
                if menu.options.crawldepth > 0:
                    menu.options.DEFAULT_CRAWLDEPTH_LEVEL = menu.options.crawldepth
                else:
                    if menu.options.sitemap_url:
                        while True:
                            if not menu.options.batch:
                                question_msg = "Do you want to change the crawling depth level? [Y/n] > "
                                sys.stdout.write(
                                    settings.print_question_msg(question_msg))
                                change_depth_level = sys.stdin.readline(
                                ).replace("\n", "").lower()
                            else:
                                change_depth_level = ""
                            if len(change_depth_level) == 0:
                                change_depth_level = "y"
                            if change_depth_level in settings.CHOICE_YES or change_depth_level in settings.CHOICE_NO:
                                break
                            elif change_depth_level in settings.CHOICE_QUIT:
                                sys.exit(0)
                            else:
                                err_msg = "'" + change_depth_level + "' is not a valid answer."
                                print settings.print_error_msg(err_msg)
                                pass

                        # Change the crawling depth level.
                        if change_depth_level in settings.CHOICE_YES:
                            while True:
                                question_msg = "Please enter the crawling depth level (1-2) > "
                                sys.stdout.write(
                                    settings.print_question_msg(question_msg))
                                depth_level = sys.stdin.readline().replace(
                                    "\n", "").lower()
                                if int(depth_level) >= 3:
                                    err_msg = "Depth level '" + depth_level + "' is not a valid answer."
                                    print settings.print_error_msg(err_msg)
                                    pass
                                else:
                                    menu.options.DEFAULT_CRAWLDEPTH_LEVEL = depth_level
                                    break

                # Crawl the url.
                url = crawler.crawler(url)

            try:
                # Check if defined POST data
                if menu.options.data:
                    request = urllib2.Request(url, menu.options.data)
                else:
                    request = urllib2.Request(url)

                headers.do_check(request)
                #headers.check_http_traffic(request)
                # Check if defined any HTTP Proxy (--proxy option).
                if menu.options.proxy:
                    proxy.do_check(url)

                # Check if defined Tor (--tor option).
                elif menu.options.tor:
                    tor.do_check()

                if menu.options.flush_session:
                    session_handler.flush(url)

                info_msg = "Checking connection to the target URL... "
                sys.stdout.write(settings.print_info_msg(info_msg))
                sys.stdout.flush()
                if settings.VERBOSITY_LEVEL >= 2:
                    print ""

                headers.check_http_traffic(request)

                try:
                    # Check if defined any HTTP Proxy (--proxy option).
                    if menu.options.proxy:
                        response = proxy.use_proxy(request)
                    # Check if defined Tor (--tor option).
                    elif menu.options.tor:
                        response = tor.use_tor(request)
                    else:
                        try:
                            response = urllib2.urlopen(request)
                        except ValueError:
                            # Invalid format for the '--headers' option.
                            if settings.VERBOSITY_LEVEL < 2:
                                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                            err_msg = "Use '--headers=\"HEADER_NAME:HEADER_VALUE\"' "
                            err_msg += "to provide an HTTP header or"
                            err_msg += " '--headers=\"HEADER_NAME:" + settings.WILDCARD_CHAR + "\"' "
                            err_msg += "if you want to try to exploit the provided HTTP header."
                            print settings.print_critical_msg(err_msg)
                            sys.exit(0)

                except urllib2.HTTPError, e:
                    if settings.VERBOSITY_LEVEL < 2:
                        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                    err_msg = str(e).replace(": ", " (") + ")."
                    print settings.print_critical_msg(err_msg)
                    raise SystemExit

                html_data = content = response.read()
                if settings.VERBOSITY_LEVEL < 2:
                    print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"

                # Check for CGI scripts on url
                checks.check_CGI_scripts(url)

                # Modification on payload
                if not menu.options.shellshock:
                    #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
                    settings.SYS_USERS = "echo $(" + settings.SYS_USERS + ")"
                    settings.SYS_PASSES = "echo $(" + settings.SYS_PASSES + ")"

                # Check if defined "--file-upload" option.
                if menu.options.file_upload:
                    if not re.match(settings.VALID_URL_FORMAT,
                                    menu.options.file_upload):
                        # Check if not defined URL for upload.
                        while True:
                            if not menu.options.batch:
                                question_msg = "Do you want to enable an HTTP server? [Y/n] > "
                                sys.stdout.write(
                                    settings.print_question_msg(question_msg))
                                enable_HTTP_server = sys.stdin.readline(
                                ).replace("\n", "").lower()
                            else:
                                enable_HTTP_server == ""
                            if len(enable_HTTP_server) == 0:
                                enable_HTTP_server = "y"
                            if enable_HTTP_server in settings.CHOICE_YES:
                                # Check if file exists
                                if not os.path.isfile(
                                        menu.options.file_upload):
                                    err_msg = "The '" + menu.options.file_upload + "' file, does not exists."
                                    sys.stdout.write(
                                        settings.print_critical_msg(err_msg) +
                                        "\n")
                                    sys.exit(0)

                                if settings.LOCAL_HTTP_IP == None:
                                    while True:
                                        question_msg = "Please enter your interface IP address > "
                                        sys.stdout.write(
                                            settings.print_question_msg(
                                                question_msg))
                                        ip_addr = sys.stdin.readline().replace(
                                            "\n", "").lower()

                                        # check if IP address is valid
                                        ip_check = simple_http_server.is_valid_ipv4(
                                            ip_addr)
                                        if ip_check == False:
                                            err_msg = "The provided IP address seems not valid."
                                            print settings.print_error_msg(
                                                err_msg)
                                            pass
                                        else:
                                            settings.LOCAL_HTTP_IP = ip_addr
                                            break

                                http_server = "http://" + str(
                                    settings.LOCAL_HTTP_IP) + ":" + str(
                                        settings.LOCAL_HTTP_PORT) + "/"
                                info_msg = "Setting the HTTP server on '" + http_server + "'. "
                                print settings.print_info_msg(info_msg)
                                menu.options.file_upload = http_server + menu.options.file_upload
                                simple_http_server.main()
                                break
                            elif enable_HTTP_server in settings.CHOICE_NO:
                                if not re.match(settings.VALID_URL_FORMAT,
                                                menu.options.file_upload):
                                    err_msg = "The '" + menu.options.file_upload + "' is not a valid URL. "
                                    print settings.print_critical_msg(err_msg)
                                    sys.exit(0)
                                break
                            elif enable_HTTP_server in settings.CHOICE_QUIT:
                                sys.exit(0)
                            else:
                                err_msg = "'" + enable_HTTP_server + "' is not a valid answer."
                                print settings.print_error_msg(err_msg)
                                pass
                    try:
                        urllib2.urlopen(menu.options.file_upload)
                    except urllib2.HTTPError, err_msg:
                        print settings.print_critical_msg(str(err_msg.code))
                        sys.exit(0)
                    except urllib2.URLError, err_msg:
                        print settings.print_critical_msg(
                            str(err_msg.args[0]).split("] ")[1] + ".")
                        sys.exit(0)
Beispiel #9
0
def main():
  try:
    # Check if defined "--version" option.
    if menu.options.version:
      version.show_version()
      sys.exit(0)

    # Checkall the banner
    menu.banner()
        
    # Check python version number.
    version.python_version()
            
    # Check if defined "--update" option.        
    if menu.options.update:
      update.updater()
      sys.exit(0)
        
    # Check if defined "--install" option.        
    if menu.options.install:
      install.installer()
      sys.exit(0)
    
    # Check arguments
    if len(sys.argv) == 1:
      menu.parser.print_help()
      print ""
      sys.exit(0)
    
    # Parse target / data from HTTP proxy logs (i.e Burp / WebScarab).
    if menu.options.logfile:
      parser.logfile_parser()
      
    # Modification on payload
    if not menu.options.shellshock:
      #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
      settings.SYS_USERS  = "echo $(" + settings.SYS_USERS + ")"
      settings.SYS_PASSES  = "echo $(" + settings.SYS_PASSES + ")"

    # Check if defined character used for splitting parameter values.
    if menu.options.pdel:
     settings.PARAMETER_DELIMITER = menu.options.pdel

    # Check if defined character used for splitting cookie values.
    if menu.options.cdel:
     settings.COOKIE_DELIMITER = menu.options.cdel

    # Check if specified wrong injection technique
    if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
      found_tech = False
      # Convert injection technique(s) to lowercase
      menu.options.tech = menu.options.tech.lower()
      # Check if used the ',' separator
      if "," in menu.options.tech:
        split_techniques_names = menu.options.tech.split(",")
      else:
        split_techniques_names = menu.options.tech.split()
      if split_techniques_names:
        for i in range(0,len(split_techniques_names)):
          if len(menu.options.tech) <= 4:
            split_first_letter = list(menu.options.tech)
            for j in range(0,len(split_first_letter)):
              if split_first_letter[j] in settings.AVAILABLE_TECHNIQUES:
                found_tech = True
              else:  
                found_tech = False            
      if split_techniques_names[i].replace(' ', '') not in settings.AVAILABLE_TECHNIQUES and found_tech == False:
        error_msg = "You specified wrong value '" + split_techniques_names[i] + "' as injection technique. " \
                    "The value, must be a string composed by the letters (C)lassic, (E)val-based, " \
                    "(T)ime-based, (F)ile-based (with or without commas)."
        print Back.RED + settings.ERROR_SIGN + error_msg + Style.RESET_ALL
        sys.exit(0)

    # Cookie Injection
    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
      settings.COOKIE_INJECTION = True

    # User-Agent Injection
    if menu.options.agent and settings.INJECT_TAG in menu.options.agent:
      settings.USER_AGENT_INJECTION = True

    # Referer Injection
    if menu.options.referer and settings.INJECT_TAG in menu.options.referer:
      settings.REFERER_INJECTION = True

    # Check if specified wrong alternative shell
    if menu.options.alter_shell:
      if menu.options.alter_shell.lower() not in settings.AVAILABLE_SHELLS:
        print Back.RED + settings.ERROR_SIGN + "'" + menu.options.alter_shell + "' shell is not supported!" + Style.RESET_ALL
        sys.exit(0)

    # Check the file-destination
    if menu.options.file_write and not menu.options.file_dest or \
    menu.options.file_upload  and not menu.options.file_dest:
      print Back.RED + settings.ERROR_SIGN + "Host's absolute filepath to write and/or upload, must be specified (--file-dest)." + Style.RESET_ALL
      sys.exit(0)

    if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None :
       print Back.RED + settings.ERROR_SIGN + "You must enter the '--file-write' or '--file-upload' parameter." + Style.RESET_ALL
       sys.exit(0)

    # Check if defined "--file-upload" option.
    if menu.options.file_upload:
      # Check if not defined URL for upload.
      if not re.match(settings.VALID_URL_FORMAT, menu.options.file_upload):
        print Back.RED + settings.ERROR_SIGN + "The '" + menu.options.file_upload + "' is not a valid URL. " + Style.RESET_ALL
        sys.exit(0)
        
    # Check if defined "--random-agent" option.
    if menu.options.random_agent:
      menu.options.agent = random.choice(settings.USER_AGENT_LIST)
  
    # Check if defined "--url" option.
    if menu.options.url:

      url = menu.options.url
      
      # Check if http / https
      url = checks.check_http_s(url)

      if menu.options.output_dir:
        output_dir = menu.options.output_dir
      else:
        output_dir = settings.OUTPUT_DIR
      dir = os.path.dirname(output_dir)
      try:
        os.stat(output_dir)
      except:
        os.mkdir(output_dir)   

      # The logs filename construction.
      filename = logs.create_log_file(url, output_dir)
      try:
        
        # Check if defined POST data
        if menu.options.data:
          request = urllib2.Request(url, menu.options.data)
        else:
          request = urllib2.Request(url)
        headers.do_check(request)  
        
        # Check if defined any HTTP Proxy (--proxy option).
        if menu.options.proxy:
          proxy.do_check(url)
        
        # Check if defined Tor (--tor option).
        elif menu.options.tor:
          tor.do_check()
        sys.stdout.write(settings.INFO_SIGN + "Checking connection to the target URL... ")
        sys.stdout.flush()
        try:
          # Check if defined any HTTP Proxy (--proxy option).
          if menu.options.proxy:
            response = proxy.use_proxy(request)
          # Check if defined Tor (--tor option).  
          elif menu.options.tor:
            response = tor.use_tor(request)
          else:
            response = urllib2.urlopen(request)
        except:
          raise
        
        html_data = response.read()
        content = response.read()
        print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
        try:
          if response.info()['server'] :
            server_banner = response.info()['server']
            found_os_server = False
            for i in range(0,len(settings.SERVER_OS_BANNERS)):
              if settings.SERVER_OS_BANNERS[i].lower() in server_banner.lower():
                found_os_server = True
                settings.TARGET_OS = settings.SERVER_OS_BANNERS[i].lower()
                if settings.TARGET_OS == "win" or settings.TARGET_OS == "microsoft" :
                  identified_os = "Windows"
                  settings.TARGET_OS = identified_os[:3].lower()
                  if menu.options.shellshock:
                    print Back.RED + settings.CRITICAL_SIGN + "The shellshock module is not available for " + identified_os + " tagets." + Style.RESET_ALL
                    raise SystemExit()
                else:
                  identified_os = "Unix-like (" + settings.TARGET_OS + ")"
            
            found_server_banner = False
            for i in range(0,len(settings.SERVER_BANNERS)):
              if settings.SERVER_BANNERS[i].lower() in server_banner.lower():
                if menu.options.verbose:
                  print Style.BRIGHT + "(!) The server was identified as " + Style.UNDERLINE + server_banner + Style.RESET_ALL + "." + Style.RESET_ALL
                settings.SERVER_BANNER = server_banner
                found_server_banner = True
                # Set up default root paths
                if settings.SERVER_BANNERS[i].lower() == "apache":
                  if settings.TARGET_OS == "win":
                    settings.SRV_ROOT_DIR = "\\htdocs"
                  else:
                    settings.SRV_ROOT_DIR = "/var/www"
                if settings.SERVER_BANNERS[i].lower() == "nginx": 
                  settings.SRV_ROOT_DIR = "/usr/share/nginx"
                if settings.SERVER_BANNERS[i].lower() == "microsoft-iis":
                  settings.SRV_ROOT_DIR = "\\inetpub\\wwwroot"
                break

            if menu.options.is_admin or menu.options.is_root and not menu.options.current_user:
              menu.options.current_user = True

            # Check for wrong flags.
            if settings.TARGET_OS == "win":
              if menu.options.is_root :
                print Fore.YELLOW + settings.WARNING_SIGN + "Swithing '--is-root' to '--is-admin' because the taget has been identified as windows." + Style.RESET_ALL 
              error_msg = settings.WARNING_SIGN + "The '--passwords' option, is not yet available for Windows targets."
              if menu.options.passwords:
                print Fore.YELLOW + settings.WARNING_SIGN + "The '--passwords' option, is not yet available for Windows targets." + Style.RESET_ALL   
              if menu.options.file_upload :
                print Fore.YELLOW + settings.WARNING_SIGN + "The '--file-upload' option, is not yet available for windows targets. Instead, use the '--file-write' option." + Style.RESET_ALL   
                sys.exit(0)
            else: 
              if menu.options.is_admin : 
                print Fore.YELLOW + settings.WARNING_SIGN + "Swithing the '--is-admin' to '--is-root' because the taget has been identified as unix-like. " + Style.RESET_ALL   
            
            if found_os_server == False:
              # If "--shellshock" option is provided then,
              # by default is a Linux/Unix operating system.
              if menu.options.shellshock:
                pass 
              else:
                print Fore.YELLOW + settings.WARNING_SIGN + "Heuristics have failed to identify server's operating system." + Style.RESET_ALL 
                while True:
                  got_os = raw_input(settings.QUESTION_SIGN + "Do you recognise the server's operating system? [(W)indows/(U)nix/(q)uit] > ").lower()
                  if got_os.lower() in settings.CHOISE_OS :
                    if got_os.lower() == "w":
                      settings.TARGET_OS == "win"
                      break
                    elif got_os.lower() == "u":
                      break
                    elif got_os.lower() == "q":
                      raise SystemExit()
                  else:
                    if got_os == "":
                      got_os = "enter"
                    print Back.RED + settings.ERROR_SIGN + "'" + got_os + "' is not a valid answer." + Style.RESET_ALL + "\n"
                    pass
            if found_server_banner == False :
              print  Fore.YELLOW + settings.WARNING_SIGN + "The server which was identified as " + server_banner + " seems unknown." + Style.RESET_ALL
        except KeyError:
          pass

        # Charset detection [1].
        # [1] http://www.w3schools.com/html/html_charset.asp
        # Check if HTML4 format
        content = re.findall(r";charset=(.*)\"", html_data)
        if len(content) != 0 :
          charset = content
        else:
           # Check if HTML5 format
          charset = re.findall(r"charset=['\"](.*?)['\"]", html_data)
        if len(charset) != 0 :
          settings.CHARSET = charset[len(charset)-1]
          if settings.CHARSET.lower() not in settings.CHARSET_LIST:
            print  Fore.YELLOW + settings.WARNING_SIGN + "The indicated web-page charset "  + settings.CHARSET + " seems unknown." + Style.RESET_ALL
          else:
            if menu.options.verbose:
              print Style.BRIGHT + "(!) The indicated web-page charset appears to be "  + Style.UNDERLINE  + settings.CHARSET + Style.RESET_ALL + "." + Style.RESET_ALL

      except urllib2.HTTPError, e:
        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
        # Check the codes of responses
        if e.getcode() == 500:
          content = e.read()
          sys.exit(0)

        elif e.getcode() == 401:
          if menu.options.auth_type != "basic":
            print Back.RED + settings.ERROR_SIGN + "Only 'Basic' Access Authentication is supported." + Style.RESET_ALL
            sys.exit(0)
          else:
            print Back.RED + settings.ERROR_SIGN + "Authorization required!" + Style.RESET_ALL
            sys.exit(0)
          
        elif e.getcode() == 403:
          print Back.RED + settings.ERROR_SIGN + "You don't have permission to access this page." + Style.RESET_ALL
          sys.exit(0)
          
        elif e.getcode() == 404:
          print Back.RED + settings.ERROR_SIGN + "The host seems to be down!" + Style.RESET_ALL
          sys.exit(0)

        else:
          raise

      except urllib2.URLError, e:
        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
        print Back.RED + settings.ERROR_SIGN + "The host seems to be down!" + Style.RESET_ALL
        sys.exit(0)
Beispiel #10
0
def main():
    try:
        # Check if defined "--version" option.
        if menu.options.version:
            version.show_version()
            sys.exit(0)

        # Checkall the banner
        menu.banner()

        # Check python version number.
        version.python_version()

        # Check if defined "--dependencies" option.
        # For checking (non-core) third party dependenices.
        if menu.options.noncore_dependencies:
            checks.third_party_dependencies()
            sys.exit(0)

        # Check if defined "--update" option.
        if menu.options.update:
            update.updater()

        # Check if defined "--install" option.
        if menu.options.install:
            install.installer()
            sys.exit(0)

        # Check arguments
        if len(sys.argv) == 1:
            menu.parser.print_help()
            print ""
            sys.exit(0)

        # Define the level of verbosity.
        if menu.options.verbose > 4:
            err_msg = "The value for option '-v' "
            err_msg += "must be an integer value from range [0, 4]."
            print settings.print_critical_msg(err_msg)
            sys.exit(0)
        else:
            settings.VERBOSITY_LEVEL = menu.options.verbose

        # Check if defined "--delay" option.
        if menu.options.delay > "0":
            settings.DELAY = menu.options.delay

        # Define the level of tests to perform.
        if menu.options.level > 3:
            err_msg = "The value for option '--level' "
            err_msg += "must be an integer value from range [1, 3]."
            print settings.print_critical_msg(err_msg)
            sys.exit(0)

        # Define the local path where Metasploit Framework is installed.
        if menu.options.msf_path:
            settings.METASPLOIT_PATH = menu.options.msf_path

        # Parse target / data from HTTP proxy logs (i.e Burp / WebScarab).
        if menu.options.logfile:
            parser.logfile_parser()

        # Ignore the mathematic calculation part (Detection phase).
        if menu.options.skip_calc:
            settings.SKIP_CALC = True

        # Target URL reload.
        if menu.options.url_reload and menu.options.data:
            settings.URL_RELOAD = True

        # Check provided parameters for tests
        if menu.options.test_parameter:
            if menu.options.test_parameter.startswith("="):
                menu.options.test_parameter = menu.options.test_parameter[1:]
            settings.TEST_PARAMETER = menu.options.test_parameter.split(
                settings.PARAMETER_SPLITTING_REGEX)
            for i in range(0, len(settings.TEST_PARAMETER)):
                if "=" in settings.TEST_PARAMETER[i]:
                    settings.TEST_PARAMETER[i] = settings.TEST_PARAMETER[
                        i].split("=")[0]

        # Check if ".git" exists and check for updated version!
        if os.path.isdir("./.git") and settings.CHECK_FOR_UPDATES_ON_START:
            update.check_for_update()

        # Check if defined character used for splitting parameter values.
        if menu.options.pdel:
            settings.PARAMETER_DELIMITER = menu.options.pdel

        # Check if defined character used for splitting cookie values.
        if menu.options.cdel:
            settings.COOKIE_DELIMITER = menu.options.cdel

        # Check if specified wrong injection technique
        if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
            found_tech = False
            # Convert injection technique(s) to lowercase
            menu.options.tech = menu.options.tech.lower()
            # Check if used the ',' separator
            if settings.PARAMETER_SPLITTING_REGEX in menu.options.tech:
                split_techniques_names = menu.options.tech.split(
                    settings.PARAMETER_SPLITTING_REGEX)
            else:
                split_techniques_names = menu.options.tech.split()
            if split_techniques_names:
                for i in range(0, len(split_techniques_names)):
                    if len(menu.options.tech) <= 4:
                        split_first_letter = list(menu.options.tech)
                        for j in range(0, len(split_first_letter)):
                            if split_first_letter[
                                    j] in settings.AVAILABLE_TECHNIQUES:
                                found_tech = True
                            else:
                                found_tech = False

            if split_techniques_names[i].replace(' ', '') not in settings.AVAILABLE_TECHNIQUES and \
               found_tech == False:
                err_msg = "You specified wrong value '" + split_techniques_names[
                    i]
                err_msg += "' as injection technique. "
                err_msg += "The value, must be a string composed by the letters (C)lassic, (E)val-based, "
                err_msg += "(T)ime-based, (F)ile-based (with or without commas)."
                print settings.print_critical_msg(err_msg)
                sys.exit(0)

        # Check if specified wrong alternative shell
        if menu.options.alter_shell:
            if menu.options.alter_shell.lower(
            ) not in settings.AVAILABLE_SHELLS:
                err_msg = "'" + menu.options.alter_shell + "' shell is not supported!"
                print settings.print_critical_msg(err_msg)
                sys.exit(0)

        # Check the file-destination
        if menu.options.file_write and not menu.options.file_dest or \
        menu.options.file_upload  and not menu.options.file_dest:
            err_msg = "Host's absolute filepath to write and/or upload, must be specified (--file-dest)."
            print settings.print_critical_msg(err_msg)
            sys.exit(0)

        if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None:
            err_msg = "You must enter the '--file-write' or '--file-upload' parameter."
            print settings.print_critical_msg(err_msg)
            sys.exit(0)

        # Check if defined "--random-agent" option.
        if menu.options.random_agent:
            menu.options.agent = random.choice(settings.USER_AGENT_LIST)

        # Check if defined "--url" option.
        if menu.options.url:
            url = menu.options.url

            # Check if http / https
            url = checks.check_http_s(url)

            # Load the crawler
            if menu.options.crawldepth > 0:
                menu.options.DEFAULT_CRAWLDEPTH_LEVEL = menu.options.crawldepth
                url = crawler.crawler(url)

            if menu.options.output_dir:
                output_dir = menu.options.output_dir
            else:
                output_dir = settings.OUTPUT_DIR

            # One directory up, if Windows or if the script is being run under "/src".
            if settings.IS_WINDOWS or "/src" in os.path.dirname(
                    os.path.abspath(__file__)):
                os.chdir("..")

            output_dir = os.path.dirname(output_dir)

            try:
                os.stat(output_dir)
            except:
                os.mkdir(output_dir)

            # The logs filename construction.
            filename = logs.create_log_file(url, output_dir)
            try:

                # Check if defined POST data
                if menu.options.data:
                    request = urllib2.Request(url, menu.options.data)
                else:
                    request = urllib2.Request(url)

                headers.do_check(request)
                #headers.check_http_traffic(request)
                # Check if defined any HTTP Proxy (--proxy option).
                if menu.options.proxy:
                    proxy.do_check(url)

                # Check if defined Tor (--tor option).
                elif menu.options.tor:
                    tor.do_check()

                if menu.options.flush_session:
                    session_handler.flush(url)

                info_msg = "Checking connection to the target URL... "
                sys.stdout.write(settings.print_info_msg(info_msg))
                sys.stdout.flush()
                if settings.VERBOSITY_LEVEL >= 2:
                    print ""

                headers.check_http_traffic(request)

                try:
                    # Check if defined any HTTP Proxy (--proxy option).
                    if menu.options.proxy:
                        response = proxy.use_proxy(request)
                    # Check if defined Tor (--tor option).
                    elif menu.options.tor:
                        response = tor.use_tor(request)
                    else:
                        try:
                            response = urllib2.urlopen(request)
                        except ValueError:
                            # Invalid format for the '--headers' option.
                            if settings.VERBOSITY_LEVEL < 2:
                                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                            err_msg = "Use '--headers=\"HEADER_NAME:HEADER_VALUE\"' "
                            err_msg += "to provide an HTTP header or"
                            err_msg += " '--headers=\"HEADER_NAME:" + settings.WILDCARD_CHAR + "\"' "
                            err_msg += "if you want to try to exploit the provided HTTP header."
                            print settings.print_critical_msg(err_msg)
                            sys.exit(0)

                except urllib2.HTTPError, e:
                    if settings.VERBOSITY_LEVEL < 2:
                        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                    err_msg = str(e).replace(": ", " (") + ")."
                    print settings.print_critical_msg(err_msg)
                    raise SystemExit

                html_data = content = response.read()
                if settings.VERBOSITY_LEVEL < 2:
                    print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"

                # Check for CGI scripts on url
                checks.check_CGI_scripts(url)

                # Modification on payload
                if not menu.options.shellshock:
                    #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
                    settings.SYS_USERS = "echo $(" + settings.SYS_USERS + ")"
                    settings.SYS_PASSES = "echo $(" + settings.SYS_PASSES + ")"

                # Check if defined "--file-upload" option.
                if menu.options.file_upload:
                    if not re.match(settings.VALID_URL_FORMAT,
                                    menu.options.file_upload):
                        # Check if not defined URL for upload.
                        while True:
                            question_msg = "Do you want to enable an HTTP server? [Y/n/q] > "
                            sys.stdout.write(
                                settings.print_question_msg(question_msg))
                            enable_HTTP_server = sys.stdin.readline().replace(
                                "\n", "").lower()
                            if len(enable_HTTP_server) == 0:
                                enable_HTTP_server = "y"
                            if enable_HTTP_server in settings.CHOICE_YES:
                                # Check if file exists
                                if not os.path.isfile(
                                        menu.options.file_upload):
                                    err_msg = "The '" + menu.options.file_upload + "' file, does not exists."
                                    sys.stdout.write(
                                        settings.print_critical_msg(err_msg) +
                                        "\n")
                                    sys.exit(0)
                                http_server = "http://" + str(
                                    settings.LOCAL_HTTP_IP) + ":" + str(
                                        settings.LOCAL_HTTP_PORT) + "/"
                                info_msg = "Setting the HTTP server on '" + http_server + "'. "
                                print settings.print_info_msg(info_msg)
                                menu.options.file_upload = http_server + menu.options.file_upload
                                simple_http_server.main()
                                break
                            elif enable_HTTP_server in settings.CHOICE_NO:
                                if not re.match(settings.VALID_URL_FORMAT,
                                                menu.options.file_upload):
                                    err_msg = "The '" + menu.options.file_upload + "' is not a valid URL. "
                                    print settings.print_critical_msg(err_msg)
                                    sys.exit(0)
                                break
                            elif enable_HTTP_server in settings.CHOICE_QUIT:
                                sys.exit(0)
                            else:
                                err_msg = "'" + enable_HTTP_server + "' is not a valid answer."
                                print settings.print_error_msg(err_msg)
                                pass
                    try:
                        urllib2.urlopen(menu.options.file_upload)
                    except urllib2.HTTPError, err_msg:
                        print settings.print_critical_msg(err_msg)
                        sys.exit(0)
                    except urllib2.URLError, err_msg:
                        print settings.print_critical_msg(err_msg)
                        sys.exit(0)
Beispiel #11
0
def main():
  try:
    # Check if defined "--version" option.
    if menu.options.version:
      version.show_version()
      sys.exit(0)

    # Checkall the banner
    menu.banner()
        
    # Check python version number.
    version.python_version()

    # Check if defined "--dependencies" option. 
    # For checking (non-core) third party dependenices.
    if menu.options.noncore_dependencies:
      checks.third_party_dependencies()
      sys.exit(0)
      
    # Check if defined "--update" option.        
    if menu.options.update:
      update.updater()
      sys.exit(0)
        
    # Check if defined "--install" option.        
    if menu.options.install:
      install.installer()
      sys.exit(0)
    
    # Check arguments
    if len(sys.argv) == 1:
      menu.parser.print_help()
      print ""
      sys.exit(0)
    
    # Parse target / data from HTTP proxy logs (i.e Burp / WebScarab).
    if menu.options.logfile:
      parser.logfile_parser()
      
    # Modification on payload
    if not menu.options.shellshock:
      #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
      settings.SYS_USERS  = "echo $(" + settings.SYS_USERS + ")"
      settings.SYS_PASSES  = "echo $(" + settings.SYS_PASSES + ")"

    # Check if defined character used for splitting parameter values.
    if menu.options.pdel:
     settings.PARAMETER_DELIMITER = menu.options.pdel

    # Check if defined character used for splitting cookie values.
    if menu.options.cdel:
     settings.COOKIE_DELIMITER = menu.options.cdel

    # Check if specified wrong injection technique
    if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
      found_tech = False
      # Convert injection technique(s) to lowercase
      menu.options.tech = menu.options.tech.lower()
      # Check if used the ',' separator
      if "," in menu.options.tech:
        split_techniques_names = menu.options.tech.split(",")
      else:
        split_techniques_names = menu.options.tech.split()
      if split_techniques_names:
        for i in range(0,len(split_techniques_names)):
          if len(menu.options.tech) <= 4:
            split_first_letter = list(menu.options.tech)
            for j in range(0,len(split_first_letter)):
              if split_first_letter[j] in settings.AVAILABLE_TECHNIQUES:
                found_tech = True
              else:  
                found_tech = False            
      if split_techniques_names[i].replace(' ', '') not in settings.AVAILABLE_TECHNIQUES and found_tech == False:
        error_msg = "You specified wrong value '" + split_techniques_names[i] + "' as injection technique. " \
                    "The value, must be a string composed by the letters (C)lassic, (E)val-based, " \
                    "(T)ime-based, (F)ile-based (with or without commas)."
        print Back.RED + settings.ERROR_SIGN + error_msg + Style.RESET_ALL
        sys.exit(0)

    # Cookie Injection
    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
      settings.COOKIE_INJECTION = True

    # User-Agent Injection
    if menu.options.agent and settings.INJECT_TAG in menu.options.agent:
      settings.USER_AGENT_INJECTION = True

    # Referer Injection
    if menu.options.referer and settings.INJECT_TAG in menu.options.referer:
      settings.REFERER_INJECTION = True

    # Check if specified wrong alternative shell
    if menu.options.alter_shell:
      if menu.options.alter_shell.lower() not in settings.AVAILABLE_SHELLS:
        print Back.RED + settings.ERROR_SIGN + "'" + menu.options.alter_shell + "' shell is not supported!" + Style.RESET_ALL
        sys.exit(0)

    # Check the file-destination
    if menu.options.file_write and not menu.options.file_dest or \
    menu.options.file_upload  and not menu.options.file_dest:
      print Back.RED + settings.ERROR_SIGN + "Host's absolute filepath to write and/or upload, must be specified (--file-dest)." + Style.RESET_ALL
      sys.exit(0)

    if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None :
       print Back.RED + settings.ERROR_SIGN + "You must enter the '--file-write' or '--file-upload' parameter." + Style.RESET_ALL
       sys.exit(0)

    # Check if defined "--file-upload" option.
    if menu.options.file_upload:
      # Check if not defined URL for upload.
      if not re.match(settings.VALID_URL_FORMAT, menu.options.file_upload):
        print Back.RED + settings.ERROR_SIGN + "The '" + menu.options.file_upload + "' is not a valid URL. " + Style.RESET_ALL
        sys.exit(0)
        
    # Check if defined "--random-agent" option.
    if menu.options.random_agent:
      menu.options.agent = random.choice(settings.USER_AGENT_LIST)
  
    # Check if defined "--url" option.
    if menu.options.url:
      url = menu.options.url
      
      # Check if http / https
      url = checks.check_http_s(url)

      if menu.options.output_dir:
        output_dir = menu.options.output_dir
      else:
        output_dir = settings.OUTPUT_DIR
      
      # One directory up, if Windows or if the script is being run under "/src".
      if settings.IS_WINDOWS or "/src" in os.path.dirname(os.path.abspath(__file__)):
        os.chdir("..")
        
      output_dir = os.path.dirname(output_dir)
     
      try:
        os.stat(output_dir)
      except:
        os.mkdir(output_dir)   

      # The logs filename construction.
      filename = logs.create_log_file(url, output_dir)
      try:
        
        # Check if defined POST data
        if menu.options.data:
          request = urllib2.Request(url, menu.options.data)
        else:
          request = urllib2.Request(url)

        headers.do_check(request)  
        
        # Check if defined any HTTP Proxy (--proxy option).
        if menu.options.proxy:
          proxy.do_check(url)
        
        # Check if defined Tor (--tor option).
        elif menu.options.tor:
          tor.do_check()
        sys.stdout.write(settings.INFO_SIGN + "Checking connection to the target URL... ")
        sys.stdout.flush()

        try:
          # Check if defined any HTTP Proxy (--proxy option).
          if menu.options.proxy:
            response = proxy.use_proxy(request)
          # Check if defined Tor (--tor option).  
          elif menu.options.tor:
            response = tor.use_tor(request)
          else:
            try:
              response = urllib2.urlopen(request)
            except ValueError:
              # Invalid format for the '--headers' option.
              print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
              error_msg = "Use '--headers=\"HEADER_NAME:HEADER_VALUE\"' to provide an HTTP header or '--headers=\"HEADER_NAME:" + settings.INJECT_TAG + "\"' if you want to try to exploit the provided HTTP header."
              print Back.RED + settings.ERROR_SIGN + error_msg + Style.RESET_ALL
              sys.exit(0)
        except:
          raise

        html_data = response.read()
        content = response.read()

        print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"

        # Used a valid pair of valid credentials
        if menu.options.auth_cred:
          print Style.BRIGHT + "(!) Identified a valid pair of credentials '" + Style.UNDERLINE  + menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT  + "'." + Style.RESET_ALL

        try:
          if response.info()['server'] :
            server_banner = response.info()['server']
            found_os_server = False
            if menu.options.os and checks.user_defined_os():
              user_defined_os = settings.TARGET_OS

            for i in range(0,len(settings.SERVER_OS_BANNERS)):
              if settings.SERVER_OS_BANNERS[i].lower() in server_banner.lower():
                found_os_server = True
                settings.TARGET_OS = settings.SERVER_OS_BANNERS[i].lower()
                if settings.TARGET_OS == "win" or settings.TARGET_OS == "microsoft" :
                  identified_os = "Windows"
                  if menu.options.os and user_defined_os != "win":
                    if not checks.identified_os():
                      settings.TARGET_OS = user_defined_os

                  settings.TARGET_OS = identified_os[:3].lower()
                  if menu.options.shellshock:
                    print Back.RED + settings.CRITICAL_SIGN + "The shellshock module is not available for " + identified_os + " targets." + Style.RESET_ALL
                    raise SystemExit()
                else:
                  identified_os = "Unix-like (" + settings.TARGET_OS + ")"
                  if menu.options.os and user_defined_os == "win":
                    if not checks.identified_os():
                      settings.TARGET_OS = user_defined_os

            found_server_banner = False
            for i in range(0,len(settings.SERVER_BANNERS)):
              if settings.SERVER_BANNERS[i].lower() in server_banner.lower():
                if menu.options.verbose:
                  print Style.BRIGHT + "(!) The server was identified as " + Style.UNDERLINE + server_banner + Style.RESET_ALL + "." + Style.RESET_ALL
                settings.SERVER_BANNER = server_banner
                found_server_banner = True
                # Set up default root paths
                if settings.SERVER_BANNERS[i].lower() == "apache":
                  if settings.TARGET_OS == "win":
                    settings.SRV_ROOT_DIR = "\\htdocs"
                  else:
                    settings.SRV_ROOT_DIR = "/var/www"
                if settings.SERVER_BANNERS[i].lower() == "nginx": 
                  settings.SRV_ROOT_DIR = "/usr/share/nginx"
                if settings.SERVER_BANNERS[i].lower() == "microsoft-iis":
                  settings.SRV_ROOT_DIR = "\\inetpub\\wwwroot"
                break

            if menu.options.is_admin or menu.options.is_root and not menu.options.current_user:
              menu.options.current_user = True

            # Check for wrong flags.
            if settings.TARGET_OS == "win":
              if menu.options.is_root :
                print Fore.YELLOW + settings.WARNING_SIGN + "Swithing '--is-root' to '--is-admin' because the target has been identified as windows." + Style.RESET_ALL 
              error_msg = settings.WARNING_SIGN + "The '--passwords' option, is not yet available for Windows targets."
              if menu.options.passwords:
                print Fore.YELLOW + settings.WARNING_SIGN + "The '--passwords' option, is not yet available for Windows targets." + Style.RESET_ALL   
              if menu.options.file_upload :
                print Fore.YELLOW + settings.WARNING_SIGN + "The '--file-upload' option, is not yet available for windows targets. Instead, use the '--file-write' option." + Style.RESET_ALL   
                sys.exit(0)
            else: 
              if menu.options.is_admin : 
                print Fore.YELLOW + settings.WARNING_SIGN + "Swithing the '--is-admin' to '--is-root' because the target has been identified as unix-like. " + Style.RESET_ALL   
            
            if found_os_server == False and \
               not menu.options.os:
              # If "--shellshock" option is provided then,
              # by default is a Linux/Unix operating system.
              if menu.options.shellshock:
                pass 
              else:
                print Fore.YELLOW + settings.WARNING_SIGN + "Heuristics have failed to identify server's operating system." + Style.RESET_ALL 
                while True:
                  got_os = raw_input(settings.QUESTION_SIGN + "Do you recognise the server's operating system? [(W)indows/(U)nix/(q)uit] > ").lower()
                  if got_os.lower() in settings.CHOICE_OS :
                    if got_os.lower() == "w":
                      settings.TARGET_OS = "win"
                      break
                    elif got_os.lower() == "u":
                      break
                    elif got_os.lower() == "q":
                      raise SystemExit()
                  else:
                    if got_os == "":
                      got_os = "enter"
                    print Back.RED + settings.ERROR_SIGN + "'" + got_os + "' is not a valid answer." + Style.RESET_ALL + "\n"
                    pass

            if not menu.options.os:
              if found_server_banner == False:
                print  Fore.YELLOW + settings.WARNING_SIGN + "The server which was identified as " + server_banner + " seems unknown." + Style.RESET_ALL
          else:
            found_os_server = checks.user_defined_os()
        except KeyError:
          pass

        # Charset detection [1].
        # [1] http://www.w3schools.com/html/html_charset.asp
        # Check if HTML4 format
        content = re.findall(r";charset=(.*)\"", html_data)
        if len(content) != 0 :
          charset = content
        else:
           # Check if HTML5 format
          charset = re.findall(r"charset=['\"](.*?)['\"]", html_data)
        if len(charset) != 0 :
          settings.CHARSET = charset[len(charset)-1]
          if settings.CHARSET.lower() not in settings.CHARSET_LIST:
            print  Fore.YELLOW + settings.WARNING_SIGN + "The indicated web-page charset "  + settings.CHARSET + " seems unknown." + Style.RESET_ALL
          else:
            if menu.options.verbose:
              print Style.BRIGHT + "(!) The indicated web-page charset appears to be "  + Style.UNDERLINE  + settings.CHARSET + Style.RESET_ALL + "." + Style.RESET_ALL

        # Retrieve everything from the supported enumeration options.
        if menu.options.enum_all:
          checks.enable_all_enumeration_options()

      except urllib2.HTTPError, e:
        # Check the codes of responses
        if e.getcode() == 500:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          content = e.read()
          sys.exit(0)

        # Check for HTTP Error 401 (Unauthorized).
        elif e.getcode() == 401:
          try:
            # Get the auth header value
            auth_line = e.headers.get('www-authenticate', '')
            # Checking for authentication type name.
            auth_type = auth_line.split()[0]
            settings.SUPPORTED_HTTP_AUTH_TYPES.index(auth_type.lower())
            # Checking for the realm attribute.
            try: 
              auth_obj = re.match('''(\w*)\s+realm=(.*)''', auth_line).groups()
              realm = auth_obj[1].split(',')[0].replace("\"", "")
            except:
              realm = False

          except ValueError:
            print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
            print Back.RED + settings.ERROR_SIGN + "The identified HTTP authentication type (" + auth_type + ") is not yet supported." + Style.RESET_ALL + "\n"
            sys.exit(0)

          except IndexError:
            print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
            error_msg = "The provided pair of " + menu.options.auth_type 
            error_msg += " HTTP authentication credentials '" + menu.options.auth_cred + "'"
            error_msg += " seems to be invalid."
            print Back.RED + settings.ERROR_SIGN + error_msg + Style.RESET_ALL
            sys.exit(0) 

          print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
          if menu.options.auth_type and menu.options.auth_type != auth_type.lower():
            if checks.identified_http_auth_type(auth_type):
              menu.options.auth_type = auth_type.lower()
          else:
            menu.options.auth_type = auth_type.lower()

          # Check for stored auth credentials.
          if not menu.options.auth_cred:
            try:
              stored_auth_creds = session_handler.export_valid_credentials(url, auth_type.lower())
            except:
              stored_auth_creds = False
            if stored_auth_creds:
              menu.options.auth_cred = stored_auth_creds
              print Style.BRIGHT + "(!) Identified a valid pair of credentials '" + Style.UNDERLINE  + menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT  + "'." + Style.RESET_ALL
            else:  

              # Basic authentication 
              if menu.options.auth_type == "basic":
                if not menu.options.ignore_401:
                  print Fore.YELLOW + settings.WARNING_SIGN + "(" + menu.options.auth_type.capitalize() + ")" + " HTTP authentication credentials are required." + Style.RESET_ALL
                  while True:
                    crack_creds = raw_input(settings.QUESTION_SIGN + "Do you want to perform a dictionary-based attack? [Y/n/q] > ").lower()
                    if crack_creds in settings.CHOICE_YES:
                      auth_creds = authentication.http_auth_cracker(url, realm)
                      if auth_creds != False:
                        menu.options.auth_cred = auth_creds
                        settings.REQUIRED_AUTHENTICATION = True
                        break
                      else:
                        sys.exit(0)
                    elif crack_creds in settings.CHOICE_NO:
                      checks.http_auth_error_msg()
                    elif crack_creds in settings.CHOICE_QUIT:
                      sys.exit(0)
                    else:
                      if crack_creds == "":
                        crack_creds = "enter"
                      print Back.RED + settings.ERROR_SIGN + "'" + crack_creds + "' is not a valid answer." + Style.RESET_ALL + "\n"
                      pass

              # Digest authentication         
              elif menu.options.auth_type == "digest":
                if not menu.options.ignore_401:
                  print Fore.YELLOW + settings.WARNING_SIGN + "(" + menu.options.auth_type.capitalize() + ")" + " HTTP authentication credentials are required." + Style.RESET_ALL       
                  # Check if heuristics have failed to identify the realm attribute.
                  if not realm:
                    warn_msg = "Heuristics have failed to identify the realm attribute." 
                    print Fore.YELLOW + settings.WARNING_SIGN + warn_msg + Style.RESET_ALL 
                  while True:
                    crack_creds = raw_input(settings.QUESTION_SIGN + "Do you want to perform a dictionary-based attack? [Y/n/q] > ").lower()
                    if crack_creds in settings.CHOICE_YES:
                      auth_creds = authentication.http_auth_cracker(url, realm)
                      if auth_creds != False:
                        menu.options.auth_cred = auth_creds
                        settings.REQUIRED_AUTHENTICATION = True
                        break
                      else:
                        sys.exit(0)
                    elif crack_creds in settings.CHOICE_NO:
                      checks.http_auth_error_msg()
                    elif crack_creds in settings.CHOICE_QUIT:
                      sys.exit(0)
                    else:
                      if crack_creds == "":
                        crack_creds = "enter"
                      print Back.RED + settings.ERROR_SIGN + "'" + crack_creds + "' is not a valid answer." + Style.RESET_ALL + "\n"
                      pass
                  else:   
                    checks.http_auth_error_msg()      
          else:
            pass

        elif e.getcode() == 403:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          print Back.RED + settings.ERROR_SIGN + "You don't have permission to access this page." + Style.RESET_ALL
          sys.exit(0)
          
        elif e.getcode() == 404:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          print Back.RED + settings.ERROR_SIGN + "The host seems to be down!" + Style.RESET_ALL
          sys.exit(0)

        else:
          raise

      except urllib2.URLError, e:
        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
        print Back.RED + settings.ERROR_SIGN + "The host seems to be down!" + Style.RESET_ALL
        sys.exit(0)
Beispiel #12
0
def main():
    try:
        # Check if defined "--version" option.
        if menu.options.version:
            version.show_version()
            sys.exit(0)

        # Checkall the banner
        menu.banner()

        # Check python version number.
        version.python_version()

        # Check if defined "--update" option.
        if menu.options.update:
            update.updater()
            sys.exit(0)

        # Check if defined "--install" option.
        if menu.options.install:
            install.installer()
            sys.exit(0)

        # Check arguments
        if len(sys.argv) == 1:
            menu.parser.print_help()
            print ""
            sys.exit(0)

        # Parse target / data from HTTP proxy logs (i.e Burp / WebScarab).
        if menu.options.logfile:
            parser.logfile_parser()

        # Modification on payload
        if not menu.options.shellshock:
            #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
            settings.SYS_USERS = "echo $(" + settings.SYS_USERS + ")"
            settings.SYS_PASSES = "echo $(" + settings.SYS_PASSES + ")"

        # Check if defined character used for splitting parameter values.
        if menu.options.pdel:
            settings.PARAMETER_DELIMITER = menu.options.pdel

        # Check if defined character used for splitting cookie values.
        if menu.options.cdel:
            settings.COOKIE_DELIMITER = menu.options.cdel

        # Check if specified wrong injection technique
        if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
            found_tech = False
            # Convert injection technique(s) to lowercase
            menu.options.tech = menu.options.tech.lower()
            # Check if used the ',' separator
            if "," in menu.options.tech:
                split_techniques_names = menu.options.tech.split(",")
            else:
                split_techniques_names = menu.options.tech.split()
            if split_techniques_names:
                for i in range(0, len(split_techniques_names)):
                    if len(menu.options.tech) <= 4:
                        split_first_letter = list(menu.options.tech)
                        for j in range(0, len(split_first_letter)):
                            if split_first_letter[
                                    j] in settings.AVAILABLE_TECHNIQUES:
                                found_tech = True
                            else:
                                found_tech = False
            if split_techniques_names[i].replace(
                    ' ', ''
            ) not in settings.AVAILABLE_TECHNIQUES and found_tech == False:
                error_msg = "You specified wrong value '" + split_techniques_names[i] + "' as injection technique. " \
                            "The value, must be a string composed by the letters (C)lassic, (E)val-based, " \
                            "(T)ime-based, (F)ile-based (with or without commas)."
                print Back.RED + settings.ERROR_SIGN + error_msg + Style.RESET_ALL
                sys.exit(0)

        # Cookie Injection
        if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
            settings.COOKIE_INJECTION = True

        # User-Agent Injection
        if menu.options.agent and settings.INJECT_TAG in menu.options.agent:
            settings.USER_AGENT_INJECTION = True

        # Referer Injection
        if menu.options.referer and settings.INJECT_TAG in menu.options.referer:
            settings.REFERER_INJECTION = True

        # Check if specified wrong alternative shell
        if menu.options.alter_shell:
            if menu.options.alter_shell.lower(
            ) not in settings.AVAILABLE_SHELLS:
                print Back.RED + settings.ERROR_SIGN + "'" + menu.options.alter_shell + "' shell is not supported!" + Style.RESET_ALL
                sys.exit(0)

        # Check the file-destination
        if menu.options.file_write and not menu.options.file_dest or \
        menu.options.file_upload  and not menu.options.file_dest:
            print Back.RED + settings.ERROR_SIGN + "Host's absolute filepath to write and/or upload, must be specified (--file-dest)." + Style.RESET_ALL
            sys.exit(0)

        if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None:
            print Back.RED + settings.ERROR_SIGN + "You must enter the '--file-write' or '--file-upload' parameter." + Style.RESET_ALL
            sys.exit(0)

        # Check if defined "--file-upload" option.
        if menu.options.file_upload:
            # Check if not defined URL for upload.
            if not re.match(settings.VALID_URL_FORMAT,
                            menu.options.file_upload):
                print Back.RED + settings.ERROR_SIGN + "The '" + menu.options.file_upload + "' is not a valid URL. " + Style.RESET_ALL
                sys.exit(0)

        # Check if defined "--random-agent" option.
        if menu.options.random_agent:
            menu.options.agent = random.choice(settings.USER_AGENT_LIST)

        # Check if defined "--url" option.
        if menu.options.url:

            url = menu.options.url

            # Check if http / https
            url = checks.check_http_s(url)

            if menu.options.output_dir:
                output_dir = menu.options.output_dir
            else:
                output_dir = settings.OUTPUT_DIR
            dir = os.path.dirname(output_dir)
            try:
                os.stat(output_dir)
            except:
                os.mkdir(output_dir)

            # The logs filename construction.
            filename = logs.create_log_file(url, output_dir)
            try:

                # Check if defined POST data
                if menu.options.data:
                    request = urllib2.Request(url, menu.options.data)
                else:
                    request = urllib2.Request(url)
                headers.do_check(request)

                # Check if defined any HTTP Proxy (--proxy option).
                if menu.options.proxy:
                    proxy.do_check(url)

                # Check if defined Tor (--tor option).
                elif menu.options.tor:
                    tor.do_check()
                sys.stdout.write(settings.INFO_SIGN +
                                 "Checking connection to the target URL... ")
                sys.stdout.flush()
                try:
                    # Check if defined any HTTP Proxy (--proxy option).
                    if menu.options.proxy:
                        response = proxy.use_proxy(request)
                    # Check if defined Tor (--tor option).
                    elif menu.options.tor:
                        response = tor.use_tor(request)
                    else:
                        response = urllib2.urlopen(request)
                except:
                    raise

                html_data = response.read()
                content = response.read()
                print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
                try:
                    if response.info()['server']:
                        server_banner = response.info()['server']
                        found_os_server = False
                        for i in range(0, len(settings.SERVER_OS_BANNERS)):
                            if settings.SERVER_OS_BANNERS[i].lower(
                            ) in server_banner.lower():
                                found_os_server = True
                                settings.TARGET_OS = settings.SERVER_OS_BANNERS[
                                    i].lower()
                                if settings.TARGET_OS == "win" or settings.TARGET_OS == "microsoft":
                                    identified_os = "Windows"
                                    settings.TARGET_OS = identified_os[:
                                                                       3].lower(
                                                                       )
                                    if menu.options.shellshock:
                                        print Back.RED + settings.CRITICAL_SIGN + "The shellshock module is not available for " + identified_os + " tagets." + Style.RESET_ALL
                                        raise SystemExit()
                                else:
                                    identified_os = "Unix-like (" + settings.TARGET_OS + ")"

                        found_server_banner = False
                        for i in range(0, len(settings.SERVER_BANNERS)):
                            if settings.SERVER_BANNERS[i].lower(
                            ) in server_banner.lower():
                                if menu.options.verbose:
                                    print Style.BRIGHT + "(!) The server was identified as " + Style.UNDERLINE + server_banner + Style.RESET_ALL + "." + Style.RESET_ALL
                                settings.SERVER_BANNER = server_banner
                                found_server_banner = True
                                # Set up default root paths
                                if settings.SERVER_BANNERS[i].lower(
                                ) == "apache":
                                    if settings.TARGET_OS == "win":
                                        settings.SRV_ROOT_DIR = "\\htdocs"
                                    else:
                                        settings.SRV_ROOT_DIR = "/var/www"
                                if settings.SERVER_BANNERS[i].lower(
                                ) == "nginx":
                                    settings.SRV_ROOT_DIR = "/usr/share/nginx"
                                if settings.SERVER_BANNERS[i].lower(
                                ) == "microsoft-iis":
                                    settings.SRV_ROOT_DIR = "\\inetpub\\wwwroot"
                                break

                        if menu.options.is_admin or menu.options.is_root and not menu.options.current_user:
                            menu.options.current_user = True

                        # Check for wrong flags.
                        if settings.TARGET_OS == "win":
                            if menu.options.is_root:
                                print Fore.YELLOW + settings.WARNING_SIGN + "Swithing '--is-root' to '--is-admin' because the taget has been identified as windows." + Style.RESET_ALL
                            error_msg = settings.WARNING_SIGN + "The '--passwords' option, is not yet available for Windows targets."
                            if menu.options.passwords:
                                print Fore.YELLOW + settings.WARNING_SIGN + "The '--passwords' option, is not yet available for Windows targets." + Style.RESET_ALL
                            if menu.options.file_upload:
                                print Fore.YELLOW + settings.WARNING_SIGN + "The '--file-upload' option, is not yet available for windows targets. Instead, use the '--file-write' option." + Style.RESET_ALL
                                sys.exit(0)
                        else:
                            if menu.options.is_admin:
                                print Fore.YELLOW + settings.WARNING_SIGN + "Swithing the '--is-admin' to '--is-root' because the taget has been identified as unix-like. " + Style.RESET_ALL

                        if found_os_server == False:
                            # If "--shellshock" option is provided then,
                            # by default is a Linux/Unix operating system.
                            if menu.options.shellshock:
                                pass
                            else:
                                print Fore.YELLOW + settings.WARNING_SIGN + "Heuristics have failed to identify server's operating system." + Style.RESET_ALL
                                while True:
                                    got_os = raw_input(
                                        settings.QUESTION_SIGN +
                                        "Do you recognise the server's operating system? [(W)indows/(U)nix/(q)uit] > "
                                    ).lower()
                                    if got_os.lower() in settings.CHOISE_OS:
                                        if got_os.lower() == "w":
                                            settings.TARGET_OS == "win"
                                            break
                                        elif got_os.lower() == "u":
                                            break
                                        elif got_os.lower() == "q":
                                            raise SystemExit()
                                    else:
                                        if got_os == "":
                                            got_os = "enter"
                                        print Back.RED + settings.ERROR_SIGN + "'" + got_os + "' is not a valid answer." + Style.RESET_ALL + "\n"
                                        pass
                        if found_server_banner == False:
                            print Fore.YELLOW + settings.WARNING_SIGN + "The server which was identified as " + server_banner + " seems unknown." + Style.RESET_ALL
                except KeyError:
                    pass

                # Charset detection [1].
                # [1] http://www.w3schools.com/html/html_charset.asp
                # Check if HTML4 format
                content = re.findall(r";charset=(.*)\"", html_data)
                if len(content) != 0:
                    charset = content
                else:
                    # Check if HTML5 format
                    charset = re.findall(r"charset=['\"](.*?)['\"]", html_data)
                if len(charset) != 0:
                    settings.CHARSET = charset[len(charset) - 1]
                    if settings.CHARSET.lower() not in settings.CHARSET_LIST:
                        print Fore.YELLOW + settings.WARNING_SIGN + "The indicated web-page charset " + settings.CHARSET + " seems unknown." + Style.RESET_ALL
                    else:
                        if menu.options.verbose:
                            print Style.BRIGHT + "(!) The indicated web-page charset appears to be " + Style.UNDERLINE + settings.CHARSET + Style.RESET_ALL + "." + Style.RESET_ALL

            except urllib2.HTTPError, e:
                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                # Check the codes of responses
                if e.getcode() == 500:
                    content = e.read()
                    sys.exit(0)

                elif e.getcode() == 401:
                    if menu.options.auth_type != "basic":
                        print Back.RED + settings.ERROR_SIGN + "Only 'Basic' Access Authentication is supported." + Style.RESET_ALL
                        sys.exit(0)
                    else:
                        print Back.RED + settings.ERROR_SIGN + "Authorization required!" + Style.RESET_ALL
                        sys.exit(0)

                elif e.getcode() == 403:
                    print Back.RED + settings.ERROR_SIGN + "You don't have permission to access this page." + Style.RESET_ALL
                    sys.exit(0)

                elif e.getcode() == 404:
                    print Back.RED + settings.ERROR_SIGN + "The host seems to be down!" + Style.RESET_ALL
                    sys.exit(0)

                else:
                    raise

            except urllib2.URLError, e:
                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                print Back.RED + settings.ERROR_SIGN + "The host seems to be down!" + Style.RESET_ALL
                sys.exit(0)
Beispiel #13
0
def main():
  try:
    # Check if defined "--version" option.
    if menu.options.version:
      version.show_version()
      sys.exit(0)

    # Checkall the banner
    menu.banner()
        
    # Check python version number.
    version.python_version()

    # Check if defined "--dependencies" option. 
    # For checking (non-core) third party dependenices.
    if menu.options.noncore_dependencies:
      checks.third_party_dependencies()
      sys.exit(0)
      
    # Check if defined "--update" option.        
    if menu.options.update:
      update.updater()
        
    # Check if defined "--install" option.        
    if menu.options.install:
      install.installer()
      sys.exit(0)
    
    # Check arguments
    if len(sys.argv) == 1:
      menu.parser.print_help()
      print ""
      sys.exit(0)

    # Define the level of verbosity.
    if menu.options.verbose > 1:
      err_msg = "The value for option '-v' "
      err_msg += "must be an integer value from range [0, 1]."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)
    else:  
      settings.VERBOSITY_LEVEL = menu.options.verbose

    # Check if defined "--delay" option.
    if menu.options.delay:
      if menu.options.delay > "0":
        settings.DELAY = menu.options.delay

    # Define the level of tests to perform.
    if menu.options.level > 3:
      err_msg = "The value for option '--level' "
      err_msg += "must be an integer value from range [1, 3]."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)

    # Parse target / data from HTTP proxy logs (i.e Burp / WebScarab).
    if menu.options.logfile:
      parser.logfile_parser()
 
    # Check provided parameters for tests
    if menu.options.test_parameter:
      if menu.options.test_parameter.startswith("="):
        menu.options.test_parameter = menu.options.test_parameter[1:]
      settings.TEST_PARAMETER = menu.options.test_parameter.split(settings.PARAMETER_SPLITTING_REGEX)
      for i in range(0,len(settings.TEST_PARAMETER)):
        if "=" in settings.TEST_PARAMETER[i]:
          settings.TEST_PARAMETER[i] = settings.TEST_PARAMETER[i].split("=")[0]
    
    # Check if ".git" exists and check for updated version!
    if os.path.isdir("./.git") and settings.CHECK_FOR_UPDATES_ON_START:
      update.check_for_update()

    # Check if defined character used for splitting parameter values.
    if menu.options.pdel:
     settings.PARAMETER_DELIMITER = menu.options.pdel

    # Check if defined character used for splitting cookie values.
    if menu.options.cdel:
     settings.COOKIE_DELIMITER = menu.options.cdel

    # Check if specified wrong injection technique
    if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
      found_tech = False
      # Convert injection technique(s) to lowercase
      menu.options.tech = menu.options.tech.lower()
      # Check if used the ',' separator
      if settings.PARAMETER_SPLITTING_REGEX in menu.options.tech:
        split_techniques_names = menu.options.tech.split(settings.PARAMETER_SPLITTING_REGEX)
      else:
        split_techniques_names = menu.options.tech.split()
      if split_techniques_names:
        for i in range(0,len(split_techniques_names)):
          if len(menu.options.tech) <= 4:
            split_first_letter = list(menu.options.tech)
            for j in range(0,len(split_first_letter)):
              if split_first_letter[j] in settings.AVAILABLE_TECHNIQUES:
                found_tech = True
              else:  
                found_tech = False  
                          
      if split_techniques_names[i].replace(' ', '') not in settings.AVAILABLE_TECHNIQUES and \
         found_tech == False:
        err_msg = "You specified wrong value '" + split_techniques_names[i] 
        err_msg += "' as injection technique. "
        err_msg += "The value, must be a string composed by the letters (C)lassic, (E)val-based, "
        err_msg += "(T)ime-based, (F)ile-based (with or without commas)."
        print settings.print_critical_msg(err_msg)
        sys.exit(0)

    # Check if specified wrong alternative shell
    if menu.options.alter_shell:
      if menu.options.alter_shell.lower() not in settings.AVAILABLE_SHELLS:
        err_msg = "'" + menu.options.alter_shell + "' shell is not supported!"
        print settings.print_critical_msg(err_msg)
        sys.exit(0)

    # Check the file-destination
    if menu.options.file_write and not menu.options.file_dest or \
    menu.options.file_upload  and not menu.options.file_dest:
      err_msg = "Host's absolute filepath to write and/or upload, must be specified (--file-dest)."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)

    if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None :
      err_msg = "You must enter the '--file-write' or '--file-upload' parameter."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)

    # Check if defined "--random-agent" option.
    if menu.options.random_agent:
      menu.options.agent = random.choice(settings.USER_AGENT_LIST)
  
    # Check if defined "--url" option.
    if menu.options.url:
      url = menu.options.url
      
      # Check if http / https
      url = checks.check_http_s(url)

      if menu.options.output_dir:
        output_dir = menu.options.output_dir
      else:
        output_dir = settings.OUTPUT_DIR
      
      # One directory up, if Windows or if the script is being run under "/src".
      if settings.IS_WINDOWS or "/src" in os.path.dirname(os.path.abspath(__file__)):
        os.chdir("..")
        
      output_dir = os.path.dirname(output_dir)
     
      try:
        os.stat(output_dir)
      except:
        os.mkdir(output_dir)   

      # The logs filename construction.
      filename = logs.create_log_file(url, output_dir)
      try:
        
        # Check if defined POST data
        if menu.options.data:
          request = urllib2.Request(url, menu.options.data)
        else:
          request = urllib2.Request(url)

        headers.do_check(request)  
        
        # Check if defined any HTTP Proxy (--proxy option).
        if menu.options.proxy:
          proxy.do_check(url)
        
        # Check if defined Tor (--tor option).
        elif menu.options.tor:
          tor.do_check()
        info_msg = "Checking connection to the target URL... "  
        sys.stdout.write(settings.print_info_msg(info_msg))
        sys.stdout.flush()

        try:
          # Check if defined any HTTP Proxy (--proxy option).
          if menu.options.proxy:
            response = proxy.use_proxy(request)
          # Check if defined Tor (--tor option).  
          elif menu.options.tor:
            response = tor.use_tor(request)
          else:
            try:
              response = urllib2.urlopen(request)
            except ValueError:
              # Invalid format for the '--headers' option.
              print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
              err_msg = "Use '--headers=\"HEADER_NAME:HEADER_VALUE\"' "
              err_msg += "to provide an HTTP header or"
              err_msg += " '--headers=\"HEADER_NAME:" + settings.WILDCARD_CHAR  + "\"' "
              err_msg += "if you want to try to exploit the provided HTTP header."
              print settings.print_critical_msg(err_msg)
              sys.exit(0)
        except:
          raise

        html_data = content = response.read()
        print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"

        # Check for CGI scripts on url
        checks.check_CGI_scripts(url)

        # Modification on payload
        if not menu.options.shellshock:
          #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
          settings.SYS_USERS  = "echo $(" + settings.SYS_USERS + ")"
          settings.SYS_PASSES  = "echo $(" + settings.SYS_PASSES + ")"

        # Check if defined "--file-upload" option.
        if menu.options.file_upload:
          if not re.match(settings.VALID_URL_FORMAT, menu.options.file_upload):
            # Check if not defined URL for upload.
            while True:
              question_msg = "Do you want to enable an HTTP server? [Y/n/q] > "
              sys.stdout.write(settings.print_question_msg(question_msg))
              enable_HTTP_server = sys.stdin.readline().replace("\n","").lower()
              if enable_HTTP_server in settings.CHOICE_YES:
                # Check if file exists
                if not os.path.isfile(menu.options.file_upload):
                  err_msg = "The '" + menu.options.file_upload + "' file, does not exists."
                  sys.stdout.write(settings.print_critical_msg(err_msg) + "\n")
                  sys.exit(0)
                http_server = "http://" + str(settings.LOCAL_HTTP_IP) + ":" + str(settings.LOCAL_HTTP_PORT) + "/"
                info_msg = "Setting the HTTP server on '" + http_server + "'. "  
                print settings.print_info_msg(info_msg)
                menu.options.file_upload = http_server + menu.options.file_upload
                simple_http_server.main()
                break
              elif enable_HTTP_server in settings.CHOICE_NO:
                if not re.match(settings.VALID_URL_FORMAT, menu.options.file_upload):
                  err_msg = "The '" + menu.options.file_upload + "' is not a valid URL. "
                  print settings.print_critical_msg(err_msg)
                  sys.exit(0)
                break  
              elif enable_HTTP_server in settings.CHOICE_QUIT:
                sys.exit(0)
              else:
                if enable_HTTP_server == "":
                  enable_HTTP_server = "enter"
                err_msg = "'" + enable_HTTP_server + "' is not a valid answer."  
                print settings.print_error_msg(err_msg)
                pass
          try:
            urllib2.urlopen(menu.options.file_upload)
          except urllib2.HTTPError, err_msg:
            print settings.print_critical_msg(err_msg)
            sys.exit(0)
          except urllib2.URLError, err_msg:
            print settings.print_critical_msg(err_msg)
            sys.exit(0)

        # Used a valid pair of valid credentials
        if menu.options.auth_cred:
          success_msg = Style.BRIGHT + "Identified a valid pair of credentials '" 
          success_msg += menu.options.auth_cred + Style.RESET_ALL 
          success_msg += Style.BRIGHT + "'." + Style.RESET_ALL
          print settings.print_success_msg(success_msg)

        try:
          if response.info()['server'] :
            server_banner = response.info()['server']
            found_os_server = False
            if menu.options.os and checks.user_defined_os():
              user_defined_os = settings.TARGET_OS

            # Procedure for target OS identification.
            for i in range(0,len(settings.SERVER_OS_BANNERS)):
              if settings.SERVER_OS_BANNERS[i].lower() in server_banner.lower():
                found_os_server = True
                settings.TARGET_OS = settings.SERVER_OS_BANNERS[i].lower()
                if settings.TARGET_OS == "win" or settings.TARGET_OS == "microsoft" :
                  identified_os = "Windows"
                  if menu.options.os and user_defined_os != "win":
                    if not checks.identified_os():
                      settings.TARGET_OS = user_defined_os

                  settings.TARGET_OS = identified_os[:3].lower()
                  if menu.options.shellshock:
                    err_msg = "The shellshock module is not available for " 
                    err_msg += identified_os + " targets."
                    print settings.print_critical_msg(err_msg)
                    raise SystemExit()
                else:
                  identified_os = "Unix-like (" + settings.TARGET_OS + ")"
                  if menu.options.os and user_defined_os == "win":
                    if not checks.identified_os():
                      settings.TARGET_OS = user_defined_os

            # Procedure for target server identification.
            found_server_banner = False
            if settings.VERBOSITY_LEVEL >= 1:
              info_msg = "Identifying the target server... " 
              sys.stdout.write(settings.print_info_msg(info_msg))
              sys.stdout.flush()

            for i in range(0,len(settings.SERVER_BANNERS)):
              if settings.SERVER_BANNERS[i].lower() in server_banner.lower():
                if settings.VERBOSITY_LEVEL >= 1:
                  print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
                if settings.VERBOSITY_LEVEL >= 1:
                  success_msg = "The target server was identified as " 
                  success_msg += server_banner + Style.RESET_ALL + "."
                  print settings.print_success_msg(success_msg)
                settings.SERVER_BANNER = server_banner
                found_server_banner = True

                # Set up default root paths
                if settings.SERVER_BANNERS[i].lower() == "apache":
                  if settings.TARGET_OS == "win":
                    settings.SRV_ROOT_DIR = "\\htdocs"
                  else:
                    settings.SRV_ROOT_DIR = "/var/www"
                if settings.SERVER_BANNERS[i].lower() == "nginx": 
                  settings.SRV_ROOT_DIR = "/usr/share/nginx"
                if settings.SERVER_BANNERS[i].lower() == "microsoft-iis":
                  settings.SRV_ROOT_DIR = "\\inetpub\\wwwroot"
                break

            if not found_server_banner:
              if settings.VERBOSITY_LEVEL >= 1:
                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
              warn_msg = "Heuristics have failed to identify target server."
              print settings.print_warning_msg(warn_msg)

            # Procedure for target application identification
            found_application_extension = False
            if settings.VERBOSITY_LEVEL >= 1:
              info_msg = "Identifying the target application ... " 
              sys.stdout.write(settings.print_info_msg(info_msg))
              sys.stdout.flush()
            root, application_extension = splitext(urlparse(url).path)
            settings.TARGET_APPLICATION = application_extension[1:].upper()
            
            if settings.TARGET_APPLICATION:
              found_application_extension = True
              if settings.VERBOSITY_LEVEL >= 1:
                print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"           
                success_msg = "The target application was identified as " 
                success_msg += settings.TARGET_APPLICATION + Style.RESET_ALL + "."
                print settings.print_success_msg(success_msg)

              # Check for unsupported target applications
              for i in range(0,len(settings.UNSUPPORTED_TARGET_APPLICATION)):
                if settings.TARGET_APPLICATION.lower() in settings.UNSUPPORTED_TARGET_APPLICATION[i].lower():
                  err_msg = settings.TARGET_APPLICATION + " exploitation is not yet supported."  
                  print settings.print_critical_msg(err_msg)
                  raise SystemExit()

            if not found_application_extension:
              if settings.VERBOSITY_LEVEL >= 1:
                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
              warn_msg = "Heuristics have failed to identify target application."
              print settings.print_warning_msg(warn_msg)

            # Load tamper scripts
            if menu.options.tamper:
              checks.tamper_scripts()

            # Store the Server's root dir
            settings.DEFAULT_SRV_ROOT_DIR = settings.SRV_ROOT_DIR

            if menu.options.is_admin or menu.options.is_root and not menu.options.current_user:
              menu.options.current_user = True

            # Define Python working directory.
            if settings.TARGET_OS == "win" and menu.options.alter_shell:
              while True:
                question_msg = "Do you want to use '" + settings.WIN_PYTHON_DIR 
                question_msg += "' as Python working directory on the target host? [Y/n] > "
                sys.stdout.write(settings.print_question_msg(question_msg))
                python_dir = sys.stdin.readline().replace("\n","").lower()
                if python_dir in settings.CHOICE_YES:
                  break
                elif python_dir in settings.CHOICE_NO:
                  question_msg = "Please provide a custom working directory for Python (e.g. '" 
                  question_msg += settings.WIN_PYTHON_DIR + "') > "
                  sys.stdout.write(settings.print_question_msg(question_msg))
                  settings.WIN_PYTHON_DIR = sys.stdin.readline().replace("\n","").lower()
                  break
                else:
                  if python_dir == "":
                    python_dir = "enter"
                  err_msg = "'" + python_dir + "' is not a valid answer."  
                  print settings.print_error_msg(err_msg)
                  pass
              settings.USER_DEFINED_PYTHON_DIR = True

            # Check for wrong flags.
            if settings.TARGET_OS == "win":
              if menu.options.is_root :
                warn_msg = "Swithing '--is-root' to '--is-admin' because the "
                warn_msg += "target has been identified as windows."
                print settings.print_warning_msg(warn_msg)
              if menu.options.passwords:
                warn_msg = "The '--passwords' option, is not yet available for Windows targets."
                print settings.print_warning_msg(warn_msg)  
              if menu.options.file_upload :
                warn_msg = "The '--file-upload' option, is not yet available for windows targets. "
                warn_msg += "Instead, use the '--file-write' option."
                print settings.print_warning_msg(warn_msg)  
                sys.exit(0)
            else: 
              if menu.options.is_admin : 
                warn_msg = "Swithing the '--is-admin' to '--is-root' because "
                warn_msg += "the target has been identified as unix-like. "
                print settings.print_warning_msg(warn_msg)  
            
            if found_os_server == False and \
               not menu.options.os:
              # If "--shellshock" option is provided then,
              # by default is a Linux/Unix operating system.
              if menu.options.shellshock:
                pass 
              else:
                warn_msg = "Heuristics have failed to identify server's operating system."
                print settings.print_warning_msg(warn_msg)
                while True:
                  question_msg = "Do you recognise the server's operating system? "
                  question_msg += "[(W)indows/(U)nix/(q)uit] > "
                  sys.stdout.write(settings.print_question_msg(question_msg))
                  got_os = sys.stdin.readline().replace("\n","").lower()
                  if got_os.lower() in settings.CHOICE_OS :
                    if got_os.lower() == "w":
                      settings.TARGET_OS = "win"
                      break
                    elif got_os.lower() == "u":
                      break
                    elif got_os.lower() == "q":
                      raise SystemExit()
                  else:
                    if got_os == "":
                      got_os = "enter"
                    err_msg = "'" + got_os + "' is not a valid answer."  
                    print settings.print_error_msg(err_msg)
                    pass

            if not menu.options.os:
              if found_server_banner == False:
                warn_msg = "The server which was identified as " 
                warn_msg += server_banner + " seems unknown."
                print settings.print_warning_msg(warn_msg)
          else:
            found_os_server = checks.user_defined_os()
        except KeyError:
          pass

        # Charset detection.
        requests.charset_detection(response)