def main(args): LOG.info("Running nikto for {}".format(args.url)) parsed_url = urlparse(args.url) netloc = parsed_url.netloc # if non-standard port break it up. if ":" in netloc: domain = netloc.split(":")[0] port = netloc.split(":")[1] # otherwise port is based on scheme else: domain = netloc if parsed_url.scheme == 'http': port = '80' else: port = '443' if parsed_url.scheme == 'https': ssl = " -ssl" else: ssl = "" if parsed_url.path: root = " -root " + parsed_url.path else: root = "" command = NIKTO_COMMAND.format(domain=domain, port=port, root=root, ssl=ssl) netloc = urlparse(args.url).netloc domain = netloc.split(":")[0] html_path = os.path.join(args.output, "nikto_{}.html".format(domain)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and args.screenshot: LOG.info("Creating a screenshot of the output and saving it to {}".format(args.screenshot)) utils.dir_exists(args.screenshot, True) utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): LOG.info("Running nmap with http-methods script for {}".format(args.url)) parsed_url = urlparse(args.url) netloc = parsed_url.netloc # if non-standard port break it up. if ":" in netloc: domain = netloc.split(":")[0] port = netloc.split(":")[1] # otherwise port is based on scheme else: domain = netloc if parsed_url.scheme == 'http': port = '80' else: port = '443' if parsed_url.path: command = "nmap --script http-methods --script-args http-methods.url-path='{path}' -p {port} {domain}".format( path=parsed_url.path, port=port, domain=domain) else: command = "nmap --script http-methods -p {port} {domain}".format( port=port, domain=domain) LOG.info(f"Running command: {command}") html_path = os.path.join(args.output, "http_methods_{}.html".format(domain)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and args.screenshot: utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def run_testssl(url, output, no_screenshot, proxy): if not utils.uses_encryption(url): return parsed_url = urlparse(url) port = '443' if parsed_url.port: port = str(parsed_url.port) html_path = os.path.join(output, f"testssl_{parsed_url.netloc}_{port}.html") csv_output = os.path.join(output, f"testssl_{parsed_url.netloc}_{port}.csv") if os.path.isfile(csv_output): LOG.info("CSV file already exists, deleting it.") os.remove(csv_output) if proxy: command = f"testssl --warnings off --csvfile {csv_output} --proxy {proxy} {url}" else: command = f"testssl --warnings off --csvfile {csv_output} {url}" LOG.info('Running command: {}'.format(command)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and not no_screenshot: screenshot_path = os.path.join(output, "screenshots") LOG.info("Creating a screenshot of the output and saving it to {}".format(screenshot_path)) utils.dir_exists(screenshot_path, True) utils.selenium_image(html_output, screenshot_path) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(output, url, no_screenshot, proxy): os.makedirs(output, exist_ok=True) output_dir = output output = os.path.join(output, "nmap_sT_common_{}".format(url)) if proxy: command = """nmap -sT --proxy-type socks5h --proxy {proxy} -oA {output} {url}""".format( output=output, url=url, proxy=proxy) else: command = """nmap -sT -oA {output} {url}""".format(output=output, url=url) LOG.info("Running the command: {}".format(command)) file_name = "nmap_sT_common_{}.html".format(url) html_path = os.path.join(output_dir, file_name) LOG.info("Saving output to: {}".format(html_path)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and not no_screenshot: screenshot_path = os.path.join(output_dir, "screenshots") LOG.info( "Creating a screenshot of the output and saving it to {}".format( screenshot_path)) utils.dir_exists(screenshot_path, True) utils.selenium_image(html_output, screenshot_path) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): LOG.info("Running whatweb for {}".format(args.url)) if args.proxy: # command = 'whatweb -v -a 3 --proxy {proxy} --user-agent "{ua}" {url}'.format( # ua=USER_AGENT, url=args.url, proxy=args.proxy) command = [ 'whatweb', '-v', '-a', '3', '--proxy', args.proxy, '--user-agent', '"' + USER_AGENT + '"', args.url ] else: # command = 'whatweb -v -a 3 --user-agent "{ua}" {url}'.format(ua=USER_AGENT, url=args.url) command = [ 'whatweb', '-v', '-a', '3', '--user-agent', '"' + USER_AGENT + '"', args.url ] LOG.info(command) netloc = urlparse(args.url).netloc domain = netloc.split(":")[0] html_path = os.path.join(args.output, "whatweb_{}.html".format(domain)) text_output = run_commands.bash_command(command, split=False) html_output = run_commands.create_html_file(text_output, command, html_path) # text_output = run_commands.bash_command(command_string, split=False) # html_output = run_commands.create_html_file(text_output, command_string, html_path) if html_output and args.screenshot: LOG.info( "Creating a screenshot of the output and saving it to {}".format( args.screenshot)) utils.dir_exists(args.screenshot, True) utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def write_iframe(args): iframe_html = """ <!DOCTYPE HTML> <html> <head> <style> body {{ background: white; color: black; }} </style> </head> <body> <h1>Website {0} inside an iFrame</h1> <iframe src="{0}" height=600 width=600></iframe> </body> </html> """.format(args.website) output_file = os.path.join(args.output_dir, 'iframe.html') LOG.info("Writing iframe file to: {}".format(output_file)) with open(output_file, 'w') as f: f.write(iframe_html) LOG.info("File written.") if args.screenshot: utils.selenium_image(output_file, args.screenshot, sleep=1)
def run_nikto(url_dict, output_dir, proxy, screenshot=False): html_path = os.path.join( output_dir, f"nikto_{url_dict['domain']}_{url_dict['port']}.html") csv_path = os.path.join( output_dir, f"nikto_{url_dict['domain']}_{url_dict['port']}.csv") if proxy: log.info(f"Using proxy: {proxy}") command_text = NIKTO_PROXY_COMMAND else: command_text = NIKTO_COMMAND command = command_text.format(domain=url_dict['domain'], port=url_dict['port'], root=url_dict['root'], ssl=url_dict['ssl'], output=csv_path, proxy=proxy) log.info('Running command: {}'.format(command)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and screenshot: log.info( "Creating a screenshot of the output and saving it to {}".format( screenshot)) utils.dir_exists(screenshot, True) utils.selenium_image(html_output, screenshot) if not html_output: log.error("Didn't receive a response from running the command.")
def main(output, url, no_screenshot, proxy): command = f"python http_methods.py -o {output} -u {url}" print_o("*" * 20) print_o("Running http_methods.py") print_o(f"Testing {url} against a list of potentially dangerous HTTP Methods.") print_o(f"Methods we are testing: {', '.join(METHODS)}") print_o(f"Saving any content received from these methods to {output}/http_methods/") if proxy: print_o(f"Using proxy: {proxy}") print_o("*" * 20) found_methods = [] methods_folder = os.path.join(output, "http_methods") os.makedirs(methods_folder, exist_ok=True) parsed_url = urlparse(url) netloc = parsed_url.netloc if not parsed_url.path: path = "/" else: path = parsed_url.path if proxy: log.debug(f"Configuring proxy {proxy}") proxy_host = proxy.split(":")[0] proxy_port = int(proxy.split(":")[-1]) host = netloc.split(":")[0] port = int(netloc.split(":")[-1]) if parsed_url.scheme == 'https': conn = http.client.HTTPSConnection(proxy_host, proxy_port, context=ssl._create_unverified_context()) conn.set_tunnel(host, port) else: conn = http.client.HTTPConnection(proxy_host, proxy_port) conn.set_tunnel(host, port) else: if parsed_url.scheme == 'https': conn = http.client.HTTPSConnection(netloc, timeout=10) else: conn = http.client.HTTPConnection(netloc, timeout=10) for method in METHODS: response = get_response(conn, parsed_url, method, path, proxy) if not response: continue found_methods.append(method) method_file = os.path.join(methods_folder, method + "_method_check.html") with open(method_file, "w") as fp: for line in response.splitlines(): fp.write(line.decode('utf8') + "\n") print_o("*" * 20) if len(found_methods) > 0: print_o(f"Done. We found these methods that need further investigation: {', '.join(found_methods)}") else: print_o(f"Done. No methods need further investigation.") print_o("*" * 20) http_output_path = os.path.join(methods_folder, "http_methods.html") render_output("http_methods.py", command, http_output_path) if not no_screenshot: screenshot_path = os.path.join(output, "screenshots") utils.selenium_image(http_output_path, screenshot_path)
def main(args): LOG.info("Running whois for {}".format(args.domain)) command = "whois -H {domain}".format(domain=args.domain) html_path = os.path.join(args.output, "whois_{}.html".format(args.domain)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and args.screenshot: LOG.info("Creating a screenshot of the output and saving it to {}".format(args.screenshot)) utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def run_escan(ips_file, output_dir, screenshot=False): html_path = os.path.join(output_dir, "eternal_scan.html") command = f'escan -ck {ips_file}' LOG.info('Running command: ' + command) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and screenshot: LOG.info("Creating a screenshot of the output and saving it to {}".format(screenshot)) utils.dir_exists(screenshot, True) utils.selenium_image(html_output, screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): LOG.info("Running yasuo") command = "yasuo.rb -s /opt/yasuo/signatures.yaml -f {nmap_xml} -t 10".format( nmap_xml=args.input) LOG.info("Running the command: {}".format(command)) html_path = os.path.join(args.output, "yasuo.html") LOG.info("Saving output to: {}".format(html_path)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and args.screenshot: utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def run_brute(args): rc_brute = os.path.join(args.ptfolder, "rc_files/recon_brute.rc") command = "recon-ng -r {}".format(rc_brute) LOG.info("Running the command: {}".format(command)) file_name = "recon_brute.html" html_path = os.path.join(args.output, file_name) LOG.info("Saving output to: {}".format(html_path)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and args.screenshot: utils.selenium_image(html_output, args.screenshot, x=800, y=800, cropx=-10, cropy=-100, sleep=2, bottom=True) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): LOG.info("Running uniscan on {}".format(args.url)) netloc = urlparse(args.url).netloc domain = netloc.split(":")[0] url = urlparse(args.url).scheme + "://" + netloc + urlparse(args.url).path command = "uniscan -u {url} -qweds".format(url=url) html_path = os.path.join(args.output, "uniscan_{}.html".format(domain)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and args.screenshot: LOG.info("Creating a screenshot of the output and saving it to {}".format(args.screenshot)) utils.dir_exists(args.screenshot, True) utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): LOG.info("Running nmap") os.makedirs(args.output, exist_ok=True) output = os.path.join(args.output, "nmap_sT_common") command = """nmap -sT -oA {output} -iL {input_file}""".format( output=output, input_file=args.input) LOG.info("Running the command: {}".format(command)) file_name = "nmap_sT_common.html" html_path = os.path.join(args.output, file_name) LOG.info("Saving output to: {}".format(html_path)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and args.screenshot: utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def run_wpscan(url, output_dir, screenshot=False): html_path = os.path.join(output_dir, f"wpscan_{url['domain']}_{url['port']}.html") command = WPSCAN_COMMAND.format(url=url['url']) LOG.info('Running command: {}'.format(command)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and screenshot: LOG.info( "Creating a screenshot of the output and saving it to {}".format( screenshot)) utils.dir_exists(screenshot, True) utils.selenium_image(html_output, screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): LOG.info("Running theHarvester") os.makedirs(args.output, exist_ok=True) output = os.path.join(args.output, "harvester.html") command = """theHarvester -d {domain} -b all -l 100 -f {output}""".format( domain=args.domain, output=output) LOG.info("Running the command: {}".format(command)) file_name = "harvester_output.html" html_path = os.path.join(args.output, file_name) LOG.info("Saving output to: {}".format(html_path)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and args.screenshot: utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): os.makedirs(args.output, exist_ok=True) LOG.info("Running fierce for {}".format(args.domain)) command = "fierce -dns {} -threads 3".format(args.domain) LOG.info("Running the command: {}".format(command)) file_name = "fierce_{}.html".format(args.domain) html_path = os.path.join(args.output, file_name) LOG.info("Saving output to: {}".format(html_path)) html_output = utils.run_command_two(command, html_path, timeout=60 * 60 * 1) # let fierce run for an hour if html_output and args.screenshot: utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): LOG.info("Running wafw00f for {}".format(args.url)) command = "wafw00f -a {url}".format(url=args.url) netloc = urlparse(args.url).netloc domain = netloc.split(":")[0] html_path = os.path.join(args.output, "wafw00f_{}.html".format(domain)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and args.screenshot: LOG.info( "Creating a screenshot of the output and saving it to {}".format( args.screenshot)) utils.dir_exists(args.screenshot, True) utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): # Run nslookup query for Name Servers LOG.info("Running nslookup with type NS") content, ns_html = run_nslookup(args.domain, args.output, "NS") auth_nameservers = parse_nslookup_ns(content) # Run nslookup query for MX records _, mx_html = run_nslookup(args.domain, args.output, "MX", auth_nameservers[0]) # Run nslookup query for SRV records _, srv_html = run_nslookup(args.domain, args.output, "SRV", auth_nameservers[0]) # Run nslookup query for any records _, any_html = run_nslookup(args.domain, args.output, "ANY", auth_nameservers[0]) # Take picture of html file if args.screenshot: for html_file in [ns_html, mx_html, srv_html, any_html]: utils.selenium_image(html_file, args.screenshot)
def main(args): LOG.info("Running dirb for {}".format(args.url)) netloc = urlparse(args.url).netloc domain = netloc.split(":")[0] command = "dirb {url} /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt -S".format( url=args.url) html_path = os.path.join(args.output, "dirb_{}.html".format(domain)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and args.screenshot: LOG.info( "Creating a screenshot of the output and saving it to {}".format( args.screenshot)) utils.dir_exists(args.screenshot, True) utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(output, url, no_screenshot, proxy): if proxy: command = "wafw00f -a -p {proxy} {url}".format(proxy=proxy, url=url) else: command = "wafw00f -a {url}".format(url=url) LOG.info("Running wafw00f command: {}".format(command)) netloc = urlparse(url).netloc domain = netloc.split(":")[0] html_path = os.path.join(output, "wafw00f_{}.html".format(domain)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and not no_screenshot: screenshot_path = os.path.join(output, "screenshots") LOG.info("Creating a screenshot of the output and saving it to {}".format(screenshot_path)) utils.dir_exists(screenshot_path, True) utils.selenium_image(html_output, screenshot_path) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): if not args.no_update: update_searchsploit() search_terms = get_search_terms(args.input) if not search_terms: LOG.info("No banner information found in nmap file: {}".format(args.input)) raise SystemExit LOG.info("Found {} terms to search.".format(len(search_terms))) stdout = "" for term in search_terms: command = "searchsploit {term}".format(term=term) stdout += "\rsearchsploit '{}'\r".format(term) + run_searchsploit(command).decode('utf-8') html_path = os.path.join(args.output, "searchsploit.html") LOG.info("Saving output to: {}".format(html_path)) aha = run_aha(html_path, stdout) if aha and args.screenshot: utils.selenium_image(html_path, args.screenshot) if not html_path: LOG.error("Didn't receive a response from running aha.")
def run_whatweb(url, output_dir, screenshot=False): parsed_url = urlparse(url) port = parsed_url.port if not port: if parsed_url.scheme == 'http': port = '80' else: port = '443' html_path = os.path.join(output_dir, f"whatweb_{parsed_url.netloc}_{port}.html") command = WHATWEB_COMMAND.format(url=url) LOG.info('Running command: {}'.format(command)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and screenshot: LOG.info("Creating a screenshot of the output and saving it to {}".format(screenshot)) utils.dir_exists(screenshot, True) utils.selenium_image(html_output, screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): LOG.info("Running gobuster for {}".format(args.url)) netloc = urlparse(args.url).netloc domain = netloc.split(":")[0] if args.proxy: command = PROXY_COMMAND.format(url=args.url, proxy=args.proxy) else: command = COMMAND.format(url=args.url) html_path = os.path.join(args.output, "gobuster_{}.html".format(domain)) text_output = run_commands.bash_command(command) html_output = run_commands.create_html_file(text_output, command, html_path) if html_output and args.screenshot: LOG.info( "Creating a screenshot of the output and saving it to {}".format( args.screenshot)) utils.dir_exists(args.screenshot, True) utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): LOG.info("Running whatweb for {}".format(args.url)) command_string = 'whatweb -v -a 3 --user-agent {ua} {url}'.format( ua=USER_AGENT, url=args.url) command = 'whatweb -v -a 3 --user-agent'.split() command += [USER_AGENT, args.url] LOG.info(command_string) netloc = urlparse(args.url).netloc domain = netloc.split(":")[0] html_path = os.path.join(args.output, "whatweb_{}.html".format(domain)) text_output = run_commands.bash_command(command, split=False) html_output = run_commands.create_html_file(text_output, command_string, html_path) if html_output and args.screenshot: LOG.info( "Creating a screenshot of the output and saving it to {}".format( args.screenshot)) utils.dir_exists(args.screenshot, True) utils.selenium_image(html_output, args.screenshot) if not html_output: LOG.error("Didn't receive a response from running the command.")
def main(args): os.makedirs(args.output, exist_ok=True) # Run nslookup query for Name Servers LOG.info("Running nslookup with type NS") content, ns_html = run_nslookup(args.domain, args.output, "NS") auth_nameservers = parse_nslookup_ns(content) if not auth_nameservers: LOG.error("No authoritative nameservers found, cannot continue.") sys.exit() # Run nslookup query for MX records _, mx_html = run_nslookup(args.domain, args.output, "MX", auth_nameservers[0]) # Run nslookup query for SRV records _, srv_html = run_nslookup(args.domain, args.output, "SRV", auth_nameservers[0]) # Run nslookup query for any records _, any_html = run_nslookup(args.domain, args.output, "ANY", auth_nameservers[0]) # Take picture of html file if args.screenshot: os.makedirs(args.screenshot, exist_ok=True) for html_file in [ns_html, mx_html, srv_html, any_html]: utils.selenium_image(html_file, args.screenshot)