def worker(self, rhost):
self.domains = []
self.victim = rhost
try:
self.ip = gethostbyname(self.victim)
except:
self.frmwk.print_error('Cann\' get IP Address')
return False
self.domains.append(self.victim)
if self.ip in CONFIG.IP_WHITE_LIST:
self.frmwk.print_error('Site down!')
return False
self.threadlist = []
self.frmwk.print_status("IP : %s" % self.ip)
self.frmwk.print_line("-------------------------------------------")
for searcher in self.SEARCHERS:
thread = Thread(target = self.reverseip, args = (searcher,))
self.threadlist.append(thread)
thread.start()
for thread in self.threadlist:
try:
thread.join(CONFIG.TIME_OUT)
if thread.isAlive():
thread.terminate()
except timeout:
self.frmwk.print_error('Exception Timeout')
pass
self.frmwk.print_line("-------------------------------------------\n")
#import from db
if self.frmwk.dbconnect:
self.frmwk.print_status('Getting subdomain in database')
cursor = self.frmwk.dbconnect.db.cursor()
iprow = getIP(cursor, self.ip)
if iprow:
dmrow = getDomain(cursor, ['domain_name'], {'ip_id_list': '%%!%s|%%' % iprow[0]})
for dm in dmrow:
self.domains.append(dm[0])
cursor.close()
self.domains = sortlistdomain(self.domains)
if self.options['CHECK']:
self.frmwk.print_status('Checking domain\'s in this IP')
checker = checkdomains(self.frmwk, self.ip, self.domains)
checker.checklistdomain(self.options['THREADS'])
self.domains = sorted(list(set(checker.response)))
if self.frmwk.dbconnect and self.options['CHECK']:
self.frmwk.print_status('Saving database!')
self.Saver()
self.frmwk.print_success('List domain:')
self.frmwk.print_line("----------------")
self.frmwk.print_line("\n".join(self.domains))
return True
def worker(self, rhost):
self.domains = []
self.victim = rhost
try:
self.ip = gethostbyname(self.victim)
except:
self.frmwk.print_error('Cann\' get IP Address')
return False
self.domains.append(self.victim)
if self.ip in CONFIG.IP_WHITE_LIST:
self.frmwk.print_error('Site down!')
return False
self.threadlist = []
self.frmwk.print_status("IP : %s" % self.ip)
self.frmwk.print_line("-------------------------------------------")
for searcher in self.SEARCHERS:
thread = Thread(target=self.reverseip, args=(searcher, ))
self.threadlist.append(thread)
thread.start()
for thread in self.threadlist:
try:
thread.join(CONFIG.TIME_OUT)
if thread.isAlive():
thread.terminate()
except timeout:
self.frmwk.print_error('Exception Timeout')
pass
self.frmwk.print_line("-------------------------------------------\n")
#import from db
if self.frmwk.dbconnect:
self.frmwk.print_status('Getting subdomain in database')
cursor = self.frmwk.dbconnect.db.cursor()
iprow = getIP(cursor, self.ip)
if iprow:
dmrow = getDomain(cursor, ['domain_name'],
{'ip_id_list': '%%!%s|%%' % iprow[0]})
for dm in dmrow:
self.domains.append(dm[0])
cursor.close()
self.domains = sortlistdomain(self.domains)
if self.options['CHECK']:
self.frmwk.print_status('Checking domain\'s in this IP')
checker = checkdomains(self.frmwk, self.ip, self.domains)
checker.checklistdomain(self.options['THREADS'])
self.domains = sorted(list(set(checker.response)))
if self.frmwk.dbconnect and self.options['CHECK']:
self.frmwk.print_status('Saving database!')
self.Saver()
self.frmwk.print_success('List domain:')
self.frmwk.print_line("----------------")
self.frmwk.print_line("\n".join(self.domains))
return True
def worker(self, domain):
threads = []
self.subs = [domain]
self.emails = []
self.listip = {}
##################################################
subbrute = []
for ext in ['.', '-', '']:
for sub in self.subbrute:
subbrute.append(sub + ext + domain)
if len(subbrute) > 0:
self.frmwk.print_status('Starting bruteforce subdomain in : %d thread' % self.subbrutethread)
self.listip = IP().getListIP(subbrute, self.subbrutethread)
del subbrute
##################################################
if self.options['TYPE'].strip().lower() == "fast":
type = 2
elif self.options['TYPE'].strip().lower() == "slow":
type = 0
else:
type = 1
##################################################
self.frmwk.print_status("%s : Start search enginee !" % domain)
keywork = '"@' + domain + '" ext:(' + ' OR '.join(CONFIG.EXTENSION) + ')'
if self.searcher in ("yahoo", "all"):
yh = yahoo.yahoo(keywork, self.limit, self.delay)
yh.start()
threads.append(yh)
if self.searcher in ("bing", "all"):
bg = bing.bing(keywork, self.limit, self.delay)
bg.start()
threads.append(bg)
if self.searcher in ("baidu", "all"):
bd = baidu.baidu('"@' + domain + '"', self.limit, self.delay)
bd.start()
threads.append(bd)
if self.searcher in ("exalead", "all"):
el = exalead.exalead(keywork, self.limit, self.delay)
el.start()
threads.append(el)
if self.searcher in ("google", "all"):
gg = google.google(keywork, self.limit, self.delay)
gg.start()
threads.append(gg)
############### get info from db ##################
if self.frmwk.dbconnect:
self.frmwk.print_status('Getting data in database')
cursor = self.frmwk.dbconnect.db.cursor()
dmrow = getDomain(cursor, ['domain_name', 'mail_list'], {'domain_name': '%%%s' % domain})
if dmrow:
for dm in dmrow:
self.subs.append(dm[0])
if dm[1]:
for e in dm[1].split('\n'):
self.emails.append(e.split('|')[0].strip())
else:
self.frmwk.print_status('Nothing in Database!')
cursor.close()
else:
self.frmwk.print_error('Database connect false!')
##################################################
docsthreads = []
try:
for t in threads:
t.join()
self.frmwk.print_status("Harvesting : <[ {0:<25} {1:d}".format(t.name, len(t.info)))
if self.multithread:
ps = Thread(target = filter.Filter, args = (domain, t.info, type,))
docsthreads.append(ps)
ps.start()
else:
s,e = filter.Filter(domain, t.info, type)
self.subs += s
self.emails += e
except KeyboardInterrupt:
for t in threads:
if t.isAlive():
t.terminate()
for t in docsthreads:
if t.isAlive():
t.terminate()
pass
if len(docsthreads) > 0:
for ps in docsthreads:
s,e = ps.join()
self.subs += s
self.emails += e
self.subs.append(domain)
self.subs = sorted(list(set(self.subs)))
self.emails = sorted(list(set(self.emails)))
############ check subdomain ##############
self.frmwk.print_status('Checking subdomain in : %d thread' % self.subbrutethread)
ips = IP().getListIP(self.subs, self.subbrutethread)
for ip in ips.keys():
if ip in self.listip:
self.listip[ip] = sorted(list(set(self.listip[ip] + ips[ip])))
else:
self.listip[ip] = ips[ip]
del ips
################ insert db #################
if self.frmwk.dbconnect:
self.frmwk.print_status('start save database!')
self.DBInsert(domain)
################# reverse ip ###############
if self.reverseip:
for ip in self.listip.keys():
reip = self.frmwk.modules['info/reverse_ip']
reip.options.addString('RHOST', 'IP/Domain to reverse(support : ip1,ip2...)', default = ip)
reip.options.addBoolean('CHECK', 'check domain is in this IP ', default = True)
reip.options.addInteger('THREADS', 'thread check domain', default = 10)
############################
reip.advanced_options.addPath('HOSTLIST', 'Path to domain list', False)
reip.advanced_options.addPath('OUTPUT', 'Output directory', False)
reip.run(self.frmwk, None)
self.frmwk.reload_module('info/reverse_ip')
for d in reip.domains:
if d.endswith(domain):
self.listip[ip].append(d)
self.listip[ip] = sorted(list(set(self.listip[ip])))
###########################################
self.frmwk.print_line()
self.frmwk.print_success("Hosts found in search engines:\n------------------------------")
for ip in self.listip.keys():
self.frmwk.print_success('IP Server : ' + ip)
for dm in self.listip[ip]:
self.frmwk.print_line('\t. ' + dm)
self.frmwk.print_line()
self.frmwk.print_line()
self.frmwk.print_success("Emails found:\n-------------")
self.frmwk.print_line("\n".join(self.emails))
self.frmwk.print_line('')
