async def paramspider(ctx, *, argument):
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
paramPath = TOOLS['paramspider']
await ctx.send(
"**Collecting Parameters Using ParamSpider, We Will Send The Results When It's Done**"
)
Process = subprocess.Popen(
f"python3 {paramPath}/paramspider.py -d {argument}",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
Output = Process.communicate()[0].decode('UTF-8')
Output = removeColors.Remove(Text=Output)
Output = Output.split('\n')
urlsList = []
for singleLine in Output:
if singleLine.startswith('http'):
urlsList.append(singleLine)
else:
pass
Output = '\n'.join(urlsList)
if len(Output) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(Output)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"ParamSpider Results: {URL_}")
else:
await ctx.send("**ParamSpider Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f'**ParamSpider Results:**')
await ctx.send(f'```{Output}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def info(ctx, *, argument):
global logsItems
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
try:
subdomainsFile = logsItems[argument]
except Exception:
await ctx.send(
"**There's no subdomains has been collected for this target. please use** `.subdomains [TARGET]` **Then try again.**"
)
return
await ctx.send(
f"**Getting Subdomains Information (titles , status-codes, web-servers) for {argument} using httpx.**"
)
Process = subprocess.Popen(
f"cat data/subdomains/{subdomainsFile} | httpx -title -web-server -status-code -follow-redirects -silent",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
httpxResults = Process.communicate()[0].decode('UTF-8')
httpxResults = removeColors.Remove(Text=httpxResults)
if len(httpxResults) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(httpxResults)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"Httpx Results: {URL_}")
else:
await ctx.send("**Httpx Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f"**Httpx Results For {argument}:**")
await ctx.send(f'```{httpxResults}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def subjs(ctx, *, argument):
global logsItems
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
try:
subdomainsFile = logsItems[argument]
except Exception:
await ctx.send(
"**There's no subdomains has been collected for this target. please use** `.subdomains [TARGET]` **Then try again.**"
)
return
await ctx.send(f"**Extracting JS Files From {argument} Using Subjs**")
Process = subprocess.Popen(f"cat data/subdomains/{subdomainsFile} | subjs",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
subjsResults = Process.communicate()[0].decode('UTF-8')
if subjsResults == '':
await ctx.send(f"**Subjs Couldn't Find Issue On {argument}**")
elif len(subjsResults) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(subjsResults)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"Subjs Results: {URL_}")
else:
await ctx.send("**Subjs Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f"**Subjs Results For {argument}:**")
await ctx.send(f'```{subjsResults}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def findomain(ctx, *, argument):
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
findomainPath = TOOLS['findomain']
await ctx.send(
"**Collecting Subdomains Using Findomain, We Will Send The Results When It's Done**"
)
Process = subprocess.Popen(f"{findomainPath} --target {argument} --quiet",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
Output = Process.communicate()[0].decode('UTF-8')
if len(Output) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(Output)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"Findomain Results: {URL_}")
else:
await ctx.send("**Findomain Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send("**Findomain Results:**")
await ctx.send(f"```{Output}```")
await ctx.send(f"\n**- {ctx.message.author}**")
async def gitls(ctx, *, argument):
if not CommandInjection.commandInjection(RCE=RCE, argument=argument):
await ctx.send(
"Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
await ctx.send("**Collecting github projects using gitls**")
Process = subprocess.Popen(f"echo https://github.com/{argument} | gitls",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
Output = Process.communicate()[0].decode('UTF-8')
if len(Output) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(Output)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"Gitls Results: {URL_}")
else:
await ctx.send("**Gitls Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
elif len(Output) == 0:
await ctx.send(f"**Gitls didn't reutrn an output for your command**")
else:
await ctx.send(f'**Gitls Results:**')
await ctx.send(f'```{Output}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def recon(ctx, *, argument):
if path.exists(f'/{USER}/{RECON_PATH}/{argument}'):
try:
Path = f'/{USER}/{RECON_PATH}/{argument}'.replace('//',
'/').replace(
'..', '')
Data = open(Path).read().rstrip()
Data = removeColors.Remove(Text=Data)
Message = f"""```{Data}```"""
except Exception:
Message = f"**Couldn't Find The Recon Data With This Path: {argument}**"
else:
Message = "**Sorry The Path You Added Doesn't Exists On Our Records**"
if len(Message) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as writerHere:
writerHere.write(Message)
writerHere.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"Recon Results: {URL_}")
else:
await ctx.send("**Recon Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f'{Message}')
async def subjack(ctx, *, argument):
global resolvedItems
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
try:
resolvedFile = resolvedItems[argument]
fileStr = randomStrings.Genrate()
except Exception:
await ctx.send(
"**There's no subdomains has been collected for this target. please use** `.subdomains [TARGET]` **Then try again.**"
)
return
await ctx.send(
f"**Scanning {argument} For Possible Subdomains Takeover Issues Using Subjack**"
)
Process = subprocess.Popen(
f"subjack -w data/hosts/{resolvedFile} -t 100 -timeout 30 -o data/subjack/{argument}-{fileStr}.subjack -ssl",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
subjackResults = Process.communicate()[0].decode('UTF-8')
subjackResults = removeColors.Remove(Text=subjackResults)
if subjackResults == '':
await ctx.send(f"**Subjack Couldn't Find Issue On {argument}**")
elif len(subjackResults) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(subjackResults)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"Subjack Results: {URL_}")
else:
await ctx.send("**Subjack Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f"**Subjack Results For {argument}:**")
await ctx.send(f'```{subjackResults}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def subdomains(ctx, *, argument):
global logsItems, resolvedItems
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
'''
Subdomains collections gonna use three tools
subfinder, findomain, assetfinder
it won't use amass until we upgrade the server. if you're a developer
and you want to add amass. i guess you know what todo.
'''
await ctx.send(
f"**Collecting Subdomains For {argument}, Gonna Send You It When It's Done**"
)
# global paths
findomainPath = TOOLS['findomain']
# findomain Subdomains
Process = subprocess.Popen(f"{findomainPath} --target {argument} --quiet",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
findomainResults = Process.communicate()[0].decode('UTF-8')
# assetfinder Subdomains
Process = subprocess.Popen(f"assetfinder --subs-only {argument}",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
assetfinderResults = Process.communicate()[0].decode('UTF-8')
# subfinder Subdomains
Process = subprocess.Popen(f"subfinder -d {argument} -silent",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
subfinderResults = Process.communicate()[0].decode('UTF-8')
# filter duplicates
allSubdomains = findomainResults + assetfinderResults + subfinderResults
allSubdomains = Duplicates.Duplicates(Subdomains=allSubdomains)
allSubdomains = subdomainsFilter.vSubdomains(sList=allSubdomains,
huntingTarget=argument)
# saving subdomains
fileName = randomStrings.Genrate()
resolvedName = randomStrings.Genrate()
currentPath = getcwd()
allSubdomains = '\n'.join(allSubdomains)
with open(f'data/hosts/{resolvedName}', 'w') as subdomainsFile:
subdomainsFile.write(allSubdomains)
subdomainsFile.close()
# add resolved into logs
resolvedParser.resolvedWriter(Target=argument,
fileName=f"{resolvedName}\n")
resolvedItems[argument] = resolvedName
# validate subdomains
Process = subprocess.Popen(
f"cat data/hosts/{resolvedName} | httpx -silent",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
httpxResults = Process.communicate()[0].decode('UTF-8')
# saving httpx results
with open(f'data/subdomains/{fileName}', 'w') as subdomainsFile:
subdomainsFile.write(httpxResults)
subdomainsFile.close()
# add results into logs
logsParser.logsWriter(Target=argument, fileName=fileName)
logsItems[argument] = fileName
# send httpx results
if len(httpxResults) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(httpxResults)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"Httpx Results: {URL_}")
else:
await ctx.send("**Httpx Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f"**Subdomains For {argument}:**")
await ctx.send(f'```{httpxResults}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def trufflehog(ctx, *, argument):
if not CommandInjection.commandInjection(RCE=RCE, argument=argument):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
# URL validation
urlHost = urlparse(argument).netloc
urlScheme = urlparse(argument).scheme
if urlHost != "github.com" and urlHost != "gitlab.com":
await ctx.send(
"**You're trying to scan unallowed URL, please use a github/gitlab URL.**"
)
return
if urlScheme not in ["http", "https"]:
await ctx.send(
"**You're trying to scan unallowed URL, please use a github/gitlab URL.**"
)
return
await ctx.send(
f"**Scanning {argument} for possible data leaks using truffleHog**")
Process = subprocess.Popen(
f"trufflehog --regex --entropy=False {argument}",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
Output = Process.communicate()[0].decode('UTF-8')
Output = removeColors.Remove(Text=Output)
if len(Output) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(Output)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"truffleHog Results: {URL_}")
else:
await ctx.send("**truffleHog Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
elif len(Output) == 0:
await ctx.send(f"**truffleHog couldn't find leaks on: {argument}**")
else:
await ctx.send(f'**truggleHog Results:**')
await ctx.send(f'```{Output}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def smuggler(ctx, *, argument):
global logsItems
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
try:
subdomainsFile = logsItems[argument]
except Exception:
await ctx.send(
"**There's no subdomains has been collected for this target. please use** `.subdomains [TARGET]` **Then try again.**"
)
return
smugglerPath = TOOLS['smuggler']
await ctx.send(
f"**Scanning {argument} For HTTP Request Smuggling Issues Using Smuggler**"
)
if "http:" in argument or "https:" in argument:
Process = subprocess.Popen(
f"echo {argument} | python3 {smugglerPath}/smuggler.py",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
smugglerResults = Process.communicate()[0].decode('UTF-8')
else:
Process = subprocess.Popen(
f"cat data/subdomains/{subdomainsFile} | python3 {smugglerPath}/smuggler.py",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
smugglerResults = Process.communicate()[0].decode('UTF-8')
smugglerResults = removeColors.Remove(Text=smugglerResults)
if len(smugglerResults) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(smugglerResults)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"Smuggler Results: {URL_}")
else:
await ctx.send("**Smuggler Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f"**Smuggler Results For {argument}:**")
await ctx.send(f'```{smugglerResults}```')
await ctx.send(f"\n**- {ctx.message.author}**")
