def passive_recon(target):
from core.build_menu import buildmenu
menu = { # '#' : ['module', 'description', 'function']
'1':['dig lookup','(DIG SCAN)','dig'],\
'2':['WhoIS lookup','(Gather via Interaction)','whois'],\
'3':['NPING','','nping'],\
'4':['GeoIP Lookup','','getgeoip'],\
'5':['DNS Lookup','','dnschk'],\
'6':['Subdomain Scan','','subdom'],\
'7':['Reverse DNS Lookup','','revdns'],\
'8':['Subnet Enumeration','','subnet'],\
'9':['Reverse IP Lookup','','revip'],\
'10':['IP History','','iphistory'],\
'11':['Page Links','','links'],\
'12':['Google Search','','gsearch'],\
'13':['Google Dorker','','googledorker'],\
'14':['Wayback Machine','','webarchive'],\
'15':['Hacked Email Check','','hackedmail'],\
'16':['Mail to Domain','','mailtodom'],\
'17':['Google Groups Enum','','googlegroups'],\
'18':['Check Username','','checkuser'],\
'19':['PasteBin Posts','','pastebin'],\
'20':['LinkedIn Gathering','','linkedin'],\
'21':['Google Plus Gathering','','googlenum'],\
'22':['Public Contact Info','','getconinfo'],\
'23':['CENSYS Gathering','','censysdom'],\
'24':['Threat Intel Gathering','','threatintel'],\
}
buildmenu(target, menu, 'Passive Reconnaissance & OSINT', '') # build menu
def windows_enum(target):
from core.build_menu import buildmenu
print('MENU 3')
menu = { # '#' : ['module', 'description', 'function']
'1':['enum4linux','(SMB Enumeration)','enum4linux'],\
}
buildmenu(target, menu, 'Windows Enumeration', '') # build menu
def settings(info):
hosts = []
emails = []
usernames = []
queries = []
for host in info.hosts:
hosts.append(host.full_url)
for email in info.emails:
emails.append(email)
for user in info.usernames:
usernames.append(user)
for query in info.queries:
queries.append(query)
settings_menu = [ # '#' : ['module', 'description', 'function']
['Add host',str(hosts),'core.settings','add_host'],\
['Add email',str(emails),'core.settings','add_email'],\
['Add username',str(usernames),'core.settings','add_username'],\
['Add query',str(queries),'core.settings','add_query'],\
# '5':['xxxx','xxx','xxx'],\
# '6':['xxxx','xxx','xxx'],\
# '7':['xxxx','xxx','xxx'],\
# '8':['xxxx','xxx','xxx'],\
# '9':['xxxx','xxx','xxx'],\
# '10':['xxxx','xxx','xxx'],\
# '11':['xxxx','xxx','xxx'],\
# '12':['xxxx','xxx','xxx'],\
# '13':['xxxx','xxx','xxx'],\
# '14':['xxxx','xxx','xxx'],\
# '15':['xxxx','xxx','xxx'],\
]
info.settings_menu = settings_menu
buildmenu(info, settings_menu, 'Settings', '')
def multi(func,tgt):
from core.build_menu import buildmenu
tasks_to_accomplish.put(str(func))
# creating processes
#for w in range(NUM_WORKERS):
#p = Process(target=do_job, args=(func,tgt,tasks_to_accomplish, tasks_that_are_done))
p = Process(target=do_job, args=(func,tgt))
processes.append(p)
print(color.green('INFO: Starting '+tgt[0].module+':'+tgt[0].lvl1+':'+tgt[0].lvl2+':' +tgt[0].lvl3) + '\n')
p.start()
buildmenu(tgt,tgt[0].main_menu,'Main Menu','')
# completing process
for p in processes:
p.join()
# print the output
# while not tasks_that_are_done.empty():
# print(tasks_that_are_done.get())
return True
def robot(target):
from core.build_menu import buildmenu
for host in target:
host.lvl2=inspect.stack()[0][3]
host.lvl3=''
if '//' in host.name:
site = host.name
else:
site = 'https://'+host.name
url = site + '/robots.txt'
print(' [!] Testing for robots.txt...\n')
try:
resp = requests.get(url).text
m = str(resp)
print(color.yellow(' [+] Robots.txt found!'))
print(color.green(' [*] Saving contents of robots.txt...'))
data = m
save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3, host.name, str(data))
#print(m)
except:
print(color.red(' [-] Robots.txt not found'))
print(' [!] Testing for sitemap.xml...\n')
url0 = site + '/sitemap.xml'
try:
resp = requests.get(url0).text
m = str(resp)
print(color.yellow(' [+] Sitemap.xml found!'))
print(color.green(' [*] Saving contents of sitemap.xml'))
data=m
save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3, host.name, str(data))
except:
print(color.red(' [-] Sitemap.xml not found'))
time.sleep(2)
buildmenu(target,target[0].main_menu,'Main Menu','')
def recon(target):
from core.build_menu import buildmenu
menu = { # '#' : ['module', 'description', 'function']
'1':['Passive Reconnaissance','(Open Source Intelligence)','passive_recon'],\
'2':['Active Reconnaissance','(Gather via Interaction)','active_recon'],\
'3':['Information Disclosure','(Errors, Emails, etc)','info_disclosure'],\
}
buildmenu(target, menu, 'Reconnaissance & OSINT', '') # build menu
def vulnysis(target):
from core.build_menu import buildmenu
menu = { # '#' : ['module', 'description', 'function']
'1':['Basic Bugs & Misconfigurations','(Low Priority [P0x3-P0x4])','xxx'],\
'2':['Critical Vulnerabilities','(High Priority [P0x1-P0x2])','xxx'],\
'3':['Others','(Bruter Force Tools)','xxx'],\
}
buildmenu(target, menu, 'Vulnerability Analysis', '') # build menu
def exploitation(target):
from core.build_menu import buildmenu
menu = { # '#' : ['module', 'description', 'function']
'1':['Exploitation1','Exploits!','xxx'],\
'2':['xxx','xxx','xxx'],\
'3':['xxx','xxx','xxx'],\
}
buildmenu(target, menu, 'Exploitation', '') # build menu
def post_exploitation(target):
from core.build_menu import buildmenu
menu = { # '#' : ['module', 'description', 'function']
'1':['Generate Hashes','','hashes'],\
'2':['Encode Strings','','encodeall'],\
'3':['Extract Metadata','','imgext'],\
'4':['Honeypot Detector','','honeypot'],\
}
buildmenu(target, menu, 'Post Exploitation', '') # build menu
def nikto_help(target):
from core.build_menu import buildmenu
nikto_help = subprocess('nikto -H', shell=True)
print(" " + color.custom('[B] Back', bold=True, white=True, bg_red=True) +
'\n')
buildmenu(target, target[0].last_menu, '', '')
def info_disclosure(target):
from core.build_menu import buildmenu
menu = { # '#' : ['module', 'description', 'function']
'1':['Credit Card Enumeration','(If disclosed in plain text)','creditcards'],\
'2':['Extract All Emails','(Absolute)','emailext'],\
'3':['Enumerate Errors + FPD','(Includes Full Path Disclosure)','errors'],\
'4':['Internal IP disclosure','(Find out any leaks of internal IP addresses)','internalip'],\
'5':['Extract out all Phone Numbers','(If plaintext disclosure)','phone'],\
'6':['Extract out all Social Security Numbers','(US Based)','ssn']
}
buildmenu(target, menu, 'Information Disclosure', '') # build menu
def threat():
while True:
try:
host = '1.1.1.1' # DEBUG: temp value
current_menu = menu
last_menu = menu
target.append(Target(host, current_menu, last_menu, menu))
buildmenu(target, menu, 'Main Menu', '')
except KeyboardInterrupt:
print("Keyboard interrupted")
finally:
sys.exit()
def creditcards(target):
from core.build_menu import buildmenu
for host in target:
host.lvl2 = inspect.stack()[0][3]
host.lvl3 = ''
credit0x00(host)
try:
input(
color.blue(' [#] Press') + color.red(' Enter ') +
color.blue('to continue... \n'))
buildmenu(target, target[0].main_menu, 'Main Menu', '')
except EOFError as e:
buildmenu(target, target[0].main_menu, 'Main Menu', '')
return
def build_db_menu(a_list, b_list, selection, target):
from core.build_menu import buildmenu
if selection == "None":
build_banner("Access Data")
else:
build_banner(query_list[-1])
while True:
ctr = 0
while ctr < len(a_list):
if "Data" in selection.values():
print(
color.green(' [' + str(ctr + 1) + '] ') +
color.blue(str(a_list[ctr])))
elif b_list != "None":
print(
color.green(' [' + str(ctr + 1) + '] ') +
color.blue(b_list[ctr]))
else:
print(
color.green(' [' + str(ctr + 1) + '] ') +
color.blue(a_list[ctr]))
ctr += 1
if selection != "None":
print(higher_menu_exit_message)
print(main_exit_message)
cmd = input(input_cursor)
if cmd.lower() == "m":
found = True
buildmenu(target, target[0].main_menu, 'Main Menu', '')
elif cmd == "0":
del query_list[-1]
return cmd
elif int(cmd) <= len(a_list):
query_list.append(a_list[int(cmd) - 1])
if selection == "None":
return a_list[int(cmd) - 1]
elif selection[a_list[int(cmd) - 1]] == "Data":
query_db(query_list)
del query_list[-1]
else:
return a_list[int(cmd) - 1]
else:
print(error_message)
def hackertarget(target):
from core.build_menu import buildmenu
site = 'https://api.hackertarget.com/'
options = ['mtr','nping','dnslookup','reversedns','whois','geoip','reverseiplookup',\
'httpheaders','pagelinks','aslookup']
description=['Access to the MTR Traceroute API','Access to the on-line Test Ping API',\
'Access to the DNS Lookup API','Access to the Reverse DNS Lookup API',\
'Access to the Whois Lookup API','Access to the GeoIP Lookup API',\
'Access to the Reverse IP Lookup API','Access to the HTTP Headers API',\
'Access to the Page Links API','Access to the AS Lookup API']
print(
color.green(
" [*] Finding HackerTarget.com information. This will take approximately 20 seconds ...\n"
))
for host in target:
host.lvl2 = inspect.stack()[0][3]
host.lvl3 = ''
i = 0
for option in options:
try:
print(
color.green(' [#] Checking: ') +
color.yellow(description[i]))
url = site + option + '/?q=' + host.ip.replace(
'http://', '').replace('https://', '')
check = requests.get(url)
time.sleep(.5) # max query is 3 per second or you get blocked
if check.status_code == 200:
data = check.text
save_data(host.database, host.module, host.lvl1, host.lvl2,
host.lvl3, host.name, str(data))
else:
print(
color.red(' [-] Did not find any info about domain ') +
color.yellow(host.name))
print(color.red(' [+] Try with another one...'))
except Exception as e:
pass
print(color.red(' [-] Encountered Exception : ' + str(e)))
i = i + 1
# return to main menu
buildmenu(target, target[0].main_menu, 'Main Menu', '')
def active_recon(target):
from core.build_menu import buildmenu
menu = { # '#' : ['module', 'description', 'function']
'1':['Ping/NPing Enumeration','xxx','piwebenum'],\
'2':['Grab HTTP Headers','xxx','grabhead'],\
'3':['HTTP Allowed Methods','xxx','httpmethods'],\
'4':['robots.txt and sitemap.xml Hunt','xxx','robot'],\
'5':['Scrape Comments','xxx','commentssrc'],\
'6':['Traceroute','xxx','traceroute'],\
'7':['DNS Hosts','xxx','sharedns'],\
'8':['SSL Certificate','xxx','sslcert'],\
'9':['CMS Detection','xxx','cms'],\
'10':['Apache Status','xxx','apachestat'],\
'11':['WebDAV HTTP Enumeration','xxx','dav'],\
'12':['PHPInfo Enumeration','xxx','phpinfo'],\
'13':['Server Detection','xxx','serverdetect'],\
'14':['Alternate Sites','xxx','altsites'],\
'15':['File Bruteforcers','xxx','filebrute'],\
}
buildmenu(target, menu, 'Active Reconnaissance', '') # build menu
def photon_menu(target):
from core.build_menu import buildmenu
photon_site = target[0].ip if not target[0].website else target[0].website
photon_options = ''
target_website = photon_site if photon_site else target[0].website
if 'https://' not in target_website:
target_website = 'https://' + target_website
target_options = photon_options if photon_options else target[0].options_str
target_run_file = target[0].run_file
display_cmd_str = 'photon -u ' + target_website + ' ' + target_options
current_cmd_str = 'python3 ' + target_run_file + ' -u ' + target_website + ' ' + target_options
for host in target:
# host.module = 'ScanANDEnum'
# host.lvl1 = 'Scanning & Enumeration'
host.help = 'python3 lib/Photon/photon.py'
host.lvl2 = 'Crawler'
host.lvl3 = 'Photon'
host.run_file = './lib/Photon/photon.py'
photon_site = host.website
photon_options = host.options_str
host.cmd_str = current_cmd_str
menu = { # '#' : ['module', 'description', 'function']
'1':['Update Target Website',target_website,'photon_website'],\
'2':['Update Command Options',target_options,'photon_options'],\
'3':['Run Photon','(Run Current Crawler Command)','photon_run'],\
}
display_cmd = '\n' + '-'*55 + '\n' + color.green('Current Photon Command: \n') + color.red(display_cmd_str) + '\n' + '-'*55
print(display_cmd)
buildmenu(target,menu,'Photon Scan Configuration','')
def nikto_menu(target):
from core.build_menu import buildmenu
nikto_ip = ''
nikto_ports = target[0].port or ''
nikto_options = ''
target_ip = nikto_ip if nikto_ip else target[0].ip
target_ports = nikto_ports if nikto_ports else target[0].port
target_options = nikto_options if nikto_options else target[0].options_str
current_cmd_str = 'nikto -h ' + target_ip + ' -p ' + target_ports + ' ' + target_options
for host in target:
host.help = 'nikto'
host.lvl2 = 'Nikto'
if host.port == '':
host.port = '80'
nikto_ip = host.ip
nikto_ports = host.port
nikto_options = host.options_str
host.cmd_str = current_cmd_str
menu = { # '#' : ['module', 'description', 'function']
'1':['Update Target IP',target_ip,'nikto_ip'],\
'2':['Update Target Port(s)',target_ports,'nikto_port'],\
'3':['Update Command Options',target_options,'nikto_add_options'],\
'4':['Run Nikto','(Run Current Nikto Command)','nikto'],\
}
current_cmd = '\n' + '-' * 55 + '\n' + color.green(
'Current nikto Command: \n') + color.red(
current_cmd_str) + '\n' + '-' * 55
print(current_cmd)
buildmenu(target, menu, 'Nikto Scan Configuration', '')
def hashes(target):
from core.build_menu import buildmenu
for host in target:
host.lvl2 = inspect.stack()[0][3]
host.lvl3 = ''
try:
message = input('\n [#] Enter the string to hash:> ')
print(color.green(' [+] Generating hashes...'))
md5 = hashlib.md5()
md5.update(message.encode('utf-8'))
sha1 = hashlib.sha1()
sha1.update(message.encode('utf-8'))
sha224 = hashlib.sha224()
sha224.update(message.encode('utf-8'))
sha256 = hashlib.sha256()
sha256.update(message.encode('utf-8'))
sha384 = hashlib.sha384()
sha384.update(message.encode('utf-8'))
sha512 = hashlib.sha512()
sha512.update(message.encode('utf-8'))
print(color.green(" [+] MD5 Hash : ") + color.yellow(md5.hexdigest()))
save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3,
host.name, str(md5.hexdigest()))
print(
color.green(" [+] SHA1 Hash : ") + color.yellow(sha1.hexdigest()))
save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3,
host.name, str(sha1.hexdigest()))
print(
color.green(" [+] SHA224 Hash : ") +
color.yellow(sha224.hexdigest()))
save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3,
host.name, str(sha224.hexdigest()))
print(
color.green(" [+] SHA256 Hash : ") +
color.yellow(sha256.hexdigest()))
save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3,
host.name, str(sha256.hexdigest()))
print(
color.green(" [+] SHA384 Hash : ") +
color.yellow(sha384.hexdigest()))
save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3,
host.name, str(sha384.hexdigest()))
print(
color.green(" [+] SHA512 Hash : ") +
color.yellow(sha512.hexdigest()))
save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3,
host.name, str(sha512.hexdigest()))
except EOFError as e:
#os.system('clear')
print(e)
st = input(
color.blue(' [#] Press') + color.red(' Enter ') +
color.blue('to continue... '))
buildmenu(target, target[0].main_menu, 'Main Menu', '')
def encodeall(info):
from core.build_menu import buildmenu
try:
st = input(
color.yellow(' [-] Enter a string to be encoded/decoded :> '))
m64 = base64.b64encode(st.encode())
data = m64.decode()
print(
color.green(' [+] Base64 Encoded String : ') + color.yellow(data))
#save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3, host.name, str(data))
except Exception as e:
pass
try:
m32 = base64.b32encode(st.encode())
data = m32.decode()
print(
color.green(' [+] Base32 Encoded String : ') + color.yellow(data))
#save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3, host.name, str(data))
except Exception as e:
pass
try:
m16 = base64.b16encode(st.encode())
data = m16.decode()
print(
color.green(' [+] Base16/Hex Encoded String : ') +
color.yellow(data))
#save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3, host.name, str(data))
except Exception as e:
print(color.red(" [-] Caught Exception : " + str(e)))
try:
m64d = base64.b64decode(st.encode())
data = m64d.decode()
print(color.red(' [+] Base64 Decoded String : ') + color.white(data))
#save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3, host.name, str(data))
except Exception as e:
pass
try:
m32d = base64.b32decode(st.encode())
data = m32d.decode()
print(color.red(' [+] Base32 Decoded String : ') + color.white(data))
#save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3, host.name, str(data))
except Exception as e:
pass
try:
m16d = base64.b16decode(st.encode())
data = m16d.decode()
print(
color.red(' [+] Base16/Hex Decoded String : ') + color.white(data))
#save_data(host.database, host.module, host.lvl1, host.lvl2, host.lvl3, host.name, str(data))
except Exception as e:
pass
try:
data = urllib.parse.quote(st, safe='')
print(color.green(' [+] URL Encoded String : ') + color.yellow(data))
data = urllib.parse.quote_plus(st, safe='')
print(
color.green(' [+] URL plus Encoded String : ') +
color.yellow(data))
except Exception as e:
pass
try:
data = urllib.parse.unquote(st)
print(color.green(' [+] URL Decoded String : ') + color.yellow(data))
data = urllib.parse.unquote_plus(st)
print(
color.green(' [+] URL plus Decoded String : ') +
color.yellow(data))
except Exception as e:
pass
# more types of encoding still need added
# encod = ''
# stri = list(st)
# for i in stri:
# encod = encod + escape(i)
# print(color.green(' [+] Encoded String : ')+color.yellow(encod))
# m = st.encode('base64', 'strict')
# print(color.green(' [+] Encoded String : ')+color.yellow(m))
# m = st.encode('hex', 'strict')
# print(color.green(' [+] Encoded String : ')+color.yellow(m))
# result = []
# for char in st:
# result.append('\%o' % ord(char))
# print(color.green(' [+] Octal Encoded String : ')+color.yellow(str(''.join(result))))
# m = ''.join(format(ord(x),'b') for x in st)
# print(color.green(' [+] Encoded String : ')+color.yellow(m))
# m = st.encode('zlib','strict')
# print(color.green(' [+] Encoded String : ')+color.yellow(m))
st = input(
color.blue(' [#] Press') + color.red(' Enter ') +
color.blue('to continue... '))
buildmenu(info, info.main_menu, 'Main Menu', '')
