def start_webfuzz():
'''Start webfuzz function'''
output_dir = os.path.abspath('{}/{}'.format(cfg.get().output_dir, 'WEBFUZZ'))
scan_all = CFG['GOBUSTER']['SCAN_ALL_WORDLISTS']
gobuster_path = CFG['GOBUSTER']['GOBUSTER_PATH']
gobuster_url_path = CFG['GOBUSTER']['GOBUSTER_URL_PATH']
gobuster_args = CFG['GOBUSTER']['ARGS']
wordlist_dir = os.path.abspath('core/modules/gobuster/wordlists/')
cmd = ''
if not os.path.exists(output_dir + gobuster_path):
os.makedirs(output_dir + gobuster_path)
if scan_all == 'Y':
for root, dirs, files in os.walk(wordlist_dir):
for filename in files:
fullpath_file = '{}/{}'.format(wordlist_dir, filename)
cmd = "cd {} && ./gobuster dir -u {}{} {} -w {} -k -o {}" \
.format(gobuster_path, cfg.get().url, gobuster_url_path,
gobuster_args, fullpath_file, '{}/{}'
.format(output_dir, filename))
os.system(cmd)
elif scan_all == 'N':
GoBusterModule.display_wordlists_filenames(wordlist_dir)
print('Select your wordlist number:')
number = input()
if not number.isdigit():
print('error: you need to select a number')
sys.exit(0)
wordlist = GoBusterModule.get_selected_wordlist(wordlist_dir, number)
print('Selected wordlist: {}'.format(wordlist))
fullpath_file = '{}/{}'.format(wordlist_dir, wordlist)
cmd = "cd {} && ./gobuster dir -u {}{} {} -w {} -k -o {}" \
.format(gobuster_path, cfg.get().url, gobuster_url_path,
gobuster_args, fullpath_file, '{}/{}'
.format(output_dir, wordlist))
answer = 'Y'
print('CMD: {}'.format(cmd))
print('Do you want to start it ? (Y/n)')
answer = input()
if 'Y' in answer or '' in answer:
os.system(cmd)
else:
sys.exit(0)
else:
print('You need to configure your gobuster options correctly ' \
'(Y or N for the SCAN_ALL_WORDLISTS option)')
sys.exit(0)
def start_shodan_scan():
'''Function to start a Shodan scan'''
print('Starting a Shodan scan on: {} ...'.format(cfg.get().host))
author = CFG['DEFAULT']['AUTHOR']
output_dir = os.path.abspath('{}/{}'.format(cfg.get().output_dir,
'WORK'))
if not os.path.exists(output_dir):
os.makedirs(output_dir)
ip_address = socket.gethostbyname(cfg.get().host)
pdfkit.from_url(
'https://www.shodan.io/host/{}'.format(ip_address),
'{}/Shodan_{}.{}.pdf'.format(output_dir, ip_address, author))
def get_ssl_scan():
'''Function to get the pdf file of a SSL Labs scan'''
output_dir = '{}/{}'.format(cfg.get().output_dir, 'SSLSCAN')
author = CFG['DEFAULT']['AUTHOR']
if not os.path.exists(output_dir):
os.makedirs(output_dir)
res = requests.Response()
res_api = requests.Response()
res_api_json = None
while res.content is None or 'Please wait...' in str(res.content):
print('Please wait, test in progress on SSL Labs...')
res_api = requests.get('https://api.dev.ssllabs.com/api/v3/analyze?host={}'
.format(cfg.get().host))
res_api_json = json.loads(res_api.content.decode("utf-8"))
res = requests.get('https://www.ssllabs.com/ssltest/analyze.html?d={}\
&latest&ignoreMismatch=on&hideResults=on'.format(cfg.get().host))
if res.status_code != 200 or res_api.status_code != 200:
raise Exception('SSL Labs is down')
time.sleep(15)
file = open('{}/SSL-Labs-{}.json'.format(output_dir, cfg.get().host), 'w+')
file.write(str(json.dumps(res_api_json, indent=4, sort_keys=True)))
file.close()
pdfkit.from_url('https://www.ssllabs.com/ssltest/analyze.html?d={}\
&latest&ignoreMismatch=on&hideResults=on'
.format(cfg.get().host), '{}/{}-{}.pdf'
.format(output_dir, cfg.get().host, author))
def load_config():
'''Load the configuration'''
cfg.get().author = CFG['DEFAULT']['AUTHOR']
if ARGS.url.endswith('/'):
ARGS.url = ARGS.url[:-1]
cfg.get().url = ARGS.url
cfg.get().host = ARGS.url.split('//')[-1].split('/')[0]
cfg.get().host_without_www = cfg.get().host.replace('www', '')
cfg.get().output_dir = 'output/{}'.format(cfg.get().host)
def get_internet_archives(recursively=False):
'''Function to get internet archives from the wayback machine'''
output_dir = '{}/{}'.format(cfg.get().output_dir, 'WORK')
author = CFG['DEFAULT']['AUTHOR']
if not os.path.exists(output_dir):
os.makedirs(output_dir)
print('Starting an internet archives scan on {}...'.format(cfg.get().host_without_www))
req = requests.get('http://web.archive.org/cdx/search/cdx?url={}*&output=json'
.format(cfg.get().host_without_www))
if req.status_code != 200:
print('error: Internet Archives API is offline')
sys.exit(0)
print('Internet Archives API is online')
req = json.loads(req.content)
print('=== Internet Archives results ===')
links = []
if req is None:
print('No informations available on the internet archives for: {}'
.format(cfg.get().host_without_www))
sys.exit(0)
for jobject in req:
if jobject[2] not in links and jobject[2] != "original":
if str(cfg.get().host_without_www) in jobject[2]:
links.append(jobject[2])
print(jobject[2])
if recursively:
print('all available links dumped, checking the dumped links...')
for node in links:
# Pass the incorrect links.
try:
print('Checking {} ...'.format(node))
req = requests.get(node)
soup = BeautifulSoup(req.content, 'html.parser', from_encoding="iso-8859-1")
for link in soup.findAll('a', attrs={'href': re.compile("^https?://")}):
if data['host_without_www'] in link and link is not links:
print(link.get('href'))
links.append(link.get('href'))
except:
pass
print('saving the results...')
ScanModule.output_array_all_formats(links, '{}/internet-archives_{}.{}'
.format(output_dir, cfg.get().host_without_www, author))
print('=================================')
def display_banner():
'''Function to display the ascii art text'''
custom_fig = Figlet(font='doom')
print(colored(custom_fig.renderText("Pentestor"), 'green'))
print(colored('host: %s\r\n' % cfg.get().host, 'cyan'))
def start_wafw00f_scan():
'''Function to start a wafw00f scan'''
print('Starting a wafw00f scan on: {} ...'.format(cfg.get().host))
os.system('wafw00f -a {}'.format(cfg.get().url))