def start_webfuzz(): '''Start webfuzz function''' output_dir = os.path.abspath('{}/{}'.format(cfg.get().output_dir, 'WEBFUZZ')) scan_all = CFG['GOBUSTER']['SCAN_ALL_WORDLISTS'] gobuster_path = CFG['GOBUSTER']['GOBUSTER_PATH'] gobuster_url_path = CFG['GOBUSTER']['GOBUSTER_URL_PATH'] gobuster_args = CFG['GOBUSTER']['ARGS'] wordlist_dir = os.path.abspath('core/modules/gobuster/wordlists/') cmd = '' if not os.path.exists(output_dir + gobuster_path): os.makedirs(output_dir + gobuster_path) if scan_all == 'Y': for root, dirs, files in os.walk(wordlist_dir): for filename in files: fullpath_file = '{}/{}'.format(wordlist_dir, filename) cmd = "cd {} && ./gobuster dir -u {}{} {} -w {} -k -o {}" \ .format(gobuster_path, cfg.get().url, gobuster_url_path, gobuster_args, fullpath_file, '{}/{}' .format(output_dir, filename)) os.system(cmd) elif scan_all == 'N': GoBusterModule.display_wordlists_filenames(wordlist_dir) print('Select your wordlist number:') number = input() if not number.isdigit(): print('error: you need to select a number') sys.exit(0) wordlist = GoBusterModule.get_selected_wordlist(wordlist_dir, number) print('Selected wordlist: {}'.format(wordlist)) fullpath_file = '{}/{}'.format(wordlist_dir, wordlist) cmd = "cd {} && ./gobuster dir -u {}{} {} -w {} -k -o {}" \ .format(gobuster_path, cfg.get().url, gobuster_url_path, gobuster_args, fullpath_file, '{}/{}' .format(output_dir, wordlist)) answer = 'Y' print('CMD: {}'.format(cmd)) print('Do you want to start it ? (Y/n)') answer = input() if 'Y' in answer or '' in answer: os.system(cmd) else: sys.exit(0) else: print('You need to configure your gobuster options correctly ' \ '(Y or N for the SCAN_ALL_WORDLISTS option)') sys.exit(0)
def start_shodan_scan(): '''Function to start a Shodan scan''' print('Starting a Shodan scan on: {} ...'.format(cfg.get().host)) author = CFG['DEFAULT']['AUTHOR'] output_dir = os.path.abspath('{}/{}'.format(cfg.get().output_dir, 'WORK')) if not os.path.exists(output_dir): os.makedirs(output_dir) ip_address = socket.gethostbyname(cfg.get().host) pdfkit.from_url( 'https://www.shodan.io/host/{}'.format(ip_address), '{}/Shodan_{}.{}.pdf'.format(output_dir, ip_address, author))
def get_ssl_scan(): '''Function to get the pdf file of a SSL Labs scan''' output_dir = '{}/{}'.format(cfg.get().output_dir, 'SSLSCAN') author = CFG['DEFAULT']['AUTHOR'] if not os.path.exists(output_dir): os.makedirs(output_dir) res = requests.Response() res_api = requests.Response() res_api_json = None while res.content is None or 'Please wait...' in str(res.content): print('Please wait, test in progress on SSL Labs...') res_api = requests.get('https://api.dev.ssllabs.com/api/v3/analyze?host={}' .format(cfg.get().host)) res_api_json = json.loads(res_api.content.decode("utf-8")) res = requests.get('https://www.ssllabs.com/ssltest/analyze.html?d={}\ &latest&ignoreMismatch=on&hideResults=on'.format(cfg.get().host)) if res.status_code != 200 or res_api.status_code != 200: raise Exception('SSL Labs is down') time.sleep(15) file = open('{}/SSL-Labs-{}.json'.format(output_dir, cfg.get().host), 'w+') file.write(str(json.dumps(res_api_json, indent=4, sort_keys=True))) file.close() pdfkit.from_url('https://www.ssllabs.com/ssltest/analyze.html?d={}\ &latest&ignoreMismatch=on&hideResults=on' .format(cfg.get().host), '{}/{}-{}.pdf' .format(output_dir, cfg.get().host, author))
def load_config(): '''Load the configuration''' cfg.get().author = CFG['DEFAULT']['AUTHOR'] if ARGS.url.endswith('/'): ARGS.url = ARGS.url[:-1] cfg.get().url = ARGS.url cfg.get().host = ARGS.url.split('//')[-1].split('/')[0] cfg.get().host_without_www = cfg.get().host.replace('www', '') cfg.get().output_dir = 'output/{}'.format(cfg.get().host)
def get_internet_archives(recursively=False): '''Function to get internet archives from the wayback machine''' output_dir = '{}/{}'.format(cfg.get().output_dir, 'WORK') author = CFG['DEFAULT']['AUTHOR'] if not os.path.exists(output_dir): os.makedirs(output_dir) print('Starting an internet archives scan on {}...'.format(cfg.get().host_without_www)) req = requests.get('http://web.archive.org/cdx/search/cdx?url={}*&output=json' .format(cfg.get().host_without_www)) if req.status_code != 200: print('error: Internet Archives API is offline') sys.exit(0) print('Internet Archives API is online') req = json.loads(req.content) print('=== Internet Archives results ===') links = [] if req is None: print('No informations available on the internet archives for: {}' .format(cfg.get().host_without_www)) sys.exit(0) for jobject in req: if jobject[2] not in links and jobject[2] != "original": if str(cfg.get().host_without_www) in jobject[2]: links.append(jobject[2]) print(jobject[2]) if recursively: print('all available links dumped, checking the dumped links...') for node in links: # Pass the incorrect links. try: print('Checking {} ...'.format(node)) req = requests.get(node) soup = BeautifulSoup(req.content, 'html.parser', from_encoding="iso-8859-1") for link in soup.findAll('a', attrs={'href': re.compile("^https?://")}): if data['host_without_www'] in link and link is not links: print(link.get('href')) links.append(link.get('href')) except: pass print('saving the results...') ScanModule.output_array_all_formats(links, '{}/internet-archives_{}.{}' .format(output_dir, cfg.get().host_without_www, author)) print('=================================')
def display_banner(): '''Function to display the ascii art text''' custom_fig = Figlet(font='doom') print(colored(custom_fig.renderText("Pentestor"), 'green')) print(colored('host: %s\r\n' % cfg.get().host, 'cyan'))
def start_wafw00f_scan(): '''Function to start a wafw00f scan''' print('Starting a wafw00f scan on: {} ...'.format(cfg.get().host)) os.system('wafw00f -a {}'.format(cfg.get().url))