def begin(self, report):
global _domaincheck_available
if not _domaincheck_available:
report.add_error('Module domaincheck not available')
else:
if not sslv2_available:
report.add_warning(
'Unable to test for SSLv2 (most likely due to OpenSSL compiled without SSLv2 support)'
)
self.main_domain = self.get_domain(self.sitecheck.session.domain)
self.domains.append(self.main_domain)
check_domains = set()
for domain in self.domains:
d = self.get_domain(domain, True)
check_domains.add(d)
if d != self.main_domain:
url = 'http://{0}'.format(d)
req = self._create_request(url, url)
req.modules = [self]
self.sitecheck.request_queue.put(req)
self.domains = list(check_domains)
def begin(self, report):
global _domaincheck_available
if not _domaincheck_available:
report.add_error('Module domaincheck not available')
else:
if not sslv2_available:
report.add_warning('Unable to test for SSLv2 (most likely due to OpenSSL compiled without SSLv2 support)')
self.main_domain = self.get_domain(self.sitecheck.session.domain)
self.domains.append(self.main_domain)
check_domains = set()
for domain in self.domains:
d = self.get_domain(domain, True)
check_domains.add(d)
if d != self.main_domain:
url = 'http://{0}'.format(d)
req = self._create_request(url, url)
req.modules = [self]
self.sitecheck.request_queue.put(req)
self.domains = list(check_domains)
def process(self, request, response, report):
if request.source == self.name:
err = False
if response.status >= 500:
err = True
report.add_warning('Possible SQL injection')
elif self.xss.search(response.content):
err = True
report.add_warning('Possible XSS')
if 'vector' in request.meta and err:
if request.meta['vector'] == 'post_data':
report.add_message('Post data: {0}'.format(
request.post_data))
elif request.meta['vector'] == 'headers':
report.add_message('Request headers: {0}'.format(
request.headers))
elif response.is_html and response.status < 500:
# Don't attack error pages - can't tell if it worked without matching against known database error text
doc = HtmlHelper(response.content)
for atk in self.attacks:
if self.quick:
self._inject_all(request, doc, atk)
else:
self._inject_each(request, doc, atk)
def begin(self, report):
if hasattr(self.sitecheck.session, 'check_for_updates') and self.sitecheck.session.check_for_updates:
try:
settings = urllib.request.urlopen('http://www.site-check.co.uk/search-engines.js').read().decode('utf-8')
ss = StringIO(settings)
sd = json.load(ss)
except:
report.add_warning('Update check failed - please notify: [email protected]')
else:
self.engine_parameters = sd
for k in self.engine_parameters:
self.engine_parameters[k][1] = re.compile(self.engine_parameters[k][1], re.IGNORECASE)
self.domain = urllib.parse.urlparse(self.sitecheck.session.domain).netloc
dp = self.sitecheck.session.domain[self.sitecheck.session.domain.find(self.domain):]
self.link = re.compile('"(https?://{0}[^"]*)"'.format(re.escape(dp), re.IGNORECASE))
if not self.engines:
self.engines = list(self.engine_parameters.keys())
for ei in range(len(self.engines)):
se = self.engines[ei]
if se in self.engine_parameters:
e = self.engine_parameters[se]
e.extend([0, e[3]]) # Total results, current result offset
url = e[0].format(domain=self.domain, index=e[3])
req = self._create_request(url, se)
req.modules = [self]
req.verb = 'GET' # Otherwise it will be set to HEAD as it is on another domain
self.sitecheck.request_queue.put(req)
else:
report.add_error('Unknown search engine: [{0}]'.format(se))
self.engines.pop(ei)
def process(self, request, response, report):
check = False
with self.sync_lock:
if request.domain in self.domains:
self.domains.remove(request.domain)
check = True
if check:
self._check(request.domain, report)
if request.source == self.name and not request.domain == self.main_domain:
report.add_warning('Not redirecting to main domain')
def process(self, request, response, report):
check = False
with self.sync_lock:
if request.domain in self.domains:
self.domains.remove(request.domain)
check = True
if check:
self._check(request.domain, report)
if request.source == self.name and not request.domain == self.main_domain:
report.add_warning('Not redirecting to main domain')
def begin(self, report):
if hasattr(self.sitecheck.session, 'check_for_updates'
) and self.sitecheck.session.check_for_updates:
try:
settings = urllib.request.urlopen(
'http://www.site-check.co.uk/search-engines.js').read(
).decode('utf-8')
ss = StringIO(settings)
sd = json.load(ss)
except:
report.add_warning(
'Update check failed - please notify: [email protected]'
)
else:
self.engine_parameters = sd
for k in self.engine_parameters:
self.engine_parameters[k][1] = re.compile(
self.engine_parameters[k][1], re.IGNORECASE)
self.domain = urllib.parse.urlparse(
self.sitecheck.session.domain).netloc
dp = self.sitecheck.session.domain[self.sitecheck.session.domain.
find(self.domain):]
self.link = re.compile('"(https?://{0}[^"]*)"'.format(
re.escape(dp), re.IGNORECASE))
if not self.engines:
self.engines = list(self.engine_parameters.keys())
for ei in range(len(self.engines)):
se = self.engines[ei]
if se in self.engine_parameters:
e = self.engine_parameters[se]
e.extend([0, e[3]]) # Total results, current result offset
url = e[0].format(domain=self.domain, index=e[3])
req = self._create_request(url, se)
req.modules = [self]
req.verb = 'GET' # Otherwise it will be set to HEAD as it is on another domain
self.sitecheck.request_queue.put(req)
else:
report.add_error('Unknown search engine: [{0}]'.format(se))
self.engines.pop(ei)
def process(self, request, response, report):
if request.source == self.name:
err = False
if response.status >= 500:
err = True
report.add_warning('Possible SQL injection')
elif self.xss.search(response.content):
err = True
report.add_warning('Possible XSS')
if 'vector' in request.meta and err:
if request.meta['vector'] == 'post_data':
report.add_message('Post data: {0}'.format(request.post_data))
elif request.meta['vector'] == 'headers':
report.add_message('Request headers: {0}'.format(request.headers))
elif response.is_html and response.status < 500:
# Don't attack error pages - can't tell if it worked without matching against known database error text
doc = HtmlHelper(response.content)
for atk in self.attacks:
if self.quick:
self._inject_all(request, doc, atk)
else:
self._inject_each(request, doc, atk)
def _check(self, domain, report):
today = datetime.date.today()
try:
d = DomainInfo(domain)
except gaierror:
report.add_warning('Domain not found: {0}'.format(domain))
return
if not domain == self.main_domain:
url = 'http://www.{0}/'.format(domain)
req = self._create_request(url, url)
req.modules = [self]
self.sitecheck.request_queue.put(req)
report.add_message('Nameservers:')
for ns in d.name_servers:
report.add_message('\t{0}'.format(ns))
if d.zone_transfer:
report.add_message('Zone Transfer Permitted')
if type(d.domain_expiry) == datetime.date:
rem = (d.domain_expiry - today).days
if rem < 0:
report.add_message('Domain expired {0}'.format(
d.domain_expiry))
else:
report.add_message('Domain expires in {0} days'.format(rem))
elif d.domain_expiry:
report.add_message('Domain expires on: {0}'.format(
d.domain_expiry))
else:
report.add_warning('Unable to determine domain expiry date')
if d.spf:
report.add_message('SPF: {0}'.format(d.spf))
else:
report.add_warning('No SPF record found')
report.add_message('Hosts:')
for host in d.hosts:
h = d.hosts[host]
report.add_message('\t{0}'.format(h.address))
if h.name:
report.add_message('\t\tReverse DNS: {0}'.format(h.name))
else:
report.add_warning('\t\t No reverse DNS')
report.add_message('\t\tRecords: {0}'.format(', '.join(h.records)))
if h.cert_expiry:
rem = (h.cert_expiry - today).days
if rem < 0:
report.add_message('\t\tCertificate expired {0}'.format(
h.cert_expiry))
else:
report.add_message(
'\t\tCertificate expires in {0} days'.format(rem))
if h.sslv2:
report.add_warning('\t\tInsecure ciphers supported')
if self.relay:
relay, failed = test_relay(h.address, port=25)
if relay:
for f in failed:
report.add_warning(
'\t\tPossible open relay (port 25): {0} -> {1}'.
format(f[0], f[1]))
relay, failed = test_relay(h.address, port=587)
if relay:
for f in failed:
report.add_warning(
'\t\tPossible open relay (port 587): {0} -> {1}'.
format(f[0], f[1]))
def _check(self, domain, report):
today = datetime.date.today()
try:
d = DomainInfo(domain)
except gaierror:
report.add_warning('Domain not found: {0}'.format(domain))
return
if not domain == self.main_domain:
url = 'http://www.{0}/'.format(domain)
req = self._create_request(url, url)
req.modules = [self]
self.sitecheck.request_queue.put(req)
report.add_message('Nameservers:')
for ns in d.name_servers:
report.add_message('\t{0}'.format(ns))
if d.zone_transfer:
report.add_message('Zone Transfer Permitted')
if type(d.domain_expiry) == datetime.date:
rem = (d.domain_expiry - today).days
if rem < 0:
report.add_message('Domain expired {0}'.format(d.domain_expiry))
else:
report.add_message('Domain expires in {0} days'.format(rem))
elif d.domain_expiry:
report.add_message('Domain expires on: {0}'.format(d.domain_expiry))
else:
report.add_warning('Unable to determine domain expiry date')
if d.spf:
report.add_message('SPF: {0}'.format(d.spf))
else:
report.add_warning('No SPF record found')
report.add_message('Hosts:')
for host in d.hosts:
h = d.hosts[host]
report.add_message('\t{0}'.format(h.address))
if h.name:
report.add_message('\t\tReverse DNS: {0}'.format(h.name))
else:
report.add_warning('\t\t No reverse DNS')
report.add_message('\t\tRecords: {0}'.format(', '.join(h.records)))
if h.cert_expiry:
rem = (h.cert_expiry - today).days
if rem < 0:
report.add_message('\t\tCertificate expired {0}'.format(h.cert_expiry))
else:
report.add_message('\t\tCertificate expires in {0} days'.format(rem))
if h.sslv2:
report.add_warning('\t\tInsecure ciphers supported')
if self.relay:
relay, failed = test_relay(h.address, port=25)
if relay:
for f in failed:
report.add_warning('\t\tPossible open relay (port 25): {0} -> {1}'.format(f[0], f[1]))
relay, failed = test_relay(h.address, port=587)
if relay:
for f in failed:
report.add_warning('\t\tPossible open relay (port 587): {0} -> {1}'.format(f[0], f[1]))