def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) ############################ self.version = 1 self.author = ['VinaKid'] self.description = 'Get subdomain and email' self.detailed_description = \ '\tModule is using to get subdomain and email of domains\n' + \ ' by bruteforce subdomain or from search engineer\n' +\ ' $ w2a > set DOMAIN google,bing,yahoo\n' +\ ' $ w2a > unset DOMAIN\n' +\ ' $ w2a > set DOMAINLIST [path to domain list])\n' +\ '- Option TYPE: speed\n' +\ '- Option SUBLIST: path of subdomain list is using to bruteforce subdomain\n' ############################ self.options.add_string('DOMAIN', 'Target domain (support: domain1,domain2...)', False) self.options.add_string( 'SEARCHER', 'Select search enginee: google, bing, yahoo, baidu, exalead, all', default='google', complete=['google', 'bing', 'yahoo', 'baidu', 'exalead', 'all']) self.options.add_integer('LIMIT', 'Set limit search', default=1000) self.options.add_string('TYPE', 'Type scan(fast, nomal , slow)', default='slow', complete=['fast', 'nomal', 'slow']) self.options.add_integer('DELAY', 'Delay time', default=1) self.options.add_boolean('MULTITHREADS', 'Get subdomain and email with multithreading', default=False) self.options.add_path('SUBLIST', 'Bruteforce subdomain list', False, default=CONFIG.DATA_PATH + '/dict/subdomain.vn') ############################ self.advanced_options.add_integer('THREADS', 'Thread bruteforce', default=5) self.advanced_options.add_boolean('REVERSEIP', 'Reverse ip to find subdomain', False) self.advanced_options.add_path('DOMAINLIST', 'Path to domain list', False) self.advanced_options.add_path('OUTPUT', 'Output directory', False) ############################ self.ip_helper = IP()
def worker(self, domain): threads = [] self.subs = [domain] self.emails = [] self.listip = {} ################################################## subbrute = [] for ext in ['.', '-', '']: for sub in self.subbrute: subbrute.append(sub + ext + domain) if len(subbrute) > 0: self.frmwk.print_status('Starting bruteforce subdomain in : %d thread' % self.subbrutethread) self.listip = IP().getListIP(subbrute, self.subbrutethread) del subbrute ################################################## if self.options['TYPE'].strip().lower() == "fast": type = 2 elif self.options['TYPE'].strip().lower() == "slow": type = 0 else: type = 1 ################################################## self.frmwk.print_status("%s : Start search enginee !" % domain) keywork = '"@' + domain + '" ext:(' + ' OR '.join(CONFIG.EXTENSION) + ')' if self.searcher in ("yahoo", "all"): yh = yahoo.yahoo(keywork, self.limit, self.delay) yh.start() threads.append(yh) if self.searcher in ("bing", "all"): bg = bing.bing(keywork, self.limit, self.delay) bg.start() threads.append(bg) if self.searcher in ("baidu", "all"): bd = baidu.baidu('"@' + domain + '"', self.limit, self.delay) bd.start() threads.append(bd) if self.searcher in ("exalead", "all"): el = exalead.exalead(keywork, self.limit, self.delay) el.start() threads.append(el) if self.searcher in ("google", "all"): gg = google.google(keywork, self.limit, self.delay) gg.start() threads.append(gg) ############### get info from db ################## if self.frmwk.dbconnect: self.frmwk.print_status('Getting data in database') cursor = self.frmwk.dbconnect.db.cursor() dmrow = getDomain(cursor, ['domain_name', 'mail_list'], {'domain_name': '%%%s' % domain}) if dmrow: for dm in dmrow: self.subs.append(dm[0]) if dm[1]: for e in dm[1].split('\n'): self.emails.append(e.split('|')[0].strip()) else: self.frmwk.print_status('Nothing in Database!') cursor.close() else: self.frmwk.print_error('Database connect false!') ################################################## docsthreads = [] try: for t in threads: t.join() self.frmwk.print_status("Harvesting : <[ {0:<25} {1:d}".format(t.name, len(t.info))) if self.multithread: ps = Thread(target = filter.Filter, args = (domain, t.info, type,)) docsthreads.append(ps) ps.start() else: s,e = filter.Filter(domain, t.info, type) self.subs += s self.emails += e except KeyboardInterrupt: for t in threads: if t.isAlive(): t.terminate() for t in docsthreads: if t.isAlive(): t.terminate() pass if len(docsthreads) > 0: for ps in docsthreads: s,e = ps.join() self.subs += s self.emails += e self.subs.append(domain) self.subs = sorted(list(set(self.subs))) self.emails = sorted(list(set(self.emails))) ############ check subdomain ############## self.frmwk.print_status('Checking subdomain in : %d thread' % self.subbrutethread) ips = IP().getListIP(self.subs, self.subbrutethread) for ip in ips.keys(): if ip in self.listip: self.listip[ip] = sorted(list(set(self.listip[ip] + ips[ip]))) else: self.listip[ip] = ips[ip] del ips ################ insert db ################# if self.frmwk.dbconnect: self.frmwk.print_status('start save database!') self.DBInsert(domain) ################# reverse ip ############### if self.reverseip: for ip in self.listip.keys(): reip = self.frmwk.modules['info/reverse_ip'] reip.options.addString('RHOST', 'IP/Domain to reverse(support : ip1,ip2...)', default = ip) reip.options.addBoolean('CHECK', 'check domain is in this IP ', default = True) reip.options.addInteger('THREADS', 'thread check domain', default = 10) ############################ reip.advanced_options.addPath('HOSTLIST', 'Path to domain list', False) reip.advanced_options.addPath('OUTPUT', 'Output directory', False) reip.run(self.frmwk, None) self.frmwk.reload_module('info/reverse_ip') for d in reip.domains: if d.endswith(domain): self.listip[ip].append(d) self.listip[ip] = sorted(list(set(self.listip[ip]))) ########################################### self.frmwk.print_line() self.frmwk.print_success("Hosts found in search engines:\n------------------------------") for ip in self.listip.keys(): self.frmwk.print_success('IP Server : ' + ip) for dm in self.listip[ip]: self.frmwk.print_line('\t. ' + dm) self.frmwk.print_line() self.frmwk.print_line() self.frmwk.print_success("Emails found:\n-------------") self.frmwk.print_line("\n".join(self.emails)) self.frmwk.print_line('')
class Module(Templates): threads = [] docsthreads = [] def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) ############################ self.version = 1 self.author = ['VinaKid'] self.description = 'Get subdomain and email' self.detailed_description = \ '\tModule is using to get subdomain and email of domains\n' + \ ' by bruteforce subdomain or from search engineer\n' +\ ' $ w2a > set DOMAIN google,bing,yahoo\n' +\ ' $ w2a > unset DOMAIN\n' +\ ' $ w2a > set DOMAINLIST [path to domain list])\n' +\ '- Option TYPE: speed\n' +\ '- Option SUBLIST: path of subdomain list is using to bruteforce subdomain\n' ############################ self.options.add_string('DOMAIN', 'Target domain (support: domain1,domain2...)', False) self.options.add_string( 'SEARCHER', 'Select search enginee: google, bing, yahoo, baidu, exalead, all', default='google', complete=['google', 'bing', 'yahoo', 'baidu', 'exalead', 'all']) self.options.add_integer('LIMIT', 'Set limit search', default=1000) self.options.add_string('TYPE', 'Type scan(fast, nomal , slow)', default='slow', complete=['fast', 'nomal', 'slow']) self.options.add_integer('DELAY', 'Delay time', default=1) self.options.add_boolean('MULTITHREADS', 'Get subdomain and email with multithreading', default=False) self.options.add_path('SUBLIST', 'Bruteforce subdomain list', False, default=CONFIG.DATA_PATH + '/dict/subdomain.vn') ############################ self.advanced_options.add_integer('THREADS', 'Thread bruteforce', default=5) self.advanced_options.add_boolean('REVERSEIP', 'Reverse ip to find subdomain', False) self.advanced_options.add_path('DOMAINLIST', 'Path to domain list', False) self.advanced_options.add_path('OUTPUT', 'Output directory', False) ############################ self.ip_helper = IP() def run(self, frmwk, args): self.frmwk = frmwk self.domain = self.options['DOMAIN'] self.limit = self.options['LIMIT'] self.searcher = self.options['SEARCHER'] self.multithread = self.options['MULTITHREADS'] self.delay = self.options['DELAY'] self.subbrute = self.options['SUBLIST'] if self.options[ 'SUBLIST'] else [] self.domainlist = self.advanced_options['DOMAINLIST'] self.output = self.advanced_options['OUTPUT'] self.brutethread = self.advanced_options['THREADS'] self.reverse_ip = self.advanced_options['REVERSEIP'] ################################################## self.type = 1 if self.options['TYPE'].strip().lower() == "fast": self.type = 2 elif self.options['TYPE'].strip().lower() == "slow": self.type = 0 ################################################## domains = [] # domain list if not self.domain: if self.domainlist: domains = read_from_file(full_path(self.domainlist)) else: self.frmwk.print_error( 'Nothing to do! Must set DOMAIN/DOMAINLIST options first') return else: domains = self.domain.split(',') for domain in domains: domain = domain.replace('www.', '').strip() self.worker(domain) if self.output: output = full_path(self.output + '/' + domain + '.txt') append_file(output, self.emails) def worker(self, domain): self.subs = [domain] self.emails = [] self.ips = {} ################################################## subbrute = [] for ext in ['.', '-', '']: for sub in self.subbrute: subbrute.append(sub + ext + domain) if len(subbrute) > 0: self.frmwk.print_status( 'Starting bruteforce subdomain on thread %d' % self.brutethread) self.ips = self.ip_helper.gets(subbrute, self.brutethread) del subbrute ################################################## self.frmwk.print_status("%s : Start search enginee !" % domain) keywork = '"@%s" ext:(%s)' % (domain, ' OR '.join(CONFIG.EXTENSION)) self.frmwk.print_status('Keywork: %s' % keywork) searcher = None if "google" in self.searcher or self.searcher is "all": searcher = google.Google(keywork, self.limit, self.delay) if "yahoo" in self.searcher or self.searcher is "all": searcher = yahoo.yahoo(keywork, self.limit, self.delay) if "bing" in self.searcher or self.searcher is "all": searcher = bing.bing(keywork, self.limit, self.delay) if "baidu" in self.searcher or self.searcher is "all": searcher = baidu.baidu('"@' + domain + '"', self.limit, self.delay) if "exalead" in self.searcher or self.searcher is "all": searcher = exalead.exalead(keywork, self.limit, self.delay) if searcher: searcher.start() self.threads.append(searcher) ################################################## for t in self.threads: t.join() self.frmwk.print_status("Harvesting : <[ {0:<25} {1:d}".format( t.name, len(t.content))) if self.multithread: ps = Thread(target=filter.filter, args=( domain, t.content, self.type, )) self.docsthreads.append(ps) ps.start() else: s, e = filter.filter(domain, t.content, self.type) self.subs += s self.emails += e if len(self.docsthreads) > 0: for ps in self.docsthreads: s, e = ps.join() self.subs += s self.emails += e self.subs.append(domain) self.subs = sorted(list(set(self.subs))) self.emails = sorted(list(set(self.emails))) ############ check subdomain ############## self.frmwk.print_status('Checking subdomain in : %d thread' % self.brutethread) ips = self.ip_helper.gets(self.subs, self.brutethread) for ip in ips.keys(): if ip in self.ips: self.ips[ip] = sorted(list(set(self.ips[ip] + ips[ip]))) else: self.ips[ip] = ips[ip] del ips ################# reverse ip ############### if self.reverse_ip: for ip in self.ips.keys(): rev_ip = self.frmwk.modules['info/reverse_ip'] rev_ip.options.add_string( 'RHOST', 'IP/Domain to reverse(support : ip1,ip2...)', default=ip) rev_ip.options.add_boolean('CHECK', 'check domain is in this IP ', default=True) rev_ip.options.add_integer('THREADS', 'thread check domain', default=10) ############################ rev_ip.advanced_options.add_path('HOSTLIST', 'Path to domain list', False) rev_ip.advanced_options.add_path('OUTPUT', 'Output directory', False) rev_ip.run(self.frmwk, None) self.frmwk.reload_module('info/reverse_ip') for d in rev_ip.domains: if d.endswith(domain): self.ips[ip].append(d) self.ips[ip] = sorted(list(set(self.ips[ip]))) ########################################### self.frmwk.print_line() self.frmwk.print_success( "Hosts found in search engines:\n------------------------------") for ip in self.ips.keys(): self.frmwk.print_success('IP Server : ' + ip) for dm in self.ips[ip]: self.frmwk.print_line('\t. ' + dm) self.frmwk.print_line() self.frmwk.print_line() self.frmwk.print_success("Emails found:\n-------------") self.frmwk.print_line("\n".join(self.emails)) self.frmwk.print_line('') def close(self): self.frmwk.print_status("Closing threads...") self.ip_helper.close() for t in self.threads: if t.isAlive(): t.terminate() for t in self.docsthreads: if t.isAlive(): t.terminate()
class Module(Templates): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) ############################ self.version = 1 self.author = ['Kid'] self.description = 'Get subdomain and email' self.detailed_description = \ '\tModule dùng để lấy subdomain và email của 1 hoặc nhiều domain\n' + \ 'thông qua bruteforce subdomain và lấy thông tin từ các search engineer\n\n'+\ '- Có thể set nhiều domain cùng lúc thông qua option DOMAIN ngăn cách bằng dấu phẩy.\n'+\ ' w2a > set DOMAIN google.com,bing.com,yahoo.com\n\n'+\ '* Note: NẾU ko set option DOMAIN thì DOMAINLIST sẽ được sử dụng\n'+\ ' để xóa DOMAIN dùng cmd : w2a > unset DOMAIN\n\n'+\ '- Để get nhiều domain trong list domain dùng advanced option DOMAINLIST\n'+\ ' w2a > set DOMAINLIST [path đến list domain])\n\n'+\ '- Option TYPE dùng để thực hiện 3 mức scan nhanh->chậm\n'+\ 'tùy theo số kết quả (domain hoặc email) trên 1 request\n'+\ 'và thực hiện lấy thông tin lần nửa trong site đó\n\n'+\ '- Option SUBLIST là path đến subdomain list,dùng để bruteforce subdomain\n\n'+\ ' Nếu không bruteforce thì unset: w2a> unset SUBLIST\n\n' ############################ self.options.addString('DOMAIN', 'Domain/Company to search or company name (support: domain1,domain2...)', False) self.options.addString('SEARCHER', 'Select search enginee: google, bing, yahoo, baidu, exalead, all', default = 'all', complete = ['google', 'bing', 'yahoo', 'baidu', 'exalead', 'all']) self.options.addInteger('LIMIT', 'Set limit search', default = 1000) self.options.addString('TYPE', 'Type scan(fast, nomal , slow)', default = 'slow', complete = ['fast', 'nomal', 'slow']) self.options.addInteger('DELAY', 'Delay time', default = 1) self.options.addBoolean('MULTITHREADS', 'Get subdomain and email with multithreading', default = False) self.options.addPath('SUBLIST', 'Bruteforce subdomain list', False, default = CONFIG.DATA_PATH + '/dict/subdomain.vn') ############################ self.advanced_options.addInteger('SUBTHREADS', 'Thread bruteforce subdomain', default = 5) self.advanced_options.addBoolean('REVERSEIP', 'Reverse ip to find subdomain', False) self.advanced_options.addPath('DOMAINLIST', 'Path to domain list', False) self.advanced_options.addPath('OUTPUT', 'Output directory', False) def run(self, frmwk, args): self.frmwk = frmwk self.domain = self.options['DOMAIN'] self.limit = self.options['LIMIT'] self.searcher = self.options['SEARCHER'] self.multithread = self.options['MULTITHREADS'] self.delay = self.options['DELAY'] self.subbrute = self.options['SUBLIST'] if self.options['SUBLIST'] else [] self.domainlist = self.advanced_options['DOMAINLIST'] self.output = self.advanced_options['OUTPUT'] self.subbrutethread = self.advanced_options['SUBTHREADS'] self.reverseip = self.advanced_options['REVERSEIP'] dms = [] if not self.domain: if self.domainlist: dms = ReadFromFile(FullPath(self.domainlist)) else: self.frmwk.print_error('Nothing to do! Must set DOMAIN/DOMAINLIST options first') return else: dms = self.domain.split(',') for domain in dms: domain = domain.replace('www.', '').strip() self.worker(domain) if self.output: output = FullPath(self.output + '/' + domain + '.txt') AppendFile(output, self.emails) def worker(self, domain): threads = [] self.subs = [domain] self.emails = [] self.listip = {} ################################################## subbrute = [] for ext in ['.', '-', '']: for sub in self.subbrute: subbrute.append(sub + ext + domain) if len(subbrute) > 0: self.frmwk.print_status('Starting bruteforce subdomain in : %d thread' % self.subbrutethread) self.listip = IP().getListIP(subbrute, self.subbrutethread) del subbrute ################################################## if self.options['TYPE'].strip().lower() == "fast": type = 2 elif self.options['TYPE'].strip().lower() == "slow": type = 0 else: type = 1 ################################################## self.frmwk.print_status("%s : Start search enginee !" % domain) keywork = '"@' + domain + '" ext:(' + ' OR '.join(CONFIG.EXTENSION) + ')' if self.searcher in ("yahoo", "all"): yh = yahoo.yahoo(keywork, self.limit, self.delay) yh.start() threads.append(yh) if self.searcher in ("bing", "all"): bg = bing.bing(keywork, self.limit, self.delay) bg.start() threads.append(bg) if self.searcher in ("baidu", "all"): bd = baidu.baidu('"@' + domain + '"', self.limit, self.delay) bd.start() threads.append(bd) if self.searcher in ("exalead", "all"): el = exalead.exalead(keywork, self.limit, self.delay) el.start() threads.append(el) if self.searcher in ("google", "all"): gg = google.google(keywork, self.limit, self.delay) gg.start() threads.append(gg) ############### get info from db ################## if self.frmwk.dbconnect: self.frmwk.print_status('Getting data in database') cursor = self.frmwk.dbconnect.db.cursor() dmrow = getDomain(cursor, ['domain_name', 'mail_list'], {'domain_name': '%%%s' % domain}) if dmrow: for dm in dmrow: self.subs.append(dm[0]) if dm[1]: for e in dm[1].split('\n'): self.emails.append(e.split('|')[0].strip()) else: self.frmwk.print_status('Nothing in Database!') cursor.close() else: self.frmwk.print_error('Database connect false!') ################################################## docsthreads = [] try: for t in threads: t.join() self.frmwk.print_status("Harvesting : <[ {0:<25} {1:d}".format(t.name, len(t.info))) if self.multithread: ps = Thread(target = filter.Filter, args = (domain, t.info, type,)) docsthreads.append(ps) ps.start() else: s,e = filter.Filter(domain, t.info, type) self.subs += s self.emails += e except KeyboardInterrupt: for t in threads: if t.isAlive(): t.terminate() for t in docsthreads: if t.isAlive(): t.terminate() pass if len(docsthreads) > 0: for ps in docsthreads: s,e = ps.join() self.subs += s self.emails += e self.subs.append(domain) self.subs = sorted(list(set(self.subs))) self.emails = sorted(list(set(self.emails))) ############ check subdomain ############## self.frmwk.print_status('Checking subdomain in : %d thread' % self.subbrutethread) ips = IP().getListIP(self.subs, self.subbrutethread) for ip in ips.keys(): if ip in self.listip: self.listip[ip] = sorted(list(set(self.listip[ip] + ips[ip]))) else: self.listip[ip] = ips[ip] del ips ################ insert db ################# if self.frmwk.dbconnect: self.frmwk.print_status('start save database!') self.DBInsert(domain) ################# reverse ip ############### if self.reverseip: for ip in self.listip.keys(): reip = self.frmwk.modules['info/reverse_ip'] reip.options.addString('RHOST', 'IP/Domain to reverse(support : ip1,ip2...)', default = ip) reip.options.addBoolean('CHECK', 'check domain is in this IP ', default = True) reip.options.addInteger('THREADS', 'thread check domain', default = 10) ############################ reip.advanced_options.addPath('HOSTLIST', 'Path to domain list', False) reip.advanced_options.addPath('OUTPUT', 'Output directory', False) reip.run(self.frmwk, None) self.frmwk.reload_module('info/reverse_ip') for d in reip.domains: if d.endswith(domain): self.listip[ip].append(d) self.listip[ip] = sorted(list(set(self.listip[ip]))) ########################################### self.frmwk.print_line() self.frmwk.print_success("Hosts found in search engines:\n------------------------------") for ip in self.listip.keys(): self.frmwk.print_success('IP Server : ' + ip) for dm in self.listip[ip]: self.frmwk.print_line('\t. ' + dm) self.frmwk.print_line() self.frmwk.print_line() self.frmwk.print_success("Emails found:\n-------------") self.frmwk.print_line("\n".join(self.emails)) self.frmwk.print_line('') def DBInsert(self, domain): info = [] for ip in self.listip.keys(): ipinfo = {} ipinfo['ip'] = ip dminfo = [] for dm in self.listip[ip]: dmi = {} dmi['domain_name'] = dm if dm == domain: dmi['mail_list'] = '|\n'.join(self.emails) + '|' dminfo.append(dmi) ipinfo['domains'] = dminfo info.append(ipinfo) IPInSerter(self.frmwk.dbconnect.db, info)