def __init__(self, args, options):
"""Constructs a Driver instance. The driver instance manages the crawling proces.
Args:
args (:class:`argparse.Namespace`): A namespace with all the parsed CLI arguments.
options (:class:`nyawc.Options`): The options to use for the current crawling runtime.
"""
self.stopping = False
self.__args = args
self.__options = options
self.__vulnerable_items = []
self.__options.callbacks.crawler_before_start = self.cb_crawler_before_start
self.__options.callbacks.crawler_after_finish = self.cb_crawler_after_finish
self.__options.callbacks.request_before_start = self.cb_request_before_start
self.__options.callbacks.request_after_finish = self.cb_request_after_finish
self.__options.callbacks.request_in_thread_after_finish = self.cb_request_in_thread_after_finish
self.__options.callbacks.request_on_error = self.cb_request_on_error
self.__options.identity.headers.update({
"User-Agent":
user_agent(PackageHelper.get_alias(), PackageHelper.get_version())
})
def require_arguments():
"""Get the arguments from CLI input.
Returns:
:class:`argparse.Namespace`: A namespace with all the parsed CLI arguments.
"""
parser = argparse.ArgumentParser(
prog=PackageHelper.get_alias(),
formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=180, width=180)
)
optional = parser._action_groups.pop()
required = parser.add_argument_group("required arguments")
required.add_argument("-d", "--domain", help="the domain to scan (e.g. finnwea.com)", required=True)
optional.add_argument("-c", "--crawl", help="use the crawler to scan all the entire domain", action="store_true")
optional.add_argument("-vp", "--verify-payload", help="use a javascript engine to verify if the payload was executed (otherwise false positives may occur)", action="store_true")
optional.add_argument("-av", "--angular-version", help="manually pass the angular version (e.g. 1.4.2) if the automatic check doesn't work", type=str, default=None)
optional.add_argument("-siv", "--stop-if-vulnerable", help="(crawler option) stop scanning if a vulnerability was found", action="store_true")
optional.add_argument("-pmm", "--protocol-must-match", help="(crawler option) only scan pages with the same protocol as the startpoint (e.g. only https)", action="store_true")
optional.add_argument("-sos", "--scan-other-subdomains", help="(crawler option) also scan pages that have another subdomain than the startpoint", action="store_true")
optional.add_argument("-soh", "--scan-other-hostnames", help="(crawler option) also scan pages that have another hostname than the startpoint", action="store_true")
optional.add_argument("-sot", "--scan-other-tlds", help="(crawler option) also scan pages that have another tld than the startpoint", action="store_true")
optional.add_argument("-md", "--max-depth", help="(crawler option) the maximum search depth (default is unlimited)", type=int)
optional.add_argument("-mt", "--max-threads", help="(crawler option) the maximum amount of simultaneous threads to use (default is 8)", type=int, default=8)
optional.add_argument("-iic", "--ignore-invalid-certificates", help="(crawler option) ignore invalid ssl certificates", action="store_true")
optional.add_argument("-tc", "--trusted-certificates", help="(crawler option) trust this CA_BUNDLE file (.pem) or directory with certificates", type=str, default=None)
parser._action_groups.append(optional)
return parser.parse_args()
def print_banner():
"""Print a useless ASCII art banner to make things look a bit nicer."""
print("""
/$$$$$$ /$$$$$$ /$$$$$$ /$$$$$$$$ /$$$$$$ /$$$$$$
/$$__ $$ /$$__ $$ /$$__ $$|__ $$__/|_ $$_/ /$$__ $$
| $$ \ $$| $$ \__/| $$ \__/ | $$ | $$ | $$ \__/
| $$$$$$$$| $$ | $$$$$$ | $$ | $$ | $$$$$$
| $$__ $$| $$ \____ $$ | $$ | $$ \____ $$
| $$ | $$| $$ $$ /$$ \ $$ | $$ | $$ /$$ \ $$
| $$ | $$| $$$$$$/| $$$$$$/ | $$ /$$$$$$| $$$$$$/
|__/ |__/ \______/ \______/ |__/ |______/ \______/
Version """ + PackageHelper.get_version() + """ - Copyright 2017 Tijme Gommers <*****@*****.**>
""")
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
import re
from setuptools import find_packages, setup
from acstis.helpers.PackageHelper import PackageHelper
with open("requirements.txt") as file:
requirements = file.read().splitlines()
with open("README.rst") as file:
readme = PackageHelper.rst_to_pypi(file.read())
setup(name=PackageHelper.get_alias(),
version=PackageHelper.get_version(),
description=PackageHelper.get_description(),
long_description=readme,
keywords=[
"vulnerability", "bug-bounty", "security", "angular", "csti",
"client-side template injection", "scanner"
],
classifiers=[
"Development Status :: 5 - Production/Stable",
"Environment :: Console", "Intended Audience :: Developers",
"Intended Audience :: Education",
"Intended Audience :: Information Technology",
"Intended Audience :: System Administrators",