def test_target_time_elapsed_hostname():
target = Target("example.com", "127.0.0.1")
time.sleep(0.1)
target.stop_timer()
assert target.elapsed_time is not target.start_time
assert target.finish_time > target.start_time
assert target.elapsed_time > 0
assert target.time_taken is not None
def test_target_time_elapsed_ip():
target = Target(None, "127.0.0.1")
time.sleep(0.1)
target.stop_timer()
assert target.elapsed_time is not target.start_time
assert target.finish_time > target.start_time
assert target.elapsed_time > 0
assert target.time_taken is not None
def __init__(self, url, method):
log.info('Preparing WPwner.......')
self.c = Convention()
self.target = Target(url)
self.method = method
log.info('Starting information gathering on ' + self.target.url)
if self.hostUp():
self.info()
def __init__(self,method,url=False,target=False,config=False):
log.info('Preparing WPwner.......')
self.c = Convention()
self.method = method
if target:
self.target = Target()
self.target.parseTup(target)
if config:
self.target.parseTup(self.load_config(config))
self.done()
else:
self.target = Target(url)
if config:
self.target.parseTup(self.load_config(config))
if self.hostUp():
self.info()
self.done()
else:
print "The host looks down"
def scan_target(target: str) -> None:
"""
Scan the target passed
:param target: Target IP/hostname to scan
"""
try:
# See if the target is an IP network
ip_network = ipaddress.ip_network(target, strict=False)
if ip_network.version is 6:
raise NotImplementedError("IPv6 addresses are not yet supported")
for x in range(ip_network.num_addresses):
ip = ip_network[x]
tgt = Target(None, ip)
ModuleProvider.analyse(tgt)
tgt.stop_timer()
except ValueError:
# It's not an IP address or a subnet,
# so most likely a hostname
if target.startswith("www."):
www_warning = utils.terminal_width_string(
"Target starts with \"www.\" - this is not recommended as it can lead to false positives in modules "
" - for example, when checking URLs for internal links. Do you want to remove \"www.\" from the URL?"
)
print(utils.warning_message(), www_warning)
agree = utils.input_message("[Y]es or [N]o: ")
if agree.lower() == "y":
target = target.replace("www.", "")
print(utils.normal_message(), "Removed \"www.\" from target, now \"{TARGET}\"".format(TARGET=target))
else:
print(utils.warning_message(), "Retaining \"www.\" in target")
hostname_info = socket.getaddrinfo(target, None, socket.AF_INET)
ip = ipaddress.ip_address(hostname_info[0][4][0])
tgt = Target(target, ip)
ModuleProvider.analyse(tgt)
tgt.stop_timer()
print()
def __execute_init_module(target: Target) -> None:
"""
Run InitModules against the Target
:param target: Target object to scan
"""
if len(LOADED_INIT_MODULES) > 0:
module = LOADED_INIT_MODULES[0]
if module.can_execute_module() is ModuleExecuteState.CanExecute:
print(utils.normal_message(),
"Executing {PROGRAM}".format(PROGRAM=module.name))
module.execute(target.get_address(), 0)
else:
print(
utils.error_message(),
"Unable to meet dependencies for {MODULE}. Quitting".format(
MODULE=module.name))
sys.exit(ExitCode.CriticalDependencyNotInstalled)
else:
print(utils.error_message(), "No Init Modules loaded. Quitting")
sys.exit(ExitCode.EntryPointModulesNotLoaded)
class WPwner(object):
def __init__(self,method,url=False,target=False,config=False):
log.info('Preparing WPwner.......')
self.c = Convention()
self.method = method
if target:
self.target = Target()
self.target.parseTup(target)
if config:
self.target.parseTup(self.load_config(config))
self.done()
else:
self.target = Target(url)
if config:
self.target.parseTup(self.load_config(config))
if self.hostUp():
self.info()
self.done()
else:
print "The host looks down"
# Load a local wp-config.php to parse
def load_config(self,config):
f = open(config)
content = f.read()
f.close()
return Core.parse_config_file(content)
# Looks if the host is online
def hostUp(self):
status,home = Core.get_web_page(self.target.url)
return status
# Thread worker for the information modules execution
#
# The tupple list returned from the module execution is sent to the target
# to get parsed and added to the object's properties
def info_worker(self,module):
if hasattr(module, self.method):
(attribute,value) = ("",False)
if self.method == "passive":
tupList = module.passive(self.target)
elif self.method == "active":
tupList = module.active(self.target)
dispo = False
while not dispo:
dispo = self.lock.acquire()
self.target.parseTup(tupList)
else:
log.failure('Problem with Module '+module_name)
self.lock.release()
# Starts a thread for every information modules
def info(self):
log.info('Starting information gathering on '+self.target.url)
self.threads = []
self.lock = threading.Lock()
for module_name in modules.info.__all__:
module = __import__ ("modules.info."+module_name, fromlist=[module_name])
t = threading.Thread(target=self.info_worker, args=(module,))
self.threads.append(t)
t.start()
for single in self.threads:
single.join()
# Called after the information modules' execution.
# Calls the attack modules
def done(self):
global autoCross
options = []
log.info('Execution of modules over.')
options.append(("Show what we have",describe))
for folder in modules.attack.__all__:
module_folder = __import__ ("modules.attack."+folder, fromlist=[folder])
for module_name in module_folder.__all__:
module = __import__ ("modules.attack."+folder+"."+module_name, fromlist=[module_name])
if hasattr(module,"prerequisite"):
tupList = module.prerequisite(self.target)
for description,address in tupList:
options.append((description,address))
if autoCross:
foundAuto = False
for description,address in options:
if description == "Password reuse detection":
foundAuto = True
autoAddress = address
if foundAuto:
tupList = autoAddress(self.target)
self.target.parseTup(tupList)
autoCross = False
self.done()
i = 1
choice = []
choice.append(self.quit)
print "\n\x1B[31mWhat do you want to do?\x1B[0m"
print "\x1B[92m0) \x1B[0mQuit"
for description,address in options:
choice.append(address)
print "\x1B[92m"+str(i)+') \x1B[0m'+description
i += 1
x = input('\x1B[35mChoice: \x1B[0m')
x = int(x)
tupList = choice[x](self.target)
self.target.parseTup(tupList)
self.done()
# Save and leave
def quit(self,target=None):
Core.save_target(target)
exit(0)
def test_target_get_ip():
target = Target(None, "127.0.0.1")
assert target.get_address() is "127.0.0.1"