def submit_temp_logs_to_db(log): """ this function created to submit new events into database Args: log: log event in JSON type Returns: True if success otherwise False """ if isinstance(log, dict): session = create_connection() session.add( TempEvents(target=log["target"], date=log["date"], module_name=log["module_name"], scan_unique_id=log["scan_unique_id"], event_name=log["event_name"], options=json.dumps(log["options"]), event=json.dumps(log["event"]), data=json.dumps(log["data"]))) return send_submit_query(session) else: warn(messages("invalid_json_type_to_db").format(log)) return False
def send_submit_query(query, language): """ a function to send submit based queries to db (such as insert and update or delete), it retries 100 times if connection returned an error. Args: query: query to execute language: language Returns: True if submitted success otherwise False """ conn = create_connection(language) if not conn: return False try: for i in range(1, 100): try: c = conn.cursor() c.execute(query) conn.commit() conn.close() return True except: time.sleep(0.01) except: warn(messages(language, "database_connect_fail")) return False return False
def send_read_query(query, language): """ a function to send read based queries to db (such as select), it retries 100 times if connection returned an error. Args: query: query to execute language: language Returns: return executed query otherwise False """ conn = create_connection(language) if not conn: return False try: for i in range(1, 100): try: c = conn.cursor() return c.execute(query) except: time.sleep(0.01) except: warn(messages(language, "database_connect_fail")) return False return False
def get_gateway_ip_addresses(configuration): """ get gateway ip addresses Args: configuration: user final configuration Returns: list of gateway's IPs """ gateway_ips = [] for selected_module in configuration: container_name = virtual_machine_name_to_container_name( configuration[selected_module]["virtual_machine_name"], selected_module) try: gateway_ip = os.popen( "docker inspect -f '{{{{range.NetworkSettings.Networks}}}}" "{{{{.Gateway}}}}{{{{end}}}}' {0}".format( container_name)).read().rsplit()[0].replace("\'", "") gateway_ips.append(gateway_ip) except IndexError as _: warn("unable to get container {0} IP address".format( container_name)) return list(set(gateway_ips))
def load_all_method_args(language): module_names = [] modules_args = {} # get module names for lib in glob('lib/brute/*/engine.py'): lib = lib.replace('/', '.').replace('\\', '.').rsplit('.py')[0] if lib not in module_names: module_names.append(lib) for lib in glob('lib/scan/*/engine.py'): lib = lib.replace('/', '.').replace('\\', '.').rsplit('.py')[0] if lib not in module_names: module_names.append(lib) # get args for imodule in module_names: try: extra_requirements_dict = getattr( __import__(imodule, fromlist=['extra_requirements_dict']), 'extra_requirements_dict') except: warn(messages(language, 112).format(imodule)) imodule_args = extra_requirements_dict() modules_args[imodule] = [] for imodule_arg in imodule_args: modules_args[imodule].append(imodule_arg) for imodule in modules_args: info( imodule.rsplit('.')[2] + '_' + imodule.rsplit('.')[1] + ' --> ' + ", ".join(modules_args[imodule])) return module_names
def load_all_modules(): """ load all available modules Returns: an array of all module names """ # Search for Modules # the modules are available in lib/modules/category_name/module_name (e.g. lib/modules/ftp/weak_password # they will be listed based on the folder names and if "Dockerfile" exist! # structure of module name: module_name = lib/modules/(category_name/module_name)/__init.py # example: module_name = lib/modules/(ftp/weak_password)/__init.py = ftp/weak_password module_names = [] for module in glob( os.path.dirname(inspect.getfile(lib)) + '/modules/*/*/__init__.py'): module_name = module.rsplit('\\' if is_windows() else '/')[-3] + '/' + \ module.rsplit('\\' if is_windows() else '/')[-2] if os.path.exists( module.rsplit('__init__.py')[0] + '/' + 'Dockerfile'): if module_name not in module_names: module_names.append(module_name) else: warn(messages("en", "module_not_available").format(module_name)) return module_names
def _check(__version__, __code_name__, language, socks_proxy): """ check for update Args: __version__: version number __code_name__: code name language: language socks_proxy: socks proxy Returns: True if success otherwise None """ try: if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo data = requests.get(url, headers={ "User-Agent": "OWASP Nettacker" }).content if version() is 3: data = data.decode("utf-8") if __version__ + ' ' + __code_name__ == data.rsplit('\n')[0]: info(messages(language, "last_version")) else: warn(messages(language, "not_last_version")) except: warn(messages(language, "cannot_update")) return True
def load_all_modules(): """ load all available modules Returns: an array of all module names """ # Search for Modules # the modules are available in # modules/category_name/module_name (e.g. modules/ftp/weak_password # they will be listed based on the folder names and if "Dockerfile" exist! # structure of module name: # module_name = modules/(category_name/module_name)/__init.py # example: module_name = modules/(ftp/weak_password)/__init.py # = ftp/weak_password module_names = [] module_basepath = os.path.dirname(inspect.getfile(modules)) path_pattern = module_basepath + '/*/*/__init__.py' for module in glob(path_pattern): module_dir = os.path.split(module)[0] sub_module_name = os.path.split(module_dir)[1] category_name = os.path.split(os.path.split(module_dir)[0])[1] module_name = category_name + '/' + sub_module_name dockerfile_path = os.path.join(module_dir, "Dockerfile") if os.path.exists(dockerfile_path): if module_name not in module_names: module_names.append(module_name) else: warn(messages["module_not_available"].format(module_name)) return module_names
def submit_logs_to_db(language, log): """ this function created to submit new events into database Args: language: language log: log event in JSON type Returns: True if success otherwise False """ if isinstance(log, str): log = json.loads(log) if isinstance(log, dict): session = create_connection(language) session.add( HostsLog(host=log["HOST"], date=log["TIME"], port=log["PORT"], type=log["TYPE"], category=log["CATEGORY"], description=log["DESCRIPTION"].encode('utf8') if version() is 2 else log["DESCRIPTION"], username=log["USERNAME"], password=log["PASSWORD"], scan_id=log["SCAN_ID"], scan_cmd=log["SCAN_CMD"])) return send_submit_query(session, language) else: warn(messages(language, "invalid_json_type_to_db").format(log)) return False
def check(target, timeout_sec, language, port): try: requests.get(target, verify=False, timeout=timeout_sec, headers=HEADERS) return True except Exception: warn(messages(language, 'no_response')) return False
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy(socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo n = 0 # warning for each target make the screen so messy in IP ranges # warn(messages(language,"root_required")) while 1: r = do_one_ping(target, timeout_sec, 84) if r is None: n = n + 1 if n == retries: if verbose_level > 3: warn(messages(language, "host_down").format(target)) if verbose_level != 0: data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'icmp scan', 'DESCRIPTION': messages(language, "host_down").format(target), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + "\n" __log_into_file(log_in_file, 'a', data, language) break else: pass else: info(messages(language, "host_up").format( target, str(round(r * 1000, 2)) + "ms")) data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'icmp scan', 'DESCRIPTION': messages(language, "host_up").format(target, str(round(r * 1000, 2)) + "ms"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + "\n" __log_into_file(log_in_file, 'a', data, language) break else: warn(messages(language, "input_target_error").format('icmp_scan', target))
def start(self): from terminable_thread import Thread from core.utility import wait_for_threads_to_finish active_threads = [] from core.alert import warn from core.alert import verbose_event_info from core.alert import messages # counting total number of requests total_number_of_requests = 0 for payload in self.module_content['payloads']: if payload['library'] not in self.libraries: warn( messages("library_not_supported").format( payload['library'])) return None for step in payload['steps']: for _ in step: total_number_of_requests += 1 request_number_counter = 0 for payload in self.module_content['payloads']: protocol = getattr( __import__('core.module_protocols.{library}'.format( library=payload['library']), fromlist=['Engine']), 'Engine') for step in payload['steps']: for sub_step in step: thread = Thread( target=protocol.run, args=(sub_step, self.module_name, self.target, self.scan_unique_id, self.module_inputs, self.process_number, self.module_thread_number, self.total_module_thread_number, request_number_counter, total_number_of_requests)) thread.name = f"{self.target} -> {self.module_name} -> {sub_step}" request_number_counter += 1 verbose_event_info( messages("sending_module_request").format( self.process_number, self.module_name, self.target, self.module_thread_number, self.total_module_thread_number, request_number_counter, total_number_of_requests)) thread.start() time.sleep( self.module_inputs['time_sleep_between_requests']) active_threads.append(thread) wait_for_threads_to_finish( active_threads, maximum=self.module_inputs['thread_per_host'], terminable=True) wait_for_threads_to_finish(active_threads, maximum=None, terminable=True)
def _check(__version__, __code_name__, language): try: data = requests.get(url, headers={ "User-Agent": "OWASP Nettacker" }).content if version() is 3: data = data.decode("utf-8") if __version__ + ' ' + __code_name__ == data.rsplit('\n')[0]: info(messages(language, 103)) else: warn(messages(language, 101)) except: warn(messages(language, 102)) return
def check_auth(target, timeout_sec, language, port): try: req = requests.get(target, timeout=timeout_sec, headers=HEADERS, verify=False) if req.status_code not in CODES: info(messages(language, "no_auth").format(target, port)) return 1 else: return 0 except requests.exceptions.RequestException: # logging.exception("message") warn(messages(language, 'no_response')) return 1
def send_read_query(query, language): conn = create_connection(language) if not conn: return False try: for i in range(1, 100): try: c = conn.cursor() return c.execute(query) except: pass time.sleep(0.01) except: warn(messages(language, 168)) return False return True
def create_connection(language): try: # retries for i in range(0, 100): try: return sqlite3.connect( os.path.join( os.path.dirname(os.path.dirname(__file__)), _builder(_core_config(), _core_default_config())["api_db_name"])) except: pass time.sleep(0.01) except: warn(messages(language, 168)) return False
def _check(__version__, __code_name__, language): from core.compatible import version if version() is 2: from urllib import urlopen if version() is 3: from urllib.request import urlopen try: data = urlopen(url).read() if version() is 3: data = data.decode("utf-8") if __version__ + ' ' + __code_name__ == data.rsplit('\n')[0]: info(messages(language, 103)) else: warn(messages(language, 101)) except: warn(messages(language, 102)) return
def load_all_method_args(language, API=False): """ load all ARGS method for each module Args: language: language API: API Flag (default False) Returns: all ARGS method in JSON """ module_names = [] modules_args = {} # get module names for _lib in glob(os.path.dirname(inspect.getfile(lib)) + '/*/*/engine.py'): _lib = _lib.replace('/', '.').replace('\\', '.') if '.lib.brute.' in _lib or '.lib.scan.' in _lib or '.lib.vuln.' in _lib: _lib = 'lib.' + _lib.rsplit('.lib.')[-1].rsplit('.py')[0] if _lib not in module_names: module_names.append(_lib) # get args res = "" for imodule in module_names: _ERROR = False try: extra_requirements_dict = getattr(__import__(imodule, fromlist=['extra_requirements_dict']), 'extra_requirements_dict') except: warn(messages(language, "module_args_error").format(imodule)) _ERROR = True if not _ERROR: imodule_args = extra_requirements_dict() modules_args[imodule] = [] for imodule_arg in imodule_args: if API: res += imodule_arg + "=" + \ ",".join(map(str, imodule_args[imodule_arg])) + "\n" modules_args[imodule].append(imodule_arg) if API: return res for imodule in modules_args: info(imodule.rsplit('.')[2] + '_' + imodule.rsplit('.')[1] + ' --> ' + ", ".join(modules_args[imodule])) return module_names
def check(target, port, headers, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd): time.sleep(time_sleep) try: if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy(socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str( socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo _n = 0 while 1: try: if target_type(target) != "HTTP" and port == 443: target = 'https://' + target if target_type(target) != "HTTP" and port == 80: target = 'http://' + target target = target + '/xmlrpc.php' postdata = '''<?xml version="1.0" encoding="utf-8"?><methodCall><methodName>system.listMethods</methodName><params></params></methodCall>''' _r = requests.post(target, timeout=timeout_sec, verify=False, headers=headers, data=postdata) if "demo.sayhello" in _r.text.lower(): info(messages(language, "target_vulnerable").format(target, port, "XMLRPC DOS attacks")) __log_into_file(thread_tmp_filename, 'w', '0', language) data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': port, 'TYPE': 'wp_xmlrpc_dos_vuln', 'DESCRIPTION': messages(language, "vulnerable").format("XML-RPC DOS attacks!!"), 'TIME': now(), 'CATEGORY': "vuln", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + "\n" __log_into_file(log_in_file, 'a', data, language) except Exception: _n += 1 if _n is retries: warn(messages(language, "http_connection_timeout").format(target)) return 1 return True except Exception: return False
def create_connection(): """ a function to create connections to db, it retries 100 times if connection returned an error Returns: connection if success otherwise False """ try: for _ in range(0, 100): try: db_engine = create_engine( db_inputs(DB), connect_args={'check_same_thread': False}) Session = sessionmaker(bind=db_engine) session = Session() return session except Exception: time.sleep(0.01) except Exception: warn(messages("database_connect_fail")) return False
def create_connection(language): """ a function to create connections to db, it retries 100 times if connection returned an error Args: language: language Returns: connection if success otherwise False """ try: for i in range(0, 100): try: db_engine = create_engine(db_inputs(DB)) Session = sessionmaker(bind=db_engine) session = Session() return session except: time.sleep(0.01) except: warn(messages(language, "database_connect_fail")) return False
def send_submit_query(session): """ a function to send submit based queries to db (such as insert and update or delete), it retries 100 times if connection returned an error. Args: session: session to commit Returns: True if submitted success otherwise False """ try: for _ in range(1, 100): try: session.commit() return True except Exception: time.sleep(0.01) except Exception as _: warn(messages("database_connect_fail")) return False return False
def _check(__version__, __code_name__, language, socks_proxy): try: if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo data = requests.get(url, headers={ "User-Agent": "OWASP Nettacker" }).content if version() is 3: data = data.decode("utf-8") if __version__ + ' ' + __code_name__ == data.rsplit('\n')[0]: info(messages(language, 103)) else: warn(messages(language, 101)) except: warn(messages(language, 102)) return
def create_connection(language): """ a function to create sqlite3 connections to db, it retries 100 times if connection returned an error Args: language: language Returns: sqlite3 connection if success otherwise False """ try: # retries for i in range(0, 100): try: return sqlite3.connect( os.path.join( os.path.dirname(os.path.dirname(__file__)), _builder(_core_config(), _core_default_config())["api_db_name"])) except: time.sleep(0.01) except: warn(messages(language, "database_connect_fail")) return False
def test_warn(self): msg_content = "Error" print("this test will spit the message_content in warning format") warn(msg_content)
def start_attack(target, num, total, scan_method, users, passwds, timeout_sec, thread_number, ports, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, ping_flag, methods_args, scan_id, scan_cmd): """ start new attack for each target Args: target: target num: number of process total: number of total processes scan_method: module name users: usernames passwds: passwords timeout_sec: timeout seconds thread_number: thread number ports: port numbers log_in_file: output filename time_sleep: time sleep language: language verbose_level: verbose level number socks_proxy: socks proxy retries: number of retries ping_flag: ping before scan flag methods_args: module name scan_id: scan hash id scan_cmd: scan cmd Returns: True of success otherwise None """ if verbose_level >= 1: info( messages(language, "start_attack").format(str(target), str(num), str(total))) if ping_flag: if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy( socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo if do_one_ping(target, timeout_sec, 8) is None: if verbose_level >= 3: warn( messages(language, "skipping_target").format(target, scan_method)) return None # Calling Engines try: start = getattr( __import__('lib.{0}.{1}.engine'.format( scan_method.rsplit('_')[-1], '_'.join(scan_method.rsplit('_')[:-1])), fromlist=['start']), 'start') except: __die_failure( messages(language, "module_not_available").format(scan_method)) start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd) return True
def check_all_required( targets, targets_list, thread_number, thread_number_host, log_in_file, scan_method, exclude_method, users, users_list, passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version, check_update, socks_proxy, retries, graph_flag, help_menu_flag, methods_args, method_args_list, wizard_mode, profile, start_api, api_host, api_port, api_debug_mode, api_access_key, api_client_white_list, api_client_white_list_ips, api_access_log, api_access_log_filename): # Checking Requirements # import libs from core import compatible # Check Help Menu if help_menu_flag: parser.print_help() write("\n\n") write(messages(language, 3)) __die_success() # Check if method args list called if method_args_list: from core.load_modules import load_all_method_args load_all_method_args(language) __die_success() # Check version if show_version: from core import color info( messages(language, 84).format(color.color("yellow"), compatible.__version__, color.color("reset"), color.color("cyan"), compatible.__code_name__, color.color("reset"), color.color("green"))) __die_success() # API mode if start_api: from api.engine import _start_api from core.targets import target_type from core.ip import _generate_IPRange try: api_port = int(api_port) except: __die_failure(messages(language, 154)) if api_client_white_list: if type(api_client_white_list_ips) != type([]): api_client_white_list_ips = list( set(api_client_white_list_ips.rsplit(","))) hosts = [] for data in api_client_white_list_ips: if target_type(data) == "SINGLE_IPv4": if data not in hosts: hosts.append(data) elif target_type(data) == "RANGE_IPv4": for cidr in _generate_IPRange(data): for ip in cidr: if ip not in hosts: hosts.append(ip) elif target_type(data) == "CIDR_IPv4": for ip in _generate_IPRange(data): if ip not in hosts: hosts.append(str(ip)) else: __die_failure(messages(language, 155)) api_client_white_list_ips = hosts[:] if api_access_log: try: f = open(api_access_log_filename, 'a') except: __die_failure( messages(language, 40).format(api_access_log_filename)) _start_api(api_host, api_port, api_debug_mode, api_access_key, api_client_white_list, api_client_white_list_ips, api_access_log, api_access_log_filename, language) # Wizard mode if wizard_mode: (targets, thread_number, thread_number_host, log_in_file, scan_method, exclude_method, users, passwds, timeout_sec, ports, verbose_level, socks_proxy, retries, graph_flag) = \ __wizard( targets, thread_number, thread_number_host, log_in_file, module_names, exclude_method, users, passwds, timeout_sec, ports, verbose_level, socks_proxy, retries, load_all_graphs(), language ) # Select a Profile if profile is not None: _all_profiles = _builder(_profiles(), default_profiles()) if scan_method is None: scan_method = "" else: scan_method += "," if profile == "all": profile = ",".join(_all_profiles) tmp_sm = scan_method for pr in profile.rsplit(","): try: for sm in _all_profiles[pr]: if sm not in tmp_sm.rsplit(","): tmp_sm += sm + "," except: __die_failure(messages(language, 137).format(pr)) if tmp_sm[-1] == ",": tmp_sm = tmp_sm[0:-1] scan_method = ",".join(list(set(tmp_sm.rsplit(",")))) # Check Socks if socks_proxy is not None: e = False if socks_proxy.startswith("socks://"): socks_flag = 5 socks_proxy = socks_proxy.replace("socks://", "") elif socks_proxy.startswith("socks5://"): socks_flag = 5 socks_proxy = socks_proxy.replace("socks5://", "") elif socks_proxy.startswith("socks4://"): socks_flag = 4 socks_proxy = socks_proxy.replace("socks4://", "") else: socks_flag = 5 if "://" in socks_proxy: socks_proxy = socks_proxy.rsplit("://")[1].rsplit("/")[0] try: if len(socks_proxy.rsplit(":")) < 2 or len( socks_proxy.rsplit(":")) > 3: e = True elif len(socks_proxy.rsplit(":")) is 2 and socks_proxy.rsplit( ":")[1] == "": e = True elif len(socks_proxy.rsplit(":")) is 3 and socks_proxy.rsplit( ":")[2] == "": e = True except: e = True if e: __die_failure(messages(language, 63)) if socks_flag is 4: socks_proxy = "socks4://" + socks_proxy if socks_flag is 5: socks_proxy = "socks5://" + socks_proxy # Check update if check_update: from core.update import _update _update(compatible.__version__, compatible.__code_name__, language, socks_proxy) __die_success() # Check the target(s) if targets is None and targets_list is None: parser.print_help() write("\n") __die_failure(messages(language, 26)) else: if targets is not None: targets = list(set(targets.rsplit(","))) elif targets_list is not None: try: targets = list(set(open(targets_list, "rb").read().rsplit())) except: __die_failure(messages(language, 27).format(targets_list)) # Check thread number if thread_number > 101 or thread_number_host > 101: warn(messages(language, 28)) # Check timeout number if timeout_sec is not None and timeout_sec >= 15: warn(messages(language, 29).format(timeout_sec)) # Check scanning method if scan_method is not None and scan_method == "all": scan_method = module_names scan_method.remove("all") elif scan_method is not None and scan_method not in module_names: if "*_" in scan_method: scan_method = scan_method.rsplit(",") tmp_scan_method = scan_method[:] for sm in scan_method: if sm.startswith("*_"): scan_method.remove(sm) found_flag = False for mn in module_names: if mn.endswith("_" + sm.rsplit("*_")[1]): scan_method.append(mn) found_flag = True if found_flag is False: __die_failure(messages(language, 117).format(sm)) scan_method = ",".join(scan_method) if "," in scan_method: scan_method = scan_method.rsplit(",") for sm in scan_method: if sm not in module_names: __die_failure(messages(language, 30).format(sm)) if sm == "all": scan_method = module_names scan_method.remove("all") break else: __die_failure(messages(language, 31).format(scan_method)) elif scan_method is None: __die_failure(messages(language, 41)) else: scan_method = scan_method.rsplit() # Check for exluding scanning method if exclude_method is not None: exclude_method = exclude_method.rsplit(",") for exm in exclude_method: if exm in scan_method: if "all" == exm: __die_failure(messages(language, 32)) else: scan_method.remove(exm) if len(scan_method) is 0: __die_failure(messages(language, 33)) else: __die_failure(messages(language, 34).format(exm)) # Check port(s) if type(ports) is not list and ports is not None and "-" in ports: ports = ports.rsplit("-") ports = range(int(ports[0]), int(ports[1]) + 1) elif type(ports) is not list and ports is not None: ports = ports.rsplit(",") # Check user list if users is not None: users = list(set(users.rsplit(","))) elif users_list is not None: try: users = list(set( open(users_list).read().rsplit("\n"))) # fix later except: __die_failure(messages(language, 37).format(targets_list)) # Check password list if passwds is not None: passwds = list(set(passwds.rsplit(","))) if passwds_list is not None: try: passwds = list(set( open(passwds_list).read().rsplit("\n"))) # fix later except: __die_failure(messages(language, 39).format(targets_list)) # Check output file try: tmpfile = open(log_in_file, "w") except: __die_failure(messages(language, 40).format(log_in_file)) # Check Graph if graph_flag is not None: if graph_flag not in load_all_graphs(): __die_failure(messages(language, 97).format(graph_flag)) if not (log_in_file.endswith(".html") or log_in_file.endswith(".htm")): warn(messages(language, 87)) graph_flag = None # Check Methods ARGS if methods_args is not None: new_methods_args = {} methods_args = methods_args.rsplit("&") for imethod_args in methods_args: if len(imethod_args.rsplit("=")) is 2: if imethod_args.rsplit("=")[1].startswith("read_from_file:"): try: read_data = list( set( open( imethod_args.rsplit("=read_from_file:") [1]).read().rsplit("\n"))) except: __die_failure(messages(language, 36)) new_methods_args[imethod_args.rsplit("=")[0]] = read_data else: new_methods_args[imethod_args.rsplit( "=")[0]] = imethod_args.rsplit("=")[1].rsplit(",") else: new_methods_args[imethod_args.rsplit("=")[0]] = "" methods_args = new_methods_args # Return the values return [ targets, targets_list, thread_number, thread_number_host, log_in_file, scan_method, exclude_method, users, users_list, passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version, check_update, socks_proxy, retries, graph_flag, help_menu_flag, methods_args, method_args_list, wizard_mode, profile, start_api, api_host, api_port, api_debug_mode, api_access_key, api_client_white_list, api_client_white_list_ips, api_access_log, api_access_log_filename ]
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': # rand useragent user_agent_list = useragents() headers = {'User-agent': random.choice(user_agent_list), 'Content-Type': 'text/xml'} # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[ extra_requirement] = methods_args[extra_requirement] extra_requirements = new_extra_requirements threads = [] if ports is None: ports = extra_requirements["wp_xmlrpc_dos_vuln_ports"] if verbose_level > 3: total_req = len(ports) else: total_req = len(ports) thread_tmp_filename = '{}/tmp/thread_tmp_'.format(load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 if target_type(target) != "HTTP": target = 'https://' + target for port in ports: if test(str(target), port, headers, socks_proxy) is True: keyboard_interrupt_flag = False t = threading.Thread(target=check, args=(target, port, headers, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info(messages(language, "trying_message").format(trying, total_req, num, total, target_to_host(target), port, 'wp_xmlrpc_dos_vuln')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break else: warn(messages(language, "open_error").format(target)) # wait for threads kill_switch = 0 kill_time = int( timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() == 1 or kill_switch == kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write == 1 and verbose_level != 0: info(messages(language, "no_vulnerability_found").format( 'XML-RPC')) data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': port, 'TYPE': 'wp_xmlrpc_dos_vuln', 'DESCRIPTION': messages(language, "no_vulnerability_found").format("XML-RPC DOS attacks"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + "\n" __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn(messages(language, "input_target_error").format( 'wp_xmlrpc_dos_vuln', target))
def check_all_required(targets, targets_list, thread_number, thread_number_host, log_in_file, scan_method, exclude_method, users, users_list, passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version, check_update, socks_proxy, retries, graph_flag, help_menu_flag, methods_args, method_args_list): # Checking Requirements # import libs from core.color import finish from core import compatible # Check Help Menu if help_menu_flag is True: parser.print_help() write('\n\n') write(messages(language, 3)) finish() sys.exit(0) # Check if method args list called if method_args_list is True: from core.load_modules import load_all_method_args load_all_method_args(language) finish() sys.exit(0) # Check version if show_version is True: from core import color info( messages(language, 84).format(color.color('yellow'), compatible.__version__, color.color('reset'), color.color('cyan'), compatible.__code_name__, color.color('reset'), color.color('green'))) finish() sys.exit(0) # Check update if check_update is True: from core.update import _update _update(compatible.__version__, compatible.__code_name__, language) finish() sys.exit(0) # Check the target(s) if targets is None and targets_list is None: parser.print_help() write("\n") error(messages(language, 26)) finish() sys.exit(1) else: if targets is not None: targets = list(set(targets.rsplit(","))) elif targets_list is not None: try: targets = list(set(open(targets_list, "rb").read().rsplit())) except: error(messages(language, 27).format(targets_list)) finish() sys.exit(1) # Check thread number if thread_number > 100 or thread_number_host > 100: warn(messages(language, 28)) # Check timeout number if timeout_sec is not None and timeout_sec >= 15: warn(messages(language, 29).format(timeout_sec)) # Check scanning method if scan_method is not None and scan_method == "all": scan_method = module_names scan_method.remove("all") elif scan_method is not None and scan_method not in module_names: if "," in scan_method: scan_method = scan_method.rsplit(",") for sm in scan_method: if sm not in module_names: error(messages(language, 30).format(sm)) finish() sys.exit(1) if sm == "all": scan_method = module_names scan_method.remove("all") break else: error(messages(language, 31).format(scan_method)) finish() sys.exit(1) elif scan_method is None: error(messages(language, 41)) finish() sys.exit(1) else: scan_method = scan_method.rsplit() if exclude_method is not None: exclude_method = exclude_method.rsplit(",") for exm in exclude_method: if exm in scan_method: if "all" == exm: messages(language, 32) finish() sys.exit(1) else: scan_method.remove(exm) if len(scan_method) is 0: messages(language, 33) finish() sys.exit(1) else: messages(language, 34).format(exm) finish() sys.exit(1) # Check port(s) if type(ports) is not list and ports is not None and "-" in ports: ports = ports.rsplit("-") ports = range(int(ports[0]), int(ports[1]) + 1) elif type(ports) is not list and ports is not None: ports = ports.rsplit(",") # Check user list if users is not None: users = list(set(users.rsplit(","))) elif users_list is not None: try: users = list(set( open(users_list).read().rsplit("\n"))) # fix later except: error(messages(language, 37).format(targets_list)) finish() sys.exit(1) # Check password list if passwds is not None: passwds = list(set(passwds.rsplit(","))) if passwds_list is not None: try: passwds = list(set( open(passwds_list).read().rsplit("\n"))) # fix later except: error(messages(language, 39).format(targets_list)) finish() sys.exit(1) # Check output file try: tmpfile = open(log_in_file, "w") except: error(messages(language, 40).format(log_in_file)) finish() sys.exit(1) # Check Graph if graph_flag is not None: if graph_flag not in load_all_graphs(): error(messages(language, 97).format(graph_flag)) finish() sys.exit(1) if not (log_in_file.endswith('.html') or log_in_file.endswith('.htm')): warn(messages(language, 87)) graph_flag = None # Check Socks if socks_proxy is not None: e = False try: if '://' in socks_proxy: socks_proxy = socks_proxy.rsplit('://')[1].rsplit('/')[0] if len(socks_proxy.rsplit(':')) is not 2 or socks_proxy.rsplit( ':')[1] == '': e = True except: e = True if e: error(messages(language, 63)) finish() sys.exit(1) # Check Methods ARGS if methods_args is not None: new_methods_args = {} methods_args = methods_args.rsplit('&') for imethod_args in methods_args: if len(imethod_args.rsplit('=')) is 2: if imethod_args.rsplit('=')[1].startswith('read_from_file:'): try: read_data = list( set( open( imethod_args.rsplit('=read_from_file:') [1]).read().rsplit('\n'))) except: error(messages(language, 36)) finish() sys.exit(1) new_methods_args[imethod_args.rsplit('=')[0]] = read_data else: new_methods_args[imethod_args.rsplit( '=')[0]] = imethod_args.rsplit('=')[1].rsplit(',') else: new_methods_args[imethod_args.rsplit('=')[0]] = "" methods_args = new_methods_args # Return the values return [ targets, targets_list, thread_number, thread_number_host, log_in_file, scan_method, exclude_method, users, users_list, passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version, check_update, socks_proxy, retries, graph_flag, help_menu_flag, methods_args, method_args_list ]
def check_all_required(targets, targets_list, thread_number, thread_number_host, log_in_file, scan_method, exclude_method, users, users_list, passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version, check_update, socks_proxy, retries, graph_flag, help_menu_flag, methods_args, method_args_list, wizard_mode, profile): # Checking Requirements # import libs from core import compatible # Check Help Menu if help_menu_flag: parser.print_help() write('\n\n') write(messages(language, 3)) __die_success() # Check if method args list called if method_args_list: from core.load_modules import load_all_method_args load_all_method_args(language) __die_success() # Check version if show_version: from core import color info(messages(language, 84).format(color.color('yellow'), compatible.__version__, color.color('reset'), color.color('cyan'), compatible.__code_name__, color.color('reset'), color.color('green'))) __die_success() # Wizard mode if wizard_mode: (targets, thread_number, thread_number_host, log_in_file, scan_method, exclude_method, users, passwds, timeout_sec, ports, verbose_level, socks_proxy, retries, graph_flag) = \ __wizard( targets, thread_number, thread_number_host, log_in_file, module_names, exclude_method, users, passwds, timeout_sec, ports, verbose_level, socks_proxy, retries, load_all_graphs(), language ) # Select a Profile if profile is not None: _all_profiles = _builder(get_profiles(), all_profiles()) if scan_method is None: scan_method = '' else: scan_method += ',' if profile == 'all': profile = ','.join(_all_profiles) tmp_sm = scan_method for pr in profile.rsplit(','): try: for sm in _all_profiles[pr]: if sm not in tmp_sm.rsplit(','): tmp_sm += sm + ',' except: __die_failure(messages(language, 137).format(pr)) if tmp_sm[-1] == ',': tmp_sm = tmp_sm[0:-1] scan_method = ','.join(list(set(tmp_sm.rsplit(',')))) # Check Socks if socks_proxy is not None: e = False if socks_proxy.startswith('socks://'): socks_flag = 5 socks_proxy = socks_proxy.replace('socks://', '') elif socks_proxy.startswith('socks5://'): socks_flag = 5 socks_proxy = socks_proxy.replace('socks5://', '') elif socks_proxy.startswith('socks4://'): socks_flag = 4 socks_proxy = socks_proxy.replace('socks4://', '') else: socks_flag = 5 if '://' in socks_proxy: socks_proxy = socks_proxy.rsplit('://')[1].rsplit('/')[0] try: if len(socks_proxy.rsplit(':')) < 2 or len(socks_proxy.rsplit(':')) > 3: e = True elif len(socks_proxy.rsplit(':')) is 2 and socks_proxy.rsplit(':')[1] == '': e = True elif len(socks_proxy.rsplit(':')) is 3 and socks_proxy.rsplit(':')[2] == '': e = True except: e = True if e: __die_failure(messages(language, 63)) if socks_flag is 4: socks_proxy = 'socks4://' + socks_proxy if socks_flag is 5: socks_proxy = 'socks5://' + socks_proxy # Check update if check_update: from core.update import _update _update(compatible.__version__, compatible.__code_name__, language, socks_proxy) __die_success() # Check the target(s) if targets is None and targets_list is None: parser.print_help() write("\n") __die_failure(messages(language, 26)) else: if targets is not None: targets = list(set(targets.rsplit(","))) elif targets_list is not None: try: targets = list(set(open(targets_list, "rb").read().rsplit())) except: __die_failure(messages(language, 27).format(targets_list)) # Check thread number if thread_number > 100 or thread_number_host > 100: warn(messages(language, 28)) # Check timeout number if timeout_sec is not None and timeout_sec >= 15: warn(messages(language, 29).format(timeout_sec)) # Check scanning method if scan_method is not None and scan_method == "all": scan_method = module_names scan_method.remove("all") elif scan_method is not None and scan_method not in module_names: if "*_" in scan_method: scan_method = scan_method.rsplit(',') tmp_scan_method = scan_method[:] for sm in scan_method: if sm.startswith('*_'): scan_method.remove(sm) found_flag = False for mn in module_names: if mn.endswith('_' + sm.rsplit('*_')[1]): scan_method.append(mn) found_flag = True if found_flag is False: __die_failure(messages(language, 117).format(sm)) scan_method = ','.join(scan_method) if "," in scan_method: scan_method = scan_method.rsplit(",") for sm in scan_method: if sm not in module_names: __die_failure(messages(language, 30).format(sm)) if sm == "all": scan_method = module_names scan_method.remove("all") break else: __die_failure(messages(language, 31).format(scan_method)) elif scan_method is None: __die_failure(messages(language, 41)) else: scan_method = scan_method.rsplit() # Check for exluding scanning method if exclude_method is not None: exclude_method = exclude_method.rsplit(",") for exm in exclude_method: if exm in scan_method: if "all" == exm: __die_failure(messages(language, 32)) else: scan_method.remove(exm) if len(scan_method) is 0: __die_failure(messages(language, 33)) else: __die_failure(messages(language, 34).format(exm)) # Check port(s) if type(ports) is not list and ports is not None and "-" in ports: ports = ports.rsplit("-") ports = range(int(ports[0]), int(ports[1]) + 1) elif type(ports) is not list and ports is not None: ports = ports.rsplit(",") # Check user list if users is not None: users = list(set(users.rsplit(","))) elif users_list is not None: try: users = list(set(open(users_list).read().rsplit("\n"))) # fix later except: __die_failure(messages(language, 37).format(targets_list)) # Check password list if passwds is not None: passwds = list(set(passwds.rsplit(","))) if passwds_list is not None: try: passwds = list(set(open(passwds_list).read().rsplit("\n"))) # fix later except: __die_failure(messages(language, 39).format(targets_list)) # Check output file try: tmpfile = open(log_in_file, "w") except: __die_failure(messages(language, 40).format(log_in_file)) # Check Graph if graph_flag is not None: if graph_flag not in load_all_graphs(): __die_failure(messages(language, 97).format(graph_flag)) if not (log_in_file.endswith('.html') or log_in_file.endswith('.htm')): warn(messages(language, 87)) graph_flag = None # Check Methods ARGS if methods_args is not None: new_methods_args = {} methods_args = methods_args.rsplit('&') for imethod_args in methods_args: if len(imethod_args.rsplit('=')) is 2: if imethod_args.rsplit('=')[1].startswith('read_from_file:'): try: read_data = list(set(open(imethod_args.rsplit('=read_from_file:')[1]).read().rsplit('\n'))) except: __die_failure(messages(language, 36)) new_methods_args[imethod_args.rsplit('=')[0]] = read_data else: new_methods_args[imethod_args.rsplit('=')[0]] = imethod_args.rsplit('=')[1].rsplit(',') else: new_methods_args[imethod_args.rsplit('=')[0]] = "" methods_args = new_methods_args # Return the values return [targets, targets_list, thread_number, thread_number_host, log_in_file, scan_method, exclude_method, users, users_list, passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version, check_update, socks_proxy, retries, graph_flag, help_menu_flag, methods_args, method_args_list, wizard_mode, profile]