def grabhead(web): name = targetname(web) lvl2 = "grabhead" module = "ReconANDOSINT" lvl1 = "Active Reconnaissance" lvl3 = "" time.sleep(0.4) #print(R+'\n ==================================') #print(R+' G R A B H T T P H E A D E R S') #print(R+' ===================================\n') from core.methods.print import posintact posintact("grab http headers") print(GR + color.BOLD + ' [*] Grabbing HTTP Headers...') time.sleep(0.4) web = web.rstrip() try: headerwhole = str(urllib.request.urlopen(web).info()) header = headerwhole.splitlines() print('') for m in header: n = m.split(':') print(' ' + C + n[0] + ': ' + C + n[1]) print('') save_data(database, module, lvl1, lvl2, lvl3, name, headerwhole) except urllib.error.HTTPError as e: print(R + ' [-] ' + e.__str__())
def sqli(web): global name name = targetname(web) global lvl2 lvl2 = inspect.stack()[0][3] global module module = "VulnAnalysis" global lvl1 lvl1 = "Critical Vulnerabilities" global lvl3 lvl3 = "" time.sleep(0.7) #print(R+'\n ===========================') #print(R+'\n S Q L ! N J E C T I O N') #print(R+' ---<>----<>----<>----<>----\n') from core.methods.print import pvln pvln("sql !njection") time.sleep(0.6) print(O + ' Choose from the options:\n') print(B + ' [1] ' + C + 'Error Based SQLi' + W + ' (Manual + Automated)') print(B + ' [2] ' + C + 'Blind Based SQLi' + W + ' (Manual + Automated)\n') print(B + ' [99] ' + C + 'Back to Console\n') v = input(O + ' [§] TID :> ') if v.strip() == '1': errorsqli(web, properties) elif v.strip() == '2': blindsqli(web, properties) elif v.strip() == '99': pass else: print(R + ' [-] U high dude?')
def whoischeckup(web): name = targetname(web) module = "ReconANDOSINT" lvl1 = "Passive Reconnaissance & OSINT" lvl3 = '' lvl2 = inspect.stack()[0][3] requests = session() web = web.replace('http://', '') web = web.replace('https://', '') if "@" in web: web = web.split("@")[1] #print(R+'\n =========================') #print(R+' W H O I S L O O K U P') #print(R+' =========================\n') from core.methods.print import posintpas posintpas("whois lookup") time.sleep(0.4) print('' + GR + color.BOLD + ' [!] Looking Up for WhoIS Information...') time.sleep(0.4) print("" + GR + color.BOLD + " [~] Result: \n" + color.END) domains = [web] for dom in domains: text = requests.get('http://api.hackertarget.com/whois/?q=' + dom).text res = str(text) if 'error' not in res: print(color.END + res + C) save_data(database, module, lvl1, lvl2, lvl3, name, res) else: print(R + ' [-] Outbound Query Exception!') time.sleep(0.8)
def piwebenum(web): name = targetname(web) lvl2 = "piwebenum" module = "ReconANDOSINT" lvl1 = "Active Reconnaissance" lvl3 = "" requests = session() time.sleep(0.4) web = web.split('//')[1] #print(R+'\n =============================================') #print(R+' P I N G / N P I N G E N U M E R A T I O N') #print(R+' =============================================\n') from core.methods.print import posintact posintact("(n)ping enumeration") print(GR + ' [!] Pinging website...') time.sleep(0.5) print(C+' [*] Using adaptative ping and debug mode with count 5...') time.sleep(0.4) print(GR+' [!] Press Ctrl+C to stop\n'+color.END) os.system('ping -D -c 5 '+ web) print('') time.sleep(0.6) print(C+' [*] Trying NPing (NMap Ping)...') print(C+" [~] Result: \n") print('') text = requests.get('http://api.hackertarget.com/nping/?q=' + web).text nping = str(text) print(color.END+ nping +C+'\n') save_data(database, module, lvl1, lvl2, lvl3, name, nping)
def piweb(web): requests = session() name = targetname(web) module = "ReconANDOSINT" lvl1 = "Passive Reconnaissance & OSINT" lvl3='' lvl2=inspect.stack()[0][3] dom = web.split('//')[1] if "@" in dom: dom = dom.split("@")[1] #print(R+'\n =====================') #print(R+' P I N G C H E C K ') #print(R+' =====================\n') from core.methods.print import posintpas posintpas("ping check") time.sleep(0.4) print(GR + color.BOLD + ' [!] Pinging website using external APi...') time.sleep(0.4) print(GR + color.BOLD + " [~] Result: "+ color.END) text = requests.get('http://api.hackertarget.com/nping/?q=' + dom).text nping = str(text) if 'null' not in nping: save_data(database, module, lvl1, lvl2, lvl3, name, nping) print(color.END+ nping+C) else: print(R+' [-] Outbound Query Exception!') time.sleep(0.8)
def getos0x00(web): name = targetname(web) lvl2 = "getcensys" module = "ScanANDEnum" lvl1 = "Scanning & Enumeration" lvl3 = "" global flag flag = 0x00 ip_addr = socket.gethostbyname(web) print(C+' [*] Querying Reverse DNS...') time.sleep(0.7) print(O+' [+] Website IP :' +C+color.TR3+C+G+ str(ip_addr)+C+color.TR2+C) time.sleep(0.5) print(GR+' [*] Trying to identify operating system...') time.sleep(0.5) print(C+' [!] Configuring requests...') result = requests.get('https://www.censys.io/ipv4/%s/raw' % ip_addr).text print(GR+' [*] Getting raw data...') time.sleep(0.8) print(R+' [*] Analysing responses...') try: match = re.search(r'"os_description": "[^<]*"', result) if match: flag = 0x01 os = match.group().split('n": "')[1][:-5] print(B+' [+] Operating System Identified : ' + C+ os) save_data(database, module, lvl1, lvl2, lvl3, name, os) else: print(R+' [-] No exact Operating System matches for '+O+web+C+'...') save_data(database, module, lvl1, lvl2, lvl3, name, "No exact Operating System matches for "+web) os = "" flag = 0x00 return (flag, os) except Exception as e: print(R+' [-] Unhandled Exception : '+str(e))
def googlegroups(web): name = targetname(web) module = "ReconANDOSINT" lvl1 = "Passive Reconnaissance & OSINT" lvl3 = '' lvl2 = inspect.stack()[0][3] time.sleep(0.7) #print(R+'\n ===========================') #print(R+' G O O G L E G R O U P S') #print(R+' ===========================\n') from core.methods.print import posintpas posintpas("google groups") print(C + ' [!] Initiating enumeration via Google Web...') time.sleep(0.7) print(C + ' [!] Parsing url...') web = web.replace('https://', '') web = web.replace('http://', '') if "@" in web: web = web.split("@")[1] data = getemails0x00(web) if flag == False: print(R + ' [-] No results found via enumeration on Google Groups...') save_data(database, module, lvl1, lvl2, lvl3, name, "No results found via enumeration on Google Groups.") else: save_data(database, module, lvl1, lvl2, lvl3, name, str(data)) print(C + ' [+] Done!')
def headers(web): global name name = targetname(web) global lvl2 lvl2 = inspect.stack()[0][3] global module module = "VulnAnalysis" global lvl1 lvl1 = "Basic Bugs & Misconfigurations" global lvl3 lvl3 = "" try: #print(R+'\n =========================================') #print(R+'\n H T T P H E A D E R A N A L Y S I S') #print(R+' ---<>----<>----<>----<>----<>----<>----<>\n') from core.methods.print import pvln pvln("http header analysis") time.sleep(0.5) print(GR + " [!] Initializing Header Analysis...") Headers = RetrieveHeader(web) xframe0x00(Headers) contentsec0x00(Headers) xssprotect0x00(Headers) xcontenttype0x00(Headers) general0x00(Headers) referrerpol0x00(Headers) anomaly0x00(Headers) if "https" in web[:5]: seccheck0x00(Headers) print(G + ' [+] Done!') except Exception as e: print(R + ' [-] Something happened...') print(R + ' [-] Error : ' + str(e))
def hsts(web): global name name = targetname(web) global lvl2 lvl2 = inspect.stack()[0][3] global module module = "VulnAnalysis" global lvl1 lvl1 = "Basic Bugs & Misconfigurations" global lvl3 lvl3 = "" time.sleep(0.5) #print(R+'\n ================================') #print(R+'\n HTTP STRICT TRANSPORT SECURITY') #print(R+' ---<>----<>----<>----<>----<>---\n') from core.methods.print import pvln pvln("hsts") if 'https' in web: check0x00(getHeaders0x00(web)) else: print(R+' [-] No SSL/TLS detected...') m = input(O+' [§] Force SSL/TLS (y/N) :> ') if m == 'y' or m == 'Y': print(GR+' [*] Using revamped SSL...') o = 'https://' + web.replace('http://','') check0x00(getHeaders0x00(web)) elif m == 'n' or m == 'N': print(GR+' [-] Skipping module...')
def phone(web): global name, lvl2, module, lvl1, lvl3 lvl2 = inspect.stack()[0][3] module = "ReconANDOSINT" lvl1 = "Information Disclosure" lvl3 = "" name = targetname(web) time.sleep(0.6) phone0x00(web)
def ssn(web): global name, lvl1, lvl2, lvl3, module name = targetname(web) lvl2 = inspect.stack()[0][3] module = "ReconANDOSINT" lvl1 = "Information Disclosure" lvl3 = "" time.sleep(0.6) ssn0x00(web)
def internalip(web): global lvl1, lvl2, lvl3, name, module lvl2 = inspect.stack()[0][3] module = "ReconANDOSINT" lvl1 = "Information Disclosure" lvl3 = "" name = targetname(web) time.sleep(0.6) internalip0x00(web)
def serverdetect(web): name = targetname(web) lvl2 = "serverdetect" module = "ReconANDOSINT" lvl1 = "Active Reconnaissance" lvl3 = "" requests = session() #print(R+'\n ===========================') #print(R+' D E T E C T S E R V E R') #print(R+' ===========================\n') from core.methods.print import posintact posintact("detect server") time.sleep(0.4) print(GR + ' [*] Checking server status...') web = web.replace('https://', '') web = web.replace('http://', '') try: ip_addr = socket.gethostbyname(web) print(G + ' [+] Server detected online...' + C + color.TR2 + C) time.sleep(0.5) print(O + ' [+] Server IP :>' + C + color.TR3 + C + G + ip_addr + C + color.TR2 + C) data = "IP: " + ip_addr save_data(database, module, lvl1, lvl2, lvl3, name, data) except: print(R + ' [-] Server seems down...') print(GR + ' [*] Trying to identify backend...') time.sleep(0.4) web = 'http://' + web try: r = requests.get(web) header = r.headers['Server'] if 'cloudflare' in header: print(C + ' [+] The website is behind Cloudflare.') print(G + ' [+] Server : Cloudflare' + C + color.TR2 + C) time.sleep(0.4) print( O + ' [+] Use the "Cloudflare" VulnLysis module to try bypassing Clouflare...' + C) else: print(G + ' [+] Server : ' + header + C + color.TR2 + C) data = "Server: " + header save_data(database, module, lvl1, lvl2, lvl3, name, data) try: print(O + ' [+] Running On :' + C + color.TR3 + C + G + r.headers['X-Powered-By'] + C + color.TR2 + C) data = "Running On: " + r.headers['X-Powered-By'] save_data(database, module, lvl1, lvl2, lvl3, name, data) except: pass except: print(R + ' [-] Failed to identify server. Some error occured!') pass
def linkedin(web): name = targetname(web) lvl2 = inspect.stack()[0][3] time.sleep(0.6) #print(R+'\n =====================================') #print(R+' L I N K E D I N G A T H E R I N G') #print(R+' =====================================\n') from core.methods.print import posintpas posintpas("linkedin gathering") getposts(web, lvl2, name)
def getports(web): name = targetname(web) time.sleep(0.5) if 'http://' in web: web = web.replace('http://', '') elif 'https://' in web: web = web.replace('https://', '') else: pass scan0x00(web, name)
def pastebin(web): name = targetname(web) lvl2 = inspect.stack()[0][3] time.sleep(0.6) #print(R+'\n =============================') #print(R+' P A S T E B I N P O S T S') #print(R+' =============================\n') from core.methods.print import posintpas posintpas("pastebin posts") getposts(web, name, lvl2)
def waf(web): global name name = targetname(web) global lvl2 lvl2 = inspect.stack()[0][3] global module module = "ScanANDEnum" global lvl1 lvl1 = "Scanning & Enumeration" global lvl3 lvl3 = "" check = 0x00 time.sleep(0.7) #print(R+'\n ===============================') #print(R+' W A F E N U M E R A T I O N ') #print(R+' ===============================\n') from core.methods.print import pscan pscan("waf enumeration") time.sleep(0.7) print(GR + ' [*] Testing the firewall/loadbalancer...') time.sleep(1) head, con = getReq0x00(web) waftypes = detectWaf0x00(head, con) for i in range(0, len(waftypes)): try: if waftypes[i] != None and waftypes[i] != '': print( GR + '\n [*] Response seems to be matching a WAF signature...') time.sleep(0.6) print(C + ' [+] The website seems to be behind a WAF...') time.sleep(0.6) print(B + ' [+] Firewall Detected : ' + C + waftypes[i]) check = 0x01 save_data(database, module, lvl1, lvl2, lvl3, name, waftypes[i]) break else: print(B + ' [+] Matching signatures for : ' + C + wafs[i], end='', flush=True) time.sleep(0.1) except Exception as e: pass if check == 0x00: save_data(database, module, lvl1, lvl2, lvl3, name, "Generic detection failed to fingerprint WAF.") print(R + ' [-] Generic detection failed to fingerprint WAF...') print('\n' + G + ' [+] WAF Fingerprinting module completed!' + C + color.TR2 + C + '\n')
def webarchive(web): global name name = targetname(web) time.sleep(0.6) #print(R+'\n =============================================') #print(R+' W A Y B A C K M A C H I N E L O O K U P') #print(R+' =============================================\n') from core.methods.print import posintpas posintpas("wayback machine lookup") time.sleep(0.7) lvl2 = inspect.stack()[0][3] getRes0x00(web, lvl2)
def threatintel(web): name = targetname(web) module = "ReconANDOSINT" lvl1 = "Passive Reconnaissance & OSINT" lvl3 = '' lvl2 = inspect.stack()[0][3] time.sleep(0.7) #print(R+'\n =======================================') #print(R+' T H R E A T I N T E L L I G E N C E') #print(R+' =======================================\n') from core.methods.print import posintpas posintpas("threat intelligence") print(O + ' [Data in these threatlists is the latest data') print(O + ' not older than a week!]\n') print(C + ' [!] Parsing Url..') time.sleep(0.7) web = web.replace('https://', '') web = web.replace('http://', '') if "@" in web: web = web.split("@")[1] print(O + ' [!] Getting host information...') time.sleep(0.8) ip = socket.gethostbyname(web) print(G + ' [+] DNS : ' + O + str(ip)) print(C + ' [!] Loading up modules...') time.sleep(0.7) print(GR + ' [*] Starting gathering...') usom(web, ip) badip(web, ip) blocklistssh(web, ip) blocklistmail(web, ip) blocklistsip(web, ip) blocklistftp(web, ip) blocklistpop3(web, ip) blocklistirc(web, ip) blocklistimap(web, ip) blocklistbots(web, ip) blockliststrong(web, ip) blocklistapache(web, ip) blocklistbrute(web, ip) emergethreats(web, ip) emergecompro(web, ip) binarydefense(web, ip) openphish(web, ip) zeustracker(web, ip) projecthoneypot(web, ip) if flaglist: data = web + " appeared as a threat on the following lists: " + str( flaglist) else: data = web + " seems to be clean." save_data(database, module, lvl1, lvl2, lvl3, name, data) print(G + ' [+] Done!')
def smtpbrute(web): global name name = targetname(web) global lvl2 lvl2 = inspect.stack()[0][3] global module module = "VulnAnalysis" global lvl1 lvl1 = "Brute Force Tools" global lvl3 lvl3 = "" time.sleep(0.6) #print(R+' =====================') #print(R+'\n S M T P B R U T E ') #print(R+' ---<>----<>----<>----\n') from core.methods.print import pbrute pbrute("smtp") try: with open('files/brute-db/smtp/smtp_defuser.lst') as users: for user in users: user = user.strip('\n') smtpuser.append(user) with open('files/brute-db/smtp/smtp_defpass.lst') as passwd: for passw in passwd: passw = passw.strip('\n') smtppass.append(passw) except IOError: print(R + ' [-] File paths not found!') web = web.replace('https://', '') web = web.replace('http://', '') ip = socket.gethostbyname(web) w = input(O + ' [§] Use IP ' + R + ip + ' ? (y/n) :> ') if w == 'y' or w == 'Y': port = input(O + ' [§] Enter the port (eg. 25, 587) :> ') delay = input(C + ' [§] Delay between each request (eg. 0.2) :> ') print(B + ' [*] Initiating module...') time.sleep(1) print(GR + ' [*] Trying using default credentials...') smtpBrute0x00(ip, smtpuser, smtppass, port, delay) elif w == 'n' or w == 'N': ip = input(O + ' [§] Enter IP :> ') port = input(O + ' [§] Enter the port (eg. 25, 587) :> ') delay = input(C + ' [§] Delay between each request (eg. 0.2) :> ') print(B + ' [*] Initiating module...') time.sleep(1) print(GR + ' [*] Trying using default credentials...') smtpBrute0x00(ip, smtpuser, smtppass, port, delay) else: print(R + ' [-] Sorry fam you typed shit!') sleep(0.7) print(G + ' [+] Done!')
def links(web): name = targetname(web) module = "ReconANDOSINT" lvl1 = "Passive Reconnaissance & OSINT" lvl3 = '' lvl2 = inspect.stack()[0][3] requests = session() #print(R+'\n =====================') #print(R+' P A G E L I N K S ') #print(R+' =====================\n') from core.methods.print import posintpas posintpas("page links") time.sleep(0.4) print('' + GR + color.BOLD + ' [!] Fetching links to the website...') time.sleep(0.4) print(GR + " [~] Result: " + color.END) if "https://" in web: web0 = web.replace('https://', '') else: web0 = web.replace('http://', '') if "@" in web: if "https" in web: web = "https://" + web.split("@")[1] else: web = "http://" + web.split("@")[1] web0 = web0.split("@")[1] domains = [web] for dom in domains: text = requests.get('http://api.hackertarget.com/pagelinks/?q=' + dom).text result = str(text) if 'null' not in result and 'no links found' not in result: woo = result.splitlines() for w in woo: if str(web0).lower() in w.lower(): final_links.append(w) print(C + '\n [!] Receiving links...') for p in final_links: print(O + ' [+] Found link :' + C + color.TR3 + C + G + p + C + color.TR2 + C) time.sleep(0.06) save_data(database, module, lvl1, lvl2, lvl3, name, str(final_links)) print('') else: print(R + ' [-] Outbound Query Exception!') time.sleep(0.8)
def photon(web): global name name = targetname(web) global lvl2 lvl2 = inspect.stack()[0][3] global module module = "ScanANDEnum" global lvl1 lvl1 = "Crawling" global lvl3 lvl3 = "" time.sleep(0.5) pscan("photon") if properties["ROOT"][1] == " ": root = input(" [§] Enter the root URL :> ") else: root = properties["ROOT"][1] if properties["ARGS"][1] == " ": try: try: help_photon = subprocess.call(["photon", "--help"]) except: #in case of buggy photon pip installation help_photon = subprocess.call( ["python3", "core/lib/Photon/photon.py", "--help"]) arguments = input( " [§] Enter arguments (as you would after $photon -u ROOT on the commandline) :> " ) assert "-u" not in arguments and "--url" not in arguments except AssertionError: arguments = input( " [-] Argument '-u' already present in command string.\n [§] Enter arguments (as you would after $photon -u ROOT on the commandline) :> " ) else: arguments = properties["ARGS"][1] arglist = re.split("\s+", arguments) print( " [+] Starting Photon Scan (this will take a while, output piped into variable)" ) try: #command = "photon -u " + root + " " + arguments command = ["photon", "-u", root] + arglist results_photon = subprocess.check_output(command) except: command = ["python3", "core/lib/Photon/photon.py", "-u", root ] + arglist results_photon = subprocess.check_output(command) data = results_photon.decode().replace("<<", "").replace(">>", "") print(data) gprint("\n [+] Photon Scan finished! Saving to database...") save_data(database, module, lvl1, lvl2, lvl3, root, data)
def cloudflaremisc(web): global name name = targetname(web) global lvl2 lvl2 = inspect.stack()[0][3] global module module = "VulnAnalysis" global lvl1 lvl1 = "Basic Bugs & Misconfigurations" global lvl3 lvl3 = "" time.sleep(0.5) cloud0x00(web)
def backupbrute(web): name = targetname(web) lvl2 = "filebrute" module = "ReconANDOSINT" lvl1 = "Active Reconnaissance" lvl3 = "backupbrute" time.sleep(0.5) #print(R+'\n ===================================') print(R + '\n B A C K U P B R U T E F O R C E') print(R + ' ---<>----<>----<>----<>----<>----<>\n') print(C + ' [*] Path to file to be used ' + O + '(Default: files/fuzz-db/backup_paths.lst)...' + C) fil = input(C + ' [§] Your input (Press Enter if default) :> ') if fil == '': fil = 'files/fuzz-db/backup_paths.lst' else: print(GR + ' [*] Checking filepath...') if os.path.exists(fil) == True: print(C + ' [+] File found!') else: print(R + ' [-] File not found!') mo = getFile0x00(fil) gen_headers = { 'User-Agent': 'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201', 'Accept-Language': 'en-US;', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'text/html,application/xhtml+xml,application/xml;', 'Connection': 'close' } try: ul = check0x00(web, mo, gen_headers) except Exception as e: print(R + ' [-] Exception : ' + str(e)) if ul: print(G + ' [+] The following possible backups were found!' + C + color.TR2 + C) for u in ul: print(O + ' [+] Path to backup file: ' + C + color.TR3 + C + G + u + C + color.TR2 + C) save_data(database, module, lvl1, lvl2, lvl3, name, u) else: print(R + ' [-] No backup directories or files were found!') save_data(database, module, lvl1, lvl2, lvl3, name, "No backups found.") print(C + ' [+] Done!')
def bannergrab(web): global name name = targetname(web) #print(R+'\n ===============================') #print(R+' B A N N E R G R A B B I N G') #print(R+' ===============================\n') from core.methods.print import pscan pscan("banner grabbing") print(GR + ' [*] Parsing Url...') web = web.replace('http://', '') web = web.replace('https://', '') grab(web) print(G + '\n [+] Banner Grabbing Done!' + C + color.TR2 + C)
def blindsqli(web, properties): global name name = targetname(web) global lvl2 lvl2 = "sqli" global module module = "VulnAnalysis" global lvl1 lvl1 = "Critical Vulnerabilities" global lvl3 lvl3 = "blindsqli" begin = True while True: sleep(0.6) if web.endswith('/'): web = web[:-1] print(R + '\n S Q L I N J E C T I O N (Blind Based)') print(R + ' ---<>----<>----<>----<>----<>----<>----<>-\n') print(GR + ' [*] Importing error parameters...') sleep(0.8) try: if begin: with open('files/payload-db/blindsql_payloads.lst', 'r') as payloads: for payload in payloads: payload = payload.replace('\n', '') pay.append(payload) begin = False if properties["PARALLEL"][1] == " ": pa = input(" [?] Parallel Attack? (enter for not) :> ") parallel = pa != "" else: parallel = properties["PARALLEL"][1] == "1" print(O + '\n [§] Enter the type you want to proceed:\n') print(B + ' [1] ' + C + 'Manual Mode') print(B + ' [2] ' + C + 'Automatic Mode\n') p = input(O + ' [§] TID :> ') if p == '1': print(GR + ' [*] Initializing manual mode...') manual0x00(web, parallel, properties) if p == '2': print(GR + ' [*] Loading automatic mode...') auto0x00(web, parallel) except IOError: print(R + ' [-] Payloads file does not exist!')
def zone(web): global name name = targetname(web) global lvl2 lvl2 = inspect.stack()[0][3] global module module = "VulnAnalysis" global lvl1 lvl1 = "Basic Bugs & Misconfigurations" global lvl3 lvl3 = "" web = web.replace('http://', '') web = web.replace('https://', '') try: #print(R+'\n ===========================') #print(R+'\n Z O N E T R A N S F E R') #print(R+' ---<>----<>----<>----<>----\n') from core.methods.print import pvln pvln("zone transfer") time.sleep(0.4) print( O + ' [!] Looking up for name servers on which website is hosted...\n' + G) time.sleep(0.7) os.system('dig +nocmd ' + web + ' ns +noall +answer') if properties["DNSV"][1] == " ": h = input(O + '\n [*] Enter the DNS Server you want to test for :> ') else: h = properties["DNSV"][1] time.sleep(0.4) print(GR + ' [*] Attempting zone transfer...') time.sleep(0.9) cm = subprocess.Popen( ['host', '-t', 'axfr', web, h, '+answer', '+noall', '+nocmd'], stdout=subprocess.PIPE).communicate()[0] if 'failed' in str(cm): print(R + '\n [-] Zone transfer for ' + O + h + R + ' failed!') print(R + ' [-] This website is immune to zone transfers!') data = 'Zone transfer for ' + h + ' failed!\nThis website is immune to zone transfers.' save_data(database, module, lvl1, lvl2, lvl3, name, data) else: print('\n' + G + cm) save_data(database, module, lvl1, lvl2, lvl3, name, cm) except Exception as e: print(R + ' [-] Error encountered!') print(R + ' [-] Error : ' + str(e))
def crawler2(web): global name name = targetname(web) global lvl2 lvl2 = "crawler2" global module module = "ScanANDEnum" global lvl1 lvl1 = "Crawling" global lvl3 lvl3 = "" time.sleep(0.6) totlinks = [] #print(R+'\n =========================') #print(R+' C R A W L E R (Depth 2)') #print(R+' =========================') from core.methods.print import pscan pscan("crawler (depth 2)") time.sleep(0.7) print(C+' [This module will fetch both ext. ') print(C+' and internal links from a website]\n') print(GR+' [*] Initiating the crawling...') time.sleep(0.7) try: print(C+' [*] Starting internal links gathering...') intlinks = internalcrawl(web) print(G+' [+] Finished internal links crawling...'+C+color.TR2+C) print(C+'\n [*] Starting external links gathering...') extlinks = externalcrawl(web) print(G+' [+] Finished external links crawling...'+C+color.TR2+C) except Exception as e: print(R+' [-] Exception : '+str(e)) pass print(R+' EXTERNAL LINKS') print(R+' ---<>----<>----<') print(R+' |') for lenk in extlinks: print(GR+' + '+lenk) print(R+'\n INTERNAL LINKS') print(R+' ---<>----<>----<') print(R+' |') for lenk in intlinks: print(GR+' + '+O+lenk) totlinks = list(set(intlinks + extlinks)) out(web, totlinks)
def iphistory(web): name = targetname(web) module = "ReconANDOSINT" lvl1 = "Passive Reconnaissance & OSINT" lvl3 = '' lvl2 = inspect.stack()[0][3] requests = session() try: #print(R+'\n =====================') #print(R+' I P H I S T O R Y') #print(R+' =====================\n') from core.methods.print import posintpas posintpas("ip history") print(GR + ' [*] Parsing Url...') web0 = web.split('//')[-1] if "@" in web0: web0 = web0.split("@")[1] print(web0) print(C + ' [!] Making the request...') html = requests.get('http://viewdns.info/iphistory/?domain=' + web0).text print(GR + ' [*] Parsing raw-data...') time.sleep(0.7) soup = BeautifulSoup(html, 'lxml') print(C + ' [!] Setting parameters...') table = soup.findAll('table', attrs={'border': '1'})[0] print(C + ' [!] Finding IP history instances...') trs = table.findAll('tr') trs.pop(0) print(C + '\n [+] Following instances were found...') data = [] for tr in trs: td = tr.findAll('td') info = { 'ip': td[0].text, 'owner': td[2].text.rstrip(), 'last': td[3].text } data.append(info) print(O + ' [+] Instance :' + C + color.TR3 + C + G + info['ip'] + ' => ' + info['owner'] + ' - (' + info['last'] + ')' + C + color.TR2 + C) time.sleep(0.02) save_data(database, module, lvl1, lvl2, lvl3, name, str(data)) except Exception: print(R + ' [-] No instances of IP History found...')
def crawler1(web): global name name = targetname(web) global lvl2 lvl2 = "crawler1" global module module = "ScanANDEnum" global lvl1 lvl1 = "Crawling" global lvl3 lvl3 = "" time.sleep(0.5) q = crawler10x00(web) out(web, q) print(G+' [+] Done!'+C+color.TR2+C)