def grabhead(web):
name = targetname(web)
lvl2 = "grabhead"
module = "ReconANDOSINT"
lvl1 = "Active Reconnaissance"
lvl3 = ""
time.sleep(0.4)
#print(R+'\n ==================================')
#print(R+' G R A B H T T P H E A D E R S')
#print(R+' ===================================\n')
from core.methods.print import posintact
posintact("grab http headers")
print(GR + color.BOLD + ' [*] Grabbing HTTP Headers...')
time.sleep(0.4)
web = web.rstrip()
try:
headerwhole = str(urllib.request.urlopen(web).info())
header = headerwhole.splitlines()
print('')
for m in header:
n = m.split(':')
print(' ' + C + n[0] + ': ' + C + n[1])
print('')
save_data(database, module, lvl1, lvl2, lvl3, name, headerwhole)
except urllib.error.HTTPError as e:
print(R + ' [-] ' + e.__str__())
def sqli(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Critical Vulnerabilities"
global lvl3
lvl3 = ""
time.sleep(0.7)
#print(R+'\n ===========================')
#print(R+'\n S Q L ! N J E C T I O N')
#print(R+' ---<>----<>----<>----<>----\n')
from core.methods.print import pvln
pvln("sql !njection")
time.sleep(0.6)
print(O + ' Choose from the options:\n')
print(B + ' [1] ' + C + 'Error Based SQLi' + W + ' (Manual + Automated)')
print(B + ' [2] ' + C + 'Blind Based SQLi' + W +
' (Manual + Automated)\n')
print(B + ' [99] ' + C + 'Back to Console\n')
v = input(O + ' [§] TID :> ')
if v.strip() == '1':
errorsqli(web, properties)
elif v.strip() == '2':
blindsqli(web, properties)
elif v.strip() == '99':
pass
else:
print(R + ' [-] U high dude?')
def whoischeckup(web):
name = targetname(web)
module = "ReconANDOSINT"
lvl1 = "Passive Reconnaissance & OSINT"
lvl3 = ''
lvl2 = inspect.stack()[0][3]
requests = session()
web = web.replace('http://', '')
web = web.replace('https://', '')
if "@" in web:
web = web.split("@")[1]
#print(R+'\n =========================')
#print(R+' W H O I S L O O K U P')
#print(R+' =========================\n')
from core.methods.print import posintpas
posintpas("whois lookup")
time.sleep(0.4)
print('' + GR + color.BOLD + ' [!] Looking Up for WhoIS Information...')
time.sleep(0.4)
print("" + GR + color.BOLD + " [~] Result: \n" + color.END)
domains = [web]
for dom in domains:
text = requests.get('http://api.hackertarget.com/whois/?q=' + dom).text
res = str(text)
if 'error' not in res:
print(color.END + res + C)
save_data(database, module, lvl1, lvl2, lvl3, name, res)
else:
print(R + ' [-] Outbound Query Exception!')
time.sleep(0.8)
def piwebenum(web):
name = targetname(web)
lvl2 = "piwebenum"
module = "ReconANDOSINT"
lvl1 = "Active Reconnaissance"
lvl3 = ""
requests = session()
time.sleep(0.4)
web = web.split('//')[1]
#print(R+'\n =============================================')
#print(R+' P I N G / N P I N G E N U M E R A T I O N')
#print(R+' =============================================\n')
from core.methods.print import posintact
posintact("(n)ping enumeration")
print(GR + ' [!] Pinging website...')
time.sleep(0.5)
print(C+' [*] Using adaptative ping and debug mode with count 5...')
time.sleep(0.4)
print(GR+' [!] Press Ctrl+C to stop\n'+color.END)
os.system('ping -D -c 5 '+ web)
print('')
time.sleep(0.6)
print(C+' [*] Trying NPing (NMap Ping)...')
print(C+" [~] Result: \n")
print('')
text = requests.get('http://api.hackertarget.com/nping/?q=' + web).text
nping = str(text)
print(color.END+ nping +C+'\n')
save_data(database, module, lvl1, lvl2, lvl3, name, nping)
def piweb(web):
requests = session()
name = targetname(web)
module = "ReconANDOSINT"
lvl1 = "Passive Reconnaissance & OSINT"
lvl3=''
lvl2=inspect.stack()[0][3]
dom = web.split('//')[1]
if "@" in dom:
dom = dom.split("@")[1]
#print(R+'\n =====================')
#print(R+' P I N G C H E C K ')
#print(R+' =====================\n')
from core.methods.print import posintpas
posintpas("ping check")
time.sleep(0.4)
print(GR + color.BOLD + ' [!] Pinging website using external APi...')
time.sleep(0.4)
print(GR + color.BOLD + " [~] Result: "+ color.END)
text = requests.get('http://api.hackertarget.com/nping/?q=' + dom).text
nping = str(text)
if 'null' not in nping:
save_data(database, module, lvl1, lvl2, lvl3, name, nping)
print(color.END+ nping+C)
else:
print(R+' [-] Outbound Query Exception!')
time.sleep(0.8)
def getos0x00(web):
name = targetname(web)
lvl2 = "getcensys"
module = "ScanANDEnum"
lvl1 = "Scanning & Enumeration"
lvl3 = ""
global flag
flag = 0x00
ip_addr = socket.gethostbyname(web)
print(C+' [*] Querying Reverse DNS...')
time.sleep(0.7)
print(O+' [+] Website IP :' +C+color.TR3+C+G+ str(ip_addr)+C+color.TR2+C)
time.sleep(0.5)
print(GR+' [*] Trying to identify operating system...')
time.sleep(0.5)
print(C+' [!] Configuring requests...')
result = requests.get('https://www.censys.io/ipv4/%s/raw' % ip_addr).text
print(GR+' [*] Getting raw data...')
time.sleep(0.8)
print(R+' [*] Analysing responses...')
try:
match = re.search(r'"os_description": "[^<]*"', result)
if match:
flag = 0x01
os = match.group().split('n": "')[1][:-5]
print(B+' [+] Operating System Identified : ' + C+ os)
save_data(database, module, lvl1, lvl2, lvl3, name, os)
else:
print(R+' [-] No exact Operating System matches for '+O+web+C+'...')
save_data(database, module, lvl1, lvl2, lvl3, name, "No exact Operating System matches for "+web)
os = ""
flag = 0x00
return (flag, os)
except Exception as e:
print(R+' [-] Unhandled Exception : '+str(e))
def googlegroups(web):
name = targetname(web)
module = "ReconANDOSINT"
lvl1 = "Passive Reconnaissance & OSINT"
lvl3 = ''
lvl2 = inspect.stack()[0][3]
time.sleep(0.7)
#print(R+'\n ===========================')
#print(R+' G O O G L E G R O U P S')
#print(R+' ===========================\n')
from core.methods.print import posintpas
posintpas("google groups")
print(C + ' [!] Initiating enumeration via Google Web...')
time.sleep(0.7)
print(C + ' [!] Parsing url...')
web = web.replace('https://', '')
web = web.replace('http://', '')
if "@" in web:
web = web.split("@")[1]
data = getemails0x00(web)
if flag == False:
print(R + ' [-] No results found via enumeration on Google Groups...')
save_data(database, module, lvl1, lvl2, lvl3, name,
"No results found via enumeration on Google Groups.")
else:
save_data(database, module, lvl1, lvl2, lvl3, name, str(data))
print(C + ' [+] Done!')
def headers(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Basic Bugs & Misconfigurations"
global lvl3
lvl3 = ""
try:
#print(R+'\n =========================================')
#print(R+'\n H T T P H E A D E R A N A L Y S I S')
#print(R+' ---<>----<>----<>----<>----<>----<>----<>\n')
from core.methods.print import pvln
pvln("http header analysis")
time.sleep(0.5)
print(GR + " [!] Initializing Header Analysis...")
Headers = RetrieveHeader(web)
xframe0x00(Headers)
contentsec0x00(Headers)
xssprotect0x00(Headers)
xcontenttype0x00(Headers)
general0x00(Headers)
referrerpol0x00(Headers)
anomaly0x00(Headers)
if "https" in web[:5]:
seccheck0x00(Headers)
print(G + ' [+] Done!')
except Exception as e:
print(R + ' [-] Something happened...')
print(R + ' [-] Error : ' + str(e))
def hsts(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Basic Bugs & Misconfigurations"
global lvl3
lvl3 = ""
time.sleep(0.5)
#print(R+'\n ================================')
#print(R+'\n HTTP STRICT TRANSPORT SECURITY')
#print(R+' ---<>----<>----<>----<>----<>---\n')
from core.methods.print import pvln
pvln("hsts")
if 'https' in web:
check0x00(getHeaders0x00(web))
else:
print(R+' [-] No SSL/TLS detected...')
m = input(O+' [§] Force SSL/TLS (y/N) :> ')
if m == 'y' or m == 'Y':
print(GR+' [*] Using revamped SSL...')
o = 'https://' + web.replace('http://','')
check0x00(getHeaders0x00(web))
elif m == 'n' or m == 'N':
print(GR+' [-] Skipping module...')
def phone(web):
global name, lvl2, module, lvl1, lvl3
lvl2 = inspect.stack()[0][3]
module = "ReconANDOSINT"
lvl1 = "Information Disclosure"
lvl3 = ""
name = targetname(web)
time.sleep(0.6)
phone0x00(web)
def ssn(web):
global name, lvl1, lvl2, lvl3, module
name = targetname(web)
lvl2 = inspect.stack()[0][3]
module = "ReconANDOSINT"
lvl1 = "Information Disclosure"
lvl3 = ""
time.sleep(0.6)
ssn0x00(web)
def internalip(web):
global lvl1, lvl2, lvl3, name, module
lvl2 = inspect.stack()[0][3]
module = "ReconANDOSINT"
lvl1 = "Information Disclosure"
lvl3 = ""
name = targetname(web)
time.sleep(0.6)
internalip0x00(web)
def serverdetect(web):
name = targetname(web)
lvl2 = "serverdetect"
module = "ReconANDOSINT"
lvl1 = "Active Reconnaissance"
lvl3 = ""
requests = session()
#print(R+'\n ===========================')
#print(R+' D E T E C T S E R V E R')
#print(R+' ===========================\n')
from core.methods.print import posintact
posintact("detect server")
time.sleep(0.4)
print(GR + ' [*] Checking server status...')
web = web.replace('https://', '')
web = web.replace('http://', '')
try:
ip_addr = socket.gethostbyname(web)
print(G + ' [+] Server detected online...' + C + color.TR2 + C)
time.sleep(0.5)
print(O + ' [+] Server IP :>' + C + color.TR3 + C + G + ip_addr + C +
color.TR2 + C)
data = "IP: " + ip_addr
save_data(database, module, lvl1, lvl2, lvl3, name, data)
except:
print(R + ' [-] Server seems down...')
print(GR + ' [*] Trying to identify backend...')
time.sleep(0.4)
web = 'http://' + web
try:
r = requests.get(web)
header = r.headers['Server']
if 'cloudflare' in header:
print(C + ' [+] The website is behind Cloudflare.')
print(G + ' [+] Server : Cloudflare' + C + color.TR2 + C)
time.sleep(0.4)
print(
O +
' [+] Use the "Cloudflare" VulnLysis module to try bypassing Clouflare...'
+ C)
else:
print(G + ' [+] Server : ' + header + C + color.TR2 + C)
data = "Server: " + header
save_data(database, module, lvl1, lvl2, lvl3, name, data)
try:
print(O + ' [+] Running On :' + C + color.TR3 + C + G +
r.headers['X-Powered-By'] + C + color.TR2 + C)
data = "Running On: " + r.headers['X-Powered-By']
save_data(database, module, lvl1, lvl2, lvl3, name, data)
except:
pass
except:
print(R + ' [-] Failed to identify server. Some error occured!')
pass
def linkedin(web):
name = targetname(web)
lvl2 = inspect.stack()[0][3]
time.sleep(0.6)
#print(R+'\n =====================================')
#print(R+' L I N K E D I N G A T H E R I N G')
#print(R+' =====================================\n')
from core.methods.print import posintpas
posintpas("linkedin gathering")
getposts(web, lvl2, name)
def getports(web):
name = targetname(web)
time.sleep(0.5)
if 'http://' in web:
web = web.replace('http://', '')
elif 'https://' in web:
web = web.replace('https://', '')
else:
pass
scan0x00(web, name)
def pastebin(web):
name = targetname(web)
lvl2 = inspect.stack()[0][3]
time.sleep(0.6)
#print(R+'\n =============================')
#print(R+' P A S T E B I N P O S T S')
#print(R+' =============================\n')
from core.methods.print import posintpas
posintpas("pastebin posts")
getposts(web, name, lvl2)
def waf(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "ScanANDEnum"
global lvl1
lvl1 = "Scanning & Enumeration"
global lvl3
lvl3 = ""
check = 0x00
time.sleep(0.7)
#print(R+'\n ===============================')
#print(R+' W A F E N U M E R A T I O N ')
#print(R+' ===============================\n')
from core.methods.print import pscan
pscan("waf enumeration")
time.sleep(0.7)
print(GR + ' [*] Testing the firewall/loadbalancer...')
time.sleep(1)
head, con = getReq0x00(web)
waftypes = detectWaf0x00(head, con)
for i in range(0, len(waftypes)):
try:
if waftypes[i] != None and waftypes[i] != '':
print(
GR +
'\n [*] Response seems to be matching a WAF signature...')
time.sleep(0.6)
print(C + ' [+] The website seems to be behind a WAF...')
time.sleep(0.6)
print(B + ' [+] Firewall Detected : ' + C + waftypes[i])
check = 0x01
save_data(database, module, lvl1, lvl2, lvl3, name,
waftypes[i])
break
else:
print(B + ' [+] Matching signatures for : ' + C + wafs[i],
end='',
flush=True)
time.sleep(0.1)
except Exception as e:
pass
if check == 0x00:
save_data(database, module, lvl1, lvl2, lvl3, name,
"Generic detection failed to fingerprint WAF.")
print(R + ' [-] Generic detection failed to fingerprint WAF...')
print('\n' + G + ' [+] WAF Fingerprinting module completed!' + C +
color.TR2 + C + '\n')
def webarchive(web):
global name
name = targetname(web)
time.sleep(0.6)
#print(R+'\n =============================================')
#print(R+' W A Y B A C K M A C H I N E L O O K U P')
#print(R+' =============================================\n')
from core.methods.print import posintpas
posintpas("wayback machine lookup")
time.sleep(0.7)
lvl2 = inspect.stack()[0][3]
getRes0x00(web, lvl2)
def threatintel(web):
name = targetname(web)
module = "ReconANDOSINT"
lvl1 = "Passive Reconnaissance & OSINT"
lvl3 = ''
lvl2 = inspect.stack()[0][3]
time.sleep(0.7)
#print(R+'\n =======================================')
#print(R+' T H R E A T I N T E L L I G E N C E')
#print(R+' =======================================\n')
from core.methods.print import posintpas
posintpas("threat intelligence")
print(O + ' [Data in these threatlists is the latest data')
print(O + ' not older than a week!]\n')
print(C + ' [!] Parsing Url..')
time.sleep(0.7)
web = web.replace('https://', '')
web = web.replace('http://', '')
if "@" in web:
web = web.split("@")[1]
print(O + ' [!] Getting host information...')
time.sleep(0.8)
ip = socket.gethostbyname(web)
print(G + ' [+] DNS : ' + O + str(ip))
print(C + ' [!] Loading up modules...')
time.sleep(0.7)
print(GR + ' [*] Starting gathering...')
usom(web, ip)
badip(web, ip)
blocklistssh(web, ip)
blocklistmail(web, ip)
blocklistsip(web, ip)
blocklistftp(web, ip)
blocklistpop3(web, ip)
blocklistirc(web, ip)
blocklistimap(web, ip)
blocklistbots(web, ip)
blockliststrong(web, ip)
blocklistapache(web, ip)
blocklistbrute(web, ip)
emergethreats(web, ip)
emergecompro(web, ip)
binarydefense(web, ip)
openphish(web, ip)
zeustracker(web, ip)
projecthoneypot(web, ip)
if flaglist:
data = web + " appeared as a threat on the following lists: " + str(
flaglist)
else:
data = web + " seems to be clean."
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print(G + ' [+] Done!')
def smtpbrute(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Brute Force Tools"
global lvl3
lvl3 = ""
time.sleep(0.6)
#print(R+' =====================')
#print(R+'\n S M T P B R U T E ')
#print(R+' ---<>----<>----<>----\n')
from core.methods.print import pbrute
pbrute("smtp")
try:
with open('files/brute-db/smtp/smtp_defuser.lst') as users:
for user in users:
user = user.strip('\n')
smtpuser.append(user)
with open('files/brute-db/smtp/smtp_defpass.lst') as passwd:
for passw in passwd:
passw = passw.strip('\n')
smtppass.append(passw)
except IOError:
print(R + ' [-] File paths not found!')
web = web.replace('https://', '')
web = web.replace('http://', '')
ip = socket.gethostbyname(web)
w = input(O + ' [§] Use IP ' + R + ip + ' ? (y/n) :> ')
if w == 'y' or w == 'Y':
port = input(O + ' [§] Enter the port (eg. 25, 587) :> ')
delay = input(C + ' [§] Delay between each request (eg. 0.2) :> ')
print(B + ' [*] Initiating module...')
time.sleep(1)
print(GR + ' [*] Trying using default credentials...')
smtpBrute0x00(ip, smtpuser, smtppass, port, delay)
elif w == 'n' or w == 'N':
ip = input(O + ' [§] Enter IP :> ')
port = input(O + ' [§] Enter the port (eg. 25, 587) :> ')
delay = input(C + ' [§] Delay between each request (eg. 0.2) :> ')
print(B + ' [*] Initiating module...')
time.sleep(1)
print(GR + ' [*] Trying using default credentials...')
smtpBrute0x00(ip, smtpuser, smtppass, port, delay)
else:
print(R + ' [-] Sorry fam you typed shit!')
sleep(0.7)
print(G + ' [+] Done!')
def links(web):
name = targetname(web)
module = "ReconANDOSINT"
lvl1 = "Passive Reconnaissance & OSINT"
lvl3 = ''
lvl2 = inspect.stack()[0][3]
requests = session()
#print(R+'\n =====================')
#print(R+' P A G E L I N K S ')
#print(R+' =====================\n')
from core.methods.print import posintpas
posintpas("page links")
time.sleep(0.4)
print('' + GR + color.BOLD + ' [!] Fetching links to the website...')
time.sleep(0.4)
print(GR + " [~] Result: " + color.END)
if "https://" in web:
web0 = web.replace('https://', '')
else:
web0 = web.replace('http://', '')
if "@" in web:
if "https" in web:
web = "https://" + web.split("@")[1]
else:
web = "http://" + web.split("@")[1]
web0 = web0.split("@")[1]
domains = [web]
for dom in domains:
text = requests.get('http://api.hackertarget.com/pagelinks/?q=' +
dom).text
result = str(text)
if 'null' not in result and 'no links found' not in result:
woo = result.splitlines()
for w in woo:
if str(web0).lower() in w.lower():
final_links.append(w)
print(C + '\n [!] Receiving links...')
for p in final_links:
print(O + ' [+] Found link :' + C + color.TR3 + C + G + p + C +
color.TR2 + C)
time.sleep(0.06)
save_data(database, module, lvl1, lvl2, lvl3, name,
str(final_links))
print('')
else:
print(R + ' [-] Outbound Query Exception!')
time.sleep(0.8)
def photon(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "ScanANDEnum"
global lvl1
lvl1 = "Crawling"
global lvl3
lvl3 = ""
time.sleep(0.5)
pscan("photon")
if properties["ROOT"][1] == " ":
root = input(" [§] Enter the root URL :> ")
else:
root = properties["ROOT"][1]
if properties["ARGS"][1] == " ":
try:
try:
help_photon = subprocess.call(["photon", "--help"])
except:
#in case of buggy photon pip installation
help_photon = subprocess.call(
["python3", "core/lib/Photon/photon.py", "--help"])
arguments = input(
" [§] Enter arguments (as you would after $photon -u ROOT on the commandline) :> "
)
assert "-u" not in arguments and "--url" not in arguments
except AssertionError:
arguments = input(
" [-] Argument '-u' already present in command string.\n [§] Enter arguments (as you would after $photon -u ROOT on the commandline) :> "
)
else:
arguments = properties["ARGS"][1]
arglist = re.split("\s+", arguments)
print(
" [+] Starting Photon Scan (this will take a while, output piped into variable)"
)
try:
#command = "photon -u " + root + " " + arguments
command = ["photon", "-u", root] + arglist
results_photon = subprocess.check_output(command)
except:
command = ["python3", "core/lib/Photon/photon.py", "-u", root
] + arglist
results_photon = subprocess.check_output(command)
data = results_photon.decode().replace("<<", "").replace(">>", "")
print(data)
gprint("\n [+] Photon Scan finished! Saving to database...")
save_data(database, module, lvl1, lvl2, lvl3, root, data)
def cloudflaremisc(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Basic Bugs & Misconfigurations"
global lvl3
lvl3 = ""
time.sleep(0.5)
cloud0x00(web)
def backupbrute(web):
name = targetname(web)
lvl2 = "filebrute"
module = "ReconANDOSINT"
lvl1 = "Active Reconnaissance"
lvl3 = "backupbrute"
time.sleep(0.5)
#print(R+'\n ===================================')
print(R + '\n B A C K U P B R U T E F O R C E')
print(R + ' ---<>----<>----<>----<>----<>----<>\n')
print(C + ' [*] Path to file to be used ' + O +
'(Default: files/fuzz-db/backup_paths.lst)...' + C)
fil = input(C + ' [§] Your input (Press Enter if default) :> ')
if fil == '':
fil = 'files/fuzz-db/backup_paths.lst'
else:
print(GR + ' [*] Checking filepath...')
if os.path.exists(fil) == True:
print(C + ' [+] File found!')
else:
print(R + ' [-] File not found!')
mo = getFile0x00(fil)
gen_headers = {
'User-Agent':
'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201',
'Accept-Language': 'en-US;',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'text/html,application/xhtml+xml,application/xml;',
'Connection': 'close'
}
try:
ul = check0x00(web, mo, gen_headers)
except Exception as e:
print(R + ' [-] Exception : ' + str(e))
if ul:
print(G + ' [+] The following possible backups were found!' + C +
color.TR2 + C)
for u in ul:
print(O + ' [+] Path to backup file: ' + C + color.TR3 + C + G +
u + C + color.TR2 + C)
save_data(database, module, lvl1, lvl2, lvl3, name, u)
else:
print(R + ' [-] No backup directories or files were found!')
save_data(database, module, lvl1, lvl2, lvl3, name,
"No backups found.")
print(C + ' [+] Done!')
def bannergrab(web):
global name
name = targetname(web)
#print(R+'\n ===============================')
#print(R+' B A N N E R G R A B B I N G')
#print(R+' ===============================\n')
from core.methods.print import pscan
pscan("banner grabbing")
print(GR + ' [*] Parsing Url...')
web = web.replace('http://', '')
web = web.replace('https://', '')
grab(web)
print(G + '\n [+] Banner Grabbing Done!' + C + color.TR2 + C)
def blindsqli(web, properties):
global name
name = targetname(web)
global lvl2
lvl2 = "sqli"
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Critical Vulnerabilities"
global lvl3
lvl3 = "blindsqli"
begin = True
while True:
sleep(0.6)
if web.endswith('/'):
web = web[:-1]
print(R + '\n S Q L I N J E C T I O N (Blind Based)')
print(R + ' ---<>----<>----<>----<>----<>----<>----<>-\n')
print(GR + ' [*] Importing error parameters...')
sleep(0.8)
try:
if begin:
with open('files/payload-db/blindsql_payloads.lst',
'r') as payloads:
for payload in payloads:
payload = payload.replace('\n', '')
pay.append(payload)
begin = False
if properties["PARALLEL"][1] == " ":
pa = input(" [?] Parallel Attack? (enter for not) :> ")
parallel = pa != ""
else:
parallel = properties["PARALLEL"][1] == "1"
print(O + '\n [§] Enter the type you want to proceed:\n')
print(B + ' [1] ' + C + 'Manual Mode')
print(B + ' [2] ' + C + 'Automatic Mode\n')
p = input(O + ' [§] TID :> ')
if p == '1':
print(GR + ' [*] Initializing manual mode...')
manual0x00(web, parallel, properties)
if p == '2':
print(GR + ' [*] Loading automatic mode...')
auto0x00(web, parallel)
except IOError:
print(R + ' [-] Payloads file does not exist!')
def zone(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Basic Bugs & Misconfigurations"
global lvl3
lvl3 = ""
web = web.replace('http://', '')
web = web.replace('https://', '')
try:
#print(R+'\n ===========================')
#print(R+'\n Z O N E T R A N S F E R')
#print(R+' ---<>----<>----<>----<>----\n')
from core.methods.print import pvln
pvln("zone transfer")
time.sleep(0.4)
print(
O +
' [!] Looking up for name servers on which website is hosted...\n'
+ G)
time.sleep(0.7)
os.system('dig +nocmd ' + web + ' ns +noall +answer')
if properties["DNSV"][1] == " ":
h = input(O +
'\n [*] Enter the DNS Server you want to test for :> ')
else:
h = properties["DNSV"][1]
time.sleep(0.4)
print(GR + ' [*] Attempting zone transfer...')
time.sleep(0.9)
cm = subprocess.Popen(
['host', '-t', 'axfr', web, h, '+answer', '+noall', '+nocmd'],
stdout=subprocess.PIPE).communicate()[0]
if 'failed' in str(cm):
print(R + '\n [-] Zone transfer for ' + O + h + R + ' failed!')
print(R + ' [-] This website is immune to zone transfers!')
data = 'Zone transfer for ' + h + ' failed!\nThis website is immune to zone transfers.'
save_data(database, module, lvl1, lvl2, lvl3, name, data)
else:
print('\n' + G + cm)
save_data(database, module, lvl1, lvl2, lvl3, name, cm)
except Exception as e:
print(R + ' [-] Error encountered!')
print(R + ' [-] Error : ' + str(e))
def crawler2(web):
global name
name = targetname(web)
global lvl2
lvl2 = "crawler2"
global module
module = "ScanANDEnum"
global lvl1
lvl1 = "Crawling"
global lvl3
lvl3 = ""
time.sleep(0.6)
totlinks = []
#print(R+'\n =========================')
#print(R+' C R A W L E R (Depth 2)')
#print(R+' =========================')
from core.methods.print import pscan
pscan("crawler (depth 2)")
time.sleep(0.7)
print(C+' [This module will fetch both ext. ')
print(C+' and internal links from a website]\n')
print(GR+' [*] Initiating the crawling...')
time.sleep(0.7)
try:
print(C+' [*] Starting internal links gathering...')
intlinks = internalcrawl(web)
print(G+' [+] Finished internal links crawling...'+C+color.TR2+C)
print(C+'\n [*] Starting external links gathering...')
extlinks = externalcrawl(web)
print(G+' [+] Finished external links crawling...'+C+color.TR2+C)
except Exception as e:
print(R+' [-] Exception : '+str(e))
pass
print(R+' EXTERNAL LINKS')
print(R+' ---<>----<>----<')
print(R+' |')
for lenk in extlinks:
print(GR+' + '+lenk)
print(R+'\n INTERNAL LINKS')
print(R+' ---<>----<>----<')
print(R+' |')
for lenk in intlinks:
print(GR+' + '+O+lenk)
totlinks = list(set(intlinks + extlinks))
out(web, totlinks)
def iphistory(web):
name = targetname(web)
module = "ReconANDOSINT"
lvl1 = "Passive Reconnaissance & OSINT"
lvl3 = ''
lvl2 = inspect.stack()[0][3]
requests = session()
try:
#print(R+'\n =====================')
#print(R+' I P H I S T O R Y')
#print(R+' =====================\n')
from core.methods.print import posintpas
posintpas("ip history")
print(GR + ' [*] Parsing Url...')
web0 = web.split('//')[-1]
if "@" in web0:
web0 = web0.split("@")[1]
print(web0)
print(C + ' [!] Making the request...')
html = requests.get('http://viewdns.info/iphistory/?domain=' +
web0).text
print(GR + ' [*] Parsing raw-data...')
time.sleep(0.7)
soup = BeautifulSoup(html, 'lxml')
print(C + ' [!] Setting parameters...')
table = soup.findAll('table', attrs={'border': '1'})[0]
print(C + ' [!] Finding IP history instances...')
trs = table.findAll('tr')
trs.pop(0)
print(C + '\n [+] Following instances were found...')
data = []
for tr in trs:
td = tr.findAll('td')
info = {
'ip': td[0].text,
'owner': td[2].text.rstrip(),
'last': td[3].text
}
data.append(info)
print(O + ' [+] Instance :' + C + color.TR3 + C + G + info['ip'] +
' => ' + info['owner'] + ' - (' + info['last'] + ')' + C +
color.TR2 + C)
time.sleep(0.02)
save_data(database, module, lvl1, lvl2, lvl3, name, str(data))
except Exception:
print(R + ' [-] No instances of IP History found...')
def crawler1(web):
global name
name = targetname(web)
global lvl2
lvl2 = "crawler1"
global module
module = "ScanANDEnum"
global lvl1
lvl1 = "Crawling"
global lvl3
lvl3 = ""
time.sleep(0.5)
q = crawler10x00(web)
out(web, q)
print(G+' [+] Done!'+C+color.TR2+C)
