def __init__(self, options): utils.print_banner("CORS Scanning") utils.make_directory(options['WORKSPACE'] + '/cors') self.module_name = self.__class__.__name__ self.options = options slack.slack_noti( 'status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Scanning CORS for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name) slack.slack_noti( 'good', self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done Scanning CORS for {0}'.format(self.options['TARGET']) })
def __init__(self, options): utils.print_banner("IP Discovery") utils.make_directory(options['WORKSPACE'] + '/ipspace') self.module_name = self.__class__.__name__ self.options = options slack.slack_noti( 'status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start IP Discovery for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.module_name) try: self.conclude() except: utils.print_bad("Something wrong with conclude for {0}".format( self.module_name)) slack.slack_noti( 'good', self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done IP Discovery for {0}'.format(self.options['TARGET']) })
def __init__(self, options): utils.print_banner("Scanning Subdomain") utils.make_directory(options['WORKSPACE'] + '/subdomain') self.module_name = self.__class__.__name__ self.options = options self.options['CURRENT_MODULE'] = self.module_name self.options['SPEED'] = utils.custom_speed(self.options) if utils.resume(self.options, self.module_name): utils.print_info( "It's already done. use '-f' options to force rerun the module") return slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Scanning Subdomain for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name, seconds=60) self.conclude() # this gonna run after module is done to update the main json slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done Scanning Subdomain for {0}'.format(self.options['TARGET']) }) utils.print_line()
def run(self): commands = execute.get_commands( self.options, self.module_name).get('routines') for item in commands: utils.print_good('Starting {0}'.format(item.get('banner'))) #really execute it execute.send_cmd(self.options, item.get('cmd'), item.get( 'output_path'), item.get('std_path'), self.module_name) time.sleep(1) utils.just_waiting(self.options, self.module_name, seconds=10, times=5) main_json = utils.reading_json(utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json')) for item in commands: if "Whois" in item.get('cmd'): main_json["Info"]["Whois"] = {"path": item.get('output_path')} if "Dig" in item.get('cmd'): main_json["Info"]["Dig"] = {"path": item.get('output_path')} utils.just_write(utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def __init__(self, options): utils.print_banner("Port Scanning") utils.make_directory(options['WORKSPACE'] + '/portscan') self.module_name = self.__class__.__name__ self.options = options slack.slack_noti( 'status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Port Scanning for {0}'.format(self.options['TARGET']) }) # self.initial() utils.just_waiting(self.module_name, seconds=60) # self.create_ip_result() self.conclude() slack.slack_noti( 'good', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Port Scanning for {0}'.format(self.options['TARGET']) })
def __init__(self, options): utils.print_banner("Port Scanning") utils.make_directory(options['WORKSPACE'] + '/portscan') utils.make_directory(options['WORKSPACE'] + '/subdomain') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info( "It's already done. use '-f' options to force rerun the module") return self.is_direct = utils.is_direct_mode(options, require_input=True) slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Port Scanning for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name, seconds=60) self.conclude() slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Port Scanning for {0}'.format(self.options['TARGET']) })
def gowithness(self, data): # add http:// and https:// prefix to domain domains = [] utils.make_directory(self.options['WORKSPACE'] + '/screenshot/screenshoots-gowitness') for item in data: host = utils.get_domain(item) domains.append("http://" + host) domains.append("https://" + host) http_file = utils.replace_argument( self.options, '$WORKSPACE/screenshot/$OUTPUT-hosts.txt') utils.just_write(http_file, "\n".join(domains)) utils.clean_up(http_file) time.sleep(2) # screenshots with gowitness cmd = "$GO_PATH/gowitness file -s $WORKSPACE/screenshot/$OUTPUT-hosts.txt -t 30 --log-level fatal --destination $WORKSPACE/screenshot/screenshoots-gowitness/ --db $WORKSPACE/screenshot/screenshoots-gowitness/gowitness.db" execute.send_cmd(self.options, utils.replace_argument(self.options, cmd), '', '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=10) cmd = "$GO_PATH/gowitness generate -n $WORKSPACE/screenshot/$OUTPUT-gowitness-screenshots.html --destination $WORKSPACE/screenshot/screenshoots-gowitness/ --db $WORKSPACE/screenshot/screenshoots-gowitness/gowitness.db" html_path = utils.replace_argument( self.options, "$WORKSPACE/portscan/$OUTPUT-gowitness-screenshots.html") execute.send_cmd(self.options, utils.replace_argument(self.options, cmd), html_path, '', self.module_name)
def __init__(self, options): utils.print_banner("Scanning Subdomain") utils.make_directory(options['WORKSPACE'] + '/subdomain') self.module_name = self.__class__.__name__ self.options = options slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Scanning Subdomain for {0}'.format( self.options['TARGET']) }) self.initial() utils.just_waiting(self.module_name, seconds=10) self.conclude() #this gonna run after module is done to update the main json slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done Scanning Subdomain for {0}'.format( self.options['TARGET']) })
def screenshots(self, csv_data): # add http:// and https:// prefix to domain if csv_data: result = [] for line in csv_data.splitlines()[1:]: # print(line) host = line.split(',')[0] port = line.split(',')[3] result.append("http://" + host + ":" + port) result.append("https://" + host + ":" + port) utils.just_write( utils.replace_argument( self.options, '$WORKSPACE/portscan/$OUTPUT-hosts.txt'), "\n".join(result)) # screenshots with gowitness utils.make_directory(self.options['WORKSPACE'] + '/portscan/screenshoots-massscan/') cmd = "$GO_PATH/gowitness file -s $WORKSPACE/portscan/$OUTPUT-hosts.txt -t 30 --log-level fatal --destination $WORKSPACE/portscan/screenshoots-massscan/ --db $WORKSPACE/portscan/screenshoots-massscan/gowitness.db" execute.send_cmd(self.options, utils.replace_argument(self.options, cmd), '', '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=10) cmd = "$GO_PATH/gowitness generate -n $WORKSPACE/portscan/$OUTPUT-masscan-screenshots.html --destination $WORKSPACE/portscan/screenshoots-massscan/ --db $WORKSPACE/portscan/screenshoots-massscan/gowitness.db" html_path = utils.replace_argument( self.options, "$WORKSPACE/portscan/$OUTPUT-masscan-screenshots.html") execute.send_cmd(self.options, utils.replace_argument(self.options, cmd), html_path, '', self.module_name)
def __init__(self, options): utils.print_banner("IP Discovery") utils.make_directory(options['WORKSPACE'] + '/ipspace') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info("It's already done. use '-f' options to force rerun the module") return slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start IP Discovery for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name) try: self.conclude() except: utils.print_bad("Something wrong with conclude for {0}".format(self.module_name)) slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done IP Discovery for {0}'.format(self.options['TARGET']) })
def initial(self): if self.observatory(): utils.just_waiting(self.options, self.module_name) try: self.conclude() except: utils.print_bad("Something wrong with conclude for {0}".format(self.module_name))
def initial(self): if self.observatory(): utils.just_waiting(self.options, self.module_name) try: self.conclude() except: utils.print_bad("Something wrong with conclude for {0}".format(self.module_name))
def run(self): commands = execute.get_commands(self.options, self.module_name).get('routines') for item in commands: utils.print_good('Starting {0}'.format(item.get('banner'))) #really execute it execute.send_cmd(self.options, item.get('cmd'), item.get('output_path'), item.get('std_path'), self.module_name) time.sleep(1) utils.just_waiting(self.options, self.module_name, seconds=10, times=5) main_json = utils.reading_json( utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json')) for item in commands: if "Whois" in item.get('cmd'): main_json["Info"]["Whois"] = {"path": item.get('output_path')} if "Dig" in item.get('cmd'): main_json["Info"]["Dig"] = {"path": item.get('output_path')} utils.just_write(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def whois(self): utils.print_good('Starting Whois') cmd = 'whois $TARGET | tee $WORKSPACE/info/$TARGET-whois.txt' cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/info/$OUTPUT-whois.txt') std_path = utils.replace_argument( self.options, '$WORKSPACE/info/std-$OUTPUT-whois.std') #log the command slack.slack_log(self.options, mess={ 'title': "{0} | Whois | {1} | Execute".format( self.options['TARGET'], self.module_name), 'content': '```{0}```'.format(cmd), }) execute.send_cmd(cmd, output_path, std_path, self.module_name) # upload the output utils.just_waiting(self.module_name, seconds=2) slack.slack_file(self.options, mess={ 'title': "{0} | Whois | {1} | Output".format( self.options['TARGET'], self.module_name), 'filename': '{0}'.format(output_path), })
def initial(self): self.aquaton() # really slow the flow so disable for now # self.eyewitness_common() utils.just_waiting(self.module_name, seconds=10) #this gonna run after module is done to update the main json self.conclude()
def observatory(self): utils.print_good('Starting observatory') if self.is_direct: domain_file = self.is_direct else: if self.options['SPEED'] == 'quick': utils.print_good('Skipping {0} in quick mode'.format(self.module_name)) return None domain_file = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt') with open(domain_file, 'r') as d: domains = d.read().splitlines() if self.options['DEBUG'] == "True": utils.print_info("Only get 30 target debug mode") domains = domains[:10] for part in list(utils.chunks(domains, 1)): for domain in part: cmd = 'observatory --rescan -q {0} --format=json -z --attempts 50 | tee $WORKSPACE/headers/details/{0}-observatory.json'.format( domain.strip()) cmd = utils.replace_argument(self.options, cmd) execute.send_cmd(self.options, cmd, '', '', self.module_name, nolog=True) time.sleep(10) utils.just_waiting(self.options, self.module_name, seconds=10, times=2) return True
def __init__(self, options): utils.print_banner("IP Discovery") utils.make_directory(options['WORKSPACE'] + '/ipspace') self.module_name = self.__class__.__name__ self.options = options slack.slack_info( self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start IP Discovery for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.module_name) self.conclude() slack.slack_good( self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done IP Discovery for {0}'.format(self.options['TARGET']) })
def __init__(self, options): utils.print_banner("CORS Scanning") utils.make_directory(options['WORKSPACE'] + '/cors') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info( "It's already done. use '-f' options to force rerun the module" ) return slack.slack_noti( 'status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Scanning CORS for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name) slack.slack_noti( 'good', self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done Scanning CORS for {0}'.format(self.options['TARGET']) })
def observatory(self): utils.print_good('Starting observatory') if self.is_direct: domain_file = self.is_direct else: if self.options['SPEED'] == 'quick': utils.print_good('Skipping {0} in quick mode'.format(self.module_name)) return None domain_file = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt') with open(domain_file, 'r') as d: domains = d.read().splitlines() if self.options['DEBUG'] == "True": utils.print_info("Only get 30 target debug mode") domains = domains[:10] for part in list(utils.chunks(domains, 1)): for domain in part: cmd = 'observatory --rescan -q {0} --format=json -z --attempts 50 | tee $WORKSPACE/headers/details/{0}-observatory.json'.format( domain.strip()) cmd = utils.replace_argument(self.options, cmd) execute.send_cmd(self.options, cmd, '', '', self.module_name, nolog=True) time.sleep(10) utils.just_waiting(self.options, self.module_name, seconds=10, times=2) return True
def nmap_vuln_list(self, ip_list): utils.print_good('Starting Nmap VulnScan') # Scan every 2 IP at time Increse if you want for part in utils.chunks(ip_list, 2): for ip in part: encode_input = utils.strip_slash(ip.strip()) cmd = 'sudo nmap --open -T4 -Pn -n -sSV -p- {0} --script $PLUGINS_PATH/nmap-stuff/vulners.nse --oA $WORKSPACE/vulnscan/details/{1}-nmap'.format( ip.strip(), encode_input) cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/vulnscan/details/{0}-nmap.nmap'.format( encode_input)) std_path = utils.replace_argument( self.options, '$WORKSPACE/vulnscan/details/std-{0}-nmap.std'.format( encode_input)) execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name) # check if previous task done or not every 30 second utils.just_waiting(self.options, self.module_name, seconds=120) self.parsing_to_csv() # just save commands logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json') utils.save_all_cmd(self.options, logfile)
def __init__(self, options): utils.print_banner("AssetFinding") utils.make_directory(options['WORKSPACE'] + '/assets') self.module_name = self.__class__.__name__ self.options = options self.options['CURRENT_MODULE'] = self.module_name self.options['SPEED'] = utils.custom_speed(self.options) if utils.resume(self.options, self.module_name): utils.print_info( "It's already done. use '-f' options to force rerun the module" ) return self.is_direct = utils.is_direct_mode(options, require_input=True) slack.slack_noti( 'status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start AssetFinding for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name) slack.slack_noti( 'good', self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done AssetFinding for {0}'.format(self.options['TARGET']) }) utils.print_line()
def __init__(self, options): utils.print_banner("Port Scanning") utils.make_directory(options['WORKSPACE'] + '/portscan') utils.make_directory(options['WORKSPACE'] + '/subdomain') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info( "It's already done. use '-f' options to force rerun the module") return self.is_direct = utils.is_direct_mode(options, require_input=True) slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Port Scanning for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name, seconds=60) # self.create_ip_result() self.conclude() slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Port Scanning for {0}'.format(self.options['TARGET']) })
def initial(self): ip_list = self.prepare_input() if type(ip_list) == list: self.nmap_vuln_list(ip_list) utils.just_waiting(self.options, self.module_name, seconds=120) self.parsing_to_csv() else: self.nmap_single(ip_list)
def technology_detection(self): all_subdomain_path = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt') if not utils.not_empty_file(all_subdomain_path): return #add https:// prefix for all domain domains = utils.just_read(all_subdomain_path).splitlines() scheme_path = utils.replace_argument( self.options, '$WORKSPACE/recon/all-scheme-$OUTPUT.txt') utils.just_write( scheme_path, "\n".join(domains + [("https://" + x.strip()) for x in domains])) #really execute command cmd = '$GO_PATH/webanalyze -apps $PLUGINS_PATH/apps.json -hosts $WORKSPACE/recon/all-scheme-$OUTPUT.txt -output json -worker 20 | tee $WORKSPACE/recon/$OUTPUT-technology.json' cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/recon/$OUTPUT-technology.json') execute.send_cmd(self.options, cmd, '', '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=10) with open(output_path, encoding='utf-8') as o: data = o.read().splitlines() #parsing output to get technology techs = {} for line in data: jsonl = json.loads(line) if jsonl.get('matches'): subdomain = jsonl.get('hostname').replace('https://', '') if techs.get(subdomain): techs[subdomain] += [ x.get('app_name') for x in jsonl.get('matches') ] else: techs[subdomain] = [ x.get('app_name') for x in jsonl.get('matches') ] # print(techs) #update the main json and rewrite that main_json = utils.reading_json( utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json')) for i in range(len(main_json['Subdomains'])): sub = main_json['Subdomains'][i].get('Domain') if techs.get(sub): main_json['Subdomains'][i]["Technology"] = techs.get(sub) utils.just_write(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def technology_detection(self): all_subdomain_path = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt') if not utils.not_empty_file(all_subdomain_path): return #add https:// prefix for all domain domains = utils.just_read(all_subdomain_path).splitlines() scheme_path = utils.replace_argument( self.options, '$WORKSPACE/recon/all-scheme-$OUTPUT.txt') utils.just_write(scheme_path, "\n".join( domains + [("https://" + x.strip()) for x in domains])) #really execute command cmd = '$GO_PATH/webanalyze -apps $PLUGINS_PATH/apps.json -hosts $WORKSPACE/recon/all-scheme-$OUTPUT.txt -output json -worker 20 | tee $WORKSPACE/recon/$OUTPUT-technology.json' cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/recon/$OUTPUT-technology.json') execute.send_cmd(self.options, cmd, output_path, '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=10, times=20) with open(output_path, encoding='utf-8') as o: data = o.read().splitlines() #parsing output to get technology techs = {} for line in data: try: jsonl = json.loads(line) if jsonl.get('matches'): subdomain = jsonl.get('hostname').replace('https://', '') if techs.get(subdomain): techs[subdomain] += [x.get('app_name') for x in jsonl.get('matches')] else: techs[subdomain] = [x.get('app_name') for x in jsonl.get('matches')] except: pass # print(techs) #update the main json and rewrite that main_json = utils.reading_json(utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json')) for i in range(len(main_json['Subdomains'])): sub = main_json['Subdomains'][i].get('Domain') if techs.get(sub): main_json['Subdomains'][i]["Technology"] = techs.get(sub) utils.just_write(utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def create_ip_result(self): utils.print_good('Create IP for list of domain result') # check if direct input is file or just single string if self.is_direct: if utils.not_empty_file(self.is_direct): cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $INPUT_LIST' # just return if direct input is just a string else: return else: final_ip = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt') if utils.not_empty_file(final_ip): return cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $WORKSPACE/subdomain/final-$OUTPUT.txt' cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt') execute.send_cmd(self.options, cmd, '', '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=5) # matching IP with subdomain main_json = utils.reading_json( utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json')) # get ips from amass stuff ips = [] if self.is_direct: if self.options.get("INPUT_LIST"): ips.extend(utils.extract_ip(self.options.get('INPUT_LIST'))) if utils.not_empty_file(output_path): data = utils.just_read(output_path).splitlines() for line in data: if " A " in line: subdomain = line.split('. A ')[0] ip = line.split('. A ')[1] ips.append(str(ip)) for i in range(len(main_json['Subdomains'])): if subdomain == main_json['Subdomains'][i]['Domain']: main_json['Subdomains'][i]['IP'] = ip final_ip = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt') utils.just_write(final_ip, "\n".join(ips)) utils.just_write(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def normal(options): utils.print_good("Running with {0} speed".format(options['SPEED'])) # Create skeleton json initials.Initials(options) # Finding subdomain subdomain.SubdomainScanning(options) # waiting for previous module utils.just_waiting(options, 'SubdomainScanning') # Scanning for subdomain take over takeover.TakeOverScanning(options) # Screen shot the target on common service screenshot.ScreenShot(options) # Recon recon.Recon(options) # Recon assetfinding.AssetFinding(options) # Scanning for CorsScan cors.CorsScan(options) # Discovery IP space ipspace.IPSpace(options) # SSL Scan sslscan.SSLScan(options) # Headers Scan headers.HeadersScan(options) # Note: From here the module gonna take really long time # for scanning service and stuff like that utils.print_info('This gonna take a while') # Scanning all port using result from subdomain scanning # and also checking vulnerable service based on version portscan.PortScan(options) # Directory scan dirbrute.DirBrute(options) # Starting vulnerable scan vulnscan.VulnScan(options) # brutethings.BruteThings(options) conclusion.Conclusion(options)
def run(self): commands = execute.get_commands(self.module_name).get('routines') for item in commands: utils.print_good('Starting {0}'.format(item.get('banner'))) #really execute it execute.send_cmd(item.get('cmd'), item.get('output_path'), item.get('std_path'), self.module_name) utils.just_waiting(self.module_name, seconds=2) #just save commands logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json') utils.save_all_cmd(logfile)
def run(self): commands = execute.get_commands(self.options, self.module_name).get('routines') for item in commands: utils.print_good('Starting {0}'.format(item.get('banner'))) #really execute it execute.send_cmd(self.options, item.get('cmd'), item.get( 'output_path'), item.get('std_path'), self.module_name) utils.just_waiting(self.options, self.module_name, seconds=10) #just save commands logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json') utils.save_all_cmd(self.options, logfile)
def run(self): commands = execute.get_commands(self.module_name).get('routines') if self.options['DEBUG'] == "True": commands = commands[1:] for item in commands: utils.print_good('Starting {0}'.format(item.get('banner'))) #really execute it execute.send_cmd(item.get('cmd'), item.get('output_path'), item.get('std_path'), self.module_name) time.sleep(1) utils.just_waiting(self.module_name, seconds=30)
def __init__(self, options): utils.print_banner("SSL Scanning") utils.make_directory(options['WORKSPACE'] + '/ssl/') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info("It's already done. use '-f' options to force rerun the module") return slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start SSL Scanning for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name)
def resolve_ip(self): utils.print_good('Create IP for list of domain result') final_ip = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt') all_subdomain_path = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt') # we this have done or not found anything just return if utils.not_empty_file( final_ip) or not utils.not_empty_file(all_subdomain_path): return cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $WORKSPACE/subdomain/final-$OUTPUT.txt' cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt') execute.send_cmd(self.options, cmd, '', '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=5, times=5) # load main json main_json = utils.reading_json( utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json')) data = utils.just_read(output_path) if data: ips = [] for line in data.splitlines(): if " A " in line: subdomain = line.split('. A ')[0] ip = line.split('. A ')[1] ips.append(ip) for i in range(len(main_json['Subdomains'])): if subdomain == main_json['Subdomains'][i]['Domain']: main_json['Subdomains'][i]['IP'] = ip final_ip = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt') with open(final_ip, 'w+') as fip: fip.write("\n".join(str(ip) for ip in ips)) # update the main json file utils.just_write(utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def normal(options): utils.print_good("Running with {0} speed".format(options['SPEED'])) # Create skeleton json initials.Initials(options) ##Finding subdomain subdomain.SubdomainScanning(options) ##waiting for previous module utils.just_waiting(options, 'SubdomainScanning') # ##Scanning for subdomain take over takeover.TakeOverScanning(options) ##Screen shot the target on common service screenshot.ScreenShot(options) ##Recon recon.Recon(options) ##Scanning for CorsScan cors.CorsScan(options) # ##Discovery IP space ipspace.IPSpace(options) # ##SSL Scan sslscan.SSLScan(options) # ##Headers Scan headers.HeadersScan(options) # ##### Note: From here the module gonna take really long time for scanning service and stuff like that utils.print_info('This gonna take a while') # #Scanning all port using result from subdomain scanning and also checking vulnerable service based on version portscan.PortScan(options) #Directory scan dirbrute.DirBrute(options) # #Starting vulnerable scan vulnscan.VulnScan(options) # brutethings.BruteThings(options) conclusion.Conclusion(options)
def dirsearch(self, domain_path): utils.print_good('Starting dirsearch') cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py -b -e php,aspx,jsp,swp,swf,zip --wordlist=$PLUGINS_PATH/wordlists/really-quick.txt -x '302,404' --simple-report=$WORKSPACE/directory/quick/$OUTPUT-dirsearch.txt -t 50 -L {0}".format( domain_path) cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/directory/quick/$OUTPUT-dirsearch.txt') std_path = utils.replace_argument( self.options, '$WORKSPACE/directory/quick/std-$OUTPUT-dirsearch.std') execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name) utils.just_waiting(self.options, self.module_name, seconds=120)
def __init__(self, options): utils.print_banner("Scanning for Subdomain TakeOver") self.module_name = self.__class__.__name__ self.options = options slack.slack_info(self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Scanning TakeOver for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.module_name) self.conclude() slack.slack_good(self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done Scanning TakeOver for {0}'.format(self.options['TARGET']) })
def create_ip_result(self): utils.print_good('Create IP for list of domain result') if self.is_direct: cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $INPUT' else: final_ip = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt') if utils.not_empty_file(final_ip): return cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $WORKSPACE/subdomain/final-$OUTPUT.txt' cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt') execute.send_cmd(self.options, cmd, '', '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=5) # matching IP with subdomain main_json = utils.reading_json( utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json')) with open(output_path, 'r') as i: data = i.read().splitlines() ips = [] for line in data: if " A " in line: subdomain = line.split('. A ')[0] ip = line.split('. A ')[1] ips.append(ip) for i in range(len(main_json['Subdomains'])): if subdomain == main_json['Subdomains'][i]['Domain']: main_json['Subdomains'][i]['IP'] = ip final_ip = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt') with open(final_ip, 'w+') as fip: fip.write("\n".join(str(ip) for ip in ips)) utils.just_write(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def run(self): commands = execute.get_commands(self.options, self.module_name).get('routines') if self.options['DEBUG'] == "True": commands = [commands[1]] for item in commands: utils.print_good('Starting {0}'.format(item.get('banner'))) # really execute it execute.send_cmd(self.options, item.get('cmd'), item.get( 'output_path'), item.get('std_path'), self.module_name) time.sleep(1) self.massdns() utils.just_waiting(self.options, self.module_name, seconds=5) # just save commands logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json') utils.save_all_cmd(self.options, logfile)
def create_ip_result(self): utils.print_good('Create IP for list of domain result') if self.is_direct: cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $INPUT' else: final_ip = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt') if utils.not_empty_file(final_ip): return cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $WORKSPACE/subdomain/final-$OUTPUT.txt' cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt') execute.send_cmd(self.options, cmd, '', '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=5) # matching IP with subdomain main_json = utils.reading_json(utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json')) with open(output_path, 'r') as i: data = i.read().splitlines() ips = [] for line in data: if " A " in line: subdomain = line.split('. A ')[0] ip = line.split('. A ')[1] ips.append(ip) for i in range(len(main_json['Subdomains'])): if subdomain == main_json['Subdomains'][i]['Domain']: main_json['Subdomains'][i]['IP'] = ip final_ip = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt') with open(final_ip, 'w+') as fip: fip.write("\n".join(str(ip) for ip in ips)) utils.just_write(utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def __init__(self, options): utils.print_banner("Port Scanning") utils.make_directory(options['WORKSPACE'] + '/portscan') self.module_name = self.__class__.__name__ self.options = options slack.slack_info(self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Port Scanning for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.module_name) self.result_parsing() self.conclude() slack.slack_good(self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Port Scanning for {0}'.format(self.options['TARGET']) })
def permutation(self): # running goaltdns if self.options['SPEED'] == 'quick': utils.print_info('Skip permutation subdomain for quick mode') return None elif self.options['SPEED'] == 'slow': cmd = '$GO_PATH/goaltdns -w $PLUGINS_PATH/wordlists/short-permutation.txt -l $WORKSPACE/subdomain/full-$OUTPUT.txt -o $WORKSPACE/subdomain/permutation-$OUTPUT.txt' cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/subdomain/permutation-$OUTPUT.txt') execute.send_cmd(self.options, cmd, output_path, '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=5) # resolve generated domain to verify it cmd2 = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt --sticky -t A --verify-ip -q -o S -w $WORKSPACE/subdomain/massdns-permutation-$OUTPUT.txt $WORKSPACE/subdomain/permutation-$OUTPUT.txt' cmd2 = utils.replace_argument(self.options, cmd2) output_path2 = utils.replace_argument( self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt') execute.send_cmd(self.options, cmd, output_path2, '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=5) # strip out some false positive cause some resolvers are crazy raw_permutation = utils.just_read(output_path2) permutation_domains = [] if raw_permutation: # finding false positive false_positive = [] tmp_false_positive = [] for line in raw_permutation.splitlines(): tmp_false_positive.append(line.split('. A')[1]) for item in tmp_false_positive: if tmp_false_positive.count(item) > 3: false_positive.append(item) # really adding things for line in raw_permutation.splitlines(): if line.split('. A ')[1] not in false_positive: permutation_domains.append( line.split('. A ')[0]) return permutation_domains
def initial(self): self.run() utils.just_waiting(self.options, self.module_name, seconds=10)