def conclude(self):
self.unique_result()
utils.print_banner("Conclusion for {0}".format(self.module_name))
main_json = utils.reading_json(
utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
all_subdomain = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
with open(all_subdomain, 'r') as s:
subdomains = s.read().splitlines()
for subdomain in subdomains:
main_json['Subdomains'].append({"Domain": subdomain})
main_json['Modules'][self.module_name] = utils.checking_done(
module=self.module_name, get_json=True)
utils.just_write(utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'),
main_json,
is_json=True)
#write that json again
# utils.just_write(utils.reading_json(), main_json, is_json=True)
#logging
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(logfile)
utils.print_banner("{0}".format(self.module_name))
def quick_gobuster(self):
utils.print_good('Starting gobuster for short wordlist')
if self.is_direct:
domains = utils.just_read(self.is_direct).splitlines()
else:
#matching IP with subdomain
main_json = utils.reading_json(
utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
if self.options['DEBUG'] == 'True':
domains = domains[:5]
custom_logs = {"module": self.module_name, "content": []}
for part in utils.chunks(domains, 3):
for domain in part:
#just strip everything to save local, it won't affect the result
strip_domain = domain.replace('http://', '').replace(
'https://', '').replace('/', '-')
cmd = '$GO_PATH/gobuster -k -q -e -x php,jsp,aspx,html,json -w $PLUGINS_PATH/wordlists/quick-content-discovery.txt -t 100 -o $WORKSPACE/directory/{1}-gobuster.txt -s 200,301,307 -u "{0}" '.format(
domain.strip(), strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/{0}-gobuster.txt'.format(
strip_domain))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/std-{0}-gobuster.std'.format(
strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
# time.sleep(0.5)
#set status to done because this gonna will be submit when all command was done
custom_logs['content'].append({
"cmd": cmd,
"std_path": std_path,
"output_path": output_path,
"status": "Done"
})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(20)
#submit a log
utils.print_info('Update activities log')
utils.force_done(self.options, self.module_name)
# utils.update_activities(self.options, str(custom_logs))
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def conclude(self):
output_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-masscan.xml')
if not utils.not_empty_file(output_path):
return
self.create_html_report()
self.parsing_to_csv()
# parsing masscan xml
tree = ET.parse(output_path)
root = tree.getroot()
masscan_json = {}
for host in root.iter('host'):
ip = host[0].get('addr')
ports = [(str(x.get('portid')) + "/" + str(x.get('protocol')))
for x in host[1]]
masscan_json[ip] = ports
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
# update the main json
for i in range(len(main_json['Subdomains'])):
ip = main_json['Subdomains'][i].get('IP')
if ip != "N/A" and ip in masscan_json.keys():
main_json['Subdomains'][i]['Ports'] = masscan_json.get(ip)
# just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
utils.just_write(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def nmap_vuln_list(self, ip_list):
utils.print_good('Starting Nmap VulnScan')
# Scan every 2 IP at time Increse if you want
for part in utils.chunks(ip_list, 2):
for ip in part:
encode_input = utils.strip_slash(ip.strip())
cmd = 'sudo nmap --open -T4 -Pn -n -sSV -p- {0} --script $PLUGINS_PATH/nmap-stuff/vulners.nse --oA $WORKSPACE/vulnscan/details/{1}-nmap'.format(
ip.strip(), encode_input)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/vulnscan/details/{0}-nmap.nmap'.format(
encode_input))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/vulnscan/details/std-{0}-nmap.std'.format(
encode_input))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
# check if previous task done or not every 30 second
utils.just_waiting(self.options, self.module_name, seconds=120)
self.parsing_to_csv()
# just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def conclude(self):
utils.print_banner("Conclusion for {0}".format(self.module_name))
main_json = utils.reading_json(
utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
main_json['Modules'][self.module_name] = utils.checking_done(
module=self.module_name, get_json=True)
ips_file = utils.replace_argument(
self.options, '$WORKSPACE/ipspace/$OUTPUT-ipspace.txt')
with open(ips_file, 'r') as s:
ips = s.read().splitlines()
main_json['IP Space'] = ips
# print(main_json['IP Space'])
#write that json again
utils.just_write(utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'),
main_json,
is_json=True)
#logging
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(logfile)
utils.print_banner("{0} Done".format(self.module_name))
def conclude(self):
output_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-masscan.xml')
if not utils.not_empty_file(output_path):
return
self.create_html_report()
#parsing masscan xml
tree = ET.parse(output_path)
root = tree.getroot()
masscan_json = {}
for host in root.iter('host'):
ip = host[0].get('addr')
ports = [(str(x.get('portid')) + "/" + str(x.get('protocol')))
for x in host[1]]
masscan_json[ip] = ports
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
#update the main json
for i in range(len(main_json['Subdomains'])):
ip = main_json['Subdomains'][i].get('IP')
if ip != "N/A" and ip in masscan_json.keys():
main_json['Subdomains'][i]['Ports'] = masscan_json.get(ip)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
utils.just_write(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def dirsearch(self):
utils.print_good('Starting dirsearch')
if self.is_direct:
domains = utils.just_read(self.is_direct).splitlines()
else:
#matching IP with subdomain
main_json = utils.reading_json(
utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
if self.options['DEBUG'] == 'True':
domains = domains[:5]
custom_logs = {"module": self.module_name, "content": []}
for part in utils.chunks(domains, 3):
for domain in part:
#just strip everything to save local, it won't affect the result
strip_domain = domain.replace('http://', '').replace(
'https://', '').replace('/', '-')
cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py -b -e php,zip,aspx,js --wordlist=$PLUGINS_PATH/wordlists/really-quick.txt --simple-report=$WORKSPACE/directory/quick/{1}-dirsearch.txt -t 50 -u {0}".format(
domain, strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/{0}-dirsearch.txt'.format(
strip_domain))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/std-{0}-dirsearch.std'.format(
strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
# time.sleep(0.5)
#set status to done because this gonna will be submit when all command was done
custom_logs['content'].append({
"cmd": cmd,
"std_path": std_path,
"output_path": output_path,
"status": "Done"
})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(20)
#submit a log
utils.print_info('Update activities log')
# utils.update_activities(self.options, str(custom_logs))
utils.force_done(self.options, self.module_name)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def conclude(self):
main_json = utils.reading_json(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
main_json['Modules'][self.module_name] = utils.checking_done(module=self.module_name, get_json=True)
#write that json again
utils.just_write(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
#logging
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(logfile)
utils.print_banner("{0} Done".format(self.module_name))
def run(self):
commands = execute.get_commands(self.options, self.module_name).get('routines')
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
#really execute it
execute.send_cmd(self.options, item.get('cmd'), item.get(
'output_path'), item.get('std_path'), self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def run(self):
commands = execute.get_commands(self.module_name).get('routines')
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
#really execute it
execute.send_cmd(item.get('cmd'), item.get('output_path'),
item.get('std_path'), self.module_name)
utils.just_waiting(self.module_name, seconds=2)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(logfile)
def nmap_vuln(self):
utils.print_good('Starting Nmap VulnScan')
if self.is_direct:
ip_list = utils.just_read(self.is_direct).splitlines()
ip_list = list(set([ip for ip in ip_list if ip != 'N/A']))
else:
main_json = utils.reading_json(
utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'))
main_json['Modules'][self.module_name] = []
if self.options['SPEED'] == 'slow':
ip_list = [
x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None
] + main_json['IP Space']
elif self.options['SPEED'] == 'quick':
ip_list = [
x.get("IP") for x in main_json['Subdomains']
if x.get("IP") is not None
]
ip_list = list(set([ip for ip in ip_list if ip != 'N/A']))
if self.options['DEBUG'] == 'True':
ip_list = list(ip_list)[:5]
# Scan every 5 IP at time Increse if you want
for part in utils.chunks(ip_list, 2):
for ip in part:
cmd = 'sudo nmap --open -T4 -Pn -n -sSV -p- {0} --script $PLUGINS_PATH/vulners.nse --oA $WORKSPACE/vulnscan/{0}-nmap'.format(
ip.strip())
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/vulnscan/{0}-nmap.nmap'.format(ip.strip()))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/vulnscan/std-{0}-nmap.std'.format(ip.strip()))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
# check if previous task done or not every 30 second
while not utils.checking_done(self.options,
module=self.module_name):
time.sleep(60)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def dirsearch(self):
utils.print_good('Starting dirsearch')
if self.is_direct:
domains = utils.just_read(self.is_direct).splitlines()
else:
#matching IP with subdomain
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
if self.options['DEBUG'] == 'True':
domains = domains[:5]
custom_logs = {"module": self.module_name, "content": []}
for part in utils.chunks(domains, 3):
for domain in part:
#just strip everything to save local, it won't affect the result
strip_domain = domain.replace(
'http://', '').replace('https://', '').replace('/', '-')
cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py -b -e php,zip,aspx,js --wordlist=$PLUGINS_PATH/wordlists/really-quick.txt --simple-report=$WORKSPACE/directory/quick/{1}-dirsearch.txt -t 50 -u {0}".format(
domain, strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/{0}-dirsearch.txt'.format(strip_domain))
std_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/std-{0}-dirsearch.std'.format(strip_domain))
execute.send_cmd(self.options, cmd, output_path,
std_path, self.module_name)
# time.sleep(0.5)
#set status to done because this gonna will be submit when all command was done
custom_logs['content'].append(
{"cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done"})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(20)
#submit a log
utils.print_info('Update activities log')
# utils.update_activities(self.options, str(custom_logs))
utils.force_done(self.options, self.module_name)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def quick_gobuster(self):
utils.print_good('Starting gobuster for short wordlist')
if self.is_direct:
domains = utils.just_read(self.is_direct).splitlines()
else:
#matching IP with subdomain
main_json = utils.reading_json(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
if self.options['DEBUG'] == 'True':
domains = domains[:5]
custom_logs = {"module": self.module_name, "content": []}
for part in utils.chunks(domains, 3):
for domain in part:
#just strip everything to save local, it won't affect the result
strip_domain = domain.replace(
'http://', '').replace('https://', '').replace('/', '-')
cmd = '$GO_PATH/gobuster -k -q -e -x php,jsp,aspx,html,json -w $PLUGINS_PATH/wordlists/quick-content-discovery.txt -t 100 -o $WORKSPACE/directory/{1}-gobuster.txt -s 200,301,307 -u "{0}" '.format(
domain.strip(), strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/{0}-gobuster.txt'.format(strip_domain))
std_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/std-{0}-gobuster.std'.format(strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
# time.sleep(0.5)
#set status to done because this gonna will be submit when all command was done
custom_logs['content'].append({"cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done"})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(20)
#submit a log
utils.print_info('Update activities log')
utils.force_done(self.options, self.module_name)
# utils.update_activities(self.options, str(custom_logs))
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def dirb_all(self, domains):
for domain in domains:
# passing domain to content directory tools
self.dirsearch(domain.strip())
self.wfuzz(domain.strip())
self.gobuster(domain.strip())
# just wait couple seconds and continue but not completely stop the routine
time.sleep(60)
# brute with 3 tools
utils.force_done(self.options, self.module_name)
# just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def run(self):
commands = execute.get_commands(self.options, self.module_name).get('routines')
if self.options['DEBUG'] == "True":
commands = [commands[1]]
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
# really execute it
execute.send_cmd(self.options, item.get('cmd'), item.get(
'output_path'), item.get('std_path'), self.module_name)
time.sleep(1)
self.massdns()
utils.just_waiting(self.options, self.module_name, seconds=5)
# just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def nmap_vuln(self):
utils.print_good('Starting Nmap VulnScan')
if self.is_direct:
ip_list = utils.just_read(self.is_direct).splitlines()
ip_list = list(set([ip for ip in ip_list if ip != 'N/A']))
else:
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
main_json['Modules'][self.module_name] = []
if self.options['SPEED'] == 'slow':
ip_list = [x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None] + main_json['IP Space']
elif self.options['SPEED'] == 'quick':
ip_list = [x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None]
ip_list = list(set([ip for ip in ip_list if ip != 'N/A']))
if self.options['DEBUG'] == 'True':
ip_list = list(ip_list)[:5]
# Scan every 5 IP at time Increse if you want
for part in utils.chunks(ip_list, 2):
for ip in part:
cmd = 'sudo nmap --open -T4 -Pn -n -sSV -p- {0} --script $PLUGINS_PATH/vulners.nse --oA $WORKSPACE/vulnscan/{0}-nmap'.format(
ip.strip())
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/vulnscan/{0}-nmap.nmap'.format(ip.strip()))
std_path = utils.replace_argument(
self.options, '$WORKSPACE/vulnscan/std-{0}-nmap.std'.format(ip.strip()))
execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
# check if previous task done or not every 30 second
while not utils.checking_done(self.options, module=self.module_name):
time.sleep(60)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def conclude(self):
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(logfile)
def save_log(self):
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
if self.options.get('CLIENT'):
utils.just_shutdown_flask(self.options)
def conclude(self):
# just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
utils.print_banner("Conclusion for {0}".format(self.module_name))
def save_log(self):
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(logfile)
utils.just_shutdown_flask()
def conclude(self):
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
utils.print_banner("Conclusion for {0}".format(self.module_name))
