def main():
#help check
if "-h" in sys.argv or len(sys.argv) == 1: banner()
#Choose Scan methods
if "-m" in sys.argv and coretools.plus_one("-m") == "http":
methods = ['http://']
elif "-m" in sys.argv and coretools.plus_one("-m") == "https":
methods = ['https://']
else:
methods = ['http://', 'https://']
#verbose = show failed attempts
if "-v" in sys.argv:
verbose = True
else:
verbose = False
# set max threads
if "-t" in sys.argv:
try:
max_threads = int(coretools.plus_one("-t"))
except:
print "[!] Error parsing max pages, reverting to default"
max_threads = 5
else:
max_threads = 5
#Start program
targets = coretools.list_targets(sys.argv[-1])
status_report(methods, len(targets))
print "\n[*] Starting Scan...\n"
scan_count = 0
while scan_count != len(targets):
threads = []
#Start Threads
for x in range(0, max_threads):
if scan_count != len(targets):
t = Thread(target=scan,
args=(
targets[scan_count],
methods,
verbose,
))
t.daemon = True
threads.append(t)
t.start()
scan_count += 1
for t in threads:
t.join(1)
coretools.exit("\n[!] Scan Complete\n\n")
def main():
# Help banner
if "-h" in sys.argv or len(sys.argv) == 1: banner()
targets = coretools.list_targets(sys.argv[-1])
#verbose output
if "-v" in sys.argv:
v = True
else:
v = False
# set max threads
if "-t" in sys.argv:
try:
max_threads = int(coretools.plus_one("-t"))
except:
print "[!] Error parsing max pages, reverting to default"
max_threads = 5
else:
max_threads = 5
# set max threads
if "-p" in sys.argv:
try:
port = int(coretools.plus_one("-p"))
except:
print "[!] Error parsing max pages, reverting to default"
coretools.exit("[!] Invalid port detected\n\n")
else:
port = 80
print "\n[*] Starting WebDav Scan\n"
#start scan
scan_count = 0
while scan_count != len(targets):
threads = []
for z in range(0, max_threads):
if scan_count != len(targets):
x = Thread(target=scan, args=(
targets[scan_count],
port,
v,
))
threads.append(x)
x.daemon = True
x.start()
scan_count += 1
for t in threads:
t.join(1)
coretools.exit("\n[!] Scan Complete\n\n")
def main():
#help check
if "-h" in sys.argv or len(sys.argv) == 1: banner()
#Choose Scan methods
if "-m" in sys.argv and coretools.plus_one("-m") == "http":
methods = ['http://']
elif "-m" in sys.argv and coretools.plus_one("-m") == "https":
methods = ['https://']
else:
methods = ['http://', 'https://']
#Start Scan
targets = coretools.list_targets(sys.argv[-1])
status_report(methods, len(targets))
start_scan(targets, methods)
def main():
#Help banner
if "-h" in sys.argv or len(sys.argv) <= 1: banner()
#Setup info
target = sys.argv[-1]
if "://" in target:
print "\n[!] http / https:// not required, stripping from target..."
temp = target.split("://")
target = temp[1]
#Check if SSL enabled
if "-ssl" in sys.argv:
ssl = True
else:
ssl = False
#Get port information
try:
port = int(coretools.plus_one("-p"))
except:
coretools.exit("\n[-] Error parsing port, see -h for more\n\n")
try:
#Start verb tamper
scan = tamper(target, port, ssl)
for verb in scan.verbs:
scan.scan(scan.add_headers(verb))
#Get Results:
scan.results()
except Exception, e:
coretools.exit("\n Main Error: %s" % (e))
def subdomain_enum(self, target):
print '\n[*] Sub-Domain Enumeration for: %s' % (target)
print '-'*40
#Get word list
if "-w" in sys.argv:
try:
subs = [x.strip() for x in open(coretools.plus_one('-w'))]
except:
print "[!] Error parsing custom word list, reverting to default..."
subs = [x.strip() for x in open('../resources/subdomain_list.txt')]
else:
subs = [x.strip() for x in open('../resources/subdomain_list.txt')]
for s in subs:
query = s+'.'+target
try:
#resp = socket.gethostbyname(str(query))
# DNS Query
resolver = dns.resolver.Resolver()
resolver.timeout = 3
resolver.lifetime = 3
dns_query = resolver.query(query, 'A')
dns_query.nameservers = ['8.8.8.8', '8.8.4.4']
for resp in dns_query:
# Output
space_num = len(sys.argv[-1]) + 10
print '+ %-*s--> %s' % (space_num, query, resp)
#dynamically make output length
if dns_fun.logging:
coretools.write_file(dns_fun.filename, '%-*s %s' % (space_num,query, resp))
except Exception as e:
pass
coretools.exit("\n")
def wordlist_prep(self):
# if -w not in sys args use custom list
if "-w" in sys.argv:
try:
list = [x.strip() for x in open(coretools.plus_one('-w'))]
except:
# On except revert to default dir list
print "[!] Error parsing custom word list, reverting to default..."
list = [
x.strip() for x in open('../resources/brudis_dirs.txt')
]
else:
# Use default list
list = [x.strip() for x in open('../resources/brudis_dirs.txt')]
return list
def main():
try:
#help banner
if "-h" in sys.argv or len(sys.argv) == 1: banner()
#quick target input validation
target = sys.argv[-1]
if "://" in target or "." * 2 in target:
coretools.exit("\n[!] DNS_fun Target Error, use -h for more\n\n")
#new class
dns_scan = dns_fun()
if "-t" in sys.argv:
dns_scan.lookup(target, coretools.plus_one("-t"))
elif "-z" in sys.argv:
dns_scan.zone_transfer(target)
elif "-s" in sys.argv:
dns_scan.subdomain_enum(target)
else:
coretools.exit("\n[-] No options selected, use -h for more information\n\n")
except Exception as e:
coretools.exit("[!] Error parsing initial options: %s" % (e))
def start_it(self):
try:
#Set Max Threads
try:
if "-t" in sys.argv and int(coretools.plus_one("-t")) <= 50:
max_threads = int(coretools.plus_one("-t"))
else:
print "[*] Using default thread count..."
max_threads = 25
except:
print "[!] Error parsing thread input, reverting to default..."
max_threads = 25
#Set scan depth
try:
if "-d" in sys.argv and int(coretools.plus_one("-d")) <= 8:
max_depth = int(coretools.plus_one("-d"))
else:
print "[*] Using default depth..."
max_depth = 3
except:
print "[!] Error parsing depth input, reverting to default..."
max_depth = 3
#start scan
print "[*] Using max depth: %s, and max threads: %s" % (
max_depth, max_threads)
print "[*] Starting Dir brute force for: %s\n\n" % (
brudis.base_url)
for x in range(0, max_depth):
if x == 0:
temp_url = []
# Put urls in temp list
for y in brudis.depth[0]:
temp_url.append(str(brudis.base_url + y))
else:
temp_url = []
# Put urls temp list
for a in brudis.depth[x]:
for b in brudis.depth[0]:
temp_url.append(str(a + b))
# Setup threading
url_count = 0
while url_count != len(temp_url):
threads = []
for z in range(0, max_threads):
#if statement prevents threading from continuing after list is done
if url_count != len(temp_url):
if brudis.debug:
print "[!!] SENDING %s --> thread #%s" % (
temp_url[url_count], z)
t = Thread(target=brudis.send_it,
args=(self, temp_url[url_count], x + 1))
t.daemon = True
threads.append(t)
t.start()
url_count += 1
for t in threads:
t.join(1)
except KeyboardInterrupt:
coretools.exit("\n[!] Keyboard Interrupt Caught\n")
except Exception as e:
if brudis.bedug:
coretools.exit("\n[!!] Error start_it: %s" % (e))
else:
pass