def __init__(self, args, dbhandler=None): """ Dns2IP class resolves hostnames. input: args cmdline arguments without argv[0] dbhandler database handler """ logger.info("Initialising Dns2Ip ...") opt = parse(args) self.dbh = dbhandler try: ig_targets = cTuples.cInputGenerator( filename=opt.target_fn, data=opt.targets, maxthreads=opt.nthreads, circle=False, ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) ig_targets.start() self.tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=resolve, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def __init__(self, args, dbhandler=None): """ Ip2Dns class gets dns records for one or more ip addresses in parrallel. input: args cmdline arguments without argv[0] dbhandler database handler """ logger.info("Initialising Dns2Ip ...") opt = parse(args) self.dbh = dbhandler try: ig_targets = cTuples.cInputGenerator( filename=opt.target_fn, data=opt.targets, maxthreads=opt.nthreads, circle=False, expand_cb=lambda t: cUtil.mkIP2(t, noResolve=True), ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) ig_targets.start() self.tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=resolveIP, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def __init__(self, args, dbh=None): opts = parse(args) self.dbh = dbh self.port = opts.port try: ig_targets = cTuples.cInputGenerator(filename=opts.T, data=opts.t, maxthreads=opts.nthreads, circle=False, expand_cb=lambda t: cUtil.mkIP2(t, ports=[opts.port], noSplit=True, ), ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) ig_targets.start() self.tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=bversion, maxthreads=opts.nthreads, delay=opts.delay) self.tuples.start()
def __init__(self, args, dbh=None): opt = parse(args) self.dbh = dbh #self.qname = opts.zone self.dbh = dbh try: ig_targets = cTuples.cInputGenerator( filename=opt.T, data=opt.t, maxthreads=opt.nthreads, prepare_cb=get_ans, circle=False, ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) ig_targets.start() self.tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=ztrans, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def scan(self): self.results = {} start = datetime.now() self.tuples = cTuples.cTuples(inputs=[self.ig_targets, self.ig_tests], prep_callback=db_test.test) #self.tuples.setDaemon(True) self.tuples.start() self.ig_tests.start() self.ig_targets.start() for status, mark, result in self.tuples.tuple_q: if status: try: self.results[mark.ident].append(result) except KeyError: self.results[mark.ident] = [] self.results[mark.ident].append(result) self._add_mark(mark) message, nikto_id, request, response, osvdb, method, uri = result self._add_vulnerability( mark, message, nikto_id, request, response, osvdb, method, uri ) self.tuples.join() print 'Finished in %f seconds' % cUtil.secs(start)
def __init__(self, args, dbhandler=None): """ Dns2IP class resolves hostnames. input: args cmdline arguments without argv[0] dbhandler database handler """ logger.info("Initialising Dns2Ip ...") opt = parse(args) self.dbh = dbhandler try: ig_targets = cTuples.cInputGenerator(filename=opt.target_fn, data=opt.targets, maxthreads=opt.nthreads, circle=False, ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) ig_targets.start() self.tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=resolve, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def __init__(self, args, dbh=None): """ Initialize and run MysqlBruteforce input: args cmdline arguments without argv[0] dbh database handler """ # parse argv opt = parse(args) # generators for user and password lists # TODO: self.tls = opt.tls #self.to = opt.to self.nthreads = opt.nthreads # database handle self.dbh = dbh # queue stuff try: ig_targets = cTuples.cInputGenerator( data=opt.targets, filename=opt.target_fn, circle=False, expand_cb=lambda t: cUtil.mkIP2( t, ports=[opt.port], noSplit=True, noResolve=True), ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) try: ig_users = cTuples.cInputGenerator(data=opt.users, filename=opt.user_fn, circle=True) except cTuples.ENoInput: print 'Error: No Usernames specified, please use the -u/U parameter to set usernames(s)' sys.exit(1) try: ig_passw = cTuples.cInputGenerator(data=opt.passw, filename=opt.passw_fn, circle=True) except cTuples.ENoInput: print 'Error: No Passwords specified, please use the -p/P parameter to set password(s)' sys.exit(1) ig_targets.start() ig_users.start() ig_passw.start() self.tuples = cTuples.cTuples(inputs=[ig_targets, ig_users, ig_passw], prep_callback=brute, delay=opt.delay) self.tuples.start()
def main(dbh, target=None, port=None, password=None, timeout=None, verbose=None, **kwargs): if verbose: rLog.set_verbosity_console('vvvv') testvnc.verbose = verbose testvnc.timeout = timeout tuples = cTuples.cTuples( inputs=[target, port, password], prep_callback=testvnc, ) tuples.setDaemon(True) tuples.start() row_fmt = "{:24} {:50} {:50}" print '-' * 126 print row_fmt.format('target', 'password', 'status') print '-' * 126 for status, target, port, password in tuples.tuple_q: ip = target[0] fqdn = ''.join(target[1]) if status == 0: msg = "\"None\" authentication method detected" elif status == 1: msg = "Authentication successful" br = BruteforceResult2( password=password, ip=ip, fqdn=fqdn, port=port, service='vnc', ) dbh.add(br) elif status == 2: msg = "Authentication failed" elif status == 3: msg = "Protocol error" elif status == 4: msg = "Network error" elif status == 5: msg = "Too many failures" print row_fmt.format('%s:%d' % (ip, port), password, msg) tuples.join()
def doHost(self, opt): """ start bruteforce with password and user list (one host) tHost: Host to attack tuple(host, port) fusers: user list file name fpasswords: password list file name ssh_verisons: list of ssh client version strings nthreads: number of threads """ try: ig_targets = cTuples.cInputGenerator( data=opt.targets, filename=opt.target_fn, circle=False, expand_cb=lambda t: cUtil.mkIP2( t, ports=[opt.port], noResolve=True), ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) try: ig_users = cTuples.cInputGenerator(data=opt.users, filename=opt.user_fn, prepare_cb=lambda t: t.strip(), circle=True) except cTuples.ENoInput: print 'Error: No Usernames specified, please use the -u/U parameter to set usernames(s)' sys.exit(1) try: ig_passw = cTuples.cInputGenerator(data=opt.passw, filename=opt.passw_fn, prepare_cb=lambda t: t.strip(), circle=True) except cTuples.ENoInput: print 'Error: No Passwords specified, please use the -p/P parameter to set password(s)' sys.exit(1) ig_targets.start() ig_users.start() ig_passw.start() self.tuples = cTuples.cTuples(inputs=[ig_targets, ig_users, ig_passw], prep_callback=brute) self.tuples.start()
def doHost(self, opt): """ start bruteforce with password and user list (one host) tHost: Host to attack tuple(host, port) fusers: user list file name fpasswords: password list file name ssh_verisons: list of ssh client version strings nthreads: number of threads """ try: ig_targets = cTuples.cInputGenerator(data=opt.targets, filename=opt.target_fn, circle=False, expand_cb=lambda t: cUtil.mkIP2(t, ports=[opt.port], noResolve=True ), ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) try: ig_users = cTuples.cInputGenerator(data=opt.users, filename=opt.user_fn, prepare_cb=lambda t: t.strip(), circle=True) except cTuples.ENoInput: print 'Error: No Usernames specified, please use the -u/U parameter to set usernames(s)' sys.exit(1) try: ig_passw = cTuples.cInputGenerator(data=opt.passw, filename=opt.passw_fn, prepare_cb=lambda t: t.strip(), circle=True) except cTuples.ENoInput: print 'Error: No Passwords specified, please use the -p/P parameter to set password(s)' sys.exit(1) ig_targets.start() ig_users.start() ig_passw.start() self.tuples = cTuples.cTuples(inputs=[ig_targets, ig_users, ig_passw], prep_callback=brute) self.tuples.start()
def main(dbh, target=None, port=None, password=None, timeout=None, verbose=None, **kwargs): if verbose: rLog.set_verbosity_console('vvvv') testvnc.verbose = verbose testvnc.timeout = timeout tuples = cTuples.cTuples(inputs=[target, port, password], prep_callback=testvnc, ) tuples.setDaemon(True) tuples.start() row_fmt = "{:24} {:50} {:50}" print '-' * 126 print row_fmt.format('target', 'password', 'status') print '-' * 126 for status, target, port, password in tuples.tuple_q: ip = target[0] fqdn = ''.join(target[1]) if status == 0: msg = "\"None\" authentication method detected" elif status == 1: msg = "Authentication successful" br = BruteforceResult2( password=password, ip=ip, fqdn=fqdn, port=port, service='vnc', ) dbh.add(br) elif status == 2: msg = "Authentication failed" elif status == 3: msg = "Protocol error" elif status == 4: msg = "Network error" elif status == 5: msg = "Too many failures" print row_fmt.format('%s:%d' % (ip, port), password, msg) tuples.join()
def __init__(self, args, dbhandler=None): """ Dns2IP concatenates words from a wordlist file with top level domains and tries to resove the resulting hostnames. input: args cmdline arguments without argv[0] dbhandler database handler """ logger.info("Initialising Dns2Ip ...") opt = parse(args) resolve.tlds = opt.tld self.dbh = dbhandler try: ig_words = cTuples.cInputGenerator(filename=opt.wordlist_fn, data=opt.wordlist, maxthreads=opt.nthreads, circle=False, ) ig_words.start() except cTuples.ENoInput: print 'Please specify a set of words or a filename containing a wordlist' sys.exit(1) try: ig_tlds = cTuples.cInputGenerator(filename=opt.tld_fn, data=opt.tld, maxthreads=opt.nthreads, circle=True, ) ig_tlds.start() except cTuples.ENoInput: print 'Please specify a set of tlds or a filename containing a tldlist' sys.exit(1) self.tuples = cTuples.cTuples(inputs=[ig_words, ig_tlds], prep_callback=resolve, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def __init__(self, args, dbh=None): logger.debug('Init RpcScanner') opt = parse(args) # file containing RPC program if opt.fn_rpc: cRpc.RPC_PATH = opt.fn_rpc # check if rpc file is readable try: fd = __builtin__.openany(cRpc.RPC_PATH, "r") fd.close() except: print 'Error: Could not open RPC program number data base %s' % cRpc.RPC_PATH sys.exit(1) self.port = opt.port # database handle self.dbh = dbh try: ig_targets = cTuples.cInputGenerator(filename=opt.target_fn, data=opt.targets, maxthreads=opt.nthreads, circle=False, expand_cb=lambda t: cUtil.mkIP2(t, ports=[opt.port], noResolve=True ), ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) ig_targets.start() self.tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=rpcinfo, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def __init__(self, args, dbh=None): logger.debug('Init %s' % __name__) # database handle self.dbh = dbh opt = self.parse(args) if opt.fn_rpc: cRpc.RPC_PATH = opt.fn_rpc # check if rpc file is readable try: fd = __builtin__.openany(cRpc.RPC_PATH, "r") fd.close() except: print 'Error: Could not open RPC program number data base %s' % cRpc.RPC_PATH sys.exit(1) showmount.version = 1 try: ig_targets = cTuples.cInputGenerator( filename=opt.target_fn, data=opt.targets, maxthreads=opt.nthreads, circle=False, expand_cb=lambda t: cUtil.mkIP2( t, ports=[opt.port], noResolve=True), ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) ig_targets.start() self.tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=showmount, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def doUph(self, opt): """ start bruteforce with uph list (multiple hosts) fuph: uph list file name ssh_verisons: list of ssh client version strings nthreads: number of threads """ def prep_uph(line): if not line: return None line = line.strip() parts = line.split(':') if len(parts) == 3: user, password, host = parts port = 22 elif len(parts) == 4: user, password, host, port = parts else: print 'Error: Invalid uph format: %s' % line r = ((host, int(port)), user, password) logger.info(r) return r try: ig_targets = cTuples.cInputGenerator(data=[], filename=opt.uph_lists, circle=False, prepare_cb=prep_uph) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) ig_targets.start() self.tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=brute, single=False, delay=opt.delay) self.tuples.start()
def __init__(self, args, dbhandler=None): """ Ip2Dns_Bing class gets dns records by searching Bing for ip:<ip>. input: args cmdline arguments without argv[0] dbhandler database handler """ logger.info("Initialising Dns2Ip ...") self.dbh = dbhandler opt = parse(args) self.nthreads = opt.nthreads resolve.max_results = opt.max_results try: ig_targets = cTuples.cInputGenerator(filename=opt.target_fn, data=opt.targets, maxthreads=opt.nthreads, circle=False, expand_cb=lambda t: cUtil.mkIP2(t, noResolve=True) ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) ig_targets.start() self.tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=resolve, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def doUph(self, opt): """ start bruteforce with uph list (multiple hosts) fuph: uph list file name ssh_verisons: list of ssh client version strings nthreads: number of threads """ def prep_uph(line): if not line: return None line = line.strip() parts = line.split(':') if len(parts) == 3: user, password, host = parts port = 22 elif len(parts) == 4: user, password, host, port = parts else: print 'Error: Invalid uph format: %s' % line r = ((host, int(port)), user, password) logger.info(r) return r try: ig_targets = cTuples.cInputGenerator(data=[], filename=opt.uph_lists, circle=False, prepare_cb=prep_uph ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) ig_targets.start() self.tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=brute, single=False, delay=opt.delay) self.tuples.start()
def __init__(self, args, dbh=None): opt = parse(args) self.dbh = dbh #self.qname = opts.zone self.dbh = dbh try: ig_targets = cTuples.cInputGenerator(filename=opt.T, data=opt.t, maxthreads=opt.nthreads, prepare_cb=get_ans, circle=False, ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) ig_targets.start() self.tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=ztrans, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def __init__(self, args, dbh=None): """ Initialize and run FtpBruteforce input: args cmdline arguments without argv[0] dbhandler database handler """ logger.info('Init FTP bruteforce') self.dbh = dbh opt = parse(args) self.anon_q = Queue.Queue() brute.to = opt.to brute.tls = opt.tls self.anon = opt.anon if self.anon: test_special_login_init(self.anon_q, opt.to, opt.tls) expand_cb = lambda t: cUtil.mkIP2(t, ports=[opt.port], noResolve=True ) try: ig_targets = cTuples.cInputGenerator(data=opt.targets, filename=opt.target_fn, circle=False, expand_cb=expand_cb, prepare_cb=opt.anon and test_special_login or None, maxthreads=opt.nthreads ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) try: ig_users = cTuples.cInputGenerator(data=opt.users, filename=opt.user_fn, prepare_cb=lambda x: x.rstrip(), circle=True, maxthreads=opt.nthreads) except cTuples.ENoInput: print 'Error: No Usernames specified, please use the -u/U parameter to set usernames(s)' sys.exit(1) try: ig_passw = cTuples.cInputGenerator(data=opt.passw, filename=opt.passw_fn, prepare_cb=lambda x: x.rstrip(), circle=True, maxthreads=opt.nthreads) except cTuples.ENoInput: print 'Error: No Passwords specified, please use the -p/P parameter to set password(s)' sys.exit(1) ig_targets.start() ig_users.start() ig_passw.start() self.tuples = cTuples.cTuples(inputs=[ig_targets, ig_users, ig_passw], prep_callback=brute, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def __init__(self, args, dbhandler=None): logger.info("Initialising DNS subdomain scanner..") #FIXME this is bad design. one does not simple initalise an object by # passing the program arguments ;) we need to parse that in advance opt = parse(args) self.dbh = dbhandler data = [] if opt.bf_length: allchars = string.letters + string.digits chars = [] for cs in opt.charsets: if len(cs) < 3 or cs[1] != '-': print 'Invalid charset %s' % cs sys.exit(1) start = allchars.find(cs[0]) if start < 0: print 'Invalid charset %s' % cs sys.exit(1) stop = allchars.find(cs[2]) + 1 if stop < 1: print 'Invalid charset %s' % cs if start > stop: start, stop = stop, start chars.extend(allchars[start:stop]) chars.append('') data = it.imap(lambda t: ''.join(t), it.product(chars, repeat=opt.bf_length)) try: if not opt.w: fnames = [] else: fnames = [opt.w] ig_subs = cTuples.cInputGenerator( filenames=fnames, data=data, maxthreads=opt.nt, circle=False, ) ig_subs.start() except cTuples.ENoInput: print 'Please specify a set of subs or a filename containing a sublist' sys.exit(1) try: ig_domains = cTuples.cInputGenerator( filename=opt.T, data=opt.t, prepare_cb=check_wildcard, maxthreads=opt.nt, circle=True, ) ig_domains.start() except cTuples.ENoInput: print 'Please specify a set of domains or a filename containing a domainlist' sys.exit(1) self.tuples = cTuples.cTuples(inputs=[ig_subs, ig_domains], prep_callback=resolve, maxthreads=opt.nt, delay=opt.delay) self.tuples.start()
def ssl_test(args, dbh=None): parser = argparse.ArgumentParser( prog=__plgname__, description="ssl version tester v%f" % __version__, epilog=""" Examples: ssl_tester.plg -t www.curesec.com -maxcon 10 """, formatter_class=argparse.RawTextHelpFormatter) parser.add_argument('-T', help='file containing urls or ips', dest='target_fn') parser.add_argument('-t', help='url or ir', nargs='+', dest='target', default=[]) parser.add_argument('-delay', help='delay in between requests', dest='delay', default=0.0, type=float) parser.add_argument( '-C', help= 'filename of cipher suite list to test against (default cipherlist.txt)', dest='cipher_fn', default='cipherlist.txt') parser.add_argument('-port', help='target port (default 443)', dest='port', default=443, type=int) parser.add_argument('-to', help='Server timeout (default 3s)', dest='timeout', type=int, default=3) parser.add_argument( '-maxcon', help='Maximum parallel connections per host (default: unlimited)', type=int, default=0, ) parser.add_argument( '-nt', help= 'Maximum number of threads to scan with, each host gets a new thread (default 10)', dest='nthreads', default=10, type=int) if not args: parser.print_help() sys.exit(0) opt = parser.parse_args(args) # set global target parameters cComm.Mark.MAX_CON = opt.maxcon cComm.Mark.FIX_PORT = opt.port cComm.Mark.TIMEOUT = opt.timeout # only use ssl connections no plain http cComm.Comm.SSL = True start = datetime.now() try: ig_targets = cTuples.cInputGenerator(data=opt.target, filename=opt.target_fn, circle=False, expand_cb=cUtil.mkIP2, prepare_cb=prepare_target, maxthreads=opt.nthreads) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) try: ig_ciphers = cTuples.cInputGenerator(data=[], filename=opt.cipher_fn, prepare_cb=prepare_cb_cipher, circle=True) except cTuples.ENoInput: print 'Error: No Ciphers specified, please use the -C parameter to set a cipher list file' sys.exit(1) ig_targets.start() ig_ciphers.start() tuples = cTuples.cTuples(inputs=[ig_targets, ig_ciphers], prep_callback=check_ssl, maxthreads=opt.nthreads, delay=opt.delay) tuples.start() results = {} for mark, cs, cipher, sev, version in tuples.tuple_q: if dbh: br = ccd.SslInfoResult( ip=mark.ip, fqdn=mark.hostname, port=mark.port, cs=cs, ) dbh.add(br) try: results[mark.ip + ' / ' + mark.hostname][sev].append(cs) except: results[mark.ip + ' / ' + mark.hostname] = {} results[mark.ip + ' / ' + mark.hostname]['weak'] = [] results[mark.ip + ' / ' + mark.hostname]['medium'] = [] results[mark.ip + ' / ' + mark.hostname]['strong'] = [] tuples.join() for ip, c in results.items(): print '-' * len(ip) print ip print '-' * len(ip) for cs in c['weak']: print '\033[91m%s\033[0m' % cs for cs in c['medium']: print '\033[93m%s\033[0m' % cs for cs in c['strong']: print '\033[92m%s\033[0m' % cs print print 'Finished in %f seconds' % cUtil.secs(start)
def parse(self, args): description = "### SMTP user enumeration ###\n" + \ "It is based on the SMTP commands: VRFY, EXPN, RCPT.\n" + \ "Results may be inaccurate (false positives) as not all SMTP servers act the same.\n" +\ "Furthermore, this script does not support StartTLS or authentication.\n" +\ "To inspect the server's resonse, use the -v verbosity switch.\n" +\ "Output of valid usernames are in the form of: [username]\n\n" epilog = """Examples: smtp_user_enum.plg -command ALL -U users.txt -t 192.168.1.136 """ parser = argparse.ArgumentParser( description=description, epilog=epilog, formatter_class=argparse.RawTextHelpFormatter ) parser.add_argument("-command", action="store", dest="command", required=True, help="choose VRFY, EXPN, RCPT or ALL") parser.add_argument('-T', help='files containing host:port entries', default='', dest='target_fn' ) parser.add_argument('-t', help='target hosts', default=[], nargs='+', dest='targets', ) parser.add_argument('-port', help='target port (default 25)', dest='port', default=25, type=int ) parser.add_argument('-delay', help='delay in between requests', dest='delay', default=0.0, type=float ) parser.add_argument('-u', help='usernames', default=[], nargs='+', dest='users', ) parser.add_argument('-U', help='file containing one username per line', default='', dest='user_fn', ) parser.add_argument('-nt', help='number of threads (default 100)', dest='nthreads', type=int, default=100 ) parser.add_argument('-to', help='Server timeout (default 3s)', dest='timeout', type=int, default=3 ) parser.add_argument('-no_check', help='disable host check', action='store_true', dest='no_check', ) if not args: parser.print_help() sys.exit(1) opt = parser.parse_args(args) testusername.command = opt.command testusername.timeout = opt.timeout if opt.command != "VRFY" and opt.command != "EXPN" and opt.command != "RCPT" and opt.command != "ALL": parser.print_help() print("command must either be 'VRFY', 'EXPN', 'RCPT' or 'ALL'") sys.exit(1) try: ig_targets = cTuples.cInputGenerator(data=opt.targets, filename=opt.target_fn, circle=False, prepare_cb=cUtil.isUp, expand_cb=lambda t: cUtil.mkIP2(t, ports=[opt.port], noResolve=True, ), maxthreads=opt.nthreads ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) try: ig_users = cTuples.cInputGenerator(data=opt.users, filename=opt.user_fn, circle=True) except cTuples.ENoInput: print 'Error: No Usernames specified, please use the -u/U parameter to set usernames(s)' sys.exit(1) ig_targets.start() ig_users.start() self.tuples = cTuples.cTuples(inputs=[ig_targets, ig_users], prep_callback=testusername, delay=opt.delay) self.tuples.start()
def __init__(self, args, dbh=None): """ Initialize and run TelnetBruteforce input: args cmdline arguments without argv[0] dbh database handler """ self.dbh = dbh opt = parse(args) # configure bruteforce parameters for all targets brute.to = opt.to brute.tls = opt.tls expand_cb = lambda t: cUtil.mkIP2(t, ports=[opt.port], noResolve=True ) prepare_cb = cUtil.isUp if opt.no_check: prepare_cb = None try: ig_targets = cTuples.cInputGenerator(data=opt.targets, filename=opt.target_fn, circle=False, prepare_cb=prepare_cb, expand_cb=expand_cb, maxthreads=opt.nthreads, ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) try: ig_users = cTuples.cInputGenerator(data=opt.users, filename=opt.user_fn, circle=True) except cTuples.ENoInput: print 'Error: No Usernames specified, please use the -u/U parameter to set usernames(s)' sys.exit(1) try: ig_passw = cTuples.cInputGenerator(data=opt.passw, filename=opt.passw_fn, circle=True) except cTuples.ENoInput: print 'Error: No Passwords specified, please use the -p/P parameter to set password(s)' sys.exit(1) ig_targets.start() ig_users.start() ig_passw.start() self.tuples = cTuples.cTuples(inputs=[ig_targets, ig_users, ig_passw], prep_callback=brute, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def parse(self, args): description = "### SMTP user enumeration ###\n" + \ "It is based on the SMTP commands: VRFY, EXPN, RCPT.\n" + \ "Results may be inaccurate (false positives) as not all SMTP servers act the same.\n" +\ "Furthermore, this script does not support StartTLS or authentication.\n" +\ "To inspect the server's resonse, use the -v verbosity switch.\n" +\ "Output of valid usernames are in the form of: [username]\n\n" epilog = """Examples: smtp_user_enum.plg -command ALL -U users.txt -t 192.168.1.136 """ parser = argparse.ArgumentParser( description=description, epilog=epilog, formatter_class=argparse.RawTextHelpFormatter) parser.add_argument("-command", action="store", dest="command", required=True, help="choose VRFY, EXPN, RCPT or ALL") parser.add_argument('-T', help='files containing host:port entries', default='', dest='target_fn') parser.add_argument( '-t', help='target hosts', default=[], nargs='+', dest='targets', ) parser.add_argument('-port', help='target port (default 25)', dest='port', default=25, type=int) parser.add_argument('-delay', help='delay in between requests', dest='delay', default=0.0, type=float) parser.add_argument( '-u', help='usernames', default=[], nargs='+', dest='users', ) parser.add_argument( '-U', help='file containing one username per line', default='', dest='user_fn', ) parser.add_argument('-nt', help='number of threads (default 100)', dest='nthreads', type=int, default=100) parser.add_argument('-to', help='Server timeout (default 3s)', dest='timeout', type=int, default=3) parser.add_argument( '-no_check', help='disable host check', action='store_true', dest='no_check', ) if not args: parser.print_help() sys.exit(1) opt = parser.parse_args(args) testusername.command = opt.command testusername.timeout = opt.timeout if opt.command != "VRFY" and opt.command != "EXPN" and opt.command != "RCPT" and opt.command != "ALL": parser.print_help() print("command must either be 'VRFY', 'EXPN', 'RCPT' or 'ALL'") sys.exit(1) try: ig_targets = cTuples.cInputGenerator( data=opt.targets, filename=opt.target_fn, circle=False, prepare_cb=cUtil.isUp, expand_cb=lambda t: cUtil.mkIP2( t, ports=[opt.port], noResolve=True, ), maxthreads=opt.nthreads) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) try: ig_users = cTuples.cInputGenerator(data=opt.users, filename=opt.user_fn, circle=True) except cTuples.ENoInput: print 'Error: No Usernames specified, please use the -u/U parameter to set usernames(s)' sys.exit(1) ig_targets.start() ig_users.start() self.tuples = cTuples.cTuples(inputs=[ig_targets, ig_users], prep_callback=testusername, delay=opt.delay) self.tuples.start()
def ssl_test(args, dbh=None): parser = argparse.ArgumentParser( prog=__plgname__, description="ssl version tester v%f" % __version__, epilog= """ Examples: ssl_tester.plg -t www.curesec.com -maxcon 10 """, formatter_class=argparse.RawTextHelpFormatter ) parser.add_argument('-T', help='file containing urls or ips', dest='target_fn' ) parser.add_argument('-t', help='url or ir', nargs='+', dest='target', default=[] ) parser.add_argument('-delay', help='delay in between requests', dest='delay', default=0.0, type=float ) parser.add_argument('-C', help='filename of cipher suite list to test against (default cipherlist.txt)', dest='cipher_fn', default='cipherlist.txt' ) parser.add_argument('-port', help='target port (default 443)', dest='port', default=443, type=int ) parser.add_argument('-to', help='Server timeout (default 3s)', dest='timeout', type=int, default=3 ) parser.add_argument('-maxcon', help='Maximum parallel connections per host (default: unlimited)', type=int, default=0, ) parser.add_argument('-nt', help='Maximum number of threads to scan with, each host gets a new thread (default 10)', dest='nthreads', default=10, type=int ) if not args: parser.print_help() sys.exit(0) opt = parser.parse_args(args) # set global target parameters cComm.Mark.MAX_CON = opt.maxcon cComm.Mark.FIX_PORT = opt.port cComm.Mark.TIMEOUT = opt.timeout # only use ssl connections no plain http cComm.Comm.SSL = True start = datetime.now() try: ig_targets = cTuples.cInputGenerator(data=opt.target, filename=opt.target_fn, circle=False, expand_cb=cUtil.mkIP2, prepare_cb=prepare_target, maxthreads=opt.nthreads ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) try: ig_ciphers = cTuples.cInputGenerator(data=[], filename=opt.cipher_fn, prepare_cb=prepare_cb_cipher, circle=True) except cTuples.ENoInput: print 'Error: No Ciphers specified, please use the -C parameter to set a cipher list file' sys.exit(1) ig_targets.start() ig_ciphers.start() tuples = cTuples.cTuples(inputs=[ig_targets, ig_ciphers], prep_callback=check_ssl, maxthreads=opt.nthreads, delay=opt.delay) tuples.start() results = {} for mark, cs, cipher, sev, version in tuples.tuple_q: if dbh: br = ccd.SslInfoResult( ip=mark.ip, fqdn=mark.hostname, port=mark.port, cs=cs, ) dbh.add(br) try: results[mark.ip + ' / ' + mark.hostname][sev].append(cs) except: results[mark.ip + ' / ' + mark.hostname] = {} results[mark.ip + ' / ' + mark.hostname]['weak'] = [] results[mark.ip + ' / ' + mark.hostname]['medium'] = [] results[mark.ip + ' / ' + mark.hostname]['strong'] = [] tuples.join() for ip, c in results.items(): print '-' * len(ip) print ip print '-' * len(ip) for cs in c['weak']: print '\033[91m%s\033[0m' % cs for cs in c['medium']: print '\033[93m%s\033[0m' % cs for cs in c['strong']: print '\033[92m%s\033[0m' % cs print print 'Finished in %f seconds' % cUtil.secs(start)
def __init__(self, args, dbhandler=None): logger.info("Initialising DNS subdomain scanner..") #FIXME this is bad design. one does not simple initalise an object by # passing the program arguments ;) we need to parse that in advance opt = parse(args) self.dbh = dbhandler data = [] if opt.bf_length: allchars = string.letters + string.digits chars = [] for cs in opt.charsets: if len(cs) < 3 or cs[1] != '-': print 'Invalid charset %s' % cs sys.exit(1) start = allchars.find(cs[0]) if start < 0: print 'Invalid charset %s' % cs sys.exit(1) stop = allchars.find(cs[2]) + 1 if stop < 1: print 'Invalid charset %s' % cs if start > stop: start, stop = stop, start chars.extend(allchars[start:stop]) chars.append('') data = it.imap(lambda t: ''.join(t), it.product(chars, repeat=opt.bf_length)) try: if not opt.w: fnames = [] else: fnames = [opt.w] ig_subs = cTuples.cInputGenerator(filenames=fnames, data=data, maxthreads=opt.nt, circle=False, ) ig_subs.start() except cTuples.ENoInput: print 'Please specify a set of subs or a filename containing a sublist' sys.exit(1) try: ig_domains = cTuples.cInputGenerator(filename=opt.T, data=opt.t, prepare_cb=check_wildcard, maxthreads=opt.nt, circle=True, ) ig_domains.start() except cTuples.ENoInput: print 'Please specify a set of domains or a filename containing a domainlist' sys.exit(1) self.tuples = cTuples.cTuples(inputs=[ig_subs, ig_domains], prep_callback=resolve, maxthreads=opt.nt, delay=opt.delay) self.tuples.start()
expansions[k] = exp.split() # TODO, thats probably not how its supposed to be handled for k, v in config.items(): expansions['@' + k] = v expand.expansions = expansions cComm.Mark.MAX_CON = opt.maxcon cComm.Mark.FIX_PORT = opt.port ig_targets = cTuples.cInputGenerator(data=opt.target, filename=opt.target_fn, circle=False, prepare_cb=cComm.Mark, maxthreads=opt.nthreads ) ig_targets.start() ig_tests = cTuples.cInputGenerator(filename='db_tests', circle=True, expand_cb=expand, maxthreads=opt.nthreads ) ig_tests.start() tuples = cTuples.cTuples(inputs=[ig_targets, ig_tests], prep_callback=db_test.test) tuples.start() for status, mark, test in tuples.tuple_q: #print test if status: print mark.ident print test tuples.join()
def parse(self, args): description = \ """### HTTP Basic Authentication Brute Forcer ### This scripts sends an HTTP request for all combinations of usernames and passwords. A login attempt is successful if the HTTP staus code of the HTTP reply is not 401. Be sure to provide a URL which is protected via HTTP Basic Authentication or you might get lots of false positives. (HTTP/1.1 200 OK) SSL is supported. Use the -ssl switch Output of valid credentials in the form [username:password]. Example: http_basic_bruteforce.plg -t http://url.com:80/priv -u users.txt -p passwords.txt" """ parser = argparse.ArgumentParser(description=description, formatter_class=argparse.RawTextHelpFormatter) parser.add_argument('-T', help='file containing url paths', dest='target_fn' ) parser.add_argument('-t', help='url path which enforces basic auth', nargs='+', dest='target', default=[] ) parser.add_argument('-port', help='target port (default 80)', dest='port', default=80, type=int ) parser.add_argument('-delay', help='delay in between requests', dest='delay', default=0.0, type=float ) parser.add_argument('-U', help='file containing username per line', default='', dest='user_fn', ) parser.add_argument('-u', help='usernames', default=[], nargs='+', dest='users', ) parser.add_argument('-P', help='file containing password per line', dest='passw_fn', default='', ) parser.add_argument('-p', help='passwords', default=[], nargs='+', dest='passw', ) parser.add_argument('-to', help='Server timeout (default 3s)', dest='timeout', type=int, default=3 ) parser.add_argument('-maxcon', help='Maximum parallel connections per host (default: unlimited)', type=int, default=0, ) parser.add_argument('-nt', help='Maximum number of threads to scan with, each host gets a new thread', dest='nthreads', default=10, type=int ) parser.add_argument('-ssl', help='Force ssl connection', dest='ssl', action='store_true', default=False ) parser.add_argument('-nossl', help='Force plain http connection', dest='nossl', action='store_true', default=False ) if not args: parser.print_help() sys.exit(0) opt = parser.parse_args(args) cComm.Comm.SSL = opt.ssl cComm.Comm.NOSSL = opt.nossl cComm.Mark.MAX_CON = opt.maxcon cComm.Mark.FIX_PORT = opt.port cComm.Mark.TIMEOUT = opt.timeout def prepare_cb(target): ip = target[0] ident = ''.join(target[1]) path = '/' hostname = target[1] if not isinstance(hostname, str): try: hostname = target[1][0] if len(target[1]) > 1: path = ''.join(target[1][1:]) except: hostname = '' hostname = '' mark = cComm.Mark(ident, ip=ip, hostname=hostname, path=path, ok_codes=[401, ]) if mark.test > 0: return mark else: return None try: ig_targets = cTuples.cInputGenerator(data=opt.target, filename=opt.target_fn, circle=False, expand_cb=cUtil.mkIP2, prepare_cb=prepare_cb, maxthreads=opt.nthreads ) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) try: ig_users = cTuples.cInputGenerator(data=opt.users, filename=opt.user_fn, prepare_cb=lambda x: x.rstrip(), circle=True) except cTuples.ENoInput: print 'Error: No Usernames specified, please use the -u/U parameter to set usernames(s)' sys.exit(1) try: ig_passw = cTuples.cInputGenerator(data=opt.passw, filename=opt.passw_fn, prepare_cb=lambda x: x.rstrip(), circle=True) except cTuples.ENoInput: print 'Error: No Passwords specified, please use the -p/P parameter to set password(s)' sys.exit(1) ig_targets.start() ig_users.start() ig_passw.start() self.tuples = cTuples.cTuples(inputs=[ig_targets, ig_users, ig_passw], prep_callback=brute, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def parse_arguments(self, args): """parse all command line arguments""" parser = argparse.ArgumentParser( formatter_class=argparse.RawTextHelpFormatter, prog=__plgname__, description="Bruteforce pop3 logins", epilog="""Examples: popbruteforce.plg -t pop.test.local -u [email protected] -p password popbruteforce.plg -t pop.test.local -P pass.txt -U user.txt -nt 20 """ ) parser.add_argument( "-t", help="target server address or hostname", dest='target', required=True, ) parser.add_argument( "-port", help="port number, use 110 in combination with NOSSL/STARTTLS, 995 with SSL crypto", dest='port', type=int, default=-1, required=False, ) parser.add_argument('-delay', help='delay in between requests', dest='delay', default=0.0, type=float ) parser.add_argument('-u', help='usernames', default=[], nargs='+', dest='users', ) parser.add_argument('-p', help='passwords', default=[], nargs='+', dest='passw', ) parser.add_argument('-U', help='file containing one username per line', default='', dest='user_fn', ) parser.add_argument('-P', help='file containing one password per line', default='', dest='passw_fn', ) parser.add_argument( "-c", help="cryptolayer STARTTLS/SSL/NOSSL (default SSL)", dest='crypto', default='SSL' ) parser.add_argument( "-nt", help="thread count", dest='nthreads', type=int, default=1, required=False, ) if not args: parser.print_help() sys.exit(1) arguments, _ = parser.parse_known_args(args) typ = cUtil.getTargetType(arguments.target) if typ == cUtil.TTYPE.DOMAIN: self.host = socket.gethostbyname(arguments.target) self.fqdn = arguments.target elif typ == cUtil.TTYPE.IP: self.host = arguments.target self.fqdn = '' else: print 'Invalid Target %s' % arguments.target self.port = arguments.port if (arguments.crypto): self.cryptolayer = str(arguments.crypto.upper()) if self.port < 0: if self.cryptolayer == 'SSL': self.port = 995 else: self.port = 110 test.port = self.port test.host = self.host test.cryptolayer = self.cryptolayer try: ig_users = cTuples.cInputGenerator(data=arguments.users, filename=arguments.user_fn, expand_cb=test, prepare_cb=lambda x: x.strip(), maxthreads=arguments.nthreads, circle=False) except cTuples.ENoInput: print 'Error: No Usernames specified, please use the -u/U parameter to set usernames(s)' sys.exit(1) try: ig_passw = cTuples.cInputGenerator(data=arguments.passw, filename=arguments.passw_fn, prepare_cb=lambda x: x.strip(), maxthreads=arguments.nthreads, circle=True) except cTuples.ENoInput: print 'Error: No Passwords specified, please use the -p/P parameter to set password(s)' sys.exit(1) ig_users.start() ig_passw.start() self.tuples = cTuples.cTuples(inputs=[ig_users, ig_passw], prep_callback=brute, delay=arguments.delay) self.tuples.start()
def __init__(self, args, dbh=None): opt = parse(args) global tls_versions tls_versions = opt.tlsv hb_test.OUTDIR = opt.outdir hb_test.TIMEOUT = opt.to try: hb_test.OUTDIR = os.path.join(__builtin__.openhome.base_dir, hb_test.OUTDIR) except: pass if not os.path.exists(hb_test.OUTDIR): os.makedirs(hb_test.OUTDIR) else: logger.info('%s directory already exists' % hb_test.OUTDIR) # check access permissions if not os.access(hb_test.OUTDIR, os.R_OK): print 'Error %s not readable' % hb_test.OUTDIR sys.exit(1) if not os.access(hb_test.OUTDIR, os.W_OK): print 'Error %s not writable' % hb_test.OUTDIR sys.exit(1) if not os.access(hb_test.OUTDIR, os.X_OK): print 'Error %s not executable' % hb_test.OUTDIR sys.exit(1) start = datetime.now() ig_targets = cTuples.cInputGenerator(data=opt.target, filename=opt.target_fn, circle=False, expand_cb=lambda t: cUtil.mkIP2(t, ports=opt.ports, noSplit=True, noResolve=False), maxthreads=opt.nthreads ) ig_targets.start() tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=hb_test, maxthreads=opt.nthreads, delay=opt.delay) tuples.start() n = 0 n_vuln = 0 n_notvuln = 0 n_down = 0 timestamp = time.strftime("%Y-%m-%d_%H:%M:%S") fd_vuln = open(os.path.join(hb_test.OUTDIR, 'vulnerable_%s' % timestamp), 'w') fd_notvuln = open(os.path.join(hb_test.OUTDIR, 'not_vulnerable_%s' % timestamp), 'w') fd_down = open(os.path.join(hb_test.OUTDIR, 'down_%s' % timestamp), 'w') fmt = '{:60}{:<20}' print print 'Started scan for CVE-2014-0160' print 'Testing ports: %s' % ', '.join(map(str, opt.ports)) print 'Testing tls versions: %s' % ', '.join(map(str, opt.tlsv)) print print '-' * 80 print for vulnerable, target, hostname, fn, sample, errors in tuples.tuple_q: n += 1 if vulnerable in opt.tlsv: if dbh: br = ccd.HeartbleedResult( ip=target[0], fqdn=hostname, port=target[1], sample=grep_ascii(sample), risk=9, tlsv=vulnerable, ) dbh.add(br) if not hostname: hostname = target[0] n_vuln += 1 fd_vuln.write('%s:%d\n' % (hostname, target[1])) if errors: fd_vuln.write('Warning: errors occured -> %s\n' % ', '.join(errors)) fd_vuln.flush() if errors: print fmt.format('\033[93m%s:%d\033[0m' % (hostname, target[1]), 'is vulnerable, tlsv %s' % vulnerable) print '\tError(s): %s' % ', '.join(errors) else: print fmt.format('\033[91m%s:%d\033[0m' % (hostname, target[1]), 'is vulnerable, tlsv %s' % vulnerable) print '\t%d bytes stored in %s' % (len(sample), fn) elif vulnerable == 'NOT_VULN': if dbh: br = ccd.HeartbleedResult_NV( ip=target[0], fqdn=hostname, port=target[1], risk=0, tlsv='-' ) dbh.add(br) if not hostname: hostname = target[0] n_notvuln += 1 fd_notvuln.write('%s:%d\n' % (hostname, target[1])) if errors: fd_notvuln.write('\nWarning: errors occured -> %s' % ', '.join(errors)) fd_notvuln.flush() if errors: print fmt.format('\033[93m%s:%d\033[0m' % (hostname, target[1]), 'is not vulnerable') print '\tError(s): %s' % ', '.join(errors) else: print fmt.format('\033[92m%s:%d\033[0m' % (hostname, target[1]), 'is not vulnerable') elif vulnerable == 'DOWN': n_down += 1 fd_down.write('%s:%d\n' % (hostname, target[1])) fd_down.flush() tuples.join() print print '-' * 80 print print 'Finished scan in %f seconds' % cUtil.secs(start) print print '%d targets tested' % n print '%d targets found vulnerable (see %s)' % (n_vuln, fd_vuln.name) print '%d targets found not vulnerable (see %s)' % (n_notvuln, fd_notvuln.name) print '%d targets were down (see %s)' % (n_down, fd_down.name) fd_vuln.close() fd_notvuln.close() fd_down.close()
def parse(self, args): description = \ """### HTTP Basic Authentication Brute Forcer ### This scripts sends an HTTP request for all combinations of usernames and passwords. A login attempt is successful if the HTTP staus code of the HTTP reply is not 401. Be sure to provide a URL which is protected via HTTP Basic Authentication or you might get lots of false positives. (HTTP/1.1 200 OK) SSL is supported. Use the -ssl switch Output of valid credentials in the form [username:password]. Example: http_basic_bruteforce.plg -t http://url.com:80/priv -u users.txt -p passwords.txt" """ parser = argparse.ArgumentParser( description=description, formatter_class=argparse.RawTextHelpFormatter) parser.add_argument('-T', help='file containing url paths', dest='target_fn') parser.add_argument('-t', help='url path which enforces basic auth', nargs='+', dest='target', default=[]) parser.add_argument('-port', help='target port (default 80)', dest='port', default=80, type=int) parser.add_argument('-delay', help='delay in between requests', dest='delay', default=0.0, type=float) parser.add_argument( '-U', help='file containing username per line', default='', dest='user_fn', ) parser.add_argument( '-u', help='usernames', default=[], nargs='+', dest='users', ) parser.add_argument( '-P', help='file containing password per line', dest='passw_fn', default='', ) parser.add_argument( '-p', help='passwords', default=[], nargs='+', dest='passw', ) parser.add_argument('-to', help='Server timeout (default 3s)', dest='timeout', type=int, default=3) parser.add_argument( '-maxcon', help='Maximum parallel connections per host (default: unlimited)', type=int, default=0, ) parser.add_argument( '-nt', help= 'Maximum number of threads to scan with, each host gets a new thread', dest='nthreads', default=10, type=int) parser.add_argument('-ssl', help='Force ssl connection', dest='ssl', action='store_true', default=False) parser.add_argument('-nossl', help='Force plain http connection', dest='nossl', action='store_true', default=False) if not args: parser.print_help() sys.exit(0) opt = parser.parse_args(args) cComm.Comm.SSL = opt.ssl cComm.Comm.NOSSL = opt.nossl cComm.Mark.MAX_CON = opt.maxcon cComm.Mark.FIX_PORT = opt.port cComm.Mark.TIMEOUT = opt.timeout def prepare_cb(target): ip = target[0] ident = ''.join(target[1]) path = '/' hostname = target[1] if not isinstance(hostname, str): try: hostname = target[1][0] if len(target[1]) > 1: path = ''.join(target[1][1:]) except: hostname = '' hostname = '' mark = cComm.Mark(ident, ip=ip, hostname=hostname, path=path, ok_codes=[ 401, ]) if mark.test > 0: return mark else: return None try: ig_targets = cTuples.cInputGenerator(data=opt.target, filename=opt.target_fn, circle=False, expand_cb=cUtil.mkIP2, prepare_cb=prepare_cb, maxthreads=opt.nthreads) except cTuples.ENoInput: print 'Error: No Targets specified, please use the -t/T parameter to set target(s)' sys.exit(1) try: ig_users = cTuples.cInputGenerator(data=opt.users, filename=opt.user_fn, prepare_cb=lambda x: x.rstrip(), circle=True) except cTuples.ENoInput: print 'Error: No Usernames specified, please use the -u/U parameter to set usernames(s)' sys.exit(1) try: ig_passw = cTuples.cInputGenerator(data=opt.passw, filename=opt.passw_fn, prepare_cb=lambda x: x.rstrip(), circle=True) except cTuples.ENoInput: print 'Error: No Passwords specified, please use the -p/P parameter to set password(s)' sys.exit(1) ig_targets.start() ig_users.start() ig_passw.start() self.tuples = cTuples.cTuples(inputs=[ig_targets, ig_users, ig_passw], prep_callback=brute, maxthreads=opt.nthreads, delay=opt.delay) self.tuples.start()
def __init__(self, args, dbh=None): opt = parse(args) global tls_versions tls_versions = opt.tlsv hb_test.OUTDIR = opt.outdir hb_test.TIMEOUT = opt.to try: hb_test.OUTDIR = os.path.join(__builtin__.openhome.base_dir, hb_test.OUTDIR) except: pass if not os.path.exists(hb_test.OUTDIR): os.makedirs(hb_test.OUTDIR) else: logger.info('%s directory already exists' % hb_test.OUTDIR) # check access permissions if not os.access(hb_test.OUTDIR, os.R_OK): print 'Error %s not readable' % hb_test.OUTDIR sys.exit(1) if not os.access(hb_test.OUTDIR, os.W_OK): print 'Error %s not writable' % hb_test.OUTDIR sys.exit(1) if not os.access(hb_test.OUTDIR, os.X_OK): print 'Error %s not executable' % hb_test.OUTDIR sys.exit(1) start = datetime.now() ig_targets = cTuples.cInputGenerator( data=opt.target, filename=opt.target_fn, circle=False, expand_cb=lambda t: cUtil.mkIP2( t, ports=opt.ports, noSplit=True, noResolve=False), maxthreads=opt.nthreads) ig_targets.start() tuples = cTuples.cTuples(inputs=[ig_targets], prep_callback=hb_test, maxthreads=opt.nthreads, delay=opt.delay) tuples.start() n = 0 n_vuln = 0 n_notvuln = 0 n_down = 0 timestamp = time.strftime("%Y-%m-%d_%H:%M:%S") fd_vuln = open( os.path.join(hb_test.OUTDIR, 'vulnerable_%s' % timestamp), 'w') fd_notvuln = open( os.path.join(hb_test.OUTDIR, 'not_vulnerable_%s' % timestamp), 'w') fd_down = open(os.path.join(hb_test.OUTDIR, 'down_%s' % timestamp), 'w') fmt = '{:60}{:<20}' print print 'Started scan for CVE-2014-0160' print 'Testing ports: %s' % ', '.join(map(str, opt.ports)) print 'Testing tls versions: %s' % ', '.join(map(str, opt.tlsv)) print print '-' * 80 print for vulnerable, target, hostname, fn, sample, errors in tuples.tuple_q: n += 1 if vulnerable in opt.tlsv: if dbh: br = ccd.HeartbleedResult( ip=target[0], fqdn=hostname, port=target[1], sample=grep_ascii(sample), risk=9, tlsv=vulnerable, ) dbh.add(br) if not hostname: hostname = target[0] n_vuln += 1 fd_vuln.write('%s:%d\n' % (hostname, target[1])) if errors: fd_vuln.write('Warning: errors occured -> %s\n' % ', '.join(errors)) fd_vuln.flush() if errors: print fmt.format( '\033[93m%s:%d\033[0m' % (hostname, target[1]), 'is vulnerable, tlsv %s' % vulnerable) print '\tError(s): %s' % ', '.join(errors) else: print fmt.format( '\033[91m%s:%d\033[0m' % (hostname, target[1]), 'is vulnerable, tlsv %s' % vulnerable) print '\t%d bytes stored in %s' % (len(sample), fn) elif vulnerable == 'NOT_VULN': if dbh: br = ccd.HeartbleedResult_NV(ip=target[0], fqdn=hostname, port=target[1], risk=0, tlsv='-') dbh.add(br) if not hostname: hostname = target[0] n_notvuln += 1 fd_notvuln.write('%s:%d\n' % (hostname, target[1])) if errors: fd_notvuln.write('\nWarning: errors occured -> %s' % ', '.join(errors)) fd_notvuln.flush() if errors: print fmt.format( '\033[93m%s:%d\033[0m' % (hostname, target[1]), 'is not vulnerable') print '\tError(s): %s' % ', '.join(errors) else: print fmt.format( '\033[92m%s:%d\033[0m' % (hostname, target[1]), 'is not vulnerable') elif vulnerable == 'DOWN': n_down += 1 fd_down.write('%s:%d\n' % (hostname, target[1])) fd_down.flush() tuples.join() print print '-' * 80 print print 'Finished scan in %f seconds' % cUtil.secs(start) print print '%d targets tested' % n print '%d targets found vulnerable (see %s)' % (n_vuln, fd_vuln.name) print '%d targets found not vulnerable (see %s)' % (n_notvuln, fd_notvuln.name) print '%d targets were down (see %s)' % (n_down, fd_down.name) fd_vuln.close() fd_notvuln.close() fd_down.close()