class Module(ModuleTemplate):
name = "HeaderScanner"
def __init__(self, db):
self.db = db
self.Port = PortRepository(db, self.name)
def set_options(self):
super(Module, self).set_options()
self.options.add_argument('-t', '--timeout', help='Connection timeout (default 5)', default="5")
self.options.add_argument('-u', '--url', help="URL to get headers")
self.options.add_argument('-i', '--import_db', help="Import URLs from the database", action="store_true")
self.options.add_argument('-th', '--threads', help="Number of threads to run", default="10")
def run(self, args):
if args.import_db:
svc = self.Port.all(service_name='http')
svc += self.Port.all(service_name='https')
data = []
for s in svc:
urls = ["%s://%s:%s" % (s.service_name, s.ip_address.ip_address, s.port_number)]
for d in s.ip_address.domains:
urls.append("%s://%s:%s" % (s.service_name, d.domain, s.port_number))
data.append([s.id, urls, args.timeout])
pool = ThreadPool(int(args.threads))
results = pool.map(process_urls, data)
print("Adding data to the database")
for i, headers in results:
created, svc = self.Port.find_or_create(id=i)
svc.meta['headers'] = headers
svc.update()
self.Port.commit()
class Module(ToolTemplate):
"""
Runs nmap on all web hosts to pull certs and add them to the database
"""
name = "NmapCertScan"
binary_name = "nmap"
def __init__(self, db):
self.db = db
self.Port = PortRepository(db, self.name)
def set_options(self):
super(Module, self).set_options()
self.options.add_argument(
"-s",
"--rescan",
help="Rescan domains that have already been scanned",
action="store_true",
)
def get_targets(self, args):
targets = []
if args.rescan:
services = self.Port.all(service_name="https")
else:
services = self.Port.all(tool=self.name, service_name="https")
for s in services:
if s.ip_address.in_scope:
port = s.port_number
targets.append(
{
"port": port,
"target": s.ip_address.ip_address,
"service_id": s.id,
}
)
for d in s.ip_address.domains:
targets.append(
{"port": port, "target": d.domain, "service_id": s.id}
)
if args.output_path[0] == "/":
output_path = os.path.join(
self.base_config["PROJECT"]["base_path"], args.output_path[1:]
)
else:
output_path = os.path.join(
self.base_config["PROJECT"]["base_path"], args.output_path
)
if not os.path.exists(output_path):
os.makedirs(output_path)
for t in targets:
file_path = os.path.join(output_path, "%s_%s-ssl.xml" % (t["target"], port))
t["output"] = file_path
# pdb.set_trace()
return targets
def build_cmd(self, args):
cmd = self.binary + " -p {port} --script=ssl-cert -oX {output} {target} "
if args.tool_args:
cmd += args.tool_args
return cmd
def process_output(self, cmds):
for data in cmds:
try:
xmldata = xmltodict.parse(open(data["output"]).read())
cert = xmldata["nmaprun"]["host"]["ports"]["port"]["script"]["@output"]
if cert:
# print("Cert found: {}".format(cert))
svc = self.Port.all(id=data["service_id"])[0]
# pdb.set_trace()
if not svc.meta.get("sslcert", False):
svc.meta["sslcert"] = {}
svc.meta["sslcert"][data["target"]] = cert
print(
"Cert added to {} for {}".format(
data["service_id"], data["target"]
)
)
svc.save()
except Exception as e:
display_error("File not valid: {}\nError: {}".format(data["output"], e))
self.Port.commit()
class Module(ToolTemplate):
'''
Runs nmap on all web hosts to pull certs and add them to the database
'''
name = "NmapCertScan"
binary_name = "nmap"
def __init__(self, db):
self.db = db
self.Port = PortRepository(db, self.name)
def set_options(self):
super(Module, self).set_options()
self.options.add_argument(
'-s',
'--rescan',
help="Rescan domains that have already been scanned",
action="store_true")
def get_targets(self, args):
targets = []
if args.rescan:
services = self.Port.all(service_name='https')
else:
services = self.Port.all(tool=self.name, service_name='https')
for s in services:
if s.ip_address.in_scope:
port = s.port_number
targets.append({
'port': port,
'target': s.ip_address.ip_address,
'service_id': s.id
})
for d in s.ip_address.domains:
targets.append({
'port': port,
'target': d.domain,
'service_id': s.id
})
if args.output_path[0] == "/":
output_path = os.path.join(
self.base_config['PROJECT']['base_path'], args.output_path[1:])
else:
output_path = os.path.join(
self.base_config['PROJECT']['base_path'], args.output_path)
if not os.path.exists(output_path):
os.makedirs(output_path)
for t in targets:
file_path = os.path.join(output_path,
"%s_%s-ssl.xml" % (t['target'], port))
t['output'] = file_path
# pdb.set_trace()
return targets
def build_cmd(self, args):
cmd = self.binary + " -p {port} --script=ssl-cert -oX {output} {target} "
if args.tool_args:
cmd += args.tool_args
return cmd
def process_output(self, cmds):
for data in cmds:
try:
xmldata = xmltodict.parse(open(data['output']).read())
cert = xmldata['nmaprun']['host']['ports']['port']['script'][
'@output']
if cert:
svc = self.Port.all(id=data['service_id'])[0]
if not svc.meta.get(self.name, False):
svc.meta[self.name] = {}
svc.meta[self.name][data['target']] = cert
svc.update()
except:
display_error("File not valid: {}".format(data['output']))
self.Port.commit()
class Module(ModuleTemplate):
'''
Runs nmap on all web hosts to pull certs and add them to the database
'''
name = "NmapCertScan"
def __init__(self, db):
self.db = db
self.Port = PortRepository(db, self.name)
def set_options(self):
super(Module, self).set_options()
self.options.add_argument('-t',
'--threads',
help="Number of threads",
default="1")
self.options.add_argument(
'-o',
'--output_path',
help=
"Path which will contain program output (relative to base_path in config",
default=self.name)
self.options.add_argument(
'-s',
'--rescan',
help="Rescan domains that have already been scanned",
action="store_true")
def run(self, args):
if not args.binary:
self.binary = which.run('nmap')
else:
self.binary = which.run(args.binary)
if not self.binary:
print(
"nmap binary not found. Please explicitly provide path with --binary"
)
if args.rescan:
services = self.Port.all(service_name='https')
else:
services = self.Port.all(tool=self.name, service_name='https')
self.process_services(services, args)
def process_services(self, services, args):
if args.output_path[0] == "/":
output_path = os.path.join(
self.base_config['PROJECT']['base_path'], args.output_path[1:])
else:
output_path = os.path.join(
self.base_config['PROJECT']['base_path'], args.output_path)
if not os.path.exists(output_path):
os.makedirs(output_path)
cmds = []
for s in services:
ip = s.ip_address.ip_address
domains = [d.domain for d in s.ip_address.domains]
port = s.port_number
hosts = [ip] + domains
for h in hosts:
file_path = os.path.join(output_path,
"%s_%s-ssl.xml" % (h, port))
command_args = " -p %s " % port
command_args += " --script=ssl-cert -oX %s " % file_path
cmds.append(shlex.split(self.binary + command_args + h))
pool = ThreadPool(int(args.threads))
# res = subprocess.Popen(cmd).wait()
pool.map(scan_hosts, cmds)
for s in services:
p = s.ip_address.ip_address
domains = [d.domain for d in s.ip_address.domains]
port = s.port_number
hosts = [ip] + domains
data = {}
for h in hosts:
# pdb.set_trace()
print("Processing %s" % file_path)
file_path = os.path.join(output_path,
"%s_%s-ssl.xml" % (h, port))
try:
xmldata = xmltodict.parse(open(file_path).read())
cert = xmldata['nmaprun']['host']['ports']['port'][
'script']['@output']
if cert:
data[h] = cert
except:
print("File not valid: %s" % file_path)
# pdb.set_trace()
s.meta['sslcert'] = data
s.update()
self.Port.commit()
class Module(ModuleTemplate):
name = "HeaderScanner"
def __init__(self, db):
self.db = db
self.Port = PortRepository(db, self.name)
def set_options(self):
super(Module, self).set_options()
self.options.add_argument("-t",
"--timeout",
help="Connection timeout (default 5)",
default="5")
self.options.add_argument("-u", "--url", help="URL to get headers")
self.options.add_argument(
"-i",
"--import_db",
help="Import URLs from the database",
action="store_true",
)
self.options.add_argument("-th",
"--threads",
help="Number of threads to run",
default="10")
self.options.add_argument("--rescan",
help="Rescan URLs already processed",
action="store_true")
def run(self, args):
if args.import_db:
if args.rescan:
svc = self.Port.all(service_name="http")
svc += self.Port.all(service_name="https")
else:
svc = self.Port.all(service_name="http", tool=self.name)
svc += self.Port.all(service_name="https", tool=self.name)
data = []
for s in svc:
if s.ip_address.in_scope:
urls = [
"%s://%s:%s" % (s.service_name,
s.ip_address.ip_address, s.port_number)
]
for d in s.ip_address.domains:
urls.append("%s://%s:%s" %
(s.service_name, d.domain, s.port_number))
data.append([s.id, urls, args.timeout])
pool = ThreadPool(int(args.threads))
results = pool.map(process_urls, data)
display_new("Adding headers to the database")
for i, headers, cookies in results:
created, svc = self.Port.find_or_create(id=i)
svc.meta["headers"] = headers
svc.meta["cookies"] = cookies
svc.update()
self.Port.commit()
