def update_ports(self, command):
utils.print_good('Cleaning for {0}:{1}'.format(
command.get('banner'), command.get('post_run')))
csv_data = utils.just_read(command.get('output_path'), get_list=True)
if not csv_data:
utils.print_bad('Output not found: {0}'.format(
command.get('output_path')))
return False
result = {}
for line in csv_data[1:]:
host = line.split(',')[0]
port = line.split(',')[3]
if result.get('host', None):
result[host] += "," + str(port).strip(',')
else:
result[host] = port
final_result = []
for host, ports in result.items():
item = "ip_address|{0};;ports|{1}".format(host, ports)
final_result.append(item)
utils.just_write(command.get('cleaned_output'),
"\n".join(final_result))
def waiting(options, delay=20, times=0):
elapsed_time = 0
if times:
count = 0
module_name = options.get('CURRENT_MODULE', False)
utils.print_info('Waiting for {0} module'.format(module_name))
checking = poll_status(options)
while checking:
time.sleep(delay)
if not times:
# just don't print this too much
if ((elapsed_time / delay) % 10) == 0:
utils.print_info('Waiting for {0} module'.format(module_name))
time.sleep(delay)
if times:
utils.print_info('Waiting for {0} module {1}/{2}'.format(
module_name, str(count), str(times)))
if count == int(times):
poll_status(options, forced=True)
utils.print_bad(
"Something bad with {0} module but force to continue".
format(module_name))
break
count += 1
checking = poll_status(options)
def update_tech(self, command):
utils.print_good('Cleaning for {0}:{1}'.format(
command.get('banner'), command.get('post_run')))
output = utils.just_read(command.get('output_path'), get_list=True)
if not output:
utils.print_bad('Output not found: {0}'.format(
command.get('output_path')))
return False
tech_summaries = []
for line in output:
try:
jsonl = utils.get_json(line)
if jsonl.get('matches'):
domain = utils.get_domain(jsonl.get('hostname'))
techs = [x.get('app_name') for x in jsonl.get('matches')]
item = "domain|{0};;technologies|{1}".format(
domain, ",".join(techs))
tech_summaries.append(item)
except:
pass
cleaned_output = utils.just_write(command.get('cleaned_output'),
"\n".join(tech_summaries))
if cleaned_output:
utils.check_output(command.get('cleaned_output'))
# update technologies to db
summary.push_with_file(self.options, command.get('cleaned_output'))
def parsing_argument(args):
# parsing agument
options = config.parsing_config(args)
# Start Django API if it's not running
if not args.client:
if not utils.connection_check('127.0.0.1', 8000):
p = Process(target=start_server, args=(options.get('localhost'), ))
p.start()
# wait for Django API start
time.sleep(3)
else:
utils.print_info("Look like Django API already ran")
options = auth.login(options)
if not options or not (options['JWT'] and options['JWT'] != "None"):
utils.print_bad("Can't login to get JWT")
sys.exit(-1)
# run list of target
if options.get('target_list') and utils.not_empty_file(
options.get('target_list')):
targets = utils.just_read(options.get('target_list'), get_list=True)
for target in targets:
options['raw_target'] = target
options['workspace'] = target
single_target(options)
else:
single_target(options)
def get_scheme(self, command):
utils.print_good('Cleaning for {0}:{1}'.format(
command.get('banner'), command.get('post_run')))
csv_data = utils.just_read(command.get('requirement'), get_list=True)
if not csv_data:
utils.print_bad('Output not found: {0}'.format(
command.get('output_path')))
return False
summaries, result = [], []
for line in csv_data[1:]:
# print(line)
if ',' not in line or len(line.split(',')) < 3:
continue
_results = line.split(',')
host = _results[0].strip('"')
port = _results[2].strip('"')
service = _results[4].strip('"') + "/" + _results[5].strip('"')
result.append("http://" + host + ":" + port)
result.append("https://" + host + ":" + port)
sum_line = f"domain|{host};;ip_address|{host};;ports|{port};;technologies|{service}"
summaries.append(sum_line)
# print(sum_line)
scheme_path = utils.replace_argument(
self.options, '$WORKSPACE/vulnscan/scheme-$OUTPUT.txt')
utils.just_write(scheme_path, "\n".join(result))
# update summaries table
formatted_summary = utils.replace_argument(
self.options, '$WORKSPACE/vulnscan/formatted-summary-$OUTPUT.txt')
utils.just_write(formatted_summary, "\n".join(summaries))
summary.push_with_file(self.options, formatted_summary)
def clean_massdns(self, command):
utils.print_good('Cleaning for {0}:{1}'.format(
command.get('banner'), command.get('post_run')))
output = utils.just_read(command.get('output_path'), get_list=True)
if not output:
utils.print_bad('Output not found: {0}'.format(
command.get('output_path')))
return False
only_A_record, summaries, resolved = [], [], []
for line in output:
if '. A ' in line:
only_A_record.append(line.split('. A ')[1].strip())
resolved.append(line.split('. A ')[0])
summary = "domain|{0};;ip_address|{1}".format(
line.split('. A ')[0],
line.split('. A ')[1])
summaries.append(summary)
elif '. CNAME ' in line:
resolved.append(line.split('. CNAME ')[0])
cleaned_output = utils.just_write(command.get('cleaned_output'),
"\n".join(only_A_record))
resolved_path = utils.replace_argument(
self.options, '$WORKSPACE/probing/resolved-$OUTPUT.txt')
resolved_output = utils.just_write(resolved_path, "\n".join(resolved))
if cleaned_output:
utils.check_output(command.get('cleaned_output'))
if resolved_output:
utils.check_output(resolved_path)
self.update_summaries(summaries)
def update_ports(self, command):
utils.print_good('Cleaning for {0}:{1}'.format(command.get('banner'),
command.get('pre_run')))
csv_data = utils.just_read(command.get('requirement'), get_list=True)
if not csv_data:
utils.print_bad('Requirement not found: {0}'.format(
command.get('requirement')))
return False
result = {}
for line in csv_data[1:]:
host = line.split(',')[0]
port = line.split(',')[3]
if result.get(host, None):
result[host] += "," + str(port).strip(',')
else:
result[host] = port
# store it as format can submit to summaries
final_result = []
for host, ports in result.items():
item = "ip_address|{0};;ports|{1}".format(host, ports)
final_result.append(item)
utils.just_write(command.get('cleaned_output'),
"\n".join(final_result))
summary.push_with_file(self.options, command.get('cleaned_output'))
def show(options):
head = ['Workspaces']
contents = report.list_workspaces(options)
if not contents:
utils.print_bad("No Workspace found")
return
print(tabulate(contents, head, tablefmt="grid"))
def clean_gowitness(self, command):
utils.print_good('Cleaning for {0}:{1}'.format(
command.get('banner'), command.get('post_run')))
real_cmd = utils.resolve_command(
self.options, {
"banner":
"gowitness gen report",
"cmd":
"$GO_PATH/gowitness report generate -n $WORKSPACE/portscan/screenshot/$OUTPUT-raw-gowitness.html --destination $WORKSPACE/portscan/screenshot/raw-gowitness/ --db $WORKSPACE/portscan/screenshot/gowitness.db",
"output_path":
"$WORKSPACE/portscan/screenshot/$OUTPUT-raw-gowitness.html",
})
execute.send_cmd(self.options, real_cmd)
raw_html = utils.just_read(real_cmd.get('output_path'))
if not raw_html:
utils.print_bad('Requirement not found: {0}'.format(
real_cmd.get('output_path')))
return False
local_path = utils.replace_argument(self.options,
'$WORKSPACE/portscan/')
real_html = raw_html.replace(local_path, '')
utils.just_write(command.get('cleaned_output'), real_html)
utils.check_output(command.get('cleaned_output'))
def show(options):
raw_contents = report.list_workspaces(options)
if not raw_contents:
utils.print_bad("No Workspace found")
return
head = ['Available Workspaces']
content = [[x] for x in raw_contents]
print(tabulate(content, head, tablefmt="grid"))
def show(options):
content = export.exports_to_file(options)
if not content:
utils.print_bad("No Workspace found")
return
data = utils.just_read(content)
print(data)
utils.print_block(content, tag='OUTPUT')
def show(options, get_content=False):
raw_contents = report.full_reports(options)
# print(raw_contents)
if not raw_contents:
utils.print_bad("Workspace not found")
return
if get_content:
reading_content(options, raw_contents)
else:
read_paths(raw_contents)
def single_target(options):
if not options or not (options['JWT'] and options['JWT'] != "None"):
utils.print_bad("Can't login to get JWT")
sys.exit(-1)
# don't create new workspace in report mode
if options.get('mode') != 'report':
options = initial.init_workspace(options)
# run specific task otherwise run the normal routine
routine.routine_handle(options)
def _verify_target(target, target_list):
if target_list:
if utils.not_empty_file(target_list):
real_target = target_list
else:
utils.print_bad("Input file not found: {0}".format(target_list))
sys.exit(-1)
else:
real_target = target
return real_target
def slack_noti(options, noti_type):
try:
if 'log' in noti_type:
pass
elif 'done' in noti_type:
slack_done(options)
else:
slack_status(options)
except:
utils.print_bad("Fail to send noti to slack")
pass
def clean_gobuster(self, command):
utils.print_good('Cleaning for {0}:{1}'.format(
command.get('banner'), command.get('post_run')))
output = utils.just_read(command.get('output_path'))
if not output:
utils.print_bad('Output not found: {0}'.format(
command.get('output_path')))
return False
cleaned_output = utils.just_write(command.get('cleaned_output'),
output.replace('Found: ', ''))
if cleaned_output:
utils.check_output(command.get('cleaned_output'))
def clean_gowitness(self, command):
utils.print_good('Cleaning for {0}:{1}'.format(
command.get('banner'), command.get('post_run')))
raw_html = utils.just_read(command.get('output_path'))
if not raw_html:
utils.print_bad('Output not found: {0}'.format(
command.get('output_path')))
return False
local_path = utils.replace_argument(
self.options, '$WORKSPACE/screenshot/')
real_html = raw_html.replace(local_path, '')
utils.just_write(command.get('cleaned_output'), real_html)
def get_domain(self, command):
utils.print_good('Cleaning for {0}:{1}'.format(
command.get('banner'), command.get('post_run')))
output = utils.just_read(command.get('output_path'))
if not output:
utils.print_bad('Output not found: {0}'.format(
command.get('output_path')))
return False
no_scheme = output.replace('https://', '').replace('http://', '')
utils.just_write(command.get('cleaned_output'), no_scheme)
if command.get('cleaned_output'):
utils.check_output(command.get('cleaned_output'))
def clean_massdns(self, command):
utils.print_good('Cleaning for {0}:{1}'.format(command.get('banner'), command.get('post_run')))
output = utils.just_read(command.get('output_path'), get_list=True)
if not output:
utils.print_bad('Output not found: {0}'.format(
command.get('output_path')))
return False
# only get A record
only_A_record = "\n".join([x.split('. A ')[0] for x in output if '. A ' in x])
cleaned_output = utils.just_write(command.get(
'cleaned_output'), only_A_record)
if cleaned_output:
utils.check_output(command.get('cleaned_output'))
def login(options):
url = options.get('remote_api') + "/auth/api/token/"
body = {
"username": options.get('credentials')[0],
"password": options.get('credentials')[1]
}
r = send.send_post(url, body, is_json=True)
if r.json().get('access'):
utils.print_good("Authentication success")
jwt = 'Osmedeus ' + r.json().get('access')
options['JWT'] = jwt
return options
utils.print_bad("Authentication failed")
return False
def get_workspace_info(options):
url = options.get('remote_api') + "/api/workspace/get/"
headers = send.osmedeus_headers
headers['Authorization'] = options.get(
'JWT') if options.get('JWT') else options.get('jwt')
body = {
"workspace": options.get('workspace'),
}
r = send.send_post(url, body, headers=headers, is_json=True)
if r and r.json().get('status') == 200:
return r.json()
utils.print_bad("Workpsace not found")
return False
def show(options):
raw_reports = summary.get_summary(options)
# print(raw_reports)
if not raw_reports:
utils.print_bad("Workspace not found")
return
head = ['Domain', 'IP', 'Technologies', 'Ports']
contents = []
for element in raw_reports:
item = [
element.get('domain'),
element.get('ip_address'),
element.get('technologies'),
element.get('ports'),
]
contents.append(item)
print(tabulate(contents, head, tablefmt="grid"))
def clean_findomain(self, command):
utils.print_good('Cleaning for {0}:{1}'.format(
command.get('banner'), command.get('post_run')))
output = utils.just_read(command.get('output_path'), get_list=True)
if not output:
utils.print_bad('Output not found: {0}'.format(
command.get('output_path')))
return False
result = []
for line in output:
if '>>' in line.strip():
domain = line.strip().strip('>> ').split(' => ')[0]
ip = line.strip().strip('>> ').split(' => ')[0]
result.append(domain)
cleaned_output = utils.just_write(command.get('cleaned_output'),
"\n".join(result))
if cleaned_output:
utils.check_output(command.get('cleaned_output'))
def login(options):
url = options.get('remote_api') + "/auth/api/token/"
body = {
"username": options.get('credentials')[0],
"password": options.get('credentials')[1]
}
r = send.send_post(url, body, is_json=True)
try:
if r.json().get('access'):
utils.print_good("Authentication success")
jwt = 'Osmedeus ' + r.json().get('access')
options['JWT'] = jwt
return options
except:
utils.print_bad("Authentication failed at: " + url)
print('''
[!] This might happened by running Osmedeus with sudo but the install process running with normal user
You should install the whole Osmedeus and running it with root user.
Or whitelist masscan + nmap in sudoers file because it's required sudo permission.
''')
return False
def init_workspace(options):
url = options.get('remote_api') + "/api/workspace/create/"
headers = send.osmedeus_headers
headers['Authorization'] = options.get('JWT')
body = {
"raw_target": options.get('raw_target'),
'mode': options.get('mode'),
'modules': options.get('modules', 'None'),
'speed': options.get('speed'),
'forced': options.get('forced'),
'debug': options.get('debug'),
}
if options.get('workspace', False):
body["workspace"] = options.get('workspace')
r = send.send_post(url, body, headers=headers, is_json=True)
if r:
options['workspace'] = r.json().get('workspace')
# just print some log
if r.json().get('status') == 200:
utils.print_good("New workspace created")
elif r.json().get('status') == 442:
utils.print_info(
"Workspaces already exists. Use '-w <new workspace name>' option if you want to create new one"
)
arguments = get_workspace_info(options)
if arguments:
options = {**options, **arguments}
# just upper all key
final_options = {}
for key in options.keys():
final_options[key.upper()] = options.get(key)
return final_options
utils.print_bad("Fail to create new workspace")
return False
def get_scheme(self, command):
utils.print_good('Preparing for {0}:{1}'.format(
command.get('banner'), command.get('pre_run')))
scheme_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/scheme-$OUTPUT.txt')
csv_data = utils.just_read(command.get('requirement'), get_list=True)
if not csv_data:
utils.print_bad('Requirement not found: {0}'.format(
command.get('requirement')))
return False
result = []
for line in csv_data[1:]:
host = line.split(',')[0]
port = line.split(',')[3]
result.append("http://" + host + ":" + port)
result.append("https://" + host + ":" + port)
utils.just_write(scheme_path, "\n".join(result))
utils.check_output(scheme_path)
