def update_ports(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) csv_data = utils.just_read(command.get('output_path'), get_list=True) if not csv_data: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False result = {} for line in csv_data[1:]: host = line.split(',')[0] port = line.split(',')[3] if result.get('host', None): result[host] += "," + str(port).strip(',') else: result[host] = port final_result = [] for host, ports in result.items(): item = "ip_address|{0};;ports|{1}".format(host, ports) final_result.append(item) utils.just_write(command.get('cleaned_output'), "\n".join(final_result))
def get_scheme(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) csv_data = utils.just_read(command.get('requirement'), get_list=True) if not csv_data: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False summaries, result = [], [] for line in csv_data[1:]: # print(line) if ',' not in line or len(line.split(',')) < 3: continue _results = line.split(',') host = _results[0].strip('"') port = _results[2].strip('"') service = _results[4].strip('"') + "/" + _results[5].strip('"') result.append("http://" + host + ":" + port) result.append("https://" + host + ":" + port) sum_line = f"domain|{host};;ip_address|{host};;ports|{port};;technologies|{service}" summaries.append(sum_line) # print(sum_line) scheme_path = utils.replace_argument( self.options, '$WORKSPACE/vulnscan/scheme-$OUTPUT.txt') utils.just_write(scheme_path, "\n".join(result)) # update summaries table formatted_summary = utils.replace_argument( self.options, '$WORKSPACE/vulnscan/formatted-summary-$OUTPUT.txt') utils.just_write(formatted_summary, "\n".join(summaries)) summary.push_with_file(self.options, formatted_summary)
def update_ports(self, command): utils.print_good('Cleaning for {0}:{1}'.format(command.get('banner'), command.get('pre_run'))) csv_data = utils.just_read(command.get('requirement'), get_list=True) if not csv_data: utils.print_bad('Requirement not found: {0}'.format( command.get('requirement'))) return False result = {} for line in csv_data[1:]: host = line.split(',')[0] port = line.split(',')[3] if result.get(host, None): result[host] += "," + str(port).strip(',') else: result[host] = port # store it as format can submit to summaries final_result = [] for host, ports in result.items(): item = "ip_address|{0};;ports|{1}".format(host, ports) final_result.append(item) utils.just_write(command.get('cleaned_output'), "\n".join(final_result)) summary.push_with_file(self.options, command.get('cleaned_output'))
def update_tech(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path'), get_list=True) if not output: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False tech_summaries = [] for line in output: try: jsonl = utils.get_json(line) if jsonl.get('matches'): domain = utils.get_domain(jsonl.get('hostname')) techs = [x.get('app_name') for x in jsonl.get('matches')] item = "domain|{0};;technologies|{1}".format( domain, ",".join(techs)) tech_summaries.append(item) except: pass cleaned_output = utils.just_write(command.get('cleaned_output'), "\n".join(tech_summaries)) if cleaned_output: utils.check_output(command.get('cleaned_output')) # update technologies to db summary.push_with_file(self.options, command.get('cleaned_output'))
def clean_gowitness(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) real_cmd = utils.resolve_command( self.options, { "banner": "gowitness gen report", "cmd": "$GO_PATH/gowitness report generate -n $WORKSPACE/portscan/screenshot/$OUTPUT-raw-gowitness.html --destination $WORKSPACE/portscan/screenshot/raw-gowitness/ --db $WORKSPACE/portscan/screenshot/gowitness.db", "output_path": "$WORKSPACE/portscan/screenshot/$OUTPUT-raw-gowitness.html", }) execute.send_cmd(self.options, real_cmd) raw_html = utils.just_read(real_cmd.get('output_path')) if not raw_html: utils.print_bad('Requirement not found: {0}'.format( real_cmd.get('output_path'))) return False local_path = utils.replace_argument(self.options, '$WORKSPACE/portscan/') real_html = raw_html.replace(local_path, '') utils.just_write(command.get('cleaned_output'), real_html) utils.check_output(command.get('cleaned_output'))
def clean_massdns(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path'), get_list=True) if not output: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False only_A_record, summaries, resolved = [], [], [] for line in output: if '. A ' in line: only_A_record.append(line.split('. A ')[1].strip()) resolved.append(line.split('. A ')[0]) summary = "domain|{0};;ip_address|{1}".format( line.split('. A ')[0], line.split('. A ')[1]) summaries.append(summary) elif '. CNAME ' in line: resolved.append(line.split('. CNAME ')[0]) cleaned_output = utils.just_write(command.get('cleaned_output'), "\n".join(only_A_record)) resolved_path = utils.replace_argument( self.options, '$WORKSPACE/probing/resolved-$OUTPUT.txt') resolved_output = utils.just_write(resolved_path, "\n".join(resolved)) if cleaned_output: utils.check_output(command.get('cleaned_output')) if resolved_output: utils.check_output(resolved_path) self.update_summaries(summaries)
def clean_gobuster(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path')) if not output: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False cleaned_output = utils.just_write(command.get('cleaned_output'), output.replace('Found: ', '')) if cleaned_output: utils.check_output(command.get('cleaned_output'))
def run(self, commands): for command in commands: if command.get('cmd') == 'ignore' or command.get('cmd') == '': continue if self.options['CURRENT_SPEED'] == command.get('speed') or command.get('speed') == 'general': utils.print_good( 'Starting {0}'.format(command.get('banner'))) if utils.check_required(command): # really execute it execute.send_cmd(self.options, command) polling.waiting(self.options, delay=self.delay) utils.random_sleep(fixed=0.5)
def get_domain(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path')) if not output: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False no_scheme = output.replace('https://', '').replace('http://', '') utils.just_write(command.get('cleaned_output'), no_scheme) if command.get('cleaned_output'): utils.check_output(command.get('cleaned_output'))
def clean_gowitness(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) raw_html = utils.just_read(command.get('output_path')) if not raw_html: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False local_path = utils.replace_argument( self.options, '$WORKSPACE/screenshot/') real_html = raw_html.replace(local_path, '') utils.just_write(command.get('cleaned_output'), real_html)
def login(options): url = options.get('remote_api') + "/auth/api/token/" body = { "username": options.get('credentials')[0], "password": options.get('credentials')[1] } r = send.send_post(url, body, is_json=True) if r.json().get('access'): utils.print_good("Authentication success") jwt = 'Osmedeus ' + r.json().get('access') options['JWT'] = jwt return options utils.print_bad("Authentication failed") return False
def clean_massdns(self, command): utils.print_good('Cleaning for {0}:{1}'.format(command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path'), get_list=True) if not output: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False # only get A record only_A_record = "\n".join([x.split('. A ')[0] for x in output if '. A ' in x]) cleaned_output = utils.just_write(command.get( 'cleaned_output'), only_A_record) if cleaned_output: utils.check_output(command.get('cleaned_output'))
def clear_activities(options): ws = utils.get_workspace(options=options) module = options.get('CURRENT_MODULE', False) url = options.get('REMOTE_API') + "/api/activities/clear/" body = { "workspace": ws, "module": module, } headers = send.osmedeus_headers headers['Authorization'] = options.get('JWT') r = send.send_post(url, body, headers=headers, is_json=True) if r and r.json().get('status') == 200: utils.print_good("Clean old activities for {0}:{1}".format(ws, module)) return True return False
def push_with_file(options, final_output, update_type='partial'): utils.print_good("Update Summaries table from: {0}".format(final_output)) ws = utils.get_workspace(options=options) url = options.get('REMOTE_API') + "/api/summaries/set/" headers = send.osmedeus_headers headers['Authorization'] = options.get('JWT') body = { "domains_file": final_output, "domains": [], "workspace": ws, "update_type": update_type } # print(body) r = send.send_post(url, body, headers=headers, is_json=True) # return too soon or 500 status we have something wrong if r and r.json().get('status') == 200: return True return False
def clean_findomain(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path'), get_list=True) if not output: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False result = [] for line in output: if '>>' in line.strip(): domain = line.strip().strip('>> ').split(' => ')[0] ip = line.strip().strip('>> ').split(' => ')[0] result.append(domain) cleaned_output = utils.just_write(command.get('cleaned_output'), "\n".join(result)) if cleaned_output: utils.check_output(command.get('cleaned_output'))
def login(options): url = options.get('remote_api') + "/auth/api/token/" body = { "username": options.get('credentials')[0], "password": options.get('credentials')[1] } r = send.send_post(url, body, is_json=True) try: if r.json().get('access'): utils.print_good("Authentication success") jwt = 'Osmedeus ' + r.json().get('access') options['JWT'] = jwt return options except: utils.print_bad("Authentication failed at: " + url) print(''' [!] This might happened by running Osmedeus with sudo but the install process running with normal user You should install the whole Osmedeus and running it with root user. Or whitelist masscan + nmap in sudoers file because it's required sudo permission. ''') return False
def init_workspace(options): url = options.get('remote_api') + "/api/workspace/create/" headers = send.osmedeus_headers headers['Authorization'] = options.get('JWT') body = { "raw_target": options.get('raw_target'), 'mode': options.get('mode'), 'modules': options.get('modules', 'None'), 'speed': options.get('speed'), 'forced': options.get('forced'), 'debug': options.get('debug'), } if options.get('workspace', False): body["workspace"] = options.get('workspace') r = send.send_post(url, body, headers=headers, is_json=True) if r: options['workspace'] = r.json().get('workspace') # just print some log if r.json().get('status') == 200: utils.print_good("New workspace created") elif r.json().get('status') == 442: utils.print_info( "Workspaces already exists. Use '-w <new workspace name>' option if you want to create new one" ) arguments = get_workspace_info(options) if arguments: options = {**options, **arguments} # just upper all key final_options = {} for key in options.keys(): final_options[key.upper()] = options.get(key) return final_options utils.print_bad("Fail to create new workspace") return False
def routine_handle(options): if options.get('mode') == "report": utils.print_load("Running with report mode") report.handle(options) return utils.print_target(options.get('TARGET')) # move last result to monitor path and add options to compare if options.get('MONITOR'): options['COMPARE_PATH'] = backup.init_backup(options) utils.print_good("Created compare workspaces: {0}".format( options['COMPARE_PATH'])) # really start the routine if options['MODE'] == "general": general.handle(options) elif options['MODE'] == "direct": direct.handle(options) elif options['MODE'] == "direct_list": direct_list.handle(options)
def get_scheme(self, command): utils.print_good('Preparing for {0}:{1}'.format( command.get('banner'), command.get('pre_run'))) scheme_path = utils.replace_argument( self.options, '$WORKSPACE/portscan/scheme-$OUTPUT.txt') csv_data = utils.just_read(command.get('requirement'), get_list=True) if not csv_data: utils.print_bad('Requirement not found: {0}'.format( command.get('requirement'))) return False result = [] for line in csv_data[1:]: host = line.split(',')[0] port = line.split(',')[3] result.append("http://" + host + ":" + port) result.append("https://" + host + ":" + port) utils.just_write(scheme_path, "\n".join(result)) utils.check_output(scheme_path)
def clean_massdns(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path'), get_list=True) if output: only_A_record, resolved, ips = [], [], [] for line in output: if '. A ' in line: ip = line.split('. A ')[1].strip() domain = line.split('. A ')[0] only_A_record.append(domain) ips.append(ip) resolved.append(line.split('. A ')[0]) cleaned_output = utils.just_write(command.get( 'cleaned_output'), "\n".join(ips)) if cleaned_output: utils.check_output(command.get('cleaned_output')) self.join_ip(command)
def unique_result(self): utils.print_good('Unique result') pass