def Scan(self):
info = fg.cyan + "Checking Virtual Host Routing and DNS" + fg.rs
print(info)
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
dnsPorts = np.dns_ports
dn = domainFinder.DomainFinder(self.target)
dn.Scan()
redirect_hostname = dn.redirect_hostname
if not os.path.exists(f"{self.target}-Report/dns"):
os.makedirs(f"{self.target}-Report/dns")
if not os.path.exists(f"{self.target}-Report/aquatone"):
os.makedirs(f"{self.target}-Report/aquatone")
if len(redirect_hostname) and (len(dnsPorts) == 0):
pass
elif len(dnsPorts) == 0:
pass
elif redirect_hostname:
commands = ()
for d in redirect_hostname:
self.hostnames.append(d)
if "www" in d:
pass
else:
commands = commands + (
f"dnsenum --dnsserver {self.target} --enum -f /usr/share/seclists/Discovery/DNS/subdomains-top1mil-5000.txt -r {d} | tee {self.target}-Report/dns/dnsenum-{self.target}-{d}.log",
)
self.processes = commands
def Scan(self):
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
http_ports = np.http_ports
dn = domainFinder.DomainFinder(self.target)
dn.getRedirect()
hostnames = dn.redirect_hostname
cwd = os.getcwd()
reportDir = f"{cwd}/{self.target}-Report"
if len(http_ports) == 0:
pass
else:
a = f"{fg.li_cyan} Enumerating HTTP Ports, Running the following commands: {fg.rs}"
print(a)
if not os.path.exists(f"{self.target}-Report/web"):
os.makedirs(f"{self.target}-Report/web")
if not os.path.exists(f"{self.target}-Report/aquatone"):
os.makedirs(f"{self.target}-Report/aquatone")
commands = ()
if len(hostnames) != 0:
sorted_hostnames = sorted(set(hostnames))
for hostname in sorted_hostnames:
for port in http_ports:
if not os.path.exists(
f"{self.target}-Report/web/eyewitness-{hostname}-{port}"
):
os.makedirs(
f"{self.target}-Report/web/eyewitness-{hostname}-{port}"
)
commands = commands + (
f"whatweb -v -a 3 http://{hostname}:{port} | tee {reportDir}/web/whatweb-{hostname}-{port}.txt",
f"cd /opt/EyeWitness && echo 'http://{hostname}:{port}' > eyefile.txt && ./EyeWitness.py --threads 5 --ocr --no-prompt --active-scan --all-protocols --web -f eyefile.txt -d {reportDir}/web/eyewitness-{hostname}-{port} && cd - &>/dev/null",
f"wafw00f http://{hostname}:{port} | tee {reportDir}/web/wafw00f-{hostname}-{port}.txt",
f"curl -sSik http://{hostname}:{port}/robots.txt -m 10 -o {reportDir}/web/robots-{hostname}-{port}.txt &>/dev/null",
f"python3 /opt/dirsearch/dirsearch.py -u http://{hostname}:{port}/ -t 50 -e php,asp,aspx,txt,html -w wordlists/dicc.txt -x 401,403,500,502 --plain-text-report {reportDir}/web/dirsearch-{hostname}-{port}.log",
f"python3 /opt/dirsearch/dirsearch.py -u http://{hostname}:{port}/ -t 80 -e php,asp,aspx,txt,html -w /usr/share/wordlists/dirb/big.txt -x 401,403,500,502 --plain-text-report {reportDir}/web/dirsearch-big-{hostname}-{port}.log",
f"nikto -ask=no -host http://{hostname}:{port} >{reportDir}/web/niktoscan-{hostname}-{port}.txt 2>&1 &",
)
else:
for port in http_ports:
if not os.path.exists(
f"{self.target}-Report/web/eyewitness-{self.target}-{port}"
):
os.makedirs(
f"{self.target}-Report/web/eyewitness-{self.target}-{port}"
)
commands = commands + (
f"whatweb -v -a 3 http://{self.target}:{port} | tee {reportDir}/web/whatweb-{port}.txt",
f"cd /opt/EyeWitness && echo 'http://{self.target}:{port}' >eyefile.txt && ./EyeWitness.py --threads 5 --ocr --no-prompt --active-scan --all-protocols --web -f eyefile.txt -d {reportDir}/web/eyewitness-{self.target}-{port} && cd - &>/dev/null",
f"wafw00f http://{self.target}:{port} | tee {reportDir}/web/wafw00f-{port}.txt",
f"curl -sSik http://{self.target}:{port}/robots.txt -m 10 -o {reportDir}/web/robots-{port}.txt &>/dev/null",
f"python3 /opt/dirsearch/dirsearch.py -u http://{self.target}:{port}/ -t 50 -e php,asp,aspx,txt,html -w wordlists/dicc.txt -x 401,403,500,502 --plain-text-report {reportDir}/web/dirsearch-{port}.log",
f"python3 /opt/dirsearch/dirsearch.py -u http://{self.target}:{port}/ -t 80 -e php,asp,aspx,txt,html -w /usr/share/wordlists/dirb/big.txt -x 401,403,500,502 --plain-text-report {reportDir}/web/dirsearch-big-{port}.log",
f"nikto -ask=no -host http://{self.target}:{port} >{reportDir}/web/niktoscan-{port}.txt 2>&1 &",
)
self.processes = commands
def Scan(self):
"""Enumerate DNS server if any hostnames are found from lib/domainFinder.py and if
port 53 is open."""
print(fg.cyan + "Checking For Virtual Host Routing and DNS" + fg.rs)
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
dnsPorts = np.dns_ports
dn = domainFinder.DomainFinder(self.target)
dn.Scan()
redirect_hostname = dn.redirect_hostname
fqdn_hostname = dn.fqdn_hostname
c = config_parser.CommandParser(f"{os.getcwd()}/config/config.yaml",
self.target)
commands = []
if len(redirect_hostname) != 0:
for d in redirect_hostname:
self.hostnames.append(d)
if len(fqdn_hostname) != 0:
for d in fqdn_hostname:
self.hostnames.append(d)
if len(self.hostnames) != 0 and (len(dnsPorts) != 0):
if not os.path.exists(c.getPath("dns", "dnsDir")):
os.makedirs(c.getPath("dns", "dnsDir"))
if not os.path.exists(c.getPath("web", "aquatoneDir")):
os.makedirs(c.getPath("web", "aquatoneDir"))
# string_hosts = " ".join(map(str, self.hostnames))
basename = []
for host in self.hostnames:
basename.append(".".join(host.split('.')[-2:]))
unique_hosts = sorted(set(basename))
for host in unique_hosts:
commands.append(c.getCmd("dns", "dnsenum", hosts=host))
# commands.append(c.getCmd("dns", "vhost", hosts=host))
self.processes = tuple(commands)
def ScanWebOption(self):
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
http_ports = np.http_ports
dn = domainFinder.DomainFinder(self.target)
dn.getRedirect()
hostnames = dn.redirect_hostname
# print(hostnames)
cwd = os.getcwd()
reportDir = f"{cwd}/{self.target}-Report"
if len(http_ports) == 0:
pass
else:
a = f"{fg.li_cyan} Enumerating HTTP Ports, Running the following commands: {fg.rs}"
print(a)
if not os.path.exists(f"{self.target}-Report/web"):
os.makedirs(f"{self.target}-Report/web")
if not os.path.exists(f"{self.target}-Report/aquatone"):
os.makedirs(f"{self.target}-Report/aquatone")
if hostnames:
sorted_hostnames = sorted(set(hostnames))
for hostname in sorted_hostnames:
# print("loop", hostname)
for port in http_ports:
if not os.path.exists(
f"{self.target}-Report/web/eyewitness-{hostname}-{port}"
):
os.makedirs(
f"{self.target}-Report/web/eyewitness-{hostname}-{port}"
)
commands = (
f"whatweb -v -a 3 http://{hostname}:{port} | tee {reportDir}/web/whatweb-{hostname}-{port}.txt",
f"cd /opt/EyeWitness && echo 'http://{hostname}:{port}' > eyefile.txt && ./EyeWitness.py --threads 5 --ocr --no-prompt --active-scan --all-protocols --web -f eyefile.txt -d {reportDir}/web/eyewitness-{hostname}-{port} && cd - &>/dev/null",
f"wafw00f http://{hostname}:{port} | tee {reportDir}/web/wafw00f-{hostname}-{port}.txt",
f"curl -sSik http://{hostname}:{port}/robots.txt -m 10 -o {reportDir}/web/robots-{hostname}-{port}.txt &>/dev/null",
f"python3 /opt/dirsearch/dirsearch.py -u http://{hostname}:{port} -t 80 -e php -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x 403,500 --plain-text-report {reportDir}/web/dirsearch-dlistmedium-{hostname}-{port}.log",
f"python3 /opt/dirsearch/dirsearch.py -u http://{hostname}:{port} -t 50 -e php,asp,aspx,html,txt,git,bak,tar,gz,7z,json,zip,rar,bz2,pdf,md,pl,cgi -x 403,500 -w /usr/share/seclists/Discovery/Web-Content/raft-large-files-lowercase.txt --plain-text-report {reportDir}/web/dirsearch-{hostname}-{port}.log",
f"python3 /opt/dirsearch/dirsearch.py -u http://{hostname}:{port} -t 50 -e php,asp,aspx,html,txt -x 403,500 -w /usr/share/seclists/Discovery/Web-Content/raft-large-directories.txt --plain-text-report {reportDir}/web/dirsearch-{hostname}-{port}.log",
f"python3 /opt/dirsearch/dirsearch.py -u http://{hostname}:{port} -t 50 -e php,asp,aspx,txt,html -w wordlists/foreign.txt -x 403,500 --plain-text-report {reportDir}/web/dirsearch-{hostname}-{port}.log",
f"nikto -ask=no -host http://{hostname}:{port} >{reportDir}/web/niktoscan-{hostname}-{port}.txt 2>&1 &",
)
self.processes = commands
# print(self.processes)
else:
for port in http_ports:
if not os.path.exists(
f"{self.target}-Report/web/eyewitness-{self.target}-{port}"
):
os.makedirs(
f"{self.target}-Report/web/eyewitness-{self.target}-{port}"
)
commands = (
f"whatweb -v -a 3 http://{self.target}:{port} | tee {reportDir}/web/whatweb-{port}.txt",
f"cd /opt/EyeWitness && echo 'http://{self.target}:{port}' >eyefile.txt && ./EyeWitness.py --threads 5 --ocr --no-prompt --active-scan --all-protocols --web -f eyefile.txt -d {reportDir}/web/eyewitness-{self.target}-{port} && cd - &>/dev/null",
f"wafw00f http://{self.target}:{port} | tee {reportDir}/web/wafw00f-{port}.txt",
f"curl -sSik http://{self.target}:{port}/robots.txt -m 10 -o {reportDir}/web/robots-{port}.txt &>/dev/null",
f"python3 /opt/dirsearch/dirsearch.py -u http://{self.target}:{port} -t 80 -e php,asp,aspx,html,txt -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x 403,500 --plain-text-report {reportDir}/web/dirsearch-dlistmedium-{port}.log",
f"python3 /opt/dirsearch/dirsearch.py -u http://{self.target}:{port} -t 50 -e php,asp,aspx,html,txt,git,bak,tar,gz,7z,json,zip,rar,bz2,pdf,md,pl,cgi -x 403,500 -w /usr/share/seclists/Discovery/Web-Content/raft-large-files-lowercase.txt --plain-text-report {reportDir}/web/dirsearch-raftfiles-{port}.log",
f"python3 /opt/dirsearch/dirsearch.py -u http://{self.target}:{port} -t 50 -e php,asp,aspx,html,txt -x 403,500 -w /usr/share/seclists/Discovery/Web-Content/raft-large-directories.txt --plain-text-report {reportDir}/web/dirsearch-raftdirs-{port}.log",
f"python3 /opt/dirsearch/dirsearch.py -u http://{self.target}:{port} -t 50 -e php,asp,aspx,html,txt -x 403,500 -w {cwd}/wordlists/foreign.txt --plain-text-report {reportDir}/web/dirsearch-{port}.log",
f"nikto -ask=no -host http://{self.target}:{port} >{reportDir}/web/niktoscan-{port}.txt 2>&1 &",
)
self.processes = commands
def ScanWebOption(self):
"""Enumerate Web Server ports based on nmaps output. This function will run the following tools;
WhatWeb, WafW00f, Dirsearch, EyeWitness, Nikto, and curl robots.txt
This is almost identical to the normal web scan except it uses much larger wordlists
"""
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
http_ports = np.http_ports
dn = domainFinder.DomainFinder(self.target)
dn.getRedirect()
hostnames = dn.redirect_hostname
if len(http_ports) == 0:
pass
else:
reset = fg.rs
print(
f"""{fg.li_cyan}Enumerating HTTP Ports, Running the following commands: {reset}"""
)
c = config_parser.CommandParser(
f"{os.getcwd()}/config/config.yaml", self.target)
commands = []
if not os.path.exists(c.getPath("web", "webDir")):
os.makedirs(c.getPath("web", "webDir"))
if not os.path.exists(c.getPath("web", "aquatoneDir")):
os.makedirs(c.getPath("web", "aquatoneDir"))
if hostnames:
sorted_hostnames = sorted(set(hostnames))
for hostname in sorted_hostnames:
for port in http_ports:
if not os.path.exists(
c.getPath("web",
"eyewitnessDirHost",
host=hostname,
port=port)):
os.makedirs(
c.getPath("web",
"eyewitnessDirHost",
host=hostname,
port=port))
commands.append(
c.getCmd("web",
"whatwebHttpHost",
host=hostname,
port=port))
# commands.append(c.getCmd("web", "eyewitnessHost", host=hostname, port=port))
# commands.append(c.getCmd("web", "wafw00fHost", host=hostname, port=port))
# commands.append(c.getCmd("web", "curlRobotsHost", host=hostname, port=port))
commands.append(
c.getCmd("web",
"dirsearchHttpHostDListMed",
host=hostname,
port=port,
url=self.web))
commands.append(
c.getCmd("web",
"dirsearchHttpHostRaftLargeFiles",
host=hostname,
port=port,
url=self.web))
commands.append(
c.getCmd("web",
"dirsearchHttpHostRaftLargeDirs",
host=hostname,
port=port,
url=self.web))
commands.append(
c.getCmd("web",
"dirsearchHttpHostForeign",
host=hostname,
port=port,
url=self.web))
# commands.append(c.getCmd("web", "niktoHost", host=hostname, port=port))
else:
for port in http_ports:
if not os.path.exists(
c.getPath("web", "eyewitnessDirTarget",
port=port)):
os.makedirs(
c.getPath("web", "eyewitnessDirTarget", port=port))
commands.append(
c.getCmd("web", "whatwebHttpTarget", port=port))
# commands.append(c.getCmd("web", "eyewitnessTarget", port=port))
# commands.append(c.getCmd("web", "wafw00fTarget", port=port))
# commands.append(c.getCmd("web", "curlRobotsTarget", port=port))
commands.append(
c.getCmd("web",
"dirsearchHttpTargetDListMed",
port=port,
url=self.web))
commands.append(
c.getCmd("web",
"dirsearchHttpTargetRaftLargeFiles",
port=port,
url=self.web))
commands.append(
c.getCmd("web",
"dirsearchHttpTargetRaftLargeDirs",
port=port,
url=self.web))
commands.append(
c.getCmd("web",
"dirsearchHttpTargetForeign",
port=port,
url=self.web))
# commands.append(c.getCmd("web", "niktoHost", port=port))
self.processes = tuple(commands)
def Scan(self):
"""Enumerate Web Server ports based on nmaps output. This function will run the following tools;
WhatWeb, WafW00f, Dirsearch, EyeWitness, Nikto, and curl robots.txt"""
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
http_ports = np.http_ports
if len(http_ports) == 0:
pass
else:
# hl = helper_lists.IgnoreHttpPorts()
# _http_ports = [x for x in http_ports if x not in hl.ignore_http_ports]
print(f"""{fg.li_cyan}Enumerating HTTP Ports! {fg.rs}""")
c = config_parser.CommandParser(
f"{os.getcwd()}/config/config.yaml", self.target)
dn = domainFinder.DomainFinder(self.target)
dn.getRedirect()
hostnames = dn.redirect_hostname
if not os.path.exists(c.getPath("web", "webDir")):
os.makedirs(c.getPath("web", "webDir"))
if not os.path.exists(c.getPath("web", "aquatoneDir")):
os.makedirs(c.getPath("web", "aquatoneDir"))
vhc = vhostCrawl.checkSource(self.target)
vhc.getLinks()
htb_source_domains = vhc.htb_source_domains
commands = []
another_array_of_hostnames = []
if len(htb_source_domains) != 0:
for d in htb_source_domains:
another_array_of_hostnames.append(d)
if len(hostnames) != 0:
for d in hostnames:
another_array_of_hostnames.append(d)
if len(another_array_of_hostnames) != 0:
sorted_hostnames = sorted(set(another_array_of_hostnames))
for hostname in sorted_hostnames:
for port in http_ports:
if not os.path.exists(
c.getPath("web",
"eyewitnessDirHost",
host=hostname,
port=port)):
os.makedirs(
c.getPath("web",
"eyewitnessDirHost",
host=hostname,
port=port))
commands.append(
c.getCmd("web",
"whatwebHttpHost",
host=hostname,
port=port))
commands.append(
c.getCmd("web",
"eyewitnessHost",
host=hostname,
port=port))
commands.append(
c.getCmd("web",
"wafw00fHost",
host=hostname,
port=port))
commands.append(
c.getCmd("web",
"curlRobotsHost",
host=hostname,
port=port))
commands.append(
c.getCmd("web",
"dirsearchHttpHostDict",
host=hostname,
port=port))
commands.append(
c.getCmd("web",
"dirsearchHttpHostBig",
host=hostname,
port=port))
commands.append(
c.getCmd("web",
"niktoHost",
host=hostname,
port=port))
else:
for port in http_ports:
if not os.path.exists(
c.getPath("web", "eyewitnessDirTarget",
port=port)):
os.makedirs(
c.getPath("web", "eyewitnessDirTarget", port=port))
commands.append(
c.getCmd("web", "whatwebHttpTarget", port=port))
commands.append(
c.getCmd("web", "eyewitnessTarget", port=port))
commands.append(c.getCmd("web", "wafw00fTarget",
port=port))
commands.append(
c.getCmd("web", "curlRobotsTarget", port=port))
commands.append(
c.getCmd("web", "dirsearchHttpTargetBig", port=port))
commands.append(
c.getCmd("web", "dirsearchHttpTargetDict", port=port))
commands.append(c.getCmd("web", "niktoTarget", port=port))
# sorted_cmds = sorted(set(commands), reverse=True)
# commands_to_run = [i for i in sorted_cmds]
self.processes = tuple(commands)
def CMS(self):
"""If a valid CMS is found from initial Web Enumeration, more specifically, WhatWebs results, Then proceed to
Enumerate the CMS further using Wpscan, Magescan, Nmap, Droopescan, Joomscan, and davtest, hydra, and will
create a brute force bash script using Cewl, which can then be used by WpScan to try and brute force
Users and passwords."""
c = config_parser.CommandParser(f"{os.getcwd()}/config/config.yaml",
self.target)
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
http_ports = np.http_ports
dn = domainFinder.DomainFinder(self.target)
dn.getRedirect()
hostnames = dn.redirect_hostname
another_array_of_hostnames = []
if os.path.exists(c.getPath("web", "vhostnames")):
with open(c.getPath("web", "vhostnames"), "r") as vhfile:
lines = vhfile.readlines()
for vh in lines:
another_array_of_hostnames.append(vh)
if len(hostnames) != 0:
for d in hostnames:
another_array_of_hostnames.append(d)
cms_commands = []
if len(http_ports) == 0:
pass
else:
for http_port in http_ports:
whatweb_files = []
whatweb_hostnames = []
dir_list = [
d for d in glob.iglob(c.getPath("report", "reportGlob"),
recursive=True) if os.path.isdir(d)
]
for d in dir_list:
reportFile_list = [
fname
for fname in glob.iglob(f"""{d}/*""", recursive=True)
if os.path.isfile(fname)
]
for rf in reportFile_list:
if "nmap" not in rf:
if "whatweb" in rf:
if str(http_port) in rf:
whatweb_files.append(rf)
if len(another_array_of_hostnames) != 0:
for host in another_array_of_hostnames:
if host in rf:
whatweb_hostnames.append(host)
if len(whatweb_files) != 0:
for i in whatweb_files:
cms_strings = [
"WordPress",
"Magento",
"tomcat",
"WebDAV",
"Microsoft-IIS 6.0",
"Drupal",
"Joomla",
"Webmin",
]
try:
with open(i, "r") as wwf:
for word in wwf:
fword = (word.replace("[", " ").replace(
"]", " ").replace(",", " "))
for cms in cms_strings:
if cms in fword:
if len(whatweb_hostnames) != 0:
for hn in whatweb_hostnames:
if hn in i:
if "WordPress" in cms:
wpscan_cmd = c.getCmd(
"web",
"wpscanHttpHost",
host=hn,
httpPort=
http_port)
cms_commands.append(
wpscan_cmd)
if "Drupal" in cms:
if not os.path.exists(
c.getPath(
"vuln",
"vulnDir"
)):
os.makedirs(
c.getPath(
"vuln",
"vulnDir"
))
cms_commands.append(
c.getCmd(
"vuln",
"searchsploit",
strang=str(
cms),
name=
"Drupal"))
cms_commands.append(
c.getCmd(
"web",
"droopescanHost",
host=hn,
httpPort=
http_port))
if "Joomla" in cms:
if not os.path.exists(
c.getPath(
"vuln",
"vulnDir"
)):
os.makedirs(
c.getPath(
"vuln",
"vulnDir"
))
cms_commands.append(
c.getCmd(
"vuln",
"searchsploit",
strang=str(
cms),
name=
"Joomla"))
cms_commands.append(
c.getCmd(
"web",
"joomscanHost",
host=hn,
httpPort=
http_port))
cms_commands.append(
c.getCmd(
"web",
"joomlavsHost",
host=hn,
httpPort=
http_port))
if "Magento" in cms:
if not os.path.exists(
c.getPath(
"vuln",
"vulnDir"
)):
os.makedirs(
c.getPath(
"vuln",
"vulnDir"
))
cms_commands.append(
c.getCmd(
"vuln",
"searchsploit",
strang=str(
cms),
name=
"Magento"))
cms_commands.append(
c.getCmd(
"web",
"magescanHost",
host=hn,
httpPort=
http_port))
if "WebDAV" in cms or (
"Microsoft-IIS 6.0"
in cms):
if not os.path.exists(
c.getPath(
"vuln",
"vulnDir"
)):
os.makedirs(
c.getPath(
"vuln",
"vulnDir"
))
cms_commands.append(
c.getCmd(
"vuln",
"searchsploit",
strang=str(
cms),
name=
"WebDAV"))
webdav_cmd = c.getCmd(
"web",
"davtestHost",
host=hn)
webdav_cmd2 = c.getCmd(
"web",
"webDavNmap",
httpPort=
http_port)
cms_commands.append(
webdav_cmd)
cms_commands.append(
webdav_cmd2)
if "tomcat" in cms:
if not os.path.exists(
c.getPath(
"vuln",
"vulnDir"
)):
os.makedirs(
c.getPath(
"vuln",
"vulnDir"
))
cms_commands.append(
c.getCmd(
"vuln",
"searchsploit",
strang=str(
cms),
name=
"tomcat"))
cms_commands.append(
c.getCmd(
"web",
"tomcatHydraHost",
host=hn,
httpPort=
http_port))
if "Webmin" in cms:
if not os.path.exists(
c.getPath(
"vuln",
"vulnDir"
)):
os.makedirs(
c.getPath(
"vuln",
"vulnDir"
))
cms_commands.append(
c.getCmd(
"vuln",
"searchsploit",
strang=str(
cms),
name=
"Webmin"))
else:
if "WordPress" in cms:
wpscan_cmd = c.getCmd(
"web",
"wpscanHttpTarget",
httpPort=http_port)
cms_commands.append(
wpscan_cmd)
manual_brute_force_script = f"""#!/bin/bash
if [[ -n $(grep -i "User(s) Identified" {c.getPath("web","wpscanHttpTarget", httpPort=http_port)}) ]]; then
grep -w -A 100 "User(s)" {c.getPath("web","wpscanHttpTarget", httpPort=http_port)} | grep -w "[+]" | grep -v "WPVulnDB" | cut -d " " -f 2 | head -n -7 >{c.getPath("web", "wordpressUsers")}
{c.getCmd("web", "CewlWeb", httpPort=http_port)}
sleep 10
echo "Adding John Rules to Cewl Wordlist!"
{c.getCmd("web", "cewl2John")}
sleep 3
# brute force again with wpscan
{c.getCmd("web", "wpscanCewlBrute", httpPort=http_port)}
sleep 1
if grep -i "No Valid Passwords Found" {c.getPath("web", "wpscanCewlBrute")}; then
if [[ -s {c.getPath("web", "johnCewlWordlist")} ]]; then
{c.getCmd("web", "wpscanCewlJohnBrute", httpPort=http_port)}
else
echo "John wordlist is empty :("
fi
sleep 1
if grep -i "No Valid Passwords Found" {c.getPath("web", "wordpressJohnCewlBrute")}; then
{c.getCmd("web", "wpscanFastTrackBrute", httpPort=http_port)}
fi
fi
fi
"""
try:
with open(
c.getPath(
"web",
"wpscanBashBruteScript"
), "w") as wpb:
print(
"Creating wordpress Brute Force Script..."
)
wpb.write(
manual_brute_force_script
)
call(
f"""chmod +x {c.getPath("web", "wpscanBashBruteScript")}""",
shell=True)
except FileNotFoundError as fnf_error:
print(fnf_error)
if "Drupal" in cms:
if not os.path.exists(
c.getPath(
"vuln",
"vulnDir")):
os.makedirs(
c.getPath(
"vuln",
"vulnDir"))
cms_commands.append(
c.getCmd(
"vuln",
"searchsploit",
strang=str(cms),
name="Drupal"))
cms_commands.append(
c.getCmd(
"web",
"droopescan",
httpPort=http_port)
)
if "Joomla" in cms:
if not os.path.exists(
c.getPath(
"vuln",
"vulnDir")):
os.makedirs(
c.getPath(
"vuln",
"vulnDir"))
cms_commands.append(
c.getCmd(
"vuln",
"searchsploit",
strang=str(cms),
name="Joomla"))
cms_commands.append(
c.getCmd(
"web",
"joomscan",
httpPort=http_port)
)
cms_commands.append(
c.getCmd(
"web",
"joomlavsTarget",
httpPort=http_port)
)
if "Magento" in cms:
if not os.path.exists(
c.getPath(
"vuln",
"vulnDir")):
os.makedirs(
c.getPath(
"vuln",
"vulnDir"))
cms_commands.append(
c.getCmd(
"vuln",
"searchsploit",
strang=str(cms),
name="Magento"))
cms_commands.append(
c.getCmd(
"web",
"magescan",
httpPort=http_port)
)
if "WebDAV" in cms or (
"Microsoft-IIS 6.0"
in cms):
if not os.path.exists(
c.getPath(
"vuln",
"vulnDir")):
os.makedirs(
c.getPath(
"vuln",
"vulnDir"))
cms_commands.append(
c.getCmd(
"vuln",
"searchsploit",
strang=str(cms),
name="WebDAV"))
webdav_cmd = c.getCmd(
"web", "davtest")
webdav_cmd2 = c.getCmd(
"web",
"webDavNmap",
httpPort=http_port)
cms_commands.append(
webdav_cmd)
cms_commands.append(
webdav_cmd2)
if "tomcat" in cms:
if not os.path.exists(
c.getPath(
"vuln",
"vulnDir")):
os.makedirs(
c.getPath(
"vuln",
"vulnDir"))
cms_commands.append(
c.getCmd(
"vuln",
"searchsploit",
strang=str(cms),
name="tomcat"))
cms_commands.append(
c.getCmd(
"web",
"tomcatHydra",
httpPort=http_port)
)
if "Webmin" in cms:
if not os.path.exists(
c.getPath(
"vuln",
"vulnDir")):
os.makedirs(
c.getPath(
"vuln",
"vulnDir"))
cms_commands.append(
c.getCmd(
"vuln",
"searchsploit",
strang=str(cms),
name="Webmin"))
except FileNotFoundError as fnf_error:
print(fnf_error)
continue
sorted_commands = sorted(set(cms_commands))
commands_to_run = [i for i in sorted_commands]
self.cms_processes = tuple(commands_to_run)