# args
CHAR = "u:s:H:d:m:h:R:a:A:c:p:P:t:n:v=:V=:r=:"
LIST_NAME = [
"url=", "scan=", "headers=", "data=", "method=", "host=", "referer=",
"auth=", "agent=", "cookie=", "proxy=", "proxy-auth=", "timeout=",
"redirect", "verbose", "ragent", "version", "help"
]
# argv
ARGV = argv
# dict args
ARGS = {
'auth': None,
'agent': ragent(),
'proxy': None,
'pauth': None,
'cookie': None,
'timeout': None,
'redirect': True,
'headers': {},
'data': None,
'method': 'GET'
}
# time
TIME = strftime('%d/%m/%Y at %H:%M:%S')
# print version
class wascan(object):
""" WAScan """
usage = usage()
def main(self):
kwargs = ARGS
# verbose default == False
verbose = False
# scan default == 5
scan = "5"
if len(sys.argv) < 2:
# True == exit
self.usage.basic(True)
try:
opts, args = getopt.getopt(ARGV[1:], CHAR, LIST_NAME)
except getopt.GetoptError, e:
# True == exit
self.usage.basic(True)
# wascan banner
self.usage.banner()
# process args
for opt, arg in opts:
if opt in ('-u', '--url'): url = CUrl(arg)
if opt in ('-s', '--scan'): scan = CScan(arg)
if opt in ('-H', '--headers'): kwargs['headers'] = CHeaders(arg)
if opt in ('-d', '--data'): kwargs['data'] = arg
if opt in ('-b', '--brute'): kwargs['brute'] = True
if opt in ('-m', '--method'): kwargs['method'] = arg
if opt in ('-h', '--host'): kwargs['headers'].update({'Host': arg})
if opt in ('-R', '--referer'):
kwargs['headers'].update({'Referer': arg})
if opt in ('-a', '--auth'): kwargs['auth'] = CAuth(arg)
if opt in ('-A', '--agent'): kwargs['agent'] = arg
if opt in ('-C', '--cookie'): kwargs['cookie'] = arg
if opt in ('-r', '--ragent'): kwargs['agent'] = ragent()
if opt in ('-p', '--proxy'): kwargs['proxy'] = arg
if opt in ('-P', '--proxy-auth'): kwargs['pauth'] = CAuth(arg)
if opt in ('-t', '--timeout'): kwargs['timeout'] = arg
if opt in ('-n', '--redirect'): kwargs['redirect'] = False
if opt in ('-v', '--verbose'): verbose = True
if opt in ('-V', '--version'): version = Version()
if opt in ('-hh', '--help'): self.usage.basic(True)
# starting
parse = SplitURL(url)
try:
PTIME(url)
if kwargs['brute']:
BruteParams(kwargs, url, kwargs['data']).run()
if scan == 0:
Fingerprint(kwargs, url).run()
if scan == 1:
Attacks(kwargs, url, kwargs['data'])
if scan == 2:
Audit(kwargs, url, kwargs['data'])
if scan == 3:
Brute(kwargs, url, kwargs['data'])
if scan == 4:
Disclosure(kwargs, url, kwargs['data']).run()
# full scan
if int(scan) == 5:
info('Starting full scan module...')
Fingerprint(kwargs, url).run()
for u in Crawler().run(kwargs, url, kwargs['data']):
if type(u[0]) is tuple:
kwargs['data'] = u[1]
FullScan(kwargs, u[0], kwargs['data'])
else:
FullScan(kwargs, u, kwargs['data'])
Audit(kwargs, parse.netloc, kwargs['data'])
Brute(kwargs, parse.netloc, kwargs['data'])
except WascanUnboundLocalError, e:
pass
# author
AUTHOR = "Momo Outaadi (M4ll0k)"
# description
DESCRIPTION = "Web Application Scanner"
# name + description + version
NVD = (NAME.split('.')[0]).title()+": "+DESCRIPTION+" - "+VERSION
# max threads
MAX = 5
# args
CHAR = "u:s:H:d:m:h:R:a:A:c:p:P:t:n:v=:V=:r=:"
LIST_NAME = ["url=","scan=","headers=","data=","method=","host=","referer=","auth=","agent=",
"cookie=","proxy=","proxy-auth=","timeout=","redirect","verbose","ragent","version","help"
]
# argv
ARGV = argv
# dict args
ARGS = {'auth':None,'agent':ragent(),'proxy':None,'pauth':None,'cookie':None,
'timeout':None,'redirect':True,'headers':{},'data':None,'method':'GET'
}
# time
TIME = strftime('%d/%m/%Y at %H:%M:%S')
# print version
def Version():
print "\n{}".format(NVD)
print "Author: {}\n".format(AUTHOR)
exit()
# print time and url
def PTIME(url):
plus("URL: {}".format(url))
plus("Starting: {}".format(TIME))
null()