def Site_lookup(self, url):
req_url = url
directories = [
'xmlrpc.php', 'admin', 'Admin', 'robots.txt', 'phpmyadmin',
'robots', 'sitemap.xml', 'Sitemap', 'sitemap'
]
print(
f"{green} [### {url} ###] {reset} "
)
# with ThreadPoolExecutor(max_workers=10) as executor:
# executor.map(self.hit,directories)
for directory in directories:
try:
if self.verbose:
print(
f"trying {req_url}/{directory} ",
end="\r",
flush=True)
r = requester(f"{req_url}/{directory}", time=self.timeout)
if r.status_code in self.hide_code: pass
elif r.status_code < 400:
print(
f"{red}SENSITIVE FILES RESPONSE CODE[{r.status_code}]{reset}----->{yellow} {req_url}/{directory}{reset}"
)
except:
pass
def hit(self, directory):
r = requester(f"{self.url}/{directory}")
if r.status_code < 400:
print(
f"{blue}SENSITIVE FILES RESPONSE CODE[{r.status_code}]{reset}----->{yellow} {self.url}/{directory}{reset}"
)
def Find_redirect(url):
flag = 'bing'
print(f"{yellow}[+] CHECKING FOR OPENREDIRECTION -----> {reset}{url} ",end='\r',flush=True)
r = requester(url)
if r.status_code == 200:
if flag in r.text:
print(f"{red}[-]OPEN REDIRECTION MAY POSSIBLE -->", url)
def get_all_url_waybackmachine(domain, path):
waybackurl = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=text&fl=original&collapse=urlkey' % domain
r = requester.requester(waybackurl, time=10)
urls = r.text
with open(path, 'a') as f:
for url in urls:
f.write(url)
print(f"WAYBACK URLS PRINTED TO ------> {path}")
def dirbrute(self):
try:
with open(self.subdomain_path, 'r') as domains:
for domain in domains:
domain = domain.strip()
r = requester(f"https://{domain}", time=self.timeout)
if r.status_code in self.hide_code: pass
elif r.status_code < 400:
print(f"BRUTEFORCING DIRECTORIES IN {domain}")
Brute(domain, "Bounty", self.wordlist).dir_brute()
except:
pass
def brute(self, name):
try:
req_url = self.url + name
r = requester(req_url, time=10)
print(
f"trying {req_url} ",
end="\r",
flush=True)
if (r.status_code < 400):
self.log.info(f"{req_url} -----> {r.status_code}")
except:
pass
def link_scrapper(url, domain_name, link_tag, attribute, fd):
try:
r = requester.requester(url)
soup = BeautifulSoup(r.content, "html.parser")
for a_tags in soup.findAll(link_tag):
href = a_tags.attrs.get(attribute)
href = urljoin(url, href)
if domain_name not in href or href in internal_urls:
continue
fd.write(href + '\n')
if not href.endswith(tuple(junk_extensions)):
internal_urls.append(href)
except:
pass
def scrap(self, path_scrapped_wordlist):
r = requester(self.url, time=self.timeout)
soup = soupObject(r.text)
#finding the title
title = soup.find('title').text
print(
f"{green}[+]TITLE OF THE WEBSITE{reset} ===> {yellow}{title}{reset}"
)
words_in_page = ''.join(soup.stripped_strings)
#parsing the header for useful info
self.hederParser(r)
black_list = [
'/', '*', '&', '-', '=', '+', '%', '|', '(', ')', '[', ']', '{',
'}', ',', ';', ':'
]
#Scrap the main website to generate wordlist
for b in black_list:
words_in_page = words_in_page.replace(b, " ")
words = list(filter(lambda x: x != "", words_in_page.split()))
with open(path_scrapped_wordlist, 'a') as f:
for word in words:
f.write(word + '\n')
print(
f"{green}[+]SCRAPPED ALL WORDS AND DETAILS FROM THE MAIN WEBPAGE PRINTED {reset}====> {yellow}{path_scrapped_wordlist}{reset}"
)
print(
f"{green}[+]TOTAL GENERATED WORDS FROM THE MAIN WEBPAGE{reset} ===>{yellow} {len(words)}{reset}"
)