Example #1
0
def main():
    """
    Initializes and executes the program
    """

    global args

    kb.files = []
    kb.found = False
    kb.print_lock = threading.Lock()
    kb.value_lock = threading.Lock()

    check_revision()

    print(BANNER)

    args = parse_args()

    if args.update:
        update()
        exit()

    cases = get_cases(args) if not args.list_file else load_list(args.list_file)

    if args.list:
        args.list = args.list.lower()

        _ = ("category", "software", "os")
        if args.list not in _:
            print("[!] Valid values for option '--list' are: %s" % ", ".join(_))
            exit()

        print("[i] Listing available filters for usage with option '--%s':\n" % args.list)

        try:
            for _ in set([_[args.list] for _ in cases]):
                print(_ if re.search(r"\A[A-Za-z0-9]+\Z", _) else '"%s"' % _)
        except KeyError:
            pass
        finally:
            exit()

    if args.ignore_proxy:
        _ = ProxyHandler({})
        opener = build_opener(_)
        install_opener(opener)
    elif args.proxy:
        from thirdparty.socks import socks

        match = re.search(r"(?P<type>[^:]+)://(?P<address>[^:]+):(?P<port>\d+)", args.proxy, re.I)
        if match:
            if match.group("type").upper() == PROXY_TYPE.SOCKS4:
                socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4, match.group("address"), int(match.group("port")), True)
            elif match.group("type").upper() == PROXY_TYPE.SOCKS5:
                socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, match.group("address"), int(match.group("port")), True)
            elif match.group("type").upper() in (PROXY_TYPE.HTTP, PROXY_TYPE.HTTPS):
                _ = ProxyHandler({match.group("type"): args.proxy})
                opener = build_opener(_)
                install_opener(opener)

    if args.random_agent:
        with open(USER_AGENTS_FILE, 'r') as f:
            args.user_agent = random.sample(f.readlines(), 1)[0]

    kb.parsed_target_url = urlsplit(args.url)
    kb.request_params = args.data if args.data else kb.parsed_target_url.query

    if not args.param:
        match = re.match("(?P<param>[^=&]+)={1}(?P<value>[^=&]+)", kb.request_params)
        if match:
            args.param = match.group("param")
        else:
            print("[!] No usable GET/POST parameters found.")
            exit()

    if args.os:
        kb.restrict_os = args.os

    print("[i] Starting scan at: %s\n" % time.strftime("%X"))
    print("[i] Checking original response...")

    request_args = prepare_request(None)
    request_args["url"] = args.url

    if args.data:
        request_args["data"] = args.data

    kb.original_response = get_page(**request_args)

    print("[i] Checking invalid response...")

    request_args = prepare_request(INVALID_FILENAME)
    kb.invalid_response = get_page(**request_args)

    print("[i] Done!")
    print("[i] Searching for files...")

    if args.threads > 1:
        print("[i] Starting %d threads" % args.threads)

    threads = []
    for i in xrange(args.threads):
        thread = threading.Thread(target=try_cases, args=([cases[_] for _ in xrange(i, len(cases), args.threads)],))
        thread.daemon = True
        thread.start()
        threads.append(thread)

    alive = True
    while alive:
        alive = False
        for thread in threads:
            if thread.isAlive():
                alive = True
                time.sleep(0.1)

    if not kb.found:
        print("[i] No files found!")
    elif args.verbose:
        print("\n[i] Files found:")
        for _ in kb.files:
            print("[o] %s" % _)

    print("  \n[i] File search complete.")
    print("\n[i] Finishing scan at: %s\n" % time.strftime("%X"))
Example #2
0
        if not _:
            errMsg = "Proxy authentication credentials "
            errMsg += "value must be in format username:password"
            raise PocsuiteSyntaxException(errMsg)
        else:
            username = _.group(1)
            password = _.group(2)

    if scheme == PROXY_TYPE.SOCKS4:
        proxyMode = socks.PROXY_TYPE_SOCKS4
    elif scheme == PROXY_TYPE.SOCKS5:
        proxyMode = socks.PROXY_TYPE_SOCKS5
    else:
        proxyMode = socks.PROXY_TYPE_HTTP

    socks.setdefaultproxy(proxyMode, hostname, port, username=username, password=password)
    socket.socket = socks.socksocket


def _setHTTPTimeout():
    """
    Set the HTTP timeout
    """

    if conf.timeout:
        infoMsg = "setting the HTTP timeout"
        logger.log(CUSTOM_LOGGING.SYSINFO, infoMsg)

        conf.timeout = float(conf.timeout)

        if conf.timeout < 3.0:
Example #3
0
def main():
    """
    Initializes and executes the program
    """

    global args

    kb.files = []
    kb.found = False
    kb.print_lock = threading.Lock()
    kb.value_lock = threading.Lock()
    kb.versioned_locations = {}

    check_revision()

    print(BANNER)

    args = parse_args()

    if args.update:
        update()
        exit()

    with open("versions.ini") as f:
        section = None
        for line in f.xreadlines():
            line = line.strip()
            if re.match(r"\[.+\]", line):
                section = line.strip("[]")
            elif line:
                if section not in kb.versioned_locations:
                    kb.versioned_locations[section] = []
                kb.versioned_locations[section].append(line)

    cases = get_cases(args) if not args.list_file else load_list(
        args.list_file)

    if not cases:
        print("[!] No available test cases with the specified attributes.\n"
              "[!] Please verify available options with --list.")
        exit()

    if args.list:
        args.list = args.list.lower()

        _ = ("category", "software", "os")
        if args.list not in _:
            print("[!] Valid values for option '--list' are: %s" %
                  ", ".join(_))
            exit()

        print("[i] Listing available filters for usage with option '--%s':\n" %
              args.list)

        try:
            for _ in set([_[args.list] for _ in cases]):
                print(_ if re.search(r"\A[A-Za-z0-9]+\Z", _) else '"%s"' % _)
        except KeyError:
            pass
        finally:
            exit()

    if args.ignore_proxy:
        _ = ProxyHandler({})
        opener = build_opener(_)
        install_opener(opener)
    elif args.proxy:
        match = re.search(
            r"(?P<type>[^:]+)://(?P<address>[^:]+):(?P<port>\d+)", args.proxy,
            re.I)
        if match:
            if match.group("type").upper() in (PROXY_TYPE.HTTP,
                                               PROXY_TYPE.HTTPS):
                _ = ProxyHandler({match.group("type"): args.proxy})
                opener = build_opener(_)
                install_opener(opener)
            else:
                from thirdparty.socks import socks
                if match.group("type").upper() == PROXY_TYPE.SOCKS4:
                    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4,
                                          match.group("address"),
                                          int(match.group("port")), True)
                elif match.group("type").upper() == PROXY_TYPE.SOCKS5:
                    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5,
                                          match.group("address"),
                                          int(match.group("port")), True)
        else:
            print(
                "[!] Wrong proxy format (proper example: \"http://127.0.0.1:8080\")."
            )
            exit()

    if args.random_agent:
        with open(USER_AGENTS_FILE, 'r') as f:
            args.user_agent = random.sample(f.readlines(), 1)[0]

    kb.parsed_target_url = urlsplit(args.url)
    kb.request_params = args.data if args.data else kb.parsed_target_url.query

    if not args.param:
        match = re.match("(?P<param>[^=&]+)=(?P<value>[^=&]+)",
                         kb.request_params)
        if match:
            args.param = match.group("param")
        else:
            found = False

            for match in re.finditer("(?P<param>[^=&]+)=(?P<value>[^=&]*)",
                                     kb.request_params):
                found = True
                print("[x] Parameter with empty value found ('%s')." %
                      match.group("param"))

            if found:
                print(
                    "[!] Please always use non-empty (valid) parameter values."
                )

            print("[!] No usable GET/POST parameters found.")
            exit()

    if args.os:
        kb.restrict_os = args.os

    print("[i] Starting scan at: %s\n" % time.strftime("%X"))
    print("[i] Checking original response...")

    request_args = prepare_request(None)
    request_args["url"] = args.url

    if args.data:
        request_args["data"] = args.data

    kb.original_response = get_page(**request_args)

    if not kb.original_response:
        print("[!] Something seems to be wrong with connection settings.")
        if not args.verbose:
            print("[i] Please rerun with switch '-v'.")
        exit()

    print("[i] Checking invalid response...")

    request_args = prepare_request(
        "%s%s%s" % (args.prefix, INVALID_FILENAME, args.postfix))
    kb.invalid_response = get_page(**request_args)

    print("[i] Done!")
    print("[i] Searching for files...")

    if args.threads > 1:
        print("[i] Starting %d threads." % args.threads)

    threads = []
    for i in xrange(args.threads):
        thread = threading.Thread(
            target=try_cases,
            args=([cases[_] for _ in xrange(i, len(cases), args.threads)], ))
        thread.daemon = True
        thread.start()
        threads.append(thread)

    alive = True
    while alive:
        alive = False
        for thread in threads:
            if thread.isAlive():
                alive = True
                time.sleep(0.1)

    if not kb.found:
        print("[i] No files found!")
    elif args.verbose:
        print("\n[i] Files found:")
        for _ in kb.files:
            print("[o] %s" % _)

    print("  \n[i] File search complete.")
    print("\n[i] Finishing scan at: %s\n" % time.strftime("%X"))
Example #4
0
def main():
    """
    Initializes and executes the program
    """

    use_revision()

    print(BANNER)

    args = parse_args()
    found = False
    kb = {}
    files = []

    if args.update:
        update()
        exit()

    cases = get_cases(args)

    if args.list:
        print("[i] Listing available filters for usage with option '--%s':\n" %
              args.list)

        for _ in set([_[args.list] for _ in cases]):
            print(_ if re.search(r"\A[A-Za-z0-9]+\Z", _) else '"%s"' % _)

        exit()

    if args.ignore_proxy:
        _ = ProxyHandler({})
        opener = build_opener(_)
        install_opener(opener)
    elif args.proxy:
        from thirdparty.socks import socks

        match = re.search(
            r"(?P<type>[^:]+)://(?P<address>[^:]+):(?P<port>\d+)", args.proxy,
            re.I)
        if match:
            if match.group("type").lower() == "socks4":
                socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4,
                                      match.group("address"),
                                      int(match.group("port")), True)
            elif match.group("type").lower() == "socks5":
                socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5,
                                      match.group("address"),
                                      int(match.group("port")), True)
            elif match.group("type").lower() in ("http", "https"):
                _ = ProxyHandler({match.group("type"): args.proxy})
                opener = build_opener(_)
                install_opener(opener)

    if args.random_agent:
        with open(USER_AGENTS_FILE, 'r') as f:
            args.user_agent = random.sample(f.readlines(), 1)[0]

    parsed_url = urlsplit(args.url)
    request_params = args.data if args.data else parsed_url.query

    if not args.param:
        match = re.match("(?P<param>[^=&]+)={1}(?P<value>[^=&]+)",
                         request_params)
        if match:
            args.param = match.group(1)
        else:
            print("[!] no usable GET/POST parameters found")
            exit()

    print("[i] Starting scan at: %s\n" % time.strftime("%X"))

    def prepare_request(payload):
        """
        Prepares HTTP (GET or POST) request with proper payload
        """

        _ = re.sub(r"(?P<param>%s)={1}(?P<value>[^=&]+)" % args.param,
                   r"\1=%s" % payload, request_params)

        request_args = {
            "url":
            "%s://%s%s" %
            (parsed_url.scheme or "http", parsed_url.netloc, parsed_url.path)
        }

        if args.data:
            request_args["data"] = _
        else:
            request_args["url"] += "?%s" % _

        if args.header:
            request_args["header"] = args.header

        if args.cookie:
            request_args["cookie"] = args.cookie

        if args.user_agent:
            request_args["user_agent"] = args.user_agent

        request_args["verbose"] = args.verbose

        return request_args

    def clean_response(response, filepath):
        """
        Cleans response from occurrences of filepath
        """

        response = response.replace(filepath, "")
        regex = re.sub(r"[^A-Za-z0-9]", "(.|&\w+;|%[0-9A-Fa-f]{2})", filepath)

        return re.sub(regex, "", response, re.I)

    print("[i] Checking original response...")

    request_args = prepare_request(None)
    request_args["url"] = args.url

    if args.data:
        request_args["data"] = args.data

    original_response = get_page(**request_args)

    print("[i] Checking invalid response...")

    request_args = prepare_request(INVALID_FILENAME)
    invalid_response = get_page(**request_args)

    print("[i] Done!")
    print("[i] Searching for files...")

    def request_file(case, replace_slashes=True):
Example #5
0
            errMsg += "value must be in format username:password"
            raise PocsuiteSyntaxException(errMsg)
        else:
            username = _.group(1)
            password = _.group(2)

    if scheme == PROXY_TYPE.SOCKS4:
        proxyMode = socks.PROXY_TYPE_SOCKS4
    elif scheme == PROXY_TYPE.SOCKS5:
        proxyMode = socks.PROXY_TYPE_SOCKS5
    else:
        proxyMode = socks.PROXY_TYPE_HTTP

    socks.setdefaultproxy(proxyMode,
                          hostname,
                          port,
                          username=username,
                          password=password)
    socket.socket = socks.socksocket


def _setHTTPTimeout():
    """
    Set the HTTP timeout
    """

    if conf.timeout:
        infoMsg = "setting the HTTP timeout"
        logger.log(CUSTOM_LOGGING.SYSINFO, infoMsg)

        conf.timeout = float(conf.timeout)
Example #6
0
def main():
    """
    Initializes and executes the program
    """

    use_revision()

    print(BANNER)

    args = parse_args()
    found = False
    kb = {}
    files = []

    if args.update:
        update()
        exit()

    cases = get_cases(args)

    if args.list:
        print("[i] Listing available filters for usage with option '--%s':\n" % args.list)

        for _ in set([_[args.list] for _ in cases]):
            print(_ if re.search(r"\A[A-Za-z0-9]+\Z", _) else '"%s"' % _)

        exit()

    if args.ignore_proxy:
        _ = ProxyHandler({})
        opener = build_opener(_)
        install_opener(opener)
    elif args.proxy:
        from thirdparty.socks import socks

        match = re.search(r"(?P<type>[^:]+)://(?P<address>[^:]+):(?P<port>\d+)", args.proxy, re.I)
        if match:
            if match.group("type").lower() == "socks4":
                socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4, match.group("address"), int(match.group("port")), True)
            elif match.group("type").lower() == "socks5":
                socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, match.group("address"), int(match.group("port")), True)
            elif match.group("type").lower() in ("http", "https"):
                _ = ProxyHandler({match.group("type"): args.proxy})
                opener = build_opener(_)
                install_opener(opener)

    if args.random_agent:
        with open(USER_AGENTS_FILE, 'r') as f:
            args.user_agent = random.sample(f.readlines(), 1)[0]

    parsed_url = urlsplit(args.url)
    request_params = args.data if args.data else parsed_url.query

    if not args.param:
        match = re.match("(?P<param>[^=&]+)={1}(?P<value>[^=&]+)", request_params)
        if match:
            args.param = match.group(1)
        else:
            print("[!] no usable GET/POST parameters found")
            exit()

    print("[i] Starting scan at: %s\n" % time.strftime("%X"))

    def prepare_request(payload):
        """
        Prepares HTTP (GET or POST) request with proper payload
        """

        _ = re.sub(r"(?P<param>%s)={1}(?P<value>[^=&]+)" % args.param,
                                r"\1=%s" % payload, request_params)

        request_args = {"url": "%s://%s%s" % (parsed_url.scheme or "http", parsed_url.netloc, parsed_url.path)}

        if args.data:
            request_args["data"] = _
        else:
            request_args["url"] += "?%s" % _

        if args.header:
            request_args["header"] = args.header

        if args.cookie:
            request_args["cookie"] = args.cookie

        if args.user_agent:
            request_args["user_agent"] = args.user_agent

        request_args["verbose"] = args.verbose

        return request_args

    def clean_response(response, filepath):
        """
        Cleans response from occurrences of filepath
        """

        response = response.replace(filepath, "")
        regex = re.sub(r"[^A-Za-z0-9]", "(.|&\w+;|%[0-9A-Fa-f]{2})", filepath)

        return re.sub(regex, "", response, re.I)

    print("[i] Checking original response...")

    request_args = prepare_request(None)
    request_args["url"] = args.url

    if args.data:
        request_args["data"] = args.data

    original_response = get_page(**request_args)

    print("[i] Checking invalid response...")

    request_args = prepare_request(INVALID_FILENAME)
    invalid_response = get_page(**request_args)

    print("[i] Done!")
    print("[i] Searching for files...")

    def request_file(case, replace_slashes=True):
        """
        Request file from URL
        """
        if args.replace_slash and replace_slashes:
            case["location"] = case["location"].replace("/", args.replace_slash.replace("\\", "\\\\"))

        if kb.get("restrict_os") and kb.get("restrict_os") != case["os"]:
            if args.verbose:
                print("[*] Skipping '%s'" % case["location"])

            return None

        if args.prefix and args.prefix[len(args.prefix) - 1] == "/":
            args.prefix = args.prefix[:-1]

        if args.verbose:
            print("[*] Trying '%s'" % case["location"])

        request_args = prepare_request("%s%s%s" % (args.prefix, case["location"], args.postfix))
        html = get_page(**request_args)

        if not html or args.bad_string and html.find(args.bad_string) != -1:
            return None

        matcher = difflib.SequenceMatcher(None, clean_response(html, case["location"]), clean_response(invalid_response, INVALID_FILENAME))
        if matcher.quick_ratio() < HEURISTIC_RATIO:
            if not found:
                print("[i] Possible file(s) found!")
                print("[i] OS: %s" % case["os"])

                if kb.get("restrict_os") is None:
                    answer = ask_question("Do you want to restrict further scans to '%s'? [Y/n]" % case["os"], default='Y', automatic=args.automatic)
                    kb["restrict_os"] = answer.upper() != 'N' and case["os"]

            _ = "'%s' (%s/%s/%s)" % (case["location"], case["os"], case["category"], case["type"])
            _ = _.replace("%s/%s/" % (case["os"], case["os"]), "%s/" % case["os"])

            print("[+] Found %s" % _)

            if args.verbose:
                files.append(_)

            # If --write-file is set
            if args.write_files:
                _ = os.path.join("output", parsed_url.netloc)

                if not os.path.exists(_):
                    os.makedirs(_)

                with open(os.path.join(_, "%s.txt" % case["location"].replace(args.replace_slash if args.replace_slash else "/", "_")), "w") as f:
                    content = html

                    if kb.get("filter_output") is None:
                        answer = ask_question("Do you want to filter retrieved files from original HTML page content? [Y/n]", default='Y', automatic=args.automatic)
                        kb["filter_output"] = answer.upper() != 'N'

                    if kb.get("filter_output"):
                        matcher = difflib.SequenceMatcher(None, html, original_response)
                        matching_blocks = matcher.get_matching_blocks()

                        if matching_blocks:
                            start = matching_blocks[0]
                            if start[0] == start[1] == 0 and start[2] > 0:
                                content = content[start[2]:]
                            if len(matching_blocks) > 2:
                                end = matching_blocks[-2]
                                if end[2] > 0 and end[0] + end[2] == len(html) and end[1] + end[2] == len(original_response):
                                    content = content[:-end[2]]

                    f.write(content)

            return html

        return None

    # Test file locations in XML file
    for case in cases:
        html = request_file(case)

        if html is None:
            continue
        if not found:
            found = True

        # If --skip-file-parsing is not set.
        if case["location"] in ("/etc/passwd", "/etc/security/passwd") and not args.skip_parsing:
            users = re.findall("(?P<username>[^:\n]+):(?P<password>[^:]*):(?P<uid>\d+):(?P<gid>\d*):(?P<info>[^:]*):(?P<home>[^:]+):[/a-z]*", html)

            if args.verbose:
                print("[*] Extracting home folders from '%s'" % case["location"])

            for user in users:
                if args.verbose:
                    print("[*] User: %s, Info: %s" % (user[0], user[4]))
                for _ in (".bash_config", ".bash_history", ".bash_logout", ".ksh_history", ".Xauthority"):
                    if user[5] == "/":
                        continue
                    request_file({"category": "*NIX Password File", "type": "conf", "os": case["os"], "location": "%s/%s" % (user[5], _), "software": "*NIX"})

        if "mysql-bin.index" in case["location"] and not args.skip_parsing:
            binlogs = re.findall("\\.\\\\(?P<binlog>mysql-bin\\.\\d{0,6})", html)
            location = case["location"].rfind("/") + 1

            if args.verbose:
                print("[i] Extracting MySQL binary logs from '%s'" % case["location"])

            for _ in binlogs:
                request_file({"category": "Databases", "type": "log", "os": case["os"], "location": "%s%s" % (case["location"][:location], _), "software": "MySQL"}, False)

    if not found:
        print("[i] No files found!")
    elif args.verbose:
        print("\n[i] Files found:")
        for _ in files:
            print("[o] %s" % _)

    print("\n[i] File search complete.")
    print("\n[i] Finishing scan at: %s\n" % time.strftime("%X"))
Example #7
0
def main():
    """
    Initializes and executes the program.
    """

    login_sucessful = []
    login_failed = []
    login_skipped = []

    version = check_revision(VERSION)

    print("%s\n\n%s %s (%s)\n" % (
        BANNER % tuple([color(_) for _ in BANNER_PASSWORDS]),
        NAME, version, URL))

    args = parse_args()

    if args.update:
        update()
        exit()

    if args.list:
        sites = list_sites()
        for _ in sites:
            print("- %s" % _)
        exit()

    if not args.password and not args.load_file:
        args.password = getpass("%s Please enter password:"******"(?P<type>[^:]+)://(?P<address>[^:]+)"
                          r":(?P<port>\d+)", args.proxy, re.I)
        if match:
            if match.group("type").upper() in ("HTTP", "HTTPS"):
                proxy_host = "%s:%s" % (match.group("address"),
                                        match.group("port"))
                proxy_handler = ProxyHandler({"http": proxy_host,
                                              "https": proxy_host})
            else:
                from thirdparty.socks import socks
                if match.group("type").upper() == "SOCKS4":
                    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4,
                                          match.group("address"),
                                          int(match.group("port")), True)
                elif match.group("type").upper() == "SOCKS5":
                    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5,
                                          match.group("address"),
                                          int(match.group("port")), True)
                proxy_handler = None
        else:
            proxy_handler = ProxyHandler()
    else:
        proxy_handler = None

    opener = build_opener(HTTPHandler(), HTTPSHandler(),
                          HTTPCookieProcessor(cookie_handler))
    if proxy_handler:
        opener.add_handler(proxy_handler)

    install_opener(opener)

    with open(USER_AGENTS_FILE, 'r') as ua_file:
        args.user_agent = sample(ua_file.readlines(), 1)[0].strip()

    credentials = {"username": args.username, "email": args.email,
                   "password": quote(args.password)}
    sites = list_sites()

    if args.only:
        sites = [site for site in sites if site in args.only]
    elif args.exclude:
        sites = [site for site in sites if site not in args.exclude]

    print("%s Loaded %d %s to test." %
          (INFO, len(sites), "site" if len(sites) == 1 else "sites"))

    if args.load_file:
        if not isfile(args.load_file):
            print("%s could not find the file \"%s\"" %
                  (WARN, color(args.load_file)))
            exit()

        _ = sum(1 for line in open(args.load_file, "r"))
        if _ < 1:
            print("%s the file \"%s\" doesn't contain any valid credentials." %
                  (WARN, color(args.load_file)))
            exit()

        print("%s Loaded %d credential%s from \"%s\".\n" %
              (INFO, _, "s" if _ != 1 else "", color(args.load_file)))

    print("%s Starting tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))

    if not exists(OUTPUT_DIR):
        makedirs(OUTPUT_DIR)

    log = logger("%s/credmap" % OUTPUT_DIR)
    log.open()

    for site in sites:
        _ = populate_site(site, args)
        if not _:
            continue
        target = Website(_, {"verbose": args.verbose})

        if not target.user_agent:
            target.user_agent = args.user_agent

        def login():
            """
            Verify credentials for login and check if login was successful.
            """
            if(target.username_or_email == "email" and not
               credentials["email"] or
               target.username_or_email == "username" and not
               credentials["username"]):
                if args.verbose:
                    print("%s Skipping %s\"%s\" since "
                          "no \"%s\" was specified.\n" %
                          (INFO, "[%s:%s] on " %
                           (credentials["username"] or
                            credentials["email"], credentials["password"]) if
                           args.load_file else "", color(target.name),
                           color(target.username_or_email, BW)))
                    login_skipped.append(target.name)
                return

            print("%s Testing %s\"%s\"..." %
                  (TEST, "[%s:%s] on " % (credentials["username"] or
                                          credentials["email"],
                                          credentials["password"]) if
                   args.load_file else "", color(target.name, BW)))

            cookie_handler.clear()

            if target.perform_login(credentials, cookie_handler):
                log.write(">>> %s - %s:%s\n" %
                          (target.name, credentials["username"] or
                           credentials["email"], credentials["password"]))
                login_sucessful.append("%s%s" %
                                       (target.name, " [%s:%s]" %
                                        (credentials["username"] or
                                         credentials["email"],
                                         credentials["password"]) if
                                        args.load_file else ""))
            else:
                login_failed.append(target.name)

        if args.load_file:
            with open(args.load_file, "r") as load_list:
                for user in load_list:
                    user = user.rstrip().split(":", 1)
                    if not user[0]:
                        continue

                    match = re.match(r"^[A-Za-z0-9._%+-]+@(?:[A-Z"
                                     r"a-z0-9-]+\.)+[A-Za-z]{2,12}$", user[0])
                    credentials = {"email": user[0] if match else None,
                                   "username": None if match else user[0],
                                   "password": user[1]}

                    login()
        else:
            login()

    log.close()

    if not args.verbose:
        print()

    if len(login_sucessful) > 0 or len(login_failed) > 0:
        _ = "%s/%s" % (color(len(login_sucessful), BW),
                       color(len(login_sucessful) + len(login_failed), BW))
        sign = PLUS if len(login_sucessful) > (len(login_failed) +
                                               len(login_skipped)) else INFO
        print("%s Succesfully logged in%s." %
              (sign, " with %s credentials on the list." % _ if args.load_file
               else "to %s websites." % _),)
        print("%s An overall success rate of %s.\n" %
              (sign, color("%%%s" % (100 * len(login_sucessful) /
                                     (len(login_sucessful) +
                                      len(login_failed))), BW)))

    if len(login_sucessful) > 0:
        print("%s The provided credentials worked on the following website%s: "
              "%s\n" % (PLUS, "s" if len(login_sucessful) != 1 else "",
                        ", ".join(login_sucessful)))

    print("%s Finished tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))
Example #8
0
def main():
    """
    Initializes and executes the program.
    """

    login_sucessful = []
    login_failed = []
    login_skipped = []

    version = check_revision(VERSION)

    print("%s\n\n%s %s (%s)\n" %
          (BANNER % tuple([color(_)
                           for _ in BANNER_PASSWORDS]), NAME, version, URL))

    args = parse_args()

    if args.update:
        update()
        exit()

    sites = list_sites()

    if args.list:
        for _ in sites:
            print("- %s" % _)
        exit()

    if not args.password and not args.load_file:
        args.password = getpass("%s Please enter password:"******"(?P<type>[^:]+)://(?P<address>[^:]+)"
            r":(?P<port>\d+)", args.proxy, re.I)
        if match:
            if match.group("type").upper() in ("HTTP", "HTTPS"):
                proxy_host = "%s:%s" % (match.group("address"),
                                        match.group("port"))
                proxy_handler = ProxyHandler({
                    "http": proxy_host,
                    "https": proxy_host
                })
            else:
                from thirdparty.socks import socks
                if match.group("type").upper() == "SOCKS4":
                    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4,
                                          match.group("address"),
                                          int(match.group("port")), True)
                elif match.group("type").upper() == "SOCKS5":
                    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5,
                                          match.group("address"),
                                          int(match.group("port")), True)
                proxy_handler = None
        else:
            proxy_handler = ProxyHandler()
    else:
        proxy_handler = None

    opener = build_opener(HTTPHandler(), HTTPSHandler(),
                          HTTPCookieProcessor(cookie_handler))
    if proxy_handler:
        opener.add_handler(proxy_handler)

    install_opener(opener)

    with open(USER_AGENTS_FILE, 'r') as ua_file:
        args.user_agent = sample(ua_file.readlines(), 1)[0].strip()

    if args.only:
        sites = [site for site in sites if site in args.only]
    elif args.exclude:
        sites = [site for site in sites if site not in args.exclude]

    print("%s Loaded %d %s to test." %
          (INFO, len(sites), "site" if len(sites) == 1 else "sites"))

    if args.load_file:
        if not isfile(args.load_file):
            print("%s could not find the file \"%s\"" %
                  (WARN, color(args.load_file)))
            exit()

        _ = sum(1 for line in open(args.load_file, "r"))
        if _ < 1:
            print("%s the file \"%s\" doesn't contain any valid credentials." %
                  (WARN, color(args.load_file)))
            exit()

        print("%s Loaded %d credential%s from \"%s\".\n" %
              (INFO, _, "s" if _ != 1 else "", color(args.load_file)))

    print("%s Starting tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))

    if not exists(OUTPUT_DIR):
        makedirs(OUTPUT_DIR)

    log = Logger("%s/credmap" % OUTPUT_DIR)
    log.open()

    def get_targets():
        """
        Retrieve and yield list of sites (targets) for testing.
        """
        for site in sites:
            _ = populate_site(site, args)
            if not _:
                continue
            target = Website(_, {"verbose": args.verbose})

            if not target.user_agent:
                target.user_agent = args.user_agent

            yield target

    def login():
        """
        Verify credentials for login and check if login was successful.
        """
        if (target.username_or_email == "email" and not credentials["email"]
                or target.username_or_email == "username"
                and not credentials["username"]):
            if args.verbose:
                print(
                    "%s Skipping %s\"%s\" since "
                    "no \"%s\" was specified.\n" %
                    (INFO, "[%s:%s] on " %
                     (credentials["username"] or credentials["email"],
                      credentials["password"]) if args.load_file else "",
                     color(target.name), color(target.username_or_email, BW)))
                login_skipped.append(target.name)
            return

        print("%s Testing %s\"%s\"..." %
              (TEST, "[%s:%s] on " %
               (credentials["username"] or credentials["email"],
                credentials["password"]) if args.load_file else "",
               color(target.name, BW)))

        cookie_handler.clear()

        if target.perform_login(credentials, cookie_handler):
            log.write(">>> %s - %s:%s\n" %
                      (target.name, credentials["username"]
                       or credentials["email"], credentials["password"]))
            login_sucessful.append(
                "%s%s" % (target.name, " [%s:%s]" %
                          (credentials["username"] or credentials["email"],
                           credentials["password"]) if args.load_file else ""))
        else:
            login_failed.append(target.name)

    if args.load_file:
        if args.cred_format:
            separators = [
                re.escape(args.cred_format[1]),
                re.escape(args.cred_format[3])
                if len(args.cred_format) > 3 else "\n"
            ]
            cred_format = re.match(r"(u|e|p)[^upe](u|e|p)(?:[^upe](u|e|p))?",
                                   args.cred_format)
            if not cred_format:
                print("%s Could not parse --format: \"%s\"" %
                      (ERROR, color(args.cred_format, BW)))
                exit()

            cred_format = [
                v.replace("e", "email").replace("u", "username").replace(
                    "p", "password") for v in cred_format.groups()
                if v is not None
            ]

        with open(args.load_file, "r") as load_list:
            for user in load_list:
                if args.cred_format:
                    match = re.match(
                        r"([^{0}]+){0}([^{1}]+)(?:{1}([^\n]+))?".format(
                            separators[0], separators[1]), user)
                    credentials = dict(zip(cred_format, match.groups()))
                    credentials["password"] = quote(credentials["password"])
                    if ("email" in credentials and not re.match(
                            r"^[A-Za-z0-9._%+-]+@(?:[A-Z"
                            r"a-z0-9-]+\.)+[A-Za-z]{2,12}$",
                            credentials["email"])):
                        print("%s Specified e-mail \"%s\" does not appear "
                              "to be correct. Skipping...\n" %
                              (WARN, color(credentials["email"], BW)))
                        continue

                    if "email" not in credentials:
                        credentials["email"] = None
                    elif "username" not in credentials:
                        credentials["username"] = None
                else:
                    user = user.rstrip().split(":", 1)
                    if not user[0]:
                        if args.verbose:
                            print("%s Could not parse credentials: \"%s\"\n" %
                                  (WARN, color(user, BW)))
                        continue

                    match = re.match(
                        r"^[A-Za-z0-9._%+-]+@(?:[A-Z"
                        r"a-z0-9-]+\.)+[A-Za-z]{2,12}$", user[0])
                    credentials = {
                        "email": user[0] if match else None,
                        "username": None if match else user[0],
                        "password": quote(user[1])
                    }

                for target in get_targets():
                    login()
    else:
        credentials = {
            "username": args.username,
            "email": args.email,
            "password": quote(args.password)
        }
        for target in get_targets():
            login()

    log.close()

    if not args.verbose:
        print()

    if len(login_sucessful) > 0 or len(login_failed) > 0:
        _ = "%s/%s" % (color(len(login_sucessful), BW),
                       color(len(login_sucessful) + len(login_failed), BW))
        sign = PLUS if len(login_sucessful) > (len(login_failed) +
                                               len(login_skipped)) else INFO
        print(
            "%s Succesfully logged in%s." %
            (sign, " with %s credentials on the list." %
             _ if args.load_file else "to %s websites." % _), )
        print("%s An overall success rate of %s.\n" %
              (sign,
               color(
                   "%%%s" % (100 * len(login_sucessful) /
                             (len(login_sucessful) + len(login_failed))), BW)))

    if len(login_sucessful) > 0:
        print("%s The provided credentials worked on the following website%s: "
              "%s\n" % (PLUS, "s" if len(login_sucessful) != 1 else "",
                        ", ".join(login_sucessful)))

    print("%s Finished tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))
Example #9
0
def main():
    """
    Initializes and executes the program
    """

    login_sucessful = []
    login_failed = []

    version = check_revision(VERSION)

    print("%s\n\n%s %s (%s)\n" % (
        BANNER % tuple([color(_) for _ in BANNER_PASSWORDS]),
        NAME, version, URL))

    args = parse_args()

    if args.update:
        update()
        exit()

    if args.list:
        sites = list_sites()
        for _ in sites:
            print("- %s" % _)
        exit()

    if not args.password:
        args.password = getpass("%s Please enter password:"******"")

    if args.ignore_proxy:
        proxy_handler = ProxyHandler({})

    elif args.proxy:
        match = re.search(r"(?P<type>[^:]+)://(?P<address>[^:]+)"
                          r":(?P<port>\d+)", args.proxy, re.I)
        if match:
            if match.group("type").upper() in ("HTTP", "HTTPS"):
                proxy_host = "%s:%s" % (match.group("address"),
                                        match.group("port"))
                proxy_handler = ProxyHandler({"http": proxy_host,
                                              "https": proxy_host})
            else:
                from thirdparty.socks import socks
                if match.group("type").upper() == "SOCKS4":
                    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4,
                                          match.group("address"),
                                          int(match.group("port")), True)
                elif match.group("type").upper() == "SOCKS5":
                    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5,
                                          match.group("address"),
                                          int(match.group("port")), True)
                proxy_handler = None
        else:
            proxy_handler = ProxyHandler()
    else:
        proxy_handler = None

    opener = build_opener(HTTPHandler(), HTTPSHandler(),
                          HTTPCookieProcessor(cookie_handler))
    if proxy_handler:
        opener.add_handler(proxy_handler)

    install_opener(opener)

    with open(USER_AGENTS_FILE, 'r') as ua_file:
        args.user_agent = sample(ua_file.readlines(), 1)[0].strip()

    credentials = {"username": args.username, "email": args.email,
                   "password": args.password}
    sites = list_sites()

    if args.only:
        sites = [site for site in sites if site in args.only]
    elif args.exclude:
        sites = [site for site in sites if site not in args.exclude]

    print("%s Loaded %d %s to test." % (INFO, len(sites),
                                        "site" if len(sites) == 1
                                        else "sites"))
    print("%s Starting tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))

    for site in sites:
        _ = populate_site(site, args)
        if not _:
            continue
        target = Website(_, {"verbose": args.verbose})

        if (target.username_or_email == "email" and not args.email or
                target.username_or_email == "username" and not args.username):
            if args.verbose:
                print("%s Skipping \"%s\" since no \"%s\" was specified.\n" %
                      (INFO, color(target.name),
                       color(target.username_or_email)))
            continue

        print("%s Testing \"%s\"" % (TEST, color(target.name, BW)))

        if not target.user_agent:
            target.user_agent = args.user_agent

        if target.perform_login(credentials, cookie_handler):
            login_sucessful.append(target.name)
        else:
            login_failed.append(target.name)

    if not args.verbose:
        print()

    if len(login_sucessful) > 0 or len(login_failed) > 0:
        print("%s Succesfully logged into %s/%s websites." %
              (INFO, color(len(login_sucessful), BW),
               color(len(login_sucessful) + len(login_failed), BW)))
        print("%s An overall success rate of %s.\n" %
              (INFO, color("%%%s" % (100 * len(login_sucessful) / len(sites)),
                           BW)))

    if len(login_sucessful) > 0:
        print("%s The provided credentials worked on the following website%s: "
              "%s\n" % (PLUS, "s" if len(login_sucessful) != 1 else "",
                        ", ".join(login_sucessful)))

    print("%s Finished tests at: \"%s\"\n" % (INFO, color(strftime("%X"), BW)))
Example #10
0
def main():
    """
    Initializes and executes the program
    """

    global args

    kb.files = []
    kb.found = False
    kb.print_lock = threading.Lock()
    kb.value_lock = threading.Lock()
    kb.versioned_locations = {}

    check_revision()

    print(BANNER)

    args = parse_args()

    if args.update:
        update()
        exit()

    with open("versions.ini") as f:
        section = None
        for line in f.xreadlines():
            line = line.strip()
            if re.match(r"\[.+\]", line):
                section = line.strip("[]")
            elif line:
                if section not in kb.versioned_locations:
                    kb.versioned_locations[section] = []
                kb.versioned_locations[section].append(line)

    cases = get_cases(args) if not args.list_file else load_list(args.list_file)

    if not cases:
        print("[!] No available test cases with the specified attributes.\n"
              "[!] Please verify available options with --list.")
        exit()

    if args.list:
        args.list = args.list.lower()

        _ = ("category", "software", "os")
        if args.list not in _:
            print("[!] Valid values for option '--list' are: %s" % ", ".join(_))
            exit()

        print("[i] Listing available filters for usage with option '--%s':\n" % args.list)

        try:
            for _ in set([_[args.list] for _ in cases]):
                print(_ if re.search(r"\A[A-Za-z0-9]+\Z", _) else '"%s"' % _)
        except KeyError:
            pass
        finally:
            exit()

    if args.ignore_proxy:
        _ = ProxyHandler({})
        opener = build_opener(_)
        install_opener(opener)
    elif args.proxy:
        match = re.search(r"(?P<type>[^:]+)://(?P<address>[^:]+):(?P<port>\d+)", args.proxy, re.I)
        if match:
            if match.group("type").upper() in (PROXY_TYPE.HTTP, PROXY_TYPE.HTTPS):
                _ = ProxyHandler({match.group("type"): args.proxy})
                opener = build_opener(_)
                install_opener(opener)
            else:
                from thirdparty.socks import socks
                if match.group("type").upper() == PROXY_TYPE.SOCKS4:
                    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4, match.group("address"), int(match.group("port")), True)
                elif match.group("type").upper() == PROXY_TYPE.SOCKS5:
                    socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, match.group("address"), int(match.group("port")), True)
        else:
            print("[!] Wrong proxy format (proper example: \"http://127.0.0.1:8080\").")
            exit()

    if args.random_agent:
        with open(USER_AGENTS_FILE, 'r') as f:
            args.user_agent = random.sample(f.readlines(), 1)[0]

    kb.parsed_target_url = urlsplit(args.url)
    kb.request_params = args.data if args.data else kb.parsed_target_url.query

    if not args.param:
        match = re.match("(?P<param>[^=&]+)=(?P<value>[^=&]+)", kb.request_params)
        if match:
            args.param = match.group("param")
        else:
            found = False

            for match in re.finditer("(?P<param>[^=&]+)=(?P<value>[^=&]*)", kb.request_params):
                found = True
                print("[x] Parameter with empty value found ('%s')." % match.group("param"))

            if found:
                print("[!] Please always use non-empty (valid) parameter values.")

            print("[!] No usable GET/POST parameters found.")
            exit()

    if args.os:
        kb.restrict_os = args.os

    print("[i] Starting scan at: %s\n" % time.strftime("%X"))
    print("[i] Checking original response...")

    request_args = prepare_request(None)
    request_args["url"] = args.url

    if args.data:
        request_args["data"] = args.data

    kb.original_response = get_page(**request_args)

    if not kb.original_response:
        print("[!] Something seems to be wrong with connection settings.")
        if not args.verbose:
            print("[i] Please rerun with switch '-v'.")
        exit()

    print("[i] Checking invalid response...")

    request_args = prepare_request("%s%s%s" % (args.prefix, INVALID_FILENAME, args.postfix))
    kb.invalid_response = get_page(**request_args)

    print("[i] Done!")
    print("[i] Searching for files...")

    if args.threads > 1:
        print("[i] Starting %d threads." % args.threads)

    threads = []
    for i in xrange(args.threads):
        thread = threading.Thread(target=try_cases, args=([cases[_] for _ in xrange(i, len(cases), args.threads)],))
        thread.daemon = True
        thread.start()
        threads.append(thread)

    alive = True
    while alive:
        alive = False
        for thread in threads:
            if thread.isAlive():
                alive = True
                time.sleep(0.1)

    if not kb.found:
        print("[i] No files found!")
    elif args.verbose:
        print("\n[i] Files found:")
        for _ in kb.files:
            print("[o] %s" % _)

    print("  \n[i] File search complete.")
    print("\n[i] Finishing scan at: %s\n" % time.strftime("%X"))