class flickr_by_radius(base_vector):
result = []
banner = general_utilities.generate_banner("Instagram By Location")
header = ['screen_name', 'profile_name', 'profile_url', 'media_url', 'message', 'time', 'latitude', 'longitude']
def prepare(self, target, vector_args=None):
self.radius = 100
splitted_point = target.split(',')
self.lat = splitted_point[0]
self.lon = splitted_point[1]
if vector_args:
s_vector_args = ' '.join(vector_args)
vector_args = dict(token.split('=') for token in shlex.split(s_vector_args))
if vector_args.has_key('radius'):
self.radius = int(vector_args['radius'])
def execute(self):
if self.ricco_conf.has_option('ApiKeys','InstagramClientID') and self.ricco_conf.has_option('ApiKeys','InstagramClientSecret'):
client_id = self.ricco_conf.get('ApiKeys','InstagramClientID')
client_secret = self.ricco_conf.get('ApiKeys','InstagramClientSecret')
instagram = search_utilities.InstagramApi(client_id,client_secret)
self.result = instagram.get_photos_by_circle(self.lan,self.lon, self.radius)
else:
self.result = ['Need client id and client secret to run.']
class panoramio_by_box(base_vector):
result = []
banner = general_utilities.generate_banner("Panoramio By Location")
# header = ['owner_id','owner_name', 'owner_url', 'media_url', 'photo_url', 'title', 'latitude', 'longtitude', 'upload_date']
header = [
'media_url', 'photo_url', 'title', 'latitude', 'longtitude',
'upload_date'
]
def prepare(self, target, vector_args=None):
if re.match(r"[\d\.]\,[\d\.]", target):
point = target
splitted_point = point.split(',')
self.lat = splitted_point[0]
self.lon = splitted_point[1]
else:
serch_cord = search_utilities.Google()
serch_cord.fetch_geocoding(target)
self.lat, self.lon = serch_cord.get_coordinates()
self.half_side = 100
if vector_args:
s_vector_args = ' '.join(vector_args)
vector_args = dict(
token.split('=') for token in shlex.split(s_vector_args))
if vector_args.has_key('radius'):
self.half_side = int(vector_args['radius'])
def execute(self):
panoramio = Panoramio()
result = panoramio.get_photos_by_box(self.lat, self.lon,
self.half_side)
self.result = [item[3:] for item in result]
class location_info(base_vector):
result = []
banner = general_utilities.generate_banner("Get Coordinates From address")
header = ['lat', 'lng', 'formatted_address']
def prepare(self, target, vector_args):
self.target = target
def execute(self):
query = self.target
if self.ricco_conf.has_option('ApiKeys','Google'):
api_key = self.ricco_conf.get('ApiKeys','Google')
else:
api_key = None
search = search_utilities.Google(api_key=api_key)
search.fetch_geocoding(query)
geocoding = search.get_geocoding()
status = geocoding["status"]
results = geocoding["results"]
if status == "OK":
for res in results:
values = res.values()
self.result.append(values)
else:
self.result = None
class dns_info(base_vector):
result = []
banner = general_utilities.generate_banner("Dns Information")
header = ["Type", "Host"]
def prepare(self, target, vector_args=None):
if "://" in target:
target = general_utilities.get_domain(target)
self.target = target
def execute(self):
host = self.target
MX_records = dns_utilities.get_MX_records(host)
# mx_result = tabulate(MX_records,headers=header)
NS_records = dns_utilities.get_NS_records(host)
# ns_result = tabulate(NS_records, headers=header)
A_records = dns_utilities.get_A_records(host)
AAAA_records = dns_utilities.get_AAAA_records(host)
# alias_result = tabulate(alias_records,headers=header)
# result = mx_result+ns_result+alias_result
if A_records:
self.result += [(item[0], item[1].address) for item in A_records]
if AAAA_records:
self.result += [(item[0], item[1].address)
for item in AAAA_records]
if MX_records:
self.result += [(item[0], item[1].address) for item in MX_records]
if NS_records:
self.result += [(item[0], item[1].address) for item in NS_records]
class flickr_by_radius(base_vector):
result = []
banner = general_utilities.generate_banner("Flickr By Location")
header = [
'screen_name', 'profile_name', 'profile_url', 'media_url', 'message',
'latitude', 'longitude', 'date_taken'
]
def prepare(self, target, vector_args=None):
self.radius = 100
self.point = target
if vector_args:
s_vector_args = ' '.join(vector_args)
vector_args = dict(
token.split('=') for token in shlex.split(s_vector_args))
if vector_args.has_key('radius'):
self.radius = int(vector_args['radius'])
def execute(self):
if self.ricco_conf.has_option('ApiKeys', 'Flickr'):
api_key = self.ricco_conf.get('ApiKeys', 'Flickr')
else:
api_key = None
flickr = search_utilities.FlickrApi(api_key)
self.result = flickr.get_photos_by_point(self.point, self.radius)
class http_grab_banner(base_vector):
result = []
banner = general_utilities.generate_banner("Banner Grabbing")
header = ["Port", "target"]
def prepare(self, target, vector_args):
if "://" in target:
target = general_utilities.get_domain(target)
self.target = target
def execute(self):
host = self.target
ports = [80, 443]
http_versions = ["1.0", "1.1", "0.9"]
CRLF = "\r\n\r\n"
for port in ports:
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(1)
s.connect((host, port))
s.send("GET / HTTP/1.0%s" % (CRLF))
grabbed_banner = s.recv(1024)
# print grabbed_banner
self.result.append([port, str(grabbed_banner)])
except:
continue
class nmap_banner(base_vector):
result = []
banner = general_utilities.generate_banner("nmap Banner Grabbing Script")
header = [
'target', 'port', 'protocol', 'state', 'service', 'product',
'hostname', 'banner'
]
def prepare(self, target, vector_args):
if "://" in target:
target = general_utilities.get_domain(target)
target = general_utilities.get_ip_by_host(target)
self.target = target
def execute(self):
addr = self.target
# nm = nmap.PortScanner()
nm = nmap.NmapScanner()
nm.scan(addr, arguments='-sV --script=banner')
# self.result = nm._scan_result
raw_results = nm[addr][1]
for port in raw_results['ports']['port']:
p_hostname = None
p_product = None
p_script = None
p_result = []
p_num = port['@portid']
p_protocol = port['@protocol']
p_service = port['service']['@name']
p_state = port['state']['@state']
# print 'script' in port
if 'script' in port:
p_script = port['script']['@output']
if '@product' in port['service']:
p_product = port['service']['@product']
if '@hostname' in port['service']:
p_hostname = port['service']['@hostname']
p_result = [
addr, p_num, p_protocol, p_state, p_service, p_product,
p_hostname, p_script
]
self.result.append(p_result)
class dns_zone_transfer(base_vector):
result = []
banner = general_utilities.generate_banner("Dns Information")
header = ["Type", "Host"]
def prepare(self, target, vector_args):
if "://" in target:
target = general_utilities.get_domain(target)
self.target = target
def execute(self):
host = str(self.target)
answer = dns_utilities.get_NS_records(host)
ns = []
ns = [str(item[1]) for item in answer]
for name in ns:
axfr_query = dns.query.xfr(name,
host,
timeout=5,
relativize=False,
lifetime=10)
try:
zone = dns.zone.from_xfr(axfr_query, relativize=False)
if not str(zone.origin).rstrip('.'):
raise dns.zone.UnknownOrigin
print zone
except NoSOA:
pass
# raise Exception('The zone has no SOA RR at its origin')
except NoNS:
pass
# raise Exception('The zone has no NS RRset at its origin')
except UnknownOrigin:
pass
# raise Exception('The zone\'s origin is unknown')
except BadZone:
pass
# raise Exception('The zone is malformed')
except DNSException, e:
pass
class ip_whois_info(base_vector):
result = []
banner = general_utilities.generate_banner("IP Whois Info")
header = []
def prepare(self, target, vector_args):
if "://" in target:
target = general_utilities.get_domain(target)
target = general_utilities.get_ip_by_host(target)
elif re.match(r"[^0-9\.]", target):
target = general_utilities.get_ip_by_host(target)
self.target = target
def execute(self):
addr = self.target
obj = IPWhois(addr)
self.result = obj.lookup_rws()
print self.result
class dirs_fuzzing(base_vector):
result = []
banner = general_utilities.generate_banner("Avialable Dirs on Server")
header = ["url", "http-code"]
def prepare(self, target, vector_args=None):
self.target = target
if "://" not in target:
target = "http://" + target
self.target = target
self.dirs_list = self.base_path + "/static-data/dirs-list.txt"
def execute(self):
url = str(self.target)
with open(self.dirs_list, 'r') as f:
wordlist = f.read()
wordlist = wordlist.split("\n")
counter = 0
if url.endswith("/"):
url = url[:-1]
for word in wordlist:
uri = url + "/" + word
counter += 1
# if counter > 3:
# break
try:
response = urllib2.urlopen(uri, timeout=3)
if response:
self.result.append((uri, str(response.getcode())))
except urllib2.HTTPError, e:
if e.code == 401:
self.result.append((uri, e.code))
elif e.code == 403:
self.result.append((uri, e.code))
except urllib2.URLError, e:
pass
class iana_whois_info(base_vector):
result = []
banner = general_utilities.generate_banner("IANA Whois Info")
header = ["category", "info"]
def prepare(self, target, vector_args):
self.target = None
if "://" in target:
self.target = general_utilities.get_domain(target)
self.target = general_utilities.get_domain_without_suffix(target)
else:
self.target = general_utilities.get_domain_without_suffix(target)
self.iana_base_url = "http://www.iana.org/whois?"
def execute(self):
url = self.iana_base_url
params = {"q": self.target}
raw_iana, err = general_utilities.get_page(url, params)
# TODO err
raw_iana = raw_iana.split("<pre>")[1]
raw_iana = raw_iana.split("</pre>")[0]
self.result = raw_iana.split("\n\n",1)[1]
class domain_whois_info(base_vector):
result = []
banner = general_utilities.generate_banner("Domain Whois Info")
header = []
def prepare(self, target, vector_args):
if "://" in target:
target = general_utilities.get_domain(target)
elif re.match(r"[0-9\.]", target):
target = general_utilities.get_host_by_ip(target)
self.target = target
def execute(self):
domain = self.target
try:
whois_data = pythonwhois.get_whois(domain)
# TODO parse result
assert whois_data.has_key("raw")
whois_data = str(whois_data["raw"][0])
self.result = whois_data
except pythonwhois.shared.WhoisException:
self.result = "Domain Not Found"
class subdomains_fuzzing(base_vector):
result = []
banner = general_utilities.generate_banner("Available Sub-Domains")
header = ["host"]
def prepare(self, target, vector_args=None):
if "://" in target:
target = target.split("://")[1]
self.target = target
self.hosts_list =self.base_path + "/static-data/hosts-list.txt"
def execute(self):
url = str(self.target)
with open(self.hosts_list, 'r') as f:
wordlist = f.read()
wordlist = wordlist.split("\n")
counter = 0
if url.endswith("/"):
url = url[:-1]
if "://" in url:
url = url.split("://")[1]
for word in wordlist:
uri = word + "." + url
counter += 1
if counter > 3:
break
try:
socket.gethostbyname(uri)
uri_result = []
uri_result.append(uri.lower())
self.result.append(uri_result)
except socket.error, e:
pass
class suffixes_fuzzing(base_vector):
result = []
banner = general_utilities.generate_banner("Available Suffixes for Domain")
header = ["host"]
def prepare(self, target, vector_args=None):
if "://" in target:
target = general_utilities.get_domain()
elif validators.is_ipv4(target):
target = general_utilities.get_host_by_ip(target)
self.target = target
suffixes_list= self.base_path + "/static-data/suffixes.txt"
with open(suffixes_list, 'r') as f:
suffixes = f.read()
self.suffixes = suffixes.split("\n")
self.target = general_utilities.get_domain_without_suffix(target, suffixes=suffixes_list)
def execute(self):
url = str(self.target)
counter = 0
for suffix in self.suffixes:
uri = url + "." + suffix
counter += 1
if counter > 3:
break
try:
socket.gethostbyname(uri)
uri_result = []
uri_result.append(uri.lower())
self.result.append(uri_result)
except socket.error, e:
pass
class cord_to_address(base_vector):
result = []
banner = general_utilities.generate_banner(
"Extract mails in domain from google search")
header = ['url', 'email']
def prepare(self, target, vector_args):
# if "://" in target:
# target = general_utilities.get_domain(target)
# target = general_utilities.get_ip_by_host(target)
self.target = target
def execute(self):
query = "intext:@" + self.target
if self.ricco_conf.has_option('ApiKeys', 'Google'):
api_key = self.ricco_conf.get('ApiKeys', 'Google')
else:
api_key = None
search = search_utilities.Google(pages=2, api_key=api_key)
search.search(query)
# self.result = search.get_results()
links = search.get_links_result()
result_for_links = []
for link in links:
data, e = general_utilities.get_page(link)
if data:
emails = scraper.get_emails(data)
if emails:
for email in emails:
if self.target in email:
result_for_links.append([link, email])
self.result = result_for_links