def brutespray(self):
utils.print_good('Starting brutespray')
cmd = 'python $PLUGINS_PATH/brutespray/brutespray.py --file $WORKSPACE/vulnscan/$TARGET-nmap.xml --threads 5 --hosts 5 -o $WORKSPACE/bruteforce/$OUTPUT/'
cmd = utils.replace_argument(self.options, cmd)
utils.print_info("Execute: {0} ".format(cmd))
execute.run(cmd)
utils.check_output(self.options, '$WORKSPACE/bruteforce/$OUTPUT/')
def conclude(self, output):
head = ','.join([str(x).title() for x in output[0].keys()]) + "\n"
body = ''
for item in output:
clean_body = [str(x).replace(',', '%2C').replace(
"\n", "%0a%0d") for x in item.values()]
body += ','.join(clean_body) + "\n"
utils.check_output(self.output)
utils.just_write(self.output, head + body)
def unique_result(self):
#gobuster clean up
utils.print_good('Unique result')
go_raw = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/raw-$OUTPUT-gobuster.txt')
if utils.not_empty_file(go_raw):
go_clean = [
x.split(' ')[1] for x in utils.just_read(go_raw).splitlines()
]
go_output = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/$OUTPUT-gobuster.txt')
utils.just_write(go_output, "\n".join(go_clean))
#massdns clean up
massdns_raw = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/raw-massdns.txt')
if utils.not_empty_file(massdns_raw):
massdns_output = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/$OUTPUT-massdns.txt')
if not os.path.exists(massdns_raw):
with open(massdns_raw, 'r+') as d:
ds = d.read().splitlines()
for line in ds:
newline = line.split(' ')[0][:-1]
with open(massdns_output, 'a+') as m:
m.write(newline + "\n")
utils.check_output(
utils.replace_argument(
self.options,
'$WORKSPACE/subdomain/$OUTPUT-massdns.txt'))
#joining the output
all_output = glob.glob(
utils.replace_argument(self.options,
'$WORKSPACE/subdomain/$OUTPUT-*.txt'))
domains = []
for file in all_output:
domains += utils.just_read(file).splitlines()
output_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
utils.just_write(output_path, "\n".join(set(domains)))
time.sleep(1)
slack.slack_file('report',
self.options,
mess={
'title':
"{0} | {1} | Output".format(
self.options['TARGET'], self.module_name),
'filename':
'{0}'.format(output_path),
})
def create_ip_result(self):
utils.print_good('Create IP for list of domain result')
cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $WORKSPACE/subdomain/final-$OUTPUT.txt'
cmd = utils.replace_argument(self.options, cmd)
execute.run(cmd)
cmd = '''cat $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt | grep -e ' A ' | cut -d 'A' -f 2 | tr -d ' ' > $WORKSPACE/subdomain/final-IP-$OUTPUT.txt'''
cmd = utils.replace_argument(self.options, cmd)
execute.run(cmd)
utils.check_output(self.options,
'$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
def run_single(command):
forced = command.get('forced', False)
if not forced:
if utils.not_empty_file(command.get('output_path')):
return True
std_out = run(command.get('cmd'))
# store std and output
if command.get('std_path') != '':
utils.just_write(command.get('std_path'), std_out)
if command.get('output_path') != '':
utils.check_output(command.get('output_path'))
return True
def masscan(self):
utils.print_good('Starting masscan')
if self.options['speed'] == 'slow':
cmd = 'sudo masscan --rate 10000 -p0-65535 -iL $WORKSPACE/subdomain/final-IP-$OUTPUT.txt -oG $WORKSPACE/portscan/$OUTPUT-masscan.gnmap -oX $WORKSPACE/portscan/$OUTPUT-masscan.xml --wait 0'
elif self.options['speed'] == 'quick':
utils.print_good("Only scan for single target in quick speed")
cmd = 'sudo masscan --rate 10000 -p0-65535 $IP -oG $WORKSPACE/portscan/$OUTPUT-masscan.gnmap -oX $WORKSPACE/portscan/$OUTPUT-masscan.xml --wait 0'
cmd = utils.replace_argument(self.options, cmd)
utils.print_info("Execute: {0} ".format(cmd))
execute.run(cmd)
utils.check_output(self.options,
'$WORKSPACE/portscan/$OUTPUT-masscan.xml')
def gobuster(self):
utils.print_good('Starting gobuster')
if self.options['speed'] == 'slow':
cmd = '$GO_PATH/gobuster -m dns -np -t 100 -w $PLUGINS_PATH/wordlists/all.txt -u $TARGET -o $WORKSPACE/subdomain/$OUTPUT-gobuster.txt'
elif self.options['speed'] == 'quick':
cmd = '$GO_PATH/gobuster -m dns -np -t 100 -w $PLUGINS_PATH/wordlists/shorts.txt -u $TARGET -o $WORKSPACE/subdomain/$OUTPUT-gobuster.txt'
cmd = utils.replace_argument(self.options, cmd)
utils.print_info("Execute: {0} ".format(cmd))
execute.run(cmd)
utils.check_output(self.options,
'$WORKSPACE/subdomain/$OUTPUT-gobuster.txt')
def get_wfr_uuid(exec_arn):
'''checking status of an execution first and if it's success, get wfr uuid'''
output = check_output(exec_arn)
if output:
return output['ff_meta']['uuid']
else:
return None
def massdns(self):
utils.print_good('Starting massdns')
cmd = '$PLUGINS_PATH/massdns/scripts/subbrute.py $DOMAIN_FULL $TARGET | $PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/raw-massdns.txt'
# cmd = '$PLUGINS_PATH/massdns/scripts/subbrute.py $PLUGINS_PATH/massdns/lists/names.txt $TARGET | $PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/$OUTPUT-massdns.txt'
cmd = utils.replace_argument(self.options, cmd)
utils.print_info("Execute: {0} ".format(cmd))
execute.run(cmd)
massdns_raw = utils.replace_argument(self.options, '$WORKSPACE/subdomain/raw-massdns.txt')
massdns_output = utils.replace_argument(self.options, '$WORKSPACE/subdomain/$OUTPUT-massdns.txt')
with open(massdns_raw, 'r+') as d:
ds = d.read().splitlines()
for line in ds:
newline = line.split(' ')[0][:-1]
with open(massdns_output, 'a+') as m:
m.write(newline + "\n")
utils.check_output(self.options, '$WORKSPACE/subdomain/$OUTPUT-massdns.txt')
def unique_result(self):
#just clean up some output
#gobuster clean up
cmd = 'cat $WORKSPACE/subdomain/raw-$OUTPUT-gobuster.txt | cut -d ' ' -f 2 > $WORKSPACE/subdomain/$OUTPUT-gobuster.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/$OUTPUT-gobuster.txt')
execute.send_cmd(cmd, output_path, '', self.module_name)
#massdns clean up
massdns_raw = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/raw-massdns.txt')
massdns_output = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/$OUTPUT-massdns.txt')
if not os.path.exists(massdns_raw):
with open(massdns_raw, 'r+') as d:
ds = d.read().splitlines()
for line in ds:
newline = line.split(' ')[0][:-1]
with open(massdns_output, 'a+') as m:
m.write(newline + "\n")
utils.check_output(
utils.replace_argument(
self.options, '$WORKSPACE/subdomain/$OUTPUT-massdns.txt'))
utils.print_good('Unique result')
cmd = "cat $WORKSPACE/subdomain/$OUTPUT-*.txt | sort | awk '{print tolower($0)}' | uniq >> $WORKSPACE/subdomain/final-$OUTPUT.txt"
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
execute.send_cmd(cmd, output_path, '', self.module_name)
slack.slack_file(self.options,
mess={
'title':
"{0} | {1} | Output".format(
self.options['TARGET'], self.module_name),
'filename':
'{0}'.format(output_path),
})
def parsing_ouput(self):
utils.print_good('Parsing result found to a file')
final_result = utils.replace_argument(
self.options, '$WORKSPACE/directory/$OUTPUT-summary.txt')
dirsearch_result = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/$OUTPUT-dirsearch.txt')
data = utils.just_read(dirsearch_result)
if data:
utils.just_append(final_result, data)
dirble_result = utils.replace_argument(
self.options, '$WORKSPACE/directory/full/$OUTPUT-dirble.txt')
data = utils.just_read(dirble_result)
if data:
utils.just_append(final_result, data)
# final_result
utils.clean_up(final_result)
utils.check_output(final_result)
def screenshots(self):
utils.print_good('Starting Screenshot from found result')
final_result = utils.replace_argument(
self.options, '$WORKSPACE/directory/$OUTPUT-summary.txt')
if utils.not_empty_file(final_result):
# screenshot found path at the end
cmd = "cat {0} | $GO_PATH/aquatone -threads 20 -out $WORKSPACE/directory/$OUTPUT-screenshots".format(
final_result)
cmd = utils.replace_argument(self.options, cmd)
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/$OUTPUT-screenshots/std-aquatone_report.std'
)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/$OUTPUT-screenshots/aquatone_report.html'
)
execute.send_cmd(self.options, cmd, std_path, output_path,
self.module_name)
if utils.not_empty_file(output_path):
utils.check_output(output_path)
def create_skeleton_json(self):
outout = utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json')
if utils.not_empty_file(outout):
utils.print_info("Modules is already done")
return
main_json = {
"Company": utils.replace_argument(self.options, '$COMPANY'),
"Main_domain": utils.replace_argument(self.options, '$TARGET'),
"Info": {},
"Subdomains": [],
"Modules": {},
"IP Space": []
}
utils.just_write(outout, main_json, is_json=True)
utils.check_output(outout)
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Create skeleton json'
})
def create_skeleton_json(self):
main_json = {
"Company": utils.replace_argument(self.options, '$COMPANY'),
"Main_domain": utils.replace_argument(self.options, '$TARGET'),
"Info": {},
"Subdomains": [],
"Modules": {},
"IP Space": []
}
outout = utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json')
utils.just_write(outout, main_json, is_json=True)
utils.check_output(outout)
slack.slack_noti('status',
self.options,
mess={
'title':
"{0} | {1}".format(self.options['TARGET'],
self.module_name),
'content':
'Create skeleton json'
})
