def linkfinder(self):
utils.print_good('Starting linkfinder')
if self.is_direct:
if utils.not_empty_file(self.is_direct):
http_domains = utils.just_read(self.is_direct)
# just return if direct input is just a string
else:
domain = self.is_direct
strip_domain = utils.get_domain(domain)
if strip_domain == domain:
domain = 'http://' + domain
cmd = 'python3 $PLUGINS_PATH/LinkFinder/linkfinder.py -i {0} -d -o cli | tee $WORKSPACE/assets/linkfinder/{1}-linkfinder.txt'.format(
domain, strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/assets/linkfinder/{0}-linkfinder.txt'.format(
strip_domain))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/assets/linkfinder/{0}-linkfinder.std'.format(
strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
return None
else:
if self.options['SPEED'] != 'slow':
utils.print_good("Skipping linkfinder in quick mode")
return None
http_domains = utils.replace_argument(
self.options, '$WORKSPACE/assets/http-$OUTPUT.txt')
utils.make_directory(self.options['WORKSPACE'] + '/assets/linkfinder')
if utils.not_empty_file(http_domains):
domains = utils.just_read(http_domains)
for domain in domains.splitlines():
strip_domain = utils.get_domain(domain)
cmd = 'python3 $PLUGINS_PATH/LinkFinder/linkfinder.py -i {0} -d -o cli | tee $WORKSPACE/assets/linkfinder/{1}-linkfinder.txt'.format(
domain, strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/assets/linkfinder/{0}-linkfinder.txt'.format(
strip_domain))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/assets/linkfinder/{0}-linkfinder.std'.format(
strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
def prepare_input(self):
if self.is_direct:
# if direct input was file just read it
if utils.not_empty_file(self.is_direct):
ip_list = utils.just_read(self.is_direct).splitlines()
# get input string
else:
ip_list = utils.get_domain(self.is_direct).strip()
else:
main_json = utils.reading_json(
utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'))
main_json['Modules'][self.module_name] = []
if self.options['SPEED'] == 'slow':
ip_list = [
x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None
] + main_json['IP Space']
elif self.options['SPEED'] == 'quick':
ip_list = [
x.get("IP") for x in main_json['Subdomains']
if x.get("IP") is not None
]
ip_list = list(set([ip for ip in ip_list if ip != 'N/A']))
if self.options['DEBUG'] == 'True':
ip_list = list(ip_list)[:5]
# utils.print_debug(ip_list)
return ip_list
def gowithness(self, data):
# add http:// and https:// prefix to domain
domains = []
utils.make_directory(self.options['WORKSPACE'] +
'/screenshot/screenshoots-gowitness')
for item in data:
host = utils.get_domain(item)
domains.append("http://" + host)
domains.append("https://" + host)
http_file = utils.replace_argument(
self.options, '$WORKSPACE/screenshot/$OUTPUT-hosts.txt')
utils.just_write(http_file, "\n".join(domains))
utils.clean_up(http_file)
time.sleep(2)
# screenshots with gowitness
cmd = "$GO_PATH/gowitness file -s $WORKSPACE/screenshot/$OUTPUT-hosts.txt -t 30 --log-level fatal --destination $WORKSPACE/screenshot/screenshoots-gowitness/ --db $WORKSPACE/screenshot/screenshoots-gowitness/gowitness.db"
execute.send_cmd(self.options,
utils.replace_argument(self.options,
cmd), '', '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10)
cmd = "$GO_PATH/gowitness generate -n $WORKSPACE/screenshot/$OUTPUT-gowitness-screenshots.html --destination $WORKSPACE/screenshot/screenshoots-gowitness/ --db $WORKSPACE/screenshot/screenshoots-gowitness/gowitness.db"
html_path = utils.replace_argument(
self.options,
"$WORKSPACE/portscan/$OUTPUT-gowitness-screenshots.html")
execute.send_cmd(self.options,
utils.replace_argument(self.options, cmd), html_path,
'', self.module_name)
def mutate(self, info, email):
errors = dict()
email = email
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
errors['email'] = [EMAIL_ADDRESS_DOES_NOT_EXIST]
return RestorePasswordRequest(
success=False, field_errors=ErrorType.from_errors(errors))
if not user.is_active or user.is_deleted:
return RestorePasswordRequest(
message=MessageType(title=RESTORE_PASSWORD_EMAIL_ACTIVE,
description=RESTORE_PASSWORD_EMAIL_ACTIVE,
type=WARNING_MESSAGE_TYPE))
domain = get_domain(info.context)
send_restore_password_link.delay(
user_id=user.pk,
email=email,
domain=domain,
)
return RestorePasswordRequest(success=True,
message=MessageType(
title='RESTORE_PASSWORD_EMAIL_TITLE',
description='RESTORE_PASSWORD_EMAIL',
type=SUCCESS_MESSAGE_TYPE))
def mutate(self, info, activate_data=None):
uid = activate_data.uid
pk = force_text(urlsafe_base64_decode(uid))
token = activate_data.token
domain = get_domain(info.context)
try:
user = User.objects.get(pk=pk)
if user.is_active and not user.is_deleted:
return ActivateAccount(
message=MessageType(title=ALREADY_ACTIVATE_ACCOUNT_TITLE,
description=ALREADY_ACTIVATE_ACCOUNT,
type=WARNING_MESSAGE_TYPE))
if account_activation_token.check_token(user, token):
user.is_active = True
send_success_confirmation_email.delay(
email=user.email,
domain=domain,
)
user.save()
return ActivateAccount(
message=MessageType(title=ACTIVATE_ACCOUNT_TITLE,
description=ACTIVATE_ACCOUNT,
type=SUCCESS_MESSAGE_TYPE))
except User.DoesNotExist:
pass
raise ValueError(INVALID_TOKEN_ERROR)
def wfuzz(self, domain):
strip_domain = utils.get_domain(domain)
utils.print_good('Starting wfuzz')
cmd = "wfuzz -f $WORKSPACE/directory/quick/{1}-wfuzz.json,json -c -w $PLUGINS_PATH/wordlists/quick-content-discovery.txt -t 100 --sc 200,307 -u '{0}/FUZZ' | tee $WORKSPACE/directory/quick/std-{1}-wfuzz.std".format(
domain, strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/{0}-wfuzz.json'.format(strip_domain))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/std-{0}-wfuzz.std'.format(
strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
def dirsearch(self, domain):
strip_domain = utils.get_domain(domain)
utils.print_good('Starting dirsearch')
cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py -b -e php,zip,aspx,js --wordlist=$PLUGINS_PATH/wordlists/really-quick.txt -x '302,404' --simple-report=$WORKSPACE/directory/quick/{1}-dirsearch.txt -t 50 -u {0}".format(
domain, strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/{0}-dirsearch.txt'.format(
strip_domain))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/std-{0}-dirsearch.std'.format(
strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
def perform_mutate(cls, serializer, info):
user = serializer.save()
email = user.email
domain = get_domain(info.context)
# celery task
sign_up_email_confirmation.delay(
user_id=user.pk,
email=email,
domain=domain,
)
return cls(errors=None,
message=MessageType(
title=SUCCESSFULLY_REGISTER,
description=SUCCESSFULLY_REGISTER_DESCRIPTION,
type=SUCCESS_MESSAGE_TYPE))
def parser(url):
response = requester(url)
if response:
response_url = response.url
response_page = response.text
load_modules('while-parsing', response=response)
if response_page:
hrefs = [
re.sub(r'^[\'"]|[\'"]$', '', match.group(1))
for match in re.finditer(
r'(?i)<a[^>]+href=("[^"]+?"|\'[^\']+?\'|[^\s]+?)',
response_page)
]
for href in hrefs:
if re.search(r'(?i)^(#|javascript:)', href):
continue
url = handle_anchor(response_url, href)
if var['include']:
if not re.match(var['include'], url):
continue
elif var['exclude']:
if re.match(var['exclude'], url):
continue
this_domain = get_domain(url)
for website in config['websites']:
if website in this_domain:
result['data']['websites'].add(url)
break
html, extension = isHTML(url)
if not html:
if extension.lower().startswith(tuple(config['files'])):
result['data']['files'].add(url)
if in_scope(url):
if '=' in url:
result['urls']['fuzzable'].add(url)
result['urls']['internal'].add(url)
else:
result['urls']['external'].add(url)
scraper(response)
def gobuster(self, domain):
utils.print_good('Starting gobuster')
if self.options['SPEED'] != 'slow':
utils.print_good("Skipping gobuster in quick mode")
return
strip_domain = utils.get_domain(domain)
cmd = '$GO_PATH/gobuster dir -k -q -e -fw -x php,jsp,aspx,html,json -w $PLUGINS_PATH/wordlists/dir-all.txt -t 100 -o $WORKSPACE/directory/{1}-gobuster.txt -s 200,301,307 -u "{0}" '.format(
domain, strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/full/{0}-gobuster.json'.format(domain))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/full/std-{0}-gobuster.std'.format(domain))
execute.send_cmd(self.options,
cmd,
output_path,
std_path,
self.module_name,
nolog=True)
def parsing_config(config_path, args):
options = {}
# some default path
github_api_key = str(os.getenv("GITROB_ACCESS_TOKEN"))
cwd = str(os.getcwd())
# just hardcode if gopath not loaded
go_path = cwd + "/plugins/go"
# go_path = str(os.getenv("GOPATH")) + "/bin"
# if "None" in go_path:
# go_path = cwd + "/plugins/go"
if args.slack:
bot_token = str(os.getenv("SLACK_BOT_TOKEN"))
else:
bot_token = None
log_channel = str(os.getenv("LOG_CHANNEL"))
status_channel = str(os.getenv("STATUS_CHANNEL"))
report_channel = str(os.getenv("REPORT_CHANNEL"))
stds_channel = str(os.getenv("STDS_CHANNEL"))
verbose_report_channel = str(os.getenv("VERBOSE_REPORT_CHANNEL"))
if os.path.isfile(config_path):
utils.print_info('Config file detected: {0}'.format(config_path))
# config to logging some output
config = ConfigParser(interpolation=ExtendedInterpolation())
config.read(config_path)
else:
utils.print_info('New config file created: {0}'.format(config_path))
shutil.copyfile(cwd + '/template-config.conf', config_path)
config = ConfigParser(interpolation=ExtendedInterpolation())
config.read(config_path)
if args.workspace:
workspaces = os.path.abspath(args.workspace)
else:
workspaces = cwd + "/workspaces/"
config.set('Enviroments', 'cwd', cwd)
config.set('Enviroments', 'go_path', go_path)
config.set('Enviroments', 'github_api_key', github_api_key)
config.set('Enviroments', 'workspaces', str(workspaces))
if args.debug:
config.set('Slack', 'bot_token', 'bot_token')
config.set('Slack', 'log_channel', 'log_channel')
config.set('Slack', 'status_channel', 'status_channel')
config.set('Slack', 'report_channel', 'report_channel')
config.set('Slack', 'stds_channel', 'stds_channel')
config.set('Slack', 'verbose_report_channel', 'verbose_report_channel')
else:
config.set('Slack', 'bot_token', str(bot_token))
config.set('Slack', 'log_channel', log_channel)
config.set('Slack', 'status_channel', status_channel)
config.set('Slack', 'report_channel', report_channel)
config.set('Slack', 'stds_channel', stds_channel)
config.set('Slack', 'verbose_report_channel', verbose_report_channel)
# Mode config of the tool
if args.slow and args.slow == 'all':
speed = "slow"
else:
speed = "quick"
module = str(args.module)
debug = str(args.debug)
force = str(args.force)
config.set('Mode', 'speed', speed)
config.set('Mode', 'module', module)
config.set('Mode', 'debug', debug)
config.set('Mode', 'force', force)
# Target stuff
# parsing agument
git_target = args.git if args.git else None
burpstate_target = args.burp if args.burp else None
target_list = args.targetlist if args.targetlist else None
company = args.company if args.company else None
output = args.output if args.output else None
target = args.target if args.target else None
strip_target = target if target else None
ip = target if target else None
workspace = target if target else None
# get direct input as single or a file
direct_input = args.input if args.input else None
direct_input_list = args.inputlist if args.inputlist else None
# target config
if args.target:
target = args.target
# set target is direct input if not specific
elif direct_input or direct_input_list:
if direct_input:
# direct_target = utils.url_encode(direct_input)
direct_target = direct_input
if direct_input_list:
direct_target = os.path.basename(direct_input_list)
target = direct_target
output = args.output if args.output else utils.strip_slash(
os.path.splitext(target)[0])
company = args.company if args.company else utils.strip_slash(
os.path.splitext(target)[0])
else:
target = None
# parsing some stuff related to target
if target:
# get the main domain of the target
strip_target = utils.get_domain(target)
if '/' in strip_target:
strip_target = utils.strip_slash(strip_target)
output = args.output if args.output else strip_target
company = args.company if args.company else strip_target
# url encode to make sure it can be send through API
workspace = workspaces + strip_target
workspace = utils.url_encode(workspace)
# check connection to target
if not direct_input and not direct_input_list:
try:
ip = socket.gethostbyname(strip_target)
except:
ip = None
utils.print_bad(
"Something wrong to connect to {0}".format(target))
else:
ip = None
try:
# getting proxy from args
proxy = args.proxy if args.proxy else None
proxy_file = args.proxy_file if args.proxy_file else None
config.set('Proxy', 'proxy', str(proxy))
config.set('Proxy', 'proxy_file', str(proxy_file))
if config['Proxy']['proxy_cmd'] == 'None':
# only works for Kali proxychains, change it if you on other OS
proxy_cmd = "proxychains -f {0}".format(proxy_file)
config.set('Proxy', 'proxy_cmd', str(proxy_cmd))
except:
utils.print_info(
"Your config file seem to be outdated, Backup it and delete it to regenerate the new one"
)
config.set('Target', 'input', str(direct_input))
config.set('Target', 'input_list', str(direct_input_list))
config.set('Target', 'git_target', str(git_target))
config.set('Target', 'burpstate_target', str(burpstate_target))
config.set('Target', 'target_list', str(target_list))
config.set('Target', 'output', str(output))
config.set('Target', 'target', str(target))
config.set('Target', 'strip_target', str(strip_target))
config.set('Target', 'company', str(company))
config.set('Target', 'ip', str(ip))
config.set('Enviroments', 'workspace', str(workspace))
# create workspace folder for the target
utils.make_directory(workspace)
# set the remote API
if args.remote:
remote_api = args.remote
config.set('Server', 'remote_api', remote_api)
# set credentials as you define from agurments
if args.auth:
# user:pass
creds = args.auth.strip().split(":")
username = creds[0]
password = creds[1]
config.set('Server', 'username', username)
config.set('Server', 'password', password)
else:
# set random password if default password detect
if config['Server']['password'] == 'super_secret':
new_pass = hashlib.md5(str(int(
time.time())).encode()).hexdigest()[:6]
config.set('Server', 'password', new_pass)
# save the config
with open(config_path, 'w') as configfile:
config.write(configfile)
config = ConfigParser(interpolation=ExtendedInterpolation())
config.read(config_path)
sections = config.sections()
options['CONFIG_PATH'] = os.path.abspath(config_path)
for sec in sections:
for key in config[sec]:
options[key.upper()] = config.get(sec, key)
#
if args.slow and args.slow != 'all':
options['SLOW'] = args.slow
# parsing proxy stuff
if options.get('PROXY') or options.get('PROXY_FILE'):
proxy_parsing(options)
else:
# just for the old config
options['PROXY'] = "None"
options['PROXY_FILE'] = "None"
options = clean_up(options)
return options
def clean_input(raw_input, module='general'):
if 'general' in module.lower():
return utils.get_domain(raw_input)
elif 'dir' in module.lower():
return raw_input
