def requester(url, data=None, GET=True): time.sleep(var('delay')) user_agents = [ 'Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36' 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991' ] headers = var('headers') if headers: if 'User-Agent' not in headers: headers['User-Agent'] = random.choice(user_agents) if GET: response = requests.get(url, params=data, headers=headers, verify=False) else: response = requests.post(url, data=data, headers=headers, verify=False) return response
def main_scanner(uri, response): definitions = var('outdated_js') uri_scan_result = scan_uri(uri, definitions) filecontent = response filecontent_scan_result = scan_file_content(filecontent, definitions) uri_scan_result.extend(filecontent_scan_result) result = {} if uri_scan_result: result['component'] = uri_scan_result[0]['component'] result['version'] = uri_scan_result[0]['version'] result['vulnerabilities'] = [] vulnerabilities = set() for i in uri_scan_result: k = set() try: for j in i['vulnerabilities']: vulnerabilities.add(str(j)) except KeyError: pass for vulnerability in vulnerabilities: result['vulnerabilities'].append( json.loads(vulnerability.replace('\'', '"'))) return result
import re from core.utils import var, deJSON, make_list signatures = var('tech_signatures') def wappalyzer(response, js, scripts): result = [] headers = response.headers source_code = response.text if 'Cookie' in headers: for app in signatures['apps']: if 'cookies' in signatures[app]: for pattern in signatures['apps'][app]['cookies']: if re.search(deJSON(pattern), headers['Cookie']): result.append(app) if 'implies' in signatures['apps'][app]: for tech in signatures['apps'][app]['implies']: result.append(app) for app in signatures['apps']: if 'headers' in signatures['apps'][app]: for header in signatures['apps'][app]['headers']: if header in headers: if re.search( deJSON(signatures['apps'][app]['headers'][header]), headers[header]): result.append(app) for app in signatures['apps']: if 'html' in signatures['apps'][app]: for pattern in make_list(signatures['apps'][app]['html']):
try: source_2 = security_trails(sys.argv[1]) except AttributeError: source_2 = [] raw_subdomains = list(set(source_1 + source_2)) raw_subdomains.append(sys.argv[1]) print('%s %i targets were caught on radar.' % (info, len(raw_subdomains))) unique_ips = {} for raw_subdomain in raw_subdomains: try: ip = socket.gethostbyname(raw_subdomain) dataset[raw_subdomain] = {} dataset[raw_subdomain]['ip'] = ip if ip not in unique_ips: open_ports = portscanner([(ip, port) for port in var('ports')]) dataset[raw_subdomain]['ports'] = open_ports unique_ips[ip] = open_ports if 443 in open_ports: dataset[raw_subdomain]['schema'] = 'https' else: dataset[raw_subdomain]['schema'] = 'http' else: open_ports = unique_ips[ip] dataset[raw_subdomain]['ports'] = open_ports if 443 in open_ports: dataset[raw_subdomain]['schema'] = 'https' else: dataset[raw_subdomain]['schema'] = 'http' print('%s[✈️]%s %s' % (green, end, raw_subdomain)) except (socket.gaierror, UnicodeError):
from modules.security_trails import security_trails print('%s Turning on radar' % run) dataset = {} raw_subdomains = list( set(findsubdomains(sys.argv[1]) + security_trails(sys.argv[1]))) raw_subdomains.append(sys.argv[1]) print('%s %i targets were caught on radar.' % (info, len(raw_subdomains))) unique_ips = {} for raw_subdomain in raw_subdomains: try: ip = socket.gethostbyname(raw_subdomain) dataset[raw_subdomain] = {} dataset[raw_subdomain]['ip'] = ip if ip not in unique_ips: open_ports = portscanner([(ip, port) for port in var('ports')]) dataset[raw_subdomain]['ports'] = open_ports unique_ips[ip] = open_ports if 443 in open_ports: dataset[raw_subdomain]['schema'] = 'https' else: dataset[raw_subdomain]['schema'] = 'http' else: open_ports = unique_ips[ip] dataset[raw_subdomain]['ports'] = open_ports if 443 in open_ports: dataset[raw_subdomain]['schema'] = 'https' else: dataset[raw_subdomain]['schema'] = 'http' print('%s[✈️]%s %s' % (green, end, raw_subdomain)) except (socket.gaierror, UnicodeError):