def requester(url, data=None, GET=True):
time.sleep(var('delay'))
user_agents = [
'Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991'
]
headers = var('headers')
if headers:
if 'User-Agent' not in headers:
headers['User-Agent'] = random.choice(user_agents)
if GET:
response = requests.get(url,
params=data,
headers=headers,
verify=False)
else:
response = requests.post(url, data=data, headers=headers, verify=False)
return response
def main_scanner(uri, response):
definitions = var('outdated_js')
uri_scan_result = scan_uri(uri, definitions)
filecontent = response
filecontent_scan_result = scan_file_content(filecontent, definitions)
uri_scan_result.extend(filecontent_scan_result)
result = {}
if uri_scan_result:
result['component'] = uri_scan_result[0]['component']
result['version'] = uri_scan_result[0]['version']
result['vulnerabilities'] = []
vulnerabilities = set()
for i in uri_scan_result:
k = set()
try:
for j in i['vulnerabilities']:
vulnerabilities.add(str(j))
except KeyError:
pass
for vulnerability in vulnerabilities:
result['vulnerabilities'].append(
json.loads(vulnerability.replace('\'', '"')))
return result
import re
from core.utils import var, deJSON, make_list
signatures = var('tech_signatures')
def wappalyzer(response, js, scripts):
result = []
headers = response.headers
source_code = response.text
if 'Cookie' in headers:
for app in signatures['apps']:
if 'cookies' in signatures[app]:
for pattern in signatures['apps'][app]['cookies']:
if re.search(deJSON(pattern), headers['Cookie']):
result.append(app)
if 'implies' in signatures['apps'][app]:
for tech in signatures['apps'][app]['implies']:
result.append(app)
for app in signatures['apps']:
if 'headers' in signatures['apps'][app]:
for header in signatures['apps'][app]['headers']:
if header in headers:
if re.search(
deJSON(signatures['apps'][app]['headers'][header]),
headers[header]):
result.append(app)
for app in signatures['apps']:
if 'html' in signatures['apps'][app]:
for pattern in make_list(signatures['apps'][app]['html']):
try:
source_2 = security_trails(sys.argv[1])
except AttributeError:
source_2 = []
raw_subdomains = list(set(source_1 + source_2))
raw_subdomains.append(sys.argv[1])
print('%s %i targets were caught on radar.' % (info, len(raw_subdomains)))
unique_ips = {}
for raw_subdomain in raw_subdomains:
try:
ip = socket.gethostbyname(raw_subdomain)
dataset[raw_subdomain] = {}
dataset[raw_subdomain]['ip'] = ip
if ip not in unique_ips:
open_ports = portscanner([(ip, port) for port in var('ports')])
dataset[raw_subdomain]['ports'] = open_ports
unique_ips[ip] = open_ports
if 443 in open_ports:
dataset[raw_subdomain]['schema'] = 'https'
else:
dataset[raw_subdomain]['schema'] = 'http'
else:
open_ports = unique_ips[ip]
dataset[raw_subdomain]['ports'] = open_ports
if 443 in open_ports:
dataset[raw_subdomain]['schema'] = 'https'
else:
dataset[raw_subdomain]['schema'] = 'http'
print('%s[✈️]%s %s' % (green, end, raw_subdomain))
except (socket.gaierror, UnicodeError):
from modules.security_trails import security_trails
print('%s Turning on radar' % run)
dataset = {}
raw_subdomains = list(
set(findsubdomains(sys.argv[1]) + security_trails(sys.argv[1])))
raw_subdomains.append(sys.argv[1])
print('%s %i targets were caught on radar.' % (info, len(raw_subdomains)))
unique_ips = {}
for raw_subdomain in raw_subdomains:
try:
ip = socket.gethostbyname(raw_subdomain)
dataset[raw_subdomain] = {}
dataset[raw_subdomain]['ip'] = ip
if ip not in unique_ips:
open_ports = portscanner([(ip, port) for port in var('ports')])
dataset[raw_subdomain]['ports'] = open_ports
unique_ips[ip] = open_ports
if 443 in open_ports:
dataset[raw_subdomain]['schema'] = 'https'
else:
dataset[raw_subdomain]['schema'] = 'http'
else:
open_ports = unique_ips[ip]
dataset[raw_subdomain]['ports'] = open_ports
if 443 in open_ports:
dataset[raw_subdomain]['schema'] = 'https'
else:
dataset[raw_subdomain]['schema'] = 'http'
print('%s[✈️]%s %s' % (green, end, raw_subdomain))
except (socket.gaierror, UnicodeError):