def __run_attacks( url, sqlmap=False, nmap=False, intel=False, xss=False, verbose=False, admin=False, given_path=None, auto=False, batch=False ): """ run the attacks if any are requested """ if not batch: question = prompt( "would you like to process found URL: '{}'".format(url), opts=["y", "N"] ) else: question = "y" if question.lower().startswith("y"): if sqlmap: return sqlmap_scan.sqlmap_scan_main(url.strip(), verbose=verbose, opts=__create_arguments(sqlmap=True), auto_search=auto, given_path=given_path) elif nmap: url_ip_address = replace_http(url.strip()) return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose, opts=__create_arguments(nmap=True)) elif intel: url = get_true_url(url) return intel_me.main_intel_amt(url, agent=agent_to_use, proxy=proxy_to_use) elif admin: main(url, show=opt.showAllConnections, verbose=verbose) elif xss: main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use, tamper=opt.tamperXssPayloads) else: pass else: logger.warning(set_color( "skipping '{}'...".format(url), level=30 ))
def __run_attacks(url, sqlmap=False, verbose=False, nmap=False, given_path=None, auto=False, batch=False): """ run the attacks if any are requested """ if not batch: question = prompt( "would you like to process found URL: '{}'".format(url), opts=["y", "N"]) else: question = "y" if question.lower().startswith("y"): if sqlmap: return sqlmap_scan.sqlmap_scan_main( url.strip(), verbose=verbose, opts=__create_sqlmap_arguments(), auto_search=auto, given_path=given_path) elif nmap: url_ip_address = replace_http(url.strip()) return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose) else: pass else: logger.warning(set_color("skipping '{}'...".format(url)))
def __run_attacks( url, sqlmap=False, nmap=False, intel=False, xss=False, verbose=False, admin=False, given_path=None, auto=False, batch=False ): """ run the attacks if any are requested """ __enabled_attacks = { "sqlmap": opt.runSqliScan, "port": opt.runPortScan, "xss": opt.runXssScan, "admin": opt.adminPanelFinder, "intel": opt.intelCheck } enabled = set() for key in __enabled_attacks.keys(): if __enabled_attacks[key] is True: enabled.add(key) if len(enabled) > 1: logger.error(set_color( "it appears that you have enabled multiple attack types, " "as of now only 1 attack is supported at a time, choose " "your attack and try again. You can use the -f flag if " "you do not want to complete an entire search again...", level=40 )) shutdown() if not batch: question = prompt( "would you like to process found URL: '{}'".format(url), opts=["y", "N"] ) else: question = "y" if question.lower().startswith("y"): if sqlmap: return sqlmap_scan.sqlmap_scan_main(url.strip(), verbose=verbose, opts=__create_arguments(sqlmap=True), auto_search=auto, given_path=given_path) elif nmap: url_ip_address = replace_http(url.strip()) return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose, opts=__create_arguments(nmap=True)) elif intel: url = get_true_url(url) return intel_me.main_intel_amt(url, agent=agent_to_use, proxy=proxy_to_use) elif admin: main(url, show=opt.showAllConnections, verbose=verbose) elif xss: main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use, tamper=opt.tamperXssPayloads) else: pass else: logger.warning(set_color( "skipping '{}'...".format(url), level=30 ))
def run_attacks(url, **kwargs): """ run the attacks if any are requested """ nmap = kwargs.get("nmap", False) sqlmap = kwargs.get("sqlmap", False) xss = kwargs.get("xss", False) admin = kwargs.get("admin", False) verbose = kwargs.get("verbose", False) whois = kwargs.get("whois", False) clickjacking = kwargs.get("clickjacking", False) # github = kwargs.get("github", False) pgp = kwargs.get("pgp", False) auto_start = kwargs.get("auto_start", False) sqlmap_arguments = kwargs.get("sqlmap_args", None) nmap_arguments = kwargs.get("nmap_args", None) show_all = kwargs.get("show_all", False) do_threading = kwargs.get("do_threading", False) batch = kwargs.get("batch", False) tamper_script = kwargs.get("tamper_script", None) timeout = kwargs.get("timeout", None) forwarded = kwargs.get("xforward", None) proxy = kwargs.get("proxy", None) agent = kwargs.get("agent", None) conf_file = kwargs.get("conf_file", None) threads = kwargs.get("threads", None) force_ssl = kwargs.get("ssl", False) if threads > MAX_THREADS: threads = check_thread_num(threads, batch=batch) __enabled_attacks = { "sqlmap": sqlmap, "port": nmap, "xss": xss, "admin": admin, "whois": whois, "clickjacking": clickjacking } enabled = set() for key in __enabled_attacks.keys(): if __enabled_attacks[key] is True: enabled.add(key) if len(enabled) > 1: logger.error( set_color( "it appears that you have enabled multiple attack types, " "as of now only 1 attack is supported at a time, choose " "your attack and try again. You can use the -f flag if " "you do not want to complete an entire search again " "(IE -f /home/me/zeus-scanner/log/url-log/url-log-1.log)", level=40)) lib.core.common.shutdown() question_msg = "would you like to process found URL: '{}'".format(url) if not batch: question = lib.core.common.prompt(question_msg, opts="yN") else: question = lib.core.common.prompt(question_msg, opts="yN", default="y") if question.lower().startswith("y"): if sqlmap: from lib.attacks import sqlmap_scan return sqlmap_scan.sqlmap_scan_main( url.strip(), verbose=verbose, opts=create_arguments(sqlmap=True, sqlmap_args=sqlmap_arguments, conf=conf_file), auto_start=auto_start) elif nmap: from lib.attacks import nmap_scan url_ip_address = replace_http(url.strip()) return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose, timeout=timeout, opts=create_arguments( nmap=True, nmap_args=nmap_arguments)) elif admin: from lib.attacks.admin_panel_finder import main main(url, show=show_all, proc_num=threads, verbose=verbose, do_threading=do_threading, batch=batch) elif xss: from lib.attacks.xss_scan import main_xss if check_for_protection(PROTECTED, "xss"): main_xss(url, verbose=verbose, proxy=proxy, agent=agent, tamper=tamper_script, batch=batch, force_ssl=force_ssl) elif whois: from lib.attacks.whois_lookup.whois import whois_lookup_main whois_lookup_main(url, verbose=verbose, timeout=timeout) elif clickjacking: from lib.attacks.clickjacking_scan import clickjacking_main if check_for_protection(PROTECTED, "clickjacking"): clickjacking_main(url, agent=agent, proxy=proxy, forward=forwarded, batch=batch) # elif github: # from lib.attacks.gist_lookup import github_gist_search_main # query = replace_http(url) # github_gist_search_main(query, agent=agent, proxy=proxy, verbose=verbose) elif pgp: from var.search.pgp_search import pgp_main pgp_main(url, verbose=verbose) else: pass else: logger.warning(set_color("skipping '{}'".format(url), level=30))