def connect_to_host(self):
try:
# Calling the thread class
rst = RunScanThread(self.host)
t2 = threading.Thread(target=(rst.run_scan))
t2.start()
except Exception, e:
LOGGER.error(e)
def run_xss_scan(url, url_file=None, proxy=None, user_agent=False):
""" Pointer to run a XSS Scan on a given URL """
proxy = proxy if proxy is not None else None
header = RANDOM_USER_AGENT if user_agent is not False else None
if proxy is not None:
LOGGER.info("Proxy configured, running through: {}".format(proxy))
if user_agent is True:
LOGGER.info("Grabbed random user agent: {}".format(header))
if url_file is not None: # Scan a given file full of URLS
file_path = url_file
total = len(open(url_file).readlines())
done = 0
LOGGER.info("Found a total of {} URLS to scan..".format(total))
with open(file_path) as urls:
for url in urls.readlines():
if QUERY_REGEX.match(url.strip()):
question = prompt(
"Would you like to scan '{}' for XSS vulnerabilities[y/N]: "
.format(url.strip()))
if question.lower().startswith("y"):
done += 1
if not xss.main(
url.strip(), proxy=proxy, headers=header):
LOGGER.info(
"URL '{}' does not appear to be vulnerable to XSS"
.format(url.strip()))
else:
LOGGER.info(
"URL '{}' appears to be vulnerable to XSS".
format(url.strip()))
LOGGER.info("URLS scanned: {}, URLS left: {}".format(
done, total - done))
else:
pass
else:
LOGGER.warn(
"URL '{}' does not contain a query (GET) parameter, skipping"
.format(url.strip()))
LOGGER.info("All URLS in file have been scanned, shutting down..")
else: # Scan a single URL
if QUERY_REGEX.match(url):
LOGGER.info("Searching: {} for XSS vulnerabilities..".format(
url, proxy=proxy, headers=header))
if not xss.main(url, proxy=proxy, headers=header):
LOGGER.error(
"{} does not appear to be vulnerable to XSS".format(url))
else:
LOGGER.info("{} seems to be vulnerable to XSS.".format(url))
else:
error_message = "The URL you provided does not contain a query "
error_message += "(GET) parameter. In order for this scan you run "
error_message += "successfully you will need to provide a URL with "
error_message += "A query (GET) parameter example: http://127.0.0.1/php?id=2"
LOGGER.fatal(error_message)
def run_sqli_scan(url,
url_file=None,
proxy=None,
user_agent=False,
tamper=None):
""" Pointer to run a SQLi Scan on a given URL """
error_message = "URL: '{}' threw an exception ".format(url)
error_message += "and Pybelt is unable to resolve the URL, "
error_message += "this could mean that the URL is not allowing connections "
error_message += "or that the URL is bad. Attempt to connect "
error_message += "to the URL manually, if a connection occurs "
error_message += "make an issue."
if url_file is not None: # Run through a file list
file_path = url_file
total = len(open(file_path).readlines())
done = 0
LOGGER.info("Found a total of {} urls in file {}..".format(
total, file_path))
with open(file_path) as urls:
for url in urls.readlines():
try:
if QUERY_REGEX.match(url.strip()):
question = prompt(
"Would you like to scan '{}' for SQLi vulnerabilities[y/N]: "
.format(url.strip()))
if question.lower().startswith("y"):
LOGGER.info("Starting scan on url: '{}'".format(
url.strip()))
LOGGER.info(SQLiScanner(url.strip()).sqli_search())
done += 1
LOGGER.info(
"URLS scanned: {}, URLS left: {}".format(
done, total - done))
else:
pass
else:
LOGGER.warn(
"URL '{}' does not contain a query (GET) parameter, skipping.."
.format(url.strip()))
pass
except HTTPError:
LOGGER.fatal(error_message)
LOGGER.info("No more URLS found in file, shutting down..")
else: # Run a single URL
try:
if QUERY_REGEX.match(url):
LOGGER.info("Starting SQLi scan on '{}'..".format(url))
LOGGER.info(SQLiScanner(url).sqli_search())
else:
LOGGER.error(
"URL does not contain a query (GET) parameter. Example: http://example.com/php?id=2"
)
except HTTPError:
LOGGER.fatal(error_message)
def obtain_hash_type(self):
for algorithm in HASH_TYPE_REGEX:
if algorithm.match(self.hash):
self.found = True
self.enumerate_hash_types(HASH_TYPE_REGEX[algorithm])
if self.found is False:
error_message = "Unable to verify hash type "
error_message += "for hash: '{}'. This could mean ".format(
self.hash)
error_message += "that this is not a valid hash, or that "
error_message += "this hash is not supported by Pybelt "
error_message += "yet. If you feel this should be supported "
error_message += "make an issue regarding this hash."
LOGGER.error(error_message)
return
def run_sqli_scan(url, proxy=None, user_agent=False):
""" Pointer to run a SQLi Scan on a given URL """
try:
if QUERY_REGEX.match(url):
LOGGER.info("Starting SQLi scan on '{}'..".format(url))
LOGGER.info(SQLiScanner(url).sqli_search())
else:
LOGGER.error(
"URL does not contain a query (GET) parameter. Example: http://example.com/php?id=2"
)
except HTTPError as e:
error_message = "URL: '{}' threw an exception: '{}' ".format(url, e)
error_message += "and Pybelt is unable to resolve the URL, "
error_message += "this could mean that the URL is not allowing connections "
error_message += "or that the URL is bad. Attempt to connect "
error_message += "to the URL manually, if a connection occurs "
error_message += "make an issue."
LOGGER.fatal(error_message)
def run_xss_scan(url, proxy=None, user_agent=False):
""" Pointer to run a XSS Scan on a given URL """
if QUERY_REGEX.match(url):
proxy = proxy if proxy is not None else None
header = RANDOM_USER_AGENT if user_agent is not False else None
if proxy is not None:
LOGGER.info("Proxy configured, running through: {}".format(proxy))
if user_agent is True:
LOGGER.info("Grabbed random user agent: {}".format(header))
LOGGER.info("Searching: {} for XSS vulnerabilities..".format(
url, proxy=proxy, headers=header))
if not xss.main(url, proxy=proxy, headers=header):
LOGGER.error(
"{} does not appear to be vulnerable to XSS".format(url))
else:
LOGGER.info("{} seems to be vulnerable to XSS.".format(url))
else:
error_message = "The URL you provided does not contain a query "
error_message += "(GET) parameter. In order for this scan you run "
error_message += "successfully you will need to provide a URL with "
error_message += "A query (GET) parameter example: http://127.0.0.1/php?id=2"
LOGGER.fatal(error_message)
args = opts.parse_args()
hide_banner(hide=True if args.banner else False,
legal=True if args.legal else False) if args.version is False else hide_banner(hide=True)
LOGGER.info("Checking program integrity..")
try:
integrity_check()
except HTTPError:
check_fail = "Integrity check failed to connect "
check_fail += "you are running a non verified "
check_fail += "Pybelt, this may or may not be insecure. "
check_fail += "Suggestion would be to re-download Pybelt from "
check_fail += "{}"
LOGGER.error(check_fail.format(CLONE_LINK))
answer = prompt("Would you like to continue anyways[y/N] ")
if answer.upper().startswith("Y"):
pass
else:
err_msg = "Please download the latest version from "
err_msg += "{}"
LOGGER.critical(err_msg.format(CLONE_LINK))
try:
if len(sys.argv) == 1: # If you failed to provide an argument
prompt = pybelt_shell.PybeltConsole() # Launch the shell
prompt.prompt = "{}@pybelt > ".format(getpass.getuser())
info_message = "You have failed to provide a flag so you have been "
info_message += "redirected to the Pybelt Console. For available "
info_message += "flags type: 'run -hh', to see help type: 'help' "
if args.proxysearch is True: # Find some proxies
LOGGER.info("Starting proxy search..")
attempt_to_connect_to_proxies()
if args.hashcheck is not None: # Check what hash type you have
LOGGER.info("Analyzing hash: '{}'".format(args.hashcheck))
HashChecker(args.hashcheck).obtain_hash_type()
if args.sqliscan is not None: # SQLi scanning
try:
if QUERY_REGEX.match(args.sqliscan):
LOGGER.info("Starting SQLi scan on '{}'..".format(args.sqliscan))
LOGGER.info(SQLiScanner(args.sqliscan).sqli_search())
else:
LOGGER.error("URL does not contain a query (GET) parameter. Example: http://example.com/php?id=2")
except HTTPError as e:
error_message = "URL: '{}' threw an exception: '{}' ".format(args.sqliscan, e)
error_message += "and Pybelt is unable to resolve the URL, "
error_message += "this could mean that the URL is not allowing connections "
error_message += "or that the URL is bad. Attempt to connect "
error_message += "to the URL manually, if a connection occurs "
error_message += "make an issue."
LOGGER.fatal(error_message)
if args.dorkcheck is not None: # Dork checker, check if your dork isn't shit
LOGGER.info("Starting dork scan, using query: '{}'..".format(args.dorkcheck))
try:
LOGGER.info(DorkScanner(args.dorkcheck).check_urls_for_queries())
except HTTPError:
LOGGER.fatal(GoogleBlockException(GOOGLE_TEMP_BLOCK_ERROR_MESSAGE))
if args.proxysearch is True: # Find some proxies
run_proxy_finder()
if args.hashcheck is not None: # Check what hash type you have
run_hash_verification(args.hashcheck)
if args.sqliscan is not None: # SQLi scanning
run_sqli_scan(args.sqliscan)
if args.sqliList is not None: # SQLi file scanning
run_sqli_scan(None, url_file=args.sqliList)
if args.dorkcheck is not None: # Dork checker, check if your dork isn't shit
run_dork_checker(args.dorkcheck)
if args.hash is not None: # Try and crack a hash
run_hash_cracker(args.hash)
if args.portscan is not None: # Scan a given host for open ports
run_port_scan(args.portscan)
if args.xssScan is not None: # Scan a URL for XSS vulnerabilities
run_xss_scan(args.xssScan, args.configProxy, args.randomUserAgent)
if args.xssList is not None: # Run a through a file list for XSS vulns
run_xss_scan(None, url_file=args.xssList)
except KeyboardInterrupt: # Why you abort me?! :c
LOGGER.error("User aborted.")
if args.version is True:
LOGGER.info(VERSION_STRING)
sys.exit(0)
if args.random_wordlist is True:
LOGGER.info("Creating a random wordlist..")
create_wordlist(random.choice(WORDLIST_LINKS))
LOGGER.info("Wordlist created, resuming process..")
if args.sqliscan is not None:
if QUERY_REGEX.match(args.sqliscan):
LOGGER.info("Starting SQLi scan on {}..".format(args.sqliscan))
LOGGER.info(SQLiScanner(args.sqliscan).sqli_search())
else:
LOGGER.error(
"URL does not contain a query (GET) parameter. Example: http://example.com/php?id=2"
)
if args.dorkcheck is not None:
LOGGER.info("Starting dork scan, using query: '{}'..".format(
args.dorkcheck))
try:
LOGGER.info(
DorkScanner(args.dorkcheck).check_urls_for_queries())
except HTTPError:
LOGGER.fatal(
GoogleBlockException(GOOGLE_TEMP_BLOCK_ERROR_MESSAGE))
if args.hash is not None:
try:
items = list(''.join(args.hash).split(":"))
