def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep,
language, verbose_level, show_version, check_update, socks_proxy, retries, ping_flag,
methods_args, scan_id, scan_cmd): # Main function
from core.targets import target_type
from core.targets import target_to_host
if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type(target) != 'HTTP':
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[extra_requirement]
extra_requirements = new_extra_requirements
if target_type(target) == 'HTTP':
target = target_to_host(target)
if ping_flag and do_one_ping(target, timeout_sec, 8) is None:
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith('socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
if '@' in socks_proxy:
socks_username = socks_proxy.rsplit(':')[0]
socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0]
socks.set_default_proxy(socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]),
int(socks_proxy.rsplit(':')[-1]), username=socks_username,
password=socks_password)
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
else:
socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]),
int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
warn(messages(language, 100).format(target, 'subdomain_scan'))
return None
subs = __get_subs(target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries,
num, total, extra_requirements=extra_requirements)
info(messages(language, 135).format(len(subs), ', '.join(subs) if len(subs) > 0 else 'None'))
if len(subs) is not 0:
save = open(log_in_file, 'a')
save.write(
json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'subdomain_scan',
'DESCRIPTION': messages(language, 135).format(len(subs), ', '.join(subs)
if len(subs) > 0 else 'None'), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id,
'SCAN_CMD': scan_cmd}) + '\n')
save.close()
if len(subs) is 0 and verbose_level is not 0:
save = open(log_in_file, 'a')
save.write(
json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'subdomain_scan',
'DESCRIPTION': messages(language, 135).format(len(subs), ', '.join(subs)
if len(subs) > 0 else 'None'), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id,
'SCAN_CMD': scan_cmd}) + '\n')
save.close()
return subs
else:
warn(messages(language, 69).format('subdomain_scan', target))
return []
def start_attack(target, num, total, scan_method, users, passwds, timeout_sec,
thread_number, ports, log_in_file, time_sleep, language,
verbose_level, socks_proxy, retries, ping_flag, methods_args,
scan_id, scan_cmd):
"""
start new attack for each target
Args:
target: target
num: number of process
total: number of total processes
scan_method: module name
users: usernames
passwds: passwords
timeout_sec: timeout seconds
thread_number: thread number
ports: port numbers
log_in_file: output filename
time_sleep: time sleep
language: language
verbose_level: verbose level number
socks_proxy: socks proxy
retries: number of retries
ping_flag: ping before scan flag
methods_args: module name
scan_id: scan hash id
scan_cmd: scan cmd
Returns:
True of success otherwise None
"""
if verbose_level >= 1:
info(
messages(language, "start_attack").format(str(target), str(num),
str(total)))
if ping_flag:
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith(
'socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
if '@' in socks_proxy:
socks_username = socks_proxy.rsplit(':')[0]
socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0]
socks.set_default_proxy(
socks_version,
str(socks_proxy.rsplit('@')[1].rsplit(':')[0]),
int(socks_proxy.rsplit(':')[-1]),
username=socks_username,
password=socks_password)
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
else:
socks.set_default_proxy(socks_version,
str(socks_proxy.rsplit(':')[0]),
int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
if do_one_ping(target, timeout_sec, 8) is None:
if verbose_level >= 3:
warn(
messages(language,
"skipping_target").format(target, scan_method))
return None
# Calling Engines
try:
start = getattr(
__import__('lib.{0}.{1}.engine'.format(
scan_method.rsplit('_')[-1],
'_'.join(scan_method.rsplit('_')[:-1])),
fromlist=['start']), 'start')
except:
__die_failure(
messages(language, "module_not_available").format(scan_method))
start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level, socks_proxy,
retries, methods_args, scan_id, scan_cmd)
return True
def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level, socks_proxy,
retries, ping_flag, methods_args, scan_id,
scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(target) != 'HTTP':
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement]
extra_requirements = new_extra_requirements
if users is None:
users = extra_requirements["smtp_brute_users"]
if passwds is None:
passwds = extra_requirements["smtp_brute_passwds"]
if ports is None:
ports = extra_requirements["smtp_brute_ports"]
if extra_requirements["smtp_brute_split_user_set_pass"][0] not in [
"False", "True"
]:
extra_requirements["smtp_brute_split_user_set_pass"][0] = "False"
if target_type(target) == 'HTTP':
target = target_to_host(target)
if ping_flag:
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith(
'socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
if '@' in socks_proxy:
socks_username = socks_proxy.rsplit(':')[0]
socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0]
socks.set_default_proxy(
socks_version,
str(socks_proxy.rsplit('@')[1].rsplit(':')[0]),
int(socks_proxy.rsplit(':')[-1]),
username=socks_username,
password=socks_password)
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
else:
socks.set_default_proxy(socks_version,
str(socks_proxy.rsplit(':')[0]),
int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
warn(messages(language, 100).format(target, 'heartbleed_vuln'))
if do_one_ping(target, timeout_sec, 8) is None:
return None
threads = []
max = thread_number
total_req = int(
len(users) * len(passwds) * len(ports) * len(extra_requirements["smtp_brute_split_user_set_pass_prefix"])) \
if extra_requirements["smtp_brute_split_user_set_pass"][0] == "False" \
else int(len(users) * len(ports) * len(extra_requirements["smtp_brute_split_user_set_pass_prefix"]))
thread_tmp_filename = 'tmp/thread_tmp_' + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
ports_tmp_filename = 'tmp/ports_tmp_' + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
thread_write = open(thread_tmp_filename, 'w')
thread_write.write('1')
thread_write.close()
ports_write = open(ports_tmp_filename, 'w')
ports_write.write('')
ports_write.close()
ports = test_ports(ports, timeout_sec, target, retries, language, num,
total, time_sleep, ports_tmp_filename,
thread_number, total_req, verbose_level,
socks_proxy)
trying = 0
if extra_requirements["smtp_brute_split_user_set_pass"][0] == "False":
for port in ports:
for user in users:
for passwd in passwds:
t = threading.Thread(
target=login,
args=(user, passwd, target, port, timeout_sec,
log_in_file, language, retries, time_sleep,
thread_tmp_filename, socks_proxy, scan_id,
scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level is not 0:
info(
messages(language,
72).format(trying, total_req, num,
total, target, port,
'smtp_brute'))
while 1:
n = 0
for thread in threads:
if thread.isAlive():
n += 1
else:
threads.remove(thread)
if n >= max:
time.sleep(0.01)
else:
break
else:
for port in ports:
for user in users:
for prefix in extra_requirements[
"smtp_brute_split_user_set_pass_prefix"]:
t = threading.Thread(
target=login,
args=(user, user.rsplit('@')[0] + prefix, target,
port, timeout_sec, log_in_file, language,
retries, time_sleep, thread_tmp_filename))
threads.append(t)
t.start()
trying += 1
if verbose_level is not 0:
info(
messages(language,
72).format(trying, total_req, num,
total, target, port,
'smtp_brute'))
while 1:
try:
if threading.activeCount() >= max:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
break
break
# wait for threads
kill_switch = 0
kill_time = int(timeout_sec / 0.1) if int(timeout_sec /
0.1) is not 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() is 1 or kill_switch is kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write is 1 and verbose_level is not 0:
save = open(log_in_file, 'a')
save.write(
json.dumps({
'HOST': target,
'USERNAME': '',
'PASSWORD': '',
'PORT': '',
'TYPE': 'smtp_brute',
'DESCRIPTION': messages(language, 95),
'TIME': now(),
'CATEGORY': "brute",
'SCAN_ID': scan_id,
'SCAN_CMD': scan_cmd
}) + '\n')
save.close()
os.remove(thread_tmp_filename)
else:
warn(messages(language, 69).format(target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language,
verbose_level, show_version, check_update, socks_proxy, retries, ping_flag, methods_args, scan_id,
scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type(target) != 'HTTP':
# rand useragent
user_agent_list = [
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5",
"Googlebot/2.1 ( http://www.googlebot.com/bot.html)",
"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04"
" Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13",
"Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)",
"Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51",
"Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620",
"Debian APT-HTTP/1.3 (0.8.10.3)",
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
"Googlebot/2.1 (+http://www.googlebot.com/bot.html)",
"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)",
"YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; "
"http://help.yahoo.com/help/us/shop/merchant/)",
"Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)",
"Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)",
"msnbot/1.1 (+http://search.msn.com/msnbot.htm)"
]
http_methods = ["GET", "HEAD"]
user_agent = {'User-agent': random.choice(user_agent_list)}
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[extra_requirement]
extra_requirements = new_extra_requirements
if extra_requirements["dir_scan_http_method"][0] not in http_methods:
warn(messages(language, 110))
extra_requirements["dir_scan_http_method"] = ["GET"]
if ports is None:
ports = extra_requirements["dir_scan_ports"]
random_agent_flag = True
if extra_requirements["dir_scan_random_agent"][0] == "False":
random_agent_flag = False
if ping_flag:
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith('socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
if '@' in socks_proxy:
socks_username = socks_proxy.rsplit(':')[0]
socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0]
socks.set_default_proxy(socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]),
int(socks_proxy.rsplit(':')[-1]), username=socks_username,
password=socks_password)
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
else:
socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]),
int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
warn(messages(language, 100).format(target, 'heartbleed_vuln'))
if do_one_ping(target, timeout_sec, 8) is None:
return None
threads = []
max = thread_number
total_req = len(extra_requirements["dir_scan_list"]) * len(ports)
thread_tmp_filename = 'tmp/thread_tmp_' + ''.join(
random.choice(string.ascii_letters + string.digits) for _ in range(20))
thread_write = open(thread_tmp_filename, 'w')
thread_write.write('1')
thread_write.close()
trying = 0
for port in ports:
port = int(port)
if target_type(target) == 'SINGLE_IPv4' or target_type(target) == 'DOMAIN':
url = 'http://{0}:{1}/'.format(target, str(port))
else:
if target.count(':') > 1:
error(messages(language, 105))
from core.color import finish
finish()
sys.exit(1)
http = target.rsplit('://')[0]
host = target_to_host(target)
path = "/".join(target.replace('http://', '').replace('https://', '').rsplit('/')[1:])
url = http + '://' + host + ':' + str(port) + '/' + path
if test(url, retries, timeout_sec, user_agent, extra_requirements["dir_scan_http_method"][0],
socks_proxy, verbose_level, trying, total_req, total, num, port, language) is 0:
for idir in extra_requirements["dir_scan_list"]:
# check target type
if target_type(target) == 'SINGLE_IPv4' or target_type(target) == 'DOMAIN':
url = 'http://{0}:{1}/{2}'.format(target, str(port), idir)
else:
http = target.rsplit('://')[0]
host = target_to_host(target)
path = "/".join(target.replace('http://', '').replace('https://', '').rsplit('/')[1:])
url = http + '://' + host + ':' + str(port) + '/' + path + '/' + idir
if random_agent_flag is True:
user_agent = {'User-agent': random.choice(user_agent_list)}
t = threading.Thread(target=check,
args=(url, user_agent, timeout_sec, log_in_file, language, time_sleep,
thread_tmp_filename, retries,
extra_requirements["dir_scan_http_method"][0], socks_proxy, scan_id,
scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level is not 0:
info(messages(language, 72).format(trying, total_req, num, total, target_to_host(target), port,
'dir_scan'))
while 1:
try:
if threading.activeCount() >= max:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
break
break
else:
warn(messages(language, 109).format(url))
# wait for threads
kill_switch = 0
kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() is 1 or kill_switch is kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write is 1:
info(messages(language, 108).format(target, ",".join(ports)))
if verbose_level is not 0:
save = open(log_in_file, 'a')
save.write(json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'dir_scan',
'DESCRIPTION': messages(language, 94), 'TIME': now(), 'CATEGORY': "scan",
'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + '\n')
save.close()
os.remove(thread_tmp_filename)
else:
warn(messages(language, 69).format('dir_scan', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level,
show_version, check_update, socks_proxy, retries, ping_flag,
methods_args, scan_id, scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(target) != 'HTTP':
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement]
extra_requirements = new_extra_requirements
if ports is None:
ports = extra_requirements["tcp_connect_port_scan_ports"]
if target_type(target) == 'HTTP':
target = target_to_host(target)
if ping_flag and do_one_ping(target, timeout_sec, 8) is None:
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith(
'socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
if '@' in socks_proxy:
socks_username = socks_proxy.rsplit(':')[0]
socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0]
socks.set_default_proxy(
socks_version,
str(socks_proxy.rsplit('@')[1].rsplit(':')[0]),
int(socks_proxy.rsplit(':')[-1]),
username=socks_username,
password=socks_password)
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
else:
socks.set_default_proxy(socks_version,
str(socks_proxy.rsplit(':')[0]),
int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
warn(
messages(language, 100).format(target,
'tcp_connect_port_scan'))
return None
threads = []
max = thread_number
total_req = len(ports)
thread_tmp_filename = 'tmp/thread_tmp_' + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
thread_write = open(thread_tmp_filename, 'w')
thread_write.write('1')
thread_write.close()
trying = 0
for port in ports:
port = int(port)
t = threading.Thread(target=connect,
args=(target, int(port), timeout_sec,
log_in_file, language, time_sleep,
thread_tmp_filename, socks_proxy,
scan_id, scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level is not 0:
info(
messages(language,
72).format(trying, total_req, num, total, target,
port, 'tcp_connect_port_scan'))
while 1:
try:
if threading.activeCount() >= max:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
break
break
# wait for threads
kill_switch = 0
kill_time = int(timeout_sec / 0.1) if int(timeout_sec /
0.1) is not 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() is 1 or kill_switch is kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write is 1 and verbose_level is not 0:
save = open(log_in_file, 'a')
save.write(
json.dumps({
'HOST': target,
'USERNAME': '',
'PASSWORD': '',
'PORT': '',
'TYPE': 'tcp_connect_port_scan',
'DESCRIPTION': messages(language, 94),
'TIME': now(),
'CATEGORY': "scan",
'SCAN_ID': scan_id,
'SCAN_CMD': scan_cmd
}) + '\n')
save.close()
os.remove(thread_tmp_filename)
else:
warn(messages(language, 69).format('tcp_connect_port_scan', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level,
show_version, check_update, socks_proxy, retries, ping_flag,
methods_args): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(target) != 'HTTP':
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement]
extra_requirements = new_extra_requirements
if ports is None:
ports = extra_requirements["tcp_connect_port_scan_ports"]
if target_type(target) == 'HTTP':
target = target_to_host(target)
if ping_flag and do_one_ping(target, timeout_sec, 8) is None:
warn(
messages(language, 100).format(target,
'tcp_connect_port_scan'))
return None
threads = []
max = thread_number
total_req = len(ports)
thread_tmp_filename = 'tmp/thread_tmp_' + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
thread_write = open(thread_tmp_filename, 'w')
thread_write.write('1')
thread_write.close()
trying = 0
for port in ports:
port = int(port)
t = threading.Thread(target=connect,
args=(target, int(port), timeout_sec,
log_in_file, language, time_sleep,
thread_tmp_filename, socks_proxy))
threads.append(t)
t.start()
trying += 1
if verbose_level is not 0:
info(
messages(language, 72).format(trying, total_req, num,
total, target, port))
while 1:
try:
n = 0
for thread in threads:
if thread.isAlive() is True:
n += 1
else:
threads.remove(thread)
if n >= max:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
break
break
# wait for threads
while 1:
try:
n = True
for thread in threads:
if thread.isAlive() is True:
n = False
time.sleep(0.01)
if n is True:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write is 1 and verbose_level is not 0:
_HOST = messages(language, 53)
_USERNAME = messages(language, 54)
_PASSWORD = messages(language, 55)
_PORT = messages(language, 56)
_TYPE = messages(language, 57)
_DESCRIPTION = messages(language, 58)
save = open(log_in_file, 'a')
save.write(
json.dumps({
_HOST: target,
_USERNAME: '',
_PASSWORD: '',
_PORT: '',
_TYPE: 'tcp_connect_port_scan',
_DESCRIPTION: messages(language, 94)
}) + '\n')
save.close()
os.remove(thread_tmp_filename)
else:
warn(messages(language, 69).format('tcp_connect_port_scan', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level,
show_version, check_update, proxies, retries,
ping_flag): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(target) == 'HTTP':
if target_type(target) == 'HTTP':
target = target_to_host(target)
if ping_flag and do_one_ping(target, timeout_sec, 8) is None:
warn(messages(language, 100).format(target, 'ssh_brute'))
return None
threads = []
max = thread_number
total_req = len(users) * len(passwds)
thread_tmp_filename = 'tmp/thread_tmp_' + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
ports_tmp_filename = 'tmp/ports_tmp_' + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
thread_write = open(thread_tmp_filename, 'w')
thread_write.write('1')
thread_write.close()
ports_write = open(ports_tmp_filename, 'w')
ports_write.write('')
ports_write.close()
trying = 0
ports = test_ports(ports, timeout_sec, target, retries, language, num,
total, time_sleep, ports_tmp_filename,
thread_number, total_req)
for port in ports:
# test ssh
portflag = True
exit = 0
port = int(port)
for user in users:
for passwd in passwds:
t = threading.Thread(target=login,
args=(user, passwd, target, port,
timeout_sec, log_in_file,
language, retries, time_sleep,
thread_tmp_filename))
threads.append(t)
t.start()
trying += 1
info(
messages(language, 72).format(trying, total_req, num,
total, target, port))
while 1:
n = 0
for thread in threads:
if thread.isAlive() is True:
n += 1
else:
threads.remove(thread)
if n >= max:
time.sleep(0.1)
else:
break
# wait for threads
while 1:
n = True
for thread in threads:
if thread.isAlive() is True:
n = False
time.sleep(0.1)
if n is True:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write is 1 and verbose_level is not 0:
_HOST = messages(language, 53)
_USERNAME = messages(language, 54)
_PASSWORD = messages(language, 55)
_PORT = messages(language, 56)
_TYPE = messages(language, 57)
_DESCRIPTION = messages(language, 58)
save = open(log_in_file, 'a')
save.write(
json.dumps({
_HOST: target,
_USERNAME: '',
_PASSWORD: '',
_PORT: '',
_TYPE: 'ssh_brute',
_DESCRIPTION: messages(language, 95)
}) + '\n')
save.close()
os.remove(thread_tmp_filename)
else:
warn(messages(language, 69).format('ssh_brute', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level,
show_version, check_update, socks_proxy, retries, ping_flag,
methods_args): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(target) != 'HTTP':
# rand useragent
user_agent_list = [
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5",
"Googlebot/2.1 ( http://www.googlebot.com/bot.html)",
"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04"
" Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13",
"Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)",
"Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51",
"Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620",
"Debian APT-HTTP/1.3 (0.8.10.3)",
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
"Googlebot/2.1 (+http://www.googlebot.com/bot.html)",
"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)",
"YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; "
"http://help.yahoo.com/help/us/shop/merchant/)",
"Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)",
"Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)",
"msnbot/1.1 (+http://search.msn.com/msnbot.htm)"
]
http_methods = ["GET", "HEAD"]
user_agent = {'User-agent': random.choice(user_agent_list)}
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement]
extra_requirements = new_extra_requirements
if extra_requirements["dir_scan_http_method"][0] not in http_methods:
warn(messages(language, 110))
extra_requirements["dir_scan_http_method"] = ["GET"]
if ports is None:
ports = extra_requirements["dir_scan_ports"]
random_agent_flag = True
if extra_requirements["dir_scan_random_agent"][0] == "False":
random_agent_flag = False
if ping_flag and do_one_ping(target_to_host(target), timeout_sec,
8) is None:
warn(
messages(language, 100).format(target_to_host(target),
'dir_scan'))
return None
threads = []
max = thread_number
total_req = len(extra_requirements["dir_scan_list"]) * len(ports)
thread_tmp_filename = 'tmp/thread_tmp_' + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
thread_write = open(thread_tmp_filename, 'w')
thread_write.write('1')
thread_write.close()
trying = 0
for port in ports:
port = int(port)
if target_type(target) == 'SINGLE_IPv4' or target_type(
target) == 'DOMAIN':
url = 'http://{0}:{1}/'.format(target, str(port))
else:
if target.count(':') > 1:
error(messages(language, 105))
from core.color import finish
finish()
sys.exit(1)
http = target.rsplit('://')[0]
host = target_to_host(target)
path = "/".join(
target.replace('http://', '').replace('https://',
'').rsplit('/')[1:])
url = http + '://' + host + ':' + str(port) + '/' + path
if test(url, retries, timeout_sec, user_agent,
extra_requirements["dir_scan_http_method"][0],
socks_proxy) is 0:
for idir in extra_requirements["dir_scan_list"]:
# check target type
if target_type(target) == 'SINGLE_IPv4' or target_type(
target) == 'DOMAIN':
url = 'http://{0}:{1}/{2}'.format(
target, str(port), idir)
else:
http = target.rsplit('://')[0]
host = target_to_host(target)
path = "/".join(
target.replace('http://',
'').replace('https://',
'').rsplit('/')[1:])
url = http + '://' + host + ':' + str(
port) + '/' + path + '/' + idir
if random_agent_flag is True:
user_agent = {
'User-agent': random.choice(user_agent_list)
}
t = threading.Thread(
target=check,
args=(url, user_agent, timeout_sec, log_in_file,
language, time_sleep, thread_tmp_filename,
retries,
extra_requirements["dir_scan_http_method"][0],
socks_proxy))
threads.append(t)
t.start()
trying += 1
if verbose_level is not 0:
info(
messages(language,
72).format(trying, total_req, num, total,
target_to_host(target), port))
while 1:
n = 0
for thread in threads:
if thread.isAlive() is True:
n += 1
else:
threads.remove(thread)
if n >= max:
time.sleep(0.01)
else:
break
else:
warn(messages(language, 109).format(url))
# wait for threads
while 1:
n = True
for thread in threads:
if thread.isAlive() is True:
n = False
time.sleep(0.01)
if n is True:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write is 1:
info(messages(language, 108).format(target, ",".join(ports)))
if verbose_level is not 0:
_HOST = messages(language, 53)
_USERNAME = messages(language, 54)
_PASSWORD = messages(language, 55)
_PORT = messages(language, 56)
_TYPE = messages(language, 57)
_DESCRIPTION = messages(language, 58)
save = open(log_in_file, 'a')
save.write(
json.dumps({
_HOST: target,
_USERNAME: '',
_PASSWORD: '',
_PORT: '',
_TYPE: 'dir_scan',
_DESCRIPTION: messages(language, 94)
}) + '\n')
save.close()
os.remove(thread_tmp_filename)
else:
warn(messages(language, 69).format('dir_scan', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level,
show_version, check_update, proxies, retries, ping_flag,
methods_args): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(target) != 'HTTP':
# output format
_HOST = messages(language, 53)
_USERNAME = messages(language, 54)
_PASSWORD = messages(language, 55)
_PORT = messages(language, 56)
_TYPE = messages(language, 57)
_DESCRIPTION = messages(language, 58)
port = ""
time.sleep(time_sleep)
# set user agent
headers = {
"User-agent":
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0",
"Accept":
"text/javascript, text/html, application/xml, text/xml, */*",
"Accept-Language": "en-US,en;q=0.5"
}
# timeout check
if ping_flag and do_one_ping(target_to_host(target), timeout_sec,
8) is None:
warn(
messages(language,
100).format(target_to_host(target),
'viewdns_reverse_ip_lookup_scan'))
return None
total_req = 1
trying = 1
info(
messages(language, 113).format(trying, total_req, num, total,
target))
n = 0
while 1:
try:
res = requests.get(
'http://viewdns.info/reverseip/?host={0}&t=1'.format(
target),
timeout=timeout_sec,
headers=headers,
verify=True).text
break
except:
n += 1
if n is retries:
warn(messages(language, 106).format("viewdns.info"))
return 1
_values = []
try:
s = '<table>' + res.rsplit('''<table border="1">''')[1].rsplit(
"<br></td></tr><tr></tr>")[0]
table = ET.XML(s)
rows = iter(table)
headers = [col.text for col in next(rows)]
for row in rows:
values = [col.text for col in row]
_values.append(dict(zip(headers, values))["Domain"])
except:
pass
info(
messages(language, 114).format(
len(_values),
", ".join(_values) if len(_values) > 0 else "None"))
if len(_values) > 0:
save = open(log_in_file, 'a')
save.write(
json.dumps({
_HOST:
target,
_USERNAME:
'',
_PASSWORD:
'',
_PORT:
'',
_TYPE:
'viewdns_reverse_ip_lookup_scan',
_DESCRIPTION:
messages(language, 114).format(
len(_values),
", ".join(_values) if len(_values) > 0 else "None")
}) + '\n')
save.close()
if verbose_level is not 0:
save = open(log_in_file, 'a')
save.write(
json.dumps({
_HOST:
target,
_USERNAME:
'',
_PASSWORD:
'',
_PORT:
'',
_TYPE:
'viewdns_reverse_ip_lookup_scan',
_DESCRIPTION:
messages(language, 114).format(
len(_values),
", ".join(_values) if len(_values) > 0 else "None")
}) + '\n')
save.close()
else:
warn(
messages(language, 69).format('viewdns_reverse_ip_lookup_scan',
target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep,
language, verbose_level, show_version, check_update, socks_proxy, retries, ping_flag,
methods_args, scan_id, scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type(target) != 'HTTP':
# output format
time.sleep(time_sleep)
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith('socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
if '@' in socks_proxy:
socks_username = socks_proxy.rsplit(':')[0]
socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0]
socks.set_default_proxy(socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]),
int(socks_proxy.rsplit(':')[-1]), username=socks_username,
password=socks_password)
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
else:
socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
# set user agent
headers = {"User-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0",
"Accept": "text/javascript, text/html, application/xml, text/xml, */*",
"Accept-Language": "en-US,en;q=0.5"
}
# timeout check
if ping_flag and do_one_ping(target_to_host(target), timeout_sec, 8) is None:
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith('socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
if '@' in socks_proxy:
socks_username = socks_proxy.rsplit(':')[0]
socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0]
socks.set_default_proxy(socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]),
int(socks_proxy.rsplit(':')[-1]), username=socks_username,
password=socks_password)
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
else:
socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]),
int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
warn(messages(language, 100).format(target_to_host(target), 'viewdns_reverse_ip_lookup_scan'))
return None
total_req = 1
trying = 1
info(messages(language, 113).format(trying, total_req, num, total, target, 'viewdns ip lookup'))
n = 0
while 1:
try:
res = requests.get('http://viewdns.info/reverseip/?host={0}&t=1'.format(target), timeout=timeout_sec,
headers=headers, verify=True).text
break
except:
n += 1
if n is retries:
warn(messages(language, 106).format("viewdns.info"))
return 1
_values = []
try:
s = '<table>' + res.rsplit('''<table border="1">''')[1].rsplit("<br></td></tr><tr></tr>")[0]
table = ET.XML(s)
rows = iter(table)
headers = [col.text for col in next(rows)]
for row in rows:
values = [col.text for col in row]
_values.append(dict(zip(headers, values))["Domain"])
except:
pass
info(messages(language, 114).format(len(_values), ", ".join(_values) if len(_values) > 0 else "None"))
if len(_values) > 0:
save = open(log_in_file, 'a')
save.write(json.dumps(
{'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'viewdns_reverse_ip_lookup_scan',
'DESCRIPTION': messages(language, 114).format(len(_values), ", ".join(_values) if len(
_values) > 0 else "None"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id,
'SCAN_CMD': scan_cmd}) + '\n')
save.close()
if verbose_level is not 0:
save = open(log_in_file, 'a')
save.write(json.dumps(
{'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'viewdns_reverse_ip_lookup_scan',
'DESCRIPTION': messages(language, 114).format(len(_values), ", ".join(_values) if len(
_values) > 0 else "None"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id,
'SCAN_CMD': scan_cmd}) + '\n')
save.close()
else:
warn(messages(language, 69).format('viewdns_reverse_ip_lookup_scan', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level,
show_version, check_update, socks_proxy, retries, ping_flag,
methods_args): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(target) != 'HTTP':
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement]
extra_requirements = new_extra_requirements
if users is None:
users = extra_requirements["smtp_brute_users"]
if passwds is None:
passwds = extra_requirements["smtp_brute_passwds"]
if ports is None:
ports = extra_requirements["smtp_brute_ports"]
if extra_requirements["smtp_brute_split_user_set_pass"][0] not in [
"False", "True"
]:
extra_requirements["smtp_brute_split_user_set_pass"][0] = "False"
if target_type(target) == 'HTTP':
target = target_to_host(target)
if ping_flag and do_one_ping(target, timeout_sec, 8) is None:
warn(messages(language, 100).format(target, 'smtp_brute'))
return None
threads = []
max = thread_number
total_req = int(
len(users) * len(passwds) * len(ports) * len(extra_requirements["smtp_brute_split_user_set_pass_prefix"])) \
if extra_requirements["smtp_brute_split_user_set_pass"][0] == "False" \
else int(len(users) * len(ports) * len(extra_requirements["smtp_brute_split_user_set_pass_prefix"]))
thread_tmp_filename = 'tmp/thread_tmp_' + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
ports_tmp_filename = 'tmp/ports_tmp_' + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
thread_write = open(thread_tmp_filename, 'w')
thread_write.write('1')
thread_write.close()
ports_write = open(ports_tmp_filename, 'w')
ports_write.write('')
ports_write.close()
ports = test_ports(ports, timeout_sec, target, retries, language, num,
total, time_sleep, ports_tmp_filename,
thread_number, total_req, verbose_level,
socks_proxy)
trying = 0
if extra_requirements["smtp_brute_split_user_set_pass"][0] == "False":
for port in ports:
for user in users:
for passwd in passwds:
t = threading.Thread(
target=login,
args=(user, passwd, target, port, timeout_sec,
log_in_file, language, retries, time_sleep,
thread_tmp_filename, socks_proxy))
threads.append(t)
t.start()
trying += 1
if verbose_level is not 0:
info(
messages(language,
72).format(trying, total_req, num,
total, target, port))
while 1:
n = 0
for thread in threads:
if thread.isAlive() is True:
n += 1
else:
threads.remove(thread)
if n >= max:
time.sleep(0.01)
else:
break
else:
for port in ports:
for user in users:
for prefix in extra_requirements[
"smtp_brute_split_user_set_pass_prefix"]:
t = threading.Thread(
target=login,
args=(user, user.rsplit('@')[0] + prefix, target,
port, timeout_sec, log_in_file, language,
retries, time_sleep, thread_tmp_filename))
threads.append(t)
t.start()
trying += 1
if verbose_level is not 0:
info(
messages(language,
72).format(trying, total_req, num,
total, target, port))
while 1:
n = 0
for thread in threads:
if thread.isAlive() is True:
n += 1
else:
threads.remove(thread)
if n >= max:
time.sleep(0.01)
else:
break
# wait for threads
while 1:
n = True
for thread in threads:
if thread.isAlive() is True:
n = False
time.sleep(0.01)
if n is True:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write is 1 and verbose_level is not 0:
_HOST = messages(language, 53)
_USERNAME = messages(language, 54)
_PASSWORD = messages(language, 55)
_PORT = messages(language, 56)
_TYPE = messages(language, 57)
_DESCRIPTION = messages(language, 58)
save = open(log_in_file, 'a')
save.write(
json.dumps({
_HOST: target,
_USERNAME: '',
_PASSWORD: '',
_PORT: '',
_TYPE: 'smtp_brute',
_DESCRIPTION: messages(language, 95)
}) + '\n')
save.close()
os.remove(thread_tmp_filename)
else:
warn(messages(language, 69).format(target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level,
show_version, check_update, socks_proxy, retries, ping_flag,
methods_args): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(target) != 'HTTP':
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement]
extra_requirements = new_extra_requirements
if users is None:
users = extra_requirements["ftp_brute_users"]
if passwds is None:
passwds = extra_requirements["ftp_brute_passwds"]
if ports is None:
ports = extra_requirements["ftp_brute_ports"]
if target_type(target) == 'HTTP':
target = target_to_host(target)
if ping_flag and do_one_ping(target, timeout_sec, 8) is None:
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith(
'socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
if '@' in socks_proxy:
socks_username = socks_proxy.rsplit(':')[0]
socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0]
socks.set_default_proxy(
socks_version,
str(socks_proxy.rsplit('@')[1].rsplit(':')[0]),
int(socks_proxy.rsplit(':')[-1]),
username=socks_username,
password=socks_password)
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
else:
socks.set_default_proxy(socks_version,
str(socks_proxy.rsplit(':')[0]),
int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
warn(messages(language, 100).format(target, 'ftp_brute'))
return None
threads = []
max = thread_number
total_req = len(users) * len(passwds) * len(ports)
thread_tmp_filename = 'tmp/thread_tmp_' + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
ports_tmp_filename = 'tmp/ports_tmp_' + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
thread_write = open(thread_tmp_filename, 'w')
thread_write.write('1')
thread_write.close()
ports_write = open(ports_tmp_filename, 'w')
ports_write.write('')
ports_write.close()
trying = 0
ports = test_ports(ports, timeout_sec, target, retries, language, num,
total, time_sleep, ports_tmp_filename,
thread_number, total_req, verbose_level,
socks_proxy)
for port in ports:
for user in users:
for passwd in passwds:
t = threading.Thread(
target=login,
args=(user, passwd, target, port, timeout_sec,
log_in_file, language, retries, time_sleep,
thread_tmp_filename, socks_proxy))
threads.append(t)
t.start()
trying += 1
if verbose_level is not 0:
info(
messages(language,
72).format(trying, total_req, num, total,
target, port))
while 1:
try:
if threading.activeCount() >= max:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
break
break
# wait for threads
while 1:
n = True
for thread in threads:
if thread.isAlive() is True:
n = False
time.sleep(0.01)
if n is True:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write is 1 and verbose_level is not 0:
_HOST = messages(language, 53)
_USERNAME = messages(language, 54)
_PASSWORD = messages(language, 55)
_PORT = messages(language, 56)
_TYPE = messages(language, 57)
_DESCRIPTION = messages(language, 58)
_TIME = messages(language, 115)
_CATEGORY = messages(language, 116)
save = open(log_in_file, 'a')
save.write(
json.dumps({
_HOST: target,
_USERNAME: '',
_PASSWORD: '',
_PORT: '',
_TYPE: 'ftp_brute',
_DESCRIPTION: messages(language, 95),
_TIME: now(),
_CATEGORY: "brute"
}) + '\n')
save.close()
os.remove(thread_tmp_filename)
else:
warn(messages(language, 69).format('ftp_brute', target))