def test_parse_arguments_unknown_argument(): argv = [ '-t', '10.11.1.1', '-i-do-not-exist', ] with pytest.raises(SystemExit): cli_argument_parser().parse(argv)
def test_parse_arguments_mutually_exclusive_user_agent(): argv = [ '-t', '10.11.1.1', '--user-agent', 'my-user-agent', '--random-agent', ] with pytest.raises(SystemExit): cli_argument_parser().parse(argv)
def test_parse_arguments_mutually_exclusive_output(): argv = [ '-t', '10.11.1.1', '-oJ', '-oN', ] with pytest.raises(SystemExit): cli_argument_parser().parse(argv)
def test_parse_arguments_default_value(tmpdir): words = ['word1', 'word2', 'word3'] wordlist = tmpdir.mkdir('test_command').join('default') wordlist.write('\n'.join(words)) argv = ['-t', 'myhost'] arguments = cli_argument_parser().parse(argv) expected_arguments = { 'target_hosts': 'myhost', 'wordlists': None, 'base_host': False, 'port': 80, 'real_port': False, 'ignore_http_codes': '404', 'ignore_content_length': 0, 'first_hit': False , 'unique_depth': 1, 'fuzzy_logic': False, 'no_lookup': False, 'rate_limit': 0, 'random_agent': False, 'user_agent': None, 'add_waf_bypass_headers': False, 'output_normal': None, 'output_json': None, 'stdin': False, 'ssl': False, } assert vars(arguments) == expected_arguments
def test_parse_arguments_custom_arguments(tmpdir): words = ['some', 'other', 'words'] wordlist = tmpdir.mkdir('test_command').join('other_words') wordlist.write('\n'.join(words)) argv = [ '-t', '10.11.1.1', '-w', str(wordlist), '-b', 'myhost', '-p', '8000', '-r', '8001', '--ignore-http-codes', '400,500,302', '--ignore-content-length', '100', '--unique-depth', '5', '--first-hit', '--ssl', '--fuzzy-logic', '--no-lookups', '--rate-limit', '10', '--user-agent', 'some-user-agent', '--waf', '-oN', '/tmp/on', '-', ] arguments = cli_argument_parser().parse(argv) expected_arguments = { 'target_hosts': '10.11.1.1', 'wordlists': str(wordlist), 'base_host': 'myhost', 'port': 8000, 'real_port': 8001, 'ignore_http_codes': '400,500,302', 'ignore_content_length': 100, 'first_hit': True, 'unique_depth': 5, 'ssl': True, 'fuzzy_logic': True, 'no_lookup': True, 'rate_limit': 10, 'user_agent': 'some-user-agent', 'random_agent': False, 'add_waf_bypass_headers': True, 'output_normal': '/tmp/on', 'output_json': None, 'stdin': True, } assert vars(arguments) == expected_arguments
def main(): print_banner() parser = cli_argument_parser() arguments = parser.parse(sys.argv[1:]) wordlist_helper = WordList() wordlist, wordlist_types = wordlist_helper.get_wordlist( arguments.wordlists) if len(wordlist) == 0: print("[!] No words found in provided wordlists, unable to scan.") sys.exit(1) print( "[+] Starting virtual host scan for {host} using " "port {port} and {inputs}".format( host=arguments.target_hosts, port=arguments.port, inputs=', '.join(wordlist_types), ) ) user_agents = [] if arguments.user_agent: print('[>] User-Agent specified, using it.') user_agents = [arguments.user_agent] elif arguments.random_agent: print('[>] Random User-Agent flag set.') user_agents = load_random_user_agents() if(arguments.ssl): print("[>] SSL flag set, sending all results over HTTPS.") if(arguments.add_waf_bypass_headers): print("[>] WAF flag set, sending simple WAF bypass headers.") print("[>] Ignoring HTTP codes: {}".format(arguments.ignore_http_codes)) if(arguments.ignore_content_length > 0): print( "[>] Ignoring Content length: {}".format( arguments.ignore_content_length ) ) if arguments.first_hit: print("[>] First hit is set.") if not arguments.no_lookup: try: print("[+] Resolving DNS for additional wordlist entries") for ip in dns.resolver.query(arguments.target_hosts, 'A'): host, aliases, ips = gethostbyaddr(str(ip)) wordlist.append(str(ip)) wordlist.append(host) wordlist.extend(aliases) except (dns.resolver.NXDOMAIN): print("[!] Couldn't find any records (NXDOMAIN)") except (dns.resolver.NoAnswer): print("[!] Couldn't find any records (NoAnswer)") scanner_args = vars(arguments) scanner_args.update({ 'target': arguments.target_hosts, 'wordlist': wordlist, 'user_agents': user_agents }) scanner = virtual_host_scanner(**scanner_args) scanner.scan() output = output_helper(scanner, arguments) print(output.output_normal_likely()) if(arguments.fuzzy_logic): print(output.output_fuzzy()) if(arguments.output_normal): output.write_normal(arguments.output_normal) print("\n[+] Writing normal ouptut to %s" % arguments.output_normal) if(arguments.output_json): output.output_json(arguments.output_json) print("\n[+] Writing json output to %s" % arguments.output_json) if(arguments.output_grepable): output.output_grepable(arguments.output_grepable) print("\n[+] Writing grepable ouptut to %s" % arguments.output_json)
def main(): print_banner() parser = cli_argument_parser() arguments = parser.parse(sys.argv[1:]) wordlist = [] word_list_types = [] default_wordlist = DEFAULT_WORDLIST_FILE if not arguments.stdin else None if arguments.stdin: word_list_types.append('stdin') wordlist.extend(list(line for line in sys.stdin.read().splitlines())) combined = get_combined_word_lists(arguments.wordlists or default_wordlist) word_list_types.append('wordlists: {}'.format( ', '.join(combined['file_paths']), )) wordlist.extend(combined['words']) if len(wordlist) == 0: print("[!] No words found in provided wordlists, unable to scan.") sys.exit(1) print("[+] Starting virtual host scan for {host} using " "port {port} and {inputs}".format( host=arguments.target_hosts, port=arguments.port, inputs=', '.join(word_list_types), )) user_agents = [] if arguments.user_agent: print('[>] User-Agent specified, using it.') user_agents = [arguments.user_agent] elif arguments.random_agent: print('[>] Random User-Agent flag set.') user_agents = load_random_user_agents() if (arguments.ssl): print("[>] SSL flag set, sending all results over HTTPS.") if (arguments.add_waf_bypass_headers): print("[>] WAF flag set, sending simple WAF bypass headers.") print("[>] Ignoring HTTP codes: {}".format(arguments.ignore_http_codes)) if (arguments.ignore_content_length > 0): print("[>] Ignoring Content length: {}".format( arguments.ignore_content_length)) if arguments.first_hit: print("[>] First hit is set.") if not arguments.no_lookup: for ip in Resolver().query(arguments.target_hosts, 'A'): host, aliases, ips = gethostbyaddr(str(ip)) wordlist.append(str(ip)) wordlist.append(host) wordlist.extend(aliases) scanner_args = vars(arguments) scanner_args.update({ 'target': arguments.target_hosts, 'wordlist': wordlist, 'user_agents': user_agents }) scanner = virtual_host_scanner(**scanner_args) scanner.scan() output = output_helper(scanner, arguments) print(output.output_normal_likely()) if (arguments.fuzzy_logic): print(output.output_fuzzy()) if (arguments.output_normal): output.write_normal(arguments.output_normal) print("\n[+] Writing normal ouptut to %s" % arguments.output_normal) if (arguments.output_json): output.output_json(arguments.output_json) print("\n[+] Writing json ouptut to %s" % arguments.output_json)