def worker_thread(cli_parsed, targets, lock, counter, user_agent=None):
manager = db_manager.DB_Manager(cli_parsed.d + '/ew.db')
manager.open_connection()
if cli_parsed.web:
create_driver = selenium_module.create_driver
capture_host = selenium_module.capture_host
elif cli_parsed.headless:
create_driver = phantomjs_module.create_driver
capture_host = phantomjs_module.capture_host
with lock:
driver = create_driver(cli_parsed, user_agent)
try:
while True:
http_object = targets.get()
if http_object is None:
break
# Fix our directory if its resuming from a different path
if os.path.dirname(cli_parsed.d) != os.path.dirname(
http_object.screenshot_path):
http_object.set_paths(
cli_parsed.d,
'baseline' if cli_parsed.cycle is not None else None)
if cli_parsed.cycle is not None:
if user_agent is None:
print 'Making baseline request for {0}'.format(
http_object.remote_system)
else:
browser_key, user_agent_str = user_agent
print 'Now making web request with: {0} for {1}'.format(
browser_key, http_object.remote_system)
else:
print 'Attempting to screenshot {0}'.format(
http_object.remote_system)
http_object.resolved = resolve_host(http_object.remote_system)
if user_agent is None:
http_object, driver = capture_host(cli_parsed, http_object,
driver)
if http_object.category is None and http_object.error_state is None:
http_object = default_creds_category(http_object)
manager.update_http_object(http_object)
else:
ua_object, driver = capture_host(cli_parsed, http_object,
driver)
if http_object.category is None and http_object.error_state is None:
ua_object = default_creds_category(ua_object)
manager.update_ua_object(ua_object)
counter[0].value += 1
if counter[0].value % 15 == 0:
print '\x1b[32m[*] Completed {0} out of {1} services\x1b[0m'.format(
counter[0].value, counter[1])
do_jitter(cli_parsed)
except KeyboardInterrupt:
pass
manager.close()
driver.quit()
def worker_thread(cli_parsed, targets, lock, counter, user_agent=None):
manager = db_manager.DB_Manager(cli_parsed.d + '/ew.db')
manager.open_connection()
if cli_parsed.web:
create_driver = selenium_module.create_driver
capture_host = selenium_module.capture_host
with lock:
driver = create_driver(cli_parsed, user_agent)
try:
while True:
http_object = targets.get()
if http_object is None:
break
# Try to ensure object values are blank
http_object._category = None
http_object._default_creds = None
http_object._error_state = None
http_object._page_title = None
http_object._ssl_error = False
http_object.category = None
http_object.default_creds = None
http_object.error_state = None
http_object.page_title = None
http_object.resolved = None
http_object.source_code = None
# Fix our directory if its resuming from a different path
if os.path.dirname(cli_parsed.d) != os.path.dirname(
http_object.screenshot_path):
http_object.set_paths(cli_parsed.d, None)
print('Attempting to screenshot {0}'.format(
http_object.remote_system))
http_object.resolved = resolve_host(http_object.remote_system)
if user_agent is None:
http_object, driver = capture_host(cli_parsed, http_object,
driver)
if http_object.category is None and http_object.error_state is None:
http_object = default_creds_category(http_object)
manager.update_http_object(http_object)
else:
ua_object, driver = capture_host(cli_parsed, http_object,
driver)
if http_object.category is None and http_object.error_state is None:
ua_object = default_creds_category(ua_object)
manager.update_ua_object(ua_object)
counter[0].value += 1
if counter[0].value % 15 == 0:
print('\x1b[32m[*] Completed {0} out of {1} services\x1b[0m'.
format(counter[0].value, counter[1]))
do_jitter(cli_parsed)
except KeyboardInterrupt:
pass
manager.close()
driver.quit()
def multi_mode(cli_parsed):
dbm = db_manager.DB_Manager(cli_parsed.d + '/ew.db')
dbm.open_connection()
if not cli_parsed.resume:
dbm.initialize_db()
dbm.save_options(cli_parsed)
m = Manager()
targets = m.Queue()
lock = m.Lock()
multi_counter = m.Value('i', 0)
display = None
def exitsig(*args):
dbm.close()
if current_process().name == 'MainProcess':
print('')
print(
'Resume using ./EyeWitness.py --resume {0}'.format(cli_parsed.d + '/ew.db'))
os._exit(1)
signal.signal(signal.SIGINT, exitsig)
if cli_parsed.resume:
pass
else:
url_list, rdp_list, vnc_list = target_creator(cli_parsed)
if cli_parsed.web:
for url in url_list:
dbm.create_http_object(url, cli_parsed)
for rdp in rdp_list:
dbm.create_vnc_rdp_object('rdp', rdp, cli_parsed)
for vnc in vnc_list:
dbm.create_vnc_rdp_object('vnc', vnc, cli_parsed)
if cli_parsed.web:
if cli_parsed.web and not cli_parsed.show_selenium:
display = Display(visible=0, size=(1920, 1080))
display.start()
multi_total = dbm.get_incomplete_http(targets)
if multi_total > 0:
if cli_parsed.resume:
print(
'Resuming Web Scan ({0} Hosts Remaining)'.format(
str(multi_total)))
else:
print(
'Starting Web Requests ({0} Hosts)'.format(
str(multi_total)))
if multi_total < cli_parsed.threads:
num_threads = multi_total
else:
num_threads = cli_parsed.threads
for i in range(num_threads):
targets.put(None)
try:
workers = [
Process(
target=worker_thread,
args=(
cli_parsed,
targets,
lock,
(multi_counter,
multi_total))) for i in range(num_threads)]
for w in workers:
w.start()
for w in workers:
w.join()
except Exception as e:
print(str(e))
# Set up UA table here
if cli_parsed.cycle is not None:
ua_dict = get_ua_values(cli_parsed.cycle)
if not cli_parsed.ua_init:
dbm.clear_table("ua")
completed = dbm.get_complete_http()
completed[:] = [x for x in completed if x.error_state is None]
for item in completed:
for browser, ua in ua_dict.items():
dbm.create_ua_object(item, browser, ua)
cli_parsed.ua_init = True
dbm.clear_table("opts")
dbm.save_options(cli_parsed)
for browser, ua in ua_dict.items():
targets = m.Queue()
multi_counter.value = 0
multi_total = dbm.get_incomplete_ua(targets, browser)
if multi_total > 0:
print(("[*] Starting requests for User Agent {0}"
" ({1} Hosts)").format(browser, str(multi_total)))
if multi_total < cli_parsed.threads:
num_threads = multi_total
else:
num_threads = cli_parsed.threads
for i in range(num_threads):
targets.put(None)
workers = [Process(target=worker_thread,
args=(cli_parsed, targets, lock,
(multi_counter, multi_total),
(browser, ua)))
for i in range(num_threads)]
for w in workers:
w.start()
for w in workers:
w.join()
if any((cli_parsed.vnc, cli_parsed.rdp)):
log._LOG_LEVEL = log.Level.ERROR
multi_total, targets = dbm.get_incomplete_vnc_rdp()
if multi_total > 0:
print('')
print(
'Starting VNC/RDP Requests ({0} Hosts)'.format(str(multi_total)))
app = QtGui.QApplication(sys.argv)
timer = QTimer()
timer.start(10)
timer.timeout.connect(lambda: None)
# add qt4 reactor
import qt4reactor
qt4reactor.install()
from twisted.internet import reactor
for target in targets:
if os.path.dirname(
cli_parsed.d) != os.path.dirname(
target.screenshot_path):
target.set_paths(cli_parsed.d)
tdbm = db_manager.DB_Manager(cli_parsed.d + '/ew.db')
if target.proto == 'vnc':
reactor.connectTCP(
target.remote_system, target.port,
vnc_module.RFBScreenShotFactory(
target.screenshot_path, reactor, app,
target, tdbm))
else:
reactor.connectTCP(
target.remote_system, int(target.port),
rdp_module.RDPScreenShotFactory(
reactor, app, 1200, 800,
target.screenshot_path, cli_parsed.timeout,
target, tdbm))
reactor.runReturn()
app.exec_()
if display is not None:
display.stop()
results = dbm.get_complete_http()
vnc_rdp = dbm.get_complete_vnc_rdp()
dbm.close()
m.shutdown()
write_vnc_rdp_data(cli_parsed, vnc_rdp)
sort_data_and_write(cli_parsed, results)
if cli_parsed.ocr:
for target in targets:
try:
rdp_module.parse_screenshot(cli_parsed.d, target)
except IOError:
pass
multi_counter += 1
if multi_counter % 15 == 0:
print(
'\x1b[32m[*] Completed {0} out of {1} hosts\x1b[0m'.format(multi_counter, multi_total))
if __name__ == "__main__":
title_screen()
cli_parsed = create_cli_parser()
start_time = time.time()
if cli_parsed.resume:
print('[*] Loading Resume Data...')
temp = cli_parsed
dbm = db_manager.DB_Manager(cli_parsed.resume)
dbm.open_connection()
cli_parsed = dbm.get_options()
cli_parsed.d = os.path.dirname(temp.resume)
cli_parsed.resume = temp.resume
if temp.results:
cli_parsed.results = temp.results
dbm.close()
print('Loaded Resume Data with the following options:')
engines = []
if cli_parsed.web:
engines.append('Firefox')
if cli_parsed.vnc:
engines.append('VNC')
if cli_parsed.rdp:
def multi_mode(cli_parsed):
dbm = db_manager.DB_Manager(cli_parsed.d + '/ew.db')
dbm.open_connection()
if not cli_parsed.resume:
dbm.initialize_db()
dbm.save_options(cli_parsed)
m = Manager()
targets = m.Queue()
lock = m.Lock()
multi_counter = m.Value('i', 0)
display = None
def exitsig(*args):
dbm.close()
if current_process().name == 'MainProcess':
print('')
print('Resume using ./EyeWitness.py --resume {0}'.format(
cli_parsed.d + '/ew.db'))
os._exit(1)
signal.signal(signal.SIGINT, exitsig)
if cli_parsed.resume:
pass
else:
url_list = target_creator(cli_parsed)
if cli_parsed.web:
for url in url_list:
dbm.create_http_object(url, cli_parsed)
if cli_parsed.web:
if cli_parsed.web and not cli_parsed.show_selenium:
display = Display(visible=0, size=(1920, 1080))
display.start()
multi_total = dbm.get_incomplete_http(targets)
if multi_total > 0:
if cli_parsed.resume:
print('Resuming Web Scan ({0} Hosts Remaining)'.format(
str(multi_total)))
else:
print('Starting Web Requests ({0} Hosts)'.format(
str(multi_total)))
if multi_total < cli_parsed.threads:
num_threads = multi_total
else:
num_threads = cli_parsed.threads
for i in range(num_threads):
targets.put(None)
try:
workers = [
Process(target=worker_thread,
args=(cli_parsed, targets, lock, (multi_counter,
multi_total)))
for i in range(num_threads)
]
for w in workers:
w.start()
for w in workers:
w.join()
except Exception as e:
print(str(e))
# Set up UA table here
if cli_parsed.cycle is not None:
ua_dict = get_ua_values(cli_parsed.cycle)
if not cli_parsed.ua_init:
dbm.clear_table("ua")
completed = dbm.get_complete_http()
completed[:] = [x for x in completed if x.error_state is None]
for item in completed:
for browser, ua in ua_dict.iteritems():
dbm.create_ua_object(item, browser, ua)
cli_parsed.ua_init = True
dbm.clear_table("opts")
dbm.save_options(cli_parsed)
for browser, ua in ua_dict.iteritems():
targets = m.Queue()
multi_counter.value = 0
multi_total = dbm.get_incomplete_ua(targets, browser)
if multi_total > 0:
print("[*] Starting requests for User Agent {0}"
" ({1} Hosts)").format(browser, str(multi_total))
if multi_total < cli_parsed.threads:
num_threads = multi_total
else:
num_threads = cli_parsed.threads
for i in range(num_threads):
targets.put(None)
workers = [
Process(target=worker_thread,
args=(cli_parsed, targets, lock,
(multi_counter, multi_total), (browser, ua)))
for i in range(num_threads)
]
for w in workers:
w.start()
for w in workers:
w.join()
if display is not None:
display.stop()
results = dbm.get_complete_http()
dbm.close()
m.shutdown()
sort_data_and_write(cli_parsed, results)
def multi_mode(cli_parsed):
dbm = db_manager.DB_Manager(cli_parsed.d + '/ew.db')
dbm.open_connection()
if not cli_parsed.resume:
dbm.initialize_db()
dbm.save_options(cli_parsed)
m = Manager()
targets = m.Queue()
lock = m.Lock()
multi_counter = m.Value('i', 0)
display = None
def exitsig(*args):
dbm.close()
if current_process().name == 'MainProcess':
print('')
print('Resume using ./EyeWitness.py --resume {0}'.format(
cli_parsed.d + '/ew.db'))
os._exit(1)
signal.signal(signal.SIGINT, exitsig)
if cli_parsed.resume:
pass
else:
url_list = target_creator(cli_parsed)
if cli_parsed.web:
for url in url_list:
dbm.create_http_object(url, cli_parsed)
if cli_parsed.web:
if cli_parsed.web and not cli_parsed.show_selenium:
display = Display(visible=0, size=(1920, 1080))
display.start()
multi_total = dbm.get_incomplete_http(targets)
if multi_total > 0:
if cli_parsed.resume:
print('Resuming Web Scan ({0} Hosts Remaining)'.format(
str(multi_total)))
else:
print('Starting Web Requests ({0} Hosts)'.format(
str(multi_total)))
if multi_total < cli_parsed.threads:
num_threads = multi_total
else:
num_threads = cli_parsed.threads
for i in range(num_threads):
targets.put(None)
try:
workers = [
Process(target=worker_thread,
args=(cli_parsed, targets, lock, (multi_counter,
multi_total)))
for i in range(num_threads)
]
for w in workers:
w.start()
for w in workers:
w.join()
except Exception as e:
print(str(e))
if display is not None:
display.stop()
results = dbm.get_complete_http()
dbm.close()
m.shutdown()
sort_data_and_write(cli_parsed, results)
def worker_thread(cli_parsed, targets, lock, counter, user_agent=None):
manager = db_manager.DB_Manager(cli_parsed.d + '/ew.db')
manager.open_connection()
if cli_parsed.web:
create_driver = selenium_module.create_driver
capture_host = selenium_module.capture_host
elif cli_parsed.headless:
if not os.path.isfile(
os.path.join(os.path.dirname(os.path.realpath(__file__)),
'bin', 'phantomjs')):
print(" [*] Error: You are missing your phantomjs binary!")
print(" [*] Please run the setup script!")
sys.exit(0)
create_driver = phantomjs_module.create_driver
capture_host = phantomjs_module.capture_host
with lock:
driver = create_driver(cli_parsed, user_agent)
try:
while True:
http_object = targets.get()
if http_object is None:
break
# Try to ensure object values are blank
http_object._category = None
http_object._default_creds = None
http_object._error_state = None
http_object._page_title = None
http_object._ssl_error = False
http_object.category = None
http_object.default_creds = None
http_object.error_state = None
http_object.page_title = None
http_object.resolved = None
http_object.source_code = None
# Fix our directory if its resuming from a different path
if os.path.dirname(cli_parsed.d) != os.path.dirname(
http_object.screenshot_path):
http_object.set_paths(
cli_parsed.d,
'baseline' if cli_parsed.cycle is not None else None)
if cli_parsed.cycle is not None:
if user_agent is None:
print 'Making baseline request for {0}'.format(
http_object.remote_system)
else:
browser_key, user_agent_str = user_agent
print 'Now making web request with: {0} for {1}'.format(
browser_key, http_object.remote_system)
else:
print 'Attempting to screenshot {0}'.format(
http_object.remote_system)
http_object.resolved = resolve_host(http_object.remote_system)
if user_agent is None:
http_object, driver = capture_host(cli_parsed, http_object,
driver)
if http_object.category is None and http_object.error_state is None:
http_object = default_creds_category(http_object)
manager.update_http_object(http_object)
else:
ua_object, driver = capture_host(cli_parsed, http_object,
driver)
if http_object.category is None and http_object.error_state is None:
ua_object = default_creds_category(ua_object)
manager.update_ua_object(ua_object)
counter[0].value += 1
if counter[0].value % 15 == 0:
print '\x1b[32m[*] Completed {0} out of {1} services\x1b[0m'.format(
counter[0].value, counter[1])
do_jitter(cli_parsed)
except KeyboardInterrupt:
pass
manager.close()
driver.quit()