def run_testssl(url, output, no_screenshot, proxy):
if not utils.uses_encryption(url):
return
parsed_url = urlparse(url)
port = '443'
if parsed_url.port:
port = str(parsed_url.port)
html_path = os.path.join(output, f"testssl_{parsed_url.netloc}_{port}.html")
csv_output = os.path.join(output, f"testssl_{parsed_url.netloc}_{port}.csv")
if os.path.isfile(csv_output):
LOG.info("CSV file already exists, deleting it.")
os.remove(csv_output)
if proxy:
command = f"testssl --warnings off --csvfile {csv_output} --proxy {proxy} {url}"
else:
command = f"testssl --warnings off --csvfile {csv_output} {url}"
LOG.info('Running command: {}'.format(command))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and not no_screenshot:
screenshot_path = os.path.join(output, "screenshots")
LOG.info("Creating a screenshot of the output and saving it to {}".format(screenshot_path))
utils.dir_exists(screenshot_path, True)
utils.selenium_image(html_output, screenshot_path)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def run_nikto(url_dict, output_dir, proxy, screenshot=False):
html_path = os.path.join(
output_dir, f"nikto_{url_dict['domain']}_{url_dict['port']}.html")
csv_path = os.path.join(
output_dir, f"nikto_{url_dict['domain']}_{url_dict['port']}.csv")
if proxy:
log.info(f"Using proxy: {proxy}")
command_text = NIKTO_PROXY_COMMAND
else:
command_text = NIKTO_COMMAND
command = command_text.format(domain=url_dict['domain'],
port=url_dict['port'],
root=url_dict['root'],
ssl=url_dict['ssl'],
output=csv_path,
proxy=proxy)
log.info('Running command: {}'.format(command))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and screenshot:
log.info(
"Creating a screenshot of the output and saving it to {}".format(
screenshot))
utils.dir_exists(screenshot, True)
utils.selenium_image(html_output, screenshot)
if not html_output:
log.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running whatweb for {}".format(args.url))
if args.proxy:
# command = 'whatweb -v -a 3 --proxy {proxy} --user-agent "{ua}" {url}'.format(
# ua=USER_AGENT, url=args.url, proxy=args.proxy)
command = [
'whatweb', '-v', '-a', '3', '--proxy', args.proxy, '--user-agent',
'"' + USER_AGENT + '"', args.url
]
else:
# command = 'whatweb -v -a 3 --user-agent "{ua}" {url}'.format(ua=USER_AGENT, url=args.url)
command = [
'whatweb', '-v', '-a', '3', '--user-agent', '"' + USER_AGENT + '"',
args.url
]
LOG.info(command)
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
html_path = os.path.join(args.output, "whatweb_{}.html".format(domain))
text_output = run_commands.bash_command(command, split=False)
html_output = run_commands.create_html_file(text_output, command,
html_path)
# text_output = run_commands.bash_command(command_string, split=False)
# html_output = run_commands.create_html_file(text_output, command_string, html_path)
if html_output and args.screenshot:
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running nikto for {}".format(args.url))
parsed_url = urlparse(args.url)
netloc = parsed_url.netloc
# if non-standard port break it up.
if ":" in netloc:
domain = netloc.split(":")[0]
port = netloc.split(":")[1]
# otherwise port is based on scheme
else:
domain = netloc
if parsed_url.scheme == 'http':
port = '80'
else:
port = '443'
if parsed_url.scheme == 'https':
ssl = " -ssl"
else:
ssl = ""
if parsed_url.path:
root = " -root " + parsed_url.path
else:
root = ""
command = NIKTO_COMMAND.format(domain=domain, port=port, root=root, ssl=ssl)
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
html_path = os.path.join(args.output, "nikto_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and args.screenshot:
LOG.info("Creating a screenshot of the output and saving it to {}".format(args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(output, url, no_screenshot, proxy):
os.makedirs(output, exist_ok=True)
output_dir = output
output = os.path.join(output, "nmap_sT_common_{}".format(url))
if proxy:
command = """nmap -sT --proxy-type socks5h --proxy {proxy} -oA {output} {url}""".format(
output=output, url=url, proxy=proxy)
else:
command = """nmap -sT -oA {output} {url}""".format(output=output,
url=url)
LOG.info("Running the command: {}".format(command))
file_name = "nmap_sT_common_{}.html".format(url)
html_path = os.path.join(output_dir, file_name)
LOG.info("Saving output to: {}".format(html_path))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and not no_screenshot:
screenshot_path = os.path.join(output_dir, "screenshots")
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
screenshot_path))
utils.dir_exists(screenshot_path, True)
utils.selenium_image(html_output, screenshot_path)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def _write_path_data():
for module, paths in _new_paths.items():
paths = "\n".join(paths)
if dir_exists(ZSH_PATHS_DIR):
with open(ZSH_PATHS_DIR.joinpath(module), "w") as f:
f.write(paths)
if dir_exists(FISH_PATHS_DIR):
with open(FISH_PATHS_DIR.joinpath(module), "w") as f:
f.write(paths)
def main(args):
utils.dir_exists(args.output, True)
zap = ZAPv2(apikey=config.ZAP_API, proxies=config.ZAP_PROXIES) # pylint: disable=unexpected-keyword-arg
# Create new session
zap.core.new_session(args.output)
urls = utils.parse_webserver_urls(args.input)
for url in urls:
if not utils.check_url(url)[0]:
continue
run_zap_attack(url, zap)
def run_escan(ips_file, output_dir, screenshot=False):
html_path = os.path.join(output_dir, "eternal_scan.html")
command = f'escan -ck {ips_file}'
LOG.info('Running command: ' + command)
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and screenshot:
LOG.info("Creating a screenshot of the output and saving it to {}".format(screenshot))
utils.dir_exists(screenshot, True)
utils.selenium_image(html_output, screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def take_screenshot(output_dir, domain, driver):
utils.dir_exists(output_dir, True)
filename = "dnsdumpster_{}.png".format(domain)
screenshot_path = os.path.join(output_dir, filename)
WebDriverWait(driver, 10).until(
EC.presence_of_element_located((By.XPATH, "//canvas[@id='hosting']"))
)
time.sleep(2)
element = driver.find_element(By.XPATH, "//h4[contains(text(), 'Showing results for')]")
driver.execute_script("return arguments[0].scrollIntoView();", element)
driver.save_screenshot(screenshot_path)
def main(args): # pylint: disable=too-many-locals
""" Wrapper for the pikebrute function that runs it once per ip. """
tested = 0
output = []
cracked = []
ike_dir = os.path.join(args.out_dir, "ike")
utils.dir_exists(ike_dir, True)
if args.dictionary:
if os.path.isfile(args.dictionary):
LOG.info('Using dictionary provided in arguments here: {}'.format(
args.dictionary))
dictionary_path = args.dictionary
else:
LOG.warning(
'Dictionary provided ({}) cannot be found, using the default.'.
format(args.dictionary))
else:
dictionary_path = os.path.join(config.SCRIPTS_PATH,
'utils/psk-crack-dictionary')
LOG.info('Using the default dictionary: {}'.format(dictionary_path))
ike_ips = utils.get_ips_with_port_open(args.input, 500)
if not ike_ips:
LOG.info("No vpns found using UDP port 500.")
return
aggressive = get_ike_aggressive(ike_ips)
vpn_name_list = utils.text_file_lines_to_list(
os.path.join(config.SCRIPTS_PATH, 'utils/wordlist.dic'))
for ip in aggressive:
tested += 1
ip_dir = os.path.join(ike_dir, ip)
utils.dir_exists(ip_dir, True)
capture_hashes(ip_dir, vpn_name_list, ip)
# Run psk-crack
psk_files = utils.find_files(ip_dir, suffix='.hash')
for psk_file in psk_files:
results = run_pskcrack(os.path.join(ip_dir, psk_file),
dictionary_path)
filtered_out, filtered_cracked = filter_pskcrack_output(
results, ip, ip_dir, psk_file)
if filtered_out:
output.append(filtered_out)
if filtered_cracked:
cracked.append(filtered_cracked)
LOG.info("Tested {} vpns.".format(tested))
results_file = os.path.join(args.out_dir, "pikebrute_results.txt")
cracked_file = os.path.join(args.out_dir, "cracked_psks.txt")
with open(results_file, 'w') as f:
f.write('\r\n'.join(output))
if cracked:
with open(cracked_file, 'w') as f:
f.write('\r\n'.join(cracked))
def main(args):
LOG.info("Running uniscan on {}".format(args.url))
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
url = urlparse(args.url).scheme + "://" + netloc + urlparse(args.url).path
command = "uniscan -u {url} -qweds".format(url=url)
html_path = os.path.join(args.output, "uniscan_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and args.screenshot:
LOG.info("Creating a screenshot of the output and saving it to {}".format(args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
testssl_folder = os.path.join(args.output, "testssl")
utils.dir_exists(testssl_folder, True)
for url in utils.parse_webserver_urls(args.input):
if not utils.uses_encryption(url):
LOG.debug("Skipping, no encryption: {}".format(url))
continue
if not utils.check_url(url)[0]:
continue
LOG.info("Testing url: {}".format(url))
testssl_command, html_output = create_command(url, testssl_folder)
text_output = run_commands.bash_command(testssl_command)
html_output = run_commands.create_html_file(text_output,
testssl_command,
html_output)
LOG.debug("Saving output to {}".format(html_output))
def run_wpscan(url, output_dir, screenshot=False):
html_path = os.path.join(output_dir,
f"wpscan_{url['domain']}_{url['port']}.html")
command = WPSCAN_COMMAND.format(url=url['url'])
LOG.info('Running command: {}'.format(command))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and screenshot:
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
screenshot))
utils.dir_exists(screenshot, True)
utils.selenium_image(html_output, screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
utils.dir_exists(args.output, True)
zap = ZAPv2(apikey=config.ZAP_API, proxies=config.ZAP_PROXIES) # pylint: disable=unexpected-keyword-arg
# Create new session
try:
zap.core.new_session(args.output)
except requests.exceptions.ProxyError:
LOG.error("Couldn't attach to ZAP. Is it running?")
return
urls = utils.parse_webserver_urls(args.input)
for url in urls:
if not utils.check_url(url)[0]:
continue
run_zap_attack(url, zap)
def main(args):
LOG.info("Running wafw00f for {}".format(args.url))
command = "wafw00f -a {url}".format(url=args.url)
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
html_path = os.path.join(args.output, "wafw00f_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and args.screenshot:
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def install_zsh_plugin(plugin, remote):
print_line(f"Installing plugin {plugin}")
plugin_dir = zsh_plugin_dir.joinpath(plugin)
if not dir_exists(plugin_dir):
run_command(f"git clone '{remote}' '{plugin_dir}'")
run_command("git pull", cwd=plugin_dir)
def main(args):
LOG.info("Running dirb for {}".format(args.url))
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
command = "dirb {url} /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt -S".format(
url=args.url)
html_path = os.path.join(args.output, "dirb_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and args.screenshot:
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(output, url, no_screenshot, proxy):
if proxy:
command = "wafw00f -a -p {proxy} {url}".format(proxy=proxy, url=url)
else:
command = "wafw00f -a {url}".format(url=url)
LOG.info("Running wafw00f command: {}".format(command))
netloc = urlparse(url).netloc
domain = netloc.split(":")[0]
html_path = os.path.join(output, "wafw00f_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and not no_screenshot:
screenshot_path = os.path.join(output, "screenshots")
LOG.info("Creating a screenshot of the output and saving it to {}".format(screenshot_path))
utils.dir_exists(screenshot_path, True)
utils.selenium_image(html_output, screenshot_path)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def setup_oh_my_zsh(self):
if dir_exists(omz_dir) and not file_exists(
omz_dir.joinpath("oh-my-zsh.sh")):
os.rmdir(omz_dir)
# oh-my-zsh
if not dir_exists(omz_dir):
print_line("Installing oh-my-zsh")
run_command("bash " +
str(script_dir.joinpath("install-oh-my-zsh.sh")))
if platform.is_mac:
run_command(
'sudo dscl . -create "/Users/${USER}" UserShell /usr/local/bin/zsh',
shell=True,
)
# Update Oh My ZSH
run_command("git pull --rebase --stat origin master", cwd=omz_dir)
def run_whatweb(url, output_dir, screenshot=False):
parsed_url = urlparse(url)
port = parsed_url.port
if not port:
if parsed_url.scheme == 'http':
port = '80'
else:
port = '443'
html_path = os.path.join(output_dir, f"whatweb_{parsed_url.netloc}_{port}.html")
command = WHATWEB_COMMAND.format(url=url)
LOG.info('Running command: {}'.format(command))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and screenshot:
LOG.info("Creating a screenshot of the output and saving it to {}".format(screenshot))
utils.dir_exists(screenshot, True)
utils.selenium_image(html_output, screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running gobuster for {}".format(args.url))
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
if args.proxy:
command = PROXY_COMMAND.format(url=args.url, proxy=args.proxy)
else:
command = COMMAND.format(url=args.url)
html_path = os.path.join(args.output, "gobuster_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and args.screenshot:
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running whatweb for {}".format(args.url))
command_string = 'whatweb -v -a 3 --user-agent {ua} {url}'.format(
ua=USER_AGENT, url=args.url)
command = 'whatweb -v -a 3 --user-agent'.split()
command += [USER_AGENT, args.url]
LOG.info(command_string)
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
html_path = os.path.join(args.output, "whatweb_{}.html".format(domain))
text_output = run_commands.bash_command(command, split=False)
html_output = run_commands.create_html_file(text_output, command_string,
html_path)
if html_output and args.screenshot:
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
imaged_urls = []
utils.dir_exists(args.output_dir, True)
urls = utils.parse_webserver_urls(args.input_file)
url_queue = Queue()
for _ in range(args.threads):
t = threading.Thread(target=process_queue,
kwargs={
'args': args,
'url_queue': url_queue,
'imaged_urls': imaged_urls,
'urls': urls,
})
t.daemon = True
t.start()
for current_url in urls:
url_queue.put(current_url)
url_queue.join()
def main(args): # noqa
utils.dir_exists(args.output_dir, True)
run_update()
tested = 0
down = 0
timeout = 0
received_403 = 0
not_wordpress = 0
wordpress = 0
stackerror = 0
for url in utils.parse_webserver_urls(args.input):
if utils.check_url(url)[0]:
tested += 1
command, html_output = create_command(url, args.output_dir)
results = run_command_tee_aha(command, html_output)
if results == "down":
down += 1
elif results == "403":
received_403 += 1
elif results == "timeout":
timeout += 1
elif results == "not wordpress":
not_wordpress += 1
elif results == "wordpress":
wordpress += 1
elif results == "stackerror":
stackerror += 1
LOG.info("Finished testing:")
LOG.info("Total sites tested {} - (some sites skipped based on response)".format(tested))
if down != 0:
LOG.info("Websites that appeared to be down: {}".format(down))
if timeout != 0:
LOG.info("Websites that timedout: {}".format(timeout))
if received_403 != 0:
LOG.info("Websites that responded with a 403: {}".format(received_403))
if stackerror != 0:
LOG.info("Stack error received: {}".format(stackerror))
if not_wordpress != 0:
LOG.info("Websites that do not appear to be running WordPress: {}".format(not_wordpress))
LOG.info("Total running WordPress: {}".format(wordpress))
def main(args):
""" Parse csv and then run nikto for each."""
nikto_folder = os.path.join(args.output_dir, "nikto")
LOG.info("Saving output to {}".format(nikto_folder))
utils.dir_exists(nikto_folder, True)
LOG.info("Getting webservers from {}".format(args.input_file))
webservers = get_webservers(args.input_file)
webserver_queue = Queue()
LOG.info("Starting {} threads.".format(args.threads))
for _ in range(args.threads):
t = threading.Thread(target=process_queue,
kwargs={
'webserver_queue': webserver_queue,
'nikto_folder': nikto_folder,
'args': args,
})
t.daemon = True
t.start()
for current_webserver in webservers:
webserver_queue.put(current_webserver)
webserver_queue.join()
def link_files(self):
print_line("Linking VSCode Settings", color=Color.MAGENTA)
os.makedirs(SETTINGS_PATH, exist_ok=True)
link_file(
SCRIPT_DIR.joinpath("settings.json"),
SETTINGS_PATH.joinpath("settings.json"),
)
link_file(
SCRIPT_DIR.joinpath("keybindings.json"),
SETTINGS_PATH.joinpath("keybindings.json"),
)
if dir_exists(SETTINGS_PATH.joinpath("snippets")):
os.rmdir(SETTINGS_PATH.joinpath("snippets"))
link_file(SCRIPT_DIR.joinpath("snippets"),
SETTINGS_PATH.joinpath("snippets"))
def main(args):
utils.dir_exists(args.output, True)
for url in utils.parse_webserver_urls(args.input):
if utils.check_url(url)[0]:
command, html_output = create_command(url, args.output)
run_whatweb(command, html_output)
