def email(args):
if not args.url:
colors.error('Please enter an URL for finding emails')
LOGGER.error('[-] Please enter an URL for finding emails')
sys.exit(1)
try:
from lib.others.info_gathering.finder import finding_email
colors.info('Performing email gathering over : {}'.format(args.url))
findEmailObj = finding_email.FindingEmails(args.url)
found_emails = findEmailObj.parse_emails()
if args.output:
if args.output.endswith('.txt'):
file = args.output
else:
file = args.output + '.txt'
with open(file, 'w') as f:
f.write('---[!] Emails---\n\n')
for email in found_emails:
f.write(str(email) + os.linesep)
colors.success('File has been saved successfully')
except ImportError:
colors.error('Could not import the required module.')
LOGGER.error('[-] Could not import the required module.')
except Exception as e:
LOGGER.error(e)
def restore(self):
"""
Restores the IP tables of the target and the router
to the default state (before ARP spoof attack)
"""
colors.info('Restoring IP tables')
target_arp_packet = scapy.ARP(op=2, pdst=self.target_ip,
hwdst=self.target_mac,
psrc=self.router_ip,
hwsrc=self.router_mac)
router_arp_packet = scapy.ARP(op=2, pdst=self.router_ip,
hwdst=self.router_mac,
psrc=self.target_ip,
hwsrc=self.target_mac)
COUNT = 10 # Send 10 packets to restore
while COUNT > 0:
scapy.send(target_arp_packet, verbose=False)
scapy.send(router_arp_packet, verbose=False)
COUNT = COUNT - 1
colors.success('ARP Table restored')
def getMAC(self, IP, name):
"""
Fetches MAC address of the selected IP
"""
arp_packet = scapy.ARP(pdst=IP)
broadcast = scapy.Ether(dst='ff:ff:ff:ff:ff:ff')
arp_broadcast = broadcast/arp_packet
broadcast = scapy.srp(arp_broadcast, timeout=1, verbose=False)[0]
mac_addr_str = self.capture_output(broadcast)
mac_addr = re.findall(r'\w\w:\w\w:\w\w:\w\w:\w\w:\w\w',
mac_addr_str)[0]
mac_addr = str(mac_addr).strip()
colors.success('Found MAC address for {} : {} is : {}'
.format(name, IP, mac_addr))
val = str(input('>> Enter(Y/y) to continue or enter MAC address : '))\
.strip()
if val == 'Y' or val == 'y':
return mac_addr
elif self.validateMAC(val):
colors.info('Setting MAC address for {} : {} : {}'
.format(name, IP, val))
return val
else:
colors.error('Please enter a valid MAC address...')
self.getMAC(IP, name)
def startScan(self):
"""
Distributes the list of scans into
multiple processor and starts the scan
"""
colors.info('Hash scanning started...')
colors.info('Press CTRL+C to stop...')
t1 = time.time()
try:
processes = []
for mode in self.list_scans:
newProcess = multiprocessing.Process(target=self.modeScan,
args=(mode, ))
newProcess.start()
processes.append(newProcess)
for process in processes:
process.join()
except KeyboardInterrupt:
colors.error('Stopping the process...')
except Exception as e:
print(e)
finally:
t2 = time.time()
colors.success('Completed in {}'.format(t2 - t1))
resultDict = self.parseResult()
return resultDict
def comment(args):
if not args.url:
colors.error('Please enter an URL for finding comments')
LOGGER.error('[-] Please enter an URL for finding comments')
sys.exit(1)
try:
from lib.others.info_gathering.finder import finding_comment
colors.info('Performing comment gathering over : {}'.format(args.url))
findCommnentObj = finding_comment.FindingComments(args.url)
comment_dict = findCommnentObj.parse_comments()
if args.output:
if args.output.endswith('.txt'):
file = args.output
else:
file = args.output + '.txt'
with open(file, 'w') as f:
f.write('---[!] Comments---\n\n')
for k, v in comment_dict.items():
f.write(str(k) + ' : ' + str(v) + os.linesep)
colors.success('File has been saved successfully')
except ImportError:
colors.error('Could not import the required module.')
LOGGER.error('[-] Could not import the required module.')
except Exception as e:
LOGGER.error(e)
def networkScan(self):
print('Enter the IP address to start scanning...')
ip = str(input()).strip()
if self.validateIP(ip):
try:
colors.info('Initiating ARP Scan')
from lib.scanner.ip_scanner import arp_scanner
arpScanObj = arp_scanner.ARPScan(ip=ip,
start_ip=None,
end_ip=None,
threads=100)
total_index, result_dict = arpScanObj.threadingScan()
index = int(input('>> Enter the index of the target IP : '))
if index < total_index and index > 0:
self.target_ip = result_dict[index][0]
self.target_mac = result_dict[index][1]
colors.success('Target IP set to : {}'.format(self.target_ip))
colors.success('Target MAC set to : {}'.format(self.target_mac))
except ImportError:
colors.error('Could not import the required module.')
except Exception as e:
print(e)
else:
colors.error('Please enter a valid IP address...')
self.networkScan()
def check_url(self, url):
ua_list = [
'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0',
'Mozilla/5.0 (X11; Linux i586; rv:31.0) Gecko/20100101 Firefox/31.0',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10'
]
ua = random.choice(ua_list)
headers = {
'User-Agent':ua,
}
colors.info('Checking the URL if it is live')
try:
response = requests.get(url, headers=headers)
response_code = response.status_code
colors.info('Got a respose for the URL with status code:{}'.format(response_code))
if response_code == 200:
self.scan_headers = headers
return True
else:
return False
except Exception as e:
print(e)
return False
def ssl(args):
if not args.url:
colors.error('Please enter an URL for SSL scanning')
LOGGER.error('[-] Please enter an URL for SSL scanning')
sys.exit(1)
try:
from lib.scanner.ssl_scanner import ssl_scanner
colors.info('SSL scan using SSL Labs API')
data = ssl_scanner.analyze(args.url)
ssl_data = ssl_scanner.vulnerability_parser(data)
if args.output:
if args.output.endswith('.txt'):
file = args.output
else:
file = args.output + '.txt'
with open(file, 'wt') as f:
f.write('[+] Vulnerability Scan Result : \n\n')
for k, v in ssl_data.items():
f.write(str(k) + ' : ' + str(v) + os.linesep)
colors.success('File has been saved successfully')
except ImportError:
colors.error('Could not import the required module.')
LOGGER.error('[-] Could not import the required module.')
except Exception as e:
LOGGER.error(e)
def template_images(temp_image):
template_image_dir_path = os.path.join(os.getcwd(), template_image_dir_name)
try:
if os.path.isdir(template_image_dir_name):
colors.info('Template image sections folder already exists.')
else:
os.mkdir(template_image_dir_path)
colors.success('Template image sections folder created.')
except OSError:
colors.error('Permission denied at {}: Cannot create template image sections folder'
.format(template_image_dir_path))
exit(1)
os.chdir(os.path.join(os.getcwd(), template_image_dir_name))
colors.success('Directory set to new location ')
# Loading Template image.
colors.success('Image read into memory')
x = y = 0
width = [160, 320, 480, 640] # Respective width dimension for the template image.
height = [160, 320, 480] # Respective height dimension for the template image.
count = 0
for h in height:
for w in width:
image_section = temp_image[y:h, x:w] # Creating section of image.
x = w
cv2.imwrite(str(count) + ".jpg",
image_section) # writing each template image section to template directory.
count += 1
x = 0
y = h
def __init__(self, mac_addr=None, interface=None):
self.is_root()
if mac_addr is None:
self.newMAC = self.generateMAC()
elif self.validateMAC(mac_addr):
self.newMAC = mac_addr
else:
colors.error('Please provide a valid MAC address...')
sys.exit(1)
colors.info('MAC address will be changed to : {}'.format(self.newMAC))
if interface is None:
self.interface = self.getInterface()
else:
self.interface = interface
self.origMAC = self.interfaceMAC()
colors.info('Original MAC address is : {}'.format(self.origMAC))
if self.interface is None or \
self.newMAC is None or \
self.origMAC is None:
colors.error('Error! could not change the MAC')
sys.exit(1)
def handle_sigint(signum, frame):
global sigint_count
message1 = "Press Ctrl-C once again"
message2 = "Vault was interrupted by SIGINT"
sigint_count += 1
if sigint_count >= 2:
colors.error(message2)
else:
colors.info(message1)
sys.exit(1)
def gather_header(self):
try:
r = self.get_response()
headers_dict = r.headers
colors.info('Header Details')
for key, value in headers_dict.items():
colors.success(' {} : {} '.format(key, value))
return headers_dict
except Exception as e:
colors.error(e)
def changeMAC(self, mac):
"""
Changes the MAC address of the selected interface
"""
colors.info('Changing MAC address...')
time.sleep(2) # Wait for the interface to be up
subprocess.call(['ifconfig', self.interface, 'down'])
subprocess.call(['ifconfig', self.interface, 'hw', 'ether', mac])
subprocess.call(['ifconfig', self.interface, 'up'])
def process_display(verbose, type, message):
if args.v is False:
verbose = 0
if type == 0 and verbose == 0:
colors.success(message)
elif type == 1 and verbose == 0:
colors.error(message)
elif type == 2 and verbose == 0:
colors.process(message)
elif type == 3 and verbose == 0:
colors.info(message)
def os_scan(self):
colors.info('OS Scan running on: {}'.format(self.target))
self.nm.scan(self.target, arguments="-O")
if len(self.nm[self.nm.all_hosts()[0]]["osmatch"]) != 0:
colors.success('OS Scan results of: {}'.format(
self.nm.all_hosts()[0]))
for osmatch in self.nm[self.nm.all_hosts()[0]]["osmatch"]:
print("[+] Name: {}".format(osmatch["name"]))
print("[+] Accuracy: {}".format(osmatch["accuracy"]))
else:
colors.info('No OS matches for host')
def generateMAC():
"""
Generates random MAC address
"""
colors.info('No desired MAC found, generating random MAC...')
return "52:54:00:%02x:%02x:%02x" % (
random.randint(0, 255),
random.randint(0, 255),
random.randint(0, 255),
)
def scan(self):
null_byte = "%00"
success_count = 0
url = self.url
ck = self.check_url(url)
if ck:
_matches = self.payload_data["linux"]
_payloads = self.payload_data["linux"].keys()
_prefixs = self.payload_data["linuxPrefix"]
urls = []
for _prefix in _prefixs:
urls.append(url + _prefix)
# Now Sart Scanning
for _url in urls:
for _payload in _payloads:
scan_url = _url + _payload
res = requests.get(scan_url, headers=self.scan_headers)
for _match in _matches[_payload]:
if _match in res.text:
colors.success(
"LFI Detected!: {}".format(scan_url))
success_count += 1
if "syntax error" in res.text:
colors.error(
"Syntax Parse Error: {}".format(scan_url))
# Still no success, now check with null byte
if success_count == 0:
colors.info("Now creating payloads with one NULL BYTE suffix.")
for _url in urls:
for _payload in _payloads:
scan_url = _url + _payload + null_byte
res = requests.get(scan_url, headers=self.scan_headers)
for _match in _matches[_payload]:
if _match in res.text:
colors.success(
"LFI Detected! : {}".format(scan_url))
success_count += 1
if "syntax error" in res.text:
colors.error(
"Syntax Parse Error:{}".format(scan_url))
if success_count == 0:
colors.error('No LFI Detected')
else:
colors.error('An error occured, make sure provided URL is valid '
'and accessible.')
def startAttack(self):
try:
colors.info('Ping of death attack on: {}'
.format(self.target_ip))
colors.success('Ping of death attack started, press CTRL+C to '
'stop...')
t1 = time.time()
self.attack()
except KeyboardInterrupt:
t2 = time.time()
colors.success('Completed in time: {}'.format(t2-t1))
def threadingScan(self):
t1 = time.time()
self.setIP()
with ThreadPoolExecutor(max_workers=self.threads) as executor:
tasks = []
for ip in range(self.start_ip, self.end_ip):
task = executor.submit(self.pingScan, (ip))
tasks.append(task)
t2 = time.time()
colors.info('Completed in {}'.format(t2 - t1))
def restore(self):
"""
Restore the network services
"""
colors.info('[!] Restoring the network services...')
command0 = 'airmon-ng stop {}'.format(self.monFace)
command1 = 'service networking restart'
command2 = 'service network-manager restart'
self.quickExecute(command0)
self.quickExecute(command1)
self.quickExecute(command2)
colors.success('Restored')
def fuzz(args):
if not args.url:
colors.error('Please enter an URL for fuzzing')
LOGGER.error('[-] Please enter an URL for fuzzing')
sys.exit(1)
try:
from lib.others.fuzzer import fuzzer
colors.info('Performing fuzzing on : {}'.format(args.url))
fuzzObj = fuzzer.Fuzzer(base_url=args.url, thread_num=args.threads)
fuzzObj.initiate()
except ImportError:
colors.error('Could not import the required module.')
LOGGER.error('[-] Could not import the required module.')
except Exception as e:
LOGGER.error(e)
def start_engine(self):
while not self.fuzz_queue.empty():
fuzz_text = self.fuzz_queue.get()
fuzz_url = self.generate_url(fuzz_text)
self.fuzz_queue.task_done()
try:
status = self.send_request(fuzz_url)
if status == 1:
colors.success('Found -> {}'.format(fuzz_url))
self.discovered_url.append(fuzz_url)
elif status == 2:
colors.info('Redirection Detected -> {}'.format(fuzz_url))
self.redirected_url.append(fuzz_url)
except Exception as e:
colors.error(e)
def get_target_IP(self):
"""
Fetches target IP to spoof
"""
if self.target_ip is None:
print('[-] No target IP selected, please enter an IP address or run network scan (Enter "S") : ')
value = str(input()).strip()
if value == 'S' or value == 's':
self.networkScan()
elif self.validateIP(value):
colors.info('Selected target IP is : {}'.format(value))
self.target_ip = value
else:
colors.error('Please enter a valid IP address to continue...')
self.get_target_IP()
def info(args):
if not args.url:
colors.error('Please enter an URl for information gathering')
LOGGER.error('[-] Please enter an URl for information gathering')
sys.exit(1)
try:
from lib.others.info_gathering import header_vuln
colors.info('Performing information gathering over : {}'.format(
args.url))
infoGatherObj = header_vuln.HeaderVuln(args.url)
header_data = infoGatherObj.gather_header()
cookie_data = infoGatherObj.insecure_cookies()
method_data = infoGatherObj.test_http_methods()
if args.output:
if args.output.endswith('.txt'):
file = args.output
else:
file = args.output + '.txt'
i = 1
with open(file, 'w') as f:
f.write('---[!] Header Details---\n\n')
for k, v in header_data.items():
f.write(str(k) + ' : ' + str(v) + os.linesep)
f.write('\n---[!] Testing Insecure Cookies---\n\n')
for k in cookie_data:
f.write(k + os.linesep)
f.write('\n---[!] Testing HTTP methods---\n\n')
for k in method_data:
if i % 3 != 0:
f.write(str(k) + ' ')
else:
f.write(str(k) + os.linesep)
i = i + 1
colors.success('File has been saved successfully')
except ImportError:
colors.error('Could not import the required module.')
LOGGER.error('[-] Could not import the required module.')
except Exception as e:
LOGGER.error(e)
def resetMAC(self):
"""
Restores the MAC address of the interface
"""
self.changeMAC(self.origMAC)
checkMAC = self.interfaceMAC()
if checkMAC == self.origMAC:
colors.success('MAC address restored to default : {}'.format(
self.origMAC))
colors.info('Exiting...')
sys.exit(1)
else:
colors.error('Failed to restore MAC address, trying again...')
self.resetMAC()
def test_http_methods(self):
modes_list = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE', 'TEST']
colors.info('Testing HTTP methods')
method_data = []
for mode in modes_list:
r = requests.request(mode, self.url)
colors.success(' {} {} {}'.format(mode, r.status_code, r.reason))
method_data.append(mode)
method_data.append(r.status_code)
method_data.append(r.reason)
if mode == 'TRACE' and 'TRACE / HTTP/1.1' in r.text:
colors.info('Possible Cross Site Tracing vulnerability found')
return method_data
def bruteforce(args):
if not args.url:
colors.error('Please enter an URL for bruteforce')
LOGGER.error('[-] Please enter an URL for bruteforce')
sys.exit(1)
try:
from lib.others.bruteforce_login import bruteforce_login
colors.info('Performing bruteforce on : {}'.format(args.url))
bruteforceObj = bruteforce_login.BruteforceLogin(url=args.url,
threads=args.threads,
user=args.username)
bruteforceObj.startAttack()
except ImportError:
colors.error('Could not import the required module.')
LOGGER.error('[-] Could not import the required module.')
except Exception as e:
LOGGER.error(e)
def threadingScan(self):
"""
Threads the scanning process
"""
t1 = time.time()
self.setIP()
colors.info('ARP Scan started...')
with ThreadPoolExecutor(max_workers=self.threads) as executor:
tasks = []
for ip in range(self.start_ip, self.end_ip):
task = executor.submit(self.ARPScan, (ip))
tasks.append(task)
self.parseResult(t1)
def template_images(temp_image):
template_image_dir_path = os.path.join(os.getcwd(),
template_image_dir_name)
print(template_image_dir_path)
try:
if os.path.isdir(template_image_dir_name):
colors.info('Template image sections folder already exists.')
else:
os.mkdir(template_image_dir_path)
colors.success('Template image sections folder created.')
except OSError:
colors.error('Permission denied at {}:\
Cannot create template image sections folder'.format(
template_image_dir_path))
exit(1)
os.chdir(os.path.join(os.getcwd(), template_image_dir_name))
colors.success('Directory set to new location ')
# Loading Template image.
colors.success('Image read into memory')
x = y = 0
width = [160, 320, 480, 640]
height = [160, 320, 480]
count = 0
template_thread_process = []
for h in height:
for w in width:
template_thread_process.append(
th(target=thread_breaker,
args=(x, y, h, w, temp_image, count)))
x = w
count += 1
x = 0
y = h
for process in template_thread_process:
process.start()
for process in template_thread_process:
process.join()
def collect(self):
# 1. create partitions from rdds (partition_num = len(workers))
# 2. for every target_partition in partitions, find in partition_discover:
# - if exists, fetch result from corresponding worker
partition_discover = self.context.partition_discover
results = [partition_discover.get_partition(partition.uuid) for partition in self.partitions]
missing_index = [None if result is not None else i for i, result in enumerate(results)]
missing_index = filter(lambda m: m is not None, missing_index)
print info("collect", missing_index)
# add to job server if missing
job_server = self.context.job_server
for i in range(self.partition_num):
# - if doesn't exist, or previous try failed
if results[i] is None:
# - broadcast a `job` with partition uuid
job_server.add(self.partitions[i])
# 3. keep discovering rdds until found the target_rdd
while True:
missing_index = [None if result is not None else i for i, result in enumerate(results)]
missing_index = filter(lambda m: m is not None, missing_index)
if len(missing_index) is 0:
break
# print 'keep discovering', missing_index
for i in missing_index:
partition = self.partitions[i]
# try to fetch again
results[i] = partition_discover.get_partition(partition.uuid)
# if success this time
if results[i] is not None:
# 4. stop broadcast the `job`
print success("Got " + str(i) + ":" + str(results[i]))
job_server.remove(partition)
gevent.sleep(0.1)
# 5. retrieve result of the rdd
result = []
for element in results:
result += element
return result
def open_redirect(args):
if not args.url:
colors.error('Please enter an URL for scanning')
LOGGER.error('[-] Please enter an URL for scanning')
sys.exit(1)
else:
try:
colors.info("Testing for open redirection Vulnerability")
from lib.others.open_redirection import redirection
redirection.ORVT(args.url)
except ImportError:
colors.error('Could not import the required module')
LOGGER.error('[-] Could not import the required module')
except Exception as e:
print(e)
LOGGER.error(e)
sys.exit(1)
if __name__ == '__main__':
# 1. broadcast a `worker` with new generated uuid, {address=ip:port}
worker = WorkerServer()
# 2. discover `job`, append to jobs
job_discover = JobDiscover()
# 3. start a job server
job_server = JobServer()
# 3. discover `partitions`, append to partitions
partition_discover = PartitionDiscover()
# 4. start a partitions_server
partition_server = PartitionServer()
# 5. start a loop keep trying to get a job from jobs:
while True:
print info('Fetching job...')
# 1. connect to job's source, lock it up to prevent other workers to take it
next_job = job_discover.take_next_job() # block here
print info('Got job.')
# 2. get the dumped_partition, unload it
partition = job_discover.get_partition_from_job(next_job)
if partition is None:
continue
logger.debug('got partition')
# 3. check partition in partition_server
if partition_server.exists(partition.uuid):
print warn('Finished job. Skip')
continue
