def submit_temp_logs_to_db(log):
"""
this function created to submit new events into database
Args:
log: log event in JSON type
Returns:
True if success otherwise False
"""
if isinstance(log, dict):
session = create_connection()
session.add(
TempEvents(target=log["target"],
date=log["date"],
module_name=log["module_name"],
scan_unique_id=log["scan_unique_id"],
event_name=log["event_name"],
options=json.dumps(log["options"]),
event=json.dumps(log["event"]),
data=json.dumps(log["data"])))
return send_submit_query(session)
else:
warn(messages("invalid_json_type_to_db").format(log))
return False
def send_submit_query(query, language):
"""
a function to send submit based queries to db (such as insert and update or delete), it retries 100 times if
connection returned an error.
Args:
query: query to execute
language: language
Returns:
True if submitted success otherwise False
"""
conn = create_connection(language)
if not conn:
return False
try:
for i in range(1, 100):
try:
c = conn.cursor()
c.execute(query)
conn.commit()
conn.close()
return True
except:
time.sleep(0.01)
except:
warn(messages(language, "database_connect_fail"))
return False
return False
def send_read_query(query, language):
"""
a function to send read based queries to db (such as select), it retries 100 times if connection returned an error.
Args:
query: query to execute
language: language
Returns:
return executed query otherwise False
"""
conn = create_connection(language)
if not conn:
return False
try:
for i in range(1, 100):
try:
c = conn.cursor()
return c.execute(query)
except:
time.sleep(0.01)
except:
warn(messages(language, "database_connect_fail"))
return False
return False
def get_gateway_ip_addresses(configuration):
"""
get gateway ip addresses
Args:
configuration: user final configuration
Returns:
list of gateway's IPs
"""
gateway_ips = []
for selected_module in configuration:
container_name = virtual_machine_name_to_container_name(
configuration[selected_module]["virtual_machine_name"],
selected_module)
try:
gateway_ip = os.popen(
"docker inspect -f '{{{{range.NetworkSettings.Networks}}}}"
"{{{{.Gateway}}}}{{{{end}}}}' {0}".format(
container_name)).read().rsplit()[0].replace("\'", "")
gateway_ips.append(gateway_ip)
except IndexError as _:
warn("unable to get container {0} IP address".format(
container_name))
return list(set(gateway_ips))
def load_all_method_args(language):
module_names = []
modules_args = {}
# get module names
for lib in glob('lib/brute/*/engine.py'):
lib = lib.replace('/', '.').replace('\\', '.').rsplit('.py')[0]
if lib not in module_names:
module_names.append(lib)
for lib in glob('lib/scan/*/engine.py'):
lib = lib.replace('/', '.').replace('\\', '.').rsplit('.py')[0]
if lib not in module_names:
module_names.append(lib)
# get args
for imodule in module_names:
try:
extra_requirements_dict = getattr(
__import__(imodule, fromlist=['extra_requirements_dict']),
'extra_requirements_dict')
except:
warn(messages(language, 112).format(imodule))
imodule_args = extra_requirements_dict()
modules_args[imodule] = []
for imodule_arg in imodule_args:
modules_args[imodule].append(imodule_arg)
for imodule in modules_args:
info(
imodule.rsplit('.')[2] + '_' + imodule.rsplit('.')[1] + ' --> ' +
", ".join(modules_args[imodule]))
return module_names
def load_all_modules():
"""
load all available modules
Returns:
an array of all module names
"""
# Search for Modules
# the modules are available in lib/modules/category_name/module_name (e.g. lib/modules/ftp/weak_password
# they will be listed based on the folder names and if "Dockerfile" exist!
# structure of module name: module_name = lib/modules/(category_name/module_name)/__init.py
# example: module_name = lib/modules/(ftp/weak_password)/__init.py = ftp/weak_password
module_names = []
for module in glob(
os.path.dirname(inspect.getfile(lib)) +
'/modules/*/*/__init__.py'):
module_name = module.rsplit('\\' if is_windows() else '/')[-3] + '/' + \
module.rsplit('\\' if is_windows() else '/')[-2]
if os.path.exists(
module.rsplit('__init__.py')[0] + '/' + 'Dockerfile'):
if module_name not in module_names:
module_names.append(module_name)
else:
warn(messages("en", "module_not_available").format(module_name))
return module_names
def _check(__version__, __code_name__, language, socks_proxy):
"""
check for update
Args:
__version__: version number
__code_name__: code name
language: language
socks_proxy: socks proxy
Returns:
True if success otherwise None
"""
try:
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith(
'socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
socks.set_default_proxy(socks_version,
str(socks_proxy.rsplit(':')[0]),
int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
data = requests.get(url, headers={
"User-Agent": "OWASP Nettacker"
}).content
if version() is 3:
data = data.decode("utf-8")
if __version__ + ' ' + __code_name__ == data.rsplit('\n')[0]:
info(messages(language, "last_version"))
else:
warn(messages(language, "not_last_version"))
except:
warn(messages(language, "cannot_update"))
return True
def load_all_modules():
"""
load all available modules
Returns:
an array of all module names
"""
# Search for Modules
# the modules are available in
# modules/category_name/module_name (e.g. modules/ftp/weak_password
# they will be listed based on the folder names and if "Dockerfile" exist!
# structure of module name:
# module_name = modules/(category_name/module_name)/__init.py
# example: module_name = modules/(ftp/weak_password)/__init.py
# = ftp/weak_password
module_names = []
module_basepath = os.path.dirname(inspect.getfile(modules))
path_pattern = module_basepath + '/*/*/__init__.py'
for module in glob(path_pattern):
module_dir = os.path.split(module)[0]
sub_module_name = os.path.split(module_dir)[1]
category_name = os.path.split(os.path.split(module_dir)[0])[1]
module_name = category_name + '/' + sub_module_name
dockerfile_path = os.path.join(module_dir, "Dockerfile")
if os.path.exists(dockerfile_path):
if module_name not in module_names:
module_names.append(module_name)
else:
warn(messages["module_not_available"].format(module_name))
return module_names
def submit_logs_to_db(language, log):
"""
this function created to submit new events into database
Args:
language: language
log: log event in JSON type
Returns:
True if success otherwise False
"""
if isinstance(log, str):
log = json.loads(log)
if isinstance(log, dict):
session = create_connection(language)
session.add(
HostsLog(host=log["HOST"],
date=log["TIME"],
port=log["PORT"],
type=log["TYPE"],
category=log["CATEGORY"],
description=log["DESCRIPTION"].encode('utf8')
if version() is 2 else log["DESCRIPTION"],
username=log["USERNAME"],
password=log["PASSWORD"],
scan_id=log["SCAN_ID"],
scan_cmd=log["SCAN_CMD"]))
return send_submit_query(session, language)
else:
warn(messages(language, "invalid_json_type_to_db").format(log))
return False
def check(target, timeout_sec, language, port):
try:
requests.get(target,
verify=False,
timeout=timeout_sec,
headers=HEADERS)
return True
except Exception:
warn(messages(language, 'no_response'))
return False
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language,
verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd):
if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type(
target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6':
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith(
'socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
if '@' in socks_proxy:
socks_username = socks_proxy.rsplit(':')[0]
socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0]
socks.set_default_proxy(socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]),
int(socks_proxy.rsplit(':')[-1]), username=socks_username,
password=socks_password)
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
else:
socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]),
int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
n = 0
# warning for each target make the screen so messy in IP ranges
# warn(messages(language,"root_required"))
while 1:
r = do_one_ping(target, timeout_sec, 84)
if r is None:
n = n + 1
if n == retries:
if verbose_level > 3:
warn(messages(language, "host_down").format(target))
if verbose_level != 0:
data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '',
'TYPE': 'icmp scan',
'DESCRIPTION': messages(language, "host_down").format(target),
'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id,
'SCAN_CMD': scan_cmd}) + "\n"
__log_into_file(log_in_file, 'a', data, language)
break
else:
pass
else:
info(messages(language, "host_up").format(
target, str(round(r * 1000, 2)) + "ms"))
data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '',
'TYPE': 'icmp scan',
'DESCRIPTION': messages(language, "host_up").format(target,
str(round(r * 1000, 2)) + "ms"),
'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id,
'SCAN_CMD': scan_cmd}) + "\n"
__log_into_file(log_in_file, 'a', data, language)
break
else:
warn(messages(language, "input_target_error").format('icmp_scan', target))
def start(self):
from terminable_thread import Thread
from core.utility import wait_for_threads_to_finish
active_threads = []
from core.alert import warn
from core.alert import verbose_event_info
from core.alert import messages
# counting total number of requests
total_number_of_requests = 0
for payload in self.module_content['payloads']:
if payload['library'] not in self.libraries:
warn(
messages("library_not_supported").format(
payload['library']))
return None
for step in payload['steps']:
for _ in step:
total_number_of_requests += 1
request_number_counter = 0
for payload in self.module_content['payloads']:
protocol = getattr(
__import__('core.module_protocols.{library}'.format(
library=payload['library']),
fromlist=['Engine']), 'Engine')
for step in payload['steps']:
for sub_step in step:
thread = Thread(
target=protocol.run,
args=(sub_step, self.module_name, self.target,
self.scan_unique_id, self.module_inputs,
self.process_number, self.module_thread_number,
self.total_module_thread_number,
request_number_counter,
total_number_of_requests))
thread.name = f"{self.target} -> {self.module_name} -> {sub_step}"
request_number_counter += 1
verbose_event_info(
messages("sending_module_request").format(
self.process_number, self.module_name, self.target,
self.module_thread_number,
self.total_module_thread_number,
request_number_counter, total_number_of_requests))
thread.start()
time.sleep(
self.module_inputs['time_sleep_between_requests'])
active_threads.append(thread)
wait_for_threads_to_finish(
active_threads,
maximum=self.module_inputs['thread_per_host'],
terminable=True)
wait_for_threads_to_finish(active_threads,
maximum=None,
terminable=True)
def _check(__version__, __code_name__, language):
try:
data = requests.get(url, headers={
"User-Agent": "OWASP Nettacker"
}).content
if version() is 3:
data = data.decode("utf-8")
if __version__ + ' ' + __code_name__ == data.rsplit('\n')[0]:
info(messages(language, 103))
else:
warn(messages(language, 101))
except:
warn(messages(language, 102))
return
def check_auth(target, timeout_sec, language, port):
try:
req = requests.get(target,
timeout=timeout_sec,
headers=HEADERS,
verify=False)
if req.status_code not in CODES:
info(messages(language, "no_auth").format(target, port))
return 1
else:
return 0
except requests.exceptions.RequestException:
# logging.exception("message")
warn(messages(language, 'no_response'))
return 1
def send_read_query(query, language):
conn = create_connection(language)
if not conn:
return False
try:
for i in range(1, 100):
try:
c = conn.cursor()
return c.execute(query)
except:
pass
time.sleep(0.01)
except:
warn(messages(language, 168))
return False
return True
def create_connection(language):
try:
# retries
for i in range(0, 100):
try:
return sqlite3.connect(
os.path.join(
os.path.dirname(os.path.dirname(__file__)),
_builder(_core_config(),
_core_default_config())["api_db_name"]))
except:
pass
time.sleep(0.01)
except:
warn(messages(language, 168))
return False
def _check(__version__, __code_name__, language):
from core.compatible import version
if version() is 2:
from urllib import urlopen
if version() is 3:
from urllib.request import urlopen
try:
data = urlopen(url).read()
if version() is 3:
data = data.decode("utf-8")
if __version__ + ' ' + __code_name__ == data.rsplit('\n')[0]:
info(messages(language, 103))
else:
warn(messages(language, 101))
except:
warn(messages(language, 102))
return
def load_all_method_args(language, API=False):
"""
load all ARGS method for each module
Args:
language: language
API: API Flag (default False)
Returns:
all ARGS method in JSON
"""
module_names = []
modules_args = {}
# get module names
for _lib in glob(os.path.dirname(inspect.getfile(lib)) + '/*/*/engine.py'):
_lib = _lib.replace('/', '.').replace('\\', '.')
if '.lib.brute.' in _lib or '.lib.scan.' in _lib or '.lib.vuln.' in _lib:
_lib = 'lib.' + _lib.rsplit('.lib.')[-1].rsplit('.py')[0]
if _lib not in module_names:
module_names.append(_lib)
# get args
res = ""
for imodule in module_names:
_ERROR = False
try:
extra_requirements_dict = getattr(__import__(imodule, fromlist=['extra_requirements_dict']),
'extra_requirements_dict')
except:
warn(messages(language, "module_args_error").format(imodule))
_ERROR = True
if not _ERROR:
imodule_args = extra_requirements_dict()
modules_args[imodule] = []
for imodule_arg in imodule_args:
if API:
res += imodule_arg + "=" + \
",".join(map(str, imodule_args[imodule_arg])) + "\n"
modules_args[imodule].append(imodule_arg)
if API:
return res
for imodule in modules_args:
info(imodule.rsplit('.')[2] + '_' + imodule.rsplit('.')[1] + ' --> '
+ ", ".join(modules_args[imodule]))
return module_names
def check(target, port, headers, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd):
time.sleep(time_sleep)
try:
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith(
'socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
if '@' in socks_proxy:
socks_username = socks_proxy.rsplit(':')[0]
socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0]
socks.set_default_proxy(socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]),
int(socks_proxy.rsplit(':')[-1]), username=socks_username,
password=socks_password)
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
else:
socks.set_default_proxy(socks_version, str(
socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
_n = 0
while 1:
try:
if target_type(target) != "HTTP" and port == 443:
target = 'https://' + target
if target_type(target) != "HTTP" and port == 80:
target = 'http://' + target
target = target + '/xmlrpc.php'
postdata = '''<?xml version="1.0" encoding="utf-8"?><methodCall><methodName>system.listMethods</methodName><params></params></methodCall>'''
_r = requests.post(target, timeout=timeout_sec, verify=False, headers=headers, data=postdata)
if "demo.sayhello" in _r.text.lower():
info(messages(language, "target_vulnerable").format(target, port, "XMLRPC DOS attacks"))
__log_into_file(thread_tmp_filename, 'w', '0', language)
data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': port, 'TYPE': 'wp_xmlrpc_dos_vuln', 'DESCRIPTION': messages(language, "vulnerable").format("XML-RPC DOS attacks!!"), 'TIME': now(), 'CATEGORY': "vuln", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + "\n"
__log_into_file(log_in_file, 'a', data, language)
except Exception:
_n += 1
if _n is retries:
warn(messages(language, "http_connection_timeout").format(target))
return 1
return True
except Exception:
return False
def create_connection():
"""
a function to create connections to db, it retries 100 times if connection returned an error
Returns:
connection if success otherwise False
"""
try:
for _ in range(0, 100):
try:
db_engine = create_engine(
db_inputs(DB), connect_args={'check_same_thread': False})
Session = sessionmaker(bind=db_engine)
session = Session()
return session
except Exception:
time.sleep(0.01)
except Exception:
warn(messages("database_connect_fail"))
return False
def create_connection(language):
"""
a function to create connections to db, it retries 100 times if connection returned an error
Args:
language: language
Returns:
connection if success otherwise False
"""
try:
for i in range(0, 100):
try:
db_engine = create_engine(db_inputs(DB))
Session = sessionmaker(bind=db_engine)
session = Session()
return session
except:
time.sleep(0.01)
except:
warn(messages(language, "database_connect_fail"))
return False
def send_submit_query(session):
"""
a function to send submit based queries to db (such as insert and update or delete), it retries 100 times if
connection returned an error.
Args:
session: session to commit
Returns:
True if submitted success otherwise False
"""
try:
for _ in range(1, 100):
try:
session.commit()
return True
except Exception:
time.sleep(0.01)
except Exception as _:
warn(messages("database_connect_fail"))
return False
return False
def _check(__version__, __code_name__, language, socks_proxy):
try:
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith(
'socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
socks.set_default_proxy(socks_version,
str(socks_proxy.rsplit(':')[0]),
int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
data = requests.get(url, headers={
"User-Agent": "OWASP Nettacker"
}).content
if version() is 3:
data = data.decode("utf-8")
if __version__ + ' ' + __code_name__ == data.rsplit('\n')[0]:
info(messages(language, 103))
else:
warn(messages(language, 101))
except:
warn(messages(language, 102))
return
def create_connection(language):
"""
a function to create sqlite3 connections to db, it retries 100 times if connection returned an error
Args:
language: language
Returns:
sqlite3 connection if success otherwise False
"""
try:
# retries
for i in range(0, 100):
try:
return sqlite3.connect(
os.path.join(
os.path.dirname(os.path.dirname(__file__)),
_builder(_core_config(),
_core_default_config())["api_db_name"]))
except:
time.sleep(0.01)
except:
warn(messages(language, "database_connect_fail"))
return False
def test_warn(self):
msg_content = "Error"
print("this test will spit the message_content in warning format")
warn(msg_content)
def start_attack(target, num, total, scan_method, users, passwds, timeout_sec,
thread_number, ports, log_in_file, time_sleep, language,
verbose_level, socks_proxy, retries, ping_flag, methods_args,
scan_id, scan_cmd):
"""
start new attack for each target
Args:
target: target
num: number of process
total: number of total processes
scan_method: module name
users: usernames
passwds: passwords
timeout_sec: timeout seconds
thread_number: thread number
ports: port numbers
log_in_file: output filename
time_sleep: time sleep
language: language
verbose_level: verbose level number
socks_proxy: socks proxy
retries: number of retries
ping_flag: ping before scan flag
methods_args: module name
scan_id: scan hash id
scan_cmd: scan cmd
Returns:
True of success otherwise None
"""
if verbose_level >= 1:
info(
messages(language, "start_attack").format(str(target), str(num),
str(total)))
if ping_flag:
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith(
'socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
if '@' in socks_proxy:
socks_username = socks_proxy.rsplit(':')[0]
socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0]
socks.set_default_proxy(
socks_version,
str(socks_proxy.rsplit('@')[1].rsplit(':')[0]),
int(socks_proxy.rsplit(':')[-1]),
username=socks_username,
password=socks_password)
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
else:
socks.set_default_proxy(socks_version,
str(socks_proxy.rsplit(':')[0]),
int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
if do_one_ping(target, timeout_sec, 8) is None:
if verbose_level >= 3:
warn(
messages(language,
"skipping_target").format(target, scan_method))
return None
# Calling Engines
try:
start = getattr(
__import__('lib.{0}.{1}.engine'.format(
scan_method.rsplit('_')[-1],
'_'.join(scan_method.rsplit('_')[:-1])),
fromlist=['start']), 'start')
except:
__die_failure(
messages(language, "module_not_available").format(scan_method))
start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level, socks_proxy,
retries, methods_args, scan_id, scan_cmd)
return True
def check_all_required(
targets, targets_list, thread_number, thread_number_host, log_in_file,
scan_method, exclude_method, users, users_list, passwds, passwds_list,
timeout_sec, ports, parser, module_names, language, verbose_level,
show_version, check_update, socks_proxy, retries, graph_flag,
help_menu_flag, methods_args, method_args_list, wizard_mode, profile,
start_api, api_host, api_port, api_debug_mode, api_access_key,
api_client_white_list, api_client_white_list_ips, api_access_log,
api_access_log_filename):
# Checking Requirements
# import libs
from core import compatible
# Check Help Menu
if help_menu_flag:
parser.print_help()
write("\n\n")
write(messages(language, 3))
__die_success()
# Check if method args list called
if method_args_list:
from core.load_modules import load_all_method_args
load_all_method_args(language)
__die_success()
# Check version
if show_version:
from core import color
info(
messages(language,
84).format(color.color("yellow"), compatible.__version__,
color.color("reset"), color.color("cyan"),
compatible.__code_name__, color.color("reset"),
color.color("green")))
__die_success()
# API mode
if start_api:
from api.engine import _start_api
from core.targets import target_type
from core.ip import _generate_IPRange
try:
api_port = int(api_port)
except:
__die_failure(messages(language, 154))
if api_client_white_list:
if type(api_client_white_list_ips) != type([]):
api_client_white_list_ips = list(
set(api_client_white_list_ips.rsplit(",")))
hosts = []
for data in api_client_white_list_ips:
if target_type(data) == "SINGLE_IPv4":
if data not in hosts:
hosts.append(data)
elif target_type(data) == "RANGE_IPv4":
for cidr in _generate_IPRange(data):
for ip in cidr:
if ip not in hosts:
hosts.append(ip)
elif target_type(data) == "CIDR_IPv4":
for ip in _generate_IPRange(data):
if ip not in hosts:
hosts.append(str(ip))
else:
__die_failure(messages(language, 155))
api_client_white_list_ips = hosts[:]
if api_access_log:
try:
f = open(api_access_log_filename, 'a')
except:
__die_failure(
messages(language, 40).format(api_access_log_filename))
_start_api(api_host, api_port, api_debug_mode, api_access_key,
api_client_white_list, api_client_white_list_ips,
api_access_log, api_access_log_filename, language)
# Wizard mode
if wizard_mode:
(targets, thread_number, thread_number_host,
log_in_file, scan_method, exclude_method, users,
passwds, timeout_sec, ports, verbose_level,
socks_proxy, retries, graph_flag) = \
__wizard(
targets, thread_number, thread_number_host,
log_in_file, module_names, exclude_method, users,
passwds, timeout_sec, ports, verbose_level,
socks_proxy, retries, load_all_graphs(), language
)
# Select a Profile
if profile is not None:
_all_profiles = _builder(_profiles(), default_profiles())
if scan_method is None:
scan_method = ""
else:
scan_method += ","
if profile == "all":
profile = ",".join(_all_profiles)
tmp_sm = scan_method
for pr in profile.rsplit(","):
try:
for sm in _all_profiles[pr]:
if sm not in tmp_sm.rsplit(","):
tmp_sm += sm + ","
except:
__die_failure(messages(language, 137).format(pr))
if tmp_sm[-1] == ",":
tmp_sm = tmp_sm[0:-1]
scan_method = ",".join(list(set(tmp_sm.rsplit(","))))
# Check Socks
if socks_proxy is not None:
e = False
if socks_proxy.startswith("socks://"):
socks_flag = 5
socks_proxy = socks_proxy.replace("socks://", "")
elif socks_proxy.startswith("socks5://"):
socks_flag = 5
socks_proxy = socks_proxy.replace("socks5://", "")
elif socks_proxy.startswith("socks4://"):
socks_flag = 4
socks_proxy = socks_proxy.replace("socks4://", "")
else:
socks_flag = 5
if "://" in socks_proxy:
socks_proxy = socks_proxy.rsplit("://")[1].rsplit("/")[0]
try:
if len(socks_proxy.rsplit(":")) < 2 or len(
socks_proxy.rsplit(":")) > 3:
e = True
elif len(socks_proxy.rsplit(":")) is 2 and socks_proxy.rsplit(
":")[1] == "":
e = True
elif len(socks_proxy.rsplit(":")) is 3 and socks_proxy.rsplit(
":")[2] == "":
e = True
except:
e = True
if e:
__die_failure(messages(language, 63))
if socks_flag is 4:
socks_proxy = "socks4://" + socks_proxy
if socks_flag is 5:
socks_proxy = "socks5://" + socks_proxy
# Check update
if check_update:
from core.update import _update
_update(compatible.__version__, compatible.__code_name__, language,
socks_proxy)
__die_success()
# Check the target(s)
if targets is None and targets_list is None:
parser.print_help()
write("\n")
__die_failure(messages(language, 26))
else:
if targets is not None:
targets = list(set(targets.rsplit(",")))
elif targets_list is not None:
try:
targets = list(set(open(targets_list, "rb").read().rsplit()))
except:
__die_failure(messages(language, 27).format(targets_list))
# Check thread number
if thread_number > 101 or thread_number_host > 101:
warn(messages(language, 28))
# Check timeout number
if timeout_sec is not None and timeout_sec >= 15:
warn(messages(language, 29).format(timeout_sec))
# Check scanning method
if scan_method is not None and scan_method == "all":
scan_method = module_names
scan_method.remove("all")
elif scan_method is not None and scan_method not in module_names:
if "*_" in scan_method:
scan_method = scan_method.rsplit(",")
tmp_scan_method = scan_method[:]
for sm in scan_method:
if sm.startswith("*_"):
scan_method.remove(sm)
found_flag = False
for mn in module_names:
if mn.endswith("_" + sm.rsplit("*_")[1]):
scan_method.append(mn)
found_flag = True
if found_flag is False:
__die_failure(messages(language, 117).format(sm))
scan_method = ",".join(scan_method)
if "," in scan_method:
scan_method = scan_method.rsplit(",")
for sm in scan_method:
if sm not in module_names:
__die_failure(messages(language, 30).format(sm))
if sm == "all":
scan_method = module_names
scan_method.remove("all")
break
else:
__die_failure(messages(language, 31).format(scan_method))
elif scan_method is None:
__die_failure(messages(language, 41))
else:
scan_method = scan_method.rsplit()
# Check for exluding scanning method
if exclude_method is not None:
exclude_method = exclude_method.rsplit(",")
for exm in exclude_method:
if exm in scan_method:
if "all" == exm:
__die_failure(messages(language, 32))
else:
scan_method.remove(exm)
if len(scan_method) is 0:
__die_failure(messages(language, 33))
else:
__die_failure(messages(language, 34).format(exm))
# Check port(s)
if type(ports) is not list and ports is not None and "-" in ports:
ports = ports.rsplit("-")
ports = range(int(ports[0]), int(ports[1]) + 1)
elif type(ports) is not list and ports is not None:
ports = ports.rsplit(",")
# Check user list
if users is not None:
users = list(set(users.rsplit(",")))
elif users_list is not None:
try:
users = list(set(
open(users_list).read().rsplit("\n"))) # fix later
except:
__die_failure(messages(language, 37).format(targets_list))
# Check password list
if passwds is not None:
passwds = list(set(passwds.rsplit(",")))
if passwds_list is not None:
try:
passwds = list(set(
open(passwds_list).read().rsplit("\n"))) # fix later
except:
__die_failure(messages(language, 39).format(targets_list))
# Check output file
try:
tmpfile = open(log_in_file, "w")
except:
__die_failure(messages(language, 40).format(log_in_file))
# Check Graph
if graph_flag is not None:
if graph_flag not in load_all_graphs():
__die_failure(messages(language, 97).format(graph_flag))
if not (log_in_file.endswith(".html") or log_in_file.endswith(".htm")):
warn(messages(language, 87))
graph_flag = None
# Check Methods ARGS
if methods_args is not None:
new_methods_args = {}
methods_args = methods_args.rsplit("&")
for imethod_args in methods_args:
if len(imethod_args.rsplit("=")) is 2:
if imethod_args.rsplit("=")[1].startswith("read_from_file:"):
try:
read_data = list(
set(
open(
imethod_args.rsplit("=read_from_file:")
[1]).read().rsplit("\n")))
except:
__die_failure(messages(language, 36))
new_methods_args[imethod_args.rsplit("=")[0]] = read_data
else:
new_methods_args[imethod_args.rsplit(
"=")[0]] = imethod_args.rsplit("=")[1].rsplit(",")
else:
new_methods_args[imethod_args.rsplit("=")[0]] = ""
methods_args = new_methods_args
# Return the values
return [
targets, targets_list, thread_number, thread_number_host, log_in_file,
scan_method, exclude_method, users, users_list, passwds, passwds_list,
timeout_sec, ports, parser, module_names, language, verbose_level,
show_version, check_update, socks_proxy, retries, graph_flag,
help_menu_flag, methods_args, method_args_list, wizard_mode, profile,
start_api, api_host, api_port, api_debug_mode, api_access_key,
api_client_white_list, api_client_white_list_ips, api_access_log,
api_access_log_filename
]
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language,
verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type(
target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6':
# rand useragent
user_agent_list = useragents()
headers = {'User-agent': random.choice(user_agent_list), 'Content-Type': 'text/xml'}
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[
extra_requirement] = methods_args[extra_requirement]
extra_requirements = new_extra_requirements
threads = []
if ports is None:
ports = extra_requirements["wp_xmlrpc_dos_vuln_ports"]
if verbose_level > 3:
total_req = len(ports)
else:
total_req = len(ports)
thread_tmp_filename = '{}/tmp/thread_tmp_'.format(load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits) for _ in range(20))
__log_into_file(thread_tmp_filename, 'w', '1', language)
trying = 0
if target_type(target) != "HTTP":
target = 'https://' + target
for port in ports:
if test(str(target), port, headers, socks_proxy) is True:
keyboard_interrupt_flag = False
t = threading.Thread(target=check, args=(target, port, headers, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(messages(language, "trying_message").format(trying, total_req, num, total, target_to_host(target), port, 'wp_xmlrpc_dos_vuln'))
while 1:
try:
if threading.activeCount() >= thread_number:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
keyboard_interrupt_flag = True
break
if keyboard_interrupt_flag:
break
else:
warn(messages(language, "open_error").format(target))
# wait for threads
kill_switch = 0
kill_time = int(
timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() == 1 or kill_switch == kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write == 1 and verbose_level != 0:
info(messages(language, "no_vulnerability_found").format(
'XML-RPC'))
data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': port, 'TYPE': 'wp_xmlrpc_dos_vuln', 'DESCRIPTION': messages(language, "no_vulnerability_found").format("XML-RPC DOS attacks"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + "\n"
__log_into_file(log_in_file, 'a', data, language)
os.remove(thread_tmp_filename)
else:
warn(messages(language, "input_target_error").format(
'wp_xmlrpc_dos_vuln', target))
def check_all_required(targets, targets_list, thread_number,
thread_number_host, log_in_file, scan_method,
exclude_method, users, users_list, passwds,
passwds_list, timeout_sec, ports, parser, module_names,
language, verbose_level, show_version, check_update,
socks_proxy, retries, graph_flag, help_menu_flag,
methods_args, method_args_list):
# Checking Requirements
# import libs
from core.color import finish
from core import compatible
# Check Help Menu
if help_menu_flag is True:
parser.print_help()
write('\n\n')
write(messages(language, 3))
finish()
sys.exit(0)
# Check if method args list called
if method_args_list is True:
from core.load_modules import load_all_method_args
load_all_method_args(language)
finish()
sys.exit(0)
# Check version
if show_version is True:
from core import color
info(
messages(language,
84).format(color.color('yellow'), compatible.__version__,
color.color('reset'), color.color('cyan'),
compatible.__code_name__, color.color('reset'),
color.color('green')))
finish()
sys.exit(0)
# Check update
if check_update is True:
from core.update import _update
_update(compatible.__version__, compatible.__code_name__, language)
finish()
sys.exit(0)
# Check the target(s)
if targets is None and targets_list is None:
parser.print_help()
write("\n")
error(messages(language, 26))
finish()
sys.exit(1)
else:
if targets is not None:
targets = list(set(targets.rsplit(",")))
elif targets_list is not None:
try:
targets = list(set(open(targets_list, "rb").read().rsplit()))
except:
error(messages(language, 27).format(targets_list))
finish()
sys.exit(1)
# Check thread number
if thread_number > 100 or thread_number_host > 100:
warn(messages(language, 28))
# Check timeout number
if timeout_sec is not None and timeout_sec >= 15:
warn(messages(language, 29).format(timeout_sec))
# Check scanning method
if scan_method is not None and scan_method == "all":
scan_method = module_names
scan_method.remove("all")
elif scan_method is not None and scan_method not in module_names:
if "," in scan_method:
scan_method = scan_method.rsplit(",")
for sm in scan_method:
if sm not in module_names:
error(messages(language, 30).format(sm))
finish()
sys.exit(1)
if sm == "all":
scan_method = module_names
scan_method.remove("all")
break
else:
error(messages(language, 31).format(scan_method))
finish()
sys.exit(1)
elif scan_method is None:
error(messages(language, 41))
finish()
sys.exit(1)
else:
scan_method = scan_method.rsplit()
if exclude_method is not None:
exclude_method = exclude_method.rsplit(",")
for exm in exclude_method:
if exm in scan_method:
if "all" == exm:
messages(language, 32)
finish()
sys.exit(1)
else:
scan_method.remove(exm)
if len(scan_method) is 0:
messages(language, 33)
finish()
sys.exit(1)
else:
messages(language, 34).format(exm)
finish()
sys.exit(1)
# Check port(s)
if type(ports) is not list and ports is not None and "-" in ports:
ports = ports.rsplit("-")
ports = range(int(ports[0]), int(ports[1]) + 1)
elif type(ports) is not list and ports is not None:
ports = ports.rsplit(",")
# Check user list
if users is not None:
users = list(set(users.rsplit(",")))
elif users_list is not None:
try:
users = list(set(
open(users_list).read().rsplit("\n"))) # fix later
except:
error(messages(language, 37).format(targets_list))
finish()
sys.exit(1)
# Check password list
if passwds is not None:
passwds = list(set(passwds.rsplit(",")))
if passwds_list is not None:
try:
passwds = list(set(
open(passwds_list).read().rsplit("\n"))) # fix later
except:
error(messages(language, 39).format(targets_list))
finish()
sys.exit(1)
# Check output file
try:
tmpfile = open(log_in_file, "w")
except:
error(messages(language, 40).format(log_in_file))
finish()
sys.exit(1)
# Check Graph
if graph_flag is not None:
if graph_flag not in load_all_graphs():
error(messages(language, 97).format(graph_flag))
finish()
sys.exit(1)
if not (log_in_file.endswith('.html') or log_in_file.endswith('.htm')):
warn(messages(language, 87))
graph_flag = None
# Check Socks
if socks_proxy is not None:
e = False
try:
if '://' in socks_proxy:
socks_proxy = socks_proxy.rsplit('://')[1].rsplit('/')[0]
if len(socks_proxy.rsplit(':')) is not 2 or socks_proxy.rsplit(
':')[1] == '':
e = True
except:
e = True
if e:
error(messages(language, 63))
finish()
sys.exit(1)
# Check Methods ARGS
if methods_args is not None:
new_methods_args = {}
methods_args = methods_args.rsplit('&')
for imethod_args in methods_args:
if len(imethod_args.rsplit('=')) is 2:
if imethod_args.rsplit('=')[1].startswith('read_from_file:'):
try:
read_data = list(
set(
open(
imethod_args.rsplit('=read_from_file:')
[1]).read().rsplit('\n')))
except:
error(messages(language, 36))
finish()
sys.exit(1)
new_methods_args[imethod_args.rsplit('=')[0]] = read_data
else:
new_methods_args[imethod_args.rsplit(
'=')[0]] = imethod_args.rsplit('=')[1].rsplit(',')
else:
new_methods_args[imethod_args.rsplit('=')[0]] = ""
methods_args = new_methods_args
# Return the values
return [
targets, targets_list, thread_number, thread_number_host, log_in_file,
scan_method, exclude_method, users, users_list, passwds, passwds_list,
timeout_sec, ports, parser, module_names, language, verbose_level,
show_version, check_update, socks_proxy, retries, graph_flag,
help_menu_flag, methods_args, method_args_list
]
def check_all_required(targets, targets_list, thread_number, thread_number_host,
log_in_file, scan_method, exclude_method, users, users_list,
passwds, passwds_list, timeout_sec, ports, parser, module_names,
language, verbose_level, show_version, check_update, socks_proxy,
retries, graph_flag, help_menu_flag, methods_args, method_args_list,
wizard_mode, profile):
# Checking Requirements
# import libs
from core import compatible
# Check Help Menu
if help_menu_flag:
parser.print_help()
write('\n\n')
write(messages(language, 3))
__die_success()
# Check if method args list called
if method_args_list:
from core.load_modules import load_all_method_args
load_all_method_args(language)
__die_success()
# Check version
if show_version:
from core import color
info(messages(language, 84).format(color.color('yellow'), compatible.__version__, color.color('reset'),
color.color('cyan'), compatible.__code_name__, color.color('reset'),
color.color('green')))
__die_success()
# Wizard mode
if wizard_mode:
(targets, thread_number, thread_number_host,
log_in_file, scan_method, exclude_method, users,
passwds, timeout_sec, ports, verbose_level,
socks_proxy, retries, graph_flag) = \
__wizard(
targets, thread_number, thread_number_host,
log_in_file, module_names, exclude_method, users,
passwds, timeout_sec, ports, verbose_level,
socks_proxy, retries, load_all_graphs(), language
)
# Select a Profile
if profile is not None:
_all_profiles = _builder(get_profiles(), all_profiles())
if scan_method is None:
scan_method = ''
else:
scan_method += ','
if profile == 'all':
profile = ','.join(_all_profiles)
tmp_sm = scan_method
for pr in profile.rsplit(','):
try:
for sm in _all_profiles[pr]:
if sm not in tmp_sm.rsplit(','):
tmp_sm += sm + ','
except:
__die_failure(messages(language, 137).format(pr))
if tmp_sm[-1] == ',':
tmp_sm = tmp_sm[0:-1]
scan_method = ','.join(list(set(tmp_sm.rsplit(','))))
# Check Socks
if socks_proxy is not None:
e = False
if socks_proxy.startswith('socks://'):
socks_flag = 5
socks_proxy = socks_proxy.replace('socks://', '')
elif socks_proxy.startswith('socks5://'):
socks_flag = 5
socks_proxy = socks_proxy.replace('socks5://', '')
elif socks_proxy.startswith('socks4://'):
socks_flag = 4
socks_proxy = socks_proxy.replace('socks4://', '')
else:
socks_flag = 5
if '://' in socks_proxy:
socks_proxy = socks_proxy.rsplit('://')[1].rsplit('/')[0]
try:
if len(socks_proxy.rsplit(':')) < 2 or len(socks_proxy.rsplit(':')) > 3:
e = True
elif len(socks_proxy.rsplit(':')) is 2 and socks_proxy.rsplit(':')[1] == '':
e = True
elif len(socks_proxy.rsplit(':')) is 3 and socks_proxy.rsplit(':')[2] == '':
e = True
except:
e = True
if e:
__die_failure(messages(language, 63))
if socks_flag is 4:
socks_proxy = 'socks4://' + socks_proxy
if socks_flag is 5:
socks_proxy = 'socks5://' + socks_proxy
# Check update
if check_update:
from core.update import _update
_update(compatible.__version__, compatible.__code_name__, language, socks_proxy)
__die_success()
# Check the target(s)
if targets is None and targets_list is None:
parser.print_help()
write("\n")
__die_failure(messages(language, 26))
else:
if targets is not None:
targets = list(set(targets.rsplit(",")))
elif targets_list is not None:
try:
targets = list(set(open(targets_list, "rb").read().rsplit()))
except:
__die_failure(messages(language, 27).format(targets_list))
# Check thread number
if thread_number > 100 or thread_number_host > 100:
warn(messages(language, 28))
# Check timeout number
if timeout_sec is not None and timeout_sec >= 15:
warn(messages(language, 29).format(timeout_sec))
# Check scanning method
if scan_method is not None and scan_method == "all":
scan_method = module_names
scan_method.remove("all")
elif scan_method is not None and scan_method not in module_names:
if "*_" in scan_method:
scan_method = scan_method.rsplit(',')
tmp_scan_method = scan_method[:]
for sm in scan_method:
if sm.startswith('*_'):
scan_method.remove(sm)
found_flag = False
for mn in module_names:
if mn.endswith('_' + sm.rsplit('*_')[1]):
scan_method.append(mn)
found_flag = True
if found_flag is False:
__die_failure(messages(language, 117).format(sm))
scan_method = ','.join(scan_method)
if "," in scan_method:
scan_method = scan_method.rsplit(",")
for sm in scan_method:
if sm not in module_names:
__die_failure(messages(language, 30).format(sm))
if sm == "all":
scan_method = module_names
scan_method.remove("all")
break
else:
__die_failure(messages(language, 31).format(scan_method))
elif scan_method is None:
__die_failure(messages(language, 41))
else:
scan_method = scan_method.rsplit()
# Check for exluding scanning method
if exclude_method is not None:
exclude_method = exclude_method.rsplit(",")
for exm in exclude_method:
if exm in scan_method:
if "all" == exm:
__die_failure(messages(language, 32))
else:
scan_method.remove(exm)
if len(scan_method) is 0:
__die_failure(messages(language, 33))
else:
__die_failure(messages(language, 34).format(exm))
# Check port(s)
if type(ports) is not list and ports is not None and "-" in ports:
ports = ports.rsplit("-")
ports = range(int(ports[0]), int(ports[1]) + 1)
elif type(ports) is not list and ports is not None:
ports = ports.rsplit(",")
# Check user list
if users is not None:
users = list(set(users.rsplit(",")))
elif users_list is not None:
try:
users = list(set(open(users_list).read().rsplit("\n"))) # fix later
except:
__die_failure(messages(language, 37).format(targets_list))
# Check password list
if passwds is not None:
passwds = list(set(passwds.rsplit(",")))
if passwds_list is not None:
try:
passwds = list(set(open(passwds_list).read().rsplit("\n"))) # fix later
except:
__die_failure(messages(language, 39).format(targets_list))
# Check output file
try:
tmpfile = open(log_in_file, "w")
except:
__die_failure(messages(language, 40).format(log_in_file))
# Check Graph
if graph_flag is not None:
if graph_flag not in load_all_graphs():
__die_failure(messages(language, 97).format(graph_flag))
if not (log_in_file.endswith('.html') or log_in_file.endswith('.htm')):
warn(messages(language, 87))
graph_flag = None
# Check Methods ARGS
if methods_args is not None:
new_methods_args = {}
methods_args = methods_args.rsplit('&')
for imethod_args in methods_args:
if len(imethod_args.rsplit('=')) is 2:
if imethod_args.rsplit('=')[1].startswith('read_from_file:'):
try:
read_data = list(set(open(imethod_args.rsplit('=read_from_file:')[1]).read().rsplit('\n')))
except:
__die_failure(messages(language, 36))
new_methods_args[imethod_args.rsplit('=')[0]] = read_data
else:
new_methods_args[imethod_args.rsplit('=')[0]] = imethod_args.rsplit('=')[1].rsplit(',')
else:
new_methods_args[imethod_args.rsplit('=')[0]] = ""
methods_args = new_methods_args
# Return the values
return [targets, targets_list, thread_number, thread_number_host,
log_in_file, scan_method, exclude_method, users, users_list,
passwds, passwds_list, timeout_sec, ports, parser, module_names,
language, verbose_level, show_version, check_update, socks_proxy,
retries, graph_flag, help_menu_flag, methods_args, method_args_list,
wizard_mode, profile]
