def run_port_scan(host):
""" Pointer to run a Port Scan on a given host """
if re.search(IP_ADDRESS_REGEX, host) is not None:
LOGGER.info("Starting port scan on IP: {}".format(host))
LOGGER.info(PortScanner(host).connect_to_host())
elif re.search(URL_REGEX,
host) is not None and re.search(QUERY_REGEX, host) is None:
try:
LOGGER.info("Fetching resolve IP...")
ip_address = socket.gethostbyname(host)
LOGGER.info("Done! IP: {}".format(ip_address))
LOGGER.info("Starting scan on URL: {} IP: {}".format(
host, ip_address))
PortScanner(ip_address).connect_to_host()
except socket.gaierror:
error_message = "Unable to resolve IP address from {}.".format(
host)
error_message += " You can manually get the IP address and try again,"
error_message += " dropping the query parameter in the URL (IE php?id=),"
error_message += " or dropping the http or https"
error_message += " and adding www in place of it. IE www.google.com"
error_message += " may fix this issue."
LOGGER.fatal(error_message)
else:
error_message = "You need to provide a host to scan,"
error_message += " this can be given in the form of a URL "
error_message += "or a IP address."
LOGGER.fatal(error_message)
def create_packet():
try:
return socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)
except socket.error, e:
error_message = "Unable to create raw IP packet."
error_message += " IP packet failed with error code: {}".format(e)
LOGGER.fatal(error_message)
def run_dork_checker(dork):
""" Pointer to run a Dork Check on a given Google Dork """
LOGGER.info("Starting dork scan, using query: '{}'..".format(dork))
try:
LOGGER.info(DorkScanner(dork).check_urls_for_queries())
except HTTPError:
LOGGER.fatal(GoogleBlockException(GOOGLE_TEMP_BLOCK_ERROR_MESSAGE))
def run_xss_scan(url, url_file=None, proxy=None, user_agent=False):
""" Pointer to run a XSS Scan on a given URL """
proxy = proxy if proxy is not None else None
header = RANDOM_USER_AGENT if user_agent is not False else None
if proxy is not None:
LOGGER.info("Proxy configured, running through: {}".format(proxy))
if user_agent is True:
LOGGER.info("Grabbed random user agent: {}".format(header))
if url_file is not None: # Scan a given file full of URLS
file_path = url_file
total = len(open(url_file).readlines())
done = 0
LOGGER.info("Found a total of {} URLS to scan..".format(total))
with open(file_path) as urls:
for url in urls.readlines():
if QUERY_REGEX.match(url.strip()):
question = prompt(
"Would you like to scan '{}' for XSS vulnerabilities[y/N]: "
.format(url.strip()))
if question.lower().startswith("y"):
done += 1
if not xss.main(
url.strip(), proxy=proxy, headers=header):
LOGGER.info(
"URL '{}' does not appear to be vulnerable to XSS"
.format(url.strip()))
else:
LOGGER.info(
"URL '{}' appears to be vulnerable to XSS".
format(url.strip()))
LOGGER.info("URLS scanned: {}, URLS left: {}".format(
done, total - done))
else:
pass
else:
LOGGER.warn(
"URL '{}' does not contain a query (GET) parameter, skipping"
.format(url.strip()))
LOGGER.info("All URLS in file have been scanned, shutting down..")
else: # Scan a single URL
if QUERY_REGEX.match(url):
LOGGER.info("Searching: {} for XSS vulnerabilities..".format(
url, proxy=proxy, headers=header))
if not xss.main(url, proxy=proxy, headers=header):
LOGGER.error(
"{} does not appear to be vulnerable to XSS".format(url))
else:
LOGGER.info("{} seems to be vulnerable to XSS.".format(url))
else:
error_message = "The URL you provided does not contain a query "
error_message += "(GET) parameter. In order for this scan you run "
error_message += "successfully you will need to provide a URL with "
error_message += "A query (GET) parameter example: http://127.0.0.1/php?id=2"
LOGGER.fatal(error_message)
def run_sqli_scan(url,
url_file=None,
proxy=None,
user_agent=False,
tamper=None):
""" Pointer to run a SQLi Scan on a given URL """
error_message = "URL: '{}' threw an exception ".format(url)
error_message += "and Pybelt is unable to resolve the URL, "
error_message += "this could mean that the URL is not allowing connections "
error_message += "or that the URL is bad. Attempt to connect "
error_message += "to the URL manually, if a connection occurs "
error_message += "make an issue."
if url_file is not None: # Run through a file list
file_path = url_file
total = len(open(file_path).readlines())
done = 0
LOGGER.info("Found a total of {} urls in file {}..".format(
total, file_path))
with open(file_path) as urls:
for url in urls.readlines():
try:
if QUERY_REGEX.match(url.strip()):
question = prompt(
"Would you like to scan '{}' for SQLi vulnerabilities[y/N]: "
.format(url.strip()))
if question.lower().startswith("y"):
LOGGER.info("Starting scan on url: '{}'".format(
url.strip()))
LOGGER.info(SQLiScanner(url.strip()).sqli_search())
done += 1
LOGGER.info(
"URLS scanned: {}, URLS left: {}".format(
done, total - done))
else:
pass
else:
LOGGER.warn(
"URL '{}' does not contain a query (GET) parameter, skipping.."
.format(url.strip()))
pass
except HTTPError:
LOGGER.fatal(error_message)
LOGGER.info("No more URLS found in file, shutting down..")
else: # Run a single URL
try:
if QUERY_REGEX.match(url):
LOGGER.info("Starting SQLi scan on '{}'..".format(url))
LOGGER.info(SQLiScanner(url).sqli_search())
else:
LOGGER.error(
"URL does not contain a query (GET) parameter. Example: http://example.com/php?id=2"
)
except HTTPError:
LOGGER.fatal(error_message)
def run_hash_cracker(hash_to_crack):
""" Pointer to run the Hash Cracking system """
try:
items = list(''.join(hash_to_crack).split(":"))
if items[1] == "all":
LOGGER.info(
"Starting hash cracking without knowledge of algorithm...")
HashCracker(items[0]).try_all_algorithms()
else:
LOGGER.info("Starting hash cracking using %s as algorithm type.." %
items[1])
HashCracker(items[0], type=items[1]).try_certain_algorithm()
except IndexError:
error_message = "You must specify a hash type in order for this to work. "
error_message += "Example: 'python pybelt.py -c 098f6bcd4621d373cade4e832627b4f6:md5'"
LOGGER.fatal(error_message)
def try_certain_algorithm(self):
""" Use a certain type of algorithm to do the hashing, md5, sha256, etc..
>>> HashCracker("9a8b1b7eee229046fc2701b228fc2aff", type="md5").try_certain_algorithm()
{... ,'9a8b1b7eee229046fc2701b228fc2aff': ['want', 'md5'], ...} """
data = hashlib.new(self.type)
for word in self.words:
data.update(word.strip())
self.results[data.hexdigest()] = [word.strip(), self.type]
LOGGER.info("Created %i hashes to verify.." % len(self.results.keys()))
LOGGER.info("Attempting to crack hash (%s).." % self.hash)
if self.verify_hashes() is False:
error_message = "Unable to verify %s against %i different hashes." % (self.hash, len(self.results))
error_message += " You used algorithm: %s you can attempt all algorithms " % str(self.type).upper()
error_message += "available on the system by running with 'all' as the hash type. "
error_message += "IE: python pybelt.py -c 9a8b1b7eee229046fc2701b228fc2aff:all"
LOGGER.fatal(error_message)
exit(1)
def run_sqli_scan(url, proxy=None, user_agent=False):
""" Pointer to run a SQLi Scan on a given URL """
try:
if QUERY_REGEX.match(url):
LOGGER.info("Starting SQLi scan on '{}'..".format(url))
LOGGER.info(SQLiScanner(url).sqli_search())
else:
LOGGER.error(
"URL does not contain a query (GET) parameter. Example: http://example.com/php?id=2"
)
except HTTPError as e:
error_message = "URL: '{}' threw an exception: '{}' ".format(url, e)
error_message += "and Pybelt is unable to resolve the URL, "
error_message += "this could mean that the URL is not allowing connections "
error_message += "or that the URL is bad. Attempt to connect "
error_message += "to the URL manually, if a connection occurs "
error_message += "make an issue."
LOGGER.fatal(error_message)
def try_all_algorithms(self):
""" Try every algorithm available on the computer using the 'algorithms_available' functions from hashlib
an example of this functions would be:
>>> print(hashlib.algorithms_available)
set(['SHA1', 'SHA224', 'SHA', 'SHA384', ...])
>>> HashCracker("9a8b1b7eee229046fc2701b228fc2aff", type=None).try_all_algorithms()
{..., 'dc1e4c61bea0e5390c140fb1299a68a0f31b7af51f90abbd058f09689a8bb823': ['1 endow', 'sha256'],
'362b004395a3f52d9a0132868bd180bd': ['17 fellowship', 'MD5'],
'03195f6b6fa8dc1951f4944aed8cc4582cd72321': ['lovingkindness', 'RIPEMD160'], ..."""
for alg in hashlib.algorithms_available:
for word in self.words:
data = hashlib.new(alg)
data.update(word.strip())
self.results[data.hexdigest()] = [word.strip(), alg]
LOGGER.info("Created %i hashes, verifying against given hash (%s)" % (len(self.results), self.hash))
if self.verify_hashes() is False:
LOGGER.fatal("Unable to verify hash: %s" % self.hash)
else:
return self.verify_hashes()
def run_xss_scan(url, proxy=None, user_agent=False):
""" Pointer to run a XSS Scan on a given URL """
if QUERY_REGEX.match(url):
proxy = proxy if proxy is not None else None
header = RANDOM_USER_AGENT if user_agent is not False else None
if proxy is not None:
LOGGER.info("Proxy configured, running through: {}".format(proxy))
if user_agent is True:
LOGGER.info("Grabbed random user agent: {}".format(header))
LOGGER.info("Searching: {} for XSS vulnerabilities..".format(
url, proxy=proxy, headers=header))
if not xss.main(url, proxy=proxy, headers=header):
LOGGER.error(
"{} does not appear to be vulnerable to XSS".format(url))
else:
LOGGER.info("{} seems to be vulnerable to XSS.".format(url))
else:
error_message = "The URL you provided does not contain a query "
error_message += "(GET) parameter. In order for this scan you run "
error_message += "successfully you will need to provide a URL with "
error_message += "A query (GET) parameter example: http://127.0.0.1/php?id=2"
LOGGER.fatal(error_message)
def run_dork_checker(dork, dork_file=None, proxy=None):
""" Pointer to run a Dork Check on a given Google Dork """
if dork is not None:
LOGGER.info("Starting dork scan, using query: '{}'..".format(dork))
try:
LOGGER.info(
DorkScanner(dork, dork_file=dork_file,
proxy=proxy).check_urls_for_queries())
except HTTPError:
LOGGER.fatal(GoogleBlockException(GOOGLE_TEMP_BLOCK_ERROR_MESSAGE))
elif dork is None and dork_file is not None:
if proxy is None:
proxy_warn = "It is advised to use proxies while running "
proxy_warn += "a dork list due to the temporary Google "
proxy_warn += "bans.."
LOGGER.warning(proxy_warn)
question = prompt(
"Would you like to find proxies with the built in finder first[y/N]: "
)
if question.upper().startswith("Y"):
subprocess.call(["python", "pybelt.py", "-f"])
else:
pass
try:
with open("{}".format(dork_file)) as dork_list:
for dork in dork_list.readlines():
LOGGER.info("Starting dork scan on {}..".format(
dork.strip()))
LOGGER.info(
DorkScanner(dork, dork_file=dork_file,
proxy=proxy).check_urls_for_queries())
except HTTPError:
LOGGER.fatal(GoogleBlockException(GOOGLE_TEMP_BLOCK_ERROR_MESSAGE))
except IOError:
LOGGER.fatal(
"The filename {} does not exist, please verify path and try again"
.format(dork_file))
help=argparse.SUPPRESS)
opts.add_argument('--tamper',
metavar="SCRIPT",
dest="tamper",
help=argparse.SUPPRESS)
args = opts.parse_args()
hide_banner(hide=True if args.banner else False,
legal=True if args.legal else
False) if args.version is False else hide_banner(hide=True)
LOGGER.info("Checking program integrity..")
try:
if not verify_py_version():
LOGGER.fatal(
"You must have Python version 2.7.x to run this program.")
exit(1)
integrity_check()
except HTTPError:
check_fail = "Integrity check failed to connect "
check_fail += "you are running a non verified "
check_fail += "Pybelt, this may or may not be insecure. "
check_fail += "Suggestion would be to re-download Pybelt from "
check_fail += "{}"
LOGGER.error(check_fail.format(CLONE_LINK))
answer = prompt("Would you like to continue anyways[y/N] ")
if answer.upper().startswith("Y"):
pass
else:
err_msg = "Please download the latest version from "
err_msg += "{}"
if args.sqliscan is not None: # SQLi scanning
try:
if QUERY_REGEX.match(args.sqliscan):
LOGGER.info("Starting SQLi scan on '{}'..".format(args.sqliscan))
LOGGER.info(SQLiScanner(args.sqliscan).sqli_search())
else:
LOGGER.error("URL does not contain a query (GET) parameter. Example: http://example.com/php?id=2")
except HTTPError as e:
error_message = "URL: '{}' threw an exception: '{}' ".format(args.sqliscan, e)
error_message += "and Pybelt is unable to resolve the URL, "
error_message += "this could mean that the URL is not allowing connections "
error_message += "or that the URL is bad. Attempt to connect "
error_message += "to the URL manually, if a connection occurs "
error_message += "make an issue."
LOGGER.fatal(error_message)
if args.dorkcheck is not None: # Dork checker, check if your dork isn't shit
LOGGER.info("Starting dork scan, using query: '{}'..".format(args.dorkcheck))
try:
LOGGER.info(DorkScanner(args.dorkcheck).check_urls_for_queries())
except HTTPError:
LOGGER.fatal(GoogleBlockException(GOOGLE_TEMP_BLOCK_ERROR_MESSAGE))
if args.hash is not None: # Try and crack a hash
try:
items = list(''.join(args.hash).split(":"))
if items[1] == "all":
LOGGER.info("Starting hash cracking without knowledge of algorithm...")
HashCracker(items[0]).try_all_algorithms()
else:
