def run_port_scan(host): """ Pointer to run a Port Scan on a given host """ if re.search(IP_ADDRESS_REGEX, host) is not None: LOGGER.info("Starting port scan on IP: {}".format(host)) LOGGER.info(PortScanner(host).connect_to_host()) elif re.search(URL_REGEX, host) is not None and re.search(QUERY_REGEX, host) is None: try: LOGGER.info("Fetching resolve IP...") ip_address = socket.gethostbyname(host) LOGGER.info("Done! IP: {}".format(ip_address)) LOGGER.info("Starting scan on URL: {} IP: {}".format( host, ip_address)) PortScanner(ip_address).connect_to_host() except socket.gaierror: error_message = "Unable to resolve IP address from {}.".format( host) error_message += " You can manually get the IP address and try again," error_message += " dropping the query parameter in the URL (IE php?id=)," error_message += " or dropping the http or https" error_message += " and adding www in place of it. IE www.google.com" error_message += " may fix this issue." LOGGER.fatal(error_message) else: error_message = "You need to provide a host to scan," error_message += " this can be given in the form of a URL " error_message += "or a IP address." LOGGER.fatal(error_message)
def create_packet(): try: return socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) except socket.error, e: error_message = "Unable to create raw IP packet." error_message += " IP packet failed with error code: {}".format(e) LOGGER.fatal(error_message)
def run_dork_checker(dork): """ Pointer to run a Dork Check on a given Google Dork """ LOGGER.info("Starting dork scan, using query: '{}'..".format(dork)) try: LOGGER.info(DorkScanner(dork).check_urls_for_queries()) except HTTPError: LOGGER.fatal(GoogleBlockException(GOOGLE_TEMP_BLOCK_ERROR_MESSAGE))
def run_xss_scan(url, url_file=None, proxy=None, user_agent=False): """ Pointer to run a XSS Scan on a given URL """ proxy = proxy if proxy is not None else None header = RANDOM_USER_AGENT if user_agent is not False else None if proxy is not None: LOGGER.info("Proxy configured, running through: {}".format(proxy)) if user_agent is True: LOGGER.info("Grabbed random user agent: {}".format(header)) if url_file is not None: # Scan a given file full of URLS file_path = url_file total = len(open(url_file).readlines()) done = 0 LOGGER.info("Found a total of {} URLS to scan..".format(total)) with open(file_path) as urls: for url in urls.readlines(): if QUERY_REGEX.match(url.strip()): question = prompt( "Would you like to scan '{}' for XSS vulnerabilities[y/N]: " .format(url.strip())) if question.lower().startswith("y"): done += 1 if not xss.main( url.strip(), proxy=proxy, headers=header): LOGGER.info( "URL '{}' does not appear to be vulnerable to XSS" .format(url.strip())) else: LOGGER.info( "URL '{}' appears to be vulnerable to XSS". format(url.strip())) LOGGER.info("URLS scanned: {}, URLS left: {}".format( done, total - done)) else: pass else: LOGGER.warn( "URL '{}' does not contain a query (GET) parameter, skipping" .format(url.strip())) LOGGER.info("All URLS in file have been scanned, shutting down..") else: # Scan a single URL if QUERY_REGEX.match(url): LOGGER.info("Searching: {} for XSS vulnerabilities..".format( url, proxy=proxy, headers=header)) if not xss.main(url, proxy=proxy, headers=header): LOGGER.error( "{} does not appear to be vulnerable to XSS".format(url)) else: LOGGER.info("{} seems to be vulnerable to XSS.".format(url)) else: error_message = "The URL you provided does not contain a query " error_message += "(GET) parameter. In order for this scan you run " error_message += "successfully you will need to provide a URL with " error_message += "A query (GET) parameter example: http://127.0.0.1/php?id=2" LOGGER.fatal(error_message)
def run_sqli_scan(url, url_file=None, proxy=None, user_agent=False, tamper=None): """ Pointer to run a SQLi Scan on a given URL """ error_message = "URL: '{}' threw an exception ".format(url) error_message += "and Pybelt is unable to resolve the URL, " error_message += "this could mean that the URL is not allowing connections " error_message += "or that the URL is bad. Attempt to connect " error_message += "to the URL manually, if a connection occurs " error_message += "make an issue." if url_file is not None: # Run through a file list file_path = url_file total = len(open(file_path).readlines()) done = 0 LOGGER.info("Found a total of {} urls in file {}..".format( total, file_path)) with open(file_path) as urls: for url in urls.readlines(): try: if QUERY_REGEX.match(url.strip()): question = prompt( "Would you like to scan '{}' for SQLi vulnerabilities[y/N]: " .format(url.strip())) if question.lower().startswith("y"): LOGGER.info("Starting scan on url: '{}'".format( url.strip())) LOGGER.info(SQLiScanner(url.strip()).sqli_search()) done += 1 LOGGER.info( "URLS scanned: {}, URLS left: {}".format( done, total - done)) else: pass else: LOGGER.warn( "URL '{}' does not contain a query (GET) parameter, skipping.." .format(url.strip())) pass except HTTPError: LOGGER.fatal(error_message) LOGGER.info("No more URLS found in file, shutting down..") else: # Run a single URL try: if QUERY_REGEX.match(url): LOGGER.info("Starting SQLi scan on '{}'..".format(url)) LOGGER.info(SQLiScanner(url).sqli_search()) else: LOGGER.error( "URL does not contain a query (GET) parameter. Example: http://example.com/php?id=2" ) except HTTPError: LOGGER.fatal(error_message)
def run_hash_cracker(hash_to_crack): """ Pointer to run the Hash Cracking system """ try: items = list(''.join(hash_to_crack).split(":")) if items[1] == "all": LOGGER.info( "Starting hash cracking without knowledge of algorithm...") HashCracker(items[0]).try_all_algorithms() else: LOGGER.info("Starting hash cracking using %s as algorithm type.." % items[1]) HashCracker(items[0], type=items[1]).try_certain_algorithm() except IndexError: error_message = "You must specify a hash type in order for this to work. " error_message += "Example: 'python pybelt.py -c 098f6bcd4621d373cade4e832627b4f6:md5'" LOGGER.fatal(error_message)
def try_certain_algorithm(self): """ Use a certain type of algorithm to do the hashing, md5, sha256, etc.. >>> HashCracker("9a8b1b7eee229046fc2701b228fc2aff", type="md5").try_certain_algorithm() {... ,'9a8b1b7eee229046fc2701b228fc2aff': ['want', 'md5'], ...} """ data = hashlib.new(self.type) for word in self.words: data.update(word.strip()) self.results[data.hexdigest()] = [word.strip(), self.type] LOGGER.info("Created %i hashes to verify.." % len(self.results.keys())) LOGGER.info("Attempting to crack hash (%s).." % self.hash) if self.verify_hashes() is False: error_message = "Unable to verify %s against %i different hashes." % (self.hash, len(self.results)) error_message += " You used algorithm: %s you can attempt all algorithms " % str(self.type).upper() error_message += "available on the system by running with 'all' as the hash type. " error_message += "IE: python pybelt.py -c 9a8b1b7eee229046fc2701b228fc2aff:all" LOGGER.fatal(error_message) exit(1)
def run_sqli_scan(url, proxy=None, user_agent=False): """ Pointer to run a SQLi Scan on a given URL """ try: if QUERY_REGEX.match(url): LOGGER.info("Starting SQLi scan on '{}'..".format(url)) LOGGER.info(SQLiScanner(url).sqli_search()) else: LOGGER.error( "URL does not contain a query (GET) parameter. Example: http://example.com/php?id=2" ) except HTTPError as e: error_message = "URL: '{}' threw an exception: '{}' ".format(url, e) error_message += "and Pybelt is unable to resolve the URL, " error_message += "this could mean that the URL is not allowing connections " error_message += "or that the URL is bad. Attempt to connect " error_message += "to the URL manually, if a connection occurs " error_message += "make an issue." LOGGER.fatal(error_message)
def try_all_algorithms(self): """ Try every algorithm available on the computer using the 'algorithms_available' functions from hashlib an example of this functions would be: >>> print(hashlib.algorithms_available) set(['SHA1', 'SHA224', 'SHA', 'SHA384', ...]) >>> HashCracker("9a8b1b7eee229046fc2701b228fc2aff", type=None).try_all_algorithms() {..., 'dc1e4c61bea0e5390c140fb1299a68a0f31b7af51f90abbd058f09689a8bb823': ['1 endow', 'sha256'], '362b004395a3f52d9a0132868bd180bd': ['17 fellowship', 'MD5'], '03195f6b6fa8dc1951f4944aed8cc4582cd72321': ['lovingkindness', 'RIPEMD160'], ...""" for alg in hashlib.algorithms_available: for word in self.words: data = hashlib.new(alg) data.update(word.strip()) self.results[data.hexdigest()] = [word.strip(), alg] LOGGER.info("Created %i hashes, verifying against given hash (%s)" % (len(self.results), self.hash)) if self.verify_hashes() is False: LOGGER.fatal("Unable to verify hash: %s" % self.hash) else: return self.verify_hashes()
def run_xss_scan(url, proxy=None, user_agent=False): """ Pointer to run a XSS Scan on a given URL """ if QUERY_REGEX.match(url): proxy = proxy if proxy is not None else None header = RANDOM_USER_AGENT if user_agent is not False else None if proxy is not None: LOGGER.info("Proxy configured, running through: {}".format(proxy)) if user_agent is True: LOGGER.info("Grabbed random user agent: {}".format(header)) LOGGER.info("Searching: {} for XSS vulnerabilities..".format( url, proxy=proxy, headers=header)) if not xss.main(url, proxy=proxy, headers=header): LOGGER.error( "{} does not appear to be vulnerable to XSS".format(url)) else: LOGGER.info("{} seems to be vulnerable to XSS.".format(url)) else: error_message = "The URL you provided does not contain a query " error_message += "(GET) parameter. In order for this scan you run " error_message += "successfully you will need to provide a URL with " error_message += "A query (GET) parameter example: http://127.0.0.1/php?id=2" LOGGER.fatal(error_message)
def run_dork_checker(dork, dork_file=None, proxy=None): """ Pointer to run a Dork Check on a given Google Dork """ if dork is not None: LOGGER.info("Starting dork scan, using query: '{}'..".format(dork)) try: LOGGER.info( DorkScanner(dork, dork_file=dork_file, proxy=proxy).check_urls_for_queries()) except HTTPError: LOGGER.fatal(GoogleBlockException(GOOGLE_TEMP_BLOCK_ERROR_MESSAGE)) elif dork is None and dork_file is not None: if proxy is None: proxy_warn = "It is advised to use proxies while running " proxy_warn += "a dork list due to the temporary Google " proxy_warn += "bans.." LOGGER.warning(proxy_warn) question = prompt( "Would you like to find proxies with the built in finder first[y/N]: " ) if question.upper().startswith("Y"): subprocess.call(["python", "pybelt.py", "-f"]) else: pass try: with open("{}".format(dork_file)) as dork_list: for dork in dork_list.readlines(): LOGGER.info("Starting dork scan on {}..".format( dork.strip())) LOGGER.info( DorkScanner(dork, dork_file=dork_file, proxy=proxy).check_urls_for_queries()) except HTTPError: LOGGER.fatal(GoogleBlockException(GOOGLE_TEMP_BLOCK_ERROR_MESSAGE)) except IOError: LOGGER.fatal( "The filename {} does not exist, please verify path and try again" .format(dork_file))
help=argparse.SUPPRESS) opts.add_argument('--tamper', metavar="SCRIPT", dest="tamper", help=argparse.SUPPRESS) args = opts.parse_args() hide_banner(hide=True if args.banner else False, legal=True if args.legal else False) if args.version is False else hide_banner(hide=True) LOGGER.info("Checking program integrity..") try: if not verify_py_version(): LOGGER.fatal( "You must have Python version 2.7.x to run this program.") exit(1) integrity_check() except HTTPError: check_fail = "Integrity check failed to connect " check_fail += "you are running a non verified " check_fail += "Pybelt, this may or may not be insecure. " check_fail += "Suggestion would be to re-download Pybelt from " check_fail += "{}" LOGGER.error(check_fail.format(CLONE_LINK)) answer = prompt("Would you like to continue anyways[y/N] ") if answer.upper().startswith("Y"): pass else: err_msg = "Please download the latest version from " err_msg += "{}"
if args.sqliscan is not None: # SQLi scanning try: if QUERY_REGEX.match(args.sqliscan): LOGGER.info("Starting SQLi scan on '{}'..".format(args.sqliscan)) LOGGER.info(SQLiScanner(args.sqliscan).sqli_search()) else: LOGGER.error("URL does not contain a query (GET) parameter. Example: http://example.com/php?id=2") except HTTPError as e: error_message = "URL: '{}' threw an exception: '{}' ".format(args.sqliscan, e) error_message += "and Pybelt is unable to resolve the URL, " error_message += "this could mean that the URL is not allowing connections " error_message += "or that the URL is bad. Attempt to connect " error_message += "to the URL manually, if a connection occurs " error_message += "make an issue." LOGGER.fatal(error_message) if args.dorkcheck is not None: # Dork checker, check if your dork isn't shit LOGGER.info("Starting dork scan, using query: '{}'..".format(args.dorkcheck)) try: LOGGER.info(DorkScanner(args.dorkcheck).check_urls_for_queries()) except HTTPError: LOGGER.fatal(GoogleBlockException(GOOGLE_TEMP_BLOCK_ERROR_MESSAGE)) if args.hash is not None: # Try and crack a hash try: items = list(''.join(args.hash).split(":")) if items[1] == "all": LOGGER.info("Starting hash cracking without knowledge of algorithm...") HashCracker(items[0]).try_all_algorithms() else: