def sslProxyScan(self):
npp = nmapParser.NmapParserFunk(self.target)
npp.openProxyPorts()
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
proxy_ssl_ports = npp.proxy_ssl_ports
proxy_ports = np.proxy_ports
# cwd = os.getcwd()
if len(proxy_ssl_ports) == 0:
pass
else:
if not os.path.exists(f"{self.target}-Report/proxy"):
os.makedirs(f"{self.target}-Report/proxy")
if not os.path.exists(f"{self.target}-Report/proxy/webSSL"):
os.makedirs(f"{self.target}-Report/proxy/webSSL")
proxy_commands = ()
for proxy in proxy_ports:
print(
f"{fg.li_cyan} Enumerating HTTPS Ports Through {proxy}, Running the following commands: {fg.rs}"
)
for proxy_ssl_port in proxy_ssl_ports:
proxy_commands = proxy_commands + (
f"whatweb -v -a 3 --proxy {self.target}:{proxy} https://127.0.0.1:{proxy_ssl_port} | tee {self.target}-Report/proxy/webSSL/whatweb-proxy-{self.target}-{proxy_ssl_port}.txt",
f"python3 /opt/dirsearch/dirsearch.py -e php,asp,aspx,txt,html -x 403,500 -t 50 -w wordlists/dicc.txt --proxy {self.target}:{proxy} -u https://127.0.0.1:{proxy_http_port} --plain-text-report {self.target}-Report/proxy/webSSL/dirsearch-127.0.0.1-{proxy}-{proxy_http_port}.log",
f"python3 /opt/dirsearch/dirsearch.py -e php,asp,aspx,txt,html -x 403,500 -t 50 -w /usr/share/wordlists/dirb/big.txt --proxy {self.target}:{proxy} -u https://127.0.0.1:{proxy_http_port} --plain-text-report {self.target}-Report/proxy/webSSL/dirsearch-127.0.0.1-big-{proxy}-{proxy_http_port}.log",
f"nikto -ask=no -host https://127.0.0.1:{proxy_ssl_port}/ -ssl -useproxy https://{self.target}:{proxy}/ > {self.target}-Report/proxy/webSSL/nikto-{self.target}-{proxy_ssl_port}-proxy-scan.txt 2>&1 &",
)
self.proxy_processes = proxy_commands
def Enum(self):
npp = nmapParser.NmapParserFunk(self.target)
npp.openProxyPorts()
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
open_proxy_ports = np.proxy_ports
if len(open_proxy_ports) == 0:
pass
else:
pweb = enumWeb.EnumWeb(self.target)
pweb.proxyScan()
http_proxy_commands = pweb.proxy_processes
psslweb = enumWebSSL.EnumWebSSL(self.target)
psslweb.sslProxyScan()
ssl_proxy_commands = psslweb.proxy_processes
all_commands = []
proxy_tcp_ports = npp.proxy_tcp_ports
tcp_proxy_ports = ",".join(map(str, proxy_tcp_ports))
default_command = f"proxychains nmap -vv -sT -Pn -sC -sV -p {tcp_proxy_ports} --script-timeout 2m -oA {self.target}-Report/nmap/proxychain-ServiceScan 127.0.0.1"
all_commands.append(default_command)
for cmd in http_proxy_commands:
all_commands.append(cmd)
for cmd in ssl_proxy_commands:
all_commands.append(cmd)
sorted_commands = sorted(set(all_commands), reverse=True)
commands_to_run = []
for i in sorted_commands:
commands_to_run.append(i)
allCmds = tuple(commands_to_run)
self.all_processes = allCmds
def Enum(self):
"""This is a helper function that will run all the Enumeration Commands Based off of nmaps proxychain original output scan if new ports are discovered."""
npp = nmapParser.NmapParserFunk(self.target)
npp.openProxyPorts()
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
open_proxy_ports = np.proxy_ports
if len(open_proxy_ports) == 0:
pass
else:
c = config_parser.CommandParser(f"{os.getcwd()}/config/config.yaml", self.target)
pweb = enumWeb.EnumWeb(self.target)
pweb.proxyScan()
http_proxy_commands = pweb.proxy_processes
psslweb = enumWebSSL.EnumWebSSL(self.target)
psslweb.sslProxyScan()
ssl_proxy_commands = psslweb.proxy_processes
all_commands = []
proxy_tcp_ports = npp.proxy_tcp_ports
tcp_proxy_ports = ",".join(map(str, proxy_tcp_ports))
default_command = c.getCmd("proxy", "proxychainsDiscoveredPorts", openTcpProxyPorts=tcp_proxy_ports)
all_commands.append(default_command)
for cmd in http_proxy_commands:
all_commands.append(cmd)
for cmd in ssl_proxy_commands:
all_commands.append(cmd)
sorted_commands = sorted(set(all_commands), reverse=True)
commands_to_run = []
for i in sorted_commands:
commands_to_run.append(i)
allCmds = tuple(commands_to_run)
self.all_processes = allCmds
def proxyScan(self):
"""This is the Web Proxy scan function that is called by lib/enumProxy.py.
This function will attempt to run, dirsearch, whatweb, and nikto"""
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
npp = nmapParser.NmapParserFunk(self.target)
npp.openProxyPorts()
proxy_http_ports = npp.proxy_http_ports
proxy_ports = np.proxy_ports
if len(proxy_http_ports) == 0:
pass
else:
c = config_parser.CommandParser(
f"{os.getcwd()}/config/config.yaml", self.target)
if not os.path.exists(c.getPath("proxy", "proxyDir")):
os.makedirs(c.getPath("proxy", "proxyDir"))
if not os.path.exists(c.getPath("proxy", "proxyWeb")):
os.makedirs(c.getPath("proxy", "proxyWeb"))
proxy_commands = []
for proxy in proxy_ports:
print(
f"""{fg.li_cyan} Enumerating HTTP Ports Through Port: {proxy}, Running the following commands: {fg.rs}"""
)
if not os.path.exists(
c.getPath("proxy", "eyewitnessDirPT", proxy=proxy)):
os.makedirs(
c.getPath("proxy", "eyewitnessDirPT", proxy=proxy))
proxy_commands.append(
c.getCmd("proxy", "eyewitnessProxyServer", proxy=proxy))
proxy_commands.append(
c.getCmd("proxy", "whatwebProxyServer", proxy=proxy))
if len(proxy_http_ports) != 0:
for proxy_http_port in proxy_http_ports:
proxy_commands.append(
c.getCmd("proxy",
"whatwebProxyHttpPorts",
proxy=proxy,
httpProxy=proxy_http_port))
proxy_commands.append(
c.getCmd("proxy",
"dirsearchHttpProxyPortsDict",
proxy=proxy,
httpProxy=proxy_http_port))
proxy_commands.append(
c.getCmd("proxy",
"dirsearchHttpProxyPortsBig",
proxy=proxy,
httpProxy=proxy_http_port))
proxy_commands.append(
c.getCmd("proxy",
"niktoProxyHttpPort",
proxy=proxy,
httpProxy=proxy_http_port))
self.proxy_processes = tuple(proxy_commands)
def Scan(self):
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
smb_ports = np.smb_ports
if len(smb_ports) == 0:
pass
else:
if not os.path.exists(f"{self.target}-Report/smb"):
os.makedirs(f"{self.target}-Report/smb")
c = (
fg.cyan +
"Enumerating NetBios SMB Samba Ports, Running the following commands:"
+ fg.rs)
print(c)
commands = (
f"smbclient -L //{self.target} -U 'guest'% | tee -a {self.target}-Report/smb/smb-scan-{self.target}.log",
f"nmblookup -A {self.target} | tee -a {self.target}-Report/smb/smb-scan-{self.target}.log",
f"nmap -vv -sV -Pn -p139,445 --script smb-enum-domains.nse,smb-enum-groups.nse,smb-enum-processes.nse,smb-enum-sessions.nse,smb-enum-shares.nse,smb-enum-users.nse,smb-ls.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-print-text.nse,smb-psexec.nse,smb-security-mode.nse,smb-server-stats.nse,smb-system-info.nse,smb-vuln-conficker.nse,smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse --script-args=unsafe=1 -oA {self.target}-Report/nmap/smbvulns-{self.target} {self.target} | tee -a {self.target}-Report/smb/smb-scan-{self.target}.log",
f"nbtscan -rvh {self.target} | tee -a {self.target}-Report/smb/smb-scan-{self.target}.log",
f"smbmap -H {self.target} | tee -a {self.target}-Report/smb/smb-scan-{self.target}.log",
f"smbmap -H {self.target} -R | tee -a {self.target}-Report/smb/smb-scan-{self.target}.log",
f'smbmap -u null -p "" -H {self.target} | tee -a {self.target}-Report/smb/smb-scan-{self.target}.log',
f'smbmap -u null -p "" -H {self.target} -R | tee -a {self.target}-Report/smb/smb-scan-{self.target}.log',
f'smbmap -u null -p "" -H {self.target} | tee -a {self.target}-Report/smb/smb-scan-{self.target}.log',
f"enum4linux -av {self.target} | tee -a {self.target}-Report/smb/smb-scan-{self.target}.log",
)
self.processes = commands
def proxyScan(self):
npp = nmapParser.NmapParserFunk(self.target)
npp.openProxyPorts()
proxy_http_ports = npp.proxy_http_ports
proxy_ports = npp.proxy_ports
web_proxy_cmds = []
cwd = os.getcwd()
reportDir = f"{cwd}/{self.target}-Report"
cwd = os.getcwd()
if len(proxy_http_ports) == 0:
pass
else:
if not os.path.exists(f"{self.target}-Report/proxy"):
os.makedirs(f"{self.target}-Report/proxy")
if not os.path.exists(f"{self.target}-Report/proxy/web"):
os.makedirs(f"{self.target}-Report/proxy/web")
for proxy in proxy_ports:
a = f"{fg.li_cyan} Enumerating HTTP Ports Through Port: {proxy}, Running the following commands: {fg.rs}"
print(a)
for proxy_http_port in proxy_http_ports:
proxy_whatwebCMD = f"whatweb -v -a 3 --proxy {self.target}:{proxy} http://127.0.0.1:{proxy_http_port} | tee {reportDir}/proxy/web/whatweb-proxy-{proxy_http_port}.txt"
web_proxy_cmds.append(proxy_whatwebCMD)
proxy_dirsearch_cmd = f"python3 /opt/dirsearch/dirsearch.py -e php,asp,aspx,txt,html -x 403,500 -t 50 -w wordlists/dicc.txt --proxy {self.target}:{proxy} -u http://127.0.0.1:{proxy_http_port} --plain-text-report {reportDir}/proxy/web/dirsearch-127.0.0.1-proxy-{proxy}-{proxy_http_port}.log"
web_proxy_cmds.append(proxy_dirsearch_cmd)
proxy_dirsearch_cmd2 = f"python3 /opt/dirsearch/dirsearch.py -u http://{self.target}:{proxy_http_port} -t 80 -e php,asp,aspx -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -x 403,500 --plain-text-report {reportDir}/proxy/web/dirsearch-dlistsmall-127.0.0.1-proxy-{proxy_http_port}.log"
web_proxy_cmds.append(proxy_dirsearch_cmd2)
proxy_nikto_cmd = f"nikto -ask=no -host http://127.0.0.1:{proxy_http_port}/ -useproxy http://{self.target}:{proxy}/ > {reportDir}/proxy/web/nikto-port-{proxy_http_port}-proxy-scan.txt 2>&1 &"
web_proxy_cmds.append(proxy_nikto_cmd)
sorted_commands = sorted(set(web_proxy_cmds), reverse=True)
commands_to_run = []
for i in sorted_commands:
commands_to_run.append(i)
wpCmds = tuple(commands_to_run)
self.proxy_processes = wpCmds
def Scan(self):
"""This Scan() Funciton will run the following tools,
SMBCLIENT, NMBLOOKUP, NBTSCAN, SMBSCAN, AND ENUM4LINUX"""
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
smb_ports = np.smb_ports
if len(smb_ports) == 0:
pass
else:
c = config_parser.CommandParser(
f"{os.getcwd()}/config/config.yaml", self.target)
if not os.path.exists(c.getPath("smb", "smbDir")):
os.makedirs(c.getPath("smb", "smbDir"))
print(
fg.cyan +
"Enumerating NetBios SMB Samba Ports, Running the following commands:"
+ fg.rs)
commands = []
commands.append(c.getCmd("smb", "smbclient"))
commands.append(c.getCmd("smb", "nmblookup"))
commands.append(c.getCmd("smb", "nmapSmb"))
commands.append(c.getCmd("smb", "nbtscan"))
commands.append(c.getCmd("smb", "smbmapH"))
commands.append(c.getCmd("smb", "smbmapHR"))
commands.append(c.getCmd("smb", "smbmapNull"))
commands.append(c.getCmd("smb", "smbmapNullR"))
commands.append(c.getCmd("smb", "enum4linux"))
self.processes = tuple(commands)
def SshSingleUserBrute(self):
cmd_info = "[" + fg.green + "+" + fg.rs + "]"
cwd = os.getcwd()
reportDir = f"{cwd}/{self.target}-Report"
cl = helper_lists.Cewl(self.target)
if not os.path.exists(f"{reportDir}/wordlists/all.txt"):
cl.CewlWordlist()
green = fg.li_green
teal = fg.li_cyan
reset = fg.rs
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
if os.path.exists(f"{reportDir}/wordlists/all.txt"):
cewl_wordlist = f"{reportDir}/wordlists/all.txt"
if os.path.getsize(cewl_wordlist) > 0:
print(
f"{teal}Beginning Password Brute Force for User:{reset} {green}{self.user}{reset}"
)
patator_cmd = f"""patator ssh_login host={self.target} port={self.port} user={self.user} password=FILE0 0={cewl_wordlist} persistent=0 -x ignore:mesg='Authentication failed.'"""
print(f"{cmd_info} {patator_cmd}")
call(patator_cmd, shell=True)
else:
print(
f"{teal}Beginning Password Brute Force for User:{reset} {green}{self.user}{reset}"
)
patator_cmd = f"""patator ssh_login host={self.target} port={self.port} user={self.user} password=FILE0 0={cwd}/wordlists/probable-v2-top1575.txt persistent=0 -x ignore:mesg='Authentication failed.'"""
print(f"{cmd_info} {patator_cmd}")
call(patator_cmd, shell=True)
def SshSingleUserBrute(self):
"""Run patator with seclists probable top 1575 wordlist against a single user specified as a command line argument."""
cmd_info = "[" + fg.green + "+" + fg.rs + "]"
c = config_parser.CommandParser(f"{os.getcwd()}/config/config.yaml",
self.target)
cl = helper_lists.Cewl(self.target)
if not os.path.exists(c.getPath("wordlists", "CewlPlus")):
cl.CewlWordlist()
green = fg.li_green
teal = fg.li_cyan
reset = fg.rs
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
if os.path.exists(c.getPath("wordlists", "CewlPlus")):
if os.path.getsize(c.getPath("wordlists", "CewlPlus")) > 0:
print(
f"""{teal}Beginning Password Brute Force for User: {reset} {green}{self.user}{reset}"""
)
patator_cmd = c.getCmd("ssh",
"patator_ssh_cewl_auto",
port=self.port,
user=self.user)
print(f"""{cmd_info} {patator_cmd}""")
call(patator_cmd, shell=True)
else:
print(
f"""{teal}Beginning Password Brute Force for User: {reset} {green}{self.user}{reset}"""
)
patator_cmd = c.getCmd("ssh",
"patator_ssh_auto",
port=self.port,
user=self.user)
print(f"""{cmd_info} {patator_cmd}""")
call(patator_cmd, shell=True)
def Scan(self):
info = fg.cyan + "Checking Virtual Host Routing and DNS" + fg.rs
print(info)
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
dnsPorts = np.dns_ports
dn = domainFinder.DomainFinder(self.target)
dn.Scan()
redirect_hostname = dn.redirect_hostname
if not os.path.exists(f"{self.target}-Report/dns"):
os.makedirs(f"{self.target}-Report/dns")
if not os.path.exists(f"{self.target}-Report/aquatone"):
os.makedirs(f"{self.target}-Report/aquatone")
if len(redirect_hostname) and (len(dnsPorts) == 0):
pass
elif len(dnsPorts) == 0:
pass
elif redirect_hostname:
commands = ()
for d in redirect_hostname:
self.hostnames.append(d)
if "www" in d:
pass
else:
commands = commands + (
f"dnsenum --dnsserver {self.target} --enum -f /usr/share/seclists/Discovery/DNS/subdomains-top1mil-5000.txt -r {d} | tee {self.target}-Report/dns/dnsenum-{self.target}-{d}.log",
)
self.processes = commands
def proxyEnum():
pscan = enumProxy.CheckProxy(args.target)
pscan.Scan()
pr = nmapParser.NmapParserFunk(args.target)
pr.openProxyPorts()
pscan.Enum()
proxy_commands = pscan.all_processes
mpRun(proxy_commands)
def sslProxyScan(self):
"""This function is called by lib/enumProxy.py and will enumerate HTTPS/SSL Web Servers.
It will run, whatweb, dirsearch, and nikto."""
npp = nmapParser.NmapParserFunk(self.target)
npp.openProxyPorts()
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
proxy_ssl_ports = npp.proxy_ssl_ports
proxy_ports = np.proxy_ports
if len(proxy_ssl_ports) == 0:
pass
else:
c = config_parser.CommandParser(
f"{os.getcwd()}/config/config.yaml", self.target)
if not os.path.exists(c.getPath("proxy", "proxyDir")):
os.makedirs(c.getPath("proxy", "proxyDir"))
if not os.path.exists(c.getPath("proxy", "proxyWebSSL")):
os.makedirs(c.getPath("proxy", "proxyWebSSL"))
proxy_commands = []
for proxy in proxy_ports:
print(
f"""{fg.li_cyan} Enumerating HTTPS Ports Through {proxy}, Running the following commands: {fg.rs}"""
)
for proxy_ssl_port in proxy_ssl_ports:
proxy_commands.append(
c.getCmd("proxySSL",
"whatwebSSLProxy",
proxy=proxy,
proxySSLPort=proxy_ssl_port))
proxy_commands.append(
c.getCmd("proxySSL",
"dirsearchProxySSLDict",
proxySslPort=proxy_ports,
proxy=proxy_ssl_port))
proxy_commands.append(
c.getCmd("proxySSL",
"dirsearchProxySSLBig",
proxySSLPort=proxy_ports,
proxy=proxy_ssl_port))
proxy_commands.append(
c.getCmd("proxySSL",
"niktoProxySSL",
proxySSLPort=proxy,
proxy=proxy_ssl_port))
self.proxy_processes = tuple(proxy_commands)
def Scan(self):
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
http_ports = np.http_ports
dn = domainFinder.DomainFinder(self.target)
dn.getRedirect()
hostnames = dn.redirect_hostname
cwd = os.getcwd()
reportDir = f"{cwd}/{self.target}-Report"
if len(http_ports) == 0:
pass
else:
a = f"{fg.li_cyan} Enumerating HTTP Ports, Running the following commands: {fg.rs}"
print(a)
if not os.path.exists(f"{self.target}-Report/web"):
os.makedirs(f"{self.target}-Report/web")
if not os.path.exists(f"{self.target}-Report/aquatone"):
os.makedirs(f"{self.target}-Report/aquatone")
commands = ()
if len(hostnames) != 0:
sorted_hostnames = sorted(set(hostnames))
for hostname in sorted_hostnames:
for port in http_ports:
if not os.path.exists(
f"{self.target}-Report/web/eyewitness-{hostname}-{port}"
):
os.makedirs(
f"{self.target}-Report/web/eyewitness-{hostname}-{port}"
)
commands = commands + (
f"whatweb -v -a 3 http://{hostname}:{port} | tee {reportDir}/web/whatweb-{hostname}-{port}.txt",
f"cd /opt/EyeWitness && echo 'http://{hostname}:{port}' > eyefile.txt && ./EyeWitness.py --threads 5 --ocr --no-prompt --active-scan --all-protocols --web -f eyefile.txt -d {reportDir}/web/eyewitness-{hostname}-{port} && cd - &>/dev/null",
f"wafw00f http://{hostname}:{port} | tee {reportDir}/web/wafw00f-{hostname}-{port}.txt",
f"curl -sSik http://{hostname}:{port}/robots.txt -m 10 -o {reportDir}/web/robots-{hostname}-{port}.txt &>/dev/null",
f"python3 /opt/dirsearch/dirsearch.py -u http://{hostname}:{port}/ -t 50 -e php,asp,aspx,txt,html -w wordlists/dicc.txt -x 401,403,500,502 --plain-text-report {reportDir}/web/dirsearch-{hostname}-{port}.log",
f"python3 /opt/dirsearch/dirsearch.py -u http://{hostname}:{port}/ -t 80 -e php,asp,aspx,txt,html -w /usr/share/wordlists/dirb/big.txt -x 401,403,500,502 --plain-text-report {reportDir}/web/dirsearch-big-{hostname}-{port}.log",
f"nikto -ask=no -host http://{hostname}:{port} >{reportDir}/web/niktoscan-{hostname}-{port}.txt 2>&1 &",
)
else:
for port in http_ports:
if not os.path.exists(
f"{self.target}-Report/web/eyewitness-{self.target}-{port}"
):
os.makedirs(
f"{self.target}-Report/web/eyewitness-{self.target}-{port}"
)
commands = commands + (
f"whatweb -v -a 3 http://{self.target}:{port} | tee {reportDir}/web/whatweb-{port}.txt",
f"cd /opt/EyeWitness && echo 'http://{self.target}:{port}' >eyefile.txt && ./EyeWitness.py --threads 5 --ocr --no-prompt --active-scan --all-protocols --web -f eyefile.txt -d {reportDir}/web/eyewitness-{self.target}-{port} && cd - &>/dev/null",
f"wafw00f http://{self.target}:{port} | tee {reportDir}/web/wafw00f-{port}.txt",
f"curl -sSik http://{self.target}:{port}/robots.txt -m 10 -o {reportDir}/web/robots-{port}.txt &>/dev/null",
f"python3 /opt/dirsearch/dirsearch.py -u http://{self.target}:{port}/ -t 50 -e php,asp,aspx,txt,html -w wordlists/dicc.txt -x 401,403,500,502 --plain-text-report {reportDir}/web/dirsearch-{port}.log",
f"python3 /opt/dirsearch/dirsearch.py -u http://{self.target}:{port}/ -t 80 -e php,asp,aspx,txt,html -w /usr/share/wordlists/dirb/big.txt -x 401,403,500,502 --plain-text-report {reportDir}/web/dirsearch-big-{port}.log",
f"nikto -ask=no -host http://{self.target}:{port} >{reportDir}/web/niktoscan-{port}.txt 2>&1 &",
)
self.processes = commands
def OraclePwn(self):
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
oracle_tns_ports = np.oracle_tns_ports
if len(oracle_tns_ports) == 0:
pass
else:
ldap_enum = f"lib/oracle.sh {self.target}"
call(ldap_enum, shell=True)
def ldapSearch(self):
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
ldap_ports = np.ldap_ports
if len(ldap_ports) == 0:
pass
else:
ldap_enum = f"lib/ldap.sh {self.target}"
call(ldap_enum, shell=True)
def getRedirect(self):
"""Extra Function for enumWeb HTTP hosts so as not to run Scan() twice."""
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
dnsPort = np.dns_ports
c = config_parser.CommandParser(f"{os.getcwd()}/config/config.yaml",
self.target)
ig = helper_lists.ignoreDomains()
ignore = ig.ignore
try:
with open(c.getPath("nmap", "nmap_top_ports_nmap"), "r") as nm:
for line in nm:
new = (line.replace("=", " ").replace("/", " ").replace(
"commonName=",
"").replace("/organizationName=",
" ").replace(",", " ").replace("_", " "))
matches = re.findall(
r"(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]{,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{3,6}",
new)
for x in matches:
if not any(s in x for s in ignore):
self.redirect_hostname.append(x)
if "|_http-title: Did not follow redirect to http:" in line:
print(line)
split_line2 = line.split()
last_word2 = split_line2[-1]
redirect_domainName = (last_word2.replace(
"http://", "").replace("/", "").replace("'", ""))
self.redirect_hostname.append(redirect_domainName)
except FileNotFoundError as fnf_error:
print(fnf_error)
if len(dnsPort) != 0:
if not os.path.exists(c.getPath("dns", "dnsDir")):
os.makedirs(c.getPath("dns", "dnsDir"))
dig_cmd = c.getCmd("dns", "dnsDig")
dp = dig_parser.digParse(self.target, dig_cmd)
dp.parseDig()
dig_hosts = dp.hosts
sub_hosts = dp.subdomains
if len(dig_hosts) != 0:
for x in dig_hosts:
self.redirect_hostname.append(x)
if len(sub_hosts) != 0:
for x in sub_hosts:
self.redirect_hostname.append(x)
if len(self.redirect_hostname) != 0:
alldns = " ".join(map(str, self.redirect_hostname))
zonexferDns = []
dig_command = c.getCmd("dns", "dnsDigAxfr", alldns=alldns)
dp2 = dig_parser.digParse(self.target, dig_command)
dp2.parseDigAxfr()
subdomains = dp2.subdomains
for x in subdomains:
zonexferDns.append(x)
sortedAllDomains = sorted(set(zonexferDns))
for x in sortedAllDomains:
self.redirect_hostname.append(x)
def proxyEnum(self):
"""Helper funciton to call The Check Proxy and Enumerate Proxy Class's / Functions."""
pscan = enumProxy.CheckProxy(self.target)
pscan.Scan()
pr = nmapParser.NmapParserFunk(self.target)
pr.openProxyPorts()
pscan.Enum()
proxy_commands = pscan.all_processes
self.mpRun(proxy_commands)
def Scan(self):
"""If there is an open http-proxy port from nmaps results. Try to add the server IP to your proxychains
config file and then proceed to scan the target again through the proxy port using proxychains and nmap.
If more ports are discovered open, proceed to enumerate all found open ports through the http-proxy port."""
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
proxyPorts = np.proxy_ports
hpl = helper_lists.topPortsToScan()
topTCP = hpl.topTCP
topTcpPortsString = ",".join(map(str, topTCP))
cmd_info = "[" + fg.li_green + "+" + fg.rs + "]"
if len(proxyPorts) == 0:
pass
else:
c = config_parser.CommandParser(
f"{os.getcwd()}/config/config.yaml", self.target)
duplicate_cmds = []
add_line_cmd = rf"""sed -e "\$ahttp {self.target} {proxyPorts[0]}" -i /etc/proxychains.conf"""
comment_out_line_cmd = (
f"""sed -e '/socks5/ s/^#*/#/' -i /etc/proxychains.conf""")
proxy_config_file = "/etc/proxychains.conf"
try:
pcCF = open(proxy_config_file, "r")
for line in pcCF:
parsed_lines = line.rstrip()
if not parsed_lines.startswith("#"):
tor_match = re.findall("socks5", parsed_lines)
sorted_tor_matches = sorted(set(tor_match),
reverse=True)
if "socks5" in sorted_tor_matches:
duplicate_cmds.append(comment_out_line_cmd)
if (parsed_lines.startswith("#")
or not parsed_lines.startswith('#')):
matches = re.findall(f"http {self.target}", parsed_lines)
sorted_matches = sorted(set(matches), reverse=True)
if f"http {self.target}" not in sorted_matches:
duplicate_cmds.append(add_line_cmd)
pcCF.close()
sorted_cmds = sorted(set(duplicate_cmds))
if len(sorted_cmds) != 0:
for cmd in sorted_cmds:
call(cmd, shell=True)
except FileNotFoundError as fnf_error:
print(fnf_error)
exit()
if not os.path.exists(c.getPath("proxy", "proxyDir")):
os.makedirs(c.getPath("proxy", "proxyDir"))
proxychains_nmap_top_ports_cmd = c.getCmd(
"proxy",
"proxychainsNmapTopPorts",
topTcpPorts=topTcpPortsString)
print(cmd_info, proxychains_nmap_top_ports_cmd)
call(proxychains_nmap_top_ports_cmd, shell=True)
def topUdpAllTcp(self):
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
tcpPorts = np.tcp_ports
string_tcp_ports = ",".join(map(str, tcpPorts))
commands = (
f"nmap -vv -Pn -sC -sV -O -p- -T4 --script-timeout 2m -oA {self.target}-Report/nmap/full-tcp-scan-{self.target} {self.target}",
f"nmap -sUV -v --reason -T4 --max-retries 3 --max-rtt-timeout 150ms -pU:53,67-69,111,123,135,137-139,161-162,445,500,514,520,631,998,1434,1701,1900,4500,5353,49152,49154 -oA {self.target}-Report/nmap/top-udp-ports {self.target}",
f"nmap -v -sV -Pn --script nmap-vulners -p {string_tcp_ports} -oA {self.target}-Report/nmap/vulnscan-{self.target} {self.target}",
)
self.processes = commands
def proxyScan(self):
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
npp = nmapParser.NmapParserFunk(self.target)
npp.openProxyPorts()
proxy_http_ports = npp.proxy_http_ports
proxy_ports = np.proxy_ports
cwd = os.getcwd()
reportDir = f"{cwd}/{self.target}-Report"
cwd = os.getcwd()
if len(proxy_http_ports) == 0:
pass
else:
if not os.path.exists(f"{self.target}-Report/proxy"):
os.makedirs(f"{self.target}-Report/proxy")
if not os.path.exists(f"{self.target}-Report/proxy/web"):
os.makedirs(f"{self.target}-Report/proxy/web")
proxy_commands = ()
for proxy in proxy_ports:
print(
f"{fg.li_cyan} Enumerating HTTP Ports Through Port: {proxy}, Running the following commands: {fg.rs}"
)
if not os.path.exists(
f"{self.target}-Report/proxy/web/eyewitness-{self.target}-{proxy}"
):
os.makedirs(
f"{self.target}-Report/proxy/web/eyewitness-{self.target}-{proxy}"
)
proxy_commands = proxy_commands + (
f"cd /opt/EyeWitness && echo 'http://{self.target}:{proxy}' > eyefile.txt && ./EyeWitness.py --threads 5 --ocr --no-prompt --active-scan --all-protocols --web -f eyefile.txt -d {reportDir}/proxy/web/eyewitness-{self.target}-{proxy} && cd - &>/dev/null",
f"whatweb -v -a 3 http://{self.target}:{proxy} | tee {reportDir}/proxy/web/whatweb-{self.target}-{proxy}.txt",
)
if len(proxy_http_ports) != 0:
for proxy_http_port in proxy_http_ports:
proxy_commands = proxy_commands + (
f"whatweb -v -a 3 --proxy {self.target}:{proxy} http://127.0.0.1:{proxy_http_port} | tee {reportDir}/proxy/web/whatweb-proxy-{proxy_http_port}.txt",
f"python3 /opt/dirsearch/dirsearch.py -e php,asp,aspx,txt,html -x 403,500 -t 50 -w wordlists/dicc.txt --proxy {self.target}:{proxy} -u http://127.0.0.1:{proxy_http_port} --plain-text-report {reportDir}/proxy/web/dirsearch-127.0.0.1-proxy-{proxy}-{proxy_http_port}.log",
f"python3 /opt/dirsearch/dirsearch.py -e php,asp,aspx,txt,html -x 403,500 -t 50 -w /usr/share/wordlists/dirb/big.txt --proxy {self.target}:{proxy} -u http://127.0.0.1:{proxy_http_port} --plain-text-report {reportDir}/proxy/web/dirsearch-127.0.0.1-proxy-big-{proxy}-{proxy_http_port}.log",
f"nikto -ask=no -host http://127.0.0.1:{proxy_http_port}/ -useproxy http://{self.target}:{proxy}/ > {reportDir}/proxy/web/nikto-port-{proxy_http_port}-proxy-scan.txt 2>&1 &",
)
self.proxy_processes = proxy_commands
def OraclePwn(self):
"""OraclePwn will run a helper lib/oracle.sh bash script which will attempt to bruteforce
Oracle if any valid SID's are found from the Scan() Functions results."""
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
oracle_tns_ports = np.oracle_tns_ports
if len(oracle_tns_ports) == 0:
pass
else:
c = config_parser.CommandParser(f"{os.getcwd()}/config/config.yaml", self.target)
oracle_pwn = f"""bash {c.getPath("oracle","oracleBrute")} {self.target}"""
call(oracle_pwn, shell=True)
def ldapSearch(self):
"""This will run a helper bash script that will attempt to login to smb
using smbmap if any valid SambaNTHashes are found using a
passthe hash technique."""
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
ldap_ports = np.ldap_ports
if len(ldap_ports) == 0:
pass
else:
ldap_enum = f"{os.getcwd()}/lib/ldap.sh {self.target}"
call(ldap_enum, shell=True)
def SshMultipleUsersBruteCustom(self):
"""Run patator with custome wordlist against a single user specified as a command line argument."""
cmd_info = "[" + fg.green + "+" + fg.rs + "]"
green = fg.li_green
teal = fg.li_cyan
reset = fg.rs
c = config_parser.CommandParser(f"{os.getcwd()}/config/config.yaml", self.target)
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
print(f"""{teal}Beginning Password Brute Force for User: {reset} {green}{self.users}{reset}""")
patator_cmd = c.getCmd("ssh", "patator_ssh_multiple_users_custom", port=self.port, users=self.users, wordlist=self.passList)
print(f"""{cmd_info} {patator_cmd}""")
call(patator_cmd, shell=True)
def SshSingleUserBruteCustom(self):
cmd_info = "[" + fg.green + "+" + fg.rs + "]"
cwd = os.getcwd()
green = fg.li_green
teal = fg.li_cyan
reset = fg.rs
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
print(
f"{teal}Beginning Password Brute Force for User:{reset} {green}{self.user}{reset}"
)
patator_cmd = f"""patator ssh_login host={self.target} port={self.port} user={self.user} password=FILE0 0={self.passList} persistent=0 -x ignore:mesg='Authentication failed.'"""
print(f"{cmd_info} {patator_cmd}")
call(patator_cmd, shell=True)
def topUdpAllTcp(self):
"""topUdpAllTcp will run a full nmap tcp port scan and a top udp ports scan"""
c = config_parser.CommandParser(f"{os.getcwd()}/config/config.yaml",
self.target)
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
hpl = helper_lists.topPortsToScan()
topUDP = hpl.topUDP
topUdpPortsString = ",".join(map(str, topUDP))
commands = []
commands.append(c.getCmd("nmap", "nmapFullTcpScan"))
commands.append(
c.getCmd("nmap", "nmapTopUdpScan", topUdpPorts=topUdpPortsString))
self.processes = tuple(commands)
def ScanWebOption(self):
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
df = dnsenum.DnsEnum(self.target)
df.GetHostNames()
hostnames = df.hostnames
ssl_ports = np.ssl_ports
if len(ssl_ports) == 0:
pass
else:
if not os.path.exists(f"{self.target}-Report/webSSL"):
os.makedirs(f"{self.target}-Report/webSSL")
if not os.path.exists(f"{self.target}-Report/aquatone"):
os.makedirs(f"{self.target}-Report/aquatone")
b = fg.li_cyan + "Enumerating HTTPS/SSL Ports, Running the following commands:" + fg.rs
print(b)
if len(hostnames) == 0:
for sslport in ssl_ports:
commands = (
f"whatweb -v -a 3 https://{self.target}:{sslport} | tee {self.target}-Report/webSSL/whatweb-{self.target}-{sslport}.txt",
f"wafw00f https://{self.target}:{sslport} >{self.target}-Report/webSSL/wafw00f-{self.target}-{sslport}.txt",
f"curl -sSik https://{self.target}:{sslport}/robots.txt -m 10 -o {self.target}-Report/webSSL/robots-{self.target}-{sslport}.txt &>/dev/null",
f"python3 /opt/dirsearch/dirsearch.py -u https://{self.target}:{sslport} -t 80 -e php,asp,aspx,html -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x 403,500 --plain-text-report {self.target}-Report/webSSL/dirsearch-dlistmedium-{self.target}-{sslport}.log",
f"python3 /opt/dirsearch/dirsearch.py -u https://{self.target}:{sslport} -t 50 -e php,asp,aspx,html,txt,git,bak,tar,gz,7z,json,zip,rar,bz2,pdf,md,pl,cgi -x 403,500 -w /usr/share/seclists/Discovery/Web-Content/raft-large-files-lowercase.txt --plain-text-report {self.target}-Report/webSSL/dirsearch-raftfiles-{self.target}-{sslport}.log",
f"python3 /opt/dirsearch/dirsearch.py -u https://{self.target}:{sslport} -t 50 -e php,asp,aspx,html,txt -x 403,500 -w /usr/share/seclists/Discovery/Web-Content/raft-large-directories.txt --plain-text-report {self.target}-Report/webSSL/dirsearch-raftdirs-{self.target}-{sslport}.log",
f"python3 /opt/dirsearch/dirsearch.py -u https://{self.target}:{sslport} -t 50 -e php,asp,aspx,txt,html -w wordlists/foreign.txt -x 403,500 --plain-text-report {self.target}-Report/webSSL/dirsearch-foreign-{self.target}-{sslport}.log",
f"nikto -ask=no -host https://{self.target}:{sslport} -ssl >{self.target}-Report/webSSL/niktoscan-{self.target}-{sslport}.txt 2>&1 &",
)
else:
for ssl_port2 in ssl_ports:
commands = ()
for i in hostnames:
commands = commands + (
f"whatweb -v -a 3 https://{i}:{ssl_port2} >{self.target}-Report/webSSL/whatweb-{i}-{ssl_port2}.txt",
f"wafw00f https://{i}:{ssl_port2} >{self.target}-Report/webSSL/wafw00f-{i}-{ssl_port2}.txt",
f"curl -sSik https://{i}:{ssl_port2}/robots.txt -m 10 -o {self.target}-Report/webSSL/robots-{i}-{ssl_port2}.txt &>/dev/null",
f"python3 /opt/dirsearch/dirsearch.py -u https://{i}:{ssl_port2} -t 50 -e php,asp,aspx,html,txt,git,bak,tar,gz,7z,json,zip,rar,bz2,pdf,md,pl,cgi -x 403,500 -w /usr/share/seclists/Discovery/Web-Content/raft-large-files-lowercase.txt --plain-text-report {self.target}-Report/webSSL/dirsearch-raftfiles-{i}-{ssl_port2}.log",
f"python3 /opt/dirsearch/dirsearch.py -u https://{i}:{ssl_port2} -t 50 -e php,asp,aspx,html,txt -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x 403,500 --plain-text-report {self.target}-Report/webSSL/dirsearch-dlistmedium-{i}-{ssl_port2}.log",
f"python3 /opt/dirsearch/dirsearch.py -u https://{i}:{ssl_port2} -t 50 -e php,asp,aspx,txt,html -w wordlists/foreign.txt -x 403,500 --plain-text-report {self.target}-Report/webSSL/dirsearch-foreign-{i}-{ssl_port2}.log",
f"python3 /opt/dirsearch/dirsearch.py -u https://{i}:{ssl_port2} -t 50 -e php,asp,aspx,html,txt -x 403,500 -w /usr/share/seclists/Discovery/Web-Content/raft-large-directories.txt --plain-text-report {self.target}-Report/webSSL/dirsearch-raftlargedirs-{i}-{ssl_port2}.log",
f"nikto -ask=no -host https://{i}:{ssl_port2} -ssl >{self.target}-Report/webSSL/niktoscan-{i}-{ssl_port2}.txt 2>&1 &",
)
self.processes = commands
def Scan(self):
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
proxyPorts = np.proxy_ports
cmd_info = "[" + fg.li_green + "+" + fg.rs + "]"
if len(proxyPorts) == 0:
pass
else:
duplicate_cmds = []
add_line_cmd = (
f"""sed -e "\$ahttp {self.target} {proxyPorts[0]}" -i /etc/proxychains.conf"""
)
comment_out_line_cmd = f"""sed -e '/socks5/ s/^#*/#/' -i /etc/proxychains.conf"""
proxy_config_file = "/etc/proxychains.conf"
try:
pcCF = open(proxy_config_file, "r")
for line in pcCF:
parsed_lines = line.rstrip()
if not parsed_lines.startswith("#"):
tor_match = re.findall("socks5", parsed_lines)
sorted_tor_matches = sorted(set(tor_match),
reverse=True)
if "socks5" in sorted_tor_matches:
duplicate_cmds.append(comment_out_line_cmd)
if not parsed_lines.startswith("#"):
matches = re.findall(f"http {self.target}", parsed_lines)
sorted_matches = sorted(set(matches), reverse=True)
if f"http {self.target}" not in sorted_matches:
duplicate_cmds.append(add_line_cmd)
pcCF.close()
sorted_cmds = sorted(set(duplicate_cmds))
if len(sorted_cmds) != 0:
for cmd in sorted_cmds:
call(cmd, shell=True)
except FileNotFoundError as fnf_error:
print(fnf_error)
exit()
if not os.path.exists(f"{self.target}-Report/proxy"):
os.makedirs(f"{self.target}-Report/proxy")
proxychains_nmap_top_ports_cmd = f"proxychains nmap -vv -sT -Pn -sV -T3 --max-retries 1 --max-scan-delay 20 --top-ports 10000 -oA {self.target}-Report/nmap/proxychain-top-ports 127.0.0.1"
print(cmd_info, proxychains_nmap_top_ports_cmd)
call(proxychains_nmap_top_ports_cmd, shell=True)
def vulnCheck(self):
"""Vuln Check will check if OpenSSH is vulnerable to Username Enumeration.
If it is, A message will be printed to the User. This feature can be enabled to automatically
always brute force SSH if the instance is a vulnerable version, however, I've changed this
feature to not run automatically as that option should be left up to the user, among various other
reasons."""
cmd_info = "[" + fg.green + "+" + fg.rs + "]"
manual_cmd_info = "[" + fg.li_yellow + "+" + fg.rs + "]"
blue = fg.li_blue
red = fg.red
green = fg.li_green
reset = fg.rs
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
ssh_product = np.ssh_product
ssh_version = np.ssh_version
c = config_parser.CommandParser(f"{os.getcwd()}/config/config.yaml",
self.target)
# Check what version OPENSSH is
# If OpenSSH version is less than 7.7, Enumerate Users
# If valid Unique User is found, Brute Force Passwords
if len(ssh_product) == 1:
string_ssh_version = " ".join(map(str, ssh_version))
lowercase_ssh_version = str(string_ssh_version).lower()
first_two_nums = lowercase_ssh_version[0:3]
int_first_two_nums = float(first_two_nums)
if ssh_product[0] == "OpenSSH":
if int_first_two_nums < float(7.7):
ssh_port = np.ssh_ports
print(
f"""{cmd_info} {blue}{ssh_product[0]} {ssh_version[0]}{reset} is {red}VULNERABLE to Username Enumeration{reset}"""
)
print(f"""{green}Consider running:{reset}""")
print(
f"""{manual_cmd_info} {c.getCmd("ssh", "ssh_user_enum", port=ssh_port[0])}"""
)
# sb = brute.Brute(self.target, "ssh", ssh_port)
# sb.SshUsersBrute()
else:
print(
f"""{cmd_info} {blue}{ssh_product[0]} {ssh_version[0]}{reset} is {red}NOT{reset} Vulnerable to Username Enumeration"""
)
def anonymousLogin(self):
np = nmapParser.NmapParserFunk(self.target)
np.allOpenPorts()
ftpPorts = np.ftp_ports
if len(ftpPorts) != 0:
for port in ftpPorts:
try:
ftp = ftplib.FTP()
ftp.connect(self.target, port)
ftp.login('anonymous', '')
print(ftp.getwelcome())
ftp.set_pasv(1)
print(ftp.dir())
print(ftp.nlst())
print(f'\n[{fg.li_green}*{fg.rs}] ' + str(self.target) + f'{fg.white} FTP Anonymous Logon Succeeded!{fg.rs}')
self.ftpDownloadAll(port)
except Exception as e:
print(str(e))
print(f'\n[{fg.li_red}!{fg.rs}] ' + str(self.target) + ' FTP Anonymous Logon Failed.')
return False
def Scan(self):
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
df = dnsenum.DnsEnum(self.target)
df.GetHostNames()
hostnames = df.hostnames
ssl_ports = np.ssl_ports
if len(ssl_ports) == 0:
pass
else:
if not os.path.exists(f"{self.target}-Report/webSSL"):
os.makedirs(f"{self.target}-Report/webSSL")
if not os.path.exists(f"{self.target}-Report/aquatone"):
os.makedirs(f"{self.target}-Report/aquatone")
b = fg.li_cyan + "Enumerating HTTPS/SSL Ports, Running the following commands:" + fg.rs
print(b)
commands = ()
if len(hostnames) == 0:
for sslport in ssl_ports:
commands = commands + (
f"whatweb -v -a 3 https://{self.target}:{sslport} | tee {self.target}-Report/webSSL/whatweb-{self.target}-{sslport}.txt",
f"wafw00f https://{self.target}:{sslport} >{self.target}-Report/webSSL/wafw00f-{self.target}-{sslport}.txt",
f"curl -sSik https://{self.target}:{sslport}/robots.txt -m 10 -o {self.target}-Report/webSSL/robots-{self.target}-{sslport}.txt &>/dev/null",
f"python3 /opt/dirsearch/dirsearch.py -u https://{self.target}:{sslport}/ -t 30 -e php,asp,aspx,html,txt -x 403,500 -w wordlists/dicc.txt --plain-text-report {self.target}-Report/webSSL/dirsearch-{self.target}-{sslport}.log",
f"python3 /opt/dirsearch/dirsearch.py -u https://{self.target}:{sslport}/ -t 80 -e php,asp,aspx,html,txt -w /usr/share/wordlists/dirb/big.txt -x 403,500 --plain-text-report {self.target}-Report/webSSL/dirsearch-big-{self.target}-{sslport}.log",
f"nikto -ask=no -host https://{self.target}:{sslport} -ssl >{self.target}-Report/webSSL/niktoscan-{self.target}-{sslport}.txt 2>&1 &",
)
else:
for ssl_port2 in ssl_ports:
for i in hostnames:
commands = commands + (
f"whatweb -v -a 3 https://{i}:{ssl_port2} >{self.target}-Report/webSSL/whatweb-{i}-{ssl_port2}.txt",
f"wafw00f https://{i}:{ssl_port2} >{self.target}-Report/webSSL/wafw00f-{i}-{ssl_port2}.txt",
f"curl -sSik https://{i}:{ssl_port2}/robots.txt -m 10 -o {self.target}-Report/webSSL/robots-{i}-{ssl_port2}.txt &>/dev/null",
f"python3 /opt/dirsearch/dirsearch.py -u https://{i}:{ssl_port2}/ -t 50 -e php,asp,aspx,txt,html -x 403,500 --plain-text-report {self.target}-Report/webSSL/dirsearch-{i}-{ssl_port2}.log",
f"python3 /opt/dirsearch/dirsearch.py -u https://{i}:{ssl_port2}/ -t 50 -e php,asp,aspx,txt,html -w /usr/share/wordlists/dirb/big.txt -x 403,500 --plain-text-report {self.target}-Report/webSSL/dirsearch-big-{i}-{ssl_port2}.log",
f"nikto -ask=no -host https://{i}:{ssl_port2} -ssl >{self.target}-Report/webSSL/niktoscan-{i}-{ssl_port2}.txt 2>&1 &",
)
self.processes = commands
