ip_address = sys.argv[1].strip()
port = sys.argv[2].strip()
if str(port) == "443":
header = "https://"
else:
header = "http://"
try:
print "\033[1;37m[-] ----------------------------------------------------------------------------- \033[1;m"
print(
'\033[1;37m[-] | Starting HTTP script scan for {0}:{1} \033[1;m'.
format(ip_address, port))
print "\033[1;37m[-] ----------------------------------------------------------------------------- \033[1;m"
if not recon.checknmaprunmod(ip_address,
"_http.nmap.{0}".format(ip_address)):
HTTPSCAN = "nmap -sV -Pn -vv -p {0} --script-args=unsafe=1 --script=http-enum,http-feed,http-open-proxy,http-headers,http-cors,http-server-header,http-php-version,http-form-brute,http-iis-short-name-brute,http-waf-fingerprint,http-auth,http-trace,http-iis-webdav-vuln,http-useragent-tester,http-vuln-cve2011-3368,http-userdir-enum,http-passwd,http-csrf,http-wordpress-enum,http-frontpage-login,http-dombased-xss,http-phpself-xss,http-sql-injection,http-drupal-enum-users,http-referer-checker,http-vuln-cve2009-3960,http-methods,http-open-redirect,http-vuln*,http-stored-xss,http-put,http-proxy-brute,http-rfi-spider,http-method-tamper,http-phpmyadmin-dir-traversal -oN ./results/{1}/{1}_http.nmap.{0} {1}".format(
port, ip_address)
results = subprocess.check_output(HTTPSCAN, shell=True)
recon.logparsertxt(results)
outfile = "results/{0}/{0}_HTTPrecon.txt".format(ip_address)
f = open(outfile, "w")
f.write(results)
f.close()
else:
print(
'\033[1;33m[+] {0} already scanned for HTTP port {1}...\033[1;m'.
format(ip_address, port))
results = open(
"./results/{0}/{0}_http.nmap.{1}".format(ip_address, port), "r")
recon.logparserfile(results)
import sys
import recon
if len(sys.argv) != 3:
print "Usage: ftprecon.py <ip address> <port>"
sys.exit(0)
ip_address = sys.argv[1].strip()
port = sys.argv[2].strip()
print "\033[1;37m[-] ----------------------------------------------------------------------------- \033[1;m"
print(
'\033[1;37m[-] | Starting FTP script scan for {0}:{1} - [This can take a long time]\033[1;m'
.format(ip_address, port))
print "\033[1;37m[-] ----------------------------------------------------------------------------- \033[1;m"
if not recon.checknmaprunmod(ip_address, "_ftp{0}.nmap".format(port)):
FTPSCAN = "nmap -sV -Pn -vv -p {0} --script=ftp-* -oN './results/{1}/{1}_ftp{0}.nmap' {1}".format(
port, ip_address)
results = subprocess.check_output(FTPSCAN, shell=True)
recon.logparsertxt(results)
else:
print('\033[1;33m[+] {0} already scanned for FTP port {1}...\033[1;m'.
format(ip_address, port))
results = open("./results/{0}/{0}_ftp{1}.nmap".format(ip_address, port),
"r")
recon.logparserfile(results)
# ==> Hydrascan disabled due to there is a brutescan allready in the nmap modules. if wanting to brute with own list it can be disabled and user and passwordlist added to wordlists
# print "INFO: Performing hydra ftp scan against {0}".format(ip_address)
# HYDRA = "hydra -L ./wordlists/ftpusers -P ./wordlists/ftppasswords -f -o ./results/{0}/{0}_ftphydra.txt -u {0} -s {1} ftp".format(ip_address, port)
#!/usr/bin/env python
import subprocess
import sys
import recon
if len(sys.argv) != 3:
print "Usage: ftprecon.py <ip address> <port>"
sys.exit(0)
ip_address = sys.argv[1].strip()
port = sys.argv[2].strip()
print "\033[1;37m[-] ----------------------------------------------------------------------------- \033[1;m"
print('\033[1;37m[-] | Starting FTP script scan for {0}:{1} - [This can take a long time]\033[1;m'.format(ip_address, port))
print "\033[1;37m[-] ----------------------------------------------------------------------------- \033[1;m"
if not recon.checknmaprunmod(ip_address, "_ftp{0}.nmap".format(port)):
FTPSCAN = "nmap -sV -Pn -vv -p {0} --script=ftp-* -oN './results/{1}/{1}_ftp{0}.nmap' {1}".format(port, ip_address)
results = subprocess.check_output(FTPSCAN, shell=True)
recon.logparsertxt(results)
else:
print('\033[1;33m[+] {0} already scanned for FTP port {1}...\033[1;m'.format(ip_address, port))
results = open("./results/{0}/{0}_ftp{1}.nmap".format(ip_address, port), "r")
recon.logparserfile(results)
# ==> Hydrascan disabled due to there is a brutescan allready in the nmap modules. if wanting to brute with own list it can be disabled and user and passwordlist added to wordlists
# print "INFO: Performing hydra ftp scan against {0}".format(ip_address)
# HYDRA = "hydra -L ./wordlists/ftpusers -P ./wordlists/ftppasswords -f -o ./results/{0}/{0}_ftphydra.txt -u {0} -s {1} ftp".format(ip_address, port)
# results = subprocess.check_output(HYDRA, shell=True)
# resultarr = results.split("\n")
# for result in resultarr:
print "Usage: httprecon.py <ip address> <port>"
sys.exit(0)
ip_address = sys.argv[1].strip()
port = sys.argv[2].strip()
if str(port) == "443":
header = "https://"
else:
header = "http://"
try:
print "\033[1;37m[-] ----------------------------------------------------------------------------- \033[1;m"
print('\033[1;37m[-] | Starting HTTP script scan for {0}:{1} \033[1;m'.format(ip_address, port))
print "\033[1;37m[-] ----------------------------------------------------------------------------- \033[1;m"
if not recon.checknmaprunmod(ip_address, "_http.nmap.{0}".format(port, ip_address)):
HTTPSCAN = "nmap -sV -Pn -vv -p {0} --script-args=unsafe=1 --script=http-enum,http-feed,http-open-proxy,http-headers,http-cors,http-server-header,http-php-version,http-form-brute,http-iis-short-name-brute,http-waf-fingerprint,http-auth,http-trace,http-iis-webdav-vuln,http-useragent-tester,http-vuln-cve2011-3368,http-userdir-enum,http-passwd,http-csrf,http-wordpress-enum,http-frontpage-login,http-dombased-xss,http-phpself-xss,http-sql-injection,http-drupal-enum-users,http-referer-checker,http-vuln-cve2009-3960,http-methods,http-open-redirect,http-vuln*,http-stored-xss,http-put,http-proxy-brute,http-rfi-spider,http-method-tamper,http-phpmyadmin-dir-traversal -oN ./results/{1}/{1}_http.nmap.{0} {1}".format(port, ip_address)
results = subprocess.check_output(HTTPSCAN, shell=True)
recon.logparsertxt(results)
outfile = "results/{0}/{0}_HTTPrecon.txt".format(ip_address)
f = open(outfile, "w")
f.write(results)
f.close()
else:
print('\033[1;33m[+] {0} already scanned for HTTP port {1}...\033[1;m'.format(ip_address, port))
results = open("./results/{0}/{0}_http.nmap.{1}".format(ip_address, port), "r")
recon.logparserfile(results)
print "\033[1;37m[-] ----------------------------------------------------------------------------- \033[1;m"
print('\033[1;37m[-] | Starting Selenium ScreenGrab scan for {0}:{1} \033[1;m'.format(ip_address, port))
print "\033[1;37m[-] ----------------------------------------------------------------------------- \033[1;m"
