コード例 #1
0
async def paramspider(ctx, *, argument):
    if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
        await ctx.send(
            "**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
        )
        return

    paramPath = TOOLS['paramspider']
    await ctx.send(
        "**Collecting Parameters Using ParamSpider, We Will Send The Results When It's Done**"
    )
    Process = subprocess.Popen(
        f"python3 {paramPath}/paramspider.py -d {argument}",
        shell=True,
        stdout=subprocess.PIPE,
        stderr=subprocess.STDOUT)
    Output = Process.communicate()[0].decode('UTF-8')

    Output = removeColors.Remove(Text=Output)
    Output = Output.split('\n')
    urlsList = []
    for singleLine in Output:
        if singleLine.startswith('http'):
            urlsList.append(singleLine)
        else:
            pass

    Output = '\n'.join(urlsList)

    if len(Output) > 2000:
        RandomStr = randomStrings.Genrate()

        with open(f'messages/{RandomStr}', 'w') as Message:
            Message.write(Output)
            Message.close()

            messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
            if not messageSize:
                await ctx.send(
                    "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                )
                return
            elif messageSize > 8:
                URL_ = filesUploader.uploadFiles(
                    filePath=f'messages/{RandomStr}')
                if not URL_:
                    await ctx.send(
                        "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                    )
                    return
                else:
                    await ctx.send(f"ParamSpider Results: {URL_}")
            else:
                await ctx.send("**ParamSpider Results:**",
                               file=discord.File(f"messages/{RandomStr}"))
                await ctx.send(f"\n**- {ctx.message.author}**")
    else:
        await ctx.send(f'**ParamSpider Results:**')
        await ctx.send(f'```{Output}```')
        await ctx.send(f"\n**- {ctx.message.author}**")
コード例 #2
0
async def info(ctx, *, argument):
    global logsItems

    if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
        await ctx.send(
            "**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
        )
        return

    try:
        subdomainsFile = logsItems[argument]
    except Exception:
        await ctx.send(
            "**There's no subdomains has been collected for this target. please use** `.subdomains [TARGET]` **Then try again.**"
        )
        return

    await ctx.send(
        f"**Getting Subdomains Information (titles , status-codes, web-servers) for {argument} using httpx.**"
    )
    Process = subprocess.Popen(
        f"cat data/subdomains/{subdomainsFile} | httpx -title -web-server -status-code -follow-redirects -silent",
        shell=True,
        stdout=subprocess.PIPE,
        stderr=subprocess.STDOUT)
    httpxResults = Process.communicate()[0].decode('UTF-8')
    httpxResults = removeColors.Remove(Text=httpxResults)

    if len(httpxResults) > 2000:
        RandomStr = randomStrings.Genrate()

        with open(f'messages/{RandomStr}', 'w') as Message:
            Message.write(httpxResults)
            Message.close()

            messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
            if not messageSize:
                await ctx.send(
                    "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                )
                return
            elif messageSize > 8:
                URL_ = filesUploader.uploadFiles(
                    filePath=f'messages/{RandomStr}')
                if not URL_:
                    await ctx.send(
                        "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                    )
                    return
                else:
                    await ctx.send(f"Httpx Results: {URL_}")
            else:
                await ctx.send("**Httpx Results:**",
                               file=discord.File(f"messages/{RandomStr}"))
                await ctx.send(f"\n**- {ctx.message.author}**")
    else:
        await ctx.send(f"**Httpx Results For {argument}:**")
        await ctx.send(f'```{httpxResults}```')
        await ctx.send(f"\n**- {ctx.message.author}**")
コード例 #3
0
async def subjs(ctx, *, argument):
    global logsItems

    if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
        await ctx.send(
            "**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
        )
        return

    try:
        subdomainsFile = logsItems[argument]
    except Exception:
        await ctx.send(
            "**There's no subdomains has been collected for this target. please use** `.subdomains [TARGET]` **Then try again.**"
        )
        return

    await ctx.send(f"**Extracting JS Files From {argument} Using Subjs**")
    Process = subprocess.Popen(f"cat data/subdomains/{subdomainsFile} | subjs",
                               shell=True,
                               stdout=subprocess.PIPE,
                               stderr=subprocess.STDOUT)
    subjsResults = Process.communicate()[0].decode('UTF-8')

    if subjsResults == '':
        await ctx.send(f"**Subjs Couldn't Find Issue On {argument}**")
    elif len(subjsResults) > 2000:
        RandomStr = randomStrings.Genrate()

        with open(f'messages/{RandomStr}', 'w') as Message:
            Message.write(subjsResults)
            Message.close()

            messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')

            if not messageSize:
                await ctx.send(
                    "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                )
                return
            elif messageSize > 8:
                URL_ = filesUploader.uploadFiles(
                    filePath=f'messages/{RandomStr}')
                if not URL_:
                    await ctx.send(
                        "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                    )
                    return
                else:
                    await ctx.send(f"Subjs Results: {URL_}")
            else:
                await ctx.send("**Subjs Results:**",
                               file=discord.File(f"messages/{RandomStr}"))
                await ctx.send(f"\n**- {ctx.message.author}**")
    else:
        await ctx.send(f"**Subjs Results For {argument}:**")
        await ctx.send(f'```{subjsResults}```')
        await ctx.send(f"\n**- {ctx.message.author}**")
コード例 #4
0
async def findomain(ctx, *, argument):
    if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
        await ctx.send(
            "**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
        )
        return

    findomainPath = TOOLS['findomain']
    await ctx.send(
        "**Collecting Subdomains Using Findomain, We Will Send The Results When It's Done**"
    )
    Process = subprocess.Popen(f"{findomainPath} --target {argument} --quiet",
                               shell=True,
                               stdout=subprocess.PIPE,
                               stderr=subprocess.STDOUT)
    Output = Process.communicate()[0].decode('UTF-8')

    if len(Output) > 2000:
        RandomStr = randomStrings.Genrate()

        with open(f'messages/{RandomStr}', 'w') as Message:
            Message.write(Output)
            Message.close()

            messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
            if not messageSize:
                await ctx.send(
                    "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                )
                return
            elif messageSize > 8:
                URL_ = filesUploader.uploadFiles(
                    filePath=f'messages/{RandomStr}')
                if not URL_:
                    await ctx.send(
                        "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                    )
                    return
                else:
                    await ctx.send(f"Findomain Results: {URL_}")
            else:
                await ctx.send("**Findomain Results:**",
                               file=discord.File(f"messages/{RandomStr}"))
                await ctx.send(f"\n**- {ctx.message.author}**")
    else:
        await ctx.send("**Findomain Results:**")
        await ctx.send(f"```{Output}```")
        await ctx.send(f"\n**- {ctx.message.author}**")
コード例 #5
0
async def gitls(ctx, *, argument):
    if not CommandInjection.commandInjection(RCE=RCE, argument=argument):
        await ctx.send(
            "Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
        )
        return

    await ctx.send("**Collecting github projects using gitls**")
    Process = subprocess.Popen(f"echo https://github.com/{argument} | gitls",
                               shell=True,
                               stdout=subprocess.PIPE,
                               stderr=subprocess.STDOUT)
    Output = Process.communicate()[0].decode('UTF-8')

    if len(Output) > 2000:
        RandomStr = randomStrings.Genrate()

        with open(f'messages/{RandomStr}', 'w') as Message:
            Message.write(Output)
            Message.close()

            messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
            if not messageSize:
                await ctx.send(
                    "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                )
                return
            elif messageSize > 8:
                URL_ = filesUploader.uploadFiles(
                    filePath=f'messages/{RandomStr}')
                if not URL_:
                    await ctx.send(
                        "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                    )
                    return
                else:
                    await ctx.send(f"Gitls Results: {URL_}")
            else:
                await ctx.send("**Gitls Results:**",
                               file=discord.File(f"messages/{RandomStr}"))
                await ctx.send(f"\n**- {ctx.message.author}**")
    elif len(Output) == 0:
        await ctx.send(f"**Gitls didn't reutrn an output for your command**")
    else:
        await ctx.send(f'**Gitls Results:**')
        await ctx.send(f'```{Output}```')
        await ctx.send(f"\n**- {ctx.message.author}**")
コード例 #6
0
async def recon(ctx, *, argument):
    if path.exists(f'/{USER}/{RECON_PATH}/{argument}'):
        try:
            Path = f'/{USER}/{RECON_PATH}/{argument}'.replace('//',
                                                              '/').replace(
                                                                  '..', '')
            Data = open(Path).read().rstrip()
            Data = removeColors.Remove(Text=Data)
            Message = f"""```{Data}```"""
        except Exception:
            Message = f"**Couldn't Find The Recon Data With This Path: {argument}**"
    else:
        Message = "**Sorry The Path You Added Doesn't Exists On Our Records**"

    if len(Message) > 2000:
        RandomStr = randomStrings.Genrate()

        with open(f'messages/{RandomStr}', 'w') as writerHere:
            writerHere.write(Message)
            writerHere.close()

            messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
            if not messageSize:
                await ctx.send(
                    "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                )
                return
            elif messageSize > 8:
                URL_ = filesUploader.uploadFiles(
                    filePath=f'messages/{RandomStr}')
                if not URL_:
                    await ctx.send(
                        "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                    )
                    return
                else:
                    await ctx.send(f"Recon Results: {URL_}")
            else:
                await ctx.send("**Recon Results:**",
                               file=discord.File(f"messages/{RandomStr}"))
                await ctx.send(f"\n**- {ctx.message.author}**")
    else:
        await ctx.send(f'{Message}')
コード例 #7
0
async def subjack(ctx, *, argument):
    global resolvedItems

    if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
        await ctx.send(
            "**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
        )
        return

    try:
        resolvedFile = resolvedItems[argument]
        fileStr = randomStrings.Genrate()
    except Exception:
        await ctx.send(
            "**There's no subdomains has been collected for this target. please use** `.subdomains [TARGET]` **Then try again.**"
        )
        return

    await ctx.send(
        f"**Scanning {argument} For Possible Subdomains Takeover Issues Using Subjack**"
    )
    Process = subprocess.Popen(
        f"subjack -w data/hosts/{resolvedFile} -t 100 -timeout 30 -o data/subjack/{argument}-{fileStr}.subjack -ssl",
        shell=True,
        stdout=subprocess.PIPE,
        stderr=subprocess.STDOUT)
    subjackResults = Process.communicate()[0].decode('UTF-8')
    subjackResults = removeColors.Remove(Text=subjackResults)

    if subjackResults == '':
        await ctx.send(f"**Subjack Couldn't Find Issue On {argument}**")
    elif len(subjackResults) > 2000:
        RandomStr = randomStrings.Genrate()

        with open(f'messages/{RandomStr}', 'w') as Message:
            Message.write(subjackResults)
            Message.close()

            messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
            if not messageSize:
                await ctx.send(
                    "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                )
                return
            elif messageSize > 8:
                URL_ = filesUploader.uploadFiles(
                    filePath=f'messages/{RandomStr}')
                if not URL_:
                    await ctx.send(
                        "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                    )
                    return
                else:
                    await ctx.send(f"Subjack Results: {URL_}")
            else:
                await ctx.send("**Subjack Results:**",
                               file=discord.File(f"messages/{RandomStr}"))
                await ctx.send(f"\n**- {ctx.message.author}**")
    else:
        await ctx.send(f"**Subjack Results For {argument}:**")
        await ctx.send(f'```{subjackResults}```')
        await ctx.send(f"\n**- {ctx.message.author}**")
コード例 #8
0
async def subdomains(ctx, *, argument):
    global logsItems, resolvedItems

    if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
        await ctx.send(
            "**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
        )
        return
    '''
    Subdomains collections gonna use three tools
    subfinder, findomain, assetfinder

    it won't use amass until we upgrade the server. if you're a developer
    and you want to add amass. i guess you know what todo.
    '''

    await ctx.send(
        f"**Collecting Subdomains For {argument}, Gonna Send You It When It's Done**"
    )

    # global paths
    findomainPath = TOOLS['findomain']

    # findomain Subdomains
    Process = subprocess.Popen(f"{findomainPath} --target {argument} --quiet",
                               shell=True,
                               stdout=subprocess.PIPE,
                               stderr=subprocess.STDOUT)
    findomainResults = Process.communicate()[0].decode('UTF-8')

    # assetfinder Subdomains
    Process = subprocess.Popen(f"assetfinder --subs-only {argument}",
                               shell=True,
                               stdout=subprocess.PIPE,
                               stderr=subprocess.STDOUT)
    assetfinderResults = Process.communicate()[0].decode('UTF-8')

    # subfinder Subdomains
    Process = subprocess.Popen(f"subfinder -d {argument} -silent",
                               shell=True,
                               stdout=subprocess.PIPE,
                               stderr=subprocess.STDOUT)
    subfinderResults = Process.communicate()[0].decode('UTF-8')

    # filter duplicates
    allSubdomains = findomainResults + assetfinderResults + subfinderResults
    allSubdomains = Duplicates.Duplicates(Subdomains=allSubdomains)
    allSubdomains = subdomainsFilter.vSubdomains(sList=allSubdomains,
                                                 huntingTarget=argument)

    # saving subdomains
    fileName = randomStrings.Genrate()
    resolvedName = randomStrings.Genrate()

    currentPath = getcwd()
    allSubdomains = '\n'.join(allSubdomains)

    with open(f'data/hosts/{resolvedName}', 'w') as subdomainsFile:
        subdomainsFile.write(allSubdomains)
        subdomainsFile.close()

    # add resolved into logs
    resolvedParser.resolvedWriter(Target=argument,
                                  fileName=f"{resolvedName}\n")
    resolvedItems[argument] = resolvedName

    # validate subdomains
    Process = subprocess.Popen(
        f"cat data/hosts/{resolvedName} | httpx -silent",
        shell=True,
        stdout=subprocess.PIPE,
        stderr=subprocess.STDOUT)
    httpxResults = Process.communicate()[0].decode('UTF-8')

    # saving httpx results
    with open(f'data/subdomains/{fileName}', 'w') as subdomainsFile:
        subdomainsFile.write(httpxResults)
        subdomainsFile.close()

    # add results into logs
    logsParser.logsWriter(Target=argument, fileName=fileName)
    logsItems[argument] = fileName

    # send httpx results
    if len(httpxResults) > 2000:
        RandomStr = randomStrings.Genrate()

        with open(f'messages/{RandomStr}', 'w') as Message:
            Message.write(httpxResults)
            Message.close()

            messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
            if not messageSize:
                await ctx.send(
                    "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                )
                return
            elif messageSize > 8:
                URL_ = filesUploader.uploadFiles(
                    filePath=f'messages/{RandomStr}')
                if not URL_:
                    await ctx.send(
                        "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                    )
                    return
                else:
                    await ctx.send(f"Httpx Results: {URL_}")
            else:
                await ctx.send("**Httpx Results:**",
                               file=discord.File(f"messages/{RandomStr}"))
                await ctx.send(f"\n**- {ctx.message.author}**")
    else:
        await ctx.send(f"**Subdomains For {argument}:**")
        await ctx.send(f'```{httpxResults}```')
        await ctx.send(f"\n**- {ctx.message.author}**")
コード例 #9
0
async def trufflehog(ctx, *, argument):
    if not CommandInjection.commandInjection(RCE=RCE, argument=argument):
        await ctx.send(
            "**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
        )
        return

    # URL validation
    urlHost = urlparse(argument).netloc
    urlScheme = urlparse(argument).scheme
    if urlHost != "github.com" and urlHost != "gitlab.com":
        await ctx.send(
            "**You're trying to scan unallowed URL, please use a github/gitlab URL.**"
        )
        return

    if urlScheme not in ["http", "https"]:
        await ctx.send(
            "**You're trying to scan unallowed URL, please use a github/gitlab URL.**"
        )
        return

    await ctx.send(
        f"**Scanning {argument} for possible data leaks using truffleHog**")
    Process = subprocess.Popen(
        f"trufflehog --regex --entropy=False {argument}",
        shell=True,
        stdout=subprocess.PIPE,
        stderr=subprocess.STDOUT)
    Output = Process.communicate()[0].decode('UTF-8')
    Output = removeColors.Remove(Text=Output)

    if len(Output) > 2000:
        RandomStr = randomStrings.Genrate()

        with open(f'messages/{RandomStr}', 'w') as Message:
            Message.write(Output)
            Message.close()

            messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
            if not messageSize:
                await ctx.send(
                    "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                )
                return
            elif messageSize > 8:
                URL_ = filesUploader.uploadFiles(
                    filePath=f'messages/{RandomStr}')
                if not URL_:
                    await ctx.send(
                        "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                    )
                    return
                else:
                    await ctx.send(f"truffleHog Results: {URL_}")
            else:
                await ctx.send("**truffleHog Results:**",
                               file=discord.File(f"messages/{RandomStr}"))
                await ctx.send(f"\n**- {ctx.message.author}**")
    elif len(Output) == 0:
        await ctx.send(f"**truffleHog couldn't find leaks on: {argument}**")
    else:
        await ctx.send(f'**truggleHog Results:**')
        await ctx.send(f'```{Output}```')
        await ctx.send(f"\n**- {ctx.message.author}**")
コード例 #10
0
async def smuggler(ctx, *, argument):
    global logsItems

    if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
        await ctx.send(
            "**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
        )
        return

    try:
        subdomainsFile = logsItems[argument]
    except Exception:
        await ctx.send(
            "**There's no subdomains has been collected for this target. please use** `.subdomains [TARGET]` **Then try again.**"
        )
        return

    smugglerPath = TOOLS['smuggler']
    await ctx.send(
        f"**Scanning {argument} For HTTP Request Smuggling Issues Using Smuggler**"
    )

    if "http:" in argument or "https:" in argument:
        Process = subprocess.Popen(
            f"echo {argument} | python3 {smugglerPath}/smuggler.py",
            shell=True,
            stdout=subprocess.PIPE,
            stderr=subprocess.STDOUT)
        smugglerResults = Process.communicate()[0].decode('UTF-8')
    else:
        Process = subprocess.Popen(
            f"cat data/subdomains/{subdomainsFile} | python3 {smugglerPath}/smuggler.py",
            shell=True,
            stdout=subprocess.PIPE,
            stderr=subprocess.STDOUT)
        smugglerResults = Process.communicate()[0].decode('UTF-8')

    smugglerResults = removeColors.Remove(Text=smugglerResults)
    if len(smugglerResults) > 2000:
        RandomStr = randomStrings.Genrate()

        with open(f'messages/{RandomStr}', 'w') as Message:
            Message.write(smugglerResults)
            Message.close()

            messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')

            if not messageSize:
                await ctx.send(
                    "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                )
                return
            elif messageSize > 8:
                URL_ = filesUploader.uploadFiles(
                    filePath=f'messages/{RandomStr}')
                if not URL_:
                    await ctx.send(
                        "**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
                    )
                    return
                else:
                    await ctx.send(f"Smuggler Results: {URL_}")
            else:
                await ctx.send("**Smuggler Results:**",
                               file=discord.File(f"messages/{RandomStr}"))
                await ctx.send(f"\n**- {ctx.message.author}**")
    else:
        await ctx.send(f"**Smuggler Results For {argument}:**")
        await ctx.send(f'```{smugglerResults}```')
        await ctx.send(f"\n**- {ctx.message.author}**")