def email(args): if not args.url: colors.error('Please enter an URL for finding emails') LOGGER.error('[-] Please enter an URL for finding emails') sys.exit(1) try: from lib.others.info_gathering.finder import finding_email colors.info('Performing email gathering over : {}'.format(args.url)) findEmailObj = finding_email.FindingEmails(args.url) found_emails = findEmailObj.parse_emails() if args.output: if args.output.endswith('.txt'): file = args.output else: file = args.output + '.txt' with open(file, 'w') as f: f.write('---[!] Emails---\n\n') for email in found_emails: f.write(str(email) + os.linesep) colors.success('File has been saved successfully') except ImportError: colors.error('Could not import the required module.') LOGGER.error('[-] Could not import the required module.') except Exception as e: LOGGER.error(e)
def restore(self): """ Restores the IP tables of the target and the router to the default state (before ARP spoof attack) """ colors.info('Restoring IP tables') target_arp_packet = scapy.ARP(op=2, pdst=self.target_ip, hwdst=self.target_mac, psrc=self.router_ip, hwsrc=self.router_mac) router_arp_packet = scapy.ARP(op=2, pdst=self.router_ip, hwdst=self.router_mac, psrc=self.target_ip, hwsrc=self.target_mac) COUNT = 10 # Send 10 packets to restore while COUNT > 0: scapy.send(target_arp_packet, verbose=False) scapy.send(router_arp_packet, verbose=False) COUNT = COUNT - 1 colors.success('ARP Table restored')
def getMAC(self, IP, name): """ Fetches MAC address of the selected IP """ arp_packet = scapy.ARP(pdst=IP) broadcast = scapy.Ether(dst='ff:ff:ff:ff:ff:ff') arp_broadcast = broadcast/arp_packet broadcast = scapy.srp(arp_broadcast, timeout=1, verbose=False)[0] mac_addr_str = self.capture_output(broadcast) mac_addr = re.findall(r'\w\w:\w\w:\w\w:\w\w:\w\w:\w\w', mac_addr_str)[0] mac_addr = str(mac_addr).strip() colors.success('Found MAC address for {} : {} is : {}' .format(name, IP, mac_addr)) val = str(input('>> Enter(Y/y) to continue or enter MAC address : '))\ .strip() if val == 'Y' or val == 'y': return mac_addr elif self.validateMAC(val): colors.info('Setting MAC address for {} : {} : {}' .format(name, IP, val)) return val else: colors.error('Please enter a valid MAC address...') self.getMAC(IP, name)
def startScan(self): """ Distributes the list of scans into multiple processor and starts the scan """ colors.info('Hash scanning started...') colors.info('Press CTRL+C to stop...') t1 = time.time() try: processes = [] for mode in self.list_scans: newProcess = multiprocessing.Process(target=self.modeScan, args=(mode, )) newProcess.start() processes.append(newProcess) for process in processes: process.join() except KeyboardInterrupt: colors.error('Stopping the process...') except Exception as e: print(e) finally: t2 = time.time() colors.success('Completed in {}'.format(t2 - t1)) resultDict = self.parseResult() return resultDict
def comment(args): if not args.url: colors.error('Please enter an URL for finding comments') LOGGER.error('[-] Please enter an URL for finding comments') sys.exit(1) try: from lib.others.info_gathering.finder import finding_comment colors.info('Performing comment gathering over : {}'.format(args.url)) findCommnentObj = finding_comment.FindingComments(args.url) comment_dict = findCommnentObj.parse_comments() if args.output: if args.output.endswith('.txt'): file = args.output else: file = args.output + '.txt' with open(file, 'w') as f: f.write('---[!] Comments---\n\n') for k, v in comment_dict.items(): f.write(str(k) + ' : ' + str(v) + os.linesep) colors.success('File has been saved successfully') except ImportError: colors.error('Could not import the required module.') LOGGER.error('[-] Could not import the required module.') except Exception as e: LOGGER.error(e)
def networkScan(self): print('Enter the IP address to start scanning...') ip = str(input()).strip() if self.validateIP(ip): try: colors.info('Initiating ARP Scan') from lib.scanner.ip_scanner import arp_scanner arpScanObj = arp_scanner.ARPScan(ip=ip, start_ip=None, end_ip=None, threads=100) total_index, result_dict = arpScanObj.threadingScan() index = int(input('>> Enter the index of the target IP : ')) if index < total_index and index > 0: self.target_ip = result_dict[index][0] self.target_mac = result_dict[index][1] colors.success('Target IP set to : {}'.format(self.target_ip)) colors.success('Target MAC set to : {}'.format(self.target_mac)) except ImportError: colors.error('Could not import the required module.') except Exception as e: print(e) else: colors.error('Please enter a valid IP address...') self.networkScan()
def check_url(self, url): ua_list = [ 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0', 'Mozilla/5.0 (X11; Linux i586; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10' ] ua = random.choice(ua_list) headers = { 'User-Agent':ua, } colors.info('Checking the URL if it is live') try: response = requests.get(url, headers=headers) response_code = response.status_code colors.info('Got a respose for the URL with status code:{}'.format(response_code)) if response_code == 200: self.scan_headers = headers return True else: return False except Exception as e: print(e) return False
def ssl(args): if not args.url: colors.error('Please enter an URL for SSL scanning') LOGGER.error('[-] Please enter an URL for SSL scanning') sys.exit(1) try: from lib.scanner.ssl_scanner import ssl_scanner colors.info('SSL scan using SSL Labs API') data = ssl_scanner.analyze(args.url) ssl_data = ssl_scanner.vulnerability_parser(data) if args.output: if args.output.endswith('.txt'): file = args.output else: file = args.output + '.txt' with open(file, 'wt') as f: f.write('[+] Vulnerability Scan Result : \n\n') for k, v in ssl_data.items(): f.write(str(k) + ' : ' + str(v) + os.linesep) colors.success('File has been saved successfully') except ImportError: colors.error('Could not import the required module.') LOGGER.error('[-] Could not import the required module.') except Exception as e: LOGGER.error(e)
def template_images(temp_image): template_image_dir_path = os.path.join(os.getcwd(), template_image_dir_name) try: if os.path.isdir(template_image_dir_name): colors.info('Template image sections folder already exists.') else: os.mkdir(template_image_dir_path) colors.success('Template image sections folder created.') except OSError: colors.error('Permission denied at {}: Cannot create template image sections folder' .format(template_image_dir_path)) exit(1) os.chdir(os.path.join(os.getcwd(), template_image_dir_name)) colors.success('Directory set to new location ') # Loading Template image. colors.success('Image read into memory') x = y = 0 width = [160, 320, 480, 640] # Respective width dimension for the template image. height = [160, 320, 480] # Respective height dimension for the template image. count = 0 for h in height: for w in width: image_section = temp_image[y:h, x:w] # Creating section of image. x = w cv2.imwrite(str(count) + ".jpg", image_section) # writing each template image section to template directory. count += 1 x = 0 y = h
def __init__(self, mac_addr=None, interface=None): self.is_root() if mac_addr is None: self.newMAC = self.generateMAC() elif self.validateMAC(mac_addr): self.newMAC = mac_addr else: colors.error('Please provide a valid MAC address...') sys.exit(1) colors.info('MAC address will be changed to : {}'.format(self.newMAC)) if interface is None: self.interface = self.getInterface() else: self.interface = interface self.origMAC = self.interfaceMAC() colors.info('Original MAC address is : {}'.format(self.origMAC)) if self.interface is None or \ self.newMAC is None or \ self.origMAC is None: colors.error('Error! could not change the MAC') sys.exit(1)
def handle_sigint(signum, frame): global sigint_count message1 = "Press Ctrl-C once again" message2 = "Vault was interrupted by SIGINT" sigint_count += 1 if sigint_count >= 2: colors.error(message2) else: colors.info(message1) sys.exit(1)
def gather_header(self): try: r = self.get_response() headers_dict = r.headers colors.info('Header Details') for key, value in headers_dict.items(): colors.success(' {} : {} '.format(key, value)) return headers_dict except Exception as e: colors.error(e)
def changeMAC(self, mac): """ Changes the MAC address of the selected interface """ colors.info('Changing MAC address...') time.sleep(2) # Wait for the interface to be up subprocess.call(['ifconfig', self.interface, 'down']) subprocess.call(['ifconfig', self.interface, 'hw', 'ether', mac]) subprocess.call(['ifconfig', self.interface, 'up'])
def process_display(verbose, type, message): if args.v is False: verbose = 0 if type == 0 and verbose == 0: colors.success(message) elif type == 1 and verbose == 0: colors.error(message) elif type == 2 and verbose == 0: colors.process(message) elif type == 3 and verbose == 0: colors.info(message)
def os_scan(self): colors.info('OS Scan running on: {}'.format(self.target)) self.nm.scan(self.target, arguments="-O") if len(self.nm[self.nm.all_hosts()[0]]["osmatch"]) != 0: colors.success('OS Scan results of: {}'.format( self.nm.all_hosts()[0])) for osmatch in self.nm[self.nm.all_hosts()[0]]["osmatch"]: print("[+] Name: {}".format(osmatch["name"])) print("[+] Accuracy: {}".format(osmatch["accuracy"])) else: colors.info('No OS matches for host')
def generateMAC(): """ Generates random MAC address """ colors.info('No desired MAC found, generating random MAC...') return "52:54:00:%02x:%02x:%02x" % ( random.randint(0, 255), random.randint(0, 255), random.randint(0, 255), )
def scan(self): null_byte = "%00" success_count = 0 url = self.url ck = self.check_url(url) if ck: _matches = self.payload_data["linux"] _payloads = self.payload_data["linux"].keys() _prefixs = self.payload_data["linuxPrefix"] urls = [] for _prefix in _prefixs: urls.append(url + _prefix) # Now Sart Scanning for _url in urls: for _payload in _payloads: scan_url = _url + _payload res = requests.get(scan_url, headers=self.scan_headers) for _match in _matches[_payload]: if _match in res.text: colors.success( "LFI Detected!: {}".format(scan_url)) success_count += 1 if "syntax error" in res.text: colors.error( "Syntax Parse Error: {}".format(scan_url)) # Still no success, now check with null byte if success_count == 0: colors.info("Now creating payloads with one NULL BYTE suffix.") for _url in urls: for _payload in _payloads: scan_url = _url + _payload + null_byte res = requests.get(scan_url, headers=self.scan_headers) for _match in _matches[_payload]: if _match in res.text: colors.success( "LFI Detected! : {}".format(scan_url)) success_count += 1 if "syntax error" in res.text: colors.error( "Syntax Parse Error:{}".format(scan_url)) if success_count == 0: colors.error('No LFI Detected') else: colors.error('An error occured, make sure provided URL is valid ' 'and accessible.')
def startAttack(self): try: colors.info('Ping of death attack on: {}' .format(self.target_ip)) colors.success('Ping of death attack started, press CTRL+C to ' 'stop...') t1 = time.time() self.attack() except KeyboardInterrupt: t2 = time.time() colors.success('Completed in time: {}'.format(t2-t1))
def threadingScan(self): t1 = time.time() self.setIP() with ThreadPoolExecutor(max_workers=self.threads) as executor: tasks = [] for ip in range(self.start_ip, self.end_ip): task = executor.submit(self.pingScan, (ip)) tasks.append(task) t2 = time.time() colors.info('Completed in {}'.format(t2 - t1))
def restore(self): """ Restore the network services """ colors.info('[!] Restoring the network services...') command0 = 'airmon-ng stop {}'.format(self.monFace) command1 = 'service networking restart' command2 = 'service network-manager restart' self.quickExecute(command0) self.quickExecute(command1) self.quickExecute(command2) colors.success('Restored')
def fuzz(args): if not args.url: colors.error('Please enter an URL for fuzzing') LOGGER.error('[-] Please enter an URL for fuzzing') sys.exit(1) try: from lib.others.fuzzer import fuzzer colors.info('Performing fuzzing on : {}'.format(args.url)) fuzzObj = fuzzer.Fuzzer(base_url=args.url, thread_num=args.threads) fuzzObj.initiate() except ImportError: colors.error('Could not import the required module.') LOGGER.error('[-] Could not import the required module.') except Exception as e: LOGGER.error(e)
def start_engine(self): while not self.fuzz_queue.empty(): fuzz_text = self.fuzz_queue.get() fuzz_url = self.generate_url(fuzz_text) self.fuzz_queue.task_done() try: status = self.send_request(fuzz_url) if status == 1: colors.success('Found -> {}'.format(fuzz_url)) self.discovered_url.append(fuzz_url) elif status == 2: colors.info('Redirection Detected -> {}'.format(fuzz_url)) self.redirected_url.append(fuzz_url) except Exception as e: colors.error(e)
def get_target_IP(self): """ Fetches target IP to spoof """ if self.target_ip is None: print('[-] No target IP selected, please enter an IP address or run network scan (Enter "S") : ') value = str(input()).strip() if value == 'S' or value == 's': self.networkScan() elif self.validateIP(value): colors.info('Selected target IP is : {}'.format(value)) self.target_ip = value else: colors.error('Please enter a valid IP address to continue...') self.get_target_IP()
def info(args): if not args.url: colors.error('Please enter an URl for information gathering') LOGGER.error('[-] Please enter an URl for information gathering') sys.exit(1) try: from lib.others.info_gathering import header_vuln colors.info('Performing information gathering over : {}'.format( args.url)) infoGatherObj = header_vuln.HeaderVuln(args.url) header_data = infoGatherObj.gather_header() cookie_data = infoGatherObj.insecure_cookies() method_data = infoGatherObj.test_http_methods() if args.output: if args.output.endswith('.txt'): file = args.output else: file = args.output + '.txt' i = 1 with open(file, 'w') as f: f.write('---[!] Header Details---\n\n') for k, v in header_data.items(): f.write(str(k) + ' : ' + str(v) + os.linesep) f.write('\n---[!] Testing Insecure Cookies---\n\n') for k in cookie_data: f.write(k + os.linesep) f.write('\n---[!] Testing HTTP methods---\n\n') for k in method_data: if i % 3 != 0: f.write(str(k) + ' ') else: f.write(str(k) + os.linesep) i = i + 1 colors.success('File has been saved successfully') except ImportError: colors.error('Could not import the required module.') LOGGER.error('[-] Could not import the required module.') except Exception as e: LOGGER.error(e)
def resetMAC(self): """ Restores the MAC address of the interface """ self.changeMAC(self.origMAC) checkMAC = self.interfaceMAC() if checkMAC == self.origMAC: colors.success('MAC address restored to default : {}'.format( self.origMAC)) colors.info('Exiting...') sys.exit(1) else: colors.error('Failed to restore MAC address, trying again...') self.resetMAC()
def test_http_methods(self): modes_list = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE', 'TEST'] colors.info('Testing HTTP methods') method_data = [] for mode in modes_list: r = requests.request(mode, self.url) colors.success(' {} {} {}'.format(mode, r.status_code, r.reason)) method_data.append(mode) method_data.append(r.status_code) method_data.append(r.reason) if mode == 'TRACE' and 'TRACE / HTTP/1.1' in r.text: colors.info('Possible Cross Site Tracing vulnerability found') return method_data
def bruteforce(args): if not args.url: colors.error('Please enter an URL for bruteforce') LOGGER.error('[-] Please enter an URL for bruteforce') sys.exit(1) try: from lib.others.bruteforce_login import bruteforce_login colors.info('Performing bruteforce on : {}'.format(args.url)) bruteforceObj = bruteforce_login.BruteforceLogin(url=args.url, threads=args.threads, user=args.username) bruteforceObj.startAttack() except ImportError: colors.error('Could not import the required module.') LOGGER.error('[-] Could not import the required module.') except Exception as e: LOGGER.error(e)
def threadingScan(self): """ Threads the scanning process """ t1 = time.time() self.setIP() colors.info('ARP Scan started...') with ThreadPoolExecutor(max_workers=self.threads) as executor: tasks = [] for ip in range(self.start_ip, self.end_ip): task = executor.submit(self.ARPScan, (ip)) tasks.append(task) self.parseResult(t1)
def template_images(temp_image): template_image_dir_path = os.path.join(os.getcwd(), template_image_dir_name) print(template_image_dir_path) try: if os.path.isdir(template_image_dir_name): colors.info('Template image sections folder already exists.') else: os.mkdir(template_image_dir_path) colors.success('Template image sections folder created.') except OSError: colors.error('Permission denied at {}:\ Cannot create template image sections folder'.format( template_image_dir_path)) exit(1) os.chdir(os.path.join(os.getcwd(), template_image_dir_name)) colors.success('Directory set to new location ') # Loading Template image. colors.success('Image read into memory') x = y = 0 width = [160, 320, 480, 640] height = [160, 320, 480] count = 0 template_thread_process = [] for h in height: for w in width: template_thread_process.append( th(target=thread_breaker, args=(x, y, h, w, temp_image, count))) x = w count += 1 x = 0 y = h for process in template_thread_process: process.start() for process in template_thread_process: process.join()
def collect(self): # 1. create partitions from rdds (partition_num = len(workers)) # 2. for every target_partition in partitions, find in partition_discover: # - if exists, fetch result from corresponding worker partition_discover = self.context.partition_discover results = [partition_discover.get_partition(partition.uuid) for partition in self.partitions] missing_index = [None if result is not None else i for i, result in enumerate(results)] missing_index = filter(lambda m: m is not None, missing_index) print info("collect", missing_index) # add to job server if missing job_server = self.context.job_server for i in range(self.partition_num): # - if doesn't exist, or previous try failed if results[i] is None: # - broadcast a `job` with partition uuid job_server.add(self.partitions[i]) # 3. keep discovering rdds until found the target_rdd while True: missing_index = [None if result is not None else i for i, result in enumerate(results)] missing_index = filter(lambda m: m is not None, missing_index) if len(missing_index) is 0: break # print 'keep discovering', missing_index for i in missing_index: partition = self.partitions[i] # try to fetch again results[i] = partition_discover.get_partition(partition.uuid) # if success this time if results[i] is not None: # 4. stop broadcast the `job` print success("Got " + str(i) + ":" + str(results[i])) job_server.remove(partition) gevent.sleep(0.1) # 5. retrieve result of the rdd result = [] for element in results: result += element return result
def open_redirect(args): if not args.url: colors.error('Please enter an URL for scanning') LOGGER.error('[-] Please enter an URL for scanning') sys.exit(1) else: try: colors.info("Testing for open redirection Vulnerability") from lib.others.open_redirection import redirection redirection.ORVT(args.url) except ImportError: colors.error('Could not import the required module') LOGGER.error('[-] Could not import the required module') except Exception as e: print(e) LOGGER.error(e) sys.exit(1)
if __name__ == '__main__': # 1. broadcast a `worker` with new generated uuid, {address=ip:port} worker = WorkerServer() # 2. discover `job`, append to jobs job_discover = JobDiscover() # 3. start a job server job_server = JobServer() # 3. discover `partitions`, append to partitions partition_discover = PartitionDiscover() # 4. start a partitions_server partition_server = PartitionServer() # 5. start a loop keep trying to get a job from jobs: while True: print info('Fetching job...') # 1. connect to job's source, lock it up to prevent other workers to take it next_job = job_discover.take_next_job() # block here print info('Got job.') # 2. get the dumped_partition, unload it partition = job_discover.get_partition_from_job(next_job) if partition is None: continue logger.debug('got partition') # 3. check partition in partition_server if partition_server.exists(partition.uuid): print warn('Finished job. Skip') continue