def subdomain_enum(self, target): print '\n[*] Sub-Domain Enumeration for: %s' % (target) print '-'*40 #Get word list if "-w" in sys.argv: try: subs = [x.strip() for x in open(coretools.plus_one('-w'))] except: print "[!] Error parsing custom word list, reverting to default..." subs = [x.strip() for x in open('../resources/subdomain_list.txt')] else: subs = [x.strip() for x in open('../resources/subdomain_list.txt')] for s in subs: query = s+'.'+target try: #resp = socket.gethostbyname(str(query)) # DNS Query resolver = dns.resolver.Resolver() resolver.timeout = 3 resolver.lifetime = 3 dns_query = resolver.query(query, 'A') dns_query.nameservers = ['8.8.8.8', '8.8.4.4'] for resp in dns_query: # Output space_num = len(sys.argv[-1]) + 10 print '+ %-*s--> %s' % (space_num, query, resp) #dynamically make output length if dns_fun.logging: coretools.write_file(dns_fun.filename, '%-*s %s' % (space_num,query, resp)) except Exception as e: pass coretools.exit("\n")
def scan(self, header): try: #setup connection sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(2) sock.connect((self.target, self.port)) #incorporate ssl TLSv1_1 if self.secure: sock = ssl.wrap_socket(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_SSLv23) sock.sendall(header) #read response resp = sock.recv(4096) # Add HTTP code to summary report self.summary.append(resp.splitlines()[0][9:]) # Print response header print "<--------------\nResponse Header\n<--------------" for line in resp.splitlines(): print line sock.close() except KeyboardInterrupt: coretools.exit("\n[!] Key Event Detected...\n\n") except Exception as e: print "[-] HTTP Response: ", e self.summary.append(e)
def crawler(self): print "[*] Initializing Scan...\n\nSpider Stats:\n", "-" * 35 crawl_count = 0 while crawl_count < self.max_pages and crawl_count != len(self.pages): try: threads = [] self.status(crawl_count) for z in range(0, self.max_threads): if crawl_count < self.max_pages and crawl_count != len( self.pages): t = Thread(target=self.request_handler, args=(self.pages[crawl_count], )) t.daemon = True threads.append(t) t.start() crawl_count += 1 for t in threads: t.join(1) #Give time for first threaad to collect links if crawl_count == 1: sleep(5) except KeyboardInterrupt: coretools.exit("\n[!] Key Event Detected...\n") except Exception, e: pass
def start_scan(targets, methods): print "\n[*] Starting Scan...\n\n" #verbose = show failed attempts if "-v" in sys.argv: verbose = True else: verbose = False num_count = 0 for target in targets: #progress counter triggers every 20 targest that are scanned if num_count != 0 and num_count % 20 == 0: print "[*] get_header.py Status: ", coretools.get_percent( num_count, len(targets)) #Start scan output = [] for method in methods: try: #Create URL url = str(method) + str(target) # Get Header response = get_header(url) print "\n[+] Target: %s" % (url) print response except KeyboardInterrupt: coretools.exit("\n[!] Keyboard Interrupt Caught...\n\n") except Exception as e: if verbose: print "\n[-] Target: %s" % (url) print e num_count += 1 coretools.exit("\n[!] Scan Complete\n\n")
def main(): #Help banner if "-h" in sys.argv or len(sys.argv) <= 1: banner() #Setup info target = sys.argv[-1] if "://" in target: print "\n[!] http / https:// not required, stripping from target..." temp = target.split("://") target = temp[1] #Check if SSL enabled if "-ssl" in sys.argv: ssl = True else: ssl = False #Get port information try: port = int(coretools.plus_one("-p")) except: coretools.exit("\n[-] Error parsing port, see -h for more\n\n") try: #Start verb tamper scan = tamper(target, port, ssl) for verb in scan.verbs: scan.scan(scan.add_headers(verb)) #Get Results: scan.results() except Exception, e: coretools.exit("\n Main Error: %s" % (e))
def main(): #help check if "-h" in sys.argv or len(sys.argv) == 1: banner() #Choose Scan methods if "-m" in sys.argv and coretools.plus_one("-m") == "http": methods = ['http://'] elif "-m" in sys.argv and coretools.plus_one("-m") == "https": methods = ['https://'] else: methods = ['http://', 'https://'] #verbose = show failed attempts if "-v" in sys.argv: verbose = True else: verbose = False # set max threads if "-t" in sys.argv: try: max_threads = int(coretools.plus_one("-t")) except: print "[!] Error parsing max pages, reverting to default" max_threads = 5 else: max_threads = 5 #Start program targets = coretools.list_targets(sys.argv[-1]) status_report(methods, len(targets)) print "\n[*] Starting Scan...\n" scan_count = 0 while scan_count != len(targets): threads = [] #Start Threads for x in range(0, max_threads): if scan_count != len(targets): t = Thread(target=scan, args=( targets[scan_count], methods, verbose, )) t.daemon = True threads.append(t) t.start() scan_count += 1 for t in threads: t.join(1) coretools.exit("\n[!] Scan Complete\n\n")
def main(): # Help banner if "-h" in sys.argv or len(sys.argv) == 1: banner() targets = coretools.list_targets(sys.argv[-1]) #verbose output if "-v" in sys.argv: v = True else: v = False # set max threads if "-t" in sys.argv: try: max_threads = int(coretools.plus_one("-t")) except: print "[!] Error parsing max pages, reverting to default" max_threads = 5 else: max_threads = 5 # set max threads if "-p" in sys.argv: try: port = int(coretools.plus_one("-p")) except: print "[!] Error parsing max pages, reverting to default" coretools.exit("[!] Invalid port detected\n\n") else: port = 80 print "\n[*] Starting WebDav Scan\n" #start scan scan_count = 0 while scan_count != len(targets): threads = [] for z in range(0, max_threads): if scan_count != len(targets): x = Thread(target=scan, args=( targets[scan_count], port, v, )) threads.append(x) x.daemon = True x.start() scan_count += 1 for t in threads: t.join(1) coretools.exit("\n[!] Scan Complete\n\n")
def results(self): # summarize findings print "---------------\nSummary of Results\n---------------" if not self.summary: coretools.exit( "[!] No Summary Provided\n[*] Check input and try again") print "\nTarget: %s Port: %-5s SSL: %s \n" % ( self.target, self.port, self.secure) verbcount = 0 for s in self.summary: print '[*] Verb: %-8s Status:' % (self.verbs[verbcount]), s verbcount += 1 coretools.exit("\n[+] Scan Complete\n")
def banner(): print ''' ------------------------------- Verb Tamper script: ------------------------------- options: -ssl For ssl encryption -p [port] port to send data Usage: python http_opt.py -p port [server/IP] python http_opt.py -p 443 -ssl google.com python http_opt.py -p 80 127.0.0.1 ''' coretools.exit('\n')
def scan(t, port, v): # Setup Socket Connection sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(0.5) # HTTP Request Header data = 'PROPFIND / HTTP/1.1\n' data += 'Host: %s\n' % (t) data += 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36\n' data += 'Content-Type: application/xml\n' data += 'Content-Length: 0\n\n' try: sock.connect((t, port)) sock.send(data) resp = sock.recv(2014) sys.stdout.flush() x = resp.splitlines()[0] # pull http code for summary if "207" in x: srv_count = 0 for y in resp.splitlines(): if srv_count == 1: break if 'Server:' in y: sys.stdout.write("[+] WebDav Enabled: %s (Code: %s %s)\n" % (t, x.split(" ")[1], y)) srv_count += 1 if srv_count != 1: print sys.stdout.write( "[+] WebDav Enabled: %s (Code: %s Server: N/A)\n" % (t, x.split(" ")[1])) else: sys.stdout.write("[-] WebDav Disabled: %s (Code: %s)\n" % (t, x.split(" ")[1])) sock.close() except KeyboardInterrupt: sock.close() coretools.exit("\n[!] Key Event Detected...\n\n") except Exception as e: if v: sys.stdout.write("[-] WebDav Disabled: %s (%s)\n" % (t, e)) sock.close()
def setup_logging(self): try: if not os.path.exists('spider_output/'): os.mkdir('spider_output/') dir = "spider_output/%s/" % (self.source[0:5]) if not os.path.exists(dir): os.mkdir(dir) else: print "[!] Spider of site detected..." req = raw_input("[*] Delete existing records? (Y/n): ") if req == "n" or req == "N": print "\n\n[*] Closing\n" sys.exit(0) coretools.remove_dir(dir) os.mkdir(dir) return dir except Exception, e: coretools.exit("[!] Setup Logging Error: %s" % (e))
def main(): #Help banner if "-h" in sys.argv or len(sys.argv) == 1: banner() #starting url prep url = sys.argv[-1] if "://" not in url: print "\n\n[!] Must include http:// | https:// tag" print "[!] see ./spider.py --help for more\n\n" sys.exit(0) if url.endswith("/"): url = url.rstrip("/") #set max pages to spider if "-c" in sys.argv: try: max_pages = int(sys.argv[sys.argv.index("-c") + 1]) except: print "[!] Error parsing max pages, reverting to default" max_pages = 50 else: max_pages = 50 #set max threads if "-t" in sys.argv: try: max_threads = int(sys.argv[sys.argv.index("-t") + 1]) except: print "[!] Error parsing max pages, reverting to default" max_threads = 5 else: max_threads = 5 try: scan = spider(url, max_pages, max_threads) except KeyboardInterrupt: coretools.exit("\n[!] Key Event Detected...\n") except Exception, e: pass
def banner(): print """ Get_Header This script will connect to the target machine(s) and return the full HTTP response header. This will test both http and https unless otherwise noted in the command line arguments. Used for recon and fingerprinting target machines. Method: -m [http/https] Default will be both http & https -v Verbose output (show failed attempts) Targets: *) python get_header.py -m http scope.txt *) python get_header.py 10.0.0.1 *) python get_header.py -nw 10.0.0.0/24 *) python get_header.py 10.0.0.1, 10.0.0.3 *) python get_header.py 10.0.0.1-50 """ coretools.exit("\n")
def https_default(target): #Prep target domain for scanning, will return https://target.com/ #Check if target has domain extension if "." not in target: exit("\n[!] Error Invalid target, try again...\n\n") #check for Protocol Identifier try: if "://" not in target: # modify for url print "\n[!] http:// or https:// not privided...\n[*] Defaulting to: https://" target = str("https://" + target) #if target ends with / if target.endswith("/"): return target else: return str(target + "/") except Exception as E: # print E exit("[!] Error prepairing target for scan...")
def banner(): print """ Get_Server This script will connect to the target machine(s) and return the HTTP response "Server" header. Used for recon and fingerprinting target machines. Method: -m [http/https] Default will be both http & https -v Verbose output (show failed attempts) -t Number of threads (default: 5) Targets: *) python get_server.py -m http scope.txt *) python get_server.py 10.0.0.1 *) python get_server.py 10.0.0.1-5 *) python get_server.py 10.0.0.1,10.0.0.3 *) python get_server.py 10.0.0.0/24 """ coretools.exit("\n")
def banner(): print ''' DnS_FuN.pY ----------------------------------- DNS Lookup: -t [type] DNS lookup types: [NS, A, AAAA, MX, TXT, CNAME, HINFO, ISDN, PTR, SOA] -t all Lookup all DNS types DNS Zone Transfer: -z Perform DNS Zone Transfer Sub-Domain Brute Force: -s Subdomain Brute force -w [file.txt] custom word list Example usage: python dns_fun.py -t MX google.com python dns_fun.py -z zonetransfer.me python dns_fun.py -s yahoo.com''' coretools.exit("\n")
def main(): try: #help banner if "-h" in sys.argv or len(sys.argv) == 1: banner() #quick target input validation target = sys.argv[-1] if "://" in target or "." * 2 in target: coretools.exit("\n[!] DNS_fun Target Error, use -h for more\n\n") #new class dns_scan = dns_fun() if "-t" in sys.argv: dns_scan.lookup(target, coretools.plus_one("-t")) elif "-z" in sys.argv: dns_scan.zone_transfer(target) elif "-s" in sys.argv: dns_scan.subdomain_enum(target) else: coretools.exit("\n[-] No options selected, use -h for more information\n\n") except Exception as e: coretools.exit("[!] Error parsing initial options: %s" % (e))
status_report(methods, len(targets)) print "\n[*] Starting Scan...\n" scan_count = 0 while scan_count != len(targets): threads = [] #Start Threads for x in range(0, max_threads): if scan_count != len(targets): t = Thread(target=scan, args=( targets[scan_count], methods, verbose, )) t.daemon = True threads.append(t) t.start() scan_count += 1 for t in threads: t.join(1) coretools.exit("\n[!] Scan Complete\n\n") if __name__ == '__main__': try: main() except KeyboardInterrupt: coretools.exit("\n[!] Keyboard Interrupt Caught...\n\n")
def start_it(self): try: #Set Max Threads try: if "-t" in sys.argv and int(coretools.plus_one("-t")) <= 50: max_threads = int(coretools.plus_one("-t")) else: print "[*] Using default thread count..." max_threads = 25 except: print "[!] Error parsing thread input, reverting to default..." max_threads = 25 #Set scan depth try: if "-d" in sys.argv and int(coretools.plus_one("-d")) <= 8: max_depth = int(coretools.plus_one("-d")) else: print "[*] Using default depth..." max_depth = 3 except: print "[!] Error parsing depth input, reverting to default..." max_depth = 3 #start scan print "[*] Using max depth: %s, and max threads: %s" % ( max_depth, max_threads) print "[*] Starting Dir brute force for: %s\n\n" % ( brudis.base_url) for x in range(0, max_depth): if x == 0: temp_url = [] # Put urls in temp list for y in brudis.depth[0]: temp_url.append(str(brudis.base_url + y)) else: temp_url = [] # Put urls temp list for a in brudis.depth[x]: for b in brudis.depth[0]: temp_url.append(str(a + b)) # Setup threading url_count = 0 while url_count != len(temp_url): threads = [] for z in range(0, max_threads): #if statement prevents threading from continuing after list is done if url_count != len(temp_url): if brudis.debug: print "[!!] SENDING %s --> thread #%s" % ( temp_url[url_count], z) t = Thread(target=brudis.send_it, args=(self, temp_url[url_count], x + 1)) t.daemon = True threads.append(t) t.start() url_count += 1 for t in threads: t.join(1) except KeyboardInterrupt: coretools.exit("\n[!] Keyboard Interrupt Caught\n") except Exception as e: if brudis.bedug: coretools.exit("\n[!!] Error start_it: %s" % (e)) else: pass
target = temp[1] #Check if SSL enabled if "-ssl" in sys.argv: ssl = True else: ssl = False #Get port information try: port = int(coretools.plus_one("-p")) except: coretools.exit("\n[-] Error parsing port, see -h for more\n\n") try: #Start verb tamper scan = tamper(target, port, ssl) for verb in scan.verbs: scan.scan(scan.add_headers(verb)) #Get Results: scan.results() except Exception, e: coretools.exit("\n Main Error: %s" % (e)) if __name__ == '__main__': try: main() except KeyboardInterrupt: coretools.exit("\n[!] Key Event Detected...\n\n")
threads.append(t) t.start() crawl_count += 1 for t in threads: t.join(1) #Give time for first threaad to collect links if crawl_count == 1: sleep(5) except KeyboardInterrupt: coretools.exit("\n[!] Key Event Detected...\n") except Exception, e: pass #print "[!] Crawler Error: ", e self.status(crawl_count) sys.stdout.write("\x1b[A") coretools.exit(" " * 65 + "\n[*] Scan Complete\n") def request_handler(self, url): # Setup Request agent = 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36' request = urllib2.Request(url) request.add_header('User-Agent', agent) request.add_header('Referer', self.source) # ssl cert handling ctx = ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE try: # Capture response response = urllib2.urlopen(request, timeout=2, context=ctx)