def __run_attacks(
url, sqlmap=False, nmap=False, intel=False, xss=False,
verbose=False, admin=False, given_path=None, auto=False, batch=False
):
"""
run the attacks if any are requested
"""
if not batch:
question = prompt(
"would you like to process found URL: '{}'".format(url), opts=["y", "N"]
)
else:
question = "y"
if question.lower().startswith("y"):
if sqlmap:
return sqlmap_scan.sqlmap_scan_main(url.strip(), verbose=verbose, opts=__create_arguments(sqlmap=True),
auto_search=auto, given_path=given_path)
elif nmap:
url_ip_address = replace_http(url.strip())
return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose, opts=__create_arguments(nmap=True))
elif intel:
url = get_true_url(url)
return intel_me.main_intel_amt(url, agent=agent_to_use, proxy=proxy_to_use)
elif admin:
main(url, show=opt.showAllConnections, verbose=verbose)
elif xss:
main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use, tamper=opt.tamperXssPayloads)
else:
pass
else:
logger.warning(set_color(
"skipping '{}'...".format(url), level=30
))
def __run_attacks(url,
sqlmap=False,
verbose=False,
nmap=False,
given_path=None,
auto=False,
batch=False):
"""
run the attacks if any are requested
"""
if not batch:
question = prompt(
"would you like to process found URL: '{}'".format(url),
opts=["y", "N"])
else:
question = "y"
if question.lower().startswith("y"):
if sqlmap:
return sqlmap_scan.sqlmap_scan_main(
url.strip(),
verbose=verbose,
opts=__create_sqlmap_arguments(),
auto_search=auto,
given_path=given_path)
elif nmap:
url_ip_address = replace_http(url.strip())
return nmap_scan.perform_port_scan(url_ip_address,
verbose=verbose)
else:
pass
else:
logger.warning(set_color("skipping '{}'...".format(url)))
def __run_attacks(
url, sqlmap=False, nmap=False, intel=False, xss=False,
verbose=False, admin=False, given_path=None, auto=False, batch=False
):
"""
run the attacks if any are requested
"""
__enabled_attacks = {
"sqlmap": opt.runSqliScan,
"port": opt.runPortScan,
"xss": opt.runXssScan,
"admin": opt.adminPanelFinder,
"intel": opt.intelCheck
}
enabled = set()
for key in __enabled_attacks.keys():
if __enabled_attacks[key] is True:
enabled.add(key)
if len(enabled) > 1:
logger.error(set_color(
"it appears that you have enabled multiple attack types, "
"as of now only 1 attack is supported at a time, choose "
"your attack and try again. You can use the -f flag if "
"you do not want to complete an entire search again...", level=40
))
shutdown()
if not batch:
question = prompt(
"would you like to process found URL: '{}'".format(url), opts=["y", "N"]
)
else:
question = "y"
if question.lower().startswith("y"):
if sqlmap:
return sqlmap_scan.sqlmap_scan_main(url.strip(), verbose=verbose, opts=__create_arguments(sqlmap=True),
auto_search=auto, given_path=given_path)
elif nmap:
url_ip_address = replace_http(url.strip())
return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose, opts=__create_arguments(nmap=True))
elif intel:
url = get_true_url(url)
return intel_me.main_intel_amt(url, agent=agent_to_use, proxy=proxy_to_use)
elif admin:
main(url, show=opt.showAllConnections, verbose=verbose)
elif xss:
main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use, tamper=opt.tamperXssPayloads)
else:
pass
else:
logger.warning(set_color(
"skipping '{}'...".format(url), level=30
))
def run_attacks(url, **kwargs):
"""
run the attacks if any are requested
"""
nmap = kwargs.get("nmap", False)
sqlmap = kwargs.get("sqlmap", False)
xss = kwargs.get("xss", False)
admin = kwargs.get("admin", False)
verbose = kwargs.get("verbose", False)
whois = kwargs.get("whois", False)
clickjacking = kwargs.get("clickjacking", False)
# github = kwargs.get("github", False)
pgp = kwargs.get("pgp", False)
auto_start = kwargs.get("auto_start", False)
sqlmap_arguments = kwargs.get("sqlmap_args", None)
nmap_arguments = kwargs.get("nmap_args", None)
show_all = kwargs.get("show_all", False)
do_threading = kwargs.get("do_threading", False)
batch = kwargs.get("batch", False)
tamper_script = kwargs.get("tamper_script", None)
timeout = kwargs.get("timeout", None)
forwarded = kwargs.get("xforward", None)
proxy = kwargs.get("proxy", None)
agent = kwargs.get("agent", None)
conf_file = kwargs.get("conf_file", None)
threads = kwargs.get("threads", None)
force_ssl = kwargs.get("ssl", False)
if threads > MAX_THREADS:
threads = check_thread_num(threads, batch=batch)
__enabled_attacks = {
"sqlmap": sqlmap,
"port": nmap,
"xss": xss,
"admin": admin,
"whois": whois,
"clickjacking": clickjacking
}
enabled = set()
for key in __enabled_attacks.keys():
if __enabled_attacks[key] is True:
enabled.add(key)
if len(enabled) > 1:
logger.error(
set_color(
"it appears that you have enabled multiple attack types, "
"as of now only 1 attack is supported at a time, choose "
"your attack and try again. You can use the -f flag if "
"you do not want to complete an entire search again "
"(IE -f /home/me/zeus-scanner/log/url-log/url-log-1.log)",
level=40))
lib.core.common.shutdown()
question_msg = "would you like to process found URL: '{}'".format(url)
if not batch:
question = lib.core.common.prompt(question_msg, opts="yN")
else:
question = lib.core.common.prompt(question_msg, opts="yN", default="y")
if question.lower().startswith("y"):
if sqlmap:
from lib.attacks import sqlmap_scan
return sqlmap_scan.sqlmap_scan_main(
url.strip(),
verbose=verbose,
opts=create_arguments(sqlmap=True,
sqlmap_args=sqlmap_arguments,
conf=conf_file),
auto_start=auto_start)
elif nmap:
from lib.attacks import nmap_scan
url_ip_address = replace_http(url.strip())
return nmap_scan.perform_port_scan(url_ip_address,
verbose=verbose,
timeout=timeout,
opts=create_arguments(
nmap=True,
nmap_args=nmap_arguments))
elif admin:
from lib.attacks.admin_panel_finder import main
main(url,
show=show_all,
proc_num=threads,
verbose=verbose,
do_threading=do_threading,
batch=batch)
elif xss:
from lib.attacks.xss_scan import main_xss
if check_for_protection(PROTECTED, "xss"):
main_xss(url,
verbose=verbose,
proxy=proxy,
agent=agent,
tamper=tamper_script,
batch=batch,
force_ssl=force_ssl)
elif whois:
from lib.attacks.whois_lookup.whois import whois_lookup_main
whois_lookup_main(url, verbose=verbose, timeout=timeout)
elif clickjacking:
from lib.attacks.clickjacking_scan import clickjacking_main
if check_for_protection(PROTECTED, "clickjacking"):
clickjacking_main(url,
agent=agent,
proxy=proxy,
forward=forwarded,
batch=batch)
# elif github:
# from lib.attacks.gist_lookup import github_gist_search_main
# query = replace_http(url)
# github_gist_search_main(query, agent=agent, proxy=proxy, verbose=verbose)
elif pgp:
from var.search.pgp_search import pgp_main
pgp_main(url, verbose=verbose)
else:
pass
else:
logger.warning(set_color("skipping '{}'".format(url), level=30))
