def update_ports(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) csv_data = utils.just_read(command.get('output_path'), get_list=True) if not csv_data: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False result = {} for line in csv_data[1:]: host = line.split(',')[0] port = line.split(',')[3] if result.get('host', None): result[host] += "," + str(port).strip(',') else: result[host] = port final_result = [] for host, ports in result.items(): item = "ip_address|{0};;ports|{1}".format(host, ports) final_result.append(item) utils.just_write(command.get('cleaned_output'), "\n".join(final_result))
def waiting(options, delay=20, times=0): elapsed_time = 0 if times: count = 0 module_name = options.get('CURRENT_MODULE', False) utils.print_info('Waiting for {0} module'.format(module_name)) checking = poll_status(options) while checking: time.sleep(delay) if not times: # just don't print this too much if ((elapsed_time / delay) % 10) == 0: utils.print_info('Waiting for {0} module'.format(module_name)) time.sleep(delay) if times: utils.print_info('Waiting for {0} module {1}/{2}'.format( module_name, str(count), str(times))) if count == int(times): poll_status(options, forced=True) utils.print_bad( "Something bad with {0} module but force to continue". format(module_name)) break count += 1 checking = poll_status(options)
def update_tech(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path'), get_list=True) if not output: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False tech_summaries = [] for line in output: try: jsonl = utils.get_json(line) if jsonl.get('matches'): domain = utils.get_domain(jsonl.get('hostname')) techs = [x.get('app_name') for x in jsonl.get('matches')] item = "domain|{0};;technologies|{1}".format( domain, ",".join(techs)) tech_summaries.append(item) except: pass cleaned_output = utils.just_write(command.get('cleaned_output'), "\n".join(tech_summaries)) if cleaned_output: utils.check_output(command.get('cleaned_output')) # update technologies to db summary.push_with_file(self.options, command.get('cleaned_output'))
def parsing_argument(args): # parsing agument options = config.parsing_config(args) # Start Django API if it's not running if not args.client: if not utils.connection_check('127.0.0.1', 8000): p = Process(target=start_server, args=(options.get('localhost'), )) p.start() # wait for Django API start time.sleep(3) else: utils.print_info("Look like Django API already ran") options = auth.login(options) if not options or not (options['JWT'] and options['JWT'] != "None"): utils.print_bad("Can't login to get JWT") sys.exit(-1) # run list of target if options.get('target_list') and utils.not_empty_file( options.get('target_list')): targets = utils.just_read(options.get('target_list'), get_list=True) for target in targets: options['raw_target'] = target options['workspace'] = target single_target(options) else: single_target(options)
def get_scheme(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) csv_data = utils.just_read(command.get('requirement'), get_list=True) if not csv_data: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False summaries, result = [], [] for line in csv_data[1:]: # print(line) if ',' not in line or len(line.split(',')) < 3: continue _results = line.split(',') host = _results[0].strip('"') port = _results[2].strip('"') service = _results[4].strip('"') + "/" + _results[5].strip('"') result.append("http://" + host + ":" + port) result.append("https://" + host + ":" + port) sum_line = f"domain|{host};;ip_address|{host};;ports|{port};;technologies|{service}" summaries.append(sum_line) # print(sum_line) scheme_path = utils.replace_argument( self.options, '$WORKSPACE/vulnscan/scheme-$OUTPUT.txt') utils.just_write(scheme_path, "\n".join(result)) # update summaries table formatted_summary = utils.replace_argument( self.options, '$WORKSPACE/vulnscan/formatted-summary-$OUTPUT.txt') utils.just_write(formatted_summary, "\n".join(summaries)) summary.push_with_file(self.options, formatted_summary)
def clean_massdns(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path'), get_list=True) if not output: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False only_A_record, summaries, resolved = [], [], [] for line in output: if '. A ' in line: only_A_record.append(line.split('. A ')[1].strip()) resolved.append(line.split('. A ')[0]) summary = "domain|{0};;ip_address|{1}".format( line.split('. A ')[0], line.split('. A ')[1]) summaries.append(summary) elif '. CNAME ' in line: resolved.append(line.split('. CNAME ')[0]) cleaned_output = utils.just_write(command.get('cleaned_output'), "\n".join(only_A_record)) resolved_path = utils.replace_argument( self.options, '$WORKSPACE/probing/resolved-$OUTPUT.txt') resolved_output = utils.just_write(resolved_path, "\n".join(resolved)) if cleaned_output: utils.check_output(command.get('cleaned_output')) if resolved_output: utils.check_output(resolved_path) self.update_summaries(summaries)
def update_ports(self, command): utils.print_good('Cleaning for {0}:{1}'.format(command.get('banner'), command.get('pre_run'))) csv_data = utils.just_read(command.get('requirement'), get_list=True) if not csv_data: utils.print_bad('Requirement not found: {0}'.format( command.get('requirement'))) return False result = {} for line in csv_data[1:]: host = line.split(',')[0] port = line.split(',')[3] if result.get(host, None): result[host] += "," + str(port).strip(',') else: result[host] = port # store it as format can submit to summaries final_result = [] for host, ports in result.items(): item = "ip_address|{0};;ports|{1}".format(host, ports) final_result.append(item) utils.just_write(command.get('cleaned_output'), "\n".join(final_result)) summary.push_with_file(self.options, command.get('cleaned_output'))
def show(options): head = ['Workspaces'] contents = report.list_workspaces(options) if not contents: utils.print_bad("No Workspace found") return print(tabulate(contents, head, tablefmt="grid"))
def clean_gowitness(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) real_cmd = utils.resolve_command( self.options, { "banner": "gowitness gen report", "cmd": "$GO_PATH/gowitness report generate -n $WORKSPACE/portscan/screenshot/$OUTPUT-raw-gowitness.html --destination $WORKSPACE/portscan/screenshot/raw-gowitness/ --db $WORKSPACE/portscan/screenshot/gowitness.db", "output_path": "$WORKSPACE/portscan/screenshot/$OUTPUT-raw-gowitness.html", }) execute.send_cmd(self.options, real_cmd) raw_html = utils.just_read(real_cmd.get('output_path')) if not raw_html: utils.print_bad('Requirement not found: {0}'.format( real_cmd.get('output_path'))) return False local_path = utils.replace_argument(self.options, '$WORKSPACE/portscan/') real_html = raw_html.replace(local_path, '') utils.just_write(command.get('cleaned_output'), real_html) utils.check_output(command.get('cleaned_output'))
def show(options): raw_contents = report.list_workspaces(options) if not raw_contents: utils.print_bad("No Workspace found") return head = ['Available Workspaces'] content = [[x] for x in raw_contents] print(tabulate(content, head, tablefmt="grid"))
def show(options): content = export.exports_to_file(options) if not content: utils.print_bad("No Workspace found") return data = utils.just_read(content) print(data) utils.print_block(content, tag='OUTPUT')
def show(options, get_content=False): raw_contents = report.full_reports(options) # print(raw_contents) if not raw_contents: utils.print_bad("Workspace not found") return if get_content: reading_content(options, raw_contents) else: read_paths(raw_contents)
def single_target(options): if not options or not (options['JWT'] and options['JWT'] != "None"): utils.print_bad("Can't login to get JWT") sys.exit(-1) # don't create new workspace in report mode if options.get('mode') != 'report': options = initial.init_workspace(options) # run specific task otherwise run the normal routine routine.routine_handle(options)
def _verify_target(target, target_list): if target_list: if utils.not_empty_file(target_list): real_target = target_list else: utils.print_bad("Input file not found: {0}".format(target_list)) sys.exit(-1) else: real_target = target return real_target
def slack_noti(options, noti_type): try: if 'log' in noti_type: pass elif 'done' in noti_type: slack_done(options) else: slack_status(options) except: utils.print_bad("Fail to send noti to slack") pass
def clean_gobuster(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path')) if not output: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False cleaned_output = utils.just_write(command.get('cleaned_output'), output.replace('Found: ', '')) if cleaned_output: utils.check_output(command.get('cleaned_output'))
def clean_gowitness(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) raw_html = utils.just_read(command.get('output_path')) if not raw_html: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False local_path = utils.replace_argument( self.options, '$WORKSPACE/screenshot/') real_html = raw_html.replace(local_path, '') utils.just_write(command.get('cleaned_output'), real_html)
def get_domain(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path')) if not output: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False no_scheme = output.replace('https://', '').replace('http://', '') utils.just_write(command.get('cleaned_output'), no_scheme) if command.get('cleaned_output'): utils.check_output(command.get('cleaned_output'))
def clean_massdns(self, command): utils.print_good('Cleaning for {0}:{1}'.format(command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path'), get_list=True) if not output: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False # only get A record only_A_record = "\n".join([x.split('. A ')[0] for x in output if '. A ' in x]) cleaned_output = utils.just_write(command.get( 'cleaned_output'), only_A_record) if cleaned_output: utils.check_output(command.get('cleaned_output'))
def login(options): url = options.get('remote_api') + "/auth/api/token/" body = { "username": options.get('credentials')[0], "password": options.get('credentials')[1] } r = send.send_post(url, body, is_json=True) if r.json().get('access'): utils.print_good("Authentication success") jwt = 'Osmedeus ' + r.json().get('access') options['JWT'] = jwt return options utils.print_bad("Authentication failed") return False
def get_workspace_info(options): url = options.get('remote_api') + "/api/workspace/get/" headers = send.osmedeus_headers headers['Authorization'] = options.get( 'JWT') if options.get('JWT') else options.get('jwt') body = { "workspace": options.get('workspace'), } r = send.send_post(url, body, headers=headers, is_json=True) if r and r.json().get('status') == 200: return r.json() utils.print_bad("Workpsace not found") return False
def show(options): raw_reports = summary.get_summary(options) # print(raw_reports) if not raw_reports: utils.print_bad("Workspace not found") return head = ['Domain', 'IP', 'Technologies', 'Ports'] contents = [] for element in raw_reports: item = [ element.get('domain'), element.get('ip_address'), element.get('technologies'), element.get('ports'), ] contents.append(item) print(tabulate(contents, head, tablefmt="grid"))
def clean_findomain(self, command): utils.print_good('Cleaning for {0}:{1}'.format( command.get('banner'), command.get('post_run'))) output = utils.just_read(command.get('output_path'), get_list=True) if not output: utils.print_bad('Output not found: {0}'.format( command.get('output_path'))) return False result = [] for line in output: if '>>' in line.strip(): domain = line.strip().strip('>> ').split(' => ')[0] ip = line.strip().strip('>> ').split(' => ')[0] result.append(domain) cleaned_output = utils.just_write(command.get('cleaned_output'), "\n".join(result)) if cleaned_output: utils.check_output(command.get('cleaned_output'))
def login(options): url = options.get('remote_api') + "/auth/api/token/" body = { "username": options.get('credentials')[0], "password": options.get('credentials')[1] } r = send.send_post(url, body, is_json=True) try: if r.json().get('access'): utils.print_good("Authentication success") jwt = 'Osmedeus ' + r.json().get('access') options['JWT'] = jwt return options except: utils.print_bad("Authentication failed at: " + url) print(''' [!] This might happened by running Osmedeus with sudo but the install process running with normal user You should install the whole Osmedeus and running it with root user. Or whitelist masscan + nmap in sudoers file because it's required sudo permission. ''') return False
def init_workspace(options): url = options.get('remote_api') + "/api/workspace/create/" headers = send.osmedeus_headers headers['Authorization'] = options.get('JWT') body = { "raw_target": options.get('raw_target'), 'mode': options.get('mode'), 'modules': options.get('modules', 'None'), 'speed': options.get('speed'), 'forced': options.get('forced'), 'debug': options.get('debug'), } if options.get('workspace', False): body["workspace"] = options.get('workspace') r = send.send_post(url, body, headers=headers, is_json=True) if r: options['workspace'] = r.json().get('workspace') # just print some log if r.json().get('status') == 200: utils.print_good("New workspace created") elif r.json().get('status') == 442: utils.print_info( "Workspaces already exists. Use '-w <new workspace name>' option if you want to create new one" ) arguments = get_workspace_info(options) if arguments: options = {**options, **arguments} # just upper all key final_options = {} for key in options.keys(): final_options[key.upper()] = options.get(key) return final_options utils.print_bad("Fail to create new workspace") return False
def get_scheme(self, command): utils.print_good('Preparing for {0}:{1}'.format( command.get('banner'), command.get('pre_run'))) scheme_path = utils.replace_argument( self.options, '$WORKSPACE/portscan/scheme-$OUTPUT.txt') csv_data = utils.just_read(command.get('requirement'), get_list=True) if not csv_data: utils.print_bad('Requirement not found: {0}'.format( command.get('requirement'))) return False result = [] for line in csv_data[1:]: host = line.split(',')[0] port = line.split(',')[3] result.append("http://" + host + ":" + port) result.append("https://" + host + ":" + port) utils.just_write(scheme_path, "\n".join(result)) utils.check_output(scheme_path)