def get_nullsessions(target): return_val={} logger.live_info('[{}]:\tATTEMPTING NULL SESSIONS'.format(logger.BLUE(target))) rpc_command_lsaquery = 'rpcclient -U "" -N {} -c "lsaquery"'.format(target) result = run(rpc_command_lsaquery, stdout=PIPE, stderr=PIPE,universal_newlines=False, shell=True) if len(result.stdout) > 0 and len(result.stderr) == 0: command_output = result.stdout elif len(result.stderr) > 0 and len(result.stdout) == 0: command_output = result.stderr decoded = command_output.decode('utf-8') has_error = error_handle(target,decoded) try: output = decoded.rstrip().replace('\n', ' ') logger.verbose('[{}]:\tOUTPUT FROM RPCCLIENT: {}'.format(logger.YELLOW(target),logger.YELLOW(str(output)))) except: logger.verbose('[{}]:\tOUTPUT FROM RPCCLIENT: FAILED TO GET DATA'.format(logger.YELLOW(target))) if has_error == True: logger.live_bad('[{}]:\tNULL SESSIONS: {}'.format(logger.RED(target),logger.RED('FAILED'))) return False elif has_error == False: logger.green('[{}]:\tNULL SESSIONS: {}'.format(logger.GREEN(target),logger.GREEN('SUCCESS'))) return True
def icmp_scan(target): # takes in a list of targets and tries to identify a list of hosts responding to icmp and returns them in a list timeout = 2 logger.verbose('ICMP Timeout set to: '+str(timeout)) logger.blue('Pinging: {}'.format(logger.BLUE(target))) resp = sr1(IP(dst=str(target))/ICMP(), timeout=timeout, verbose=0) try: icmp_type = str(resp.getlayer(ICMP).code) resp_parse = icmp_response_parse(icmp_type) logger.verbose('Got ICMP Type: [{}] {}'.format( logger.YELLOW(icmp_type), logger.YELLOW(resp_parse))) except: logger.verbose('Could not get ICMP Type code for: ' + logger.YELLOW(target)) if resp is None: logger.verbose('Got no response from: '+logger.YELLOW(target)) logger.red_indent('{}: Down'.format(logger.RED(target))) result = None elif(int(resp.getlayer(ICMP).type) == 3 and int(resp.getlayer(ICMP).code) in [1, 2, 3, 9, 10, 13]): logger.red_indent('{}: Down'.format(logger.RED(target))) result = None else: logger.green_indent('{}: Up'.format(logger.GREEN(target))) result = target return result
def insert(domain_data): db = init() data = vars(domain_data) logger.yellow('Adding %s to %s' % (logger.YELLOW(str(data)), logger.YELLOW(db_name))) try: db.insert(data) except Exception as e: logger.red('Got [%s] whilst adding %s to %s' % (logger.RED(str(e)), logger.RED(data), logger.RED(db_name))) return None # this return code wont be checked anywhere, i just dont like leaving unclosed functions :)
def get_nullsessions(target): logger.blue('Testing null sessions on {}'.format(logger.BLUE(target))) rpc_command_lsaquery = 'rpcclient -U "" -N {} -c "lsaquery"'.format(target) result = run(rpc_command_lsaquery, stdout=PIPE, stderr=PIPE, universal_newlines=False, shell=True) if len(result.stdout) > 0 and len(result.stderr) == 0: command_output = result.stdout elif len(result.stderr) > 0 and len(result.stdout) == 0: command_output = result.stderr decoded = command_output.decode('utf-8') has_error = error_handle(decoded) try: output = decoded.rstrip().replace('\n', ' ') logger.verbose('Output from rpcclient: '+logger.YELLOW(str(output))) except: logger.verbose('Failed to get output from rpcclient') if has_error != False: logger.red_indent( 'Failed to authenticate with null sessions to {}'.format(logger.RED(target))) return False elif has_error == False: logger.green_indent( 'Successfully authenticated with null sessions to {}'.format(logger.GREEN(target))) return True
def icmp_scan(targets): targets=[targets] # takes in a list of targets and tries to identify a list of hosts responding to icmp and returns them in a list logger.verbose('Amount of targets for ICMP Scan: {}'.format(len(targets))) alive_hosts = [] timeout = 2 logger.verbose('ICMP Timeout set to: '+logger.YELLOW(str(timeout))) for target in targets: logger.live_info('[{}]:\tSENDING ICMP'.format(logger.BLUE(target))) try: resp = sr1(IP(dst=str(target))/ICMP(), timeout=timeout, verbose=0) except: logger.live_bad('[{}]:\tGOT NO RESPONSE'.format(logger.RED(target))) try: icmp_type = str(resp.getlayer(ICMP).code) resp_parse = icmp_response_parse(icmp_type) logger.live_info('[{}]:\tGOT ICMP TYPE: [{}] {}'.format(logger.BLUE(target),logger.BLUE(icmp_type),logger.BLUE(resp_parse))) except: logger.live_info('[{}]:\tCOULD NOT GET ICMP TYPE'.format(logger.BLUE(target))) if resp is None: logger.live_bad('[{}]:\tGOT NO RESPONSE'.format(logger.RED(target))) logger.live_bad('[{}]:\tDOWN'.format(logger.RED(target))) elif(int(resp.getlayer(ICMP).type) == 3 and int(resp.getlayer(ICMP).code) in [1, 2, 3, 9, 10, 13]): logger.live_bad('[{}]:\tDOWN'.format(logger.RED(target))) else: logger.green('[{}]:\tUP [{}] {}'.format(logger.GREEN(target),logger.GREEN(icmp_type),logger.GREEN(resp_parse))) if target not in alive_hosts: alive_hosts.append(target) return alive_hosts
def get_name(target, timeout=2): logger.live_info('[{}]:\tATTEMPTING NETBIOS NAME'.format(logger.BLUE(target))) # logger.verbose('Timeout for NetBIOS resolution: '+str(timeout)) logger.verbose('[{}]:\tNETBIOS TIMEOUT: {}'.format(logger.YELLOW(target),logger.YELLOW(str(timeout)))) bios = NetBIOS() try: tmpnetbios_name = bios.queryIPForName(target, timeout=timeout) netbios_name = str(tmpnetbios_name[0]) except: netbios_name = None bios.close() if netbios_name == None: logger.live_bad('[{}]:\tNETBIOS NAME: {}'.format(logger.RED(target),logger.RED('FAILED'))) return None else: logger.green('[{}]:\tNETBIOS NAME: {}'.format(logger.GREEN(target),logger.GREEN(netbios_name))) return str(netbios_name)
def header(string): print(logger.RED(' ██████ ▓█████▄ ▄▄▄▄ ')) print(logger.RED('▒██ ▒ ▒██▀ ██▌▓█████▄ ')) print(logger.RED('░ ▓██▄ ░██ █▌▒██▒ ▄██ %s') % logger.YELLOW(string)) print(logger.RED(' ▒ ██▒░▓█▄ ▌▒██░█▀ ')) print(logger.RED('▒██████▒▒░▒████▓ ░▓█ ▀█▓')) print(logger.RED('▒ ▒▓▒ ▒ ░ ▒▒▓ ▒ ░▒▓███▀▒')) print(logger.RED('░ ░▒ ░ ░ ░ ▒ ▒ ▒░▒ ░ ')) print(logger.RED('░ ░ ░ ░ ░ ░ ░ ░ ')) print(logger.RED(' ░ ░ ░ '))
def port_scan(target, ports): src_port = RandShort() FIN = 0x01 SYN = 0x02 RST = 0x04 PSH = 0x08 ACK = 0x10 SYNACK = 0x12 RSTACK = 0x14 URG = 0x20 ECE = 0x40 CWR = 0x80 logger.blue('Checking TCP ports: {}'.format(logger.BLUE(target))) for port in ports: send_syn = sr1(IP(dst=target)/TCP(sport=src_port, dport=port, flags=SYN), verbose=0, timeout=2) if send_syn == None: logger.verbose( 'Recieved no TCP response from: '+logger.YELLOW(target)) logger.red_indent('{}:{} [{}]'.format(logger.RED( target), logger.RED(str(port)), logger.RED('CLOSED'))) elif(send_syn.haslayer(TCP)): if(send_syn.getlayer(TCP).flags == SYNACK): send_ack = sr(IP(dst=target)/TCP(sport=src_port, dport=port, flags=RST), verbose=0, timeout=2) logger.verbose('Recieved SYNACK from {}, responding with RST'.format( logger.YELLOW(target))) logger.green_indent('{}:{} [{}]'.format(logger.GREEN( target), logger.GREEN(str(port)), logger.GREEN('OPEN'))) logger.verbose('Found alive host: ' + logger.YELLOW(target)) return target elif (send_syn.getlayer(TCP).flags == RSTACK): logger.verbose('Recieved RSTACK from: ' + logger.YELLOW(target)) logger.red_indent('{}:{} [{}]'.format(logger.RED( target), logger.RED(str(port)), logger.RED('CLOSED'))) elif (send_syn.getlayer(TCP).flags == RST): logger.verbose('Recieved RST from: '+logger.YELLOW(target)) logger.red_indent('{}:{} [{}]'.format(logger.RED( target), logger.RED(str(port)), logger.RED('CLOSED'))) return None
def error_handle(target,cmd_out): ERRORS = ["NT_STATUS_CONNECTION_REFUSED", "NT_STATUS_INVALID_NETWORK_RESPONSE", "NT_STATUS_INVALID_PARAMETER", "NT_STATUS_UNSUCCESSFUL", "NT_STATUS_IO_TIMEOUT", "NT_STATUS_ACCESS_DENIED", "NT_STATUS_LOGON_FAILURE", "NT_STATUS_REVISION_MISMATCH", "COULD NOT CONNECT", "NT_STATUS_HOST_UNREACHABLE", "no servers could be reached"] val = False for error in ERRORS: if error in cmd_out: val = error # return the error if found # logger.verbose('Found error from rpcclient: {}'.format(logger.YELLOW(val))) logger.verbose('[{}]:\tERROR FROM RPCCLIENT: {}'.format(logger.YELLOW(target),logger.YELLOW(val))) break else: val = False # otherwise, return False if no error is found return val
def get_shares(target, domain_name, remote_name, username, password): my_name = 'WIN-2003' logger.verbose('[{}]:\tCLIENT NAME CONFIGURED TO: {}'.format(logger.YELLOW(target),logger.YELLOW(my_name))) logger.live_info('[{}]:\tATTEMPTING SHARES'.format(logger.BLUE(target))) server_ip = target if remote_name != None: logger.verbose('[{}]:\tCONNECTION STATUS: [{} | {} | {}]'.format(logger.YELLOW(target),logger.YELLOW(server_ip), logger.YELLOW(remote_name), logger.YELLOW(domain_name))) else: logger.verbose('[{}]:\tCONNECTION STATUS: [{} | {} | {}]'.format(logger.YELLOW(target),logger.YELLOW(server_ip), logger.YELLOW('COULD NOT RESOLVE'), logger.YELLOW(domain_name))) open_shares = [] if remote_name == None: logger.live_bad('[{}]:\tSMB CONNECTION: {}'.format(logger.RED(server_ip),logger.RED('COULD NOT GET REMOTE HOST NAME'))) return None else: conn = SMBConnection(username, password, my_name, remote_name,domain=domain_name, use_ntlm_v2=True, is_direct_tcp=True) logger.verbose('SMB configuration:') logger.verbose('\tConnecting with: {}'.format(logger.YELLOW(username))) for k, v in vars(conn).items(): attribute = str(k) value = str(v) if '<class' not in value and 'bound method' not in value and 'object' not in value and "b''" not in value: logger.verbose('\t'+attribute+': '+value) try: conn.connect(server_ip, 445) logger.green('[{}]:\tSMB CONNECTION: {}'.format(logger.GREEN(server_ip),logger.GREEN('SUCCESS'))) try: shares = conn.listShares(timeout=15) for share in range(len(shares)): share_name = str(shares[share].name) open_shares.append(share_name) except Exception as e: logger.live_bad('Got error: {}'.format(logger.RED(e))) except: logger.live_bad('[{}]:\tSMB CONNECTION: {}'.format(logger.RED(server_ip),logger.RED('FAILED'))) logger.green('[{}]:\tSHARES: {}'.format(logger.GREEN(target),logger.GREEN(', '.join(open_shares)))) return open_shares
def get_shares(target, domain_name, remote_name, username, password): my_name = 'WIN-2003' logger.verbose('Client name configured to: '+logger.YELLOW(my_name)) logger.blue('Looking up shares on {}'.format(logger.BLUE(target))) server_ip = target if remote_name != None: logger.verbose('Connection status: [{} | {} | {}]'.format(logger.YELLOW( server_ip), logger.YELLOW(remote_name), logger.YELLOW(domain_name))) else: try: logger.verbose('Connection status: [{} | {} | {}]'.format(logger.YELLOW( server_ip), logger.YELLOW('Could not resolve name'), logger.YELLOW(domain_name))) except: pass open_shares = [] if remote_name == None: logger.red_indent('Could not get remote hosts name, skipping...') return None else: conn = SMBConnection(username, password, my_name, remote_name, domain=domain_name, use_ntlm_v2=True, is_direct_tcp=True) logger.verbose('SMB configuration:') logger.verbose('\tConnecting with: {}'.format(logger.YELLOW(username))) for k, v in vars(conn).items(): attribute = str(k) value = str(v) if '<class' not in value and 'bound method' not in value and 'object' not in value and "b''" not in value: logger.verbose('\t'+attribute+': '+value) try: conn.connect(server_ip, 445) logger.green('Successfully connected to {} on {}'.format( logger.GREEN('smb'), logger.GREEN(server_ip))) try: shares = conn.listShares(timeout=15) for share in range(len(shares)): share_name = str(shares[share].name) logger.green_indent_list(logger.GREEN(share_name)) open_shares.append(share_name) except Exception as e: logger.red_indent('Got error: {}'.format(logger.RED(e))) except: logger.red_indent( 'Failed to obtain shares from {}'.format(logger.RED(server_ip))) return open_shares
def validate(email): try: # The password here doesnt really matter as the o365 link just requires anything, but its worthwhile having a common password in order to check for access at the same time password = '******' url = 'https://outlook.office365.com/Microsoft-Server-ActiveSync' headers = {"MS-ASProtocolVersion": "14.0"} auth = (email, password) try: logger.verbose('Attempting to validate %s' % logger.YELLOW(email)) r = requests.options(url, headers=headers, auth=auth) status = r.status_code except: logger.verbose('Unable to connect to [%s]' % logger.RED(url)) quit() if status == 401: logger.verbose('Successfully validated %s' % logger.GREEN(email)) return True elif status == 404: logger.verbose('Could not validate %s' % logger.RED(email)) return False elif status == 403: logger.green('Found credentials: %s:%s (2FA)' % (logger.GREEN(email), logger.GREEN(password))) return [True, password] elif status == 200: logger.green('Found credentials: %s:%s' % (logger.GREEN(email), logger.GREEN(password))) return [True, password] else: logger.verbose( 'Got HTTP Status Response %s. Unexpected, skipping.' % logger.RED(str(status))) return None except KeyboardInterrupt: logger.yellow('Keyboard interrupt detected!') quit()
def banner1(): print( logger.YELLOW(' _______ __ __ //') + logger.RED(' _______ _______ _______ _______ ___ _______ ')) print( logger.YELLOW('| || |_| | ') + logger.RED('| _ || || _ || || | | |')) print( logger.YELLOW('| _____|| | ') + logger.RED('| |_| || ___|| |_| || ___|| | | ___|')) print( logger.YELLOW('| |_____ | | ') + logger.RED('| || |___ | || | __ | | | |___ ')) print( logger.YELLOW('|_____ || | ') + logger.RED('| _ | | ___|| || || || |___ | ___|')) print( logger.YELLOW(' _____| || ||_|| | ') + logger.RED('| |_| || |___ | _ || |_| || || |___ ')) print( logger.YELLOW('|_______||_| |_| ') + logger.RED('|_______||_______||__| |__||_______||_______||_______|')) print()
def init(): if not os.path.isfile(db_name): logger.yellow('Creating database [%s]' % logger.YELLOW(db_name)) db = TinyDB(db_name) return db
logger.red('Unknown validation type: ' + logger.RED(args.validate)) logger.red('Please specify either %s or %s' % (logger.RED('o365'), logger.RED('hunter'))) quit() else: validation = None api_key = None data = data_structure.Data(cookie, company_id, email_format, domain, filename, keyword, validation, api_key) logger.debug(str(vars(data))) for k, v in vars(data).items(): if v != None: logger.yellow('%s set to %s' % (k, logger.YELLOW(v))) else: logger.debug('%s set to None' % k) print() try: logger.debug('Running core.run()') users = core.run(data) except KeyboardInterrupt: logger.yellow('Keyboard interrupt detected!') quit() logger.green('Done!') finish_time = datetime.datetime.now().replace(microsecond=0)
def banner2(): print() print( logger.YELLOW('▀█████████▄ ') + logger.RED(' ▄████████') + logger.YELLOW(' ▄████████ ') + logger.RED(' ▄██████▄ ') + logger.YELLOW(' ▄█ ') + logger.RED(' ▄████████')) print( logger.YELLOW(' ███ ███') + logger.RED(' ███ ███') + logger.YELLOW(' ███ ███ ') + logger.RED(' ███ ███ ') + logger.YELLOW('███ ') + logger.RED(' ███ ███')) print( logger.YELLOW(' ███ ███') + logger.RED(' ███ █▀ ') + logger.YELLOW(' ███ ███ ') + logger.RED(' ███ █▀ ') + logger.YELLOW('███ ') + logger.RED(' ███ █▀ ')) print( logger.YELLOW(' ▄███▄▄▄██▀ ') + logger.RED(' ▄███▄▄▄ ') + logger.YELLOW(' ███ ███ ') + logger.RED(' ▄███ ') + logger.YELLOW('███ ') + logger.RED(' ▄███▄▄▄ ')) print( logger.YELLOW('▀▀███▀▀▀██▄ ') + logger.RED('▀▀███▀▀▀ ') + logger.YELLOW('▀███████████ ') + logger.RED('▀▀███ ████▄ ') + logger.YELLOW('███ ') + logger.RED('▀▀███▀▀▀ ')) print( logger.YELLOW(' ███ ██▄') + logger.RED(' ███ █▄ ') + logger.YELLOW(' ███ ███ ') + logger.RED(' ███ ███ ') + logger.YELLOW('███ ') + logger.RED(' ███ █▄ ')) print( logger.YELLOW(' ███ ███') + logger.RED(' ███ ███') + logger.YELLOW(' ███ ███ ') + logger.RED(' ███ ███ ') + logger.YELLOW('███▌ ▄') + logger.RED(' ███ ███')) print( logger.YELLOW('▄█████████▀ ') + logger.RED(' ██████████') + logger.YELLOW(' ███ █▀ ') + logger.RED(' ████████▀ ') + logger.YELLOW('█████▄▄██') + logger.RED(' ██████████')) print( logger.YELLOW(' ') + logger.RED(' ') + logger.YELLOW(' ') + logger.RED(' ') + logger.YELLOW('▀ ') + logger.RED(' '))
def main(): # We don't need if conditions, since we alreaady have True/False stored in variables logger.QUIET = args.quiet logger.VERBOSE = args.verbose if args.ports: p = [] ports = args.ports if "-" in ports: try: start = int(ports.split('-')[0]) end = int(ports.split('-')[1]) for port in range(start, end+1): p.append(port) except: print('failed to split on "-"') quit() elif "," in args.ports: ports = [int(n) for n in args.ports.split(",")] p = ports elif len(args.ports) > 0 and "-" not in args.ports and "," not in args.ports: try: p.append(int(args.ports)) except ValueError: print('Please specify an port number') quit() else: p = [53, 88, 139, 445, 464] if args.ports: logger.verbose('Ports configuration: '+str(p)) logger.verbose('Username: '******'WORKGROUP' logger.verbose('Domain: '+logger.YELLOW(domain)) logging.debug('Trying to get targets..') hosts = get_targets(args.target) # all possible hosts logging.debug('Got targets..') logging.debug('Proceeding to hosts discovery..') if args.mode != None: if args.mode.upper() == 'ICMP': logger.verbose('Discovery mode set to ICMP') alive_hosts = thread_pool.map(icmp_scan, hosts) # all hosts that respond to icmp logging.debug('Hosts list: {}'.format(alive_hosts)) elif args.mode.upper() == 'PORTS': logger.verbose('Discovery mode set to ports') port_scan_fixed = partial(port_scan, ports = p) alive_hosts = thread_pool.map(port_scan_fixed, hosts) logging.debug('Hosts list: {}'.format(alive_hosts)) elif args.mode.upper() == 'SKIP': logger.verbose('Discovery mode set to skip, scanning all {} hosts'.format( logger.YELLOW(str(len(hosts))))) alive_hosts = hosts else: logger.red( 'Unknown option for -m! Only PORTS, SKIP and ICMP can be used!') quit() else: logger.verbose('No discovery mode set, defaulting to ICMP') alive_hosts = icmp_scan(hosts) # all hosts that respond to icmp logging.debug('All alive hosts are discovered..') # create an empty list that will store all the Host objects enumerated_hosts = [] logging.debug('Processing hosts enumeration...') # for every host, do some enum enumerated_hosts = thread_pool.map(hosts_enumeration, alive_hosts) logging.debug('Enumeration finished..') if args.output: outfile_name = args.output clean_output(outfile_name) for host in enumerated_hosts: # for every host object, pass the attributes to output() output(outfile_name, host.ip, host.name, host.null_sessions, host.shares)
def main(): pool = ThreadPool(processes=args.threads) logger.VERBOSE = args.verbose logger.LIVE = args.live start_time=strftime("%H:%M:%S", gmtime()) filetypes=['txt','csv','html','all'] if args.format: if args.format.lower() not in filetypes: logger.red('Did not understand the format supplied: [{}]'.format(logger.RED(args.format))) quit() if args.ports: p = [] ports = args.ports if "-" in ports: try: start = int(ports.split('-')[0]) end = int(ports.split('-')[1]) for port in range(start, end+1): p.append(port) except: print('failed to split on "-"') quit() elif "," in args.ports: ports = [int(n) for n in args.ports.split(",")] p = ports elif len(args.ports) > 0 and "-" not in args.ports and "," not in args.ports: try: p.append(int(args.ports)) except ValueError: print('Please specify an port number') quit() else: p = [53, 88, 139, 445, 464] if args.ports: logger.verbose('Ports configuration: '+str(p)) target = args.target # to be replaced with argparse hosts = get_targets(target) # all possible hosts scan_type=args.enumerate logger.blue('Target: [{}]'.format(logger.BLUE(target))) logger.blue('Found {} target(s)'.format(logger.BLUE(str(len(hosts))))) if scan_type == None: logger.blue('Scan type: [{}]'.format(logger.BLUE('default'))) else: logger.blue('Scan type: [{}]'.format(logger.BLUE(scan_type))) if args.ports: logger.blue('Ports given: [{}]'.format(logger.BLUE(args.ports))) logger.blue('Port count: [{}]'.format(logger.BLUE(str(len(p))))) username,password=cred_split(args.credentials) if username and password: logger.blue('Username: [{}]'.format(logger.BLUE(username))) logger.blue('Password: [{}]'.format(logger.BLUE(password))) if args.domain: domain=args.domain else: domain='WORKGROUP' logger.blue('Domain: [{}]'.format(logger.BLUE(domain))) logger.header('SCANNING') logger.blue('Start time: '+logger.BLUE(start_time)) if args.mode != None: if args.mode.upper() == 'ICMP': logger.verbose('Discovery mode set to ICMP') # alive_hosts = icmp_scan(hosts) # all hosts that respond to icmp alive_hosts = pool.map(icmp_scan, hosts) elif args.mode.upper() == 'PORTS': logger.verbose('Discovery mode set to ports') # alive_hosts = port_scan(hosts, p) alive_hosts = pool.map(partial(port_scan, hosts), p) elif args.mode.upper() == 'SKIP': logger.verbose('Discovery mode set to skip, scanning all {} hosts'.format(logger.YELLOW(str(len(hosts))))) alive_hosts = hosts else: logger.red('Unknown option for -m! Only skip, port and icmp can be used!') quit() else: logger.verbose('No discovery mode set, skipping') alive_hosts = hosts # all hosts that respond to icmp #Before enumeration, this just fixes some weird errors. Somehow the ports function returns a list and stores it a list. Like: [[]]. The next two lines fix that #and then removes any empties. alive_hosts=[''.join(x) for x in alive_hosts] #join into one list alive_hosts=list(filter(None, alive_hosts))#remove empties alive_hosts=list(set(alive_hosts))#removes duplicates # create an empty list that will store all the Host objects enumerated_hosts = [] # for every host, do some enum; this could probably be done with multiprocessing if args.enumerate != None: if args.enumerate.lower() == 'null': pass elif args.enumerate.lower() == 'shares': pass else: logger.red('Unknown option for -e! Only null and shares can be used!') quit() enumerated_hosts = pool.map(hosts_enumeration, alive_hosts) end_time=strftime("%H:%M:%S", gmtime()) logger.blue('End time: '+logger.BLUE(end_time)) logger.header('RESULTS') results_parse(results_cache, scan_type) if args.output: outfile_name=args.output if args.format: outfo=args.format.lower() if outfo== 'txt': clean_output(outfile_name) output(results_cache,outfile_name,scan_type) elif outfo == 'csv': clean_output(outfile_name) csv_output(results_cache,outfile_name,scan_type) elif outfo == 'html': clean_output(outfile_name) html_output(results_cache,outfile_name,scan_type) elif outfo == 'all': try: outfile_name=outfile_name.split('.')[0] except: outfile_name=outfile_name clean_output(outfile_name) output(results_cache,outfile_name+'.txt',scan_type) csv_output(results_cache,outfile_name+'.csv',scan_type) html_output(results_cache,outfile_name+'.html',scan_type) else: clean_output(outfile_name) output(results_cache,outfile_name,scan_type)
def parse_users(data,userdata_per_page,total_employees): cookie = data.cookie company_id = data.company_id email_format = data.email_format keyword = data.keyword domain = data.domain validation = data.validation api_key = data.api_key validation_count = 0 logger.debug(str(vars(data))) # For every page, do some parsing. if domain.startswith('@'): domain=domain else: domain='@'+domain users = [] if validation: print() logger.yellow('Starting Validation') for user_data in userdata_per_page: for d in user_data['elements'][0]['elements']: #This goes one user at a time validation_count += 1 for user_data in userdata_per_page: for d in user_data['elements'][0]['elements']: #This goes one user at a time if 'com.linkedin.voyager.search.SearchProfile' in d['hitInfo'] and d['hitInfo']['com.linkedin.voyager.search.SearchProfile']['headless'] == False: try: industry = d['hitInfo']['com.linkedin.voyager.search.SearchProfile']['industry'] logger.debug(industry) except: industry = "" raw_firstname = d['hitInfo']['com.linkedin.voyager.search.SearchProfile']['miniProfile']['firstName'] raw_surname = d['hitInfo']['com.linkedin.voyager.search.SearchProfile']['miniProfile']['lastName'] profile_url = "https://www.linkedin.com/in/%s" % d['hitInfo']['com.linkedin.voyager.search.SearchProfile']['miniProfile']['publicIdentifier'] occupation = d['hitInfo']['com.linkedin.voyager.search.SearchProfile']['miniProfile']['occupation'] location = d['hitInfo']['com.linkedin.voyager.search.SearchProfile']['location'] try: role_data=d['hitInfo']['com.linkedin.voyager.search.SearchProfile']['snippets'][0]['heading']['text'] try: current_role=role_data.split(' at ')[0] current_company=role_data.split(' at ')[1] except: current_company=None current_role=occupation except: try: current_company=occupation.split(' at ')[1] current_role=occupation.split(' at ')[0] except: current_company=None current_role=occupation name_data=[raw_firstname,raw_surname] logger.debug(str(name_data)) name_scheme=naming_scheme.names(name_data) firstname=name_scheme[0] middlename=name_scheme[1] surname=name_scheme[2] fullname=name_scheme[3] name_data=[firstname,middlename,surname] email_scheme=naming_scheme.emails(name_data,email_format,domain) email = email_scheme try: datapoint_1=d['hitInfo']['com.linkedin.voyager.search.SearchProfile']['miniProfile']['picture']['com.linkedin.common.VectorImage']['rootUrl'] datapoint_2=d['hitInfo']['com.linkedin.voyager.search.SearchProfile']['miniProfile']['picture']['com.linkedin.common.VectorImage']['artifacts'][2]['fileIdentifyingUrlPathSegment'] picture=datapoint_1+datapoint_2 logger.debug(picture) except: picture = None if validation != None: validation_count-=1 if validation == 'o365': validated=o365_validation.validate(email) elif validation == 'hunter': validated=hunter_validation.validate(email,api_key) if validated == 429: logger.red('You have exceeded your hunter API Requests.') quit() elif validated == 401: logger.red('The API Key specified recieved an %s error.' % 'authentication') quit() else: validated=False else: validated = False if validation: logger.verbose('%s emails remaining...' % logger.YELLOW(validation_count)) user=user_structure.User(profile_url,picture,firstname,middlename,surname,fullname,email,validated,current_role,current_company) users.append(user) if validation: logger.yellow('Validation finished!') print() return users