def main_intel_amt(url, agent=None, proxy=None):
proxy = proxy_string_to_dict(proxy) or None
agent = agent or DEFAULT_USER_AGENT
logger.info(
set_color(
"attempting to connect to '{}' and get hardware info...".format(
url)))
try:
json_data = __get_hardware(url, agent=agent, proxy=proxy)
if json_data is None:
logger.error(
set_color("unable to get any information, skipping...",
level=40))
pass
else:
print("-" * 40)
for key in json_data.keys():
print("{}:".format(str(key).capitalize()))
for item in json_data[key]:
print(" - {}: {}".format(item.capitalize(),
json_data[key][item]))
print("-" * 40)
except Exception as e:
if "Temporary failure in name resolution" in str(e):
logger.error(
set_color("failed to connect on '{}', skipping...".format(url),
level=40))
pass
else:
logger.exception(
set_color(
"ran into exception '{}', cannot continue...".format(e)))
fix_log_file()
request_issue_creation()
def perform_port_scan(url,
ports=None,
scanner=NmapHook,
verbose=False,
opts=None,
**kwargs):
"""
main function that will initalize the port scanning
"""
url = url.strip()
logger.info(
set_color(
"attempting to find IP address for hostname '{}'...".format(url)))
found_ip_address = socket.gethostbyname(url)
logger.info(
set_color("found IP address for given URL -> '{}'...".format(
found_ip_address)))
if verbose:
logger.debug(set_color("checking for nmap on your system...",
level=10))
nmap_exists = find_nmap(verbose=verbose)
if nmap_exists:
if verbose:
logger.debug(
set_color(
"nmap has been found under '{}'...".format(nmap_exists),
level=10))
logger.info(
set_color("starting port scan on IP address '{}'...".format(
found_ip_address)))
try:
data = scanner(found_ip_address, ports=ports, opts=opts)
json_data = data._get_all_info()
data.show_open_ports(json_data)
file_path = data.send_to_file(json_data)
logger.info(
set_color(
"port scan completed, all data saved to JSON file under '{}'..."
.format(file_path)))
except KeyError:
logger.fatal(
set_color("no port information found for '{}({})'...".format(
url, found_ip_address),
level=50))
except Exception as e:
logger.exception(
set_color(
"ran into exception '{}', cannot continue quitting...".
format(e),
level=50))
request_issue_creation()
pass
else:
logger.fatal(
set_color(
"nmap was not found on your system, please install it...",
level=50))
def request_issue_creation():
question = prompt(
"would you like to create an anonymous issue and post it to Zeus's Github",
opts="yN")
if question.lower().startswith("n"):
logger.error(
set_color(
"Zeus has experienced an internal error and cannot continue, shutting down...",
level=40))
shutdown()
fix_log_file()
logger.info(
set_color(
"Zeus got an unexpected error and will automatically create an issue for this error, please wait..."
))
def __extract_stacktrace(file_data):
logger.info(set_color("extracting traceback from log file..."))
retval, buff_mode, _buffer = [], False, ""
with open(file_data, "r+") as log:
for line in log:
if "Traceback" in line:
buff_mode = True
if line and len(line) < 5:
buff_mode = False
retval.append(_buffer)
_buffer = ""
if buff_mode:
if len(line) > 400:
line = line[:400] + "...\n"
_buffer += line
return "".join(retval)
logger.info(set_color("getting authorization..."))
encoded = __get_encoded_string()
n = get_decode_num(encoded)
token = decode(n, encoded)
current_log_file = get_latest_log_file(CURRENT_LOG_FILE_PATH)
stacktrace = __extract_stacktrace(current_log_file)
issue_title = stacktrace.split("\n")[-2]
issue_data = {
"title":
issue_title,
"body":
"Zeus version:\n`{}`\n\n"
"Error info:\n```{}````\n\n"
"Running details:\n`{}`\n\n"
"Commands used:\n`{}`\n\n"
"Log file info:\n```{}```".format(VERSION, str(stacktrace),
str(platform.platform()),
" ".join(sys.argv),
open(current_log_file).read()),
}
_json_data = json.dumps(issue_data)
if sys.version_info > (3, ):
_json_data = _json_data.encode("utf-8")
try:
req = urllib2.Request(
url="https://api.github.com/repos/ekultek/zeus-scanner/issues",
data=_json_data,
headers={"Authorization": "token {}".format(token)})
urllib2.urlopen(req, timeout=10).read()
logger.info(
set_color(
"issue has been created successfully with the following name '{}'..."
.format(issue_title)))
except Exception as e:
logger.exception(
set_color("failed to auto create the issue, got exception '{}', "
"you may manually create an issue...".format(e),
level=50))
search_engine = __config_search_engine(verbose=opt.runInVerbose)
try:
# use a personal dork as the query
if opt.dorkToUse is not None:
logger.info(set_color(
"starting dork scan with query '{}'...".format(opt.dorkToUse)
))
try:
search.parse_search_results(
opt.dorkToUse, search_engine, verbose=opt.runInVerbose, proxy=proxy_to_use,
agent=agent_to_use
)
except Exception as e:
logger.exception(set_color(
"ran into exception '{}'...".format(e), level=50
))
fix_log_file()
request_issue_creation()
pass
urls_to_use = get_latest_log_file(URL_LOG_PATH)
if opt.runSqliScan or opt.runPortScan or opt.intelCheck or opt.adminPanelFinder or opt.runXssScan:
with open(urls_to_use) as urls:
for url in urls.readlines():
__run_attacks(
url.strip(),
sqlmap=opt.runSqliScan, nmap=opt.runPortScan, intel=opt.intelCheck, xss=opt.runXssScan,
admin=opt.adminPanelFinder, given_path=opt.givenSearchPath,
auto=opt.autoStartSqlmap, verbose=opt.runInVerbose, batch=opt.runInBatch
)
def parse_search_results(query,
url,
verbose=False,
dirname="{}/log/url-log",
filename="url-log-{}.log",
**kwargs):
"""
Parse a webpage from Google for URL's with a GET(query) parameter
"""
exclude = "google" or "webcache" or "youtube"
create_dir(dirname.format(os.getcwd()))
full_file_path = "{}/{}".format(
dirname.format(os.getcwd()),
filename.format(len(os.listdir(dirname.format(os.getcwd()))) + 1))
def __get_headers():
try:
proxy_string = kwargs.get("proxy")
except:
pass
try:
user_agent = kwargs.get("agent")
except:
pass
return proxy_string, user_agent
if verbose:
logger.debug(
set_color("checking for user-agent and proxy configuration...",
level=10))
proxy_string, user_agent = __get_headers()
if proxy_string is None:
proxy_string = None
else:
proxy_string = proxy_string_to_dict(proxy_string)
if user_agent is None:
user_agent = DEFAULT_USER_AGENT
else:
user_agent = user_agent
user_agent_info = "adjusting user-agent header to {}..."
if user_agent is not DEFAULT_USER_AGENT:
user_agent_info = user_agent_info.format(user_agent.strip())
else:
user_agent_info = user_agent_info.format(
"default user agent '{}'".format(DEFAULT_USER_AGENT))
proxy_string_info = "setting proxy to {}..."
if proxy_string is not None:
proxy_string_info = proxy_string_info.format(
''.join(proxy_string.keys()) + "://" +
''.join(proxy_string.values()))
else:
proxy_string_info = "no proxy configuration detected..."
headers = {"Connection": "close", "user-agent": user_agent}
logger.info(set_color("attempting to gather query URL..."))
try:
query_url = get_urls(query,
url,
verbose=verbose,
user_agent=user_agent,
proxy=proxy_string)
except Exception as e:
if "WebDriverException" in str(e):
logger.exception(
set_color(
"it seems that you exited the browser, please allow the browser "
"to complete it's run so that Zeus can bypass captchas and API "
"calls",
level=50))
else:
logger.exception(
set_color(
"{} failed to gather the URL from search engine, caught exception '{}' "
"exception has been logged to current log file...".format(
os.path.basename(__file__),
str(e).strip()),
level=50))
shutdown()
logger.info(
set_color(
"URL successfully gathered, searching for GET parameters..."))
logger.info(set_color(proxy_string_info))
req = requests.get(query_url, proxies=proxy_string)
logger.info(set_color(user_agent_info))
req.headers.update(headers)
found_urls = URL_REGEX.findall(req.text)
retval = set()
for urls in list(found_urls):
for url in list(urls):
url = urllib.unquote(url)
if URL_QUERY_REGEX.match(url) and exclude not in url:
if type(url) is unicode:
url = str(url).encode("utf-8")
if verbose:
logger.debug(
set_color("found '{}'...".format(url), level=10))
retval.add(url.split("&")[0])
logger.info(
set_color("found a total of {} URL's with a GET parameter...".format(
len(retval))))
if len(retval) != 0:
logger.info(
set_color(
"saving found URL's under '{}'...".format(full_file_path)))
with open(full_file_path, "a+") as log:
for url in list(retval):
log.write(url + "\n")
else:
logger.critical(
set_color(
"did not find any usable URL's with the given query '{}' "
"using search engine '{}'...".format(query, url),
level=50))
shutdown()
return list(retval) if len(retval) != 0 else None
def check_for_admin_page(url,
exts,
protocol="http://",
show_possibles=False,
verbose=False):
possible_connections, connections = set(), set()
stripped_url = replace_http(url.strip())
for ext in exts:
ext = ext.strip()
true_url = "{}{}{}".format(protocol, stripped_url, ext)
if verbose:
logger.debug(set_color("trying '{}'...".format(true_url),
level=10))
try:
urlopen(true_url, timeout=5)
logger.info(
set_color(
"connected successfully to '{}'...".format(true_url)))
connections.add(true_url)
except HTTPError as e:
data = str(e).split(" ")
if verbose:
if "Access Denied" in str(e):
logger.warning(
set_color(
"got access denied, possible control panel found without external access on '{}'..."
.format(true_url),
level=30))
possible_connections.add(true_url)
else:
logger.error(
set_color(
"failed to connect got error code {}...".format(
data[2]),
level=40))
except Exception as e:
if verbose:
if "<urlopen error timed out>" or "timeout: timed out" in str(
e):
logger.warning(
set_color(
"connection timed out after five seconds "
"assuming won't connect and skipping...",
level=30))
else:
logger.exception(
set_color(
"failed to connect with unexpected error '{}'...".
format(str(e)),
level=50))
fix_log_file()
request_issue_creation()
possible_connections, connections = list(possible_connections), list(
connections)
data_msg = "found {} possible connections(s) and {} successful connection(s)..."
logger.info(
set_color(data_msg.format(len(possible_connections),
len(connections))))
if len(connections) != 0:
logger.info(set_color("creating connection tree..."))
create_tree(url, connections)
else:
logger.fatal(
set_color(
"did not find any successful connections to {}'s "
"admin page",
level=50))
if show_possibles:
if len(possible_connections) != 0:
logger.info(set_color("creating possible connection tree..."))
create_tree(url, possible_connections)
else:
logger.fatal(
set_color(
"did not find any possible connections to {}'s "
"admin page",
level=50))
def parse_search_results(query, url_to_search, verbose=False, **kwargs):
"""
Parse a webpage from Google for URL's with a GET(query) parameter
"""
exclude = ("www.google.com", "map.google.com", "mail.google.com",
"drive.google.com", "news.google.com", "accounts.google.com")
splitter = "&"
retval = set()
query_url = None
def __get_headers():
proxy_string, user_agent = None, None
try:
proxy_string = kwargs.get("proxy")
except:
pass
try:
user_agent = kwargs.get("agent")
except:
pass
return proxy_string, user_agent
if verbose:
logger.debug(
set_color("checking for user-agent and proxy configuration...",
level=10))
proxy_string, user_agent = __get_headers()
if proxy_string is None:
proxy_string = None
else:
proxy_string = proxy_string_to_dict(proxy_string)
if user_agent is None:
user_agent = DEFAULT_USER_AGENT
else:
user_agent = user_agent
user_agent_info = "adjusting user-agent header to {}..."
if user_agent is not DEFAULT_USER_AGENT:
user_agent_info = user_agent_info.format(user_agent.strip())
else:
user_agent_info = user_agent_info.format(
"default user agent '{}'".format(DEFAULT_USER_AGENT))
proxy_string_info = "setting proxy to {}..."
if proxy_string is not None:
proxy_string_info = proxy_string_info.format(
''.join(proxy_string.keys()) + "://" +
''.join(proxy_string.values()))
else:
proxy_string_info = "no proxy configuration detected..."
headers = {"Connection": "close", "user-agent": user_agent}
logger.info(set_color("attempting to gather query URL..."))
try:
query_url = get_urls(query,
url_to_search,
verbose=verbose,
user_agent=user_agent,
proxy=proxy_string)
except Exception as e:
if "WebDriverException" in str(e):
logger.exception(
set_color(
"it seems that you exited the browser, please allow the browser "
"to complete it's run so that Zeus can bypass captchas and API "
"calls",
level=50))
elif "'/usr/lib/firefoxdriver/webdriver.xpi'" in str(e):
logger.fatal(
set_color(
"firefox was not found in the default location on your system, "
"check your installation and make sure it is in /usr/lib, if you "
"find it there, restart your system and try again...",
level=50))
else:
logger.exception(
set_color(
"{} failed to gather the URL from search engine, caught exception '{}' "
"exception has been logged to current log file...".format(
os.path.basename(__file__),
str(e).strip()),
level=50))
request_issue_creation()
shutdown()
logger.info(
set_color(
"URL successfully gathered, searching for GET parameters..."))
logger.info(set_color(proxy_string_info))
req = requests.get(query_url, proxies=proxy_string)
logger.info(set_color(user_agent_info))
req.headers.update(headers)
found_urls = URL_REGEX.findall(req.text)
for urls in list(found_urls):
for url in list(urls):
url = unquote(url)
if URL_QUERY_REGEX.match(url) and not any(l in url
for l in exclude):
if isinstance(url, unicode):
url = str(url).encode("utf-8")
if "webcache" in url:
logger.info(
set_color(
"received webcache URL, extracting URL from webcache..."
))
url = extract_webcache_url(url)
if verbose:
try:
logger.debug(
set_color("found '{}'...".format(
url.split(splitter)[0]),
level=10))
except TypeError:
logger.debug(
set_color("found '{}'...".format(
str(url).split(splitter)[0]),
level=10))
except AttributeError:
logger.debug(
set_color("found '{}...".format(str(url)),
level=10))
retval.add(url.split("&")[0])
logger.info(
set_color("found a total of {} URL's with a GET parameter...".format(
len(retval))))
if len(retval) != 0:
write_to_log_file(retval, URL_LOG_PATH, "url-log-{}.log")
else:
logger.critical(
set_color(
"did not find any usable URL's with the given query '{}' "
"using search engine '{}'...".format(query, url_to_search),
level=50))
shutdown()
return list(retval) if len(retval) != 0 else None