def specific(options, module):
module = module.lower()
# checking the tool is installed right or not and exit
if 'health' in module:
health = healcheck.Healcheck(options)
if health.checking():
utils.print_good("All things look fine")
else:
utils.print_bad("Installing Osmedeus not correctly done")
utils.just_shutdown_flask(options)
sys.exit(0)
initials.Initials(options)
if 'sub' in module or 'subdomain' in module:
subdomain.SubdomainScanning(options)
takeover.TakeOverScanning(options)
screenshot.ScreenShot(options)
cors.CorsScan(options)
recon.Recon(options)
assetfinding.AssetFinding(options)
if 'ip' in module:
# Discovery IP space
ipspace.IPSpace(options)
if 'screen' in module:
# Discovery IP space
screenshot.ScreenShot(options)
if 'portscan' in module:
# scanning port, service and vuln with masscan and nmap
portscan.PortScan(options)
if 'headers' in module:
headers.HeadersScan(options)
if 'asset' in module:
assetfinding.AssetFinding(options)
if 'vuln' in module:
# scanning vulnerable service based on version
vulnscan.VulnScan(options)
if 'dir' in module:
# run blind directory brute force directly
dirbrute.DirBrute(options)
if 'brute' in module or 'force' in module:
# running brute force things based on scanning result
brutethings.BruteThings(options)
if 'git' in module:
gitscan.GitScan(options)
# if 'burp' in module:
# burpstate.BurpState(options)
conclusion.Conclusion(options)
def specific(options, module):
module = module.lower()
initials.Initials(options)
if 'sub' in module or 'subdomain' in module:
subdomain.SubdomainScanning(options)
takeover.TakeOverScanning(options)
screenshot.ScreenShot(options)
cors.CorsScan(options)
recon.Recon(options)
assetfinding.AssetFinding(options)
if 'ip' in module:
# Discovery IP space
ipspace.IPSpace(options)
if 'screen' in module:
# Discovery IP space
screenshot.ScreenShot(options)
if 'portscan' in module:
# scanning port, service and vuln with masscan and nmap
portscan.PortScan(options)
if 'headers' in module:
headers.HeadersScan(options)
if 'asset' in module:
assetfinding.AssetFinding(options)
if 'vuln' in module:
# scanning vulnerable service based on version
vulnscan.VulnScan(options)
if 'dir' in module:
# run blind directory brute force directly
dirbrute.DirBrute(options)
if 'brute' in module or 'force' in module:
# running brute force things based on scanning result
brutethings.BruteThings(options)
if 'git' in module:
gitscan.GitScan(options)
# if 'burp' in module:
# burpstate.BurpState(options)
conclusion.Conclusion(options)
def routine(options):
utils.print_good("Running with {0} speed".format(options['speed']))
#Finding subdomain
subdomain.SubdomainScanning(options)
#Scanning for subdomain take over
takeover.TakeOverScanning(options)
#Screen shot the target on common service
screenshot.ScreenShot(options)
#Scanning for CorsScan
cors.CorsScan(options)
#Discovery IP space
ipspace.IPSpace(options)
#SSL Scan
sslscan.SSLScan(options)
##### Note: From here the module gonna take really long time for scanning service and stuff like that
utils.print_info('This gonna take a while')
#Scanning all port using result from subdomain scanning and also checking vulnerable service based on version
portscan.PortScan(options)
#Starting vulnerable scan
vulnscan.VulnScan(options)
#Brute force service from port scan result
brutethings.BruteThings(options)
def normal(options):
utils.print_good("Running with {0} speed".format(options['SPEED']))
# Create skeleton json
initials.Initials(options)
# Finding subdomain
subdomain.SubdomainScanning(options)
# waiting for previous module
utils.just_waiting(options, 'SubdomainScanning')
# Scanning for subdomain take over
takeover.TakeOverScanning(options)
# Screen shot the target on common service
screenshot.ScreenShot(options)
# Recon
recon.Recon(options)
# Recon
assetfinding.AssetFinding(options)
# Scanning for CorsScan
cors.CorsScan(options)
# Discovery IP space
ipspace.IPSpace(options)
# SSL Scan
sslscan.SSLScan(options)
# Headers Scan
headers.HeadersScan(options)
# Note: From here the module gonna take really long time
# for scanning service and stuff like that
utils.print_info('This gonna take a while')
# Scanning all port using result from subdomain scanning
# and also checking vulnerable service based on version
portscan.PortScan(options)
# Directory scan
dirbrute.DirBrute(options)
# Starting vulnerable scan
vulnscan.VulnScan(options)
# brutethings.BruteThings(options)
conclusion.Conclusion(options)
def single_handle(options):
subdomain.SubdomainScanning(options)
probing.Probing(options)
# formatting.Formatting(options)
corscan.CORScan(options)
fingerprint.Fingerprint(options)
stoscan.StoScan(options)
screenshot.ScreenShot(options)
linkfinding.LinkFinding(options)
ipspace.IPSpace(options)
portscan.PortScan(options)
# vulnscan.VulnScan(options)
dirbscan.DirbScan(options)
def handle(options):
# input not a file just store it in default path
# # just for debug purpose
# print(options)
# return
if ',' in options.get('MODULES'):
modules = options.get('MODULES').split(',')
else:
modules = [options.get('MODULES')]
if utils.loop_grep(modules, 'subdomain'):
subdomain.SubdomainScanning(options)
# vhosts.VhostScan(options)
# permutation.PermutationScan(options)
probing.Probing(options)
screenshot.ScreenShot(options)
stoscan.StoScan(options)
fingerprint.Fingerprint(options)
if utils.loop_grep(modules, 'screen'):
screenshot.ScreenShot(options)
if utils.loop_grep(modules, 'fin'):
fingerprint.Fingerprint(options)
if utils.loop_grep(modules, 'link'):
linkfinding.LinkFinding(options)
if utils.loop_grep(modules, 'ip'):
ipspace.IPSpace(options)
if utils.loop_grep(modules, 'port'):
portscan.PortScan(options)
if utils.loop_grep(modules, 'vuln'):
vulnscan.VulnScan(options)
if utils.loop_grep(modules, 'git'):
gitscan.GitScan(options)
def single_handle(options, modules):
options['MODE'] = 'direct'
if utils.isFile(options.get('TARGET')):
targets = utils.just_read(options.get('TARGET'), get_list=True)
for target in targets:
options['TARGET'] = target
# run each line as a direct mode
if utils.loop_grep(modules, 'sub'):
subdomain.SubdomainScanning(options)
probing.Probing(options)
if utils.loop_grep(modules, 'screen'):
screenshot.ScreenShot(options)
if utils.loop_grep(modules, 'take'):
stoscan.StoScan(options)
def debug(options):
utils.print_good("Debug routine")
utils.print_good("Running with {0} speed".format(options['SPEED']))
# Create skeleton json
pprint(options)
initials.Initials(options)
# ##Finding subdomain
subdomain.SubdomainScanning(options)
# ####waiting for previous module
# utils.just_waiting(options, 'SubdomainScanning')
# recon.Recon(options)
# ###Screen shot the target on common service
screenshot.ScreenShot(options)
def handle(options):
# just for debug purpose
# print(options)
if ',' in options.get('MODULES'):
modules = options.get('MODULES').split(',')
else:
modules = [options.get('MODULES')]
# run each line as a direct mode
if utils.loop_grep(modules, 'sub'):
single_handle(options, modules)
return
formatting.Formatting(options)
# support direct list natively
if utils.loop_grep(modules, 'screen'):
screenshot.ScreenShot(options)
if utils.loop_grep(modules, 'takeover'):
stoscan.StoScan(options)
if utils.loop_grep(modules, 'fingerprint'):
fingerprint.Fingerprint(options)
if utils.loop_grep(modules, 'port'):
portscan.PortScan(options)
if utils.loop_grep(modules, 'vuln'):
vulnscan.VulnScan(options)
if utils.loop_grep(modules, 'git'):
gitscan.GitScan(options)
if utils.loop_grep(modules, 'dir'):
dirbscan.DirbScan(options)
if utils.loop_grep(modules, 'cors'):
corscan.CORScan(options)
if utils.loop_grep(modules, 'link'):
linkfinding.LinkFinding(options)
if utils.loop_grep(modules, 'ip'):
ipspace.IPSpace(options)
def routine(options):
#Finding subdomain
subdomain.SubdomainScanning(options)
#Scanning for subdomain take over
takeover.TakeOverScanning(options)
#Screen shot the target on common service
screenshot.ScreenShot(options)
##### Note: From here the module gonna take really long time for scanning service and stuff like that
utils.print_info('This gonna take a while')
#Scanning all port using result from subdomain scanning and also checking vulnerable service based on version
portscan.PortScan(options)
#Starting vulnerable scan
vulnscan.VulnScan(options)
#Brute force service from port scan result
brutethings.BruteThings(options)
def handle(options):
# input not a file just store it in default path
# just for debug purpose
# print(options)
# return
if ',' in options.get('MODULES'):
modules = options.get('MODULES').split(',')
else:
modules = [options.get('MODULES')]
formatting.Formatting(options)
# return
# run each line as a direct mode
if utils.loop_grep(modules, 'subdomain'):
single_handle(options, modules)
if utils.loop_grep(modules, 'link'):
single_handle(options, modules)
if utils.loop_grep(modules, 'ip'):
single_handle(options, modules)
# support direct list natively
if utils.loop_grep(modules, 'screen'):
screenshot.ScreenShot(options)
if utils.loop_grep(modules, 'takeover'):
stoscan.StoScan(options)
if utils.loop_grep(modules, 'fin'):
fingerprint.Fingerprint(options)
if utils.loop_grep(modules, 'port'):
portscan.PortScan(options)
if utils.loop_grep(modules, 'vuln'):
vulnscan.VulnScan(options)
if utils.loop_grep(modules, 'git'):
gitscan.GitScan(options)
def single_handle(options, modules):
options['MODE'] = 'direct'
if not utils.isFile(options.get('TARGET')):
targets = utils.just_read(options.get('TARGET'), get_list=True)
for target in targets:
options['TARGET'] = target
# run each line as a direct mode
if utils.loop_grep(modules, 'subdomain'):
subdomain.SubdomainScanning(options)
vhosts.VhostScan(options)
permutation.PermutationScan(options)
probing.Probing(options)
screenshot.ScreenShot(options)
stoscan.StoScan(options)
fingerprint.Fingerprint(options)
if utils.loop_grep(modules, 'link'):
linkfinding.LinkFinding(options)
if utils.loop_grep(modules, 'ip'):
ipspace.IPSpace(options)
def single_target(args):
print('{2}---<---<--{1}@{2} Target: {0} {1}@{2}-->--->---'.format(
args.target, P, G))
if args.target:
if args.output:
options['env']['OUTPUT'] = args.output
else:
options['env']['OUTPUT'] = args.target
#just loop in the for if the target list
options['target'] = args.target
options['env']['TARGET'] = args.target
options['env']['STRIP_TARGET'] = args.target.replace('https://',
'').replace(
'http://', '')
if '/' in options['env']['STRIP_TARGET']:
options['env']['STRIP_TARGET'] = options['env'][
'STRIP_TARGET'].split('/')[0]
if args.workspace:
if args.workspace[-1] == '/':
options['env']['WORKSPACE'] = args.workspace + options['env'][
'STRIP_TARGET']
else:
options['env']['WORKSPACE'] = args.workspace + '/' + options[
'env']['STRIP_TARGET']
else:
options['env'][
'WORKSPACE'] = current_path + '/workspaces/' + options['env'][
'STRIP_TARGET']
#create workspace folder for the target
utils.make_directory(options['env']['WORKSPACE'])
options['env']['IP'] = socket.gethostbyname(options['env']['TARGET'])
#run specific task otherwise run the normal routine
if args.module:
module = args.module
if 'subdomain' in module:
subdomain.SubdomainScanning(options)
takeover.TakeOverScanning(options)
screenshot.ScreenShot(options)
cors.CorsScan(options)
elif 'screenshot' in module:
screenshot.ScreenShot(options)
elif 'portscan' in module:
# scanning port, service and vuln with masscan and nmap
portscan.PortScan(options)
elif 'vuln' in module:
# scanning vulnerable service based on version
vulnscan.VulnScan(options)
elif 'git' in module:
gitscan.GitScan(options)
elif 'burp' in module:
burpstate.BurpState(options)
elif 'brute' in module or 'force' in module:
# running brute force things based on scanning result
brutethings.BruteThings(options)
elif 'ip' in module:
#Discovery IP space
ipspace.IPSpace(options)
elif 'dir' in module:
# run blind directory brute force directly
dirbrute.DirBrute(options)
else:
routine(options)
