예제 #1
0
def Sublist3rScan(target):

    subdomains = sublist3r.main(target, 40, savefile=None, ports=None, silent=False, verbose=False,
                                enable_bruteforce=False, engines=None)
    print("{} Sublist3rScan Scan End ~".format(target))
    for temp_sub in subdomains:
        config.sub_queue.put(temp_sub)
    print("{} Sublist3r Save queue End ~".format(target))
    return
예제 #2
0
def main():
    parser = argparse.ArgumentParser()
    parser.add_argument('-f', '--file', type=str, required=False)
    parser.add_argument('-t',
                        '--threads',
                        type=int,
                        required=False,
                        default=10)
    parser.add_argument('-a', '--alexa', type=int, required=False)
    parser.add_argument('-d', '--domain', type=str, required=False)
    args = parser.parse_args()
    threads = args.threads
    top = args.alexa
    file = args.file
    domain = args.domain
    my_queue = queue.Queue()
    if file:
        with open(file, 'r') as f:
            for d in f:
                d = d.rstrip()
                if d:
                    my_queue.put(d)
    elif domain:
        subdomains = []
        subdomains = sublist3r.main(domain,
                                    threads,
                                    savefile=None,
                                    ports=None,
                                    silent=False,
                                    verbose=False,
                                    enable_bruteforce=False,
                                    engines=None)
        for i in subdomains:
            print(i)
            my_queue.put(i)
    elif alexa:
        results = alexa.top_list(top)
        for i in results:
            for r in i:
                r = str(r)
                if not r.isdigit():
                    my_queue.put(r)
    else:
        print("No Input Detected!")
        sys.exit()
    print("---------------------------------------------------------")
    print("Starting search for frontable domains...")
    # spawn a pool of threads and pass them queue instance
    for i in range(threads):
        t = ThreadLookup(my_queue)
        t.setDaemon(True)
        t.start()

    my_queue.join()
    print("")
    print("Search complete!")
예제 #3
0
 def get_subdomains(self):
     subdomains = sublist3r.main(self.asset_path,
                                 40,
                                 '/tmp/sublister_{}'.format(
                                     self.scan_object.date),
                                 ports=None,
                                 silent=True,
                                 verbose=True,
                                 enable_bruteforce=False,
                                 engines=None)
     self.subdomains = subdomains
     return subdomains
예제 #4
0
def find_domains(args):
    """Use Sublist3r to scan and find as many subdomains as possible.

    @param: ags Arguments object from argparse.
    @return: List of domains found by Sublist3r.

    """
    domains = [args.domain]
    domains.extend(sublist3r.main(args.domain, 30, False, None, \
    not args.verbose, args.verbose, False, \
    'Baidu,Yahoo,Google,Bing,Ask,Netcraft,Virustotal,SSL'))
    return domains
예제 #5
0
def subdomain(subdomains):
    print "search subdomains:\n"
    sub_file = "sublist/" + subdomains + ".txt"
    sub = sublist3r.main(subdomains,
                         40,
                         sub_file,
                         ports=None,
                         silent=False,
                         verbose=False,
                         enable_bruteforce=False,
                         engines=None)
    print LINE
    time.sleep(2)
예제 #6
0
def main():
    parser = argparse.ArgumentParser()
    parser.add_argument('-f', '--file', type=str, required=False)
    parser.add_argument('-t',
                        '--threads',
                        type=int,
                        required=False,
                        default=10)
    parser.add_argument('-d', '--domain', type=str, required=False)
    parser.add_argument('-c', '--check', type=str, required=False)
    args = parser.parse_args()
    threads = args.threads
    check = args.check
    file = args.file
    domain = args.domain
    queue = Queue.Queue()
    if file:
        with open(file, 'r') as f:
            for d in f:
                d = d.rstrip()
                if d:
                    queue.put(d)
    elif check:
        queue.put(check)
    elif domain:
        subdomains = []
        subdomains = sublist3r.main(domain,
                                    threads,
                                    savefile=None,
                                    ports=None,
                                    silent=False,
                                    verbose=False,
                                    enable_bruteforce=False,
                                    engines=None)
        for i in subdomains:
            print i
            queue.put(i)
    else:
        print "No Input Detected!"
        sys.exit()
    print "---------------------------------------------------------"
    print "Starting search for frontable domains..."
    # spawn a pool of threads and pass them queue instance
    for i in range(threads):
        t = ThreadLookup(queue)
        t.setDaemon(True)
        t.start()

    queue.join()
    print ""
    print "Search complete!"
예제 #7
0
def main():
    parser = argparse.ArgumentParser()
    parser.add_argument('-f', '--file', type=str, required=False)
    parser.add_argument('-t', '--threads', type=int, required=False, default=10)
    parser.add_argument('-d', '--domain', type=str, required=False)
    parser.add_argument('-c', '--check', type=str, required=False)
    args = parser.parse_args()
    threads =  args.threads
    check=args.check
    file = args.file
    domain = args.domain

    from colorama import init
    init(strip=not sys.stdout.isatty()) # strip colors if stdout is redirected
    from termcolor import cprint 
    from pyfiglet import figlet_format

    cprint(figlet_format('Find'))
    cprint(figlet_format('Frontable'))
    cprint(figlet_format('Domains'))


    q = queue.Queue()
    if file:
        with open(file, 'r') as f:
            for d in f:
                d = d.rstrip()
                if d:
                    q.put(d)   
    elif check:
        q.put(check)       
    elif domain:
        subdomains = []
        subdomains = sublist3r.main(domain, threads, savefile=None, ports=None, silent=False, verbose=False, enable_bruteforce=False, engines=None)
        for i in subdomains:
            print(i)
            q.put(i)
    else:
        print("No Input Detected!")
        sys.exit()
    print("---------------------------------------------------------")
    print("Starting search for frontable domains...")
    # spawn a pool of threads and pass them queue instance
    for i in range(threads):
        t = ThreadLookup(q)
        t.setDaemon(True)
        t.start()
    
    q.join()
    print("")
    print("Search complete!")
예제 #8
0
def Sublist3rScan(target):
    print(
        f"{Hx_config.yellow}{target} Sublist3rScan Scan Start ~{Hx_config.end}"
    )
    subdomains = sublist3r.main(target,
                                40,
                                savefile=None,
                                ports=None,
                                silent=False,
                                verbose=False,
                                enable_bruteforce=False,
                                engines=None)
    print(
        f"{Hx_config.yellow}{target} Sublist3rScan Scan End ~{Hx_config.end}")
    for temp_sub in subdomains:
        Hx_config.sub_queue.put(temp_sub)
    print(
        f"{Hx_config.yellow}{target} Sublist3r Save queue End ~{Hx_config.end}"
    )
    print(
        f"{Hx_config.green}Sublist3r 结束 !当前的url个数为{Hx_config.sub_queue.qsize()}{Hx_config.end}"
    )
    return
예제 #9
0
 def runSublist3r(self, domain, subDomains):
     #Sublister enumeration
     sublisterOutput = sublist3r.main(domain, 30, None, None, False, False,
                                      False, None)
     for strDomain in sublisterOutput:
         subDomains.append(strDomain)
예제 #10
0
def main():
    """
    Main function block that parses command line arguments.
    """
    usage = "usage: %prog -d domain.com [-f keywords.txt -r region1,region2 -b" + \
     "-t 30 -g keyword_file.txt -s [--subbrute]]"
    parser = OptionParser(usage)

    parser.add_option("-f",
                      "--file",
                      dest="filename",
                      help="Read affixes from FILENAME.")
    parser.add_option(
        "-r",
        "--regions",
        dest="regions",
        default="all",
        help="Comma separated list " +
        "of regions to query for bucket names. Default is all. Must be one or more of:"
        + "{}".format(", ".join(S3_REGIONS)))
    parser.add_option("-b",
                      "--brute",
                      dest="brute",
                      action="store_true",
                      help="Use default brute force list in Buckets.txt")
    parser.add_option("-t",
                      "--threads",
                      dest="threads",
                      type="int",
                      default=6,
                      help="Max number of threads, default is 6.")
    parser.add_option(
        "-g",
        "--grep",
        dest="grep",
        help=
        "Will recursively list files from buckets (when listable) and grep " +
        "for keywords FILENAME. Ex: -g sensitive_keywords.txt")
    parser.add_option(
        "--sublist3r",
        dest="sublister",
        action="store_true",
        default=False,
        help="Retrieve list of subdomains and use this to query against S3.")
    parser.add_option(
        "--subbrute",
        dest="subbrute",
        action="store_true",
        default=False,
        help="Enable sublist3r's subbrute module when querying for subdomains."
    )
    parser.add_option("-d",
                      "--domain",
                      dest="domain",
                      help="Base domain to be queried against.")
    parser.add_option("-v",
                      "--verbose",
                      dest="verbose",
                      action="store_true",
                      help="Enable debug messages in logs.")

    (options, args) = parser.parse_args()

    # Begin option parsing brick

    # Set logging
    if options.verbose:
        logging.getLogger().setLevel(level=logging.DEBUG)

    # Check regions passed are valid
    regions = check_region_choice(options.regions)

    # List of affixes to append to domain.com and domain in the form of
    # affix.domain.com and affix-domain
    affixes = []

    # Subdomain var to keep track of sublist3r results.
    subdomains = []

    if not options.domain:
        print(
            "No argument -d (--domain) given. Please give a domain name, such as -d google.com"
        )
        exit(1)

    # Read default keyword list if bruteforcing
    if options.brute:
        with open("Buckets.txt", "r") as f:
            affixes += [x.strip() for x in f.readlines()]

    # Read filename of user-provided keywords
    if options.filename:
        with open(options.filename, "r") as f:
            affixes += [x.strip() for x in f.readlines()]

    if options.sublister:
        from Sublist3r import sublist3r
        subdomains = sublist3r.main(options.domain,
                                    30,
                                    None,
                                    None,
                                    False,
                                    verbose=True,
                                    enable_bruteforce=options.subbrute,
                                    engines=None)

    buckets = create_bucket_list(options.domain, affixes=affixes)

    for subdomain in subdomains:
        subucks = create_bucket_list(subdomain, affixes=affixes)
        buckets = buckets.union(subucks)

    for region in regions:
        for bucket in buckets:
            bucket_q.put((region, bucket))

    print(
        "Generated {} bucket permutations. Beginning search across {} regions."
        .format(len(buckets), len(regions)))
    print()

    global bucket_q_size
    bucket_q_size = bucket_q.qsize()

    for i in range(options.threads):
        t = Thread(target=bucket_worker, args=())
        t.daemon = True
        t.start()

    bucket_q.join()

    print()
    print("[+] Results:")
    print("\t{}Number of Buckets that Exist: {}{}".format(
        Y, len(bucketlist['exists']), W))
    print("\t{}Number of Buckets that are Listable: {}{}".format(
        G, len(bucketlist['listable']), W))

    if options.grep and bucketlist['listable']:
        print("[.] Grepping for keywords in listable buckets from {}".format(
            options.grep))
        with open(options.grep, 'r') as f:
            keywords = [x.strip().lower() for x in f.readlines() if x.strip()]
        for domain, region in bucketlist['listable']:
            cmd = "aws s3 ls s3://{}/ --region {} --recursive".format(
                domain, region)
            cmd = cmd.split(" ")
            with open(devnull, 'w') as FNULL:
                output = check_output(cmd, stderr=FNULL)
            output = output.lower()
            if any(x in output for x in keywords):
                print("[!] Found sensitive file on bucket {} in region {}".
                      format(domain, region))
예제 #11
0
def find_domains(domain, verbose):
    hosts = [domain]
    hosts.extend(
        s3.main(domain, 30, False, None, not verbose, verbose, False,
                'Baidu,Yahoo,Google,Bing,Ask,Netcraft,Virustotal,SSL'))
    return hosts
예제 #12
0
파일: bot.py 프로젝트: shamboli/monty-recon 
def subdomain_inspection(host, room):
    # hardcoding engine power for now
    engine_power = 'light'

    # engine power: light, medium and very slow
    if engine_power == str('light'):
        engine_list = 'google,yahoo,bing,ask,netcraft,virustotal,threatcrowd'
        bf = False
    elif engine_power == str('medium'):
        engine_list = 'google,yahoo,bing,ask,netcraft,dnsdumpster,virustotal,threatcrowd'
        bf = False
    elif engine_power == str('very_slow'):
        engine_list = 'google,yahoo,bing,ask,netcraft,dnsdumpster,virustotal,threatcrowd,baidu'
        bf = True
        # print that this is going to take forever
    else:
        return False

    # enumerate subdomain information
    try:
        domain_results = sublist3r.main(host,
                                        200,
                                        None,
                                        ports=None,
                                        silent=True,
                                        verbose=False,
                                        enable_bruteforce=bf,
                                        engines=engine_list)
        print(domain_results)
        # return results
    except Exception as e:
        return str(e)

    port_results = []
    ports_to_test = [80, 443]
    # try to do some basic port checking
    room.send_html(
        '<blockquote>Subdomain enumeration complete for {}. Port inspection initiated.</blockquote>'
        .format(host))
    print('- performing subdomain port inspection for host {}'.format(host))
    total_results = len(domain_results)
    current_iteration = 0
    percent_flag = 0

    for result in domain_results:
        port_result_holder = []

        port = randint(27000, 28000)
        for port in ports_to_test:
            try:
                ps = IP(dst=result) / TCP(sport=port, dport=port)
                sr = sr1(ps, timeout=1, verbose=0)
                if sr:
                    port_result_holder.append(str(port))
                else:
                    port_result_holder.append('0')
            except Exception as e:
                print('port check error: {}'.format(str(e)))
                port_result_holder.append('0')

        port_results.append(port_result_holder)

        current_percent = (current_iteration / total_results) * 100
        rounded_percent = 5 * round(current_percent / 5)
        if (int(rounded_percent) == 25) and (percent_flag == 0):
            room.send_html(
                '<pre><code>{} percent complete: {}%.</pre></code>'.format(
                    str(host), str(current_percent)))
            percent_flag += 1
        elif (int(rounded_percent) == 50) and (percent_flag == 1):
            room.send_html(
                '<pre><code>{} percent complete {}%.</pre></code>'.format(
                    str(host), str(current_percent)))
            percent_flag += 1
        elif (int(rounded_percent) == 75) and (percent_flag == 2):
            room.send_html(
                '<pre><code>{} percent complete {}%.</pre></code>'.format(
                    str(host), str(current_percent)))
            percent_flag += 1

        print('Rounded {}, Current {}, % flag {}'.format(
            rounded_percent, current_percent, percent_flag))
        current_iteration += 1

    print('- subdomain port inspection completed for host {}'.format(host))
    # combine the lists
    results = {}
    results['domains'] = domain_results
    results['port_results'] = port_results

    return results
예제 #13
0
        for row in sorted(domain.OK, key=sublist3r.subdomain_sorting_key):
            print('\t<target host="{0}" />'.format(row))
        print('</ruleset>\n')


if __name__ == '__main__':
    tDomain = input('domain: ')

    print('Checking preloading...')
    preload = json.loads(
        urllib.request.urlopen('https://hstspreload.com/api/v1/status/' +
                               tDomain).read().decode())
    try:
        for browser in ('chrome', 'firefox', 'tor'):
            if preload[browser]['present'] and preload[browser][
                    'include_subdomains']:
                exit('Domain preloaded.')
    except TypeError:
        pass

    subdomains = tuple(
        sublist3r.main(domain=tDomain,
                       threads=30,
                       savefile=None,
                       ports=None,
                       silent=False,
                       verbose=True,
                       enable_bruteforce=False,
                       engines=None))
    Check(subdomains).start()