async def paramspider(ctx, *, argument):
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
paramPath = TOOLS['paramspider']
await ctx.send(
"**Collecting Parameters Using ParamSpider, We Will Send The Results When It's Done**"
)
Process = subprocess.Popen(
f"python3 {paramPath}/paramspider.py -d {argument}",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
Output = Process.communicate()[0].decode('UTF-8')
Output = removeColors.Remove(Text=Output)
Output = Output.split('\n')
urlsList = []
for singleLine in Output:
if singleLine.startswith('http'):
urlsList.append(singleLine)
else:
pass
Output = '\n'.join(urlsList)
if len(Output) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(Output)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"ParamSpider Results: {URL_}")
else:
await ctx.send("**ParamSpider Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f'**ParamSpider Results:**')
await ctx.send(f'```{Output}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def dirsearch(ctx, *, argument):
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
Path = TOOLS['dirsearch']
MainPath = getcwd()
chdir(Path)
await ctx.send(
f"**Running Your Dirsearch Scan, We Will Send The Results When It's Done**"
)
Process = subprocess.Popen(
f'python3 dirsearch.py -u {argument} -e php,html,csv,sql,db,conf,cgi,log,aspx,ini -b',
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
Output = Process.communicate()[0].decode('UTF-8')
Output = removeColors.Remove(Output)
chdir(MainPath)
if len(Output) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(Output)
Message.close()
await ctx.send("Results: ",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f'Results:')
await ctx.send(f'```{Output}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def info(ctx, *, argument):
global logsItems
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
try:
subdomainsFile = logsItems[argument]
except Exception:
await ctx.send(
"**There's no subdomains has been collected for this target. please use** `.subdomains [TARGET]` **Then try again.**"
)
return
await ctx.send(
f"**Getting Subdomains Information (titles , status-codes, web-servers) for {argument} using httpx.**"
)
Process = subprocess.Popen(
f"cat data/subdomains/{subdomainsFile} | httpx -title -web-server -status-code -follow-redirects -silent",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
httpxResults = Process.communicate()[0].decode('UTF-8')
httpxResults = removeColors.Remove(Text=httpxResults)
if len(httpxResults) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(httpxResults)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"Httpx Results: {URL_}")
else:
await ctx.send("**Httpx Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f"**Httpx Results For {argument}:**")
await ctx.send(f'```{httpxResults}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def recon(ctx, *, argument):
if path.exists(f'/{USER}/{RECON_PATH}/{argument}'):
try:
Path = f'/{USER}/{RECON_PATH}/{argument}'.replace('//',
'/').replace(
'..', '')
Data = open(Path).read().rstrip()
Data = removeColors.Remove(Text=Data)
Message = f"""```{Data}```"""
except Exception:
Message = f"**Couldn't Find The Recon Data With This Path: {argument}**"
else:
Message = "**Sorry The Path You Added Doesn't Exists On Our Records**"
if len(Message) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as writerHere:
writerHere.write(Message)
writerHere.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"Recon Results: {URL_}")
else:
await ctx.send("**Recon Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f'{Message}')
async def arjun(ctx, *, argument):
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
await ctx.send(
f"**Running Your Arjun Scan, We Will Send The Results When It's Done**"
)
await ctx.send(
f"**Note: The Bot Won't Respond Until The Scan is Done. All Of Your Commands Now Will Be Executed After This Process is Done."
)
Process = subprocess.Popen(f'arjun -u {argument}',
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
Output = Process.communicate()[0].decode('UTF-8')
Output = removeColors.Remove(Output)
Output = removeString.removeString('Processing', Output=Output)
if len(Output) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(Output)
Message.close()
await ctx.send("**Arjun Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
targetName = argument.split(' ')[0].replace('http://', '').replace(
'https://', '')
await ctx.send(f'Arjun Results For {targetName}:')
await ctx.send(f'```{Output}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def subjack(ctx, *, argument):
global resolvedItems
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
try:
resolvedFile = resolvedItems[argument]
fileStr = randomStrings.Genrate()
except Exception:
await ctx.send(
"**There's no subdomains has been collected for this target. please use** `.subdomains [TARGET]` **Then try again.**"
)
return
await ctx.send(
f"**Scanning {argument} For Possible Subdomains Takeover Issues Using Subjack**"
)
Process = subprocess.Popen(
f"subjack -w data/hosts/{resolvedFile} -t 100 -timeout 30 -o data/subjack/{argument}-{fileStr}.subjack -ssl",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
subjackResults = Process.communicate()[0].decode('UTF-8')
subjackResults = removeColors.Remove(Text=subjackResults)
if subjackResults == '':
await ctx.send(f"**Subjack Couldn't Find Issue On {argument}**")
elif len(subjackResults) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(subjackResults)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"Subjack Results: {URL_}")
else:
await ctx.send("**Subjack Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f"**Subjack Results For {argument}:**")
await ctx.send(f'```{subjackResults}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def trufflehog(ctx, *, argument):
if not CommandInjection.commandInjection(RCE=RCE, argument=argument):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
# URL validation
urlHost = urlparse(argument).netloc
urlScheme = urlparse(argument).scheme
if urlHost != "github.com" and urlHost != "gitlab.com":
await ctx.send(
"**You're trying to scan unallowed URL, please use a github/gitlab URL.**"
)
return
if urlScheme not in ["http", "https"]:
await ctx.send(
"**You're trying to scan unallowed URL, please use a github/gitlab URL.**"
)
return
await ctx.send(
f"**Scanning {argument} for possible data leaks using truffleHog**")
Process = subprocess.Popen(
f"trufflehog --regex --entropy=False {argument}",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
Output = Process.communicate()[0].decode('UTF-8')
Output = removeColors.Remove(Text=Output)
if len(Output) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(Output)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"truffleHog Results: {URL_}")
else:
await ctx.send("**truffleHog Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
elif len(Output) == 0:
await ctx.send(f"**truffleHog couldn't find leaks on: {argument}**")
else:
await ctx.send(f'**truggleHog Results:**')
await ctx.send(f'```{Output}```')
await ctx.send(f"\n**- {ctx.message.author}**")
async def smuggler(ctx, *, argument):
global logsItems
if not CommandInjection.commandInjection(argument=argument, RCE=RCE):
await ctx.send(
"**Your Command Contains Unallowed Chars. Don't Try To Use It Again.**"
)
return
try:
subdomainsFile = logsItems[argument]
except Exception:
await ctx.send(
"**There's no subdomains has been collected for this target. please use** `.subdomains [TARGET]` **Then try again.**"
)
return
smugglerPath = TOOLS['smuggler']
await ctx.send(
f"**Scanning {argument} For HTTP Request Smuggling Issues Using Smuggler**"
)
if "http:" in argument or "https:" in argument:
Process = subprocess.Popen(
f"echo {argument} | python3 {smugglerPath}/smuggler.py",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
smugglerResults = Process.communicate()[0].decode('UTF-8')
else:
Process = subprocess.Popen(
f"cat data/subdomains/{subdomainsFile} | python3 {smugglerPath}/smuggler.py",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
smugglerResults = Process.communicate()[0].decode('UTF-8')
smugglerResults = removeColors.Remove(Text=smugglerResults)
if len(smugglerResults) > 2000:
RandomStr = randomStrings.Genrate()
with open(f'messages/{RandomStr}', 'w') as Message:
Message.write(smugglerResults)
Message.close()
messageSize = fileSize.getSize(filePath=f'messages/{RandomStr}')
if not messageSize:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
elif messageSize > 8:
URL_ = filesUploader.uploadFiles(
filePath=f'messages/{RandomStr}')
if not URL_:
await ctx.send(
"**There's Something Wrong On The Bot While Reading a File That's Already Stored. Check It.**"
)
return
else:
await ctx.send(f"Smuggler Results: {URL_}")
else:
await ctx.send("**Smuggler Results:**",
file=discord.File(f"messages/{RandomStr}"))
await ctx.send(f"\n**- {ctx.message.author}**")
else:
await ctx.send(f"**Smuggler Results For {argument}:**")
await ctx.send(f'```{smugglerResults}```')
await ctx.send(f"\n**- {ctx.message.author}**")