def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level, socks_proxy,
retries, methods_args, scan_id, scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(
target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6':
# rand useragent
user_agent_list = [
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5",
"Googlebot/2.1 ( http://www.googlebot.com/bot.html)",
"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04"
" Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13",
"Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)",
"Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51",
"Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620",
"Debian APT-HTTP/1.3 (0.8.10.3)",
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
"Googlebot/2.1 (+http://www.googlebot.com/bot.html)",
"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)",
"YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; "
"http://help.yahoo.com/help/us/shop/merchant/)",
"Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)",
"Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)",
"msnbot/1.1 (+http://search.msn.com/msnbot.htm)"
]
http_methods = ["GET", "HEAD"]
user_agent = {'User-agent': random.choice(user_agent_list)}
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement]
extra_requirements = new_extra_requirements
if extra_requirements["pma_scan_http_method"][0] not in http_methods:
warn(messages(language, "dir_scan_get"))
extra_requirements["pma_scan_http_method"] = ["GET"]
random_agent_flag = True
if extra_requirements["pma_scan_random_agent"][0] == "False":
random_agent_flag = False
threads = []
total_req = len(extra_requirements["pma_scan_list"])
thread_tmp_filename = '{}/tmp/thread_tmp_'.format(
load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
__log_into_file(thread_tmp_filename, 'w', '1', language)
trying = 0
if target_type(target) != "HTTP":
target = 'http://' + target
if test(target, retries, timeout_sec, user_agent,
extra_requirements["pma_scan_http_method"][0], socks_proxy,
verbose_level, trying, total_req, total, num, language) is 0:
keyboard_interrupt_flag = False
for idir in extra_requirements["pma_scan_list"]:
if random_agent_flag:
user_agent = {'User-agent': random.choice(user_agent_list)}
t = threading.Thread(
target=check,
args=(target + '/' + idir, user_agent, timeout_sec,
log_in_file, language, time_sleep,
thread_tmp_filename, retries,
extra_requirements["pma_scan_http_method"][0],
socks_proxy, scan_id, scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_message").format(
trying, total_req, num, total,
target_to_host(target), "default_port",
'pma_scan'))
while 1:
try:
if threading.activeCount() >= thread_number:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
keyboard_interrupt_flag = True
break
if keyboard_interrupt_flag:
break
else:
warn(messages(language, "open_error").format(target))
# wait for threads
kill_switch = 0
kill_time = int(timeout_sec / 0.1) if int(timeout_sec /
0.1) is not 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() is 1 or kill_switch is kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write is 1:
info(
messages(language,
"directory_file_404").format(target, "default_port"))
if verbose_level is not 0:
__log_into_file(
log_in_file, 'a',
json.dumps(
{
'HOST': target_to_host(target),
'USERNAME': '',
'PASSWORD': '',
'PORT': '',
'TYPE': 'pma_scan',
'DESCRIPTION': messages(language,
"phpmyadmin_dir_404"),
'TIME': now(),
'CATEGORY': "scan",
'SCAN_ID': scan_id,
'SCAN_CMD': scan_cmd
}) + '\n', language)
os.remove(thread_tmp_filename)
else:
warn(
messages(language,
"input_target_error").format('pma_scan', target))
def start(
target,
users,
passwds,
ports,
timeout_sec,
thread_number,
num,
total,
log_in_file,
time_sleep,
language,
verbose_level,
socks_proxy,
retries,
methods_args,
scan_id,
scan_cmd,
): # Main function
if (
target_type(target) != "SINGLE_IPv4"
or target_type(target) != "DOMAIN"
or target_type(target) != "HTTP"
or target_type(target) != "SINGLE_IPv6"
):
# rand useragent
user_agent_list = useragents.useragents()
http_methods = ["GET", "HEAD"]
user_agent = {"User-agent": random.choice(user_agent_list)}
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement
]
extra_requirements = new_extra_requirements
if extra_requirements["admin_scan_http_method"][0] not in http_methods:
warn(messages(language, "admin_scan_get"))
extra_requirements["admin_scan_http_method"] = ["GET"]
random_agent_flag = True
if extra_requirements["admin_scan_random_agent"][0] == "False":
random_agent_flag = False
threads = []
total_req = len(extra_requirements["admin_scan_list"])
thread_tmp_filename = "{}/tmp/thread_tmp_".format(
load_file_path()
) + "".join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20)
)
__log_into_file(thread_tmp_filename, "w", "1", language)
trying = 0
if target_type(target) != "HTTP":
target = 'http://' + target
if test(str(target), retries, timeout_sec, user_agent, extra_requirements["admin_scan_http_method"][0],
socks_proxy, verbose_level, trying, total_req, total, num, language) == 0:
keyboard_interrupt_flag = False
for idir in extra_requirements["admin_scan_list"]:
# time.sleep(0.001)
if random_agent_flag:
user_agent = {'User-agent': random.choice(user_agent_list)}
if target.endswith("/"):
target = target[:-1]
if idir.startswith("/"):
idir = idir[1:]
t = threading.Thread(target=check,
args=(
target + "/" + idir, user_agent, timeout_sec, log_in_file, language,
time_sleep, thread_tmp_filename, retries,
extra_requirements[
"admin_scan_http_method"][0],
socks_proxy, scan_id, scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_message").format(
trying,
total_req,
num,
total,
target_to_host(target),
"default_port",
"admin_scan",
)
)
while 1:
try:
if threading.activeCount() >= thread_number:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
keyboard_interrupt_flag = True
break
if keyboard_interrupt_flag:
break
else:
warn(messages(language, "open_error").format(target))
# wait for threads
kill_switch = 0
kill_time = (
int(timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1
)
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() == 1 or kill_switch == kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write == 1:
if verbose_level != 0:
data = {'HOST': target_to_host(target), 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'admin_scan',
'DESCRIPTION': messages(language, "directory_file_404").format(target, "default_port"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id,
'SCAN_CMD': scan_cmd}
info(messages(language, "directory_file_404").format(
target, "default_port"), log_in_file, "a",
data, language, thread_tmp_filename)
__log_into_file(log_in_file, 'a', json.dumps(data), language)
os.remove(thread_tmp_filename)
else:
warn(
messages(language, "input_target_error").format(
"admin_scan", target
)
)
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language,
verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type(target) != 'HTTP':
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[
extra_requirement] = methods_args[extra_requirement]
extra_requirements = new_extra_requirements
if ports is None:
ports = extra_requirements["Proftpd_vuln_ports"]
if target_type(target) == 'HTTP':
target = target_to_host(target)
threads = []
total_req = len(ports)
thread_tmp_filename = '{}/tmp/thread_tmp_'.format(load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits) for _ in range(20))
__log_into_file(thread_tmp_filename, 'w', '1', language)
trying = 0
keyboard_interrupt_flag = False
for port in ports:
port = int(port)
t = threading.Thread(target=__directory_traversal,
args=(target, int(port), timeout_sec, log_in_file, language, time_sleep,
thread_tmp_filename, socks_proxy, scan_id, scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_message").format(trying, total_req, num, total, target, port, 'Proftpd_directory_traversal_vuln'))
while 1:
try:
if threading.activeCount() >= thread_number:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
keyboard_interrupt_flag = True
break
if keyboard_interrupt_flag:
break
# wait for threads
kill_switch = 0
kill_time = int(
timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() is 1 or kill_switch is kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write is 1 and verbose_level is not 0:
info(messages(language, "no_vulnerability_found").format('ProFTPd_directory_traversal CVE-2010-3867'))
data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'Proftpd_directory_traversal_vuln',
'DESCRIPTION': messages(language, "no_vulnerability_found").format('ProFTPd_directory_traversal CVE-2010-3867'), 'TIME': now(),
'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd})
__log_into_file(log_in_file, 'a', data, language)
os.remove(thread_tmp_filename)
else:
warn(messages(language, "input_target_error").format(
'Proftpd_directory_traversal_vuln', target))
def __get_subs(
target,
timeout_sec,
log_in_file,
time_sleep,
language,
verbose_level,
socks_proxy,
retries,
num,
total,
extra_requirements=extra_requirements_dict(),
headers={
'User-Agent':
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 '
'(KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
'Accept-Language':
'en-US,en;q=0.9',
'Accept-Encoding':
'gzip, deflate, br',
}):
total_req = 0
trying = 0
threads = []
thread_tmp_filename = '{}/tmp/thread_tmp_'.format(
load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
for key in extra_requirements:
if extra_requirements[key][0] == 'True':
total_req += 1
if extra_requirements['subdomain_scan_use_netcraft'][0] == 'True':
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_process").format(
trying, total_req, num, total, target,
'(subdomain_scan - netcraft)'))
t = threading.Thread(target=__netcraft,
args=(target, timeout_sec, log_in_file,
time_sleep, language, verbose_level,
socks_proxy, retries, headers,
thread_tmp_filename))
threads.append(t)
t.start()
threads.append(t)
if extra_requirements['subdomain_scan_use_ptrarchive'][0] == 'True':
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_process").format(
trying, total_req, num, total, target,
'subdomain_scan - ptrarchive'))
t = threading.Thread(target=__ptrarchive,
args=(target, timeout_sec, log_in_file,
time_sleep, language, verbose_level,
socks_proxy, retries, headers,
thread_tmp_filename))
threads.append(t)
t.start()
threads.append(t)
if extra_requirements['subdomain_scan_use_threatcrowd'][0] == 'True':
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_process").format(
trying, total_req, num, total, target,
'subdomain_scan - threatcrowd'))
t = threading.Thread(target=__threatcrowd,
args=(target, timeout_sec, log_in_file,
time_sleep, language, verbose_level,
socks_proxy, retries, headers,
thread_tmp_filename))
threads.append(t)
t.start()
threads.append(t)
if extra_requirements['subdomain_scan_use_virustotal'][0] == 'True':
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_process").format(
trying, total_req, num, total, target,
'subdomain_scan - virustotal'))
t = threading.Thread(target=__virustotal,
args=(target, timeout_sec, log_in_file,
time_sleep, language, verbose_level,
socks_proxy, retries, headers,
thread_tmp_filename))
threads.append(t)
t.start()
threads.append(t)
if extra_requirements['subdomain_scan_use_comodo_crt'][0] == 'True':
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_process").format(
trying, total_req, num, total, target,
'subdomain_scan - comodo crt'))
t = threading.Thread(target=__comodo_crt,
args=(target, timeout_sec, log_in_file,
time_sleep, language, verbose_level,
socks_proxy, retries, headers,
thread_tmp_filename))
threads.append(t)
t.start()
threads.append(t)
if extra_requirements['subdomain_scan_use_dnsdumpster'][0] == 'True':
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_process").format(
trying, total_req, num, total, target,
'subdomain_scan - dnsdumpster'))
t = threading.Thread(target=__dnsdumpster,
args=(target, timeout_sec, log_in_file,
time_sleep, language, verbose_level,
socks_proxy, retries, headers,
thread_tmp_filename))
threads.append(t)
t.start()
threads.append(t)
if extra_requirements['subdomain_scan_use_google_dig'][0] == 'True':
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_process").format(
trying, total_req, num, total, target,
'(subdomain_scan - google dig)'))
t = threading.Thread(target=__google_dig,
args=(target, timeout_sec, log_in_file,
time_sleep, language, verbose_level,
socks_proxy, retries, headers,
thread_tmp_filename))
threads.append(t)
t.start()
threads.append(t)
if extra_requirements['subdomain_scan_use_cert_spotter'][0] == 'True':
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_process").format(
trying, total_req, num, total, target,
'(subdomain_scan - cert spotter)'))
t = threading.Thread(target=__cert_spotter,
args=(target, timeout_sec, log_in_file,
time_sleep, language, verbose_level,
socks_proxy, retries, headers,
thread_tmp_filename))
threads.append(t)
t.start()
threads.append(t)
# wait for threads
kill_switch = 0
try:
kill_time = -1 if extra_requirements["subdomain_scan_time_limit_seconds"][0] == -1 \
else int(int(extra_requirements["subdomain_scan_time_limit_seconds"[0]]) / 0.1)
except:
kill_time = -1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() is 1 or (kill_time is not -1
and kill_switch is kill_time):
break
except KeyboardInterrupt:
break
try:
subs = list(set(open(thread_tmp_filename).read().rsplit()))
os.remove(thread_tmp_filename)
except:
subs = []
return subs
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep,
language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type(target) != 'HTTP':
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[
extra_requirement] = methods_args[extra_requirement]
extra_requirements = new_extra_requirements
if users is None:
users = extra_requirements["http_ntlm_brute_users"]
if passwds is None:
passwds = extra_requirements["http_ntlm_brute_passwds"]
if ports is None:
ports = extra_requirements["http_ntlm_brute_ports"]
if target.lower().startswith('http://') or target.lower().startswith('https://'):
pass
else:
target = 'http://' + str(target)
threads = []
total_req = len(users) * len(passwds)
thread_tmp_filename = '{}/tmp/thread_tmp_'.format(load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits) for _ in range(20))
curl_tmp_filename = '{}/tmp/ports_tmp_'.format(load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits) for _ in range(20))
__log_into_file(thread_tmp_filename, 'w', '1', language)
__log_into_file(curl_tmp_filename, 'w', '', language)
trying = 0
keyboard_interrupt_flag = False
for port in ports:
if check_auth(target, timeout_sec, language, port):
continue
for user in users:
for passwd in passwds:
t = threading.Thread(target=login,
args=(
user, passwd, target, port, timeout_sec, log_in_file, language,
retries, time_sleep, thread_tmp_filename, curl_tmp_filename, socks_proxy,
scan_id, scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(messages(language, "trying_message").format(trying, total_req, num, total,
target, port, 'http_ntlm_brute'))
while 1:
try:
if threading.activeCount() >= thread_number:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
keyboard_interrupt_flag = True
break
if keyboard_interrupt_flag:
break
if keyboard_interrupt_flag:
break
if keyboard_interrupt_flag:
break
# wait for threads
kill_switch = 0
kill_time = int(
timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() is 1 or kill_switch is kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(
open(thread_tmp_filename).read().rsplit()[0])
if thread_write is 1 and verbose_level is not 0:
data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '',
'TYPE': 'http_ntlm_brute', 'DESCRIPTION': messages(language, "no_user_passwords"), 'TIME': now(),
'CATEGORY': "brute", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + "\n"
__log_into_file(log_in_file, 'a', data, language)
os.remove(thread_tmp_filename)
os.remove(curl_tmp_filename)
else:
warn(messages(language, "input_target_error").format(
'http_ntlm_brute', target))
def __go_for_attacks(targets, check_ranges, check_subdomains, log_in_file,
time_sleep, language, verbose_level, retries, socks_proxy,
users, passwds, timeout_sec, thread_number, ports,
ping_flag, methods_args, backup_ports, scan_method,
thread_number_host, graph_flag, profile, api_flag):
"""
preparing for attacks and managing multi-processing for host
Args:
targets: list of calculated targets
check_ranges: check IP range flag
check_subdomains: check subdomain flag
log_in_file: output filename
time_sleep: time sleep seconds
language: language
verbose_level: verbose level number
retries: retries number
socks_proxy: socks proxy address
users: usernames
passwds: passwords
timeout_sec: timeout seconds
thread_number: thread numbers
ports: port numbers
ping_flag: ping before scan flag
methods_args: method args for modules
backup_ports: port numbers (backup)
scan_method: selected module names
thread_number_host: threads for hosts scan
graph_flag: graph name
profile: profile name
api_flag: API flag
Returns:
True when it ends
"""
suff = now(model="%Y_%m_%d_%H_%M_%S") + "".join(
random.choice(string.ascii_lowercase) for x in range(10))
subs_temp = "{}/tmp/subs_temp_".format(load_file_path()) + suff
range_temp = "{}/tmp/ranges_".format(load_file_path()) + suff
total_targets = -1
for total_targets, _ in enumerate(
analysis(targets, check_ranges, check_subdomains, subs_temp,
range_temp, log_in_file, time_sleep, language,
verbose_level, retries, socks_proxy, True)):
pass
total_targets += 1
total_targets = total_targets * len(scan_method)
try:
os.remove(range_temp)
except:
pass
range_temp = "{}/tmp/ranges_".format(load_file_path()) + suff
targets = analysis(targets, check_ranges, check_subdomains, subs_temp,
range_temp, log_in_file, time_sleep, language,
verbose_level, retries, socks_proxy, False)
trying = 0
scan_id = "".join(random.choice("0123456789abcdef") for x in range(32))
scan_cmd = messages(language, 158) if api_flag else " ".join(sys.argv)
for target in targets:
for sm in scan_method:
trying += 1
p = multiprocessing.Process(
target=start_attack,
args=(str(target).rsplit()[0], trying, total_targets, sm,
users, passwds, timeout_sec, thread_number, ports,
log_in_file, time_sleep, language, verbose_level,
socks_proxy, retries, ping_flag, methods_args, scan_id,
scan_cmd))
p.name = str(target) + "->" + sm
p.start()
while 1:
n = 0
processes = multiprocessing.active_children()
for process in processes:
if process.is_alive():
n += 1
else:
processes.remove(process)
if n >= thread_number_host:
time.sleep(0.01)
else:
break
_waiting_for = 0
while 1:
try:
exitflag = True
if len(multiprocessing.active_children()) is not 0:
exitflag = False
_waiting_for += 1
if _waiting_for > 3000:
_waiting_for = 0
info(
messages(language, 138).format(", ".join(
[p.name for p in multiprocessing.active_children()])))
time.sleep(0.01)
if exitflag:
break
except KeyboardInterrupt:
for process in multiprocessing.active_children():
process.terminate()
break
info(messages(language, 42))
os.remove(subs_temp)
os.remove(range_temp)
info(messages(language, 43))
sort_logs(log_in_file, language, graph_flag, scan_id, scan_cmd,
verbose_level, 0, profile, scan_method, backup_ports)
write("\n")
info(messages(language, 44))
write("\n\n")
finish()
return True
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language,
verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type(
target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6':
# rand useragent
user_agent_list = [
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5",
"Googlebot/2.1 ( http://www.googlebot.com/bot.html)",
"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04"
" Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13",
"Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)",
"Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51",
"Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620",
"Debian APT-HTTP/1.3 (0.8.10.3)",
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
"Googlebot/2.1 (+http://www.googlebot.com/bot.html)",
"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)",
"YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; "
"http://help.yahoo.com/help/us/shop/merchant/)",
"Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)",
"Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)",
"msnbot/1.1 (+http://search.msn.com/msnbot.htm)"
]
user_agent = {'User-agent': random.choice(user_agent_list)}
limit = 1000
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[extra_requirement]
extra_requirements = new_extra_requirements
random_agent_flag = True
if extra_requirements["wordpress_dos_cve_2018_6389_vuln_random_agent"][0] != "True":
random_agent_flag = False
if extra_requirements["wordpress_dos_cve_2018_6389_vuln_no_limit"][0] != "False":
limit = -1
threads = []
total_req = limit
filepath = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
thread_tmp_filename = '{}/tmp/thread_tmp_'.format(load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits) for _ in range(20))
__log_into_file(thread_tmp_filename, 'w', '1', language)
trying = 0
if target_type(target) == 'SINGLE_IPv4' or target_type(target) == 'DOMAIN':
url = 'http://{0}/'.format(target)
else:
if target.count(':') > 1:
__die_failure(messages(language, 105))
http = target.rsplit('://')[0]
host = target_to_host(target)
path = "/".join(target.replace('http://', '').replace('https://', '').rsplit('/')[1:])
url = http + '://' + host + '/' + path
if test(url, retries, timeout_sec, user_agent, socks_proxy, verbose_level, trying, total_req, total, num,
language, False, log_in_file, scan_id, scan_cmd, thread_tmp_filename) is not 0:
warn(messages(language, 109).format(url))
return
info(messages(language, 177).format(target))
n = 0
t = threading.Thread(target=test,
args=(
url, retries, timeout_sec, user_agent, socks_proxy, verbose_level, trying, total_req,
total, num, language, True, log_in_file, scan_id, scan_cmd, thread_tmp_filename))
t.start()
keyboard_interrupt_flag = False
while (n != limit):
n += 1
if random_agent_flag:
user_agent = {'User-agent': random.choice(user_agent_list)}
t = threading.Thread(target=send_dos,
args=(url, user_agent, timeout_sec, log_in_file, language, time_sleep,
thread_tmp_filename, retries, socks_proxy, scan_id,
scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(messages(language, 72).format(trying, total_req, num, total, target_to_host(target), port,
'wordpress_dos_cve_2018_6389_vuln'))
try:
if int(open(thread_tmp_filename).read().rsplit()[0]) is 0:
if limit is not -1:
break
except:
pass
while 1:
try:
if threading.activeCount() >= thread_number:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
keyboard_interrupt_flag = True
break
if keyboard_interrupt_flag:
break
# wait for threads
kill_switch = 0
kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() is 2 or kill_switch is kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write is 1:
info(messages(language, 141).format("wordpress_dos_cve_2018_6389_vuln"))
if verbose_level is not 0:
data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '',
'TYPE': 'wordpress_dos_cve_2018_6389_vuln',
'DESCRIPTION': messages(language, 141).format("wordpress_dos_cve_2018_6389_vuln"),
'TIME': now(), 'CATEGORY': "scan",
'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd})
__log_into_file(log_in_file, 'a', data, language)
os.remove(thread_tmp_filename)
else:
warn(messages(language, 69).format('wordpress_dos_cve_2018_6389_vuln', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level, socks_proxy,
retries, methods_args, scan_id, scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(
target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6':
threads = []
thread_tmp_filename = '{}/tmp/thread_tmp_'.format(
load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
__log_into_file(thread_tmp_filename, 'w', '1', language)
trying = 0
total_req = 8000
if target_type(target) != "HTTP":
target = 'http://' + target
t = threading.Thread(target=analyze,
args=(target, timeout_sec, log_in_file, language,
time_sleep, thread_tmp_filename, retries,
socks_proxy, scan_id, scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(
messages(language,
"trying_message").format(trying, total_req,
num, total,
target_to_host(target), "",
'dir_scan'))
while 1:
try:
if threading.activeCount() >= thread_number:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
break
# wait for threads
kill_switch = 0
kill_time = int(timeout_sec /
0.1) if int(timeout_sec / 0.1) != 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() == 1 or kill_switch == kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write == 1:
info(
messages(language,
"nothing_found").format(target, "wappalyzer_scan"))
if verbose_level != 0:
data = json.dumps({
'HOST':
target_to_host(target),
'USERNAME':
'',
'PASSWORD':
'',
'PORT':
'',
'TYPE':
'wappalyzer_scan',
'DESCRIPTION':
messages(language, "not_found"),
'TIME':
now(),
'CATEGORY':
"scan",
'SCAN_ID':
scan_id,
'SCAN_CMD':
scan_cmd
})
__log_into_file(log_in_file, 'a', data, language)
os.remove(thread_tmp_filename)
else:
warn(
messages(language,
"input_target_error").format('wappalyzer_scan', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep,
language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type(target) != 'HTTP':
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[
extra_requirement] = methods_args[extra_requirement]
extra_requirements = new_extra_requirements
if users is None:
users = extra_requirements["smtp_brute_users"]
if passwds is None:
passwds = extra_requirements["smtp_brute_passwds"]
if ports is None:
ports = extra_requirements["smtp_brute_ports"]
if extra_requirements["smtp_brute_split_user_set_pass"][0] not in ["False", "True"]:
extra_requirements["smtp_brute_split_user_set_pass"][0] = "False"
if target_type(target) == 'HTTP':
target = target_to_host(target)
threads = []
total_req = int(
len(users) * len(passwds) * len(ports) * len(extra_requirements["smtp_brute_split_user_set_pass_prefix"])) \
if extra_requirements["smtp_brute_split_user_set_pass"][0] == "False" \
else int(len(users) * len(ports) * len(extra_requirements["smtp_brute_split_user_set_pass_prefix"]))
thread_tmp_filename = '{}/tmp/thread_tmp_'.format(load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits) for _ in range(20))
ports_tmp_filename = '{}/tmp/ports_tmp_'.format(load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits) for _ in range(20))
__log_into_file(thread_tmp_filename, 'w', '1', language)
__log_into_file(ports_tmp_filename, 'w', '', language)
ports = test_ports(ports, timeout_sec, target, retries, language, num, total, time_sleep, ports_tmp_filename,
thread_number, total_req, verbose_level, socks_proxy)
trying = 0
if extra_requirements["smtp_brute_split_user_set_pass"][0] == "False":
for port in ports:
for user in users:
for passwd in passwds:
t = threading.Thread(target=login, args=(
user, passwd, target, port, timeout_sec, log_in_file, language, retries, time_sleep,
thread_tmp_filename, socks_proxy,
scan_id, scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(messages(language, "trying_message").format(trying, total_req, num, total, target, port,
'smtp_brute'))
while 1:
n = 0
for thread in threads:
if thread.isAlive():
n += 1
else:
threads.remove(thread)
if n >= thread_number:
time.sleep(0.01)
else:
break
else:
keyboard_interrupt_flag = False
for port in ports:
for user in users:
for prefix in extra_requirements["smtp_brute_split_user_set_pass_prefix"]:
t = threading.Thread(target=login, args=(user, user.rsplit('@')[0] + prefix, target, port,
timeout_sec, log_in_file, language,
retries, time_sleep, thread_tmp_filename))
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(messages(language, "trying_message").format(trying, total_req, num, total, target, port,
'smtp_brute'))
while 1:
try:
if threading.activeCount() >= thread_number:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
keyboard_interrupt_flag = True
break
if keyboard_interrupt_flag:
break
else:
break
else:
break
# wait for threads
kill_switch = 0
kill_time = int(
timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() == 1 or kill_switch == kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write == 1 and verbose_level != 0:
data = json.dumps({'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'smtp_brute',
'DESCRIPTION': messages(language, "no_user_passwords"), 'TIME': now(), 'CATEGORY': "brute",
'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + "\n"
__log_into_file(log_in_file, 'a', data, language)
os.remove(thread_tmp_filename)
else:
warn(messages(language, "input_target_error").format(target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level, socks_proxy,
retries, methods_args, scan_id, scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(
target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6':
# rand useragent
user_agent_list = [
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5",
"Googlebot/2.1 ( http://www.googlebot.com/bot.html)",
"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04"
" Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13",
"Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)",
"Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51",
"Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620",
"Debian APT-HTTP/1.3 (0.8.10.3)",
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
"Googlebot/2.1 (+http://www.googlebot.com/bot.html)",
"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)",
"YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; "
"http://help.yahoo.com/help/us/shop/merchant/)",
"Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)",
"Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)",
"msnbot/1.1 (+http://search.msn.com/msnbot.htm)"
]
headers = {
'User-agent': random.choice(user_agent_list),
'Content-Type': 'text/xml'
}
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement]
extra_requirements = new_extra_requirements
threads = []
if users is None:
users = extra_requirements["wp_users"]
if passwds is None:
passwds = extra_requirements["wp_passwds"]
if ports is None:
ports = extra_requirements["wp_xmlrpc_brute_ports"]
if verbose_level > 3:
total_req = len(users) * len(passwds) * len(ports)
else:
total_req = len(users) * len(passwds) * len(ports)
thread_tmp_filename = '{}/tmp/thread_tmp_'.format(
load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
__log_into_file(thread_tmp_filename, 'w', '1', language)
trying = 0
if target_type(target) != "HTTP":
target = 'https://' + target
for port in ports:
if test(str(target), port, retries, timeout_sec, headers,
socks_proxy, verbose_level, trying, total_req, total, num,
language) is True:
keyboard_interrupt_flag = False
for user in users:
for passwd in passwds:
#print(user + " " + passwd)
t = threading.Thread(
target=check,
args=(user, passwd, target, port, headers,
timeout_sec, log_in_file, language, retries,
time_sleep, thread_tmp_filename, socks_proxy,
scan_id, scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_message").format(
trying, total_req, num, total,
target_to_host(target), port,
'wp_xmlrpc_brute'))
while 1:
try:
if threading.activeCount() >= thread_number:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
keyboard_interrupt_flag = True
break
if keyboard_interrupt_flag:
break
else:
warn(messages(language, "open_error").format(target))
# wait for threads
kill_switch = 0
kill_time = int(timeout_sec / 0.1) if int(timeout_sec /
0.1) is not 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() is 1 or kill_switch is kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
os.remove(thread_tmp_filename)
else:
warn(
messages(language,
"input_target_error").format('wp_xmlrpc_brute', target))
def start(
target,
users,
passwds,
ports,
timeout_sec,
thread_number,
num,
total,
log_in_file,
time_sleep,
language,
verbose_level,
socks_proxy,
retries,
methods_args,
scan_id,
scan_cmd,
): # Main function
if (
target_type(target) != "SINGLE_IPv4"
or target_type(target) != "DOMAIN"
or target_type(target) != "HTTP"
or target_type(target) != "SINGLE_IPv6"
):
# rand useragent
http_methods = ["GET", "HEAD"]
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement
]
extra_requirements = new_extra_requirements
if extra_requirements["pma_scan_http_method"][0] not in http_methods:
warn(messages(language, "dir_scan_get"))
extra_requirements["pma_scan_http_method"] = ["GET"]
thread_tmp_filename = "{}/tmp/thread_tmp_".format(
load_file_path()
) + "".join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20)
)
__log_into_file(thread_tmp_filename, "w", "1", language)
default_ports = [80, 443]
request = """{0} __target_locat_here__{{0}} \
HTTP/1.1\nUser-Agent: {1}\n\n""".format(
extra_requirements["pma_scan_http_method"][0],
random.choice(useragents.useragents())
if extra_requirements["pma_scan_random_agent"][0].lower() == "true"
else "Mozilla/5.0 (Windows; U; Windows NT 5.1; \
en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5",
)
status_codes = [200, 401, 403]
condition = "response.status_code in {0}".format(status_codes)
message = messages(language, "found")
sample_message = (
'"'
+ message
+ '"'
+ """.format(response.url, response.status_code,\
response.reason)"""
)
sample_event = {
"HOST": target_to_host(target),
"USERNAME": "",
"PASSWORD": "",
"PORT": "PORT",
"TYPE": "pma_scan",
"DESCRIPTION": sample_message,
"TIME": now(),
"CATEGORY": "scan",
"SCAN_ID": scan_id,
"SCAN_CMD": scan_cmd,
}
counter_message = messages(language, "phpmyadmin_dir_404")
__repeater(
request,
[extra_requirements["pma_scan_list"]],
timeout_sec,
thread_number,
log_in_file,
time_sleep,
language,
verbose_level,
socks_proxy,
retries,
scan_id,
scan_cmd,
condition,
thread_tmp_filename,
sample_event,
sample_message,
target,
ports,
default_ports,
counter_message,
)
else:
warn(
messages(language, "input_target_error").format("pma_scan", target)
)
def start(
target,
users,
passwds,
ports,
timeout_sec,
thread_number,
num,
total,
log_in_file,
time_sleep,
language,
verbose_level,
socks_proxy,
retries,
methods_args,
scan_id,
scan_cmd,
): # Main function
if (target_type(target) != "SINGLE_IPv4" or target_type(target) != "DOMAIN"
or target_type(target) != "HTTP"):
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement]
extra_requirements = new_extra_requirements
if ports is None:
ports = extra_requirements["wp_user_enum_ports"]
if target_type(target) == "HTTP":
target = target_to_host(target)
threads = []
total_req = len(ports)
thread_tmp_filename = "{}/tmp/thread_tmp_".format(
load_file_path()) + "".join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
__log_into_file(thread_tmp_filename, "w", "1", language)
trying = 0
keyboard_interrupt_flag = False
for port in ports:
port = int(port)
t = threading.Thread(
target=__wp_user_enum,
args=(
target,
int(port),
timeout_sec,
log_in_file,
language,
time_sleep,
thread_tmp_filename,
socks_proxy,
scan_id,
scan_cmd,
),
)
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_message").format(
trying,
total_req,
num,
total,
target,
port,
"wp_user_enum_scan",
))
while 1:
try:
if threading.activeCount() >= thread_number:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
keyboard_interrupt_flag = True
break
if keyboard_interrupt_flag:
break
# wait for threads
kill_switch = 0
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() == 1:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write == 1 and verbose_level != 0:
info(messages(language, "not_found"))
data = json.dumps({
"HOST": target,
"USERNAME": "",
"PASSWORD": "",
"PORT": "",
"TYPE": "wp_user_enum_scan",
"DESCRIPTION": messages(language, "not_found"),
"TIME": now(),
"CATEGORY": "scan",
"SCAN_ID": scan_id,
"SCAN_CMD": scan_cmd,
})
__log_into_file(log_in_file, "a", data, language)
os.remove(thread_tmp_filename)
else:
warn(
messages(language,
"input_target_error").format("wp_user_enum_scan", target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level, socks_proxy,
retries, methods_args, scan_id, scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(
target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6':
# rand useragent
user_agent_list = useragents.useragents()
headers = {
'User-agent': random.choice(user_agent_list),
'Content-Type': 'text/xml'
}
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement]
extra_requirements = new_extra_requirements
threads = []
if users is None:
users = extra_requirements["wp_users"]
if passwds is None:
passwds = extra_requirements["wp_passwds"]
if ports is None:
ports = extra_requirements["wp_xmlrpc_brute_ports"]
if verbose_level > 3:
total_req = len(users) * len(passwds) * len(ports)
else:
total_req = len(users) * len(passwds) * len(ports)
thread_tmp_filename = '{}/tmp/thread_tmp_'.format(
load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
__log_into_file(thread_tmp_filename, 'w', '1', language)
trying = 0
if target_type(target) != "HTTP":
target = 'https://' + target
for port in ports:
if test(str(target), port, retries, timeout_sec, headers,
socks_proxy, verbose_level, trying, total_req, total, num,
language) is True:
keyboard_interrupt_flag = False
for user in users:
for passwd in passwds:
#print(user + " " + passwd)
t = threading.Thread(
target=check,
args=(user, passwd, target, port, headers,
timeout_sec, log_in_file, language, retries,
time_sleep, thread_tmp_filename, socks_proxy,
scan_id, scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_message").format(
trying, total_req, num, total,
target_to_host(target), port,
'wp_xmlrpc_brute'))
while 1:
try:
if threading.activeCount() >= thread_number:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
keyboard_interrupt_flag = True
break
if keyboard_interrupt_flag:
break
else:
warn(messages(language, "open_error").format(target))
# wait for threads
kill_switch = 0
kill_time = int(timeout_sec /
0.1) if int(timeout_sec / 0.1) != 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() == 1 or kill_switch == kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
os.remove(thread_tmp_filename)
else:
warn(
messages(language,
"input_target_error").format('wp_xmlrpc_brute', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num,
total, log_in_file, time_sleep, language, verbose_level, socks_proxy,
retries, methods_args, scan_id, scan_cmd): # Main function
if target_type(target) != 'SINGLE_IPv4' or target_type(
target) != 'DOMAIN' or target_type(
target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6':
# rand useragent
user_agent_list = useragents.useragents()
user_agent = {'User-agent': random.choice(user_agent_list)}
limit = 1000
# requirements check
new_extra_requirements = extra_requirements_dict()
if methods_args is not None:
for extra_requirement in extra_requirements_dict():
if extra_requirement in methods_args:
new_extra_requirements[extra_requirement] = methods_args[
extra_requirement]
extra_requirements = new_extra_requirements
random_agent_flag = True
if extra_requirements["wordpress_dos_cve_2018_6389_vuln_random_agent"][
0] != "True":
random_agent_flag = False
if extra_requirements["wordpress_dos_cve_2018_6389_vuln_no_limit"][
0] != "False":
limit = -1
threads = []
total_req = limit
filepath = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
thread_tmp_filename = '{}/tmp/thread_tmp_'.format(
load_file_path()) + ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(20))
__log_into_file(thread_tmp_filename, 'w', '1', language)
trying = 0
if target_type(target) == 'SINGLE_IPv4' or target_type(
target) == 'DOMAIN':
url = 'http://{0}/'.format(target)
else:
if target.count(':') > 1:
__die_failure(messages(language, "insert_port_message"))
http = target.rsplit('://')[0]
host = target_to_host(target)
path = "/".join(
target.replace('http://', '').replace('https://',
'').rsplit('/')[1:])
url = http + '://' + host + '/' + path
if test(url, retries, timeout_sec, user_agent, socks_proxy,
verbose_level, trying, total_req, total, num, language, False,
log_in_file, scan_id, scan_cmd, thread_tmp_filename) != 0:
warn(messages(language, "open_error").format(url))
return
info(messages(language, "DOS_send").format(target))
n = 0
t = threading.Thread(
target=test,
args=(url, retries, timeout_sec, user_agent, socks_proxy,
verbose_level, trying, total_req, total, num, language, True,
log_in_file, scan_id, scan_cmd, thread_tmp_filename))
t.start()
keyboard_interrupt_flag = False
while (n != limit):
n += 1
if random_agent_flag:
user_agent = {'User-agent': random.choice(user_agent_list)}
t = threading.Thread(target=send_dos,
args=(url, user_agent, timeout_sec,
log_in_file, language, time_sleep,
thread_tmp_filename, retries,
socks_proxy, scan_id, scan_cmd))
threads.append(t)
t.start()
trying += 1
if verbose_level > 3:
info(
messages(language, "trying_message").format(
trying, total_req, num, total, target_to_host(target),
port, 'wordpress_dos_cve_2018_6389_vuln'))
try:
if int(open(thread_tmp_filename).read().rsplit()[0]) == 0:
if limit != -1:
break
except Exception:
pass
while 1:
try:
if threading.activeCount() >= thread_number:
time.sleep(0.01)
else:
break
except KeyboardInterrupt:
keyboard_interrupt_flag = True
break
if keyboard_interrupt_flag:
break
# wait for threads
kill_switch = 0
kill_time = int(timeout_sec /
0.1) if int(timeout_sec / 0.1) != 0 else 1
while 1:
time.sleep(0.1)
kill_switch += 1
try:
if threading.activeCount() == 2 or kill_switch == kill_time:
break
except KeyboardInterrupt:
break
thread_write = int(open(thread_tmp_filename).read().rsplit()[0])
if thread_write == 1:
info(
messages(language, "no_vulnerability_found").format(
"wordpress_dos_cve_2018_6389_vuln"))
if verbose_level != 0:
data = json.dumps({
'HOST':
target,
'USERNAME':
'',
'PASSWORD':
'',
'PORT':
'',
'TYPE':
'wordpress_dos_cve_2018_6389_vuln',
'DESCRIPTION':
messages(language, "no_vulnerability_found").format(
"wordpress_dos_cve_2018_6389_vuln"),
'TIME':
now(),
'CATEGORY':
"scan",
'SCAN_ID':
scan_id,
'SCAN_CMD':
scan_cmd
})
__log_into_file(log_in_file, 'a', data, language)
os.remove(thread_tmp_filename)
else:
warn(
messages(language, "input_target_error").format(
'wordpress_dos_cve_2018_6389_vuln', target))
