def __init_with_url(self):
"""
Initialize with an URL (when targeting HTTP).
This method updates: URL, Hostname, IP, Port
:raises TargetException: Exception raised if DNS lookup fails
"""
self.service.url = WebUtils.add_prefix_http(self.service.url)
self.service.url = WebUtils.remove_ending_slash(self.service.url)
url = urlparse(self.service.url)
if NetUtils.is_valid_ip(url.hostname):
self.service.host.ip = url.hostname
self.service.host.hostname = url.hostname # updated in smart_check
else:
self.service.host.ip = NetUtils.dns_lookup(url.hostname)
if not self.service.host.ip:
raise TargetException('Unable to resolve {}'.format(
url.hostname))
self.service.host.hostname = url.hostname
if not self.service.port:
self.service.port = WebUtils.get_port_from_url(self.service.url)
if not NetUtils.is_valid_port(self.service.port):
raise TargetException('Invalid port number {}'.format(
self.service.port))
def check_arg_ip_port(self, ip_port):
ip, port = ip_port.split(':', maxsplit=1)
if not NetUtils.is_valid_port(port):
raise argparse.ArgumentTypeError('Invalid port number')
if not NetUtils.is_valid_ip(ip):
raise argparse.ArgumentTypeError('Invalid IP address')
return ip, port
def __init_with_ip_port(self, ip, port, ssl):
if not NetUtils.is_valid_ip(ip):
raise TargetException('Invalid IP address')
if not NetUtils.is_valid_port(port):
raise TargetException('Invalid port number {}'.format(port))
self.ip = ip
self.port = port
self.url = 'http{s}://{ip}:{port}'.format(s='s' if self.ssl else '',
ip=self.ip,
port=self.port)
def __translate_port(self, value):
"""
Translate port number or ports range into Sqlalchemy filter.
Ports range in format: 8000-9000
"""
if NetUtils.is_valid_port(value):
return (Service.port == int(value))
elif NetUtils.is_valid_port_range(value):
minport, maxport = value.split('-')
return (Sevrice.port.between(int(minport), int(maxport)))
else:
raise FilterException(
'{value} invalid port/range'.format(value=value))
def __translate_port(self, value):
"""
value can be:
- Single port number
- Port range - format 8000-8100
"""
if NetUtils.is_valid_port(value):
return (Service.port == int(value))
elif NetUtils.is_valid_port_range(value):
minport, maxport = value.split('-')
return (Service.port.between(int(minport), int(maxport)))
else:
raise FilterException(
'{value} invalid port/range'.format(value=value))
def __init_with_url(self, url):
p = urlparse(url)
if NetUtils.is_valid_ip(p.hostname):
self.ip = p.hostname
else:
self.ip = NetUtils.dns_lookup(p.hostname)
if not self.ip:
raise TargetException('Unable to resolve {}'.format(p.hostname))
self.port = NetUtils.get_port_from_url(url)
if not NetUtils.is_valid_port(self.port):
raise TargetException('Invalid port number {}'.format(self.port))
if url.lower().startswith('https://'):
self.ssl = True
def do_services(self, args):
"""Services in the current mission scope"""
print()
req = ServicesRequester(self.sqlsess)
req.select_mission(self.current_mission)
# Logical AND is applied between all specified filtering options
filter_ = Filter(FilterOperator.AND)
if args.names:
for n in args.names:
if not self.settings.services.is_service_supported(n, multi=False):
logger.error('Service {name} is not valid/supported'.format(name=n.lower()))
return
filter_.add_condition(Condition(args.names, FilterData.SERVICE_EXACT))
if args.order:
req.order_by(args.order)
if args.hostname:
# OR between submitted hostnames
filter_.add_condition(Condition(args.hostname.split(','), FilterData.HOST))
if args.ip:
# OR between submitted ips/ranges
filter_.add_condition(Condition(args.ip.split(','), FilterData.IP))
if args.port:
# OR between ports/port-ranges
filter_.add_condition(Condition(args.port.split(','), FilterData.PORT))
if args.proto:
filter_.add_condition(Condition(args.proto, FilterData.PROTOCOL))
if args.up:
filter_.add_condition(Condition(args.up, FilterData.UP))
if args.search:
filter_search = Filter(FilterOperator.OR)
filter_search.add_condition(Condition(args.search, FilterData.HOST))
filter_search.add_condition(Condition(args.search, FilterData.BANNER))
filter_search.add_condition(Condition(args.search, FilterData.URL))
filter_search.add_condition(Condition(args.search, FilterData.COMMENT_SERVICE))
filter_.add_condition(filter_search)
try:
req.add_filter(filter_)
except FilterException as e:
logger.error(e)
return
# Operations
if args.add:
host, port, service = args.add
if NetUtils.is_valid_ip(host):
ip = host
hostname = NetUtils.reverse_dns_lookup(ip)
logger.info('Reverse DNS lookup on IP {ip}: {hostname}'.format(ip=ip, hostname=hostname))
else:
ip = NetUtils.dns_lookup(host)
if not ip:
logger.error('Cannot resolve hostname')
return
hostname = host
logger.info('DNS lookup on {hostname}: IP {ip}'.format(hostname=host, ip=ip))
if not NetUtils.is_valid_port(port):
logger.error('Port is invalid, not in range [0-65535]')
elif not self.settings.services.is_service_supported(service, multi=False):
logger.error('Service {name} is not valid/supported'.format(name=service.lower()))
else:
req.add_service(ip, hostname, port, self.settings.services.get_protocol(service), service)
elif args.url:
args.url = WebUtils.add_prefix_http(args.url)
if not WebUtils.is_valid_url(args.url):
logger.error('URL is invalid')
else:
req.add_url(args.url)
elif args.delete:
if not req.filter_applied:
if not Output.prompt_confirm('No filter applied. Are you sure you want to delete ALL services in current mission ?', default=False):
logger.info('Canceled')
return
req.delete()
elif args.comment:
if not req.filter_applied:
if not Output.prompt_confirm('No filter applied. Are you sure you want to edit comment for ALL services in current mission ?', default=False):
logger.info('Canceled')
return
req.edit_comment(args.comment)
elif args.https:
if not req.filter_applied:
if not Output.prompt_confirm('No filter applied. Are you sure you want to apply switch for ALL URLs in current mission ?', default=False):
logger.info('Canceled')
return
req.switch_https()
elif args.addcred:
if not req.filter_applied:
if not Output.prompt_confirm('No filter applied. Are you sure you want to add same creds for ALL services in current mission ?', default=False):
logger.info('Canceled')
return
req.add_cred(args.addcred[0], args.addcred[1], None)
elif args.addcred_http:
if not req.are_only_http_services_selected():
logger.warning('Some non-HTTP services are selected. Use --addcred instead for non-HTTP services')
return
if not self.settings.services.is_valid_authentication_type(args.addcred_http[2]):
logger.warning('Invalid HTTP authentication type')
logger.info('List of supported authentication types: ')
for auth_type in self.settings.services.get_authentication_types('http'):
logger.info('- {type}'.format(type=auth_type))
return
if not req.filter_applied:
if not Output.prompt_confirm('No filter applied. Are you sure you want to add same creds for ALL HTTP services in current mission ?', default=False):
logger.info('Canceled')
return
req.add_cred(args.addcred_http[0], args.addcred_http[1], args.addcred_http[2])
elif args.adduser:
if not req.filter_applied:
if not Output.prompt_confirm('No filter applied. Are you sure you want to add same username for ALL services in current mission ?', default=False):
logger.info('Canceled')
return
req.add_cred(args.adduser[0], None, None)
elif args.adduser_http:
if not req.are_only_http_services_selected():
logger.warning('Some non-HTTP services are selected. Use --adduser instead for non-HTTP services')
return
if not self.settings.services.is_valid_authentication_type(args.adduser_http[1]):
logger.warning('Invalid HTTP authentication type')
logger.info('List of supported authentication types: ')
for auth_type in self.settings.services.get_authentication_types('http'):
logger.info('- {type}'.format(type=auth_type))
return
if not req.filter_applied:
if not Output.prompt_confirm('No filter applied. Are you sure you want to add same username for ALL HTTP services in current mission ?', default=False):
logger.info('Canceled')
return
req.add_cred(args.adduser_http[0], None, args.adduser_http[1])
else:
req.show()
print()