def take_screenshot(ip_address, port_number): url = 'http://' + ip_address + ':' + port_number file_path = 'temp/' + ip_address + "_" + port_number + ".png" command = "cutycapt --url=%s --out=%s" % (url, file_path) utils.execute_enum_cmd(screenshot_tool_name, command) return file_path
def execute_nikto_http_enum(ip_address, port_number): file_name = 'temp/' + ip_address + '_nikto.txt' command = "nikto -host http://%s:%s -o %s" % (ip_address, port_number, file_name) utils.execute_enum_cmd(nikto_tool_name, command) # Parse Output nikto_file = open(file_name, 'r') output = nikto_file.read() output = output.replace('\n', '<br/>\n') return output
def execute_whatweb_http_enum(ip_address, port_number): command = "whatweb %s:%s" % (ip_address, port_number) output = utils.execute_enum_cmd(whatweb_tool_name, command) # Parse Output output = output.replace("[1m", "<br/>") output = output.replace("[0m]", "") output = output.replace("[0m[", "") output = output.replace("[31m", "") output = output.replace("[32m", "") output = output.replace("[33m", "") output = output.replace("[34m", "") output = output.replace("[36m", "") output = output.replace("[37m", "") utils.print_purple("[+] Finished whatweb HTTP Enum ...") return output
def execute_metasploit_http_enum(ip_address, port_number): command = "service postgresql start && msfconsole -x 'load wmap; wmap_sites -a http://%s:%s; wmap_targets -t http://%s:%s; wmap_run -e; wmap_vulns -l; exit y'" % ( ip_address, port_number, ip_address, port_number) return utils.execute_enum_cmd(metasploit_tool_name, command)
def execute_directories_http_enum(ip_address, port_number): command = "gobuster -u http://%s:%s -w /usr/share/wordlists/dirb/common.txt -s '200,204,301,302,307,403,500' -e" % ( ip_address, port_number) return utils.execute_enum_cmd(crawler_tool_name, command)
def execute_nmap_http_enum(ip_address, port_number): command = "nmap -sV -p %s --script=http-enum,http-vuln* %s" % ( port_number, ip_address) return utils.execute_enum_cmd(nmap_tool_name, command)
def execute_snmpcheck_snmp_enum(ip_address): command = "snmp-check -t %s" % (ip_address) return utils.execute_enum_cmd(snmp_tool_name, command)
def execute_nmap_ssh_enum(ip_address, port_number): command = "nmap -sV -p %s --script=ssh* %s" % (port_number, ip_address) return utils.execute_enum_cmd(nmap_tool_name, command)
def show_nfs_share(ip_address): command = "showmount -e %s" % (ip_address) return utils.execute_enum_cmd(showmount_tool_name, command)
def execute_sslscan(ip_address, port_number): command = "sslscan --no-failed %s:%s" % (ip_address, port_number) return utils.execute_enum_cmd(sslscan_tool_name, command)
def execute_samrdump_smb_enum(ip_address, port_number): command = "python /usr/share/doc/python-impacket/examples/samrdump.py %s %s/SMB" % (ip_address, port_number) return utils.execute_enum_cmd(samrdump_tool_name, command)
def extract_password_policy(ip_address): command = "polenum %s" % ip_address return utils.execute_enum_cmd(extractpasswordplc_tool_name, command)
def execute_nbtscan_smb_enum(ip_address): command = "nbtscan -v -h %s" % ip_address return utils.execute_enum_cmd(nbtscan_tool_name, command)
def execute_nmblookup_smb_enum(ip_address): command = "nmblookup -A %s" % ip_address return utils.execute_enum_cmd(nmblookup_tool_name, command)
def execute_enum4linux_smb_enum(ip_address): command = "enum4linux -a %s" % ip_address return utils.execute_enum_cmd(enum4linux_tool_name, command)