예제 #1
0
ip_address = sys.argv[1].strip()
port = sys.argv[2].strip()
if str(port) == "443":
    header = "https://"
else:
    header = "http://"

try:
    print "\033[1;37m[-]  ----------------------------------------------------------------------------- \033[1;m"
    print(
        '\033[1;37m[-]  |     Starting HTTP script scan for {0}:{1} \033[1;m'.
        format(ip_address, port))
    print "\033[1;37m[-]  ----------------------------------------------------------------------------- \033[1;m"

    if not recon.checknmaprunmod(ip_address,
                                 "_http.nmap.{0}".format(ip_address)):
        HTTPSCAN = "nmap -sV -Pn -vv -p {0} --script-args=unsafe=1 --script=http-enum,http-feed,http-open-proxy,http-headers,http-cors,http-server-header,http-php-version,http-form-brute,http-iis-short-name-brute,http-waf-fingerprint,http-auth,http-trace,http-iis-webdav-vuln,http-useragent-tester,http-vuln-cve2011-3368,http-userdir-enum,http-passwd,http-csrf,http-wordpress-enum,http-frontpage-login,http-dombased-xss,http-phpself-xss,http-sql-injection,http-drupal-enum-users,http-referer-checker,http-vuln-cve2009-3960,http-methods,http-open-redirect,http-vuln*,http-stored-xss,http-put,http-proxy-brute,http-rfi-spider,http-method-tamper,http-phpmyadmin-dir-traversal -oN ./results/{1}/{1}_http.nmap.{0} {1}".format(
            port, ip_address)
        results = subprocess.check_output(HTTPSCAN, shell=True)
        recon.logparsertxt(results)
        outfile = "results/{0}/{0}_HTTPrecon.txt".format(ip_address)
        f = open(outfile, "w")
        f.write(results)
        f.close()
    else:
        print(
            '\033[1;33m[+]  {0} already scanned for HTTP port {1}...\033[1;m'.
            format(ip_address, port))
        results = open(
            "./results/{0}/{0}_http.nmap.{1}".format(ip_address, port), "r")
        recon.logparserfile(results)
예제 #2
0
import sys
import recon

if len(sys.argv) != 3:
    print "Usage: ftprecon.py <ip address> <port>"
    sys.exit(0)

ip_address = sys.argv[1].strip()
port = sys.argv[2].strip()
print "\033[1;37m[-]  ----------------------------------------------------------------------------- \033[1;m"
print(
    '\033[1;37m[-]  |     Starting FTP script scan for {0}:{1} - [This can take a long time]\033[1;m'
    .format(ip_address, port))
print "\033[1;37m[-]  ----------------------------------------------------------------------------- \033[1;m"

if not recon.checknmaprunmod(ip_address, "_ftp{0}.nmap".format(port)):
    FTPSCAN = "nmap -sV -Pn -vv -p {0} --script=ftp-* -oN './results/{1}/{1}_ftp{0}.nmap' {1}".format(
        port, ip_address)
    results = subprocess.check_output(FTPSCAN, shell=True)
    recon.logparsertxt(results)
else:
    print('\033[1;33m[+]  {0} already scanned for FTP port {1}...\033[1;m'.
          format(ip_address, port))
    results = open("./results/{0}/{0}_ftp{1}.nmap".format(ip_address, port),
                   "r")
    recon.logparserfile(results)

# ==> Hydrascan disabled due to there is a brutescan allready in the nmap modules. if wanting to brute with own list it can be disabled and user and passwordlist added to wordlists

# print "INFO: Performing hydra ftp scan against {0}".format(ip_address)
# HYDRA = "hydra -L ./wordlists/ftpusers -P ./wordlists/ftppasswords -f -o ./results/{0}/{0}_ftphydra.txt -u {0} -s {1} ftp".format(ip_address, port)
예제 #3
0
#!/usr/bin/env python
import subprocess
import sys
import recon

if len(sys.argv) != 3:
    print "Usage: ftprecon.py <ip address> <port>"
    sys.exit(0)

ip_address = sys.argv[1].strip()
port = sys.argv[2].strip()
print "\033[1;37m[-]  ----------------------------------------------------------------------------- \033[1;m"
print('\033[1;37m[-]  |     Starting FTP script scan for {0}:{1} - [This can take a long time]\033[1;m'.format(ip_address, port))
print "\033[1;37m[-]  ----------------------------------------------------------------------------- \033[1;m"

if not recon.checknmaprunmod(ip_address, "_ftp{0}.nmap".format(port)):
    FTPSCAN = "nmap -sV -Pn -vv -p {0} --script=ftp-* -oN './results/{1}/{1}_ftp{0}.nmap' {1}".format(port, ip_address)
    results = subprocess.check_output(FTPSCAN, shell=True)
    recon.logparsertxt(results)
else:
    print('\033[1;33m[+]  {0} already scanned for FTP port {1}...\033[1;m'.format(ip_address, port))
    results = open("./results/{0}/{0}_ftp{1}.nmap".format(ip_address, port), "r")
    recon.logparserfile(results)

# ==> Hydrascan disabled due to there is a brutescan allready in the nmap modules. if wanting to brute with own list it can be disabled and user and passwordlist added to wordlists

# print "INFO: Performing hydra ftp scan against {0}".format(ip_address)
# HYDRA = "hydra -L ./wordlists/ftpusers -P ./wordlists/ftppasswords -f -o ./results/{0}/{0}_ftphydra.txt -u {0} -s {1} ftp".format(ip_address, port)
# results = subprocess.check_output(HYDRA, shell=True)
# resultarr = results.split("\n")
# for result in resultarr:
예제 #4
0
    print "Usage: httprecon.py <ip address> <port>"
    sys.exit(0)

ip_address = sys.argv[1].strip()
port = sys.argv[2].strip()
if str(port) == "443":
    header = "https://"
else:
    header = "http://"

try:
    print "\033[1;37m[-]  ----------------------------------------------------------------------------- \033[1;m"
    print('\033[1;37m[-]  |     Starting HTTP script scan for {0}:{1} \033[1;m'.format(ip_address, port))
    print "\033[1;37m[-]  ----------------------------------------------------------------------------- \033[1;m"

    if not recon.checknmaprunmod(ip_address, "_http.nmap.{0}".format(port, ip_address)):
        HTTPSCAN = "nmap -sV -Pn -vv -p {0} --script-args=unsafe=1 --script=http-enum,http-feed,http-open-proxy,http-headers,http-cors,http-server-header,http-php-version,http-form-brute,http-iis-short-name-brute,http-waf-fingerprint,http-auth,http-trace,http-iis-webdav-vuln,http-useragent-tester,http-vuln-cve2011-3368,http-userdir-enum,http-passwd,http-csrf,http-wordpress-enum,http-frontpage-login,http-dombased-xss,http-phpself-xss,http-sql-injection,http-drupal-enum-users,http-referer-checker,http-vuln-cve2009-3960,http-methods,http-open-redirect,http-vuln*,http-stored-xss,http-put,http-proxy-brute,http-rfi-spider,http-method-tamper,http-phpmyadmin-dir-traversal -oN ./results/{1}/{1}_http.nmap.{0} {1}".format(port, ip_address)
        results = subprocess.check_output(HTTPSCAN, shell=True)
        recon.logparsertxt(results)
        outfile = "results/{0}/{0}_HTTPrecon.txt".format(ip_address)
        f = open(outfile, "w")
        f.write(results)
        f.close()
    else:
        print('\033[1;33m[+]  {0} already scanned for HTTP port {1}...\033[1;m'.format(ip_address, port))
        results = open("./results/{0}/{0}_http.nmap.{1}".format(ip_address, port), "r")
        recon.logparserfile(results)

    print "\033[1;37m[-]  ----------------------------------------------------------------------------- \033[1;m"
    print('\033[1;37m[-]  |     Starting Selenium ScreenGrab scan for {0}:{1} \033[1;m'.format(ip_address, port))
    print "\033[1;37m[-]  ----------------------------------------------------------------------------- \033[1;m"