def main(args):
LOG.info("Running nikto for {}".format(args.url))
parsed_url = urlparse(args.url)
netloc = parsed_url.netloc
# if non-standard port break it up.
if ":" in netloc:
domain = netloc.split(":")[0]
port = netloc.split(":")[1]
# otherwise port is based on scheme
else:
domain = netloc
if parsed_url.scheme == 'http':
port = '80'
else:
port = '443'
if parsed_url.scheme == 'https':
ssl = " -ssl"
else:
ssl = ""
if parsed_url.path:
root = " -root " + parsed_url.path
else:
root = ""
command = NIKTO_COMMAND.format(domain=domain, port=port, root=root, ssl=ssl)
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
html_path = os.path.join(args.output, "nikto_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and args.screenshot:
LOG.info("Creating a screenshot of the output and saving it to {}".format(args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running nmap with http-methods script for {}".format(args.url))
parsed_url = urlparse(args.url)
netloc = parsed_url.netloc
# if non-standard port break it up.
if ":" in netloc:
domain = netloc.split(":")[0]
port = netloc.split(":")[1]
# otherwise port is based on scheme
else:
domain = netloc
if parsed_url.scheme == 'http':
port = '80'
else:
port = '443'
if parsed_url.path:
command = "nmap --script http-methods --script-args http-methods.url-path='{path}' -p {port} {domain}".format(
path=parsed_url.path, port=port, domain=domain)
else:
command = "nmap --script http-methods -p {port} {domain}".format(
port=port, domain=domain)
LOG.info(f"Running command: {command}")
html_path = os.path.join(args.output,
"http_methods_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and args.screenshot:
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def run_testssl(url, output, no_screenshot, proxy):
if not utils.uses_encryption(url):
return
parsed_url = urlparse(url)
port = '443'
if parsed_url.port:
port = str(parsed_url.port)
html_path = os.path.join(output, f"testssl_{parsed_url.netloc}_{port}.html")
csv_output = os.path.join(output, f"testssl_{parsed_url.netloc}_{port}.csv")
if os.path.isfile(csv_output):
LOG.info("CSV file already exists, deleting it.")
os.remove(csv_output)
if proxy:
command = f"testssl --warnings off --csvfile {csv_output} --proxy {proxy} {url}"
else:
command = f"testssl --warnings off --csvfile {csv_output} {url}"
LOG.info('Running command: {}'.format(command))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and not no_screenshot:
screenshot_path = os.path.join(output, "screenshots")
LOG.info("Creating a screenshot of the output and saving it to {}".format(screenshot_path))
utils.dir_exists(screenshot_path, True)
utils.selenium_image(html_output, screenshot_path)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(output, url, no_screenshot, proxy):
os.makedirs(output, exist_ok=True)
output_dir = output
output = os.path.join(output, "nmap_sT_common_{}".format(url))
if proxy:
command = """nmap -sT --proxy-type socks5h --proxy {proxy} -oA {output} {url}""".format(
output=output, url=url, proxy=proxy)
else:
command = """nmap -sT -oA {output} {url}""".format(output=output,
url=url)
LOG.info("Running the command: {}".format(command))
file_name = "nmap_sT_common_{}.html".format(url)
html_path = os.path.join(output_dir, file_name)
LOG.info("Saving output to: {}".format(html_path))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and not no_screenshot:
screenshot_path = os.path.join(output_dir, "screenshots")
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
screenshot_path))
utils.dir_exists(screenshot_path, True)
utils.selenium_image(html_output, screenshot_path)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running whatweb for {}".format(args.url))
if args.proxy:
# command = 'whatweb -v -a 3 --proxy {proxy} --user-agent "{ua}" {url}'.format(
# ua=USER_AGENT, url=args.url, proxy=args.proxy)
command = [
'whatweb', '-v', '-a', '3', '--proxy', args.proxy, '--user-agent',
'"' + USER_AGENT + '"', args.url
]
else:
# command = 'whatweb -v -a 3 --user-agent "{ua}" {url}'.format(ua=USER_AGENT, url=args.url)
command = [
'whatweb', '-v', '-a', '3', '--user-agent', '"' + USER_AGENT + '"',
args.url
]
LOG.info(command)
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
html_path = os.path.join(args.output, "whatweb_{}.html".format(domain))
text_output = run_commands.bash_command(command, split=False)
html_output = run_commands.create_html_file(text_output, command,
html_path)
# text_output = run_commands.bash_command(command_string, split=False)
# html_output = run_commands.create_html_file(text_output, command_string, html_path)
if html_output and args.screenshot:
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def write_iframe(args):
iframe_html = """
<!DOCTYPE HTML>
<html>
<head>
<style>
body {{
background: white;
color: black;
}}
</style>
</head>
<body>
<h1>Website {0} inside an iFrame</h1>
<iframe src="{0}" height=600 width=600></iframe>
</body>
</html>
""".format(args.website)
output_file = os.path.join(args.output_dir, 'iframe.html')
LOG.info("Writing iframe file to: {}".format(output_file))
with open(output_file, 'w') as f:
f.write(iframe_html)
LOG.info("File written.")
if args.screenshot:
utils.selenium_image(output_file, args.screenshot, sleep=1)
def run_nikto(url_dict, output_dir, proxy, screenshot=False):
html_path = os.path.join(
output_dir, f"nikto_{url_dict['domain']}_{url_dict['port']}.html")
csv_path = os.path.join(
output_dir, f"nikto_{url_dict['domain']}_{url_dict['port']}.csv")
if proxy:
log.info(f"Using proxy: {proxy}")
command_text = NIKTO_PROXY_COMMAND
else:
command_text = NIKTO_COMMAND
command = command_text.format(domain=url_dict['domain'],
port=url_dict['port'],
root=url_dict['root'],
ssl=url_dict['ssl'],
output=csv_path,
proxy=proxy)
log.info('Running command: {}'.format(command))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and screenshot:
log.info(
"Creating a screenshot of the output and saving it to {}".format(
screenshot))
utils.dir_exists(screenshot, True)
utils.selenium_image(html_output, screenshot)
if not html_output:
log.error("Didn't receive a response from running the command.")
def main(output, url, no_screenshot, proxy):
command = f"python http_methods.py -o {output} -u {url}"
print_o("*" * 20)
print_o("Running http_methods.py")
print_o(f"Testing {url} against a list of potentially dangerous HTTP Methods.")
print_o(f"Methods we are testing: {', '.join(METHODS)}")
print_o(f"Saving any content received from these methods to {output}/http_methods/")
if proxy:
print_o(f"Using proxy: {proxy}")
print_o("*" * 20)
found_methods = []
methods_folder = os.path.join(output, "http_methods")
os.makedirs(methods_folder, exist_ok=True)
parsed_url = urlparse(url)
netloc = parsed_url.netloc
if not parsed_url.path:
path = "/"
else:
path = parsed_url.path
if proxy:
log.debug(f"Configuring proxy {proxy}")
proxy_host = proxy.split(":")[0]
proxy_port = int(proxy.split(":")[-1])
host = netloc.split(":")[0]
port = int(netloc.split(":")[-1])
if parsed_url.scheme == 'https':
conn = http.client.HTTPSConnection(proxy_host, proxy_port, context=ssl._create_unverified_context())
conn.set_tunnel(host, port)
else:
conn = http.client.HTTPConnection(proxy_host, proxy_port)
conn.set_tunnel(host, port)
else:
if parsed_url.scheme == 'https':
conn = http.client.HTTPSConnection(netloc, timeout=10)
else:
conn = http.client.HTTPConnection(netloc, timeout=10)
for method in METHODS:
response = get_response(conn, parsed_url, method, path, proxy)
if not response:
continue
found_methods.append(method)
method_file = os.path.join(methods_folder, method + "_method_check.html")
with open(method_file, "w") as fp:
for line in response.splitlines():
fp.write(line.decode('utf8') + "\n")
print_o("*" * 20)
if len(found_methods) > 0:
print_o(f"Done. We found these methods that need further investigation: {', '.join(found_methods)}")
else:
print_o(f"Done. No methods need further investigation.")
print_o("*" * 20)
http_output_path = os.path.join(methods_folder, "http_methods.html")
render_output("http_methods.py", command, http_output_path)
if not no_screenshot:
screenshot_path = os.path.join(output, "screenshots")
utils.selenium_image(http_output_path, screenshot_path)
def main(args):
LOG.info("Running whois for {}".format(args.domain))
command = "whois -H {domain}".format(domain=args.domain)
html_path = os.path.join(args.output, "whois_{}.html".format(args.domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and args.screenshot:
LOG.info("Creating a screenshot of the output and saving it to {}".format(args.screenshot))
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def run_escan(ips_file, output_dir, screenshot=False):
html_path = os.path.join(output_dir, "eternal_scan.html")
command = f'escan -ck {ips_file}'
LOG.info('Running command: ' + command)
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and screenshot:
LOG.info("Creating a screenshot of the output and saving it to {}".format(screenshot))
utils.dir_exists(screenshot, True)
utils.selenium_image(html_output, screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running yasuo")
command = "yasuo.rb -s /opt/yasuo/signatures.yaml -f {nmap_xml} -t 10".format(
nmap_xml=args.input)
LOG.info("Running the command: {}".format(command))
html_path = os.path.join(args.output, "yasuo.html")
LOG.info("Saving output to: {}".format(html_path))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and args.screenshot:
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def run_brute(args):
rc_brute = os.path.join(args.ptfolder, "rc_files/recon_brute.rc")
command = "recon-ng -r {}".format(rc_brute)
LOG.info("Running the command: {}".format(command))
file_name = "recon_brute.html"
html_path = os.path.join(args.output, file_name)
LOG.info("Saving output to: {}".format(html_path))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and args.screenshot:
utils.selenium_image(html_output, args.screenshot, x=800, y=800,
cropx=-10, cropy=-100, sleep=2, bottom=True)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running uniscan on {}".format(args.url))
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
url = urlparse(args.url).scheme + "://" + netloc + urlparse(args.url).path
command = "uniscan -u {url} -qweds".format(url=url)
html_path = os.path.join(args.output, "uniscan_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and args.screenshot:
LOG.info("Creating a screenshot of the output and saving it to {}".format(args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running nmap")
os.makedirs(args.output, exist_ok=True)
output = os.path.join(args.output, "nmap_sT_common")
command = """nmap -sT -oA {output} -iL {input_file}""".format(
output=output, input_file=args.input)
LOG.info("Running the command: {}".format(command))
file_name = "nmap_sT_common.html"
html_path = os.path.join(args.output, file_name)
LOG.info("Saving output to: {}".format(html_path))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and args.screenshot:
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def run_wpscan(url, output_dir, screenshot=False):
html_path = os.path.join(output_dir,
f"wpscan_{url['domain']}_{url['port']}.html")
command = WPSCAN_COMMAND.format(url=url['url'])
LOG.info('Running command: {}'.format(command))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and screenshot:
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
screenshot))
utils.dir_exists(screenshot, True)
utils.selenium_image(html_output, screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running theHarvester")
os.makedirs(args.output, exist_ok=True)
output = os.path.join(args.output, "harvester.html")
command = """theHarvester -d {domain} -b all -l 100 -f {output}""".format(
domain=args.domain, output=output)
LOG.info("Running the command: {}".format(command))
file_name = "harvester_output.html"
html_path = os.path.join(args.output, file_name)
LOG.info("Saving output to: {}".format(html_path))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and args.screenshot:
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
os.makedirs(args.output, exist_ok=True)
LOG.info("Running fierce for {}".format(args.domain))
command = "fierce -dns {} -threads 3".format(args.domain)
LOG.info("Running the command: {}".format(command))
file_name = "fierce_{}.html".format(args.domain)
html_path = os.path.join(args.output, file_name)
LOG.info("Saving output to: {}".format(html_path))
html_output = utils.run_command_two(command,
html_path,
timeout=60 * 60 *
1) # let fierce run for an hour
if html_output and args.screenshot:
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running wafw00f for {}".format(args.url))
command = "wafw00f -a {url}".format(url=args.url)
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
html_path = os.path.join(args.output, "wafw00f_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and args.screenshot:
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
# Run nslookup query for Name Servers
LOG.info("Running nslookup with type NS")
content, ns_html = run_nslookup(args.domain, args.output, "NS")
auth_nameservers = parse_nslookup_ns(content)
# Run nslookup query for MX records
_, mx_html = run_nslookup(args.domain, args.output, "MX",
auth_nameservers[0])
# Run nslookup query for SRV records
_, srv_html = run_nslookup(args.domain, args.output, "SRV",
auth_nameservers[0])
# Run nslookup query for any records
_, any_html = run_nslookup(args.domain, args.output, "ANY",
auth_nameservers[0])
# Take picture of html file
if args.screenshot:
for html_file in [ns_html, mx_html, srv_html, any_html]:
utils.selenium_image(html_file, args.screenshot)
def main(args):
LOG.info("Running dirb for {}".format(args.url))
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
command = "dirb {url} /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-small.txt -S".format(
url=args.url)
html_path = os.path.join(args.output, "dirb_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and args.screenshot:
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(output, url, no_screenshot, proxy):
if proxy:
command = "wafw00f -a -p {proxy} {url}".format(proxy=proxy, url=url)
else:
command = "wafw00f -a {url}".format(url=url)
LOG.info("Running wafw00f command: {}".format(command))
netloc = urlparse(url).netloc
domain = netloc.split(":")[0]
html_path = os.path.join(output, "wafw00f_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and not no_screenshot:
screenshot_path = os.path.join(output, "screenshots")
LOG.info("Creating a screenshot of the output and saving it to {}".format(screenshot_path))
utils.dir_exists(screenshot_path, True)
utils.selenium_image(html_output, screenshot_path)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
if not args.no_update:
update_searchsploit()
search_terms = get_search_terms(args.input)
if not search_terms:
LOG.info("No banner information found in nmap file: {}".format(args.input))
raise SystemExit
LOG.info("Found {} terms to search.".format(len(search_terms)))
stdout = ""
for term in search_terms:
command = "searchsploit {term}".format(term=term)
stdout += "\rsearchsploit '{}'\r".format(term) + run_searchsploit(command).decode('utf-8')
html_path = os.path.join(args.output, "searchsploit.html")
LOG.info("Saving output to: {}".format(html_path))
aha = run_aha(html_path, stdout)
if aha and args.screenshot:
utils.selenium_image(html_path, args.screenshot)
if not html_path:
LOG.error("Didn't receive a response from running aha.")
def run_whatweb(url, output_dir, screenshot=False):
parsed_url = urlparse(url)
port = parsed_url.port
if not port:
if parsed_url.scheme == 'http':
port = '80'
else:
port = '443'
html_path = os.path.join(output_dir, f"whatweb_{parsed_url.netloc}_{port}.html")
command = WHATWEB_COMMAND.format(url=url)
LOG.info('Running command: {}'.format(command))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command, html_path)
if html_output and screenshot:
LOG.info("Creating a screenshot of the output and saving it to {}".format(screenshot))
utils.dir_exists(screenshot, True)
utils.selenium_image(html_output, screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running gobuster for {}".format(args.url))
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
if args.proxy:
command = PROXY_COMMAND.format(url=args.url, proxy=args.proxy)
else:
command = COMMAND.format(url=args.url)
html_path = os.path.join(args.output, "gobuster_{}.html".format(domain))
text_output = run_commands.bash_command(command)
html_output = run_commands.create_html_file(text_output, command,
html_path)
if html_output and args.screenshot:
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
LOG.info("Running whatweb for {}".format(args.url))
command_string = 'whatweb -v -a 3 --user-agent {ua} {url}'.format(
ua=USER_AGENT, url=args.url)
command = 'whatweb -v -a 3 --user-agent'.split()
command += [USER_AGENT, args.url]
LOG.info(command_string)
netloc = urlparse(args.url).netloc
domain = netloc.split(":")[0]
html_path = os.path.join(args.output, "whatweb_{}.html".format(domain))
text_output = run_commands.bash_command(command, split=False)
html_output = run_commands.create_html_file(text_output, command_string,
html_path)
if html_output and args.screenshot:
LOG.info(
"Creating a screenshot of the output and saving it to {}".format(
args.screenshot))
utils.dir_exists(args.screenshot, True)
utils.selenium_image(html_output, args.screenshot)
if not html_output:
LOG.error("Didn't receive a response from running the command.")
def main(args):
os.makedirs(args.output, exist_ok=True)
# Run nslookup query for Name Servers
LOG.info("Running nslookup with type NS")
content, ns_html = run_nslookup(args.domain, args.output, "NS")
auth_nameservers = parse_nslookup_ns(content)
if not auth_nameservers:
LOG.error("No authoritative nameservers found, cannot continue.")
sys.exit()
# Run nslookup query for MX records
_, mx_html = run_nslookup(args.domain, args.output, "MX",
auth_nameservers[0])
# Run nslookup query for SRV records
_, srv_html = run_nslookup(args.domain, args.output, "SRV",
auth_nameservers[0])
# Run nslookup query for any records
_, any_html = run_nslookup(args.domain, args.output, "ANY",
auth_nameservers[0])
# Take picture of html file
if args.screenshot:
os.makedirs(args.screenshot, exist_ok=True)
for html_file in [ns_html, mx_html, srv_html, any_html]:
utils.selenium_image(html_file, args.screenshot)
