def handle_target(info):
info = copy.deepcopy(info)
print('Module Nmap scripts starting against %s alive urls from %s' %
(str(len(info['target'])), info['domain']))
slack.send_module_start_notification_to_channel(
info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
scanned_hosts = list()
for url in info['target']:
sub_info = copy.deepcopy(info)
sub_info['target'] = url
try:
host = url.split('/')[2]
except IndexError:
host = url
if host not in scanned_hosts:
outdated_software(sub_info, host)
web_versions(sub_info, host)
if sub_info['invasive_scans']:
if INT_USERS_LIST and INT_PASS_LIST:
ssh_ftp_brute_login(sub_info, host, True) #SHH
sleep(10)
ssh_ftp_brute_login(sub_info, host, False) #FTP
ftp_anon_login(sub_info, host) #FTP ANON
default_account(sub_info, host) #Default creds in web console
scanned_hosts.append(host)
print('Module Nmap Scripts finished against %s' % info['domain'])
slack.send_module_end_notification_to_channel(info, MODULE_NAME,
SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'end')
return
def handle_single(info):
info = copy.deepcopy(info)
print('Module Nmap Scripts starting against %s' % info['target'])
slack.send_module_start_notification_to_channel(
info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
# We receive the url with http/https, we will get only the host so nmap works
host = info['target']
if info['type'] == 'url':
host = host.split('/')[2]
outdated_software(info, host)
web_versions(info, host)
if info['invasive_scans']:
if INT_USERS_LIST and INT_PASS_LIST:
ssh_ftp_brute_login(info, host, True) #SHH
sleep(10)
ssh_ftp_brute_login(info, host, False) #FTP
ftp_anon_login(info, host) #FTP ANON
default_account(info, host) #Default creds in web console
print('Module Nmap Scripts finished against %s' % info['target'])
slack.send_module_end_notification_to_channel(info, MODULE_NAME,
SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'end')
return
def handle_single(info):
info = copy.deepcopy(info)
print('Module CORS Scan starting against %s' % info['target'])
slack.send_module_start_notification_to_channel(
info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
ROOT_DIR = os.path.dirname(os.path.abspath(__file__))
# Put urls in a single file
random_filename = uuid.uuid4().hex
FILE_WITH_URL = ROOT_DIR + '/tools_output/' + random_filename + '.txt'
cleanup(FILE_WITH_URL)
with open(FILE_WITH_URL, 'w') as f:
f.write("%s\n" % info['target'])
# Call scan target
scan_target(info, FILE_WITH_URL)
# Delete all created files
cleanup(FILE_WITH_URL)
print('Module CORS Scan finished against %s' % info['target'])
slack.send_module_end_notification_to_channel(info, MODULE_NAME,
SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'end')
return
def handle_target(info):
info = copy.deepcopy(info)
if info['nessus_scan'] and nessus:
print('Module Nessus Scan starting against %s alive urls from %s' % (str(len(info['target'])), info['domain']))
slack.send_module_start_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
targets = len(info['target'])
if targets > 0:
url_list = info['target']
divider = targets//2
#Plain list for nessus scan
urls = ','.join(get_only_url(l) for l in url_list[divider:])
sub_info = copy.deepcopy(info)
sub_info['target'] = url_list[divider:]
sub_info['nessus_target'] = urls
scan_target(sub_info)
#Plain list for nessus scan
urls = ','.join(get_only_url(l) for l in url_list[:divider])
sub_info = copy.deepcopy(info)
sub_info['target'] = url_list[:divider]
sub_info['nessus_target'] = urls
scan_target(sub_info)
print('Module Nessus Scan Finished against %s alive urls from %s' % (str(len(info['target'])), info['domain']))
slack.send_module_end_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'end')
return
def handle_target(info):
info = copy.deepcopy(info)
print('Module CORS Scan starting against %s alive urls from %s' %
(str(len(info['target'])), info['domain']))
slack.send_module_start_notification_to_channel(
info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
ROOT_DIR = os.path.dirname(os.path.abspath(__file__))
# We first put all the urls with http/s into a txt file
random_filename = uuid.uuid4().hex
FILE_WITH_URLS = ROOT_DIR + '/tools_output/' + random_filename + '.txt'
for subdomain in info['target']:
scan_info = copy.deepcopy(info)
scan_info['target'] = subdomain
with open(FILE_WITH_URLS, 'w') as f:
f.write("%s\n" % subdomain)
# Call scan target with the file
scan_target(scan_info, FILE_WITH_URLS)
# Delete all created files
cleanup(FILE_WITH_URLS)
print('Module CORS Scan finished against %s' % info['domain'])
slack.send_module_end_notification_to_channel(info, MODULE_NAME,
SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'end')
return
def handle_single(info):
info = copy.deepcopy(info)
print('Module Firebase Scan starting against %s' % info['target'])
slack.send_module_start_notification_to_channel(
info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
scan_target(info, info['target'])
slack.send_module_end_notification_to_channel(info, MODULE_NAME,
SLACK_NOTIFICATION_CHANNEL)
print('Module Firebase Scan finished against %s' % info['target'])
send_module_status_log(info, 'end')
return
def handle_single(info):
info = copy.deepcopy(info)
if WAPPA_KEY:
print('Module Libraries Scan starting against %s' % info['target'])
slack.send_module_start_notification_to_channel(
info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
analyze(info, info['target'])
slack.send_module_end_notification_to_channel(
info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
print('Module Libraries Scan finished against %s' % info['target'])
send_module_status_log(info, 'end')
return
def handle_single(info):
info_copy = copy.deepcopy(info)
if info_copy['acunetix_scan'] and acunetix and is_url(info_copy['target']):
print('Module Acunetix Single Scan Starting against %s' % info_copy['target'])
slack.send_module_start_notification_to_channel(info_copy, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info_copy, 'start')
urls = [info_copy['target']]
info_copy['target'] = urls
scan_target(info_copy)
print('Module Acunetix Single Scan Finished against %s' % info_copy['target'])
slack.send_module_end_notification_to_channel(info_copy, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info_copy, 'end')
return
def handle_target(info):
info = copy.deepcopy(info)
print('Module Token Finder starting against %s alive urls from %s' % (str(len(info['target'])), info['domain']))
slack.send_module_start_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
for url in info['target']:
sub_info = copy.deepcopy(info)
sub_info['target'] = url
scan_target(sub_info, sub_info['target'])
print('Module Token Finder finished against %s' % info['domain'])
slack.send_module_end_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'end')
return
def handle_single(info):
info = copy.deepcopy(info)
print('Module Nmap baseline starting against %s' % info['target'])
slack.send_module_start_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
# We receive the url with http/https, we will get only the host so nmap works
host = info['target']
if info['type'] == 'url':
host = host.split('/')[2]
basic_scan(info, host)
print('Module Nmap baseline finished against %s' % info['target'])
slack.send_module_end_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'end')
return
def handle_target(info):
info_copy = copy.deepcopy(info)
if info_copy['acunetix_scan'] and acunetix:
print('Module Acunetix Scan starting against %s alive urls from %s' % (str(len(info_copy['target'])), info_copy['domain']))
slack.send_module_start_notification_to_channel(info_copy, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info_copy, 'start')
#We can have repeated urls differenced by http o https so we get only one (The https one's)
full_list = remove_duplicates_if_exists(sorted(info_copy['target'],reverse=True))
info_for_scan = copy.deepcopy(info_copy)
info_for_scan['target'] = full_list
scan_target(info_for_scan)
print('Module Acunetix Scan Finished against %s alive urls from %s' % (str(len(full_list)), info_copy['domain']))
slack.send_module_end_notification_to_channel(info_copy, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info_copy, 'end')
return
def handle_single(info):
info = copy.deepcopy(info)
if info['nessus_scan'] and nessus and is_not_ip(info['target']):
print('Module Nessus Single Scan Starting against %s' % info['target'])
slack.send_module_start_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
url_plain = get_only_url(info['target'])
info['nessus_target'] = url_plain
info['target'] = list().append(info['target'])
scan_target(info)
slack.send_module_end_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
print('Module Nessus Scan Finished against %s' % info['nessus_target'])
send_module_status_log(info, 'end')
else:
pass
return
def handle_single(info):
info = copy.deepcopy(info)
# Url will come with http or https, we will strip and append ports that could have tls/ssl
url = info['target']
slack.send_module_start_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
valid_ports = ['443']
split_url = url.split('/')
try:
final_url = split_url[2]
except IndexError:
final_url = url
print('Module SSL/TLS starting against %s' % info['target'])
for port in valid_ports:
scan_target(info, url, final_url+':'+port)
print('Module SSL/TLS finished against %s' % info['target'])
slack.send_module_end_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'end')
return
def handle_target(info):
info = copy.deepcopy(info)
print('Module Nmap baseline starting against %s alive urls from %s' % (str(len(info['target'])), info['domain']))
slack.send_module_start_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
scanned_hosts = list()
for url in info['target']:
sub_info = copy.deepcopy(info)
sub_info['target'] = url
try:
host = url.split('/')[2]
except IndexError:
host = url
if host not in scanned_hosts:
basic_scan(sub_info, host)
scanned_hosts.append(host)
print('Module Nmap baseline finished against %s' % info['domain'])
slack.send_module_start_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'end')
return
def handle_target(info):
info = copy.deepcopy(info)
print('Module HTTP Method Scan starting against %s alive urls from %s' %
(str(len(info['target'])), info['domain']))
slack.send_module_start_notification_to_channel(
info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
for url in info['target']:
sub_info = copy.deepcopy(info)
split_url = url.split('/')
try:
final_url = split_url[2]
except IndexError:
final_url = url
sub_info['target'] = final_url
scan_target(sub_info, sub_info['target'])
print('Module HTTP Method Scan finished against %s' % info['domain'])
slack.send_module_end_notification_to_channel(info, MODULE_NAME,
SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'end')
return
def handle_target(info):
info = copy.deepcopy(info)
print('Module SSL/TLS starting against %s alive urls from %s' % (str(len(info['target'])), info['domain']))
slack.send_module_start_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'start')
valid_ports = ['443']
for url in info['target']:
sub_info = copy.deepcopy(info)
sub_info['target'] = url
split_url = url.split('/')
try:
final_url = split_url[2]
except IndexError:
final_url = url
for port in valid_ports:
scan_target(sub_info, url, final_url+':'+port)
print('Module SSL/TLS finished against %s' % info['domain'])
slack.send_module_end_notification_to_channel(info, MODULE_NAME, SLACK_NOTIFICATION_CHANNEL)
send_module_status_log(info, 'end')
return
