def observatory(self): utils.print_good('Starting observatory') if self.is_direct: domain_file = self.is_direct else: if self.options['SPEED'] == 'quick': utils.print_good('Skipping {0} in quick mode'.format(self.module_name)) return None domain_file = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt') with open(domain_file, 'r') as d: domains = d.read().splitlines() if self.options['DEBUG'] == "True": utils.print_info("Only get 30 target debug mode") domains = domains[:10] for part in list(utils.chunks(domains, 1)): for domain in part: cmd = 'observatory --rescan -q {0} --format=json -z --attempts 50 | tee $WORKSPACE/headers/details/{0}-observatory.json'.format( domain.strip()) cmd = utils.replace_argument(self.options, cmd) execute.send_cmd(self.options, cmd, '', '', self.module_name, nolog=True) time.sleep(10) utils.just_waiting(self.options, self.module_name, seconds=10, times=2) return True
def dig_info(self): utils.print_good('Starting basic Dig') utils.make_directory(self.options['WORKSPACE'] + '/screenshot/digs') final_subdomains = utils.replace_argument(self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt') #run command directly instead of run it via module cause there're a lot of command to run all_domains = utils.just_read(final_subdomains).splitlines() if self.options['DEBUG'] == 'True': all_domains = all_domains[:10] custom_logs = {"module": self.module_name, "content": []} for part in list(utils.chunks(all_domains, 5)): for domain in part: cmd = utils.replace_argument( self.options, 'dig all {0} | tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain)) output_path = utils.replace_argument(self.options, 'tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain)) execute.send_cmd(self.options, cmd, '', '', self.module_name, True) # time.sleep(0.5) custom_logs['content'].append( {"cmd": cmd, "std_path": '', "output_path": output_path, "status": "Done"}) #just wait couple seconds and continue but not completely stop the routine time.sleep(5) print(custom_logs) #submit a log utils.print_info('Update activities log') utils.update_activities(self.options, str(custom_logs))
def genMultiUrls(self, resources): multi_urls = [] #print (len(resources)) resource_chunks = utils.chunks(list(resources), 8) rows = 25 for resource_chunk in resource_chunks: queryParts = [] invQueries = [] for resource in resource_chunk: resource = resource.strip('<>!+&') resource = urllib.parse.quote(resource, ':\/=?<>"*') if not ('&' in resource or '#' in resource): queryParts.append("<%s> * *" % (resource)) invQueries.append("* * <%s>&rows=%s" % (resource,rows)) query = " OR ".join(queryParts) bases = [] for solr in self.solrs: bases.append("%sselect?nq=%s&fl=id ntriple type&wt=json&qt=siren" % (solr,query)) if not 'siren2' in solr: for invQuery in invQueries: bases.append("%sselect?nq=%s&fl=id ntriple type&wt=json&qt=siren" % (solr,invQuery)) #for base in bases: # print(len(base)) multi_urls.append({'resources' : set(resource_chunk), 'urls' : bases}) return multi_urls
def run_chunk(commands, chunk, delay=1): for part in utils.chunks(commands, int(chunk)): done = False for command in part: done = run_single(command) if done: time.sleep(0.5) else: time.sleep(int(delay))
def nmap_vuln(self): utils.print_good('Starting Nmap VulnScan') if self.is_direct: ip_list = utils.just_read(self.is_direct).splitlines() ip_list = list(set([ip for ip in ip_list if ip != 'N/A'])) else: main_json = utils.reading_json( utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json')) main_json['Modules'][self.module_name] = [] if self.options['SPEED'] == 'slow': ip_list = [ x.get("IP") for x in main_json['Subdomains'] if x.get("IP") is not None ] + main_json['IP Space'] elif self.options['SPEED'] == 'quick': ip_list = [ x.get("IP") for x in main_json['Subdomains'] if x.get("IP") is not None ] ip_list = list(set([ip for ip in ip_list if ip != 'N/A'])) if self.options['DEBUG'] == 'True': ip_list = list(ip_list)[:5] # Scan every 5 IP at time Increse if you want for part in utils.chunks(ip_list, 2): for ip in part: cmd = 'sudo nmap --open -T4 -Pn -n -sSV -p- {0} --script $PLUGINS_PATH/vulners.nse --oA $WORKSPACE/vulnscan/{0}-nmap'.format( ip.strip()) cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/vulnscan/{0}-nmap.nmap'.format(ip.strip())) std_path = utils.replace_argument( self.options, '$WORKSPACE/vulnscan/std-{0}-nmap.std'.format(ip.strip())) execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name) # check if previous task done or not every 30 second while not utils.checking_done(self.options, module=self.module_name): time.sleep(60) #just save commands logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json') utils.save_all_cmd(self.options, logfile)
def dirsearch(self): utils.print_good('Starting dirsearch') if self.is_direct: domains = utils.just_read(self.is_direct).splitlines() else: #matching IP with subdomain main_json = utils.reading_json( utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json')) domains = [x.get('Domain') for x in main_json['Subdomains']] if self.options['DEBUG'] == 'True': domains = domains[:5] custom_logs = {"module": self.module_name, "content": []} for part in list(utils.chunks(domains, 3)): for domain in part: cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py --json-report=$WORKSPACE/directory/{0}-dirsearch.json -u '{0}' -e php,jsp,aspx,js,html -t 20 -b".format( domain.strip()) cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/directory/{0}-dirsearch.json'.format( domain.strip())) std_path = utils.replace_argument( self.options, '$WORKSPACE/directory/std-{0}-dirsearch.std'.format( domain.strip())) if utils.is_force(self.options, output_path): execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name) # execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name, True) # time.sleep(0.5) #set status to done because this gonna will be submit when all command was done custom_logs['content'].append({ "cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done" }) #just wait couple seconds and continue but not completely stop the routine time.sleep(20) #submit a log utils.print_info('Update activities log') utils.update_activities(self.options, str(custom_logs))
def dirsearch(self): utils.print_good('Starting dirsearch') if self.is_direct: domains = utils.just_read(self.is_direct).splitlines() else: #matching IP with subdomain main_json = utils.reading_json(utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json')) domains = [x.get('Domain') for x in main_json['Subdomains']] if self.options['DEBUG'] == 'True': domains = domains[:5] custom_logs = {"module": self.module_name, "content": []} for part in utils.chunks(domains, 3): for domain in part: #just strip everything to save local, it won't affect the result strip_domain = domain.replace( 'http://', '').replace('https://', '').replace('/', '-') cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py -b -e php,zip,aspx,js --wordlist=$PLUGINS_PATH/wordlists/really-quick.txt --simple-report=$WORKSPACE/directory/quick/{1}-dirsearch.txt -t 50 -u {0}".format( domain, strip_domain) cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/directory/quick/{0}-dirsearch.txt'.format(strip_domain)) std_path = utils.replace_argument( self.options, '$WORKSPACE/directory/quick/std-{0}-dirsearch.std'.format(strip_domain)) execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name) # time.sleep(0.5) #set status to done because this gonna will be submit when all command was done custom_logs['content'].append( {"cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done"}) #just wait couple seconds and continue but not completely stop the routine time.sleep(20) #submit a log utils.print_info('Update activities log') # utils.update_activities(self.options, str(custom_logs)) utils.force_done(self.options, self.module_name) #just save commands logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json') utils.save_all_cmd(self.options, logfile)
def get_game_markup(chat_id): games = Games.get_list(chat_id=chat_id) return InlineKeyboardMarkup( [ [ InlineKeyboardButton( game["name"], callback_data=f"games_{game['name']}" ) for game in chunk ] for chunk in chunks(list(games), 5) ] + [[InlineKeyboardButton("✅", callback_data="end")]] )
def quick_gobuster(self): utils.print_good('Starting gobuster for short wordlist') if self.is_direct: domains = utils.just_read(self.is_direct).splitlines() else: #matching IP with subdomain main_json = utils.reading_json(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json')) domains = [x.get('Domain') for x in main_json['Subdomains']] if self.options['DEBUG'] == 'True': domains = domains[:5] custom_logs = {"module": self.module_name, "content": []} for part in utils.chunks(domains, 3): for domain in part: #just strip everything to save local, it won't affect the result strip_domain = domain.replace( 'http://', '').replace('https://', '').replace('/', '-') cmd = '$GO_PATH/gobuster -k -q -e -x php,jsp,aspx,html,json -w $PLUGINS_PATH/wordlists/quick-content-discovery.txt -t 100 -o $WORKSPACE/directory/{1}-gobuster.txt -s 200,301,307 -u "{0}" '.format( domain.strip(), strip_domain) cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/directory/quick/{0}-gobuster.txt'.format(strip_domain)) std_path = utils.replace_argument( self.options, '$WORKSPACE/directory/quick/std-{0}-gobuster.std'.format(strip_domain)) execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name) # time.sleep(0.5) #set status to done because this gonna will be submit when all command was done custom_logs['content'].append({"cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done"}) #just wait couple seconds and continue but not completely stop the routine time.sleep(20) #submit a log utils.print_info('Update activities log') utils.force_done(self.options, self.module_name) # utils.update_activities(self.options, str(custom_logs)) #just save commands logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json') utils.save_all_cmd(self.options, logfile)
def wfuzz(self): utils.print_good('Starting wfuzz') if self.is_direct: domains = utils.just_read(self.is_direct).splitlines() else: #matching IP with subdomain main_json = utils.reading_json(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json')) domains = [x.get('Domain') for x in main_json['Subdomains']] if self.options['DEBUG'] == 'True': domains = domains[:5] custom_logs = {"module": self.module_name, "content": []} for part in utils.chunks(domains, 3): for domain in part: #just strip everything to save local, it won't affect the result strip_domain = domain.replace( 'http://', '').replace('https://', '').replace('/', '-') cmd = "wfuzz -f $WORKSPACE/directory/quick/{1}-wfuzz.txt,raw -c -w $PLUGINS_PATH/wordlists/quick-content-discovery.txt -t 100 --sc 200,307 -u '{0}/FUZZ' | tee $WORKSPACE/directory/quick/std-{1}-wfuzz.std".format( domain.strip(), strip_domain) cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/directory/quick/{0}-wfuzz.txt'.format(strip_domain)) std_path = utils.replace_argument( self.options, '$WORKSPACE/directory/quick/std-{0}-wfuzz.std'.format(strip_domain)) execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name) # time.sleep(0.5) #set status to done because this gonna will be submit when all command was done custom_logs['content'].append({"cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done"}) #just wait couple seconds and continue but not completely stop the routine time.sleep(20) #submit a log utils.print_info('Update activities log') utils.update_activities(self.options, str(custom_logs)) #just save commands logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json') utils.save_all_cmd(self.options, logfile)
def _stringify_result(self): Module._stringify_result(self) table_insecurities = PrettyTable([''] * (2)) table_insecurities.align = 'l' table_insecurities.header = False table_insecurities.hrules = ALL for res in self._result_insecurities: if isinstance(self._result_insecurities[res], ListType): field_str = '' for chunk in list(chunks(self._result_insecurities[res], 3)): field_str += ', '.join(chunk) + '\n' table_insecurities.add_row([res, field_str.rstrip()]) self._output += '\n%s' % (table_insecurities.get_string())
def nmap_vuln(self): utils.print_good('Starting Nmap VulnScan') if self.is_direct: ip_list = utils.just_read(self.is_direct).splitlines() ip_list = list(set([ip for ip in ip_list if ip != 'N/A'])) else: main_json = utils.reading_json(utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json')) main_json['Modules'][self.module_name] = [] if self.options['SPEED'] == 'slow': ip_list = [x.get("IP") for x in main_json['Subdomains'] if x.get("IP") is not None] + main_json['IP Space'] elif self.options['SPEED'] == 'quick': ip_list = [x.get("IP") for x in main_json['Subdomains'] if x.get("IP") is not None] ip_list = list(set([ip for ip in ip_list if ip != 'N/A'])) if self.options['DEBUG'] == 'True': ip_list = list(ip_list)[:5] # Scan every 5 IP at time Increse if you want for part in utils.chunks(ip_list, 2): for ip in part: cmd = 'sudo nmap --open -T4 -Pn -n -sSV -p- {0} --script $PLUGINS_PATH/vulners.nse --oA $WORKSPACE/vulnscan/{0}-nmap'.format( ip.strip()) cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/vulnscan/{0}-nmap.nmap'.format(ip.strip())) std_path = utils.replace_argument( self.options, '$WORKSPACE/vulnscan/std-{0}-nmap.std'.format(ip.strip())) execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name) # check if previous task done or not every 30 second while not utils.checking_done(self.options, module=self.module_name): time.sleep(60) #just save commands logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json') utils.save_all_cmd(self.options, logfile)
def dig_info(self): utils.print_good('Starting basic Dig') utils.make_directory(self.options['WORKSPACE'] + '/screenshot/digs') final_subdomains = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt') #run command directly instead of run it via module cause there're a lot of command to run all_domains = utils.just_read(final_subdomains).splitlines() if self.options['DEBUG'] == 'True': all_domains = all_domains[:10] custom_logs = {"module": self.module_name, "content": []} for part in list(utils.chunks(all_domains, 5)): for domain in part: cmd = utils.replace_argument( self.options, 'dig all {0} | tee $WORKSPACE/screenshot/digs/{0}.txt'. format(domain)) output_path = utils.replace_argument( self.options, 'tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain)) execute.send_cmd(self.options, cmd, '', '', self.module_name, True) # time.sleep(0.5) custom_logs['content'].append({ "cmd": cmd, "std_path": '', "output_path": output_path, "status": "Done" }) #just wait couple seconds and continue but not completely stop the routine time.sleep(5) print(custom_logs) #submit a log utils.print_info('Update activities log') utils.update_activities(self.options, str(custom_logs)) utils.print_line()
def observatory(self): utils.print_good('Starting observatory') if self.is_direct: domain_file = self.is_direct else: if self.options['SPEED'] == 'quick': utils.print_good('Skipping {0} in quick mode'.format( self.module_name)) return None domain_file = utils.replace_argument( self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt') with open(domain_file, 'r') as d: domains = d.read().splitlines() if self.options['DEBUG'] == "True": utils.print_info("Only get 30 target debug mode") domains = domains[:10] for part in list(utils.chunks(domains, 1)): for domain in part: cmd = 'observatory --rescan -q {0} --format=json -z --attempts 50 | tee $WORKSPACE/headers/details/{0}-observatory.json'.format( domain.strip()) cmd = utils.replace_argument(self.options, cmd) execute.send_cmd(self.options, cmd, '', '', self.module_name, nolog=True) time.sleep(10) utils.just_waiting(self.options, self.module_name, seconds=10, times=2) return True
def masscan(self): utils.print_good('Starting masscan') main_json = utils.reading_json(utils.replace_argument( self.options, '$WORKSPACE/$COMPANY.json')) main_json['Modules'][self.module_name] = [] if self.options['SPEED'] == 'slow': ip_list = [x.get("IP") for x in main_json['Subdomains'] if x.get("IP") is not None] + main_json['IP Space'] elif self.options['SPEED'] == 'quick': ip_list = [x.get("IP") for x in main_json['Subdomains'] if x.get("IP") is not None] # Scan every 5 IP at time Increse if you want for part in list(utils.chunks(ip_list, 5)): for ip in part: cmd = 'sudo masscan --rate 10000 -p0-65535 {0} -oG $WORKSPACE/portscan/{0}-masscan.gnmap -oX $WORKSPACE/portscan/{0}-masscan.xml --wait 0'.format( ip) cmd = utils.replace_argument(self.options, cmd) output_path = utils.replace_argument( self.options, '$WORKSPACE/portscan/{0}-masscan.gnmap'.format(ip)) std_path = utils.replace_argument( self.options, '$WORKSPACE/portscan/std-{0}-masscan.gnmap.std'.format(ip)) execute.send_cmd(cmd, output_path, std_path, self.module_name) # check if previous task done or not every 30 second while not utils.checking_done(module=self.module_name): time.sleep(20) # update main json main_json['Modules'][self.module_name] += utils.checking_done( module=self.module_name, get_json=True)