def export_summary_data(path):
path = os.path.join(path, "summary")
db_domains = get_domains_from_db('', False, True)
db_hosts = get_hosts_from_db('', False, True)
db_hostnames = get_hostnames_from_db('', False, True)
db_people = get_people_from_db('', False, True)
list_domains = ''
list_hosts = ''
list_hostnames = ''
list_people = ''
for item in db_domains:
list_domains += item.domain + '\n'
for item in db_hosts:
list_hosts += item.ip + '\n'
for item in db_hostnames:
list_hostnames += item.hostname + '\n'
for item in db_people:
list_people += item.email + '\n'
output.write_outfile(path, "domains.txt", list_domains, True)
output.write_outfile(path, "hosts.txt", list_hosts, True)
output.write_outfile(path, "hostnames.txt", list_hostnames, True)
output.write_outfile(path, "people.txt", list_people, True)
def export_summary_data(path):
path = os.path.join(path,"summary")
db_domains = get_domains_from_db('',False,True)
db_hosts = get_hosts_from_db('',False,True)
db_hostnames = get_hostnames_from_db('',False,True)
db_people = get_people_from_db('',False,True)
list_domains=''
list_hosts=''
list_hostnames=''
list_people=''
for item in db_domains:
list_domains += item.domain + '\n'
for item in db_hosts:
list_hosts += item.ip + '\n'
for item in db_hostnames:
list_hostnames += item.hostname + '\n'
for item in db_people:
list_people += item.email + '\n'
output.write_outfile(path, "domains.txt", list_domains, True)
output.write_outfile(path, "hosts.txt", list_hosts, True)
output.write_outfile(path, "hostnames.txt", list_hostnames, True)
output.write_outfile(path, "people.txt", list_people, True)
def export_tool_output(path):
'''
Exports all data in database into a specified path
'''
db_toolruns = get_toolruns_from_db('', False, True)
for item in db_toolruns:
filename = item.tool + "_" + item.target
outpath = os.path.join(path, item.subdir)
if not os.path.exists(outpath):
os.makedirs(outpath)
if not item.output_file:
filename += ".txt"
output.write_outfile(outpath, filename, item.output)
else:
filename += "." + item.output_filetype
with open(os.path.join(outpath, filename), "wb") as output_file:
output_file.write(item.output_file)
def export_tool_output(path):
'''
Exports all data in database into a specified path
'''
db_toolruns = get_toolruns_from_db('',False,True)
for item in db_toolruns:
filename = item.tool+ "_" + item.target
outpath = os.path.join(path, item.subdir)
if not os.path.exists(outpath):
os.makedirs(outpath)
if not item.output_file:
filename+=".txt"
output.write_outfile(outpath, filename, item.output)
else:
filename+="."+item.output_filetype
with open(os.path.join(outpath,filename), "wb") as output_file:
output_file.write(item.output_file)
def run(self):
'''
Run an instance of a tool
'''
run_tool = True
if db.check_if_tool_run(self.name, self.target):
print "Record found in run history for " +self.name + " on " + self.target
if core.prompt_tool_reruns:
response = raw_input("Would you like to re-run the tool? [n]")
if "y" in response or "Y" in response:
run_tool = True
else:
run_tool = False
else:
run_tool = False
if not run_tool:
return
#do not run aggressive tools if aggressive mode is not enabled
if self.aggressive and not core.aggressive:
return
if not os.path.exists(os.path.join(self.output_dir, self.output_subdir)):
os.makedirs(os.path.join(self.output_dir, self.output_subdir))
print "Running "+self.name+" on "+self.target
if self.command:
output_file_path = os.path.join(self.output_dir, self.output_subdir, self.name + "_" + self.target + "." + self.output_format)
self.command = self.command.replace("[TARGET]", self.target)
self.command = self.command.replace("[OUTPUT]", output_file_path)
print self.command
self.start_time = core.getTimestamp(True)
self.command_result = core.execute(self.command, self.suppress_out)
self.end_time = core.getTimestamp(True)
if self.cleanup_regex <> "":
clean_result = re.findall(self.cleanup_regex, self.command_result)
self.command_result = core.list_to_text(clean_result)
if not self.output_format:
db.add_run_to_db(self.name, self.target, self.command, self.command_result,'' ,'txt',self.start_time, self.end_time, self.output_subdir)
else:
db.add_run_to_db(self.name, self.target, self.command, self.command_result, output_file_path, self.output_format, self.start_time, self.end_time, self.output_subdir)
print ""
#if no output directory is specified or tool outputs to file itself, then only output to screen...
if self.output_dir and not self.output_format:
output.write_outfile(os.path.join(self.output_dir, self.output_subdir), self.name+ "_" + self.target + ".txt", self.command_result)
if self.email_regex:
self.emails = sorted(list(set(re.findall(self.email_regex, self.command_result))))
if self.email_domain_filter:
self.emails = [s for s in self.emails if self.email_domain_filter in s]
for email in self.emails:
email = email.lower()
db.add_person_to_db(email)
print "Emails discovered: " + str(self.emails)
if self.dns_regex:
self.dns = sorted(list(set(re.findall(self.dns_regex, self.command_result))))
for target in self.dns:
target = target.lower()
addresses = core.nslookup_fwd(target)
for address in addresses:
db.add_host_to_db(address,[target])
print "DNS entries discovered: " + str(self.dns)
if self.ip_regex:
self.ip = sorted(list(set(re.findall(self.ip_regex, self.command_result))))
for target in self.ip:
hostnames = core.nslookup_rev(target)
for hostname in hostnames:
hostname = hostname.lower()
db.add_host_to_db(target, [hostname])
print "IPs discovered: " + str(self.ip)
print "\n" + "-"*80 + "\n"
if self.url:
self.url = self.url.replace("[TARGET]", self.target)
output_file_path = os.path.join(self.output_dir, self.output_subdir, self.name + "_" + self.target + "." + self.website_output_format)
command = "cutycapt --url="+self.url+"--delay=1000 --out="+ output_file_path
core.execute(command, self.suppress_out)
db.add_run_to_db(self.name, self.target, self.command, self.command_result, output_file_path, self.website_output_format, self.start_time, self.end_time, self.output_subdir)
def run(self):
'''
Run an instance of a tool
'''
run_tool = True
if db.check_if_tool_run(self.name, self.target):
print "Record found in run history for " + self.name + " on " + self.target
if core.prompt_tool_reruns:
response = raw_input("Would you like to re-run the tool? [n]")
if "y" in response or "Y" in response:
run_tool = True
else:
run_tool = False
else:
run_tool = False
if not run_tool:
return
#do not run aggressive tools if aggressive mode is not enabled
if self.aggressive and not core.aggressive:
return
if not os.path.exists(os.path.join(self.output_dir,
self.output_subdir)):
os.makedirs(os.path.join(self.output_dir, self.output_subdir))
print "Running " + self.name + " on " + self.target
if self.command:
output_file_path = os.path.join(
self.output_dir, self.output_subdir,
self.name + "_" + self.target + "." + self.output_format)
self.command = self.command.replace("[TARGET]", self.target)
self.command = self.command.replace("[OUTPUT]", output_file_path)
self.command = self.command.replace("[PROJECT]", core.projectname)
print self.command
self.start_time = core.getTimestamp(True)
self.command_result = core.execute(self.command, self.suppress_out)
self.end_time = core.getTimestamp(True)
if self.cleanup_regex <> "":
clean_result = re.findall(self.cleanup_regex,
self.command_result)
self.command_result = core.list_to_text(clean_result)
if not self.output_format:
db.add_run_to_db(self.name, self.target, self.command,
self.command_result, '', 'txt',
self.start_time, self.end_time,
self.output_subdir)
else:
db.add_run_to_db(self.name, self.target, self.command,
self.command_result, output_file_path,
self.output_format, self.start_time,
self.end_time, self.output_subdir)
print ""
#if no output directory is specified or tool outputs to file itself, then only output to screen...
if self.output_dir and not self.output_format:
output.write_outfile(
os.path.join(self.output_dir, self.output_subdir),
self.name + "_" + self.target + ".txt",
self.command_result)
if self.email_regex:
self.emails = sorted(
list(set(re.findall(self.email_regex,
self.command_result))))
if self.email_domain_filter:
self.emails = [
s for s in self.emails if self.email_domain_filter in s
]
for email in self.emails:
email = email.lower()
db.add_person_to_db(email)
print "Emails discovered: " + str(self.emails)
if self.dns_regex:
self.dns = sorted(
list(set(re.findall(self.dns_regex, self.command_result))))
for target in self.dns:
target = target.lower()
addresses = core.nslookup_fwd(target)
for address in addresses:
db.add_host_to_db(address, [target])
print "DNS entries discovered: " + str(self.dns)
if self.ip_regex:
self.ip = sorted(
list(set(re.findall(self.ip_regex, self.command_result))))
for target in self.ip:
hostnames = core.nslookup_rev(target)
for hostname in hostnames:
hostname = hostname.lower()
db.add_host_to_db(target, [hostname])
print "IPs discovered: " + str(self.ip)
print "\n" + "-" * 80 + "\n"
if self.url:
self.url = self.url.replace("[TARGET]", self.target)
output_file_path = os.path.join(
self.output_dir, self.output_subdir, self.name + "_" +
self.target + "." + self.website_output_format)
command = "cutycapt --url=" + self.url + " --delay=" + self.delay + " --out=" + output_file_path
#Check for $DISPLAY which returns null if no X server; required for cutycapt (cannot run in SSH / headless)
if os.environ.get('DISPLAY'):
core.execute(command, self.suppress_out)
db.add_run_to_db(self.name, self.target, self.command,
self.command_result, output_file_path,
self.website_output_format, self.start_time,
self.end_time, self.output_subdir)
else:
print "[!] No X server detected (maybe inside an SSH session?)"
print "[!] Cutycapt for screenshot requires X server...skipping... :("
