Exemplo n.º 1
0
def main():
    try:
        # Check if defined "--version" option.
        if menu.options.version:
            version.show_version()
            sys.exit(0)

        # Checkall the banner
        menu.banner()

        # Check python version number.
        version.python_version()

        # Check if defined "--dependencies" option.
        # For checking (non-core) third party dependenices.
        if menu.options.noncore_dependencies:
            checks.third_party_dependencies()
            sys.exit(0)

        # Check if defined "--update" option.
        if menu.options.update:
            update.updater()
            sys.exit(0)

        # Check if defined "--install" option.
        if menu.options.install:
            install.installer()
            sys.exit(0)

        # Check arguments
        if len(sys.argv) == 1:
            menu.parser.print_help()
            print ""
            sys.exit(0)

        if menu.options.level > 3:
            err_msg = "The value for option '--level' "
            err_msg += "must be an integer value from range [1, 3]."
            print settings.print_error_msg(err_msg)
            sys.exit(0)

        # Parse target / data from HTTP proxy logs (i.e Burp / WebScarab).
        if menu.options.logfile:
            parser.logfile_parser()

        # Modification on payload
        if not menu.options.shellshock:
            #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
            settings.SYS_USERS = "echo $(" + settings.SYS_USERS + ")"
            settings.SYS_PASSES = "echo $(" + settings.SYS_PASSES + ")"

        # Check provided parameters for tests
        if menu.options.test_parameter:
            if menu.options.test_parameter.startswith("="):
                menu.options.test_parameter = menu.options.test_parameter[1:]
            settings.TEST_PARAMETER = menu.options.test_parameter.split(",")
            for i in range(0, len(settings.TEST_PARAMETER)):
                if "=" in settings.TEST_PARAMETER[i]:
                    settings.TEST_PARAMETER[i] = settings.TEST_PARAMETER[
                        i].split("=")[0]

        # Check if defined character used for splitting parameter values.
        if menu.options.pdel:
            settings.PARAMETER_DELIMITER = menu.options.pdel

        # Check if defined character used for splitting cookie values.
        if menu.options.cdel:
            settings.COOKIE_DELIMITER = menu.options.cdel

        # Check if specified wrong injection technique
        if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
            found_tech = False
            # Convert injection technique(s) to lowercase
            menu.options.tech = menu.options.tech.lower()
            # Check if used the ',' separator
            if "," in menu.options.tech:
                split_techniques_names = menu.options.tech.split(",")
            else:
                split_techniques_names = menu.options.tech.split()
            if split_techniques_names:
                for i in range(0, len(split_techniques_names)):
                    if len(menu.options.tech) <= 4:
                        split_first_letter = list(menu.options.tech)
                        for j in range(0, len(split_first_letter)):
                            if split_first_letter[
                                    j] in settings.AVAILABLE_TECHNIQUES:
                                found_tech = True
                            else:
                                found_tech = False
            if split_techniques_names[i].replace(
                    ' ', ''
            ) not in settings.AVAILABLE_TECHNIQUES and found_tech == False:
                err_msg = "You specified wrong value '" + split_techniques_names[
                    i] + "' as injection technique. "
                err_msg += "The value, must be a string composed by the letters (C)lassic, (E)val-based, "
                err_msg += "(T)ime-based, (F)ile-based (with or without commas)."
                print settings.print_error_msg(err_msg)
                sys.exit(0)

        # Check if specified wrong alternative shell
        if menu.options.alter_shell:
            if menu.options.alter_shell.lower(
            ) not in settings.AVAILABLE_SHELLS:
                err_msg = "'" + menu.options.alter_shell + "' shell is not supported!"
                print settings.print_error_msg(err_msg)
                sys.exit(0)

        # Check the file-destination
        if menu.options.file_write and not menu.options.file_dest or \
        menu.options.file_upload  and not menu.options.file_dest:
            err_msg = "Host's absolute filepath to write and/or upload, must be specified (--file-dest)."
            print settings.print_error_msg(err_msg)
            sys.exit(0)

        if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None:
            err_msg = "You must enter the '--file-write' or '--file-upload' parameter."
            print settings.print_error_msg(err_msg)
            sys.exit(0)

        # Check if defined "--file-upload" option.
        if menu.options.file_upload:
            # Check if not defined URL for upload.
            if not re.match(settings.VALID_URL_FORMAT,
                            menu.options.file_upload):
                err_msg = "The '" + menu.options.file_upload + "' is not a valid URL. "
                print settings.print_error_msg(err_msg)
                sys.exit(0)

        # Check if defined "--random-agent" option.
        if menu.options.random_agent:
            menu.options.agent = random.choice(settings.USER_AGENT_LIST)

        # Check if defined "--url" option.
        if menu.options.url:
            url = menu.options.url

            # Check if http / https
            url = checks.check_http_s(url)

            if menu.options.output_dir:
                output_dir = menu.options.output_dir
            else:
                output_dir = settings.OUTPUT_DIR

            # One directory up, if Windows or if the script is being run under "/src".
            if settings.IS_WINDOWS or "/src" in os.path.dirname(
                    os.path.abspath(__file__)):
                os.chdir("..")

            output_dir = os.path.dirname(output_dir)

            try:
                os.stat(output_dir)
            except:
                os.mkdir(output_dir)

            # The logs filename construction.
            filename = logs.create_log_file(url, output_dir)
            try:

                # Check if defined POST data
                if menu.options.data:
                    request = urllib2.Request(url, menu.options.data)
                else:
                    request = urllib2.Request(url)

                headers.do_check(request)

                # Check if defined any HTTP Proxy (--proxy option).
                if menu.options.proxy:
                    proxy.do_check(url)

                # Check if defined Tor (--tor option).
                elif menu.options.tor:
                    tor.do_check()
                info_msg = "Checking connection to the target URL... "
                sys.stdout.write(settings.print_info_msg(info_msg))
                sys.stdout.flush()

                try:
                    # Check if defined any HTTP Proxy (--proxy option).
                    if menu.options.proxy:
                        response = proxy.use_proxy(request)
                    # Check if defined Tor (--tor option).
                    elif menu.options.tor:
                        response = tor.use_tor(request)
                    else:
                        try:
                            response = urllib2.urlopen(request)
                        except ValueError:
                            # Invalid format for the '--headers' option.
                            print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                            err_msg = "Use '--headers=\"HEADER_NAME:HEADER_VALUE\"' to provide an HTTP header or"
                            err_msg += " '--headers=\"HEADER_NAME:" + settings.INJECT_TAG + "\"' "
                            err_msg += "if you want to try to exploit the provided HTTP header."
                            print settings.print_error_msg(err_msg)
                            sys.exit(0)
                except:
                    raise

                html_data = content = response.read()

                print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"

                # Used a valid pair of valid credentials
                if menu.options.auth_cred:
                    info_msg = "Identified a valid pair of credentials '" + Style.UNDERLINE
                    info_msg += menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT + "'."
                    print Style.BRIGHT + info_msg + Style.RESET_ALL

                try:
                    if response.info()['server']:
                        server_banner = response.info()['server']
                        found_os_server = False
                        if menu.options.os and checks.user_defined_os():
                            user_defined_os = settings.TARGET_OS

                        for i in range(0, len(settings.SERVER_OS_BANNERS)):
                            if settings.SERVER_OS_BANNERS[i].lower(
                            ) in server_banner.lower():
                                found_os_server = True
                                settings.TARGET_OS = settings.SERVER_OS_BANNERS[
                                    i].lower()
                                if settings.TARGET_OS == "win" or settings.TARGET_OS == "microsoft":
                                    identified_os = "Windows"
                                    if menu.options.os and user_defined_os != "win":
                                        if not checks.identified_os():
                                            settings.TARGET_OS = user_defined_os

                                    settings.TARGET_OS = identified_os[:
                                                                       3].lower(
                                                                       )
                                    if menu.options.shellshock:
                                        err_msg = "The shellshock module is not available for " + identified_os + " targets."
                                        print settings.print_critical_msg(
                                            err_msg)
                                        raise SystemExit()
                                else:
                                    identified_os = "Unix-like (" + settings.TARGET_OS + ")"
                                    if menu.options.os and user_defined_os == "win":
                                        if not checks.identified_os():
                                            settings.TARGET_OS = user_defined_os

                        found_server_banner = False
                        if menu.options.verbose:
                            info_msg = "Identifying the target server..."
                            print settings.print_info_msg(info_msg)
                        for i in range(0, len(settings.SERVER_BANNERS)):
                            if settings.SERVER_BANNERS[i].lower(
                            ) in server_banner.lower():
                                if menu.options.verbose:
                                    success_msg = "The server was identified as "
                                    success_msg += Style.UNDERLINE + server_banner + Style.RESET_ALL + "."
                                    print settings.print_success_msg(
                                        success_msg)
                                settings.SERVER_BANNER = server_banner
                                found_server_banner = True
                                # Set up default root paths
                                if settings.SERVER_BANNERS[i].lower(
                                ) == "apache":
                                    if settings.TARGET_OS == "win":
                                        settings.SRV_ROOT_DIR = "\\htdocs"
                                    else:
                                        settings.SRV_ROOT_DIR = "/var/www"
                                if settings.SERVER_BANNERS[i].lower(
                                ) == "nginx":
                                    settings.SRV_ROOT_DIR = "/usr/share/nginx"
                                if settings.SERVER_BANNERS[i].lower(
                                ) == "microsoft-iis":
                                    settings.SRV_ROOT_DIR = "\\inetpub\\wwwroot"
                                break

                        if not found_server_banner:
                            warn_msg = "Heuristics have failed to identify server."
                            print settings.print_warning_msg(warn_msg)

                        # Store the Server's root dir
                        settings.DEFAULT_SRV_ROOT_DIR = settings.SRV_ROOT_DIR

                        # Retrieve everything from the supported enumeration options.
                        if menu.options.enum_all:
                            checks.enable_all_enumeration_options()

                        if menu.options.is_admin or menu.options.is_root and not menu.options.current_user:
                            menu.options.current_user = True

                        # Check for wrong flags.
                        if settings.TARGET_OS == "win":
                            if menu.options.is_root:
                                warn_msg = "Swithing '--is-root' to '--is-admin' because the target has been identified as windows."
                                print settings.print_warning_msg(warn_msg)
                            if menu.options.passwords:
                                warn_msg = "The '--passwords' option, is not yet available for Windows targets."
                                print settings.print_warning_msg(warn_msg)
                            if menu.options.file_upload:
                                warn_msg = "The '--file-upload' option, is not yet available for windows targets. "
                                warn_msg += "Instead, use the '--file-write' option."
                                print settings.print_warning_msg(warn_msg)
                                sys.exit(0)
                        else:
                            if menu.options.is_admin:
                                warn_msg = "Swithing the '--is-admin' to '--is-root' because "
                                warn_msg += "the target has been identified as unix-like. "
                                print settings.print_warning_msg(warn_msg)

                        if found_os_server == False and \
                           not menu.options.os:
                            # If "--shellshock" option is provided then,
                            # by default is a Linux/Unix operating system.
                            if menu.options.shellshock:
                                pass
                            else:
                                warn_msg = "Heuristics have failed to identify server's operating system."
                                print settings.print_warning_msg(warn_msg)
                                while True:
                                    question_msg = "Do you recognise the server's operating system? [(W)indows/(U)nix/(q)uit] > "
                                    got_os = raw_input(
                                        settings.print_question_msg(
                                            question_msg)).lower()
                                    if got_os.lower() in settings.CHOICE_OS:
                                        if got_os.lower() == "w":
                                            settings.TARGET_OS = "win"
                                            break
                                        elif got_os.lower() == "u":
                                            break
                                        elif got_os.lower() == "q":
                                            raise SystemExit()
                                    else:
                                        if got_os == "":
                                            got_os = "enter"
                                        err_msg = "'" + got_os + "' is not a valid answer."
                                        print settings.print_error_msg(
                                            err_msg) + "\n"
                                        pass

                        if not menu.options.os:
                            if found_server_banner == False:
                                warn_msg = "The server which was identified as " + server_banner + " seems unknown."
                                print settings.print_warning_msg(warn_msg)
                    else:
                        found_os_server = checks.user_defined_os()
                except KeyError:
                    pass

                # Charset detection [1].
                # [1] http://www.w3schools.com/html/html_charset.asp
                # Check if HTML4 format
                if menu.options.verbose:
                    info_msg = "Identifing the indicated web-page charset..."
                    print settings.print_info_msg(info_msg)
                content = re.findall(r";charset=(.*)\"", html_data)
                if len(content) != 0:
                    charset = content
                else:
                    # Check if HTML5 format
                    charset = re.findall(r"charset=['\"](.*?)['\"]", html_data)
                if len(charset) != 0:
                    settings.CHARSET = charset[len(charset) - 1]
                    if settings.CHARSET.lower() not in settings.CHARSET_LIST:
                        warn_msg = "The indicated web-page charset " + settings.CHARSET + " seems unknown."
                        print settings.print_warning_msg(warn_msg)
                    else:
                        if menu.options.verbose:
                            success_msg = "The indicated web-page charset appears to be "
                            success_msg += Style.UNDERLINE + settings.CHARSET + Style.RESET_ALL + "."
                            print settings.print_success_msg(success_msg)

            except urllib2.HTTPError, e:
                # Check the codes of responses
                if e.getcode() == 500:
                    print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                    content = e.read()
                    sys.exit(0)

                # Check for HTTP Error 401 (Unauthorized).
                elif e.getcode() == 401:
                    try:
                        # Get the auth header value
                        auth_line = e.headers.get('www-authenticate', '')
                        # Checking for authentication type name.
                        auth_type = auth_line.split()[0]
                        settings.SUPPORTED_HTTP_AUTH_TYPES.index(
                            auth_type.lower())
                        # Checking for the realm attribute.
                        try:
                            auth_obj = re.match('''(\w*)\s+realm=(.*)''',
                                                auth_line).groups()
                            realm = auth_obj[1].split(',')[0].replace("\"", "")
                        except:
                            realm = False

                    except ValueError:
                        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                        err_msg = "The identified HTTP authentication type (" + auth_type + ") is not yet supported."
                        print settings.print_error_msg(err_msg) + "\n"
                        sys.exit(0)

                    except IndexError:
                        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                        err_msg = "The provided pair of " + menu.options.auth_type
                        err_msg += " HTTP authentication credentials '" + menu.options.auth_cred + "'"
                        err_msg += " seems to be invalid."
                        print settings.print_error_msg(err_msg)
                        sys.exit(0)

                    print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
                    if menu.options.auth_type and menu.options.auth_type != auth_type.lower(
                    ):
                        if checks.identified_http_auth_type(auth_type):
                            menu.options.auth_type = auth_type.lower()
                    else:
                        menu.options.auth_type = auth_type.lower()

                    # Check for stored auth credentials.
                    if not menu.options.auth_cred:
                        try:
                            stored_auth_creds = session_handler.export_valid_credentials(
                                url, auth_type.lower())
                        except:
                            stored_auth_creds = False
                        if stored_auth_creds:
                            menu.options.auth_cred = stored_auth_creds
                            success_msg = "Identified a valid pair of credentials '" + Style.UNDERLINE
                            success_msg += menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT + "'."
                            print settings.print_success_msg(success_msg)
                        else:
                            # Basic authentication
                            if menu.options.auth_type == "basic":
                                if not menu.options.ignore_401:
                                    warn_msg = "(" + menu.options.auth_type.capitalize(
                                    ) + ") "
                                    warn_msg += "HTTP authentication credentials are required."
                                    printprint_warning_msg(warn_msg)
                                    while True:
                                        question_msg = "Do you want to perform a dictionary-based attack? [Y/n/q] > "
                                        crack_creds = raw_input(
                                            settings.print_question_msg(
                                                question_msg)).lower()
                                        if crack_creds in settings.CHOICE_YES:
                                            auth_creds = authentication.http_auth_cracker(
                                                url, realm)
                                            if auth_creds != False:
                                                menu.options.auth_cred = auth_creds
                                                settings.REQUIRED_AUTHENTICATION = True
                                                break
                                            else:
                                                sys.exit(0)
                                        elif crack_creds in settings.CHOICE_NO:
                                            checks.http_auth_err_msg()
                                        elif crack_creds in settings.CHOICE_QUIT:
                                            sys.exit(0)
                                        else:
                                            if crack_creds == "":
                                                crack_creds = "enter"
                                            err_msg = "'" + crack_creds + "' is not a valid answer."
                                            print settings.print_error_msg(
                                                err_msg) + "\n"
                                            pass

                            # Digest authentication
                            elif menu.options.auth_type == "digest":
                                if not menu.options.ignore_401:
                                    warn_msg = "(" + menu.options.auth_type.capitalize(
                                    ) + ") "
                                    warn_msg += "HTTP authentication credentials are required."
                                    print settings.print_warning_msg(warn_msg)
                                    # Check if heuristics have failed to identify the realm attribute.
                                    if not realm:
                                        warn_msg = "Heuristics have failed to identify the realm attribute."
                                        print settings.print_warning_msg(
                                            warn_msg)
                                    while True:
                                        question_msg = "Do you want to perform a dictionary-based attack? [Y/n/q] > "
                                        crack_creds = raw_input(
                                            settings.print_question_msg(
                                                question_msg)).lower()
                                        if crack_creds in settings.CHOICE_YES:
                                            auth_creds = authentication.http_auth_cracker(
                                                url, realm)
                                            if auth_creds != False:
                                                menu.options.auth_cred = auth_creds
                                                settings.REQUIRED_AUTHENTICATION = True
                                                break
                                            else:
                                                sys.exit(0)
                                        elif crack_creds in settings.CHOICE_NO:
                                            checks.http_auth_err_msg()
                                        elif crack_creds in settings.CHOICE_QUIT:
                                            sys.exit(0)
                                        else:
                                            if crack_creds == "":
                                                crack_creds = "enter"
                                            err_msg = "'" + crack_creds + "' is not a valid answer."
                                            print settings.print_error_msg(
                                                err_msg) + "\n"
                                            pass
                                    else:
                                        checks.http_auth_err_msg()
                    else:
                        pass

                elif e.getcode() == 403:
                    print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                    err_msg = "You don't have permission to access this page."
                    print settings.print_error_msg(err_msg)
                    sys.exit(0)

                elif e.getcode() == 404:
                    print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                    err_msg = "The host seems to be down!"
                    print settings.print_error_msg(err_msg)
                    sys.exit(0)

                else:
                    raise

            except urllib2.URLError, e:
                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
                err_msg = "The host seems to be down!"
                print settings.print_error_msg(err_msg)
                sys.exit(0)
Exemplo n.º 2
0
def estimate_response_time(url, timesec):
  stored_auth_creds = False
  if settings.VERBOSITY_LEVEL >= 1:
    info_msg = "Estimating the target URL response time... "
    sys.stdout.write(settings.print_info_msg(info_msg))
    sys.stdout.flush()
  # Check if defined POST data
  if menu.options.data:
    request = urllib2.Request(url, menu.options.data)
  else:
    url = parameters.get_url_part(url)
    request = urllib2.Request(url)
  headers.do_check(request) 
  start = time.time()
  try:
    response = urllib2.urlopen(request)
    response.read(1)
    response.close()

  # except urllib2.HTTPError, err:
  #   pass
    
  except urllib2.HTTPError, err:
    ignore_start = time.time()
    if "Unauthorized" in str(err) and menu.options.ignore_code == settings.UNAUTHORIZED_ERROR:
      pass
    else:
      if settings.VERBOSITY_LEVEL >= 1:
        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
      err_msg = "Unable to connect to the target URL"
      try:
        err_msg += " (" + str(err.args[0]).split("] ")[1] + ")."
      except IndexError:
        err_msg += " (" + str(err) + ")."
      print settings.print_critical_msg(err_msg)
      # Check for HTTP Error 401 (Unauthorized).
      if str(err.getcode()) == settings.UNAUTHORIZED_ERROR:
        try:
          # Get the auth header value
          auth_line = err.headers.get('www-authenticate', '')
          # Checking for authentication type name.
          auth_type = auth_line.split()[0]
          settings.SUPPORTED_HTTP_AUTH_TYPES.index(auth_type.lower())
          # Checking for the realm attribute.
          try: 
            auth_obj = re.match('''(\w*)\s+realm=(.*)''', auth_line).groups()
            realm = auth_obj[1].split(',')[0].replace("\"", "")
          except:
            realm = False

        except ValueError:
          err_msg = "The identified HTTP authentication type (" + str(auth_type) + ") "
          err_msg += "is not yet supported."
          print settings.print_critical_msg(err_msg) + "\n"
          raise SystemExit()

        except IndexError:
          err_msg = "The provided pair of " + str(menu.options.auth_type) 
          err_msg += " HTTP authentication credentials '" + str(menu.options.auth_cred) + "'"
          err_msg += " seems to be invalid."
          print settings.print_critical_msg(err_msg)
          raise SystemExit() 

        if menu.options.auth_type and menu.options.auth_type != auth_type.lower():
          if checks.identified_http_auth_type(auth_type):
            menu.options.auth_type = auth_type.lower()
        else:
          menu.options.auth_type = auth_type.lower()

        # Check for stored auth credentials.
        if not menu.options.auth_cred:
          try:
            stored_auth_creds = session_handler.export_valid_credentials(url, auth_type.lower())
          except:
            stored_auth_creds = False
          if stored_auth_creds:
            menu.options.auth_cred = stored_auth_creds
            success_msg = "Identified a valid (stored) pair of credentials '"  
            success_msg += menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT  + "'."
            print settings.print_success_msg(success_msg)
          else:  
            # Basic authentication 
            if menu.options.auth_type == "basic":
              if not menu.options.ignore_code == settings.UNAUTHORIZED_ERROR:
                warn_msg = "(" + menu.options.auth_type.capitalize() + ") " 
                warn_msg += "HTTP authentication credentials are required."
                print settings.print_warning_msg(warn_msg)
                while True:
                  if not menu.options.batch:
                    question_msg = "Do you want to perform a dictionary-based attack? [Y/n] > "
                    sys.stdout.write(settings.print_question_msg(question_msg))
                    do_update = sys.stdin.readline().replace("\n","").lower()
                  else:
                    do_update = ""  
                  if len(do_update) == 0:
                     do_update = "y" 
                  if do_update in settings.CHOICE_YES:
                    auth_creds = authentication.http_auth_cracker(url, realm)
                    if auth_creds != False:
                      menu.options.auth_cred = auth_creds
                      settings.REQUIRED_AUTHENTICATION = True
                      break
                    else:
                      raise SystemExit()
                  elif do_update in settings.CHOICE_NO:
                    checks.http_auth_err_msg()
                  elif do_update in settings.CHOICE_QUIT:
                    raise SystemExit()
                  else:
                    err_msg = "'" + do_update + "' is not a valid answer."  
                    print settings.print_error_msg(err_msg)
                    pass

            # Digest authentication         
            elif menu.options.auth_type == "digest":
              if not menu.options.ignore_code == settings.UNAUTHORIZED_ERROR:
                warn_msg = "(" + menu.options.auth_type.capitalize() + ") " 
                warn_msg += "HTTP authentication credentials are required."
                print settings.print_warning_msg(warn_msg)      
                # Check if heuristics have failed to identify the realm attribute.
                if not realm:
                  warn_msg = "Heuristics have failed to identify the realm attribute." 
                  print settings.print_warning_msg(warn_msg)
                while True:
                  if not menu.options.batch:
                    question_msg = "Do you want to perform a dictionary-based attack? [Y/n] > "
                    sys.stdout.write(settings.print_question_msg(question_msg))
                    do_update = sys.stdin.readline().replace("\n","").lower()
                  else:
                    do_update = ""
                  if len(do_update) == 0:
                     do_update = "y" 
                  if do_update in settings.CHOICE_YES:
                    auth_creds = authentication.http_auth_cracker(url, realm)
                    if auth_creds != False:
                      menu.options.auth_cred = auth_creds
                      settings.REQUIRED_AUTHENTICATION = True
                      break
                    else:
                      raise SystemExit()
                  elif do_update in settings.CHOICE_NO:
                    checks.http_auth_err_msg()
                  elif do_update in settings.CHOICE_QUIT:
                    raise SystemExit()
                  else:
                    err_msg = "'" + do_update + "' is not a valid answer."  
                    print settings.print_error_msg(err_msg)
                    pass
                else:   
                  checks.http_auth_err_msg()      
        else:
          pass
  
    ignore_end = time.time()
    start = start - (ignore_start - ignore_end)
Exemplo n.º 3
0
              if menu.options.auth_type == "basic":
                if not menu.options.ignore_401:
                  warn_msg = "(" + menu.options.auth_type.capitalize() + ") " 
                  warn_msg += "HTTP authentication credentials are required."
                  print settings.print_warning_msg(warn_msg)
                  while True:
                    if not menu.options.batch:
                      question_msg = "Do you want to perform a dictionary-based attack? [Y/n] > "
                      sys.stdout.write(settings.print_question_msg(question_msg))
                      do_update = sys.stdin.readline().replace("\n","").lower()
                    else:
                      do_update = ""  
                    if len(do_update) == 0:
                       do_update = "y" 
                    if do_update in settings.CHOICE_YES:
                      auth_creds = authentication.http_auth_cracker(url, realm)
                      if auth_creds != False:
                        menu.options.auth_cred = auth_creds
                        settings.REQUIRED_AUTHENTICATION = True
                        break
                      else:
                        sys.exit(0)
                    elif do_update in settings.CHOICE_NO:
                      checks.http_auth_err_msg()
                    elif do_update in settings.CHOICE_QUIT:
                      sys.exit(0)
                    else:
                      err_msg = "'" + do_update + "' is not a valid answer."  
                      print settings.print_error_msg(err_msg)
                      pass
Exemplo n.º 4
0
def main():
  try:
    # Check if defined "--version" option.
    if menu.options.version:
      version.show_version()
      sys.exit(0)

    # Checkall the banner
    menu.banner()
        
    # Check python version number.
    version.python_version()

    # Check if defined "--dependencies" option. 
    # For checking (non-core) third party dependenices.
    if menu.options.noncore_dependencies:
      checks.third_party_dependencies()
      sys.exit(0)
      
    # Check if defined "--update" option.        
    if menu.options.update:
      update.updater()
      sys.exit(0)
        
    # Check if defined "--install" option.        
    if menu.options.install:
      install.installer()
      sys.exit(0)
    
    # Check arguments
    if len(sys.argv) == 1:
      menu.parser.print_help()
      print ""
      sys.exit(0)

    # Define the level of verbosity.
    if menu.options.verbose > 1:
      err_msg = "The value for option '-v' "
      err_msg += "must be an integer value from range [0, 1]."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)
    else:  
      settings.VERBOSITY_LEVEL = menu.options.verbose

    # Check if defined "--delay" option.
    if menu.options.delay:
      if menu.options.delay > "0":
        settings.DELAY = menu.options.delay

    # Define the level of tests to perform.
    if menu.options.level > 3:
      err_msg = "The value for option '--level' "
      err_msg += "must be an integer value from range [1, 3]."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)

    # Parse target / data from HTTP proxy logs (i.e Burp / WebScarab).
    if menu.options.logfile:
      parser.logfile_parser()
 
    # Modification on payload
    if not menu.options.shellshock:
      #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
      settings.SYS_USERS  = "echo $(" + settings.SYS_USERS + ")"
      settings.SYS_PASSES  = "echo $(" + settings.SYS_PASSES + ")"

    # Check provided parameters for tests
    if menu.options.test_parameter:
      if menu.options.test_parameter.startswith("="):
        menu.options.test_parameter = menu.options.test_parameter[1:]
      settings.TEST_PARAMETER = menu.options.test_parameter.split(settings.PARAMETER_SPLITTING_REGEX)
      for i in range(0,len(settings.TEST_PARAMETER)):
        if "=" in settings.TEST_PARAMETER[i]:
          settings.TEST_PARAMETER[i] = settings.TEST_PARAMETER[i].split("=")[0]

    # Check if defined character used for splitting parameter values.
    if menu.options.pdel:
     settings.PARAMETER_DELIMITER = menu.options.pdel

    # Check if defined character used for splitting cookie values.
    if menu.options.cdel:
     settings.COOKIE_DELIMITER = menu.options.cdel

    # Check if specified wrong injection technique
    if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
      found_tech = False
      # Convert injection technique(s) to lowercase
      menu.options.tech = menu.options.tech.lower()
      # Check if used the ',' separator
      if settings.PARAMETER_SPLITTING_REGEX in menu.options.tech:
        split_techniques_names = menu.options.tech.split(settings.PARAMETER_SPLITTING_REGEX)
      else:
        split_techniques_names = menu.options.tech.split()
      if split_techniques_names:
        for i in range(0,len(split_techniques_names)):
          if len(menu.options.tech) <= 4:
            split_first_letter = list(menu.options.tech)
            for j in range(0,len(split_first_letter)):
              if split_first_letter[j] in settings.AVAILABLE_TECHNIQUES:
                found_tech = True
              else:  
                found_tech = False  
                          
      if split_techniques_names[i].replace(' ', '') not in settings.AVAILABLE_TECHNIQUES and \
         found_tech == False:
        err_msg = "You specified wrong value '" + split_techniques_names[i] 
        err_msg += "' as injection technique. "
        err_msg += "The value, must be a string composed by the letters (C)lassic, (E)val-based, "
        err_msg += "(T)ime-based, (F)ile-based (with or without commas)."
        print settings.print_critical_msg(err_msg)
        sys.exit(0)

    # Check if specified wrong alternative shell
    if menu.options.alter_shell:
      if menu.options.alter_shell.lower() not in settings.AVAILABLE_SHELLS:
        err_msg = "'" + menu.options.alter_shell + "' shell is not supported!"
        print settings.print_critical_msg(err_msg)
        sys.exit(0)

    # Check the file-destination
    if menu.options.file_write and not menu.options.file_dest or \
    menu.options.file_upload  and not menu.options.file_dest:
      err_msg = "Host's absolute filepath to write and/or upload, must be specified (--file-dest)."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)

    if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None :
      err_msg = "You must enter the '--file-write' or '--file-upload' parameter."
      print settings.print_critical_msg(err_msg)
      sys.exit(0)

    # Check if defined "--file-upload" option.
    if menu.options.file_upload:
      # Check if not defined URL for upload.
      if not re.match(settings.VALID_URL_FORMAT, menu.options.file_upload):
        err_msg = "The '" + menu.options.file_upload + "' is not a valid URL. "
        print settings.print_critical_msg(err_msg)
        sys.exit(0)
        
    # Check if defined "--random-agent" option.
    if menu.options.random_agent:
      menu.options.agent = random.choice(settings.USER_AGENT_LIST)
  
    # Check if defined "--url" option.
    if menu.options.url:
      url = menu.options.url
      
      # Check if http / https
      url = checks.check_http_s(url)

      if menu.options.output_dir:
        output_dir = menu.options.output_dir
      else:
        output_dir = settings.OUTPUT_DIR
      
      # One directory up, if Windows or if the script is being run under "/src".
      if settings.IS_WINDOWS or "/src" in os.path.dirname(os.path.abspath(__file__)):
        os.chdir("..")
        
      output_dir = os.path.dirname(output_dir)
     
      try:
        os.stat(output_dir)
      except:
        os.mkdir(output_dir)   

      # The logs filename construction.
      filename = logs.create_log_file(url, output_dir)
      try:
        
        # Check if defined POST data
        if menu.options.data:
          request = urllib2.Request(url, menu.options.data)
        else:
          request = urllib2.Request(url)

        headers.do_check(request)  
        
        # Check if defined any HTTP Proxy (--proxy option).
        if menu.options.proxy:
          proxy.do_check(url)
        
        # Check if defined Tor (--tor option).
        elif menu.options.tor:
          tor.do_check()
        info_msg = "Checking connection to the target URL... "  
        sys.stdout.write(settings.print_info_msg(info_msg))
        sys.stdout.flush()

        try:
          # Check if defined any HTTP Proxy (--proxy option).
          if menu.options.proxy:
            response = proxy.use_proxy(request)
          # Check if defined Tor (--tor option).  
          elif menu.options.tor:
            response = tor.use_tor(request)
          else:
            try:
              response = urllib2.urlopen(request)
            except ValueError:
              # Invalid format for the '--headers' option.
              print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
              err_msg = "Use '--headers=\"HEADER_NAME:HEADER_VALUE\"' "
              err_msg += "to provide an HTTP header or"
              err_msg += " '--headers=\"HEADER_NAME:" + settings.WILDCARD_CHAR  + "\"' "
              err_msg += "if you want to try to exploit the provided HTTP header."
              print settings.print_critical_msg(err_msg)
              sys.exit(0)
        except:
          raise

        html_data = content = response.read()
        print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"

        # Check for CGI scripts on url
        checks.check_CGI_scripts(url)

        # Used a valid pair of valid credentials
        if menu.options.auth_cred:
          success_msg = Style.BRIGHT + "Identified a valid pair of credentials '" 
          success_msg += menu.options.auth_cred + Style.RESET_ALL 
          success_msg += Style.BRIGHT + "'." + Style.RESET_ALL
          print settings.print_success_msg(success_msg)

        try:
          if response.info()['server'] :
            server_banner = response.info()['server']
            found_os_server = False
            if menu.options.os and checks.user_defined_os():
              user_defined_os = settings.TARGET_OS

            for i in range(0,len(settings.SERVER_OS_BANNERS)):
              if settings.SERVER_OS_BANNERS[i].lower() in server_banner.lower():
                found_os_server = True
                settings.TARGET_OS = settings.SERVER_OS_BANNERS[i].lower()
                if settings.TARGET_OS == "win" or settings.TARGET_OS == "microsoft" :
                  identified_os = "Windows"
                  if menu.options.os and user_defined_os != "win":
                    if not checks.identified_os():
                      settings.TARGET_OS = user_defined_os

                  settings.TARGET_OS = identified_os[:3].lower()
                  if menu.options.shellshock:
                    err_msg = "The shellshock module is not available for " 
                    err_msg += identified_os + " targets."
                    print settings.print_critical_msg(err_msg)
                    raise SystemExit()
                else:
                  identified_os = "Unix-like (" + settings.TARGET_OS + ")"
                  if menu.options.os and user_defined_os == "win":
                    if not checks.identified_os():
                      settings.TARGET_OS = user_defined_os

            found_server_banner = False
            if settings.VERBOSITY_LEVEL >= 1:
              info_msg = "Identifying the target server... " 
              sys.stdout.write(settings.print_info_msg(info_msg))
              sys.stdout.flush()

            for i in range(0,len(settings.SERVER_BANNERS)):
              if settings.SERVER_BANNERS[i].lower() in server_banner.lower():
                if settings.VERBOSITY_LEVEL >= 1:
                  print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
                if settings.VERBOSITY_LEVEL >= 1:
                  success_msg = "The server was identified as " 
                  success_msg += server_banner + Style.RESET_ALL + "."
                  print settings.print_success_msg(success_msg)
                settings.SERVER_BANNER = server_banner
                found_server_banner = True
                # Set up default root paths
                if settings.SERVER_BANNERS[i].lower() == "apache":
                  if settings.TARGET_OS == "win":
                    settings.SRV_ROOT_DIR = "\\htdocs"
                  else:
                    settings.SRV_ROOT_DIR = "/var/www"
                if settings.SERVER_BANNERS[i].lower() == "nginx": 
                  settings.SRV_ROOT_DIR = "/usr/share/nginx"
                if settings.SERVER_BANNERS[i].lower() == "microsoft-iis":
                  settings.SRV_ROOT_DIR = "\\inetpub\\wwwroot"
                break

            if not found_server_banner:
              if settings.VERBOSITY_LEVEL >= 1:
                print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
              warn_msg = "Heuristics have failed to identify server."
              print settings.print_warning_msg(warn_msg)
            
            # Load tamper scripts
            if menu.options.tamper:
              checks.tamper_scripts()

            # Store the Server's root dir
            settings.DEFAULT_SRV_ROOT_DIR = settings.SRV_ROOT_DIR

            if menu.options.is_admin or menu.options.is_root and not menu.options.current_user:
              menu.options.current_user = True

            # Check for wrong flags.
            if settings.TARGET_OS == "win":
              if menu.options.is_root :
                warn_msg = "Swithing '--is-root' to '--is-admin' because the "
                warn_msg += "target has been identified as windows."
                print settings.print_warning_msg(warn_msg)
              if menu.options.passwords:
                warn_msg = "The '--passwords' option, is not yet available for Windows targets."
                print settings.print_warning_msg(warn_msg)  
              if menu.options.file_upload :
                warn_msg = "The '--file-upload' option, is not yet available for windows targets. "
                warn_msg += "Instead, use the '--file-write' option."
                print settings.print_warning_msg(warn_msg)  
                sys.exit(0)
            else: 
              if menu.options.is_admin : 
                warn_msg = "Swithing the '--is-admin' to '--is-root' because "
                warn_msg += "the target has been identified as unix-like. "
                print settings.print_warning_msg(warn_msg)  
            
            if found_os_server == False and \
               not menu.options.os:
              # If "--shellshock" option is provided then,
              # by default is a Linux/Unix operating system.
              if menu.options.shellshock:
                pass 
              else:
                warn_msg = "Heuristics have failed to identify server's operating system."
                print settings.print_warning_msg(warn_msg)
                while True:
                  question_msg = "Do you recognise the server's operating system? "
                  question_msg += "[(W)indows/(U)nix/(q)uit] > "
                  sys.stdout.write(settings.print_question_msg(question_msg))
                  got_os = sys.stdin.readline().replace("\n","").lower()
                  if got_os.lower() in settings.CHOICE_OS :
                    if got_os.lower() == "w":
                      settings.TARGET_OS = "win"
                      break
                    elif got_os.lower() == "u":
                      break
                    elif got_os.lower() == "q":
                      raise SystemExit()
                  else:
                    if got_os == "":
                      got_os = "enter"
                    err_msg = "'" + got_os + "' is not a valid answer."  
                    print settings.print_error_msg(err_msg)
                    pass

            if not menu.options.os:
              if found_server_banner == False:
                warn_msg = "The server which was identified as " 
                warn_msg += server_banner + " seems unknown."
                print settings.print_warning_msg(warn_msg)
          else:
            found_os_server = checks.user_defined_os()
        except KeyError:
          pass

        # Charset detection.
        requests.charset_detection(response)

      except urllib2.HTTPError, e:
        # Check the codes of responses
        if e.getcode() == 500:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          content = e.read()
          sys.exit(0)

        # Check for HTTP Error 401 (Unauthorized).
        elif e.getcode() == 401:
          try:
            # Get the auth header value
            auth_line = e.headers.get('www-authenticate', '')
            # Checking for authentication type name.
            auth_type = auth_line.split()[0]
            settings.SUPPORTED_HTTP_AUTH_TYPES.index(auth_type.lower())
            # Checking for the realm attribute.
            try: 
              auth_obj = re.match('''(\w*)\s+realm=(.*)''', auth_line).groups()
              realm = auth_obj[1].split(',')[0].replace("\"", "")
            except:
              realm = False

          except ValueError:
            print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
            err_msg = "The identified HTTP authentication type (" + auth_type + ") "
            err_msg += "is not yet supported."
            print settings.print_critical_msg(err_msg) + "\n"
            sys.exit(0)

          except IndexError:
            print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
            err_msg = "The provided pair of " + menu.options.auth_type 
            err_msg += " HTTP authentication credentials '" + menu.options.auth_cred + "'"
            err_msg += " seems to be invalid."
            print settings.print_critical_msg(err_msg)
            sys.exit(0) 

          print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
          if menu.options.auth_type and menu.options.auth_type != auth_type.lower():
            if checks.identified_http_auth_type(auth_type):
              menu.options.auth_type = auth_type.lower()
          else:
            menu.options.auth_type = auth_type.lower()

          # Check for stored auth credentials.
          if not menu.options.auth_cred:
            try:
              stored_auth_creds = session_handler.export_valid_credentials(url, auth_type.lower())
            except:
              stored_auth_creds = False
            if stored_auth_creds:
              menu.options.auth_cred = stored_auth_creds
              success_msg = "Identified a valid pair of credentials '"  
              success_msg += menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT  + "'."
              print settings.print_success_msg(success_msg)
            else:  
              # Basic authentication 
              if menu.options.auth_type == "basic":
                if not menu.options.ignore_401:
                  warn_msg = "(" + menu.options.auth_type.capitalize() + ") " 
                  warn_msg += "HTTP authentication credentials are required."
                  print settings.print_warning_msg(warn_msg)
                  while True:
                    question_msg = "Do you want to perform a dictionary-based attack? [Y/n/q] > "
                    sys.stdout.write(settings.print_question_msg(question_msg))
                    crack_creds = sys.stdin.readline().replace("\n","").lower()
                    if crack_creds in settings.CHOICE_YES:
                      auth_creds = authentication.http_auth_cracker(url, realm)
                      if auth_creds != False:
                        menu.options.auth_cred = auth_creds
                        settings.REQUIRED_AUTHENTICATION = True
                        break
                      else:
                        sys.exit(0)
                    elif crack_creds in settings.CHOICE_NO:
                      checks.http_auth_err_msg()
                    elif crack_creds in settings.CHOICE_QUIT:
                      sys.exit(0)
                    else:
                      if crack_creds == "":
                        crack_creds = "enter"
                      err_msg = "'" + crack_creds + "' is not a valid answer."  
                      print settings.print_error_msg(err_msg)
                      pass

              # Digest authentication         
              elif menu.options.auth_type == "digest":
                if not menu.options.ignore_401:
                  warn_msg = "(" + menu.options.auth_type.capitalize() + ") " 
                  warn_msg += "HTTP authentication credentials are required."
                  print settings.print_warning_msg(warn_msg)      
                  # Check if heuristics have failed to identify the realm attribute.
                  if not realm:
                    warn_msg = "Heuristics have failed to identify the realm attribute." 
                    print settings.print_warning_msg(warn_msg)
                  while True:
                    question_msg = "Do you want to perform a dictionary-based attack? [Y/n/q] > "
                    sys.stdout.write(settings.print_question_msg(question_msg))
                    crack_creds = sys.stdin.readline().replace("\n","").lower()
                    if crack_creds in settings.CHOICE_YES:
                      auth_creds = authentication.http_auth_cracker(url, realm)
                      if auth_creds != False:
                        menu.options.auth_cred = auth_creds
                        settings.REQUIRED_AUTHENTICATION = True
                        break
                      else:
                        sys.exit(0)
                    elif crack_creds in settings.CHOICE_NO:
                      checks.http_auth_err_msg()
                    elif crack_creds in settings.CHOICE_QUIT:
                      sys.exit(0)
                    else:
                      if crack_creds == "":
                        crack_creds = "enter"
                      err_msg = "'" + crack_creds + "' is not a valid answer."  
                      print settings.print_error_msg(err_msg)
                      pass
                  else:   
                    checks.http_auth_err_msg()      
          else:
            pass

        elif e.getcode() == 403:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          err_msg = "You don't have permission to access this page."
          print settings.print_critical_msg(err_msg)
          sys.exit(0)
          
        elif e.getcode() == 404:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          err_msg = "The host seems to be down!"
          print settings.print_critical_msg(err_msg)
          sys.exit(0)

        else:
          raise

      except urllib2.URLError, e:
        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
        err_msg = "The host seems to be down!"
        print settings.print_critical_msg(err_msg)
        sys.exit(0)
Exemplo n.º 5
0
def main():
  try:
    # Check if defined "--version" option.
    if menu.options.version:
      version.show_version()
      sys.exit(0)

    # Checkall the banner
    menu.banner()
        
    # Check python version number.
    version.python_version()

    # Check if defined "--dependencies" option. 
    # For checking (non-core) third party dependenices.
    if menu.options.noncore_dependencies:
      checks.third_party_dependencies()
      sys.exit(0)
      
    # Check if defined "--update" option.        
    if menu.options.update:
      update.updater()
      sys.exit(0)
        
    # Check if defined "--install" option.        
    if menu.options.install:
      install.installer()
      sys.exit(0)
    
    # Check arguments
    if len(sys.argv) == 1:
      menu.parser.print_help()
      print ""
      sys.exit(0)
    
    # Parse target / data from HTTP proxy logs (i.e Burp / WebScarab).
    if menu.options.logfile:
      parser.logfile_parser()
      
    # Modification on payload
    if not menu.options.shellshock:
      #settings.CURRENT_USER = "******" + settings.CURRENT_USER + ")"
      settings.SYS_USERS  = "echo $(" + settings.SYS_USERS + ")"
      settings.SYS_PASSES  = "echo $(" + settings.SYS_PASSES + ")"

    # Check if defined character used for splitting parameter values.
    if menu.options.pdel:
     settings.PARAMETER_DELIMITER = menu.options.pdel

    # Check if defined character used for splitting cookie values.
    if menu.options.cdel:
     settings.COOKIE_DELIMITER = menu.options.cdel

    # Check if specified wrong injection technique
    if menu.options.tech and menu.options.tech not in settings.AVAILABLE_TECHNIQUES:
      found_tech = False
      # Convert injection technique(s) to lowercase
      menu.options.tech = menu.options.tech.lower()
      # Check if used the ',' separator
      if "," in menu.options.tech:
        split_techniques_names = menu.options.tech.split(",")
      else:
        split_techniques_names = menu.options.tech.split()
      if split_techniques_names:
        for i in range(0,len(split_techniques_names)):
          if len(menu.options.tech) <= 4:
            split_first_letter = list(menu.options.tech)
            for j in range(0,len(split_first_letter)):
              if split_first_letter[j] in settings.AVAILABLE_TECHNIQUES:
                found_tech = True
              else:  
                found_tech = False            
      if split_techniques_names[i].replace(' ', '') not in settings.AVAILABLE_TECHNIQUES and found_tech == False:
        error_msg = "You specified wrong value '" + split_techniques_names[i] + "' as injection technique. " \
                    "The value, must be a string composed by the letters (C)lassic, (E)val-based, " \
                    "(T)ime-based, (F)ile-based (with or without commas)."
        print Back.RED + settings.ERROR_SIGN + error_msg + Style.RESET_ALL
        sys.exit(0)

    # Cookie Injection
    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
      settings.COOKIE_INJECTION = True

    # User-Agent Injection
    if menu.options.agent and settings.INJECT_TAG in menu.options.agent:
      settings.USER_AGENT_INJECTION = True

    # Referer Injection
    if menu.options.referer and settings.INJECT_TAG in menu.options.referer:
      settings.REFERER_INJECTION = True

    # Check if specified wrong alternative shell
    if menu.options.alter_shell:
      if menu.options.alter_shell.lower() not in settings.AVAILABLE_SHELLS:
        print Back.RED + settings.ERROR_SIGN + "'" + menu.options.alter_shell + "' shell is not supported!" + Style.RESET_ALL
        sys.exit(0)

    # Check the file-destination
    if menu.options.file_write and not menu.options.file_dest or \
    menu.options.file_upload  and not menu.options.file_dest:
      print Back.RED + settings.ERROR_SIGN + "Host's absolute filepath to write and/or upload, must be specified (--file-dest)." + Style.RESET_ALL
      sys.exit(0)

    if menu.options.file_dest and menu.options.file_write == None and menu.options.file_upload == None :
       print Back.RED + settings.ERROR_SIGN + "You must enter the '--file-write' or '--file-upload' parameter." + Style.RESET_ALL
       sys.exit(0)

    # Check if defined "--file-upload" option.
    if menu.options.file_upload:
      # Check if not defined URL for upload.
      if not re.match(settings.VALID_URL_FORMAT, menu.options.file_upload):
        print Back.RED + settings.ERROR_SIGN + "The '" + menu.options.file_upload + "' is not a valid URL. " + Style.RESET_ALL
        sys.exit(0)
        
    # Check if defined "--random-agent" option.
    if menu.options.random_agent:
      menu.options.agent = random.choice(settings.USER_AGENT_LIST)
  
    # Check if defined "--url" option.
    if menu.options.url:
      url = menu.options.url
      
      # Check if http / https
      url = checks.check_http_s(url)

      if menu.options.output_dir:
        output_dir = menu.options.output_dir
      else:
        output_dir = settings.OUTPUT_DIR
      
      # One directory up, if Windows or if the script is being run under "/src".
      if settings.IS_WINDOWS or "/src" in os.path.dirname(os.path.abspath(__file__)):
        os.chdir("..")
        
      output_dir = os.path.dirname(output_dir)
     
      try:
        os.stat(output_dir)
      except:
        os.mkdir(output_dir)   

      # The logs filename construction.
      filename = logs.create_log_file(url, output_dir)
      try:
        
        # Check if defined POST data
        if menu.options.data:
          request = urllib2.Request(url, menu.options.data)
        else:
          request = urllib2.Request(url)

        headers.do_check(request)  
        
        # Check if defined any HTTP Proxy (--proxy option).
        if menu.options.proxy:
          proxy.do_check(url)
        
        # Check if defined Tor (--tor option).
        elif menu.options.tor:
          tor.do_check()
        sys.stdout.write(settings.INFO_SIGN + "Checking connection to the target URL... ")
        sys.stdout.flush()

        try:
          # Check if defined any HTTP Proxy (--proxy option).
          if menu.options.proxy:
            response = proxy.use_proxy(request)
          # Check if defined Tor (--tor option).  
          elif menu.options.tor:
            response = tor.use_tor(request)
          else:
            try:
              response = urllib2.urlopen(request)
            except ValueError:
              # Invalid format for the '--headers' option.
              print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
              error_msg = "Use '--headers=\"HEADER_NAME:HEADER_VALUE\"' to provide an HTTP header or '--headers=\"HEADER_NAME:" + settings.INJECT_TAG + "\"' if you want to try to exploit the provided HTTP header."
              print Back.RED + settings.ERROR_SIGN + error_msg + Style.RESET_ALL
              sys.exit(0)
        except:
          raise

        html_data = response.read()
        content = response.read()

        print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"

        # Used a valid pair of valid credentials
        if menu.options.auth_cred:
          print Style.BRIGHT + "(!) Identified a valid pair of credentials '" + Style.UNDERLINE  + menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT  + "'." + Style.RESET_ALL

        try:
          if response.info()['server'] :
            server_banner = response.info()['server']
            found_os_server = False
            if menu.options.os and checks.user_defined_os():
              user_defined_os = settings.TARGET_OS

            for i in range(0,len(settings.SERVER_OS_BANNERS)):
              if settings.SERVER_OS_BANNERS[i].lower() in server_banner.lower():
                found_os_server = True
                settings.TARGET_OS = settings.SERVER_OS_BANNERS[i].lower()
                if settings.TARGET_OS == "win" or settings.TARGET_OS == "microsoft" :
                  identified_os = "Windows"
                  if menu.options.os and user_defined_os != "win":
                    if not checks.identified_os():
                      settings.TARGET_OS = user_defined_os

                  settings.TARGET_OS = identified_os[:3].lower()
                  if menu.options.shellshock:
                    print Back.RED + settings.CRITICAL_SIGN + "The shellshock module is not available for " + identified_os + " targets." + Style.RESET_ALL
                    raise SystemExit()
                else:
                  identified_os = "Unix-like (" + settings.TARGET_OS + ")"
                  if menu.options.os and user_defined_os == "win":
                    if not checks.identified_os():
                      settings.TARGET_OS = user_defined_os

            found_server_banner = False
            for i in range(0,len(settings.SERVER_BANNERS)):
              if settings.SERVER_BANNERS[i].lower() in server_banner.lower():
                if menu.options.verbose:
                  print Style.BRIGHT + "(!) The server was identified as " + Style.UNDERLINE + server_banner + Style.RESET_ALL + "." + Style.RESET_ALL
                settings.SERVER_BANNER = server_banner
                found_server_banner = True
                # Set up default root paths
                if settings.SERVER_BANNERS[i].lower() == "apache":
                  if settings.TARGET_OS == "win":
                    settings.SRV_ROOT_DIR = "\\htdocs"
                  else:
                    settings.SRV_ROOT_DIR = "/var/www"
                if settings.SERVER_BANNERS[i].lower() == "nginx": 
                  settings.SRV_ROOT_DIR = "/usr/share/nginx"
                if settings.SERVER_BANNERS[i].lower() == "microsoft-iis":
                  settings.SRV_ROOT_DIR = "\\inetpub\\wwwroot"
                break

            if menu.options.is_admin or menu.options.is_root and not menu.options.current_user:
              menu.options.current_user = True

            # Check for wrong flags.
            if settings.TARGET_OS == "win":
              if menu.options.is_root :
                print Fore.YELLOW + settings.WARNING_SIGN + "Swithing '--is-root' to '--is-admin' because the target has been identified as windows." + Style.RESET_ALL 
              error_msg = settings.WARNING_SIGN + "The '--passwords' option, is not yet available for Windows targets."
              if menu.options.passwords:
                print Fore.YELLOW + settings.WARNING_SIGN + "The '--passwords' option, is not yet available for Windows targets." + Style.RESET_ALL   
              if menu.options.file_upload :
                print Fore.YELLOW + settings.WARNING_SIGN + "The '--file-upload' option, is not yet available for windows targets. Instead, use the '--file-write' option." + Style.RESET_ALL   
                sys.exit(0)
            else: 
              if menu.options.is_admin : 
                print Fore.YELLOW + settings.WARNING_SIGN + "Swithing the '--is-admin' to '--is-root' because the target has been identified as unix-like. " + Style.RESET_ALL   
            
            if found_os_server == False and \
               not menu.options.os:
              # If "--shellshock" option is provided then,
              # by default is a Linux/Unix operating system.
              if menu.options.shellshock:
                pass 
              else:
                print Fore.YELLOW + settings.WARNING_SIGN + "Heuristics have failed to identify server's operating system." + Style.RESET_ALL 
                while True:
                  got_os = raw_input(settings.QUESTION_SIGN + "Do you recognise the server's operating system? [(W)indows/(U)nix/(q)uit] > ").lower()
                  if got_os.lower() in settings.CHOICE_OS :
                    if got_os.lower() == "w":
                      settings.TARGET_OS = "win"
                      break
                    elif got_os.lower() == "u":
                      break
                    elif got_os.lower() == "q":
                      raise SystemExit()
                  else:
                    if got_os == "":
                      got_os = "enter"
                    print Back.RED + settings.ERROR_SIGN + "'" + got_os + "' is not a valid answer." + Style.RESET_ALL + "\n"
                    pass

            if not menu.options.os:
              if found_server_banner == False:
                print  Fore.YELLOW + settings.WARNING_SIGN + "The server which was identified as " + server_banner + " seems unknown." + Style.RESET_ALL
          else:
            found_os_server = checks.user_defined_os()
        except KeyError:
          pass

        # Charset detection [1].
        # [1] http://www.w3schools.com/html/html_charset.asp
        # Check if HTML4 format
        content = re.findall(r";charset=(.*)\"", html_data)
        if len(content) != 0 :
          charset = content
        else:
           # Check if HTML5 format
          charset = re.findall(r"charset=['\"](.*?)['\"]", html_data)
        if len(charset) != 0 :
          settings.CHARSET = charset[len(charset)-1]
          if settings.CHARSET.lower() not in settings.CHARSET_LIST:
            print  Fore.YELLOW + settings.WARNING_SIGN + "The indicated web-page charset "  + settings.CHARSET + " seems unknown." + Style.RESET_ALL
          else:
            if menu.options.verbose:
              print Style.BRIGHT + "(!) The indicated web-page charset appears to be "  + Style.UNDERLINE  + settings.CHARSET + Style.RESET_ALL + "." + Style.RESET_ALL

        # Retrieve everything from the supported enumeration options.
        if menu.options.enum_all:
          checks.enable_all_enumeration_options()

      except urllib2.HTTPError, e:
        # Check the codes of responses
        if e.getcode() == 500:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          content = e.read()
          sys.exit(0)

        # Check for HTTP Error 401 (Unauthorized).
        elif e.getcode() == 401:
          try:
            # Get the auth header value
            auth_line = e.headers.get('www-authenticate', '')
            # Checking for authentication type name.
            auth_type = auth_line.split()[0]
            settings.SUPPORTED_HTTP_AUTH_TYPES.index(auth_type.lower())
            # Checking for the realm attribute.
            try: 
              auth_obj = re.match('''(\w*)\s+realm=(.*)''', auth_line).groups()
              realm = auth_obj[1].split(',')[0].replace("\"", "")
            except:
              realm = False

          except ValueError:
            print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
            print Back.RED + settings.ERROR_SIGN + "The identified HTTP authentication type (" + auth_type + ") is not yet supported." + Style.RESET_ALL + "\n"
            sys.exit(0)

          except IndexError:
            print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
            error_msg = "The provided pair of " + menu.options.auth_type 
            error_msg += " HTTP authentication credentials '" + menu.options.auth_cred + "'"
            error_msg += " seems to be invalid."
            print Back.RED + settings.ERROR_SIGN + error_msg + Style.RESET_ALL
            sys.exit(0) 

          print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
          if menu.options.auth_type and menu.options.auth_type != auth_type.lower():
            if checks.identified_http_auth_type(auth_type):
              menu.options.auth_type = auth_type.lower()
          else:
            menu.options.auth_type = auth_type.lower()

          # Check for stored auth credentials.
          if not menu.options.auth_cred:
            try:
              stored_auth_creds = session_handler.export_valid_credentials(url, auth_type.lower())
            except:
              stored_auth_creds = False
            if stored_auth_creds:
              menu.options.auth_cred = stored_auth_creds
              print Style.BRIGHT + "(!) Identified a valid pair of credentials '" + Style.UNDERLINE  + menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT  + "'." + Style.RESET_ALL
            else:  

              # Basic authentication 
              if menu.options.auth_type == "basic":
                if not menu.options.ignore_401:
                  print Fore.YELLOW + settings.WARNING_SIGN + "(" + menu.options.auth_type.capitalize() + ")" + " HTTP authentication credentials are required." + Style.RESET_ALL
                  while True:
                    crack_creds = raw_input(settings.QUESTION_SIGN + "Do you want to perform a dictionary-based attack? [Y/n/q] > ").lower()
                    if crack_creds in settings.CHOICE_YES:
                      auth_creds = authentication.http_auth_cracker(url, realm)
                      if auth_creds != False:
                        menu.options.auth_cred = auth_creds
                        settings.REQUIRED_AUTHENTICATION = True
                        break
                      else:
                        sys.exit(0)
                    elif crack_creds in settings.CHOICE_NO:
                      checks.http_auth_error_msg()
                    elif crack_creds in settings.CHOICE_QUIT:
                      sys.exit(0)
                    else:
                      if crack_creds == "":
                        crack_creds = "enter"
                      print Back.RED + settings.ERROR_SIGN + "'" + crack_creds + "' is not a valid answer." + Style.RESET_ALL + "\n"
                      pass

              # Digest authentication         
              elif menu.options.auth_type == "digest":
                if not menu.options.ignore_401:
                  print Fore.YELLOW + settings.WARNING_SIGN + "(" + menu.options.auth_type.capitalize() + ")" + " HTTP authentication credentials are required." + Style.RESET_ALL       
                  # Check if heuristics have failed to identify the realm attribute.
                  if not realm:
                    warn_msg = "Heuristics have failed to identify the realm attribute." 
                    print Fore.YELLOW + settings.WARNING_SIGN + warn_msg + Style.RESET_ALL 
                  while True:
                    crack_creds = raw_input(settings.QUESTION_SIGN + "Do you want to perform a dictionary-based attack? [Y/n/q] > ").lower()
                    if crack_creds in settings.CHOICE_YES:
                      auth_creds = authentication.http_auth_cracker(url, realm)
                      if auth_creds != False:
                        menu.options.auth_cred = auth_creds
                        settings.REQUIRED_AUTHENTICATION = True
                        break
                      else:
                        sys.exit(0)
                    elif crack_creds in settings.CHOICE_NO:
                      checks.http_auth_error_msg()
                    elif crack_creds in settings.CHOICE_QUIT:
                      sys.exit(0)
                    else:
                      if crack_creds == "":
                        crack_creds = "enter"
                      print Back.RED + settings.ERROR_SIGN + "'" + crack_creds + "' is not a valid answer." + Style.RESET_ALL + "\n"
                      pass
                  else:   
                    checks.http_auth_error_msg()      
          else:
            pass

        elif e.getcode() == 403:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          print Back.RED + settings.ERROR_SIGN + "You don't have permission to access this page." + Style.RESET_ALL
          sys.exit(0)
          
        elif e.getcode() == 404:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          print Back.RED + settings.ERROR_SIGN + "The host seems to be down!" + Style.RESET_ALL
          sys.exit(0)

        else:
          raise

      except urllib2.URLError, e:
        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
        print Back.RED + settings.ERROR_SIGN + "The host seems to be down!" + Style.RESET_ALL
        sys.exit(0)
Exemplo n.º 6
0
def estimate_response_time(url, timesec):
  if settings.VERBOSITY_LEVEL >= 1:
    info_msg = "Estimating the target URL response time... "
    sys.stdout.write(settings.print_info_msg(info_msg))
    sys.stdout.flush()
  # Check if defined POST data
  if menu.options.data:
    request = urllib2.Request(url, menu.options.data)
  else:
    url = parameters.get_url_part(url)
    request = urllib2.Request(url)
  headers.do_check(request) 
  start = time.time()
  try:
    response = urllib2.urlopen(request)
    response.read(1)
    response.close()

  # except urllib2.HTTPError, err:
  #   pass
    
  except urllib2.HTTPError, err:
    ignore_start = time.time()
    if "Unauthorized" in str(err) and menu.options.ignore_401:
      pass
    else:
      if settings.VERBOSITY_LEVEL >= 1:
        print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
      err_msg = "Unable to connect to the target URL"
      try:
        err_msg += " (" + str(err.args[0]).split("] ")[1] + ")."
      except IndexError:
        err_msg += " (" + str(err) + ")."
      print settings.print_critical_msg(err_msg)
      # Check for HTTP Error 401 (Unauthorized).
      if str(err.getcode()) == settings.UNAUTHORIZED_ERROR:
        try:
          # Get the auth header value
          auth_line = err.headers.get('www-authenticate', '')
          # Checking for authentication type name.
          auth_type = auth_line.split()[0]
          settings.SUPPORTED_HTTP_AUTH_TYPES.index(auth_type.lower())
          # Checking for the realm attribute.
          try: 
            auth_obj = re.match('''(\w*)\s+realm=(.*)''', auth_line).groups()
            realm = auth_obj[1].split(',')[0].replace("\"", "")
          except:
            realm = False

        except ValueError:
          err_msg = "The identified HTTP authentication type (" + auth_type + ") "
          err_msg += "is not yet supported."
          print settings.print_critical_msg(err_msg) + "\n"
          raise SystemExit()

        except IndexError:
          err_msg = "The provided pair of " + menu.options.auth_type 
          err_msg += " HTTP authentication credentials '" + menu.options.auth_cred + "'"
          err_msg += " seems to be invalid."
          print settings.print_critical_msg(err_msg)
          raise SystemExit() 

        if menu.options.auth_type and menu.options.auth_type != auth_type.lower():
          if checks.identified_http_auth_type(auth_type):
            menu.options.auth_type = auth_type.lower()
        else:
          menu.options.auth_type = auth_type.lower()

        # Check for stored auth credentials.
        if not menu.options.auth_cred:
          try:
            stored_auth_creds = session_handler.export_valid_credentials(url, auth_type.lower())
          except:
            stored_auth_creds = False
          if stored_auth_creds:
            menu.options.auth_cred = stored_auth_creds
            success_msg = "Identified a valid (stored) pair of credentials '"  
            success_msg += menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT  + "'."
            print settings.print_success_msg(success_msg)
          else:  
            # Basic authentication 
            if menu.options.auth_type == "basic":
              if not menu.options.ignore_401:
                warn_msg = "(" + menu.options.auth_type.capitalize() + ") " 
                warn_msg += "HTTP authentication credentials are required."
                print settings.print_warning_msg(warn_msg)
                while True:
                  if not menu.options.batch:
                    question_msg = "Do you want to perform a dictionary-based attack? [Y/n] > "
                    sys.stdout.write(settings.print_question_msg(question_msg))
                    do_update = sys.stdin.readline().replace("\n","").lower()
                  else:
                    do_update = ""  
                  if len(do_update) == 0:
                     do_update = "y" 
                  if do_update in settings.CHOICE_YES:
                    auth_creds = authentication.http_auth_cracker(url, realm)
                    if auth_creds != False:
                      menu.options.auth_cred = auth_creds
                      settings.REQUIRED_AUTHENTICATION = True
                      break
                    else:
                      raise SystemExit()
                  elif do_update in settings.CHOICE_NO:
                    checks.http_auth_err_msg()
                  elif do_update in settings.CHOICE_QUIT:
                    raise SystemExit()
                  else:
                    err_msg = "'" + do_update + "' is not a valid answer."  
                    print settings.print_error_msg(err_msg)
                    pass

            # Digest authentication         
            elif menu.options.auth_type == "digest":
              if not menu.options.ignore_401:
                warn_msg = "(" + menu.options.auth_type.capitalize() + ") " 
                warn_msg += "HTTP authentication credentials are required."
                print settings.print_warning_msg(warn_msg)      
                # Check if heuristics have failed to identify the realm attribute.
                if not realm:
                  warn_msg = "Heuristics have failed to identify the realm attribute." 
                  print settings.print_warning_msg(warn_msg)
                while True:
                  if not menu.options.batch:
                    question_msg = "Do you want to perform a dictionary-based attack? [Y/n] > "
                    sys.stdout.write(settings.print_question_msg(question_msg))
                    do_update = sys.stdin.readline().replace("\n","").lower()
                  else:
                    do_update = ""
                  if len(do_update) == 0:
                     do_update = "y" 
                  if do_update in settings.CHOICE_YES:
                    auth_creds = authentication.http_auth_cracker(url, realm)
                    if auth_creds != False:
                      menu.options.auth_cred = auth_creds
                      settings.REQUIRED_AUTHENTICATION = True
                      break
                    else:
                      raise SystemExit()
                  elif do_update in settings.CHOICE_NO:
                    checks.http_auth_err_msg()
                  elif do_update in settings.CHOICE_QUIT:
                    raise SystemExit()
                  else:
                    err_msg = "'" + do_update + "' is not a valid answer."  
                    print settings.print_error_msg(err_msg)
                    pass
                else:   
                  checks.http_auth_err_msg()      
        else:
          pass
  
    ignore_end = time.time()
    start = start - (ignore_start - ignore_end)
Exemplo n.º 7
0
def estimate_response_time(url, timesec):
  stored_auth_creds = False
  if settings.VERBOSITY_LEVEL >= 1:
    info_msg = "Estimating the target URL response time... "
    sys.stdout.write(settings.print_info_msg(info_msg))
    sys.stdout.flush()
  # Check if defined POST data
  if menu.options.data:
    request = _urllib.request.Request(url, menu.options.data.encode(settings.UNICODE_ENCODING))
  else:
    url = parameters.get_url_part(url)
    request = _urllib.request.Request(url)
  headers.do_check(request) 
  start = time.time()
  try:
    response = _urllib.request.urlopen(request)
    response.read(1)
    response.close()

  # except _urllib.error.HTTPError as err:
  #   pass
    
  except _urllib.error.HTTPError as err:
    ignore_start = time.time()
    if "Unauthorized" in str(err) and menu.options.ignore_code == settings.UNAUTHORIZED_ERROR:
      pass
    else:
      if settings.VERBOSITY_LEVEL >= 1:
        print("[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]")
      err_msg = "Unable to connect to the target URL"
      try:
        err_msg += " (" + str(err.args[0]).split("] ")[1] + ")."
      except IndexError:
        err_msg += " (" + str(err) + ")."
      print(settings.print_critical_msg(err_msg))
      # Check for HTTP Error 401 (Unauthorized).
      if str(err.getcode()) == settings.UNAUTHORIZED_ERROR:
        try:
          # Get the auth header value
          auth_line = err.headers.get('www-authenticate', '')
          # Checking for authentication type name.
          auth_type = auth_line.split()[0]
          settings.SUPPORTED_HTTP_AUTH_TYPES.index(auth_type.lower())
          # Checking for the realm attribute.
          try: 
            auth_obj = re.match('''(\w*)\s+realm=(.*)''', auth_line).groups()
            realm = auth_obj[1].split(',')[0].replace("\"", "")
          except:
            realm = False

        except ValueError:
          err_msg = "The identified HTTP authentication type (" + str(auth_type) + ") "
          err_msg += "is not yet supported."
          print(settings.print_critical_msg(err_msg) + "\n")
          raise SystemExit()

        except IndexError:
          err_msg = "The provided pair of " + str(menu.options.auth_type) 
          err_msg += " HTTP authentication credentials '" + str(menu.options.auth_cred) + "'"
          err_msg += " seems to be invalid."
          print(settings.print_critical_msg(err_msg))
          raise SystemExit() 

        if menu.options.auth_type and menu.options.auth_type != auth_type.lower():
          if checks.identified_http_auth_type(auth_type):
            menu.options.auth_type = auth_type.lower()
        else:
          menu.options.auth_type = auth_type.lower()

        # Check for stored auth credentials.
        if not menu.options.auth_cred:
          try:
            stored_auth_creds = session_handler.export_valid_credentials(url, auth_type.lower())
          except:
            stored_auth_creds = False
          if stored_auth_creds:
            menu.options.auth_cred = stored_auth_creds
            success_msg = "Identified a valid (stored) pair of credentials '"  
            success_msg += menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT  + "'."
            print(settings.print_success_msg(success_msg))
          else:  
            # Basic authentication 
            if menu.options.auth_type == "basic":
              if not menu.options.ignore_code == settings.UNAUTHORIZED_ERROR:
                warn_msg = "(" + menu.options.auth_type.capitalize() + ") " 
                warn_msg += "HTTP authentication credentials are required."
                print(settings.print_warning_msg(warn_msg))
                while True:
                  if not menu.options.batch:
                    question_msg = "Do you want to perform a dictionary-based attack? [Y/n] > "
                    do_update = _input(settings.print_question_msg(question_msg))
                  else:
                    do_update = ""  
                  if len(do_update) == 0:
                     do_update = "y" 
                  if do_update in settings.CHOICE_YES:
                    auth_creds = authentication.http_auth_cracker(url, realm)
                    if auth_creds != False:
                      menu.options.auth_cred = auth_creds
                      settings.REQUIRED_AUTHENTICATION = True
                      break
                    else:
                      raise SystemExit()
                  elif do_update in settings.CHOICE_NO:
                    checks.http_auth_err_msg()
                  elif do_update in settings.CHOICE_QUIT:
                    raise SystemExit()
                  else:
                    err_msg = "'" + do_update + "' is not a valid answer."  
                    print(settings.print_error_msg(err_msg))
                    pass

            # Digest authentication         
            elif menu.options.auth_type == "digest":
              if not menu.options.ignore_code == settings.UNAUTHORIZED_ERROR:
                warn_msg = "(" + menu.options.auth_type.capitalize() + ") " 
                warn_msg += "HTTP authentication credentials are required."
                print(settings.print_warning_msg(warn_msg))      
                # Check if heuristics have failed to identify the realm attribute.
                if not realm:
                  warn_msg = "Heuristics have failed to identify the realm attribute." 
                  print(settings.print_warning_msg(warn_msg))
                while True:
                  if not menu.options.batch:
                    question_msg = "Do you want to perform a dictionary-based attack? [Y/n] > "
                    do_update = _input(settings.print_question_msg(question_msg))
                  else:
                    do_update = ""
                  if len(do_update) == 0:
                     do_update = "y" 
                  if do_update in settings.CHOICE_YES:
                    auth_creds = authentication.http_auth_cracker(url, realm)
                    if auth_creds != False:
                      menu.options.auth_cred = auth_creds
                      settings.REQUIRED_AUTHENTICATION = True
                      break
                    else:
                      raise SystemExit()
                  elif do_update in settings.CHOICE_NO:
                    checks.http_auth_err_msg()
                  elif do_update in settings.CHOICE_QUIT:
                    raise SystemExit()
                  else:
                    err_msg = "'" + do_update + "' is not a valid answer."  
                    print(settings.print_error_msg(err_msg))
                    pass
                else:   
                  checks.http_auth_err_msg()      
        else:
          pass
  
    ignore_end = time.time()
    start = start - (ignore_start - ignore_end)

  except socket.timeout:
    if settings.VERBOSITY_LEVEL >= 1:
      print("[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]")
    err_msg = "The connection to target URL has timed out."
    print(settings.print_critical_msg(err_msg) + "\n")
    raise SystemExit()

  except _urllib.error.URLError as err_msg:
    if settings.VERBOSITY_LEVEL >= 1:
      print("[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]")
    print(settings.print_critical_msg(str(err_msg.args[0]).split("] ")[1] + "."))
    raise SystemExit()

  except ValueError as err_msg:
    if settings.VERBOSITY_LEVEL >= 1:
      print("[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]")
    print(settings.print_critical_msg(str(err_msg) + "."))
    raise SystemExit()

  end = time.time()
  diff = end - start 

  # if settings.VERBOSITY_LEVEL >= 1:
  #   info_msg = "Estimating the target URL response time... "
  #   sys.stdout.write(settings.print_info_msg(info_msg))
  #   sys.stdout.flush()
  
  if int(diff) < 1:
    if settings.VERBOSITY_LEVEL >= 1 and stored_auth_creds == False:
      print("[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]")
    url_time_response = int(diff)
    if settings.TARGET_OS == "win":
      warn_msg = "Due to the relatively slow response of 'cmd.exe' in target "
      warn_msg += "host, there may be delays during the data extraction procedure."
      print(settings.print_warning_msg(warn_msg))
  else:
    if settings.VERBOSITY_LEVEL >= 1:
      print("[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]")
    url_time_response = int(round(diff))
    warn_msg = "The estimated response time is " + str(url_time_response)
    warn_msg += " second" + "s"[url_time_response == 1:] + ". That may cause" 
    if url_time_response >= 3:
      warn_msg += " serious"
    warn_msg += " delays during the data extraction procedure" 
    if url_time_response >= 3:
      warn_msg += " and/or possible corruptions over the extracted data"
    warn_msg += "."
    print(settings.print_warning_msg(warn_msg))

  if int(timesec) == int(url_time_response):
    timesec = int(timesec) + int(url_time_response)
  else:
    timesec = int(timesec)

  # Against windows targets (for more stability), add one extra second delay.
  if settings.TARGET_OS == "win" :
    timesec = timesec + 1

  return timesec, url_time_response
Exemplo n.º 8
0
   success_msg = "Identified a valid pair of credentials '"  
   success_msg += menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT  + "'."
   print settings.print_success_msg(success_msg)
 else:  
   # Basic authentication 
   if menu.options.auth_type == "basic":
     if not menu.options.ignore_401:
       warn_msg = "(" + menu.options.auth_type.capitalize() + ") " 
       warn_msg += "HTTP authentication credentials are required."
       print settings.print_warning_msg(warn_msg)
       while True:
         question_msg = "Do you want to perform a dictionary-based attack? [Y/n/q] > "
         sys.stdout.write(settings.print_question_msg(question_msg))
         crack_creds = sys.stdin.readline().replace("\n","").lower()
         if crack_creds in settings.CHOICE_YES:
           auth_creds = authentication.http_auth_cracker(url, realm)
           if auth_creds != False:
             menu.options.auth_cred = auth_creds
             settings.REQUIRED_AUTHENTICATION = True
             break
           else:
             sys.exit(0)
         elif crack_creds in settings.CHOICE_NO:
           checks.http_auth_err_msg()
         elif crack_creds in settings.CHOICE_QUIT:
           sys.exit(0)
         else:
           if crack_creds == "":
             crack_creds = "enter"
           err_msg = "'" + crack_creds + "' is not a valid answer."  
           print settings.print_error_msg(err_msg)