def Email(content): list_email = parser.Parser(content).getmail() if len(list_email) > 1: output.Output().plus('Found Emails: %s' % str(list_email).split('[')[1].split(']')[0]) elif len(list_email) == 1: output.Output().plus('Found Email: %s' % list_email[0])
def IP(content): list_ip = parser.Parser(content).getip() if len(list_ip) > 1: output.Output().plus('Found Private IP: %s' % str(list_ip).split('[')[1].split(']')[0]) elif len(list_ip) == 1: output.Output().plus('Found Private IP: %s' % list_ip[0])
def Card(content): cc = parser.Parser(content).getcc() if len(cc) > 1: output.Output().plus('Found Credit Cards: %s' % str(cc).split('[')[1].split(']')[0]) elif len(cc) == 1: output.Output().plus('Found Credit Card: %s' % cc[0])
def run(headers): if headers['set-cookie']: cookie = headers['set-cookie'] else: cookie = None if cookie != None: if re.search(r'domain=\S*',cookie,re.I): output.Output().plus('Cookies are only accessible to this domain: %s'%re.findall(r'domain=(.+?)[\;]',cookie,re.I)[0]) if not re.search('httponly',cookie,re.I): output.Output().plus('Cookies created without HTTPOnly Flag.') if not re.search('secure',cookie,re.I): output.Output().plus('Cookies created without Secure Flag.')
def __init__(self, agent, proxy, redirect, timeout, links, cookie): self.links = links self.cookie = cookie self.output = output.Output() self.agent = agent self.proxy = proxy self.redirect = redirect self.timeout = timeout
def __init__(self, agent, proxy, redirect, timeout, url, cookie): self.agent = agent self.proxy = proxy self.redirect = redirect self.timeout = timeout self.url = url self.cookie = cookie self.output = output.Output()
def __init__(self, agent, proxy, redirect, timeout, url, cookie): self.url = url self.cookie = cookie self.output = output.Output() self.request = request.Request(agent=agent, proxy=proxy, redirect=redirect, timeout=timeout)
def __init__(self, agent, proxy, redirect, timeout, url, cookie): self.url = url self.output = output.Output() self.ip = ip.Ip(agent=agent, proxy=proxy, redirect=redirect, timeout=timeout, url=url, cookie=cookie)
def __init__(self, agent, proxy, redirect, timeout, url, cookie): self.url = url self.cookie = cookie self.output = output.Output() self.request = request.Request( agent= '() { foo;}; echo Content-Type: text/plain ; echo ; cat /etc/passwd', proxy=proxy, redirect=redirect, timeout=timeout)
def __init__(self, agent, proxy, redirect, timeout, links, cookie): self.links = links self.cookie = cookie self.check = utils.Checker() self.output = output.Output() self.param = parameters self.request = request.Request(agent=agent, proxy=proxy, redirect=redirect, timeout=timeout)
def run(headers): fields = ('Accept', 'Accept-Charset', 'Accept-Encoding', 'Accept-Language', 'Accept-Datetime', 'Authorization', 'Connection', 'Cookie', 'Content-Length', 'Content-MD5', 'Content-Type', 'Expect', 'From', 'Host', 'If-Match', 'If-Modified-Since', 'If-None-Match', 'If-Range', 'If-Unmodified-Since', 'Max-Forwards', 'Origin', 'Pragma', 'Proxy-Authorization', 'Range', 'Referer', 'User-Agent', 'Upgrade', 'Via', 'Warning', 'X-Requested-With', 'X-Forwarded-For', 'X-Forwarded-Host', 'X-Forwarded-Proto', 'Front-End-Https', 'X-Http-Method-Override', 'X-ATT-DeviceId', 'X-Wap-Profile', 'Proxy-Connection', 'Accept-Ranges', 'Age', 'Allow', 'Cache-Control', 'Content-Encoding', 'Content-Language', 'Content-Length', 'Content-Location', 'Content-MD5', 'Content-Disposition', 'Content-Range', 'Content-Type', 'Date', 'ETag', 'Expires', 'Last-Modified', 'Link', 'Location', 'Proxy-Authenticate', 'Refresh', 'Retry-After', 'Server', 'Set-Cookie', 'Status', 'Strict-Transport-Security', 'Trailer', 'Transfer-Encoding', 'Vary', 'WWW-Authenticate', 'X-Frame-Options', 'Public-Key-Pins', 'X-XSS-Protection', 'Content-Security-Policy', 'X-Content-Security-Policy', 'X-WebKit-CSP', 'X-Content-Type-Options', 'X-Powered-By', 'Keep-Alive', 'Content-language', 'X-UA-Compatible') if not re.search(r'X-Frame-Options', str(headers.keys()), re.I): output.Output().plus('X-Frame-Options header is not present.') if not re.search(r'Strict-Transport-Security', str(headers.keys()), re.I): output.Output().plus( 'Strict-Transport-Security header is not present.') if not re.search(r'x-xss-protection', str(headers.keys()), re.I): output.Output().plus('X-XSS-Protection header is not present.') try: for key in headers.keys(): if key not in fields: output.Output().plus( 'Uncommon header "%s" found, with contents: %s' % (key, headers[key])) except Exception, e: pass
def __init__(self, agent, proxy, redirect, timeout, url, cookie): self.url = url self.cookie = cookie self.output = output.Output() self.email = email.Email(agent=agent, proxy=proxy, redirect=redirect, timeout=timeout, url=url, cookie=cookie)
def __init__(self, agent, proxy, redirect, timeout, url, cookie): self.url = url self.cookie = cookie self.forms = forms.Forms() self.output = output.Output() self.ucheck = urlcheck.UrlCheck() self.parser = urlparser.UrlParser(url) self.extract = urlextract.UrlExtract() self.request = request.Request(agent=agent, proxy=proxy, redirect=redirect, timeout=timeout)
def __init__(self, agent, proxy, redirect, timeout, url, cookie): self.url = url self.cookie = cookie self.check = utils.Checker() self.output = output.Output() self.parser = utils.Parser(self.url) self.form = form.Form(agent=agent, proxy=proxy, redirect=redirect, timeout=timeout, url=url, cookie=cookie) self.request = request.Request(agent=agent, proxy=proxy, redirect=redirect, timeout=timeout)
class Spaghetti(object): bn = banner.Banner() pr = output.Output() pa = urlparser ma = manager nw = ("") def main(self,argv): agent = ragent.RAgent() redir = True time = None proxy = None cookie = None if len(sys.argv) < 2: self.bn.usage(True) try: opts,arg = getopt.getopt( argv,'u:s:',['url=','scan=','crawler','agent=','random-agent','redirect=', 'timeout=','cookie=','proxy=','verbose','version','help'] ) except getopt.error,e: self.bn.usage(True) for o,a in opts: if o in ('-u','--url'): self.url = self.target(a) if o in ('-s','--scan'): self.scan = a if o in ('--crawler'):pass if o in ('--agent'): agent = str(a) if o in ('--random-agent'):pass if o in ('--redirect'): redir = a if o in ('--timeout'): time = a if o in ('--cookie'): cookie = a if o in ('--proxy'): proxy = a #if o in ("--headers"):pass if o in ('--verbose'):pass if o in ('--version'): self.bn.version(True) if o in ('--help'): self.bn.usage(True) # starting self.bn.banner() self.strftime() if not hasattr(self,'scan'): self.scan = str(0) self.pr.info('Scan argument is not defined, setting to default value %s'%(self.scan)) if self.scan == "6": pass else: self.ma.fingerprints(agent,proxy,redir,time,self.url,cookie) # crawler if self.scan == '0' or self.scan == '3': print self.nw urls = self.ma.crawling( agent,proxy,redir,time,self.url,cookie) if urls==[]:urls.append(self.url) # scan options if self.scan == '0': self.ma.bruteforce( agent,proxy,redir,time,self.url,cookie) self.ma.disc( agent,proxy,redir,time,self.url,cookie) self.ma.attacks( agent,proxy,redir,time,urls,cookie) self.ma.others( agent,proxy,redir,time,self.url,cookie) self.ma.vuln( agent,proxy,redir,time,self.url,cookie) if self.scan == '1': self.ma.bruteforce( agent,proxy,redir,time,self.url,cookie) if self.scan == '2': self.ma.disc( agent,proxy,redir,time,self.url,cookie) if self.scan == '3': self.ma.attacks( agent,proxy,redir,time,urls,cookie) if self.scan == '4': self.ma.others( agent,proxy,redir,time,self.url,cookie) if self.scan == '5': self.ma.vuln( agent,proxy,redir,time,self.url,cookie) if self.scan == '6': self.ma.fingerprints( agent,proxy,redir,time,self.url,cookie) print self.nw
if self.scan == '3': self.ma.attacks( agent,proxy,redir,time,urls,cookie) if self.scan == '4': self.ma.others( agent,proxy,redir,time,self.url,cookie) if self.scan == '5': self.ma.vuln( agent,proxy,redir,time,self.url,cookie) if self.scan == '6': self.ma.fingerprints( agent,proxy,redir,time,self.url,cookie) print self.nw def strftime(self): self.pr.plus('URL: %s'%self.url) self.pr.plus('Started: %s'%(str(time.strftime('%d/%m/%Y %H:%M:%S')))) print self.nw def target(self,url): u = self.pa.UrlParser(url).host_path() if u == None: sys.exit(self.pr.less('Url not found, please try with target url!')) return str(u) if __name__ == "__main__": try: main = Spaghetti().main(sys.argv[1:]) except KeyboardInterrupt: sys.exit(output.Output().less('Keyboard Interrupt by User!!'))
class Spaghetti(object): ban = banner.Banner() output = output.Output() def main(self,kwargs): agent = "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0" redirect = True timeout = None cookie = None proxy = None default_scan = "5" # args... if len(sys.argv) < 2: self.ban.usage(True) try: opts,args = getopt.getopt(kwargs,'u:s:',['url=','scan=','agent=','random-agent', 'redirect=','timeout=','cookie=','proxy=','verbose','version','help']) except getopt.error,e: self.ban.usage(True) for o,a in opts: if o in ('-u','--url'): self.url = utils.Parser(a).host_path() if not self.url: self.output.less('Try with target url!') sys.exit(0) if o in ('-s','--scan'): self.scan = a if self.scan not in ('0','1','2','3','4','5'): self.output.less('Check scan option and try!') sys.exit(0) if o in ('--agent'): agent = a if o in ('--random-agent'): pass if o in ('--redirect'): redirect = a if o in ('--timeout'): timeout = a if o in ('--cookie'): cookie = a if o in ('--proxy'): proxy = a if o in ('--verbose'): pass if o in ('--version'): self.ban.version(True) if o in ('--help'): self.ban.usage(True) self.fingerprints( agent,proxy,redirect,timeout,self.url,cookie ) urls = self.crawler( agent,proxy,redirect,timeout,self.url,cookie) # if urls == None or urls == []: urls == []; urls.append(self.url) # #Check if --scan is set or else set default value if not hasattr(self, "scan"): self.scan = default_scan self.output.info('Argument --scan is not defined. Setting to default value %s'%default_scan) if self.scan == "0": self.broken( agent,proxy,redirect,timeout,self.url,cookie ) self.disclosure( agent,proxy,redirect,timeout,self.url,cookie ) self.injection( agent,proxy,redirect,timeout,urls,cookie ) self.other( agent,proxy,redirect,timeout,self.url,cookie ) self.vulns( agent,proxy,redirect,timeout,self.url,cookie ) elif self.scan == "1": self.broken( agent,proxy,redirect,timeout,self.url,cookie ) elif self.scan == "2": self.disclosure( agent,proxy,redirect,timeout,self.url,cookie ) elif self.scan == "3": self.injection( agent,proxy,redirect,timeout,urls,cookie ) elif self.scan == "4": self.other( agent,proxy,redirect,timeout,self.url,cookie ) elif self.scan == "5": self.vulns( agent,proxy,redirect,timeout,self.url,cookie )
def other(self,a,p,r,t,u,c): other.Other( agent=a,proxy=p,redirect=r,timeout=t,url=u,cookie=c ).run( ) def vulns(self,a,p,r,t,u,c): vulns.Vulns( agent=a,proxy=p,redirect=r,timeout=t,url=u,cookie=c ).run( ) def crawler(self,a,p,r,t,u,c): return crawler.Crawler( agent=a,proxy=p,redirect=r,timeout=t,url=u,cookie=c ).process( ) def starttime(self): self.output.plus('Target: %s'%self.url) self.output.plus('Starting: %s'%time.strftime('%d/%m/%Y %H:%M:%S')) print "" if __name__ == "__main__": try: main = Spaghetti() main.main(sys.argv[1:]) except KeyboardInterrupt: sys.exit(output.Output().less('Exiting...'))