def createDocker(): utils.printLine() print("Create new Docker :)") inputPort = utils.checkPort(input("Enter the port you wish to use : ")) containerName = newName() print("Name : " + containerName) image = checkdb() # without or with DB runDocker(image, containerName, inputPort)
def askAction(): action = input("""What do you want to do? - c (create a new docker) - s (start a specific docker)\nInput : """) if (action == "c"): createDocker() elif (action == "s"): utils.printLine() print("Start specific Docker :") else: utils.printLine() utils.Warn("You must answer c or s, please try again : ") return askAction()
def mrBinDirect(lang): # Get the file information fileName = raw_input(_("Arquivo: ")) clear() # Print the file type print bcolors.BOLD + _('Arquivo \'{}\'').format( underName(fileName)) + bcolors.ENDC print _('Tipo: ') + getType(fileName) # Print the md5 value md5Value = md5sum(fileName) print _('MD5 signature: ') + md5Value ## TEST SECTION # [1] Verify the MD5 signature with a MD5 file printLine() print '[1] ' + (_('Verificacao do MD5')) print _('Procurando arquivo \'{}\'').format(underName(fileName + '.md5')) print compareMd5File(fileName + '.md5', md5Value) # [2] Finding printable strings on the bin file printLine() print '[2] ' + (_('Analise de Palavras Legiveis')) print findStrings(fileName, 10) # [3] Dumphex data from the Bin file printLine() print '[3] ' + (_('Executando Hex Dump no firmware')) print dumpFileContent(fileName) # [4] Tentativa de extracao do sistema de arquivos printLine() print '[4] ' + (_('Tentativa de Extracao do Sistema de Arquivos')) print binExtract(fileName) pause()
return image, threshold, weight, nruns, rows, cols #------------------------------------------------------------------- image = '' threshold, weight = 0.000001, 4 nruns, rows, cols = 0, 0, 0 # initialize image, threshold, weight, nruns, rows, cols = \ initVars(image, threshold, weight, \ nruns, rows, cols, sys.argv) # Values set to print printLine() print 'image: \"', sys.argv[1], '\"' print 'threshold =',threshold, 'weight =',weight print 'nruns =',nruns,', rows =',rows,', cols =',cols # get image roi row_base = (image.shape[0] - rows)/2 col_base = (image.shape[1] - cols)/2 image_region = image[row_base:row_base+rows, \ col_base:col_base+cols] # create ghost zones image_ghost = np.zeros((rows+4, cols+4, 3), image_region.dtype) image_ghost[2:rows+2, 2:cols+2, 0:3] = image_region[0:rows, 0:cols, 0:3] # convert input image to floating point
def webIDirect(lang): global status_code removedSlash = False # Try to connect to the website url = raw_input(_("Endereco da interface para teste (com a porta): ")) parsed = urlparse(url) if len(parsed.netloc) == 0: parsed = urlparse('http://'+url) pass url = url.replace("http://","") url = url.replace("https://","") try: # Do the request req = requests.get('http://'+url, stream=True) # FROMFD ERROR s = socket.fromfd(req.raw.fileno(), socket.AF_INET, socket.SOCK_STREAM) clear() print _("[!] Interface esta online.") if not (':' in url): port = 80 else: port = int(parsed.port) except (requests.ConnectionError, socket.error) as Exit: wait = raw_input(_('Interface Offline ou URL Invalida')) return # Remove the / end marker if url.endswith('/'): removedSlash = True url = url[:-1] pass # Show the Url on the top of the page print url # Get the information from socket # FROMFD ERROR port = s.getpeername()[1] # Show the test basic information print _('- Hora:\t\t') + req.headers['Date'] # Get the target hostname information (IP, Port, Server ) if ':' in url: ipAddr = socket.gethostbyname(url.split(":",1)[0]) else: ipAddr = socket.gethostbyname(parsed.netloc) print _('- IP:\t\t') + ipAddr if url.find('/') != -1: hostname = url[:-(len(url)-url.find('/'))] else: hostname = url print _('- Hostname:\t') + hostname try: serv = socket.getservbyport(port) except socket.error as e: serv = "Nao padrao" print _('- Porta:\t') + str(port) + ' [' +serv + ']' if 'Server' in req.headers: print _('- Servidor:\t') + req.headers['Server'] ############# DEBUG AREA # Debbuging vulnerabilities ############# END OF DEBUG # [1] Testing Https use printLine() print bcolors.HEADER + '[1] ' + bcolors.ENDC + (_('Uso de HTTPS')) print testHttps(url,lang) # [2] Testing Protection against Clickjack/UI Redress printLine() print bcolors.HEADER + '[2] ' + bcolors.ENDC + (_('Protecao contra Clickjack/UI Redress')) print testClickJack(url,lang) # [3] Testing if the login or admin pages can be easily found printLine() print bcolors.HEADER + '[3] ' + bcolors.ENDC + (_('Paginas de Login e Admin')) possibleUrlResponse = getLoginPages(url, lang) print possibleUrlResponse[0] # [4] Testing SQLi attack printLine() print bcolors.HEADER + '[4] ' + bcolors.ENDC + (_('SQL Injection')) possibleUrlResponse[1].insert(0,"/") exitOpt = raw_input(_('Deseja incluir algum caminho para teste?:\n1 - Sim\n2 - Nao\n')) if ((exitOpt != 1) & (len(possibleUrlResponse[1]) == 1)): print _('Url de formulario explicito nao encontrada') while exitOpt == 1: possibleUrl = raw_input(_('Insira um caminho para testar: ')) possibleUrlResponse[1].append(possibleUrl) exitOpt = raw_input(_('Deseja incluir mais algum teste?:\n1 - Sim\n2 - Nao\n')) pass if len(possibleUrlResponse[1]) != 0: print testSQLi(url,possibleUrlResponse[1],lang) # [5] Testing XSS vulnerabilities printLine() print bcolors.HEADER + '[5] ' + bcolors.ENDC + (_('XSS - Cross-site Scripting')) print testXSS(url, lang) # [6] Testing if there is a Web Application Firewall printLine() print bcolors.HEADER + '[6] ' + bcolors.ENDC + (_('Web Application Firewall')) print detectWAF(ipAddr,port,lang) pause() pass
return image, alpha, nruns, rows, cols #------------------------------------------------------------------- image = '' alpha = '' nruns, rows, cols = 0, 0, 0 # initialize image, alpha, nruns, rows, cols = \ initVars(image, alpha, \ nruns, rows, cols, sys.argv) # Values set to printLine() print 'image: \"', sys.argv[1], '\"' print 'alpha: \"', sys.argv[2], '\"' print 'nruns =',nruns,', rows =',rows,', cols =',cols if rows != 2560 or cols != 1536: print "Please use 1536x2560 image size" sys.exit(0) R = image.shape[0] C = image.shape[1] # move colour dimension outside image_flip = np.rollaxis(image, 2) # add alpha channel to image along with
def netServDirect(lang): # Try to connect to the website url = raw_input(_("Endereco da interface para teste: ")) parsed = urlparse(url) if len(parsed.netloc) == 0: parsed = urlparse('http://' + url) pass ipAddr = socket.gethostbyname(parsed.netloc) openPorts = [] # Just to avoid GET erros url = url.replace("http://", "") url = url.replace("https://", "") try: # Do the request req = requests.get('http://' + url, stream=True) clear() print _("[!] Servidor esta online.") except (requests.ConnectionError, socket.error) as Exit: wait = raw_input(_('Nao foi possivel verificar pela porta 80')) # Remove the / end marker if url.endswith('/'): url = url[:-1] pass # Show the Url on the top of the page print url selection = raw_input( _('Digite as portas separando por virgula ou digite \'a\' para a busca automatica\n' )) # Get the avaiable ports if selection == 'a': ignore = (raw_input( _('Digite \'i\' para nao mostrar as portas filtradas\n')) == 'i') openPorts = portScanner(lang, url, ignore, range(1, 1025), True, True) else: clear() print bcolors.BOLD + _("Porta\t\tServico\t\t\tEstado") + bcolors.ENDC for port in selection.split(','): port = int(port) openPorts.append(port) openPorts = portScanner(lang, url, False, openPorts, False, True) # [1] Testing Https use printLine() print bcolors.HEADER + '[1] ' + bcolors.ENDC + ( _('Analise do servidor pelas portas [Banner Grabbing]')) testOpenPorts(lang, url, openPorts) # [2] Testing server resilience to DDOS Attacks printLine() print bcolors.HEADER + '[2] ' + bcolors.ENDC + ( _('Teste de resistencia a DDOS')) testDDoS(lang, url, openPorts) # [3] Fuzzer testing printLine() print bcolors.HEADER + '[3] ' + bcolors.ENDC + ( _('Teste de fuzz com strings montadas e strings aleatorias')) print testFuzz(lang, url, openPorts) # [4] Searching for open test ports | Already implemented, just an idea for improvement. IF you want to use, remove the '#' in the comments below # printLine() # print bcolors.HEADER + '[4] ' + bcolors.ENDC + (_('Verificando portas de teste abertas')) # print verifyOpenTestPorts(lang,url, openPorts if (selection == 'a') else portScanner(lang,url,True,range(1,1025),True,False)) pause()
def transCryptDirect(lang): # Get the interface information url = raw_input(_("Endereco da interface para teste (com a porta): ")) parsed = urlparse(url) if len(parsed.netloc) == 0: parsed = urlparse('http://'+url) pass # Getting the parsed values url = parsed.netloc if ':' in url: url = url.split(":",1)[0] port = parsed.port else: port = raw_input(_("Digite a porta: ")) # Try to connect to the interface logging.getLogger("scapy.runtime").setLevel(logging.ERROR) src_port = RandShort() response = sr1(IP(dst=url)/TCP(sport=src_port,dport=int(port),flags="S"),timeout=3, verbose=0) # Verifying the existence of a service on the port if(str(type(response))=="<type 'NoneType'>"): wait = raw_input(_('Servidor Offline ou URL Invalida')) return if (not response.haslayer(TCP)): wait = raw_input(_('Servidor Offline ou URL Invalida')) return if (not (response.getlayer(TCP).flags == 0x12)): wait = raw_input(_('Servidor Offline ou URL Invalida')) return # Stealth response send_rst = sr(IP(dst=url)/TCP(sport=src_port,dport=int(port),flags="R"),timeout=3, verbose=0) clear() print _("[!] Servidor esta online.") # Remove the / end marker if url.endswith('/'): url = url[:-1] pass # Show the Url on the top of the page print url +':'+ str(port) port = int(port) # [1] Testing the protocols printLine() print bcolors.HEADER + '[1] ' + bcolors.ENDC + (_('Testando Protocolos')) (worked,protocolList) = testProtocols(lang,url,port) if (not worked): pause() return # [2] Testing preferred protocol of the server printLine() print bcolors.HEADER + '[2] ' + bcolors.ENDC + (_('Protocolo padrao do servidor')) preferredProtocol = identifyProtocol(url,port) # [3] Testing if Perfect Forward Secrecy (PFS) is enabled on the server printLine() print bcolors.HEADER + '[3] ' + bcolors.ENDC + (_('Uso the Perfect Forward Secrecy')) print testPFS(url,port,preferredProtocol) # [4] Testing BASIC AUTH in HTTP, not so useful | Just an idea for improvement and a PoC. IF you want to use, remove the '#' in the comments below # printLine() # print bcolors.HEADER + '[4] ' + bcolors.ENDC + (_('Testando Autenticacao Basic em HTTP ')) # print testBasicAuth(url,port) # [5] Test Weak Ciphers printLine() print bcolors.HEADER + '[4] ' + bcolors.ENDC + (_('Testando Cifragem Fraca (minimo 128bits) ')) testWeakCipher(url,port,protocolList) pause()