def __init__(self, host, port, workdir, protocol, intensity, username,
ulist, password, plist, notuse, extensions, path, reexec,
ipv6, domain, interactive, verbose, executed, exec):
Warrior.__init__(self, host, port, workdir, protocol, intensity,
username, ulist, password, plist, notuse, extensions,
path, reexec, ipv6, domain, interactive, verbose,
executed, exec)
self.cmds = [
{
"name":
self.proto + "_nmap_" + self.port,
"cmd":
'nmap -n --scripts "imap* and default" -sV -p ' + self.port +
' ' + self.host,
"shell":
True,
"chain":
False
},
]
if self.proto == "imap":
self.cmds.append({
"name":
self.proto + "_version_" + self.port,
"cmd":
'nc -w 20 -q 1 -vn ' + self.host + ' ' + self.port +
' </dev/null',
"shell":
True,
"chain":
False
})
else:
self.cmds.append({
"name":
self.proto + "_version_" + self.port,
"cmd":
'echo "A1 Logout" | openssl s_client -connect ' + self.host +
':' + self.port + ' -crlf -quiet',
"shell":
True,
"chain":
False
})
msfmodules = [{
"path": "auxiliary/scanner/imap/imap_version",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
}]
self.cmds.append({
"name": self.proto + "_msf_" + self.port,
"cmd": self.create_msf_cmd(msfmodules),
"shell": True,
"chain": False
})
if self.intensity == "3":
self.extra_info = "You can use the variable 'username' to brute force a single username or the variable ulist to bruteforce a list of usernames."
ssl = " -S " if self.proto == "imaps" else "" # Check if SSL is needed
if username != "":
self.cmds = [{
"name":
self.proto + "_brute_hydra_" + self.port,
"cmd":
'hydra -f -e ns -l ' + self.username + ' -P ' +
self.plist + ssl + ' -s ' + self.port + ' ' + self.host +
' imap',
"shell":
True,
"chain":
False
}]
else:
self.cmds = [{
"name":
self.proto + "_brute_hydra_" + self.port,
"cmd":
'hydra -f -e ns -L ' + self.ulist + ' -P ' + self.plist +
ssl + ' -s ' + self.port + ' ' + self.host + ' imap',
"shell":
True,
"chain":
False
}]
def __init__(self, host, port, workdir, protocol, intensity, username,
ulist, password, plist, notuse, extensions, path, reexec,
ipv6, domain, interactive, verbose, executed, exec):
Warrior.__init__(self, host, port, workdir, protocol, intensity,
username, ulist, password, plist, notuse, extensions,
path, reexec, ipv6, domain, interactive, verbose,
executed, exec)
self.cmds = [
{
"name":
self.proto + "_nmap_" + self.port,
"cmd":
'nmap -n --script "smtp-open-relay or (default and *smtp*)" -p '
+ self.port + ' ' + self.host,
"shell":
True,
"chain":
False
},
]
if self.proto == "smtp":
self.cmds.append({
"name":
self.proto + "_version_" + self.port,
"cmd":
'nc -w 20 -q 1 -vn ' + self.host + ' ' + self.port +
' </dev/null',
"shell":
True,
"chain":
False
})
else:
self.cmds.append({
"name":
self.proto + "_version_" + self.port,
"cmd":
'echo QUIT | openssl s_client -starttls smtp -crlf -connect ' +
self.host + ':' + self.port,
"shell":
True,
"chain":
False
})
msfmodules = [
{
"path": "auxiliary/scanner/smtp/smtp_version",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/smtp/smtp_ntlm_domain",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/smtp/smtp_relay",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
]
self.cmds.append({
"name": self.proto + "_msf_" + self.port,
"cmd": self.create_msf_cmd(msfmodules),
"shell": True,
"chain": False
})
if self.intensity == 2:
self.cmds.append({
"name":
self.proto + "_nmap_vuln_" + self.port,
"cmd":
'nmap --script smtp-vuln-cve2011-1764,smtp-vuln-cve2011-1720,smtp-vuln-cve2010-4344 '
+ self.host + ' ' + self.port,
"shell":
True,
"chain":
False
})
if self.intensity == "3": # TODO: think about using other methods like RCT
self.extra_info = "By default VRFY method is used, if you want to use other (EXPN or RCPT) set it in 'path' variable."
self.extra_info += "\nYou can use the variable 'username' to brute force a single username or the variable ulist to bruteforce a list of usernames."
self.path = "VRFY" if self.path.upper() not in [
"EXPN", "RCPT"
] else self.path.upper()
if username != "":
self.cmds = [{
"name":
self.proto + "_brute",
"cmd":
'smtp-user-enum -M ' + self.path + ' -u ' + self.username +
' -p ' + self.port + ' -t ' + self.host,
"shell":
True,
"chain":
False
}]
else:
self.cmds = [{
"name":
self.proto + "_brute",
"cmd":
'smtp-user-enum -M ' + self.path + ' -U ' + self.ulist +
' -p ' + self.port + ' -t ' + self.host,
"shell":
True,
"chain":
False
}]
def __init__(self, host, port, workdir, protocol, intensity, username,
ulist, password, plist, notuse, extensions, path, reexec,
ipv6, domain, interactive, verbose, executed, exec):
Warrior.__init__(self, host, port, workdir, protocol, intensity,
username, ulist, password, plist, notuse, extensions,
path, reexec, ipv6, domain, interactive, verbose,
executed, exec)
self.password = self.password if len(self.password) > 0 else "vpn"
self.extra_info += "\nIf nothing is set in variable 'password' this module will use 'vpn' as ID."
self.cmds = [
{
"name":
"ike_nmap",
"cmd":
'nmap -n -sV --script *ike* -sU -p ' + self.port + ' ' +
self.host,
"shell":
False,
"chain":
False
},
{
"name":
"ike-scan",
"cmd":
'ike-scan -M --sport ' + self.port + ' --dport ' + self.port +
' ' + self.host,
"shell":
False,
"chain":
True
},
{
"name": "ike-scan_nat",
"cmd": 'ike-scan -M --nat-t ' + self.host,
"shell": False,
"chain": True
},
{
"name":
"ike-scan_showback",
"cmd":
'ike-scan -M --showbackoff --sport ' + self.port +
' --dport ' + self.port + ' ' + self.host,
"shell":
False,
"chain":
True
},
{
"name":
"ike-scan_agressive",
"cmd":
'ike-scan --aggressive --id=' + self.password + ' --sport ' +
self.port + ' --dport ' + self.port + ' ' + self.host,
"shell":
False,
"chain":
True
},
{
"name":
"ike-scan_agr_psk",
"cmd":
'ike-scan --pskcrack --aggressive --id=' + self.password +
' --sport ' + self.port + ' --dport ' + self.port + ' ' +
self.host,
"shell":
False,
"chain":
True
},
]
if self.intensity == "3":
self.extra_info = "To bruteforce IKE an 'ip' must be set."
if self.ip != "":
self.plist = self.plist if self.plist != "" else self.wordlists_path + '/wordlists/groupnames.txt'
self.cmds.append({
"name":
"ikeforce_id",
"cmd":
'ikeforce ' + self.ip + ' -e -w ' + self.plist + ' -s 2',
"shell":
False,
"chain":
True
})
def __init__(self, host, port, workdir, protocol, intensity, username,
ulist, password, plist, notuse, extensions, path, reexec,
ipv6, domain, interactive, verbose, executed, exec):
Warrior.__init__(self, host, port, workdir, protocol, intensity,
username, ulist, password, plist, notuse, extensions,
path, reexec, ipv6, domain, interactive, verbose,
executed, exec)
self.cmds = [
{
"name":
self.proto + "_nikto_" + self.port,
"cmd":
'echo n | nikto -nointeractive -maxtime 45m -timeout 60 -host '
+ self.proto_host_port_path +
' -Plugins "paths;outdated;report_sqlg;auth;content_search;report_text;fileops;parked;shellshock;report_html;cgi;headers;report_nbe;favicon;cookies;robots;report_xml;report_csv;ms10_070;msgs;drupal;apache_expect_xss;siebel;put_del_test;apacheusers;dictionary;embedded;ssl;clientaccesspolicy;httpoptions;subdomain;negotiate;sitefiles;mutiple_index;strutshock;dishwasher;paths;docker_registry;origin_reflection;dir_traversal;multiple_index"',
"shell":
True,
"chain":
False
},
{
"name": self.proto + "_whatweb_" + self.port,
"cmd": "whatweb -a 3 " + self.proto_host_port_path,
"shell": False,
"chain": False
},
{
"name": self.proto + "_robots_" + self.port,
"cmd": 'curl ' + self.proto_host_port +
'/robots.txt -L -k --user-agent "Googlebot/2.1 (+http://www.google.com/bot.html)" --connect-timeout 30 --max-time 180',
"shell": True,
"chain": False
},
{
"name":
self.proto + "_nmap_" + self.port,
"cmd":
'nmap -n -sV --script "(http* and not (dos or brute) and not http-xssed)" -p '
+ self.port + ' ' + self.host,
"shell":
True,
"chain":
False
},
{
"name": self.proto + "_wafw00f_" + self.port,
"cmd": 'wafw00f ' + self.proto_host_port_path,
"shell": False,
"chain": False
},
{
"name":
self.proto + "_fast_dirsearch_" + self.port,
"cmd":
"dirsearch -F -r -u " + self.proto_host_port_path + " -e " +
self.extensions,
"shell":
False,
"chain":
False
},
{
"name": self.proto + "_dirhunt_" + self.port,
"cmd": "dirhunt " + self.proto_host_port_path,
"shell": False,
"chain": False
},
#{"name": "gobuster", "cmd": "gobuster -k -fw -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u "+self.proto_host_port_path+" -x html,txt,"+self.extensions, "shell": False, "chain": False},
#{"name":"dirb","cmd": "dirb -S " + self.proto_host_port_path + " -X ." + self.extensions.replace(",",",."), "shell": False, "chain": False}, #Dirb needs the extension with a point. The flag '-f' in dirsearch makes it behave like dirb (force ext and "/")
{
"name": self.proto + "_cmsmap_" + self.port,
"cmd": 'echo "y" | cmsmap -s ' + self.proto_host_port_path,
"shell": True,
"chain": False
},
{
"name":
self.proto + "_curl_put_" + self.port,
"cmd":
'curl -v -X PUT -d "Hey! I am a PUT" ' +
self.proto_host_port_path + "/legion.txt",
"shell":
True,
"chain":
False
},
]
#if self.domain and self.ip:
# self.cmds.append({"name": self.proto+"_vhost-brute", "cmd": "vhost-brute.php --domain "+self.domain+" --ip "+self.ip+" --wordlist "+self.wordlists_path+'/subdomains.txt' + (" --ssl" if self.proto == "https" else ""), "shell": False, "chain": False})
if self.proto == "https":
self.cmds.append({
"name": "https_sslscan_" + self.port,
"cmd": "sslscan " + self.host_port,
"shell": False,
"chain": False
})
self.cmds.append({
"name": "https_sslyze_" + self.port,
"cmd": "sslyze --regular " + self.host_port,
"shell": False,
"chain": False
})
self.cmds.append({
"name":
"https_ssl_nmap_" + self.port,
"cmd":
'nmap -sV --script "ssl-* and not brute and not dos" -p ' +
self.port + " " + self.host,
"shell":
True,
"chain":
False
})
if self.intensity >= "2":
self.cmds.append({
"name":
self.proto + "_medium_dirsearch_" + self.port,
"cmd":
"dirsearch -f -F -r -u " + self.proto_host_port_path + " -e " +
self.extensions + " -w /usr/share/wordlists/dirb/common.txt",
"shell":
False,
"chain":
False
})
if self.intensity == "3":
self.extra_info = "You can use the variable 'username' to brute force a single username or the variable ulist to bruteforce a list of usernames. The default 'path' is '/'."
if username != "":
self.cmds = [{
"name":
self.proto + "_brute_hydra_" + self.port,
"cmd":
"hydra -l " + self.username + " -P " + self.plist + " " +
self.host + " " + self.proto + "-get -s " + self.port +
" -f -e ns -m " + self.path,
"shell":
False,
"chain":
False
}]
else:
self.cmds = [{
"name":
self.proto + "_brute_hydra_" + self.port,
"cmd":
"hydra -L " + self.ulist + " -P " + self.plist + " " +
self.host + " " + self.proto + "-get -s " + self.port +
" -f -e ns -m " + self.path,
"shell":
False,
"chain":
False
}]
dav_auth = "-auth " + self.username + ":" + self.password + " " if (
self.username and self.password) else ""
self.demand_cmds = [
{
"name":
self.proto + "_slow_dirsearch_" + self.port,
"cmd":
"dirsearch -f -F -u " + self.proto_host_port + " -e " +
self.extensions +
" -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt",
"shell":
False,
"chain":
False
},
{
"name": self.proto + "_sqlmap_" + self.port,
"cmd": "sqlmap -u " + self.proto_host_port_path +
" --batch --crawl=3 --forms --random-agent --level 1 --risk 1 -f -a",
"shell": False,
"chain": False
},
{
"name": self.proto + "_davtestmove_" + self.port,
"cmd": "davtest " + dav_auth + "-move -sendbd auto -url " +
self.proto_host_port_path,
"shell": False,
"chain": False
},
{
"name": self.proto + "_davtestnorm_" + self.port,
"cmd": "davtest " + dav_auth + " -sendbd auto -url " +
self.proto_host_port_path,
"shell": False,
"chain": False
},
{
"name": self.proto + "_wpscan_" + self.port,
"cmd": "wpscan --url " + self.proto_host_port_path +
" --rua --no-update --enumerate ap",
"shell": False,
"chain": False
},
{
"name": self.proto + "_cewl_" + self.port,
"cmd": "cewl " + self.proto_host_port_path + " -m 6",
"shell": False,
"chain": False
},
{
"name":
self.proto + "_arjun_" + self.port,
"cmd":
"cd " + self.git_path +
"/arjun 2>/dev/null; ./arjun.py --get -u " +
self.proto_host_port_path + "; " + "./arjun.py --post -u " +
self.proto_host_port_path + "; " + "./arjun.py --json -u " +
self.proto_host_port_path + "; cd - 2>/dev/null",
"shell":
True,
"chain":
False
},
]
def __init__(self, host, port, workdir, protocol, intensity, username,
ulist, password, plist, notuse, extensions, path, reexec,
ipv6, domain, interactive, verbose, executed, exec):
Warrior.__init__(self, host, port, workdir, protocol, intensity,
username, ulist, password, plist, notuse, extensions,
path, reexec, ipv6, domain, interactive, verbose,
executed, exec)
self.cmds = [
{
"name":
"ftp_nmap_" + self.port,
"cmd":
'nmap -n -sV --script "ftp* and default" -p ' + self.port +
' ' + self.host,
"shell":
True,
"chain":
False
},
{
"name": "ftp_version_" + self.port,
"cmd": 'nc -w 20 -q 1 -vn ' + self.host + ' ' + self.port +
' </dev/null',
"shell": True,
"chain": False
},
]
msfmodules = [
{
"path": "auxiliary/scanner/ftp/anonymous",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/ftp/ftp_version",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
]
self.cmds.append({
"name": "ftp_msf_" + self.port,
"cmd": self.create_msf_cmd(msfmodules),
"shell": True,
"chain": False
})
if self.intensity >= "2":
self.cmds.append({
"name":
"ftp_nmap_vuln_" + self.port,
"cmd":
'nmap -sV --script "ftp* and vuln" -p ' + self.port + ' ' +
self.host,
"shell":
True,
"chain":
False
})
msfmodules_vuln = [
{
"path": "auxiliary/scanner/ftp/bison_ftp_traversal",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/ftp/colorado_ftp_traversal",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/ftp/easy_file_sharing_ftp",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/ftp/konica_ftp_traversal",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/ftp/pcman_ftp_traversal",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/ftp/titanftp_xcrc_traversal",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
]
self.cmds.append({
"name": "ftp_msf_vuln_" + self.port,
"cmd": self.create_msf_cmd(msfmodules_vuln),
"shell": True,
"chain": False
})
if self.intensity == "3":
self.extra_info = "You can use the variable 'username' to brute force a single username or the variable ulist to bruteforce a list of usernames."
if username != "":
self.cmds = [{
"name":
"ftp_brute_hydra_" + self.port,
"cmd":
'hydra -f -e ns -l ' + self.username + ' -P ' +
self.plist + ' -s ' + self.port + ' ' + self.host + ' ftp',
"shell":
True,
"chain":
False
}]
else:
self.cmds = [{
"name":
"ftp_brute_hydra_" + self.port,
"cmd":
'hydra -f -e ns -L ' + self.ulist + ' -P ' + self.plist +
' -s ' + self.port + ' ' + self.host + ' ftp',
"shell":
True,
"chain":
False
}]
def __init__(self, host, port, workdir, protocol, intensity, username,
ulist, password, plist, notuse, extensions, path, reexec,
ipv6, domain, interactive, verbose, executed, exec):
Warrior.__init__(self, host, port, workdir, protocol, intensity,
username, ulist, password, plist, notuse, extensions,
path, reexec, ipv6, domain, interactive, verbose,
executed, exec)
self.workdir = self.workdir + "/../"
if self.ip != "":
self.cmds = [{
"name": "udp-proto-scanner",
"cmd": 'udp-proto-scanner.pl ' + self.ip,
"shell": False,
"chain": False
}]
self.cmds += [
{
"name":
"nmap_fast_udp",
"cmd":
'nmap -F -sU -sV -T 4 -oA ' + self.workdir + 'nmapu ' +
self.host,
"shell":
False,
"chain":
False
},
{
"name": "nmap_init",
"cmd":
'nmap -sS -sV -T 4 -oA ' + self.workdir + 'nmapi ' + self.host,
"shell": False,
"chain": True
},
{
"name":
"nmap_full_fast",
"cmd":
'nmap -sS -sV -sC -O -T 4 -p - -oA ' + self.workdir +
'nmapff ' + self.host,
"shell":
False,
"chain":
True
},
{
"name":
"nmap_full",
"cmd":
'nmap -sS -sV -sC -O -p - -oA ' + self.workdir + 'nmapf ' +
self.host,
"shell":
False,
"chain":
True
},
{
"name":
"nmap_sctp_full",
"cmd":
'nmap -T 4 -sY -sV -sC -p - -oA ' + self.workdir +
'nmapfsctp ' + self.host,
"shell":
False,
"chain":
False
},
#{"name": "nmap_udp_full", "cmd": 'nmap -sU -sV -p - ' + self.host, "shell": False, "chain": False}
]
def __init__(self, host, port, workdir, protocol, intensity, username,
ulist, password, plist, notuse, extensions, path, reexec,
ipv6, domain, interactive, verbose, executed, exec):
Warrior.__init__(self, host, port, workdir, protocol, intensity,
username, ulist, password, plist, notuse, extensions,
path, reexec, ipv6, domain, interactive, verbose,
executed, exec)
# TODO: ADD DNSsec attacks and other IPv6 attacks
self.cmds = [
{
"name": "dnsrecon_127.0.0.0_24",
"cmd": 'dnsrecon -r 127.0.0.0/24 -n ' + self.host,
"shell": False,
"chain": False
},
{
"name": "dnsrecon_127.0.1.0_24",
"cmd": 'dnsrecon -r 127.0.1.0/24 -n ' + self.host,
"shell": False,
"chain": False
},
{
"name":
"dns_nmap_tcp_" + self.port,
"cmd":
'nmap -n -sV --script "(*dns* and (default or (discovery and safe))) or dns-random-txid or dns-random-srcport" -p '
+ self.port + ' ' + self.host,
"shell":
True,
"chain":
False
},
{
"name":
"dns_nmap_udp_" + self.port,
"cmd":
'nmap -n -sV -sU --script "(*dns* and (default or (discovery and safe))) or dns-random-txid or dns-random-srcport" -p '
+ self.port + ' ' + self.host,
"shell":
True,
"chain":
False
},
]
if self.ip != "":
self.cmds.append({
"name": "dig_NS_" + self.port,
"cmd": 'dig -x ' + self.ip + ' @' + self.host,
"shell": False,
"chain": False
})
self.cmds.append({
"name":
"dnsrecon_" + self.ip + "_24",
"cmd":
'dnsrecon -r ' + self.ip + '/24 -n ' + self.host,
"shell":
False,
"chain":
False
})
if self.ipv6 != "":
self.cmds.append({
"name": "dig_NS",
"cmd": 'dig -x ' + self.ipv6 + ' @' + self.host,
"shell": False,
"chain": False
})
if self.intensity >= "2":
msfmodules_vuln = [{
"path": "auxiliary/scanner/dns/dns_amp",
"toset": {
"RPORT": self.port,
"RHOSTS": self.host
}
}]
self.cmds.append({
"name": "dns_msf_vuln_" + self.port,
"cmd": self.create_msf_cmd(msfmodules_vuln),
"shell": True,
"chain": False
})
if self.domain != "":
self.cmds.append({
"name":
"dig",
"cmd":
self.dig_cmds(
["axfr", "ANY", "A", "AAAA", "TXT", "MX", "NS", "SOA"]),
"shell":
True,
"chain":
False
})
self.cmds.append({
"name":
"dnsrecon_domain",
"cmd":
'dnsrecon -d ' + self.domain + ' -a -n ' + self.host,
"shell":
False,
"chain":
False
})
msfmodules = [{
"path": "auxiliary/gather/enum_dns",
"toset": {
"DOMAIN": self.domain,
"NS": self.host
}
}]
self.cmds.append({
"name": "DNS_msf",
"cmd": self.create_msf_cmd(msfmodules),
"shell": True,
"chain": False
})
if self.intensity == "3":
self.wordlist = self.plist if self.plist != "" else self.wordlists_path + '/subdomains.txt'
self.cmds = [{
"name":
"dnsrecon_brute",
"cmd":
'dnsrecon -D ' + self.wordlist + ' -d ' + self.domain +
' -n ' + self.host,
"shell":
False,
"chain":
False
}]
def __init__(self, host, port, workdir, protocol, intensity, username,
ulist, password, plist, notuse, extensions, path, reexec,
ipv6, domain, interactive, verbose, executed, exec):
Warrior.__init__(self, host, port, workdir, protocol, intensity,
username, ulist, password, plist, notuse, extensions,
path, reexec, ipv6, domain, interactive, verbose,
executed, exec)
self.sids = plist if len(
plist) > 0 else self.wordlists_path + '/sids-oracle.txt'
self.cmds = [
{
"name":
self.proto + "_nmap_" + self.port,
"cmd":
'nmap -n --script "oracle-tns-version" -T4 -sV -p ' +
self.port + ' ' + self.host,
"shell":
True,
"chain":
False
},
{
"name": self.proto + "_tnscmd10g_version_" + self.port,
"cmd":
'tnscmd10g version -p ' + self.port + ' -h ' + self.host,
"shell": False,
"chain": False
},
{
"name": self.proto + "_tnscmd10g_status_" + self.port,
"cmd": 'tnscmd10g status -p ' + self.port + ' -h ' + self.host,
"shell": False,
"chain": False
},
{
"name": self.proto + "_oscanner_" + self.port,
"cmd": 'oscanner -p ' + self.port + ' -s ' + self.host,
"shell": False,
"chain": False
},
{
"name": self.proto + "_odat_all_" + self.port,
"cmd": 'odat.py all -p ' + self.port + ' -s ' + self.host,
"shell": False,
"chain": False
},
{
"name":
self.proto + "_hydra_sids_" + self.port,
"cmd":
'hydra -f -L ' + self.sids + ' -s ' + self.port + ' ' +
self.host + ' oracle-sid',
"shell":
False,
"chain":
False
},
]
if self.intensity >= "2":
self.extra_info = "Set the SID that you want to brute force in the 'username' option"
if username != "":
self.cmds.append(
{
"name":
self.proto + "_brute_nmap_" + self.port,
"cmd":
'nmap -sV --script oracle-brute-stealth --script-args oracle-brute-stealth.sid='
+ self.username + ' -p ' + self.port + ' ' + self.host,
"shell":
True,
"chain":
False
}, )
def __init__(self, host, port, workdir, protocol, intensity, username,
ulist, password, plist, notuse, extensions, path, reexec,
ipv6, domain, interactive, verbose, executed, exec):
Warrior.__init__(self, host, port, workdir, protocol, intensity,
username, ulist, password, plist, notuse, extensions,
path, reexec, ipv6, domain, interactive, verbose,
executed, exec)
self.cmds = [
{
"name":
self.proto + "_nmap_" + self.port,
"cmd":
'nmap -n -sV --script pjl-ready-message -p ' + self.port +
' ' + self.host,
"shell":
True,
"chain":
False
},
]
msfmodules = [
{
"path": "auxiliary/scanner/printer/printer_env_vars",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/printer/printer_list_dir",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/printer/printer_list_volumes",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/printer/printer_ready_message",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/printer/printer_version_info",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/printer/printer_version_info",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/printer/printer_env_vars",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
{
"path": "auxiliary/scanner/printer/printer_env_vars",
"toset": {
"RHOSTS": self.host,
"RPORT": self.port
}
},
]
self.cmds.append({
"name": self.proto + "_msf_" + self.port,
"cmd": self.create_msf_cmd(msfmodules),
"shell": True,
"chain": False
})