def scan_methods():
"""
all available modules for API
Returns:
HTML content or available modules
"""
methods = load_all_modules()
methods.pop("all")
res = ""
for sm in methods.keys():
label = "success" if sm.endswith(
"_scan"
) else "warning" if sm.endswith(
"_brute"
) else "danger" if sm.endswith(
"_vuln"
) else "default"
profile = "scan" if sm.endswith(
"_scan"
) else "brute" if sm.endswith(
"_brute"
) else "vuln" if sm.endswith(
"_vuln"
) else "default"
res += """<label><input id="{0}" type="checkbox" class="checkbox checkbox-{2}-module">
<a class="label label-{1}">{0}</a></label> """.format(sm, label, profile)
return res
def __init__(self,
target=None,
log_path='./predefined_vuln_scan_result.json'):
for key, value in default_config.items():
setattr(self, key, value)
self.backup_ports = self.ports
self.scan_method = load_all_modules()
self.scan_method.remove('all')
self.log_in_file = log_path
self.vuln_ip = set()
if target is None:
ip = determine_host_ip()
if ip:
self.targets = host_discovery(ip)
else:
print(
'Host IP address detection failed, check internet connection'
)
print(
'try manually enter the IP address of the machine running this test'
)
else:
if isinstance(target, list):
self.targets = target
else:
self.targets = [target]
self.verbose_level = 0
def __scan_methods():
methods = load_all_modules()
methods.remove("all")
res = ""
for sm in methods:
label = "success" if sm.endswith("_scan") else "warning" if sm.endswith("_brute") else "danger" if sm.endswith(
"_vuln") else "default"
res += """<label><input type="checkbox" class="checkbox">
<a class="label label-{1}">{0}</a></label> """.format(sm, label)
return res
def load():
"""
load all ARGS, Apply rules and go for attacks
Returns:
True if success otherwise None
"""
write("\n\n")
options = check_all_required(load_all_args())
info(messages("scan_started"))
info(messages("loaded_modules").format(len(load_all_modules())))
exit_code = start_scan_processes(options)
info(messages("done"))
return exit_code
def load():
"""
load all ARGS, Apply rules and go for attacks
Returns:
True if success otherwise None
"""
write("\n\n")
# load all modules in lib/brute, lib/scan, lib/graph
module_names = load_all_modules()
graph_names = load_all_graphs()
# Parse ARGVs
try:
parser, options, startup_update_flag = load_all_args(module_names, graph_names)
except SystemExit:
finish()
sys.exit(1)
# Filling Options
check_ranges = options.check_ranges
check_subdomains = options.check_subdomains
targets = options.targets
targets_list = options.targets_list
thread_number = options.thread_number + 1
thread_number_host = options.thread_number_host
log_in_file = options.log_in_file
scan_method = options.scan_method
exclude_method = options.exclude_method
users = options.users
users_list = options.users_list
passwds = options.passwds
passwds_list = options.passwds_list
timeout_sec = options.timeout_sec
ports = options.ports
time_sleep = options.time_sleep
language = options.language
verbose_level = options.verbose_level
show_version = options.show_version
check_update = options.check_update
socks_proxy = options.socks_proxy
retries = options.retries
graph_flag = options.graph_flag
help_menu_flag = options.help_menu_flag
ping_flag = options.ping_flag
methods_args = options.methods_args
method_args_list = options.method_args_list
wizard_mode = options.wizard_mode
profile = options.profile
start_api = options.start_api
api_host = options.api_host
api_port = options.api_port
api_debug_mode = options.api_debug_mode
api_access_key = options.api_access_key
api_client_white_list = options.api_client_white_list
api_client_white_list_ips = options.api_client_white_list_ips
api_access_log = options.api_access_log
api_access_log_filename = options.api_access_log_filename
backup_ports = ports
# Checking Requirements
(targets, targets_list, thread_number, thread_number_host,
log_in_file, scan_method, exclude_method, users, users_list,
passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version,
check_update, socks_proxy, retries, graph_flag, help_menu_flag, methods_args, method_args_list, wizard_mode,
profile, start_api, api_host, api_port, api_debug_mode, api_access_key, api_client_white_list,
api_client_white_list_ips, api_access_log, api_access_log_filename) = \
check_all_required(
targets, targets_list, thread_number, thread_number_host,
log_in_file, scan_method, exclude_method, users, users_list,
passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version,
check_update, socks_proxy, retries, graph_flag, help_menu_flag, methods_args, method_args_list, wizard_mode,
profile, start_api, api_host, api_port, api_debug_mode, api_access_key, api_client_white_list,
api_client_white_list_ips, api_access_log, api_access_log_filename
)
info(messages(language, 0))
# check for update
if startup_update_flag:
__version__, __code_name__ = _version_info()
_check(__version__, __code_name__, language, socks_proxy)
info(messages(language, 96).format(len(load_all_modules()) - 1 + len(load_all_graphs())))
__go_for_attacks(targets, check_ranges, check_subdomains, log_in_file, time_sleep, language, verbose_level, retries,
socks_proxy, users, passwds, timeout_sec, thread_number, ports, ping_flag, methods_args,
backup_ports, scan_method, thread_number_host, graph_flag, profile, False)
return True
def __rules(config, defaults, language):
# Check Ranges
config["check_ranges"] = True if config[
"check_ranges"] is not False else False
# Check Subdomains
config["check_subdomains"] = True if config[
"check_subdomains"] is not False else False
# Check Graph
config["graph_flag"] = config["graph_flag"] if config[
"graph_flag"] in load_all_graphs() else None
# Check Language
config["language"] = config["language"] if config["language"] in [
lang for lang in messages(-1, 0)
] else "en"
# Check Targets
if config["targets"] is not None:
config["targets"] = list(set(config["targets"].rsplit(",")))
else:
abort(400, messages(language, 26))
# Check Log File
try:
f = open(config["log_in_file"], "a")
f.close()
except:
abort(400, messages(language, 40).format(config["log_in_file"]))
# Check Method ARGS
methods_args = config["methods_args"]
if methods_args is not None:
new_methods_args = {}
methods_args = methods_args.rsplit("&")
for imethod_args in methods_args:
if len(imethod_args.rsplit("=")) is 2:
new_methods_args[imethod_args.rsplit("=")
[0]] = imethod_args.rsplit("=")[1].rsplit(",")
else:
new_methods_args[imethod_args.rsplit("=")[0]] = ""
methods_args = new_methods_args
config["methods_args"] = methods_args
# Check Passwords
config["passwds"] = config["passwds"].rsplit(
',') if config["passwds"] is not None else None
# Check Ping Before Scan
config["ping_flag"] = True if config["ping_flag"] is not False else False
# Check Ports
ports = config["ports"]
if type(ports) is not list and ports is not None:
tmp_ports = []
for port in ports.rsplit(','):
try:
if '-' not in port:
if int(port) not in tmp_ports:
tmp_ports.append(int(port))
else:
t_ports = range(int(port.rsplit('-')[0]),
int(port.rsplit('-')[1]) + 1)
for p in t_ports:
if p not in tmp_ports:
tmp_ports.append(p)
except:
abort(400, messages(language, 157))
if len(tmp_ports) is 0:
ports = None
else:
ports = tmp_ports[:]
config["ports"] = ports
# Check Profiles
if config["profile"] is not None:
_all_profiles = _builder(_profiles(), default_profiles())
if config["scan_method"] is None:
config["scan_method"] = ""
else:
config["scan_method"] += ","
if "all" in config["profile"].rsplit(","):
config["profile"] = ",".join(_all_profiles)
tmp_sm = config["scan_method"]
for pr in config["profile"].rsplit(","):
try:
for sm in _all_profiles[pr]:
if sm not in tmp_sm.rsplit(","):
tmp_sm += sm + ","
except:
abort(400, messages(language, 137).format(pr))
if tmp_sm[-1] == ",":
tmp_sm = tmp_sm[0:-1]
config["scan_method"] = ",".join(list(set(tmp_sm.rsplit(","))))
# Check retries
try:
config["retries"] = int(config["retries"])
except:
config["retries"] = defaults["retries"]
# Check Scanning Method
if config["scan_method"] is not None and "all" in config[
"scan_method"].rsplit(","):
config["scan_method"] = load_all_modules()
config["scan_method"].remove("all")
elif len(config["scan_method"].rsplit(
",")) is 1 and "*_" not in config["scan_method"]:
if config["scan_method"] in load_all_modules():
config["scan_method"] = config["scan_method"].rsplit()
else:
abort(400, messages(language, 30).format(config["scan_method"]))
else:
if config["scan_method"] is not None:
if config["scan_method"] not in load_all_modules():
if "*_" in config["scan_method"] or "," in config[
"scan_method"]:
config["scan_method"] = config["scan_method"].rsplit(",")
scan_method_tmp = config["scan_method"][:]
for sm in scan_method_tmp:
scan_method_error = True
if sm.startswith("*_"):
config["scan_method"].remove(sm)
found_flag = False
for mn in load_all_modules():
if mn.endswith("_" + sm.rsplit("*_")[1]):
config["scan_method"].append(mn)
scan_method_error = False
found_flag = True
if found_flag is False:
abort(400, messages(language, 117).format(sm))
elif sm == "all":
config["scan_method"] = load_all_modules()
scan_method_error = False
config["scan_method"].remove("all")
break
elif sm in load_all_modules():
scan_method_error = False
elif sm not in load_all_modules():
abort(400, messages(language, 30).format(sm))
else:
scan_method_error = True
if scan_method_error:
abort(400,
messages(language, 30).format(config["scan_method"]))
else:
abort(400, messages(language, 41))
config["scan_method"] = list(set(config["scan_method"]))
# Check Socks Proxy
socks_proxy = config["socks_proxy"]
if socks_proxy is not None:
e = False
if socks_proxy.startswith("socks://"):
socks_flag = 5
socks_proxy = socks_proxy.replace("socks://", "")
elif socks_proxy.startswith("socks5://"):
socks_flag = 5
socks_proxy = socks_proxy.replace("socks5://", "")
elif socks_proxy.startswith("socks4://"):
socks_flag = 4
socks_proxy = socks_proxy.replace("socks4://", "")
else:
socks_flag = 5
if "://" in socks_proxy:
socks_proxy = socks_proxy.rsplit("://")[1].rsplit("/")[0]
try:
if len(socks_proxy.rsplit(":")) < 2 or len(
socks_proxy.rsplit(":")) > 3:
e = True
elif len(socks_proxy.rsplit(":")) is 2 and socks_proxy.rsplit(
":")[1] == "":
e = True
elif len(socks_proxy.rsplit(":")) is 3 and socks_proxy.rsplit(
":")[2] == "":
e = True
except:
e = True
if e:
abort(400, messages(language, 63))
if socks_flag is 4:
socks_proxy = "socks4://" + socks_proxy
if socks_flag is 5:
socks_proxy = "socks5://" + socks_proxy
config["socks_proxy"] = socks_proxy
# Check thread numbers
try:
config["thread_number"] = int(config["thread_number"])
except:
config["thread_number"] = defaults["thread_number"]
# Check thread number for hosts
try:
config["thread_number_host"] = int(config["thread_number_host"])
except:
config["thread_number_host"] = defaults["thread_number_host"]
# Check time sleep
try:
config["time_sleep"] = float(config["time_sleep"])
except:
config["time_sleep"] = defaults["time_sleep"]
# Check timeout sec
try:
config["timeout_sec"] = int(config["timeout_sec"])
except:
config["thread_number_host"] = defaults["thread_number_host"]
# Check users
config["users"] = config["users"].rsplit(
',') if config["users"] is not None else None
return config
def load():
write('\n\n')
# load libs
from core.color import finish
# load all modules in lib/brute, lib/scan, lib/graph
module_names = load_all_modules()
graph_names = load_all_graphs()
# Parse ARGVs
try:
parser, options, startup_update_flag = load_all_args(
module_names, graph_names)
except SystemExit:
finish()
sys.exit(1)
# Filling Options
check_ranges = options.check_ranges
check_subdomains = options.check_subdomains
targets = options.targets
targets_list = options.targets_list
thread_number = options.thread_number
thread_number_host = options.thread_number_host
log_in_file = options.log_in_file
scan_method = options.scan_method
exclude_method = options.exclude_method
users = options.users
users_list = options.users_list
passwds = options.passwds
passwds_list = options.passwds_list
timeout_sec = options.timeout_sec
ports = options.ports
time_sleep = options.time_sleep
language = options.language
verbose_level = options.verbose_level
show_version = options.show_version
check_update = options.check_update
proxies = options.proxies
proxies_file = options.proxies_file
retries = options.retries
graph_flag = options.graph_flag
help_menu_flag = options.help_menu_flag
ping_flag = options.ping_flag
methods_args = options.methods_args
method_args_list = options.method_args_list
# Checking Requirements
(targets, targets_list, thread_number, thread_number_host,
log_in_file, scan_method, exclude_method, users, users_list,
passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version,
check_update, proxies, proxies_file, retries, graph_flag, help_menu_flag, methods_args, method_args_list) = \
check_all_required(
targets, targets_list, thread_number, thread_number_host,
log_in_file, scan_method, exclude_method, users, users_list,
passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version,
check_update, proxies, proxies_file, retries, graph_flag, help_menu_flag, methods_args, method_args_list
)
info(messages(language, 0))
# check for update
if startup_update_flag is True:
__version__, __code_name__ = _version_info()
_check(__version__, __code_name__, language)
info(
messages(
language,
96).format(len(load_all_modules()) - 1 + len(load_all_graphs())))
suff = str(datetime.datetime.now()).replace(' ', '_').replace(
':', '-') + '_' + ''.join(
random.choice(string.ascii_uppercase + string.digits)
for _ in range(10))
subs_temp = 'tmp/subs_temp_%s' % (suff)
range_temp = 'tmp/ranges_%s' % (suff)
total_targets = -1
for total_targets, _ in enumerate(
analysis(targets, check_ranges, check_subdomains, subs_temp,
range_temp, log_in_file, time_sleep, language,
verbose_level, show_version, check_update, proxies,
retries)):
pass
total_targets += 1
total_targets = total_targets * len(scan_method)
targets = analysis(targets, check_ranges, check_subdomains, subs_temp,
range_temp, log_in_file, time_sleep, language,
verbose_level, show_version, check_update, proxies,
retries)
threads = []
trying = 0
for target in targets:
for sm in scan_method:
trying += 1
t = threading.Thread(
target=start_attack,
args=(str(target).rsplit()[0], trying, total_targets, sm,
users, passwds, timeout_sec, thread_number, ports,
log_in_file, time_sleep, language, verbose_level,
show_version, check_update, proxies, retries, ping_flag,
methods_args))
threads.append(t)
t.start()
while 1:
n = 0
for thread in threads:
if thread.isAlive() is True:
n += 1
else:
threads.remove(thread)
if n >= thread_number_host:
time.sleep(0.01)
else:
break
while 1:
try:
n = True
for thread in threads:
if thread.isAlive() is True:
n = False
time.sleep(0.01)
if n is True:
break
except KeyboardInterrupt:
break
info(messages(language, 42))
os.remove(subs_temp)
os.remove(range_temp)
info(messages(language, 43))
sort_logs(log_in_file, language, graph_flag)
write('\n')
info(messages(language, 44))
write('\n\n')
finish()
def __rules(config, defaults, language):
"""
Load ARGS from API requests and apply the rules
Args:
config: all user config
defaults: default config
language: language
Returns:
config with applied rules
"""
# Check Ranges
config["check_ranges"] = True if config[
"check_ranges"] is not False else False
# Check Subdomains
config["check_subdomains"] = True if config[
"check_subdomains"] is not False else False
# Check Graph
config["graph_flag"] = config["graph_flag"] if config[
"graph_flag"] in load_all_graphs() else None
# Check Language
config["language"] = config["language"] if config["language"] in list(
messages(-1, 0)) else "en"
# Check Targets
if config["targets"] is not None:
config["targets"] = list(set(config["targets"].rsplit(",")))
else:
abort(400, messages(language, "error_target"))
# Check Log File
try:
f = open(config["log_in_file"], "a")
f.close()
except:
abort(
400,
messages(language,
"file_write_error").format(config["log_in_file"]))
# Check Method ARGS
methods_args = config["methods_args"]
if methods_args is not None:
new_methods_args = {}
methods_args = methods_args.rsplit("&")
for imethod_args in methods_args:
if len(imethod_args.rsplit("=")) == 2:
new_methods_args[imethod_args.rsplit("=")
[0]] = imethod_args.rsplit("=")[1].rsplit(",")
else:
new_methods_args[imethod_args] = ["True"]
methods_args = new_methods_args
config["methods_args"] = methods_args
# Check Passwords
config["passwds"] = config["passwds"].rsplit(
',') if config["passwds"] is not None else None
# Check Ping Before Scan
config["ping_flag"] = True if config["ping_flag"] is not False else False
# Check Ports
ports = config["ports"]
if type(ports) is not list and ports is not None:
tmp_ports = []
for port in ports.rsplit(','):
try:
if '-' not in port:
if int(port) not in tmp_ports:
tmp_ports.append(int(port))
else:
t_ports = range(int(port.rsplit('-')[0]),
int(port.rsplit('-')[1]) + 1)
for p in t_ports:
if p not in tmp_ports:
tmp_ports.append(p)
except:
abort(400, messages(language, "ports_int"))
if len(tmp_ports) == 0:
ports = None
else:
ports = tmp_ports[:]
config["ports"] = ports
# Check Profiles
if config["profile"] is not None:
_all_profiles = _builder(_profiles(), default_profiles())
synonyms = _synonym_profile().keys()
for synonym in synonyms:
del (_all_profiles[synonym])
if config["scan_method"] is None:
config["scan_method"] = ""
else:
config["scan_method"] += ","
if "all" in config["profile"].rsplit(","):
config["profile"] = ",".join(_all_profiles)
tmp_sm = config["scan_method"]
for pr in config["profile"].rsplit(","):
try:
for sm in _all_profiles[pr]:
if sm not in tmp_sm.rsplit(","):
tmp_sm += sm + ","
except:
abort(400, messages(language, "profile_404").format(pr))
if tmp_sm[-1] == ",":
tmp_sm = tmp_sm[0:-1]
config["scan_method"] = ",".join(list(set(tmp_sm.rsplit(","))))
# Check retries
try:
config["retries"] = int(config["retries"])
except:
config["retries"] = defaults["retries"]
# Check Scanning Method
if config["scan_method"] is not None and "all" in config[
"scan_method"].rsplit(","):
config["scan_method"] = load_all_modules()
config["scan_method"].remove("all")
elif config["scan_method"] is not None and len(
config["scan_method"].rsplit(
",")) == 1 and "*_" not in config["scan_method"]:
if config["scan_method"] in load_all_modules():
config["scan_method"] = config["scan_method"].rsplit()
else:
abort(
400,
messages(language, "scan_module_not_found").format(
config["scan_method"]))
else:
if config["scan_method"] is not None:
if config["scan_method"] not in load_all_modules():
if "*_" in config["scan_method"] or "," in config[
"scan_method"]:
config["scan_method"] = config["scan_method"].rsplit(",")
scan_method_tmp = config["scan_method"][:]
for sm in scan_method_tmp:
scan_method_error = True
if sm.startswith("*_"):
config["scan_method"].remove(sm)
found_flag = False
for mn in load_all_modules():
if mn.endswith("_" + sm.rsplit("*_")[1]):
config["scan_method"].append(mn)
scan_method_error = False
found_flag = True
if found_flag is False:
abort(
400,
messages(language,
"module_pattern_404").format(sm))
elif sm == "all":
config["scan_method"] = load_all_modules()
scan_method_error = False
config["scan_method"].remove("all")
break
elif sm in load_all_modules():
scan_method_error = False
elif sm not in load_all_modules():
abort(
400,
messages(language,
"scan_module_not_found").format(sm))
else:
scan_method_error = True
if scan_method_error:
abort(
400,
messages(language, "scan_module_not_found").format(
config["scan_method"]))
else:
abort(400, messages(language, "scan_method_select"))
config["scan_method"] = list(set(config["scan_method"]))
# Check Socks Proxy
socks_proxy = config["socks_proxy"]
if socks_proxy is not None:
e = False
if socks_proxy.startswith("socks://"):
socks_flag = 5
socks_proxy = socks_proxy.replace("socks://", "")
elif socks_proxy.startswith("socks5://"):
socks_flag = 5
socks_proxy = socks_proxy.replace("socks5://", "")
elif socks_proxy.startswith("socks4://"):
socks_flag = 4
socks_proxy = socks_proxy.replace("socks4://", "")
else:
socks_flag = 5
if "://" in socks_proxy:
socks_proxy = socks_proxy.rsplit("://")[1].rsplit("/")[0]
try:
if len(socks_proxy.rsplit(":")) < 2 or len(
socks_proxy.rsplit(":")) > 3:
e = True
elif len(socks_proxy.rsplit(":")) == 2 and socks_proxy.rsplit(
":")[1] == "":
e = True
elif len(socks_proxy.rsplit(":")) == 3 and socks_proxy.rsplit(
":")[2] == "":
e = True
except:
e = True
if e:
abort(400, messages(language, "valid_socks_address"))
if socks_flag == 4:
socks_proxy = "socks4://" + socks_proxy
if socks_flag == 5:
socks_proxy = "socks5://" + socks_proxy
config["socks_proxy"] = socks_proxy
# Check thread numbers
try:
config["thread_number"] = int(config["thread_number"])
except:
config["thread_number"] = defaults["thread_number"]
# Check thread number for hosts
try:
config["thread_number_host"] = int(config["thread_number_host"])
except:
config["thread_number_host"] = defaults["thread_number_host"]
# Check time sleep
try:
config["time_sleep"] = float(config["time_sleep"])
except:
config["time_sleep"] = defaults["time_sleep"]
# Check timeout sec
try:
config["timeout_sec"] = int(config["timeout_sec"])
except:
config["thread_number_host"] = defaults["thread_number_host"]
# Check users
config["users"] = config["users"].rsplit(
',') if config["users"] is not None else None
return config
def load():
write("\n\n")
# load libs
from core.color import finish
# load all modules in lib/brute, lib/scan, lib/graph
module_names = load_all_modules()
graph_names = load_all_graphs()
# Parse ARGVs
try:
parser, options, startup_update_flag = load_all_args(
module_names, graph_names)
except SystemExit:
finish()
sys.exit(1)
# Filling Options
check_ranges = options.check_ranges
check_subdomains = options.check_subdomains
targets = options.targets
targets_list = options.targets_list
thread_number = options.thread_number + 1
thread_number_host = options.thread_number_host
log_in_file = options.log_in_file
scan_method = options.scan_method
exclude_method = options.exclude_method
users = options.users
users_list = options.users_list
passwds = options.passwds
passwds_list = options.passwds_list
timeout_sec = options.timeout_sec
ports = options.ports
time_sleep = options.time_sleep
language = options.language
verbose_level = options.verbose_level
show_version = options.show_version
check_update = options.check_update
socks_proxy = options.socks_proxy
retries = options.retries
graph_flag = options.graph_flag
help_menu_flag = options.help_menu_flag
ping_flag = options.ping_flag
methods_args = options.methods_args
method_args_list = options.method_args_list
wizard_mode = options.wizard_mode
profile = options.profile
start_api = options.start_api
api_host = options.api_host
api_port = options.api_port
api_debug_mode = options.api_debug_mode
api_access_key = options.api_access_key
api_client_white_list = options.api_client_white_list
api_client_white_list_ips = options.api_client_white_list_ips
api_access_log = options.api_access_log
api_access_log_filename = options.api_access_log_filename
# Checking Requirements
(targets, targets_list, thread_number, thread_number_host,
log_in_file, scan_method, exclude_method, users, users_list,
passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version,
check_update, socks_proxy, retries, graph_flag, help_menu_flag, methods_args, method_args_list, wizard_mode,
profile, start_api, api_host, api_port, api_debug_mode, api_access_key, api_client_white_list,
api_client_white_list_ips, api_access_log, api_access_log_filename) = \
check_all_required(
targets, targets_list, thread_number, thread_number_host,
log_in_file, scan_method, exclude_method, users, users_list,
passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version,
check_update, socks_proxy, retries, graph_flag, help_menu_flag, methods_args, method_args_list, wizard_mode,
profile, start_api, api_host, api_port, api_debug_mode, api_access_key, api_client_white_list,
api_client_white_list_ips, api_access_log, api_access_log_filename
)
info(messages(language, 0))
# check for update
if startup_update_flag:
__version__, __code_name__ = _version_info()
_check(__version__, __code_name__, language, socks_proxy)
info(
messages(
language,
96).format(len(load_all_modules()) - 1 + len(load_all_graphs())))
suff = now(model="%Y_%m_%d_%H_%M_%S") + "".join(
random.choice(string.ascii_lowercase) for x in range(10))
subs_temp = "tmp/subs_temp_" + suff
range_temp = "tmp/ranges_" + suff
total_targets = -1
for total_targets, _ in enumerate(
analysis(targets, check_ranges, check_subdomains, subs_temp,
range_temp, log_in_file, time_sleep, language,
verbose_level, retries, socks_proxy, True)):
pass
total_targets += 1
total_targets = total_targets * len(scan_method)
try:
os.remove(range_temp)
except:
pass
range_temp = "tmp/ranges_" + suff
targets = analysis(targets, check_ranges, check_subdomains, subs_temp,
range_temp, log_in_file, time_sleep, language,
verbose_level, retries, socks_proxy, False)
trying = 0
scan_id = "".join(random.choice("0123456789abcdef") for x in range(32))
scan_cmd = " ".join(sys.argv)
for target in targets:
for sm in scan_method:
trying += 1
p = multiprocessing.Process(
target=start_attack,
args=(str(target).rsplit()[0], trying, total_targets, sm,
users, passwds, timeout_sec, thread_number, ports,
log_in_file, time_sleep, language, verbose_level,
socks_proxy, retries, ping_flag, methods_args, scan_id,
scan_cmd))
p.name = str(target) + "->" + sm
p.start()
while 1:
n = 0
processes = multiprocessing.active_children()
for process in processes:
if process.is_alive():
n += 1
else:
processes.remove(process)
if n >= thread_number_host:
time.sleep(0.01)
else:
break
_waiting_for = 0
while 1:
try:
exitflag = True
if len(multiprocessing.active_children()) is not 0:
exitflag = False
_waiting_for += 1
if _waiting_for > 3000:
_waiting_for = 0
info(
messages(language, 138).format(", ".join(
[p.name for p in multiprocessing.active_children()])))
time.sleep(0.01)
if exitflag:
break
except KeyboardInterrupt:
for process in multiprocessing.active_children():
process.terminate()
break
info(messages(language, 42))
os.remove(subs_temp)
os.remove(range_temp)
info(messages(language, 43))
sort_logs(log_in_file, language, graph_flag)
write("\n")
info(messages(language, 44))
write("\n\n")
finish()
def load():
write('\n\n')
# load all modules in lib/brute and lib/scan
module_names = load_all_modules()
# Parse ARGVs
parser, (options, args) = load_all_args(module_names)
# Filling Options
check_ranges = options.check_ranges
check_subdomains = options.check_subdomains
targets = options.targets
targets_list = options.targets_list
thread_number = options.thread_number
thread_number_host = options.thread_number_host
log_in_file = options.log_in_file
scan_method = options.scan_method
exclude_method = options.exclude_method
users = options.users
users_list = options.users_list
passwds = options.passwds
passwds_list = options.passwds_list
timeout_sec = options.timeout_sec
ports = options.ports
time_sleep = options.time_sleep
language = options.language
verbose_level = options.verbose_level
show_version = options.show_version
check_update = options.check_update
proxies = options.proxies
proxies_file = options.proxies_file
retries = options.retries
info(messages("en", 0))
# Checking Requirements
(targets, targets_list, thread_number, thread_number_host,
log_in_file, scan_method, exclude_method, users, users_list,
passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version,
check_update, proxies, proxies_file, retries) = \
check_all_required(
targets, targets_list, thread_number, thread_number_host,
log_in_file, scan_method, exclude_method, users, users_list,
passwds, passwds_list, timeout_sec, ports, parser, module_names, language, verbose_level, show_version,
check_update, proxies, proxies_file, retries
)
suff = str(datetime.datetime.now()).replace(' ', '_').replace(
':', '-') + '_' + ''.join(
random.choice(string.ascii_uppercase + string.digits)
for _ in range(10))
subs_temp = 'tmp/subs_temp_%s' % (suff)
range_temp = 'tmp/ranges_%s' % (suff)
total_targets = -1
for total_targets, _ in enumerate(
analysis(targets, check_ranges, check_subdomains, subs_temp,
range_temp, log_in_file, time_sleep, language,
verbose_level, show_version, check_update, proxies,
retries)):
pass
total_targets += 1
total_targets = total_targets * len(scan_method)
targets = analysis(targets, check_ranges, check_subdomains, subs_temp,
range_temp, log_in_file, time_sleep, language,
verbose_level, show_version, check_update, proxies,
retries)
threads = []
trying = 0
for target in targets:
for sm in scan_method:
trying += 1
t = threading.Thread(
target=start_attack,
args=(str(target).rsplit()[0], trying, total_targets, sm,
users, passwds, timeout_sec, thread_number, ports,
log_in_file, time_sleep, language, verbose_level,
show_version, check_update, proxies, retries))
threads.append(t)
t.start()
while 1:
n = 0
for thread in threads:
if thread.isAlive() is True:
n += 1
else:
threads.remove(thread)
if n >= thread_number_host:
time.sleep(0.1)
else:
break
while 1:
n = True
for thread in threads:
if thread.isAlive() is True:
n = False
time.sleep(0.1)
if n is True:
break
info(messages(language, 42))
os.remove(subs_temp)
os.remove(range_temp)
info(messages(language, 43))
sort_logs(log_in_file, language)
write('\n')
info(messages(language, 44))
write('\n\n')
def check_all_required(parser, api_forms=None):
"""
check all rules and requirements for ARGS
Args:
parser: parser from argparse
api_forms: values from API
Returns:
all ARGS with applied rules
"""
# Checking Requirements
options = parser.parse_args() if not api_forms else api_forms
modules_list = load_all_modules(full_details=True)
profiles_list = load_all_profiles()
# Check Help Menu
if options.show_help_menu:
parser.print_help()
write("\n\n")
write(messages("license"))
die_success()
# Check version
if options.show_version:
info(
messages("current_version").format(
color("yellow"),
version_info()[0],
color("reset"),
color("cyan"),
version_info()[1],
color("reset"),
color("green"),
)
)
die_success()
if options.show_all_modules:
messages("loading_modules")
for module in modules_list:
info(
messages("module_profile_full_information").format(
module,
", ".join(
[
"{key}: {value}".format(
key=key, value=modules_list[module][key]
) for key in modules_list[module]
]
)
)
)
die_success()
if options.show_all_profiles:
messages("loading_profiles")
for profile in profiles_list:
info(
messages("module_profile_full_information").format(
profile,
", ".join(profiles_list[profile])
)
)
die_success()
# API mode
if options.start_api_server:
if '--start-api' in sys.argv and api_forms:
die_failure(messages("cannot_run_api_server"))
from api.engine import start_api_server
if options.api_client_whitelisted_ips:
if type(options.api_client_whitelisted_ips) == str:
options.api_client_whitelisted_ips = options.api_client_whitelisted_ips.split(',')
whielisted_ips = []
for ip in options.api_client_whitelisted_ips:
from core.ip import (is_single_ipv4,
is_single_ipv6,
is_ipv4_cidr,
is_ipv6_range,
is_ipv6_cidr,
is_ipv4_range,
generate_ip_range)
if is_single_ipv4(ip) or is_single_ipv6(ip):
whielisted_ips.append(ip)
elif is_ipv4_range(ip) or is_ipv6_range(ip) or is_ipv4_cidr(ip) or is_ipv6_cidr(ip):
whielisted_ips += generate_ip_range(ip)
options.api_client_whitelisted_ips = whielisted_ips
start_api_server(options)
# Check the target(s)
if not (options.targets or options.targets_list) or (options.targets and options.targets_list):
parser.print_help()
write("\n")
die_failure(messages("error_target"))
if options.targets:
options.targets = list(set(options.targets.split(",")))
if options.targets_list:
try:
options.targets = list(set(open(options.targets_list, "rb").read().decode().split()))
except Exception:
die_failure(
messages("error_target_file").format(
options.targets_list
)
)
# check for modules
if not (options.selected_modules or options.profiles):
die_failure(messages("scan_method_select"))
if options.selected_modules:
if options.selected_modules == 'all':
options.selected_modules = modules_list
del options.selected_modules['all']
else:
options.selected_modules = list(set(options.selected_modules.split(',')))
for module_name in options.selected_modules:
if module_name not in modules_list:
die_failure(
messages("scan_module_not_found").format(
module_name
)
)
if options.profiles:
if not options.selected_modules:
options.selected_modules = []
if options.profiles == 'all':
options.selected_modules = modules_list
del options.selected_modules['all']
else:
options.profiles = list(set(options.profiles.split(',')))
for profile in options.profiles:
if profile not in profiles_list:
die_failure(
messages("profile_404").format(
profile
)
)
for module_name in profiles_list[profile]:
if module_name not in options.selected_modules:
options.selected_modules.append(module_name)
# threading & processing
if options.set_hardware_usage not in ['low', 'normal', 'high', 'maximum']:
die_failure(
messages("wrong_hardware_usage")
)
options.set_hardware_usage = select_maximum_cpu_core(options.set_hardware_usage)
options.thread_per_host = int(options.thread_per_host)
if not options.thread_per_host >= 1:
options.thread_per_host = 1
options.parallel_module_scan = int(options.parallel_module_scan)
if not options.parallel_module_scan >= 1:
options.parallel_module_scan = 1
# Check for excluding modules
if options.excluded_modules:
options.excluded_modules = options.excluded_modules.split(",")
if 'all' in options.excluded_modules:
die_failure(messages("error_exclude_all"))
for excluded_module in options.excluded_modules:
if excluded_module in options.selected_modules:
del options.selected_modules[excluded_module]
# Check port(s)
if options.ports:
tmp_ports = []
for port in options.ports.split(","):
try:
if "-" in port:
for port_number in range(int(port.split('-')[0]), int(port.split('-')[1]) + 1):
if port_number not in tmp_ports:
tmp_ports.append(port_number)
else:
if int(port) not in tmp_ports:
tmp_ports.append(int(port))
except Exception:
die_failure(messages("ports_int"))
options.ports = tmp_ports
if options.user_agent == 'random_user_agent':
options.user_agents = open(
nettacker_global_config()['nettacker_paths']['web_browser_user_agents']
).read().split('\n')
# Check user list
if options.usernames:
options.usernames = list(set(options.usernames.split(",")))
elif options.usernames_list:
try:
options.usernames = list(set(open(options.usernames_list).read().split("\n")))
except Exception:
die_failure(
messages("error_username").format(options.usernames_list)
)
# Check password list
if options.passwords:
options.passwords = list(set(options.passwords.split(",")))
elif options.passwords_list:
try:
options.passwords = list(set(open(options.passwords_list).read().split("\n")))
except Exception:
die_failure(
messages("error_passwords").format(options.passwords_list)
)
# Check output file
try:
temp_file = open(options.report_path_filename, "w")
temp_file.close()
except Exception:
die_failure(
messages("file_write_error").format(options.report_path_filename)
)
# Check Graph
if options.graph_name:
if options.graph_name not in load_all_graphs():
die_failure(
messages("graph_module_404").format(options.graph_name)
)
if not (options.report_path_filename.endswith(".html") or options.report_path_filename.endswith(".htm")):
warn(messages("graph_output"))
options.graph_name = None
# check modules extra args
if options.modules_extra_args:
all_args = {}
for args in options.modules_extra_args.split("&"):
all_args[args.split('=')[0]] = args.split('=')[1]
options.modules_extra_args = all_args
options.timeout = float(options.timeout)
options.time_sleep_between_requests = float(options.time_sleep_between_requests)
options.retries = int(options.retries)
return options
def load_all_args():
"""
create the ARGS and help menu
Returns:
the parser, the ARGS
"""
nettacker_global_configuration = nettacker_global_config()
# Language Options
language = application_language()
languages_list = load_all_languages()
if language not in languages_list:
die_failure(
"Please select one of these languages {0}".format(
languages_list
)
)
reset_color()
# Start Parser
parser = argparse.ArgumentParser(prog="Nettacker", add_help=False)
# Engine Options
engineOpt = parser.add_argument_group(
messages("engine"), messages("engine_input")
)
engineOpt.add_argument(
"-L",
"--language",
action="store",
dest="language",
default=nettacker_global_configuration['nettacker_user_application_config']["language"],
help=messages("select_language").format(languages_list),
)
engineOpt.add_argument(
"-v",
"--verbose",
action="store_true",
dest="verbose_mode",
default=nettacker_global_configuration['nettacker_user_application_config']['verbose_mode'],
help=messages("verbose_mode"),
)
engineOpt.add_argument(
"--verbose-event",
action="store_true",
dest="verbose_event",
default=nettacker_global_configuration['nettacker_user_application_config']['verbose_event'],
help=messages("verbose_event"),
)
engineOpt.add_argument(
"-V",
"--version",
action="store_true",
default=nettacker_global_configuration['nettacker_user_application_config']['show_version'],
dest="show_version",
help=messages("software_version"),
)
engineOpt.add_argument(
"-o",
"--output",
action="store",
default=nettacker_global_configuration['nettacker_user_application_config']['report_path_filename'],
dest="report_path_filename",
help=messages("save_logs"),
)
engineOpt.add_argument(
"--graph",
action="store",
default=nettacker_global_configuration['nettacker_user_application_config']["graph_name"],
dest="graph_name",
help=messages("available_graph").format(load_all_graphs()),
)
engineOpt.add_argument(
"-h",
"--help",
action="store_true",
default=nettacker_global_configuration['nettacker_user_application_config']["show_help_menu"],
dest="show_help_menu",
help=messages("help_menu"),
)
# Target Options
target = parser.add_argument_group(
messages("target"), messages("target_input")
)
target.add_argument(
"-i",
"--targets",
action="store",
dest="targets",
default=nettacker_global_configuration['nettacker_user_application_config']["targets"],
help=messages("target_list"),
)
target.add_argument(
"-l",
"--targets-list",
action="store",
dest="targets_list",
default=nettacker_global_configuration['nettacker_user_application_config']["targets_list"],
help=messages("read_target"),
)
# Exclude Module Name
exclude_modules = list(load_all_modules(limit=10).keys())
exclude_modules.remove("all")
# Methods Options
modules = parser.add_argument_group(
messages("Method"), messages("scan_method_options")
)
modules.add_argument(
"-m",
"--modules",
action="store",
dest="selected_modules",
default=nettacker_global_configuration['nettacker_user_application_config']["selected_modules"],
help=messages("choose_scan_method").format(list(load_all_modules(limit=10).keys())),
)
modules.add_argument(
"--modules-extra-args",
action="store",
dest="modules_extra_args",
default=nettacker_global_configuration['nettacker_user_application_config']['modules_extra_args'],
help=messages("modules_extra_args_help")
)
modules.add_argument(
"--show-all-modules",
action="store_true",
dest="show_all_modules",
default=nettacker_global_configuration['nettacker_user_application_config']["show_all_modules"],
help=messages("show_all_modules"),
)
modules.add_argument(
"--profile",
action="store",
default=nettacker_global_configuration['nettacker_user_application_config']["profiles"],
dest="profiles",
help=messages("select_profile").format(list(load_all_profiles(limit=10).keys())),
)
modules.add_argument(
"--show-all-profiles",
action="store_true",
dest="show_all_profiles",
default=nettacker_global_configuration['nettacker_user_application_config']["show_all_profiles"],
help=messages("show_all_profiles"),
)
modules.add_argument(
"-x",
"--exclude-modules",
action="store",
dest="excluded_modules",
default=nettacker_global_configuration['nettacker_user_application_config']["excluded_modules"],
help=messages("exclude_scan_method").format(exclude_modules),
)
modules.add_argument(
"-u",
"--usernames",
action="store",
dest="usernames",
default=nettacker_global_configuration['nettacker_user_application_config']["usernames"],
help=messages("username_list"),
)
modules.add_argument(
"-U",
"--users-list",
action="store",
dest="usernames_list",
default=nettacker_global_configuration['nettacker_user_application_config']["usernames_list"],
help=messages("username_from_file"),
)
modules.add_argument(
"-p",
"--passwords",
action="store",
dest="passwords",
default=nettacker_global_configuration['nettacker_user_application_config']["passwords"],
help=messages("password_seperator"),
)
modules.add_argument(
"-P",
"--passwords-list",
action="store",
dest="passwords_list",
default=nettacker_global_configuration['nettacker_user_application_config']["passwords_list"],
help=messages("read_passwords"),
)
modules.add_argument(
"-g",
"--ports",
action="store",
dest="ports",
default=nettacker_global_configuration['nettacker_user_application_config']["ports"],
help=messages("port_seperator"),
)
modules.add_argument(
"--user-agent",
action="store",
dest="user_agent",
default=nettacker_global_configuration['nettacker_user_application_config']["user_agent"],
help=messages("select_user_agent"),
)
modules.add_argument(
"-T",
"--timeout",
action="store",
dest="timeout",
default=nettacker_global_configuration['nettacker_user_application_config']["timeout"],
type=float,
help=messages("read_passwords"),
)
modules.add_argument(
"-w",
"--time-sleep-between-requests",
action="store",
dest="time_sleep_between_requests",
default=nettacker_global_configuration['nettacker_user_application_config']["time_sleep_between_requests"],
type=float,
help=messages("time_to_sleep"),
)
modules.add_argument(
"-r",
"--range",
action="store_true",
default=nettacker_global_configuration['nettacker_user_application_config']["scan_ip_range"],
dest="scan_ip_range",
help=messages("range"),
)
modules.add_argument(
"-s",
"--sub-domains",
action="store_true",
default=nettacker_global_configuration['nettacker_user_application_config']["scan_subdomains"],
dest="scan_subdomains",
help=messages("subdomains"),
)
modules.add_argument(
"-t",
"--thread-per-host",
action="store",
default=nettacker_global_configuration['nettacker_user_application_config']["thread_per_host"],
type=int,
dest="thread_per_host",
help=messages("thread_number_connections"),
)
modules.add_argument(
"-M",
"--parallel-module-scan",
action="store",
default=nettacker_global_configuration['nettacker_user_application_config']["parallel_module_scan"],
type=int,
dest="parallel_module_scan",
help=messages("thread_number_modules"),
)
modules.add_argument(
"--set-hardware-usage",
action="store",
dest="set_hardware_usage",
default=nettacker_global_configuration['nettacker_user_application_config']['set_hardware_usage'],
help=messages("set_hardware_usage")
)
modules.add_argument(
"-R",
"--socks-proxy",
action="store",
dest="socks_proxy",
default=nettacker_global_configuration['nettacker_user_application_config']["socks_proxy"],
help=messages("outgoing_proxy"),
)
modules.add_argument(
"--retries",
action="store",
dest="retries",
type=int,
default=nettacker_global_configuration['nettacker_user_application_config']["retries"],
help=messages("connection_retries"),
)
modules.add_argument(
"--ping-before-scan",
action="store_true",
dest="ping_before_scan",
default=nettacker_global_configuration['nettacker_user_application_config']["ping_before_scan"],
help=messages("ping_before_scan"),
)
# API Options
api = parser.add_argument_group(
messages("API"),
messages("API_options")
)
api.add_argument(
"--start-api",
action="store_true",
dest="start_api_server",
default=nettacker_global_configuration['nettacker_api_config']["start_api_server"],
help=messages("start_api_server")
)
api.add_argument(
"--api-host",
action="store",
dest="api_hostname",
default=nettacker_global_configuration['nettacker_api_config']["api_hostname"],
help=messages("API_host")
)
api.add_argument(
"--api-port",
action="store",
dest="api_port",
default=nettacker_global_configuration['nettacker_api_config']["api_port"],
help=messages("API_port")
)
api.add_argument(
"--api-debug-mode",
action="store_true",
dest="api_debug_mode",
default=nettacker_global_configuration['nettacker_api_config']["api_debug_mode"],
help=messages("API_debug")
)
api.add_argument(
"--api-access-key",
action="store",
dest="api_access_key",
default=nettacker_global_configuration['nettacker_api_config']["api_access_key"],
help=messages("API_access_key")
)
api.add_argument(
"--api-client-whitelisted-ips",
action="store",
dest="api_client_whitelisted_ips",
default=nettacker_global_configuration['nettacker_api_config']["api_client_whitelisted_ips"],
help=messages("define_whie_list")
)
api.add_argument(
"--api-access-log",
action="store",
dest="api_access_log",
default=nettacker_global_configuration['nettacker_api_config']["api_access_log"],
help=messages("API_access_log_file")
)
api.add_argument(
"--api-cert",
action="store",
dest="api_cert",
help=messages("API_cert")
)
api.add_argument(
"--api-cert-key",
action="store",
dest="api_cert_key",
help=messages("API_cert_key")
)
# Return Options
return parser
