def __init__(self, options):
utils.print_banner("CORS Scanning")
utils.make_directory(options['WORKSPACE'] + '/cors')
self.module_name = self.__class__.__name__
self.options = options
slack.slack_noti(
'status',
self.options,
mess={
'title':
"{0} | {1}".format(self.options['TARGET'], self.module_name),
'content':
'Start Scanning CORS for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name)
slack.slack_noti(
'good',
self.options,
mess={
'title':
"{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content':
'Done Scanning CORS for {0}'.format(self.options['TARGET'])
})
def __init__(self, options):
utils.print_banner("IP Discovery")
utils.make_directory(options['WORKSPACE'] + '/ipspace')
self.module_name = self.__class__.__name__
self.options = options
slack.slack_noti(
'status',
self.options,
mess={
'title':
"{0} | {1}".format(self.options['TARGET'], self.module_name),
'content':
'Start IP Discovery for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.module_name)
try:
self.conclude()
except:
utils.print_bad("Something wrong with conclude for {0}".format(
self.module_name))
slack.slack_noti(
'good',
self.options,
mess={
'title':
"{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content':
'Done IP Discovery for {0}'.format(self.options['TARGET'])
})
def __init__(self, options):
utils.print_banner("Scanning Subdomain")
utils.make_directory(options['WORKSPACE'] + '/subdomain')
self.module_name = self.__class__.__name__
self.options = options
self.options['CURRENT_MODULE'] = self.module_name
self.options['SPEED'] = utils.custom_speed(self.options)
if utils.resume(self.options, self.module_name):
utils.print_info(
"It's already done. use '-f' options to force rerun the module")
return
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Scanning Subdomain for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name, seconds=60)
self.conclude()
# this gonna run after module is done to update the main json
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content': 'Done Scanning Subdomain for {0}'.format(self.options['TARGET'])
})
utils.print_line()
def run(self):
commands = execute.get_commands(
self.options, self.module_name).get('routines')
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
#really execute it
execute.send_cmd(self.options, item.get('cmd'), item.get(
'output_path'), item.get('std_path'), self.module_name)
time.sleep(1)
utils.just_waiting(self.options, self.module_name, seconds=10, times=5)
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
for item in commands:
if "Whois" in item.get('cmd'):
main_json["Info"]["Whois"] = {"path": item.get('output_path')}
if "Dig" in item.get('cmd'):
main_json["Info"]["Dig"] = {"path": item.get('output_path')}
utils.just_write(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def __init__(self, options):
utils.print_banner("Port Scanning")
utils.make_directory(options['WORKSPACE'] + '/portscan')
self.module_name = self.__class__.__name__
self.options = options
slack.slack_noti(
'status',
self.options,
mess={
'title':
"{0} | {1}".format(self.options['TARGET'], self.module_name),
'content':
'Start Port Scanning for {0}'.format(self.options['TARGET'])
})
# self.initial()
utils.just_waiting(self.module_name, seconds=60)
# self.create_ip_result()
self.conclude()
slack.slack_noti(
'good',
self.options,
mess={
'title':
"{0} | {1}".format(self.options['TARGET'], self.module_name),
'content':
'Start Port Scanning for {0}'.format(self.options['TARGET'])
})
def __init__(self, options):
utils.print_banner("Port Scanning")
utils.make_directory(options['WORKSPACE'] + '/portscan')
utils.make_directory(options['WORKSPACE'] + '/subdomain')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info(
"It's already done. use '-f' options to force rerun the module")
return
self.is_direct = utils.is_direct_mode(options, require_input=True)
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Port Scanning for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name, seconds=60)
self.conclude()
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Port Scanning for {0}'.format(self.options['TARGET'])
})
def gowithness(self, data):
# add http:// and https:// prefix to domain
domains = []
utils.make_directory(self.options['WORKSPACE'] +
'/screenshot/screenshoots-gowitness')
for item in data:
host = utils.get_domain(item)
domains.append("http://" + host)
domains.append("https://" + host)
http_file = utils.replace_argument(
self.options, '$WORKSPACE/screenshot/$OUTPUT-hosts.txt')
utils.just_write(http_file, "\n".join(domains))
utils.clean_up(http_file)
time.sleep(2)
# screenshots with gowitness
cmd = "$GO_PATH/gowitness file -s $WORKSPACE/screenshot/$OUTPUT-hosts.txt -t 30 --log-level fatal --destination $WORKSPACE/screenshot/screenshoots-gowitness/ --db $WORKSPACE/screenshot/screenshoots-gowitness/gowitness.db"
execute.send_cmd(self.options,
utils.replace_argument(self.options,
cmd), '', '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10)
cmd = "$GO_PATH/gowitness generate -n $WORKSPACE/screenshot/$OUTPUT-gowitness-screenshots.html --destination $WORKSPACE/screenshot/screenshoots-gowitness/ --db $WORKSPACE/screenshot/screenshoots-gowitness/gowitness.db"
html_path = utils.replace_argument(
self.options,
"$WORKSPACE/portscan/$OUTPUT-gowitness-screenshots.html")
execute.send_cmd(self.options,
utils.replace_argument(self.options, cmd), html_path,
'', self.module_name)
def __init__(self, options):
utils.print_banner("Scanning Subdomain")
utils.make_directory(options['WORKSPACE'] + '/subdomain')
self.module_name = self.__class__.__name__
self.options = options
slack.slack_noti('status',
self.options,
mess={
'title':
"{0} | {1}".format(self.options['TARGET'],
self.module_name),
'content':
'Start Scanning Subdomain for {0}'.format(
self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.module_name, seconds=10)
self.conclude()
#this gonna run after module is done to update the main json
slack.slack_noti('good',
self.options,
mess={
'title':
"{0} | {1} ".format(self.options['TARGET'],
self.module_name),
'content':
'Done Scanning Subdomain for {0}'.format(
self.options['TARGET'])
})
def screenshots(self, csv_data):
# add http:// and https:// prefix to domain
if csv_data:
result = []
for line in csv_data.splitlines()[1:]:
# print(line)
host = line.split(',')[0]
port = line.split(',')[3]
result.append("http://" + host + ":" + port)
result.append("https://" + host + ":" + port)
utils.just_write(
utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-hosts.txt'),
"\n".join(result))
# screenshots with gowitness
utils.make_directory(self.options['WORKSPACE'] +
'/portscan/screenshoots-massscan/')
cmd = "$GO_PATH/gowitness file -s $WORKSPACE/portscan/$OUTPUT-hosts.txt -t 30 --log-level fatal --destination $WORKSPACE/portscan/screenshoots-massscan/ --db $WORKSPACE/portscan/screenshoots-massscan/gowitness.db"
execute.send_cmd(self.options,
utils.replace_argument(self.options, cmd), '', '',
self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10)
cmd = "$GO_PATH/gowitness generate -n $WORKSPACE/portscan/$OUTPUT-masscan-screenshots.html --destination $WORKSPACE/portscan/screenshoots-massscan/ --db $WORKSPACE/portscan/screenshoots-massscan/gowitness.db"
html_path = utils.replace_argument(
self.options,
"$WORKSPACE/portscan/$OUTPUT-masscan-screenshots.html")
execute.send_cmd(self.options,
utils.replace_argument(self.options, cmd),
html_path, '', self.module_name)
def __init__(self, options):
utils.print_banner("IP Discovery")
utils.make_directory(options['WORKSPACE'] + '/ipspace')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info("It's already done. use '-f' options to force rerun the module")
return
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start IP Discovery for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name)
try:
self.conclude()
except:
utils.print_bad("Something wrong with conclude for {0}".format(self.module_name))
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content': 'Done IP Discovery for {0}'.format(self.options['TARGET'])
})
def initial(self):
if self.observatory():
utils.just_waiting(self.options, self.module_name)
try:
self.conclude()
except:
utils.print_bad("Something wrong with conclude for {0}".format(self.module_name))
def initial(self):
if self.observatory():
utils.just_waiting(self.options, self.module_name)
try:
self.conclude()
except:
utils.print_bad("Something wrong with conclude for {0}".format(self.module_name))
def run(self):
commands = execute.get_commands(self.options,
self.module_name).get('routines')
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
#really execute it
execute.send_cmd(self.options, item.get('cmd'),
item.get('output_path'), item.get('std_path'),
self.module_name)
time.sleep(1)
utils.just_waiting(self.options, self.module_name, seconds=10, times=5)
main_json = utils.reading_json(
utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
for item in commands:
if "Whois" in item.get('cmd'):
main_json["Info"]["Whois"] = {"path": item.get('output_path')}
if "Dig" in item.get('cmd'):
main_json["Info"]["Dig"] = {"path": item.get('output_path')}
utils.just_write(utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'),
main_json,
is_json=True)
def whois(self):
utils.print_good('Starting Whois')
cmd = 'whois $TARGET | tee $WORKSPACE/info/$TARGET-whois.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/info/$OUTPUT-whois.txt')
std_path = utils.replace_argument(
self.options, '$WORKSPACE/info/std-$OUTPUT-whois.std')
#log the command
slack.slack_log(self.options,
mess={
'title':
"{0} | Whois | {1} | Execute".format(
self.options['TARGET'], self.module_name),
'content':
'```{0}```'.format(cmd),
})
execute.send_cmd(cmd, output_path, std_path, self.module_name)
# upload the output
utils.just_waiting(self.module_name, seconds=2)
slack.slack_file(self.options,
mess={
'title':
"{0} | Whois | {1} | Output".format(
self.options['TARGET'], self.module_name),
'filename':
'{0}'.format(output_path),
})
def initial(self):
self.aquaton()
# really slow the flow so disable for now
# self.eyewitness_common()
utils.just_waiting(self.module_name, seconds=10)
#this gonna run after module is done to update the main json
self.conclude()
def observatory(self):
utils.print_good('Starting observatory')
if self.is_direct:
domain_file = self.is_direct
else:
if self.options['SPEED'] == 'quick':
utils.print_good('Skipping {0} in quick mode'.format(self.module_name))
return None
domain_file = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
with open(domain_file, 'r') as d:
domains = d.read().splitlines()
if self.options['DEBUG'] == "True":
utils.print_info("Only get 30 target debug mode")
domains = domains[:10]
for part in list(utils.chunks(domains, 1)):
for domain in part:
cmd = 'observatory --rescan -q {0} --format=json -z --attempts 50 | tee $WORKSPACE/headers/details/{0}-observatory.json'.format(
domain.strip())
cmd = utils.replace_argument(self.options, cmd)
execute.send_cmd(self.options, cmd, '', '', self.module_name, nolog=True)
time.sleep(10)
utils.just_waiting(self.options, self.module_name, seconds=10, times=2)
return True
def __init__(self, options):
utils.print_banner("IP Discovery")
utils.make_directory(options['WORKSPACE'] + '/ipspace')
self.module_name = self.__class__.__name__
self.options = options
slack.slack_info(
self.options,
mess={
'title':
"{0} | {1}".format(self.options['TARGET'], self.module_name),
'content':
'Start IP Discovery for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.module_name)
self.conclude()
slack.slack_good(
self.options,
mess={
'title':
"{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content':
'Done IP Discovery for {0}'.format(self.options['TARGET'])
})
def __init__(self, options):
utils.print_banner("CORS Scanning")
utils.make_directory(options['WORKSPACE'] + '/cors')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info(
"It's already done. use '-f' options to force rerun the module"
)
return
slack.slack_noti(
'status',
self.options,
mess={
'title':
"{0} | {1}".format(self.options['TARGET'], self.module_name),
'content':
'Start Scanning CORS for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name)
slack.slack_noti(
'good',
self.options,
mess={
'title':
"{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content':
'Done Scanning CORS for {0}'.format(self.options['TARGET'])
})
def observatory(self):
utils.print_good('Starting observatory')
if self.is_direct:
domain_file = self.is_direct
else:
if self.options['SPEED'] == 'quick':
utils.print_good('Skipping {0} in quick mode'.format(self.module_name))
return None
domain_file = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
with open(domain_file, 'r') as d:
domains = d.read().splitlines()
if self.options['DEBUG'] == "True":
utils.print_info("Only get 30 target debug mode")
domains = domains[:10]
for part in list(utils.chunks(domains, 1)):
for domain in part:
cmd = 'observatory --rescan -q {0} --format=json -z --attempts 50 | tee $WORKSPACE/headers/details/{0}-observatory.json'.format(
domain.strip())
cmd = utils.replace_argument(self.options, cmd)
execute.send_cmd(self.options, cmd, '', '', self.module_name, nolog=True)
time.sleep(10)
utils.just_waiting(self.options, self.module_name, seconds=10, times=2)
return True
def nmap_vuln_list(self, ip_list):
utils.print_good('Starting Nmap VulnScan')
# Scan every 2 IP at time Increse if you want
for part in utils.chunks(ip_list, 2):
for ip in part:
encode_input = utils.strip_slash(ip.strip())
cmd = 'sudo nmap --open -T4 -Pn -n -sSV -p- {0} --script $PLUGINS_PATH/nmap-stuff/vulners.nse --oA $WORKSPACE/vulnscan/details/{1}-nmap'.format(
ip.strip(), encode_input)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/vulnscan/details/{0}-nmap.nmap'.format(
encode_input))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/vulnscan/details/std-{0}-nmap.std'.format(
encode_input))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
# check if previous task done or not every 30 second
utils.just_waiting(self.options, self.module_name, seconds=120)
self.parsing_to_csv()
# just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def __init__(self, options):
utils.print_banner("AssetFinding")
utils.make_directory(options['WORKSPACE'] + '/assets')
self.module_name = self.__class__.__name__
self.options = options
self.options['CURRENT_MODULE'] = self.module_name
self.options['SPEED'] = utils.custom_speed(self.options)
if utils.resume(self.options, self.module_name):
utils.print_info(
"It's already done. use '-f' options to force rerun the module"
)
return
self.is_direct = utils.is_direct_mode(options, require_input=True)
slack.slack_noti(
'status',
self.options,
mess={
'title':
"{0} | {1}".format(self.options['TARGET'], self.module_name),
'content':
'Start AssetFinding for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name)
slack.slack_noti(
'good',
self.options,
mess={
'title':
"{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content':
'Done AssetFinding for {0}'.format(self.options['TARGET'])
})
utils.print_line()
def __init__(self, options):
utils.print_banner("Port Scanning")
utils.make_directory(options['WORKSPACE'] + '/portscan')
utils.make_directory(options['WORKSPACE'] + '/subdomain')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info(
"It's already done. use '-f' options to force rerun the module")
return
self.is_direct = utils.is_direct_mode(options, require_input=True)
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Port Scanning for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name, seconds=60)
# self.create_ip_result()
self.conclude()
slack.slack_noti('good', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Port Scanning for {0}'.format(self.options['TARGET'])
})
def initial(self):
ip_list = self.prepare_input()
if type(ip_list) == list:
self.nmap_vuln_list(ip_list)
utils.just_waiting(self.options, self.module_name, seconds=120)
self.parsing_to_csv()
else:
self.nmap_single(ip_list)
def technology_detection(self):
all_subdomain_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
if not utils.not_empty_file(all_subdomain_path):
return
#add https:// prefix for all domain
domains = utils.just_read(all_subdomain_path).splitlines()
scheme_path = utils.replace_argument(
self.options, '$WORKSPACE/recon/all-scheme-$OUTPUT.txt')
utils.just_write(
scheme_path,
"\n".join(domains + [("https://" + x.strip()) for x in domains]))
#really execute command
cmd = '$GO_PATH/webanalyze -apps $PLUGINS_PATH/apps.json -hosts $WORKSPACE/recon/all-scheme-$OUTPUT.txt -output json -worker 20 | tee $WORKSPACE/recon/$OUTPUT-technology.json'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/recon/$OUTPUT-technology.json')
execute.send_cmd(self.options, cmd, '', '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10)
with open(output_path, encoding='utf-8') as o:
data = o.read().splitlines()
#parsing output to get technology
techs = {}
for line in data:
jsonl = json.loads(line)
if jsonl.get('matches'):
subdomain = jsonl.get('hostname').replace('https://', '')
if techs.get(subdomain):
techs[subdomain] += [
x.get('app_name') for x in jsonl.get('matches')
]
else:
techs[subdomain] = [
x.get('app_name') for x in jsonl.get('matches')
]
# print(techs)
#update the main json and rewrite that
main_json = utils.reading_json(
utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
for i in range(len(main_json['Subdomains'])):
sub = main_json['Subdomains'][i].get('Domain')
if techs.get(sub):
main_json['Subdomains'][i]["Technology"] = techs.get(sub)
utils.just_write(utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'),
main_json,
is_json=True)
def technology_detection(self):
all_subdomain_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
if not utils.not_empty_file(all_subdomain_path):
return
#add https:// prefix for all domain
domains = utils.just_read(all_subdomain_path).splitlines()
scheme_path = utils.replace_argument(
self.options, '$WORKSPACE/recon/all-scheme-$OUTPUT.txt')
utils.just_write(scheme_path, "\n".join(
domains + [("https://" + x.strip()) for x in domains]))
#really execute command
cmd = '$GO_PATH/webanalyze -apps $PLUGINS_PATH/apps.json -hosts $WORKSPACE/recon/all-scheme-$OUTPUT.txt -output json -worker 20 | tee $WORKSPACE/recon/$OUTPUT-technology.json'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/recon/$OUTPUT-technology.json')
execute.send_cmd(self.options, cmd, output_path,
'', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10, times=20)
with open(output_path, encoding='utf-8') as o:
data = o.read().splitlines()
#parsing output to get technology
techs = {}
for line in data:
try:
jsonl = json.loads(line)
if jsonl.get('matches'):
subdomain = jsonl.get('hostname').replace('https://', '')
if techs.get(subdomain):
techs[subdomain] += [x.get('app_name')
for x in jsonl.get('matches')]
else:
techs[subdomain] = [x.get('app_name')
for x in jsonl.get('matches')]
except:
pass
# print(techs)
#update the main json and rewrite that
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
for i in range(len(main_json['Subdomains'])):
sub = main_json['Subdomains'][i].get('Domain')
if techs.get(sub):
main_json['Subdomains'][i]["Technology"] = techs.get(sub)
utils.just_write(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def create_ip_result(self):
utils.print_good('Create IP for list of domain result')
# check if direct input is file or just single string
if self.is_direct:
if utils.not_empty_file(self.is_direct):
cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $INPUT_LIST'
# just return if direct input is just a string
else:
return
else:
final_ip = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
if utils.not_empty_file(final_ip):
return
cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $WORKSPACE/subdomain/final-$OUTPUT.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt')
execute.send_cmd(self.options, cmd, '', '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=5)
# matching IP with subdomain
main_json = utils.reading_json(
utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
# get ips from amass stuff
ips = []
if self.is_direct:
if self.options.get("INPUT_LIST"):
ips.extend(utils.extract_ip(self.options.get('INPUT_LIST')))
if utils.not_empty_file(output_path):
data = utils.just_read(output_path).splitlines()
for line in data:
if " A " in line:
subdomain = line.split('. A ')[0]
ip = line.split('. A ')[1]
ips.append(str(ip))
for i in range(len(main_json['Subdomains'])):
if subdomain == main_json['Subdomains'][i]['Domain']:
main_json['Subdomains'][i]['IP'] = ip
final_ip = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
utils.just_write(final_ip, "\n".join(ips))
utils.just_write(utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'),
main_json,
is_json=True)
def normal(options):
utils.print_good("Running with {0} speed".format(options['SPEED']))
# Create skeleton json
initials.Initials(options)
# Finding subdomain
subdomain.SubdomainScanning(options)
# waiting for previous module
utils.just_waiting(options, 'SubdomainScanning')
# Scanning for subdomain take over
takeover.TakeOverScanning(options)
# Screen shot the target on common service
screenshot.ScreenShot(options)
# Recon
recon.Recon(options)
# Recon
assetfinding.AssetFinding(options)
# Scanning for CorsScan
cors.CorsScan(options)
# Discovery IP space
ipspace.IPSpace(options)
# SSL Scan
sslscan.SSLScan(options)
# Headers Scan
headers.HeadersScan(options)
# Note: From here the module gonna take really long time
# for scanning service and stuff like that
utils.print_info('This gonna take a while')
# Scanning all port using result from subdomain scanning
# and also checking vulnerable service based on version
portscan.PortScan(options)
# Directory scan
dirbrute.DirBrute(options)
# Starting vulnerable scan
vulnscan.VulnScan(options)
# brutethings.BruteThings(options)
conclusion.Conclusion(options)
def run(self):
commands = execute.get_commands(self.module_name).get('routines')
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
#really execute it
execute.send_cmd(item.get('cmd'), item.get('output_path'),
item.get('std_path'), self.module_name)
utils.just_waiting(self.module_name, seconds=2)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(logfile)
def run(self):
commands = execute.get_commands(self.options, self.module_name).get('routines')
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
#really execute it
execute.send_cmd(self.options, item.get('cmd'), item.get(
'output_path'), item.get('std_path'), self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def run(self):
commands = execute.get_commands(self.module_name).get('routines')
if self.options['DEBUG'] == "True":
commands = commands[1:]
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
#really execute it
execute.send_cmd(item.get('cmd'), item.get('output_path'),
item.get('std_path'), self.module_name)
time.sleep(1)
utils.just_waiting(self.module_name, seconds=30)
def __init__(self, options):
utils.print_banner("SSL Scanning")
utils.make_directory(options['WORKSPACE'] + '/ssl/')
self.module_name = self.__class__.__name__
self.options = options
if utils.resume(self.options, self.module_name):
utils.print_info("It's already done. use '-f' options to force rerun the module")
return
slack.slack_noti('status', self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start SSL Scanning for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.options, self.module_name)
def resolve_ip(self):
utils.print_good('Create IP for list of domain result')
final_ip = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
all_subdomain_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
# we this have done or not found anything just return
if utils.not_empty_file(
final_ip) or not utils.not_empty_file(all_subdomain_path):
return
cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $WORKSPACE/subdomain/final-$OUTPUT.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt')
execute.send_cmd(self.options, cmd, '', '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=5, times=5)
# load main json
main_json = utils.reading_json(
utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
data = utils.just_read(output_path)
if data:
ips = []
for line in data.splitlines():
if " A " in line:
subdomain = line.split('. A ')[0]
ip = line.split('. A ')[1]
ips.append(ip)
for i in range(len(main_json['Subdomains'])):
if subdomain == main_json['Subdomains'][i]['Domain']:
main_json['Subdomains'][i]['IP'] = ip
final_ip = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
with open(final_ip, 'w+') as fip:
fip.write("\n".join(str(ip) for ip in ips))
# update the main json file
utils.just_write(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'),
main_json,
is_json=True)
def normal(options):
utils.print_good("Running with {0} speed".format(options['SPEED']))
# Create skeleton json
initials.Initials(options)
##Finding subdomain
subdomain.SubdomainScanning(options)
##waiting for previous module
utils.just_waiting(options, 'SubdomainScanning')
# ##Scanning for subdomain take over
takeover.TakeOverScanning(options)
##Screen shot the target on common service
screenshot.ScreenShot(options)
##Recon
recon.Recon(options)
##Scanning for CorsScan
cors.CorsScan(options)
# ##Discovery IP space
ipspace.IPSpace(options)
# ##SSL Scan
sslscan.SSLScan(options)
# ##Headers Scan
headers.HeadersScan(options)
# ##### Note: From here the module gonna take really long time for scanning service and stuff like that
utils.print_info('This gonna take a while')
# #Scanning all port using result from subdomain scanning and also checking vulnerable service based on version
portscan.PortScan(options)
#Directory scan
dirbrute.DirBrute(options)
# #Starting vulnerable scan
vulnscan.VulnScan(options)
# brutethings.BruteThings(options)
conclusion.Conclusion(options)
def dirsearch(self, domain_path):
utils.print_good('Starting dirsearch')
cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py -b -e php,aspx,jsp,swp,swf,zip --wordlist=$PLUGINS_PATH/wordlists/really-quick.txt -x '302,404' --simple-report=$WORKSPACE/directory/quick/$OUTPUT-dirsearch.txt -t 50 -L {0}".format(
domain_path)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/$OUTPUT-dirsearch.txt')
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/std-$OUTPUT-dirsearch.std')
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=120)
def __init__(self, options):
utils.print_banner("Scanning for Subdomain TakeOver")
self.module_name = self.__class__.__name__
self.options = options
slack.slack_info(self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Scanning TakeOver for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.module_name)
self.conclude()
slack.slack_good(self.options, mess={
'title': "{0} | {1} ".format(self.options['TARGET'], self.module_name),
'content': 'Done Scanning TakeOver for {0}'.format(self.options['TARGET'])
})
def create_ip_result(self):
utils.print_good('Create IP for list of domain result')
if self.is_direct:
cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $INPUT'
else:
final_ip = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
if utils.not_empty_file(final_ip):
return
cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $WORKSPACE/subdomain/final-$OUTPUT.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt')
execute.send_cmd(self.options, cmd, '', '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=5)
# matching IP with subdomain
main_json = utils.reading_json(
utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
with open(output_path, 'r') as i:
data = i.read().splitlines()
ips = []
for line in data:
if " A " in line:
subdomain = line.split('. A ')[0]
ip = line.split('. A ')[1]
ips.append(ip)
for i in range(len(main_json['Subdomains'])):
if subdomain == main_json['Subdomains'][i]['Domain']:
main_json['Subdomains'][i]['IP'] = ip
final_ip = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
with open(final_ip, 'w+') as fip:
fip.write("\n".join(str(ip) for ip in ips))
utils.just_write(utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'),
main_json,
is_json=True)
def run(self):
commands = execute.get_commands(self.options, self.module_name).get('routines')
if self.options['DEBUG'] == "True":
commands = [commands[1]]
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
# really execute it
execute.send_cmd(self.options, item.get('cmd'), item.get(
'output_path'), item.get('std_path'), self.module_name)
time.sleep(1)
self.massdns()
utils.just_waiting(self.options, self.module_name, seconds=5)
# just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def create_ip_result(self):
utils.print_good('Create IP for list of domain result')
if self.is_direct:
cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $INPUT'
else:
final_ip = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
if utils.not_empty_file(final_ip):
return
cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $WORKSPACE/subdomain/final-$OUTPUT.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt')
execute.send_cmd(self.options, cmd, '', '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=5)
# matching IP with subdomain
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
with open(output_path, 'r') as i:
data = i.read().splitlines()
ips = []
for line in data:
if " A " in line:
subdomain = line.split('. A ')[0]
ip = line.split('. A ')[1]
ips.append(ip)
for i in range(len(main_json['Subdomains'])):
if subdomain == main_json['Subdomains'][i]['Domain']:
main_json['Subdomains'][i]['IP'] = ip
final_ip = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
with open(final_ip, 'w+') as fip:
fip.write("\n".join(str(ip) for ip in ips))
utils.just_write(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def __init__(self, options):
utils.print_banner("Port Scanning")
utils.make_directory(options['WORKSPACE'] + '/portscan')
self.module_name = self.__class__.__name__
self.options = options
slack.slack_info(self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Port Scanning for {0}'.format(self.options['TARGET'])
})
self.initial()
utils.just_waiting(self.module_name)
self.result_parsing()
self.conclude()
slack.slack_good(self.options, mess={
'title': "{0} | {1}".format(self.options['TARGET'], self.module_name),
'content': 'Start Port Scanning for {0}'.format(self.options['TARGET'])
})
def permutation(self):
# running goaltdns
if self.options['SPEED'] == 'quick':
utils.print_info('Skip permutation subdomain for quick mode')
return None
elif self.options['SPEED'] == 'slow':
cmd = '$GO_PATH/goaltdns -w $PLUGINS_PATH/wordlists/short-permutation.txt -l $WORKSPACE/subdomain/full-$OUTPUT.txt -o $WORKSPACE/subdomain/permutation-$OUTPUT.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/permutation-$OUTPUT.txt')
execute.send_cmd(self.options, cmd, output_path,
'', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=5)
# resolve generated domain to verify it
cmd2 = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt --sticky -t A --verify-ip -q -o S -w $WORKSPACE/subdomain/massdns-permutation-$OUTPUT.txt $WORKSPACE/subdomain/permutation-$OUTPUT.txt'
cmd2 = utils.replace_argument(self.options, cmd2)
output_path2 = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt')
execute.send_cmd(self.options, cmd, output_path2, '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=5)
# strip out some false positive cause some resolvers are crazy
raw_permutation = utils.just_read(output_path2)
permutation_domains = []
if raw_permutation:
# finding false positive
false_positive = []
tmp_false_positive = []
for line in raw_permutation.splitlines():
tmp_false_positive.append(line.split('. A')[1])
for item in tmp_false_positive:
if tmp_false_positive.count(item) > 3:
false_positive.append(item)
# really adding things
for line in raw_permutation.splitlines():
if line.split('. A ')[1] not in false_positive:
permutation_domains.append(
line.split('. A ')[0])
return permutation_domains
def initial(self):
self.run()
utils.just_waiting(self.options, self.module_name, seconds=10)
