def dj_cli(context, directory, project, managers,
project_file, verbose, debug, quiet, json):
# Sloppy hack for easy-to-use defaultdicts!
cfg = {}
cfg.update(context.obj or {})
context.obj = cfg
# Fill in some required defaults
cfg['home'] = os.path.realpath(os.path.expandvars(directory))
cfg['name'] = project or os.path.basename(os.environ['PWD'])
cfg['project_file'] = project_file or os.path.join(
cfg['home'], 'project.yml')
cfg['verbose'] = not json and not quiet and verbose
cfg['quiet'] = not json and quiet
cfg['json'] = json
cfg['level'] = (
(json and 99)
or (quiet and logging.WARNING)
or (verbose and logging.VERBOSE)
or (debug and logging.DEBUG)
or logging.INFO
)
def log_level(): return cfg['level']
L.setLevel(log_level())
try:
with open(cfg['project_file'], 'r') as fh: cfg.update(yaml.load(fh))
except IOError, e: return error_out(context, 'IOError', e.message)
cfg['project'] = Project(cfg)
def main():
args = parse_args()
if args.verbose:
logger.setLevel(logging.DEBUG)
star_follower = StarFollower(db_path=args.db)
if args.dump:
star_follower.dump(args.dump,
page_limit=args.pages,
include_root=args.self)
logger.info('[+] Finished dumping!')
elif args.export:
star_follower.export(args.export,
name_limit=args.nlen,
url_limit=args.ulen,
descr_limit=args.dlen,
file_format=args.format,
order_by=args.orderby)
logger.info('[+] Finished exporting!')
def main():
options = get_options()
domain = options.domain
domains_file_path = options.domains_file_path
webinfo = options.webinfo
port_scan = options.port_scan
net_c = options.net_c
all_ports = options.all_ports
weak_scan = options.weak_scan
debug = options.debug
webinfos_dict = None
ip_port_names_dict = None
if debug:
logger.setLevel(logging.DEBUG)
if webinfo or not webinfo and not port_scan: # 默认只进行webinfo获取
logger.info("web scan\n")
webinfos_dict = WebInfoScan(domain=domain,
domains_file_path=domains_file_path).run()
if port_scan:
ip_port_names_dict = PortScan(domain=domain,
domains_file_path=domains_file_path,
net_c=net_c,
all_ports=all_ports).run()
if webinfo: # 对端口扫描后的进行web服务探测
webinfos_dict = WebInfoScan(
ip_port_names_dict=ip_port_names_dict).run()
wout = WriteOutput(domain=domain,
domains_file_path=domains_file_path,
webinfos_dict=webinfos_dict,
ip_port_names_dict=ip_port_names_dict)
# 写数据
wout.save()
# 弱口令
if weak_scan:
port_and_weak_info = WeakPassword(ip_port_names_dict).run()
# 这里重新写把弱口令也写进去
wout = WriteOutput(domain=domain,
domains_file_path=domains_file_path,
webinfos_dict=webinfos_dict,
ip_port_names_dict=port_and_weak_info)
wout.save()
def main():
args = get_args()
if args.debug:
logger.setLevel(logging.DEBUG)
elif args.verbose:
logger.setLevel(logging.INFO)
else:
logger.setLevel(logging.ERROR)
if not args.local_directory:
logger.error("Please provide local snapshot directory")
return 1
if not args.archive:
args.archive = ["debian"]
if not args.suite:
args.suite = ["unstable"]
if not args.component:
args.component = ["main"]
try:
cli = SnapshotCli(
localdir=args.local_directory,
archives=args.archive,
timestamps=args.timestamp,
suites=args.suite,
components=args.component,
architectures=args.arch,
)
if not args.provision_db_only:
cli.init_snapshot_db_hash()
# Debian: snapshot.debian.org
cli.run(
check_only=args.check_only,
no_clean=args.no_clean_part_file,
provision_db=args.provision_db,
provision_db_only=args.provision_db_only,
ignore_provisioned=args.ignore_provisioned
)
# QubesOS: deb.qubes-os.org/all-versions
cli.run_qubes(
check_only=args.check_only,
no_clean=args.no_clean_part_file,
provision_db_only=args.provision_db_only,
provision_db=args.provision_db
)
except (ValueError, SnapshotException, KeyboardInterrupt) as e:
logger.error(str(e))
return 1
if options.dir:
directory = options.dir
if directory.endswith('/'):
directory = directory[:-1]
# find all xml files recursively
nmap_xml_reports = search_xml_recursively(directory)
else:
# proceed with single file
nmap_xml_reports = [options.file]
if options.output:
csv_filename = options.output
if options.debug:
logger.setLevel(logging.DEBUG)
# results = cumulative dictionary
results = {}
# open final report file
with open(csv_filename, 'w') as csvwrite:
# set field names
fieldnames = [
'IP Address', 'Port/Protocol', 'Domains', 'Operating System',
'OS Version', 'Notes'
]
writer = csv.DictWriter(csvwrite,
fieldnames=fieldnames,
dialect=csv.excel,
quoting=csv.QUOTE_ALL)
def cmdArguments(argv=None):
# check if argv isn't empty
if not argv:
argv = sys.argv
parse = argparse.ArgumentParser()
# basic options
parse.add_argument("-V",
"--version",
dest="version",
action="store_true",
help="Show version number and exit.")
parse.add_argument("-v",
"--verbose",
dest="verbose",
action="store_true",
help="Increase output verbosity")
# target options
target = parse.add_argument_group(
"Target",
"It is mandatory to specify a target on which to carry out the testing"
)
target.add_argument(
"-u",
"--url",
dest="url",
help="Target URL. example: \"http://example.com/index.php\"")
# request options
request = parse.add_argument_group(
"Request", "Use this options to specify how to connect to the target")
request.add_argument(
"-m",
"--method",
dest="method",
help="Force usage of given HTTP method (GET, POST...). By default GET."
)
request.add_argument("-c",
"--cookie",
dest="cookie",
help="Cookie header value.")
request.add_argument("-p",
"--parameter",
dest="parameter",
help="Type only one parameter name to check")
request.add_argument(
"-d",
"--data",
dest="data",
help=
"Data string to be sent. If you don't specify, the script will search for possible forms. Example: \"username=admin&pass=admin\""
)
request.add_argument("--user-agent",
dest="useragent",
help="User-Agent header value")
# detection options
detection = parse.add_argument_group(
"Detection",
"Use this options to check if target is vulnerable to XSS")
detection.add_argument(
"-l",
"--level",
dest="level",
type=int,
default=1,
help='''Level of tests to perform ( values 1-3, default 1 )
Use only with default payloads.
''')
# injection options
injection = parse.add_argument_group(
"Injection",
"These parameters can be used to specify custom payloads or another specific parameters to test."
)
injection.add_argument("--payload",
dest="payload",
help="Custom payloads file.")
# custom options
customize = parse.add_argument_group(
"Customize", "Use this options to customize your testing")
customize.add_argument(
"--show-browser",
dest="showbrowser",
action="store_true",
help=
"By default browser is run in background. Add this option to show it.")
customize.add_argument(
"--no-check-browser",
dest="browser",
action="store_true",
help=
"By default use firefox to check XSS. Add this parameter to avoid it")
customize.add_argument(
"--browser",
dest="select_browser",
help=
"Select browser to check XSS (firefox or chrome). By default use firefox.",
default="firefox")
# check if arguments are correct
for i in range(len(argv)):
if any(arg in argv for arg in ("-V", "--version")):
print("%s Version: %s" % (NAME, VERSION))
raise SystemExit
elif not any(arg in argv
for arg in ("-u", "--url")) and "-h" not in argv:
errormsg = "Missing a mandatory option (-u, --url). Use -h for show help"
parse.error(errormsg)
try:
if hasattr(parse, "parse_known_args"):
(args, arg) = parse.parse_known_args(argv)
else:
parse.parse_args(argv)
except SystemExit:
raise SystemExit(0)
# enable verbose log level
if args.verbose:
logger.setLevel(logging.DEBUG)
logger.debug("Verbose mode enabled")
# check if method is loaded
if args.method is None:
args.method = httpMethod.GET.value
logger.debug("Unspecified method. Use GET by default")
# check if useragent is loaded
if args.useragent is not None:
args.useragent = {'User-Agent': args.useragent}
logger.debug("Loaded user-agent %s" % (args.useragent))
# check browser options
# only one of these
if args.browser and args.showbrowser:
logger.error(
"Use only one of these options --show-browser or --no-check-browser"
)
logger.info("Use -h for help")
raise SystemExit(0)
# check browser choosed
if args.select_browser != "firefox" and args.select_browser != "chrome":
logger.error("The selected browser must be firefox or chrome")
else:
logger.info("Selected %s browser" % (args.select_browser))
return args
if options.dir:
directory = options.dir
if directory.endswith('/'):
directory = directory[:-1]
# find all xml files recursively
nmap_xml_reports = search_xml_recursively(directory)
else:
# proceed with single file
nmap_xml_reports = [options.file]
if options.output:
csv_filename = options.output
if options.debug:
logger.setLevel(logging.DEBUG)
# results = cumulative dictionary
results = {}
# open final report file
with open(csv_filename, 'w') as csvwrite:
# set field names
fieldnames = ['IP Address', 'Port/Protocol', 'Domains', 'Operating System', 'OS Version', 'Notes']
writer = csv.DictWriter(csvwrite, fieldnames=fieldnames, dialect=csv.excel, quoting=csv.QUOTE_ALL)
# write CSV header
writer.writeheader()
# iterate through xml(s)
for xml_report in nmap_xml_reports: