def __run_attacks(url,
sqlmap=False,
nmap=False,
intel=False,
xss=False,
verbose=False,
admin=False,
given_path=None,
auto=False,
batch=False):
"""
run the attacks if any are requested
"""
if not batch:
question = prompt(
"would you like to process found URL: '{}'".format(url),
opts=["y", "N"])
else:
question = "y"
if question.lower().startswith("y"):
if sqlmap:
return sqlmap_scan.sqlmap_scan_main(
url.strip(),
verbose=verbose,
opts=__create_arguments(sqlmap=True),
auto_search=auto,
given_path=given_path)
elif nmap:
url_ip_address = replace_http(url.strip())
return nmap_scan.perform_port_scan(
url_ip_address,
verbose=verbose,
opts=__create_arguments(nmap=True))
elif intel:
url_ip_address = replace_http(url.strip())
return intel_me.intel_amt_main(url_ip_address,
proxy=proxy_to_use,
verbose=verbose)
elif admin:
main(url, show=opt.showAllConnections, verbose=verbose)
elif xss:
main_xss(url,
verbose=verbose,
proxy=proxy_to_use,
agent=agent_to_use)
else:
pass
else:
logger.warning(set_color("skipping '{}'...".format(url), level=30))
def __run_attacks(url,
sqlmap=False,
verbose=False,
nmap=False,
given_path=None,
auto=False,
batch=False):
"""
run the attacks if any are requested
"""
if not batch:
question = prompt(
"would you like to process found URL: '{}'".format(url),
opts=["y", "N"])
else:
question = "y"
if question.lower().startswith("y"):
if sqlmap:
return sqlmap_scan.sqlmap_scan_main(
url.strip(),
verbose=verbose,
opts=__create_sqlmap_arguments(),
auto_search=auto,
given_path=given_path)
elif nmap:
url_ip_address = replace_http(url.strip())
return nmap_scan.perform_port_scan(url_ip_address,
verbose=verbose)
else:
pass
else:
logger.warning(set_color("skipping '{}'...".format(url)))
def __run_attacks(
url, sqlmap=False, nmap=False, intel=False, xss=False,
verbose=False, admin=False, given_path=None, auto=False, batch=False
):
"""
run the attacks if any are requested
"""
__enabled_attacks = {
"sqlmap": opt.runSqliScan,
"port": opt.runPortScan,
"xss": opt.runXssScan,
"admin": opt.adminPanelFinder,
"intel": opt.intelCheck
}
enabled = set()
for key in __enabled_attacks.keys():
if __enabled_attacks[key] is True:
enabled.add(key)
if len(enabled) > 1:
logger.error(set_color(
"it appears that you have enabled multiple attack types, "
"as of now only 1 attack is supported at a time, choose "
"your attack and try again. You can use the -f flag if "
"you do not want to complete an entire search again...", level=40
))
shutdown()
if not batch:
question = prompt(
"would you like to process found URL: '{}'".format(url), opts=["y", "N"]
)
else:
question = "y"
if question.lower().startswith("y"):
if sqlmap:
return sqlmap_scan.sqlmap_scan_main(url.strip(), verbose=verbose, opts=__create_arguments(sqlmap=True),
auto_search=auto, given_path=given_path)
elif nmap:
url_ip_address = replace_http(url.strip())
return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose, opts=__create_arguments(nmap=True))
elif intel:
url = get_true_url(url)
return intel_me.main_intel_amt(url, agent=agent_to_use, proxy=proxy_to_use)
elif admin:
main(url, show=opt.showAllConnections, verbose=verbose)
elif xss:
main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use, tamper=opt.tamperXssPayloads)
else:
pass
else:
logger.warning(set_color(
"skipping '{}'...".format(url), level=30
))
def check_for_admin_page(url,
exts,
protocol="http://",
show_possibles=False,
verbose=False):
possible_connections, connections = set(), set()
stripped_url = replace_http(url.strip())
for ext in exts:
ext = ext.strip()
true_url = "{}{}{}".format(protocol, stripped_url, ext)
if verbose:
logger.debug(set_color("trying '{}'...".format(true_url),
level=10))
try:
urlopen(true_url, timeout=5)
logger.info(
set_color(
"connected successfully to '{}'...".format(true_url)))
connections.add(true_url)
except HTTPError as e:
data = str(e).split(" ")
if verbose:
if "Access Denied" in str(e):
logger.warning(
set_color(
"got access denied, possible control panel found without external access on '{}'..."
.format(true_url),
level=30))
possible_connections.add(true_url)
else:
logger.error(
set_color(
"failed to connect got error code {}...".format(
data[2]),
level=40))
except Exception as e:
if verbose:
if "<urlopen error timed out>" or "timeout: timed out" in str(
e):
logger.warning(
set_color(
"connection timed out after five seconds "
"assuming won't connect and skipping...",
level=30))
else:
logger.exception(
set_color(
"failed to connect with unexpected error '{}'...".
format(str(e)),
level=50))
fix_log_file()
request_issue_creation()
possible_connections, connections = list(possible_connections), list(
connections)
data_msg = "found {} possible connections(s) and {} successful connection(s)..."
logger.info(
set_color(data_msg.format(len(possible_connections),
len(connections))))
if len(connections) != 0:
logger.info(set_color("creating connection tree..."))
create_tree(url, connections)
else:
logger.fatal(
set_color(
"did not find any successful connections to {}'s "
"admin page",
level=50))
if show_possibles:
if len(possible_connections) != 0:
logger.info(set_color("creating possible connection tree..."))
create_tree(url, possible_connections)
else:
logger.fatal(
set_color(
"did not find any possible connections to {}'s "
"admin page",
level=50))