def observatory(self):
utils.print_good('Starting observatory')
if self.is_direct:
domain_file = self.is_direct
else:
if self.options['SPEED'] == 'quick':
utils.print_good('Skipping {0} in quick mode'.format(self.module_name))
return None
domain_file = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
with open(domain_file, 'r') as d:
domains = d.read().splitlines()
if self.options['DEBUG'] == "True":
utils.print_info("Only get 30 target debug mode")
domains = domains[:10]
for part in list(utils.chunks(domains, 1)):
for domain in part:
cmd = 'observatory --rescan -q {0} --format=json -z --attempts 50 | tee $WORKSPACE/headers/details/{0}-observatory.json'.format(
domain.strip())
cmd = utils.replace_argument(self.options, cmd)
execute.send_cmd(self.options, cmd, '', '', self.module_name, nolog=True)
time.sleep(10)
utils.just_waiting(self.options, self.module_name, seconds=10, times=2)
return True
def observatory(self):
utils.print_good('Starting observatory')
if self.is_direct:
domain_file = self.is_direct
else:
if self.options['SPEED'] == 'quick':
utils.print_good('Skipping {0} in quick mode'.format(self.module_name))
return None
domain_file = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
with open(domain_file, 'r') as d:
domains = d.read().splitlines()
if self.options['DEBUG'] == "True":
utils.print_info("Only get 30 target debug mode")
domains = domains[:10]
for part in list(utils.chunks(domains, 1)):
for domain in part:
cmd = 'observatory --rescan -q {0} --format=json -z --attempts 50 | tee $WORKSPACE/headers/details/{0}-observatory.json'.format(
domain.strip())
cmd = utils.replace_argument(self.options, cmd)
execute.send_cmd(self.options, cmd, '', '', self.module_name, nolog=True)
time.sleep(10)
utils.just_waiting(self.options, self.module_name, seconds=10, times=2)
return True
def dirsearch(self):
utils.print_good('Starting dirsearch')
#matching IP with subdomain
main_json = utils.reading_json(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
if self.options['DEBUG'] == 'True':
domains = domains[:5]
custom_logs = {"module": self.module_name, "content": []}
for part in list(utils.chunks(domains, 2)):
for domain in part:
cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py --json-report=$WORKSPACE/directory/{0}-dirsearch.json -u '{0}' -e php,jsp,aspx,js,html -t 20 -b".format(domain.strip())
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(self.options, '$WORKSPACE/directory/{0}-dirsearch.json'.format(domain.strip()))
std_path = utils.replace_argument(self.options, '$WORKSPACE/directory/std-{0}-dirsearch.std'.format(domain.strip()))
execute.send_cmd(cmd, output_path, std_path, self.module_name, True)
# time.sleep(0.5)
#set status to done because this gonna will be submit when all command was done
custom_logs['content'].append({"cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done"})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(20)
#submit a log
utils.print_info('Update activities log')
utils.update_activities(str(custom_logs))
def gowithness(self, data):
# add http:// and https:// prefix to domain
domains = []
utils.make_directory(self.options['WORKSPACE'] +
'/screenshot/screenshoots-gowitness')
for item in data:
host = utils.get_domain(item)
domains.append("http://" + host)
domains.append("https://" + host)
http_file = utils.replace_argument(
self.options, '$WORKSPACE/screenshot/$OUTPUT-hosts.txt')
utils.just_write(http_file, "\n".join(domains))
utils.clean_up(http_file)
time.sleep(2)
# screenshots with gowitness
cmd = "$GO_PATH/gowitness file -s $WORKSPACE/screenshot/$OUTPUT-hosts.txt -t 30 --log-level fatal --destination $WORKSPACE/screenshot/screenshoots-gowitness/ --db $WORKSPACE/screenshot/screenshoots-gowitness/gowitness.db"
execute.send_cmd(self.options,
utils.replace_argument(self.options,
cmd), '', '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10)
cmd = "$GO_PATH/gowitness generate -n $WORKSPACE/screenshot/$OUTPUT-gowitness-screenshots.html --destination $WORKSPACE/screenshot/screenshoots-gowitness/ --db $WORKSPACE/screenshot/screenshoots-gowitness/gowitness.db"
html_path = utils.replace_argument(
self.options,
"$WORKSPACE/portscan/$OUTPUT-gowitness-screenshots.html")
execute.send_cmd(self.options,
utils.replace_argument(self.options, cmd), html_path,
'', self.module_name)
def gitleaks(self):
cmd = '$GO_PATH/gitleaks -v --repo=$TARGET --report=$WORKSPACE/gitscan/$TARGET-gitleaks.json'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(self.options, '$WORKSPACE/gitscan/$TARGET-gitleaks.json')
std_path = utils.replace_argument(self.options, '$WORKSPACE/gitscan/std-$TARGET-gitleaks.std')
execute.send_cmd(cmd, output_path, std_path, self.module_name)
def quick_gobuster(self):
utils.print_good('Starting gobuster for short wordlist')
if self.is_direct:
domains = utils.just_read(self.is_direct).splitlines()
else:
#matching IP with subdomain
main_json = utils.reading_json(
utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
if self.options['DEBUG'] == 'True':
domains = domains[:5]
custom_logs = {"module": self.module_name, "content": []}
for part in utils.chunks(domains, 3):
for domain in part:
#just strip everything to save local, it won't affect the result
strip_domain = domain.replace('http://', '').replace(
'https://', '').replace('/', '-')
cmd = '$GO_PATH/gobuster -k -q -e -x php,jsp,aspx,html,json -w $PLUGINS_PATH/wordlists/quick-content-discovery.txt -t 100 -o $WORKSPACE/directory/{1}-gobuster.txt -s 200,301,307 -u "{0}" '.format(
domain.strip(), strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/{0}-gobuster.txt'.format(
strip_domain))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/std-{0}-gobuster.std'.format(
strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
# time.sleep(0.5)
#set status to done because this gonna will be submit when all command was done
custom_logs['content'].append({
"cmd": cmd,
"std_path": std_path,
"output_path": output_path,
"status": "Done"
})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(20)
#submit a log
utils.print_info('Update activities log')
utils.force_done(self.options, self.module_name)
# utils.update_activities(self.options, str(custom_logs))
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def run(self):
commands = execute.get_commands(
self.options, self.module_name).get('routines')
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
#really execute it
execute.send_cmd(self.options, item.get('cmd'), item.get(
'output_path'), item.get('std_path'), self.module_name)
time.sleep(1)
utils.just_waiting(self.options, self.module_name, seconds=10, times=5)
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
for item in commands:
if "Whois" in item.get('cmd'):
main_json["Info"]["Whois"] = {"path": item.get('output_path')}
if "Dig" in item.get('cmd'):
main_json["Info"]["Dig"] = {"path": item.get('output_path')}
utils.just_write(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def nmap_vuln(self):
utils.print_good('Starting Nmap VulnScan')
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
main_json['Modules'][self.module_name] = []
if self.options['SPEED'] == 'slow':
ip_list = [x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None] + main_json['IP Space']
elif self.options['SPEED'] == 'quick':
ip_list = [x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None]
ip_list = set([ip for ip in ip_list if ip != 'N/A'])
if self.options['DEBUG'] == 'True':
ip_list = list(ip_list)[:5]
# Scan every 5 IP at time Increse if you want
for part in list(utils.chunks(ip_list, 2)):
for ip in part:
cmd = 'sudo nmap -T4 -Pn -n -sSV -p- {0} --script $PLUGINS_PATH/vulners --oA $WORKSPACE/vulnscan/{0}-nmap'.format(
ip.strip())
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/vulnscan/{0}-nmap.nmap'.format(ip.strip()))
std_path = utils.replace_argument(
self.options, '$WORKSPACE/vulnscan/std-{0}-nmap.std'.format(ip.strip()))
execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
# check if previous task done or not every 30 second
while not utils.checking_done(module=self.module_name):
time.sleep(60)
def parsing_to_csv(self):
masscan_xml = utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-masscan.xml')
if not utils.not_empty_file(masscan_xml):
return
cmd = "python3 $PLUGINS_PATH/nmap-stuff/masscan_xml_parser.py -f $WORKSPACE/portscan/$OUTPUT-masscan.xml -csv $WORKSPACE/portscan/$OUTPUT-masscan.csv"
cmd = utils.replace_argument(self.options, cmd)
csv_output = utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-masscan.csv')
execute.send_cmd(self.options, cmd, csv_output, '', self.module_name)
time.sleep(2)
# csv beatiful
if not utils.not_empty_file(csv_output):
return
utils.print_line()
cmd = "cat $WORKSPACE/portscan/$OUTPUT-masscan.csv | csvlook --no-inference | tee $WORKSPACE/portscan/$OUTPUT-masscan-summary.txt"
output_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-masscan-summary.txt')
execute.send_cmd(self.options,
utils.replace_argument(self.options, cmd),
output_path, '', self.module_name)
time.sleep(2)
# re-screeenshot the result with open port
csv_data = utils.just_read(csv_output)
self.screenshots(csv_data)
def run(self):
commands = execute.get_commands(self.options,
self.module_name).get('routines')
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
#really execute it
execute.send_cmd(self.options, item.get('cmd'),
item.get('output_path'), item.get('std_path'),
self.module_name)
time.sleep(1)
utils.just_waiting(self.options, self.module_name, seconds=10, times=5)
main_json = utils.reading_json(
utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
for item in commands:
if "Whois" in item.get('cmd'):
main_json["Info"]["Whois"] = {"path": item.get('output_path')}
if "Dig" in item.get('cmd'):
main_json["Info"]["Dig"] = {"path": item.get('output_path')}
utils.just_write(utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'),
main_json,
is_json=True)
def screenshots(self, csv_data):
# add http:// and https:// prefix to domain
if csv_data:
result = []
for line in csv_data.splitlines()[1:]:
# print(line)
host = line.split(',')[0]
port = line.split(',')[3]
result.append("http://" + host + ":" + port)
result.append("https://" + host + ":" + port)
utils.just_write(
utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-hosts.txt'),
"\n".join(result))
# screenshots with gowitness
utils.make_directory(self.options['WORKSPACE'] +
'/portscan/screenshoots-massscan/')
cmd = "$GO_PATH/gowitness file -s $WORKSPACE/portscan/$OUTPUT-hosts.txt -t 30 --log-level fatal --destination $WORKSPACE/portscan/screenshoots-massscan/ --db $WORKSPACE/portscan/screenshoots-massscan/gowitness.db"
execute.send_cmd(self.options,
utils.replace_argument(self.options, cmd), '', '',
self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10)
cmd = "$GO_PATH/gowitness generate -n $WORKSPACE/portscan/$OUTPUT-masscan-screenshots.html --destination $WORKSPACE/portscan/screenshoots-massscan/ --db $WORKSPACE/portscan/screenshoots-massscan/gowitness.db"
html_path = utils.replace_argument(
self.options,
"$WORKSPACE/portscan/$OUTPUT-masscan-screenshots.html")
execute.send_cmd(self.options,
utils.replace_argument(self.options, cmd),
html_path, '', self.module_name)
def create_html_report(self):
cmd = "xsltproc -o $WORKSPACE/portscan/final-$OUTPUT.html $PLUGINS_PATH/nmap-bootstrap.xsl $WORKSPACE/portscan/$OUTPUT-masscan.xml"
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/final-$OUTPUT.html')
std_path = utils.replace_argument(self.options, '')
execute.send_cmd(cmd, output_path, std_path, self.module_name)
def masscan(self):
utils.print_good('Starting masscan')
time.sleep(1)
ip_list = self.prepare_input()
if self.is_direct:
if type(ip_list) == list:
if self.options['DEBUG'] == "True":
utils.print_info("just testing 5 first host")
ip_list = list(ip_list)[:5]
utils.just_write(
utils.replace_argument(
self.options, '$WORKSPACE/subdomain/IP-$TARGET.txt'),
"\n".join(ip_list))
# print(ip_list)
time.sleep(1)
cmd = "sudo masscan --rate 10000 -p0-65535 -iL $WORKSPACE/subdomain/IP-$TARGET.txt -oX $WORKSPACE/portscan/$OUTPUT-masscan.xml --wait 0"
else:
cmd = "sudo masscan --rate 10000 -p0-65535 {0} -oX $WORKSPACE/portscan/$OUTPUT-masscan.xml --wait 0".format(
ip_list)
else:
cmd = "sudo masscan --rate 10000 -p0-65535 -iL $WORKSPACE/subdomain/final-IP-$TARGET.txt -oX $WORKSPACE/portscan/$OUTPUT-masscan.xml --wait 0"
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-masscan.xml')
std_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/std-$OUTPUT-masscan.std')
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
def observatory(self):
utils.print_good('Starting observatory')
if self.options['SPEED'] == 'quick':
utils.print_good('Skipping {0} in quick mode'.format(
self.module_name))
return None
domain_file = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
with open(domain_file, 'r') as d:
domains = d.read().splitlines()
if self.options['DEBUG'] == "True":
utils.print_info("Only get 30 target debug mode")
domains = domains[:10]
for part in list(utils.chunks(domains, 10)):
for domain in part:
cmd = 'observatory -q {0} --format=json -z --attempts 10 | tee $WORKSPACE/headers/details/{0}-observatory.json'.format(
domain.strip())
cmd = utils.replace_argument(self.options, cmd)
execute.send_cmd(self.options, cmd, '', '', self.module_name)
while not utils.checking_done(module=self.module_name):
time.sleep(15)
return True
def whois(self):
utils.print_good('Starting Whois')
cmd = 'whois $TARGET | tee $WORKSPACE/info/$TARGET-whois.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/info/$OUTPUT-whois.txt')
std_path = utils.replace_argument(
self.options, '$WORKSPACE/info/std-$OUTPUT-whois.std')
#log the command
slack.slack_log(self.options,
mess={
'title':
"{0} | Whois | {1} | Execute".format(
self.options['TARGET'], self.module_name),
'content':
'```{0}```'.format(cmd),
})
execute.send_cmd(cmd, output_path, std_path, self.module_name)
# upload the output
utils.just_waiting(self.module_name, seconds=2)
slack.slack_file(self.options,
mess={
'title':
"{0} | Whois | {1} | Output".format(
self.options['TARGET'], self.module_name),
'filename':
'{0}'.format(output_path),
})
def dig_info(self):
utils.print_good('Starting basic Dig')
utils.make_directory(self.options['WORKSPACE'] + '/screenshot/digs')
final_subdomains = utils.replace_argument(self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
#run command directly instead of run it via module cause there're a lot of command to run
all_domains = utils.just_read(final_subdomains).splitlines()
if self.options['DEBUG'] == 'True':
all_domains = all_domains[:10]
custom_logs = {"module": self.module_name, "content": []}
for part in list(utils.chunks(all_domains, 5)):
for domain in part:
cmd = utils.replace_argument(
self.options, 'dig all {0} | tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain))
output_path = utils.replace_argument(self.options, 'tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain))
execute.send_cmd(self.options, cmd, '', '', self.module_name, True)
# time.sleep(0.5)
custom_logs['content'].append(
{"cmd": cmd, "std_path": '', "output_path": output_path, "status": "Done"})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(5)
print(custom_logs)
#submit a log
utils.print_info('Update activities log')
utils.update_activities(self.options, str(custom_logs))
def screenshots(self):
if self.options['SPEED'] == 'quick':
utils.print_info('Skip screenshot on Dirbrute in quick speed')
return None
utils.print_good('Starting Screenshot from found result')
final_result = utils.replace_argument(
self.options, '$WORKSPACE/directory/$OUTPUT-summary.txt')
if utils.not_empty_file(final_result):
# screenshot found path at the end
cmd = "cat {0} | $GO_PATH/aquatone -threads 20 -out $WORKSPACE/directory/$OUTPUT-screenshots".format(
final_result)
cmd = utils.replace_argument(self.options, cmd)
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/$OUTPUT-screenshots/std-aquatone_report.std'
)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/$OUTPUT-screenshots/aquatone_report.html'
)
execute.send_cmd(self.options, cmd, std_path, output_path,
self.module_name)
if utils.not_empty_file(output_path):
utils.check_output(output_path)
def observatory(self):
utils.print_good('Starting observatory')
if self.options['SPEED'] == 'quick':
utils.print_good('Skipping {0} in quick mode'.format(
self.module_name))
return None
domain_file = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
with open(domain_file, 'r') as d:
domains = d.read().splitlines()
# for domain in domains:
for part in list(utils.chunks(domains, 10)):
for domain in part:
cmd = 'observatory {0} --format=json -z --attempts 5 | tee $WORKSPACE/headers/details/$TARGET-observatory.json'.format(
domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/headers/details/$TARGET-observatory.json')
execute.send_cmd(cmd, output_path, '', self.module_name)
while not utils.checking_done(module=self.module_name):
time.sleep(15)
return True
def wayback_parsing(self):
utils.print_good('Starting waybackurl')
final_domains = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
if self.is_direct:
if utils.not_empty_file(self.is_direct):
cmd = 'cat {0} | $GO_PATH/waybackurls | tee $WORKSPACE/assets/wayback-$OUTPUT.txt'.format(
self.is_direct)
# just return if direct input is just a string
else:
cmd = 'echo {0} | $GO_PATH/waybackurls | tee $WORKSPACE/assets/wayback-$OUTPUT.txt'.format(
self.is_direct)
else:
if not utils.not_empty_file(final_domains):
return None
else:
cmd = 'cat $WORKSPACE/subdomain/final-$OUTPUT.txt | $GO_PATH/waybackurls | tee $WORKSPACE/assets/wayback-$OUTPUT.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/assets/wayback-$OUTPUT.txt')
std_path = utils.replace_argument(
self.options, '$WORKSPACE/assets/std-wayback-$OUTPUT.std')
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
utils.print_line()
def nmap_vuln_list(self, ip_list):
utils.print_good('Starting Nmap VulnScan')
# Scan every 2 IP at time Increse if you want
for part in utils.chunks(ip_list, 2):
for ip in part:
encode_input = utils.strip_slash(ip.strip())
cmd = 'sudo nmap --open -T4 -Pn -n -sSV -p- {0} --script $PLUGINS_PATH/nmap-stuff/vulners.nse --oA $WORKSPACE/vulnscan/details/{1}-nmap'.format(
ip.strip(), encode_input)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/vulnscan/details/{0}-nmap.nmap'.format(
encode_input))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/vulnscan/details/std-{0}-nmap.std'.format(
encode_input))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
# check if previous task done or not every 30 second
utils.just_waiting(self.options, self.module_name, seconds=120)
self.parsing_to_csv()
# just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def dig_info(self):
utils.print_good('Starting basic Dig')
utils.make_directory(self.options['WORKSPACE'] + '/screenshot/digs')
final_subdomains = utils.replace_argument(self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
#run command directly instead of run it via module cause there're a lot of command to run
all_domains = utils.just_read(final_subdomains).splitlines()
if self.options['DEBUG'] == 'True':
all_domains = all_domains[:10]
custom_logs = {"module": self.module_name, "content": []}
for part in list(utils.chunks(all_domains, 5)):
for domain in part:
cmd = utils.replace_argument(
self.options, 'dig all {0} | tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain))
output_path = utils.replace_argument(self.options, 'tee $WORKSPACE/screenshot/digs/{0}.txt'.format(domain))
execute.send_cmd(self.options, cmd, '', '', self.module_name, True)
# time.sleep(0.5)
custom_logs['content'].append(
{"cmd": cmd, "std_path": '', "output_path": output_path, "status": "Done"})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(5)
print(custom_logs)
#submit a log
utils.print_info('Update activities log')
utils.update_activities(self.options, str(custom_logs))
def dirsearch(self):
utils.print_good('Starting dirsearch')
if self.is_direct:
domains = utils.just_read(self.is_direct).splitlines()
else:
#matching IP with subdomain
main_json = utils.reading_json(
utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
if self.options['DEBUG'] == 'True':
domains = domains[:5]
custom_logs = {"module": self.module_name, "content": []}
for part in utils.chunks(domains, 3):
for domain in part:
#just strip everything to save local, it won't affect the result
strip_domain = domain.replace('http://', '').replace(
'https://', '').replace('/', '-')
cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py -b -e php,zip,aspx,js --wordlist=$PLUGINS_PATH/wordlists/really-quick.txt --simple-report=$WORKSPACE/directory/quick/{1}-dirsearch.txt -t 50 -u {0}".format(
domain, strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/{0}-dirsearch.txt'.format(
strip_domain))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/directory/quick/std-{0}-dirsearch.std'.format(
strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
# time.sleep(0.5)
#set status to done because this gonna will be submit when all command was done
custom_logs['content'].append({
"cmd": cmd,
"std_path": std_path,
"output_path": output_path,
"status": "Done"
})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(20)
#submit a log
utils.print_info('Update activities log')
# utils.update_activities(self.options, str(custom_logs))
utils.force_done(self.options, self.module_name)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def truffleHog(self):
utils.print_good('Starting truffleHog')
cmd = 'trufflehog --regex --entropy=True $TARGET | tee $WORKSPACE/gitscan/$TARGET-trufflehog.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(self.options, '$WORKSPACE/gitscan/$TARGET-trufflehog.txt')
std_path = utils.replace_argument(self.options, '$WORKSPACE/gitscan/std-$TARGET-trufflehog.std')
execute.send_cmd(cmd, output_path, std_path, self.module_name)
def create_html_report(self):
cmd = "xsltproc -o $WORKSPACE/portscan/final-$OUTPUT.html $PLUGINS_PATH/nmap-bootstrap.xsl $WORKSPACE/portscan/$OUTPUT-masscan.xml"
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/final-$OUTPUT.html')
std_path = utils.replace_argument(
self.options, '')
execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
def technology_detection(self):
all_subdomain_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
if not utils.not_empty_file(all_subdomain_path):
return
#add https:// prefix for all domain
domains = utils.just_read(all_subdomain_path).splitlines()
scheme_path = utils.replace_argument(
self.options, '$WORKSPACE/recon/all-scheme-$OUTPUT.txt')
utils.just_write(
scheme_path,
"\n".join(domains + [("https://" + x.strip()) for x in domains]))
#really execute command
cmd = '$GO_PATH/webanalyze -apps $PLUGINS_PATH/apps.json -hosts $WORKSPACE/recon/all-scheme-$OUTPUT.txt -output json -worker 20 | tee $WORKSPACE/recon/$OUTPUT-technology.json'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/recon/$OUTPUT-technology.json')
execute.send_cmd(self.options, cmd, '', '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10)
with open(output_path, encoding='utf-8') as o:
data = o.read().splitlines()
#parsing output to get technology
techs = {}
for line in data:
jsonl = json.loads(line)
if jsonl.get('matches'):
subdomain = jsonl.get('hostname').replace('https://', '')
if techs.get(subdomain):
techs[subdomain] += [
x.get('app_name') for x in jsonl.get('matches')
]
else:
techs[subdomain] = [
x.get('app_name') for x in jsonl.get('matches')
]
# print(techs)
#update the main json and rewrite that
main_json = utils.reading_json(
utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
for i in range(len(main_json['Subdomains'])):
sub = main_json['Subdomains'][i].get('Domain')
if techs.get(sub):
main_json['Subdomains'][i]["Technology"] = techs.get(sub)
utils.just_write(utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'),
main_json,
is_json=True)
def eyewitness_common(self):
utils.print_good('Starting EyeWitness for web')
cmd = 'python $PLUGINS_PATH/EyeWitness/EyeWitness.py -f $WORKSPACE/subdomain/final-$TARGET.txt --web --prepend-https --threads 20 -d $WORKSPACE/screenshot/eyewitness-$TARGET/'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(self.options,
'$WORKSPACE/screenshot/')
std_path = utils.replace_argument(
self.options, '$WORKSPACE/screenshot/std-eyewitness-$TARGET.std')
execute.send_cmd(cmd, output_path, std_path, self.module_name)
def gitrob(self):
utils.print_good('Starting gitrob')
really_target = utils.replace_argument(self.options, '$TARGET').split('/')[3] # only get organization name
cmd = '$GO_PATH/gitrob -save $WORKSPACE/gitscan/$TARGET-gitrob -threads 10 -github-access-token $GITHUB_API_KEY {0}'.format(really_target)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(self.options, '$WORKSPACE/gitscan/$TARGET-gitrob')
std_path = utils.replace_argument(self.options, '$WORKSPACE/gitscan/std-$TARGET-gitrob.std')
execute.send_cmd(cmd, output_path, std_path, self.module_name)
def linkfinder(self):
utils.print_good('Starting linkfinder')
cmd = '$PLUGINS_PATH/linkfinder.py -i $BURPSTATE -b -o cli | tee $WORKSPACE/burp-$TARGET-linkfinder.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/burp-$TARGET-linkfinder.txt')
std_path = utils.replace_argument(
self.options, '$WORKSPACE/burp-$TARGET-linkfinder.txt')
execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
def linkfinder(self):
utils.print_good('Starting linkfinder')
cmd = '$PLUGINS_PATH/linkfinder.py -i $BURPSTATE -b -o cli | tee $WORKSPACE/burp-$TARGET-linkfinder.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/burp-$TARGET-linkfinder.txt')
std_path = utils.replace_argument(
self.options, '$WORKSPACE/burp-$TARGET-linkfinder.txt')
execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
def technology_detection(self):
all_subdomain_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-$OUTPUT.txt')
if not utils.not_empty_file(all_subdomain_path):
return
#add https:// prefix for all domain
domains = utils.just_read(all_subdomain_path).splitlines()
scheme_path = utils.replace_argument(
self.options, '$WORKSPACE/recon/all-scheme-$OUTPUT.txt')
utils.just_write(scheme_path, "\n".join(
domains + [("https://" + x.strip()) for x in domains]))
#really execute command
cmd = '$GO_PATH/webanalyze -apps $PLUGINS_PATH/apps.json -hosts $WORKSPACE/recon/all-scheme-$OUTPUT.txt -output json -worker 20 | tee $WORKSPACE/recon/$OUTPUT-technology.json'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/recon/$OUTPUT-technology.json')
execute.send_cmd(self.options, cmd, output_path,
'', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10, times=20)
with open(output_path, encoding='utf-8') as o:
data = o.read().splitlines()
#parsing output to get technology
techs = {}
for line in data:
try:
jsonl = json.loads(line)
if jsonl.get('matches'):
subdomain = jsonl.get('hostname').replace('https://', '')
if techs.get(subdomain):
techs[subdomain] += [x.get('app_name')
for x in jsonl.get('matches')]
else:
techs[subdomain] = [x.get('app_name')
for x in jsonl.get('matches')]
except:
pass
# print(techs)
#update the main json and rewrite that
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
for i in range(len(main_json['Subdomains'])):
sub = main_json['Subdomains'][i].get('Domain')
if techs.get(sub):
main_json['Subdomains'][i]["Technology"] = techs.get(sub)
utils.just_write(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def create_ip_result(self):
utils.print_good('Create IP for list of domain result')
# check if direct input is file or just single string
if self.is_direct:
if utils.not_empty_file(self.is_direct):
cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $INPUT_LIST'
# just return if direct input is just a string
else:
return
else:
final_ip = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
if utils.not_empty_file(final_ip):
return
cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $WORKSPACE/subdomain/final-$OUTPUT.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt')
execute.send_cmd(self.options, cmd, '', '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=5)
# matching IP with subdomain
main_json = utils.reading_json(
utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
# get ips from amass stuff
ips = []
if self.is_direct:
if self.options.get("INPUT_LIST"):
ips.extend(utils.extract_ip(self.options.get('INPUT_LIST')))
if utils.not_empty_file(output_path):
data = utils.just_read(output_path).splitlines()
for line in data:
if " A " in line:
subdomain = line.split('. A ')[0]
ip = line.split('. A ')[1]
ips.append(str(ip))
for i in range(len(main_json['Subdomains'])):
if subdomain == main_json['Subdomains'][i]['Domain']:
main_json['Subdomains'][i]['IP'] = ip
final_ip = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
utils.just_write(final_ip, "\n".join(ips))
utils.just_write(utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'),
main_json,
is_json=True)
def linkfinder(self):
utils.print_good('Starting linkfinder')
if self.is_direct:
if utils.not_empty_file(self.is_direct):
http_domains = utils.just_read(self.is_direct)
# just return if direct input is just a string
else:
domain = self.is_direct
strip_domain = utils.get_domain(domain)
if strip_domain == domain:
domain = 'http://' + domain
cmd = 'python3 $PLUGINS_PATH/LinkFinder/linkfinder.py -i {0} -d -o cli | tee $WORKSPACE/assets/linkfinder/{1}-linkfinder.txt'.format(
domain, strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/assets/linkfinder/{0}-linkfinder.txt'.format(
strip_domain))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/assets/linkfinder/{0}-linkfinder.std'.format(
strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
return None
else:
if self.options['SPEED'] != 'slow':
utils.print_good("Skipping linkfinder in quick mode")
return None
http_domains = utils.replace_argument(
self.options, '$WORKSPACE/assets/http-$OUTPUT.txt')
utils.make_directory(self.options['WORKSPACE'] + '/assets/linkfinder')
if utils.not_empty_file(http_domains):
domains = utils.just_read(http_domains)
for domain in domains.splitlines():
strip_domain = utils.get_domain(domain)
cmd = 'python3 $PLUGINS_PATH/LinkFinder/linkfinder.py -i {0} -d -o cli | tee $WORKSPACE/assets/linkfinder/{1}-linkfinder.txt'.format(
domain, strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options,
'$WORKSPACE/assets/linkfinder/{0}-linkfinder.txt'.format(
strip_domain))
std_path = utils.replace_argument(
self.options,
'$WORKSPACE/assets/linkfinder/{0}-linkfinder.std'.format(
strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
def run(self):
commands = execute.get_commands(self.options, self.module_name).get('routines')
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
#really execute it
execute.send_cmd(self.options, item.get('cmd'), item.get(
'output_path'), item.get('std_path'), self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=10)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def tko_subs(self):
utils.print_good('Starting tko-subs')
cmd = '$GO_PATH/tko-subs -data $PLUGINS_PATH/providers-data.csv -domains $WORKSPACE/subdomain/final-$TARGET.txt -output $WORKSPACE/subdomain/takeover-$TARGET-tko-subs.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(self.options, '$WORKSPACE/subdomain/takeover-$TARGET-tko-subs.txt')
std_path = utils.replace_argument(self.options, '$WORKSPACE/subdomain/std-takeover-$TARGET-tko-subs.std')
execute.send_cmd(cmd, output_path, std_path, self.module_name)
slack.slack_log(self.options, mess={
'title': "{0} | tko-subs | {1} | Execute".format(self.options['TARGET'], self.module_name),
'content': '```{0}```'.format(cmd),
})
def run(self):
commands = execute.get_commands(self.module_name).get('routines')
for item in commands:
utils.print_good('Starting {0}'.format(item.get('banner')))
#really execute it
execute.send_cmd(item.get('cmd'), item.get('output_path'),
item.get('std_path'), self.module_name)
utils.just_waiting(self.module_name, seconds=2)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(logfile)
def subjack(self):
utils.print_good('Starting subjack')
cmd = '$GO_PATH/subjack -w $WORKSPACE/subdomain/final-$TARGET.txt -t 100 -timeout 30 -o $WORKSPACE/subdomain/takeover-$TARGET-subjack.txt -ssl'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(self.options, '$WORKSPACE/subdomain/takeover-$TARGET-subjack.txt')
std_path = utils.replace_argument(self.options, '$WORKSPACE/subdomain/std-takeover-$TARGET-subjack.std')
execute.send_cmd(cmd, output_path, std_path, self.module_name)
slack.slack_log(self.options, mess={
'title': "{0} | subjack | {1} | Execute".format(self.options['TARGET'], self.module_name),
'content': '```{0}```'.format(cmd),
})
def masscan(self):
utils.print_good('Starting masscan')
time.sleep(1)
if self.is_direct:
ip_file = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
# print(ip_file)
# print(utils.just_read(ip_file))
ip_list = utils.just_read(ip_file).splitlines()
ip_list = list(set([ip for ip in ip_list if ip != 'N/A']))
else:
main_json = utils.reading_json(
utils.replace_argument(self.options,
'$WORKSPACE/$COMPANY.json'))
main_json['Modules'][self.module_name] = []
if self.options['SPEED'] == 'slow':
ip_list = [
x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None
] + main_json['IP Space']
elif self.options['SPEED'] == 'quick':
ip_list = [
x.get("IP") for x in main_json['Subdomains']
if x.get("IP") is not None
]
ip_list = set([ip for ip in ip_list if ip != 'N/A'])
if self.options['DEBUG'] == "True":
utils.print_info("just testing 5 first host")
ip_list = list(ip_list)[:5]
utils.just_write(
utils.replace_argument(self.options,
'$WORKSPACE/subdomain/IP-$TARGET.txt'),
"\n".join(ip_list))
# print(ip_list)
time.sleep(1)
cmd = "sudo masscan --rate 1000 -p0-65535 -iL $WORKSPACE/subdomain/IP-$TARGET.txt -oX $WORKSPACE/portscan/$OUTPUT-masscan.xml --wait 0"
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-masscan.xml')
std_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/std-$OUTPUT-masscan.std')
execute.send_cmd(self.options, cmd, output_path, std_path,
self.module_name)
def dirsearch(self):
utils.print_good('Starting dirsearch')
if self.is_direct:
domains = utils.just_read(self.is_direct).splitlines()
else:
#matching IP with subdomain
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
if self.options['DEBUG'] == 'True':
domains = domains[:5]
custom_logs = {"module": self.module_name, "content": []}
for part in utils.chunks(domains, 3):
for domain in part:
#just strip everything to save local, it won't affect the result
strip_domain = domain.replace(
'http://', '').replace('https://', '').replace('/', '-')
cmd = "python3 $PLUGINS_PATH/dirsearch/dirsearch.py -b -e php,zip,aspx,js --wordlist=$PLUGINS_PATH/wordlists/really-quick.txt --simple-report=$WORKSPACE/directory/quick/{1}-dirsearch.txt -t 50 -u {0}".format(
domain, strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/{0}-dirsearch.txt'.format(strip_domain))
std_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/std-{0}-dirsearch.std'.format(strip_domain))
execute.send_cmd(self.options, cmd, output_path,
std_path, self.module_name)
# time.sleep(0.5)
#set status to done because this gonna will be submit when all command was done
custom_logs['content'].append(
{"cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done"})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(20)
#submit a log
utils.print_info('Update activities log')
# utils.update_activities(self.options, str(custom_logs))
utils.force_done(self.options, self.module_name)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def quick_gobuster(self):
utils.print_good('Starting gobuster for short wordlist')
if self.is_direct:
domains = utils.just_read(self.is_direct).splitlines()
else:
#matching IP with subdomain
main_json = utils.reading_json(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
if self.options['DEBUG'] == 'True':
domains = domains[:5]
custom_logs = {"module": self.module_name, "content": []}
for part in utils.chunks(domains, 3):
for domain in part:
#just strip everything to save local, it won't affect the result
strip_domain = domain.replace(
'http://', '').replace('https://', '').replace('/', '-')
cmd = '$GO_PATH/gobuster -k -q -e -x php,jsp,aspx,html,json -w $PLUGINS_PATH/wordlists/quick-content-discovery.txt -t 100 -o $WORKSPACE/directory/{1}-gobuster.txt -s 200,301,307 -u "{0}" '.format(
domain.strip(), strip_domain)
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/{0}-gobuster.txt'.format(strip_domain))
std_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/quick/std-{0}-gobuster.std'.format(strip_domain))
execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
# time.sleep(0.5)
#set status to done because this gonna will be submit when all command was done
custom_logs['content'].append({"cmd": cmd, "std_path": std_path, "output_path": output_path, "status": "Done"})
#just wait couple seconds and continue but not completely stop the routine
time.sleep(20)
#submit a log
utils.print_info('Update activities log')
utils.force_done(self.options, self.module_name)
# utils.update_activities(self.options, str(custom_logs))
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def create_ip_result(self):
utils.print_good('Create IP for list of domain result')
if self.is_direct:
cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $INPUT'
else:
final_ip = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
if utils.not_empty_file(final_ip):
return
cmd = '$PLUGINS_PATH/massdns/bin/massdns -r $PLUGINS_PATH/massdns/lists/resolvers.txt -t A -o S -w $WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt $WORKSPACE/subdomain/final-$OUTPUT.txt'
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/massdns-IP-$OUTPUT.txt')
execute.send_cmd(self.options, cmd, '', '', self.module_name)
utils.just_waiting(self.options, self.module_name, seconds=5)
# matching IP with subdomain
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
with open(output_path, 'r') as i:
data = i.read().splitlines()
ips = []
for line in data:
if " A " in line:
subdomain = line.split('. A ')[0]
ip = line.split('. A ')[1]
ips.append(ip)
for i in range(len(main_json['Subdomains'])):
if subdomain == main_json['Subdomains'][i]['Domain']:
main_json['Subdomains'][i]['IP'] = ip
final_ip = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
with open(final_ip, 'w+') as fip:
fip.write("\n".join(str(ip) for ip in ips))
utils.just_write(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'), main_json, is_json=True)
def gobuster(self):
utils.print_good('Starting gobuster')
if self.options['SPEED'] != 'slow':
utils.print_good("Skipping in quick mode")
return
main_json = utils.reading_json(utils.replace_argument(self.options, '$WORKSPACE/$COMPANY.json'))
domains = [x.get('Domain') for x in main_json['Subdomains']]
for domain in domains:
cmd = '$GO_PATH/gobuster -k -q -e -fw -x php,jsp,aspx,html,json -w $PLUGINS_PATH/wordlists/dir-all.txt -t 100 -o $WORKSPACE/directory/$TARGET-gobuster.txt -s 200,301,307 -u "$TARGET" '
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/{0}-gobuster.json'.format(domain))
std_path = utils.replace_argument(
self.options, '$WORKSPACE/directory/std-{0}-gobuster.std'.format(domain))
execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name, True)
def masscan(self):
utils.print_good('Starting masscan')
time.sleep(1)
if self.is_direct:
ip_file = utils.replace_argument(
self.options, '$WORKSPACE/subdomain/final-IP-$OUTPUT.txt')
# print(ip_file)
# print(utils.just_read(ip_file))
ip_list = utils.just_read(ip_file).splitlines()
ip_list = list(set([ip for ip in ip_list if ip != 'N/A']))
else:
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
main_json['Modules'][self.module_name] = []
if self.options['SPEED'] == 'slow':
ip_list = [x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None] + main_json['IP Space']
elif self.options['SPEED'] == 'quick':
ip_list = [x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None]
ip_list = set([ip for ip in ip_list if ip != 'N/A'])
if self.options['DEBUG'] == "True":
utils.print_info("just testing 5 first host")
ip_list = list(ip_list)[:5]
utils.just_write(utils.replace_argument(
self.options, '$WORKSPACE/subdomain/IP-$TARGET.txt'), "\n".join(ip_list))
# print(ip_list)
time.sleep(1)
cmd = "sudo masscan --rate 1000 -p0-65535 -iL $WORKSPACE/subdomain/IP-$TARGET.txt -oX $WORKSPACE/portscan/$OUTPUT-masscan.xml --wait 0"
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/$OUTPUT-masscan.xml')
std_path = utils.replace_argument(
self.options, '$WORKSPACE/portscan/std-$OUTPUT-masscan.std')
execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
def nmap_vuln(self):
utils.print_good('Starting Nmap VulnScan')
if self.is_direct:
ip_list = utils.just_read(self.is_direct).splitlines()
ip_list = list(set([ip for ip in ip_list if ip != 'N/A']))
else:
main_json = utils.reading_json(utils.replace_argument(
self.options, '$WORKSPACE/$COMPANY.json'))
main_json['Modules'][self.module_name] = []
if self.options['SPEED'] == 'slow':
ip_list = [x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None] + main_json['IP Space']
elif self.options['SPEED'] == 'quick':
ip_list = [x.get("IP")
for x in main_json['Subdomains'] if x.get("IP") is not None]
ip_list = list(set([ip for ip in ip_list if ip != 'N/A']))
if self.options['DEBUG'] == 'True':
ip_list = list(ip_list)[:5]
# Scan every 5 IP at time Increse if you want
for part in utils.chunks(ip_list, 2):
for ip in part:
cmd = 'sudo nmap --open -T4 -Pn -n -sSV -p- {0} --script $PLUGINS_PATH/vulners.nse --oA $WORKSPACE/vulnscan/{0}-nmap'.format(
ip.strip())
cmd = utils.replace_argument(self.options, cmd)
output_path = utils.replace_argument(
self.options, '$WORKSPACE/vulnscan/{0}-nmap.nmap'.format(ip.strip()))
std_path = utils.replace_argument(
self.options, '$WORKSPACE/vulnscan/std-{0}-nmap.std'.format(ip.strip()))
execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
# check if previous task done or not every 30 second
while not utils.checking_done(self.options, module=self.module_name):
time.sleep(60)
#just save commands
logfile = utils.replace_argument(self.options, '$WORKSPACE/log.json')
utils.save_all_cmd(self.options, logfile)
def sleuthql(self):
utils.print_good('Starting sleuthql')
cmd = 'python3 $PLUGINS_PATH/sleuthql/sleuthql.py -d $TARGET -f $BURPSTATE'
cmd = utils.replace_argument(self.options, cmd)
execute.send_cmd(self.options, cmd, '', '', self.module_name)
def sqlmap(self):
utils.print_good('Starting sqlmap')
cmd = '$PLUGINS_PATH/sqlmap/sqlmap.py -l $BURPSTATE --batch $MORE'
cmd = utils.replace_argument(self.options, cmd)
execute.send_cmd(self.options, cmd, '', '', self.module_name)