def test(target, retries, timeout_sec, user_agent, socks_proxy, verbose_level, trying, total_req, total, num, language, dos_flag, log_in_file, scan_id, scan_cmd, thread_tmp_filename): if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target_to_host(target), '', 'wordpress_dos_cve_2018_6389_vuln')) if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy( socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo n = 0 while 1: try: r = requests.get(target, timeout=timeout_sec, headers=user_agent).content return 0 except: n += 1 if n is retries: if dos_flag: __log_into_file(thread_tmp_filename, 'w', '0', language) info( messages(language, "vulnerable").format( "wordpress_dos_cve_2018_6389_vuln")) data = json.dumps({ 'HOST': target_to_host(target), 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'wordpress_dos_cve_2018_6389_vuln', 'DESCRIPTION': messages(language, "vulnerable").format( "wordpress_dos_cve_2018_6389_vuln"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) __log_into_file(log_in_file, 'a', data, language) return 1
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': # rand useragent user_agent_list = useragents.useragents() headers = { 'User-agent': random.choice(user_agent_list), 'Content-Type': 'text/xml' } # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements threads = [] if users is None: users = extra_requirements["wp_users"] if passwds is None: passwds = extra_requirements["wp_passwds"] if ports is None: ports = extra_requirements["wp_xmlrpc_brute_ports"] if verbose_level > 3: total_req = len(users) * len(passwds) * len(ports) else: total_req = len(users) * len(passwds) * len(ports) thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 if target_type(target) != "HTTP": target = 'https://' + target for port in ports: if test(str(target), port, retries, timeout_sec, headers, socks_proxy, verbose_level, trying, total_req, total, num, language) is True: keyboard_interrupt_flag = False for user in users: for passwd in passwds: #print(user + " " + passwd) t = threading.Thread( target=check, args=(user, passwd, target, port, headers, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target_to_host(target), port, 'wp_xmlrpc_brute')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break else: warn(messages(language, "open_error").format(target)) # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() == 1 or kill_switch == kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format('wp_xmlrpc_brute', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function from core.targets import target_type from core.targets import target_to_host if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if target_type(target) == 'HTTP': target = target_to_host(target) subs = __get_subs(target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, num, total, extra_requirements=extra_requirements) if len(subs) is 0: info(messages(language, "no_subdomain_found")) if len(subs) is not 0: info(messages(language, "len_subdomain_found").format(len(subs))) for sub in subs: if verbose_level > 2: info(messages(language, "subdomain_found").format(sub)) data = json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'subdomain_scan', 'DESCRIPTION': sub, 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + "\n" __log_into_file(log_in_file, 'a', data, language) if len(subs) is 0 and verbose_level is not 0: data = json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'subdomain_scan', 'DESCRIPTION': messages(language, "subdomain_found").format( len(subs), ', '.join(subs) if len(subs) > 0 else 'None'), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + "\n" __log_into_file(log_in_file, 'a', data, language) return subs else: warn( messages(language, "input_target_error").format('subdomain_scan', target)) return []
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type(target) != 'HTTP': # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if ports is None: ports = extra_requirements["drupal_modules_ports"] if target_type(target) == 'HTTP': target = target_to_host(target) threads = [] total_req = len(ports) thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 keyboard_interrupt_flag = False for port in ports: port = int(port) t = threading.Thread(target=__drupal_modules, args=(target, int(port), timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format(trying, total_req, num, total, target, port, 'drupal_modules_scan')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 1 or kill_switch is kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1 and verbose_level is not 0: info(messages(language, "not_found")) data = json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'drupal_modules_scan', 'DESCRIPTION': messages(language, "not_found"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format('drupal_modules_scan', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': # rand useragent user_agent_list = [ "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5", "Googlebot/2.1 ( http://www.googlebot.com/bot.html)", "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04" " Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13", "Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)", "Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51", "Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620", "Debian APT-HTTP/1.3 (0.8.10.3)", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "Googlebot/2.1 (+http://www.googlebot.com/bot.html)", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; " "http://help.yahoo.com/help/us/shop/merchant/)", "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)", "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)", "msnbot/1.1 (+http://search.msn.com/msnbot.htm)" ] http_methods = ["GET", "HEAD"] user_agent = {'User-agent': random.choice(user_agent_list)} # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if extra_requirements["wp_plugin_scan_http_method"][ 0] not in http_methods: warn(messages(language, "wp_plugin_scan_get")) extra_requirements["wp_plugin_scan_http_method"] = ["GET"] random_agent_flag = True if extra_requirements["wp_plugin_scan_random_agent"][0] == "False": random_agent_flag = False threads = [] if verbose_level > 3: total_req = len(wp_plugins.wp_plugins()) else: total_req = len(wp_plugins_small.wp_plugins()) thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 if target_type(target) != "HTTP": target = 'https://' + target if test(str(target), retries, timeout_sec, user_agent, extra_requirements["wp_plugin_scan_http_method"][0], socks_proxy, verbose_level, trying, total_req, total, num, language) is 0: keyboard_interrupt_flag = False if verbose_level > 3: scan_list = wp_plugins.wp_plugins() else: scan_list = wp_plugins_small.wp_plugins() for idir in scan_list: idir = "/wp-content/plugins/" + idir if random_agent_flag: user_agent = {'User-agent': random.choice(user_agent_list)} t = threading.Thread( target=check, args=(target + '/' + idir, user_agent, timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, retries, extra_requirements["wp_plugin_scan_http_method"][0], socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target_to_host(target), "default_port", 'wp_plugin_scan')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break else: warn(messages(language, "open_error").format(target)) # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 1 or kill_switch is kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1: info( messages(language, "directory_file_404").format(target, "default_port")) if verbose_level is not 0: data = json.dumps({ 'HOST': target_to_host(target), 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'wp_plugin_scan', 'DESCRIPTION': messages(language, "no_open_ports"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format('wp_plugin_scan', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, show_version, check_update, proxies, retries, ping_flag, methods_args): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type(target) != 'HTTP': # rand useragent user_agent_list = [ "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5", "Googlebot/2.1 ( http://www.googlebot.com/bot.html)", "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04" " Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13", "Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)", "Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51", "Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620", "Debian APT-HTTP/1.3 (0.8.10.3)", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "Googlebot/2.1 (+http://www.googlebot.com/bot.html)", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; " "http://help.yahoo.com/help/us/shop/merchant/)", "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)", "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)", "msnbot/1.1 (+http://search.msn.com/msnbot.htm)" ] http_methods = ["GET", "HEAD"] user_agent = {'User-agent': random.choice(user_agent_list)} # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if extra_requirements["dir_scan_http_method"][0] not in http_methods: warn(messages(language, 110)) extra_requirements["dir_scan_http_method"] = ["GET"] if ports is None: ports = extra_requirements["dir_scan_ports"] random_agent_flag = True if extra_requirements["dir_scan_random_agent"][0] == "False": random_agent_flag = False if ping_flag and do_one_ping(target_to_host(target), timeout_sec, 8) is None: warn( messages(language, 100).format(target_to_host(target), 'dir_scan')) return None threads = [] max = thread_number total_req = len(extra_requirements["dir_scan_list"]) * len(ports) thread_tmp_filename = 'tmp/thread_tmp_' + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) thread_write = open(thread_tmp_filename, 'w') thread_write.write('1') thread_write.close() trying = 0 for port in ports: port = int(port) if target_type(target) == 'SINGLE_IPv4' or target_type( target) == 'DOMAIN': url = 'http://{0}:{1}/'.format(target, str(port)) else: if target.count(':') > 1: error(messages(language, 105)) from core.color import finish finish() sys.exit(1) http = target.rsplit('://')[0] host = target_to_host(target) path = "/".join( target.replace('http://', '').replace('https://', '').rsplit('/')[1:]) url = http + '://' + host + ':' + str(port) + '/' + path if test(url, retries, timeout_sec, user_agent, extra_requirements["dir_scan_http_method"][0]) is 0: for idir in extra_requirements["dir_scan_list"]: # check target type if target_type(target) == 'SINGLE_IPv4' or target_type( target) == 'DOMAIN': url = 'http://{0}:{1}/{2}'.format( target, str(port), idir) else: http = target.rsplit('://')[0] host = target_to_host(target) path = "/".join( target.replace('http://', '').replace('https://', '').rsplit('/')[1:]) url = http + '://' + host + ':' + str( port) + '/' + path + '/' + idir if random_agent_flag is True: user_agent = { 'User-agent': random.choice(user_agent_list) } t = threading.Thread( target=check, args=(url, user_agent, timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, retries, extra_requirements["dir_scan_http_method"][0])) threads.append(t) t.start() trying += 1 while 1: n = 0 for thread in threads: if thread.isAlive() is True: n += 1 else: threads.remove(thread) if n >= max: time.sleep(0.1) else: break info( messages(language, 72).format(trying, total_req, num, total, target_to_host(target), port)) else: warn(messages(language, 109).format(url)) # wait for threads while 1: n = True for thread in threads: if thread.isAlive() is True: n = False time.sleep(0.1) if n is True: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1: info(messages(language, 108).format(target, port)) if verbose_level is not 0: _HOST = messages(language, 53) _USERNAME = messages(language, 54) _PASSWORD = messages(language, 55) _PORT = messages(language, 56) _TYPE = messages(language, 57) _DESCRIPTION = messages(language, 58) save = open(log_in_file, 'a') save.write( json.dumps({ _HOST: target, _USERNAME: '', _PASSWORD: '', _PORT: '', _TYPE: 'dir_scan', _DESCRIPTION: messages(language, 94) }) + '\n') save.close() os.remove(thread_tmp_filename) else: warn(messages(language, 69).format('dir_scan', target))
def __netcraft(target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, headers, thread_tmp_filename): try: from core.targets import target_to_host if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy( socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo n = 0 results = '' url = 'https://searchdns.netcraft.com/?restriction=site+contains&host=*.{0}' \ '&lookup=wait..&position=limited'.format(target) subs = [] while '<b>Next page</b></a>' not in results: while 1: try: results = requests.get(url, headers=headers) break except: n += 1 if n is 3: break break if results.status_code is 200: for l in re.compile( '<a href="http://toolbar.netcraft.com/site_report\?url=(.*)">' ).findall(results.content): if target_to_host(l).endswith(target) and target_to_host( l) not in subs: subs.append(target_to_host(l)) else: # warn 403 break try: url = 'http://searchdns.netcraft.com' + re.compile( '<A href="(.*?)"><b>Next page</b></a>').findall( results.content)[0] except: break f = open(thread_tmp_filename, 'a') f.write('\n'.join(subs) + '\n') f.close() return subs except: return []
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type(target) != 'HTTP': # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if users is None: users = extra_requirements["smtp_brute_users"] if passwds is None: passwds = extra_requirements["smtp_brute_passwds"] if ports is None: ports = extra_requirements["smtp_brute_ports"] if extra_requirements["smtp_brute_split_user_set_pass"][0] not in [ "False", "True" ]: extra_requirements["smtp_brute_split_user_set_pass"][0] = "False" if target_type(target) == 'HTTP': target = target_to_host(target) threads = [] total_req = int( len(users) * len(passwds) * len(ports) * len(extra_requirements["smtp_brute_split_user_set_pass_prefix"])) \ if extra_requirements["smtp_brute_split_user_set_pass"][0] == "False" \ else int(len(users) * len(ports) * len(extra_requirements["smtp_brute_split_user_set_pass_prefix"])) thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) ports_tmp_filename = '{}/tmp/ports_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) __log_into_file(ports_tmp_filename, 'w', '', language) ports = test_ports(ports, timeout_sec, target, retries, language, num, total, time_sleep, ports_tmp_filename, thread_number, total_req, verbose_level, socks_proxy) trying = 0 if extra_requirements["smtp_brute_split_user_set_pass"][0] == "False": for port in ports: for user in users: for passwd in passwds: t = threading.Thread( target=login, args=(user, passwd, target, port, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target, port, 'smtp_brute')) while 1: n = 0 for thread in threads: if thread.isAlive(): n += 1 else: threads.remove(thread) if n >= thread_number: time.sleep(0.01) else: break else: keyboard_interrupt_flag = False for port in ports: for user in users: for prefix in extra_requirements[ "smtp_brute_split_user_set_pass_prefix"]: t = threading.Thread( target=login, args=(user, user.rsplit('@')[0] + prefix, target, port, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target, port, 'smtp_brute')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break else: break else: break # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() == 1 or kill_switch == kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write == 1 and verbose_level != 0: data = json.dumps( { 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'smtp_brute', 'DESCRIPTION': messages(language, "no_user_passwords"), 'TIME': now(), 'CATEGORY': "brute", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + "\n" __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn(messages(language, "input_target_error").format(target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type(target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': # rand useragent user_agent_list = [ "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5", "Googlebot/2.1 ( http://www.googlebot.com/bot.html)", "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04" " Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13", "Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)", "Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51", "Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620", "Debian APT-HTTP/1.3 (0.8.10.3)", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "Googlebot/2.1 (+http://www.googlebot.com/bot.html)", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; " "http://help.yahoo.com/help/us/shop/merchant/)", "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)", "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)", "msnbot/1.1 (+http://search.msn.com/msnbot.htm)" ] headers = {'User-agent': random.choice(user_agent_list), 'Content-Type': 'text/xml'} # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[ extra_requirement] = methods_args[extra_requirement] extra_requirements = new_extra_requirements threads = [] if users is None: users = extra_requirements["wp_users"] if passwds is None: passwds = extra_requirements["wp_passwds"] if ports is None: ports = extra_requirements["wp_xmlrpc_brute_ports"] if verbose_level > 3: total_req = len(users) * len(passwds) * len (ports) else: total_req = len(users) * len(passwds) * len(ports) thread_tmp_filename = '{}/tmp/thread_tmp_'.format(load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 if target_type(target) != "HTTP": target = 'https://' + target for port in ports: if test(str(target), port, retries, timeout_sec, headers, socks_proxy, verbose_level, trying, total_req, total, num, language) is True: keyboard_interrupt_flag = False for user in users: for passwd in passwds: #print(user + " " + passwd) t = threading.Thread(target=check, args=( user, passwd, target, port, headers, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info(messages(language, "trying_message").format(trying, total_req, num, total, target_to_host(target), port, 'wp_xmlrpc_brute')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break else: warn(messages(language, "open_error").format(target)) # wait for threads kill_switch = 0 kill_time = int( timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 1 or kill_switch is kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) os.remove(thread_tmp_filename) else: warn(messages(language, "input_target_error").format( 'wp_xmlrpc_brute', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type(target) != 'HTTP': # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if ports is None: ports = extra_requirements["Proftpd_vuln_ports"] if target_type(target) == 'HTTP': target = target_to_host(target) threads = [] total_req = len(ports) thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 keyboard_interrupt_flag = False for port in ports: port = int(port) t = threading.Thread(target=__directory_traversal, args=(target, int(port), timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target, port, 'Proftpd_directory_traversal_vuln')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 1 or kill_switch is kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1 and verbose_level is not 0: info( messages(language, "no_vulnerability_found").format( 'Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command. CVE-2010-3867' )) data = json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'Proftpd_directory_traversal_vuln', 'DESCRIPTION': messages(language, "no_vulnerability_found").format( 'Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command. CVE-2010-3867' ), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format( 'Proftpd_directory_traversal_vuln', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, show_version, check_update, socks_proxy, retries, ping_flag, methods_args): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type(target) != 'HTTP': # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if users is None: users = extra_requirements["smtp_brute_users"] if passwds is None: passwds = extra_requirements["smtp_brute_passwds"] if ports is None: ports = extra_requirements["smtp_brute_ports"] if extra_requirements["smtp_brute_split_user_set_pass"][0] not in [ "False", "True" ]: extra_requirements["smtp_brute_split_user_set_pass"][0] = "False" if target_type(target) == 'HTTP': target = target_to_host(target) if ping_flag and do_one_ping(target, timeout_sec, 8) is None: warn(messages(language, 100).format(target, 'smtp_brute')) return None threads = [] max = thread_number total_req = int( len(users) * len(passwds) * len(ports) * len(extra_requirements["smtp_brute_split_user_set_pass_prefix"])) \ if extra_requirements["smtp_brute_split_user_set_pass"][0] == "False" \ else int(len(users) * len(ports) * len(extra_requirements["smtp_brute_split_user_set_pass_prefix"])) thread_tmp_filename = 'tmp/thread_tmp_' + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) ports_tmp_filename = 'tmp/ports_tmp_' + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) thread_write = open(thread_tmp_filename, 'w') thread_write.write('1') thread_write.close() ports_write = open(ports_tmp_filename, 'w') ports_write.write('') ports_write.close() ports = test_ports(ports, timeout_sec, target, retries, language, num, total, time_sleep, ports_tmp_filename, thread_number, total_req, verbose_level, socks_proxy) trying = 0 if extra_requirements["smtp_brute_split_user_set_pass"][0] == "False": for port in ports: for user in users: for passwd in passwds: t = threading.Thread( target=login, args=(user, passwd, target, port, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy)) threads.append(t) t.start() trying += 1 if verbose_level is not 0: info( messages(language, 72).format(trying, total_req, num, total, target, port)) while 1: n = 0 for thread in threads: if thread.isAlive() is True: n += 1 else: threads.remove(thread) if n >= max: time.sleep(0.01) else: break else: for port in ports: for user in users: for prefix in extra_requirements[ "smtp_brute_split_user_set_pass_prefix"]: t = threading.Thread( target=login, args=(user, user.rsplit('@')[0] + prefix, target, port, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename)) threads.append(t) t.start() trying += 1 if verbose_level is not 0: info( messages(language, 72).format(trying, total_req, num, total, target, port)) while 1: n = 0 for thread in threads: if thread.isAlive() is True: n += 1 else: threads.remove(thread) if n >= max: time.sleep(0.01) else: break # wait for threads while 1: n = True for thread in threads: if thread.isAlive() is True: n = False time.sleep(0.01) if n is True: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1 and verbose_level is not 0: _HOST = messages(language, 53) _USERNAME = messages(language, 54) _PASSWORD = messages(language, 55) _PORT = messages(language, 56) _TYPE = messages(language, 57) _DESCRIPTION = messages(language, 58) save = open(log_in_file, 'a') save.write( json.dumps({ _HOST: target, _USERNAME: '', _PASSWORD: '', _PORT: '', _TYPE: 'smtp_brute', _DESCRIPTION: messages(language, 95) }) + '\n') save.close() os.remove(thread_tmp_filename) else: warn(messages(language, 69).format(target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, show_version, check_update, socks_proxy, retries, ping_flag, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type(target) != 'HTTP': # output format time.sleep(time_sleep) if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy( socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo # set user agent headers = { "User-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0", "Accept": "text/javascript, text/html, application/xml, text/xml, */*", "Accept-Language": "en-US,en;q=0.5" } # timeout check if ping_flag and do_one_ping(target_to_host(target), timeout_sec, 8) is None: if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy( socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo warn( messages(language, 100).format(target_to_host(target), 'viewdns_reverse_ip_lookup_scan')) return None total_req = 1 trying = 1 info( messages(language, 113).format(trying, total_req, num, total, target, 'viewdns ip lookup')) n = 0 while 1: try: res = requests.get( 'http://viewdns.info/reverseip/?host={0}&t=1'.format( target), timeout=timeout_sec, headers=headers, verify=True).text break except: n += 1 if n is retries: warn(messages(language, 106).format("viewdns.info")) return 1 _values = [] try: s = '<table>' + res.rsplit('''<table border="1">''')[1].rsplit( "<br></td></tr><tr></tr>")[0] table = ET.XML(s) rows = iter(table) headers = [col.text for col in next(rows)] for row in rows: values = [col.text for col in row] _values.append(dict(zip(headers, values))["Domain"]) except: pass info( messages(language, 114).format( len(_values), ", ".join(_values) if len(_values) > 0 else "None")) if len(_values) > 0: save = open(log_in_file, 'a') save.write( json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'viewdns_reverse_ip_lookup_scan', 'DESCRIPTION': messages(language, 114).format( len(_values), ", ".join(_values) if len(_values) > 0 else "None"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + '\n') save.close() if verbose_level is not 0: save = open(log_in_file, 'a') save.write( json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'viewdns_reverse_ip_lookup_scan', 'DESCRIPTION': messages(language, 114).format( len(_values), ", ".join(_values) if len(_values) > 0 else "None"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + '\n') save.close() else: warn( messages(language, 69).format('viewdns_reverse_ip_lookup_scan', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': # rand useragent user_agent_list = useragents.useragents() user_agent = {'User-agent': random.choice(user_agent_list)} limit = 1000 # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements random_agent_flag = True if extra_requirements["wordpress_dos_cve_2018_6389_vuln_random_agent"][ 0] != "True": random_agent_flag = False if extra_requirements["wordpress_dos_cve_2018_6389_vuln_no_limit"][ 0] != "False": limit = -1 threads = [] total_req = limit filepath = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 if target_type(target) == 'SINGLE_IPv4' or target_type( target) == 'DOMAIN': url = 'http://{0}/'.format(target) else: if target.count(':') > 1: __die_failure(messages(language, "insert_port_message")) http = target.rsplit('://')[0] host = target_to_host(target) path = "/".join( target.replace('http://', '').replace('https://', '').rsplit('/')[1:]) url = http + '://' + host + '/' + path if test(url, retries, timeout_sec, user_agent, socks_proxy, verbose_level, trying, total_req, total, num, language, False, log_in_file, scan_id, scan_cmd, thread_tmp_filename) != 0: warn(messages(language, "open_error").format(url)) return info(messages(language, "DOS_send").format(target)) n = 0 t = threading.Thread( target=test, args=(url, retries, timeout_sec, user_agent, socks_proxy, verbose_level, trying, total_req, total, num, language, True, log_in_file, scan_id, scan_cmd, thread_tmp_filename)) t.start() keyboard_interrupt_flag = False while (n != limit): n += 1 if random_agent_flag: user_agent = {'User-agent': random.choice(user_agent_list)} t = threading.Thread(target=send_dos, args=(url, user_agent, timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, retries, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target_to_host(target), port, 'wordpress_dos_cve_2018_6389_vuln')) try: if int(open(thread_tmp_filename).read().rsplit()[0]) == 0: if limit != -1: break except Exception: pass while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() == 2 or kill_switch == kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write == 1: info( messages(language, "no_vulnerability_found").format( "wordpress_dos_cve_2018_6389_vuln")) if verbose_level != 0: data = json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'wordpress_dos_cve_2018_6389_vuln', 'DESCRIPTION': messages(language, "no_vulnerability_found").format( "wordpress_dos_cve_2018_6389_vuln"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format( 'wordpress_dos_cve_2018_6389_vuln', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, show_version, check_update, proxies, retries, ping_flag): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type(target) == 'HTTP': if target_type(target) == 'HTTP': target = target_to_host(target) if do_one_ping(target, timeout_sec, 8) is None: warn(messages(language, 100).format(target, 'ssh_brute')) return None threads = [] max = thread_number total_req = len(users) * len(passwds) thread_tmp_filename = 'tmp/thread_tmp_' + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) ports_tmp_filename = 'tmp/ports_tmp_' + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) thread_write = open(thread_tmp_filename, 'w') thread_write.write('1') thread_write.close() ports_write = open(ports_tmp_filename, 'w') ports_write.write('') ports_write.close() trying = 0 ports = test_ports(ports, timeout_sec, target, retries, language, num, total, time_sleep, ports_tmp_filename, thread_number, total_req) for port in ports: # test ssh portflag = True exit = 0 port = int(port) for user in users: for passwd in passwds: t = threading.Thread(target=login, args=(user, passwd, target, port, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename)) threads.append(t) t.start() trying += 1 info( messages(language, 72).format(trying, total_req, num, total, target, port)) while 1: n = 0 for thread in threads: if thread.isAlive() is True: n += 1 else: threads.remove(thread) if n >= max: time.sleep(0.1) else: break # wait for threads while 1: n = True for thread in threads: if thread.isAlive() is True: n = False time.sleep(0.1) if n is True: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1 and verbose_level is not 0: _HOST = messages(language, 53) _USERNAME = messages(language, 54) _PASSWORD = messages(language, 55) _PORT = messages(language, 56) _TYPE = messages(language, 57) _DESCRIPTION = messages(language, 58) save = open(log_in_file, 'a') save.write( json.dumps({ _HOST: target, _USERNAME: '', _PASSWORD: '', _PORT: '', _TYPE: 'ssh_brute', _DESCRIPTION: messages(language, 95) }) + '\n') save.close() os.remove(thread_tmp_filename) else: warn(messages(language, 69).format('ssh_brute', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type( target) != 'HTTP' or target_type(target) != 'SINGLE_IPv6': # rand useragent user_agent_list = [ "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5", "Googlebot/2.1 ( http://www.googlebot.com/bot.html)", "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04" " Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13", "Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)", "Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51", "Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620", "Debian APT-HTTP/1.3 (0.8.10.3)", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "Googlebot/2.1 (+http://www.googlebot.com/bot.html)", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; " "http://help.yahoo.com/help/us/shop/merchant/)", "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)", "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)", "msnbot/1.1 (+http://search.msn.com/msnbot.htm)" ] user_agent = {'User-agent': random.choice(user_agent_list)} limit = 1000 # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements random_agent_flag = True if extra_requirements["wordpress_dos_cve_2018_6389_vuln_random_agent"][ 0] != "True": random_agent_flag = False if extra_requirements["wordpress_dos_cve_2018_6389_vuln_no_limit"][ 0] != "False": limit = -1 threads = [] total_req = limit filepath = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 if target_type(target) == 'SINGLE_IPv4' or target_type( target) == 'DOMAIN': url = 'http://{0}/'.format(target) else: if target.count(':') > 1: __die_failure(messages(language, "insert_port_message")) http = target.rsplit('://')[0] host = target_to_host(target) path = "/".join( target.replace('http://', '').replace('https://', '').rsplit('/')[1:]) url = http + '://' + host + '/' + path if test(url, retries, timeout_sec, user_agent, socks_proxy, verbose_level, trying, total_req, total, num, language, False, log_in_file, scan_id, scan_cmd, thread_tmp_filename) is not 0: warn(messages(language, "open_error").format(url)) return info(messages(language, "DOS_send").format(target)) n = 0 t = threading.Thread( target=test, args=(url, retries, timeout_sec, user_agent, socks_proxy, verbose_level, trying, total_req, total, num, language, True, log_in_file, scan_id, scan_cmd, thread_tmp_filename)) t.start() keyboard_interrupt_flag = False while (n != limit): n += 1 if random_agent_flag: user_agent = {'User-agent': random.choice(user_agent_list)} t = threading.Thread(target=send_dos, args=(url, user_agent, timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, retries, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target_to_host(target), port, 'wordpress_dos_cve_2018_6389_vuln')) try: if int(open(thread_tmp_filename).read().rsplit()[0]) is 0: if limit is not -1: break except: pass while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 2 or kill_switch is kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1: info( messages(language, "no_vulnerability_found").format( "wordpress_dos_cve_2018_6389_vuln")) if verbose_level is not 0: data = json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'wordpress_dos_cve_2018_6389_vuln', 'DESCRIPTION': messages(language, "no_vulnerability_found").format( "wordpress_dos_cve_2018_6389_vuln"), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format( 'wordpress_dos_cve_2018_6389_vuln', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, show_version, check_update, socks_proxy, retries, ping_flag, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type(target) != 'HTTP': # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if users is None: users = extra_requirements["ftp_brute_users"] if passwds is None: passwds = extra_requirements["ftp_brute_passwds"] if ports is None: ports = extra_requirements["ftp_brute_ports"] if target_type(target) == 'HTTP': target = target_to_host(target) if ping_flag and do_one_ping(target, timeout_sec, 8) is None: if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy( socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo warn(messages(language, 100).format(target, 'ftp_brute')) return None threads = [] max = thread_number total_req = len(users) * len(passwds) * len(ports) thread_tmp_filename = 'tmp/thread_tmp_' + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) ports_tmp_filename = 'tmp/ports_tmp_' + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) thread_write = open(thread_tmp_filename, 'w') thread_write.write('1') thread_write.close() ports_write = open(ports_tmp_filename, 'w') ports_write.write('') ports_write.close() trying = 0 ports = test_ports(ports, timeout_sec, target, retries, language, num, total, time_sleep, ports_tmp_filename, thread_number, total_req, verbose_level, socks_proxy) for port in ports: for user in users: for passwd in passwds: t = threading.Thread( target=login, args=(user, passwd, target, port, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy)) threads.append(t) t.start() trying += 1 if verbose_level is not 0: info( messages(language, 72).format(trying, total_req, num, total, target, port, 'ftp_brute')) while 1: try: if threading.activeCount() >= max: time.sleep(0.01) else: break except KeyboardInterrupt: break break # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 1 or kill_switch is kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1 and verbose_level is not 0: save = open(log_in_file, 'a') save.write( json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'ftp_brute', 'DESCRIPTION': messages(language, 95), 'TIME': now(), 'CATEGORY': "brute", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + '\n') save.close() os.remove(thread_tmp_filename) else: warn(messages(language, 69).format('ftp_brute', target))
def start( target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd, ): # Main function if (target_type(target) != "SINGLE_IPv4" or target_type(target) != "DOMAIN" or target_type(target) != "HTTP"): # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if ports is None: ports = extra_requirements["whatcms_ports"] if target_type(target) == "HTTP": target = target_to_host(target) threads = [] total_req = len(ports) thread_tmp_filename = "{}/tmp/thread_tmp_".format( load_file_path()) + "".join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, "w", "1", language) trying = 0 keyboard_interrupt_flag = False for port in ports: port = int(port) t = threading.Thread( target=__whatcms, args=( target, int(port), timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd, extra_requirements["whatcms_api_key"][0], ), ) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target, port, "whatcms_scan", )) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) != 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() == 1: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write == 1 and verbose_level != 0: info(messages(language, "not_found")) data = json.dumps({ "HOST": target, "USERNAME": "", "PASSWORD": "", "PORT": "", "TYPE": "whatcms_scan", "DESCRIPTION": messages(language, "not_found"), "TIME": now(), "CATEGORY": "scan", "SCAN_ID": scan_id, "SCAN_CMD": scan_cmd, }) __log_into_file(log_in_file, "a", data, language) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format("whatcms_scan", target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, ping_flag, methods_args, scan_id, scan_cmd): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type(target) != 'HTTP': # rand useragent user_agent_list = [ "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5", "Googlebot/2.1 ( http://www.googlebot.com/bot.html)", "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04" " Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13", "Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)", "Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51", "Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620", "Debian APT-HTTP/1.3 (0.8.10.3)", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "Googlebot/2.1 (+http://www.googlebot.com/bot.html)", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; " "http://help.yahoo.com/help/us/shop/merchant/)", "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)", "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)", "msnbot/1.1 (+http://search.msn.com/msnbot.htm)" ] http_methods = ["GET", "HEAD"] user_agent = {'User-agent': random.choice(user_agent_list)} # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if extra_requirements["dir_scan_http_method"][0] not in http_methods: warn(messages(language, 110)) extra_requirements["dir_scan_http_method"] = ["GET"] if ports is None: ports = extra_requirements["dir_scan_ports"] random_agent_flag = True if extra_requirements["dir_scan_random_agent"][0] == "False": random_agent_flag = False if ping_flag: if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy( socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo warn(messages(language, 100).format(target, 'heartbleed_vuln')) if do_one_ping(target, timeout_sec, 8) is None: return None threads = [] max = thread_number total_req = len(extra_requirements["dir_scan_list"]) * len(ports) thread_tmp_filename = 'tmp/thread_tmp_' + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) thread_write = open(thread_tmp_filename, 'w') thread_write.write('1') thread_write.close() trying = 0 for port in ports: port = int(port) if target_type(target) == 'SINGLE_IPv4' or target_type( target) == 'DOMAIN': url = 'http://{0}:{1}/'.format(target, str(port)) else: if target.count(':') > 1: error(messages(language, 105)) from core.color import finish finish() sys.exit(1) http = target.rsplit('://')[0] host = target_to_host(target) path = "/".join( target.replace('http://', '').replace('https://', '').rsplit('/')[1:]) url = http + '://' + host + ':' + str(port) + '/' + path if test(url, retries, timeout_sec, user_agent, extra_requirements["dir_scan_http_method"][0], socks_proxy, verbose_level, trying, total_req, total, num, port, language) is 0: for idir in extra_requirements["dir_scan_list"]: # check target type if target_type(target) == 'SINGLE_IPv4' or target_type( target) == 'DOMAIN': url = 'http://{0}:{1}/{2}'.format( target, str(port), idir) else: http = target.rsplit('://')[0] host = target_to_host(target) path = "/".join( target.replace('http://', '').replace('https://', '').rsplit('/')[1:]) url = http + '://' + host + ':' + str( port) + '/' + path + '/' + idir if random_agent_flag: user_agent = { 'User-agent': random.choice(user_agent_list) } t = threading.Thread( target=check, args=(url, user_agent, timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, retries, extra_requirements["dir_scan_http_method"][0], socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level is not 0: info( messages(language, 72).format(trying, total_req, num, total, target_to_host(target), port, 'dir_scan')) while 1: try: if threading.activeCount() >= max: time.sleep(0.01) else: break except KeyboardInterrupt: break break else: warn(messages(language, 109).format(url)) # wait for threads kill_switch = 0 kill_time = int(timeout_sec / 0.1) if int(timeout_sec / 0.1) is not 0 else 1 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() is 1 or kill_switch is kill_time: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1: info(messages(language, 108).format(target, ",".join(ports))) if verbose_level is not 0: save = open(log_in_file, 'a') save.write( json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'dir_scan', 'DESCRIPTION': messages(language, 94), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + '\n') save.close() os.remove(thread_tmp_filename) else: warn(messages(language, 69).format('dir_scan', target))
def check(target, user_agent, timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, retries, http_method): _HOST = messages(language, 53) _USERNAME = messages(language, 54) _PASSWORD = messages(language, 55) _PORT = messages(language, 56) _TYPE = messages(language, 57) _DESCRIPTION = messages(language, 58) status_codes = [200, 401, 403] directory_listing_msgs = [ "<title>Index of /", "<a href=\"\\?C=N;O=D\">Name</a>", "Directory Listing for", "Parent Directory</a>", "Last modified</a>", "<TITLE>Folder Listing.", "- Browsing directory " ] time.sleep(time_sleep) try: n = 0 while 1: try: if http_method == "GET": r = requests.get(target, timeout=timeout_sec, headers=user_agent, verify=True) elif http_method == "HEAD": r = requests.head(target, timeout=timeout_sec, headers=user_agent, verify=True) content = r.content break except: n += 1 if n is retries: warn(messages(language, 106).format(target)) return 1 if version() is 3: content = content.decode('utf8') if r.status_code in status_codes: info( messages(language, 38).format(target, r.status_code, r.reason)) thread_write = open(thread_tmp_filename, 'w') thread_write.write('0') thread_write.close() save = open(log_in_file, 'a') save.write( json.dumps({ _HOST: target_to_host(target), _USERNAME: '', _PASSWORD: '', _PORT: int(target.rsplit(':')[2].rsplit('/')[0]), _TYPE: 'dir_scan', _DESCRIPTION: messages(language, 38).format(target, r.status_code, r.reason) }) + '\n') save.close() if r.status_code is 200: for dlmsg in directory_listing_msgs: if dlmsg in content: info(messages(language, 104).format(target)) save = open(log_in_file, 'a') save.write( json.dumps({ _HOST: target_to_host(target), _USERNAME: '', _PASSWORD: '', _PORT: int(target.rsplit(':')[1].rsplit('/')[0]), _TYPE: 'dir_scan', _DESCRIPTION: messages(language, 104).format(target) }) + '\n') save.close() break return True except: return False
def check(target, user_agent, timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename, retries, http_method, socks_proxy, scan_id, scan_cmd): status_codes = [200, 401, 403] directory_listing_msgs = [ "<title>Index of /", "<a href=\"\\?C=N;O=D\">Name</a>", "Directory Listing for", "Parent Directory</a>", "Last modified</a>", "<TITLE>Folder Listing.", "- Browsing directory " ] time.sleep(time_sleep) try: if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy( socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo n = 0 while 1: try: if http_method == "GET": r = requests.get(target, timeout=timeout_sec, headers=user_agent, verify=True) elif http_method == "HEAD": r = requests.head(target, timeout=timeout_sec, headers=user_agent, verify=True) content = r.content break except: n += 1 if n is retries: warn(messages(language, 106).format(target)) return 1 if version() is 3: content = content.decode('utf8') if r.status_code in status_codes: info( messages(language, 38).format(target, r.status_code, r.reason)) thread_write = open(thread_tmp_filename, 'w') thread_write.write('0') thread_write.close() save = open(log_in_file, 'a') save.write( json.dumps({ 'HOST': target_to_host(target), 'USERNAME': '', 'PASSWORD': '', 'PORT': int(target.rsplit(':')[2].rsplit('/')[0]), 'TYPE': 'dir_scan', 'DESCRIPTION': messages(language, 38).format(target, r.status_code, r.reason), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + '\n') save.close() if r.status_code is 200: for dlmsg in directory_listing_msgs: if dlmsg in content: info(messages(language, 104).format(target)) save = open(log_in_file, 'a') save.write( json.dumps({ 'HOST': target_to_host(target), 'USERNAME': '', 'PASSWORD': '', 'PORT': int(target.rsplit(':')[1].rsplit('/')[0]), 'TYPE': 'dir_scan', 'DESCRIPTION': messages(language, 104).format(target), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + '\n') save.close() break return True except: return False
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, show_version, check_update, socks_proxy, retries, ping_flag, methods_args, scan_id, scan_cmd): # Main function from core.targets import target_type from core.targets import target_to_host if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type(target) != 'HTTP': # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if target_type(target) == 'HTTP': target = target_to_host(target) if ping_flag: if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy( socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str(socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo warn(messages(language, 100).format(target, 'heartbleed_vuln')) if do_one_ping(target, timeout_sec, 8) is None: return None subs = __get_subs(target, timeout_sec, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, num, total, extra_requirements=extra_requirements) info( messages(language, 135).format(len(subs), ', '.join(subs) if len(subs) > 0 else 'None')) if len(subs) is not 0: save = open(log_in_file, 'a') save.write( json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'subdomain_scan', 'DESCRIPTION': messages(language, 135).format( len(subs), ', '.join(subs) if len(subs) > 0 else 'None'), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + '\n') save.close() if len(subs) is 0 and verbose_level is not 0: save = open(log_in_file, 'a') save.write( json.dumps({ 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'subdomain_scan', 'DESCRIPTION': messages(language, 135).format( len(subs), ', '.join(subs) if len(subs) > 0 else 'None'), 'TIME': now(), 'CATEGORY': "scan", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + '\n') save.close() return subs else: warn(messages(language, 69).format('subdomain_scan', target)) return []
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, socks_proxy, retries, methods_args, scan_id, scan_cmd): if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type(target) != 'HTTP': new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if users is None: users = extra_requirements["http_form_brute_users"] if passwds is None: passwds = extra_requirements["http_form_brute_passwds"] if ports is None: ports = extra_requirements["http_form_brute_ports"] if target.lower().startswith('http://') or target.lower().startswith( 'https://'): pass else: target = 'http://' + str(target) threads = [] total_req = len(users) * len(passwds) thread_tmp_filename = '{}/tmp/thread_tmp_'.format( load_file_path()) + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) __log_into_file(thread_tmp_filename, 'w', '1', language) trying = 0 keyboard_interrupt_flag = False for port in ports: if check("http://" + target_to_host(target), timeout_sec, language, port): target = target elif check("https://" + target_to_host(target), timeout_sec, language, port): target = "https" + target[4:] for user in users: for passwd in passwds: t = threading.Thread(target=login, args=(user, passwd, target, port, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd)) threads.append(t) t.start() trying += 1 if verbose_level > 3: info( messages(language, "trying_message").format( trying, total_req, num, total, target, port, 'http_form_brute')) while 1: try: if threading.activeCount() >= thread_number: time.sleep(0.01) else: break except KeyboardInterrupt: keyboard_interrupt_flag = True break if keyboard_interrupt_flag: break if keyboard_interrupt_flag: break if keyboard_interrupt_flag: break # wait for threads kill_switch = 0 while 1: time.sleep(0.1) kill_switch += 1 try: if threading.activeCount() == 1: break except KeyboardInterrupt: break thread_write = int( open(thread_tmp_filename).read().rsplit()[0]) if thread_write == 1 and verbose_level != 0: data = json.dumps( { 'HOST': target, 'USERNAME': '', 'PASSWORD': '', 'PORT': '', 'TYPE': 'http_form_brute', 'DESCRIPTION': messages(language, "no_user_passwords"), 'TIME': now(), 'CATEGORY': "brute", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd }) + "\n" __log_into_file(log_in_file, 'a', data, language) os.remove(thread_tmp_filename) else: warn( messages(language, "input_target_error").format('http_form_brute', target))
def start(target, users, passwds, ports, timeout_sec, thread_number, num, total, log_in_file, time_sleep, language, verbose_level, show_version, check_update, proxies, retries, ping_flag, methods_args): # Main function if target_type(target) != 'SINGLE_IPv4' or target_type( target) != 'DOMAIN' or target_type(target) != 'HTTP': # requirements check new_extra_requirements = extra_requirements_dict() if methods_args is not None: for extra_requirement in extra_requirements_dict(): if extra_requirement in methods_args: new_extra_requirements[extra_requirement] = methods_args[ extra_requirement] extra_requirements = new_extra_requirements if ports is None: ports = extra_requirements["port_scan_ports"] if target_type(target) == 'HTTP': target = target_to_host(target) if ping_flag and do_one_ping(target, timeout_sec, 8) is None: warn(messages(language, 100).format(target, 'port_scan')) return None threads = [] max = thread_number total_req = len(ports) thread_tmp_filename = 'tmp/thread_tmp_' + ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) thread_write = open(thread_tmp_filename, 'w') thread_write.write('1') thread_write.close() trying = 0 for port in ports: port = int(port) t = threading.Thread(target=connect, args=(target, int(port), timeout_sec, log_in_file, language, time_sleep, thread_tmp_filename)) threads.append(t) t.start() trying += 1 if verbose_level is not 0: info( messages(language, 72).format(trying, total_req, num, total, target, port)) while 1: try: n = 0 for thread in threads: if thread.isAlive() is True: n += 1 else: threads.remove(thread) if n >= max: time.sleep(0.01) else: break except KeyboardInterrupt: break break # wait for threads while 1: try: n = True for thread in threads: if thread.isAlive() is True: n = False time.sleep(0.01) if n is True: break except KeyboardInterrupt: break thread_write = int(open(thread_tmp_filename).read().rsplit()[0]) if thread_write is 1 and verbose_level is not 0: _HOST = messages(language, 53) _USERNAME = messages(language, 54) _PASSWORD = messages(language, 55) _PORT = messages(language, 56) _TYPE = messages(language, 57) _DESCRIPTION = messages(language, 58) save = open(log_in_file, 'a') save.write( json.dumps({ _HOST: target, _USERNAME: '', _PASSWORD: '', _PORT: '', _TYPE: 'port_scan', _DESCRIPTION: messages(language, 94) }) + '\n') save.close() os.remove(thread_tmp_filename) else: warn(messages(language, 69).format('port_scan', target))
def test(target, retries, timeout_sec, user_agent, http_method, socks_proxy, verbose_level, trying, total_req, total, num, language): if verbose_level > 3: info(messages(language, "trying_message").format(trying, total_req, num, total, target_to_host(target), "default_port", 'wp_plugin_scan')) if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy(socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str( socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo n = 0 while 1: try: if http_method == "GET": requests.get(target, timeout=timeout_sec, headers=user_agent) elif http_method == "HEAD": requests.head(target, timeout=timeout_sec, headers=user_agent) return 0 except: n += 1 if n is retries: return 1