def getUserOptions():
global URL, MODE, r_options, DEF_WORDLIST
# Default operation modes:
# --brute: brute force
# --sqli: sql injection bypass login (TODO)
# --httpauth: http basic authentication
DEF_R_MODE = ("--brute", "--sqli", "--httpauth")
# Default running mode:
# --verbose: display informations
# --report: create task report
# --proxy: Running using proxy
# Default options:
# -u: Read userlist from file
# -p: Read passlit from file
# -U: Read username / userlist directly from argument
# -t: Number of threads using
# -k: Set key for false condition (for special cases)
# Default wordlist: default, router, unix, tomcat, cctv, mirai, http
options = {
"-u": "default",
"-p": "default",
"-t": 16,
"-k": None,
"-U": None,
}
GETPROXY = False
########### STARTING ##################
if len(sys.argv) == 1:
utils.print_help()
sys.exit(0)
idx = 1
while idx < len(sys.argv):
if sys.argv[idx] in ("-h", "--help", "help"):
utils.print_help()
sys.exit(0)
else:
if sys.argv[idx][:2] == "--":
if sys.argv[idx] in r_options.keys():
# --verbose", "--report", "--proxy"
r_options[sys.argv[idx]] = True
elif sys.argv[idx] in DEF_R_MODE:
# "--brute", "--sqli", "--httpauth"
MODE = sys.argv[idx]
elif sys.argv[idx] == "--list":
# Wordlist provided
if sys.argv[idx + 1] in DEF_WORDLIST:
options["-u"], options["-p"], idx = sys.argv[
idx + 1], sys.argv[idx + 1], idx + 1
else:
utils.die("Error while parsing arguments",
"Invalid wordlist %s" % (sys.argv[idx + 1]))
elif sys.argv[idx] == "--getproxy":
GETPROXY = True
else:
utils.die("Error while parsing arguments",
"Invalid option %s" % (sys.argv[idx]))
elif sys.argv[idx][:1] == "-":
if sys.argv[idx] in options.keys():
# "-u", "-U", "-p", "-t", "-k"
options[sys.argv[idx]], idx = sys.argv[idx + 1], idx + 1
else:
utils.die("Error while parsing arguments",
"Invalid option %s" % (sys.argv[idx]))
else:
URL = sys.argv[idx]
idx += 1
URL = checkURL(URL)
if GETPROXY:
# TODO Auto brute using proxy after get new proxy
# TODO New help banner
from extras import getproxy
try:
threads = int(options["-t"])
except Exception as err:
utils.die("GetProxy: Error while parsing arguments", err)
getproxy.main(URL, threads, r_options["--verbose"])
# GET NEW PROXY LIST ONLY
if not URL:
sys.exit(0)
# else: CHECK PROXY TO TARGET DONE, AUTO ATTACK?
# r_options["--proxy"] == True
if not URL:
utils.die("Error while parsing arguments", "Invalid URL")
utils.printf(utils.start_banner(URL, options, MODE, r_options), "good")
options, r_options = checkOption(options, r_options)
return URL, options, MODE, r_options
"bad")
if not options.target:
die("[x] URL error", "An URL is required")
else:
# Fix SSL errors https://stackoverflow.com/a/35960702
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context
printf(start_banner(options))
results = []
set_break = False
for idu, url in enumerate(options.target):
if set_break:
break
if url:
# Clean other URL options (Fix URL_panel and URL login bug)
options.login_url = None
options.panel_url = None
options.url = verify_url(url)
if "--getproxy" in options.extras:
printf(
"[+] Check connection via proxy to %s! Be patient!"
% (options.url))