class Module(ModuleTemplate): name = "HeaderScanner" def __init__(self, db): self.db = db self.Port = PortRepository(db, self.name) def set_options(self): super(Module, self).set_options() self.options.add_argument('-t', '--timeout', help='Connection timeout (default 5)', default="5") self.options.add_argument('-u', '--url', help="URL to get headers") self.options.add_argument('-i', '--import_db', help="Import URLs from the database", action="store_true") self.options.add_argument('-th', '--threads', help="Number of threads to run", default="10") def run(self, args): if args.import_db: svc = self.Port.all(service_name='http') svc += self.Port.all(service_name='https') data = [] for s in svc: urls = ["%s://%s:%s" % (s.service_name, s.ip_address.ip_address, s.port_number)] for d in s.ip_address.domains: urls.append("%s://%s:%s" % (s.service_name, d.domain, s.port_number)) data.append([s.id, urls, args.timeout]) pool = ThreadPool(int(args.threads)) results = pool.map(process_urls, data) print("Adding data to the database") for i, headers in results: created, svc = self.Port.find_or_create(id=i) svc.meta['headers'] = headers svc.update() self.Port.commit()
class Module(ToolTemplate): """ Runs nmap on all web hosts to pull certs and add them to the database """ name = "NmapCertScan" binary_name = "nmap" def __init__(self, db): self.db = db self.Port = PortRepository(db, self.name) def set_options(self): super(Module, self).set_options() self.options.add_argument( "-s", "--rescan", help="Rescan domains that have already been scanned", action="store_true", ) def get_targets(self, args): targets = [] if args.rescan: services = self.Port.all(service_name="https") else: services = self.Port.all(tool=self.name, service_name="https") for s in services: if s.ip_address.in_scope: port = s.port_number targets.append( { "port": port, "target": s.ip_address.ip_address, "service_id": s.id, } ) for d in s.ip_address.domains: targets.append( {"port": port, "target": d.domain, "service_id": s.id} ) if args.output_path[0] == "/": output_path = os.path.join( self.base_config["PROJECT"]["base_path"], args.output_path[1:] ) else: output_path = os.path.join( self.base_config["PROJECT"]["base_path"], args.output_path ) if not os.path.exists(output_path): os.makedirs(output_path) for t in targets: file_path = os.path.join(output_path, "%s_%s-ssl.xml" % (t["target"], port)) t["output"] = file_path # pdb.set_trace() return targets def build_cmd(self, args): cmd = self.binary + " -p {port} --script=ssl-cert -oX {output} {target} " if args.tool_args: cmd += args.tool_args return cmd def process_output(self, cmds): for data in cmds: try: xmldata = xmltodict.parse(open(data["output"]).read()) cert = xmldata["nmaprun"]["host"]["ports"]["port"]["script"]["@output"] if cert: # print("Cert found: {}".format(cert)) svc = self.Port.all(id=data["service_id"])[0] # pdb.set_trace() if not svc.meta.get("sslcert", False): svc.meta["sslcert"] = {} svc.meta["sslcert"][data["target"]] = cert print( "Cert added to {} for {}".format( data["service_id"], data["target"] ) ) svc.save() except Exception as e: display_error("File not valid: {}\nError: {}".format(data["output"], e)) self.Port.commit()
class Module(ToolTemplate): ''' Runs nmap on all web hosts to pull certs and add them to the database ''' name = "NmapCertScan" binary_name = "nmap" def __init__(self, db): self.db = db self.Port = PortRepository(db, self.name) def set_options(self): super(Module, self).set_options() self.options.add_argument( '-s', '--rescan', help="Rescan domains that have already been scanned", action="store_true") def get_targets(self, args): targets = [] if args.rescan: services = self.Port.all(service_name='https') else: services = self.Port.all(tool=self.name, service_name='https') for s in services: if s.ip_address.in_scope: port = s.port_number targets.append({ 'port': port, 'target': s.ip_address.ip_address, 'service_id': s.id }) for d in s.ip_address.domains: targets.append({ 'port': port, 'target': d.domain, 'service_id': s.id }) if args.output_path[0] == "/": output_path = os.path.join( self.base_config['PROJECT']['base_path'], args.output_path[1:]) else: output_path = os.path.join( self.base_config['PROJECT']['base_path'], args.output_path) if not os.path.exists(output_path): os.makedirs(output_path) for t in targets: file_path = os.path.join(output_path, "%s_%s-ssl.xml" % (t['target'], port)) t['output'] = file_path # pdb.set_trace() return targets def build_cmd(self, args): cmd = self.binary + " -p {port} --script=ssl-cert -oX {output} {target} " if args.tool_args: cmd += args.tool_args return cmd def process_output(self, cmds): for data in cmds: try: xmldata = xmltodict.parse(open(data['output']).read()) cert = xmldata['nmaprun']['host']['ports']['port']['script'][ '@output'] if cert: svc = self.Port.all(id=data['service_id'])[0] if not svc.meta.get(self.name, False): svc.meta[self.name] = {} svc.meta[self.name][data['target']] = cert svc.update() except: display_error("File not valid: {}".format(data['output'])) self.Port.commit()
class Module(ModuleTemplate): ''' Runs nmap on all web hosts to pull certs and add them to the database ''' name = "NmapCertScan" def __init__(self, db): self.db = db self.Port = PortRepository(db, self.name) def set_options(self): super(Module, self).set_options() self.options.add_argument('-t', '--threads', help="Number of threads", default="1") self.options.add_argument( '-o', '--output_path', help= "Path which will contain program output (relative to base_path in config", default=self.name) self.options.add_argument( '-s', '--rescan', help="Rescan domains that have already been scanned", action="store_true") def run(self, args): if not args.binary: self.binary = which.run('nmap') else: self.binary = which.run(args.binary) if not self.binary: print( "nmap binary not found. Please explicitly provide path with --binary" ) if args.rescan: services = self.Port.all(service_name='https') else: services = self.Port.all(tool=self.name, service_name='https') self.process_services(services, args) def process_services(self, services, args): if args.output_path[0] == "/": output_path = os.path.join( self.base_config['PROJECT']['base_path'], args.output_path[1:]) else: output_path = os.path.join( self.base_config['PROJECT']['base_path'], args.output_path) if not os.path.exists(output_path): os.makedirs(output_path) cmds = [] for s in services: ip = s.ip_address.ip_address domains = [d.domain for d in s.ip_address.domains] port = s.port_number hosts = [ip] + domains for h in hosts: file_path = os.path.join(output_path, "%s_%s-ssl.xml" % (h, port)) command_args = " -p %s " % port command_args += " --script=ssl-cert -oX %s " % file_path cmds.append(shlex.split(self.binary + command_args + h)) pool = ThreadPool(int(args.threads)) # res = subprocess.Popen(cmd).wait() pool.map(scan_hosts, cmds) for s in services: p = s.ip_address.ip_address domains = [d.domain for d in s.ip_address.domains] port = s.port_number hosts = [ip] + domains data = {} for h in hosts: # pdb.set_trace() print("Processing %s" % file_path) file_path = os.path.join(output_path, "%s_%s-ssl.xml" % (h, port)) try: xmldata = xmltodict.parse(open(file_path).read()) cert = xmldata['nmaprun']['host']['ports']['port'][ 'script']['@output'] if cert: data[h] = cert except: print("File not valid: %s" % file_path) # pdb.set_trace() s.meta['sslcert'] = data s.update() self.Port.commit()
class Module(ModuleTemplate): name = "HeaderScanner" def __init__(self, db): self.db = db self.Port = PortRepository(db, self.name) def set_options(self): super(Module, self).set_options() self.options.add_argument("-t", "--timeout", help="Connection timeout (default 5)", default="5") self.options.add_argument("-u", "--url", help="URL to get headers") self.options.add_argument( "-i", "--import_db", help="Import URLs from the database", action="store_true", ) self.options.add_argument("-th", "--threads", help="Number of threads to run", default="10") self.options.add_argument("--rescan", help="Rescan URLs already processed", action="store_true") def run(self, args): if args.import_db: if args.rescan: svc = self.Port.all(service_name="http") svc += self.Port.all(service_name="https") else: svc = self.Port.all(service_name="http", tool=self.name) svc += self.Port.all(service_name="https", tool=self.name) data = [] for s in svc: if s.ip_address.in_scope: urls = [ "%s://%s:%s" % (s.service_name, s.ip_address.ip_address, s.port_number) ] for d in s.ip_address.domains: urls.append("%s://%s:%s" % (s.service_name, d.domain, s.port_number)) data.append([s.id, urls, args.timeout]) pool = ThreadPool(int(args.threads)) results = pool.map(process_urls, data) display_new("Adding headers to the database") for i, headers, cookies in results: created, svc = self.Port.find_or_create(id=i) svc.meta["headers"] = headers svc.meta["cookies"] = cookies svc.update() self.Port.commit()