def check_status(path_to_wordlist=False): if path_to_wordlist: local_wlist = path_to_wordlist else: local_wlist = internal_wlist if utilipy.isfile(local_wlist): # local wordlist wlist = utilipy.loadfile_wordlist(local_wlist) location = 'local' else: # remote wordlist print font.color( 'red' ) + '\nwarning: wordlist not found ' + local_wlist + font.color('end') res = raw_input( '\npress [c] to download remote wordlist or [enter] to exit: ') if res != 'c': exit() wlist = utilipy.downloadfile(remote_wlist) if wlist: wlist = wlist.split('\n') location = 'remote' if wlist and location: return location, filter(None, wlist) else: exit('Local wordlist not found\n' + local_wlist + '\n\nRemote wordlist not found or connection error\n' + remote_wlist)
def get(target, verbose, test): text = '' result = subscan.start(target) if result: (alias, host) = result[0], result[1] else: return # Detect alias for item in alias: found.append([target, item[1], item[0], 'alias']) text += font.color('yellow') + str(item[1]).ljust(18) + str( item[0]) + font.color('end') + '\n' # Test wildcard to detect host if verbose and not test: for item in host: found.append([target, item[1], item[0], 'host']) text += str(item[1]).ljust(18) + str(item[0]) + '\n' # Test subdomain to detect host if not verbose and not test: for item in host: found.append([target, item[1], item[0], 'host']) text += str(item[1]) + '\t' + str(item[0]) + '\n' # Test root domain to detect host if test: for item in host: found.append([target, item[1], item[0], 'host']) text += str(item[1]) + '\t' + str(item[0]) + '\n' return text.rstrip()
def start_scan_zt(domain): text = font.color( 'bold') + 'Getting zone transfer for ' + domain + font.color( 'end') + '\n\n' text += 'Ip Address'.ljust(18) + 'Domain Name\n' text += '----------'.ljust(18) + '-----------' return text
def show_resolved(domain, resolve): # if [knockpy domain.com] -> resolve is False # resolve is True only if use -r option # return alias and host test_host = subscan.start(domain) # HOST NOT FOUND for: # [knockpy domain.com] or [knockpy -r domain.com] if not test_host: print font.color('red') + '\n: unknown ' + domain + font.color('end') # if [knockpy -r domain.com] # bye bye if resolve: exit() # if [knockpy domain.com] # prepare query [c] -> continue, [enter] -> exit query = 'press '+font.color('bold')+'[c]'\ +font.color('end')+' to continue to scan or '\ +font.color('bold')+'[enter]'+font.color('end')\ +' to exit: ' # prompt res = raw_input(query) if res != 'c': exit() # set values host_not_found = True # I don't test wildcard, so: wildcard_detected = False return # HOST NOT FOUND for: # [knockpy domain.com] or [knockpy -r domain.com] # get alias and host list (alias, host) = test_host[0], test_host[1] output = '' # if alias exist if alias: for name in alias: (ipaddr, aliasn) = str(name[1]), str(name[0]) output += font.color('yellow') + ipaddr.ljust( 18) + aliasn + '\n' + font.color('end') # host always exists len_host = len(host) for i in xrange(0, len_host): # get hostname by ip (ipaddr, hostname) = host[i][1], host[i][0] if ipaddr == hostname: hostname = subscan.hostbyip(domain) output += ipaddr.ljust(18) + hostname + '\n' print output
def cogito(found, targetlist): # print found # enable for debug ipaddr = [] subdomain = [] subdomain_in_wlist = [] subdomain_for_ip = [] len_found = len(found) # ip address discovered for i in xrange(0, len_found): ipaddr.append(found[i][1]) uniq_ipaddr = set(ipaddr) # subdomain discovered for i in xrange(0, len_found): subdomain.append(found[i][2]) uniq_subdomain = set(subdomain) # subdomain in wordlist for subdomain in uniq_subdomain: if subdomain in targetlist: subdomain_in_wlist.append(subdomain) uniq_wlist = set(subdomain_in_wlist) report = '\nFound '+font.color('bold')+str(len(uniq_subdomain))\ +font.color('end')+' subdomain(s) in '+font.color('bold')+str(len(uniq_ipaddr))+font.color('end')+' host(s).\n'\ +font.color('bold')+str(len(uniq_wlist))+font.color('end')+'/'+font.color('bold')+str(len(uniq_subdomain))+font.color('end')\ +' subdomain(s) are in wordlist.' return report
def show_wildcard(domain): # host_not_found is False by default # or set to True by show_resolved(domain, resolve) if host_not_found: return # test wildcard global wildcard_detected wildcard_detected = False wildcard_test = wildcard.test(domain) if wildcard_test[0]: wildcard_detected = True # set a new value for code # from random subdomain response headers global wcode wcode = str(wildcard_test[0][0]) print font.color( 'red') + '\n: wildcard detected: ' + wcode + font.color('end')
def stats_summary(): return font.color('bold')+'\nSummary\n'+font.color('end')
def target(domain): text = font.color('bold')+'Target information '+domain+font.color('end')+'\n\n' text += 'Ip Address'.ljust(18) + 'Target Name\n' text += '----------'.ljust(18) + '-----------' return text
def start_scan(domain): text = font.color('bold') + 'Getting subdomain for ' + domain + font.color('end') + '\n\n' text += 'Ip Address'.ljust(18) + 'Domain Name'.ljust(21) +'Count\n' text += '----------'.ljust(18) + '-----------'.ljust(21) +'-----' return text
def status_wordlist(location, wlist): return font.color('ciano')+'\nLoaded '+font.color('bold')+location+font.color('end')\ +font.color('ciano')+' wordlist with '+font.color('bold')+str(len(wlist))+font.color('end')\ +font.color('ciano')+' item(s)\n'+font.color('end')