def __init__(self,target,threads_sum): self.target = target self.thread_count = self.threads_sum = threads_sum self.found = False self.getPass() self.lock = threading.Lock() self.console_width = getTerminalSize()[0] - 2 # Cal terminal width when starts up
def __init__(self, threads_num, pass_dic, user_dic, target_dic):
# 目标列表 用户名 和密码字典
self.pass_dic = pass_dic
self.user_dic = user_dic
self.target_dic = target_dic
self.pass_list = []
self.user_list = []
self.target_list = []
self.thread_count = self.threads_num = threads_num
self.scan_count = self.found_count = 0
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0]
self.console_width -= 2 # Cal width when starts up
self.outfile = './output.txt'
# self.outfile = open(outfile, 'w') # won't close manually
self.headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
self._generate_queue()
self._read_dicts()
def __init__(self, target, options):
self.target = target.strip()
self.options = options
self.ignore_intranet = options.i
self.thread_count = 0
self.scan_count = self.found_count = 0
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0] - 2
self.msg_queue = Queue.Queue()
self.STOP_ME = False
threading.Thread(target=self._print_msg).start() # print thread
self._load_dns_servers()
self.resolvers = [
dns.resolver.Resolver() for _ in range(self.dns_count)
]
for _ in self.resolvers:
_.lifetime = _.timeout = 5.0
self._load_sub_names()
self._load_next_sub()
if options.output:
outfile = options.output
else:
outfile = target + '.txt' if not options.full_scan else target + '_full.txt'
self.outfile = open(outfile, 'w')
self.ip_dict = {}
self.sub_timeout_count = {}
def __init__(self, target, options):
self.start_time = time.time()
self.target = target.strip()
self.options = options
self.ignore_intranet = options.i
self.scan_count = self.found_count = 0
self.console_width = getTerminalSize()[0] - 2
self.resolvers = [
dns.resolver.Resolver(configure=False)
for _ in range(options.threads)
]
for _ in self.resolvers:
_.lifetime = _.timeout = 10.0
self.print_count = 0
self.STOP_ME = False
self._load_dns_servers()
self._load_next_sub()
self.queue = PriorityQueue()
self.priority = 0
self._load_sub_names()
if options.output:
outfile = options.output
else:
_name = os.path.basename(self.options.file).replace('subnames', '')
if _name != '.txt':
_name = '_' + _name
outfile = target + _name if not options.full_scan else target + '_full' + _name
self.outfile = open(outfile, 'w')
self.ip_dict = {}
self.found_subs = set()
self.ex_resolver = dns.resolver.Resolver(configure=False)
self.ex_resolver.nameservers = self.dns_servers
self.result_lines = []
self.result_domains = []
self.result_ips = []
def __init__(self, target, options):
self.target = target.strip()
self.options = options
self.ignore_intranet = options.i
self.thread_count = self.scan_count = self.found_count = 0
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0] - 2
self.msg_queue = Queue.Queue()
self.STOP_ME = False
threading.Thread(target=self._print_msg).start()
self._load_dns_servers()
self.resolvers = [dns.resolver.Resolver() for _ in range(options.threads)]
for _ in self.resolvers:
_.lifetime = _.timeout = 6.0
self._load_next_sub()
self.queue = Queue.Queue()
threading.Thread(target=self._load_sub_names).start()
while not self.queue.qsize() > 0:
time.sleep(0.1)
if options.output:
outfile = options.output
else:
outfile = target + '.txt' if not options.full_scan else target + '_full.txt'
self.outfile = open(outfile, 'w')
self.ip_dict = {}
self.last_scanned = time.time()
self.ex_resolver = dns.resolver.Resolver()
self.start_time = None
def __init__(self, target, subdomainfile=None):
self.start_time = time.time()
self.target = target.strip()
self.ignore_intranet = config.ignore_intranet
self.scan_count = self.found_count = 0
self.console_width = getTerminalSize()[0] - 2
self.threads = config.threads
self.resolvers = [
dns.resolver.Resolver(configure=False) for _ in range(self.threads)
]
for _ in self.resolvers:
_.lifetime = _.timeout = 10.0
self.print_count = 0
self.STOP_ME = False
try:
self.full_scan = config.full_scan
except:
self.full_scan = False
self.subdomainfile = subdomainfile if subdomainfile != None else config.subnamefile
self.basedir = os.path.dirname(
os.path.dirname(__file__)) #Teemo home dir
self._load_dns_servers()
self._load_next_sub()
self.queue = PriorityQueue()
self.priority = 0
self._load_sub_names()
self.ip_dict = {}
self.found_subs = set()
self.ex_resolver = dns.resolver.Resolver(configure=False)
self.ex_resolver.nameservers = self.dns_servers
self.result_lines = []
self.result_domains = []
self.result_ips = []
def __init__(self, target, options):
self.start_time = time.time()
self.target = target.strip()
self.options = options
self.ignore_intranet = options.i
self.scan_count = self.found_count = 0
self.console_width = getTerminalSize()[0] - 2
self.resolvers = [
dns.resolver.Resolver(configure=False)
for _ in range(options.threads)
]
for _ in self.resolvers:
_.lifetime = _.timeout = 10.0
self.print_count = 0
self.STOP_ME = False
self._load_dns_servers()
self._load_next_sub()
self.queue = PriorityQueue()
self.priority = 0
self._load_sub_names()
if options.taskid:
self.taskid = options.taskid
else:
self.taskid = 0
self.ip_dict = {}
self.found_subs = set()
self.sub_domain = []
self.ex_resolver = dns.resolver.Resolver(configure=False)
self.ex_resolver.nameservers = self.dns_servers
def __init__(self, target, options):
self.target = target.strip()
self.options = options
self.ignore_intranet = options['i']
self.thread_count = self.scan_count = self.found_count = 0
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0] - 2
self.msg_queue = Queue.Queue()
self.STOP_ME = False
threading.Thread(target=self._print_msg).start()
self._load_dns_servers()
self.resolvers = [
dns.resolver.Resolver() for _ in range(options['threads'])
]
for _ in self.resolvers:
_.lifetime = _.timeout = 6.0
self._load_next_sub()
self.queue = Queue.Queue()
t = threading.Thread(target=self._load_sub_names)
t.start()
while not self.queue.qsize() > 0 and t.isAlive():
time.sleep(0.1)
if options['output']:
outfile = options['output']
else:
outfile = target + '.txt' if not options[
'ful_scan'] else target + '_full.txt'
self.outfile = open('./../result/subDomain.txt', 'w')
self.ip_dict = {}
self.last_scanned = time.time()
self.ex_resolver = dns.resolver.Resolver()
self.start_time = None
def __init__(self, target, options):
self.start_time = time.time()
self.target = target.strip()
self.options = options
self.ignore_intranet = options.i
self.scan_count = self.found_count = 0
self.console_width = getTerminalSize()[0] - 2
self.resolvers = [dns.resolver.Resolver(configure=False) for _ in range(options.threads)]
for _ in self.resolvers:
_.lifetime = _.timeout = 10.0
self.print_count = 0
self.STOP_ME = False
self._load_dns_servers()
self._load_next_sub()
self.queue = PriorityQueue()
self.priority = 0
self._load_sub_names()
if options.output:
outfile = options.output
else:
_name = os.path.basename(self.options.file).replace('subnames', '')
if _name != '.txt':
_name = '_' + _name
outfile = target + _name if not options.full_scan else target + '_full' + _name
self.outfile = open(outfile, 'w')
self.ip_dict = {}
self.found_subs = set()
self.ex_resolver = dns.resolver.Resolver(configure=False)
self.ex_resolver.nameservers = self.dns_servers
def __init__(self, target, threads=100, mode=False):
self.start_time = time.time()
self.target = target.strip()
self.threads = threads
self.file = "subnames.txt"
self.full_scan = mode
self.ignore_intranet = False
self.scan_count = self.found_count = 0
self.console_width = getTerminalSize()[0] - 2
self.resolvers = [
dns.resolver.Resolver(configure=False) for _ in range(self.threads)
]
for _ in self.resolvers:
_.lifetime = _.timeout = 10.0
self.print_count = 0
self.basedir = os.path.dirname(os.path.dirname(__file__))
self.STOP_ME = False
self._load_dns_servers()
self._load_next_sub()
self.queue = PriorityQueue()
self.priority = 0
self._load_sub_names()
self.ip_dict = {}
self.found_subs = set()
self.ex_resolver = dns.resolver.Resolver(configure=False)
self.ex_resolver.nameservers = self.dns_servers
self.result_domains = []
self.result_ips = []
def __init__(self, threads_num, pass_dic, user_dic, target_dic):
# 目标列表 用户名 和密码字典
self.pass_dic = pass_dic
self.user_dic = user_dic
self.target_dic = target_dic
self.pass_list = []
self.user_list = []
self.target_list = []
self.thread_count = self.threads_num = threads_num
self.scan_count = self.found_count = 0
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0]
self.console_width -= 2 # Cal width when starts up
self.outfile = './output.txt'
# self.outfile = open(outfile, 'w') # won't close manually
self.headers = {"Content-Type": "application/x-www-form-urlencoded"}
self._generate_queue()
self._read_dicts()
def __init__(self):
init()
self.console_width = getTerminalSize()[0] - 2
self.lock = threading.Lock()
self.STOP_ME = False
parse_args(self)
load_proxy(self)
self.gen_params_queue()
parse_request(self)
def __init__(self):
init()
self.console_width = getTerminalSize()[0] - 2
self.lock = threading.Lock()
self.STOP_ME = False
parse_args(self)
load_proxy(self)
self.gen_params_queue()
parse_request(self)
def __init__(self, target, names_file=rootdir+'./dict/subnames.txt', threads_num=30):
self.target=target
self.names_file = names_file
self.threads_num = threads_num
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0]
self.console_width -= 2 # Cal width when starts up
self.resolvers = [dns.resolver.Resolver() for _ in range(threads_num)]
self.domains = Queue.Queue()
self.ips = set()
def __init__(self, target, names_file, threads_num, output):
self.target = target.strip()
self.names_file = names_file
self.threads_num = threads_num
self.scan_count = 0; self.found_count = 0
self.lock = threading.Lock()
self.console_width, _ = getTerminalSize(); self.console_width -= 2 # Cal width when starts up
self.resolvers = [dns.resolver.Resolver() for i in range(threads_num)]
self._load_dns_servers(); self._load_sub_names(); self._load_next_sub()
outfile = target + '.txt' if not output else output; self.outfile = open(outfile, 'w') # won't close manually
self.ip_dict = {}
def __init__(self, domain, type=None, protocol=None, user=None, userfile=None, password=None, passfile=None,
thread=10):
self.domain, self.user, self.userfile, self.password, self.passfile, self.thread = domain, user, userfile, password, passfile, thread
self.URL = {
"autodiscover":
{"url": "%s://%s/autodiscover" % ("http" if protocol == "http" else "https", domain), "mode": "NTLM"},
"ews":
{"url": "%s://%s/ews" % ("http" if protocol == "http" else "https", domain), "mode": "NTLM"},
"mapi":
{"url": "%s://%s/mapi" % ("http" if protocol == "http" else "https", domain), "mode": "NTLM"},
"activesync":
{"url": "%s://%s/Microsoft-Server-ActiveSync" % ("http" if protocol == "http" else "https", domain),
"mode": "Basic"},
"oab":
{"url": "%s://%s/oab" % ("http" if protocol == "http" else "https", domain), "mode": "NTLM"},
"rpc":
{"url": "%s://%s/rpc" % ("http" if protocol == "http" else "https", domain), "mode": "NTLM"},
"api":
{"url": "%s://%s/api" % ("http" if protocol == "http" else "https", domain), "mode": "NTLM"},
"owa":
{"url": "%s://%s/owa/auth.owa" % ("http" if protocol == "http" else "https", domain), "mode": "HTTP"},
"powershell":
{"url": "%s://%s/powershell" % ("http" if protocol == "http" else "https", domain), "mode": "Kerberos"},
"ecp":
{"url": "%s://%s/owa/auth.owa" % ("http" if protocol == "http" else "https", domain), "mode": "HTTP"}
}
self.HEADERS = {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
"Connection": "close",
"Upgrade-Insecure-Requests": "1",
}
if not user and not userfile:
return
self.ReqInfo = self.URL[type]
self.users = []
# 多线程框架
self.thread_count = 0
self.scan_count = self.found_count = 0
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0] - 2
self.msg_queue = Queue.Queue()
self.STOP_ME = False
threading.Thread(target=self._print_msg).start()
# 导入字段用户
self._load_dict()
# 结果存储
outfile = domain + '.txt'
self.outfile = open(outfile, 'w')
def __init__(self, target, threads_num):
self.target = target.replace("link", "verify").replace("init", "verify").strip()
self.names_file = "./dic.txt"
self.thread_count = self.threads_num = threads_num
self.scan_count = self.found_count = 0
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0]
self.console_width -= 2 # Cal width when starts up
self._load_pass()
# outfile = target + '.txt' if not output else output
# self.outfile = open(outfile, 'w') # won't close manually
self.headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
def __init__(self, target, names_file, threads_num, output):
self.target = target.strip()
self.names_file = names_file
self.thread_count = self.threads_num = threads_num
self.scan_count = self.found_count = 0
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0]
self.console_width -= 2 # Cal width when starts up
self.resolvers = [dns.resolver.Resolver() for _ in range(threads_num)]
self._load_dns_servers()
self._load_sub_names()
self._load_next_sub()
outfile = target + '.txt' if not output else output
self.outfile = open(outfile, 'w') # won't close manually
self.ip_dict = {}
def __init__(self, target, threads_count, regex):
self.target = target.split(',')
self.result_file = result_file
self.data_files = []
self.thread_count = threads_count
self.regex = regex
self.scan_count = self.found_count = 0
self.STOP_ME = False
self.queue = Queue.Queue()
self.start_time = time.time()
self.lock = threading.Lock()
self._load_data_files()
self._gen_task_queue()
self.console_width = getTerminalSize(
)[0] - 2 #Cal terminal width when starts up
def __init__(self, target, names_file, ignore_intranet, threads_num, output):
self.target = target.strip()
self.names_file = names_file
self.ignore_intranet = ignore_intranet
self.thread_count = self.threads_num = threads_num
self.scan_count = self.found_count = 0
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0] - 2 # Cal terminal width when starts up
self.resolvers = [dns.resolver.Resolver() for _ in range(threads_num)]
self._load_dns_servers()
self._load_sub_names()
self._load_next_sub()
outfile = target + '_jiejie.txt' if not output else output
self.outfile = open(outfile, 'w') # won't close manually
self.ip_dict = {}
self.STOP_ME = False
def __init__(self, target, threads_num, dic):
self.target = target.replace("link", "verify").replace("init", "verify").strip()
self.names_file = dic
self.thread_count = self.threads_num = threads_num
self.scan_count = self.found_count = 0
# for stdout writing
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0]
self.console_width -= 2 # Cal width when starts up
# self.queue is first generated here
self._load_keys()
# outfile = target + '.txt' if not output else output
# self.outfile = open(outfile, 'w') # won't close manually
self.headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
print 'Brute initialized'
def __init__(self, output, all_ip, arguments, thread_count):
self.arguments = arguments
self.nm = nmap.PortScanner()
self.thread_count = 30 if thread_count > 30 else thread_count
self.all_ip = all_ip
self.lock = threading.Lock()
self.thread = []
self.r = re.compile(
"^(192\.168|169|172\.[0-3][0-9]|127|10).*") #正则匹配保留地址
self.console_width = getTerminalSize()[0]
self.console_width -= 2 # Cal width when starts up
self.output = open('nmap_' + output + '.txt', 'w')
print('\033[1;33;40m[*]Count of All Thread: ' +
str(self.thread_count) + '\033[0m')
for thread_name in range(self.thread_count): #根据线程数创建线程
self.thread.append(
threading.Thread(target=self._do_Scan, name=str(thread_name)))
def __init__(self, target, names_file, threads_num, output, sid):
self.target = target.strip()
self.names_file = names_file
self.thread_count = self.threads_num = threads_num
self.scan_count = self.found_count = 0
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0]
self.console_width -= 2 # Cal width when starts up
self.resolvers = [dns.resolver.Resolver() for _ in range(threads_num)]
self.queue = Queue.Queue()
self.subs = set()
self.sid = sid
self._get_shadan()
self._get_360()
self._load_dns_servers()
self._load_sub_names()
self._load_next_sub()
outfile = target + '.log' if not output else output
self.outfile = open("output/" + outfile, 'w') # won't close manually
self.ip_dict = {}
def __init__(self, threads_num, module_name, filepath, output):
# 动态加载外部模块
fp, pathname, description = imp.find_module(module_name, ["module"])
self.module_obj = imp.load_module("_", fp, pathname, description)
self.filepath = filepath
self.output = output if output else \
'./output/' \
+ time.strftime('%Y%m%d-%H:%M:%S', time.localtime(time.time())) \
+ module_name \
+ '.txt'
self.thread_count = self.threads_num = threads_num
self.scan_count = self.found_count = 0
self.lock = threading.Lock()
self.console_width = getTerminalSize()[0]
self.console_width -= 2 # Cal width when starts up
self._load_pass()
self.headers = { #TODO
"Content-Type": "application/x-www-form-urlencoded"
}
def __init__(self, target, options):
self.start_time = time.time()
self.target = target.strip()
self.options = options
self.scan_count = self.found_count = 0
self.console_width = getTerminalSize()[0] - 2
# create dns resolver pool ~ workers
self.resolvers = [
dns.resolver.Resolver(configure=False)
for _ in range(options.threads)
]
for resolver in self.resolvers:
resolver.lifetime = resolver.timeout = 10.0
self.print_count = 0
self.STOP_ME = False
# load dns servers and check whether these dns servers works fine ?
self._load_dns_servers()
# load sub names
self.subs = [] # subs in file
self.goodsubs = [] # checks ok for further exploitation
self._load_subname('dict/subnames.txt', self.subs)
# load sub.sub names
self.subsubs = []
self._load_subname('dict/next_sub.txt', self.subsubs)
# results will be save to target.txt
self.outfile = open(target + '.txt', 'a')
self.ip_dict = set() #
self.found_sub = set()
# task queue
self.queue = PriorityQueue()
for sub in self.subs:
self.queue.put(sub)
def __init__(self, target, options):
self.start_time = time.time()
self.target = target.strip()
self.options = options
self.client = MongoClient(connect=False)
self.host_db = self.client['orangescan']['subdomain']['host']
self.ip_db = self.client['orangescan']['subdomain']['ip']
self.ignore_intranet = options.i
self.scan_count = self.found_count = 0
self.console_width = getTerminalSize()[0] - 2
self.resolvers = [dns.resolver.Resolver(configure=False) for _ in range(options.threads)]
for _ in self.resolvers:
_.lifetime = _.timeout = 10.0
self.print_count = 0
self.STOP_ME = False
self._load_dns_servers()
self._load_next_sub()
self.queue = PriorityQueue()
self.priority = 0
self._load_sub_names()
self.ip_dict = {}
self.found_subs = set()
self.ex_resolver = dns.resolver.Resolver(configure=False)
self.ex_resolver.nameservers = self.dns_servers
def save_report(args, _q_results, _file, tasks_processed_count):
is_markdown = args.md
no_browser = args.no_browser
start_time = time.time()
a_template = template['markdown'] if is_markdown else template['html']
t_general = Template(a_template['general'])
t_host = Template(a_template['host'])
t_list_item = Template(a_template['list_item'])
output_file_suffix = a_template['suffix']
report_name = '%s_%s%s' % (os.path.basename(_file).lower().replace(
'.txt', ''), time.strftime('%Y%m%d_%H%M%S',
time.localtime()), output_file_suffix)
html_doc = content = ""
vulnerable_hosts_count = 0
console_width = getTerminalSize()[0] - 2
try:
while not config.stop_me or _q_results.qsize() > 0:
if _q_results.qsize() == 0:
time.sleep(0.1)
continue
while _q_results.qsize() > 0:
item = _q_results.get()
if type(item) is str:
message = '[%s] %s' % (time.strftime(
'%H:%M:%S', time.localtime()), item)
if not args.debug and args.network <= 22 and \
(item.startswith('Scan ') or item.startswith('No ports open')):
sys.stdout.write(message +
(console_width - len(message)) * ' ' +
'\r')
else:
print(message)
continue
host, results = item
vulnerable_hosts_count += 1
# print
for key in results.keys():
for url in results[key]:
print(
' [+]%s %s' %
(' [%s]' % url['status'] if url['status'] else '',
url['url']))
_str = ""
for key in results.keys():
for _ in results[key]:
_str += t_list_item.substitute({
'status':
' [%s]' % _['status'] if _['status'] else '',
'url':
_['url'],
'title':
'[%s]' % _['title'] if _['title'] else '',
'vul_type':
escape(_['vul_type'].replace('_', ' '))
if 'vul_type' in _ else ''
})
_str = t_host.substitute({'host': host, 'list': _str})
content += _str
cost_time = time.time() - start_time
cost_min = int(cost_time / 60)
cost_min = '%s min' % cost_min if cost_min > 0 else ''
cost_seconds = '%.2f' % (cost_time % 60)
html_doc = t_general.substitute({
'tasks_processed_count':
tasks_processed_count.value,
'vulnerable_hosts_count':
vulnerable_hosts_count,
'cost_min':
cost_min,
'cost_seconds':
cost_seconds,
'content':
content
})
with codecs.open('report/%s' % report_name,
'w',
encoding='utf-8') as outFile:
outFile.write(html_doc)
if config.ports_saved_to_file:
print('* Ports data saved to %s' % args.save_ports)
if html_doc:
cost_time = time.time() - start_time
cost_min = int(cost_time / 60)
cost_min = '%s min' % cost_min if cost_min > 0 else ''
cost_seconds = '%.1f' % (cost_time % 60)
html_doc = t_general.substitute({
'tasks_processed_count':
tasks_processed_count.value,
'vulnerable_hosts_count':
vulnerable_hosts_count,
'cost_min':
cost_min,
'cost_seconds':
cost_seconds,
'content':
content
})
with codecs.open('report/%s' % report_name, 'w',
encoding='utf-8') as outFile:
outFile.write(html_doc)
print('\n* %s vulnerable targets on sites in total.' %
vulnerable_hosts_count)
print('* Scan report saved to report/%s' % report_name)
if not no_browser:
webbrowser.open_new_tab(
os.path.abspath('report/%s' % report_name))
else:
print('\n* No vulnerabilities found on sites in %s.' % _file)
except Exception as e:
print('[save_report_thread Exception] %s %s' % (type(e), str(e)))
import traceback
traceback.print_exc()
sys.exit(-1)
class Multi_exp:
scan_count = found_count = 0
conf = ConfigParser.ConfigParser()
lock = threading.Lock()
console_width = getTerminalSize(
)[0] - 2 # Cal terminal width when starts up
target_list = []
scan_queue = Queue.Queue()
start_time = time.time()
STOP_ME = False
if not os.path.exists(FRAMEWORK_LOG_DIR):
os.makedirs(FRAMEWORK_LOG_DIR)
if not os.path.exists(PLUGIN_LOG_DIR):
os.makedirs(PLUGIN_LOG_DIR)
def __init__(self, config_file, target_file, scan_type, scan_threads_count,
show_plugins, exps):
self.scan_threads_count = scan_threads_count
self.config_file = CONFIG_DIR + "/" + config_file
self.scan_type = scan_type
if "|" not in target_file:
self.target_file = TARGET_DIR + "/" + target_file
else:
self.target_file = target_file
self._get_all_plugins()
self.show_plugins = show_plugins
if exps == "NONE":
self.exps = []
elif exps == "ALL":
self.exps = self.plugins
else:
self.exps = intersect(exps.split(','), self.plugins)
if self.show_plugins:
self._println_msg("The available plugins are listed here:",
align='left')
for plug in self.plugins:
self._println_msg("[*]" + plug, align='left')
sys.exit(0)
self._load_config_file()
self._load_target_file()
def _load_config_file(self):
self.conf.read(self.config_file)
try:
self.general_pass = self.conf.get("general",
"password").strip().split(',')
except:
self.general_pass = []
try:
self.pass_file = self.conf.get("general",
"pass_file").strip().split(",")
except:
self.pass_file = []
def _load_target_file(self):
if '|' in self.target_file:
#username|password
self.target_list.append(self.target_file.split('|'))
return
f_in = open(self.target_file)
iter_f = iter(f_in)
for line in iter_f:
#username|password or username
line = line.strip()
self.target_list.append(line.split('|'))
print "Load target finish."
def _update_scan_count(self):
self.lock.acquire()
self.scan_count += 1
self.lock.release()
def _update_find_count(self):
self.lock.acquire()
self.found_count += 1
self.lock.release()
def _set_found_count(self, count):
self.lock.acquire()
self.found_count = count
self.lock.release()
def _print_progress(self):
msg = '%s found | %s remaining | %s scanned in %.2f seconds' % (
self.found_count, self.scan_queue.qsize(), self.scan_count,
time.time() - self.start_time)
self._print_msg(msg)
def _print_progress_daemo(self):
while True:
if self.scan_queue.qsize() == 0:
break
self._print_progress()
time.sleep(1)
def _print_msg(self, msg):
self.lock.acquire()
try:
sys.stdout.write('\r' + ' ' * (self.console_width - len(msg)) +
msg)
sys.stdout.flush()
except Exception, e:
pass
self.lock.release()
# common functions
import sys
import os
from gevent.pool import Pool
import dns.resolver
from lib.consle_width import getTerminalSize
console_width = getTerminalSize()[0] - 2
def is_intranet(ip):
ret = ip.split('.')
if len(ret) != 4:
return True
if ret[0] == '10':
return True
if ret[0] == '172' and 16 <= int(ret[1]) <= 32:
return True
if ret[0] == '192' and ret[1] == '168':
return True
return False
def print_msg(msg=None, left_align=True, line_feed=False):
if left_align:
sys.stdout.write('\r' + msg + ' ' * (console_width - len(msg)))
else: # right align
sys.stdout.write('\r' + ' ' * (console_width - len(msg)) + msg)
if line_feed:
sys.stdout.write('\n')
# common functions
import sys
import os
from gevent.pool import Pool
import dns.resolver
from lib.consle_width import getTerminalSize
console_width = getTerminalSize()[0] - 2
def is_intranet(ip):
ret = ip.split('.')
if len(ret) != 4:
return True
if ret[0] == '10':
return True
if ret[0] == '172' and 16 <= int(ret[1]) <= 32:
return True
if ret[0] == '192' and ret[1] == '168':
return True
return False
def print_msg(msg=None, left_align=True, line_feed=False):
if left_align:
sys.stdout.write('\r' + msg + ' ' * (console_width - len(msg)))
else: # right align
sys.stdout.write('\r' + ' ' * (console_width - len(msg)) + msg)
if line_feed:
sys.stdout.write('\n')
