def __init_with_url(self): """ Initialize with an URL (when targeting HTTP). This method updates: URL, Hostname, IP, Port :raises TargetException: Exception raised if DNS lookup fails """ self.service.url = WebUtils.add_prefix_http(self.service.url) self.service.url = WebUtils.remove_ending_slash(self.service.url) url = urlparse(self.service.url) if NetUtils.is_valid_ip(url.hostname): self.service.host.ip = url.hostname self.service.host.hostname = url.hostname # updated in smart_check else: self.service.host.ip = NetUtils.dns_lookup(url.hostname) if not self.service.host.ip: raise TargetException('Unable to resolve {}'.format( url.hostname)) self.service.host.hostname = url.hostname if not self.service.port: self.service.port = WebUtils.get_port_from_url(self.service.url) if not NetUtils.is_valid_port(self.service.port): raise TargetException('Invalid port number {}'.format( self.service.port))
def __init_with_url(self): """ """ self.service.url = WebUtils.add_prefix_http(self.service.url) url = urlparse(self.service.url) if NetUtils.is_valid_ip(url.hostname): self.service.host.ip = url.hostname self.service.host.hostname = NetUtils.reverse_dns_lookup(url.hostname) else: self.service.host.ip = NetUtils.dns_lookup(url.hostname) self.service.host.hostname = url.hostname if not self.service.port: self.service.port = WebUtils.get_port_from_url(self.service.url)
def __check_args_attack_single_target(self): """Check arguments for subcommand Attack > Single target options""" target = self.args.target_ip_or_url if not target: return True # Target specified is an URL if target.lower().startswith('http://') or target.lower().startswith( 'https://'): self.args.target_mode = TargetMode.URL if self.args.service and self.args.service.lower() != 'http': logger.warning('URL only supported for HTTP service. ' \ 'Automatically switch to HTTP') elif not self.args.service: logger.info('URL given as target, targeted service is HTTP') self.args.service = 'http' self.args.target_port = WebUtils.get_port_from_url(target) # Target specified is IP[:PORT] or HOSTNAME[:PORT] else: self.args.target_mode = TargetMode.IP # Actually can be either IP or Hostname self.args.target_port = None s = target.split(':') self.args.target_ip_or_url = s[0] # Extract port if len(s) == 2: self.args.target_port = int(s[1]) if not (0 <= self.args.target_port <= 65535): logger.error('Target port is not valid. Must be in the ' \ 'range [0-65535]') return False elif len(s) > 2: logger.error('Incorrect target format. Must be either IP[:PORT] or ' \ 'an URL') return False # Check or define targeted service and port if self.args.service: # Check if service is supported if not self.settings.services.is_service_supported( self.args.service, multi=False): logger.error('Service "{service}" is not supported. ' \ 'Check "info --services".'.format( service=self.args.service.upper())) return False # Try to get default port if it is not specified if not self.args.target_port: self.args.target_port = self.settings.services.get_default_port( self.args.service) if self.args.target_port: logger.info('Default port for service {service} will be used: ' \ '{port}/{proto}'.format( service = self.args.service, port = self.args.target_port, proto = self.settings.services.get_protocol( self.args.service))) else: logger.error('Target port is not specified and no default port' \ ' can be found for the service {service}'.format( service=self.args.service)) return False # Try to get default service for provided port if not specified else: if not self.args.target_port: logger.error( 'Target port and/or service must be specified') return False else: self.args.service = self.settings.services.get_service_from_port( self.args.target_port) if not self.args.service: logger.error('Cannot automatically determine the target ' \ 'service for port {port}/tcp, use --target IP:PORT ' \ 'syntax'.format(port=self.args.target_port)) return False logger.info('Automatic service detection based on target port: ' \ '{service}'.format(service=self.args.service)) return True
def add_url(self, url): matching_service = self.sqlsess.query(Service).join(Host).join(Mission)\ .filter(Mission.name == self.current_mission)\ .filter(Service.url == url).first() if matching_service: logger.warning('URL already present into database') else: # Parse URL: Get IP, hostname, port parsed = urlparse(url) if NetUtils.is_valid_ip(parsed.hostname): ip = parsed.hostname hostname = NetUtils.reverse_dns_lookup(parsed.hostname) else: ip = NetUtils.dns_lookup(parsed.hostname) if not ip: logger.error('Host cannot be resolved') return hostname = parsed.hostname port = WebUtils.get_port_from_url(url) # Check URL, grab headers, html title is_reachable, status, resp_headers = WebUtils.is_url_reachable(url) if is_reachable: comment = WebUtils.grab_html_title(url) if resp_headers: http_headers = '\n'.join("{}: {}".format(key, val) for (key, val) in resp_headers.items()) logger.info('HTTP Headers:') print(http_headers) logger.info('Title: {}'.format(comment)) logger.info( 'Grabbing banner from {ip}:{port} with Nmap...'.format( ip=ip, port=port)) banner = NetUtils.grab_banner_nmap(ip, port) logger.info('Banner: {}'.format(banner or 'None')) os = NetUtils.os_from_nmap_banner(banner) if os: logger.info('Detected Host OS: {}'.format(os)) else: comment = 'Not reachable' banner = http_headers = '' logger.warning('URL seems not to be reachable') # Add service in db (and host if not existing) service = Service(name='http', port=port, protocol=Protocol.TCP, url=url, up=is_reachable, http_headers=http_headers, banner=banner, comment=comment) matching_host = self.sqlsess.query(Host).join(Mission)\ .filter(Mission.name == self.current_mission)\ .filter(Host.ip == ip).first() new_host = Host(ip=ip, hostname=hostname, os=os) if matching_host: matching_host.merge(new_host) self.sqlsess.commit() service.host = matching_host else: mission = self.sqlsess.query(Mission).filter( Mission.name == self.current_mission).first() new_host.mission = mission service.host = new_host self.sqlsess.add(new_host) self.sqlsess.add(service) self.sqlsess.commit() logger.success('Service/URL added')