def runDirectoryBruteScan(self):
if self.toolToRun == "dirb":
# dirb is compiled from source, won't be in the PATH
# Also defaulting to HTTPS URL here
logger.info("[+] Running dirb scan...")
if "URL" in self.tasktarget.getType():
cmd = (
"/app/vendor/dirb222/dirb " + self.tasktarget.targetname +
"/ /app/vendor/dirb222/wordlists/common.txt -o /app/results/"
+ self.tasktarget.targetdomain +
"/https_dirb_common.txt -f -w -S -r")
else:
cmd = (
"/app/vendor/dirb222/dirb https://" +
self.tasktarget.targetdomain +
"/ /app/vendor/dirb222/wordlists/common.txt -o /app/results/"
+ self.tasktarget.targetdomain +
"/https_dirb_common.txt -f -w -S -r")
dirbscan_cmd = utils.sanitise_shell_command(cmd)
p = subprocess.Popen(dirbscan_cmd,
stdout=subprocess.PIPE,
shell=True)
try:
# Give it 15min
self.wait_process_timeout(p, 900)
except RuntimeError:
p.kill()
logger.warning("[!] dirb timed out, process killed")
return False
return p
elif self.toolToRun == "gobuster":
logger.info("[+] Running gobuster scan...")
if "URL" in self.tasktarget.getType():
cmd = (
"go run /app/vendor/gobuster-master/main.go " +
self.tasktarget.targetname +
" -w /app/vendor/dirb222/wordlists/common.txt -v -l -o /app/results/"
+ self.tasktarget.targetdomain + "/gobuster_common.txt")
else:
cmd = (
"go run /app/vendor/gobuster-master/main.go https://" +
self.tasktarget.targetdomain +
" -w /app/vendor/dirb222/wordlists/common.txt -v -l -o /app/results/"
+ self.tasktarget.targetdomain + "/gobuster_common.txt")
gobuster_cmd = utils.sanitise_shell_command(cmd)
p = subprocess.Popen(gobuster_cmd,
stdout=subprocess.PIPE,
shell=True)
p.wait()
return p
def runTLSObsScan(self):
if find_executable("tlsobs"):
# Found in path, run the command
logger.info("[+] Running TLS Observatory scan...")
cmd = ("tlsobs -r -raw " + self.tasktarget.targetname +
" > /app/results/" + self.tasktarget.targetdomain +
"/tlsobs_scan.txt")
tlsobs_cmd = utils.sanitise_shell_command(cmd)
p = subprocess.Popen(tlsobs_cmd,
stdout=subprocess.PIPE,
shell=True)
p.wait()
return p
else:
logger.error("[-] TLS Observatory not found in Docker image!")
return False
def runSSHScan(self):
if find_executable("ssh_scan"):
# Found in path, run the command
logger.info("[+] Running ssh_scan...")
cmd = ("ssh_scan -t " + self.tasktarget.targetdomain + " -p " +
str(self.ssh_port) + " -o /app/results/" +
self.tasktarget.targetdomain + "/ssh_scan.txt")
sshscan_cmd = utils.sanitise_shell_command(cmd)
p = subprocess.Popen(sshscan_cmd,
stdout=subprocess.PIPE,
shell=True)
p.wait()
return p
else:
logger.error("[-] ssh_scan not found in Docker image!")
return False
def runHttpObsScan(self):
if "IPv4" in self.tasktarget.type:
# HTTP Obs only accepts FQDN
return False
if find_executable("observatory"):
# Found in path, run the command
logger.info("[+] Running HTTP Observatory scan...")
cmd = ("observatory --format=report -z --rescan " +
self.tasktarget.targetdomain + " > /app/results/" +
self.tasktarget.targetdomain + "/httpobs_scan.txt")
observatory_cmd = utils.sanitise_shell_command(cmd)
p = subprocess.Popen(observatory_cmd,
stdout=subprocess.PIPE,
shell=True)
p.wait()
return p
else:
logger.error("[-] HTTP Observatory not found in Docker image!")
return False
