def runDirectoryBruteScan(self): if self.toolToRun == "dirb": # dirb is compiled from source, won't be in the PATH # Also defaulting to HTTPS URL here logger.info("[+] Running dirb scan...") if "URL" in self.tasktarget.getType(): cmd = ( "/app/vendor/dirb222/dirb " + self.tasktarget.targetname + "/ /app/vendor/dirb222/wordlists/common.txt -o /app/results/" + self.tasktarget.targetdomain + "/https_dirb_common.txt -f -w -S -r") else: cmd = ( "/app/vendor/dirb222/dirb https://" + self.tasktarget.targetdomain + "/ /app/vendor/dirb222/wordlists/common.txt -o /app/results/" + self.tasktarget.targetdomain + "/https_dirb_common.txt -f -w -S -r") dirbscan_cmd = utils.sanitise_shell_command(cmd) p = subprocess.Popen(dirbscan_cmd, stdout=subprocess.PIPE, shell=True) try: # Give it 15min self.wait_process_timeout(p, 900) except RuntimeError: p.kill() logger.warning("[!] dirb timed out, process killed") return False return p elif self.toolToRun == "gobuster": logger.info("[+] Running gobuster scan...") if "URL" in self.tasktarget.getType(): cmd = ( "go run /app/vendor/gobuster-master/main.go " + self.tasktarget.targetname + " -w /app/vendor/dirb222/wordlists/common.txt -v -l -o /app/results/" + self.tasktarget.targetdomain + "/gobuster_common.txt") else: cmd = ( "go run /app/vendor/gobuster-master/main.go https://" + self.tasktarget.targetdomain + " -w /app/vendor/dirb222/wordlists/common.txt -v -l -o /app/results/" + self.tasktarget.targetdomain + "/gobuster_common.txt") gobuster_cmd = utils.sanitise_shell_command(cmd) p = subprocess.Popen(gobuster_cmd, stdout=subprocess.PIPE, shell=True) p.wait() return p
def runTLSObsScan(self): if find_executable("tlsobs"): # Found in path, run the command logger.info("[+] Running TLS Observatory scan...") cmd = ("tlsobs -r -raw " + self.tasktarget.targetname + " > /app/results/" + self.tasktarget.targetdomain + "/tlsobs_scan.txt") tlsobs_cmd = utils.sanitise_shell_command(cmd) p = subprocess.Popen(tlsobs_cmd, stdout=subprocess.PIPE, shell=True) p.wait() return p else: logger.error("[-] TLS Observatory not found in Docker image!") return False
def runSSHScan(self): if find_executable("ssh_scan"): # Found in path, run the command logger.info("[+] Running ssh_scan...") cmd = ("ssh_scan -t " + self.tasktarget.targetdomain + " -p " + str(self.ssh_port) + " -o /app/results/" + self.tasktarget.targetdomain + "/ssh_scan.txt") sshscan_cmd = utils.sanitise_shell_command(cmd) p = subprocess.Popen(sshscan_cmd, stdout=subprocess.PIPE, shell=True) p.wait() return p else: logger.error("[-] ssh_scan not found in Docker image!") return False
def runHttpObsScan(self): if "IPv4" in self.tasktarget.type: # HTTP Obs only accepts FQDN return False if find_executable("observatory"): # Found in path, run the command logger.info("[+] Running HTTP Observatory scan...") cmd = ("observatory --format=report -z --rescan " + self.tasktarget.targetdomain + " > /app/results/" + self.tasktarget.targetdomain + "/httpobs_scan.txt") observatory_cmd = utils.sanitise_shell_command(cmd) p = subprocess.Popen(observatory_cmd, stdout=subprocess.PIPE, shell=True) p.wait() return p else: logger.error("[-] HTTP Observatory not found in Docker image!") return False