def netcat(domain, ns, count):
A = DNSLookup(domain, ns)
ip = socket.gethostbyname(str(ns)) if count is 0 else str(A)
if not A:
print(que + 'Using DIG to get the real IP')
print(' ' + bad + 'IP not found using DNS Lookup')
url = 'http://' + domain
try:
page = requests.get(url, timeout=config['http_timeout_seconds'])
http = 'http://' if 'http://' in page.url else 'https://'
hncat = page.url.replace(http, '').split('/')[0]
home = page.url.replace(http, '').split(hncat)[1]
print(que + 'Connecting %s using as Host Header: %s' % (ip, domain))
data = requests.get('http://' + ip + home,
headers={'host': hncat},
timeout=config['http_timeout_seconds'],
allow_redirects=False)
count = +1
if data.status_code in [301, 302]:
print(" " + info +
"Connection redirect to: %s" % data.headers['Location'])
question = input(" " + info + 'Do yo want to redirect? y/n: '
) if sys.version_info[0] == 3 else raw_input(
" " + info +
'Do yo want to redirect? y/n: ')
try:
data = requests.get('http://' + ip + home,
headers={'host': hncat},
timeout=config['http_timeout_seconds'],
allow_redirects=True)
except requests.exceptions.ConnectionError:
if question in ['y', 'yes', 'ye']:
print(" " + bad + 'Error while connecting to: %s' %
data.headers['Location'])
if data.status_code == 200:
count = +1
sim = similarity(data.text, page.text)
if sim > config['response_similarity_threshold']:
print(" " + good + 'The connect has %d%% similarity to: %s' %
(round(100 * sim, 2), url))
print(" " + good + '%s is the real IP' % ip)
try:
quest(question='\n' + info +
'IP found. Do yo want to stop tests? y/n: ',
doY='sys.exit()',
doN="pass")
except KeyboardInterrupt:
sys.exit()
else:
print(" " + bad + 'The connect has %d%% similarity to: %s' %
(round(100 * sim, 2), url))
print(" " + bad + "%s is not the IP" % ip)
except requests.exceptions.SSLError:
print(" " + bad + 'Error handshaking with SSL')
except requests.exceptions.ReadTimeout:
print(" " + bad + "Connection Timeout to: %s" % ip)
except requests.ConnectTimeout:
print(" " + bad + "Connection Timeout to: %s" % ip)
except requests.exceptions.ConnectionError:
print(" " + bad + "Connection Timeout to: %s" % ip)
def scan(domain, host, userAgent, randomAgent, header):
headers = dict(x.replace(' ', '').split(':')
for x in header.split(',')) if header != None else {}
headers.update({
'User-agent':
random.choice(
open("data/txt/random_agents.txt").readlines()).rstrip("\n")
}) if randomAgent == True else ''
headers.update({'User-agent': userAgent}) if userAgent != None else ''
try:
print("\n" + Y + "Attempting to track real IP using: %s\n" % host)
print(que + "Checking if {0} is similar to {1}".format(host, domain))
get_domain = requests.get('http://' + domain,
headers=headers,
timeout=config['http_timeout_seconds'])
get_host = requests.get('http://' + host,
headers=headers,
timeout=config['http_timeout_seconds'])
page_similarity = similarity(get_domain.text, get_host.text)
if page_similarity > config['response_similarity_threshold']:
print(tab + good +
'HTML content is %d%% structurally similar to: %s' %
(round(100 * page_similarity, 2), domain))
else:
print(
tab + bad +
'Sorry, but HTML content is %d%% structurally similar to: %s' %
(round(100 * page_similarity, 2), domain))
except Exception:
print(tab + bad + 'Connection cannot be established with: %s' % (host))
def IPscan(domain, ns, A):
url = 'http://' + domain
if A != None:
try:
print(que + 'Using DIG to get the real IP')
print(" " + good + 'Possible IP: %s' % str(A))
print(que + 'Retrieving target homepage at: %s' % url)
try:
org_response = requests.get(
url, timeout=config['http_timeout_seconds'])
except requests.exceptions.Timeout:
sys.stderr.write(" " + bad +
"%s timed out after %d seconds\n" %
(url, config['http_timeout_seconds']))
except requests.exceptions.RequestException:
sys.stderr.write(" " + bad + "Failed to retrieve %s\n" % url)
if org_response.status_code != 200:
print(' ' + bad +
'Responded with an unexpected HTTP status code')
if org_response.url != url:
print(' ' + good + '%s redirects to %s' %
(url, org_response.url))
print(" " + good +
"Request redirected successful to %s" % org_response.url)
try:
sec_response = requests.get(
'http://' + str(A), timeout=config['http_timeout_seconds'])
if sec_response.status_code != 200:
print(' ' + bad +
'Responded with an unexpected HTTP status code')
else:
page_similarity = similarity(sec_response.text,
org_response.text)
if page_similarity > config[
'response_similarity_threshold']:
print(
que +
'Testing if source body is the same in both websites'
)
print(
' ' + good +
' HTML content is %d%% structurally similar to: %s'
% (round(100 * page_similarity, 2),
org_response.url))
except Exception:
print(" " + bad + "Connection Timeout")
netcat(domain, ns, count=+1)
return org_response
except requests.exceptions.SSLError:
print(" " + bad + 'Error handshaking with SSL')
except requests.exceptions.ReadTimeout:
print(" " + bad + "Connection Timeout")
except requests.ConnectTimeout:
print(" " + bad + "Connection Timeout")
def Checking_IP(domain):
A = Checking_DNS(ns, dns)
print(' ' + good + 'Possible IP:', A)
url = 'http://' + domain
print(que + ' Retrieving target homepage at: %s' % url)
try:
org_response = requests.get(url,
timeout=config['http_timeout_seconds'])
except requests.exceptions.Timeout:
sys.stderr.write(" " + bad + "%s timed out after %d seconds.\n" %
(url, config['http_timeout_seconds']))
exit(1)
except requests.exceptions.RequestException as e:
sys.stderr.write(" " + bad + "Failed to retrieve %s.\n" % url)
exit(1)
if org_response.status_code != 200:
print(' ' + bad +
' %s responded with an unexpected HTTP status code %d' %
(url, org_response.status_code))
exit(1)
if org_response.url != url:
print(' ' + good + '%s redirects to %s.' % (url, org_response.url))
print(" " + good +
"Request redirected successful to %s." % org_response.url)
print(que + 'Testing if body content is the same in both websites.')
sec_response = requests.get('http://' + str(A),
timeout=config['http_timeout_seconds'])
if sec_response.status_code != 200:
print(' ' + good +
'%s responded with an unexpected HTTP status code %d' %
(url, org_response.status_code))
exit(1)
if sec_response.text == org_response.text:
print((str(A), 'HTML content identical to %s' % domain))
page_similarity = similarity(sec_response.text, org_response.text)
if page_similarity > config['response_similarity_threshold']:
print(' ' + good +
' HTML content is %d%% structurally similar to: %s' %
(round(100 * page_similarity, 2), org_response.url))
return org_response
def scan(domain, ns):
try:
print("\n" + yellow + "Tracking IP (Auto DIG)...\n")
print(que + "Checking if {0} is similar to {1}".format(ns, domain))
test1 = requests.get('http://' + domain,
timeout=config['http_timeout_seconds'])
test2 = requests.get('http://' + ns,
timeout=config['http_timeout_seconds'])
page_similarity2 = similarity(test1.text, test2.text)
if page_similarity2 > config['response_similarity_threshold']:
print(' ' + good +
'HTML content is %d%% structurally similar to: %s' %
(round(100 * page_similarity2, 2), domain))
else:
print(
' ' + bad +
'Sorry, but HTML content is %d%% structurally similar to: %s' %
(round(100 * page_similarity2, 2), domain))
except Exception:
print(' ' + bad + 'Connection cannot be established with: %s' % (ns))
def IPscan(domain, ns, A, userAgent, randomAgent, header, args):
url = 'http://' + domain
headers = dict(x.replace(' ', '').split(':') for x in header.split(',')) if header != None else {}
headers.update({'User-agent': random.choice(open("data/txt/random_agents.txt").readlines()).rstrip("\n"),}) if randomAgent == True else ''
headers.update({'User-agent': userAgent}) if userAgent != None else ''
if A != None:
try:
print (que + 'Using DIG to get the real IP')
print (tab + good + 'Possible IP: %s' % str(A))
print(que + 'Retrieving target homepage at: %s' % url)
org_response = requests.get(url, headers=headers, timeout=config['http_timeout_seconds'])
if org_response.status_code != 200:
print (tab + bad + 'Responded with an unexpected HTTP status code')
if org_response.url != url:
print (tab + good + '%s Redirects to %s' % (url, org_response.url))
try:
sec_response = requests.get('http://' + str(A), headers=headers, timeout=config['http_timeout_seconds'])
if sec_response.status_code != 200:
print (tab + bad + 'Responded with an unexpected HTTP status code')
else:
page_similarity = similarity(sec_response.text, org_response.text)
if page_similarity > config['response_similarity_threshold']:
print (que + 'Testing if source body is the same in both websites')
print (tab + good + ' HTML content is %d%% structurally similar to: %s' % (round(100 *page_similarity, 2), org_response.url))
except Exception:
print(tab + bad +"Connection Timeout")
netcat(domain, ns, args.ignoreRedirects,userAgent, randomAgent, args.headers, count=+1)
return org_response
except requests.exceptions.SSLError:
print(tab + bad +'Error handshaking with SSL')
except requests.exceptions.ReadTimeout:
print(tab + bad +"Connection Timeout")
except requests.ConnectTimeout:
print(tab + bad +"Connection Timeout")
except requests.exceptions.Timeout:
print(tab + bad + "%s timed out after %d seconds" % (url, config['http_timeout_seconds']))
except requests.exceptions.RequestException:
print(tab + bad + "Failed to retrieve: %s" % url)
def first_scan():
try:
print("\n" + yellow + "Tracking IP (Auto DIG)...\n")
print(que + "Checking if {0} is similar to {1}".format(ns, domain))
test1 = requests.get('http://' + domain,
timeout=config['http_timeout_seconds'])
test2 = requests.get('http://' + ns,
timeout=config['http_timeout_seconds'])
page_similarity2 = similarity(test1.text, test2.text)
if page_similarity2 > config['response_similarity_threshold']:
print(' ' + good
) + 'HTML content is %d%% structurally similar to: %s' % (
round(100 * page_similarity2, 2), domain)
else:
print(
' ' + bad +
'Sorry, but HTML content is %d%% structurally similar to %s' %
(round(100 * page_similarity2, 2), domain))
except requests.exceptions.Timeout:
sys.stderr.write(
" " + bad +
"Connection cannot be established. Try another method\n")
exit(1)
def netcat(domain, host, ignoreRedir, userAgent, randomAgent, header, count):
headers = dict(x.replace(' ', '').split(':')
for x in header.split(',')) if header != None else {}
headers.update({
'User-agent':
random.choice(
open("data/txt/random_agents.txt").readlines()).rstrip("\n"),
}) if randomAgent == True else ''
headers.update({'User-agent': userAgent}) if userAgent != None else ''
A = DNSLookup(domain, host)
ip = socket.gethostbyname(str(host)) if count == 0 else str(A)
if not A:
print(que + 'Using DIG to get the real IP')
print(' ' + bad + 'IP not found using DNS Lookup')
url = 'http://' + domain
try:
isCloud = ISPCheck(ip)
if isCloud != None:
print(tab + info + ip + isCloud + '. Closing connection.')
else:
page = requests.get(url, timeout=config['http_timeout_seconds'])
http = 'http://' if 'http://' in page.url else 'https://'
hncat = page.url.replace(http, '').split('/')[0]
headers.update(host=hncat)
home = page.url.replace(http, '').split(hncat)[1]
print(que + 'Connecting %s using as Host Header: %s' %
(ip, domain))
data = requests.get('http://' + ip + home,
headers=headers,
timeout=config['http_timeout_seconds'],
allow_redirects=False)
count = +1
if data.status_code in [301, 302]:
print(tab + info +
"Connection Rirect to: %s" % data.headers['Location'])
question = ignoreRedir if ignoreRedir != True else input(
tab + info +
'Do yo want to redirect? y/n: ') if PYVERSION.startswith(
'3') else raw_input(tab + info +
'Do yo want to redirect? y/n: ')
redir = True if question in [
'y', 'yes', 'ye'
] else ignoreRedir if ignoreRedir != True else False
try:
data = requests.get('http://' + ip + home,
headers=headers,
timeout=config['http_timeout_seconds'],
allow_redirects=redir)
except:
if question in ['y', 'yes', 'ye']:
print(tab + bad + 'Error while connecting to: %s' %
data.headers['Location'])
if data.status_code == 200:
count = +1
sim = similarity(data.text, page.text)
if sim > config['response_similarity_threshold']:
print(tab + good +
'The connect has %d%% similarity to: %s' %
(round(100 * sim, 2), url))
print(tab + good + '%s is the real IP' % ip)
try:
quest(question='\n' + info +
'IP found. Do yo want to stop tests? y/n: ',
doY='sys.exit()',
doN="pass")
except KeyboardInterrupt:
sys.exit()
else:
print(tab + bad +
'The connect has %d%% similarity to: %s' %
(round(100 * sim, 2), url))
print(tab + bad + "%s is not the IP" % ip)
else:
print(tab + bad +
'Unexpected status code occurred: %s' % data.status_code)
except requests.exceptions.SSLError:
print(tab + bad + 'Error handshaking with SSL')
except requests.exceptions.ReadTimeout:
print(tab + bad + "Connection ReadTimeout to: %s" % ip)
except requests.ConnectTimeout:
print(tab + bad + "Connection Timeout to: %s" % ip)
except requests.exceptions.ConnectionError:
print(tab + bad + "Connection Error to: %s" % ip)
except requests.exceptions.InvalidHeader as e:
print(tab + bad + "Error using header: %s" % str(e))
except Exception as e:
print(tab + bad + "An unexpected error occurred: %s" % str(e))
