def worker(self, rhost): self.domains = [] self.victim = rhost try: self.ip = gethostbyname(self.victim) except: self.frmwk.print_error('Cann\' get IP Address') return False self.domains.append(self.victim) if self.ip in CONFIG.IP_WHITE_LIST: self.frmwk.print_error('Site down!') return False self.threadlist = [] self.frmwk.print_status("IP : %s" % self.ip) self.frmwk.print_line("-------------------------------------------") for searcher in self.SEARCHERS: thread = Thread(target = self.reverseip, args = (searcher,)) self.threadlist.append(thread) thread.start() for thread in self.threadlist: try: thread.join(CONFIG.TIME_OUT) if thread.isAlive(): thread.terminate() except timeout: self.frmwk.print_error('Exception Timeout') pass self.frmwk.print_line("-------------------------------------------\n") #import from db if self.frmwk.dbconnect: self.frmwk.print_status('Getting subdomain in database') cursor = self.frmwk.dbconnect.db.cursor() iprow = getIP(cursor, self.ip) if iprow: dmrow = getDomain(cursor, ['domain_name'], {'ip_id_list': '%%!%s|%%' % iprow[0]}) for dm in dmrow: self.domains.append(dm[0]) cursor.close() self.domains = sortlistdomain(self.domains) if self.options['CHECK']: self.frmwk.print_status('Checking domain\'s in this IP') checker = checkdomains(self.frmwk, self.ip, self.domains) checker.checklistdomain(self.options['THREADS']) self.domains = sorted(list(set(checker.response))) if self.frmwk.dbconnect and self.options['CHECK']: self.frmwk.print_status('Saving database!') self.Saver() self.frmwk.print_success('List domain:') self.frmwk.print_line("----------------") self.frmwk.print_line("\n".join(self.domains)) return True
def worker(self, rhost): self.domains = [] self.victim = rhost try: self.ip = gethostbyname(self.victim) except: self.frmwk.print_error('Cann\' get IP Address') return False self.domains.append(self.victim) if self.ip in CONFIG.IP_WHITE_LIST: self.frmwk.print_error('Site down!') return False self.threadlist = [] self.frmwk.print_status("IP : %s" % self.ip) self.frmwk.print_line("-------------------------------------------") for searcher in self.SEARCHERS: thread = Thread(target=self.reverseip, args=(searcher, )) self.threadlist.append(thread) thread.start() for thread in self.threadlist: try: thread.join(CONFIG.TIME_OUT) if thread.isAlive(): thread.terminate() except timeout: self.frmwk.print_error('Exception Timeout') pass self.frmwk.print_line("-------------------------------------------\n") #import from db if self.frmwk.dbconnect: self.frmwk.print_status('Getting subdomain in database') cursor = self.frmwk.dbconnect.db.cursor() iprow = getIP(cursor, self.ip) if iprow: dmrow = getDomain(cursor, ['domain_name'], {'ip_id_list': '%%!%s|%%' % iprow[0]}) for dm in dmrow: self.domains.append(dm[0]) cursor.close() self.domains = sortlistdomain(self.domains) if self.options['CHECK']: self.frmwk.print_status('Checking domain\'s in this IP') checker = checkdomains(self.frmwk, self.ip, self.domains) checker.checklistdomain(self.options['THREADS']) self.domains = sorted(list(set(checker.response))) if self.frmwk.dbconnect and self.options['CHECK']: self.frmwk.print_status('Saving database!') self.Saver() self.frmwk.print_success('List domain:') self.frmwk.print_line("----------------") self.frmwk.print_line("\n".join(self.domains)) return True
def worker(self, domain): threads = [] self.subs = [domain] self.emails = [] self.listip = {} ################################################## subbrute = [] for ext in ['.', '-', '']: for sub in self.subbrute: subbrute.append(sub + ext + domain) if len(subbrute) > 0: self.frmwk.print_status('Starting bruteforce subdomain in : %d thread' % self.subbrutethread) self.listip = IP().getListIP(subbrute, self.subbrutethread) del subbrute ################################################## if self.options['TYPE'].strip().lower() == "fast": type = 2 elif self.options['TYPE'].strip().lower() == "slow": type = 0 else: type = 1 ################################################## self.frmwk.print_status("%s : Start search enginee !" % domain) keywork = '"@' + domain + '" ext:(' + ' OR '.join(CONFIG.EXTENSION) + ')' if self.searcher in ("yahoo", "all"): yh = yahoo.yahoo(keywork, self.limit, self.delay) yh.start() threads.append(yh) if self.searcher in ("bing", "all"): bg = bing.bing(keywork, self.limit, self.delay) bg.start() threads.append(bg) if self.searcher in ("baidu", "all"): bd = baidu.baidu('"@' + domain + '"', self.limit, self.delay) bd.start() threads.append(bd) if self.searcher in ("exalead", "all"): el = exalead.exalead(keywork, self.limit, self.delay) el.start() threads.append(el) if self.searcher in ("google", "all"): gg = google.google(keywork, self.limit, self.delay) gg.start() threads.append(gg) ############### get info from db ################## if self.frmwk.dbconnect: self.frmwk.print_status('Getting data in database') cursor = self.frmwk.dbconnect.db.cursor() dmrow = getDomain(cursor, ['domain_name', 'mail_list'], {'domain_name': '%%%s' % domain}) if dmrow: for dm in dmrow: self.subs.append(dm[0]) if dm[1]: for e in dm[1].split('\n'): self.emails.append(e.split('|')[0].strip()) else: self.frmwk.print_status('Nothing in Database!') cursor.close() else: self.frmwk.print_error('Database connect false!') ################################################## docsthreads = [] try: for t in threads: t.join() self.frmwk.print_status("Harvesting : <[ {0:<25} {1:d}".format(t.name, len(t.info))) if self.multithread: ps = Thread(target = filter.Filter, args = (domain, t.info, type,)) docsthreads.append(ps) ps.start() else: s,e = filter.Filter(domain, t.info, type) self.subs += s self.emails += e except KeyboardInterrupt: for t in threads: if t.isAlive(): t.terminate() for t in docsthreads: if t.isAlive(): t.terminate() pass if len(docsthreads) > 0: for ps in docsthreads: s,e = ps.join() self.subs += s self.emails += e self.subs.append(domain) self.subs = sorted(list(set(self.subs))) self.emails = sorted(list(set(self.emails))) ############ check subdomain ############## self.frmwk.print_status('Checking subdomain in : %d thread' % self.subbrutethread) ips = IP().getListIP(self.subs, self.subbrutethread) for ip in ips.keys(): if ip in self.listip: self.listip[ip] = sorted(list(set(self.listip[ip] + ips[ip]))) else: self.listip[ip] = ips[ip] del ips ################ insert db ################# if self.frmwk.dbconnect: self.frmwk.print_status('start save database!') self.DBInsert(domain) ################# reverse ip ############### if self.reverseip: for ip in self.listip.keys(): reip = self.frmwk.modules['info/reverse_ip'] reip.options.addString('RHOST', 'IP/Domain to reverse(support : ip1,ip2...)', default = ip) reip.options.addBoolean('CHECK', 'check domain is in this IP ', default = True) reip.options.addInteger('THREADS', 'thread check domain', default = 10) ############################ reip.advanced_options.addPath('HOSTLIST', 'Path to domain list', False) reip.advanced_options.addPath('OUTPUT', 'Output directory', False) reip.run(self.frmwk, None) self.frmwk.reload_module('info/reverse_ip') for d in reip.domains: if d.endswith(domain): self.listip[ip].append(d) self.listip[ip] = sorted(list(set(self.listip[ip]))) ########################################### self.frmwk.print_line() self.frmwk.print_success("Hosts found in search engines:\n------------------------------") for ip in self.listip.keys(): self.frmwk.print_success('IP Server : ' + ip) for dm in self.listip[ip]: self.frmwk.print_line('\t. ' + dm) self.frmwk.print_line() self.frmwk.print_line() self.frmwk.print_success("Emails found:\n-------------") self.frmwk.print_line("\n".join(self.emails)) self.frmwk.print_line('')