fixes a bunch of bugs, plus some annoying output that shouldn't be showing up, including but not limited to issue #202 and issue #203

This commit is contained in:
ekultek 2017-12-01 11:05:53 -06:00
parent 5de72f5d33
commit 083e541284
8 changed files with 77 additions and 42 deletions

View file

@ -9,7 +9,7 @@ cfa0a16384b1b143f9c2cbd474f1a55c ./zeus.py
d3ad89703575a712a0aeead2b176d8c5 ./etc/html/clickjacking_test_page.html
642a77905d8bb4e5533e0e9c2137c0fa ./etc/text_files/agents.txt
82cc68f46539d0255f7ce14cd86cd49b ./etc/text_files/link_ext.txt
b4ac1dab7fee43d1295b0d940e11fac1 ./etc/text_files/dorks.txt
9659c647c725773e82d130e0f5c73c57 ./etc/text_files/dorks.txt
dc7bfc3d7b9b23340ee37806316bd770 ./etc/text_files/xss_payloads.txt
b795ccb193f307a8e9a4a888c018241a ./etc/xml/headers.xml
d41d8cd98f00b204e9800998ecf8427e ./bin/__init__.py
@ -58,10 +58,11 @@ bbd8b4c6100070d420d48dc7dfc297eb ./lib/firewall/webknight.py
8fc8d62377bebbfa7ca4d70a79eab115 ./lib/firewall/bigip.py
73c1727e604ec6e00541687bfc64c0d6 ./lib/firewall/akamai.py
7af3ee8615c7dc761f050e0ba638eaef ./lib/firewall/armor.py
763af6773e920d6bdc185f5bd4df6084 ./lib/firewall/dw.py
81a29a14d72980a306fbaec0dc772048 ./lib/firewall/fortigate.py
6ea65a0160c21e144e92334acc2e3667 ./lib/firewall/anquanbao.py
22a0ad8f2fa1a16b651cb5ae37ca9b0d ./lib/firewall/generic.py
963e24d4b8a0fb94464389ddb60cc65f ./lib/attacks/gist_lookup/__init__.py
67ae989c771f1069095aaae7ec3a96d7 ./lib/attacks/gist_lookup/__init__.py
7183dbd7106ecb436176cebcca4e499f ./lib/attacks/clickjacking_scan/__init__.py
d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
4c644b0e3a62b6c1528d34a04837aa35 ./lib/attacks/sqlmap_scan/__init__.py
@ -70,17 +71,17 @@ d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
8ec72bb33df998e32b925e3060d9d17a ./lib/attacks/whois_lookup/whois.py
2d7686f1b9b93c3989bc5f279a1a064a ./lib/attacks/admin_panel_finder/__init__.py
cc5e5838893eba60cf4bd33d38007e32 ./lib/attacks/xss_scan/__init__.py
e9915cc0bc3de60aaf2accfaea77d059 ./lib/attacks/nmap_scan/__init__.py
lib/attacks/nmap_scan/__init__.py ./lib/attacks/nmap_scan/__init__.py
216999fa0e84866d5c1d96d5676034e4 ./lib/attacks/nmap_scan/nmap_opts.py
e2af52e2cb4d2f192c4678b7439366b2 ./lib/header_check/__init__.py
888686098a0850750f2435d0e1645944 ./lib/header_check/__init__.py
39221756c132732dbdc2b14772dcab11 ./lib/core/common.py
4433353fb5c55578391d8b4006191ee8 ./lib/core/errors.py
d41d8cd98f00b204e9800998ecf8427e ./lib/core/__init__.py
c10aa86b519d43bd142de46453527f51 ./lib/core/settings.py
ebcd664dbeda6cb93c9e66c71aa45a33 ./lib/core/settings.py
801a4f7ac892b74676c649bd4844ccdb ./lib/core/decorators.py
9a02e5b913d210350545ac26510a63c9 ./var/search/__init__.py
0545ee54ade186681b25d157fb32f350 ./var/search/selenium_search.py
8f8a7e791f91f0ef3544f2ed8364ab56 ./var/search/pgp_search.py
cfcce04aac694eee7a6c73969861ce43 ./var/search/pgp_search.py
d41d8cd98f00b204e9800998ecf8427e ./var/__init__.py
d41d8cd98f00b204e9800998ecf8427e ./var/auto_issue/__init__.py
0c11c16126baf789388a661bbbefb149 ./var/auto_issue/github.py

View file

@ -11,17 +11,17 @@ allintitle:\"Test page for Apache Installation\"
allintitle:admin.php
allintitle:"Welcome to the Cyclades"
allinurl: admin mdb
allinurl: admin mdb
allinurl: admin mdb
allinurl:".r{}_vti_cnf/"
allinurl:"/*/_vti_pvt/" | allinurl:"/*/_vti_cnf/"
allinurl:"exchange/logon.asp"
allinurl:"index.php" "site=sglinks"
allinurl:.br/index.php?loc=
allinurl:/examples/jsp/snp/snoop.jsp
allinurl:/examples/jsp/snp/snoop.jsp
allinurl:/examples/jsp/snp/snoop.jsp
allinurl:/index.php?file= site:*.dk
allinurl:/index.php?page= site:*.dk
allinurl:\"/*/_vti_pvt/\" | allinurl:\"/*/_vti_cnf/\"
allinurl:\"/*/_vti_pvt/\" | allinurl:\"/*/_vti_cnf/\"
allinurl:admin mdb
allinurl:auth_user_file.txt
allinurl:cdkey.txt
@ -29,7 +29,7 @@ allinurl:control/multiview
allinurl:install/install.php
allinurl:intranet admin
allinurl:servlet/SnoopServlet
allinurl:servlet/SnoopServlet
allinurl:servlet/SnoopServlet
allinurl:wps/portal/ login
allinurl:"exchange/logon.asp"
allinurl:"index.php" "site=sglinks"
@ -77,16 +77,16 @@ ext:ini intext:env.ini
ext:jbf jbf
ext:ldif ldif
ext:ldif ldif
ext:log "Software: Microsoft Internet Information Services *.*"
ext:log "Software: Microsoft Internet Information Services *.*"
ext:log "Software: Microsoft Internet Information
ext:log "Software: Microsoft Internet Information
ext:log "Software: Microsoft Internet Information Services *.*"
ext:log \"Software: Microsoft Internet Information Services *.*\"
ext:log "Software: Microsoft Internet Information Services *.*"
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
ext:nsf nsf -gov -mil
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
ext:nsf nsf -gov -mil
ext:nsf nsf -gov -mil
ext:nsf nsf -gov -mil
ext:passwd -intext:the -sample -example
@ -111,7 +111,7 @@ ext:vmx vmx
ext:vmx vmx
ext:vmx vmx
ext:yml database inurl:config
extqi pqi -database
extqi pqi -database
extqi pqi -database
extqi pqi -database
ez Publish administration
@ -404,8 +404,8 @@ index.of passlist
index.of perform.ini mIRC IRC ini file can list IRC usernames and
index.of.dcim
index.of.password
intext:" -FrontPage-" ext:pwd inurl:(service | authors | administrators | users)
intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
intext:"-FrontPage-" ext:pwd inurl:(service | authors | administrators | users)
intext:"BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
intext:"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
intext:"#mysql dump" filetype:sql
intext:"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3
@ -653,8 +653,7 @@ intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE" inurl:"begin.html" -Fee
intext:"enable password 7″
intext:"enable secret 5 $"
intext:"vbulletin" inurl:admincp
intextpassword | passcode) intextusername | userid | user) filetype:csv
intextpassword | passcode) intextusername | userid | user) filetype:csv
intext (password | passcode) intextusername | userid | user) filetype:csv
intitle: "index of" passwd passwd.bak
intitle:"*- HP WBEM Login" | "You are being prompted to provide login account information for *" | "Please provide the information requested and press
intitle:"--- VIDEO WEB SERVER ---" intext:"Video Web Server" "Any time & Any

View file

@ -96,16 +96,15 @@ def check_files_for_information(found_url, data_to_search):
time.sleep(3)
data = requests.get(found_url)
for data_regex in data_regex_schema:
lib.core.settings.logger.info(lib.core.settings.set_color(
"running with regex '{}'...".format(data_regex.pattern), level=25
))
if data_regex.search(data.content) is not None:
lib.core.settings.logger.info(lib.core.settings.set_color(
"found a match with given specifics, saving full Gist to log file...", level=25
))
total_found.add(found_url)
lib.core.common.write_to_log_file(
data.content, lib.core.settings.GIST_MATCH_LOG, lib.core.settings.GIST_FILENAME
data.content, lib.core.settings.GIST_MATCH_LOG, lib.core.settings.GIST_FILENAME.format(
lib.core.settings.replace_http(data_to_search)
)
)
return len(total_found)
@ -115,7 +114,7 @@ def github_gist_search_main(query, **kwargs):
agent = kwargs.get("agent", None)
verbose = kwargs.get("verbose", False)
thread = kwargs.get("do_threading", False)
proc_num = kwargs.get("proc_num", 5) # TODO:/
# proc_num = kwargs.get("proc_num", 5) # TODO:/
page_set = kwargs.get("page_set", (1, 2, 3, 4, 5))
total_found = 0

View file

@ -59,7 +59,7 @@ class NmapHook(object):
print(
"{}\nScanned: {} ({})\tStatus: {}\nProtocol: {}\n".format(
sep, self.ip,
host if host is not "" or None else "unknown",
host if host is not "" or None or len(host) == 0 else "unknown",
json_data[self.ip]["status"]["state"],
"TCP"
)
@ -107,7 +107,10 @@ def perform_port_scan(url, scanner=NmapHook, **kwargs):
lib.core.settings.logger.info(lib.core.settings.set_color(
"attempting to find IP address for hostname '{}'...".format(url)
))
found_ip_address = socket.gethostbyname(url)
try:
found_ip_address = socket.gethostbyname(url)
except socket.gaierror:
found_ip_address = socket.gethostbyname_ex(url)
lib.core.settings.logger.info(lib.core.settings.set_color(
"found IP address for given URL -> '{}'...".format(found_ip_address), level=25
))

View file

@ -46,7 +46,7 @@ CLONE = "https://github.com/ekultek/zeus-scanner.git"
ISSUE_LINK = "https://github.com/ekultek/zeus-scanner/issues"
# current version <major.minor.commit.patch ID>
VERSION = "1.3.10.{}".format(PATCH_ID)
VERSION = "1.3.11.{}".format(PATCH_ID)
# colors to output depending on the version
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
@ -314,7 +314,8 @@ URL_EXCLUDES = (
"schema.org", "www.<b", "https://cid-", "https://<strong", # these are some weird things that get pulled up?
"plus.google", "www.w3.org", "schemas.live.com",
"torproject.org", "search-results.com", "index.com",
"gov", ".gov", "facebook.com", "instagram.com", "snapchat"
"gov", ".gov", "facebook.com", "instagram.com", "snapchat",
"stackoverflow", "stackexchange", "github.com"
)
# regular expressions used for DBMS recognition based on error message response

16
lib/firewall/dw.py Normal file
View file

@ -0,0 +1,16 @@
import re
__item__ = "DynamicWeb Injection Check (DynamicWeb)"
def detect(content, **kwargs):
headers = kwargs.get("headers", None)
status = kwargs.get("status", None)
detection_schema = (
re.compile(r"dw.inj.check", re.I),
)
if status == 403:
for detection in detection_schema:
if detection.search(headers.get("X-403-status-by", "")) is not None:
return True

View file

@ -161,7 +161,7 @@ def load_headers(url, **kwargs):
proxy = kwargs.get("proxy", None)
xforward = kwargs.get("xforward", False)
# literal_match = re.compile(r"\\(\X(\d+)?\w+)?", re.I)
literal_match = re.compile(r"\\(\X(\d+)?\w+)?", re.I)
if proxy is not None:
proxy = proxy_string_to_dict(proxy)
@ -201,8 +201,17 @@ def load_headers(url, **kwargs):
http_headers = req.headers
for header in http_headers:
try:
# test to see if there are any unicode errors in the string
retval[header] = unicodedata.normalize("NFKD", u"{}".format(http_headers[header])).encode("ascii", errors="ignore")
# check for Unicode in the string, this is just a safety net in case something is missed
# chances are nothing will be matched
if literal_match.search(header) is not None:
retval[header] = unicodedata.normalize(
"NFKD", u"{}".format(http_headers[header])
).encode("ascii", errors="ignore")
else:
# test to see if there are any unicode errors in the string
retval[header] = unicodedata.normalize(
"NFKD", u"{}".format(http_headers[header])
).encode("ascii", errors="ignore")
# just to be safe, we're going to put all the possible Unicode errors into a tuple
except (UnicodeEncodeError, UnicodeDecodeError, UnicodeError, UnicodeTranslateError, UnicodeWarning):
# if there are any errors, we're going to append them to a `do_not_use` list
@ -244,6 +253,8 @@ def main_header_check(url, **kwargs):
"strict-transport": ("protection against unencrypted connections (force HTTPS connection)", "HTTPS"),
"x-frame": ("protection against clickjacking vulnerabilities", "CLICKJACKING"),
"x-content": ("protection against MIME type attacks", "MIME"),
"x-csrf": ("protection against Cross-Site Forgery attacks", "CSRF"),
"x-xsrf": ("protection against Cross-Site Forgery attacks", "CSRF"),
"public-key": ("protection to reduce success rates of MITM attacks", "MITM"),
"content-security": ("header protection against multiple attack types", "ALL")
}

View file

@ -125,18 +125,23 @@ def get_pgp_keys(url_list, query, attribute="pre", **kwargs):
)
))
identifiers.append(lib.core.settings.PGP_IDENTIFIER_REGEX.search(str(url)).group())
req = requests.get(
url,
params=__set_headers(agent=agent, xforward=xforward),
proxies=lib.core.settings.proxy_string_to_dict(proxy),
timeout=10
)
status, html = req.status_code, req.content
if status == 200:
soup = BeautifulSoup(html, "html.parser")
context = soup.findAll(attribute)[0]
if identity_matcher.search(str(context)) is not None:
extracted_keys.add(context)
try:
req = requests.get(
url,
params=__set_headers(agent=agent, xforward=xforward),
proxies=lib.core.settings.proxy_string_to_dict(proxy),
timeout=10
)
status, html = req.status_code, req.content
if status == 200:
soup = BeautifulSoup(html, "html.parser")
context = soup.findAll(attribute)[0]
if identity_matcher.search(str(context)) is not None:
extracted_keys.add(context)
except ReadTimeout:
lib.core.settings.logger.error(lib.core.settings.set_color(
"PGP key failed connection, assuming no good and skipping...", level=40
))
for i, k in enumerate(extracted_keys):
pgp_key = str(k).split("<{}>".format(attribute)) # split the string by the tag
pgp_key = pgp_key[1].split("</{}>".format(attribute))[0] # split it again by the end tag