mirror of
https://github.com/Ekultek/Zeus-Scanner.git
synced 2026-03-11 08:55:51 +00:00
fixes a bunch of bugs, plus some annoying output that shouldn't be showing up, including but not limited to issue #202 and issue #203
This commit is contained in:
parent
5de72f5d33
commit
083e541284
8 changed files with 77 additions and 42 deletions
|
|
@ -9,7 +9,7 @@ cfa0a16384b1b143f9c2cbd474f1a55c ./zeus.py
|
|||
d3ad89703575a712a0aeead2b176d8c5 ./etc/html/clickjacking_test_page.html
|
||||
642a77905d8bb4e5533e0e9c2137c0fa ./etc/text_files/agents.txt
|
||||
82cc68f46539d0255f7ce14cd86cd49b ./etc/text_files/link_ext.txt
|
||||
b4ac1dab7fee43d1295b0d940e11fac1 ./etc/text_files/dorks.txt
|
||||
9659c647c725773e82d130e0f5c73c57 ./etc/text_files/dorks.txt
|
||||
dc7bfc3d7b9b23340ee37806316bd770 ./etc/text_files/xss_payloads.txt
|
||||
b795ccb193f307a8e9a4a888c018241a ./etc/xml/headers.xml
|
||||
d41d8cd98f00b204e9800998ecf8427e ./bin/__init__.py
|
||||
|
|
@ -58,10 +58,11 @@ bbd8b4c6100070d420d48dc7dfc297eb ./lib/firewall/webknight.py
|
|||
8fc8d62377bebbfa7ca4d70a79eab115 ./lib/firewall/bigip.py
|
||||
73c1727e604ec6e00541687bfc64c0d6 ./lib/firewall/akamai.py
|
||||
7af3ee8615c7dc761f050e0ba638eaef ./lib/firewall/armor.py
|
||||
763af6773e920d6bdc185f5bd4df6084 ./lib/firewall/dw.py
|
||||
81a29a14d72980a306fbaec0dc772048 ./lib/firewall/fortigate.py
|
||||
6ea65a0160c21e144e92334acc2e3667 ./lib/firewall/anquanbao.py
|
||||
22a0ad8f2fa1a16b651cb5ae37ca9b0d ./lib/firewall/generic.py
|
||||
963e24d4b8a0fb94464389ddb60cc65f ./lib/attacks/gist_lookup/__init__.py
|
||||
67ae989c771f1069095aaae7ec3a96d7 ./lib/attacks/gist_lookup/__init__.py
|
||||
7183dbd7106ecb436176cebcca4e499f ./lib/attacks/clickjacking_scan/__init__.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
|
||||
4c644b0e3a62b6c1528d34a04837aa35 ./lib/attacks/sqlmap_scan/__init__.py
|
||||
|
|
@ -70,17 +71,17 @@ d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
|
|||
8ec72bb33df998e32b925e3060d9d17a ./lib/attacks/whois_lookup/whois.py
|
||||
2d7686f1b9b93c3989bc5f279a1a064a ./lib/attacks/admin_panel_finder/__init__.py
|
||||
cc5e5838893eba60cf4bd33d38007e32 ./lib/attacks/xss_scan/__init__.py
|
||||
e9915cc0bc3de60aaf2accfaea77d059 ./lib/attacks/nmap_scan/__init__.py
|
||||
lib/attacks/nmap_scan/__init__.py ./lib/attacks/nmap_scan/__init__.py
|
||||
216999fa0e84866d5c1d96d5676034e4 ./lib/attacks/nmap_scan/nmap_opts.py
|
||||
e2af52e2cb4d2f192c4678b7439366b2 ./lib/header_check/__init__.py
|
||||
888686098a0850750f2435d0e1645944 ./lib/header_check/__init__.py
|
||||
39221756c132732dbdc2b14772dcab11 ./lib/core/common.py
|
||||
4433353fb5c55578391d8b4006191ee8 ./lib/core/errors.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./lib/core/__init__.py
|
||||
c10aa86b519d43bd142de46453527f51 ./lib/core/settings.py
|
||||
ebcd664dbeda6cb93c9e66c71aa45a33 ./lib/core/settings.py
|
||||
801a4f7ac892b74676c649bd4844ccdb ./lib/core/decorators.py
|
||||
9a02e5b913d210350545ac26510a63c9 ./var/search/__init__.py
|
||||
0545ee54ade186681b25d157fb32f350 ./var/search/selenium_search.py
|
||||
8f8a7e791f91f0ef3544f2ed8364ab56 ./var/search/pgp_search.py
|
||||
cfcce04aac694eee7a6c73969861ce43 ./var/search/pgp_search.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./var/__init__.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./var/auto_issue/__init__.py
|
||||
0c11c16126baf789388a661bbbefb149 ./var/auto_issue/github.py
|
||||
|
|
|
|||
|
|
@ -11,17 +11,17 @@ allintitle:\"Test page for Apache Installation\"
|
|||
allintitle:admin.php
|
||||
allintitle:"Welcome to the Cyclades"
|
||||
allinurl: admin mdb
|
||||
allinurl: admin mdb
|
||||
allinurl: admin mdb
|
||||
allinurl:".r{}_vti_cnf/"
|
||||
allinurl:"/*/_vti_pvt/" | allinurl:"/*/_vti_cnf/"
|
||||
allinurl:"exchange/logon.asp"
|
||||
allinurl:"index.php" "site=sglinks"
|
||||
allinurl:.br/index.php?loc=
|
||||
allinurl:/examples/jsp/snp/snoop.jsp
|
||||
allinurl:/examples/jsp/snp/snoop.jsp
|
||||
allinurl:/examples/jsp/snp/snoop.jsp
|
||||
allinurl:/index.php?file= site:*.dk
|
||||
allinurl:/index.php?page= site:*.dk
|
||||
allinurl:\"/*/_vti_pvt/\" | allinurl:\"/*/_vti_cnf/\"
|
||||
allinurl:\"/*/_vti_pvt/\" | allinurl:\"/*/_vti_cnf/\"
|
||||
allinurl:admin mdb
|
||||
allinurl:auth_user_file.txt
|
||||
allinurl:cdkey.txt
|
||||
|
|
@ -29,7 +29,7 @@ allinurl:control/multiview
|
|||
allinurl:install/install.php
|
||||
allinurl:intranet admin
|
||||
allinurl:servlet/SnoopServlet
|
||||
allinurl:servlet/SnoopServlet
|
||||
allinurl:servlet/SnoopServlet
|
||||
allinurl:wps/portal/ login
|
||||
allinurl:"exchange/logon.asp"
|
||||
allinurl:"index.php" "site=sglinks"
|
||||
|
|
@ -77,16 +77,16 @@ ext:ini intext:env.ini
|
|||
ext:jbf jbf
|
||||
ext:ldif ldif
|
||||
ext:ldif ldif
|
||||
ext:log "Software: Microsoft Internet Information Services *.*"
|
||||
ext:log "Software: Microsoft Internet Information Services *.*"
|
||||
ext:log "Software: Microsoft Internet Information
|
||||
ext:log "Software: Microsoft Internet Information
|
||||
ext:log "Software: Microsoft Internet Information Services *.*"
|
||||
ext:log \"Software: Microsoft Internet Information Services *.*\"
|
||||
ext:log "Software: Microsoft Internet Information Services *.*"
|
||||
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
|
||||
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
|
||||
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
|
||||
ext:nsf nsf -gov -mil
|
||||
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb
|
||||
ext:nsf nsf -gov -mil
|
||||
ext:nsf nsf -gov -mil
|
||||
ext:nsf nsf -gov -mil
|
||||
ext:passwd -intext:the -sample -example
|
||||
|
|
@ -111,7 +111,7 @@ ext:vmx vmx
|
|||
ext:vmx vmx
|
||||
ext:vmx vmx
|
||||
ext:yml database inurl:config
|
||||
extqi pqi -database
|
||||
extqi pqi -database
|
||||
extqi pqi -database
|
||||
extqi pqi -database
|
||||
ez Publish administration
|
||||
|
|
@ -404,8 +404,8 @@ index.of passlist
|
|||
index.of perform.ini mIRC IRC ini file can list IRC usernames and
|
||||
index.of.dcim
|
||||
index.of.password
|
||||
intext:" -FrontPage-" ext:pwd inurl:(service | authors | administrators | users)
|
||||
intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
|
||||
intext:"-FrontPage-" ext:pwd inurl:(service | authors | administrators | users)
|
||||
intext:"BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
|
||||
intext:"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
|
||||
intext:"#mysql dump" filetype:sql
|
||||
intext:"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3
|
||||
|
|
@ -653,8 +653,7 @@ intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE" inurl:"begin.html" -Fee
|
|||
intext:"enable password 7″
|
||||
intext:"enable secret 5 $"
|
||||
intext:"vbulletin" inurl:admincp
|
||||
intextpassword | passcode) intextusername | userid | user) filetype:csv
|
||||
intextpassword | passcode) intextusername | userid | user) filetype:csv
|
||||
intext (password | passcode) intextusername | userid | user) filetype:csv
|
||||
intitle: "index of" passwd passwd.bak
|
||||
intitle:"*- HP WBEM Login" | "You are being prompted to provide login account information for *" | "Please provide the information requested and press
|
||||
intitle:"--- VIDEO WEB SERVER ---" intext:"Video Web Server" "Any time & Any
|
||||
|
|
|
|||
|
|
@ -96,16 +96,15 @@ def check_files_for_information(found_url, data_to_search):
|
|||
time.sleep(3)
|
||||
data = requests.get(found_url)
|
||||
for data_regex in data_regex_schema:
|
||||
lib.core.settings.logger.info(lib.core.settings.set_color(
|
||||
"running with regex '{}'...".format(data_regex.pattern), level=25
|
||||
))
|
||||
if data_regex.search(data.content) is not None:
|
||||
lib.core.settings.logger.info(lib.core.settings.set_color(
|
||||
"found a match with given specifics, saving full Gist to log file...", level=25
|
||||
))
|
||||
total_found.add(found_url)
|
||||
lib.core.common.write_to_log_file(
|
||||
data.content, lib.core.settings.GIST_MATCH_LOG, lib.core.settings.GIST_FILENAME
|
||||
data.content, lib.core.settings.GIST_MATCH_LOG, lib.core.settings.GIST_FILENAME.format(
|
||||
lib.core.settings.replace_http(data_to_search)
|
||||
)
|
||||
)
|
||||
return len(total_found)
|
||||
|
||||
|
|
@ -115,7 +114,7 @@ def github_gist_search_main(query, **kwargs):
|
|||
agent = kwargs.get("agent", None)
|
||||
verbose = kwargs.get("verbose", False)
|
||||
thread = kwargs.get("do_threading", False)
|
||||
proc_num = kwargs.get("proc_num", 5) # TODO:/
|
||||
# proc_num = kwargs.get("proc_num", 5) # TODO:/
|
||||
page_set = kwargs.get("page_set", (1, 2, 3, 4, 5))
|
||||
total_found = 0
|
||||
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ class NmapHook(object):
|
|||
print(
|
||||
"{}\nScanned: {} ({})\tStatus: {}\nProtocol: {}\n".format(
|
||||
sep, self.ip,
|
||||
host if host is not "" or None else "unknown",
|
||||
host if host is not "" or None or len(host) == 0 else "unknown",
|
||||
json_data[self.ip]["status"]["state"],
|
||||
"TCP"
|
||||
)
|
||||
|
|
@ -107,7 +107,10 @@ def perform_port_scan(url, scanner=NmapHook, **kwargs):
|
|||
lib.core.settings.logger.info(lib.core.settings.set_color(
|
||||
"attempting to find IP address for hostname '{}'...".format(url)
|
||||
))
|
||||
found_ip_address = socket.gethostbyname(url)
|
||||
try:
|
||||
found_ip_address = socket.gethostbyname(url)
|
||||
except socket.gaierror:
|
||||
found_ip_address = socket.gethostbyname_ex(url)
|
||||
lib.core.settings.logger.info(lib.core.settings.set_color(
|
||||
"found IP address for given URL -> '{}'...".format(found_ip_address), level=25
|
||||
))
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ CLONE = "https://github.com/ekultek/zeus-scanner.git"
|
|||
ISSUE_LINK = "https://github.com/ekultek/zeus-scanner/issues"
|
||||
|
||||
# current version <major.minor.commit.patch ID>
|
||||
VERSION = "1.3.10.{}".format(PATCH_ID)
|
||||
VERSION = "1.3.11.{}".format(PATCH_ID)
|
||||
|
||||
# colors to output depending on the version
|
||||
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
|
||||
|
|
@ -314,7 +314,8 @@ URL_EXCLUDES = (
|
|||
"schema.org", "www.<b", "https://cid-", "https://<strong", # these are some weird things that get pulled up?
|
||||
"plus.google", "www.w3.org", "schemas.live.com",
|
||||
"torproject.org", "search-results.com", "index.com",
|
||||
"gov", ".gov", "facebook.com", "instagram.com", "snapchat"
|
||||
"gov", ".gov", "facebook.com", "instagram.com", "snapchat",
|
||||
"stackoverflow", "stackexchange", "github.com"
|
||||
)
|
||||
|
||||
# regular expressions used for DBMS recognition based on error message response
|
||||
|
|
|
|||
16
lib/firewall/dw.py
Normal file
16
lib/firewall/dw.py
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
import re
|
||||
|
||||
|
||||
__item__ = "DynamicWeb Injection Check (DynamicWeb)"
|
||||
|
||||
|
||||
def detect(content, **kwargs):
|
||||
headers = kwargs.get("headers", None)
|
||||
status = kwargs.get("status", None)
|
||||
detection_schema = (
|
||||
re.compile(r"dw.inj.check", re.I),
|
||||
)
|
||||
if status == 403:
|
||||
for detection in detection_schema:
|
||||
if detection.search(headers.get("X-403-status-by", "")) is not None:
|
||||
return True
|
||||
|
|
@ -161,7 +161,7 @@ def load_headers(url, **kwargs):
|
|||
proxy = kwargs.get("proxy", None)
|
||||
xforward = kwargs.get("xforward", False)
|
||||
|
||||
# literal_match = re.compile(r"\\(\X(\d+)?\w+)?", re.I)
|
||||
literal_match = re.compile(r"\\(\X(\d+)?\w+)?", re.I)
|
||||
|
||||
if proxy is not None:
|
||||
proxy = proxy_string_to_dict(proxy)
|
||||
|
|
@ -201,8 +201,17 @@ def load_headers(url, **kwargs):
|
|||
http_headers = req.headers
|
||||
for header in http_headers:
|
||||
try:
|
||||
# test to see if there are any unicode errors in the string
|
||||
retval[header] = unicodedata.normalize("NFKD", u"{}".format(http_headers[header])).encode("ascii", errors="ignore")
|
||||
# check for Unicode in the string, this is just a safety net in case something is missed
|
||||
# chances are nothing will be matched
|
||||
if literal_match.search(header) is not None:
|
||||
retval[header] = unicodedata.normalize(
|
||||
"NFKD", u"{}".format(http_headers[header])
|
||||
).encode("ascii", errors="ignore")
|
||||
else:
|
||||
# test to see if there are any unicode errors in the string
|
||||
retval[header] = unicodedata.normalize(
|
||||
"NFKD", u"{}".format(http_headers[header])
|
||||
).encode("ascii", errors="ignore")
|
||||
# just to be safe, we're going to put all the possible Unicode errors into a tuple
|
||||
except (UnicodeEncodeError, UnicodeDecodeError, UnicodeError, UnicodeTranslateError, UnicodeWarning):
|
||||
# if there are any errors, we're going to append them to a `do_not_use` list
|
||||
|
|
@ -244,6 +253,8 @@ def main_header_check(url, **kwargs):
|
|||
"strict-transport": ("protection against unencrypted connections (force HTTPS connection)", "HTTPS"),
|
||||
"x-frame": ("protection against clickjacking vulnerabilities", "CLICKJACKING"),
|
||||
"x-content": ("protection against MIME type attacks", "MIME"),
|
||||
"x-csrf": ("protection against Cross-Site Forgery attacks", "CSRF"),
|
||||
"x-xsrf": ("protection against Cross-Site Forgery attacks", "CSRF"),
|
||||
"public-key": ("protection to reduce success rates of MITM attacks", "MITM"),
|
||||
"content-security": ("header protection against multiple attack types", "ALL")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -125,18 +125,23 @@ def get_pgp_keys(url_list, query, attribute="pre", **kwargs):
|
|||
)
|
||||
))
|
||||
identifiers.append(lib.core.settings.PGP_IDENTIFIER_REGEX.search(str(url)).group())
|
||||
req = requests.get(
|
||||
url,
|
||||
params=__set_headers(agent=agent, xforward=xforward),
|
||||
proxies=lib.core.settings.proxy_string_to_dict(proxy),
|
||||
timeout=10
|
||||
)
|
||||
status, html = req.status_code, req.content
|
||||
if status == 200:
|
||||
soup = BeautifulSoup(html, "html.parser")
|
||||
context = soup.findAll(attribute)[0]
|
||||
if identity_matcher.search(str(context)) is not None:
|
||||
extracted_keys.add(context)
|
||||
try:
|
||||
req = requests.get(
|
||||
url,
|
||||
params=__set_headers(agent=agent, xforward=xforward),
|
||||
proxies=lib.core.settings.proxy_string_to_dict(proxy),
|
||||
timeout=10
|
||||
)
|
||||
status, html = req.status_code, req.content
|
||||
if status == 200:
|
||||
soup = BeautifulSoup(html, "html.parser")
|
||||
context = soup.findAll(attribute)[0]
|
||||
if identity_matcher.search(str(context)) is not None:
|
||||
extracted_keys.add(context)
|
||||
except ReadTimeout:
|
||||
lib.core.settings.logger.error(lib.core.settings.set_color(
|
||||
"PGP key failed connection, assuming no good and skipping...", level=40
|
||||
))
|
||||
for i, k in enumerate(extracted_keys):
|
||||
pgp_key = str(k).split("<{}>".format(attribute)) # split the string by the tag
|
||||
pgp_key = pgp_key[1].split("</{}>".format(attribute))[0] # split it again by the end tag
|
||||
|
|
|
|||
Loading…
Reference in a new issue