From 083e54128471e06003e90388d11401ce9ddfefca Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 1 Dec 2017 11:05:53 -0600 Subject: [PATCH] fixes a bunch of bugs, plus some annoying output that shouldn't be showing up, including but not limited to issue #202 and issue #203 --- etc/checksum/md5sum.md5 | 13 +++++++------ etc/text_files/dorks.txt | 23 +++++++++++------------ lib/attacks/gist_lookup/__init__.py | 9 ++++----- lib/attacks/nmap_scan/__init__.py | 7 +++++-- lib/core/settings.py | 5 +++-- lib/firewall/dw.py | 16 ++++++++++++++++ lib/header_check/__init__.py | 17 ++++++++++++++--- var/search/pgp_search.py | 29 +++++++++++++++++------------ 8 files changed, 77 insertions(+), 42 deletions(-) create mode 100644 lib/firewall/dw.py diff --git a/etc/checksum/md5sum.md5 b/etc/checksum/md5sum.md5 index e9f56db..d0ddafc 100644 --- a/etc/checksum/md5sum.md5 +++ b/etc/checksum/md5sum.md5 @@ -9,7 +9,7 @@ cfa0a16384b1b143f9c2cbd474f1a55c ./zeus.py d3ad89703575a712a0aeead2b176d8c5 ./etc/html/clickjacking_test_page.html 642a77905d8bb4e5533e0e9c2137c0fa ./etc/text_files/agents.txt 82cc68f46539d0255f7ce14cd86cd49b ./etc/text_files/link_ext.txt -b4ac1dab7fee43d1295b0d940e11fac1 ./etc/text_files/dorks.txt +9659c647c725773e82d130e0f5c73c57 ./etc/text_files/dorks.txt dc7bfc3d7b9b23340ee37806316bd770 ./etc/text_files/xss_payloads.txt b795ccb193f307a8e9a4a888c018241a ./etc/xml/headers.xml d41d8cd98f00b204e9800998ecf8427e ./bin/__init__.py @@ -58,10 +58,11 @@ bbd8b4c6100070d420d48dc7dfc297eb ./lib/firewall/webknight.py 8fc8d62377bebbfa7ca4d70a79eab115 ./lib/firewall/bigip.py 73c1727e604ec6e00541687bfc64c0d6 ./lib/firewall/akamai.py 7af3ee8615c7dc761f050e0ba638eaef ./lib/firewall/armor.py +763af6773e920d6bdc185f5bd4df6084 ./lib/firewall/dw.py 81a29a14d72980a306fbaec0dc772048 ./lib/firewall/fortigate.py 6ea65a0160c21e144e92334acc2e3667 ./lib/firewall/anquanbao.py 22a0ad8f2fa1a16b651cb5ae37ca9b0d ./lib/firewall/generic.py -963e24d4b8a0fb94464389ddb60cc65f ./lib/attacks/gist_lookup/__init__.py +67ae989c771f1069095aaae7ec3a96d7 ./lib/attacks/gist_lookup/__init__.py 7183dbd7106ecb436176cebcca4e499f ./lib/attacks/clickjacking_scan/__init__.py d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py 4c644b0e3a62b6c1528d34a04837aa35 ./lib/attacks/sqlmap_scan/__init__.py @@ -70,17 +71,17 @@ d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py 8ec72bb33df998e32b925e3060d9d17a ./lib/attacks/whois_lookup/whois.py 2d7686f1b9b93c3989bc5f279a1a064a ./lib/attacks/admin_panel_finder/__init__.py cc5e5838893eba60cf4bd33d38007e32 ./lib/attacks/xss_scan/__init__.py -e9915cc0bc3de60aaf2accfaea77d059 ./lib/attacks/nmap_scan/__init__.py +lib/attacks/nmap_scan/__init__.py ./lib/attacks/nmap_scan/__init__.py 216999fa0e84866d5c1d96d5676034e4 ./lib/attacks/nmap_scan/nmap_opts.py -e2af52e2cb4d2f192c4678b7439366b2 ./lib/header_check/__init__.py +888686098a0850750f2435d0e1645944 ./lib/header_check/__init__.py 39221756c132732dbdc2b14772dcab11 ./lib/core/common.py 4433353fb5c55578391d8b4006191ee8 ./lib/core/errors.py d41d8cd98f00b204e9800998ecf8427e ./lib/core/__init__.py -c10aa86b519d43bd142de46453527f51 ./lib/core/settings.py +ebcd664dbeda6cb93c9e66c71aa45a33 ./lib/core/settings.py 801a4f7ac892b74676c649bd4844ccdb ./lib/core/decorators.py 9a02e5b913d210350545ac26510a63c9 ./var/search/__init__.py 0545ee54ade186681b25d157fb32f350 ./var/search/selenium_search.py -8f8a7e791f91f0ef3544f2ed8364ab56 ./var/search/pgp_search.py +cfcce04aac694eee7a6c73969861ce43 ./var/search/pgp_search.py d41d8cd98f00b204e9800998ecf8427e ./var/__init__.py d41d8cd98f00b204e9800998ecf8427e ./var/auto_issue/__init__.py 0c11c16126baf789388a661bbbefb149 ./var/auto_issue/github.py diff --git a/etc/text_files/dorks.txt b/etc/text_files/dorks.txt index 5b8ed71..c37d102 100644 --- a/etc/text_files/dorks.txt +++ b/etc/text_files/dorks.txt @@ -11,17 +11,17 @@ allintitle:\"Test page for Apache Installation\" allintitle:admin.php allintitle:"Welcome to the Cyclades" allinurl: admin mdb -allinurl: admin mdb +allinurl: admin mdb allinurl:".r{}_vti_cnf/" allinurl:"/*/_vti_pvt/" | allinurl:"/*/_vti_cnf/" allinurl:"exchange/logon.asp" allinurl:"index.php" "site=sglinks" allinurl:.br/index.php?loc= allinurl:/examples/jsp/snp/snoop.jsp -allinurl:/examples/jsp/snp/snoop.jsp +allinurl:/examples/jsp/snp/snoop.jsp allinurl:/index.php?file= site:*.dk allinurl:/index.php?page= site:*.dk -allinurl:\"/*/_vti_pvt/\" | allinurl:\"/*/_vti_cnf/\" +allinurl:\"/*/_vti_pvt/\" | allinurl:\"/*/_vti_cnf/\" allinurl:admin mdb allinurl:auth_user_file.txt allinurl:cdkey.txt @@ -29,7 +29,7 @@ allinurl:control/multiview allinurl:install/install.php allinurl:intranet admin allinurl:servlet/SnoopServlet -allinurl:servlet/SnoopServlet +allinurl:servlet/SnoopServlet allinurl:wps/portal/ login allinurl:"exchange/logon.asp" allinurl:"index.php" "site=sglinks" @@ -77,16 +77,16 @@ ext:ini intext:env.ini ext:jbf jbf ext:ldif ldif ext:ldif ldif -ext:log "Software: Microsoft Internet Information Services *.*" +ext:log "Software: Microsoft Internet Information Services *.*" ext:log "Software: Microsoft Internet Information ext:log "Software: Microsoft Internet Information ext:log "Software: Microsoft Internet Information Services *.*" ext:log \"Software: Microsoft Internet Information Services *.*\" ext:log "Software: Microsoft Internet Information Services *.*" -ext:mdb inurl:*.mdb inurl:fpdb shop.mdb ext:mdb inurl:*.mdb inurl:fpdb shop.mdb ext:mdb inurl:*.mdb inurl:fpdb shop.mdb -ext:nsf nsf -gov -mil +ext:mdb inurl:*.mdb inurl:fpdb shop.mdb +ext:nsf nsf -gov -mil ext:nsf nsf -gov -mil ext:nsf nsf -gov -mil ext:passwd -intext:the -sample -example @@ -111,7 +111,7 @@ ext:vmx vmx ext:vmx vmx ext:vmx vmx ext:yml database inurl:config -extqi pqi -database +extqi pqi -database extqi pqi -database extqi pqi -database ez Publish administration @@ -404,8 +404,8 @@ index.of passlist index.of perform.ini mIRC IRC ini file can list IRC usernames and index.of.dcim index.of.password -intext:" -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) -intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board" +intext:"-FrontPage-" ext:pwd inurl:(service | authors | administrators | users) +intext:"BiTBOARD v2.0" BiTSHiFTERS Bulletin Board" intext:"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd intext:"#mysql dump" filetype:sql intext:"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3 @@ -653,8 +653,7 @@ intext:"Welcome to" inurl:"cp" intitle:"H-SPHERE" inurl:"begin.html" -Fee intext:"enable password 7″ intext:"enable secret 5 $" intext:"vbulletin" inurl:admincp -intextpassword | passcode) intextusername | userid | user) filetype:csv -intextpassword | passcode) intextusername | userid | user) filetype:csv +intext (password | passcode) intextusername | userid | user) filetype:csv intitle: "index of" passwd passwd.bak intitle:"*- HP WBEM Login" | "You are being prompted to provide login account information for *" | "Please provide the information requested and press intitle:"--- VIDEO WEB SERVER ---" intext:"Video Web Server" "Any time & Any diff --git a/lib/attacks/gist_lookup/__init__.py b/lib/attacks/gist_lookup/__init__.py index 6f6506d..59b2c13 100644 --- a/lib/attacks/gist_lookup/__init__.py +++ b/lib/attacks/gist_lookup/__init__.py @@ -96,16 +96,15 @@ def check_files_for_information(found_url, data_to_search): time.sleep(3) data = requests.get(found_url) for data_regex in data_regex_schema: - lib.core.settings.logger.info(lib.core.settings.set_color( - "running with regex '{}'...".format(data_regex.pattern), level=25 - )) if data_regex.search(data.content) is not None: lib.core.settings.logger.info(lib.core.settings.set_color( "found a match with given specifics, saving full Gist to log file...", level=25 )) total_found.add(found_url) lib.core.common.write_to_log_file( - data.content, lib.core.settings.GIST_MATCH_LOG, lib.core.settings.GIST_FILENAME + data.content, lib.core.settings.GIST_MATCH_LOG, lib.core.settings.GIST_FILENAME.format( + lib.core.settings.replace_http(data_to_search) + ) ) return len(total_found) @@ -115,7 +114,7 @@ def github_gist_search_main(query, **kwargs): agent = kwargs.get("agent", None) verbose = kwargs.get("verbose", False) thread = kwargs.get("do_threading", False) - proc_num = kwargs.get("proc_num", 5) # TODO:/ + # proc_num = kwargs.get("proc_num", 5) # TODO:/ page_set = kwargs.get("page_set", (1, 2, 3, 4, 5)) total_found = 0 diff --git a/lib/attacks/nmap_scan/__init__.py b/lib/attacks/nmap_scan/__init__.py index 3b5fa3e..4e4a82c 100644 --- a/lib/attacks/nmap_scan/__init__.py +++ b/lib/attacks/nmap_scan/__init__.py @@ -59,7 +59,7 @@ class NmapHook(object): print( "{}\nScanned: {} ({})\tStatus: {}\nProtocol: {}\n".format( sep, self.ip, - host if host is not "" or None else "unknown", + host if host is not "" or None or len(host) == 0 else "unknown", json_data[self.ip]["status"]["state"], "TCP" ) @@ -107,7 +107,10 @@ def perform_port_scan(url, scanner=NmapHook, **kwargs): lib.core.settings.logger.info(lib.core.settings.set_color( "attempting to find IP address for hostname '{}'...".format(url) )) - found_ip_address = socket.gethostbyname(url) + try: + found_ip_address = socket.gethostbyname(url) + except socket.gaierror: + found_ip_address = socket.gethostbyname_ex(url) lib.core.settings.logger.info(lib.core.settings.set_color( "found IP address for given URL -> '{}'...".format(found_ip_address), level=25 )) diff --git a/lib/core/settings.py b/lib/core/settings.py index 958a927..2908c0b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -46,7 +46,7 @@ CLONE = "https://github.com/ekultek/zeus-scanner.git" ISSUE_LINK = "https://github.com/ekultek/zeus-scanner/issues" # current version -VERSION = "1.3.10.{}".format(PATCH_ID) +VERSION = "1.3.11.{}".format(PATCH_ID) # colors to output depending on the version VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30} @@ -314,7 +314,8 @@ URL_EXCLUDES = ( "schema.org", "www.".format(attribute)) # split the string by the tag pgp_key = pgp_key[1].split("".format(attribute))[0] # split it again by the end tag