mirror of
https://github.com/Ekultek/Zeus-Scanner.git
synced 2026-03-11 08:55:51 +00:00
created an admin page finder for the found URL's
This commit is contained in:
parent
47561c3aab
commit
36259f3a12
4 changed files with 443 additions and 314 deletions
586
etc/link_ext.txt
586
etc/link_ext.txt
|
|
@ -2,296 +2,296 @@
|
|||
:82
|
||||
:2082
|
||||
:2083
|
||||
admin.php
|
||||
admin.html
|
||||
index.php
|
||||
login.php
|
||||
login.html
|
||||
administrator
|
||||
admin
|
||||
adminpanel
|
||||
cpanel
|
||||
login
|
||||
wp-login.php
|
||||
administrator
|
||||
admins
|
||||
logins
|
||||
admin.asp
|
||||
login.asp
|
||||
adm/
|
||||
admin/
|
||||
admin/account.html
|
||||
admin/login.html
|
||||
admin/login.htm
|
||||
admin/controlpanel.html
|
||||
admin/controlpanel.htm
|
||||
admin/adminLogin.html
|
||||
admin/adminLogin.htm
|
||||
admin.htm
|
||||
admin.html
|
||||
adminitem/
|
||||
adminitems/
|
||||
administrator/
|
||||
administrator/login.%EXT%
|
||||
administrator.%EXT%
|
||||
administration/
|
||||
administration.%EXT%
|
||||
adminLogin/
|
||||
adminlogin.%EXT%
|
||||
admin_area/admin.%EXT%
|
||||
admin_area/
|
||||
admin_area/login.%EXT%
|
||||
manager/
|
||||
superuser/
|
||||
superuser.%EXT%
|
||||
access/
|
||||
access.%EXT%
|
||||
sysadm/
|
||||
sysadm.%EXT%
|
||||
superman/
|
||||
supervisor/
|
||||
panel.%EXT%
|
||||
control/
|
||||
control.%EXT%
|
||||
member/
|
||||
member.%EXT%
|
||||
members/
|
||||
user/
|
||||
user.%EXT%
|
||||
cp/
|
||||
uvpanel/
|
||||
manage/
|
||||
manage.%EXT%
|
||||
management/
|
||||
management.%EXT%
|
||||
signin/
|
||||
signin.%EXT%
|
||||
log-in/
|
||||
log-in.%EXT%
|
||||
log_in/
|
||||
log_in.%EXT%
|
||||
sign_in/
|
||||
sign_in.%EXT%
|
||||
sign-in/
|
||||
sign-in.%EXT%
|
||||
users/
|
||||
users.%EXT%
|
||||
accounts/
|
||||
accounts.%EXT%
|
||||
bb-admin/login.%EXT%
|
||||
bb-admin/admin.%EXT%
|
||||
bb-admin/admin.html
|
||||
administrator/account.%EXT%
|
||||
relogin.htm
|
||||
relogin.html
|
||||
check.%EXT%
|
||||
relogin.%EXT%
|
||||
blog/wp-login.%EXT%
|
||||
user/admin.%EXT%
|
||||
users/admin.%EXT%
|
||||
registration/
|
||||
processlogin.%EXT%
|
||||
checklogin.%EXT%
|
||||
checkuser.%EXT%
|
||||
checkadmin.%EXT%
|
||||
isadmin.%EXT%
|
||||
authenticate.%EXT%
|
||||
authentication.%EXT%
|
||||
auth.%EXT%
|
||||
authuser.%EXT%
|
||||
authadmin.%EXT%
|
||||
cp.%EXT%
|
||||
modelsearch/login.%EXT%
|
||||
moderator.%EXT%
|
||||
moderator/
|
||||
controlpanel/
|
||||
controlpanel.%EXT%
|
||||
admincontrol.%EXT%
|
||||
adminpanel.%EXT%
|
||||
fileadmin/
|
||||
fileadmin.%EXT%
|
||||
sysadmin.%EXT%
|
||||
admin1.%EXT%
|
||||
admin1.html
|
||||
admin1.htm
|
||||
admin2.%EXT%
|
||||
admin2.html
|
||||
yonetim.%EXT%
|
||||
yonetim.html
|
||||
yonetici.%EXT%
|
||||
yonetici.html
|
||||
phpmyadmin/
|
||||
myadmin/
|
||||
ur-admin.%EXT%
|
||||
ur-admin/
|
||||
Server.%EXT%
|
||||
Server/
|
||||
wp-admin/
|
||||
administr8.%EXT%
|
||||
administr8/
|
||||
webadmin/
|
||||
webadmin.%EXT%
|
||||
administratie/
|
||||
admins/
|
||||
admins.%EXT%
|
||||
administrivia/
|
||||
Database_Administration/
|
||||
useradmin/
|
||||
sysadmins/
|
||||
sysadmins/
|
||||
admin1/
|
||||
system-administration/
|
||||
administrators/
|
||||
pgadmin/
|
||||
directadmin/
|
||||
staradmin/
|
||||
ServerAdministrator/
|
||||
SysAdmin/
|
||||
administer/
|
||||
LiveUser_Admin/
|
||||
sys-admin/
|
||||
typo3/
|
||||
panel/
|
||||
cpanel/
|
||||
cpanel_file/
|
||||
platz_login/
|
||||
rcLogin/
|
||||
blogindex/
|
||||
formslogin/
|
||||
autologin/
|
||||
manuallogin/
|
||||
simpleLogin/
|
||||
loginflat/
|
||||
utility_login/
|
||||
showlogin/
|
||||
memlogin/
|
||||
login-redirect/
|
||||
sub-login/
|
||||
wp-login/
|
||||
login1/
|
||||
dir-login/
|
||||
login_db/
|
||||
xlogin/
|
||||
smblogin/
|
||||
customer_login/
|
||||
UserLogin/
|
||||
login-us/
|
||||
acct_login/
|
||||
bigadmin/
|
||||
project-admins/
|
||||
phppgadmin/
|
||||
pureadmin/
|
||||
sql-admin/
|
||||
radmind/
|
||||
openvpnadmin/
|
||||
wizmysqladmin/
|
||||
vadmind/
|
||||
ezsqliteadmin/
|
||||
hpwebjetadmin/
|
||||
newsadmin/
|
||||
adminpro/
|
||||
Lotus_Domino_Admin/
|
||||
bbadmin/
|
||||
vmailadmin/
|
||||
Indy_admin/
|
||||
ccp14admin/
|
||||
irc-macadmin/
|
||||
banneradmin/
|
||||
sshadmin/
|
||||
phpldapadmin/
|
||||
macadmin/
|
||||
administratoraccounts/
|
||||
admin4_account/
|
||||
admin4_colon/
|
||||
radmind-1/
|
||||
Super-Admin/
|
||||
AdminTools/
|
||||
cmsadmin/
|
||||
SysAdmin2/
|
||||
globes_admin/
|
||||
cadmins/
|
||||
phpSQLiteAdmin/
|
||||
navSiteAdmin/
|
||||
server_admin_small/
|
||||
logo_sysadmin/
|
||||
power_user/
|
||||
system_administration/
|
||||
ss_vms_admin_sm/
|
||||
bb-admin/
|
||||
panel-administracion/
|
||||
instadmin/
|
||||
memberadmin/
|
||||
administratorlogin/
|
||||
adm.%EXT%
|
||||
admin_login.%EXT%
|
||||
panel-administracion/login.%EXT%
|
||||
pages/admin/admin-login.%EXT%
|
||||
pages/admin/
|
||||
acceso.%EXT%
|
||||
admincp/login.%EXT%
|
||||
admincp/
|
||||
adminarea/
|
||||
admincontrol/
|
||||
affiliate.%EXT%
|
||||
adm_auth.%EXT%
|
||||
memberadmin.%EXT%
|
||||
administratorlogin.%EXT%
|
||||
modules/admin/
|
||||
administrators.%EXT%
|
||||
siteadmin/
|
||||
siteadmin.%EXT%
|
||||
adminsite/
|
||||
kpanel/
|
||||
vorod/
|
||||
vorod.%EXT%
|
||||
vorud/
|
||||
vorud.%EXT%
|
||||
adminpanel/
|
||||
PSUser/
|
||||
secure/
|
||||
webmaster/
|
||||
webmaster.%EXT%
|
||||
autologin.%EXT%
|
||||
userlogin.%EXT%
|
||||
admin_area.%EXT%
|
||||
cmsadmin.%EXT%
|
||||
security/
|
||||
usr/
|
||||
root/
|
||||
secret/
|
||||
admin/login.%EXT%
|
||||
admin/adminLogin.%EXT%
|
||||
moderator.php
|
||||
moderator.html
|
||||
moderator/login.%EXT%
|
||||
moderator/admin.%EXT%
|
||||
yonetici.%EXT%
|
||||
0admin/
|
||||
0manager/
|
||||
aadmin/
|
||||
cgi-bin/login%EXT%
|
||||
login1%EXT%
|
||||
login_admin/
|
||||
login_admin%EXT%
|
||||
login_out/
|
||||
login_out%EXT%
|
||||
login_user%EXT%
|
||||
loginerror/
|
||||
loginok/
|
||||
loginsave/
|
||||
loginsuper/
|
||||
loginsuper%EXT%
|
||||
login%EXT%
|
||||
logout/
|
||||
logout%EXT%
|
||||
secrets/
|
||||
super1/
|
||||
super1%EXT%
|
||||
super_index%EXT%
|
||||
super_login%EXT%
|
||||
supermanager%EXT%
|
||||
superman%EXT%
|
||||
superuser%EXT%
|
||||
supervise/
|
||||
supervise/Login%EXT%
|
||||
super%EXT%
|
||||
/admin.php
|
||||
/admin.html
|
||||
/index.php
|
||||
/login.php
|
||||
/login.html
|
||||
/administrator
|
||||
/admin
|
||||
/adminpanel
|
||||
/cpanel
|
||||
/login
|
||||
/wp-login.php
|
||||
/administrator
|
||||
/admins
|
||||
/logins
|
||||
/admin.asp
|
||||
/login.asp
|
||||
/adm/
|
||||
/admin/
|
||||
/admin/account.html
|
||||
/admin/login.html
|
||||
/admin/login.htm
|
||||
/admin/controlpanel.html
|
||||
/admin/controlpanel.htm
|
||||
/admin/adminLogin.html
|
||||
/admin/adminLogin.htm
|
||||
/admin.htm
|
||||
/admin.html
|
||||
/adminitem/
|
||||
/adminitems/
|
||||
/administrator/
|
||||
/administrator/login.%EXT%
|
||||
/administrator.%EXT%
|
||||
/administration/
|
||||
/administration.%EXT%
|
||||
/adminLogin/
|
||||
/adminlogin.%EXT%
|
||||
/admin_area/admin.%EXT%
|
||||
/admin_area/
|
||||
/admin_area/login.%EXT%
|
||||
/manager/
|
||||
/superuser/
|
||||
/superuser.%EXT%
|
||||
/access/
|
||||
/access.%EXT%
|
||||
/sysadm/
|
||||
/sysadm.%EXT%
|
||||
/superman/
|
||||
/supervisor/
|
||||
/panel.%EXT%
|
||||
/control/
|
||||
/control.%EXT%
|
||||
/member/
|
||||
/member.%EXT%
|
||||
/members/
|
||||
/user/
|
||||
/user.%EXT%
|
||||
/cp/
|
||||
/uvpanel/
|
||||
/manage/
|
||||
/manage.%EXT%
|
||||
/management/
|
||||
/management.%EXT%
|
||||
/signin/
|
||||
/signin.%EXT%
|
||||
/log-in/
|
||||
/log-in.%EXT%
|
||||
/log_in/
|
||||
/log_in.%EXT%
|
||||
/sign_in/
|
||||
/sign_in.%EXT%
|
||||
/sign-in/
|
||||
/sign-in.%EXT%
|
||||
/users/
|
||||
/users.%EXT%
|
||||
/accounts/
|
||||
/accounts.%EXT%
|
||||
/bb-admin/login.%EXT%
|
||||
/bb-admin/admin.%EXT%
|
||||
/bb-admin/admin.html
|
||||
/administrator/account.%EXT%
|
||||
/relogin.htm
|
||||
/relogin.html
|
||||
/check.%EXT%
|
||||
/relogin.%EXT%
|
||||
/blog/wp-login.%EXT%
|
||||
/user/admin.%EXT%
|
||||
/users/admin.%EXT%
|
||||
/registration/
|
||||
/processlogin.%EXT%
|
||||
/checklogin.%EXT%
|
||||
/checkuser.%EXT%
|
||||
/checkadmin.%EXT%
|
||||
/isadmin.%EXT%
|
||||
/authenticate.%EXT%
|
||||
/authentication.%EXT%
|
||||
/auth.%EXT%
|
||||
/authuser.%EXT%
|
||||
/authadmin.%EXT%
|
||||
/cp.%EXT%
|
||||
/modelsearch/login.%EXT%
|
||||
/moderator.%EXT%
|
||||
/moderator/
|
||||
/controlpanel/
|
||||
/controlpanel.%EXT%
|
||||
/admincontrol.%EXT%
|
||||
/adminpanel.%EXT%
|
||||
/fileadmin/
|
||||
/fileadmin.%EXT%
|
||||
/sysadmin.%EXT%
|
||||
/admin1.%EXT%
|
||||
/admin1.html
|
||||
/admin1.htm
|
||||
/admin2.%EXT%
|
||||
/admin2.html
|
||||
/yonetim.%EXT%
|
||||
/yonetim.html
|
||||
/yonetici.%EXT%
|
||||
/yonetici.html
|
||||
/phpmyadmin/
|
||||
/myadmin/
|
||||
/ur-admin.%EXT%
|
||||
/ur-admin/
|
||||
/Server.%EXT%
|
||||
/Server/
|
||||
/wp-admin/
|
||||
/administr8.%EXT%
|
||||
/administr8/
|
||||
/webadmin/
|
||||
/webadmin.%EXT%
|
||||
/administratie/
|
||||
/admins/
|
||||
/admins.%EXT%
|
||||
/administrivia/
|
||||
/Database_Administration/
|
||||
/useradmin/
|
||||
/sysadmins/
|
||||
/sysadmins/
|
||||
/admin1/
|
||||
/system-administration/
|
||||
/administrators/
|
||||
/pgadmin/
|
||||
/directadmin/
|
||||
/staradmin/
|
||||
/ServerAdministrator/
|
||||
/SysAdmin/
|
||||
/administer/
|
||||
/LiveUser_Admin/
|
||||
/sys-admin/
|
||||
/typo3/
|
||||
/panel/
|
||||
/cpanel/
|
||||
/cpanel_file/
|
||||
/platz_login/
|
||||
/rcLogin/
|
||||
/blogindex/
|
||||
/formslogin/
|
||||
/autologin/
|
||||
/manuallogin/
|
||||
/simpleLogin/
|
||||
/loginflat/
|
||||
/utility_login/
|
||||
/showlogin/
|
||||
/memlogin/
|
||||
/login-redirect/
|
||||
/sub-login/
|
||||
/wp-login/
|
||||
/login1/
|
||||
/dir-login/
|
||||
/login_db/
|
||||
/xlogin/
|
||||
/smblogin/
|
||||
/customer_login/
|
||||
/UserLogin/
|
||||
/login-us/
|
||||
/acct_login/
|
||||
/bigadmin/
|
||||
/project-admins/
|
||||
/phppgadmin/
|
||||
/pureadmin/
|
||||
/sql-admin/
|
||||
/radmind/
|
||||
/openvpnadmin/
|
||||
/wizmysqladmin/
|
||||
/vadmind/
|
||||
/ezsqliteadmin/
|
||||
/hpwebjetadmin/
|
||||
/newsadmin/
|
||||
/adminpro/
|
||||
/Lotus_Domino_Admin/
|
||||
/bbadmin/
|
||||
/vmailadmin/
|
||||
/Indy_admin/
|
||||
/ccp14admin/
|
||||
/irc-macadmin/
|
||||
/banneradmin/
|
||||
/sshadmin/
|
||||
/phpldapadmin/
|
||||
/macadmin/
|
||||
/administratoraccounts/
|
||||
/admin4_account/
|
||||
/admin4_colon/
|
||||
/radmind-1/
|
||||
/Super-Admin/
|
||||
/AdminTools/
|
||||
/cmsadmin/
|
||||
/SysAdmin2/
|
||||
/globes_admin/
|
||||
/cadmins/
|
||||
/phpSQLiteAdmin/
|
||||
/navSiteAdmin/
|
||||
/server_admin_small/
|
||||
/logo_sysadmin/
|
||||
/power_user/
|
||||
/system_administration/
|
||||
/ss_vms_admin_sm/
|
||||
/bb-admin/
|
||||
/panel-administracion/
|
||||
/instadmin/
|
||||
/memberadmin/
|
||||
/administratorlogin/
|
||||
/adm.%EXT%
|
||||
/admin_login.%EXT%
|
||||
/panel-administracion/login.%EXT%
|
||||
/pages/admin/admin-login.%EXT%
|
||||
/pages/admin/
|
||||
/acceso.%EXT%
|
||||
/admincp/login.%EXT%
|
||||
/admincp/
|
||||
/adminarea/
|
||||
/admincontrol/
|
||||
/affiliate.%EXT%
|
||||
/adm_auth.%EXT%
|
||||
/memberadmin.%EXT%
|
||||
/administratorlogin.%EXT%
|
||||
/modules/admin/
|
||||
/administrators.%EXT%
|
||||
/siteadmin/
|
||||
/siteadmin.%EXT%
|
||||
/adminsite/
|
||||
/kpanel/
|
||||
/vorod/
|
||||
/vorod.%EXT%
|
||||
/vorud/
|
||||
/vorud.%EXT%
|
||||
/adminpanel/
|
||||
/PSUser/
|
||||
/secure/
|
||||
/webmaster/
|
||||
/webmaster.%EXT%
|
||||
/autologin.%EXT%
|
||||
/userlogin.%EXT%
|
||||
/admin_area.%EXT%
|
||||
/cmsadmin.%EXT%
|
||||
/security/
|
||||
/usr/
|
||||
/root/
|
||||
/secret/
|
||||
/admin/login.%EXT%
|
||||
/admin/adminLogin.%EXT%
|
||||
/moderator.php
|
||||
/moderator.html
|
||||
/moderator/login.%EXT%
|
||||
/moderator/admin.%EXT%
|
||||
/yonetici.%EXT%
|
||||
/0admin/
|
||||
/0manager/
|
||||
/aadmin/
|
||||
/cgi-bin/login%EXT%
|
||||
/login1%EXT%
|
||||
/login_admin/
|
||||
/login_admin%EXT%
|
||||
/login_out/
|
||||
/login_out%EXT%
|
||||
/login_user%EXT%
|
||||
/loginerror/
|
||||
/loginok/
|
||||
/loginsave/
|
||||
/loginsuper/
|
||||
/loginsuper%EXT%
|
||||
/login%EXT%
|
||||
/logout/
|
||||
/logout%EXT%
|
||||
/secrets/
|
||||
/super1/
|
||||
/super1%EXT%
|
||||
/super_index%EXT%
|
||||
/super_login%EXT%
|
||||
/supermanager%EXT%
|
||||
/superman%EXT%
|
||||
/superuser%EXT%
|
||||
/supervise/
|
||||
/supervise/Login%EXT%
|
||||
/super%EXT%
|
||||
105
lib/attacks/admin_panel_finder/__init__.py
Normal file
105
lib/attacks/admin_panel_finder/__init__.py
Normal file
|
|
@ -0,0 +1,105 @@
|
|||
import os
|
||||
import urllib2
|
||||
|
||||
from lib.settings import (
|
||||
logger,
|
||||
replace_http,
|
||||
set_color,
|
||||
create_tree
|
||||
)
|
||||
|
||||
|
||||
def check_for_admin_page(url, exts, protocol="http://", show_possibles=False, verbose=False):
|
||||
possible_connections, connections = set(), set()
|
||||
stripped_url = replace_http(url.strip())
|
||||
for ext in exts:
|
||||
ext = ext.strip()
|
||||
true_url = "{}{}{}".format(protocol, stripped_url, ext)
|
||||
if verbose:
|
||||
logger.debug(set_color(
|
||||
"trying '{}'...".format(true_url), level=10
|
||||
))
|
||||
try:
|
||||
urllib2.urlopen(true_url, timeout=5)
|
||||
logger.info(set_color(
|
||||
"connected successfully to '{}'...".format(true_url)
|
||||
))
|
||||
connections.add(true_url)
|
||||
except urllib2.HTTPError as e:
|
||||
data = str(e).split(" ")
|
||||
if verbose:
|
||||
if "Access Denied" in str(e):
|
||||
logger.warning(set_color(
|
||||
"got access denied, possible control panel found without external access on '{}'...".format(
|
||||
true_url
|
||||
),
|
||||
level=30
|
||||
))
|
||||
possible_connections.add(true_url)
|
||||
else:
|
||||
logger.error(set_color(
|
||||
"failed to connect got error code {}...".format(
|
||||
data[2]
|
||||
), level=40
|
||||
))
|
||||
else:
|
||||
pass
|
||||
except Exception as e:
|
||||
if verbose:
|
||||
if "<urlopen error timed out>" or "timeout: timed out" in str(e):
|
||||
logger.warning(set_color(
|
||||
"connection timed out after five seconds "
|
||||
"assuming won't connect and skipping...", level=30
|
||||
))
|
||||
else:
|
||||
logger.exception(set_color(
|
||||
"failed to connect with unexpected error '{}'...".format(str(e)), level=50
|
||||
))
|
||||
else:
|
||||
pass
|
||||
possible_connections, connections = list(possible_connections), list(connections)
|
||||
data_msg = "found {} possible connections(s) and {} successful connection(s)..."
|
||||
logger.info(set_color(
|
||||
data_msg.format(len(possible_connections), len(connections))
|
||||
))
|
||||
if len(connections) != 0:
|
||||
logger.info(set_color(
|
||||
"creating connection tree..."
|
||||
))
|
||||
create_tree(url, connections)
|
||||
else:
|
||||
logger.fatal(set_color(
|
||||
"did not find any successful connections to {}'s "
|
||||
"admin page", level=50
|
||||
))
|
||||
if show_possibles:
|
||||
if len(possible_connections) != 0:
|
||||
logger.info(set_color(
|
||||
"creating possible connection tree..."
|
||||
))
|
||||
create_tree(url, possible_connections)
|
||||
else:
|
||||
logger.fatal(set_color(
|
||||
"did not find any possible connections to {}'s "
|
||||
"admin page", level=50
|
||||
))
|
||||
|
||||
|
||||
def __load_extensions(filename="{}/etc/link_ext.txt"):
|
||||
with open(filename.format(os.getcwd())) as ext:
|
||||
return ext.readlines()
|
||||
|
||||
|
||||
def main(url, show=False, verbose=False):
|
||||
logger.info(set_color(
|
||||
"loading extensions..."
|
||||
))
|
||||
extensions = __load_extensions()
|
||||
if verbose:
|
||||
logger.debug(set_color(
|
||||
"loaded a total of {} extensions...".format(len(extensions)), level=10
|
||||
))
|
||||
logger.info(set_color(
|
||||
"attempting to bruteforce admin panel..."
|
||||
))
|
||||
check_for_admin_page(url, extensions, show_possibles=show, verbose=verbose)
|
||||
|
|
@ -17,7 +17,7 @@ import bin.unzip_gecko
|
|||
# clone link
|
||||
CLONE = "https://github.com/ekultek/zeus-scanner.git"
|
||||
# current version <major.minor.commit.patch ID>
|
||||
VERSION = "1.0.12"
|
||||
VERSION = "1.0.13"
|
||||
# colors to output depending on the version
|
||||
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
|
||||
# version string formatting
|
||||
|
|
@ -241,10 +241,12 @@ def replace_http(url):
|
|||
delete the queries from the URL
|
||||
"""
|
||||
return data.split("/")[0]
|
||||
|
||||
url_list = url.split("//")
|
||||
new_url = url_list[1]
|
||||
return __remove_queries(new_url)
|
||||
try:
|
||||
url_list = url.split("//")
|
||||
new_url = url_list[1]
|
||||
return __remove_queries(new_url)
|
||||
except IndexError:
|
||||
return url
|
||||
|
||||
|
||||
def grab_random_agent(agent_path="{}/etc/agents.txt", verbose=False):
|
||||
|
|
@ -340,4 +342,15 @@ def update_zeus():
|
|||
else:
|
||||
logger.fatal(set_color(
|
||||
"no git repository found in directory, unable to update automatically..."
|
||||
))
|
||||
))
|
||||
|
||||
|
||||
def create_tree(start, conns, down="|", over="-", sep="-" * 40):
|
||||
print("{}\nStarting URL: {}\n\nConnections:".format(sep, start))
|
||||
for con in conns:
|
||||
print(
|
||||
"{}{}{}".format(
|
||||
down, over, con
|
||||
)
|
||||
)
|
||||
print(sep)
|
||||
|
|
|
|||
41
zeus.py
41
zeus.py
|
|
@ -10,6 +10,7 @@ import httplib as http_client
|
|||
from var import blackwidow
|
||||
from var.google_search import search
|
||||
from lib.errors import InvalidInputProvided
|
||||
from lib.attacks.admin_panel_finder import main
|
||||
from lib.attacks.nmap_scan.nmap_opts import NMAP_API_OPTS
|
||||
from lib.attacks.sqlmap_scan.sqlmap_opts import SQLMAP_API_OPTIONS
|
||||
|
||||
|
|
@ -67,6 +68,8 @@ if __name__ == "__main__":
|
|||
help="Run a Nmap port scan on the discovered URL's")
|
||||
attacks.add_option("-i", "--intel-check", dest="intelCheck", action="store_true",
|
||||
help="Check if a URL's host is exploitable via Intel ME AMT (CVE-2017-5689)")
|
||||
attacks.add_option("-a", "--admin-panel", dest="adminPanelFinder", action="store_true",
|
||||
help="Search for the websites admin panel")
|
||||
attacks.add_option("--sqlmap-args", dest="sqlmapArguments", metavar="SQLMAP-ARGS",
|
||||
help="Pass the arguments to send to the sqlmap API within quotes & "
|
||||
"separated by a comma. IE 'dbms mysql, verbose 3, level 5'")
|
||||
|
|
@ -77,8 +80,12 @@ if __name__ == "__main__":
|
|||
help="Attempt to automatically find sqlmap on your system")
|
||||
attacks.add_option("--search-here", dest="givenSearchPath", metavar="PATH-TO-START",
|
||||
help="Start searching for sqlmap in this given path")
|
||||
attacks.add_option("--show", dest="showSqlmapArguments", action="store_true",
|
||||
attacks.add_option("--show-sqlmap", dest="showSqlmapArguments", action="store_true",
|
||||
help="Show the arguments that the sqlmap API understands")
|
||||
attacks.add_option("--show-nmap", dest="showNmapArgs", action="store_true",
|
||||
help="Show the arguments that nmap understands")
|
||||
attacks.add_option("-P", "--show-possibles", dest="showAllConnections", action="store_true",
|
||||
help="Show all connections made during the admin panel search")
|
||||
|
||||
# search engine options
|
||||
engines = optparse.OptionGroup(parser, "Search engine arguments",
|
||||
|
|
@ -297,7 +304,7 @@ if __name__ == "__main__":
|
|||
|
||||
def __run_attacks(
|
||||
url, sqlmap=False, verbose=False, nmap=False,
|
||||
intel=False, given_path=None, auto=False, batch=False
|
||||
intel=False, admin=False, given_path=None, auto=False, batch=False
|
||||
):
|
||||
"""
|
||||
run the attacks if any are requested
|
||||
|
|
@ -319,6 +326,8 @@ if __name__ == "__main__":
|
|||
elif intel:
|
||||
url_ip_address = replace_http(url.strip())
|
||||
return intel_me.intel_amt_main(url_ip_address, proxy=proxy_to_use, verbose=verbose)
|
||||
elif admin:
|
||||
main(url, show=opt.showAllConnections, verbose=verbose)
|
||||
else:
|
||||
pass
|
||||
else:
|
||||
|
|
@ -348,12 +357,12 @@ if __name__ == "__main__":
|
|||
pass
|
||||
|
||||
urls_to_use = get_latest_log_file(URL_LOG_PATH)
|
||||
if opt.runSqliScan or opt.runPortScan or opt.intelCheck:
|
||||
if opt.runSqliScan or opt.runPortScan or opt.intelCheck or opt.adminPanelFinder:
|
||||
with open(urls_to_use) as urls:
|
||||
for url in urls.readlines():
|
||||
__run_attacks(url.strip(), sqlmap=opt.runSqliScan, nmap=opt.runPortScan, intel=opt.intelCheck,
|
||||
given_path=opt.givenSearchPath, auto=opt.autoStartSqlmap, verbose=opt.runInVerbose,
|
||||
batch=opt.runInBatch)
|
||||
admin=opt.adminPanelFinder, given_path=opt.givenSearchPath,
|
||||
auto=opt.autoStartSqlmap, verbose=opt.runInVerbose, batch=opt.runInBatch)
|
||||
|
||||
# use a file full of dorks as the queries
|
||||
elif opt.dorkFileToUse is not None:
|
||||
|
|
@ -375,12 +384,12 @@ if __name__ == "__main__":
|
|||
pass
|
||||
|
||||
urls_to_use = get_latest_log_file(URL_LOG_PATH)
|
||||
if opt.runSqliScan or opt.runPortScan or opt.intelCheck:
|
||||
if opt.runSqliScan or opt.runPortScan or opt.intelCheck or opt.adminPanelFinder:
|
||||
with open(urls_to_use) as urls:
|
||||
for url in urls.readlines():
|
||||
__run_attacks(url.strip(), sqlmap=opt.runSqliScan, nmap=opt.runPortScan, intel=opt.intelCheck,
|
||||
given_path=opt.givenSearchPath, auto=opt.autoStartSqlmap, verbose=opt.runInVerbose,
|
||||
batch=opt.runInBatch)
|
||||
admin=opt.adminPanelFinder, given_path=opt.givenSearchPath,
|
||||
auto=opt.autoStartSqlmap, verbose=opt.runInVerbose, batch=opt.runInBatch)
|
||||
|
||||
# use a random dork as the query
|
||||
elif opt.useRandomDork:
|
||||
|
|
@ -398,12 +407,14 @@ if __name__ == "__main__":
|
|||
proxy=proxy_to_use, agent=agent_to_use
|
||||
)
|
||||
urls_to_use = get_latest_log_file(URL_LOG_PATH)
|
||||
if opt.runSqliScan or opt.runPortScan or opt.intelCheck:
|
||||
if opt.runSqliScan or opt.runPortScan or opt.intelCheck or opt.adminPanelFinder:
|
||||
with open(urls_to_use) as urls:
|
||||
for url in urls.readlines():
|
||||
__run_attacks(url.strip(), sqlmap=opt.runSqliScan, nmap=opt.runPortScan, intel=opt.intelCheck,
|
||||
given_path=opt.givenSearchPath, auto=opt.autoStartSqlmap, verbose=opt.runInVerbose,
|
||||
batch=opt.runInBatch)
|
||||
__run_attacks(url.strip(), sqlmap=opt.runSqliScan, nmap=opt.runPortScan,
|
||||
intel=opt.intelCheck,
|
||||
admin=opt.adminPanelFinder, given_path=opt.givenSearchPath,
|
||||
auto=opt.autoStartSqlmap, verbose=opt.runInVerbose, batch=opt.runInBatch)
|
||||
|
||||
except Exception as e:
|
||||
logger.exception(set_color(
|
||||
"ran into exception '{}' and cannot continue, saved to current log file...".format(e),
|
||||
|
|
@ -429,12 +440,12 @@ if __name__ == "__main__":
|
|||
blackwidow.blackwidow_main(opt.spiderWebSite, agent=agent_to_use, proxy=proxy_to_use, verbose=opt.runInVerbose)
|
||||
|
||||
urls_to_use = get_latest_log_file(SPIDER_LOG_PATH)
|
||||
if opt.runSqliScan or opt.runPortScan or opt.intelCheck:
|
||||
if opt.runSqliScan or opt.runPortScan or opt.intelCheck or opt.adminPanelFinder:
|
||||
with open(urls_to_use) as urls:
|
||||
for url in urls.readlines():
|
||||
__run_attacks(url.strip(), sqlmap=opt.runSqliScan, nmap=opt.runPortScan, intel=opt.intelCheck,
|
||||
given_path=opt.givenSearchPath, auto=opt.autoStartSqlmap, verbose=opt.runInVerbose,
|
||||
batch=opt.runInBatch)
|
||||
admin=opt.adminPanelFinder, given_path=opt.givenSearchPath,
|
||||
auto=opt.autoStartSqlmap, verbose=opt.runInVerbose, batch=opt.runInBatch)
|
||||
|
||||
else:
|
||||
logger.critical(set_color(
|
||||
|
|
|
|||
Loading…
Reference in a new issue