mirror of
https://github.com/Ekultek/Zeus-Scanner.git
synced 2026-03-11 08:55:51 +00:00
added the ability to create arguments for nmap
This commit is contained in:
parent
98e0c6b8b6
commit
47561c3aab
6 changed files with 379 additions and 22 deletions
|
|
@ -1 +0,0 @@
|
|||
FALSE
|
||||
297
etc/link_ext.txt
Normal file
297
etc/link_ext.txt
Normal file
|
|
@ -0,0 +1,297 @@
|
|||
:23
|
||||
:82
|
||||
:2082
|
||||
:2083
|
||||
admin.php
|
||||
admin.html
|
||||
index.php
|
||||
login.php
|
||||
login.html
|
||||
administrator
|
||||
admin
|
||||
adminpanel
|
||||
cpanel
|
||||
login
|
||||
wp-login.php
|
||||
administrator
|
||||
admins
|
||||
logins
|
||||
admin.asp
|
||||
login.asp
|
||||
adm/
|
||||
admin/
|
||||
admin/account.html
|
||||
admin/login.html
|
||||
admin/login.htm
|
||||
admin/controlpanel.html
|
||||
admin/controlpanel.htm
|
||||
admin/adminLogin.html
|
||||
admin/adminLogin.htm
|
||||
admin.htm
|
||||
admin.html
|
||||
adminitem/
|
||||
adminitems/
|
||||
administrator/
|
||||
administrator/login.%EXT%
|
||||
administrator.%EXT%
|
||||
administration/
|
||||
administration.%EXT%
|
||||
adminLogin/
|
||||
adminlogin.%EXT%
|
||||
admin_area/admin.%EXT%
|
||||
admin_area/
|
||||
admin_area/login.%EXT%
|
||||
manager/
|
||||
superuser/
|
||||
superuser.%EXT%
|
||||
access/
|
||||
access.%EXT%
|
||||
sysadm/
|
||||
sysadm.%EXT%
|
||||
superman/
|
||||
supervisor/
|
||||
panel.%EXT%
|
||||
control/
|
||||
control.%EXT%
|
||||
member/
|
||||
member.%EXT%
|
||||
members/
|
||||
user/
|
||||
user.%EXT%
|
||||
cp/
|
||||
uvpanel/
|
||||
manage/
|
||||
manage.%EXT%
|
||||
management/
|
||||
management.%EXT%
|
||||
signin/
|
||||
signin.%EXT%
|
||||
log-in/
|
||||
log-in.%EXT%
|
||||
log_in/
|
||||
log_in.%EXT%
|
||||
sign_in/
|
||||
sign_in.%EXT%
|
||||
sign-in/
|
||||
sign-in.%EXT%
|
||||
users/
|
||||
users.%EXT%
|
||||
accounts/
|
||||
accounts.%EXT%
|
||||
bb-admin/login.%EXT%
|
||||
bb-admin/admin.%EXT%
|
||||
bb-admin/admin.html
|
||||
administrator/account.%EXT%
|
||||
relogin.htm
|
||||
relogin.html
|
||||
check.%EXT%
|
||||
relogin.%EXT%
|
||||
blog/wp-login.%EXT%
|
||||
user/admin.%EXT%
|
||||
users/admin.%EXT%
|
||||
registration/
|
||||
processlogin.%EXT%
|
||||
checklogin.%EXT%
|
||||
checkuser.%EXT%
|
||||
checkadmin.%EXT%
|
||||
isadmin.%EXT%
|
||||
authenticate.%EXT%
|
||||
authentication.%EXT%
|
||||
auth.%EXT%
|
||||
authuser.%EXT%
|
||||
authadmin.%EXT%
|
||||
cp.%EXT%
|
||||
modelsearch/login.%EXT%
|
||||
moderator.%EXT%
|
||||
moderator/
|
||||
controlpanel/
|
||||
controlpanel.%EXT%
|
||||
admincontrol.%EXT%
|
||||
adminpanel.%EXT%
|
||||
fileadmin/
|
||||
fileadmin.%EXT%
|
||||
sysadmin.%EXT%
|
||||
admin1.%EXT%
|
||||
admin1.html
|
||||
admin1.htm
|
||||
admin2.%EXT%
|
||||
admin2.html
|
||||
yonetim.%EXT%
|
||||
yonetim.html
|
||||
yonetici.%EXT%
|
||||
yonetici.html
|
||||
phpmyadmin/
|
||||
myadmin/
|
||||
ur-admin.%EXT%
|
||||
ur-admin/
|
||||
Server.%EXT%
|
||||
Server/
|
||||
wp-admin/
|
||||
administr8.%EXT%
|
||||
administr8/
|
||||
webadmin/
|
||||
webadmin.%EXT%
|
||||
administratie/
|
||||
admins/
|
||||
admins.%EXT%
|
||||
administrivia/
|
||||
Database_Administration/
|
||||
useradmin/
|
||||
sysadmins/
|
||||
sysadmins/
|
||||
admin1/
|
||||
system-administration/
|
||||
administrators/
|
||||
pgadmin/
|
||||
directadmin/
|
||||
staradmin/
|
||||
ServerAdministrator/
|
||||
SysAdmin/
|
||||
administer/
|
||||
LiveUser_Admin/
|
||||
sys-admin/
|
||||
typo3/
|
||||
panel/
|
||||
cpanel/
|
||||
cpanel_file/
|
||||
platz_login/
|
||||
rcLogin/
|
||||
blogindex/
|
||||
formslogin/
|
||||
autologin/
|
||||
manuallogin/
|
||||
simpleLogin/
|
||||
loginflat/
|
||||
utility_login/
|
||||
showlogin/
|
||||
memlogin/
|
||||
login-redirect/
|
||||
sub-login/
|
||||
wp-login/
|
||||
login1/
|
||||
dir-login/
|
||||
login_db/
|
||||
xlogin/
|
||||
smblogin/
|
||||
customer_login/
|
||||
UserLogin/
|
||||
login-us/
|
||||
acct_login/
|
||||
bigadmin/
|
||||
project-admins/
|
||||
phppgadmin/
|
||||
pureadmin/
|
||||
sql-admin/
|
||||
radmind/
|
||||
openvpnadmin/
|
||||
wizmysqladmin/
|
||||
vadmind/
|
||||
ezsqliteadmin/
|
||||
hpwebjetadmin/
|
||||
newsadmin/
|
||||
adminpro/
|
||||
Lotus_Domino_Admin/
|
||||
bbadmin/
|
||||
vmailadmin/
|
||||
Indy_admin/
|
||||
ccp14admin/
|
||||
irc-macadmin/
|
||||
banneradmin/
|
||||
sshadmin/
|
||||
phpldapadmin/
|
||||
macadmin/
|
||||
administratoraccounts/
|
||||
admin4_account/
|
||||
admin4_colon/
|
||||
radmind-1/
|
||||
Super-Admin/
|
||||
AdminTools/
|
||||
cmsadmin/
|
||||
SysAdmin2/
|
||||
globes_admin/
|
||||
cadmins/
|
||||
phpSQLiteAdmin/
|
||||
navSiteAdmin/
|
||||
server_admin_small/
|
||||
logo_sysadmin/
|
||||
power_user/
|
||||
system_administration/
|
||||
ss_vms_admin_sm/
|
||||
bb-admin/
|
||||
panel-administracion/
|
||||
instadmin/
|
||||
memberadmin/
|
||||
administratorlogin/
|
||||
adm.%EXT%
|
||||
admin_login.%EXT%
|
||||
panel-administracion/login.%EXT%
|
||||
pages/admin/admin-login.%EXT%
|
||||
pages/admin/
|
||||
acceso.%EXT%
|
||||
admincp/login.%EXT%
|
||||
admincp/
|
||||
adminarea/
|
||||
admincontrol/
|
||||
affiliate.%EXT%
|
||||
adm_auth.%EXT%
|
||||
memberadmin.%EXT%
|
||||
administratorlogin.%EXT%
|
||||
modules/admin/
|
||||
administrators.%EXT%
|
||||
siteadmin/
|
||||
siteadmin.%EXT%
|
||||
adminsite/
|
||||
kpanel/
|
||||
vorod/
|
||||
vorod.%EXT%
|
||||
vorud/
|
||||
vorud.%EXT%
|
||||
adminpanel/
|
||||
PSUser/
|
||||
secure/
|
||||
webmaster/
|
||||
webmaster.%EXT%
|
||||
autologin.%EXT%
|
||||
userlogin.%EXT%
|
||||
admin_area.%EXT%
|
||||
cmsadmin.%EXT%
|
||||
security/
|
||||
usr/
|
||||
root/
|
||||
secret/
|
||||
admin/login.%EXT%
|
||||
admin/adminLogin.%EXT%
|
||||
moderator.php
|
||||
moderator.html
|
||||
moderator/login.%EXT%
|
||||
moderator/admin.%EXT%
|
||||
yonetici.%EXT%
|
||||
0admin/
|
||||
0manager/
|
||||
aadmin/
|
||||
cgi-bin/login%EXT%
|
||||
login1%EXT%
|
||||
login_admin/
|
||||
login_admin%EXT%
|
||||
login_out/
|
||||
login_out%EXT%
|
||||
login_user%EXT%
|
||||
loginerror/
|
||||
loginok/
|
||||
loginsave/
|
||||
loginsuper/
|
||||
loginsuper%EXT%
|
||||
login%EXT%
|
||||
logout/
|
||||
logout%EXT%
|
||||
secrets/
|
||||
super1/
|
||||
super1%EXT%
|
||||
super_index%EXT%
|
||||
super_login%EXT%
|
||||
supermanager%EXT%
|
||||
superman%EXT%
|
||||
superuser%EXT%
|
||||
supervise/
|
||||
supervise/Login%EXT%
|
||||
super%EXT%
|
||||
|
|
@ -22,19 +22,23 @@ class NmapHook(object):
|
|||
|
||||
def __init__(self, ip, verbose=False, pretty=True,
|
||||
dirname="{}/log/scanner-log".format(os.getcwd()), filename="nmap_scan-results-{}.json",
|
||||
ports=None):
|
||||
ports=None, opts=None):
|
||||
self.ip = ip
|
||||
self.verbose = verbose
|
||||
self.pretty = pretty
|
||||
self.dir = dirname
|
||||
self.file = filename
|
||||
self.ports = ports
|
||||
if opts is None:
|
||||
self.opts = ""
|
||||
else:
|
||||
self.opts = " ".join(opts)
|
||||
|
||||
def _get_all_info(self):
|
||||
"""
|
||||
get all the information from the scan
|
||||
"""
|
||||
scanned_data = self.NM.scan(self.ip, ports=self.ports)
|
||||
scanned_data = self.NM.scan(self.ip, ports=self.ports, arguments=self.opts)
|
||||
if self.pretty:
|
||||
scanned_data = json.dumps(scanned_data, indent=4, sort_keys=True)
|
||||
return scanned_data
|
||||
|
|
@ -87,7 +91,7 @@ def find_nmap(item_name="nmap", given_search_path=None, verbose=False):
|
|||
return find_application(item_name, given_search_path=given_search_path, verbose=verbose)
|
||||
|
||||
|
||||
def perform_port_scan(url, ports=None, scanner=NmapHook, verbose=False, full_path=None, **kwargs):
|
||||
def perform_port_scan(url, ports=None, scanner=NmapHook, verbose=False, opts=None, **kwargs):
|
||||
"""
|
||||
main function that will initalize the port scanning
|
||||
"""
|
||||
|
|
@ -113,7 +117,7 @@ def perform_port_scan(url, ports=None, scanner=NmapHook, verbose=False, full_pat
|
|||
"starting port scan on IP address '{}'...".format(found_ip_address)
|
||||
))
|
||||
try:
|
||||
data = scanner(found_ip_address, ports=ports)
|
||||
data = scanner(found_ip_address, ports=ports, opts=opts)
|
||||
json_data = data._get_all_info()
|
||||
data.show_open_ports(json_data)
|
||||
file_path = data.send_to_file(json_data)
|
||||
|
|
|
|||
23
lib/attacks/nmap_scan/nmap_opts.py
Normal file
23
lib/attacks/nmap_scan/nmap_opts.py
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
NMAP_API_OPTS = {
|
||||
"-iL", "-iR", "--exclude", "--excludefile", "-sL",
|
||||
"-sn", "-Pn", "-PS", "-PA", "-PU", "-PY", "-PE",
|
||||
"-PP", "-PM", "-PO", "-n", "-R", "--dns-servers", "--system-dns",
|
||||
"--traceroute", "-sS", "-sT", "-sA", "-sW", "-sM", "-sU", "-sN",
|
||||
"-sF", "-sX", "--scanflags", "-sI", "-sY", "-sZ", "-sO", "-b",
|
||||
"-p", "--exclude-ports", "-F", "-r",
|
||||
"--top-ports", "--port-ratio", "-sV", "--version-intensity",
|
||||
"--version-light", "--version-all", "--version-trace", "-sC",
|
||||
"--script", "--script-args", "--script-args-file", "--script-trace",
|
||||
"--script-updatedb", "--script-help", "-O", "--osscan-limit",
|
||||
"--osscan-guess", "-T", "--min-hostgroup", "--max-hostgroup",
|
||||
"--min-parallelism", "--max-parallelism", "--min-rtt-timeout", "--max-rtt-timeout",
|
||||
"--initial-rtt-timeout", "--max-retries", "--host-timeout", "--scan-delay",
|
||||
"--max-scan-delay", "--min-rate", "--max-rate", "-f", "--mtu", "-D", "-S", "-e",
|
||||
"-g", "--source-port", "--proxies", "--data",
|
||||
"--data-string", "--data-length", "--ip-options", "--ttl",
|
||||
"--spoof-mac", "--badsum", "-oN", "-oX", "-oS", "-oG", "-oA", "-v",
|
||||
"-d", "--reason", "--open", "--packet-trace",
|
||||
"--iflist", "--append-output", "--resume", "--stylesheet",
|
||||
"--webxml", "--no-stylesheet", "-6", "-A",
|
||||
"--datadir", "--send-eth/--send-ip", "--privileged", "--unprivileged", "-V", "-h",
|
||||
}
|
||||
|
|
@ -17,7 +17,7 @@ import bin.unzip_gecko
|
|||
# clone link
|
||||
CLONE = "https://github.com/ekultek/zeus-scanner.git"
|
||||
# current version <major.minor.commit.patch ID>
|
||||
VERSION = "1.0.11.4666"
|
||||
VERSION = "1.0.12"
|
||||
# colors to output depending on the version
|
||||
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
|
||||
# version string formatting
|
||||
|
|
|
|||
66
zeus.py
66
zeus.py
|
|
@ -7,10 +7,12 @@ import subprocess
|
|||
import random
|
||||
import httplib as http_client
|
||||
|
||||
from var.google_search import search
|
||||
from var import blackwidow
|
||||
from lib.attacks.sqlmap_scan.sqlmap_opts import SQLMAP_API_OPTIONS
|
||||
from var.google_search import search
|
||||
from lib.errors import InvalidInputProvided
|
||||
from lib.attacks.nmap_scan.nmap_opts import NMAP_API_OPTS
|
||||
from lib.attacks.sqlmap_scan.sqlmap_opts import SQLMAP_API_OPTIONS
|
||||
|
||||
from lib.attacks import (
|
||||
nmap_scan,
|
||||
sqlmap_scan,
|
||||
|
|
@ -68,6 +70,9 @@ if __name__ == "__main__":
|
|||
attacks.add_option("--sqlmap-args", dest="sqlmapArguments", metavar="SQLMAP-ARGS",
|
||||
help="Pass the arguments to send to the sqlmap API within quotes & "
|
||||
"separated by a comma. IE 'dbms mysql, verbose 3, level 5'")
|
||||
attacks.add_option("--nmap-args", dest="nmapArguments", metavar="NMAP-ARGS",
|
||||
help="Pass the arguments to send to the nmap API within quotes & "
|
||||
"separated by a pipe. IE '-O|-p 445, 1080'")
|
||||
attacks.add_option("--auto-start", dest="autoStartSqlmap", action="store_true",
|
||||
help="Attempt to automatically find sqlmap on your system")
|
||||
attacks.add_option("--search-here", dest="givenSearchPath", metavar="PATH-TO-START",
|
||||
|
|
@ -242,22 +247,51 @@ if __name__ == "__main__":
|
|||
return se
|
||||
|
||||
|
||||
def __create_sqlmap_arguments():
|
||||
def __create_arguments(sqlmap=False, nmap=False):
|
||||
"""
|
||||
create the sqlmap arguments (a list of tuples) that will be passed to the API
|
||||
"""
|
||||
logger.info(set_color(
|
||||
"creating arguments for {}...".format("sqlmap" if sqlmap else "nmap")
|
||||
))
|
||||
retval = []
|
||||
if opt.sqlmapArguments is not None:
|
||||
for line in opt.sqlmapArguments.split(","):
|
||||
to_use = line.strip().split(" ")
|
||||
option = (to_use[0], to_use[1])
|
||||
if to_use[0] in SQLMAP_API_OPTIONS:
|
||||
retval.append(option)
|
||||
else:
|
||||
logger.warning(set_color(
|
||||
"option '{}' is not recognized by sqlmap API, skipping...".format(option[0]),
|
||||
level=30
|
||||
))
|
||||
splitter = {"sqlmap": ",", "nmap": "|"}
|
||||
if sqlmap:
|
||||
if opt.sqlmapArguments is not None:
|
||||
for line in opt.sqlmapArguments.split(splitter["sqlmap"]):
|
||||
to_use = line.strip().split(" ")
|
||||
option = (to_use[0], to_use[1])
|
||||
if to_use[0] in SQLMAP_API_OPTIONS:
|
||||
retval.append(option)
|
||||
else:
|
||||
logger.warning(set_color(
|
||||
"option '{}' is not recognized by sqlmap API, skipping...".format(option[0]),
|
||||
level=30
|
||||
))
|
||||
elif nmap:
|
||||
warning_msg = "option {} is not known by the nmap api, skipping..."
|
||||
if opt.nmapArguments is not None:
|
||||
for line in opt.nmapArguments.split(splitter["nmap"]):
|
||||
try:
|
||||
data = line.index(" ")
|
||||
except:
|
||||
data = None
|
||||
pass
|
||||
if data is not None:
|
||||
argument = line[0:data]
|
||||
if argument in NMAP_API_OPTS:
|
||||
retval.append(line)
|
||||
else:
|
||||
logger.warning(set_color(
|
||||
warning_msg.format(argument), level=30
|
||||
))
|
||||
else:
|
||||
if line in NMAP_API_OPTS:
|
||||
retval.append(line)
|
||||
else:
|
||||
logger.warning(set_color(
|
||||
warning_msg.format(line), level=30
|
||||
))
|
||||
return retval
|
||||
|
||||
|
||||
|
|
@ -277,11 +311,11 @@ if __name__ == "__main__":
|
|||
|
||||
if question.lower().startswith("y"):
|
||||
if sqlmap:
|
||||
return sqlmap_scan.sqlmap_scan_main(url.strip(), verbose=verbose, opts=__create_sqlmap_arguments(),
|
||||
return sqlmap_scan.sqlmap_scan_main(url.strip(), verbose=verbose, opts=__create_arguments(sqlmap=True),
|
||||
auto_search=auto, given_path=given_path)
|
||||
elif nmap:
|
||||
url_ip_address = replace_http(url.strip())
|
||||
return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose)
|
||||
return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose, opts=__create_arguments(nmap=True))
|
||||
elif intel:
|
||||
url_ip_address = replace_http(url.strip())
|
||||
return intel_me.intel_amt_main(url_ip_address, proxy=proxy_to_use, verbose=verbose)
|
||||
|
|
|
|||
Loading…
Reference in a new issue