added the ability to create arguments for nmap

This commit is contained in:
ekultek 2017-09-18 15:25:42 -05:00
parent 98e0c6b8b6
commit 47561c3aab
6 changed files with 379 additions and 22 deletions

View file

@ -1 +0,0 @@
FALSE

297
etc/link_ext.txt Normal file
View file

@ -0,0 +1,297 @@
:23
:82
:2082
:2083
admin.php
admin.html
index.php
login.php
login.html
administrator
admin
adminpanel
cpanel
login
wp-login.php
administrator
admins
logins
admin.asp
login.asp
adm/
admin/
admin/account.html
admin/login.html
admin/login.htm
admin/controlpanel.html
admin/controlpanel.htm
admin/adminLogin.html
admin/adminLogin.htm
admin.htm
admin.html
adminitem/
adminitems/
administrator/
administrator/login.%EXT%
administrator.%EXT%
administration/
administration.%EXT%
adminLogin/
adminlogin.%EXT%
admin_area/admin.%EXT%
admin_area/
admin_area/login.%EXT%
manager/
superuser/
superuser.%EXT%
access/
access.%EXT%
sysadm/
sysadm.%EXT%
superman/
supervisor/
panel.%EXT%
control/
control.%EXT%
member/
member.%EXT%
members/
user/
user.%EXT%
cp/
uvpanel/
manage/
manage.%EXT%
management/
management.%EXT%
signin/
signin.%EXT%
log-in/
log-in.%EXT%
log_in/
log_in.%EXT%
sign_in/
sign_in.%EXT%
sign-in/
sign-in.%EXT%
users/
users.%EXT%
accounts/
accounts.%EXT%
bb-admin/login.%EXT%
bb-admin/admin.%EXT%
bb-admin/admin.html
administrator/account.%EXT%
relogin.htm
relogin.html
check.%EXT%
relogin.%EXT%
blog/wp-login.%EXT%
user/admin.%EXT%
users/admin.%EXT%
registration/
processlogin.%EXT%
checklogin.%EXT%
checkuser.%EXT%
checkadmin.%EXT%
isadmin.%EXT%
authenticate.%EXT%
authentication.%EXT%
auth.%EXT%
authuser.%EXT%
authadmin.%EXT%
cp.%EXT%
modelsearch/login.%EXT%
moderator.%EXT%
moderator/
controlpanel/
controlpanel.%EXT%
admincontrol.%EXT%
adminpanel.%EXT%
fileadmin/
fileadmin.%EXT%
sysadmin.%EXT%
admin1.%EXT%
admin1.html
admin1.htm
admin2.%EXT%
admin2.html
yonetim.%EXT%
yonetim.html
yonetici.%EXT%
yonetici.html
phpmyadmin/
myadmin/
ur-admin.%EXT%
ur-admin/
Server.%EXT%
Server/
wp-admin/
administr8.%EXT%
administr8/
webadmin/
webadmin.%EXT%
administratie/
admins/
admins.%EXT%
administrivia/
Database_Administration/
useradmin/
sysadmins/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
radmind/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
Indy_admin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
SysAdmin2/
globes_admin/
cadmins/
phpSQLiteAdmin/
navSiteAdmin/
server_admin_small/
logo_sysadmin/
power_user/
system_administration/
ss_vms_admin_sm/
bb-admin/
panel-administracion/
instadmin/
memberadmin/
administratorlogin/
adm.%EXT%
admin_login.%EXT%
panel-administracion/login.%EXT%
pages/admin/admin-login.%EXT%
pages/admin/
acceso.%EXT%
admincp/login.%EXT%
admincp/
adminarea/
admincontrol/
affiliate.%EXT%
adm_auth.%EXT%
memberadmin.%EXT%
administratorlogin.%EXT%
modules/admin/
administrators.%EXT%
siteadmin/
siteadmin.%EXT%
adminsite/
kpanel/
vorod/
vorod.%EXT%
vorud/
vorud.%EXT%
adminpanel/
PSUser/
secure/
webmaster/
webmaster.%EXT%
autologin.%EXT%
userlogin.%EXT%
admin_area.%EXT%
cmsadmin.%EXT%
security/
usr/
root/
secret/
admin/login.%EXT%
admin/adminLogin.%EXT%
moderator.php
moderator.html
moderator/login.%EXT%
moderator/admin.%EXT%
yonetici.%EXT%
0admin/
0manager/
aadmin/
cgi-bin/login%EXT%
login1%EXT%
login_admin/
login_admin%EXT%
login_out/
login_out%EXT%
login_user%EXT%
loginerror/
loginok/
loginsave/
loginsuper/
loginsuper%EXT%
login%EXT%
logout/
logout%EXT%
secrets/
super1/
super1%EXT%
super_index%EXT%
super_login%EXT%
supermanager%EXT%
superman%EXT%
superuser%EXT%
supervise/
supervise/Login%EXT%
super%EXT%

View file

@ -22,19 +22,23 @@ class NmapHook(object):
def __init__(self, ip, verbose=False, pretty=True,
dirname="{}/log/scanner-log".format(os.getcwd()), filename="nmap_scan-results-{}.json",
ports=None):
ports=None, opts=None):
self.ip = ip
self.verbose = verbose
self.pretty = pretty
self.dir = dirname
self.file = filename
self.ports = ports
if opts is None:
self.opts = ""
else:
self.opts = " ".join(opts)
def _get_all_info(self):
"""
get all the information from the scan
"""
scanned_data = self.NM.scan(self.ip, ports=self.ports)
scanned_data = self.NM.scan(self.ip, ports=self.ports, arguments=self.opts)
if self.pretty:
scanned_data = json.dumps(scanned_data, indent=4, sort_keys=True)
return scanned_data
@ -87,7 +91,7 @@ def find_nmap(item_name="nmap", given_search_path=None, verbose=False):
return find_application(item_name, given_search_path=given_search_path, verbose=verbose)
def perform_port_scan(url, ports=None, scanner=NmapHook, verbose=False, full_path=None, **kwargs):
def perform_port_scan(url, ports=None, scanner=NmapHook, verbose=False, opts=None, **kwargs):
"""
main function that will initalize the port scanning
"""
@ -113,7 +117,7 @@ def perform_port_scan(url, ports=None, scanner=NmapHook, verbose=False, full_pat
"starting port scan on IP address '{}'...".format(found_ip_address)
))
try:
data = scanner(found_ip_address, ports=ports)
data = scanner(found_ip_address, ports=ports, opts=opts)
json_data = data._get_all_info()
data.show_open_ports(json_data)
file_path = data.send_to_file(json_data)

View file

@ -0,0 +1,23 @@
NMAP_API_OPTS = {
"-iL", "-iR", "--exclude", "--excludefile", "-sL",
"-sn", "-Pn", "-PS", "-PA", "-PU", "-PY", "-PE",
"-PP", "-PM", "-PO", "-n", "-R", "--dns-servers", "--system-dns",
"--traceroute", "-sS", "-sT", "-sA", "-sW", "-sM", "-sU", "-sN",
"-sF", "-sX", "--scanflags", "-sI", "-sY", "-sZ", "-sO", "-b",
"-p", "--exclude-ports", "-F", "-r",
"--top-ports", "--port-ratio", "-sV", "--version-intensity",
"--version-light", "--version-all", "--version-trace", "-sC",
"--script", "--script-args", "--script-args-file", "--script-trace",
"--script-updatedb", "--script-help", "-O", "--osscan-limit",
"--osscan-guess", "-T", "--min-hostgroup", "--max-hostgroup",
"--min-parallelism", "--max-parallelism", "--min-rtt-timeout", "--max-rtt-timeout",
"--initial-rtt-timeout", "--max-retries", "--host-timeout", "--scan-delay",
"--max-scan-delay", "--min-rate", "--max-rate", "-f", "--mtu", "-D", "-S", "-e",
"-g", "--source-port", "--proxies", "--data",
"--data-string", "--data-length", "--ip-options", "--ttl",
"--spoof-mac", "--badsum", "-oN", "-oX", "-oS", "-oG", "-oA", "-v",
"-d", "--reason", "--open", "--packet-trace",
"--iflist", "--append-output", "--resume", "--stylesheet",
"--webxml", "--no-stylesheet", "-6", "-A",
"--datadir", "--send-eth/--send-ip", "--privileged", "--unprivileged", "-V", "-h",
}

View file

@ -17,7 +17,7 @@ import bin.unzip_gecko
# clone link
CLONE = "https://github.com/ekultek/zeus-scanner.git"
# current version <major.minor.commit.patch ID>
VERSION = "1.0.11.4666"
VERSION = "1.0.12"
# colors to output depending on the version
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
# version string formatting

66
zeus.py
View file

@ -7,10 +7,12 @@ import subprocess
import random
import httplib as http_client
from var.google_search import search
from var import blackwidow
from lib.attacks.sqlmap_scan.sqlmap_opts import SQLMAP_API_OPTIONS
from var.google_search import search
from lib.errors import InvalidInputProvided
from lib.attacks.nmap_scan.nmap_opts import NMAP_API_OPTS
from lib.attacks.sqlmap_scan.sqlmap_opts import SQLMAP_API_OPTIONS
from lib.attacks import (
nmap_scan,
sqlmap_scan,
@ -68,6 +70,9 @@ if __name__ == "__main__":
attacks.add_option("--sqlmap-args", dest="sqlmapArguments", metavar="SQLMAP-ARGS",
help="Pass the arguments to send to the sqlmap API within quotes & "
"separated by a comma. IE 'dbms mysql, verbose 3, level 5'")
attacks.add_option("--nmap-args", dest="nmapArguments", metavar="NMAP-ARGS",
help="Pass the arguments to send to the nmap API within quotes & "
"separated by a pipe. IE '-O|-p 445, 1080'")
attacks.add_option("--auto-start", dest="autoStartSqlmap", action="store_true",
help="Attempt to automatically find sqlmap on your system")
attacks.add_option("--search-here", dest="givenSearchPath", metavar="PATH-TO-START",
@ -242,22 +247,51 @@ if __name__ == "__main__":
return se
def __create_sqlmap_arguments():
def __create_arguments(sqlmap=False, nmap=False):
"""
create the sqlmap arguments (a list of tuples) that will be passed to the API
"""
logger.info(set_color(
"creating arguments for {}...".format("sqlmap" if sqlmap else "nmap")
))
retval = []
if opt.sqlmapArguments is not None:
for line in opt.sqlmapArguments.split(","):
to_use = line.strip().split(" ")
option = (to_use[0], to_use[1])
if to_use[0] in SQLMAP_API_OPTIONS:
retval.append(option)
else:
logger.warning(set_color(
"option '{}' is not recognized by sqlmap API, skipping...".format(option[0]),
level=30
))
splitter = {"sqlmap": ",", "nmap": "|"}
if sqlmap:
if opt.sqlmapArguments is not None:
for line in opt.sqlmapArguments.split(splitter["sqlmap"]):
to_use = line.strip().split(" ")
option = (to_use[0], to_use[1])
if to_use[0] in SQLMAP_API_OPTIONS:
retval.append(option)
else:
logger.warning(set_color(
"option '{}' is not recognized by sqlmap API, skipping...".format(option[0]),
level=30
))
elif nmap:
warning_msg = "option {} is not known by the nmap api, skipping..."
if opt.nmapArguments is not None:
for line in opt.nmapArguments.split(splitter["nmap"]):
try:
data = line.index(" ")
except:
data = None
pass
if data is not None:
argument = line[0:data]
if argument in NMAP_API_OPTS:
retval.append(line)
else:
logger.warning(set_color(
warning_msg.format(argument), level=30
))
else:
if line in NMAP_API_OPTS:
retval.append(line)
else:
logger.warning(set_color(
warning_msg.format(line), level=30
))
return retval
@ -277,11 +311,11 @@ if __name__ == "__main__":
if question.lower().startswith("y"):
if sqlmap:
return sqlmap_scan.sqlmap_scan_main(url.strip(), verbose=verbose, opts=__create_sqlmap_arguments(),
return sqlmap_scan.sqlmap_scan_main(url.strip(), verbose=verbose, opts=__create_arguments(sqlmap=True),
auto_search=auto, given_path=given_path)
elif nmap:
url_ip_address = replace_http(url.strip())
return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose)
return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose, opts=__create_arguments(nmap=True))
elif intel:
url_ip_address = replace_http(url.strip())
return intel_me.intel_amt_main(url_ip_address, proxy=proxy_to_use, verbose=verbose)