diff --git a/bin/executed.txt b/bin/executed.txt deleted file mode 100644 index 5a03bd3..0000000 --- a/bin/executed.txt +++ /dev/null @@ -1 +0,0 @@ -FALSE \ No newline at end of file diff --git a/etc/link_ext.txt b/etc/link_ext.txt new file mode 100644 index 0000000..aaf72a9 --- /dev/null +++ b/etc/link_ext.txt @@ -0,0 +1,297 @@ +:23 +:82 +:2082 +:2083 +admin.php +admin.html +index.php +login.php +login.html +administrator +admin +adminpanel +cpanel +login +wp-login.php +administrator +admins +logins +admin.asp +login.asp +adm/ +admin/ +admin/account.html +admin/login.html +admin/login.htm +admin/controlpanel.html +admin/controlpanel.htm +admin/adminLogin.html +admin/adminLogin.htm +admin.htm +admin.html +adminitem/ +adminitems/ +administrator/ +administrator/login.%EXT% +administrator.%EXT% +administration/ +administration.%EXT% +adminLogin/ +adminlogin.%EXT% +admin_area/admin.%EXT% +admin_area/ +admin_area/login.%EXT% +manager/ +superuser/ +superuser.%EXT% +access/ +access.%EXT% +sysadm/ +sysadm.%EXT% +superman/ +supervisor/ +panel.%EXT% +control/ +control.%EXT% +member/ +member.%EXT% +members/ +user/ +user.%EXT% +cp/ +uvpanel/ +manage/ +manage.%EXT% +management/ +management.%EXT% +signin/ +signin.%EXT% +log-in/ +log-in.%EXT% +log_in/ +log_in.%EXT% +sign_in/ +sign_in.%EXT% +sign-in/ +sign-in.%EXT% +users/ +users.%EXT% +accounts/ +accounts.%EXT% +bb-admin/login.%EXT% +bb-admin/admin.%EXT% +bb-admin/admin.html +administrator/account.%EXT% +relogin.htm +relogin.html +check.%EXT% +relogin.%EXT% +blog/wp-login.%EXT% +user/admin.%EXT% +users/admin.%EXT% +registration/ +processlogin.%EXT% +checklogin.%EXT% +checkuser.%EXT% +checkadmin.%EXT% +isadmin.%EXT% +authenticate.%EXT% +authentication.%EXT% +auth.%EXT% +authuser.%EXT% +authadmin.%EXT% +cp.%EXT% +modelsearch/login.%EXT% +moderator.%EXT% +moderator/ +controlpanel/ +controlpanel.%EXT% +admincontrol.%EXT% +adminpanel.%EXT% +fileadmin/ +fileadmin.%EXT% +sysadmin.%EXT% +admin1.%EXT% +admin1.html +admin1.htm +admin2.%EXT% +admin2.html +yonetim.%EXT% +yonetim.html +yonetici.%EXT% +yonetici.html +phpmyadmin/ +myadmin/ +ur-admin.%EXT% +ur-admin/ +Server.%EXT% +Server/ +wp-admin/ +administr8.%EXT% +administr8/ +webadmin/ +webadmin.%EXT% +administratie/ +admins/ +admins.%EXT% +administrivia/ +Database_Administration/ +useradmin/ +sysadmins/ +sysadmins/ +admin1/ +system-administration/ +administrators/ +pgadmin/ +directadmin/ +staradmin/ +ServerAdministrator/ +SysAdmin/ +administer/ +LiveUser_Admin/ +sys-admin/ +typo3/ +panel/ +cpanel/ +cpanel_file/ +platz_login/ +rcLogin/ +blogindex/ +formslogin/ +autologin/ +manuallogin/ +simpleLogin/ +loginflat/ +utility_login/ +showlogin/ +memlogin/ +login-redirect/ +sub-login/ +wp-login/ +login1/ +dir-login/ +login_db/ +xlogin/ +smblogin/ +customer_login/ +UserLogin/ +login-us/ +acct_login/ +bigadmin/ +project-admins/ +phppgadmin/ +pureadmin/ +sql-admin/ +radmind/ +openvpnadmin/ +wizmysqladmin/ +vadmind/ +ezsqliteadmin/ +hpwebjetadmin/ +newsadmin/ +adminpro/ +Lotus_Domino_Admin/ +bbadmin/ +vmailadmin/ +Indy_admin/ +ccp14admin/ +irc-macadmin/ +banneradmin/ +sshadmin/ +phpldapadmin/ +macadmin/ +administratoraccounts/ +admin4_account/ +admin4_colon/ +radmind-1/ +Super-Admin/ +AdminTools/ +cmsadmin/ +SysAdmin2/ +globes_admin/ +cadmins/ +phpSQLiteAdmin/ +navSiteAdmin/ +server_admin_small/ +logo_sysadmin/ +power_user/ +system_administration/ +ss_vms_admin_sm/ +bb-admin/ +panel-administracion/ +instadmin/ +memberadmin/ +administratorlogin/ +adm.%EXT% +admin_login.%EXT% +panel-administracion/login.%EXT% +pages/admin/admin-login.%EXT% +pages/admin/ +acceso.%EXT% +admincp/login.%EXT% +admincp/ +adminarea/ +admincontrol/ +affiliate.%EXT% +adm_auth.%EXT% +memberadmin.%EXT% +administratorlogin.%EXT% +modules/admin/ +administrators.%EXT% +siteadmin/ +siteadmin.%EXT% +adminsite/ +kpanel/ +vorod/ +vorod.%EXT% +vorud/ +vorud.%EXT% +adminpanel/ +PSUser/ +secure/ +webmaster/ +webmaster.%EXT% +autologin.%EXT% +userlogin.%EXT% +admin_area.%EXT% +cmsadmin.%EXT% +security/ +usr/ +root/ +secret/ +admin/login.%EXT% +admin/adminLogin.%EXT% +moderator.php +moderator.html +moderator/login.%EXT% +moderator/admin.%EXT% +yonetici.%EXT% +0admin/ +0manager/ +aadmin/ +cgi-bin/login%EXT% +login1%EXT% +login_admin/ +login_admin%EXT% +login_out/ +login_out%EXT% +login_user%EXT% +loginerror/ +loginok/ +loginsave/ +loginsuper/ +loginsuper%EXT% +login%EXT% +logout/ +logout%EXT% +secrets/ +super1/ +super1%EXT% +super_index%EXT% +super_login%EXT% +supermanager%EXT% +superman%EXT% +superuser%EXT% +supervise/ +supervise/Login%EXT% +super%EXT% \ No newline at end of file diff --git a/lib/attacks/nmap_scan/__init__.py b/lib/attacks/nmap_scan/__init__.py index 8914a16..817d943 100644 --- a/lib/attacks/nmap_scan/__init__.py +++ b/lib/attacks/nmap_scan/__init__.py @@ -22,19 +22,23 @@ class NmapHook(object): def __init__(self, ip, verbose=False, pretty=True, dirname="{}/log/scanner-log".format(os.getcwd()), filename="nmap_scan-results-{}.json", - ports=None): + ports=None, opts=None): self.ip = ip self.verbose = verbose self.pretty = pretty self.dir = dirname self.file = filename self.ports = ports + if opts is None: + self.opts = "" + else: + self.opts = " ".join(opts) def _get_all_info(self): """ get all the information from the scan """ - scanned_data = self.NM.scan(self.ip, ports=self.ports) + scanned_data = self.NM.scan(self.ip, ports=self.ports, arguments=self.opts) if self.pretty: scanned_data = json.dumps(scanned_data, indent=4, sort_keys=True) return scanned_data @@ -87,7 +91,7 @@ def find_nmap(item_name="nmap", given_search_path=None, verbose=False): return find_application(item_name, given_search_path=given_search_path, verbose=verbose) -def perform_port_scan(url, ports=None, scanner=NmapHook, verbose=False, full_path=None, **kwargs): +def perform_port_scan(url, ports=None, scanner=NmapHook, verbose=False, opts=None, **kwargs): """ main function that will initalize the port scanning """ @@ -113,7 +117,7 @@ def perform_port_scan(url, ports=None, scanner=NmapHook, verbose=False, full_pat "starting port scan on IP address '{}'...".format(found_ip_address) )) try: - data = scanner(found_ip_address, ports=ports) + data = scanner(found_ip_address, ports=ports, opts=opts) json_data = data._get_all_info() data.show_open_ports(json_data) file_path = data.send_to_file(json_data) diff --git a/lib/attacks/nmap_scan/nmap_opts.py b/lib/attacks/nmap_scan/nmap_opts.py new file mode 100644 index 0000000..61babe4 --- /dev/null +++ b/lib/attacks/nmap_scan/nmap_opts.py @@ -0,0 +1,23 @@ +NMAP_API_OPTS = { + "-iL", "-iR", "--exclude", "--excludefile", "-sL", + "-sn", "-Pn", "-PS", "-PA", "-PU", "-PY", "-PE", + "-PP", "-PM", "-PO", "-n", "-R", "--dns-servers", "--system-dns", + "--traceroute", "-sS", "-sT", "-sA", "-sW", "-sM", "-sU", "-sN", + "-sF", "-sX", "--scanflags", "-sI", "-sY", "-sZ", "-sO", "-b", + "-p", "--exclude-ports", "-F", "-r", + "--top-ports", "--port-ratio", "-sV", "--version-intensity", + "--version-light", "--version-all", "--version-trace", "-sC", + "--script", "--script-args", "--script-args-file", "--script-trace", + "--script-updatedb", "--script-help", "-O", "--osscan-limit", + "--osscan-guess", "-T", "--min-hostgroup", "--max-hostgroup", + "--min-parallelism", "--max-parallelism", "--min-rtt-timeout", "--max-rtt-timeout", + "--initial-rtt-timeout", "--max-retries", "--host-timeout", "--scan-delay", + "--max-scan-delay", "--min-rate", "--max-rate", "-f", "--mtu", "-D", "-S", "-e", + "-g", "--source-port", "--proxies", "--data", + "--data-string", "--data-length", "--ip-options", "--ttl", + "--spoof-mac", "--badsum", "-oN", "-oX", "-oS", "-oG", "-oA", "-v", + "-d", "--reason", "--open", "--packet-trace", + "--iflist", "--append-output", "--resume", "--stylesheet", + "--webxml", "--no-stylesheet", "-6", "-A", + "--datadir", "--send-eth/--send-ip", "--privileged", "--unprivileged", "-V", "-h", +} diff --git a/lib/settings.py b/lib/settings.py index 404d166..8f4c864 100644 --- a/lib/settings.py +++ b/lib/settings.py @@ -17,7 +17,7 @@ import bin.unzip_gecko # clone link CLONE = "https://github.com/ekultek/zeus-scanner.git" # current version -VERSION = "1.0.11.4666" +VERSION = "1.0.12" # colors to output depending on the version VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30} # version string formatting diff --git a/zeus.py b/zeus.py index da78548..576a626 100644 --- a/zeus.py +++ b/zeus.py @@ -7,10 +7,12 @@ import subprocess import random import httplib as http_client -from var.google_search import search from var import blackwidow -from lib.attacks.sqlmap_scan.sqlmap_opts import SQLMAP_API_OPTIONS +from var.google_search import search from lib.errors import InvalidInputProvided +from lib.attacks.nmap_scan.nmap_opts import NMAP_API_OPTS +from lib.attacks.sqlmap_scan.sqlmap_opts import SQLMAP_API_OPTIONS + from lib.attacks import ( nmap_scan, sqlmap_scan, @@ -68,6 +70,9 @@ if __name__ == "__main__": attacks.add_option("--sqlmap-args", dest="sqlmapArguments", metavar="SQLMAP-ARGS", help="Pass the arguments to send to the sqlmap API within quotes & " "separated by a comma. IE 'dbms mysql, verbose 3, level 5'") + attacks.add_option("--nmap-args", dest="nmapArguments", metavar="NMAP-ARGS", + help="Pass the arguments to send to the nmap API within quotes & " + "separated by a pipe. IE '-O|-p 445, 1080'") attacks.add_option("--auto-start", dest="autoStartSqlmap", action="store_true", help="Attempt to automatically find sqlmap on your system") attacks.add_option("--search-here", dest="givenSearchPath", metavar="PATH-TO-START", @@ -242,22 +247,51 @@ if __name__ == "__main__": return se - def __create_sqlmap_arguments(): + def __create_arguments(sqlmap=False, nmap=False): """ create the sqlmap arguments (a list of tuples) that will be passed to the API """ + logger.info(set_color( + "creating arguments for {}...".format("sqlmap" if sqlmap else "nmap") + )) retval = [] - if opt.sqlmapArguments is not None: - for line in opt.sqlmapArguments.split(","): - to_use = line.strip().split(" ") - option = (to_use[0], to_use[1]) - if to_use[0] in SQLMAP_API_OPTIONS: - retval.append(option) - else: - logger.warning(set_color( - "option '{}' is not recognized by sqlmap API, skipping...".format(option[0]), - level=30 - )) + splitter = {"sqlmap": ",", "nmap": "|"} + if sqlmap: + if opt.sqlmapArguments is not None: + for line in opt.sqlmapArguments.split(splitter["sqlmap"]): + to_use = line.strip().split(" ") + option = (to_use[0], to_use[1]) + if to_use[0] in SQLMAP_API_OPTIONS: + retval.append(option) + else: + logger.warning(set_color( + "option '{}' is not recognized by sqlmap API, skipping...".format(option[0]), + level=30 + )) + elif nmap: + warning_msg = "option {} is not known by the nmap api, skipping..." + if opt.nmapArguments is not None: + for line in opt.nmapArguments.split(splitter["nmap"]): + try: + data = line.index(" ") + except: + data = None + pass + if data is not None: + argument = line[0:data] + if argument in NMAP_API_OPTS: + retval.append(line) + else: + logger.warning(set_color( + warning_msg.format(argument), level=30 + )) + else: + if line in NMAP_API_OPTS: + retval.append(line) + else: + logger.warning(set_color( + warning_msg.format(line), level=30 + )) return retval @@ -277,11 +311,11 @@ if __name__ == "__main__": if question.lower().startswith("y"): if sqlmap: - return sqlmap_scan.sqlmap_scan_main(url.strip(), verbose=verbose, opts=__create_sqlmap_arguments(), + return sqlmap_scan.sqlmap_scan_main(url.strip(), verbose=verbose, opts=__create_arguments(sqlmap=True), auto_search=auto, given_path=given_path) elif nmap: url_ip_address = replace_http(url.strip()) - return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose) + return nmap_scan.perform_port_scan(url_ip_address, verbose=verbose, opts=__create_arguments(nmap=True)) elif intel: url_ip_address = replace_http(url.strip()) return intel_me.intel_amt_main(url_ip_address, proxy=proxy_to_use, verbose=verbose)