From 799b6baba0659a0e9861fd233e4e0b10deda11c8 Mon Sep 17 00:00:00 2001 From: ekultek Date: Wed, 11 Oct 2017 17:47:18 -0500 Subject: [PATCH] created some new extenstions and a threading flag for the admin panel finder --- etc/link_ext.txt | 920 ++++++++++++++------- lib/attacks/admin_panel_finder/__init__.py | 69 +- lib/core/settings.py | 3 +- zeus.py | 4 +- 4 files changed, 705 insertions(+), 291 deletions(-) diff --git a/etc/link_ext.txt b/etc/link_ext.txt index dae29de..96ce6d8 100644 --- a/etc/link_ext.txt +++ b/etc/link_ext.txt @@ -2,296 +2,646 @@ :82 :2082 :2083 -/admin.php -/admin.html -/index.php -/login.php -/login.html -/administrator -/admin -/adminpanel -/cpanel -/login -/wp-login.php -/administrator -/admins -/logins -/admin.asp -/login.asp -/adm/ -/admin/ -/admin/account.html -/admin/login.html -/admin/login.htm -/admin/controlpanel.html -/admin/controlpanel.htm -/admin/adminLogin.html -/admin/adminLogin.htm -/admin.htm -/admin.html -/adminitem/ -/adminitems/ -/administrator/ -/administrator/login.%EXT% -/administrator.%EXT% -/administration/ -/administration.%EXT% -/adminLogin/ -/adminlogin.%EXT% -/admin_area/admin.%EXT% -/admin_area/ -/admin_area/login.%EXT% -/manager/ -/superuser/ -/superuser.%EXT% -/access/ -/access.%EXT% -/sysadm/ -/sysadm.%EXT% -/superman/ -/supervisor/ -/panel.%EXT% -/control/ -/control.%EXT% -/member/ -/member.%EXT% -/members/ -/user/ -/user.%EXT% -/cp/ -/uvpanel/ -/manage/ -/manage.%EXT% -/management/ -/management.%EXT% -/signin/ -/signin.%EXT% -/log-in/ -/log-in.%EXT% -/log_in/ -/log_in.%EXT% -/sign_in/ -/sign_in.%EXT% -/sign-in/ -/sign-in.%EXT% -/users/ -/users.%EXT% -/accounts/ -/accounts.%EXT% -/bb-admin/login.%EXT% -/bb-admin/admin.%EXT% -/bb-admin/admin.html -/administrator/account.%EXT% -/relogin.htm -/relogin.html -/check.%EXT% -/relogin.%EXT% -/blog/wp-login.%EXT% -/user/admin.%EXT% -/users/admin.%EXT% -/registration/ -/processlogin.%EXT% -/checklogin.%EXT% -/checkuser.%EXT% -/checkadmin.%EXT% -/isadmin.%EXT% -/authenticate.%EXT% -/authentication.%EXT% -/auth.%EXT% -/authuser.%EXT% -/authadmin.%EXT% -/cp.%EXT% -/modelsearch/login.%EXT% -/moderator.%EXT% -/moderator/ -/controlpanel/ -/controlpanel.%EXT% -/admincontrol.%EXT% -/adminpanel.%EXT% -/fileadmin/ -/fileadmin.%EXT% -/sysadmin.%EXT% -/admin1.%EXT% -/admin1.html -/admin1.htm -/admin2.%EXT% -/admin2.html -/yonetim.%EXT% -/yonetim.html -/yonetici.%EXT% -/yonetici.html -/phpmyadmin/ -/myadmin/ -/ur-admin.%EXT% -/ur-admin/ -/Server.%EXT% -/Server/ -/wp-admin/ -/administr8.%EXT% -/administr8/ -/webadmin/ -/webadmin.%EXT% /administratie/ -/admins/ -/admins.%EXT% -/administrivia/ -/Database_Administration/ +/admin/voucher.php +/yonetim.asp /useradmin/ -/sysadmins/ -/sysadmins/ -/admin1/ -/system-administration/ -/administrators/ -/pgadmin/ -/directadmin/ -/staradmin/ -/ServerAdministrator/ -/SysAdmin/ -/administer/ -/LiveUser_Admin/ -/sys-admin/ -/typo3/ -/panel/ -/cpanel/ -/cpanel_file/ -/platz_login/ -/rcLogin/ -/blogindex/ -/formslogin/ -/autologin/ -/manuallogin/ -/simpleLogin/ -/loginflat/ -/utility_login/ -/showlogin/ -/memlogin/ -/login-redirect/ -/sub-login/ -/wp-login/ -/login1/ -/dir-login/ -/login_db/ -/xlogin/ -/smblogin/ -/customer_login/ -/UserLogin/ -/login-us/ -/acct_login/ -/bigadmin/ -/project-admins/ -/phppgadmin/ -/pureadmin/ +/relogin.htm +/super%EXT% +/admin_area/index.php /sql-admin/ -/radmind/ -/openvpnadmin/ -/wizmysqladmin/ -/vadmind/ -/ezsqliteadmin/ -/hpwebjetadmin/ -/newsadmin/ -/adminpro/ -/Lotus_Domino_Admin/ -/bbadmin/ -/vmailadmin/ -/Indy_admin/ -/ccp14admin/ -/irc-macadmin/ -/banneradmin/ -/sshadmin/ -/phpldapadmin/ -/macadmin/ -/administratoraccounts/ -/admin4_account/ -/admin4_colon/ -/radmind-1/ -/Super-Admin/ -/AdminTools/ -/cmsadmin/ -/SysAdmin2/ -/globes_admin/ -/cadmins/ -/phpSQLiteAdmin/ -/navSiteAdmin/ -/server_admin_small/ -/logo_sysadmin/ -/power_user/ -/system_administration/ -/ss_vms_admin_sm/ -/bb-admin/ -/panel-administracion/ -/instadmin/ -/memberadmin/ -/administratorlogin/ -/adm.%EXT% -/admin_login.%EXT% -/panel-administracion/login.%EXT% -/pages/admin/admin-login.%EXT% -/pages/admin/ -/acceso.%EXT% -/admincp/login.%EXT% -/admincp/ -/adminarea/ -/admincontrol/ +/admin1.asp +/cp.php +/admin/CPhome.php +/admin/login-home.php /affiliate.%EXT% -/adm_auth.%EXT% -/memberadmin.%EXT% -/administratorlogin.%EXT% -/modules/admin/ -/administrators.%EXT% -/siteadmin/ -/siteadmin.%EXT% -/adminsite/ -/kpanel/ -/vorod/ -/vorod.%EXT% -/vorud/ -/vorud.%EXT% -/adminpanel/ -/PSUser/ -/secure/ -/webmaster/ -/webmaster.%EXT% +/configure/ +/admin/login.htm +/modelsearch/login.php +/cpanel_file/ +/cmsadmin/ +/admin/controlpanel.php /autologin.%EXT% -/userlogin.%EXT% -/admin_area.%EXT% -/cmsadmin.%EXT% -/security/ -/usr/ -/root/ -/secret/ -/admin/login.%EXT% -/admin/adminLogin.%EXT% -/moderator.php -/moderator.html -/moderator/login.%EXT% -/moderator/admin.%EXT% -/yonetici.%EXT% -/0admin/ -/0manager/ -/aadmin/ -/cgi-bin/login%EXT% -/login1%EXT% -/login_admin/ -/login_admin%EXT% -/login_out/ -/login_out%EXT% -/login_user%EXT% -/loginerror/ -/loginok/ -/loginsave/ -/loginsuper/ -/loginsuper%EXT% -/login%EXT% -/logout/ -/logout%EXT% -/secrets/ -/super1/ -/super1%EXT% -/super_index%EXT% +/admin_area/login.asp +/admin/admin_login.php +/member.%EXT% +/admin-login.php +/_administrator/ +/moderator/login.php +/admin/index.asp +/admin3/ +/members/ +/admin/uhome.html +/admin_login.asp +/account.html +/admin/leads.php +/bb-admin/admin.asp +/auth.%EXT% +/admin/login_success.php +/bb-admin/login.html +/SysAdmin2/ +/access.php +/usuarios// +/admin_home.php +/admins.asp +/radmind/ +/admin4/ +/admin2/login.php +/administrators/ +/management/ +/admin/welcome.php +/admins.php +/admin/index.php +/adminpanel +/yonetim.php +/administrivia/ +/admin/admin-login.php +/configuration/ +/xlogin/ +/admin/moderator.php +/Lotus_Domino_Admin/ +/authadmin.%EXT% /super_login%EXT% +/bb-admin/admin.php +/panel-administracion/index.html +/adminpanel.%EXT% +/SysAdmin/ +/administracion.php +/admin/products.php +/LiveUser_Admin/ +/pages/admin/admin-login.php +/admin1.html +/WebAdmin/ +/admin/member_home.php +/usuario/ +/authorize.php +/interactive/admin.php +/account.php +/yonetici.%EXT% +/login-redirect/ +/base/admin/ +/account/ +/bb-admin/admin.html +/_adm_/ +/adm/index.php +/admin/adminarea.php +/admin2.html +/AdminTools/ +/admin/index_ref.php +/manager/ispmgr/ +/admin/adminview.php +/administr8.php +/cgi-bin/login%EXT% +/admin/AdminHome.php +/admin_area.%EXT% +/panel.php +/index.php +/user.%EXT% +/ur-admin.asp +/wizmysqladmin/ +/evmsadmin/ +/admins/ +/loginerror/ +/affiliate.php +/moderator/login.html +/login.asp +/admin/overview.php +/check.%EXT% +/webadmin/index.html +/links/login.php +/showlogin/ +/vorud/ +/siteadmin/index.php +/memberadmin.asp +/_administrator_/ +/checkadmin.%EXT% +/site/admin/ +/admin_login.php +/admincontrol.php/ +/modelsearch/login.%EXT% +/admin/manageImages.php +/Indy_admin/ +/admin/admin-login.html +/manage/ +/vmailadmin/ +/system_administration/ +/adminarea/login.php +/admincontrol/login.php +/admin/main.php/ +/admin/home.php +/administrator/login.html +/user/ +/access/ +/login.html +/admin/admin.asp +/admin/cpanel.php +/accounts/ +/admincp/ +/loginsave/ +/newsadmin/ +/admin4_colon/ +/modelsearch/index.asp +/controlpanel/ +/include/admin.php +/adminpanel/ +/Server/ +/administrator +/adminarea/index.php +/admin_main.html +/administr8.%EXT% /supermanager%EXT% -/superman%EXT% -/superuser%EXT% -/supervise/ +/admin/gallery.php +/admincp/index.asp +/formslogin/ +/controlpanel.%EXT% +/sysadmin.%EXT% +/admin/adm.php +/ServerAdministrator/ +/secret/ +/admin/admin-home.php +/admin/enter.php +/siteadmin/login.asp +/admin/welcomepage.php +/controlpanel.asp +/administrators.%EXT% +/admin/login.html +/admin/initialadmin.php +/webadmin/admin.asp +:2083 +:2082 +/pureadmin/ +/login_out%EXT% +/administr8.html +/memberadmin.php +/ur-admin.html +/admin/addblog.php +/editor/ +/adm/admloginuser.asp +/bbadmin/ +/logo_sysadmin/ +/admin/cp.html +/fileadmin/ +/admin/login.asp +/panel-administracion/login.%EXT% +/dir-login/ +/administrator/account.%EXT% +/login_admin%EXT% +/administrator/index.html +/ADMIN/ +/siteadmin/login.php +/edit.php +/administrator/login.%EXT% +/control/ +/login_admin/ +/bigadmin/ +/processlogin.%EXT% +/PSUser/ +/radmind-1/ +/irc-macadmin/ +/panel.%EXT% +/ADMON/ +/UserLogin/ +/signin.%EXT% +/login1%EXT% +/wp-login.php +/administrator/ +/adminarea/admin.php +/memlogin/ +/member/ +/moderator/login.%EXT% +/admin4_account/ +/server_admin_small/ +/sshadmin/ +/admin/add-room.php +/manager/ +/admins.%EXT% +/cms/login/ +/adminarea/login.html +/site_admin/login.php +/admin/controlpanel.html +/ADMIN/login.html +/admin/page_management.php +/moderator.php/ +/staradmin/ +/home.asp +/admin/home.asp +/utility_login/ +/super_index%EXT% +/affiliate.asp +/admin/dashbord.php +/auth/ +/customer_login/ +/Database_Administration/ +/adm.php +/admin5/ +/admin/admin/ +/admin/add_banner.php/ +/admin_area/admin.html +/typo3/ +/home.html +/user.html +/ur-admin.%EXT% +/admin2/index.php +/admin/loginsuccess.php +/support_login/ +/admin/admin_management.php +/cp.html +/webadmin/admin.php +/adminarea/index.asp +/admin/userpage.php +/manage_admin.php +/admin/control_pages/admin_home.php +/modelsearch/admin.html +/admin/save.php +/_admin_/ +/adminarea/admin.html +/forum/admin +/adm.html +/sysadmin.asp +/panel-administracion/admin.asp +/adm.%EXT% +/Super-Admin/ +/yonetim.%EXT% +/siteadmin/login.html +/admin_area/login.%EXT% +/admin/default.php +/supervisor/ +/cms/admin/ +/admin_area/index.asp +/administration/ +/webadmin.html +/fileadmin.asp +/_adm/ +/sysadm.%EXT% +/webadmin.php +/meta_login/ +/administrator.php +/cmsadmin.%EXT% +/adminlogin.%EXT% +/memberadmin/ +/secure/ +/usuarios/login.php +/wp-admin/ +/admin/myaccount.php +/administration.php +/admin/add.php +/superman/ +/globes_admin/ +/admin/admin.html +/sign_in/ +/adm/index.html +/nsw/admin/login.php +/project-admins/ +/adminarea/login.asp +/sysadmin.html +/webadmin/index.php +/moderator.php +/administratoraccounts/ +/admin_area/ +/panel-administracion/ +/admin/list_gallery.php +/login_db/ +/smblogin/ +/administrator/account.html +/login%EXT% +/webadmin.asp +/directadmin/ +/cms/ +/db/admin.php +/admin/slider.php +/database_administration/ +/fileadmin.php +/checklogin.%EXT% +/admin1/ +/phpldapadmin/ +/admin/dashboard/index.php +/isadmin.%EXT% +/logins +/acct_login/ +/administration.%EXT% +/users/admin.%EXT% +/pma/ +/admin/admin_index.php +/logins/ +/cpanel +/admin-login.html +/AdminWeb/ +/user.asp +/login +/administr8/ +/auth/login/ +/admincontrol.php +/phppgadmin/ +/admin/form.php +/admincp/login.asp +/uvpanel/ +/pgadmin/ +/webadmin/admin.html +/admin/account.php +/webmaster.%EXT% +/sign_in.%EXT% +/siteadmin/index.asp +/login/login.php +/webadmin/index.asp +/admin/manage_team.php +/relogin.html +/bb-admin/login.php +/power_user/ +/webadmin/ +/cp.%EXT% +/admin/adminLogin.%EXT% +/user/admin.%EXT% +/adminarea/index.html +/cadmins/ +/loginsuper/ +/accounts.%EXT% +/admin/admin_login.asp +/pages/admin/ +/authenticate.%EXT% +/adm_auth.%EXT% +/bb-admin/ +/Admin/ +/administrator/login.php +/system-administration/ +/admin/admin_login.html +/user.php +/admin_area/admin.php +/Server.%EXT% +/hpwebjetadmin/ +/bb-admin/admin.%EXT% +/vadmind/ +/moderator.asp +/ADMIN/login.php +/sysadmin.php +/pages/admin/admin-login.%EXT% +/admincontrol/ +/panel/ +/moderator/ +/acceso.%EXT% +/admin/pages/home_admin.php +:82 +/administrator/index.asp +/wplogin/ +/adminLogin.asp +/login-us/ +/moderator/admin.php +/admin2.php +/admin/main_page.php /supervise/Login%EXT% -/super%EXT% \ No newline at end of file +/admin2.%EXT% +/admin/adminLogin.htm +/ccms/login.php +/phpSQLiteAdmin/ +/platz_login/ +/admin2/index/ +/modules/admin/ +/webadmin/login.asp +/adm/ +/moderator/admin.%EXT% +/ss_vms_admin_sm/ +/adminpro/ +/authentication.%EXT% +/wp-login/ +/sub-login/ +/administratorlogin.php +/access.%EXT% +/login/ +/Admin/private/ +/administration.html +/moderator/admin.asp +/secrets/ +/admin/adminLogin.php +/admin/change_gallery.php +/loginsuper%EXT% +/modelsearch/admin.php +/registration/ +/log-in/ +/cp/ +/adm/admloginuser.php +/home.php +/vorod/ +/webadmin.%EXT% +/autologin/ +/login_user%EXT% +/root/ +/yonetici.php +/admin/event.php +/admincontrol.%EXT% +/admin/checklogin.php +/moderator.html +/panel-administracion/login.php +/administrator/account.asp +/adm_auth.php +/admin/controlpanel.asp +/moderator.%EXT% +/admin/my_account.php +/pages/admin/admin-login.html +/modelsearch/login.asp +/vorud.%EXT% +/panel-administracion/login.html +/cPanel/ +/admin.php +/admin/account.html +/pages/admin/admin-login.asp +/loginok/ +/relogin.%EXT% +/ccms/index.php +/admin_login.php] +/admin_area/admin.asp +/blog/wp-login.%EXT% +/cpanel/ +/admincontrol/login.html +/ur-admin.php +/webmaster/ +/admin/add-slider.php +/Server.html +/admin_area/login.php +/adminpanel.html +/phpmyadmin/ +/modelsearch/index.html +/simpleLogin/ +/logout%EXT% +/admin.html +/adminpanel.asp +/Server.asp +/admin1.%EXT% +/administratorlogin.%EXT% +/administer/ +/websvn/ +/admin2/login.asp +/webadmin/login.html +/administrador/ +/security/ +/signin/ +/ccms/ +/admin/admin-login.asp +/admin.htm +/admin/add_testimonials.php +/admin/configration.php +/fileadmin.%EXT% +/admin-login.asp +/sysadmin/ +/panel-administracion/login.asp +/panel-administracion/index.asp +/admin2.asp +/administrator.html +/manuallogin/ +/admin2/ +/admin/ +/adm_auth.asp +/fileadmin.html +/adm.asp +/memberadmin.%EXT% +/admin/admin.php +/admin/specializations.php +/admin_login.html +/administrator.asp +/log_in.%EXT% +/adminarea/ +/adminpanel.php +/super1%EXT% +/server/ +/Server.php +/admin_login.%EXT% +/adm2/ +/superuser%EXT% +/admincontrol/login.asp +/bb-admin/login.asp +/administrator.%EXT% +/bb-admin/index.asp +/admincontrol.html +/admin/headline.php +/acceso.php +/adminsite/ +/login_out/ +/admin_tool/ +/siteadmin/ +/usr/ +/logout/ +/admin.asp +/admon/ +/sign-in.%EXT% +/paneldecontrol/ +/administrator/index.php +/_admin/ +/admin_area/login.html +/admincp/login.%EXT% +/admin/viewblog.php +/panel-administracion/index.php +/ccp14admin/ +/administratorlogin.asp +/administr8.asp +/controlpanel.php +/login.php +/super1/ +/admin1.htm +/yonetim.html +/panelc/ +/admin_area/index.html +/sysadmins/ +/macadmin/ +/adminitems/ +/adminLogin.html +/admin/banners_report.php +/0manager/ +/adminLogin/ +/admloginuser.asp +/admins +/authuser.%EXT% +/admin/upload.php +/admin/adminLogin.html +/sys-admin/ +/admincontrol.asp +/account.asp +/myadmin/ +/log_in/ +/rcLogin/ +/yonetici.asp +/admin +/openvpnadmin/ +/banneradmin/ +/sysadm/ +/admin/admin_users.php +/administrator/login.asp +/webadmin/login.php +/admin_area/admin.%EXT% +/bb-admin/index.html +/management.%EXT% +/acceso.asp +/siteadmin.%EXT% +/admloginuser.php +/includes/login.php +/admin/login.%EXT% +/vorod.%EXT% +/yonetici.html +/users.%EXT% +/admin/index-digital.php +/instadmin/ +/admin/viewmembers.php +/navSiteAdmin/ +/usuarios/ +/manage.%EXT% +/admin/adminLogin.asp +/ur-admin/ +/admin/cp.asp +/admin/dash.php +/users/ +/modelsearch/admin.asp +/bb-admin/login.%EXT% +/admin/controlpanel.htm +/superman%EXT% +/controlpanel.html +/admin/dashboard.php +/blogindex/ +/administratorlogin/ +:23 +/bb-admin/index.php +/administrator/account.php +/admin1.php +/loginflat/ +/adminarea/admin.asp +/supervise/ +/admin/home.html +/checkuser.%EXT% +/cp.asp +/admin/product.php +/cms/_admin/logon.php +/aadmin/ +/admin/account.asp +/admin/login +/modelsearch/index.php +/admin/add_gallery_image.php +/ezsqliteadmin/ +/moderator/admin.html +/superuser/ +/sign-in/ +/admin/AdminDashboard.php +/admin/login.php +/superuser.%EXT% +/rcjakar/admin/login.php +/panel-administracion/admin.php +/admin-login.php/ +/login1/ +/kpanel/ +/panel-administracion/admin.html +/admin/log.php +/control.%EXT% +/admincp/index.html +/admins.html +/admin/cp.php +/moderator/login.asp +/admin/index.html +/mag/admin/ +/log-in.%EXT% +/adminLogin.php +/admin/ManageAdmin.php +/modelsearch/login.html +/logon/ +/maintenance/ +/admin/banner.php +/0admin/ +/admin/category.php +/adm/index.asp +/adminitem/ +/admin2/index.asp +/userlogin.%EXT% \ No newline at end of file diff --git a/lib/attacks/admin_panel_finder/__init__.py b/lib/attacks/admin_panel_finder/__init__.py index 480113a..2beb11a 100644 --- a/lib/attacks/admin_panel_finder/__init__.py +++ b/lib/attacks/admin_panel_finder/__init__.py @@ -1,4 +1,5 @@ import os +import threading try: # Python 2 from urllib.request import urlopen @@ -6,18 +7,55 @@ try: # Python 2 except ImportError: # Python 3 from urllib2 import urlopen, HTTPError +import requests + from var.auto_issue.github import request_issue_creation from lib.core.settings import ( logger, replace_http, set_color, create_tree, + prompt, + write_to_log_file, + ROBOTS_PAGE_PATH ) -def check_for_admin_page(url, exts, protocol="http://", show_possibles=False, verbose=False): +def check_for_robots(url, ext="/robots.txt", data_sep="-" * 30): + url = replace_http(url) + interesting = set() + full_url = "{}{}{}".format("http://", url, ext) + conn = requests.get(full_url) + data = conn.content + code = conn.status_code + if code == 404: + return False + for line in data.split("\n"): + if "Allow" in line: + interesting.add(line.strip()) + if len(interesting) > 0: + create_tree(full_url, list(interesting)) + else: + to_display = prompt( + "nothing interesting found in robots.txt would you like to display the entire page", opts="yN" + ) + if to_display.lower().startswith("y"): + print( + "{}\n{}\n{}".format( + data_sep, data, data_sep + ) + ) + logger.info(set_color( + "robots.txt page will be saved into a file..." + )) + write_to_log_file(data, ROBOTS_PAGE_PATH, "robots-{}.log".format(url)) + + +def check_for_admin_page(url, exts, protocol="http://", **kwargs): + verbose = kwargs.get("verbose", False) + show_possibles = kwargs.get("show_possibles", False) possible_connections, connections = set(), set() - stripped_url = replace_http(url.strip()) + stripped_url = replace_http(str(url).strip()) for ext in exts: ext = ext.strip() true_url = "{}{}{}".format(protocol, stripped_url, ext) @@ -93,7 +131,15 @@ def __load_extensions(filename="{}/etc/link_ext.txt"): return ext.readlines() -def main(url, show=False, verbose=False): +def main(url, show=False, verbose=False, do_threading=False, threads=10): + logger.info(set_color( + "parsing robots.txt..." + )) + results = check_for_robots(url) + if not results: + logger.warning(set_color( + "seems like this page doesn't have a robots.txt...", level=30 + )) logger.info(set_color( "loading extensions..." )) @@ -105,4 +151,19 @@ def main(url, show=False, verbose=False): logger.info(set_color( "attempting to bruteforce admin panel..." )) - check_for_admin_page(url, extensions, show_possibles=show, verbose=verbose) + if do_threading: + if verbose: + logger.debug(set_color( + "starting {} threads...".format(threads), level=10 + )) + for _ in range(0, threads): + t = threading.Thread(target=check_for_admin_page, args=(url, extensions), kwargs={ + "show_possibles": show, + "verbose": verbose + + }) + t.daemon = True + t.start() + t.join() + else: + check_for_admin_page(url, extensions, show_possibles=show, verbose=verbose) \ No newline at end of file diff --git a/lib/core/settings.py b/lib/core/settings.py index 5936670..d3275f6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -22,7 +22,7 @@ except NameError: # clone link CLONE = "https://github.com/ekultek/zeus-scanner.git" # current version -VERSION = "1.0.38.1a8b" +VERSION = "1.0.39" # colors to output depending on the version VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30} # version string formatting @@ -53,6 +53,7 @@ URL_QUERY_REGEX = re.compile(r"(.*)[?|#](.*){1}\=(.*)") URL_REGEX = re.compile(r"((https?):((//)|(\\\\))+([\w\d:#@%/;$()~_?\+-=\\\.&](#!)?)*)") # paths to sqlmap and nmap TOOL_PATHS = "{}/bin/paths/path_config.ini".format(os.getcwd()) +ROBOTS_PAGE_PATH = "{}/log/robots".format(os.getcwd()) # URL's that are extracted from Google's ban URL EXTRACTED_URL_LOG = "{}/log/extracted-url-log".format(os.getcwd()) # log path for the URL's that are found diff --git a/zeus.py b/zeus.py index 4c73b04..8c99fc7 100755 --- a/zeus.py +++ b/zeus.py @@ -98,6 +98,8 @@ if __name__ == "__main__": help="Show all connections made during the admin panel search") attacks.add_option("--tamper", dest="tamperXssPayloads", metavar="TAMPER-SCRIPT", help="Send the XSS payloads through tampering before sending to the target") + attacks.add_option("--thread", dest="threadPanels", action="store_true", + help="Thread the admin panel finder, will start 10 threads") attacks.add_option("--auto", dest="autoStartSqlmap", action="store_true", help=optparse.SUPPRESS_HELP) @@ -418,7 +420,7 @@ if __name__ == "__main__": url = get_true_url(url) return intel_me.main_intel_amt(url, agent=agent_to_use, proxy=proxy_to_use) elif admin: - main(url, show=opt.showAllConnections, verbose=verbose) + main(url, show=opt.showAllConnections, verbose=verbose, do_threading=opt.threadPanels) elif xss: main_xss(url, verbose=verbose, proxy=proxy_to_use, agent=agent_to_use, tamper=opt.tamperXssPayloads) else: