mirror of
https://github.com/Ekultek/Zeus-Scanner.git
synced 2026-03-11 08:55:51 +00:00
minor edits to most information, some updates to intel scans verbosity, comment edits to sqlmap
This commit is contained in:
parent
5c1d7e4867
commit
b28fd3eac4
7 changed files with 196 additions and 107 deletions
|
|
@ -40,21 +40,21 @@ d41d8cd98f00b204e9800998ecf8427e ./lib/__init__.py
|
|||
c8fe372b08e7e27fe4e21f5f730f22ec ./lib/attacks/clickjacking_scan/__init__.py
|
||||
8e69bcf607cdb879b76500a9b1ba1763 ./lib/attacks/clickjacking_scan/__init__.pyc
|
||||
d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
|
||||
d93cf7cdeabe951251f2f4d56687b5f4 ./lib/attacks/sqlmap_scan/__init__.py
|
||||
1a41d8378580b3d21e53504bdd2e2407 ./lib/attacks/sqlmap_scan/__init__.py
|
||||
5e5bb575014ebe613db6bf671d008cf8 ./lib/attacks/sqlmap_scan/sqlmap_opts.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/whois_lookup/__init__.py
|
||||
e2b494ba257444ed4a9a8a554dcbe250 ./lib/attacks/whois_lookup/whois.py
|
||||
185cfb4e30ffc2688dfebcc66d41b43f ./lib/attacks/admin_panel_finder/__init__.py
|
||||
35f40f12b6c7241e69c3907a3f529874 ./lib/attacks/admin_panel_finder/__init__.py
|
||||
629f935edac35716cf0cb3548f0cc86c ./lib/attacks/xss_scan/__init__.py
|
||||
27358f26bda30d7356143c3ea1fa99c5 ./lib/attacks/nmap_scan/__init__.py
|
||||
216999fa0e84866d5c1d96d5676034e4 ./lib/attacks/nmap_scan/nmap_opts.py
|
||||
f746d2867f493104a78d0540cf50c03f ./lib/attacks/intel_me/__init__.py
|
||||
be3bcc949bb54e19c5b349c78a575c8c ./lib/attacks/intel_me/__init__.py
|
||||
1faa2b5dfad6eb538bbfe42942d2a9da ./lib/core/errors.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./lib/core/__init__.py
|
||||
28d4d887089b5c27b0f5e51db22dfbc8 ./lib/core/settings.py
|
||||
cdcace5ca96943d054ff03fcad306a25 ./lib/core/settings.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./var/google_search/__init__.py
|
||||
6372bb30e3ba30f10c4f5fd200ae3ac5 ./var/google_search/search.py
|
||||
255c7b07fefed0be9dc72134acfc40ca ./var/google_search/search.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./var/__init__.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./var/auto_issue/__init__.py
|
||||
4506850a02aa18e12bef4efeb760ad9e ./var/auto_issue/github.py
|
||||
dadca85c232153021ba9ff253d8ee1d9 ./var/auto_issue/github.py
|
||||
059765fe1ae084ad267d4b7aa7a34032 ./var/blackwidow/__init__.py
|
||||
|
|
@ -86,6 +86,9 @@ def check_for_admin_page(url, exts, protocol="http://", **kwargs):
|
|||
possible_connections, connections = set(), set()
|
||||
stripped_url = replace_http(str(url).strip())
|
||||
for ext in exts:
|
||||
# each extension is loaded before this process begins to save time
|
||||
# while running this process.
|
||||
# it will be loaded and passed instead of loaded during.
|
||||
ext = ext.strip()
|
||||
true_url = "{}{}{}".format(protocol, stripped_url, ext)
|
||||
if verbose:
|
||||
|
|
@ -132,6 +135,7 @@ def check_for_admin_page(url, exts, protocol="http://", **kwargs):
|
|||
data_msg.format(len(possible_connections), len(connections))
|
||||
))
|
||||
if len(connections) > 0:
|
||||
# create the connection tree if we got some connections
|
||||
logger.info(set_color(
|
||||
"creating connection tree..."
|
||||
))
|
||||
|
|
@ -164,6 +168,7 @@ def __load_extensions(filename="{}/etc/text_files/link_ext.txt"):
|
|||
"""
|
||||
load the extensions to use from the etc/link_ext file
|
||||
"""
|
||||
# this is where the extensions are loaded from
|
||||
with open(filename.format(os.getcwd())) as ext:
|
||||
return ext.readlines()
|
||||
|
||||
|
|
|
|||
|
|
@ -14,18 +14,28 @@ from lxml import html
|
|||
from var.auto_issue.github import request_issue_creation
|
||||
|
||||
|
||||
def __get_auth_headers(target, port=16992, source=None, agent=None, proxy=None):
|
||||
def __get_auth_headers(target, ports=(16992, 16693, 693, 692), **kwargs):
|
||||
"""
|
||||
get the authorization headers from the URL
|
||||
"""
|
||||
source = kwargs.get("source", None)
|
||||
proxy, agent, verbose = kwargs.get("proxy", None), kwargs.get("agent", None), kwargs.get("verbose", False)
|
||||
if not source or 'WWW-Authenticate' not in source.headers['WWW-Authenticate']:
|
||||
logger.info(set_color(
|
||||
"header value not established, attempting to get bypass..."
|
||||
))
|
||||
source = requests.get("http://{0}:{1}/index.htm".format(target, port), timeout=10, headers={
|
||||
'connection': 'close', 'user-agent': agent
|
||||
}, proxies=proxy)
|
||||
return source
|
||||
for port in ports:
|
||||
try:
|
||||
if verbose:
|
||||
logger.debug(set_color(
|
||||
"trying on port {}...".format(port), level=10
|
||||
))
|
||||
source = requests.get("http://{0}:{1}/index.htm".format(target, port), timeout=10, headers={
|
||||
'connection': 'close', 'user-agent': agent
|
||||
}, proxies=proxy)
|
||||
return source
|
||||
except Exception:
|
||||
pass
|
||||
# Get digest and nonce and return the new header
|
||||
if 'WWW-Authenticate' in source.headers:
|
||||
logger.info(set_color(
|
||||
|
|
@ -46,28 +56,36 @@ def __get_auth_headers(target, port=16992, source=None, agent=None, proxy=None):
|
|||
return None
|
||||
|
||||
|
||||
def __get_raw_data(target, page, agent=None, proxy=None):
|
||||
def __get_raw_data(target, page, agent=None, proxy=None, **kwargs):
|
||||
"""
|
||||
collect all the information from an exploitable target
|
||||
"""
|
||||
possible_ports = (16992, 16993, 693, 692)
|
||||
verbose = kwargs.get("verbose", False)
|
||||
logger.info(set_color(
|
||||
"getting raw information..."
|
||||
"attempting to get raw hardware information..."
|
||||
))
|
||||
return requests.get("http://{0}:16992/{1}.htm".format(target, page),
|
||||
headers={
|
||||
'connection': 'close',
|
||||
'Authorization': __get_auth_headers(target),
|
||||
'user-agent': agent
|
||||
},
|
||||
proxies=proxy
|
||||
)
|
||||
for port in possible_ports:
|
||||
try:
|
||||
if verbose:
|
||||
logger.debug(set_color(
|
||||
"trying on port {}...".format(port), level=10
|
||||
))
|
||||
return requests.get("http://{0}:{1}/{2}.htm".format(target, port, page),
|
||||
headers={
|
||||
'connection': 'close',
|
||||
'Authorization': __get_auth_headers(target, verbose=verbose),
|
||||
'user-agent': agent
|
||||
}, proxies=proxy)
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
|
||||
def __get_hardware(target, agent=None, proxy=None):
|
||||
def __get_hardware(target, agent=None, proxy=None, verbose=False):
|
||||
"""
|
||||
collect all the hardware information from an exploitable target
|
||||
"""
|
||||
req = __get_raw_data(target, 'hw-sys', agent=agent, proxy=proxy)
|
||||
req = __get_raw_data(target, 'hw-sys', agent=agent, proxy=proxy, verbose=verbose)
|
||||
if not req.status_code == 200:
|
||||
return None
|
||||
logger.info(set_color(
|
||||
|
|
@ -76,6 +94,9 @@ def __get_hardware(target, agent=None, proxy=None):
|
|||
tree = html.fromstring(req.content)
|
||||
raw = tree.xpath('//td[@class="r1"]/text()')
|
||||
bios_functions = tree.xpath('//td[@class="r1"]/table//td/text()')
|
||||
# find the hardware information
|
||||
# and output the hardware data
|
||||
# from the raw data found
|
||||
data = {
|
||||
'platform': {
|
||||
'model': raw[0],
|
||||
|
|
@ -107,6 +128,7 @@ def main_intel_amt(url, agent=None, proxy=None, **kwargs):
|
|||
main attack method to be called
|
||||
"""
|
||||
do_ip_address = kwargs.get("do_ip", False)
|
||||
verbose = kwargs.get("verbose", False)
|
||||
proxy = proxy_string_to_dict(proxy) or None
|
||||
agent = agent or DEFAULT_USER_AGENT
|
||||
if do_ip_address:
|
||||
|
|
@ -132,7 +154,7 @@ def main_intel_amt(url, agent=None, proxy=None, **kwargs):
|
|||
"attempting to connect to '{}' and get hardware info...".format(url)
|
||||
))
|
||||
try:
|
||||
json_data = __get_hardware(url, agent=agent, proxy=proxy)
|
||||
json_data = __get_hardware(url, agent=agent, proxy=proxy, verbose=verbose)
|
||||
if json_data is None:
|
||||
logger.error(set_color(
|
||||
"unable to get any information, skipping...", level=40
|
||||
|
|
@ -164,6 +186,6 @@ def main_intel_amt(url, agent=None, proxy=None, **kwargs):
|
|||
pass
|
||||
else:
|
||||
logger.exception(set_color(
|
||||
"ran into exception '{}', cannot continue...".format(e)
|
||||
"ran into exception '{}', cannot continue...".format(e), level=50
|
||||
))
|
||||
request_issue_creation()
|
||||
|
|
|
|||
|
|
@ -53,6 +53,11 @@ class SqlmapHook(object):
|
|||
to_check = str(json.loads(req.content)["tasks"]).lower()
|
||||
found = ''.join(id_re.findall(to_check))
|
||||
if len(found) > 16:
|
||||
# split the found ID by 16 characters each time one is found to be over 16 characters
|
||||
# IE ['abcdee345593fffa', '2222aaa449837cc9']
|
||||
# if any of these items are not in the already used container, then chances are that's the
|
||||
# item we're looking for.
|
||||
# this will also allow you to go back to the same item more then once.
|
||||
data_found = [found[i:i+split_by] for i in range(0, len(found), split_by)]
|
||||
for item in data_found:
|
||||
if item not in lib.core.settings.ALREADY_USED:
|
||||
|
|
@ -71,6 +76,22 @@ class SqlmapHook(object):
|
|||
data_dict = {"url": self.to_scan}
|
||||
if opts is not None:
|
||||
for i in range(0, len(opts)):
|
||||
# if the options are passed they will be placed as a dict
|
||||
# IE {'level': 5, 'risk': 3}
|
||||
# from there they will be added into the post data dict what this
|
||||
# will accomplish is that it will take precedence over the already
|
||||
# set data on the sqlmap API client and replace that data with the
|
||||
# data that is provided.
|
||||
# IE
|
||||
# {
|
||||
# 'level': 1,
|
||||
# 'risk': 1,
|
||||
# }
|
||||
# will become
|
||||
# {
|
||||
# 'level': '5',
|
||||
# 'risk': '3',
|
||||
# }
|
||||
data_dict[opts[i][0]] = opts[i][1]
|
||||
post_data = json.dumps(data_dict)
|
||||
req = urllib2.Request(start_scan_url, data=post_data, headers=self.headers)
|
||||
|
|
@ -92,6 +113,12 @@ class SqlmapHook(object):
|
|||
)
|
||||
already_displayed = set()
|
||||
while current_status == "running":
|
||||
# while the current status evaluates to `running`
|
||||
# we can load the JSON data and output the log information
|
||||
# we will skip over information that has already been provided
|
||||
# by using the already displayed container set.
|
||||
# this will allow us to only output information that we
|
||||
# have not seen yet.
|
||||
current_status = json.loads(requests.get(running_status_url).content)["status"]
|
||||
log_req = requests.get(running_log_url)
|
||||
log_json = json.loads(log_req.content)
|
||||
|
|
@ -126,6 +153,11 @@ def sqlmap_scan_main(url, port=None, verbose=None, opts=None, auto_start=False):
|
|||
"""
|
||||
create argument tuples for the sqlmap arguments passed by the user
|
||||
"""
|
||||
# create the dict to pass to the sqlmap hook
|
||||
# basically it will just take the key and value
|
||||
# for the argument tuples and create a dictionary
|
||||
# out of them.
|
||||
# IE ('level', '5') -> {'level': '5'}
|
||||
return {key: value for key, value in opts}
|
||||
|
||||
is_started = lib.core.settings.search_for_process("sqlmapapi.py")
|
||||
|
|
|
|||
|
|
@ -37,13 +37,18 @@ except NameError:
|
|||
raw_input = input # Python 3
|
||||
|
||||
# get the master patch ID when a patch is pushed to the program
|
||||
|
||||
PATCH_ID = str(subprocess.check_output(["git", "rev-parse", "origin/master"]))[:6]
|
||||
# clone link
|
||||
|
||||
CLONE = "https://github.com/ekultek/zeus-scanner.git"
|
||||
# current version <major.minor.commit.patch ID>
|
||||
VERSION = "1.1.18".format(PATCH_ID)
|
||||
|
||||
VERSION = "1.1.19".format(PATCH_ID)
|
||||
# colors to output depending on the version
|
||||
|
||||
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
|
||||
|
||||
# version string formatting
|
||||
if VERSION.count(".") == 1:
|
||||
VERSION_STRING = "\033[92mv{}\033[0m(\033[{}m\033[1mstable\033[0m)".format(VERSION, VERSION_TYPE_COLORS["stable"])
|
||||
|
|
@ -51,8 +56,10 @@ elif VERSION.count(".") <= 2:
|
|||
VERSION_STRING = "\033[92mv{}\033[0m(\033[{}m\033[1mdev\033[0m)".format(VERSION, VERSION_TYPE_COLORS["dev"])
|
||||
else:
|
||||
VERSION_STRING = "\033[92mv{}\033[0m(\033[{}m\033[1mrevision\033[0m)".format(VERSION, VERSION_TYPE_COLORS["other"])
|
||||
|
||||
# zeus-scanners saying
|
||||
SAYING = "Advanced Dork Searching..."
|
||||
|
||||
# sexy banner
|
||||
BANNER = """\033[36m
|
||||
__ __________ __
|
||||
|
|
@ -62,61 +69,88 @@ BANNER = """\033[36m
|
|||
\_\ /_______ \___ >____//____ > /_/
|
||||
\/ \/ \/ {}
|
||||
\t{}\n\t\t{}\033[0m""".format(VERSION_STRING, CLONE, SAYING)
|
||||
|
||||
# default user agent if another one isn't given
|
||||
# reference for best practices: https://docs.developer.amazonservices.com/en_US/dev_guide/DG_UserAgentHeader.html
|
||||
DEFAULT_USER_AGENT = "Zeus-Scanner/{} (Language=Python/{}; Platform={})".format(
|
||||
VERSION, sys.version.split(" ")[0], platform.platform().split("-")[0]
|
||||
)
|
||||
# regex to find GET params in a URL, IE php?id=
|
||||
URL_QUERY_REGEX = re.compile(r"(.*)[?|#](.*){1}\=(.*)")
|
||||
# regex to recognize a URL
|
||||
URL_REGEX = re.compile(r"((https?):((//)|(\\\\))+([\w\d:#@%/;$()~_?\+-=\\\.&](#!)?)*)")
|
||||
|
||||
# path to the checksum
|
||||
CHECKSUM_PATH = "{}/etc/checksum/md5sum.md5".format(os.getcwd())
|
||||
|
||||
# geckodriver version information path, grabs the file that was installed on your system
|
||||
GECKO_VERSION_INFO_PATH = "{}/bin/version_info".format(os.getcwd())
|
||||
# attempt to fix the program install error
|
||||
FIX_PROGRAM_INSTALL_PATH = "{}/etc/scripts/fix_pie.sh".format(os.getcwd())
|
||||
# path to the auto clean tool
|
||||
CLEANUP_TOOL_PATH = "{}/etc/scripts/cleanup.sh".format(os.getcwd())
|
||||
# path to tool to launch sqlmap API
|
||||
LAUNCH_SQLMAP_API_TOOL = "{}/etc/scripts/launch_sqlmap_api.sh".format(os.getcwd())
|
||||
# path to nmap installer
|
||||
NMAP_INSTALLER_TOOL = "{}/etc/scripts/install_nmap.sh".format(os.getcwd())
|
||||
# clickjacking HTML test page path
|
||||
CLICKJACKING_TEST_PAGE_PATH = "{}/etc/html/clickjacking_test_page.html".format(os.getcwd())
|
||||
|
||||
# path to check if the program has been executed or not
|
||||
EXECUTED_PATH = "{}/bin/executed.txt".format(os.getcwd())
|
||||
|
||||
# paths to sqlmap and nmap
|
||||
TOOL_PATHS = "{}/bin/paths/path_config.ini".format(os.getcwd())
|
||||
# path to write the HTML in
|
||||
CLICKJACKING_RESULTS_PATH = "{}/log/clickjacking-log".format(os.getcwd())
|
||||
# the log for found admin pages on a site
|
||||
ADMIN_PAGE_FILE_PATH = "{}/log/admin-page-log".format(os.getcwd())
|
||||
# path to the sitemap log file
|
||||
SITEMAP_FILE_LOG_PATH = "{}/log/sitemap-log".format(os.getcwd())
|
||||
# log path to the whois results
|
||||
WHOIS_RESULTS_LOG_PATH = "{}/log/whois".format(os.getcwd())
|
||||
# path to store robot.txt page in
|
||||
ROBOTS_PAGE_PATH = "{}/log/robots".format(os.getcwd())
|
||||
# URL's that are extracted from Google's ban URL
|
||||
EXTRACTED_URL_LOG = "{}/log/extracted-url-log".format(os.getcwd())
|
||||
# log path for the URL's that are found
|
||||
URL_LOG_PATH = "{}/log/url-log".format(os.getcwd())
|
||||
# log path for port scans
|
||||
PORT_SCAN_LOG_PATH = "{}/log/scanner-log".format(os.getcwd())
|
||||
# blackwidow log path
|
||||
SPIDER_LOG_PATH = "{}/log/blackwidow-log".format(os.getcwd())
|
||||
# the current log file being used
|
||||
CURRENT_LOG_FILE_PATH = "{}/log".format(os.getcwd())
|
||||
# nmap's manual page for their options
|
||||
NMAP_MAN_PAGE_URL = "https://nmap.org/book/man-briefoptions.html"
|
||||
# sqlmap's manual page for their options
|
||||
SQLMAP_MAN_PAGE_URL = "https://github.com/sqlmapproject/sqlmap/wiki/Usage"
|
||||
# whois API link
|
||||
WHOIS_JSON_LINK = "https://jsonwhoisapi.com/api/v1/whois?identifier={}"
|
||||
|
||||
# attempt to fix the program install error
|
||||
FIX_PROGRAM_INSTALL_PATH = "{}/etc/scripts/fix_pie.sh".format(os.getcwd())
|
||||
|
||||
# path to the auto clean tool
|
||||
CLEANUP_TOOL_PATH = "{}/etc/scripts/cleanup.sh".format(os.getcwd())
|
||||
|
||||
# path to tool to launch sqlmap API
|
||||
LAUNCH_SQLMAP_API_TOOL = "{}/etc/scripts/launch_sqlmap_api.sh".format(os.getcwd())
|
||||
|
||||
# path to nmap installer
|
||||
NMAP_INSTALLER_TOOL = "{}/etc/scripts/install_nmap.sh".format(os.getcwd())
|
||||
|
||||
# clickjacking HTML test page path
|
||||
CLICKJACKING_TEST_PAGE_PATH = "{}/etc/html/clickjacking_test_page.html".format(os.getcwd())
|
||||
|
||||
# holder for sqlmap API ID hashes, makes it so that they are all unique
|
||||
ALREADY_USED = set()
|
||||
|
||||
# path to write the HTML in
|
||||
CLICKJACKING_RESULTS_PATH = "{}/log/clickjacking-log".format(os.getcwd())
|
||||
|
||||
# the log for found admin pages on a site
|
||||
ADMIN_PAGE_FILE_PATH = "{}/log/admin-page-log".format(os.getcwd())
|
||||
|
||||
# path to the sitemap log file
|
||||
SITEMAP_FILE_LOG_PATH = "{}/log/sitemap-log".format(os.getcwd())
|
||||
|
||||
# log path to the whois results
|
||||
WHOIS_RESULTS_LOG_PATH = "{}/log/whois".format(os.getcwd())
|
||||
|
||||
# path to store robot.txt page in
|
||||
ROBOTS_PAGE_PATH = "{}/log/robots".format(os.getcwd())
|
||||
|
||||
# URL's that are extracted from Google's ban URL
|
||||
EXTRACTED_URL_LOG = "{}/log/extracted-url-log".format(os.getcwd())
|
||||
|
||||
# log path for the URL's that are found
|
||||
URL_LOG_PATH = "{}/log/url-log".format(os.getcwd())
|
||||
|
||||
# log path for port scans
|
||||
PORT_SCAN_LOG_PATH = "{}/log/scanner-log".format(os.getcwd())
|
||||
|
||||
# blackwidow log path
|
||||
SPIDER_LOG_PATH = "{}/log/blackwidow-log".format(os.getcwd())
|
||||
|
||||
# the current log file being used
|
||||
CURRENT_LOG_FILE_PATH = "{}/log".format(os.getcwd())
|
||||
|
||||
# nmap's manual page for their options
|
||||
NMAP_MAN_PAGE_URL = "https://nmap.org/book/man-briefoptions.html"
|
||||
|
||||
# sqlmap's manual page for their options
|
||||
SQLMAP_MAN_PAGE_URL = "https://github.com/sqlmapproject/sqlmap/wiki/Usage"
|
||||
|
||||
# whois API link
|
||||
WHOIS_JSON_LINK = "https://jsonwhoisapi.com/api/v1/whois?identifier={}"
|
||||
|
||||
# regex to find GET params in a URL, IE php?id=
|
||||
URL_QUERY_REGEX = re.compile(r"(.*)[?|#](.*){1}\=(.*)")
|
||||
|
||||
# regex to recognize a URL
|
||||
URL_REGEX = re.compile(r"((https?):((//)|(\\\\))+([\w\d:#@%/;$()~_?\+-=\\\.&](#!)?)*)")
|
||||
|
||||
# search engines that the application can use
|
||||
AUTHORIZED_SEARCH_ENGINES = {
|
||||
"aol": "http://aol.com",
|
||||
|
|
@ -124,38 +158,26 @@ AUTHORIZED_SEARCH_ENGINES = {
|
|||
"duckduckgo": "http://duckduckgo.com/html",
|
||||
"google": "http://google.com"
|
||||
}
|
||||
|
||||
# extensions to exclude from the spider
|
||||
SPIDER_EXT_EXCLUDE = (
|
||||
"3ds", "3g2", "3gp", "7z", "DS_Store",
|
||||
"a", "aac", "adp", "ai", "aif", "aiff",
|
||||
"apk", "ar", "asf", "au", "avi", "bak",
|
||||
"bin", "bk", "bmp", "btif", "bz2", "cab",
|
||||
"caf", "cgm", "cmx", "cpio", "cr2", "dat",
|
||||
"deb", "djvu", "dll", "dmg", "dmp", "dng",
|
||||
"doc", "docx", "dot", "dotx", "dra", "dsk",
|
||||
"dts", "dtshd", "dvb", "dwg", "dxf", "ear",
|
||||
"ecelp4800", "ecelp7470", "ecelp9600", "egg",
|
||||
"eol", "eot", "epub", "exe", "f4v", "fbs", "fh",
|
||||
"fla", "flac", "fli", "flv", "fpx", "fst", "fvt",
|
||||
"g3", "gif", "gz", "h261", "h263", "h264", "ico",
|
||||
"ief", "image", "img", "ipa", "iso", "jar", "jpeg",
|
||||
"jpg", "jpgv", "jpm", "jxr", "ktx", "lvp", "lz",
|
||||
"lzma", "lzo", "m3u", "m4a", "m4v", "mar", "mdi",
|
||||
"mid", "mj2", "mka", "mkv", "mmr", "mng", "mov",
|
||||
"movie", "mp3", "mp4", "mp4a", "mpeg", "mpg",
|
||||
"mpga", "mxu", "nef", "npx", "o", "oga", "ogg",
|
||||
"ogv", "otf", "pbm", "pcx", "pdf", "pea", "pgm",
|
||||
"pic", "png", "pnm", "ppm", "pps", "ppt", "pptx",
|
||||
"ps", "psd", "pya", "pyc", "pyo", "pyv", "qt", "rar",
|
||||
"ras", "raw", "rgb", "rip", "rlc", "rz", "s3m", "s7z",
|
||||
"scm", "scpt", "sgi", "shar", "sil", "smv", "so", "sub",
|
||||
"swf", "tar", "tbz2", "tga", "tgz", "tif", "tiff", "tlz",
|
||||
"ts", "ttf", "uvh", "uvi", "uvm", "uvp", "uvs", "uvu",
|
||||
"viv", "vob", "war", "wav", "wax", "wbmp", "wdp", "weba",
|
||||
"webm", "webp", "whl", "wm", "wma", "wmv", "wmx", "woff",
|
||||
"woff2", "wvx", "xbm", "xif", "xls", "xlsx", "xlt", "xm",
|
||||
"xpi", "xpm", "xwd", "xz", "z", "zip", "zipx"
|
||||
"3ds", "3g2", "3gp", "7z", "DS_Store", "a", "aac", "adp", "ai", "aif", "aiff",
|
||||
"apk", "ar", "asf", "au", "avi", "bak", "bin", "bk", "bmp", "btif", "bz2", "cab",
|
||||
"caf", "cgm", "cmx", "cpio", "cr2", "dat", "deb", "djvu", "dll", "dmg", "dmp", "dng",
|
||||
"doc", "docx", "dot", "dotx", "dra", "dsk", "dts", "dtshd", "dvb", "dwg", "dxf", "ear",
|
||||
"ecelp4800", "ecelp7470", "ecelp9600", "egg", "eol", "eot", "epub", "exe", "f4v", "fbs", "fh",
|
||||
"fla", "flac", "fli", "flv", "fpx", "fst", "fvt", "g3", "gif", "gz", "h261", "h263", "h264", "ico", "ief",
|
||||
"image", "img", "ipa", "iso", "jar", "jpeg", "jpg", "jpgv", "jpm", "jxr", "ktx", "lvp", "lz", "lzma",
|
||||
"lzo", "m3u", "m4a", "m4v", "mar", "mdi", "mid", "mj2", "mka", "mkv", "mmr", "mng", "mov", "movie", "mp3",
|
||||
"mp4", "mp4a", "mpeg", "mpg", "mpga", "mxu", "nef", "npx", "o", "oga", "ogg", "ogv", "otf", "pbm", "pcx",
|
||||
"pdf", "pea", "pgm", "pic", "png", "pnm", "ppm", "pps", "ppt", "pptx", "ps", "psd", "pya", "pyc", "pyo",
|
||||
"pyv", "qt", "rar", "ras", "raw", "rgb", "rip", "rlc", "rz", "s3m", "s7z", "scm", "scpt", "sgi", "shar",
|
||||
"sil", "smv", "so", "sub", "swf", "tar", "tbz2", "tga", "tgz", "tif", "tiff", "tlz", "ts", "ttf", "uvh",
|
||||
"uvi", "uvm", "uvp", "uvs", "uvu", "viv", "vob", "war", "wav", "wax", "wbmp", "wdp", "weba", "webm", "webp",
|
||||
"whl", "wm", "wma", "wmv", "wmx", "woff", "woff2", "wvx", "xbm", "xif", "xls", "xlsx", "xlt", "xm", "xpi",
|
||||
"xpm", "xwd", "xz", "z", "zip", "zipx"
|
||||
)
|
||||
|
||||
# urls to exclude from being grabbed during the searching
|
||||
URL_EXCLUDES = (
|
||||
"maps.google", "play.google", "youtube",
|
||||
|
|
@ -165,6 +187,7 @@ URL_EXCLUDES = (
|
|||
"plus.google", "www.w3.org", "schemas.live.com",
|
||||
"torproject.org"
|
||||
)
|
||||
|
||||
# regular expressions used for DBMS recognition based on error message response
|
||||
DBMS_ERRORS = {
|
||||
"MySQL": (r"SQL syntax.*MySQL", r"Warning.*mysql_.*", r"valid MySQL result", r"MySqlClient\."),
|
||||
|
|
@ -447,10 +470,10 @@ def fix_log_file(logfile=get_latest_log_file(CURRENT_LOG_FILE_PATH)):
|
|||
with open(logfile, "r+") as to_fix:
|
||||
for line in to_fix.readlines():
|
||||
retval += escape_seq_regex.sub("", line)
|
||||
open(logfile, "w").close()
|
||||
open(logfile, "w").close() # completely erase the log file
|
||||
with open(logfile, "a+") as fixed:
|
||||
for line in retval.split("\n"):
|
||||
fixed.write(line + "\n")
|
||||
fixed.write(line + "\n") # rewrite everything back to normal
|
||||
|
||||
|
||||
def write_to_log_file(data_to_write, path, filename):
|
||||
|
|
@ -465,10 +488,12 @@ def write_to_log_file(data_to_write, path, filename):
|
|||
)
|
||||
with open(full_file_path, "a+") as log:
|
||||
data = re.sub(r'\s+', '', log.read())
|
||||
if re.match(r'^<.+>$', data):
|
||||
if re.match(r'^<.+>$', data): # matches HTML and XML
|
||||
try:
|
||||
log.write(etree.tostring(data_to_write, pretty_print=True))
|
||||
except TypeError:
|
||||
# usually happens when the file already exists
|
||||
# TODO:/ skip writing to the file, or write to the file with a (1), (2), etc at the end
|
||||
logger.warning(set_color(
|
||||
"unable to serialize {} data, writing as plain text...".format(
|
||||
filename.split(".")[-1].upper()
|
||||
|
|
@ -622,6 +647,11 @@ def config_search_engine(**kwargs):
|
|||
non_default_msg
|
||||
))
|
||||
se = AUTHORIZED_SEARCH_ENGINES["bing"]
|
||||
elif enum is not None:
|
||||
logger.info(set_color(
|
||||
"running enumeration on given file '{}'...".format(enum)
|
||||
))
|
||||
se = None
|
||||
else:
|
||||
if verbose:
|
||||
logger.debug(set_color(
|
||||
|
|
@ -629,7 +659,7 @@ def config_search_engine(**kwargs):
|
|||
))
|
||||
logger.info(set_color(
|
||||
"using default search engine..."
|
||||
)) if enum is None else ""
|
||||
))
|
||||
se = AUTHORIZED_SEARCH_ENGINES["google"]
|
||||
return se
|
||||
|
||||
|
|
@ -708,7 +738,7 @@ def create_random_ip():
|
|||
|
||||
generated = __get_nodes()
|
||||
if generated == "0.0.0.0" or "255.255.255.255":
|
||||
generated = __get_nodes()
|
||||
generated = __get_nodes() # if it isn't a real IP regenerate it
|
||||
return generated
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ def request_issue_creation():
|
|||
}
|
||||
|
||||
_json_data = json.dumps(issue_data)
|
||||
if sys.version_info > (3,):
|
||||
if sys.version_info > (3,): # python 3
|
||||
_json_data = _json_data.encode("utf-8")
|
||||
|
||||
try:
|
||||
|
|
|
|||
|
|
@ -5,12 +5,12 @@ import shlex
|
|||
import subprocess
|
||||
|
||||
try:
|
||||
from urllib import (
|
||||
unquote,
|
||||
from urllib import ( # python 2
|
||||
unquote
|
||||
)
|
||||
except ImportError:
|
||||
from urllib.parse import (
|
||||
unquote,
|
||||
from urllib.parse import ( # python 3
|
||||
unquote
|
||||
)
|
||||
|
||||
import requests
|
||||
|
|
@ -62,7 +62,7 @@ def strip_leftovers(url, possibles):
|
|||
return url
|
||||
|
||||
|
||||
def bypass_ip_block(url):
|
||||
def extract_ip_ban(url):
|
||||
"""
|
||||
bypass Google's IP blocking by extracting the true URL from the ban URL.
|
||||
"""
|
||||
|
|
@ -277,7 +277,7 @@ def get_urls(query, url, verbose=False, warning=True, **kwargs):
|
|||
"it appears that Google is attempting to block your IP address, attempting bypass...", level=30
|
||||
))
|
||||
try:
|
||||
retval = bypass_ip_block(retval)
|
||||
retval = extract_ip_ban(retval)
|
||||
do_continue = prompt(
|
||||
"zeus was able to successfully extract the URL from Google's ban URL "
|
||||
"it is advised to shutdown zeus and attempt to extract the URL's manually. "
|
||||
|
|
|
|||
Loading…
Reference in a new issue