mirror of
https://github.com/Ekultek/Zeus-Scanner.git
synced 2026-03-11 08:55:51 +00:00
moved the run attacks function to the settings file
This commit is contained in:
parent
0151d26449
commit
d258803efc
2 changed files with 119 additions and 119 deletions
|
|
@ -28,8 +28,17 @@ from lxml import etree
|
|||
import bin.unzip_gecko
|
||||
import lib.core.errors
|
||||
|
||||
from lib.attacks.admin_panel_finder import main
|
||||
from lib.attacks.xss_scan import main_xss
|
||||
from lib.attacks.whois_lookup.whois import whois_lookup_main
|
||||
from lib.attacks.clickjacking_scan import clickjacking_main
|
||||
from lib.attacks.sqlmap_scan.sqlmap_opts import SQLMAP_API_OPTIONS
|
||||
from lib.attacks.nmap_scan.nmap_opts import NMAP_API_OPTS
|
||||
from lib.attacks import (
|
||||
nmap_scan,
|
||||
sqlmap_scan,
|
||||
intel_me
|
||||
)
|
||||
|
||||
try:
|
||||
raw_input # Python 2
|
||||
|
|
@ -44,7 +53,7 @@ PATCH_ID = str(subprocess.check_output(["git", "rev-parse", "origin/master"]))[:
|
|||
CLONE = "https://github.com/ekultek/zeus-scanner.git"
|
||||
|
||||
# current version <major.minor.commit.patch ID>
|
||||
VERSION = "1.1.24".format(PATCH_ID)
|
||||
VERSION = "1.1.25".format(PATCH_ID)
|
||||
# colors to output depending on the version
|
||||
|
||||
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
|
||||
|
|
@ -509,7 +518,7 @@ def write_to_log_file(data_to_write, path, filename):
|
|||
log.write(etree.tostring(data_to_write, pretty_print=True))
|
||||
except TypeError:
|
||||
return write_to_log_file(data_to_write, path, new_filename)
|
||||
elif amount > 0:
|
||||
elif amount > 0 and "url-log" not in filename:
|
||||
return write_to_log_file(data_to_write, path, new_filename)
|
||||
else:
|
||||
if isinstance(data_to_write, list):
|
||||
|
|
@ -804,3 +813,104 @@ def deprecation(target_version, function, *args, **kwargs):
|
|||
)
|
||||
)
|
||||
return function(args, kwargs)
|
||||
|
||||
|
||||
def run_attacks(url, **kwargs):
|
||||
"""
|
||||
run the attacks if any are requested
|
||||
"""
|
||||
nmap = kwargs.get("nmap", False)
|
||||
sqlmap = kwargs.get("sqlmap", False)
|
||||
intel = kwargs.get("intel", False)
|
||||
xss = kwargs.get("xss", False)
|
||||
admin = kwargs.get("admin", False)
|
||||
verbose = kwargs.get("verbose", False)
|
||||
whois = kwargs.get("whois", False)
|
||||
clickjacking = kwargs.get("clickjacking", False)
|
||||
auto_start = kwargs.get("auto_start", False)
|
||||
sqlmap_arguments = kwargs.get("sqlmap_args", None)
|
||||
nmap_arguments = kwargs.get("nmap_args", None)
|
||||
run_ip_address = kwargs.get("run_ip", False)
|
||||
show_all = kwargs.get("show_all", False)
|
||||
do_threading = kwargs.get("do_threading", False)
|
||||
batch = kwargs.get("batch", False)
|
||||
tamper_script = kwargs.get("tamper_script", None)
|
||||
timeout = kwargs.get("timeout", None)
|
||||
forwarded = kwargs.get("xforward", None)
|
||||
proxy = kwargs.get("proxy", None)
|
||||
agent = kwargs.get("agent", None)
|
||||
|
||||
__enabled_attacks = {
|
||||
"sqlmap": sqlmap,
|
||||
"port": nmap,
|
||||
"xss": xss,
|
||||
"admin": admin,
|
||||
"intel": intel,
|
||||
"whois": whois,
|
||||
"clickjacking": clickjacking
|
||||
}
|
||||
|
||||
enabled = set()
|
||||
for key in __enabled_attacks.keys():
|
||||
if __enabled_attacks[key] is True:
|
||||
enabled.add(key)
|
||||
if len(enabled) > 1:
|
||||
logger.error(set_color(
|
||||
"it appears that you have enabled multiple attack types, "
|
||||
"as of now only 1 attack is supported at a time, choose "
|
||||
"your attack and try again. You can use the -f flag if "
|
||||
"you do not want to complete an entire search again "
|
||||
"(IE -f /home/me/zeus-scanner/log/url-log/url-log-1.log)...", level=40
|
||||
))
|
||||
shutdown()
|
||||
|
||||
if not batch:
|
||||
question = prompt(
|
||||
"would you like to process found URL: '{}'".format(url), opts=["y", "N"]
|
||||
)
|
||||
else:
|
||||
question = "y"
|
||||
|
||||
if question.lower().startswith("y"):
|
||||
if sqlmap:
|
||||
return sqlmap_scan.sqlmap_scan_main(
|
||||
url.strip(), verbose=verbose,
|
||||
opts=create_arguments(sqlmap=True, sqlmap_args=sqlmap_arguments), auto_start=auto_start)
|
||||
elif nmap:
|
||||
url_ip_address = replace_http(url.strip())
|
||||
return nmap_scan.perform_port_scan(
|
||||
url_ip_address, verbose=verbose,
|
||||
opts=create_arguments(nmap=True, nmap_args=nmap_arguments)
|
||||
)
|
||||
elif intel:
|
||||
url = get_true_url(url)
|
||||
return deprecation(
|
||||
"1.2", intel_me.main_intel_amt, url,
|
||||
verbose=verbose, proxy=proxy,
|
||||
do_ip=run_ip_address
|
||||
)
|
||||
elif admin:
|
||||
main(
|
||||
url, show=show_all,
|
||||
verbose=verbose, do_threading=do_threading, batch=batch
|
||||
)
|
||||
elif xss:
|
||||
if check_for_protection(PROTECTED, "xss"):
|
||||
main_xss(
|
||||
url, verbose=verbose, proxy=proxy,
|
||||
agent=agent, tamper=tamper_script, batch=batch
|
||||
)
|
||||
elif whois:
|
||||
whois_lookup_main(
|
||||
url, verbose=verbose, timeout=timeout
|
||||
)
|
||||
elif clickjacking:
|
||||
if check_for_protection(PROTECTED, "clickjacking"):
|
||||
clickjacking_main(url, agent=agent, proxy=proxy,
|
||||
forward=forwarded, batch=batch)
|
||||
else:
|
||||
pass
|
||||
else:
|
||||
logger.warning(set_color(
|
||||
"skipping '{}'...".format(url), level=30
|
||||
))
|
||||
|
|
|
|||
124
zeus.py
124
zeus.py
|
|
@ -15,22 +15,13 @@ from var import blackwidow
|
|||
from var.google_search import search
|
||||
from var.auto_issue.github import request_issue_creation
|
||||
from lib.header_check import main_header_check
|
||||
from lib.attacks.admin_panel_finder import main
|
||||
from lib.attacks.xss_scan import main_xss
|
||||
from lib.attacks.nmap_scan.nmap_opts import NMAP_API_OPTS
|
||||
from lib.attacks.sqlmap_scan.sqlmap_opts import SQLMAP_API_OPTIONS
|
||||
from lib.attacks.whois_lookup.whois import whois_lookup_main
|
||||
from lib.attacks.clickjacking_scan import clickjacking_main
|
||||
|
||||
from lib.core.errors import (
|
||||
InvalidInputProvided,
|
||||
InvalidProxyType
|
||||
)
|
||||
from lib.attacks import (
|
||||
nmap_scan,
|
||||
sqlmap_scan,
|
||||
intel_me
|
||||
)
|
||||
from lib.core.settings import (
|
||||
setup,
|
||||
BANNER,
|
||||
|
|
@ -41,7 +32,6 @@ from lib.core.settings import (
|
|||
get_latest_log_file,
|
||||
CURRENT_LOG_FILE_PATH,
|
||||
URL_LOG_PATH,
|
||||
replace_http,
|
||||
prompt,
|
||||
get_random_dork,
|
||||
update_zeus,
|
||||
|
|
@ -49,16 +39,12 @@ from lib.core.settings import (
|
|||
URL_REGEX, URL_QUERY_REGEX,
|
||||
NMAP_MAN_PAGE_URL,
|
||||
SQLMAP_MAN_PAGE_URL,
|
||||
get_true_url,
|
||||
fix_log_file,
|
||||
SPIDER_LOG_PATH,
|
||||
config_headers,
|
||||
config_search_engine,
|
||||
find_running_opts,
|
||||
create_arguments,
|
||||
PROTECTED,
|
||||
check_for_protection,
|
||||
deprecation
|
||||
run_attacks,
|
||||
)
|
||||
|
||||
|
||||
|
|
@ -259,106 +245,6 @@ if __name__ == "__main__":
|
|||
))
|
||||
http_client.HTTPConnection.debuglevel = 1
|
||||
|
||||
def __choose_attack(choice, attacks):
|
||||
while True:
|
||||
if int(choice) in range(len(attacks)):
|
||||
return int(choice)
|
||||
else:
|
||||
logger.warning(set_color(
|
||||
"{} is not a valid choice...".format(choice)
|
||||
))
|
||||
|
||||
|
||||
def __run_attacks(url, **kwargs):
|
||||
"""
|
||||
run the attacks if any are requested
|
||||
"""
|
||||
nmap = kwargs.get("nmap", False)
|
||||
sqlmap = kwargs.get("sqlmap", False)
|
||||
intel = kwargs.get("intel", False)
|
||||
xss = kwargs.get("xss", False)
|
||||
admin = kwargs.get("admin", False)
|
||||
verbose = kwargs.get("verbose", False)
|
||||
whois = kwargs.get("whois", False)
|
||||
clickjacking = kwargs.get("clickjacking", False)
|
||||
batch = kwargs.get("batch", False)
|
||||
auto_start = kwargs.get("auto_start", False)
|
||||
|
||||
__enabled_attacks = {
|
||||
"sqlmap": opt.runSqliScan,
|
||||
"port": opt.runPortScan,
|
||||
"xss": opt.runXssScan,
|
||||
"admin": opt.adminPanelFinder,
|
||||
"intel": opt.intelCheck,
|
||||
"whois": opt.performWhoisLookup,
|
||||
"clickjacking": opt.performClickjackingScan
|
||||
}
|
||||
|
||||
enabled = set()
|
||||
for key in __enabled_attacks.keys():
|
||||
if __enabled_attacks[key] is True:
|
||||
enabled.add(key)
|
||||
if len(enabled) > 1:
|
||||
logger.error(set_color(
|
||||
"it appears that you have enabled multiple attack types, "
|
||||
"as of now only 1 attack is supported at a time, choose "
|
||||
"your attack and try again. You can use the -f flag if "
|
||||
"you do not want to complete an entire search again "
|
||||
"(IE -f /home/me/zeus-scanner/log/url-log/url-log-1.log)...", level=40
|
||||
))
|
||||
shutdown()
|
||||
|
||||
if not batch:
|
||||
question = prompt(
|
||||
"would you like to process found URL: '{}'".format(url), opts=["y", "N"]
|
||||
)
|
||||
else:
|
||||
question = "y"
|
||||
|
||||
if question.lower().startswith("y"):
|
||||
if sqlmap:
|
||||
return sqlmap_scan.sqlmap_scan_main(
|
||||
url.strip(), verbose=verbose,
|
||||
opts=create_arguments(sqlmap=True, sqlmap_args=opt.sqlmapArguments), auto_start=auto_start)
|
||||
elif nmap:
|
||||
url_ip_address = replace_http(url.strip())
|
||||
return nmap_scan.perform_port_scan(
|
||||
url_ip_address, verbose=verbose,
|
||||
opts=create_arguments(nmap=True, nmap_args=opt.nmapArguments)
|
||||
)
|
||||
elif intel:
|
||||
url = get_true_url(url)
|
||||
return deprecation(
|
||||
"1.2", intel_me.main_intel_amt, url,
|
||||
verbose=opt.runInVerbose, proxy=proxy_to_use,
|
||||
do_ip=opt.runAgainstIpAddress
|
||||
)
|
||||
elif admin:
|
||||
main(
|
||||
url, show=opt.showAllConnections,
|
||||
verbose=verbose, do_threading=opt.threadPanels, batch=opt.runInBatch
|
||||
)
|
||||
elif xss:
|
||||
if check_for_protection(PROTECTED, "xss"):
|
||||
main_xss(
|
||||
url, verbose=verbose, proxy=proxy_to_use,
|
||||
agent=agent_to_use, tamper=opt.tamperXssPayloads, batch=opt.runInBatch
|
||||
)
|
||||
elif whois:
|
||||
whois_lookup_main(
|
||||
url, verbose=opt.runInVerbose, timeout=opt.controlTimeout
|
||||
)
|
||||
elif clickjacking:
|
||||
if check_for_protection(PROTECTED, "clickjacking"):
|
||||
clickjacking_main(url, agent=agent_to_use, proxy=proxy_to_use,
|
||||
forward=opt.forwardedForRandomIP, batch=opt.runInBatch)
|
||||
else:
|
||||
pass
|
||||
else:
|
||||
logger.warning(set_color(
|
||||
"skipping '{}'...".format(url), level=30
|
||||
))
|
||||
|
||||
|
||||
def __run_attacks_main():
|
||||
"""
|
||||
|
|
@ -401,14 +287,18 @@ if __name__ == "__main__":
|
|||
url, verbose=opt.runInVerbose, agent=agent_to_use,
|
||||
proxy=proxy_to_use, xforward=opt.forwardedForRandomIP
|
||||
)
|
||||
__run_attacks(
|
||||
run_attacks(
|
||||
url.strip(),
|
||||
sqlmap=opt.runSqliScan, nmap=opt.runPortScan,
|
||||
intel=opt.intelCheck, xss=opt.runXssScan,
|
||||
whois=opt.performWhoisLookup, admin=opt.adminPanelFinder,
|
||||
clickjacking=opt.performClickjackingScan,
|
||||
verbose=opt.runInVerbose, batch=opt.runInBatch,
|
||||
auto_start=opt.autoStartSqlmap
|
||||
auto_start=opt.autoStartSqlmap, xforward=opt.forwardedForRandomIP,
|
||||
sqlmap_args=opt.sqlmapArguments, nmap_args=opt.nmapArguments,
|
||||
run_ip=opt.runAgainstIpAddress, show_all=opt.showAllConnections,
|
||||
do_threading=opt.threadPanels, tamper_script=opt.tamperXssPayloads,
|
||||
timeout=opt.controlTimeout, proxy=proxy_to_use, agent=agent_to_use
|
||||
)
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue