Zeus-Scanner/lib/core/parse.py
2018-02-10 19:30:39 -06:00

295 lines
No EOL
14 KiB
Python

import sys
from optparse import (
OptionParser,
OptionGroup,
SUPPRESS_HELP
)
import lib.core.settings
import lib.core.common
import lib.core.errors
import lib.attacks.nmap_scan.nmap_opts
import lib.attacks.sqlmap_scan.sqlmap_opts
class ZeusParser(OptionParser):
"""
Zeus's option parser
"""
def __init__(self):
OptionParser.__init__(self)
@staticmethod
def cmd_parser():
"""
command line parser, parses all of Zeus's arguments and flags
"""
parser = OptionParser(usage="./zeus.py -d|r|l|f|b DORK|FILE|URL [ATTACKS] [--OPTS]")
# mandatory options
mandatory = OptionGroup(parser, "Mandatory Options",
"These options have to be used in order for Zeus to run")
mandatory.add_option("-d", "--dork", dest="dorkToUse", metavar="DORK",
help="Specify a singular Google dork to use for queries")
mandatory.add_option("-l", "--dork-list", dest="dorkFileToUse", metavar="FILE-PATH",
help="Specify a file full of dorks to run through")
mandatory.add_option("-r", "--rand-dork", dest="useRandomDork", action="store_true",
help="Use a random dork from the etc/dorks.txt file to perform the scan")
mandatory.add_option("-b", "--blackwidow", dest="spiderWebSite", metavar="URL",
help="Spider a single webpage for all available URL's")
mandatory.add_option("-f", "--url-file", dest="fileToEnumerate", metavar="FILE-PATH",
help="Run an attack on URL's in a given file")
# being worked on
# TODO:/
mandatory.add_option("-u", "--url", dest="singleTargetRecon", metavar="URL",
help=SUPPRESS_HELP)
# attack options
attacks = OptionGroup(parser, "Attack arguments",
"These arguments will give you the choice on how you want to check the websites")
attacks.add_option("-s", "--sqli", dest="runSqliScan", action="store_true",
help="Run a Sqlmap SQLi scan on the discovered URL's")
attacks.add_option("-p", "--port-scan", dest="runPortScan", action="store_true",
help="Run a Nmap port scan on the discovered URL's")
attacks.add_option("-a", "--admin-panel", dest="adminPanelFinder", action="store_true",
help="Search for the websites admin panel")
attacks.add_option("-x", "--xss-scan", dest="runXssScan", action="store_true",
help="Run an XSS scan on the found URL's")
attacks.add_option("-w", "--whois-lookup", dest="performWhoisLookup", action="store_true",
help="Perform a WhoIs lookup on the provided domain")
attacks.add_option("-c", "--clickjacking", dest="performClickjackingScan", action="store_true",
help="Perform a clickjacking scan on a provided URL")
# being worked on
# TODO:/
attacks.add_option("-g", "--github-search", dest="searchGithub", action="store_true",
help=SUPPRESS_HELP)
attacks.add_option("-P", "--pgp", dest="pgpLookup", action="store_true",
help="Perform a PGP public key lookup on the found URLs")
attacks.add_option("--sqlmap-args", dest="sqlmapArguments", metavar="SQLMAP-ARGS",
help="Pass the arguments to send to the sqlmap API within quotes & "
"separated by a comma. IE 'dbms mysql, verbose 3, level 5'")
attacks.add_option("--sqlmap-conf", dest="sqlmapConfigFile", metavar="CONFIG-FILE-PATH",
help="Pass a configuration file that contains the sqlmap arguments")
attacks.add_option("--nmap-args", dest="nmapArguments", metavar="NMAP-ARGS",
help="Pass the arguments to send to the nmap API within quotes & "
"separated by a pipe. IE '-O|-p 445, 1080'")
attacks.add_option("--show-sqlmap", dest="showSqlmapArguments", action="store_true",
help="Show the arguments that the sqlmap API understands")
attacks.add_option("--show-nmap", dest="showNmapArgs", action="store_true",
help="Show the arguments that nmap understands")
attacks.add_option("--show-possibles", dest="showAllConnections", action="store_true",
help="Show all connections made during the admin panel search")
attacks.add_option("--tamper", dest="tamperXssPayloads", metavar="TAMPER-SCRIPT",
help="Send the XSS payloads through tampering before sending to the target")
# being worked on
# TODO:/
attacks.add_option("--thread", dest="threadPanels", action="store_true",
help=SUPPRESS_HELP)
attacks.add_option("--auto", dest="autoStartSqlmap", action="store_true",
help="Automatically start the sqlmap API (or at least try to)")
# search engine options
engines = OptionGroup(parser, "Search engine arguments",
"Arguments to change the search engine used (default is Google)")
engines.add_option("-D", "--search-engine-ddg", dest="useDDG", action="store_true",
help="Use DuckDuckGo as the search engine")
engines.add_option("-B", "--search-engine-bing", dest="useBing", action="store_true",
help="Use Bing as the search engine")
engines.add_option("-A", "--search-engine-aol", dest="useAOL", action="store_true",
help="Use AOL as the search engine")
# arguments to edit your search patterns
search_items = OptionGroup(parser, "Search options",
"Arguments that will control the search criteria")
search_items.add_option("-L", "--links", dest="amountToSearch", type=int, metavar="HOW-MANY-LINKS",
help="Specify how many links to try and search on Google")
search_items.add_option("-M", "--multi", dest="searchMultiplePages", action="store_true",
help="Search multiple pages of Google")
search_items.add_option("-E", "--exclude-none", dest="noExclude", action="store_true",
help="Do not exclude URLs because they do not have a GET(query) parameter in them")
search_items.add_option("-W", "--webcache", dest="parseWebcache", action="store_true",
help="Parse webcache URLs for the redirect in them")
search_items.add_option("--x-forward", dest="forwardedForRandomIP", action="store_true",
help="Add a header called 'X-Forwarded-For' with three random IP addresses")
search_items.add_option("--time-sec", dest="controlTimeout", metavar="SECONDS", type=int,
help="Control the sleep and timeout times in relevant situations")
search_items.add_option("--identify-waf", dest="identifyProtection", action="store_true",
help="Attempt to identify if the target is protected by some kind of "
"WAF/IDS/IPS")
# being worked on
# TODO:/
search_items.add_option("--force-ssl", dest="forceSSL", action="store_true",
help=SUPPRESS_HELP)
search_items.add_option("--identify-plugins", dest="identifyPlugin", action="store_true",
help="Attempt to identify what plugins the target is using")
# obfuscation options
anon = OptionGroup(parser, "Anonymity arguments",
"Arguments that help with anonymity and hiding identity")
anon.add_option("--proxy", dest="proxyConfig", metavar="PROXY-STRING",
help="Use a proxy to do the scraping, will not auto configure to the API's")
anon.add_option("--proxy-file", dest="proxyFileRand", metavar="FILE-PATH",
help="Grab a random proxy from a given file of proxies")
anon.add_option("--random-agent", dest="useRandomAgent", action="store_true",
help="Use a random user-agent from the etc/agents.txt file")
anon.add_option("--agent", dest="usePersonalAgent", metavar="USER-AGENT",
help="Use your own personal user-agent"),
anon.add_option("--tor", dest="useTor", action="store_true",
help="Use Tor connection as the proxy and set the firefox browser settings to mimic Tor")
# miscellaneous options
misc = OptionGroup(parser, "Misc Options",
"These options affect how the program will run")
misc.add_option("--verbose", dest="runInVerbose", action="store_true",
help="Run the application in verbose mode (more output)")
misc.add_option("--batch", dest="runInBatch", action="store_true",
help="Skip the questions and run in default batch mode")
misc.add_option("--update", dest="updateZeus", action="store_true",
help="Update to the latest development version")
misc.add_option("--hide", dest="hideBanner", action="store_true",
help="Hide the banner during running")
misc.add_option("--version", dest="showCurrentVersion", action="store_true",
help="Show the current version and exit")
# being worked on
# TODO:/
misc.add_option("-T", "--x-threads", dest="amountOfThreads", metavar="THREAD-AMOUNT", type=int,
help=SUPPRESS_HELP)
misc.add_option("--show-success", dest="showSuccessRate", action="store_true",
help="Calculate the dorks success rate and output the calculation in human readable form")
misc.add_option("--show-description", dest="showPluginDescription", action="store_true",
help="Show the description of the identified plugins")
parser.add_option_group(mandatory)
parser.add_option_group(attacks)
parser.add_option_group(search_items)
parser.add_option_group(anon)
parser.add_option_group(engines)
parser.add_option_group(misc)
opt, _ = parser.parse_args()
return opt
@staticmethod
def single_show_args(opt):
"""
parses Zeus's single time run arguments
"""
if opt.showCurrentVersion:
print(lib.core.settings.VERSION_STRING)
exit(0)
if opt.showSqlmapArguments:
lib.core.settings.logger.info(lib.core.settings.set_color(
"there are a total of {} arguments understood by sqlmap API, "
"they include:".format(len(lib.attacks.sqlmap_scan.sqlmap_opts.SQLMAP_API_OPTIONS))
))
print("\n")
for arg in lib.attacks.sqlmap_scan.sqlmap_opts.SQLMAP_API_OPTIONS:
print(
"[*] {}".format(arg)
)
print("\n")
lib.core.settings.logger.info(lib.core.settings.set_color(
"for more information about sqlmap arguments, see here '{}'".format(
lib.core.settings.SQLMAP_MAN_PAGE_URL
)
))
lib.core.common.shutdown()
if opt.showNmapArgs:
lib.core.settings.logger.info(lib.core.settings.set_color(
"there are a total of {} arguments understood by nmap, they include:".format(
len(lib.attacks.nmap_scan.nmap_opts.NMAP_API_OPTS)
)
))
print("\n")
for arg in lib.attacks.nmap_scan.nmap_opts.NMAP_API_OPTS:
print(
"[*] {}".format(arg)
)
print("\n")
lib.core.settings.logger.info(lib.core.settings.set_color(
"for more information on what the arguments do please see here '{}'".format(
lib.core.settings.NMAP_MAN_PAGE_URL
)
))
lib.core.common.shutdown()
# update the program
if opt.updateZeus:
lib.core.settings.logger.info(lib.core.settings.set_color(
"update in progress"
))
lib.core.settings.update_zeus()
lib.core.common.shutdown()
@staticmethod
def verify_args(args=sys.argv):
not_implemented_args = (
"-T", "--x-threads", "--force-ssl", "--thread",
"-g", "--github-search", "-u", "--url"
)
# check if any of the arguments are not implemented that have been passed
# via the command line
# TODO:/
# need to create a way to parse all arguments for compatibility with one another
for arg in args:
for nia in not_implemented_args:
if arg == nia:
raise lib.core.errors.ZeusArgumentException(
"\n\nit appears that one of the arguments you have passed ('{}'), "
"has not been implemented into Zeus production yet. This usually means "
"that the option is still in testing and is not ready for use. Arguments "
"that are still in testing are: {}\n".format(
nia, ", ".join(["'{}'".format(a) for a in not_implemented_args])
)
)