mirror of
https://github.com/Ekultek/Zeus-Scanner.git
synced 2026-03-11 08:55:51 +00:00
271 lines
12 KiB
Python
271 lines
12 KiB
Python
from optparse import (
|
|
OptionParser,
|
|
OptionGroup,
|
|
SUPPRESS_HELP
|
|
)
|
|
|
|
import lib.core.settings
|
|
import lib.core.common
|
|
import lib.attacks.nmap_scan.nmap_opts
|
|
import lib.attacks.sqlmap_scan.sqlmap_opts
|
|
|
|
|
|
class ZeusParser(OptionParser):
|
|
|
|
"""
|
|
Zeus's option parser
|
|
"""
|
|
|
|
def __init__(self):
|
|
OptionParser.__init__(self)
|
|
|
|
@staticmethod
|
|
def cmd_parser():
|
|
"""
|
|
command line parser, parses all of Zeus's arguments and flags
|
|
"""
|
|
parser = OptionParser(usage="./zeus.py -d|r|l|f|b DORK|FILE|URL [ATTACKS] [--OPTS]")
|
|
|
|
# mandatory options
|
|
mandatory = OptionGroup(parser, "Mandatory Options",
|
|
"These options have to be used in order for Zeus to run")
|
|
|
|
mandatory.add_option("-d", "--dork", dest="dorkToUse", metavar="DORK",
|
|
help="Specify a singular Google dork to use for queries")
|
|
|
|
mandatory.add_option("-l", "--dork-list", dest="dorkFileToUse", metavar="FILE-PATH",
|
|
help="Specify a file full of dorks to run through")
|
|
|
|
mandatory.add_option("-r", "--rand-dork", dest="useRandomDork", action="store_true",
|
|
help="Use a random dork from the etc/dorks.txt file to perform the scan")
|
|
|
|
mandatory.add_option("-b", "--blackwidow", dest="spiderWebSite", metavar="URL",
|
|
help="Spider a single webpage for all available URL's")
|
|
|
|
mandatory.add_option("-f", "--url-file", dest="fileToEnumerate", metavar="FILE-PATH",
|
|
help="Run an attack on URL's in a given file")
|
|
|
|
# being worked on
|
|
# TODO:/
|
|
mandatory.add_option("-u", "--url", dest="singleTargetRecon", metavar="URL",
|
|
help=SUPPRESS_HELP)
|
|
|
|
# attack options
|
|
attacks = OptionGroup(parser, "Attack arguments",
|
|
"These arguments will give you the choice on how you want to check the websites")
|
|
|
|
attacks.add_option("-s", "--sqli", dest="runSqliScan", action="store_true",
|
|
help="Run a Sqlmap SQLi scan on the discovered URL's")
|
|
|
|
attacks.add_option("-p", "--port-scan", dest="runPortScan", action="store_true",
|
|
help="Run a Nmap port scan on the discovered URL's")
|
|
|
|
attacks.add_option("-a", "--admin-panel", dest="adminPanelFinder", action="store_true",
|
|
help="Search for the websites admin panel")
|
|
|
|
attacks.add_option("-x", "--xss-scan", dest="runXssScan", action="store_true",
|
|
help="Run an XSS scan on the found URL's")
|
|
|
|
attacks.add_option("-w", "--whois-lookup", dest="performWhoisLookup", action="store_true",
|
|
help="Perform a WhoIs lookup on the provided domain")
|
|
|
|
attacks.add_option("-c", "--clickjacking", dest="performClickjackingScan", action="store_true",
|
|
help="Perform a clickjacking scan on a provided URL")
|
|
|
|
# being worked on
|
|
# TODO:/
|
|
attacks.add_option("-g", "--github-search", dest="searchGithub", action="store_true",
|
|
help=SUPPRESS_HELP)
|
|
|
|
attacks.add_option("-P", "--pgp", dest="pgpLookup", action="store_true",
|
|
help="Perform a PGP public key lookup on the found URLs")
|
|
|
|
attacks.add_option("--sqlmap-args", dest="sqlmapArguments", metavar="SQLMAP-ARGS",
|
|
help="Pass the arguments to send to the sqlmap API within quotes & "
|
|
"separated by a comma. IE 'dbms mysql, verbose 3, level 5'")
|
|
|
|
attacks.add_option("--sqlmap-conf", dest="sqlmapConfigFile", metavar="CONFIG-FILE-PATH",
|
|
help="Pass a configuration file that contains the sqlmap arguments")
|
|
|
|
attacks.add_option("--nmap-args", dest="nmapArguments", metavar="NMAP-ARGS",
|
|
help="Pass the arguments to send to the nmap API within quotes & "
|
|
"separated by a pipe. IE '-O|-p 445, 1080'")
|
|
|
|
attacks.add_option("--show-sqlmap", dest="showSqlmapArguments", action="store_true",
|
|
help="Show the arguments that the sqlmap API understands")
|
|
|
|
attacks.add_option("--show-nmap", dest="showNmapArgs", action="store_true",
|
|
help="Show the arguments that nmap understands")
|
|
|
|
attacks.add_option("--show-possibles", dest="showAllConnections", action="store_true",
|
|
help="Show all connections made during the admin panel search")
|
|
|
|
attacks.add_option("--tamper", dest="tamperXssPayloads", metavar="TAMPER-SCRIPT",
|
|
help="Send the XSS payloads through tampering before sending to the target")
|
|
|
|
# being worked on
|
|
# TODO:/
|
|
attacks.add_option("--thread", dest="threadPanels", action="store_true",
|
|
help=SUPPRESS_HELP)
|
|
|
|
attacks.add_option("--auto", dest="autoStartSqlmap", action="store_true",
|
|
help="Automatically start the sqlmap API (or at least try to)")
|
|
|
|
# search engine options
|
|
engines = OptionGroup(parser, "Search engine arguments",
|
|
"Arguments to change the search engine used (default is Google)")
|
|
|
|
engines.add_option("-D", "--search-engine-ddg", dest="useDDG", action="store_true",
|
|
help="Use DuckDuckGo as the search engine")
|
|
|
|
engines.add_option("-B", "--search-engine-bing", dest="useBing", action="store_true",
|
|
help="Use Bing as the search engine")
|
|
|
|
engines.add_option("-A", "--search-engine-aol", dest="useAOL", action="store_true",
|
|
help="Use AOL as the search engine")
|
|
|
|
# arguments to edit your search patterns
|
|
search_items = OptionGroup(parser, "Search options",
|
|
"Arguments that will control the search criteria")
|
|
|
|
search_items.add_option("-L", "--links", dest="amountToSearch", type=int, metavar="HOW-MANY-LINKS",
|
|
help="Specify how many links to try and search on Google")
|
|
|
|
search_items.add_option("-M", "--multi", dest="searchMultiplePages", action="store_true",
|
|
help="Search multiple pages of Google")
|
|
|
|
search_items.add_option("-E", "--exclude-none", dest="noExclude", action="store_true",
|
|
help="Do not exclude URLs because they do not have a GET(query) parameter in them")
|
|
|
|
search_items.add_option("-W", "--webcache", dest="parseWebcache", action="store_true",
|
|
help="Parse webcache URLs for the redirect in them")
|
|
|
|
search_items.add_option("--x-forward", dest="forwardedForRandomIP", action="store_true",
|
|
help="Add a header called 'X-Forwarded-For' with three random IP addresses")
|
|
|
|
search_items.add_option("--time-sec", dest="controlTimeout", metavar="SECONDS", type=int,
|
|
help="Control the sleep and timeout times in relevant situations")
|
|
|
|
search_items.add_option("--identify-waf", dest="identifyProtection", action="store_true",
|
|
help="Attempt to identify if the target is protected by some kind of "
|
|
"WAF/IDS/IPS")
|
|
|
|
# being worked on
|
|
# TODO:/
|
|
search_items.add_option("--force-ssl", dest="forceSSL", action="store_true",
|
|
help=SUPPRESS_HELP)
|
|
|
|
search_items.add_option("--identify-plugins", dest="identifyPlugin", action="store_true",
|
|
help="Attempt to identify what plugins the target is using")
|
|
|
|
# obfuscation options
|
|
anon = OptionGroup(parser, "Anonymity arguments",
|
|
"Arguments that help with anonymity and hiding identity")
|
|
|
|
anon.add_option("--proxy", dest="proxyConfig", metavar="PROXY-STRING",
|
|
help="Use a proxy to do the scraping, will not auto configure to the API's")
|
|
|
|
anon.add_option("--proxy-file", dest="proxyFileRand", metavar="FILE-PATH",
|
|
help="Grab a random proxy from a given file of proxies")
|
|
|
|
anon.add_option("--random-agent", dest="useRandomAgent", action="store_true",
|
|
help="Use a random user-agent from the etc/agents.txt file")
|
|
|
|
anon.add_option("--agent", dest="usePersonalAgent", metavar="USER-AGENT",
|
|
help="Use your own personal user-agent"),
|
|
|
|
anon.add_option("--tor", dest="useTor", action="store_true",
|
|
help="Use Tor connection as the proxy and set the firefox browser settings to mimic Tor")
|
|
|
|
# miscellaneous options
|
|
misc = OptionGroup(parser, "Misc Options",
|
|
"These options affect how the program will run")
|
|
|
|
misc.add_option("--verbose", dest="runInVerbose", action="store_true",
|
|
help="Run the application in verbose mode (more output)")
|
|
|
|
misc.add_option("--batch", dest="runInBatch", action="store_true",
|
|
help="Skip the questions and run in default batch mode")
|
|
|
|
misc.add_option("--update", dest="updateZeus", action="store_true",
|
|
help="Update to the latest development version")
|
|
|
|
misc.add_option("--hide", dest="hideBanner", action="store_true",
|
|
help="Hide the banner during running")
|
|
|
|
misc.add_option("--version", dest="showCurrentVersion", action="store_true",
|
|
help="Show the current version and exit")
|
|
|
|
# being worked on
|
|
# TODO:/
|
|
misc.add_option("-T", "--x-threads", dest="amountOfThreads", metavar="THREAD-AMOUNT", type=int,
|
|
help=SUPPRESS_HELP)
|
|
|
|
misc.add_option("--show-success", dest="showSuccessRate", action="store_true",
|
|
help="Calculate the dorks success rate and output the calculation in human readable form")
|
|
|
|
misc.add_option("--show-description", dest="showPluginDescription", action="store_true",
|
|
help="Show the description of the identified plugins")
|
|
|
|
parser.add_option_group(mandatory)
|
|
parser.add_option_group(attacks)
|
|
parser.add_option_group(search_items)
|
|
parser.add_option_group(anon)
|
|
parser.add_option_group(engines)
|
|
parser.add_option_group(misc)
|
|
|
|
opt, _ = parser.parse_args()
|
|
return opt
|
|
|
|
@staticmethod
|
|
def single_show_args(opt):
|
|
"""
|
|
parses Zeus's single time run arguments
|
|
"""
|
|
if opt.showCurrentVersion:
|
|
print(lib.core.settings.VERSION_STRING)
|
|
exit(0)
|
|
if opt.showSqlmapArguments:
|
|
lib.core.settings.logger.info(lib.core.settings.set_color(
|
|
"there are a total of {} arguments understood by sqlmap API, "
|
|
"they include:".format(len(lib.attacks.sqlmap_scan.sqlmap_opts.SQLMAP_API_OPTIONS))
|
|
))
|
|
print("\n")
|
|
for arg in lib.attacks.sqlmap_scan.sqlmap_opts.SQLMAP_API_OPTIONS:
|
|
print(
|
|
"[*] {}".format(arg)
|
|
)
|
|
print("\n")
|
|
lib.core.settings.logger.info(lib.core.settings.set_color(
|
|
"for more information about sqlmap arguments, see here '{}'".format(
|
|
lib.core.settings.SQLMAP_MAN_PAGE_URL
|
|
)
|
|
))
|
|
lib.core.common.shutdown()
|
|
|
|
if opt.showNmapArgs:
|
|
lib.core.settings.logger.info(lib.core.settings.set_color(
|
|
"there are a total of {} arguments understood by nmap, they include:".format(
|
|
len(lib.attacks.nmap_scan.nmap_opts.NMAP_API_OPTS)
|
|
)
|
|
))
|
|
print("\n")
|
|
for arg in lib.attacks.nmap_scan.nmap_opts.NMAP_API_OPTS:
|
|
print(
|
|
"[*] {}".format(arg)
|
|
)
|
|
print("\n")
|
|
lib.core.settings.logger.info(lib.core.settings.set_color(
|
|
"for more information on what the arguments do please see here '{}'".format(
|
|
lib.core.settings.NMAP_MAN_PAGE_URL
|
|
)
|
|
))
|
|
lib.core.common.shutdown()
|
|
|
|
# update the program
|
|
if opt.updateZeus:
|
|
lib.core.settings.logger.info(lib.core.settings.set_color(
|
|
"update in progress"
|
|
))
|
|
lib.core.settings.update_zeus()
|
|
lib.core.common.shutdown()
|