Commits

Tim Tomes committed 79226af

added the age_analyze, asafaweb, gender_analyzer, and web_archive modules.

Comments (0)

Files changed (5)

modules/recon/hosts/enum/http/age_analyzer.py

+import framework
+# unique to module
+import re
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('host', self.goptions['domain']['value'], 'yes', 'fully qualified target hostname')
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.info = {
+                     'Name':        'Age Analyzer Lookup',
+                     'Author':      'Brendan Coles (bcoles[at]gmail.com)',
+                     'Description': 'Attempts to guess the author\'s age using ageanalyzer.com.',
+                     'Comments': []
+                     }
+   
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.age_lookup()
+
+    def age_lookup(self):
+        verbose = self.options['verbose']['value']
+        host  = self.options['host']['value']
+
+        # request the author's age
+        url = 'http://ageanalyzer.com/?url=%s' % (host)
+        if verbose: self.output('URL for ageanalyzer.com: %s' % url)
+        try: resp = self.request(url)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+
+        # extract and present results
+        content = resp.text
+        result = re.search(r'written by someone <strong>(.+)<\/strong> years old', content)
+        if result:
+            self.output('Ageanalyzer.com believes the author of %s to be %s years old.' % (host, result.group(1)))
+        else:
+            self.output('Ageanalyzer.com was unable to determine the age of the author.')

modules/recon/hosts/enum/http/asafaweb.py

+import framework
+# unique to module
+import re
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('host', self.goptions['domain']['value'], 'yes', 'fully qualified target hostname')
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.info = {
+                     'Name':        'ASP Security Analyzer',
+                     'Author':      'Brendan Coles (bcoles[at]gmail.com)',
+                     'Description': 'Scans a given host for ASP security configuration vulnerabilities with ASafaWeb (Automated Security Analyser for ASP.NET Websites). https://asafaweb.com/',
+                     'Comments': []
+                     }
+   
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.asafaweb()
+
+    def asafaweb(self):
+        verbose = self.options['verbose']['value']
+        host  = self.options['host']['value']
+
+        # request the scan
+        details = [['Check', 'Status']]
+        url = 'https://asafaweb.com/Scan?Url=%s' % (host)
+        if verbose: self.output('URL for asafaweb.com: %s' % url)
+        try: resp = self.request(url)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+
+        # extract results
+        content = resp.text
+        result = re.search(r'<div class="statusSummary" id="StatusSummary">(.*?)</div>', content, re.S)
+        # store results
+        configs = re.findall(r'">(.+?)</', result.group(1), re.S)
+        if configs:
+            for config in configs:
+                check = config.split(':')[0].strip()
+                status = config.split(':')[1].strip()
+                details.append([check, status])
+
+        # Output the results in table format
+        if len(details) > 1:
+            self.table(details, True)
+        else:
+            self.output('No results found')

modules/recon/hosts/enum/http/gender_analyzer.py

+import framework
+# unique to module
+import re
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('host', self.goptions['domain']['value'], 'yes', 'fully qualified target hostname')
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.info = {
+                     'Name':        'Gender Analyzer Lookup',
+                     'Author':      'Brendan Coles (bcoles[at]gmail.com)',
+                     'Description': 'Attempts to guess the author\'s gender using genderanalyzer.com.',
+                     'Comments': []
+                     }
+   
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.gender_lookup()
+
+    def gender_lookup(self):
+        verbose = self.options['verbose']['value']
+        host  = self.options['host']['value']
+
+        # request the author's gender
+        url = 'http://genderanalyzer.com/?url=%s' % (host)
+        if verbose: self.output('URL for genderanalyzer.com: %s' % url)
+        try: resp = self.request(url)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+
+        # extract and present results
+        content = resp.text
+        result = re.search(r'<strong>(written by a [a-z]+<\/strong> \(\d+%\))', content)
+        if result:
+            gender     = re.search(r"written by a ([a-z]+)", result.group(1)).group(1)
+            confidence = re.search(r"\((\d+%)\)", result.group(1)).group(1)
+            self.output('Genderanalyzer.com believes the author of %s is a %s (%s).' % (host, gender, confidence))
+        else:
+            self.output('Genderanalyzer.com was unable to determine the gender of the author.')

modules/recon/hosts/enum/http/malwaredomain.py

         self.info = {
                      'Name': 'Malware Domain Lookup',
                      'Author': 'Micah Hoffman (@WebBreacher)',
-                     'Description': 'Checks malwaredomainlist.com to determine if malware has been detected on a specified domain.',
+                     'Description': 'Checks malwaredomainlist.com to determine if malware has been detected on the given domain.',
                      'Comments': []
                      }
    

modules/recon/hosts/enum/http/web_archive.py

+import framework
+# unique to module
+import re
+from datetime import date
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('domain', self.goptions['domain']['value'], 'yes', self.goptions['domain']['desc'])
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.info = {
+                     'Name': 'Web Archive Lookup',
+                     'Author': 'Brendan Coles (bcoles[at]gmail.com)',
+                     'Description': 'Checks web.archive.org for archived versions of web pages on the the given domain.',
+                     'Comments': []
+                     }
+   
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.archive()
+
+    def archive(self):
+        verbose = self.options['verbose']['value']
+        domain  = self.options['domain']['value']
+
+        # Get the first year the domain was archived
+        url = 'http://web.archive.org/web/*/%s' % (domain)
+        if verbose: self.output('URL for web.archive.org: %s' % url)
+        try: resp = self.request(url)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+
+        content = resp.text
+        match = re.search(r'way back to <[^>]+>[A-Z][a-z]+ \d+, ([\d]{4})<\/a>', content)
+
+        if match:
+            first_year = match.group(1)
+        else:
+            self.output('No results found')
+            return
+
+        # iterate through years until this year
+        details = [['Date', 'URL']]
+        cnt = 0
+        for year in range(int(first_year), date.today().year+1):
+            url = 'http://web.archive.org/web/%s*/%s' % (str(year), domain)
+            if verbose: self.output('URL for web.archive.org: %s' % url)
+            try: resp = self.request(url)
+            except KeyboardInterrupt:
+                print ''
+                return
+            except Exception as e:
+                self.error(e.__str__())
+                return
+        
+            content = resp.text
+            results = re.findall(r'<div class="day">\s+<a (href="[^>]+>)', content)
+
+            # store results
+            if results:
+                for result in results:
+                    finding_url  = re.search(r"(/web/[0-9]+/[^\"]+)", result).group(1)
+                    finding_date = re.search(r'class="(.+)">', result).group(1)
+                    details.append([finding_date, 'web.archive.org'+finding_url])
+                    cnt += 1
+
+        # output the results in table format
+        if len(details) > 1:
+            self.table(details, True)
+            self.output('%d archives found.' % (cnt))
+        else:
+            self.output('No results found')