Commits

thrapt  committed 82517ee Merge

Merged LaNMaSteR53/recon-ng into master

  • Participants
  • Parent commits cc19ea0, d735aea

Comments (0)

Files changed (6)

File core/framework.py

             lens.append(len(max([x[i] for x in tdata], key=len)))
         # build table
         if len(tdata) > 0:
-            separator_str = '+-%s%%s-+' % ('%s---'*(cols-1))
+            separator_str = '%s+-%s%%s-+' % (self.spacer, '%s---'*(cols-1))
             separator_sub = tuple(['-'*x for x in lens])
             separator = separator_str % separator_sub
-            data_str = '| %s%%s |' % ('%s | '*(cols-1))
+            data_str = '%s| %s%%s |' % (self.spacer, '%s | '*(cols-1))
             # top of table
-            self.output(separator)
+            print ''
+            print separator
             # table data
             if header:
                 rdata = tdata.pop(0)
                 data_sub = tuple([rdata[i].center(lens[i]) for i in range(0,cols)])
-                self.output(data_str % data_sub)
-                self.output(separator)
+                print data_str % data_sub
+                print separator
             for rdata in tdata:
                 data_sub = tuple([rdata[i].ljust(lens[i]) for i in range(0,cols)])
-                self.output(data_str % data_sub)
+                print data_str % data_sub
             # bottom of table
-            self.output(separator)
+            print separator
+            print ''
 
     def log(self, str):
         '''Logs information to the global framework log.'''

File modules/auxiliary/builtwith.py

+import framework
+# unique to module
+import json
+import textwrap
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('host', 'www.google.com', 'yes', 'target host')
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.info = {
+                     'Name': 'BuiltWith Server-side Enumerator',
+                     'Author': 'Tim Tomes (@LaNMaSteR53)',
+                     'Description': 'Leverages the BuiltWith API to identify server-side technologies.',
+                     'Comments': []
+                     }
+
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.builtwith()
+    
+    def builtwith(self):
+        host = self.options['host']['value']
+        verbose = self.options['verbose']['value']
+        key = self.manage_key('builtwith', 'BuiltWith API key')
+        if not key: return
+        url = ' http://api.builtwith.com/v1/api.json'
+        payload = {'key': key, 'lookup': host}
+        #import pdb;pdb.set_trace()
+        try: resp = self.request(url, payload=payload)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+        if resp.json == None:
+            self.error('Not a valid JSON response.')
+            return
+        if 'error' in resp.json:
+            self.error(resp.json['error'])
+            return
+        
+        if verbose:
+            for item in resp.json['Technologies']:
+                print self.ruler*50
+                for tag in item:
+                    self.output('%s: %s' % (tag, textwrap.fill(item[tag], 100, initial_indent='', subsequent_indent=self.spacer*2)))
+            print self.ruler*50
+
+        tags = ['web server', 'analytics', 'framework', 'server']
+        tdata = []
+        for item in resp.json['Technologies']:
+            tag = item['Tag']
+            if tag.lower() in tags:
+                name = item['Name']
+                tdata.append([tag.title(), name])
+
+        if len(tdata) > 0:
+            header = ['Tag', 'Name']
+            tdata.insert(0, ['Profile URL', resp.json['ProfileUrl']])
+            tdata.insert(0, header)
+            self.table(tdata, True)
+        else:
+            self.output('No results found')

File modules/auxiliary/namechk.py

+import framework
+# unique to module
+import re
+from hashlib import sha1
+from hmac import new as hmac
+import socket
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('username', 'lanmaster53', 'yes', 'username to validate')
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.info = {
+                     'Name': 'NameChk.com Username Validator',
+                     'Author': 'Tim Tomes (@LaNMaSteR53)',
+                     'Description': 'Leverages NameChk.com to validate the existance of usernames at specific web sites.',
+                     'Comments': [
+                                  'Note: The global socket_timeout may need to be increased to support slower sites.']
+                     }
+
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.namechk()
+    
+    def namechk(self):
+        username = self.options['username']['value']
+        verbose = self.options['verbose']['value']
+
+        # retrive list of sites
+        url = 'http://namechk.com/Content/sites.min.js'
+        try: resp = self.request(url)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+        
+        # extract sites info from the js file
+        pattern = 'n:"(.+?)",r:\d+,i:(\d+)'
+        sites = re.findall(pattern, resp.text)
+
+        # output table of sites info
+        if verbose:
+            tdata = [['Code', 'Name']]
+            for site in sites:
+                tdata.append([site[1], site[0]])
+            self.table(tdata, True)
+
+        # retrive statuses
+        key = "shhh it's :] super secret"
+        url = 'http://namechk.com/check'
+
+        # this header is required
+        headers = {'X-Requested-With': 'XMLHttpRequest'}
+
+        status_dict = {
+                       '1': 'Available',
+                       '2': 'User Exists!',
+                       '3': 'Unknown',
+                       '4': 'Indefinite'
+                       }
+
+        for site in sites:
+            i = site[1]
+            name = site[0]
+            # build the hmac payload
+            message = "POST&%s?i=%s&u=%s" % (url, i, username)
+            b64_hmac_sha1 = '%s' % hmac(key, message, sha1).digest().encode('base64')[:-1]
+            payload = {'i': i, 'u': username, 'o_0': b64_hmac_sha1}
+            # build and send the request
+            try: resp = self.request(url, method='POST', headers=headers, payload=payload)
+            except KeyboardInterrupt:
+                print ''
+                return
+            except Exception as e:
+                self.error('%s: %s' % (name, e.__str__()))
+                continue
+            x = resp.text
+            if int(x) > 0:
+                status = status_dict[x]
+                if int(x) == 2:
+                    self.alert('%s: %s' % (name, status))
+                else:
+                    if verbose: self.output('%s: %s' % (name, status))
+            else:
+                self.error('%s: %s' % (name, 'Error'))

File modules/auxiliary/server_enum.py

+import framework
+# unique to module
+from random import choice
+import textwrap
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('host', 'www.google.com', 'yes', 'target host')
+        self.register_option('protocol', 'http', 'yes', 'protocol of the host: http, https')
+        self.register_option('redirect', False, 'yes', 'follow redirects')
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.info = {
+                     'Name': 'Server Side Enumerator',
+                     'Author': 'Tim Tomes (@LaNMaSteR53) and Kenan Abdullahoglu (@kyabd)',
+                     'Description': 'Analyzes response headers, cookies, and errors to determine which server-side technology is being used (PHP, .NET, JSP, CF, etc.).',
+                     'Comments': []
+                     }
+
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.enumerate()
+
+    def lookup(self, db, name, value):
+        matches = []
+        for platform in db:
+            for i in db[platform][name.lower()]:
+                if i.lower() in value.lower():
+                    matches.append(platform)
+        if matches:
+            return ', '.join(list(set(matches)))
+        return None
+
+    def enumerate(self):
+        host = self.options['host']['value']
+        protocol = self.options['protocol']['value']
+        redirect = self.options['redirect']['value']
+        verbose = self.options['verbose']['value']
+
+        # dictionaries of search terms for each platform and check
+        # dictionary for server side scripting technologies
+        ss_script = {
+            'PHP': {
+                'ext':     ['php'],
+                'cookie':  ['phpsession', 'phpsessid'],
+                'powered': ['php']
+                },
+            'ASP/.NET': {
+                'ext':     ['asp', 'aspx'],
+                'cookie':  ['aspsessionid', 'asp.net_sessionid', 'aspsessid'],
+                'powered': ['asp', 'asp.net', 'vb.net']
+                },
+            'ColdFusion': {
+                'ext':     ['cfc', 'cfm', 'cfml', 'dbm', 'dbml'],
+                'cookie':  ['cfid', 'cftoken', 'cfglobals'],
+                'powered': ['coldfusion', 'cfmx']
+                },
+            'Java/J2E': {
+                'ext':     ['jsp', 'jspx', 'jspf'],
+                'cookie':  ['jsessionid', 'jsessid'],
+                'powered': ['jsp', 'jboss']
+                },
+            'Rails': {
+                'ext':     [],
+                'cookie':  [],
+                'powered': ['rails']
+                }
+            }
+        # dictionary for server side server technologies
+        ss_server = {
+            'Apache': {
+                'server': ['apache'],
+                'error':  ['apache']
+                },
+            'IIS': {
+                'server': ['iis'],
+                'error':  ['iis']
+                },
+            'Nginx': {
+                'server': ['nginx'],
+                'error':  ['nginx']
+                },
+            'Python': {
+                'server': ['python'],
+                'error':  ['python', 'django']
+                },
+            'Ruby': {
+                'server': ['ruby'],
+                'error':  ['ruby']
+                }
+            }
+
+        # make request
+        url = '%s://%s' % (protocol, host)
+        try: resp = self.request(url, redirect=redirect)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+        
+        if verbose:
+            print 'START'.center(50, self.ruler)
+            self.output('ORIG_URL: %s' % (url))
+            self.output('DEST_URL: %s' % (resp.url))
+            print 'HEADERS'.center(50, self.ruler)
+            for header in resp.headers:
+                self.output('%s: %s' % (header.upper(), textwrap.fill(resp.headers[header], 100, initial_indent='', subsequent_indent=self.spacer*2)))
+            print 'COOKIES'.center(50, self.ruler)
+            for cookie in resp.cookies:
+                self.output('%s: %s' % (cookie.name.upper(), textwrap.fill(cookie.value, 100, initial_indent='', subsequent_indent=self.spacer*2)))
+            print 'END'.center(50, self.ruler)
+
+        tdata = []
+        # check for redirect
+        if url != resp.url:
+            if verbose: tdata.append(['URL', url, '--'])
+            if verbose: tdata.append(['REDIR', resp.url, '--'])
+        else:
+            if verbose: tdata.append(['URL', resp.url, '--'])
+
+        # check file ext
+        from urlparse import urlparse
+        path = urlparse(resp.url).path
+        if path:
+            filename = path.split('/')[-1]
+            if verbose: tdata.append(['FILENAME', filename, '--'])
+            if '.' in filename:
+                ext = filename.split('.')[-1]
+                platform = self.lookup(ss_script, 'ext', ext)
+                if not platform: platform = 'Unknown'
+                tdata.append(['FILETYPE', ext, platform])
+
+        # check headers
+        for header in resp.headers:
+            if header.lower() == 'location': platform = '--'
+            elif header.lower() == 'server': platform = self.lookup(ss_server, 'server', resp.headers[header])
+            elif header.lower() == 'x-powered-by': platform = self.lookup(ss_script, 'powered', resp.headers[header])
+            else: continue
+            # all ifs will end here if successful
+            if not platform: platform = 'Unknown'
+            tdata.append([header.upper(), resp.headers[header], platform])
+
+        # check cookies
+        for cookie in resp.cookies:
+            platform = self.lookup(ss_script, 'cookie', cookie.name)
+            if platform:
+                tdata.append(['COOKIE', cookie.name, platform])
+            elif 'sess' in cookie.name.lower(): 
+                tdata.append(['COOKIE', cookie.name, 'Unknown'])
+
+        # check error
+        seq = ''.join(map(chr, range(97, 123)))
+        pre = ''.join(choice(seq) for x in range(10))
+        suf = ''.join(choice(seq) for x in range(3))
+        bad_file = '%s.%s' % (pre, suf)
+        bad_url = '%s/%s' % (url, bad_file)
+        try:
+            resp = self.request(bad_url, redirect=False)
+            platform = self.lookup(ss_server, 'error', resp.text)
+            if not platform: platform = 'Unknown'
+            tdata.append(['ERROR', '%s (/%s)' % (str(resp.status_code), bad_file), platform])
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+
+        self.table(tdata)

File modules/auxiliary/server_side_enum.py

-import framework
-# unique to module
-from random import choice
-
-class Module(framework.module):
-
-    def __init__(self, params):
-        framework.module.__init__(self, params)
-        self.register_option('host', 'www.google.com', 'yes', 'target host')
-        self.register_option('protocol', 'http', 'yes', 'protocol of the host: http, https')
-        self.register_option('redirect', False, 'yes', 'follow redirects')
-        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
-        self.info = {
-                     'Name': 'Server Side Enumerator',
-                     'Author': 'Tim Tomes (@LaNMaSteR53) and Kenan Abdullahoglu (@kyabd)',
-                     'Description': 'Analyzes response headers, cookies, and errors to determine which server-side technology is being used (PHP, .NET, JSP, CF, etc.).',
-                     'Comments': []
-                     }
-
-    def do_run(self, params):
-        if not self.validate_options(): return
-        # === begin here ===
-        self.enumerate()
-
-    def lookup(self, db, name, value):
-        for platform in db:
-            for i in db[platform][name.lower()]:
-                if i.lower() in value.lower():
-                    return platform
-        return None
-
-    def enumerate(self):
-        host = self.options['host']['value']
-        protocol = self.options['protocol']['value']
-        redirect = self.options['redirect']['value']
-        verbose = self.options['verbose']['value']
-
-        # dictionaries of search terms for each platform and check
-        # dictionary for server side scripting technologies
-        ss_script = {
-            'PHP': {
-                'ext':     ['php'],
-                'cookie':  ['phpsession', 'phpsessid'],
-                'powered': ['php']
-                },
-            'ASP/.NET': {
-                'ext':     ['asp', 'aspx'],
-                'cookie':  ['aspsessionid', 'asp.net_sessionid', 'aspsessid'],
-                'powered': ['asp', 'asp.net', 'vb.net']
-                },
-            'ColdFusion': {
-                'ext':     ['cfc', 'cfm', 'cfml', 'dbm', 'dbml'],
-                'cookie':  ['cfid', 'cftoken', 'cfglobals'],
-                'powered': ['coldfusion', 'cfmx']
-                },
-            'Java/J2E': {
-                'ext':     ['jsp', 'jspx', 'jspf'],
-                'cookie':  ['jsessionid', 'jsessid'],
-                'powered': ['jsp', 'jboss']
-                }
-            }
-        # dictionary for server side server technologies
-        ss_server = {
-            'Apache': {
-                'server': ['apache'],
-                'error':  ['apache']
-                },
-            'IIS': {
-                'server': ['iis'],
-                'error':  ['iis']
-                },
-            'Nginx': {
-                'server': ['nginx'],
-                'error':  ['nginx']
-                }
-            }
-
-        # make request
-        url = '%s://%s' % (protocol, host)
-        try: resp = self.request(url, redirect=redirect)
-        except KeyboardInterrupt:
-            print ''
-            return
-        except Exception as e:
-            self.error(e.__str__())
-            return
-        
-        tdata = []
-        # check for redirect
-        if verbose: self.output('Checking for redirect...')
-        if url != resp.url:
-            if verbose: tdata.append(['URL', url, '--'])
-            if verbose: tdata.append(['REDIR', resp.url, '--'])
-        else:
-            if verbose: tdata.append(['URL', resp.url, '--'])
-
-        # check file ext
-        if verbose: self.output('Checking file extension...')
-        from urlparse import urlparse
-        path = urlparse(resp.url).path
-        if path:
-            filename = path.split('/')[-1]
-            if verbose: tdata.append(['FILENAME', filename, '--'])
-            if '.' in filename:
-                ext = filename.split('.')[-1]
-                platform = self.lookup(ss_script, 'ext', ext)
-                if not platform: platform = 'Unknown'
-                tdata.append(['FILETYPE', ext, platform])
-
-        # check headers
-        if verbose: self.output('Checking headers...')
-        for header in resp.headers:
-            if header.lower() == 'location': platform = '--'
-            elif header.lower() == 'server': platform = self.lookup(ss_server, 'server', resp.headers[header])
-            elif header.lower() == 'x-powered-by': platform = self.lookup(ss_script, 'powered', resp.headers[header])
-            else: continue
-            # all ifs will end here if successful
-            if not platform: platform = 'Unknown'
-            tdata.append([header.upper(), resp.headers[header], platform])
-
-        # check cookies
-        if verbose: self.output('Checking cookies...')
-        for cookie in resp.cookies:
-            platform = self.lookup(ss_script, 'cookie', cookie.name)
-            if platform:
-                tdata.append(['COOKIE', cookie.name, platform])
-            elif 'sess' in cookie.name.lower(): 
-                tdata.append(['COOKIE', cookie.name, 'Unknown'])
-
-        # check error
-        if verbose: self.output('Checking error page...')
-        seq = ''.join(map(chr, range(97, 123)))
-        pre = ''.join(choice(seq) for x in range(10))
-        suf = ''.join(choice(seq) for x in range(3))
-        bad_file = '%s.%s' % (pre, suf)
-        bad_url = '%s/%s' % (url, bad_file)
-        if verbose: self.output('Attempting to generate an error with %s...' % (bad_url))
-        try:
-            resp = self.request(bad_url, redirect=False)
-            platform = self.lookup(ss_server, 'error', resp.text)
-            if not platform: platform = 'Unknown'
-            tdata.append(['ERROR', '%s (/%s)' % (str(resp.status_code), bad_file), platform])
-        except KeyboardInterrupt:
-            print ''
-            return
-        except Exception as e:
-            self.error(e.__str__())
-
-        self.table(tdata)
 class Recon(framework.module):
     def __init__(self):
         self.name = 'recon-ng'#os.path.basename(__file__).split('.')[0]
+        self.mod_delim = '::'
         prompt = '%s > ' % (self.name)
         framework.module.__init__(self, prompt)
         self.register_option('db_file', './data/data.db', 'yes', 'path to main database file', self.goptions)
                 cnt = 0
                 for filename in [f for f in filenames if f.endswith('.py')]:
                     # this (as opposed to sys.path.append) allows for module reloading
-                    modulename = '%s_%s' % ('_'.join(dirpath.split('/')[2:]), filename.split('.')[0])
+                    modulename = '%s%s%s' % (self.mod_delim.join(dirpath.split('/')[2:]), self.mod_delim, filename.split('.')[0])
                     modulepath = os.path.join(dirpath, filename)
                     ModuleFile = open(modulepath, 'rb')
                     try:
         key_len = len(max(modules, key=len)) + len(self.spacer)
         last_category = ''
         for module in sorted(modules):
-            category = module.split('_')[0]
+            category = module.split(self.mod_delim)[0]
             if category != last_category:
                 # print header
                 print ''