Commits

Tim Tomes committed dc008cd Merge

Merged in webbreacher/recon-ng (pull request #19)

xssed/mcafee module comment addressing....new mywot, siteadvisor, urlvoid modules

Comments (0)

Files changed (7)

modules/auxiliary/mcafee_affil.py

+import framework
+# unique to module
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('domain', self.goptions['domain']['value'], 'yes', self.goptions['domain']['desc'])
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.classify = 'passive'
+        self.info = {
+                     'Name': 'McAfee Domain Affiliation Lookup',
+                     'Author': 'Micah Hoffman (@WebBreacher)',
+                     'Description': 'Checks mcafee.com site for other domains affiliated with a domain.',
+                     'Comments': []
+                     }
+   
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.mcafee_affil()
+
+    def mcafee_affil(self):
+        verbose = self.options['verbose']['value']
+        domain = self.options['domain']['value']
+
+        url = 'http://www.mcafee.com/threat-intelligence/jsproxy/domain.ashx?q=affiliation&f=%s' % (domain)
+        if verbose: self.output('URL being retrieved: %s' % url)
+        try: resp = self.request(url)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+
+        # Output the results in table format
+        tdata = [] 
+        tdata.append(['Domain/URL', 'Category', 'Links'])
+        for col in resp.json:
+            tdata.append([col['label'], col['hover'], str(col['link'])]) 
+        self.table(tdata, True)

modules/auxiliary/mcafee_dns.py

+import framework
+# unique to module
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('domain', self.goptions['domain']['value'], 'yes', self.goptions['domain']['desc'])
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.register_option('addhoststodb', False, 'no', 'Add hosts discovered to the database.')
+        self.classify = 'passive'
+        self.info = {
+                     'Name': 'McAfee Domain DNS Lookup',
+                     'Author': 'Micah Hoffman (@WebBreacher)',
+                     'Description': 'Checks mcafee.com site for DNS information about a domain. This module can update the \'hosts\' table of the database with the results.',
+                     'Comments': []
+                     }
+   
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.mcafee_dns()
+
+    def mcafee_dns(self):
+        verbose = self.options['verbose']['value']
+        domain = self.options['domain']['value']
+        addhosts = self.options['addhoststodb']['value']
+
+        url = 'http://www.mcafee.com/threat-intelligence/jsproxy/domain.ashx?q=dns&f=%s' % (domain)
+        if verbose: self.output('URL being retrieved: %s' % url)
+        try: resp = self.request(url)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+
+        # Output the results in table format
+        tdata = [] 
+        tdata.append(['Domain', 'Hostname', 'IP', 'First Seen', 'Last Seen', 'Risk', 'Type'])
+        for col in resp.json['data']:
+            if col.has_key('IP'):       # Sometimes no IP is in the response
+                ip = col['IP']
+            else:
+                ip = 'No IP'
+            tdata.append([col['Domain'], col['Hostname'], ip, col['First_Seen'], col['Last_Seen'],col['Risk'], col['Type']])
+            
+            # Add each host to the database
+            if addhosts: self.add_host(col['Hostname'], address=ip)
+            
+        # Print the table  
+        self.table(tdata, True)

modules/auxiliary/mcafee_mail.py

+import framework
+# unique to module
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('domain', self.goptions['domain']['value'], 'yes', self.goptions['domain']['desc'])
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.register_option('addhoststodb', False, 'no', 'Add hosts discovered to the database.')
+        self.classify = 'passive'
+        self.info = {
+                     'Name': 'McAfee Mail Host Lookup',
+                     'Author': 'Micah Hoffman (@WebBreacher)',
+                     'Description': 'Checks mcafee.com site for mail servers for given domain. This module can update the \'hosts\' table of the database with the results.',
+                     'Comments': []
+                     }
+   
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.mcafee_mail()
+
+    def mcafee_mail(self):
+        verbose = self.options['verbose']['value']
+        domain = self.options['domain']['value']
+        addhosts = self.options['addhoststodb']['value']
+
+        url = 'http://www.mcafee.com/threat-intelligence/jsproxy/domain.ashx?q=mail&f=%s' % (domain)
+        if verbose: self.output('URL being retrieved: %s' % url)
+        try: resp = self.request(url)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+
+        # Output the results in table format
+        tdata = [] 
+        tdata.append(['Domain', 'MX_Data', 'IP_Address', 'Weight'])
+        for col in resp.json['data']:
+            tdata.append([col['Domain'], col['MX_Data'], col['IP_Address'], col['Weight']])
+            
+            # Add each host to the database
+            if addhosts: self.add_host(col['MX_Data'], address=col['IP_Address'])
+            
+        # Print the table            
+        self.table(tdata, True)

modules/auxiliary/mywot.py

+import framework
+# unique to module
+import re
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('domain', self.goptions['domain']['value'], 'yes', self.goptions['domain']['desc'])
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.classify = 'passive'
+        self.info = {
+                     'Name': 'MyWOT Domain Lookup',
+                     'Author': 'Micah Hoffman (@WebBreacher)',
+                     'Description': 'Checks mywot.com site for information about the security of a domain.',
+                     'Comments': []
+                     }
+   
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.mywot()
+
+    def mywot(self):
+        verbose = self.options['verbose']['value']
+        domain = self.options['domain']['value']
+
+        url = 'http://api.mywot.com/0.4/public_query2?target=%s' % (domain)
+        if verbose: self.output('URL being retrieved: %s' % url)
+        try: resp = self.request(url)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+
+        # Get the security results
+        findings = re.findall(r'<application name="(\d)" r="(\d+)" c="(\d+)"', resp.text)
+        
+        tdata = []
+        tdata.append(['Description', 'Reputation', 'Confidence'])
+        for line in findings:
+            # Description
+            if line[0] == '0':
+                descr = 'Trustworthiness'
+            elif line[0] == '1':
+                descr = 'Vendor Reliability'
+            elif line[0] == '2':
+                descr = 'Privacy'
+            elif line[0] == '4':
+                descr = 'Child Safety'
+            
+            # Reputation Scores
+            repTmp = int(line[1])
+            if repTmp >= 80:
+                rep = 'Excellent'
+            elif 80 > repTmp >= 60:
+                rep = 'Good'
+            elif 60 > repTmp >= 40:
+                rep = 'Unsatisfactory'
+            elif 40 > repTmp >= 20:
+                rep = 'Poor'
+            elif 20 > repTmp >= 0:
+                rep = 'Very poor'
+            
+            # Confidence Scores
+            confTmp = int(line[2])
+            if confTmp >= 45:
+                conf = '5 - High'
+            elif 45 > confTmp >= 34:
+                conf = '4 - MedHigh'
+            elif 34 > confTmp >= 23:
+                conf = '3 - Medium'
+            elif 23 > confTmp >= 12:
+                conf = '2 - MedLow'
+            elif 12 > confTmp >= 6:
+                conf = '1 - Low'
+            else:
+                conf = '0 - None'
+                
+            tdata.append([descr, rep, conf])
+        self.table(tdata, True)

modules/auxiliary/siteadvisor_summary.py

+import framework
+# unique to module
+import re
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('domain', self.goptions['domain']['value'], 'yes', self.goptions['domain']['desc'])
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.classify = 'passive'
+        self.info = {
+                     'Name': 'McAfee SiteAdvisor Lookup',
+                     'Author': 'Micah Hoffman (@WebBreacher)',
+                     'Description': 'Checks siteadvisor.com site for links and other information with domains.',
+                     'Comments': []
+                     }
+   
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.siteadv_summ()
+
+    def siteadv_summ(self):
+        verbose = self.options['verbose']['value']
+        domain = self.options['domain']['value']
+
+        url = 'http://www.siteadvisor.com/sites/%s' % (domain)
+        if verbose: self.output('URL being retrieved: %s' % url)
+        try: resp = self.request(url)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+
+        # Get the overall security results
+        sec_results = re.findall(r'class="results">(.+)</p>', resp.text)
+        tdata_sec = [] 
+        tdata_sec.append(['Security Results'])
+        
+        # Get country of origin and number of users
+        finding_country = re.search(r'img src="/images/countryflags.+p> (.+)</td', resp.text)
+        finding_visitors = re.search(r'img src="/images/visitor.+p>(.+)</td', resp.text)
+        tdata_sec.append(['Country: ' + finding_country.group(1) + '                Visitors: ' + finding_visitors.group(1)])
+        tdata_sec.append([' '])
+        
+        # Line wrapping for long paragraph that breaks table formatting
+        paraMaxLen = 80
+        paraLen = len(sec_results[0])
+        if paraLen > paraMaxLen:
+            wrappedLines = []
+            for line in sec_results[0].split('\n'):
+                while True:
+                    wrappedLines.append(line[:paraMaxLen])
+                    line = line[paraMaxLen:]
+                    if not line: break
+            for item in wrappedLines:
+                tdata_sec.append([item])
+        self.table(tdata_sec, True)
+    
+        # Get the sites this domain's web site links to
+        finding = re.findall(r"area shape.+title='(.+)' onMouse", resp.text)
+        finding.sort()
+        tdata = [] 
+        tdata.append(['Domain(s) Linked to'])
+        for domain in finding:
+            tdata.append([domain])
+        self.table(tdata, True)

modules/auxiliary/urlvoid.py

+import framework
+# unique to module
+import re
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('domain', self.goptions['domain']['value'], 'yes', self.goptions['domain']['desc'])
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.classify = 'passive'
+        self.info = {
+                     'Name': 'URLVoid Domain Lookup',
+                     'Author': 'Micah Hoffman (@WebBreacher)',
+                     'Description': 'Checks urlvoid.com site for information about the security of a domain.',
+                     'Comments': []
+                     }
+   
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.urlvoid()
+
+    def urlvoid(self):
+        verbose = self.options['verbose']['value']
+        domain = self.options['domain']['value']
+
+        url = 'http://www.urlvoid.com/scan/%s/' % (domain)
+        if verbose: self.output('URL being retrieved: %s' % url)
+        try: resp = self.request(url)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+
+        # Get the security results
+        av_engines = re.findall(r'<td>(.+)</td>\n.*images/(.+)\.png" alt=""', resp.text)
+        tdata = []
+        tdata.append(['Site', 'Status'])
+        for line in av_engines:
+            tdata.append([line[0], line[1]])
+        self.table(tdata, True)

modules/auxiliary/xssed.py

+import framework
+# unique to module
+import re
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('domain', self.goptions['domain']['value'], 'yes', self.goptions['domain']['desc'])
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.classify = 'passive'
+        self.info = {
+                     'Name': 'XSSed Host Lookup',
+                     'Author': 'Micah Hoffman (@WebBreacher)',
+                     'Description': 'Checks XSSed.com site for XSS records for given domain and displays first 20 hits.',
+                     'Comments': []
+                     }
+   
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.xssed()
+
+    def xssed(self):
+        verbose = self.options['verbose']['value']
+        domain = self.options['domain']['value']
+
+        url = 'http://xssed.com/search?key=%s' % (domain)
+        if verbose: self.output('URL for XSSED.com: %s' % url)
+        try: resp = self.request(url)
+        except KeyboardInterrupt:
+            print ''
+            return
+        except Exception as e:
+            self.error(e.__str__())
+            return
+        
+        content = resp.text
+
+        # Find if there are any results for the domain search
+        results = re.findall(r"Results for.*", content)
+       
+        if results:
+            rows = re.split('<br>', str(results))
+            for row in rows:
+                finding = re.findall(r"mirror/([0-9]+)/.+blank\\'>(.+?)</a>", row)
+                if finding:
+                
+                    # Go fetch and parse the specific page for this item
+                    urlDetail = 'http://xssed.com/mirror/%s/' % finding[0][0]
+                    try: respDetail = self.request(urlDetail)
+                    except KeyboardInterrupt:
+                        print ''
+                    except Exception as e:
+                        self.error(e.__str__())
+                    if not respDetail: return
+                    
+                    # Parse the response and get the details
+                    details = []
+                    for line in respDetail.text.split('\n'):
+                        if "row3" in line:
+                            try: 
+                                a = re.search(r'">(.+)</th', line.strip())
+                                details.append(a.group(1))
+                            except: pass
+                            
+                    # Output the results in table format
+                    status = re.search(r';([UNFIXED]+)$',details[2])
+                                          
+                    tdata = [] 
+                    tdata.append(['Category', 'Details Retrieved'])
+                    tdata.append(details[4].split(":",1))                           # Domain
+                    
+                    # Line wrapping for long XSS URLs that break table formatting
+                    urlMaxLen = 80
+                    xssUrlLen = len(details[7].split(":",1)[1])
+                    if xssUrlLen > urlMaxLen:
+                        wrappedLines = []
+                        for line in details[7].split(":",1)[1].strip().split('\n'):
+                            while True:
+                                wrappedLines.append(line[:urlMaxLen])
+                                line = line[urlMaxLen:]
+                                if not line: break
+                        counter = 1
+                        for item in wrappedLines:
+                            if counter == 1:
+                                tdata.append(['URL:', ' ' + item])
+                            else:
+                                tdata.append(["URL (con't):", '   ' + item])
+                            counter += 1
+                    else:
+                        tdata.append(details[7].split(":",1))                       # URL
+                        
+                    tdata.append(details[0].replace('&nbsp;', ' ').split(":",1))    # Date submitted
+                    tdata.append(details[1].replace('&nbsp;', ' ').split(":",1))    # Date Published
+                    tdata.append(details[5].split(":",1))                           # Category
+                    tdata.append(['STATUS', ' ' + status.group(1)])                 # Fixed
+                    self.table(tdata, True)   
+                        
+        else:
+            self.output('No results found')
+