-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinit.py
101 lines (72 loc) · 2.54 KB
/
init.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
import time
import json
from src.ctr_sh import crtshAPI
import src.sys as siis
DOMAIN = ""
NAME = ""
FOLDER = "files/"
URLS = []
TAB = " "
SLEEP = 6
def bruteCracking(uri, urls, vulnerabilities, log):
siis.writeHeader(log, TAB, uri)
siis.writeHeader(vulnerabilities, TAB, uri)
count = 1
count_vulnerabilities = 0
for url in urls:
try:
print("{}{}/{}".format(TAB*2, count, len(urls)), end="\r")
count += 1
url = 'http://' + url
session = requests.Session()
retry = Retry(connect=3, backoff_factor=0.5)
adapter = HTTPAdapter(max_retries=retry)
session.mount('http://', adapter)
session.mount('https://', adapter)
response = requests.get(url)
table = "{}\t=>\t{}\n".format(response.status_code, url)
log.write(table)
if(response.status_code != 404):
count_vulnerabilities += 1
vulnerabilities.write(table)
except Exception as e:
table = "{}\t=>\t{}\t{}\n".format("000", url, e)
log.write(table)
time.sleep(SLEEP)
print("{}{} vulnerabilities\n".format(TAB*2, count_vulnerabilities))
def getSubdomains():
path = FOLDER + NAME + ".json"
f = open(path, "w")
subdomains = json.dumps(crtshAPI().search(DOMAIN))
f.write(subdomains)
f.close()
subdomains_obj = json.loads(subdomains)
for sub in subdomains_obj:
if sub['common_name'] not in URLS:
URLS.append(sub['common_name'])
URLS.sort()
print("{}{} urls found \n".format(TAB, len(URLS)))
if __name__ == "__main__":
siis.start()
if(siis.checkArgs() == False):
siis.end("The domain is not correct")
DOMAIN = siis.getDomain()
NAME = DOMAIN.split('.', 1)[0]
print("- Get all subdomains of {} \n".format(DOMAIN))
getSubdomains()
print("- Generating Log and Vulnerabilities files \n")
log = open(FOLDER + NAME + ".txt", "w")
vulnerabilities = open(FOLDER + NAME + "_vulnerabilities.txt", "w")
for uri in URLS:
print("{}-- Start of {} check\n".format(TAB, uri))
with open("src/force.txt", "r") as f:
contents = f.read()
urls = contents.replace("{{BaseURL}}", uri)
urls = urls.split(",")
bruteCracking(uri, urls, vulnerabilities, log)
vulnerabilities.close()
log.close()
siis.end()