-
Notifications
You must be signed in to change notification settings - Fork 7
/
askt.py
307 lines (294 loc) · 8.24 KB
/
askt.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
import socket
import os
import sys
import requests
import time
import random
import argparse
import nmap
import re
W = '\033[0m' # white (normal)
R = '\033[31m' # red
G = '\033[32m' # green
O = '\033[33m' # orange
B = '\033[34m' # blue
P = '\033[35m' # purple
C = '\033[36m' # cyan
GR = '\033[37m' # gray
T = '\033[93m' # tan
U = '\033[4m'
M = '\033[1;35;32m' # magenta
work_dir = []
open_port = []
crawl_url = ''
sql_bool = False
xxs_bool = False
robot_bool = False
def clean():
os.system('clear')
def print_line():
print(C+'='*40+W)
def checkroot():
if not os.geteuid() == 0:
print(R+'#'*27)
print(R+'#'+G+'Run this program in root!'+R+'#')
print(R+'#'*27)
exit()
def desc():
print(T+'''
This program was created for review and not for causing harm.
Usage of hunner for attacking targets without prior mutual consent is illegal.
Developers assume no liability and are not responsible for any misuse or damage caused by this program.
'''+W)
des = input('Yes/no:')
if des.lower() == 'yes':
pass
else:
exit()
def banner():
banner1 = B+"""
_______ _______ ___ _ _______
| _ || || | | || |
| |_| || _____|| |_| ||_ _|
| || |_____ | _| | |
| ||_____ || |_ | |
| _ | _____| || _ | | |
|__| |__||_______||___| |_| |___|
"""+R+'Author: B3@v3r'+W
banner2 = G+"""
"""+R+'Coder: B3@v3r'+G+"""
_____ _____________ __.___________
/ _ \ / _____/ |/ _|\__ ___/
/ /_\ \ \_____ \| < | |
/ | \/ \ | \ | |
\____|__ /_______ /____|__ \ |____|
\/ \/ \/
"""+B+'Version: 1.0'+"\n"
banner3 = M+"""
_______ _______ _ _________
( ___ )( ____ \| \ /\\__ __/
| ( ) || ( \/| \ / / ) (
| (___) || (_____ | (_/ / | |
| ___ |(_____ )| _ ( | |
| ( ) | ) || ( \ \ | |
| ) ( |/\____) || / \ \ | |
|/ \|\_______)|_/ \/ )_(
"""+B+'Version: 1.0'+"""
"""+"Coder: B3@v3r"+W
m = random.randint(0, 2)
if m == 0:
print(banner1+"\n")
elif m == 1:
print(banner2+"\n")
elif m == 2:
print(banner3+"\n")
def pars_args_check():
parser = argparse.ArgumentParser()
parser.add_argument('--host', help='Target host')
args = parser.parse_args()
if args.host:
global host
host = args.host
else:
sys.exit('Error! Usage: python3 askt.py --host <host>/<host:port>')
def sql():
global sql_bool
print(O+'Start scan SQL vuln'+W)
sql_payload = [
"'",
'or 1=/=1',
'and or 1==2',
'select or select'
'and select *',
'=-12',
"union and or -12' "
]
sql_error = ['Query failed',
'SQL syntax error',
'Query failed',
'Unknown error',
'MySQL fetch',
'Syntax error'
]
num_pay = 0
error = False
for payload in sql_payload:
if sql_bool or error:
break
num_pay +=1
try:
packet = host+' '+payload
html = requests.get(packet).text
t = 0
for check_sql in sql_error:
if check_sql in html:
print(R+'['+time.strftime("%H:%M:%S")+']'+M+'[SQL]Payload: '+packet+' work')
print(M+'[++] Site have sql vuln'+W)
sql_bool = True
break
elif check_sql not in html and t == 5:
print(M+'['+time.strftime("%H:%M:%S")+']'+R+'[SQL]Payload: '+packet+' not work'+W)
else:
t += 1
except:
print(R+'This site not have Sql vuln'+W)
error = True
break
if not sql_bool:
print(R+'[-] This site not have Sql vuln'+W)
def xxs():
global xxs_bool
print(O+'Start scan XXS vuln'+W)
xxs_payload = [
";<script>alert('xxs');</script>",
';<script>alert("xxs");</script>',
'\><script>alert("xxs")</script>',
'<sCriPt>alert("xxs");</sCriPt>',
'</title><body onload=alert("XSS")>',
"></title></style></scrIpt><scRipt>alert('XXS')</scrIpt>"
]
for xxs_text in xxs_payload:
if xxs_bool:
break
pack = host+xxs_text
try:
text = requests.get(pack).text
except:
print(G+'Site not have XXS vuln'+W)
if xxs_text in text:
print(R+'['+time.strftime("%H:%M:%S")+']'+M+'[XXS]Payload: '+pack+' work'+W)
print(M+'[++] This site have XXS vuln'+W)
xxs_bool = True
else:
print(M+'['+time.strftime("%H:%M:%S")+']'+R+'[XXS]Payload: '+pack+' not work'+W)
if not xxs_bool:
print(R+'Site not have XXS vuln')
def url_short():
if "http://" in host:
if 'www.' in host:
host_short = host.split('http://')[1]
host_short = host.split('www.')[1]
else:
host_short = host.split('http://')[1]
elif 'https://' in host:
if 'www' in host:
host_short = host.split('https://')[1]
host_short = host.split('www.')[1]
else:
host_short = host.split('https://')[1]
return host_short
def ip_site():
host_short = url_short()
ind_short_url = host_short.index('/')
host_short = host_short[:ind_short_url]
global crawl_url
crawl_url = host_short
ip = socket.gethostbyname(host_short)
return ip
def info_site():
print(O+'Info site:'+W)
print(M+'Url -=>'+host+W)
ip = ip_site()
print(M+'IP host -=> '+ip+W)
def dir_site_search():
top_dir = [
'/admin/',
'/admin.php',
'/login/'
'/login.php',
'/wp-login/'
'/wp-login.php',
'/robots.txt',
'/phpmyadmin.php',
'/phpinfo.php',
'/admin/admin.php',
'/admin/login.js',
'/adm.php',
'/moderator/',
'/moderator/admin.php',
'/moderator.php',
'/moderator.js',
'/panel-administracion/admin.php',
'/panel-administracion/admin.js',
'/webadmin.php',
'/webadmin/admin.js',
'/webadmin/admin.php',
'/memberadmin/',
'/memberadmin.js',
'/memberadmin.php'
]
print(O+'Dir and basic admin finger'+W)
host_ = url_short()
ind_short_url = host_.index('/')
host_short = host_[:ind_short_url]
for dirs in top_dir:
res = requests.get('http://'+host_short+dirs)
if res.status_code == 200:
print(M+'Dir: '+host_short+dirs+' code: '+str(res.status_code)+W)
work_dir.append(dirs)
elif res.status_code == 300:
print(G+'Dir: '+host_short+dirs+' code: '+str(res.status_code)+W)
else:
print(R+'Dir: '+host_short+dirs+' code: '+str(res.status_code)+W)
def port_scan():
print(O+'Start scan port'+W)
nm = nmap.PortScanner()
ip = ip_site()
nm.scan(ip, '1-999')
ports_tcp = nm[ip].all_tcp()
ports_udp = nm[ip].all_udp()
print(M+'Open ports:'+W)
if len(ports_tcp) > 0:
for port_tcp in ports_tcp:
print(M+'| '+str(port_tcp)+' |'+' tcp | open |'+W)
if len(ports_udp) > 0:
for port_udp in ports_udp:
print(M+'| '+str(ports_udp)+' |'+' udp | open |'+W)
def cloudflare_detect():
print(O+'Start detect cloudflare'+W)
res = requests.get(host)
headers = res.headers
server = headers.get('Server')
print(M+'Response: '+server+W)
if 'cloudflare' in server:
print(R+'Detect cloudflare'+W)
else:
print(G+'Cloudflare not detect'+W)
def crawl():
print(M+'Search start...'+W)
try:
main_res = requests.get('http://'+crawl_url).text
except:
print(R+'Error open site'+W)
for url_site in re.findall('<a href="(.*?)"', main_res):
if '.php' or '.html' in url_site:
print(M+'Found: '+'http://'+crawl_url+'/'+url_site+W)
def recon():
print(O+'Start recon'+W)
crawl()
def scan_main():
print(O+'[+] Start scan host -=>'+M+host+W)
print_line()
info_site()
print_line()
cloudflare_detect()
print_line()
sql()
print_line()
xxs()
print_line()
port_scan()
print_line()
dir_site_search()
print_line()
recon()
print(P+'End scan'+W)
def main():
clean()
desc()
clean()
banner()
checkroot()
pars_args_check()
scan_main()
main()