-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathFunctions.py
212 lines (196 loc) · 9.41 KB
/
Functions.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
#!/usr/bin/env python
import requests,re,os,sys,time,urllib,urllib2,socket
from designer import *
def CheckServer(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + "-- Getting Server Info --" + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
s_check = requests.post(target_url)
regex = '''<meta name="generator" content="(.+?)" />'''
check_regex = re.findall(regex, s_check.content)
try:
if s_check.raw.getheader('server'):
print "[+] Server Header is Present"
ser = s_check.raw.getheader('server')
print "[+] Target is using Following Server: " + COLOR.green + "{0}".format(ser) + COLOR.die
if s_check.raw.getheader('x-content-encoded-by'):
script = s_check.raw.getheader('x-content-encoded-by')
print "[+] Web Based on: " + COLOR.green + "{0}".format(script) + COLOR.die
if s_check.raw.getheader('x-powered-by'):
xx = s_check.raw.getheader('x-powered-by')
print "[+] PHP: " + COLOR.green + "{0}".format(xx) + COLOR.die
if check_regex:
print "[+] Web Based on:" + COLOR.green + " {0}".format(check_regex) + COLOR.die
else:
print "[-] Unable to Find Web Script"
except:
print "-- Exception Catched --"
def HttpOnly(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + "-- Checking for HttpOnly Flag --" + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
checkfor = requests.post(target_url)
var = checkfor.raw.getheader('set-cookie')
var2 = 'HttpOnly'
if var:
print "[+] Set-Cookie Found..\n[+] Trying for HttpOnly..."
try:
if var2 in checkfor.raw.headers.viewvalues():
print "[+] HttpOnly Flg is:" + COLOR.green + " Present" + COLOR.die
else:
print "[-] HttpOnly Flag is:" + COLOR.green + " Not Present" + COLOR.die
except:
print "-- Exception catched --"
pass
else:
print "[-] Set-Cookie Not Found."
def XframeOptions(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + "-- Checking For X-Frame-Options --"
print COLOR.green + "+++" * 16 + COLOR.die
checkforxframe = requests.post(target_url)
if checkforxframe.raw.getheader('x-frame-options'):
print "[+] X-Frame-Options is Present.\n[+] Checking For Methods.."
list_Method = ['DENY', 'SAMEORIGIN', 'ALLOW-FROM', 'Deny', 'SameOrigin', 'Allow-From', 'deny', 'sameorigin', 'allow-from']
for x in range(0, 9):
if list_Method[x] in checkforxframe.raw.getheader('x-frame-options'):
print "[+] Following XFrame Option Found:" + COLOR.green + " {0}".format(list_Method[x]) + COLOR.die
else:
print "[-] Not Found:" + COLOR.green + " {0}".format(list_Method[x]) + COLOR.die
else:
print "[-] X-Frame-Options Not Found. Client May be Vulnerable to: " + COLOR.green + "Click Jacking" + COLOR.die
def XxssPro(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + " -- Checking for X-XSS-Protection -- " + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
checkxsspro = requests.post(target_url)
try:
if checkxsspro.raw.getheader('x-xss-protection'):
print "[+] X-XSS Protection is Present.\n[+] Checking Value.."
x_value = ['0','1','1; mode=block']
if x_value[0] in checkxsspro.raw.getheader('x-xss-protection'):
print "[+] X-XSS-Protection value is: " + COLOR.green + "{0}".format(x_value[0]) + COLOR.die
elif x_value[2] in checkxsspro.raw.getheader('x-xss-protection'):
print "[+] X-XSS-Protection value is: " + COLOR.green + "{0}".format(x_value[2]) + COLOR.die
else:
print "[+] X-XSS-Protection value is: " + COLOR.green + "{0}".format(x_value[1]) + COLOR.die
else:
print "[-] X-XSS-Protection Header Not Found. Client May be Vulnerable to: " + COLOR.green + "Cross Site Scripting" + COLOR.die
except:
print "-- Exception Cacthed --"
def xContentType(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + " -- Checking for X-Content-Type -- " + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
xcon = requests.post(target_url)
if xcon.raw.getheader('x-content-type-options'):
ch = 'nosniff'
if ch in xcon.raw.getheader('x-content-type-options'):
print "[+] MIME Sniffing is Protected: " + COLOR.green + "{0}".format(ch) + COLOR.die
else:
print "[-] Unknown response!"
else:
print "[-] Client Could be Vulnerable to: " + COLOR.green + "MIME Sniffing" + COLOR.die
def SSLTLS(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + " -- Checking for SSL/TLS Security -- " + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
ssltls = requests.post(target_url)
if ssltls.raw.getheader('strict-transport-security'):
print "[+] Strict Transport Security is Added."
else:
print "[-] Strict Transport Security is not Added, Client May be Vulnerable to: " + COLOR.green + "Session Information Leakage" + COLOR.die
def secPol(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + " -- Checking for x-content-security-policy -- " + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
sec = requests.post(target_url)
if sec.raw.getheader('x-content-security-policy'):
print "[+] X-Content-Sec_Policy is Added"
else:
print "[-] Client Can be Vulnerable to: " + COLOR.green + "Cross-Site Scripting and Injection Attacks." + COLOR.die
def AccessControl(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + " -- Checking for Access-Control-Allow-Origin -- " + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
acc = requests.post(target_url)
if acc.raw.getheader('access-control-allow-origin'):
print "[+] Access-Control-Allow-Origin is Added"
else:
print "[-] Access-Control-Allow-Origin is not Available, Client May be vulnerable to: " + COLOR.green + "Cross-Domain Scripting Attacks." + COLOR.die
def Xdownload(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + " -- Checking for X-Download-Options -- " + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
xdo = requests.post(target_url)
if xdo.raw.getheader('x-download-options'):
xdd = 'noopen'
if xdd in xdo.raw.getheader('x-download-options'):
print "[+] File Download and Open Restriction are Added"
else:
print "[-] X-Download-Options Not Available, Client May be Vulnerable to: " + COLOR.green + "Browser File Execution Attacks" + COLOR.die
else:
print "[-] X-Download-Options Not Available, Client May be Vulnerable to: " + COLOR.green + "Browser File Execution Attacks" + COLOR.die
def cache(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + " -- Checking for Cache Control -- " + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
cac = requests.post(target_url)
if cac.raw.getheader('cache-control'):
print "[+] Private Content Cacheing is Added"
else:
print "[-] Private Content Cacheing is Not Found, client May be Vulnerable to: " + COLOR.green + "Content Caching Attacks" + COLOR.die
#def crawler():
# print COLOR.green + "+++" * 16 + COLOR.die
# print COLOR.green + "-- Crawling URLs --" + COLOR.die
# print COLOR.green + "+++" * 16 + COLOR.die
# try:
# textfile = file('Pentester.txt','wt')
# myurl = input('Enter url: ')
# for i in re.findall('''href=["'](.[^"']+)["']''', urllib.urlopen(myurl).read(), re.I):
# print i
# for ee in re.findall('''href=["'](.[^"']+)["']''', urllib.urlopen(i).read(), re.I):
# print ee
# textfile.write(ee+'\n')
# textfile.close()
# print "[+] Check 'Pentester.txt' For URLs."
#except:
# print "-- Exception Catched --"
def Backup(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + " -- Checking for BackUp Abusement -- " + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
backup_files = ['wp-config.php-','wp-config.php.bak','wp-config.php.save','wp-config.php.swp','wp-config.php.swo','wp-config.php.conf','wp-config.php.old','wp-config.txt','wp-config.php~','config.php-','config.php.bak','config.php.save','config.php.swp','config.php.swo','config.php.conf','config.php.old','config.txt','config.php~']
for bckupConf in backup_files:
bck = requests.post(target_url + '/' + bckupConf)
if bck.status_code == '200':
print "[-] Following URL Might Contain Config Backup : " + COLOR.green + "{0}".format(bckupConf) + COLOR.die
else:
print "[+] Config is Properly deleted: " + COLOR.green + "{0}".format(bckupConf) + COLOR.die
def DNSMiscon(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + " -- Checking for DNS-Misconfiguration -- " + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
try:
# Issue(1) resolved!
# if any one have better explanation, let me know i'll add it.
temp_var = target_url.split('/')
ip_address = socket.gethostbyaddr("localhost." + temp_var[2] )
dmx = '127.0.0.1'
if str(dmx) in str(ip_address):
#print str(dmx)
print "[-] Same Scripting Can be Done, Vulnerable to: " + COLOR.green + "DNS Misconfiguration." + COLOR.die
else:
print "[+] Not Vulnerable to: " + COLOR.green + "DNS Misconfiguration" + COLOR.die
except socket.error:
print "[+] Not Vulnerable to: " + COLOR.green + "DNS Misconfiguration" + COLOR.die
print "-- Exception Catched --"
def httpTrace(target_url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + "-- Checking for Trace Method is Enabled --" + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
make_req = requests.request('trace', target_url, cookies={'Hacker': 'Muhammad Adeel'})
print "[+] If You Find " + COLOR.green + "TRACE & Muhammad Adeel" + COLOR.die + " Below, Target Will be Vulnerable Otherwise No."
print "==>\n"
print make_req.status_code
print make_req.content