API tools faq
paste
Advertisement
xGHOSTSECx

Untitled

xGHOSTSECx
Aug 5th, 2021
1,402
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 14.23 KB | None | 0 0
raw download clone embed print report
  1. ```#!/usr/bin/python3
  2. # GhostScan by #GhostSec
  3. #
  4. #
  5.  
  6. from bs4 import BeautifulSoup
  7. from urllib.parse import urlparse
  8. import requests, sys, os, atexit, optparse
  9. from http import cookies
  10. requests.packages.urllib3.disable_warnings()
  11.  
  12. OKBLUE='\033[94m'
  13. OKRED='\033[91m'
  14. OKGREEN='\033[92m'
  15. OKORANGE='\033[93m'
  16. COLOR1='\033[95m'
  17. COLOR2='\033[96m'
  18. RESET='\x1b[0m'
  19.  
  20. def readlinks (url):
  21.   try:
  22.  
  23.     if len(cookies) > 2:
  24.       headers = {'Cookie': cookies}
  25.       r = requests.get(url, headers=headers, verify=False)
  26.     else:
  27.       r  = requests.get(url, verify=False)
  28.  
  29.     data = r.text
  30.     soup = BeautifulSoup(data, "lxml")
  31.     parsed_uri = urlparse(url)
  32.     domain = '{uri.netloc}'.format(uri=parsed_uri)
  33.     domain = domain.split(':')[0]
  34.   except Exception as ex:
  35.     print(ex)
  36.  
  37.   urls = open("/tmp/" + domain + "_" + port + "-urls.txt","w+")
  38.   urls_saved = open(save_dir + domain + "_" + port + "-urls.txt","a")
  39.   forms_saved = open(save_dir + domain + "_" + port + "-forms.txt","a")
  40.   dynamic_saved = open(save_dir + domain + "_" + port + "-dynamic.txt","a")
  41.   emails_saved = open(save_dir + domain + "_" + port + "-emails.txt","a")
  42.   phones_saved = open(save_dir + domain + "_" + port + "-phones.txt","a")
  43.   subdomains_saved = open(save_dir + domain + "_" + port + "-subdomains.txt","a")
  44.  
  45.   print ("")
  46.   print (OKGREEN + "==================================================================================================" + RESET)
  47.   print (OKGREEN + url)
  48.   print (OKGREEN + "==================================================================================================" + RESET)
  49.   for form in soup.find_all('form'):
  50.     #print (OKBLUE + "[+] Extracting form values...")
  51.     #print ("__________________________________________________________________________________________________" + OKORANGE)
  52.     #print (form)
  53.     #print (OKBLUE + "__________________________________________________________________________________________________")
  54.     #print (RESET)
  55.     forms_saved.write(url + "\n")
  56.  
  57.   # PARSE LINKS
  58.   for link in soup.find_all('a'):
  59.     # IF LINK IS NOT NULL
  60.     if link.get('href') is not None:
  61.       parsed_uri = urlparse(link.get('href'))
  62.       linkdomain = '{uri.netloc}'.format(uri=parsed_uri)
  63.       if (domain != linkdomain) and (linkdomain != "") and (domain in linkdomain):
  64.         print (COLOR1 + "[+] Sub-domain found! " + linkdomain + " " + RESET)
  65.         subdomains_saved.write(linkdomain + "\n")
  66.       # IF LINK STARTS WITH HTTP
  67.       if link.get('href')[:4] == "http":
  68.         # SAME ORIGIN
  69.         if domain in link.get('href'):
  70.           # IF URL IS DYNAMIC
  71.           if "?" in link.get('href'):
  72.             print (OKRED + "[+] Dynamic URL found! " + link.get('href') + " " + RESET)
  73.             urls.write(link.get('href') + "\n")
  74.             urls_saved.write(link.get('href') + "\n")
  75.             dynamic_saved.write(link.get('href') + "\n")
  76.           else:
  77.             print (link.get('href'))
  78.             urls.write(link.get('href') + "\n")
  79.             urls_saved.write(link.get('href') + "\n")
  80.         # EXTERNAL LINK FOUND
  81.         #else:
  82.         # IF URL IS DYNAMIC
  83.         #if "?" in link.get('href'):
  84.         #print (COLOR2 + "[+] External Dynamic URL found! " + link.get('href') + " " + RESET)
  85.         #else:
  86.         #print (COLOR2 + "[i] External link found! " + link.get('href') + " " + RESET)
  87.       # IF URL IS DYNAMIC
  88.       elif "?" in link.get('href'):
  89.         print (OKRED + "[+] Dynamic URL found! " + url + "/" + link.get('href') + " " + RESET)
  90.         urls.write(url + "/" + link.get('href') + "\n")
  91.         urls_saved.write(url + "/" + link.get('href') + "\n")
  92.         dynamic_saved.write(url + "/" + link.get('href') + "\n")
  93.       # DOM BASED LINK
  94.       #elif link.get('href')[:1] == "#":
  95.       #print (OKBLUE + "[i] DOM based link found! " + link.get('href') + " " + RESET)
  96.       # TELEPHONE
  97.       elif link.get('href')[:4] == "tel:":
  98.         s = link.get('href')
  99.         phonenum = s.split(':')[1]
  100.         print (OKORANGE + "[i] Telephone # found! " + phonenum + " " + RESET)
  101.         phones_saved.write(phonenum + "\n")
  102.       # EMAIL
  103.       elif link.get('href')[:7] == "mailto:":
  104.         s = link.get('href')
  105.         email = s.split(':')[1]
  106.         print (OKORANGE + "[i] Email found! " + email + " " + RESET)
  107.         emails_saved.write(email + "\n")
  108.       # ELSE NORMAL LINK FOUND
  109.       else:
  110.         print (url + "/" + link.get('href'))
  111.         urls.write(url + "/" + link.get('href') + "\n")
  112.         urls_saved.write(url + "/" + link.get('href') + "\n")
  113.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  114.  
  115. def readfile():
  116.   filename = "/tmp/" + domain + "_" + port + "-urls.txt"
  117.   with open(filename) as f:
  118.     urls = f.read().splitlines()
  119.     for url in urls:
  120.       try:
  121.         readlinks(url)
  122.       except Exception as ex:
  123.         print(ex)
  124.  
  125. def logo():
  126.   version = "1.3"
  127.   print (OKRED + "")
  128.   print (OKRED + "")
  129.   print (OKRED + "                _.._")
  130.   print (OKRED + "              .'    '.")
  131.   print (OKRED + "             /   __   \ ")
  132.   print (OKRED + "          ,  |   ><   |  ,")
  133.   print (OKRED + "         . \ \     /  / .")
  134.   print (OKRED + "          \_'--`(  )'--'_/")
  135.   print (OKRED + "            .--'/()\'--.")
  136.   print (OKRED + "@GhostSec  /  /` '' `\ \ ")
  137.   print (OKRED + "             |        |")
  138.   print (OKRED + "              \     /")
  139.   print (OKRED + "")
  140.   print (RESET)
  141.   print (OKORANGE + " + -- --=[ WeAreGhost" + RESET)
  142.   print (OKORANGE + " + -- --=[ GhostScan v" + version + " GhostSec " + RESET)
  143.   print (RESET)
  144.  
  145. def exit_handler():
  146.   os.system('sort -u ' + save_dir + domain + "_" + port + '-urls.txt > ' + save_dir + domain + "_" + port + '-urls-sorted.txt 2>/dev/null')
  147.   os.system('sort -u ' + save_dir + domain + "_" + port + '-forms.txt > ' + save_dir + domain + "_" + port + '-forms-sorted.txt 2>/dev/null')
  148.   os.system('sort -u ' + save_dir + domain + "_" + port + '-dynamic.txt > ' + save_dir + domain + "_" + port + '-dynamic-sorted.txt 2>/dev/null')
  149.   os.system('rm -f ' + save_dir + domain + "_" + port + '-dynamic-unique.txt 2>/dev/null')
  150.   os.system('touch ' + save_dir + domain + "_" + port + '-dynamic-unique.txt')
  151.   os.system('for a in `cat ' + save_dir + domain + "_" + port + '-dynamic-sorted.txt | cut -d \'?\' -f2 | sort -u | cut -d \'=\' -f1 | sort -u`; do for b in `egrep $a ' + save_dir + domain + "_" + port +'-dynamic.txt -m 1`; do echo $b >> ' + save_dir + domain + "_" + port + '-dynamic-unique.txt; done; done;')
  152.   os.system('sort -u ' + save_dir + domain + "_" + port + '-subdomains.txt > ' + save_dir + domain + "_" + port + '-subdomains-sorted.txt 2>/dev/null')
  153.   os.system('sort -u ' + save_dir + domain + "_" + port + '-emails.txt > ' + save_dir + domain + "_" + port + '-emails-sorted.txt 2>/dev/null')
  154.   os.system('sort -u ' + save_dir + domain + "_" + port + '-phones.txt > ' + save_dir + domain + "_" + port + '-phones-sorted.txt 2>/dev/null')
  155.  
  156.   logo()
  157.   print (OKGREEN + "[+] URL's Discovered: \n" + save_dir + domain + "_" + port + "-urls-sorted.txt" + RESET)
  158.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  159.   os.system('cat ' + save_dir + domain + "_" + port + '-urls-sorted.txt')
  160.   print (RESET)
  161.   print (OKGREEN + "[+] Dynamic URL's Discovered: \n" + save_dir + domain + "_" + port + "-dynamic-sorted.txt" + RESET)
  162.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  163.   os.system('cat ' + save_dir + domain + "_" + port + '-dynamic-sorted.txt')
  164.   print (RESET)
  165.   print (OKGREEN + "[+] Form URL's Discovered: \n" + save_dir + domain + "_" + port + "-forms-sorted.txt" + RESET)
  166.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  167.   os.system('cat ' + save_dir + domain + "_" + port + '-forms-sorted.txt')
  168.   print (RESET)
  169.   print (OKGREEN + "[+] Unique Dynamic Parameters Discovered: \n" + save_dir + domain + "_" + port + "-dynamic-unique.txt" + RESET)
  170.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  171.   os.system('cat ' + save_dir + domain + "_" + port + '-dynamic-unique.txt')
  172.   print (RESET)
  173.   print (OKGREEN + "[+] Sub-domains Discovered: \n" + save_dir + domain + "_" + port + "-subdomains-sorted.txt" + RESET)                                                                                                                                                                                                                                                                                       print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  174.   os.system('cat ' + save_dir + domain + "_" + port + '-subdomains-sorted.txt')
  175.   print (RESET)
  176.   print (OKGREEN + "[+] Emails Discovered: \n" + save_dir + domain + "_" + port + "-emails-sorted.txt" + RESET)
  177.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  178.   os.system('cat ' + save_dir + domain + "_" + port + '-emails-sorted.txt')                                                                                                                                                                                                                                                                                                                                    print (RESET)
  179.   print (OKGREEN + "[+] Phones Discovered: \n" + save_dir + domain + "_" + port + "-phones-sorted.txt" + RESET)
  180.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  181.   os.system('cat ' + save_dir + domain + "_" + port + '-phones-sorted.txt')
  182.   print (RESET)
  183.   print (OKRED + "[+] Loot Saved To: \n" + save_dir + RESET)
  184.   print (OKRED + "__________________________________________________________________________________________________" + RESET)
  185.   print (RESET)
  186.  
  187.   os.system('rm -f ' + save_dir + domain + "_" + port + '-dynamic.txt')
  188.   os.system('rm -f ' + save_dir + domain + "_" + port + '-forms.txt')
  189.   os.system('rm -f ' + save_dir + domain + "_" + port + '-emails.txt')
  190.   os.system('rm -f ' + save_dir + domain + "_" + port + '-phones.txt')
  191.   os.system('rm -f ' + save_dir + domain + "_" + port + '-urls.txt')
  192.   os.system('rm -f ' + save_dir + domain + "_" + port + '-subdomains.txt')
  193.   os.system('rm -f /tmp/' + domain + "_" + port + '-urls.txt 2> /dev/null')
  194.  
  195.   if scan == "y":
  196.     os.system('for a in `cat ' + save_dir + domain + "_" + port + '-dynamic-unique.txt`; do python3 /usr/bin/injectx.py -u $a; done;')
  197.   else:
  198.     pass
  199. logo()
  200. globalURL = "globalBadness"
  201. if len(sys.argv) < 2:
  202.   print ("You need to specify a URL to scan. Use --help for all options.")
  203.   quit()
  204. else:
  205.   parser = optparse.OptionParser()
  206.   parser.add_option('-u', '--url',
  207.                     action="store", dest="url",
  208.                     help="Full URL to spider", default="")
  209.  
  210.   parser.add_option('-d', '--domain',
  211.                     action="store", dest="domain",
  212.                     help="Domain name to spider", default="")
  213.  
  214.   parser.add_option('-c', '--cookie',
  215.                     action="store", dest="cookie",
  216.                     help="Cookies to send", default="")
  217.  
  218.   parser.add_option('-l', '--level',
  219.                     action="store", dest="level",
  220.                     help="Level of depth to traverse", default="2")
  221.  
  222.   parser.add_option('-s', '--scan',
  223.                     action="store", dest="scan",
  224.                     help="Scan all dynamic URL's found", default="n")
  225.  
  226.   parser.add_option('-p', '--port',
  227.                     action="store", dest="port",
  228.                     help="Port for the URL", default="80")
  229.  
  230.   parser.add_option('-v', '--verbose',
  231.                     action="store", dest="verbose",
  232.                     help="Set verbose mode ON", default="y")
  233.  
  234.   options, args = parser.parse_args()
  235.   target = str(options.url)
  236.   domain = str(options.domain)
  237.   cookies = str(options.cookie)
  238.   max_depth = str(options.level)
  239.   scan = str(options.scan)
  240.   port = str(options.port)
  241.   verbose = str(options.verbose)
  242.   ans = scan
  243.   level = 1
  244.  
  245.   # using a domain and a port or a URL?
  246.   if ":" not in target:
  247.  
  248.     if len(str(target)) > 6:
  249.       url = target + ":" + port #big change here
  250.  
  251.     else:
  252.       url = "http://" + str(domain) + ":" + port
  253.  
  254.     if len(str(domain)) > 4:
  255.       target = "http://" + domain + ":" + port
  256.     else:
  257.       print (target)
  258.       urlparse(target)
  259.       parsed_uri = urlparse(target)
  260.       domain = '{uri.netloc}'.format(uri=parsed_uri)
  261.  
  262.   else:
  263.     url = target
  264.     globalURL = target
  265.     parsed_uri = urlparse(target)
  266.     domainWithPort = '{uri.netloc}'.format(uri=parsed_uri)
  267.     domain = domainWithPort.split(':')[0]
  268.     if (len(target.split(':')) > 2):
  269.       portWithPossiblePath = target.split(':')[2]
  270.       port = portWithPossiblePath.split('/')[0]
  271.     else:
  272.       port = port
  273.  
  274.   save_dir = "/usr/share/ghostscan/" + domain + "_" + port + "/"
  275.   os.system('mkdir -p ' + save_dir + ' 2>/dev/null')
  276.   atexit.register(exit_handler)
  277.  
  278.  
  279.   # FILE INIT
  280.   urls_file = "/tmp/" + domain + "_" + port + "-urls.txt"
  281.   urls_saved_file = save_dir + domain + "_" + port + "-urls.txt"
  282.   forms_saved_file = save_dir + domain + "_" + port + "-forms.txt"
  283.   subdomain_file = save_dir + domain + "_" + port + "-subdomains.txt"
  284.   emails_file = save_dir + domain + "_" + port + "-emails.txt"
  285.   phones_file = save_dir + domain + "_" + port + "-phones.txt"
  286.   urls = open(urls_file,"w+")
  287.   urls.close()
  288.   urls_saved = open(urls_saved_file,"w+")
  289.   urls_saved.close()
  290.   forms_saved = open(forms_saved_file,"w+")
  291.   forms_saved.close()
  292.   subdomains = open(subdomain_file,"w+")
  293.   subdomains.close()
  294.   emails = open(emails_file,"w+")
  295.   emails.close()
  296.   phones = open(phones_file,"w+")
  297.   phones.close()
  298.  
  299.  
  300.   try:
  301.     readlinks(url)
  302.   except Exception as ex:
  303.     print(ex)
  304.  
  305.   while (int(level) <= int(max_depth)):
  306.     level = level+1
  307.     if (int(level) <= int(max_depth)):
  308.       try:
  309.         readfile()
  310.       except Exception as ex:
  311.         print(ex)
  312.     else:
  313.       break
  314. ~
  315. ~
  316. ~
  317. ~
  318. ~
  319. ~
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!