xGHOSTSECx

Untitled

Aug 5th, 2021
980
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ```#!/usr/bin/python3
  2. # GhostScan by #GhostSec
  3. #
  4. #
  5.  
  6. from bs4 import BeautifulSoup
  7. from urllib.parse import urlparse
  8. import requests, sys, os, atexit, optparse
  9. from http import cookies
  10. requests.packages.urllib3.disable_warnings()
  11.  
  12. OKBLUE='\033[94m'
  13. OKRED='\033[91m'
  14. OKGREEN='\033[92m'
  15. OKORANGE='\033[93m'
  16. COLOR1='\033[95m'
  17. COLOR2='\033[96m'
  18. RESET='\x1b[0m'
  19.  
  20. def readlinks (url):
  21.   try:
  22.  
  23.     if len(cookies) > 2:
  24.       headers = {'Cookie': cookies}
  25.       r = requests.get(url, headers=headers, verify=False)
  26.     else:
  27.       r  = requests.get(url, verify=False)
  28.  
  29.     data = r.text
  30.     soup = BeautifulSoup(data, "lxml")
  31.     parsed_uri = urlparse(url)
  32.     domain = '{uri.netloc}'.format(uri=parsed_uri)
  33.     domain = domain.split(':')[0]
  34.   except Exception as ex:
  35.     print(ex)
  36.  
  37.   urls = open("/tmp/" + domain + "_" + port + "-urls.txt","w+")
  38.   urls_saved = open(save_dir + domain + "_" + port + "-urls.txt","a")
  39.   forms_saved = open(save_dir + domain + "_" + port + "-forms.txt","a")
  40.   dynamic_saved = open(save_dir + domain + "_" + port + "-dynamic.txt","a")
  41.   emails_saved = open(save_dir + domain + "_" + port + "-emails.txt","a")
  42.   phones_saved = open(save_dir + domain + "_" + port + "-phones.txt","a")
  43.   subdomains_saved = open(save_dir + domain + "_" + port + "-subdomains.txt","a")
  44.  
  45.   print ("")
  46.   print (OKGREEN + "==================================================================================================" + RESET)
  47.   print (OKGREEN + url)
  48.   print (OKGREEN + "==================================================================================================" + RESET)
  49.   for form in soup.find_all('form'):
  50.     #print (OKBLUE + "[+] Extracting form values...")
  51.     #print ("__________________________________________________________________________________________________" + OKORANGE)
  52.     #print (form)
  53.     #print (OKBLUE + "__________________________________________________________________________________________________")
  54.     #print (RESET)
  55.     forms_saved.write(url + "\n")
  56.  
  57.   # PARSE LINKS
  58.   for link in soup.find_all('a'):
  59.     # IF LINK IS NOT NULL
  60.     if link.get('href') is not None:
  61.       parsed_uri = urlparse(link.get('href'))
  62.       linkdomain = '{uri.netloc}'.format(uri=parsed_uri)
  63.       if (domain != linkdomain) and (linkdomain != "") and (domain in linkdomain):
  64.         print (COLOR1 + "[+] Sub-domain found! " + linkdomain + " " + RESET)
  65.         subdomains_saved.write(linkdomain + "\n")
  66.       # IF LINK STARTS WITH HTTP
  67.       if link.get('href')[:4] == "http":
  68.         # SAME ORIGIN
  69.         if domain in link.get('href'):
  70.           # IF URL IS DYNAMIC
  71.           if "?" in link.get('href'):
  72.             print (OKRED + "[+] Dynamic URL found! " + link.get('href') + " " + RESET)
  73.             urls.write(link.get('href') + "\n")
  74.             urls_saved.write(link.get('href') + "\n")
  75.             dynamic_saved.write(link.get('href') + "\n")
  76.           else:
  77.             print (link.get('href'))
  78.             urls.write(link.get('href') + "\n")
  79.             urls_saved.write(link.get('href') + "\n")
  80.         # EXTERNAL LINK FOUND
  81.         #else:
  82.         # IF URL IS DYNAMIC
  83.         #if "?" in link.get('href'):
  84.         #print (COLOR2 + "[+] External Dynamic URL found! " + link.get('href') + " " + RESET)
  85.         #else:
  86.         #print (COLOR2 + "[i] External link found! " + link.get('href') + " " + RESET)
  87.       # IF URL IS DYNAMIC
  88.       elif "?" in link.get('href'):
  89.         print (OKRED + "[+] Dynamic URL found! " + url + "/" + link.get('href') + " " + RESET)
  90.         urls.write(url + "/" + link.get('href') + "\n")
  91.         urls_saved.write(url + "/" + link.get('href') + "\n")
  92.         dynamic_saved.write(url + "/" + link.get('href') + "\n")
  93.       # DOM BASED LINK
  94.       #elif link.get('href')[:1] == "#":
  95.       #print (OKBLUE + "[i] DOM based link found! " + link.get('href') + " " + RESET)
  96.       # TELEPHONE
  97.       elif link.get('href')[:4] == "tel:":
  98.         s = link.get('href')
  99.         phonenum = s.split(':')[1]
  100.         print (OKORANGE + "[i] Telephone # found! " + phonenum + " " + RESET)
  101.         phones_saved.write(phonenum + "\n")
  102.       # EMAIL
  103.       elif link.get('href')[:7] == "mailto:":
  104.         s = link.get('href')
  105.         email = s.split(':')[1]
  106.         print (OKORANGE + "[i] Email found! " + email + " " + RESET)
  107.         emails_saved.write(email + "\n")
  108.       # ELSE NORMAL LINK FOUND
  109.       else:
  110.         print (url + "/" + link.get('href'))
  111.         urls.write(url + "/" + link.get('href') + "\n")
  112.         urls_saved.write(url + "/" + link.get('href') + "\n")
  113.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  114.  
  115. def readfile():
  116.   filename = "/tmp/" + domain + "_" + port + "-urls.txt"
  117.   with open(filename) as f:
  118.     urls = f.read().splitlines()
  119.     for url in urls:
  120.       try:
  121.         readlinks(url)
  122.       except Exception as ex:
  123.         print(ex)
  124.  
  125. def logo():
  126.   version = "1.3"
  127.   print (OKRED + "")
  128.   print (OKRED + "")
  129.   print (OKRED + "                _.._")
  130.   print (OKRED + "              .'    '.")
  131.   print (OKRED + "             /   __   \ ")
  132.   print (OKRED + "          ,  |   ><   |  ,")
  133.   print (OKRED + "         . \ \     /  / .")
  134.   print (OKRED + "          \_'--`(  )'--'_/")
  135.   print (OKRED + "            .--'/()\'--.")
  136.   print (OKRED + "@GhostSec  /  /` '' `\ \ ")
  137.   print (OKRED + "             |        |")
  138.   print (OKRED + "              \     /")
  139.   print (OKRED + "")
  140.   print (RESET)
  141.   print (OKORANGE + " + -- --=[ WeAreGhost" + RESET)
  142.   print (OKORANGE + " + -- --=[ GhostScan v" + version + " GhostSec " + RESET)
  143.   print (RESET)
  144.  
  145. def exit_handler():
  146.   os.system('sort -u ' + save_dir + domain + "_" + port + '-urls.txt > ' + save_dir + domain + "_" + port + '-urls-sorted.txt 2>/dev/null')
  147.   os.system('sort -u ' + save_dir + domain + "_" + port + '-forms.txt > ' + save_dir + domain + "_" + port + '-forms-sorted.txt 2>/dev/null')
  148.   os.system('sort -u ' + save_dir + domain + "_" + port + '-dynamic.txt > ' + save_dir + domain + "_" + port + '-dynamic-sorted.txt 2>/dev/null')
  149.   os.system('rm -f ' + save_dir + domain + "_" + port + '-dynamic-unique.txt 2>/dev/null')
  150.   os.system('touch ' + save_dir + domain + "_" + port + '-dynamic-unique.txt')
  151.   os.system('for a in `cat ' + save_dir + domain + "_" + port + '-dynamic-sorted.txt | cut -d \'?\' -f2 | sort -u | cut -d \'=\' -f1 | sort -u`; do for b in `egrep $a ' + save_dir + domain + "_" + port +'-dynamic.txt -m 1`; do echo $b >> ' + save_dir + domain + "_" + port + '-dynamic-unique.txt; done; done;')
  152.   os.system('sort -u ' + save_dir + domain + "_" + port + '-subdomains.txt > ' + save_dir + domain + "_" + port + '-subdomains-sorted.txt 2>/dev/null')
  153.   os.system('sort -u ' + save_dir + domain + "_" + port + '-emails.txt > ' + save_dir + domain + "_" + port + '-emails-sorted.txt 2>/dev/null')
  154.   os.system('sort -u ' + save_dir + domain + "_" + port + '-phones.txt > ' + save_dir + domain + "_" + port + '-phones-sorted.txt 2>/dev/null')
  155.  
  156.   logo()
  157.   print (OKGREEN + "[+] URL's Discovered: \n" + save_dir + domain + "_" + port + "-urls-sorted.txt" + RESET)
  158.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  159.   os.system('cat ' + save_dir + domain + "_" + port + '-urls-sorted.txt')
  160.   print (RESET)
  161.   print (OKGREEN + "[+] Dynamic URL's Discovered: \n" + save_dir + domain + "_" + port + "-dynamic-sorted.txt" + RESET)
  162.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  163.   os.system('cat ' + save_dir + domain + "_" + port + '-dynamic-sorted.txt')
  164.   print (RESET)
  165.   print (OKGREEN + "[+] Form URL's Discovered: \n" + save_dir + domain + "_" + port + "-forms-sorted.txt" + RESET)
  166.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  167.   os.system('cat ' + save_dir + domain + "_" + port + '-forms-sorted.txt')
  168.   print (RESET)
  169.   print (OKGREEN + "[+] Unique Dynamic Parameters Discovered: \n" + save_dir + domain + "_" + port + "-dynamic-unique.txt" + RESET)
  170.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  171.   os.system('cat ' + save_dir + domain + "_" + port + '-dynamic-unique.txt')
  172.   print (RESET)
  173.   print (OKGREEN + "[+] Sub-domains Discovered: \n" + save_dir + domain + "_" + port + "-subdomains-sorted.txt" + RESET)                                                                                                                                                                                                                                                                                       print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  174.   os.system('cat ' + save_dir + domain + "_" + port + '-subdomains-sorted.txt')
  175.   print (RESET)
  176.   print (OKGREEN + "[+] Emails Discovered: \n" + save_dir + domain + "_" + port + "-emails-sorted.txt" + RESET)
  177.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  178.   os.system('cat ' + save_dir + domain + "_" + port + '-emails-sorted.txt')                                                                                                                                                                                                                                                                                                                                    print (RESET)
  179.   print (OKGREEN + "[+] Phones Discovered: \n" + save_dir + domain + "_" + port + "-phones-sorted.txt" + RESET)
  180.   print (OKGREEN + "__________________________________________________________________________________________________" + RESET)
  181.   os.system('cat ' + save_dir + domain + "_" + port + '-phones-sorted.txt')
  182.   print (RESET)
  183.   print (OKRED + "[+] Loot Saved To: \n" + save_dir + RESET)
  184.   print (OKRED + "__________________________________________________________________________________________________" + RESET)
  185.   print (RESET)
  186.  
  187.   os.system('rm -f ' + save_dir + domain + "_" + port + '-dynamic.txt')
  188.   os.system('rm -f ' + save_dir + domain + "_" + port + '-forms.txt')
  189.   os.system('rm -f ' + save_dir + domain + "_" + port + '-emails.txt')
  190.   os.system('rm -f ' + save_dir + domain + "_" + port + '-phones.txt')
  191.   os.system('rm -f ' + save_dir + domain + "_" + port + '-urls.txt')
  192.   os.system('rm -f ' + save_dir + domain + "_" + port + '-subdomains.txt')
  193.   os.system('rm -f /tmp/' + domain + "_" + port + '-urls.txt 2> /dev/null')
  194.  
  195.   if scan == "y":
  196.     os.system('for a in `cat ' + save_dir + domain + "_" + port + '-dynamic-unique.txt`; do python3 /usr/bin/injectx.py -u $a; done;')
  197.   else:
  198.     pass
  199. logo()
  200. globalURL = "globalBadness"
  201. if len(sys.argv) < 2:
  202.   print ("You need to specify a URL to scan. Use --help for all options.")
  203.   quit()
  204. else:
  205.   parser = optparse.OptionParser()
  206.   parser.add_option('-u', '--url',
  207.                     action="store", dest="url",
  208.                     help="Full URL to spider", default="")
  209.  
  210.   parser.add_option('-d', '--domain',
  211.                     action="store", dest="domain",
  212.                     help="Domain name to spider", default="")
  213.  
  214.   parser.add_option('-c', '--cookie',
  215.                     action="store", dest="cookie",
  216.                     help="Cookies to send", default="")
  217.  
  218.   parser.add_option('-l', '--level',
  219.                     action="store", dest="level",
  220.                     help="Level of depth to traverse", default="2")
  221.  
  222.   parser.add_option('-s', '--scan',
  223.                     action="store", dest="scan",
  224.                     help="Scan all dynamic URL's found", default="n")
  225.  
  226.   parser.add_option('-p', '--port',
  227.                     action="store", dest="port",
  228.                     help="Port for the URL", default="80")
  229.  
  230.   parser.add_option('-v', '--verbose',
  231.                     action="store", dest="verbose",
  232.                     help="Set verbose mode ON", default="y")
  233.  
  234.   options, args = parser.parse_args()
  235.   target = str(options.url)
  236.   domain = str(options.domain)
  237.   cookies = str(options.cookie)
  238.   max_depth = str(options.level)
  239.   scan = str(options.scan)
  240.   port = str(options.port)
  241.   verbose = str(options.verbose)
  242.   ans = scan
  243.   level = 1
  244.  
  245.   # using a domain and a port or a URL?
  246.   if ":" not in target:
  247.  
  248.     if len(str(target)) > 6:
  249.       url = target + ":" + port #big change here
  250.  
  251.     else:
  252.       url = "http://" + str(domain) + ":" + port
  253.  
  254.     if len(str(domain)) > 4:
  255.       target = "http://" + domain + ":" + port
  256.     else:
  257.       print (target)
  258.       urlparse(target)
  259.       parsed_uri = urlparse(target)
  260.       domain = '{uri.netloc}'.format(uri=parsed_uri)
  261.  
  262.   else:
  263.     url = target
  264.     globalURL = target
  265.     parsed_uri = urlparse(target)
  266.     domainWithPort = '{uri.netloc}'.format(uri=parsed_uri)
  267.     domain = domainWithPort.split(':')[0]
  268.     if (len(target.split(':')) > 2):
  269.       portWithPossiblePath = target.split(':')[2]
  270.       port = portWithPossiblePath.split('/')[0]
  271.     else:
  272.       port = port
  273.  
  274.   save_dir = "/usr/share/ghostscan/" + domain + "_" + port + "/"
  275.   os.system('mkdir -p ' + save_dir + ' 2>/dev/null')
  276.   atexit.register(exit_handler)
  277.  
  278.  
  279.   # FILE INIT
  280.   urls_file = "/tmp/" + domain + "_" + port + "-urls.txt"
  281.   urls_saved_file = save_dir + domain + "_" + port + "-urls.txt"
  282.   forms_saved_file = save_dir + domain + "_" + port + "-forms.txt"
  283.   subdomain_file = save_dir + domain + "_" + port + "-subdomains.txt"
  284.   emails_file = save_dir + domain + "_" + port + "-emails.txt"
  285.   phones_file = save_dir + domain + "_" + port + "-phones.txt"
  286.   urls = open(urls_file,"w+")
  287.   urls.close()
  288.   urls_saved = open(urls_saved_file,"w+")
  289.   urls_saved.close()
  290.   forms_saved = open(forms_saved_file,"w+")
  291.   forms_saved.close()
  292.   subdomains = open(subdomain_file,"w+")
  293.   subdomains.close()
  294.   emails = open(emails_file,"w+")
  295.   emails.close()
  296.   phones = open(phones_file,"w+")
  297.   phones.close()
  298.  
  299.  
  300.   try:
  301.     readlinks(url)
  302.   except Exception as ex:
  303.     print(ex)
  304.  
  305.   while (int(level) <= int(max_depth)):
  306.     level = level+1
  307.     if (int(level) <= int(max_depth)):
  308.       try:
  309.         readfile()
  310.       except Exception as ex:
  311.         print(ex)
  312.     else:
  313.       break
  314. ~
  315. ~
  316. ~
  317. ~
  318. ~
  319. ~
RAW Paste Data