MailSpid3r

1. #!/usr/bin/env python
2.  
3. import string
4. import httplib
5. import sys
6. import os
7. from socket import *
8. import re
9. import getopt
10.  
11. try:
12.     import requests
13. except:
14.     print "Request library not found, please install it before proceeding\n"
15.     sys.exit()
16.  
17. from discovery import *
18. from lib import htmlExport
19. from lib import hostchecker
20.  
21.  
22. print "\n*******************************************************************"
23. print "*                                                                 *"
24. print "*\033[1;32;40m +-+-+-+-+ | +-+-+-+-+-+-+                                       *"
25. print "*\033[1;32;40m |M|a|i|l|   S|p|i|d|3|r |                                       *"
26. print "*\033[1;32;40m +-+-+-+-+ | +-+-+-+-+-+-+                                       *"
27. print "*\033[1;32;40m                                                                 *"
28. print "*\033[1;32;40m MailSpid3r Ver. 1.0.1b (beta version)                           *"
29. print "*\033[1;32;40m Coded by Srabon Khan                                            *"
30. print "*\033[1;32;40m [email protected]                                          *"
31. print "*\033[1;32;40m GitHub: https://github.com/ImSrabon                             *"
32. print "*\033[1;32;40m******************************************************************\n\n"
33.  
34.  
35. def usage():
36.  
37.     comm = os.path.basename(sys.argv[0])
38.  
39.     if os.path.dirname(sys.argv[0]) == os.getcwd():
40.         comm = "./" + comm
41.  
42.     print "Usage: MailSpid3r options \n"
43.     print "       -d: Domain to search or company name"
44.     print """       -b: data source: baidu,bing,google,linkedin,twitter,yahoo\n"""
45.  
46.                        
47.     print "       -s: Start in result number X (default: 0)"
48.     print "       -f: Save the results into an HTML and XML file (both)"
49.     print "       -l: Limit the number of results to work with(bing goes from 50 to 50 results)"
50.     print "\nExamples:"
51.     print "        " + comm + " -d microsoft.com -l 500 -b google -h myresults.html"
52.     print "        " + comm + " -d microsoft.com -b bing "
53.     print "        " + comm + " -d apple.com -b yahoo -l 500 -s 300\n"
54.  
55.  
56. def start(argv):
57.     if len(sys.argv) < 4:
58.         usage()
59.         sys.exit()
60.     try:
61.         opts, args = getopt.getopt(argv, "l:d:b:s:vf:nhcte:")
62.     except getopt.GetoptError:
63.         usage()
64.         sys.exit()
65.     start = 0
66.     host_ip = []
67.     filename = ""
68.     bingapi = "yes"
69.     dnslookup = False
70.     dnsbrute = False
71.     dnstld = False
72.     shodan = False
73.     vhost = []
74.     virtual = False
75.     limit = 100
76.     dnsserver = ""
77.     for opt, arg in opts:
78.         if opt == '-l':
79.             limit = int(arg)
80.         elif opt == '-d':
81.             word = arg
82.         elif opt == '-s':
83.             start = int(arg)
84.         elif opt == '-v':
85.             virtual = "basic"
86.         elif opt == '-f':
87.             filename = arg
88.         elif opt == '-n':
89.             dnslookup = True
90.         elif opt == '-c':
91.             dnsbrute = True
92.         elif opt == '-h':
93.             shodan = True
94.         elif opt == '-e':
95.             dnsserver = arg
96.         elif opt == '-t':
97.             dnstld = True
98.         elif opt == '-b':
99.             engine = arg
100.             if engine not in ("baidu", "bing", "crtsh","bingapi","dogpile", "google", "googleCSE","virustotal", "googleplus", "google-profiles","linkedin", "pgp", "twitter", "vhost", "yahoo","netcraft","all"):
101.                 usage()
102.                 print "Invalid search engine, try with: baidu,bing,google,linkedin,twitter,yahoo,"
103.                 sys.exit()
104.             else:
105.                 pass
106.     if engine == "google":
107.         print "[-] Searching in Google:"
108.         search = googlesearch.search_google(word, limit, start)
109.         search.process()
110.         all_emails = search.get_emails()
111.         all_hosts = search.get_hostnames()
112.    
113.     elif engine == "bing" or engine == "bingapi":
114.         print "[-] Searching in Bing:"
115.         search = bingsearch.search_bing(word, limit, start)
116.         if engine == "bingapi":
117.             bingapi = "yes"
118.         else:
119.             bingapi = "no"
120.         search.process(bingapi)
121.         all_emails = search.get_emails()
122.         all_hosts = search.get_hostnames()
123.  
124.     elif engine == "yahoo":
125.         print "[-] Searching in Yahoo.."
126.         search = yahoosearch.search_yahoo(word, limit)
127.         search.process()
128.         all_emails = search.get_emails()
129.         all_hosts = search.get_hostnames()
130.  
131.     elif engine == "baidu":
132.         print "[-] Searching in Baidu.."
133.         search = baidusearch.search_baidu(word, limit)
134.         search.process()
135.         all_emails = search.get_emails()
136.         all_hosts = search.get_hostnames()
137.  
138.     elif engine == "twitter":
139.         print "[-] Searching in Twitter .."
140.         search = twittersearch.search_twitter(word, limit)
141.         search.process()
142.         people = search.get_people()
143.         print "Users from Twitter:"
144.         print "-------------------"
145.         for user in people:
146.             print user
147.         sys.exit()
148.  
149.     elif engine == "linkedin":
150.         print "[-] Searching in Linkedin.."
151.         search = linkedinsearch.search_linkedin(word, limit)
152.         search.process()
153.         people = search.get_people()
154.         print "Users from Linkedin:"
155.         print "-------------------"
156.         for user in people:
157.             print user
158.         sys.exit()
159.  
160.     elif engine == "all":
161.         print "Full harvest.."
162.         all_emails = []
163.         all_hosts = []
164.         virtual = "basic"
165.        
166.         print "[-] Searching in Google.."
167.         search = googlesearch.search_google(word, limit, start)
168.         search.process()
169.         emails = search.get_emails()
170.         hosts = search.get_hostnames()
171.         all_emails.extend(emails)
172.         all_hosts.extend(hosts)
173.        
174.         print "[-] Searching in Bing.."
175.         bingapi = "no"
176.         search = bingsearch.search_bing(word, limit, start)
177.         search.process(bingapi)
178.         emails = search.get_emails()
179.         hosts = search.get_hostnames()
180.         all_hosts.extend(hosts)
181.         all_emails.extend(emails)
182.  
183.         #Clean up email list, sort and uniq
184.         all_emails=sorted(set(all_emails))
185.     #Results############################################################
186.     print "\n\n[+] Emails found:"
187.     print "------------------"
188.     if all_emails == []:
189.         print "No emails found"
190.     else:
191.         print "\n".join(all_emails)
192.  
193.     print "\n[+] Hosts found in search engines:"
194.     print "------------------------------------"
195.     if all_hosts == []:
196.         print "No hosts found"
197.     else:
198.         all_hosts=sorted(set(all_hosts))
199.         print "[-] Resolving hostnames IPs... "
200.         full_host = hostchecker.Checker(all_hosts)
201.         full = full_host.check()
202.         for host in full:
203.             ip = host.split(':')[0]
204.             print host
205.             if host_ip.count(ip.lower()):
206.                 pass
207.             else:
208.                 host_ip.append(ip.lower())
209.  
210.     #DNS reverse lookup#################################################
211.     dnsrev = []
212.     if dnslookup == True:
213.         print "\n[+] Starting active queries:"
214.         analyzed_ranges = []
215.         for x in full:
216.             ip = x.split(":")[0]
217.             range = ip.split(".")
218.             range[3] = "0/24"
219.             range = string.join(range, '.')
220.             if not analyzed_ranges.count(range):
221.                 print "[-]Performing reverse lookup in :" + range
222.                 a = dnssearch.dns_reverse(range, True)
223.                 a.list()
224.                 res = a.process()
225.                 analyzed_ranges.append(range)
226.             else:
227.                 continue
228.             for x in res:
229.                 if x.count(word):
230.                     dnsrev.append(x)
231.                     if x not in full:
232.                         full.append(x)
233.         print "Hosts found after reverse lookup:"
234.         print "---------------------------------"
235.         for xh in dnsrev:
236.             print xh
237.     #DNS Brute force####################################################
238.     dnsres = []
239.     if dnsbrute == True:
240.         print "\n[-] Starting DNS brute force:"
241.         a = dnssearch.dns_force(word, dnsserver, verbose=True)
242.         res = a.process()
243.         print "\n[+] Hosts found after DNS brute force:\n"
244.         print "---------------------------------------"
245.         for y in res:
246.             print y
247.             dnsres.append(y)
248.             if y not in full:
249.                 full.append(y)
250.     #DNS TLD expansion###################################################
251.     dnstldres = []
252.     if dnstld == True:
253.         print "[-] Starting DNS TLD expansion:"
254.         a = dnssearch.dns_tld(word, dnsserver, verbose=True)
255.         res = a.process()
256.         print "\n[+] Hosts found after DNS TLD expansion:"
257.         print "------------------------------------------"
258.         for y in res:
259.             print y
260.             dnstldres.append(y)
261.             if y not in full:
262.                 full.append(y)
263.  
264.     #Virtual hosts search###############################################
265.     if virtual == "basic":
266.         print "[+] Virtual hosts:"
267.         print "-----------------"
268.         for l in host_ip:
269.             search = bingsearch.search_bing(l, limit, start)
270.             search.process_vhost()
271.             res = search.get_allhostnames()
272.             for x in res:
273.                 x = re.sub(r'[[\<\/?]*[\w]*>]*','',x)
274.                 x = re.sub('<','',x)
275.                 x = re.sub('>','',x)
276.                 print l + "\t" + x
277.                 vhost.append(l + ":" + x)
278.                 full.append(l + ":" + x)
279.         vhost=sorted(set(vhost))
280.     else:
281.         pass
282.     shodanres = []
283.     shodanvisited = []
284.     if shodan == True:
285.         print "[+] Shodan Database search:"
286.         for x in full:
287.             print x
288.             try:
289.                 ip = x.split(":")[0]
290.                 if not shodanvisited.count(ip):
291.                     print "\tSearching for: " + x
292.                     a = shodansearch.search_shodan(ip)
293.                     shodanvisited.append(ip)
294.                     results = a.run()
295.                     for res in results:
296.                         shodanres.append(
297.                             x + "SAPO" + str(res['banner']) + "SAPO" + str(res['port']))
298.             except:
299.                 pass
300.         print "[+] Shodan results:"
301.         print "------------------"
302.         for x in shodanres:
303.             print x.split("SAPO")[0] + ":" + x.split("SAPO")[1]
304.     else:
305.         pass
306.  
307.     ###################################################################
308.     # Here i need to add explosion mode.
309.     # Tengo que sacar los TLD para hacer esto.
310.     recursion = None
311.     if recursion:
312.         start = 0
313.         for word in vhost:
314.             search = googlesearch.search_google(word, limit, start)
315.             search.process()
316.             emails = search.get_emails()
317.             hosts = search.get_hostnames()
318.             print emails
319.             print hosts
320.     else:
321.         pass
322.  
323.     #Reporting#######################################################
324.     if filename != "":
325.         try:
326.             print "[+] Saving files..."
327.             html = htmlExport.htmlExport(
328.                 all_emails,
329.                 full,
330.                 vhost,
331.                 dnsres,
332.                 dnsrev,
333.                 filename,
334.                 word,
335.                 shodanres,
336.                 dnstldres)
337.             save = html.writehtml()
338.         except Exception as e:
339.             print e
340.             print "Error creating the file"
341.         try:
342.             filename = filename.split(".")[0] + ".xml"
343.             file = open(filename, 'w')
344.             file.write('<?xml version="1.0" encoding="UTF-8"?><MailSpid3r>')
345.             for x in all_emails:
346.                 file.write('<email>' + x + '</email>')
347.  
348.             for x in full:
349.                 x = x.split(":")
350.                 if len(x) == 2:
351.                     file.write('<host>' + '<ip>' + x[0] + '</ip><hostname>' + x[1]  + '</hostname>' + '</host>')
352.                 else:
353.                     file.write('<host>' + x + '</host>')
354.             for x in vhost:
355.                 x = x.split(":")
356.                 if len(x) == 2:
357.                     file.write('<vhost>' + '<ip>' + x[0] + '</ip><hostname>' + x[1]  + '</hostname>' + '</vhost>')
358.                 else:
359.                     file.write('<vhost>' + x + '</vhost>')
360.  
361.             if shodanres != []:
362.                 shodanalysis = []
363.                 for x in shodanres:
364.                     res = x.split("SAPO")
365.                     # print " res[0] " + res[0] # ip/host
366.                     # print " res[1] " + res[1] # banner/info
367.                     # print " res[2] " + res[2] # port
368.                     file.write('<shodan>')
369.                     #page.h3(res[0])
370.                     file.write('<host>' + res[0] + '</host>')
371.                     #page.a("Port :" + res[2])
372.                     file.write('<port>' + res[2] + '</port>')
373.                     #page.pre(res[1])
374.                     file.write('<banner><!--' + res[1] + '--></banner>')
375.                    
376.                    
377.                     reg_server = re.compile('Server:.*')
378.                     temp = reg_server.findall(res[1])
379.                     if temp != []:
380.                         shodanalysis.append(res[0] + ":" + temp[0])
381.                    
382.                     file.write('</shodan>')
383.                 if shodanalysis != []:
384.                     shodanalysis=sorted(set(shodanalysis))
385.                     file.write('<servers>')
386.                     for x in shodanalysis:
387.                         #page.pre(x)
388.                         file.write('<server>' + x + '</server>')
389.                     file.write('</servers>')
390.                    
391.  
392.             file.write('</MailSpid3r>')
393.             file.flush()
394.             file.close()
395.             print "Files saved!"
396.         except Exception as er:
397.             print "Error saving XML file: " + er
398.         sys.exit()
399.  
400. if __name__ == "__main__":
401.     try:
402.         start(sys.argv[1:])
403.     except KeyboardInterrupt:
404.         print "Search interrupted by user.."
405.     except:
406.         sys.exit()