API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 21st, 2018
147
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.77 KB | None | 0 0
raw download clone embed print report
  1. #Uses Python3
  2. import subprocess
  3. import sys
  4. import os
  5. import readline
  6. import mmap
  7. import os.path
  8. import requests
  9. import socket
  10. import errno
  11. from socket import error as socket_error
  12. import ipaddress
  13.  
  14.  
  15. try:
  16. def httpsScan(ip, port):
  17. print("\n***********************************************\033[1;33;40mHTTPS SCAN\033[m************************************************\n")
  18. sslscan = "sslscan "+ip+":"+port+" >> /root/Desktop/MyScripts/Reports/"+ip+"/-SSL-HTTPS-Scan-.txt"
  19. os.system(sslscan)
  20. heartbleed = "nmap --script=ssl-heartbleed -p 443 "+ip
  21. os.system(heartbleed)
  22.  
  23.  
  24.  
  25. def httpScan(ip, port):
  26. print("\n***********************************************\033[1;33;40mHTTP SCAN\033[m************************************************\n")
  27. httpscan = "nmap -sV -Pn -T5 -p "+port+" --script=http-vhosts,http-userdir-enum,http-apache-negotiation,http-backup-finder,http-config-backup,http-default-accounts,http-methods,http-method-tamper,http-passwd,http-robots.txt,http-devframework,http-enum,http-frontpage-login,http-git,http-iis-webdav-vuln,http-php-version,http-robots.txt,http-shellshock,http-vuln-cve2015-1635 -oN /root/Desktop/MyScripts/Reports/"+ip+"/-nmap-HTTP-Scan-.txt "+ip
  28. os.system(httpscan)
  29.  
  30.  
  31.  
  32. def smbEnum(ip):
  33. print("\n***********************************************\033[1;33;40mSMB ENUM\033[m************************************************\n")
  34. enum4linux = "enum4linux -a "+ip+" > /root/Desktop/MyScripts/Reports/"+ip+"/-enum4linux-smbENUM-Scan-.txt"
  35. os.system(enum4linux)
  36.  
  37.  
  38.  
  39. def smbScan(ip):
  40. print("\n***********************************************\033[1;33;40mSMB SCAN\033[m************************************************\n")
  41. smbnmap = "nmap --script=smb-enum-shares,smb-ls,smb-enum-users,smb-mbenum,smb-os-discovery,smb-security-mode,smb-vuln-cve2009-3103,smb-vuln-ms06-025,smb-vuln-ms07-029,smb-vuln-ms08-067,smb-vuln-ms10-054,smb-vuln-ms10-061,smb-vuln-regsvc-dos "+ip+" -oN /root/Desktop/MyScripts/Reports/"+ip+"/-nmap-smbSCAN-Scan-.txt "+ip
  42. os.system(smbnmap)
  43.  
  44.  
  45. def smtpScan(ip, port):
  46. print("\n***********************************************\033[1;33;40mSMTP SCAN\033[m************************************************\n")
  47. smtpscan = "nmap -sV -Pn -p "+port+" --script=smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 %s -oN /root/Desktop/MyScripts/Reports/"+ip+"/-nmap-SMTP-Scan-.txt "+ip
  48. os.system(smtpscan)
  49.  
  50.  
  51. def ftpScan(ip, port):
  52. print("\n***********************************************\033[1;33;40mFTP SCAN\033[m************************************************\n")
  53. ftpscan = "nmap -sV -Pn -p "+port+" --script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221 -oN /root/Desktop/MyScripts/Reports/"+ip+"/-nmap-FTP-Scan-.txt "+ip
  54. os.system(ftpscan)
  55.  
  56.  
  57. def sshScan(ip, port):
  58. print("\n***********************************************\033[1;33;40mSSH SCAN\033[m************************************************\n")
  59. sshscan = "nmap -sV -Pn -p "+port+" --script=ssh-auth-methods,ssh-hostkey,ssh-run,sshv1 -oN /root/Desktop/MyScripts/Reports/"+ip+"/-nmap-SSH-Scan-.txt "+ip
  60. os.system(sshscan)
  61.  
  62.  
  63. def mssqlScan(ip, port):
  64. print("\n***********************************************\033[1;33;40mMS-SQL SCAN\033[m************************************************\n")
  65. mssqlscan = "nmap -sV -Pn -p "+port+" --script=ms-sql-info,ms-sql-config,ms-sql-dump-hashes,mysql-empty-password,mysql-brute,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 --script-args=mssql.instance-port=1433,mssql.username=sa,mssql.password=sa -oN /root/Desktop/MyScripts/Reports/"+ip+"/-nmap-MSSQL-Scan-.txt "+ip
  66. os.system(mssqlscan)
  67.  
  68.  
  69. def niktoScan(ip, port):
  70. if port == "":
  71. print("\n***********************************************\033[1;33;40mNIKTO SCAN\033[m************************************************\n")
  72. niktocmd = "nikto -h http://"+ip+" -o /root/Desktop/MyScripts/Reports/"+ip+"/-nikto-Scan-.txt"
  73. os.system(niktocmd)
  74.  
  75. else:
  76. print("\n***********************************************\033[1;33;40mNIKTO SCAN\033[m************************************************\n")
  77. niktocmd = "nikto -h http://"+ip+":"+port+" -o /root/Desktop/MyScripts/Reports/"+ip+"/-nikto-Scan-.txt"
  78. os.system(niktocmd)
  79.  
  80.  
  81. def dirbScan(ip, port):
  82. check = "/root/Desktop/MyScripts/Reports/"+ip+"/-dirb-Scan-.txt"
  83. os.path.exists(check)
  84. if os.path.exists(check):
  85. print("\n***********************************************\033[1;33;40mDIRB SCAN\033[m************************************************\n")
  86. dirbcmd = "dirb http://"+ip+" -o ~/Desktop/MyScripts/Reports/"+ip+"/-dirb-Scan-1.txt"
  87. dirb = os.system(dirbcmd)
  88.  
  89. elif port == "":
  90. print("\n***********************************************\033[1;33;40mDIRB SCAN\033[m************************************************\n")
  91. dirbcmd = "dirb http://"+ip+" -o ~/Desktop/MyScripts/Reports/"+ip+"/-dirb-Scan-.txt"
  92. dirb = os.system(dirbcmd)
  93.  
  94. else:
  95. print("\n***********************************************\033[1;33;40mDIRB SCAN\033[m************************************************\n")
  96. dirbcmd = "dirb http://"+ip+":"+port+" -o ~/Desktop/MyScripts/Reports/"+ip+"/-dirb-Scan-.txt"
  97. dirb = os.system(dirbcmd)
  98.  
  99.  
  100.  
  101.  
  102. def nmapScan(ip, port):
  103. print("\n***********************************************\033[1;33;40mNMAP SCAN\033[m************************************************\n")
  104. nmapcmd = "nmap -sV -O -oN ~/Desktop/MyScripts/Reports/"+ ip+"/-nmap-Scan.txt "+ip
  105. nmapscan = os.system(nmapcmd)
  106.  
  107. filename = "/root/Desktop/MyScripts/Reports/"+ ip+"/-nmap-Scan.txt"
  108.  
  109. try:
  110. with open(filename, 'rb', 0) as file, \
  111. mmap.mmap(file.fileno(), 0, access=mmap.ACCESS_READ) as s:
  112. if s.find(b'IIS') != -1:
  113. iis(ip, port)
  114. elif s.find(b'All 1000 scanned ports') & s.find(b'are closed') != -1:
  115. print("\n***********************************************\033[1;33;40mNMAP ALL PORT SCAN\033[m************************************************\n")
  116. nmapcmd1 = "nmap -v -A -sV -sS -O -p 1-65535 -oN ~/Desktop/MyScripts/Reports/"+ ip+"/-nmap-AllPORT-Scan.txt "+ip
  117. nmapscan1 = os.system(nmapcmd1)
  118. except:
  119. print ("\n\033[1;31;40mEmpty nmap File\033[m")
  120.  
  121.  
  122. def iis(ip, port):
  123.  
  124. if port == "":
  125. print("\n***********************************************\033[1;33;40mIIS-DIRB SCAN************************************************\n")
  126. dirbcmd1 = "dirb http://"+ip+" -X .cs,.dll,.config,.cshtml,.asp,.net,.asax,.aspx,.ascx,.ashx,.asmx,.axd,.asp -o /Reports/"+ip+"/-dirb-Scan-.txt"
  127. os.system(str(dirbcmd1))
  128. else:
  129. print("\n***********************************************\033[1;33;40mIIS-DIRB SCAN************************************************\n")
  130. dirbcmd1 = "dirb http://"+ip+":"+port+" -X .cs,.dll,.config,.cshtml,.asp,.net,.asax,.aspx,.ascx,.ashx,.asmx,.axd,.asp -o /Reports/"+ip+"/-dirb-Scan-.txt"
  131. os.system(str(dirbcmd1))
  132.  
  133. return
  134.  
  135.  
  136.  
  137. def call(ip):
  138. #Check status code
  139. http = "http://" + ip
  140. result1 = requests.head(http)
  141. print("\n\033[1;33;40m----Web page accessible----\033[m\n")
  142.  
  143. def services(ip):
  144. nmappath = "/root/Desktop/MyScripts/Reports/"+ ip+"/-nmap-Scan.txt"
  145. file1 = open(nmappath, "r")
  146.  
  147. serv_dict = {}
  148. for line in file1.readlines():
  149. ports = []
  150. line = line.strip()
  151. if ("tcp" in line) and ("open" in line) and not ("Discovered" in line):
  152.  
  153. while " " in line:
  154. line = line.replace(" ", " ");
  155. linesplit= line.split(" ")
  156. service = linesplit[2]
  157. port = line.split(" ")[0]
  158.  
  159. if service in serv_dict:
  160. ports = serv_dict[service]
  161. ports.append(port)
  162.  
  163. serv_dict[service] = ports
  164.  
  165. for serv in serv_dict:
  166.  
  167. ports = serv_dict[serv]
  168. if "http" in serv:
  169. for port in ports:
  170. port = port.split("/")[0]
  171. #httpScan(ip, port)
  172.  
  173.  
  174. elif "ssl/http" in serv:
  175. for port in ports:
  176. port = port.split("/")[0]
  177. httpsScan(ip, port)
  178.  
  179. elif "ssh" in serv:
  180. for port in ports:
  181. port = port.split("/")[0]
  182. sshScan(ip, port)
  183.  
  184. elif "ftp" in serv:
  185. for port in ports:
  186. port = port.split("/")[0]
  187. ftpScan(ip, port)
  188.  
  189. elif ("microsoft-ds" in serv) or ("netbios-ssn" == serv):
  190. for port in ports:
  191. port = port.split("/")[0]
  192. smbEnum(ip)
  193. smbScan(ip)
  194.  
  195. elif "ms-sql" in serv:
  196. for port in ports:
  197. port = port.split("/")[0]
  198. mssqlScan(ip, port)
  199.  
  200. elif "smtp" in serv:
  201. for port in ports:
  202. port = port.split("/")[0]
  203. smtpScan(ip, port)
  204.  
  205. return
  206.  
  207. def banner():
  208. print ("\n\n################################################################")
  209. print ("\n\n\n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
  210. print ("######## ########")
  211. print ("######## Enumeration Script ########")
  212. print ("######## ########")
  213. print ("######## NMAP, Dirb, NIkto ########")
  214. print ("######## ########")
  215. print ("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n\n\n")
  216. print ("################################################################\n\n\n")
  217.  
  218.  
  219.  
  220. def main():
  221. #Take input and check validity
  222. ip = input("\n\nEnter IP:")
  223. if '.' not in ip:
  224. print("IP address is invalid.")
  225. sys.exit()
  226.  
  227. try:
  228. socket.inet_aton(ip)
  229.  
  230. except socket.error:
  231. print ("IP address is invalid.")
  232. sys.exit()
  233.  
  234. #Create Directory to store reports of all scans
  235. try:
  236. directory = "/root/Desktop/MyScripts/Reports/"+ip
  237. directory1 = "/root/Desktop/MyScripts"
  238. directory2 = "/root/Desktop/MyScripts/Reports"
  239. if not os.path.exists(directory):
  240. print(subprocess.check_output(["mkdir", directory]))
  241. elif not os.path.exists(directory1):
  242. print(subprocess.check_output(["mkdir", directory1]))
  243. elif not os.path.exists(directory2):
  244. print(subprocess.check_output(["mkdir", directory2]))
  245.  
  246.  
  247. except OSError:
  248.  
  249. print ('\033[mError:\033[m Creating directory. ' + directory)
  250.  
  251.  
  252. try:
  253. port = ""
  254. call(ip)
  255. banner()
  256. nmapScan(ip, port)
  257. services(ip)
  258. dirbScan(ip, port)
  259. niktoScan(ip, port)
  260.  
  261. except socket_error as serr:
  262. banner()
  263. nmapScan(ip, port)
  264.  
  265. print("\n\033[1;31;40mERROR:\033[m Couldn't access webpage \n")
  266. DandNport = input("If the web page is running on a different port, please enter that port for using dirb and nikto \n\033[1;32;40m---(Refer to the above nmap Scan for help)\033[m \033[1;32;40m[If no such port is found, press ENTER]--- \033[m : ")
  267. print("\n")
  268.  
  269. services(ip)
  270. dirbScan(ip, DandNport)
  271. niktoScan(ip, DandNport)
  272.  
  273. except KeyboardInterrupt:
  274. print("\n\033[1;31;40mOops\03[m")
  275. sys.exit(0)
  276. if __name__ == "__main__":
  277. try:
  278. main()
  279. except KeyboardInterrupt:
  280. print("\n\n\033[1;31;40mOops\033[m\n")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!