Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Uses Python3
- import subprocess
- import sys
- import os
- import readline
- import mmap
- import os.path
- import requests
- import socket
- import errno
- from socket import error as socket_error
- import ipaddress
- try:
- def httpsScan(ip, port):
- print("\n***********************************************\033[1;33;40mHTTPS SCAN\033[m************************************************\n")
- sslscan = "sslscan "+ip+":"+port+" >> /root/Desktop/MyScripts/Reports/"+ip+"/-SSL-HTTPS-Scan-.txt"
- os.system(sslscan)
- heartbleed = "nmap --script=ssl-heartbleed -p 443 "+ip
- os.system(heartbleed)
- def httpScan(ip, port):
- print("\n***********************************************\033[1;33;40mHTTP SCAN\033[m************************************************\n")
- httpscan = "nmap -sV -Pn -T5 -p "+port+" --script=http-vhosts,http-userdir-enum,http-apache-negotiation,http-backup-finder,http-config-backup,http-default-accounts,http-methods,http-method-tamper,http-passwd,http-robots.txt,http-devframework,http-enum,http-frontpage-login,http-git,http-iis-webdav-vuln,http-php-version,http-robots.txt,http-shellshock,http-vuln-cve2015-1635 -oN /root/Desktop/MyScripts/Reports/"+ip+"/-nmap-HTTP-Scan-.txt "+ip
- os.system(httpscan)
- def smbEnum(ip):
- print("\n***********************************************\033[1;33;40mSMB ENUM\033[m************************************************\n")
- enum4linux = "enum4linux -a "+ip+" > /root/Desktop/MyScripts/Reports/"+ip+"/-enum4linux-smbENUM-Scan-.txt"
- os.system(enum4linux)
- def smbScan(ip):
- print("\n***********************************************\033[1;33;40mSMB SCAN\033[m************************************************\n")
- smbnmap = "nmap --script=smb-enum-shares,smb-ls,smb-enum-users,smb-mbenum,smb-os-discovery,smb-security-mode,smb-vuln-cve2009-3103,smb-vuln-ms06-025,smb-vuln-ms07-029,smb-vuln-ms08-067,smb-vuln-ms10-054,smb-vuln-ms10-061,smb-vuln-regsvc-dos "+ip+" -oN /root/Desktop/MyScripts/Reports/"+ip+"/-nmap-smbSCAN-Scan-.txt "+ip
- os.system(smbnmap)
- def smtpScan(ip, port):
- print("\n***********************************************\033[1;33;40mSMTP SCAN\033[m************************************************\n")
- smtpscan = "nmap -sV -Pn -p "+port+" --script=smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 %s -oN /root/Desktop/MyScripts/Reports/"+ip+"/-nmap-SMTP-Scan-.txt "+ip
- os.system(smtpscan)
- def ftpScan(ip, port):
- print("\n***********************************************\033[1;33;40mFTP SCAN\033[m************************************************\n")
- ftpscan = "nmap -sV -Pn -p "+port+" --script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221 -oN /root/Desktop/MyScripts/Reports/"+ip+"/-nmap-FTP-Scan-.txt "+ip
- os.system(ftpscan)
- def sshScan(ip, port):
- print("\n***********************************************\033[1;33;40mSSH SCAN\033[m************************************************\n")
- sshscan = "nmap -sV -Pn -p "+port+" --script=ssh-auth-methods,ssh-hostkey,ssh-run,sshv1 -oN /root/Desktop/MyScripts/Reports/"+ip+"/-nmap-SSH-Scan-.txt "+ip
- os.system(sshscan)
- def mssqlScan(ip, port):
- print("\n***********************************************\033[1;33;40mMS-SQL SCAN\033[m************************************************\n")
- mssqlscan = "nmap -sV -Pn -p "+port+" --script=ms-sql-info,ms-sql-config,ms-sql-dump-hashes,mysql-empty-password,mysql-brute,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 --script-args=mssql.instance-port=1433,mssql.username=sa,mssql.password=sa -oN /root/Desktop/MyScripts/Reports/"+ip+"/-nmap-MSSQL-Scan-.txt "+ip
- os.system(mssqlscan)
- def niktoScan(ip, port):
- if port == "":
- print("\n***********************************************\033[1;33;40mNIKTO SCAN\033[m************************************************\n")
- niktocmd = "nikto -h http://"+ip+" -o /root/Desktop/MyScripts/Reports/"+ip+"/-nikto-Scan-.txt"
- os.system(niktocmd)
- else:
- print("\n***********************************************\033[1;33;40mNIKTO SCAN\033[m************************************************\n")
- niktocmd = "nikto -h http://"+ip+":"+port+" -o /root/Desktop/MyScripts/Reports/"+ip+"/-nikto-Scan-.txt"
- os.system(niktocmd)
- def dirbScan(ip, port):
- check = "/root/Desktop/MyScripts/Reports/"+ip+"/-dirb-Scan-.txt"
- os.path.exists(check)
- if os.path.exists(check):
- print("\n***********************************************\033[1;33;40mDIRB SCAN\033[m************************************************\n")
- dirbcmd = "dirb http://"+ip+" -o ~/Desktop/MyScripts/Reports/"+ip+"/-dirb-Scan-1.txt"
- dirb = os.system(dirbcmd)
- elif port == "":
- print("\n***********************************************\033[1;33;40mDIRB SCAN\033[m************************************************\n")
- dirbcmd = "dirb http://"+ip+" -o ~/Desktop/MyScripts/Reports/"+ip+"/-dirb-Scan-.txt"
- dirb = os.system(dirbcmd)
- else:
- print("\n***********************************************\033[1;33;40mDIRB SCAN\033[m************************************************\n")
- dirbcmd = "dirb http://"+ip+":"+port+" -o ~/Desktop/MyScripts/Reports/"+ip+"/-dirb-Scan-.txt"
- dirb = os.system(dirbcmd)
- def nmapScan(ip, port):
- print("\n***********************************************\033[1;33;40mNMAP SCAN\033[m************************************************\n")
- nmapcmd = "nmap -sV -O -oN ~/Desktop/MyScripts/Reports/"+ ip+"/-nmap-Scan.txt "+ip
- nmapscan = os.system(nmapcmd)
- filename = "/root/Desktop/MyScripts/Reports/"+ ip+"/-nmap-Scan.txt"
- try:
- with open(filename, 'rb', 0) as file, \
- mmap.mmap(file.fileno(), 0, access=mmap.ACCESS_READ) as s:
- if s.find(b'IIS') != -1:
- iis(ip, port)
- elif s.find(b'All 1000 scanned ports') & s.find(b'are closed') != -1:
- print("\n***********************************************\033[1;33;40mNMAP ALL PORT SCAN\033[m************************************************\n")
- nmapcmd1 = "nmap -v -A -sV -sS -O -p 1-65535 -oN ~/Desktop/MyScripts/Reports/"+ ip+"/-nmap-AllPORT-Scan.txt "+ip
- nmapscan1 = os.system(nmapcmd1)
- except:
- print ("\n\033[1;31;40mEmpty nmap File\033[m")
- def iis(ip, port):
- if port == "":
- print("\n***********************************************\033[1;33;40mIIS-DIRB SCAN************************************************\n")
- dirbcmd1 = "dirb http://"+ip+" -X .cs,.dll,.config,.cshtml,.asp,.net,.asax,.aspx,.ascx,.ashx,.asmx,.axd,.asp -o /Reports/"+ip+"/-dirb-Scan-.txt"
- os.system(str(dirbcmd1))
- else:
- print("\n***********************************************\033[1;33;40mIIS-DIRB SCAN************************************************\n")
- dirbcmd1 = "dirb http://"+ip+":"+port+" -X .cs,.dll,.config,.cshtml,.asp,.net,.asax,.aspx,.ascx,.ashx,.asmx,.axd,.asp -o /Reports/"+ip+"/-dirb-Scan-.txt"
- os.system(str(dirbcmd1))
- return
- def call(ip):
- #Check status code
- http = "http://" + ip
- result1 = requests.head(http)
- print("\n\033[1;33;40m----Web page accessible----\033[m\n")
- def services(ip):
- nmappath = "/root/Desktop/MyScripts/Reports/"+ ip+"/-nmap-Scan.txt"
- file1 = open(nmappath, "r")
- serv_dict = {}
- for line in file1.readlines():
- ports = []
- line = line.strip()
- if ("tcp" in line) and ("open" in line) and not ("Discovered" in line):
- while " " in line:
- line = line.replace(" ", " ");
- linesplit= line.split(" ")
- service = linesplit[2]
- port = line.split(" ")[0]
- if service in serv_dict:
- ports = serv_dict[service]
- ports.append(port)
- serv_dict[service] = ports
- for serv in serv_dict:
- ports = serv_dict[serv]
- if "http" in serv:
- for port in ports:
- port = port.split("/")[0]
- #httpScan(ip, port)
- elif "ssl/http" in serv:
- for port in ports:
- port = port.split("/")[0]
- httpsScan(ip, port)
- elif "ssh" in serv:
- for port in ports:
- port = port.split("/")[0]
- sshScan(ip, port)
- elif "ftp" in serv:
- for port in ports:
- port = port.split("/")[0]
- ftpScan(ip, port)
- elif ("microsoft-ds" in serv) or ("netbios-ssn" == serv):
- for port in ports:
- port = port.split("/")[0]
- smbEnum(ip)
- smbScan(ip)
- elif "ms-sql" in serv:
- for port in ports:
- port = port.split("/")[0]
- mssqlScan(ip, port)
- elif "smtp" in serv:
- for port in ports:
- port = port.split("/")[0]
- smtpScan(ip, port)
- return
- def banner():
- print ("\n\n################################################################")
- print ("\n\n\n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
- print ("######## ########")
- print ("######## Enumeration Script ########")
- print ("######## ########")
- print ("######## NMAP, Dirb, NIkto ########")
- print ("######## ########")
- print ("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n\n\n")
- print ("################################################################\n\n\n")
- def main():
- #Take input and check validity
- ip = input("\n\nEnter IP:")
- if '.' not in ip:
- print("IP address is invalid.")
- sys.exit()
- try:
- socket.inet_aton(ip)
- except socket.error:
- print ("IP address is invalid.")
- sys.exit()
- #Create Directory to store reports of all scans
- try:
- directory = "/root/Desktop/MyScripts/Reports/"+ip
- directory1 = "/root/Desktop/MyScripts"
- directory2 = "/root/Desktop/MyScripts/Reports"
- if not os.path.exists(directory):
- print(subprocess.check_output(["mkdir", directory]))
- elif not os.path.exists(directory1):
- print(subprocess.check_output(["mkdir", directory1]))
- elif not os.path.exists(directory2):
- print(subprocess.check_output(["mkdir", directory2]))
- except OSError:
- print ('\033[mError:\033[m Creating directory. ' + directory)
- try:
- port = ""
- call(ip)
- banner()
- nmapScan(ip, port)
- services(ip)
- dirbScan(ip, port)
- niktoScan(ip, port)
- except socket_error as serr:
- banner()
- nmapScan(ip, port)
- print("\n\033[1;31;40mERROR:\033[m Couldn't access webpage \n")
- DandNport = input("If the web page is running on a different port, please enter that port for using dirb and nikto \n\033[1;32;40m---(Refer to the above nmap Scan for help)\033[m \033[1;32;40m[If no such port is found, press ENTER]--- \033[m : ")
- print("\n")
- services(ip)
- dirbScan(ip, DandNport)
- niktoScan(ip, DandNport)
- except KeyboardInterrupt:
- print("\n\033[1;31;40mOops\03[m")
- sys.exit(0)
- if __name__ == "__main__":
- try:
- main()
- except KeyboardInterrupt:
- print("\n\n\033[1;31;40mOops\033[m\n")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement