2019-01-06 13:14:46 +08:00
|
|
|
#!/usr/bin/env python3
|
2011-05-04 23:07:06 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
import argparse
|
2019-01-01 07:14:12 +08:00
|
|
|
from discovery import *
|
|
|
|
|
from discovery.constants import *
|
|
|
|
|
from lib.core import *
|
|
|
|
|
from lib import hostchecker
|
|
|
|
|
from lib import htmlExport
|
2018-12-30 10:29:25 +08:00
|
|
|
from lib import reportgraph
|
|
|
|
|
from lib import statichtmlgenerator
|
2019-01-11 10:09:47 +08:00
|
|
|
import datetime
|
2019-01-13 05:49:05 +08:00
|
|
|
import ipaddress
|
2019-01-11 10:09:47 +08:00
|
|
|
import re
|
|
|
|
|
import stash
|
|
|
|
|
import time
|
2015-07-06 00:03:13 +08:00
|
|
|
|
|
|
|
|
try:
|
2018-12-27 15:43:32 +08:00
|
|
|
import bs4
|
2018-12-30 10:29:25 +08:00
|
|
|
except ImportError:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n\033[93m[!] BeautifulSoup library not found, please install before proceeding.\n\n \033[0m')
|
2018-12-27 15:53:12 +08:00
|
|
|
sys.exit(1)
|
2018-12-16 11:07:37 +08:00
|
|
|
|
2018-11-30 05:28:37 +08:00
|
|
|
try:
|
2018-12-27 15:43:32 +08:00
|
|
|
import requests
|
2018-12-30 10:29:25 +08:00
|
|
|
except ImportError:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n\033[93m[!] Requests library not found, please install before proceeding.\n\n \033[0m')
|
2018-12-27 15:53:12 +08:00
|
|
|
sys.exit(1)
|
2015-07-06 00:03:13 +08:00
|
|
|
|
2019-01-01 07:14:12 +08:00
|
|
|
Core.banner()
|
2011-05-04 23:07:06 +08:00
|
|
|
|
2018-12-30 10:29:25 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
def start():
|
|
|
|
|
parser = argparse.ArgumentParser(description='theHarvester is a open source intelligence gathering tool(OSINT) that is used for recon')
|
|
|
|
|
parser.add_argument('-d', '--domain', help='Company name or domain to search', required=True)
|
2019-01-17 07:47:43 +08:00
|
|
|
parser.add_argument('-t', '--dnstld', help='Perform a DNS TLD expansion discovery', default=True)
|
2019-01-14 10:11:23 +08:00
|
|
|
parser.add_argument('-l', '--limit', help='limit the number of search results', default=500)
|
2019-01-17 07:47:43 +08:00
|
|
|
parser.add_argument('-s', '--shodan', help='use Shodan to query discovered hosts', default=True)
|
|
|
|
|
parser.add_argument('-f', '--filename', help='save the results to an HTML and/or XML file')
|
|
|
|
|
parser.add_argument('-p', '--portscan', help='port scan the detected hosts and check for Takeovers (21,22,80,443,8080)', default=True)
|
2019-01-14 10:11:23 +08:00
|
|
|
parser.add_argument('-b', '--source', help='''source: baidu, bing, bingapi, censys, crtsh, cymon, dogpile,
|
|
|
|
|
google, googleCSE, google-certificates, google-profiles,
|
|
|
|
|
hunter, linkedin, netcraft, pgp, securityTrails, threatcrowd,
|
2019-01-17 07:47:43 +08:00
|
|
|
trello, twitter, vhost, virustotal, yahoo, all''', required=True)
|
2019-01-14 10:11:23 +08:00
|
|
|
|
|
|
|
|
args = parser.parse_args()
|
|
|
|
|
|
2018-03-23 06:32:50 +08:00
|
|
|
try:
|
2018-12-16 11:07:37 +08:00
|
|
|
db = stash.stash_manager()
|
2018-03-23 06:32:50 +08:00
|
|
|
db.do_init()
|
2019-01-14 10:11:23 +08:00
|
|
|
except Exception:
|
2018-03-23 06:32:50 +08:00
|
|
|
pass
|
2019-01-13 14:17:06 +08:00
|
|
|
|
2018-12-18 07:14:42 +08:00
|
|
|
all_emails = []
|
2019-01-13 14:17:06 +08:00
|
|
|
all_hosts = []
|
|
|
|
|
all_ip = []
|
|
|
|
|
bingapi = 'yes'
|
2014-12-17 07:25:12 +08:00
|
|
|
dnsbrute = False
|
2019-01-13 14:17:06 +08:00
|
|
|
dnslookup = False
|
|
|
|
|
dnsserver = ""
|
2019-01-17 07:47:43 +08:00
|
|
|
dnstld = args.dnstld
|
|
|
|
|
filename = args.filename
|
2019-01-13 14:17:06 +08:00
|
|
|
full = []
|
2018-10-27 03:42:47 +08:00
|
|
|
google_dorking = False
|
2019-01-13 14:17:06 +08:00
|
|
|
host_ip = []
|
2019-01-14 10:11:23 +08:00
|
|
|
limit = args.limit
|
2019-01-17 07:47:43 +08:00
|
|
|
ports_scanning = args.portscan
|
|
|
|
|
shodan = args.shodan
|
2019-01-13 14:17:06 +08:00
|
|
|
start = 0
|
|
|
|
|
takeover_check = False
|
2018-12-23 04:48:46 +08:00
|
|
|
trello_info = ([], False)
|
2019-01-13 14:17:06 +08:00
|
|
|
vhost = []
|
|
|
|
|
virtual = False
|
2019-01-14 10:11:23 +08:00
|
|
|
word = args.domain
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# elif opt == '-g':
|
|
|
|
|
# google_dorking = True
|
|
|
|
|
# elif opt == '-s':
|
|
|
|
|
# start = int(arg)
|
|
|
|
|
# elif opt == '-v':
|
|
|
|
|
# virtual = 'basic'
|
|
|
|
|
# elif opt == '-f':
|
|
|
|
|
# filename = arg
|
|
|
|
|
# elif opt == '-n':
|
|
|
|
|
# dnslookup = True
|
|
|
|
|
# elif opt == '-c':
|
|
|
|
|
# dnsbrute = True
|
|
|
|
|
# elif opt == '-h':
|
|
|
|
|
# shodan = True
|
|
|
|
|
# elif opt == '-e':
|
|
|
|
|
# dnsserver = arg
|
|
|
|
|
# elif opt == '-p':
|
|
|
|
|
# ports_scanning = True
|
|
|
|
|
# elif opt == '-t':
|
|
|
|
|
# dnstld = True
|
|
|
|
|
engines = set(args.source.split(','))
|
|
|
|
|
if set(engines).issubset(Core.get_supportedengines()):
|
|
|
|
|
print(f'\033[94m[*] Target domain: {word} \n \033[0m')
|
|
|
|
|
for engineitem in engines:
|
|
|
|
|
if engineitem == 'baidu':
|
|
|
|
|
print('\033[94m[*] Searching Baidu. \033[0m')
|
|
|
|
|
try:
|
|
|
|
|
search = baidusearch.SearchBaidu(word, limit)
|
|
|
|
|
search.process()
|
|
|
|
|
all_emails = filter(search.get_emails())
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
|
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'baidu')
|
|
|
|
|
db.store_all(word, all_emails, 'email', 'baidu')
|
|
|
|
|
except Exception:
|
|
|
|
|
pass
|
2019-01-13 14:17:06 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
elif engineitem == 'bing' or engineitem == 'bingapi':
|
|
|
|
|
print('\033[94m[*] Searching Bing. \033[0m')
|
|
|
|
|
try:
|
|
|
|
|
search = bingsearch.SearchBing(word, limit, start)
|
|
|
|
|
if engineitem == 'bingapi':
|
|
|
|
|
bingapi = 'yes'
|
|
|
|
|
else:
|
|
|
|
|
bingapi = 'no'
|
|
|
|
|
search.process(bingapi)
|
|
|
|
|
all_emails = filter(search.get_emails())
|
2018-12-24 08:54:56 +08:00
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-18 07:14:42 +08:00
|
|
|
all_hosts.extend(hosts)
|
2018-12-20 03:39:33 +08:00
|
|
|
db = stash.stash_manager()
|
2019-01-14 10:11:23 +08:00
|
|
|
db.store_all(word, all_hosts, 'email', 'bing')
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'bing')
|
|
|
|
|
except Exception as e:
|
|
|
|
|
if isinstance(e, MissingKey):
|
|
|
|
|
print(e)
|
2019-01-11 15:21:45 +08:00
|
|
|
else:
|
2019-01-14 10:11:23 +08:00
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
elif engineitem == 'censys':
|
|
|
|
|
print('\033[94m[*] Searching Censys. \033[0m')
|
|
|
|
|
from discovery import censys
|
|
|
|
|
# Import locally or won't work
|
|
|
|
|
search = censys.SearchCensys(word, limit)
|
|
|
|
|
search.process()
|
|
|
|
|
all_ip = search.get_ipaddresses()
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
|
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'censys')
|
|
|
|
|
db.store_all(word, all_ip, 'ip', 'censys')
|
|
|
|
|
|
|
|
|
|
elif engineitem == 'crtsh':
|
|
|
|
|
print('\033[94m[*] Searching CRT.sh. \033[0m')
|
|
|
|
|
search = crtsh.search_crtsh(word)
|
|
|
|
|
search.process()
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
|
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'CRTsh')
|
|
|
|
|
|
|
|
|
|
elif engineitem == 'cymon':
|
|
|
|
|
print('\033[94m[*] Searching Cymon. \033[0m')
|
|
|
|
|
from discovery import cymon
|
|
|
|
|
# Import locally or won't work.
|
|
|
|
|
search = cymon.search_cymon(word)
|
|
|
|
|
search.process()
|
|
|
|
|
all_ip = search.get_ipaddresses()
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_ip, 'ip', 'cymon')
|
|
|
|
|
|
|
|
|
|
elif engineitem == 'dogpile':
|
|
|
|
|
print('\033[94m[*] Searching Dogpile. \033[0m')
|
|
|
|
|
search = dogpilesearch.SearchDogpile(word, limit)
|
|
|
|
|
search.process()
|
|
|
|
|
emails = filter(search.get_emails())
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
|
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
all_emails.extend(emails)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'email', 'dogpile')
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'dogpile')
|
|
|
|
|
|
|
|
|
|
elif engineitem == 'duckduckgo':
|
|
|
|
|
print('\033[94m[*] Searching DuckDuckGo. \033[0m')
|
|
|
|
|
from discovery import duckduckgosearch
|
|
|
|
|
search = duckduckgosearch.SearchDuckDuckGo(word, limit)
|
|
|
|
|
search.process()
|
|
|
|
|
emails = filter(search.get_emails())
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
|
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
all_emails.extend(emails)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'email', 'duckduckgo')
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'duckduckgo')
|
|
|
|
|
|
|
|
|
|
elif engineitem == 'google':
|
|
|
|
|
print('\033[94m[*] Searching Google. \033[0m')
|
|
|
|
|
search = googlesearch.search_google(word, limit, start)
|
|
|
|
|
search.process(google_dorking)
|
|
|
|
|
emails = filter(search.get_emails())
|
|
|
|
|
all_emails.extend(emails)
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
|
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'google')
|
|
|
|
|
db.store_all(word, all_emails, 'email', 'google')
|
|
|
|
|
|
|
|
|
|
elif engineitem == 'googleCSE':
|
|
|
|
|
print('\033[94m[*] Searching Google Custom Search. \033[0m')
|
|
|
|
|
try:
|
|
|
|
|
search = googleCSE.SearchGoogleCSE(word, limit, start)
|
|
|
|
|
search.process()
|
|
|
|
|
search.store_results()
|
|
|
|
|
all_emails = filter(search.get_emails())
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
|
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db.store_all(word, all_hosts, 'email', 'googleCSE')
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'googleCSE')
|
|
|
|
|
except Exception as e:
|
|
|
|
|
if isinstance(e, MissingKey):
|
|
|
|
|
print(e)
|
|
|
|
|
else:
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
elif engineitem == 'google-certificates':
|
|
|
|
|
print('\033[94m[*] Searching Google Certificate transparency report. \033[0m')
|
|
|
|
|
search = googlecertificates.SearchGoogleCertificates(word, limit, start)
|
|
|
|
|
search.process()
|
|
|
|
|
hosts = filter(search.get_domains())
|
|
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'google-certificates')
|
|
|
|
|
|
|
|
|
|
elif engineitem == 'google-profiles':
|
|
|
|
|
print('\033[94m[*] Searching Google profiles. \033[0m')
|
|
|
|
|
search = googlesearch.search_google(word, limit, start)
|
|
|
|
|
search.process_profiles()
|
|
|
|
|
people = search.get_profiles()
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, people, 'name', 'google-profile')
|
|
|
|
|
|
|
|
|
|
if len(people) == 0:
|
|
|
|
|
print('\n[*] No users found.\n\n')
|
|
|
|
|
else:
|
|
|
|
|
print('\n[*] Users found: ' + str(len(people)))
|
|
|
|
|
print('---------------------')
|
|
|
|
|
for user in sorted(list(set(people))):
|
|
|
|
|
print(user)
|
2019-01-11 15:21:45 +08:00
|
|
|
sys.exit(0)
|
2018-10-27 03:42:47 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
elif engineitem == 'hunter':
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\033[94m[*] Searching Hunter. \033[0m')
|
2018-11-11 22:24:58 +08:00
|
|
|
from discovery import huntersearch
|
2018-12-27 15:53:12 +08:00
|
|
|
# Import locally or won't work.
|
2018-12-24 06:02:34 +08:00
|
|
|
try:
|
2019-01-06 17:50:07 +08:00
|
|
|
search = huntersearch.SearchHunter(word, limit, start)
|
2018-12-24 06:02:34 +08:00
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
emails = filter(search.get_emails())
|
2018-12-24 06:02:34 +08:00
|
|
|
all_emails.extend(emails)
|
2018-12-24 08:54:56 +08:00
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-24 06:02:34 +08:00
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'hunter')
|
|
|
|
|
db.store_all(word, all_emails, 'email', 'hunter')
|
|
|
|
|
except Exception as e:
|
2019-01-11 11:38:44 +08:00
|
|
|
if isinstance(e, MissingKey):
|
2018-12-24 06:02:34 +08:00
|
|
|
print(e)
|
|
|
|
|
else:
|
|
|
|
|
pass
|
2018-11-11 22:24:58 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
elif engineitem == 'linkedin':
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\033[94m[*] Searching Linkedin. \033[0m')
|
2019-01-06 17:50:07 +08:00
|
|
|
search = linkedinsearch.SearchLinkedin(word, limit)
|
2018-12-23 04:29:11 +08:00
|
|
|
search.process()
|
|
|
|
|
people = search.get_people()
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, people, 'name', 'linkedin')
|
2019-01-11 15:21:45 +08:00
|
|
|
|
|
|
|
|
if len(people) == 0:
|
|
|
|
|
print('\n[*] No users found.\n\n')
|
|
|
|
|
else:
|
|
|
|
|
print('\n[*] Users found: ' + str(len(people)))
|
|
|
|
|
print('---------------------')
|
|
|
|
|
for user in sorted(list(set(people))):
|
|
|
|
|
print(user)
|
|
|
|
|
sys.exit(0)
|
2018-12-23 04:29:11 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
elif engineitem == 'netcraft':
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\033[94m[*] Searching Netcraft. \033[0m')
|
2019-01-06 17:50:07 +08:00
|
|
|
search = netcraft.SearchNetcraft(word)
|
2018-12-01 04:57:12 +08:00
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-18 07:14:42 +08:00
|
|
|
all_hosts.extend(hosts)
|
2018-12-19 23:12:32 +08:00
|
|
|
db = stash.stash_manager()
|
2018-12-23 04:29:11 +08:00
|
|
|
db.store_all(word, all_hosts, 'host', 'netcraft')
|
2018-12-20 03:39:33 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
elif engineitem == 'pgp':
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\033[94m[*] Searching PGP key server. \033[0m')
|
2018-12-24 06:27:30 +08:00
|
|
|
try:
|
2019-01-06 17:50:07 +08:00
|
|
|
search = pgpsearch.SearchPgp(word)
|
2018-12-24 06:27:30 +08:00
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
all_emails = filter(search.get_emails())
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-24 06:27:30 +08:00
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'pgp')
|
|
|
|
|
db.store_all(word, all_emails, 'email', 'pgp')
|
|
|
|
|
except Exception:
|
|
|
|
|
pass
|
2018-12-23 04:29:11 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
elif engineitem == 'securityTrails':
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\033[94m[*] Searching SecurityTrails. \033[0m')
|
2018-12-23 04:48:46 +08:00
|
|
|
from discovery import securitytrailssearch
|
2018-12-24 06:02:34 +08:00
|
|
|
try:
|
2019-01-12 04:40:35 +08:00
|
|
|
search = securitytrailssearch.search_securitytrail(word)
|
2018-12-24 06:02:34 +08:00
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-24 06:02:34 +08:00
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, hosts, 'host', 'securityTrails')
|
|
|
|
|
ips = search.get_ips()
|
|
|
|
|
all_ip.extend(ips)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, ips, 'ip', 'securityTrails')
|
|
|
|
|
except Exception as e:
|
2019-01-11 11:38:44 +08:00
|
|
|
if isinstance(e, MissingKey):
|
2018-12-24 06:02:34 +08:00
|
|
|
print(e)
|
|
|
|
|
else:
|
|
|
|
|
pass
|
2018-12-23 04:48:46 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
elif engineitem == 'threatcrowd':
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\033[94m[*] Searching Threatcrowd. \033[0m')
|
2018-12-24 06:02:34 +08:00
|
|
|
try:
|
|
|
|
|
search = threatcrowd.search_threatcrowd(word)
|
|
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-24 06:02:34 +08:00
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
2019-01-06 13:14:46 +08:00
|
|
|
db.store_all(word, all_hosts, 'host', 'threatcrowd')
|
2018-12-24 06:02:34 +08:00
|
|
|
except Exception:
|
|
|
|
|
pass
|
2018-12-16 11:07:37 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
elif engineitem == 'trello':
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\033[94m[*] Searching Trello. \033[0m')
|
2018-12-01 17:39:01 +08:00
|
|
|
from discovery import trello
|
2018-12-27 15:43:32 +08:00
|
|
|
# Import locally or won't work.
|
2018-12-23 04:48:46 +08:00
|
|
|
search = trello.search_trello(word, limit)
|
2018-12-01 17:39:01 +08:00
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
emails = filter(search.get_emails())
|
2018-12-23 04:48:46 +08:00
|
|
|
all_emails.extend(emails)
|
|
|
|
|
info = search.get_urls()
|
2018-12-24 08:54:56 +08:00
|
|
|
hosts = filter(info[0])
|
2018-12-31 01:41:21 +08:00
|
|
|
trello_info = (info[1], True)
|
2018-12-23 04:48:46 +08:00
|
|
|
all_hosts.extend(hosts)
|
2018-12-20 03:39:33 +08:00
|
|
|
db = stash.stash_manager()
|
2018-12-23 04:48:46 +08:00
|
|
|
db.store_all(word, hosts, 'host', 'trello')
|
|
|
|
|
db.store_all(word, emails, 'email', 'trello')
|
2018-12-16 11:07:37 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
elif engineitem == 'twitter':
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\033[94m[*] Searching Twitter. \033[0m')
|
2018-12-23 04:29:11 +08:00
|
|
|
search = twittersearch.search_twitter(word, limit)
|
|
|
|
|
search.process()
|
|
|
|
|
people = search.get_people()
|
2018-12-20 03:39:33 +08:00
|
|
|
db = stash.stash_manager()
|
2018-12-23 04:29:11 +08:00
|
|
|
db.store_all(word, people, 'name', 'twitter')
|
2019-01-12 04:40:35 +08:00
|
|
|
|
|
|
|
|
if len(people) == 0:
|
|
|
|
|
print('\n[*] No users found.\n\n')
|
|
|
|
|
else:
|
|
|
|
|
print('\n[*] Users found: ' + str(len(people)))
|
|
|
|
|
print('---------------------')
|
|
|
|
|
for user in sorted(list(set(people))):
|
|
|
|
|
print(user)
|
|
|
|
|
sys.exit(0)
|
2018-12-16 11:07:37 +08:00
|
|
|
|
2018-12-23 04:29:11 +08:00
|
|
|
# vhost
|
2018-12-16 11:07:37 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
elif engineitem == 'virustotal':
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\033[94m[*] Searching VirusTotal. \033[0m')
|
2018-12-23 04:29:11 +08:00
|
|
|
search = virustotal.search_virustotal(word)
|
2018-12-22 04:17:51 +08:00
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-22 04:17:51 +08:00
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
2018-12-23 04:29:11 +08:00
|
|
|
db.store_all(word, all_hosts, 'host', 'virustotal')
|
2018-12-16 11:07:37 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
elif engineitem == 'yahoo':
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\033[94m[*] Searching Yahoo. \033[0m')
|
2018-12-23 04:29:11 +08:00
|
|
|
search = yahoosearch.search_yahoo(word, limit)
|
2018-10-27 03:42:47 +08:00
|
|
|
search.process()
|
2018-12-30 02:14:40 +08:00
|
|
|
hosts = search.get_hostnames()
|
|
|
|
|
emails = search.get_emails()
|
|
|
|
|
all_hosts.extend(filter(hosts))
|
|
|
|
|
all_emails.extend(filter(emails))
|
2018-12-22 04:17:51 +08:00
|
|
|
db = stash.stash_manager()
|
2018-12-23 04:29:11 +08:00
|
|
|
db.store_all(word, all_hosts, 'host', 'yahoo')
|
|
|
|
|
db.store_all(word, all_emails, 'email', 'yahoo')
|
2018-12-22 04:17:51 +08:00
|
|
|
|
2019-01-14 10:11:23 +08:00
|
|
|
elif engineitem == 'all':
|
2019-01-11 13:14:44 +08:00
|
|
|
print(('Full harvest on ' + word))
|
2018-10-27 03:42:47 +08:00
|
|
|
all_emails = []
|
|
|
|
|
all_hosts = []
|
2019-01-06 17:50:07 +08:00
|
|
|
try:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching Baidu.')
|
2019-01-06 17:50:07 +08:00
|
|
|
search = baidusearch.SearchBaidu(word, limit)
|
|
|
|
|
search.process()
|
|
|
|
|
all_emails = filter(search.get_emails())
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
|
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'baidu')
|
|
|
|
|
db.store_all(word, all_emails, 'email', 'baidu')
|
|
|
|
|
except Exception:
|
|
|
|
|
pass
|
2018-12-23 04:29:11 +08:00
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching Bing.')
|
2019-01-13 14:17:06 +08:00
|
|
|
bingapi = 'no'
|
2019-01-06 17:50:07 +08:00
|
|
|
search = bingsearch.SearchBing(word, limit, start)
|
2018-12-23 04:29:11 +08:00
|
|
|
search.process(bingapi)
|
2018-12-24 08:54:56 +08:00
|
|
|
emails = filter(search.get_emails())
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
2018-10-27 03:42:47 +08:00
|
|
|
all_hosts.extend(hosts)
|
2018-12-16 11:07:37 +08:00
|
|
|
db = stash.stash_manager()
|
2018-12-23 04:29:11 +08:00
|
|
|
db.store_all(word, all_hosts, 'host', 'bing')
|
2018-10-27 03:42:47 +08:00
|
|
|
all_emails.extend(emails)
|
2018-12-23 04:29:11 +08:00
|
|
|
all_emails = sorted(set(all_emails))
|
|
|
|
|
db.store_all(word, all_emails, 'email', 'bing')
|
2018-12-16 11:07:37 +08:00
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching Censys.')
|
2018-12-23 04:29:11 +08:00
|
|
|
from discovery import censys
|
2019-01-06 17:50:07 +08:00
|
|
|
search = censys.SearchCensys(word, limit)
|
2018-10-27 03:42:47 +08:00
|
|
|
search.process()
|
2018-12-23 05:49:59 +08:00
|
|
|
ips = search.get_ipaddresses()
|
2018-12-24 04:23:01 +08:00
|
|
|
setips = set(ips)
|
2019-01-11 11:56:49 +08:00
|
|
|
uniqueips = list(setips) # Remove duplicates.
|
2018-12-23 05:49:59 +08:00
|
|
|
all_ip.extend(uniqueips)
|
2018-12-24 08:54:56 +08:00
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-23 05:49:59 +08:00
|
|
|
sethosts = set(hosts)
|
2019-01-11 11:56:49 +08:00
|
|
|
uniquehosts = list(sethosts) # Remove duplicates.
|
2018-12-23 05:49:59 +08:00
|
|
|
all_hosts.extend(uniquehosts)
|
2018-12-16 11:07:37 +08:00
|
|
|
db = stash.stash_manager()
|
2018-12-24 04:23:01 +08:00
|
|
|
db.store_all(word, uniquehosts, 'host', 'censys')
|
|
|
|
|
db.store_all(word, uniqueips, 'ip', 'censys')
|
2018-10-27 03:42:47 +08:00
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching CRT.sh.')
|
2018-10-27 03:42:47 +08:00
|
|
|
search = crtsh.search_crtsh(word)
|
|
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
hosts = filter(search.get_hostnames())
|
2018-10-27 03:42:47 +08:00
|
|
|
all_hosts.extend(hosts)
|
2018-12-16 11:07:37 +08:00
|
|
|
db = stash.stash_manager()
|
2018-12-23 04:29:11 +08:00
|
|
|
db.store_all(word, all_hosts, 'host', 'CRTsh')
|
2018-10-27 03:42:47 +08:00
|
|
|
|
2018-12-23 04:29:11 +08:00
|
|
|
# cymon
|
2018-11-11 22:24:58 +08:00
|
|
|
|
2018-12-23 04:29:11 +08:00
|
|
|
# dogpile
|
|
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching DuckDuckGo.')
|
2019-01-06 17:50:07 +08:00
|
|
|
from discovery import duckduckgosearch
|
|
|
|
|
search = duckduckgosearch.SearchDuckDuckGo(word, limit)
|
|
|
|
|
search.process()
|
|
|
|
|
emails = filter(search.get_emails())
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
|
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
all_emails.extend(emails)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'email', 'duckduckgo')
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'duckduckgo')
|
|
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching Google.')
|
2018-12-23 04:29:11 +08:00
|
|
|
search = googlesearch.search_google(word, limit, start)
|
|
|
|
|
search.process(google_dorking)
|
2018-12-24 08:54:56 +08:00
|
|
|
emails = filter(search.get_emails())
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-23 04:29:11 +08:00
|
|
|
all_emails.extend(emails)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_emails, 'email', 'google')
|
2018-10-27 03:42:47 +08:00
|
|
|
all_hosts.extend(hosts)
|
2018-12-16 11:07:37 +08:00
|
|
|
db = stash.stash_manager()
|
2018-12-23 04:29:11 +08:00
|
|
|
db.store_all(word, all_hosts, 'host', 'google')
|
|
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching Google Certificate transparency report.')
|
2019-01-12 04:40:35 +08:00
|
|
|
search = googlecertificates.SearchGoogleCertificates(word, limit, start)
|
2018-12-23 04:29:11 +08:00
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
domains = filter(search.get_domains())
|
2018-12-23 04:29:11 +08:00
|
|
|
all_hosts.extend(domains)
|
|
|
|
|
db = stash.stash_manager()
|
2019-01-06 17:50:07 +08:00
|
|
|
db.store_all(word, all_hosts, 'host', 'google-certificates')
|
2018-12-23 04:29:11 +08:00
|
|
|
|
2019-01-06 17:50:07 +08:00
|
|
|
try:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching Google profiles.')
|
2019-01-06 17:50:07 +08:00
|
|
|
search = googlesearch.search_google(word, limit, start)
|
|
|
|
|
search.process_profiles()
|
|
|
|
|
people = search.get_profiles()
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, people, 'name', 'google-profile')
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\nUsers from Google profiles:')
|
|
|
|
|
print('---------------------------')
|
2019-01-06 17:50:07 +08:00
|
|
|
for users in people:
|
|
|
|
|
print(users)
|
|
|
|
|
except Exception:
|
|
|
|
|
pass
|
2018-11-03 07:04:20 +08:00
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching Hunter.')
|
2018-11-11 22:24:58 +08:00
|
|
|
from discovery import huntersearch
|
2018-12-27 15:43:32 +08:00
|
|
|
# Import locally.
|
2018-12-24 06:02:34 +08:00
|
|
|
try:
|
2019-01-06 17:50:07 +08:00
|
|
|
search = huntersearch.SearchHunter(word, limit, start)
|
2018-12-24 06:02:34 +08:00
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
emails = filter(search.get_emails())
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-24 06:02:34 +08:00
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, hosts, 'host', 'hunter')
|
|
|
|
|
all_emails.extend(emails)
|
|
|
|
|
all_emails = sorted(set(all_emails))
|
|
|
|
|
db.store_all(word, all_emails, 'email', 'hunter')
|
|
|
|
|
except Exception as e:
|
2019-01-11 11:38:44 +08:00
|
|
|
if isinstance(e, MissingKey):
|
2018-12-24 06:02:34 +08:00
|
|
|
print(e)
|
|
|
|
|
else:
|
|
|
|
|
pass
|
2018-12-27 15:43:32 +08:00
|
|
|
|
2018-12-23 04:29:11 +08:00
|
|
|
# linkedin
|
|
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching Netcraft.')
|
2019-01-06 17:50:07 +08:00
|
|
|
search = netcraft.SearchNetcraft(word)
|
2018-12-22 06:47:15 +08:00
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-22 06:47:15 +08:00
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
2018-12-23 04:29:11 +08:00
|
|
|
db.store_all(word, all_hosts, 'host', 'netcraft')
|
2018-12-22 06:47:15 +08:00
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching PGP key server.')
|
2018-12-24 06:27:30 +08:00
|
|
|
try:
|
2019-01-06 17:50:07 +08:00
|
|
|
search = pgpsearch.SearchPgp(word)
|
2018-12-24 06:27:30 +08:00
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
emails = filter(search.get_emails())
|
|
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-24 06:27:30 +08:00
|
|
|
sethosts = set(hosts)
|
2019-01-11 11:56:49 +08:00
|
|
|
uniquehosts = list(sethosts) # Remove duplicates.
|
2018-12-24 06:27:30 +08:00
|
|
|
all_hosts.extend(uniquehosts)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'PGP')
|
|
|
|
|
all_emails.extend(emails)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_emails, 'email', 'PGP')
|
|
|
|
|
except Exception:
|
|
|
|
|
pass
|
2018-11-23 05:20:06 +08:00
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching Threatcrowd.')
|
2018-12-23 04:29:11 +08:00
|
|
|
try:
|
|
|
|
|
search = threatcrowd.search_threatcrowd(word)
|
|
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
hosts = filter(search.get_hostnames())
|
2018-12-23 04:29:11 +08:00
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
2019-01-06 13:14:46 +08:00
|
|
|
db.store_all(word, all_hosts, 'host', 'threatcrowd')
|
2018-12-24 04:23:01 +08:00
|
|
|
except Exception:
|
|
|
|
|
pass
|
2018-12-23 04:29:11 +08:00
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching Trello.')
|
2018-12-23 04:48:46 +08:00
|
|
|
from discovery import trello
|
2018-12-27 15:43:32 +08:00
|
|
|
# Import locally or won't work.
|
2018-12-23 04:48:46 +08:00
|
|
|
search = trello.search_trello(word, limit)
|
|
|
|
|
search.process()
|
2018-12-24 08:54:56 +08:00
|
|
|
emails = filter(search.get_emails())
|
2018-12-23 04:48:46 +08:00
|
|
|
all_emails.extend(emails)
|
|
|
|
|
info = search.get_urls()
|
2018-12-24 08:54:56 +08:00
|
|
|
hosts = filter(info[0])
|
2018-12-31 01:41:21 +08:00
|
|
|
trello_info = (info[1], True)
|
2018-12-23 04:48:46 +08:00
|
|
|
all_hosts.extend(hosts)
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, hosts, 'host', 'trello')
|
|
|
|
|
db.store_all(word, emails, 'email', 'trello')
|
|
|
|
|
|
2019-01-06 17:50:07 +08:00
|
|
|
try:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching Twitter.')
|
2019-01-06 17:50:07 +08:00
|
|
|
search = twittersearch.search_twitter(word, limit)
|
|
|
|
|
search.process()
|
|
|
|
|
people = search.get_people()
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, people, 'name', 'twitter')
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\nUsers from Twitter:')
|
|
|
|
|
print('-------------------')
|
2019-01-06 17:50:07 +08:00
|
|
|
for user in people:
|
|
|
|
|
print(user)
|
|
|
|
|
except Exception:
|
|
|
|
|
pass
|
2018-12-23 04:29:11 +08:00
|
|
|
|
|
|
|
|
# vhost
|
|
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching VirusTotal.')
|
2018-12-23 04:29:11 +08:00
|
|
|
search = virustotal.search_virustotal(word)
|
2018-12-23 02:46:27 +08:00
|
|
|
search.process()
|
2018-12-27 15:43:32 +08:00
|
|
|
hosts = filter(search.get_hostnames())
|
|
|
|
|
all_hosts.extend(hosts)
|
2018-12-23 02:46:27 +08:00
|
|
|
db = stash.stash_manager()
|
2018-12-23 04:29:11 +08:00
|
|
|
db.store_all(word, all_hosts, 'host', 'virustotal')
|
|
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Searching Yahoo.')
|
2019-01-06 17:50:07 +08:00
|
|
|
search = yahoosearch.search_yahoo(word, limit)
|
|
|
|
|
search.process()
|
|
|
|
|
hosts = search.get_hostnames()
|
|
|
|
|
emails = search.get_emails()
|
|
|
|
|
all_hosts.extend(filter(hosts))
|
|
|
|
|
all_emails.extend(filter(emails))
|
|
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, all_hosts, 'host', 'yahoo')
|
|
|
|
|
db.store_all(word, all_emails, 'email', 'yahoo')
|
2019-01-14 10:11:23 +08:00
|
|
|
else:
|
|
|
|
|
print('\033[93m[!] Invalid source.\n\n \033[0m')
|
|
|
|
|
sys.exit(1)
|
2018-11-11 22:24:58 +08:00
|
|
|
|
2018-12-27 15:43:32 +08:00
|
|
|
# Sanity check to see if all_emails and all_hosts are defined.
|
2018-11-23 05:20:06 +08:00
|
|
|
try:
|
|
|
|
|
all_emails
|
|
|
|
|
except NameError:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n\n\033[93m[!] No emails found because all_emails is not defined.\n\n \033[0m')
|
2018-12-27 15:43:32 +08:00
|
|
|
sys.exit(1)
|
2018-11-23 05:20:06 +08:00
|
|
|
try:
|
|
|
|
|
all_hosts
|
|
|
|
|
except NameError:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n\n\033[93m[!] No hosts found because all_hosts is not defined.\n\n \033[0m')
|
2018-12-27 15:43:32 +08:00
|
|
|
sys.exit(1)
|
2018-11-23 05:20:06 +08:00
|
|
|
|
2019-01-11 13:14:44 +08:00
|
|
|
# Results
|
|
|
|
|
if len(all_ip) == 0:
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\n[*] No IPs found.')
|
2019-01-11 13:14:44 +08:00
|
|
|
else:
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\n[*] IPs found: ' + str(len(all_ip)))
|
|
|
|
|
print('-------------------')
|
2019-01-13 05:49:05 +08:00
|
|
|
ips = sorted(ipaddress.ip_address(line.strip()) for line in all_ip)
|
|
|
|
|
print('\n'.join(map(str, ips)))
|
2019-01-11 13:14:44 +08:00
|
|
|
|
2019-01-11 15:21:45 +08:00
|
|
|
if len(all_emails) == 0:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n[*] No emails found.')
|
2014-12-17 07:25:12 +08:00
|
|
|
else:
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\n[*] Emails found: ' + str(len(all_emails)))
|
|
|
|
|
print('----------------------')
|
2019-01-13 14:17:06 +08:00
|
|
|
print(('\n'.join(sorted(list(set(all_emails))))))
|
2014-12-17 07:25:12 +08:00
|
|
|
|
2019-01-11 15:21:45 +08:00
|
|
|
if len(all_hosts) == 0:
|
|
|
|
|
print('\n[*] No hosts found.\n\n')
|
2014-12-17 07:25:12 +08:00
|
|
|
else:
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\n[*] Hosts found: ' + str(len(all_hosts)))
|
|
|
|
|
print('---------------------')
|
2018-12-24 10:50:25 +08:00
|
|
|
all_hosts = sorted(list(set(all_hosts)))
|
2014-12-17 07:25:12 +08:00
|
|
|
full_host = hostchecker.Checker(all_hosts)
|
|
|
|
|
full = full_host.check()
|
|
|
|
|
for host in full:
|
2018-04-16 19:55:52 +08:00
|
|
|
ip = host.split(':')[1]
|
2018-11-23 05:20:06 +08:00
|
|
|
print(host)
|
2019-01-13 14:17:06 +08:00
|
|
|
if ip != 'empty':
|
2018-08-09 03:34:10 +08:00
|
|
|
if host_ip.count(ip.lower()):
|
|
|
|
|
pass
|
|
|
|
|
else:
|
|
|
|
|
host_ip.append(ip.lower())
|
2018-12-16 11:07:37 +08:00
|
|
|
|
2018-12-20 03:39:33 +08:00
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, host_ip, 'ip', 'DNS-resolver')
|
|
|
|
|
|
2019-01-11 10:09:47 +08:00
|
|
|
if trello_info[1] is True:
|
2018-12-23 04:48:46 +08:00
|
|
|
trello_urls = trello_info[0]
|
|
|
|
|
if trello_urls == []:
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\n[*] No URLs found.')
|
2018-12-23 04:48:46 +08:00
|
|
|
else:
|
|
|
|
|
total = len(trello_urls)
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\n[*] URLs found: ' + str(total))
|
|
|
|
|
print('--------------------')
|
2018-12-23 04:48:46 +08:00
|
|
|
for url in sorted(list(set(trello_urls))):
|
|
|
|
|
print(url)
|
2018-12-24 04:23:01 +08:00
|
|
|
|
2019-01-11 10:09:47 +08:00
|
|
|
# DNS brute force
|
2018-08-09 03:34:10 +08:00
|
|
|
dnsres = []
|
2019-01-01 07:14:12 +08:00
|
|
|
if dnsbrute is True:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n[*] Starting DNS brute force.')
|
2018-08-09 03:34:10 +08:00
|
|
|
a = dnssearch.dns_force(word, dnsserver, verbose=True)
|
|
|
|
|
res = a.process()
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n[*] Hosts found after DNS brute force:')
|
|
|
|
|
print('-------------------------------------')
|
2018-08-09 03:34:10 +08:00
|
|
|
for y in res:
|
2018-11-23 05:20:06 +08:00
|
|
|
print(y)
|
2018-08-09 03:34:10 +08:00
|
|
|
dnsres.append(y.split(':')[0])
|
|
|
|
|
if y not in full:
|
|
|
|
|
full.append(y)
|
2018-12-16 11:07:37 +08:00
|
|
|
db = stash.stash_manager()
|
|
|
|
|
db.store_all(word, dnsres, 'host', 'dns_bruteforce')
|
2018-08-09 03:34:10 +08:00
|
|
|
|
2019-01-11 10:09:47 +08:00
|
|
|
# Port scanning
|
2019-01-01 07:14:12 +08:00
|
|
|
if ports_scanning is True:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n\n[*] Scanning ports (active).\n')
|
2018-12-16 11:07:37 +08:00
|
|
|
for x in full:
|
|
|
|
|
host = x.split(':')[1]
|
|
|
|
|
domain = x.split(':')[0]
|
2019-01-13 14:17:06 +08:00
|
|
|
if host != 'empty':
|
2019-01-11 13:14:44 +08:00
|
|
|
print(('[*] Scanning ' + host))
|
2018-12-27 15:43:32 +08:00
|
|
|
ports = [21, 22, 80, 443, 8080]
|
2018-12-16 11:07:37 +08:00
|
|
|
try:
|
2019-01-01 10:38:32 +08:00
|
|
|
scan = port_scanner.PortScan(host, ports)
|
2018-12-16 11:07:37 +08:00
|
|
|
openports = scan.process()
|
|
|
|
|
if len(openports) > 1:
|
2019-01-11 13:14:44 +08:00
|
|
|
print(('\t[*] Detected open ports: ' + ','.join(str(e) for e in openports)))
|
2018-12-16 11:07:37 +08:00
|
|
|
takeover_check = 'True'
|
|
|
|
|
if takeover_check == 'True':
|
|
|
|
|
if len(openports) > 0:
|
|
|
|
|
search_take = takeover.take_over(domain)
|
|
|
|
|
search_take.process()
|
|
|
|
|
except Exception as e:
|
|
|
|
|
print(e)
|
|
|
|
|
|
2019-01-01 07:14:12 +08:00
|
|
|
# DNS reverse lookup
|
2014-12-17 07:25:12 +08:00
|
|
|
dnsrev = []
|
2019-01-01 07:14:12 +08:00
|
|
|
if dnslookup is True:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n[*] Starting active queries.')
|
2014-12-17 07:25:12 +08:00
|
|
|
analyzed_ranges = []
|
2018-04-16 19:55:52 +08:00
|
|
|
for x in host_ip:
|
2018-11-23 05:20:06 +08:00
|
|
|
print(x)
|
2019-01-13 14:17:06 +08:00
|
|
|
ip = x.split(':')[0]
|
|
|
|
|
range = ip.split('.')
|
|
|
|
|
range[3] = '0/24'
|
2018-11-23 05:20:06 +08:00
|
|
|
s = '.'
|
|
|
|
|
range = s.join(range)
|
2014-12-17 07:25:12 +08:00
|
|
|
if not analyzed_ranges.count(range):
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Performing reverse lookup in ' + range)
|
2014-12-17 07:25:12 +08:00
|
|
|
a = dnssearch.dns_reverse(range, True)
|
|
|
|
|
a.list()
|
|
|
|
|
res = a.process()
|
|
|
|
|
analyzed_ranges.append(range)
|
|
|
|
|
else:
|
|
|
|
|
continue
|
|
|
|
|
for x in res:
|
|
|
|
|
if x.count(word):
|
|
|
|
|
dnsrev.append(x)
|
|
|
|
|
if x not in full:
|
|
|
|
|
full.append(x)
|
2019-01-11 13:14:44 +08:00
|
|
|
print('Hosts found after reverse lookup (in target domain):')
|
|
|
|
|
print('----------------------------------------------------')
|
2014-12-17 07:25:12 +08:00
|
|
|
for xh in dnsrev:
|
2018-11-23 05:20:06 +08:00
|
|
|
print(xh)
|
2018-12-16 11:07:37 +08:00
|
|
|
|
2019-01-01 07:14:12 +08:00
|
|
|
# DNS TLD expansion
|
2014-12-17 07:25:12 +08:00
|
|
|
dnstldres = []
|
2019-01-06 17:50:07 +08:00
|
|
|
if dnstld is True:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('[*] Starting DNS TLD expansion.')
|
2014-12-17 07:25:12 +08:00
|
|
|
a = dnssearch.dns_tld(word, dnsserver, verbose=True)
|
|
|
|
|
res = a.process()
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n[*] Hosts found after DNS TLD expansion:')
|
|
|
|
|
print('----------------------------------------')
|
2014-12-17 07:25:12 +08:00
|
|
|
for y in res:
|
2018-11-23 05:20:06 +08:00
|
|
|
print(y)
|
2014-12-17 07:25:12 +08:00
|
|
|
dnstldres.append(y)
|
|
|
|
|
if y not in full:
|
|
|
|
|
full.append(y)
|
|
|
|
|
|
2019-01-01 07:14:12 +08:00
|
|
|
# Virtual hosts search
|
2019-01-13 14:17:06 +08:00
|
|
|
if virtual == 'basic':
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n[*] Virtual hosts:')
|
|
|
|
|
print('------------------')
|
2014-12-17 07:25:12 +08:00
|
|
|
for l in host_ip:
|
2019-01-06 17:50:07 +08:00
|
|
|
search = bingsearch.SearchBing(l, limit, start)
|
2014-12-17 07:25:12 +08:00
|
|
|
search.process_vhost()
|
|
|
|
|
res = search.get_allhostnames()
|
|
|
|
|
for x in res:
|
2018-12-16 11:07:37 +08:00
|
|
|
x = re.sub(r'[[\<\/?]*[\w]*>]*', '', x)
|
|
|
|
|
x = re.sub('<', '', x)
|
|
|
|
|
x = re.sub('>', '', x)
|
2019-01-13 14:17:06 +08:00
|
|
|
print((l + '\t' + x))
|
|
|
|
|
vhost.append(l + ':' + x)
|
|
|
|
|
full.append(l + ':' + x)
|
2018-12-16 11:07:37 +08:00
|
|
|
vhost = sorted(set(vhost))
|
2014-12-17 07:25:12 +08:00
|
|
|
else:
|
|
|
|
|
pass
|
2018-12-27 15:43:32 +08:00
|
|
|
|
2019-01-11 10:09:47 +08:00
|
|
|
# Shodan
|
2014-12-17 07:25:12 +08:00
|
|
|
shodanres = []
|
2019-01-05 00:28:11 +08:00
|
|
|
import texttable
|
|
|
|
|
tab = texttable.Texttable()
|
2019-01-13 14:17:06 +08:00
|
|
|
header = ['IP address', 'Hostname', 'Org', 'Services:Ports', 'Technologies']
|
2019-01-05 00:28:11 +08:00
|
|
|
tab.header(header)
|
2019-01-13 14:17:06 +08:00
|
|
|
tab.set_cols_align(['c', 'c', 'c', 'c', 'c'])
|
|
|
|
|
tab.set_cols_valign(['m', 'm', 'm', 'm', 'm'])
|
2019-01-05 00:28:11 +08:00
|
|
|
tab.set_chars(['-', '|', '+', '#'])
|
|
|
|
|
tab.set_cols_width([15, 20, 15, 15, 18])
|
|
|
|
|
host_ip = list(set(host_ip))
|
2019-01-01 07:37:47 +08:00
|
|
|
if shodan is True:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n\n[*] Shodan DB search (passive):\n')
|
2019-01-05 00:28:11 +08:00
|
|
|
try:
|
|
|
|
|
for ip in host_ip:
|
2019-01-11 13:14:44 +08:00
|
|
|
print(('\tSearching for: ' + ip))
|
2019-01-05 00:28:11 +08:00
|
|
|
shodan = shodansearch.search_shodan()
|
|
|
|
|
rowdata = shodan.search_ip(ip)
|
|
|
|
|
time.sleep(2)
|
|
|
|
|
tab.add_row(rowdata)
|
|
|
|
|
printedtable = tab.draw()
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n [*] Shodan results:')
|
|
|
|
|
print('-------------------')
|
2019-01-05 00:28:11 +08:00
|
|
|
print(printedtable)
|
|
|
|
|
except Exception as e:
|
2019-01-11 13:14:44 +08:00
|
|
|
print(f'[!] Error occurred in theHarvester - Shodan search module: {e}')
|
2018-10-27 03:42:47 +08:00
|
|
|
else:
|
|
|
|
|
pass
|
2014-12-17 07:25:12 +08:00
|
|
|
|
2018-12-23 04:29:11 +08:00
|
|
|
# Here we need to add explosion mode.
|
2019-01-11 10:09:47 +08:00
|
|
|
# We have to take out the TLDs to do this.
|
2014-12-17 07:25:12 +08:00
|
|
|
recursion = None
|
|
|
|
|
if recursion:
|
|
|
|
|
start = 0
|
|
|
|
|
for word in vhost:
|
2018-10-27 04:15:43 +08:00
|
|
|
search = googlesearch.search_google(word, limit, start)
|
|
|
|
|
search.process(google_dorking)
|
2014-12-17 07:25:12 +08:00
|
|
|
emails = search.get_emails()
|
|
|
|
|
hosts = search.get_hostnames()
|
2018-11-23 05:20:06 +08:00
|
|
|
print(emails)
|
|
|
|
|
print(hosts)
|
2014-12-17 07:25:12 +08:00
|
|
|
else:
|
|
|
|
|
pass
|
|
|
|
|
|
2019-01-01 07:14:12 +08:00
|
|
|
# Reporting
|
2014-12-17 07:25:12 +08:00
|
|
|
if filename != "":
|
|
|
|
|
try:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('NEW REPORTING BEGINS.')
|
2018-12-16 01:22:02 +08:00
|
|
|
db = stash.stash_manager()
|
|
|
|
|
scanboarddata = db.getscanboarddata()
|
2018-12-19 17:08:42 +08:00
|
|
|
latestscanresults = db.getlatestscanresults(word)
|
2019-01-11 11:56:49 +08:00
|
|
|
previousscanresults = db.getlatestscanresults(word, previousday=True)
|
2018-12-19 17:08:42 +08:00
|
|
|
latestscanchartdata = db.latestscanchartdata(word)
|
2018-12-17 00:37:36 +08:00
|
|
|
scanhistorydomain = db.getscanhistorydomain(word)
|
2018-12-19 17:08:42 +08:00
|
|
|
pluginscanstatistics = db.getpluginscanstatistics()
|
2018-12-16 01:22:02 +08:00
|
|
|
generator = statichtmlgenerator.htmlgenerator(word)
|
2018-12-19 17:08:42 +08:00
|
|
|
HTMLcode = generator.beginhtml()
|
2018-12-19 17:09:01 +08:00
|
|
|
HTMLcode += generator.generatelatestscanresults(latestscanresults)
|
2019-01-11 11:56:49 +08:00
|
|
|
HTMLcode += generator.generatepreviousscanresults(previousscanresults)
|
2018-12-16 01:22:02 +08:00
|
|
|
graph = reportgraph.graphgenerator(word)
|
2018-12-19 17:08:42 +08:00
|
|
|
HTMLcode += graph.drawlatestscangraph(word, latestscanchartdata)
|
2019-01-11 11:56:49 +08:00
|
|
|
HTMLcode += graph.drawscattergraphscanhistory(word, scanhistorydomain)
|
|
|
|
|
HTMLcode += generator.generatepluginscanstatistics(pluginscanstatistics)
|
2018-12-23 21:13:08 +08:00
|
|
|
HTMLcode += generator.generatedashboardcode(scanboarddata)
|
2018-12-24 04:23:01 +08:00
|
|
|
HTMLcode += '<p><span style="color: #000000;">Report generated on ' + str(
|
|
|
|
|
datetime.datetime.now()) + '</span></p>'
|
2018-12-20 03:39:33 +08:00
|
|
|
HTMLcode += '''
|
|
|
|
|
</body>
|
|
|
|
|
</html>
|
|
|
|
|
'''
|
2019-01-13 14:17:06 +08:00
|
|
|
Html_file = open('report.html', 'w')
|
2018-12-16 01:22:02 +08:00
|
|
|
Html_file.write(HTMLcode)
|
|
|
|
|
Html_file.close()
|
2019-01-11 13:14:44 +08:00
|
|
|
print('NEW REPORTING FINISHED!')
|
|
|
|
|
print('[*] Saving files.')
|
2014-12-17 07:25:12 +08:00
|
|
|
html = htmlExport.htmlExport(
|
|
|
|
|
all_emails,
|
|
|
|
|
full,
|
|
|
|
|
vhost,
|
|
|
|
|
dnsres,
|
|
|
|
|
dnsrev,
|
|
|
|
|
filename,
|
|
|
|
|
word,
|
|
|
|
|
shodanres,
|
|
|
|
|
dnstldres)
|
|
|
|
|
save = html.writehtml()
|
|
|
|
|
except Exception as e:
|
2018-11-23 05:20:06 +08:00
|
|
|
print(e)
|
2019-01-11 13:14:44 +08:00
|
|
|
print('Error creating the file.')
|
2014-12-17 07:25:12 +08:00
|
|
|
try:
|
2019-01-13 14:17:06 +08:00
|
|
|
filename = filename.split('.')[0] + '.xml'
|
2014-12-17 07:25:12 +08:00
|
|
|
file = open(filename, 'w')
|
|
|
|
|
file.write('<?xml version="1.0" encoding="UTF-8"?><theHarvester>')
|
|
|
|
|
for x in all_emails:
|
|
|
|
|
file.write('<email>' + x + '</email>')
|
2016-02-13 19:56:21 +08:00
|
|
|
for x in full:
|
2019-01-13 14:17:06 +08:00
|
|
|
x = x.split(':')
|
2016-02-13 19:56:21 +08:00
|
|
|
if len(x) == 2:
|
2019-01-05 00:28:11 +08:00
|
|
|
file.write(
|
|
|
|
|
'<host>' + '<ip>' + x[1] + '</ip><hostname>' + x[0] + '</hostname>' + '</host>')
|
2016-02-13 19:56:21 +08:00
|
|
|
else:
|
|
|
|
|
file.write('<host>' + x + '</host>')
|
2014-12-17 07:25:12 +08:00
|
|
|
for x in vhost:
|
2019-01-13 14:17:06 +08:00
|
|
|
x = x.split(':')
|
2016-02-13 19:56:21 +08:00
|
|
|
if len(x) == 2:
|
2019-01-05 00:28:11 +08:00
|
|
|
file.write(
|
|
|
|
|
'<vhost>' + '<ip>' + x[1] + '</ip><hostname>' + x[0] + '</hostname>' + '</vhost>')
|
2016-02-13 19:56:21 +08:00
|
|
|
else:
|
|
|
|
|
file.write('<vhost>' + x + '</vhost>')
|
|
|
|
|
if shodanres != []:
|
|
|
|
|
shodanalysis = []
|
|
|
|
|
for x in shodanres:
|
2019-01-13 14:17:06 +08:00
|
|
|
res = x.split('SAPO')
|
2016-02-13 19:56:21 +08:00
|
|
|
file.write('<shodan>')
|
|
|
|
|
file.write('<host>' + res[0] + '</host>')
|
|
|
|
|
file.write('<port>' + res[2] + '</port>')
|
|
|
|
|
file.write('<banner><!--' + res[1] + '--></banner>')
|
|
|
|
|
reg_server = re.compile('Server:.*')
|
|
|
|
|
temp = reg_server.findall(res[1])
|
|
|
|
|
if temp != []:
|
2019-01-13 14:17:06 +08:00
|
|
|
shodanalysis.append(res[0] + ':' + temp[0])
|
2016-02-13 19:56:21 +08:00
|
|
|
file.write('</shodan>')
|
|
|
|
|
if shodanalysis != []:
|
2018-12-16 11:07:37 +08:00
|
|
|
shodanalysis = sorted(set(shodanalysis))
|
2016-02-13 19:56:21 +08:00
|
|
|
file.write('<servers>')
|
|
|
|
|
for x in shodanalysis:
|
|
|
|
|
file.write('<server>' + x + '</server>')
|
|
|
|
|
file.write('</servers>')
|
2018-12-23 04:29:11 +08:00
|
|
|
|
2014-12-17 07:25:12 +08:00
|
|
|
file.write('</theHarvester>')
|
2016-03-05 23:25:44 +08:00
|
|
|
file.flush()
|
|
|
|
|
file.close()
|
2019-01-11 13:14:44 +08:00
|
|
|
print('Files saved!')
|
2014-12-17 07:25:12 +08:00
|
|
|
except Exception as er:
|
2019-01-06 17:50:07 +08:00
|
|
|
print(f'Error saving XML file: {er}')
|
2019-01-11 15:21:45 +08:00
|
|
|
print('\n\n')
|
|
|
|
|
sys.exit(0)
|
2014-12-17 07:25:12 +08:00
|
|
|
|
2018-12-16 11:07:37 +08:00
|
|
|
|
2019-01-13 14:17:06 +08:00
|
|
|
if __name__ == '__main__':
|
2014-12-17 07:25:12 +08:00
|
|
|
try:
|
2019-01-14 10:11:23 +08:00
|
|
|
start()
|
2014-12-17 07:25:12 +08:00
|
|
|
except KeyboardInterrupt:
|
2019-01-11 13:14:44 +08:00
|
|
|
print('\n\n\033[93m[!] ctrl+c detected from user, quitting.\n\n \033[0m')
|
2018-11-23 05:20:06 +08:00
|
|
|
except Exception:
|
|
|
|
|
import traceback
|
|
|
|
|
print(traceback.print_exc())
|
2019-01-14 02:48:47 +08:00
|
|
|
sys.exit(1)
|
