Merge remote-tracking branch 'upstream/master' into dev

2024-09-22 16:26:34 +08:00 · 2020-07-19 06:11:36 +01:00 · 2020-07-19 06:11:36 +01:00 · bee36585fa
parent 671a3b548f 95a3927984
commit bee36585fa
4 changed files with 10 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -87,7 +87,7 @@ Passive:
 Active:
 -------
 * DNS brute force: dictionary brute force enumeration
-
+* Screenshots: Take screenshots of subdomains that were found

 Modules that require an API key:
 --------------------------------
--- a/theHarvester/main.py
+++ b/theHarvester/main.py
@ -587,7 +587,7 @@ async def handler(lst):
        # Verify path exists if not create it or if user does not create it skip screenshot
        if path_exists:
            await screen_shotter.verify_installation()
-            print(f'\nScreenshots can be found: {screen_shotter.output}{screen_shotter.slash}')
+            print(f'\nScreenshots can be found in: {screen_shotter.output}{screen_shotter.slash}')
            start_time = time.perf_counter()
            print('Filtering domains for ones we can reach')
            unique_resolved_domains = {url.split(':')[0]for url in full if ':' in url and 'www.' not in url}
--- a/theHarvester/discovery/dnssearch.py
+++ b/theHarvester/discovery/dnssearch.py
@ -40,7 +40,7 @@ def __init__(self, domain, dnsserver, verbose=False):
        self.list = [f'{word.strip()}.{self.domain}' for word in self.list]

    async def run(self):
-        print(f'Created checker with this many words {len(self.list)}')
+        print(f'Starting DNS brute forcing with {len(self.list)} words')
        checker = hostchecker.Checker(
            self.list) if self.dnsserver == [] or self.dnsserver == "" or self.dnsserver is None \
            else hostchecker.Checker(self.list, nameserver=self.dnsserver)
--- a/theHarvester/screenshot/screenshot.py
+++ b/theHarvester/screenshot/screenshot.py
@ -6,8 +6,10 @@
 from pyppeteer import launch
 import aiohttp
 import asyncio
+import certifi
 from datetime import datetime
 import os
+import ssl
 import sys


@ -21,7 +23,8 @@ def __init__(self, output):
    def verify_path(self):
        try:
            if not os.path.isdir(self.output):
-                answer = input('[+] The output path you have entered does not exist would you like to create it (y/n): ')
+                answer = input(
+                    '[+] The output path you have entered does not exist would you like to create it (y/n): ')
                if answer.lower() == 'yes' or answer.lower() == 'y':
                    os.mkdir(self.output)
                    return True
@ -53,9 +56,10 @@ async def visit(url):
                                     'Chrome/83.0.4103.106 Safari/537.36'}
            url = f'http://{url}' if ('http' not in url and 'https' not in url) else url
            url = url.replace('www.', '')
+            sslcontext = ssl.create_default_context(cafile=certifi.where())
            async with aiohttp.ClientSession(timeout=timeout, headers=headers,
-                                             connector=aiohttp.TCPConnector(verify_ssl=False)) as session:
-                async with session.get(url) as resp:
+                                             connector=aiohttp.TCPConnector(ssl=sslcontext)) as session:
+                async with session.get(url, verify_ssl=False) as resp:
                    # TODO fix with origin url, should be there somewhere
                    text = await resp.text("UTF-8")
                    return f'http://{url}' if ('http' not in url and 'https' not in url) else url, text