From 9023ddcb8351de08af095b9160be89f7e03c8778 Mon Sep 17 00:00:00 2001 From: David Gisser Date: Sun, 28 Oct 2018 18:12:20 -0400 Subject: [PATCH] address flake8 issues ran autopep8 --in-place --aggressive --aggressive --max-line-length=80 --recursive . --- Reconnoitre/lib/core/input.py | 153 +++++++++++++----------- Reconnoitre/lib/file_helper.py | 42 +++++-- Reconnoitre/lib/find_dns.py | 14 ++- Reconnoitre/lib/service_scan.py | 130 +++++++++++++++----- Reconnoitre/lib/snmp_walk.py | 28 +++-- Reconnoitre/lib/virtual_host_scanner.py | 47 +++++--- Reconnoitre/reconnoitre.py | 72 ++++++++--- setup.py | 24 ++-- tests/validate_config.py | 108 ++++++++++++----- 9 files changed, 431 insertions(+), 187 deletions(-) diff --git a/Reconnoitre/lib/core/input.py b/Reconnoitre/lib/core/input.py index ce2a754..5407626 100644 --- a/Reconnoitre/lib/core/input.py +++ b/Reconnoitre/lib/core/input.py @@ -22,34 +22,42 @@ def parse(self, argv): def setup_parser(): parser = ArgumentParser() - parser.add_argument("-t", - dest="target_hosts", - required=True, - help="Set a target range of addresses to target. Ex 10.11.1.1-255") - - parser.add_argument("-o", - dest="output_directory", - required=True, - help="Set the output directory. Ex /root/Documents/labs/") - - parser.add_argument("-w", - dest="wordlist", - required=False, - help="Set the wordlist to use for generated commands. Ex /usr/share/wordlist.txt", - default=False) - - parser.add_argument("-p", - dest="port", - required=False, - help="Set the port to use. Leave blank to use discovered ports. " - "Useful to force virtual host scanning on non-standard webserver ports.", - default=80) - - parser.add_argument("--pingsweep", - dest="ping_sweep", - action="store_true", - help="Write a new target.txt by performing a ping sweep and discovering live hosts.", - default=False) + parser.add_argument( + "-t", + dest="target_hosts", + required=True, + help="Set a target range of addresses to target. Ex 10.11.1.1-255") + + parser.add_argument( + "-o", + dest="output_directory", + required=True, + help="Set the output directory. Ex /root/Documents/labs/") + + parser.add_argument( + "-w", + dest="wordlist", + required=False, + help="Set the wordlist to use for generated commands." + " Ex /usr/share/wordlist.txt", + default=False) + + parser.add_argument( + "-p", + dest="port", + required=False, + help="Set the port to use. Leave blank to use discovered ports. " + "Useful to force virtual host " + "scanning on non-standard webserver ports.", + default=80) + + parser.add_argument( + "--pingsweep", + dest="ping_sweep", + action="store_true", + help="Write a new target.txt by performing " + "a ping sweep and discovering live hosts.", + default=False) parser.add_argument("--dns", "--dnssweep", dest="find_dns_servers", @@ -63,11 +71,13 @@ def setup_parser(): help="Perform service scan over targets.", default=False) - parser.add_argument("--hostnames", - dest="hostname_scan", - action="store_true", - help="Attempt to discover target hostnames and write to 0-name.txt and hostnames.txt.", - default=False) + parser.add_argument( + "--hostnames", + dest="hostname_scan", + action="store_true", + help="Attempt to discover target hostnames and " + "write to 0-name.txt and hostnames.txt.", + default=False) parser.add_argument("--snmp", dest="perform_snmp_walk", @@ -75,40 +85,49 @@ def setup_parser(): help="Perform service scan over targets.", default=False) - parser.add_argument("--quick", - dest="quick", - action="store_true", - required=False, - help="Move to the next target after performing a quick scan and writing " - "first-round recommendations.", - default=False) - - parser.add_argument("--virtualhosts", - dest="virtualhosts", - action="store_true", - required=False, - help="Attempt to discover virtual hosts using the specified wordlist.", - default=False) - - parser.add_argument('--ignore-http-codes', - dest='ignore_http_codes', - type=str, - help='Comma separated list of http codes to ignore with virtual host scans.', - default='404') - - parser.add_argument('--ignore-content-length', - dest='ignore_content_length', - type=int, - help='Ignore content lengths of specificed amount. ' - 'This may become useful when a server returns a static page on ' - 'every virtual host guess.', - default=0) - - parser.add_argument("--quiet", - dest="quiet", - action="store_true", - help="Supress banner and headers to limit to comma dilimeted results only.", - default=False) + parser.add_argument( + "--quick", + dest="quick", + action="store_true", + required=False, + help="Move to the next target after " + "performing a quick scan and writing " + "first-round recommendations.", + default=False) + + parser.add_argument( + "--virtualhosts", + dest="virtualhosts", + action="store_true", + required=False, + help="Attempt to discover virtual hosts " + "using the specified wordlist.", + default=False) + + parser.add_argument( + '--ignore-http-codes', + dest='ignore_http_codes', + type=str, + help='Comma separated list of http ' + 'codes to ignore with virtual host scans.', + default='404') + + parser.add_argument( + '--ignore-content-length', + dest='ignore_content_length', + type=int, + help='Ignore content lengths of specificed amount. ' + 'This may become useful when a server returns a static page on ' + 'every virtual host guess.', + default=0) + + parser.add_argument( + "--quiet", + dest="quiet", + action="store_true", + help="Supress banner and headers to limit " + "to comma dilimeted results only.", + default=False) parser.add_argument("--no-udp", dest="no_udp_service_scan", diff --git a/Reconnoitre/lib/file_helper.py b/Reconnoitre/lib/file_helper.py index 7991cbd..5579dc5 100644 --- a/Reconnoitre/lib/file_helper.py +++ b/Reconnoitre/lib/file_helper.py @@ -27,7 +27,14 @@ def expand_targets(target_hosts, output_directory): if "-" in part: iprange = part.split("-") for i in range(int(iprange[0]), int(iprange[1])): - target_list.append(parts[0] + "." + parts[1] + "." + parts[2] + "." + str(i)) + target_list.append( + parts[0] + + "." + + parts[1] + + "." + + parts[2] + + "." + + str(i)) with open(output_directory + "/targets.txt", "w") as targets: for target in target_list: targets.write("%s\n" % target) @@ -89,32 +96,49 @@ def write_recommendations(results, ip_address, outputdir): print("[+] Writing findings for %s" % (ip_address)) - __location__ = os.path.realpath(os.path.join(os.getcwd(), os.path.dirname(__file__))) + __location__ = os.path.realpath( + os.path.join( + os.getcwd(), + os.path.dirname(__file__))) with open(os.path.join(__location__, "config.json"), "r") as config: c = config.read() - j = json.loads(c.replace("$ip", "%(ip)s").replace("$port", "%(port)s").replace("$outputdir", "%(outputdir)s")) + j = json.loads( + c.replace( + "$ip", + "%(ip)s").replace( + "$port", + "%(port)s").replace( + "$outputdir", + "%(outputdir)s")) f = open(recommendations_file, 'w') for serv in serv_dict: ports = serv_dict[serv] for service in j["services"]: - if (serv in j["services"][service]["nmap-service-names"]) or (service in serv): + if (serv in j["services"][service] + ["nmap-service-names"]) or (service in serv): for port in ports: port = port.split("/")[0] - description = "[*] " + j["services"][service]["description"] + description = "[*] " + + j["services"][service]["description"] print(description % {"ip": ip_address, "port": port}) - f.write((description + "\n") % {"ip": ip_address, "port": port}) + f.write((description + "\n") % + {"ip": ip_address, "port": port}) for entry in j["services"][service]["output"]: f.write(" [*] " + entry["description"] + "\n") for cmd in entry["commands"]: - f.write( - (" [=] " + cmd + "\n") % {"ip": ip_address, "port": port, "outputdir": outputdir}) + f.write((" [=] " + cmd + "\n") % + {"ip": ip_address, + "port": port, + "outputdir": outputdir}) f.write("\n") - f.write("\n\n[*] Always remember to manually go over the portscan report and carefully read between the lines ;)") + f.write( + "\n\n[*] Always remember to manually go over the" + " portscan report and carefully read between the lines ;)") f.close() diff --git a/Reconnoitre/lib/find_dns.py b/Reconnoitre/lib/find_dns.py index 38fb816..353ab19 100644 --- a/Reconnoitre/lib/find_dns.py +++ b/Reconnoitre/lib/find_dns.py @@ -32,12 +32,18 @@ def find_dns(target_hosts, output_directory, quiet): for line in lines: line = line.strip() line = line.rstrip() - if ("53/tcp" in line) and ("open" in line) and ("Discovered" not in line): - print(" [=] Found DNS service running on: %s" % (ip_address)) - output_file.write("[*] Found DNS service running on: %s\n" % (ip_address)) + if (("53/tcp" in line) and ("open" in line) + and ("Discovered" not in line)): + print( + " [=] Found DNS service running on: %s" % + (ip_address)) + output_file.write( + "[*] Found DNS service running on: %s\n" % + (ip_address)) output_file.write(" [>] %s\n" % (line)) output_targets.write("%s" % (ip_address)) dnscount += 1 - print("[*] Found %s DNS servers within %s hosts" % (str(dnscount), str(hostcount))) + print("[*] Found %s DNS servers within %s hosts" % + (str(dnscount), str(hostcount))) output_file.close() output_targets.close() diff --git a/Reconnoitre/lib/service_scan.py b/Reconnoitre/lib/service_scan.py index 83702ad..4bc42b0 100644 --- a/Reconnoitre/lib/service_scan.py +++ b/Reconnoitre/lib/service_scan.py @@ -8,12 +8,19 @@ from file_helper import write_recommendations -def nmap_scan(ip_address, output_directory, dns_server, quick, no_udp_service_scan): +def nmap_scan( + ip_address, + output_directory, + dns_server, + quick, + no_udp_service_scan): ip_address = ip_address.strip() print("[+] Starting quick nmap scan for %s" % (ip_address)) - QUICKSCAN = "nmap -sC -sV %s -oA '%s/%s.quick'" % (ip_address, output_directory, ip_address) - quickresults = subprocess.check_output(QUICKSCAN, shell=True).decode("utf-8") + QUICKSCAN = "nmap -sC -sV %s -oA '%s/%s.quick'" % ( + ip_address, output_directory, ip_address) + quickresults = subprocess.check_output( + QUICKSCAN, shell=True).decode("utf-8") write_recommendations(quickresults, ip_address, output_directory) print("[*] TCP quick scans completed for %s" % ip_address) @@ -22,28 +29,53 @@ def nmap_scan(ip_address, output_directory, dns_server, quick, no_udp_service_sc return if dns_server: - print("[+] Starting detailed TCP%s nmap scans for %s using DNS Server %s" % ( - ("" if no_udp_service_scan is True else "/UDP"), ip_address, dns_server)) + print( + "[+] Starting detailed TCP%s nmap scans for " + "%s using DNS Server %s" % + (("" if no_udp_service_scan is True else "/UDP"), + ip_address, + dns_server)) print("[+] Using DNS server %s" % (dns_server)) - TCPSCAN = "nmap -vv -Pn -sS -A -sC -p- -T 3 -script-args=unsafe=1 " \ - "--dns-servers %s -oN '%s/%s.nmap' -oX '%s/%s_nmap_scan_import.xml' %s" % ( - dns_server, output_directory, ip_address, output_directory, ip_address, ip_address) - UDPSCAN = "nmap -vv -Pn -A -sC -sU -T 4 --top-ports 200 --max-retries 0 " \ - "--dns-servers %s -oN '%s/%sU.nmap' -oX '%s/%sU_nmap_scan_import.xml' %s" % ( - dns_server, output_directory, ip_address, output_directory, ip_address, ip_address) + TCPSCAN = "nmap -vv -Pn -sS -A -sC -p- -T 3 -script-args=unsafe=1 " + "--dns-servers %s -oN '%s/%s.nmap' -oX " + "'%s/%s_nmap_scan_import.xml' %s" % ( + dns_server, + output_directory, + ip_address, + output_directory, + ip_address, + ip_address) + UDPSCAN = "nmap -vv -Pn -A -sC -sU -T 4 --top-ports 200 " + "--max-retries 0 --dns-servers %s -oN '%s/%sU.nmap' " + "-oX '%s/%sU_nmap_scan_import.xml' %s" % ( + dns_server, + output_directory, + ip_address, + output_directory, + ip_address, + ip_address) else: print("[+] Starting detailed TCP%s nmap scans for %s" % ( ("" if no_udp_service_scan is True else "/UDP"), ip_address)) - TCPSCAN = "nmap -vv -Pn -sS -A -sC -p- -T 3 " \ - "-script-args=unsafe=1 -n %s -oN '%s/%s.nmap' -oX '%s/%s_nmap_scan_import.xml' %s" % ( - dns_server, output_directory, ip_address, output_directory, ip_address, ip_address) - UDPSCAN = "nmap -sC -sV -sU %s -oA '%s/%s-udp'" % (ip_address, output_directory, ip_address) - - udpresults = "" if no_udp_service_scan is True else subprocess.check_output(UDPSCAN, shell=True).decode("utf-8") + TCPSCAN = "nmap -vv -Pn -sS -A -sC -p- -T 3 " + "-script-args=unsafe=1 -n %s -oN '%s/%s.nmap' " + "-oX '%s/%s_nmap_scan_import.xml' %s" % ( + dns_server, + output_directory, + ip_address, + output_directory, + ip_address, + ip_address) + UDPSCAN = "nmap -sC -sV -sU %s -oA '%s/%s-udp'" % ( + ip_address, output_directory, ip_address) + + udpresult = "" if no_udp_service_scan is True else subprocess.check_output( + UDPSCAN, shell=True).decode("utf-8") tcpresults = subprocess.check_output(TCPSCAN, shell=True).decode("utf-8") - write_recommendations(tcpresults + udpresults, ip_address, output_directory) - print("[*] TCP%s scans completed for %s" % (("" if no_udp_service_scan is True else "/UDP"), ip_address)) + write_recommendations(tcpresults + udpresult, ip_address, output_directory) + print("[*] TCP%s scans completed for %s" % + (("" if no_udp_service_scan is True else "/UDP"), ip_address)) def valid_ip(address): @@ -54,7 +86,13 @@ def valid_ip(address): return False -def target_file(target_hosts, output_directory, dns_server, quiet, quick, no_udp_service_scan): +def target_file( + target_hosts, + output_directory, + dns_server, + quiet, + quick, + no_udp_service_scan): targets = load_targets(target_hosts, output_directory, quiet) target_file = open(targets, 'r') try: @@ -71,14 +109,26 @@ def target_file(target_hosts, output_directory, dns_server, quiet, quick, no_udp nmap_directory = host_directory + "/scans" jobs = [] - p = multiprocessing.Process(target=nmap_scan, - args=(ip_address, nmap_directory, dns_server, quick, no_udp_service_scan)) + p = multiprocessing.Process( + target=nmap_scan, + args=( + ip_address, + nmap_directory, + dns_server, + quick, + no_udp_service_scan)) jobs.append(p) p.start() target_file.close() -def target_ip(target_hosts, output_directory, dns_server, quiet, quick, no_udp_service_scan): +def target_ip( + target_hosts, + output_directory, + dns_server, + quiet, + quick, + no_udp_service_scan): print("[*] Loaded single target: %s" % target_hosts) target_hosts = target_hosts.strip() create_dir_structure(target_hosts, output_directory) @@ -87,16 +137,40 @@ def target_ip(target_hosts, output_directory, dns_server, quiet, quick, no_udp_s nmap_directory = host_directory + "/scans" jobs = [] - p = multiprocessing.Process(target=nmap_scan, - args=(target_hosts, nmap_directory, dns_server, quick, no_udp_service_scan)) + p = multiprocessing.Process( + target=nmap_scan, + args=( + target_hosts, + nmap_directory, + dns_server, + quick, + no_udp_service_scan)) jobs.append(p) p.start() -def service_scan(target_hosts, output_directory, dns_server, quiet, quick, no_udp_service_scan): +def service_scan( + target_hosts, + output_directory, + dns_server, + quiet, + quick, + no_udp_service_scan): check_directory(output_directory) if (valid_ip(target_hosts)): - target_ip(target_hosts, output_directory, dns_server, quiet, quick, no_udp_service_scan) + target_ip( + target_hosts, + output_directory, + dns_server, + quiet, + quick, + no_udp_service_scan) else: - target_file(target_hosts, output_directory, dns_server, quiet, quick, no_udp_service_scan) + target_file( + target_hosts, + output_directory, + dns_server, + quiet, + quick, + no_udp_service_scan) diff --git a/Reconnoitre/lib/snmp_walk.py b/Reconnoitre/lib/snmp_walk.py index e514352..bdd871d 100644 --- a/Reconnoitre/lib/snmp_walk.py +++ b/Reconnoitre/lib/snmp_walk.py @@ -29,7 +29,9 @@ def target_file(target_hosts, output_directory, quiet): check_directory(snmp_directory) jobs = [] - p = multiprocessing.Process(target=snmp_scans, args=(ip_address, snmp_directory)) + p = multiprocessing.Process( + target=snmp_scans, args=( + ip_address, snmp_directory)) jobs.append(p) p.start() target_file.close() @@ -43,7 +45,9 @@ def target_ip(target_hosts, output_directory, quiet): check_directory(snmp_directory) jobs = [] - p = multiprocessing.Process(target=snmp_scans, args=(target_hosts, snmp_directory)) + p = multiprocessing.Process( + target=snmp_scans, args=( + target_hosts, snmp_directory)) jobs.append(p) p.start() @@ -58,16 +62,24 @@ def snmp_walk(target_hosts, output_directory, quiet): def snmp_scans(ip_address, output_directory): - print("[+] Performing SNMP scans for %s to %s" % (ip_address, output_directory)) - print(" [>] Performing snmpwalk on public tree for: %s - Checking for System Processes" % (ip_address)) - SCAN = "snmpwalk -c public -v1 %s 1.3.6.1.2.1.25.1.6.0 > '%s%s-systemprocesses.txt'" % ( + print("[+] Performing SNMP scans for %s to %s" % + (ip_address, output_directory)) + print( + " [>] Performing snmpwalk on public tree for:" + " %s - Checking for System Processes" % + (ip_address)) + SCAN = "snmpwalk -c public -v1 %s " + "1.3.6.1.2.1.25.1.6.0 > '%s%s-systemprocesses.txt'" % ( ip_address, output_directory, ip_address) try: - subprocess.check_output(SCAN, stderr=subprocess.STDOUT, shell=True).decode("utf-8").decode('utf-8') - except Exception as e: + subprocess.check_output( + SCAN, + stderr=subprocess.STDOUT, + shell=True).decode("utf-8").decode('utf-8') + except Exception: print("[+] No Response from %s" % ip_address) - except subprocess.CalledProcessError as cpe: + except subprocess.CalledProcessError: print("[+] Subprocess failure during scan of %s" % ip_address) print("[+] Completed SNMP scans for %s" % (ip_address)) diff --git a/Reconnoitre/lib/virtual_host_scanner.py b/Reconnoitre/lib/virtual_host_scanner.py index d18d22f..831dbcb 100644 --- a/Reconnoitre/lib/virtual_host_scanner.py +++ b/Reconnoitre/lib/virtual_host_scanner.py @@ -19,24 +19,39 @@ class VirtualHostScanner(object): """ - def __init__(self, target, output, port=80, ignore_http_codes='404', ignore_content_length=0, - wordlist="./wordlist/virtual-host-scanning.txt"): + def __init__( + self, + target, + output, + port=80, + ignore_http_codes='404', + ignore_content_length=0, + wordlist="./wordlist/virtual-host-scanning.txt"): self.target = target self.output = output + '/' + target + '_virtualhosts.txt' self.port = port - self.ignore_http_codes = list(map(int, ignore_http_codes.replace(' ', '').split(','))) + self.ignore_http_codes = list( + map(int, ignore_http_codes.replace(' ', '').split(','))) self.ignore_content_length = ignore_content_length self.wordlist = wordlist def scan(self): - print("[+] Starting virtual host scan for %s using port %s and wordlist %s" % ( - self.target, str(self.port), self.wordlist)) + print( + "[+] Starting virtual host scan for" + " %s using port %s and wordlist %s" % + (self.target, str( + self.port), self.wordlist)) print("[>] Ignoring HTTP codes: %s" % (self.ignore_http_codes)) if (self.ignore_content_length > 0): - print("[>] Ignoring Content length: %s" % (self.ignore_content_length)) + print( + "[>] Ignoring Content length: %s" % + (self.ignore_content_length)) if not os.path.exists(self.wordlist): - print("[!] Wordlist %s doesn't exist, exiting virtual host scanner." % self.wordlist) + print( + "[!] Wordlist %s doesn't exist," + " exiting virtual host scanner." % + self.wordlist) return virtual_host_list = open(self.wordlist).read().splitlines() @@ -46,11 +61,13 @@ def scan(self): hostname = virtual_host.replace('%s', self.target) headers = { - 'Host': hostname if self.port == 80 else '{}:{}'.format(hostname, self.port), - 'Accept': '*/*' - } + 'Host': hostname if self.port == 80 else '{}:{}'.format( + hostname, self.port), 'Accept': '*/*'} - dest_url = '{}://{}:{}/'.format('https' if int(self.port) == 443 else 'http', self.target, self.port) + dest_url = '{}://{}:{}/'.format('https' if int(self.port) + == 443 else 'http', + self.target, + self.port) try: res = requests.get(dest_url, headers=headers, verify=False) @@ -60,11 +77,13 @@ def scan(self): if res.status_code in self.ignore_http_codes: continue - if self.ignore_content_length > 0 and self.ignore_content_length == int(res.headers.get('content-length')): + if (self.ignore_content_length > 0 and + self.ignore_content_length == int( + res.headers.get('content-length'))): continue - output = 'Found: {} (code: {}, length: {})'.format(hostname, res.status_code, - res.headers.get('content-length')) + output = 'Found: {} (code: {}, length: {})'.format( + hostname, res.status_code, res.headers.get('content-length')) results += output + '\n' print(output) diff --git a/Reconnoitre/reconnoitre.py b/Reconnoitre/reconnoitre.py index ccab11a..d4bffc6 100644 --- a/Reconnoitre/reconnoitre.py +++ b/Reconnoitre/reconnoitre.py @@ -14,7 +14,7 @@ def print_banner(): print(" __") - print("|\"\"\"\-= RECONNOITRE") + print(r"|\"\"\"\-= RECONNOITRE") print("(____) An OSCP scanner by @codingo_\n") @@ -30,11 +30,15 @@ def util_checks(util=None): if shutil.which(util) is None: if util is "nmap": print( - " [!] nmap was not found on your system. Exiting since we wont be able to scan anything. " + " [!] nmap was not found on your system." + " Exiting since we wont be able to scan anything. " "Please install nmap and try again.") sys.exit(1) else: - print(" [-] %s was not found in your system. Scan types using this will fail." % util) + print( + " [-] %s was not found in your system." + " Scan types using this will fail." % + util) return "Not Found" else: return "Found" @@ -43,11 +47,15 @@ def util_checks(util=None): if spawn.find_executable(util) is None: if util is "nmap": print( - " [!] nmap was not found on your system. Exiting since we wont be able to scan anything. " + " [!] nmap was not found on your system." + " Exiting since we wont be able to scan anything. " "Please install nmap and try again.") sys.exit(1) else: - print(" [-] %s was not found in your system. Scan types using this will fail." % util) + print( + " [-] %s was not found in your system." + " Scan types using this will fail." % + util) return "Not Found" else: return "Found" @@ -66,43 +74,71 @@ def main(): print_banner() print("[+] Testing for required utilities on your system.") - utils = ['nmap', 'snmpwalk', 'nbtscan'] # list of utils to check on local system. + # list of utils to check on local system. + utils = ['nmap', 'snmpwalk', 'nbtscan'] for util in utils: util_checks(util) if arguments.ping_sweep is True: print("[#] Performing ping sweep") - ping_sweeper(arguments.target_hosts, arguments.output_directory, arguments.quiet) + ping_sweeper( + arguments.target_hosts, + arguments.output_directory, + arguments.quiet) if arguments.hostname_scan is True: print("[#] Identifying hostnames") - hostname_scan(arguments.target_hosts, arguments.output_directory, arguments.quiet) + hostname_scan( + arguments.target_hosts, + arguments.output_directory, + arguments.quiet) if arguments.find_dns_servers is True: print("[#] Identifying DNS Servers") - find_dns(arguments.target_hosts, arguments.output_directory, arguments.quiet) + find_dns( + arguments.target_hosts, + arguments.output_directory, + arguments.quiet) if arguments.perform_service_scan is True: print("[#] Performing service scans") if arguments.find_dns_servers is True: - service_scan(arguments.target_hosts, arguments.output_directory, arguments.find_dns_servers, - arguments.quiet, arguments.quick, arguments.no_udp_service_scan) + service_scan( + arguments.target_hosts, + arguments.output_directory, + arguments.find_dns_servers, + arguments.quiet, + arguments.quick, + arguments.no_udp_service_scan) else: - service_scan(arguments.target_hosts, arguments.output_directory, '', arguments.quiet, arguments.quick, - arguments.no_udp_service_scan) + service_scan( + arguments.target_hosts, + arguments.output_directory, + '', + arguments.quiet, + arguments.quick, + arguments.no_udp_service_scan) if arguments.perform_snmp_walk is True: print("[#] Performing SNMP walks") - snmp_walk(arguments.target_hosts, arguments.output_directory, arguments.quiet) + snmp_walk( + arguments.target_hosts, + arguments.output_directory, + arguments.quiet) if arguments.virtualhosts is True: print("[#] Performing Virtual host scans") if arguments.wordlist is False: - print("[!] No wordlist was provided, skipping virtual host scanning.") + print("[!] No wordlist was provided," + " skipping virtual host scanning.") else: - scanner = VirtualHostScanner(arguments.target_hosts, arguments.output_directory, arguments.port, - arguments.ignore_http_codes, arguments.ignore_content_length, - arguments.wordlist) + scanner = VirtualHostScanner( + arguments.target_hosts, + arguments.output_directory, + arguments.port, + arguments.ignore_http_codes, + arguments.ignore_content_length, + arguments.wordlist) scanner.scan() diff --git a/setup.py b/setup.py index 58c479e..dce0eb8 100644 --- a/setup.py +++ b/setup.py @@ -13,20 +13,24 @@ def dependencies(imported_file): setup( name="Reconnoitre", license="GPLv3", - description="A reconnaissance tool made for the OSCP labs to automate information gathering, " - "and service enumeration whilst creating a directory structure to store results," - "findings and exploits used for each host, recommended commands to execute " - "and directory structures for storing loot and flags.", + description="A reconnaissance tool made for the OSCP " + "labs to automate information gathering, " + "and service enumeration whilst creating a " + "directory structure to store results," + "findings and exploits used for each host, " + "recommended commands to execute " + "and directory structures for storing loot and flags.", long_description=file.read(), author="codingo", version=__version__, author_email="codingo@protonmail.com", url="https://github.com/codingo/Reconnoitre", - packages=find_packages(exclude=('tests')), - package_data={'Reconnoitre': ['*.txt', '*.json']}, + packages=find_packages( + exclude=('tests')), + package_data={ + 'Reconnoitre': [ + '*.txt', + '*.json']}, entry_points={ - 'console_scripts': [ - 'reconnoitre = Reconnoitre.reconnoitre:main' - ] - }, + 'console_scripts': ['reconnoitre = Reconnoitre.reconnoitre:main']}, include_package_data=True) diff --git a/tests/validate_config.py b/tests/validate_config.py index c382d13..29d4c07 100644 --- a/tests/validate_config.py +++ b/tests/validate_config.py @@ -12,35 +12,85 @@ def main(): parser = ArgumentParser() - parser.add_argument("-t", dest="target_hosts", required=True, - help="Set a target range of addresses to target. Ex 10.11.1.1-255") - parser.add_argument("-o", dest="output_directory", required=True, - help="Set the output directory. Ex /root/Documents/labs/") - parser.add_argument("-w", dest="wordlist", required=False, - help="Set the wordlist to use for generated commands. Ex /usr/share/wordlist.txt") - parser.add_argument("--pingsweep", dest="ping_sweep", action="store_true", - help="Write a new target.txt by performing a ping sweep and discovering live hosts.", - default=False) - parser.add_argument("--dns", dest="find_dns_servers", action="store_true", - help="Find DNS servers from a list of targets.", default=False) - parser.add_argument("--services", dest="perform_service_scan", action="store_true", - help="Perform service scan over targets.", default=False) - parser.add_argument("--hostnames", dest="hostname_scan", action="store_true", - help="Attempt to discover target hostnames and write to 0-name.txt and hostnames.txt.", - default=False) - parser.add_argument("--snmp", dest="perform_snmp_walk", action="store_true", - help="Perform service scan over targets.", default=False) - parser.add_argument("--quick", dest="quick", action="store_true", required=False, - help="Move to the next target after performing a quick scan " - "and writing first-round recommendations.", default=False) - parser.add_argument("--quiet", dest="quiet", action="store_true", - help="Supress banner and headers to limit to comma dilimeted results only.", default=False) - parser.add_argument("--exec", dest="follow", action="store_true", - help="Execute shell comamnds from recommendations as they are discovered. " - "Likely to lead to very long execute times depending on the wordlist being used.", - default=False) - parser.add_argument("--simple_exec", dest="quickfollow", action="store_true", - help="Execute non-brute forcing shell comamnds only as they are discovered.", default=False) + parser.add_argument( + "-t", + dest="target_hosts", + required=True, + help="Set a target range of addresses to target. Ex 10.11.1.1-255") + parser.add_argument( + "-o", + dest="output_directory", + required=True, + help="Set the output directory. Ex /root/Documents/labs/") + parser.add_argument( + "-w", + dest="wordlist", + required=False, + help="Set the wordlist to use for generated" + " commands. Ex /usr/share/wordlist.txt") + parser.add_argument( + "--pingsweep", + dest="ping_sweep", + action="store_true", + help="Write a new target.txt by performing" + " a ping sweep and discovering live hosts.", + default=False) + parser.add_argument( + "--dns", + dest="find_dns_servers", + action="store_true", + help="Find DNS servers from a list of targets.", + default=False) + parser.add_argument( + "--services", + dest="perform_service_scan", + action="store_true", + help="Perform service scan over targets.", + default=False) + parser.add_argument( + "--hostnames", + dest="hostname_scan", + action="store_true", + help="Attempt to discover target hostnames" + " and write to 0-name.txt and hostnames.txt.", + default=False) + parser.add_argument( + "--snmp", + dest="perform_snmp_walk", + action="store_true", + help="Perform service scan over targets.", + default=False) + parser.add_argument( + "--quick", + dest="quick", + action="store_true", + required=False, + help="Move to the next target after performing a quick scan " + "and writing first-round recommendations.", + default=False) + parser.add_argument( + "--quiet", + dest="quiet", + action="store_true", + help="Supress banner and headers to limit" + " to comma dilimeted results only.", + default=False) + parser.add_argument( + "--exec", + dest="follow", + action="store_true", + help="Execute shell comamnds from recommendations" + " as they are discovered. " + "Likely to lead to very long execute times" + " depending on the wordlist being used.", + default=False) + parser.add_argument( + "--simple_exec", + dest="quickfollow", + action="store_true", + help="Execute non-brute forcing shell" + " comamnds only as they are discovered.", + default=False) arguments = parser.parse_args() if len(sys.argv) == 1: