Skip to content

Commit

Permalink
added dns check when dead subdomains, debug jinja template when no vu…
Browse files Browse the repository at this point in the history 
…lns and added filtered ports detection
  • Loading branch information
@ugomeguerditchian
ugomeguerditchian committed Mar 26, 2023
1 parent e3543f2 commit 2ffc849
Show file tree
Hide file tree
Showing 6 changed files with 110 additions and 43 deletions.
8 changes: 8 additions & 0 deletions libs/domain_parser.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import requests
import dns
from pythonping import ping
from concurrent.futures import ThreadPoolExecutor
from urllib3.exceptions import InsecureRequestWarning
Expand Down Expand Up @@ -139,6 +140,13 @@ def check_up(url: str) -> bool:
else:
return False

def check_dns(domain: str) -> bool:
try:
dns.resolver.resolve(domain, 'A')
return True
except:
return False

if __name__ == "__main__":
print(check_up("benoit.fage.fr"))
print(detect_redirect("benoit.fage.fr"))
Expand Down
27 changes: 26 additions & 1 deletion libs/ip_scan.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@
from datetime import datetime
import copy
from scapy.all import ARP, Ether, srp
import time
import random


def get_ip(domain):
#get the ip address from the domain
Expand Down Expand Up @@ -46,6 +49,20 @@ def get_ip_from_network(network: str) :
return clients


def check_filtered(host):
target_ports = range(30000, 65535)
start = time.time()
for i in random.sample(target_ports, 10):
try:
s = socket(AF_INET, SOCK_STREAM)
s.settimeout(1)
s.connect((host, i))
s.close()
except:
pass
end = time.time()
if end - start < 5:
return True

# returns True if a connection can be made, False otherwise
def test_port_number(host, port):
Expand All @@ -56,13 +73,17 @@ def test_port_number(host, port):
# connecting may fail
try:
# attempt to connect
start = time.time()
sock.connect((host, port))
# a successful connection was made
end = time.time()
#close the socket
sock.close()
return True
except:
# ignore the failure
return False

def port_scan(host, ports):
open_ports = []
logger.info(f'Scanning {host}...')
Expand All @@ -80,6 +101,10 @@ def port_scan(host, ports):
def port_scan_with_thread_limit(host: str, ports:range, thread_number: int):
#scan the host with the ports with a thread limit
#return the open ports
logger.info(f'Checking if {host} filtered...')
if check_filtered(host):
logger.warning(f'{host} is filtered')
return []
open_ports = []
logger.info(f'Scanning {host}...')
# create the thread pool
Expand Down
6 changes: 4 additions & 2 deletions libs/result_parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ def delete_star(list : list) -> list:
if i != "*":
new_list.append(i)
return new_list
def result_filter(list : list, domain : str, subdomain_with_redirect:list, dead_subdomains:list) -> dict :
def result_filter(list : list, domain : str, subdomain_with_redirect:list, dead_subdomains:list, dns_exist:list) -> dict :
#from the list of sudbomains return all subomains containing the domain
"""
dict = {
Expand All @@ -32,7 +32,8 @@ def result_filter(list : list, domain : str, subdomain_with_redirect:list, dead_
"subdomain_withdomain": [],
"subdomain_withoutdomain": [],
"subdomain_with_redirect": [],
"dead_subdomains": []
"dead_subdomains": [],
"dns_exist": []
}
for subdomain in list:
if domain in subdomain:
Expand All @@ -41,6 +42,7 @@ def result_filter(list : list, domain : str, subdomain_with_redirect:list, dead_
dict["subdomain_withoutdomain"].append(subdomain)
dict["subdomain_with_redirect"] = subdomain_with_redirect
dict["dead_subdomains"] = dead_subdomains
dict["dns_exist"] = dns_exist
return dict

def dynamic_save(all_results: dict, domain : str, mode : str):
Expand Down
10 changes: 9 additions & 1 deletion main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,11 @@ def menu():
subdomains_with_redirect=[]
temp_all_results = []
dead_subdomains = []
dns_exist = []
temp_all_results, subdomains_with_redirect, dead_subdomains = dp.detect_redirect_with_thread_limit(all_results, args.subdomainsThreads)
for dead in dead_subdomains:
if dp.check_dns(dead):
dns_exist.append(dead)
all_results = temp_all_results

cl.logger.info("Checking subdomains done")
Expand All @@ -233,9 +237,10 @@ def menu():
else :
subdomains_with_redirect = []
dead_subdomains = []
dns_exist = []
logger.info("All done")

final_dict= rp.result_filter(all_results, domain, subdomains_with_redirect, dead_subdomains)
final_dict= rp.result_filter(all_results, domain, subdomains_with_redirect, dead_subdomains, dns_exist)
logger.info(f"Subdomains containing {domain}:")
for subdomain in final_dict["subdomain_withdomain"]:
print(subdomain)
Expand All @@ -258,9 +263,11 @@ def menu():
final_dict_result= ip_dict
#pop dead_subdomains
final_dict_result["dead_subdomains"] = final_dict["dead_subdomains"]
final_dict_result["dns_exist"] = final_dict["dns_exist"]
pprint(final_dict_result)
logger.info("Done")
deads= final_dict_result.pop("dead_subdomains")
dns_exist = final_dict_result.pop("dns_exist")
logger.info("IP scanning...")
if args.IPScanType == "W":
for ip in final_dict_result :
Expand Down Expand Up @@ -296,6 +303,7 @@ def menu():
logger.info("Detecting web ports done")
logger.info("IP scanning results:")
final_dict_result["dead_subdomains"]= deads
final_dict_result["dns_exist"] = dns_exist
pprint(final_dict_result)
logger.info("Done")

Expand Down
2 changes: 1 addition & 1 deletion manifest
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
V2.1
V2.2
100 changes: 62 additions & 38 deletions website/jinja_template.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ <h2>
tabindex="0">
<div class="d-flex gap-2 flex-column">
{% for ip in data %}
{% if ip != "dead_subdomains" %}
{% if ip != "dead_subdomains" and ip !="dns_exist"%}
{% for subs_type, value in data[ip]["subdomains"].items() %}
{% if subs_type != "web_techno" and subs_type != "vulns" and
data[ip]["subdomains"][subs_type]|length >
Expand Down Expand Up @@ -206,7 +206,7 @@ <h2>
</div>
{% endif %}
{% endfor %}
{% else %}
{% elif ip=="dead_subdomains" %}
<div class="accordion"
id="Deadsaccordion">
<div class="accordion-item">
Expand All @@ -228,6 +228,28 @@ <h2>
</div>
</div>
</div>
{% elif ip=="dns_exist" %}
<div class="accordion"
id="Dnsaccordion">
<div class="accordion-item">
<h2 class="accordion-header"
id="headingDns">
{{ buttonAccordion("Dead subdomains", [data[ip]|length], "collapseOneDns")}}
</h2>
<div id="collapseOneDns"
class="accordion-collapse collapse"
aria-labelledby="headingDns"
data-bs-parent="#Dnsaccordion">
<div class="accordion-body">
<ul class="list-group">
{% for sub in data[ip] %}
<li class="list-group-item">{{sub}}</li>
{% endfor %}
</ul>
</div>
</div>
</div>
</div>
{% endif %}
{% endfor %}
</div>
Expand All @@ -240,7 +262,7 @@ <h2>
<div class="d-flex gap-2 flex-column">

{% for ip in data %}
{% if ip != "dead_subdomains" %}
{% if ip != "dead_subdomains" and ip !="dns_exist"%}
<div class="accordion"
id="IPsaccordion{{ ip }}">
<div class="accordion-item">
Expand Down Expand Up @@ -307,7 +329,7 @@ <h4>Ports</h4>
id="headingOneAll">
{% set ns = namespace(info=0, low=0, medium=0, high=0, critical=0)%}
{% for ip in data %}
{% if ip != "dead_subdomains" %}
{% if ip != "dead_subdomains" and ip !="dns_exist" and "vulns" in data[ip] %}
{% for vuln in data[ip]["vulns"] %}
{% if "info" in vuln and "severity" in vuln["info"] and vuln["info"]["severity"] == "critical" %}
{% set ns.critical = ns.critical + 1 %}
Expand Down Expand Up @@ -380,7 +402,7 @@ <h4>Ports</h4>
</thead>
<tbody>
{% for ip in data %}
{% if ip != "dead_subdomains" %}
{% if ip != "dead_subdomains" and ip !="dns_exist" and "vulns" in data[ip]["subdomains"] %}
{% for sub, vulns in data[ip]["subdomains"]["vulns"].items() %}
{% for vuln in vulns %}
<tr>
Expand Down Expand Up @@ -415,38 +437,40 @@ <h4>Ports</h4>
</tr>
{% endfor %}
{% endfor %}
{% for vuln in data[ip]["vulns"] %}
<tr>
<td>{% if "info" in vuln and "name" in vuln["info"] %}{{vuln["info"]["name"]}}{% endif %}</td>
<td>{% if "info" in vuln and "severity" in vuln["info"] %}{{vuln["info"]["severity"]}}{% endif %}</td>
<td>{% if "info" in vuln and "classification" in vuln["info"] and "cve-id" in vuln["info"]["classification"] %}{{vuln["info"]["classification"]["cve-id"]}}{% endif %}</td>
<td>{% if "info" in vuln and "classification" in vuln["info"] and "cwe-id" in vuln["info"]["classification"] %}{{vuln["info"]["classification"]["cwe-id"]}}{% endif %}</td>
<td>{% if "info" in vuln and "classification" in vuln["info"] and "cvss-metrics" in vuln["info"]["classification"] %}{{vuln["info"]["classification"]["cvss-metrics"]}}{% endif %}</td>
<td>{% if "info" in vuln and "classification" in vuln["info"] and "cvss-score" in vuln["info"]["classification"] %}{{vuln["info"]["classification"]["cvss-score"]}}{% endif %}</td>
<td>{% if "info" in vuln and "description" in vuln["info"] %}{{vuln["info"]["description"]}}{% endif %}</td>
<td>{% if "info" in vuln and "reference" in vuln["info"] %}{{vuln["info"]["reference"]}}{% endif %}</td>
<td>{% if "type" in vuln %}{{vuln["type"]}}{% endif %}</td>
<td>{% if "host" in vuln %}{{vuln["host"]}}{% endif %}</td>
<td>{% if "matched-at" in vuln %}{{vuln["matched-at"]}}{% endif %}</td>
<td>{% if "extracted-results" in vuln %}{{vuln["extracted-results"]}}{% endif %}</td>
<td>{% if "ip" in vuln %}{{vuln["ip"]}}{% endif %}</td>
<td>{% if "timestamp" in vuln %}{{vuln["timestamp"]}}{% endif %}</td>
<td>{% if "curl-command" in vuln %}{{vuln["curl-command"]}}{% endif %}</td>
<td>{% if "matcher-status" in vuln %}{{vuln["matcher-status"]}}{% endif %}</td>
<td>{% if "matched-line" in vuln %}{{vuln["matched-line"]}}{% endif %}</td>
<td>{% if "matcher-name" in vuln %}{{vuln["matcher-name"]}}{% endif %}</td>
<td>{% if "info" in vuln and "tags" in vuln["info"] %}{{vuln["info"]["tags"]}}{% endif %}</td>
<td>{% if "info" in vuln and "metadata" in vuln["info"] and "verified" in vuln["info"]["metadata"] %}{{vuln["info"]["metadata"]["verified"]}}{% endif %}</td>
<td>{% if "info" in vuln and "metadata" in vuln["info"] and "fofa-query" in vuln["info"]["metadata"] %}{{vuln["info"]["metadata"]["fofa-query"]}}{% endif %}</td>
<td>{% if "info" in vuln and "metadata" in vuln["info"] and "shodan-query" in vuln["info"]["metadata"] %}{{vuln["info"]["metadata"]["shodan-query"]}}{% endif %}</td>
<td>{% if "template" in vuln %}{{vuln["template"]}}{% endif %}</td>
<td>{% if "template-url" in vuln %}{{vuln["template-url"]}}{% endif %}</td>
<td>{% if "template-id" in vuln %}{{vuln["template-id"]}}{% endif %}</td>
<td>{% if "template-path" in vuln %}{{vuln["template-path"]}}{% endif %}</td>
<td>{% if "info" in vuln and "author" in vuln["info"] %}{{vuln["info"]["author"]}}{% endif %}</td>

</tr>
{% endfor %}
{% if "vulns" in data[ip] and data[ip]["vulns"] != [] %}
{% for vuln in data[ip]["vulns"] %}
<tr>
<td>{% if "info" in vuln and "name" in vuln["info"] %}{{vuln["info"]["name"]}}{% endif %}</td>
<td>{% if "info" in vuln and "severity" in vuln["info"] %}{{vuln["info"]["severity"]}}{% endif %}</td>
<td>{% if "info" in vuln and "classification" in vuln["info"] and "cve-id" in vuln["info"]["classification"] %}{{vuln["info"]["classification"]["cve-id"]}}{% endif %}</td>
<td>{% if "info" in vuln and "classification" in vuln["info"] and "cwe-id" in vuln["info"]["classification"] %}{{vuln["info"]["classification"]["cwe-id"]}}{% endif %}</td>
<td>{% if "info" in vuln and "classification" in vuln["info"] and "cvss-metrics" in vuln["info"]["classification"] %}{{vuln["info"]["classification"]["cvss-metrics"]}}{% endif %}</td>
<td>{% if "info" in vuln and "classification" in vuln["info"] and "cvss-score" in vuln["info"]["classification"] %}{{vuln["info"]["classification"]["cvss-score"]}}{% endif %}</td>
<td>{% if "info" in vuln and "description" in vuln["info"] %}{{vuln["info"]["description"]}}{% endif %}</td>
<td>{% if "info" in vuln and "reference" in vuln["info"] %}{{vuln["info"]["reference"]}}{% endif %}</td>
<td>{% if "type" in vuln %}{{vuln["type"]}}{% endif %}</td>
<td>{% if "host" in vuln %}{{vuln["host"]}}{% endif %}</td>
<td>{% if "matched-at" in vuln %}{{vuln["matched-at"]}}{% endif %}</td>
<td>{% if "extracted-results" in vuln %}{{vuln["extracted-results"]}}{% endif %}</td>
<td>{% if "ip" in vuln %}{{vuln["ip"]}}{% endif %}</td>
<td>{% if "timestamp" in vuln %}{{vuln["timestamp"]}}{% endif %}</td>
<td>{% if "curl-command" in vuln %}{{vuln["curl-command"]}}{% endif %}</td>
<td>{% if "matcher-status" in vuln %}{{vuln["matcher-status"]}}{% endif %}</td>
<td>{% if "matched-line" in vuln %}{{vuln["matched-line"]}}{% endif %}</td>
<td>{% if "matcher-name" in vuln %}{{vuln["matcher-name"]}}{% endif %}</td>
<td>{% if "info" in vuln and "tags" in vuln["info"] %}{{vuln["info"]["tags"]}}{% endif %}</td>
<td>{% if "info" in vuln and "metadata" in vuln["info"] and "verified" in vuln["info"]["metadata"] %}{{vuln["info"]["metadata"]["verified"]}}{% endif %}</td>
<td>{% if "info" in vuln and "metadata" in vuln["info"] and "fofa-query" in vuln["info"]["metadata"] %}{{vuln["info"]["metadata"]["fofa-query"]}}{% endif %}</td>
<td>{% if "info" in vuln and "metadata" in vuln["info"] and "shodan-query" in vuln["info"]["metadata"] %}{{vuln["info"]["metadata"]["shodan-query"]}}{% endif %}</td>
<td>{% if "template" in vuln %}{{vuln["template"]}}{% endif %}</td>
<td>{% if "template-url" in vuln %}{{vuln["template-url"]}}{% endif %}</td>
<td>{% if "template-id" in vuln %}{{vuln["template-id"]}}{% endif %}</td>
<td>{% if "template-path" in vuln %}{{vuln["template-path"]}}{% endif %}</td>
<td>{% if "info" in vuln and "author" in vuln["info"] %}{{vuln["info"]["author"]}}{% endif %}</td>

</tr>
{% endfor %}
{% endif %}
{% endif %}
{% endfor %}
</tbody>
Expand All @@ -457,7 +481,7 @@ <h4>Ports</h4>
</div>
</div>
{% for ip in data %}
{% if ip != "dead_subdomains" %}
{% if ip != "dead_subdomains" and ip !="dns_exist" and "vulns" in data[ip]["subdomains"] and "vulns" in data[ip] %}
<div class="accordion"
id="Vulnaccordion{{ ip }}">
<div class="accordion-item">
Expand Down

0 comments on commit 2ffc849

Please sign in to comment.