-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.py
executable file
·434 lines (358 loc) · 15.4 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
#!/usr/bin/python3
from sys import argv
import sys
try:
from libs import sublist3rx
except Exception as err:
print(err)
exit(1)
from os import path as pt
from os import makedirs, mkdir, system
from os import devnull as dnull
from threading import Thread
from time import sleep
from contextlib import contextmanager
from os import popen as pop
global_domain = ""
class bcolors:
HEADER = '\033[95m'
OKBLUE = '\033[94m'
OKCYAN = '\033[96m'
OKGREEN = '\033[92m'
WARNING = '\033[93m'
FAIL = '\033[91m'
ENDC = '\033[0m'
BOLD = '\033[1m'
UNDERLINE = '\033[4m'
@contextmanager
def suppress_stdout():
with open(dnull, "w") as devnull:
old_stdout = sys.stdout
sys.stdout = devnull
try:
yield
finally:
sys.stdout = old_stdout
def banner():
banner = f"""
{bcolors.FAIL}──▄────▄▄▄▄▄▄▄────▄───
─▀▀▄─▄█████████▄─▄▀▀──
─────██─▀███▀─██──────
───▄─▀████▀████▀─▄────
─▀█────██▀█▀██────█▀──{bcolors.ENDC}
_________ .__ ____ __. ___.
\_ ___ \| |__ _____ ____ ______ | |/ _|____\_ |______________
/ \ \/| | \\__ \ / _ \/ ___/ | < / _ \| __ \_ __ \__ \
\ \___| Y \/ __ \( <_> )___ \ | | ( <_> ) \_\ \ | \// __ \_
\______ /___| (____ /\____/____ > |____|__ \____/|___ /__| (____ /
\/ \/ \/ \/ \/ \/ \/
{bcolors.OKCYAN}\t\tChaosKobra{bcolors.ENDC} - {bcolors.OKBLUE}Just another Subdomain Enumeration Tool.{bcolors.ENDC}
"""
print(banner)
print("-" * 90 + "\n")
def help():
help = f'''
{bcolors.OKCYAN}>> Help for ChaosKobra{bcolors.ENDC}
{bcolors.FAIL}usage:{bcolors.ENDC} python3 {argv[0]} -t [domain] -o (Output File)
{bcolors.BOLD}Options:{bcolors.ENDC}
-t Target or Host
-o Output Folder (Optional)
{bcolors.OKGREEN}examples:{bcolors.ENDC}
1) python3 main.py -t example.com
2) python3 main.py -t example.com -o example
'''
print(help)
exit(1)
def url_handler(host):
global domain
if host[:8] == "https://" or host[:7] == "http://":
domain = str(host).split("://")[1].split("/")[0]
return domain
else:
domain = str(host)
return domain
def get_subfinder(global_domain, sbfinder):
# subfinder -d domain.com -o output.txt -silent
print(f"{bcolors.OKGREEN}[+]{bcolors.ENDC} {bcolors.OKBLUE}[info]{bcolors.ENDC} {bcolors.BOLD}{bcolors.OKGREEN}SubFinder{bcolors.ENDC}")
global out_file_sbfinder
out_file_sbfinder = sbfinder + '/' + "all_domains.log"
cmd = f"subfinder -d {global_domain} -o {out_file_sbfinder} -silent > /dev/null 2>&1"
system(cmd)
if pt.exists(out_file_sbfinder) and pt.isfile(out_file_sbfinder):
with open(out_file_sbfinder, "r") as handle:
reader = handle.readlines()
if len(reader) != 0:
for sub in reader:
print(f"{bcolors.OKCYAN}[Sub-Domain]{bcolors.ENDC} " + str(sub).strip("\n"))
else:
print(f"{bcolors.WARNING}[!]{bcolors.ENDC} {len(reader)} Sub-Domains Found.")
handle.close()
else:
print(f"{bcolors.WARNING}[!]{bcolors.ENDC} No Sub-Domains Found.")
pass
return out_file_sbfinder
def tailem(subfile, thread):
subfile.seek(0, 2)
while thread.is_alive():
line = subfile.readline()
if not line:
sleep(0.1)
continue
yield line
else:
pass
def amass_domains(out_file_amassx, t_amass):
try:
sleep(10)
if pt.exists(out_file_amassx):
print(f"{bcolors.WARNING}[!]{bcolors.ENDC} This will take some time.")
else:
pass
while not pt.exists(out_file_amassx):
sleep(5)
else:
if pt.exists(out_file_amassx) and pt.isfile(out_file_amassx):
subfile = open(out_file_amassx, "r")
tailit = tailem(subfile, t_amass)
for sub in tailit:
print(f"{bcolors.OKCYAN}[Sub-Domain]{bcolors.ENDC} " + str(sub).strip("\n"))
else:
print(f"{bcolors.WARNING}[!]{bcolors.ENDC} No Sub-Domains Found.")
pass
except Exception as err:
print(err)
exit(1)
def get_amass(global_domain, out_file_amassx):
# amass enum -d domain --active -o path -r 8.8.8.8,1.1.1.1,208.67.222.222,8.26.56.26,9.9.9.9,64.6.65.6,13.239.157.177,91.239.100.100
print(f"{bcolors.OKGREEN}[+]{bcolors.ENDC} {bcolors.OKBLUE}[info]{bcolors.ENDC} {bcolors.BOLD}{bcolors.OKGREEN}Amass{bcolors.ENDC}")
cmd = f"amass enum -d {global_domain} --active -o {out_file_amassx} -r 8.8.8.8,1.1.1.1 > /dev/null 2>&1"
system(cmd)
def amass_thread(global_domain, amassx):
global out_file_amassx
out_file_amassx = amassx + '/' + "all_domains.log"
t_ammas = Thread(target=get_amass, args=(global_domain, out_file_amassx))
try:
t_ammas.start()
amass_domains(out_file_amassx, t_ammas)
t_ammas.join()
except KeyboardInterrupt:
print("\n")
pass
return out_file_amassx
def get_sublister(global_domain, sblist3r):
print(f"{bcolors.OKGREEN}[+]{bcolors.ENDC} {bcolors.OKBLUE}[info]{bcolors.ENDC} {bcolors.BOLD}{bcolors.OKGREEN}Sublist3r{bcolors.ENDC}")
global out_file_sblist3r
out_file_sblist3r = sblist3r + '/' + "all_domains.log"
try:
with suppress_stdout():
sublist3rx.scanner(global_domain, out_file_sblist3r)
if pt.exists(out_file_sblist3r) and pt.isfile(out_file_sblist3r):
with open(out_file_sblist3r, "r") as handle:
reader = handle.readlines()
if len(reader) != 0:
for sub in reader:
print(f"{bcolors.OKCYAN}[Sub-Domain]{bcolors.ENDC} " + str(sub).strip("\n"))
else:
print(f"{bcolors.WARNING}[!]{bcolors.ENDC} {len(reader)} Sub-Domains Found.")
handle.close()
else:
print(f"{bcolors.WARNING}[!]{bcolors.ENDC} No Sub-Domains Found.")
pass
except Exception as err:
print(err)
exit(1)
return out_file_sblist3r
def get_domains(_root_folder, out_file_sbfinder, out_file_amassx, out_file_sblist3r):
global domains_out
domains_out = _root_folder + "sub_domains.log"
all_domains = []
final_domain_list = []
print(f"{bcolors.OKGREEN}[+]{bcolors.ENDC} {bcolors.OKBLUE}[info]{bcolors.ENDC} {bcolors.BOLD}{bcolors.OKGREEN}Gathering all Sub-Domains...{bcolors.ENDC}")
try:
if pt.exists(out_file_sbfinder) and pt.isfile(out_file_sbfinder):
with open(out_file_sbfinder, "r") as handle:
reader = handle.readlines()
for url in reader:
all_domains.append(str(url).strip("\n"))
handle.close()
else:
pass
if pt.exists(out_file_amassx) and pt.isfile(out_file_amassx):
with open(out_file_amassx, "r") as handle:
reader = handle.readlines()
for url in reader:
all_domains.append(str(url).strip("\n"))
handle.close()
else:
pass
if pt.exists(out_file_sblist3r) and pt.isfile(out_file_sblist3r):
with open(out_file_sblist3r, "r") as handle:
reader = handle.readlines()
for url in reader:
all_domains.append(str(url).strip("\n"))
handle.close()
else:
pass
for _ in all_domains:
if _ not in final_domain_list:
final_domain_list.append(_)
with open(domains_out, "a+") as handle:
for host in final_domain_list:
handle.write(host + "\n")
handle.close()
print(f"{bcolors.OKGREEN}[+] Done{bcolors.ENDC}")
return domains_out
except Exception as err:
print(err)
exit(1)
def get_httprobe(domains_out):
global httprobe_out
print(f"{bcolors.OKGREEN}[+]{bcolors.ENDC} {bcolors.OKBLUE}[info]{bcolors.ENDC} {bcolors.BOLD}{bcolors.OKGREEN}Probing for http/https{bcolors.ENDC}")
httprobe_out = _root_folder + "valid_sub-domains.log"
try:
cmd = f"cat {domains_out} | httprobe | tee -a {httprobe_out} > /dev/null 2>&1"
system(cmd)
if pt.exists(httprobe_out) and pt.isfile(httprobe_out):
with open(httprobe_out, "r") as handle:
reader = handle.readlines()
if len(reader) != 0:
for sub in reader:
print(f"{bcolors.OKCYAN}[Sub-Domain]{bcolors.ENDC} {bcolors.OKBLUE}[Alive] {bcolors.ENDC}" + str(sub).strip("\n"))
else:
print(f"{bcolors.WARNING}[!]{bcolors.ENDC} {len(reader)} Sub-Domains Alive.")
exit(1)
handle.close()
except Exception as err:
print(err)
exit(1)
def save_httpx(httpx_out, url, _title, _ip, _method, _status_code, _web_server, _tech, _follow_red):
try:
with open(httpx_out, "a+") as handle:
handle.write(url + "\n")
handle.write("\tTitle: " + _title + "\n")
handle.write("\tIP: " + _ip + "\n")
handle.write("\tMethod: " + _method + "\n")
handle.write("\tStatus Code: " + _status_code + "\n")
handle.write("\tWeb Server: " + _web_server + "\n")
handle.write("\tWeb Tech: " + _tech + "\n")
handle.write("\tRedirect(s) " + _follow_red + "\n")
handle.write("-" * 70 + "\n")
handle.close()
except Exception as err:
print(err)
exit(1)
def get_httpx(httprobe_out):
# httpx -title -tech-detect -status-code -cdn -follow-redirects -ip -method -web-server
global httpx_out
sub_domains_list = []
_title = "None"
_ip = "None"
_method = "None"
_status_code = "None"
_web_server = "None"
_tech = "None"
_follow_red = "None"
print(f"{bcolors.OKGREEN}[+]{bcolors.ENDC} {bcolors.OKBLUE}[info]{bcolors.ENDC} {bcolors.BOLD}{bcolors.OKGREEN}Analyzing Sub-Domains.{bcolors.ENDC}")
httpx_out = _root_folder + "httpx_sub-domains.log"
try:
with open(httprobe_out, "r") as handle:
reader = handle.readlines()
handle.close()
for sub in reader:
sub_domains_list.append(str(sub).strip("\n"))
for url in sub_domains_list:
print(f"{bcolors.OKCYAN}[Sub-Domain]{bcolors.ENDC} {bcolors.OKGREEN}[Analyzer] {bcolors.ENDC}" + str(url).strip("\n"))
_title = pop(f'echo "{url}" | httpxt -title -silent -no-color').read()
print(f"\t{bcolors.HEADER}[-]{bcolors.ENDC} Title:\t" + f"{bcolors.FAIL}" + " ".join(_title.split(" ")[1:]).strip("\n")[1:-1] + f"{bcolors.ENDC}")
_ip = pop(f'echo "{url}" | httpxt -ip -silent').read()
print(f"\t{bcolors.HEADER}[-]{bcolors.ENDC} IP:\t\t" + f"{bcolors.FAIL}" + " ".join(_ip.split(" ")[1:]).strip("\n")[1:-1] + f"{bcolors.ENDC}")
_method = pop(f'echo "{url}" | httpxt -method -silent -no-color').read()
print(f"\t{bcolors.HEADER}[-]{bcolors.ENDC} Method:\t" + f"{bcolors.FAIL}" + " ".join(_method.split(" ")[1:]).strip("\n")[1:-1] + f"{bcolors.ENDC}")
_status_code = pop(f'echo "{url}" | httpxt -status-code -silent -no-color').read()
print(f"\t{bcolors.HEADER}[-]{bcolors.ENDC} Status Code:\t" + f"{bcolors.FAIL}" + " ".join(_status_code.split(" ")[1:]).strip("\n")[1:-1] + f"{bcolors.ENDC}")
_web_server = pop(f'echo "{url}" | httpxt -web-server -silent -no-color').read()
print(f"\t{bcolors.HEADER}[-]{bcolors.ENDC} Web Server:\t" + f"{bcolors.FAIL}" + " ".join(_web_server.split(" ")[1:]).strip("\n")[1:-1] + f"{bcolors.ENDC}")
_tech = pop(f'echo "{url}" | httpxt -tech-detect -silent -no-color').read()
print(f"\t{bcolors.HEADER}[-]{bcolors.ENDC} Tech:\t" + f"{bcolors.FAIL}" + " ".join(_tech.split(" ")[1:]).strip("\n")[1:-1] + f"{bcolors.ENDC}")
_follow_red = pop(f'echo "{url}" | httpxt -follow-redirects -silent -no-color').read()
print(f"\t{bcolors.HEADER}[-]{bcolors.ENDC} Redirect(s):\t" + f"{bcolors.FAIL}" + " ".join(_follow_red.split(" ")[1:]).strip("\n")[1:-1] + f"{bcolors.ENDC}")
save_httpx(httpx_out, url, _title, _ip, _method, _status_code, _web_server, _tech, _follow_red)
except Exception as err:
print(err)
exit(1)
def folder_strct(results_dir, output):
global _root_folder
_root_folder = results_dir + output + "/"
global sbfinder
global amassx
global sblist3r
_folders = [
"subfinder",
"amass",
"sublist3r"
]
for every_folder in _folders:
_path = _root_folder + every_folder
if pt.exists(str(_path)) and pt.isdir(str(_path)):
pass
else:
try:
makedirs(_path)
except Exception as err:
print(err)
exit(1)
sbfinder = _root_folder + "subfinder"
amassx = _root_folder + "amass"
sblist3r = _root_folder + "sublist3r"
return [sbfinder, amassx, sblist3r, _root_folder]
def _stdout():
global results_dir
results_dir = "Output/"
if pt.exists(results_dir) and pt.isdir(results_dir):
return results_dir
else:
try:
mkdir(results_dir)
return results_dir
except Exception as err:
print(err)
exit(1)
def main(global_domain):
global output
if len(argv) < 2:
help()
elif len(argv) == 3:
if argv[1] == "-t":
host = str(argv[2])
output = host
else:
print(f"{bcolors.FAIL}Argument missing. -t(Target){bcolors.ENDC}")
help()
elif len(argv) == 5:
if argv[1] == "-t" and argv[3] == "-o":
host = str(argv[2])
output = str(argv[4])
else:
print(f"{bcolors.FAIL}Invalid Arguments...{bcolors.ENDC}")
help()
else:
print(f"{bcolors.FAIL}Invalid Arguments...{bcolors.ENDC}")
help()
_stdout()
url_handler(host)
if len(argv) == 5 and argv[3] == "-o":
folder_strct(results_dir, output)
else:
folder_strct(results_dir, domain)
global_domain = domain
print(f"{bcolors.OKBLUE}[info]{bcolors.ENDC} {bcolors.BOLD}{bcolors.OKCYAN}Subdomain Enumeration...{bcolors.ENDC}")
get_subfinder(global_domain, sbfinder)
amass_thread(global_domain, amassx)
get_sublister(global_domain, sblist3r)
print(f"\n{bcolors.OKBLUE}[info]{bcolors.ENDC} {bcolors.BOLD}{bcolors.OKCYAN}Analyzing Sub-Domians...{bcolors.ENDC}")
get_domains(_root_folder, out_file_sbfinder, out_file_amassx, out_file_sblist3r)
get_httprobe(domains_out)
get_httpx(httprobe_out)
if __name__ == '__main__':
banner()
main(global_domain)