Commit b7258e22 authored by fxb's avatar fxb

old source

parent 589c3cb9
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package Core.Utils;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
public class ConnectHTTP {
public static String URLContent(String url) throws IOException {
URL page = new URL(url);
HttpURLConnection connection = (HttpURLConnection) page.openConnection();
connection.setReadTimeout(300000);
connection.addRequestProperty("Accept-Language", "en-US,en;q=0.8");
connection.addRequestProperty("Referer", "google.com");
connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2");
BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
String inputLine;
StringBuffer html = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
html.append(inputLine);
}
in.close();
return html.toString();
}
public static String HTTPSURLContent(String url) throws IOException {
System.setProperty("jsse.enableSNIExtension", "false");
URL page = new URL(url);
HttpsURLConnection connection = (HttpsURLConnection) page.openConnection();
connection.setReadTimeout(300000);
connection.addRequestProperty("Accept-Language", "en-US,en;q=0.8");
connection.addRequestProperty("Referer", "google.com");
connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2");
BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
String inputLine;
StringBuffer html = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
html.append(inputLine);
}
in.close();
return html.toString();
}
}
\ No newline at end of file
package Core.Utils;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Vector;
public class FileOperations {
public static Vector<String> ReadInDorkFile(String txtfile) throws IOException {
BufferedReader in;
Vector<String> tmp = new Vector<String>();
String inputLine;
in = new BufferedReader(new FileReader(txtfile));
while ((inputLine = in.readLine()) != null) {
tmp.add(inputLine.toString());
}
in.close();
return tmp;
}
public static void WriteResultsToFile(Vector<String> in, String file_location) throws IOException {
StringBuffer sb = new StringBuffer();
for(int i=0;i<in.size();i++) {
sb.append(in.elementAt(i) + "\n");
}
WriteStringToFile(sb.toString(), file_location);
}
public static void WriteStringToFile(String write, String file_location) throws IOException {
File file = new File(file_location);
// if file doesnt exists, then create it
if (!file.exists()) {
file.createNewFile();
}
FileWriter fw = new FileWriter(file.getAbsoluteFile());
BufferedWriter bw = new BufferedWriter(fw);
bw.write(write);
bw.close();
}
public static boolean checkIfFileExists(String file_location) {
File file = new File(file_location);
return file.exists();
}
}
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package Core.Utils;
import java.io.InputStreamReader;
import java.util.HashSet;
import java.util.Scanner;
import java.util.Vector;
public class StringEngine {
public static Vector<String> removeDuplicates(Vector<String> D) {
HashSet<String> set = new HashSet<String>();
for(int i=0;i<D.size();i++) {
set.add(D.elementAt(i));
}
D.clear();
D.addAll(set);
return D;
}
public static Vector<String> betterYourResults(Vector<String> A, String[] in_keywords, String[] out_keywords) {
Vector<String> Value = new Vector<String>();
int out = 0;
int in = 0;
for(int j=0;j<A.size();j++) {
for (int m=0;m<out_keywords.length;m++) {
if(A.elementAt(j).indexOf(out_keywords[m])==-1) {
out++;
}
}
for (int n=0;n<in_keywords.length;n++) {
if(A.elementAt(j).indexOf(in_keywords[n])!=-1) {
in++;
}
}
/*
Program logic: if the out keyword is not in the result, we increment out++.
if in_keywords is all in the result, we inc the int in.
if both are equal to the array length we add the result to the new vector.
*/
if((in==in_keywords.length) && (out == out_keywords.length)) {
//Value.add(A.elementAt(j) + "\n");
Value.add(A.elementAt(j));
}
out=0;
in=0;
}
return Value;
}
public static String readIn() {
@SuppressWarnings("resource")
Scanner scanner = new Scanner(new InputStreamReader(System.in));
return scanner.nextLine();
}
/**
* ToDo: Implement a method to write a Vector<String> to a textfile.
* Every url in a line.
*/
}
\ No newline at end of file
package Main;
public class Arguments {
boolean help = false;
boolean about = false;
boolean man = false;
boolean install = false;
boolean auto = false;
boolean generator = false;
boolean singledork = false;
boolean multidork = false;
String engine = new String();
String dork = new String();
String dorkFile = new String();
String output = new String();
String inFile = new String();
String outFile = new String();
int threads = 32;
int rpd = 50;
int timeout = 30;
int verbosity = 1;
boolean gui = false;
}
package Main;
public class Main {
import java.util.Vector;
/**
* @param args
*/
public static void main(String[] args) {
System.out.println("TMP");
import SelectModus.Automatik.Automatik;
import SelectModus.Automatik.Install;
import SelectModus.Generator.Generator;
import SelectModus.MultiDork.MultiDork;
import SelectModus.SingleDork.SingleDork;
public class Main {
/*
* Usage: MultiDork:
* 1st, 2nd, 3rd, 4th args:
* Engine-name (first letter) dorkfile results per dork Nr of Threads
*
* SingleDork:
* 1st, 2nd, 3rd, 4th args:
* Engine-name (first letter) dorkstring resultsfromthaengine WhereToSave
*
*/
public static void main(String[] args) {
Arguments A = new Parser().parseIt(args);
if(A == null) {
System.out.println("[ERROR] Error while parsing your Arguments. See --help flag.");
return;
}
if(A.help == true) {
Print.printHelp();
return;
}
if(A.man == true) {
Print.printManpage();
return;
}
if(A.about == true) {
Print.printAbout();
return;
}
if(A.singledork == true && A.multidork == true) {
System.out.println("[ERROR] Error while parsing your Arguments. See --help flag.");
System.out.println("[ERROR] You can only use one, --singledork or --multidork.");
return;
}
/**
* Parsing and starting SingleDork Mode!
*/
if(A.singledork == true) {
int i=0;
if(A.engine.isEmpty()) {
System.out.println("[ERROR] If singledork is set, you need to choose an engine with --engine!");
i++;
}
if(A.dork.isEmpty()) {
System.out.println("[ERROR] If singledork is set, you need to choose a dork with --dork!");
i++;
}
if(A.inFile.isEmpty()) {
System.out.println("[WARNING] You have decided to not clean your Results with an inFile.");
A.inFile = null;
}
if(A.outFile.isEmpty()) {
System.out.println("[WARNING] You have decided to not clean your Results with an outFile.");
A.outFile = null;
}
if(A.rpd < 10) {
System.out.println("[WARNING] You have to set --rpd at least to 10. We set it to 50 for you now.");
A.rpd = 50;
}
if(A.output.isEmpty()) {
System.out.println("[WARNING] You have to set an output directory, we set it to your home directory now.");
A.output = System.getProperty("user.home");
}
if(i>0) {
System.out.println("[STATUS] Shutting Search and Destroy down now.");
return;
}
new SingleDork(A.engine, A.dork, A.rpd, A.inFile, A.outFile, A.output).doJob();
}
/**
* Parsing and starting MultiDork Mode!
*/
if(A.multidork == true) {
int i=0;
if(A.engine.isEmpty()) {
System.out.println("[ERROR] If multidork is set, you need to choose an engine with --engine!");
i++;
}
if(A.dorkFile.isEmpty()) {
System.out.println("[ERROR] If multidork is set, you need to choose a dork with --dork!");
i++;
}
if(A.rpd < 10) {
System.out.println("[WARNING] You have to set --rpd at least to 10. We set it to 50 for you now.");
A.rpd = 50;
}
if(A.threads <=0) {
System.out.println("[WARNING] You have to set the number of threads (>0) with --threads. We set 16 for you now.");
A.threads = 16;
}
if(A.output.isEmpty()) {
System.out.println("[WARNING] You have to set an output directory, we set it to your home directory now.");
A.output = System.getProperty("user.home");
}
if(A.inFile.isEmpty()) {
System.out.println("[WARNING] You have decided to not clean your Results with an inFile.");
A.inFile = null;
}
if(A.outFile.isEmpty()) {
System.out.println("[WARNING] You have decided to not clean your Results with an outFile.");
A.outFile = null;
}
if(i>0) {
System.out.println("[STATUS] Shutting Search and Destroy down now.");
return;
}
/**
* ToDo: MultiDork mit A.output als fifth argument verwenden.
*/
new MultiDork(A.engine, A.dorkFile,A.inFile, A.outFile, A.rpd, A.threads, A.output).doJob();
}
if(A.install == true) {
new Install().doJob();
}
if(A.generator == true) {
new Generator().doJob();
}
if(A.auto == true) {
new Automatik().doJob();
}
//SingleDork SD = new SingleDork("B", "inanchor:main.php?id=+ext:php", 100, "");
//SD.doJob();
//Generator Gee = new Generator();
//Gee.doJob();
//MultiDork MD = new MultiDork("B", "/home/fxb/search_and_destroy/bing.dorks", 50, 100);
//MD.doJob();
/*
Install I = new Install();
I.doJob();
System.out.println("Working DIR: ");
System.out.println(System.getProperty("user.dir"));
Automatik A = new Automatik();
A.doJob();
*/
}
}
\ No newline at end of file
package Main;
public class Parser {
public Arguments parseIt(String[] args) {
Arguments A = new Arguments();
if(args.length == 0) {
return null;
}
for(int i=0;i<args.length;i++) {
if(args[i].equalsIgnoreCase("--help") || args[i].equalsIgnoreCase("-h")) {
A.help = true;
}
if(args[i].equalsIgnoreCase("--about") || args[i].equalsIgnoreCase("-a")) {
A.about = true;
}
if(args[i].equalsIgnoreCase("--man")) {
A.man = true;
}
if(args[i].equalsIgnoreCase("--install")) {
A.install = true;
}
if(args[i].equalsIgnoreCase("--generate")) {
A.generator = true;
}
if(args[i].equalsIgnoreCase("--auto")) {
A.auto = true;
}
if(args[i].equalsIgnoreCase("--gui")) {
A.gui = true;
}
if(args[i].equalsIgnoreCase("--output")) {
if(args.length > i+1) {
A.output = args[i+1];
} else {
System.out.println("[ERROR] You have to set a folder for output after --output flag!");
return null;
}
}
if(args[i].equalsIgnoreCase("--rpd")) {
if(args.length > i+1) {
A.rpd = Integer.parseInt(args[i+1]);
} else {
System.out.println("[ERROR] You have to select the number of results per dork after --rpd!");
return null;
}
}
if(args[i].equalsIgnoreCase("--timeout")) {
if(args.length > i+1) {
A.timeout = Integer.parseInt(args[i+1]);
} else {
System.out.println("[ERROR] You have to select a timeout after --timeout!");
return null;
}
}
if(args[i].equalsIgnoreCase("--verbosity") || args[i].equalsIgnoreCase("-v")) {
if(args.length > i+1) {
A.verbosity = Integer.parseInt(args[i+1]);
} else {
System.out.println("[ERROR] You have to set the verbosity level (0-3) after --verbosity flag!");
return null;
}
}
if(args[i].equalsIgnoreCase("--singledork")) {
if(args.length > i+1) {
A.singledork = true;
A.dork = args[i+1];
} else {
System.out.println("[ERROR] You have to select a dork after --singledork flag!");
return null;
}
}
if(args[i].equalsIgnoreCase("--multidork")) {
if(args.length > i+1) {
A.multidork = true;
A.dorkFile = args[i+1];
} else {
System.out.println("[ERROR] You have to set a dork file you want to use after --multidork flag!");
return null;
}
}
if(args[i].equalsIgnoreCase("--engine")) {
if(args.length > i+1) {
A.engine = args[i+1];
} else {
System.out.println("[ERROR] You have to select a search engine you want to use after --engine flag!\n" +
"You can use I, G, B, S for Ixquick, Google, Bing or Startpage!");
return null;
}
}
if(args[i].equalsIgnoreCase("--inFile")) {
if(args.length > i+1) {
A.inFile = args[i+1];
} else {
System.out.println("[ERROR] You have to select a inFile after --inFile String!");
return null;
}
}
if(args[i].equalsIgnoreCase("--outFile")) {
if(args.length > i+1) {
A.outFile = args[i+1];
} else {
System.out.println("[ERROR] You have to select a outFile after --outFile String!");
return null;
}
}
if(args[i].equalsIgnoreCase("--threads")) {
if(args.length > i+1) {
A.threads = Integer.parseInt(args[i+1]);
} else {
System.out.println("[ERROR] You have to set an int for threads as value after --threads flag!");
return null;
}
}
}
return A;
}
}
package Main;
public class Print {
public static void printHelp() {
//printHeader();
System.out.println( "[HELP MENU] Usage: \n" +
" \n" +
" --help This screen here... \n" +
" --about Fame and credits \n" +
" --man A short manpage \n" +
" \n" +
" --install Install stuff for auto mode \n" +
" --auto Automatikk Mode \n" +
" --generate Generator Mode \n" +
" --singledork 'inurl:example.txt' Use a single dork for search \n" +
" --multidork '/home/evilguy/dorks.txt' Use a file \n" +
" --threads 16 How many threads to use (only in --multidork usable) \n" +
" --engine B Select B for Bing, I=Ixquick, G=Google, S=Startpage (only --singledork or --multidork)\n" +
" --output '/home/evilguy' Folder for output \n" +
" --rpd 100 results per dork from engine \n" +
" --timeout 30 timeout in seconds \n" +
// " --verbosity 0-3 verbosity level. 1 is default \n" +
" --gui Not implemented yet! \n");
}
public static void printHeader() {
}
public static void printManpage() {
System.out.println( "NAME\n" +
" Search&Destroy - Passive Web Application Scanner working with Google Dorks\n\n" +
"DESCRIPTION\n" +
" This tool was written to scan web applications without activating any IDS or something similar.\n" +
" You can search for deeplinks through e.g. bing, startpage (google mask) and get further information about\n" +
" your target you want to scan later. So you know before accessing this site if it's using php or perl,\n" +
" Wordpress or Joomla and so on. This can save time when it comes to scan for vulnerabilities at the webapp and your\n" +
" customer will not be able to block your scans in these black pentests since your aren't attacking him yet.\n\n" +
" You can also \"abuse\" this tool for finding vulnerable pages in general. This is why it is called Search&Destroy.\n" +
" This mode was still implemented because of use for statistical research processes when it comes to new exploits.\n" +
" You first get some templates, generate from these templates your dork files for every search engine and\n" +
" start to scan. Then you configure threads, proxy and all that kind of stuff.\n\n" +
"WORKFLOW\n" +
" Let me shortly introduce you Search&Destroy:\n" +
" Before you start reading you should take a view at the help menu (--help).\n" +
" You can run S&D quick and dirty out of the box, but i recommend you first run (--install).\n" +
" Without \"installation\" you won't be able to run our Generator (--generate) cause we have a xml file as config.\n" +
" The installation option will create a folder in your home directory and store config files and logs.\n\n" +
" Without installation you cannot use multithreadinbg, because you need to scale your attack for every single engine.\n" +
" For this we need config files at the moment, same for generation.\n" +
" You can start instead multidork and singledork (--singledork/--multidork) with\n" +
" --engine <startpage,bing, google, ixquick> and --dpr 100 for dorks per result.\n" +
" Mind yourself: You have to have a lot of patience, without multithreading using a long dorklist can be horrifying slow.\n\n" +
" After a successful search attack you will find a huge txt file in your home directory, deeplink per line.\n" +
" Without installation you cannot autocorrekt the links for a scheme, e.g. only contains links with .php and\n" +
" no facebook.com, yellow.com amazon.com and so on. You can see how to configurate these white- and blacklist feature\n" +
" when looking in the config file, there are some easy examples for you.\n\n" +
"(END)");
}
public static void printAbout() {
// TODO Auto-generated method stub
}
}
package SearchEngine;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
public class Bing extends SearchEngine {
public Bing(Vector<String> DORKS, int ID, SearchProgress PROGRESS, int RESULTS_PER_DORK, Vector<String> RESULT_MEMORY) {
super(DORKS, ID, PROGRESS, RESULTS_PER_DORK, RESULT_MEMORY);
}
/*
These vars you can find in SearchEngine.
search is a method from SearchEngine.
*/
public void fetchResults(int NR, String DORK) throws IOException, URISyntaxException {
search(false, "http://www.bing.com/search?q=" + DORK + "&first=", NR, "href=\"http",4, "\"");
}
/*
Here we crawl an url to get some results. see search for more information.
*/
public void run() {
for (int i=0;i<DORKS.size();i++) {
try {
fetchResults(RESULTS_PER_DORK, java.net.URLEncoder.encode(DORKS.elementAt(i)));
if(PROGRESS != null) PROGRESS.updateStatus(i, ID);
} catch (IOException ex) {
Logger.getLogger(Startpage.class.getName()).log(Level.SEVERE, null, ex);
} catch (URISyntaxException ex) {
Logger.getLogger(Startpage.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
}
\ No newline at end of file
package SearchEngine;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
public class Google extends SearchEngine {
public Google(Vector<String> cuttedDorks, int ID, SearchProgress PROGRESS, int RESULTS_PER_DORK, Vector<String> RESULT_MEMORY) {
super(cuttedDorks, ID, PROGRESS, RESULTS_PER_DORK, RESULT_MEMORY);
}
/*
These vars you can find in SearchEngine.
search is a method from SearchEngine.
*/
public void fetchResults(int NR, String DORK) throws IOException, URISyntaxException {
search(false, "http://www.google.de/search?q=" + DORK + "&hl=us&start=", NR, "href=\"/url?q=http",4, "&amp;");
}
/*
Here we crawl an url to get some results. see search for more information.
we override search so we can throw an exception if we get into trouble.
Google likes captures, so we can throw them as exception.
*/
public void run() {
/*
This doesn't help. No Multithreaded searching in google!
They don't like that...
*/
for (int i=0;i<DORKS.size();i++) {
try {
fetchResults(RESULTS_PER_DORK, DORKS.elementAt(i));
if(PROGRESS != null) PROGRESS.updateStatus(i, ID);
} catch (IOException ex) {
Logger.getLogger(Startpage.class.getName()).log(Level.SEVERE, null, ex);
} catch (URISyntaxException ex) {
Logger.getLogger(Startpage.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
}
\ No newline at end of file
package SearchEngine;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
public class Ixquick extends SearchEngine {
public Ixquick(Vector<String> DORKS, int ID, SearchProgress PROGRESS, int RESULTS_PER_DORK, Vector<String> RESULT_MEMORY) {
super(DORKS, ID, PROGRESS, RESULTS_PER_DORK, RESULT_MEMORY);
}
/*
These vars you can find in SearchEngine.
search is a method from SearchEngine.
*/
public void fetchResults(int NR, String DORK) throws IOException, URISyntaxException {
search(true, "https://ixquick.com/do/search?q=" + DORK + "&startat=", NR, "<h3><a href='", 0, "'");
}
/*
Here we crawl an url to get some results. see search for more information.
*/
public void run() {
for (int i=0;i<DORKS.size();i++) {
try {
fetchResults(RESULTS_PER_DORK, DORKS.elementAt(i));
if(PROGRESS != null) PROGRESS.updateStatus(i, ID);
} catch (IOException ex) {
Logger.getLogger(Startpage.class.getName()).log(Level.SEVERE, null, ex);
} catch (URISyntaxException ex) {
Logger.getLogger(Startpage.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
}
\ No newline at end of file
/*
MultiDork:
* DORKS[] is the Array of dorks you give every thread.
the memory vector is the location where every threads adds the results of the dork crawling search.
SingeDork: You only use fetchResults from every subclass and search is used in the fetchResults method.
*/
package SearchEngine;
import static Core.Utils.ConnectHTTP.HTTPSURLContent;
import static Core.Utils.ConnectHTTP.URLContent;
import java.io.IOException;
import java.util.Vector;
public abstract class SearchEngine implements Runnable {
SearchEngine(Vector<String> DORKS, int ID, SearchProgress PROGRESS, int RESULTS_PER_DORK, Vector<String> RESULT_VECTOR) {
this.DORKS = DORKS;
this.ID = ID;
this.PROGRESS = PROGRESS;
this.RESULTS_PER_DORK = RESULTS_PER_DORK;
this.RESULT_VECTOR = RESULT_VECTOR;
}
Vector<String> DORKS;
int ID;
int RESULTS_PER_DORK;
SearchProgress PROGRESS;
Vector<String> RESULT_VECTOR;
/*
These vars are in every subclass (every specified engine is a subclass).
We need them always, it does not matter what engine you want to use.
DORKS -> contains the dork you want to search. If multithreaded, this is a split of the DORKFILE we read in.