Commit 16d3c906 authored by fimap.dev@gmail.com's avatar fimap.dev@gmail.com

Added first version of bing scanner.

parent 21066c58
#
# This file is part of fimap.
#
# Copyright(c) 2009-2010 Iman Karim(ikarim2s@smail.inf.fh-brs.de).
# http://fimap.googlecode.com
#
# This file may be licensed under the terms of of the
# GNU General Public License Version 2 (the ``GPL'').
#
# Software distributed under the License is distributed
# on an ``AS IS'' basis, WITHOUT WARRANTY OF ANY KIND, either
# express or implied. See the GPL for the specific language
# governing rights and limitations.
#
# You should have received a copy of the GPL along with this
# program. If not, go to http://www.gnu.org/licenses/gpl.html
# or write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
from singleScan import singleScan
from targetScanner import targetScanner
from pybing import Bing
import datetime
import sys,time
__author__="Iman Karim(ikarim2s@smail.inf.fh-brs.de)"
__date__ ="$01.09.2009 06:55:16$"
class bingScan:
def __init__(self, config):
self.config = config
self.bs = Bing("YOUR ID")
self.cooldown = self.config["p_googlesleep"];
self.results_per_page = int(self.config["p_results_per_query"]);
if (self.config["p_skippages"] > 0):
print "Bing Scanner will skip the first %d pages..."%(self.config["p_skippages"])
def startGoogleScan(self):
print "Querying Bing Search: '%s' with max pages %d..."%(self.config["p_query"], self.config["p_pages"])
pagecnt = 0
curtry = 0
last_request_time = datetime.datetime.now()
while(pagecnt < self.config["p_pages"]):
pagecnt = pagecnt +1
redo = True
while (redo):
try:
current_time = datetime.datetime.now()
diff = current_time - last_request_time
diff = int(diff.seconds)
if (diff <= self.cooldown):
if (diff > 0):
print "Commencing %ds bing cooldown..." %(self.cooldown - diff)
time.sleep(self.cooldown - diff)
last_request_time = datetime.datetime.now()
resp = self.bs.search_web(self.config["p_query"], {'Web.Count':50,'Web.Offset':(pagecnt-1)*self.results_per_page})
results = resp['SearchResponse']['Web']['Results']
redo = False
except KeyboardInterrupt:
raise
except Exception, err:
raise
redo = True
sys.stderr.write("[RETRYING PAGE %d]\n" %(pagecnt))
curtry = curtry +1
if (curtry > self.config["p_maxtries"]):
print "MAXIMUM COUNT OF (RE)TRIES REACHED!"
sys.exit(1)
curtry = 0
if (len(results) == 0): break
sys.stderr.write("[PAGE %d]\n" %(pagecnt))
try:
for r in results:
single = singleScan(self.config)
single.setURL(r["Url"])
single.setQuite(True)
single.scan()
except KeyboardInterrupt:
raise
time.sleep(1)
print "Bing Scan completed."
......@@ -650,6 +650,7 @@ class codeinjector(baseClass):
missingCount += 1
textarr.append("[ ] And %d hosts with no valid attack vectors."%(missingCount))
textarr.append(" Type '?' to see what it means.")
textarr.append("[q] Quit")
self.drawBox(header, textarr)
if (doRemoteWarn):
......@@ -659,12 +660,31 @@ class codeinjector(baseClass):
c = raw_input("Choose Domain: ")
if (c == "q"):
sys.exit(0)
try:
c = int(c)
ret = choose[c]
return(ret)
except:
print "Invalid Domain ID."
elif (c == "?"):
print "------------------------------------------------------------------------------"
print "Why are some domains not visible?"
print "This can have two reasons."
print "* Non executable files:"
print " It's likly that fimap has found an inclusion bug and was able to read out"
print " non executable files like '/etc/passwd' or 'c:\\boot.ini'."
print " In cases like this it's not possible to automaticly attack the machine."
print " However if you are able to upload a file on the webserver you have high"
print " chances to spawn a shell."
print "* Remote File Inclusion bugs:"
print " If you have found RFI only bugs you have to enable Dynamic RFI in order to"
print " exploit the bug with fimap. The RFI-Only domains will be hidden unless you"
print " have configured and enabled Dynamic RFI."
print " However you can always take a look at the ~/fimap_result.xml , get your info"
print " and do it manually."
print "------------------------------------------------------------------------------"
else:
try:
c = int(c)
ret = choose[c]
return(ret)
except:
print "Invalid Domain ID."
def chooseVuln(self, hostname):
......
......@@ -24,6 +24,7 @@
<blind_files mindepth="0" maxdepth="15">
<file path="/etc/passwd" find="root:" flags="r" unix="1" windows="0"/>
<file path="c:\boot.ini" find="[operating" flags="r" unix="0" windows="1"/>
<file path="c:\windows\win.ini" find="[fonts" flags="r" unix="0" windows="1"/>
</blind_files>
<methods>
......
......@@ -26,6 +26,7 @@ from codeinjector import codeinjector
from crawler import crawler
import getopt
from googleScan import googleScan
from bingScan import bingScan
from massScan import massScan
from singleScan import singleScan
import language
......@@ -55,6 +56,8 @@ def show_help(AndQuit=False):
print " from a given list (-l) for FI errors."
print " -g , --google Mode to use Google to aquire URLs."
print " Needs a query (-q) as google search query."
print " -B , --bing Use bing to get URLs."
print " Needs a query (-q) as bing search query."
print " -H , --harvest Mode to harvest a URL recursivly for new URLs."
print " Needs a root url (-u) to start crawling there."
print " Also needs (-w) to write a URL list for mass mode."
......@@ -219,7 +222,7 @@ def show_report():
if __name__ == "__main__":
config["p_url"] = None
config["p_mode"] = 0 # 0=single ; 1=mass ; 2=google ; 3=crawl ; 4=autoawesome
config["p_mode"] = 0 # 0=single ; 1=mass ; 2=google ; 3=crawl ; 4=autoawesome ; 5=bing
config["p_list"] = None
config["p_verbose"] = 2
config["p_useragent"] = "fimap.googlecode.com/v%s" %__version__
......@@ -251,6 +254,7 @@ if __name__ == "__main__":
config["force-run"] = False
config["force-os"] = None
config["p_rfi_encode"] = None
config["p_skiponerror"] = False
doPluginsShow = False
doRFITest = False
doInternetInfo = False
......@@ -285,8 +289,8 @@ if __name__ == "__main__":
"plugins" , "enable-color", "update-def" , "merge-xml=" , "install-plugins" , "results=",
"googlesleep=" , "dot-truncation", "dot-trunc-min=", "dot-trunc-max=", "dot-trunc-step=", "dot-trunc-ratio=",
"tab-complete" , "cookie=" , "bmin=" , "bmax=" , "dot-trunc-also-unix", "multiply-term=",
"autoawesome" , "force-run" , "force-os=" , "rfi-encoder=", "header="]
optlist, args = getopt.getopt(sys.argv[1:], "u:msl:v:hA:gq:p:sxHw:d:bP:CIDTM:4R:", longSwitches)
"autoawesome" , "force-run" , "force-os=" , "rfi-encoder=", "header=", "bing"]
optlist, args = getopt.getopt(sys.argv[1:], "u:msl:v:hA:gq:p:sxHw:d:bP:CIDTM:4R:B", longSwitches)
startExploiter = False
......@@ -303,6 +307,8 @@ if __name__ == "__main__":
config["p_mode"] = 3
if (k in ("-4", "--autoawesome")):
config["p_mode"] = 4
if (k in ("-B", "--bing")):
config["p_mode"] = 5
if (k in ("-l", "--list")):
config["p_list"] = v
if (k in ("-q", "--query")):
......@@ -647,6 +653,9 @@ if __name__ == "__main__":
if (config["p_query"] == None and config["p_mode"] == 2):
print "Google Query required. (-q)"
sys.exit(1)
if (config["p_query"] == None and config["p_mode"] == 5):
print "Bing Query required. (-q)"
sys.exit(1)
if (config["p_url"] == None and config["p_mode"] == 3):
print "Start URL required for harvesting. (-u)"
sys.exit(1)
......@@ -698,6 +707,12 @@ if __name__ == "__main__":
awe.setURL(config["p_url"])
awe.scan()
elif(config["p_mode"] == 5):
print "BingScanner is searching for Query: '%s'" %config["p_query"]
b = bingScan(config)
b.startGoogleScan()
show_report()
except KeyboardInterrupt:
print "\n\nYou have terminated me :("
......
......@@ -216,7 +216,11 @@ class targetScanner (baseClass.baseClass):
if (code == None):
self._log("Code == None. Skipping testing of the URL.", self.LOG_DEBUG)
doBreak = True
if (self.config["p_skiponerror"] == True): # User decided to skip blind check if server returned an error.
self._log("You decided to cancel blind checks when the server returned an error.", self.LOG_ALWAYS)
self._log("Code == None. Skipping testing of the URL.", self.LOG_DEBUG)
doBreak = True
else:
if (code.find(find) != -1):
if (haxMode == 0):
......@@ -232,7 +236,6 @@ class targetScanner (baseClass.baseClass):
else:
# Previous result was none. Assuming that we can break here.
self._log("Code == None. Skipping testing of the URL.", self.LOG_DEBUG)
doBreak = True
return(rep, doBreak)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment