-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path3num.py
More file actions
371 lines (282 loc) · 14.4 KB
/
3num.py
File metadata and controls
371 lines (282 loc) · 14.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
import argparse
import paramiko
from ftplib import FTP, error_perm
from termcolor import colored
import socket
import subprocess
import time
from termcolor import cprint
def print_separator():
print(colored("-" * 50, "blue"))
def print_section_header(header):
print_separator()
print(colored(f"[*] {header}", "cyan"))
print_separator()
def print_command_output(command, output, output_file=None):
print(f"\n{colored('[+]', 'green')} {colored('Command:', 'green')} {colored(command, 'yellow')}")
print(f"{colored('[+]', 'green')} {colored('Output:', 'green')}")
print(output)
if output_file:
with open(output_file, 'a') as file:
file.write(f"\n{colored('[+]', 'green')} {colored('Command:', 'green')} {colored(command, 'yellow')}\n")
file.write(f"{colored('[+]', 'green')} {colored('Output:', 'green')}\n{output}\n\n")
def enumerate_ssh(target_host, username, password, output_file=None):
port = 22
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
print(colored(f"[*] Connecting to {target_host} via SSH...", "cyan"))
time.sleep(1)
print(colored(f"[*] Trying login with credentials...", "cyan"))
time.sleep(1.5)
ssh.connect(target_host, port, username, password)
print(colored("[+] SSH Connection established.", "green"))
ssh_commands = [
'uname -a',
'pwd',
'ls -la',
'whoami',
'cat /etc/issue',
'ifconfig',
'cat /etc/passwd',
'netstat -anp',
]
for command in ssh_commands:
stdin, stdout, stderr = ssh.exec_command(command)
output = stdout.read().decode().strip()
print_command_output(command, output)
if output_file:
with open(output_file, 'a') as file:
file.write(f"\n{colored('[+]', 'green')} {colored('Command:', 'green')} {colored(command, 'yellow')}\n")
file.write(f"{colored('[+]', 'green')} {colored('Output:', 'green')}\n{output}\n\n")
except Exception as e:
print(colored(f"[-] Failed to connect to {target_host} via SSH: {e}", "red"))
finally:
ssh.close()
print(colored("[*] SSH Connection closed.", "cyan"))
def enumerate_ftp(target_host, username, password, output_file=None, anonymous=False):
ftp_port = 21
ftp = None # Initialize ftp to None
error_code = None # Initialize error_code to None
try:
# Connect to FTP server
print(colored(f"[*] Connecting to {target_host} via FTP...", "cyan"))
time.sleep(2)
ftp = FTP()
if not anonymous:
# Attempt anonymous login first
try:
ftp.connect(target_host, ftp_port)
print(colored("[*] Trying anonymous login...", "cyan"))
ftp.login()
print(colored("[+] FTP Connection established (Anonymous login).", "green"))
except error_perm as e:
if "530" in str(e):
print(colored("[-] Anonymous access not allowed", "red"))
if username != "" and password != "":
print(colored('[*] Trying with credentials...', "cyan"))
ftp = FTP()
ftp.connect(target_host, ftp_port)
ftp.login(username, password)
print(colored("[+] FTP Connection established (Authenticated login).", "green"))
else:
raise
else:
ftp.connect(target_host, ftp_port)
print(colored("[*] Trying anonymous login...", "cyan"))
ftp.login("", "")
print(colored("[+] FTP Connection established (Anonymous login).", "green"))
# FTP commands for enumeration
ftp_commands = [
'pwd',
'mlsd', # Use 'mlsd' to list directory contents with details
]
# Iterate through commands after successful login
for command in ftp_commands:
print_separator()
if command == 'pwd':
active_directory = ftp.pwd()
print(colored(f"[+] Active directory: {active_directory}", "green"))
elif command == 'mlsd':
directory_listing = ftp.mlsd()
print(colored("[+] Directory Listing:", "green"))
for item in directory_listing:
print(item)
# Download files with '.txt' extension
# Save FTP command output to file if specified
if output_file:
with open(output_file, 'a') as file:
file.write(f"\n{colored('[+]', 'green')} {colored('FTP Command:', 'green')} {colored(command, 'yellow')}\n")
if command == 'mlsd':
for item in directory_listing:
file.write(item[0] + "\n")
else:
file.write(ftp.sendcmd(command))
file.write("\n")
except Exception as e:
error_code = str(e)
print(colored(f"[-] An error occurred during process!: {e}", "red"))
finally:
# Close the FTP connection
if error_code and '111' not in error_code and '530' not in error_code:
try:
ftp.quit()
except (OSError, socket.error) as e:
print(colored(f"[-] An error occurred while closing the FTP connection: {e}", "red"))
print("[*] FTP Connection closed.")
def enumerate_http(target_host, wordlist, output_file=None):
print(colored(f"[*] Enumerating HTTP on {target_host} using Gobuster...", "cyan"))
time.sleep(1)
gobuster_command = f"gobuster dir -u http://{target_host} -w {wordlist} -o {output_file}"
subprocess.run(gobuster_command, shell=True)
def ftp_anon_enum(target_host, output_file=None):
enumerate_ftp(target_host, username="", password="", output_file=output_file, anonymous=True)
def ssh_brute_force(target_host, username, wordlist, output_file=None):
print(colored(f"[*] Bruteforcing SSH on {target_host} with Hydra...", "cyan"))
time.sleep(1)
hydra_command = f"hydra -v -l {username} -P {wordlist} ssh://{target_host} -t 4"
subprocess.run(hydra_command, shell=True)
def web_enum(target_host, output_file=None):
print(colored(f"[*] Running Nikto scan on {target_host}...", "cyan"))
time.sleep(1)
nikto_command = f"nikto -h {target_host} -o {output_file} -Format txt"
subprocess.run(nikto_command, shell=True)
def dns_enum(target_host, output_file=None):
print(colored(f"[*] Enumerating DNS for {target_host}...", "cyan"))
time.sleep(1)
print(colored(f"[*] Enumerating DNS with nslookup on {target_host}...", "cyan"))
nslookup_command = f"nslookup {target_host}"
nslookup_output = subprocess.getoutput(nslookup_command)
print_command_output(nslookup_command, nslookup_output, output_file)
print(colored(f"[*] completed 25%...", "cyan", attrs=["bold"]))
time.sleep(10)
print(colored(f"[*] Enumerating DNS with dig on {target_host}...", "cyan"))
dig_trace_command = f"dig {target_host} "
dig_trace_output = subprocess.getoutput(dig_trace_command)
print_command_output(dig_trace_command, dig_trace_output, output_file)
print(colored(f"[*] completed 50%...", "cyan", attrs=["bold"]))
time.sleep(10)
print(colored(f"[*] Enumerating DNS with whois on {target_host}...", "cyan"))
whois_command = f"whois {target_host}"
whois_output = subprocess.getoutput(whois_command)
print_command_output(whois_command, whois_output, output_file)
print(colored(f"[*] completed 75%...", "cyan", attrs=["bold"]))
time.sleep(10)
print(colored(f"[*] Enumerating DNS with dnsrecon on {target_host}...", "cyan"))
dnsrecon_command = f"dnsrecon -d {target_host}"
dnsrecon_output = subprocess.getoutput(dnsrecon_command)
print_command_output(dnsrecon_command, dnsrecon_output, output_file)
print(colored(f"[*] successfully completed 100% of 100%!", "cyan", attrs=["bold"]))
def smb_enum(target_host, username, password, output_file=None):
smb_commands = [
'enum4linux -a {target_host}', # Enumerate information about the target SMB server
'smbclient -L //{target_host}', # List shares on the target SMB server
]
for command in smb_commands:
print_separator()
try:
command = command.format(target_host=target_host)
output = subprocess.getoutput(command)
print_command_output(command, output, output_file)
except Exception as e:
print(colored(f"[-] An error occurred during SMB enumeration: {e}", "red"))
def exploit_enum(target_host, output_file=None):
print_section_header(f"Exploit Enumeration for {target_host}")
searchsploit_command = f"searchsploit {target_host}"
searchsploit_output = subprocess.getoutput(searchsploit_command)
print_command_output(searchsploit_command, searchsploit_output, output_file)
def sql_enum(target_host, output_file=None):
print_section_header(f"SQL Enumeration for {target_host}")
# SQLMap command for enumeration
sqlmap_command = f"sqlmap -u {target_host} --random-agent --forms --crawl=2 --dbs --risk=3 --batch --level=5 --time-sec=20"
subprocess.run(sqlmap_command, shell=True)
def print_banner():
custom_lines = [
" ) * ",
" ) ( /( ( ` ",
" ( /( )\()) ( )\))( ",
" )\()|(_)\ )\((_)()\\ ",
" ((_)\ _((_)_ ((_|_()((_) ",
]
lines = [
" |__ " + colored("(_)", "yellow", attrs=["bold"]) + " \| | | | | \/ |",
" |_ \ | .` | |_| | |\/| |",
" |___/ |_|\_|\___/|_| |_|",
" ____________________________________",
" /___/___/___/___/___/___/___/___/___/",
]
for line in custom_lines:
print(colored(line, "yellow", attrs=["bold"]))
for line in lines:
print(colored(line, 'white', attrs=["bold"]))
print(colored("Copyright (c) 2023 By @Richard. All rights reserved.", "white", attrs=['bold']))
print(colored("ALL USED TOOLS:", "white", attrs=['bold']))
tools = [
"Hydra (Brute-force tool)",
"Nikto (Web server scanner)",
"Gobuster (Directory and file brute-forcer)",
"Dig (DNS information tool)",
"Enum4Linux (SMB enumeration tool)",
"SMBClient (SMB enumeration tool)",
"Nslookup (DNS lookup tool)",
"Dnsrecon (DNS enumeration tool)",
"Whois (DNS lookup tool)",
"FTP (File Transfer Protocol)",
"SSH (Secure Shell)",
"Searchsploit (Exploit Database search tool)",
"sqlmap (SQL enumeration tool)",
]
for tool in tools:
print(f" - {colored(tool, 'white', attrs=['bold'])}")
print(colored("=" * 50 + "\n", "blue"))
def print_warning():
print(colored("[WARNING] This tool is intended for authorized security testing only.", "red", attrs=['bold']))
print(colored("Using it against systems without permission is illegal.", "red", attrs=['bold']))
print(colored("Please ensure you have the right to perform any enumeration activities.", "red", attrs=['bold']))
print_separator()
def main():
print_banner()
print_warning()
parser = argparse.ArgumentParser(description="Enumeration Tool")
parser.add_argument("-ssh_enum", "--ssh_enum", dest="target_host_ssh", help="Target host to enumerate SSH")
parser.add_argument("-ftp_enum", "--ftp_enum", dest="target_host_ftp", help="Target host to enumerate FTP with credentials")
parser.add_argument("-ftp_anon_enum", "--ftp_anon_enum", dest="target_host_ftp_anon", help="Target host to enumerate anonymous FTP")
parser.add_argument("-http_enum", "--http_enum", dest="target_host_http", help="Target host to enumerate HTTP")
parser.add_argument("-ssh_brute", "--ssh_brute", dest="target_host_brute", help="Target host to brute-force SSH")
parser.add_argument("-web_enum", "--web_enum", dest="target_host_web", help="Target host to enumerate HTTP with Nikto")
parser.add_argument("-dns_enum", "--dns_enum", dest="target_host_dns", help="Target host to enumerate DNS")
parser.add_argument("-smb_enum", "--smb_enum", dest="target_host_smb", help="Target host to enumerate SMB")
parser.add_argument("-exploit_enum", "--exploit_enum", dest="exploit_target", help="Target for exploit enumeration")
parser.add_argument("-sql_enum", "--sql_enum", dest="target_host_sql", help="Target host to enumerate SQL")
parser.add_argument("-u", "--user", dest="username", default="anonymous", help="FTP/SSH/SMB username")
parser.add_argument("-p", "--passwd", dest="password", default="", help="FTP/SSH/SMB password")
parser.add_argument("-w", "--wordlist", dest="wordlist", help="Path to the wordlist for SSH brute-force")
parser.add_argument("-o", "--output", dest="output_file", help="Output file to save results")
args = parser.parse_args()
if args.target_host_ssh:
enumerate_ssh(args.target_host_ssh, args.username, args.password, args.output_file)
elif args.target_host_ftp:
enumerate_ftp(args.target_host_ftp, args.username, args.password, args.output_file, anonymous=False)
elif args.target_host_ftp_anon:
ftp_anon_enum(args.target_host_ftp_anon, args.output_file)
elif args.target_host_http and args.wordlist:
enumerate_http(args.target_host_http, args.wordlist, args.output_file)
elif args.target_host_brute and args.username and args.wordlist:
ssh_brute_force(args.target_host_brute, args.username, args.wordlist, args.output_file)
elif args.target_host_web:
web_enum(args.target_host_web, args.output_file)
elif args.target_host_dns:
dns_enum(args.target_host_dns, args.output_file)
elif args.target_host_smb:
if args.username and args.password:
smb_enum(args.target_host_smb, args.username, args.password, args.output_file)
else:
smb_enum(args.target_host_smb, "", "", args.output_file)
elif args.exploit_target:
exploit_enum(args.exploit_target, args.output_file)
elif args.target_host_sql:
sql_enum(args.target_host_sql, args.output_file)
else:
print(colored("[-] Please specify a valid enumeration option.", "red"))
if __name__ == "__main__":
main()