Added Directory Enumeration

spyboy-productions · Sep 7, 2023 · 9a03ecc · 9a03ecc
1 parent 6ed9790
commit 9a03ecc
Show file tree

Hide file tree

Showing 12 changed files with 4,988 additions and 142 deletions.
diff --git a/dirlist.txt b/dirlist.txt
diff --git a/dirtest.py b/dirtest.py
@@ -0,0 +1,147 @@
+import socket
+import aiohttp
+import asyncio
+from datetime import date
+
+RED = '\033[31m'  # red
+GREEN = '\033[32m'  # green
+CYAN = '\033[36m'  # cyan
+WHITE = '\033[0m'  # white
+YELLOW = '\033[33m'  # yellow
+
+headers = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0'}
+count = 0
+found = []
+responses = []
+current_year = date.today().year
+
+
+async def fetch_url(session, url, allow_redirects):
+    try:
+        async with session.get(url, headers=headers, allow_redirects=allow_redirects) as response:
+            responses.append((url, response.status))
+            return response.status
+    except Exception as e:
+        print(f'{RED}[-] {CYAN}Exception : {WHITE}' + str(e).strip('\n'))
+
+
+async def insert_url(queue, file_extensions, target, wordlist, allow_redirects):
+    url_template = target + '/{}'
+    if file_extensions:
+        file_extensions = [ext.strip() for ext in file_extensions.split(',')]
+    with open(wordlist, 'r') as wordlist_file:
+        for line in wordlist_file:
+            word = line.strip()
+            for ext in (file_extensions or ['']):
+                url = url_template.format(f'{word}.{ext}' if ext else word)
+                await queue.put(url)
+
+
+async def consume_url(queue, target, session, allow_redirects, total_num_words):
+    global count
+    while True:
+        url = await queue.get()
+        status = await fetch_url(session, url, allow_redirects)
+        await filter_output(target, url, status)
+        queue.task_done()
+        count += 1
+        print(f'{YELLOW}[~] {CYAN}Requests : {WHITE}{count}/{total_num_words}', end='\r')
+
+
+async def run_scan(target, num_threads, timeout, wordlist, allow_redirects, ssl_verification, dns_servers, file_extensions,
+                   total_num_words):
+    queue = asyncio.Queue(maxsize=num_threads)
+
+    resolver = aiohttp.AsyncResolver(nameservers=dns_servers.split(', '))
+    conn = aiohttp.TCPConnector(limit=num_threads, resolver=resolver, family=socket.AF_INET,
+                                verify_ssl=ssl_verification)
+    timeout_config = aiohttp.ClientTimeout(total=None, sock_connect=timeout, sock_read=timeout)
+
+    async with aiohttp.ClientSession(connector=conn, timeout=timeout_config) as session:
+        distribute_urls = asyncio.create_task(insert_url(queue, file_extensions, target, wordlist, allow_redirects))
+        workers = [
+            asyncio.create_task(
+                consume_url(queue, target, session, allow_redirects, total_num_words)
+            ) for _ in range(num_threads)]
+
+        await asyncio.gather(distribute_urls)
+        await queue.join()
+
+        for worker in workers:
+            worker.cancel()
+
+
+async def filter_output(target, url, status):
+    global found
+    if status in {200} and str(url) != target + '/':
+        found.append(url)
+        print(f'{GREEN}{status} {CYAN}|{WHITE} {url}')
+    elif status in {301, 302, 303, 307, 308}:
+        found.append(url)
+        print(f'{YELLOW}{status} {CYAN}|{WHITE} {url}')
+    elif status in {403}:
+        found.append(url)
+        print(f'{RED}{status} {CYAN}|{WHITE} {url}')
+
+
+def print_directory_output(output, data):
+    global responses, found
+    result = {}
+
+    for entry in responses:
+        if entry is not None:
+            if entry[1] in {200}:
+                if output != 'None':
+                    result.setdefault('Status 200', []).append(f'200, {entry[0]}')
+            elif entry[1] in {301, 302, 303, 307, 308}:
+                if output != 'None':
+                    result.setdefault(f'Status {entry[1]}', []).append(f'{entry[1]}, {entry[0]}')
+            elif entry[1] in {403}:
+                if output != 'None':
+                    result.setdefault('Status 403', []).append(f'{entry[1]}, {entry[0]}')
+
+    print(f'\n\n{GREEN}╰➤ {CYAN}Directories Found   : {WHITE}{len(found)}')
+
+
+def start_scan(target, num_threads, timeout, wordlist, allow_redirects, ssl_verification, dns_servers, output, data,
+               file_extensions):
+    print(f'\n{YELLOW}[~] Starting Directory Enum...{WHITE}\n')
+    print(f'{GREEN}╰➤ {CYAN}Threads          : {WHITE}{num_threads}')
+    print(f'{GREEN}╰➤ {CYAN}Timeout          : {WHITE}{timeout}')
+    print(f'{GREEN}╰➤ {CYAN}Wordlist         : {WHITE}{wordlist}')
+    print(f'{GREEN}╰➤ {CYAN}Allow Redirects  : {WHITE}{allow_redirects}')
+    print(f'{GREEN}╰➤ {CYAN}SSL Verification : {WHITE}{ssl_verification}')
+    print(f'{GREEN}╰➤ {CYAN}DNS Servers      : {WHITE}{dns_servers}')
+
+    with open(wordlist, 'r') as wordlist_file:
+        num_words = sum(1 for _ in wordlist_file)
+
+    print(f'{GREEN}╰➤ {CYAN}Wordlist Size    : {WHITE}{num_words}')
+    print(f'{GREEN}╰➤ {CYAN}File Extensions  : {WHITE}{file_extensions}\n')
+
+    if file_extensions:
+        total_num_words = num_words * (len(file_extensions.split(',')) + 1)
+    else:
+        total_num_words = num_words
+
+    loop = asyncio.new_event_loop()
+    asyncio.set_event_loop(loop)
+    loop.run_until_complete(
+        run_scan(target, num_threads, timeout, wordlist, allow_redirects, ssl_verification, dns_servers,
+                 file_extensions, total_num_words))
+    print_directory_output(output, data)
+    loop.close()
+
+'''
+if __name__ == "__main__":
+    target_url = "https://spyboy.in"  # Set your target URL here
+    num_threads = 10  # Set the number of threads here
+    timeout_duration = 10  # Set the timeout duration here
+    wordlist_file = "dirlist.txt"  # Set the wordlist file path here
+    allow_redirects_flag = False
+    ssl_verification_flag = True
+    dns_servers_list = "1.1.1.1"  # Comma-separated DNS servers
+    file_extensions_list = "txt,php,html"  # Comma-separated list of file extensions
+    start_scan(target_url, num_threads, timeout_duration, wordlist_file, allow_redirects_flag, ssl_verification_flag,
+               dns_servers_list, None, None, file_extensions_list)
+'''
diff --git a/dmarc_record.py b/dmarc_record.py
@@ -25,10 +25,10 @@ def fetch_dmarc_links(domain):
 
         return links
     except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
-        print(f"{G}[+] {R}No DMARC record found for {domain}")
+        print(f"{G}╰➤ {R}No DMARC record found for {domain}")
         return []
     except dns.exception.DNSException as e:
-        print(f"{G}[+] {R}An error occurred: {e}")
+        print(f"{G}╰➤ {R}An error occurred: {e}")
         return []
 
 if __name__ == "__main__":

diff --git a/dns_enumeration.py b/dns_enumeration.py
@@ -10,7 +10,7 @@
 def get_domain_ip(domain):
     try:
         ip_address = socket.gethostbyname(domain)
-        print(f"{G}[+] {C}IP Address:{W} {ip_address}")
+        print(f"{G}╰➤ {C}IP Address:{W} {ip_address}")
         return ip_address
     except socket.gaierror:
         print(f"{R}[-] {C}Could not resolve IP address for the domain.{W}")
@@ -20,7 +20,7 @@ def dnsrec(domain):
     ip_address = get_domain_ip(domain)
     if ip_address:
         result = {'dns': [], 'dmarc': []}
-        print(f'\n{Y}[!] Starting DNS Enumeration...{W}\n')
+        print(f'\n{Y}[~] Starting DNS Enumeration...{W}\n')
         types = ['A', 'AAAA', 'CAA', 'CNAME', 'MX', 'NS', 'TXT']
 
         # Set a timeout value in seconds
@@ -35,7 +35,7 @@ def dnsrec(domain):
             try:
                 response = resolver.query(domain, record_type)
                 for answer in response:
-                    print(f'{G}[+] {C}{record_type}:{W} {answer}')
+                    print(f'{G}╰➤ {C}{record_type}:{W} {answer}')
                     result['dns'].append(f'{record_type}: {answer}')
             except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.resolver.Timeout):
                 pass
@@ -44,7 +44,7 @@ def dnsrec(domain):
         try:
             dmarc_response = resolver.query(dmarc_target, 'TXT')
             for answer in dmarc_response:
-                print(f'{G}[+] {C}DMARC:{W} {answer}')
+                print(f'{G}╰➤ {C}DMARC:{W} {answer}')
                 result['dmarc'].append(f'DMARC: {answer}')
         except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.resolver.Timeout):
             pass

diff --git a/header.py b/header.py
@@ -12,10 +12,10 @@ def fetch_headers(url):
     try:
         response = requests.get(url, verify=True, timeout=10)  # Enable certificate verification
         headers = response.headers
-        print(f'\n{Y}[!] Headers :{W}\n')
+        print(f'\n{Y}[~] Headers :{W}\n')
         for key, value in headers.items():
             result[key] = value
-            print(f'{G}[+] {C}{key}:{W} {value}')
+            print(f'{G}╰➤ {C}{key}:{W} {value}')
     except requests.exceptions.RequestException as e:
         print(f'\n{R}[-] {C}Exception :{W} {e}\n')
         result['Exception'] = str(e)