-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpy-ci.py
executable file
·138 lines (110 loc) · 4.11 KB
/
py-ci.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#!/usr/bin/python3.6
import requests
from requests.auth import HTTPBasicAuth
from requests.auth import HTTPDigestAuth
#from optparse import OptionParser
#import oauthlib
import argparse
import socket
import sys
from time import sleep
# py-ci -a basic -u "admin" -p "12345678" -l [list] 192.168.0.4 -h host
def main():
# testargs = ["-t", "search", "-a", "basic", "-u", "root", "-p", "root", "-l", "wordlists/wordlist", "-w", "http://192.168.0.200/cgi-bin/admin/"]
parser = argparse.ArgumentParser()
parser.add_argument("--auth", "-a", help="Type of authentication to use against target, default none", action="store", type=str, dest="auth")
parser.add_argument("--username", "-u", help="Username to use on remote host", action="store", type=str, dest="user")
parser.add_argument("--password", "-p", help="Password to use on remote host", action="store", type=str, dest="password")
parser.add_argument("--wordlist", "-l", help="List of files to look for on remote host", action="store", type=str, dest="file")
parser.add_argument("--host", "-w", help="Remote host to target", action="store", type=str, dest="host")
parser.add_argument("--port", "-n", help="Port to attempt scan on", action="store", type=int, dest="port")
parser.add_argument("--type", "-t", help="Action to carry out, search or inject, default search", action="store", type=str, dest="type")
if len(sys.argv) == 1:
parser.print_help()
sys.exit()
else:
args = parser.parse_args()
start(args)
def start(args):
#check for host
if args.host:
host = args.host
else:
print("ERROR: No target host specified")
sys.exit(1)
# check for port else set to 80
if args.port:
port = args.port
else:
port = 80
#check for word list file
if args.file:
try:
file = open(args.file, 'r').read().splitlines()
except FileNotFoundError:
print("ERROR: Failed to find " + args.file)
sys.exit(1)
if args.auth:
if args.user is None:
print("ERROR: No username specified")
sys.exit(1)
if args.password is None:
print("ERROR: No username specified")
sys.exit(1)
if args.auth == "basic":
auth = HTTPBasicAuth(args.user, args.password)
elif args.auth == "digest":
auth = HTTPDigestAuth()
else:
print("ERROR: Unknown auth type " + args.auth)
sys.exit(1)
if args.type:
if args.type == "inject":
inject(file, host, port, auth)
elif args.type == "search":
search(file, host, port, auth)
else:
print("ERROR: No type specified")
sys.exit(1)
def readfile(uri):
try:
file = open(uri, 'r').read().splitlines()
return file
except FileNotFoundError:
print("Error File not found")
sys.exit(1)
def search(wordlist, host, port, auth=None,):
if auth:
results = []
session = requests.session()
for i in range(0, len(wordlist)):
url = host + wordlist[i]
try:
response = session.get(url, auth=auth)
results.append((response.status_code, url))
sleep(0.5) # sleep for half second so we dont overload the device
except requests.exceptions.ConnectionError:
results.append(("Connection refused", url))
print_results(results)
def listen():
icmp_socket = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
icmp_socket.settimeout(5)
try:
count = 0
while count < 3:
print("listening")
data = icmp_socket.recv(1024)
header = data[:20]
ip = header[-8:-4]
print(str(ip[0]) + "." + str(ip[1]) + "." + str(ip[2]) + "." + str(ip[3]))
except socket.timeout:
print("Timed out waiting")
def inject():
print("inject")
def print_results(results):
for i, j in results:
print(str(i) + ": " + j)
def sendrequest():
print("todo")
if __name__ == "__main__":
main()