updates

gotr00t0day · Nov 7, 2023 · bf033a9 · bf033a9
1 parent 4b0490e
commit bf033a9
Show file tree

Hide file tree

Showing 7 changed files with 76 additions and 26 deletions.
diff --git a/gsec.py b/gsec.py
@@ -17,7 +17,7 @@
 #
 ##################################################################################
 
-version = "v1.5"
+version = "v1.6"
 
 banner = f"""
     .__________________________.
@@ -130,6 +130,7 @@ async def main():
                 print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} PROTOCOL: {Fore.GREEN}https")
             if "http://" in args.target:
                 print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} PROTOCOL: {Fore.GREEN}http")
+            geolocation.scan_ip(args.target)
             optionscheck.Get_Options(args.target)
             portscanner.portscanner(args.target)
             fetch_requests.get_headers(args.target)

diff --git a/modules/fetch_requests.py b/modules/fetch_requests.py
@@ -7,7 +7,6 @@
 import sys
 import ssl
 import re
-import test
 
 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 
@@ -20,6 +19,9 @@ def do_requests(url: str, proxy = None) -> str:
         res = sessions.get(url, verify=False, headers=header, allow_redirects=True)
         if res.status_code == 200:
             print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} {url} {Fore.GREEN}200")
+            soup = BeautifulSoup(res.text, 'html.parser')
+            title = soup.find("title")
+            print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} Title: {Fore.YELLOW} ({title.get_text()})")
         elif res.status_code == 403:
             soup = BeautifulSoup(res.text, 'html.parser')
             title = soup.find("title")
@@ -54,6 +56,7 @@ def get_headers(url: str) -> str:
     server_output = []
     via_output = []
     x_poweredby_output = []
+    x_generator = []
     try:
         res = sessions.get(url, verify=False, headers=header)
         if res.status_code == 200:
@@ -64,6 +67,8 @@ def get_headers(url: str) -> str:
                     via_output.append(desc)
                 if value == "X-Powered-By":
                     x_poweredby_output.append(desc)
+                if value == "X-Generator":
+                    x_generator.append(desc)
 
             if server_output:
                 print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} SERVER: {Fore.GREEN}{', '.join(map(str,server_output))}")
@@ -89,6 +94,8 @@ def get_headers(url: str) -> str:
                 pass
             if x_poweredby_output:
                 print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} X-Powered-By: {Fore.GREEN}{', '.join(map(str,x_poweredby_output))}")
+            if x_generator:
+                print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} X-Generator: {Fore.GREEN}{', '.join(map(str,x_generator))}")
 
     except requests.exceptions.InvalidSchema:
         print("Please use https://www.target.com")

diff --git a/parsers/nuclei.py b/parsers/nuclei.py
@@ -25,6 +25,4 @@ def parse():
                             if "name" in k2:
                                 new_v2 = v2.split(" ")[0]
                                 results.append(f"Vulnerability: {v2}")
-                                print(f"{Fore.MAGENTA}Vulnerability: {Fore.GREEN}{v2}")
-        with open("results.txt", "w") as f:
-            f.writelines(f"{results}\n")
+                                print(f"{Fore.MAGENTA}Vulnerability: {Fore.GREEN}{v2}")
diff --git a/plugins/geolocation.py b/plugins/geolocation.py
@@ -0,0 +1,34 @@
+import requests
+from colorama import Fore
+import json
+import socket
+
+def scan_ip(domain: str) -> str:
+    if "https://" in domain:
+        domain = domain.replace("https://", "")
+    if "http://" in domain:
+        domain = domain.replace("http://", "")
+    if "https://www." in domain:
+        domain = domain.replace("https://www.", "")
+    if "http://www." in domain:
+        domain = domain.replace("http://www.", "")
+
+    try:
+        ip = socket.gethostbyname(domain)     
+        url = f'https://geolocation-db.com/jsonp/{ip}'
+        r = requests.get(url)
+        result = r.content.decode()
+        result = result.split("(")[1].strip(")")
+        result  = json.loads(result)
+        info = []
+        for k,v in result.items():
+            if "country_name" in k:
+                info.append(v)
+            if "city" in k:
+                if v is None:
+                    pass
+                else:
+                    info.append(v)
+        print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} GeoLocation: {Fore.GREEN}{', '.join(map(str, info))}")
+    except socket.gaierror:
+        pass
diff --git a/plugins/optionscheck.py b/plugins/optionscheck.py
@@ -17,22 +17,22 @@ def Get_Options(url: str) -> str:
     if allowed:
         allowed = ", ".join(allowed)
         print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} OPTIONS: {Fore.GREEN}{allowed}")
+        methods = []
         if "PUT" not in allowed or "DELETE" not in allowed:
             # Check for HTTP Method Override
             http_method_delete = {"X-HTTP-Method": "DELETE"}
             http_method_put = {"X-HTTP-Method": "PUT"}
             r_method_override = s.get(f"{url}", verify=False, headers=http_method_delete)
             if r_method_override.status_code == 200:
-                print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} OPTIONS: {Fore.GREEN}HTTP Method Override Possible for DELETE")
+                methods.append("DELETE")
             elif r_method_override.status_code == 405:
                 pass
             r_method_put = s.get(f"{url}", verify=False, headers=http_method_put)
             if r_method_put.status_code == 200:
-                print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} OPTIONS: {Fore.GREEN}HTTP Method Override Possible for PUT")
+                methods.append("PUT")
             elif r_method_put.status_code == 405:
                 pass
-
-
-
+        if methods:
+            print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} HTTP Method Override: {Fore.GREEN}Possible For {Fore.YELLOW}{', '.join(map(str, methods))}")
     else:
         pass
diff --git a/utils/cmsscanner.py b/utils/cmsscanner.py
@@ -5,6 +5,7 @@
 from utils import techscanner
 import requests
 import re
+import urllib3
 
 requests.packages.urllib3.disable_warnings()
 
@@ -37,20 +38,22 @@ def Wp(url: str) -> str:
         if "Wordpress" in meta_tag:
             wp_meta.append(meta_tag)
         gen = soup.find_all("meta", attrs={'name':'generator'})
-        if gen == None:
+        if gen is None:
             pass
         else:
             print(gen[0].get_text())
     if wp or wp_readme or wp_meta:
         CMS.append("Wordpress")
         vuln_scan.apache_vuln_scan(url)
         vuln_scan.wordpress_vuln_scan(url)
-        xmlrpc_file = requests.get(f"{url}/xmlrpc.php", verify=False, headers=header)
+        s = requests.Session()
+        xmlrpc_file = s.get(f"{url}/xmlrpc.php", verify=False, headers=header)
         if xmlrpc_file.status_code == 200:
             print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} XMLRPC: {Fore.GREEN}{url}/xmlrpc")
         else:
             pass
-
+    if wp:
+        print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} WP Directories: {Fore.GREEN}{', '.join(map(str,wp))}")
 
 # Check for Joomla
 
@@ -171,19 +174,25 @@ def PhpBB(url: str) -> str:
     cookies = []
     source = []
     tech = []
-    res = requests.get(url, verify=False, headers=header)
-    for item, value in res.headers.items():
-        if "phpbb_" in value:
-            cookies.append("phpbb")
-    res2 = requests.get(url, verify=False, headers=header)
-    if "phpBB" in res2.text and "404" not in res2.text:
-        source.append("phpbb")
-    technologies = techscanner.builtwith(url)
-    if "phpBB" in technologies:
-        tech.append("phpBB")
-    if cookies or source or tech:
-        CMS.append("phpBB")
-        vuln_scan.phpbb_vuln_scan(url)
+    try:
+        res = requests.get(url, verify=False, headers=header)
+        for item, value in res.headers.items():
+            if "phpbb_" in value:
+                cookies.append("phpbb")
+        res2 = requests.get(url, verify=False, headers=header)
+        if "phpBB" in res2.text and "404" not in res2.text:
+            source.append("phpbb")
+        technologies = techscanner.builtwith(url)
+        if "phpBB" in technologies:
+            tech.append("phpBB")
+        if cookies or source or tech:
+            CMS.append("phpBB")
+            vuln_scan.phpbb_vuln_scan(url)
+    except requests.exceptions.ConnectTimeout:
+        pass
+    except urllib3.exceptions.MaxRetryError:
+        pass
+
 
 def Shopify(url: str) -> str:
     shopify_name = []

diff --git a/vuln_db/nuclei_vulns.py b/vuln_db/nuclei_vulns.py
@@ -6,6 +6,7 @@
 def nuclei_cve_scan(domain: str) -> str:
     sub_output.subpro_scan(f"nuclei -u {domain} -t http/cves/ -severity medium,high,critical -silent -c 100 -j -o vulnerable.json")
     sub_output.subpro_scan(f"nuclei -u {domain} -t http/vulnerabilities/ -severity medium,high,critical -silent -c 100 -j -o vulnerable.json")
+    sub_output.subpro_scan(f"nuclei -u {domain} -t http/misconfiguration/ -severity high,critical -silent -c 100 -j -o vulnerable.json")
     nuclei.parse()