From d02528e38522b274519feb253de2d5c0fef3fa8f Mon Sep 17 00:00:00 2001 From: lan-party Date: Tue, 24 Sep 2024 20:24:25 -0500 Subject: [PATCH] 8 years of programming experience later.. I kinda like the previous version more. --- README.md | 6 +- design.ui | 291 ---------------------------------------- dorks.txt | 55 ++++++++ found_targets.tsv | 0 scanned_netblocks.txt | 0 spiderdork.py | 258 ++++++++++++++++++++++++----------- unscanned_netblocks.txt | 0 7 files changed, 236 insertions(+), 374 deletions(-) delete mode 100644 design.ui create mode 100644 dorks.txt create mode 100644 found_targets.tsv create mode 100644 scanned_netblocks.txt create mode 100644 unscanned_netblocks.txt diff --git a/README.md b/README.md index c2b220d..a2a5d20 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,2 @@ # Spider-Dork -Based on my wordpresss crawler. Takes a dork, list of extensions, and confirmation text to find servers running a specific website framework. Outputs to text file. -# to do -Implement GUI, -Add URL mode and IP mode, -Maybe diferentiate between HTTP and HTTPS +A web crawler script for finding web servers from random ip ranges and searching for strings. \ No newline at end of file diff --git a/design.ui b/design.ui deleted file mode 100644 index 06ac7ba..0000000 --- a/design.ui +++ /dev/null @@ -1,291 +0,0 @@ - - - Dialog - - - - 0 - 0 - 614 - 202 - - - - Spider Dork - - - - - - 1 - - - - About - - - - - - - - - - - MS Shell Dlg 2 - 13 - 50 - false - true - - - - Spider Dork | Web crawler and framework identifier - - - Qt::AutoText - - - Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop - - - - - - - - 11 - - - - By Landon Burress - - - Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop - - - - - - - - 11 - - - - Contact: landon.burress@gmail.com - - - Qt::AlignLeading|Qt::AlignLeft|Qt::AlignTop - - - - - - - - - - 7 - - - - Qt::LeftToRight - - - Copyright Red and Blue Security Company - - - Qt::AlignBottom|Qt::AlignRight|Qt::AlignTrailing - - - - - - - - - - Configure - - - - - - - - - - URL Dork List: - - - - - - - Select File - - - - - - - Subdomain List: - - - - - - - Select File - - - - - - - Extension List: - - - - - - - Select File - - - - - - - - - - - Confirmation String: - - - - - - - WordPress - - - - - - - Character List: - - - - - - - qwertyuiopasdfghjklzxcvbnm0123456789 - - - - - - - - - - - Target Limit: - - - - - - - 50 - - - - - - - Thread Number: - - - - - - - 20 - - - - - - - - - - - Output File: - - - - - - - Select File - - - - - - - - - - - - Run - - - - - - - - - - - - - Start - - - - - - - Pause - - - - - - - Stop - - - - - - - - - - - - - - - - diff --git a/dorks.txt b/dorks.txt new file mode 100644 index 0000000..a5a379d --- /dev/null +++ b/dorks.txt @@ -0,0 +1,55 @@ +username +password +router +cctv +dvr +cisco +camera +printer +login +live view +video server +EvoCam +Live NetSnap Cam-Server feed +WJ-NTI 04 Main Page +toshiba +sony +netcam +bluenet video viewer +veo observer tx +webcam +video web server +WEBDVR +supervisioncam protocol +ip cam +linksys +mobotix +canon +panasonic +hikvision +bosch +axis communications +ubiquiti +dahua +pelco +reolink +verkada +tp-link +asus +netgear +belkin +acer +at&t +comcast +huawei +broadcom +juniper +nokia +realtek +mikrotik +zyxel +draytek +ericsson +meraki +d-link +scada \ No newline at end of file diff --git a/found_targets.tsv b/found_targets.tsv new file mode 100644 index 0000000..e69de29 diff --git a/scanned_netblocks.txt b/scanned_netblocks.txt new file mode 100644 index 0000000..e69de29 diff --git a/spiderdork.py b/spiderdork.py index 7b9dcd9..a631e6c 100644 --- a/spiderdork.py +++ b/spiderdork.py @@ -1,79 +1,181 @@ -#!/usr/bin/python -import urllib2 -import thread -import sys - - -def usage(): - print("./script [conf string]\n") - print(" -D path/to/dork/list/file.txt") - print(" -S path/to/subdomain/list/file.txt\n") - - print(" -l target limit") - print(" -t Thread number") - print(" -X path/to/extension/list/file.txt") - print(" -c character list qwertyuiopasdfghjklzxcvbnm") - print(" -O output file location") - print(" -lod load save location") - -def baseN(num, b, numerals="0123456789qwertyuiopasdfghjklzxcvbnm"): - return ((num == 0) and numerals[0]) or (baseN(num // b, b, numerals).lstrip(numerals[0]) + numerals[num % b]) - -def scan(dork, subd, tlim, tnum, xlia, clis, ofil, conf, load): - while True: - address = "" - for a in range(0, len(dork)): - for b in range(0, len(subd)): - for c in range(0, len(xlis)): - try: - address = subd[b] + baseN(load, len(clis), clis) + xlis[c] + dork[a] - page = urllib2.urlopen("http://" + address).read() - if conf in page: - open(ofil, "a").write(address + "\n") - print(address + " - Found one!") - else: - print(address + " - No Confirmation.") - except Exception, e: - print(address + " - Not Found.") - load += tnum - - -dork = [""] -subd = [""] -xlis = [""] -clis = "" -conf = "" -ofil = "" -tlim = 0 -tnum = 0 -save = 0 - -if len(sys.argv) < 4: - usage() -else: - conf = sys.argv[1] - for a in range(2, len(sys.argv), +2): - if sys.argv[a] == "-D": - dork = open(str(sys.argv[a+1])).read().splitlines() - elif sys.argv[a] == "-S": - subd = open(str(sys.argv[a+1])).read().splitlines() - elif sys.argv[a] == "-l": - tlim = int(sys.argv[a+1]) - elif sys.argv[a] == "-t": - tnum = int(sys.argv[a+1]) - elif sys.argv[a] == "-X": - xlis = open(str(sys.argv[a+1])).read().splitlines() - elif sys.argv[a] == "-c": - clis = str(sys.argv[a+1]) - elif sys.argv[a] == "-O": - ofil = str(sys.argv[a+1]) - elif sys.argv[a] == "-lod": - save = int(sys.argv[a+1]) - else: - usage() - break - for b in range(save, save+tnum): - thread.start_new_thread(scan, (dork, subd, tlim, tnum, xlis, clis, ofil, conf, b)) - - while True: +import random +import socket +import requests +import hashlib +import json +import time +import threading + +# Netblock queues +unscanned_netblocks_file = open("unscanned_netblocks.txt", "r") +unscanned_netblocks = unscanned_netblocks_file.read().splitlines() +unscanned_netblocks_file.close() +scanned_netblocks_file = open("scanned_netblocks.txt", "r") +scanned_netblocks = scanned_netblocks_file.read().splitlines() +scanned_netblocks_file.close() + +dorklist = open("dorks.txt", "r").read().splitlines() + +# Functions + +def random_netblock(thread_id): + global unscanned_netblocks + global scanned_netblocks + + byte1 = random.randint(1, 255) + byte2 = random.randint(1, 255) + byte3 = random.randint(0, 255) + netblock = str(byte1)+"."+str(byte2)+"."+str(byte3)+"." + + # if(int(thread_id) % 2 == 0 or len(unscanned_netblocks) == 0): + if(int(thread_id) % 2 == 0 or len(unscanned_netblocks) == 0 and False): + + while (byte1 == 10) or (byte1 == 127 and byte2 >= 16 and byte2 <= 31) or (byte1 == 192 and byte2 == 168) or (netblock in scanned_netblocks): + byte1 = random.randint(1, 255) + byte2 = random.randint(1, 255) + byte3 = random.randint(0, 255) + netblock = str(byte1)+"."+str(byte2)+"."+str(byte3)+"." + else: + random.shuffle(unscanned_netblocks) + netblock = unscanned_netblocks.pop(0) + + scanned_netblocks.append(netblock) + + return netblock + +def http_scan(netblock, thread_id): + ips = [] + for a in range(0, 255): + ip = netblock+str(a) + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + socket.setdefaulttimeout(2) + if sock.connect_ex((ip,80)) == 0: + ips.append(ip) + if len(ips) == 1: + print(thread_id.ljust(3) + " | HTTP found in netblock.") + sock.close() + + return ips + +def dorklist_check(ips, thread_id): + matching_addresses = [] + if len(ips) > 0: + for ip in ips: + try: + resp = requests.get("http://"+ip).text.lower() + matching_dorks = [] + for dork in dorklist: + if dork.lower() in resp: + matching_dorks.append(dork) + if len(matching_dorks) > 0: + matching_addresses.append([ip, resp, matching_dorks]) + if len(matching_addresses) == 1: + print(thread_id.ljust(3) + " | Dork found in netblock.") + except Exception: pass + return matching_addresses + +def save_addresses(addresses): + append_content = "" + for address in addresses: + # Get page title + title = "" + try: + title = address[1].replace(" ", "").replace("\r", "").replace("\n", "").replace("\t", "").split("")[1] + title = title.split(" 0: + netblock = netblock.split(".") + netblock_start = netblock[0] + "." + netblock[1] + "." + + if int(netblock[2]) > 0: + new_netblock = netblock_start + str(int(netblock[2])-1) + "." + if new_netblock not in unscanned_netblocks and new_netblock not in scanned_netblocks: + unscanned_netblocks.append(new_netblock) + + if int(netblock[2]) < 255: + new_netblock = netblock_start + str(int(netblock[2])+1) + "." + if new_netblock not in unscanned_netblocks and new_netblock not in scanned_netblocks: + unscanned_netblocks.append(new_netblock) + + +# Thread function + +def scan(thread_id): + while True: + # Random /24 netblock generation + nb = random_netblock(thread_id) + print(thread_id.ljust(3) + " | block: " + nb + "0/24") + + # Return a list of ips with port 80 open + http_addresses = http_scan(nb, thread_id) + total = str(len(http_addresses)) + if len(http_addresses) > 0: + total = '\033[96m' + total + '\033[0m' + print(thread_id.ljust(3) + " | block: " + (nb + "0/24").ljust(16) + " | total: " + total) + + # Search each index for word list matches + matching_addresses = dorklist_check(http_addresses, thread_id) + matches = str(len(matching_addresses)) + if (len(matching_addresses)) > 0: + matches = '\033[92m' + matches + '\033[0m' + print(thread_id.ljust(3) + " | block: " + (nb + "0/24").ljust(16) + " | total: " + total.ljust(3) + " | matches: " + matches) + + # Save ip and collected info + save_addresses(matching_addresses) + + # Add nearby netblocks to the unscanned queue + update_queue(matching_addresses, nb) + +def sync_queues(): + global unscanned_netblocks + global scanned_netblocks + + while True: + time.sleep(60) + unscanned_netblocks_file = open("unscanned_netblocks.txt", "w") + unscanned_netblocks_file.write("\n".join(unscanned_netblocks)) + unscanned_netblocks_file.close() + + scanned_netblocks_file = open("scanned_netblocks.txt", "w") + scanned_netblocks_file.write("\n".join(scanned_netblocks)) + scanned_netblocks_file.close() + print("S | Queues synced.") + + +# Start threads + +sync_thread = threading.Thread(target=sync_queues) +sync_thread.start() + +threads = [] +for a in range(0, 20): + threads.append(threading.Thread(target=scan, args=(str(a),))) + threads[a].start() + time.sleep(29) diff --git a/unscanned_netblocks.txt b/unscanned_netblocks.txt new file mode 100644 index 0000000..e69de29