iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
GatherInfo v 1.0
  • chroniccommand
    Posts: 1,389
    Here is the release of my newest script, GatherInfo. Currently at version 1.0

    It gathers some information on a host for penetration testing. Here is what it does right now(in order)
    [list=1]
    [*]Whois[/*:m]
    [*]Check if host is up[/*:m]
    [*]Reverse IP check[/*:m]
    [*]Port scan(with popular port checker)[/*:m][/list:o]
    Right now it's quite simple but I may improve it. It writes the output to a (not so) neatly formatted log file which you specify with the -x option. So have fun and please post comments // questions. Also constructive criticism is always good.

    #!/usr/bin/env python
    '''
    GatherInfo.py
    Gathers information against a host for penetration testing
    Author:Chroniccommand
    '''
    import optparse, sys, urllib2, json
    from socket import *
    parser = optparse.OptionParser()
    socksize = 4096
    Options = optparse.OptionGroup(parser, 'Options')
    parser.add_option('-i', '--host',
            action='store', type='string', help=\"Remote host\", metavar=\"HOST\")
    parser.add_option('-p', '--port',
            action='store', type=int, help=\"Remote port\", metavar=\"PORT\")
    parser.add_option('-x', '--outfile',
            action='store', type='string', help='Output file', metavar=\"FILE\")
    parser.add_option_group(Options)
    (opts, args) = parser.parse_args()

        
    class Gather(object):
        def __init__(self, host, port=80, outfile=None):
            self.host = host
            self.port = port
            self.outfile = outfile
        def GatherIt(self):
            print(\"*\" * 30)
            print(\"GatherInfo v 1.0 by Chroniccommand\nPoison security\")
            print(\"*\" * 30)
            print(\"Gathering WHOIS information...\")
            s = socket(AF_INET, SOCK_STREAM)
            s.connect((\"whois.arin.net\", 43))
            host = gethostbyname(self.host)
            s.send(host + \"\r\n\")
            response = ''
            while True:
                resp = s.recv(4000)
                response += resp
                if resp == '':
                    break
            s.close()
            if self.outfile == None:
                print(response)
            else:
                file = open(self.outfile, 'a')
                file.write(\"\n!----- GatherInfo for \" + self.host + \"\n\n\")
                file.write(\"---------------Whois-------------\")
                file.write(response)
                file.write(\"---------------------------------\n\")
                file.close()
            print(\"Checking if host is up...\")
            s = socket(AF_INET, SOCK_STREAM)
            try:
                s.connect((host, self.port))
                print(\"\033[32mHost is up\033[0m\")
                if self.outfile != None:
                    file = open(self.outfile, 'a')
                    file.write(\"\nHost is up\n\")
                    file.close()
            except gaierror: #Catch a service not up error
                print(\"\033[31mHost not up\033[0m\")
                if self.outfile != None:
                    file = open(self.outfile, 'a')
                    file.write(\"\nHost is not up\")
                    file.close()
            print(\"Checking for other hosts. Please wait...\")
            reverser = 'http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php?remoteAddress=%s' % host
            request = urllib2.urlopen(reverser)
            read = request.read()
            request.close()
            readdict = json.loads(read)
            if self.outfile != None:
                file = open(self.outfile, 'a')
                file.write(\"\nReverse IP check:\n\")
                file.write(\"Status: \" + readdict['status'])
                file.write(\"\n-------------------------------------\")
                file.close()
            if readdict['status'] != \"Fail\":
                print(\"Status: \033[32mSuccess\033[0m\")
                for i in readdict[\"domainArray\"]:
                    first = str(i).strip(\"[u'\")
                    final = first.strip(\"', '']\")
                    file = open(self.outfile, 'a')
                    file.write(\"\n\")
                    file.write(final)
                    file.close()
            else:
                print(\"\033[31mFAIL\033[0m\")
                file = open(self.outfile, 'a')
                file.write(\"\n\")
                file.write(\"Reverse IP check failed!\n\")
                file.write(\"Reason: \")
                file.write(readdict[\"message\"])
                file.write(\"\n-------------------------------------------\n\")
                file.close()
            print(\"Port scanning. Please wait...\")
            file = open(self.outfile, 'a')
            file.write(\"\n-----------------Port scan------------\n\")
            file.close()
            portdict = {21:\"FTP\", 22:\"SSH\", 23:\"TELNET\", 24:\"Private mail\", 25:\"SMTP\", 35:\"Private printer\",  42:\"WINS\", 43:\"WHOIS\", 49:\"TACACS Login\", 52:\"XNS - Time\", 53:\"DNS\", 54:\"Clearinghouse\", 67:\"BOOTP - Server\", 68:\"BOOTP - Client\", 70:\"Gopher\", 79:\"FINGER\", 80:\"HTTP\", 88:\"Kerberos\", 110:\"POP3\", 139:\"NETBIOS\", 443:\"HTTPS\", 445:\"Windows file sharing\", 8080:\"HTTP\", 3389:\"MS RDP\", 5900:\"VNC\", 1723:\"VPN\", 1433:\"MS SQL\", 1521:\"Oracle database\", 3306:\"MySQL\"}
            for ports in range(21, 3307):
                s = socket(AF_INET, SOCK_STREAM)
                s.settimeout(0.03) #For some reason when I set it as 0.01 the port didn't show up. 0.03 seems to work
    #            print(\"Checking port %d\" % ports)

                portopen = s.connect_ex((host, ports)) 
                if portopen == 0:
                    if ports in portdict:
                        file = open(self.outfile, 'a')
                        file.write(\"Port: %d is OPEN - %s\" % (ports, portdict[ports]))
                        file.write(\"\n\")
                        file.close()
                    else:
                        file = open(self.outfile, 'a')
                        file.write(\"Port: %d is OPEN - Unknown\" % ports)
                        file.write(\"\n\")
                s.close()
                file.close()
            print(\"GatherInfo is done. Please check %s for details\" % self.outfile)
    if opts.host == None:
        print(\"Usage: %s -i <host> -p <port> -x </path/to/output.txt>\" % sys.argv[0])
        print(\"Options:\")
        print(\"-i      Remote host\")
        print(\"-p      Remote port\")
        print(\"-x      Output file\")
        print(\"-h      Help\")
        print(\"GatherInfo version 1.0\")
        sys.exit()
    elif opts.port == None:
        print(\"Usage: %s -i <host> -p <port> -x </path/to/output.txt>\" % sys.argv[0])
        print(\"Options:\")
        print(\"-i      Remote host\")
        print(\"-p      Remote port\")
        print(\"-x      Output file\")
        print(\"-h      Help\")
        print(\"GatherInfo version 1.0\")
        sys.exit()
    elif len(sys.argv) == 0:
        print(\"Usage: %s -i <host> -p <port> -x </path/to/output.txt>\" % sys.argv[0])
        print(\"Options:\")
        print(\"-i      Remote host\")
        print(\"-p      Remote port\")
        print(\"-x      Output file\")
        print(\"-h      Help\")
        print(\"GatherInfo version 1.0\")
        sys.exit()
    else:
        getinit = Gather(opts.host, opts.port, opts.outfile)
        getinit.GatherIt()
    #Debug // Testing
    #getinit = Gather(\"google.com\", 80, 'file.txt')
    #getinit.GatherIt()


    --chroniccommand
  • s1n4
    Posts: 88
    Thanks nice share :)

    I enjoyed this :)
  • chroniccommand
    Posts: 1,389
    said:



    Thanks nice share :)

    I enjoyed this :)



    Thanks for the compliment :)
  • Corrosion
    Posts: 121
    Very nice man, perhaps you'd be interested in helping me write some scripts for corrosivelinux to automate different tasks?
  • chroniccommand
    Posts: 1,389
    said:


    Very nice man, perhaps you'd be interested in helping me write some scripts for corrosivelinux to automate different tasks?



    Sure thing. Just PM me if you need anything written. I'll gladly write some stuff if I have free time(which I probably will)
  • McKittrick
    Posts: 194
    couldn't i do all of the above from a typical SamSpade site on the web (and remain anonymous to boot)?
  • Sh3llc0d3
    Posts: 1,910
    said:


    couldn't i do all of the above from a typical SamSpade site on the web (and remain anonymous to boot)?



    Apart from the port scanning, pretty much.
  • Xin
    Posts: 3,251
    Nice tool, im sure ive already commented on this though :S
    Xin
  • Sh3llc0d3
    Posts: 1,910
    said:


    Nice tool, im sure ive already commented on this though :S



    ...Not just me having issues?
  • Xin
    Posts: 3,251
    said:


    couldn't i do all of the above from a typical SamSpade site on the web (and remain anonymous to boot)?



    I think its more the example code to show people than for practical use as obviously its not going to have the same productiviy and features as something like nmap.
    Xin
  • Xin
    Posts: 3,251
    said:


    said:


    Nice tool, im sure ive already commented on this though :S



    ...Not just me having issues?


    Yeah im not sure why that happened, very strange.
    Xin
Add a Comment