From 5bcbcd848aa5863d62ccb1f7f7d51f4ea15baf8c Mon Sep 17 00:00:00 2001 From: Elijah Wilson Date: Thu, 28 Sep 2017 19:54:13 -0700 Subject: [PATCH 1/2] support multiple word lists --- VHostScan.py | 60 +++++++++++++++++--------------------- lib/helpers/file_helper.py | 31 +++++++++++++++++++- 2 files changed, 57 insertions(+), 34 deletions(-) diff --git a/VHostScan.py b/VHostScan.py index 48e6d2a..1ad7d7a 100644 --- a/VHostScan.py +++ b/VHostScan.py @@ -5,6 +5,7 @@ from argparse import ArgumentParser from lib.core.virtual_host_scanner import * from lib.helpers.output_helper import * +from lib.helpers.file_helper import get_combined_word_lists from lib.core.__version__ import __version__ @@ -18,7 +19,7 @@ def main(): print_banner() parser = ArgumentParser() parser.add_argument("-t", dest="target_hosts", required=True, help="Set a target range of addresses to target. Ex 10.11.1.1-255" ) - parser.add_argument("-w", dest="wordlist", required=False, type=str, help="Set the wordlist to use (default ./wordlists/virtual-host-scanning.txt)", default=False) + parser.add_argument("-w", dest="wordlists", required=False, type=str, help="Set the wordlists to use (default ./wordlists/virtual-host-scanning.txt)", default=False) parser.add_argument("-b", dest="base_host", required=False, help="Set host to be used during substitution in wordlist (default to TARGET).", default=False) parser.add_argument("-p", dest="port", required=False, help="Set the port to use (default 80).", default=80) parser.add_argument("-r", dest="real_port", required=False, help="The real port of the webserver to use in headers when not 80 (see RFC2616 14.23), useful when pivoting through ssh/nc etc (default to PORT).", default=False) @@ -33,39 +34,32 @@ def main(): parser.add_argument("-", dest="stdin", action="store_true", help="By passing a blank '-' you tell VHostScan to expect input from stdin (pipe).", default=False) arguments = parser.parse_args() - wordlist = list() - - if(arguments.stdin and not arguments.wordlist): + wordlist = [] + + word_list_types = [] + + default_wordlist = "./wordlists/virtual-host-scanning.txt" if not arguments.stdin else None + + if arguments.stdin: + word_list_types.append('stdin') wordlist.extend(list(line for line in sys.stdin.read().splitlines())) - print("[+] Starting virtual host scan for %s using port %s and stdin data" % (arguments.target_hosts, - str(arguments.port))) - elif(arguments.stdin and arguments.wordlist): - if not os.path.exists(arguments.wordlist): - wordlist.extend(list(line for line in sys.stdin.read().splitlines())) - print("[!] Wordlist %s doesn't exist and can't be appended to stdin." % arguments.wordlist) - print("[+] Starting virtual host scan for %s using port %s and stdin data" % (arguments.target_hosts, - str(arguments.port))) - else: - wordlist.extend(list(line for line in open(arguments.wordlist).read().splitlines())) - print("[+] Starting virtual host scan for %s using port %s, stdin data, and wordlist %s" % (arguments.target_hosts, - str(arguments.port), - arguments.wordlist)) - else: - if not arguments.wordlist: - wordlist.extend(list(line for line in open("./wordlists/virtual-host-scanning.txt").read().splitlines())) - print("[+] Starting virtual host scan for %s using port %s and wordlist %s" % ( arguments.target_hosts, - str(arguments.port), - "./wordlists/virtual-host-scanning.txt")) - else: - if not os.path.exists(arguments.wordlist): - print("[!] Wordlist %s doesn't exist, unable to scan." % arguments.wordlist) - sys.exit() - else: - wordlist.extend(list(line for line in open(arguments.wordlist).read().splitlines())) - print("[+] Starting virtual host scan for %s using port %s and wordlist %s" % ( arguments.target_hosts, - str(arguments.port), - str(arguments.wordlist))) - + + combined = get_combined_word_lists(arguments.wordlists or default_wordlist) + word_list_types.append('wordlists: {}'.format( + ', '.join(combined['file_paths']), + )) + wordlist.extend(combined['words']) + + if len(wordlist) == 0: + print("[!] No words found in provided wordlists, unable to scan.") + sys.exit(1) + + print("[+] Starting virtual host scan for {host} using port {port} and {inputs}".format( + host=arguments.target_hosts, + port=arguments.port, + inputs=', '.join(word_list_types), + )) + if(arguments.ssl): print("[>] SSL flag set, sending all results over HTTPS") diff --git a/lib/helpers/file_helper.py b/lib/helpers/file_helper.py index 66d9fc4..7df355c 100644 --- a/lib/helpers/file_helper.py +++ b/lib/helpers/file_helper.py @@ -25,4 +25,33 @@ def is_json(json_file): def write_file(self, contents): with open(self.output_file, "w") as o: - o.write(contents) \ No newline at end of file + o.write(contents) + + +def parse_word_list_argument(argument): + if not argument: + return [] + + if ',' in argument: + files = [arg.strip() for arg in argument.split(',')] + else: + files = [argument.strip()] + + return [ + path for path in files + if os.path.exists(path) + ] + + +def get_combined_word_lists(argument): + files = parse_word_list_argument(argument) + words = [] + + for path in files: + with open(path) as f: + words.extend(f.read().splitlines()) + + return { + 'file_paths': files, + 'words': words, + } From 87f618adb5bd78466db2960ade432fdb7b4f2c4f Mon Sep 17 00:00:00 2001 From: Michael <886344+codingo@users.noreply.github.com> Date: Mon, 2 Oct 2017 16:53:16 +1000 Subject: [PATCH 2/2] Update __version__.py --- lib/core/__version__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/__version__.py b/lib/core/__version__.py index 9fdc513..27d8385 100644 --- a/lib/core/__version__.py +++ b/lib/core/__version__.py @@ -2,5 +2,5 @@ # |V|H|o|s|t|S|c|a|n| Developed by @codingo_ & @__timk # +-+-+-+-+-+-+-+-+-+ https://github.com/codingo/VHostScan -__version__ = '1.0' +__version__ = '1.3'