doorknock 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: aca3b8073e39239084ca55a182739b6a4a72c0584f3478a4ade145cf518231ca
4
+ data.tar.gz: 3e03f71f011352c19ce507c6eae125a21bf3365fdcd1f3e3094707e690d02155
5
+ SHA512:
6
+ metadata.gz: 9ce840c798ea4d6922f579f4e2a7f573b9d748cc641889e79c6833f2056cb6704885bdee0d9e5fe3a56e32fbbf9904bf11e5c3bb5236d29fb9e2126080b00078
7
+ data.tar.gz: d8707270fc5824f030f713542e9b65d19e1c59d75594b0e36ca066e593b9d3e52718bb06738fa14793eeb7c8fec6cb53af40dbe46d4175e68fc3643249f13066
data/.gitignore ADDED
@@ -0,0 +1,53 @@
1
+ *.gem
2
+ *.rbc
3
+ /.config
4
+ /coverage/
5
+ /InstalledFiles
6
+ /pkg/
7
+ /spec/reports/
8
+ /spec/examples.txt
9
+ /test/tmp/
10
+ /test/version_tmp/
11
+ /tmp/
12
+
13
+ # Used by dotenv library to load environment variables.
14
+ # .env
15
+
16
+ ## Specific to RubyMotion:
17
+ .dat*
18
+ .repl_history
19
+ build/
20
+ *.bridgesupport
21
+ build-iPhoneOS/
22
+ build-iPhoneSimulator/
23
+
24
+ ## Specific to RubyMotion (use of CocoaPods):
25
+ #
26
+ # We recommend against adding the Pods directory to your .gitignore. However
27
+ # you should judge for yourself, the pros and cons are mentioned at:
28
+ # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
29
+ #
30
+ # vendor/Pods/
31
+
32
+ ## Documentation cache and generated files:
33
+ /.yardoc/
34
+ /_yardoc/
35
+ /doc/
36
+ /rdoc/
37
+
38
+ ## Environment normalization:
39
+ /.bundle/
40
+ /vendor/bundle
41
+ /lib/bundler/man/
42
+
43
+ # for a library or gem, you might want to ignore these files since the code is
44
+ # intended to run in multiple environments; otherwise, check them in:
45
+ Gemfile.lock
46
+ .ruby-version
47
+ .ruby-gemset
48
+
49
+ # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
50
+ .rvmrc
51
+
52
+ ## RSpec
53
+ .rspec_status
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/.travis.yml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ sudo: false
3
+ language: ruby
4
+ cache: bundler
5
+ rvm:
6
+ - 2.6.1
7
+ before_install: gem install bundler -v 2.0.1
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source "https://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in doorknock.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2019 Manabu Niseki
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,35 @@
1
+ # Doorknock
2
+
3
+ [![Build Status](https://travis-ci.org/ninoseki/doorknock.svg?branch=master)](https://travis-ci.org/ninoseki/doorknock)
4
+ [![Coverage Status](https://coveralls.io/repos/github/ninoseki/doorknock/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/doorknock?branch=master)
5
+
6
+ A doorknocking tool targeting phishing admin panels.
7
+
8
+ ## Installation
9
+
10
+ ```bash
11
+ % gem install doorknock
12
+ ```
13
+
14
+ ## Usage
15
+
16
+ ```bash
17
+ $ doorknock
18
+ Commands:
19
+ doorknock help [COMMAND] # Describe available commands or one specific command
20
+ doorknock knock # knock phishing websites
21
+
22
+ $ doorknock help knock
23
+ Usage:
24
+ doorknock knock
25
+
26
+ Options:
27
+ [--size=N] # Number of urlscan.io's search results to check. (Max: 10,000)
28
+ # Default: 100
29
+
30
+ knock phishing websites
31
+ ```
32
+
33
+ ## License
34
+
35
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "doorknock"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/doorknock.gemspec ADDED
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ lib = File.expand_path('lib', __dir__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+ require "doorknock/version"
6
+
7
+ Gem::Specification.new do |spec|
8
+ spec.name = "doorknock"
9
+ spec.version = DoorKnock::VERSION
10
+ spec.authors = ["Manabu Niseki"]
11
+ spec.email = ["manabu.niseki@gmail.com"]
12
+
13
+ spec.summary = 'Phishing kit admin panel tracker.'
14
+ spec.description = 'Phishing kit admin panel tracker.'
15
+ spec.homepage = "https://github.com/ninoseki/doorknock"
16
+ spec.license = "MIT"
17
+
18
+ # Specify which files should be added to the gem when it is released.
19
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
20
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
21
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
22
+ end
23
+ spec.bindir = "exe"
24
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
25
+ spec.require_paths = ["lib"]
26
+
27
+ spec.add_development_dependency "bundler", "~> 2.0"
28
+ spec.add_development_dependency "coveralls", "~> 0.8"
29
+ spec.add_development_dependency "glint", "~> 0.1"
30
+ spec.add_development_dependency "rake", "~> 12.3"
31
+ spec.add_development_dependency "rspec", "~> 3.8"
32
+ spec.add_development_dependency "vcr", "~> 4.0"
33
+ spec.add_development_dependency "webmock", "~> 3.5"
34
+
35
+ spec.add_dependency "http", "~> 4.0"
36
+ spec.add_dependency "oga", "~> 2.15"
37
+ spec.add_dependency "thor", "~> 0.19.0"
38
+ end
data/exe/doorknock ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ $LOAD_PATH.unshift("#{__dir__}/../lib")
5
+
6
+ require "doorknock"
7
+
8
+ DoorKnock::CLI.start
@@ -0,0 +1,14 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "thor"
4
+
5
+ module DoorKnock
6
+ class CLI < Thor
7
+ desc "knock", "knock phishing websites"
8
+ method_option :size, type: :numeric, default: 100, desc: "Number of urlscan.io's search results to check. (Max: 10,000)"
9
+ def knock
10
+ size = options.dig(:size) || 100
11
+ Monitor.check(size)
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,17 @@
1
+ ---
2
+ - admin.php
3
+ - admin/
4
+ - admin/index.php
5
+ - admin/login.php
6
+ - administrator/
7
+ - administrator/index.php
8
+ - administrator/login.php
9
+ - adminlogin.php
10
+ - adminpanel.php
11
+ - control.php
12
+ - controller.php
13
+ - panel.php
14
+ - panel/
15
+ - panel/admin.php
16
+ - panel/index.php
17
+ - panel/login.php
@@ -0,0 +1,33 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "http"
4
+ require "json"
5
+ require "uri"
6
+
7
+ module DoorKnock
8
+ class Feed
9
+ URLSCAN_ENDPOINT = "https://urlscan.io/api/v1/search/"
10
+ URLSCAN_QUERY = "PhishTank OR OpenPhish OR CertStream-Suspicious"
11
+
12
+ def phishy_urls(size = 100)
13
+ res = HTTP.get(
14
+ URLSCAN_ENDPOINT,
15
+ params: {
16
+ q: URLSCAN_QUERY,
17
+ size: size
18
+ }
19
+ )
20
+ return [] if res.code != 200
21
+
22
+ json = JSON.parse(res.body.to_s)
23
+ results = json["results"]
24
+ results.map { |result| result.dig("page", "url") }.compact.uniq.map do |url|
25
+ url.end_with?("/") ? url[0..-2] : url
26
+ end
27
+ end
28
+
29
+ def self.phishy_urls(size = 100)
30
+ new.phishy_urls(size)
31
+ end
32
+ end
33
+ end
@@ -0,0 +1,42 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "yaml"
4
+ require "uri"
5
+
6
+ module DoorKnock
7
+ class Generator
8
+ attr_reader :urls
9
+ def initialize(urls = [])
10
+ @urls = urls.map do |url|
11
+ URI(url)
12
+ end.compact
13
+ end
14
+
15
+ def base_urls
16
+ urls.map do |url|
17
+ "#{url.scheme}://#{url.host}:#{url.port}"
18
+ end
19
+ end
20
+
21
+ def second_last_urls
22
+ urls.map do |url|
23
+ parts = url.path.split("/")
24
+ parts.pop if parts.length > 2
25
+
26
+ "#{url.scheme}://#{url.host}:#{url.port}" + parts.join("/")
27
+ end
28
+ end
29
+
30
+ def admin_panel_urls
31
+ (base_urls + second_last_urls).uniq.sort.map do |url|
32
+ paths.map do |path|
33
+ "#{url}/#{path}"
34
+ end
35
+ end.flatten.sort
36
+ end
37
+
38
+ def paths
39
+ @paths ||= YAML.safe_load(File.read(File.expand_path("./config/paths.yml", __dir__)))
40
+ end
41
+ end
42
+ end
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ module DoorKnock
4
+ class Monitor
5
+ def initialize
6
+ @memo = {}
7
+ end
8
+
9
+ def check(size = 100)
10
+ phishy_urls = Feed.phishy_urls(size)
11
+ generator = Generator.new(phishy_urls)
12
+
13
+ generator.admin_panel_urls.map do |url|
14
+ Website.new url
15
+ end.each do |website|
16
+ next unless website.ok? && website.panel?
17
+
18
+ puts [
19
+ website.url,
20
+ website.title
21
+ ].join(",")
22
+
23
+ break
24
+ end
25
+ end
26
+
27
+ def self.check(size = 100)
28
+ new.check(size)
29
+ end
30
+ end
31
+ end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module DoorKnock
4
+ VERSION = "0.1.0"
5
+ end
@@ -0,0 +1,58 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "http"
4
+ require "oga"
5
+
6
+ module DoorKnock
7
+ class Website
8
+ attr_reader :url
9
+
10
+ def initialize(url)
11
+ @url = url
12
+ end
13
+
14
+ def body
15
+ @body ||= get_body
16
+ end
17
+
18
+ def ok?
19
+ !body.nil?
20
+ end
21
+
22
+ def panel?
23
+ password_form?
24
+ end
25
+
26
+ def password_form?
27
+ form = doc&.at_css("form")
28
+ form && !form.at_css("input[type='password']").nil?
29
+ end
30
+
31
+ def title
32
+ doc&.at_css("title")&.text
33
+ end
34
+
35
+ def doc
36
+ @doc ||= [].tap do |out|
37
+ next unless body
38
+
39
+ begin
40
+ out << Oga.parse_html(body)
41
+ rescue LL::ParserError => _
42
+ nil
43
+ end
44
+ end.first
45
+ end
46
+
47
+ private
48
+
49
+ def get_body
50
+ res = HTTP.timeout(3).get(url)
51
+ return nil if res.code != 200
52
+
53
+ res.body.to_s
54
+ rescue HTTP::Error, OpenSSL::SSL::SSLError, Addressable::URI::InvalidURIError => _
55
+ nil
56
+ end
57
+ end
58
+ end
data/lib/doorknock.rb ADDED
@@ -0,0 +1,13 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "doorknock/version"
4
+
5
+ require "doorknock/website"
6
+ require "doorknock/feed"
7
+ require "doorknock/generator"
8
+ require "doorknock/monitor"
9
+ require "doorknock/cli"
10
+
11
+ module DoorKnock
12
+ class Error < StandardError; end
13
+ end
metadata ADDED
@@ -0,0 +1,203 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: doorknock
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Manabu Niseki
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2019-03-06 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: coveralls
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.8'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.8'
41
+ - !ruby/object:Gem::Dependency
42
+ name: glint
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '0.1'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '0.1'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '12.3'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '12.3'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rspec
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '3.8'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '3.8'
83
+ - !ruby/object:Gem::Dependency
84
+ name: vcr
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '4.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '4.0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: webmock
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '3.5'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '3.5'
111
+ - !ruby/object:Gem::Dependency
112
+ name: http
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '4.0'
118
+ type: :runtime
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '4.0'
125
+ - !ruby/object:Gem::Dependency
126
+ name: oga
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '2.15'
132
+ type: :runtime
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '2.15'
139
+ - !ruby/object:Gem::Dependency
140
+ name: thor
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: 0.19.0
146
+ type: :runtime
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 0.19.0
153
+ description: Phishing kit admin panel tracker.
154
+ email:
155
+ - manabu.niseki@gmail.com
156
+ executables:
157
+ - doorknock
158
+ extensions: []
159
+ extra_rdoc_files: []
160
+ files:
161
+ - ".gitignore"
162
+ - ".rspec"
163
+ - ".travis.yml"
164
+ - Gemfile
165
+ - LICENSE.txt
166
+ - README.md
167
+ - Rakefile
168
+ - bin/console
169
+ - bin/setup
170
+ - doorknock.gemspec
171
+ - exe/doorknock
172
+ - lib/doorknock.rb
173
+ - lib/doorknock/cli.rb
174
+ - lib/doorknock/config/paths.yml
175
+ - lib/doorknock/feed.rb
176
+ - lib/doorknock/generator.rb
177
+ - lib/doorknock/monitor.rb
178
+ - lib/doorknock/version.rb
179
+ - lib/doorknock/website.rb
180
+ homepage: https://github.com/ninoseki/doorknock
181
+ licenses:
182
+ - MIT
183
+ metadata: {}
184
+ post_install_message:
185
+ rdoc_options: []
186
+ require_paths:
187
+ - lib
188
+ required_ruby_version: !ruby/object:Gem::Requirement
189
+ requirements:
190
+ - - ">="
191
+ - !ruby/object:Gem::Version
192
+ version: '0'
193
+ required_rubygems_version: !ruby/object:Gem::Requirement
194
+ requirements:
195
+ - - ">="
196
+ - !ruby/object:Gem::Version
197
+ version: '0'
198
+ requirements: []
199
+ rubygems_version: 3.0.2
200
+ signing_key:
201
+ specification_version: 4
202
+ summary: Phishing kit admin panel tracker.
203
+ test_files: []