doorknock 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +53 -0
  3. data/.rspec +3 -0
  4. data/.travis.yml +7 -0
  5. data/Gemfile +4 -0
  6. data/LICENSE.txt +21 -0
  7. data/README.md +35 -0
  8. data/Rakefile +6 -0
  9. data/bin/console +14 -0
  10. data/bin/setup +8 -0
  11. data/doorknock.gemspec +38 -0
  12. data/exe/doorknock +8 -0
  13. data/lib/doorknock/cli.rb +14 -0
  14. data/lib/doorknock/config/paths.yml +17 -0
  15. data/lib/doorknock/feed.rb +33 -0
  16. data/lib/doorknock/generator.rb +42 -0
  17. data/lib/doorknock/monitor.rb +31 -0
  18. data/lib/doorknock/version.rb +5 -0
  19. data/lib/doorknock/website.rb +58 -0
  20. data/lib/doorknock.rb +13 -0
  21. metadata +203 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: aca3b8073e39239084ca55a182739b6a4a72c0584f3478a4ade145cf518231ca
4
+ data.tar.gz: 3e03f71f011352c19ce507c6eae125a21bf3365fdcd1f3e3094707e690d02155
5
+ SHA512:
6
+ metadata.gz: 9ce840c798ea4d6922f579f4e2a7f573b9d748cc641889e79c6833f2056cb6704885bdee0d9e5fe3a56e32fbbf9904bf11e5c3bb5236d29fb9e2126080b00078
7
+ data.tar.gz: d8707270fc5824f030f713542e9b65d19e1c59d75594b0e36ca066e593b9d3e52718bb06738fa14793eeb7c8fec6cb53af40dbe46d4175e68fc3643249f13066
data/.gitignore ADDED
@@ -0,0 +1,53 @@
1
+ *.gem
2
+ *.rbc
3
+ /.config
4
+ /coverage/
5
+ /InstalledFiles
6
+ /pkg/
7
+ /spec/reports/
8
+ /spec/examples.txt
9
+ /test/tmp/
10
+ /test/version_tmp/
11
+ /tmp/
12
+
13
+ # Used by dotenv library to load environment variables.
14
+ # .env
15
+
16
+ ## Specific to RubyMotion:
17
+ .dat*
18
+ .repl_history
19
+ build/
20
+ *.bridgesupport
21
+ build-iPhoneOS/
22
+ build-iPhoneSimulator/
23
+
24
+ ## Specific to RubyMotion (use of CocoaPods):
25
+ #
26
+ # We recommend against adding the Pods directory to your .gitignore. However
27
+ # you should judge for yourself, the pros and cons are mentioned at:
28
+ # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
29
+ #
30
+ # vendor/Pods/
31
+
32
+ ## Documentation cache and generated files:
33
+ /.yardoc/
34
+ /_yardoc/
35
+ /doc/
36
+ /rdoc/
37
+
38
+ ## Environment normalization:
39
+ /.bundle/
40
+ /vendor/bundle
41
+ /lib/bundler/man/
42
+
43
+ # for a library or gem, you might want to ignore these files since the code is
44
+ # intended to run in multiple environments; otherwise, check them in:
45
+ Gemfile.lock
46
+ .ruby-version
47
+ .ruby-gemset
48
+
49
+ # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
50
+ .rvmrc
51
+
52
+ ## RSpec
53
+ .rspec_status
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
data/.travis.yml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ sudo: false
3
+ language: ruby
4
+ cache: bundler
5
+ rvm:
6
+ - 2.6.1
7
+ before_install: gem install bundler -v 2.0.1
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source "https://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in doorknock.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2019 Manabu Niseki
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,35 @@
1
+ # Doorknock
2
+
3
+ [![Build Status](https://travis-ci.org/ninoseki/doorknock.svg?branch=master)](https://travis-ci.org/ninoseki/doorknock)
4
+ [![Coverage Status](https://coveralls.io/repos/github/ninoseki/doorknock/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/doorknock?branch=master)
5
+
6
+ A doorknocking tool targeting phishing admin panels.
7
+
8
+ ## Installation
9
+
10
+ ```bash
11
+ % gem install doorknock
12
+ ```
13
+
14
+ ## Usage
15
+
16
+ ```bash
17
+ $ doorknock
18
+ Commands:
19
+ doorknock help [COMMAND] # Describe available commands or one specific command
20
+ doorknock knock # knock phishing websites
21
+
22
+ $ doorknock help knock
23
+ Usage:
24
+ doorknock knock
25
+
26
+ Options:
27
+ [--size=N] # Number of urlscan.io's search results to check. (Max: 10,000)
28
+ # Default: 100
29
+
30
+ knock phishing websites
31
+ ```
32
+
33
+ ## License
34
+
35
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "doorknock"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/doorknock.gemspec ADDED
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ lib = File.expand_path('lib', __dir__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+ require "doorknock/version"
6
+
7
+ Gem::Specification.new do |spec|
8
+ spec.name = "doorknock"
9
+ spec.version = DoorKnock::VERSION
10
+ spec.authors = ["Manabu Niseki"]
11
+ spec.email = ["manabu.niseki@gmail.com"]
12
+
13
+ spec.summary = 'Phishing kit admin panel tracker.'
14
+ spec.description = 'Phishing kit admin panel tracker.'
15
+ spec.homepage = "https://github.com/ninoseki/doorknock"
16
+ spec.license = "MIT"
17
+
18
+ # Specify which files should be added to the gem when it is released.
19
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
20
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
21
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
22
+ end
23
+ spec.bindir = "exe"
24
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
25
+ spec.require_paths = ["lib"]
26
+
27
+ spec.add_development_dependency "bundler", "~> 2.0"
28
+ spec.add_development_dependency "coveralls", "~> 0.8"
29
+ spec.add_development_dependency "glint", "~> 0.1"
30
+ spec.add_development_dependency "rake", "~> 12.3"
31
+ spec.add_development_dependency "rspec", "~> 3.8"
32
+ spec.add_development_dependency "vcr", "~> 4.0"
33
+ spec.add_development_dependency "webmock", "~> 3.5"
34
+
35
+ spec.add_dependency "http", "~> 4.0"
36
+ spec.add_dependency "oga", "~> 2.15"
37
+ spec.add_dependency "thor", "~> 0.19.0"
38
+ end
data/exe/doorknock ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ $LOAD_PATH.unshift("#{__dir__}/../lib")
5
+
6
+ require "doorknock"
7
+
8
+ DoorKnock::CLI.start
data/lib/doorknock/cli.rb ADDED
@@ -0,0 +1,14 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "thor"
4
+
5
+ module DoorKnock
6
+ class CLI < Thor
7
+ desc "knock", "knock phishing websites"
8
+ method_option :size, type: :numeric, default: 100, desc: "Number of urlscan.io's search results to check. (Max: 10,000)"
9
+ def knock
10
+ size = options.dig(:size) || 100
11
+ Monitor.check(size)
12
+ end
13
+ end
14
+ end
data/lib/doorknock/config/paths.yml ADDED
@@ -0,0 +1,17 @@
1
+ ---
2
+ - admin.php
3
+ - admin/
4
+ - admin/index.php
5
+ - admin/login.php
6
+ - administrator/
7
+ - administrator/index.php
8
+ - administrator/login.php
9
+ - adminlogin.php
10
+ - adminpanel.php
11
+ - control.php
12
+ - controller.php
13
+ - panel.php
14
+ - panel/
15
+ - panel/admin.php
16
+ - panel/index.php
17
+ - panel/login.php
data/lib/doorknock/feed.rb ADDED
@@ -0,0 +1,33 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "http"
4
+ require "json"
5
+ require "uri"
6
+
7
+ module DoorKnock
8
+ class Feed
9
+ URLSCAN_ENDPOINT = "https://urlscan.io/api/v1/search/"
10
+ URLSCAN_QUERY = "PhishTank OR OpenPhish OR CertStream-Suspicious"
11
+
12
+ def phishy_urls(size = 100)
13
+ res = HTTP.get(
14
+ URLSCAN_ENDPOINT,
15
+ params: {
16
+ q: URLSCAN_QUERY,
17
+ size: size
18
+ }
19
+ )
20
+ return [] if res.code != 200
21
+
22
+ json = JSON.parse(res.body.to_s)
23
+ results = json["results"]
24
+ results.map { |result| result.dig("page", "url") }.compact.uniq.map do |url|
25
+ url.end_with?("/") ? url[0..-2] : url
26
+ end
27
+ end
28
+
29
+ def self.phishy_urls(size = 100)
30
+ new.phishy_urls(size)
31
+ end
32
+ end
33
+ end
data/lib/doorknock/generator.rb ADDED
@@ -0,0 +1,42 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "yaml"
4
+ require "uri"
5
+
6
+ module DoorKnock
7
+ class Generator
8
+ attr_reader :urls
9
+ def initialize(urls = [])
10
+ @urls = urls.map do |url|
11
+ URI(url)
12
+ end.compact
13
+ end
14
+
15
+ def base_urls
16
+ urls.map do |url|
17
+ "#{url.scheme}://#{url.host}:#{url.port}"
18
+ end
19
+ end
20
+
21
+ def second_last_urls
22
+ urls.map do |url|
23
+ parts = url.path.split("/")
24
+ parts.pop if parts.length > 2
25
+
26
+ "#{url.scheme}://#{url.host}:#{url.port}" + parts.join("/")
27
+ end
28
+ end
29
+
30
+ def admin_panel_urls
31
+ (base_urls + second_last_urls).uniq.sort.map do |url|
32
+ paths.map do |path|
33
+ "#{url}/#{path}"
34
+ end
35
+ end.flatten.sort
36
+ end
37
+
38
+ def paths
39
+ @paths ||= YAML.safe_load(File.read(File.expand_path("./config/paths.yml", __dir__)))
40
+ end
41
+ end
42
+ end
data/lib/doorknock/monitor.rb ADDED
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ module DoorKnock
4
+ class Monitor
5
+ def initialize
6
+ @memo = {}
7
+ end
8
+
9
+ def check(size = 100)
10
+ phishy_urls = Feed.phishy_urls(size)
11
+ generator = Generator.new(phishy_urls)
12
+
13
+ generator.admin_panel_urls.map do |url|
14
+ Website.new url
15
+ end.each do |website|
16
+ next unless website.ok? && website.panel?
17
+
18
+ puts [
19
+ website.url,
20
+ website.title
21
+ ].join(",")
22
+
23
+ break
24
+ end
25
+ end
26
+
27
+ def self.check(size = 100)
28
+ new.check(size)
29
+ end
30
+ end
31
+ end
data/lib/doorknock/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module DoorKnock
4
+ VERSION = "0.1.0"
5
+ end
data/lib/doorknock/website.rb ADDED
@@ -0,0 +1,58 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "http"
4
+ require "oga"
5
+
6
+ module DoorKnock
7
+ class Website
8
+ attr_reader :url
9
+
10
+ def initialize(url)
11
+ @url = url
12
+ end
13
+
14
+ def body
15
+ @body ||= get_body
16
+ end
17
+
18
+ def ok?
19
+ !body.nil?
20
+ end
21
+
22
+ def panel?
23
+ password_form?
24
+ end
25
+
26
+ def password_form?
27
+ form = doc&.at_css("form")
28
+ form && !form.at_css("input[type='password']").nil?
29
+ end
30
+
31
+ def title
32
+ doc&.at_css("title")&.text
33
+ end
34
+
35
+ def doc
36
+ @doc ||= [].tap do |out|
37
+ next unless body
38
+
39
+ begin
40
+ out << Oga.parse_html(body)
41
+ rescue LL::ParserError => _
42
+ nil
43
+ end
44
+ end.first
45
+ end
46
+
47
+ private
48
+
49
+ def get_body
50
+ res = HTTP.timeout(3).get(url)
51
+ return nil if res.code != 200
52
+
53
+ res.body.to_s
54
+ rescue HTTP::Error, OpenSSL::SSL::SSLError, Addressable::URI::InvalidURIError => _
55
+ nil
56
+ end
57
+ end
58
+ end
data/lib/doorknock.rb ADDED
@@ -0,0 +1,13 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "doorknock/version"
4
+
5
+ require "doorknock/website"
6
+ require "doorknock/feed"
7
+ require "doorknock/generator"
8
+ require "doorknock/monitor"
9
+ require "doorknock/cli"
10
+
11
+ module DoorKnock
12
+ class Error < StandardError; end
13
+ end
metadata ADDED
@@ -0,0 +1,203 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: doorknock
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Manabu Niseki
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2019-03-06 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: coveralls
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.8'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.8'
41
+ - !ruby/object:Gem::Dependency
42
+ name: glint
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '0.1'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '0.1'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '12.3'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '12.3'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rspec
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '3.8'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '3.8'
83
+ - !ruby/object:Gem::Dependency
84
+ name: vcr
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '4.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '4.0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: webmock
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '3.5'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '3.5'
111
+ - !ruby/object:Gem::Dependency
112
+ name: http
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '4.0'
118
+ type: :runtime
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '4.0'
125
+ - !ruby/object:Gem::Dependency
126
+ name: oga
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '2.15'
132
+ type: :runtime
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '2.15'
139
+ - !ruby/object:Gem::Dependency
140
+ name: thor
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: 0.19.0
146
+ type: :runtime
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 0.19.0
153
+ description: Phishing kit admin panel tracker.
154
+ email:
155
+ - manabu.niseki@gmail.com
156
+ executables:
157
+ - doorknock
158
+ extensions: []
159
+ extra_rdoc_files: []
160
+ files:
161
+ - ".gitignore"
162
+ - ".rspec"
163
+ - ".travis.yml"
164
+ - Gemfile
165
+ - LICENSE.txt
166
+ - README.md
167
+ - Rakefile
168
+ - bin/console
169
+ - bin/setup
170
+ - doorknock.gemspec
171
+ - exe/doorknock
172
+ - lib/doorknock.rb
173
+ - lib/doorknock/cli.rb
174
+ - lib/doorknock/config/paths.yml
175
+ - lib/doorknock/feed.rb
176
+ - lib/doorknock/generator.rb
177
+ - lib/doorknock/monitor.rb
178
+ - lib/doorknock/version.rb
179
+ - lib/doorknock/website.rb
180
+ homepage: https://github.com/ninoseki/doorknock
181
+ licenses:
182
+ - MIT
183
+ metadata: {}
184
+ post_install_message:
185
+ rdoc_options: []
186
+ require_paths:
187
+ - lib
188
+ required_ruby_version: !ruby/object:Gem::Requirement
189
+ requirements:
190
+ - - ">="
191
+ - !ruby/object:Gem::Version
192
+ version: '0'
193
+ required_rubygems_version: !ruby/object:Gem::Requirement
194
+ requirements:
195
+ - - ">="
196
+ - !ruby/object:Gem::Version
197
+ version: '0'
198
+ requirements: []
199
+ rubygems_version: 3.0.2
200
+ signing_key:
201
+ specification_version: 4
202
+ summary: Phishing kit admin panel tracker.
203
+ test_files: []