m4dh4v45b1n 0.1.0 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/enum-subdomain.rb +13 -0
- data/bin/fuzz-web-dir.rb +2 -1
- data/bin/m4dh4v45b1n.rb +8 -3
- data/lib/m4dh4v45b1n/enum-subdomain.rb +82 -6
- data/lib/m4dh4v45b1n/fuzz-web-dir.rb +11 -3
- data/lib/m4dh4v45b1n/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ac621bf718d7d18d53ceeca5c9fb9cc761d3fa5e1e8acf18e7527ada6aeb64d8
|
|
4
|
+
data.tar.gz: 9811e42117ea21817cd79dd9bf682c2802ba20739eaf2d0d4b9bfb27a53588bb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 447ced475276b94e666415ff58759f3732383f8747a197c4b5c9cb620f651863832904beddab8b3c39d6d29149ff19b33ab441546be53204b88a99a44575a872
|
|
7
|
+
data.tar.gz: fecdef0ac6f57a67dbd36b44bedeb4291ee10fef61969fb3b87bd87a63ad6ca17e2b6416943e0d5a58a3b5788af35add572c201cbbe356b53a11337e588d4681
|
data/bin/enum-subdomain.rb
CHANGED
|
@@ -9,6 +9,9 @@ def main
|
|
|
9
9
|
OptionParser.new do |optp|
|
|
10
10
|
optp.banner = "\nUsage: enum-subdomain.rb [-h] [-v] [-w DICT] [-t MAXTHREAD] [-T TIMEOUT] [-o OUT] DOMAIN
|
|
11
11
|
des: enumarate subdomain with randomize dns. (#{VERSION})
|
|
12
|
+
ability: Once It get the subdomain via R(dns).
|
|
13
|
+
It never enumarate again if you don't use '-C' flag.
|
|
14
|
+
The data logs under ~/.cache/enum-subdomain/.
|
|
12
15
|
Eg: enum-subdomain.rb -v example.com\n\n"
|
|
13
16
|
optp.program_name = "enum-subdomain"
|
|
14
17
|
optp.summary_width = 14
|
|
@@ -30,6 +33,16 @@ Eg: enum-subdomain.rb -v example.com\n\n"
|
|
|
30
33
|
optp.on('-o OUTPUT', "Append output to the file.")do|f|
|
|
31
34
|
init.out = f
|
|
32
35
|
end
|
|
36
|
+
optp.on('-c', "Show cached subdomain and exit.") do|f|
|
|
37
|
+
init.show_cache = true
|
|
38
|
+
end
|
|
39
|
+
optp.on('-C', "Ignore cached subdomain and enumarate again.")do |c|
|
|
40
|
+
init.show_cache_without_d = false
|
|
41
|
+
init.show_new = false
|
|
42
|
+
end
|
|
43
|
+
optp.on('-n', "Hide cached subdomain and show only new.") do |n|
|
|
44
|
+
init.show_new = false
|
|
45
|
+
end
|
|
33
46
|
optp.on('-h', '--help', "Print this help banner.") do |h|
|
|
34
47
|
puts optp
|
|
35
48
|
exit
|
data/bin/fuzz-web-dir.rb
CHANGED
|
@@ -7,8 +7,9 @@ require 'optparse'
|
|
|
7
7
|
def main
|
|
8
8
|
init = Fuzz_web_dir::new()
|
|
9
9
|
OptionParser.new do |optp|
|
|
10
|
-
optp.banner = "\nUsage:
|
|
10
|
+
optp.banner = "\nUsage: fuzz-web-dir.rb [-h] [-w DICT] [-t MAXTHREAD] [..] URL
|
|
11
11
|
des: Directory fuzzer. (#{VERSION})
|
|
12
|
+
recomended: ruby-3.x.x otherwise it won't work properly.
|
|
12
13
|
Eg: fuzz-web-dir.rb -e php,txt --hc 303,404 https://example.com\n\n"
|
|
13
14
|
optp.program_name = "fuzz-web-dir"
|
|
14
15
|
optp.summary_width = 15
|
data/bin/m4dh4v45b1n.rb
CHANGED
|
@@ -5,7 +5,7 @@ require 'm4dh4v45b1n'
|
|
|
5
5
|
print "
|
|
6
6
|
script
|
|
7
7
|
├── enum
|
|
8
|
-
│ ├── enum-wordpress.rb
|
|
8
|
+
│ ├── enum-wordpress-user.rb
|
|
9
9
|
│ └── enum-subdomain.rb
|
|
10
10
|
├── exploit
|
|
11
11
|
├── scan
|
|
@@ -15,7 +15,12 @@ script
|
|
|
15
15
|
dict
|
|
16
16
|
├── dirs.txt
|
|
17
17
|
└── subdomain.txt
|
|
18
|
+
recomended
|
|
19
|
+
├── ruby-3.x.x
|
|
20
|
+
└── linux based (if works fine on other os just leave it)
|
|
18
21
|
other
|
|
19
|
-
├──
|
|
20
|
-
└──
|
|
22
|
+
├── version
|
|
23
|
+
│ └── (#{VERSION})
|
|
24
|
+
└── author
|
|
25
|
+
└── Madhava-mng
|
|
21
26
|
"
|
|
@@ -5,6 +5,7 @@ require 'resolv'
|
|
|
5
5
|
require 'resolv-replace'
|
|
6
6
|
|
|
7
7
|
|
|
8
|
+
|
|
8
9
|
NAME_SERVERS = {
|
|
9
10
|
"Cloudflare": ['1.1.1.1', '1.0.0.1'],
|
|
10
11
|
"Google": ['8.8.8.8', '8.8.4.4'],
|
|
@@ -14,17 +15,45 @@ NAME_SERVERS = {
|
|
|
14
15
|
|
|
15
16
|
TIME_OUT = 1
|
|
16
17
|
MAX_THREAD = 25
|
|
17
|
-
WORDLIST = Gem::path[1]+"/gems/m4dh4v45b1n-#{VERSION}/dict/subdomain.txt"
|
|
18
18
|
|
|
19
|
+
def wordlist
|
|
20
|
+
Gem::path.map do |p|
|
|
21
|
+
if File.exist? p+"/gems/m4dh4v45b1n-#{VERSION}/dict/subdomain.txt"
|
|
22
|
+
return p+"/gems/m4dh4v45b1n-#{VERSION}/dict/subdomain.txt"
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
puts "enum-subdomain.rb: Unable to deduct default wordlist use -w"
|
|
26
|
+
exit
|
|
27
|
+
end
|
|
28
|
+
def cache_subdomain
|
|
29
|
+
if !ENV["HOME"].nil?
|
|
30
|
+
if !File.exist? ENV["HOME"]+"/.cache"
|
|
31
|
+
Dir::mkdir ENV["HOME"]+"/.cache"
|
|
32
|
+
end
|
|
33
|
+
if !File.exist? ENV["HOME"]+"/.cache/enum-subdomain"
|
|
34
|
+
Dir::mkdir ENV["HOME"]+"/.cache/enum-subdomain"
|
|
35
|
+
end
|
|
36
|
+
if File.exist? ENV["HOME"]+"/.cache/enum-subdomain"
|
|
37
|
+
return ENV["HOME"]+"/.cache/enum-subdomain"
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
return nil
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
CACHE = cache_subdomain
|
|
44
|
+
WORDLIST = wordlist
|
|
19
45
|
|
|
20
46
|
class Subdomain_enum
|
|
21
|
-
attr_accessor :target, :wordlist, :timeout, :max_thread, :out, :verbose
|
|
47
|
+
attr_accessor :target, :wordlist, :timeout, :max_thread, :out, :verbose,:cache_file,:show_cache, :show_cache_without_d,:show_new
|
|
22
48
|
def initialize
|
|
23
49
|
@timeout = TIME_OUT
|
|
24
50
|
@max_thread = MAX_THREAD
|
|
25
51
|
@wordlist = WORDLIST
|
|
26
52
|
@verbose = false
|
|
27
53
|
@outb=""
|
|
54
|
+
@show_cache = false
|
|
55
|
+
@show_new = true
|
|
56
|
+
@show_cache_without_d = true
|
|
28
57
|
end
|
|
29
58
|
def loader(list)
|
|
30
59
|
return Resolv::DefaultResolver.replace_resolvers([
|
|
@@ -54,6 +83,9 @@ class Subdomain_enum
|
|
|
54
83
|
def print_domain(domain)
|
|
55
84
|
response = get_domain(domain)
|
|
56
85
|
if response.length > 0
|
|
86
|
+
if !CACHE.nil?
|
|
87
|
+
@cache_file.write("#{domain.gsub(@target, "\x7")}")
|
|
88
|
+
end
|
|
57
89
|
if @verbose
|
|
58
90
|
puts "\e[32m#{domain}\e[0m :#{response.join("\e[2m/\e[0m")}"
|
|
59
91
|
else
|
|
@@ -64,7 +96,37 @@ class Subdomain_enum
|
|
|
64
96
|
end
|
|
65
97
|
end
|
|
66
98
|
end
|
|
99
|
+
def check_cache_domain
|
|
100
|
+
if !CACHE.nil?
|
|
101
|
+
if !File.file? CACHE+"/#{@target}.cache"
|
|
102
|
+
File.open(CACHE+"/#{@target}.cache", "a")
|
|
103
|
+
else
|
|
104
|
+
File.open(CACHE+"/#{@target}.cache") do |f|
|
|
105
|
+
data_ = f.read.split("\x7")
|
|
106
|
+
data_ = data_.uniq
|
|
107
|
+
data_.map do |s|
|
|
108
|
+
if @show_new
|
|
109
|
+
if @show_cache
|
|
110
|
+
$stdout.print s+target+"\n"
|
|
111
|
+
else
|
|
112
|
+
puts "\e[32m#{s+@target}\e[0m"
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
File.open(CACHE+"/#{@target}.cache", "w") do |f2|
|
|
117
|
+
f2.write(data_.join("\x7"))
|
|
118
|
+
end
|
|
119
|
+
return data_.map {|a| a[0,a.length-1] }
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
end
|
|
123
|
+
return []
|
|
124
|
+
end
|
|
67
125
|
def brut
|
|
126
|
+
already_have = check_cache_domain
|
|
127
|
+
if @show_cache
|
|
128
|
+
exit
|
|
129
|
+
end
|
|
68
130
|
if Resolv.getaddresses(@target).length == 0
|
|
69
131
|
print "enum-subdomain.rb: #{@target}:Unreachable.\nDo you wana exit ? "
|
|
70
132
|
tmp = STDIN.gets.chomp
|
|
@@ -72,19 +134,33 @@ class Subdomain_enum
|
|
|
72
134
|
exit
|
|
73
135
|
end
|
|
74
136
|
end
|
|
137
|
+
if !CACHE.nil?
|
|
138
|
+
@cache_file = File.open(CACHE+"/#{@target}.cache", "a")
|
|
139
|
+
end
|
|
75
140
|
if @out
|
|
76
141
|
@out = File.open(@out, "w")
|
|
77
142
|
end
|
|
78
|
-
File.open(@wordlist).readlines.
|
|
143
|
+
wordlist_ = File.open(@wordlist).readlines.uniq
|
|
144
|
+
if @show_cache_without_d
|
|
145
|
+
already_have.map do |a|
|
|
146
|
+
wordlist_.delete(a)
|
|
147
|
+
end
|
|
148
|
+
end
|
|
149
|
+
wordlist_.map do |line|
|
|
79
150
|
Thread::new do
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
151
|
+
if !already_have.include? line.chomp
|
|
152
|
+
print_domain(
|
|
153
|
+
[line.chomp, @target.strip].join(".")
|
|
154
|
+
)
|
|
155
|
+
end
|
|
83
156
|
end
|
|
84
157
|
sleep 0.03
|
|
85
158
|
while Thread::list.length > @max_thread;end
|
|
86
159
|
end
|
|
87
160
|
while Thread::list.length > 1;end
|
|
161
|
+
if Thread::list.length == 1
|
|
162
|
+
sleep 0.6
|
|
163
|
+
end
|
|
88
164
|
end
|
|
89
165
|
end
|
|
90
166
|
|
|
@@ -2,10 +2,18 @@ require_relative 'version'
|
|
|
2
2
|
require_relative 'rand-util'
|
|
3
3
|
require 'json'
|
|
4
4
|
require 'net/http';
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
def wordlist
|
|
6
|
+
Gem::path.map do |p|
|
|
7
|
+
if File.exist? p+"/gems/m4dh4v45b1n-#{VERSION}/dict/dirs.txt"
|
|
8
|
+
return p+"/gems/m4dh4v45b1n-#{VERSION}/dict/dirs.txt"
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
puts "fuzz-web-dir.rb: Unable to deduct default wordlist use -w"
|
|
12
|
+
exit
|
|
13
|
+
end
|
|
14
|
+
FUZZ_WEB_DIR_DICT= wordlist
|
|
7
15
|
FUZZ_WEB_DIR_HIDE_CODE=['404']
|
|
8
|
-
FUZZ_WEB_DIR_EXT = ['php', 'txt', 'html']
|
|
16
|
+
FUZZ_WEB_DIR_EXT = ['php', 'txt', 'html', 'xml']
|
|
9
17
|
FUZZ_WEB_DIR_HEADER = '{}'
|
|
10
18
|
FUZZ_WEB_DIR_TIMEOUT = 1 # SECONDS
|
|
11
19
|
FUZZ_WEB_DIR_MAX_THREAD = 24
|
data/lib/m4dh4v45b1n/version.rb
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
|
-
VERSION = "0.1.
|
|
2
|
+
VERSION = "0.1.2"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: m4dh4v45b1n
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Madhava-mng
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-07-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Developed for POC not harm to any one.
|
|
14
14
|
email:
|