snackhack2 0.6.5 → 0.6.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cda044a6c9ae56812b5742965caa204d3e32d8fe9dee0857806cefd45d058e4e
-  data.tar.gz: 6f6b5a0c249afdd9691070f481fcaa756721d599b5bf7f1f68909a54c30211f1
+  metadata.gz: f24d3c225a7262763bb360b50b139af3d73222abfa7288d1149f5f47a7c837e4
+  data.tar.gz: 90f9e49687132acd4930f01ce2d03bd98b1911301d81f26130e253461f94d5a5
 SHA512:
-  metadata.gz: 62c3e1c33052a126536a6c3b2708f2f15acd1a4adbb2d26df1f3ad9ba639c1e55308034872391fc179736e0ad9899c3f633a3273e7217ac5a547ced717f389b9
-  data.tar.gz: 43943cb44a33159f5fdd31650e8322355882ceb46ce4049ad6e17d900e6bd74e35d83989a205f0a3379c303233ed3359c5abf774fd9fc164fceb4ca763af5e40
+  metadata.gz: 5c535c224366a2ad8a2ebcb047d47c4157d1fad3a3aa30b782decd5b2291823cd1b0b91043bfd60ab21f3d9c40b66c47e4e85957fb784cd6a0209b3117c6cfa5
+  data.tar.gz: 97232dc976b82e3a677d87fda6ea3319fc6ddc09526657d731bf89701b8ccaf70f84b4215977b17cdb7fb2ac05e6143aebf7791ce0488b88e5a0ca5cd7f14e22

data/lib/snackhack2/bannergrabber.rb

@@ -1,5 +1,4 @@
 # frozen_string_literal: true
-
 require 'socket'
 module Snackhack2
   class BannerGrabber
@@ -8,24 +7,19 @@ module Snackhack2
     def initialize(port: 443, save_file: true)
       @site    = site
       @port    = port
-      @headers = Snackhack2.get(@site).headers
       @save_file = save_file
     end
 
-    def site
-      # @site.gsub('https://', '')
-    end
-
     def run
       nginx
       apache2
       wordpress
-      headers
+      get_ssh_info
+    end
+    def headers
+      @headers = Snackhack2.get(@site).headers
     end
-
     def nginx
-      return unless @headers['server'].match(/nginx/)
-
       puts "[+] Server is running NGINX... Now checking if #{File.join(@site, 'nginx_status')} is valid..."
       nginx = Snackhack2.get(File.join(@site, 'nginx_status'))
       if nginx.code == 200
@@ -37,20 +31,25 @@ module Snackhack2
 
     def curl
       servers = ''
+      # rus the curl command to get the headers of the given site. 
       cmd = `curl -s -I #{@site.gsub('https://', '')}`
+      # extracts the server header from the curl results
       version = cmd.split('Server: ')[1].split("\n")[0].strip
       if @save_file
         servers += version.to_s
       else
         puts "Banner: #{cmd.split('Server: ')[1].split("\n")[0]}"
       end
+
+      # saves the results if '@save_file' is set to true.
       Snackhack2.file_save(@site, 'serverversion', servers) if @save_file
     end
 
     def apache2
-      if @headers['server'].match(/Apache/)
+      if headers['server'].match(/Apache/)
         puts "[+] Server is running Apache2... Now checking #{File.join(@site, 'server-status')}..."
         apache = Snackhack2.get(File.join(@site, 'server-status'))
+        # status code 200 means the request was successful.
         if apache.code == 200
           puts "Check #{@site}/server-status"
         else
@@ -67,16 +66,98 @@ module Snackhack2
 
       puts "[+] Wordpress found [+]\n\n\n"
     end
+    def types
+      {
+        "cloudflare": [ "cf-cache-status", "cf-ray", "cloudflare"],
+        "aws CloudFront": [ "X-Amz-Cf-Pop", "X-Amz-Cf-Id", "CloudFront", "x-amz-cf-pop", "x-amz-cf-id", "cloudfront.net"] 
+      }
+    end
+    def find_headers
+      # make a request to the site and grab the headers. 
+      Snackhack2.get(@site).headers
+    end
 
-    def headers
-      h = Snackhack2.get(@site).headers
-      puts "[+] Server Version: #{h['server']}..."
+    def get_tcp_info(ports: "")
+      ports = 22 if ports.empty?
+      begin
+        TCPSocket.new(@site, ports).recv(1024)
+      rescue => e
+        puts "ERROR OCCURRED"
+      end
     end
+    def cloudflare(print_status: true)
+      # the purpose of this method is to 
+      # check to see if a site has 
+      # cloudflare in the headers
+
+      cf_status = false
+      cf_count  = 0
 
+      # access the 'types' hash to get the cloudflare strings. 
+      cf = types[:"cloudflare"]
+
+      # make a single get request to the site defined at '@site'
+      find_headers.each do |k,v|
+        # if the key is in the array cf
+        if cf.include?(k)
+          cf_status = true
+          cf_count += 1
+        end
+      end
+      if print_status
+        # cf_status[0] : the status if cloudflare was found
+        # cf_count[1]  : the number of found elements in the 'cloudflare' hash. 
+        return [cf_status, cf_count]
+      else
+        if cf_status
+          puts "Cloudflare was found. The count is: #{cf_count}"
+        else
+          puts "Cloudflare was NOT found. The count is #{cf_count}"
+        end
+      end
+    end
+    def detect_header(return_status: true)
+      # stores the data found in 
+      # the headers.
+      data = {}
+      # loops through the hash stored in the 'types' method.
+      # the t_k is the KEY of the hash
+      # the t_v is the VALUE of the hash.
+      types.each do |t_k, t_v|
+        # make a single get request to the site 
+        # to get the headers.
+        find_headers.each do |fh_k, fh_v|
+          # Get the keys from the 'types' method
+          # which is basicly a hash
+          type_key = t_k
+          # uses the key of the 'types' hash 
+          # to see if includes the string found in 'fh_k'
+          if types[type_key].include?(fh_k)
+            if data.has_key?(type_key)
+              data[type_key] <<  fh_k
+            else
+              data[type_key] = [fh_k]
+            end
+          end
+        end
+      end
+      if return_status
+        return data
+      else
+        data.each do |k,v|
+          puts "K:#{k}"
+          puts "V: #{v}"
+        end
+      end
+    end
     def server
       @headers['server']
     end
 
     attr_reader :site
-  end
+    private :find_headers
+  end  
 end
+# to do: instead of doing mutiple methods for each type of
+# header make one method that is dynamic...
+# and can do different ones

data/lib/snackhack2/phishing_tlds.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Snackhack2
-  class PhishingData
+    class PhishingData
     def domains
         [
            ".com",
@@ -44,154 +44,297 @@ module Snackhack2
            ".work"
         ]
     end
+    def domain_keywords
+      [
+        "connect",
+        "corp",
+        "duo",
+        "help",
+        "he1p",
+        "helpdesk",
+        "helpnow",
+        "info",
+        "internal",
+        "mfa",
+        "my",
+        "okta",
+        "onelogin",
+        "schedule",
+        "service",
+        "servicedesk",
+        "servicenow",
+        "rci",
+        "rsa",
+        "sso",
+        "ssp",
+        "support",
+        "usa",
+        "vpn",
+        "work",
+        "dev",
+        "workspace",
+        "it",
+        "ops",
+        "hr",
+        "login",
+        "secure"
+      ]
+    end
   private :domains
 end
-    class PhishingTlds < PhishingData
-      attr_reader :site
-      def initialize
-          @site = site
+class PhishingTlds < PhishingData
+  attr_reader :site
+  def initialize
+      @site = site
+  end
+  def domain_split
+    # This method splits up the value block_given
+    # given in @site by the period. Which is used
+    # by 'remove_tlds' method to remove the TLDs
+     @site.split(".")
+  end
+  def site=(s)
+      @site = s
+  end
+  def remove_tlds
+    # this method function is to remove
+    # the TLDs from the @site. For Example
+    # it will remove .org, .com 
+    
+    ds = domain_split
+    
+    # remove ".com" (last element in array)
+    ds.pop
+    
+    # returns the domain w/o the tlds
+    ds
+  end
+  def check_domains(array: true)
+    # The function of this method is to
+    # check if the given domains are valid or not. 
+    # By valid I mean resolvable and active. 
+    
+    
+    # if domains is set to true, this array will hold the domains 
+    domains_out = []
+    
+    # build the list of domains
+    generated_tlds = change_tld
+    
+    valid_domains = []
+    not_valid_domains = []
+    
+    generated_tlds.each do |domain|
+      # if array is true; add the domains to array
+      if array
+        domains_out << domain
+      else
+        # if array is false print out the domains
+        puts domain
       end
-      def domain_split
-        # This method splits up the value block_given
-        # given in @site by the period. Which is used
-        # by 'remove_tlds' method to remove the TLDs
-         @site.split(".")
+      domains_out if array
+    end
+  end
+  def remove_letters(array_out: true)
+    # This method will remove letters that 
+    # occur more than once. For example:
+    # google.com would become goggle.com
+    
+    # store the letter count in a hash. 
+    letter_count = {}
+    
+    ds = remove_tlds
+    
+    # Creates an array with each character being
+    # stored in a element. It will loop through the array 
+    # and figure out the number of occurrences for each character
+    ds.shift.split(//).each do |letter|
+      if letter_count.has_key?(letter)
+          letter_count[letter] += 1
+      else
+          letter_count[letter] = 1
       end
-      def site=(s)
-          @site = s
+    end
+    
+    # After it creates the hash with the character and 
+    # the number of time it cocures. This method 
+    # will loop through the hash and check to see
+    # if the value is greater than 1. If it is then the key ( the letter)
+    # is added to the array named 'letters_with_more_than_one'
+    letters_with_more_than_one = []
+    letter_count.each do |key, value|
+      if value > 1
+          letters_with_more_than_one << key
       end
-      def remove_tlds
-        # this method function is to remove
-        # the TLDs from the @site. For Example
-        # it will remove .org, .com 
-        
-        ds = domain_split
-        
-        # remove ".com" (last element in array)
-        ds.pop
-        
-        # returns the domain w/o the tlds
-        ds
+    end
+    
+    
+    ds = remove_tlds
+    new_ds = ds.shift
+    
+    # the final array with the duplicates letters removed
+    remove_letters_out = []
+    
+    # Loops through the 'letters_with_more_than_one'
+    # array and uses 'sub' to remove the occurence
+    # of one of the letters
+    letters_with_more_than_one.each do |l|
+        # removes only first character ( l )
+        remove_letters_out <<  new_ds.sub(l, "")
+        # removes ALL chracters ( l )
+        remove_letters_out <<  new_ds.gsub(l, "")
+    end
+    # add tldds to the created list
+    domains_with_tlds = add_tlds(remove_letters_out)
+    if array_out
+        domains_with_tlds
+    else
+       # will print the contents of the array
+       # instead of returning the array
+       domains_with_tlds.each  { |a| puts a }
+    end
+  end
+  def add_tlds(list)
+    # takes the newly created domains (list)
+    # and adds the tlds (domains) to the newly created
+    # ones. 
+    o = []
+    list.each do |rr|
+      domains.each do |dd|
+        o << "#{rr}#{dd}"
       end
-      def check_domains(array: true)
-        # The function of this method is to
-        # check if the given domains are valid or not. 
-        # By valid I mean resolvable and active. 
-        
-        
-        # if domains is set to true, this array will hold the domains 
-        domains_out = []
-        
-        # build the list of domains
-        generated_tlds = change_tld
-        
-        valid_domains = []
-        not_valid_domains = []
-        
-        generated_tlds.each do |domain|
-          # if array is true; add the domains to array
-          if array
-            domains_out << domain
-          else
-            # if array is false print out the domains
-            puts domain
-          end
-          domains_out if array
+    end
+  o
+  end
+  def combosquatting
+    # where the generated domains will be located.
+    results = []
+    
+    # get the domain_keywords array from the PhishingData class.
+    keywords = domain_keywords
+    
+    prefixes = ["-", ".", "--"]
+    ds = remove_tlds
+    # this will generate the 'new_domain' with the keywords
+    # as a prefix
+    prefixes.each do |pre|
+      ds.each do |domain|
+        keywords.each do |key|
+          new_domain = "#{key}#{pre}#{domain}"
+          results << new_domain
         end
       end
-      def remove_letters(array_out: true)
-        # This method will remove letters that 
-        # occur more than once. For example:
-        # google.com would become goggle.com
-        
-        # store the letter count in a hash. 
-        letter_count = {}
-        
-        ds = remove_tlds
-        
-        # Creates an array with each character being
-        # stored in a element. It will loop through the array 
-        # and figure out the number of occurrences for each character
-        ds.shift.split(//).each do |letter|
-          if letter_count.has_key?(letter)
-              letter_count[letter] += 1
-          else
-              letter_count[letter] = 1
-          end
-        end
-        
-        # After it creates the hash with the character and 
-        # the number of time it cocures. This method 
-        # will loop through the hash and check to see
-        # if the value is greater than 1. If it is then the key ( the letter)
-        # is added to the array named 'letters_with_more_than_one'
-        letters_with_more_than_one = []
-        letter_count.each do |key, value|
-          if value > 1
-              letters_with_more_than_one << key
-          end
-        end
-        
-        
-        ds = remove_tlds
-        new_ds = ds.shift
-        
-        # the final array with the duplicates letters removed
-        remove_lettters_out = []
-        
-        # Loops through the 'letters_with_more_than_one'
-        # array and uses 'sub' to remove the occurence
-        # of one of the letters
-        letters_with_more_than_one.each do |l|
-            remove_lettters_out <<  new_ds.sub(l, "")
-        end
-        
-        if array_out
-            remove_lettters_out
-        else
-           # will print the contents of the array
-           # instead of returning the array
-           remove_lettters_out.each  { |a| puts a }
+    end
+    suffixes = ["-", ".", "--"]
+    # this will generate the 'new_domain' with the keywords
+    # as a suffixes
+    suffixes.each do |suf|
+      ds.each do |domain|
+        keywords.each do |key|
+          new_domain = "#{domain}#{suf}#{key}"
+          results << new_domain
         end
       end
-      def change_tld(no_tld: true)
-        # This method will take the inputted site in @site and 
-        # remove the TLDs and add a new TLDs to the domain. 
-        # its uses the 'domain' method in the PhishingData class
-        # which has an array of a bunch of different tlds. 
-        
+    end
+  # adds the tlds to the newly created domains
+
+  add_tlds(results)
+  end
+  def change_tld(no_tld: true)
+    # This method will take the inputted site in @site and 
+    # remove the TLDs and add a new TLDs to the domain. 
+    # its uses the 'domain' method in the PhishingData class
+    # which has an array of a bunch of different tlds. 
+    
+  
+    # if the @site does not have a tlds
+    if no_tld
+      new_domains = []
+      # loop through the tlds
+      domains.each do |d|
+        # combine the inputed @site
+        # and the tlds 
+        new_domains << "#{@site}#{d}"
+      end
+      new_domains
+    else
+      # If the @site does have a TLDs.
       
-        # if the @site does not have a tlds
-        if no_tld
-          new_domains = []
-          # loop through the tlds
-          domains.each do |d|
-            # combine the inputed @site
-            # and the tlds 
-            new_domains << "#{@site}#{d}"
-          end
-          new_domains
-        else
-          # If the @site does have a TLDs.
-          
-          # this is where the final results
-          # are stored. 
-          list_of_domains = []
-          
-          # removes .com, .org, etc
-          ds = remove_tlds
-        
-          # join the elements together
-          ds = ds.join(".")
-          
-          # loops through the tlds
-          domains.each do |tlds|
-              # adds the new domains to the array
-              list_of_domains <<  ds + tlds
+      # this is where the final results
+      # are stored. 
+      list_of_domains = []
+      
+      # removes .com, .org, etc
+      ds = remove_tlds
+    
+      # join the elements together with .
+      ds = ds.join(".")
+      
+      # loops through the tlds
+      domains.each do |tlds|
+          # adds the new domains to the array
+          list_of_domains << "#{ds}#{tlds}" 
+          #ds + tlds
+      end
+    list_of_domains
+    end
+  end
+  def idn_homograph 
+    letters = {
+      "o" => ["0", "О", "ó", "о","ο","օ","ȯ","ọ","ỏ","ơ","ó","ö"],
+      "i" => ["1","ı", "ỉ", "і", "í", "ï"],
+      "a" => ["а","α", "ạ"],
+      "h" => ["н", "һ", "ĥ"], 
+      "c" => ["с"],
+      "I" => "l",
+      "e" => ["е", "℮", "ё", "ė", "ẹ"],
+      "b" => [ "þ", "в", "B" ],
+      "g" => [ "ɢ"],
+      "l" => ["Ɩ", "Ι"],
+      "m" => ["m", "ʍ", "м"],
+      "t" => ["т", "ţ"],
+      "p" => ["р"],
+      "y" => ["у", "ý"],
+      "k" => ["ķ"],
+      "d" => ["ɗ"],
+      "z" => ["ź","ʐ", "ż"],
+      "s" => ["ś", "ṣ"],
+      "u" => ["ų", "υ", "ս","ü","ú","ù"],
+      "n" => ["ń", "ñ"],
+      "r" => ["ɾ", "R", "r", "ʀ", "Ի", "Ꮢ", "ᚱ", "Ｒ", "ｒ"],
+      "ll" => ["ǁ"],
+      "q" => ["զ"],
+      "j" => ["ј", "ʝ"],
+      "v" => ["ν", "ѵ"],
+      "x" => ["х" "ҳ"]
+    }
+    tlds = @site.split(".")
+    # removes the tlds
+    tlds.pop
+    # joins back the rest of the site
+    tlds = tlds.join(".")
+
+    new_domains = []
+    letters.each do |k, v|
+      tlds.split(//).each do |letter|
+        # if the letter elements
+        # are qual to the key vlaue 
+        # located in the letters hash
+        if letter.eql?(k)
+          # find the key and replace it 
+          # the v ( idn )
+          if v.kind_of?(Array)
+            # detct if the v ( value ) 
+            # is an array. If it is 
+            # then it will "randomly" pick an element
+            v = v.sample
           end
-        list_of_domains
+          new_domains <<  tlds.gsub(k, v)                                                                                          
         end
       end
-      private :remove_tlds, :domain_split
     end
+  add_tlds(new_domains)
+  end
+  private :remove_tlds, :domain_split
+  end
 end

data/lib/snackhack2/ssh.rb

@@ -0,0 +1,15 @@
+require 'socket'
+
+# Grab the banner of a given +ip+ address and +port+
+# to attempt to connect to.
+#
+# @param ip   [String]  Target IP address.
+# @param port [Integer] Target port.
+#
+# @return [String]
+def grab_banner(ip, port)
+  TCPSocket.new(ip, port).recv(1024)
+end
+
+# Print the result of the method to STDOUT.
+puts grab_banner('100.106.14.40', 22)

data/lib/snackhack2/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Snackhack2
-  VERSION = '0.6.5'
+  VERSION = '0.6.7'
 end

data/lib/snackhack2.rb

@@ -2,7 +2,7 @@
 
 require 'uri'
 require 'httparty'
-
+=begin
 require_relative 'snackhack2/version'
 require_relative 'snackhack2/bannergrabber'
 require_relative 'snackhack2/wordpress'
@@ -36,6 +36,12 @@ require_relative 'snackhack2/ssrf'
 require_relative 'snackhack2/dns'
 require_relative 'snackhack2/CVE-2017-9841'
 require_relative 'snackhack2/phishing_tlds'
+=end
+Dir.glob(File.join(File.dirname(__FILE__), "snackhack2", "*")).each do |file|
+  unless File.directory?(file)
+    require_relative file
+  end
+end
 module Snackhack2
   UA = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36'
   def self.read_serverversion
@@ -57,10 +63,17 @@ module Snackhack2
     end
   end
 
-  def self.file_save(site, type, content, ip: false)
-    hostname = URI.parse(site).host
-    File.open("#{hostname}_#{type}.txt", 'w+') { |file| file.write(content) }
-    puts "[+] Saving file to #{hostname}_#{type}.txt..."
+  def self.file_save(site, type, content, ip: false, host: true)
+    if host
+      hostname = URI.parse(site).host
+      File.open("#{hostname}_#{type}.txt", 'w+') { |file| file.write(content) }
+      puts "[+] Saving file to #{hostname}_#{type}.txt..."
+    else
+      File.open("#{site}_#{type}.txt", 'w+') { |file| file.write(content) }
+      puts "[+] Saving file to #{site}_#{type}.txt..."
+    end
+    
+    
   end
 
   def self.get(site)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: snackhack2
 version: !ruby/object:Gem::Version
-  version: 0.6.5
+  version: 0.6.7
 platform: ruby
 authors:
 - mike
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-10-08 00:00:00.000000000 Z
+date: 2025-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -99,6 +99,7 @@ files:
 - lib/snackhack2/robots.rb
 - lib/snackhack2/screenshots.rb
 - lib/snackhack2/sitemap.rb
+- lib/snackhack2/ssh.rb
 - lib/snackhack2/sshbrute.rb
 - lib/snackhack2/ssrf.rb
 - lib/snackhack2/subdomains.rb