+ 
+ TIDoS
+
+
+
+
+
+ 
+
+
+ 
+
+ The Offensive Web Application Penetration Testing Framework.
+
+Here is some light on what the framework is all about:
+- A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.
+- Has 5 main phases, subdivided into __14 sub-phases__ consisting a total of __108 modules__.
+- Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules).
+- Scanning & Enumeration Phase has got 16 modules (including port scans, WAF analysis, etc)
+- Vulnerability Analysis Phase has 37 modules (including most common vulnerabilities in action).
+- Exploits Castle has only 1 exploit. `(purely developmental)`
+- And finally, Auxiliaries have got 4 modules. `more under development`
+- All four phases each have an `Auto-Awesome` module which automates every module for you.
+- huge performance boost through multiprocessing
+- Piping Attacks through Tor (not implemented everywhere yet)
+- You just need the domain, and leave everything is to this tool.
+- TIDoS has full verbose out support, so you'll know whats going on.
+- Attacking now even easier with a new GUI
+
+### Main new features
+- the programming language: TIDoS is fully ported to Python3
+- the interface: TIDoS presents a new, Metasploit-like console interface
+- Parallelisation: TIDoS uses multiprocessing to speed up attacks
+- An alternative CLI interface for faster interaction with one specific module
+- Anonymity: Attacking through Tor is possible (95% done)
+- Module Completion: Some modules have been feature-extended (e.g. more evasion, supporting more than 1 query parameter)
+- Some new modules: arpscan
+- A Graphical User Interface for easier interaction with the toolkit
+- Supports non-default http(s) ports
+
+### Upcoming
+- results of modules will be stored in a database
+- new modules: nikto&photon
### Installation :-
+#### Installation Script (Globally) :
+
+To install the framework globally in /opt, run the provided `core/install.py` script as root. After this, you can launch TIDoS simply by typing `tidos` on the command line.
+
+#### Manual Installation (Locally) :
+
* Clone the repository locally and navigate there:
```
-git clone https://github.com/theinfecteddrake/tidos-framework.git
+git clone https://github.com/0xinfection/tidos-framework.git
cd tidos-framework
```
-* Install the dependencies:
+
+TIDoS needs some libraries to run, which can be installed via `aptitude` or `dnf` Package Managers.
+```
+sudo apt-get install libncurses5 libxml2 nmap tcpdump libexiv2-dev build-essential python3-pip libmariadbclient18 libmysqlclient-dev tor konsole
+```
+Now after these dependencies are finished installing, we need to install the remaining Python Package dependencies, hence run:
+```
+pip3 install -r requirements.txt
+```
+
+TIDoS uses Vailyn to scan for path traversals in a new, improved path traversal module. If you want to use that module, head to `https://github.com/VainlyStrain/Vailyn`, and follow the installation instructions there.
+
+Thats it. You now have TIDoS at your service. Fire it up using:
+```
+python3 tidv2 #Qt5 interface
+sudo python3 tidconsole.py #console interface
+```
+
+#### Docker image :
+
+You can build it from Dockerfile :
```
-chmod +x install
-./install
+git clone https://github.com/0xinfection/tidos-framework.git
+cd tidos-framework/core/docker
+docker build -t tidos .
```
-
-Thats it! Now you are good to go! Now lets run the tool:
+To run TIDoS :
+
```
+docker run --interactive --tty --rm tidos bash
tidos
```
-### Getting Started :-
+Update: TIDoS is now available on Docker Hub. Install and run the container like this:
-TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules.
+```
+docker run -it vainlystrain/tidos-framework
+```
-But before that, you need to set your own `API KEYS` for various OSINT purposes. To do so, open up `API_KEYS.py` under `files/` directory and set your own keys and access tokens for `SHODAN`, `CENSYS`, `FULL CONTACT`, `GOOGLE` and `WHATCMS`. Public `API KEYS` and `ACCESS TOKENS` for `SHODAN` and `WHATCMS` have been provided with the TIDoS release itself. You can still add your own... `no harm!`
+#### Updating TIDoS :
-Finally, as the framework opens up, enter the website name `eg. http://www.example.com` and let TIDoS lead you. Thats it! Its as easy as that.
+To get the current version of TIDoS, move into the installation folder and perform `(sudo) git pull #sudo if installed by install.py`. Alternatively, you can run the `fetch` command in tidconsole.
-> Recommended:
-> - Follow the order of the tool (Run in a schematic way).
+### Getting Started :-
+
+To get started, you need to set your own `API KEYS` for various OSINT & Scanning and Enumeration purposes. To do so, open up `API_KEYS.py` under `files/` directory and set your own keys and access tokens for `SHODAN`, `CENSYS`, `FULL CONTACT`, `GOOGLE` and `WHATCMS`.
+
+> __GOOD NEWS__:
>
-> `Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis`
+> The latest release of TIDoS includes all API KEYS and ACCESS TOKENS for `SHODAN`, `CENSYS`, `FULL CONTACT`, `GOOGLE` and `WHATCMS` by default. I found these tokens on various repositories on GitHub itself. __You can now use all the modules__ which use the API KEYS. :)
-To update this tool, use `tidos_updater.py` module under `tools/` folder.
+#### Commands :-
+
+```
+__ __
+ ! attack Attack specified target(s) M
+ : clear Clear terminal. :
+ V creds Handle target credentials.
+ : fetch Check for and install updates. :
+ : find Search a module. :
+ help Show help message. :
+ info Show description of current module. M
+ : intro Display Intro. :
+ : leave Leave module. M
+ list List all modules of a category. :
+ : load Load module. :
+ : netinfo Show network information. :
+ : opts Show options of current module. M
+ phpsploit Load the phpsploit framework. :
+ (needs to be downloaded externally)
+ : processes Set number of processes in parallelis. :
+ q Terminate TIDoS session. :
+ : sessions Interact with cached sessions. :
+ : set Set option value of module. M
+ : tor Pipe Attacks through the Tor Network. :
+ vicadd Add Target to list. :
+ vicdel Delete Target from list. :
+ viclist List all targets. :
+
+ Avail. Cmds
+ M needs loaded modvle
+ V [! potentially] need loaded target(s)
+```
### Flawless Features :-
-TIDoS Framework presently supports the following: `and is under active development`
+TIDoS presently supports the following: `and more modules are under active development`
* __Reconnaissance + OSINT__
- + Passive Reconnaissance:
+ + __Passive Reconnaissance:__
- Nping Enumeration `Via external APi`
- WhoIS Lookup `Domain info gathering`
- GeoIP Lookup `Pinpoint physical location`
@@ -87,7 +178,7 @@ TIDoS Framework presently supports the following: `and is under active developme
- Censys Intel Gathering `Domain Based`
- Threat Intelligence Gathering `Bad IPs`
- + Active Reconnaissance
+ + __Active Reconnaissance:__
- Ping Enumeration `Advanced`
- CMS Detection `(185+ CMSs supported)` `IMPROVED`
- Advanced Traceroute `IMPROVED`
@@ -98,6 +189,7 @@ TIDoS Framework presently supports the following: `and is under active developme
- Examine SSL Certificate `Absolute`
- Apache Status Disclosure Checks `File Based`
- WebDAV HTTP Enumeration `PROFIND & SEARCH`
+ - PHPInfo File Enumeration `via Bruteforce`
- Comments Scraper `Regex Based`
- Find Shared DNS Hosts `Name Server Based`
- Alternate Sites Discovery `User-Agent Based`
@@ -106,9 +198,11 @@ TIDoS Framework presently supports the following: `and is under active developme
- Common Backup Locations `.bak, .db, etc.`
- Common Password Locations ` .pgp, .skr, etc.`
- Common Proxy Path Configs. `.pac, etc.`
+ - Multiple Index Paths `index, index1, etc.`
- Common Dot Files `.htaccess, .apache, etc`
+ - Common Logfile Locations `.log, .changelog, etc`
- + Information Disclosure
+ + __Information Disclosure:__
- Credit Cards Disclosure `If Plaintext`
- Email Harvester `IMPROVED`
- Fatal Errors Enumeration `Includes Full Path Disclosure`
@@ -124,19 +218,21 @@ TIDoS Framework presently supports the following: `and is under active developme
- TCP SYN Scan `Highly reliable`
- TCP Connect Scan `Highly Reliable`
- XMAS Flag Scan `Reliable Only in LANs`
- - Fin Flag Scan `Reliable Only in LANs`
+ - FIN Flag Scan `Reliable Only in LANs`
- Port Service Detector
+ Web Technology Enumeration `Absolute`
+ + Complete SSL Enumeration `Absolute`
+ Operating System Fingerprinting `IMPROVED`
+ Banner Grabbing of Services `via Open Ports`
+ Interactive Scanning with NMap `16 preloaded modules`
- + Enumeration Domain-Linked IPs `Using CENSYS Database`
- + Crawlers
+ + Internet Wide Servers Scan `Using CENSYS Database`
+ + Web and Links Crawlers
- Depth 1 `Indexed Uri Crawler`
- Depth 2 `Single Page Crawler`
- Depth 3 `Web Link Crawler`
+ + ARP Scanner `NEW`
-+ __Vulnerability Analysis__
+* __Vulnerability Analysis__
__Web-Bugs & Server Misconfigurations__
@@ -148,7 +244,7 @@ TIDoS Framework presently supports the following: `and is under active developme
- `X-FRAME-OPTIONS` Header Checks
+ Security on Cookies
- `HTTPOnly` Flag
- - `Secure` Flag
+ - `Secure` Flag on Cookies
+ Cloudflare Misconfiguration Check
- DNS Misconfiguration Checks
- Online Database Lookup `For Breaches`
@@ -158,7 +254,7 @@ TIDoS Framework presently supports the following: `and is under active developme
- Missing `SPF` Records
- Missing `DMARC` Records
+ Host Header Injection
- - Port Based `Over HTTP 80`
+ - Port Based `Web Socket Based`
- `X-Forwarded-For` Header Injection
+ Security Headers Analysis `Live Capture`
+ Cross-Site Tracing `HTTP TRACE Method`
@@ -174,7 +270,7 @@ TIDoS Framework presently supports the following: `and is under active developme
- Parameter Based
- Pre-loaded Path Based
+ OS Command Injection `Linux & Windows (RCE)`
- + Path Traversal `(Sensitive Paths)`
+ + Path Traversal `ENHANCED`
+ Cross-Site Request Forgery `Absolute`
+ SQL Injection
+ Error Based Injection
@@ -189,15 +285,17 @@ TIDoS Framework presently supports the following: `and is under active developme
- Auto-gathering `IMPROVED`
+ LDAP Injection `Parameter Based`
+ HTML Injection `Parameter Based`
- + Bash Command Injection `ShellShock`
+ + Bash Command Injection `ShellShock`
+ + Apache Struts Shock `Apache RCE`
+ + XPATH Injection `Parameter Based`
+ Cross-Site Scripting `IMPROVED`
- Cookie Value Based
- Referer Value Based
- User-Agent Value Based
- Parameter Value Based `Manual`
+ Unvalidated URL Forwards `Open Redirect`
- + PHP Code Injection `Windows + Linux`
- + HTTP Response Splitting `CRLF Injection`
+ + PHP Code Injection `Windows + Linux RCE`
+ + CRLF Injection `HTTP Response Splitting`
- User-Agent Value Based
- Parameter value Based `Manual`
+ Sub-domain Takeover `50+ Services`
@@ -212,7 +310,7 @@ TIDoS Framework presently supports the following: `and is under active developme
- SSH Protocol Bruteforce
- POP 2/3 Protocol Bruteforce
- SQL Protocol Bruteforce
- - XMPP Protocol Bruteforce
+ - (XMPP Protocol Bruteforce) `BROKEN:DEP`
- SMTP Protocol Bruteforce
- TELNET Protocol Bruteforce
@@ -228,47 +326,22 @@ TIDoS Framework presently supports the following: `and is under active developme
+ ShellShock
### Other Tools:
-- `net_info.py` - Displays information about your network. Located under `tools/`.
-- `tidos_updater.py` - Updates the framework to the latest release via signature matching. Located under `tools/'.
+- `net_info.py` - Displays information about your network. Accessible from 'netinfo' command.
### TIDoS In Action:
-
-
-
-
+Lets see a demonstration of TIDoS in action:
-
-
-
+[](https://asciinema.org/a/359477)
### Version:
```
-v1.5.2 [latest release] [#stable]
+v2.0.1-5 [latest release] [#beta]
```
-### Upcoming:
-
-There are some bruteforce modules to be added:
-- Some more of Enumeraton & Information Disclosure modules.
-- Lots more of OSINT & Stuff (let that be a suspense).
-- More of Auxillary Modules.
-- Some Exploits are too being worked on.
-
-### Known Bugs:
-
-This version of TIDoS is purely developmental and is presently `stable`. There are bugs in resolving the `[99] Back` at various end-points which results in blind fall-backs. Though I have added global exception handling, still, there maybe bugs out there. Also TIDoS needs to develop more on logging all info displayed on the screen `(help needed)`.
-
### Disclaimer:
-TIDoS is provided as a offensive web application audit framework. It has built-in modules which can reveal potential misconfigurations and vulnerabilties in web applications which could possibly be exploited maliciously.
-
-__THEREFORE, I AM NOT EXCLUSIVELY RESPONSIBLE FOR ANY MISUSE OF THIS TOOLKIT.__
+TIDoS is provided as an offensive web application audit framework. It has built-in modules which can reveal potential misconfigurations and vulnerabilties in web applications which could possibly be exploited maliciously.
-### Final Words:
+__THEREFORE, NEITHER THE AUTHOR NOR THE CONTRIBUTORS ARE RESPONSIBLE FOR ANY MISUSE OR DAMAGE DUE TO THIS TOOLKIT.__
-This project is presently under active development so you may want to put it on a watch, since it is updated frequently `(you can take a look at past commits history)`. This project is one of the best frameworks I have ever built and I would really like your constructive criticism, suggestions and help in converting this project into the best web penetration testing framework ever built `and trust me, it will be ;)`.
-
-> Thank you,
->
-> @_tID | CodeSploit
diff --git a/core/.directory b/core/.directory
new file mode 100644
index 00000000..acdd027f
--- /dev/null
+++ b/core/.directory
@@ -0,0 +1,2 @@
+[Desktop Entry]
+Icon=/home/vainlystrain/Pictures/vaileava11.png
diff --git a/core/Core/__init__.py b/core/Core/__init__.py
new file mode 100644
index 00000000..8d1c8b69
--- /dev/null
+++ b/core/Core/__init__.py
@@ -0,0 +1 @@
+
diff --git a/core/Core/__pycache__/__init__.cpython-37.pyc b/core/Core/__pycache__/__init__.cpython-37.pyc
new file mode 100644
index 00000000..646a3499
Binary files /dev/null and b/core/Core/__pycache__/__init__.cpython-37.pyc differ
diff --git a/core/Core/__pycache__/colors.cpython-37.pyc b/core/Core/__pycache__/colors.cpython-37.pyc
new file mode 100644
index 00000000..f4f04f36
Binary files /dev/null and b/core/Core/__pycache__/colors.cpython-37.pyc differ
diff --git a/core/Core/colors.py b/core/Core/colors.py
new file mode 100644
index 00000000..1a278a6f
--- /dev/null
+++ b/core/Core/colors.py
@@ -0,0 +1,64 @@
+#!/usr/bin/env python3
+
+#-:-:-:-:-:-:-:-:-:-:-:-:#
+# TIDoS Framework #
+#-:-:-:-:-:-:-:-:-:-:-:-:#
+
+#This module requires TIDoS Framework
+#https://github.com/0xInfection/TIDoS-Framework
+
+###############################
+class color:
+ PURPLE = '\033[95m'
+ CYAN = '\033[96m'
+ DARKCYAN = '\033[36m'
+ BLUE = '\033[94m'
+ GREEN = '\033[92m'
+ YELLOW = '\033[93m'
+ RED = '\033[91m'
+ BOLD = '\033[1m'
+ UNDERLINE = '\033[4m'
+ CURSIVE = '\033[3m'
+ END = '\033[0m'
+ HEADER = '\033[95m'
+ OKBLUE = '\033[94m'
+ OKGREEN = '\033[92m'
+ WARNING = '\033[93m'
+ FAIL = '\033[91m'
+ #TR1 = '\033[0m\033[48;2;58;49;58m\033[38;2;225;214;225m\uE0B0'
+ #TR2 = '\033[0m\033[38;2;225;214;225m\uE0B0'
+ #TR3 = '\033[0m\033[48;2;225;214;225m\033[38;2;58;49;58m\uE0B0'
+ #TR4 = '\033[0m\033[38;2;58;49;58m\uE0B0'
+ #TR5 = '\033[0m\033[48;2;225;214;225m\033[38;2;19;14;19m\uE0B0'
+ #TR6 = '\033[0m\033[48;2;58;49;58m\033[38;2;19;14;19m\uE0B0'
+
+ TR1 = '\033[0m\033[48;2;58;49;58m\033[38;2;225;214;225m|'
+ TR2 = '\033[0m\033[38;2;225;214;225m|'
+ TR3 = '\033[0m\033[48;2;225;214;225m\033[38;2;58;49;58m|'
+ TR4 = '\033[0m\033[38;2;58;49;58m|'
+ TR5 = '\033[0m\033[48;2;225;214;225m\033[38;2;19;14;19m|'
+ TR6 = '\033[0m\033[48;2;58;49;58m\033[38;2;19;14;19m|'
+ VBG = '\033[48;2;19;14;19m'
+ TITLE = '\033[38;2;85;72;85m'
+ BAR = '\033[38;2;225;214;225m'
+ #TR1 = '\033[48;2;58;49;58m\033[38;2;225;214;225m\u25B6'
+
+W = '\033[0m\033[1;0m' # white (normal)
+#R = '\033[1;31m' # red
+R = '\033[0m\033[38;2;58;49;58m\033[1m'
+#G = '\033[0m\033[1m' # green
+#G = '\033[0m\033[48;2;255;255;255m\033[38;2;58;49;58m\033[1m'
+G = '\033[0m\033[48;2;225;214;225m\033[38;2;58;49;58m\033[1m'
+#G = '\033[0m\033[48;2;85;72;85m\033[38;2;225;214;225m'
+#O = '\033[0m\033[1m' # orange
+O = '\033[0m\033[48;2;58;49;58m'
+B = '\033[0m\033[1m' # blue
+#P = '\033[0m\033[1m' # purple
+P = '\033[0m\033[38;2;58;49;58m\033[3m'
+C = '\033[0m\033[1m' # cyan
+GR = '\033[0m\033[1m' # gray
+T = '\033[0m\033[1m' # tan
+RB = '\033[48;2;58;49;58m'
+RC = '\033[0m\033[38;2;58;49;58m\033[3m'
+RD = '\033[0m\033[38;2;58;49;58m'
+###############################
diff --git a/core/__init__.py b/core/__init__.py
index 73a0d197..8d1c8b69 100644
--- a/core/__init__.py
+++ b/core/__init__.py
@@ -1,11 +1 @@
-#!/usr/bin/env python2
-# coding: utf-8
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This module requires TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-pass
+
diff --git a/core/__pycache__/__init__.cpython-37.pyc b/core/__pycache__/__init__.cpython-37.pyc
new file mode 100644
index 00000000..33b2aef7
Binary files /dev/null and b/core/__pycache__/__init__.cpython-37.pyc differ
diff --git a/core/__pycache__/colors.cpython-37.pyc b/core/__pycache__/colors.cpython-37.pyc
new file mode 100644
index 00000000..697a5602
Binary files /dev/null and b/core/__pycache__/colors.cpython-37.pyc differ
diff --git a/core/__pycache__/variables.cpython-37.pyc b/core/__pycache__/variables.cpython-37.pyc
new file mode 100644
index 00000000..cf485848
Binary files /dev/null and b/core/__pycache__/variables.cpython-37.pyc differ
diff --git a/core/activeban.py b/core/activeban.py
deleted file mode 100644
index eccfd03b..00000000
--- a/core/activeban.py
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/usr/bin/env python2
-# coding: utf-8
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This module requires TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-from colors import *
-import time
-
-def activeban():
-
- time.sleep(0.4)
- print G+' +----------------+'
- print G+' | '+O+'ACTIVE RECON'+G+' |'
- print G+' +----------------+'
- time.sleep(0.3)
- print ''
- print B+' [1]'+C+' Ping/NPing Enumeration'+W+' (Adaptative+Debug)'
- time.sleep(0.1)
- print B+' [2]'+C+' Grab HTTP Headers'+W+' (Live Capture)'
- time.sleep(0.1)
- print B+' [3]'+C+' Find Allowed HTTP Methods'+W+' (Via OPTIONS)'
- time.sleep(0.1)
- print B+' [4]'+C+' Examine robots.txt and sitemap.xml'
- time.sleep(0.1)
- print B+' [5]'+C+' Scrape Comments from Webpage'+W+' (Regex Based)'
- time.sleep(0.1)
- print B+' [6]'+C+' Perform Advanced Traceroute'+W+' (TTL Based)'
- time.sleep(0.1)
- print B+' [7]'+C+' Find Shared DNS Hosts'+W+' (NameServer Based)'
- time.sleep(0.1)
- print B+' [8]'+C+' Examine SSL Certificate'+W+' (Absolute)'
- time.sleep(0.1)
- print B+' [9]'+C+' CMS Detection '+W+'(185+ CMSs supported)'
- time.sleep(0.1)
- print B+' [10]'+C+' Apache Status Disclosure'+W+' (File Based)'
- time.sleep(0.1)
- print B+' [11]'+C+' WebDAV HTTP Enumeration'+W+' (SEARCH, PROFIND)'
- time.sleep(0.1)
- print B+' [12]'+C+' Enumerate Server behind website'+W
- time.sleep(0.1)
- print B+' [13]'+C+' Alternate Sites'+W+' (User-Agent Based)'
- time.sleep(0.1)
- print B+' [14]'+C+' Common File Bruteforce'+W+' (5 modules)\n'
- time.sleep(0.1)
- print B+' [A]'+C+' The Auto-Awesome Module\n'
- time.sleep(0.1)
- print B+' [99]'+C+' Back\n'
-
diff --git a/core/activeo.py b/core/activeo.py
deleted file mode 100644
index dadbb53b..00000000
--- a/core/activeo.py
+++ /dev/null
@@ -1,232 +0,0 @@
-#!/usr/bin/env python2
-# coding: utf-8
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This module requires TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-import sys
-import os
-import time
-import subprocess
-import random
-from random import randint
-sys.path.append('modules/ActiveRecon/')
-
-from piwebenum import *
-from grabhead import *
-from httpmethods import *
-from robot import *
-from apachestat import *
-from dav import *
-from sharedns import *
-from commentssrc import *
-from sslcert import *
-from activeban import *
-from filebrute import *
-from traceroute import *
-from cms import *
-from serverdetect import *
-from altsites import *
-from colors import *
-
-def activeo(web):
-
- print " [!] Module Selected : Active Reconnaissance\n\n"
- activeban()
- print ''
- time.sleep(0.3)
- v = raw_input (''+GR+' [#] \033[1;4mTID\033[0m'+GR+' :> ' + color.END)
- print ''
- if v.strip() == '1':
- print C+' [!] Type Selected : Ping/NPing Enumeration'
- piwebenum(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '2':
- print C+' [!] Type Selected : Grab HTTP Headers'
- grabhead(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '3':
- print C+' [!] Type Selected : HTTP Allowed Methods'
- httpmethods(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '4':
- print C+' [!] Type Selected : robots.txt and sitemap.xml Hunt'
- robot(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '5':
- print C+' [!] Type Selected : Scrape Comments'
- commentssrc(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '6':
- print C+' [!] Type Selected '+B+': Traceroute'
- traceroute(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '7':
- print C+' [!] Type Selected : DNS Hosts'
- sharedns(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '8':
- print C+' [!] Type Selected : SSL Certificate'
- sslcert(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '9':
- print C+' [!] Type Selected : CMS Detection'
- cms(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '10':
- print C+' [!] Type Selected : Apache Status'
- apachestat(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '11':
- print C+' [!] Type Selected : WebDAV HTTP Enumeration'
- dav(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '12':
- print C+' [!] Type Selected : Server Detection'
- serverdetect(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '13':
- print C+' [!] Type Selected : Alternate Sites '
- altsites(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == '14':
- print C+' [!] Type Selected : File Bruteforcers'
- filebrute(web)
- print '\n\n'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- activeo(web)
-
- elif v.strip() == 'A':
- print C+' [!] Type Selected : All Modules'
- time.sleep(0.5)
- print C+' [*] Firing up module -->'+B+' Ping Enum'
- piwebenum(web)
- print C+' [!] Module Completed -->'+B+' PIng\n'
-
- time.sleep(1)
- print C+' [*] Firing up module -->'+B+' Grab Headers'
- grabhead(web)
- print C+'\n [!] Module Completed -->'+B+' Grabhead\n'
-
- time.sleep(1)
- print C+' [*] Firing up module -->'+B+' Robots.txt Hunter'
- robot(web)
- print C+'\n [!] Module Completed -->'+B+' Robot Hunter\n'
- time.sleep(1)
-
- print C+' [*] Firing up module -->'+B+' Comments Scraper'
- commentssrc(web)
- print C+'\n [!] Module Completed -->'+B+' Comments Src\n'
- time.sleep(1)
-
- print C+' [*] Firing up module -->'+B+' Traceroute'
- traceroute(web)
- print C+'\n [!] Module Completed -->'+B+' Traceroute\n'
- time.sleep(1)
-
- print C+' [*] Firing up module -->'+B+' Shared DNS Servers'
- sharedns(web)
- print C+'\n [!] Module Completed -->'+B+' Shared DNS Servers\n'
- time.sleep(1)
-
- print C+' [*] Firing up module -->'+B+' SSl Certificate Info'
- sslcert(web)
- print C+'\n [!] Module Completed -->'+B+' SSl Cert\n'
- time.sleep(1)
-
- print C+' [*] Firing up module -->'+B+' CMS Detection'
- cms(web)
- print C+'\n [!] Module Completed -->'+B+' CMS Detect\n'
- time.sleep(1)
-
- print C+' [*] Firing up module -->'+B+' WebDAV HTTP Profiling'
- dav(web)
- print C+'\n [!] Module Completed -->'+B+' WebDAV HTTP Profiling\n'
- time.sleep(1)
-
- print C+' [*] Firing up module -->'+B+' Apache Status'
- apachestat(web)
- print C+'\n [!] Module Completed -->'+B+' Apache Status\n'
- time.sleep(1)
-
- print C+' [*] Firing up module -->'+B+' OS Fingerprinting'
- osdetect(web)
- print C+'\n [!] Module Completed -->'+B+' OS Detect\n'
- time.sleep(1)
-
- print C+' [*] Firing up module -->'+B+' File bruteforcer'
- filebrute(web)
- print C+'\n [!] Module Completed -->'+B+' File Bruteforcer\n'
- time.sleep(1)
-
- print C+' [*] Firing up module -->'+B+' Server Detection'
- serverdetect(web)
- print C+'\n [!] Module Completed -->'+B+' Server Detect\n'
- time.sleep(1)
-
- print C+' [*] Firing up module -->'+B+' Alt. Sites'
- altsites(web)
- print C+'\n [!] Module Completed -->'+B+' Alt. Sites\n'
- time.sleep(1)
-
- print C+'\n [!] All scantypes have been tested on target...'
- raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
- print C+' [*] Going back to menu...'
- time.sleep(3)
- os.system('clear')
- activeo(web)
-
- elif v.strip() == '99':
- print C+' [*] Back to the menu !'
- os.system('clear')
-
- else:
- dope = ['You high dude?','Shit! Enter a valid option','Whoops! Thats not an option','Sorry! You just typed shit']
- print dope[randint(0,3)]
- time.sleep(0.7)
- os.system('clear')
- activeo(web)
-
diff --git a/core/agree.py b/core/agree.py
deleted file mode 100644
index acddd24e..00000000
--- a/core/agree.py
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/usr/bin/env python2
-# coding: utf-8
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This module requires TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-import os
-import sys
-import platform
-import time
-from agreement import *
-from colors import *
-
-def agree():
-
- os.system('clear')
- if str(platform.system()) != "Linux":
- sys.exit(R+" [!] " + color.UNDERLINE + "\033[91m" + "You are not using a Linux Based OS! Linux is a must-have for this script!" + color.END)
- if not os.geteuid() == 0:
- sys.exit(" [!] " + color.UNDERLINE + "\033[91m" + "Must be run as root. :) " + color.END)
- if 'no' in open('agree').read():
- agreement()
-
- a1 = raw_input(O+' [0x00] '+G+'Do you agree to these terms and conditions? :> '+C)
- if a1 == "yes" or a1 == 'y' or a1 == 'Y' or a1 == 'Yes' or a1 == 'yo' or a1 == 'YES' or a1 == 'yep' or a1 == 'Yep' or a1 == 'YEP':
- print G+' [0x01] '+O+'Thats awesome! Move on...'
- time.sleep(3)
- FILE = open("agree","w")
- FILE.write('yes')
- FILE.close()
-
- else:
- print O+' [0x0F] '+R+'You have to agree!'
- time.sleep(1)
- sys.exit(0)
diff --git a/core/agreement.py b/core/agreement.py
deleted file mode 100644
index 9ed9a449..00000000
--- a/core/agreement.py
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/usr/bin/env python2
-# -*- coding: utf-8 -*-
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This module requires TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-def agreement():
-
- print """
-\033[1;95m
- ==========================================
- T I D O S F R A M E W O R K v1.5
- ==========================================
-\033[1;37m
- TIDoS is a open-source toolkit developed as a comprehensive web-app audit framework.
-
- TIDoS was developed by \033[1;33mPinaxx Robinson\033[1;37m, known by the name \033[1;36m@_tID\033[1;37m aka \033[1;36mThe Infected Drake\033[1;37m of \033[1;33mTeam CodeSploit.\033[1;37m
-
- This is to make you note that TIDoS was purely developed for auditing purposes. The developer is not responsible for any damage or data loss due to misuse. If you intend to use this for any malicious purposes, use it at your own risk... ;)
-
- Also by using this tool, you agree to be a awesome person. Try to help others, and do not pollute the community with unwanted stuff.
-
- You can edit these scripts within this tool as per your own needs, provided you use it only for yourself. If you want to publish TIDoS again in a reformed appearance, give the developer some credits. :) \033[1;91m
-
- P.S. - If you find any bugs with this tool, report it.
-
-"""
diff --git a/core/auxil.py b/core/auxil.py
deleted file mode 100644
index d01916d4..00000000
--- a/core/auxil.py
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/env python2
-# coding: utf-8
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This module requires TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-import sys
-import os
-import time
-import subprocess
-import random
-from random import randint
-from subprocess import call
-sys.path.append('modules/AuxilMods/')
-from auxilban import *
-from encodeall import *
-from honeypot import *
-from hashes import *
-from imgext import *
-
-def auxil(web):
-
- print ''
- time.sleep(0.3)
- v = raw_input(GR+' [#] \033[1;4mTID\033[0m'+GR+' :> ' + color.END)
- print ''
- if v == '1':
- print ' [!] Type Selected : Generate Hashes'
- hashes()
- print '\n\n'
- raw_input(O+' [+] Press '+GR+'Enter'+O+' to Continue...')
- auxilban()
- auxil(web)
-
- elif v == '2':
- print ' [!] Type Selected : Encode Strings'
- encodeall()
- print '\n\n'
- raw_input(O+' [+] Press '+GR+'Enter'+O+' to Continue...')
- auxilban()
- auxil(web)
-
- elif v == '3':
- print ' [!] Type Selected : Extract Metadata'
- imgext()
- print '\n\n'
- raw_input(O+' [+] Press '+GR+'Enter'+O+' to Continue...')
- auxilban()
- auxil(web)
-
- elif v == '4':
- print ' [!] Type Selected : Honeypot Detector'
- honeypot()
- print '\n\n'
- raw_input(O+' [+] Press '+GR+'Enter'+O+' to Continue...')
- auxilban()
- auxil(web)
-
- elif v == '99':
- print GR+' [*] Going back!'
- time.sleep(0.7)
- os.system('clear')
-
- else:
- dope = ['You high dude?','Shit! Enter a valid option','Whoops! Thats not an option','Sorry! You just typed shit']
- print dope[randint(0,3)]
- time.sleep(0.7)
- os.system('clear')
- auxilban()
- auxil(web)
diff --git a/core/auxilban.py b/core/auxilban.py
deleted file mode 100644
index d15b16b4..00000000
--- a/core/auxilban.py
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/usr/bin/env python2
-# -*- coding: utf-8 -*-
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This module requires TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-from colors import *
-import time
-import os
-
-def auxilban():
-
- os.system('clear')
- print " [!] Module Selected : Auxillary Modules\n"
- time.sleep(0.4)
- print C+'''
-\033[1;37m
- ' . + . . ' + ' . .
- . ' + . * .
- + ' . +
- . * . . . * . *
- . \033[1;33m _\033[1;37m . . . .
- . . \033[1;33m _ / | \033[1;37m . . * \033[1;33m _ \033[1;37m . . +
- \033[1;33m| \_| | \033[1;37m + . \033[1;33m| | __
- \033[1;33m _ | |\033[1;37m . _ \033[1;33m| |/ |
- + \033[1;33m| \ | \033[1;36m _/\_ \033[1;33m| | / | \ \033[1;37m + /
- \033[1;33m| | \ \033[1;36m+/_\/_\+ \033[1;33m| | / | \ \033[1;37m . |\033[1;34m
- ____\033[1;33m/____\--...\___ \033[1;36m\_||_/\033[1;34m ___...\033[1;33m|__\_\033[1;34m..\033[1;33m|____\____/\033[1;34m_______/_\033[1;34m
- . . \033[1;36m|_|__|_| \033[1;34m . . .
- . . . \033[1;36m_/ /__\ \_\033[1;34m . . . .
- . . . . . .
- . ' ' ' '
- ' \033[1;33m-=[\033[1;31m A U X I L L A R I E S \033[1;33m]=-\033[1;34m . ' .
- . ' . . ' .
-'''
- time.sleep(0.3)
- print ''
- print B+' [1]'+C+' Generate Hashes from Strings'+W+'(4 Types) '
- time.sleep(0.1)
- print B+' [2]'+C+' Encode Payload or Strings'+W+' (7 Types)'
- time.sleep(0.1)
- print B+' [3]'+C+' Extract Metadata from Images'+W+' (EXIF Data)\n'
- time.sleep(0.1)
- print B+' [4]'+C+' HoneyPot Probability'+W+' (ShodanLabs HoneyScore)\n'
- time.sleep(0.1)
- print B+' [99]'+C+' Back\n'
-
diff --git a/core/banner.py b/core/banner.py
deleted file mode 100644
index 6db086fd..00000000
--- a/core/banner.py
+++ /dev/null
@@ -1,144 +0,0 @@
-# coding: utf-8
-#!/usr/bin/env python
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This module requires TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-import os
-from random import randint
-from colors import *
-
-def banner():
-
- header = """
-\033[1;31m
- T H E
-
- ▄▀▀▀█▀▀▄ ▄▀▀█▀▄ ▄▀▀█▄▄ ▄▀▀▀▀▄ ▄▀▀▀▀▄ \033[1;37m
- █ █ ▐ █ █ █ █ ▄▀ █ █ █ ██ ▐
- ▐ █ ▐ █ ▐ ▐ █ █ █ █ ▀▄
- █ █ █ █ ▀▄ ▄▀ ▀▄ █ \033[1;31m
- ▄▀ ▄▀▀▀▀▀▄ ▄▀▄▄▄▄▀ ▀▀▀▀ █▀▀▀
- █ █ █ █ ▐ ▐
- ▐ ▐ ▐ ▐
- F R A M E W O R K
-
-"""
-
-
- oblique = C + """
-\033[1;36m
- T H E
-
- ███ ▄█ ████████▄ ▄██████▄ ▄████████
- ▀█████████▄ ███ ███ ▀███ ███ ███ ███ ███ \033[1;37m
- ▀███▀▀██ ███▌ ███ ███ ███ ███ ███ █▀
- ███ ▀ ███▌ ███ ███ ███ ███ ███
- ███ ███▌ ███ ███ ███ ███ ▀███████████
- ███ ███ ███ ███ ███ ███ ███ \033[1;36m
- ███ ███ ███ ▄███ ███ ███ ▄█ ███
- ▄████▀ █▀ ████████▀ ▀██████▀ ▄████████▀
-
- F R A M E W O R K
-"""
-
- modular = O + """
-\033[1;33m
- ___________________________
- |\_________________________/|\
- || || \
- || \033[1;36mThe \033[1;33m|| |
- || \033[1;36m TIDoS \033[1;33m|| |
- || \033[1;36m Framework \033[1;33m|| |
- || \033[1;33m|| |
- || \033[1;34mWeb Application Audit \033[1;33m|| |
- || \033[1;34m Framework \033[1;33m|| |
- || \033[1;33m|| |
- || \033[1;37mFrom: CodeSploit \033[1;33m|| /
- ||_________________________|| /
- |/_________________________\|/
- __\_________________/__/|
- |_______________________|/
- ________________________
- /\033[0m\033[37moooo oooo oooo oooo \033[1;33m/|
- /\033[0m\033[37mooooooooooooooooooooooo\033[1;33m/ /
- /\033[0m\033[37mooooooooooooooooooooooo\033[1;33m/ /
- /C=_____________________/_/
-"""
-
- fb = C + """
-\033[1;36m
- ,------,-------------------------------------,------.
- | | | |
- | | \033[1;37mThe TIDoS Framework | |
- | | \033[1;34m< CodeSploit > \033[1;36m | |
- | | | |
- | |-------------------------------------| |
- | ||...................................|| |
- | || || |
- | || \033[1;33mHack Facebook? (y/n) \033[1;36m|| |
- | || \033[1;34m---------------------- \033[1;36m|| |
- | ||_______ \033[1;33m$ > (Input) \033[1;36m_______|| |
- | || \033[1;32m$$$$$ \033[1;36m| | \033[1;32m$$$$$\033[1;36m || |
- | ||-------'-------------------'-------|| |
- `------'|___________________________________|`------'
-
-"""
- codesploit = GR + """
-
- MMMMMNMNMMMM$%&.
- .DMMM lM$%.
- .MMN \M$%,.
- MN \M%$..
- .M. \033[1;36mXXXXXXXXXXXXX \033[1;37m\M%$M
- .M \033[1;36m XXXXXXXXXXXXX \033[1;37m\l$%M.
- M \033[1;36m XXX \033[1;37m\M$%M:.
- M \033[1;36m XXX \033[1;37m\$MMM:
- M \033[1;36m XXX \033[1;34mXXXXXXX \033[1;37m:$%MM:
- :M \033[1;36m XXX \033[1;34mXX \033[1;37m :$%MMM:
- M \033[1;36m XXX \033[1;34mXXXXXXX \033[1;37m M%$MM:
- :M: \033[1;36m XXX \033[1;34m XX \033[1;37m M$%M:'
- NM \033[1;36m XXXXXX\033[1;34mXXXXXXX\033[1;36mm \033[1;37m .M$%MM:
- IMM. \033[1;36m XXXXXXXXXXXXX\033[1;36mm \033[1;37m.MD%4M'
- :MM . .MM$%M'
- $MM .MMM$%"'
- MMMM. MMMMMM"
- MMMMMMMMMMMMMMMMMM:*"
-\033[1;33m
- ╔═════════════════════════╗
- █ \033[1;31mC O D E S P L O I T\033[1;33m █
- ╚═════════════════════════╝
-"""
- swan = """
-\033[1;33m
- ...,ooooooooo......
- .o8888888888888888888888888o.
- .o888888888888888888888888888888888o.
- o8888888888A88"V888888888888888888888888o
- o88888887"8" V V888 88888888888888888888o
- o88888888 VV0 888888888888888888888
- o888888888 !/ 88888888888888888888o
- .88888888888 88888V" "V8888888888.
- o88888888888v \033[1;37mT H E \033[1;33m 8888" v8 8888888888o
- 88888888888v 8888v v88 88888888888
- 888888888888 \033[1;37mT I D O S\033[1;33m 88888v "8888888888888
- 88888888888V ""M888 "888P8888888
- 88888888888v \033[1;37mF R A M E W O R K \033[1;33m 88P8888888
-\033[1;36m ______\033[1;33m8888888888888v.........................VF8888888\033[1;36m_______
- :::::::::::::::::::' ::::::::::::::::
- ::::::::::::::::: .::::::: .:::::::::::::::::\033[1;34m
- ::::::::::::::: \033[1;36mFrom:\033[1;34m ::::::: .:::::::::::::::::::
- ::::::::::::::: \033[1;37mCodeSploit\033[1;34m :::::: ::: ::::::::::::::::
- :::::::::::::::. ::::::. :: .::::::::::::::::\033[1;36m
- :::::::::::::::: :::::::. .:::::::::::::::::
- :::::::::::::::. . ::::::::::::::::::::::::::::
-"""
- headers = [header, oblique, modular, codesploit, fb, swan]
- os.system('clear')
- print headers[randint(0,5)]
-
-
diff --git a/core/banner1.py b/core/banner1.py
deleted file mode 100644
index 1c572d5d..00000000
--- a/core/banner1.py
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/usr/bin/env python2
-# -*- coding: utf-8 -*-
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This module requires TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-import time
-from time import sleep
-from colors import *
-
-def banner1():
-
- print B+'[---] '+C+'The TIDoS Framework \033[36m| \033[1;37mVersion v1.5 \033[1;34m[---]'
- sleep(0.2)
- print B+'[---] [---]'
- print B+'[---] \033[1;31m~ Author \033[1;31m: \033[1;33m@_tID ~ \033[1;34m[---]'
- sleep(0.2)
- print B+'[---] '+O+'~ github.com / \033[1;32mtheInfectedDrake ~ \033[1;34m[---]'
- sleep(0.2)
- print B+'[---] [---]'
- sleep(0.2)
- print B+'[---] \033[1;35m5 Phases | \033[1;31m14 Sub-Phases | \033[1;37m102 Modules \033[1;34m[---]'
- sleep(0.2)
- print ''
- print B+' Welcome to '+C+'The TIDoS Framework (TTF)'
- sleep(0.2)
- print GR+' The TIDoS Framework is a project by '+R+'Team CodeSploit\n'
-
diff --git a/core/colors.py b/core/colors.py
deleted file mode 100644
index 96ed4433..00000000
--- a/core/colors.py
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/usr/bin/env python2
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This module requires TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-###############################
-class color:
- PURPLE = '\033[95m'
- CYAN = '\033[96m'
- DARKCYAN = '\033[36m'
- BLUE = '\033[94m'
- GREEN = '\033[92m'
- YELLOW = '\033[93m'
- RED = '\033[91m'
- BOLD = '\033[1m'
- UNDERLINE = '\033[4m'
- END = '\033[0m'
- HEADER = '\033[95m'
- OKBLUE = '\033[94m'
- OKGREEN = '\033[92m'
- WARNING = '\033[93m'
- FAIL = '\033[91m'
-
-W = '\033[1;0m' # white (normal)
-R = '\033[1;31m' # red
-G = '\033[1;32m' # green
-O = '\033[1;33m' # orange
-B = '\033[1;34m' # blue
-P = '\033[1;35m' # purple
-C = '\033[1;36m' # cyan
-GR = '\033[1;37m' # gray
-T = '\033[1;93m' # tan
-###############################
diff --git a/core/crawlers.py b/core/crawlers.py
deleted file mode 100644
index 9c27ff3b..00000000
--- a/core/crawlers.py
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/usr/bin/env python2
-# -*- coding : utf-8
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This script is a part of TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-import sys
-import platform
-import os
-import time
-import random
-import subprocess
-from random import *
-sys.path.append('modules/ScanEnum/')
-
-from crawler1 import *
-from crawler2 import *
-from crawler3 import *
-from crawlersban import *
-from colors import *
-
-def crawlers(web):
-
- time.sleep(0.3)
- print ' [!] Module Selected : Crawlers'
- time.sleep(0.4)
- crawlersban()
- v = raw_input(O+' [#] TID :> ')
- if v.strip() == '1':
- print B+' [!] Module Selected :'+C+' Crawler (Depth1)'
- crawler1(web)
- time.sleep(1)
- crawlers(web)
-
- elif v.strip() == '2':
- print B+' [!] Module Selected :'+C+' Crawler (Depth 2)'
- crawler2(web)
- time.sleep(1)
- crawlers(web)
-
- elif v.strip() == '3':
- print B+' [!] Module Selected :'+C+' Crawler (Depth 3)'
- crawler3(web)
- time.sleep(1)
- crawlers(web)
-
- elif v.strip() == '99':
- print GR+' [*] Going back...'
- time.sleep(0.5)
- os.system('clear')
-
- elif v.strip() == 'A':
- print W+'\n [!] Module Automater Initialized...'
- sleep(0.5)
- print B+' [*] Initializing Scan Type :'+C+' Crawler (Depth 1)'
- crawler1(web)
- print B+'\n [!] Scan Type Completed :'+C+' Crawler 1\n'
- sleep(0.5)
- print B+' [!] Initializing Scan Type :'+C+' Crawler (Depth 2)'
- crawler2(web)
- print B+'\n [!] Scan Type Completed :'+C+' Crawler 2\n'
- sleep(0.5)
- print B+' [!] Initializing Scan Type :'+C+' Crawler (Depth 3)'
- crawler3(web)
- print B+'\n [!] Scan Type Completed :'+C+' Crawler 3\n'
- print G+' [+] All modules successfully completed!'
- raw_input(GR+' [+] Press '+O+'Enter '+GR+'to continue...')
- crawlers(web)
-
- else:
- dope = ['You high dude?','Shit! Enter a valid option','Whoops! Thats not an option','Sorry! You just typed shit']
- print ' [-] '+dope[randint(0,3)]
- sleep(1)
- crawlers(web)
-
diff --git a/core/crawlersban.py b/core/crawlersban.py
deleted file mode 100644
index b820d35e..00000000
--- a/core/crawlersban.py
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/usr/bin/env python2
-# -*- coding : utf-8
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This script is a part of TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-import time
-from time import sleep
-from colors import *
-
-def crawlersban():
-
- print O+'\n +-----------------+'
- print O+' | '+G+' CRAWLER TYPES '+O+' |'
- print O+' +-----------------+\n'
- print ''
- sleep(0.2)
- print B+" [1] "+C+"Crawler \033[1;0m(Depth 1)"
- sleep(0.2)
- print B+' [2] '+C+'Crawler \033[1;0m(Depth 2) '
- sleep(0.2)
- print B+' [3] '+C+'Crawler \033[1;0m(Depth 3) '
- sleep(0.2)
- print B+'\n [A] '+C+'Test both crawlers 1 by 1 '
- sleep(0.2)
- print B+'\n [99] '+C+'Back \n'
-
diff --git a/core/database/database_module.py b/core/database/database_module.py
new file mode 100644
index 00000000..1a7c73ea
--- /dev/null
+++ b/core/database/database_module.py
@@ -0,0 +1,113 @@
+import sqlite3
+
+# This module contains three functions:
+# 1. save_data - inserts data into the database, and automatically creates tables and
+# organizes the data as necessary.
+# 2. retrieve_data - generates SQLite queries to retrieve the requested data from the
+# database and returns the data.
+# 3. get_info - reads the database and returns a dictionary that acts as an index to
+# the data in the database. This dictionary is used by the menu function to build
+# out the menu.
+# The functions in this module take the following arguments:
+# save_data and retrieve_data take the following arguments:
+# database = database file name in the format "databasename.db". This will be the same
+# throughout the session.
+# module = the name of the top-level module you're in. Can't have spaces or special
+# characters. Should be EXACTLY matching one of the following:
+# "ReconANDOSINT", "ScanANDEnum", "VulnAnalysis", "Exploitation", or "AuxModules"
+# lvl1, lvl2, lvl3 = the names of the next levels of modules, on down to the one you're
+# in. If you don't go all the way down to lvl3, input Null. Can have spaces. Should
+# exactly match the name of the module as written in the menu.
+# data = should be the data generated by the module. It will be unchanged when it is
+# passed in and out of the database.
+
+def save_data(database, module, lvl1, lvl2, lvl3, host, data):
+ connection = sqlite3.connect(database)
+ cursor = connection.cursor()
+ check_table = 'SELECT name FROM sqlite_master WHERE type=\'table\' AND name=\'{}\''.format(module)
+ cursor.execute(check_table)
+ checker = cursor.fetchone()
+ if checker == None:
+ create_table = 'CREATE TABLE {} (\
+ id INTEGER PRIMARY KEY, \
+ lvl1 text not null, \
+ lvl2 text, \
+ lvl3 text, \
+ number int, \
+ data blob);'.format(module)
+ cursor.execute(create_table)
+ connection.commit()
+ check_entries = 'SELECT number FROM {} WHERE lvl1="{}" AND lvl2="{}" AND lvl3="{}"'.format(module, lvl1, lvl2, lvl3)
+ cursor.execute(check_entries)
+ printable = cursor.fetchall()
+ ctr = 0
+ high = []
+ while ctr < len(printable):
+ high.append(printable[ctr][0])
+ ctr += 1
+ if high == []:
+ highest = 1
+ else:
+ highest = max(high) + 1
+ insert_into_table = 'INSERT INTO {} (lvl1, lvl2, lvl3, number, data) VALUES (?, ?, ?, ?, ?);'.format(module)
+ table_entry_parameters = (lvl1, lvl2, lvl3, highest, data)
+ cursor.execute(insert_into_table, table_entry_parameters)
+ connection.commit()
+ connection.close()
+
+def retrieve_data(database, module, lvl1, lvl2, lvl3, num):
+ connection = sqlite3.connect(database)
+ cursor = connection.cursor()
+ if lvl3 == "":
+ if lvl2 == "":
+ select_from_table = 'SELECT data FROM {} WHERE lvl1="{}" AND lvl2="" AND lvl3="" AND number={}'.format(module, lvl1, num)
+ else:
+ select_from_table = 'SELECT data FROM {} WHERE lvl1="{}" AND lvl2="{}" AND lvl3="" AND number={}'.format(module, lvl1, lvl2, num)
+ else:
+ select_from_table = 'SELECT data FROM {} WHERE lvl1="{}" AND lvl2="{}" AND lvl3="{}" AND number={}'.format(module, lvl1, lvl2, lvl3, num)
+ cursor.execute(select_from_table)
+ returned_data = cursor.fetchall()
+ connection.close()
+ return returned_data[0][0]
+
+# This function receives only the file name of the database. It reads what is in the
+# database and returns a dictionary that acts as an index to the data saved in the
+# database. This dictionary is read by the menu function to build out the menu.
+def get_info(database):
+ modules = ['ReconANDOSINT', 'ScanANDEnum', 'VulnAnalysis', 'Exploitation', 'AuxModules']
+ saved_modules = []
+ data_saved = {}
+ connection = sqlite3.connect(database)
+ cursor = connection.cursor()
+ for module in modules:
+ check_table = 'SELECT name FROM sqlite_master WHERE type=\'table\' AND name=\'{}\''.format(module)
+ cursor.execute(check_table)
+ check = cursor.fetchone()
+ if check != None:
+ saved_modules.append(module)
+ for module in saved_modules:
+ if module not in data_saved.keys():
+ data_saved[module] = {}
+ ctr = 1
+ while True:
+ cmd = 'SELECT lvl1, lvl2, lvl3, number FROM {} WHERE id={}'.format(module, ctr)
+ cursor.execute(cmd)
+ grab_data = cursor.fetchone()
+ if grab_data == None:
+ break
+ else:
+ if grab_data[0] not in data_saved[module].keys():
+ data_saved[module][grab_data[0]] = {}
+ if grab_data[1] != '':
+ if grab_data[1] not in data_saved[module][grab_data[0]].keys():
+ data_saved[module][grab_data[0]][grab_data[1]] = {}
+ if grab_data[2] == '':
+ if grab_data[1] == '':
+ data_saved[module][grab_data[0]].update( {grab_data[3] : "Data"} )
+ else:
+ data_saved[module][grab_data[0]][grab_data[1]].update( {grab_data[3] : "Data"} )
+ else:
+ data_saved[module][grab_data[0]][grab_data[1]][grab_data[2]].update( {grab_data[3] : "Data"} )
+ ctr += 1
+ connection.close()
+ return data_saved
\ No newline at end of file
diff --git a/core/database/db_menu.py b/core/database/db_menu.py
new file mode 100644
index 00000000..1dc1ebaf
--- /dev/null
+++ b/core/database/db_menu.py
@@ -0,0 +1,108 @@
+from database_module import get_info, retrieve_data
+import sys
+
+menu_dict = {
+ 'ReconANDOSINT' : 'Reconnaissance & OSINT',
+ 'ScanANDEnum' : 'Scanning & Enumeration',
+ 'VulnAnalysis' : 'Vulnerability Analysis',
+ 'Exploitation' : 'Exploitation',
+ 'AuxModules' : 'Auxiliary Modules'
+ }
+db_name = "sessionresults.db"
+query_list = [db_name]
+error_message = "Sorry, please enter one of the choices listed."
+menu_message = "Please make your selection: "
+input_cursor = "Input > "
+main_exit_message = "E) Exit."
+higher_menu_exit_message = "0) Exit to higher menu."
+exit_message = "Now exiting. Goodbye."
+
+def query_db(query_list):
+ db, module, lvl1 = query_list[0], query_list[1], query_list[2]
+ if len(query_list) == 4:
+ lvl2, lvl3, num = "", "", query_list[3]
+ elif len(query_list) == 5:
+ lvl2, lvl3, num = query_list[3], "", query_list[4]
+ else:
+ lvl2, lvl3, num = query_list[3], query_list[4], query_list[5]
+ print(retrieve_data(db, module, lvl1, lvl2, lvl3, num))
+
+def build_db_menu(a_list, b_list, selection):
+ print(menu_message)
+ while True:
+ ctr = 0
+ while ctr < len(a_list):
+ if selection == "Data":
+ print("{}) Scan {}".format(str(ctr + 1), a_list[ctr]))
+ elif b_list != "None":
+ print("{}) {}".format(str(ctr + 1), b_list[ctr]))
+ else:
+ print("{}) {}".format(str(ctr + 1), a_list[ctr]))
+ ctr += 1
+ if selection != "None":
+ print(higher_menu_exit_message)
+ print(main_exit_message)
+ cmd = input(input_cursor)
+ if cmd == "e" or cmd == "E" or cmd == "exit" or cmd == "Exit" or cmd == "EXIT":
+ print(exit_message)
+ sys.exit()
+ elif cmd == "0":
+ del query_list[-1]
+ return cmd
+ elif int(cmd) <= len(a_list):
+ query_list.append(a_list[int(cmd) - 1])
+ if selection == "None":
+ return a_list[int(cmd) - 1]
+ elif selection[a_list[int(cmd) - 1]] == "Data":
+ print(selection[a_list[int(cmd) - 1]])
+ query_db(query_list)
+ del query_list[-1]
+ else:
+ return a_list[int(cmd) - 1]
+ else:
+ print(error_message)
+
+def level_five_menu(choice1, choice2, choice3, choice4, menu_data):
+ a_list = list(menu_data[choice1][choice2][choice3][choice4].keys())
+ selection = menu_data[choice1][choice2][choice3][choice4]
+ result = build_db_menu(a_list, "None", selection)
+ if result == "0":
+ level_four_menu(choice1, choice2, choice3, menu_data)
+
+def level_four_menu(choice1, choice2, choice3, menu_data):
+ a_list = list(menu_data[choice1][choice2][choice3].keys())
+ selection = menu_data[choice1][choice2][choice3]
+ result = build_db_menu(a_list, "None", selection)
+ if result == "0":
+ level_three_menu(choice1, choice2, menu_data)
+ else:
+ level_five_menu(choice1, choice2, choice3, result, menu_data)
+
+def level_three_menu(choice1, choice2, menu_data):
+ a_list = list(menu_data[choice1][choice2].keys())
+ selection = menu_data[choice1][choice2]
+ result = build_db_menu(a_list, "None", selection)
+ if result == "0":
+ level_two_menu(choice1, menu_data)
+ else:
+ level_four_menu(choice1, choice2, result, menu_data)
+
+def level_two_menu(choice, menu_data):
+ a_list = list(menu_data[choice].keys())
+ selection = menu_data[choice]
+ result = build_db_menu(a_list, "None", selection)
+ if result == "0":
+ menu(menu_data)
+ else:
+ level_three_menu(choice, result, menu_data)
+
+def menu(menu_data):
+ a_list = list(menu_data.keys())
+ b_list = []
+ for item in a_list:
+ b_list.append(menu_dict[item])
+ result = build_db_menu(a_list, b_list, "None")
+ level_two_menu(result, menu_data)
+
+menu_data = get_info(db_name)
+menu(menu_data)
\ No newline at end of file
diff --git a/core/database/tidos.db b/core/database/tidos.db
new file mode 100644
index 00000000..d4b04e9c
Binary files /dev/null and b/core/database/tidos.db differ
diff --git a/core/dispmenu.py b/core/dispmenu.py
deleted file mode 100644
index 4d083fe9..00000000
--- a/core/dispmenu.py
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/bin/env python2
-# coding: utf-8
-
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-# TIDoS Framework #
-#-:-:-:-:-:-:-:-:-:-:-:-:#
-
-#This module requires TIDoS Framework
-#https://github.com/theInfectedDrake/TIDoS-Framework
-
-import time
-from colors import *
-
-def dispmenu():
-
- print '''
-
-\033[1;37m . + \033[1;34m ______ \033[1;37m . .
- +. \033[1;34m / ==== \ \033[1;37m . + . .
- . . \033[1;36m ,-~--------~-. \033[1;37m * +
- \033[1;36m,^\033[1;33m ___ \033[1;36m^.\033[1;37m + * . . .
- * * \033[1;36m / \033[1;33m.^ ^. \033[1;36m\ \033[1;37m . \033[1;32m _ | _
- \033[1;36m| \033[1;33m| o ! \033[1;36m|\033[1;37m . \033[1;32m __ \ /--.
- . \033[1;36m|\033[1;34m_ \033[1;33m'.___.' \033[1;34m_\033[1;36m|\033[1;37m \033[1;32mI__/_\ / )}\033[1;36m======> \033[1;37m +
- \033[1;36m| \033[1;34m"'----------------"\033[1;36m|\033[1;37m + \033[1;32m _[ _(\033[1;33m0\033[1;32m): ))\033[1;36m========>
- + . \033[1;36m! !\033[1;37m . \033[1;32mI__\ / \. ]}\033[1;36m======> \033[1;37m .
- . \033[1;36m \ \033[1;37mTIDoS Prober \033[1;36m/ \033[1;37m \033[1;32m ~^-.--'
- \033[1;36m^. .^ \033[1;37m . \033[1;32m | \033[1;37m +. *
- . \033[1;36m "-..______.,-" \033[1;37m. . *
- + . . + * .
- \033[1;33m-=[ \033[1;31mL E T S S T A R T\033[1;33m ]=-\033[1;37m
- + . ' . + +
- * . + * . * .
-'''
- print O+'\n Choose from the options below :\n'
- time.sleep(0.2)
- print B+' [1] \033[1;36mReconnaissance & OSINT'+W+' (45 modules)'
- time.sleep(0.1)
- print B+' [2] \033[1;36mScanning & Enumeration'+W+' (14 modules)'
- time.sleep(0.1)
- print B+' [3] \033[1;36mVulnerability Analysis'+W+' (35 modules)'
- time.sleep(0.1)
- print B+' [4] \033[1;36mExploitation (beta)'+W+' (only 1)'
- time.sleep(0.1)
- print B+' [5] \033[1;36mAuxillary Modules'+W+' (3 modules)\n'
- time.sleep(0.1)
- print B+' [99] \033[1;36mSay "alvida"! (Exit TIDoS)\n'
- time.sleep(0.1)
-
diff --git a/lib/bs4/beautifulsoup4.egg-info/dependency_links.txt b/core/doc/.gitignore
similarity index 100%
rename from lib/bs4/beautifulsoup4.egg-info/dependency_links.txt
rename to core/doc/.gitignore
diff --git a/core/doc/CONTRIBUTING b/core/doc/CONTRIBUTING
new file mode 100644
index 00000000..e679f8b5
--- /dev/null
+++ b/core/doc/CONTRIBUTING
@@ -0,0 +1,4 @@
+Contributing to TIDoS Framework
+---------------------------------
+
+
diff --git a/core/doc/DISCLAIMER b/core/doc/DISCLAIMER
new file mode 100644
index 00000000..17c1586e
--- /dev/null
+++ b/core/doc/DISCLAIMER
@@ -0,0 +1,4 @@
+DISCLAIMER
+----------
+
+TIDoS Attack was provided as an open-source, royalty-free penetration testing toolkit. It has capable modules in various phases which can unveil potential dangerous flaws in various web-applications which can further be exploited maliciously. Therefore the author as well as the contrbutors assume no liability for misuse of this toolkit. Usage of TIDoS Attack for testing or exploiting websites without prior mutual consent can be considered as an illegal activity. It is the final user's responsibility to obey all applicable local, state and federal laws.
diff --git a/agree b/core/doc/choice
similarity index 100%
rename from agree
rename to core/doc/choice
diff --git a/core/doc/local b/core/doc/local
new file mode 100644
index 00000000..8d1c8b69
--- /dev/null
+++ b/core/doc/local
@@ -0,0 +1 @@
+
diff --git a/core/doc/man/tidos.1 b/core/doc/man/tidos.1
new file mode 100644
index 00000000..211f0ce3
--- /dev/null
+++ b/core/doc/man/tidos.1
@@ -0,0 +1,144 @@
+.TH VAILE 1 2020-03-23 ""
+
+.SH NAME
+.P
+\fBVaile\fR — Metasploit\-like pentest framework derived from TIDoS
+
+.SH SYNOPSIS
+.P
+\fBVaile\fR [\fIOPTION\fR]...
+
+.SH DESCRIPTION
+.P
+\fBVaile\fR is a versatile collection of tools for \fIwebapp\fR security testing. It was designed in order to help penetration testers during all phases of an operation, especially reconnaissance, scanning and vulnerability analysis.
+
+.P
+It features 3 easy\-to\-use interfaces: an interactive shell, an inline CLI and a graphical user interface powered by Qt. Its modules are easily comprehensible and fully verbose, and are using \fImultiprocessing\fR to make attacking more efficient. If requested, TIDoS will also pipe attacks through \fITor\fR, rendering your attacks more anonymous and difficult to track.
+
+.P
+The \fBVaile\fR framework is module\-based, so users can easily create their own modules, or edit the built\-in ones, respecting the general structure of the already existent modules.
+
+.P
+Its structure allows it to evolve and be easily adapted to new features and modules. Currently, it has 108 modules ready to be used.
+
+.SH OPTIONS
+.P
+Running \fBVaile\fR without any argument runs an interactive, metasploit\-like shell, with all settings set to default.
+
+.TP
+You can also specify a target URL, combined with a module, to execute this module on given target in a quicker and easier way.
+\fB$ TIDoS \-v http://example.com \-l pathtrav\fR
+
+.TP
+You also can use a previously saved \fIsession\fR file as argument, to use it instead of a target URL. Sessions can (and need to) be saved with the \fBsessions\fR command.
+\fB$ TIDoS \-v saarsec \-l pathtrav \-s\fR
+
+.TP
+Using TIDoS's \fBVAL\fR file format, you can fully automate attacks, since it sets targets, modules and options automatically. Load a file up this way:
+\fB$ TIDoS \-c syn.val\fR
+
+.TP
+When attacking per CLI, you can also make use of the \fBtor\fR command to pipe attacks through the Tor network, like this:
+\fB$ TIDoS \-v http://example.com \-l pathtrav \-\-tor\fR
+
+.TP
+Finally, \fBVaile\fR can be run as a graphical user interface, using and wrapping around the core framework.
+\fB$ TIDoS \-\-app\fR
+
+.TP
+For inline help and more options, use \fBVaile \-\-help\fR
+
+.SH INTERFACE
+.P
+The main interface of \fBVaile\fR framework is its interactive, metasploit\-like console.
+
+.P
+\fBTO GET HELP\fR on a TIDoS command, you can use "\fBhelp
+
+ 
+
+ Photon
+
+
+
+Incredibly fast crawler designed for OSINT.
+ + + + + +
+ 
+ 
+ 
+ + Photon Wiki • + How To Use • + Compatibility • + Photon Library • + Contribution • + Roadmap +
+ +### Key Features + +#### Data Extraction +Photon can extract the following data while crawling: + +- URLs (in-scope & out-of-scope) +- URLs with parameters (`example.com/gallery.php?id=2`) +- Intel (emails, social media accounts, amazon buckets etc.) +- Files (pdf, png, xml etc.) +- Secret keys (auth/API keys & hashes) +- JavaScript files & Endpoints present in them +- Strings matching custom regex pattern +- Subdomains & DNS related data + +The extracted information is saved in an organized manner or can be [exported as json](https://github.com/s0md3v/Photon/wiki/Usage#export-formatted-result). + + + +#### Flexible +Control timeout, delay, add seeds, exclude URLs matching a regex pattern and other cool stuff. +The extensive range of [options](https://github.com/s0md3v/Photon/wiki/Usage) provided by Photon lets you crawl the web exactly the way you want. + +#### Genius +Photon's smart thread management & refined logic gives you top notch performance. + +Still, crawling can be resource intensive but Photon has some tricks up it's sleeves. You can fetch URLs archived by [archive.org](https://archive.org/) to be used as seeds by using `--wayback` option. + +#### Plugins +- **[wayback](https://github.com/s0md3v/Photon/wiki/Usage#use-urls-from-archiveorg-as-seeds)** +- **[dnsdumpster](https://github.com/s0md3v/Photon/wiki/Usage#dumping-dns-data)** +- **[Exporter](https://github.com/s0md3v/Photon/wiki/Usage#export-formatted-result)** + +#### Docker + +Photon can be launched using a lightweight Python-Alpine (103 MB) Docker image. + +```bash +$ git clone https://github.com/s0md3v/Photon.git +$ cd Photon +$ docker build -t photon . +$ docker run -it --name photon photon:latest -u google.com +``` + +To view results, you can either head over to the local docker volume, which you can find by running `docker inspect photon` or by mounting the target loot folder: + +```bash +$ docker run -it --name photon -v "$PWD:/Photon/google.com" photon:latest -u google.com +``` + +#### Frequent & Seamless Updates +Photon is under heavy development and updates for fixing bugs. optimizing performance & new features are being rolled regularly. + +If you would like to see features and issues that are being worked on, you can do that on [Development](https://github.com/s0md3v/Photon/projects/1) project board. + +Updates can be installed & checked for with the `--update` option. Photon has seamless update capabilities which means you can update Photon without losing any of your saved data. + +### Contribution & License +You can contribute in following ways: + +- Report bugs +- Develop plugins +- Add more "APIs" for ninja mode +- Give suggestions to make it better +- Fix issues & submit a pull request + +Please read the [guidelines](https://github.com/s0md3v/Photon/wiki/Guidelines) before submitting a pull request or issue. + +Do you want to have a conversation in private? Hit me up on my [twitter](https://twitter.com/s0md3v/), inbox is open :) + +**Photon** is licensed under [GPL v3.0 license](https://www.gnu.org/licenses/gpl-3.0.en.html) diff --git a/core/lib/Photon/core/__init__.py b/core/lib/Photon/core/__init__.py new file mode 100644 index 00000000..0d75f5e1 --- /dev/null +++ b/core/lib/Photon/core/__init__.py @@ -0,0 +1 @@ +"""The Photon core.""" diff --git a/core/lib/Photon/core/colors.py b/core/lib/Photon/core/colors.py new file mode 100644 index 00000000..f549f64b --- /dev/null +++ b/core/lib/Photon/core/colors.py @@ -0,0 +1,17 @@ +import sys + +if sys.platform.lower().startswith(('os', 'win', 'darwin', 'ios')): + # Colors shouldn't be displayed on Mac and Windows + end = red = white = green = yellow = run = bad = good = info = que = '' +else: + white = '\033[97m' + green = '\033[92m' + red = '\033[91m' + yellow = '\033[93m' + end = '\033[0m' + back = '\033[7;91m' + info = '\033[93m[!]\033[0m' + que = '\033[94m[?]\033[0m' + bad = '\033[91m[-]\033[0m' + good = '\033[92m[+]\033[0m' + run = '\033[97m[~]\033[0m' diff --git a/core/lib/Photon/core/config.py b/core/lib/Photon/core/config.py new file mode 100644 index 00000000..0a54b9ab --- /dev/null +++ b/core/lib/Photon/core/config.py @@ -0,0 +1,27 @@ +"""Configuration options for Photon.""" + +VERBOSE = False + +INTELS = [ + 'facebook.com', + 'github.com', + 'instagram.com', + 'youtube.com', +] + +BAD_TYPES = ( + 'bmp', + 'css', + 'csv', + 'docx', + 'ico', + 'jpeg', + 'jpg', + 'js', + 'json', + 'pdf', + 'png', + 'svg', + 'xls', + 'xml', +) diff --git a/core/lib/Photon/core/flash.py b/core/lib/Photon/core/flash.py new file mode 100644 index 00000000..0741fbba --- /dev/null +++ b/core/lib/Photon/core/flash.py @@ -0,0 +1,20 @@ +# from __future__ import print_function +import concurrent.futures +import sys +import os +from os import path +sys.path.append(os.path.abspath('.')) + +from .colors import info + +def flash(function, links, thread_count): + """Process the URLs and uses a threadpool to execute a function.""" + # Convert links (set) to list + links = list(links) + threadpool = concurrent.futures.ThreadPoolExecutor( + max_workers=thread_count) + futures = (threadpool.submit(function, link) for link in links) + for i, _ in enumerate(concurrent.futures.as_completed(futures)): + if i + 1 == len(links) or (i + 1) % thread_count == 0: + print('%s Progress: %i/%i' % (info, i + 1, len(links))) + print('') diff --git a/core/lib/Photon/core/mirror.py b/core/lib/Photon/core/mirror.py new file mode 100644 index 00000000..8dfebe06 --- /dev/null +++ b/core/lib/Photon/core/mirror.py @@ -0,0 +1,39 @@ +import os + + +def mirror(url, response): + if response != 'dummy': + clean_url = url.replace('http://', '').replace('https://', '').rstrip('/') + parts = clean_url.split('?')[0].split('/') + root = parts[0] + webpage = parts[-1] + parts.remove(root) + try: + parts.remove(webpage) + except ValueError: + pass + prefix = root + '_mirror' + try: + os.mkdir(prefix) + except OSError: + pass + suffix = '' + if parts: + for directory in parts: + suffix += directory + '/' + try: + os.mkdir(prefix + '/' + suffix) + except OSError: + pass + path = prefix + '/' + suffix + trail = '' + if '.' not in webpage: + trail += '.html' + if webpage == root: + name = 'index.html' + else: + name = webpage + if len(url.split('?')) > 1: + trail += '?' + url.split('?')[1] + with open(path + name + trail, 'w+') as out_file: + out_file.write(response.encode('utf-8')) diff --git a/core/lib/Photon/core/prompt.py b/core/lib/Photon/core/prompt.py new file mode 100644 index 00000000..0e3e84bf --- /dev/null +++ b/core/lib/Photon/core/prompt.py @@ -0,0 +1,22 @@ +"""Support for an input prompt.""" +import os +import tempfile + + +def prompt(default=None): + """Present the user a prompt.""" + editor = 'nano' + with tempfile.NamedTemporaryFile(mode='r+') as tmpfile: + if default: + tmpfile.write(default) + tmpfile.flush() + + child_pid = os.fork() + is_child = child_pid == 0 + + if is_child: + os.execvp(editor, [editor, tmpfile.name]) + else: + os.waitpid(child_pid, 0) + tmpfile.seek(0) + return tmpfile.read().strip() diff --git a/core/lib/Photon/core/regex.py b/core/lib/Photon/core/regex.py new file mode 100644 index 00000000..570742d8 --- /dev/null +++ b/core/lib/Photon/core/regex.py @@ -0,0 +1,234 @@ +import re + +# regex taken from https://github.com/InQuest/python-iocextract +# Reusable end punctuation regex. +END_PUNCTUATION = r"[\.\?>\"'\)!,}:;\u201d\u2019\uff1e\uff1c\]]*" + +# Reusable regex for symbols commonly used to defang. +SEPARATOR_DEFANGS = r"[\(\)\[\]{}<>\\]" + +# Split URLs on some characters that may be valid, but may also be garbage. +URL_SPLIT_STR = r"[>\"'\),};]" + +# Get basic url format, including a few obfuscation techniques, main anchor is the uri scheme. +GENERIC_URL = re.compile(r""" + ( + # Scheme. + [fhstu]\S\S?[px]s? + # One of these delimiters/defangs. + (?: + :\/\/| + :\\\\| + :?__ + ) + # Any number of defang characters. + (?: + \x20| + """ + SEPARATOR_DEFANGS + r""" + )* + # Domain/path characters. + \w + \S+? + # CISCO ESA style defangs followed by domain/path characters. + (?:\x20[\/\.][^\.\/\s]\S*?)* + ) + """ + END_PUNCTUATION + r""" + (?=\s|$) + """, re.IGNORECASE | re.VERBOSE | re.UNICODE) + +# Get some obfuscated urls, main anchor is brackets around the period. +BRACKET_URL = re.compile(r""" + \b + ( + [\.\:\/\\\w\[\]\(\)-]+ + (?: + \x20? + [\(\[] + \x20? + \. + \x20? + [\]\)] + \x20? + \S*? + )+ + ) + """ + END_PUNCTUATION + r""" + (?=\s|$) + """, re.VERBOSE | re.UNICODE) + +# Get some obfuscated urls, main anchor is backslash before a period. +BACKSLASH_URL = re.compile(r""" + \b + ( + [\:\/\\\w\[\]\(\)-]+ + (?: + \x20? + \\?\. + \x20? + \S*? + )*? + (?: + \x20? + \\\. + \x20? + \S*? + ) + (?: + \x20? + \\?\. + \x20? + \S*? + )* + ) + """ + END_PUNCTUATION + r""" + (?=\s|$) + """, re.VERBOSE | re.UNICODE) + +# Get hex-encoded urls. +HEXENCODED_URL = re.compile(r""" + ( + [46][86] + (?:[57]4)? + [57]4[57]0 + (?:[57]3)? + 3a2f2f + (?:2[356def]|3[0-9adf]|[46][0-9a-f]|[57][0-9af])+ + ) + (?:[046]0|2[0-2489a-c]|3[bce]|[57][b-e]|[8-f][0-9a-f]|0a|0d|09|[ + \x5b-\x5d\x7b\x7d\x0a\x0d\x20 + ]|$) + """, re.IGNORECASE | re.VERBOSE) + +# Get urlencoded urls. +URLENCODED_URL = re.compile(r""" + (s?[hf]t?tps?%3A%2F%2F\w[\w%-]*?)(?:[^\w%-]|$) + """, re.IGNORECASE | re.VERBOSE) + +# Get base64-encoded urls. +B64ENCODED_URL = re.compile(r""" + ( + # b64re '([hH][tT][tT][pP][sS]|[hH][tT][tT][pP]|[fF][tT][pP])://' + # Modified to ignore whitespace. + (?: + [\x2b\x2f-\x39A-Za-z]\s*[\x2b\x2f-\x39A-Za-z]\s*[\x31\x35\x39BFJNRVZdhlptx]\s*[Gm]\s*[Vd]\s*[FH]\s*[A]\s*\x36\s*L\s*y\s*[\x2b\x2f\x38-\x39]\s*| + [\x2b\x2f-\x39A-Za-z]\s*[\x2b\x2f-\x39A-Za-z]\s*[\x31\x35\x39BFJNRVZdhlptx]\s*[Io]\s*[Vd]\s*[FH]\s*[R]\s*[Qw]\s*[O]\s*i\s*\x38\s*v\s*[\x2b\x2f-\x39A-Za-z]\s*| + [\x2b\x2f-\x39A-Za-z]\s*[\x2b\x2f-\x39A-Za-z]\s*[\x31\x35\x39BFJNRVZdhlptx]\s*[Io]\s*[Vd]\s*[FH]\s*[R]\s*[Qw]\s*[Uc]\s*[z]\s*o\s*v\s*L\s*[\x2b\x2f-\x39w-z]\s*| + [\x2b\x2f-\x39A-Za-z]\s*[\x30\x32EGUWkm]\s*[Z]\s*[\x30U]\s*[Uc]\s*[D]\s*o\s*v\s*L\s*[\x2b\x2f-\x39w-z]\s*| + [\x2b\x2f-\x39A-Za-z]\s*[\x30\x32EGUWkm]\s*[h]\s*[\x30U]\s*[Vd]\s*[FH]\s*[A]\s*\x36\s*L\s*y\s*[\x2b\x2f\x38-\x39]\s*| + [\x2b\x2f-\x39A-Za-z]\s*[\x30\x32EGUWkm]\s*[h]\s*[\x30U]\s*[Vd]\s*[FH]\s*[B]\s*[Tz]\s*[O]\s*i\s*\x38\s*v\s*[\x2b\x2f-\x39A-Za-z]\s*| + [RZ]\s*[ln]\s*[R]\s*[Qw]\s*[O]\s*i\s*\x38\s*v\s*[\x2b\x2f-\x39A-Za-z]\s*| + [Sa]\s*[FH]\s*[R]\s*[\x30U]\s*[Uc]\s*[D]\s*o\s*v\s*L\s*[\x2b\x2f-\x39w-z]\s*| + [Sa]\s*[FH]\s*[R]\s*[\x30U]\s*[Uc]\s*[FH]\s*[M]\s*\x36\s*L\s*y\s*[\x2b\x2f\x38-\x39]\s* + ) + # Up to 260 characters (pre-encoding, reasonable URL length). + [A-Za-z0-9+/=\s]{1,357} + ) + (?=[^A-Za-z0-9+/=\s]|$) + """, re.VERBOSE) + +# Get some valid obfuscated ip addresses. +IPV4 = re.compile(r""" + (?:^| + (?![^\d\.]) + ) + (?: + (?:[1-9]?\d|1\d\d|2[0-4]\d|25[0-5]) + [\[\(\\]*?\.[\]\)]*? + ){3} + (?:[1-9]?\d|1\d\d|2[0-4]\d|25[0-5]) + (?:(?=[^\d\.])|$) + """, re.VERBOSE) + +# Experimental IPv6 regex, will not catch everything but should be sufficent for now. +IPV6 = re.compile(r""" + \b(?:[a-f0-9]{1,4}:|:){2,7}(?:[a-f0-9]{1,4}|:)\b + """, re.IGNORECASE | re.VERBOSE) + +# Capture email addresses including common defangs. +EMAIL = re.compile(r""" + ( + [a-z0-9_.+-]+ + [\(\[{\x20]* + (?:@|\Wat\W) + [\)\]}\x20]* + [a-z0-9-]+ + (?: + (?: + (?: + \x20* + """ + SEPARATOR_DEFANGS + r""" + \x20* + )* + \. + (?: + \x20* + """ + SEPARATOR_DEFANGS + r""" + \x20* + )* + | + \W+dot\W+ + ) + [a-z0-9-]+? + )+ + ) + """ + END_PUNCTUATION + r""" + (?=\s|$) + """, re.IGNORECASE | re.VERBOSE | re.UNICODE) + +MD5 = re.compile(r"(?:[^a-fA-F\d]|\b)([a-fA-F\d]{32})(?:[^a-fA-F\d]|\b)") +SHA1 = re.compile(r"(?:[^a-fA-F\d]|\b)([a-fA-F\d]{40})(?:[^a-fA-F\d]|\b)") +SHA256 = re.compile(r"(?:[^a-fA-F\d]|\b)([a-fA-F\d]{64})(?:[^a-fA-F\d]|\b)") +SHA512 = re.compile( + r"(?:[^a-fA-F\d]|\b)([a-fA-F\d]{128})(?:[^a-fA-F\d]|\b)") + +# YARA regex. +YARA_PARSE = re.compile(r""" + (?:^|\s) + ( + (?: + \s*?import\s+?"[^\r\n]*?[\r\n]+| + \s*?include\s+?"[^\r\n]*?[\r\n]+| + \s*?//[^\r\n]*[\r\n]+| + \s*?/\*.*?\*/\s*? + )* + (?: + \s*?private\s+| + \s*?global\s+ + )* + rule\s*? + \w+\s*? + (?: + :[\s\w]+ + )? + \s+\{ + .*? + condition\s*?: + .*? + \s*\} + ) + (?:$|\s) + """, re.MULTILINE | re.DOTALL | re.VERBOSE) + +CREDIT_CARD = re.compile(r"[0-9]{4}[ ]?[-]?[0-9]{4}[ ]?[-]?[0-9]{4}[ ]?[-]?[0-9]{4}") + +rintels = [(GENERIC_URL, "GENERIC_URL"), + (BRACKET_URL, "BRACKET_URL"), + (BACKSLASH_URL, "BACKSLASH_URL"), + (HEXENCODED_URL, "HEXENCODED_URL"), + (URLENCODED_URL, "URLENCODED_URL"), + (B64ENCODED_URL, "B64ENCODED_URL"), + (IPV4, "IPV4"), + (IPV6, "IPV6"), + (EMAIL, "EMAIL"), + (MD5, "MD5"), + (SHA1, "SHA1"), + (SHA256, "SHA256"), + (SHA512, "SHA512"), + (YARA_PARSE, "YARA_PARSE"), + (CREDIT_CARD, "CREDIT_CARD")] + + +rscript = re.compile(r'<(script|SCRIPT).*(src|SRC)=([^\s>]+)') +rhref = re.compile(r'<[aA].*(href|HREF)=([^\s>]+)') +rendpoint = re.compile(r'[\'"](/.*?)[\'"]|[\'"](http.*?)[\'"]') +rentropy = re.compile(r'[\w-]{16,45}') diff --git a/core/lib/Photon/core/requester.py b/core/lib/Photon/core/requester.py new file mode 100644 index 00000000..9711c18e --- /dev/null +++ b/core/lib/Photon/core/requester.py @@ -0,0 +1,72 @@ +import random +import time + +import requests +from requests.exceptions import TooManyRedirects + + +SESSION = requests.Session() +SESSION.max_redirects = 3 + +def requester( + url, + main_url=None, + delay=0, + cook=None, + headers=None, + timeout=10, + host=None, + proxies=[None], + user_agents=[None], + failed=None, + processed=None + ): + """Handle the requests and return the response body.""" + cook = cook or set() + headers = headers or set() + user_agents = user_agents or ['Photon'] + failed = failed or set() + processed = processed or set() + # Mark the URL as crawled + processed.add(url) + # Pause/sleep the program for specified time + time.sleep(delay) + + def make_request(url): + """Default request""" + final_headers = headers or { + 'Host': host, + # Selecting a random user-agent + 'User-Agent': random.choice(user_agents), + 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', + 'Accept-Language': 'en-US,en;q=0.5', + 'Accept-Encoding': 'gzip', + 'DNT': '1', + 'Connection': 'close', + } + try: + response = SESSION.get( + url, + cookies=cook, + headers=final_headers, + verify=False, + timeout=timeout, + stream=True, + proxies=random.choice(proxies) + ) + except TooManyRedirects: + return 'dummy' + + if 'text/html' in response.headers['content-type'] or \ + 'text/plain' in response.headers['content-type']: + if response.status_code != '404': + return response.text + else: + response.close() + failed.add(url) + return 'dummy' + else: + response.close() + return 'dummy' + + return make_request(url) diff --git a/core/lib/Photon/core/updater.py b/core/lib/Photon/core/updater.py new file mode 100644 index 00000000..3583923e --- /dev/null +++ b/core/lib/Photon/core/updater.py @@ -0,0 +1,43 @@ +import os +import re +import sys +from os import path +sys.path.append(os.path.abspath('.')) + +from .colors import run, que, good, green, end, info +from .requester import requester + + +def updater(): + """Update the current installation. + + git clones the latest version and merges it with the current directory. + """ + print('%s Checking for updates' % run) + # Changes must be separated by ; + changes = '''major bug fixes;removed ninja mode;dropped python < 3.2 support;fixed unicode output;proxy support;more intels''' + latest_commit = requester('https://raw.githubusercontent.com/s0md3v/Photon/master/core/updater.py', host='raw.githubusercontent.com') + # Just a hack to see if a new version is available + if changes not in latest_commit: + changelog = re.search(r"changes = '''(.*?)'''", latest_commit) + # Splitting the changes to form a list + changelog = changelog.group(1).split(';') + print('%s A new version of Photon is available.' % good) + print('%s Changes:' % info) + for change in changelog: # print changes + print('%s>%s %s' % (green, end, change)) + + current_path = os.getcwd().split('/') # if you know it, you know it + folder = current_path[-1] # current directory name + path = '/'.join(current_path) # current directory path + choice = input('%s Would you like to update? [Y/n] ' % que).lower() + + if choice != 'n': + print('%s Updating Photon' % run) + os.system('git clone --quiet https://github.com/s0md3v/Photon %s' + % (folder)) + os.system('cp -r %s/%s/* %s && rm -r %s/%s/ 2>/dev/null' + % (path, folder, path, path, folder)) + print('%s Update successful!' % good) + else: + print('%s Photon is up to date!' % good) diff --git a/core/lib/Photon/core/user-agents.txt b/core/lib/Photon/core/user-agents.txt new file mode 100644 index 00000000..dc25d833 --- /dev/null +++ b/core/lib/Photon/core/user-agents.txt @@ -0,0 +1,18 @@ +Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en] +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705) +Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) +Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html) +Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) +Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9 +Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246 +Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FSL 7.0.7.01001) +Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0.1 +Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1 +Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02 +Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36 +Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) +Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 +Mozilla/5.0 (X11; CrOS x86_64 8172.45.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.64 Safari/537.36 +Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1 +Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.8) Gecko/20100723 Ubuntu/10.04 (lucid) Firefox/3.6.8 +Opera/9.80 (Windows NT 5.1; U; en) Presto/2.10.289 Version/12.01 diff --git a/core/lib/Photon/core/utils.py b/core/lib/Photon/core/utils.py new file mode 100644 index 00000000..3c6a7fe4 --- /dev/null +++ b/core/lib/Photon/core/utils.py @@ -0,0 +1,208 @@ +import requests +import math +import os.path +import re +import argparse +import sys +sys.path.append(os.path.abspath('.')) + +import tld + +from .colors import info +from .config import VERBOSE, BAD_TYPES + +from urllib.parse import urlparse + + +def regxy(pattern, response, supress_regex, custom): + """Extract a string based on regex pattern supplied by user.""" + try: + matches = re.findall(r'%s' % pattern, response) + for match in matches: + verb('Custom regex', match) + custom.add(match) + except: + supress_regex = True + + +def is_link(url, processed, files): + """ + Determine whether or not a link should be crawled + A url should not be crawled if it + - Is a file + - Has already been crawled + + Args: + url: str Url to be processed + processed: list[str] List of urls that have already been crawled + + Returns: + bool If `url` should be crawled + """ + if url not in processed: + if url.startswith('#') or url.startswith('javascript:'): + return False + is_file = url.endswith(BAD_TYPES) + if is_file: + files.add(url) + return False + return True + return False + + +def remove_regex(urls, regex): + """ + Parse a list for non-matches to a regex. + + Args: + urls: iterable of urls + regex: string regex to be parsed for + + Returns: + list of strings not matching regex + """ + + if not regex: + return urls + + # To avoid iterating over the characters of a string + if not isinstance(urls, (list, set, tuple)): + urls = [urls] + + try: + non_matching_urls = [url for url in urls if not re.search(regex, url)] + except TypeError: + return [] + + return non_matching_urls + + +def writer(datasets, dataset_names, output_dir): + """Write the results.""" + for dataset, dataset_name in zip(datasets, dataset_names): + if dataset: + filepath = output_dir + '/' + dataset_name + '.txt' + with open(filepath, 'w+') as out_file: + joined = '\n'.join(dataset) + out_file.write(str(joined.encode('utf-8').decode('utf-8'))) + out_file.write('\n') + + +def timer(diff, processed): + """Return the passed time.""" + # Changes seconds into minutes and seconds + minutes, seconds = divmod(diff, 60) + try: + # Finds average time taken by requests + time_per_request = diff / float(len(processed)) + except ZeroDivisionError: + time_per_request = 0 + return minutes, seconds, time_per_request + + +def entropy(string): + """Calculate the entropy of a string.""" + entropy = 0 + for number in range(256): + result = float(string.encode('utf-8').count( + chr(number))) / len(string.encode('utf-8')) + if result != 0: + entropy = entropy - result * math.log(result, 2) + return entropy + + +def xml_parser(response): + """Extract links from .xml files.""" + # Regex for extracting URLs + return re.findall(r'(.*?)
', response)
+ for match in matches:
+ result.add(match.replace(' ', '').replace('\n', ''))
+ return list(result)
diff --git a/core/lib/Photon/plugins/wayback.py b/core/lib/Photon/plugins/wayback.py
new file mode 100644
index 00000000..d15942f6
--- /dev/null
+++ b/core/lib/Photon/plugins/wayback.py
@@ -0,0 +1,22 @@
+"""Support for archive.org."""
+import datetime
+import json
+
+from requests import get
+
+
+def time_machine(host, mode):
+ """Query archive.org."""
+ now = datetime.datetime.now()
+ to = str(now.year) + str(now.day) + str(now.month)
+ if now.month > 6:
+ fro = str(now.year) + str(now.day) + str(now.month - 6)
+ else:
+ fro = str(now.year - 1) + str(now.day) + str(now.month + 6)
+ url = "http://web.archive.org/cdx/search?url=%s&matchType=%s&collapse=urlkey&fl=original&filter=mimetype:text/html&filter=statuscode:200&output=json&from=%s&to=%s" % (host, mode, fro, to)
+ response = get(url).text
+ parsed = json.loads(response)[1:]
+ urls = []
+ for item in parsed:
+ urls.append(item[0])
+ return urls
diff --git a/core/lib/Photon/requirements.txt b/core/lib/Photon/requirements.txt
new file mode 100644
index 00000000..19be6bc4
--- /dev/null
+++ b/core/lib/Photon/requirements.txt
@@ -0,0 +1,4 @@
+requests
+requests[socks]
+urllib3
+tld
\ No newline at end of file
diff --git a/core/lib/__pycache__/FileUtils.cpython-37.pyc b/core/lib/__pycache__/FileUtils.cpython-37.pyc
new file mode 100644
index 00000000..df4f5d53
Binary files /dev/null and b/core/lib/__pycache__/FileUtils.cpython-37.pyc differ
diff --git a/core/lib/dnsdump_mod/DNSDumpsterAPI.py b/core/lib/dnsdump_mod/DNSDumpsterAPI.py
new file mode 100644
index 00000000..685884ff
--- /dev/null
+++ b/core/lib/dnsdump_mod/DNSDumpsterAPI.py
@@ -0,0 +1,118 @@
+"""
+This is the (unofficial) Python API for dnsdumpster.com Website.
+Using this code, you can retrieve subdomains
+
+"""
+
+
+import requests
+import re
+import sys
+
+from bs4 import BeautifulSoup
+
+
+class DNSDumpsterAPI(object):
+
+ """DNSDumpsterAPI Main Handler"""
+
+ def __init__(self, verbose=False):
+ self.verbose = verbose
+
+ def display_message(self, s):
+ if self.verbose:
+ print('[verbose] %s' % s)
+
+
+ def retrieve_results(self, table):
+ res = []
+ trs = table.findAll('tr')
+ for tr in trs:
+ tds = tr.findAll('td')
+ pattern_ip = r'([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})'
+ ip = re.findall(pattern_ip, tds[1].text)[0]
+ domain = tds[0].text.replace('\n', '').split(' ')[0]
+ header = ' '.join(tds[0].text.replace('\n', '').split(' ')[1:])
+ reverse_dns = tds[1].find('span', attrs={}).text
+
+ additional_info = tds[2].text
+ country = tds[2].find('span', attrs={}).text
+ autonomous_system = additional_info.split(' ')[0]
+ provider = ' '.join(additional_info.split(' ')[1:])
+ provider = provider.replace(country, '')
+ data = {'domain': domain,
+ 'ip': ip,
+ 'reverse_dns': reverse_dns,
+ 'as': autonomous_system,
+ 'provider': provider,
+ 'country': country,
+ 'header': header}
+ res.append(data)
+ return res
+
+ def retrieve_txt_record(self, table):
+ res = []
+ for td in table.findAll('td'):
+ res.append(td.text)
+ return res
+
+
+ def search(self, domain):
+ dnsdumpster_url = 'https://dnsdumpster.com/'
+ s = requests.session()
+
+ req = s.get(dnsdumpster_url)
+ soup = BeautifulSoup(req.content, 'html.parser')
+ csrf_middleware = soup.findAll('input', attrs={'name': 'csrfmiddlewaretoken'})[0]['value']
+ self.display_message('Retrieved token: %s' % csrf_middleware)
+
+ cookies = {'csrftoken': csrf_middleware}
+ headers = {'Referer': dnsdumpster_url}
+ data = {'csrfmiddlewaretoken': csrf_middleware, 'targetip': domain}
+ req = s.post(dnsdumpster_url, cookies=cookies, data=data, headers=headers)
+
+ if req.status_code != 200:
+ print(
+ u"Unexpected status code from {url}: {code}".format(
+ url=dnsdumpster_url, code=req.status_code),
+ file=sys.stderr,
+ )
+ return []
+
+ if 'error' in req.content.decode('utf-8'):
+ print("There was an error getting results", file=sys.stderr)
+ return []
+
+ soup = BeautifulSoup(req.content, 'html.parser')
+ tables = soup.findAll('table')
+
+ res = {}
+ res['domain'] = domain
+ res['dns_records'] = {}
+ res['dns_records']['dns'] = self.retrieve_results(tables[0])
+ res['dns_records']['mx'] = self.retrieve_results(tables[1])
+ res['dns_records']['txt'] = self.retrieve_txt_record(tables[2])
+ res['dns_records']['host'] = self.retrieve_results(tables[3])
+
+ # Network mapping image
+ try:
+ val = soup.find('img', attrs={'class': 'img-responsive'})['src']
+ tmp_url = '{}{}'.format(dnsdumpster_url, val)
+ image_data = requests.get(tmp_url).content.encode('base64')
+ except:
+ image_data = None
+ finally:
+ res['image_data'] = image_data
+
+ # XLS hosts.
+ # eg. tsebo.com-201606131255.xlsx
+ try:
+ pattern = r'https://dnsdumpster.com/static/xls/' + domain + '-[0-9]{12}\.xlsx'
+ xls_url = re.findall(pattern, req.content)[0]
+ xls_data = requests.get(xls_url).content.encode('base64')
+ except:
+ xls_data = None
+ finally:
+ res['xls_data'] = xls_data
+
+ return res
diff --git a/core/lib/dnsdump_mod/DNSDumpsterAPI.pyc b/core/lib/dnsdump_mod/DNSDumpsterAPI.pyc
new file mode 100644
index 00000000..1ff1af6d
Binary files /dev/null and b/core/lib/dnsdump_mod/DNSDumpsterAPI.pyc differ
diff --git a/core/lib/dnsdump_mod/__init__.py b/core/lib/dnsdump_mod/__init__.py
new file mode 100644
index 00000000..d493f670
--- /dev/null
+++ b/core/lib/dnsdump_mod/__init__.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+# coding: utf-8
+
+#-:-:-:-:-:-:-:-:-:-:-:-:#
+# TIDoS Framework #
+#-:-:-:-:-:-:-:-:-:-:-:-:#
+
+#This module requires TIDoS Framework
+#https://github.com/0xInfection/TIDoS-Framework
+
+pass
diff --git a/core/lib/dnsdump_mod/__init__.pyc b/core/lib/dnsdump_mod/__init__.pyc
new file mode 100644
index 00000000..382a88d4
Binary files /dev/null and b/core/lib/dnsdump_mod/__init__.pyc differ
diff --git a/core/lib/dnsdump_mod/__pycache__/DNSDumpsterAPI.cpython-37.pyc b/core/lib/dnsdump_mod/__pycache__/DNSDumpsterAPI.cpython-37.pyc
new file mode 100644
index 00000000..949722c7
Binary files /dev/null and b/core/lib/dnsdump_mod/__pycache__/DNSDumpsterAPI.cpython-37.pyc differ
diff --git a/core/lib/dnsdump_mod/__pycache__/__init__.cpython-37.pyc b/core/lib/dnsdump_mod/__pycache__/__init__.cpython-37.pyc
new file mode 100644
index 00000000..57599102
Binary files /dev/null and b/core/lib/dnsdump_mod/__pycache__/__init__.cpython-37.pyc differ
diff --git a/lib/emailprotectionslib/build/lib.linux-x86_64-2.7/emailprotectionslib/Resolver.py b/core/lib/emailprotectionslib/Resolver.py
similarity index 100%
rename from lib/emailprotectionslib/build/lib.linux-x86_64-2.7/emailprotectionslib/Resolver.py
rename to core/lib/emailprotectionslib/Resolver.py
diff --git a/lib/emailprotectionslib/build/lib.linux-x86_64-2.7/emailprotectionslib/__init__.py b/core/lib/emailprotectionslib/__init__.py
similarity index 100%
rename from lib/emailprotectionslib/build/lib.linux-x86_64-2.7/emailprotectionslib/__init__.py
rename to core/lib/emailprotectionslib/__init__.py
diff --git a/core/lib/emailprotectionslib/__pycache__/Resolver.cpython-37.pyc b/core/lib/emailprotectionslib/__pycache__/Resolver.cpython-37.pyc
new file mode 100644
index 00000000..734904d8
Binary files /dev/null and b/core/lib/emailprotectionslib/__pycache__/Resolver.cpython-37.pyc differ
diff --git a/core/lib/emailprotectionslib/__pycache__/__init__.cpython-37.pyc b/core/lib/emailprotectionslib/__pycache__/__init__.cpython-37.pyc
new file mode 100644
index 00000000..66706854
Binary files /dev/null and b/core/lib/emailprotectionslib/__pycache__/__init__.cpython-37.pyc differ
diff --git a/core/lib/emailprotectionslib/__pycache__/dmarc.cpython-37.pyc b/core/lib/emailprotectionslib/__pycache__/dmarc.cpython-37.pyc
new file mode 100644
index 00000000..b8ee7b5c
Binary files /dev/null and b/core/lib/emailprotectionslib/__pycache__/dmarc.cpython-37.pyc differ
diff --git a/core/lib/emailprotectionslib/__pycache__/spf.cpython-37.pyc b/core/lib/emailprotectionslib/__pycache__/spf.cpython-37.pyc
new file mode 100644
index 00000000..6a3b8de5
Binary files /dev/null and b/core/lib/emailprotectionslib/__pycache__/spf.cpython-37.pyc differ
diff --git a/core/lib/emailprotectionslib/dmarc.py b/core/lib/emailprotectionslib/dmarc.py
new file mode 100644
index 00000000..29a13f94
--- /dev/null
+++ b/core/lib/emailprotectionslib/dmarc.py
@@ -0,0 +1,150 @@
+import re
+import logging
+import core.lib.emailprotectionslib.Resolver
+import tldextract
+
+
+class DmarcRecord(object):
+
+ def __init__(self, domain):
+ self.domain = domain
+ self.version = None
+ self.policy = None
+ self.pct = None
+ self.rua = None
+ self.ruf = None
+ self.subdomain_policy = None
+ self.dkim_alignment = None
+ self.spf_alignment = None
+ self.record = None
+
+ def __str__(self):
+ return self.record
+
+ def __eq__(self, other):
+ return self.__dict__ == other.__dict__
+
+ def _store_tag_data(self, tag_name, tag_value):
+ if tag_name == "v":
+ self.version = tag_value
+ elif tag_name == "p":
+ self.policy = tag_value
+ elif tag_name == "pct":
+ self.pct = tag_value
+ elif tag_name == "rua":
+ self.rua = tag_value
+ elif tag_name == "ruf":
+ self.ruf = tag_value
+ elif tag_name == "sp":
+ self.subdomain_policy = tag_value
+ elif tag_name == "adkim":
+ self.dkim_alignment = tag_value
+ elif tag_name == "aspf":
+ self.spf_alignment = tag_value
+
+ def process_tags(self, dmarc_string):
+ TAG_NAME, TAG_VALUE = (0, 1)
+ tags = _extract_tags(dmarc_string)
+ for tag in tags:
+ self._store_tag_data(tag[TAG_NAME], tag[TAG_VALUE])
+
+ def is_record_strong(self):
+ record_strong = False
+ if self.policy is not None and (self.policy == "reject" or self.policy == "quarantine"):
+ record_strong = True
+
+ if not record_strong:
+ try:
+ record_strong = self.is_org_domain_strong()
+ except OrgDomainException:
+ record_strong = False
+
+ return record_strong
+
+ def is_subdomain_policy_strong(self):
+ if self.subdomain_policy is not None:
+ return self.subdomain_policy == "reject" or self.subdomain_policy == "quarantine"
+
+ def is_org_domain_strong(self):
+ org_record = self.get_org_record()
+ subdomain_policy_strong = org_record.is_subdomain_policy_strong()
+ if subdomain_policy_strong is not None:
+ return subdomain_policy_strong
+ else:
+ return org_record.is_record_strong()
+
+ def get_org_record(self):
+ org_domain = self.get_org_domain()
+ if org_domain == self.domain:
+ raise OrgDomainException
+ else:
+ return DmarcRecord.from_domain(org_domain)
+
+ def get_org_domain(self):
+ try:
+ domain_parts = tldextract.extract(self.domain)
+ return "%(domain)s.%(tld)s" % {'domain': domain_parts.domain, 'tld': domain_parts.suffix}
+ except TypeError:
+ return None
+
+ @staticmethod
+ def from_dmarc_string(dmarc_string, domain):
+ if dmarc_string is not None:
+ dmarc_record = DmarcRecord(domain)
+ dmarc_record.record = dmarc_string
+ dmarc_record.process_tags(dmarc_string)
+ return dmarc_record
+ else:
+ return DmarcRecord(domain)
+
+ @staticmethod
+ def from_domain(domain):
+ dmarc_string = get_dmarc_string_for_domain(domain)
+ if dmarc_string is not None:
+ return DmarcRecord.from_dmarc_string(dmarc_string, domain)
+ else:
+ return DmarcRecord(domain)
+
+
+def _extract_tags(dmarc_record):
+ dmarc_pattern = "(\w+)=(.*?)(?:; ?|$)"
+ return re.findall(dmarc_pattern, dmarc_record)
+
+
+def _merge_txt_record_strings(txt_record):
+ # DMARC spec requires that TXT records containing multiple strings be cat'd together.
+ string_pattern = re.compile('"([^"]*)"')
+ txt_record_strings = string_pattern.findall(txt_record)
+ return "".join(txt_record_strings)
+
+
+def _match_dmarc_record(txt_record):
+ merged_txt_record = _merge_txt_record_strings(txt_record)
+ dmarc_pattern = re.compile('^(v=DMARC.*)')
+ potential_dmarc_match = dmarc_pattern.match(str(merged_txt_record))
+ return potential_dmarc_match
+
+
+def _find_record_from_answers(txt_records):
+ dmarc_record = None
+ for record in txt_records:
+ potential_match = _match_dmarc_record(record[2])
+ if potential_match is not None:
+ dmarc_record = potential_match.group(1)
+ return dmarc_record
+
+
+def get_dmarc_string_for_domain(domain):
+ try:
+ txt_records = Resolver.resolver().query("_dmarc." + domain, query_type="TXT")
+ return _find_record_from_answers(txt_records)
+ except IOError:
+ # This is returned usually as a NXDOMAIN, which is expected.
+ return None
+ except TypeError as error:
+ logging.exception(error)
+ return None
+
+
+class OrgDomainException(Exception):
+ pass
diff --git a/core/lib/emailprotectionslib/spf.py b/core/lib/emailprotectionslib/spf.py
new file mode 100644
index 00000000..e2c4d70d
--- /dev/null
+++ b/core/lib/emailprotectionslib/spf.py
@@ -0,0 +1,192 @@
+import re
+import logging
+import core.lib.emailprotectionslib.Resolver
+
+
+class SpfRecord(object):
+
+ def __init__(self, domain):
+ self.version = None
+ self.record = None
+ self.mechanisms = None
+ self.all_string = None
+ self.domain = domain
+ self.recursion_depth = 0
+
+ def __str__(self):
+ return self.record
+
+ def __eq__(self, other):
+ return self.__dict__ == other.__dict__
+
+ def get_redirected_record(self):
+ if self.recursion_depth >= 10:
+ return SpfRecord(self.get_redirect_domain())
+ else:
+ redirect_domain = self.get_redirect_domain()
+ if redirect_domain is not None:
+ redirect_record = SpfRecord.from_domain(redirect_domain)
+ redirect_record.recursion_depth = self.recursion_depth + 1
+ return redirect_record
+
+ def get_redirect_domain(self):
+ redirect_domain = None
+ if self.mechanisms is not None:
+ for mechanism in self.mechanisms:
+ redirect_mechanism = re.match('redirect=(.*)', mechanism)
+ if redirect_mechanism is not None:
+ redirect_domain = redirect_mechanism.group(1)
+ return redirect_domain
+
+ def get_include_domains(self):
+ include_domains = []
+ if self.mechanisms is not None:
+ for mechanism in self.mechanisms:
+ include_mechanism = re.match('include:(.*)', mechanism)
+ if include_mechanism is not None:
+ include_domains.append(include_mechanism.group(1))
+ return include_domains
+ else:
+ return []
+
+ def get_include_records(self):
+ if self.recursion_depth >= 10:
+ return {}
+ else:
+ include_domains = self.get_include_domains()
+ include_records = {}
+ for domain in include_domains:
+ try:
+ include_records[domain] = SpfRecord.from_domain(domain)
+ include_records[domain].recursion_depth = self.recursion_depth + 1
+ except IOError as e:
+ logging.exception(e)
+ include_records[domain] = None
+ return include_records
+
+ def _is_all_mechanism_strong(self):
+ strong_spf_all_string = True
+ if self.all_string is not None:
+ if not (self.all_string == "~all" or self.all_string == "-all"):
+ strong_spf_all_string = False
+ else:
+ strong_spf_all_string = False
+ return strong_spf_all_string
+
+ def _is_redirect_mechanism_strong(self):
+ redirect_domain = self.get_redirect_domain()
+
+ if redirect_domain is not None:
+ redirect_mechanism = SpfRecord.from_domain(redirect_domain)
+
+ if redirect_mechanism is not None:
+ return redirect_mechanism.is_record_strong()
+ else:
+ return False
+ else:
+ return False
+
+ def _are_include_mechanisms_strong(self):
+ include_records = self.get_include_records()
+ for record in include_records:
+ if include_records[record] is not None and include_records[record].is_record_strong():
+ return True
+ return False
+
+ def is_record_strong(self):
+ strong_spf_record = self._is_all_mechanism_strong()
+ if strong_spf_record is False:
+
+ redirect_strength = self._is_redirect_mechanism_strong()
+ include_strength = self._are_include_mechanisms_strong()
+
+ strong_spf_record = False
+
+ if redirect_strength is True:
+ strong_spf_record = True
+
+ if include_strength is True:
+ strong_spf_record = True
+ return strong_spf_record
+
+ @staticmethod
+ def from_spf_string(spf_string, domain):
+ if spf_string is not None:
+ spf_record = SpfRecord(domain)
+ spf_record.record = spf_string
+ spf_record.mechanisms = _extract_mechanisms(spf_string)
+ spf_record.version = _extract_version(spf_string)
+ spf_record.all_string = _extract_all_mechanism(spf_record.mechanisms)
+ return spf_record
+ else:
+ return SpfRecord(domain)
+
+ @staticmethod
+ def from_domain(domain):
+ spf_string = get_spf_string_for_domain(domain)
+ if spf_string is not None:
+ return SpfRecord.from_spf_string(spf_string, domain)
+ else:
+ return SpfRecord(domain)
+
+
+def _extract_version(spf_string):
+ version_pattern = "^v=(spf.)"
+ version_match = re.match(version_pattern, spf_string)
+ if version_match is not None:
+ return version_match.group(1)
+ else:
+ return None
+
+
+def _extract_all_mechanism(mechanisms):
+ all_mechanism = None
+ for mechanism in mechanisms:
+ if re.match(".all", mechanism):
+ all_mechanism = mechanism
+ return all_mechanism
+
+
+def _find_unique_mechanisms(initial_mechanisms, redirected_mechanisms):
+ return [x for x in redirected_mechanisms if x not in initial_mechanisms]
+
+
+def _extract_mechanisms(spf_string):
+ spf_mechanism_pattern = ("(?:((?:\+|-|~)?(?:a|mx|ptr|include"
+ "|ip4|ip6|exists|redirect|exp|all)"
+ "(?:(?::|=|/)?(?:\S*))?) ?)")
+ spf_mechanisms = re.findall(spf_mechanism_pattern, spf_string)
+
+ return spf_mechanisms
+
+
+def _merge_txt_record_strings(txt_record):
+ # SPF spec requires that TXT records containing multiple strings be cat'd together.
+ string_pattern = re.compile('"([^"]*)"')
+ txt_record_strings = string_pattern.findall(txt_record)
+ return "".join(txt_record_strings)
+
+
+def _match_spf_record(txt_record):
+ clean_txt_record = _merge_txt_record_strings(txt_record)
+ spf_pattern = re.compile('^(v=spf.*)')
+ potential_spf_match = spf_pattern.match(str(clean_txt_record))
+ return potential_spf_match
+
+
+def _find_record_from_answers(txt_records):
+ spf_record = None
+ for record in txt_records:
+ potential_match = _match_spf_record(record[2])
+ if potential_match is not None:
+ spf_record = potential_match.group(1)
+ return spf_record
+
+
+def get_spf_string_for_domain(domain):
+ try:
+ txt_records = Resolver.resolver().query(domain, query_type="TXT")
+ return _find_record_from_answers(txt_records)
+ except IOError as e:
+ # This is returned usually as a NXDOMAIN, which is expected.
+ return None
diff --git a/lib/mechanize/mechanize/__init__.py b/core/lib/mechanize/__init__.py
similarity index 100%
rename from lib/mechanize/mechanize/__init__.py
rename to core/lib/mechanize/__init__.py
diff --git a/core/lib/mechanize/__pycache__/__init__.cpython-37.pyc b/core/lib/mechanize/__pycache__/__init__.cpython-37.pyc
new file mode 100644
index 00000000..087638ec
Binary files /dev/null and b/core/lib/mechanize/__pycache__/__init__.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_auth.cpython-37.pyc b/core/lib/mechanize/__pycache__/_auth.cpython-37.pyc
new file mode 100644
index 00000000..a8c0b601
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_auth.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_clientcookie.cpython-37.pyc b/core/lib/mechanize/__pycache__/_clientcookie.cpython-37.pyc
new file mode 100644
index 00000000..7d3e703b
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_clientcookie.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_debug.cpython-37.pyc b/core/lib/mechanize/__pycache__/_debug.cpython-37.pyc
new file mode 100644
index 00000000..c7d9a56d
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_debug.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_entities.cpython-37.pyc b/core/lib/mechanize/__pycache__/_entities.cpython-37.pyc
new file mode 100644
index 00000000..d424ad30
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_entities.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_equiv.cpython-37.pyc b/core/lib/mechanize/__pycache__/_equiv.cpython-37.pyc
new file mode 100644
index 00000000..3ecfd596
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_equiv.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_form.cpython-37.pyc b/core/lib/mechanize/__pycache__/_form.cpython-37.pyc
new file mode 100644
index 00000000..0b311a2d
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_form.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_form_controls.cpython-37.pyc b/core/lib/mechanize/__pycache__/_form_controls.cpython-37.pyc
new file mode 100644
index 00000000..4389b7da
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_form_controls.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_gzip.cpython-37.pyc b/core/lib/mechanize/__pycache__/_gzip.cpython-37.pyc
new file mode 100644
index 00000000..4bacbfa9
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_gzip.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_headersutil.cpython-37.pyc b/core/lib/mechanize/__pycache__/_headersutil.cpython-37.pyc
new file mode 100644
index 00000000..dfd08984
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_headersutil.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_html.cpython-37.pyc b/core/lib/mechanize/__pycache__/_html.cpython-37.pyc
new file mode 100644
index 00000000..f17b847f
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_html.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_http.cpython-37.pyc b/core/lib/mechanize/__pycache__/_http.cpython-37.pyc
new file mode 100644
index 00000000..80f60ed0
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_http.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_mechanize.cpython-37.pyc b/core/lib/mechanize/__pycache__/_mechanize.cpython-37.pyc
new file mode 100644
index 00000000..f878d1d6
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_mechanize.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_opener.cpython-37.pyc b/core/lib/mechanize/__pycache__/_opener.cpython-37.pyc
new file mode 100644
index 00000000..c3e94a7a
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_opener.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_request.cpython-37.pyc b/core/lib/mechanize/__pycache__/_request.cpython-37.pyc
new file mode 100644
index 00000000..562fd545
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_request.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_response.cpython-37.pyc b/core/lib/mechanize/__pycache__/_response.cpython-37.pyc
new file mode 100644
index 00000000..50ddeb47
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_response.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_rfc3986.cpython-37.pyc b/core/lib/mechanize/__pycache__/_rfc3986.cpython-37.pyc
new file mode 100644
index 00000000..453d0efb
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_rfc3986.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_sockettimeout.cpython-37.pyc b/core/lib/mechanize/__pycache__/_sockettimeout.cpython-37.pyc
new file mode 100644
index 00000000..152ad1ce
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_sockettimeout.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_urllib2.cpython-37.pyc b/core/lib/mechanize/__pycache__/_urllib2.cpython-37.pyc
new file mode 100644
index 00000000..42cbac8f
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_urllib2.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_urllib2_fork.cpython-37.pyc b/core/lib/mechanize/__pycache__/_urllib2_fork.cpython-37.pyc
new file mode 100644
index 00000000..2fae671f
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_urllib2_fork.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_useragent.cpython-37.pyc b/core/lib/mechanize/__pycache__/_useragent.cpython-37.pyc
new file mode 100644
index 00000000..69c2f585
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_useragent.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_util.cpython-37.pyc b/core/lib/mechanize/__pycache__/_util.cpython-37.pyc
new file mode 100644
index 00000000..d3e82356
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_util.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/_version.cpython-37.pyc b/core/lib/mechanize/__pycache__/_version.cpython-37.pyc
new file mode 100644
index 00000000..53ecad65
Binary files /dev/null and b/core/lib/mechanize/__pycache__/_version.cpython-37.pyc differ
diff --git a/core/lib/mechanize/__pycache__/polyglot.cpython-37.pyc b/core/lib/mechanize/__pycache__/polyglot.cpython-37.pyc
new file mode 100644
index 00000000..231e1191
Binary files /dev/null and b/core/lib/mechanize/__pycache__/polyglot.cpython-37.pyc differ
diff --git a/lib/mechanize/mechanize/_auth.py b/core/lib/mechanize/_auth.py
similarity index 91%
rename from lib/mechanize/mechanize/_auth.py
rename to core/lib/mechanize/_auth.py
index e8b7a076..023a689b 100644
--- a/lib/mechanize/mechanize/_auth.py
+++ b/core/lib/mechanize/_auth.py
@@ -4,13 +4,14 @@
Copyright 2006 John J. Lee