Last active
November 17, 2016 11:27
-
-
Save nopslider/057119dad1abc2c6d00f172496ab32a9 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import xmltodict | |
| import sys | |
| import requests | |
| import argparse | |
| import re | |
| from xml.parsers.expat import ExpatError | |
| from requests.exceptions import Timeout, ConnectionError | |
| from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
| requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
| parser = argparse.ArgumentParser(description='Takes an nmap XML file and gives you a list of URLs. Optionally grabs the title of the page,the server banner and looks for login functionality.') | |
| parser.add_argument('--verbose',"-v",action='store_true',help='Give more output') | |
| parser.add_argument('nmapxmlfile',type=argparse.FileType('r')) | |
| parser.add_argument('--timeout','-t',type=int,default=3,help='Set the default timeout for GET requests') | |
| parser.add_argument('--info',action='store_true',help='Grab the title and server banner, and look for login functionality') | |
| args = parser.parse_args() | |
| xml = args.nmapxmlfile.read() | |
| try: | |
| nmap = xmltodict.parse(xml,dict_constructor=dict,force_list={'host': True, 'address': True, 'port': True}) | |
| except ExpatError: | |
| print("Error parsing XML document") | |
| sys.exit(2) | |
| titlere = re.compile('<title.*?>(.*?)</title>',re.IGNORECASE) | |
| loginre = re.compile('(<input.*?type=(\'|")password(\'|").*?>|log ?in|sign ?in)',re.IGNORECASE) | |
| if args.info: | |
| print('URL,"Title","Server Banner","Login Detected"') | |
| for host in nmap["nmaprun"]["host"]: | |
| for address in host["address"]: | |
| if address["@addrtype"] == "ipv4": | |
| ip = address["@addr"] | |
| break | |
| # If there is no port information, skip this host | |
| if "port" not in host["ports"]: | |
| continue | |
| for port in host["ports"]["port"]: | |
| portnum = port["@portid"] | |
| proto = None | |
| try: | |
| servicename = port["service"]["@name"] | |
| except KeyError: | |
| if args.verbose: | |
| print("No service information for {} contained within the XML file".format(ip), file=sys.stderr) | |
| continue | |
| if port["state"]["@state"] == "open": | |
| if servicename == "http": | |
| proto = "http://" | |
| try: | |
| if port["service"]["@tunnel"] == "ssl": | |
| proto = "https://" | |
| except KeyError: | |
| pass | |
| if servicename == "https": | |
| proto = "https://" | |
| #Not http or https | |
| if not proto: | |
| continue | |
| url = "{}{}:{}/".format(proto,ip,portnum) | |
| # Logic to actually request data from the target | |
| if args.info: | |
| auth = False | |
| server = None | |
| title = None | |
| try: | |
| response = requests.get(url,timeout=args.timeout,verify=False) | |
| # Grab the title | |
| titlematch = titlere.search(response.text) | |
| if titlematch: | |
| title = titlematch.group(1) | |
| # Check there is a server header | |
| if "server" in response.headers: | |
| server = response.headers["server"] | |
| # See if there is an auth header | |
| if "www-authenticate" in response.headers or loginre.search(response.text): | |
| auth = True | |
| print('{},"{}","{}",{}'.format(url,title,server,auth)) | |
| except Timeout: | |
| print('{},"ERROR - Page request timed out",-,-'.format(url)) | |
| except ConnectionError as err: | |
| print('{},"ERROR - Page request failed",-,-'.format(url)) | |
| if args.verbose: | |
| print(err) | |
| else: | |
| print("{}".format(url)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment