diff --git a/install.sh b/install.sh index 0e75ada4..6ea2d774 100755 --- a/install.sh +++ b/install.sh @@ -430,7 +430,7 @@ printf "${bblue}\n Running: Installing repositories (${#repos[@]})${reset}\n\n" # Repos with special configs eval git clone https://github.com/projectdiscovery/nuclei-templates ~/nuclei-templates $DEBUG_STD eval git clone https://github.com/geeknik/the-nuclei-templates.git ~/nuclei-templates/extra_templates $DEBUG_STD -eval git clone https://github.com/projectdiscovery/fuzzing-templates ~/fuzzing-templates $DEBUG_STD +eval git clone https://github.com/projectdiscovery/fuzzing-templates $tools/fuzzing-templates $DEBUG_STD eval wget -q -O - https://raw.githubusercontent.com/NagliNagli/BountyTricks/main/ssrf.yaml > ~/nuclei-templates/ssrf_nagli.yaml $DEBUG_STD eval wget -q -O - https://raw.githubusercontent.com/NagliNagli/BountyTricks/main/sap-redirect.yaml > ~/nuclei-templates/sap-redirect_nagli.yaml $DEBUG_STD eval nuclei -update-templates $DEBUG_STD diff --git a/reconftw.sh b/reconftw.sh index fdbed92e..c0a9b961 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -73,7 +73,7 @@ function tools_installed(){ which gotator &>/dev/null || { printf "${bred} [*] gotator [NO]${reset}\n"; allinstalled=false;} which nuclei &>/dev/null || { printf "${bred} [*] Nuclei [NO]${reset}\n"; allinstalled=false;} [ -d ~/nuclei-templates ] || { printf "${bred} [*] Nuclei templates [NO]${reset}\n"; allinstalled=false;} - [ -d ~/fuzzing-templates ] || { printf "${bred} [*] Fuzzing templates [NO]${reset}\n"; allinstalled=false;} + [ -d $tools/fuzzing-templates ] || { printf "${bred} [*] Fuzzing templates [NO]${reset}\n"; allinstalled=false;} which gf &>/dev/null || { printf "${bred} [*] Gf [NO]${reset}\n"; allinstalled=false;} which Gxss &>/dev/null || { printf "${bred} [*] Gxss [NO]${reset}\n"; allinstalled=false;} which subjs &>/dev/null || { printf "${bred} [*] subjs [NO]${reset}\n"; allinstalled=false;} @@ -358,15 +358,11 @@ function subdomains_full(){ function sub_passive(){ if { [ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]; } && [ "$SUBPASSIVE" = true ]; then start_subfunc ${FUNCNAME[0]} "Running : Passive Subdomain Enumeration" - if [ ! "$AXIOM" = true ]; then - [[ $RUNAMASS == true ]] && timeout -k 1m ${AMASS_ENUM_TIMEOUT} amass enum -passive -d $domain -config $AMASS_CONFIG -timeout $AMASS_ENUM_TIMEOUT -json .tmp/amass_json.json 2>>"$LOGFILE" &>/dev/null - [ -s ".tmp/amass_json.json" ] && cat .tmp/amass_json.json | jq -r '.name' | anew -q .tmp/amass_psub.txt - [[ $RUNSUBFINDER == true ]] && subfinder -all -d "$domain" -silent -o .tmp/subfinder_psub.txt 2>>"$LOGFILE" >/dev/null - else - echo $domain > .tmp/amass_temp_axiom.txt - [[ $RUNAMASS == true ]] && axiom-scan .tmp/amass_temp_axiom.txt -m amass -passive -o .tmp/amass_psub.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null - [[ $RUNSUBFINDER == true ]] && axiom-scan .tmp/amass_temp_axiom.txt -m subfinder -all -silent -o .tmp/subfinder_psub.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null - fi + + [[ $RUNAMASS == true ]] && timeout -k 1m ${AMASS_ENUM_TIMEOUT} amass enum -passive -d $domain -config $AMASS_CONFIG -timeout $AMASS_ENUM_TIMEOUT -json .tmp/amass_json.json 2>>"$LOGFILE" &>/dev/null + [ -s ".tmp/amass_json.json" ] && cat .tmp/amass_json.json | jq -r '.name' | anew -q .tmp/amass_psub.txt + [[ $RUNSUBFINDER == true ]] && subfinder -all -d "$domain" -silent -o .tmp/subfinder_psub.txt 2>>"$LOGFILE" >/dev/null + if [ -s "${GITHUB_TOKENS}" ]; then if [ "$DEEP" = true ]; then github-subdomains -d $domain -t $GITHUB_TOKENS -o .tmp/github_subdomains_psub.txt 2>>"$LOGFILE" >/dev/null @@ -375,7 +371,7 @@ function sub_passive(){ fi fi if [ -s "${GITLAB_TOKENS}" ]; then - gitlab-subdomains -d $domain -t $GITLAB_TOKENS -o .tmp/gitlab_subdomains_psub.txt 2>>"$LOGFILE" >/dev/null + gitlab-subdomains -d $domain -t $GITLAB_TOKENS > .tmp/gitlab_subdomains_psub.txt 2>>"$LOGFILE" >/dev/null fi if [ "$INSCOPE" = true ]; then check_inscope .tmp/amass_psub.txt 2>>"$LOGFILE" >/dev/null diff --git a/web/projects/urls.py b/web/projects/urls.py index 987cd788..6f720165 100644 --- a/web/projects/urls.py +++ b/web/projects/urls.py @@ -9,4 +9,5 @@ path('', views.index, name='index'), path('/delete/', views.delete_project,name='delete'), path('/cancel/', views.cancel_scan,name='cancel'), + path('/backup/', views.DownloadBackup, name='backup'), ] diff --git a/web/projects/views.py b/web/projects/views.py index 7b3f0992..7eee0fc5 100644 --- a/web/projects/views.py +++ b/web/projects/views.py @@ -1,4 +1,5 @@ from django.shortcuts import get_object_or_404, render +from django.http import HttpResponse from projects.models import Project from django.core.files.base import ContentFile from django.shortcuts import redirect @@ -11,6 +12,7 @@ import shutil, os, time, requests, favicon from pathlib import Path from subprocess import Popen +import zipfile # Main Projects Page @login_required(login_url='/login/') @@ -67,7 +69,7 @@ def index(request): print("final_date: "+str(final_date)) pjtfor = Project.objects.filter(domain=sgdomain) - print("pjt: "+str(pjtfor)) + # print("pjt: "+str(pjtfor)) # Save Domain @@ -194,6 +196,42 @@ def delete_project(request, id): return redirect('projects:index') +@login_required(login_url='/login/') +def DownloadBackup(requests, id): + + project = Project.objects.get(id=id) + if project.status == "FINISHED": + command = str(project.command).split("'") + del command[0::2] + + tempFolder = "/tmp" + folderPath = command[-1].rsplit("/",1)[0] + folderName = command[-1].rsplit("/",1)[1] + + if "/" in folderName: + tmp = folderName.rsplit("/", 1) + + folderPath = tmp[0] + folderName = tmp[1] + + if os.path.exists(tempFolder+"/Backup-"+folderName+".zip"): + os.remove(tempFolder+"/Backup-"+folderName+".zip") + + os.chdir(folderPath) + with zipfile.ZipFile(tempFolder+"/Backup-"+folderName+".zip", "w") as zf: + for item in Path(folderName).rglob("*"): + zf.write(item) + zf.close() + + backupFileName = "Backup-"+folderName+".zip" + + file = open(tempFolder+"/"+backupFileName, "rb") + + response = HttpResponse(file, content_type='application/force-download') + response['Content-Disposition'] = 'attachment; filename='+backupFileName + return response + else: + return HttpResponse('Scanning is not completed, please wait.') # TODO: Cancel Scan Function @login_required(login_url='/login/') diff --git a/web/scans/views.py b/web/scans/views.py index f8ebd3c1..bc99cdb8 100644 --- a/web/scans/views.py +++ b/web/scans/views.py @@ -410,7 +410,39 @@ def new_scan(request): elif type_domain == "1": list_domain = request.POST.get('listDomain') print("List Domain") - else: - print("Wrong!!") + list_domain = list(map(str.strip, list_domain.split("\n"))) + + for single_domain in list_domain: + if validators.domain(single_domain): + command = ['../reconftw.sh','-d',single_domain] + + req_params = list(request.POST) + + # MODE OPTIONS + if req_params[4] == 'switch-recon': + command.append('-r') + elif req_params[4] == 'switch-subdomains': + command.append('-s') + elif req_params[4] == 'switch-passive': + command.append('-p') + elif req_params[4] == 'switch-all': + command.append('-a') + elif req_params[4] == 'switch-web': + command.append('-w') + elif req_params[4] == 'switch-osint': + command.append('-n') + + # GENERAL OPTIONS + if 'switch-deep' in req_params: + command.append('--deep') + if 'switch-vps' in req_params: + command.append('-v') + + # RUN new_scan_single_domain TASK + print("=====>>>> about to run new_scan_single_domain") + celery_task = new_scan_single_domain.apply_async(command, queue="default") + + else: + print("Wrong!!") return redirect('projects:index') diff --git a/web/templates/projects.html b/web/templates/projects.html index f791b050..fe37e40b 100644 --- a/web/templates/projects.html +++ b/web/templates/projects.html @@ -630,6 +630,7 @@ border-radius: 50%; background-color: #fff; } + {% if messages %} {% for message in messages %} @@ -769,7 +770,7 @@

{{ request.user }}
Reconnaissance Ninja

{% endif %} - + @@ -800,8 +801,7 @@

{{ request.user }}
Reconnaissance Ninja

- -
+
@@ -825,9 +825,6 @@

{{ request.user }}
Reconnaissance Ninja

-
- -
@@ -1100,12 +1097,8 @@
TARGET OPTIONS
- -
+ +
TARGET OPTIONS placeholder="example.com" />
-
+
@@ -1401,8 +1395,8 @@
GENERAL OPTIONS
document.getElementById("Saturday-" + id).checked = false; document.getElementById("Sunday-" + id).checked = false; document.getElementById("addScheduler-" + id).checked = false; - document.getElementById("hours-" + id).value = 00; - document.getElementById("minutes-" + id).value = 00; + document.getElementById("hours-" + id).value = "00"; + document.getElementById("minutes-" + id).value = "00"; document.getElementById("schedule-name-" + id).value = "NoneValue"; document.getElementById("crontab-id-" + id).value = "NoneValue"; @@ -1512,59 +1506,59 @@
GENERAL OPTIONS
} } - function checkCommand() { - let command = "./reconftw.sh"; + // function checkCommand() { + // let command = "./reconftw.sh"; - if ( - document.getElementById("pills-single-nav").classList.contains("active") - ) { - command += " -d " + document.getElementById("singleDomain").value; - } else { - command += " -l targets.txt"; - } + // if ( + // document.getElementById("pills-single-nav").classList.contains("active") + // ) { + // command += " -d " + document.getElementById("singleDomain").value; + // } else { + // command += " -l targets.txt"; + // } - if (document.getElementById("switch-all").checked == true) { - command += " -a"; - } else { - if (document.getElementById("switch-recon").checked) { - command += " -r"; - } + // if (document.getElementById("switch-all").checked == true) { + // command += " -a"; + // } else { + // if (document.getElementById("switch-recon").checked) { + // command += " -r"; + // } - if (document.getElementById("switch-subdomains").checked) { - command += " -s"; - } + // if (document.getElementById("switch-subdomains").checked) { + // command += " -s"; + // } - if (document.getElementById("switch-passive").checked) { - command += " -p"; - } + // if (document.getElementById("switch-passive").checked) { + // command += " -p"; + // } - if (document.getElementById("switch-web").checked) { - command += " -w"; - } + // if (document.getElementById("switch-web").checked) { + // command += " -w"; + // } - if (document.getElementById("switch-osint").checked) { - command += " -n"; - } - } + // if (document.getElementById("switch-osint").checked) { + // command += " -n"; + // } + // } - if (document.getElementById("switch-deep").checked == true) { - command += " --deep"; - } + // if (document.getElementById("switch-deep").checked == true) { + // command += " --deep"; + // } - if (document.getElementById("switch-vps").checked == true) { - command += " -v"; - } + // if (document.getElementById("switch-vps").checked == true) { + // command += " -v"; + // } - document.getElementById("command").value = command; - } + // document.getElementById("command").value = command; + // } function selectSingle() { - document.getElementById("typeDomain").value = 0; + document.getElementById("pills-single").classList.add("active"); checkCommand(); } function selectList() { - document.getElementById("typeDomain").value = 1; + document.getElementById("pills-list").classList.add("active"); checkCommand(); }