diff --git a/bin/DB_KVROCKS_MIGRATION.py b/bin/DB_KVROCKS_MIGRATION.py index 5f84351f..bb05ef2a 100755 --- a/bin/DB_KVROCKS_MIGRATION.py +++ b/bin/DB_KVROCKS_MIGRATION.py @@ -375,6 +375,7 @@ def items_migration(): # item = Items.Item(item_id) # item.set_father(father_id) + # DUPLICATES for tag in ['infoleak:automatic-detection="credential"']: # Creditcards, Mail, Keys ??????????????????????????????? print(f'Duplicate migration: {tag}') tag_first = get_tag_first_seen(tag) @@ -389,6 +390,10 @@ def items_migration(): print(algo, duplicates_dict[id_2][algo], id_2) item.add_duplicate(algo, duplicates_dict[id_2][algo], id_2) + # ITEM FIRST/LAST DATE + Items._manual_set_items_date_first_last() + + # TODO: test cookies migration # TODO: migrate auto crawlers @@ -840,14 +845,14 @@ if __name__ == '__main__': #core_migration() #user_migration() #tags_migration() - # items_migration() + items_migration() #crawler_migration() # domain_migration() # TO TEST ########################### #decodeds_migration() # screenshots_migration() - #subtypes_obj_migration() + subtypes_obj_migration() # ail_2_ail_migration() - trackers_migration() + # trackers_migration() # investigations_migration() # statistics_migration() diff --git a/bin/Tools.py b/bin/Tools.py deleted file mode 100755 index 03995a18..00000000 --- a/bin/Tools.py +++ /dev/null @@ -1,753 +0,0 @@ -#!/usr/bin/env python3 -# -*-coding:UTF-8 -* -""" -Tools Module -============================ - -Search tools outpout - -""" - -from Helper import Process -from pubsublogger import publisher - -import os -import re -import sys -import time -import redis -import signal - -sys.path.append(os.path.join(os.environ['AIL_BIN'], 'packages')) -import Item - - -class TimeoutException(Exception): - pass - -def timeout_handler(signum, frame): - raise TimeoutException - -signal.signal(signal.SIGALRM, timeout_handler) - - -def search_tools(item_id, item_content): - - tools_in_item = False - - for tools_name in tools_dict: - tool_dict = tools_dict[tools_name] - - regex_match = False - for regex_nb in list(range(tool_dict['nb_regex'])): - regex_index = regex_nb + 1 - regex = tool_dict['regex{}'.format(regex_index)] - - signal.alarm(tool_dict['max_execution_time']) - try: - tools_found = re.findall(regex, item_content) - except TimeoutException: - tools_found = [] - p.incr_module_timeout_statistic() # add encoder type - print ("{0} processing timeout".format(item_id)) - continue - else: - signal.alarm(0) - - - if not tools_found: - regex_match = False - break - else: - regex_match = True - if 'tag{}'.format(regex_index) in tool_dict: - print('{} found: {}'.format(item_id, tool_dict['tag{}'.format(regex_index)])) - msg = '{};{}'.format(tool_dict['tag{}'.format(regex_index)], item_id) - p.populate_set_out(msg, 'Tags') - - if regex_match: - print('{} found: {}'.format(item_id, tool_dict['name'])) - # Tag Item - msg = '{};{}'.format(tool_dict['tag'], item_id) - p.populate_set_out(msg, 'Tags') - - - if tools_in_item: - # send to duplicate module - p.populate_set_out(item_id, 'Duplicate') - - -default_max_execution_time = 30 - -tools_dict = { - 'sqlmap': { - 'name': 'sqlmap', - 'regex1': r'Usage of sqlmap for attacking targets without|all tested parameters do not appear to be injectable|sqlmap identified the following injection point|Title:[^\n]*((error|time|boolean)-based|stacked queries|UNION query)', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="sqlmap-tool"', # tag if all regex match - }, - 'wig': { - 'name': 'wig', - 'regex1': r'(?s)wig - WebApp Information Gatherer.+?_{10,}', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="wig-tool"', # tag if all regex match - }, - 'dmytry': { - 'name': 'dmitry', - 'regex1': r'(?s)Gathered (TCP Port|Inet-whois|Netcraft|Subdomain|E-Mail) information for.+?-{10,}', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dmitry-tool"', # tag if all regex match - }, - 'inurlbr': { - 'name': 'inurlbr', - 'regex1': r'Usage of INURLBR for attacking targets without prior mutual consent is illegal', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="inurlbr-tool"', # tag if all regex match - }, - 'wafw00f': { - 'name': 'wafw00f', - 'regex1': r'(?s)WAFW00F - Web Application Firewall Detection Tool.+?Checking', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="wafw00f-tool"', # tag if all regex match - }, - 'sslyze': { - 'name': 'sslyze', - 'regex1': r'(?s)PluginSessionRenegotiation.+?SCAN RESULTS FOR', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="sslyze-tool"', # tag if all regex match - }, - 'nmap': { - 'name': 'nmap', - 'regex1': r'(?s)Nmap scan report for.+?Host is', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="nmap-tool"', # tag if all regex match - }, - 'dnsenum': { - 'name': 'dnsenum', - 'regex1': r'(?s)dnsenum(\.pl)? VERSION:.+?Trying Zone Transfer', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dnsenum-tool"', # tag if all regex match - }, - 'knock': { - 'name': 'knock', - 'regex1': r'I scannig with my internal wordlist', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="knock-tool"', # tag if all regex match - }, - 'nikto': { - 'name': 'nikto', - 'regex1': r'(?s)\+ Target IP:.+?\+ Start Time:', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="nikto-tool"', # tag if all regex match - }, - 'dnscan': { - 'name': 'dnscan', - 'regex1': r'(?s)\[\*\] Processing domain.+?\[\+\] Getting nameservers.+?records found', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dnscan-tool"', # tag if all regex match - }, - 'dnsrecon': { - 'name': 'dnsrecon', - 'regex1': r'Performing General Enumeration of Domain:|Performing TLD Brute force Enumeration against', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dnsrecon-tool"', # tag if all regex match - }, - 'striker': { - 'name': 'striker', - 'regex1': r'Crawling the target for fuzzable URLs|Honeypot Probabilty:', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="striker-tool"', # tag if all regex match - }, - 'rhawk': { - 'name': 'rhawk', - 'regex1': r'S U B - D O M A I N F I N D E R', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="rhawk-tool"', # tag if all regex match - }, - 'uniscan': { - 'name': 'uniscan', - 'regex1': r'\| \[\+\] E-mail Found:', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="uniscan-tool"', # tag if all regex match - }, - 'masscan': { - 'name': 'masscan', - 'regex1': r'(?s)Starting masscan [\d.]+.+?Scanning|bit.ly/14GZzcT', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="masscan-tool"', # tag if all regex match - }, - 'msfconsole': { - 'name': 'msfconsole', - 'regex1': r'=\[ metasploit v[\d.]+.+?msf >', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="msfconsole-tool"', # tag if all regex match - }, - 'amap': { - 'name': 'amap', - 'regex1': r'\bamap v[\d.]+ \(www.thc.org/thc-amap\)', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="amap-tool"', # tag if all regex match - }, - 'automater': { - 'name': 'automater', - 'regex1': r'(?s)\[\*\] Checking.+?_+ Results found for:', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="automater-tool"', # tag if all regex match - }, - 'braa': { - 'name': 'braa', - 'regex1': r'\bbraa public@[\d.]+', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="braa-tool"', # tag if all regex match - }, - 'ciscotorch': { - 'name': 'ciscotorch', - 'regex1': r'Becase we need it', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="ciscotorch-tool"', # tag if all regex match - }, - 'theharvester': { - 'name': 'theharvester', - 'regex1': r'Starting harvesting process for domain:', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="theharvester-tool"', # tag if all regex match - }, - 'sslstrip': { - 'name': 'sslstrip', - 'regex1': r'sslstrip [\d.]+ by Moxie Marlinspike running', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="sslstrip-tool"', # tag if all regex match - }, - 'sslcaudit': { - 'name': 'sslcaudit', - 'regex1': r'# filebag location:', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="sslcaudit-tool"', # tag if all regex match - }, - 'smbmap': { - 'name': 'smbmap', - 'regex1': r'\[\+\] Finding open SMB ports\.\.\.', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="smbmap-tool"', # tag if all regex match - }, - 'reconng': { - 'name': 'reconng', - 'regex1': r'\[\*\] Status: unfixed|\[recon-ng\]\[default\]', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="reconng-tool"', # tag if all regex match - }, - 'p0f': { - 'name': 'p0f', - 'regex1': r'\bp0f [^ ]+ by Michal Zalewski', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="p0f-tool"', # tag if all regex match - }, - 'hping3': { - 'name': 'hping3', - 'regex1': r'\bHPING [^ ]+ \([^)]+\): [^ ]+ mode set', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="hping3-tool"', # tag if all regex match - }, - 'enum4linux': { - 'name': 'enum4linux', - 'regex1': r'Starting enum4linux v[\d.]+|\| Target Information \|', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="enum4linux-tool"', # tag if all regex match - }, - 'dnstracer': { - 'name': 'dnstracer', - 'regex1': r'(?s)Tracing to.+?DNS HEADER \(send\)', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dnstracer-tool"', # tag if all regex match - }, - 'dnmap': { - 'name': 'dnmap', - 'regex1': r'dnmap_(client|server)|Nmap output files stored in \'nmap_output\' directory', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dnmap-tool"', # tag if all regex match - }, - 'arpscan': { - 'name': 'arpscan', - 'regex1': r'Starting arp-scan [^ ]+ with \d+ hosts', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="arpscan-tool"', # tag if all regex match - }, - 'cdpsnarf': { - 'name': 'cdpsnarf', - 'regex1': r'(?s)CDPSnarf v[^ ]+.+?Waiting for a CDP packet\.\.\.', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="cdpsnarf-tool"', # tag if all regex match - }, - 'dnsmap': { - 'name': 'dnsmap', - 'regex1': r'DNS Network Mapper by pagvac', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dnsmap-tool"', # tag if all regex match - }, - 'dotdotpwn': { - 'name': 'dotdotpwn', - 'regex1': r'DotDotPwn v[^ ]+|dotdotpwn@sectester.net|\[\+\] Creating Traversal patterns', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dotdotpwn-tool"', # tag if all regex match - }, - 'searchsploit': { - 'name': 'searchsploit', - 'regex1': r'(exploits|shellcodes)/|searchsploit_rc|Exploit Title', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="searchsploit-tool"', # tag if all regex match - }, - 'fierce': { - 'name': 'fierce', - 'regex1': r'(?s)Trying zone transfer first.+Checking for wildcard DNS', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="fierce-tool"', # tag if all regex match - }, - 'firewalk': { - 'name': 'firewalk', - 'regex1': r'Firewalk state initialization completed successfully|Ramping phase source port', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="firewalk-tool"', # tag if all regex match - }, - 'fragroute': { - 'name': 'fragroute', - 'regex1': r'\bfragroute: tcp_seg -> ip_frag', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="fragroute-tool"', # tag if all regex match - }, - 'fragrouter': { - 'name': 'fragrouter', - 'regex1': r'fragrouter: frag-\d+:', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="fragrouter-tool"', # tag if all regex match - }, - 'goofile': { - 'name': 'goofile', - 'regex1': r'code.google.com/p/goofile\b', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="goofile-tool"', # tag if all regex match - }, - 'intrace': { - 'name': 'intrace', - 'regex1': r'\bInTrace [\d.]+ \-\-', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="intrace-tool"', # tag if all regex match - }, - 'ismtp': { - 'name': 'ismtp', - 'regex1': r'Testing SMTP server \[user enumeration\]', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="ismtp-tool"', # tag if all regex match - }, - 'lbd': { - 'name': 'lbd', - 'regex1': r'Checking for (DNS|HTTP)-Loadbalancing', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="lbd-tool"', # tag if all regex match - }, - 'miranda': { - 'name': 'miranda', - 'regex1': r'Entering discovery mode for \'upnp:', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="miranda-tool"', # tag if all regex match - }, - 'ncat': { - 'name': 'ncat', - 'regex1': r'nmap.org/ncat', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="ncat-tool"', # tag if all regex match - }, - 'ohrwurm': { - 'name': 'ohrwurm', - 'regex1': r'\bohrwurm-[\d.]+', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="ohrwurm-tool"', # tag if all regex match - }, - 'oscanner': { - 'name': 'oscanner', - 'regex1': r'Loading services/sids from service file', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="oscanner-tool"', # tag if all regex match - }, - 'sfuzz': { - 'name': 'sfuzz', - 'regex1': r'AREALLYBADSTRING|sfuzz/sfuzz', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="sfuzz-tool"', # tag if all regex match - }, - 'sidguess': { - 'name': 'sidguess', - 'regex1': r'SIDGuesser v[\d.]+', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="sidguess-tool"', # tag if all regex match - }, - 'sqlninja': { - 'name': 'sqlninja', - 'regex1': r'Sqlninja rel\. [\d.]+', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="sqlninja-tool"', # tag if all regex match - }, - 'sqlsus': { - 'name': 'sqlsus', - 'regex1': r'sqlsus version [\d.]+', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="sqlsus-tool"', # tag if all regex match - }, - 'dnsdict6': { - 'name': 'dnsdict6', - 'regex1': r'Starting DNS enumeration work on', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dnsdict6-tool"', # tag if all regex match - }, - 'unixprivesccheck': { - 'name': 'unixprivesccheck', - 'regex1': r'Recording Interface IP addresses', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="unixprivesccheck-tool"', # tag if all regex match - }, - 'yersinia': { - 'name': 'yersinia', - 'regex1': r'yersinia@yersinia.net', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="yersinia-tool"', # tag if all regex match - }, - 'armitage': { - 'name': 'armitage', - 'regex1': r'\[\*\] Starting msfrpcd for you', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="armitage-tool"', # tag if all regex match - }, - 'backdoorfactory': { - 'name': 'backdoorfactory', - 'regex1': r'\[\*\] In the backdoor module', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="backdoorfactory-tool"', # tag if all regex match - }, - 'beef': { - 'name': 'beef', - 'regex1': r'Please wait as BeEF services are started', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="beef-tool"', # tag if all regex match - }, - 'cat': { - 'name': 'cat', - 'regex1': r'Cisco Auditing Tool.+?g0ne', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="cat-tool"', # tag if all regex match - }, - 'cge': { - 'name': 'cge', - 'regex1': r'Vulnerability successful exploited with \[', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="cge-tool"', # tag if all regex match - }, - 'john': { - 'name': 'john', - 'regex1': r'John the Ripper password cracker, ver:|Loaded \d+ password hash \(', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="john-tool"', # tag if all regex match - }, - 'keimpx': { - 'name': 'keimpx', - 'regex1': r'\bkeimpx [\d.]+', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="keimpx-tool"', # tag if all regex match - }, - 'maskprocessor': { - 'name': 'maskprocessor', - 'regex1': r'mp by atom, High-Performance word generator', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="maskprocessor-tool"', # tag if all regex match - }, - 'ncrack': { - 'name': 'ncrack', - 'regex1': r'Starting Ncrack[^\n]+http://ncrack.org', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="ncrack-tool"', # tag if all regex match - }, - 'patator': { - 'name': 'patator', - 'regex1': r'http://code.google.com/p/patator/|Starting Patator v', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="patator-tool"', # tag if all regex match - }, - 'phrasendrescher': { - 'name': 'phrasendrescher', - 'regex1': r'phrasen\|drescher [\d.]+', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="phrasendrescher-tool"', # tag if all regex match - }, - 'polenum': { - 'name': 'polenum', - 'regex1': r'\[\+\] Password Complexity Flags:', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="polenum-tool"', # tag if all regex match - }, - 'rainbowcrack': { - 'name': 'rainbowcrack', - 'regex1': r'Official Website: http://project-rainbowcrack.com/', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="rainbowcrack-tool"', # tag if all regex match - }, - 'rcracki_mt': { - 'name': 'rcracki_mt', - 'regex1': r'Found \d+ rainbowtable files\.\.\.', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="rcracki_mt-tool"', # tag if all regex match - }, - 'tcpdump': { - 'name': 'tcpdump', - 'regex1': r'tcpdump: listening on.+capture size \d+|\d+ packets received by filter', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="tcpdump-tool"', # tag if all regex match - }, - 'hydra': { - 'name': 'hydra', - 'regex1': r'Hydra \(http://www.thc.org/thc-hydra\)', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="hydra-tool"', # tag if all regex match - }, - 'netcat': { - 'name': 'netcat', - 'regex1': r'Listening on \[[\d.]+\] \(family', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="netcat-tool"', # tag if all regex match - }, - 'nslookup': { - 'name': 'nslookup', - 'regex1': r'Non-authoritative answer:', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="nslookup-tool"', # tag if all regex match - }, - 'dig': { - 'name': 'dig', - 'regex1': r'; <<>> DiG [\d.]+', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dig-tool"', # tag if all regex match - }, - 'whois': { - 'name': 'whois', - 'regex1': r'(?i)Registrar WHOIS Server:|Registrar URL: http://|DNSSEC: unsigned|information on Whois status codes|REGISTERED, DELEGATED|[Rr]egistrar:|%[^\n]+(WHOIS|2016/679)', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="whois-tool"', # tag if all regex match - }, - 'nessus': { - 'name': 'nessus', - 'regex1': r'nessus_(report_(get|list|exploits)|scan_(new|status))|nessuscli|nessusd|nessus-service', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="nessus-tool"', # tag if all regex match - }, - 'openvas': { - 'name': 'openvas', - 'regex1': r'/openvas/', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="openvas-tool"', # tag if all regex match - }, - 'golismero': { - 'name': 'golismero', - 'regex1': r'GoLismero[\n]+The Web Knife', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="golismero-tool"', # tag if all regex match - }, - 'wpscan': { - 'name': 'wpscan', - 'regex1': r'WordPress Security Scanner by the WPScan Team|\[\+\] Interesting header:', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="wpscan-tool"', # tag if all regex match - }, - 'skipfish': { - 'name': 'skipfish', - 'regex1': r'\[\+\] Sorting and annotating crawl nodes:|skipfish version [\d.]+', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="skipfish-tool"', # tag if all regex match - }, - 'arachni': { - 'name': 'arachni', - 'regex1': r'With the support of the community and the Arachni Team|\[\*\] Waiting for plugins to settle\.\.\.', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="arachni-tool"', # tag if all regex match - }, - 'dirb': { - 'name': 'dirb', - 'regex1': r'==> DIRECTORY:|\bDIRB v[\d.]+', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dirb-tool"', # tag if all regex match - }, - 'joomscan': { - 'name': 'joomscan', - 'regex1': r'OWASP Joomla! Vulnerability Scanner v[\d.]+', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="joomscan-tool"', # tag if all regex match - }, - 'jbossautopwn': { - 'name': 'jbossautopwn', - 'regex1': r'\[x\] Now creating BSH script\.\.\.|\[x\] Now deploying \.war file:', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="jbossautopwn-tool"', # tag if all regex match - }, - 'grabber': { - 'name': 'grabber', - 'regex1': r'runSpiderScan @', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="grabber-tool"', # tag if all regex match - }, - 'fimap': { - 'name': 'fimap', - 'regex1': r'Automatic LFI/RFI scanner and exploiter', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="fimap-tool"', # tag if all regex match - }, - 'dsxs': { - 'name': 'dsxs', - 'regex1': r'Damn Small XSS Scanner \(DSXS\)', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dsxs-tool"', # tag if all regex match - }, - 'dsss': { - 'name': 'dsss', - 'regex1': r'Damn Small SQLi Scanner \(DSSS\)', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dsss-tool"', # tag if all regex match - }, - 'dsjs': { - 'name': 'dsjs', - 'regex1': r'Damn Small JS Scanner \(DSJS\)', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dsjs-tool"', # tag if all regex match - }, - 'dsfs': { - 'name': 'dsfs', - 'regex1': r'Damn Small FI Scanner \(DSFS\)', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="dsfs-tool"', # tag if all regex match - }, - 'identywaf': { - 'name': 'identywaf', - 'regex1': r'\[o\] initializing handlers\.\.\.', - 'nb_regex': 1, - 'max_execution_time': default_max_execution_time, - 'tag': 'infoleak:automatic-detection="identywaf-tool"', # tag if all regex match - }, - 'whatwaf': { - 'name': 'whatwaf', - 'regex1': r' @@ -256,6 +257,8 @@ + + {% endif %} @@ -346,6 +349,13 @@ {% endif %} + {% if extracted %} + {% for row in extracted %} +
{{ row[2] }}
+ {% endfor %} + {% endif %} + +
@@ -367,15 +377,21 @@ -
-

{{ meta['content'] }}

+ {% if not extracted %} +

{{ meta['content'] }}

+ {% else %} +

{{ meta['content'][:extracted[0][0]] }}{% for row in extracted %}{{ meta['content'][row[0]:row[1]] }}{% if loop.index + 1 > extracted|length %}{{ meta['content'][extracted[-1][1]:] }}{% else %}{{ meta['content'][row[1]:extracted[loop.index][0]] }}{% endif %}{% endfor %}

+ {% endif %}

+ + +