Codebase list faraday-plugins / c19a85b faraday_plugins / plugins / repo / peepingtom / plugin.py
c19a85b

Tree @c19a85b (Download .tar.gz)

plugin.py @c19a85braw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
"""
Faraday Penetration Test IDE
Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
See the file 'doc/LICENSE' for the license information
"""
import re
from os import path
from urllib.parse import urlparse

__author__ = "Andres Tarantini"
__copyright__ = "Copyright (c) 2015 Andres Tarantini"
__credits__ = ["Andres Tarantini"]
__license__ = "MIT"
__version__ = "0.0.1"
__maintainer__ = "Andres Tarantini"
__email__ = "[email protected]"
__status__ = "Development"

from faraday_plugins.plugins.plugin import PluginBase


class PeepingTomPlugin(PluginBase):
    """
    Handle PeepingTom (https://bitbucket.org/LaNMaSteR53/peepingtom) output
    """

    def __init__(self, *arg, **kwargs):
        super().__init__(*arg, **kwargs)
        self.id = "peepingtom"
        self.name = "PeepingTom"
        self.plugin_version = "0.0.1"
        self.version = "02.19.15"
        self._command_regex = re.compile(
            r'^(python peepingtom.py|\./peepingtom.py)\s+.*?')
        self._path = None

    def parseOutputString(self, output):
        # Find data path
        data_path_search = re.search(r"in '(.*)\/'", output)
        print(data_path_search)
        if not data_path_search:
            # No data path found
            return True

        # Parse "peepingtom.html" report and extract results
        data_path = data_path_search.groups()[0]
        html = open(path.join(self._path, data_path, "peepingtom.html")).read()
        for url in re.findall(r'href=[\'"]?([^\'" >]+)', html):
            if "://" in url:
                url_parsed = urlparse(url)
                address = self.resolve_hostname(url_parsed.netloc)
                host = self.createAndAddHost(address)
                service = self.createAndAddServiceToHost(host, "http", protocol="tcp", ports=[80])
                self.createAndAddNoteToService(
                    host,
                    service,
                    'screenshot',
                    path.join(
                        self._path,
                        data_path_search.groups()[0],
                        "{}.png".format(url.replace(
                            "://", "").replace("/", "").replace(".", ""))
                    )
                )

        return True

    def processCommandString(self, username, current_path, command_string):
        super().processCommandString(username, current_path, command_string)
        self._path = current_path


def createPlugin(*args, **kwargs):
    return PeepingTomPlugin(*args, **kwargs)