Skip to content

Commit

Permalink
bug fixes
Browse files Browse the repository at this point in the history 
bug fixes
  • Loading branch information
@ifly53e
ifly53e authored Jun 15, 2018
1 parent 31a311a commit 3b50967
Showing 1 changed file with 105 additions and 83 deletions.
188 changes: 105 additions & 83 deletions blackwidow
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/usr/bin/python
# blackwidow by 1N3 - Last Updated 20180118
# https://crowdshield.com
# https://crowdshield.com
#

from bs4 import BeautifulSoup
Expand All @@ -18,13 +18,13 @@ RESET='\x1b[0m'

def readlinks (url):
try:

if len(cookies) > 2:
headers = {'Cookie': cookies}
r = requests.get(url, headers=headers)
r = requests.get(url, headers=headers, verify=False)
else:
r = requests.get(url)
r = requests.get(url, verify=False)

data = r.text
soup = BeautifulSoup(data, "lxml")
parsed_uri = urlparse(url)
Expand All @@ -33,25 +33,25 @@ def readlinks (url):
except Exception as ex:
print(ex)

urls = open("/tmp/" + domain + port + "-urls.txt","w+")
urls_saved = open(save_dir + domain + port + "-urls.txt","a")
forms_saved = open(save_dir + domain + port + "-forms.txt","a")
dynamic_saved = open(save_dir + domain + port + "-dynamic.txt","a")
emails_saved = open(save_dir + domain + port + "-emails.txt","a")
phones_saved = open(save_dir + domain + port + "-phones.txt","a")
subdomains_saved = open(save_dir + domain + port + "-subdomains.txt","a")
urls = open("/tmp/" + domain + "_" + port + "-urls.txt","w+")
urls_saved = open(save_dir + domain + "_" + port + "-urls.txt","a")
forms_saved = open(save_dir + domain + "_" + port + "-forms.txt","a")
dynamic_saved = open(save_dir + domain + "_" + port + "-dynamic.txt","a")
emails_saved = open(save_dir + domain + "_" + port + "-emails.txt","a")
phones_saved = open(save_dir + domain + "_" + port + "-phones.txt","a")
subdomains_saved = open(save_dir + domain + "_" + port + "-subdomains.txt","a")

print ""
print OKGREEN + "==================================================================================================" + RESET
print OKGREEN + url
print OKGREEN + url
print OKGREEN + "==================================================================================================" + RESET
for form in soup.find_all('form'):
print OKBLUE + "[+] Extracting form values..."
print OKBLUE + "[+] Extracting form values..."
print "__________________________________________________________________________________________________" + OKORANGE
print form
print OKBLUE + "__________________________________________________________________________________________________"
print RESET
forms_saved.write(url + "\n")
forms_saved.write(url + "\n")

# PARSE LINKS
for link in soup.find_all('a'):
Expand All @@ -60,59 +60,59 @@ def readlinks (url):
parsed_uri = urlparse(link.get('href'))
linkdomain = '{uri.netloc}'.format(uri=parsed_uri)
if (domain != linkdomain) and (linkdomain != "") and (domain in linkdomain):
print COLOR1 + "[+] Sub-domain found! " + linkdomain + " " + RESET
print COLOR1 + "[+] Sub-domain found! " + linkdomain + " " + RESET
subdomains_saved.write(linkdomain + "\n")
# IF LINK STARTS WITH HTTP
if link.get('href')[:4] == "http":
# SAME ORIGIN
if domain in link.get('href'):
# IF URL IS DYNAMIC
if "?" in link.get('href'):
print OKRED + "[+] Dynamic URL found! " + link.get('href') + " " + RESET
urls.write(link.get('href') + "\n")
urls_saved.write(link.get('href') + "\n")
dynamic_saved.write(link.get('href') + "\n")
print OKRED + "[+] Dynamic URL found! " + link.get('href') + " " + RESET
urls.write(link.get('href') + "\n")
urls_saved.write(link.get('href') + "\n")
dynamic_saved.write(link.get('href') + "\n")
else:
print link.get('href')
urls.write(link.get('href') + "\n")
urls_saved.write(link.get('href') + "\n")
urls.write(link.get('href') + "\n")
urls_saved.write(link.get('href') + "\n")
# EXTERNAL LINK FOUND
else:
# IF URL IS DYNAMIC
if "?" in link.get('href'):
print COLOR2 + "[+] External Dynamic URL found! " + link.get('href') + " " + RESET
print COLOR2 + "[+] External Dynamic URL found! " + link.get('href') + " " + RESET
else:
print COLOR2 + "[i] External link found! " + link.get('href') + " " + RESET
# IF URL IS DYNAMIC
elif "?" in link.get('href'):
print OKRED + "[+] Dynamic URL found! " + url + link.get('href') + " " + RESET
urls.write(url + "/" + link.get('href') + "\n")
urls_saved.write(url + "/" + link.get('href') + "\n")
dynamic_saved.write(url + "/" + link.get('href') + "\n")
print OKRED + "[+] Dynamic URL found! " + globalURL + "/" + link.get('href') + " " + RESET
urls.write(globalURL + "/" + link.get('href') + "\n")
urls_saved.write(globalURL + "/" + link.get('href') + "\n")
dynamic_saved.write(globalURL + "/" + link.get('href') + "\n")
# DOM BASED LINK
elif link.get('href')[:1] == "#":
print OKBLUE + "[i] DOM based link found! " + link.get('href') + " " + RESET
print OKBLUE + "[i] DOM based link found! " + link.get('href') + " " + RESET
# TELEPHONE
elif link.get('href')[:4] == "tel:":
s = link.get('href')
phonenum = s.split(':')[1]
print OKORANGE + "[i] Telephone # found! " + phonenum + " " + RESET
print OKORANGE + "[i] Telephone # found! " + phonenum + " " + RESET
phones_saved.write(phonenum + "\n")
# EMAIL
elif link.get('href')[:7] == "mailto:":
s = link.get('href')
email = s.split(':')[1]
print OKORANGE + "[i] Email found! " + email + " " + RESET
print OKORANGE + "[i] Email found! " + email + " " + RESET
emails_saved.write(email + "\n")
# ELSE NORMAL LINK FOUND
else:
print url + "/" + link.get('href')
urls.write(url + "/" + link.get('href') + "\n")
urls_saved.write(url + "/" + link.get('href') + "\n")
urls.write(url + "/" + link.get('href') + "\n")
urls_saved.write(url + "/" + link.get('href') + "\n")
print OKGREEN + "__________________________________________________________________________________________________" + RESET

def readfile():
filename = "/tmp/" + domain + port + "-urls.txt"
filename = "/tmp/" + domain + "_" + port + "-urls.txt"
with open(filename) as f:
urls = f.read().splitlines()
for url in urls:
Expand All @@ -135,7 +135,7 @@ def logo():
print OKRED + " 1N3 / /` '' `\ \ "
print OKRED + " | |"
print OKRED + " \ /"
print OKRED + ""
print OKRED + ""
print RESET
print OKORANGE + " + -- --=[https://crowdshield.com" + RESET
print OKORANGE + " + -- --=[blackwidow v" + version + RESET
Expand All @@ -160,67 +160,68 @@ def donations():


def exit_handler():
os.system('sort -u ' + save_dir + domain + port + '-urls.txt > ' + save_dir + domain + port + '-urls-sorted.txt 2>/dev/null')
os.system('sort -u ' + save_dir + domain + port + '-forms.txt > ' + save_dir + domain + port + '-forms-sorted.txt 2>/dev/null')
os.system('sort -u ' + save_dir + domain + port + '-dynamic.txt > ' + save_dir + domain + port + '-dynamic-sorted.txt 2>/dev/null')
os.system('rm -f ' + save_dir + domain + port + '-dynamic-unique.txt 2>/dev/null')
os.system('touch ' + save_dir + domain + port + '-dynamic-unique.txt')
os.system('for a in `cat ' + save_dir + domain + port + '-dynamic-sorted.txt | cut -d \'?\' -f2 | sort -u | cut -d \'=\' -f1 | sort -u`; do for b in `egrep $a ' + save_dir + domain + port +'-dynamic.txt -m 1`; do echo $b >> ' + save_dir + domain + port + '-dynamic-unique.txt; done; done;')
os.system('sort -u ' + save_dir + domain + port + '-subdomains.txt > ' + save_dir + domain + port + '-subdomains-sorted.txt 2>/dev/null')
os.system('sort -u ' + save_dir + domain + port + '-emails.txt > ' + save_dir + domain + port + '-emails-sorted.txt 2>/dev/null')
os.system('sort -u ' + save_dir + domain + port + '-phones.txt > ' + save_dir + domain + port + '-phones-sorted.txt 2>/dev/null')
os.system('sort -u ' + save_dir + domain + "_" + port + '-urls.txt > ' + save_dir + domain + "_" + port + '-urls-sorted.txt 2>/dev/null')
os.system('sort -u ' + save_dir + domain + "_" + port + '-forms.txt > ' + save_dir + domain + "_" + port + '-forms-sorted.txt 2>/dev/null')
os.system('sort -u ' + save_dir + domain + "_" + port + '-dynamic.txt > ' + save_dir + domain + "_" + port + '-dynamic-sorted.txt 2>/dev/null')
os.system('rm -f ' + save_dir + domain + "_" + port + '-dynamic-unique.txt 2>/dev/null')
os.system('touch ' + save_dir + domain + "_" + port + '-dynamic-unique.txt')
os.system('for a in `cat ' + save_dir + domain + "_" + port + '-dynamic-sorted.txt | cut -d \'?\' -f2 | sort -u | cut -d \'=\' -f1 | sort -u`; do for b in `egrep $a ' + save_dir + domain + "_" + port +'-dynamic.txt -m 1`; do echo $b >> ' + save_dir + domain + "_" + port + '-dynamic-unique.txt; done; done;')
os.system('sort -u ' + save_dir + domain + "_" + port + '-subdomains.txt > ' + save_dir + domain + "_" + port + '-subdomains-sorted.txt 2>/dev/null')
os.system('sort -u ' + save_dir + domain + "_" + port + '-emails.txt > ' + save_dir + domain + "_" + port + '-emails-sorted.txt 2>/dev/null')
os.system('sort -u ' + save_dir + domain + "_" + port + '-phones.txt > ' + save_dir + domain + "_" + port + '-phones-sorted.txt 2>/dev/null')

logo()
print OKGREEN + "[+] URL's Discovered: \n" + save_dir + domain + port + "-urls-sorted.txt" + RESET
print OKGREEN + "[+] URL's Discovered: \n" + save_dir + domain + "_" + port + "-urls-sorted.txt" + RESET
print OKGREEN + "__________________________________________________________________________________________________" + RESET
os.system('cat ' + save_dir + domain + port + '-urls-sorted.txt')
os.system('cat ' + save_dir + domain + "_" + port + '-urls-sorted.txt')
print RESET
print OKGREEN + "[+] Dynamic URL's Discovered: \n" + save_dir + domain + port + "-dynamic-sorted.txt" + RESET
print OKGREEN + "[+] Dynamic URL's Discovered: \n" + save_dir + domain + "_" + port + "-dynamic-sorted.txt" + RESET
print OKGREEN + "__________________________________________________________________________________________________" + RESET
os.system('cat ' + save_dir + domain + port + '-dynamic-sorted.txt')
os.system('cat ' + save_dir + domain + "_" + port + '-dynamic-sorted.txt')
print RESET
print OKGREEN + "[+] Form URL's Discovered: \n" + save_dir + domain + port + "-forms-sorted.txt" + RESET
print OKGREEN + "[+] Form URL's Discovered: \n" + save_dir + domain + "_" + port + "-forms-sorted.txt" + RESET
print OKGREEN + "__________________________________________________________________________________________________" + RESET
os.system('cat ' + save_dir + domain + port + '-forms-sorted.txt')
os.system('cat ' + save_dir + domain + "_" + port + '-forms-sorted.txt')
print RESET
print OKGREEN + "[+] Unique Dynamic Parameters Discovered: \n" + save_dir + domain + port + "-dynamic-unique.txt" + RESET
print OKGREEN + "[+] Unique Dynamic Parameters Discovered: \n" + save_dir + domain + "_" + port + "-dynamic-unique.txt" + RESET
print OKGREEN + "__________________________________________________________________________________________________" + RESET
os.system('cat ' + save_dir + domain + port + '-dynamic-unique.txt')
os.system('cat ' + save_dir + domain + "_" + port + '-dynamic-unique.txt')
print RESET
print OKGREEN + "[+] Sub-domains Discovered: \n" + save_dir + domain + port + "-subdomains-sorted.txt" + RESET
print OKGREEN + "[+] Sub-domains Discovered: \n" + save_dir + domain + "_" + port + "-subdomains-sorted.txt" + RESET
print OKGREEN + "__________________________________________________________________________________________________" + RESET
os.system('cat ' + save_dir + domain + port + '-subdomains-sorted.txt')
os.system('cat ' + save_dir + domain + "_" + port + '-subdomains-sorted.txt')
print RESET
print OKGREEN + "[+] Emails Discovered: \n" + save_dir + domain + port + "-emails-sorted.txt" + RESET
print OKGREEN + "[+] Emails Discovered: \n" + save_dir + domain + "_" + port + "-emails-sorted.txt" + RESET
print OKGREEN + "__________________________________________________________________________________________________" + RESET
os.system('cat ' + save_dir + domain + port + '-emails-sorted.txt')
os.system('cat ' + save_dir + domain + "_" + port + '-emails-sorted.txt')
print RESET
print OKGREEN + "[+] Phones Discovered: \n" + save_dir + domain + port + "-phones-sorted.txt" + RESET
print OKGREEN + "[+] Phones Discovered: \n" + save_dir + domain + "_" + port + "-phones-sorted.txt" + RESET
print OKGREEN + "__________________________________________________________________________________________________" + RESET
os.system('cat ' + save_dir + domain + port + '-phones-sorted.txt')
os.system('cat ' + save_dir + domain + "_" + port + '-phones-sorted.txt')
print RESET
print OKRED + "[+] Loot Saved To: \n" + save_dir + RESET
print OKRED + "__________________________________________________________________________________________________" + RESET
print RESET

#os.system('rm -f ' + save_dir + domain + port + '-dynamic.txt')
#os.system('rm -f ' + save_dir + domain + port + '-forms.txt')
#os.system('rm -f ' + save_dir + domain + port + '-emails.txt')
#os.system('rm -f ' + save_dir + domain + port + '-phones.txt')
#os.system('rm -f ' + save_dir + domain + port + '-urls.txt')
#os.system('rm -f ' + save_dir + domain + port + '-subdomains.txt')
#os.system('rm -f /tmp/' + domain + port + '-urls.txt 2> /dev/null')
os.system('rm -f ' + save_dir + domain + "_" + port + '-dynamic.txt')
os.system('rm -f ' + save_dir + domain + "_" + port + '-forms.txt')
os.system('rm -f ' + save_dir + domain + "_" + port + '-emails.txt')
os.system('rm -f ' + save_dir + domain + "_" + port + '-phones.txt')
os.system('rm -f ' + save_dir + domain + "_" + port + '-urls.txt')
os.system('rm -f ' + save_dir + domain + "_" + port + '-subdomains.txt')
os.system('rm -f /tmp/' + domain + "_" + port + '-urls.txt 2> /dev/null')

donations()

if scan == "y":
os.system('for a in `cat ' + save_dir + domain + port + '-dynamic-unique.txt`; do injectx.py $a; done;')
os.system('for a in `cat ' + save_dir + domain + "_" + port + '-dynamic-unique.txt`; do python /usr/bin/injectx.py $a; done;')
else:
pass



logo()
globalURL = "globalBadness"
if len(sys.argv) < 2:
print "You need to specify a URL to scan. Use --help for all options."
quit()
Expand All @@ -245,7 +246,7 @@ else:
parser.add_option('-s', '--scan',
action="store", dest="scan",
help="Scan all dynamic URL's found", default="n")

parser.add_option('-p', '--port',
action="store", dest="port",
help="Port for the URL", default="80")
Expand All @@ -260,34 +261,55 @@ else:
ans = scan
level = 1

if (len(str(domain)) > 4):
target = "http://" + domain + ":" + port
else:
parsed_uri = urlparse(target)
domain = '{uri.netloc}'.format(uri=parsed_uri)
#using a domain and a port or a URL?
if ":" not in target:

save_dir = "/usr/share/blackwidow/" + domain + port + "/"
os.system('mkdir -p ' + save_dir + ' 2>/dev/null')
if (len(str(domain)) > 4):
target = "http://" + domain + ":" + port
print "target is: " + target
else:
parsed_uri = urlparse(target)
domain = '{uri.netloc}'.format(uri=parsed_uri)
print "domain after parsed_uri is now: " + domain

if (len(str(target)) > 6):
url = target
if (len(str(target)) > 6):
url = target + ":" + port #big change here
print "url is: " + url
else:
url = "http://" + str(domain) + ":" + port
print "url is: " + url
else:
url = "http://" + str(domain)
url = target
globalURL = target
print "url is: " + url
parsed_uri = urlparse(target)
domainWithPort = '{uri.netloc}'.format(uri=parsed_uri)
domain = domainWithPort.split(':')[0]
print "domain after parsed_uri is now: " + domain
if (len(target.split(':')) > 2):
portWithPossiblePath = target.split(':')[2]
port = portWithPossiblePath.split('/')[0]
print "port is: " + port
else:
port = port
print "port is: " + port

save_dir = "/usr/share/blackwidow/" + domain + "_" + port + "/"
os.system('mkdir -p ' + save_dir + ' 2>/dev/null')
atexit.register(exit_handler)


# FILE INIT
urls_file = "/tmp/" + domain + port + "-urls.txt"
urls_saved_file = save_dir + domain + port + "-urls.txt"
forms_saved_file = save_dir + domain + port + "-forms.txt"
subdomain_file = save_dir + domain + port + "-subdomains.txt"
emails_file = save_dir + domain + port + "-emails.txt"
phones_file = save_dir + domain + port + "-phones.txt"
urls_file = "/tmp/" + domain + "_" + port + "-urls.txt"
urls_saved_file = save_dir + domain + "_" + port + "-urls.txt"
forms_saved_file = save_dir + domain + "_" + port + "-forms.txt"
subdomain_file = save_dir + domain + "_" + port + "-subdomains.txt"
emails_file = save_dir + domain + "_" + port + "-emails.txt"
phones_file = save_dir + domain + "_" + port + "-phones.txt"
urls = open(urls_file,"w+")
urls.close()
urls_saved = open(urls_saved_file,"w+")
urls_saved.close()
urls_saved.close()
forms_saved = open(forms_saved_file,"w+")
forms_saved.close()
subdomains = open(subdomain_file,"w+")
Expand Down

0 comments on commit 3b50967

Please sign in to comment.