Merge pull request s0md3v#1 from UltimateHackers/master

Update

README.md

@@ -11,6 +11,7 @@ Just supply a domain name to <b>Striker</b> and it will automatically do the fol
 - [x] Detect CMS (197+ CMSs are supported)
 - [x] Launch WPScan if target is using Wordpress
 - [x] Retrieve robots.txt
+- [x] Whois lookup
 - [x] Check if the target is a honeypot
 - [x] Port Scan with banner grabbing
 - [x] Dumps all kind of DNS records
@@ -24,7 +25,7 @@ Just supply a domain name to <b>Striker</b> and it will automatically do the fol
 
 ## Install
 ```bash
-git clone $repo
+git clone https://github.com/UltimateHackers/Striker
 cd Striker
 pip install -r requirements.txt
 python striker.py

plugins/discovery/dnssearch.py

@@ -76,7 +76,7 @@ def __init__(self, domain, dnsserver, verbose=False):
 
     def getdns(self, domain):
         DNS.ParseResolvConf("/etc/resolv.conf")
-        # nameserver=DNS.defaults['server'][0]
+        nameserver=DNS.defaults['server'][0]
         dom = domain
         if self.subdo == True:
             dom = domain.split(".")

plugins/theHarvester.py

@@ -53,7 +53,6 @@ def start(argv):
             engine = arg
             if engine not in ("baidu", "bing", "crtsh","bingapi","dogpile", "google", "googleCSE","virustotal", "googleplus", "google-profiles","linkedin", "pgp", "twitter", "vhost", "yahoo","netcraft","all"):
                 usage()
-                print "Invalid search engine, try with: baidu, bing, bingapi,crtsh, dogpile, google, googleCSE, virustotal, netcraft, googleplus, google-profiles, linkedin, pgp, twitter, vhost, yahoo, all"
                 sys.exit()
             else:
                 pass
@@ -139,4 +138,4 @@ def start(argv):
     except KeyboardInterrupt:
         print "Search interrupted by user.."
     except:
-        sys.exit()
+        sys.exit()

requirements.txt

@@ -1,2 +1,4 @@
-requests==2.18.1
+requests[socks]==2.18.1
 mechanize==0.2.5
+bs4==0.0.1
+python-whois

striker.py

@@ -8,10 +8,25 @@
 import os
 from urllib import urlencode
 from plugins.DNSDumpsterAPI import DNSDumpsterAPI
+import whois
+import json
+
 params = []
 # Browser
 br = mechanize.Browser()
 
+# Just some colors and shit
+white = '\033[1;97m'
+green = '\033[1;32m'
+red = '\033[1;31m'
+yellow = '\033[1;33m'
+end = '\033[1;m'
+info = '\033[1;33m[!]\033[1;m'
+que =  '\033[1;34m[?]\033[1;m'
+bad = '\033[1;31m[-]\033[1;m'
+good = '\033[1;32m[+]\033[1;m'
+run = '\033[1;97m[~]\033[1;m'
+
 # Cookie Jar
 cj = cookielib.LWPCookieJar()
 br.set_cookiejar(cj)
@@ -48,27 +63,25 @@
         target = 'https://' + target
 
 def sqli(url):
-    print '''\033[1;97m[>]\033[1;m Using SQLMap api to check for SQL injection vulnerabilities. Don\'t
-    worry we are using an online service and it doesn\' depend on your internet connection.
-    This scan will take 2-3 minutes.'''
-    sqli = br.open('https://suip.biz/?act=sqlmap').read()
+    print '%s Using SQLMap api to check for SQL injection vulnerabilities. Don\'t worry we are using an online service and it doesn\'t depend on your internet connection. This scan will take 2-3 minutes.' % run
+    br.open('https://suip.biz/?act=sqlmap')
     br.select_form(nr=0)
     br.form['url'] = url
     req = br.submit()
     result = req.read()
     match = search(r"---(?s).*---", result)
     if match:
-        print '\033[1;32m[+]\033[1;m One or more parameters are vulnerable to SQL injection'
+        print '%s One or more parameters are vulnerable to SQL injection' % good
         option = raw_input(
-            '\033[1;34m[?]\033[1;m Would you like to see the whole report? [Y/n] ').lower()
+            '%s Would you like to see the whole report? [Y/n] ' % que).lower()
         if option == 'n':
             pass
         else:
-            print"\033[1;31m-\033[1;m" * 40
+            print '\033[1;31m-\033[1;m' * 40
             print match.group().split('---')[1][:-3]
-            print"\033[1;31m-\033[1;m" * 40
+            print '\033[1;31m-\033[1;m' * 40
     else:
-        print '\033[1;31m[-]\033[1;m None of parameters is vulnerable to SQL injection'
+        print '%s None of parameters is vulnerable to SQL injection' % bad
 
 
 def cms(domain):
@@ -83,59 +96,67 @@ def cms(domain):
         except:
             pass
         if detect:
-            print "\033[93m[!]\033[0m CMS Detected : " + detect.group().split('">')[1][:-27]
+            print '%s CMS Detected : %s' % (info, detect.group().split('">')[1][:-27])
             detect = detect.group().split('">')[1][:-27]
             if 'WordPress' in detect:
                 option = raw_input(
-                    '\033[1;34m[?]\033[1;m Would you like to use WPScan? [Y/n] ').lower()
+                    '%s Would you like to use WPScan? [Y/n] ' % que).lower()
                 if option == 'n':
                     pass
                 else:
                     os.system('wpscan --random-agent --url %s' % domain)
         elif WordPress:
-            print "\033[93m[!]\033[0m CMS Detected : WordPress"
+            print '%s CMS Detected : WordPress' % info
             option = raw_input(
-                '\033[1;34m[?]\033[1;m Would you like to use WPScan? [Y/n] ').lower()
+                '%s Would you like to use WPScan? [Y/n] ' % que).lower()
             if option == 'n':
                 pass
             else:
                 os.system('wpscan --random-agent --url %s' % domain)
         else:
-            print "\033[93m[!]\033[0m " + domain + " doesn't seem to use a CMS"
+            print '%s %s doesn\'t seem to use a CMS' % (info, domain)
     except:
         pass
 
 def honeypot(ip_addr):
-    honey = "https://api.shodan.io/labs/honeyscore/%s?key=C23OXE0bVMrul2YeqcL7zxb6jZ4pj2by" % ip_addr
+    result = {"0.0": 0, "0.1": 10, "0.2": 20, "0.3": 30, "0.4": 40, "0.5": 50, "0.6": 60, "0.7": 70, "0.8": 80, "0.9": 90, "1.0": 10}
+    honey = 'https://api.shodan.io/labs/honeyscore/%s?key=C23OXE0bVMrul2YeqcL7zxb6jZ4pj2by' % ip_addr
     try:
         phoney = br.open(honey).read()
-        if '0.0' in phoney:
-            print "\033[1;32m[+]\033[1;m Honeypot Probabilty: 0%"
-        elif '0.1' in phoney:
-            print "\033[1;32m[+]\033[1;m Honeypot Probabilty: 10%"
-        elif '0.2' in phoney:
-            print "\033[1;32m[+]\033[1;m Honeypot Probabilty: 20%"
-        elif '0.3' in phoney:
-            print "\033[1;32m[+]\033[1;m Honeypot Probabilty: 30%"
-        elif '0.4' in phoney:
-            print "\033[1;32m[+]\033[1;m Honeypot Probabilty: 40%"
-        elif '0.5' in phoney:
-            print "\033[1;31m[-]\033[1;m Honeypot Probabilty: 50%"
-        elif '0.6' in phoney:
-            print "\033[1;31m[-]\033[1;m Honeypot Probabilty: 60%"
-        elif '0.7' in phoney:
-            print "\033[1;31m[-]\033[1;m Honeypot Probabilty: 70%"
-        elif '0.8' in phoney:
-            print "\033[1;31m[-]\033[1;m Honeypot Probabilty: 80%"
-        elif '0.9' in phoney:
-            print "\033[1;31m[-]\033[1;m Honeypot Probabilty: 90%"
-        elif '1.0' in phoney:
-            print "\033[1;31m[-]\033[1;m Honeypot Probabilty: 100%"
-    except:
+        if float(phoney) >= 0.0 and float(phoney) <= 0.4:
+            what = good
+        else:
+            what = bad
+        print '{} Honeypot Probabilty: {}%'.format(what, result[phoney])
+    except KeyError:
         print '\033[1;31m[-]\033[1;m Honeypot prediction failed'
 
+def whoisIt(url):
+    who = ""
+    print '{} Trying to gather whois information for {}'.format(run,url)
+    try:
+        who = str(whois.whois(url)).decode()
+    except Exception:
+        pass
+    test = who.lower()
+    if "whoisguard" in test or "protection" in test or "protected" in test:
+        print '{} Whois Protection Enabled{}'.format(bad, end)
+    else:
+        print '{} Whois information found{}'.format(good, end)
+        try:
+            data = json.loads(who)
+            for key in data.keys():
+                print "{} :".format(key.replace("_", " ").title()),
+                if type(data[key]) == list:
+                    print ", ".join(data[key])
+                else:
+                    print "{}".format(data[key])
+        except ValueError:
+            print '{} Unable to build response, visit https://who.is/whois/{} {}'.format(bad, url, end) 
+    pass
+
 def nmap(ip_addr):
-    port = "http://api.hackertarget.com/nmap/?q=" + ip_addr
+    port = 'http://api.hackertarget.com/nmap/?q=' + ip_addr
     result = br.open(port).read()
     result = sub(r'Starting[^<]*\)\.', '', result)
     result = sub(r'Service[^<]*seconds', '', result)
@@ -150,100 +171,101 @@ def bypass(domain):
     match = search(r' \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b', result)
     if match:
         bypass.ip_addr = match.group().split(' ')[1][:-1]
-        print '\033[1;32m[+]\033[1;m Real IP Address : ' + bypass.ip_addr
+        print '%s Real IP Address : %s' % (good, bypass.ip_addr)
 
 def dnsdump(domain):
     res = DNSDumpsterAPI(False).search(domain)
-    print('\n\033[1;32m[+]\033[1;m DNS Records')
+    print '\n%s DNS Records' % good
     for entry in res['dns_records']['dns']:
-        print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
+        print '{domain} ({ip}) {as} {provider} {country}'.format(**entry)
     for entry in res['dns_records']['mx']:
-        print("\n\033[1;32m[+]\033[1;m MX Records")
-        print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
-    print("\n\033[1;32m[+]\033[1;m Host Records (A)")
+        print '\n%s MX Records' % good
+        print '{domain} ({ip}) {as} {provider} {country}'.format(**entry)
+    print '\n\033[1;32m[+]\033[1;m Host Records (A)'
     for entry in res['dns_records']['host']:
         if entry['reverse_dns']:
-            print(
-                ("{domain} ({reverse_dns}) ({ip}) {as} {provider} {country}".format(**entry)))
+            print '{domain} ({reverse_dns}) ({ip}) {as} {provider} {country}'.format(**entry)
         else:
-            print(("{domain} ({ip}) {as} {provider} {country}".format(**entry)))
-    print('\n\033[1;32m[+]\033[1;m TXT Records')
+            print '{domain} ({ip}) {as} {provider} {country}'.format(**entry)
+    print '\n%s TXT Records' % good
     for entry in res['dns_records']['txt']:
-        print(entry)
-    print '\n\033[1;32m[+]\033[1;m DNS Map: https://dnsdumpster.com/static/map/%s.png\n' % domain
+        print entry
+    print '\n%s DNS Map: https://dnsdumpster.com/static/map/%s.png\n' % (good, domain.strip('www.'))
 
 
 def fingerprint(ip_addr):
     try:
         result = br.open('https://www.censys.io/ipv4/%s/raw' % ip_addr).read()
         match = search(r'&#34;os_description&#34;: &#34;[^<]*&#34;', result)
         if match:
-            print '\033[1;32m[+]\033[1;m Operating System : ' + match.group().split('n&#34;: &#34;')[1][:-5]
-     except:
-         pass
+            print '%s Operating System : %s' % (good, match.group().split('n&#34;: &#34;')[1][:-5])
+    except:
+        pass
 
 
 ip_addr = socket.gethostbyname(domain)
-print '\033[93m[!]\033[0m IP Address : %s' % ip_addr
+print '%s IP Address : %s' % (info, ip_addr)
 try:
     r = requests.get(target)
     header = r.headers['Server']
     if 'cloudflare' in header:
-        print '\033[1;31m[-]\033[1;m Cloudflare detected'
+        print '%s Cloudflare detected' % bad
         bypass(domain)
         try:
             ip_addr = bypass.ip_addr
         except:
             pass
     else:
-        print '\033[93m[!]\033[0m Server: ' + header
+        print '%s Server: %s' % (info, header)
     try:
-        print '\033[93m[!]\033[0m Powered By: ' + r.headers['X-Powered-By']
+        print '%s Powered By: %s' % (info, r.headers['X-Powered-By'])
     except:
         pass
     try:
         r.headers['X-Frame-Options']
     except:
-        print '\033[1;31m[-]\033[1;m Clickjacking protection is not in place.'
+        print '%s Clickjacking protection is not in place.' % good
 except:
     pass
 fingerprint(ip_addr)
 cms(domain)
 honeypot(ip_addr)
+print "{}----------------------------------------{}".format(red, end)
+whoisIt(domain)
 try:
     r = br.open(target + '/robots.txt').read()
-    print "\033[1;31m-\033[1;m" * 40
-    print '\033[1;32m[+]\033[1;m Robots.txt retrieved\n', r
+    print '\033[1;31m-\033[1;m' * 40
+    print '%s Robots.txt retrieved\n' % good, r
 except:
     pass
-print"\033[1;31m-\033[1;m" * 40
+print '\033[1;31m-\033[1;m' * 40
 nmap(ip_addr)
-print"\033[1;31m-\033[1;m" * 40
+print '\033[1;31m-\033[1;m' * 40
 dnsdump(domain)
 os.system('cd plugins && python theHarvester.py -d %s -b all' % domain)
 try:
     br.open(target)
-    print '\033[1;97m[>]\033[1;m Crawling the target for fuzzable URLs'
+    print '%s Crawling the target for fuzzable URLs' % run
     for link in br.links():
         if 'http' in link.url or '=' not in link.url:
             pass
         else:
             url = target + '/' + link.url
             params.append(url)
     if len(params) == 0:
-        print '\033[1;31m[-]\033[1;m No fuzzable URLs found'
+        print '%s No fuzzable URLs found' % bad
         quit()
-    print '\033[1;32m[+]\033[1;m Found %i fuzzable URLs' % len(params)
+    print '%s Found %i fuzzable URLs' % (good, len(params))
     for url in params:
         print url
         sqli(url)
         url = url.replace('=', '<svg/onload=alert()>')
         r = br.open(url).read()
         if '<svg/onload=alert()>' in r:
-            print '\033[1;32m[+]\033[1;m One or more parameters are vulnerable to XSS'
+            print '%s One or more parameters are vulnerable to XSS' % good
         break
-    print '\033[1;32m[+]\033[1;m These are the URLs having parameters:'
+    print '%s These are the URLs having parameters:' % good
     for url in params:
         print url
 except:
-    pass
+    pass