Home Explore Help
Register Sign In
shawenguan
/
MitmProxy
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 9fc0cd8ddd
Branches Tags
MitmProxy
/
addons
/
hacking
/
Hacking.py

Hacking.py 3.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. # ReK2
    2. 

  2. # gemini://rek2.hispagatos.org
    3. 

  3. # gemini://hispagatos.org
    4. 

  4. # https://hispagatos.org
    5. 

  5. # gemini://2600.madrid
    6. 

  6. # Hispagatos - 2023
    7. 

  7. 

  8. import mitmproxy.http
    9. 

  9. from typing import Sequence
    10. 

  10. from mitmproxy import types, flow, command, ctx
    11. 

  11. from subprocess import run
    12. 

  12. import shlex
    13. 

  13. from bs4 import BeautifulSoup, Comment
    14. 

  14. import os
    15. 

  15. 

  16. class Hacking:
    17. 

  17.     def __init__(self):
    18. 

  18.         self.file_path = input("Enter the path to save results: ")
    19. 

  19.         self.extensions = ".txt,.php,.html,.sh,.md,.db,.sql"
    20. 

  20.         self.cookie = None
    21. 

  21. 

  22.     def response(self, flow: mitmproxy.http.HTTPFlow):
    23. 

  23.         self.extract_comments(flow)
    24. 

  24.         self.extract_links(flow)
    25. 

  25. 

  26.     def extract_comments(self, flow: mitmproxy.http.HTTPFlow):
    27. 

  27.         html = flow.response.text
    28. 

  28.         soup = BeautifulSoup(html, "html.parser")
    29. 

  29.         comments = soup.find_all(string=lambda text: isinstance(text, Comment))
    30. 

  30.         with open(f"{self.file_path}/mitmproxy_comments.txt", "a") as file:
    31. 

  31.             for comment in comments:
    32. 

  32.                 file.write(f"{comment}\n")
    33. 

  33. 

  34.     def extract_links(self, flow: mitmproxy.http.HTTPFlow):
    35. 

  35.         html = flow.response.text
    36. 

  36.         soup = BeautifulSoup(html, "html.parser")
    37. 

  37.         links = set([a["href"] for a in soup.find_all("a", href=True)])
    38. 

  38.         with open(f"{self.file_path}/mitmproxy_links.txt", "a") as file:
    39. 

  39.             for link in links:
    40. 

  40.                 file.write(f"{link}\n")
    41. 

  41. 

  42.     @command.command("hacking.dirbust")
    43. 

  43.     def dirbust(
    44. 

  44.         self,
    45. 

  45.         flows: types.Sequence[flow.Flow],
    46. 

  46.         wordlist: str = "/usr/share/seclists/Discovery/Web-Content/common.txt",
    47. 

  47.     ):
    48. 

  48.         for flow in flows:
    49. 

  49.             if isinstance(flow, mitmproxy.http.HTTPFlow):
    50. 

  50.                 url = flow.request.url
    51. 

  51.                 gobuster_command = f"gobuster dir -u {url} -w {wordlist} -x {self.extensions} -o {self.file_path}/mitmproxy_gobuster_results.txt"
    52. 

  52.                 run(shlex.split(gobuster_command))
    53. 

  53. 

  54.     @command.command("hacking.nikto")
    55. 

  55.     def nikto(
    56. 

  56.         self,
    57. 

  57.         flows: types.Sequence[flow.Flow],
    58. 

  58.     ):
    59. 

  59.         for flow in flows:
    60. 

  60.             if isinstance(flow, mitmproxy.http.HTTPFlow):
    61. 

  61.                 url = flow.request.url
    62. 

  62.                 host = flow.request.host
    63. 

  63.                 nikto_command = f"nikto -host {host} -output {self.file_path}/mitmproxy_nikto_results.txt"
    64. 

  64.                 run(shlex.split(nikto_command))
    65. 

  65. 

  66.     @command.command("hacking.stickcookie")
    67. 

  67.     def stickcookie(self, toggle: str) -> str:
    68. 

  68.         if toggle.lower() == "on":
    69. 

  69.             cookie_file_path = os.path.join(self.file_path, "cookie.txt")
    70. 

  70.             if not os.path.exists(cookie_file_path):
    71. 

  71.                 return "Cookie file not found in the specified directory."
    72. 

  72.             with open(cookie_file_path, "r") as f:
    73. 

  73.                 self.cookie = f.read().strip()
    74. 

  74.                 ctx.log.info("Sticky cookie set.")
    75. 

  75.         elif toggle.lower() == "off":
    76. 

  76.             self.cookie = None
    77. 

  77.             ctx.log.info("Sticky cookie removed.")
    78. 

  78.         else:
    79. 

  79.             return "Invalid command usage. Use 'on' to activate sticky cookies or 'off' to deactivate."
    80. 

  80.         return "Sticky cookie command executed."
    81. 

  81. 

  82.     def request(self, flow: mitmproxy.http.HTTPFlow) -> None:
    83. 

  83.         if self.cookie and "cookie" not in flow.request.headers:
    84. 

  84.             flow.request.headers["cookie"] = self.cookie
    85. 

  85. 

  86. 

  87. # addons = [Hacking()]
    88.