Skip to content
This repository was archived by the owner on Sep 2, 2019. It is now read-only.

Commit 80c1efb

Browse files
author
ecstatic_nobel
committed
Use Captures as the only default output directory. Set default recursion level to 1. Remove UA var. Rename suspicious var. Use the UrlQueueManager. Update comments.
1 parent febf447 commit 80c1efb

File tree

2 files changed

+48
-84
lines changed

2 files changed

+48
-84
lines changed

aa_adhoc.py

Lines changed: 22 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -4,23 +4,21 @@
44
- Make requests to the domains retrieved from a file
55
- Recursively download the site when an open directory hosting a file with the desired file extension
66
7-
3 positional arguments needed:
7+
1 positional arguments needed:
88
- Input File : Path to the file containing URLs
9-
- File Extension : 7z, apk, bat, bz, bz2, crypt, dll, doc, docx, exe, gz, hta, iso, jar, json, lnk, ppt, ps1, py, rar, sfx, sh, tar, vb, vbs, xld, xls, xlsx, zip
109
1110
Optional arguments:
12-
- --file-dir : Directory to use for interesting files detected (default: ./InterestingFiles/)
13-
- --kit-dir : Directory to use for phishing kits detected (default: ./KitJackinSeason/)
11+
- --directory : Save data to CAP_DIR (default: ./Captures/)
1412
- --level : Recursion depth (default=1, infinite=0)
1513
- --quiet : Don't show wget output
1614
- --threads : Numbers of threads to spawn
17-
- --timeout : Set time to wait for a connection
15+
- --timeout : Set the connection timeout to TIMEOUT
1816
- --tor : Download files via the Tor network
1917
- --very-verbose : Show error messages
2018
2119
Usage:
2220
```
23-
python aa_adhoc.py <INPUT_FILE> <FILE_EXTENSION> [--file-dir] [--kit-dir] [--level] [--quiet] [--threads] [--timeout] [--tor] [--very-verbose]
21+
python aa_adhoc.py <INPUT_FILE> [--directory] [--level] [--quiet] [--threads] [--timeout] [--tor] [--very-verbose]
2422
```
2523
2624
Debugger: open("/tmp/aa.txt", "a").write("{}: <MSG>\n".format(<VAR>))
@@ -36,23 +34,14 @@
3634
parser.add_argument(metavar="input file",
3735
dest="input_file",
3836
help="Path to the file containing URLs")
39-
parser.add_argument(metavar="file extension",
40-
dest="ext",
41-
choices=["7z", "apk", "bat", "bz", "bz2", "crypt", "dll", "doc", "docx", "exe", "gz", "hta", "iso", "jar", "json", "lnk", "ppt", "ps1", "py", "rar", "sfx", "sh", "tar", "vb", "vbs", "xld", "xls", "xlsx", "zip"],
42-
help="7z, apk, bat, bz, bz2, crypt, dll, doc, docx, exe, gz, hta, iso, jar, json, lnk, ppt, ps1, py, rar, sfx, sh, tar, vb, vbs, xld, xls, xlsx, zip")
43-
parser.add_argument("--file-dir",
44-
dest="file_dir",
45-
default="./InterestingFile/",
37+
parser.add_argument("--directory",
38+
dest="cap_dir",
39+
default="./Captures/",
4640
required=False,
47-
help="Directory to use for interesting files detected (default: ./InterestingFiles)")
48-
parser.add_argument("--kit-dir",
49-
dest="kit_dir",
50-
default="./KitJackinSeason/",
51-
required=False,
52-
help="Directory to use for phishing kits detected (default: ./KitJackinSeason)")
41+
help="Download data to CAP_DIR (default: ./Captures)")
5342
parser.add_argument("--level",
5443
dest="level",
55-
default=0,
44+
default=1,
5645
required=False,
5746
type=str,
5847
help="Directory depth (default=1, infinite=0")
@@ -72,7 +61,7 @@
7261
default=30,
7362
required=False,
7463
type=int,
75-
help="Set time to wait for a connection")
64+
help="Set the connection timeout to TIMEOUT")
7665
parser.add_argument("--tor",
7766
dest="tor",
7867
action="store_true",
@@ -83,11 +72,8 @@
8372
action="store_true",
8473
required=False,
8574
help="Show error messages")
86-
args = parser.parse_args()
87-
uagent = "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko"
88-
8975
# Fix directory names
90-
args = commons.fix_directory(args)
76+
args = commons.fix_directory(parser.parse_args())
9177

9278
def main():
9379
""" """
@@ -96,36 +82,28 @@ def main():
9682

9783
# Print start messages
9884
commons.show_summary(args)
99-
commons.show_networking(args, uagent)
85+
commons.show_networking(args) # globals: proxies, torsocks
10086

101-
# Read suspicious.yaml
102-
suspicious = commons.read_suspicious(args)
87+
# Read config.yaml
88+
commons.read_config(args) # globals: config
10389

10490
# Recompile exclusions
105-
commons.recompile_exclusions()
106-
107-
# Build dict of extensions
108-
extensions = {}
109-
extensions.update(suspicious["archives"])
110-
extensions.update(suspicious["files"])
111-
112-
# Read file containing URLs
113-
urls = commons.read_file(args.input_file)
91+
commons.recompile_exclusions() # globals: exclusions
11492

11593
# Create queues
116-
recursion_queue = commons.create_queue("recursion_queue")
94+
url_queue = commons.create_queue("url_queue")
11795

11896
# Create threads
119-
commons.RecursiveQueueManager(args, recursion_queue, uagent, extensions)
97+
commons.UrlQueueManager(args, url_queue)
98+
99+
# Read file containing URLs
100+
urls = commons.read_file(args.input_file)
120101

121102
# Process URLs
122103
for url in urls:
123-
if not (url.startswith("http://") or url.startswith("https://")):
124-
continue
125-
126-
recursion_queue.put(url)
104+
url_queue.put(url)
127105

128-
recursion_queue.join()
106+
url_queue.join()
129107
return
130108

131109
if __name__ == "__main__":

aa_urlscan.py

Lines changed: 26 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -10,18 +10,17 @@
1010
- File Extension : 7z, apk, bat, bz, bz2, crypt, dll, doc, docx, exe, gz, hta, iso, jar, json, lnk, ppt, ps1, py, rar, sfx, sh, tar, vb, vbs, xld, xls, xlsx, zip
1111
1212
Optional arguments:
13-
- --file-dir : Directory to use for interesting files detected (default: ./InterestingFiles/)
14-
- --kit-dir : Directory to use for phishing kits detected (default: ./KitJackinSeason/)
15-
- --level : Recursion depth (default=1, infinite=0)
16-
- --quiet : Don't show wget output
17-
- --threads : Numbers of threads to spawn
18-
- --timeout : Set time to wait for a connection
19-
- --tor : Download files via the Tor network
20-
- --very-verbose : Show error messages
13+
- --directory : Save data to CAP_DIR (default: ./Captures/)
14+
- --level : Recursion depth (default=1, infinite=0)
15+
- --quiet : Don't show wget output
16+
- --threads : Numbers of threads to spawn
17+
- --timeout : Set the connection timeout to TIMEOUT
18+
- --tor : Download files via the Tor network
19+
- --very-verbose : Show error messages
2120
2221
Usage:
2322
```
24-
python aa_urlscan.py <QUERY_TYPE> <DELTA> <FILE_EXTENSION> [--file-dir] [--kit-dir] [--level] [--quiet] [--threads] [--timeout] [--tor] [--very-verbose]
23+
python aa_urlscan.py <QUERY_TYPE> <DELTA> <FILE_EXTENSION> [--directory] [--level] [--quiet] [--threads] [--timeout] [--tor] [--very-verbose]
2524
```
2625
2726
Debugger: open("/tmp/aa.txt", "a").write("{}: <MSG>\n".format(<VAR>))
@@ -50,19 +49,14 @@
5049
dest="ext",
5150
choices=["7z", "apk", "bat", "bz", "bz2", "crypt", "dll", "doc", "docx", "exe", "gz", "hta", "iso", "jar", "json", "lnk", "ppt", "ps1", "py", "rar", "sfx", "sh", "tar", "vb", "vbs", "xld", "xls", "xlsx", "zip"],
5251
help="7z, apk, bat, bz, bz2, crypt, dll, doc, docx, exe, gz, hta, iso, jar, json, lnk, ppt, ps1, py, rar, sfx, sh, tar, vb, vbs, xld, xls, xlsx, zip")
53-
parser.add_argument("--file-dir",
54-
dest="file_dir",
55-
default="./InterestingFile/",
52+
parser.add_argument("--directory",
53+
dest="cap_dir",
54+
default="./Captures/",
5655
required=False,
57-
help="Directory to use for interesting files detected (default: ./InterestingFiles)")
58-
parser.add_argument("--kit-dir",
59-
dest="kit_dir",
60-
default="./KitJackinSeason/",
61-
required=False,
62-
help="Directory to use for phishing kits detected (default: ./KitJackinSeason)")
56+
help="Save data to CAP_DIR (default: ./Captures/)")
6357
parser.add_argument("--level",
6458
dest="level",
65-
default=0,
59+
default=1,
6660
required=False,
6761
type=str,
6862
help="Directory depth (default=1, infinite=0")
@@ -82,7 +76,7 @@
8276
default=30,
8377
required=False,
8478
type=int,
85-
help="Set time to wait for a connection")
79+
help="Set the connection timeout to TIMEOUT")
8680
parser.add_argument("--tor",
8781
dest="tor",
8882
action="store_true",
@@ -93,11 +87,8 @@
9387
action="store_true",
9488
required=False,
9589
help="Show error messages")
96-
args = parser.parse_args()
97-
uagent = "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko"
98-
9990
# Fix directory names
100-
args = commons.fix_directory(args)
91+
args = commons.fix_directory(parser.parse_args())
10192

10293
def main():
10394
""" """
@@ -106,33 +97,28 @@ def main():
10697

10798
# Print start messages
10899
commons.show_summary(args)
109-
commons.show_networking(args, uagent)
100+
commons.show_networking(args) # globals: proxies, torsocks
110101

111-
# Read suspicious.yaml
112-
suspicious = commons.read_suspicious(args)
102+
# Read config.yaml
103+
commons.read_config(args) # globals: config
113104

114105
# Recompile exclusions
115-
commons.recompile_exclusions()
116-
117-
# Build dict of extensions
118-
extensions = {}
119-
extensions.update(suspicious["archives"])
120-
extensions.update(suspicious["files"])
121-
122-
# Request URLs from urlscan.io
123-
urls = commons.query_urlscan(args, suspicious["queries"], uagent, extensions)
106+
commons.recompile_exclusions() # globals: exclusions
124107

125108
# Create queues
126-
recursion_queue = commons.create_queue("recursion_queue")
109+
url_queue = commons.create_queue("url_queue")
127110

128111
# Create threads
129-
commons.RecursiveQueueManager(args, recursion_queue, uagent, extensions)
112+
commons.UrlQueueManager(args, url_queue)
113+
114+
# Request URLs from urlscan.io
115+
urls = commons.query_urlscan(args)
130116

131117
# Process URLs
132118
for url in urls:
133-
recursion_queue.put(url)
119+
url_queue.put(url)
134120

135-
recursion_queue.join()
121+
url_queue.join()
136122
return
137123

138124
if __name__ == "__main__":

0 commit comments

Comments
 (0)