Merge pull request #3 from flashnuke/feat/accept_resolved

Feat/accept resolved

WebRecon.py

@@ -4,6 +4,7 @@
 import urllib.parse
 import pprint
 import pkg_resources
+import ipaddress
 
 from sys import platform
 from typing import Tuple, Type
@@ -68,6 +69,7 @@ def __init__(self,
         self._scans = self._parse_scan_list(scans)  # only the ones we call using `_do_scan()`
 
         self.scheme, self.subdomain, self.target_hostname = self._parse_target_url(target_url)
+        self.host_is_resolved = self.subdomain is None
         self._default_general_scanner_args = {
             "scheme": self.scheme,
             "target_hostname": self.target_hostname,
@@ -111,14 +113,19 @@ def _parse_scan_list(self, scan_list: List[str]) -> List[Type[Scanner]]:
                 scans.append(scanner)
         return scans
 
-    def _parse_target_url(self, target_url: str) -> Tuple[str, str, str]:
-        parsed_target = urllib.parse.urlparse(target_url)
-        scheme = parsed_target.scheme
-        netloc = parsed_target.netloc
-        sub = netloc.split(".")[0] if self._contains_subdomain(target_url) else ScannerDefaultParams.DefaultSubdomain
-        hostname = netloc.split(".", 1)[-1] if self._contains_subdomain(target_url) else netloc
-
-        return scheme, sub, hostname
+    def _parse_target_url(self, target_url: str) -> Tuple[str, Union[str, None], str]:
+        try:
+            scheme, ip_hostname = target_url.split('://')
+            ip_test = ipaddress.ip_address(ip_hostname)  # check for valid ip address
+            return scheme, None, ip_hostname
+        except Exception as exc:  # not an IP address
+            parsed_target = urllib.parse.urlparse(target_url)
+            scheme = parsed_target.scheme
+            netloc = parsed_target.netloc
+            sub = netloc.split(".")[0] if self._contains_subdomain(
+                target_url) else ScannerDefaultParams.DefaultSubdomain
+            hostname = netloc.split(".", 1)[-1] if self._contains_subdomain(target_url) else netloc
+            return scheme, sub, hostname
 
     def _start_scans_for_target(self, target: str) -> List[threading.Thread]:
         scanner_threads = list()
@@ -162,6 +169,9 @@ def _setup_targets(self) -> queue.Queue:
         domains = queue.Queue()
         domains.put(self.target_url)
         if self.dns_recursion:
+            if self.host_is_resolved:
+                self._log_progress("skipping dns scan, host is resolved...")
+                return domains
             subdomain_scanner.DNSScanner(target_url=self.target_hostname, domains_queue=domains,
                                          **self._generate_scanner_args(DNSScanner.SCAN_NICKNAME)).start_scanner()
         return domains
@@ -201,8 +211,8 @@ def _get_scanner_name(self, *args, **kwargs) -> str:
 
 
 if __name__ == "__main__":
-    if "linux" not in platform:
-        raise UnsupportedOS(platform)
+    # if "linux" not in platform:
+    #     raise UnsupportedOS(platform)
     with open("requirements.txt", "r") as reqs:
         pkg_resources.require(reqs.readlines())
 

scanners/base_scanner.py

@@ -195,7 +195,8 @@ def _clear_cache_file(self):
 
     @lru_cache(maxsize=5)
     def generate_url_base_path(self, dnsname: str) -> str:
-        return f"{self.scheme}://{dnsname}.{self.target_hostname}"
+        return f"{self.scheme}://{dnsname}.{self.target_hostname}" if \
+            dnsname is not None else f"{self.scheme}://{self.target_hostname}"
 
     @lru_cache(maxsize=5)
     def _format_name_for_path(self, name: str) -> str:
@@ -309,7 +310,8 @@ def _make_request(self, method: str, url: str, headers=None, **kwargs):
             headers = dict()
         headers.update(self._default_headers)
 
-        res = self._session.request(method=method, url=url, headers=headers, timeout=self.request_timeout, **kwargs)
+        res = self._session.request(method=method, url=url, headers=headers, timeout=self.request_timeout,
+                                    verify=False, **kwargs)
 
         if res.status_code == ScannerDefaultParams.LimitRateSCode:
             self._log_exception("too many requests", abort=False)

scanners/content_scanner.py

@@ -47,18 +47,16 @@ def single_bruter(self):
             attempt = self.words_queue.get().strip("/")
             found_any = False
 
-            # check if there is a file extension, if not then it's a directory we're bruting
-            if "." not in attempt:
-                attempt_list.append(f"/{attempt}/")
-            else:
-                attempt_list.append(f"/{attempt}")
-
+            attempt_list.append(f"/{attempt}")
+            if "." in attempt:  # check if there is a file extension
                 if ScannerDefaultParams.FileExtensions:
                     for extension in ScannerDefaultParams.FileExtensions:
                         attempt_post = "." + attempt.split(".")[-1]
 
                         if attempt_post != extension:
                             attempt_list.append(f"/{attempt.replace(attempt_post, extension)}")
+            else:
+                attempt_list.append(f"/{attempt}/")
 
             for brute in attempt_list:
                 path = urllib.parse.quote(brute)
@@ -92,11 +90,11 @@ def single_bruter(self):
                 except Exception as exc:
                     self.abort_scan(reason=f"target {url}, exception - {exc}")
                 finally:
-                    attempt_list.clear()
                     if found_any:
                         self._save_results()
                     time.sleep(self.request_cooldown)
 
+            attempt_list.clear()
             self._update_count(attempt, found_any)
 
     def _start_scanner(self):