diff --git a/.wsee/VERSION b/.wsee/VERSION index 81c871d..1cac385 100644 --- a/.wsee/VERSION +++ b/.wsee/VERSION @@ -1 +1 @@ -1.10.0 +1.11.0 diff --git a/README.md b/README.md index c0a49d1..2258655 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # wsee -A CDN Domain Fronting Tool or Websocket Discovery. Should work on any CDN but more focused on `CloudFlare` and `CloudFront` CDN. This tool provides multiple technique to ensure target endpoint can fall under specific protocol, indicated via `101` statuses. Can be used for **Bug Hunters** to find any delicate domain related to CDN especially on FreeNet / Free Internet fields. +A CDN Domain Fronting Tool or Websocket Discovery. This tool provides multiple technique to ensure target endpoint can fall under specific protocol, indicated via `101` statuses. Can be used for **Bug Hunters** to find any delicate domain related to CDN. Should work on any CDN but only featured `Cloudflare` and `Cloudfront` as in-built ready to use. ## Features - `wsee: to go` an Easy to use, scans whenever needed with Clean interactive Python script. Usable across any device that supports for `python`. PS: Even work on `Termux` and `WSL`. @@ -9,9 +9,10 @@ A CDN Domain Fronting Tool or Websocket Discovery. Should work on any CDN but mo - ***Don't have a wordlist?*** : `wsee` got you covered with `Online Subdomain Enumeration` feature using `HackerTarget` as source. - Accept `.csv` as wordlist, breaking the barrier of must used `.txt` and made it compatible for other Enumeration Tool Output. - Supports for Internal Storage for `Termux` users. -- Supports for HTTP2 Protocol Upgrade indicated as `h2c`. +- Supports for `HTTP/2` Protocol (clear-text only). - New `Rotate` Mode feature; Now you can rotate `proxy` and `hostname` individually. This is useful if the target only accept specific proxy or ssl masking. - Auto script updater handled with config located in `.wsee/CONFIG` +- Also include `Normal` mode, to find SSL/Direct bugs without protocol or domain fronting. - New Enhancement each Updates # How it works @@ -20,7 +21,7 @@ The tool works; is by following the general idea of Upgrading protocol indicated ``` headers = { "Connection": "Upgrade", "Upgrade": protocol } ``` -Even though it uses a basic headers, some Endpoint are Headers dependant. In `websocket` for example; it may require `X-SS` or `Sec-` or `User-Agent` entry in order upgrade connection to be accepted by the server, this usually happen on `Amazon` endpoints. Make sure to add those manually into the headers and the script will do the rest. +Even though it uses a basic header, some Endpoint are Headers dependant. In `websocket` for example; it may require `X-SS` or `Sec-` or `User-Agent` entry in order upgrade connection to be accepted by the server, this usually happen on `Amazon` endpoints. Make sure to add those manually into the headers and the script will do the rest. ##### **SSL Failure** In the newer version of `OpenSSL`; it doesn't support `Legacy Connection` and consider it as an exception. Due to this, you need to install custom OpenSSL Config by simply define it into your environment variable: @@ -45,7 +46,7 @@ For Termux users; you can now takes input from Internal Storage. `Termux` is abl termux-setup-storage ``` ##### **Disable Update** -Latest releases introduce auto-update feature. It's a small feature but you're now no longer needs to scrape whole directory to install new releases. You can just change `true` statement into `false` inside wsee config located in `.wsee/CONFIG`: +Latest releases introduce auto-update feature. It's a small feature but now, you're no longer need to scrape the whole directory to install new releases. To `Disable` it: You can just change `true` statement into `false` inside **WSee** config located in `.wsee/CONFIG`: ``` { "config":{ @@ -55,7 +56,7 @@ Latest releases introduce auto-update feature. It's a small feature but you're n ``` # Installation -`wsee` uses 3rd-party module, make sure to install `requests` before running, or else: +**WSee** uses 3rd-party module, make sure to install `requests` before running, or else: ``` apt install python3, python3-pip apt install git @@ -71,7 +72,12 @@ This Repo is build on top of other works, I'm not a jerk that steals other peopl - Thanks to [@fdxreborn](https://github.com/fdxreborn) for letting me to enhance his tools. This Repo is built on top of his awesome works at [cfchecker](https://github.com/fdxreborn/cfchecker) - Also thanks to [@PalindromeLabs](https://github.com/PalindromeLabs) for ZGrab uses in Websocket Discovery. This repo borrows some material from [STEWS: Security Testing and Enumeration of WebSockets](https://github.com/PalindromeLabs/STEWS) -You can also support my work by offering me some free Doughnut xD: +# Contribute +You can also contribute to this project by creating a pull-request or donating some CDN domain. Your contribution will be listed in our [Guild](https://github.com/Guild-Net) as-well in future content related to **WSee**. Currently; we're looking for `(GCP) Google Cloud Platform`, `Akamai` and `Fastly` CDN Domain. Alternatively, you can also support my work by offering me some free Doughnut xD: https://saweria.co/mc874 +**Do note that** : +- Your CDN domain will be used for `domain-fronting` purposes. +- The risk of being public should be taken as personal consideration. +

Preview

diff --git a/wsee.py b/wsee.py index c159e9e..c948662 100644 --- a/wsee.py +++ b/wsee.py @@ -21,28 +21,29 @@ import csv import ssl import json +import base64 import socket -import traceback import subprocess import requests,re -import os, fnmatch; os.system('clear') +import os, fnmatch from time import sleep from threading import Thread from collections import defaultdict from os.path import abspath, dirname from pkg_resources import parse_version from multiprocessing import Process, Manager, Value, Queue, cpu_count -from requests.exceptions import ReadTimeout, Timeout, ConnectionError, ChunkedEncodingError, TooManyRedirects, InvalidURL hostpath = 'host' +output = 'output' expected_response = 101 cflare_domain = 'id-herza.sshws.net' cfront_domain = 'dhxqu5ob0t1lp.cloudfront.net' txtfiles= [] -payloads = {'Host': '', 'Scheme': '', 'Grade': '', 'Conn': '', 'Key': '', 'Acc': '', 'Ver': '', 'SNI': '', 'Proxy': ''} -switch = { 'bloc': '', 'crt': '', 'rot': '', 'proto': '', 'dir': '', 'type': '', 'loc': '', 'nametag': 'result'} columns = defaultdict(list) +payloads = {'Host': '', 'SNI': '', 'Proxy': ''} +switch = { 'bloc': '', 'crt': '', 'rot': '', 'proto': '', 'dir': '', 'type': '', 'loc': '', 'nametag': 'result'} +cipher = (':ECDHE-RSA-AES128-GCM-SHA256:DES-CBC3-SHA:AES256-SHA:AES128-SHA:AES128-SHA256:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-DES-CBC3:EDH-RSA-DES-CBC3:EECDH+AESGCM:EDH-RSA-DES-CBC3-SHA:EDH-AESGCM:AES256+EECDH:ECHDE-RSA-AES256-GCM-SHA384:ECHDE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECHDE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-A$:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK') class colors: RED_BG = '\033[41m\033[1m' @@ -51,16 +52,17 @@ class colors: def pinger(): try: - requ = requests.get("http://zendesk4.grabtaxi.com", headers={'Host': cflare_domain, 'Connection': 'Upgrade', 'Upgrade': 'WebSocket', 'Sec-WebSocket-Key': 'dXP3jD9Ipw0B2EmWrMDTEw==', 'Sec-Websocket-Accept': 'GLWt4W8Ogwo6lmX9ZGa314RMRr0=', 'Sec-WebSocket-Version': '13'}) - if requ.status_code == expected_response: - return - elif requ.status_code != expected_response: - print("["+colors.RED_BG+" Check Your Internet Connection! "+colors.ENDC+"]") - sleep(10) - pinger() + requests.head("http://telkomsel.com", timeout=3) + Run.value = 1 + except requests.HTTPError: + print("["+colors.RED_BG+" LookUp Failed! "+colors.ENDC+"]") + sleep(10) + Run.value = 0 + pinger() except requests.ConnectionError: print("["+colors.RED_BG+" Check Your Internet Connection! "+colors.ENDC+"]") sleep(10) + Run.value = 0 pinger() def checker(): @@ -68,13 +70,13 @@ def checker(): data = json.load(f) if data['config']['update-wsee'] == True: print('[' + colors.RED_BG + ' Checking for update... ' + colors.ENDC + ']') - resp = requests.get('https://raw.githubusercontent.com/MC874/wsee/main/.wsee/VERSION') + resp = requests.get('https://raw.githubusercontent.com/MC874/wsee/main/VERSION') if parse_version(resp.text) > parse_version("1.10.0"): print('[' + colors.GREEN_BG + ' Update Available ' + colors.ENDC + ']') print('1) Ignore Update') print('2) Apply Update') - opt=input(' Choose : ') - if str(ans)=='2': + ans=input(' Choose : ') + if ans=='2': os.remove('wsee.py') upd = requests.get('https://raw.githubusercontent.com/MC874/wsee/main/wsee.py') with open('wsee.py', 'a') as pd: @@ -99,20 +101,6 @@ def checker(): return def option(): - if (switch['proto']=='0') or (switch['proto']=='1'): - payloads['Scheme']='wss' - payloads['Conn']='Upgrade' - payloads['Key']='dXP3jD9Ipw0B2EmWrMDTEw==' - payloads['Acc']='GLWt4W8Ogwo6lmX9ZGa314RMRr0=' - payloads['Ver']='13' - payloads['Grade']='websocket' - elif (switch['proto']=='2') or (switch['proto']=='3'): - payloads['Scheme']='h2' - payloads['Conn']='Upgrade, HTTP2-Settings' - payloads['Key']='' - payloads['Acc']='' - payloads['Ver']='' - payloads['Grade']='h2' if switch['rot']=='1': print('[' + colors.RED_BG + ' Input your Proxy ' + colors.ENDC + ']') prox = input(' Proxy : ') @@ -128,31 +116,30 @@ def option(): return def doma(): - global frontdom print('1. Custom Domain') print('2. Default CloudFront') print('3. Default CloudFlare') print('Q to Quit') print('M to Menu') print('') - ansi=input(' Choose Option : ').lower() + ans=input(' Choose Option : ').lower() print('') - if str(ansi)=='1': + if ans=='1': domain=input(' Domain : ') payloads['Host']=f'{domain}' - elif str(ansi)=='2': + elif ans=='2': payloads['Host']=f'{cfront_domain}' - elif str(ansi)=='3': + elif ans=='3': payloads['Host']=f'{cflare_domain}' - elif str(ansi)=='q': + elif ans=='q': exit() - elif str(ansi)=='m': + elif ans=='m': menu() else: print('['+colors.RED_BG+' GGRRR! ' + colors.ENDC + '] Invalid INPUT!' ) print('') menu() - frontdom = str(payloads['Host']) + frontdom = payloads['Host'] print('['+colors.GREEN_BG + f' {frontdom} '+ colors.ENDC + '] Selected as Domain Fronting!') print('['+colors.RED_BG+' Warning! ' + colors.ENDC + '] : [' + colors.RED_BG + ' INVALID ' + colors.ENDC + '] Domain Will Give 0 Result!' ) print('') @@ -164,6 +151,7 @@ def filet(): print('2. Check Files in Current Folder') print('3. Check Files in Termux Host') print('4. Check Files in Termux') + print('5. Custom Path') print('q to Quit') print('m to Menu') print('') @@ -180,6 +168,10 @@ def filet(): elif ans=='4': files = os.listdir('./storage/shared/') switch['dir']='3' + elif ans=='5': + path = input(' Input your Folder: ') + files = os.listdir(path) + switch['dir']='4' elif ans=='q': exit() elif ans=='m': @@ -203,7 +195,7 @@ def filet(): if fileselector.isdigit(): print('') print(' Target Chosen : ' + colors.RED_BG + ' '+txtfiles[int(fileselector)-1]+' '+colors.ENDC) - direct = str(switch['dir']) + direct = switch['dir'] if direct == '0': file_hosts = str(hostpath) +'/'+ str(txtfiles[int(fileselector)-1]) elif direct == '1': @@ -212,6 +204,8 @@ def filet(): file_hosts = './storage/shared/' + str(hostpath) +'/'+ str(txtfiles[int(fileselector)-1]) elif direct == '3': file_hosts = './storage/shared/' + str(txtfiles[int(fileselector)-1]) + elif direct == '4': + file_hosts = path switch['loc']=file_hosts else: menu() @@ -219,28 +213,29 @@ def filet(): def executor(): with Manager() as manager: - global Faily, Resultee, appendix + global Faily, Resultee, appendix, Run procount = cpu_count() appendix = Queue() Faily=Value('i',0) Resultee=Value('d',0) + Run = Value('f', 1) def filement(): - pinger() - if switch['type']=='txt': - with open(switch['loc'], 'r') as f: - for liner in f: - appendix.put(liner.strip()) - elif switch['type']=='csv': - with open(switch['loc'], 'r') as f: - reader = csv.reader(csv_file) - for row in reader: - for (i,v) in enumerate(row): - columns[i].append(v) - appendix.put(columns[9]+columns[3]) - elif switch['type']=='enum': - apppendix.put(domainlist) - for i in range(procount): - appendix.put('ENDED') + if Run.value: + if switch['type']=='txt': + with open(switch['loc'], 'r') as f: + for liner in f: + appendix.put(liner.strip()) + elif switch['type']=='csv': + with open(switch['loc'], 'r') as f: + reader = csv.reader(csv_file) + for row in reader: + for (i,v) in enumerate(row): + columns[i].append(v) + appendix.put(columns[9]+columns[3]) + elif switch['type']=='enum': + apppendix.put(domainlist) + for i in range(procount): + appendix.put('ENDED') filament = Thread(target=filement) filament.start() pingu = Thread(target=pinger) @@ -263,7 +258,6 @@ def filement(): return def uinput(): - global Faily, Resultee print('') print('Scanning Finished!') print('1. Go Back to Menu') @@ -286,7 +280,7 @@ def uinput(): menu() def hacki(): - global domainlist, subd + global domainlist subd = input('\nInput Domain: ') subd = subd.replace('https://','').replace('http://','') r = requests.get('https://api.hackertarget.com/hostsearch/?q=' + subd, allow_redirects=False) @@ -305,38 +299,52 @@ def engine(appendix,Resultee,Faily): else: try: pinger() - cont = ssl.create_default_context() - cipher = (':ECDHE-RSA-AES128-GCM-SHA256:DES-CBC3-SHA:AES256-SHA:AES128-SHA:AES128-SHA256:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-DES-CBC3:EDH-RSA-DES-CBC3:EECDH+AESGCM:EDH-RSA-DES-CBC3-SHA:EDH-AESGCM:AES256+EECDH:ECHDE-RSA-AES256-GCM-SHA384:ECHDE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECHDE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-A$:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK') - cont.set_ciphers(cipher) sock = socket.socket() if switch['crt']=='1': - if switch['rot']=='1': - sock = cont.wrap_socket(sock, server_hostname = onliner) - sock.connect((f'{payloads["Proxy"]}', 443)) - elif switch['rot']=='2': + print('Using SSL') + cont = ssl.create_default_context() + cont.set_ciphers(cipher) + sock = cont.wrap_socket(sock, server_hostname = onliner) + sock.connect((onliner, 443)) + if switch['rot']=='2': + print('Route to Rotate 2') + print('Rotate 2 Proxy') sock = cont.wrap_socket(sock, server_hostname = f'{payloads["SNI"]}') sock.connect((onliner, 443)) - elif switch['rot']=='0': - sock = cont.wrap_socket(sock, server_hostname = onliner) - sock.connect((onliner, 443)) - if (switch['proto']=='0') or (switch['proto']=='2'): - if switch['rot']=='2': - sock.sendall(bytes(f'GET {payloads["Scheme"]}://{payloads["SNI"]}/ HTTP/1.1\r\nHost: {payloads["Host"]}\r\nUpgrade: {payloads["Grade"]}\r\nConnection: {payloads["Conn"]}\r\nSec-WebSocket-Key: {payloads["Key"]}\r\nSec-WebSocket-Version: {payloads["Ver"]}\r\nSec-Websocket-Accept: {payloads["Acc"]}\r\nHTTP2-Settings: \r\n\r\n', encoding='utf-8')) - else: - sock.sendall(bytes(f'GET {payloads["Scheme"]}://{onliner}/ HTTP/1.1\r\nHost: {payloads["Host"]}\r\nUpgrade: {payloads["Grade"]}\r\nConnection: {payloads["Conn"]}\r\nSec-WebSocket-Key: {payloads["Key"]}\r\nSec-WebSocket-Version: {payloads["Ver"]}\r\nSec-Websocket-Accept: {payloads["Acc"]}\r\nHTTP2-Settings: \r\n\r\n', encoding='utf-8')) - elif (switch['proto']=='1') or (switch['proto']=='3'): - print('Proto 3 - 1') - if switch['rot']=='2': - sock.sendall(bytes(f'GET {payloads["Scheme"]}://{payloads["SNI"]}/ HTTP/1.1\r\nHost: {onliner}\r\nUpgrade: {payloads["Grade"]}\r\nConnection: {payloads["Conn"]}\r\nSec-WebSocket-Key: {payloads["Key"]}\r\nSec-WebSocket-Version: {payloads["Ver"]}\r\nSec-Websocket-Accept: {payloads["Acc"]}\r\nHTTP2-Settings: \r\n\r\n', encoding='utf-8')) - else: - sock.sendall(bytes(f'GET {payloads["Scheme"]}://{onliner}/ HTTP/1.1\r\nHost: {onliner}\r\nUpgrade: {payloads["Grade"]}\r\nConnection: {payloads["Conn"]}\r\nSec-WebSocket-Key: {payloads["Key"]}\r\nSec-WebSocket-Version: {payloads["Ver"]}\r\nSec-Websocket-Accept: {payloads["Acc"]}\r\nHTTP2-Settings: \r\n\r\n', encoding='utf-8')) + if switch['proto']=='2': + print('Proto 2 H2 CDN') + sock.sendall(bytes(f'GET h2c://{payloads["SNI"]}/ HTTP/1.1\r\nHost: {payloads["Host"]}\r\nUpgrade: h2c\r\nConnection: Upgrade, HTTP2-Settings\r\nHTTP2-Settings: {base64.encode(payloads["SNI"])}\r\n\r\n', encoding='utf-8')) + elif switch['proto']=='0': + print('Proto 0 WS CDN') + sock.sendall(bytes(f'GET wss://{payloads["SNI"]}/ HTTP/1.1\r\nHost: {payloads["Host"]}\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Key: dXP3jD9Ipw0B2EmWrMDTEw==\r\nSec-Websocket-Version: 13\r\nSec-Websocket-Accept: GLWt4W8Ogwo6lmX9ZGa314RMRr0=\r\nSec-WebSocket-Extensions: superspeed\r\nOrigin: https://{payloads["SNI"]}\r\nPragma: no-cache\r\n\r\n', encoding='utf-8')) + if 0 <= int(switch['rot']) < 1: + print('Route to Rotate 0/1') + if switch['rot']=='0': + sock = cont.wrap_socket(sock, server_hostname = onliner) + sock.connect((onliner, 443)) + elif switch['rot']=='1': + print('Rotate 1 Host') + sock = cont.wrap_socket(sock, server_hostname = onliner) + sock.connect((payloads["Proxy"], 443)) + print('Route to Normal') + if switch['proto']=='2': + print('Proto 2 H2 CDN') + sock.sendall(bytes(f'GET h2c://{onliner}/ HTTP/1.1\r\nHost: {payloads["Host"]}\r\nUpgrade: h2c\r\nConnection: Upgrade, HTTP2-Settings\r\nHTTP2-Settings: {base64.encode(onliner)}\r\n\r\n', encoding='utf-8')) + elif switch['proto']=='0': + print('Proto 0 WS CDN') + sock.sendall(bytes(f'GET wss://{onliner}/ HTTP/1.1\r\nHost: {payloads["Host"]}\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Key: dXP3jD9Ipw0B2EmWrMDTEw==\r\nSec-Websocket-Version: 13\r\nSec-Websocket-Accept: GLWt4W8Ogwo6lmX9ZGa314RMRr0=\r\nSec-WebSocket-Extensions: superspeed\r\nOrigin: https://{onliner}\r\nPragma: no-cache\r\n\r\n', encoding='utf-8')) elif switch['crt']=='0': - print('Using Direct/Proxy') - sock.connect((f'{onliner}', 80)) - if (switch['proto']=='0') or (switch['proto']=='2'): - sock.sendall(bytes(f'GET / HTTP/1.1\r\nHost: {payloads["Host"]}\r\nUpgrade: {payloads["Grade"]}\r\nConnection: {payloads["Conn"]}\r\nSec-WebSocket-Key: {payloads["Key"]}\r\nSec-WebSocket-Version: {payloads["Ver"]}\r\nSec-Websocket-Accept: {payloads["Acc"]}\r\nHTTP2-Settings: \r\n\r\n', encoding='utf-8')) - elif (switch['proto']=='1') or (switch['proto']=='3'): - sock.sendall(bytes(f'GET / HTTP/1.1\r\nHost: {onliner}\r\nUpgrade: {payloads["Grade"]}\r\nConnection: {payloads["Conn"]}\r\nSec-WebSocket-Key: {payloads["Key"]}\r\nSec-WebSocket-Version: {payloads["Ver"]}\r\nSec-Websocket-Accept: {payloads["Acc"]}\r\nHTTP2-Settings: \r\n\r\n', encoding='utf-8')) + sock.connect((onliner, 80)) + if switch['proto']=='2': + sock.sendall(bytes(f'GET / HTTP/1.1\r\nHost: {payloads["Host"]}\r\nUpgrade: h2c\r\nConnection: Upgrade, HTTP2-Settings\r\nHTTP2-Settings: {base64.encode(payloads["Host"])}\r\n\r\n', encoding='utf-8')) + elif switch['proto']=='0': + sock.sendall(bytes(f'GET / HTTP/1.1\r\nHost: {payloads["Host"]}\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Key: dXP3jD9Ipw0B2EmWrMDTEw==\r\nSec-Websocket-Version: 13\r\nSec-Websocket-Accept: GLWt4W8Ogwo6lmX9ZGa314RMRr0=\r\nSec-WebSocket-Extensions: superspeed\r\nOrigin: http://{payloads["Host"]}\r\nPragma: no-cache\r\n\r\n', encoding='utf-8')) + if switch['proto']=='3': + sock.sendall(bytes(f'GET / HTTP/1.1\r\nHost: {onliner}\r\nUpgrade: h2c\r\nConnection: Upgrade, HTTP2-Settings\r\nHTTP2-Settings: {base64.encode(onliner)}\r\n\r\n', encoding='utf-8')) + elif switch['proto']=='1': + sock.sendall(bytes(f'GET / HTTP/1.1\r\nHost: {onliner}\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Key: dXP3jD9Ipw0B2EmWrMDTEw==\r\nSec-Websocket-Version: 13\r\nSec-Websocket-Accept: GLWt4W8Ogwo6lmX9ZGa314RMRr0=\r\nSec-WebSocket-Extensions: superspeed\r\nOrigin: https://{onliner}\r\nPragma: no-cache\r\n\r\n', encoding='utf-8')) + elif 4 <= int(switch['proto']) < 5: + sock.sendall(bytes(f'GET / HTTP/1.1\r\nHost: {onliner}\r\nAccept: */*\r\nAccept-Encoding: *\r\nAccept-Language: *\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36\r\n\r\n', encoding='utf-8')) sock.settimeout(5) sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) line = str(sock.recv(13)) @@ -346,13 +354,24 @@ def engine(appendix,Resultee,Faily): with Faily.get_lock(): Faily.value +=1 else: - if int(resu[0]) == expected_response: - print(' ['+colors.GREEN_BG+' HIT '+colors.ENDC+'] ' + onliner+ ' [' +colors.GREEN_BG+' ' + str(resu[0]) + ' '+colors.ENDC+']') - print(onliner, file=open(f'{switch["nametag"]}.txt', 'a')) - with Resultee.get_lock(): - Resultee.value +=1 - elif int(resu[0]) != expected_response: - print(' ['+colors.RED_BG+' FAIL '+colors.ENDC+'] ' + onliner + ' [' +colors.RED_BG+' ' + str(resu[0]) + ' '+colors.ENDC+']') + if 0 <= int(switch['proto']) < 3: + if int(resu[0]) == expected_response: + print(' ['+colors.GREEN_BG+' HIT '+colors.ENDC+'] ' + onliner+ ' [' +colors.GREEN_BG+' ' + str(resu[0]) + ' '+colors.ENDC+']') + print(onliner, file=open(f'{output}/{switch["nametag"]}.txt', 'a')) + with Resultee.get_lock(): + Resultee.value +=1 + elif int(resu[0]) != expected_response: + print(' ['+colors.RED_BG+' FAIL '+colors.ENDC+'] ' + onliner + ' [' +colors.RED_BG+' ' + str(resu[0]) + ' '+colors.ENDC+']') + with Faily.get_lock(): + Faily.value +=1 + else: + if int(resu[0]) == 200: + print(' ['+colors.GREEN_BG+' HIT '+colors.ENDC+'] ' + onliner+ ' [' +colors.GREEN_BG+' ' + str(resu[0]) + ' '+colors.ENDC+']') + print(onliner, file=open(f'{output}/{switch["nametag"]}.txt', 'a')) + with Resultee.get_lock(): + Resultee.value +=1 + elif int(resu[0]) != 200: + print(' ['+colors.RED_BG+' FAIL '+colors.ENDC+'] ' + onliner + ' [' +colors.RED_BG+' ' + str(resu[0]) + ' '+colors.ENDC+']') with Faily.get_lock(): Faily.value +=1 sock.close() @@ -370,7 +389,6 @@ def engine(appendix,Resultee,Faily): Faily.value +=1 except Exception as e: print(e) - traceback.print_exc() pass def grabber(appendix,Resultee,Faily): @@ -405,7 +423,6 @@ def grabber(appendix,Resultee,Faily): Faily.value +=1 except Exception as e: print(e) - traceback.print_exc() print(' [' + colors.RED_BG+'Check Your ZGrab Installation!'+colors.ENDC+'] ' + onliner) menu() @@ -425,77 +442,79 @@ def menu(): print('1. CDN Websocket') print('2. Local Websocket') - print('3. H2C Socket') - print('4. Local H2C Socket') + print('3. CDN H2C') + print('4. Local H2C') + print('5. TLS/SSL') + print('6. Direct/Proxy') print('q to Quit') print('') ans=input(' Choose Option : ').lower() print('') global headers, switch - if str(ans)=='1': + if ans=='1': print('1. CDN SSL') - print('2. CDN SSL IP Rotate') + print('2. CDN SSL Proxy Rotate') print('3. CDN SSL Host Rotate') print('4. CDN Direct') print('q to Quit') print('m to Menu') print('') - ansi=input(' Choose Option : ').lower() + ans=input(' Choose Option : ').lower() print('') switch['bloc']='0' switch['proto']='0' - if str(ansi)=='1': + if ans=='1': switch['crt']='1' switch['rot']='0' - elif str(ansi)=='2': + elif ans=='2': switch['crt']='1' switch['rot']='2' - elif str(ansi)=='3': + elif ans=='3': switch['crt']='1' switch['rot']='1' - elif str(ansi)=='4': + elif ans=='4': switch['crt']='0' switch['rot']='0' - elif str(ansi)=='q': + elif ans=='q': exit() - elif str(ansi)=='m': + elif ans=='m': menu() else: print('['+colors.RED_BG+' GGRRR! ' + colors.ENDC + '] Invalid INPUT!' ) print('') menu() - elif str(ans)=='2': + elif ans=='2': print('1. Local SSL') print('2. Local Direct') print('3. Local SSL ZGrab') print('4. Local Direct ZGrab') print('q to Quit') print('') - ansi=input(' Choose Option : ').lower() + ans=input(' Choose Option : ').lower() print('') switch['rot']='0' switch['proto']='1' - if str(ansi)=='1': + if ans=='1': switch['bloc']='0' switch['crt']='1' - elif str(ansi)=='2': + elif ans=='2': switch['bloc']='0' switch['crt']='0' - elif str(ansi)=='3': + elif ans=='3': switch['bloc']='1' switch['crt']='1' - elif str(ansi)=='4': + elif ans=='4': switch['bloc']='1' switch['crt']='0' - elif str(ansi)=='q': + elif ans=='q': exit() - elif str(ansi)=='m': + elif ans=='m': menu() else: print('['+colors.RED_BG+' GGRRR! ' + colors.ENDC + '] Invalid INPUT!' ) print('') menu() - elif str(ans)=='3': + elif ans=='3': print('1. H2 SSL') print('2. H2 SSL IP Rotate') print('3. H2 SSL Host Rotate') @@ -503,30 +522,30 @@ def menu(): print('q to Quit') print('m to Menu') print('') - ansi=input(' Choose Option : ').lower() + ans=input(' Choose Option : ').lower() print('') switch['bloc']='0' switch['proto']='2' - if str(ansi)=='1': + if ans=='1': switch['crt']='1' switch['rot']='0' - elif str(ansi)=='2': + elif ans=='2': switch['rot']='2' - elif str(ansi)=='3': + elif ans=='3': switch['crt']='1' switch['rot']='1' - elif str(ansi)=='4': + elif ans=='4': switch['crt']='0' switch['rot']='0' - elif str(ansi)=='q': + elif ans=='q': exit() - elif str(ansi)=='m': + elif ans=='m': menu() else: print('['+colors.RED_BG+' GGRRR! ' + colors.ENDC + '] Invalid INPUT!' ) print('') menu() - elif str(ans)=='4': + elif ans=='4': print('1. Local H2C SSL') print('2. Local H2C Direct') print('3. Local H2C SSL ZGrab') @@ -534,42 +553,53 @@ def menu(): print('m to Menu') print('q to Quit') print('') - ansi=input(' Choose Option : ') + ans=input(' Choose Option : ') print('') switch['rot']='0' switch['proto']='3' - if str(ansi)=='1': + if ans=='1': switch['bloc']='0' switch['crt']='1' - elif str(ansi)=='2': + elif ans=='2': switch['bloc']='0' switch['crt']='0' - elif str(ansi)=='3': + elif ans=='3': switch['bloc']='1' switch['crt']='1' - elif str(ansi)=='4': + elif ans=='4': switch['bloc']='1' switch['crt']='0' - elif str(ansi)=='q': + elif ans=='q': exit() - elif str(ansi)=='m': + elif ans=='m': menu() else: print('['+colors.RED_BG+' GGRRR! ' + colors.ENDC + '] Invalid INPUT!' ) print('') menu() - elif str(ans)=='q': + elif ans=='4': + switch['proto']='4' + switch['bloc']='0' + switch['crt']='1' + switch['rot']='0' + elif ans=='5': + switch['proto']='5' + switch['bloc']='0' + switch['crt']='0' + switch['rot']='0' + elif ans=='q': exit() print('1. Scan File (.txt)') print('2. Scan Online (HackerTarget)') + print('3. CloudFlare CIDR') + print('4. CloudFront CIDR') print('Q to Quit') print('M to Menu') print('') - opsi=input(' Choose Option : ').lower() + ans=input(' Choose Option : ').lower() print('') - if str(opsi)=='1': + if ans=='1': def text(): - global tag if (switch['proto']=='0') or (switch['proto']=='2'): doma() filet() @@ -578,9 +608,8 @@ def text(): uinput() text() text() - elif str(opsi)=='2': + elif ans=='2': def enum(): - global tag if (switch['proto']=='0') or (switch['proto']=='2'): doma() hacki() @@ -589,9 +618,9 @@ def enum(): uinput() enum() enum() - elif str(opsi)=='m': + elif ans=='m': menu() - elif str(opsi)=='q': + elif ans=='q': exit() else: print('['+colors.RED_BG+' GGRRR! ' + colors.ENDC + '] Invalid INPUT!' ) @@ -600,7 +629,7 @@ def enum(): if __name__ == '__main__': os.chdir(dirname(abspath(__file__))) - if not os.path.exists(hostpath): - os.makedirs(hostpath) + if not os.path.exists(output): + os.makedirs(output) checker() menu() \ No newline at end of file diff --git a/wseye.py b/wseye.py index 1934376..c948662 100644 --- a/wseye.py +++ b/wseye.py @@ -28,7 +28,6 @@ import os, fnmatch from time import sleep from threading import Thread -from netaddr import IPNetwork from collections import defaultdict from os.path import abspath, dirname from pkg_resources import parse_version @@ -594,8 +593,6 @@ def menu(): print('2. Scan Online (HackerTarget)') print('3. CloudFlare CIDR') print('4. CloudFront CIDR') - print('5. Telkomsel CIDR') - print('6. XL Axiata CIDR') print('Q to Quit') print('M to Menu') print('') @@ -625,8 +622,6 @@ def enum(): menu() elif ans=='q': exit() - elif 3 <= int(ans) < 6: - print(' [' + colors.RED_BG + ' This Feature is not Implemented yet... ' + colors.ENDC + '] ') else: print('['+colors.RED_BG+' GGRRR! ' + colors.ENDC + '] Invalid INPUT!' ) print('')