-
Notifications
You must be signed in to change notification settings - Fork 13
/
dprog
executable file
·144 lines (129 loc) · 6.46 KB
/
dprog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
#!/usr/bin/python3
import requests, datetime, os, random, json, argparse, re, sys
from multiprocessing.dummy import Pool
from requests.exceptions import *
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from colorama import init, Fore
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
init()
class dProgs:
def __init__(self, options):
self.options = options
script_dir = os.path.dirname(os.path.abspath(__file__))
self.keybounty_path = os.path.join(script_dir, 'core/helper/regex.json')
self.pathbounty_path = os.path.join(script_dir, 'core/helper/path.txt')
self.keybounty = json.load(open(self.keybounty_path, "r", encoding="utf-8"))
self.pathbounty = [i.strip() for i in open(self.pathbounty_path).readlines()]
self.wordlists_path = options.wordlists_path
self.regex_patterns = options.regex if options.regex else []
self.reqexcpet = (ConnectionError, Timeout, ReadTimeout, TooManyRedirects, InvalidURL, ProxyError, HTTPError,
SSLError, ChunkedEncodingError)
self.radncolor = [Fore.RED, Fore.CYAN, Fore.WHITE, Fore.GREEN, Fore.YELLOW, Fore.BLUE]
self.date = datetime.datetime.now().date()
self.headers = {
'Connection': 'keep-alive',
'Cache-Control': 'max-age=0',
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Mobile Safari/537.36',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'en-US,en;q=0.9,fr;q=0.8',
}
self.output_folder = options.output if options.output else "results"
os.makedirs(self.output_folder, exist_ok=True)
self.load_wordlists()
if self.regex_patterns and isinstance(self.regex_patterns, str):
self.regex_patterns = self.regex_patterns.split(",")
def load_wordlists(self):
if self.wordlists_path:
with open(self.wordlists_path, "r", encoding="utf-8") as wordlists_file:
self.wordlists = [line.strip() for line in wordlists_file.readlines()]
else:
self.wordlists = self.pathbounty
def bannEr(self):
print(
"""{}
_//_/////// _// _// _//
_//_// _// _/ _// _//
_//_// _//_/ _/// _// _// _/ _//_//
_// _//_/////// _// _// _// _// _//_/// _/ _// _//
_/ _//_// _// _// _//_// _//_/ _//_// _//
_/ _//_// _// _// _// _// _//_/ _/_// _//
_// _//_// _/// _// _// _//// _// _// _//
_//
{}
{}
Start date: {}
""".format(random.choice(self.radncolor), "Detect Program Bug Bounty", "Mung nggo golet-golet, syukur nemu", self.date))
def get(self, domain):
try:
for xpath in self.wordlists:
full_url = "{}{}".format(domain, xpath).replace(" ", "")
getbody = requests.get(full_url, headers=self.headers, verify=not self.options.ignore_ssl,
allow_redirects=True, timeout=3)
if 400 <= getbody.status_code < 600:
if self.options.verbose:
print(Fore.RED + "[SKIPCHECK] " + Fore.RESET + full_url + Fore.RED + " Not Found " + Fore.RESET)
else:
self.checkKeyonResponse(getbody.text, full_url)
except self.reqexcpet as e:
pass
except KeyboardInterrupt:
print(f"CTRL+C Detect, Exit!")
exit()
def checkKeyonResponse(self, body, domain):
try:
for _data in self.keybounty["data"]:
findkey = re.compile(_data["regex"], re.IGNORECASE)
output = findkey.findall(str(body))
if len(output) > 0:
print("\n" + Fore.GREEN + "[POSSBOUNTY] " + Fore.RESET + domain + Fore.GREEN + " ( " + _data[
"name"] + " | " + str(output) + " )" + Fore.RESET)
datares = "\nFOUND=" + str(','.join(output)) + "\n" + domain
output_filename = os.path.join(self.output_folder, "found_" + _data["file"])
with open(output_filename, "a+") as saveres:
saveres.write(datares + "\n")
else:
if self.options.verbose:
print(Fore.RED + "[NOTFOUND] " + Fore.RESET + domain + Fore.RED + " ( " + _data[
"name"] + " | NULL )" + Fore.RESET)
except KeyboardInterrupt:
print(f"CTRL+C Detect, Exit!")
exit()
def req(self, domain):
try:
self.get(domain)
except self.reqexcpet as e:
pass
except KeyboardInterrupt:
print(f"CTRL+C Detect, Exit!")
exit()
def main():
parser = argparse.ArgumentParser(description="Detect Program Bug Bounty")
parser.add_argument('-l', '--list', type=str, help='Specify a list of URLs')
parser.add_argument('-u', '--url', type=str, help='Specify a single URL')
parser.add_argument('-o', '--output', type=str, help='Specify the output file')
parser.add_argument('-is', '--ignore-ssl', action='store_true', help='Ignore SSL certificate warnings')
parser.add_argument('-t', '--thread', type=int, default=10, help='Number of threads (default: 10)')
parser.add_argument('-v', '--verbose', action='store_true', help='Enable verbose output')
parser.add_argument('-w', '--wordlists-path', type=str, help='Specify the path to wordlists file')
parser.add_argument('-r', '--regex', type=str, help='Specify one or more regex patterns for keyword matching')
args = parser.parse_args()
dProgsInstance = dProgs(args)
dProgsInstance.bannEr()
if args.list:
yourls = [i.strip() for i in open(args.list).readlines()]
elif args.url:
yourls = [args.url]
elif not sys.stdin.isatty():
yourls = [i.strip() for i in sys.stdin.readlines()]
else:
exit()
rpm = Pool(args.thread)
try:
rpm.map(dProgsInstance.req, yourls)
except KeyboardInterrupt:
print("CTRL+C Detect, Exit!")
exit()
if __name__ == '__main__':
main()