1 1 # Standard library modules 2 - import base64 3 2 import binascii 4 - import concurrent 5 - import hashlib 6 - import html 7 - import json 8 - import os 9 - import platform 10 3 import sys 11 4 12 5 # Third-party modules 13 6 import click 14 - import ipaddress 15 7 import ipwhois 16 8 import paramiko 17 9 import requests skipped 7 lines 25 17 from kitsec.cli.cve import query_cve 26 18 from kitsec.cli.enumerator import apply_enumerator 27 19 from kitsec.cli.fuzz import apply_file_format_fuzz, apply_path_fuzz 28 - from kitsec.cli.network import (apply_capture , apply_cidr , apply_disturb , apply_storm , 29 - apply_scan_ports, apply_check_certificate) 20 + from kitsec.cli.network import ( 21 + apply_capture, 22 + apply_cidr, 23 + apply_disturb, 24 + apply_storm, 25 + apply_scan_ports, 26 + apply_check_certificate) 30 27 from kitsec.cli.dependencies import install_dependencies 31 28 from kitsec.cli.utils import apply_transformation 32 29 33 30 34 - 35 - 36 - 37 - 38 - #todo: run kitsec from any directory 31 + # todo: run kitsec from any directory 39 32 40 33 @click.group() 41 34 def cli(): 42 35 """ 43 36 KitSec - A CLI tool for security testing and reconnaissance. 44 37 """ 45 - pass 38 + 46 39 47 40 @click.command() 48 41 def deps(): skipped 6 lines 55 48 56 49 57 50 @click.command() 58 - @click.option('--host', prompt='Enter the IP address of the VPS server to connect to') 59 - @click.option('--username', prompt='Enter the limited user account to use for connecting to the VPS server') 60 - @click.option('--password', prompt='Enter the password for the user account', hide_input=True) 51 + @click.option('--host', 52 + prompt='Enter the IP address of the VPS server to connect to') 53 + @click.option('--username', 54 + prompt='Enter the limited user account to use for connecting to the VPS server') 55 + @click.option('--password', 56 + prompt='Enter the password for the user account', 57 + hide_input=True) 61 58 def vps(host, username, password): 62 59 """ 63 60 Connects to a remote server using SSH and logs in as the specified user. skipped 20 lines 84 81 client.close() 85 82 86 83 87 - 88 84 @click.command() 89 85 @click.argument('url') 90 86 def capture(url): skipped 1 lines 92 88 Captures the request headers for a given URL. 93 89 """ 94 90 apply_capture(url) 91 + 95 92 96 93 @click.command() 97 94 @click.argument('url') skipped 4 lines 102 99 """ 103 100 hostname = url.split('//')[-1].split('/')[0] 104 101 apply_check_certificate(hostname) 102 + 105 103 106 104 @click.command() 107 105 @click.argument('data') 108 - @click.option('--type', '-t', 'transformation_type', type=click.Choice(['URL', 'HTML', 'Base64', 'ASCII', 'Hex', 'Octal', 'Binary', 'MD5', 'SHA1', 'SHA256', 'BLAKE2B-160', 'GZIP']), default='Base64', help='The type of transformation to apply to the input data.') 106 + @click.option('--type', 107 + '-t', 108 + 'transformation_type', 109 + type=click.Choice(['URL', 110 + 'HTML', 111 + 'Base64', 112 + 'ASCII', 113 + 'Hex', 114 + 'Octal', 115 + 'Binary', 116 + 'MD5', 117 + 'SHA1', 118 + 'SHA256', 119 + 'BLAKE2B-160', 120 + 'GZIP']), 121 + default='Base64', 122 + help='The type of transformation to apply to the input data.') 109 123 @click.help_option('--help', '-h') 110 124 def convert(data, transformation_type): 111 125 """ 112 126 Applies a specified decoding or hashing function to input data. 113 127 """ 114 128 try: 115 - result = apply_transformation(data . encode ( ' utf - 8 ' ) , transformation_type ) 129 + result = apply_transformation( 130 + data.encode('utf-8'), transformation_type) 116 131 except Exception as e: 117 132 click.echo(f"Error: {str(e)}") 118 133 sys.exit(1) skipped 1 lines 120 135 click.echo(result) 121 136 122 137 123 - 124 138 @click.command() 125 - @click.option('--request', '-r', is_flag=True, default=False, help = ' Test subdomains and print http response for active ones . ' ) 126 - @click.option('--technology', '-t', is_flag=True, default=False, help='Analyze technology used by subdomains.') 139 + @click.option('--request', '-r', is_flag=True, default=False, 140 + help='Test subdomains and print http response for active ones.') 141 + @click.option('--technology', '-t', is_flag=True, default=False, 142 + help='Analyze technology used by subdomains.') 127 143 @click.argument('domain') 128 - @click.option('-h', '--help', 'display_help', is_flag=True, help = ' Display this help message ' ) 144 + @click.option('-h', '--help', 'display_help', is_flag=True, 145 + help='Display this help message') 129 146 def enumerator(request, technology, domain, display_help): 130 147 """ 131 148 Enumerate subdomains for a given domain. skipped 4 lines 136 153 apply_enumerator(request=request, technology=technology, domain=domain) 137 154 138 155 139 - 140 156 @click.command() 141 157 @click.argument('url', required=True) 142 158 @click.option('-m', '--method', default='GET', help='HTTP method to use') 143 - @click.option('-p', '--payload', default='', help = ' Payload to include in the request body ' ) 144 - @click.option('-H', '--headers', default='', help='Headers to include in the request') 145 - @click.option('-c ', '--cookies ', default='', help = ' Cookies to include in the request ' ) 146 - @click.option('-n', '--count', default=1, type=int, help='Number of times to repeat the request') 159 + @click.option('-p', '--payload', default='', 160 + help='Payload to include in the request body') 161 + @click.option('-H ', '--headers ', default='', 162 + help='Headers to include in the request') 163 + @click.option('-c', '--cookies', default='', 164 + help='Cookies to include in the request') 165 + @click.option('-n', '--count', default=1, type=int, 166 + help='Number of times to repeat the request') 147 167 @click.option('--show-help', '-h', is_flag=True, help='Show help message.') 148 168 def disturb(url, method, payload, headers, cookies, count, show_help): 149 169 """ skipped 4 lines 154 174 else: 155 175 responses = disturb(url, method, payload, headers, cookies, count) 156 176 for i, response in enumerate(responses): 157 - click.echo(f'Response {i + 1}: {response.status_code} - {response.reason}') 158 - 177 + click.echo( 178 + f'Response {i + 1}: {response.status_code} - {response.reason}') 159 179 160 180 161 181 @click.command() 162 182 @click.argument('url') 163 - @click.option('--num-attacks', '-a', type=int, default=6, help = ' Number of parallel threats to send requests from . ' ) 164 - @click.option('--num-requests', '-r', type=int, default=200, help='Number of requests to send from each threat.') 165 - @click.option('--num-retries ', '-y ', type=int, default=4 , help = ' Number of times to retry failed requests . ' ) 166 - @click.option('--pause-before-retry', '-p', type=int, default=3000, help='Number of milliseconds to wait before retrying a failed request.') 167 - @click.option('-h', '--help', 'display_help', is_flag=True, help='Display this help message') 168 - def storm(url, num_attacks, num_requests, num_retries, pause_before_retry, display_help): 183 + @click.option('--num-attacks', '-a', type=int, default=6, 184 + help='Number of parallel threats to send requests from.') 185 + @click.option('--num-requests ', '-r ', type=int, default=200 , 186 + help='Number of requests to send from each threat.') 187 + @click.option('--num-retries', '-y', type=int, default=4, 188 + help='Number of times to retry failed requests.') 189 + @click.option('--pause-before-retry', '-p', type=int, default=3000, 190 + help='Number of milliseconds to wait before retrying a failed request.') 191 + @click.option('-h', '--help', 'display_help', is_flag=True, 192 + help='Display this help message') 193 + def storm( 194 + url, 195 + num_attacks, 196 + num_requests, 197 + num_retries, 198 + pause_before_retry, 199 + display_help): 169 200 """ 170 201 Sends HTTP requests to a given URL with a specified number of threats and requests. 171 202 """ 172 203 if display_help: 173 204 click.echo(storm.get_help(click.Context(storm))) 174 205 else: 175 - results = apply_storm(url, num_attacks, num_requests, num_retries, pause_before_retry) 206 + results = apply_storm( 207 + url, 208 + num_attacks, 209 + num_requests, 210 + num_retries, 211 + pause_before_retry) 176 212 click.echo(results) 177 213 178 214 179 215 @click.command() 180 216 @click.argument('url') 181 - @click.option('-c', '--common-ports', is_flag=True, help = ' Scan only the most common HTTP ports ( 80 , 8080 , and 443 ) ' ) 217 + @click.option('-c', '--common-ports', is_flag=True, 218 + help='Scan only the most common HTTP ports (80, 8080, and 443)') 182 219 def portscan(url, common_ports): 183 220 """ 184 221 Performs a TCP port scan on a specified hostname or URL and a range of ports. skipped 6 lines 191 228 192 229 @click.command() 193 230 @click.argument('base_url') 194 - @click.option('-f', '--file-fuzz', is_flag=True, help = ' Use file format fuzzing ' ) 231 + @click.option('-f', '--file-fuzz', is_flag=True, 232 + help='Use file format fuzzing') 195 233 @click.option('-p', '--path-fuzz', is_flag=True, help='Use path fuzzing') 196 234 @click.help_option('--help', '-h') 197 235 def fuzz(base_url, file_fuzz, path_fuzz): skipped 25 lines 223 261 print("Please specify either --file-fuzz or --path-fuzz.") 224 262 225 263 226 - 227 264 @click.command() 228 265 @click.argument('company_name') 229 266 @click.help_option('--help', '-h') skipped 7 lines 237 274 238 275 @click.command() 239 276 @click.argument('product_name') 240 - @click.option('--limit', '-l', type=int, default=10, help = ' Number of results to display ( default = 10 ) ' ) 277 + @click.option('--limit', '-l', type=int, default=10, 278 + help='Number of results to display (default=10)') 241 279 @click.help_option('--help', '-h') 242 280 def cve(product_name, limit): 243 281 """ skipped 19 lines 263 301 264 302 if __name__ == '__main__': 265 303 cli() 304 +