Read first: Launching a Sandcat Task
HTTP Brute Force Example
This extension is part of the Pen-Tester Tools pack.
Launcher
HTTPAuthForce = {}
function HTTPAuthForce:load()
local html = Syhunt:getfile('Scripts/HTTPAuthForce.html')
tab:loadpagex('authforce',html,'HTTPAuthForce.ui')
local ui = self.ui
ui.url.value = tab.url
end
function HTTPAuthForce:start()
local ui = self.ui
local script = Syhunt:getfile('Scripts/HTTPAuthForceTask.lua')
local j = {}
j.userlistfile = ui.userlist.value
j.passlistfile = ui.passlist.value
if scop.file.exists(j.userlistfile) then
if scop.file.exists(j.passlistfile) then
j.method = ui.method.value
j.url = ui.url.value
tab:runtask(script,json.encode(j))
browser.options.showheaders = true
end
end
end
Task
task.caption = 'HTTP Brute Force'
userlist = scop.file.getcontents(params.userlistfile)
passlist = scop.file.getcontents(params.passlistfile)
url = params.url
method = params.method
found = false
http = scl.httprequest:new()
http.auth = 'Basic'
http.description = 'Auth Force Request'
u = scl.listparser:new()
u:load(userlist)
p = scl.listparser:new()
p:load(passlist)
print('Executing HTTP brute force...')
print('Target URL: '..url..'...')
while u:parsing() do
task:setprogress(u.curindex,u.count)
http.username = u.current
p:reset()
while p:parsing() do
http.password = p.current
http:open(method,url)
if http.status ~= 401 then
task:logrequest(http.requestinfo)
msg = 'Found: '..u.current..':'..p.current
found = true
printsuccess(msg)
p:stop()
end
end
end
u:release()
p:release()
http:release()
task.status = 'Done.'
if found == false then
printfailure('No passwords found.')
end
print(task.status)
CGI Scanner Example
This extension is part of the Pen-Tester Tools pack.
Launcher
CGIScanner = {}
function CGIScanner:load()
local html = Syhunt:getfile('Scripts/CGIScanner.html')
tab:loadpagex('cgiscanner',html,'CGIScanner.ui')
local ui = self.ui
ui.url.value = tab.url
end
function CGIScanner:start()
local ui = self.ui
local script = Syhunt:getfile('Scripts/CGIScannerTask.lua')
local j = {}
j.pathlistfile = ui.pathlist.value
if scop.file.exists(j.pathlistfile) then
j.method = ui.method.value
j.url = ui.url.value
tab:runtask(script,json.encode(j))
browser.options.showheaders = true
end
end
Task
task.caption = 'CGI Scanner'
pathlist = scop.file.getcontents(params.pathlistfile)
url = params.url
method = params.method
print('Starting CGI Scanner...')
print('Target URL: '..url)
print('Method: '..method)
print('Path list: '..params.pathlistfile)
http = scl.httprequest:new()
http.description = 'CGI Scanner Request'
p = scl.listparser:new()
p:load(pathlist)
while p:parsing() do
task:setprogress(p.curindex,p.count)
http:open(method,scop.url.combine(url,p.current))
if http.status == 200 then
task:logrequest(http.requestinfo)
printsuccess('Found: '..p.current)
end
end
p:release()
http:release()
task.status = 'Done.'
print(task.status)