Target handling updates.

Changed Target.type to be either 'ip' or 'hostname'. IP version is now stored in Target.ipversion.
Updated plugins to reflect this.

autorecon.py

@@ -25,8 +25,9 @@ class Pattern:
 
 class Target:
 
-	def __init__(self, address, type, autorecon):
+	def __init__(self, address, ipversion, type, autorecon):
 		self.address = address
+		self.ipversion = ipversion
 		self.type = type
 		self.autorecon = autorecon
 		self.basedir = ''
@@ -61,7 +62,7 @@ class Target:
 		if self.autorecon.args.nmap_append:
 			nmap_extra += ' ' + self.autorecon.args.nmap_append
 
-		if target.type == 'IPv6':
+		if target.ipversion == 'IPv6':
 			nmap_extra += ' -6'
 			addressv6 = '[' + addressv6 + ']'
 
@@ -155,7 +156,7 @@ class Service:
 		if protocol == 'udp':
 			nmap_extra += ' -sU'
 
-		if self.target.type == 'IPv6':
+		if self.target.ipversion == 'IPv6':
 			nmap_extra += ' -6'
 			addressv6 = '[' + addressv6 + ']'
 
@@ -973,7 +974,7 @@ async def service_scan(plugin, service):
 		if protocol == 'udp':
 			nmap_extra += ' -sU'
 
-		if service.target.type == 'IPv6':
+		if service.target.ipversion == 'IPv6':
 			nmap_extra += ' -6'
 			addressv6 = '[' + addressv6 + ']'
 
@@ -1170,7 +1171,7 @@ async def scan_target(target):
 			if protocol == 'udp':
 				nmap_extra += ' -sU'
 
-			if target.type == 'IPv6':
+			if target.ipversion == 'IPv6':
 				nmap_extra += ' -6'
 				addressv6 = '[' + addressv6 + ']'
 
@@ -1701,9 +1702,9 @@ async def main():
 				continue
 
 			if isinstance(ip, ipaddress.IPv4Address):
-				autorecon.pending_targets.append(Target(ip_str, 'IPv4', autorecon))
+				autorecon.pending_targets.append(Target(ip_str, 'IPv4', 'ip', autorecon))
 			elif isinstance(ip, ipaddress.IPv6Address):
-				autorecon.pending_targets.append(Target(ip_str, 'IPv6', autorecon))
+				autorecon.pending_targets.append(Target(ip_str, 'IPv6', 'ip', autorecon))
 			else:
 				fail('This should never happen unless IPv8 is invented.')
 		except ValueError:
@@ -1727,9 +1728,9 @@ async def main():
 							continue
 
 						if isinstance(ip, ipaddress.IPv4Address):
-							autorecon.pending_targets.append(Target(ip_str, 'IPv4', autorecon))
+							autorecon.pending_targets.append(Target(ip_str, 'IPv4', 'ip', autorecon))
 						elif isinstance(ip, ipaddress.IPv6Address):
-							autorecon.pending_targets.append(Target(ip_str, 'IPv6', autorecon))
+							autorecon.pending_targets.append(Target(ip_str, 'IPv6', 'ip', autorecon))
 						else:
 							fail('This should never happen unless IPv8 is invented.')
 
@@ -1747,7 +1748,7 @@ async def main():
 					if found:
 						continue
 
-					autorecon.pending_targets.append(Target(target, 'IPv4', autorecon))
+					autorecon.pending_targets.append(Target(target, 'IPv4', 'hostname', autorecon))
 				except socket.gaierror:
 					try:
 						addresses = socket.getaddrinfo(target, None, socket.AF_INET6)
@@ -1761,7 +1762,7 @@ async def main():
 						if found:
 							continue
 
-						autorecon.pending_targets.append(Target(target, 'IPv6', autorecon))
+						autorecon.pending_targets.append(Target(target, 'IPv6', 'hostname', autorecon))
 					except socket.gaierror:
 						error(target + ' does not appear to be a valid IP address, IP range, or resolvable hostname.')
 						errors = True

plugins/databases.py

@@ -24,7 +24,7 @@ class NmapMSSQL(ServiceScan):
 		self.match_service_name(['^mssql', '^ms\-sql'])
 
 	def manual(self, service, plugin_was_run):
-		if service.target.type == 'IPv4':
+		if service.target.ipversion == 'IPv4':
 			service.add_manual_command('(sqsh) interactive database shell:', 'sqsh -U <username> -P <password> -S {address}:{port}')
 
 	async def run(self, service):
@@ -41,7 +41,7 @@ class NmapMYSQL(ServiceScan):
 		self.match_service_name('^mysql')
 
 	def manual(self, service, plugin_was_run):
-		if service.target.type == 'IPv4':
+		if service.target.ipversion == 'IPv4':
 			service.add_manual_command('(sqsh) interactive database shell:', 'sqsh -U <username> -P <password> -S {address}:{port}')
 
 	async def run(self, service):
@@ -74,7 +74,7 @@ class OracleTNScmd(ServiceScan):
 		self.match_service_name('^oracle')
 
 	async def run(self, service):
-		if service.target.type == 'IPv4':
+		if service.target.ipversion == 'IPv4':
 			await service.execute('tnscmd10g ping -h {address} -p {port} 2>&1', outfile='{protocol}_{port}_oracle_tnscmd_ping.txt')
 			await service.execute('tnscmd10g version -h {address} -p {port} 2>&1', outfile='{protocol}_{port}_oracle_tnscmd_version.txt')
 

plugins/default-port-scan.py

@@ -27,7 +27,6 @@ class AllTCPPortScan(PortScan):
 	def __init__(self):
 		super().__init__()
 		self.name = "All TCP Ports"
-		self.type = 'tcp'
 		self.tags = ["default", "default-port-scan", "long"]
 
 	async def run(self, target):

plugins/dns.py

@@ -25,9 +25,10 @@ class DNSZoneTransfer(ServiceScan):
 
 	async def run(self, service):
 		if self.get_global('domain'):
-			await service.execute('dig AXFR -p {port} @{address} ' + self.get_global('domain'), outfile='{protocol}_{port}_dns_zone-transfer.txt')
-		else:
-			await service.execute('dig AXFR -p {port} @{address}', outfile='{protocol}_{port}_dns_zone-transfer.txt')
+			await service.execute('dig AXFR -p {port} @{address} ' + self.get_global('domain'), outfile='{protocol}_{port}_dns_zone-transfer-domain.txt')
+		if service.target.type == 'hostname':
+			await service.execute('dig AXFR -p {port} @{address} {address}', outfile='{protocol}_{port}_dns_zone-transfer-hostname.txt')
+		await service.execute('dig AXFR -p {port} @{address}', outfile='{protocol}_{port}_dns_zone-transfer.txt')
 
 class DNSReverseLookup(ServiceScan):
 

plugins/http.py

@@ -88,7 +88,7 @@ class DirBuster(ServiceScan):
 
 	def configure(self):
 		self.add_choice_option('tool', default='feroxbuster', choices=['feroxbuster', 'gobuster', 'dirsearch', 'ffuf', 'dirb'], help='The tool to use for directory busting. Default: %(default)s')
-		self.add_list_option('wordlist', default=['/usr/share/seclists/Discovery/Web-Content/common.txt'], help='The wordlist(s) to use when directory busting. Separate multiple wordlists with spaces. Default: %(default)s')
+		self.add_list_option('wordlist', default=['/usr/share/seclists/Discovery/Web-Content/common.txt', '/usr/share/seclists/Discovery/Web-Content/big.txt', '/usr/share/seclists/Discovery/Web-Content/raft-large-words.txt'], help='The wordlist(s) to use when directory busting. Separate multiple wordlists with spaces. Default: %(default)s')
 		self.add_option('threads', default=10, help='The number of threads to use when directory busting. Default: %(default)s')
 		self.add_option('ext', default='txt,html,php,asp,aspx,jsp', help='The extensions you wish to fuzz (no dot, comma separated). Default: %(default)s')
 		self.match_service_name('^http')
@@ -99,45 +99,42 @@ class DirBuster(ServiceScan):
 		for wordlist in self.get_option('wordlist'):
 			name = os.path.splitext(os.path.basename(wordlist))[0]
 			if self.get_option('tool') == 'feroxbuster':
-				await service.execute('feroxbuster -u {http_scheme}://{addressv6}:{port}/ -t ' + str(self.get_option('threads')) + ' -w ' + wordlist + ' -x ' + self.get_option('ext') + ' -v -k -n -q -o "{scandir}/{protocol}_{port}_{http_scheme}_feroxbuster_' + name + '.txt"')
+				await service.execute('feroxbuster -u {http_scheme}://{addressv6}:{port}/ -t ' + str(self.get_option('threads')) + ' -w ' + wordlist + ' -x "' + self.get_option('ext') + '" -v -k -n -q -o "{scandir}/{protocol}_{port}_{http_scheme}_feroxbuster_' + name + '.txt"')
 			elif self.get_option('tool') == 'gobuster':
 				await service.execute('gobuster dir -u {http_scheme}://{addressv6}:{port}/ -t ' + str(self.get_option('threads')) + ' -w ' + wordlist + ' -e -k -x "' + self.get_option('ext') + '" -z -o "{scandir}/{protocol}_{port}_{http_scheme}_gobuster_' + name + '.txt"')
 			elif self.get_option('tool') == 'dirsearch':
-				if service.target.type == 'IPv6':
+				if service.target.ipversion == 'IPv6':
 					error('dirsearch does not support IPv6.')
 				else:
-					await service.execute('dirsearch -u {http_scheme}://{address}:{port}/ -t ' + str(self.get_option('threads')) + ' -e ' + self.get_option('ext') + ' -f -q -w ' + wordlist + ' --format=plain -o "{scandir}/{protocol}_{port}_{http_scheme}_dirsearch_' + name + '.txt"')
+					await service.execute('dirsearch -u {http_scheme}://{address}:{port}/ -t ' + str(self.get_option('threads')) + ' -e "' + self.get_option('ext') + '" -f -q -w ' + wordlist + ' --format=plain -o "{scandir}/{protocol}_{port}_{http_scheme}_dirsearch_' + name + '.txt"')
 			elif self.get_option('tool') == 'ffuf':
 				await service.execute('ffuf -u {http_scheme}://{addressv6}:{port}/FUZZ -t ' + str(self.get_option('threads')) + ' -w ' + wordlist + ' -e "' + dot_extensions + '" -v -noninteractive | tee {scandir}/{protocol}_{port}_{http_scheme}_ffuf_' + name + '.txt')
 			elif self.get_option('tool') == 'dirb':
 				await service.execute('dirb {http_scheme}://{addressv6}:{port}/ ' + wordlist + ' -l -r -S -X ",' + dot_extensions + '" -o "{scandir}/{protocol}_{port}_{http_scheme}_dirb_' + name + '.txt"')
 
 	def manual(self, service, plugin_was_run):
-		service.add_manual_command('(feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:', [
-			'feroxbuster -u {http_scheme}://{addressv6}:{port} -t ' + str(self.get_option('threads')) + ' -w /usr/share/seclists/Discovery/Web-Content/big.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -o {scandir}/{protocol}_{port}_{http_scheme}_feroxbuster_big.txt',
-			'feroxbuster -u {http_scheme}://{addressv6}:{port} -t ' + str(self.get_option('threads')) + ' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -o {scandir}/{protocol}_{port}_{http_scheme}_feroxbuster_dirbuster.txt'
-		])
-
-		service.add_manual_command('(gobuster v3) Multi-threaded directory/file enumeration for web servers using various wordlists:', [
-			'gobuster dir -u {http_scheme}://{addressv6}:{port}/ -t ' + str(self.get_option('threads')) + ' -w /usr/share/seclists/Discovery/Web-Content/big.txt -e -k -x "txt,html,php,asp,aspx,jsp" -z -o "{scandir}/{protocol}_{port}_{http_scheme}_gobuster_big.txt"',
-			'gobuster dir -u {http_scheme}://{addressv6}:{port}/ -t ' + str(self.get_option('threads')) + ' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e -k -x "txt,html,php,asp,aspx,jsp" -z -o "{scandir}/{protocol}_{port}_{http_scheme}_gobuster_dirbuster.txt"'
-		])
-
-		if service.target.type == 'IPv4':
-			service.add_manual_command('(dirsearch) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:', [
-				'dirsearch -u {http_scheme}://{address}:{port}/ -t ' + str(self.get_option('threads')) + ' -r -e txt,html,php,asp,aspx,jsp -f -w /usr/share/seclists/Discovery/Web-Content/big.txt --format=plain --output="{scandir}/{protocol}_{port}_{http_scheme}_dirsearch_big.txt"',
-				'dirsearch -u {http_scheme}://{address}:{port}/ -t ' + str(self.get_option('threads')) + ' -r -e txt,html,php,asp,aspx,jsp -f -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --format=plain --output="{scandir}/{protocol}_{port}_{http_scheme}_dirsearch_dirbuster.txt"'
+		dot_extensions = ','.join(['.' + x for x in self.get_option('ext').split(',')])
+		if self.get_option('tool') == 'feroxbuster':
+			service.add_manual_command('(feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:', [
+				'feroxbuster -u {http_scheme}://{addressv6}:{port} -t ' + str(self.get_option('threads')) + ' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "' + self.get_option('ext') + '" -v -k -n -o {scandir}/{protocol}_{port}_{http_scheme}_feroxbuster_dirbuster.txt'
+			])
+		elif self.get_option('tool') == 'gobuster':
+			service.add_manual_command('(gobuster v3) Multi-threaded directory/file enumeration for web servers using various wordlists:', [
+				'gobuster dir -u {http_scheme}://{addressv6}:{port}/ -t ' + str(self.get_option('threads')) + ' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e -k -x "' + self.get_option('ext') + '" -z -o "{scandir}/{protocol}_{port}_{http_scheme}_gobuster_dirbuster.txt"'
+			])
+		elif self.get_option('tool') == 'dirsearch':
+			if service.target.ipversion == 'IPv4':
+				service.add_manual_command('(dirsearch) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:', [
+					'dirsearch -u {http_scheme}://{address}:{port}/ -t ' + str(self.get_option('threads')) + ' -r -e "' + self.get_option('ext') + '" -f -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --format=plain --output="{scandir}/{protocol}_{port}_{http_scheme}_dirsearch_dirbuster.txt"'
+				])
+		elif self.get_option('tool') == 'ffuf':
+			service.add_manual_command('(ffuf) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:', [
+				'ffuf -u {http_scheme}://{addressv6}:{port}/FUZZ -t ' + str(self.get_option('threads')) + ' -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -e "' + dot_extensions + '" -v -noninteractive | tee {scandir}/{protocol}_{port}_{http_scheme}_ffuf_dirbuster.txt'
+			])
+		elif self.get_option('tool') == 'dirb':
+			service.add_manual_command('(dirb) Recursive directory/file enumeration for web servers using various wordlists:', [
+				'dirb {http_scheme}://{addressv6}:{port}/ /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -l -r -S -X ",' + dot_extensions + '" -o "{scandir}/{protocol}_{port}_{http_scheme}_dirb_dirbuster.txt"'
 			])
-
-		service.add_manual_command('(dirb) Recursive directory/file enumeration for web servers using various wordlists:', [
-			'dirb {http_scheme}://{addressv6}:{port}/ /usr/share/seclists/Discovery/Web-Content/big.txt -l -r -S -X ",.txt,.html,.php,.asp,.aspx,.jsp" -o "{scandir}/{protocol}_{port}_{http_scheme}_dirb_big.txt"',
-			'dirb {http_scheme}://{addressv6}:{port}/ /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -l -r -S -X ",.txt,.html,.php,.asp,.aspx,.jsp" -o "{scandir}/{protocol}_{port}_{http_scheme}_dirb_dirbuster.txt"'
-		])
-
-		service.add_manual_command('(gobuster v1 & v2) Multi-threaded directory/file enumeration for web servers using various wordlists:', [
-			'gobuster -u {http_scheme}://{addressv6}:{port}/ -t ' + str(self.get_option('threads')) + ' -w /usr/share/seclists/Discovery/Web-Content/big.txt -e -k -l -x "txt,html,php,asp,aspx,jsp" -o "{scandir}/{protocol}_{port}_{http_scheme}_gobuster_big.txt"',
-			'gobuster -u {http_scheme}://{addressv6}:{port}/ -t ' + str(self.get_option('threads')) + ' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e -k -l -x "txt,html,php,asp,aspx,jsp" -o "{scandir}/{protocol}_{port}_{http_scheme}_gobuster_dirbuster.txt"'
-		])
 
 class Nikto(ServiceScan):
 
@@ -151,7 +148,7 @@ class Nikto(ServiceScan):
 		self.match_service_name('^nacn_http$', negative_match=True)
 
 	def manual(self, service, plugin_was_run):
-		if service.target.type == 'IPv4':
+		if service.target.ipversion == 'IPv4':
 			service.add_manual_command('(nikto) old but generally reliable web server enumeration tool:', 'nikto -ask=no -h {http_scheme}://{address}:{port} 2>&1 | tee "{scandir}/{protocol}_{port}_{http_scheme}_nikto.txt"')
 
 class WhatWeb(ServiceScan):
@@ -166,7 +163,7 @@ class WhatWeb(ServiceScan):
 		self.match_service_name('^nacn_http$', negative_match=True)
 
 	async def run(self, service):
-		if service.protocol == 'tcp' and service.target.type == 'IPv4':
+		if service.protocol == 'tcp' and service.target.ipversion == 'IPv4':
 			await service.execute('whatweb --color=never --no-errors -a 3 -v {http_scheme}://{address}:{port} 2>&1', outfile='{protocol}_{port}_{http_scheme}_whatweb.txt')
 
 class WkHTMLToImage(ServiceScan):

plugins/sip.py

@@ -24,5 +24,5 @@ class SIPVicious(ServiceScan):
 		self.match_service_name('^asterisk')
 
 	def manual(self, service, plugin_was_run):
-		if service.target.type == 'IPv4':
+		if service.target.ipversion == 'IPv4':
 			service.add_manual_command('svwar:', 'svwar -D -m INVITE -p {port} {address}')

plugins/smb.py

@@ -50,7 +50,7 @@ class Enum4Linux(ServiceScan):
 		self.run_once(True)
 
 	async def run(self, service):
-		if service.target.type == 'IPv4':
+		if service.target.ipversion == 'IPv4':
 			await service.execute('enum4linux -a -M -l -d {address} 2>&1', outfile='enum4linux.txt')
 
 class NBTScan(ServiceScan):
@@ -66,7 +66,7 @@ class NBTScan(ServiceScan):
 		self.run_once(True)
 
 	async def run(self, service):
-		if service.target.type == 'IPv4':
+		if service.target.ipversion == 'IPv4':
 			await service.execute('nbtscan -rvh {address} 2>&1', outfile='nbtscan.txt')
 
 class SMBClient(ServiceScan):
@@ -95,7 +95,7 @@ class SMBMap(ServiceScan):
 		self.match_service_name(['^smb', '^microsoft\-ds', '^netbios'])
 
 	async def run(self, service):
-		if service.target.type == 'IPv4':
+		if service.target.ipversion == 'IPv4':
 			await service.execute('smbmap -H {address} -P {port} 2>&1', outfile='smbmap-share-permissions.txt')
 			await service.execute('smbmap -u null -p "" -H {address} -P {port} 2>&1', outfile='smbmap-share-permissions.txt')
 			await service.execute('smbmap -H {address} -P {port} -R 2>&1', outfile='smbmap-list-contents.txt')

plugins/snmp.py

@@ -27,7 +27,7 @@ class OneSixtyOne(ServiceScan):
 		self.add_option('community-strings', default='/usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt', help='The file containing a list of community strings to try. Default: %(default)s')
 
 	async def run(self, service):
-		if service.target.type == 'IPv4':
+		if service.target.ipversion == 'IPv4':
 			await service.execute('onesixtyone -c ' + service.get_option('community-strings') + ' -dd {address} 2>&1', outfile='{protocol}_{port}_snmp_onesixtyone.txt')
 
 class SNMPWalk(ServiceScan):