add potential target + small change

ElNiak · Jun 20, 2024 · 445a3d0 · 445a3d0
1 parent 1bc8a7e
commit 445a3d0
Show file tree

Hide file tree

Showing 17 changed files with 603 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -111,7 +111,7 @@ We welcome contributions from the community. To contribute:
 
 * https://github.com/Karmaz95/crimson/blob/master/words/exp/special_chars.txt
 * https://github.com/hahwul/dalfox
-* https://github.com/Raghavd3v/CRLFsuite/blob/main/crlfsuite/db/wafsignatures.json
+* https://github.com/mandiant/PwnAuth
 
 ## TODOs
 Also watch module for more specfic TODOs

diff --git a/bounty_drive/attacks/dorks/README.md b/bounty_drive/attacks/dorks/README.md
@@ -12,6 +12,7 @@
 * https://obheda12.medium.com/gitdorker-a-new-tool-for-manual-github-dorking-and-easy-bug-bounty-wins-92a0a0a6b8d5
 * https://github.com/spekulatius/infosec-dorks
 * Use Google hacking database(https://www.exploit-db.com/google-hacking-database) for good sqli dorks.
+* https://github.com/ghostlulzhacks/waybackMachine/blob/master/waybackMachine.py
 
 ## TODOs
 

diff --git a/bounty_drive/attacks/xss/xss.py b/bounty_drive/attacks/xss/xss.py
@@ -14,7 +14,7 @@
 
 from attacks.dorks.search_engine_dorking import get_proxies_and_cycle
 from attacks.xss.xss_striker import attacker_crawler
-from reporting.results_manager import update_attack_result
+from reporting.results_manager import get_crawling_results, update_attack_result
 from vpn_proxies.proxies_manager import prepare_proxies
 from bypasser.waf_mitigation import waf_detector
 from utils.app_config import (
@@ -166,27 +166,47 @@ def launch_xss_attack(config, website_to_test):
             # TODO: use blind-xss-payload-list.txt
             # configure a domain for the attacks
 
+            website = get_crawling_results(config)
+
+            search_tasks_with_proxy = []
+            for website, domUrls, forms in website:
+                proxy = next(proxy_cycle)
+                scheme = urlparse(website).scheme
+                host = urlparse(website).netloc
+                main_url = scheme + "://" + host
+                for form, domURL in zip(forms, domUrls):
+                    search_tasks_with_proxy.append(
+                        {
+                            "main_url": main_url,
+                            "form": form,
+                            "scheme": scheme,
+                            "host": host,
+                            "domURLs": domURL,
+                            "proxy": proxy,
+                        }
+                    )
+
             if config["fuzz_xss"]:
                 raise NotImplementedError("Fuzzing is not implemented yet")
             else:
-                blindPayloads = "alert(1)"  # TODO
+                blindPayloads = "alert(1)"  # TODO read from file
                 encoding = base64 if config["encode_xss"] else False
                 with concurrent.futures.ThreadPoolExecutor(
                     max_workers=number_of_worker
                 ) as executor:
                     future_to_search = {
                         executor.submit(
                             attacker_crawler,
-                            # scheme,
-                            # host,
-                            # main_url,
-                            form,
+                            task["scheme"],
+                            task["host"],
+                            task["main_url"],
+                            task["form"],
                             blindPayloads,
                             encoding,
                             config,
-                            next(proxy_cycle),
-                        ): form
-                        for form, domURL in zip([], [])  # TODO use domURL
+                            task["proxy"],
+                        ): task
+                        for task in search_tasks_with_proxy
                     }
                     for website in tqdm(
                         concurrent.futures.as_completed(future_to_search),

diff --git a/bounty_drive/bypasser/README.md b/bounty_drive/bypasser/README.md
@@ -0,0 +1,6 @@
+# WAF bypasser
+
+## Usefull links
+
+* https://github.com/EnableSecurity/wafw00f
+* * https://github.com/Raghavd3v/CRLFsuite/blob/main/crlfsuite/db/wafsignatures.json
diff --git a/bounty_drive/configs/config.ini b/bounty_drive/configs/config.ini
@@ -2,7 +2,8 @@
 extension = 
 subdomain = true
 do_web_scap = true
-target_file = configs/target_rei.txt
+target_file = configs/target_pornbox.txt
+exclusion_file = configs/exclusion_pornbox.txt
 target_login = []
 logging=DEBUG
 max_thread = 30
@@ -51,8 +52,8 @@ do_api = false
 [Proxy]
 use_proxy = true
 use_free_proxy_file = false
-use_free_proxy = false
-use_nordvpn_proxy = true
+use_free_proxy = true
+use_nordvpn_proxy = false
 proxies = [None]
 proxy_mean_delay = 10
 proxy_factor = 1

diff --git a/bounty_drive/configs/scopes_for_att_at_2024-06-20_15_33_10_UTC.csv b/bounty_drive/configs/scopes_for_att_at_2024-06-20_15_33_10_UTC.csv
@@ -0,0 +1,15 @@
+identifier,asset_type,instruction,eligible_for_bounty,eligible_for_submission,availability_requirement,confidentiality_requirement,integrity_requirement,max_severity,system_tags,created_at,updated_at
+prod-taxexempt.att.com,URL,This is out of scope for submission. ,false,false,,,,critical,,2019-08-20 14:40:21 UTC,2023-01-04 09:50:41 UTC
+projectone.att.com,URL,This is out of scope for submission. ,false,false,,,,critical,,2019-09-19 12:48:23 UTC,2023-01-04 09:50:41 UTC
+c2m-projectone.att.com,URL,This is out of scope for submission. ,false,false,,,,critical,,2019-09-25 13:09:17 UTC,2023-01-04 09:50:41 UTC
+wf-projectone.att.com,URL,This is out of scope for submission,false,false,,,,critical,,2019-09-25 13:09:48 UTC,2023-01-04 09:50:42 UTC
+*.sky.com.mx,URL,This is out of scope for submission. ,false,false,,,,critical,,2020-01-14 15:47:26 UTC,2023-07-13 09:09:06 UTC
+accbusinesspricing.att.com,URL,This is out of scope for submission. ,false,false,,,,critical,,2020-02-07 15:38:00 UTC,2023-01-04 09:50:42 UTC
+rcloud.social,URL,This is out of scope for submission. ,false,false,,,,critical,,2020-03-27 13:07:48 UTC,2023-01-04 09:50:42 UTC
+attdashboard.wireless.att.com,URL,This is out of scope for submission. ,false,false,,,,critical,,2020-09-16 14:59:43 UTC,2023-01-04 09:50:42 UTC
+https://clec.att.com/clec/,URL,This is out of scope for submission. ,false,false,,,,critical,,2021-02-11 14:14:50 UTC,2023-07-13 09:09:14 UTC
+12.0.1.28,OTHER,This is out of scope for submission. ,false,false,,,,critical,,2021-02-11 14:18:20 UTC,2023-01-16 16:12:50 UTC
+attsuppliers.com,URL,This is out of scope for submission,false,false,,,,critical,,2022-02-18 16:12:33 UTC,2023-07-13 09:09:23 UTC
+attpurchasing.com,URL,This is out of scope for submission,false,false,,,,critical,,2022-02-18 16:14:06 UTC,2023-07-13 09:09:23 UTC
+authkeysmx01.att.com.mx,URL,"",false,false,,,,critical,,2022-02-23 21:35:31 UTC,2023-07-13 09:09:23 UTC
+Other Assets,OTHER,"",true,true,,,,critical,,2024-04-02 15:43:16 UTC,2024-04-02 15:43:16 UTC