New (third party) SIDs added, SIDs Minimum size for brute force

Constants.py

@@ -17,6 +17,7 @@
 By Quentin Hardy ([email protected] or [email protected])
 """
 CURRENT_VERSION = "Version 1.6 - 2015/07/14"
+DEFAULT_SID_MIN_SIZE = 1
 DEFAULT_SID_MAX_SIZE = 2
 MAX_HELP_POSITION=60
 DEFAULT_SID_FILE = "sids.txt"
@@ -38,18 +39,14 @@
 DEFAULT_ENCODING = 'utf8'
 #SEARCH module
 PATTERNS_COLUMNS_WITH_PWDS = [
-	'%motdepasse%',
-	'%mot_de_passe%',
 	'%mdp%',
 	'%pwd%',
-	'%passswd%',
-	"%password%",
+	'%pass%',
 	"%contraseña%",
 	"%clave%",
 	"%chiave%",
 	"%пароль%",
 	"%wachtwoord%",
-	"%Passwort%",
 	"%hasło%",
 	"%senha%",
 	]

SIDGuesser.py

@@ -133,7 +133,7 @@ def runSIDGuesserModule(args):
 	sIDGuesser = SIDGuesser(args,args['sids-file'],timeSleep=args['timeSleep'])
 	if args['no-alias-like-sid'] == False : sIDGuesser.loadSidsFromListenerAlias()
 	sIDGuesser.searchKnownSIDs()
-	for aSIDSize in range(1, args['sids-max-size']+1):
+	for aSIDSize in range(args['sids-min-size'], args['sids-max-size']+1):
 		sIDGuesser.bruteforceSIDs(size=aSIDSize, charset=args['sid-charset'])
 	validSIDsList = sIDGuesser.getValidSIDs()
 	if validSIDsList == []:

Utils.py

@@ -113,13 +113,13 @@ def configureLogging(args):
 
 def execSystemCmd (cmd):
 	''' 
-	Execute a commande with popen
+	Execute a command with popen
 	Return None if an error
 	'''
 	p = Popen(cmd, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True, shell=True)
 	stdout, stderr = p.communicate()
 	if stderr != "" : 
-		logging.error("Problem when execuritng the command \'{0}\':\n{1}".format(cmd, stderr[:-1]))
+		logging.error("Problem when executing the command \'{0}\':\n{1}".format(cmd, stderr[:-1]))
 		return None
 	else : 
 		if stdout != "" :
@@ -132,9 +132,9 @@ def execSystemCmd (cmd):
 def anAccountIsGiven (args):
 	'''
 	return True if an account is given in args
-	Otehrwise, return False
-	- oeprations muste be a list
-	- args must be a dictionnary
+	Otherwise, return False
+	- operations must be a list
+	- args must be a dictionary
 	'''
 	if (args.has_key('user') ==False or args.has_key('password') == False) or (args['user'] == None and args['password'] == None):
 		logging.critical("You must give a valid account with the '-U username' option and the '-P password' option.")
@@ -143,17 +143,17 @@ def anAccountIsGiven (args):
 		logging.critical("You must give a valid account with the '-P password' option.")
 		return False
 	elif args['user'] == None and args['password'] != None:
-		logging.critical("You must give a valid username thanks to the '-U username' option.")
+		logging.critical("You must give a valid username with the '-U username' option.")
 		return False
 	else :
 		return True
 
 def anOperationHasBeenChosen(args, operations):
 	'''
-	Return True if an operation has been choosing.
+	Return True if an operation has been chosen.
 	Otherwise return False
-	- oeprations muste be a list
-	- args must be a dictionnary
+	- operations must be a list
+	- args must be a dictionary
 	'''
 	for key in operations:
 		if args.has_key(key) == True:
@@ -167,10 +167,10 @@ def ipOrNameServerHasBeenGiven(args):
 	'''
 	Return True if an ip or name server has been given
 	Otherwise return False
-	- args must be a dictionnary
+	- args must be a dictionary
 	'''
 	if args.has_key('server') == False or args['server'] == None:
-		logging.critical("The server addess must be given thanks to the '-s IPadress' option.")
+		logging.critical("The server address must be given with the '-s IPadress' option.")
 		return False
 	else :
 		try:
@@ -188,10 +188,10 @@ def sidHasBeenGiven(args):
 	'''
 	Return True if an ip has been given
 	Otherwise return False
-	- args must be a dictionnary
+	- args must be a dictionary
 	'''
 	if args.has_key('sid') == False or args['sid'] == None:
-		logging.critical("The server SID must be given thanks to the '-d SID' option.")
+		logging.critical("The server SID must be given with the '-d SID' option.")
 		return False
 	return True
 
@@ -200,7 +200,7 @@ def checkOptionsGivenByTheUser(args,operationsAllowed,checkAccount=True):
 	Return True if all options are OK
 	Otherwise return False
 	- args: list
-	- operationsAllowed : opertaions allowed with this module
+	- operationsAllowed : operations allowed with this module
 	'''
 	if ipOrNameServerHasBeenGiven(args) == False : return False
 	elif sidHasBeenGiven(args) == False : return False

odat.py

@@ -80,8 +80,8 @@ def runAllModules(args):
 	else :
 		validSIDsList = [args['sid']]
 	#B)ACCOUNT MANAGEMENT
-	if args['credentielsFile'] == True :
-		logging.debug("Loading credentiels stored in the {0} file".format(args['accounts-file']))
+	if args['credentialsFile'] == True :
+		logging.debug("Loading credentials stored in the {0} file".format(args['accounts-file']))
 		#Load accounts from file
 		passwordGuesser = PasswordGuesser(args, args['accounts-file'])
 		validAccountsList = passwordGuesser.getAccountsFromFile()
@@ -225,7 +225,7 @@ def main():
 	#1.3- Parent parser: all option
 	PPallModule = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=MAX_HELP_POSITION))
 	PPallModule._optionals.title = "all module options"
-	PPallModule.add_argument('-C', dest='credentielsFile', action='store_true', required=False, default=False, help='use credentiels stored in the --accounts-file file (disable -P and -U)')
+	PPallModule.add_argument('-C', dest='credentialsFile', action='store_true', required=False, default=False, help='use credentials stored in the --accounts-file file (disable -P and -U)')
 	PPallModule.add_argument('--no-tns-poisoning-check', dest='no-tns-poisoning-check', action='store_true', required=False, default=False, help="don't check if target is vulnreable to TNS poisoning")
 	#1.3- Parent parser: TNS cmd
 	PPTnsCmd = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=MAX_HELP_POSITION))
@@ -237,6 +237,7 @@ def main():
 	#1.3- Parent parser: SID Guesser
 	PPsidguesser = argparse.ArgumentParser(add_help=False,formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=MAX_HELP_POSITION))
 	PPsidguesser._optionals.title = "SID guesser options"
+	PPsidguesser.add_argument('--sids-min-size',dest='sids-min-size',required=False, type=int, default=DEFAULT_SID_MIN_SIZE, help='minimum size of SIDs for the bruteforce (default: %(default)s)')
 	PPsidguesser.add_argument('--sids-max-size',dest='sids-max-size',required=False, type=int, default=DEFAULT_SID_MAX_SIZE, help='maximum size of SIDs for the bruteforce (default: %(default)s)')
 	PPsidguesser.add_argument('--sid-charset',dest='sid-charset',required=False, default=DEFAULT_SID_CHARSET, help='charset for the sid bruteforce (default: %(default)s)')
 	PPsidguesser.add_argument('--sids-file',dest='sids-file',required=False,metavar="FILE",default=DEFAULT_SID_FILE, help='file containing SIDs (default: %(default)s)')