├── LICENSE
├── README.md
├── docs
    ├── README-zh-CN.md
    └── modules.txt
├── etc
    ├── dirsc.conf
    ├── domainsc.conf
    ├── intruder.conf
    ├── nmap.conf
    └── sitemap.conf
├── lib
    ├── __init__.py
    ├── core
    │   ├── __init__.py
    │   ├── database.py
    │   ├── exception.py
    │   ├── logger.py
    │   ├── manager.py
    │   ├── module.py
    │   ├── mswarm.py
    │   └── sswarm.py
    ├── parse
    │   ├── __init__.py
    │   ├── args.py
    │   ├── cli.py
    │   ├── configfile.py
    │   └── host.py
    └── utils
    │   ├── __init__.py
    │   ├── banner.py
    │   ├── brute.py
    │   ├── sitemap.py
    │   ├── subtasks.py
    │   └── utils.py
├── modules
    ├── __init__.py
    ├── dirsc
    │   ├── __init__.py
    │   └── dirsc.py
    ├── domainsc
    │   ├── __init__.py
    │   └── domainsc.py
    ├── intruder
    │   ├── __init__.py
    │   └── intruder.py
    ├── nmap
    │   ├── __init__.py
    │   └── nmap.py
    └── sitemap
    │   ├── __init__.py
    │   └── sitemap.py
├── setup.py
├── swarm.conf
├── swarm.py
├── swarm_s.py
└── thirdparty
    ├── __init__.py
    └── ansistrm
        ├── __init__.py
        └── ansistrm.py


/LICENSE:
--------------------------------------------------------------------------------
  1 |                     GNU GENERAL PUBLIC LICENSE
  2 |                        Version 3, 29 June 2007
  3 | 
  4 |  Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
  5 |  Everyone is permitted to copy and distribute verbatim copies
  6 |  of this license document, but changing it is not allowed.
  7 | 
  8 |                             Preamble
  9 | 
 10 |   The GNU General Public License is a free, copyleft license for
 11 | software and other kinds of works.
 12 | 
 13 |   The licenses for most software and other practical works are designed
 14 | to take away your freedom to share and change the works.  By contrast,
 15 | the GNU General Public License is intended to guarantee your freedom to
 16 | share and change all versions of a program--to make sure it remains free
 17 | software for all its users.  We, the Free Software Foundation, use the
 18 | GNU General Public License for most of our software; it applies also to
 19 | any other work released this way by its authors.  You can apply it to
 20 | your programs, too.
 21 | 
 22 |   When we speak of free software, we are referring to freedom, not
 23 | price.  Our General Public Licenses are designed to make sure that you
 24 | have the freedom to distribute copies of free software (and charge for
 25 | them if you wish), that you receive source code or can get it if you
 26 | want it, that you can change the software or use pieces of it in new
 27 | free programs, and that you know you can do these things.
 28 | 
 29 |   To protect your rights, we need to prevent others from denying you
 30 | these rights or asking you to surrender the rights.  Therefore, you have
 31 | certain responsibilities if you distribute copies of the software, or if
 32 | you modify it: responsibilities to respect the freedom of others.
 33 | 
 34 |   For example, if you distribute copies of such a program, whether
 35 | gratis or for a fee, you must pass on to the recipients the same
 36 | freedoms that you received.  You must make sure that they, too, receive
 37 | or can get the source code.  And you must show them these terms so they
 38 | know their rights.
 39 | 
 40 |   Developers that use the GNU GPL protect your rights with two steps:
 41 | (1) assert copyright on the software, and (2) offer you this License
 42 | giving you legal permission to copy, distribute and/or modify it.
 43 | 
 44 |   For the developers' and authors' protection, the GPL clearly explains
 45 | that there is no warranty for this free software.  For both users' and
 46 | authors' sake, the GPL requires that modified versions be marked as
 47 | changed, so that their problems will not be attributed erroneously to
 48 | authors of previous versions.
 49 | 
 50 |   Some devices are designed to deny users access to install or run
 51 | modified versions of the software inside them, although the manufacturer
 52 | can do so.  This is fundamentally incompatible with the aim of
 53 | protecting users' freedom to change the software.  The systematic
 54 | pattern of such abuse occurs in the area of products for individuals to
 55 | use, which is precisely where it is most unacceptable.  Therefore, we
 56 | have designed this version of the GPL to prohibit the practice for those
 57 | products.  If such problems arise substantially in other domains, we
 58 | stand ready to extend this provision to those domains in future versions
 59 | of the GPL, as needed to protect the freedom of users.
 60 | 
 61 |   Finally, every program is threatened constantly by software patents.
 62 | States should not allow patents to restrict development and use of
 63 | software on general-purpose computers, but in those that do, we wish to
 64 | avoid the special danger that patents applied to a free program could
 65 | make it effectively proprietary.  To prevent this, the GPL assures that
 66 | patents cannot be used to render the program non-free.
 67 | 
 68 |   The precise terms and conditions for copying, distribution and
 69 | modification follow.
 70 | 
 71 |                        TERMS AND CONDITIONS
 72 | 
 73 |   0. Definitions.
 74 | 
 75 |   "This License" refers to version 3 of the GNU General Public License.
 76 | 
 77 |   "Copyright" also means copyright-like laws that apply to other kinds of
 78 | works, such as semiconductor masks.
 79 | 
 80 |   "The Program" refers to any copyrightable work licensed under this
 81 | License.  Each licensee is addressed as "you".  "Licensees" and
 82 | "recipients" may be individuals or organizations.
 83 | 
 84 |   To "modify" a work means to copy from or adapt all or part of the work
 85 | in a fashion requiring copyright permission, other than the making of an
 86 | exact copy.  The resulting work is called a "modified version" of the
 87 | earlier work or a work "based on" the earlier work.
 88 | 
 89 |   A "covered work" means either the unmodified Program or a work based
 90 | on the Program.
 91 | 
 92 |   To "propagate" a work means to do anything with it that, without
 93 | permission, would make you directly or secondarily liable for
 94 | infringement under applicable copyright law, except executing it on a
 95 | computer or modifying a private copy.  Propagation includes copying,
 96 | distribution (with or without modification), making available to the
 97 | public, and in some countries other activities as well.
 98 | 
 99 |   To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies.  Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 | 
103 |   An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License.  If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 | 
112 |   1. Source Code.
113 | 
114 |   The "source code" for a work means the preferred form of the work
115 | for making modifications to it.  "Object code" means any non-source
116 | form of a work.
117 | 
118 |   A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 | 
123 |   The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form.  A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 | 
134 |   The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities.  However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work.  For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 | 
147 |   The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 | 
151 |   The Corresponding Source for a work in source code form is that
152 | same work.
153 | 
154 |   2. Basic Permissions.
155 | 
156 |   All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met.  This License explicitly affirms your unlimited
159 | permission to run the unmodified Program.  The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work.  This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 | 
164 |   You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force.  You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright.  Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 | 
175 |   Conveying under any other circumstances is permitted solely under
176 | the conditions stated below.  Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 | 
179 |   3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 | 
181 |   No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 | 
187 |   When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 | 
195 |   4. Conveying Verbatim Copies.
196 | 
197 |   You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 | 
205 |   You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 | 
208 |   5. Conveying Modified Source Versions.
209 | 
210 |   You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 | 
214 |     a) The work must carry prominent notices stating that you modified
215 |     it, and giving a relevant date.
216 | 
217 |     b) The work must carry prominent notices stating that it is
218 |     released under this License and any conditions added under section
219 |     7.  This requirement modifies the requirement in section 4 to
220 |     "keep intact all notices".
221 | 
222 |     c) You must license the entire work, as a whole, under this
223 |     License to anyone who comes into possession of a copy.  This
224 |     License will therefore apply, along with any applicable section 7
225 |     additional terms, to the whole of the work, and all its parts,
226 |     regardless of how they are packaged.  This License gives no
227 |     permission to license the work in any other way, but it does not
228 |     invalidate such permission if you have separately received it.
229 | 
230 |     d) If the work has interactive user interfaces, each must display
231 |     Appropriate Legal Notices; however, if the Program has interactive
232 |     interfaces that do not display Appropriate Legal Notices, your
233 |     work need not make them do so.
234 | 
235 |   A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit.  Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 | 
245 |   6. Conveying Non-Source Forms.
246 | 
247 |   You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 | 
252 |     a) Convey the object code in, or embodied in, a physical product
253 |     (including a physical distribution medium), accompanied by the
254 |     Corresponding Source fixed on a durable physical medium
255 |     customarily used for software interchange.
256 | 
257 |     b) Convey the object code in, or embodied in, a physical product
258 |     (including a physical distribution medium), accompanied by a
259 |     written offer, valid for at least three years and valid for as
260 |     long as you offer spare parts or customer support for that product
261 |     model, to give anyone who possesses the object code either (1) a
262 |     copy of the Corresponding Source for all the software in the
263 |     product that is covered by this License, on a durable physical
264 |     medium customarily used for software interchange, for a price no
265 |     more than your reasonable cost of physically performing this
266 |     conveying of source, or (2) access to copy the
267 |     Corresponding Source from a network server at no charge.
268 | 
269 |     c) Convey individual copies of the object code with a copy of the
270 |     written offer to provide the Corresponding Source.  This
271 |     alternative is allowed only occasionally and noncommercially, and
272 |     only if you received the object code with such an offer, in accord
273 |     with subsection 6b.
274 | 
275 |     d) Convey the object code by offering access from a designated
276 |     place (gratis or for a charge), and offer equivalent access to the
277 |     Corresponding Source in the same way through the same place at no
278 |     further charge.  You need not require recipients to copy the
279 |     Corresponding Source along with the object code.  If the place to
280 |     copy the object code is a network server, the Corresponding Source
281 |     may be on a different server (operated by you or a third party)
282 |     that supports equivalent copying facilities, provided you maintain
283 |     clear directions next to the object code saying where to find the
284 |     Corresponding Source.  Regardless of what server hosts the
285 |     Corresponding Source, you remain obligated to ensure that it is
286 |     available for as long as needed to satisfy these requirements.
287 | 
288 |     e) Convey the object code using peer-to-peer transmission, provided
289 |     you inform other peers where the object code and Corresponding
290 |     Source of the work are being offered to the general public at no
291 |     charge under subsection 6d.
292 | 
293 |   A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 | 
297 |   A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling.  In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage.  For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product.  A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 | 
310 |   "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source.  The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 | 
318 |   If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information.  But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 | 
329 |   The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed.  Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 | 
337 |   Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 | 
343 |   7. Additional Terms.
344 | 
345 |   "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law.  If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 | 
354 |   When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it.  (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.)  You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 | 
361 |   Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 | 
365 |     a) Disclaiming warranty or limiting liability differently from the
366 |     terms of sections 15 and 16 of this License; or
367 | 
368 |     b) Requiring preservation of specified reasonable legal notices or
369 |     author attributions in that material or in the Appropriate Legal
370 |     Notices displayed by works containing it; or
371 | 
372 |     c) Prohibiting misrepresentation of the origin of that material, or
373 |     requiring that modified versions of such material be marked in
374 |     reasonable ways as different from the original version; or
375 | 
376 |     d) Limiting the use for publicity purposes of names of licensors or
377 |     authors of the material; or
378 | 
379 |     e) Declining to grant rights under trademark law for use of some
380 |     trade names, trademarks, or service marks; or
381 | 
382 |     f) Requiring indemnification of licensors and authors of that
383 |     material by anyone who conveys the material (or modified versions of
384 |     it) with contractual assumptions of liability to the recipient, for
385 |     any liability that these contractual assumptions directly impose on
386 |     those licensors and authors.
387 | 
388 |   All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10.  If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term.  If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 | 
398 |   If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 | 
403 |   Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 | 
407 |   8. Termination.
408 | 
409 |   You may not propagate or modify a covered work except as expressly
410 | provided under this License.  Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 | 
415 |   However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 | 
422 |   Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 | 
429 |   Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License.  If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 | 
435 |   9. Acceptance Not Required for Having Copies.
436 | 
437 |   You are not required to accept this License in order to receive or
438 | run a copy of the Program.  Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance.  However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work.  These actions infringe copyright if you do
443 | not accept this License.  Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 | 
446 |   10. Automatic Licensing of Downstream Recipients.
447 | 
448 |   Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License.  You are not responsible
451 | for enforcing compliance by third parties with this License.
452 | 
453 |   An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations.  If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 | 
463 |   You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License.  For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 | 
471 |   11. Patents.
472 | 
473 |   A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based.  The
475 | work thus licensed is called the contributor's "contributor version".
476 | 
477 |   A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version.  For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 | 
487 |   Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 | 
492 |   In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement).  To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 | 
499 |   If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients.  "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 | 
513 |   If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 | 
521 |   A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License.  You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 | 
536 |   Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 | 
540 |   12. No Surrender of Others' Freedom.
541 | 
542 |   If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License.  If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all.  For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 | 
552 |   13. Use with the GNU Affero General Public License.
553 | 
554 |   Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work.  The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 | 
563 |   14. Revised Versions of this License.
564 | 
565 |   The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time.  Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 | 
570 |   Each version is given a distinguishing version number.  If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation.  If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 | 
579 |   If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 | 
584 |   Later license versions may give you additional or different
585 | permissions.  However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 | 
589 |   15. Disclaimer of Warranty.
590 | 
591 |   THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 | 
600 |   16. Limitation of Liability.
601 | 
602 |   IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 | 
612 |   17. Interpretation of Sections 15 and 16.
613 | 
614 |   If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 | 
621 |                      END OF TERMS AND CONDITIONS
622 | 
623 |             How to Apply These Terms to Your New Programs
624 | 
625 |   If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 | 
629 |   To do so, attach the following notices to the program.  It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 | 
634 |     {one line to give the program's name and a brief idea of what it does.}
635 |     Copyright (C) {year}  {name of author}
636 | 
637 |     This program is free software: you can redistribute it and/or modify
638 |     it under the terms of the GNU General Public License as published by
639 |     the Free Software Foundation, either version 3 of the License, or
640 |     (at your option) any later version.
641 | 
642 |     This program is distributed in the hope that it will be useful,
643 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
644 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
645 |     GNU General Public License for more details.
646 | 
647 |     You should have received a copy of the GNU General Public License
648 |     along with this program.  If not, see <http://www.gnu.org/licenses/>.
649 | 
650 | Also add information on how to contact you by electronic and paper mail.
651 | 
652 |   If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 | 
655 |     {project}  Copyright (C) {year}  {fullname}
656 |     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 |     This is free software, and you are welcome to redistribute it
658 |     under certain conditions; type `show c' for details.
659 | 
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License.  Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 | 
664 |   You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | <http://www.gnu.org/licenses/>.
668 | 
669 |   The GNU General Public License does not permit incorporating your program
670 | into proprietary programs.  If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library.  If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License.  But first, please read
674 | <http://www.gnu.org/philosophy/why-not-lgpl.html>.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # swarm
  2 | v0.6.0
  3 | 
  4 | English | [中文](https://github.com/Arvin-X/swarm/blob/master/docs/README-zh-CN.md).
  5 | 
  6 | Swarm is an open source modular distributed penetration testing Tool that use distributed task queue to implement communication in the master-slave mode system and use MongoDB for data storage. It consists of a distributed framework and function modules. The function module can be an entirely new implement of some penetration functions or it can be a simple wrap of an existing tool to implement distributed functionality. Because of the modularity architecture it is easy to customize and extend new features under the distributed framework.
  7 | 
  8 | Now in this version 0.6.0 it has five modules:
  9 | 
 10 | - Subdomain name scan module
 11 | - Directories and files scan module
 12 | - Nmap extension module
 13 | - Sitemap crawler module
 14 | - Intruder module
 15 | 
 16 | If you want to write your own module, you can read [this](https://github.com/Arvin-X/swarm/blob/master/docs/modules.txt).
 17 | 
 18 | 
 19 | ## Install
 20 | Zipball can be download [here](https://github.com/Arvin-X/swarm/archive/master.zip).
 21 | You can also use git to get swarm:
 22 | 
 23 | ```
 24 | git clone git@github.com:Arvin-X/swarm.git
 25 | ```
 26 | then use setup.py to install swarm:
 27 | 
 28 | ```
 29 | python setup.py install
 30 | ```
 31 | 
 32 | Swarm works with Python 2.6.x or 2.7.x and it need MongoDB support on master host.
 33 | 
 34 | If you do not have MongoDB yet, you can use apt-get to install it:
 35 | 
 36 | ```
 37 | apt-get install mongodb
 38 | ```
 39 | 
 40 | 
 41 | ## Usage
 42 | Run swarm on master host to distribute tasks and run swarm-s with '-p' option on slave host to finish the subtask from master.
 43 | 
 44 | ```
 45 | swarm-s -p 9090
 46 | ```
 47 | 
 48 | You can also establish a listener on target port of slave host to receive command to waken swarm-s by specify '--waken' option when you run swarm. Otherwise you should leave '--waken' null.
 49 | To create a listener, you can use nc or socat like:
 50 | 
 51 | ```
 52 | nc -e /bin/sh -l 9191
 53 | ```
 54 | 
 55 | And use waken command like:
 56 | 
 57 | ```
 58 | swarm-s ARGS
 59 | ```
 60 | 
 61 | You need to leave "ARGS" in your command and ensure it will be cli args passed to swarm for swarm to replace it with some necessary arguments like '-p'.
 62 | 
 63 | Basic usage of swarm:
 64 | 
 65 | ```
 66 | usage: swarm [-h] -m MODULE [-v] [-c] [-o PATH] [-t [TARGET [TARGET ...]]]
 67 |              [-T PATH] [-s [SWARM [SWARM ...]]] [-S PATH] [--waken CMD]
 68 |              [--timeout TIME] [--m-addr ADDR] [--m-port PORT] [--s-port PORT]
 69 |              [--authkey KEY] [--db-addr ADDR] [--db-port PORT] [--process NUM]
 70 |              [--thread NUM] [--taskg NUM] [--dom-compbrute] [--dom-dict PATH]
 71 |              [--dom-maxlevel NUM] [--dom-charset SET] [--dom-levellen LEN]
 72 |              [--dom-timeout TIME] [--dir-http-port PORT]
 73 |              [--dir-https-port PORT] [--dir-compbrute] [--dir-charset SET]
 74 |              [--dir-len LEN] [--dir-dict PATH] [--dir-maxdepth NUM]
 75 |              [--dir-timeout TIME] [--dir-not-exist FLAG] [--dir-quick-scan]
 76 |              [--nmap-ports PORTS] [--nmap-top-ports NUM] [--nmap-ops ...]
 77 |              [--int-target [URLS [URLS ...]]] [--int-method METHOD]
 78 |              [--int-headers JSON] [--int-cookies COOKIES] [--int-body BODY]
 79 |              [--int-payload PAYLOAD] [--int-flag FLAGS] [--int-timeout TIME]
 80 |              [--map-seed SEED] [--map-http-port PORT] [--map-https-port PORT]
 81 |              [--map-cookies COOKIES] [--map-interval TIME]
 82 |              [--map-timeout TIME]
 83 | 
 84 | optional arguments:
 85 |   -h, --help            show this help message and exit
 86 |   -m MODULE             Use module name in ./modules/ to enable it
 87 | 
 88 | Output:
 89 |   These option can be used to control output
 90 | 
 91 |   -v                    Output more verbose
 92 |   -c                    Disable colorful log output
 93 |   -o PATH               Record log in target file
 94 | 
 95 | Target:
 96 |   At least one of these options has to be provided to define target unless
 97 |   there is another special option for defining target in the module
 98 | 
 99 |   -t [TARGET [TARGET ...]]
100 |                         Separated by blank (eg: github.com 127.0.0.0/24
101 |                         192.168.1.5)
102 |   -T PATH               File that contains target list, one target per line
103 | 
104 | Swarm:
105 |   Use these options to customize swarm connection. At least one of slave
106 |   host has to be provided.
107 | 
108 |   -s [SWARM [SWARM ...]]
109 |                         Address of slave hosts with port if you need waken
110 |                         them (eg: 192.168.1.2:9090 192.18.1.3:9191). No port
111 |                         if swarm-s on slave host has already run
112 |   -S PATH               File that contains slave list, one host per line
113 |   --waken CMD           Command to waken up slave hosts, null if swarm-s on
114 |                         slave host has already run
115 |   --timeout TIME        Seconds to wait before request to swarm getting
116 |                         response
117 |   --m-addr ADDR         Master address which is reachable by all slave hosts
118 |   --m-port PORT         Listen port on master host to distribute task
119 |   --s-port PORT         Listen port on slave host to receive command from
120 |                         master
121 |   --authkey KEY         Auth key between master and slave hosts
122 | 
123 | Database:
124 |   These option can be used to access MongoDB server
125 | 
126 |   --db-addr ADDR        Address of MongoDB server
127 |   --db-port PORT        Listening port of MongoDB server
128 | 
129 | Common:
130 |   These option can be used to customize common configuration of slave host
131 | 
132 |   --process NUM         Max number of concurrent process on slave host
133 |   --thread NUM          Max number of concurrent threads on slave host
134 |   --taskg NUM           Granularity of subtasks from 1 to 3
135 | 
136 | Domain Scan:
137 |   Thes option can be used to customize swarm action of subdomain name scan
138 | 
139 |   --dom-compbrute       Use complete brute force without dictionary on target
140 |   --dom-dict PATH       Path to dictionary used for subdomain name scan
141 |   --dom-maxlevel NUM    Max level of subdomain name to scan
142 |   --dom-charset SET     Charset used for complete brute foce
143 |   --dom-levellen LEN    Length interval of subdomain name each level
144 |   --dom-timeout TIME    Timeout option for subdomain name scan
145 | 
146 | Directory Scan:
147 |   These option can be used to customize swarm action of directory scan
148 | 
149 |   --dir-http-port PORT  Separated by comma if you need multiple ports
150 |   --dir-https-port PORT
151 |                         Separated by comma if you need multiple ports
152 |   --dir-compbrute       Use complete brute force without dictionary on target
153 |   --dir-charset SET     Charset used for complete brute foce
154 |   --dir-len LEN         Length interval of directory name or file name
155 |   --dir-dict PATH       Path to dictionary used for directory scan
156 |   --dir-maxdepth NUM    Max depth in directory and file scan
157 |   --dir-timeout TIME    Timeout option for directory scan
158 |   --dir-not-exist FLAG  Separated by double comma if you need multiple flags
159 |   --dir-quick-scan      Use HEAD method instead of GET in scan
160 | 
161 | Nmap Module:
162 |   These options can be used customize nmap action on slave hosts
163 | 
164 |   --nmap-ports PORTS    Support format like '80,443,3306,1024-2048'
165 |   --nmap-top-ports NUM  Scan <number> most common ports
166 |   --nmap-ops ...        Nmap options list in nmap’s man pages, this should
167 |                         be the last in cli args
168 | 
169 | Intruder:
170 |   Use indicator symbol '@n@' where 'n' should be a number, like '@0@','@1@'
171 |   etc to specify attack point in option 'int_target' and 'int_body'. Use
172 |   'int_payload' option to specify payload used on these attack point to
173 |   complete this attack.
174 | 
175 |   --int-target [URLS [URLS ...]]
176 |                         Use this option instead of '-t' or '-T' options to
177 |                         specify targets,separated by comma
178 |   --int-method METHOD   Http method used in this attack
179 |   --int-headers JSON    A JSON format data.(eg: {"User-
180 |                         Agent":"Mozilla/5.0","Origin":"XXX"})
181 |   --int-cookies COOKIES
182 |                         Separated by comma. (eg: PHPSESSIONID:XX,token:XX)
183 |   --int-body BODY       HTTP or HTTPS body. You can use indicator symbol in
184 |                         this option
185 |   --int-payload PAYLOAD
186 |                         The format should follow '@0@:PATH,@1@:CHARSET
187 |                         :NUM-NUM'
188 |   --int-flag FLAGS      Separated by double comma if you have multiple flags
189 |   --int-timeout TIME    Timeout option for intruder module
190 | 
191 | Sitemap Crawler:
192 |   These options can be used to customize sitemap crawler, not support js
193 |   parse yet
194 | 
195 |   --map-seed SEED       Separated by comma if you have multiple seeds
196 |   --map-http-port PORT  Separated by comma if you need multiple ports
197 |   --map-https-port PORT
198 |                         Separated by comma if you need multiple ports
199 |   --map-cookies COOKIES
200 |                         Separated by comma if you have multiple cookies
201 |   --map-interval TIME   Interval time between two request
202 |   --map-timeout TIME    Timeout option for sitemap crawler
203 | 
204 | ```
205 | 
206 | It is recommended that to use configuration file to configure swarm instead of using cli arguments if your requirement is high. The configuration files locate in /etc/swarm/.
207 | 
208 | ## License ##
209 | Swarm is licensed under the [GPLv3](https://github.com/Arvin-X/swarm/blob/master/LICENSE).
210 | 


--------------------------------------------------------------------------------
/docs/README-zh-CN.md:
--------------------------------------------------------------------------------
  1 | # swarm
  2 | v0.6.0
  3 | 
  4 | [English](https://github.com/Arvin-X/swarm/blob/master/README.md) | 中文
  5 | 
  6 | Swarm是一个开源的模块化分布式渗透测试工具，使用分布式任务队列实现主从模式系统间的通信，使用MongoDB做数据存储。Swarm由分布式框架及各功能模块组成，其中的功能模块既可以是对某些渗透功能的全新实现，也可以是对已经存在的渗透工具的简单封装以实现其分布式的功能。在模块化架构下很容易自定义模块或者为Swarm扩展新功能。
  7 | 
  8 | 在现在的v0.6.0版本中，Swarm实现了五个模块：
  9 | 
 10 |  - 子域名扫描模块
 11 |  - 文件扫描模块
 12 |  - Nmap扩展模块
 13 |  - 站点地图爬虫模块
 14 |  - 入侵者模块
 15 | 
 16 | 如果你想实现自己的模块，你可以阅读[这份文件](https://github.com/Arvin-X/swarm/blob/master/docs/modules.txt).
 17 | 
 18 | ## 安装
 19 | 可以在[这里](https://github.com/Arvin-X/swarm/archive/master.zip)下载swarm最新的压缩包。
 20 | 
 21 | 你也可以使用git来获取swarm：
 22 | 
 23 | ```
 24 | git clone git@github.com:Arvin-X/swarm.git
 25 | ```
 26 | 
 27 | 然后使用setup.py来安装：
 28 | 
 29 | ```
 30 | python setup.py install
 31 | ```
 32 | 
 33 | Swarm需要Python 2.6.x 或者2.7.x 环境。在master机器上，Swarm还需要MongoDB数据库支持。
 34 | 
 35 | 如果你没有安装MongoDB，你可以使用apt-get来安装：
 36 | 
 37 | ```
 38 | apt-get install mongodb
 39 | ```
 40 | 
 41 | 
 42 | ## 使用方法
 43 | 在master主机上运行swarm来分发任务，在slave主机上使用“-p”参数运行swarm-s 接收并完成来自master的子任务。
 44 | 
 45 | ```
 46 | swarm-s -p 9090
 47 | ```
 48 | 
 49 | 你也可以在slave主机的指定端口建立监听接收来自master对swarm-s的唤醒命令,这需要你使用swarm的“--waken”选项。如果你不需要唤醒swarm-s，将这一选项置为空。
 50 | 你可以使用nc或者socat来建立监听：
 51 | 
 52 | ```
 53 | nc -e /bin/sh -l 9090
 54 | ```
 55 | 
 56 | 然后使用唤醒命令例如:
 57 | 
 58 | ```
 59 | swarm-s ARGS
 60 | ```
 61 | 
 62 | 你需要在命令中预留字符”ARGS”并保证它将会作为命令行参数传递给swarm-s，swarm将会在运行过程中使用类似“-p”等参数替换它。
 63 | 
 64 | Swarm的基本使用方法：
 65 | 
 66 | ```
 67 | usage: swarm [-h] -m MODULE [-v] [-c] [-o PATH] [-t [TARGET [TARGET ...]]]
 68 |              [-T PATH] [-s [SWARM [SWARM ...]]] [-S PATH] [--waken CMD]
 69 |              [--timeout TIME] [--m-addr ADDR] [--m-port PORT] [--s-port PORT]
 70 |              [--authkey KEY] [--db-addr ADDR] [--db-port PORT] [--process NUM]
 71 |              [--thread NUM] [--taskg NUM] [--dom-compbrute] [--dom-dict PATH]
 72 |              [--dom-maxlevel NUM] [--dom-charset SET] [--dom-levellen LEN]
 73 |              [--dom-timeout TIME] [--dir-http-port PORT]
 74 |              [--dir-https-port PORT] [--dir-compbrute] [--dir-charset SET]
 75 |              [--dir-len LEN] [--dir-dict PATH] [--dir-maxdepth NUM]
 76 |              [--dir-timeout TIME] [--dir-not-exist FLAG] [--dir-quick-scan]
 77 |              [--nmap-ports PORTS] [--nmap-top-ports NUM] [--nmap-ops ...]
 78 |              [--int-target [URLS [URLS ...]]] [--int-method METHOD]
 79 |              [--int-headers JSON] [--int-cookies COOKIES] [--int-body BODY]
 80 |              [--int-payload PAYLOAD] [--int-flag FLAGS] [--int-timeout TIME]
 81 |              [--map-seed SEED] [--map-http-port PORT] [--map-https-port PORT]
 82 |              [--map-cookies COOKIES] [--map-interval TIME]
 83 |              [--map-timeout TIME]
 84 | 
 85 | optional arguments:
 86 |   -h, --help            show this help message and exit
 87 |   -m MODULE             Use module name in ./modules/ to enable it
 88 | 
 89 | Output:
 90 |   These option can be used to control output
 91 | 
 92 |   -v                    Output more verbose
 93 |   -c                    Disable colorful log output
 94 |   -o PATH               Record log in target file
 95 | 
 96 | Target:
 97 |   At least one of these options has to be provided to define target unless
 98 |   there is another special option for defining target in the module
 99 | 
100 |   -t [TARGET [TARGET ...]]
101 |                         Separated by blank (eg: github.com 127.0.0.0/24
102 |                         192.168.1.5)
103 |   -T PATH               File that contains target list, one target per line
104 | 
105 | Swarm:
106 |   Use these options to customize swarm connection. At least one of slave
107 |   host has to be provided.
108 | 
109 |   -s [SWARM [SWARM ...]]
110 |                         Address of slave hosts with port if you need waken
111 |                         them (eg: 192.168.1.2:9090 192.18.1.3:9191). No port
112 |                         if swarm-s on slave host has already run
113 |   -S PATH               File that contains slave list, one host per line
114 |   --waken CMD           Command to waken up slave hosts, null if swarm-s on
115 |                         slave host has already run
116 |   --timeout TIME        Seconds to wait before request to swarm getting
117 |                         response
118 |   --m-addr ADDR         Master address which is reachable by all slave hosts
119 |   --m-port PORT         Listen port on master host to distribute task
120 |   --s-port PORT         Listen port on slave host to receive command from
121 |                         master
122 |   --authkey KEY         Auth key between master and slave hosts
123 | 
124 | Database:
125 |   These option can be used to access MongoDB server
126 | 
127 |   --db-addr ADDR        Address of MongoDB server
128 |   --db-port PORT        Listening port of MongoDB server
129 | 
130 | Common:
131 |   These option can be used to customize common configuration of slave host
132 | 
133 |   --process NUM         Max number of concurrent process on slave host
134 |   --thread NUM          Max number of concurrent threads on slave host
135 |   --taskg NUM           Granularity of subtasks from 1 to 3
136 | 
137 | Domain Scan:
138 |   Thes option can be used to customize swarm action of subdomain name scan
139 | 
140 |   --dom-compbrute       Use complete brute force without dictionary on target
141 |   --dom-dict PATH       Path to dictionary used for subdomain name scan
142 |   --dom-maxlevel NUM    Max level of subdomain name to scan
143 |   --dom-charset SET     Charset used for complete brute foce
144 |   --dom-levellen LEN    Length interval of subdomain name each level
145 |   --dom-timeout TIME    Timeout option for subdomain name scan
146 | 
147 | Directory Scan:
148 |   These option can be used to customize swarm action of directory scan
149 | 
150 |   --dir-http-port PORT  Separated by comma if you need multiple ports
151 |   --dir-https-port PORT
152 |                         Separated by comma if you need multiple ports
153 |   --dir-compbrute       Use complete brute force without dictionary on target
154 |   --dir-charset SET     Charset used for complete brute foce
155 |   --dir-len LEN         Length interval of directory name or file name
156 |   --dir-dict PATH       Path to dictionary used for directory scan
157 |   --dir-maxdepth NUM    Max depth in directory and file scan
158 |   --dir-timeout TIME    Timeout option for directory scan
159 |   --dir-not-exist FLAG  Separated by double comma if you need multiple flags
160 |   --dir-quick-scan      Use HEAD method instead of GET in scan
161 | 
162 | Nmap Module:
163 |   These options can be used customize nmap action on slave hosts
164 | 
165 |   --nmap-ports PORTS    Support format like '80,443,3306,1024-2048'
166 |   --nmap-top-ports NUM  Scan <number> most common ports
167 |   --nmap-ops ...        Nmap options list in nmap’s man pages, this should
168 |                         be the last in cli args
169 | 
170 | Intruder:
171 |   Use indicator symbol '@n@' where 'n' should be a number, like '@0@','@1@'
172 |   etc to specify attack point in option 'int_target' and 'int_body'. Use
173 |   'int_payload' option to specify payload used on these attack point to
174 |   complete this attack.
175 | 
176 |   --int-target [URLS [URLS ...]]
177 |                         Use this option instead of '-t' or '-T' options to
178 |                         specify targets,separated by comma
179 |   --int-method METHOD   Http method used in this attack
180 |   --int-headers JSON    A JSON format data.(eg: {"User-
181 |                         Agent":"Mozilla/5.0","Origin":"XXX"})
182 |   --int-cookies COOKIES
183 |                         Separated by comma. (eg: PHPSESSIONID:XX,token:XX)
184 |   --int-body BODY       HTTP or HTTPS body. You can use indicator symbol in
185 |                         this option
186 |   --int-payload PAYLOAD
187 |                         The format should follow '@0@:PATH,@1@:CHARSET:
188 |                         NUM-NUM'
189 |   --int-flag FLAGS      Separated by double comma if you have multiple flags
190 |   --int-timeout TIME    Timeout option for intruder module
191 | 
192 | Sitemap Crawler:
193 |   These options can be used to customize sitemap crawler, not support js
194 |   parse yet
195 | 
196 |   --map-seed SEED       Separated by comma if you have multiple seeds
197 |   --map-http-port PORT  Separated by comma if you need multiple ports
198 |   --map-https-port PORT
199 |                         Separated by comma if you need multiple ports
200 |   --map-cookies COOKIES
201 |                         Separated by comma if you have multiple cookies
202 |   --map-interval TIME   Interval time between two request
203 |   --map-timeout TIME    Timeout option for sitemap crawler
204 | 
205 | ```
206 | 
207 | 如果你有较多的需求，最好使用配置文件而不是命令行参数来定义它们。Swarm的配置文件在/etc/swarm/目录下。
208 | 
209 | ## License ##
210 | Swarm在[GPLv3](https://github.com/Arvin-X/swarm/blob/master/LICENSE)许可证下发布。
211 | 


--------------------------------------------------------------------------------
/docs/modules.txt:
--------------------------------------------------------------------------------
  1 | Modules development document
  2 | =============================
  3 | If you want to write your own module for swarm, you should follow these regulations
  4 | to ensure your module can works as expect.
  5 | 
  6 | Your module should consist of a python package put in ./modules/ and a configuration
  7 | file put in ./etc/. These two parts should have the same name. In the python package,
  8 | there should be at a python file which is eponymous with package and it should contains
  9 | functions add_cli_args, parse_conf, and classes Master, Slave. The detailed description 
 10 | can be find in the following template.
 11 | 
 12 | =============================
 13 | #!/usr/bin/env python
 14 | # -*- coding: utf-8 -*-
 15 | 
 16 | """
 17 | This is a template of swarm module. You can write your own module for swarm using this 
 18 | module template.
 19 | """
 20 | 
 21 | def add_cli_args(cli_parser):
 22 |     """
 23 |     This function will be called to add cli arguments. The cli_parser is an instance of 
 24 |     class argparse.ArgumentParser. You should first add an arguments group by func 
 25 |     add_argument_group, then add your module arguments by func add_argument. This func 
 26 |     should return nothing.
 27 |     """
 28 |     pass
 29 | 
 30 | def parse_conf(args,conf_parser):
 31 |     """
 32 |     This function will be called to parse arguments in configuration file before parsing 
 33 |     arguments from cli. It means args in cli has higher priority and eponymous args 
 34 |     from cli will cover args in configuration file. The args in arguments is an instance
 35 |     of argparse.Namespace. The conf_parser in argument is an instance of 
 36 |     ConfigParser.ConfigParser. You should parse args into object 'args' by using
 37 |     'args.XX=conf_parser.getint(XXX,XXX) '. This func should return nothing.
 38 |     """
 39 |     pass
 40 | 
 41 | class Master(object):
 42 |     """
 43 |     Class Master which will be instantiated to generate subtask list, deal with result 
 44 |     gotten from swarm and report final result.
 45 |     """
 46 |     def __init__(self, args):
 47 |         """
 48 |         The args in arguments is an instance of argparse.Namespace and it stores all 
 49 |         arguments of swarm. You can get value of attribute XX by simply using 'args.XX'. 
 50 |         You should do your module initialization for Master here.
 51 |         """
 52 |         super(Master, self).__init__()
 53 |         self._args = args    
 54 | 
 55 |     def generate_subtasks(self):
 56 |         """
 57 |         This function will be called to generate subtask list and it will be called in a
 58 |          loop until it return an empty list. The Swarm framework will first call this func 
 59 |          to get subtask list (item in the list should be a string describing one subtask 
 60 |          and it will be passed as an argument to func do_task in class Slave on slave host) 
 61 |          and then call func handle_result to deal with each result gotten from swarm. After 
 62 |          all result have been confirmed, this func will be called again to continue 
 63 |          generating new subtask list because you may need new subtasks depending on the 
 64 |          result gotten from swarm in previous iteration. So this func should return subtasks
 65 |          list or empty list if you think you do not need new subtasks to finish current task.
 66 |         """
 67 |         pass
 68 | 
 69 |     def handle_result(self,result):
 70 |         """
 71 |         This function will be called when swarm get a result from slave hosts. The result 
 72 |         in arguments is a string returned by func do_task in your class Slave. You should 
 73 |         to handle it by parse and store it here. A pymongo.collection.Collection object is 
 74 |         provided in argument 'args' passed to func __init__. You can use this object by 
 75 |         'args.coll' to operate the collection in MongoDB. This func should return nothing.
 76 |         """
 77 |         pass
 78 | 
 79 |     def report(self):
 80 |         """
 81 |         Do your final report or result export here. Use result you stored in this class or
 82 |         database.
 83 |         """
 84 |         pass
 85 | 
 86 | class Slave(object):
 87 |     """
 88 |     Class Slave which will be instantiated to deal with subtask gotten from task queue and 
 89 |     return result of subtask to master.
 90 |     """
 91 |     def __init__(self, args):
 92 |         """
 93 |         The args in arguments is an instance of argparse.Namespace and it stores all arguments
 94 |         of swarm. It is same as args in Master but no db Objects. You can get value of attribute 
 95 |         XX by simply using 'args.XX'. And you should do your module initialization for Slave here.
 96 |         """
 97 |         super(Slave, self).__init__()
 98 |         self._args = args
 99 | 
100 |     def do_task(self,task):
101 |         """
102 |         This function will be called when swarm-s get a subtask from task queue. The task in 
103 |         arguments is an item in the list returned by func generate_subtasks of class Master.
104 |         You should return a string to describe the result and it will be passed to func 
105 |         handle_result in class Master.
106 |         """
107 |         pass
108 |         
109 | 
110 | 
111 | 


--------------------------------------------------------------------------------
/etc/dirsc.conf:
--------------------------------------------------------------------------------
 1 | [Directory Scan]
 2 | # HTTP Port on target host which scanner will send request to.
 3 | # Support both interval format like 1-1023 and port list format like 
 4 | # '80,443,3306,1024-2048'. Make sure that there has web server on target 
 5 | # port, otherwise it will make scan very slowly.
 6 | dir_http_port=80
 7 | 
 8 | # HTTPS PORT on target host which scanner will send request to.
 9 | # Support both interval format like 1-1023 and port list format like
10 | # '80,443,3306,1024-2048'. Make sure that there has web server on target 
11 | # port, otherwise it will make scan very slowly.
12 | dir_https_port=443
13 | 
14 | # Use complete brute force without dictionary on target.
15 | # If this option is set, you should specify dir_charset and dir_len.
16 | # If not, you sh ould specify dir_dict at the same time.
17 | dir_compbrute=True
18 | 
19 | # Charset used for complete brute foce.
20 | # You can use something like a-z or 0-9 etc. (eg:A-Z123456)
21 | dir_charset=jncx
22 | 
23 | # Length interval of directory and file in complete brute force. 
24 | dir_len=1-4
25 | 
26 | # Path to dictionary used for directory and file scan.
27 | # Either relative path or absolute path can be used.
28 | dir_dict=./dict/dir.dict
29 | 
30 | # Max depth in directory and file scan.
31 | # It dicedes when a directory has been scaned whether to scan content in it.
32 | # Use 0 to indicate scanner to scan content in any directory once it is found.
33 | dir_maxdepth=0
34 | 
35 | # Timeout option for subdomain name scan.
36 | dir_timeout=30
37 | 
38 | # Any match in these strings include in response content represent that target 
39 | # directory or file doesn't exist, separated by double comma.
40 | dir_not_exist=404,,not found,,nothing
41 | 
42 | # This option used in brute force. If this option is set, scanner will use HEAD method
43 | # to scan target. It should be faster than GET method in this way but it may report 
44 | # directory or file which does not exist actually. 
45 | dir_quick_scan=True
46 | 
47 | 


--------------------------------------------------------------------------------
/etc/domainsc.conf:
--------------------------------------------------------------------------------
 1 | [Domain Scan]
 2 | # Use complete brute force without dictionary on target.
 3 | # If this option is set, you should specify domain_charset and domain_levellen.
 4 | # If not, you sh ould specify domain_dict at the same time.
 5 | domain_compbrute=True
 6 | 
 7 | # Path to dictionary used for subdomain name scan.
 8 | # Either relative path or absolute pat  h can be used.
 9 | domain_dict=./dict/domain.dict
10 | 
11 | # Max level of subdomain name to scan.
12 | domain_maxlevel=2
13 | 
14 | # Charset used for complete brute foce.
15 | # You can use something like a-z or 0-9 etc.
16 | domain_charset=abcd
17 | 
18 | # Length interval of subdomain name each level.
19 | domain_levellen=3-4
20 | 
21 | # Timeout option for subdomain name scan.
22 | # It specifies the time that a request to target subdomain name should 
23 | # wait before it get response.
24 | domain_timeout=30
25 | 


--------------------------------------------------------------------------------
/etc/intruder.conf:
--------------------------------------------------------------------------------
 1 | [Intruder]
 2 | # Intruder module of swarm, using indicator symbol '@n@' where 'n' should 
 3 | # be a number begin from 0, like '@0@','@1@' etc to specify attack point 
 4 | # in option 'int_target' and 'int_body'. And use 'int_payload' option to 
 5 | # specify payload used on these attack point to complete this attack. A 
 6 | # indicator symbol can be used more than once if you want these location
 7 | # to be replaced with same string.
 8 | 
 9 | # Use this option instead of '-t' or '-T' options to specify targets for 
10 | # intruder module. Target of intruder module should be one or more URLs,
11 | # separated by comma if you have more than one target. You can use indicator
12 | # symbol in this option.
13 | int_target=
14 | 
15 | # Http method used in this attack.
16 | int_method=get
17 | 
18 | # Use this option to customize http headers. It should be filled with a JSON 
19 | # format data like '{"User-Agent":"Mozilla/5.0","Origin":"XXX"}'.
20 | int_headers=
21 | 
22 | # Cookies which intruder will take to make request. Separated by comma.
23 | # eg. 'PHPSESSIONID:XX,token:XX'.
24 | int_cookies=
25 | 
26 | # HTTP or HTTPS body. You can use indicator symbol in this option.
27 | int_body=
28 | 
29 | # This option is used to specify which payload should be used on each attack point.
30 | # You can use dictionary or generate new complete brute force sets as payload. The 
31 | # format should be like '@0@:PATH,@1@:CHARSET:NUM-NUM' where 'NUM-NUM' indicates
32 | # length interval of payload.
33 | int_payload=
34 | 
35 | # Response body contains any flag in this option will be report to you. Separated by
36 | # double comma if you have multiple flags. 
37 | int_flags=
38 | 
39 | # Timeout option for intruder module.
40 | int_timeout=30
41 | 
42 | 


--------------------------------------------------------------------------------
/etc/nmap.conf:
--------------------------------------------------------------------------------
 1 | [Nmap Module]
 2 | # Support both interval format like 1-1023 and port list format like 
 3 | # '80,443,3306,1024-2048'. 
 4 | nmap_ports=
 5 | 
 6 | # Scan <number> most common ports.
 7 | # This option has higher priority than nmap_ports. use 0 to disable this option.
 8 | nmap_top_ports=0
 9 | 
10 | # Nmap options list in nmap’s man pages except group 'TARGET SPECIFICATION' 
11 | # and 'PORT SPECIFICATION' 
12 | nmap_options=
13 | 
14 | 


--------------------------------------------------------------------------------
/etc/sitemap.conf:
--------------------------------------------------------------------------------
 1 | [Sitemap Crawler]
 2 | # Crawler will use these as seed. Separated by comma.
 3 | map_seed=
 4 | 
 5 | # HTTP PORT on target host which crawler will send request to.
 6 | # Support both interval format like 1-1023 and port list format like
 7 | # '80,443,3306,1024-2048'.
 8 | map_http_port=80
 9 | 
10 | # HTTPS PORT on target host which crawler will send request to.
11 | # Support both interval format like 1-1023 and port list format like
12 | # '80,443,3306,1024-2048'.
13 | map_https_port=443
14 | 
15 | # Cookies which crawler will take to make request. Separated by comma.
16 | # eg. 'PHPSESSIONID:XX,token:XX'.
17 | map_cookies=
18 | 
19 | # Interval time between two request.
20 | map_interval=0
21 | 
22 | # Timeout option for sitemap crawler.
23 | map_timeout=30
24 | 
25 | 


--------------------------------------------------------------------------------
/lib/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a7vinx/swarm/1713c1e8464725a543facd0065fea48cbfd894cb/lib/__init__.py


--------------------------------------------------------------------------------
/lib/core/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a7vinx/swarm/1713c1e8464725a543facd0065fea48cbfd894cb/lib/core/__init__.py


--------------------------------------------------------------------------------
/lib/core/database.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | import pymongo
 5 | import time
 6 | from lib.core.exception import SwarmDBException
 7 | 
 8 | def init_db(addr,port,modname):
 9 |     """
10 |     Returns:
11 |         A db Object and a collection Object of Mongodb.
12 |     Raises:
13 |         SwarmDBException: An error occurred when try to init db.
14 |     """
15 |     try:
16 |         timeformat='%Y_%m_%d_%H_%M_%S'
17 |         dbclient = pymongo.MongoClient(addr, port)
18 |         return dbclient.swarm,dbclient.swarm[modname+'_'+time.strftime(timeformat,time.localtime())]
19 |     except Exception, e:
20 |         raise SwarmDBException('Failed to connect to MongoDB server. Error info:'+str(e))
21 |     


--------------------------------------------------------------------------------
/lib/core/exception.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | class SwarmBaseException(Exception):
 5 |     pass
 6 | 
 7 | class SwarmUseException(SwarmBaseException):
 8 |     pass
 9 | 
10 | class SwarmNetException(SwarmBaseException):
11 |     pass
12 | 
13 | class SwarmParseException(SwarmBaseException):
14 |     pass
15 | 
16 | class SwarmModuleException(SwarmBaseException):
17 |     pass
18 | 
19 | class SwarmFileException(SwarmBaseException):
20 |     pass
21 | 
22 | class SwarmDBException(SwarmBaseException):
23 |     pass
24 | 
25 | class SwarmSlaveException(SwarmBaseException):
26 |     pass


--------------------------------------------------------------------------------
/lib/core/logger.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | import logging
 5 | import sys
 6 | 
 7 | REPORT=21
 8 | logging.addLevelName(REPORT,"REPORT")
 9 | 
10 | LOG=logging.getLogger("swarm")
11 | 
12 | def init_logger(logfile,verbose,disable_col):
13 | 
14 |     file_logger = logging.FileHandler(logfile)
15 |     
16 |     if disable_col==False:
17 |         try:
18 |             from thirdparty.ansistrm.ansistrm import ColorizingStreamHandler
19 |             cli_logger = ColorizingStreamHandler(sys.stdout)
20 |             cli_logger.level_map[logging.DEBUG]=(None, 'white', False)
21 |             cli_logger.level_map[logging.INFO]=(None, 'green', False)
22 |             cli_logger.level_map[logging.getLevelName("REPORT")] = (None, "cyan", False)
23 |         except ImportError as e:
24 |             print 'import error'
25 |             cli_logger = logging.StreamHandler(sys.stdout)
26 |     else:
27 |         cli_logger=logging.StreamHandler(sys.stdout)
28 |     
29 |     if verbose==True:
30 |         LOG.setLevel(logging.DEBUG)    
31 |     else:
32 |         LOG.setLevel(logging.INFO)
33 | 
34 |     file_formatter = logging.Formatter('[%(asctime)s] %(filename)s[line:%(lineno)d] [in func:%(funcName)s] %(levelname)s %(message)s',
35 |             datefmt='%d %b %Y %H:%M:%S')
36 |     cli_formatter = logging.Formatter('[%(asctime)s] %(levelname)s: %(message)s',
37 |             datefmt='%H:%M:%S')
38 |     file_logger.setFormatter(file_formatter)
39 |     cli_logger.setFormatter(cli_formatter)
40 | 
41 |     LOG.addHandler(file_logger)
42 |     LOG.addHandler(cli_logger)
43 | 
44 |     LOG.debug("logger init completed")
45 | 
46 | 


--------------------------------------------------------------------------------
/lib/core/manager.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | import multiprocessing
  5 | import Queue
  6 | import time
  7 | from multiprocessing.managers import BaseManager
  8 | from lib.core.logger import LOG
  9 | from lib.core.logger import REPORT
 10 | 
 11 | class SwarmManager(BaseManager):
 12 |     """
 13 |     Task and Result Queue Manager.
 14 |     Use its subclass MSwarmManager and SSwarmManager to complete communication.
 15 |     """
 16 |     def __init__(self,address=None,authkey=None):
 17 |         super(SwarmManager, self).__init__(address=address,authkey=authkey)
 18 | 
 19 | 
 20 | class MSwarmManager(SwarmManager):
 21 |     """
 22 |     Task manager for master host.
 23 |     There should be only one master manager.
 24 | 
 25 |     Task format:
 26 |         flag|index|task
 27 |     Result format:
 28 |         flag|index|result
 29 |     """
 30 |     def __init__(self,timeout,address=None,authkey=None):
 31 |         super(MSwarmManager, self).__init__(address=address,authkey=authkey)
 32 |         self._timeout=timeout
 33 |         self._task_queue=multiprocessing.Queue()
 34 |         self._result_queue=multiprocessing.Queue()
 35 |         # register these queue
 36 |         SwarmManager.register('get_task_queue',callable=lambda:self._task_queue)
 37 |         SwarmManager.register('get_result_queue',callable=lambda:self._result_queue)
 38 |         # start self
 39 |         self.start()
 40 | 
 41 |     def init_task_statistics(self):
 42 |         # used for recording current task queue info 
 43 |         self._cur_task_list=[]
 44 |         self._task_confirm_list=[]
 45 |         # start from 0 
 46 |         self._cur_task_num=0
 47 |         self._task_confirm_num=0
 48 | 
 49 |     def put_task(self,pre_str,task):
 50 |         """
 51 |         Put task into task queue, update current task list and current task number meanwhile.
 52 |         """
 53 |         task="|".join([pre_str,str(self._cur_task_num),task])
 54 |         LOG.debug('put task: %s'%task.replace('\n',' '))
 55 |         self._task_queue.put(task)
 56 |         self._cur_task_num+=1
 57 |         self._cur_task_list.append(task)
 58 | 
 59 |     def prepare_get_result(self):
 60 |         self._task_confirm_num=len(self._task_confirm_list)
 61 |         # confirm list need to be extended
 62 |         ex_list=[0 for x in range(self._cur_task_num-len(self._task_confirm_list))]
 63 |         self._task_confirm_list.extend(ex_list)
 64 | 
 65 |     def get_result(self):
 66 |         """
 67 |         Get result from result queue, do task index confirm meanwhile
 68 |         Return '' if all tasks have been confirmed
 69 | 
 70 |         Raises:
 71 |             Queue.Empty: can not get response within timeout
 72 |         """
 73 |         # check whether all task has been confirmed
 74 |         # if so, return ''
 75 |         if self._task_confirm_num==self._cur_task_num:
 76 |             return ''
 77 |         # may throw Queue.Empty here
 78 |         task_result=self._result_queue.get(block=True,timeout=self._timeout)
 79 |         resultl=task_result.split('|') 
 80 |         index=int(resultl[1],10)
 81 |         result='|'.join(resultl[2:])
 82 |         # do confirm
 83 |         # if it is duplicate, try to get result again
 84 |         if self._task_confirm_list[index]!=0:
 85 |             return self.get_result()
 86 |         self._task_confirm_list[index]=1
 87 |         self._task_confirm_num+=1
 88 |         LOG.debug('get result: %s'%task_result.replace('\n',' '))
 89 |         return result
 90 | 
 91 |     def reorganize_tasks(self):
 92 |         # first clear tasks in task queue
 93 |         while True:
 94 |             try:
 95 |                 self._task_queue.get(block=False)
 96 |             except Queue.Empty as e:
 97 |                 break
 98 |         # put tasks which have not been confirmed again
 99 |         for cur_index,cur in enumerate(self._task_confirm_list):
100 |             if cur==0:
101 |                 tmptask=self._cur_task_list[cur_index]
102 |                 LOG.debug('put task: %s'%tmptask.replace('\n',' '))
103 |                 self._task_queue.put(self._cur_task_list[cur_index])
104 | 
105 | 
106 | class SSwarmManager(SwarmManager):
107 |     """
108 |     Task manager for slave host.
109 | 
110 |     Task format:
111 |         flag|index|task
112 |     Result format:
113 |         flag|index|result
114 |     """
115 |     def __init__(self,address=None,authkey=None):
116 |         super(SSwarmManager, self).__init__(address=address,authkey=authkey)
117 |         SwarmManager.register('get_task_queue')
118 |         SwarmManager.register('get_result_queue')
119 |         # connect to master
120 |         self.connect()
121 |         # get queue from master
122 |         self._task_queue=self.get_task_queue()
123 |         self._result_queue=self.get_result_queue()
124 |         self._cur_task_index=0
125 |         self._cur_task_flag=''
126 |         
127 |     def get_task(self):
128 |         task=self._task_queue.get()
129 |         LOG.debug('get task: %s'%task.replace('\n',' '))
130 |         taskl=task.split('|')
131 |         self._cur_task_flag=taskl[0]
132 |         self._cur_task_index=taskl[1]
133 |         task='|'.join(taskl[2:])
134 |         return self._cur_task_flag,task
135 | 
136 |     def put_result(self,result):
137 |         result="|".join([self._cur_task_flag,self._cur_task_index,result])
138 |         LOG.debug('put result:%s'%result.replace('\n',' '))
139 |         self._result_queue.put(result)
140 | 
141 | 
142 | 
143 | 


--------------------------------------------------------------------------------
/lib/core/module.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | import os
 5 | import modules
 6 | import pkgutil
 7 | from lib.core.exception import SwarmModuleException
 8 | 
 9 | def get_modules():
10 |     """
11 |     Returns:
12 |         return a list consist of module name.
13 |     Raises:
14 |         SwarmModuleException: An error occurred when try to get modules or no available module.
15 |     """
16 |     try:
17 |         s=os.path.dirname(modules.__file__)
18 |         ret=[name for _, name, _ in pkgutil.iter_modules([s])]
19 |     except Exception as e:
20 |         raise SwarmModuleException('an error occurred when try to get modules, please check'
21 |             ' modules of swarm')
22 | 
23 |     # check available module
24 |     if len(ret)==0:
25 |         raise SwarmModuleException('no available module')
26 |     return ret
27 | 
28 | 
29 | 
30 | 
31 | 


--------------------------------------------------------------------------------
/lib/core/mswarm.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | import socket
  5 | import time
  6 | import multiprocessing
  7 | import threading 
  8 | import importlib
  9 | import json
 10 | import Queue
 11 | from lib.core.manager import MSwarmManager
 12 | from lib.parse.host import getlist
 13 | from lib.parse.host import getswarmlist
 14 | from lib.parse.host import removeip
 15 | from lib.parse.host import getiplist
 16 | from lib.core.logger import LOG
 17 | from lib.core.logger import REPORT
 18 | from lib.core.database import init_db
 19 | from lib.core.exception import SwarmBaseException
 20 | from lib.core.exception import SwarmUseException
 21 | from lib.core.exception import SwarmFileException
 22 | from lib.core.exception import SwarmNetException
 23 | from lib.core.exception import SwarmParseException
 24 | from lib.core.exception import SwarmModuleException
 25 | from lib.core.exception import SwarmSlaveException
 26 | 
 27 | 
 28 | class MSwarm(object):
 29 |     """
 30 |     A role of master in the distributed system.
 31 |     """
 32 |     def __init__(self, args):
 33 |         self._args=args
 34 |         self._swarm_num=0
 35 |         try:
 36 |             LOG.info('begin to parse target list')
 37 |             # parse target list
 38 |             self._args.target_list=getlist(args.target,args.target_file)
 39 |             LOG.log(REPORT,'target list parse completed')
 40 |         except SwarmBaseException as e:
 41 |             raise SwarmUseException('parse target error: '+str(e))
 42 | 
 43 |         try:    
 44 |             LOG.info('begin to parse swarm list')
 45 |             # parse swarm list
 46 |             if args.waken_cmd!='':
 47 |                 self._swarm_list,self._swarm_port_list=getswarmlist(args.swarm,args.swarm_file)
 48 |             else:
 49 |                 self._swarm_list=getlist(args.swarm,args.swarm_file)
 50 |             LOG.log(REPORT,'swarm list parse completed')
 51 |         except SwarmBaseException as e:
 52 |             raise SwarmUseException('parse swarm error: '+str(e))
 53 | 
 54 |     def waken_swarm(self):
 55 |         """
 56 |         Waken all slave hosts to run swarm-s and send args to them.
 57 |         Synchronize data if need.
 58 |         """
 59 |         if self._args.waken_cmd!='':
 60 |             LOG.info('send waken command "%s"to swarm'%(self._args.waken_cmd.replace('ARGS',
 61 |                 '-p %d'%self._args.s_port)))
 62 |             self._send2slave(self._args.waken_cmd.replace('ARGS','-p %d'%self._args.s_port))
 63 |             LOG.log(REPORT,'sending waken command completed')
 64 |             LOG.info('try to detect swarm status')
 65 |         # time for slave host to create listen on target port
 66 |         time.sleep(2)
 67 |         s_args=self._parse_args_for_swarm()
 68 |     
 69 |         if self._args.sync_data==True:
 70 |             s_args+='__SYNC__'
 71 |         else:
 72 |             s_args+='__CEND__'
 73 |         r=self._send2swarm_r(s_args)
 74 |         self._swarm_num=len(r)
 75 |         LOG.log(REPORT,'waken %d slaves in swarm'%self._swarm_num)
 76 |         if self._swarm_num==0:
 77 |             raise SwarmNetException('no salve can work now. mission terminates')
 78 |         
 79 |         # do data sync here
 80 |         if self._args.sync_data==True:    
 81 |             LOG.info('begin to synchronize data...')
 82 |             self._sync_data()
 83 |             LOG.info('data synchronize completed')
 84 | 
 85 |     def parse_distribute_task(self):
 86 |         # do some common check here
 87 |         if self._args.task_granularity<0 or self._args.task_granularity>3:
 88 |             raise SwarmUseException('invalid task granularity, it should be one number of 1-3')
 89 |         if self._args.process_num<0:
 90 |             raise SwarmUseException('process number can not be negative')
 91 |         if self._args.thread_num<=0:
 92 |             raise SwarmUseException('thread number should be positive')
 93 | 
 94 |         # connect to db server
 95 |         LOG.info('try to connect to db server: %s:%d'%(self._args.db_addr,self._args.db_port))
 96 |         self._args.db,self._args.coll=init_db(self._args.db_addr,self._args.db_port,self._args.mod)
 97 |         LOG.info('Connection to db server completed')
 98 |         # start the manager
 99 |         self._manager=MSwarmManager(self._args.timeout,address=('', self._args.m_port), 
100 |             authkey=self._args.authkey)
101 |         try:
102 |             module=importlib.import_module('modules.'+self._args.mod+'.'+self._args.mod)
103 |         except ImportError as e:
104 |             raise SwarmModuleException('an error occured when load module:'+self._args.mod)    
105 |         LOG.info('load module: '+self._args.mod)
106 |         LOG.info('begin to decompose task...')
107 |         mod_master=getattr(module,'Master')(self._args)
108 | 
109 |         # begin first round of tasks decomposition and distribution
110 |         roundn=0
111 |         self._manager.init_task_statistics()
112 |         while True:
113 |             subtaskl=mod_master.generate_subtasks()
114 |             taskn=len(subtaskl)
115 |             if taskn==0:
116 |                 break
117 |             roundn+=1
118 |             LOG.log(REPORT,'begin round %d'%roundn)
119 |             LOG.info('round %d: put task into queue...'%roundn)
120 |             for cur in subtaskl:
121 |                 self._manager.put_task(self._args.mod,cur)
122 |             LOG.log(REPORT,'round %d: %d tasks have been put into queue'%(roundn,taskn))
123 |             LOG.info('round %d: get result from swarm...'%roundn)
124 | 
125 |             # get result
126 |             confirmedn=0
127 |             self._manager.prepare_get_result()
128 |             while True:
129 |                 try:
130 |                     result=self._manager.get_result()
131 |                     if result=='':
132 |                         break
133 |                     confirmedn+=1
134 |                     LOG.log(REPORT,'round %d: %d/%d tasks have been completed'%(roundn,
135 |                         confirmedn,taskn))
136 |                     mod_master.handle_result(result)
137 |                 except Queue.Empty as e:
138 |                     # check number of slave host, if someone has lost response, reorganize tasks 
139 |                     # in queue.
140 |                     LOG.info('try to detect swarm status')
141 |                     r=self._send2swarm_r('ack')
142 |                     if len(r)<self._swarm_num:
143 |                         LOG.warning('%d of swarm has lost response. now total swarm:%d'
144 |                             %(self._swarm_num-len(r),len(r)))
145 |                         self._swarm_num=len(r)
146 |                         # if no swarm left
147 |                         if self._swarm_num==0:
148 |                             raise SwarmSlaveException('no swarm left. task failed')
149 |                         LOG.log(REPORT,'reorganize tasks in queue...')
150 |                         self._manager.reorganize_tasks()
151 |                         LOG.log(REPORT,'reorganization completed')
152 |                     else:
153 |                         LOG.log(REPORT,'all swarm works fine. now num: %d'%self._swarm_num)
154 |                     # continue 
155 |             LOG.log(REPORT,'round %d over'%roundn)
156 |         LOG.log(REPORT,'all tasks have been comfirmed')
157 |         # do final report now
158 |         mod_master.report()
159 |         self._shutdown()
160 | 
161 |     def _shutdown(self):
162 |         if self._args.process_num==0:
163 |             # ensure all process can be notified
164 |             off_num=16
165 |         else:
166 |             off_num=self._args.process_num
167 |         for cur in range(len(self._swarm_list)*off_num):
168 |             self._manager.put_task('__off__','|')
169 |         time.sleep(2)
170 |         self._manager.shutdown()
171 |         # drop collection 
172 |         self._args.db.drop_collection(self._args.coll)
173 | 
174 |     def _sync_data(self):
175 |         self._send2swarm_r('sync')
176 |         self._send2swarm_r('sync')
177 |         # TODO: do data sync here
178 |         pass
179 | 
180 |     def _parse_args_for_swarm(self):
181 |         return json.dumps(vars(self._args))
182 | 
183 |     def _send2swarm_r(self,content):
184 |         LOG.info('connect to swarm...')
185 |         ret=[]
186 |         for index in range(0,len(self._swarm_list)):
187 |             t=threading.Thread(target=self._send2one_r,
188 |                 args=(content,self._swarm_list[index],self._args.s_port,ret))
189 |             t.start()
190 |             t.join()
191 |         LOG.info('get %d response from swarm'%len(ret))
192 |         return ret
193 | 
194 | 
195 |     def _send2slave(self,content):
196 |         for index in range(0,len(self._swarm_list)):
197 |             t=threading.Thread(target=self._send2one,
198 |                 args=(content,self._swarm_list[index],self._swarm_port_list[index]))
199 |             t.start()
200 |             t.join()
201 | 
202 |     def _send2one(self,content,ip,port):
203 |         try:
204 |             s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
205 |             s.settimeout(self._args.timeout)
206 |             LOG.debug('connect to %s:%d...'%(ip,port))
207 |             s.connect((ip,port))
208 |             s.send(content)
209 |             s.close()
210 |             LOG.debug('connection to %s:%d close'%(ip,port))
211 |         except socket.timeout as e:
212 |             LOG.warning('%s:%d lost response'%(ip,port))
213 |         except socket.error as arg:
214 |             LOG.error('socket error while connecting to %s:%d errno %d: %s'%(ip,port,arg[0],arg[1]))
215 | 
216 |     def _send2one_r(self,content,ip,port,result):
217 |         try:
218 |             s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
219 |             s.settimeout(self._args.timeout)
220 |             LOG.debug('connect to %s:%d...'%(ip,port))
221 |             s.connect((ip,port))
222 |             s.send(content.replace('__EOF__','__EOF___'))
223 |             s.send('__EOF__')
224 |             r=s.recv(4096)
225 |             if r!='':
226 |                 result.append(r)
227 |             s.close()
228 |             LOG.debug('connection to %s:%d close'%(ip,port))
229 |         except socket.timeout as e:
230 |             LOG.warning('%s:%d lost response'%(ip,port))
231 |             return ''
232 |         except socket.error as arg:
233 |             LOG.error('socket error while connecting to %s:%d errno %d: %s'%(ip,port,arg[0],arg[1]))
234 |             return ''
235 | 
236 | 


--------------------------------------------------------------------------------
/lib/core/sswarm.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | import socket
  5 | import time
  6 | import multiprocessing
  7 | import importlib
  8 | import json
  9 | import argparse
 10 | import threading
 11 | from lib.core.logger import LOG
 12 | from lib.core.manager import SSwarmManager
 13 | 
 14 | class SSwarm(object):
 15 |     """
 16 |     A role of slave in the distributed system.
 17 |     """
 18 |     def __init__(self,s_port):
 19 |         super(SSwarm, self).__init__()
 20 |         self._s_port=s_port
 21 |         self._args=argparse.Namespace()
 22 | 
 23 |     def get_parse_args(self):
 24 |         # first receive args
 25 |         args=self._receive_master()
 26 |         sync_flag=args[-8:]
 27 |         args=args[:-8]
 28 |         self._parse_args(args)
 29 |         LOG.debug('complete parsing args')
 30 | 
 31 |         if sync_flag=='__SYNC__':
 32 |             # do data sync here
 33 |             LOG.debug('begin to synchronize data...')
 34 |             self._sync_data()
 35 |             LOG.debug('data synchronize completed')
 36 | 
 37 |     def get_do_task(self):
 38 |         proc=[]
 39 |         if self._args.process_num==0:
 40 |             for cur in range(multiprocessing.cpu_count()):
 41 |                 p=multiprocessing.Process(target=self._get_do_task_proc)
 42 |                 p.start()
 43 |                 proc.append(p)
 44 |         else:
 45 |             for cur in range(self._args.process_num):
 46 |                 p=multiprocessing.Process(target=self._get_do_task_proc)
 47 |                 p.start()
 48 |                 proc.append(p)
 49 |         # start a new thread to listen command from master host
 50 |         # use daemon argtment so we need not to wait for this thread to exit
 51 |         t=threading.Thread(target=self._response_master)
 52 |         t.daemon=True
 53 |         t.start()
 54 |         for cur in proc:
 55 |             cur.join()
 56 |         LOG.debug('task completed')
 57 | 
 58 |     def _get_do_task_proc(self):
 59 |         self._manager=SSwarmManager(address=(self._args.m_addr, self._args.m_port),
 60 |                 authkey=self._args.authkey)
 61 | 
 62 |         LOG.debug('load module: '+self._args.mod)
 63 |         LOG.debug('begin to get and do task...')
 64 |         try:
 65 |             module=importlib.import_module('modules.'+self._args.mod+'.'+self._args.mod)
 66 |         except ImportError as e:
 67 |             raise SwarmModuleException('an error occured when load module:'+self._args.mod)
 68 |         # create Slave class of this module
 69 |         mod_slave=getattr(module,'Slave')(self._args)
 70 |     
 71 |         while True:
 72 |             flag,task=self._manager.get_task()
 73 |             if flag=='__off__':
 74 |                 break
 75 |             # else use module to do task
 76 |             result=mod_slave.do_task(task)
 77 |             self._manager.put_result(result)
 78 | 
 79 |     def _parse_args(self,args):
 80 |         dict=json.loads(args)
 81 |         for k,v in dict.items():
 82 |             LOG.debug('set self._args.'+k+' => '+str(v))
 83 |             setattr(self._args,k,v)
 84 | 
 85 |     def _sync_data(self):
 86 |         print self._receive_master()
 87 |         print self._receive_master()
 88 |         # TODO: do data sync here
 89 |         pass
 90 | 
 91 |     def _response_master(self):
 92 |         while True:
 93 |             self._receive_master()
 94 | 
 95 |     def _receive_master(self):
 96 |         s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
 97 |         # incase 'Address already in use error'
 98 |         s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
 99 |         s.bind(('',self._s_port))
100 |         LOG.debug('listen on port:%d'%self._s_port)
101 |         s.listen(1)
102 |         sock, addr=s.accept()
103 |         LOG.debug('receive from master host...')
104 |         buff=''
105 |         while True:
106 |             d=sock.recv(4096)
107 |             buff+=d
108 |             if d.find('__EOF__')!=-1:
109 |                 break
110 |         sock.send('ack')
111 |         sock.close()
112 |         s.close()
113 |         # cut off last __EOF__
114 |         buff=buff[:-7]
115 |         # return to origin args
116 |         buff=buff.replace('__EOF___','__EOF__')
117 |         return buff
118 | 


--------------------------------------------------------------------------------
/lib/parse/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a7vinx/swarm/1713c1e8464725a543facd0065fea48cbfd894cb/lib/parse/__init__.py


--------------------------------------------------------------------------------
/lib/parse/args.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | from lib.core.exception import SwarmUseException
 5 | from lib.core.exception import SwarmParseException
 6 | 
 7 | def parse_port_list(ports):
 8 |     """
 9 |     Parse ports string like '80;443;1-1024' into port list.
10 | 
11 |     Returns:
12 |         A list consist of port, which type is int.
13 |     Raises:
14 |         SwarmParseException: An error occurred when parse ports.
15 |     """
16 |     try:
17 |         ret=[]
18 |         ports=ports.split(',')
19 |         for curport in ports:
20 |             midindex=curport.find('-')
21 |             if midindex!=-1:
22 |                 min=int(curport[:midindex],10)
23 |                 max=int(curport[midindex+1:],10)
24 |                 if min<0 or min>65535 or max<0 or max>65535:
25 |                     raise SwarmUseException('invalid ports')
26 |                 for x in range(min,max+1):
27 |                     ret.append(x)
28 |                 continue
29 |             curport=int(curport,10)
30 |             if curport<0 or curport>65535:
31 |                 raise SwarmUseException('invalid ports')
32 |             ret.append(curport)
33 |         # remove duplicate element
34 |         ret={}.fromkeys(ret).keys()
35 |         ret.sort()
36 |         return ret
37 |     except Exception as e:
38 |         raise SwarmParseException('ports')
39 | 
40 | def parse_digital_interval(interval):
41 |     """
42 |     Parse digital interval like '2-13' and return (minlen,maxlen) like (2,13).
43 | 
44 |     Returns:
45 |         Tuple contains minlen and maxlen, which type is int.
46 |     Raises:
47 |         SwarmParseException: An error occurred when parse digital interval.
48 |     """
49 |     try:
50 |         midindex=interval.find('-')
51 |         minlen=int(interval[:midindex],10)
52 |         maxlen=int(interval[midindex+1:],10)
53 |         return minlen,maxlen
54 |     except Exception as e:
55 |         raise SwarmParseException('len_interval')
56 | 
57 | def parse_charset(charset):
58 |     """
59 |     Parse charset like 'ABC Da-d' into 'ABC Dabcd'.
60 | 
61 |     Returns:
62 |         String like 'ABCDabcd'.
63 |     Raises:
64 |         SwarmParseException: An error occurred when parse charset.
65 |     """
66 |     try:
67 |         while True:
68 |             index=charset.find('-')
69 |             if index==-1:
70 |                 break
71 |             begin_chr=charset[index-1]
72 |             end_chr=charset[index+1]
73 |             dst=''
74 |             for x in range(ord(begin_chr),ord(end_chr)+1):
75 |                 dst+=chr(x)
76 |             charset=charset.replace(begin_chr+'-'+end_chr,dst)
77 |         ret = ''.join(x for i, x in enumerate(charset) if charset.index(x) == i) 
78 |         # LOG.debug('charset: %s'%ret)
79 |         return ret
80 |     except Exception as e:
81 |         raise SwarmParseException('charset')


--------------------------------------------------------------------------------
/lib/parse/cli.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | import argparse
 5 | import importlib
 6 | from lib.core.exception import SwarmUseException
 7 | from lib.core.exception import SwarmModuleException
 8 | 
 9 | def cli_parse(args):
10 |     parser=argparse.ArgumentParser()
11 | 
12 |     parser.add_argument('-m',dest='mod',metavar='MODULE',required=True,
13 |             help='Use module name in ./modules/ to enable it')
14 | 
15 |     # output option
16 |     output=parser.add_argument_group('Output',
17 |         'These option can be used to control output')
18 |     output.add_argument('-v',dest='verbose',action='store_true',help='Output more verbose')
19 |     output.add_argument('-c',dest='disable_col',action='store_true',
20 |             help='Disable colorful log output')
21 |     output.add_argument('-o',dest='logfile',metavar='PATH',
22 |             help='Record log in target file')
23 | 
24 |     # target option
25 |     target=parser.add_argument_group('Target',
26 |         'At least one of these options has to be provided to define target unless there is '
27 |         'another special option for defining target in the module')
28 |     target.add_argument('-t',dest='target',metavar='TARGET',nargs='*',
29 |             help='Separated by blank (eg: github.com 127.0.0.0/24 192.168.1.5)')
30 |     target.add_argument('-T',dest='target_file',metavar='PATH',
31 |             help='File that contains target list, one target per line')
32 | 
33 |     # swarm option
34 |     swarm=parser.add_argument_group('Swarm',
35 |         'Use these options to customize swarm connection. At least one of slave host '
36 |         'has to be provided.')
37 |     swarm.add_argument('-s',dest='swarm',metavar='SWARM',nargs='*',
38 |             help='Address of slave hosts with port if you need waken them'
39 |                 ' (eg: 192.168.1.2:9090 192.18.1.3:9191). '
40 |                 'No port if swarm-s on slave host has already run')
41 |     swarm.add_argument('-S',dest='swarm_file',metavar='PATH',
42 |             help='File that contains slave list, one host per line')
43 |     swarm.add_argument('--waken',dest='waken_cmd',metavar='CMD',
44 |             help='Command to waken up slave hosts, null if swarm-s on slave host has already run')
45 |     swarm.add_argument('--timeout',dest='timeout',metavar='TIME',type=float,
46 |             help='Seconds to wait before request to swarm getting response')
47 |     swarm.add_argument('--m-addr',dest='m_addr',metavar='ADDR',
48 |             help='Master address which is reachable by all slave hosts')
49 |     swarm.add_argument('--m-port',dest='m_port',metavar='PORT',type=int,
50 |             help='Listen port on master host to distribute task')
51 |     swarm.add_argument('--s-port',dest='s_port',metavar='PORT',type=int,
52 |             help='Listen port on slave host to receive command from master')
53 |     swarm.add_argument('--authkey',dest='authkey',metavar='KEY',
54 |             help='Auth key between master and slave hosts')
55 |     # swarm.add_argument('--sync',dest='sync_data',action='store_true',default=False,
56 |     #         help='Synchronize data like dictionary and vulnerability database etc')
57 | 
58 |     # database option
59 |     database=parser.add_argument_group('Database',
60 |         'These option can be used to access MongoDB server')
61 |     database.add_argument('--db-addr',dest='db_addr',metavar='ADDR',
62 |             help='Address of MongoDB server')
63 |     database.add_argument('--db-port',dest='db_port',metavar='PORT',type=int,
64 |             help='Listening port of MongoDB server')
65 | 
66 |     # common option
67 |     common=parser.add_argument_group('Common',
68 |         'These option can be used to customize common configuration of slave host')
69 |     common.add_argument('--process',dest='process_num',metavar='NUM',type=int,
70 |             help='Max number of concurrent process on slave host')
71 |     common.add_argument('--thread',dest='thread_num',metavar='NUM',type=int,
72 |             help='Max number of concurrent threads on slave host')
73 |     common.add_argument('--taskg',dest='task_granularity',metavar='NUM',type=int,
74 |             help='Granularity of subtasks from 1 to 3')
75 | 
76 |     try:
77 |         for curmod in args.modules:
78 |             module=importlib.import_module('modules.'+curmod+'.'+curmod)
79 |             module.add_cli_args(parser)
80 |     except ImportError as e:
81 |         raise SwarmModuleException('an error occurred when try to import module: '+curmod+
82 |             ' info: '+repr(e))
83 |     except Exception as e:
84 |         raise SwarmModuleException('an error occurred when add cli parse option of module:'+
85 |             curmod+' info: '+repr(e))
86 | 
87 |     parser.parse_args(namespace=args)
88 | 
89 |     if not any((args.target,args.target_file)):
90 |         raise SwarmUseException('At least one target need to be provided')
91 | 
92 |     if not any((args.swarm,args.swarm_file)):
93 |         raise SwarmUseException('At least one swarm need to be provided')
94 | 
95 | 


--------------------------------------------------------------------------------
/lib/parse/configfile.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | import importlib
 5 | import ConfigParser
 6 | from lib.core.exception import SwarmUseException
 7 | from lib.core.exception import SwarmModuleException
 8 | 
 9 | def configfile_parse(args):
10 |     try:
11 |         conf_parser=ConfigParser.ConfigParser()
12 |         conf_parser.read('/etc/swarm/swarm.conf')
13 | 
14 |         # output options
15 |         args.logfile=conf_parser.get('Output','logfile')
16 |         args.verbose=conf_parser.getboolean('Output','verbose')
17 |         args.disable_col=conf_parser.getboolean('Output','disable_col')
18 | 
19 |         # target options
20 |         args.target=conf_parser.get('Target','target')
21 |         args.target_file=conf_parser.get('Target','target_file')
22 |         args.target=args.target.split()
23 | 
24 |         # swarm options
25 |         args.swarm=conf_parser.get('Swarm','swarm')
26 |         args.swarm_file=conf_parser.get('Swarm','swarm_file')
27 |         args.timeout=conf_parser.getfloat('Swarm','timeout')
28 |         args.waken_cmd=conf_parser.get('Swarm','waken_cmd')
29 |         args.m_addr=conf_parser.get('Swarm','m_addr')
30 |         args.m_port=conf_parser.getint('Swarm','m_port')
31 |         args.s_port=conf_parser.getint('Swarm','s_port')
32 |         args.authkey=conf_parser.get('Swarm','authkey')
33 |         args.sync_data=conf_parser.getboolean('Swarm','sync_data')
34 |         args.swarm=args.swarm.split()
35 | 
36 |         # database options
37 |         args.db_addr=conf_parser.get('Database','db_addr')
38 |         args.db_port=conf_parser.getint('Database','db_port')
39 | 
40 |         # common options
41 |         args.process_num=conf_parser.getint('Common','process_num')
42 |         args.thread_num=conf_parser.getint('Common','thread_num')
43 |         args.task_granularity=conf_parser.getint('Common','task_granularity')
44 | 
45 |         # parse arguments of modules in confiuration file    
46 |         try:
47 |             for curmod in args.modules:
48 |                 module=importlib.import_module('modules.'+curmod+'.'+curmod)
49 |                 conf_parser=ConfigParser.ConfigParser()
50 |                 conf_parser.read('/etc/swarm/'+curmod+'.conf')
51 |                 module.parse_conf(args,conf_parser)
52 |         except ImportError as e:
53 |             # print repr(e)
54 |             raise SwarmModuleException('an error occured when try to import module: '+curmod+
55 |                 ' info: '+repr(e))
56 |         except Exception as e:
57 |             raise SwarmModuleException('an error occured when parse configuration file of module:'+
58 |                 curmod+' info: '+repr(e))
59 |         
60 |     except SwarmModuleException as e:
61 |         raise e
62 |     except Exception as e:
63 |         raise SwarmUseException('parse config file error: '+repr(e))
64 | 
65 | 


--------------------------------------------------------------------------------
/lib/parse/host.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | import socket
  5 | from IPy import IP
  6 | from lib.core.exception import SwarmNetException
  7 | from lib.core.exception import SwarmFileException
  8 | from lib.core.exception import SwarmParseException
  9 | 
 10 | def getlist(target='',target_file=''):
 11 |     """
 12 |     Return integrated ip and domain name list from target list and file, 
 13 |     with network segment parsed.
 14 | 
 15 |     Raises:
 16 |         SwarmNetException: time out when parsing target
 17 |         SwarmFileException: an error occurred when try to open target file
 18 |         SwarmParseException: an error occurred when try to parse arguments
 19 |     """
 20 |     try:
 21 |         iplist=[]
 22 |         if target!='':
 23 |             iplist.extend(target)
 24 | 
 25 |         if target_file!='':
 26 |             f=open(target_file,'r')
 27 |             targets=f.read()
 28 |             iplist.extend(targets.splitlines())
 29 |             f.close()
 30 |         # parse network segment and check
 31 |         iplist=_unite_list(iplist)
 32 |         return iplist
 33 |     except socket.timeout as e:    
 34 |         raise SwarmNetException('time out when parsing target')
 35 |     except IOError as e:
 36 |         raise SwarmFileException('can not open target file')
 37 |     except Exception as e:
 38 |         raise SwarmParseException('invalid address, or format error')
 39 | 
 40 | def getswarmlist(swarm='',swarm_file=''):
 41 |     """
 42 |     Return integrated ip and domain name list with port list from swarm list and file 
 43 |     like (['127.0.0.1','127.0.0.2','github.com'],[80,90,90]).
 44 | 
 45 |     Raises:
 46 |         SwarmNetException: time out when parsing target
 47 |         SwarmFileException: an error occurred when try to open target file
 48 |         SwarmParseException: an error occurred when try to parse arguments
 49 |     """
 50 |     try:
 51 |         rawlist=[]
 52 |         iplist=[]
 53 |         portlist=[]
 54 |         if swarm!='':
 55 |             rawlist.extend(swarm)
 56 | 
 57 |         if swarm_file!='':
 58 |             f=open(swarm_file,'r')
 59 |             swarm=f.read()
 60 |             rawlist.extend(swarm.splitlines())
 61 |             f.close()
 62 |         iplist,portlist=_unite_swarmlist(rawlist)
 63 |         return iplist,portlist
 64 |     except socket.timeout as e:
 65 |         raise SwarmNetException('time out when parsing target')
 66 |     except IOError as e:
 67 |         raise SwarmFileException('can not open target file')
 68 |     except Exception as e:
 69 |         raise SwarmParseException('invalid address, or format error')
 70 | 
 71 | def getiplist(srclist):
 72 |     """
 73 |     Return a complete ip list without domain name in it.
 74 |     """
 75 |     ret=[]
 76 |     for cur in srclist:
 77 |         ret.extend(_ipname2ip(cur))
 78 |     return ret
 79 | 
 80 | def removeip(srclist):
 81 |     """
 82 |     Remove ip in src(domain name or ip) list.
 83 |     """
 84 |     ret=[]
 85 |     for cur in srclist:
 86 |         try:
 87 |             IP(cur)
 88 |         except ValueError as e:    
 89 |             ret.append(cur)
 90 |     return ret
 91 | 
 92 | def _unite_swarmlist(rawlist):
 93 |     """
 94 |     Convert rawlist into ip list without domain name.
 95 |     """
 96 |     retip=[]
 97 |     retport=[]
 98 |     for x in rawlist:
 99 |         ipport=x.split(':')
100 |         port=ipport[1]
101 |         if int(port,10)<0 or int(port,10)>65535:
102 |             raise ValueError('port format error')
103 | 
104 |         ip=ipport[0]
105 |         # do check 
106 |         _try_ipname2ip(ip)
107 |         retip.append(ip)
108 |         retport.append(int(port,10))
109 |     return (retip,retport)
110 | 
111 | 
112 | def _unite_list(srclist):
113 |     """
114 |     Convert srclist into ip and domain name list without network segment.
115 |     """
116 |     ret=[]
117 |     # can not use enumetrate() here
118 |     for cur in srclist:
119 |         # if this is a network segment
120 |         if cur.find('/')!=-1:
121 |             ret.extend(_seg2iplist(cur))
122 |         else:
123 |             # just do check
124 |             _try_ipname2ip(cur)
125 |             ret.append(cur)
126 |     return ret
127 | 
128 | def _seg2iplist(seg):
129 |     iplist=[]
130 |     ip=IP(seg)
131 |     for x in ip:
132 |         iplist.append(x.strNormal())
133 |     return iplist
134 | 
135 | def _ipname2ip(src):
136 |     """
137 |     Convert src (domain name or ip) into ip list and do check meanwhile.
138 |     """
139 |     try:
140 |         retip=[]
141 |         retip.append(IP(src).strNormal())
142 |         return retip
143 |     # maybe it is a domain name so we have a try
144 |     except ValueError as e:
145 |         retip=[]
146 |         tmp=socket.getaddrinfo(src,None)
147 |         for cur in tmp:
148 |             retip.append(cur[4][0])
149 |         return {}.fromkeys(retip).keys()
150 | 
151 | def _try_ipname2ip(src):
152 |     try:
153 |         IP(src)
154 |     except ValueError as e:
155 |         # maybe it is a domain name so we have a try
156 |         socket.getaddrinfo(src,None)
157 | 
158 | 
159 | 


--------------------------------------------------------------------------------
/lib/utils/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a7vinx/swarm/1713c1e8464725a543facd0065fea48cbfd894cb/lib/utils/__init__.py


--------------------------------------------------------------------------------
/lib/utils/banner.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | import time
 5 | 
 6 | timeformat='%H:%M:%S'
 7 | 
 8 | def begin_banner():
 9 |     print ''
10 |     print '[*] swarm starting at '+time.strftime(timeformat,time.localtime())
11 |     print ''
12 | 
13 | def end_banner():
14 |     print ''
15 |     print '[*] swarm shutting down at '+time.strftime(timeformat,time.localtime())
16 |     print ''


--------------------------------------------------------------------------------
/lib/utils/brute.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | def generate_bflist(charset,begin_str='',end_str=''):
 5 |     """
 6 |     Use chars in charset to generate string list used for brute force.
 7 |     No check here.
 8 |     """
 9 |     ret=[]
10 |     maxlen=len(end_str)
11 |     index_list=[-1 for x in range(maxlen)]
12 |     end_list=[-1 for x in range(maxlen)]    
13 |     for index,cur in enumerate(reversed(begin_str)):
14 |         index_list[index]=charset.find(cur)
15 |     for index,cur in enumerate(reversed(end_str)):
16 |         end_list[index]=charset.find(cur)
17 |     
18 |     while True:
19 |         ret.append(_indexlist2str(charset,index_list))
20 |         index_list[0]+=1
21 |         # check carry
22 |         for cur in range(maxlen):
23 |             if index_list[cur]==len(charset):
24 |                 if cur==maxlen-1:
25 |                     break
26 |                 index_list[cur+1]+=1
27 |                 index_list[cur]=0
28 |         # check end
29 |         if index_list==end_list:
30 |             # convert the last
31 |             ret.append(_indexlist2str(charset,index_list))
32 |             break
33 |     return ret
34 | 
35 | def _indexlist2str(charset,index_list):
36 |     cur_str=''
37 |     for x in reversed(index_list):
38 |         if x!=-1:
39 |             cur_str+=charset[x]
40 |     return cur_str
41 | 


--------------------------------------------------------------------------------
/lib/utils/sitemap.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | def draw_sitemap(contentl):
 5 |     """
 6 |     Args:
 7 |         contentl: A mongodb cursor object which should has key 'domain','url','query',
 8 |         'method','content_type','params'
 9 | 
10 |     """
11 |     # contentlist.sort(cmp=)
12 |     if contentl.count()==0:
13 |         print 'nothing find here'
14 |         return
15 |     urll=[]
16 |     for cur in contentl:
17 |         re_url='/'+'/'.join(cur['url'].split('/')[3:])
18 |         urll.append(re_url)
19 |     urll={}.fromkeys(urll).keys()
20 |     urll.sort()
21 |     for cur in urll:
22 |         print cur
23 | 


--------------------------------------------------------------------------------
/lib/utils/subtasks.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | from lib.parse.args import parse_digital_interval
 5 | from lib.parse.args import parse_charset
 6 | from lib.utils.brute import generate_bflist
 7 | 
 8 | def generate_compbrute_subtask(targetlist,len_interval,charset,granularity):
 9 |     """
10 |     Format:
11 |         target|comp|charset|begin_str|end_str
12 |     """
13 |     # convert granularity
14 |     granularity+=2
15 | 
16 |     # parse interval of subdomain name length
17 |     minlen,maxlen=parse_digital_interval(len_interval)
18 |     # parse char set
19 |     charset=parse_charset(charset)
20 | 
21 |     subtasklist=[]
22 |     for cur_target in targetlist:
23 |         begin_str=''
24 |         if maxlen<granularity:
25 |             begin_str=minlen*charset[0]
26 |             end_str=maxlen*charset[-1]
27 |             task='|'.join([cur_target,'comp',charset,begin_str,end_str])
28 |             subtasklist.append(task)
29 |             continue
30 | 
31 |         if minlen<granularity:
32 |             begin_str=minlen*charset[0]
33 |             end_str=(granularity-1)*charset[-1]
34 |             task='|'.join([cur_target,'comp',charset,begin_str,end_str])
35 |             subtasklist.append(task)
36 | 
37 |         bflist=generate_bflist(charset,charset[0],(maxlen-granularity+1)*charset[-1])
38 |         for pre_str in bflist:
39 |             begin_str=pre_str+(granularity-1)*charset[0]
40 |             end_str=pre_str+(granularity-1)*charset[-1]
41 |             task='|'.join([cur_target,'comp',charset,begin_str,end_str])
42 |             subtasklist.append(task)
43 |     return subtasklist
44 | 
45 | def generate_dictbrute_subtask(targetlist,dict_path,granularity):
46 |     """
47 |     Format:
48 |         target|dict|dict_path|start_line|scan_lines
49 |     Raises:
50 |         IOError: error when try to open target dict
51 |     """
52 |     # convert granularity
53 |     granularity=10**(granularity+1)
54 | 
55 |     # get total number of dictionary lines
56 |     with open(dict_path) as fp:
57 |         sumline=sum(1 for i in fp)
58 | 
59 |     subtasklist=[]
60 |     for cur_target in targetlist:
61 |         # begin from fisrt line
62 |         cur_line=1
63 |         while True:
64 |             # after next calculation, cur_line point to next start line 
65 |             if (cur_line+granularity)>sumline:
66 |                 lines=sumline-cur_line+1
67 |             else:
68 |                 lines=granularity
69 |             task='|'.join([cur_target,'dict',dict_path,str(cur_line),str(lines)])
70 |             subtasklist.append(task)
71 |             # update current line 
72 |             cur_line+=granularity
73 |             if cur_line>sumline:
74 |                 break
75 |     return subtasklist
76 | 


--------------------------------------------------------------------------------
/lib/utils/utils.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | import copy
 5 | from lib.core.exception import SwarmParseException
 6 | 
 7 | def merge_ports(portl):
 8 |     """
 9 |     Args:
10 |         portl(list): a list consist of int value represents ports.
11 |     Returns:
12 |         A string like ['2','4-100','200']
13 |     """
14 |     ret=[]
15 |     index=0
16 |     while index<len(portl)-1:
17 |         if portl[index]+1==portl[index+1]:
18 |             begin=index
19 |             end=index
20 |             while index<len(portl)-1 and portl[index]+1==portl[index+1]:
21 |                 index+=1
22 |                 end=index
23 |             ret.append(str(portl[begin])+'-'+str(portl[end]))
24 |         else:
25 |             ret.append(str(portl[index]))
26 |             index+=1
27 |     if len(ret)==0 and len(portl)!=0:
28 |         ret.append(str(portl[-1]))
29 | 
30 |     if ret[-1].find('-')==-1:
31 |         ret.append(str(portl[-1]))
32 |     return ret
33 | 
34 | def merge_querys(url1,url2):
35 |     """
36 |     Merge two query params string like 'p1=param&p2=param' into one query string 
37 |     with Deduplication. 
38 |     """
39 |     l1=[x.split('=')[1] for x in url1.split('&') if len(x.split('='))==2]
40 |     l2=[x.split('=')[1] for x in url2.split('&') if len(x.split('='))==2]
41 |     retl=copy.copy(l1)
42 |     for x in l2:
43 |         if x not in l1:
44 |             retl.append(x)
45 |     rets='=param&'.join(retl)+'=param' if len(retl)!=0 else ''
46 |     return rets
47 | 
48 | def input2json(input):
49 |     """
50 |     Add double quotes in argument "input" in order to make json.loads() can execute 
51 |     correctly.
52 |     """
53 |     try:
54 |         ret=input
55 |         readyl=['{','}',':',',','[',']','"']
56 |         for sym in ['{','}',':',',','[',']']:
57 |             index=ret.find(sym)
58 |             while index!=-1:
59 |                 if index==0:
60 |                     ret=ret[0]+'"'+ret[1:] if ret[1]!='"' else ret 
61 |                 elif index==len(ret)-1:
62 |                     ret=ret[:-1]+'"'+ret[-1] if ret[-2]!='"' else ret
63 |                 else:
64 |                     ret=ret[:index+1]+'"'+ret[index+1:] if ret[index+1] not in readyl else ret
65 |                     ret=ret[:index]+'"'+ret[index:] if ret[index-1] not in readyl else ret
66 |                 # find next
67 |                 index=ret.find(sym,index+1)
68 |         return ret
69 |     except Exception, e:
70 |         raise SwarmParseException('json')
71 | 
72 | 


--------------------------------------------------------------------------------
/modules/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a7vinx/swarm/1713c1e8464725a543facd0065fea48cbfd894cb/modules/__init__.py


--------------------------------------------------------------------------------
/modules/dirsc/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a7vinx/swarm/1713c1e8464725a543facd0065fea48cbfd894cb/modules/dirsc/__init__.py


--------------------------------------------------------------------------------
/modules/dirsc/dirsc.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | import requests
  5 | from multiprocessing.dummy import Pool
  6 | from multiprocessing import TimeoutError
  7 | from lib.parse.args import parse_port_list
  8 | from lib.utils.brute import generate_bflist
  9 | from lib.utils.subtasks import generate_compbrute_subtask
 10 | from lib.utils.subtasks import generate_dictbrute_subtask
 11 | from lib.core.logger import LOG
 12 | from lib.core.exception import SwarmUseException
 13 | from lib.core.exception import SwarmParseException
 14 | 
 15 | 
 16 | def add_cli_args(cli_parser):
 17 |     # dir scan options
 18 |     dir_scan=cli_parser.add_argument_group('Directory Scan',
 19 |         'These option can be used to customize swarm action of directory scan')
 20 |     dir_scan.add_argument('--dir-http-port',dest='dir_http_port',metavar='PORT',
 21 |             help="Separated by comma if you need multiple ports")
 22 |     dir_scan.add_argument('--dir-https-port',dest='dir_https_port',metavar='PORT',
 23 |             help="Separated by comma if you need multiple ports")
 24 |     dir_scan.add_argument('--dir-compbrute',dest='dir_compbrute',action='store_true',
 25 |             help='Use complete brute force without dictionary on target')
 26 |     dir_scan.add_argument('--dir-charset',dest='dir_charset',metavar='SET',
 27 |             help='Charset used for complete brute foce')
 28 |     dir_scan.add_argument('--dir-len',dest='dir_len',metavar='LEN',
 29 |             help='Length interval of directory name or file name')
 30 |     dir_scan.add_argument('--dir-dict',dest='dir_dict',metavar='PATH',
 31 |             help='Path to dictionary used for directory scan')
 32 |     dir_scan.add_argument('--dir-maxdepth',dest='dir_maxdepth',metavar='NUM',type=int,
 33 |             help='Max depth in directory and file scan')
 34 |     dir_scan.add_argument('--dir-timeout',dest='dir_timeout',metavar='TIME',type=float,
 35 |             help='Timeout option for directory scan')
 36 |     dir_scan.add_argument('--dir-not-exist',dest='dir_not_exist',metavar='FLAG',
 37 |             help="Separated by double comma if you need multiple flags")
 38 |     dir_scan.add_argument('--dir-quick-scan',dest='dir_quick_scan',action='store_true',
 39 |             help='Use HEAD method instead of GET in scan')
 40 | 
 41 | def parse_conf(args,conf_parser):
 42 |     # directory and file scan options
 43 |     args.dir_http_port=conf_parser.get('Directory Scan','dir_http_port')
 44 |     args.dir_https_port=conf_parser.get('Directory Scan','dir_https_port')
 45 |     args.dir_compbrute=conf_parser.getboolean('Directory Scan','dir_compbrute')
 46 |     args.dir_charset=conf_parser.get('Directory Scan','dir_charset')
 47 |     args.dir_len=conf_parser.get('Directory Scan','dir_len')
 48 |     args.dir_dict=conf_parser.get('Directory Scan','dir_dict')
 49 |     args.dir_maxdepth=conf_parser.getint('Directory Scan','dir_maxdepth')
 50 |     args.dir_timeout=conf_parser.getfloat('Directory Scan','dir_timeout')
 51 |     args.dir_not_exist=conf_parser.get('Directory Scan','dir_not_exist')
 52 |     args.dir_quick_scan=conf_parser.getboolean('Directory Scan','dir_quick_scan')
 53 | 
 54 | class Master(object):
 55 |     """
 56 |     Directories and files scan task distributor and task result handler.
 57 | 
 58 |     Use a dict with domain name as keys and a list contains subdomain names as values to store
 59 |     scan result.
 60 |     For example:
 61 | 
 62 |     {'github.com':['gist.github.com','XX.github.com'],
 63 |      'stackoverflow.com':['XX.stackoverflow.com',]} 
 64 | 
 65 |     Task Format:
 66 |         Task:
 67 |         target|dict|dict_path|start_line|scan_lines
 68 |         target|comp|charset|begin_str|end_str
 69 |         Result:
 70 |         URL;URL;URL
 71 |         no dir
 72 |     Example:
 73 |         Put task:
 74 |         github.com|dict|./dictionary/dir.dict|1000|900
 75 |         github.com|comp|ABCabc|A|cccc
 76 |         Get result:
 77 |         no dir
 78 |         https://github.com/something;https://github.com/something/something
 79 |     """
 80 |     def __init__(self, args):
 81 |         super(Master, self).__init__()
 82 |         self._args = args    
 83 | 
 84 |         if self._args.dir_http_port=='' and self._args.dir_https_port=='':
 85 |             raise SwarmUseException('at least one http or https port should be specified')
 86 |         
 87 |         http_portl=[]
 88 |         https_portl=[]
 89 |         # just used for check validity here
 90 |         try:
 91 |             if self._args.dir_http_port!='':
 92 |                 http_portl=parse_port_list(self._args.dir_http_port)
 93 |             if self._args.dir_https_port!='':
 94 |                 https_portl=parse_port_list(self._args.dir_https_port)
 95 |         except SwarmParseException as e:
 96 |             raise SwarmUseException('invalid http or https port argument in directory scan')
 97 | 
 98 |         # initial _url_list_orig.
 99 |         # it should prepare a list contains valid targets like:
100 |         # 
101 |         # ['http://github.com:81','http://XX.com:80','https://github.com:9090']
102 |         self._url_list_orig=[]
103 |         for curhost in self._args.target_list:
104 |             for curport in http_portl:
105 |                     self._url_list_orig.append('http://'+curhost+':'+str(curport))
106 |             for curport in https_portl:
107 |                     self._url_list_orig.append('https://'+curhost+':'+str(curport))
108 | 
109 |         if self._args.dir_maxdepth<0:
110 |             raise SwarmUseException('directory max depth can not be negative')
111 |         if self._args.dir_maxdepth==0:
112 |             self._args.dir_maxdepth=9999
113 |         
114 |         # initial url_list 
115 |         self._url_list=[x+'/' for x in self._url_list_orig]    
116 |         # record current dir depth
117 |         self._curdepth=0
118 | 
119 |     def generate_subtasks(self):
120 |         """
121 |         Decomposition directory and file scan task and distribute tasks, get result from swarm.
122 |         Task granularity should not be too small or too huge.
123 |         """
124 |         self._curdepth+=1
125 |         # if it is out of range, end this task
126 |         if self._curdepth>self._args.dir_maxdepth:
127 |             return []
128 |         # if there is no dir can be scan, end this task
129 |         if len(self._url_list)==0:
130 |             return []
131 |         # begin discomposition
132 |         if self._args.dir_compbrute==True:
133 |             try:
134 |                 # generate list of subtasks 
135 |                 subtasklist=generate_compbrute_subtask(self._url_list,self._args.dir_len,
136 |                     self._args.dir_charset,self._args.task_granularity)
137 |             except SwarmParseException as e:
138 |                 raise SwarmUseException('invalid directory '+str(e)+', or format error')
139 |         else:
140 |             if dict=='':
141 |                 raise SwarmUseException('directory dictionary need to be provided')
142 |             try:
143 |                 # generate list of subtasks
144 |                 subtasklist=generate_dictbrute_subtask(self._url_list,self._args.dir_dict,
145 |                     self._args.task_granularity)
146 |             except IOError as e:
147 |                 raise SwarmUseException('can not open dictionary for directory scan, path:%s'%(dict))
148 |         # clear url_list for next iteration
149 |         self._url_list=[]
150 |         return subtasklist
151 | 
152 |     def handle_result(self,result):
153 |         if result!='no dir or file':
154 |             result_list=result.split(';')
155 |             # store result into url_list for next scan 
156 |             for x in result_list:
157 |                 if x[-1]=='/':
158 |                     self._url_list.append(x)
159 |             # store result into final result
160 |             key='/'.join(result_list[0].split('/')[:3])
161 |             self._args.coll.insert({'domain':key,'content':[x[len(key):] for x in result_list]})
162 | 
163 | 
164 |     def report(self):
165 |         for curdomain in self._url_list_orig:
166 |             all_content=[]
167 |             content=self._args.coll.find({'domain':curdomain})
168 |             for cur in content:
169 |                 all_content.extend(cur['content'])
170 |             print '============= scan result of '+curdomain+' =============='
171 |             print '\n'.join(all_content)
172 |         print '================================================================='        
173 | 
174 | class Slave(object):
175 |     """
176 |     Directory and file scanner providing functions of crawler, complete brute force and 
177 |     dictionary brute force.
178 | 
179 |     Task Format:
180 |         Task:
181 |         target|dict|dict_path|start_line|scan_lines
182 |         target|comp|charset|begin_str|end_str
183 |         Result:
184 |         URL;URL;URL
185 |         no dir
186 |     Example:
187 |         Put task:
188 |         github.com|dict|./dictionary/dir.dict|1000|900
189 |         github.com|comp|ABCabc|A|cccc
190 |         Get result:
191 |         no dir
192 |         https://github.com/something;https://github.com/something/something
193 | 
194 |     """
195 |     def __init__(self, args):
196 |         super(Slave, self).__init__()
197 |         self._pool=Pool(args.thread_num)
198 |         self._timeout=args.dir_timeout
199 |         self._not_exist_flag=args.dir_not_exist.split(',,')
200 |         self._quick_mode=args.dir_quick_scan
201 | 
202 |     def do_task(self,task):
203 |         task=task.split('|')
204 |         if task[1]=='dict':
205 |             result=self.dict_brute(task[0],task[2],task[3],task[4])
206 |         else:
207 |             result=self.complete_brute(task[0],task[2],task[3],task[4])
208 |         return result
209 | 
210 |     def complete_brute(self,target,charset,begin_str,end_str):
211 |         resultl=[]
212 |         bflist=generate_bflist(charset,begin_str,end_str)
213 |         for cur in bflist:
214 |             cur_target=target+cur
215 |             resultl.append(self._pool.apply_async(self._scan_target,args=(cur_target,)))
216 |         return self._get_result(resultl)
217 | 
218 |     def dict_brute(self,target,dict_path,start_line,lines):
219 |         resultl=[]
220 |         lines=int(lines,10)
221 |         start_line=int(start_line,10)
222 |         with open(dict_path) as fp:
223 |             fcontent=fp.readlines()
224 |             for cur_index in range(lines):
225 |                 cur_target=target+fcontent[start_line+cur_index-1].strip()
226 |                 resultl.append(self._pool.apply_async(self._scan_target,args=(cur_target,)))
227 |         return self._get_result(resultl)
228 | 
229 |     def _get_result(self,resultl):
230 |         result=''
231 |         # get result from list
232 |         for cur in resultl:
233 |             try:
234 |                 result+=cur.get(timeout=self._timeout)
235 |             except TimeoutError as e:
236 |                 continue
237 |         # deal with result
238 |         if result=='':
239 |             result='no dir or file'
240 |         else:
241 |             result=result[:-1]
242 |         return result
243 | 
244 |     def _scan_target(self,target):
245 |         LOG.debug('scan target: %s'%target)
246 |         if self._quick_mode:
247 |             return self._scan_target_quick(target)
248 |         else:
249 |             return self._scan_target_normal(target)
250 | 
251 |     def _scan_target_normal(self,target):
252 |         try:
253 |             r=requests.head(target)
254 |             #it maybe a directory
255 |             if self._check_eponymous_dir(r,target):
256 |                 return target+'/;'
257 | 
258 |             if self._check_exist_code(r.status_code):
259 |                 # check content
260 |                 r=requests.get(target)
261 |                 if self._check_exist_code(r.status_code):
262 |                     for cur in self._not_exist_flag:
263 |                         if r.text.find(cur)!=-1:
264 |                             return ''
265 |                     return target+';'
266 |             return ''
267 |         except Exception as e:
268 |             return ''
269 | 
270 |     def _scan_target_quick(self,target):
271 |         try:
272 |             r=requests.head(target)
273 |             #it maybe a directory
274 |             if self._check_eponymous_dir(r,target):
275 |                 return target+'/;'
276 | 
277 |             if self._check_exist_code(r.status_code):
278 |                 return target+';'
279 |             else:
280 |                 return ''
281 |         except Exception as e:
282 |             return ''
283 | 
284 |     def _check_exist_code(self,code):
285 |         if code<300 or code==401 or code==403:
286 |             return True
287 |         return False
288 | 
289 |     def _check_eponymous_dir(self,r,target):
290 |         """
291 |         Args:
292 |             r: response of request to URL 'target'
293 |             target: URL of one file which wait to be check wether exist eponymous directory
294 |         Returns:
295 |             True if the response means there is a eponymous directory with target file.
296 |             Otherwise return False.
297 |         """
298 |         if r.status_code==301:
299 |             if r.headers['Location']==target+'/':
300 |                 return True
301 |             else:
302 |                 targetl=target.split('/')
303 |                 targetl[2]=targetl[2].split(':')[0]
304 |                 target='/'.join(targetl)
305 |                 if r.headers['Location']==target+'/':
306 |                     return True
307 |         return False
308 |         
309 | 


--------------------------------------------------------------------------------
/modules/domainsc/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a7vinx/swarm/1713c1e8464725a543facd0065fea48cbfd894cb/modules/domainsc/__init__.py


--------------------------------------------------------------------------------
/modules/domainsc/domainsc.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | import socket
  5 | import copy
  6 | from multiprocessing.dummy import Pool
  7 | from multiprocessing import TimeoutError
  8 | from lib.utils.brute import generate_bflist
  9 | from lib.core.logger import LOG
 10 | from lib.parse.host import removeip
 11 | from lib.utils.subtasks import generate_compbrute_subtask
 12 | from lib.utils.subtasks import generate_dictbrute_subtask
 13 | from lib.core.exception import SwarmParseException
 14 | from lib.core.exception import SwarmUseException
 15 | 
 16 | def add_cli_args(cli_parser):
 17 |     # domain scan options
 18 |     domain_scan=cli_parser.add_argument_group('Domain Scan',
 19 |         'Thes option can be used to customize swarm action of subdomain name scan')
 20 |     domain_scan.add_argument('--dom-compbrute',dest='domain_compbrute',action='store_true',
 21 |             help='Use complete brute force without dictionary on target')
 22 |     domain_scan.add_argument('--dom-dict',dest='domain_dict',metavar='PATH',
 23 |             help='Path to dictionary used for subdomain name scan')
 24 |     domain_scan.add_argument('--dom-maxlevel',dest='domain_maxlevel',metavar='NUM',
 25 |             help='Max level of subdomain name to scan')
 26 |     domain_scan.add_argument('--dom-charset',dest='domain_charset',metavar='SET',
 27 |             help='Charset used for complete brute foce')
 28 |     domain_scan.add_argument('--dom-levellen',dest='domain_levellen',metavar='LEN',
 29 |             help='Length interval of subdomain name each level')
 30 |     domain_scan.add_argument('--dom-timeout',dest='domain_timeout',metavar='TIME',type=float,
 31 |             help='Timeout option for subdomain name scan')
 32 | 
 33 | def parse_conf(args,conf_parser):
 34 |     # domain scan options
 35 |     args.domain_compbrute=conf_parser.getboolean('Domain Scan','domain_compbrute')
 36 |     args.domain_dict=conf_parser.get('Domain Scan','domain_dict')
 37 |     args.domain_maxlevel=conf_parser.getint('Domain Scan','domain_maxlevel')
 38 |     args.domain_charset=conf_parser.get('Domain Scan','domain_charset')
 39 |     args.domain_levellen=conf_parser.get('Domain Scan','domain_levellen')
 40 |     args.domain_timeout=conf_parser.getfloat('Domain Scan','domain_timeout')
 41 | 
 42 | 
 43 | class Master(object):
 44 |     """
 45 |     Subdomain name task distributor and task result handler.
 46 | 
 47 |     Use a dict with domain name as keys and a list contains subdomain names as values
 48 |     to store result get from swarm.
 49 |     For example:
 50 | 
 51 |     {'github.com':['gist.github.com','XX.github.com'],
 52 |      'stackoverflow.com':['XX.stackoverflow.com',]} 
 53 | 
 54 |     Task Format:
 55 |         Task:
 56 |         domain name|dict|dict_path|start_line|scan_lines
 57 |         domain name|comp|charset|begin_str|end_str
 58 |         Result:
 59 |         subdomain name;subdomain name;subdomain name
 60 |         no subdomain
 61 |     Example:
 62 |         put task:
 63 |         github.com|dict|./dictionary/domain.dict|2000|3000
 64 |         github.com|comp|ABCDEFGHIJKLMN8980|DAAA|D000
 65 |         get result:
 66 |         gist.github.com;XX.github.com
 67 |         no subdomain
 68 |     """
 69 |     def __init__(self, args):
 70 |         super(Master, self).__init__()
 71 |         self._args = args
 72 |         self._domain_list=removeip(self._args.target_list)
 73 |         # copy it for quick query 
 74 |         self._domain_list_orig=copy.copy(self._domain_list)
 75 |         # do some check
 76 |         if len(self._domain_list)==0:
 77 |             raise SwarmUseException('domain name must be provided')            
 78 |         if self._args.domain_maxlevel<=0:
 79 |             raise SwarmUseException('subdomain name max level must be positive')
 80 | 
 81 |         # initial the collection
 82 |         self._args.coll.insert({'root':self._domain_list})
 83 |         # record current subdomain name level
 84 |         self._curlevel=0
 85 | 
 86 |     def generate_subtasks(self):
 87 |         """
 88 |         Decomposition domain name scan task and distribute tasks, get result from swarm.
 89 |         Task granularity should not be too small or too huge.
 90 |         """    
 91 |         self._curlevel+=1
 92 |         # if it is out of range, end this task
 93 |         if self._curlevel>self._args.domain_maxlevel:
 94 |             return []
 95 | 
 96 |         # begin to discomposition 
 97 |         if self._args.domain_compbrute==True:                
 98 |             try:
 99 |                 # generate list of subtasks
100 |                 subtasklist=generate_compbrute_subtask(self._domain_list,self._args.domain_levellen,
101 |                     self._args.domain_charset,self._args.task_granularity)
102 |             except SwarmParseException as e:
103 |                 raise SwarmUseException('invalid subdomain name '+str(e)+', or format error')
104 |         # use dictionary 
105 |         else:
106 |             if self._args.domain_dict=='':
107 |                 raise SwarmUseException('domain name dictionary need to be provided')
108 | 
109 |             try:
110 |                 # generate list of subtasks
111 |                 subtasklist=generate_dictbrute_subtask(self._domain_list,self._args.domain_dict,
112 |                     self._args.task_granularity)
113 |             except IOError as e:
114 |                 raise SwarmUseException('can not open dictionary for domain scan, path:%s'%(dict))    
115 |         # clear domain list for next iteration
116 |         self._domain_list=[]
117 |         return subtasklist    
118 | 
119 |     def handle_result(self,result):    
120 |         if result!='no subdomain':
121 |             resultl=result.split(';')
122 |             # update domain name list for next iteration
123 |             self._domain_list.extend(resultl)
124 |             # add it into scan result meanwhile
125 |             for curkey in self._domain_list_orig:
126 |                 if resultl[0].find(curkey)==len(resultl[0])-len(curkey):
127 |                     self._args.coll.insert({'domain':curkey,'subdomain':resultl})
128 |                     break
129 | 
130 |     def report(self):
131 |         for curdomain in self._domain_list_orig:
132 |             all_subdomain=[]
133 |             subdomain=self._args.coll.find({'domain':curdomain})
134 |             for cursub in subdomain:
135 |                 all_subdomain.extend(cursub['subdomain'])
136 |             print '============= scan result of '+curdomain+' =============='
137 |             print '\n'.join(all_subdomain)
138 |         print '========================================================='
139 |         
140 | 
141 | class Slave(object):
142 |     """
143 |     Subdomain name scanner providing functions of complete brute force and dictionary 
144 |     brute force.
145 | 
146 |     Task Format:
147 |         Task:
148 |         domain name|dict|dict_path|start_line|scan_lines
149 |         domain name|comp|charset|begin_str|end_str
150 |         Result:
151 |         subdomain name;subdomain name;subdomain name
152 |         no subdomain
153 |     Example:
154 |         put task:
155 |         github.com|dict|./dictionary/domain.dict|2000|3000
156 |         github.com|comp|ABCDEFGHIJKLMN8980|DAAA|D000
157 |         get result:
158 |         gist.github.com;XX.github.com
159 |         no subdomain
160 |     """
161 |     def __init__(self, args):
162 |         super(Slave, self).__init__()
163 |         self._pool=Pool(args.thread_num)
164 |         self._timeout=args.domain_timeout
165 |         
166 |     def do_task(self,task):
167 |         task=task.split('|')
168 |         if task[1]=='dict':
169 |             result=self.dict_brute(task[0],task[2],task[3],task[4])
170 |         else:
171 |             result=self.complete_brute(task[0],task[2],task[3],task[4])
172 |         return result
173 | 
174 |     def complete_brute(self,target,charset,begin_str,end_str):
175 |         resultl=[]
176 |         bflist=generate_bflist(charset,begin_str,end_str)
177 |         for cur in bflist:
178 |             cur_target=cur+'.'+target
179 |             resultl.append(self._pool.apply_async(self._scan_target,args=(cur_target,)))
180 |         return self._get_result(resultl)
181 | 
182 |     def dict_brute(self,target,dict_path,start_line,lines):
183 |         resultl=[]
184 |         lines=int(lines,10)
185 |         start_line=int(start_line,10)
186 |         with open(dict_path) as fp:
187 |             fcontent=fp.readlines()
188 |             for cur_index in range(lines):
189 |                 cur_target=fcontent[start_line+cur_index-1].strip()+'.'+target
190 |                 resultl.append(self._pool.apply_async(self._scan_target,args=(cur_target,)))
191 |         return self._get_result(resultl)
192 | 
193 |     def _get_result(self,resultl):
194 |         result=''
195 |         # get result from list
196 |         for cur in resultl:
197 |             try:
198 |                 result+=cur.get(timeout=self._timeout)
199 |             except TimeoutError as e:
200 |                 continue
201 |         # deal with result
202 |         if result=='':
203 |             result='no subdomain'
204 |         else:
205 |             result=result[:-1]
206 |         return result
207 |                 
208 |     def _scan_target(self,target):
209 |         try:
210 |             LOG.debug('scan target: %s'%target)
211 |             socket.getaddrinfo(target,None)
212 |             return target+';'
213 |         except Exception as e:
214 |             return ''
215 | 
216 |     


--------------------------------------------------------------------------------
/modules/intruder/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a7vinx/swarm/1713c1e8464725a543facd0065fea48cbfd894cb/modules/intruder/__init__.py


--------------------------------------------------------------------------------
/modules/intruder/intruder.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | import requests
  5 | import json
  6 | from multiprocessing.dummy import Pool
  7 | from multiprocessing import TimeoutError
  8 | from lib.utils.utils import input2json
  9 | from lib.utils.brute import generate_bflist
 10 | from lib.utils.subtasks import generate_compbrute_subtask
 11 | from lib.utils.subtasks import generate_dictbrute_subtask
 12 | from lib.parse.args import parse_digital_interval
 13 | from lib.parse.args import parse_charset
 14 | from lib.core.exception import SwarmUseException
 15 | from lib.core.exception import SwarmParseException
 16 | from lib.core.logger import LOG
 17 | 
 18 | def add_cli_args(cli_parser):
 19 |     # intruder options
 20 |     intruder=cli_parser.add_argument_group('Intruder',
 21 |         "Use indicator symbol '@n@' where 'n' should be a number, like '@0@','@1@' "
 22 |         "etc to specify attack point in option 'int_target' and 'int_body'. Use "
 23 |         "'int_payload' option to specify payload used on these attack point to "
 24 |         "complete this attack.")
 25 |     intruder.add_argument('--int-target',dest='int_target',metavar='URLS',nargs='*',
 26 |             help="Use this option instead of '-t' or '-T' options to specify targets,"
 27 |                 "separated by comma")
 28 |     intruder.add_argument('--int-method',dest='int_method',metavar='METHOD',
 29 |             help='Http method used in this attack')
 30 |     intruder.add_argument('--int-headers',dest='int_headers',metavar='JSON',
 31 |             help='A JSON format data.(eg: {"User-Agent":"Mozilla/5.0","Origin":"XXX"})')
 32 |     intruder.add_argument('--int-cookies',dest='int_cookies',metavar='COOKIES',
 33 |             help='Separated by comma. (eg: PHPSESSIONID:XX,token:XX)')
 34 |     intruder.add_argument('--int-body',dest='int_body',metavar='BODY',
 35 |             help='HTTP or HTTPS body. You can use indicator symbol in this option')
 36 |     intruder.add_argument('--int-payload',dest='int_payload',metavar='PAYLOAD',
 37 |             help="The format should follow '@0@:PATH,@1@:CHARSET:NUM-NUM'")
 38 |     intruder.add_argument('--int-flag',dest='int_flags',metavar='FLAGS',
 39 |             help='Separated by double comma if you have multiple flags')
 40 |     intruder.add_argument('--int-timeout',dest='int_timeout',metavar='TIME',type=float,
 41 |             help='Timeout option for intruder module')
 42 | 
 43 | def parse_conf(args,conf_parser):
 44 |     # intruder options
 45 |     args.int_target=conf_parser.get('Intruder','int_target')
 46 |     args.int_method=conf_parser.get('Intruder','int_method')
 47 |     args.int_headers=conf_parser.get('Intruder','int_headers')
 48 |     args.int_cookies=conf_parser.get('Intruder','int_cookies')
 49 |     args.int_body=conf_parser.get('Intruder','int_body')
 50 |     args.int_payload=conf_parser.get('Intruder','int_payload')
 51 |     args.int_flags=conf_parser.get('Intruder','int_flags')
 52 |     args.int_timeout=conf_parser.getfloat('Intruder','int_timeout')
 53 | 
 54 |     # in order to pass the check on args.target 
 55 |     args.target=['127.0.0.1',]
 56 |     args.int_target=args.int_target.split(',')
 57 | 
 58 | class Master(object):
 59 |     """
 60 |     Intruder task distributor and task result handler.
 61 | 
 62 |     Task format:
 63 |         Task:
 64 |         url|body|dict|dict_path|start_line|scan_lines
 65 |         url|body|comp|charset|begin_str|end_str
 66 |         Result:
 67 |         URL,PAYLOAD;URL,PAYLOAD
 68 |         nothing here
 69 |     Example:
 70 |         put task:
 71 |         https://github.com/XX.php?pw=@@@||dict|./dict/test.dict|1|1000
 72 |         http://XX.com:4040/XX.php||comp|a-z|aaa|zzz
 73 |         get result:
 74 |         https://github.com/XX.php?pw=1234,;https://github.com/XX.php?pw=1235,
 75 |         nothing here
 76 |     """
 77 |     def __init__(self, args):
 78 |         super(Master, self).__init__()
 79 |         self._args = args
 80 |         self._symnum = 0
 81 | 
 82 |         # common check and parse args first
 83 |         if len(args.int_target)==0:
 84 |             raise SwarmUseException('at least one target need to be provided for intruder')
 85 |         for t in args.int_target:
 86 |             if not t.startswith(('https://','http://')):
 87 |                 raise SwarmUseException('unsupported scheme: '+t)
 88 |         if args.int_method.lower() not in ['get','post','head','delete','options','trace',
 89 |             'put','connect']:
 90 |             raise SwarmUseException('illegal http method')
 91 |         else:
 92 |             self._args.int_method=args.int_method.lower()
 93 |         # check headers format
 94 |         try:
 95 |             if args.int_headers!="":
 96 |                 self._args.int_headers=json.loads(input2json(args.int_headers))
 97 |         except Exception as e:
 98 |             raise SwarmUseException('broken json data used in customized http headers')
 99 |         # check cookies format
100 |         if args.int_cookies!='':
101 |             cookiel=args.int_cookies.split(',')
102 |             for cur in cookiel:
103 |                 if len(cur.split(':'))!=2:
104 |                     raise SwarmUseException('cookies format error')
105 |         # count attack points number in url and payload
106 |         for cur_n in xrange(999):
107 |             if args.int_body.find('@'+str(cur_n)+'@')==-1:
108 |                 find=[True if t.find('@'+str(cur_n)+'@')!=-1 else False for t in args.int_target]
109 |                 if not any(find):
110 |                     break
111 |             self._symnum=cur_n+1
112 |         if self._symnum==0:
113 |             raise SwarmUseException('at least one attack point need to be specified')
114 |         # in case too many attack points
115 |         if args.int_body.find('@999@')!=-1:
116 |             raise SwarmUseException('too many attack points')
117 |         for t in args.int_target:
118 |             if t.find('@999@')!=-1:
119 |                 raise SwarmUseException('too many attack points')
120 | 
121 |         # parse and count attack points in payload
122 |         if args.int_payload=='':
123 |             raise SwarmUseException('you need to specify your payload')
124 |         else:
125 |             self._args.int_payload=args.int_payload.split(',')
126 |             if len(self._args.int_payload)!=self._symnum:
127 |                 raise SwarmUseException('attack points mismatch between ones marked '
128 |                     'and ones specified in payload')
129 |             for index,cursym in enumerate(self._args.int_payload):
130 |                 pair=cursym.split(':')
131 |                 if pair[0]!='@'+str(index)+'@':
132 |                     raise SwarmUseException('the number in indicator symbol should '
133 |                         'increase continuously')
134 | 
135 |                 if len(pair)==2:
136 |                     try:
137 |                         with open(pair[1]) as fp:
138 |                             pass
139 |                     except IOError as e:
140 |                         raise SwarmUseException('can not open dictionary: '+pair[1])
141 |                 elif len(pair)==3:
142 |                     try:
143 |                         pair[1]=parse_charset(pair[1])
144 |                         pair[2]=parse_digital_interval(pair[2])
145 |                     except SwarmParseException as e:
146 |                         raise SwarmUseException('invalid '+str(e)+'in "'+
147 |                             self._args.int_payload[index]+'"')
148 |                 else:
149 |                     raise SwarmUseException('payload format error, it should be like: '
150 |                             '"@0@:PATH,@1@:NUM-NUM:CHARSET"')
151 |                 self._args.int_payload[index]=pair
152 |         self._done=False
153 | 
154 |     def generate_subtasks(self):
155 |         if self._done:
156 |             return []
157 |         subtaskl=[]
158 |         p_taskl=[]
159 |         for cururl in self._args.int_target:
160 |             p_taskl.extend(self._recur_set_payloads(cururl,self._args.int_body,self._symnum-1))
161 | 
162 |         # compose two parts to generate final subtasks list
163 |         if len(self._args.int_payload[0])==2:
164 |             s_taskl=generate_dictbrute_subtask([''],self._args.int_payload[0][1],
165 |                 self._args.task_granularity)
166 |         else:
167 |             len_interval=(str(self._args.int_payload[0][2][0])+'-'+
168 |                 str(self._args.int_payload[0][2][1]))
169 |             s_taskl=generate_compbrute_subtask([''],len_interval,
170 |                 self._args.int_payload[0][1],self._args.task_granularity)
171 |         for curp in p_taskl:
172 |             subtaskl.extend([curp[0]+'|'+curp[1]+curs for curs in s_taskl])
173 | 
174 |         self._done=True
175 |         return subtaskl
176 | 
177 |     def _recur_set_payloads(self,url,body,depth):
178 |         if depth==0:
179 |             return [[url,body],]
180 |         else:
181 |             ret=[]
182 |             replacel=[]
183 |             if len(self._args.int_payload[depth])==2:
184 |                 with open(self._args.int_payload[depth][1]) as fp:
185 |                     replacel.append(fp.readline())
186 |             else:
187 |                 charset=self._args.int_payload[depth][1]
188 |                 replacel=generate_bflist(charset,
189 |                     self._args.int_payload[depth][2][0]*charset[0],
190 |                     self._args.int_payload[depth][2][1]*charset[-1],)
191 | 
192 |             # recursion
193 |             for curre in replacel:
194 |                 ret.extend(self._recur_set_payloads(
195 |                     url.replace('@'+str(depth)+'@',curre),
196 |                     body.replace('@'+str(depth)+'@',curre),
197 |                     depth-1)
198 |                 )
199 |             return ret
200 | 
201 |     def handle_result(self,result):
202 |         if result!='nothing here':
203 |             resultl=result.split(';')
204 |             for cur in resultl:
205 |                 curl=cur.split(',')
206 |                 self._args.coll.insert({'url':curl[0],'body':curl[1]})
207 | 
208 |     def report(self):
209 |         all=self._args.coll.find()
210 |         print '===================================='
211 |         for x in all:
212 |             print 'url: '+x['url']+'\t'+'body: '+x['body']
213 |         print '===================================='
214 | 
215 | 
216 | class Slave(object):
217 |     """
218 |     Real intruder that will sending payloads and check responses.
219 | 
220 |     Task format:
221 |         Task:
222 |         url|body|dict|dict_path|start_line|scan_lines
223 |         url|body|comp|charset|begin_str|end_str
224 |         Result:
225 |         URL,PAYLOAD;URL,PAYLOAD
226 |         nothing here
227 |     Example:
228 |         put task:
229 |         https://github.com/XX.php?pw=@@@||dict|./dict/test.dict|1|1000
230 |         http://XX.com:4040/XX.php||comp|a-z|aaa|zzz
231 |         get result:
232 |         https://github.com/XX.php?pw=1234,;https://github.com/XX.php?pw=1235,
233 |         nothing here
234 |     """
235 |     def __init__(self, args):
236 |         super(Slave, self).__init__()
237 |         self._pool=Pool(args.thread_num)
238 |         self._timeout=args.int_timeout
239 |         self._call_method=getattr(requests,args.int_method)
240 |         self._flags=args.int_flags.split(',,')
241 |         if args.int_headers!="":
242 |             self._headers=json.loads(input2json(args.int_headers))
243 |         else:
244 |             self._headers={}
245 | 
246 |         if args.int_cookies!='':
247 |             cookiesl=args.int_cookies.split(',')
248 |             self._cookies={x.split(':')[0]:x.split(':')[1] for x in cookiesl}
249 |         else:
250 |             self._cookies={}
251 |         
252 |     def do_task(self,task):
253 |         task=task.split('|')
254 |         if task[2]=='dict':
255 |             result=self.dict_brute(task[0],task[1],task[3],task[4],task[5])
256 |         else:
257 |             result=self.complete_brute(task[0],task[1],task[3],task[4],task[5])
258 |         return result
259 | 
260 |     def complete_brute(self,url,body,charset,begin_str,end_str):
261 |         resultl=[]
262 |         bflist=generate_bflist(charset,begin_str,end_str)
263 |         for cur in bflist:
264 |             resultl.append(self._pool.apply_async(self._request,
265 |                 args=(url.replace('@0@',cur),body.replace('@0@',cur))))
266 |         return self._get_result(resultl)
267 | 
268 |     def dict_brute(self,url,body,dict_path,start_line,lines):
269 |         resultl=[]
270 |         lines=int(lines,10)
271 |         start_line=int(start_line,10)
272 |         with open(dict_path) as fp:
273 |             fcontent=fp.readlines()
274 |             for cur_index in range(lines):
275 |                 cur=fcontent[start_line+cur_index-1].strip()
276 |                 resultl.append(self._pool.apply_async(self._request,
277 |                     args=(url.replace('@0@',cur),body.replace('@0@',cur))))
278 |         return self._get_result(resultl)
279 | 
280 |     def _request(self,url,body):
281 |         LOG.debug('request target: '+url)
282 |         r=self._call_method(url,data=body,headers=self._headers,cookies=self._cookies)
283 |         for cur_flag in self._flags:
284 |             if r.text.find(cur_flag)!=-1:
285 |                 return url+','+body+';'
286 |         return ''
287 | 
288 |     def _get_result(self,resultl):
289 |         result=''
290 |         # get result from list
291 |         for cur in resultl:
292 |             try:
293 |                 result+=cur.get(timeout=self._timeout)
294 |             except TimeoutError as e:
295 |                 continue
296 |         # deal with result
297 |         if result=='':
298 |             result='nothing here'
299 |         else:
300 |             result=result[:-1]
301 |         return result
302 |         
303 | 


--------------------------------------------------------------------------------
/modules/nmap/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a7vinx/swarm/1713c1e8464725a543facd0065fea48cbfd894cb/modules/nmap/__init__.py


--------------------------------------------------------------------------------
/modules/nmap/nmap.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | from libnmap.process import NmapProcess
  5 | from libnmap.parser import NmapParser, NmapParserException
  6 | import argparse
  7 | 
  8 | from lib.core.exception import SwarmUseException
  9 | from lib.core.exception import SwarmParseException
 10 | from lib.parse.args import parse_port_list
 11 | from lib.utils.utils import merge_ports
 12 | 
 13 | def add_cli_args(cli_parser):
 14 |     # nmap module options
 15 |     nmap=cli_parser.add_argument_group('Nmap Module',
 16 |             'These options can be used customize nmap action on slave hosts')
 17 |     nmap.add_argument('--nmap-ports',dest='nmap_ports',metavar='PORTS',
 18 |             help="Support format like '80,443,3306,1024-2048'")
 19 |     nmap.add_argument('--nmap-top-ports',dest='nmap_top_ports',metavar='NUM',type=int,
 20 |             help='Scan <number> most common ports')
 21 |     nmap.add_argument('--nmap-ops',dest='nmap_options',nargs=argparse.REMAINDER,
 22 |             help="Nmap options list in nmap’s man pages, this should be the last in cli args")
 23 | 
 24 | def parse_conf(args,conf_parser):
 25 |     # nmap module options
 26 |     args.nmap_ports=conf_parser.get('Nmap Module','nmap_ports')
 27 |     args.nmap_top_ports=conf_parser.getint('Nmap Module','nmap_top_ports')
 28 |     args.nmap_options=conf_parser.get('Nmap Module','nmap_options')
 29 |     if args.nmap_options!='':
 30 |         args.nmap_options=args.nmap_options.split()
 31 | 
 32 | class Master(object):
 33 |     """
 34 |     nmap module task distributor and task result handler.
 35 | 
 36 |     Task Format:
 37 |         Task:
 38 |         target|port list
 39 |         Result:
 40 |         target|XML string wait for parse
 41 |     Example:
 42 |         put task:
 43 |         github.com|-p 1,2,3,4,5,6
 44 |         github.com|--top-ports 100
 45 |         get result:
 46 |         github.com|<?xml version="1.0" encoding="UTF-8"?>\n<!DOCTYPE nmaprun>\n<?xml-stylesheet...
 47 |     """
 48 |     def __init__(self, args):
 49 |         super(Master, self).__init__()
 50 |         self._args = args
 51 |         self._done = False
 52 | 
 53 |     def generate_subtasks(self):
 54 |         if self._done:
 55 |             return []
 56 |         # check wether exists option in nmap option group 'PORT SPECIFICATION' or 
 57 |         # 'TARGET SPECIFICATION'
 58 |         legall=['-sL','-sn','-Pn','-PS','-PA','-PU','-PY','-PE','-PP','-PM','-PO','-n','-R',
 59 |             '--dns-servers','--system-dns','--traceroute','-sS','-sT','-sA','-sW','-sM','-sU',
 60 |             '-sN','-sF','-sX','--scanflags','-sI','-sY','-sZ','-sO','-b','-sV','--version-intensity',
 61 |             '--version-light','--version-all','--version-trace','-sC','--script','--script-args',
 62 |             '--script-args-file','--script-trace','--script-updatedb','--script-help','-O',
 63 |             '--osscan-limit','--osscan-guess','-T','--min-hostgroup','--max-hostgroup','--min-parallelism',
 64 |             '--max-parallelism','--min-rtt-timeout','--max-rtt-timeout','--initial-rtt-timeout',
 65 |             '--max-retries','--host-timeout','--scan-delay','--max-scan-delay','--min-rate','--max-rate',
 66 |             '-f','--mtu','-D','-S','-e','-g','--source-port','--proxies','--data','--data-string',
 67 |             '--data-length','--ip-options','--ttl','--spoof-mac','--badsum','-6','-A','--datadir',
 68 |             '--send-eth','--send-ip','--privileged','--unprivileged']
 69 |         for cur in self._args.nmap_options:
 70 |              resultl=[cur.startswith(x) for x in legall]
 71 |              if not (True in resultl):
 72 |                 raise SwarmUseException("not supported nmap option")
 73 | 
 74 |         subtaskl=[]
 75 |         # generate subtask
 76 |         if self._args.nmap_top_ports!=0:
 77 |             nmap_top_ports='--top-ports '+str(self._args.nmap_top_ports)
 78 |             for curhost in self._args.target_list:
 79 |                 subtaskl.append(curhost+'|'+nmap_top_ports)
 80 | 
 81 |         elif self._args.nmap_ports!='':
 82 |             # maybe it need to be decomposited
 83 |             try:
 84 |                 portl=parse_port_list(self._args.nmap_ports)
 85 |                 for curhost in self._args.target_list:
 86 |                     index=0
 87 |                     while index<len(portl):
 88 |                         subtaskl.append(curhost+'|'+'-p '+
 89 |                             ','.join(merge_ports(portl[index:index+self._args.task_granularity*500])))
 90 |                         index+=self._args.task_granularity*500
 91 |             except SwarmParseException as e:
 92 |                 raise SwarmUseException('illeagal port format in nmap_ports')
 93 |         else:
 94 |             raise SwarmUseException('at least one port need to be provided')
 95 |         # mark
 96 |         self._done = True
 97 |         return subtaskl
 98 | 
 99 |     def handle_result(self,result):
100 |         # store it in mongodb
101 |         resultl=result.split('|')
102 |         if resultl[1]!='f':
103 |             self._args.coll.insert({'host':resultl[0],'result':resultl[2]})
104 | 
105 |     def report(self):
106 |         down_host=0
107 |         for curhost in self._args.target_list:
108 |             host_infol=self._args.coll.find({'host':curhost})
109 |             # first print host info
110 |             nmap_report=NmapParser.parse(str(host_infol[0]['result']))
111 |             if nmap_report.hosts[0].status=='up':
112 |                 print '====================== '+curhost+' ======================'
113 |                 print 'Host is %s'%nmap_report.hosts[0].status
114 |                 # print ports info
115 |                 print("  PORT     STATE         SERVICE")
116 |                 for cur_info in host_infol:
117 |                     nmap_report=NmapParser.parse(str(cur_info['result']))
118 |                     for serv in nmap_report.hosts[0].services:
119 |                         pserv = "{0:>5s}/{1:3s}  {2:12s}  {3}".format(
120 |                         str(serv.port),
121 |                         serv.protocol,
122 |                         serv.state,
123 |                         serv.service)
124 |                         if len(serv.banner):
125 |                             pserv += " ({0})".format(serv.banner)
126 |                         print pserv
127 |             else:
128 |                 down_host+=1
129 |         print '=========================================================='
130 |         print 'Not shown: '+str(down_host)+' down host'
131 |         print '=========================================================='
132 | 
133 | class Slave(object):
134 |     """
135 |     Task Format:
136 |         Task:
137 |         target|port list
138 |         Result:
139 |         target|XML string wait for parse
140 |     Example:
141 |         put task:
142 |         github.com|-p 1,2,3,4,5,6
143 |         github.com|--top-ports 100
144 |         get result:
145 |         github.com|<?xml version="1.0" encoding="UTF-8"?>\n<!DOCTYPE nmaprun>\n<?xml-stylesheet...
146 |     """
147 |     def __init__(self, args):
148 |         super(Slave, self).__init__()
149 |         self._args = args
150 | 
151 |     def do_task(self,task):
152 |         """
153 |         TODO: multiple ip address for same domain name
154 |         """
155 |         try:
156 |             taskl=task.split('|')
157 |             nmap_task=NmapProcess(taskl[0],taskl[1]+' '+' '.join(self._args.nmap_options))
158 |             rc=nmap_task.run()
159 |             if rc!=0:
160 |                 return '|'.join([taskl[0],'f',str(rc)+' '+nmap_task.stderr])
161 |             return '|'.join([taskl[0],'s',nmap_task.stdout])
162 |         # if there is no nmap on current host, quit quietly
163 |         except EnvironmentError, e:
164 |             raise SwarmUseException(str(e))
165 | 
166 |         
167 | 
168 | 
169 | 


--------------------------------------------------------------------------------
/modules/sitemap/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a7vinx/swarm/1713c1e8464725a543facd0065fea48cbfd894cb/modules/sitemap/__init__.py


--------------------------------------------------------------------------------
/modules/sitemap/sitemap.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | import requests
  5 | import urlparse
  6 | import bs4
  7 | import json
  8 | import time
  9 | from multiprocessing.dummy import Pool
 10 | from multiprocessing import TimeoutError
 11 | from lib.core.logger import LOG
 12 | from lib.parse.args import parse_port_list
 13 | from lib.core.exception import SwarmUseException
 14 | from lib.utils.utils import merge_querys
 15 | from lib.utils.sitemap import draw_sitemap
 16 | 
 17 | def add_cli_args(cli_parser):
 18 |     sitemap=cli_parser.add_argument_group('Sitemap Crawler',
 19 |         'These options can be used to customize sitemap crawler, not support js parse yet')
 20 |     sitemap.add_argument('--map-seed',dest='map_seed',metavar='SEED',
 21 |             help='Separated by comma if you have multiple seeds')
 22 |     sitemap.add_argument('--map-http-port',dest='map_http_port',metavar='PORT',
 23 |             help="Separated by comma if you need multiple ports")
 24 |     sitemap.add_argument('--map-https-port',dest='map_https_port',metavar='PORT',
 25 |             help="Separated by comma if you need multiple ports")
 26 |     sitemap.add_argument('--map-cookies',dest='map_cookies',metavar='COOKIES',
 27 |             help='Separated by comma if you have multiple cookies')
 28 |     sitemap.add_argument('--map-interval',dest='map_interval',metavar='TIME',type=float,
 29 |             help='Interval time between two request')
 30 |     sitemap.add_argument('--map-timeout',dest='map_timeout',metavar='TIME',type=float,
 31 |             help='Timeout option for sitemap crawler')
 32 | 
 33 | def parse_conf(args,conf_parser):
 34 |     args.map_seed=conf_parser.get('Sitemap Crawler','map_seed')
 35 |     args.map_http_port=conf_parser.get('Sitemap Crawler','map_http_port')
 36 |     args.map_https_port=conf_parser.get('Sitemap Crawler','map_https_port')
 37 |     args.map_cookies=conf_parser.get('Sitemap Crawler','map_cookies')
 38 |     args.map_interval=conf_parser.getfloat('Sitemap Crawler','map_interval')
 39 |     args.map_timeout=conf_parser.getfloat('Sitemap Crawler','map_timeout')
 40 | 
 41 | class Master(object):
 42 |     """
 43 |     Sitemap crawler task distributor and task result handler.
 44 | 
 45 |     Task Format:
 46 |         Task:
 47 |         URL,METHOD,CONTENT-TYPE,PARAMS|URL,METHOD,CONTENT-TYPE,PARAMS
 48 |         Result:
 49 |         URL,METHOD,CONTENT-TYPE,PARAMS;URL,METHOD,CONTENT-TYPE,PARAMS
 50 |     Example:
 51 |         Put task:
 52 |         http://XX.com/XXX.php,post,multipart/form-data,param1=XX&param2=XX
 53 |         Get result:
 54 |         end
 55 |         http://XX.com/XXX.php?param1=XX&param2=XX,post,multipart/form-data,param3=XX
 56 | 
 57 |     """
 58 |     def __init__(self, args):
 59 |         super(Master, self).__init__()
 60 |         self._args = args    
 61 | 
 62 |         # parse crawler seeds
 63 |         if self._args.map_seed=='':
 64 |             seedl=['/',]
 65 |         else:
 66 |             seedl=['/'+x for x in self._args.map_seed.split(',')]
 67 | 
 68 |         # check cookies format
 69 |         if self._args.map_cookies!='':
 70 |             cookiel=self._args.map_cookies.split(',')
 71 |             for cur in cookiel:
 72 |                 if len(cur.split(':'))!=2:
 73 |                     raise SwarmUseException('cookies format error')
 74 |         
 75 |         # parse port list
 76 |         http_portl=[]
 77 |         https_portl=[]
 78 |         # just used for check validity here
 79 |         try:
 80 |             if self._args.map_http_port!='':
 81 |                 http_portl=parse_port_list(self._args.map_http_port)
 82 |             if self._args.map_https_port!='':
 83 |                 https_portl=parse_port_list(self._args.map_https_port)
 84 |         except SwarmParseException as e:
 85 |             raise SwarmUseException('invalid http or https port argument in sitemap crawler')
 86 | 
 87 |         # generate initial domain for final result report
 88 |         # it should prepare a list contains valid domain seed like:
 89 |         # ['http://github.com:81','http://XX.com:80','https://github.com:9090']
 90 |         self._doml=[]
 91 |         for curhost in self._args.target_list:
 92 |             for curport in http_portl:
 93 |                 self._doml.append('http://'+curhost+':'+str(curport))
 94 |             for curport in https_portl:
 95 |                 self._doml.append('https://'+curhost+':'+str(curport))
 96 |         
 97 |         # generate inital url list wait to be crawled
 98 |         self._waitl=[]
 99 |         for curdom in self._doml:
100 |             for curseed in seedl:
101 |                 self._waitl.append(curdom+curseed+',get,,')
102 | 
103 | 
104 |     def generate_subtasks(self):
105 |         if len(self._waitl)==0:
106 |             return []
107 | 
108 |         # generate subtask list
109 |         subtaskl=[]
110 |         for cur in range(0,len(self._waitl),self._args.task_granularity*4):
111 |             subtaskl.append('|'.join(self._waitl[cur:cur+self._args.task_granularity*4]))
112 |         self._waitl=[]
113 |         return subtaskl
114 | 
115 |     def handle_result(self,result):
116 |         if result!='end':
117 |             resultl=result.split(';')
118 |             for ret in resultl:
119 |                 # first check duplicate
120 |                 retl=ret.split(',')
121 |                 returl=retl[0].split('?')[0]
122 |                 retquery=retl[0].split('?')[1] if len(retl[0].split('?'))==2 else ''
123 |                 dup=self._args.coll.find_one({'url':returl})
124 |                 # if it duplicate, update query params and do not add it into queue
125 |                 if dup!=None:
126 |                     merged=merge_querys(retquery,dup['query'])
127 |                     self._args.coll.update({'url':returl},{'$set':{'query':merged}})
128 |                     continue
129 |                 # else insert into database and append to waiting list
130 |                 key='/'.join(retl[0].split('/')[:3])
131 |                 self._args.coll.insert({'domain':key,'url':returl,'query':retquery,
132 |                     'method':retl[1],'content_type':retl[2],'params':','.join(retl[3:])})
133 |                 # if it ends with '.jpg','.png' etc.
134 |                 if returl.split('.')[-1] not in ['gif','jpg','jpeg','png','bmp','doc','js']:
135 |                     self._waitl.append(ret)
136 | 
137 |     def report(self):
138 |         for curdom in self._doml:
139 |             contentl=self._args.coll.find({'domain':curdom})
140 |             print '================== '+curdom+' ======================'
141 |             draw_sitemap(contentl)
142 |         print '==================================================='
143 | 
144 | 
145 | class Slave(object):
146 |     """
147 |     Sitemap crawler.
148 | 
149 |     Task Format:
150 |         Task:
151 |         URL,METHOD,CONTENT-TYPE,PARAMS|URL,METHOD,CONTENT-TYPE,PARAMS
152 |         Result:
153 |         URL,METHOD,CONTENT-TYPE,PARAMS;URL,METHOD,CONTENT-TYPE,PARAMS
154 |     Example:
155 |         Put task:
156 |         http://XX.com/XXX.php,post,multipart/form-data,param1=XX&param2=XX
157 |         Get result:
158 |         end
159 |         http://XX.com/XXX.php?param1=XX&param2=XX,post,multipart/form-data,param3=XX
160 | 
161 |     """
162 |     def __init__(self, args):
163 |         super(Slave, self).__init__()
164 |         self._pool=Pool(args.thread_num)
165 |         self._timeout=args.map_timeout
166 |         self._t_interval=args.map_interval
167 |         # parse cookies
168 |         if args.map_cookies!='':
169 |             cookiesl=args.map_cookies.split(',')
170 |             self._cookies={x.split(':')[0]:x.split(':')[1] for x in cookiesl}
171 |         else:
172 |             self._cookies={}
173 | 
174 |     def do_task(self,task):
175 |         taskl=task.split('|')
176 |         resultl=[]
177 |         for subtask in taskl:
178 |             argsl=subtask.split(',')
179 |             resultl.append(self._pool.apply_async(self.crawl_url,args=(argsl[0],argsl[1],argsl[2],argsl[3])))
180 |             time.sleep(self._t_interval)
181 |         retl=self._get_resultl(resultl)
182 |         return self._proc_result(retl)
183 | 
184 |     def crawl_url(self,target,method,content_type,params):
185 |         """
186 |         Get and parse target url, return string consist of urls which are in the same site 
187 |         with target url.
188 | 
189 |         Args:
190 |             target(string): URL (include query params of GET method)
191 |             method(string): http method name
192 |             content_type(string): it should be one of these:
193 |                         empty string
194 |                         'multipart/form-data'
195 |                         'text/xml'
196 |                         'application/json'
197 |             params(string): params
198 | 
199 |         Returns:
200 |             A list consist of sublist, which has format of [URL,METHOD,CONTENT-TYPE,PARAMS], 
201 |             For example:
202 |     
203 |             [['http://XX.com/XXX.php?param1=XX','post','multipart/form-data',
204 |             '{param2:XX,param3:XX}'],[,get,,]]
205 |         """
206 |         try:
207 |             result=[]        
208 | 
209 |             # first check url, if it redirect to another domain or this url is not valid, return.
210 |             r=requests.head(target,cookies=self._cookies)
211 |             if not self._check_exist_code(r.status_code):
212 |                 if 'Location' in r.headers.keys():
213 |                     srcdom='/'.join(target.split('/')[:3])
214 |                     dstdom='/'.join(r.headers['Location'].split('/')[:3])
215 |                     if srcdom==dstdom:
216 |                         # parse this redirected url
217 |                         parsed=urlparse.urlparse(r.headers['Location'])
218 |                         return self.crawl_url(parsed.scheme+'//'+parsed.netloc+parsed.path,
219 |                             'get','',parsed.query)
220 |                     else:
221 |                         return ''
222 | 
223 |             # get content of response from target url 
224 |             http_method=getattr(requests,method)
225 |             if content_type=='multipart/form-data':
226 |                 r=http_method(target,files=json.loads(params),cookies=self._cookies)
227 |             else:
228 |                 r=http_method(target,data=params,cookies=self._cookies)
229 |             
230 |             # get all useful tags
231 |             soup=bs4.BeautifulSoup(r.text,'html.parser')
232 |             hrefs=soup.find_all(href=True)
233 |             actions=soup.find_all(action=True)
234 |             srcs=soup.find_all(src=True)
235 |             for curtag in hrefs:
236 |                 if curtag['href'].startswith('javascript:'):
237 |                     continue
238 |                 parsed_url=self._parse_url(curtag['href'],target)
239 |                 result.append([parsed_url,'get','',''])
240 |             for curtag in srcs:
241 |                 parsed_url=self._parse_url(curtag['src'],target)
242 |                 result.append([parsed_url,'get','',''])
243 |             for curtag in actions:
244 |                 parsed_url=self._parse_url(curtag['action'],target)
245 |                 if parsed_url!='':
246 |                     # deal with form method, content type and params
247 |                     params=''
248 |                     curtag['enctype']=curtag['enctype'] if curtag.attrs.has_key('enctype') else ''
249 |                     # attention here, pass attrs argument to find_all instead of 'name=True'
250 |                     names=curtag.find_all(attrs={'name':True})
251 |                     if curtag['enctype']=='application/json' or curtag['enctype']=='multipart/form-data':
252 |                         p_dict={}
253 |                         for name in names:
254 |                             p_dict[name['name']]='param'
255 |                         params=json.dumps(p_dict)
256 |                     else:
257 |                         for name in names:
258 |                             params=params+name['name']+'=param&'
259 |                         params=params[:-1]
260 |                     curtag['method']=curtag['method'].lower() if curtag.attrs.has_key('method') else 'get'
261 |                     result.append([parsed_url,curtag['method'],
262 |                         curtag['enctype'],params])
263 |             
264 |             return result
265 |         except Exception as e:
266 |             return result
267 | 
268 |     def _parse_url(self,dst,src):
269 |         """
270 |         Check wether target url 'dst' is in the same domain(include port) with url 'src', and 
271 |         convert url into complete url without params.
272 | 
273 |         Returns:
274 |             String of complete url with query params if it has. if target url is not in the 
275 |             same domain, return '';
276 |         """
277 |         LOG.debug('detecting url: '+dst)
278 |         s_parsed=urlparse.urlparse(src)
279 |         s_scheme=s_parsed.scheme
280 |         s_netloc=s_parsed.netloc
281 |         s_cur_dir=s_parsed.path
282 |         if s_cur_dir[-1]!='/':
283 |             s_cur_dir='/'.join(s_cur_dir.split('/')[:-1])
284 |         else:
285 |             s_cur_dir=s_cur_dir[:-1]
286 | 
287 |         d_parsed=urlparse.urlparse(dst)
288 |         d_scheme=d_parsed.scheme
289 |         if d_parsed.netloc.find(':')==-1 and d_parsed.netloc!='':
290 |             if d_scheme=='http':
291 |                 d_netloc=d_parsed.netloc+':80'
292 |             elif d_scheme=='https':
293 |                 d_netloc=d_parsed.netloc+':443'
294 |             elif d_scheme=='':
295 |                 d_netloc=d_parsed.netloc+':80' if s_scheme=='http' else d_parsed.netloc+':443'
296 |             else:
297 |                 d_netloc=d_parsed.netloc
298 |         else:
299 |             d_netloc=d_parsed.netloc
300 |         # add '/' as prefix if the path does not starts with '/'
301 |         if d_parsed.path!='':
302 |             d_path='/'+d_parsed.path if d_parsed.path[0]!='/' else d_parsed.path
303 |         else:
304 |             d_path='/'
305 |         d_query=d_parsed.query
306 |         
307 |         # if it is a relative url
308 |         if d_netloc=='':
309 |             return urlparse.ParseResult(s_scheme,s_netloc,s_cur_dir+d_path,'',d_query,'').geturl()
310 |         elif d_netloc==s_netloc and (d_scheme==s_scheme or d_scheme==''):
311 |             return urlparse.ParseResult(s_scheme,s_netloc,d_path,'',d_query,'').geturl()
312 |         else:
313 |             return ''
314 |         
315 |     def _get_resultl(self,resultl):
316 |         retl=[]
317 |         # get result from eflist
318 |         for cur in resultl:
319 |             try:
320 |                 retl.extend(cur.get(timeout=self._timeout))
321 |             except TimeoutError as e:
322 |                 continue
323 |         return retl
324 | 
325 |     def _proc_result(self,resultl):
326 |         """
327 |         Deduplicate result list and return result string.
328 |         """
329 |         rets=''
330 |         r_url=''
331 |         r_querys=''
332 |         resultl.sort()
333 | 
334 |         for cur in resultl:
335 |             if len(cur)!=4 or cur[0]=='':
336 |                 continue
337 | 
338 |             cururl=cur[0].split('?')[0]
339 |             curquerys=cur[0].split('?')[1] if len(cur[0].split('?'))==2 else ''
340 |             if cururl==r_url:
341 |                 r_querys=merge_querys(curquerys,r_querys)
342 |             else:
343 |                 if r_url!='':
344 |                     r_qurl=r_url+'?'+r_querys if r_querys!='' else r_url
345 |                     rets+=','.join([r_qurl,cur[1],cur[2],cur[3]])
346 |                     rets+=';'
347 |                 r_url=cururl
348 |                 r_querys=curquerys
349 | 
350 |         rets='end' if rets=='' else rets[:-1]
351 |         return rets
352 | 
353 |     def _check_exist_code(self,code):
354 |         if code<300 or code==401 or code==403:
355 |             return True
356 |         return False
357 | 
358 | 


--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
 1 | from setuptools import find_packages
 2 | from setuptools import setup
 3 | 
 4 | with open('README.md') as f:
 5 |     setup(
 6 |             name = 'swarm',
 7 |             version = '0.5.0',
 8 | 
 9 |             author = 'arvin.x',
10 |             author_email = 'arvin.x@icloud.com',
11 |             description = 'A modular distributed penetration testing tool',
12 |             license = 'GPLv3',
13 |             long_description = f.read(),
14 |             
15 |             packages = find_packages(),
16 |             scripts = ['swarm.py','swarm_s.py'],
17 |             entry_points = {
18 |                 'console_scripts': [
19 |                     'swarm = swarm:main',
20 |                     'swarm-s = swarm_s:main',
21 |                     ]
22 |                 },
23 |             
24 |             install_requires = [
25 |                 'pymongo>=3.3.0',
26 |                 'beautifulsoup4>=4.5.0',
27 |                 'python-libnmap>=0.7.0',
28 |                 'requests>=2.7.0',
29 |                 'IPy>=0.83',
30 |                 'argparse>=1.2.1',
31 |             ],
32 |             data_files=[
33 |                 ('/etc/swarm',['swarm.conf']),
34 |                 ('/etc/swarm',['etc/dirsc.conf','etc/domainsc.conf','etc/nmap.conf',
35 |                     'etc/sitemap.conf','etc/intruder.conf']),
36 |             ],
37 |             classifiers = [
38 |                 'Programming Language :: Python :: 2.7',
39 |                 'Programming Language :: Python :: 2.6',
40 |             ],
41 |         )
42 | 


--------------------------------------------------------------------------------
/swarm.conf:
--------------------------------------------------------------------------------
 1 | # Configuration file for swarm
 2 | [Target]
 3 | # Target URL, IP address or network segment, 
 4 | # separated by blank (eg: baidu.com 127.0.0.0/24 192.168.1.5)
 5 | # target=
 6 | target=
 7 | 
 8 | # File that contains target list, one target per line.
 9 | # Either relative path or absolute path can be used.
10 | target_file=
11 | 
12 | 
13 | [Swarm]
14 | # Slave hosts which runs swarm-s to complete target task. 
15 | # They should listen on target port to be waken up by giving a shell when request comes.
16 | # if so, set this option with both address and port, separated by blank.
17 | # (eg: 192.168.1.2:13110 192.168.1.3:13111)
18 | # If you don't need to waken slave hosts to run swarm-s, 
19 | # set it without port just like the target and set waken_cmd option to null at the same time.
20 | swarm=192.168.7.254:9191
21 | 
22 | # File that contains slave list, one host per line.
23 | # Either relative path or absolute path can be used.
24 | swarm_file=
25 | 
26 | # Command to waken up slave hosts, make sure "ARGS" will be argument pass to swarm-s.
27 | # null if swarm-s on slave host need not to be waken up
28 | waken_cmd=swarm-s ARGS
29 | 
30 | # Master address which should be reachable by all slave hosts.
31 | m_addr=192.168.7.26
32 | 
33 | # Listen port on master host to distribute task.
34 | m_port=13110
35 | 
36 | # Listen port on slave host to receive command from master.
37 | s_port=9090
38 | 
39 | # Auth key between master and slave hosts.
40 | authkey=auth
41 | 
42 | # Synchronize data like dictionary and vulnerability database etc. 
43 | # This option has to be provided if data in local has been updated, 
44 | # or slave host may fail to complete tasks.
45 | # TODO
46 | sync_data=False
47 | 
48 | # Seconds to wait before connection to swarm getting response.
49 | timeout=30
50 | 
51 | 
52 | [Output]
53 | # Record log into target file. 
54 | logfile=/var/log/swarm.log
55 | 
56 | # Output more verbose.
57 | verbose=False
58 | 
59 | # Disable colorful log output.
60 | disable_col=False
61 | 
62 | # Output format
63 | # result_format=1
64 | 
65 | [Database]
66 | # Address of MongoDB server
67 | db_addr=localhost
68 | 
69 | # Listening port of MongoDB server
70 | db_port=27017
71 | 
72 | 
73 | [Common]
74 | # Number of process running on slave host.
75 | # Use 0 to use number of cpu cores as process num.
76 | # Task will be decomposed into subtasks and One process will do one subtask at one time.
77 | process_num=0
78 | 
79 | # Number of threads running on slave host.
80 | # Multiple threads are used when swarm try to run subtask.
81 | thread_num=30
82 | 
83 | # Granularity of subtasks from 1 to 3. When this number increase one, granularity of subtask 
84 | # will increase by ten times.
85 | task_granularity=2
86 | 
87 | 
88 | 


--------------------------------------------------------------------------------
/swarm.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | import argparse
 5 | 
 6 | from lib.parse.configfile import configfile_parse
 7 | from lib.parse.cli import cli_parse
 8 | from lib.core.module import get_modules
 9 | from lib.core.logger import LOG
10 | from lib.core.logger import init_logger
11 | from lib.core.mswarm import MSwarm
12 | from lib.core.exception import SwarmBaseException
13 | from lib.utils.banner import begin_banner
14 | from lib.utils.banner import end_banner
15 | 
16 | def main():
17 |     args=argparse.Namespace()
18 |     try:
19 |         # get all available modules
20 |         args.modules=get_modules()
21 |         # parse args from cli and configuration file
22 |         # arguments parsed from cli will cover origin arguments in configuration file
23 |         configfile_parse(args)
24 |         cli_parse(args)
25 |         begin_banner()
26 |         
27 |         init_logger(args.logfile,args.verbose,args.disable_col)
28 |     except SwarmBaseException as e:
29 |         print str(e)
30 |         end_banner()
31 |         return
32 | 
33 |     # now use logger instead of simple print
34 |     try:
35 |         m=MSwarm(args)
36 |         # wake slaves up now
37 |         m.waken_swarm()
38 |         m.parse_distribute_task()
39 |     except SwarmBaseException as e:
40 |         LOG.critical(str(e))
41 |     finally:
42 |         end_banner()
43 | 
44 |     
45 | if __name__ == '__main__':
46 |     main()


--------------------------------------------------------------------------------
/swarm_s.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | 
 5 | import argparse
 6 | from socket import timeout
 7 | from lib.core.sswarm import SSwarm
 8 | from lib.core.logger import init_logger
 9 | from lib.core.logger import LOG
10 | from lib.core.exception import SwarmBaseException
11 | 
12 | def main():
13 |     try:
14 |         parser=argparse.ArgumentParser()
15 |         parser.add_argument('-p',dest='s_port',metavar='LISTEN PORT',type=int,required=True,
16 |             help="Listen port to receive info from master")
17 |         args=parser.parse_args()
18 |         init_logger('/var/log/swarm_s.log',True,False)
19 | 
20 |         sswarm=SSwarm(args.s_port)
21 |         # Parse arguments from mswarm
22 |         sswarm.get_parse_args()
23 |         # Ready to get and exec command from master host
24 |         sswarm.get_do_task()
25 | 
26 |     except SwarmBaseException as e:
27 |         LOG.debug(str(e))
28 |         return 
29 |     
30 | if __name__=='__main__':
31 |     main()


--------------------------------------------------------------------------------
/thirdparty/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a7vinx/swarm/1713c1e8464725a543facd0065fea48cbfd894cb/thirdparty/__init__.py


--------------------------------------------------------------------------------
/thirdparty/ansistrm/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/a7vinx/swarm/1713c1e8464725a543facd0065fea48cbfd894cb/thirdparty/ansistrm/__init__.py


--------------------------------------------------------------------------------
/thirdparty/ansistrm/ansistrm.py:
--------------------------------------------------------------------------------
  1 | #
  2 | # Copyright (C) 2010-2012 Vinay Sajip. All rights reserved. Licensed under the new BSD license.
  3 | #
  4 | import ctypes
  5 | import logging
  6 | import os
  7 | 
  8 | class ColorizingStreamHandler(logging.StreamHandler):
  9 |     # color names to indices
 10 |     color_map = {
 11 |         'black': 0,
 12 |         'red': 1,
 13 |         'green': 2,
 14 |         'yellow': 3,
 15 |         'blue': 4,
 16 |         'magenta': 5,
 17 |         'cyan': 6,
 18 |         'white': 7,
 19 |     }
 20 | 
 21 |     #levels to (background, foreground, bold/intense)
 22 |     if os.name == 'nt':
 23 |         level_map = {
 24 |             logging.DEBUG: (None, 'blue', True),
 25 |             logging.INFO: (None, 'white', False),
 26 |             logging.WARNING: (None, 'yellow', True),
 27 |             logging.ERROR: (None, 'red', True),
 28 |             logging.CRITICAL: ('red', 'white', True),
 29 |         }
 30 |     else:
 31 |         level_map = {
 32 |             logging.DEBUG: (None, 'blue', False),
 33 |             logging.INFO: (None, 'black', False),
 34 |             logging.WARNING: (None, 'yellow', False),
 35 |             logging.ERROR: (None, 'red', False),
 36 |             logging.CRITICAL: ('red', 'white', True),
 37 |         }
 38 |     csi = '\x1b['
 39 |     reset = '\x1b[0m'
 40 | 
 41 |     @property
 42 |     def is_tty(self):
 43 |         isatty = getattr(self.stream, 'isatty', None)
 44 |         return isatty and isatty()
 45 | 
 46 |     def emit(self, record):
 47 |         try:
 48 |             message = self.format(record)
 49 |             stream = self.stream
 50 |             if not self.is_tty:
 51 |                 stream.write(message)
 52 |             else:
 53 |                 self.output_colorized(message)
 54 |             stream.write(getattr(self, 'terminator', '\n'))
 55 |             self.flush()
 56 |         except (KeyboardInterrupt, SystemExit):
 57 |             raise
 58 |         except:
 59 |             self.handleError(record)
 60 | 
 61 |     if os.name != 'nt':
 62 |         def output_colorized(self, message):
 63 |             self.stream.write(message)
 64 |     else:
 65 |         import re
 66 |         ansi_esc = re.compile(r'\x1b\[((?:\d+)(?:;(?:\d+))*)m')
 67 | 
 68 |         nt_color_map = {
 69 |             0: 0x00,    # black
 70 |             1: 0x04,    # red
 71 |             2: 0x02,    # green
 72 |             3: 0x06,    # yellow
 73 |             4: 0x01,    # blue
 74 |             5: 0x05,    # magenta
 75 |             6: 0x03,    # cyan
 76 |             7: 0x07,    # white
 77 |         }
 78 | 
 79 |         def output_colorized(self, message):
 80 |             parts = self.ansi_esc.split(message)
 81 |             write = self.stream.write
 82 |             h = None
 83 |             fd = getattr(self.stream, 'fileno', None)
 84 |             if fd is not None:
 85 |                 fd = fd()
 86 |                 if fd in (1, 2): # stdout or stderr
 87 |                     h = ctypes.windll.kernel32.GetStdHandle(-10 - fd)
 88 |             while parts:
 89 |                 text = parts.pop(0)
 90 |                 if text:
 91 |                     write(text)
 92 |                 if parts:
 93 |                     params = parts.pop(0)
 94 |                     if h is not None:
 95 |                         params = [int(p) for p in params.split(';')]
 96 |                         color = 0
 97 |                         for p in params:
 98 |                             if 40 <= p <= 47:
 99 |                                 color |= self.nt_color_map[p - 40] << 4
100 |                             elif 30 <= p <= 37:
101 |                                 color |= self.nt_color_map[p - 30]
102 |                             elif p == 1:
103 |                                 color |= 0x08 # foreground intensity on
104 |                             elif p == 0: # reset to default color
105 |                                 color = 0x07
106 |                             else:
107 |                                 pass # error condition ignored
108 |                         ctypes.windll.kernel32.SetConsoleTextAttribute(h, color)
109 | 
110 |     def colorize(self, message, record):
111 |         if record.levelno in self.level_map:
112 |             bg, fg, bold = self.level_map[record.levelno]
113 |             params = []
114 |             if bg in self.color_map:
115 |                 params.append(str(self.color_map[bg] + 40))
116 |             if fg in self.color_map:
117 |                 params.append(str(self.color_map[fg] + 30))
118 |             if bold:
119 |                 params.append('1')
120 |             if params:
121 |                 message = ''.join((self.csi, ';'.join(params),
122 |                                    'm', message, self.reset))
123 |         return message
124 | 
125 |     def format(self, record):
126 |         message = logging.StreamHandler.format(self, record)
127 |         if self.is_tty:
128 |             # Don't colorize any traceback
129 |             parts = message.split('\n', 1)
130 |             parts[0] = self.colorize(parts[0], record)
131 |             message = '\n'.join(parts)
132 |         return message
133 | 
134 | def main():
135 |     root = logging.getLogger()
136 |     root.setLevel(logging.DEBUG)
137 |     root.addHandler(ColorizingStreamHandler())
138 |     logging.debug('DEBUG')
139 |     logging.info('INFO')
140 |     logging.warning('WARNING')
141 |     logging.error('ERROR')
142 |     logging.critical('CRITICAL')
143 | 
144 | if __name__ == '__main__':
145 |     main()


--------------------------------------------------------------------------------