├── .gitignore
├── .travis.yml
├── Dockerfile
├── LICENSE
├── README.md
├── raccoon_src
    ├── __init__.py
    ├── lib
    │   ├── __init__.py
    │   ├── dns_handler.py
    │   ├── fuzzer.py
    │   ├── host.py
    │   ├── owasp.py
    │   ├── scanner.py
    │   ├── storage_explorer.py
    │   ├── sub_domain.py
    │   ├── tls.py
    │   ├── waf.py
    │   └── web_app.py
    ├── main.py
    ├── utils
    │   ├── __init__.py
    │   ├── coloring.py
    │   ├── exceptions.py
    │   ├── help_utils.py
    │   ├── logger.py
    │   ├── misc
    │   │   └── vulners.nse
    │   ├── request_handler.py
    │   ├── singleton.py
    │   └── web_server_validator.py
    └── wordlists
    │   ├── fuzzlist
    │   ├── storage_sensitive
    │   └── subdomains
├── requirements.txt
├── setup.cfg
├── setup.py
└── tests
    ├── __init__.py
    ├── test_fuzzer.py
    ├── test_host.py
    ├── test_subdomain.py
    ├── test_waf.py
    └── test_web_app.py


/.gitignore:
--------------------------------------------------------------------------------
  1 | # Created by .ignore support plugin (hsz.mobi)
  2 | ### Python template
  3 | # Byte-compiled / optimized / DLL files
  4 | __pycache__/
  5 | *.py[cod]
  6 | *$py.class
  7 | 
  8 | # C extensions
  9 | *.so
 10 | 
 11 | # Distribution / packaging
 12 | .Python
 13 | build/
 14 | develop-eggs/
 15 | dist/
 16 | downloads/
 17 | eggs/
 18 | .eggs/
 19 | parts/
 20 | sdist/
 21 | var/
 22 | wheels/
 23 | *.egg-info/
 24 | .installed.cfg
 25 | *.egg
 26 | MANIFEST
 27 | 
 28 | # PyInstaller
 29 | #  Usually these files are written by a python script from a template
 30 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 31 | *.manifest
 32 | *.spec
 33 | 
 34 | # Installer logs
 35 | pip-log.txt
 36 | pip-delete-this-directory.txt
 37 | 
 38 | # Unit test / coverage reports
 39 | htmlcov/
 40 | .tox/
 41 | .coverage
 42 | .coverage.*
 43 | .cache
 44 | nosetests.xml
 45 | coverage.xml
 46 | *.cover
 47 | .hypothesis/
 48 | .pytest_cache/
 49 | 
 50 | # Translations
 51 | *.mo
 52 | *.pot
 53 | 
 54 | # Django stuff:
 55 | *.log
 56 | local_settings.py
 57 | db.sqlite3
 58 | 
 59 | # Flask stuff:
 60 | instance/
 61 | .webassets-cache
 62 | 
 63 | # Scrapy stuff:
 64 | .scrapy
 65 | 
 66 | # Sphinx documentation
 67 | docs/_build/
 68 | 
 69 | # PyBuilder
 70 | target/
 71 | 
 72 | # Jupyter Notebook
 73 | .ipynb_checkpoints
 74 | 
 75 | # pyenv
 76 | .python-version
 77 | 
 78 | # celery beat schedule file
 79 | celerybeat-schedule
 80 | 
 81 | # SageMath parsed files
 82 | *.sage.py
 83 | 
 84 | # Environments
 85 | .env
 86 | .venv
 87 | env/
 88 | venv/
 89 | ENV/
 90 | env.bak/
 91 | venv.bak/
 92 | 
 93 | # Spyder project settings
 94 | .spyderproject
 95 | .spyproject
 96 | 
 97 | # Rope project settings
 98 | .ropeproject
 99 | 
100 | # mkdocs documentation
101 | /site
102 | 
103 | # mypy
104 | .mypy_cache/
105 | ### VirtualEnv template
106 | # Virtualenv
107 | # http://iamzed.com/2009/05/07/a-primer-on-virtualenv/
108 | [Bb]in
109 | [Ii]nclude
110 | [Ll]ib64
111 | [Ll]ocal
112 | [Ss]cripts
113 | pyvenv.cfg
114 | .venv
115 | pip-selfcheck.json
116 | .idea
117 | !/raccoon/lib/
118 | aa.py
119 | Raccoon_scan_results
120 | raccoon.png
121 | screenshots/*
122 | server.lol
123 | human_session_imitator.py


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: python
2 | python:
3 |   - "3.5"
4 |   - "3.6"
5 | install: pip install -r requirements.txt
6 | script:
7 |   - python -m unittest tests/*


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.8-alpine
 2 | 
 3 | LABEL maintainer="Evyatar Meged <evyatarmeged@gmail.com>"
 4 | LABEL dockerfile-creator="Mostafa Hussein <mostafa.hussein91@gmail.com>"
 5 | 
 6 | RUN addgroup -S raccoon && \
 7 |     adduser -S raccoon -G raccoon
 8 | 
 9 | RUN apk add --no-cache gcc musl-dev libxml2-dev libxslt-dev nmap nmap-scripts openssl
10 | 
11 | USER raccoon
12 | WORKDIR /home/raccoon
13 | RUN pip install raccoon-scanner
14 | 
15 | ENV PATH=/home/raccoon/.local/bin:${PATH}
16 | 
17 | ENTRYPOINT ["raccoon"]
18 | CMD ["--help"]
19 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 | 
3 | Copyright (c) 2018 Evyatar Meged
4 | 
5 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
6 | 
7 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
8 | 
9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | #  Raccoon
  2 | ![Racoon](https://image.ibb.co/dkAq4J/raccoon.png)
  3 | 
  4 | #### Offensive Security Tool for Reconnaissance and Information Gathering
  5 | ![Build Status](https://travis-ci.org/evyatarmeged/Raccoon.svg?branch=master)
  6 | ![license](https://img.shields.io/github/license/mashape/apistatus.svg)
  7 | ![os](https://img.shields.io/badge/OS-Linux,%20macOS-yellow.svg)
  8 | ![pythonver](https://img.shields.io/badge/python-3.5%2B-blue.svg)
  9 | ![raccoonver](https://img.shields.io/badge/version-0.8.5-lightgrey.svg)
 10 | 
 11 | ##### Features
 12 | - [x] DNS details
 13 | - [x] DNS visual mapping using DNS dumpster
 14 | - [x] WHOIS information
 15 | - [x] TLS Data - supported ciphers, TLS versions,
 16 | certificate details and SANs
 17 | - [x] Port Scan
 18 | - [x] Services and scripts scan
 19 | - [x] URL fuzzing and dir/file detection
 20 | - [x] Subdomain enumeration - uses Google dorking, DNS dumpster queries,
 21 |  SAN discovery and bruteforce
 22 | - [x] Web application data retrieval:<br>
 23 |   - CMS detection
 24 |   - Web server info and X-Powered-By
 25 |   - robots.txt and sitemap extraction
 26 |   - Cookie inspection
 27 |   - Extracts all fuzzable URLs
 28 |   - Discovers HTML forms
 29 |   - Retrieves all Email addresses
 30 |   - Scans target for vulnerable S3 buckets and enumerates them
 31 |   for sensitive files
 32 | - [x] Detects known WAFs
 33 | - [x] Supports anonymous routing through Tor/Proxies
 34 | - [x] Uses asyncio for improved performance
 35 | - [x] Saves output to files - separates targets by folders
 36 | and modules by files
 37 | 
 38 | 
 39 | ##### Roadmap and TODOs
 40 | - [ ] Expand, test, and merge the "owasp" branch with more web application attacks and scans ([#28](https://github.com/evyatarmeged/Raccoon/issues/28))
 41 | - [ ] Support more providers for vulnerable storage scan ([#27](https://github.com/evyatarmeged/Raccoon/issues/27))
 42 | - [ ] Add more WAFs, better detection
 43 | - [ ] Support multiple hosts (read from file)
 44 | - [ ] Rate limit evasion
 45 | - [ ] IP ranges support
 46 | - [ ] CIDR notation support
 47 | - [ ] More output formats (JSON at the very least)
 48 | 
 49 | 
 50 | ### About
 51 | Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity.<br> It will do everything from
 52 | fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and
 53 | subdomain enumeration. Every scan outputs to a corresponding file.<br>
 54 | 
 55 | As most of Raccoon's scans are independent and do not rely on each other's results,
 56 | it utilizes Python's asyncio to run most scans asynchronously.<br>
 57 | 
 58 | Raccoon supports Tor/proxy for anonymous routing. It uses default wordlists (for URL fuzzing and subdomain discovery)
 59 | from the amazing [SecLists](https://github.com/danielmiessler/SecLists) repository but different lists can be passed as arguments.<br>
 60 | 
 61 | For more options - see "Usage".
 62 | 
 63 | ### Installation
 64 | For the latest stable version:<br>
 65 | ```
 66 | pip install raccoon-scanner
 67 | # To run:
 68 | raccoon [OPTIONS]
 69 | ```
 70 | Please note Raccoon requires Python3.5+ so may need to use `pip3 install raccoon-scanner`.<br>
 71 | You can also clone the GitHub repository for the latest features and changes:<br>
 72 | ```
 73 | git clone https://github.com/evyatarmeged/Raccoon.git
 74 | cd Raccoon
 75 | python setup.py install # Subsequent changes to the source code will not be reflected in calls to raccoon when this is used
 76 | # Or
 77 | python setup.py develop # Changes to code will be reflected in calls to raccoon. This can be undone by using python setup.py develop --uninstall
 78 | # Finally
 79 | raccoon [OPTIONS] [TARGET]
 80 | ```
 81 | #### macOS
 82 | To support Raccoon on macOS you need to have gtimeout on your machine.<br>
 83 | gtimeout can be installed by running `brew install coreutils`.
 84 | #### Docker<br>
 85 | ```
 86 | # Build the docker image
 87 | docker build -t evyatarmeged/raccoon .
 88 | # Run a scan, As this a non-root container we need to save the output under the user's home which is /home/raccoon
 89 | docker run --name raccoon evyatarmeged/raccoon:latest  example.com -o /home/raccoon
 90 | ```
 91 | 
 92 | ##### Prerequisites
 93 | Raccoon uses [Nmap](https://github.com/nmap/nmap) to scan ports as well as utilizes some other Nmap scripts
 94 | and features. It is mandatory that you have it installed before running Raccoon.<br>
 95 | [OpenSSL](https://github.com/openssl/openssl) is also used for TLS/SSL scans and should be installed as well.
 96 | 
 97 | ### Usage
 98 | ```
 99 | 
100 | Usage: raccoon [OPTIONS] TARGET
101 | 
102 | Options:
103 |   --version                      Show the version and exit.
104 |   -d, --dns-records TEXT         Comma separated DNS records to query.
105 |                                  Defaults to: A,MX,NS,CNAME,SOA,TXT
106 |   --tor-routing                  Route HTTP traffic through Tor (uses port
107 |                                  9050). Slows total runtime significantly
108 |   --proxy-list TEXT              Path to proxy list file that would be used
109 |                                  for routing HTTP traffic. A proxy from the
110 |                                  list will be chosen at random for each
111 |                                  request. Slows total runtime
112 |   -c, --cookies TEXT             Comma separated cookies to add to the
113 |                                  requests. Should be in the form of key:value
114 |                                  Example: PHPSESSID:12345,isMobile:false
115 |   --proxy TEXT                   Proxy address to route HTTP traffic through.
116 |                                  Slows total runtime
117 |   -w, --wordlist TEXT            Path to wordlist that would be used for URL
118 |                                  fuzzing
119 |   -T, --threads INTEGER          Number of threads to use for URL
120 |                                  Fuzzing/Subdomain enumeration. Default: 25
121 |   --ignored-response-codes TEXT  Comma separated list of HTTP status code to
122 |                                  ignore for fuzzing. Defaults to:
123 |                                  302,400,401,402,403,404,503,504
124 |   --subdomain-list TEXT          Path to subdomain list file that would be
125 |                                  used for enumeration
126 |   -sc, --scripts                 Run Nmap scan with -sC flag
127 |   -sv, --services                Run Nmap scan with -sV flag
128 |   -f, --full-scan                Run Nmap scan with both -sV and -sC
129 |   -p, --port TEXT                Use this port range for Nmap scan instead of
130 |                                  the default
131 |   --vulners-nmap-scan            Perform an NmapVulners scan. Runs instead of
132 |                                  the regular Nmap scan and is longer.
133 |   --vulners-path TEXT            Path to the custom nmap_vulners.nse script.If
134 |                                  not used, Raccoon uses the built-in script it
135 |                                  ships with.
136 |   -fr, --follow-redirects        Follow redirects when fuzzing. Default: False
137 |                                  (will not follow redirects)
138 |   --tls-port INTEGER             Use this port for TLS queries. Default: 443
139 |   --skip-health-check            Do not test for target host availability
140 |   --no-url-fuzzing               Do not fuzz URLs
141 |   --no-sub-enum                  Do not bruteforce subdomains
142 |   --skip-nmap-scan               Do not perform an Nmap scan
143 |   -q, --quiet                    Do not output to stdout
144 |   -o, --outdir TEXT              Directory destination for scan output
145 |   --help                         Show this message and exit.
146 | ```
147 | 
148 | ### Screenshots
149 | ![poc2](https://image.ibb.co/iyLreJ/aaaaaaaaaaaaa.png)<br>
150 | 
151 | **Web application data including vulnerable S3 bucket:**<br>
152 | ![somepoc](https://image.ibb.co/m6b3Jz/s3.png)
153 | 
154 | **[HTB](https://www.hackthebox.eu/) challenge example scan:**<br>
155 | ![poc](https://image.ibb.co/bGKTRy/bbbbbbb.png)<br>
156 | 
157 | **Nmap vulners scan results:**<br>
158 | ![vulnerspoc](https://image.ibb.co/iaOMyU/nmap_vulners_poc.png)<br>
159 | 
160 | **Results folder tree after a scan:**<br>
161 | ![poc3](https://image.ibb.co/iyaCJd/poc3.png)
162 | 
163 | ### Contributing
164 | Any and all contributions, issues, features and tips are welcome.
165 | 


--------------------------------------------------------------------------------
/raccoon_src/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/evyatarmeged/Raccoon/9cf6c1129221aa51280f5705106660d23b2f1b92/raccoon_src/__init__.py


--------------------------------------------------------------------------------
/raccoon_src/lib/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/evyatarmeged/Raccoon/9cf6c1129221aa51280f5705106660d23b2f1b92/raccoon_src/lib/__init__.py


--------------------------------------------------------------------------------
/raccoon_src/lib/dns_handler.py:
--------------------------------------------------------------------------------
 1 | from dns import resolver
 2 | from asyncio.subprocess import PIPE, create_subprocess_exec
 3 | from requests.exceptions import ConnectionError
 4 | from raccoon_src.utils.help_utils import HelpUtilities
 5 | from raccoon_src.utils.exceptions import RaccoonException
 6 | from raccoon_src.utils.logger import Logger
 7 | from raccoon_src.utils.coloring import COLOR, COLORED_COMBOS
 8 | 
 9 | 
10 | # noinspection PyUnboundLocalVariable
11 | class DNSHandler:
12 |     """Handles DNS queries and lookups"""
13 | 
14 |     resolver = resolver.Resolver()
15 | 
16 |     @classmethod
17 |     def query_dns(cls, domains, records):
18 |         """
19 |         Query DNS records for host.
20 |         :param domains: Iterable of domains to get DNS Records for
21 |         :param records: Iterable of DNS records to get from domain.
22 |         """
23 |         results = {k: set() for k in records}
24 |         for record in records:
25 |             for domain in domains:
26 |                 try:
27 |                     answers = cls.resolver.query(domain, record)
28 |                     for answer in answers:
29 |                         # Add value to record type
30 |                         results.get(record).add(answer)
31 |                 except (resolver.NoAnswer, resolver.NXDOMAIN, resolver.NoNameservers):
32 |                     # Type of record doesn't fit domain or no answer from ns
33 |                     continue
34 | 
35 |         return {k: v for k, v in results.items() if v}
36 | 
37 |     @classmethod
38 |     async def grab_whois(cls, host):
39 |         if not host.naked:
40 |             return
41 | 
42 |         script = "whois {}".format(host.naked).split()
43 |         log_file = HelpUtilities.get_output_path("{}/whois.txt".format(host.target))
44 |         logger = Logger(log_file)
45 | 
46 |         process = await create_subprocess_exec(
47 |             *script,
48 |             stdout=PIPE,
49 |             stderr=PIPE
50 |         )
51 |         result, err = await process.communicate()
52 | 
53 |         if process.returncode == 0:
54 |             logger.info("{} {} WHOIS information retrieved".format(COLORED_COMBOS.GOOD, host))
55 |             for line in result.decode().strip().split("\n"):
56 |                     if ":" in line:
57 |                         logger.debug(line)
58 | 
59 |     @classmethod
60 |     async def generate_dns_dumpster_mapping(cls, host, sout_logger):
61 |         sout_logger.info("{} Trying to fetch DNS Mapping for {} from DNS dumpster".format(
62 |             COLORED_COMBOS.INFO, host))
63 |         try:
64 |             page = HelpUtilities.query_dns_dumpster(host=host)
65 |             if page.status_code == 200:
66 |                 path = HelpUtilities.get_output_path("{}/dns_mapping.png".format(host.target))
67 |                 with open(path, "wb") as target_image:
68 |                     target_image.write(page.content)
69 |                 sout_logger.info("{} Successfully fetched DNS mapping for {}".format(
70 |                     COLORED_COMBOS.GOOD, host.target)
71 |                 )
72 |             else:
73 |                 raise RaccoonException
74 |         except RaccoonException:
75 |             sout_logger.info("{} Failed to generate DNS mapping. A connection error occurred.".format(
76 |                 COLORED_COMBOS.BAD))
77 | 


--------------------------------------------------------------------------------
/raccoon_src/lib/fuzzer.py:
--------------------------------------------------------------------------------
  1 | import uuid
  2 | from functools import partial
  3 | from multiprocessing.pool import ThreadPool
  4 | from requests.exceptions import ConnectionError
  5 | from raccoon_src.utils.exceptions import FuzzerException, RequestHandlerException
  6 | from raccoon_src.utils.coloring import COLOR, COLORED_COMBOS
  7 | from raccoon_src.utils.request_handler import RequestHandler
  8 | from raccoon_src.utils.help_utils import HelpUtilities
  9 | from raccoon_src.utils.logger import Logger
 10 | 
 11 | 
 12 | # Really wanted to use Aiohttp, doesn't play nice with proxies or TOR, disconnects unexpectedly, etc.
 13 | # Going threaded on this one
 14 | 
 15 | 
 16 | class URLFuzzer:
 17 | 
 18 |     def __init__(self,
 19 |                  host,
 20 |                  ignored_response_codes,
 21 |                  num_threads,
 22 |                  path_to_wordlist,
 23 |                  follow_redirects=False):
 24 | 
 25 |         self.target = host.target
 26 |         self.ignored_error_codes = ignored_response_codes
 27 |         self.proto = host.protocol
 28 |         self.port = host.port
 29 |         self.num_threads = num_threads
 30 |         self.path_to_wordlist = path_to_wordlist
 31 |         self.wordlist = self._create_set_from_wordlist_file(path_to_wordlist)
 32 |         self.follow_redirects = follow_redirects
 33 |         self.request_handler = RequestHandler()  # Will get the single, already initiated instance
 34 |         self.logger = None
 35 | 
 36 |     @staticmethod
 37 |     def _create_set_from_wordlist_file(wordlist):
 38 |         try:
 39 |             with open(wordlist, "r") as file:
 40 |                 fuzzlist = file.readlines()
 41 |                 fuzzlist = [x.replace("\n", "") for x in fuzzlist]
 42 |                 return set(fuzzlist)
 43 |         except FileNotFoundError:
 44 |             raise FuzzerException("Cannot open file {}. Will not perform Fuzzing".format(wordlist))
 45 | 
 46 |     def _log_response(self, code, url, headers):
 47 |         if 300 > code >= 200:
 48 |             color = COLOR.GREEN
 49 |         elif 400 > code >= 300:
 50 |             color = COLOR.BLUE
 51 |             url += " redirects to {}".format(headers.get("Location"))
 52 |         elif 510 > code >= 400:
 53 |             color = COLOR.RED
 54 |         else:
 55 |             color = COLOR.RESET
 56 |         self.logger.info("\t{}[{}]{} {}".format(
 57 |             color, code, COLOR.RESET, url))
 58 | 
 59 |     def _build_request_url(self, uri, sub_domain):
 60 |         if not sub_domain:
 61 |             if self.port != 80 and self.port != 443:
 62 |                 url = "{}://{}:{}/{}".format(self.proto, self.target, self.port, uri)
 63 |             else:
 64 |                 url = "{}://{}/{}".format(self.proto, self.target, uri)
 65 |         else:
 66 |             if self.port != 80 and self.port != 443:
 67 |                 url = "{}://{}.{}:{}".format(self.proto, uri, self.target, self.port)
 68 |             else:
 69 |                 url = "{}://{}.{}".format(self.proto, uri, self.target)
 70 |         return url
 71 | 
 72 |     def _fetch(self, uri, sub_domain=False):
 73 |         """
 74 |         Send a HEAD request to URL and print response code if it's not in ignored_error_codes
 75 |         :param uri: URI to fuzz
 76 |         :param sub_domain: If True, build destination URL with {URL}.{HOST} else {HOST}/{URL}
 77 |         """
 78 |         url = self._build_request_url(uri, sub_domain=sub_domain)
 79 | 
 80 |         try:
 81 |             res = self.request_handler.send("HEAD", url=url, allow_redirects=self.follow_redirects)
 82 |             if res.status_code not in self.ignored_error_codes:
 83 |                 self._log_response(res.status_code, url, res.headers)
 84 |         except (AttributeError, RequestHandlerException):
 85 |             # res is None or another error occurred
 86 |             pass
 87 | 
 88 |     def get_log_file_path(self, path):
 89 |         if path:
 90 |             log_file = path
 91 |         else:
 92 |             log_file = "{}/url_fuzz.txt".format(self.target)
 93 | 
 94 |         return Logger(HelpUtilities.get_output_path(log_file))
 95 | 
 96 |     @staticmethod
 97 |     def _rule_out_false_positives(response_codes, sub_domain):
 98 |         if any(code == 200 for code in response_codes):
 99 |             if sub_domain:
100 |                 err_msg = "Wildcard subdomain support detected (all subdomains return 200)." \
101 |                           " Will not bruteforce subdomains"
102 |             else:
103 |                 err_msg = "Web server seems to redirect requests for all resources " \
104 |                           "to eventually return 200. Will not bruteforce URLs"
105 |             raise FuzzerException(err_msg)
106 | 
107 |     def _generate_fake_requests(self, sub_domain):
108 |         response_codes = []
109 |         fake_uris = (uuid.uuid4(), uuid.uuid4())
110 |         session = self.request_handler.get_new_session()
111 |         for uri in fake_uris:
112 |             url = self._build_request_url(uri, sub_domain)
113 |             try:
114 |                 res = self.request_handler.send("GET", url=url, allow_redirects=True)
115 |                 response_codes.append(res.status_code)
116 |                 res = session.get(url=url, allow_redirects=self.follow_redirects)
117 |                 response_codes.append(res.status_code)
118 |             except RequestHandlerException as e:
119 |                 if sub_domain:  # If should-not-work.example.com doesn't resolve, no wildcard subdomain is present
120 |                     return [0]
121 |                 else:
122 |                     raise FuzzerException("Could not get a response from {}."
123 |                                           " Maybe target is down ?".format(self.target))
124 |         return response_codes
125 | 
126 |     async def fuzz_all(self, sub_domain=False, log_file_path=None):
127 |         """
128 |         Create a pool of threads and exhaust self.wordlist on self._fetch
129 |         Should be run in an event loop.
130 |         :param sub_domain: Indicate if this is subdomain enumeration or URL busting
131 |         :param log_file_path: Log subdomain enum results to this path.
132 |         """
133 |         self.logger = self.get_log_file_path(log_file_path)
134 |         try:
135 |             # Rule out wildcard subdomain support/all resources redirect to a 200 page
136 |             response_codes = self._generate_fake_requests(sub_domain)
137 |             self._rule_out_false_positives(response_codes, sub_domain)
138 | 
139 |             if not sub_domain:
140 |                 self.logger.info("{} Fuzzing URLs".format(COLORED_COMBOS.INFO))
141 |             self.logger.info("{} Reading from list: {}".format(COLORED_COMBOS.INFO, self.path_to_wordlist))
142 |             pool = ThreadPool(self.num_threads)
143 |             pool.map(partial(self._fetch, sub_domain=sub_domain), self.wordlist)
144 |             pool.close()
145 |             pool.join()
146 |             if not sub_domain:
147 |                 self.logger.info("{} Done fuzzing URLs".format(COLORED_COMBOS.INFO))
148 |         except FuzzerException as e:
149 |             self.logger.info("{} {}".format(COLORED_COMBOS.BAD, e))
150 |         except ConnectionError as e:
151 |             if "Remote end closed connection without response" in str(e):
152 |                 self.logger.info("{} {}. Target is actively closing connections - will not "
153 |                                  "bruteforce URLs".format(COLORED_COMBOS.BAD, str(e)))
154 | 


--------------------------------------------------------------------------------
/raccoon_src/lib/host.py:
--------------------------------------------------------------------------------
  1 | import os
  2 | from ipaddress import ip_address
  3 | from dns.exception import Timeout
  4 | from raccoon_src.lib.dns_handler import DNSHandler
  5 | from raccoon_src.utils.exceptions import HostHandlerException
  6 | from raccoon_src.utils.help_utils import HelpUtilities
  7 | from raccoon_src.utils.coloring import COLOR, COLORED_COMBOS
  8 | from raccoon_src.utils.logger import Logger, SystemOutLogger
  9 | 
 10 | 
 11 | class Host:
 12 |     """
 13 |     Host parsing, IP to host resolution (and vice verse), etc
 14 |     Sets domain/IP, port, protocol. also tries to parse FQDN, naked domain, if possible.
 15 |     """
 16 |     def __init__(self, target, dns_records):
 17 |         self.target = target.strip()
 18 |         self.dns_records = dns_records
 19 |         self.port = 80
 20 |         self.protocol = "http"
 21 |         self.is_ip = False
 22 |         self.fqdn = None
 23 |         self.naked = None
 24 |         self.dns_results = {}
 25 |         self.logger = SystemOutLogger()
 26 | 
 27 |     def __str__(self):
 28 |         return self.target
 29 | 
 30 |     def __repr__(self):
 31 |         return self.__dict__
 32 | 
 33 |     @staticmethod
 34 |     def _create_host_dir(path):
 35 |         try:
 36 |             os.makedirs("/".join(path.split("/")[:-1]), exist_ok=True)
 37 |         except FileExistsError:
 38 |             pass
 39 | 
 40 |     def validate_ip(self, addr=None):
 41 |         if not addr:
 42 |             addr = self.target
 43 |         try:
 44 |             ip_address(addr.strip())
 45 |             return True
 46 |         except ValueError:
 47 |             return
 48 | 
 49 |     def _extract_port(self, addr):
 50 |         try:
 51 |             self.target, self.port = addr.split(":")
 52 |             try:
 53 |                 self.port = int(self.port)
 54 |             except ValueError:
 55 |                 # Probably has a path after the port, e.g - localhost:3000/home.asp
 56 |                 raise HostHandlerException("Failed to parse port {}. Is there a path after it ?".format(
 57 |                     self.port
 58 |                 ))
 59 |             self.logger.info("{} Port detected: {}".format(COLORED_COMBOS.NOTIFY, self.port))
 60 |         except IndexError:
 61 |             self.logger.info("{} Did not detect port. Using default port 80".format(COLORED_COMBOS.NOTIFY))
 62 |             return
 63 |         return
 64 | 
 65 |     def _is_proto(self, domain=None):
 66 |         if not domain:
 67 |             domain = self.target
 68 |         if "://" in domain:
 69 |             if any(domain.startswith(proto) for proto in ("https", "http")):
 70 |                 return True
 71 |             else:
 72 |                 raise HostHandlerException("Unknown or unsupported protocol: {}".format(self.target.split("://")[0]))
 73 |         return
 74 | 
 75 |     def write_up(self):
 76 |         self.logger.info("{} Writing DNS query results".format(COLORED_COMBOS.GOOD, self))
 77 | 
 78 |         for record in self.dns_results:
 79 |             self.logger.debug(record+"\n")
 80 |             for value in self.dns_results.get(record):
 81 |                 self.logger.debug("\t{}".format(value))
 82 | 
 83 |     def create_host_dir_and_set_file_logger(self):
 84 |         log_file = HelpUtilities.get_output_path("{}/dns_records.txt".format(self.target))
 85 |         self._create_host_dir(log_file)
 86 |         self.logger = Logger(log_file)
 87 | 
 88 |     def parse(self):
 89 |         """
 90 |         Try to extract domain (full, naked, sub-domain), IP and port.
 91 |         """
 92 |         if self.target.endswith("/"):
 93 |             self.target = self.target[:-1]
 94 | 
 95 |         if self._is_proto(self.target):
 96 |             try:
 97 |                 self.protocol, self.target = self.target.split("://")
 98 |                 self.logger.info("{} Protocol detected: {}".format(COLORED_COMBOS.NOTIFY, self.protocol))
 99 |                 if self.protocol.lower() == "https" and self.port == 80:
100 |                     self.port = 443
101 |             except ValueError:
102 |                 raise HostHandlerException("Could not make domain and protocol from host")
103 | 
104 |         if ":" in self.target:
105 |             self._extract_port(self.target)
106 | 
107 |         if self.validate_ip(self.target):
108 |             self.logger.info("{} Detected {} as an IP address.".format(COLORED_COMBOS.NOTIFY, self.target))
109 |             self.is_ip = True
110 |         else:
111 |             domains = []
112 |             if self.target.startswith("www."):
113 |                 # Obviously an FQDN
114 |                 domains.extend((self.target, self.target.split("www.")[1]))
115 |                 self.fqdn = self.target
116 |                 self.naked = ".".join(self.fqdn.split('.')[1:])
117 |             else:
118 |                 domains.append(self.target)
119 |                 domain_levels = self.target.split(".")
120 |                 if len(domain_levels) == 2 or (len(domain_levels) == 3 and domain_levels[1] == "co"):
121 |                     self.logger.info("{} Found {} to be a naked domain".format(COLORED_COMBOS.NOTIFY, self.target))
122 |                     self.naked = self.target
123 | 
124 |             try:
125 |                 self.dns_results = DNSHandler.query_dns(domains, self.dns_records)
126 |             except Timeout:
127 |                 raise HostHandlerException("DNS Query timed out. Maybe target has DNS protection ?")
128 | 
129 |             if self.dns_results.get("CNAME"):
130 |                 # Naked domains shouldn't hold CNAME records according to RFC regulations
131 |                 self.logger.info("{} Found {} to be an FQDN by CNAME presence in DNS records".format(
132 |                     COLORED_COMBOS.NOTIFY, self.target))
133 | 
134 |                 self.fqdn = self.target
135 |                 self.naked = ".".join(self.fqdn.split('.')[1:])
136 |         self.create_host_dir_and_set_file_logger()
137 |         self.write_up()
138 | 


--------------------------------------------------------------------------------
/raccoon_src/lib/owasp.py:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | class XSS:
 4 | 
 5 |     def __init__(self):
 6 |         pass
 7 | 
 8 | 
 9 | class LFI:
10 | 
11 |     def __init__(self):
12 |         pass
13 | 
14 | 
15 | class RFI:
16 | 
17 |     def __init__(self):
18 |         pass
19 | 
20 | 
21 | class Traversal:
22 | 
23 |     def __init__(self):
24 |         pass
25 | 
26 | 
27 | class RCE:
28 | 
29 |     def __init__(self):
30 |         pass
31 | 
32 | 
33 | class OWASPScanner:
34 | 
35 |     def __init__(self):
36 |         self.running_threads = []
37 | 
38 |         # params
39 |         pass
40 | 
41 |     def discover_xss(self):
42 |         # if potentially vulnerable, create instance and run scan in a new thread
43 |         pass
44 | 
45 |     def discover_lfi(self):
46 |         # if potentially vulnerable, create instance and run scan in a new thread
47 |         pass
48 | 
49 |     def discover_rfi(self):
50 |         # if potentially vulnerable, create instance and run scan in a new thread
51 |         pass
52 | 
53 |     def run(self):
54 |         # Perform all checks, create relevant threads
55 |         pass
56 | 


--------------------------------------------------------------------------------
/raccoon_src/lib/scanner.py:
--------------------------------------------------------------------------------
  1 | import re
  2 | from subprocess import PIPE, Popen
  3 | from raccoon_src.utils.help_utils import HelpUtilities
  4 | from raccoon_src.utils.logger import Logger
  5 | from raccoon_src.utils.coloring import COLOR, COLORED_COMBOS
  6 | 
  7 | 
  8 | class NmapScan:
  9 |     """
 10 |     Nmap scan class
 11 |     Will run SYN/TCP scan according to privileges.
 12 |     Start Raccoon with sudo for -sS else will run -sT
 13 |     """
 14 | 
 15 |     def __init__(self, host, port_range, full_scan=None, scripts=None, services=None):
 16 |         self.target = host.target
 17 |         self.full_scan = full_scan
 18 |         self.scripts = scripts
 19 |         self.services = services
 20 |         self.port_range = port_range
 21 |         self.path = HelpUtilities.get_output_path("{}/nmap_scan.txt".format(self.target))
 22 |         self.logger = Logger(self.path)
 23 | 
 24 |     def build_script(self):
 25 |         script = ["nmap", "-Pn", self.target]
 26 | 
 27 |         if self.port_range:
 28 |             HelpUtilities.validate_port_range(self.port_range)
 29 |             script.append("-p")
 30 |             script.append(self.port_range)
 31 |             self.logger.info("{} Added port range {} to Nmap script".format(COLORED_COMBOS.NOTIFY, self.port_range))
 32 |         if self.full_scan:
 33 |             script.append("-sV")
 34 |             script.append("-sC")
 35 |             self.logger.info("{} Added scripts and services to Nmap script".format(COLORED_COMBOS.NOTIFY))
 36 |             return script
 37 |         else:
 38 |             if self.scripts:
 39 |                 self.logger.info("{} Added safe-scripts scan to Nmap script".format(COLORED_COMBOS.NOTIFY))
 40 |                 script.append("-sC")
 41 |             if self.services:
 42 |                 self.logger.info("{} Added service scan to Nmap script".format(COLORED_COMBOS.NOTIFY))
 43 |                 script.append("-sV")
 44 |         return script
 45 | 
 46 | 
 47 | class NmapVulnersScan(NmapScan):
 48 |     """
 49 |     NmapVulners scan class (NmapScan subclass)
 50 |     """
 51 | 
 52 |     def __init__(self, host, port_range, vulners_path):
 53 |         super().__init__(host=host, port_range=port_range)
 54 |         self.vulners_path = vulners_path
 55 |         self.path = HelpUtilities.get_output_path("{}/nmap_vulners_scan.txt".format(self.target))
 56 |         self.logger = Logger(self.path)
 57 | 
 58 |     def build_script(self):
 59 |         script = ["nmap", "-Pn", "-sV", "--script", self.vulners_path, self.target]
 60 | 
 61 |         if self.port_range:
 62 |             HelpUtilities.validate_port_range(self.port_range)
 63 |             script.append("-p")
 64 |             script.append(self.port_range)
 65 |             self.logger.info("{} Added port range {} to Nmap script".format(COLORED_COMBOS.NOTIFY, self.port_range))
 66 | 
 67 |         return script
 68 | 
 69 | 
 70 | class Scanner:
 71 | 
 72 |     @classmethod
 73 |     def run(cls, scan):
 74 |         script = scan.build_script()
 75 | 
 76 |         scan.logger.info("{} Nmap script to run: {}".format(COLORED_COMBOS.INFO, " ".join(script)))
 77 |         scan.logger.info("{} Nmap scan started\n".format(COLORED_COMBOS.GOOD))
 78 |         process = Popen(
 79 |             script,
 80 |             stdout=PIPE,
 81 |             stderr=PIPE
 82 |         )
 83 |         result, err = process.communicate()
 84 |         result, err = result.decode().strip(), err.decode().strip()
 85 |         if result:
 86 |             parsed_result = cls._parse_scan_output(result)
 87 |             scan.logger.info(parsed_result)
 88 |         Scanner.write_up(scan, result, err)
 89 | 
 90 |     @classmethod
 91 |     def _parse_scan_output(cls, result):
 92 |         parsed_output = ""
 93 |         for line in result.split("\n"):
 94 |             if "PORT" in line and "STATE" in line:
 95 |                 parsed_output += "{} Nmap discovered the following ports:\n".format(COLORED_COMBOS.GOOD)
 96 |             if "/tcp" in line or "/udp" in line and "open" in line:
 97 |                 line = line.split()
 98 |                 parsed_output += "\t{}{}{} {}\n".format(COLOR.GREEN, line[0], COLOR.RESET, " ".join(line[1:]))
 99 |         return parsed_output
100 | 
101 |     @classmethod
102 |     def write_up(cls, scan, result, err):
103 |         open(scan.path, "w").close()
104 |         if result:
105 |             scan.logger.debug(result+"\n")
106 |         if err:
107 |             scan.logger.debug(err)
108 | 
109 | 
110 | class VulnersScanner(Scanner):
111 | 
112 |     @classmethod
113 |     def _parse_scan_output(cls, result):
114 | 
115 |         parsed_output = ""
116 |         out_versions, out_pure = cls._parse_vulners_output(result)
117 | 
118 |         out_versions = re.sub(r"(\d+\/(?:tcp|udp))", COLOR.GREEN + r"\1" + COLOR.RESET, out_versions)
119 |         out_versions = re.sub(r"(\sCVE\S*)", COLOR.RED + r"\1" + COLOR.RESET, out_versions)
120 |         out_pure = re.sub(r"(\d+\/(?:tcp|udp))", COLOR.GREEN + r"\1" + COLOR.RESET, out_pure)
121 | 
122 |         if out_pure:
123 |             parsed_output += "{} NmapVulners discovered the following open ports:\n{}"\
124 |                 .format(COLORED_COMBOS.GOOD, out_pure)
125 |         if out_versions:
126 |             parsed_output += "{} NmapVulners discovered some vulnerable software within the following open ports:\n{}"\
127 |                 .format(COLORED_COMBOS.GOOD, out_versions)
128 |         return parsed_output
129 | 
130 |     @classmethod
131 |     def _parse_vulners_output(cls, res):
132 |         ports = re.findall(r"(?:^\d+/(?:tcp|udp).*open.*$\n(?:^\|.*$\n)*)", res, re.MULTILINE)
133 |         out_vers = ""
134 |         out_none = ""
135 |         for port in ports:
136 |             if 'vulners' in port:
137 |                 out_vers += '\n' + '\n'.join(
138 |                     re.findall(r"^(\d+/(?:tcp|udp).*open.*$)[\s\S]*?(^\|.*vulners[\s\S]+?^\|_.+?$)", port,
139 |                                re.MULTILINE)[0])
140 |             else:
141 |                 out_none += port
142 |         return out_vers, out_none
143 | 


--------------------------------------------------------------------------------
/raccoon_src/lib/storage_explorer.py:
--------------------------------------------------------------------------------
  1 | import os
  2 | import xmltodict
  3 | from raccoon_src.utils.request_handler import RequestHandler
  4 | from raccoon_src.utils.exceptions import RaccoonException, RequestHandlerException
  5 | from raccoon_src.utils.coloring import COLORED_COMBOS, COLOR
  6 | 
  7 | 
  8 | # Set path for relative access to builtin files.
  9 | MY_PATH = os.path.abspath(os.path.dirname(__file__))
 10 | HTTP = "http://"
 11 | HTTPS = "https://"
 12 | BASE_S3_URL = "s3.amazonaws.com"
 13 | 
 14 | 
 15 | class Storage:
 16 | 
 17 |     def __init__(self, host, logger):
 18 |         self.host = host
 19 |         self.logger = logger
 20 |         self.request_handler = RequestHandler()
 21 |         self.storage_urls_found = set()
 22 |         self.num_files_found = 0
 23 |         file_list_path = os.path.join(MY_PATH, "../wordlists/storage_sensitive")
 24 |         with open(file_list_path, "r") as file:
 25 |             files = file.readlines()
 26 |             self.sensitive_files = [x.replace("\n", "") for x in files]
 27 | 
 28 |     @staticmethod
 29 |     def _normalize_url(url):
 30 |         if url.startswith(HTTP):
 31 |             url = url.replace(HTTP, "")
 32 |             url = "".join([part for part in url.split("//") if part])
 33 |             return HTTP+url
 34 |         else:
 35 |             url = url.replace(HTTPS, "")
 36 |             url = "".join([part for part in url.split("//") if part])
 37 |             return HTTPS+url
 38 | 
 39 | 
 40 | # Is this a thing ??
 41 | class AzureStorageHandler:
 42 |     pass
 43 | 
 44 | 
 45 | class GoogleStorageHandler:
 46 |     pass
 47 | 
 48 | 
 49 | class AmazonS3Handler(Storage):
 50 | 
 51 |     def __init__(self, host, logger):
 52 |         super().__init__(host, logger)
 53 |         self.s3_buckets = set()
 54 | 
 55 |     def _is_s3_url(self, src):
 56 |         # Not including third party Amazon host services - aka cdn.3rdparty.com
 57 |         return any(("s3" in src and "amazonaws" in src,
 58 |                     "cdn.{}".format(str(self.host.naked)) in src,
 59 |                     "cdn.{}".format(self.host.target) in src,
 60 |                     "cdn.{}".format(".".join(self.host.target.split(".")[1:])) in src,
 61 |                     "cloudfront.net" in src))
 62 | 
 63 |     @staticmethod
 64 |     def _is_amazon_s3_bucket(res):
 65 |         return res.headers.get("Server") == "AmazonS3"
 66 | 
 67 |     def _test_s3_bucket_permissions(self, bucket):
 68 |         try:
 69 |             bucket_url = [part for part in bucket.no_scheme_url.split("/") if part]
 70 |             bucket_len = len(bucket_url)
 71 | 
 72 |             for i in range(bucket_len-1):
 73 |                 url = "/".join(bucket_url[:i+1])
 74 |                 if url == BASE_S3_URL or url in self.storage_urls_found:
 75 |                     continue
 76 | 
 77 |                 self.storage_urls_found.add(url)
 78 |                 res = self.request_handler.send("GET", url=HTTPS+url)
 79 | 
 80 |                 if res.status_code == 200 and res.headers.get("Content-Type") == "application/xml":
 81 |                     self.logger.info("{} Vulnerable S3 bucket detected: {}{}{}. Enumerating sensitive files".format(
 82 |                         COLORED_COMBOS.GOOD, COLOR.RED, url, COLOR.RESET))
 83 |                     bucket.vulnerable = True
 84 |                     self._scan_for_sensitive_files(res.text, url)
 85 | 
 86 |         except RequestHandlerException:
 87 |             # Cannot connect to bucket, move on
 88 |             pass
 89 | 
 90 |     def _scan_for_sensitive_files(self, contents, url):
 91 |         xpars = xmltodict.parse(contents)
 92 |         for el in xpars.get("ListBucketResult").get("Contents"):
 93 |             key = el.get("Key")
 94 |             for file in self.sensitive_files:
 95 |                 if file in key:
 96 |                     self.logger.debug("Found {} file in bucket {}".format(key, url))
 97 |                     self.num_files_found += 1
 98 | 
 99 | 
100 | class S3Bucket:
101 | 
102 |     def __init__(self, url):
103 |         self.url = self._strip_resource_from_bucket(url)
104 |         self.no_scheme_url = self._remove_scheme_from_url(self.url)
105 |         self.vulnerable = False
106 | 
107 |     @staticmethod
108 |     def _strip_resource_from_bucket(bucket_url):
109 |         # Return the storage URL without the resource
110 |         return "/".join(bucket_url.split("/")[:-1])
111 | 
112 |     @staticmethod
113 |     def _remove_scheme_from_url(url):
114 |         if url.startswith(HTTP):
115 |             url = url.replace(HTTP, "")
116 |         else:
117 |             url = url.replace(HTTPS, "")
118 |         return "".join([part for part in url.split("//") if part])
119 | 
120 | 
121 | class StorageExplorer(AmazonS3Handler, GoogleStorageHandler, AzureStorageHandler):
122 |     """
123 |     Find and test privileges of target cloud storage and look for sensitive files in it.
124 |     Can lead to finding .git/.DS_Store/etc files with tokens, passwords and more.
125 |     """
126 | 
127 |     def __init__(self, host, logger):
128 |         super().__init__(host, logger)
129 |         self.host = host
130 |         self.logger = logger  # Uses the logger from web_app module
131 |         self.buckets_found = set()
132 | 
133 |     @staticmethod
134 |     def _get_image_sources_from_html(soup):
135 |         images = soup.select("img")
136 |         return {img.get("src") for img in images if img.get("src")}
137 | 
138 |     def _add_to_found_storage(self, storage_url):
139 |         """
140 |         Will first normalize the img src and then check if this bucket was discovered before
141 |         If it is in storage_urls_found, the function returns
142 |         Else, it send a GET for the original URL (normalized image src) and will look for "AmazonS3" in
143 |         the "Server" response header.
144 |         If found, will add to URL with the resource stripped
145 | 
146 |         :param storage_url: img src scraped from page
147 |         """
148 |         storage_url = self._normalize_url(storage_url)
149 |         bucket = S3Bucket(storage_url)
150 |         if bucket.url not in self.storage_urls_found:
151 |             try:
152 |                 res = self.request_handler.send("GET", url=storage_url)
153 |                 if self._is_amazon_s3_bucket(res):
154 |                     self.storage_urls_found.add(bucket.url)
155 |                     self.s3_buckets.add(bucket)
156 |             except RequestHandlerException:
157 |                 # Cannot connect to storage, move on
158 |                 pass
159 | 
160 |     def run(self, soup):
161 |         img_srcs = self._get_image_sources_from_html(soup)
162 |         # First validation
163 |         urls = {src for src in img_srcs if self._is_s3_url(src)}
164 |         for url in urls:
165 |             self._add_to_found_storage(url)
166 |         if self.s3_buckets:
167 |             self.logger.info("{} S3 buckets discovered. Testing for permissions".format(COLORED_COMBOS.NOTIFY))
168 |             for bucket in self.s3_buckets:
169 |                 if bucket.no_scheme_url in self.storage_urls_found:
170 |                     continue
171 |                 else:
172 |                     self._test_s3_bucket_permissions(bucket)
173 | 
174 |             if self.num_files_found > 0:
175 |                 self.logger.info(
176 |                     "{} Found {}{}{} sensitive files in S3 buckets. inspect web scan logs for more information.".format(
177 |                         COLORED_COMBOS.GOOD, COLOR.GREEN, self.num_files_found, COLOR.RESET))
178 |             elif any(b.vulnerable for b in self.s3_buckets):
179 |                 self.logger.info("{} No sensitive files found in target's cloud storage".format(COLORED_COMBOS.BAD))
180 |             else:
181 |                 self.logger.info("{} Could not access target's cloud storage."
182 |                                  " All permissions are set properly".format(COLORED_COMBOS.BAD))
183 | 


--------------------------------------------------------------------------------
/raccoon_src/lib/sub_domain.py:
--------------------------------------------------------------------------------
  1 | import re
  2 | from bs4 import BeautifulSoup
  3 | from raccoon_src.utils.request_handler import RequestHandler
  4 | from raccoon_src.lib.fuzzer import URLFuzzer
  5 | from raccoon_src.utils.help_utils import HelpUtilities
  6 | from raccoon_src.utils.exceptions import RaccoonException
  7 | from raccoon_src.utils.logger import Logger
  8 | from raccoon_src.utils.coloring import COLOR, COLORED_COMBOS
  9 | 
 10 | 
 11 | class SubDomainEnumerator:
 12 | 
 13 |     def __init__(self,
 14 |                  host,
 15 |                  sans,
 16 |                  domain_list,
 17 |                  ignored_response_codes,
 18 |                  num_threads,
 19 |                  follow_redirects,
 20 |                  no_sub_enum):
 21 |         self.host = host
 22 |         self.target = host.target
 23 |         self.sans = sans
 24 |         self.domain_list = domain_list
 25 |         self.ignored_error_codes = ignored_response_codes
 26 |         self.num_threads = num_threads
 27 |         self.follow_redirects = follow_redirects
 28 |         self.no_sub_enum = no_sub_enum
 29 |         self.request_handler = RequestHandler()
 30 |         log_file = HelpUtilities.get_output_path("{}/subdomains.txt".format(self.target))
 31 |         self.logger = Logger(log_file)
 32 | 
 33 |     async def run(self):
 34 |         self.logger.info("{} Enumerating Subdomains".format(COLORED_COMBOS.INFO))
 35 |         if self.sans:
 36 |             self._extract_from_sans()
 37 |         self._google_dork()
 38 |         self._extract_from_dns_dumpster()
 39 |         if not self.no_sub_enum:
 40 |             await self.bruteforce()
 41 |         self.logger.info("{} Done enumerating Subdomains".format(COLORED_COMBOS.INFO))
 42 | 
 43 |     def _extract_from_sans(self):
 44 |         """Looks for different TLDs as well as different sub-domains in SAN list"""
 45 |         self.logger.info("{} Trying to find Subdomains in SANs list".format(COLORED_COMBOS.NOTIFY))
 46 |         if self.host.naked:
 47 |             domain = self.host.naked
 48 |             tld_less = domain.split(".")[0]
 49 |         else:
 50 |             domain = self.host.target.split(".")
 51 |             tld_less = domain[1]
 52 |             domain = ".".join(domain[1:])
 53 | 
 54 |         for san in self.sans:
 55 |             if (tld_less in san or domain in san) and self.target != san and not san.startswith("*"):
 56 |                 self.logger.info("{} Subdomain detected: {}".format(COLORED_COMBOS.GOOD, san))
 57 | 
 58 |     def _google_dork(self):
 59 |         self.logger.info("{} Trying to discover subdomains in Google".format(COLORED_COMBOS.NOTIFY))
 60 |         page = self.request_handler.send(
 61 |             "GET",
 62 |             url="https://www.google.com/search?q=site:{}&num=100".format(self.target)
 63 |         )
 64 |         soup = BeautifulSoup(page.text, "lxml")
 65 |         results = set(re.findall(r"\w+\.{}".format(self.target), soup.text))
 66 |         for subdomain in results:
 67 |             if "www." not in subdomain:
 68 |                 self.logger.info("{} Detected subdomain through Google dorking: {}".format(
 69 |                     COLORED_COMBOS.GOOD, subdomain))
 70 | 
 71 |     def _extract_from_dns_dumpster(self):
 72 |         self.logger.info("{} Trying to extract subdomains from DNS dumpster".format(COLORED_COMBOS.NOTIFY))
 73 |         try:
 74 |             page = HelpUtilities.query_dns_dumpster(host=self.host)
 75 |             soup = BeautifulSoup(page.text, "lxml")
 76 |             hosts_table = soup.select(".table")[-1]
 77 |             for row in hosts_table.find_all("tr"):
 78 |                 tds = row.select("td")
 79 |                 sub_domain = tds[0].text.split('\n')[0]  # Grab just the URL, truncate other information
 80 |                 self.logger.info("{} Found subdomain in DNS dumpster: {}".format(COLORED_COMBOS.GOOD, sub_domain))
 81 |         except (RaccoonException, IndexError):
 82 |             self.logger.info("{} Failed to query DNS dumpster for subdomains".format(COLORED_COMBOS.BAD))
 83 | 
 84 |     async def bruteforce(self):
 85 |         path = "{}/subdomain_fuzz.txt".format(self.host.target)
 86 | 
 87 |         # If a naked domain exists, use it
 88 |         if self.host.naked:
 89 |             self.host.target = self.host.naked
 90 | 
 91 |         self.logger.info("{} Bruteforcing subdomains".format(COLORED_COMBOS.NOTIFY))
 92 |         sub_domain_fuzzer = URLFuzzer(
 93 |             host=self.host,
 94 |             path_to_wordlist=self.domain_list,
 95 |             num_threads=self.num_threads,
 96 |             ignored_response_codes=self.ignored_error_codes,
 97 |             follow_redirects=self.follow_redirects
 98 |             )
 99 |         await sub_domain_fuzzer.fuzz_all(sub_domain=True, log_file_path=path)
100 | 


--------------------------------------------------------------------------------
/raccoon_src/lib/tls.py:
--------------------------------------------------------------------------------
  1 | import re
  2 | from platform import system
  3 | # noinspection PyProtectedMember
  4 | from asyncio.subprocess import PIPE, create_subprocess_exec
  5 | from raccoon_src.utils.help_utils import HelpUtilities
  6 | from raccoon_src.utils.coloring import COLOR, COLORED_COMBOS
  7 | from raccoon_src.utils.logger import Logger
  8 | 
  9 | 
 10 | # macOS support
 11 | if system() == "Darwin":
 12 |     TIMEOUT = "gtimeout"
 13 | else:
 14 |     TIMEOUT = "timeout"
 15 | 
 16 | 
 17 | class TLSCipherSuiteChecker:
 18 | 
 19 |     def __init__(self, host):
 20 |         self.target = host.target
 21 | 
 22 |     async def scan_ciphers(self, port):
 23 |         script = "nmap --script ssl-enum-ciphers -p {} {}".format(str(port), self.target).split()
 24 |         process = await create_subprocess_exec(
 25 |             *script,
 26 |             stdout=PIPE,
 27 |             stderr=PIPE
 28 |         )
 29 |         result, err = await process.communicate()
 30 |         if process.returncode != 0:
 31 |             parsed = err.decode().strip()
 32 |         else:
 33 |             parsed = self._parse_cipher_scan_outpt(result)
 34 |         return parsed
 35 | 
 36 |     @staticmethod
 37 |     def _color_warnings_and_weak_ciphers(result):
 38 |         for index, line in enumerate(result):
 39 |             if line.endswith("- C") or line.endswith("- D") or line.endswith("- E"):
 40 |                 colored = line + " - {}WEAK{}".format(COLOR.RED, COLOR.RESET)
 41 |                 result.insert(index, colored)
 42 |                 result.pop(index+1)
 43 |             elif "warnings:" in line:
 44 |                 curr = index+1
 45 |                 while "TLSv" not in result[curr] and "least strength" not in result[curr]:
 46 |                     colored = "{}{}{}".format(COLOR.RED, result[curr], COLOR.RESET)
 47 |                     result.insert(curr, colored)
 48 |                     result.pop(curr+1)
 49 |                     curr += 1
 50 |         return result[1:]
 51 | 
 52 |     def _parse_cipher_scan_outpt(self, result):
 53 |         result = [line for line in result.decode().strip().split("\n") if "|" in line]
 54 |         result = self._color_warnings_and_weak_ciphers(result)
 55 |         return '\n'.join(result)
 56 | 
 57 | 
 58 | # noinspection PyTypeChecker
 59 | class TLSHandler(TLSCipherSuiteChecker):
 60 | 
 61 |     def __init__(self, host, port):
 62 |         super().__init__(host)
 63 |         self.target = host.target
 64 |         self.port = port
 65 |         self._versions = ("tls1", "tls1_1", "tls1_2")
 66 |         # OpenSSL likes to hang, hence the timeout call
 67 |         self._base_script = "{} 10 openssl s_client -connect {}:{} ".format(TIMEOUT, self.target, self.port)
 68 |         self.begin = "-----BEGIN CERTIFICATE-----"
 69 |         self.end = "-----END CERTIFICATE-----"
 70 |         self.sni_data = {}
 71 |         self.non_sni_data = {}
 72 |         self.ciphers = ""
 73 |         log_file = HelpUtilities.get_output_path("{}/tls_report.txt".format(self.target))
 74 |         self.logger = Logger(log_file)
 75 | 
 76 |     def _tls_results_exist(self):
 77 |         if all(not x for x in (self.ciphers, *self.non_sni_data.values(), *self.sni_data.values())):
 78 |             return
 79 |         return True
 80 | 
 81 |     def _are_certificates_identical(self):
 82 |         """
 83 |         Validate that both certificates exist.
 84 |         :returns: True if they are identical, False otherwise
 85 |         """
 86 |         sni_cert = self.sni_data.get("Certificate_details")
 87 |         non_sni_cert = self.non_sni_data.get("Certificate_details")
 88 |         if all(cert for cert in (sni_cert, non_sni_cert) if cert) and sni_cert == non_sni_cert:
 89 |             return True
 90 |         return
 91 | 
 92 |     def _is_certificate_exists(self, text):
 93 |         if self.begin in text and self.end in text:
 94 |             return True
 95 |         return
 96 | 
 97 |     async def _extract_certificate_details(self, data):
 98 |         process = await create_subprocess_exec(
 99 |             TIMEOUT, "5", "openssl", "x509", "-text",
100 |             stdin=PIPE,
101 |             stderr=PIPE,
102 |             stdout=PIPE
103 |         )
104 |         result, err = await process.communicate(input=bytes(data, encoding='ascii'))
105 |         result = result.decode().strip()
106 |         cert_details = result.split(self.begin)[0].strip()
107 | 
108 |         result_lines = cert_details.split("\n")
109 |         for i, line in enumerate(result_lines):
110 |             if "DNS:" in line:
111 |                 result_lines.pop(i)
112 |                 result_lines.pop(i-1)
113 | 
114 |         cert_details = "\n".join(result_lines)
115 |         return cert_details
116 | 
117 |     async def _is_heartbleed_vulnerable(self):
118 |         script = self._base_script + "-tlsextdebug"
119 |         process = await create_subprocess_exec(
120 |             *script.split(),
121 |             stdout=PIPE,
122 |             stderr=PIPE
123 |         )
124 |         result, err = await process.communicate()
125 |         try:
126 |             if "server extension \"heartbeat\" (id=15)" in result.decode().strip():
127 |                 self.logger.info("{} Target seems to be vulnerable to Heartbleed - CVE-2014-016. "
128 |                                  "see http://heartbleed.com/ for more details.".format(COLORED_COMBOS.GOOD))
129 |         except TypeError:  # Type error means no result
130 |             pass
131 | 
132 |     async def _execute_ssl_data_extraction(self, sni=False):
133 |         """
134 |         Test for version support (SNI/non-SNI), get all SANs, get certificate details
135 |         :param sni: True will call cause _exec_openssl to call openssl with -servername flag
136 |         """
137 |         # Do for all responses
138 |         responses = await self._run_openssl_sclient_cmd(self._base_script, sni)
139 |         tls_dict = self._parse_openssl_sclient_output(responses)
140 |         # Do for one successful SSL response
141 |         for res in responses:
142 |             if self._is_certificate_exists(res):
143 |                 tls_dict["SANs"] = await self._get_sans_from_openssl_cmd(res)
144 |                 tls_dict["Certificate_details"] = await self._extract_certificate_details(res)
145 |                 break
146 | 
147 |         return tls_dict
148 | 
149 |     async def _run_openssl_sclient_cmd(self, script, sni=False):
150 |         processes = []
151 |         outputs = []
152 |         if sni:
153 |             script += " -servername {}".format(self.target)
154 |         for v in self._versions:
155 |             curr = (script + ' -{}'.format(v)).split()
156 |             processes.append(
157 |                 await create_subprocess_exec(
158 |                     *curr,
159 |                     stdout=PIPE,
160 |                     stderr=PIPE
161 |                 )
162 |             )
163 |         for p in processes:
164 |             result, err = await p.communicate()
165 | 
166 |             outputs.append(result.decode().strip())
167 | 
168 |         return outputs
169 | 
170 |     @staticmethod
171 |     async def _get_sans_from_openssl_cmd(data):
172 |         process = await create_subprocess_exec(
173 |             "openssl", "x509", "-noout", "-text",
174 |             stdin=PIPE,
175 |             stderr=PIPE,
176 |             stdout=PIPE
177 |         )
178 |         result, err = await process.communicate(input=bytes(data, encoding='ascii'))
179 |         sans = re.findall(r"DNS:\S*\b", result.decode().strip())
180 |         return {san.replace("DNS:", '') for san in sans}
181 | 
182 |     def _parse_openssl_sclient_output(self, results):
183 |         is_supported = {"TLSv1": False, "TLSv1.1": False, "TLSv1.2": False}
184 |         for res in results:
185 |             if not self._is_certificate_exists(res):
186 |                 continue
187 |             for line in res.split('\n'):
188 |                 if "Protocol" in line:
189 |                     ver = line.strip().split(':')[1].strip()
190 |                     is_supported[ver] = True
191 |         return is_supported
192 | 
193 |     def _dictionary_log_procedure(self, result_dict):
194 |         for k, v in result_dict.items():
195 |             if k == "SANs":
196 |                 self.logger.debug("{0}:\n{1}\n {2}\n{1}\n".format(k, "-"*15, "\n".join(v)))
197 |             elif k == "Certificate_details":
198 |                 self.logger.debug(v)
199 |             else:
200 |                 self.logger.debug("{}: {}\n".format(k, v))
201 | 
202 |     def write_up(self):
203 |         self.logger.info("{} Supported Ciphers:".format(COLORED_COMBOS.GOOD))
204 |         self.logger.info(self.ciphers+"\n")
205 |         self.logger.debug("-"*80+"\n")
206 |         self.logger.debug("SNI Data:\n")
207 |         self._dictionary_log_procedure(self.sni_data)
208 |         self.logger.debug("-"*80+"\n")
209 |         self.logger.debug("non-SNI Data:\n")
210 |         self._dictionary_log_procedure(self.non_sni_data)
211 | 
212 |     async def run(self):
213 |         self.logger.info("{} Started collecting TLS data for {}".format(COLORED_COMBOS.INFO, self.target))
214 |         self.ciphers = await self.scan_ciphers(self.port)
215 |         self.non_sni_data = await self._execute_ssl_data_extraction()
216 |         self.sni_data = await self._execute_ssl_data_extraction()
217 |         await self._is_heartbleed_vulnerable()
218 | 
219 |         if self._tls_results_exist():
220 |             self.logger.info("{} Done collecting TLS data".format(COLORED_COMBOS.INFO))
221 |             if self._are_certificates_identical():
222 |                 self.non_sni_data["Certificate_details"] = "Same as SNI Certificate"
223 |             self.write_up()
224 |         else:
225 |             self.logger.info(
226 |                 "{} Could not obtain any TLS data from target on port {}. "
227 |                 "Target may not support SSL/TLS or supports it on a different port.".format(
228 |                     COLORED_COMBOS.BAD, self.port)
229 |             )
230 | 


--------------------------------------------------------------------------------
/raccoon_src/lib/waf.py:
--------------------------------------------------------------------------------
  1 | from requests.exceptions import TooManyRedirects, ConnectionError
  2 | from raccoon_src.utils.web_server_validator import WebServerValidator
  3 | from raccoon_src.utils.exceptions import WAFException, WebServerValidatorException
  4 | from raccoon_src.utils.request_handler import RequestHandler
  5 | from raccoon_src.utils.coloring import COLOR, COLORED_COMBOS
  6 | from raccoon_src.utils.help_utils import HelpUtilities
  7 | from raccoon_src.utils.logger import Logger
  8 | 
  9 | 
 10 | SERVER = "Server"
 11 | 
 12 | 
 13 | class WAFApplicationMethods:
 14 | 
 15 |     @classmethod
 16 |     def detect_cloudfront(cls, res):
 17 |         service = "CloudFront"
 18 |         waf_headers = ("Via", "X-cache")
 19 |         if any(h in res.headers.keys() for h in waf_headers) and any(service.lower() in val for val in res.headers.values()):
 20 |             return True
 21 |         if res.headers.get(SERVER) == service:
 22 |             return True
 23 |         return
 24 | 
 25 |     @classmethod
 26 |     def detect_incapsula(cls, res):
 27 |         if "X-Iinfo" in res.headers.keys() or res.headers.get("X-CDN") == "Incapsula":
 28 |             return True
 29 |         return
 30 | 
 31 |     @classmethod
 32 |     def detect_distil(cls, res):
 33 |         if res.headers.get("x-distil-cs"):
 34 |             return True
 35 |         return
 36 | 
 37 |     @classmethod
 38 |     def detect_cloudflare(cls, res):
 39 |         if "CF-RAY" in res.headers.keys() or res.headers.get(SERVER) == "cloudflare":
 40 |             return True
 41 |         return
 42 | 
 43 |     @classmethod
 44 |     def detect_edgecast(cls, res):
 45 |         if SERVER in res.headers.keys() and "ECD" in res.headers[SERVER]:
 46 |             return True
 47 |         return
 48 | 
 49 |     @classmethod
 50 |     def detect_maxcdn(cls, res):
 51 |         if SERVER in res.headers.keys() and "NetDNA-cache" in res.headers[SERVER]:
 52 |             return True
 53 |         return
 54 | 
 55 |     @classmethod
 56 |     def detect_sucuri(cls, res):
 57 |         if any((
 58 |                 res.headers.get(SERVER) == "Sucuri/Cloudproxy",
 59 |                 "X-Sucuri-ID" in res.headers.keys(),
 60 |                 "X-Sucuri-Cache"in res.headers.keys(),
 61 |                 "Access Denied - Sucuri Website Firewall" in res.text)):
 62 |             return True
 63 |         return
 64 | 
 65 |     @classmethod
 66 |     def detect_reblaze(cls, res):
 67 |         if res.headers.get(SERVER) == "Reblaze Secure Web Gateway" or res.cookies.get("rbzid"):
 68 |             return True
 69 |         return
 70 | 
 71 | 
 72 | class WAF:
 73 | 
 74 |     def __init__(self, host):
 75 |         self.host = host
 76 |         self.cnames = host.dns_results.get('CNAME')
 77 |         self.request_handler = RequestHandler()
 78 |         self.web_server_validator = WebServerValidator()
 79 |         self.waf_present = False
 80 |         self.waf_cname_map = {
 81 |             "incapdns": "Incapsula",
 82 |             "edgekey": "Akamai",
 83 |             "akamai": "Akamai",
 84 |             "edgesuite": "Akamai",
 85 |             "distil": "Distil Networks",
 86 |             "cloudfront": "CloudFront",
 87 |             "netdna-cdn": "MaxCDN"
 88 |         }
 89 |         self.waf_app_method_map = {
 90 |             "CloudFront": WAFApplicationMethods.detect_cloudfront,
 91 |             "Cloudflare": WAFApplicationMethods.detect_cloudflare,
 92 |             "Incapsula": WAFApplicationMethods.detect_incapsula,
 93 |             "MaxCDN": WAFApplicationMethods.detect_maxcdn,
 94 |             "Edgecast": WAFApplicationMethods.detect_edgecast,
 95 |             "Distil Networks": WAFApplicationMethods.detect_distil,
 96 |             "Sucuri": WAFApplicationMethods.detect_sucuri,
 97 |             "Reblaze": WAFApplicationMethods.detect_reblaze
 98 |         }
 99 |         log_file = HelpUtilities.get_output_path("{}/WAF.txt".format(self.host.target))
100 |         self.logger = Logger(log_file)
101 | 
102 |     def _waf_detected(self, name, where):
103 |         self.logger.info(
104 |             "{} Detected WAF presence in {}: {}{}{}".format(
105 |                 COLORED_COMBOS.BAD, where, COLOR.RED, name, COLOR.RESET))
106 |         self.waf_present = True
107 | 
108 |     def _detect_by_cname(self):
109 |         for waf in self.waf_cname_map:
110 |             if any(waf in str(cname) for cname in self.cnames):
111 |                 self._waf_detected(self.waf_cname_map.get(waf), "CNAME record")
112 | 
113 |     async def _detect_by_application(self):
114 |         try:
115 |             session = self.request_handler.get_new_session()
116 |             response = session.get(
117 |                 timeout=20,
118 |                 allow_redirects=True,
119 |                 url="{}://{}:{}".format(
120 |                     self.host.protocol,
121 |                     self.host.target,
122 |                     self.host.port
123 |                 )
124 |             )
125 |             for waf, method in self.waf_app_method_map.items():
126 |                 result = method(response)
127 |                 if result:
128 |                     self._waf_detected(waf, "web application")
129 | 
130 |         except (ConnectionError, TooManyRedirects) as e:
131 |             raise WAFException("Couldn't get response from server.\n"
132 |                                "Caused due to exception: {}".format(str(e)))
133 | 
134 |     async def detect(self):
135 |         self.logger.info("{} Trying to detect WAF presence in {}".format(COLORED_COMBOS.INFO, self.host))
136 |         if self.cnames:
137 |             self._detect_by_cname()
138 |         try:
139 |             self.web_server_validator.validate_target_webserver(self.host)
140 |             await self._detect_by_application()
141 | 
142 |             if not self.waf_present:
143 |                 self.logger.info("{} Did not detect WAF presence in target".format(COLORED_COMBOS.GOOD))
144 |         except WebServerValidatorException:
145 |             self.logger.info(
146 |                 "{} Target does not seem to have an active web server on port {}. "
147 |                 "No WAF could be detected on an application level.".format(COLORED_COMBOS.NOTIFY, self.host.port))


--------------------------------------------------------------------------------
/raccoon_src/lib/web_app.py:
--------------------------------------------------------------------------------
  1 | import requests
  2 | from bs4 import BeautifulSoup
  3 | from requests.exceptions import ConnectionError, TooManyRedirects
  4 | from raccoon_src.utils.web_server_validator import WebServerValidator
  5 | from raccoon_src.lib.storage_explorer import StorageExplorer
  6 | from raccoon_src.utils.request_handler import RequestHandler
  7 | from raccoon_src.utils.help_utils import HelpUtilities
  8 | from raccoon_src.utils.coloring import COLOR, COLORED_COMBOS
  9 | from raccoon_src.utils.exceptions import WebAppScannerException, WebServerValidatorException
 10 | from raccoon_src.utils.logger import Logger
 11 | 
 12 | 
 13 | class WebApplicationScanner:
 14 | 
 15 |     def __init__(self, host):
 16 |         self.host = host
 17 |         self.request_handler = RequestHandler()
 18 |         self.web_server_validator = WebServerValidator()
 19 |         self.headers = None
 20 |         self.robots = None
 21 |         self.forms = None
 22 |         self.fuzzable_urls = set()
 23 |         self.emails = set()
 24 |         log_file = HelpUtilities.get_output_path("{}/web_scan.txt".format(self.host.target))
 25 |         self.target_dir = "/".join(log_file.split("/")[:-1])
 26 |         self.logger = Logger(log_file)
 27 |         self.storage_explorer = StorageExplorer(host, self.logger)
 28 | 
 29 |     def _detect_cms(self, tries=0):
 30 |         """
 31 |         Detect CMS using whatcms.org.
 32 |         Has a re-try mechanism because false negatives may occur
 33 |         :param tries: Count of tries for CMS discovery
 34 |         """
 35 |         # WhatCMS is under CloudFlare which detects and blocks proxied/Tor traffic, hence normal request.
 36 |         page = requests.get(url="https://whatcms.org/?s={}".format(self.host.target))
 37 |         soup = BeautifulSoup(page.text, "lxml")
 38 |         found = soup.select(".panel.panel-success")
 39 |         if found:
 40 |             try:
 41 |                 cms = [a for a in soup.select("a") if "/c/" in a.get("href")][0]
 42 |                 self.logger.info("{} CMS detected: target is using {}{}{}".format(
 43 |                     COLORED_COMBOS.GOOD, COLOR.GREEN, cms.get("title"), COLOR.RESET))
 44 |             except IndexError:
 45 |                 if tries >= 4:
 46 |                     return
 47 |                 else:
 48 |                     self._detect_cms(tries=tries + 1)
 49 |         else:
 50 |             if tries >= 4:
 51 |                 return
 52 |             else:
 53 |                 self._detect_cms(tries=tries + 1)
 54 | 
 55 |     def _cookie_info(self, jar):
 56 |         for cookie in jar:
 57 |             key = cookie.__dict__.get("name")
 58 |             domain = cookie.__dict__.get("domain")
 59 |             secure = cookie.__dict__.get("secure")
 60 |             http_only = cookie.has_nonstandard_attr("HttpOnly")
 61 |             try:
 62 |                 if domain in self.host.target or self.host.target in domain:
 63 |                     if not secure or not http_only:
 64 |                         current = "%s Cookie: {%s} -" % (COLORED_COMBOS.GOOD, key)
 65 |                         if not secure and not http_only:
 66 |                             current += " both secure and HttpOnly flags are not set"
 67 |                         elif not secure:
 68 |                             current += " secure flag not set"
 69 |                         else:
 70 |                             current += " HttpOnly flag not set"
 71 |                         self.logger.info(current)
 72 | 
 73 |             except TypeError:
 74 |                 continue
 75 | 
 76 |     def _server_info(self):
 77 |         if self.headers.get("server"):
 78 |             self.logger.info("{} Web server detected: {}{}{}".format(
 79 |                 COLORED_COMBOS.GOOD, COLOR.GREEN, self.headers.get("server"), COLOR.RESET))
 80 | 
 81 |     def _x_powered_by(self):
 82 |         if self.headers.get("X-Powered-By"):
 83 |             self.logger.info("{} X-Powered-By header detected: {}{}{}".format(
 84 |                 COLORED_COMBOS.GOOD, COLOR.GREEN, self.headers.get("X-Powered-By"), COLOR.RESET))
 85 | 
 86 |     def _anti_clickjacking(self):
 87 |         if not self.headers.get("X-Frame-Options"):
 88 |             self.logger.info(
 89 |                 "{} X-Frame-Options header not detected - target might be vulnerable to clickjacking".format(
 90 |                     COLORED_COMBOS.GOOD)
 91 |             )
 92 | 
 93 |     def _xss_protection(self):
 94 |         xss_header = self.headers.get("X-XSS-PROTECTION")
 95 |         if xss_header and "1" in xss_header:
 96 |             self.logger.info("{} Found X-XSS-PROTECTION header".format(COLORED_COMBOS.BAD))
 97 | 
 98 |     def _cors_wildcard(self):
 99 |         if self.headers.get("Access-Control-Allow-Origin") == "*":
100 |             self.logger.info("{} CORS wildcard detected".format(COLORED_COMBOS.GOOD))
101 | 
102 |     def _robots(self):
103 |         res = self.request_handler.send(
104 |             "GET",
105 |             url="{}://{}:{}/robots.txt".format(
106 |                 self.host.protocol,
107 |                 self.host.target,
108 |                 self.host.port
109 |             )
110 |         )
111 |         if res.status_code != 404 and res.text and "<!DOCTYPE html>" not in res.text:
112 |             self.logger.info("{} Found robots.txt".format(COLORED_COMBOS.GOOD))
113 |             with open("{}/robots.txt".format(self.target_dir), "w") as file:
114 |                 file.write(res.text)
115 | 
116 |     def _sitemap(self):
117 |         res = self.request_handler.send(
118 |             "GET",
119 |             url="{}://{}:{}/sitemap.xml".format(
120 |                 self.host.protocol,
121 |                 self.host.target,
122 |                 self.host.port
123 |             )
124 |         )
125 |         if res.status_code != 404 and res.text and "<!DOCTYPE html>" not in res.text:
126 |             self.logger.info("{} Found sitemap.xml".format(COLORED_COMBOS.GOOD))
127 |             with open("{}/sitemap.xml".format(self.target_dir), "w") as file:
128 |                 file.write(res.text)
129 | 
130 |     def _analyze_hrefs(self, href):
131 |         if all(("?" in href, "=" in href, not href.startswith("mailto:"))):
132 |             if any(((self.host.naked and self.host.naked in href), self.host.target in href, href.startswith("/"))):
133 |                 self.fuzzable_urls.add(href)
134 |         elif href.startswith("mailto:"):
135 |             self._add_to_emails(href)
136 | 
137 |     def _log_fuzzable_urls(self):
138 |         base_target = "{}://{}:{}".format(self.host.protocol, self.host.target, self.host.port)
139 |         for url in self.fuzzable_urls:
140 |             if url.startswith("/"):
141 |                 self.logger.debug("\t{}{}".format(base_target, url))
142 |             else:
143 |                 self.logger.debug("\t{}".format(url))
144 | 
145 |     def _log_emails(self):
146 |         for email in self.emails:
147 |             self.logger.debug("\t{}".format(email[7:]))
148 | 
149 |     def _find_urls(self, soup):
150 |         urls = soup.select("a")
151 |         if urls:
152 |             for url in urls:
153 |                 href = url.get("href")
154 |                 if href:
155 |                     self._analyze_hrefs(href)
156 | 
157 |             if self.fuzzable_urls:
158 |                 self.logger.info("{} {} fuzzable URLs discovered".format(
159 |                     COLORED_COMBOS.NOTIFY, len(self.fuzzable_urls)))
160 |                 self._log_fuzzable_urls()
161 | 
162 |             if self.emails:
163 |                 self.logger.info("{} {} email addresses discovered".format(
164 |                     COLORED_COMBOS.NOTIFY, len(self.emails)))
165 |                 self._log_emails()
166 | 
167 |     def _find_forms(self, soup):
168 |         # TODO: Analyze interesting input names/ids/params
169 |         self.forms = soup.select("form")
170 |         if self.forms:
171 |             self.logger.info("{} {} HTML forms discovered".format(COLORED_COMBOS.NOTIFY, len(self.forms)))
172 |             for form in self.forms:
173 |                 form_action = form.get("action")
174 |                 if form_action == "#":
175 |                     continue
176 |                 form_id = form.get("id")
177 |                 form_class = form.get("class")
178 |                 form_method = form.get("method")
179 |                 self.logger.debug("\tForm details: ID: {}, Class: {}, Method: {}, action: {}".format(
180 |                     form_id, form_class, form_method, form_action
181 |                 ))
182 | 
183 |     def _add_to_emails(self, href):
184 |         self.emails.add(href)
185 | 
186 |     async def get_web_application_info(self):
187 |         session = self.request_handler.get_new_session()
188 |         try:
189 |             with session:
190 |                 # Test if target is serving HTTP requests
191 |                 response = session.get(
192 |                     timeout=20,
193 |                     url="{}://{}:{}".format(
194 |                         self.host.protocol,
195 |                         self.host.target,
196 |                         self.host.port
197 |                     )
198 |                 )
199 |                 self.headers = response.headers
200 |                 self._detect_cms()
201 |                 self._robots()
202 |                 self._sitemap()
203 |                 self._server_info()
204 |                 self._x_powered_by()
205 |                 self._cors_wildcard()
206 |                 self._xss_protection()
207 |                 self._anti_clickjacking()
208 |                 self._cookie_info(session.cookies)
209 | 
210 |                 soup = BeautifulSoup(response.text, "lxml")
211 |                 self._find_urls(soup)
212 |                 self._find_forms(soup)
213 |                 self.storage_explorer.run(soup)
214 | 
215 |         except (ConnectionError, TooManyRedirects) as e:
216 |             raise WebAppScannerException("Couldn't get response from server.\n"
217 |                                          "Caused due to exception: {}".format(str(e)))
218 | 
219 |     async def run_scan(self):
220 |         self.logger.info("{} Trying to collect {} web application data".format(COLORED_COMBOS.INFO, self.host))
221 |         try:
222 |             self.web_server_validator.validate_target_webserver(self.host)
223 |             await self.get_web_application_info()
224 |         except WebServerValidatorException:
225 |             self.logger.info(
226 |                 "{} Target does not seem to have an active web server on port: {}. "
227 |                 "No web application data will be gathered.".format(COLORED_COMBOS.NOTIFY, self.host.port))
228 |             return
229 | 


--------------------------------------------------------------------------------
/raccoon_src/main.py:
--------------------------------------------------------------------------------
  1 | import time
  2 | import asyncio
  3 | import threading
  4 | import click
  5 | import os
  6 | 
  7 | from raccoon_src.utils.coloring import COLOR, COLORED_COMBOS
  8 | from raccoon_src.utils.exceptions import RaccoonException, HostHandlerException
  9 | from raccoon_src.utils.request_handler import RequestHandler
 10 | from raccoon_src.utils.logger import SystemOutLogger
 11 | from raccoon_src.utils.help_utils import HelpUtilities
 12 | from raccoon_src.lib.fuzzer import URLFuzzer
 13 | from raccoon_src.lib.host import Host
 14 | from raccoon_src.lib.scanner import Scanner, NmapScan, NmapVulnersScan, VulnersScanner
 15 | from raccoon_src.lib.sub_domain import SubDomainEnumerator
 16 | from raccoon_src.lib.dns_handler import DNSHandler
 17 | from raccoon_src.lib.waf import WAF
 18 | from raccoon_src.lib.tls import TLSHandler
 19 | from raccoon_src.lib.web_app import WebApplicationScanner
 20 | 
 21 | # Set path for relative access to builtin files.
 22 | MY_PATH = os.path.abspath(os.path.dirname(__file__))
 23 | 
 24 | 
 25 | def intro(logger):
 26 |     logger.info("""{}
 27 |  _____                _____    _____    ____     ____    _   _ 
 28 | |  __ \      /\      / ____|  / ____|  / __ \   / __ \  | \ | |
 29 | | |__) |    /  \    | |      | |      | |  | | | |  | | |  \| |
 30 | |  _  /    / /\ \   | |      | |      | |  | | | |  | | | . ` |
 31 | | | \ \   / ____ \  | |____  | |____  | |__| | | |__| | | |\  |
 32 | |_|  \_\ /_/    \_\  \_____|  \_____|  \____/   \____/  |_| \_|
 33 | {}
 34 | 
 35 | 4841434b414c4c5448455448494e4753
 36 | 
 37 | https://github.com/evyatarmeged/Raccoon
 38 | -------------------------------------------------------------------
 39 |     """.format(COLOR.GRAY, COLOR.RESET))
 40 | 
 41 | 
 42 | @click.command()
 43 | @click.version_option("0.8.5")
 44 | @click.argument("target")
 45 | @click.option("-d", "--dns-records", default="A,MX,NS,CNAME,SOA,TXT",
 46 |               help="Comma separated DNS records to query. Defaults to: A,MX,NS,CNAME,SOA,TXT")
 47 | @click.option("--tor-routing", is_flag=True, help="Route HTTP traffic through Tor (uses port 9050)."
 48 |                                                   " Slows total runtime significantly")
 49 | @click.option("--proxy-list", help="Path to proxy list file that would be used for routing HTTP traffic."
 50 |                                    " A proxy from the list will be chosen at random for each request."
 51 |                                    " Slows total runtime")
 52 | @click.option("-c", "--cookies", help="Comma separated cookies to add to the requests. "
 53 |                                       "Should be in the form of key:value\n"
 54 |                                       "Example: PHPSESSID:12345,isMobile:false")
 55 | @click.option("--proxy", help="Proxy address to route HTTP traffic through. Slows total runtime")
 56 | @click.option("-w", "--wordlist", default=os.path.join(MY_PATH, "wordlists/fuzzlist"),
 57 |               help="Path to wordlist that would be used for URL fuzzing")
 58 | @click.option("-T", "--threads", default=25,
 59 |               help="Number of threads to use for URL Fuzzing/Subdomain enumeration. Default: 25")
 60 | @click.option("--ignored-response-codes", default="302,400,401,402,403,404,503,504",
 61 |               help="Comma separated list of HTTP status code to ignore for fuzzing."
 62 |                    " Defaults to: 302,400,401,402,403,404,503,504")
 63 | @click.option("--subdomain-list", default=os.path.join(MY_PATH, "wordlists/subdomains"),
 64 |               help="Path to subdomain list file that would be used for enumeration")
 65 | @click.option("-sc", "--scripts", is_flag=True, help="Run Nmap scan with -sC flag")
 66 | @click.option("-sv", "--services", is_flag=True, help="Run Nmap scan with -sV flag")
 67 | @click.option("-f", "--full-scan", is_flag=True, help="Run Nmap scan with both -sV and -sC")
 68 | @click.option("-p", "--port", help="Use this port range for Nmap scan instead of the default")
 69 | @click.option("--vulners-nmap-scan", is_flag=True, help="Perform an NmapVulners scan. "
 70 |                                                         "Runs instead of the regular Nmap scan and is longer.")
 71 | @click.option("--vulners-path", default=os.path.join(MY_PATH, "utils/misc/vulners.nse"),
 72 |               help="Path to the custom nmap_vulners.nse script."
 73 |                    "If not used, Raccoon uses the built-in script it ships with.")
 74 | @click.option("-fr", "--follow-redirects", is_flag=True, default=False,
 75 |               help="Follow redirects when fuzzing. Default: False (will not follow redirects)")
 76 | @click.option("--tls-port", default=443, help="Use this port for TLS queries. Default: 443")
 77 | @click.option("--skip-health-check", is_flag=True, help="Do not test for target host availability")
 78 | @click.option("--no-url-fuzzing", is_flag=True, help="Do not fuzz URLs")
 79 | @click.option("--no-sub-enum", is_flag=True, help="Do not bruteforce subdomains")
 80 | @click.option("--skip-nmap-scan", is_flag=True, help="Do not perform an Nmap scan")
 81 | # @click.option("-d", "--delay", default="0.25-1",
 82 | #               help="Min and Max number of seconds of delay to be waited between requests\n"
 83 | #                    "Defaults to Min: 0.25, Max: 1. Specified in the format of Min-Max")
 84 | @click.option("-q", "--quiet", is_flag=True, help="Do not output to stdout")
 85 | @click.option("-o", "--outdir", default="raccoon_scan_results",
 86 |               help="Directory destination for scan output")
 87 | def main(target,
 88 |          tor_routing,
 89 |          proxy_list,
 90 |          proxy,
 91 |          cookies,
 92 |          dns_records,
 93 |          wordlist,
 94 |          threads,
 95 |          ignored_response_codes,
 96 |          subdomain_list,
 97 |          full_scan,
 98 |          scripts,
 99 |          services,
100 |          port,
101 |          vulners_nmap_scan,
102 |          vulners_path,
103 |          tls_port,
104 |          skip_health_check,
105 |          follow_redirects,
106 |          no_url_fuzzing,
107 |          no_sub_enum,
108 |          skip_nmap_scan,
109 |          # delay,
110 |          outdir,
111 |          quiet):
112 |     try:
113 |         # ------ Arg validation ------
114 |         # Set logging level and Logger instance
115 |         log_level = HelpUtilities.determine_verbosity(quiet)
116 |         logger = SystemOutLogger(log_level)
117 |         intro(logger)
118 | 
119 |         target = target.lower()
120 |         try:
121 |             HelpUtilities.validate_executables()
122 |         except RaccoonException as e:
123 |             logger.critical(str(e))
124 |             exit(9)
125 |         HelpUtilities.validate_wordlist_args(proxy_list, wordlist, subdomain_list)
126 |         HelpUtilities.validate_proxy_args(tor_routing, proxy, proxy_list)
127 |         HelpUtilities.create_output_directory(outdir)
128 | 
129 |         if tor_routing:
130 |             logger.info("{} Testing that Tor service is up...".format(COLORED_COMBOS.NOTIFY))
131 |         elif proxy_list:
132 |             if proxy_list and not os.path.isfile(proxy_list):
133 |                 raise FileNotFoundError("Not a valid file path, {}".format(proxy_list))
134 |             else:
135 |                 logger.info("{} Routing traffic using proxies from list {}\n".format(
136 |                     COLORED_COMBOS.NOTIFY, proxy_list))
137 |         elif proxy:
138 |             logger.info("{} Routing traffic through proxy {}\n".format(COLORED_COMBOS.NOTIFY, proxy))
139 | 
140 |         # TODO: Sanitize delay argument
141 | 
142 |         dns_records = tuple(dns_records.split(","))
143 |         ignored_response_codes = tuple(int(code) for code in ignored_response_codes.split(","))
144 | 
145 |         if port:
146 |             HelpUtilities.validate_port_range(port)
147 | 
148 |         # ------ /Arg validation ------
149 | 
150 |         if cookies:
151 |             try:
152 |                 cookies = HelpUtilities.parse_cookie_arg(cookies)
153 |             except RaccoonException as e:
154 |                 logger.critical("{}{}{}".format(COLOR.RED, str(e), COLOR.RESET))
155 |                 exit(2)
156 | 
157 |         # Set Request Handler instance
158 |         request_handler = RequestHandler(
159 |             proxy_list=proxy_list,
160 |             tor_routing=tor_routing,
161 |             single_proxy=proxy,
162 |             cookies=cookies
163 |         )
164 | 
165 |         if tor_routing:
166 |             try:
167 |                 HelpUtilities.confirm_traffic_routs_through_tor()
168 |                 logger.info("{} Validated Tor service is up. Routing traffic anonymously\n".format(
169 |                     COLORED_COMBOS.NOTIFY))
170 |             except RaccoonException as err:
171 |                 print("{}{}{}".format(COLOR.RED, str(err), COLOR.RESET))
172 |                 exit(3)
173 | 
174 |         main_loop = asyncio.get_event_loop()
175 | 
176 |         logger.info("{}### Raccoon Scan Started ###{}\n".format(COLOR.GRAY, COLOR.RESET))
177 |         logger.info("{} Trying to gather information about host: {}".format(COLORED_COMBOS.INFO, target))
178 | 
179 |         # TODO: Populate array when multiple targets are supported
180 |         # hosts = []
181 |         try:
182 |             host = Host(target=target, dns_records=dns_records)
183 |             host.parse()
184 |         except HostHandlerException as e:
185 |             logger.critical("{}{}{}".format(COLOR.RED, str(e), COLOR.RESET))
186 |             exit(11)
187 | 
188 |         if not skip_health_check:
189 |             try:
190 |                 HelpUtilities.validate_target_is_up(host)
191 |             except RaccoonException as err:
192 |                 logger.critical("{}{}{}".format(COLOR.RED, str(err), COLOR.RESET))
193 |                 exit(42)
194 | 
195 |         if not skip_nmap_scan:
196 |             if vulners_nmap_scan:
197 |                 logger.info("\n{} Setting NmapVulners scan to run in the background".format(COLORED_COMBOS.INFO))
198 |                 nmap_vulners_scan = NmapVulnersScan(host=host, port_range=port, vulners_path=vulners_path)
199 |                 nmap_thread = threading.Thread(target=VulnersScanner.run, args=(nmap_vulners_scan,))
200 |                 # Run NmapVulners scan in the background
201 |                 nmap_thread.start()
202 |             else:
203 |                 logger.info("\n{} Setting Nmap scan to run in the background".format(COLORED_COMBOS.INFO))
204 |                 nmap_scan = NmapScan(
205 |                     host=host,
206 |                     port_range=port,
207 |                     full_scan=full_scan,
208 |                     scripts=scripts,
209 |                     services=services)
210 | 
211 |                 nmap_thread = threading.Thread(target=Scanner.run, args=(nmap_scan,))
212 |                 # Run Nmap scan in the background. Can take some time
213 |                 nmap_thread.start()
214 | 
215 |         # Run first set of checks - TLS, Web/WAF Data, DNS data
216 |         waf = WAF(host)
217 |         tls_info_scanner = TLSHandler(host, tls_port)
218 |         web_app_scanner = WebApplicationScanner(host)
219 |         tasks = (
220 |             asyncio.ensure_future(tls_info_scanner.run()),
221 |             asyncio.ensure_future(waf.detect()),
222 |             asyncio.ensure_future(DNSHandler.grab_whois(host)),
223 |             asyncio.ensure_future(web_app_scanner.run_scan()),
224 |             asyncio.ensure_future(DNSHandler.generate_dns_dumpster_mapping(host, logger))
225 |         )
226 | 
227 |         main_loop.run_until_complete(asyncio.wait(tasks))
228 | 
229 |         # Second set of checks - URL fuzzing, Subdomain enumeration
230 |         if not no_url_fuzzing:
231 |             fuzzer = URLFuzzer(host, ignored_response_codes, threads, wordlist, follow_redirects)
232 |             main_loop.run_until_complete(fuzzer.fuzz_all())
233 | 
234 |         if not host.is_ip:
235 |             sans = tls_info_scanner.sni_data.get("SANs")
236 |             subdomain_enumerator = SubDomainEnumerator(
237 |                 host,
238 |                 domain_list=subdomain_list,
239 |                 sans=sans,
240 |                 ignored_response_codes=ignored_response_codes,
241 |                 num_threads=threads,
242 |                 follow_redirects=follow_redirects,
243 |                 no_sub_enum=no_sub_enum
244 |             )
245 |             main_loop.run_until_complete(subdomain_enumerator.run())
246 | 
247 |         if not skip_nmap_scan:
248 |             if nmap_thread.is_alive():
249 |                 logger.info("{} All scans done. Waiting for Nmap scan to wrap up. "
250 |                             "Time left may vary depending on scan type and port range".format(COLORED_COMBOS.INFO))
251 | 
252 |                 while nmap_thread.is_alive():
253 |                     time.sleep(15)
254 | 
255 |         logger.info("\n{}### Raccoon scan finished ###{}\n".format(COLOR.GRAY, COLOR.RESET))
256 |         os.system("stty sane")
257 | 
258 |     except KeyboardInterrupt:
259 |         print("{}Keyboard Interrupt detected. Exiting{}".format(COLOR.RED, COLOR.RESET))
260 |         # Fix F'd up terminal after CTRL+C
261 |         os.system("stty sane")
262 |         exit(42)
263 | 
264 | 
265 | if __name__ == "__main__":
266 |     main()
267 | 


--------------------------------------------------------------------------------
/raccoon_src/utils/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/evyatarmeged/Raccoon/9cf6c1129221aa51280f5705106660d23b2f1b92/raccoon_src/utils/__init__.py


--------------------------------------------------------------------------------
/raccoon_src/utils/coloring.py:
--------------------------------------------------------------------------------
 1 | from collections import namedtuple
 2 | 
 3 | Color = namedtuple("Color", ["RED", "BLUE", "CYAN", "GREEN", "YELLOW", "GRAY", "BOLD", "RESET"])
 4 | COLOR = Color(
 5 |     "\033[1;31m",  # red
 6 |     "\033[1;34m",  # blue
 7 |     "\033[1;36m",  # cyan
 8 |     "\033[1;32m",  # green
 9 |     "\033[93m",    # yellow
10 |     "\033[1;30m",  # gray
11 |     "\033[;1m",    # bold
12 |     "\033[0;0m"    # reset
13 | )
14 | 
15 | ColoredCombos = namedtuple("ColoredCombos", ["INFO", "GOOD", "BAD", "NOTIFY"])
16 | COLORED_COMBOS = ColoredCombos(
17 |     "{}[#]{}".format(COLOR.BLUE, COLOR.RESET),
18 |     "{}[v]{}".format(COLOR.GREEN, COLOR.RESET),
19 |     "{}[x]{}".format(COLOR.RED, COLOR.RESET),
20 |     "{}[!]{}".format(COLOR.YELLOW, COLOR.RESET))
21 | 


--------------------------------------------------------------------------------
/raccoon_src/utils/exceptions.py:
--------------------------------------------------------------------------------
 1 | class RaccoonException(Exception):
 2 |     """Raccoon base exception class"""
 3 |     def __init__(self, message='Raccoon Base Exception'):
 4 |         self._message = message
 5 | 
 6 |     def __str__(self):
 7 |         return self._message
 8 | 
 9 | 
10 | class FuzzerException(RaccoonException):
11 |     def __init__(self, message='Fuzzer Exception'):
12 |         super().__init__(message)
13 | 
14 |     def __str__(self):
15 |         return self._message
16 | 
17 | 
18 | class HostHandlerException(RaccoonException):
19 |     def __init__(self, message='Host Handler Exception'):
20 |         super().__init__(message)
21 | 
22 |     def __str__(self):
23 |         return self._message
24 | 
25 | 
26 | class ScannerException(RaccoonException):
27 |     def __init__(self, message='Scanner Exception'):
28 |         super().__init__(message)
29 | 
30 |     def __str__(self):
31 |         return self._message
32 | 
33 | 
34 | class WAFException(RaccoonException):
35 |     def __init__(self, message='WAF Exception'):
36 |         super().__init__(message)
37 | 
38 |     def __str__(self):
39 |         return self._message
40 | 
41 | 
42 | class RequestHandlerException(RaccoonException):
43 | 
44 |     def __init__(self, message='RequestHandler Exception'):
45 |         super().__init__(message)
46 | 
47 |     def __str__(self):
48 |         return self._message
49 | 
50 | 
51 | class RequestHandlerConnectionReset(RequestHandlerException):
52 | 
53 |     def __init__(self, message='Connection Reset'):
54 |         super().__init__(message)
55 | 
56 |     def __str__(self):
57 |         return self._message
58 | 
59 | 
60 | class WebAppScannerException(RaccoonException):
61 |     def __init__(self, message='Web Application Scanner Exception'):
62 |         super().__init__(message)
63 | 
64 |     def __str__(self):
65 |         return self._message
66 | 
67 | 
68 | class WebServerValidatorException(RaccoonException):
69 |     def __init__(self, message='Web Server Validator Exception'):
70 |         super().__init__(message)
71 | 
72 |     def __str__(self):
73 |         return self._message
74 | 


--------------------------------------------------------------------------------
/raccoon_src/utils/help_utils.py:
--------------------------------------------------------------------------------
  1 | import os
  2 | import distutils.spawn
  3 | from platform import system
  4 | from collections import Counter
  5 | from subprocess import PIPE, check_call, CalledProcessError
  6 | from requests.exceptions import ConnectionError
  7 | from raccoon_src.utils.exceptions import RaccoonException, ScannerException, RequestHandlerException
  8 | from raccoon_src.utils.request_handler import RequestHandler
  9 | 
 10 | 
 11 | class HelpUtilities:
 12 | 
 13 |     PATH = ""
 14 | 
 15 |     @classmethod
 16 |     def validate_target_is_up(cls, host):
 17 |         cmd = "ping -c 1 {}".format(host.target)
 18 |         try:
 19 |             check_call(cmd.split(), stdout=PIPE, stderr=PIPE)
 20 |             return
 21 |         except CalledProcessError:
 22 |             # Maybe ICMP is blocked. Try web server
 23 |             try:
 24 |                 if host.port == 443 or host.port == 80:
 25 |                     url = "{}://{}".format(host.protocol, host.target)
 26 |                 else:
 27 |                     url = "{}://{}:{}".format(host.protocol, host.target, host.port)
 28 |                 rh = RequestHandler()
 29 |                 rh.send("GET", url=url, timeout=15)
 30 |                 return
 31 |             except (ConnectionError, RequestHandlerException):
 32 |                 raise RaccoonException("Target {} seems to be down (no response to ping or from a web server"
 33 |                                        " at port {}).\nRun with --skip-health-check to ignore hosts"
 34 |                                        " considered as down.".format(host, host.port))
 35 | 
 36 |     @classmethod
 37 |     def parse_cookie_arg(cls, cookie_arg):
 38 |         try:
 39 |             cookies = {}
 40 |             for c in cookie_arg.split(','):
 41 |                 c = c.split(":")
 42 |                 cookies[c[0]] = c[1]
 43 |             return cookies
 44 |         except (IndexError, TypeError):
 45 |             raise RaccoonException("Cookie parsing error occurred, probably due to invalid cookie format.\n"
 46 |                                    "Cookie format should be comma separated key:value pairs. Use --help "
 47 |                                    "for more info.")
 48 | 
 49 |     @classmethod
 50 |     def validate_wordlist_args(cls, proxy_list, wordlist, subdomain_list):
 51 |         if proxy_list and not os.path.isfile(proxy_list):
 52 |             raise FileNotFoundError("Not a valid file path, {}".format(proxy_list))
 53 | 
 54 |         if wordlist and not os.path.isfile(wordlist):
 55 |             raise FileNotFoundError("Not a valid file path, {}".format(wordlist))
 56 | 
 57 |         if subdomain_list and not os.path.isfile(subdomain_list):
 58 |             raise FileNotFoundError("Not a valid file path, {}".format(wordlist))
 59 | 
 60 |     @classmethod
 61 |     def validate_port_range(cls, port_range):
 62 |         """Validate port range for Nmap scan"""
 63 |         ports = port_range.split("-")
 64 |         if all(ports) and int(ports[-1]) <= 65535 and not len(ports) != 2:
 65 |             return True
 66 |         raise ScannerException("Invalid port range {}".format(port_range))
 67 | 
 68 |     @classmethod
 69 |     def validate_proxy_args(cls, *args):
 70 |         """No more than 1 of the following can be specified: tor_routing, proxy, proxy_list"""
 71 |         supplied_proxies = Counter((not arg for arg in (*args,))).get(False)
 72 |         if not supplied_proxies:
 73 |             return
 74 |         elif supplied_proxies > 1:
 75 |             raise RaccoonException("Must specify only one of the following:\n"
 76 |                                    "--tor-routing, --proxy-list, --proxy")
 77 | 
 78 |     @classmethod
 79 |     def determine_verbosity(cls, quiet):
 80 |         if quiet:
 81 |             return "CRITICAL"
 82 |         else:
 83 |             return "INFO"
 84 | 
 85 |     @classmethod
 86 |     def find_nmap_executable(cls):
 87 |         return distutils.spawn.find_executable("nmap")
 88 | 
 89 |     @classmethod
 90 |     def find_openssl_executable(cls):
 91 |         return distutils.spawn.find_executable("openssl")
 92 | 
 93 |     @classmethod
 94 |     def find_mac_gtimeout_executable(cls):
 95 |         """To add macOS support, the coreutils package needs to be installed using homebrew"""
 96 |         return distutils.spawn.find_executable("gtimeout")
 97 | 
 98 |     @classmethod
 99 |     def validate_executables(cls):
100 |         if not (cls.find_nmap_executable() and cls.find_openssl_executable()):
101 |             raise RaccoonException("Could not find Nmap or OpenSSL "
102 |                                    "installed. Please install them and run Raccoon again.")
103 |         if system() == "Darwin":
104 |             if not cls.find_mac_gtimeout_executable():
105 |                 raise RaccoonException("To support Raccoon with macOS 'gtimeout' must be installed.\n"
106 |                                        "gtimeout can be installed by running 'brew install coreutils'")
107 |         return
108 | 
109 |     @classmethod
110 |     def create_output_directory(cls, outdir):
111 |         """Tries to create base output directory"""
112 |         cls.PATH = outdir
113 |         try:
114 |             os.mkdir(outdir)
115 |         except FileExistsError:
116 |             pass
117 | 
118 |     @classmethod
119 |     def get_output_path(cls, module_path):
120 |         return "{}/{}".format(cls.PATH, module_path)
121 | 
122 |     @classmethod
123 |     def confirm_traffic_routs_through_tor(cls):
124 |         rh = RequestHandler()
125 |         try:
126 |             page = rh.send("GET", url="https://check.torproject.org")
127 |             if "Congratulations. This browser is configured to use Tor." in page.text:
128 |                 return
129 |             elif "Sorry. You are not using Tor" in page.text:
130 |                 raise RaccoonException("Traffic does not seem to be routed through Tor.\nExiting")
131 |         except RequestHandlerException:
132 |             raise RaccoonException("Tor service seems to be down - not able to connect to 127.0.0.1:9050.\nExiting")
133 | 
134 |     @classmethod
135 |     def query_dns_dumpster(cls, host):
136 |         # Start DNS Dumpster session for the token
137 |         request_handler = RequestHandler()
138 |         dnsdumpster_session = request_handler.get_new_session()
139 |         url = "https://dnsdumpster.com"
140 |         if host.naked:
141 |             target = host.naked
142 |         else:
143 |             target = host.target
144 |         payload = {
145 |             "targetip": target,
146 |             "csrfmiddlewaretoken": None
147 |         }
148 |         try:
149 |             dnsdumpster_session.get(url, timeout=10)
150 |             jar = dnsdumpster_session.cookies
151 |             for c in jar:
152 |                 if not c.__dict__.get("name") == "csrftoken":
153 |                     continue
154 |                 payload["csrfmiddlewaretoken"] = c.__dict__.get("value")
155 |                 break
156 |             dnsdumpster_session.post(url, data=payload, headers={"Referer": "https://dnsdumpster.com/"})
157 | 
158 |             return dnsdumpster_session.get("https://dnsdumpster.com/static/map/{}.png".format(target))
159 |         except ConnectionError:
160 |             raise RaccoonException
161 | 
162 |     @classmethod
163 |     def extract_hosts_from_cidr(cls):
164 |         pass
165 | 
166 |     @classmethod
167 |     def extract_hosts_from_range(cls):
168 |         pass
169 | 


--------------------------------------------------------------------------------
/raccoon_src/utils/logger.py:
--------------------------------------------------------------------------------
 1 | import logging
 2 | from os import path
 3 | from sys import stdout
 4 | from raccoon_src.utils.singleton import Singleton
 5 | 
 6 | 
 7 | class SystemOutLogger(metaclass=Singleton):
 8 |     """
 9 |     Single instance stdout logger to be shared among modules
10 |     Logging level is set by verbosity/quiet arguments from user
11 |     Logs to stdout - other loggers call its functions to log to stdout
12 |     in addition to their own file-writing logging
13 |     """
14 |     def __init__(self, level="INFO"):
15 |         self.level = level
16 |         self.logger = self.get_logger()
17 | 
18 |     def get_logger(self):
19 |         logger = logging.getLogger("Raccoon")
20 |         logger.setLevel(self.level)
21 | 
22 |         out_handler = logging.StreamHandler(stdout)
23 |         formatter = logging.Formatter('%(message)s')
24 |         out_handler.setFormatter(formatter)
25 |         logger.addHandler(out_handler)
26 |         return logger
27 | 
28 |     def debug(self, *args, **kwargs):
29 |         self.logger.debug(*args, **kwargs)
30 | 
31 |     def info(self, *args, **kwargs):
32 |         self.logger.info(*args, **kwargs)
33 | 
34 |     def warning(self, *args, **kwargs):
35 |         self.logger.warning(*args, **kwargs)
36 | 
37 |     def error(self, *args, **kwargs):
38 |         self.logger.error(*args, **kwargs)
39 | 
40 |     def critical(self, *args, **kwargs):
41 |         self.logger.critical(*args, **kwargs)
42 | 
43 | 
44 | class Logger:
45 |     """
46 |     Logger that should instantiated for each module
47 |     Will write all logs (DEBUG) to self.outfile argument.
48 |     In addition calls SystemOutLogger functions to write to stdout in correspondence with
49 |     verbosity levels
50 |     """
51 | 
52 |     def __init__(self, outfile):
53 |         self.outfile = outfile
54 |         self.stout_logger = SystemOutLogger()
55 |         self.logger = self.get_logger()
56 | 
57 |     def get_logger(self):
58 |         logger = logging.getLogger(self.__str__())
59 |         logger.setLevel("DEBUG")
60 | 
61 |         out_handler = logging.FileHandler(self.outfile)
62 |         formatter = logging.Formatter('%(message)s')
63 |         out_handler.setFormatter(formatter)
64 |         logger.addHandler(out_handler)
65 |         return logger
66 | 
67 |     def debug(self, *args, **kwargs):
68 |         self.stout_logger.debug(*args, **kwargs)
69 |         self.logger.debug(*args, **kwargs)
70 | 
71 |     def info(self, *args, **kwargs):
72 |         self.stout_logger.info(*args, **kwargs)
73 |         self.logger.info(*args, **kwargs)
74 | 
75 |     def warning(self, *args, **kwargs):
76 |         self.stout_logger.warning(*args, **kwargs)
77 |         self.logger.warning(*args, **kwargs)
78 | 
79 |     def error(self, *args, **kwargs):
80 |         self.stout_logger.error(*args, **kwargs)
81 |         self.logger.error(*args, **kwargs)
82 | 
83 |     def critical(self, *args, **kwargs):
84 |         self.stout_logger.critical(*args, **kwargs)
85 |         self.logger.critical(*args, **kwargs)
86 | 


--------------------------------------------------------------------------------
/raccoon_src/utils/misc/vulners.nse:
--------------------------------------------------------------------------------
  1 | description = [[
  2 | For each available CPE the script prints out known vulns (links to the correspondent info) and correspondent CVSS scores.
  3 | 
  4 | Its work is pretty simple:
  5 | - work only when some software version is identified for an open port
  6 | - take all the known CPEs for that software (from the standard nmap -sV output)
  7 | - make a request to a remote server (vulners.com API) to learn whether any known vulns exist for that CPE
  8 |  - if no info is found this way - try to get it using the software name alone
  9 | - print the obtained info out
 10 | 
 11 | NB:
 12 | Since the size of the DB with all the vulns is more than 250GB there is no way to use a local db. 
 13 | So we do make requests to a remote service. Still all the requests contain just two fields - the 
 14 | software name and its version (or CPE), so one can still have the desired privacy.
 15 | ]]
 16 | 
 17 | ---
 18 | -- @usage 
 19 | -- nmap -sV --script vulners [--script-args mincvss=<arg_val>] <target>
 20 | --
 21 | -- @output
 22 | --
 23 | -- 53/tcp   open     domain             ISC BIND DNS
 24 | -- | vulners:
 25 | -- |   ISC BIND DNS:
 26 | -- |     CVE-2012-1667        8.5        https://vulners.com/cve/CVE-2012-1667
 27 | -- |     CVE-2002-0651        7.5        https://vulners.com/cve/CVE-2002-0651
 28 | -- |     CVE-2002-0029        7.5        https://vulners.com/cve/CVE-2002-0029
 29 | -- |     CVE-2015-5986        7.1        https://vulners.com/cve/CVE-2015-5986
 30 | -- |     CVE-2010-3615        5.0        https://vulners.com/cve/CVE-2010-3615
 31 | -- |     CVE-2006-0987        5.0        https://vulners.com/cve/CVE-2006-0987
 32 | -- |     CVE-2014-3214        5.0        https://vulners.com/cve/CVE-2014-3214
 33 | --
 34 | 
 35 | author = 'gmedian AT vulners DOT com'
 36 | license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 37 | categories = {"vuln", "safe", "external"}
 38 | 
 39 | 
 40 | local http = require "http"
 41 | local json = require "json"
 42 | local string = require "string"
 43 | local table = require "table"
 44 | 
 45 | local api_version="1.2"
 46 | local mincvss=nmap.registry.args.mincvss and tonumber(nmap.registry.args.mincvss) or 0.0
 47 | 
 48 | 
 49 | portrule = function(host, port)
 50 |     local vers=port.version
 51 |     return vers ~= nil and vers.version ~= nil
 52 | end
 53 | 
 54 | 
 55 | ---
 56 | -- Return a string with all the found cve's and correspondent links
 57 | -- 
 58 | -- @param vulns a table with the parsed json response from the vulners server 
 59 | --
 60 | function make_links(vulns)
 61 |   local output_str=""
 62 |   local is_exploit=false
 63 |   local cvss_score=""
 64 | 
 65 |   -- NOTE[gmedian]: data.search is a "list" already, so just use table.sort with a custom compare function
 66 |   -- However, for the future it might be wiser to create a copy rather than do it in-place
 67 | 
 68 |   local vulns_result = {} 
 69 |   for _, v in ipairs(vulns.data.search) do
 70 |     table.insert(vulns_result, v)
 71 |   end
 72 | 
 73 |   -- Sort the acquired vulns by the CVSS score
 74 |   table.sort(vulns_result, function(a, b)
 75 |                               return a._source.cvss.score > b._source.cvss.score
 76 |                            end
 77 |   )
 78 | 
 79 |   for _, vuln in ipairs(vulns_result) do
 80 |     -- Mark the exploits out
 81 |     is_exploit = vuln._source.bulletinFamily:lower() == "exploit"
 82 | 
 83 |     -- Sometimes it might happen, so check the score availability
 84 |     cvss_score = vuln._source.cvss and (type(vuln._source.cvss.score) == "number") and (vuln._source.cvss.score) or ""
 85 | 
 86 |     -- NOTE[gmedian]: exploits seem to have cvss == 0, so print them anyway
 87 |     if is_exploit or (cvss_score ~= "" and mincvss <= tonumber(cvss_score)) then
 88 |       output_str = string.format("%s\n\t%s", output_str, vuln._source.id .. "\t\t" .. cvss_score .. '\t\thttps://vulners.com/' .. vuln._source.type .. '/' .. vuln._source.id .. (is_exploit and '\t\t*EXPLOIT*' or ''))
 89 |     end
 90 |   end
 91 |   
 92 |   return output_str
 93 | end
 94 | 
 95 | 
 96 | ---
 97 | -- Issues the requests, receives json and parses it, calls <code>make_links</code> when successfull
 98 | --
 99 | -- @param what string, future value for the software query argument
100 | -- @param vers string, the version query argument
101 | -- @param type string, the type query argument
102 | --
103 | function get_results(what, vers, type)
104 |   local v_host="vulners.com"
105 |   local v_port=443 
106 |   local response, path
107 |   local status, error
108 |   local vulns
109 |   local option={header={}}
110 | 
111 |   option['header']['User-Agent'] = string.format('Vulners NMAP Plugin %s', api_version)
112 | 
113 |   path = '/api/v3/burp/software/' .. '?software=' .. what .. '&version=' .. vers .. '&type=' .. type
114 | 
115 |   response = http.get(v_host, v_port, path, option)
116 | 
117 |   status = response.status
118 |   if status == nil then
119 |     -- Something went really wrong out there
120 |     -- According to the NSE way we will die silently rather than spam user with error messages
121 |     return ""
122 |   elseif status ~= 200 then
123 |     -- Again just die silently
124 |     return ""
125 |   end
126 | 
127 |   status, vulns = json.parse(response.body)
128 | 
129 |   if status == true then
130 |     if vulns.result == "OK" then
131 |       return make_links(vulns)
132 |     end
133 |   end
134 | 
135 |   return ""
136 | end
137 | 
138 | 
139 | ---
140 | -- Calls <code>get_results</code> for type="software"
141 | -- 
142 | -- It is called from <code>action</code> when nothing is found for the available cpe's 
143 | --
144 | -- @param software string, the software name
145 | -- @param version string, the software version
146 | --
147 | function get_vulns_by_software(software, version)
148 |   return get_results(software, version, "software")
149 | end
150 | 
151 | 
152 | ---
153 | -- Calls <code>get_results</code> for type="cpe"
154 | -- 
155 | -- Takes the version number from the given <code>cpe</code> and tries to get the result.
156 | -- If none found, changes the given <code>cpe</code> a bit in order to possibly separate version number from the patch version
157 | -- And makes another attempt.
158 | -- Having failed returns an empty string.
159 | --
160 | -- @param cpe string, the given cpe
161 | --
162 | function get_vulns_by_cpe(cpe)
163 |   local vers
164 |   local vers_regexp=":([%d%.%-%_]+)([^:]*)$"
165 |   local output_str=""
166 |   
167 |   -- TODO[gmedian]: add check for cpe:/a  as we might be interested in software rather than in OS (cpe:/o) and hardware (cpe:/h)
168 |   -- TODO[gmedian]: work not with the LAST part but simply with the THIRD one (according to cpe doc it must be version)
169 | 
170 |   -- NOTE[gmedian]: take only the numeric part of the version
171 |   _, _, vers = cpe:find(vers_regexp)
172 | 
173 | 
174 |   if not vers then
175 |     return ""
176 |   end
177 | 
178 |   output_str = get_results(cpe, vers, "cpe")
179 | 
180 |   if output_str == "" then
181 |     local new_cpe
182 | 
183 |     new_cpe = cpe:gsub(vers_regexp, ":%1:%2")
184 |     output_str = get_results(new_cpe, vers, "cpe")
185 |   end
186 |   
187 |   return output_str
188 | end
189 | 
190 | 
191 | action = function(host, port)
192 |   local tab={}
193 |   local changed=false
194 |   local response
195 |   local output_str=""
196 | 
197 |   for i, cpe in ipairs(port.version.cpe) do 
198 |     output_str = get_vulns_by_cpe(cpe, port.version)
199 |     if output_str ~= "" then
200 |       tab[cpe] = output_str
201 |       changed = true
202 |     end
203 |   end
204 | 
205 |   -- NOTE[gmedian]: issue request for type=software, but only when nothing is found so far
206 |   if not changed then
207 |     local vendor_version = port.version.product .. " " .. port.version.version
208 |     output_str = get_vulns_by_software(port.version.product, port.version.version)
209 |     if output_str ~= "" then
210 |       tab[vendor_version] = output_str
211 |       changed = true
212 |     end
213 |   end
214 |   
215 |   if (not changed) then
216 |     return
217 |   end
218 |   return tab
219 | end
220 | 
221 | 


--------------------------------------------------------------------------------
/raccoon_src/utils/request_handler.py:
--------------------------------------------------------------------------------
  1 | import random
  2 | from fake_useragent import UserAgent
  3 | from requests import request, Session, utils as requests_utils
  4 | from requests.exceptions import ProxyError, TooManyRedirects, ConnectionError, ConnectTimeout, ReadTimeout
  5 | from urllib3.exceptions import NewConnectionError
  6 | from raccoon_src.utils.exceptions import RequestHandlerException
  7 | from raccoon_src.utils.singleton import Singleton
  8 | 
  9 | 
 10 | class RequestHandler(metaclass=Singleton):
 11 |     """
 12 |     A wrapper for request sending and session creating.
 13 |     Used to abstract proxy/tor routing to avoid repeating configurations for each module
 14 |     """
 15 |     def __init__(self,
 16 |                  proxy_list=None,
 17 |                  tor_routing=False,
 18 |                  single_proxy=None,
 19 |                  delay=None,
 20 |                  cookies=None):
 21 |         self.proxy_list = proxy_list
 22 |         self.tor_routing = tor_routing
 23 |         self.delay = delay
 24 |         self.single_proxy = single_proxy
 25 |         self.proxies = self._set_instance_proxies()
 26 |         self.cookies = cookies
 27 |         self.allowed_methods = {"GET", "HEAD", "POST"}
 28 |         self.headers = self._set_headers()
 29 | 
 30 |     @staticmethod
 31 |     def _set_headers():
 32 |         headers = requests_utils.default_headers()
 33 |         headers["User-Agent"] = UserAgent(verify_ssl=False).random
 34 |         return headers
 35 | 
 36 |     def _set_instance_proxies(self):
 37 |         """
 38 |         Set the proxies to any of the following:
 39 |         Proxy List - a list of proxies to choose randomly from for each request. Read from file.
 40 |         TOR - a dict of socks5 and the TOR service default 9050 that will be used
 41 |         Else, No proxies - an empty dict will be used.
 42 |         """
 43 |         proxies = {}
 44 |         if self.tor_routing:
 45 |             proxies = {
 46 |                 "http": "socks5://127.0.0.1:9050",
 47 |                 "https": "socks5://127.0.0.1:9050"
 48 |             }
 49 |         elif self.proxy_list:
 50 |             try:
 51 |                 with open(self.proxy_list, "r") as file:
 52 |                     file = file.readlines()
 53 |                     proxies = [x.replace("\n", "") for x in file]
 54 |             except FileNotFoundError:
 55 |                 raise RequestHandlerException("Cannot read proxies from {}".format(self.proxy_list))
 56 |         elif self.single_proxy:
 57 |             proxies = {
 58 |                 "http": self.single_proxy,
 59 |                 "https": self.single_proxy
 60 |             }
 61 |         return proxies
 62 | 
 63 |     def _get_request_proxies(self):
 64 |         if self.tor_routing or self.single_proxy:
 65 |             proxies = self.proxies
 66 |         elif self.proxy_list:
 67 |             if not self.proxies:
 68 |                 raise RequestHandlerException("No valid proxies left in proxy list. Exiting.")
 69 |             else:
 70 |                 try:
 71 |                     prx = random.choice(self.proxies)
 72 |                     proxies = {proto: "{}://{}".format(proto, prx) for proto in ("http", "https")}
 73 |                 except IndexError:
 74 |                     raise RequestHandlerException("No valid proxies left in proxy list. Exiting.")
 75 |         else:
 76 |             proxies = self.proxies
 77 |         return proxies
 78 | 
 79 |     def send(self, method="GET", *args, **kwargs):
 80 |         """
 81 |         Send a GET/POST/HEAD request using the object's proxies and headers
 82 |         :param method: Method to send request in. GET/POST/HEAD
 83 |         """
 84 |         proxies = self._get_request_proxies()
 85 | 
 86 |         try:
 87 |             if method.upper() in self.allowed_methods:
 88 |                 kwargs['timeout'] = kwargs['timeout'] if 'timeout' in kwargs else 5
 89 |                 return request(method, proxies=proxies, headers=self.headers, cookies=self.cookies, *args, **kwargs)
 90 |             else:
 91 |                 raise RequestHandlerException("Unsupported method: {}".format(method))
 92 |         except ProxyError:
 93 |             # TODO: Apply fail over for bad proxies or drop them
 94 |             raise RequestHandlerException("Error connecting to proxy")
 95 |         except (ConnectTimeout, ReadTimeout):
 96 |             raise RequestHandlerException("Connection with server timed out")
 97 |         except NewConnectionError:
 98 |             raise RequestHandlerException("Address cannot be resolved")
 99 |             # New connection error == Can't resolve address
100 |         except ConnectionError:
101 |             # TODO: Increase delay
102 |             raise RequestHandlerException("Error connecting to host")
103 |         except TooManyRedirects:
104 |             raise RequestHandlerException("Infinite redirects detected - too many redirects error")
105 |         except UnicodeDecodeError:
106 |             # Following issue #19, apparently some sites do not use utf-8 in their uris :<>
107 |             pass
108 | 
109 |     def get_new_session(self):
110 |         """Returns a new session using the object's proxies and headers"""
111 |         session = Session()
112 |         session.headers = self.headers
113 |         session.proxies = self._get_request_proxies()
114 |         return session
115 | 


--------------------------------------------------------------------------------
/raccoon_src/utils/singleton.py:
--------------------------------------------------------------------------------
 1 | class Singleton(type):
 2 | 
 3 |     def __init__(cls, *args, **kwargs):
 4 |         super().__init__(*args, **kwargs)
 5 |         cls.instance = None
 6 | 
 7 |     def __call__(cls, *args, **kwargs):
 8 |         if not cls.instance:
 9 |             cls.instance = super().__call__(*args, **kwargs)
10 | 
11 |         return cls.instance
12 | 


--------------------------------------------------------------------------------
/raccoon_src/utils/web_server_validator.py:
--------------------------------------------------------------------------------
 1 | from urllib3.exceptions import HTTPError
 2 | from requests.exceptions import ConnectionError, TooManyRedirects
 3 | from raccoon_src.utils.request_handler import RequestHandler
 4 | from raccoon_src.utils.singleton import Singleton
 5 | from raccoon_src.utils.exceptions import WebServerValidatorException, RequestHandlerException
 6 | 
 7 | 
 8 | class WebServerValidator(metaclass=Singleton):
 9 | 
10 |     def __init__(self):
11 |         self.request_handler = RequestHandler()
12 | 
13 |     def validate_target_webserver(self, host):
14 |         try:
15 |             self.request_handler.send(
16 |                 "GET",
17 |                 timeout=20,
18 |                 url="{}://{}:{}".format(
19 |                     host.protocol,
20 |                     host.target,
21 |                     host.port
22 |                 )
23 |             )
24 |             return True
25 |         except RequestHandlerException:
26 |             raise WebServerValidatorException
27 | 


--------------------------------------------------------------------------------
/raccoon_src/wordlists/storage_sensitive:
--------------------------------------------------------------------------------
  1 | .7z
  2 | .access
  3 | .addressbook
  4 | .adm
  5 | .admin
  6 | .adminer.php.swp
  7 | .Administration
  8 | .apdisk
  9 | .AppleDB
 10 | .AppleDesktop
 11 | .AppleDouble
 12 | .babelrc
 13 | .bak
 14 | .bash
 15 | .bower-cache
 16 | .bower-registry
 17 | .bower-tmp
 18 | .build/
 19 | .buildpath
 20 | .buildpath/
 21 | .builds
 22 | .bundle
 23 | .bz2
 24 | .bzr/README
 25 | .c9/
 26 | .c9revisions/
 27 | .cache
 28 | .cache/
 29 | .capistrano
 30 | .capistrano/metrics
 31 | .cc-ban.txt
 32 | .cc-ban.txt.bak
 33 | .cfg
 34 | .checkstyle
 35 | .classpath
 36 | .cobalt
 37 | .cobalt/
 38 | .codeintel
 39 | .codekit-cache
 40 | .codio
 41 | .compile
 42 | .composer
 43 | .conf
 44 | .config
 45 | .config.php.swp
 46 | .config/filezilla/sitemanager.xml.xml
 47 | .config/psi+/profiles/default/accounts.xml
 48 | .configuration.php.swp
 49 | .contracts
 50 | .core
 51 | .coverage
 52 | .cpan
 53 | .cpanel/
 54 | .cproject
 55 | .cshrc
 56 | .CSV
 57 | .csv
 58 | .CVS
 59 | .cvs
 60 | .cvsignore
 61 | .dat
 62 | .deployignore
 63 | .dev/
 64 | .directory
 65 | .domain
 66 | .drone.yml
 67 | .DS_Store
 68 | .dump
 69 | .eclipse
 70 | .editorconfig
 71 | .elasticbeanstalk/
 72 | .elb
 73 | .elc
 74 | .emacs
 75 | .empty-folder
 76 | .env
 77 | .env.php
 78 | .env.sample.php
 79 | .environment
 80 | .error_log
 81 | .eslintrc
 82 | .espressostorage
 83 | .event
 84 | .external/data
 85 | .externalToolBuilders/
 86 | .FBCIndex
 87 | .fhp
 88 | .filemgr-tmp
 89 | .filezilla/sitemanager.xml.xml
 90 | .fishsrv.pl
 91 | .flac
 92 | .flowconfig
 93 | .fontconfig/
 94 | .fontcustom-manifest.json
 95 | .forward
 96 | .ftp-access
 97 | .ftppass
 98 | .ftpquota
 99 | .gbent
100 | .gem
101 | .gfclient/pass
102 | .git
103 | .grc
104 | .grunt/
105 | .gui
106 | .gz
107 | .hash
108 | .hg
109 | .hg/
110 | .hg/dirstate
111 | .hg/requires
112 | .hg/store/data/
113 | .hg/store/undo
114 | .hg/undo.dirstate
115 | .hgignore
116 | .hgignore.global
117 | .hgrc
118 | .history
119 | .ht_wsr.txt
120 | .hta
121 | .htaccess
122 | .htaccess-dev.htgroup
123 | .htpasswd
124 | .htpasswds
125 | .htpasswrd
126 | .htusers
127 | .idea
128 | .ignore
129 | .ignored/
130 | .ini
131 | .inst/
132 | .install/composer.phar
133 | .installed.cfg
134 | .joe_state
135 | .jpilot/
136 | .jscsrc
137 | .jshintignore
138 | .jshintrc
139 | .keep
140 | .keys.yml
141 | .kitchen.yml
142 | .komodotools
143 | .komodotools/
144 | .ksh_history
145 | .lesshst
146 | .lighttpd.conf
147 | .listing
148 | .listings
149 | .loadpath
150 | .LOCAL
151 | .local
152 | .localcache/
153 | .localeapp/
154 | .localsettings.php.swp
155 | .lock-wscript
156 | .log
157 | .log.txt
158 | .login
159 | .LSOverride
160 | .lynx_cookies
161 | .magentointel-cache/
162 | .mail_aliases
163 | .mailrc
164 | .maintenance
165 | .maintenance2
166 | .mc
167 | .mc/
168 | .members
169 | .memdump
170 | .mergesources.yml
171 | .meta
172 | .modgit/
173 | .modman
174 | .modules
175 | .mr.developer.cfg
176 | .msi
177 | .mweval_history
178 | .mwsql_history
179 | .mysql_history
180 | .nano_history
181 | .nbproject/
182 | .net/
183 | .netrc
184 | .netrwhist
185 | .nodelete
186 | .npmignore
187 | .npmrc
188 | .nsconfig
189 | .nuget/packages.config
190 | .old
191 | .oldsnippets
192 | .oldstatic
193 | .org-id-locations
194 | .ost
195 | .pass
196 | .passes
197 | .passwd
198 | .passwd/
199 | .password
200 | .passwords
201 | .passwrd
202 | .patches/
203 | .perf
204 | .pgsql_history
205 | .php
206 | .phpstorm.meta.php
207 | .phptidy-cache
208 | .phpversion
209 | .pki
210 | .placeholder
211 | .printer
212 | .procmailrc
213 | .profile
214 | .project
215 | .project.xml
216 | .project/
217 | .projectOptions
218 | .properties
219 | .psql_history
220 | .psqlrc
221 | .pst
222 | .pwd
223 | .pydevproject
224 | .python-eggs
225 | .qqestore/
226 | .rar
227 | .raw
228 | .rbtp
229 | .rdsTempFiles
230 | .remote-sync.json
231 | .revision
232 | .rhosts
233 | .robots.txt
234 | .rsync-filter
235 | .rsync_cache
236 | .rsync_cache/
237 | .rubocop.yml
238 | .rubocop_todo.yml
239 | .ruby-gemset
240 | .ruby-version
241 | .rvmrc
242 | .s3backupstatus
243 | .sass-cache/
244 | .scrutinizer.yml
245 | .selected_editor
246 | .server-info/
247 | .server-status/
248 | .sessions
249 | .settings
250 | .sh
251 | .sh_history
252 | .shrc
253 | .sln
254 | .smileys/
255 | .smushit-status
256 | .spamassassin
257 | .sql
258 | .ssh
259 | .st_cache/
260 | .stats/
261 | .sublime-gulp.cache
262 | .sublime-project
263 | .sublime-workspace
264 | .subversion
265 | .sucuriquarantine/
266 | .sunw
267 | .svn
268 | .svnignore
269 | .sw
270 | .swf
271 | .swo
272 | .swp
273 | .SyncID
274 | .SyncIgnore
275 | .synthquota
276 | .system/
277 | .tags
278 | .tags_sorted_by_file
279 | .tar
280 | .tconn/tconn.conf
281 | .temp
282 | .tgitconfig
283 | .thumbs
284 | .tmp
285 | .tmproj
286 | .tox
287 | .transients_purge.log
288 | .Trash
289 | .travis.yml
290 | .tx/
291 | .user.ini
292 | .vacation.cache
293 | .vagrant
294 | .version
295 | .vgextensions/
296 | .viminfo
297 | .vimrc
298 | .web
299 | .workspace/
300 | .wp-config.php.swp
301 | .www_acl
302 | .wwwacl
303 | .zeus.sock
304 | .zfs/
305 | .zip
306 | .zsh_history


--------------------------------------------------------------------------------
/raccoon_src/wordlists/subdomains:
--------------------------------------------------------------------------------
   1 | mail
   2 | ftp
   3 | localhost
   4 | webmail
   5 | smtp
   6 | webdisk
   7 | pop
   8 | cpanel
   9 | whm
  10 | ns1
  11 | ns2
  12 | autodiscover
  13 | autoconfig
  14 | ns
  15 | test
  16 | m
  17 | blog
  18 | dev
  19 | www2
  20 | ns3
  21 | pop3
  22 | forum
  23 | admin
  24 | mail2
  25 | vpn
  26 | mx
  27 | imap
  28 | old
  29 | new
  30 | mobile
  31 | mysql
  32 | beta
  33 | support
  34 | cp
  35 | secure
  36 | shop
  37 | demo
  38 | dns2
  39 | ns4
  40 | dns1
  41 | static
  42 | lists
  43 | web
  44 | www1
  45 | img
  46 | news
  47 | portal
  48 | server
  49 | wiki
  50 | api
  51 | media
  52 | images
  53 | www.blog
  54 | backup
  55 | dns
  56 | sql
  57 | intranet
  58 | www.forum
  59 | www.test
  60 | stats
  61 | host
  62 | video
  63 | mail1
  64 | mx1
  65 | www3
  66 | staging
  67 | www.m
  68 | sip
  69 | chat
  70 | search
  71 | crm
  72 | mx2
  73 | ads
  74 | ipv4
  75 | remote
  76 | email
  77 | my
  78 | wap
  79 | svn
  80 | store
  81 | cms
  82 | download
  83 | proxy
  84 | www.dev
  85 | mssql
  86 | apps
  87 | dns3
  88 | exchange
  89 | mail3
  90 | forums
  91 | ns5
  92 | db
  93 | office
  94 | live
  95 | files
  96 | info
  97 | owa
  98 | monitor
  99 | helpdesk
 100 | panel
 101 | sms
 102 | newsletter
 103 | ftp2
 104 | web1
 105 | web2
 106 | upload
 107 | home
 108 | bbs
 109 | login
 110 | app
 111 | en
 112 | blogs
 113 | it
 114 | cdn
 115 | stage
 116 | gw
 117 | dns4
 118 | www.demo
 119 | ssl
 120 | cn
 121 | smtp2
 122 | vps
 123 | ns6
 124 | relay
 125 | online
 126 | service
 127 | test2
 128 | radio
 129 | ntp
 130 | library
 131 | help
 132 | www4
 133 | members
 134 | tv
 135 | www.shop
 136 | extranet
 137 | hosting
 138 | ldap
 139 | services
 140 | webdisk.blog
 141 | s1
 142 | i
 143 | survey
 144 | s
 145 | www.mail
 146 | www.new
 147 | c-n7k-v03-01.rz
 148 | data
 149 | docs
 150 | c-n7k-n04-01.rz
 151 | ad
 152 | legacy
 153 | router
 154 | de
 155 | meet
 156 | cs
 157 | av
 158 | sftp
 159 | server1
 160 | stat
 161 | moodle
 162 | facebook
 163 | test1
 164 | photo
 165 | partner
 166 | nagios
 167 | mrtg
 168 | s2
 169 | mailadmin
 170 | dev2
 171 | ts
 172 | autoconfig.blog
 173 | autodiscover.blog
 174 | games
 175 | jobs
 176 | image
 177 | host2
 178 | gateway
 179 | preview
 180 | www.support
 181 | im
 182 | ssh
 183 | correo
 184 | control
 185 | ns0
 186 | vpn2
 187 | cloud
 188 | archive
 189 | citrix
 190 | webdisk.m
 191 | voip
 192 | connect
 193 | game
 194 | smtp1
 195 | access
 196 | lib
 197 | www5
 198 | gallery
 199 | redmine
 200 | es
 201 | irc
 202 | stream
 203 | qa
 204 | dl
 205 | billing
 206 | construtor
 207 | lyncdiscover
 208 | painel
 209 | fr
 210 | projects
 211 | a
 212 | pgsql
 213 | mail4
 214 | tools
 215 | iphone
 216 | server2
 217 | dbadmin
 218 | manage
 219 | jabber
 220 | music
 221 | webmail2
 222 | www.beta
 223 | mailer
 224 | phpmyadmin
 225 | t
 226 | reports
 227 | rss
 228 | pgadmin
 229 | images2
 230 | mx3
 231 | www.webmail
 232 | ws
 233 | content
 234 | sv
 235 | web3
 236 | community
 237 | poczta
 238 | www.mobile
 239 | ftp1
 240 | dialin
 241 | us
 242 | sp
 243 | panelstats
 244 | vip
 245 | cacti
 246 | s3
 247 | alpha
 248 | videos
 249 | ns7
 250 | promo
 251 | testing
 252 | sharepoint
 253 | marketing
 254 | sitedefender
 255 | member
 256 | webdisk.dev
 257 | emkt
 258 | training
 259 | edu
 260 | autoconfig.m
 261 | git
 262 | autodiscover.m
 263 | catalog
 264 | webdisk.test
 265 | job
 266 | ww2
 267 | www.news
 268 | sandbox
 269 | elearning
 270 | fb
 271 | webmail.cp
 272 | downloads
 273 | speedtest
 274 | design
 275 | staff
 276 | master
 277 | panelstatsmail
 278 | v2
 279 | db1
 280 | mailserver
 281 | builder.cp
 282 | travel
 283 | mirror
 284 | ca
 285 | sso
 286 | tickets
 287 | alumni
 288 | sitebuilder
 289 | www.admin
 290 | auth
 291 | jira
 292 | ns8
 293 | partners
 294 | ml
 295 | list
 296 | images1
 297 | club
 298 | business
 299 | update
 300 | fw
 301 | devel
 302 | local
 303 | wp
 304 | streaming
 305 | zeus
 306 | images3
 307 | adm
 308 | img2
 309 | gate
 310 | pay
 311 | file
 312 | seo
 313 | status
 314 | share
 315 | maps
 316 | zimbra
 317 | webdisk.forum
 318 | trac
 319 | oa
 320 | sales
 321 | post
 322 | events
 323 | project
 324 | xml
 325 | wordpress
 326 | images4
 327 | main
 328 | english
 329 | e
 330 | img1
 331 | db2
 332 | time
 333 | redirect
 334 | go
 335 | bugs
 336 | direct
 337 | www6
 338 | social
 339 | www.old
 340 | development
 341 | calendar
 342 | www.forums
 343 | ru
 344 | www.wiki
 345 | monitoring
 346 | hermes
 347 | photos
 348 | bb
 349 | mx01
 350 | mail5
 351 | temp
 352 | map
 353 | ns10
 354 | tracker
 355 | sport
 356 | uk
 357 | hr
 358 | autodiscover.test
 359 | conference
 360 | free
 361 | autoconfig.test
 362 | client
 363 | vpn1
 364 | autodiscover.dev
 365 | b2b
 366 | autoconfig.dev
 367 | noc
 368 | webconf
 369 | ww
 370 | payment
 371 | firewall
 372 | intra
 373 | rt
 374 | v
 375 | clients
 376 | www.store
 377 | gis
 378 | m2
 379 | event
 380 | origin
 381 | site
 382 | domain
 383 | barracuda
 384 | link
 385 | ns11
 386 | internal
 387 | dc
 388 | smtp3
 389 | zabbix
 390 | mdm
 391 | assets
 392 | images6
 393 | www.ads
 394 | mars
 395 | mail01
 396 | pda
 397 | images5
 398 | c
 399 | ns01
 400 | tech
 401 | ms
 402 | images7
 403 | autoconfig.forum
 404 | public
 405 | css
 406 | autodiscover.forum
 407 | webservices
 408 | www.video
 409 | web4
 410 | orion
 411 | pm
 412 | fs
 413 | w3
 414 | student
 415 | www.chat
 416 | domains
 417 | book
 418 | lab
 419 | o1.email
 420 | server3
 421 | img3
 422 | kb
 423 | faq
 424 | health
 425 | in
 426 | board
 427 | vod
 428 | www.my
 429 | cache
 430 | atlas
 431 | php
 432 | images8
 433 | wwww
 434 | voip750101.pg6.sip
 435 | cas
 436 | origin-www
 437 | cisco
 438 | banner
 439 | mercury
 440 | w
 441 | directory
 442 | mailhost
 443 | test3
 444 | shopping
 445 | webdisk.demo
 446 | ip
 447 | market
 448 | pbx
 449 | careers
 450 | auto
 451 | idp
 452 | ticket
 453 | js
 454 | ns9
 455 | outlook
 456 | MAIL
 457 | foto
 458 | www.en
 459 | pro
 460 | mantis
 461 | spam
 462 | movie
 463 | s4
 464 | lync
 465 | jupiter
 466 | dev1
 467 | erp
 468 | register
 469 | adv
 470 | b
 471 | corp
 472 | sc
 473 | ns12
 474 | images0
 475 | enet1
 476 | mobil
 477 | lms
 478 | net
 479 | storage
 480 | ss
 481 | ns02
 482 | work
 483 | webcam
 484 | www7
 485 | report
 486 | admin2
 487 | p
 488 | nl
 489 | love
 490 | pt
 491 | manager
 492 | d
 493 | cc
 494 | android
 495 | linux
 496 | reseller
 497 | agent
 498 | web01
 499 | sslvpn
 500 | n
 501 | thumbs
 502 | links
 503 | mailing
 504 | hotel
 505 | pma
 506 | press
 507 | venus
 508 | finance
 509 | uesgh2x
 510 | nms
 511 | ds
 512 | joomla
 513 | doc
 514 | flash
 515 | research
 516 | dashboard
 517 | track
 518 | www.img
 519 | x
 520 | rs
 521 | edge
 522 | deliver
 523 | sync
 524 | oldmail
 525 | da
 526 | order
 527 | eng
 528 | testbrvps
 529 | user
 530 | radius
 531 | star
 532 | labs
 533 | top
 534 | srv1
 535 | mailers
 536 | mail6
 537 | pub
 538 | host3
 539 | reg
 540 | lb
 541 | log
 542 | books
 543 | phoenix
 544 | drupal
 545 | affiliate
 546 | www.wap
 547 | webdisk.support
 548 | www.secure
 549 | cvs
 550 | st
 551 | wksta1
 552 | saturn
 553 | logos
 554 | preprod
 555 | m1
 556 | backup2
 557 | opac
 558 | core
 559 | vc
 560 | mailgw
 561 | pluto
 562 | ar
 563 | software
 564 | jp
 565 | srv
 566 | newsite
 567 | www.members
 568 | openx
 569 | otrs
 570 | titan
 571 | soft
 572 | analytics
 573 | code
 574 | mp3
 575 | sports
 576 | stg
 577 | whois
 578 | apollo
 579 | web5
 580 | ftp3
 581 | www.download
 582 | mm
 583 | art
 584 | host1
 585 | www8
 586 | www.radio
 587 | demo2
 588 | click
 589 | smail
 590 | w2
 591 | feeds
 592 | g
 593 | education
 594 | affiliates
 595 | kvm
 596 | sites
 597 | mx4
 598 | autoconfig.demo
 599 | controlpanel
 600 | autodiscover.demo
 601 | tr
 602 | ebook
 603 | www.crm
 604 | hn
 605 | black
 606 | mcp
 607 | adserver
 608 | www.staging
 609 | static1
 610 | webservice
 611 | f
 612 | develop
 613 | sa
 614 | katalog
 615 | as
 616 | smart
 617 | pr
 618 | account
 619 | mon
 620 | munin
 621 | www.games
 622 | www.media
 623 | cam
 624 | school
 625 | r
 626 | mc
 627 | id
 628 | network
 629 | www.live
 630 | forms
 631 | math
 632 | mb
 633 | maintenance
 634 | pic
 635 | agk
 636 | phone
 637 | bt
 638 | sm
 639 | demo1
 640 | ns13
 641 | tw
 642 | ps
 643 | dev3
 644 | tracking
 645 | green
 646 | users
 647 | int
 648 | athena
 649 | www.static
 650 | www.info
 651 | security
 652 | mx02
 653 | prod
 654 | 1
 655 | team
 656 | transfer
 657 | www.facebook
 658 | www10
 659 | v1
 660 | google
 661 | proxy2
 662 | feedback
 663 | vpgk
 664 | auction
 665 | view
 666 | biz
 667 | vpproxy
 668 | secure2
 669 | www.it
 670 | newmail
 671 | sh
 672 | mobi
 673 | wm
 674 | mailgate
 675 | dms
 676 | 11192521404255
 677 | autoconfig.support
 678 | play
 679 | 11192521403954
 680 | start
 681 | life
 682 | autodiscover.support
 683 | antispam
 684 | cm
 685 | booking
 686 | iris
 687 | www.portal
 688 | hq
 689 | gc._msdcs
 690 | neptune
 691 | terminal
 692 | vm
 693 | pool
 694 | gold
 695 | gaia
 696 | internet
 697 | sklep
 698 | ares
 699 | poseidon
 700 | relay2
 701 | up
 702 | resources
 703 | is
 704 | mall
 705 | traffic
 706 | webdisk.mail
 707 | www.api
 708 | join
 709 | smtp4
 710 | www9
 711 | w1
 712 | upl
 713 | ci
 714 | gw2
 715 | open
 716 | audio
 717 | fax
 718 | alfa
 719 | www.images
 720 | alex
 721 | spb
 722 | xxx
 723 | ac
 724 | edm
 725 | mailout
 726 | webtest
 727 | nfs01.jc
 728 | me
 729 | sun
 730 | virtual
 731 | spokes
 732 | ns14
 733 | webserver
 734 | mysql2
 735 | tour
 736 | igk
 737 | wifi
 738 | pre
 739 | abc
 740 | corporate
 741 | adfs
 742 | srv2
 743 | delta
 744 | loopback
 745 | magento
 746 | br
 747 | campus
 748 | law
 749 | global
 750 | s5
 751 | web6
 752 | orange
 753 | awstats
 754 | static2
 755 | learning
 756 | www.seo
 757 | china
 758 | gs
 759 | www.gallery
 760 | tmp
 761 | ezproxy
 762 | darwin
 763 | bi
 764 | best
 765 | mail02
 766 | studio
 767 | sd
 768 | signup
 769 | dir
 770 | server4
 771 | archives
 772 | golf
 773 | omega
 774 | vps2
 775 | sg
 776 | ns15
 777 | win
 778 | real
 779 | www.stats
 780 | c1
 781 | eshop
 782 | piwik
 783 | geo
 784 | mis
 785 | proxy1
 786 | web02
 787 | pascal
 788 | lb1
 789 | app1
 790 | mms
 791 | apple
 792 | confluence
 793 | sns
 794 | learn
 795 | classifieds
 796 | pics
 797 | gw1
 798 | www.cdn
 799 | rp
 800 | matrix
 801 | repository
 802 | updates
 803 | se
 804 | developer
 805 | meeting
 806 | twitter
 807 | artemis
 808 | au
 809 | cat
 810 | system
 811 | ce
 812 | ecommerce
 813 | sys
 814 | ra
 815 | orders
 816 | sugar
 817 | ir
 818 | wwwtest
 819 | bugzilla
 820 | listserv
 821 | www.tv
 822 | vote
 823 | webmaster
 824 | webdev
 825 | sam
 826 | www.de
 827 | vps1
 828 | contact
 829 | galleries
 830 | history
 831 | journal
 832 | hotels
 833 | www.newsletter
 834 | podcast
 835 | dating
 836 | sub
 837 | www.jobs
 838 | www.intranet
 839 | www.email
 840 | mt
 841 | science
 842 | counter
 843 | dns5
 844 | 2
 845 | people
 846 | ww3
 847 | www.es
 848 | ntp1
 849 | vcenter
 850 | test5
 851 | radius1
 852 | ocs
 853 | power
 854 | pg
 855 | pl
 856 | magazine
 857 | sts
 858 | fms
 859 | customer
 860 | wsus
 861 | bill
 862 | www.hosting
 863 | vega
 864 | nat
 865 | sirius
 866 | lg
 867 | 11285521401250
 868 | sb
 869 | hades
 870 | students
 871 | uat
 872 | conf
 873 | ap
 874 | uxr4
 875 | eu
 876 | moon
 877 | www.search
 878 | checksrv
 879 | hydra
 880 | usa
 881 | digital
 882 | wireless
 883 | banners
 884 | md
 885 | mysite
 886 | webmail1
 887 | windows
 888 | traveler
 889 | www.poczta
 890 | hrm
 891 | database
 892 | mysql1
 893 | inside
 894 | debian
 895 | pc
 896 | ask
 897 | backend
 898 | cz
 899 | mx0
 900 | mini
 901 | autodiscover.mail
 902 | rb
 903 | webdisk.shop
 904 | mba
 905 | www.help
 906 | www.sms
 907 | test4
 908 | dm
 909 | subscribe
 910 | sf
 911 | passport
 912 | red
 913 | video2
 914 | ag
 915 | autoconfig.mail
 916 | all.edge
 917 | registration
 918 | ns16
 919 | camera
 920 | myadmin
 921 | ns20
 922 | uxr3
 923 | mta
 924 | beauty
 925 | fw1
 926 | epaper
 927 | central
 928 | cert
 929 | backoffice
 930 | biblioteca
 931 | mob
 932 | about
 933 | space
 934 | movies
 935 | u
 936 | ms1
 937 | ec
 938 | forum2
 939 | server5
 940 | money
 941 | radius2
 942 | print
 943 | ns18
 944 | thunder
 945 | nas
 946 | ww1
 947 | webdisk.webmail
 948 | edit
 949 | www.music
 950 | planet
 951 | m3
 952 | vstagingnew
 953 | app2
 954 | repo
 955 | prueba
 956 | house
 957 | ntp2
 958 | dragon
 959 | pandora
 960 | stock
 961 | form
 962 | pp
 963 | www.sport
 964 | physics
 965 | food
 966 | groups
 967 | antivirus
 968 | profile
 969 | www.online
 970 | stream2
 971 | hp
 972 | d1
 973 | nhko1111
 974 | logs
 975 | eagle
 976 | v3
 977 | mail7
 978 | gamma
 979 | career
 980 | vpn3
 981 | ipad
 982 | dom
 983 | webdisk.store
 984 | iptv
 985 | www.promo
 986 | hd
 987 | mag
 988 | box
 989 | talk
 990 | hera
 991 | f1
 992 | www.katalog
 993 | syslog
 994 | fashion
 995 | t1
 996 | 2012
 997 | soporte
 998 | teste
 999 | scripts
1000 | welcome
1001 | hk
1002 | paris
1003 | www.game
1004 | multimedia
1005 | neo
1006 | beta2
1007 | msg
1008 | io
1009 | portal2
1010 | sky
1011 | webdisk.beta
1012 | web7
1013 | exam
1014 | cluster
1015 | webdisk.new
1016 | img4
1017 | surveys
1018 | webmail.controlpanel
1019 | error
1020 | private
1021 | bo
1022 | kids
1023 | card
1024 | vmail
1025 | switch
1026 | messenger
1027 | cal
1028 | plus
1029 | cars
1030 | management
1031 | feed
1032 | xmpp
1033 | ns51
1034 | premium
1035 | www.apps
1036 | backup1
1037 | asp
1038 | ns52
1039 | website
1040 | pos
1041 | lb2
1042 | www.foto
1043 | ws1
1044 | domino
1045 | mailman
1046 | asterisk
1047 | weather
1048 | max
1049 | ma
1050 | node1
1051 | webapps
1052 | white
1053 | ns17
1054 | cdn2
1055 | dealer
1056 | pms
1057 | tg
1058 | gps
1059 | www.travel
1060 | listas
1061 | Chelyabinsk-RNOC-RR02.BACKBONE
1062 | hub
1063 | demo3
1064 | minecraft
1065 | ns22
1066 | HW70F395EB456E
1067 | dns01
1068 | wpad
1069 | nm
1070 | ch
1071 | www.catalog
1072 | ns21
1073 | web03
1074 | www.videos
1075 | rc
1076 | www.web
1077 | gemini
1078 | bm
1079 | lp
1080 | pdf
1081 | webapp
1082 | noticias
1083 | myaccount
1084 | sql1
1085 | hercules
1086 | ct
1087 | fc
1088 | mail11
1089 | pptp
1090 | contest
1091 | www.us
1092 | msk
1093 | widget
1094 | study
1095 | 11290521402560
1096 | posta
1097 | ee
1098 | realestate
1099 | out
1100 | galaxy
1101 | kms
1102 | thor
1103 | world
1104 | webdisk.mobile
1105 | www.test2
1106 | base
1107 | cd
1108 | relay1
1109 | taurus
1110 | cgi
1111 | www0
1112 | res
1113 | d2
1114 | intern
1115 | c2
1116 | webdav
1117 | mail10
1118 | robot
1119 | vcs
1120 | am
1121 | dns02
1122 | group
1123 | silver
1124 | www.dl
1125 | adsl
1126 | ids
1127 | ex
1128 | ariel
1129 | i2
1130 | trade
1131 | ims
1132 | king
1133 | www.fr
1134 | sistemas
1135 | ecard
1136 | themes
1137 | builder.controlpanel
1138 | blue
1139 | z
1140 | securemail
1141 | www-test
1142 | wmail
1143 | 123
1144 | sonic
1145 | netflow
1146 | enterprise
1147 | extra
1148 | webdesign
1149 | reporting
1150 | libguides
1151 | oldsite
1152 | autodiscover.secure
1153 | check
1154 | webdisk.secure
1155 | luna
1156 | www11
1157 | down
1158 | odin
1159 | ent
1160 | web10
1161 | international
1162 | fw2
1163 | leo
1164 | pegasus
1165 | mailbox
1166 | aaa
1167 | com
1168 | acs
1169 | vdi
1170 | inventory
1171 | simple
1172 | e-learning
1173 | fire
1174 | cb
1175 | WWW
1176 | edi
1177 | rsc
1178 | yellow
1179 | www.sklep
1180 | www.social
1181 | webmail.cpanel
1182 | act
1183 | bc
1184 | portfolio
1185 | hb
1186 | smtp01
1187 | cafe
1188 | nexus
1189 | www.edu
1190 | ping
1191 | movil
1192 | as2
1193 | builder.control
1194 | autoconfig.secure
1195 | payments
1196 | cdn1
1197 | srv3
1198 | openvpn
1199 | tm
1200 | cisco-capwap-controller
1201 | dolphin
1202 | webmail3
1203 | minerva
1204 | co
1205 | wwwold
1206 | hotspot
1207 | super
1208 | products
1209 | nova
1210 | r1
1211 | blackberry
1212 | mike
1213 | pe
1214 | acc
1215 | lion
1216 | tp
1217 | tiger
1218 | stream1
1219 | www12
1220 | admin1
1221 | mx5
1222 | server01
1223 | webdisk.forums
1224 | notes
1225 | suporte
1226 | focus
1227 | km
1228 | speed
1229 | rd
1230 | lyncweb
1231 | builder.cpanel
1232 | pa
1233 | mx10
1234 | www.files
1235 | fi
1236 | konkurs
1237 | broadcast
1238 | a1
1239 | build
1240 | earth
1241 | webhost
1242 | www.blogs
1243 | aurora
1244 | review
1245 | mg
1246 | license
1247 | homer
1248 | servicedesk
1249 | webcon
1250 | db01
1251 | dns6
1252 | cfd297
1253 | spider
1254 | expo
1255 | newsletters
1256 | h
1257 | ems
1258 | city
1259 | lotus
1260 | fun
1261 | autoconfig.webmail
1262 | statistics
1263 | ams
1264 | all.videocdn
1265 | autodiscover.shop
1266 | autoconfig.shop
1267 | tfs
1268 | www.billing
1269 | happy
1270 | cl
1271 | sigma
1272 | jwc
1273 | dream
1274 | sv2
1275 | wms
1276 | one
1277 | ls
1278 | europa
1279 | ldap2
1280 | a4
1281 | merlin
1282 | buy
1283 | web11
1284 | dk
1285 | autodiscover.webmail
1286 | ro
1287 | widgets
1288 | sql2
1289 | mysql3
1290 | gmail
1291 | selfservice
1292 | sdc
1293 | tt
1294 | mailrelay
1295 | a.ns
1296 | ns19
1297 | webstats
1298 | plesk
1299 | nsk
1300 | test6
1301 | class
1302 | agenda
1303 | adam
1304 | german
1305 | www.v2
1306 | renew
1307 | car
1308 | correio
1309 | bk
1310 | db3
1311 | voice
1312 | sentry
1313 | alt
1314 | demeter
1315 | www.projects
1316 | mail8
1317 | bounce
1318 | tc
1319 | oldwww
1320 | www.directory
1321 | uploads
1322 | carbon
1323 | all
1324 | mark
1325 | bbb
1326 | eco
1327 | 3g
1328 | testmail
1329 | ms2
1330 | node2
1331 | template
1332 | andromeda
1333 | www.photo
1334 | media2
1335 | articles
1336 | yoda
1337 | sec
1338 | active
1339 | nemesis
1340 | autoconfig.new
1341 | autodiscover.new
1342 | push
1343 | enews
1344 | advertising
1345 | mail9
1346 | api2
1347 | david
1348 | source
1349 | kino
1350 | prime
1351 | o
1352 | vb
1353 | testsite
1354 | fm
1355 | c4anvn3
1356 | samara
1357 | reklama
1358 | made.by
1359 | sis
1360 | q
1361 | mp
1362 | newton
1363 | elearn
1364 | autodiscover.beta
1365 | cursos
1366 | filter
1367 | autoconfig.beta
1368 | news2
1369 | mf
1370 | ubuntu
1371 | ed
1372 | zs
1373 | a.mx
1374 | center
1375 | www.sandbox
1376 | img5
1377 | translate
1378 | webmail.control
1379 | mail0
1380 | smtp02
1381 | s6
1382 | dallas
1383 | bob
1384 | autoconfig.store
1385 | stu
1386 | recruit
1387 | mailtest
1388 | reviews
1389 | autodiscover.store
1390 | 2011
1391 | www.iphone
1392 | fp
1393 | d3
1394 | rdp
1395 | www.design
1396 | test7
1397 | bg
1398 | console
1399 | outbound
1400 | jpkc
1401 | ext
1402 | invest
1403 | web8
1404 | testvb
1405 | vm1
1406 | family
1407 | insurance
1408 | atlanta
1409 | aqua
1410 | film
1411 | dp
1412 | ws2
1413 | webdisk.cdn
1414 | www.wordpress
1415 | webdisk.news
1416 | at
1417 | ocean
1418 | dr
1419 | yahoo
1420 | s8
1421 | host2123
1422 | libra
1423 | rose
1424 | cloud1
1425 | album
1426 | 3
1427 | antares
1428 | www.a
1429 | ipv6
1430 | bridge
1431 | demos
1432 | cabinet
1433 | crl
1434 | old2
1435 | angel
1436 | cis
1437 | www.panel
1438 | isis
1439 | s7
1440 | guide
1441 | webinar
1442 | pop2
1443 | cdn101
1444 | company
1445 | express
1446 | special
1447 | loki
1448 | accounts
1449 | video1
1450 | expert
1451 | clientes
1452 | p1
1453 | loja
1454 | blog2
1455 | img6
1456 | l
1457 | mail12
1458 | style
1459 | hcm
1460 | s11
1461 | mobile2
1462 | triton
1463 | s12
1464 | kr
1465 | www.links
1466 | s13
1467 | friends
1468 | www.office
1469 | shadow
1470 | mymail
1471 | autoconfig.forums
1472 | ns03
1473 | neu
1474 | autodiscover.forums
1475 | www.home
1476 | root
1477 | upgrade
1478 | puppet
1479 | storm
1480 | www.service
1481 | isp
1482 | get
1483 | foro
1484 | mytest
1485 | test10
1486 | desktop
1487 | po
1488 | mac
1489 | www.member
1490 | ph
1491 | blackboard
1492 | dspace
1493 | dev01
1494 | ftp4
1495 | testwww
1496 | presse
1497 | ldap1
1498 | rock
1499 | wow
1500 | sw
1501 | msn
1502 | mas
1503 | scm
1504 | its
1505 | vision
1506 | tms
1507 | www.wp
1508 | hyperion
1509 | nic
1510 | html
1511 | sale
1512 | isp-caledon.cit
1513 | www.go
1514 | do
1515 | media1
1516 | web9
1517 | ua
1518 | energy
1519 | helios
1520 | chicago
1521 | webftp
1522 | i1
1523 | commerce
1524 | www.ru
1525 | union
1526 | netmon
1527 | audit
1528 | vm2
1529 | mailx
1530 | web12
1531 | painelstats
1532 | sol
1533 | z-hn.nhac
1534 | kvm2
1535 | chris
1536 | www.board
1537 | apache
1538 | tube
1539 | marvin
1540 | bug
1541 | external
1542 | pki
1543 | viper
1544 | webadmin
1545 | production
1546 | r2
1547 | win2
1548 | vpstun
1549 | mx03
1550 | ios
1551 | www.uk
1552 | smile
1553 | www.fb
1554 | aa
1555 | www13
1556 | trinity
1557 | www.upload
1558 | www.testing
1559 | amazon
1560 | hosting2
1561 | bip
1562 | mw
1563 | www.health
1564 | india
1565 | web04
1566 | rainbow
1567 | cisco-lwapp-controller
1568 | uranus
1569 | qr
1570 | domaindnszones
1571 | editor
1572 | www.stage
1573 | manual
1574 | nice
1575 | robin
1576 | gandalf
1577 | j
1578 | buzz
1579 | password
1580 | autoconfig.mobile
1581 | gb
1582 | idea
1583 | eva
1584 | www.i
1585 | server6
1586 | www.job
1587 | results
1588 | www.test1
1589 | maya
1590 | pix
1591 | www.cn
1592 | gz
1593 | th
1594 | www.lib
1595 | autodiscover.mobile
1596 | b1
1597 | horus
1598 | zero
1599 | sv1
1600 | wptest
1601 | cart
1602 | brain
1603 | mbox
1604 | bd
1605 | tester
1606 | fotos
1607 | ess
1608 | ns31
1609 | blogx.dev
1610 | ceres
1611 | gatekeeper
1612 | csr
1613 | www.cs
1614 | sakura
1615 | chef
1616 | parking
1617 | idc
1618 | desarrollo
1619 | mirrors
1620 | sunny
1621 | kvm1
1622 | prtg
1623 | mo
1624 | dns0
1625 | chaos
1626 | avatar
1627 | alice
1628 | task
1629 | www.app
1630 | dev4
1631 | sl
1632 | sugarcrm
1633 | youtube
1634 | ic-vss6509-gw
1635 | simon
1636 | m4
1637 | dexter
1638 | crystal
1639 | terra
1640 | fa
1641 | server7
1642 | journals
1643 | iron
1644 | uc
1645 | pruebas
1646 | magic
1647 | ead
1648 | www.helpdesk
1649 | 4
1650 | server10
1651 | computer
1652 | galileo
1653 | delivery
1654 | aff
1655 | aries
1656 | www.development
1657 | el
1658 | livechat
1659 | host4
1660 | static3
1661 | www.free
1662 | sk
1663 | puma
1664 | coffee
1665 | gh
1666 | java
1667 | fish
1668 | templates
1669 | tarbaby
1670 | mtest
1671 | light
1672 | www.link
1673 | sas
1674 | poll
1675 | director
1676 | destiny
1677 | aquarius
1678 | vps3
1679 | bravo
1680 | freedom
1681 | boutique
1682 | lite
1683 | ns25
1684 | shop2
1685 | ic
1686 | foundation
1687 | cw
1688 | ras
1689 | park
1690 | next
1691 | diana
1692 | secure1
1693 | k
1694 | euro
1695 | managedomain
1696 | castor
1697 | www-old
1698 | charon
1699 | nas1
1700 | la
1701 | jw
1702 | s10
1703 | web13
1704 | mxbackup2
1705 | europe
1706 | oasis
1707 | donate
1708 | s9
1709 | ftps
1710 | falcon
1711 | DomainDnsZones
1712 | depot
1713 | NS1
1714 | genesis
1715 | mysql4
1716 | rms
1717 | ns30
1718 | www.drupal
1719 | wholesale
1720 | ForestDnsZones
1721 | www.alumni
1722 | marketplace
1723 | tesla
1724 | statistik
1725 | country
1726 | imap4
1727 | brand
1728 | gift
1729 | shell
1730 | www.dev2
1731 | apply
1732 | forestdnszones
1733 | nc
1734 | kronos
1735 | epsilon
1736 | testserver
1737 | smtp-out
1738 | pictures
1739 | autos
1740 | org
1741 | mysql5
1742 | france
1743 | shared
1744 | cf
1745 | sos
1746 | stun
1747 | channel
1748 | 2013
1749 | moto
1750 | pw
1751 | oc.pool
1752 | eu.pool
1753 | na.pool
1754 | cams
1755 | www.auto
1756 | pi
1757 | image2
1758 | test8
1759 | hi
1760 | casino
1761 | magazin
1762 | wwwhost-roe001
1763 | z-hcm.nhac
1764 | trial
1765 | cam1
1766 | victor
1767 | sig
1768 | ctrl
1769 | wwwhost-ox001
1770 | weblog
1771 | rds
1772 | first
1773 | farm
1774 | whatsup
1775 | panda
1776 | dummy
1777 | stream.origin
1778 | canada
1779 | wc
1780 | flv
1781 | www.top
1782 | emerald
1783 | sim
1784 | ace
1785 | sap
1786 | ga
1787 | bank
1788 | et
1789 | soap
1790 | guest
1791 | mdev
1792 | www.client
1793 | www.partner
1794 | easy
1795 | st1
1796 | webvpn
1797 | baby
1798 | s14
1799 | delivery.a
1800 | wwwhost-port001
1801 | hideip
1802 | graphics
1803 | webshop
1804 | catalogue
1805 | tom
1806 | rm
1807 | perm
1808 | www.ad
1809 | ad1
1810 | mail03
1811 | www.sports
1812 | water
1813 | intranet2
1814 | autodiscover.news
1815 | bj
1816 | nsb
1817 | charge
1818 | export
1819 | testweb
1820 | sample
1821 | quit
1822 | proxy3
1823 | email2
1824 | b2
1825 | servicios
1826 | novo
1827 | new2
1828 | meta
1829 | secure3
1830 | ajax
1831 | autoconfig.news
1832 | ghost
1833 | www.cp
1834 | good
1835 | bookstore
1836 | kiwi
1837 | ft
1838 | demo4
1839 | www.archive
1840 | squid
1841 | publish
1842 | west
1843 | football
1844 | printer
1845 | cv
1846 | ny
1847 | boss
1848 | smtp5
1849 | rsync
1850 | sip2
1851 | ks
1852 | leon
1853 | a3
1854 | mta1
1855 | epay
1856 | tst
1857 | mgmt
1858 | deals
1859 | dropbox
1860 | www.books
1861 | 2010
1862 | torrent
1863 | webdisk.ads
1864 | mx6
1865 | www.art
1866 | chem
1867 | iproxy
1868 | www.pay
1869 | anime
1870 | ccc
1871 | anna
1872 | ns23
1873 | hs
1874 | cg
1875 | acm
1876 | pollux
1877 | lt
1878 | meteo
1879 | owncloud
1880 | andrew
1881 | v4
1882 | www-dev
1883 | oxygen
1884 | jaguar
1885 | panther
1886 | personal
1887 | ab
1888 | dcp
1889 | med
1890 | www.joomla
1891 | john
1892 | watson
1893 | motor
1894 | mails
1895 | kiev
1896 | asia
1897 | campaign
1898 | win1
1899 | cards
1900 | fantasy
1901 | tj
1902 | martin
1903 | helium
1904 | nfs
1905 | ads2
1906 | script
1907 | anubis
1908 | imail
1909 | cp2
1910 | mk
1911 | bw
1912 | em
1913 | creative
1914 | www.elearning
1915 | ad2
1916 | stars
1917 | discovery
1918 | friend
1919 | reservations
1920 | buffalo
1921 | cdp
1922 | uxs2r
1923 | atom
1924 | cosmos
1925 | www.business
1926 | a2
1927 | xcb
1928 | allegro
1929 | om
1930 | ufa
1931 | dw
1932 | cool
1933 | files2
1934 | webdisk.chat
1935 | ford
1936 | oma
1937 | zzb
1938 | staging2
1939 | texas
1940 | ib
1941 | cwc
1942 | aphrodite
1943 | re
1944 | spark
1945 | www.ftp
1946 | oscar
1947 | atlantis
1948 | osiris
1949 | os
1950 | m5
1951 | dl1
1952 | www.shopping
1953 | ice
1954 | beta1
1955 | mcu
1956 | inter
1957 | interface
1958 | gm
1959 | kiosk
1960 | so
1961 | dss
1962 | www.survey
1963 | customers
1964 | fx
1965 | nsa
1966 | csg
1967 | mi
1968 | url
1969 | dl2
1970 | NS2
1971 | show
1972 | www.classifieds
1973 | mexico
1974 | knowledge
1975 | frank
1976 | tests
1977 | accounting
1978 | krasnodar
1979 | um
1980 | hc
1981 | www.nl
1982 | echo
1983 | property
1984 | gms
1985 | london
1986 | www.clients
1987 | academy
1988 | cyber
1989 | www.english
1990 | museum
1991 | poker
1992 | www.downloads
1993 | gp
1994 | cr
1995 | arch
1996 | gd
1997 | virgo
1998 | si
1999 | smtp-relay
2000 | ipc
2001 | gay
2002 | gg
2003 | oracle
2004 | ruby
2005 | grid
2006 | web05
2007 | i3
2008 | tool
2009 | bulk
2010 | jazz
2011 | price
2012 | pan
2013 | webdisk.admin
2014 | agora
2015 | w4
2016 | mv
2017 | www.moodle
2018 | phantom
2019 | web14
2020 | radius.auth
2021 | voyager
2022 | mint
2023 | einstein
2024 | wedding
2025 | sqladmin
2026 | cam2
2027 | autodiscover.chat
2028 | trans
2029 | che
2030 | bp
2031 | dsl
2032 | kazan
2033 | autoconfig.chat
2034 | al
2035 | pearl
2036 | transport
2037 | lm
2038 | h1
2039 | condor
2040 | homes
2041 | air
2042 | stargate
2043 | ai
2044 | www.www2
2045 | hot
2046 | paul
2047 | np
2048 | kp
2049 | engine
2050 | ts3
2051 | nano
2052 | testtest
2053 | sss
2054 | james
2055 | gk
2056 | ep
2057 | ox
2058 | tomcat
2059 | ns32
2060 | sametime
2061 | tornado
2062 | e1
2063 | s16
2064 | quantum
2065 | slave
2066 | shark
2067 | autoconfig.cdn
2068 | www.love
2069 | backup3
2070 | webdisk.wiki
2071 | altair
2072 | youth
2073 | keys
2074 | site2
2075 | server11
2076 | phobos
2077 | common
2078 | autodiscover.cdn
2079 | key
2080 | test9
2081 | core2
2082 | snoopy
2083 | lisa
2084 | soccer
2085 | tld
2086 | biblio
2087 | sex
2088 | fast
2089 | train
2090 | www.software
2091 | credit
2092 | p2
2093 | cbf1
2094 | ns24
2095 | mailin
2096 | dj
2097 | www.community
2098 | www-a
2099 | www-b
2100 | smtps
2101 | victoria
2102 | www.docs
2103 | cherry
2104 | cisl-murcia.cit
2105 | border
2106 | test11
2107 | nemo
2108 | pass
2109 | mta2
2110 | 911
2111 | xen
2112 | hg
2113 | be
2114 | wa
2115 | web16
2116 | biologie
2117 | bes
2118 | fred
2119 | turbo
2120 | biology
2121 | indigo
2122 | plan
2123 | www.stat
2124 | hosting1
2125 | pilot
2126 | www.club
2127 | diamond
2128 | www.vip
2129 | cp1
2130 | ics
2131 | www.library
2132 | autoconfig.admin
2133 | japan
2134 | autodiscover.admin
2135 | quiz
2136 | laptop
2137 | todo
2138 | cdc
2139 | mkt
2140 | mu
2141 | dhcp.pilsnet
2142 | dot
2143 | xenon
2144 | CSR21.net
2145 | horizon
2146 | vp
2147 | centos
2148 | inf
2149 | wolf
2150 | mr
2151 | fusion
2152 | retail
2153 | logo
2154 | line
2155 | 11
2156 | sr
2157 | shorturl
2158 | speedy
2159 | webct
2160 | omsk
2161 | dns7
2162 | ebooks
2163 | apc
2164 | rus
2165 | landing
2166 | pluton
2167 | www.pda
2168 | w5
2169 | san
2170 | course
2171 | aws
2172 | uxs1r
2173 | spirit
2174 | ts2
2175 | srv4
2176 | classic
2177 | webdisk.staging
2178 | g1
2179 | ops
2180 | comm
2181 | bs
2182 | sage
2183 | innovation
2184 | dynamic
2185 | www.www
2186 | resellers
2187 | resource
2188 | colo
2189 | test01
2190 | swift
2191 | bms
2192 | metro
2193 | s15
2194 | vn
2195 | callcenter
2196 | www.in
2197 | scc
2198 | jerry
2199 | site1
2200 | profiles
2201 | penguin
2202 | sps
2203 | mail13
2204 | portail
2205 | faculty
2206 | eis
2207 | rr
2208 | mh
2209 | count
2210 | psi
2211 | florida
2212 | mango
2213 | maple
2214 | ssltest
2215 | cloud2
2216 | general
2217 | www.tickets
2218 | maxwell
2219 | web15
2220 | familiar
2221 | arc
2222 | axis
2223 | ng
2224 | admissions
2225 | dedicated
2226 | cash
2227 | nsc
2228 | www.qa
2229 | tea
2230 | tpmsqr01
2231 | rnd
2232 | jocuri
2233 | office2
2234 | mario
2235 | xen2
2236 | mradm.letter
2237 | cwa
2238 | ninja
2239 | amur
2240 | core1
2241 | miami
2242 | www.sales
2243 | cerberus
2244 | ixhash
2245 | ie
2246 | action
2247 | daisy
2248 | spf
2249 | p3
2250 | junior
2251 | oss
2252 | pw.openvpn
2253 | alt-host
2254 | fromwl
2255 | nobl
2256 | isphosts
2257 | ns26
2258 | helomatch
2259 | test123
2260 | tftp
2261 | webaccess
2262 | tienda
2263 | hostkarma
2264 | lv
2265 | freemaildomains
2266 | sbc
2267 | testbed
2268 | bart
2269 | ironport
2270 | server8
2271 | dh
2272 | crm2
2273 | watch
2274 | skynet
2275 | miss
2276 | dante
2277 | www.affiliates
2278 | legal
2279 | www.ip
2280 | telecom
2281 | dt
2282 | blog1
2283 | webdisk.email
2284 | ip-us
2285 | pixel
2286 | www.t
2287 | dnswl
2288 | korea
2289 | insight
2290 | dd
2291 | www.rss
2292 | testbl
2293 | www01
2294 | auth-hack
2295 | www.cms
2296 | abuse-report
2297 | pb
2298 | casa
2299 | eval
2300 | bio
2301 | app3
2302 | cobra
2303 | www.ar
2304 | solo
2305 | wall
2306 | oc
2307 | dc1
2308 | beast
2309 | george
2310 | eureka
2311 | sit
2312 | demo5
2313 | holiday
2314 | webhosting
2315 | srv01
2316 | router2
2317 | ssp
2318 | server9
2319 | quotes
2320 | eclipse
2321 | entertainment
2322 | kc
2323 | m0
2324 | af
2325 | cpa
2326 | pc.jura-gw1
2327 | fox
2328 | deal
2329 | dav
2330 | www.training
2331 | webdisk.old
2332 | host5
2333 | mix
2334 | vendor
2335 | uni
2336 | mypage
2337 | spa
2338 | soa
2339 | aura
2340 | ref
2341 | arm
2342 | dam
2343 | config
2344 | austin
2345 | aproxy
2346 | developers
2347 | cms2
2348 | www15
2349 | women
2350 | wwwcache
2351 | abs
2352 | testportal
2353 | inet
2354 | gt
2355 | testshop
2356 | g2
2357 | www.ca
2358 | pinnacle
2359 | support2
2360 | sunrise
2361 | snake
2362 | www-new
2363 | patch
2364 | lk
2365 | sv3
2366 | b.ns
2367 | python
2368 | starwars
2369 | cube
2370 | sj
2371 | s0
2372 | gc
2373 | stud
2374 | micro
2375 | webstore
2376 | coupon
2377 | perseus
2378 | maestro
2379 | router1
2380 | hawk
2381 | pf
2382 | h2
2383 | www.soft
2384 | dns8
2385 | fly
2386 | unicorn
2387 | sat
2388 | na
2389 | xyz
2390 | df
2391 | lynx
2392 | activate
2393 | sitemap
2394 | t2
2395 | cats
2396 | mmm
2397 | volgograd
2398 | test12
2399 | sendmail
2400 | hardware
2401 | ara
2402 | import
2403 | ces
2404 | cinema
2405 | arena
2406 | text
2407 | a5
2408 | astro
2409 | doctor
2410 | casper
2411 | smc
2412 | voronezh
2413 | eric
2414 | agency
2415 | wf
2416 | avia
2417 | platinum
2418 | butler
2419 | yjs
2420 | hospital
2421 | nursing
2422 | admin3
2423 | pd
2424 | safety
2425 | teszt
2426 | tk
2427 | s20
2428 | moscow
2429 | karen
2430 | cse
2431 | messages
2432 | www.adserver
2433 | asa
2434 | eros
2435 | www.server
2436 | player
2437 | raptor
2438 | documents
2439 | srv5
2440 | www.photos
2441 | xb
2442 | example
2443 | culture
2444 | demo6
2445 | dev5
2446 | jc
2447 | ict
2448 | back
2449 | p2p
2450 | stuff
2451 | wb
2452 | ccs
2453 | su
2454 | webinars
2455 | kt
2456 | hope
2457 | http
2458 | try
2459 | tel
2460 | m9
2461 | newyork
2462 | gov
2463 | www.marketing
2464 | relax
2465 | setup
2466 | fileserver
2467 | moodle2
2468 | courses
2469 | annuaire
2470 | fresh
2471 | www.status
2472 | rpc
2473 | zeta
2474 | ibank
2475 | helm
2476 | autodiscover.ads
2477 | mailgateway
2478 | integration
2479 | viking
2480 | metrics
2481 | c.ns.e
2482 | webdisk.video
2483 | www.host
2484 | tasks
2485 | monster
2486 | firefly
2487 | icq
2488 | saratov
2489 | www.book
2490 | smtp-out-01
2491 | tourism
2492 | dz
2493 | zt
2494 | daniel
2495 | roundcube
2496 | paper
2497 | 24
2498 | sus
2499 | splash
2500 | zzz
2501 | 10
2502 | chat2
2503 | autoconfig.ads
2504 | mailhub
2505 | neon
2506 | message
2507 | seattle
2508 | ftp5
2509 | port
2510 | solutions
2511 | offers
2512 | seth
2513 | server02
2514 | peter
2515 | ns29
2516 | maillist
2517 | www.konkurs
2518 | d.ns.e
2519 | toto
2520 | guides
2521 | ae
2522 | healthcare
2523 | ssc
2524 | mproxy
2525 | metis
2526 | estore
2527 | mailsrv
2528 | singapore
2529 | hm
2530 | medusa
2531 | bl
2532 | bz
2533 | i5
2534 | dan
2535 | thomas
2536 | exchbhlan5
2537 | alert
2538 | www.spb
2539 | st2
2540 | www.tools
2541 | rigel
2542 | e.ns.e
2543 | kvm3
2544 | astun
2545 | trk
2546 | www.law
2547 | qavgatekeeper
2548 | collab
2549 | styx
2550 | webboard
2551 | cag
2552 | www.student
2553 | galeria
2554 | checkout
2555 | gestion
2556 | mailgate2
2557 | draco
2558 | n2
2559 | berlin
2560 | touch
2561 | seminar
2562 | olympus
2563 | qavmgk
2564 | f.ns.e
2565 | intl
2566 | stats2
2567 | plato
2568 | send
2569 | idm
2570 | m7
2571 | mx7
2572 | m6
2573 | coco
2574 | denver
2575 | s32
2576 | toronto
2577 | abuse
2578 | dn
2579 | sophos
2580 | bear
2581 | logistics
2582 | cancer
2583 | s24
2584 | r25
2585 | s22
2586 | install
2587 | istun
2588 | itc
2589 | oberon
2590 | cps
2591 | paypal
2592 | 7
2593 | mail-out
2594 | portal1
2595 | case
2596 | hideip-usa
2597 | f3
2598 | pcstun
2599 | ip-usa
2600 | warehouse
2601 | webcast
2602 | ds1
2603 | bn
2604 | rest
2605 | logger
2606 | marina
2607 | tula
2608 | vebstage3
2609 | webdisk.static
2610 | infinity
2611 | polaris
2612 | koko
2613 | praca
2614 | fl
2615 | packages
2616 | mstun
2617 | www.staff
2618 | sunshine
2619 | mirror1
2620 | jeff
2621 | mailservers
2622 | jenkins
2623 | administration
2624 | mlr-all
2625 | blade
2626 | qagatekeeper
2627 | cdn3
2628 | aria
2629 | vulcan
2630 | party
2631 | fz
2632 | luke
2633 | stc
2634 | mds
2635 | advance
2636 | andy
2637 | subversion
2638 | deco
2639 | 99
2640 | diemthi
2641 | liberty
2642 | read
2643 | smtprelayout
2644 | fitness
2645 | vs
2646 | dhcp.zmml
2647 | tsg
2648 | www.pt
2649 | win3
2650 | davinci
2651 | two
2652 | stella
2653 | itsupport
2654 | az
2655 | ns27
2656 | hyper
2657 | m10
2658 | drm
2659 | vhost
2660 | mir
2661 | webspace
2662 | mail.test
2663 | argon
2664 | hamster
2665 | livehelp
2666 | 2009
2667 | bwc
2668 | man
2669 | ada
2670 | exp
2671 | metal
2672 | pk
2673 | msp
2674 | hotline
2675 | article
2676 | twiki
2677 | gl
2678 | hybrid
2679 | www.login
2680 | cbf8
2681 | sandy
2682 | anywhere
2683 | sorry
2684 | enter
2685 | east
2686 | islam
2687 | www.map
2688 | quote
2689 | op
2690 | tb
2691 | zh
2692 | euro2012
2693 | hestia
2694 | rwhois
2695 | mail04
2696 | schedule
2697 | ww5
2698 | servidor
2699 | ivan
2700 | serenity
2701 | dave
2702 | mobile1
2703 | ok
2704 | lc
2705 | synergy
2706 | myspace
2707 | sipexternal
2708 | marc
2709 | bird
2710 | rio
2711 | www.1
2712 | debug
2713 | houston
2714 | pdc
2715 | www.xxx
2716 | news1
2717 | ha
2718 | mirage
2719 | fe
2720 | jade
2721 | roger
2722 | ava
2723 | topaz
2724 | a.ns.e
2725 | madrid
2726 | kh
2727 | charlotte
2728 | download2
2729 | elite
2730 | tenders
2731 | pacs
2732 | cap
2733 | fs1
2734 | myweb
2735 | calvin
2736 | extreme
2737 | typo3
2738 | dealers
2739 | cds
2740 | grace
2741 | webchat
2742 | comet
2743 | www.maps
2744 | ranking
2745 | hawaii
2746 | postoffice
2747 | arts
2748 | b.ns.e
2749 | president
2750 | matrixstats
2751 | www.s
2752 | eden
2753 | com-services-vip
2754 | www.pics
2755 | il
2756 | solar
2757 | www.loja
2758 | gr
2759 | ns50
2760 | svc
2761 | backups
2762 | sq
2763 | pinky
2764 | jwgl
2765 | controller
2766 | www.up
2767 | sn
2768 | medical
2769 | spamfilter
2770 | prova
2771 | membership
2772 | dc2
2773 | www.press
2774 | csc
2775 | gry
2776 | drweb
2777 | web17
2778 | f2
2779 | nora
2780 | monitor1
2781 | calypso
2782 | nebula
2783 | lyris
2784 | penarth.cit
2785 | www.mp3
2786 | ssl1
2787 | ns34
2788 | ns35
2789 | mel
2790 | as1
2791 | www.x
2792 | cricket
2793 | ns2.cl
2794 | georgia
2795 | callisto
2796 | exch
2797 | s21
2798 | eip
2799 | cctv
2800 | lucy
2801 | bmw
2802 | s23
2803 | sem
2804 | mira
2805 | search2
2806 | ftp.blog
2807 | realty
2808 | ftp.m
2809 | www.hrm
2810 | patrick
2811 | find
2812 | tcs
2813 | ts1
2814 | smtp6
2815 | lan
2816 | image1
2817 | csi
2818 | nissan
2819 | sjc
2820 | sme
2821 | stone
2822 | model
2823 | gitlab
2824 | spanish
2825 | michael
2826 | remote2
2827 | www.pro
2828 | s17
2829 | m.dev
2830 | www.soporte
2831 | checkrelay
2832 | dino
2833 | woman
2834 | aragorn
2835 | index
2836 | zj
2837 | documentation
2838 | felix
2839 | www.events
2840 | www.au
2841 | adult
2842 | coupons
2843 | imp
2844 | oz
2845 | www.themes
2846 | charlie
2847 | rostov
2848 | smtpout
2849 | www.faq
2850 | ff
2851 | fortune
2852 | vm3
2853 | vms
2854 | sbs
2855 | stores
2856 | teamspeak
2857 | w6
2858 | jason
2859 | tennis
2860 | nt
2861 | shine
2862 | pad
2863 | www.mobil
2864 | s25
2865 | woody
2866 | technology
2867 | cj
2868 | visio
2869 | renewal
2870 | www.c
2871 | webdisk.es
2872 | secret
2873 | host6
2874 | www.fun
2875 | polls
2876 | web06
2877 | turkey
2878 | www.hotel
2879 | ecom
2880 | tours
2881 | product
2882 | www.reseller
2883 | indiana
2884 | mercedes
2885 | target
2886 | load
2887 | area
2888 | mysqladmin
2889 | don
2890 | dodo
2891 | sentinel
2892 | webdisk.img
2893 | websites
2894 | www.dir
2895 | honey
2896 | asdf
2897 | spring
2898 | tag
2899 | astra
2900 | monkey
2901 | ns28
2902 | ben
2903 | www22
2904 | www.journal
2905 | eas
2906 | www.tw
2907 | tor
2908 | page
2909 | www.bugs
2910 | medias
2911 | www17
2912 | toledo
2913 | vip2
2914 | land
2915 | sistema
2916 | win4
2917 | dell
2918 | unsubscribe
2919 | gsa
2920 | spot
2921 | fin
2922 | sapphire
2923 | ul-cat6506-gw
2924 | www.ns1
2925 | bell
2926 | cod
2927 | lady
2928 | www.eng
2929 | click3
2930 | pps
2931 | c3
2932 | registrar
2933 | websrv
2934 | database2
2935 | prometheus
2936 | atm
2937 | www.samara
2938 | api1
2939 | edison
2940 | mega
2941 | cobalt
2942 | eos
2943 | db02
2944 | sympa
2945 | dv
2946 | webdisk.games
2947 | coop
2948 | 50
2949 | blackhole
2950 | 3d
2951 | cma
2952 | ehr
2953 | db5
2954 | etc
2955 | www14
2956 | opera
2957 | zoom
2958 | realmedia
2959 | french
2960 | cmc
2961 | shanghai
2962 | ns33
2963 | batman
2964 | ifolder
2965 | ns61
2966 | alexander
2967 | song
2968 | proto
2969 | cs2
2970 | homologacao
2971 | ips
2972 | vanilla
2973 | legend
2974 | webmail.hosting
2975 | chat1
2976 | www.mx
2977 | coral
2978 | tim
2979 | maxim
2980 | admission
2981 | iso
2982 | psy
2983 | progress
2984 | shms2
2985 | monitor2
2986 | lp2
2987 | thankyou
2988 | issues
2989 | cultura
2990 | xyh
2991 | speedtest2
2992 | dirac
2993 | www.research
2994 | webs
2995 | e2
2996 | save
2997 | deploy
2998 | emarketing
2999 | jm
3000 | nn
3001 | alfresco
3002 | chronos
3003 | pisces
3004 | database1
3005 | reservation
3006 | xena
3007 | des
3008 | directorio
3009 | shms1
3010 | pet
3011 | sauron
3012 | ups
3013 | www.feedback
3014 | www.usa
3015 | teacher
3016 | www.magento
3017 | nis
3018 | ftp01
3019 | baza
3020 | kjc
3021 | roma
3022 | contests
3023 | delphi
3024 | purple
3025 | oak
3026 | win5
3027 | violet
3028 | www.newsite
3029 | deportes
3030 | www.work
3031 | musica
3032 | s29
3033 | autoconfig.es
3034 | identity
3035 | www.fashion
3036 | forest
3037 | flr-all
3038 | www.german
3039 | lead
3040 | front
3041 | rabota
3042 | mysql7
3043 | jack
3044 | vladimir
3045 | search1
3046 | ns3.cl
3047 | promotion
3048 | plaza
3049 | devtest
3050 | cookie
3051 | eris
3052 | webdisk.images
3053 | atc
3054 | autodiscover.es
3055 | lucky
3056 | juno
3057 | brown
3058 | rs2
3059 | www16
3060 | bpm
3061 | www.director
3062 | victory
3063 | fenix
3064 | rich
3065 | tokyo
3066 | ns36
3067 | src
3068 | 12
3069 | milk
3070 | ssl2
3071 | notify
3072 | no
3073 | livestream
3074 | pink
3075 | sony
3076 | vps4
3077 | scan
3078 | wwws
3079 | ovpn
3080 | deimos
3081 | smokeping
3082 | va
3083 | n7pdjh4
3084 | lyncav
3085 | webdisk.directory
3086 | interactive
3087 | request
3088 | apt
3089 | partnerapi
3090 | albert
3091 | cs1
3092 | ns62
3093 | bus
3094 | young
3095 | sina
3096 | police
3097 | workflow
3098 | asset
3099 | lasvegas
3100 | saga
3101 | p4
3102 | www.image
3103 | dag
3104 | crazy
3105 | colorado
3106 | webtrends
3107 | buscador
3108 | hongkong
3109 | rank
3110 | reserve
3111 | autoconfig.wiki
3112 | autodiscover.wiki
3113 | nginx
3114 | hu
3115 | melbourne
3116 | zm
3117 | toolbar
3118 | cx
3119 | samsung
3120 | bender
3121 | safe
3122 | nb
3123 | jjc
3124 | dps
3125 | ap1
3126 | win7
3127 | wl
3128 | diendan
3129 | www.preview
3130 | vt
3131 | kalender
3132 | testforum
3133 | exmail
3134 | wizard
3135 | qq
3136 | www.film
3137 | xxgk
3138 | www.gold
3139 | irkutsk
3140 | dis
3141 | zenoss
3142 | wine
3143 | data1
3144 | remus
3145 | kelly
3146 | stalker
3147 | autoconfig.old
3148 | everest
3149 | ftp.test
3150 | spain
3151 | autodiscover.old
3152 | obs
3153 | ocw
3154 | icare
3155 | ideas
3156 | mozart
3157 | willow
3158 | demo7
3159 | compass
3160 | japanese
3161 | octopus
3162 | prestige
3163 | dash
3164 | argos
3165 | forum1
3166 | img7
3167 | webdisk.download
3168 | mysql01
3169 | joe
3170 | flex
3171 | redir
3172 | viva
3173 | ge
3174 | mod
3175 | postfix
3176 | www.p
3177 | imagine
3178 | moss
3179 | whmcs
3180 | quicktime
3181 | rtr
3182 | ds2
3183 | future
3184 | y
3185 | sv4
3186 | opt
3187 | mse
3188 | selene
3189 | mail21
3190 | dns11
3191 | server12
3192 | invoice
3193 | clicks
3194 | imgs
3195 | xen1
3196 | mail14
3197 | www20
3198 | cit
3199 | web08
3200 | gw3
3201 | mysql6
3202 | zp
3203 | www.life
3204 | leads
3205 | cnc
3206 | bonus
3207 | web18
3208 | sia
3209 | flowers
3210 | diary
3211 | s30
3212 | proton
3213 | s28
3214 | puzzle
3215 | s27
3216 | r2d2
3217 | orel
3218 | eo
3219 | toyota
3220 | front2
3221 | www.pl
3222 | descargas
3223 | msa
3224 | esx2
3225 | challenge
3226 | turing
3227 | emma
3228 | mailgw2
3229 | elections
3230 | www.education
3231 | relay3
3232 | s31
3233 | www.mba
3234 | postfixadmin
3235 | ged
3236 | scorpion
3237 | hollywood
3238 | foo
3239 | holly
3240 | bamboo
3241 | civil
3242 | vita
3243 | lincoln
3244 | webdisk.media
3245 | story
3246 | ht
3247 | adonis
3248 | serv
3249 | voicemail
3250 | ef
3251 | mx11
3252 | picard
3253 | c3po
3254 | helix
3255 | apis
3256 | housing
3257 | uptime
3258 | bet
3259 | phpbb
3260 | contents
3261 | rent
3262 | www.hk
3263 | vela
3264 | surf
3265 | summer
3266 | CSR11.net
3267 | beijing
3268 | bingo
3269 | www.jp
3270 | edocs
3271 | mailserver2
3272 | chip
3273 | static4
3274 | ecology
3275 | engineering
3276 | tomsk
3277 | iss
3278 | CSR12.net
3279 | s26
3280 | utility
3281 | pac
3282 | ky
3283 | visa
3284 | ta
3285 | web22
3286 | ernie
3287 | fis
3288 | content2
3289 | eduroam
3290 | youraccount
3291 | playground
3292 | paradise
3293 | server22
3294 | rad
3295 | domaincp
3296 | ppc
3297 | autodiscover.video
3298 | date
3299 | f5
3300 | openfire
3301 | mail.blog
3302 | i4
3303 | www.reklama
3304 | etools
3305 | ftptest
3306 | default
3307 | kaluga
3308 | shop1
3309 | mmc
3310 | 1c
3311 | server15
3312 | autoconfig.video
3313 | ve
3314 | www21
3315 | impact
3316 | laura
3317 | qmail
3318 | fuji
3319 | CSR31.net
3320 | archer
3321 | robo
3322 | shiva
3323 | tps
3324 | www.eu
3325 | ivr
3326 | foros
3327 | ebay
3328 | www.dom
3329 | lime
3330 | mail20
3331 | b3
3332 | wss
3333 | vietnam
3334 | cable
3335 | webdisk.crm
3336 | x1
3337 | sochi
3338 | vsp
3339 | www.partners
3340 | polladmin
3341 | maia
3342 | fund
3343 | asterix
3344 | c4
3345 | www.articles
3346 | fwallow
3347 | all-nodes
3348 | mcs
3349 | esp
3350 | helena
3351 | doors
3352 | atrium
3353 | www.school
3354 | popo
3355 | myhome
3356 | www.demo2
3357 | s18
3358 | autoconfig.email
3359 | columbus
3360 | autodiscover.email
3361 | ns60
3362 | abo
3363 | classified
3364 | sphinx
3365 | kg
3366 | gate2
3367 | xg
3368 | cronos
3369 | chemistry
3370 | navi
3371 | arwen
3372 | parts
3373 | comics
3374 | www.movies
3375 | www.services
3376 | sad
3377 | krasnoyarsk
3378 | h3
3379 | virus
3380 | hasp
3381 | bid
3382 | step
3383 | reklam
3384 | bruno
3385 | w7
3386 | cleveland
3387 | toko
3388 | cruise
3389 | p80.pool
3390 | agri
3391 | leonardo
3392 | hokkaido
3393 | pages
3394 | rental
3395 | www.jocuri
3396 | fs2
3397 | ipv4.pool
3398 | wise
3399 | ha.pool
3400 | routernet
3401 | leopard
3402 | mumbai
3403 | canvas
3404 | cq
3405 | m8
3406 | mercurio
3407 | www.br
3408 | subset.pool
3409 | cake
3410 | vivaldi
3411 | graph
3412 | ld
3413 | rec
3414 | www.temp
3415 | CISCO-LWAPP-CONTROLLER
3416 | bach
3417 | melody
3418 | cygnus
3419 | www.charge
3420 | mercure
3421 | program
3422 | beer
3423 | scorpio
3424 | upload2
3425 | siemens
3426 | lipetsk
3427 | barnaul
3428 | dialup
3429 | mssql2
3430 | eve
3431 | moe
3432 | nyc
3433 | www.s1
3434 | mailgw1
3435 | student1
3436 | universe
3437 | dhcp1
3438 | lp1
3439 | builder
3440 | bacula
3441 | ww4
3442 | www.movil
3443 | ns42
3444 | assist
3445 | microsoft
3446 | www.careers
3447 | rex
3448 | dhcp
3449 | automotive
3450 | edgar
3451 | designer
3452 | servers
3453 | spock
3454 | jose
3455 | webdisk.projects
3456 | err
3457 | arthur
3458 | nike
3459 | frog
3460 | stocks
3461 | pns
3462 | ns41
3463 | dbs
3464 | scanner
3465 | hunter
3466 | vk
3467 | communication
3468 | donald
3469 | power1
3470 | wcm
3471 | esx1
3472 | hal
3473 | salsa
3474 | mst
3475 | seed
3476 | sz
3477 | nz
3478 | proba
3479 | yx
3480 | smp
3481 | bot
3482 | eee
3483 | solr
3484 | by
3485 | face
3486 | hydrogen
3487 | contacts
3488 | ars
3489 | samples
3490 | newweb
3491 | eprints
3492 | ctx
3493 | noname
3494 | portaltest
3495 | door
3496 | kim
3497 | v28
3498 | wcs
3499 | ats
3500 | zakaz
3501 | polycom
3502 | chelyabinsk
3503 | host7
3504 | www.b2b
3505 | xray
3506 | td
3507 | ttt
3508 | secure4
3509 | recruitment
3510 | molly
3511 | humor
3512 | sexy
3513 | care
3514 | vr
3515 | cyclops
3516 | bar
3517 | newserver
3518 | desk
3519 | rogue
3520 | linux2
3521 | ns40
3522 | alerts
3523 | dvd
3524 | bsc
3525 | mec
3526 | 20
3527 | m.test
3528 | eye
3529 | www.monitor
3530 | solaris
3531 | webportal
3532 | goto
3533 | kappa
3534 | lifestyle
3535 | miki
3536 | maria
3537 | www.site
3538 | catalogo
3539 | 2008
3540 | empire
3541 | satellite
3542 | losangeles
3543 | radar
3544 | img01
3545 | n1
3546 | ais
3547 | www.hotels
3548 | wlan
3549 | romulus
3550 | vader
3551 | odyssey
3552 | bali
3553 | night
3554 | c5
3555 | wave
3556 | soul
3557 | nimbus
3558 | rachel
3559 | proyectos
3560 | jy
3561 | submit
3562 | hosting3
3563 | server13
3564 | d7
3565 | extras
3566 | australia
3567 | filme
3568 | tutor
3569 | fileshare
3570 | heart
3571 | kirov
3572 | www.android
3573 | hosted
3574 | jojo
3575 | tango
3576 | janus
3577 | vesta
3578 | www18
3579 | new1
3580 | webdisk.radio
3581 | comunidad
3582 | xy
3583 | candy
3584 | smg
3585 | pai
3586 | tuan
3587 | gauss
3588 | ao
3589 | yaroslavl
3590 | alma
3591 | lpse
3592 | hyundai
3593 | ja
3594 | genius
3595 | ti
3596 | ski
3597 | asgard
3598 | www.id
3599 | rh
3600 | imagenes
3601 | kerberos
3602 | www.d
3603 | peru
3604 | mcq-media-01.iutnb
3605 | azmoon
3606 | srv6
3607 | ig
3608 | frodo
3609 | afisha
3610 | 25
3611 | factory
3612 | winter
3613 | harmony
3614 | netlab
3615 | chance
3616 | sca
3617 | arabic
3618 | hack
3619 | raven
3620 | mobility
3621 | naruto
3622 | alba
3623 | anunturi
3624 | obelix
3625 | libproxy
3626 | forward
3627 | tts
3628 | autodiscover.static
3629 | bookmark
3630 | www.galeria
3631 | subs
3632 | ba
3633 | testblog
3634 | apex
3635 | sante
3636 | dora
3637 | construction
3638 | wolverine
3639 | autoconfig.static
3640 | ofertas
3641 | call
3642 | lds
3643 | ns45
3644 | www.project
3645 | gogo
3646 | russia
3647 | vc1
3648 | chemie
3649 | h4
3650 | 15
3651 | dvr
3652 | tunnel
3653 | 5
3654 | kepler
3655 | ant
3656 | indonesia
3657 | dnn
3658 | picture
3659 | encuestas
3660 | vl
3661 | discover
3662 | lotto
3663 | swf
3664 | ash
3665 | pride
3666 | web21
3667 | www.ask
3668 | dev-www
3669 | uma
3670 | cluster1
3671 | ring
3672 | novosibirsk
3673 | mailold
3674 | extern
3675 | tutorials
3676 | mobilemail
3677 | www.2
3678 | kultur
3679 | hacker
3680 | imc
3681 | www.contact
3682 | rsa
3683 | mailer1
3684 | cupid
3685 | member2
3686 | testy
3687 | systems
3688 | add
3689 | mail.m
3690 | dnstest
3691 | webdisk.facebook
3692 | mama
3693 | hello
3694 | phil
3695 | ns101
3696 | bh
3697 | sasa
3698 | pc1
3699 | nana
3700 | owa2
3701 | www.cd
3702 | compras
3703 | webdisk.en
3704 | corona
3705 | vista
3706 | awards
3707 | sp1
3708 | mz
3709 | iota
3710 | elvis
3711 | cross
3712 | audi
3713 | test02
3714 | murmansk
3715 | www.demos
3716 | gta
3717 | autoconfig.directory
3718 | argo
3719 | dhcp2
3720 | www.db
3721 | www.php
3722 | diy
3723 | ws3
3724 | mediaserver
3725 | autodiscover.directory
3726 | ncc
3727 | www.nsk
3728 | present
3729 | tgp
3730 | itv
3731 | investor
3732 | pps00
3733 | jakarta
3734 | boston
3735 | www.bb
3736 | spare
3737 | if
3738 | sar
3739 | win11
3740 | rhea
3741 | conferences
3742 | inbox
3743 | videoconf
3744 | tsweb
3745 | www.xml
3746 | twr1
3747 | jx
3748 | apps2
3749 | glass
3750 | monit
3751 | pets
3752 | server20
3753 | wap2
3754 | s35
3755 | anketa
3756 | www.dav75.users
3757 | anhTH
3758 | montana
3759 | sierracharlie.users
3760 | sp2
3761 | parents
3762 | evolution
3763 | anthony
3764 | www.noc
3765 | yeni
3766 | nokia
3767 | www.sa
3768 | gobbit.users
3769 | ns2a
3770 | za
3771 | www.domains
3772 | ultra
3773 | rebecca.users
3774 | dmz
3775 | orca
3776 | dav75.users
3777 | std
3778 | ev
3779 | firmware
3780 | ece
3781 | primary
3782 | sao
3783 | mina
3784 | web23
3785 | ast
3786 | sms2
3787 | www.hfccourse.users
3788 | www.v28
3789 | formacion
3790 | web20
3791 | ist
3792 | wind
3793 | opensource
3794 | www.test2.users
3795 | e3
3796 | clifford.users
3797 | xsc
3798 | sw1
3799 | www.play
3800 | www.tech
3801 | dns12
3802 | offline
3803 | vds
3804 | xhtml
3805 | steve
3806 | mail.forum
3807 | www.rebecca.users
3808 | hobbit
3809 | marge
3810 | www.sierracharlie.users
3811 | dart
3812 | samba
3813 | core3
3814 | devil
3815 | server18
3816 | lbtest
3817 | mail05
3818 | sara
3819 | alex.users
3820 | www.demwunz.users
3821 | www23
3822 | vegas
3823 | italia
3824 | ez
3825 | gollum
3826 | test2.users
3827 | hfccourse.users
3828 | ana
3829 | prof
3830 | www.pluslatex.users
3831 | mxs
3832 | dance
3833 | avalon
3834 | pidlabelling.users
3835 | dubious.users
3836 | webdisk.search
3837 | query
3838 | clientweb
3839 | www.voodoodigital.users
3840 | pharmacy
3841 | denis
3842 | chi
3843 | seven
3844 | animal
3845 | cas1
3846 | s19
3847 | di
3848 | autoconfig.images
3849 | www.speedtest
3850 | yes
3851 | autodiscover.images
3852 | www.galleries
3853 | econ
3854 | www.flash
3855 | www.clifford.users
3856 | ln
3857 | origin-images
3858 | www.adrian.users
3859 | snow
3860 | cad
3861 | voyage
3862 | www.pidlabelling.users
3863 | cameras
3864 | volga
3865 | wallace
3866 | guardian
3867 | rpm
3868 | mpa
3869 | flower
3870 | prince
3871 | exodus
3872 | mine
3873 | mailings
3874 | cbf3
3875 | www.gsgou.users
3876 | wellness
3877 | tank
3878 | vip1
3879 | name
3880 | bigbrother
3881 | forex
3882 | rugby
3883 | webdisk.sms
3884 | graduate
3885 | webdisk.videos
3886 | adrian
3887 | mic
3888 | 13
3889 | firma
3890 | www.dubious.users
3891 | windu
3892 | hit
3893 | www.alex.users
3894 | dcc
3895 | wagner
3896 | launch
3897 | gizmo
3898 | d4
3899 | rma
3900 | betterday.users
3901 | yamato
3902 | bee
3903 | pcgk
3904 | gifts
3905 | home1
3906 | www.team
3907 | cms1
3908 | www.gobbit.users
3909 | skyline
3910 | ogloszenia
3911 | www.betterday.users
3912 | www.data
3913 | river
3914 | eproc
3915 | acme
3916 | demwunz.users
3917 | nyx
3918 | cloudflare-resolve-to
3919 | you
3920 | sci
3921 | virtual2
3922 | drive
3923 | sh2
3924 | toolbox
3925 | lemon
3926 | hans
3927 | psp
3928 | goofy
3929 | fsimg
3930 | lambda
3931 | ns55
3932 | vancouver
3933 | hkps.pool
3934 | adrian.users
3935 | ns39
3936 | voodoodigital.users
3937 | kz
3938 | ns1a
3939 | delivery.b
3940 | turismo
3941 | cactus
3942 | pluslatex.users
3943 | lithium
3944 | euclid
3945 | quality
3946 | gsgou.users
3947 | onyx
3948 | db4
3949 | www.domain
3950 | persephone
3951 | validclick
3952 | elibrary
3953 | www.ts
3954 | panama
3955 | www.wholesale
3956 | ui
3957 | rpg
3958 | www.ssl
3959 | xenapp
3960 | exit
3961 | marcus
3962 | phd
3963 | l2tp-us
3964 | cas2
3965 | rapid
3966 | advert
3967 | malotedigital
3968 | bluesky
3969 | fortuna
3970 | chief
3971 | streamer
3972 | salud
3973 | web19
3974 | stage2
3975 | members2
3976 | www.sc
3977 | alaska
3978 | spectrum
3979 | broker
3980 | oxford
3981 | jb
3982 | jim
3983 | cheetah
3984 | sofia
3985 | webdisk.client
3986 | nero
3987 | rain
3988 | crux
3989 | mls
3990 | mrtg2
3991 | repair
3992 | meteor
3993 | samurai
3994 | kvm4
3995 | ural
3996 | destek
3997 | pcs
3998 | mig
3999 | unity
4000 | reporter
4001 | ftp-eu
4002 | cache2
4003 | van
4004 | smtp10
4005 | nod
4006 | chocolate
4007 | collections
4008 | kitchen
4009 | rocky
4010 | pedro
4011 | sophia
4012 | st3
4013 | nelson
4014 | ak
4015 | jl
4016 | slim
4017 | wap1
4018 | sora
4019 | migration
4020 | www.india
4021 | ns04
4022 | ns37
4023 | ums
4024 | www.labs
4025 | blah
4026 | adimg
4027 | yp
4028 | db6
4029 | xtreme
4030 | groupware
4031 | collection
4032 | blackbox
4033 | sender
4034 | t4
4035 | college
4036 | kevin
4037 | vd
4038 | eventos
4039 | tags
4040 | us2
4041 | macduff
4042 | wwwnew
4043 | publicapi
4044 | web24
4045 | jasper
4046 | vladivostok
4047 | tender
4048 | premier
4049 | tele
4050 | wwwdev
4051 | www.pr
4052 | postmaster
4053 | haber
4054 | zen
4055 | nj
4056 | rap
4057 | planning
4058 | domain2
4059 | veronica
4060 | isa
4061 | www.vb
4062 | lamp
4063 | goldmine
4064 | www.geo
4065 | www.math
4066 | mcc
4067 | www.ua
4068 | vera
4069 | nav
4070 | nas2
4071 | autoconfig.staging
4072 | s33
4073 | boards
4074 | thumb
4075 | autodiscover.staging
4076 | carmen
4077 | ferrari
4078 | jordan
4079 | quatro
4080 | gazeta
4081 | www.test3
4082 | manga
4083 | techno
4084 | vm0
4085 | vector
4086 | hiphop
4087 | www.bbs
4088 | rootservers
4089 | dean
4090 | www.ms
4091 | win12
4092 | dreamer
4093 | alexandra
4094 | smtp03
4095 | jackson
4096 | wing
4097 | ldap3
4098 | www.webmaster
4099 | hobby
4100 | men
4101 | cook
4102 | ns70
4103 | olivia
4104 | tampa
4105 | kiss
4106 | nevada
4107 | live2
4108 | computers
4109 | tina
4110 | festival
4111 | bunny
4112 | jump
4113 | military
4114 | fj
4115 | kira
4116 | pacific
4117 | gonzo
4118 | ftp.dev
4119 | svpn
4120 | serial
4121 | webster
4122 | www.pe
4123 | s204
4124 | romania
4125 | gamers
4126 | guru
4127 | sh1
4128 | lewis
4129 | pablo
4130 | yoshi
4131 | lego
4132 | divine
4133 | italy
4134 | wallpapers
4135 | nd
4136 | myfiles
4137 | neptun
4138 | www.world
4139 | convert
4140 | www.cloud
4141 | proteus
4142 | medicine
4143 | bak
4144 | lista
4145 | dy
4146 | rhino
4147 | dione
4148 | sip1
4149 | california
4150 | 100
4151 | cosmic
4152 | electronics
4153 | openid
4154 | csm
4155 | adm2
4156 | soleil
4157 | disco
4158 | www.pp
4159 | xmail
4160 | www.movie
4161 | pioneer
4162 | phplist
4163 | elephant
4164 | ftp6
4165 | depo
4166 | icon
4167 | www.ns2
4168 | www.youtube
4169 | ota
4170 | capacitacion
4171 | mailfilter
4172 | switch1
4173 | ryazan
4174 | auth2
4175 | paynow
4176 | webtv
4177 | pas
4178 | www.v3
4179 | storage1
4180 | rs1
4181 | sakai
4182 | pim
4183 | vcse
4184 | ko
4185 | oem
4186 | theme
4187 | tumblr
4188 | smtp0
4189 | server14
4190 | lala
4191 | storage2
4192 | k2
4193 | ecm
4194 | moo
4195 | can
4196 | imode
4197 | webdisk.gallery
4198 | webdisk.jobs
4199 | howard
4200 | mes
4201 | eservices
4202 | noah
4203 | support1
4204 | soc
4205 | gamer
4206 | ekb
4207 | marco
4208 | information
4209 | heaven
4210 | ty
4211 | kursk
4212 | wilson
4213 | webdisk.wp
4214 | freebsd
4215 | phones
4216 | void
4217 | esx3
4218 | empleo
4219 | aida
4220 | s01
4221 | apc1
4222 | mysites
4223 | www.kazan
4224 | calc
4225 | barney
4226 | prohome
4227 | fd
4228 | kenny
4229 | www.filme
4230 | ebill
4231 | d6
4232 | era
4233 | big
4234 | goodluck
4235 | rdns2
4236 | everything
4237 | ns43
4238 | monty
4239 | bib
4240 | clip
4241 | alf
4242 | quran
4243 | aim
4244 | logon
4245 | wg
4246 | rabbit
4247 | ntp3
4248 | upc
4249 | www.stream
4250 | www.ogloszenia
4251 | abcd
4252 | autodiscover.en
4253 | blogger
4254 | pepper
4255 | autoconfig.en
4256 | stat1
4257 | jf
4258 | smtp7
4259 | video3
4260 | eposta
4261 | cache1
4262 | ekaterinburg
4263 | talent
4264 | jewelry
4265 | ecs
4266 | beta3
4267 | www.proxy
4268 | zsb
4269 | 44
4270 | ww6
4271 | nautilus
4272 | angels
4273 | servicos
4274 | smpp
4275 | we
4276 | siga
4277 | magnolia
4278 | smt
4279 | maverick
4280 | franchise
4281 | dev.m
4282 | webdisk.info
4283 | penza
4284 | shrek
4285 | faraday
4286 | s123
4287 | aleph
4288 | vnc
4289 | chinese
4290 | glpi
4291 | unix
4292 | leto
4293 | win10
4294 | answers
4295 | att
4296 | webtools
4297 | sunset
4298 | extranet2
4299 | kirk
4300 | mitsubishi
4301 | ppp
4302 | cargo
4303 | comercial
4304 | balancer
4305 | aire
4306 | karma
4307 | emergency
4308 | zy
4309 | dtc
4310 | asb
4311 | win8
4312 | walker
4313 | cougar
4314 | autodiscover.videos
4315 | bugtracker
4316 | autoconfig.videos
4317 | icm
4318 | tap
4319 | nuevo
4320 | ganymede
4321 | cell
4322 | www02
4323 | ticketing
4324 | nature
4325 | brazil
4326 | www.alex
4327 | troy
4328 | avatars
4329 | aspire
4330 | custom
4331 | www.mm
4332 | ebiz
4333 | www.twitter
4334 | kong
4335 | beagle
4336 | chess
4337 | ilias
4338 | codex
4339 | camel
4340 | crc
4341 | microsite
4342 | mlm
4343 | autoconfig.crm
4344 | o2
4345 | human
4346 | ken
4347 | sonicwall
4348 | biznes
4349 | pec
4350 | flow
4351 | autoreply
4352 | tips
4353 | little
4354 | autodiscover.crm
4355 | hardcore
4356 | egypt
4357 | ryan
4358 | doska
4359 | mumble
4360 | s34
4361 | pds
4362 | platon
4363 | demo8
4364 | total
4365 | ug
4366 | das
4367 | gx
4368 | just
4369 | tec
4370 | archiv
4371 | ul
4372 | craft
4373 | franklin
4374 | speedtest1
4375 | rep
4376 | supplier
4377 | crime
4378 | mail-relay
4379 | luigi
4380 | saruman
4381 | defiant
4382 | rome
4383 | tempo
4384 | sr2
4385 | tempest
4386 | azure
4387 | horse
4388 | pliki
4389 | barracuda2
4390 | www.gis
4391 | cuba
4392 | adslnat-curridabat-128
4393 | aw
4394 | test13
4395 | box1
4396 | aaaa
4397 | x2
4398 | exchbhlan3
4399 | sv6
4400 | disk
4401 | enquete
4402 | eta
4403 | vm4
4404 | deep
4405 | mx12
4406 | s111
4407 | budget
4408 | arizona
4409 | autodiscover.media
4410 | ya
4411 | webmin
4412 | fisto
4413 | orbit
4414 | bean
4415 | mail07
4416 | autoconfig.media
4417 | berry
4418 | jg
4419 | www.money
4420 | store1
4421 | sydney
4422 | kraken
4423 | author
4424 | diablo
4425 | wwwww
4426 | word
4427 | www.gmail
4428 | www.tienda
4429 | samp
4430 | golden
4431 | travian
4432 | www.cat
4433 | www.biz
4434 | 54
4435 | demo10
4436 | bambi
4437 | ivanovo
4438 | big5
4439 | egitim
4440 | he
4441 | UNREGISTERED.zmc
4442 | amanda
4443 | orchid
4444 | kit
4445 | rmr1
4446 | richard
4447 | offer
4448 | edge1
4449 | germany
4450 | tristan
4451 | seguro
4452 | kyc
4453 | maths
4454 | columbia
4455 | steven
4456 | wings
4457 | www.sg
4458 | ns38
4459 | grand
4460 | tver
4461 | natasha
4462 | r3
4463 | www.tour
4464 | pdns
4465 | m11
4466 | dweb
4467 | nurse
4468 | dsp
4469 | www.market
4470 | meme
4471 | www.food
4472 | moda
4473 | ns44
4474 | mps
4475 | jgdw
4476 | m.stage
4477 | bdsm
4478 | mech
4479 | rosa
4480 | sx
4481 | tardis
4482 | domreg
4483 | eugene
4484 | home2
4485 | vpn01
4486 | scott
4487 | excel
4488 | lyncdiscoverinternal
4489 | ncs
4490 | pagos
4491 | recovery
4492 | bastion
4493 | wwwx
4494 | spectre
4495 | static.origin
4496 | quizadmin
4497 | www.abc
4498 | ulyanovsk
4499 | test-www
4500 | deneb
4501 | www.learn
4502 | nagano
4503 | bronx
4504 | ils
4505 | mother
4506 | defender
4507 | stavropol
4508 | g3
4509 | lol
4510 | nf
4511 | caldera
4512 | cfd185
4513 | tommy
4514 | think
4515 | thebest
4516 | girls
4517 | consulting
4518 | owl
4519 | newsroom
4520 | us.m
4521 | hpc
4522 | ss1
4523 | dist
4524 | valentine
4525 | 9
4526 | pumpkin
4527 | queens
4528 | watchdog
4529 | serv1
4530 | web07
4531 | pmo
4532 | gsm
4533 | spam1
4534 | geoip
4535 | test03
4536 | ftp.forum
4537 | server19
4538 | www.update
4539 | tac
4540 | vlad
4541 | saprouter
4542 | lions
4543 | lider
4544 | zion
4545 | c6
4546 | palm
4547 | ukr
4548 | amsterdam
4549 | html5
4550 | wd
4551 | estadisticas
4552 | blast
4553 | phys
4554 | rsm
4555 | 70
4556 | vvv
4557 | kris
4558 | agro
4559 | msn-smtp-out
4560 | labor
4561 | universal
4562 | gapps
4563 | futbol
4564 | baltimore
4565 | wt
4566 | avto
4567 | workshop
4568 | www.ufa
4569 | boom
4570 | autodiscover.jobs
4571 | unknown
4572 | alliance
4573 | www.svn
4574 | duke
4575 | kita
4576 | tic
4577 | killer
4578 | ip176-194
4579 | millenium
4580 | garfield
4581 | assets2
4582 | auctions
4583 | point
4584 | russian
4585 | suzuki
4586 | clinic
4587 | lyncedge
4588 | www.tr
4589 | la2
4590 | oldwebmail
4591 | shipping
4592 | informatica
4593 | age
4594 | gfx
4595 | ipsec
4596 | lina
4597 | autoconfig.jobs
4598 | zoo
4599 | splunk
4600 | sy
4601 | urban
4602 | fornax
4603 | www.dating
4604 | clock
4605 | balder
4606 | steam
4607 | ut
4608 | zz
4609 | washington
4610 | lightning
4611 | fiona
4612 | im2
4613 | enigma
4614 | fdc
4615 | zx
4616 | sami
4617 | eg
4618 | cyclone
4619 | acacia
4620 | yb
4621 | nps
4622 | update2
4623 | loco
4624 | discuss
4625 | s50
4626 | kurgan
4627 | smith
4628 | plant
4629 | lux
4630 | www.kino
4631 | www.extranet
4632 | gas
4633 | psychologie
4634 | 01
4635 | s02
4636 | cy
4637 | modem
4638 | station
4639 | www.reg
4640 | zip
4641 | boa
4642 | www.co
4643 | mx04
4644 | openerp
4645 | bounces
4646 | dodge
4647 | paula
4648 | meetings
4649 | firmy
4650 | web26
4651 | xz
4652 | utm
4653 | s40
4654 | panorama
4655 | CISCO-CAPWAP-CONTROLLER
4656 | photon
4657 | vas
4658 | war
4659 | marte
4660 | gateway2
4661 | tss
4662 | anton
4663 | hirlevel
4664 | winner
4665 | fbapps
4666 | vologda
4667 | arcadia
4668 | www.cc
4669 | util
4670 | 16
4671 | tyumen
4672 | desire
4673 | perl
4674 | princess
4675 | papa
4676 | like
4677 | matt
4678 | sgs
4679 | datacenter
4680 | atlantic
4681 | maine
4682 | tech1
4683 | ias
4684 | vintage
4685 | linux1
4686 | gzs
4687 | cip
4688 | keith
4689 | carpediem
4690 | serv2
4691 | dreams
4692 | front1
4693 | lyncaccess
4694 | fh
4695 | mailer2
4696 | www.chem
4697 | natural
4698 | student2
4699 | sailing
4700 | radio1
4701 | models
4702 | evo
4703 | tcm
4704 | bike
4705 | bancuri
4706 | baseball
4707 | manuals
4708 | img8
4709 | imap1
4710 | oldweb
4711 | smtpgw
4712 | pulsar
4713 | reader
4714 | will
4715 | stream3
4716 | oliver
4717 | mail15
4718 | lulu
4719 | dyn
4720 | bandwidth
4721 | messaging
4722 | us1
4723 | ibm
4724 | idaho
4725 | camping
4726 | verify
4727 | seg
4728 | vs1
4729 | autodiscover.sms
4730 | blade1
4731 | blade2
4732 | leda
4733 | mail17
4734 | horo
4735 | testdrive
4736 | diet
4737 | www.start
4738 | mp1
4739 | claims
4740 | te
4741 | gcc
4742 | www.whois
4743 | nieuwsbrief
4744 | xeon
4745 | eternity
4746 | greetings
4747 | data2
4748 | asf
4749 | autoconfig.sms
4750 | kemerovo
4751 | olga
4752 | haha
4753 | ecc
4754 | prestashop
4755 | rps
4756 | img0
4757 | olimp
4758 | biotech
4759 | qa1
4760 | swan
4761 | bsd
4762 | webdisk.sandbox
4763 | sanantonio
4764 | dental
4765 | www.acc
4766 | zmail
4767 | statics
4768 | ns102
4769 | 39
4770 | idb
4771 | h5
4772 | connect2
4773 | jd
4774 | christian
4775 | luxury
4776 | ten
4777 | bbtest
4778 | blogtest
4779 | self
4780 | www.green
4781 | forumtest
4782 | olive
4783 | www.lab
4784 | ns63
4785 | freebies
4786 | ns64
4787 | www.g
4788 | jake
4789 | www.plus
4790 | ejournal
4791 | letter
4792 | works
4793 | peach
4794 | spoon
4795 | sie
4796 | lx
4797 | aol
4798 | baobab
4799 | tv2
4800 | edge2
4801 | sign
4802 | webdisk.help
4803 | www.mobi
4804 | php5
4805 | webdata
4806 | award
4807 | gf
4808 | rg
4809 | lily
4810 | ricky
4811 | pico
4812 | nod32
4813 | opus
4814 | sandiego
4815 | emploi
4816 | sfa
4817 | application
4818 | comment
4819 | autodiscover.search
4820 | www.se
4821 | recherche
4822 | africa
4823 | webdisk.members
4824 | multi
4825 | wood
4826 | xx
4827 | fan
4828 | reverse
4829 | missouri
4830 | zinc
4831 | brutus
4832 | lolo
4833 | imap2
4834 | www.windows
4835 | aaron
4836 | webdisk.wordpress
4837 | create
4838 | bis
4839 | aps
4840 | xp
4841 | outlet
4842 | www.cpanel
4843 | bloom
4844 | 6
4845 | ni
4846 | www.vestibular
4847 | webdisk.billing
4848 | roman
4849 | myshop
4850 | joyce
4851 | qb
4852 | walter
4853 | www.hr
4854 | fisher
4855 | daily
4856 | webdisk.files
4857 | michelle
4858 | musik
4859 | sic
4860 | taiwan
4861 | jewel
4862 | inbound
4863 | trio
4864 | mts
4865 | dog
4866 | mustang
4867 | specials
4868 | www.forms
4869 | crew
4870 | tes
4871 | www.med
4872 | elib
4873 | testes
4874 | richmond
4875 | autodiscover.travel
4876 | mccoy
4877 | aquila
4878 | www.saratov
4879 | bts
4880 | hornet
4881 | election
4882 | test22
4883 | kaliningrad
4884 | listes
4885 | tx
4886 | webdisk.travel
4887 | onepiece
4888 | bryan
4889 | saas
4890 | opel
4891 | florence
4892 | blacklist
4893 | skin
4894 | workspace
4895 | theta
4896 | notebook
4897 | freddy
4898 | elmo
4899 | www.webdesign
4900 | autoconfig.travel
4901 | sql3
4902 | faith
4903 | cody
4904 | nuke
4905 | memphis
4906 | chrome
4907 | douglas
4908 | www24
4909 | autoconfig.search
4910 | www.analytics
4911 | forge
4912 | gloria
4913 | harry
4914 | birmingham
4915 | zebra
4916 | www.123
4917 | laguna
4918 | lamour
4919 | igor
4920 | brs
4921 | polar
4922 | lancaster
4923 | webdisk.portal
4924 | autoconfig.img
4925 | autodiscover.img
4926 | other
4927 | www19
4928 | srs
4929 | gala
4930 | crown
4931 | v5
4932 | fbl
4933 | sherlock
4934 | remedy
4935 | gw-ndh
4936 | mushroom
4937 | mysql8
4938 | sv5
4939 | csp
4940 | marathon
4941 | kent
4942 | critical
4943 | dls
4944 | capricorn
4945 | standby
4946 | test15
4947 | www.portfolio
4948 | savannah
4949 | img13
4950 | veritas
4951 | move
4952 | rating
4953 | sound
4954 | zephyr
4955 | download1
4956 | www.ticket
4957 | exchange-imap.its
4958 | b5
4959 | andrea
4960 | dds
4961 | epm
4962 | banana
4963 | smartphone
4964 | nicolas
4965 | phpadmin
4966 | www.subscribe
4967 | prototype
4968 | experts
4969 | mgk
4970 | newforum
4971 | result
4972 | www.prueba
4973 | cbf2
4974 | s114
4975 | spp
4976 | trident
4977 | mirror2
4978 | s112
4979 | sonia
4980 | nnov
4981 | www.china
4982 | alabama
4983 | photogallery
4984 | blackjack
4985 | lex
4986 | hathor
4987 | inc
4988 | xmas
4989 | tulip
4990 | and
4991 | common-sw1
4992 | betty
4993 | vo
4994 | www.msk
4995 | pc2
4996 | schools
4997 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | xmltodict==0.11.0
2 | dnspython==1.15.0
3 | requests>=2.20.0
4 | lxml==4.6.5
5 | beautifulsoup4==4.6.0
6 | click==6.7
7 | fake-useragent
8 | PySocks==1.6.8
9 | 


--------------------------------------------------------------------------------
/setup.cfg:
--------------------------------------------------------------------------------
1 | [metadata]
2 | description-file = README.md


--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
 1 | from setuptools import setup, find_packages
 2 | 
 3 | 
 4 | with open("README.md", "r") as file:
 5 |     long_description = file.read()
 6 | 
 7 | setup(
 8 |     name='raccoon-scanner',
 9 |     packages=find_packages(exclude="tests"),
10 |     license="MIT",
11 |     version='0.8.5',
12 |     description='Offensive Security Tool for Reconnaissance and Information Gathering',
13 |     long_description=long_description,
14 |     long_description_content_type="text/markdown",
15 |     author='Evyatar Meged',
16 |     author_email='evyatarmeged@gmail.com',
17 |     url='https://github.com/evyatarmeged/Raccoon',
18 |     install_requires=['beautifulsoup4',
19 |                       'requests',
20 |                       'dnspython',
21 |                       "lxml",
22 |                       "click",
23 |                       "fake-useragent",
24 |                       "requests[socks]",
25 |                       "xmltodict"],
26 |     package_data={
27 |         "raccoon_src": [
28 |             "wordlists/*"
29 |         ]
30 |     },
31 |     include_package_data=True,
32 |     entry_points={
33 |         'console_scripts': [
34 |             'raccoon=raccoon_src.main:main'
35 |         ]
36 |     },
37 | )
38 | 


--------------------------------------------------------------------------------
/tests/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/evyatarmeged/Raccoon/9cf6c1129221aa51280f5705106660d23b2f1b92/tests/__init__.py


--------------------------------------------------------------------------------
/tests/test_fuzzer.py:
--------------------------------------------------------------------------------
 1 | import unittest
 2 | import asyncio
 3 | from raccoon_src.lib.fuzzer import URLFuzzer
 4 | from raccoon_src.lib.host import Host
 5 | from raccoon_src.utils.exceptions import FuzzerException, RequestHandlerException
 6 | from raccoon_src.utils.logger import SystemOutLogger
 7 | 
 8 | 
 9 | class TestURLFuzzer(unittest.TestCase):
10 | 
11 |     def setUp(self):
12 |         self.TestHost = Host
13 |         self.TestHost.create_host_dir_and_set_file_logger = lambda _: None
14 |         self.TestFuzzer = URLFuzzer
15 |         self.TestFuzzer.get_log_file_path = lambda _, __: SystemOutLogger()
16 |         self.loop = asyncio.get_event_loop()
17 | 
18 |     def test_bad_wordlist(self):
19 |         host = self.TestHost("127.0.0.1", ())
20 |         with self.assertRaises(FuzzerException):
21 |             fuzzer = self.TestFuzzer(host, (), path_to_wordlist="no/such/path", num_threads=1)
22 | 
23 | 
24 | 


--------------------------------------------------------------------------------
/tests/test_host.py:
--------------------------------------------------------------------------------
 1 | import unittest
 2 | from raccoon_src.lib.host import Host
 3 | from raccoon_src.utils.exceptions import HostHandlerException
 4 | 
 5 | 
 6 | class TestHost(unittest.TestCase):
 7 | 
 8 |     def setUp(self):
 9 |         self.TestHost = Host
10 |         self.TestHost.create_host_dir_and_set_file_logger = lambda _: None
11 | 
12 |     def test_port_extraction(self):
13 |         host = self.TestHost("www.example.com:35000", ())
14 |         host.parse()
15 |         self.assertEqual(host.port, 35000)
16 | 
17 |     def test_default_port(self):
18 |         host = self.TestHost("www.example.com", ())
19 |         host.parse()
20 |         self.assertEqual(host.port, 80)
21 | 
22 |     def test_proto_extraction(self):
23 |         host = self.TestHost("https://www.example.com", ())
24 |         host.parse()
25 |         self.assertEqual(host.protocol, "https")
26 | 
27 |     def test_default_protocol(self):
28 |         host = self.TestHost("127.0.0.1", ())
29 |         host.parse()
30 |         self.assertEqual(host.protocol, "http")
31 | 
32 |     def test_invalid_protocol(self):
33 |         with self.assertRaises(HostHandlerException):
34 |             host = self.TestHost("ftp://www.example.com", ())
35 |             host.parse()
36 | 
37 |     def test_ip_detected(self):
38 |         host = self.TestHost("10.10.10.75", ())
39 |         host.parse()
40 |         self.assertEqual(host.is_ip, True)
41 | 
42 |     def test_fqdn_detected(self):
43 |         host = self.TestHost("https://www.example.com", ())
44 |         host.parse()
45 |         self.assertEqual(host.fqdn, "www.example.com")
46 | 
47 |     def test_naked_detected(self):
48 |         host = self.TestHost("https://www.example.com", ())
49 |         host.parse()
50 |         self.assertEqual(host.naked, "example.com")
51 | 


--------------------------------------------------------------------------------
/tests/test_subdomain.py:
--------------------------------------------------------------------------------
 1 | import unittest
 2 | 
 3 | 
 4 | class TestSubDomainEnumerator(unittest.TestCase):
 5 | 
 6 |     def setUp(self):
 7 |         # SANs = []
 8 |         pass
 9 | 
10 | 
11 | 


--------------------------------------------------------------------------------
/tests/test_waf.py:
--------------------------------------------------------------------------------
  1 | import unittest
  2 | from raccoon_src.lib.waf import WAFApplicationMethods
  3 | 
  4 | 
  5 | class Response:
  6 |     headers = {}
  7 | 
  8 | 
  9 | class TestWAFHttp(unittest.TestCase):
 10 | 
 11 |     def setUp(self):
 12 |         self.server = "Server"
 13 |         self.response = Response()
 14 | 
 15 |     def test_cloudflare_detection_by_headers(self):
 16 |         self.response.headers = {"CF-RAY": None}
 17 |         self.assertTrue(WAFApplicationMethods.detect_cloudflare(self.response))
 18 | 
 19 |     def test_cloudflare_detection_by_server(self):
 20 |         self.response.headers = {self.server: "cloudflare"}
 21 |         self.assertTrue(WAFApplicationMethods.detect_cloudflare(self.response))
 22 | 
 23 |     def test_cloudfront_detection_by_headers(self):
 24 |         self.response.headers = {"Via": "cloudfront"}
 25 |         self.assertTrue(WAFApplicationMethods.detect_cloudfront(self.response))
 26 |         self.response.headers = {"X-cache": "cloudfront"}
 27 |         self.assertTrue(WAFApplicationMethods.detect_cloudfront(self.response))
 28 | 
 29 |     def test_cloudfront_detection_by_server(self):
 30 |         self.response.headers = {self.server: "CloudFront"}
 31 |         self.assertTrue(WAFApplicationMethods.detect_cloudfront(self.response))
 32 | 
 33 |     def test_incapsula_detection_by_headers(self):
 34 |         self.response.headers = {"X-Iinfo": None}
 35 |         self.assertTrue(WAFApplicationMethods.detect_incapsula(self.response))
 36 |         self.response.headers = {"X-CDN": "Incapsula"}
 37 |         self.assertTrue(WAFApplicationMethods.detect_incapsula(self.response))
 38 | 
 39 |     def test_maxcdn_detection_by_server(self):
 40 |         self.response.headers = {self.server: "NetDNA-cache"}
 41 |         self.assertTrue(WAFApplicationMethods.detect_maxcdn(self.response))
 42 | 
 43 |     def test_edgecast_detection_by_server(self):
 44 |         self.response.headers = {self.server: "ECD-conglom"}
 45 |         self.assertTrue(WAFApplicationMethods.detect_edgecast(self.response))
 46 | 
 47 | 
 48 | class TestWAFCName(unittest.TestCase):
 49 | 
 50 |     def setUp(self):
 51 |         self.waf_cname_map = {
 52 |             "incapdns": "Incapsula",
 53 |             "edgekey": "Akamai",
 54 |             "akamai": "Akamai",
 55 |             "edgesuite": "Akamai",
 56 |             "distil": "Distil Networks",
 57 |             "cloudfront": "CloudFront",
 58 |             "netdna-cdn": "MaxCDN"
 59 |         }
 60 | 
 61 |     def detect_by_cname(self, cnames):
 62 |         for waf in self.waf_cname_map:
 63 |             if any(waf in str(cname) for cname in cnames):
 64 |                 return self.waf_cname_map.get(waf)
 65 | 
 66 |     def test_akamai_detection(self):
 67 |         records = {"some_akamai_dns_value": "Akamai",
 68 |                    "otherkey": "othervalue"
 69 |                    }
 70 |         self.assertEqual(self.detect_by_cname(records), "Akamai")
 71 | 
 72 |     def test_second_akamai_detection(self):
 73 |         records = {"example_edgesuite_example": "Akamai",
 74 |                    "otherkey": "othervalue"
 75 |                    }
 76 |         self.assertEqual(self.detect_by_cname(records), "Akamai")
 77 | 
 78 |     def test_third_akamai_detection(self):
 79 |         records = {"example_edgekey_example": "Akamai",
 80 |                    "otherkey": "othervalue"}
 81 |         self.assertEqual(self.detect_by_cname(records), "Akamai")
 82 | 
 83 |     def test_incapsula_detection(self):
 84 |         records = {"example.incapdns.or.not": "Incapsula",
 85 |                    "otherkey": "othervalue"}
 86 |         self.assertEqual(self.detect_by_cname(records), "Incapsula")
 87 | 
 88 |     def test_distil_detection(self):
 89 |         records = {"lolz.distil.kthx": "Distil Networks",
 90 |                    "not": "real"}
 91 |         self.assertEqual(self.detect_by_cname(records), "Distil Networks")
 92 | 
 93 |     def test_cloudfront_detection(self):
 94 |         records = {"aws.cloudfront.is.it": "CloudFront",
 95 |                    "AWS": "CO.UK"}
 96 |         self.assertEqual(self.detect_by_cname(records), "CloudFront")
 97 | 
 98 |     def test_maxcdn_detection(self):
 99 |         records = {"mycdn.netdna-cdn.godmode": "MaxCDN",
100 |                    "HAI1.2": "IHAZAVAR"}
101 |         self.assertEqual(self.detect_by_cname(records), "MaxCDN")
102 | 


--------------------------------------------------------------------------------
/tests/test_web_app.py:
--------------------------------------------------------------------------------
 1 | import unittest
 2 | 
 3 | 
 4 | class Cookie:
 5 | 
 6 |     def __init__(self):
 7 |         pass
 8 | 
 9 | 
10 | class Response:
11 |     headers = {}
12 | 
13 | 
14 | class TestWebApplicationScanner(unittest.TestCase):
15 | 
16 |     def setUp(self):
17 |         # cookie_jar = []
18 |         pass
19 | 
20 | 


--------------------------------------------------------------------------------