#!/usr/bin/perl # By NaN # # Requirements: # aha https://github.com/masukomi/aha # sslscan https://github.com/rbsec/sslscan # testssl https://github.com/drwetter/testssl.sh # securityheaders https://github.com/juerkkil/securityheaders # nmap https://nmap.org # nikto https://github.com/sullo/nikto # dirb https://sourceforge.net/projects/dirb/files/ # wig https://github.com/jekyc/wig # davtest https://github.com/cldrn/davtest # wafw00f https://github.com/EnableSecurity/wafw00f # whatweb https://github.com/urbanadventurer/whatweb # metagoofil https://github.com/kurobeats/metagoofil # spaghetti https://github.com/m4ll0k/Spaghetti use Socket; use URI; # command or path to pentest tools # comment out to disable - e.g. nmap my $sslscan = "sslscan"; # sslscan my $testssl = "testssl"; # testssl.sh my $headers = "/opt/securityheaders/securityheaders.py"; # securityheaders #my $nmap = "nmap"; # nmap my $nikto = "nikto"; # nikto #my $dirb = "dirb"; # dirb my $wig = "/opt/wig/wig.py"; # wig my $davtest = "davtest"; # davtest my $wafw00f = "wafw00f"; # wafw00f my $whatweb = "whatweb"; # whatweb #my $metagoo = "metagoofil"; # metagoofil #my $spaghet = "/opt/Spaghetti/spaghetti.py"; # spaghetti # misc my $aha = "aha"; # aha my $browser = "thunar"; # your file browser - remove to disable if($#ARGV < 1){ print "Pre-Pentest Enumeration and Scanning v0.1\n"; print "Usage: ./PEaS.pl </full/directory/path> <https://www.url.com>\n"; exit(-1); }else{ my $dir = $ARGV[0]; my $url = $ARGV[1]; my @children_pids; if($url =~ /^(?:(?:http?|s))/i){}else{ die "[!] Not a valid URL!\n"; } print "[i] Directory: $dir \n"; print "[i] URL: $url \n"; my $uri = URI->new( $url ); my $ip_addr = gethostbyname( $uri->host ); $ip_addr = inet_ntoa( $ip_addr ); print "[i] IP address: $ip_addr \n"; print "[+] Creating Directory\n"; unless(mkdir($dir, 0755)) { die "[!] Unable to create!\n"; } if(defined($sslscan)){ my $pid = fork(); if( $pid == 0 ){ push @children_pids, $pid; if($url =~ /https/){ print "[+] Launching SSLScan\n"; system("$sslscan $url | aha >$dir/sslscan.html"); print "[+] Finished SSLScan\n"; }else{ print "[-] Skipping SSLScan\n"; } exit 0; } } if(defined($testssl)){ my $pid2 = fork(); if( $pid2 == 0){ push @children_pids, $pid2; if($url =~ /https/){ print "[+] Launching testssl.sh\n"; system("$testssl $url | aha >$dir/testssl.html"); print "[+] Finished testssl.sh\n"; }else{ print "[-] Skipping testssl.sh\n"; } exit 0; } } if(defined($headers)){ my $pid3 = fork(); if( $pid3 == 0 ){ push @children_pids, $pid3; print "[+] Checking Headers\n"; system(" echo \"curl -Is --insecure $url\n\" > $dir/headers.txt"); system("curl -Is --insecure $url >> $dir/headers.txt"); system("python $headers $url | aha >$dir/headers.html"); print "[+] Finished Headers\n"; exit 0; } } if(defined($nmap)){ my $pid4 = fork(); if( $pid4 == 0 ){ push @children_pids, $pid4; print "[+] Launching nmap\n"; system("$nmap -p- -A -Pn -sT -oA $dir/nmap $ip_addr >/dev/null"); print "[+] Finished nmap\n"; exit 0; } } if(defined($nikto)){ my $pid5 = fork(); if( $pid5 == 0 ){ push @children_pids, $pid5; print "[+] Launching nikto\n"; system("$nikto -nointeractive -output $dir/nikto.txt -host $url >/dev/null"); print "[+] Finished nikto\n"; exit 0; } } if(defined($dirb)){ my $pid6 = fork(); if( $pid6 == 0 ){ push @children_pids, $pid6; print "[+] Launching dirb\n"; system("$dirb $url -o $dir/dirb.txt >/dev/null"); print "[+] Finished dirb\n"; exit 0; } } if(defined($wig)){ my $pid7 = fork(); if( $pid7 == 0 ){ push @children_pids, $pid7; print "[+] Launching wig\n"; system("python3 $wig -q $url | aha >$dir/wig.html"); print "[+] Finished wig\n"; exit 0; } } if(defined($davtest)){ my $pid8 = fork(); if( $pid8 == 0 ){ push @children_pids, $pid8; print "[+] Launching davtest\n"; system("$davtest -cleanup -quiet -url $url >$dir/davtest.txt"); print "[+] Finished davtest\n"; exit 0; } } if(defined($wafw00f)){ my $pid9 = fork(); if( $pid9 == 0 ){ push @children_pids, $pid9; print "[+] Launching wafw00f\n"; system("$wafw00f $url >$dir/wafw00f.txt"); print "[+] Finished wafw00f\n"; exit 0; } } if(defined($whatweb)){ my $pid10 = fork(); if( $pid10 == 0 ){ push @children_pids, $pid10; print "[+] Launching whatweb\n"; system("$whatweb --no-errors -a 3 $url | aha >$dir/whatweb.html"); print "[+] Finished whatweb\n"; exit 0; } } if(defined($metagoo)){ my $pid11 = fork(); if( $pid11 == 0 ){ push @children_pids, $pid10; print "[+] Launching metagoofil\n"; print "[+] Creating Directory\n"; mkdir("$dir/downloaded_docs", 0755); system("$metagoo -d $url -t pdf,doc,xls,ppt,docx,xlsx,pptx -l 100 -h yes -o $dir/downloaded_docs -f $dir/metagoofil.html"); print "[+] Finished metagoofil\n"; exit 0; } } if(defined($spaghet)){ my $pid12 = fork(); if( $pid12 == 0 ){ push @children_pids, $pid3; print "[+] Launching spaghetti\n"; system("python $spaghet -u $url | aha >$dir/spaghetti.html"); print "[+] Finished spaghetti\n"; exit 0; } } my $loop = 1; $SIG{CHLD} = 'DEFAULT'; # turn off auto reaper $SIG{INT} = $SIG{TERM} = sub {$loop = 0; kill -15 => @children_pids}; while ($loop && getppid() != 1) { my $child = waitpid(-1, 0); last if $child == -1; } if( length $browser ){ print "[!] Launching file browser\n"; system("$browser $dir &"); }else{ print "[!] Complete\n"; } exit(); }