#!/usr/bin/perl
# By NaN
#
# Requirements:
# aha https://github.com/masukomi/aha
# sslscan https://github.com/rbsec/sslscan
# testssl https://github.com/drwetter/testssl.sh
# securityheaders https://github.com/juerkkil/securityheaders
# nmap https://nmap.org
# nikto https://github.com/sullo/nikto
# dirb https://sourceforge.net/projects/dirb/files/
# wig https://github.com/jekyc/wig
# davtest https://github.com/cldrn/davtest
# wafw00f https://github.com/EnableSecurity/wafw00f
# whatweb https://github.com/urbanadventurer/whatweb
# metagoofil https://github.com/kurobeats/metagoofil
# spaghetti https://github.com/m4ll0k/Spaghetti
use Socket;
use URI;
# command or path to pentest tools
# comment out to disable - e.g. nmap
my $sslscan = "sslscan"; # sslscan
my $testssl = "testssl"; # testssl.sh
my $headers = "/opt/securityheaders/securityheaders.py"; # securityheaders
#my $nmap = "nmap"; # nmap
my $nikto = "nikto"; # nikto
#my $dirb = "dirb"; # dirb
my $wig = "/opt/wig/wig.py"; # wig
my $davtest = "davtest"; # davtest
my $wafw00f = "wafw00f"; # wafw00f
my $whatweb = "whatweb"; # whatweb
#my $metagoo = "metagoofil"; # metagoofil
#my $spaghet = "/opt/Spaghetti/spaghetti.py"; # spaghetti
# misc
my $aha = "aha"; # aha
my $browser = "thunar"; # your file browser - remove to disable
if($#ARGV < 1){
print "Pre-Pentest Enumeration and Scanning v0.1\n";
print "Usage: ./PEaS.pl </full/directory/path> <https://www.url.com>\n";
exit(-1);
}else{
my $dir = $ARGV[0];
my $url = $ARGV[1];
my @children_pids;
if($url =~ /^(?:(?:http?|s))/i){}else{
die "[!] Not a valid URL!\n";
}
print "[i] Directory: $dir \n";
print "[i] URL: $url \n";
my $uri = URI->new( $url );
my $ip_addr = gethostbyname( $uri->host );
$ip_addr = inet_ntoa( $ip_addr );
print "[i] IP address: $ip_addr \n";
print "[+] Creating Directory\n";
unless(mkdir($dir, 0755)) {
die "[!] Unable to create!\n";
}
if(defined($sslscan)){
my $pid = fork();
if( $pid == 0 ){
push @children_pids, $pid;
if($url =~ /https/){
print "[+] Launching SSLScan\n";
system("$sslscan $url | aha >$dir/sslscan.html");
print "[+] Finished SSLScan\n";
}else{
print "[-] Skipping SSLScan\n";
}
exit 0;
}
}
if(defined($testssl)){
my $pid2 = fork();
if( $pid2 == 0){
push @children_pids, $pid2;
if($url =~ /https/){
print "[+] Launching testssl.sh\n";
system("$testssl $url | aha >$dir/testssl.html");
print "[+] Finished testssl.sh\n";
}else{
print "[-] Skipping testssl.sh\n";
}
exit 0;
}
}
if(defined($headers)){
my $pid3 = fork();
if( $pid3 == 0 ){
push @children_pids, $pid3;
print "[+] Checking Headers\n";
system(" echo \"curl -Is --insecure $url\n\" > $dir/headers.txt");
system("curl -Is --insecure $url >> $dir/headers.txt");
system("python $headers $url | aha >$dir/headers.html");
print "[+] Finished Headers\n";
exit 0;
}
}
if(defined($nmap)){
my $pid4 = fork();
if( $pid4 == 0 ){
push @children_pids, $pid4;
print "[+] Launching nmap\n";
system("$nmap -p- -A -Pn -sT -oA $dir/nmap $ip_addr >/dev/null");
print "[+] Finished nmap\n";
exit 0;
}
}
if(defined($nikto)){
my $pid5 = fork();
if( $pid5 == 0 ){
push @children_pids, $pid5;
print "[+] Launching nikto\n";
system("$nikto -nointeractive -output $dir/nikto.txt -host $url >/dev/null");
print "[+] Finished nikto\n";
exit 0;
}
}
if(defined($dirb)){
my $pid6 = fork();
if( $pid6 == 0 ){
push @children_pids, $pid6;
print "[+] Launching dirb\n";
system("$dirb $url -o $dir/dirb.txt >/dev/null");
print "[+] Finished dirb\n";
exit 0;
}
}
if(defined($wig)){
my $pid7 = fork();
if( $pid7 == 0 ){
push @children_pids, $pid7;
print "[+] Launching wig\n";
system("python3 $wig -q $url | aha >$dir/wig.html");
print "[+] Finished wig\n";
exit 0;
}
}
if(defined($davtest)){
my $pid8 = fork();
if( $pid8 == 0 ){
push @children_pids, $pid8;
print "[+] Launching davtest\n";
system("$davtest -cleanup -quiet -url $url >$dir/davtest.txt");
print "[+] Finished davtest\n";
exit 0;
}
}
if(defined($wafw00f)){
my $pid9 = fork();
if( $pid9 == 0 ){
push @children_pids, $pid9;
print "[+] Launching wafw00f\n";
system("$wafw00f $url >$dir/wafw00f.txt");
print "[+] Finished wafw00f\n";
exit 0;
}
}
if(defined($whatweb)){
my $pid10 = fork();
if( $pid10 == 0 ){
push @children_pids, $pid10;
print "[+] Launching whatweb\n";
system("$whatweb --no-errors -a 3 $url | aha >$dir/whatweb.html");
print "[+] Finished whatweb\n";
exit 0;
}
}
if(defined($metagoo)){
my $pid11 = fork();
if( $pid11 == 0 ){
push @children_pids, $pid10;
print "[+] Launching metagoofil\n";
print "[+] Creating Directory\n";
mkdir("$dir/downloaded_docs", 0755);
system("$metagoo -d $url -t pdf,doc,xls,ppt,docx,xlsx,pptx -l 100 -h yes -o $dir/downloaded_docs -f $dir/metagoofil.html");
print "[+] Finished metagoofil\n";
exit 0;
}
}
if(defined($spaghet)){
my $pid12 = fork();
if( $pid12 == 0 ){
push @children_pids, $pid3;
print "[+] Launching spaghetti\n";
system("python $spaghet -u $url | aha >$dir/spaghetti.html");
print "[+] Finished spaghetti\n";
exit 0;
}
}
my $loop = 1;
$SIG{CHLD} = 'DEFAULT'; # turn off auto reaper
$SIG{INT} = $SIG{TERM} = sub {$loop = 0; kill -15 => @children_pids};
while ($loop && getppid() != 1) {
my $child = waitpid(-1, 0);
last if $child == -1;
}
if( length $browser ){
print "[!] Launching file browser\n";
system("$browser $dir &");
}else{
print "[!] Complete\n";
}
exit();
}
root