- #!/usr/bin/perl
- # By NaN
- #
- # Requirements:
- # aha https://github.com/masukomi/aha
- # sslscan https://github.com/rbsec/sslscan
- # testssl https://github.com/drwetter/testssl.sh
- # securityheaders https://github.com/juerkkil/securityheaders
- # nmap https://nmap.org
- # nikto https://github.com/sullo/nikto
- # dirb https://sourceforge.net/projects/dirb/files/
- # wig https://github.com/jekyc/wig
- # davtest https://github.com/cldrn/davtest
- # wafw00f https://github.com/EnableSecurity/wafw00f
- # whatweb https://github.com/urbanadventurer/whatweb
- # metagoofil https://github.com/kurobeats/metagoofil
- # spaghetti https://github.com/m4ll0k/Spaghetti
-
- use Socket;
- use URI;
-
- # command or path to pentest tools
- # comment out to disable - e.g. nmap
- my $sslscan = "sslscan"; # sslscan
- my $testssl = "testssl"; # testssl.sh
- my $headers = "/opt/securityheaders/securityheaders.py"; # securityheaders
- #my $nmap = "nmap"; # nmap
- my $nikto = "nikto"; # nikto
- #my $dirb = "dirb"; # dirb
- my $wig = "/opt/wig/wig.py"; # wig
- my $davtest = "davtest"; # davtest
- my $wafw00f = "wafw00f"; # wafw00f
- my $whatweb = "whatweb"; # whatweb
- #my $metagoo = "metagoofil"; # metagoofil
- #my $spaghet = "/opt/Spaghetti/spaghetti.py"; # spaghetti
-
- # misc
- my $aha = "aha"; # aha
- my $browser = "thunar"; # your file browser - remove to disable
-
- if($#ARGV < 1){
- print "Pre-Pentest Enumeration and Scanning v0.1\n";
- print "Usage: ./PEaS.pl </full/directory/path> <https://www.url.com>\n";
- exit(-1);
- }else{
-
- my $dir = $ARGV[0];
- my $url = $ARGV[1];
- my @children_pids;
-
- if($url =~ /^(?:(?:http?|s))/i){}else{
- die "[!] Not a valid URL!\n";
- }
-
- print "[i] Directory: $dir \n";
- print "[i] URL: $url \n";
-
- my $uri = URI->new( $url );
- my $ip_addr = gethostbyname( $uri->host );
- $ip_addr = inet_ntoa( $ip_addr );
- print "[i] IP address: $ip_addr \n";
-
-
- print "[+] Creating Directory\n";
- unless(mkdir($dir, 0755)) {
- die "[!] Unable to create!\n";
- }
-
- if(defined($sslscan)){
- my $pid = fork();
- if( $pid == 0 ){
- push @children_pids, $pid;
- if($url =~ /https/){
- print "[+] Launching SSLScan\n";
- system("$sslscan $url | aha >$dir/sslscan.html");
- print "[+] Finished SSLScan\n";
- }else{
- print "[-] Skipping SSLScan\n";
- }
- exit 0;
- }
- }
-
- if(defined($testssl)){
- my $pid2 = fork();
- if( $pid2 == 0){
- push @children_pids, $pid2;
- if($url =~ /https/){
- print "[+] Launching testssl.sh\n";
- system("$testssl $url | aha >$dir/testssl.html");
- print "[+] Finished testssl.sh\n";
- }else{
- print "[-] Skipping testssl.sh\n";
- }
- exit 0;
- }
- }
-
- if(defined($headers)){
- my $pid3 = fork();
- if( $pid3 == 0 ){
- push @children_pids, $pid3;
- print "[+] Checking Headers\n";
- system(" echo \"curl -Is --insecure $url\n\" > $dir/headers.txt");
- system("curl -Is --insecure $url >> $dir/headers.txt");
- system("python $headers $url | aha >$dir/headers.html");
- print "[+] Finished Headers\n";
- exit 0;
- }
- }
-
- if(defined($nmap)){
- my $pid4 = fork();
- if( $pid4 == 0 ){
- push @children_pids, $pid4;
- print "[+] Launching nmap\n";
- system("$nmap -p- -A -Pn -sT -oA $dir/nmap $ip_addr >/dev/null");
- print "[+] Finished nmap\n";
- exit 0;
- }
- }
-
- if(defined($nikto)){
- my $pid5 = fork();
- if( $pid5 == 0 ){
- push @children_pids, $pid5;
- print "[+] Launching nikto\n";
- system("$nikto -nointeractive -output $dir/nikto.txt -host $url >/dev/null");
- print "[+] Finished nikto\n";
- exit 0;
- }
- }
-
- if(defined($dirb)){
- my $pid6 = fork();
- if( $pid6 == 0 ){
- push @children_pids, $pid6;
- print "[+] Launching dirb\n";
- system("$dirb $url -o $dir/dirb.txt >/dev/null");
- print "[+] Finished dirb\n";
- exit 0;
- }
- }
-
- if(defined($wig)){
- my $pid7 = fork();
- if( $pid7 == 0 ){
- push @children_pids, $pid7;
- print "[+] Launching wig\n";
- system("python3 $wig -q $url | aha >$dir/wig.html");
- print "[+] Finished wig\n";
- exit 0;
- }
- }
-
- if(defined($davtest)){
- my $pid8 = fork();
- if( $pid8 == 0 ){
- push @children_pids, $pid8;
- print "[+] Launching davtest\n";
- system("$davtest -cleanup -quiet -url $url >$dir/davtest.txt");
- print "[+] Finished davtest\n";
- exit 0;
- }
- }
-
- if(defined($wafw00f)){
- my $pid9 = fork();
- if( $pid9 == 0 ){
- push @children_pids, $pid9;
- print "[+] Launching wafw00f\n";
- system("$wafw00f $url >$dir/wafw00f.txt");
- print "[+] Finished wafw00f\n";
- exit 0;
- }
- }
-
- if(defined($whatweb)){
- my $pid10 = fork();
- if( $pid10 == 0 ){
- push @children_pids, $pid10;
- print "[+] Launching whatweb\n";
- system("$whatweb --no-errors -a 3 $url | aha >$dir/whatweb.html");
- print "[+] Finished whatweb\n";
- exit 0;
- }
- }
-
- if(defined($metagoo)){
- my $pid11 = fork();
- if( $pid11 == 0 ){
- push @children_pids, $pid10;
- print "[+] Launching metagoofil\n";
- print "[+] Creating Directory\n";
- mkdir("$dir/downloaded_docs", 0755);
- system("$metagoo -d $url -t pdf,doc,xls,ppt,docx,xlsx,pptx -l 100 -h yes -o $dir/downloaded_docs -f $dir/metagoofil.html");
- print "[+] Finished metagoofil\n";
- exit 0;
- }
- }
-
- if(defined($spaghet)){
- my $pid12 = fork();
- if( $pid12 == 0 ){
- push @children_pids, $pid3;
- print "[+] Launching spaghetti\n";
- system("python $spaghet -u $url | aha >$dir/spaghetti.html");
- print "[+] Finished spaghetti\n";
- exit 0;
- }
- }
-
- my $loop = 1;
- $SIG{CHLD} = 'DEFAULT'; # turn off auto reaper
- $SIG{INT} = $SIG{TERM} = sub {$loop = 0; kill -15 => @children_pids};
- while ($loop && getppid() != 1) {
- my $child = waitpid(-1, 0);
- last if $child == -1;
- }
-
- if( length $browser ){
- print "[!] Launching file browser\n";
- system("$browser $dir &");
- }else{
- print "[!] Complete\n";
- }
- exit();
- }
-
root
