abhisharma404 / vault Goto Github PK

There's a been a lot of refactoring, checking it again for PEP-8 issues would be a great idea.

Currently port_scanner.py only prints the port found open, we can use a list of some common port name and their associated port number to enhance port scanner.

For eg. If Port -> 21 is found open, then apart from printing the port number, it can also check for most common names associated with that port, here print 'FTP'.

Python nmap would be great to implement this.
https://pypi.org/project/python-nmap/

This feature will make vault to find open-redirect vulnerability.

Currently pressing ctrl+c while scans are going on we get a big traceback.
It would be nice if we can handle that traceback and print something nice like Canceled by the user or something similar.

Read this to understand how to do it properly.

We need to increase our code coverage, for initial we can start off by writing test cases for the following two simple functions :

1. check_url(url: str) in vault.py
2. check_ip(ip: str) in vault.py

User now need to run the scans individually, but we can implement a new feature which will allow the user to run the scans in one go:

A. python3 vault.py -u 'http://url.example.com' -all will perform

1. SSL Scan
2. XSS RFI LFI SQLi
3. Info gathering, comment finding, testing HTTP methods, Clickjacking
4. Fuzzing
5. Crawling

B. python3 vault.py -ip '10.0.2.15' -all will perform

1. IP Scanner
2. Port Scanner

We can extend all the features of Vault to generate a beautiful custom output, which can be in JSON or a simple text file.

Currently Vault only supports XSS Scanning, we need to extend this support to SQLi, LFI, RFI.

Implement a web crawler using Scrapy.

You can read about Scrapy here : https://scrapy.org/
Create a separate module for this, put it inside the src/lib/crawler folder and connect vault.py to it.

Instead of printing white text we can use beautiful combination of red and green to print error and success messages and so on.
Colorama would work great! :)

This will Add cms detection feature to Vault.
It can detect all the popular CMS.

Take the example of src/lib/others/info_gathering/finder/finding_comment.py and implement a similar e-mail finder.

Update the usage section of the README.md and add new updated screenshots, preferably GIFs demonstration of running Vault. Try using Recordit.

Currently, we are checking URL input for every type of option. It would be better if we can make sure that the user starts the vault.py with URL.

But we don't need URL for port scanning so the better solution for is to form a group between IP and URL input.
This will ensure that the user starts the tool with URL or IP given.

Implement ping of death attack, use Scapy to implement this.

Port Scanner uses Scapy to frame and send packets, running without root permission causes the failure of packet sending.
Take the example of def is_root() in src/lib/scanner/ip_scanner/arp_scanner.py and implement it in port_scanner.py.

Currently ip_start_range and ip_end_range in vault.py accepts any value, this gets passed to other modules, without proper validation this can break the code.
Suppose, IP is 192.168.0.1
The last part of IP is the range.
The following needs to be done :

• It should be an integer value.
• Start range should not be negative, i.e. > 0 and less than 255.
• End range should not be negative i.e > 0, greater than start range, and less than 255.
  Add anymore if necessary.

We can beautify our README by adding some screenshots of the main program in action.

Here is one I found, admin_panel payloads should be transferred to the payload folder and re-connected. Find any other if there is and make the changes.

Currently `src/payloads/xss_payloads.txt' contains insufficient payloads. We need to add more payloads.

The keylogger must log every key press, and send collected data over e-mail over a fixed time period by logging in through the provided credentials.

Later on, we will connect this keylogger with backdoor. Ask questions for any doubt.

We need to make our code PEP-8 instructions based and add necessary documentation.

New usage options added to vault.py are currently not updated in README.md

Currently vault.py does not have a mechanism for validating whether the IP entered correct is not, and the value is passed to other modules without checking.

One idea is to use regex to check an IP.

If the jQuery version is old then print the list of vulnerabilities that can be attacked.

We can use scrapy : https://scrapy.org/ to implement this.

Implement a feature that would allow the user to generate a customized backdoor, that they can use in their own way.

Describe the bug
I try to beging a scan and it says: Please Check log file for information about any errors.

Screenshots

Desktop

• OS: Andrax
• Browser Chrome
• Version 2.0

Smartphone (please complete the following information):

• Device: Xiaomi redmi Note 6 Pro
• OS: MIUI 10.3.3
• Browser Chrome
• Version 10.3.3

Additional context
Add any other context about the problem here.

This will add Honeypot Detection feature in Vault.

Implement a de-authentication attack, use Scapy to implement this.

The following features needs to be taken care of:

1. User can pass the interface name
2. If the interface name is valid then use airmon-ng to monitor & collect all the nearby available WiFi networks.
3. Start sending de-auth packets to the selected network.

In vault.py#L912 we are doing

 keyloggerObj = keylogger.Keylogger(interval=args.interval,

but instead it should be

 keyloggerObj = keylogger.keylogger(interval=args.interval,

Notice the lowercase k after = keylogger.

This is because the file name is utilities/keylogger

Currently user can pass URL as -u 'www.url...' in vault.py.
We do not modify or try to check the URL and the URL is straightly forwarded to other modules.

List of URLs passed by user that seem right but they result in error :

1. example.com
2. www.example.com

The correct form is:
http://www.example.com

We can implement an intelligence system that modifies the URL passed by the user accordingly.
This intelligence system is meant to be in the vault.py file itself.

Currently, we have around 1200 lines of code in a single file which is probably not a good practice. Also, this will increase since we are going to continue to add more functions. So it would be good if we can move the functions out of the vault.py file and only keep it as an entry point and maybe perform basic checks on ip/url.

To call other functions we can have maybe a util directory where we can keep all the existing functions. This will increase the number of imports or number of files but it will definitely help us to keep everything clean in vault.py

This feature will help to find the admin panel of a website.

Implement a MAC flood attack, use Scapy to implement this.

Instead of printing errors we can safely log them into a file.

flake8 testing of https://github.com/abhisharma404/vault_scanner on Python 3.7.1

$ flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics

./src/lib/website_scanner/xss/xss.py:29:9: F821 undefined name 'colors'
        colors.info('XSS Vulnerability Engine started...')
        ^
./src/lib/website_scanner/xss/scanner.py:29:21: F821 undefined name 'colors'
                    colors.error('No form found for : {}'.format(url))
                    ^
./src/lib/website_scanner/xss/scanner.py:43:17: F821 undefined name 'colors'
                colors.error('No form found for : {}'
                ^
./src/lib/website_scanner/xss/scanner.py:57:9: F821 undefined name 'colors'
        colors.info('Completed in {}'.format(t2-t1))
        ^
./src/lib/website_scanner/xss/scanner.py:76:17: F821 undefined name 'colors'
                colors.info('VULNERABILITY DETECTED!--> {}'
                ^
./src/lib/website_scanner/xss/scanner.py:78:17: F821 undefined name 'colors'
                colors.success('Link is : {} '.format(url))
                ^
./src/lib/website_scanner/xss/scanner.py:79:17: F821 undefined name 'colors'
                colors.info('Form Data')
                ^
./src/lib/website_scanner/xss/scanner.py:83:17: F821 undefined name 'colors'
                colors.success("OK , Payload : {} , URL : {}"
                ^
8     F821 undefined name 'colors'
8