OWASP/1.3

1.3 -- #FiqueEmCasa

README.md

@@ -10,9 +10,9 @@ It's an information security audit tool that creates intelligent wordlists based
 Ongoing projects :construction_worker:: [D4N155 in docker :gift:](https://github.com/OWASP/D4N155/tree/docker), [Web API D4N155 :cloud:](https://github.com/OWASP/D4N155/tree/api)
 
 ## Install
-Need to: [Python3.6](https://realpython.com/installing-python/), [Bash (GNU Bourne-Again SHell)](https://www.gnu.org/software/bash/#download)
+Need to: [Python3.6](https://realpython.com/installing-python/), [Bash (GNU Bourne-Again SHell)](https://www.gnu.org/software/bash/#download), [Go](https://golang.org/dl/)
 
-Optional: [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git), [Groff](https://www.gnu.org/software/groff/)
+Optional: [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
 ## Source
 
 ```bash

main

@@ -61,7 +61,7 @@ help="""
 	FILE				File, for save the result, get urls or using in
 					 wordlist
 
-     Version: 0.9
+     Version: 1.3
 
      It's GNU/GPL version 3
      Project page: https://github.com/owasp/D4N155"""
@@ -73,6 +73,13 @@ printf "\033[32m"
 
 trap -- "printf \"\n$bug\";kill $! &> /dev/null;exit 2" "SIGINT"
 
+__compile(){
+  go build -o modules/GoMutation modules/GoMutation.go && \
+  echo "$success Compiled GoMutation" || echo "$error Golang dont installed"
+}
+
+test -x "modules/GoMutation" || __compile
+
 #	Menu
 __interative(){
 	printf "\033[0m"

modules/GoMutation.go

@@ -0,0 +1,118 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+	"io/ioutil"
+	"os"
+	"strconv"
+)
+// Check if err
+func check(e error) {
+    if e != nil {
+        panic(e)
+    }
+}
+// Removing duplicated items
+func unique(intSlice []string) []string {
+    keys := make(map[string]bool)
+    list := []string {}
+    for _, entry := range intSlice {
+        if _, value := keys[entry]; !value {
+            keys[entry] = true
+            list = append(list, entry)
+        }
+    }
+    return list
+}
+
+// Pure functions
+func leet(word string) string {
+	return strings.NewReplacer("A","4", "E", "3", "I", "1", "O", "0", "S", "5", "T", "7", "B", "8").Replace(word)
+}
+func count1to8(word string) []string {
+        list := []string {word}
+        for i := 0; i < 9; i++ {
+                list = append(list,list[len(list)-1]+strconv.Itoa(i))
+        }
+        return list
+}
+func year90(word string) []string {
+        list := []string {word}
+        for i := 99; i > 89; i-- {
+                list = append(list,word+strconv.Itoa(i))
+        }
+        return list
+}
+func year2000(word string) []string {
+        list := []string {word}
+        for i := 2020; i > 1999; i-- {
+                list = append(list,word+strconv.Itoa(i))
+        }
+        return list
+}
+func swapCase(r rune) rune {
+    switch {
+    case 'a' <= r && r <= 'z':
+        return r - 'a' + 'A'
+    case 'A' <= r && r <= 'Z':
+        return r - 'A' + 'a'
+    default:
+        return r
+    }
+}
+func inverter(word string) string {
+	runes := []rune(string(word))
+	for i, j := 0, len(runes)-1; i < j; i, j = i+1, j-1 {
+		runes[i], runes[j] = runes[j], runes[i]
+	}
+	return string(runes)
+}
+func mess(word string, allList []string) []string {
+	list := []string {}
+	for _, i := range allList {
+		list = append(list, word + i)
+	}
+	return list
+}
+func combine(allList []string) []string {
+	finalWords := []string {}
+
+	for _, i := range allList {
+		finalWords = append(finalWords, mess(i, allList)...)
+	}
+
+	return finalWords
+}
+
+func main() {
+	finalContent := []string {}
+	// Read base file
+	blob, err := ioutil.ReadFile(os.Args[1])
+	check(err)
+	content := strings.Fields(string(blob))
+	finalContent = append(content, combine(content)...)
+
+	// Running functions for make wordlist
+	for _, word := range content {
+		finalContent = append(finalContent, leet(word))
+		finalContent = append(finalContent, count1to8(word)...)
+		finalContent = append(finalContent, year90(word)...)
+		finalContent = append(finalContent, year2000(word)...)
+		finalContent = append(finalContent, strings.ToUpper(word))
+		finalContent = append(finalContent, strings.ToLower(word))
+		finalContent = append(finalContent, strings.Map(swapCase, word))
+		finalContent = append(finalContent, inverter(word))
+	}
+
+	// Save data
+	file, errCreate := os.Create(os.Args[2])
+	check(errCreate)
+	defer file.Close()
+	data := []byte(strings.Join(unique(finalContent), "\n"))
+	numberWrote, errWrite := file.Write(data)
+	check(errWrite)
+	if numberWrote < 1 {
+		fmt.Println("1b?")
+	}
+}

modules/colors.sh

@@ -7,5 +7,5 @@ end='\e[0m'
 bgred='\e[41m'
 
 # Status
-correct="[\e[1m\e[92m ✔ $end$green]"
-incorrect="[\e[1m\e[92m ✘ $end$green]"
+correct="$end$green[\e[1m\e[92m ✔ $end$green]$end"
+incorrect="$end$green[\e[1m\e[92m ✘ $end$green]$end"

modules/functions.sh

@@ -81,18 +81,18 @@ __wordlist(){
 
   if [ "$?" == "0" ]
   then
-    echo -e "Finalized search to $target, database\nhas been saved in$orange reports/db/$target.txt$green"
+    echo -e "Finalized search to $target, database\nhas been saved in$orange reports/db/$target.txt$end"
   else
-    echo -e "$red The file dont has been saved, the result was found?$green"
+    echo -e "$red The file dont has been saved, the result was found?$end"
     exit 2
   fi
 
-  echo "Make the wordlist *-*"
+  echo "Reading urls content 0-0"
 
   . modules/operations/calc.sh "reports/db/$target.txt" "$target" "$dest"
 
   test "$?" == 0 && \
-    echo -e "$green Wordlist has been saved in\n$orange$dest$end" || \
+    echo -e "\n$green Wordlist has been saved in\n→ $orange$dest$end" || \
     exit 1
 
   # clear trash files
@@ -138,7 +138,7 @@ __cus() {
   [ $2 ] && export save="$2" || export save="_wordlist.txt"
   echo "$save"
   echo "Processing all data..."
-  python3 "modules/generator.py" "$1" >> "$save" && \
+  ./modules/GoMutation "$1" "$save" && \
     ( echo -e "$correct Wordlist been created in $save"; exit 0 ) || \
     echo -e "$incorrect Error fatal, don't create file"; exit 2
 

modules/load.sh

@@ -10,6 +10,6 @@ spin() {
 _load(){
   while :;do
     spin "$1"
-  done & trap "kill -9 $!" exit &> /dev/null
-  eval "$2"
+  done & trap "kill -9 $! 2> /dev/null" exit 2> /dev/null
+  eval "$2" > /dev/null
 }

modules/operations/calc.sh

@@ -14,13 +14,13 @@
 				echo -e ":.........................................$correct" || \
 			  echo -e ":.........................................$incorrect"
       sleep $time
-		done && _load "Make operations:" """python3 'modules/generator.py' reports/db/$2.blob.txt > $3
+		done && _load "Make operations" """./modules/GoMutation reports/db/$2.blob.txt $3
       if [ \"$?\" != \"0\" ]
       then
         echo -e \"\n$red Error fatal$green\"
         [ -e reports/db/$2.blob.txt ] && rm -rf reports/db/$2.*
         exit 2
       fi
       """
-      kill -9 $! &> /dev/null
+      kill $! 1> /dev/null
 }

modules/report/main.sh

@@ -110,38 +110,8 @@ echo -e """
 </body>
 </html>
 """ >> ./report-$name.html && \
-  ( echo -e "$correct The file has been saved in\n $orange \t→ report-$name.html $end" ) || \
-  ( echo -e "$incorrect Dont can write in this directory?" )
-
-  # Head default of groff
-  # https://www.gnu.org/software/groff/manual/groff.html#Page-Layout
-  echo """
-.TL
-Report of $name
-.PP
-Was processed \fB$numberOfUrls\fP 
-urls with \fB$numberOfContents\fP letters and
-\fB$numberOfWords\fP words,
-resulted in \fB$numberOfResult\fP passwords possibles, based on these
-.HnS 1
-.HR
-.URL https://adasecurity.github.io/D4N155/theories/ operations
-.HR
-.HnE
-
-Urls analyzed:
-.CDS
-$contentsOfUrls
-.CDE
-
-.PP
-\fIGenerated by D4N155\fP
-
-""" | groff -ms -mwww  -T pdf > "./report-$name.pdf" && \
-  ( echo -e "$correct The file has been saved in\n $orange \t→ report-$name.pdf $end " ) || \
-  ( echo -e "$incorrect groff dont are installed?";exit 2 )
+	echo -e "$correct The file has been saved in\n $orange \t→ report-$name.html $end" || \
+	echo -e "$incorrect Dont can write in this directory?"
 }
-
 # call
 __make
-

requirements.txt

@@ -4,5 +4,5 @@ numpy==1.15.4
 requests==2.20.1
 mechanicalsoup==0.12.0
 selenium==3.14.1
-getrails==1.5
+getrails==3.0
 objetive==0.6