owasp / d4n155 Goto Github PK

View Code? Open in Web Editor NEW

197.0 21.0 46.0 8.08 MB

OWASP D4N155 - Intelligent and dynamic wordlist using OSINT

Home Page: https://owasp.org/www-project-d4n155/

License: GNU General Public License v3.0

Shell 76.93% Python 3.83% Go 19.24%

osint wordlist dynamic crawler raport scraping dorking google duckduckgo tool

d4n155's Introduction

OWASP D4N155

It's an information security audit tool that creates intelligent wordlists based on the content of the target page.

Help us, See some calculations used

Ongoing projects 👷: D4N155 in docker 🎁, Web API D4N155 ☁️, Telegram bot 🤖

Install

Need to: Python3.6, Bash (GNU Bourne-Again SHell), Go

Optional: Git

Source

git clone https://github.com/owasp/D4N155.git
cd D4N155
pip3 install -r requirements.txt
bash main

Or whithout git

wget -qO- https://github.com/owasp/D4N155/archive/master.zip | bsdtar -xf-
cd D4N155-master
pip3 install -r requirements.txt
bash main

Docker

In image:

FROM docker.pkg.github.com/owasp/d4n155/d4n155:latest

Cli:

docker pull docker.pkg.github.com/owasp/d4n155/d4n155:latest
docker run -it d4n155

Manual

    D4N155: Tool for smart audit security

    Usage: bash main <option> <value>
    All options are optionals

    Options:
	-w, --wordlist	<url|ip>	Make the smartwordlist based in informations
					on website.
	-t, --targets	<file>  	Make the smart-wordlist based in your passed
					source informations in urls.
	-b, --based	<file>		Analyze texts to generate the
					custom wordlist
	-r, --rate	<time>		Defines time interval between requests
	-o, --output	<file>		For to store the all wordlist.
  	-?a, --aggressive      Aggressive reading with headless
	-h, --help			Show this mensage.

     Value: <url | ip | source | file | time>
	URL				URL target, example: scanme.nmap.org
	IP				IP address
	TIME				Time, example: 2.5. I.e: 00:00:02:30.. 0 are default
	FILE				File, for save the result, get urls or using in
					wordlist

d4n155's People

Contributors

Stargazers

Watchers

Forkers

greenmind-sec austinsonger coredamage matholiveira91 bbhunter evrohachik adityavs modulexcite ashr 5l1v3r1 masterscott luongphuhoa hacker-steroids nateambringit fdlucifer polling-repo-continua quinn-yan an0nym0u5101 l1kw1d arman1388 0xdeepmehta jayasimha106 blun7 gh0st0ne anubisant iamech0ech0 jshel medeiros-cyber ktzgraph isabella232 fedeb95 amineyacine silocityit brianvandamme jgoodacre93 despratesparten excloudx6 dassana-github-app-test 13233358 ilir4734 knife2010 bacchus19408 jul10l1r4 longjoe76 de127

d4n155's Issues

Não está salvando a lista de textos estaticos apartir da forma interativa

Bct q ódio, resolver esse B.O né

invalid format in printf

There are some strings that break the printf command in read.sh file.

As a result of the following error, the wordlists file was not created.

Slow generator.py

In time of make wordlist, the script generator.py are very slow.
Replace for: https://github.com/Jul10l1r4/gomutation/tree/master
Using compiled version

Output File WC "No such file or directory"

Hi again!
Now im trying to run the script with the folowing params (based on the previous issue) and found that the script does not output a wordlist, instead it throws some bash errors on "no such file or directory" when trying to do the wc/cat command.

$ sudo bash main -t some-file.txt
(...)
             [ OWASP D4N155 ]

Targets inputed in   some-file.txt  
⣷ Make operations panic: open reports/db/wordlist.blob.txt: no such file or directory

⣾ Make operations ]:
main.check(...)
	/home/kali/HackTheWorld/experiments/D4N155/modules/GoMutation.go:13
main.main()
	/home/kali/HackTheWorld/experiments/D4N155/modules/GoMutation.go:92 +0xd0c
⣾ Make operations  Wordlist has been saved in
./reports/wordlist/wordlist.txt
wc: reports/db/wordlist.blob.txt: No such file or directory
wc: reports/db/wordlist.blob.txt: No such file or directory
cat: reports/wordlist/wordlist.txt: No such file or directory
[ ✔ ] The file has been saved in
  	→ report-custom.html

Is there any way to bypass this?

leet applied on all final content

hi, I've seen that leet is applied only to the upper case letters of the original list of words you supply with -b parameter. Shouldn't it leet all final combinations of words and add them to the final list, also exchanging lowercase letters with numbers?

I can work of this if needed. Otherwise I'll just work on making further processing from the generated wordlist.

Make hook feature for report

Dot env for send data:
hook="URL$text"

Open one geckomotor and others urls add new tab

Improvments:

Save Memory
Save CPU
Save Time

HTTPS Support

I'm trying to scan sites with https and it's prompting the following:

1) Make wordlist tradicional                                                                                       
2) Make wordlist aggressive
D4N155%#~> 2
[ ✔ ] Gecko file exists
Target is: https://twitter.com/sm4rtk1dz                            
Time interval in seconds (Default: -1): 
 Beginning attack, with Google indexations
Finalized search to httpstwitter.comsm4rtk1dz, database
has been saved in reports/db/httpstwitter.comsm4rtk1dz.txt
Reading urls content 0-0

Traceback (most recent call last):
  File "modules/read.py", line 22, in <module>
    print(aggressive_read(target))
  File "modules/read.py", line 10, in aggressive_read
    driver.get(f'http://{url}')
  File "/home/kali/.local/lib/python3.8/site-packages/selenium/webdriver/remote/webdriver.py", line 333, in get
    self.execute(Command.GET, {'url': url})
  File "/home/kali/.local/lib/python3.8/site-packages/selenium/webdriver/remote/webdriver.py", line 321, in execute
    self.error_handler.check_response(response)
  File "/home/kali/.local/lib/python3.8/site-packages/selenium/webdriver/remote/errorhandler.py", line 242, in check_response
    raise exception_class(message, screen, stacktrace)
selenium.common.exceptions.InvalidArgumentException: Message: Malformed URL: http:// is not a valid URL.

:.........................................[ ✔ ]
⣻ Make operations 
 Wordlist has been saved in
→ reports/wordlist/httpstwitter.comsm4rtk1dz.wordlist.txt                                                          
[ ✔ ] The file has been saved in
        → report-httpstwitter.html

anyone knows how can I solve this? or if it's actually intended to scan Social media.

numpy version error with python 3.9

when I do pip install -r requirements.txt, I get numpy version error.
I use python version = 3.9.x

Pagodo are complex and limited

Limit:

Only google search (Errors)
Complex
Bad used