Closed localhost443 closed 6 years ago
Ekultek
commented
6 years ago What does not working mean exactly? It won’t run, or it doesn’t find any URLs? From your given command, there is no dork, list, website, or randomized specified so there’s no way Zeus will work.
Ekultek
commented
6 years ago Incorrect usage:
baal@baal-Aspire-5733Z:~/bin/tools/zeus-scanner$ sudo python zeus.py -B "inurl:anything inurl:https:// intext:anything intext:another text intext:another text" --random-agent -s --exclude-none --auto
__ __________ __
/ / \____ /____ __ __ ______ \ \
/ / ______ / // __ \| | \/ ___/ ______ \ \
\ \ /_____/ / /\ ___/| | /\___ \ /_____/ / /
\_\ /_______ \___ >____//____ > /_/
\/ \/ \/ v1.2.30.d38732(revision)
https://github.com/ekultek/zeus-scanner.git
Advanced Reconnaissance...
[*] starting up at 07:06:08..
[07:06:08 INFO] log file being saved to '/home/baal/bin/tools/zeus-scanner/log/zeus-log-6.log'...
[07:06:08 INFO] specified to use non-default search engine...
[07:06:08 CRITICAL] failed to provide a mandatory argument, you will be redirected to the help menu...
Usage: zeus.py -d|r|l|f|b| DORK|FILE|URL [ATTACKS] [--OPTS]
Options:
-h, --help show this help message and exit
Mandatory Options:
These options have to be used in order for Zeus to run
-d DORK, --dork=DORK
Specify a singular Google dork to use for queries
-l FILE-PATH, --dork-list=FILE-PATH
Specify a file full of dorks to run through
-r, --rand-dork Use a random dork from the etc/dorks.txt file to
perform the scan
-b URL, --blackwidow=URL
Spider a single webpage for all available URL's
-f FILE-PATH, --url-file=FILE-PATH
Run an attack on URL's in a given file
Attack arguments:
These arguments will give you the choice on how you want to check the
websites
-s, --sqli Run a Sqlmap SQLi scan on the discovered URL's
-p, --port-scan Run a Nmap port scan on the discovered URL's
-a, --admin-panel Search for the websites admin panel
-x, --xss-scan Run an XSS scan on the found URL's
-w, --whois-lookup Perform a WhoIs lookup on the provided domain
-c, --clickjacking Perform a clickjacking scan on a provided URL
-g, --github-search
Perform a Github Gist search for any information on
the found websites
-P, --pgp Perform a PGP public key lookup on the found URLs
--sqlmap-args=SQLMAP-ARGS
Pass the arguments to send to the sqlmap API within
quotes & separated by a comma. IE 'dbms mysql, verbose
3, level 5'
--sqlmap-conf=CONFIG-FILE-PATH
Pass a configuration file that contains the sqlmap
arguments
--nmap-args=NMAP-ARGS
Pass the arguments to send to the nmap API within
quotes & separated by a pipe. IE '-O|-p 445, 1080'
--show-sqlmap Show the arguments that the sqlmap API understands
--show-nmap Show the arguments that nmap understands
--show-possibles Show all connections made during the admin panel
search
--tamper=TAMPER-SCRIPT
Send the XSS payloads through tampering before sending
to the target
--thread Run multiple threads on functions that support multi-
threading
--auto Automatically start the sqlmap API (or at least try
to)
Search options:
Arguments that will control the search criteria
-L HOW-MANY-LINKS, --links=HOW-MANY-LINKS
Specify how many links to try and search on Google
-M, --multi Search multiple pages of Google
-E, --exclude-none Do not exclude URLs because they do not have a
GET(query) parameter in them
-W, --webcache Parse webcache URLs for the redirect in them
--x-forward Add a header called 'X-Forwarded-For' with three
random IP addresses
--time-sec=SECONDS Control the sleep time to the WhoIS lookup to prevent
errors
Anonymity arguments:
Arguments that help with anonymity and hiding identity
--proxy=PROXY-STRING
Use a proxy to do the scraping, will not auto
configure to the API's
--proxy-file=FILE-PATH
Grab a random proxy from a given file of proxies
--random-agent Use a random user-agent from the etc/agents.txt file
--agent=USER-AGENT Use your own personal user-agent
--tor Use Tor connection as the proxy and set the firefox
browser settings to mimic Tor
Search engine arguments:
Arguments to change the search engine used (default is Google)
-D, --search-engine-ddg
Use DuckDuckGo as the search engine
-B, --search-engine-bing
Use Bing as the search engine
-A, --search-engine-aol
Use AOL as the search engine
Misc Options:
These options affect how the program will run
--verbose Run the application in verbose mode (more output)
--batch Skip the questions and run in default batch mode
--update Update to the latest development version
--hide Hide the banner during running
--version Show the current version and exit
-T THREAD-AMOUNT, --x-threads=THREAD-AMOUNT
Specify how many threads you want to pass
--show-success Calculate the dorks success rate and output the
calculation in human readable form
[*] shutting down at 07:06:11..
baal@baal-Aspire-5733Z:~/bin/tools/zeus-scanner$ Pay special attention to this:
Mandatory Options:
These options have to be used in order for Zeus to run
-d DORK, --dork=DORK
Specify a singular Google dork to use for queries
-l FILE-PATH, --dork-list=FILE-PATH
Specify a file full of dorks to run through
-r, --rand-dork Use a random dork from the etc/dorks.txt file to
perform the scan
-b URL, --blackwidow=URL
Spider a single webpage for all available URL's
-f FILE-PATH, --url-file=FILE-PATH
Run an attack on URL's in a given fileCorrect usage:
baal@baal-Aspire-5733Z:~/bin/tools/zeus-scanner$ sudo python zeus.py -B -d "inurl:anything inurl:https:// intext:anything intext:another text intext:another text" --random-agent -s --exclude-none --auto
__ __________ __
/ / \____ /____ __ __ ______ \ \
/ / ______ / // __ \| | \/ ___/ ______ \ \
\ \ /_____/ / /\ ___/| | /\___ \ /_____/ / /
\_\ /_______ \___ >____//____ > /_/
\/ \/ \/ v1.2.30.d38732(revision)
https://github.com/ekultek/zeus-scanner.git
Advanced Reconnaissance...
[*] starting up at 07:07:11..
[07:07:11 INFO] log file being saved to '/home/baal/bin/tools/zeus-scanner/log/zeus-log-8.log'...
[07:07:11 INFO] specified to use non-default search engine...
[07:07:11 INFO] starting dork scan with query 'inurl:anything inurl:https:// intext:anything intext:another text intext:another text'...
[07:07:11 WARNING] will not parse webcache URL's (to parse webcache pass -W)...
[07:07:11 INFO] attempting to gather query URL...
[07:07:11 INFO] firefox browser display will be hidden while it performs the query...
[07:07:11 WARNING] your web browser will be automated in order for Zeus to successfully bypass captchas and API calls. this is done in order to grab the URL from the search and parse the results. please give selenium time to finish it's task...
[07:07:17 INFO] browser will open shortly...
[07:07:18 INFO] searching search engine using query 'http://bing.com'...
[07:07:21 INFO] closing the browser and continuing process..
[07:07:21 INFO] URL successfully gathered, searching for GET parameters...
[07:07:21 INFO] no proxy configuration detected...
[07:07:22 INFO] adjusting user-agent header to Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36...
[07:07:22 INFO] successfully wrote found items to '/home/baal/bin/tools/zeus-scanner/log/url-log/url-log-4.log'...
[07:07:22 INFO] found a total of 6 URLs with given query 'inurl:anything inurl:https:// intext:anything intext:another text intext:another text'...
[07:07:22 INFO] currently running on 'http://go.microsoft.com/fwlink/?LinkID=246338' (target #1)...
[07:07:22 INFO] checking URL headers...
[07:07:22 INFO] checking if target URL is protected by some kind of WAF/IPS/IDS...
[07:07:23 INFO] no WAF/IDS/IPS has been identified on target URL...
[07:07:23 INFO] attempting to get request headers for 'http://go.microsoft.com/fwlink/?LinkID=246338'...
[07:07:23 INFO] found a request cookie, saving to file...
[07:07:23 INFO] successfully wrote found items to '/home/baal/bin/tools/zeus-scanner/log/cookies/go.microsoft.com-cookie.log'...
[07:07:23 WARNING] provided target has protection against multiple attacks...
[07:07:23 WARNING] provided target has protection against clickjacking vulnerabilities...
[07:07:23 WARNING] provided target has protection against MIME type attacks...
[07:07:23 WARNING] provided target has protection against XSS attacks...
[07:07:23 INFO] writing found headers to log file...
[07:07:23 INFO] successfully wrote found items to '/home/baal/bin/tools/zeus-scanner/log/header-log/go.microsoft.com-headers.json'...
[07:07:23 PROMPT] would you like to process found URL: 'http://go.microsoft.com/fwlink/?LinkID=246338'[y/N]: n
[07:07:31 WARNING] skipping 'http://go.microsoft.com/fwlink/?LinkID=246338'...
[07:07:31 INFO] currently running on 'http://go.microsoft.com/fwlink/?LinkID=617297' (target #2)...
[07:07:31 INFO] checking URL headers...
[07:07:31 INFO] checking if target URL is protected by some kind of WAF/IPS/IDS...
[07:07:31 INFO] no WAF/IDS/IPS has been identified on target URL...
[07:07:31 INFO] attempting to get request headers for 'http://go.microsoft.com/fwlink/?LinkID=617297'...
[07:07:33 INFO] found a request cookie, saving to file...
[07:07:33 INFO] successfully wrote found items to '/home/baal/bin/tools/zeus-scanner/log/cookies/go.microsoft.com(1).log'...
[07:07:33 WARNING] provided target has protection against multiple attacks...
[07:07:33 WARNING] provided target has protection against clickjacking vulnerabilities...
[07:07:33 WARNING] provided target has protection against MIME type attacks...
[07:07:33 WARNING] provided target has protection against XSS attacks...
[07:07:33 INFO] writing found headers to log file...
[07:07:33 INFO] successfully wrote found items to '/home/baal/bin/tools/zeus-scanner/log/header-log/go.microsoft.com(1).json'...
[07:07:33 PROMPT] would you like to process found URL: 'http://go.microsoft.com/fwlink/?LinkID=617297'[y/N]: n
[07:07:38 WARNING] skipping 'http://go.microsoft.com/fwlink/?LinkID=617297'...
[07:07:38 INFO] currently running on 'http://go.microsoft.com/fwlink/?LinkId=521839' (target #3)...
[07:07:38 INFO] checking URL headers...
[07:07:38 INFO] checking if target URL is protected by some kind of WAF/IPS/IDS...
[07:07:39 INFO] no WAF/IDS/IPS has been identified on target URL...
[07:07:39 INFO] attempting to get request headers for 'http://go.microsoft.com/fwlink/?LinkId=521839'...
[07:07:39 INFO] found a request cookie, saving to file...
[07:07:39 INFO] successfully wrote found items to '/home/baal/bin/tools/zeus-scanner/log/cookies/go.microsoft.com(2).log'...
[07:07:39 WARNING] provided target has protection against multiple attacks...
[07:07:39 WARNING] provided target has protection against clickjacking vulnerabilities...
[07:07:39 WARNING] provided target has protection against MIME type attacks...
[07:07:39 WARNING] provided target has protection against XSS attacks...
[07:07:39 INFO] writing found headers to log file...
[07:07:39 INFO] successfully wrote found items to '/home/baal/bin/tools/zeus-scanner/log/header-log/go.microsoft.com(2).json'...
[07:07:39 PROMPT] would you like to process found URL: 'http://go.microsoft.com/fwlink/?LinkId=521839'[y/N]: n
[07:07:41 WARNING] skipping 'http://go.microsoft.com/fwlink/?LinkId=521839'...
[07:07:41 INFO] currently running on 'http://go.microsoft.com/?linkid=9844325' (target #4)...
[07:07:41 INFO] checking URL headers...
[07:07:41 INFO] checking if target URL is protected by some kind of WAF/IPS/IDS...
[07:07:44 INFO] no WAF/IDS/IPS has been identified on target URL...
[07:07:44 INFO] attempting to get request headers for 'http://go.microsoft.com/?linkid=9844325'...
[07:07:47 WARNING] provided target has protection against clickjacking vulnerabilities...
[07:07:47 WARNING] provided target has protection against unencrypted connections (force HTTPS connection)...
[07:07:47 INFO] writing found headers to log file...
[07:07:47 INFO] successfully wrote found items to '/home/baal/bin/tools/zeus-scanner/log/header-log/go.microsoft.com(3).json'...
[07:07:47 PROMPT] would you like to process found URL: 'http://go.microsoft.com/?linkid=9844325'[y/N]: y
[07:07:48 INFO] creating arguments for sqlmap...
[07:07:48 INFO] attempting to launch sqlmap API...
[07:07:48 ERROR] there was a problem starting sqlmap API...
[07:07:48 PROMPT] manually start the API and press enter when ready...
[07:08:42 INFO] initializing new sqlmap scan with given URL 'http://go.microsoft.com/?linkid=9844325'...
[07:08:42 INFO] gathering sqlmap API scan ID...
[07:08:42 INFO] starting sqlmap scan on url: 'http://go.microsoft.com/?linkid=9844325'...
[07:08:42 WARNING] please keep in mind that this is the API, output will not be saved to log file, it may take a little longer to finish processing, launching sqlmap...
------------------------------
sqlmap> [07:08:44 INFO] testing connection to the target URL
^C[07:08:48 ERROR] user aborted process...
[*] shutting down at 07:08:48..
localhost443
commented
6 years ago Why the results are so different, I am not understanding . Here is the screenshot http://prntscr.com/heozju I tried : sudo python zeus.py -d "inurl:php?= inurl:https:// intext:order now intext:bra intext:select size" --random-agent -s --exclude-none --auto Note: removed -B becoz I wanted to use google as my search Engine .
Ekultek
commented
6 years ago Well firstly, the screenshot you sent, and the slightly creep dork you're saying you used, are completely different. And the results are probably different because of your location (when zeus launches your headless browser, it doesn't do the same thing as launching the browser yourself). You should try (instead) using smaller dorks with OR in between them. IE:
inurl:php?id=10 OR inurl:php?status=10 OR inurl:php?state=10
You could also try -M -L <NUM> and search for a whole lot more sites that way.
And also, you aren't parsing the webcache URL's when running on Google. (-W) which can cause results to be different as well:
http://webcache.googleusercontent.com/search?q=cache:ZjH54Ej6AAMJ:https://vk.com/away.php?to%3Dhttps%253A%252F%252Fwww.facebook.com%252FBlackHoneyUK%252Ftimeline%26post%3D-120623828_4%2Binurl:php?%3D+inurl:https+intext:order+now+intext:honey&hl=en&gbv=2&ct=clnk
https://vk.com/away.php?to=https%3A%2F%2Fkinsta.com%2Flearn%2Ftaking-small-business-online-the-honey-elixir-project%2F
http://webcache.googleusercontent.com/search?q=cache:0QogjkDRlEQJ:https://vk.com/away.php?to%3Dhttps%253A%252F%252Fkinsta.com%252Flearn%252Ftaking-small-business-online-the-honey-elixir-project%252F%2Binurl:php?%3D+inurl:https+intext:order+now+intext:honey&hl=en&gbv=2&ct=clnk
https://www.hartunghoney.com/index.php?id_product=15&controller=product
http://webcache.googleusercontent.com/search?q=cache:mZForW7WuuAJ:https://www.hartunghoney.com/index.php?id_product%3D3%26controller%3Dproduct%2Binurl:php?%3D+inurl:https+intext:order+now+intext:honey&hl=en&gbv=2&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:2ts-wdYorAcJ:https://www.hartunghoney.com/index.php?id_category%3D14%26controller%3Dcategory%2Binurl:php?%3D+inurl:https+intext:order+now+intext:honey&hl=en&gbv=2&ct=clnk
http://webcache.googleusercontent.com/search?q=cache:l8EC3B-7HmQJ:https://www.hartunghoney.com/index.php?id_product%3D15%26controller%3Dproduct%2Binurl:php?%3D+inurl:https+intext:order+now+intext:honey&hl=en&gbv=2&ct=clnk
What's the problem
Dork using long text (with space) not working , and not givining the result it should
Running context
Any idea on a solution?
N
Full console commands run
sudo python zeus.py -B "inurl:anything inurl:https:// intext:anything intext:another text intext:another text" --random-agent -s --exclude-none --auto
Stacktrace (if applicable)
Full file log information