forked from stanislav-web/OpenDoor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.rst
255 lines (198 loc) · 8.61 KB
/
README.rst
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
OWASP WEB Directory Scanner |Twitter|
=====================================
+----------+------------------+------------------+
| Python | Linux | OSX |
+==========+==================+==================+
| 3.9 | |Build Status| | |Build Status| |
+----------+------------------+------------------+
| 3.10 | |Build Status| | |Build Status| |
+----------+------------------+------------------+
**OpenDoor OWASP** is console multifunctional web sites scanner. This
application find all possible ways to login, index of/ directories, web
shells, restricted access points, subdomains, hidden data and large
backups. The scanning is performed by the built-in dictionary and
external dictionaries as well. Anonymity and speed are provided by means
of using proxy servers. Software is written for informational purposes
and is open source product under the GPL license.
***(Due to the incorrect operation of "SSL" the support for "Python 2.7"
is terminated)*** \* *Current 4.0.1-beta (23.02.2021)* - Directories
- 37019 - Subdomains - 181018
***Testing of the software on the live commercial systems and
organizations is prohibited!***
.. figure:: http://dl3.joxi.net/drive/2017/01/30/0001/0378/90490/90/e309742b5c.jpg
:alt: OpenDoor OWASP
Alt text
Implements
^^^^^^^^^^
- [x] multithreading control
- [x] scan's reports
- [x] directories scanner
- [x] subdomains scanner
- [x] HTTP(S) (PORT) support
- [x] Keep-alive long pooling
- [x] HTTP(S)/SOCKS proxies
- [x] dynamic request header
- [x] custom word-lst's prefixes
- [x] custom word-lists, proxies, ignore lists
- [x] debug levels (-1 (silent), 1-3)
- [x] extensions filter
- [x] custom reports directory
- [x] custom config wizard (use random techniques)
- [x] analyze techniques
- detect redirects
- detect an index of/ Apache
- detect large files
- heuristic detect invalid web pages
- blank success page filter
- certificate required pages
- [x] randomization techniques
- random user-agent per request
- random proxy per request
- word-lists shuffling
- word-lists filters
Install PIP
^^^^^^^^^^^
::
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
Local installation and run
^^^^^^^^^^^^^^^^^^^^^^^^^^
::
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
pip3 install -r requirements.txt
chmod +x opendoor.py
python3 opendoor.py --host http://www.example.com
Global installation (Preferably for OS distributions)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
::
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 setup.py build && python3 setup.py install
opendoor --host http://www.example.com
Updates
^^^^^^^
::
python3 opendoor.py --update
opendoor --update
`Changelog <CHANGELOG.md>`__ (last changes)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
v4.0.1-beta (23.02.2021)
------------------------
::
- Python 2.6,2.7 is unsupported
- Update directories.dat 36994 -> 37019
- [enhancement] [#PR-40](https://github.com/stanislav-web/OpenDoor/issues/40) added encoding to setup.py
- [bugfix] [#PR-48](https://github.com/stanislav-web/OpenDoor/issues/48) Python 3.9 / 3.10 compatibility
- [bugfix] [#PR-20](https://github.com/stanislav-web/OpenDoor/issues/20) No timeout setup in request
- [enhancement] [#PR-36](https://github.com/stanislav-web/OpenDoor/issues/36) Feature Request: Show only found items
v3.4.481-stable (02.10.2017)
----------------------------
::
- Fixed bugs with externals wordlists
- Added 80018 subdomains
v3.4.47-rc Gained more Power! (05.07.2017)
------------------------------------------
::
- Added IPs lookup for subdomains scan
- Added missing HTTP statuses
- Bugfix: encoding errors (supported cp1251,utf8,utf16) for body analyze
- Bugfix: allow to use both --random-list & --extension params
- Directory closing slash has been removed
- Support Internationalized Domain Names IDNA
- Removed --indexof (-i) params
- Add --ignore-extensions -i param to ignore selected extension
- Added --sniff param to process responses
- indexof (detect Apache Index Of/ directories)
- file (detect large files)
- collation (heurisic detect invalid web pages)
- skipempty (skip empty valid pages)
- Internal dictionaries has been filtered out. Delete all duplicates
- Added +990 unique directories (36931)
Help
^^^^
::
usage: opendoor.py [-h] [--host HOST] [-p PORT] [-m METHOD] [-t THREADS]
[-d DELAY] [--timeout TIMEOUT] [-r RETRIES]
[--accept-cookies] [--debug DEBUG] [--tor]
[--torlist TORLIST] [--proxy PROXY] [-s SCAN] [-w WORDLIST]
[--reports REPORTS] [--reports-dir REPORTS_DIR]
[--random-agent] [--random-list] [--prefix PREFIX]
[-e EXTENSIONS] [-i IGNORE_EXTENSIONS] [--sniff SNIFF]
[--update] [--version] [--examples] [--docs]
[--wizard [WIZARD]]
optional arguments:
-h, --help show this help message and exit
required named options:
--host HOST Target host (ip); --host http://example.com
Application tools:
--update Update from CVS
--version Get current version
--examples Examples of usage
--docs Read documentation
--wizard [WIZARD] Run wizard scanner from your config
Debug tools:
--debug DEBUG Debug level -1 (silent), 1 - 3
Reports tools:
--reports REPORTS Scan reports (json,std,txt,html)
--reports-dir REPORTS_DIR
Path to custom reports dir
Request tools:
-p PORT, --port PORT Custom port (Default 80)
-m METHOD, --method METHOD
Request method (use HEAD as default)
-d DELAY, --delay DELAY
Delay between requests threading
--timeout TIMEOUT Request timeout (30 sec default)
-r RETRIES, --retries RETRIES
Max retries to reconnect (default 3)
--accept-cookies Accept and route cookies from responses
--tor Using built-in proxylist
--torlist TORLIST Path to custom proxylist
--proxy PROXY Custom permanent proxy server
--random-agent Randomize user-agent per request
Sniff tools:
--sniff SNIFF Response sniff plugins
(indexof,collation,file,skipempty)
Stream tools:
-t THREADS, --threads THREADS
Allowed threads
Wordlist tools:
-s SCAN, --scan SCAN Scan type scan=directories or scan=subdomains
-w WORDLIST, --wordlist WORDLIST
Path to custom wordlist
--random-list Shuffle scan list
--prefix PREFIX Append path prefix to scan host
-e EXTENSIONS, --extensions EXTENSIONS
Force use selected extensions for scan session -e
php,json e.g
-i IGNORE_EXTENSIONS, --ignore-extensions IGNORE_EXTENSIONS
Ignore extensions for scan session -i aspx,jsp e.g
Maintainers
^^^^^^^^^^^
- @stanislav-web https://github.com/stanislav-web (Developer)
Tests
~~~~~
::
pip3 install -r requirements-dev.txt
python setup.py test
Contributors
~~~~~~~~~~~~
If you like to contribute to the development of the project in that case
pull requests are open for you. Also, you can suggest an ideas and
create a task in my track list
|Issues| |License: GPL v3| |Say Thanks!|
Documentation
~~~~~~~~~~~~~
- `Opendoor OWASP
CookBook <https://github.com/stanislav-web/OpenDoor/wiki>`__
- `Issues <https://github.com/stanislav-web/OpenDoor/issues>`__
.. |Twitter| image:: https://img.shields.io/twitter/url/https/github.com/stanislav-web/OpenDoor.svg?style=social
:target: https://twitter.com/intent/tweet?text=Wow:&url=https://github.com/stanislav-web/OpenDoor
.. |Build Status| image:: https://travis-ci.org/stanislav-web/OpenDoor.svg?branch=master
:target: https://travis-ci.org/stanislav-web/OpenDoor
.. |Issues| image:: https://badge.waffle.io/stanislav-web/OpenDoor.png?label=Ready
:target: https://waffle.io/stanislav-web/OpenDoor
.. |License: GPL v3| image:: https://img.shields.io/badge/License-GPL%20v3-blue.svg
:target: http://www.gnu.org/licenses/gpl-3.0
.. |Say Thanks!| image:: https://img.shields.io/badge/SayThanks.io-%E2%98%BC-1EAEDB.svg
:target: https://saythanks.io/to/stanislav-web