owlsec 0.9

No project description provided

OwlSec Toolkit

Description

OwlSec Toolkit is a Python package designed to streamline and automate various penetration testing tasks, such as discovering subdomains, identifying interesting URLs, port scanning, SSL checking, and more. The toolkit provides a comprehensive and modular approach, making it a flexible tool for cybersecurity professionals and enthusiasts. We take a more passive overview with more additions to be added in the future.

Features

• Subdomain Enumeration: Retrieve and display subdomains and interesting URLs from archives.
• Port Scanning: Identify open TCP and UDP ports.
• Web Server Identification: Check for alternative web servers on identified ports.
• Common Files & Directories Discovery: Check for common files and directories on each identified web server.
• Login Forms Discovery: Identify possible login forms and display their parameters.
• SSL Certificate Checker: Analyze and display SSL certificate details for a domain.

Installation

Install the package using pip:

YOU MAY NEED TO MANUALLY DOWNLOAD HTTPX

• https://github.com/projectdiscovery/httpx/releases/download/v1.3.5/httpx_1.3.5_linux_386.zip If you run pip install owlsec as root, you will be fine but if you want to use it as is, you will need to download the httpx file and manually move it into the installation folder, then run chmod +x httpx which will look something like:

wget https://github.com/projectdiscovery/httpx/releases/download/v1.3.5/httpx_1.3.5_linux_386.zip
unzip httpx_1.3.5_linux_386.zip
chmod +x httpx
mv httpx /home/kali/.local/lib/python3.11/site-packages/owlsec/scripts/pentesting/

pip install owlsec

Usage

The toolkit can be used as a library in your Python projects or as a standalone script. Below is a basic usage guide:

As a Standalone Script

1. Run the script and provide the domain or IP address as input:

python3 main.py

1. Follow the on-screen prompts and provide the necessary input.

As a Library

• You can import the toolkit's functionalities into your own Python scripts:

from owlsec import (
    get_subdomains_and_urls, 
    run_httpx_for_domain, 
    get_file_details,
    get_burp_responses,
    port_scan,
    SSLChecker
)

Use these functions as per your requirement in your custom scripts.

Functions and Descriptions

print_interesting_urls_and_subdomains(domain)

• Prints interesting URLs and subdomains of the given domain.

print_port_scan_results(domain)

• Prints the results of a port scan on the specified domain.

print_httpx_results(domain)

• Prints the HTTPx result for the given domain.

print_file_details(domain)

• Prints details of common files and directories for the given domain.

print_login_forms(domain)

• Prints potential login forms found on the given domain.

check_and_print_ssl_status(domain)

• Checks and prints the SSL status of the specified domain.

Disclaimer

This tool is intended for educational and legal penetration testing purposes only. The developers assume no responsibility for any misuse of this toolkit.