Added functionality for pipeing in wordlist information

codingo · codingo · commit b1e33068d17a · 2017-09-25T15:12:31.000+10:00
diff --git a/VHostScan.py b/VHostScan.py
@@ -17,7 +17,7 @@ def main():
     print_banner()
     parser = ArgumentParser()
     parser.add_argument("-t",   dest="target_hosts", required=True, help="Set a target range of addresses to target. Ex 10.11.1.1-255" )
-    parser.add_argument("-w",   dest="wordlist", required=False, type=str, help="Set the wordlist to use (default ./wordlists/virtual-host-scanning.txt)", default="./wordlists/virtual-host-scanning.txt")
+    parser.add_argument("-w",   dest="wordlist", required=False, type=str, help="Set the wordlist to use (default ./wordlists/virtual-host-scanning.txt)")
     parser.add_argument("-b",   dest="base_host", required=False, help="Set host to be used during substitution in wordlist (default to TARGET).", default=False)
     parser.add_argument("-p",   dest="port", required=False, help="Set the port to use (default 80).", default=80)
     parser.add_argument("-r",   dest="real_port", required=False, help="The real port of the webserver to use in headers when not 80 (see RFC2616 14.23), useful when pivoting through ssh/nc etc (default to PORT).", default=False)
@@ -28,20 +28,24 @@ def main():
     parser.add_argument("--ssl", dest="ssl",   action="store_true", help="If set then connections will be made over HTTPS instead of HTTP (default http).", default=False)
     parser.add_argument("-oN",   dest="output_normal", help="Normal output printed to a file when the -oN option is specified with a filename argument." )
     parser.add_argument("-", dest="stdin", action="store_true", help="By passing a blank '-' you tell VHostScan to expect input from stdin (pipe).", default=False)
-    arguments = parser.parse_args()
-
-    if not os.path.exists(arguments.wordlist):
-        print("[!] Wordlist %s doesn't exist, ending scan." % arguments.wordlistt)
-        sys.exit()
-
+    
+    arguments = parser.parse_args()    
+    wordlist = ""
+    
     if(arguments.stdin):
         for line in sys.stdin:
-            print("DEBUG (stdin): %s" % line)
-            return
+            wordlist += line
+    elif(arguments.stdin and arguments.wordlist):
+        if not os.path.exists(arguments.wordlist):
+            print("[!] Wordlist %s doesn't exist and can't be appended  to stdin." % arguments.wordlistt)
+        else:
+            wordlist += open("./wordlists/virtual-host-scanning.txt").read().splitlines()    
+    else:
+        wordlist = open("./wordlists/virtual-host-scanning.txt").read().splitlines()   
 
     print("[+] Starting virtual host scan for %s using port %s and wordlist %s" % (arguments.target_hosts, 
                                                                                    str(arguments.port), 
-                                                                                   arguments.wordlist))
+                                                                                   "placeholder"))
     
     if(arguments.ssl):
         print("[>] SSL flag set, sending all results over HTTPS")
@@ -51,7 +55,8 @@ def main():
     if(arguments.ignore_content_length > 0):
         print("[>] Ignoring Content length: %s" % (arguments.ignore_content_length))
 
-    scanner = virtual_host_scanner(arguments.target_hosts, arguments.base_host, arguments.port, arguments.real_port, arguments.ssl, arguments.unique_depth, arguments.ignore_http_codes, arguments.ignore_content_length, arguments.wordlist)
+    scanner = virtual_host_scanner( arguments.target_hosts, arguments.base_host, wordlist, arguments.port, arguments.real_port, arguments.ssl, 
+                                    arguments.unique_depth, arguments.ignore_http_codes, arguments.ignore_content_length)
     
     scanner.scan()
     output = output_helper(scanner)
diff --git a/lib/core/virtual_host_scanner.py b/lib/core/virtual_host_scanner.py
@@ -19,8 +19,7 @@ class virtual_host_scanner(object):
         output: folder to write output file to
     """
      
-    def __init__(self, target, base_host, port=80, real_port=80, ssl=False, unique_depth=1, ignore_http_codes='404', ignore_content_length=0, 
-                 wordlist="./wordlists/virtual-host-scanning.txt"):
+    def __init__(self, target, base_host, wordlist, port=80, real_port=80, ssl=False, unique_depth=1, ignore_http_codes='404', ignore_content_length=0):
         self.target = target
         self.base_host = base_host
         self.port = int(port)
@@ -40,16 +39,15 @@ def __init__(self, target, base_host, port=80, real_port=80, ssl=False, unique_d
         # store associated data for discovered hosts in array for oN, oJ, etc'
         self.hosts = []
 
-    def scan(self):
-        virtual_host_list = open(self.wordlist).read().splitlines()
 
+    def scan(self):
         if not self.base_host:
             self.base_host = self.target
 
         if not self.real_port:
             self.real_port = self.port
 
-        for virtual_host in virtual_host_list:
+        for virtual_host in self.wordlist:
             hostname = virtual_host.replace('%s', self.base_host)
 
             headers = {
