# El objetivo de este script es agilizar el proceso de revision manual de paginas web a partir de una lista o rango de IPs.
#
# Uso:
#     ~# python ip2html.py
# o:
#     ~# python ip2html.py [iplist.txt]
#
# Almacena las paginas de forma local y en un formato de facil acceso. El resultado contiene cabeceras, indica si la pagina
# requiere autenticacion (Basic Auth) y en caso de requerirla prueba las credenciales: admin:admin.
#
# Se puede usar un puerto de otro servicio que no sea HTTP. Obtiene los banners de FTP, SSH y TELNET.
#
# Mientras esta corriendo genera los resultados en: log/index.html.
#
#
# hkm@hakim.ws - 4/22/2010
# *Este script uiliza nmap de Fyodor: http://nmap.org/

# Para abrir automaticamente firefox puede ser necesario editar la siguiente linea:
firefox = "/usr/bin/firefox"

print "\n    #################################################"
print "   #                                               #"
print "  #                   ip2html.py                  #"
print " #                                               #"
print "################################## hkm@hakim.ws #\n"

import socket, sys, os, time, datetime, urllib2, urllib, re
from datetime import datetime, date
from random import randint

socket.setdefaulttimeout(5)

def guardaultimo():
	output = open("ultimaip.txt", "w")
	output.writelines(lista[k])
	output.close()

def termina():
	print "\n[FIN] - [+]"+str(p)+" [ ]"+str(n)+" : ("+str(int(time.time()-start))+" s)\n"
	os.system("rm iplist.txt")
	output = open("log/menu.html", "a")
	output.writelines("<small><center>[+]"+str(p)+" [ ]"+str(n)+" : ("+str(int(time.time()-start))+" s)</center><hr></small>")
	output.close()
	stoprefresh()

def stoprefresh():
	outputf = open("log/menu.html", "r")
	lee = outputf.read()
	lee = lee.replace('<head><meta http-equiv="refresh" content="4">','<head>')
	outputf.close()
	outputf = open("log/menu.html", "w")
	outputf.writelines(lee)
	outputf.close()

def idprotocolo():
	global protocolo
	if lista[k].find(':21') > 0:
		protocolo = "ftp"
	if lista[k].find(':22') > 0:
		protocolo = "ssh"
	if lista[k].find(':23') > 0:
		protocolo = "telnet"
	if lista[k].find(':80') > 0:
		protocolo = "http"

try:
	if os.path.exists(sys.argv[1]):
		lista = open(sys.argv[1]).read().split()
		print "[+] - lista obtenida"
except(Exception):
	lista = ''
	if os.path.exists('ultimaip.txt'):
		ultimaip = open('ultimaip.txt').read().strip('\n')
		print "[+] - ultima ip escaneada: "+ultimaip
		rango = raw_input("[?] - introduce el rango [aleatorio]: ")
	else:
		rango = raw_input("[?] - introduce el rango [aleatorio]: ")
	if rango == "":
		rango = str(randint(1, 255))+"."+str(randint(1, 255))+"."+str(randint(1, 255))+".*"
		print "[+] - rango aleatorio: "+rango
	puertos = raw_input("[?] - introduce los puertos [80]: ")
	if puertos == "":
		print "[+] - puerto predefinido: 80"
		puertos = "80"
	print "[+] - escaneando rango..."
	os.system("nmap -PN -vv -n -T4 -p"+puertos+" "+rango+" | tee iplist_pre0.txt | grep Discovered")
	os.system("cat iplist_pre0.txt | grep Discovered > iplist_pre.txt; rm iplist_pre0.txt")
	print "[+] - escaneo completado"
	os.system("awk '{print $6\":\"$4}' iplist_pre.txt | sed s/\\\\/tcp//g > iplist.txt; rm iplist_pre.txt")
	lista = open('iplist.txt').read().split()
	try:
		if len(lista[0]):
			pass
	except:
		print "\n[FIN] - ninguna ip disponible\n"
		sys.exit()
	print "[+] - iplist.txt creado"

if not os.path.exists('log'):
	os.makedirs('log')

if not os.path.exists('log/menu.html'):
	output = open("log/menu.html", "a")
	output.writelines('<html><head><meta http-equiv="refresh" content="4"></head><body bgcolor=#778899 alink=#DDE1E5 vlink=#A2AEB9 link=#CED4DA><center><h1><pre><b>ip2html<a style="text-decoration:none; " href=http://www.hakim.ws target=_blank>.</a>py</b></pre></h1></center>')
	output.close()
else:
	outputf = open("log/menu.html", "r")
	output = outputf.read()
	output = output.replace('<head></head>','<head><meta http-equiv="refresh" content="4"></head>')
	outputf.close()
	outputf = open("log/menu.html", "w")
	outputf.writelines(output)
	outputf.close()

output = open("log/menu.html", "a")
dt = datetime.now()
try:
	output.writelines("<hr><center><b>"+rango+"</b><br>")
except: pass
output.writelines("<small>"+dt.strftime("%A %d %B %Y %I:%M%p")+"</small></center>")
output.close()

if not os.path.exists('log/index.html'):
	output = open("log/index.html", "a")
	output.writelines("<html><frameset cols=260,*><frame src=menu.html></frame><frame name=contenido src=about:blank></frame></frameset></html>")
	output.close()

print "[+] - generando log/index.html..."

print "[+] - abriendo firefox"
os.system(firefox+" log/index.html 2> /dev/null &")


p=0;n=0
start = time.time()

for k in range (len(lista)):
	host = "http://"+lista[k]
	protocolo = "http"
	try:
		source = urllib2.urlopen(host).read()
		sourcehead = urllib2.urlopen(host).info()
		if len(str(source)) > 0:
			output = open("log/menu.html", "a")
			idprotocolo()
			output.writelines("<a href="+protocolo+"://"+lista[k]+" target=_blank><b>&equiv;</b></a>&nbsp;<a href=javascript:alert(unescape('"+str(urllib.urlencode(sourcehead))+"'));><b>?</b></a> <a href="+lista[k]+".html target=contenido>"+lista[k]+"</a><br>")
			output.close()
			output = open("log/"+lista[k]+".html", "w")
			source = str(source)
			source = source.replace("<head>","<head><base href=http://"+lista[k]+"/ />")
			source = source.replace("<HEAD>","<HEAD><base href=http://"+lista[k]+"/ />")
			source = source.replace("top.location","t0p.location")
			output.writelines(str(source))
			output.close()
			print "[+] "+lista[k]
			guardaultimo()
			p = p + 1
			source = ''
	except Exception, e:
		if str(e).find('401') > 0:
			try:
				passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
				passman.add_password(None, host, "admin", "admin")
				authhandler = urllib2.HTTPBasicAuthHandler(passman)
				opener = urllib2.build_opener(authhandler)
				urllib2.install_opener(opener)
				source2 = urllib2.urlopen(host)
				if len(str(source2)) > 0:
					output = open("log/menu.html", "a")
					idprotocolo()
					output.writelines("<a href="+protocolo+"://"+lista[k]+" target=_blank><b>&equiv;</b></a><font color=#880000><b> !</b></font></a> <a href=http://admin:admin@"+lista[k]+" target=contenido>"+lista[k]+"</a><br>")
					output.close()
					print "[+] "+lista[k]+" (HTTP Auth admin:admin)"
					guardaultimo()
					p = p + 1
					source2 = ''
					source = ''
				else:
					print "[ ] "+lista[k]
					guardaultimo()
					n = n + 1
					source = ''
			except:
				output = open("log/menu.html", "a")
				idprotocolo()
				output.writelines("<a href="+protocolo+"://"+lista[k]+" target=_blank><b>&equiv;</b></a>&nbsp; &nbsp; <a href=http://"+lista[k]+" target=contenido>"+lista[k]+"</a><br>")
				output.close()
				print "[+] "+lista[k]+" (HTTP Auth)"
				guardaultimo()
				p = p + 1
				source2 = ''
				source = ''
		else:
			print "[ ] "+lista[k]
			guardaultimo()
			n = n + 1
			source = ''
	except(KeyboardInterrupt):
		termina()
		sys.exit()
termina()
sys.exit()