From 876b808992ec8ae245d216cb075959b3b84cc56e Mon Sep 17 00:00:00 2001 From: evidencebp Date: Wed, 6 Nov 2024 17:01:28 +0200 Subject: [PATCH 01/11] hasher.py superfluous-parens Removed unneeded parenthesis in if --- hasher.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hasher.py b/hasher.py index 562bf93..400d15f 100755 --- a/hasher.py +++ b/hasher.py @@ -61,7 +61,7 @@ def main(s): if __name__ == "__main__": - if (len(sys.argv) == 2): + if len(sys.argv) == 2: arguments = sys.argv[1:] main(arguments[0]) else: From 6edcfd52ddd6539d2bc75c0c0c45b154f12aa918 Mon Sep 17 00:00:00 2001 From: evidencebp Date: Wed, 6 Nov 2024 17:05:18 +0200 Subject: [PATCH 02/11] virustotal.py superfluous-parens Removed unneeded parenthesis in if --- virustotal.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/virustotal.py b/virustotal.py index a68fde2..6ccc0dc 100755 --- a/virustotal.py +++ b/virustotal.py @@ -25,7 +25,7 @@ def process(cidr, logfile): if resp.status_code == 200: domains = json.loads(resp.text) - if (domains['response_code'] == 0): + if domains['response_code'] == 0: print("[-] Empty response for {}".format(str(ip))) time.sleep(15) continue From 8aee6c89b5ea2cb04c1bd75ca3455718c595bd89 Mon Sep 17 00:00:00 2001 From: evidencebp Date: Wed, 6 Nov 2024 17:26:25 +0200 Subject: [PATCH 03/11] denumerator\denumerator.py too-many-branches main The main function had 13 branches while it is recommended to have at most 12. I extracted one function, _set_output_directory. This is a minimal change fixing the alert/ --- denumerator/denumerator.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/denumerator/denumerator.py b/denumerator/denumerator.py index da41757..9dd2319 100755 --- a/denumerator/denumerator.py +++ b/denumerator/denumerator.py @@ -506,10 +506,7 @@ def main(): if args.nmap: nmap = True - if args.dir: - output_directory = args.dir - else: - output_directory = DEFAULT_DIRECTORY + output_directory = _set_output_directory(args) if args.code: allowed_http_responses = args.code.split(',') @@ -560,6 +557,13 @@ def main(): if args.output: output_file.close() +def _set_output_directory(args): + if args.dir: + output_directory = args.dir + else: + output_directory = DEFAULT_DIRECTORY + return output_directory + if __name__ == "__main__": main() From 3408aba9b77beddec67975dc52bf254503979bee Mon Sep 17 00:00:00 2001 From: evidencebp Date: Wed, 6 Nov 2024 17:35:59 +0200 Subject: [PATCH 04/11] denumerator\denumerator.py too-many-branches enumerate_domains enumerate_domains had 15 branches while 12 are recommended. I removed the handling of UnicodeError and subprocess.TimeoutExpired which just pass, as the else. I also extracted _handle_nmap --- denumerator/denumerator.py | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/denumerator/denumerator.py b/denumerator/denumerator.py index 9dd2319..fb41163 100755 --- a/denumerator/denumerator.py +++ b/denumerator/denumerator.py @@ -410,13 +410,7 @@ def enumerate_domains(domains, output_file, html_output, allowed_http_responses, ["host", d], capture_output=True, timeout=15).stdout nmap_output = '' - if nmap == True: - # perform nmap scan - nmap_output = subprocess.run( - ["nmap", "--top-ports", str(nmap_top_ports), "-n", d], capture_output=True) - print('{} nmap: '.format(colors['grey']), [port.decode("utf-8") - for port in nmap_output.stdout.split(b"\n") if - port.find(b"open") > 0], '{}'.format(colors['white'])) + nmap_output = _handle_nmap(nmap_top_ports, d) send_request('http', d, output_file, html_output, allowed_http_responses, nmap_output, ip, output_directory) @@ -442,13 +436,20 @@ def enumerate_domains(domains, output_file, html_output, allowed_http_responses, except requests.exceptions.TooManyRedirects: if show is True: print('[-] {} probably went into redirects loop :('.format(d)) - except UnicodeError: - pass - except subprocess.TimeoutExpired: - pass else: pass +def _handle_nmap(nmap_top_ports, d): + if nmap == True: + # perform nmap scan + nmap_output = subprocess.run( + ["nmap", "--top-ports", str(nmap_top_ports), "-n", d], capture_output=True) + print('{} nmap: '.format(colors['grey']), [port.decode("utf-8") + for port in nmap_output.stdout.split(b"\n") if + port.find(b"open") > 0], '{}'.format(colors['white'])) + + return nmap_output + def enumerate_from_crt_sh(domain): ''' From b66422b6ff3f676ef65d7790caa508a73b4a8414 Mon Sep 17 00:00:00 2001 From: evidencebp Date: Wed, 6 Nov 2024 17:37:44 +0200 Subject: [PATCH 05/11] left over of previous change --- denumerator/denumerator.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/denumerator/denumerator.py b/denumerator/denumerator.py index fb41163..bf82a93 100755 --- a/denumerator/denumerator.py +++ b/denumerator/denumerator.py @@ -408,8 +408,6 @@ def enumerate_domains(domains, output_file, html_output, allowed_http_responses, # IP address ip = subprocess.run( ["host", d], capture_output=True, timeout=15).stdout - nmap_output = '' - nmap_output = _handle_nmap(nmap_top_ports, d) send_request('http', d, output_file, @@ -440,6 +438,8 @@ def enumerate_domains(domains, output_file, html_output, allowed_http_responses, pass def _handle_nmap(nmap_top_ports, d): + nmap_output = '' + if nmap == True: # perform nmap scan nmap_output = subprocess.run( From 08b68b2fd7a4046d5dc7241769937c077d9fc759 Mon Sep 17 00:00:00 2001 From: evidencebp Date: Wed, 6 Nov 2024 17:46:55 +0200 Subject: [PATCH 06/11] xmlrpc_amplif_bruteforce.py line-too-long Made 2 readable lines shorter --- xmlrpc_amplif_bruteforce.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/xmlrpc_amplif_bruteforce.py b/xmlrpc_amplif_bruteforce.py index 3993b1c..354fce9 100644 --- a/xmlrpc_amplif_bruteforce.py +++ b/xmlrpc_amplif_bruteforce.py @@ -96,14 +96,18 @@ def send_request_with_username(username, passwords): # print(payload) - print("[+] sending POST request with payload... ({} credentials in total checked)".format(total)) + print( + "[+] sending POST request with payload... ({} credentials in total checked)".format(total)) resp = requests.post(url, headers=h, data=payload) if resp.status_code == 200: print("[+] response HTTP 200 OK received, analysing results...") # p0wned. This is the end :P if b"isAdmin" in resp.content: - print("[+] SUCCESS !!! Matching username/password for {} found!, please review response content for details...").format(username) + print( + "[+] SUCCESS !!! Matching username/password for {} found!," + + "please review response content for details..." + ).format(username) output.write(resp.content) exit(0) From bf96403aa1c4ccd9eb347b477d47276488eca52f Mon Sep 17 00:00:00 2001 From: evidencebp Date: Wed, 6 Nov 2024 17:53:22 +0200 Subject: [PATCH 07/11] redir_gen\redirgen.py line-too-long Made a readable line shorter --- redir_gen/redirgen.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/redir_gen/redirgen.py b/redir_gen/redirgen.py index 7f4d643..47708d5 100755 --- a/redir_gen/redirgen.py +++ b/redir_gen/redirgen.py @@ -28,7 +28,9 @@ def save_output(output: str) -> None: parser = argparse.ArgumentParser() parser.add_argument("--target", "-t", action="store", help="Enter the target address", required=True) -parser.add_argument("--dest", "-d", action="store", help="Enter the address where you want to redirect to", +parser.add_argument("--dest", "-d", + action="store", + help="Enter the address where you want to redirect to", required=True) parser.add_argument("--output", "-o", action="store", help="Enter output file name") From 4249d633224be3c38632647655bb0319ace0b98c Mon Sep 17 00:00:00 2001 From: evidencebp Date: Wed, 6 Nov 2024 18:01:07 +0200 Subject: [PATCH 08/11] Vi\vi.py unnecessary-pass Removed two unnecessary pass commands. They look like leftovers. --- Vi/vi.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/Vi/vi.py b/Vi/vi.py index 7e4fddc..30c7251 100755 --- a/Vi/vi.py +++ b/Vi/vi.py @@ -51,7 +51,6 @@ def parse_javascript_file(js_filename: str): ''' TYPE = 'DEBUG' print(f"[{TYPE}] parsing {js_filename} for interesting stuff...") - pass def tear_off(): @@ -61,7 +60,6 @@ def tear_off(): for js_filename in javascript_files: parse_javascript_file(js_filename) - pass def recon(emails: set, javascript_files: set): From 12b06da2abd61fe8a06a690106799d55882aadcc Mon Sep 17 00:00:00 2001 From: evidencebp Date: Wed, 6 Nov 2024 18:03:30 +0200 Subject: [PATCH 09/11] ip_generator.py line-too-long Made a readable line shorter --- ip_generator.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ip_generator.py b/ip_generator.py index 9952cbd..48f2db8 100755 --- a/ip_generator.py +++ b/ip_generator.py @@ -42,6 +42,7 @@ def generate(start, stop, logfile): start = sys.argv[1].split(".") stop = sys.argv[2].split(".") - print("\n[+] generating IP addresses in range from {} to {}...".format(sys.argv[1], sys.argv[2])) + print("\n[+] generating IP addresses in range from {} to {}...".format(sys.argv[1], + sys.argv[2])) generate(start, stop, f) print("[+] addresses generated...\n") From 21b2f31a665d39b54f22b2cac90c5ff70aca8620 Mon Sep 17 00:00:00 2001 From: evidencebp Date: Wed, 6 Nov 2024 18:09:10 +0200 Subject: [PATCH 10/11] hexview\hexview.py too-many-boolean-expressions If had 6 terms, it is recommended not to have more than 5. I extracted the logic of checking two variable, making the logic more structured. --- hexview/hexview.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hexview/hexview.py b/hexview/hexview.py index 8467d2d..158df1b 100755 --- a/hexview/hexview.py +++ b/hexview/hexview.py @@ -341,9 +341,11 @@ def extract_shellcode(start, end, read_binary): print(file_type(open(arguments.file, "rb").read(8))) with open(arguments.file, "rb") as infile: + valid_start = arguments.start is not None and int(arguments.start) > -1 + valid_end = arguments.end is not None and (int(arguments.end) > 1) if ( - arguments.start is not None and int(arguments.start) > -1 - and arguments.end is not None and (int(arguments.end) > 1) + valid_start + and valid_end and ( int(arguments.start, 16) > - 1 and int(arguments.end, 16) > int(arguments.start, 16) From 0510cc9e793a4b75b7ade03cbfd897c3fc830873 Mon Sep 17 00:00:00 2001 From: evidencebp Date: Wed, 6 Nov 2024 18:14:48 +0200 Subject: [PATCH 11/11] diggit\diggit.py unnecessary-pass print_banner comment says that it should print the credits but it implementation is just pass. I removed the function and the single call to it, giving the same credit in less code. --- diggit/diggit.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/diggit/diggit.py b/diggit/diggit.py index d682b06..5e07bb5 100755 --- a/diggit/diggit.py +++ b/diggit/diggit.py @@ -21,12 +21,6 @@ "endl": '\33[0m' } - -def print_banner(): - """Prints credits :)""" - pass - - def print_object_details(objtype, objcontent, objhash, objfilename): """Prints and saves object details/content""" @@ -132,6 +126,5 @@ def save_git_object(baseurl, objhash, berecursive, objfilename=""): parser.print_help() if baseurl and objecthash: - print_banner() save_git_object(args.u, args.o, berecursive, "") print("\n" + term["cyan"] + "#" * 78 + term["endl"])