made it proxy through tor

.gitignore

@@ -99,3 +99,6 @@ ENV/
 
 # mypy
 .mypy_cache/
+
+# output debug
+/output

README.md

@@ -1,27 +1,31 @@
-# colloide
-#MCD's Colloide v0.5 // 2017 // Thessaloniki, Greece
-#Michael Constantine Dimopoulos ----------------------------------------------
+# colloide  
+# MCD's Colloide v0.5 // 2017 // Thessaloniki, Greece  
+# Michael Constantine Dimopoulos  
+----------------------------------------------
 Colloide is an extremely simple information gathering tool with the solid purpose of finding working admin login web-pages.
 Written with python - meant to be used on linux (Debian)
 To open:
 1) Locate the file
 2) CD to that directory with terminal
 3) type "python colloide.py"
+4) (OPTIONAL) run with flag '-t 1' to enable tor proxy passthrough
 --------------------
 How it works:
-All it does is go through a list (links.txt) with all the common admin page names and finds 
+All it does is go through a list (links.txt) with all the common admin page names and finds
 the one that work  the links.txt was taken directly from:
- 
+
 https://github.com/bdblackhat/admin-panel-finder/blob/master/link.txt
 
 and I do not own it. There is an option to choose your own
 list but it is very unlikely this one won't work.
 
+
+
                         [!] Legal Disclaimer [!]
 
-Colloide is a pentesting tool, and we all know that such tools can be 
-used maliciously to gain access or information you're are not supposed 
-to have. We strongly advice you use this tool legally. The developer 
+Colloide is a pentesting tool, and we all know that such tools can be
+used maliciously to gain access or information you're are not supposed
+to have. We strongly advice you use this tool legally. The developer
 has no responsiblity for any damage caused by this tool / script.
 
 Report bugs: anivsante2@gmail.com

colloide.py

@@ -1,11 +1,29 @@
 # Colloide v0.5
-# Thessaloniki, GREECE 2017 - greekhacking.gr 
+# Thessaloniki, GREECE 2017 - greekhacking.gr
 # Michael Constantine Dimopoulos
 # GNU General Public Lisence
-import sys 
+import sys
 import argparse
 import os
-from urllib2 import Request, urlopen, URLError, HTTPError
+import socks
+import socket
+try: # For Python 3.0 and later
+	from urllib.request import Request, urlopen
+	from urllib.error import URLError, HTTPError
+except ImportError: # Fall back to Python 2's urllib2
+	from urllib2 import Request, urlopen, URLError, HTTPError
+
+# STEM module for signaling tor network service
+from stem import Signal
+from stem.control import Controller
+
+DEBUG_OUTPUT_DIR = "output/"
+
+TOR_DEFAULT_CONTROLLER_PROXY_PORT = 9051
+TOR_DEFAULT_PROXY_IP = "127.0.0.1"
+TOR_DEFAULT_PROXY_PORT = 9050
+
+controller = Controller.from_port(port = TOR_DEFAULT_CONTROLLER_PROXY_PORT)
 
 def banner():
 	print("_________        .__  .__         .__    .___     ")
@@ -17,23 +35,24 @@ def banner():
 	print("Colloide v 0.5")
 	print("Michael C. Dimopoulos 2017\n\n")
 def opts():
-	print("    -h  --help   Display the help panel (Shown right now)")
-	print("    -u, --URL    The URL to the website")
-	print("    -p, --pages  Path to the wordlist with the page names / links")
-	print("    -l, --legals License & legal disclaimer\n\n")
+	print("    -h  --help       Display the help panel (Shown right now)")
+	print("    -u, --URL        The URL to the website")
+	print("    -p, --pages      Path to the wordlist with the page names / links")
+	print("    -l, --legals     License & legal disclaimer")
+	print("    -t, --torenable  Enable tor proxy switching (!!! REQUIRES CONTROLLER PORT OPEN !!!)\n\n")
 def legals():
 	#License
 	print("Colloide version 0.5 is free software. It can be re-distributed ")
-	print("and / or modified under the terms of the GNU General Public License") 
+	print("and / or modified under the terms of the GNU General Public License")
 	print("as published by the Free Software Foundation; For more information")
-	print("read the GNU General Public License that comes") 
+	print("read the GNU General Public License that comes")
 	print("along with this program.\n\n")
 	#Disclaimer
 	print("[!] Legal Disclaimer [!]")
 	print("Information distributed by this tool may be used maliciously.")
 	print("The developer has no responsibility for any damage caused by")
-	print("this script or any unauthorized use of it.\n") 
-def wolf(): 
+	print("this script or any unauthorized use of it.\n")
+def wolf():
 	#prints the ASCII colloide wolf
 	print(" ___________________      ,     ,")
 	print("[ COLLOIDE MISSION! ]     |\---/|       __--__")
@@ -47,23 +66,30 @@ def wolf():
 	print("      |  :   /'----'| \  |              __________")
 	print("      \  |\  |      | /| |_______,-----'")
 	print("       '.'| /__,----| \ | ")
-	print("_______| /|.'       '.l \\\_") 
+	print("_______| /|.'       '.l \\\_")
 	print("       || ||             '-'")
 	print("       '-''-'\n")
-def check_names(infile):
+def check_names(infile, torEnabled=0):
 	if os.path.exists(infile):
 		banner()
 		wolf()
-		findAdmin()
+		findAdmin(torEnabled)
 	else:
 		banner()
 		opts()
 		print("Invalid path to the wordlis. File could not be found.")
-	 
-def findAdmin():
+
+def findAdmin(torEnabled=0):
 	f = open(links,"r");
-	print("[!] Report bugs: anivsante2@gmail.com \n")
+	print("[!] Report bugs: anivsante2@gmail.com \n") # https://github.com/MichaelDim02/colloide/issues instead?
+
+	if torEnabled:
+		print("You have enabled Tor proxy passthrough. Please be aware that this could maybe significantly slow down the scan.")
+		socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, TOR_DEFAULT_PROXY_IP, TOR_DEFAULT_PROXY_PORT)
+		socket.socket = socks.socksocket
+
 	while True:
+		generateNewTorIP()
 		sub_link = f.readline()
 		if not sub_link:
 			break
@@ -77,19 +103,30 @@ def findAdmin():
 		except URLError as e:
 			continue
 		else:
+			log(link, req_link)
 			print("[+] Link Found -> ",req_link)
 
+def generateNewTorIP(password="el_passwordo", controllerPort=TOR_DEFAULT_CONTROLLER_PROXY_PORT):
+	controller.authenticate(password=password)
+	controller.signal(Signal.NEWNYM)
 
+def log(name, data):
+	if not os.path.exists(DEBUG_OUTPUT_DIR):
+		os.makedirs(DEBUG_OUTPUT_DIR)
+	logFile = open(DEBUG_OUTPUT_DIR + name.replace("/", ""), "a")
+	logFile.write(data)
 
 parser = argparse.ArgumentParser()
 parser.add_argument("-u", "--URL", help="The URL to the website")
-parser.add_argument("-p", "--pages", help="Path to the wordlist with the page names / links") 
+parser.add_argument("-p", "--pages", help="Path to the wordlist with the page names / links")
 parser.add_argument("-l", "--legals", action='store_true', help="License & legal disclaimer")
+parser.add_argument("-t", "--torenable", help="Whether to enable tor proxying (1) or not (0)")
 args = parser.parse_args()
 links = args.pages
 URL = args.URL
+torIsEnabled = args.torenable
 if args.URL and args.pages:
-	check_names(links)
+	check_names(links, torEnabled=args.torenable)
 elif args.legals:
 	banner()
 	legals()