Merge branch 'dev' for release 1.5

.gitignore

@@ -1,8 +1,4 @@
-lists/x*
-lists/ipout-hosts
-lists/ipout-protected
 tmp/
-
 *.pyc
 *.txt
 *.log

README.md

@@ -13,9 +13,6 @@ A security tool that aim at doing the following
  * openssl
 
 # Usage instructions
-* Install (see below) 
-* Download latest CloudFlare IPs and CrimeFlare DB
-* `python3 lists/update.py`
 * Run the fast/simple scan
 * `python3 bust mydomain.com`
 * Run the slow/comprehensive scan

bust/__main__.py

@@ -1,20 +1,26 @@
+from updater import Updater
 from buster import CloudBuster
 from cli import args, parser
 from options import Options
 import os.path
 import sys
 
 logo = """
-============ The =====,---/V\\
-==== CloudBUSTER ====~|__(o.o)
-=== by @SageHack =====UU  UU
+\033[31m============ The =====\033[35m,---\033[37m/V\\
+\033[32m==== CloudBUSTER ====\033[37m~\033[35m|  \033[37m(o.o)
+\033[34m=== by @SageHack =====\033[37muu\033[35m--\033[37muu\033[0m
 """
 
 
 def main(args):
+
     print(logo, flush=True)
+
     if not args.target:
         parser.print_help()
+        return
+
+    Updater.run()
     if os.path.isfile(args.target):
         scan_list(args)
     else:
@@ -34,11 +40,11 @@ def scan(args):
     buster.scan_main()
 
     if not buster.resolving():
-        print('>> CANT RESOLVE HOST <<', flush=True)
+        print('[error] cannot resolve host', flush=True)
         return
 
     if not buster.protected():
-        print('>> NOT BEHIND CLOUDFLARE <<', flush=True)
+        print('[error] not behind Cloudflare', flush=True)
         if not Options.SCAN_ANYWAY:
             return
 
@@ -81,7 +87,7 @@ def sub_scan_subdomain(buster, args):
 
 def print_match(target_main, target_found, method):
     print(
-        '>> MATCH [%s;%s;%s;%s] <<' % (
+        '[match] %s;%s;%s;%s' % (
             target_main.domain,
             method,
             target_found.domain
@@ -95,7 +101,7 @@ def print_match(target_main, target_found, method):
 def match_not_found(buster):
     buster.scan_summary()
     print(
-        '>> UNABLE TO CONFIRM [%s;interesting ips (%d)] <<' % (
+        '[fail] %s;interesting(%d)' % (
             buster.target['main'].domain,
             len(buster.list_interesting_hosts()),
         ), flush=True
@@ -105,5 +111,5 @@ def match_not_found(buster):
 try:
     main(args)
 except KeyboardInterrupt:
-    print('>> INTERRUPTED BY USER <<', flush=True)
+    print('[error] interrupted by user', flush=True)
     sys.exit()

bust/buster.py

@@ -128,21 +128,16 @@ def match(self, possible_origin):
         )
 
     def scan_summary(self):
-        print('[SCAN SUMMARY]', flush=True)
-
-        if self.target['main']:
-            print(
-                'Target: '+self.target['main'].domain+linesep
-                + '> ip: '+str(self.target['main'].ip)+linesep
-                + '> protected: '+str(self.target['main'].protected),
-                flush=True
+        interesting = self.list_interesting_hosts()
+        if not interesting:
+            return
+
+        for host in interesting:
+            print('[interesting] %s;%s;%s' % (
+                host['type'], host['domain'], host['ip']
+                ), flush=True
             )
 
-        print('[interesting ips]', flush=True)
-
-        for host in self.list_interesting_hosts():
-            print(host['ip']+' > '+host['description'], flush=True)
-
     def list_interesting_hosts(self):
         hosts = []
         targets = self.target['other']
@@ -152,7 +147,8 @@ def list_interesting_hosts(self):
                     and target.status and target.status != 400:
                 hosts.append({
                     'ip': target.ip,
-                    'description': target.domain+' / '+target.name
+                    'domain': target.domain,
+                    'type': target.name,
                 })
 
         return hosts

bust/matchengine.py

@@ -39,13 +39,14 @@ def compare(method, s1, s2):
                 return False
 
         if strings[0] == strings[1]:
-            print('!! %s match' % (method), flush=True)
+            print('** match: %s' % (method), flush=True)
             return True
 
         if len(s) > 10:
             similarity = SequenceMatcher(None, s1, s2).ratio()
             if similarity > 0.9:
-                print('!! %s similar (%.2f)' % (method, similarity), flush=True)
+                percent = round(similarity * 100)
+                print('** similar: %s %d%%' % (method, percent), flush=True)
                 return True
 
         return False

bust/reqcontent.py

@@ -75,7 +75,7 @@ def get_content(self):
 
         urllib.request.install_opener(self.opener)
         request = urllib.request.Request(url=self.url, headers=self.headers)
-        print('> reading: '+self.id, flush=True)
+        print('* reading: '+self.id, flush=True)
 
         try:
             opened = urllib.request.urlopen(

bust/target.py

@@ -73,7 +73,7 @@ def print_infos(self):
             return
 
         print(
-            '> ip: %s (CF %s%s)' % (
+            '* ip: %s (CF %s%s)' % (
                 self.ip,
                 'yes' if self.cloudflare_ip else 'no',
                 ' RAY-'+self.cloudflare_ray if self.cloudflare_ray else ''
@@ -82,14 +82,14 @@ def print_infos(self):
 
         if self.enabled:
             print(
-                '> http: %s %s %s' % (
+                '* http: %s %s %s' % (
                     self.enabled+' -' if self.enabled else '',
                     self.status,
                     self.reason if self.reason else ''
                 ), flush=True
             )
         else:
             print(
-                '> status: %s %s' % (self.status, self.reason),
+                '* status: %s %s' % (self.status, self.reason),
                 flush=True
             )

bust/updater.py

@@ -0,0 +1,43 @@
+import urllib.request
+import zipfile
+import os
+import sys
+import time
+
+class Updater:
+    def run():
+        if Updater.uptodate():
+            return
+
+        downloads = [
+            ['https://www.cloudflare.com/ips-v4', 'lists/cloudflare_ipv4'],
+            ['https://www.cloudflare.com/ips-v6', 'lists/cloudflare_ipv6'],
+        ]
+
+        for d in downloads:
+            Updater.download(d[0], d[1])
+
+        Updater.last_updated(Updater.today())
+        print('')
+
+
+    def uptodate():
+        last_updated = open('lists/last_updated', 'r').read()
+        if last_updated == Updater.today():
+            return True
+        return False
+
+    def last_updated(date):
+        file = open('lists/last_updated', 'w')
+        file.write(date)
+        file.close
+
+    def today():
+        return time.strftime("%Y-%m-%d")
+
+    def download(url, file):
+        print('[download] %s' % url)
+        try:
+            urllib.request.urlretrieve(url, file)
+        except (OSError, HTTPError, http.client.BadStatusLine):
+            pass

lists/last_updated

@@ -0,0 +1 @@
+2018-03-29