Merge pull request #15 from codingo/exclusions

codingo · web-flow · commit 341abb039fac · 2019-01-09T13:28:54.000+10:00
Exclusions
diff --git a/Interlace/lib/core/input.py b/Interlace/lib/core/input.py
@@ -61,6 +61,8 @@ def process_commands(arguments):
         commands = set()
         ranges = set()
         targets = set()
+        exclusions_ranges = set()
+        exclusions = set()
         final_commands = set()
         output = OutputHelper(arguments)
 
@@ -80,6 +82,13 @@ def process_commands(arguments):
             for target in arguments.target_list:
                 ranges.add(target.strip())
 
+        # process exclusions first
+        if arguments.exclusions:
+            exclusions_ranges.add(arguments.exclusions)
+        else:
+            for exclusion in arguments.exclusions_list:
+                exclusions_ranges.add(target.strip())
+
         # removing elements that may have spaces (helpful for easily processing comma notation)
         for target in ranges:
             target = target.replace(" ", "")
@@ -97,6 +106,25 @@ def process_commands(arguments):
                 else:
                     targets.add(ips)
 
+        # removing elements that may have spaces (helpful for easily processing comma notation)
+        for exclusion in exclusions_ranges:
+            exclusion = exclusion.replace(" ", "")
+
+            for ips in exclusion.split(","):
+                # checking for CIDR
+                if not arguments.nocidr and "/" in ips:
+                    exclusions.update(InputHelper._get_cidr_to_ips(ips))
+                # checking for IPs in a range 
+                elif "-" in ips:
+                    exclusions.update(InputHelper._get_ips_from_range(ips))
+                # checking for glob ranges
+                elif "*" in ips:
+                    exclusions.update(InputHelper._get_ips_from_glob(ips))
+                else:
+                    exclusions.add(ips)
+
+        targets -= exclusions
+
         if arguments.command:
             commands.add(arguments.command)
         else:
@@ -140,7 +168,7 @@ def setup_parser():
         targets.add_argument(
             '-t', dest='target', required=False,
             help='Specify a target or domain name either in comma format, '
-                 'CIDR notation, or a single target.'
+                 'CIDR notation, glob notation, or a single target.'
         )
 
         targets.add_argument(
@@ -150,6 +178,22 @@ def setup_parser():
             type=lambda x: InputHelper.readable_file(parser, x)
         )
 
+        # exclusions group
+        exclusions = parser.add_mutually_exclusive_group()
+
+        exclusions.add_argument(
+            '-e', dest='exclusions', required=False,
+            help='Specify an exclusion either in comma format, '
+                 'CIDR notation, or a single target.'
+        )
+
+        exclusions.add_argument(
+            '-eL', dest='exclusions_list', required=False,
+            help='Specify a list of exclusions.',
+            metavar="FILE",
+            type=lambda x: InputHelper.readable_file(parser, x)
+        )
+
         parser.add_argument(
             '-threads', dest='threads', required=False,
             help="Specify the maximum number of threads to run (DEFAULT:5)",
diff --git a/README.md b/README.md
@@ -17,6 +17,8 @@ Dependencies will then be installed and Interlace will be added to your path as
 |------------|--------------------------------------------------------------------------------------------------------------|
 | -t         | Specify a target or domain name either in comma-delimited format, CIDR notation, or as an individual host             |
 | -tL        | Specify a list of targets or domain names                                                                    |
+| -e         | Specify an exclusion either in comma-delimited format, CIDR notation, or as an individual host             |
+| -eL        | Specify a list of exclusions                                                                    |
 | -threads   | Specify the maximum number of threads to run at any one time (DEFAULT:5)                                     |
 | -timeout   | Specify a timeout value in seconds for any single thread (DEFAULT:600)                                          |
 | -c         | Specify a single command to execute over each target or domain                                               |
@@ -118,6 +120,16 @@ interlace -t 192.168.12.* -c "vhostscan _target_ -oN _output_/_target_-vhosts.tx
 ```
 Yet again, VHostScan does not have any inbuilt glob range format support.
 
+## Dash (-) notation with an application that doesn't support it
+Interlace automatically expands dash ranges when starting threads. This allows you to pass glob ranges to a variety of applications:
+
+To run a virtual host scan against every target within `192.168.12.1-15` using a direct command you could use:
+```bash
+interlace -t 192.168.12.1-15 -c "vhostscan _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50
+```
+Yet again, VHostScan does not have any inbuilt dash range format support.
+
+
 ## Threading Support for an application that doesn't support it
 Run a [virtual host scan](https://github.com/codingo/VHostScan) against each host in a file (`target-lst.txt`), whilst also limiting scans at any one time to 50 maximum threads.
 
@@ -136,6 +148,16 @@ vhostscan -t $target -oN _output_/_target_-vhosts.txt
 ```
 This would output a file for each target in the specified output folder. You could also run multiple commands simply by adding them into the command file.
 
+## Exclusions
+Interlace automatically excludes any hosts provided when specified via the `-e` or `-eL` arguments. These arguments are also compatible with the above-mentinoed range notations (CIDR, Glob, and dash)
+
+To run a virtual host scan against every target within `192.168.12.0/24` despire targets within `192.168.12.0/26` using a direct command you could use:
+```bash
+interlace -t 192.168.12.0/24 -e 192.168.12.0/26 -c "vhostscan _target_ -oN _output_/_target_-vhosts.txt" -o ~/scans/ -threads 50
+```
+
+
+
 # Authors and Thanks
 Originally written by Michael Skelton ([codingo](https://twitter.com/codingo_)) and Sajeeb Lohani ([sml555](https://twitter.com/sml555_)) with help from Charelle Collett ([@Charcol0x89](https://twitter.com/Charcol0x89)) for threading refactoring and overall approach, and Luke Stephens ([hakluke](https://twitter.com/hakluke)) for testing and approach.
 
