-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhunt.py
More file actions
101 lines (78 loc) · 3.75 KB
/
Copy pathhunt.py
File metadata and controls
101 lines (78 loc) · 3.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/usr/bin/env python3
"""
BEATRIX Quick Hunt - Fast automated bug hunting
Usage:
python hunt.py target.com
python hunt.py target.com --with-ai # Use Haiku for analysis
"""
import argparse
import asyncio
import os
import sys
sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
from bounty_hunter import BountyHunter
from recon import QuickRecon
async def hunt(domain: str, use_ai: bool = False, deep: bool = False):
"""Quick hunt on a target"""
print(f"""
╔══════════════════════════════════════════════════════════════╗
║ 🐰 BEATRIX QUICK HUNT ║
║ Target: {domain:<50} ║
╚══════════════════════════════════════════════════════════════╝
""")
# Phase 1: Recon
print("\n[PHASE 1] 🔍 RECONNAISSANCE\n")
recon = QuickRecon(domain, verbose=True)
recon_result = await recon.run(deep=deep)
# Phase 2: Hunt on discovered endpoints
print("\n[PHASE 2] 🎯 VULNERABILITY HUNTING\n")
base_url = f"https://{domain}"
hunter = BountyHunter(base_url, verbose=True)
# Build URL list from recon
urls = [base_url]
for endpoint in list(recon_result.endpoints)[:10]:
if endpoint.startswith('/'):
urls.append(f"{base_url}{endpoint}")
elif endpoint.startswith('http'):
urls.append(endpoint)
findings = await hunter.hunt_all(urls=urls)
# Phase 3: AI Analysis (if enabled)
if use_ai and findings:
print("\n[PHASE 3] 🤖 AI ANALYSIS\n")
try:
from beatrix.ai import HaikuGrunt
grunt = HaikuGrunt()
for finding in findings:
enriched = await grunt.classify_vulnerability({
"title": finding.title,
"description": finding.description[:500],
"url": finding.url,
})
print(f" 📋 {enriched.get('owasp_category', 'N/A')}: {finding.title}")
except Exception as e:
print(f" ⚠️ AI analysis skipped: {e}")
# Summary
print(f"""
╔══════════════════════════════════════════════════════════════╗
║ HUNT COMPLETE ║
╠══════════════════════════════════════════════════════════════╣
║ Subdomains Found: {len(recon_result.subdomains):<40} ║
║ Endpoints Found: {len(recon_result.endpoints):<40} ║
║ JS Files: {len(recon_result.js_files):<40} ║
║ Vulnerabilities: {len(findings):<40} ║
╚══════════════════════════════════════════════════════════════╝
""")
if findings:
print("🔴 FINDINGS:")
for f in findings:
print(f" • [{f.severity.value.upper()}] {f.title}")
return findings
def main():
parser = argparse.ArgumentParser(description='BEATRIX Quick Hunt')
parser.add_argument('domain', help='Target domain')
parser.add_argument('--with-ai', action='store_true', help='Use Haiku for analysis')
parser.add_argument('--deep', '-d', action='store_true', help='Deep scan')
args = parser.parse_args()
asyncio.run(hunt(args.domain, use_ai=args.with_ai, deep=args.deep))
if __name__ == "__main__":
main()