From acf7be6947b45e18b74d819fd4efa9ab5748786b Mon Sep 17 00:00:00 2001 From: khaireddines Date: Thu, 16 Apr 2020 12:23:18 +0100 Subject: [PATCH] =?UTF-8?q?=20#76=20Add=20=E2=88=92=20OS=20|=20=E2=88=92?= =?UTF-8?q?=20Server.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cli.py | 343 ++++++++-------- common/banner.py | 35 +- common/colors.py | 48 +-- common/output_wr.py | 3 +- common/requestUp.py | 49 ++- common/threading.py | 9 +- common/uriParser.py | 1 + modules/dnsLookup.py | 39 +- modules/dorksEngine.py | 402 ++++++++++--------- modules/druExploits.py | 11 +- modules/jooGrabber.py | 78 ++-- modules/portChecker.py | 59 +-- modules/wpGrabber.py | 72 ++-- reqtest.py | 13 + vulnx.py | 888 ++++++++++++++++++++++------------------- 15 files changed, 1102 insertions(+), 948 deletions(-) create mode 100644 reqtest.py diff --git a/cli.py b/cli.py index 9b043cc..2c89fab 100644 --- a/cli.py +++ b/cli.py @@ -6,86 +6,94 @@ import readline import glob import subprocess -from common.colors import end,W,R,B,bannerblue2 +from common.colors import end, W, R, B, bannerblue2 from common.banner import banner from common.requestUp import random_UserAgent from common.uriParser import parsing_url -from modules.wpExploits import( wp_wysija, - wp_blaze, - wp_catpro, - wp_cherry, - wp_dm, - wp_fromcraft, - wp_jobmanager, - wp_showbiz, - wp_synoptic, - wp_shop, - wp_powerzoomer, - wp_revslider, - wp_adsmanager, - wp_inboundiomarketing, - wp_levoslideshow, - wp_adblockblocker, - ) - - -url_regx=re.compile(r'^set url .+') -dork_regx=re.compile(r'^dork') -exec_regx=re.compile(r'^exec .+') -help_regx=re.compile(r'^help') -history_regx=re.compile(r'^history') -exit_regx=re.compile(r'^exit') -cls_regx=re.compile(r'^clear') -var_regx=re.compile(r'^variable') -back_regx=re.compile(r'^back') -run_regx=re.compile(r'^run') -output=re.compile(r'^output \w+$') -page=re.compile(r'^page \d+$') -dorkname_regx=re.compile(r'^set dork .+') -list_regx=re.compile(r'^list') +from modules.wpExploits import(wp_wysija, + wp_blaze, + wp_catpro, + wp_cherry, + wp_dm, + wp_fromcraft, + wp_jobmanager, + wp_showbiz, + wp_synoptic, + wp_shop, + wp_powerzoomer, + wp_revslider, + wp_adsmanager, + wp_inboundiomarketing, + wp_levoslideshow, + wp_adblockblocker, + ) + + +url_regx = re.compile(r'^set url .+') +dork_regx = re.compile(r'^dork') +exec_regx = re.compile(r'^exec .+') +help_regx = re.compile(r'^help') +history_regx = re.compile(r'^history') +exit_regx = re.compile(r'^exit') +cls_regx = re.compile(r'^clear') +var_regx = re.compile(r'^variable') +back_regx = re.compile(r'^back') +run_regx = re.compile(r'^run') +output = re.compile(r'^output \w+$') +page = re.compile(r'^page \d+$') +dorkname_regx = re.compile(r'^set dork .+') +list_regx = re.compile(r'^list') headers = { -'host' : 'google.com', -'User-Agent' : random_UserAgent(), -'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', -'Accept-Language': 'en-US,en;q=0.5', -'Connection': 'keep-alive',} + 'host': 'google.com', + 'User-Agent': random_UserAgent(), + 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', + 'Accept-Language': 'en-US,en;q=0.5', + 'Connection': 'keep-alive', } history = [] -#VARIABLE -numberpage=1 #default page−dork variable -output_dir='logs'#default output−dork -dorkname='' -url='' -timeout='' - -W_UL= "\033[4m" -RED_U='\033[1;1;91m' - -#autocompleter -autocompleter_global = ["help","clear","use","info","set","variables","history","exec","dork"] -autocompleter_dork = ["help" , "list" , "set dork" , "clear" , "history" ,"variables" ,"exec","back"] -autocompleter_setdork=["help" , "output" ,"page","run" ,"clear" ,"exec" ,"history" ,"variables" ,"back"] -autocompleter_dork_page=["help" , "output" ,"run" ,"clear" ,"exec" ,"history" ,"variables" ,"back"] -autocompleter_dork_output=["help" , "page" ,"run" ,"clear" ,"exec" ,"history" ,"variables" ,"back"] -autocompleter_dork_page_output=["help" ,"run" ,"clear" ,"exec" ,"history" ,"variables" ,"back"] +# VARIABLE +numberpage = 1 # default page−dork variable +output_dir = 'logs' # default output−dork +dorkname = '' +url = '' +timeout = '' + +W_UL = "\033[4m" +RED_U = '\033[1;1;91m' + +# autocompleter +autocompleter_global = ["help", "clear", "use", "info", + "set", "variables", "history", "exec", "dork"] +autocompleter_dork = ["help", "list", "set dork", + "clear", "history", "variables", "exec", "back"] +autocompleter_setdork = ["help", "output", "page", + "run", "clear", "exec", "history", "variables", "back"] +autocompleter_dork_page = ["help", "output", "run", + "clear", "exec", "history", "variables", "back"] +autocompleter_dork_output = ["help", "page", "run", + "clear", "exec", "history", "variables", "back"] +autocompleter_dork_page_output = [ + "help", "run", "clear", "exec", "history", "variables", "back"] vulnresults = set() # results of vulnerability exploits. [success or failed] -grabinfo = set() # return cms_detected the version , themes , plugins , user .. -subdomains = set() # return subdomains & ip. -hostinfo = set() # host info -data = [ vulnresults, grabinfo, subdomains , hostinfo] +# return cms_detected the version , themes , plugins , user .. +grabinfo = set() +subdomains = set() # return subdomains & ip. +hostinfo = set() # host info +data = [vulnresults, grabinfo, subdomains, hostinfo] -data_names = ['vulnresults', 'grabinfo', 'subdomains' , 'hostinfo'] +data_names = ['vulnresults', 'grabinfo', 'subdomains', 'hostinfo'] data = { - 'vulnresults':list(vulnresults), - 'grabinfo':list(grabinfo), - 'subdomains':list(subdomains), + 'vulnresults': list(vulnresults), + 'grabinfo': list(grabinfo), + 'subdomains': list(subdomains), } + class Helpers(): @staticmethod @@ -125,7 +133,7 @@ def _url_action_help(): back move back from current context """) - #dorks - command helpers. + # dorks - command helpers. @staticmethod def _dorks_action_help(): @@ -202,30 +210,30 @@ def _dorks_setdork_page_output_help(): back move back from current context """) + class Cli(): - def __runExploits(self,url,headers): - wp_wysija(url,headers,vulnresults) - wp_blaze(url,headers,vulnresults) - wp_catpro(url,headers,vulnresults) - wp_cherry(url,headers,vulnresults) - wp_dm(url,headers,vulnresults) - wp_fromcraft(url,headers,vulnresults) - wp_shop(url,headers,vulnresults) - wp_revslider(url,headers,vulnresults) - wp_adsmanager(url,headers,vulnresults) - wp_inboundiomarketing(url,headers,vulnresults) - wp_levoslideshow(url,headers,vulnresults) - wp_adblockblocker(url,headers,vulnresults) - - def pathCompleter(self,text,state): - line = readline.get_line_buffer().split() + def __runExploits(self, url, headers): + wp_wysija(url, headers, vulnresults) + wp_blaze(url, headers, vulnresults) + wp_catpro(url, headers, vulnresults) + wp_cherry(url, headers, vulnresults) + wp_dm(url, headers, vulnresults) + wp_fromcraft(url, headers, vulnresults) + wp_shop(url, headers, vulnresults) + wp_revslider(url, headers, vulnresults) + wp_adsmanager(url, headers, vulnresults) + wp_inboundiomarketing(url, headers, vulnresults) + wp_levoslideshow(url, headers, vulnresults) + wp_adblockblocker(url, headers, vulnresults) + + def pathCompleter(self, text, state): + line = readline.get_line_buffer().split() return [x for x in glob.glob(text+'*')][state] - - def createListCompleter(self,ll): - def listCompleter(text,state): - line = readline.get_line_buffer() + def createListCompleter(self, ll): + def listCompleter(text, state): + line = readline.get_line_buffer() if not line: return [c + " " for c in ll][state] else: @@ -239,6 +247,7 @@ def autoComplete_Global(): readline.set_completer_delims('\t') readline.parse_and_bind("tab: complete") readline.set_completer(t.listCompleter) + @staticmethod def autoComplete_Dork(): t = Cli() @@ -246,6 +255,7 @@ def autoComplete_Dork(): readline.set_completer_delims('\t') readline.parse_and_bind("tab: complete") readline.set_completer(t.listCompleter) + @staticmethod def autoComplete_Page(): t = Cli() @@ -253,6 +263,7 @@ def autoComplete_Page(): readline.set_completer_delims('\t') readline.parse_and_bind("tab: complete") readline.set_completer(t.listCompleter) + @staticmethod def autoComplete_Output(): t = Cli() @@ -260,6 +271,7 @@ def autoComplete_Output(): readline.set_completer_delims('\t') readline.parse_and_bind("tab: complete") readline.set_completer(t.listCompleter) + @staticmethod def autoComplete_Page_Output(): t = Cli() @@ -267,6 +279,7 @@ def autoComplete_Page_Output(): readline.set_completer_delims('\t') readline.parse_and_bind("tab: complete") readline.set_completer(t.listCompleter) + @staticmethod def autoComplete_setdork(): t = Cli() @@ -276,7 +289,7 @@ def autoComplete_setdork(): readline.set_completer(t.listCompleter) @staticmethod - def dork_variable(dorkname,output,page): + def dork_variable(dorkname, output, page): print(""" VARIABLE VALUE -------- ----- @@ -284,20 +297,20 @@ def dork_variable(dorkname,output,page): output %s pages %s - """%(dorkname,output,page)) + """ % (dorkname, output, page)) @staticmethod - def url_variable(url,timeout): + def url_variable(url, timeout): print(""" VARIABLE VALUE -------- ----- url %s timeout %s - """%(url,timeout)) + """ % (url, timeout)) @staticmethod - def global_variables(dorkname,output,page,url,timeout): + def global_variables(dorkname, output, page, url, timeout): print(""" VARIABLE VALUE -------- ----- @@ -307,7 +320,7 @@ def global_variables(dorkname,output,page,url,timeout): output %s pages %s - """%(dorkname,output,page,url,timeout)) + """ % (dorkname, output, page, url, timeout)) @staticmethod def _clearscreen(): @@ -315,74 +328,74 @@ def _clearscreen(): @staticmethod def _exec(cmd): - regx=r'^exec (.+)' + regx = r'^exec (.+)' try: - command=re.search(re.compile(regx),cmd).group(1) + command = re.search(re.compile(regx), cmd).group(1) except AttributeError: # No match is found - command=re.search(re.compile(regx),cmd) + command = re.search(re.compile(regx), cmd) if command: return os.system(command) @staticmethod def getDork(pattern): - dork_search=r'^set dork (.+)' + dork_search = r'^set dork (.+)' try: - dork=re.search(re.compile(dork_search),pattern).group(1) + dork = re.search(re.compile(dork_search), pattern).group(1) except AttributeError: # No match is found - dork=re.search(re.compile(dork_search),pattern) + dork = re.search(re.compile(dork_search), pattern) if dork: return dork - + @staticmethod def setPage(page): - page_search=r'^page (\d+$)' + page_search = r'^page (\d+$)' try: - page=re.search(re.compile(page_search),page).group(1) + page = re.search(re.compile(page_search), page).group(1) except AttributeError: # No match is found - page=re.search(re.compile(page_search),page) + page = re.search(re.compile(page_search), page) if page: return int(page) @staticmethod def setOutput(directory): - output=r'^output (\w+$)' + output = r'^output (\w+$)' try: - rep=re.search(re.compile(output),directory).group(1) + rep = re.search(re.compile(output), directory).group(1) except AttributeError: # No match is found - rep=re.search(re.compile(output),directory) + rep = re.search(re.compile(output), directory) if rep: return rep @property - def getUrl(self,pattern): - url_search=r'^set url (.+)' + def getUrl(self, pattern): + url_search = r'^set url (.+)' try: - url=re.search(re.compile(url_search),pattern).group(1) + url = re.search(re.compile(url_search), pattern).group(1) except AttributeError: # No match is found - url=re.search(re.compile(url_search),pattern) + url = re.search(re.compile(url_search), pattern) if url: - return url#ParseURL(url) - + return url # ParseURL(url) - def setdorkCLI(self,cmd_interpreter): + def setdorkCLI(self, cmd_interpreter): - # REGEX + # REGEX '''SET DORK VARIABLE''' - + while True: Cli.autoComplete_Dork() - cmd_interpreter=input("%s%svulnx%s%s (%sDorks%s)> %s" %(bannerblue2,W_UL,end,W,B,W,end)) + cmd_interpreter = input("%s%svulnx%s%s (%sDorks%s)> %s" % ( + bannerblue2, W_UL, end, W, B, W, end)) history.append(cmd_interpreter) if back_regx.search(cmd_interpreter): break if list_regx.search(cmd_interpreter): - + '''SET DORK LIST''' - print('\n%s[*]%s Listing dorks name..' %(B,end)) + print('\n%s[*]%s Listing dorks name..' % (B, end)) from modules.dorksEngine import DorkList as DL DL.dorkslist() - if cls_regx.search(cmd_interpreter) or cmd_interpreter=='cls': + if cls_regx.search(cmd_interpreter) or cmd_interpreter == 'cls': Cli._clearscreen() if exit_regx.search(cmd_interpreter) or cmd_interpreter == 'quit': sys.exit() @@ -390,142 +403,153 @@ def setdorkCLI(self,cmd_interpreter): Helpers._dorks_action_help() if history_regx.search(cmd_interpreter): for i in range(len(history)): - print(" %s %s"%(i+1,history[i-1])) + print(" %s %s" % (i+1, history[i-1])) if exec_regx.search(cmd_interpreter): Cli._exec(cmd_interpreter) if var_regx.search(cmd_interpreter): - Cli.dork_variable(dorkname,output_dir,numberpage) + Cli.dork_variable(dorkname, output_dir, numberpage) '''SET DORK NAME.''' if dorkname_regx.search(cmd_interpreter): while True: Cli.autoComplete_setdork() - cmd_interpreter_wp=input("%s%svulnx%s%s (%sDorks-%s%s)> %s" %(bannerblue2,W_UL,end,W,B,Cli.getDork(cmd_interpreter),W,end)) + cmd_interpreter_wp = input("%s%svulnx%s%s (%sDorks-%s%s)> %s" % ( + bannerblue2, W_UL, end, W, B, Cli.getDork(cmd_interpreter), W, end)) history.append(cmd_interpreter_wp) '''SET PAGE VARIABLE.''' if page.search(cmd_interpreter_wp): while True: Cli.autoComplete_Page() - cmd_interpreter_wp_page=input("%s%svulnx%s%s (%sDorks-%s-%s%s)> %s" %(bannerblue2,W_UL,end,W,B,Cli.getDork(cmd_interpreter),Cli.setPage(cmd_interpreter_wp),W,end)) + cmd_interpreter_wp_page = input("%s%svulnx%s%s (%sDorks-%s-%s%s)> %s" % ( + bannerblue2, W_UL, end, W, B, Cli.getDork(cmd_interpreter), Cli.setPage(cmd_interpreter_wp), W, end)) history.append(cmd_interpreter_wp_page) if output.search(cmd_interpreter_wp_page): while True: Cli.autoComplete_Page_Output() - cmd_interpreter_wp_page_output=input("%s%svulnx%s%s (%sDorks-%s-%s%s)> %s" %(bannerblue2,W_UL,end,W,B,Cli.getDork(cmd_interpreter),Cli.setPage(cmd_interpreter_wp),W,end)) - history.append(cmd_interpreter_wp_page_output) + cmd_interpreter_wp_page_output = input("%s%svulnx%s%s (%sDorks-%s-%s%s)> %s" % ( + bannerblue2, W_UL, end, W, B, Cli.getDork(cmd_interpreter), Cli.setPage(cmd_interpreter_wp), W, end)) + history.append( + cmd_interpreter_wp_page_output) if run_regx.search(cmd_interpreter_wp_page_output): print('\n') from modules.dorksEngine import Dorks as D - D.searchengine(Cli.getDork(cmd_interpreter),headers,Cli.setOutput(cmd_interpreter_wp),Cli.setPage(cmd_interpreter_wp)) + D.searchengine(Cli.getDork(cmd_interpreter), headers, Cli.setOutput( + cmd_interpreter_wp), Cli.setPage(cmd_interpreter_wp)) if back_regx.search(cmd_interpreter_wp_page_output): break - if help_regx.search(cmd_interpreter_wp_page_output) or cmd_interpreter_wp_page_output=='?': + if help_regx.search(cmd_interpreter_wp_page_output) or cmd_interpreter_wp_page_output == '?': Helpers._dorks_setdork_page_output_help() - if cls_regx.search(cmd_interpreter_wp_page_output) or cmd_interpreter_wp_page_output=='cls': + if cls_regx.search(cmd_interpreter_wp_page_output) or cmd_interpreter_wp_page_output == 'cls': Cli._clearscreen() if exit_regx.search(cmd_interpreter_wp_page_output) or cmd_interpreter_wp_page_output == 'quit': sys.exit() if history_regx.search(cmd_interpreter_wp_page_output): for i in range(len(history)): - print(" %s %s"%(i+1,history[i-1])) + print(" %s %s" % + (i+1, history[i-1])) if exec_regx.search(cmd_interpreter_wp_page_output): - Cli._exec(cmd_interpreter_wp_page_output) + Cli._exec( + cmd_interpreter_wp_page_output) if var_regx.search(cmd_interpreter_wp_page_output): - Cli.dork_variable(Cli.getDork(cmd_interpreter),Cli.setOutput(cmd_interpreter_wp),Cli.setPage(cmd_interpreter_wp)) - + Cli.dork_variable(Cli.getDork(cmd_interpreter), Cli.setOutput( + cmd_interpreter_wp), Cli.setPage(cmd_interpreter_wp)) if run_regx.search(cmd_interpreter_wp_page): print('\n') from modules.dorksEngine import Dorks as D - D.searchengine(Cli.getDork(cmd_interpreter),headers,output_dir,Cli.setPage(cmd_interpreter_wp)) + D.searchengine(Cli.getDork( + cmd_interpreter), headers, output_dir, Cli.setPage(cmd_interpreter_wp)) if back_regx.search(cmd_interpreter_wp_page): break - if help_regx.search(cmd_interpreter_wp_page) or cmd_interpreter_wp_page=='?': + if help_regx.search(cmd_interpreter_wp_page) or cmd_interpreter_wp_page == '?': Helpers._dorks_setdork_page_help() - if cls_regx.search(cmd_interpreter_wp_page) or cmd_interpreter_wp_page=='cls': + if cls_regx.search(cmd_interpreter_wp_page) or cmd_interpreter_wp_page == 'cls': Cli._clearscreen() if exit_regx.search(cmd_interpreter_wp_page) or cmd_interpreter_wp_page == 'quit': sys.exit() if history_regx.search(cmd_interpreter_wp_page): for i in range(len(history)): - print(" %s %s"%(i+1,history[i-1])) + print(" %s %s" % (i+1, history[i-1])) if exec_regx.search(cmd_interpreter_wp_page): Cli._exec(cmd_interpreter_wp_page) if var_regx.search(cmd_interpreter_wp_page): - Cli.dork_variable(Cli.getDork(cmd_interpreter),output_dir,Cli.setPage(cmd_interpreter_wp)) - + Cli.dork_variable(Cli.getDork( + cmd_interpreter), output_dir, Cli.setPage(cmd_interpreter_wp)) '''SET OUTPUT VARIABLE.''' if output.search(cmd_interpreter_wp): while True: Cli.autoComplete_Output() - cmd_interpreter_wp_output=input("%s%svulnx%s%s (%sDorks-%s%s)> %s" %(bannerblue2,W_UL,end,W,B,Cli.getDork(cmd_interpreter),W,end)) + cmd_interpreter_wp_output = input("%s%svulnx%s%s (%sDorks-%s%s)> %s" % ( + bannerblue2, W_UL, end, W, B, Cli.getDork(cmd_interpreter), W, end)) history.append(cmd_interpreter_wp_output) if run_regx.search(cmd_interpreter_wp_output): print('\n') from modules.dorksEngine import Dorks as D - D.searchengine(Cli.getDork(cmd_interpreter),headers,Cli.setOutput(cmd_interpreter_wp),numberpage) + D.searchengine(Cli.getDork(cmd_interpreter), headers, Cli.setOutput( + cmd_interpreter_wp), numberpage) if back_regx.search(cmd_interpreter_wp_output): break - if cls_regx.search(cmd_interpreter_wp_output) or cmd_interpreter_wp_output=='cls': + if cls_regx.search(cmd_interpreter_wp_output) or cmd_interpreter_wp_output == 'cls': Cli._clearscreen() if exit_regx.search(cmd_interpreter_wp_output) or cmd_interpreter_wp_output == 'quit': sys.exit() - if help_regx.search(cmd_interpreter_wp_output) or cmd_interpreter_wp_output=='?': + if help_regx.search(cmd_interpreter_wp_output) or cmd_interpreter_wp_output == '?': Helpers._dorks_setdork_output_help() if history_regx.search(cmd_interpreter_wp_output): for i in range(len(history)): - print(" %s %s"%(i+1,history[i-1])) + print(" %s %s" % (i+1, history[i-1])) if exec_regx.search(cmd_interpreter_wp_output): Cli._exec(cmd_interpreter_wp_output) if var_regx.search(cmd_interpreter_wp_output): - Cli.dork_variable(Cli.getDork(cmd_interpreter),Cli.setOutput(cmd_interpreter_wp),numberpage) - + Cli.dork_variable(Cli.getDork(cmd_interpreter), Cli.setOutput( + cmd_interpreter_wp), numberpage) if run_regx.search(cmd_interpreter_wp): print('\n') from modules.dorksEngine import Dorks as D - D.searchengine(Cli.getDork(cmd_interpreter),headers,output_dir,numberpage) + D.searchengine(Cli.getDork(cmd_interpreter), + headers, output_dir, numberpage) if back_regx.search(cmd_interpreter_wp): break - if help_regx.search(cmd_interpreter_wp) or cmd_interpreter_wp=='?': + if help_regx.search(cmd_interpreter_wp) or cmd_interpreter_wp == '?': Helpers._dorks_setdork_help() - if cls_regx.search(cmd_interpreter_wp) or cmd_interpreter_wp=='cls': + if cls_regx.search(cmd_interpreter_wp) or cmd_interpreter_wp == 'cls': Cli._clearscreen() if exit_regx.search(cmd_interpreter_wp) or cmd_interpreter_wp == 'quit': sys.exit() if history_regx.search(cmd_interpreter_wp): for i in range(len(history)): - print(" %s %s"%(i+1,history[i-1])) + print(" %s %s" % (i+1, history[i-1])) if exec_regx.search(cmd_interpreter_wp): Cli._exec(cmd_interpreter_wp) if var_regx.search(cmd_interpreter_wp): - Cli.dork_variable(Cli.getDork(cmd_interpreter),output_dir,numberpage) - - + Cli.dork_variable(Cli.getDork( + cmd_interpreter), output_dir, numberpage) - def send_commands(self,cmd): + def send_commands(self, cmd): while True: Cli.autoComplete_Global() - cmd = input("%s%svulnx%s > "% (bannerblue2,W_UL,end)) + cmd = input("%s%svulnx%s > " % (bannerblue2, W_UL, end)) history.append(cmd) if url_regx.search(cmd): - #url session + # url session while True: - cmd_interpreter=input("%s%svulnx%s%s target(%s%s%s) > %s" %(bannerblue2,W_UL,end,W,R,self.getUrl(cmd),W,end)) + cmd_interpreter = input("%s%svulnx%s%s target(%s%s%s) > %s" % ( + bannerblue2, W_UL, end, W, R, self.getUrl(cmd), W, end)) history.append(cmd_interpreter) if cmd_interpreter == 'back': break elif cmd_interpreter == 'run exploit': - print('\n%s[*]%s Running exploits..' %(B,end)) + print('\n%s[*]%s Running exploits..' % (B, end)) root = self.getUrl(cmd) if root.startswith('http'): url_root = root else: url_root = 'http://'+url_root - self.__runExploits(url_root,headers) + self.__runExploits(url_root, headers) elif help_regx.search(cmd_interpreter) or cmd_interpreter == '?': Helpers._url_action_help() elif exit_regx.search(cmd_interpreter) or cmd_interpreter == 'quit': @@ -533,7 +557,7 @@ def send_commands(self,cmd): else: print("use (help) (?) to show man commands.") elif dork_regx.search(cmd): - #dork session + # dork session self.setdorkCLI(cmd) elif exit_regx.search(cmd) or cmd == 'quit': sys.exit() @@ -543,10 +567,11 @@ def send_commands(self,cmd): Cli._clearscreen() elif history_regx.search(cmd): for i in range(len(history)): - print(" %s %s"%(i+1,history[i-1])) + print(" %s %s" % (i+1, history[i-1])) elif exec_regx.search(cmd): Cli._exec(cmd) elif var_regx.search(cmd): - Cli.global_variables(dorkname,output_dir,numberpage,url,timeout) + Cli.global_variables(dorkname, output_dir, + numberpage, url, timeout) else: print("use (help) (?) to show man commands.") diff --git a/common/banner.py b/common/banner.py index df8522d..564ea97 100644 --- a/common/banner.py +++ b/common/banner.py @@ -1,8 +1,9 @@ import sys -from common.colors import bannerblue , bannerblue2 ,W ,Y ,R,end +from common.colors import bannerblue, bannerblue2, W, Y, R, end + def banner(): - print("""%s + print("""%s .:. .:, xM; XK. @@ -31,18 +32,18 @@ def banner(): ;. :. %s# Coded By Anouar Ben Saad -%s @anouarbensaad - %s""" -% -(bannerblue,bannerblue2, -W,bannerblue2,W,bannerblue2,W,bannerblue2, -W,bannerblue2,W,bannerblue2,W,bannerblue2, -W,bannerblue2,W,bannerblue2, -W,bannerblue2,W,bannerblue2, -W,bannerblue2,W,bannerblue2, -W,bannerblue2,W,bannerblue2, -W,bannerblue2, -W,bannerblue2,W,bannerblue2, -W,bannerblue2, -W,bannerblue2, -W,Y,end -)) + %s""" + % + (bannerblue, bannerblue2, + W, bannerblue2, W, bannerblue2, W, bannerblue2, + W, bannerblue2, W, bannerblue2, W, bannerblue2, + W, bannerblue2, W, bannerblue2, + W, bannerblue2, W, bannerblue2, + W, bannerblue2, W, bannerblue2, + W, bannerblue2, W, bannerblue2, + W, bannerblue2, + W, bannerblue2, W, bannerblue2, + W, bannerblue2, + W, bannerblue2, + W, Y, end + )) diff --git a/common/colors.py b/common/colors.py index 1910226..9410a38 100644 --- a/common/colors.py +++ b/common/colors.py @@ -9,31 +9,31 @@ # Colors shouldn't be displayed on Mac and Windows bannerblue = bannerblue2 = yellowhead = \ W = Y = R = G = B = bg = green = \ - run = good = bad = info = red = end = que = \ - failexploit = vulnexploit = portopen = portclose = '' + run = good = bad = info = red = end = que = \ + failexploit = vulnexploit = portopen = portclose = '' else: - #banner Colors - bannerblue = '\033[34m' + # banner Colors + bannerblue = '\033[34m' bannerblue2 = '\033[1;1;94m' - yellowhead = '\033[1;1;94m' - #default colors - W = '\033[97m' # white - Y = '\033[93m' # yellow - R = '\033[91m' - G = '\033[92m' - B = '\033[94m' - bg = '\033[7;91m' - green = '\033[92m' - #action colors - run = '\033[93m[~]\033[0m' - good = '\033[92m[+]\033[0m' - bad = '\033[91m[-]\033[0m' - info = '\033[93m[!]\033[0m' - red = '\033[91m' - end = '\033[0m' - que = '\033[94m[?]\033[0m' - #test colors + yellowhead = '\033[1;1;94m' + # default colors + W = '\033[97m' # white + Y = '\033[93m' # yellow + R = '\033[91m' + G = '\033[92m' + B = '\033[94m' + bg = '\033[7;91m' + green = '\033[92m' + # action colors + run = '\033[93m[~]\033[0m' + good = '\033[92m[+]\033[0m' + bad = '\033[91m[-]\033[0m' + info = '\033[93m[!]\033[0m' + red = '\033[91m' + end = '\033[0m' + que = '\033[94m[?]\033[0m' + # test colors failexploit = '\033[91mFAIL\033[0m' vulnexploit = '\033[92mVULN\033[0m' - portopen = '\033[92mOPEN \033[0m' - portclose = '\033[91mCLOSE\033[0m' + portopen = '\033[92mOPEN \033[0m' + portclose = '\033[91mCLOSE\033[0m' diff --git a/common/output_wr.py b/common/output_wr.py index c8d1675..8ea4096 100644 --- a/common/output_wr.py +++ b/common/output_wr.py @@ -2,6 +2,7 @@ import os import sys + def writelogs(data, data_name, output_dir): """Write the results.""" for data, data_name in zip(data, data_name): @@ -10,4 +11,4 @@ def writelogs(data, data_name, output_dir): with open(filepath, 'w+') as out_file: joined = '\n'.join(data) out_file.write(str(joined.encode('utf-8').decode('utf-8'))) - out_file.write('\n') \ No newline at end of file + out_file.write('\n') diff --git a/common/requestUp.py b/common/requestUp.py index a31b036..cb122db 100644 --- a/common/requestUp.py +++ b/common/requestUp.py @@ -7,6 +7,7 @@ SESSION = requests.Session() SESSION.max_redirects = 2 + def random_UserAgent(): useragents_rotate = [ "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]", @@ -31,42 +32,46 @@ def random_UserAgent(): useragents_random = random.choice(useragents_rotate) return useragents_random + def getrequest( - url, - headers, - timeout=3, - ): + url, + headers, + timeout=3, +): """GetRequest without ssl verification""" headers = set() + def get(url): - # Selecting a random user-agent + # Selecting a random user-agent response = SESSION.get( - url, - headers=headers, - verify=False, - timeout=timeout, - stream=True, + url, + headers=headers, + verify=False, + timeout=timeout, + stream=True, ) return response.text return get(url) + def sendrequest( - url, - headers=None, - data=None, - timeout=3, - ): + url, + headers=None, + data=None, + timeout=3, +): """GetRequest without ssl verification""" headers = set() data = set() + def post(url): response = SESSION.post( - url, - data=data, - headers=headers, - verify=False, - timeout=timeout, - stream=True, + url, + data=data, + headers=headers, + verify=False, + timeout=timeout, + stream=True, ) return response.text - return post(url) \ No newline at end of file + return post(url) diff --git a/common/threading.py b/common/threading.py index 8d15c4f..c5f42fd 100644 --- a/common/threading.py +++ b/common/threading.py @@ -2,11 +2,14 @@ from common.colors import info + def threads(function, thread_count): """ Threadpool Uses """ threads = concurrent.futures.ThreadPoolExecutor( - max_workers=thread_count) + max_workers=thread_count) confuture = (threads.submit(function)) for i, _ in enumerate(concurrent.futures.as_completed(confuture)): - print('%s Progress IN : %i' % (info, i + 1), end='\r') -print('') \ No newline at end of file + print('%s Progress IN : %i' % (info, i + 1), end='\r') + + +print('') diff --git a/common/uriParser.py b/common/uriParser.py index 764b03a..59b82da 100644 --- a/common/uriParser.py +++ b/common/uriParser.py @@ -1,6 +1,7 @@ import re from urllib.parse import urlparse + def parsing_url(url): host = urlparse(url).netloc return host diff --git a/modules/dnsLookup.py b/modules/dnsLookup.py index 3c837dd..02513e8 100644 --- a/modules/dnsLookup.py +++ b/modules/dnsLookup.py @@ -2,10 +2,11 @@ import re import base64 import json -from common.colors import red, green, bg, G, R, W, Y, G , good , bad , run , info , end , que , bannerblue +from common.colors import red, green, bg, G, R, W, Y, G, good, bad, run, info, end, que, bannerblue from bs4 import BeautifulSoup from common.uriParser import parsing_url as hostd + def results(table): res = [] trs = table.findAll('tr') @@ -35,6 +36,7 @@ def results(table): pass return res + def text_record(table): res = [] for td in table.findAll('td'): @@ -49,14 +51,17 @@ def dnsdumper(url): soup = BeautifulSoup(response.text, 'html.parser') # If no match is found, the return object won't have group method, so check. try: - csrf_token = soup.findAll('input', attrs={'name': 'csrfmiddlewaretoken'})[0]['value'] + csrf_token = soup.findAll( + 'input', attrs={'name': 'csrfmiddlewaretoken'})[0]['value'] except AttributeError: # No match is found - csrf_token = soup.findAll('input', attrs={'name': 'csrfmiddlewaretoken'})[0]['value'] - print (' %s Retrieved token: %s' % (info,csrf_token)) + csrf_token = soup.findAll( + 'input', attrs={'name': 'csrfmiddlewaretoken'})[0]['value'] + print(' %s Retrieved token: %s' % (info, csrf_token)) cookies = {'csrftoken': csrf_token} headers = {'Referer': 'https://dnsdumpster.com/'} - data = {'csrfmiddlewaretoken': csrf_token, 'targetip': domain } - response = requests.Session().post('https://dnsdumpster.com/',cookies=cookies, data=data, headers=headers) + data = {'csrfmiddlewaretoken': csrf_token, 'targetip': domain} + response = requests.Session().post('https://dnsdumpster.com/', + cookies=cookies, data=data, headers=headers) image = requests.get('https://dnsdumpster.com/static/map/%s.png' % domain) if response.status_code == 200: soup = BeautifulSoup(response.content, 'html.parser') @@ -68,23 +73,30 @@ def dnsdumper(url): res['dns_records']['mx'] = results(tables[1]) print(' %s Search for DNS Servers' % que) for entry in res['dns_records']['dns']: - print((" %s Host : {domain} \n %s IP : {ip} \n %s AS : {as} \n %s----------------%s".format(**entry)% (good,good,good,bannerblue,end))) + print((" %s Host : {domain} \n %s IP : {ip} \n %s AS : {as} \n %s----------------%s".format( + **entry) % (good, good, good, bannerblue, end))) print(' %s Search for MX Records ' % que) for entry in res['dns_records']['mx']: - print((" %s Host : {domain} \n %s IP : {ip} \n %s AS : {as} \n %s----------------%s".format(**entry)% (good,good,good,bannerblue,end))) + print((" %s Host : {domain} \n %s IP : {ip} \n %s AS : {as} \n %s----------------%s".format( + **entry) % (good, good, good, bannerblue, end))) + + def domain_info(url): domain = hostd(url) dnsdumpster_url = 'https://dnsdumpster.com/' response = requests.Session().get(dnsdumpster_url).text # If no match is found, the return object won't have group method, so check. try: - csrf_token = re.search(r"name='csrfmiddlewaretoken' value='(.*?)'", response).group(1) + csrf_token = re.search( + r"name='csrfmiddlewaretoken' value='(.*?)'", response).group(1) except AttributeError: # No match is found - csrf_token = re.search(r"name='csrfmiddlewaretoken' value='(.*?)'", response) + csrf_token = re.search( + r"name='csrfmiddlewaretoken' value='(.*?)'", response) cookies = {'csrftoken': csrf_token} headers = {'Referer': 'https://dnsdumpster.com/'} - data = {'csrfmiddlewaretoken': csrf_token, 'targetip': domain } - response = requests.Session().post('https://dnsdumpster.com/',cookies=cookies, data=data, headers=headers) + data = {'csrfmiddlewaretoken': csrf_token, 'targetip': domain} + response = requests.Session().post('https://dnsdumpster.com/', + cookies=cookies, data=data, headers=headers) image = requests.get('https://dnsdumpster.com/static/map/%s.png' % domain) if response.status_code == 200: soup = BeautifulSoup(response.content, 'html.parser') @@ -95,4 +107,5 @@ def domain_info(url): res['dns_records']['host'] = results(tables[3]) print(' %s SubDomains' % que) for entry in res['dns_records']['host']: - print((" %s SubDomain : {domain} \n %s IP : {ip} \n %s----------------%s".format(**entry)% (good,good,bannerblue,end))) + print((" %s SubDomain : {domain} \n %s IP : {ip} \n %s----------------%s".format( + **entry) % (good, good, bannerblue, end))) diff --git a/modules/dorksEngine.py b/modules/dorksEngine.py index 106939f..b707add 100644 --- a/modules/dorksEngine.py +++ b/modules/dorksEngine.py @@ -8,216 +8,226 @@ import time import random import os -from common.colors import run,W,end,good,bad,que,info,bannerblue +from common.colors import run, W, end, good, bad, que, info, bannerblue from common.uriParser import parsing_url as parsify filename = time.strftime("%Y-%m-%d-%H%M%S-Dorks") output_dirdorks = 'logs'+'/Dorks' -if not os.path.exists(output_dirdorks): # if the directory doesn't exist - os.mkdir(output_dirdorks) # create a new directory - export = open('%s/%s.txt' % (output_dirdorks,filename),'w') +if not os.path.exists(output_dirdorks): # if the directory doesn't exist + os.mkdir(output_dirdorks) # create a new directory + export = open('%s/%s.txt' % (output_dirdorks, filename), 'w') else: - export = open('%s/%s.txt' % (output_dirdorks,filename),'w') + export = open('%s/%s.txt' % (output_dirdorks, filename), 'w') wp_contentdorks = { - 'blaze' : 'inurl:"/wp-content/plugins/blaze-slide-show-for-wordpress/"', - 'catpro' : 'inurl:"/wp-content/plugins/wp-catpro/"', - 'cherry' : 'inurl:"/wp-content/plugins/cherry-plugin/"', - 'dm' : 'inurl:"/wp-content/plugins/downloads-manager/"', - 'fromcraft' : 'inurl:"/wp-content/plugins/formcraft/file-upload/"', - 'synoptic' : 'inurl:"/wp-content/themes/synoptic/lib/avatarupload"', - 'shop' : 'inurl:"/wp-content/plugins/wpshop/includes/"', - 'revslider' : 'inurl "/wp-content/plugins/revslider/"', - 'adsmanager' : 'inurl:"/wp-content/plugins/simple-ads-manager/"', - 'inboundiomarketing': 'inurl:"/wp-content/plugins/inboundio-marketing/"', - 'thumbslider' : 'inurl:"/wp-content/plugins/wp-responsive-thumbnail-slider"', + 'blaze': 'inurl:"/wp-content/plugins/blaze-slide-show-for-wordpress/"', + 'catpro': 'inurl:"/wp-content/plugins/wp-catpro/"', + 'cherry': 'inurl:"/wp-content/plugins/cherry-plugin/"', + 'dm': 'inurl:"/wp-content/plugins/downloads-manager/"', + 'fromcraft': 'inurl:"/wp-content/plugins/formcraft/file-upload/"', + 'synoptic': 'inurl:"/wp-content/themes/synoptic/lib/avatarupload"', + 'shop': 'inurl:"/wp-content/plugins/wpshop/includes/"', + 'revslider': 'inurl "/wp-content/plugins/revslider/"', + 'adsmanager': 'inurl:"/wp-content/plugins/simple-ads-manager/"', + 'inboundiomarketing': 'inurl:"/wp-content/plugins/inboundio-marketing/"', + 'thumbslider': 'inurl:"/wp-content/plugins/wp-responsive-thumbnail-slider"', } wp_admindorks = { - 'wysija' : 'inurl":/wp-admin/admin-post.php?page=wysija_campaigns"', - 'powerzoomer' : 'inurl:"/wp-admin/admin.php?page=powerzoomer_manage"', - 'showbiz' : 'inurl:"/wp-admin/admin-ajax.php"', + 'wysija': 'inurl":/wp-admin/admin-post.php?page=wysija_campaigns"', + 'powerzoomer': 'inurl:"/wp-admin/admin.php?page=powerzoomer_manage"', + 'showbiz': 'inurl:"/wp-admin/admin-ajax.php"', } wpajx = { - 'jobmanager' : 'inurl:"/jm-ajax/upload_file/"', + 'jobmanager': 'inurl:"/jm-ajax/upload_file/"', } wpindex = { - 'injection' : 'inurl:"/index.php/wp-json/wp/"', + 'injection': 'inurl:"/index.php/wp-json/wp/"', } joomla = { - 'comjce' : 'inurl":index.php?option=com_jce"', - 'comfabrik' : 'inurl":index.php?option=com_fabrik"', - 'comjdownloads' : 'inurl":index.php?option=com_fabrik"', - 'comfoxcontact' : 'inurl":index.php?option=com_foxcontact"', + 'comjce': 'inurl":index.php?option=com_jce"', + 'comfabrik': 'inurl":index.php?option=com_fabrik"', + 'comjdownloads': 'inurl":index.php?option=com_fabrik"', + 'comfoxcontact': 'inurl":index.php?option=com_foxcontact"', } prestashop = { - 'columnadverts' : 'inurl":/modules/columnadverts/"', - 'soopabanners' : 'inurl":/modules/soopabanners/"', - 'vtslide' : 'inurl":/modules/soopabanners/"', - 'simpleslideshow' : 'inurl":/modules/simpleslideshow/"', - 'productpageadverts' : 'inurl":/modules/productpageadverts/"', - 'productpageadvertsb' : 'inurl":/modules/homepageadvertise2/"', - 'jro_homepageadvertise' : 'inurl":/modules/jro_homepageadvertise/"', - 'attributewizardpro' : 'inurl":/modules/attributewizardpro/"', - 'oneattributewizardpro' : 'inurl":/modules/1attributewizardpro/"', - 'attributewizardpro_old' : 'inurl":/modules/attributewizardpro.OLD/"', - 'attributewizardpro_x' : 'inurl":/modules/attributewizardpro_x/"', - 'advancedslider' : 'inurl":/modules/advancedslider/"', - 'cartabandonmentpro' : 'inurl":/modules/cartabandonmentpro/"', - 'cartabandonmentpro_old' : 'inurl":/modules/cartabandonmentproOld/"' , - 'videostab' : 'inurl":/modules/videostab/"', - 'wg24themeadministration': 'inurl":/modules//wg24themeadministration/"', - 'fieldvmegamenu' : 'inurl":/modules/fieldvmegamenu/"', - 'wdoptionpanel' : 'inurl":/modules/wdoptionpanel/"', - 'pk_flexmenu' : 'inurl":/modules/pk_flexmenu/"', - 'pk_vertflexmenu' : 'inurl":/modules/pk_vertflexmenu/"', - 'nvn_export_orders' : 'inurl":/modules/nvn_export_orders/"', - 'tdpsthemeoptionpanel' : 'inurl":/modules/tdpsthemeoptionpanel/"', - 'masseditproduct' : 'inurl":/modules/lib/redactor/"', + 'columnadverts': 'inurl":/modules/columnadverts/"', + 'soopabanners': 'inurl":/modules/soopabanners/"', + 'vtslide': 'inurl":/modules/soopabanners/"', + 'simpleslideshow': 'inurl":/modules/simpleslideshow/"', + 'productpageadverts': 'inurl":/modules/productpageadverts/"', + 'productpageadvertsb': 'inurl":/modules/homepageadvertise2/"', + 'jro_homepageadvertise': 'inurl":/modules/jro_homepageadvertise/"', + 'attributewizardpro': 'inurl":/modules/attributewizardpro/"', + 'oneattributewizardpro': 'inurl":/modules/1attributewizardpro/"', + 'attributewizardpro_old': 'inurl":/modules/attributewizardpro.OLD/"', + 'attributewizardpro_x': 'inurl":/modules/attributewizardpro_x/"', + 'advancedslider': 'inurl":/modules/advancedslider/"', + 'cartabandonmentpro': 'inurl":/modules/cartabandonmentpro/"', + 'cartabandonmentpro_old': 'inurl":/modules/cartabandonmentproOld/"', + 'videostab': 'inurl":/modules/videostab/"', + 'wg24themeadministration': 'inurl":/modules//wg24themeadministration/"', + 'fieldvmegamenu': 'inurl":/modules/fieldvmegamenu/"', + 'wdoptionpanel': 'inurl":/modules/wdoptionpanel/"', + 'pk_flexmenu': 'inurl":/modules/pk_flexmenu/"', + 'pk_vertflexmenu': 'inurl":/modules/pk_vertflexmenu/"', + 'nvn_export_orders': 'inurl":/modules/nvn_export_orders/"', + 'tdpsthemeoptionpanel': 'inurl":/modules/tdpsthemeoptionpanel/"', + 'masseditproduct': 'inurl":/modules/lib/redactor/"', } + class Dorks: - @staticmethod - def getdorksbyname(exploitname): - if exploitname in wp_contentdorks: - return wp_contentdorks[exploitname] - elif exploitname in wp_admindorks: - return wp_admindorks[exploitname] - elif exploitname in wpajx: - return wpajx[exploitname] - elif exploitname in wpindex: - return wpindex[exploitname] - elif exploitname in joomla: - return joomla[exploitname] - elif exploitname in prestashop: - return prestashop[exploitname] - - @staticmethod - def searchengine(exploitname,headers,output_dir,numberpage): - try : - print (' %s Searching for %s dork url' %(run,exploitname)) - numberpage = numberpage*10 - for np in range(0,numberpage,10): - starty = time.time() - if np==0: - time.sleep(random.randint(1,2)) - print(' %s Page n° 1 ' % (info)) - googlequery = 'https://www.google.com/search?q='+Dorks.getdorksbyname(exploitname) - print(' %s searching for : %s'% (que,googlequery)) - res = requests.get(googlequery,headers).text - if (re.findall(re.compile(r'CAPTCHA'),res)): - print(' %s Bot Detected The block will expire shortly' % bad) - else: - Dorks.WP_dorksconditions(exploitname,res,output_dir) - print ('------------------------------------------------') - else: - time.sleep(random.randint(3,5)) - print(' %s Page n° %i ' % (info,np/10+1)) - googlequery = 'https://www.google.com/search?q='+Dorks.getdorksbyname(exploitname)+'&start='+str(np) - res = requests.get(googlequery,headers).text - print(' %s searching for : %s'% (que,googlequery)) - if (re.findall(re.compile(r'CAPTCHA'),res)): - print(' %s Bot Detected The block will expire shortly' % bad) - else: - Dorks.WP_dorksconditions(exploitname,res,output_dir) - print ('------------------------------------------------') - endy = time.time() - elapsed = endy - starty - print (' %s Elapsed Time : %.2f seconds' % (info,elapsed)) - print("%s----------------%s"%(bannerblue,end)) - export.close() - except Exception as msg: - print(' %s exploitname %s ' %(bad,msg)) - np=+10 + @staticmethod + def getdorksbyname(exploitname): + if exploitname in wp_contentdorks: + return wp_contentdorks[exploitname] + elif exploitname in wp_admindorks: + return wp_admindorks[exploitname] + elif exploitname in wpajx: + return wpajx[exploitname] + elif exploitname in wpindex: + return wpindex[exploitname] + elif exploitname in joomla: + return joomla[exploitname] + elif exploitname in prestashop: + return prestashop[exploitname] + + @staticmethod + def searchengine(exploitname, headers, output_dir, numberpage): + try: + print(' %s Searching for %s dork url' % (run, exploitname)) + numberpage = numberpage*10 + for np in range(0, numberpage, 10): + starty = time.time() + if np == 0: + time.sleep(random.randint(1, 2)) + print(' %s Page n° 1 ' % (info)) + googlequery = 'https://www.google.com/search?q=' + \ + Dorks.getdorksbyname(exploitname) + print(' %s searching for : %s' % (que, googlequery)) + res = requests.get(googlequery, headers).text + if (re.findall(re.compile(r'CAPTCHA'), res)): + print(' %s Bot Detected The block will expire shortly' % bad) + else: + Dorks.WP_dorksconditions(exploitname, res, output_dir) + print('------------------------------------------------') + else: + time.sleep(random.randint(3, 5)) + print(' %s Page n° %i ' % (info, np/10+1)) + googlequery = 'https://www.google.com/search?q=' + \ + Dorks.getdorksbyname(exploitname)+'&start='+str(np) + res = requests.get(googlequery, headers).text + print(' %s searching for : %s' % (que, googlequery)) + if (re.findall(re.compile(r'CAPTCHA'), res)): + print(' %s Bot Detected The block will expire shortly' % bad) + else: + Dorks.WP_dorksconditions(exploitname, res, output_dir) + print('------------------------------------------------') + endy = time.time() + elapsed = endy - starty + print(' %s Elapsed Time : %.2f seconds' % (info, elapsed)) + print("%s----------------%s" % (bannerblue, end)) + export.close() + except Exception as msg: + print(' %s exploitname %s ' % (bad, msg)) + np = +10 + + @staticmethod + def WP_dorksconditions(exploitname, response, output_dir): + webs = [] + if exploitname in wp_contentdorks: + dorks = re.findall(re.compile( + r'https?://+?\w+?[a-zA-Z0-9-_.]+?[a-zA-Z0-9-_.]?\w+\.\w+/?/wp-content/plugins/\w+'), response) + if len(dorks) > 0: + for web in dorks: + if web not in webs: + webs.append(web) + for i in range(len(webs)): + domains = parsify(webs[i]) + print(' %s URL : %s ' % (good, webs[i])) + print(' %s DOMAIN: %s ' % (good, domains)) + export.write(domains) + export.write('\n') + elif exploitname in wp_admindorks: + dorks = re.findall(re.compile( + r'https?://+?\w+?[a-zA-Z0-9-_.]+?[a-zA-Z0-9-_.]?\w+\.\w+/?/wp-admin/\w+'), response) + if len(dorks) > 0: + for web in dorks: + if web not in webs: + webs.append(web) + for i in range(len(webs)): + domains = parsify(webs[i]) + print(' %s URL : %s ' % (good, webs[i])) + print(' %s DOMAIN: %s ' % (good, domains)) + export.write(domains) + export.write('\n') + elif exploitname in wpajx: + dorks = re.findall(re.compile( + r'https?://+?\w+?[a-zA-Z0-9-_.]+?[a-zA-Z0-9-_.]?\w+\.\w+/?/jm-ajax/upload_file/'), response) + if len(dorks) > 0: + for web in dorks: + if web not in webs: + webs.append(web) + for i in range(len(webs)): + domains = parsify(webs[i]) + print(' %s URL : %s ' % (good, webs[i])) + print(' %s DOMAIN: %s ' % (good, domains)) + export.write(domains) + export.write('\n') + elif exploitname in wpindex: + dorks = re.findall(re.compile( + r'https?://+?\w+?[a-zA-Z0-9-_.]+?[a-zA-Z0-9-_.]?\w+\.\w+/index.php/wp-json/wp/'), response) + if len(dorks) > 0: + for web in dorks: + if web not in webs: + webs.append(web) + for i in range(len(webs)): + domains = parsify(webs[i]) + print(' %s URL : %s ' % (good, webs[i])) + print(' %s DOMAIN: %s ' % (good, domains)) + export.write(domains) + export.write('\n') + elif exploitname in joomla: + dorks = re.findall(re.compile( + r'https?://+?\w+?[a-zA-Z0-9-_.]+?[a-zA-Z0-9-_.]?\w+\.\w+/index.php?option=com_jce'), response) + if len(dorks) > 0: + for web in dorks: + if web not in webs: + webs.append(web) + for i in range(len(webs)): + domains = parsify(webs[i]) + print(' %s URL : %s ' % (good, webs[i])) + print(' %s DOMAIN: %s ' % (good, domains)) + export.write(domains) + export.write('\n') + elif exploitname in prestashop: + dorks = re.findall(re.compile( + r'https?://+?\w+?[a-zA-Z0-9-_.]+?[a-zA-Z0-9-_.]?\w+\.\w+/?/modules/\w+'), response) + if len(dorks) > 0: + for web in dorks: + if web not in webs: + webs.append(web) + for i in range(len(webs)): + domains = parsify(webs[i]) + print(' %s URL : %s ' % (good, webs[i])) + print(' %s DOMAIN: %s ' % (good, domains)) + export.write(domains) + export.write('\n') - @staticmethod - def WP_dorksconditions(exploitname,response,output_dir): - webs = [] - if exploitname in wp_contentdorks: - dorks = re.findall(re.compile(r'https?://+?\w+?[a-zA-Z0-9-_.]+?[a-zA-Z0-9-_.]?\w+\.\w+/?/wp-content/plugins/\w+'),response) - if len(dorks) > 0: - for web in dorks: - if web not in webs: - webs.append(web) - for i in range(len(webs)): - domains = parsify(webs[i]) - print (' %s URL : %s ' %(good , webs[i])) - print (' %s DOMAIN: %s ' %(good , domains)) - export.write(domains) - export.write('\n') - elif exploitname in wp_admindorks: - dorks = re.findall(re.compile(r'https?://+?\w+?[a-zA-Z0-9-_.]+?[a-zA-Z0-9-_.]?\w+\.\w+/?/wp-admin/\w+'),response) - if len(dorks) > 0: - for web in dorks: - if web not in webs: - webs.append(web) - for i in range(len(webs)): - domains = parsify(webs[i]) - print (' %s URL : %s ' %(good , webs[i])) - print (' %s DOMAIN: %s ' %(good , domains)) - export.write(domains) - export.write('\n') - elif exploitname in wpajx: - dorks = re.findall(re.compile(r'https?://+?\w+?[a-zA-Z0-9-_.]+?[a-zA-Z0-9-_.]?\w+\.\w+/?/jm-ajax/upload_file/'),response) - if len(dorks) > 0: - for web in dorks: - if web not in webs: - webs.append(web) - for i in range(len(webs)): - domains = parsify(webs[i]) - print (' %s URL : %s ' %(good , webs[i])) - print (' %s DOMAIN: %s ' %(good , domains)) - export.write(domains) - export.write('\n') - elif exploitname in wpindex: - dorks = re.findall(re.compile(r'https?://+?\w+?[a-zA-Z0-9-_.]+?[a-zA-Z0-9-_.]?\w+\.\w+/index.php/wp-json/wp/'),response) - if len(dorks) > 0: - for web in dorks: - if web not in webs: - webs.append(web) - for i in range(len(webs)): - domains = parsify(webs[i]) - print (' %s URL : %s ' %(good , webs[i])) - print (' %s DOMAIN: %s ' %(good , domains)) - export.write(domains) - export.write('\n') - elif exploitname in joomla: - dorks = re.findall(re.compile(r'https?://+?\w+?[a-zA-Z0-9-_.]+?[a-zA-Z0-9-_.]?\w+\.\w+/index.php?option=com_jce'),response) - if len(dorks) > 0: - for web in dorks: - if web not in webs: - webs.append(web) - for i in range(len(webs)): - domains = parsify(webs[i]) - print (' %s URL : %s ' %(good , webs[i])) - print (' %s DOMAIN: %s ' %(good , domains)) - export.write(domains) - export.write('\n') - elif exploitname in prestashop: - dorks = re.findall(re.compile(r'https?://+?\w+?[a-zA-Z0-9-_.]+?[a-zA-Z0-9-_.]?\w+\.\w+/?/modules/\w+'),response) - if len(dorks) > 0: - for web in dorks: - if web not in webs: - webs.append(web) - for i in range(len(webs)): - domains = parsify(webs[i]) - print (' %s URL : %s ' %(good , webs[i])) - print (' %s DOMAIN: %s ' %(good , domains)) - export.write(domains) - export.write('\n') class DorkList(): - @staticmethod - def dorkslist(): - print(""" + @staticmethod + def dorkslist(): + print(""" %sWordPress Joomla Prestashop --------- ------ -----------%s blaze comjce columnadverts @@ -243,13 +253,11 @@ def dorkslist(): nvn_export_orders tdpsthemeoptionpanel masseditproduct -"""%(W,end)) +""" % (W, end)) - - - @staticmethod - def wp_dorkTable(): - print(""" + @staticmethod + def wp_dorkTable(): + print(""" WordPress --------- blaze @@ -270,9 +278,9 @@ def wp_dorkTable(): thumbslider """) - @staticmethod - def joo_dorkTable(): - print(""" + @staticmethod + def joo_dorkTable(): + print(""" Joomla ------ comjce @@ -281,10 +289,10 @@ def joo_dorkTable(): comfoxcontact """) - @staticmethod - def ps_dorkTable(): + @staticmethod + def ps_dorkTable(): - print(""" + print(""" Prestashop ----------- columnadverts @@ -312,16 +320,16 @@ def ps_dorkTable(): masseditproduct """) - @staticmethod - def loko_dorkTable(): - print(""" + @staticmethod + def loko_dorkTable(): + print(""" Lokomedia ------ """) - @staticmethod - def dru_dorkTable(): - print(""" + @staticmethod + def dru_dorkTable(): + print(""" Drupal ------ - """) \ No newline at end of file + """) diff --git a/modules/druExploits.py b/modules/druExploits.py index 86334d9..6f079dd 100644 --- a/modules/druExploits.py +++ b/modules/druExploits.py @@ -1,3 +1,7 @@ +from common.colors import failexploit, vulnexploit, que, info, good +from common.requestUp import getrequest as vxget +from common.requestUp import sendrequest as vxpost +import os import re import random import datetime @@ -5,11 +9,6 @@ from common.uriParser import parsing_url as hostd now = datetime.datetime.now() year = now.strftime('%Y') -month= now.strftime('%m') +month = now.strftime('%m') -import os Session = requests.Session() - -from common.colors import failexploit , vulnexploit , que , info , good -from common.requestUp import sendrequest as vxpost -from common.requestUp import getrequest as vxget diff --git a/modules/jooGrabber.py b/modules/jooGrabber.py index 9c90316..6443286 100644 --- a/modules/jooGrabber.py +++ b/modules/jooGrabber.py @@ -1,43 +1,47 @@ """ Joomla Information Gathering """ -from common.colors import red, green, bg, G, R, W, Y, G , good , bad , run , info , end , que +from common.colors import red, green, bg, G, R, W, Y, G, good, bad, run, info, end, que import re import requests # Find Joomla version and check it on exploit-db -def joo_version(url,headers): - endpoint = url + "/administrator/manifests/files" + '/joomla.xml' - response = requests.get(endpoint,headers).text - regex = r'(.+?)' - pattern = re.compile(regex) - version = re.findall(pattern, response) - if version: - return print (' %s Version : %s' %(good,version[0])) -def joo_user(url,headers): - users = [] - endpoint = url + '/?format=feed' - response = requests.get(endpoint,headers).text - regex = r'(.+?) \((.+?)\)' - pattern = re.compile(regex) - joouser = re.findall(pattern, response) - if joouser: - joouser = sorted(set(joouser)) - for user in joouser: - users.append(user[1]) - msg = user[1] + ": " + user[0] - print(msg) -def joo_template(url,headers): - main_endpoint = url + '/index.php' - responsea = requests.get(main_endpoint,headers).text - WebTemplates = re.findall("/templates/(.+?)/", responsea) - WebTemplates = sorted(set(WebTemplates)) - adm_endpoint = url + '/administrator/index.php' - responseb = requests.get(adm_endpoint,headers).text - AdminTemplates = re.findall("/administrator/templates/(.+?)/", responseb) - AdminTemplates = sorted(set(AdminTemplates)) - if WebTemplates: - for WebTemplate in WebTemplates: - return print (' %s WebTemplate : %s' %(good,WebTemplate[0])) - if AdminTemplates: - for AdminTemplate in AdminTemplates: - return print (' %s AdminTemplate : %s' %(good,AdminTemplate[0])) \ No newline at end of file +def joo_version(url, headers): + endpoint = url + "/administrator/manifests/files" + '/joomla.xml' + response = requests.get(endpoint, headers).text + regex = r'(.+?)' + pattern = re.compile(regex) + version = re.findall(pattern, response) + if version: + return print(' %s Version : %s' % (good, version[0])) + + +def joo_user(url, headers): + users = [] + endpoint = url + '/?format=feed' + response = requests.get(endpoint, headers).text + regex = r'(.+?) \((.+?)\)' + pattern = re.compile(regex) + joouser = re.findall(pattern, response) + if joouser: + joouser = sorted(set(joouser)) + for user in joouser: + users.append(user[1]) + msg = user[1] + ": " + user[0] + print(msg) + + +def joo_template(url, headers): + main_endpoint = url + '/index.php' + responsea = requests.get(main_endpoint, headers).text + WebTemplates = re.findall("/templates/(.+?)/", responsea) + WebTemplates = sorted(set(WebTemplates)) + adm_endpoint = url + '/administrator/index.php' + responseb = requests.get(adm_endpoint, headers).text + AdminTemplates = re.findall("/administrator/templates/(.+?)/", responseb) + AdminTemplates = sorted(set(AdminTemplates)) + if WebTemplates: + for WebTemplate in WebTemplates: + return print(' %s WebTemplate : %s' % (good, WebTemplate[0])) + if AdminTemplates: + for AdminTemplate in AdminTemplates: + return print(' %s AdminTemplate : %s' % (good, AdminTemplate[0])) diff --git a/modules/portChecker.py b/modules/portChecker.py index 520a12a..7161923 100644 --- a/modules/portChecker.py +++ b/modules/portChecker.py @@ -1,37 +1,40 @@ -from common.colors import que,portopen,portclose +from common.colors import que, portopen, portclose import socket portsobject = { - 21 :'FTP' , - 22 :'SSH' , - 23 :'Telnet' , - 25 :'SMTP' , - 43 :'Whois' , - 53 :'DNS' , - 68 :'DHCP' , - 80 :'HTTP' , - 110 :'POP3' , - 115 :'SFTP' , - 119 :'NNTP' , - 123 :'NTP' , - 139 :'NetBIOS' , - 143 :'IMAP' , - 161 :'SNMP' , - 220 :'IMAP3' , - 389 :'LDAP' , - 443 :'SSL' , - 1521 :'Oracle SQL' , - 2049 :'NFS' , - 3306 :'mySQL' , - 5800 :'VNC' , - 8080 :'HTTP' , + 21: 'FTP', + 22: 'SSH', + 23: 'Telnet', + 25: 'SMTP', + 43: 'Whois', + 53: 'DNS', + 68: 'DHCP', + 80: 'HTTP', + 110: 'POP3', + 115: 'SFTP', + 119: 'NNTP', + 123: 'NTP', + 139: 'NetBIOS', + 143: 'IMAP', + 161: 'SNMP', + 220: 'IMAP3', + 389: 'LDAP', + 443: 'SSL', + 1521: 'Oracle SQL', + 2049: 'NFS', + 3306: 'mySQL', + 5800: 'VNC', + 8080: 'HTTP', } -def portscan(host,port): + + +def portscan(host, port): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) if port: result = sock.connect_ex((host, port)) if result == 0: - print (' %s %s %s %s' %(que,port,portopen,portsobject[port])) + print(' %s %s %s %s' % + (que, port, portopen, portsobject[port])) else: - print (' %s %s %s %s' %(que,port,portclose,portsobject[port])) - + print(' %s %s %s %s' % + (que, port, portclose, portsobject[port])) diff --git a/modules/wpGrabber.py b/modules/wpGrabber.py index aee25cc..1e18ac5 100644 --- a/modules/wpGrabber.py +++ b/modules/wpGrabber.py @@ -1,51 +1,59 @@ """ WordPress Information Gathering """ import re import requests -from common.colors import B,W,G,good,bad +from common.colors import B, W, G, good, bad -#searching for the wordpress version -def wp_version(url,headers,grabinfo): +# searching for the wordpress version + + +def wp_version(url, headers, grabinfo): ep = url - getversion = requests.get(ep,headers).text - #searching version content from the http response. \d{:digit} version form 0.0.0 - matches = re.search(re.compile(r'content=\"WordPress (\d{0,9}.\d{0,9}.\d{0,9})?\"'),getversion) + getversion = requests.get(ep, headers).text + # searching version content from the http response. \d{:digit} version form 0.0.0 + matches = re.search(re.compile( + r'content=\"WordPress (\d{0,9}.\d{0,9}.\d{0,9})?\"'), getversion) if matches: version = matches.group(1) - return print (' %s Version : %s' %(good,version)) - grabinfo.add('Version - '+ version) -#searching for the wordpress themes -def wp_themes(url,headers,grabinfo): + return print(' %s Version : %s' % (good, version)) + grabinfo.add('Version - ' + version) +# searching for the wordpress themes + + +def wp_themes(url, headers, grabinfo): ep = url themes_array = [] - getthemes = requests.get(ep,headers).text - matches = re.findall(re.compile(r'themes/(\w+)?/'),getthemes) - #loop for matching themes.) + getthemes = requests.get(ep, headers).text + matches = re.findall(re.compile(r'themes/(\w+)?/'), getthemes) + # loop for matching themes.) if len(matches) > 0: for theme in matches: - if theme not in themes_array: - themes_array.append(theme) - for i in range(len(themes_array)): - print (' %s Themes : %s ' %(good , themes_array[i])) -#searching for the wordpress user -def wp_user(url,headers,grabinfo): + if theme not in themes_array: + themes_array.append(theme) + for i in range(len(themes_array)): + print(' %s Themes : %s ' % (good, themes_array[i])) +# searching for the wordpress user + + +def wp_user(url, headers, grabinfo): ep = url + '/?author=1' - getuser = requests.get(ep,headers).text - matches = re.search(re.compile(r'author/(\w+)?/'),getuser) + getuser = requests.get(ep, headers).text + matches = re.search(re.compile(r'author/(\w+)?/'), getuser) if matches: user = matches.group(1) - return print (' %s User : %s' %(good,user)) - grabinfo.add('user - '+ user) + return print(' %s User : %s' % (good, user)) + grabinfo.add('user - ' + user) + +# searching for the wordpress plugins + -#searching for the wordpress plugins -def wp_plugin(url,headers,grabinfo): +def wp_plugin(url, headers, grabinfo): plugins_array = [] ep = url - getplugin = requests.get(ep,headers).text - matches = re.findall(re.compile(r'wp-content/plugins/(\w+)?/'),getplugin) + getplugin = requests.get(ep, headers).text + matches = re.findall(re.compile(r'wp-content/plugins/(\w+)?/'), getplugin) if len(matches) > 0: for plugin in matches: - if plugin not in plugins_array: - plugins_array.append(plugin) - for i in range(len(plugins_array)): - print (' %s Plugins : %s ' %(good , plugins_array[i])) - \ No newline at end of file + if plugin not in plugins_array: + plugins_array.append(plugin) + for i in range(len(plugins_array)): + print(' %s Plugins : %s ' % (good, plugins_array[i])) diff --git a/reqtest.py b/reqtest.py new file mode 100644 index 0000000..cc34af7 --- /dev/null +++ b/reqtest.py @@ -0,0 +1,13 @@ +import requests +import re + +url = "http://helloktebi.com/" +header = { + "content-type" : "*/*", + "accept": "*/*" +} +response = requests.get(url,headers=header).headers +server_response = response["server"] +regx = re.compile(r"(.+) \((.+)\)") +find = regx.search(server_response) +print(find.group(2)) diff --git a/vulnx.py b/vulnx.py index 25d7bdf..24e97d9 100644 --- a/vulnx.py +++ b/vulnx.py @@ -9,6 +9,76 @@ """ from __future__ import print_function +from common.colors import red, green, bg, G, R, W, Y, G, good, bad, run, info, end, que, bannerblue2 +from modules.wpGrabber import (wp_version, wp_plugin, wp_themes, wp_user) +from modules.jooGrabber import (joo_version, joo_user, joo_template) +from modules.jooExploits import(com_jce, + com_media, + # com_jdownloads, + # com_jdownloadsb, + com_fabrika, + com_fabrikb, + com_foxcontact, + com_adsmanager, + com_blog, + com_users, + comweblinks, + mod_simplefileupload, + com_jbcatalog, + com_sexycontactform, + com_rokdownloads, + com_extplorer, + com_jwallpapers, + com_facileforms, + ) +from modules.wpExploits import(wp_wysija, + wp_blaze, + wp_catpro, + wp_cherry, + wp_dm, + wp_fromcraft, + wp_jobmanager, + wp_showbiz, + wp_synoptic, + wp_shop, + wp_powerzoomer, + wp_revslider, + wp_adsmanager, + wp_inboundiomarketing, + wp_levoslideshow, + wp_adblockblocker, + ) +from modules.dnsLookup import dnsdumper, domain_info +from modules.prestaExploits import ( + columnadverts, + soopabanners, + vtslide, + simpleslideshow, + productpageadverts, + productpageadvertsb, + jro_homepageadvertise, + attributewizardpro, + oneattributewizardpro, + attributewizardpro_old, + attributewizardpro_x, + advancedslider, + cartabandonmentpro, + cartabandonmentpro_old, + videostab, + wg24themeadministration, + fieldvmegamenu, + wdoptionpanel, + pk_flexmenu, + nvn_export_orders, + tdpsthemeoptionpanel, + masseditproduct, + +) +from modules.portChecker import portscan +from common.output_wr import writelogs as outlogs +from common.requestUp import random_UserAgent +from common.uriParser import parsing_url as hostd +from common.banner import banner import sys import argparse @@ -21,135 +91,78 @@ import requests from common.threading import threads -warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning) +warnings.filterwarnings( + action="ignore", message=".*was already imported", category=UserWarning) warnings.filterwarnings(action="ignore", category=DeprecationWarning) -from common.colors import red, green, bg, G, R, W, Y, G , good , bad , run , info , end , que ,bannerblue2 -from common.banner import banner -from common.uriParser import parsing_url as hostd -from common.requestUp import random_UserAgent -from common.output_wr import writelogs as outlogs - -##### MODULES -from modules.portChecker import portscan -from modules.wpGrabber import (wp_version,wp_plugin,wp_themes,wp_user) -from modules.jooGrabber import (joo_version,joo_user,joo_template) -from modules.dnsLookup import dnsdumper , domain_info -from modules.wpExploits import( wp_wysija, - wp_blaze, - wp_catpro, - wp_cherry, - wp_dm, - wp_fromcraft, - wp_jobmanager, - wp_showbiz, - wp_synoptic, - wp_shop, - wp_powerzoomer, - wp_revslider, - wp_adsmanager, - wp_inboundiomarketing, - wp_levoslideshow, - wp_adblockblocker, - ) -from modules.jooExploits import( com_jce, - com_media, -# com_jdownloads, -# com_jdownloadsb, - com_fabrika, - com_fabrikb, - com_foxcontact, - com_adsmanager, - com_blog, - com_users, - comweblinks, - mod_simplefileupload, - com_jbcatalog, - com_sexycontactform, - com_rokdownloads, - com_extplorer, - com_jwallpapers, - com_facileforms, - ) -from modules.prestaExploits import ( - columnadverts, - soopabanners, - vtslide, - simpleslideshow, - productpageadverts, - productpageadvertsb, - jro_homepageadvertise, - attributewizardpro, - oneattributewizardpro, - attributewizardpro_old, - attributewizardpro_x, - advancedslider, - cartabandonmentpro, - cartabandonmentpro_old, - videostab, - wg24themeadministration, - fieldvmegamenu, - wdoptionpanel, - pk_flexmenu, - nvn_export_orders, - tdpsthemeoptionpanel, - masseditproduct, +# MODULES -) -#cleaning screen +# cleaning screen banner() + def parser_error(errmsg): print("Usage: python " + sys.argv[0] + " [Options] use -h for help") print(R + "Error: " + errmsg + W) sys.exit() + def parse_args(): - parser = argparse.ArgumentParser(epilog='\tExample: \r\npython ' + sys.argv[0] + " -u google.com") + parser = argparse.ArgumentParser( + epilog='\tExample: \r\npython ' + sys.argv[0] + " -u google.com") parser.error = parser_error parser._optionals.title = "\nOPTIONS" parser.add_argument('-u', '--url', help="url target to scan") - parser.add_argument('-D', '--dorks', help='search webs with dorks', dest='dorks' , type=str) - parser.add_argument('-o', '--output', help='specify output directory',required=False) - parser.add_argument('-t', '--timeout', help='http requests timeout', dest='timeout',type=float) - parser.add_argument('-c', '--cms-info', help='search cms info[themes,plugins,user,version..]', dest='cms', choices=['user', 'themes','version','plugins','all']) - parser.add_argument('--threads', help="number of threads", dest='numthread', type=float) - parser.add_argument('-n', '--number-pages', help='search dorks number page limit', dest='numberpage' , type=int) - parser.add_argument('-i', '--input', help='specify input file of domains to scan',dest='input_file' ,required=False) - parser.add_argument('-l','--dork-list', help='list names of dorks exploits',dest='dorkslist', - choices=['wordpress', 'prestashop','joomla','lokomedia','drupal','all']) + parser.add_argument( + '-D', '--dorks', help='search webs with dorks', dest='dorks', type=str) + parser.add_argument( + '-o', '--output', help='specify output directory', required=False) + parser.add_argument( + '-t', '--timeout', help='http requests timeout', dest='timeout', type=float) + parser.add_argument('-c', '--cms-info', help='search cms info[themes,plugins,user,version..]', dest='cms', choices=[ + 'user', 'themes', 'version', 'plugins', 'all']) + parser.add_argument('--threads', help="number of threads", + dest='numthread', type=float) + parser.add_argument('-n', '--number-pages', + help='search dorks number page limit', dest='numberpage', type=int) + parser.add_argument( + '-i', '--input', help='specify input file of domains to scan', dest='input_file', required=False) + parser.add_argument('-l', '--dork-list', help='list names of dorks exploits', dest='dorkslist', + choices=['wordpress', 'prestashop', 'joomla', 'lokomedia', 'drupal', 'all']) parser.add_argument('-p', '--ports', help='ports to scan', dest='scanports', type=int) - #Switches - parser.add_argument('-e','--exploit', help='searching vulnerability & run exploits', - dest='exploit', action='store_true') + # Switches + parser.add_argument('-e', '--exploit', help='searching vulnerability & run exploits', + dest='exploit', action='store_true') parser.add_argument('--it', help='interactive mode.', - dest='cli', action='store_true') - parser.add_argument('-w','--web-info', help='web informations gathering', - dest='webinfo', action='store_true') - parser.add_argument('-d','--domain-info', help='subdomains informations gathering', - dest='domaininfo', action='store_true') + dest='cli', action='store_true') + parser.add_argument('-w', '--web-info', help='web informations gathering', + dest='webinfo', action='store_true') + parser.add_argument('-d', '--domain-info', help='subdomains informations gathering', + dest='domaininfo', action='store_true') parser.add_argument('--dns', help='dns informations gatherings', - dest='dnsdump', action='store_true') + dest='dnsdump', action='store_true') return parser.parse_args() + vulnresults = set() # results of vulnerability exploits. [success or failed] -grabinfo = set() # return cms_detected the version , themes , plugins , user .. -subdomains = set() # return subdomains & ip. -hostinfo = set() # host info -#args declaration +# return cms_detected the version , themes , plugins , user .. +grabinfo = set() +subdomains = set() # return subdomains & ip. +hostinfo = set() # host info +# args declaration args = parse_args() -#url arg +# url arg url = args.url -#interactive arugment -cli=args.cli -#run exploit +# interactive arugment +cli = args.cli +# run exploit exploit = args.exploit -#cms gathering args +# cms gathering args cms = args.cms # web hosting info webinfo = args.webinfo @@ -160,500 +173,557 @@ def parse_args(): dorkslist = args.dorkslist # timeout timeout = args.timeout or 3 -#thread +# thread numthread = args.numthread or 1 -#numberpage -numberpage = args.numberpage or 1 -#portscan +# numberpage +numberpage = args.numberpage or 1 +# portscan scanports = args.scanports or 22 -#dns +# dns dnsdump = args.dnsdump -#input_file +# input_file input_file = args.input_file # Disable SSL related warnings warnings.filterwarnings('ignore') -#method for cms detection + def detect_cms(): lm = url + '/smiley/1.gif' - lm_content = requests.get(lm,headers).text + lm_content = requests.get(lm, headers).text lm2 = url + '/rss.xml' - lm2_content = requests.get(lm2,headers).text - content=requests.get(url,headers).text -# try: - # joomla # - #joomla searching content to detect. - if re.search(re.compile(r'|/media/system/js/|com_content|Joomla!'), content): - print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) - print ('------------------------------------------------') - print (' %s looking for cms' % (que)) - print (' %s %sCMS :%s Joomla' % (good,W,end)) - print ('------------------------------------------------') - #webinfo gathering argument + lm2_content = requests.get(lm2, headers).text + content = requests.get(url, headers).text + + if re.search(re.compile(r'|/media/system/js/|com_content|Joomla!'), content): + print('\n %s[%sTarget%s]%s => %s%s \n ' % + (bannerblue2, W, bannerblue2, W, url, end)) + print('------------------------------------------------') + print(' %s looking for cms' % (que)) + print(' %s %sCMS :%s Joomla' % (good, W, end)) + print('------------------------------------------------') + + print(' %s Server Gathering' % (run)) + + getOS(url, headers) + + # webinfo gathering argument if webinfo: webhosting_info(hostinfo) - - #domain gatherinargument + + # domain gatherinargument if domaininfo: - print (' %s Starting searching for Subdomains' %(run)) + print(' %s Starting searching for Subdomains' % (run)) domain_info(url) - + if cms == 'version': - print (' %s CMS informations gathering' %(run)) - joo_version(url,headers) - print ("-----------------------------------------------") + print(' %s CMS informations gathering' % (run)) + joo_version(url, headers) + print("-----------------------------------------------") if cms == 'all': - print (' %s CMS informations gathering' %(run)) - joo_version(url,headers) - joo_user(url,headers) - joo_template(url,headers) - print ("-----------------------------------------------") - #port to scan + print(' %s CMS informations gathering' % (run)) + joo_version(url, headers) + joo_user(url, headers) + joo_template(url, headers) + print("-----------------------------------------------") + # port to scan if scanports: - print (' %s Scanning Ports' %(run)) - print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) - portscan(hostd(url),scanports) - print ("-----------------------------------------------") + print(' %s Scanning Ports' % (run)) + print(""" %s PORTS %sSTATUS %sPROTO""" % (W, W, W)) + portscan(hostd(url), scanports) + print("-----------------------------------------------") if dnsdump: - print (' %s Starting DNS dump' %(run)) + print(' %s Starting DNS dump' % (run)) dnsdumper(url) - print ("-----------------------------------------------") - #joomla_exploits imported from folder[./common/joomla_exploits.py] + print("-----------------------------------------------") + # joomla_exploits imported from folder[./common/joomla_exploits.py] if exploit: - print (' %s Check Vulnerability' %(run)) - print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W)) - com_jce(url,headers) - com_media(url,headers) - #com_jdownloads(url,headers) + print(' %s Check Vulnerability' % (run)) + print(""" %sNAME %sSTATUS %sSHELL""" % (W, W, W)) + com_jce(url, headers) + com_media(url, headers) + # com_jdownloads(url,headers) # com_jdownloadsb(url,headers) - com_fabrika(url,headers) - com_fabrikb(url,headers) - com_foxcontact(url,headers) - com_adsmanager(url,headers) - com_blog(url,headers) - com_users(url,headers) - comweblinks(url,headers) - mod_simplefileupload(url,headers) - com_jbcatalog(url,headers) - com_sexycontactform(url,headers) - com_rokdownloads(url,headers) - com_extplorer(url,headers) - com_jwallpapers(url,headers) - com_facileforms(url,headers) + com_fabrika(url, headers) + com_fabrikb(url, headers) + com_foxcontact(url, headers) + com_adsmanager(url, headers) + com_blog(url, headers) + com_users(url, headers) + comweblinks(url, headers) + mod_simplefileupload(url, headers) + com_jbcatalog(url, headers) + com_sexycontactform(url, headers) + com_rokdownloads(url, headers) + com_extplorer(url, headers) + com_jwallpapers(url, headers) + com_facileforms(url, headers) # Wordpress # - #wordpress searching content to detect. + # wordpress searching content to detect. elif re.search(re.compile(r'wp-content|wordpress|xmlrpc.php'), content): - print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) - print ('------------------------------------------------') - print (' %s looking for cms' % (que)) - print (' %s %sCMS :%s Wordpress' % (good,W,end)) - print ('------------------------------------------------') + print('\n %s[%sTarget%s]%s => %s%s \n ' % + (bannerblue2, W, bannerblue2, W, url, end)) + print('------------------------------------------------') + print(' %s looking for cms' % (que)) + print(' %s %sCMS :%s Wordpress' % (good, W, end)) + print('------------------------------------------------') + + print(' %s Server Gathering' % (run)) + getOS(url, headers) + if webinfo: webhosting_info(hostinfo) if domaininfo: - print (' %s Starting searching for Subdomains' %(run)) + print(' %s Starting searching for Subdomains' % (run)) domain_info(url) - #wp_grab methods info from (folder)[./common/grapwp.py] + # wp_grab methods info from (folder)[./common/grapwp.py] if cms == 'version': - print (' %s CMS informations gathering' %(run)) - wp_version(url,headers,grabinfo) - print ("-----------------------------------------------") + print(' %s CMS informations gathering' % (run)) + wp_version(url, headers, grabinfo) + print("-----------------------------------------------") if cms == 'themes': - print (' %s CMS informations gathering' %(run)) - wp_themes(url,headers,grabinfo) - print ("-----------------------------------------------") + print(' %s CMS informations gathering' % (run)) + wp_themes(url, headers, grabinfo) + print("-----------------------------------------------") if cms == 'user': - print (' %s CMS informations gathering' %(run)) - wp_user(url,headers,grabinfo) - print ("-----------------------------------------------") + print(' %s CMS informations gathering' % (run)) + wp_user(url, headers, grabinfo) + print("-----------------------------------------------") if cms == 'plugins': - print (' %s CMS informations gathering' %(run)) - wp_plugin(url,headers,grabinfo) - print ("-----------------------------------------------") + print(' %s CMS informations gathering' % (run)) + wp_plugin(url, headers, grabinfo) + print("-----------------------------------------------") if cms == 'all': - print (' %s CMS informations gathering' %(run)) - wp_version(url,headers,grabinfo) - wp_themes(url,headers,grabinfo) - wp_user(url,headers,grabinfo) - wp_plugin(url,headers,grabinfo) - print ("-----------------------------------------------") - #port to scan + print(' %s CMS informations gathering' % (run)) + wp_version(url, headers, grabinfo) + wp_themes(url, headers, grabinfo) + wp_user(url, headers, grabinfo) + wp_plugin(url, headers, grabinfo) + print("-----------------------------------------------") + # port to scan if scanports: - print (' %s Scanning Ports' %(run)) - print (""" %sPORTS %sSTATUS %sPROTO"""%(W,W,W)) - portscan(hostd(url),scanports) - print ("-----------------------------------------------") + print(' %s Scanning Ports' % (run)) + print(""" %sPORTS %sSTATUS %sPROTO""" % (W, W, W)) + portscan(hostd(url), scanports) + print("-----------------------------------------------") if dnsdump: - print (' %s Starting DNS dump' %(run)) + print(' %s Starting DNS dump' % (run)) dnsdumper(url) - print ("-----------------------------------------------") + print("-----------------------------------------------") # vulnx -u http://example.com -e | vulnx -u http://example --exploit if exploit: - print (' %s Check Vulnerability\n' %(run)) - print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W)) - #wp_exploit methods from (dolder)[./common/wp_exploits.py] - wp_wysija(url,headers,vulnresults) - wp_blaze(url,headers,vulnresults) - wp_synoptic(url,headers,vulnresults) - wp_catpro(url,headers,vulnresults) - wp_cherry(url,headers,vulnresults) - wp_dm(url,headers,vulnresults) - wp_fromcraft(url,headers,vulnresults) - wp_jobmanager(url,headers,vulnresults) - wp_showbiz(url,headers,vulnresults) - wp_shop(url,headers,vulnresults) - wp_powerzoomer(url,headers,vulnresults) - wp_revslider(url,headers,vulnresults) - wp_adsmanager(url,headers,vulnresults) - wp_inboundiomarketing(url,headers,vulnresults) - wp_adblockblocker(url,headers,vulnresults) - wp_levoslideshow(url,headers,vulnresults) - print ("-----------------------------------------------") + print(' %s Check Vulnerability\n' % (run)) + print(""" %sNAME %sSTATUS %sSHELL""" % (W, W, W)) + # wp_exploit methods from (dolder)[./common/wp_exploits.py] + wp_wysija(url, headers, vulnresults) + wp_blaze(url, headers, vulnresults) + wp_synoptic(url, headers, vulnresults) + wp_catpro(url, headers, vulnresults) + wp_cherry(url, headers, vulnresults) + wp_dm(url, headers, vulnresults) + wp_fromcraft(url, headers, vulnresults) + wp_jobmanager(url, headers, vulnresults) + wp_showbiz(url, headers, vulnresults) + wp_shop(url, headers, vulnresults) + wp_powerzoomer(url, headers, vulnresults) + wp_revslider(url, headers, vulnresults) + wp_adsmanager(url, headers, vulnresults) + wp_inboundiomarketing(url, headers, vulnresults) + wp_adblockblocker(url, headers, vulnresults) + wp_levoslideshow(url, headers, vulnresults) + print("-----------------------------------------------") # Drupal # - #drupal searching content to detect. + # drupal searching content to detect. elif re.search(re.compile(r'Drupal|drupal|sites/all|drupal.org'), content): - print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) - print ('------------------------------------------------') - print (' %s looking for cms' % (que)) - print (' %s CMS : Drupal' % (good)) - print ('------------------------------------------------') + print('\n %s[%sTarget%s]%s => %s%s \n ' % + (bannerblue2, W, bannerblue2, W, url, end)) + print('------------------------------------------------') + print(' %s looking for cms' % (que)) + print(' %s CMS : Drupal' % (good)) + print('------------------------------------------------') + + print(' %s Server Gathering' % (run)) + + getOS(url, headers) + if webinfo: webhosting_info(hostinfo) - #domain gatherinargument + # domain gatherinargument if domaininfo: - print (' %s Starting searching for Subdomains' %(run)) + print(' %s Starting searching for Subdomains' % (run)) domain_info(url) if cms == 'version': - print (' %s CMS informations gathering' %(run)) + print(' %s CMS informations gathering' % (run)) drupal_version() if scanports: - print (' %s Scanning Ports\n' %(run)) - print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) - portscan(hostd(url),scanports) - print ("-----------------------------------------------") + print(' %s Scanning Ports\n' % (run)) + print(""" %s PORTS %sSTATUS %sPROTO""" % (W, W, W)) + portscan(hostd(url), scanports) + print("-----------------------------------------------") if dnsdump: - print (' %s Starting DNS dump ' %(run)) + print(' %s Starting DNS dump ' % (run)) dnsdumper(url) - print ("-----------------------------------------------") + print("-----------------------------------------------") if exploit: - print (' %s Check Vulnerability\n' %(run)) - print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W)) + print(' %s Check Vulnerability\n' % (run)) + print(""" %sNAME %sSTATUS %sSHELL""" % (W, W, W)) # Prestashop # - #prestashop searching content to detect. + # prestashop searching content to detect. elif re.search(re.compile(r'Prestashop|prestashop'), content): - print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) - print ('------------------------------------------------') - print (' %s looking for cms' % (que)) - print (' %s %sCMS :%s Prestashop' % (good,W,end)) - print ('------------------------------------------------') + print('\n %s[%sTarget%s]%s => %s%s \n ' % + (bannerblue2, W, bannerblue2, W, url, end)) + print('------------------------------------------------') + print(' %s looking for cms' % (que)) + print(' %s %sCMS :%s Prestashop' % (good, W, end)) + print('------------------------------------------------') + + print(' %s Server Gathering' % (run)) + getOS(url, headers) + if webinfo: webhosting_info(hostinfo) - #domain gatherinargument + # domain gatherinargument if domaininfo: - print (' %s Starting searching for Subdomains' %(run)) + print(' %s Starting searching for Subdomains' % (run)) domain_info(url) if cms == 'version': - print (' %s CMS informations gathering' %(run)) + print(' %s CMS informations gathering' % (run)) prestashop_version() if scanports: - print (' %s Scanning Ports\n' %(run)) - print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) - portscan(hostd(url),scanports) - print ("-----------------------------------------------") + print(' %s Scanning Ports\n' % (run)) + print(""" %s PORTS %sSTATUS %sPROTO""" % (W, W, W)) + portscan(hostd(url), scanports) + print("-----------------------------------------------") if dnsdump: - print (' %s Starting DNS dump ' %(run)) + print(' %s Starting DNS dump ' % (run)) dnsdumper(url) - print ("-----------------------------------------------") + print("-----------------------------------------------") if exploit: - print (' %s Check Vulnerability\n' %(run)) - print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W)) - columnadverts(url,headers) - soopabanners(url,headers) - vtslide(url,headers) - simpleslideshow(url,headers) - productpageadverts(url,headers) - productpageadvertsb(url,headers) - jro_homepageadvertise(url,headers) - attributewizardpro(url,headers) - oneattributewizardpro(url,headers) - attributewizardpro_old(url,headers) - attributewizardpro_x(url,headers) - advancedslider(url,headers) - cartabandonmentpro(url,headers) - cartabandonmentpro_old(url,headers) - videostab(url,headers) - wg24themeadministration(url,headers) - fieldvmegamenu(url,headers) - wdoptionpanel(url,headers) - pk_flexmenu(url,headers) - nvn_export_orders(url,headers) - tdpsthemeoptionpanel(url,headers) - masseditproduct(url,headers) + print(' %s Check Vulnerability\n' % (run)) + print(""" %sNAME %sSTATUS %sSHELL""" % (W, W, W)) + columnadverts(url, headers) + soopabanners(url, headers) + vtslide(url, headers) + simpleslideshow(url, headers) + productpageadverts(url, headers) + productpageadvertsb(url, headers) + jro_homepageadvertise(url, headers) + attributewizardpro(url, headers) + oneattributewizardpro(url, headers) + attributewizardpro_old(url, headers) + attributewizardpro_x(url, headers) + advancedslider(url, headers) + cartabandonmentpro(url, headers) + cartabandonmentpro_old(url, headers) + videostab(url, headers) + wg24themeadministration(url, headers) + fieldvmegamenu(url, headers) + wdoptionpanel(url, headers) + pk_flexmenu(url, headers) + nvn_export_orders(url, headers) + tdpsthemeoptionpanel(url, headers) + masseditproduct(url, headers) # OpenCart # - #opencart searching content to detect. + # opencart searching content to detect. elif re.search(re.compile(r'route=product|OpenCart|route=common|catalog/view/theme'), content): - print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) - print ('------------------------------------------------') - print (' %s looking for cms' % (que)) - print (' %s CMS : OpenCart' % (good)) - print ('------------------------------------------------') + print('\n %s[%sTarget%s]%s => %s%s \n ' % + (bannerblue2, W, bannerblue2, W, url, end)) + print('------------------------------------------------') + print(' %s looking for cms' % (que)) + print(' %s CMS : OpenCart' % (good)) + print('------------------------------------------------') + + print(' %s Server Gathering' % (run)) + getOS(url, headers) + if webinfo: webhosting_info(hostinfo) - #domain gatherinargument + # domain gatherinargument if domaininfo: - print (' %s Starting searching for Subdomains' %(run)) + print(' %s Starting searching for Subdomains' % (run)) domain_info(url) if cms == 'version': - print (' %s CMS informations gathering' %(run)) + print(' %s CMS informations gathering' % (run)) if scanports: - print (' %s Scanning Ports\n' %(run)) - print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) - portscan(hostd(url),scanports) - print ("-----------------------------------------------") + print(' %s Scanning Ports\n' % (run)) + print(""" %s PORTS %sSTATUS %sPROTO""" % (W, W, W)) + portscan(hostd(url), scanports) + print("-----------------------------------------------") if dnsdump: - print (' %s Starting DNS dump ' %(run)) + print(' %s Starting DNS dump ' % (run)) dnsdumper(url) - print ("-----------------------------------------------") + print("-----------------------------------------------") if exploit: - print (' %s Check Vulnerability\n' %(run)) - print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W)) + print(' %s Check Vulnerability\n' % (run)) + print(""" %sNAME %sSTATUS %sSHELL""" % (W, W, W)) # Magento # - #magento searching content to detect. + # magento searching content to detect. elif re.search(re.compile(r'Log into Magento Admin Page|name=\"dummy\" id=\"dummy\"|Magento'), content): - print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) - print ('------------------------------------------------') - print (' %s looking for cms' % (que)) - print (' %s CMS : Magento' % (good)) - print ('------------------------------------------------') + print('\n %s[%sTarget%s]%s => %s%s \n ' % + (bannerblue2, W, bannerblue2, W, url, end)) + print('------------------------------------------------') + print(' %s looking for cms' % (que)) + print(' %s CMS : Magento' % (good)) + print('------------------------------------------------') + + print(' %s Server Gathering' % (run)) + getOS(url, headers) + if webinfo: webhosting_info(hostinfo) - #domain gatherinargument + # domain gatherinargument if domaininfo: - print (' %s Starting searching for Subdomains' %(run)) + print(' %s Starting searching for Subdomains' % (run)) domain_info(url) if cms == 'version': - print (' %s CMS informations gathering' %(run)) + print(' %s CMS informations gathering' % (run)) if scanports: - print (' %s Scanning Ports\n' %(run)) - print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) - portscan(hostd(url),scanports) - print ("-----------------------------------------------") + print(' %s Scanning Ports\n' % (run)) + print(""" %s PORTS %sSTATUS %sPROTO""" % (W, W, W)) + portscan(hostd(url), scanports) + print("-----------------------------------------------") if dnsdump: - print (' %s Starting DNS dump ' %(run)) + print(' %s Starting DNS dump ' % (run)) dnsdumper(url) - print ("-----------------------------------------------") + print("-----------------------------------------------") if exploit: - print (' %s Check Vulnerability' %(run)) - print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W)) + print(' %s Check Vulnerability' % (run)) + print(""" %sNAME %sSTATUS %sSHELL""" % (W, W, W)) # Lokomedia # - #lokomedia searching content to detect. - print (' %s Check Vulnerability' %(run)) + # lokomedia searching content to detect. + print(' %s Check Vulnerability' % (run)) elif re.search(re.compile(r'image/gif'), lm_content): - print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) - print ('------------------------------------------------') - print (' %s looking for cms' % (que)) - print (' %s CMS : Lokomedia' % (good)) - print ('------------------------------------------------') + print('\n %s[%sTarget%s]%s => %s%s \n ' % + (bannerblue2, W, bannerblue2, W, url, end)) + print('------------------------------------------------') + print(' %s looking for cms' % (que)) + print(' %s CMS : Lokomedia' % (good)) + print('------------------------------------------------') + + print(' %s Server Gathering' % (run)) + getOS(url, headers) + if subdomains: - print (' %s Starting searching for Subdomains' %(run)) + print(' %s Starting searching for Subdomains' % (run)) domain_info(url) - print ('------------------------------------------------') + print('------------------------------------------------') if scanports: - print (' %s Scanning Ports\n' %(run)) - print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) - portscan(hostd(url),scanports) - print ("-----------------------------------------------") + print(' %s Scanning Ports\n' % (run)) + print(""" %s PORTS %sSTATUS %sPROTO""" % (W, W, W)) + portscan(hostd(url), scanports) + print("-----------------------------------------------") if dnsdump: - print (' %s Starting DNS dump ' %(run)) + print(' %s Starting DNS dump ' % (run)) dnsdumper(url) - print ("-----------------------------------------------") - print (' %s Check Vulnerability' %(run)) + print("-----------------------------------------------") + print(' %s Check Vulnerability' % (run)) elif re.search(re.compile(r'lokomedia'), lm2_content): - print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) - print ('------------------------------------------------') - print (' %s looking for cms' % (que)) - print (' %s CMS : Lokomedia' % (good)) - print ('------------------------------------------------') + print('\n %s[%sTarget%s]%s => %s%s \n ' % + (bannerblue2, W, bannerblue2, W, url, end)) + print('------------------------------------------------') + print(' %s looking for cms' % (que)) + print(' %s CMS : Lokomedia' % (good)) + print('------------------------------------------------') if subdomains: - print (' %s Starting searching for Subdomains' %(run)) + print(' %s Starting searching for Subdomains' % (run)) domain_info(url) if scanports: - print (' %s Scanning Ports\n' %(run)) - print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W)) - portscan(hostd(url),scanports) - print ("-----------------------------------------------") + print(' %s Scanning Ports\n' % (run)) + print(""" %s PORTS %sSTATUS %sPROTO""" % (W, W, W)) + portscan(hostd(url), scanports) + print("-----------------------------------------------") if dnsdump: - print (' %s Starting DNS dump ' %(run)) + print(' %s Starting DNS dump ' % (run)) dnsdumper(url) - print ("-----------------------------------------------") - print (' %s Check Vulnerability' %(run)) + print("-----------------------------------------------") + print(' %s Check Vulnerability' % (run)) # Unknown # - #no cms detect + # no cms detect else: - print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end)) - print ('------------------------------------------------') - print (' %s looking for cms' % (que)) - print (' %s CMS : Unknown' % (bad)) - print ('------------------------------------------------') + print('\n %s[%sTarget%s]%s => %s%s \n ' % + (bannerblue2, W, bannerblue2, W, url, end)) + print('------------------------------------------------') + print(' %s looking for cms' % (que)) + print(' %s CMS : Unknown' % (bad)) + print('------------------------------------------------') if webinfo: webhosting_info(hostinfo) - #domain gatherinargument + # domain gatherinargument if domaininfo: - print (' %s Starting searching for Subdomains' %(run)) + print(' %s Starting searching for Subdomains' % (run)) domain_info(url) - print ("-----------------------------------------------") + print("-----------------------------------------------") if dnsdump: - print (' %s Starting DNS dump ' %(run)) + print(' %s Starting DNS dump ' % (run)) dnsdumper(url) - print ("-----------------------------------------------") + print("-----------------------------------------------") # except Exception as e: # print ('%s\n\n error : %s%s' % (R,e,W)) # drupal Version + + def drupal_version(): - response = requests.get(url,headers).text + response = requests.get(url, headers).text regex = 'Drupal \d{0,10}' regex = re.compile(regex) try: matches = regex.findall(response) if len(matches) > 0 and matches[0] != None and matches[0] != "": version = matches[0] - print ('%s [+] Drupal Version : %s %s' %(G,version,W)) + print('%s [+] Drupal Version : %s %s' % (G, version, W)) except Exception as error_: - print('Handling Error : '+ str(error_)) + print('Handling Error : ' + str(error_)) # Prestashop Version + + def prestashop_version(): - response = requests.get(url,headers).text + response = requests.get(url, headers).text regex = 'Prestashop \d{0,9}' regex = re.compile(regex) try: - matches = regex.findall(response.text) - if len(matches) > 0 and matches[0] != None and matches[0] != "": - version = matches[0] - return print ('%s [+] Prestashop Version : %s %s' %(G,version,W)) + matches = regex.findall(response.text) + if len(matches) > 0 and matches[0] != None and matches[0] != "": + version = matches[0] + return print('%s [+] Prestashop Version : %s %s' % (G, version, W)) except Exception as error_: - print('Handling Error : '+ str(error_)) + print('Handling Error : ' + str(error_)) # Web Hosting Information + + +def getOS(url, headers): + response = requests.get(url, headers=headers).headers + server_response = response["server"] + regx = re.compile(r"(.+) \((.+)\)") + find = regx.search(server_response) + print(' %s %sServer :%s %s' % (good, W, end, find.group(1))) + print(' %s %sOS :%s %s' % (good, W, end, find.group(2))) + + def webhosting_info(hostinfo): - print (' %s Web Hosting Information' % (run)) + print(' %s Web Hosting Information' % (run)) urldate = "https://input.payapi.io/v1/api/fraud/domain/age/" + hostd(url) - getinfo = requests.get(urldate,headers).text + getinfo = requests.get(urldate, headers).text regex_date = r'Date: (.+?)-(.+?)' regex_date = re.compile(regex_date) - matches = re.search(regex_date,getinfo) + matches = re.search(regex_date, getinfo) if matches: - print ( ' %s Domain Created on : %s' % (good,matches.group(1))) + print(' %s Domain Created on : %s' % (good, matches.group(1))) try: ip = socket.gethostbyname(hostd(url)) - print ( ' %s CloudFlare IP : %s' % (good,ip)) + print(' %s CloudFlare IP : %s' % (good, ip)) ipinfo = "http://ipinfo.io/" + ip + "/json" - getipinfo = requests.get(ipinfo,headers).text - country = re.search(re.compile(r'country\": \"(.+?)\"'),getipinfo) - region = re.search(re.compile(r'region\": \"(.+?)\"'),getipinfo) - latitude = re.search(re.compile(r'latitude: (.+?)'),getipinfo) - longitude = re.search(re.compile(r'longitude\": \"(.+?)\"'),getipinfo) - timezone = re.search(re.compile(r'timezone\": \"(.+?)\"'),getipinfo) - ans = re.search(re.compile(r'ans\": \"(.+?)\"'),getipinfo) - org = re.search(re.compile(r'org\": \"(.+?)\"'),getipinfo) + getipinfo = requests.get(ipinfo, headers).text + country = re.search(re.compile(r'country\": \"(.+?)\"'), getipinfo) + region = re.search(re.compile(r'region\": \"(.+?)\"'), getipinfo) + latitude = re.search(re.compile(r'latitude: (.+?)'), getipinfo) + longitude = re.search(re.compile(r'longitude\": \"(.+?)\"'), getipinfo) + timezone = re.search(re.compile(r'timezone\": \"(.+?)\"'), getipinfo) + ans = re.search(re.compile(r'ans\": \"(.+?)\"'), getipinfo) + org = re.search(re.compile(r'org\": \"(.+?)\"'), getipinfo) if country: - print(' %s Country : %s' % (good,country.group(1))) + print(' %s Country : %s' % (good, country.group(1))) if region: - print(' %s Region : %s' % (good,region.group(1))) + print(' %s Region : %s' % (good, region.group(1))) if latitude: - print(' %s Latitude : %s' % (good,latitude.group(1))) + print(' %s Latitude : %s' % (good, latitude.group(1))) if longitude: - print(' %s Longitude : %s' % (good,longitude.group(1))) + print(' %s Longitude : %s' % (good, longitude.group(1))) if timezone: - print(' %s Timezone : %s' % (good,timezone.group(1))) + print(' %s Timezone : %s' % (good, timezone.group(1))) if ans: - print(' %s Ans : %s' % (good,ans.group(1))) + print(' %s Ans : %s' % (good, ans.group(1))) if org: - print(' %s Org : %s' % (good,org.group(1))) - print ("-----------------------------------------------") + print(' %s Org : %s' % (good, org.group(1))) + print("-----------------------------------------------") except Exception as parsing_error: - print(' %s Parsing error : %s' % (bad , str(parsing_error))) + print(' %s Parsing error : %s' % (bad, str(parsing_error))) + + # output output_dir = args.output or 'logs' -if not os.path.exists(output_dir): # if the directory doesn't exist - os.mkdir(output_dir) # create a new directory +if not os.path.exists(output_dir): # if the directory doesn't exist + os.mkdir(output_dir) # create a new directory -data = [ vulnresults, grabinfo, subdomains , hostinfo] +data = [vulnresults, grabinfo, subdomains, hostinfo] -data_names = ['vulnresults', 'grabinfo', 'subdomains' , 'hostinfo'] -outlogs(data,data_names,output_dir) +data_names = ['vulnresults', 'grabinfo', 'subdomains', 'hostinfo'] +outlogs(data, data_names, output_dir) data = { - 'vulnresults':list(vulnresults), - 'grabinfo':list(grabinfo), - 'subdomains':list(subdomains), + 'vulnresults': list(vulnresults), + 'grabinfo': list(grabinfo), + 'subdomains': list(subdomains), } -#clean -def signal_handler(signal,frame): - print("%s(ID: {}) Cleaning up...\n Exiting...".format(signal)%(W)) +# clean + + +def signal_handler(signal, frame): + print("%s(ID: {}) Cleaning up...\n Exiting...".format(signal) % (W)) exit(0) + + signal.signal(signal.SIGINT, signal_handler) -#main +# main if __name__ == "__main__": - + if input_file: - with open(input_file,'r') as urls: + with open(input_file, 'r') as urls: u_array = [url.strip('\n') for url in urls] try: for url in u_array: root = url - #url condition entrypoint + # url condition entrypoint if root.startswith('http'): url = root else: url = 'http://'+root - #default headers. + # default headers. headers = { - 'User-Agent' : random_UserAgent(), - 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', - 'Accept-Language': 'en-US,en;q=0.5', - 'Connection': 'keep-alive', + 'User-Agent': random_UserAgent(), + 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', + 'Accept-Language': 'en-US,en;q=0.5', + 'Connection': 'keep-alive', } detect_cms() urls.close() except Exception as error_: - print('UKNOWN ERROR : '+ str(error_)) - + print('UKNOWN ERROR : ' + str(error_)) if url: - #url condition entrypoint + # url condition entrypoint root = url if root.startswith('http'): url = root else: url = 'http://'+root - #default headers. + # default headers. headers = { - 'User-Agent' : random_UserAgent(), - 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', - 'Accept-Language': 'en-US,en;q=0.5', - 'Connection': 'keep-alive', + 'User-Agent': random_UserAgent(), + 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', + 'Accept-Language': 'en-US,en;q=0.5', + 'Connection': 'keep-alive', } detect_cms() if dorks: headers = { - 'host' : 'google.com', - 'User-Agent' : random_UserAgent(), - 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', - 'Accept-Language': 'en-US,en;q=0.5', - 'Connection': 'keep-alive',} + 'host': 'google.com', + 'User-Agent': random_UserAgent(), + 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', + 'Accept-Language': 'en-US,en;q=0.5', + 'Connection': 'keep-alive', } from modules.dorksEngine import Dorks as D - D.searchengine(dorks,headers,output_dir,numberpage) + D.searchengine(dorks, headers, output_dir, numberpage) if dorkslist == 'all': from modules.dorksEngine import DorkList as DL DL.dorkslist() @@ -675,4 +745,4 @@ def signal_handler(signal,frame): if cli: from cli import Cli cli = Cli() - cli.send_commands("") \ No newline at end of file + cli.send_commands("")