def start(source): # print(source) if 'Joomla! Debug Console' in source or 'xdebug.org/docs/all_settings' in source: cmseek.success('Debug mode on!') return '1' else: return '0'
def start(source, url, ua): regex = re.findall(r'<!--.*-->', source, re.DOTALL) if regex != []: for r in regex: if 'FlexCMP' in r and 'v.' in r: tmp = r.split('\n') for t in tmp: if 'v.' in t: kek = re.findall(r'v. (.*?) -', t) if kek != []: # coding this was actually fun idk why ;--; version = kek[0] cmseek.success('FlexCMP version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected from source') return version else: kurama = cmseek.getsource(url, ua) header = kurama[2].split('\n') regex = [] for tail in header: if 'X-Powered-By' in tail and 'FlexCMP' in tail: regex = re.findall( r'X-Powered-By: FlexCMP Application Server \[v\. (.*?) - ', tail) if regex != []: cmseek.success('FlexCMP version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected from header') return regex[0] else: cmseek.error('Version detection failed!') return '0'
def start(id, url, ua, ga, source): if ga == '1': # well for now we only have one way of detecting the version - Not any more! cmseek.statement( 'Detecting version using generator meta tag [Method 1 of 2]') regex = re.findall( r'<meta name="Generator" content="Drupal (.*?) \(http(s|):\/\/(www\.|)drupal.org\)"', source) if regex != []: cmseek.success('Drupal version ' + cmseek.bold + regex[0][0] + cmseek.cln + ' detected') return regex[0][0] else: # Detect version via CHANGELOG.txt (not very accurate) cmseek.statement( 'Detecting version using CHANGELOG.txt [Method 2 of 2]') changelog = url + '/CHANGELOG.txt' changelog_source = cmseek.getsource(changelog, ua) if changelog_source[0] == '1' and 'Drupal' in changelog_source[1]: cl_array = changelog_source[1].split('\n') for line in cl_array: match = re.findall(r'Drupal (.*?),', line) if match != []: cmseek.success('Drupal version ' + cmseek.bold + match[0] + cmseek.cln + ' detected') return match[0] cmseek.error('Drupal version detection failed!') return '0' else: cmseek.error('Drupal version detection failed!') return '0' return '0'
def start(source): cmseek.info('Starting passive plugin enumeration') plug_regex = re.compile('wp-content/plugins/([^/]+)/.+ver=([0-9\.]+)') results = plug_regex.findall(source) plugins = [] found = 0 for result in results: # found += 1 name = result[0].replace('-master', '').replace('.min', '') nc = name + ":" if nc not in str(plugins): version = result[1] each_plugin = name + ":" + version plugins.append(each_plugin) plugins = set(plugins) found = len(plugins) if found > 0: if found == 1: cmseek.success(cmseek.bold + cmseek.fgreen + str(found) + " Plugin enumerated!") else: cmseek.success(cmseek.bold + cmseek.fgreen + str(found) + " Plugins enumerated!") else: cmseek.error('No plugins enumerated!') return [found, plugins]
def check_backup(url, file, ua): global joom_bak_found, joom_backups file_check = cmseek.check_url(url + '/' + file, ua) if file_check == '1': cmseek.success('Potential backup file found: ' + cmseek.bold + cmseek.fgreen + file + cmseek.cln) joom_bak_found += 1 joom_backups.append(file)
def check_admin(url, file, ua): global joom_admin_found, joom_admins file_check = cmseek.check_url(url + '/' + file, ua) if file_check == '1': cmseek.success('Admin login page found: ' + cmseek.bold + cmseek.fgreen + url + '/' + file + cmseek.cln) joom_admin_found += 1 joom_admins.append(file)
def check_config(url, file, ua): global joom_conf_found, joom_confs file_check = cmseek.check_url(url + '/' + file, ua) if file_check == '1': cmseek.success('Potential configuration file found: ' + cmseek.bold + cmseek.fgreen + file + cmseek.cln) joom_conf_found += 1 joom_confs.append(file)
def start(ga_content): regex = re.findall(r'XpressEngine (.*)', ga_content) if regex != []: cmseek.success('XpressEngine version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') return regex[0] else: cmseek.error('Version detection failed!') return '0'
def check_directory(url, file, ua): global joom_dir_found, joom_dirs file_check = cmseek.getsource(url + '/' + file, ua) if file_check[0] == '1': if 'Index of' in file_check[1] or 'Last modified</a>' in file_check[1]: cmseek.success('Directory listing enabled in: ' + cmseek.bold + cmseek.fgreen + file + cmseek.cln) joom_dir_found += 1 joom_dirs.append(file)
def start(ga_content): regex = re.findall(r'Contensis CMS Version (.*)', ga_content) if regex != []: version = regex[0] cmseek.success('Contensis CMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') return version else: cmseek.error('Version detection failed!') return '0'
def start(ga_content): ga_content = ga_content.lower() regex = re.findall(r'sitefinity (.*)', ga_content) if regex != []: version = regex[0] cmseek.success('Sitefinity version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') return version else: cmseek.error('Version detection failed!') return '0'
def start(source): regex = re.findall(r'Published by Seamless.CMS.WebUI, (.*?) -->', source) if regex != []: version = regex[0] cmseek.success('SeamlessCMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') return version else: cmseek.error('Version detection failed!') return '0'
def start(source): regex = re.findall(r'Powered By AEF (\d.*?)</a>', source) if regex != []: if regex[0] != '' and regex[0] != ' ': version = regex[0] cmseek.success('AEF version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') return version cmseek.error('Version detection failed!') return '0'
def start(ga_content): ga_content = ga_content.lower() regex = re.findall(r'impresspages cms (.*?) under', ga_content) if regex != []: version = regex[0] cmseek.success('ImpressPages version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') return version else: cmseek.error('Version detection failed!') return '0'
def start(ga_content): cmseek.statement('Detecting RBS Change version using generator meta tag [Method 1 of 1]') regex = re.findall(r'RBS Change (.*)', ga_content) if regex != []: version = regex[0] cmseek.success('RBS Change version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') return version else: cmseek.error('Version detection failed!') return '0'
def start(source): regex = re.findall(r'<strong>Burning Board® (.*?)</strong>', source) if regex != []: if regex[0] != '' and regex[0] != ' ': version = regex[0] cmseek.success('Burning Board version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') return version cmseek.error('Version detection failed!') return '0'
def start(source): cmseek.statement("Detecting Al Mubda version using source code [Method 1 of 1]") regex = re.findall(r'Powered by Al Mubda version (\d.*?)</a>', source) if regex != []: if regex[0] != '' and regex[0] != ' ': version = regex[0] cmseek.success('Al Mubda version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') return version cmseek.error('Version detection failed!') return '0'
def start(url, ua): kurama = cmseek.getsource(url, ua) header = kurama[2].split('\n') regex = [] for tail in header: if 'X-Powered-By: CMS Danneo' in tail: regex = re.findall(r'X-Powered-By: CMS Danneo (.*)', tail) if regex != []: cmseek.success('Danneo CMS version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') return regex[0] else: cmseek.error('Version detection failed!') return '0'
def start(url, ua): kurama = cmseek.getsource(url, ua) # was listening to https://soundcloud.com/ahmed-a-zidan/naruto-sad-music no better came to mind header = kurama[2].split('\n') regex = [] for tail in header: if 'X-CMS-Version' in tail: regex = re.findall(r'X-CMS-Version: (.*)', tail) if regex != []: cmseek.success('UMI.CMS version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') return regex[0] else: cmseek.error('Version detection failed!') return '0'
def start(source): regex = re.search(r'Powered by(.*?)JForum (\d.*?)</a>', source) if regex != None: try: version = regex.group(2) cmseek.success('JForum version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') return version except Exception as e: cmseek.error('Version detection failed!') return '0' cmseek.error('Version detection failed!') return '0'
def start(url, ua): reg_url = url + '/wp-login.php?action=register' cmseek.info('Checking user registration status') reg_source = cmseek.getsource(reg_url, ua) reg_status = '0' if reg_source[0] == '1' and '<form' in reg_source[1]: if 'Registration confirmation will be emailed to you' in reg_source[ 1] or 'value="Register"' in reg_source[ 1] or 'id="user_email"' in reg_source[1]: cmseek.success('User registration open: ' + cmseek.bold + cmseek.fgreen + reg_url + cmseek.cln) reg_status = '1' return [reg_status, reg_url]
def start(url, ua): kurama = cmseek.getsource(url, ua) header = kurama[2].split('\n') regex = [] for tail in header: if 'Server' in tail and 'OpenCms' in tail: regex = re.findall(r'Server: OpenCms/(.*)', tail) if regex != []: cmseek.success('OpenCms version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') return regex[0] else: cmseek.error('Version detection failed!') return '0'
def start(source): regex = re.search(r'MercuryBoard(.*?)\[v(\d.*?)\]', source) if regex != None: try: version = regex.group(2) cmseek.success('MercuryBoard version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') return version except Exception as e: cmseek.error('Version detection failed!') return '0' cmseek.error('Version detection failed!') return '0'
def start(source): cmseek.statement( 'Detecting Amiro.CMS version using page source [Method 1 of 1]') regex = re.findall(r'_cv=(.*?)("|&|\')', source)[0] if regex != []: if regex[0] != '' and regex[0] != ' ': version = regex[0] cmseek.success('Amiro.CMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') return version cmseek.error('Version detection failed!') return '0'
def start(url, ua): kurama = cmseek.getsource(url, ua) header = kurama[2].split('\n') regex = [] for tail in header: if 'MicrosoftSharePointTeamServices' in tail: regex = re.findall(r'MicrosoftSharePointTeamServices: (.*)', tail) if regex != []: cmseek.success('SharePoint version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') return regex[0] else: cmseek.error('Version detection failed!') return '0'
def init(cmseek_dir, report_dir=""): ''' Creates/Updates result index Needed Parameters: cmseek_dir = CMSeeK directory / access_directory report_dir = path to report directory leave empty if default ''' # Create a json list of all the sites scanned and save it to <cmseek_dir>/reports.json cmseek.info('Updating CMSeeK result index...') if os.path.isdir(cmseek_dir): index_file = os.path.join(cmseek_dir, 'reports.json') if report_dir == "": report_dir = os.path.join(cmseek_dir, 'Result') if os.path.isdir(report_dir): result_index = {} result_dirs = os.listdir(report_dir) for result_dir in result_dirs: scan_file = os.path.join(report_dir, result_dir, 'cms.json') if os.path.isfile(scan_file): try: with open(scan_file, 'r', encoding='utf8') as sf: scan_content = json.loads(sf.read()) scan_url = scan_content['url'] result_index[scan_url] = { "cms_id": scan_content['cms_id'], "date": scan_content['last_scanned'], "report": scan_file } except Exception as e: logging.error(traceback.format_exc()) cmseek.statement('Skipping invalid CMSeeK result: ' + scan_file) # Write index result_index = { "last_updated": str(datetime.datetime.now()), "results": [result_index] } inf = open(index_file, 'w+') inf.write(json.dumps(result_index, sort_keys=False, indent=4)) inf.close() cmseek.success('Report index updated successfully!') cmseek.report_index = result_index return ['1', 'Report index updated successfully!'] else: cmseek.error('Result directory does not exist!') return [0, 'Result directory does not exist'] else: cmseek.error('Invalid CMSeeK directory passed!') return [0, 'CMSeeK directory does not exist']
def start(url, ua): kurama = cmseek.getsource(url, ua) header = kurama[2].split('\n') regex = [] for tail in header: if 'X-Garden-Version: Vanilla' in tail: regex = re.findall(r'X-Garden-Version: Vanilla (\d.*)', tail) if regex != []: cmseek.success('Vanilla version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') return regex[0] else: cmseek.error('Version detection failed!') return '0'
def start(url, ua): reg_url = url + '/index.php?option=com_users&view=registration' reg_source = cmseek.getsource(reg_url, ua) if reg_source[0] == '1': if 'registration.register' in reg_source[ 1] or 'jform_password2' in reg_source[ 1] or 'jform_email2' in reg_source[1]: cmseek.success('User registration open, ' + cmseek.bold + reg_url + cmseek.cln) return ['1', reg_url] else: return ['0', ''] else: return ['0', '']
def start(source): version = '0' cmseek.statement('Detecting Version') cmseek.statement( 'Generator Tag Available... Trying version detection using generator meta tag' ) rr = re.findall(r'<meta name=[\"]*generator[\"]* content=\"Hugo (.*?)\"', source) if rr != []: version = rr[0] cmseek.success(cmseek.bold + cmseek.fgreen + "Version Detected, Hugo Version %s" % version + cmseek.cln) return version
def start(source): regex = re.search(r'var config(.*?)"version":"(\d.*?)"', source) if regex != None: try: version = regex.group(2) if version != "": cmseek.success('NodeBB version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') return version except Exception as e: cmseek.error('lol detection failed!') return '0' cmseek.error('Version detection failed!') return '0'