Exemple #1
0
def start(version, ua):
    if version == "0":
        cmseek.warning(
            "Skipping version vulnerability scan as WordPress Version wasn't detected"
        )
        wpvdbres = '0'  # fix for issue #3
        result = ""
        vfc = ""
    else:  ## So we have a version let's scan for vulnerabilities
        cmseek.info(
            "Checking version vulnerabilities [props to wpvulndb for their awesome api ;)]"
        )
        vfc = version.replace(
            '.', ''
        )  # NOT IMPORTANT: vfc = version for check well we have to kill all the .s in the version for looking it up on wpvulndb.. kinda weird if you ask me
        ws = cmseek.getsource("https://wpvulndb.com/api/v2/wordpresses/" + vfc,
                              ua)
        print(ws[0])
        if ws[0] == "1":
            # wjson = json.loads(ws[1]) + vfd + "['release_date']"
            wpvdbres = '1'  ## We have the wpvulndb results
            result = json.loads(ws[1])[version]
        else:
            wpvdbres = '0'
            result = ""
            cmseek.error('Error Retriving data from wpvulndb')
    return [wpvdbres, result, vfc]
Exemple #2
0
def start(version):
    if version != '0':
        vuln_file = os.getcwd() + '/deepscans/joom/database/corevul.txt' # shoutouts to joomscan
        if os.path.isfile(vuln_file):
            vuln_detection = '1' # version detection successful and vuln db loaded as well
            vuln_count = 0
            joom_vulns = []
            f = open(vuln_file, 'r')
            vuln_db = f.read()
            vulns = vuln_db.split('\n')
            for vuln in vulns:
                if version in vuln:
                    cmseek.warning('Joomla core vulnerability detected')
                    vuln_count += 1
                    vul = vuln.split('|')
                    # print(vul[1])
                    joom_vulns.append(vul[1])
            return [vuln_detection, vuln_count, joom_vulns]
        else:
            vuln_detection = '3' # version was detected but vulnerability database not found
            vuln_count = 0
            joom_vulns = []
            return [vuln_detection, vuln_count, joom_vulns]

    else:
        vuln_detection = '2' # detection failed due to no version info
        vuln_count = 0
        joom_vulns = []
        return [vuln_detection, vuln_count, joom_vulns]
Exemple #3
0
def start(id, url, ua, ga, source):
    version = '0'
    cmseek.statement('Detecting Version and vulnerabilities')
    if ga == '1' or ga == '2' or ga == '3': ## something good was going to happen but my sleep messed it up TODO: will fix it later
        cmseek.statement('Generator Tag Available... Trying version detection using generator meta tag')
        rr = re.findall(r'<meta name=\"generator\" content=\"WordPress (.*?)\"', source)
        if rr != []:
            version = rr[0]
            cmseek.success(cmseek.bold + cmseek.fgreen + "Version Detected, WordPress Version %s" % version + cmseek.cln)
        else:
            cmseek.warning("Generator tag was a big failure.. looking up /feed/")
            fs = cmseek.getsource(url + '/feed/', ua)
            if fs[0] != '1': # Something messed up real bad
                cmseek.warning("Couldn't get feed source code, Error: %s" % fs[1])
            else:
                fv = re.findall(r'<generator>https://wordpress.org/\?v=(.*?)</generator>', fs[1])
                if fv != []: # Not empty good news xD
                    version = fv[0]
                    cmseek.success(cmseek.bold + cmseek.fgreen + "Version Detected, WordPress Version %s" % version + cmseek.cln)
                else:
                    cmseek.warning("Well even feed was a failure... let's lookup wp-links-opml then")
                    opmls = cmseek.getsource(url + '/wp-links-opml.php', ua)
                    if opmls[0] != '1': # Something messed up real bad
                        cmseek.warning("Couldn't get wp-links-links source code, Error: %s" % opmls[1])
                    else:
                        fv = re.findall(r'generator=\"wordpress/(.*?)\"', opmls[1])
                        if fv != []: # Not empty good news xD || you can guess it's copied right?
                            version = fv[0]
                            cmseek.success(cmseek.bold + cmseek.fgreen + "Version Detected, WordPress Version %s" % version + cmseek.cln)
                        else:
                            ## new version detection methods will be added in the future updates
                            cmseek.error("Couldn't Detect Version") #sorry master thingy removed... sounded kinda cheesy -_-
                            version = '0'
    return version
Exemple #4
0
def start(source):
    version = '0'
    if 'major:' in source and 'minor:' in source and 'revision:' in source:
        major = re.findall(r'major: (.*?),', source)
        minor = re.findall(r'minor: (.*?),', source)
        rev = re.findall(r'revision: (.*?),', source)
        if major != [] and minor != [] and rev != []:
            version = major[0] + '.' + minor[0] + '.' + rev[0]
            cmseek.success('TiddlyWiki version ' + cmseek.bold +
                           cmseek.fgreen + version + cmseek.cln + ' detected!')
        else:
            cmseek.warning('Version detection failed!')
    else:
        cmseek.warning('Version detection failed!')
    return version
Exemple #5
0
def start(id, url, ua, ga, source):
    cmseek.info("Starting Username Harvest")

    # User enumertion via site's json api
    cmseek.info('Harvesting usernames from wp-json api')
    wpjsonuser = []
    wpjsonsrc = cmseek.getsource(url + '/wp-json/wp/v2/users', ua)
    if wpjsonsrc[0] != "1" or 'slug' not in wpjsonsrc[1]:
        cmseek.warning("Json api method failed trying with next")
    else:
        try:
            for user in json.loads(wpjsonsrc[1]):
                wpjsonuser.append(user['slug'])
                cmseek.success("Found user from wp-json : " + cmseek.fgreen + cmseek.bold + user['slug'] + cmseek.cln)
        except:
            cmseek.warning("Failed to parse json")
    # user enumertion vua jetpack api
    cmseek.info('Harvesting usernames from jetpack public api')
    jpapiuser = []
    strippedurl = url.replace('http://','')
    strippedurl = strippedurl.replace('https://', '') # Pretty sure it is an ugly solution but oh well
    jpapisrc = cmseek.getsource('https://public-api.wordpress.com/rest/v1.1/sites/' + strippedurl + '/posts?number=100&pretty=true&fields=author', ua)
    if jpapisrc[0] != '1' or 'login' not in jpapisrc[1]:
        cmseek.warning('No results from jetpack api... maybe the site doesn\'t use jetpack')
    else:
        for user in json.loads(jpapisrc[1])['posts']:
            if user['author']['login'] not in str(jpapiuser):
                jpapiuser.append(user['author']['login'])
                cmseek.success("Found user from Jetpack api : " + cmseek.fgreen + cmseek.bold + user['author']['login'] + cmseek.cln)
        jpapiuser = list(set(usr.strip() for usr in jpapiuser)) # Removing duplicate usernames

    # the regular way of checking vua user Parameter -- For now just check upto 20 ids
    cmseek.info('Harvesting usernames from wordpress author Parameter')
    global wpparamuser
    wpparamuser = []
    usrrange = range(31) # ain't it Obvious
    threads = [threading.Thread(target=wpauthorenum, args=(ua,url,r)) for r in usrrange]
    for thread in threads:
        thread.start()
    for thread in threads:
        thread.join()
    # Combine all the usernames that we collected
    usernames = set(wpjsonuser+jpapiuser+wpparamuser)
    if len(usernames) > 0:
        usernamesgen = '1' # Some usernames were harvested
        if len(usernames) == 1:
            cmseek.success(cmseek.bold + cmseek.fgreen + str(len(usernames)) + " Usernames" + " was enumerated"  + cmseek.cln)
        else:
            cmseek.success(cmseek.bold + cmseek.fgreen + str(len(usernames)) + " Usernames" + " were enumerated"  + cmseek.cln)
    else:
        usernamesgen = '0' # Failure
        cmseek.warning("Couldn't enumerate usernames :( ")

    return [usernamesgen, usernames]
Exemple #6
0
        cmseek.error('Invalid path! CMSeeK is quitting')
        cmseek.bye()
    if sites_list != []:
        if cua == None:
            cua = cmseek.randomua()
        for s in sites_list:
            target = cmseek.process_url(s)
            if target != '0':
                core.main_proc(target, cua)
                cmseek.handle_quit(False)
                input('\n\n\tPress ' + cmseek.bold + cmseek.fgreen +
                      '[ENTER]' + cmseek.cln +
                      ' to continue')  # maybe a fix? idk
            else:
                print('\n')
                cmseek.warning('Invalid URL: ' + cmseek.bold + s + cmseek.cln +
                               ' Skipping to next')
        print('\n')
        cmseek.result(
            'Finished Scanning all targets.. result has been saved under respective target directories',
            '')
    else:
        cmseek.error("No url provided... CMSeeK is exiting")
    cmseek.bye()

################################
###      THE MAIN MENU       ###
################################
cmseek.clearscreen()
cmseek.banner("")
print(" Input    Description")
print("=======  ==============================")
Exemple #7
0
def start(id, url, ua, ga, source):

    # init variables
    vuln_detection = '0'
    vuln_count = 0
    joom_vulns = []

    # Version Detection
    version = version_detect.start(id, url, ua, ga, source)

    # Detecting joomla core vulnerabilities
    jcv = core_vuln.start(version)
    vuln_detection = jcv[0]
    vuln_count = jcv[1]
    joom_vulns = jcv[2]

    # README.txt
    readmesrc = cmseek.getsource(url + '/README.txt', ua)
    if readmesrc[
            0] != '1':  ## something went wrong while getting the source codes
        cmseek.statement(
            "Couldn't get readme file's source code most likely it's not present"
        )
        readmefile = '0'
    elif 'This is a Joomla!' in readmesrc[1]:
        cmseek.info('README.txt file found')
        readmefile = '1'  # Readme file present
    else:
        readmefile = '2'  # Readme file found but most likely it's not of joomla

    # Debug Mode
    cmseek.info('Checking debug mode status')
    debug_mode = check_debug.start(source)

    # Check user registration status
    cmseek.statement('Checking if user registration is enabled')
    registration = user_registration.start(url, ua)

    # Find admin url
    cmseek.info('Locating admin url')
    admin = admin_finder.start(url, ua)

    # Backups check
    cmseek.info('Checking for common Backups')
    backups = backup_finder.start(url, ua)

    # Check Potential configuration file leak
    cmseek.info('Looking for potential config leak')
    configs = config_check.start(url, ua)

    # Checking for directory listing
    cmseek.statement('Checking for directory listing')
    directories = dir_list.start(url, ua)

    ### THE RESULTS START FROM HERE

    cmseek.clearscreen()
    cmseek.banner("Deep Scan Results")
    cmseek.result('Target: ', url)
    cmseek.result("Detected CMS: ", 'Joomla')
    cmseek.update_log('cms_name', 'joomla')  # update log
    cmseek.result("CMS URL: ", "https://joomla.org")
    cmseek.update_log('cms_url', "https://joomla.org")  # update log

    if version != '0':
        cmseek.result("Joomla Version: ", version)
        cmseek.update_log('joomla_version', version)

    if registration[0] == '1':
        cmseek.result('User registration enabled: ', registration[1])
        cmseek.update_log('user_registration_url', registration[1])

    if debug_mode == '1':
        cmseek.result('Debug mode enabled', '')
        cmseek.update_log('joomla_debug_mode', 'enabled')
    else:
        cmseek.update_log('joomla_debug_mode', 'disabled')

    if readmefile == '1':
        cmseek.result('Readme file: ', url + '/README.txt')
        cmseek.update_log('joomla_readme_file', url + '/README.txt')

    if admin[0] > 0:
        cmseek.result('Admin URL: ', url + admin[1][0])
        admin_log = ''
        for adm in admin[1]:
            admin_log += url + '/' + adm + ','
            # print(cmseek.bold + cmseek.fgreen + "   [B] " + cmseek.cln + url + '/' + adm)
        cmseek.update_log('joomla_backup_files', admin_log)
        print('\n')

    if directories[0] > 0:
        cmseek.result('Open directories: ', str(directories[0]))
        cmseek.success('Open directory url: ')
        dirs = ''
        for dir in directories[1]:
            dirs += url + '/' + dir + ','
            print(cmseek.bold + cmseek.fgreen + "   [>] " + cmseek.cln + url +
                  dir)
        cmseek.update_log('directory_listing', dirs)
        print('\n')

    if backups[0] > 0:
        cmseek.result('Found potential backup file: ', str(backups[0]))
        cmseek.success('Backup URLs: ')
        bkup_log = ''
        for backup in backups[1]:
            bkup_log += url + '/' + backup + ','
            print(cmseek.bold + cmseek.fgreen + "   [B] " + cmseek.cln + url +
                  '/' + backup)
        cmseek.update_log('joomla_backup_files', bkup_log)
        print('\n')

    if configs[0] > 0:
        cmseek.result('Found potential Config file: ', str(configs[0]))
        cmseek.success('Config URLs: ')
        conf_log = ''
        for config in configs[1]:
            conf_log += url + '/' + config + ','
            print(cmseek.bold + cmseek.fgreen + "   [c] " + cmseek.cln + url +
                  '/' + config)
        cmseek.update_log('joomla_config_files', conf_log)
        print('\n')

    if vuln_detection == '1' and vuln_count > 0:
        cmseek.result('Total joomla core vulnerabilities: ', str(vuln_count))
        cmseek.info('Vulnerabilities found: \n')
        for vuln in joom_vulns:
            vuln = vuln.replace('\\n', cmseek.cln + '\n    ')
            print(cmseek.bold + cmseek.red + '[v] ' + vuln)
            print('\n')
    elif vuln_detection == '2':
        cmseek.warning(
            'Couldn\'t find core vulnerabilities, No VERSION detected')
    elif vuln_detection == '3':
        cmseek.error('Core vulnerability database not found!')
    else:
        cmseek.warning('No core vulnerabilities detected!')
Exemple #8
0
def start(
    id, url, ua, ga, source
):  ## ({ID of the cms}, {url of target}, {User Agent}, {is Generator Meta tag available [0/1]}, {Source code})
    ## Do shits later [update from later: i forgot what shit i had to do ;___;]
    if id == "wp":
        # referenced before assignment fix
        version = wpvdbres = result = plugins_found = usernames = usernamesgen = '0'

        cmseek.statement('Starting WordPress DeepScan')
        # Version detection
        version = wordpress_version_detect.start(id, url, ua, ga, source)

        ## Check for minor stuffs like licesnse readme and some open directory checks
        cmseek.statement("Initiating open directory and files check")

        ## Readme.html
        readmesrc = cmseek.getsource(url + '/readme.html', ua)
        if readmesrc[
                0] != '1':  ## something went wrong while getting the source codes
            cmseek.statement(
                "Couldn't get readme file's source code most likely it's not present"
            )
            readmefile = '0'  # Error Getting Readme file
        elif 'Welcome. WordPress is a very special project to me.' in readmesrc[
                1]:
            readmefile = '1'  # Readme file present
        else:
            readmefile = '2'  # Readme file found but most likely it's not of wordpress

        ## license.txt
        licsrc = cmseek.getsource(url + '/license.txt', ua)
        if licsrc[0] != '1':
            cmseek.statement('license file not found')
            licfile = '0'
        elif 'WordPress - Web publishing software' in licsrc[1]:
            licfile = '1'
        else:
            licfile = '2'

        ## wp-content/uploads/ folder
        wpupsrc = cmseek.getsource(url + '/wp-content/uploads/', ua)
        if wpupsrc[0] != '1':
            wpupdir = '0'
        elif 'Index of /wp-content/uploads' in wpupsrc[1]:
            wpupdir = '1'
        else:
            wpupdir = '2'

        ## xmlrpc
        xmlrpcsrc = cmseek.getsource(url + '/xmlrpc.php', ua)
        if xmlrpcsrc[0] != '1':
            cmseek.statement('XML-RPC interface not available')
            xmlrpc = '0'
        elif 'XML-RPC server accepts POST requests only.' in xmlrpcsrc[1]:
            xmlrpc = '1'
        else:
            xmlrpc = '2'

        ## Plugins Enumeration
        plug_enum = wp_plugins_enum.start(source)
        plugins_found = plug_enum[0]
        plugins = plug_enum[1]

        ## Themes Enumeration
        theme_enum = wp_theme_enum.start(source)
        themes_found = theme_enum[0]
        themes = theme_enum[1]

        ## User enumeration
        uenum = wp_user_enum.start(id, url, ua, ga, source)
        usernamesgen = uenum[0]
        usernames = uenum[1]

        ## Version Vulnerability Detection
        version_vuln = wp_vuln_scan.start(version, ua)
        wpvdbres = version_vuln[0]
        result = version_vuln[1]
        vfc = version_vuln[2]

        ### Deep Scan Results comes here
        cmseek.clearscreen()
        cmseek.banner("Deep Scan Results")
        cmseek.result("Detected CMS: ", 'WordPress')
        cmseek.update_log('cms_name', 'WordPress')  # update log
        cmseek.result("CMS URL: ", "https://wordpress.org")
        cmseek.update_log('cms_url', "https://wordpress.org")  # update log
        if version != '0':
            cmseek.result("Version: ", version)
            cmseek.update_log('wp_version', version)
        if wpvdbres == '1':
            cmseek.result("Changelog URL: ", str(result['changelog_url']))
            cmseek.update_log('wp_changelog_file',
                              str(result['changelog_url']))
        if readmefile == '1':
            cmseek.result("Readme file found: ", url + '/readme.html')
            cmseek.update_log('wp_readme_file', url + '/readme.html')
        if licfile == '1':
            cmseek.result("License file found: ", url + '/license.txt')
        if wpupdir == '1':
            cmseek.result("Uploads directory has listing enabled: ",
                          url + '/wp-content/uploads')
            cmseek.update_log('wp_uploads_directory',
                              url + '/wp-content/uploads')
        if xmlrpc == '1':
            cmseek.result("XML-RPC interface available: ", url + '/xmlrpc.php')
            cmseek.update_log('wp_uploads_directory', url + '/xmlrpc.php')
        if plugins_found != 0:
            print('\n')
            cmseek.result("Plugins Enumerated: ", '')
            print(" |")
            wpplugs = ""
            for plugin in plugins:
                plug = plugin.split(':')
                wpplugs = wpplugs + plug[0] + ' Version ' + plug[1] + ','
                cmseek.success(cmseek.bold + plug[0] + ' Version ' + plug[1] +
                               cmseek.cln)
            cmseek.update_log('wp_plugins', wpplugs)
        if themes_found != 0:
            print('\n')
            cmseek.result("themes Enumerated: ", '')
            print(" |")
            wpthms = ""
            for theme in themes:
                thm = theme.split(':')
                wpthms = wpthms + thm[0] + ' Version ' + thm[1] + ','
                cmseek.success(cmseek.bold + thm[0] + ' Version ' + thm[1] +
                               cmseek.cln)
                cmseek.result('Theme URL: ',
                              url + '/wp-content/themes/' + thm[0] + '/')
            cmseek.update_log('wp_plugins', wpthms)
        if usernamesgen == '1':
            print('\n')
            cmseek.result("Usernames Harvested: ", '')
            print(" |")
            wpunames = ""
            for u in usernames:
                wpunames = wpunames + u + ","
                cmseek.success(cmseek.bold + u + cmseek.cln)
            print('\n')
            cmseek.update_log('wp_users', wpunames)
        if wpvdbres == '1':
            cmseek.result("Vulnerability Count: ",
                          str(len(result['vulnerabilities'])))
            cmseek.update_log('wp_vuln_count',
                              str(len(result['vulnerabilities'])))
            cmseek.update_log('wpvulndb_url',
                              "https://wpvulndb.com/api/v2/wordpresses/" + vfc)
            if len(result['vulnerabilities']) > 0:
                cmseek.success("Displaying all the vulnerabilities")
                for vuln in result['vulnerabilities']:
                    print("\n")
                    cmseek.result("Title: ", str(vuln['title']))
                    cmseek.result("Type: ", str(vuln['vuln_type']))
                    cmseek.result("Fixed In Version: ", str(vuln['fixed_in']))
                    cmseek.result(
                        "Link: ", "http://wpvulndb.com/vulnerabilities/" +
                        str(vuln['id']))
                    strvuln = str(vuln)
                    if 'cve' in strvuln:
                        for ref in vuln['references']['cve']:
                            cmseek.result(
                                "CVE: ",
                                "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
                                + str(ref))

                    if 'exploitdb' in strvuln:
                        for ref in vuln['references']['exploitdb']:
                            cmseek.result(
                                "ExploitDB Link: ",
                                "http://www.exploit-db.com/exploits/" +
                                str(ref))

                    if 'metasploit' in strvuln:
                        for ref in vuln['references']['metasploit']:
                            cmseek.result(
                                "Metasploit Module: ",
                                "http://www.metasploit.com/modules/" +
                                str(ref))

                    if 'osvdb' in strvuln:
                        for ref in vuln['references']['osvdb']:
                            cmseek.result("OSVDB Link: ",
                                          "http://osvdb.org/" + str(ref))

                    if 'secunia' in strvuln:
                        for ref in vuln['references']['secunia']:
                            cmseek.result(
                                "Secunia Advisory: ",
                                "http://secunia.com/advisories/" + str(ref))

                    if 'url' in strvuln:
                        for ref in vuln['references']['url']:
                            cmseek.result("Reference: ", str(ref))
            else:
                cmseek.warning(
                    'No vulnerabilities discovered in this version yet!')
            return
        else:
            cmseek.error("Could not look up version vulnerabilities")
            return

    return
Exemple #9
0
    cmseek.update()

if args.batch:
    #print('Batch true')
    cmseek.batch_mode = True
    print(cmseek.batch_mode)

if args.version:
    print('\n\n')
    cmseek.info("CMSeeK Version: " + cmseek.cmseek_version)
    cmseek.bye()

if args.ignore_cms:
    cmseek.ignore_cms = args.ignore_cms.split(',')
    for acms in cmseek.ignore_cms:
        cmseek.warning('Ignoring CMS: ' + acms)

if args.strict_cms:
    cmseek.strict_cms = args.strict_cms.split(',')
    cmseek.warning('Checking target against CMSes: ' + args.strict_cms)

if args.user_agent is not None:
    cua = args.user_agent
elif args.random_agent is not None:
    cua = cmseek.randomua('random')
else:
    cua = None

if args.googlebot:
    cua = 'Googlebot/2.1 (+http://www.google.com/bot.html)'
Exemple #10
0
def main_proc(site,cua):
    cmseek.clearscreen()
    cmseek.banner("CMS Detection And Deep Scan")
    cmseek.info("Scanning Site: " + site)
    cmseek.statement("User Agent: " + cua)
    cmseek.statement("Collecting Headers and Page Source for Analysis")
    init_source = cmseek.getsource(site, cua)
    if init_source[0] != '1':
        cmseek.error("Aborting CMSeek! Couldn't connect to site \n    Error: %s" % init_source[1])
        return
    else:
        scode = init_source[1]
        headers = init_source[2]
        if site != init_source[3] and site + '/' != init_source[3]:
            cmseek.info('Target redirected to: ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln)
            follow_redir = input('[#] Set ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln + ' as target? (y/n): ')
            if follow_redir.lower() == 'y':
                site = init_source[3]
    cmseek.statement("Detection Started")
    cmseek.statement("Using headers to detect CMS (Stage 1 of 2)")
    c1 = header.check(headers)
    if c1[0] == "1":
        # Do this shit later
        cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c1[1])
        cmseek.update_log('detection_param','header') # update log
        cmseek.update_log('cms_id',c1[1]) # update log
        cka = getattr(cmsdb, c1[1])
        if cka['deeps'] != '1': # Deep Scan
            if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
                print('\n')
                cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                cmseek.update_log('cms_name',cka['name']) # update log
                cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                cmseek.update_log('cms_url',cka['url']) # update log
            else:
                cmseek.statement("CMS Version is detectable, detecting CMS Version")
                ### Detect version
                cms_version = version_detect.start(c1[1], site, cua, '1', scode)
                print('\n')
                cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                cmseek.update_log('cms_name',cka['name']) # update log
                if cms_version != '0':
                    cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
                    cmseek.update_log('cms_version',cms_version) # update log
                cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                cmseek.update_log('cms_url',cka['url']) # update log
            # return
        else:
            advanced.start(c1[1], site, cua, '2', scode) ## The 2 suggests that generator check has not been performed
    else:
        cmseek.warning('No luck with headers... Continuing with source code')
        cmseek.statement("Checking for generator meta tag in source code")
        if 'Generator' in scode or 'generator' in scode:
            cmseek.success("Generator meta tag found.. Continuing with detection (2.1 of 2.2)")
            ga = "1" ## Generator tag found .. this will come in handy later to save us some milliseconds ;)
            c21 = source.generator(scode)
            if c21[0] == '1':
                cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c21[1])
                cmseek.update_log('detection_param','generator') # update log
                cmseek.update_log('cms_id',c21[1]) # update log
                cka = getattr(cmsdb, c21[1])
                if cka['deeps'] != '1': # Deep Scan not available
                    if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
                        print('\n')
                        cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',cka['name']) # update log
                        cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url',cka['url']) # update log
                    else:
                        cmseek.statement("CMS Version is detectable, detecting CMS Version")
                        ### Detect version
                        cms_version = version_detect.start(c21[1], site, cua, '1', scode)
                        print('\n')
                        cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',cka['name']) # update log
                        if cms_version != '0':
                            cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
                            cmseek.update_log('cms_version',cms_version) # update log
                        cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url',cka['url']) # update log
                    # return
                else:
                    advanced.start(c21[1], site, cua, '1', scode)
            elif c21[0] == '2': # Empty Source code
                cmseek.error("Source code was empty... exiting CMSeek")
                # return
            else: ## CMS Detection unsuccessful via generator meta tag
                cmseek.warning('Could not detect CMS from the generator meta tag, (Procceeding with scan 2.2 of 2.2)')
                c22 = source.check(scode, site)
                if c22[0] == '1':
                    cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c22[1])
                    cmseek.update_log('detection_param','source') # update log
                    cmseek.update_log('cms_id',c22[1]) # update log
                    cka = getattr(cmsdb, c22[1])
                    if cka['deeps'] != '1': # Deep Scan not available
                        if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
                            print('\n')
                            cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                            cmseek.update_log('cms_name',cka['name']) # update log
                            cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                            cmseek.update_log('cms_url',cka['url']) # update log
                        else:
                            cmseek.statement("CMS Version is detectable, detecting CMS Version")
                            cms_version = version_detect.start(c22[1], site, cua, '1', scode)
                            ### Detect version
                            print('\n')
                            cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                            cmseek.update_log('cms_name',cka['name']) # update log
                            if cms_version != '0':
                                cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
                                cmseek.update_log('cms_version',cms_version) # update log
                            cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                            cmseek.update_log('cms_url',cka['url']) # update log
                        return
                    else:
                        advanced.start(c22[1], site, cua, '1', scode)
                elif c22[0] == '2': # Empty Source code
                    cmseek.error("Source code was empty... exiting CMSeek")
                    return
                else:
                    cmseek.error("Couldn't detect cms... :( \n    Sorry master didn't mean to dissapoint but bye for now \n    Can't handle this much disappintment \n\n")
                    return
        else:
            cmseek.warning("Generator meta tag not found! (Procceeding with scan 2.2 of 2.2)")
            ga = '0' ## Generator meta tag not found as i freakin said earlier this will come in handy later
            c22 = source.check(scode, site)
            if c22[0] == '1':
                cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c22[1])
                cmseek.update_log('detection_param','source') # update log
                cmseek.update_log('cms_id',c22[1]) # update log
                cka = getattr(cmsdb, c22[1])
                if cka['deeps'] != '1': # Deep Scan not available
                    if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
                        print('\n')
                        cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',cka['name']) # update log
                        cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url',cka['url']) # update log
                    else:
                        cmseek.statement("CMS Version is detectable, detecting CMS Version")
                        cms_version = version_detect.start(c22[1], site, cua, '0', scode)
                        ### Detect version
                        print('\n')
                        cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',cka['name']) # update log
                        if cms_version != '0':
                            cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
                            cmseek.update_log('cms_version',cms_version) # update log
                        cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url',cka['url']) # update log
                    return
                else:
                    advanced.start(c22[1], site, cua, '0', scode)
            elif c22[0] == '2': # Empty Source code
                cmseek.error("Source code was empty... exiting CMSeek")
                return
            else:
                cmseek.error("Couldn't detect cms... :( \n    Sorry master didn't mean to dissapoint but bye for now \n    Can't handle this much disappintment \n\n")
                return
Exemple #11
0
def deep(
    id, url, ua, ga, source
):  ## ({ID of the cms}, {url of target}, {User Agent}, {is Generator Meta tag available [0/1]}, {Source code})
    ## Do shits later [update from later: i forgot what shit i had to do ;___;]
    if id == "wp":
        cmseek.statement('Starting WordPress DeepScan')
        # Version detection
        cmseek.statement('Detecting Version and vulnerabilities')
        if ga == '1' or ga == '2' or ga == '3':  ## something good was going to happen but my sleep messed it up TODO: will fix it later
            cmseek.statement(
                'Generator Tag Available... Trying version detection using generator meta tag'
            )
            rr = re.findall(
                r'<meta name=\"generator\" content=\"WordPress (.*?)\"',
                source)
            if rr != []:
                version = rr[0]
                cmseek.success("Version Detected, WordPress Version %s" %
                               version)
            else:
                cmseek.warning(
                    "Generator tag was a big failure.. looking up /feed/")
                fs = cmseek.getsource(url + '/feed/', ua)
                if fs[0] != '1':  # Something messed up real bad
                    cmseek.warning("Couldn't get feed source code, Error: %s" %
                                   fs[1])
                else:
                    fv = re.findall(
                        r'<generator>https://wordpress.org/\?v=(.*?)</generator>',
                        fs[1])
                    if fv != []:  # Not empty good news xD
                        version = fv[0]
                        cmseek.success(
                            "Version Detected, WordPress Version %s" % version)
                    else:
                        cmseek.warning(
                            "Well even feed was a failure... let's lookup wp-links-opml then"
                        )
                        opmls = cmseek.getsource(url + '/wp-links-opml.php',
                                                 ua)
                        if opmls[0] != '1':  # Something messed up real bad
                            cmseek.warning(
                                "Couldn't get wp-links-links source code, Error: %s"
                                % opmls[1])
                        else:
                            fv = re.findall(r'generator=\"wordpress/(.*?)\"',
                                            opmls[1])
                            if fv != []:  # Not empty good news xD || you can guess it's copied right?
                                version = fv[0]
                                cmseek.success(
                                    "Version Detected, WordPress Version %s" %
                                    version)
                            else:
                                ## new version detection methods will be added in the future updates
                                cmseek.error(
                                    "Couldn't Detect Version :( Sorry Master")
                                version = '0'

            ## Check for minor stuffs like licesnse readme and some open directory checks
            cmseek.statement("Initiationg  open directory and files check")

            ## Readme.html
            readmesrc = cmseek.getsource(url + '/readme.html', ua)
            if readmesrc[
                    0] != '1':  ## something went wrong while getting the source codes
                cmseek.warning(
                    "Couldn't get readme file's source code most likely it's not present"
                )
                readmefile = '0'  # Error Getting Readme file
            elif 'Welcome. WordPress is a very special project to me.' in readmesrc[
                    1]:
                readmefile = '1'  # Readme file present
            else:
                readmefile = '2'  # Readme file found but most likely it's not of wordpress

            ## license.txt
            licsrc = cmseek.getsource(url + '/license.txt', ua)
            if licsrc[0] != '1':
                cmseek.warning('license file not found')
                licfile = '0'
            elif 'WordPress - Web publishing software' in licsrc[1]:
                licfile = '1'
            else:
                licfile = '2'

            ## wp-content/uploads/ folder
            wpupsrc = cmseek.getsource(url + '/wp-content/uploads/', ua)
            if wpupsrc[0] != '1':
                wpupdir = '0'
            elif 'Index of /wp-content/uploads' in wpupsrc[1]:
                wpupdir = '1'
            else:
                wpupdir = '2'

            ## xmlrpc
            xmlrpcsrc = cmseek.getsource(url + '/xmlrpc.php', ua)
            if xmlrpcsrc[0] != '1':
                cmseek.warning('XML-RPC interface not available')
                xmlrpc = '0'
            elif 'XML-RPC server accepts POST requests only.' in xmlrpcsrc[1]:
                xmlrpc = '1'
            else:
                xmlrpc = '2'

            ## User enumeration
            cmseek.info("Starting Username Harvest")

            # User enumertion via site's json api
            cmseek.info('Harvesting usernames from wp-json api')
            wpjsonuser = []
            wpjsonsrc = cmseek.getsource(url + '/wp-json/wp/v2/users', ua)
            if wpjsonsrc[0] != "1" or 'slug' not in wpjsonsrc[1]:
                cmseek.warning("Json api method failed trying with next")
            else:
                for user in json.loads(wpjsonsrc[1]):
                    wpjsonuser.append(user['slug'])
                    cmseek.success("Found User: %s" % user['slug'])

            # user enumertion vua jetpack api
            cmseek.info('Harvesting usernames from jetpack public api')
            jpapiuser = []
            strippedurl = url.replace('http://', '')
            strippedurl = strippedurl.replace(
                'https://',
                '')  # Pretty sure it is an ugly solution but oh well
            jpapisrc = cmseek.getsource(
                'https://public-api.wordpress.com/rest/v1.1/sites/' +
                strippedurl + '/posts?number=100&pretty=true&fields=author',
                ua)
            if jpapisrc[0] != '1' or 'login' not in jpapisrc[1]:
                cmseek.warning(
                    'No results from jetpack api... maybe the site doesn\'t use jetpack'
                )
            else:
                for user in json.loads(jpapisrc[1])['posts']:
                    jpapiuser.append(user['author']['login'])
                    cmseek.success("Found User: %s" % user['author']['login'])
                jpapiuser = list(set(
                    usr.strip()
                    for usr in jpapiuser))  # Removing duplicate usernames

            # the regular way of checking vua user Parameter -- For now just check upto 20 ids
            cmseek.info('Harvesting usernames from wordpress author Parameter')
            wpparamuser = []
            usrrange = range(31)
            pool = multiprocessing.Pool()
            prepareenum = partial(wpauthorenum, ua, url)
            res = pool.map(prepareenum, usrrange)
            for r in res:
                if r != None:
                    wpparamuser.append(r)

            # Combine all the usernames that we collected
            usernames = set(wpjsonuser + jpapiuser + wpparamuser)
            if len(usernames) > 0:
                usernamesgen = '1'  # Some usernames were harvested
                cmseek.success(cmseek.bold + str(len(usernames)) +
                               " Usernames" + cmseek.cln +
                               " was / were enumerated")
            else:
                usernamesgen = '0'  # Failure
                cmseek.warning("Couldn't enumerate usernames :( ")
            ## Version Vulnerability Detection
            if version == "0":
                cmseek.warning(
                    "Skipping version vulnerability scan as WordPress Version wasn't detected"
                )
            else:  ## So we have a version let's scan for vulnerabilities
                cmseek.info(
                    "Checking version vulnerabilities [props to wpvulndb for their awesome api ;)]"
                )
                vfc = version.replace(
                    '.', ''
                )  # NOT IMPORTANT: vfc = version for check well we have to kill all the .s in the version for looking it up on wpvulndb.. kinda weird if you ask me
                ws = cmseek.getsource(
                    "https://wpvulndb.com/api/v2/wordpresses/" + vfc, ua)
                print(ws[0])
                if ws[0] == "1":
                    # wjson = json.loads(ws[1]) + vfd + "['release_date']"
                    wpvdbres = '1'  ## We have the wpvulndb results
                    result = json.loads(ws[1])[version]
                else:
                    wpvdbres = '0'
                    cmseek.error('Error Retriving data from wpvulndb')

        ### Deep Scan Results comes here
        cmseek.clearscreen()
        cmseek.banner("Deep Scan Results")
        cmseek.result("Detected CMS: ", 'WordPress')
        cmseek.update_log('cms_name', 'WordPress')  # update log
        cmseek.result("CMS URL: ", "https://wordpress.org")
        cmseek.update_log('cms_url', "https://wordpress.org")  # update log
        if version != '0':
            cmseek.result("Version: ", version)
            cmseek.update_log('wp_version', version)
        if wpvdbres == '1':
            cmseek.result("Changelog URL: ", str(result['changelog_url']))
            cmseek.update_log('wp_changelog_file',
                              str(result['changelog_url']))
        if readmefile == '1':
            cmseek.result("Readme file found: ", url + '/readme.html')
            cmseek.update_log('wp_readme_file', url + '/readme.html')
        if licfile == '1':
            cmseek.result("License file found: ", url + '/license.txt')
        if wpupdir == '1':
            cmseek.result("Uploads directory has listing enabled: ",
                          url + '/wp-content/uploads')
            cmseek.update_log('wp_uploads_directory',
                              url + '/wp-content/uploads')
        if xmlrpc == '1':
            cmseek.result("XML-RPC interface available: ", url + '/xmlrpc.php')
            cmseek.update_log('wp_uploads_directory', url + '/xmlrpc.php')
        if usernamesgen == '1':
            cmseek.result("Usernames Harvested: ", '')
            wpunames = ""
            for u in usernames:
                wpunames = wpunames + u + ","
                cmseek.success(cmseek.bold + u + cmseek.cln)
            print('\n')
            cmseek.update_log('wp_users', wpunames)
        if wpvdbres == '1':
            cmseek.result("Vulnerability Count: ",
                          str(len(result['vulnerabilities'])))
            cmseek.update_log('wp_vuln_count',
                              str(len(result['vulnerabilities'])))
            cmseek.update_log('wpvulndb_url',
                              "https://wpvulndb.com/api/v2/wordpresses/" + vfc)
            if len(result['vulnerabilities']) > 0:
                cmseek.success("Displaying all the vulnerabilities")
                for vuln in result['vulnerabilities']:
                    print("\n")
                    cmseek.result("Vulnerability Title: ", str(vuln['title']))
                    cmseek.result("Vulnerability Type: ",
                                  str(vuln['vuln_type']))
                    cmseek.result("Fixed In Version: ", str(vuln['fixed_in']))
                    cmseek.result(
                        "Vulnerability Link: ",
                        "http://wpvulndb.com/vulnerabilities/" +
                        str(vuln['id']))
                    strvuln = str(vuln)
                    if 'cve' in strvuln:
                        for ref in vuln['references']['cve']:
                            cmseek.result(
                                "Vulnerability CVE: ",
                                "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
                                + str(ref))

                    if 'exploitdb' in strvuln:
                        for ref in vuln['references']['exploitdb']:
                            cmseek.result(
                                "ExploitDB Link: ",
                                "http://www.exploit-db.com/exploits/" +
                                str(ref))

                    if 'metasploit' in strvuln:
                        for ref in vuln['references']['metasploit']:
                            cmseek.result(
                                "Metasploit Module: ",
                                "http://www.metasploit.com/modules/" +
                                str(ref))

                    if 'osvdb' in strvuln:
                        for ref in vuln['references']['osvdb']:
                            cmseek.result("OSVDB Link: ",
                                          "http://osvdb.org/" + str(ref))

                    if 'secunia' in strvuln:
                        for ref in vuln['references']['secunia']:
                            cmseek.result(
                                "Secunia Advisory: ",
                                "http://secunia.com/advisories/" + str(ref))

                    if 'url' in strvuln:
                        for ref in vuln['references']['url']:
                            cmseek.result("Vulnerability Reference: ",
                                          str(ref))
            return
        else:
            cmseek.warning(
                "No Vulnerabilities discovered in this version of WordPress as of yet"
            )
            return

    return
Exemple #12
0
def main_proc(site,cua):

    # Check for skip_scanned
    if cmseek.skip_scanned:
        for csite in cmseek.report_index['results'][0]:
            if site == csite and cmseek.report_index['results'][0][site]['cms_id'] != '':
                cmseek.warning('Skipping {0} as it was previously scanned!'.format(cmseek.red + site + cmseek.cln))
                return

    cmseek.clearscreen()
    cmseek.banner("CMS Detection And Deep Scan")
    cmseek.info("Scanning Site: " + site)
    cmseek.statement("User Agent: " + cua)
    cmseek.statement("Collecting Headers and Page Source for Analysis")
    init_source = cmseek.getsource(site, cua)
    if init_source[0] != '1':
        cmseek.error("Aborting CMSeek! Couldn't connect to site \n    Error: %s" % init_source[1])
        return
    else:
        scode = init_source[1]
        headers = init_source[2]
        if site != init_source[3] and site + '/' != init_source[3]:
            if cmseek.redirect_conf == '0':
                cmseek.info('Target redirected to: ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln)
                if not cmseek.batch_mode:
                    follow_redir = input('[#] Set ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln + ' as target? (y/n): ')
                else:
                    follow_redir = 'y'
                if follow_redir.lower() == 'y':
                    site = init_source[3]
                    cmseek.statement("Reinitiating Headers and Page Source for Analysis")
                    tmp_req = cmseek.getsource(site, cua)
                    scode = tmp_req[1]
                    headers = tmp_req[2]
            elif cmseek.redirect_conf == '1':
                site = init_source[3]
                cmseek.info("Followed redirect, New target: " + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln)
                cmseek.statement("Reinitiating Headers and Page Source for Analysis")
                tmp_req = cmseek.getsource(site, cua)
                scode = tmp_req[1]
                headers = tmp_req[2]
            else:
                cmseek.statement("Skipping redirect to " + cmseek.bold + cmseek.red + init_source[3] + cmseek.cln)
    if scode == '':
        # silly little check thought it'd come handy
        cmseek.error('Aborting detection, source code empty')
        return

    cmseek.statement("Detection Started")

    ## init variables
    cms = '' # the cms id if detected
    cms_detected = '0' # self explanotory
    detection_method = '' # ^
    ga = '0' # is generator available
    ga_content = '' # Generator content

    ## Parse generator meta tag
    parse_generator = generator.parse(scode)
    ga = parse_generator[0]
    ga_content = parse_generator[1]

    cmseek.statement("Using headers to detect CMS (Stage 1 of 4)")
    header_detection = header.check(headers)

    if header_detection[0] == '1':
        detection_method = 'header'
        cms = header_detection[1]
        cms_detected = '1'

    if cms_detected == '0':
        if ga == '1':
            # cms detection via generator
            cmseek.statement("Using Generator meta tag to detect CMS (Stage 2 of 4)")
            gen_detection = generator.scan(ga_content)
            if gen_detection[0] == '1':
                detection_method = 'generator'
                cms = gen_detection[1]
                cms_detected = '1'
        else:
            cmseek.statement('Skipping stage 2 of 4: No Generator meta tag found')

    if cms_detected == '0':
        # Check cms using source code
        cmseek.statement("Using source code to detect CMS (Stage 3 of 4)")
        source_check = source.check(scode, site)
        if source_check[0] == '1':
            detection_method = 'source'
            cms = source_check[1]
            cms_detected = '1'

    if cms_detected == '0':
        # Check cms using robots.txt
        cmseek.statement("Using robots.txt to detect CMS (Stage 4 of 4)")
        robots_check = robots.check(site, cua)
        if robots_check[0] == '1':
            detection_method = 'robots'
            cms = robots_check[1]
            cms_detected = '1'

    if cms_detected == '1':
        cmseek.success('CMS Detected, CMS ID: ' + cmseek.bold + cmseek.fgreen + cms + cmseek.cln + ', Detection method: ' + cmseek.bold + cmseek.lblue + detection_method + cmseek.cln)
        cmseek.update_log('detection_param', detection_method)
        cmseek.update_log('cms_id', cms) # update log
        cmseek.statement('Getting CMS info from database') # freaking typo
        cms_info = getattr(cmsdb, cms)
        
        if cms_info['deeps'] == '1' and not cmseek.light_scan and not cmseek.only_cms:
            # cmseek.success('Starting ' + cmseek.bold + cms_info['name'] + ' deep scan' + cmseek.cln)
            advanced.start(cms, site, cua, ga, scode, ga_content, detection_method, headers)
            return
        
        elif cms_info['vd'] == '1' and not cmseek.only_cms:
            cmseek.success('Starting version detection')
            cms_version = '0' # Failsafe measure
            cms_version = version_detect.start(cms, site, cua, ga, scode, ga_content, headers)
            cmseek.clearscreen()
            cmseek.banner("CMS Scan Results")
            result.target(site)
            result.cms(cms_info['name'],cms_version,cms_info['url'])
            cmseek.update_log('cms_name', cms_info['name']) # update log
            if cms_version != '0' and cms_version != None:
                cmseek.update_log('cms_version', cms_version) # update log
            cmseek.update_log('cms_url', cms_info['url']) # update log
            comptime = round(time.time() - cmseek.cstart, 2)
            log_file = os.path.join(cmseek.log_dir, 'cms.json')
            result.end(str(cmseek.total_requests), str(comptime), log_file)
            '''
            cmseek.result('Target: ', site)
            cmseek.result("Detected CMS: ", cms_info['name'])
            cmseek.update_log('cms_name', cms_info['name']) # update log
            if cms_version != '0' and cms_version != None:
                cmseek.result("CMS Version: ", cms_version)
                cmseek.update_log('cms_version', cms_version) # update log
            cmseek.result("CMS URL: ", cms_info['url'])
            cmseek.update_log('cms_url', cms_info['url']) # update log
            '''
            return
        else:
            # nor version detect neither DeepScan available
            cmseek.clearscreen()
            cmseek.banner("CMS Scan Results")
            result.target(site)
            result.cms(cms_info['name'],'0',cms_info['url'])
            cmseek.update_log('cms_name', cms_info['name']) # update log
            cmseek.update_log('cms_url', cms_info['url']) # update log
            comptime = round(time.time() - cmseek.cstart, 2)
            log_file = os.path.join(cmseek.log_dir, 'cms.json')
            result.end(str(cmseek.total_requests), str(comptime), log_file)
            '''
            cmseek.result('Target: ', site)
            cmseek.result("Detected CMS: ", cms_info['name'])
            cmseek.update_log('cms_name', cms_info['name']) # update log
            cmseek.result("CMS URL: ", cms_info['url'])
            cmseek.update_log('cms_url', cms_info['url']) # update log
            '''
            return
    else:
        print('\n')
        cmseek.error('CMS Detection failed, if you know the cms please help me improve CMSeeK by reporting the cms along with the target by creating an issue')
        print('''
{2}Create issue:{3} https://github.com/Tuhinshubhra/CMSeeK/issues/new

{4}Title:{5} [SUGGESTION] CMS detction failed!
{6}Content:{7}
    - CMSeeK Version: {0}
    - Target: {1}
    - Probable CMS: <name and/or cms url>

N.B: Create issue only if you are sure, please avoid spamming!
        '''.format(cmseek.cmseek_version, site, cmseek.bold, cmseek.cln, cmseek.bold, cmseek.cln, cmseek.bold, cmseek.cln))
        return
    return
Exemple #13
0
def main_proc(site, cua):
    cmseek.clearscreen()
    cmseek.banner("CMS Detection And Deep Scan")
    cmseek.info("Scanning Site: " + site)
    cmseek.statement("User Agent: " + cua)
    cmseek.statement("Collecting Headers and Page Source for Analysis")
    try:
        ckreq = urllib.request.Request(site,
                                       data=None,
                                       headers={'User-Agent': cua})
        with urllib.request.urlopen(ckreq) as response:
            scode = response.read().decode()
            headers = str(response.info())
    except Exception as e:
        e = str(e)
        cmseek.error(
            "Aborting CMSeek! Couldn't connect to site \n    Error: %s" %
            e)  #TODO: remove the error msg later if possible
        return
    # TODO: The source code enumartion > save to site directory > print done

    cmseek.statement("Detection Started")
    cmseek.statement("Using headers to detect CMS (Stage 1 of 2)")
    c1 = header.check(headers)
    if c1[0] == "1":
        # Do this shit later
        cmseek.success(
            "CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
            % c1[1])
        cmseek.update_log('detection_param', 'header')  # update log
        cmseek.update_log('cms_id', c1[1])  # update log
        cka = getattr(cmsdb, c1[1])
        if cka['deeps'] != '1':  # Deep Scan
            if cka['vd'] != '1':  # Version Detection not available for the cms show basic stuff
                print('\n')
                cmseek.result(
                    '', "CMS Name: " + cmseek.bold + cmseek.fgreen +
                    cka['name'] + cmseek.cln)
                cmseek.update_log('cms_name', cka['name'])  # update log
                cmseek.result(
                    '', "CMS Link: " + cmseek.bold + cmseek.fgreen +
                    cka['url'] + cmseek.cln)
                cmseek.update_log('cms_url', cka['url'])  # update log
            else:
                cmseek.statement(
                    "CMS Version is detectable, detecting CMS Version")
                ### Detect version
                print('\n')
                cmseek.result(
                    '', "CMS Name: " + cmseek.bold + cmseek.fgreen +
                    cka['name'] + cmseek.cln)
                cmseek.update_log('cms_name', cka['name'])  # update log
                cmseek.result(
                    '', "CMS Link: " + cmseek.bold + cmseek.fgreen +
                    cka['url'] + cmseek.cln)
                cmseek.update_log('cms_url', cka['url'])  # update log
            # return
        else:
            advanced.deep(
                c1[1], site, cua, '2', scode
            )  ## The 2 suggests that generator check has not been performed
    else:
        cmseek.warning('No luck with headers... Continuing with source code')
        cmseek.statement("Checking for generator meta tag in source code")
        if 'Generator' in scode or 'generator' in scode:
            cmseek.success(
                "Generator meta tag found.. Continuing with detection (2.1 of 2.2)"
            )
            ga = "1"  ## Generator tag found .. this will come in handy later to save us some milliseconds ;)
            c21 = source.generator(scode)
            if c21[0] == '1':
                cmseek.success(
                    "CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
                    % c21[1])
                cmseek.update_log('detection_param', 'generator')  # update log
                cmseek.update_log('cms_id', c21[1])  # update log
                cka = getattr(cmsdb, c21[1])
                if cka['deeps'] != '1':  # Deep Scan not available
                    if cka['vd'] != '1':  # Version Detection not available for the cms show basic stuff
                        print('\n')
                        cmseek.result(
                            '', "CMS Name: " + cmseek.bold + cmseek.fgreen +
                            cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',
                                          cka['name'])  # update log
                        cmseek.result(
                            '', "CMS Link: " + cmseek.bold + cmseek.fgreen +
                            cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url', cka['url'])  # update log
                    else:
                        cmseek.statement(
                            "CMS Version is detectable, detecting CMS Version")
                        ### Detect version
                        print('\n')
                        cmseek.result(
                            '', "CMS Name: " + cmseek.bold + cmseek.fgreen +
                            cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',
                                          cka['name'])  # update log
                        cmseek.result(
                            '', "CMS Link: " + cmseek.bold + cmseek.fgreen +
                            cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url', cka['url'])  # update log
                    # return
                else:
                    advanced.deep(c21[1], site, cua, '1', scode)
            elif c21[0] == '2':  # Empty Source code
                cmseek.error("Source code was empty... exiting CMSeek")
                # return
            else:  ## CMS Detection unsuccessful via generator meta tag
                cmseek.warning(
                    'Could not detect CMS from the generator meta tag, (Procceeding with scan 2.2 of 2.2)'
                )
                c22 = source.check(scode, site)
                if c22[0] == '1':
                    cmseek.success(
                        "CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
                        % c22[1])
                    cmseek.update_log('detection_param',
                                      'source')  # update log
                    cmseek.update_log('cms_id', c22[1])  # update log
                    cka = getattr(cmsdb, c22[1])
                    if cka['deeps'] != '1':  # Deep Scan not available
                        if cka['vd'] != '1':  # Version Detection not available for the cms show basic stuff
                            print('\n')
                            cmseek.result(
                                '', "CMS Name: " + cmseek.bold +
                                cmseek.fgreen + cka['name'] + cmseek.cln)
                            cmseek.update_log('cms_name',
                                              cka['name'])  # update log
                            cmseek.result(
                                '', "CMS Link: " + cmseek.bold +
                                cmseek.fgreen + cka['url'] + cmseek.cln)
                            cmseek.update_log('cms_url',
                                              cka['url'])  # update log
                        else:
                            cmseek.statement(
                                "CMS Version is detectable, detecting CMS Version"
                            )
                            ### Detect version
                            print('\n')
                            cmseek.result(
                                '', "CMS Name: " + cmseek.bold +
                                cmseek.fgreen + cka['name'] + cmseek.cln)
                            cmseek.update_log('cms_name',
                                              cka['name'])  # update log
                            cmseek.result(
                                '', "CMS Link: " + cmseek.bold +
                                cmseek.fgreen + cka['url'] + cmseek.cln)
                            cmseek.update_log('cms_url',
                                              cka['url'])  # update log
                        return
                    else:
                        advanced.deep(c22[1], site, cua, '1', scode)
                elif c22[0] == '2':  # Empty Source code
                    cmseek.error("Source code was empty... exiting CMSeek")
                    return
                else:
                    cmseek.error(
                        "Couldn't detect cms... :( \n    Sorry master didn't mean to dissapoint but bye for now \n    Can't handle this much disappintment \n\n"
                    )
                    return
        else:
            cmseek.warning(
                "Generator meta tag not found! (Procceeding with scan 2.2 of 2.2)"
            )
            ga = '0'  ## Generator meta tag not found as i freakin said earlier this will come in handy later
            c22 = source.check(scode, site)
            if c22[0] == '1':
                cmseek.success(
                    "CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
                    % c22[1])
                cmseek.update_log('detection_param', 'source')  # update log
                cmseek.update_log('cms_id', c22[1])  # update log
                cka = getattr(cmsdb, c22[1])
                if cka['deeps'] != '1':  # Deep Scan not available
                    if cka['vd'] != '1':  # Version Detection not available for the cms show basic stuff
                        print('\n')
                        cmseek.result(
                            '', "CMS Name: " + cmseek.bold + cmseek.fgreen +
                            cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',
                                          cka['name'])  # update log
                        cmseek.result(
                            '', "CMS Link: " + cmseek.bold + cmseek.fgreen +
                            cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url', cka['url'])  # update log
                    else:
                        cmseek.statement(
                            "CMS Version is detectable, detecting CMS Version")
                        ### Detect version
                        print('\n')
                        cmseek.result(
                            '', "CMS Name: " + cmseek.bold + cmseek.fgreen +
                            cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',
                                          cka['name'])  # update log
                        cmseek.result(
                            '', "CMS Link: " + cmseek.bold + cmseek.fgreen +
                            cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url', cka['url'])  # update log
                    return
                else:
                    advanced.deep(c22[1], site, cua, '0', scode)
            elif c22[0] == '2':  # Empty Source code
                cmseek.error("Source code was empty... exiting CMSeek")
                return
            else:
                cmseek.error(
                    "Couldn't detect cms... :( \n    Sorry master didn't mean to dissapoint but bye for now \n    Can't handle this much disappintment \n\n"
                )
                return