Exemple #1
0
 def __runExploits(self,url,headers):
     wp_wysija(url,headers,vulnresults)
     wp_blaze(url,headers,vulnresults)
     wp_catpro(url,headers,vulnresults)
     wp_cherry(url,headers,vulnresults)
     wp_dm(url,headers,vulnresults)
     wp_fromcraft(url,headers,vulnresults)
     wp_shop(url,headers,vulnresults)
     wp_revslider(url,headers,vulnresults)
     wp_adsmanager(url,headers,vulnresults)
     wp_inboundiomarketing(url,headers,vulnresults)
     wp_levoslideshow(url,headers,vulnresults)
     wp_adblockblocker(url,headers,vulnresults)
Exemple #2
0
def detect_cms():
    lm = url + '/smiley/1.gif'
    lm_content = requests.get(lm,headers).text
    lm2 = url + '/rss.xml'
    lm2_content = requests.get(lm2,headers).text
    content=requests.get(url,headers).text
#    try:

        ############################
        #                          #
        #         joomla           #
        #                          #
        ############################
    #joomla searching content to detect.
    if  re.search(re.compile(r'<script type=\"text/javascript\" src=\"/media/system/js/mootools.js\"></script>|/media/system/js/|com_content|Joomla!'), content):
        print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
        print ('------------------------------------------------')
        print (' %s looking for cms' % (que))
        print (' %s %sCMS :%s Joomla' % (good,W,end))
        print ('------------------------------------------------')
        #webinfo gathering argument
        if webinfo:
            webhosting_info(hostinfo)
        
        #domain gatherinargument
        if domaininfo:
            print (' %s Starting searching for Subdomains' %(run))
            domain_info(url)
        
        if cms == 'version':
            print (' %s CMS informations gathering' %(run))
            joo_version(url,headers)
            print ("-----------------------------------------------")
        if cms == 'all':
            print (' %s CMS informations gathering' %(run))
            joo_version(url,headers)
            joo_user(url,headers)
            joo_template(url,headers)
            print ("-----------------------------------------------")
        #port to scan
        if scanports:
            print (' %s Scanning Ports' %(run))
            print (""" %s     PORTS                     %sSTATUS  %sPROTO"""%(W,W,W))
            portscan(hostd(url))
            print ("-----------------------------------------------")
        if dnsdump:
            print (' %s Starting DNS dump' %(run))
            dnsdumper(url)
            print ("-----------------------------------------------")
        #joomla_exploits imported from folder[./common/joomla_exploits.py]
        if exploit:
            print (' %s Check Vulnerability' %(run))
            print (""" %sNAME                      %sSTATUS  %sSHELL"""%(W,W,W))
            joomla_comjce(url,headers,timeout)
            joomla_comedia(url,headers,timeout)
            joomla_comjdownloads(url,headers,timeout)
            joomla_comjdownloads2(url,headers,timeout)
            joomla_fabrik2(url,headers,timeout)
            joomla_fabrik2_d(url,headers,timeout)
            joomla_foxcontact(url,headers,timeout)

        ############################
        #                          #
        #         Wordpress        #
        #                          #
        ############################
    #wordpress searching content to detect.
    elif re.search(re.compile(r'wp-content|wordpress|xmlrpc.php'), content):
        print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
        print ('------------------------------------------------')
        print (' %s looking for cms' % (que))
        print (' %s %sCMS :%s Wordpress' % (good,W,end))
        print ('------------------------------------------------')
        if webinfo:
            webhosting_info(hostinfo)
        if domaininfo:
            print (' %s Starting searching for Subdomains' %(run))
            domain_info(url)
        #wp_grab methods info from (folder)[./common/grapwp.py]
        if cms == 'version':
            print (' %s CMS informations gathering' %(run))
            wp_version(url,headers,grabinfo)
            print ("-----------------------------------------------")
        if cms == 'themes':
            print (' %s CMS informations gathering' %(run))
            wp_themes(url,headers,grabinfo)
            print ("-----------------------------------------------")
        if cms == 'user':
            print (' %s CMS informations gathering' %(run))
            wp_user(url,headers,grabinfo)
            print ("-----------------------------------------------")
        if cms == 'plugins':
            print (' %s CMS informations gathering' %(run))
            wp_plugin(url,headers,grabinfo)
            print ("-----------------------------------------------")
        if cms == 'all':
            print (' %s CMS informations gathering' %(run))
            wp_version(url,headers,grabinfo)
            wp_themes(url,headers,grabinfo)
            wp_user(url,headers,grabinfo)
            wp_plugin(url,headers,grabinfo)
            print ("-----------------------------------------------")
                #port to scan
        if scanports:
            print (' %s Scanning Ports' %(run))
            print (""" %sPORTS                     %sSTATUS  %sPROTO"""%(W,W,W))
            portscan(hostd(url))
            print ("-----------------------------------------------")
        if dnsdump:
            print (' %s Starting DNS dump' %(run))
            dnsdumper(url)
            print ("-----------------------------------------------")
        # vulnx -u http://example.com -e | vulnx -u http://example --exploit
        if exploit:
            print (' %s Check Vulnerability\n' %(run))
            print (""" %sNAME                      %sSTATUS  %sSHELL"""%(W,W,W))
            #wp_exploit methods from (dolder)[./common/wp_exploits.py]
            wp_wysija(url,headers,vulnresults)
            wp_blaze(url,headers,vulnresults)
            wp_synoptic(url,headers,vulnresults)
            wp_catpro(url,headers,vulnresults)
            wp_cherry(url,headers,vulnresults)
            wp_dm(url,headers,vulnresults)
            wp_fromcraft(url,headers,vulnresults)
            wp_jobmanager(url,headers,vulnresults)
            wp_showbiz(url,headers,vulnresults)      
            wp_shop(url,headers,vulnresults)
            wp_powerzoomer(url,headers,vulnresults)
            wp_revslider(url,headers,vulnresults)
            wp_adsmanager(url,headers,vulnresults)
            wp_inboundiomarketing(url,headers,vulnresults)
            wp_adblockblocker(url,headers,vulnresults)
            wp_levoslideshow(url,headers,vulnresults)
            print ("-----------------------------------------------")

        ############################
        #                          #
        #          Drupal          #
        #                          #
        ############################
    #drupal searching content to detect.
    elif re.search(re.compile(r'Drupal|drupal|sites/all|drupal.org'), content):
        print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
        print ('------------------------------------------------')
        print (' %s looking for cms' % (que))
        print (' %s CMS : Drupal' % (good))
        print ('------------------------------------------------')
        if webinfo:
            webhosting_info(hostinfo)
        #domain gatherinargument
        if domaininfo:
            print (' %s Starting searching for Subdomains' %(run))
            domain_info(url)
        if cms == 'version':
            print (' %s CMS informations gathering' %(run))
            drupal_version()
        if scanports:
            print (' %s Scanning Ports\n' %(run))
            print (""" %s     PORTS                     %sSTATUS  %sPROTO"""%(W,W,W))
            portscan(hostd(url))
            print ("-----------------------------------------------")
        if dnsdump:
            print (' %s Starting DNS dump ' %(run))
            dnsdumper(url)
            print ("-----------------------------------------------")
        if exploit:
            print (' %s Check Vulnerability\n' %(run))
            print (""" %sNAME                      %sSTATUS  %sSHELL"""%(W,W,W))

        ############################
        #                          #
        #        Prestashop        #
        #                          #
        ############################
    #prestashop searching content to detect.
    elif re.search(re.compile(r'Prestashop|prestashop'), content):
        print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
        print ('------------------------------------------------')
        print (' %s looking for cms' % (que))
        print (' %s %sCMS :%s Prestashop' % (good,W,end))
        print ('------------------------------------------------')
        if webinfo:
            webhosting_info(hostinfo)
        #domain gatherinargument
        if domaininfo:
            print (' %s Starting searching for Subdomains' %(run))
            domain_info(url)
        if cms == 'version':
            print (' %s CMS informations gathering' %(run))
            prestashop_version()
        if scanports:
            print (' %s Scanning Ports\n' %(run))
            print (""" %s     PORTS                     %sSTATUS  %sPROTO"""%(W,W,W))
            portscan(hostd(url))
            print ("-----------------------------------------------")
        if dnsdump:
            print (' %s Starting DNS dump ' %(run))
            dnsdumper(url)
            print ("-----------------------------------------------")
        if exploit:
            print (' %s Check Vulnerability\n' %(run))
            print (""" %sNAME                      %sSTATUS  %sSHELL"""%(W,W,W))
            columnadverts(url,headers)
            soopabanners(url,headers)
            vtslide(url,headers)
            simpleslideshow(url,headers)
            productpageadverts(url,headers)
            productpageadvertsb(url,headers)
            jro_homepageadvertise(url,headers)
            attributewizardpro(url,headers)
            oneattributewizardpro(url,headers)
            attributewizardpro_old(url,headers)
            attributewizardpro_x(url,headers)
            advancedslider(url,headers)
            cartabandonmentpro(url,headers)
            cartabandonmentpro_old(url,headers)
            videostab(url,headers)
            wg24themeadministration(url,headers)
            fieldvmegamenu(url,headers)
            wdoptionpanel(url,headers)
            pk_flexmenu(url,headers)
            nvn_export_orders(url,headers)
            tdpsthemeoptionpanel(url,headers)
            masseditproduct(url,headers)
        ############################
        #                          #
        #          OpenCart        #
        #                          #
        ############################
    #opencart searching content to detect.
    elif re.search(re.compile(r'route=product|OpenCart|route=common|catalog/view/theme'), content):
        print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
        print ('------------------------------------------------')
        print (' %s looking for cms' % (que))
        print (' %s CMS : OpenCart' % (good))
        print ('------------------------------------------------')
        if webinfo:
            webhosting_info(hostinfo)
        #domain gatherinargument
        if domaininfo:
            print (' %s Starting searching for Subdomains' %(run))
            domain_info(url)
        if cms == 'version':
            print (' %s CMS informations gathering' %(run))
        if scanports:
            print (' %s Scanning Ports\n' %(run))
            print (""" %s     PORTS                     %sSTATUS  %sPROTO"""%(W,W,W))
            portscan(hostd(url))
            print ("-----------------------------------------------")
        if dnsdump:
            print (' %s Starting DNS dump ' %(run))
            dnsdumper(url)
            print ("-----------------------------------------------")
        if exploit:
            print (' %s Check Vulnerability\n' %(run))
            print (""" %sNAME                      %sSTATUS  %sSHELL"""%(W,W,W))

        ############################
        #                          #
        #          Magento         #
        #                          #
        ############################
    #magento searching content to detect.
    elif re.search(re.compile(r'Log into Magento Admin Page|name=\"dummy\" id=\"dummy\"|Magento'), content):
        print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
        print ('------------------------------------------------')
        print (' %s looking for cms' % (que))
        print (' %s CMS : Magento' % (good))
        print ('------------------------------------------------')
        if webinfo:
            webhosting_info(hostinfo)
        #domain gatherinargument
        if domaininfo:
            print (' %s Starting searching for Subdomains' %(run))
            domain_info(url)
        if cms == 'version':
            print (' %s CMS informations gathering' %(run))
        if scanports:
            print (' %s Scanning Ports\n' %(run))
            print (""" %s     PORTS                     %sSTATUS  %sPROTO"""%(W,W,W))
            portscan(hostd(url))
            print ("-----------------------------------------------")
        if dnsdump:
            print (' %s Starting DNS dump ' %(run))
            dnsdumper(url)
            print ("-----------------------------------------------")
        if exploit:
            print (' %s Check Vulnerability' %(run))
            print (""" %sNAME                      %sSTATUS  %sSHELL"""%(W,W,W))

        ############################
        #                          #
        #         Lokomedia        #
        #                          #
        ############################
    #lokomedia searching content to detect.
        print (' %s Check Vulnerability' %(run))
    elif re.search(re.compile(r'image/gif'), lm_content):
        print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
        print ('------------------------------------------------')
        print (' %s looking for cms' % (que))
        print (' %s CMS : Lokomedia' % (good))
        print ('------------------------------------------------')
        if subdomains:
            print (' %s Starting searching for Subdomains' %(run))
            domain_info(url)
        print ('------------------------------------------------')
        if scanports:
            print (' %s Scanning Ports\n' %(run))
            print (""" %s  PORTS                     %sSTATUS  %sPROTO"""%(W,W,W))
            portscan(hostd(url))
            print ("-----------------------------------------------")
        if dnsdump:
            print (' %s Starting DNS dump ' %(run))
            dnsdumper(url)
            print ("-----------------------------------------------")
        print (' %s Check Vulnerability' %(run))
    elif re.search(re.compile(r'lokomedia'), lm2_content):
        print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
        print ('------------------------------------------------')
        print (' %s looking for cms' % (que))
        print (' %s CMS : Lokomedia' % (good))
        print ('------------------------------------------------')
        if subdomains:
            print (' %s Starting searching for Subdomains' %(run))
            domain_info(url)
        if scanports:
            print (' %s Scanning Ports\n' %(run))
            print (""" %s  PORTS                     %sSTATUS  %sPROTO"""%(W,W,W))
            portscan(hostd(url))
            print ("-----------------------------------------------")
        if dnsdump:
            print (' %s Starting DNS dump ' %(run))
            dnsdumper(url)
            print ("-----------------------------------------------")
        print (' %s Check Vulnerability' %(run))

        ############################
        #                          #
        #          Unknown         #
        #                          #
        ############################
    #no cms detect
    else:
        print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
        print ('------------------------------------------------')
        print (' %s looking for cms' % (que))
        print (' %s CMS : Unknown' % (bad))
        print ('------------------------------------------------')
        if webinfo:
            webhosting_info(hostinfo)
        #domain gatherinargument
        if domaininfo:
            print (' %s Starting searching for Subdomains' %(run))
            domain_info(url)
            print ("-----------------------------------------------")
        if dnsdump:
            print (' %s Starting DNS dump ' %(run))
            dnsdumper(url)
            print ("-----------------------------------------------")