def start(id, url, ua, ga, source, ga_content):
if id == "wp":
# trust me more will be added soon
import VersionDetect.wp as wpverdetect
wpver = wpverdetect.start(id, url, ua, ga, source)
return wpver
elif id == 'joom':
import VersionDetect.joom as joomverdetect
joomver = joomverdetect.start(id, url, ua, ga, source)
return joomver
elif id == 'dru':
import VersionDetect.dru as druverdetect
druver = druverdetect.start(id, url, ua, ga, source)
return druver
elif id == 'xe':
import VersionDetect.xe as xeverdetect
xever = xeverdetect.start(ga_content)
return xever
elif id == 'wgui':
import VersionDetect.wgui as wguiverdetect
wguiver = wguiverdetect.start(ga_content)
return wguiver
elif id == 'umi':
import VersionDetect.umi as umiverdetect
umiver = umiverdetect.start(url, ua)
return umiver
def start(id, url, ua, ga, source):
if id == "wp":
# trust me more will be added soon
import VersionDetect.wp as wpverdetect
wpver = wpverdetect.start(id, url, ua, ga, source):
return wpver
elif id == 'mg':
import VersionDetect.mg as mgverdetect
mgver = mgverdetect.start(url, ua)
return mgver
def start(id, url, ua, ga, source):
if id == "wp":
# trust me more will be added soon
import VersionDetect.wp as wpverdetect
wpver = wpverdetect.start(id, url, ua, ga, source)
return wpver
elif id == 'joom':
import VersionDetect.joom as joomverdetect
joomver = joomverdetect.start(id, url, ua, ga, source)
return joomver
def start(id, url, ua, ga, source, ga_content):
if id == "wp":
# trust me more will be added soon
import VersionDetect.wp as wpverdetect
wpver = wpverdetect.start(id, url, ua, ga, source)
return wpver
elif id == 'joom':
import VersionDetect.joom as joomverdetect
joomver = joomverdetect.start(id, url, ua, ga, source)
return joomver
elif id == 'dru':
import VersionDetect.dru as druverdetect
druver = druverdetect.start(id, url, ua, ga, source)
return druver
elif id == 'xe':
import VersionDetect.xe as xeverdetect
xever = xeverdetect.start(ga_content)
return xever
elif id == 'wgui':
import VersionDetect.wgui as wguiverdetect
wguiver = wguiverdetect.start(ga_content)
return wguiver
elif id == 'umi':
import VersionDetect.umi as umiverdetect
umiver = umiverdetect.start(url, ua)
return umiver
elif id == 'tidw':
import VersionDetect.tidw as tidwverdetect
tidwver = tidwverdetect.start(source)
return tidwver
elif id == 'sulu':
import VersionDetect.sulu as suluverdetect
suluver = suluverdetect.start(url, ua)
return suluver
elif id == 'subcms':
import VersionDetect.subcms as subcmsverdetect
subcmsver = subcmsverdetect.start(ga_content)
return subcmsver
elif id == 'snews':
import VersionDetect.snews as snewsverdetect
snewsver = snewsverdetect.start(ga_content, source)
return snewsver
def start(id, url, ua, ga, source, detection_method):
'''
id = ID of the cms
url = URL of target
ua = User Agent
ga = [0/1] is GENERATOR meta tag available
source = source code
'''
## Do shits later [update from later: i forgot what shit i had to do ;___;]
if id == "wp":
# referenced before assignment fix
vulnss = version = wpvdbres = result = plugins_found = usernames = usernamesgen = '0'
cmseek.statement('Starting WordPress DeepScan')
# Check if site really is WordPress
if detection_method == 'source':
# well most of the wordpress false positives are from source detections.
cmseek.statement('Checking if the detection is false positive')
temp_domain = re.findall(
'^(?:https?:\/\/)?(?:[^@\n]+@)?(?:www\.)?([^:\/\n\?\=]+)',
url)[0]
wp_match_pattern = temp_domain + '\/wp-(content|include|admin)\/'
if not re.search(wp_match_pattern, source):
cmseek.error(
'Detection was false positive! CMSeeK is quitting!')
cmseek.success(
'Run CMSeeK with {0}{1}{2} argument next time'.format(
cmseek.fgreen, '--ignore-cms wp', cmseek.cln))
#cmseek.handle_quit()
return
# Version detection
version = wordpress_version_detect.start(id, url, ua, ga, source)
## Check for minor stuffs like licesnse readme and some open directory checks
cmseek.statement("Initiating open directory and files check")
## Readme.html
readmesrc = cmseek.getsource(url + '/readme.html', ua)
if readmesrc[
0] != '1': ## something went wrong while getting the source codes
cmseek.statement(
"Couldn't get readme file's source code most likely it's not present"
)
readmefile = '0' # Error Getting Readme file
elif 'Welcome. WordPress is a very special project to me.' in readmesrc[
1]:
readmefile = '1' # Readme file present
else:
readmefile = '2' # Readme file found but most likely it's not of wordpress
## license.txt
licsrc = cmseek.getsource(url + '/license.txt', ua)
if licsrc[0] != '1':
cmseek.statement('license file not found')
licfile = '0'
elif 'WordPress - Web publishing software' in licsrc[1]:
licfile = '1'
else:
licfile = '2'
## wp-content/uploads/ folder
wpupsrc = cmseek.getsource(url + '/wp-content/uploads/', ua)
if wpupsrc[0] != '1':
wpupdir = '0'
elif 'Index of /wp-content/uploads' in wpupsrc[1]:
wpupdir = '1'
else:
wpupdir = '2'
## xmlrpc
xmlrpcsrc = cmseek.getsource(url + '/xmlrpc.php', ua)
if xmlrpcsrc[0] != '1':
cmseek.statement('XML-RPC interface not available')
xmlrpc = '0'
elif 'XML-RPC server accepts POST requests only.' in xmlrpcsrc[1]:
xmlrpc = '1'
else:
xmlrpc = '2'
## Path disclosure
cmseek.statement('Looking for potential path disclosure')
path = path_disclosure.start(url, ua)
if path != "":
cmseek.success('Path disclosure detected, path: ' + cmseek.bold +
path + cmseek.cln)
## Check for user registration
usereg = check_reg.start(url, ua)
reg_found = usereg[0]
reg_url = usereg[1]
## Plugins Enumeration
plug_enum = wp_plugins_enum.start(source)
plugins_found = plug_enum[0]
plugins = plug_enum[1]
## Themes Enumeration
theme_enum = wp_theme_enum.start(source, url, ua)
themes_found = theme_enum[0]
themes = theme_enum[1]
## User enumeration
uenum = wp_user_enum.start(id, url, ua, ga, source)
usernamesgen = uenum[0]
usernames = uenum[1]
## Version Vulnerability Detection
if version != '0':
version_vuln = wp_vuln_scan.start(version, ua)
wpvdbres = version_vuln[0]
result = version_vuln[1]
if wpvdbres != '0' and version != '0':
vulnss = len(result['vulnerabilities'])
vfc = version_vuln[2]
### Deep Scan Results comes here
comptime = round(time.time() - cmseek.cstart, 2)
log_file = os.path.join(cmseek.log_dir, 'cms.json')
cmseek.clearscreen()
cmseek.banner("Deep Scan Results")
sresult.target(url)
sresult.cms('WordPress', version, 'https://wordpress.org')
#cmseek.result("Detected CMS: ", 'WordPress')
cmseek.update_log('cms_name', 'WordPress') # update log
#cmseek.result("CMS URL: ", "https://wordpress.org")
cmseek.update_log('cms_url', "https://wordpress.org") # update log
sresult.menu('[WordPress Deepscan]')
item_initiated = False
item_ended = False
if readmefile == '1':
sresult.init_item("Readme file found: " + cmseek.fgreen + url +
'/readme.html' + cmseek.cln)
cmseek.update_log('wp_readme_file', url + '/readme.html')
item_initiated = True
if licfile == '1':
cmseek.update_log('wp_license', url + '/license.txt')
if item_initiated == False:
sresult.init_item("License file: " + cmseek.fgreen + url +
'/license.txt' + cmseek.cln)
else:
sresult.item("License file: " + cmseek.fgreen + url +
'/license.txt' + cmseek.cln)
if wpvdbres == '1':
if item_initiated == False:
sresult.init_item('Changelog: ' + cmseek.fgreen +
str(result['changelog_url']) + cmseek.cln)
else:
sresult.item('Changelog: ' + cmseek.fgreen +
str(result['changelog_url']) + cmseek.cln)
cmseek.update_log('wp_changelog_file',
str(result['changelog_url']))
if wpupdir == '1':
cmseek.update_log('wp_uploads_directory',
url + '/wp-content/uploads')
if item_initiated == False:
sresult.init_item("Uploads directory has listing enabled: " +
cmseek.fgreen + url + '/wp-content/uploads' +
cmseek.cln)
else:
sresult.item("Uploads directory has listing enabled: " +
cmseek.fgreen + url + '/wp-content/uploads' +
cmseek.cln)
if xmlrpc == '1':
cmseek.update_log('xmlrpc', url + '/xmlrpc.php')
if item_initiated == False:
sresult.init_item("XML-RPC interface: " + cmseek.fgreen + url +
'/xmlrpc.php' + cmseek.cln)
else:
sresult.item("XML-RPC interface: " + cmseek.fgreen + url +
'/xmlrpc.php' + cmseek.cln)
if reg_found == '1':
sresult.item('User registration enabled: ' + cmseek.bold +
cmseek.fgreen + reg_url + cmseek.cln)
cmseek.update_log('user_registration', reg_url)
if path != "":
sresult.item('Path disclosure: ' + cmseek.bold + cmseek.orange +
path + cmseek.cln)
cmseek.update_log('path', path)
if plugins_found != 0:
plugs_count = len(plugins)
sresult.init_item("Plugins Enumerated: " + cmseek.bold +
cmseek.fgreen + str(plugs_count) + cmseek.cln)
wpplugs = ""
for i, plugin in enumerate(plugins):
plug = plugin.split(':')
wpplugs = wpplugs + plug[0] + ' Version ' + plug[1] + ','
if i == 0 and i != plugs_count - 1:
sresult.init_sub('Plugin: ' + cmseek.bold + cmseek.fgreen +
plug[0] + cmseek.cln)
sresult.init_subsub('Version: ' + cmseek.bold +
cmseek.fgreen + plug[1] + cmseek.cln)
sresult.end_subsub('URL: ' + cmseek.fgreen + url +
'/wp-content/plugins/' + plug[0] +
cmseek.cln)
elif i == plugs_count - 1:
sresult.empty_sub()
sresult.end_sub('Plugin: ' + cmseek.bold + cmseek.fgreen +
plug[0] + cmseek.cln)
sresult.init_subsub(
'Version: ' + cmseek.bold + cmseek.fgreen + plug[1] +
cmseek.cln, True, False)
sresult.end_subsub(
'URL: ' + cmseek.fgreen + url +
'/wp-content/plugins/' + plug[0] + cmseek.cln, True,
False)
else:
sresult.empty_sub()
sresult.sub_item('Plugin: ' + cmseek.bold + cmseek.fgreen +
plug[0] + cmseek.cln)
sresult.init_subsub('Version: ' + cmseek.bold +
cmseek.fgreen + plug[1] + cmseek.cln)
sresult.end_subsub('URL: ' + cmseek.fgreen + url +
'/wp-content/plugins/' + plug[0] +
cmseek.cln)
cmseek.update_log('wp_plugins', wpplugs)
sresult.empty_item()
if themes_found != 0:
thms_count = len(themes)
sresult.init_item("Themes Enumerated: " + cmseek.bold +
cmseek.fgreen + str(thms_count) + cmseek.cln)
wpthms = ""
for i, theme in enumerate(themes):
thm = theme.split(':')
thmz = thm[1].split('|')
wpthms = wpthms + thm[0] + ' Version ' + thmz[0] + ','
if i == 0 and i != thms_count - 1:
sresult.init_sub('Theme: ' + cmseek.bold + cmseek.fgreen +
thm[0] + cmseek.cln)
sresult.init_subsub('Version: ' + cmseek.bold +
cmseek.fgreen + thmz[0] + cmseek.cln)
if thmz[1] != '':
sresult.subsub('Theme Zip: ' + cmseek.bold +
cmseek.fgreen + url + thmz[1] +
cmseek.cln)
sresult.end_subsub('URL: ' + cmseek.fgreen + url +
'/wp-content/themes/' + thm[0] +
cmseek.cln)
elif i == thms_count - 1:
sresult.empty_sub(True)
sresult.end_sub('Theme: ' + cmseek.bold + cmseek.fgreen +
thm[0] + cmseek.cln)
sresult.init_subsub(
'Version: ' + cmseek.bold + cmseek.fgreen + thmz[0] +
cmseek.cln, True, False)
if thmz[1] != '':
sresult.subsub(
'Theme Zip: ' + cmseek.bold + cmseek.fgreen + url +
thmz[1] + cmseek.cln, True, False)
sresult.end_subsub(
'URL: ' + cmseek.fgreen + url + '/wp-content/themes/' +
thm[0] + cmseek.cln, True, False)
else:
sresult.sub_item('Theme: ' + cmseek.bold + cmseek.fgreen +
thm[0] + cmseek.cln)
sresult.init_subsub('Version: ' + cmseek.bold +
cmseek.fgreen + thmz[0] + cmseek.cln)
if thmz[1] != '':
sresult.subsub('Theme Zip: ' + cmseek.bold +
cmseek.fgreen + url + thmz[1] +
cmseek.cln)
sresult.end_subsub('URL: ' + cmseek.fgreen + url +
'/wp-content/themes/' + thm[0] +
cmseek.cln)
cmseek.update_log('wp_themes', wpthms)
sresult.empty_item()
if usernamesgen == '1':
user_count = len(usernames)
sresult.init_item("Usernames harvested: " + cmseek.bold +
cmseek.fgreen + str(user_count) + cmseek.cln)
wpunames = ""
for i, u in enumerate(usernames):
wpunames = wpunames + u + ","
if i == 0 and i != user_count - 1:
sresult.init_sub(cmseek.bold + cmseek.fgreen + u +
cmseek.cln)
elif i == user_count - 1:
sresult.end_sub(cmseek.bold + cmseek.fgreen + u +
cmseek.cln)
else:
sresult.sub_item(cmseek.bold + cmseek.fgreen + u +
cmseek.cln)
cmseek.update_log('wp_users', wpunames)
sresult.empty_item()
if version != '0':
# cmseek.result("Version: ", version)
cmseek.update_log('wp_version', version)
if wpvdbres == '1':
sresult.end_item('Version vulnerabilities: ' + cmseek.bold +
cmseek.fgreen + str(vulnss) + cmseek.cln)
cmseek.update_log('wp_vuln_count', str(vulnss))
if vulnss > 0:
for i, vuln in enumerate(result['vulnerabilities']):
if i == 0 and i != vulnss - 1:
sresult.empty_sub(False)
sresult.init_sub(
cmseek.bold + cmseek.fgreen +
str(vuln['title']) + cmseek.cln, False)
sresult.init_subsub(
"Type: " + cmseek.bold + cmseek.fgreen +
str(vuln['vuln_type']) + cmseek.cln, False,
True)
sresult.subsub(
"Link: " + cmseek.bold + cmseek.fgreen +
"http://wpvulndb.com/vulnerabilities/" +
str(vuln['id']) + cmseek.cln, False, True)
strvuln = str(vuln)
if 'cve' in strvuln:
for ref in vuln['references']['cve']:
sresult.subsub(
"CVE: " + cmseek.fgreen +
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+ str(ref) + cmseek.cln, False, True)
if 'exploitdb' in strvuln:
for ref in vuln['references']['exploitdb']:
sresult.subsub(
"ExploitDB Link: " + cmseek.fgreen +
"http://www.exploit-db.com/exploits/" +
str(ref) + cmseek.cln, False, True)
if 'metasploit' in strvuln:
for ref in vuln['references']['metasploit']:
sresult.subsub(
"Metasploit Module: " + cmseek.fgreen +
"http://www.metasploit.com/modules/" +
str(ref) + cmseek.cln, False, True)
if 'osvdb' in strvuln:
for ref in vuln['references']['osvdb']:
sresult.subsub(
"OSVDB Link: " + cmseek.fgreen +
"http://osvdb.org/" + str(ref) +
cmseek.cln, False, True)
if 'secunia' in strvuln:
for ref in vuln['references']['secunia']:
sresult.subsub(
"Secunia Advisory: " + cmseek.fgreen +
"http://secunia.com/advisories/" +
str(ref) + cmseek.cln, False, True)
if 'url' in strvuln:
for ref in vuln['references']['url']:
sresult.subsub(
"Reference: " + cmseek.fgreen +
str(ref) + cmseek.cln, False, True)
sresult.end_subsub(
"Fixed In Version: " + cmseek.bold +
cmseek.fgreen + str(vuln['fixed_in']) +
cmseek.cln, False, True)
elif i == vulnss - 1:
sresult.empty_sub(False)
sresult.end_sub(
cmseek.bold + cmseek.fgreen +
str(vuln['title']) + cmseek.cln, False)
sresult.init_subsub(
"Type: " + cmseek.bold + cmseek.fgreen +
str(vuln['vuln_type']) + cmseek.cln, False,
False)
sresult.subsub(
"Link: " + cmseek.bold + cmseek.fgreen +
"http://wpvulndb.com/vulnerabilities/" +
str(vuln['id']) + cmseek.cln, False, False)
strvuln = str(vuln)
if 'cve' in strvuln:
for ref in vuln['references']['cve']:
sresult.subsub(
"CVE: " + cmseek.fgreen +
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+ str(ref) + cmseek.cln, False, False)
if 'exploitdb' in strvuln:
for ref in vuln['references']['exploitdb']:
sresult.subsub(
"ExploitDB Link: " + cmseek.fgreen +
"http://www.exploit-db.com/exploits/" +
str(ref) + cmseek.cln, False, False)
if 'metasploit' in strvuln:
for ref in vuln['references']['metasploit']:
sresult.subsub(
"Metasploit Module: " + cmseek.fgreen +
"http://www.metasploit.com/modules/" +
str(ref) + cmseek.cln, False, False)
if 'osvdb' in strvuln:
for ref in vuln['references']['osvdb']:
sresult.subsub(
"OSVDB Link: " + cmseek.fgreen +
"http://osvdb.org/" + str(ref) +
cmseek.cln, False, False)
if 'secunia' in strvuln:
for ref in vuln['references']['secunia']:
sresult.subsub(
"Secunia Advisory: " + cmseek.fgreen +
"http://secunia.com/advisories/" +
str(ref) + cmseek.cln, False, False)
if 'url' in strvuln:
for ref in vuln['references']['url']:
sresult.subsub(
"Reference: " + cmseek.fgreen +
str(ref) + cmseek.cln, False, False)
sresult.end_subsub(
"Fixed In Version: " + cmseek.bold +
cmseek.fgreen + str(vuln['fixed_in']) +
cmseek.cln, False, False)
else:
sresult.empty_sub(False)
sresult.sub_item(
cmseek.bold + cmseek.fgreen +
str(vuln['title']) + cmseek.cln, False)
sresult.init_subsub(
"Type: " + cmseek.bold + cmseek.fgreen +
str(vuln['vuln_type']) + cmseek.cln, False,
True)
sresult.subsub(
"Link: " + cmseek.bold + cmseek.fgreen +
"http://wpvulndb.com/vulnerabilities/" +
str(vuln['id']) + cmseek.cln, False, True)
strvuln = str(vuln)
if 'cve' in strvuln:
for ref in vuln['references']['cve']:
sresult.subsub(
"CVE: " + cmseek.fgreen +
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+ str(ref) + cmseek.cln, False, True)
if 'exploitdb' in strvuln:
for ref in vuln['references']['exploitdb']:
sresult.subsub(
"ExploitDB Link: " + cmseek.fgreen +
"http://www.exploit-db.com/exploits/" +
str(ref) + cmseek.cln, False, True)
if 'metasploit' in strvuln:
for ref in vuln['references']['metasploit']:
sresult.subsub(
"Metasploit Module: " + cmseek.fgreen +
"http://www.metasploit.com/modules/" +
str(ref) + cmseek.cln, False, True)
if 'osvdb' in strvuln:
for ref in vuln['references']['osvdb']:
sresult.subsub(
"OSVDB Link: " + cmseek.fgreen +
"http://osvdb.org/" + str(ref) +
cmseek.cln, False, True)
if 'secunia' in strvuln:
for ref in vuln['references']['secunia']:
sresult.subsub(
"Secunia Advisory: " + cmseek.fgreen +
"http://secunia.com/advisories/" +
str(ref) + cmseek.cln, False, True)
if 'url' in strvuln:
for ref in vuln['references']['url']:
sresult.subsub(
"Reference: " + cmseek.fgreen +
str(ref) + cmseek.cln, False, True)
sresult.end_subsub(
"Fixed In Version: " + cmseek.bold +
cmseek.fgreen + str(vuln['fixed_in']) +
cmseek.cln, False, True)
sresult.end(str(cmseek.total_requests), str(comptime), log_file)
return
return
def start(
id, url, ua, ga, source
): ## ({ID of the cms}, {url of target}, {User Agent}, {is Generator Meta tag available [0/1]}, {Source code})
## Do shits later [update from later: i forgot what shit i had to do ;___;]
if id == "wp":
# referenced before assignment fix
version = wpvdbres = result = plugins_found = usernames = usernamesgen = '0'
cmseek.statement('Starting WordPress DeepScan')
# Version detection
version = wordpress_version_detect.start(id, url, ua, ga, source)
## Check for minor stuffs like licesnse readme and some open directory checks
cmseek.statement("Initiating open directory and files check")
## Readme.html
readmesrc = cmseek.getsource(url + '/readme.html', ua)
if readmesrc[
0] != '1': ## something went wrong while getting the source codes
cmseek.statement(
"Couldn't get readme file's source code most likely it's not present"
)
readmefile = '0' # Error Getting Readme file
elif 'Welcome. WordPress is a very special project to me.' in readmesrc[
1]:
readmefile = '1' # Readme file present
else:
readmefile = '2' # Readme file found but most likely it's not of wordpress
## license.txt
licsrc = cmseek.getsource(url + '/license.txt', ua)
if licsrc[0] != '1':
cmseek.statement('license file not found')
licfile = '0'
elif 'WordPress - Web publishing software' in licsrc[1]:
licfile = '1'
else:
licfile = '2'
## wp-content/uploads/ folder
wpupsrc = cmseek.getsource(url + '/wp-content/uploads/', ua)
if wpupsrc[0] != '1':
wpupdir = '0'
elif 'Index of /wp-content/uploads' in wpupsrc[1]:
wpupdir = '1'
else:
wpupdir = '2'
## xmlrpc
xmlrpcsrc = cmseek.getsource(url + '/xmlrpc.php', ua)
if xmlrpcsrc[0] != '1':
cmseek.statement('XML-RPC interface not available')
xmlrpc = '0'
elif 'XML-RPC server accepts POST requests only.' in xmlrpcsrc[1]:
xmlrpc = '1'
else:
xmlrpc = '2'
## Plugins Enumeration
plug_enum = wp_plugins_enum.start(source)
plugins_found = plug_enum[0]
plugins = plug_enum[1]
## Themes Enumeration
theme_enum = wp_theme_enum.start(source)
themes_found = theme_enum[0]
themes = theme_enum[1]
## User enumeration
uenum = wp_user_enum.start(id, url, ua, ga, source)
usernamesgen = uenum[0]
usernames = uenum[1]
## Version Vulnerability Detection
version_vuln = wp_vuln_scan.start(version, ua)
wpvdbres = version_vuln[0]
result = version_vuln[1]
vfc = version_vuln[2]
### Deep Scan Results comes here
cmseek.clearscreen()
cmseek.banner("Deep Scan Results")
cmseek.result("Detected CMS: ", 'WordPress')
cmseek.update_log('cms_name', 'WordPress') # update log
cmseek.result("CMS URL: ", "https://wordpress.org")
cmseek.update_log('cms_url', "https://wordpress.org") # update log
if version != '0':
cmseek.result("Version: ", version)
cmseek.update_log('wp_version', version)
if wpvdbres == '1':
cmseek.result("Changelog URL: ", str(result['changelog_url']))
cmseek.update_log('wp_changelog_file',
str(result['changelog_url']))
if readmefile == '1':
cmseek.result("Readme file found: ", url + '/readme.html')
cmseek.update_log('wp_readme_file', url + '/readme.html')
if licfile == '1':
cmseek.result("License file found: ", url + '/license.txt')
if wpupdir == '1':
cmseek.result("Uploads directory has listing enabled: ",
url + '/wp-content/uploads')
cmseek.update_log('wp_uploads_directory',
url + '/wp-content/uploads')
if xmlrpc == '1':
cmseek.result("XML-RPC interface available: ", url + '/xmlrpc.php')
cmseek.update_log('wp_uploads_directory', url + '/xmlrpc.php')
if plugins_found != 0:
print('\n')
cmseek.result("Plugins Enumerated: ", '')
print(" |")
wpplugs = ""
for plugin in plugins:
plug = plugin.split(':')
wpplugs = wpplugs + plug[0] + ' Version ' + plug[1] + ','
cmseek.success(cmseek.bold + plug[0] + ' Version ' + plug[1] +
cmseek.cln)
cmseek.update_log('wp_plugins', wpplugs)
if themes_found != 0:
print('\n')
cmseek.result("themes Enumerated: ", '')
print(" |")
wpthms = ""
for theme in themes:
thm = theme.split(':')
wpthms = wpthms + thm[0] + ' Version ' + thm[1] + ','
cmseek.success(cmseek.bold + thm[0] + ' Version ' + thm[1] +
cmseek.cln)
cmseek.result('Theme URL: ',
url + '/wp-content/themes/' + thm[0] + '/')
cmseek.update_log('wp_plugins', wpthms)
if usernamesgen == '1':
print('\n')
cmseek.result("Usernames Harvested: ", '')
print(" |")
wpunames = ""
for u in usernames:
wpunames = wpunames + u + ","
cmseek.success(cmseek.bold + u + cmseek.cln)
print('\n')
cmseek.update_log('wp_users', wpunames)
if wpvdbres == '1':
cmseek.result("Vulnerability Count: ",
str(len(result['vulnerabilities'])))
cmseek.update_log('wp_vuln_count',
str(len(result['vulnerabilities'])))
cmseek.update_log('wpvulndb_url',
"https://wpvulndb.com/api/v2/wordpresses/" + vfc)
if len(result['vulnerabilities']) > 0:
cmseek.success("Displaying all the vulnerabilities")
for vuln in result['vulnerabilities']:
print("\n")
cmseek.result("Title: ", str(vuln['title']))
cmseek.result("Type: ", str(vuln['vuln_type']))
cmseek.result("Fixed In Version: ", str(vuln['fixed_in']))
cmseek.result(
"Link: ", "http://wpvulndb.com/vulnerabilities/" +
str(vuln['id']))
strvuln = str(vuln)
if 'cve' in strvuln:
for ref in vuln['references']['cve']:
cmseek.result(
"CVE: ",
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+ str(ref))
if 'exploitdb' in strvuln:
for ref in vuln['references']['exploitdb']:
cmseek.result(
"ExploitDB Link: ",
"http://www.exploit-db.com/exploits/" +
str(ref))
if 'metasploit' in strvuln:
for ref in vuln['references']['metasploit']:
cmseek.result(
"Metasploit Module: ",
"http://www.metasploit.com/modules/" +
str(ref))
if 'osvdb' in strvuln:
for ref in vuln['references']['osvdb']:
cmseek.result("OSVDB Link: ",
"http://osvdb.org/" + str(ref))
if 'secunia' in strvuln:
for ref in vuln['references']['secunia']:
cmseek.result(
"Secunia Advisory: ",
"http://secunia.com/advisories/" + str(ref))
if 'url' in strvuln:
for ref in vuln['references']['url']:
cmseek.result("Reference: ", str(ref))
else:
cmseek.warning(
'No vulnerabilities discovered in this version yet!')
return
else:
cmseek.error("Could not look up version vulnerabilities")
return
return
def start(id, url, ua, ga, source, ga_content):
if id == "wp":
# trust me more will be added soon
import VersionDetect.wp as wpverdetect
wpver = wpverdetect.start(id, url, ua, ga, source)
return wpver
elif id == 'joom':
import VersionDetect.joom as joomverdetect
joomver = joomverdetect.start(id, url, ua, ga, source)
return joomver
elif id == 'dru':
import VersionDetect.dru as druverdetect
druver = druverdetect.start(id, url, ua, ga, source)
return druver
elif id == 'xe':
import VersionDetect.xe as xeverdetect
xever = xeverdetect.start(ga_content)
return xever
elif id == 'wgui':
import VersionDetect.wgui as wguiverdetect
wguiver = wguiverdetect.start(ga_content)
return wguiver
elif id == 'umi':
import VersionDetect.umi as umiverdetect
umiver = umiverdetect.start(url, ua)
return umiver
elif id == 'tidw':
import VersionDetect.tidw as tidwverdetect
tidwver = tidwverdetect.start(source)
return tidwver
elif id == 'sulu':
import VersionDetect.sulu as suluverdetect
suluver = suluverdetect.start(url, ua)
return suluver
elif id == 'subcms':
import VersionDetect.subcms as subcmsverdetect
subcmsver = subcmsverdetect.start(ga_content)
return subcmsver
elif id == 'snews':
import VersionDetect.snews as snewsverdetect
snewsver = snewsverdetect.start(ga_content, source)
return snewsver
elif id == 'spity':
import VersionDetect.spity as spityverdetect
spityver = spityverdetect.start(ga_content)
return spityver
elif id == 'slcms':
import VersionDetect.slcms as slcmsverdetect
slcmsver = slcmsverdetect.start(source)
return slcmsver
elif id == 'rock':
import VersionDetect.rock as rockverdetect
rockver = rockverdetect.start(ga_content)
return rockver
elif id == 'roadz':
import VersionDetect.roadz as roadzverdetect
roadzver = roadzverdetect.start(ga_content)
return roadzver
elif id == 'rite':
import VersionDetect.rite as riteverdetect
ritever = riteverdetect.start(ga_content)
return ritever
elif id == 'quick':
import VersionDetect.quick as quickverdetect
quickver = quickverdetect.start(ga_content)
return quickver
elif id == 'pwind':
import VersionDetect.pwind as pwindverdetect
pwindver = pwindverdetect.start(ga_content)
return pwindver
elif id == 'ophal':
import VersionDetect.ophal as ophalverdetect
ophalver = ophalverdetect.start(ga_content, url, ua)
return ophalver
elif id == 'sfy':
import VersionDetect.sfy as sfyverdetect
sfyver = sfyverdetect.start(ga_content)
return sfyver
elif id == 'otwsm':
import VersionDetect.otwsm as otwsmverdetect
otwsmver = otwsmverdetect.start(source)
return otwsmver
elif id == 'ocms':
import VersionDetect.ocms as ocmsverdetect
ocmsver = ocmsverdetect.start(url, ua)
return ocmsver
elif id == 'share':
import VersionDetect.share as shareverdetect
sharever = shareverdetect.start(url, ua)
return sharever
elif id == 'mura':
import VersionDetect.mura as muraverdetect
muraver = muraverdetect.start(ga_content)
return muraver
elif id == 'kbcms':
import VersionDetect.kbcms as kbcmsverdetect
kbcmsver = kbcmsverdetect.start(url, ua)
return kbcmsver
elif id == 'koken':
import VersionDetect.koken as kokenverdetect
kokenver = kokenverdetect.start(ga_content)
return kokenver
elif id == 'impage':
import VersionDetect.impage as impageverdetect
impagever = impageverdetect.start(ga_content)
return impagever
elif id == 'flex':
import VersionDetect.flex as flexverdetect
flexver = flexverdetect.start(source, url, ua)
return flexver
elif id == 'dncms':
import VersionDetect.dncms as dncmsverdetect
dncmsver = dncmsverdetect.start(url, ua)
return dncmsver
elif id == 'cntsis':
import VersionDetect.cntsis as cntsisverdetect
cntsisver = cntsisverdetect.start(ga_content)
return cntsisver
elif id == 'cnido':
import VersionDetect.cnido as cnidoverdetect
cnidover = cnidoverdetect.start(ga_content)
return cnidover
elif id == 'con5':
import VersionDetect.con5 as con5verdetect
con5ver = con5verdetect.start(ga_content)
return con5ver
elif id == 'csim':
import VersionDetect.csim as csimverdetect
csimver = csimverdetect.start(ga_content)
return csimver
elif id == 'brcms':
import VersionDetect.brcms as brcmsverdetect
brcmsver = brcmsverdetect.start(ga_content)
return brcmsver
elif id == 'bboard':
import VersionDetect.bboard as bboardverdetect
bboardver = bboardverdetect.start(source)
return bboardver
elif id == 'dscrs':
import VersionDetect.dscrs as dscrsverdetect
dscrsver = dscrsverdetect.start(ga_content)
return dscrsver
elif id == 'discuz':
import VersionDetect.discuz as discuzverdetect
discuzver = discuzverdetect.start(ga_content)
return discuzver
elif id == 'minibb':
import VersionDetect.minibb as minibbverdetect
minibbver = minibbverdetect.start(source)
return minibbver
elif id == 'mybb':
import VersionDetect.mybb as mybbverdetect
mybbver = mybbverdetect.start(source)
return mybbver
elif id == 'nodebb':
import VersionDetect.nodebb as nodebbverdetect
nodebbver = nodebbverdetect.start(source)
return nodebbver
elif id == 'punbb':
import VersionDetect.punbb as punbbverdetect
punbbver = punbbverdetect.start(source)
return punbbver
elif id == 'smf':
import VersionDetect.smf as smfverdetect
smfver = smfverdetect.start(source)
return smfver
elif id == 'vanilla':
import VersionDetect.vanilla as vanillaverdetect
vanillaver = vanillaverdetect.start(url, ua)
return vanillaver
elif id == 'uknva':
import VersionDetect.uknva as uknvaverdetect
uknvaver = uknvaverdetect.start(ga_content)
return uknvaver
elif id == 'xmb':
import VersionDetect.xmb as xmbverdetect
xmbver = xmbverdetect.start(source)
return xmbver
elif id == 'yabb':
import VersionDetect.yabb as yabbverdetect
yabbver = yabbverdetect.start(source)
return yabbver
elif id == 'aef':
import VersionDetect.aef as aefverdetect
aefver = aefverdetect.start(source)
return aefver
elif id == 'bhf':
import VersionDetect.bhf as bhfverdetect
bhfver = bhfverdetect.start(ga_content)
return bhfver
elif id == 'fudf':
import VersionDetect.fudf as fudfverdetect
fudfver = fudfverdetect.start(source)
return fudfver
elif id == 'yaf':
import VersionDetect.yaf as yafverdetect
yafver = yafverdetect.start(source)
return yafver
elif id == 'ubbt':
import VersionDetect.ubbt as ubbtverdetect
ubbtver = ubbtverdetect.start(source, ga_content)
return ubbtver
elif id == 'myupb':
import VersionDetect.myupb as myupbverdetect
myupbver = myupbverdetect.start(source)
return myupbver
elif id == 'mvnf':
import VersionDetect.mvnf as mvnfverdetect
mvnfver = mvnfverdetect.start(source)
return mvnfver
elif id == 'mcb':
import VersionDetect.mcb as mcbverdetect
mcbver = mcbverdetect.start(source)
return mcbver
elif id == 'aspf':
import VersionDetect.aspf as aspfverdetect
aspfver = aspfverdetect.start(source)
return aspfver
elif id == 'jf':
import VersionDetect.jf as jfverdetect
jfver = jfverdetect.start(source)
return jfver
elif id == 'mg':
import VersionDetect.mg as mgverdetect
mgver = mgverdetect.start(url, ua)
return mgver
elif id == 'coms':
import VersionDetect.coms as comsverdetect
comsver = comsverdetect.start(url, ua)
return comsver
elif id == 'abda':
import VersionDetect.abda as abdaverdetect
abdaver = abdaverdetect.start(source)
return abdaver
elif id == 'dweb':
import VersionDetect.dweb as dwebverdetect
dwebver = dwebverdetect.start(ga_content)
return dwebver
def start(id, url, ua, ga, source, ga_content):
if id == "wp":
# trust me more will be added soon
import VersionDetect.wp as wpverdetect
wpver = wpverdetect.start(id, url, ua, ga, source)
return wpver
elif id == 'joom':
import VersionDetect.joom as joomverdetect
joomver = joomverdetect.start(id, url, ua, ga, source)
return joomver
elif id == 'dru':
import VersionDetect.dru as druverdetect
druver = druverdetect.start(id, url, ua, ga, source)
return druver
elif id == 'xe':
import VersionDetect.xe as xeverdetect
xever = xeverdetect.start(ga_content)
return xever
elif id == 'wgui':
import VersionDetect.wgui as wguiverdetect
wguiver = wguiverdetect.start(ga_content)
return wguiver
elif id == 'umi':
import VersionDetect.umi as umiverdetect
umiver = umiverdetect.start(url, ua)
return umiver
elif id == 'tidw':
import VersionDetect.tidw as tidwverdetect
tidwver = tidwverdetect.start(source)
return tidwver
elif id == 'sulu':
import VersionDetect.sulu as suluverdetect
suluver = suluverdetect.start(url, ua)
return suluver
elif id == 'subcms':
import VersionDetect.subcms as subcmsverdetect
subcmsver = subcmsverdetect.start(ga_content)
return subcmsver
elif id == 'snews':
import VersionDetect.snews as snewsverdetect
snewsver = snewsverdetect.start(ga_content, source)
return snewsver
elif id == 'spity':
import VersionDetect.spity as spityverdetect
spityver = spityverdetect.start(ga_content)
return spityver
elif id == 'slcms':
import VersionDetect.slcms as slcmsverdetect
slcmsver = slcmsverdetect.start(source)
return slcmsver
elif id == 'rock':
import VersionDetect.rock as rockverdetect
rockver = rockverdetect.start(ga_content)
return rockver
elif id == 'roadz':
import VersionDetect.roadz as roadzverdetect
roadzver = roadzverdetect.start(ga_content)
return roadzver
elif id == 'rite':
import VersionDetect.rite as riteverdetect
ritever = riteverdetect.start(ga_content)
return ritever
elif id == 'quick':
import VersionDetect.quick as quickverdetect
quickver = quickverdetect.start(ga_content)
return quickver
elif id == 'pwind':
import VersionDetect.pwind as pwindverdetect
pwindver = pwindverdetect.start(ga_content)
return pwindver
elif id == 'ophal':
import VersionDetect.ophal as ophalverdetect
ophalver = ophalverdetect.start(ga_content, url, ua)
return ophalver
elif id == 'sfy':
import VersionDetect.sfy as sfyverdetect
sfyver = sfyverdetect.start(ga_content)
return sfyver
elif id == 'otwsm':
import VersionDetect.otwsm as otwsmverdetect
otwsmver = otwsmverdetect.start(source)
return otwsmver
elif id == 'ocms':
import VersionDetect.ocms as ocmsverdetect
ocmsver = ocmsverdetect.start(url, ua)
return ocmsver
elif id == 'share':
import VersionDetect.share as shareverdetect
sharever = shareverdetect.start(url, ua)
return sharever
elif id == 'mura':
import VersionDetect.mura as muraverdetect
muraver = muraverdetect.start(ga_content)
return muraver
elif id == 'kbcms':
import VersionDetect.kbcms as kbcmsverdetect
kbcmsver = kbcmsverdetect.start(url, ua)
return kbcmsver
elif id == 'koken':
import VersionDetect.koken as kokenverdetect
kokenver = kokenverdetect.start(ga_content)
return kokenver
elif id == 'impage':
import VersionDetect.impage as impageverdetect
impagever = impageverdetect.start(ga_content)
return impagever
elif id == 'flex':
import VersionDetect.flex as flexverdetect
flexver = flexverdetect.start(source, url, ua)
return flexver
elif id == 'dncms':
import VersionDetect.dncms as dncmsverdetect
dncmsver = dncmsverdetect.start(url, ua)
return dncmsver
elif id == 'cntsis':
import VersionDetect.cntsis as cntsisverdetect
cntsisver = cntsisverdetect.start(ga_content)
return cntsisver
elif id == 'cnido':
import VersionDetect.cnido as cnidoverdetect
cnidover = cnidoverdetect.start(ga_content)
return cnidover
elif id == 'con5':
import VersionDetect.con5 as con5verdetect
con5ver = con5verdetect.start(ga_content)
return con5ver
elif id == 'csim':
import VersionDetect.csim as csimverdetect
csimver = csimverdetect.start(ga_content)
return csimver
elif id == 'brcms':
import VersionDetect.brcms as brcmsverdetect
brcmsver = brcmsverdetect.start(ga_content)
return brcmsver
def start(id, url, ua, ga, source, ga_content):
if id == "wp":
# trust me more will be added soon
import VersionDetect.wp as wpverdetect
wpver = wpverdetect.start(id, url, ua, ga, source)
return wpver
elif id == 'joom':
import VersionDetect.joom as joomverdetect
joomver = joomverdetect.start(id, url, ua, ga, source)
return joomver
elif id == 'dru':
import VersionDetect.dru as druverdetect
druver = druverdetect.start(id, url, ua, ga, source)
return druver
elif id == 'xe':
import VersionDetect.xe as xeverdetect
xever = xeverdetect.start(ga_content)
return xever
elif id == 'wgui':
import VersionDetect.wgui as wguiverdetect
wguiver = wguiverdetect.start(ga_content)
return wguiver
elif id == 'umi':
import VersionDetect.umi as umiverdetect
umiver = umiverdetect.start(url, ua)
return umiver
elif id == 'tidw':
import VersionDetect.tidw as tidwverdetect
tidwver = tidwverdetect.start(source)
return tidwver
elif id == 'sulu':
import VersionDetect.sulu as suluverdetect
suluver = suluverdetect.start(url, ua)
return suluver
elif id == 'subcms':
import VersionDetect.subcms as subcmsverdetect
subcmsver = subcmsverdetect.start(ga_content)
return subcmsver
elif id == 'snews':
import VersionDetect.snews as snewsverdetect
snewsver = snewsverdetect.start(ga_content, source)
return snewsver
elif id == 'spity':
import VersionDetect.spity as spityverdetect
spityver = spityverdetect.start(ga_content)
return spityver
elif id == 'slcms':
import VersionDetect.slcms as slcmsverdetect
slcmsver = slcmsverdetect.start(source)
return slcmsver
elif id == 'rock':
import VersionDetect.rock as rockverdetect
rockver = rockverdetect.start(ga_content)
return rockver
elif id == 'roadz':
import VersionDetect.roadz as roadzverdetect
roadzver = roadzverdetect.start(ga_content)
return roadzver
elif id == 'rite':
import VersionDetect.rite as riteverdetect
ritever = riteverdetect.start(ga_content)
return ritever
elif id == 'quick':
import VersionDetect.quick as quickverdetect
quickver = quickverdetect.start(ga_content)
return quickver
elif id == 'pwind':
import VersionDetect.pwind as pwindverdetect
pwindver = pwindverdetect.start(ga_content)
return pwindver
elif id == 'ophal':
import VersionDetect.ophal as ophalverdetect
ophalver = ophalverdetect.start(ga_content, url, ua)
return ophalver
elif id == 'sfy':
import VersionDetect.sfy as sfyverdetect
sfyver = sfyverdetect.start(ga_content)
return sfyver
elif id == 'otwsm':
import VersionDetect.otwsm as otwsmverdetect
otwsmver = otwsmverdetect.start(source)
return otwsmver
elif id == 'ocms':
import VersionDetect.ocms as ocmsverdetect
ocmsver = ocmsverdetect.start(url, ua)
return ocmsver
elif id == 'share':
import VersionDetect.share as shareverdetect
sharever = shareverdetect.start(url, ua)
return sharever
elif id == 'mura':
import VersionDetect.mura as muraverdetect
muraver = muraverdetect.start(ga_content)
return muraver
def start(id, url, ua, ga, source):
if id == "wp":
# trust me more will be added soon
import VersionDetect.wp as wpverdetect
wpver = wpverdetect.start(id, url, ua, ga, source):
return wpver
