コード例 #1
0
class wplisting:

    chk = wphttp.UCheck()
    out = wpprint.wpprint()

    def __init__(self, agent, proxy, redir, time, url, cookie):
        self.url = url
        self.cookie = cookie
        self.req = wphttp.wphttp(agent=agent,
                                 proxy=proxy,
                                 redir=redir,
                                 time=time)

    def run(self):
        paths = [
            '/wp-admin', '/wp-includes', '/wp-content/uploads',
            '/wp-content/plugins', '/wp-content/themes'
        ]
        try:
            for path in paths:
                url = wplisting.chk.path(self.url, path)
                resp = self.req.send(url, c=self.cookie)
                if resp.status_code == 200 and resp._content != None:
                    if resp.url == url:
                        wplisting.out.plus(
                            'Dir {} listing enabled under: {}'.format(
                                path, resp.url))
        except Exception, e:
            pass
コード例 #2
0
class wplogin:

    chk = wphttp.UCheck()
    out = wpprint.wpprint()

    def __init__(self, agent, proxy, redir, time, url, cookie):
        self.url = url
        self.cookie = cookie
        self.req = wphttp.wphttp(agent=agent,
                                 proxy=proxy,
                                 redir=redir,
                                 time=time)

    def run(self):
        try:
            url = wplogin.chk.path(self.url, '/wp-login.php')
            resp = self.req.send(url, c=self.cookie)
            if resp.status_code == 200:
                if resp.url == url:
                    wplogin.out.plus(
                        'wp-login not detect protection under: {}'.format(
                            resp.url))
            elif resp.status_code == 404:
                if resp.url == url:
                    wplogin.out.plus(
                        'wp-login detect protection under: {}'.format(
                            resp.url))
        except Exception, e:
            pass
コード例 #3
0
ファイル: wpconfig.py プロジェクト: Kass6360/darksploit
class wpconfig:

    chk = wphttp.UCheck()
    out = wpprint.wpprint()

    def __init__(self, agent, proxy, redir, time, url, cookie):
        self.url = url
        self.cookie = cookie
        self.req = wphttp.wphttp(agent=agent,
                                 proxy=proxy,
                                 redir=redir,
                                 time=time)

    def run(self):
        try:
            url = wpconfig.chk.path(self.url, '/wp-config.php')
            resp = self.req.send(url, c=self.cookie)
            if resp.status_code == 200 and resp._content != None:
                if resp.url == url:
                    if re.search(r'\S+define(\S+,*)', resp._content):
                        wpconfig.out.plus(
                            'wp-config available under: {}'.format(resp.url))
            self.wpbk()
        except Exception, e:
            pass
コード例 #4
0
ファイル: wpfile.py プロジェクト: Kass6360/darksploit
class wpfile:

    chk = wphttp.UCheck()
    out = wpprint.wpprint()

    def __init__(self, agent, proxy, redir, time, url, cookie):
        self.url = url
        self.cookie = cookie
        self.req = wphttp.wphttp(agent=agent,
                                 proxy=proxy,
                                 redir=redir,
                                 time=time)

    def run(self):
        db = open('db/common_file.txt', 'rb')
        dbfiles = [file.split('\n') for file in db]
        try:
            for file in dbfiles:
                url = wpfile.chk.path(self.url, file[0])
                resp = self.req.send(url, c=self.cookie)
                if resp.status_code == 200 and resp._content != None:
                    if resp.url == url:
                        wpfile.out.plus('Found {} file under: {}'.format(
                            file[0], resp.url))
        except Exception, e:
            pass
コード例 #5
0
ファイル: wprobots.py プロジェクト: terncgod/WPSeku
class wprobots:

    chk = wphttp.UCheck()
    out = wpprint.wpprint()

    def __init__(self, agent, proxy, redir, time, url, cookie, result):
        self.url = url
        self.result = result
        self.cookie = cookie
        self.req = wphttp.wphttp(agent=agent,
                                 proxy=proxy,
                                 redir=redir,
                                 time=time)

    def run(self):
        try:
            url = wprobots.chk.path(self.url, '/robots.txt')
            resp = self.req.send(url, c=self.cookie)
            if resp.status_code == 200 and resp._content != None:
                if resp.url == url:
                    self.result.robots = resp.url
                    wprobots.out.plus('Robots available under: {}'.format(
                        resp.url))
                    print "-------------------------\r\n{}\n-------------------------".format(
                        resp._content)
        except Exception, e:
            pass
コード例 #6
0
ファイル: wpversion.py プロジェクト: Kass6360/darksploit
class wpversion:
	
	chk = wphttp.UCheck() 
	out = wpprint.wpprint()
	
	def __init__(self,agent,proxy,redir,time,url,cookie):
		self.url = url
		self.agent = agent
		self.cookie = cookie
		self.req = wphttp.wphttp(
			agent=agent,proxy=proxy,
			redir=redir,time=time
			)
	def run(self):
		try:
			url = wpversion.chk.path(self.url,'/wp-links-opml.php')
			resp = self.req.send(url,c=self.cookie)
			if resp.status_code == 200 and resp._content != None:
				vers = re.findall(r'\S+WordPress/(\d+.\d+[.\d+]*)',resp._content)
				if vers:
					wpversion.out.plus('Running WordPress version: {}'.format(vers[0]))
					self.dbwpscan(vers[0])
		except Exception,e:
			try:
				url = wpversion.chk.path(self.url,'/feed')
				resp = self.req.send(url,c=self.cookie)
				if resp.status_code == 200 and resp._content != None:
					vers = re.findall(r'\S+?v=(\d+.\d+[.\d+]*)',resp._content)
					if vers:
						wpversion.out.plus('Running WordPress version: {}'.format(vers[0]))
						self.dbwpscan(vers[0])
			except Exception,e:
				try:
					url = wpversion.chk.path(self.url,'/feed/atom')
					resp = self.req.send(url,c=self.cookie)
					if resp.status_code == 200 and resp._content != None:
						vers = re.findall(r'<generator uri="http://wordpress.org/" version="(\d+\.\d+[\.\d+]*)"',resp._content)
						if vers:
							wpversion.out.plus('Running WordPress version: {}'.format(vers[0]))
							self.dbwpscan(vers[0])
				except Exception,e:
					try:
						url = wpversion.chk.path(self.url,'readme.html')
						resp = self.req.send(url,c=self.cookie)
						if resp.status_code == 200 and resp._content != None:
							vers = re.findall(r'.*wordpress-logo.png" /></a>\n.*<br />.* (\d+\.\d+[\.\d+]*)\n</h1>',resp._content)
							if vers:
								wpversion.out.plus('Running WordPress version: {}'.format(vers[0]))
								self.dbwpscan(vers[0])
					except Exception,e:
						try:
							url = wpversion.chk.path(self.url,'')
							resp = self.req.send(url,c=self.cookie)
							if resp.status_code == 200 and resp._content != None:
								vers = re.findall(r'<meta name="generator" content="WordPress (\d+\.\d+[\.\d+]*)"',resp._content)
								if vers:
									wpversion.out.plus('Running WordPress version: {}'.format(vers[0]))
									self.dbwpscan(vers[0])
						except Exception,e:
							pass
コード例 #7
0
class wpplugin:

	chk = wphttp.UCheck()
	out = wpprint.wpprint()

	def __init__(self,agent,proxy,redir,time,url,cookie,result):
		self.url = url
		self.result = result
		self.cookie = cookie
		self.agent = agent
		self.req = wphttp.wphttp(
			agent=agent,proxy=proxy,
			redir=redir,time=time
			)

	def run(self):
		wpplugin.out.test('Passive enumerate plugins..')
		try:
			url = wpplugin.chk.path(self.url,'')
			resp = self.req.send(url,c=self.cookie)
			plugins = re.findall(r'/wp-content/plugins/(.+?)/',resp.content)
			plugin = []
			self.result.plugins = []

			for pl in plugins:
				if pl not in plugin:
					plugin.append(pl)

			if plugin != []:
				if len(plugin) == 1:
					wpplugin.out.plus('Name: {}'.format(plugin[0]))
					obj = type('', (), {})()
					obj.name = plugin[0]
					self.changelog(plugin[0], obj)
					self.fullpathdisc(plugin[0])
					self.license(plugin[0])
					self.listing(plugin[0])
					self.readme(plugin[0], obj)
					self.dbwpscan(plugin[0], obj)
					self.result.plugins.append(vars(obj))

				elif len(plugin) > 1:
					for pl in plugin:
						wpplugin.out.plus('Name: {}'.format(pl))
						obj = type('', (), {})()
						obj.name = pl
						self.changelog(pl, obj)
						self.fullpathdisc(pl)
						self.license(pl)
						self.listing(pl)
						self.readme(pl, obj)
						self.dbwpscan(pl, obj)
						self.result.plugins.append(vars(obj))

			else:
				wpplugin.out.warning('Not found plugins..')
		except Exception,e:
			pass
コード例 #8
0
class wptheme:

    chk = wphttp.UCheck()
    out = wpprint.wpprint()

    def __init__(self, agent, proxy, redir, time, url, cookie):
        self.url = url
        self.cookie = cookie
        self.agent = agent
        self.req = wphttp.wphttp(agent=agent,
                                 proxy=proxy,
                                 redir=redir,
                                 time=time)

    def run(self):
        wptheme.out.test('Passive enumerate themes..')
        try:
            url = wptheme.chk.path(self.url, '')
            resp = self.req.send(url, c=self.cookie)
            theme = re.findall(r'/wp-content/themes/(.+?)/', resp.content)
            themes = []
            for th in theme:
                if th not in themes:
                    themes.append(th)
            if themes != []:
                if len(themes) == 1:
                    wptheme.out.plus('Name: {}'.format(themes[0]))
                    self.info(themes[0])
                    self.style(themes[0])
                    self.changelog(themes[0])
                    self.fullpathdisc(themes[0])
                    self.license(themes[0])
                    self.listing(themes[0])
                    self.readme(themes[0])
                    self.dbwpscan(themes[0])

                elif len(themes) > 1:
                    for theme in themes:
                        wptheme.out.plus('Name: {}'.format(theme))
                        self.info(theme)
                        self.style(theme)
                        self.changelog(theme)
                        self.fullpathdisc(theme)
                        self.license(theme)
                        self.listing(theme)
                        self.readme(theme)
                        self.dbwpscan(theme)

            elif themes == None:
                wptheme.out.warning('Not found themes..')
        except Exception, e:
            print e
コード例 #9
0
ファイル: wpusers.py プロジェクト: terncgod/WPSeku
class wpusers:
    chk = wphttp.UCheck()
    out = wpprint.wpprint()

    def __init__(self, agent, proxy, redir, time, url, cookie, result):
        self.url = url
        self.result = result
        self.cookie = cookie
        self.req = wphttp.wphttp(agent=agent,
                                 proxy=proxy,
                                 redir=redir,
                                 time=time)

    def run(self):
        wpusers.out.test('Enumerate users..')
        users = []
        df_users = []
        self.result.users = []

        # From the version 4.7 the REST API is enabled by default
        if self.result.version and (StrictVersion(self.result.version) >=
                                    StrictVersion("4.7")):
            try:
                url = wpusers.chk.path(
                    self.url, "/?rest_route=/wp/v2/users&per_page=100")
                resp = self.req.send(url, c=self.cookie)
                if resp.status_code == 200:
                    authors = resp.json()
                    for author in authors:
                        df_users.append(author['slug'])
            except Exception, e:
                pass

        # Use the normal enumeration method
        for x in range(1, 15):
            path = "/?author={}".format(str(x))
            try:
                url = wpusers.chk.path(self.url, path)
                resp = self.req.send(url, c=self.cookie)
                if resp.status_code == 200:
                    author = re.findall(r'/author/(.+?)/', resp.content)
                    if len(author) == 1:
                        if author[0] not in df_users:
                            df_users.append(author[0])
                    elif len(author) > 1:
                        for i in author:
                            if i[0] not in df_users:
                                df_users.append(author[0])
            except Exception, e:
                pass
コード例 #10
0
ファイル: wpusers.py プロジェクト: Kass6360/darksploit
class wpusers:

    chk = wphttp.UCheck()
    out = wpprint.wpprint()

    def __init__(self, agent, proxy, redir, time, url, cookie):
        self.url = url
        self.cookie = cookie
        self.req = wphttp.wphttp(agent=agent,
                                 proxy=proxy,
                                 redir=redir,
                                 time=time)

    def run(self):
        wpusers.out.test('Enumerate users..')
        users = []
        df_users = []
        for x in range(0, 15):
            path = "/?author={}".format(str(x))
            try:
                url = wpusers.chk.path(self.url, path)
                resp = self.req.send(url, c=self.cookie)
                if resp.status_code == 200:
                    author = re.findall(r'/author/(.+?)/', resp.content)
                    if len(author) == 1:
                        if author[0] not in df_users:
                            df_users.append(author[0])
                    elif len(author) > 1:
                        for i in author:
                            if i[0] not in df_users:
                                df_users.append(author[0])
            except Exception, e:
                pass
        for i in df_users:
            if i not in users:
                users.append(i)
        if users != []:
            for user in xrange(len(users)):
                if '%20' in users[user][0]:
                    wpusers.out.more(' ID: {}  -  Login: {}'.format(
                        user, users[user].replace('%20', ' ')))
                else:
                    wpusers.out.more(' ID: {}  -  Login: {}'.format(
                        user, users[user]))
        elif users == None:
            wpusers.out.warning('Not found users :(')
コード例 #11
0
ファイル: wpxmlrpc.py プロジェクト: Kass6360/darksploit
class wpxmlrpc:

    chk = wphttp.UCheck()
    out = wpprint.wpprint()

    def __init__(self, agent, proxy, redir, time, url, cookie, wlist, user):
        self.url = url
        self.cookie = cookie
        self.wlist = wlist
        self.user = user
        self.req = wphttp.wphttp(agent=agent,
                                 proxy=proxy,
                                 redir=redir,
                                 time=time)

    def run(self):
        try:
            wpxmlrpc.out.plus('Bruteforcing login via xmlrpc..')
            try:
                db = open(self.wlist, 'rb')
            except Exception, e:
                wpxmlrpc.out.warning(e)
            dbfiles = [file.split('\n') for file in db]
            for passwd in dbfiles:
                payload = """<methodCall><methodName>wp.getUsersBlogs</methodName><params>
				<param><value><string>""" + self.user + """</string></value></param>
				<param><value><string>""" + str(
                    passwd[0]) + """</string></value></param></params>
				</methodCall>"""
                url = wpxmlrpc.chk.path(self.url, '/xmlrpc.php')
                resp = self.req.send(url, m="POST", p=payload, c=self.cookie)
                if re.search('<name>isAdmin</name><value><boolean>0</boolean>',
                             resp._content):
                    wpxmlrpc.out.plus(
                        'Valid credentials: \"{}\" - \"{}\"'.format(
                            self.user, passwd[0]))
                elif re.search(
                        '<name>isAdmin</name><value><boolean>1</boolean>',
                        resp.content):
                    wpxmlrpc.out.plus(
                        'Valid admin credentials: \"{}\" - \"{}\"'.format(
                            self.user, passwd[0]))
            wpxmlrpc.out.passs()
        except Exception, e:
            pass
コード例 #12
0
class wpfpd:
	
	chk = wphttp.UCheck() 
	out = wpprint.wpprint()
	
	def __init__(self,agent,proxy,redir,time,url,cookie):
		self.url = url
		self.cookie = cookie
		self.req = wphttp.wphttp(
			agent=agent,proxy=proxy,
			redir=redir,time=time
			)
	def run(self):
		try:
			url = wpfpd.chk.path(self.url,'/wp-includes/rss-functions.php')
			resp = self.req.send(url,c=self.cookie)
			if resp.status_code == 200 and resp._content != None:
				if re.search(r'Fatal error',resp._content):
						wpfpd.out.plus('Full Path Disclosure: {}'.format(resp.url))
		except Exception,e:
			pass
コード例 #13
0
ファイル: fingerprint.py プロジェクト: Kass6360/darksploit
class fingerprint:

    chk = wphttp.UCheck()
    out = wpprint.wpprint()

    def __init__(self, agent, proxy, redir, time, url, cookie):
        self.url = url
        self.cookie = cookie
        self.req = wphttp.wphttp(agent=agent,
                                 proxy=proxy,
                                 redir=redir,
                                 time=time)

    def run(self):
        try:
            resp = self.req.send(self.url, c=self.cookie)
            server.wpserver().run(resp.headers)
            waf.wpwaf().run(resp._content)
            headers.wpheaders().run(resp.headers)
            wpprint.wpprint().passs()
        except Exception, e:
            pass
コード例 #14
0
class wpxmlrpc:

    chk = wphttp.UCheck()
    out = wpprint.wpprint()

    def __init__(self, agent, proxy, redir, time, url, cookie):
        self.url = url
        self.cookie = cookie
        self.req = wphttp.wphttp(agent=agent,
                                 proxy=proxy,
                                 redir=redir,
                                 time=time)

    def run(self):
        try:
            url = wpxmlrpc.chk.path(self.url, '/xmlrpc.php')
            resp = self.req.send(url, c=self.cookie)
            if resp.status_code == 405 and resp._content != None:
                if resp.url == url:
                    wpxmlrpc.out.plus(
                        'XML-RPC Interface available under: {}'.format(
                            resp.url))
        except Exception, e:
            pass