def start(version, ua):
if version == "0":
cmseek.warning(
"Skipping version vulnerability scan as WordPress Version wasn't detected"
)
wpvdbres = '0' # fix for issue #3
result = ""
vfc = ""
else: ## So we have a version let's scan for vulnerabilities
cmseek.info(
"Checking version vulnerabilities [props to wpvulndb for their awesome api ;)]"
)
vfc = version.replace(
'.', ''
) # NOT IMPORTANT: vfc = version for check well we have to kill all the .s in the version for looking it up on wpvulndb.. kinda weird if you ask me
ws = cmseek.getsource("https://wpvulndb.com/api/v2/wordpresses/" + vfc,
ua)
print(ws[0])
if ws[0] == "1":
# wjson = json.loads(ws[1]) + vfd + "['release_date']"
wpvdbres = '1' ## We have the wpvulndb results
result = json.loads(ws[1])[version]
else:
wpvdbres = '0'
result = ""
cmseek.error('Error Retriving data from wpvulndb')
return [wpvdbres, result, vfc]
def start(version):
if version != '0':
vuln_file = os.getcwd() + '/deepscans/joom/database/corevul.txt' # shoutouts to joomscan
if os.path.isfile(vuln_file):
vuln_detection = '1' # version detection successful and vuln db loaded as well
vuln_count = 0
joom_vulns = []
f = open(vuln_file, 'r')
vuln_db = f.read()
vulns = vuln_db.split('\n')
for vuln in vulns:
if version in vuln:
cmseek.warning('Joomla core vulnerability detected')
vuln_count += 1
vul = vuln.split('|')
# print(vul[1])
joom_vulns.append(vul[1])
return [vuln_detection, vuln_count, joom_vulns]
else:
vuln_detection = '3' # version was detected but vulnerability database not found
vuln_count = 0
joom_vulns = []
return [vuln_detection, vuln_count, joom_vulns]
else:
vuln_detection = '2' # detection failed due to no version info
vuln_count = 0
joom_vulns = []
return [vuln_detection, vuln_count, joom_vulns]
def start(id, url, ua, ga, source):
version = '0'
cmseek.statement('Detecting Version and vulnerabilities')
if ga == '1' or ga == '2' or ga == '3': ## something good was going to happen but my sleep messed it up TODO: will fix it later
cmseek.statement('Generator Tag Available... Trying version detection using generator meta tag')
rr = re.findall(r'<meta name=\"generator\" content=\"WordPress (.*?)\"', source)
if rr != []:
version = rr[0]
cmseek.success(cmseek.bold + cmseek.fgreen + "Version Detected, WordPress Version %s" % version + cmseek.cln)
else:
cmseek.warning("Generator tag was a big failure.. looking up /feed/")
fs = cmseek.getsource(url + '/feed/', ua)
if fs[0] != '1': # Something messed up real bad
cmseek.warning("Couldn't get feed source code, Error: %s" % fs[1])
else:
fv = re.findall(r'<generator>https://wordpress.org/\?v=(.*?)</generator>', fs[1])
if fv != []: # Not empty good news xD
version = fv[0]
cmseek.success(cmseek.bold + cmseek.fgreen + "Version Detected, WordPress Version %s" % version + cmseek.cln)
else:
cmseek.warning("Well even feed was a failure... let's lookup wp-links-opml then")
opmls = cmseek.getsource(url + '/wp-links-opml.php', ua)
if opmls[0] != '1': # Something messed up real bad
cmseek.warning("Couldn't get wp-links-links source code, Error: %s" % opmls[1])
else:
fv = re.findall(r'generator=\"wordpress/(.*?)\"', opmls[1])
if fv != []: # Not empty good news xD || you can guess it's copied right?
version = fv[0]
cmseek.success(cmseek.bold + cmseek.fgreen + "Version Detected, WordPress Version %s" % version + cmseek.cln)
else:
## new version detection methods will be added in the future updates
cmseek.error("Couldn't Detect Version") #sorry master thingy removed... sounded kinda cheesy -_-
version = '0'
return version
def start(source):
version = '0'
if 'major:' in source and 'minor:' in source and 'revision:' in source:
major = re.findall(r'major: (.*?),', source)
minor = re.findall(r'minor: (.*?),', source)
rev = re.findall(r'revision: (.*?),', source)
if major != [] and minor != [] and rev != []:
version = major[0] + '.' + minor[0] + '.' + rev[0]
cmseek.success('TiddlyWiki version ' + cmseek.bold +
cmseek.fgreen + version + cmseek.cln + ' detected!')
else:
cmseek.warning('Version detection failed!')
else:
cmseek.warning('Version detection failed!')
return version
def start(id, url, ua, ga, source):
cmseek.info("Starting Username Harvest")
# User enumertion via site's json api
cmseek.info('Harvesting usernames from wp-json api')
wpjsonuser = []
wpjsonsrc = cmseek.getsource(url + '/wp-json/wp/v2/users', ua)
if wpjsonsrc[0] != "1" or 'slug' not in wpjsonsrc[1]:
cmseek.warning("Json api method failed trying with next")
else:
try:
for user in json.loads(wpjsonsrc[1]):
wpjsonuser.append(user['slug'])
cmseek.success("Found user from wp-json : " + cmseek.fgreen + cmseek.bold + user['slug'] + cmseek.cln)
except:
cmseek.warning("Failed to parse json")
# user enumertion vua jetpack api
cmseek.info('Harvesting usernames from jetpack public api')
jpapiuser = []
strippedurl = url.replace('http://','')
strippedurl = strippedurl.replace('https://', '') # Pretty sure it is an ugly solution but oh well
jpapisrc = cmseek.getsource('https://public-api.wordpress.com/rest/v1.1/sites/' + strippedurl + '/posts?number=100&pretty=true&fields=author', ua)
if jpapisrc[0] != '1' or 'login' not in jpapisrc[1]:
cmseek.warning('No results from jetpack api... maybe the site doesn\'t use jetpack')
else:
for user in json.loads(jpapisrc[1])['posts']:
if user['author']['login'] not in str(jpapiuser):
jpapiuser.append(user['author']['login'])
cmseek.success("Found user from Jetpack api : " + cmseek.fgreen + cmseek.bold + user['author']['login'] + cmseek.cln)
jpapiuser = list(set(usr.strip() for usr in jpapiuser)) # Removing duplicate usernames
# the regular way of checking vua user Parameter -- For now just check upto 20 ids
cmseek.info('Harvesting usernames from wordpress author Parameter')
global wpparamuser
wpparamuser = []
usrrange = range(31) # ain't it Obvious
threads = [threading.Thread(target=wpauthorenum, args=(ua,url,r)) for r in usrrange]
for thread in threads:
thread.start()
for thread in threads:
thread.join()
# Combine all the usernames that we collected
usernames = set(wpjsonuser+jpapiuser+wpparamuser)
if len(usernames) > 0:
usernamesgen = '1' # Some usernames were harvested
if len(usernames) == 1:
cmseek.success(cmseek.bold + cmseek.fgreen + str(len(usernames)) + " Usernames" + " was enumerated" + cmseek.cln)
else:
cmseek.success(cmseek.bold + cmseek.fgreen + str(len(usernames)) + " Usernames" + " were enumerated" + cmseek.cln)
else:
usernamesgen = '0' # Failure
cmseek.warning("Couldn't enumerate usernames :( ")
return [usernamesgen, usernames]
cmseek.error('Invalid path! CMSeeK is quitting')
cmseek.bye()
if sites_list != []:
if cua == None:
cua = cmseek.randomua()
for s in sites_list:
target = cmseek.process_url(s)
if target != '0':
core.main_proc(target, cua)
cmseek.handle_quit(False)
input('\n\n\tPress ' + cmseek.bold + cmseek.fgreen +
'[ENTER]' + cmseek.cln +
' to continue') # maybe a fix? idk
else:
print('\n')
cmseek.warning('Invalid URL: ' + cmseek.bold + s + cmseek.cln +
' Skipping to next')
print('\n')
cmseek.result(
'Finished Scanning all targets.. result has been saved under respective target directories',
'')
else:
cmseek.error("No url provided... CMSeeK is exiting")
cmseek.bye()
################################
### THE MAIN MENU ###
################################
cmseek.clearscreen()
cmseek.banner("")
print(" Input Description")
print("======= ==============================")
def start(id, url, ua, ga, source):
# init variables
vuln_detection = '0'
vuln_count = 0
joom_vulns = []
# Version Detection
version = version_detect.start(id, url, ua, ga, source)
# Detecting joomla core vulnerabilities
jcv = core_vuln.start(version)
vuln_detection = jcv[0]
vuln_count = jcv[1]
joom_vulns = jcv[2]
# README.txt
readmesrc = cmseek.getsource(url + '/README.txt', ua)
if readmesrc[
0] != '1': ## something went wrong while getting the source codes
cmseek.statement(
"Couldn't get readme file's source code most likely it's not present"
)
readmefile = '0'
elif 'This is a Joomla!' in readmesrc[1]:
cmseek.info('README.txt file found')
readmefile = '1' # Readme file present
else:
readmefile = '2' # Readme file found but most likely it's not of joomla
# Debug Mode
cmseek.info('Checking debug mode status')
debug_mode = check_debug.start(source)
# Check user registration status
cmseek.statement('Checking if user registration is enabled')
registration = user_registration.start(url, ua)
# Find admin url
cmseek.info('Locating admin url')
admin = admin_finder.start(url, ua)
# Backups check
cmseek.info('Checking for common Backups')
backups = backup_finder.start(url, ua)
# Check Potential configuration file leak
cmseek.info('Looking for potential config leak')
configs = config_check.start(url, ua)
# Checking for directory listing
cmseek.statement('Checking for directory listing')
directories = dir_list.start(url, ua)
### THE RESULTS START FROM HERE
cmseek.clearscreen()
cmseek.banner("Deep Scan Results")
cmseek.result('Target: ', url)
cmseek.result("Detected CMS: ", 'Joomla')
cmseek.update_log('cms_name', 'joomla') # update log
cmseek.result("CMS URL: ", "https://joomla.org")
cmseek.update_log('cms_url', "https://joomla.org") # update log
if version != '0':
cmseek.result("Joomla Version: ", version)
cmseek.update_log('joomla_version', version)
if registration[0] == '1':
cmseek.result('User registration enabled: ', registration[1])
cmseek.update_log('user_registration_url', registration[1])
if debug_mode == '1':
cmseek.result('Debug mode enabled', '')
cmseek.update_log('joomla_debug_mode', 'enabled')
else:
cmseek.update_log('joomla_debug_mode', 'disabled')
if readmefile == '1':
cmseek.result('Readme file: ', url + '/README.txt')
cmseek.update_log('joomla_readme_file', url + '/README.txt')
if admin[0] > 0:
cmseek.result('Admin URL: ', url + admin[1][0])
admin_log = ''
for adm in admin[1]:
admin_log += url + '/' + adm + ','
# print(cmseek.bold + cmseek.fgreen + " [B] " + cmseek.cln + url + '/' + adm)
cmseek.update_log('joomla_backup_files', admin_log)
print('\n')
if directories[0] > 0:
cmseek.result('Open directories: ', str(directories[0]))
cmseek.success('Open directory url: ')
dirs = ''
for dir in directories[1]:
dirs += url + '/' + dir + ','
print(cmseek.bold + cmseek.fgreen + " [>] " + cmseek.cln + url +
dir)
cmseek.update_log('directory_listing', dirs)
print('\n')
if backups[0] > 0:
cmseek.result('Found potential backup file: ', str(backups[0]))
cmseek.success('Backup URLs: ')
bkup_log = ''
for backup in backups[1]:
bkup_log += url + '/' + backup + ','
print(cmseek.bold + cmseek.fgreen + " [B] " + cmseek.cln + url +
'/' + backup)
cmseek.update_log('joomla_backup_files', bkup_log)
print('\n')
if configs[0] > 0:
cmseek.result('Found potential Config file: ', str(configs[0]))
cmseek.success('Config URLs: ')
conf_log = ''
for config in configs[1]:
conf_log += url + '/' + config + ','
print(cmseek.bold + cmseek.fgreen + " [c] " + cmseek.cln + url +
'/' + config)
cmseek.update_log('joomla_config_files', conf_log)
print('\n')
if vuln_detection == '1' and vuln_count > 0:
cmseek.result('Total joomla core vulnerabilities: ', str(vuln_count))
cmseek.info('Vulnerabilities found: \n')
for vuln in joom_vulns:
vuln = vuln.replace('\\n', cmseek.cln + '\n ')
print(cmseek.bold + cmseek.red + '[v] ' + vuln)
print('\n')
elif vuln_detection == '2':
cmseek.warning(
'Couldn\'t find core vulnerabilities, No VERSION detected')
elif vuln_detection == '3':
cmseek.error('Core vulnerability database not found!')
else:
cmseek.warning('No core vulnerabilities detected!')
def start(
id, url, ua, ga, source
): ## ({ID of the cms}, {url of target}, {User Agent}, {is Generator Meta tag available [0/1]}, {Source code})
## Do shits later [update from later: i forgot what shit i had to do ;___;]
if id == "wp":
# referenced before assignment fix
version = wpvdbres = result = plugins_found = usernames = usernamesgen = '0'
cmseek.statement('Starting WordPress DeepScan')
# Version detection
version = wordpress_version_detect.start(id, url, ua, ga, source)
## Check for minor stuffs like licesnse readme and some open directory checks
cmseek.statement("Initiating open directory and files check")
## Readme.html
readmesrc = cmseek.getsource(url + '/readme.html', ua)
if readmesrc[
0] != '1': ## something went wrong while getting the source codes
cmseek.statement(
"Couldn't get readme file's source code most likely it's not present"
)
readmefile = '0' # Error Getting Readme file
elif 'Welcome. WordPress is a very special project to me.' in readmesrc[
1]:
readmefile = '1' # Readme file present
else:
readmefile = '2' # Readme file found but most likely it's not of wordpress
## license.txt
licsrc = cmseek.getsource(url + '/license.txt', ua)
if licsrc[0] != '1':
cmseek.statement('license file not found')
licfile = '0'
elif 'WordPress - Web publishing software' in licsrc[1]:
licfile = '1'
else:
licfile = '2'
## wp-content/uploads/ folder
wpupsrc = cmseek.getsource(url + '/wp-content/uploads/', ua)
if wpupsrc[0] != '1':
wpupdir = '0'
elif 'Index of /wp-content/uploads' in wpupsrc[1]:
wpupdir = '1'
else:
wpupdir = '2'
## xmlrpc
xmlrpcsrc = cmseek.getsource(url + '/xmlrpc.php', ua)
if xmlrpcsrc[0] != '1':
cmseek.statement('XML-RPC interface not available')
xmlrpc = '0'
elif 'XML-RPC server accepts POST requests only.' in xmlrpcsrc[1]:
xmlrpc = '1'
else:
xmlrpc = '2'
## Plugins Enumeration
plug_enum = wp_plugins_enum.start(source)
plugins_found = plug_enum[0]
plugins = plug_enum[1]
## Themes Enumeration
theme_enum = wp_theme_enum.start(source)
themes_found = theme_enum[0]
themes = theme_enum[1]
## User enumeration
uenum = wp_user_enum.start(id, url, ua, ga, source)
usernamesgen = uenum[0]
usernames = uenum[1]
## Version Vulnerability Detection
version_vuln = wp_vuln_scan.start(version, ua)
wpvdbres = version_vuln[0]
result = version_vuln[1]
vfc = version_vuln[2]
### Deep Scan Results comes here
cmseek.clearscreen()
cmseek.banner("Deep Scan Results")
cmseek.result("Detected CMS: ", 'WordPress')
cmseek.update_log('cms_name', 'WordPress') # update log
cmseek.result("CMS URL: ", "https://wordpress.org")
cmseek.update_log('cms_url', "https://wordpress.org") # update log
if version != '0':
cmseek.result("Version: ", version)
cmseek.update_log('wp_version', version)
if wpvdbres == '1':
cmseek.result("Changelog URL: ", str(result['changelog_url']))
cmseek.update_log('wp_changelog_file',
str(result['changelog_url']))
if readmefile == '1':
cmseek.result("Readme file found: ", url + '/readme.html')
cmseek.update_log('wp_readme_file', url + '/readme.html')
if licfile == '1':
cmseek.result("License file found: ", url + '/license.txt')
if wpupdir == '1':
cmseek.result("Uploads directory has listing enabled: ",
url + '/wp-content/uploads')
cmseek.update_log('wp_uploads_directory',
url + '/wp-content/uploads')
if xmlrpc == '1':
cmseek.result("XML-RPC interface available: ", url + '/xmlrpc.php')
cmseek.update_log('wp_uploads_directory', url + '/xmlrpc.php')
if plugins_found != 0:
print('\n')
cmseek.result("Plugins Enumerated: ", '')
print(" |")
wpplugs = ""
for plugin in plugins:
plug = plugin.split(':')
wpplugs = wpplugs + plug[0] + ' Version ' + plug[1] + ','
cmseek.success(cmseek.bold + plug[0] + ' Version ' + plug[1] +
cmseek.cln)
cmseek.update_log('wp_plugins', wpplugs)
if themes_found != 0:
print('\n')
cmseek.result("themes Enumerated: ", '')
print(" |")
wpthms = ""
for theme in themes:
thm = theme.split(':')
wpthms = wpthms + thm[0] + ' Version ' + thm[1] + ','
cmseek.success(cmseek.bold + thm[0] + ' Version ' + thm[1] +
cmseek.cln)
cmseek.result('Theme URL: ',
url + '/wp-content/themes/' + thm[0] + '/')
cmseek.update_log('wp_plugins', wpthms)
if usernamesgen == '1':
print('\n')
cmseek.result("Usernames Harvested: ", '')
print(" |")
wpunames = ""
for u in usernames:
wpunames = wpunames + u + ","
cmseek.success(cmseek.bold + u + cmseek.cln)
print('\n')
cmseek.update_log('wp_users', wpunames)
if wpvdbres == '1':
cmseek.result("Vulnerability Count: ",
str(len(result['vulnerabilities'])))
cmseek.update_log('wp_vuln_count',
str(len(result['vulnerabilities'])))
cmseek.update_log('wpvulndb_url',
"https://wpvulndb.com/api/v2/wordpresses/" + vfc)
if len(result['vulnerabilities']) > 0:
cmseek.success("Displaying all the vulnerabilities")
for vuln in result['vulnerabilities']:
print("\n")
cmseek.result("Title: ", str(vuln['title']))
cmseek.result("Type: ", str(vuln['vuln_type']))
cmseek.result("Fixed In Version: ", str(vuln['fixed_in']))
cmseek.result(
"Link: ", "http://wpvulndb.com/vulnerabilities/" +
str(vuln['id']))
strvuln = str(vuln)
if 'cve' in strvuln:
for ref in vuln['references']['cve']:
cmseek.result(
"CVE: ",
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+ str(ref))
if 'exploitdb' in strvuln:
for ref in vuln['references']['exploitdb']:
cmseek.result(
"ExploitDB Link: ",
"http://www.exploit-db.com/exploits/" +
str(ref))
if 'metasploit' in strvuln:
for ref in vuln['references']['metasploit']:
cmseek.result(
"Metasploit Module: ",
"http://www.metasploit.com/modules/" +
str(ref))
if 'osvdb' in strvuln:
for ref in vuln['references']['osvdb']:
cmseek.result("OSVDB Link: ",
"http://osvdb.org/" + str(ref))
if 'secunia' in strvuln:
for ref in vuln['references']['secunia']:
cmseek.result(
"Secunia Advisory: ",
"http://secunia.com/advisories/" + str(ref))
if 'url' in strvuln:
for ref in vuln['references']['url']:
cmseek.result("Reference: ", str(ref))
else:
cmseek.warning(
'No vulnerabilities discovered in this version yet!')
return
else:
cmseek.error("Could not look up version vulnerabilities")
return
return
cmseek.update()
if args.batch:
#print('Batch true')
cmseek.batch_mode = True
print(cmseek.batch_mode)
if args.version:
print('\n\n')
cmseek.info("CMSeeK Version: " + cmseek.cmseek_version)
cmseek.bye()
if args.ignore_cms:
cmseek.ignore_cms = args.ignore_cms.split(',')
for acms in cmseek.ignore_cms:
cmseek.warning('Ignoring CMS: ' + acms)
if args.strict_cms:
cmseek.strict_cms = args.strict_cms.split(',')
cmseek.warning('Checking target against CMSes: ' + args.strict_cms)
if args.user_agent is not None:
cua = args.user_agent
elif args.random_agent is not None:
cua = cmseek.randomua('random')
else:
cua = None
if args.googlebot:
cua = 'Googlebot/2.1 (+http://www.google.com/bot.html)'
def main_proc(site,cua):
cmseek.clearscreen()
cmseek.banner("CMS Detection And Deep Scan")
cmseek.info("Scanning Site: " + site)
cmseek.statement("User Agent: " + cua)
cmseek.statement("Collecting Headers and Page Source for Analysis")
init_source = cmseek.getsource(site, cua)
if init_source[0] != '1':
cmseek.error("Aborting CMSeek! Couldn't connect to site \n Error: %s" % init_source[1])
return
else:
scode = init_source[1]
headers = init_source[2]
if site != init_source[3] and site + '/' != init_source[3]:
cmseek.info('Target redirected to: ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln)
follow_redir = input('[#] Set ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln + ' as target? (y/n): ')
if follow_redir.lower() == 'y':
site = init_source[3]
cmseek.statement("Detection Started")
cmseek.statement("Using headers to detect CMS (Stage 1 of 2)")
c1 = header.check(headers)
if c1[0] == "1":
# Do this shit later
cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c1[1])
cmseek.update_log('detection_param','header') # update log
cmseek.update_log('cms_id',c1[1]) # update log
cka = getattr(cmsdb, c1[1])
if cka['deeps'] != '1': # Deep Scan
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
else:
cmseek.statement("CMS Version is detectable, detecting CMS Version")
### Detect version
cms_version = version_detect.start(c1[1], site, cua, '1', scode)
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
if cms_version != '0':
cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
cmseek.update_log('cms_version',cms_version) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
# return
else:
advanced.start(c1[1], site, cua, '2', scode) ## The 2 suggests that generator check has not been performed
else:
cmseek.warning('No luck with headers... Continuing with source code')
cmseek.statement("Checking for generator meta tag in source code")
if 'Generator' in scode or 'generator' in scode:
cmseek.success("Generator meta tag found.. Continuing with detection (2.1 of 2.2)")
ga = "1" ## Generator tag found .. this will come in handy later to save us some milliseconds ;)
c21 = source.generator(scode)
if c21[0] == '1':
cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c21[1])
cmseek.update_log('detection_param','generator') # update log
cmseek.update_log('cms_id',c21[1]) # update log
cka = getattr(cmsdb, c21[1])
if cka['deeps'] != '1': # Deep Scan not available
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
else:
cmseek.statement("CMS Version is detectable, detecting CMS Version")
### Detect version
cms_version = version_detect.start(c21[1], site, cua, '1', scode)
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
if cms_version != '0':
cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
cmseek.update_log('cms_version',cms_version) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
# return
else:
advanced.start(c21[1], site, cua, '1', scode)
elif c21[0] == '2': # Empty Source code
cmseek.error("Source code was empty... exiting CMSeek")
# return
else: ## CMS Detection unsuccessful via generator meta tag
cmseek.warning('Could not detect CMS from the generator meta tag, (Procceeding with scan 2.2 of 2.2)')
c22 = source.check(scode, site)
if c22[0] == '1':
cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c22[1])
cmseek.update_log('detection_param','source') # update log
cmseek.update_log('cms_id',c22[1]) # update log
cka = getattr(cmsdb, c22[1])
if cka['deeps'] != '1': # Deep Scan not available
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
else:
cmseek.statement("CMS Version is detectable, detecting CMS Version")
cms_version = version_detect.start(c22[1], site, cua, '1', scode)
### Detect version
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
if cms_version != '0':
cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
cmseek.update_log('cms_version',cms_version) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
return
else:
advanced.start(c22[1], site, cua, '1', scode)
elif c22[0] == '2': # Empty Source code
cmseek.error("Source code was empty... exiting CMSeek")
return
else:
cmseek.error("Couldn't detect cms... :( \n Sorry master didn't mean to dissapoint but bye for now \n Can't handle this much disappintment \n\n")
return
else:
cmseek.warning("Generator meta tag not found! (Procceeding with scan 2.2 of 2.2)")
ga = '0' ## Generator meta tag not found as i freakin said earlier this will come in handy later
c22 = source.check(scode, site)
if c22[0] == '1':
cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c22[1])
cmseek.update_log('detection_param','source') # update log
cmseek.update_log('cms_id',c22[1]) # update log
cka = getattr(cmsdb, c22[1])
if cka['deeps'] != '1': # Deep Scan not available
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
else:
cmseek.statement("CMS Version is detectable, detecting CMS Version")
cms_version = version_detect.start(c22[1], site, cua, '0', scode)
### Detect version
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
if cms_version != '0':
cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
cmseek.update_log('cms_version',cms_version) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
return
else:
advanced.start(c22[1], site, cua, '0', scode)
elif c22[0] == '2': # Empty Source code
cmseek.error("Source code was empty... exiting CMSeek")
return
else:
cmseek.error("Couldn't detect cms... :( \n Sorry master didn't mean to dissapoint but bye for now \n Can't handle this much disappintment \n\n")
return
def deep(
id, url, ua, ga, source
): ## ({ID of the cms}, {url of target}, {User Agent}, {is Generator Meta tag available [0/1]}, {Source code})
## Do shits later [update from later: i forgot what shit i had to do ;___;]
if id == "wp":
cmseek.statement('Starting WordPress DeepScan')
# Version detection
cmseek.statement('Detecting Version and vulnerabilities')
if ga == '1' or ga == '2' or ga == '3': ## something good was going to happen but my sleep messed it up TODO: will fix it later
cmseek.statement(
'Generator Tag Available... Trying version detection using generator meta tag'
)
rr = re.findall(
r'<meta name=\"generator\" content=\"WordPress (.*?)\"',
source)
if rr != []:
version = rr[0]
cmseek.success("Version Detected, WordPress Version %s" %
version)
else:
cmseek.warning(
"Generator tag was a big failure.. looking up /feed/")
fs = cmseek.getsource(url + '/feed/', ua)
if fs[0] != '1': # Something messed up real bad
cmseek.warning("Couldn't get feed source code, Error: %s" %
fs[1])
else:
fv = re.findall(
r'<generator>https://wordpress.org/\?v=(.*?)</generator>',
fs[1])
if fv != []: # Not empty good news xD
version = fv[0]
cmseek.success(
"Version Detected, WordPress Version %s" % version)
else:
cmseek.warning(
"Well even feed was a failure... let's lookup wp-links-opml then"
)
opmls = cmseek.getsource(url + '/wp-links-opml.php',
ua)
if opmls[0] != '1': # Something messed up real bad
cmseek.warning(
"Couldn't get wp-links-links source code, Error: %s"
% opmls[1])
else:
fv = re.findall(r'generator=\"wordpress/(.*?)\"',
opmls[1])
if fv != []: # Not empty good news xD || you can guess it's copied right?
version = fv[0]
cmseek.success(
"Version Detected, WordPress Version %s" %
version)
else:
## new version detection methods will be added in the future updates
cmseek.error(
"Couldn't Detect Version :( Sorry Master")
version = '0'
## Check for minor stuffs like licesnse readme and some open directory checks
cmseek.statement("Initiationg open directory and files check")
## Readme.html
readmesrc = cmseek.getsource(url + '/readme.html', ua)
if readmesrc[
0] != '1': ## something went wrong while getting the source codes
cmseek.warning(
"Couldn't get readme file's source code most likely it's not present"
)
readmefile = '0' # Error Getting Readme file
elif 'Welcome. WordPress is a very special project to me.' in readmesrc[
1]:
readmefile = '1' # Readme file present
else:
readmefile = '2' # Readme file found but most likely it's not of wordpress
## license.txt
licsrc = cmseek.getsource(url + '/license.txt', ua)
if licsrc[0] != '1':
cmseek.warning('license file not found')
licfile = '0'
elif 'WordPress - Web publishing software' in licsrc[1]:
licfile = '1'
else:
licfile = '2'
## wp-content/uploads/ folder
wpupsrc = cmseek.getsource(url + '/wp-content/uploads/', ua)
if wpupsrc[0] != '1':
wpupdir = '0'
elif 'Index of /wp-content/uploads' in wpupsrc[1]:
wpupdir = '1'
else:
wpupdir = '2'
## xmlrpc
xmlrpcsrc = cmseek.getsource(url + '/xmlrpc.php', ua)
if xmlrpcsrc[0] != '1':
cmseek.warning('XML-RPC interface not available')
xmlrpc = '0'
elif 'XML-RPC server accepts POST requests only.' in xmlrpcsrc[1]:
xmlrpc = '1'
else:
xmlrpc = '2'
## User enumeration
cmseek.info("Starting Username Harvest")
# User enumertion via site's json api
cmseek.info('Harvesting usernames from wp-json api')
wpjsonuser = []
wpjsonsrc = cmseek.getsource(url + '/wp-json/wp/v2/users', ua)
if wpjsonsrc[0] != "1" or 'slug' not in wpjsonsrc[1]:
cmseek.warning("Json api method failed trying with next")
else:
for user in json.loads(wpjsonsrc[1]):
wpjsonuser.append(user['slug'])
cmseek.success("Found User: %s" % user['slug'])
# user enumertion vua jetpack api
cmseek.info('Harvesting usernames from jetpack public api')
jpapiuser = []
strippedurl = url.replace('http://', '')
strippedurl = strippedurl.replace(
'https://',
'') # Pretty sure it is an ugly solution but oh well
jpapisrc = cmseek.getsource(
'https://public-api.wordpress.com/rest/v1.1/sites/' +
strippedurl + '/posts?number=100&pretty=true&fields=author',
ua)
if jpapisrc[0] != '1' or 'login' not in jpapisrc[1]:
cmseek.warning(
'No results from jetpack api... maybe the site doesn\'t use jetpack'
)
else:
for user in json.loads(jpapisrc[1])['posts']:
jpapiuser.append(user['author']['login'])
cmseek.success("Found User: %s" % user['author']['login'])
jpapiuser = list(set(
usr.strip()
for usr in jpapiuser)) # Removing duplicate usernames
# the regular way of checking vua user Parameter -- For now just check upto 20 ids
cmseek.info('Harvesting usernames from wordpress author Parameter')
wpparamuser = []
usrrange = range(31)
pool = multiprocessing.Pool()
prepareenum = partial(wpauthorenum, ua, url)
res = pool.map(prepareenum, usrrange)
for r in res:
if r != None:
wpparamuser.append(r)
# Combine all the usernames that we collected
usernames = set(wpjsonuser + jpapiuser + wpparamuser)
if len(usernames) > 0:
usernamesgen = '1' # Some usernames were harvested
cmseek.success(cmseek.bold + str(len(usernames)) +
" Usernames" + cmseek.cln +
" was / were enumerated")
else:
usernamesgen = '0' # Failure
cmseek.warning("Couldn't enumerate usernames :( ")
## Version Vulnerability Detection
if version == "0":
cmseek.warning(
"Skipping version vulnerability scan as WordPress Version wasn't detected"
)
else: ## So we have a version let's scan for vulnerabilities
cmseek.info(
"Checking version vulnerabilities [props to wpvulndb for their awesome api ;)]"
)
vfc = version.replace(
'.', ''
) # NOT IMPORTANT: vfc = version for check well we have to kill all the .s in the version for looking it up on wpvulndb.. kinda weird if you ask me
ws = cmseek.getsource(
"https://wpvulndb.com/api/v2/wordpresses/" + vfc, ua)
print(ws[0])
if ws[0] == "1":
# wjson = json.loads(ws[1]) + vfd + "['release_date']"
wpvdbres = '1' ## We have the wpvulndb results
result = json.loads(ws[1])[version]
else:
wpvdbres = '0'
cmseek.error('Error Retriving data from wpvulndb')
### Deep Scan Results comes here
cmseek.clearscreen()
cmseek.banner("Deep Scan Results")
cmseek.result("Detected CMS: ", 'WordPress')
cmseek.update_log('cms_name', 'WordPress') # update log
cmseek.result("CMS URL: ", "https://wordpress.org")
cmseek.update_log('cms_url', "https://wordpress.org") # update log
if version != '0':
cmseek.result("Version: ", version)
cmseek.update_log('wp_version', version)
if wpvdbres == '1':
cmseek.result("Changelog URL: ", str(result['changelog_url']))
cmseek.update_log('wp_changelog_file',
str(result['changelog_url']))
if readmefile == '1':
cmseek.result("Readme file found: ", url + '/readme.html')
cmseek.update_log('wp_readme_file', url + '/readme.html')
if licfile == '1':
cmseek.result("License file found: ", url + '/license.txt')
if wpupdir == '1':
cmseek.result("Uploads directory has listing enabled: ",
url + '/wp-content/uploads')
cmseek.update_log('wp_uploads_directory',
url + '/wp-content/uploads')
if xmlrpc == '1':
cmseek.result("XML-RPC interface available: ", url + '/xmlrpc.php')
cmseek.update_log('wp_uploads_directory', url + '/xmlrpc.php')
if usernamesgen == '1':
cmseek.result("Usernames Harvested: ", '')
wpunames = ""
for u in usernames:
wpunames = wpunames + u + ","
cmseek.success(cmseek.bold + u + cmseek.cln)
print('\n')
cmseek.update_log('wp_users', wpunames)
if wpvdbres == '1':
cmseek.result("Vulnerability Count: ",
str(len(result['vulnerabilities'])))
cmseek.update_log('wp_vuln_count',
str(len(result['vulnerabilities'])))
cmseek.update_log('wpvulndb_url',
"https://wpvulndb.com/api/v2/wordpresses/" + vfc)
if len(result['vulnerabilities']) > 0:
cmseek.success("Displaying all the vulnerabilities")
for vuln in result['vulnerabilities']:
print("\n")
cmseek.result("Vulnerability Title: ", str(vuln['title']))
cmseek.result("Vulnerability Type: ",
str(vuln['vuln_type']))
cmseek.result("Fixed In Version: ", str(vuln['fixed_in']))
cmseek.result(
"Vulnerability Link: ",
"http://wpvulndb.com/vulnerabilities/" +
str(vuln['id']))
strvuln = str(vuln)
if 'cve' in strvuln:
for ref in vuln['references']['cve']:
cmseek.result(
"Vulnerability CVE: ",
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+ str(ref))
if 'exploitdb' in strvuln:
for ref in vuln['references']['exploitdb']:
cmseek.result(
"ExploitDB Link: ",
"http://www.exploit-db.com/exploits/" +
str(ref))
if 'metasploit' in strvuln:
for ref in vuln['references']['metasploit']:
cmseek.result(
"Metasploit Module: ",
"http://www.metasploit.com/modules/" +
str(ref))
if 'osvdb' in strvuln:
for ref in vuln['references']['osvdb']:
cmseek.result("OSVDB Link: ",
"http://osvdb.org/" + str(ref))
if 'secunia' in strvuln:
for ref in vuln['references']['secunia']:
cmseek.result(
"Secunia Advisory: ",
"http://secunia.com/advisories/" + str(ref))
if 'url' in strvuln:
for ref in vuln['references']['url']:
cmseek.result("Vulnerability Reference: ",
str(ref))
return
else:
cmseek.warning(
"No Vulnerabilities discovered in this version of WordPress as of yet"
)
return
return
def main_proc(site,cua):
# Check for skip_scanned
if cmseek.skip_scanned:
for csite in cmseek.report_index['results'][0]:
if site == csite and cmseek.report_index['results'][0][site]['cms_id'] != '':
cmseek.warning('Skipping {0} as it was previously scanned!'.format(cmseek.red + site + cmseek.cln))
return
cmseek.clearscreen()
cmseek.banner("CMS Detection And Deep Scan")
cmseek.info("Scanning Site: " + site)
cmseek.statement("User Agent: " + cua)
cmseek.statement("Collecting Headers and Page Source for Analysis")
init_source = cmseek.getsource(site, cua)
if init_source[0] != '1':
cmseek.error("Aborting CMSeek! Couldn't connect to site \n Error: %s" % init_source[1])
return
else:
scode = init_source[1]
headers = init_source[2]
if site != init_source[3] and site + '/' != init_source[3]:
if cmseek.redirect_conf == '0':
cmseek.info('Target redirected to: ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln)
if not cmseek.batch_mode:
follow_redir = input('[#] Set ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln + ' as target? (y/n): ')
else:
follow_redir = 'y'
if follow_redir.lower() == 'y':
site = init_source[3]
cmseek.statement("Reinitiating Headers and Page Source for Analysis")
tmp_req = cmseek.getsource(site, cua)
scode = tmp_req[1]
headers = tmp_req[2]
elif cmseek.redirect_conf == '1':
site = init_source[3]
cmseek.info("Followed redirect, New target: " + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln)
cmseek.statement("Reinitiating Headers and Page Source for Analysis")
tmp_req = cmseek.getsource(site, cua)
scode = tmp_req[1]
headers = tmp_req[2]
else:
cmseek.statement("Skipping redirect to " + cmseek.bold + cmseek.red + init_source[3] + cmseek.cln)
if scode == '':
# silly little check thought it'd come handy
cmseek.error('Aborting detection, source code empty')
return
cmseek.statement("Detection Started")
## init variables
cms = '' # the cms id if detected
cms_detected = '0' # self explanotory
detection_method = '' # ^
ga = '0' # is generator available
ga_content = '' # Generator content
## Parse generator meta tag
parse_generator = generator.parse(scode)
ga = parse_generator[0]
ga_content = parse_generator[1]
cmseek.statement("Using headers to detect CMS (Stage 1 of 4)")
header_detection = header.check(headers)
if header_detection[0] == '1':
detection_method = 'header'
cms = header_detection[1]
cms_detected = '1'
if cms_detected == '0':
if ga == '1':
# cms detection via generator
cmseek.statement("Using Generator meta tag to detect CMS (Stage 2 of 4)")
gen_detection = generator.scan(ga_content)
if gen_detection[0] == '1':
detection_method = 'generator'
cms = gen_detection[1]
cms_detected = '1'
else:
cmseek.statement('Skipping stage 2 of 4: No Generator meta tag found')
if cms_detected == '0':
# Check cms using source code
cmseek.statement("Using source code to detect CMS (Stage 3 of 4)")
source_check = source.check(scode, site)
if source_check[0] == '1':
detection_method = 'source'
cms = source_check[1]
cms_detected = '1'
if cms_detected == '0':
# Check cms using robots.txt
cmseek.statement("Using robots.txt to detect CMS (Stage 4 of 4)")
robots_check = robots.check(site, cua)
if robots_check[0] == '1':
detection_method = 'robots'
cms = robots_check[1]
cms_detected = '1'
if cms_detected == '1':
cmseek.success('CMS Detected, CMS ID: ' + cmseek.bold + cmseek.fgreen + cms + cmseek.cln + ', Detection method: ' + cmseek.bold + cmseek.lblue + detection_method + cmseek.cln)
cmseek.update_log('detection_param', detection_method)
cmseek.update_log('cms_id', cms) # update log
cmseek.statement('Getting CMS info from database') # freaking typo
cms_info = getattr(cmsdb, cms)
if cms_info['deeps'] == '1' and not cmseek.light_scan and not cmseek.only_cms:
# cmseek.success('Starting ' + cmseek.bold + cms_info['name'] + ' deep scan' + cmseek.cln)
advanced.start(cms, site, cua, ga, scode, ga_content, detection_method, headers)
return
elif cms_info['vd'] == '1' and not cmseek.only_cms:
cmseek.success('Starting version detection')
cms_version = '0' # Failsafe measure
cms_version = version_detect.start(cms, site, cua, ga, scode, ga_content, headers)
cmseek.clearscreen()
cmseek.banner("CMS Scan Results")
result.target(site)
result.cms(cms_info['name'],cms_version,cms_info['url'])
cmseek.update_log('cms_name', cms_info['name']) # update log
if cms_version != '0' and cms_version != None:
cmseek.update_log('cms_version', cms_version) # update log
cmseek.update_log('cms_url', cms_info['url']) # update log
comptime = round(time.time() - cmseek.cstart, 2)
log_file = os.path.join(cmseek.log_dir, 'cms.json')
result.end(str(cmseek.total_requests), str(comptime), log_file)
'''
cmseek.result('Target: ', site)
cmseek.result("Detected CMS: ", cms_info['name'])
cmseek.update_log('cms_name', cms_info['name']) # update log
if cms_version != '0' and cms_version != None:
cmseek.result("CMS Version: ", cms_version)
cmseek.update_log('cms_version', cms_version) # update log
cmseek.result("CMS URL: ", cms_info['url'])
cmseek.update_log('cms_url', cms_info['url']) # update log
'''
return
else:
# nor version detect neither DeepScan available
cmseek.clearscreen()
cmseek.banner("CMS Scan Results")
result.target(site)
result.cms(cms_info['name'],'0',cms_info['url'])
cmseek.update_log('cms_name', cms_info['name']) # update log
cmseek.update_log('cms_url', cms_info['url']) # update log
comptime = round(time.time() - cmseek.cstart, 2)
log_file = os.path.join(cmseek.log_dir, 'cms.json')
result.end(str(cmseek.total_requests), str(comptime), log_file)
'''
cmseek.result('Target: ', site)
cmseek.result("Detected CMS: ", cms_info['name'])
cmseek.update_log('cms_name', cms_info['name']) # update log
cmseek.result("CMS URL: ", cms_info['url'])
cmseek.update_log('cms_url', cms_info['url']) # update log
'''
return
else:
print('\n')
cmseek.error('CMS Detection failed, if you know the cms please help me improve CMSeeK by reporting the cms along with the target by creating an issue')
print('''
{2}Create issue:{3} https://github.com/Tuhinshubhra/CMSeeK/issues/new
{4}Title:{5} [SUGGESTION] CMS detction failed!
{6}Content:{7}
- CMSeeK Version: {0}
- Target: {1}
- Probable CMS: <name and/or cms url>
N.B: Create issue only if you are sure, please avoid spamming!
'''.format(cmseek.cmseek_version, site, cmseek.bold, cmseek.cln, cmseek.bold, cmseek.cln, cmseek.bold, cmseek.cln))
return
return
def main_proc(site, cua):
cmseek.clearscreen()
cmseek.banner("CMS Detection And Deep Scan")
cmseek.info("Scanning Site: " + site)
cmseek.statement("User Agent: " + cua)
cmseek.statement("Collecting Headers and Page Source for Analysis")
try:
ckreq = urllib.request.Request(site,
data=None,
headers={'User-Agent': cua})
with urllib.request.urlopen(ckreq) as response:
scode = response.read().decode()
headers = str(response.info())
except Exception as e:
e = str(e)
cmseek.error(
"Aborting CMSeek! Couldn't connect to site \n Error: %s" %
e) #TODO: remove the error msg later if possible
return
# TODO: The source code enumartion > save to site directory > print done
cmseek.statement("Detection Started")
cmseek.statement("Using headers to detect CMS (Stage 1 of 2)")
c1 = header.check(headers)
if c1[0] == "1":
# Do this shit later
cmseek.success(
"CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
% c1[1])
cmseek.update_log('detection_param', 'header') # update log
cmseek.update_log('cms_id', c1[1]) # update log
cka = getattr(cmsdb, c1[1])
if cka['deeps'] != '1': # Deep Scan
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold + cmseek.fgreen +
cka['name'] + cmseek.cln)
cmseek.update_log('cms_name', cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold + cmseek.fgreen +
cka['url'] + cmseek.cln)
cmseek.update_log('cms_url', cka['url']) # update log
else:
cmseek.statement(
"CMS Version is detectable, detecting CMS Version")
### Detect version
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold + cmseek.fgreen +
cka['name'] + cmseek.cln)
cmseek.update_log('cms_name', cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold + cmseek.fgreen +
cka['url'] + cmseek.cln)
cmseek.update_log('cms_url', cka['url']) # update log
# return
else:
advanced.deep(
c1[1], site, cua, '2', scode
) ## The 2 suggests that generator check has not been performed
else:
cmseek.warning('No luck with headers... Continuing with source code')
cmseek.statement("Checking for generator meta tag in source code")
if 'Generator' in scode or 'generator' in scode:
cmseek.success(
"Generator meta tag found.. Continuing with detection (2.1 of 2.2)"
)
ga = "1" ## Generator tag found .. this will come in handy later to save us some milliseconds ;)
c21 = source.generator(scode)
if c21[0] == '1':
cmseek.success(
"CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
% c21[1])
cmseek.update_log('detection_param', 'generator') # update log
cmseek.update_log('cms_id', c21[1]) # update log
cka = getattr(cmsdb, c21[1])
if cka['deeps'] != '1': # Deep Scan not available
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold + cmseek.fgreen +
cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',
cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold + cmseek.fgreen +
cka['url'] + cmseek.cln)
cmseek.update_log('cms_url', cka['url']) # update log
else:
cmseek.statement(
"CMS Version is detectable, detecting CMS Version")
### Detect version
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold + cmseek.fgreen +
cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',
cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold + cmseek.fgreen +
cka['url'] + cmseek.cln)
cmseek.update_log('cms_url', cka['url']) # update log
# return
else:
advanced.deep(c21[1], site, cua, '1', scode)
elif c21[0] == '2': # Empty Source code
cmseek.error("Source code was empty... exiting CMSeek")
# return
else: ## CMS Detection unsuccessful via generator meta tag
cmseek.warning(
'Could not detect CMS from the generator meta tag, (Procceeding with scan 2.2 of 2.2)'
)
c22 = source.check(scode, site)
if c22[0] == '1':
cmseek.success(
"CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
% c22[1])
cmseek.update_log('detection_param',
'source') # update log
cmseek.update_log('cms_id', c22[1]) # update log
cka = getattr(cmsdb, c22[1])
if cka['deeps'] != '1': # Deep Scan not available
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold +
cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',
cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold +
cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',
cka['url']) # update log
else:
cmseek.statement(
"CMS Version is detectable, detecting CMS Version"
)
### Detect version
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold +
cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',
cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold +
cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',
cka['url']) # update log
return
else:
advanced.deep(c22[1], site, cua, '1', scode)
elif c22[0] == '2': # Empty Source code
cmseek.error("Source code was empty... exiting CMSeek")
return
else:
cmseek.error(
"Couldn't detect cms... :( \n Sorry master didn't mean to dissapoint but bye for now \n Can't handle this much disappintment \n\n"
)
return
else:
cmseek.warning(
"Generator meta tag not found! (Procceeding with scan 2.2 of 2.2)"
)
ga = '0' ## Generator meta tag not found as i freakin said earlier this will come in handy later
c22 = source.check(scode, site)
if c22[0] == '1':
cmseek.success(
"CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
% c22[1])
cmseek.update_log('detection_param', 'source') # update log
cmseek.update_log('cms_id', c22[1]) # update log
cka = getattr(cmsdb, c22[1])
if cka['deeps'] != '1': # Deep Scan not available
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold + cmseek.fgreen +
cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',
cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold + cmseek.fgreen +
cka['url'] + cmseek.cln)
cmseek.update_log('cms_url', cka['url']) # update log
else:
cmseek.statement(
"CMS Version is detectable, detecting CMS Version")
### Detect version
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold + cmseek.fgreen +
cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',
cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold + cmseek.fgreen +
cka['url'] + cmseek.cln)
cmseek.update_log('cms_url', cka['url']) # update log
return
else:
advanced.deep(c22[1], site, cua, '0', scode)
elif c22[0] == '2': # Empty Source code
cmseek.error("Source code was empty... exiting CMSeek")
return
else:
cmseek.error(
"Couldn't detect cms... :( \n Sorry master didn't mean to dissapoint but bye for now \n Can't handle this much disappintment \n\n"
)
return