class OnlineSearch:
""" la classe de recherche enligne des failles """
def __init__(self):
self.fprint = FingerPrint()
def site_search(self,com):
"""recherche des informatation sur les composants sur packetstorm.org"""
sere = self.fprint.get_cont("http://packetstormsecurity.org/search/files/?q="+com+"&s=files")
if (re.search(r"No Results Found",sere)):
print "No Results Found in packetstormsecurity.org"
else:
linex1 = re.compile(r'<a class="ico text-plain" href="(.+)" title="Size: (.+) KB">(.*?)</a>')
dir1 = self.fprint.copy(linex1.findall(sere))
for elem in dir1:
print "Link : packetstormsecurity.org"+elem[0]
print "Size : "+elem[1]+" KB"
print "Title : "+elem[2]
print "\n"
print "---------------------------------------------------------"
class OnlineSearch:
""" Online search for vulns """
def __init__(self):
self.fprint = FingerPrint()
def site_search(self,com):
"""search on packetstorm.org"""
sere = self.fprint.get_cont("http://packetstormsecurity.org/search/files/?q="+com+"&s=files")
if (re.search(r"No Results Found",sere)):
print "No Results Found in packetstormsecurity.org"
else:
linex1 = re.compile(r'<a class="ico text-plain" href="(.+)" title="Size: (.+) KB">(.*?)</a>')
dir1 = self.fprint.copy(linex1.findall(sere))
for elem in dir1:
print "Link : packetstormsecurity.org"+elem[0]
print "Size : "+elem[1]+" KB"
print "Title : "+elem[2]
print "\n"
print "---------------------------------------------------------"
def exploit_db_search(self,keyword):
class InfoCollector:
def __init__(self):
self.fprint = FingerPrint()
def get_admin(self,url):
""" Brute Force the admin link """
f = open("doc/admin.txt")
cont = f.read()
list = cont.split("\n")
for elem in list:
if (self.fprint.check_if_exist(url+"/"+elem)):
print "[!] Found this directory "+elem+"\n"
def get_info_passive(self,url,type):
""" Passive templates and Plugins enumeration """
if (type == "joomla"):
content = self.fprint.get_cont(self,url)
linex1 = re.compile("option,(.*?)/")
linex2 = re.compile('option=(.*?)(&|&|")')
linex3 = re.compile('/component/(.*?)/')
linex4 = re.compile('/templates/(.*?)/')
dir1 = self.fprint.copy(linex1.findall(content))
dir2 = self.fprint.copy(linex2.findall(content))
dir3 = self.fprint.copy(linex3.findall(content))
dir4 = self.fprint.copy(linex4.findall(content))
print "[!] Plugins Found From passive detection: \n"
for elem in dir1:
print elem
for elem in dir2:
print elem
for elem in dir3:
print elem
print "[!] Templates Found from passive detection:\n"
for elem in dir4:
print elem
if (type == "wordpress"):
content = self.fprint.get_cont(url)
linex = re.compile("/plugins/(.*?)/")
linex2 = re.compile("/themes/(.*?)/")
dir = self.fprint.copy(linex.findall(content))
dir2 = self.fprint.copy(linex2.findall(content))
print "[!] Plugins Found From passive detection: \n"
for elem in dir:
print elem
print "[!] Themes Found From passive detection: \n"
for elem in dir2:
print elem
def get_info_aggressive(self,url,mode,item):
""" Agressive Templates and PLugins enumeration """
if (item == "plugins"):
if (mode == "full"):
print "[!] Enumerating All installed Plugins in "+url+"\n"
full = open("doc/plugins_full.txt","r")
cont = full.read()
list = cont.split("\n")
for elem in list:
#print "Test"
#print "[!] Testing"+elem
if (self.fprint.check_if_exist(url+"/wp-content/plugins/"+elem)):
content = self.fprint.get_cont(url+"/wp-content/plugins/"+elem+"/"+"readme.txt")
regex = re.compile('Stable tag: (.+)')
version = regex.findall(content)
if (len(version)!=0):
print "[!] Found "+elem+" Version "+version[0]
else:
print "[!] Found "+elem+" Version ?"
if (mode == "top"):
print "[!] Enumerating Most Downloaded installed Plugins in "+url+"\n"
top = open("doc/plugins.txt","r")
cont = top.read()
list = cont.split("\n")
for elem in list:
#print "[x] Testing : "+elem
if (self.fprint.check_if_exist(url+"/wp-content/plugins/"+elem)):
content = self.fprint.get_cont(url+"/wp-content/plugins/"+elem+"/"+"readme.txt")
regex = re.compile('Stable tag: (.+)')
version = regex.findall(content)
if (len(version)!=0):
print "[!] Found "+elem+" Version "+version[0]
else:
print "[!] Found "+elem+" Version ?"
if (item == "themes"):
if (mode == "full"):
print "[!] Enumerating All installed Themes in "+url+"\n"
full = open("doc/themes_full.txt","r")
cont = full.read()
list = cont.split("\n")
for elem in list:
#print "Test"
#print "[!] Testing"+elem
if (self.fprint.check_if_exist(url+"/wp-content/themes/"+elem)):
print "[!] Found "+elem+" Theme"
if (mode == "top"):
print "[!] Enumerating Most Downloaded installed Themes in "+url+"\n"
top = open("doc/themes.txt","r")
cont = top.read()
list = cont.split("\n")
for elem in list:
#print "[x] Testing : "+elem
if (self.fprint.check_if_exist(url+"/wp-content/themes/"+elem)):
print "[!] Found "+elem+" Theme"
class InfoCollector:
def __init__(self):
self.fprint = FingerPrint()
def get_admin(self, url):
""" Brute Force the admin link """
f = open("doc/admin.txt")
cont = f.read()
list = cont.split("\n")
for elem in list:
if (self.fprint.check_if_exist(url + "/" + elem)):
print "[!] Found this directory " + elem + "\n"
def get_info_passive(self, url, type):
""" Passive templates and Plugins enumeration """
if (type == "joomla"):
content = self.fprint.get_cont(self, url)
linex1 = re.compile("option,(.*?)/")
linex2 = re.compile('option=(.*?)(&|&|")')
linex3 = re.compile('/component/(.*?)/')
linex4 = re.compile('/templates/(.*?)/')
dir1 = self.fprint.copy(linex1.findall(content))
dir2 = self.fprint.copy(linex2.findall(content))
dir3 = self.fprint.copy(linex3.findall(content))
dir4 = self.fprint.copy(linex4.findall(content))
print "[!] Plugins Found From passive detection: \n"
for elem in dir1:
print elem
for elem in dir2:
print elem
for elem in dir3:
print elem
print "[!] Templates Found from passive detection:\n"
for elem in dir4:
print elem
if (type == "wordpress"):
content = self.fprint.get_cont(url)
linex = re.compile("/plugins/(.*?)/")
linex2 = re.compile("/themes/(.*?)/")
dir = self.fprint.copy(linex.findall(content))
dir2 = self.fprint.copy(linex2.findall(content))
print "[!] Plugins Found From passive detection: \n"
for elem in dir:
print elem
print "[!] Themes Found From passive detection: \n"
for elem in dir2:
print elem
def get_info_aggressive(self, url, mode, item):
""" Agressive Templates and PLugins enumeration """
if (item == "plugins"):
if (mode == "full"):
print "[!] Enumerating All installed Plugins in " + url + "\n"
full = open("doc/plugins_full.txt", "r")
cont = full.read()
list = cont.split("\n")
for elem in list:
#print "Test"
#print "[!] Testing"+elem
if (self.fprint.check_if_exist(url +
"/wp-content/plugins/" +
elem)):
content = self.fprint.get_cont(url +
"/wp-content/plugins/" +
elem + "/" +
"readme.txt")
regex = re.compile('Stable tag: (.+)')
version = regex.findall(content)
if (len(version) != 0):
print "[!] Found " + elem + " Version " + version[0]
else:
print "[!] Found " + elem + " Version ?"
if (mode == "top"):
print "[!] Enumerating Most Downloaded installed Plugins in " + url + "\n"
top = open("doc/plugins.txt", "r")
cont = top.read()
list = cont.split("\n")
for elem in list:
#print "[x] Testing : "+elem
if (self.fprint.check_if_exist(url +
"/wp-content/plugins/" +
elem)):
content = self.fprint.get_cont(url +
"/wp-content/plugins/" +
elem + "/" +
"readme.txt")
regex = re.compile('Stable tag: (.+)')
version = regex.findall(content)
if (len(version) != 0):
print "[!] Found " + elem + " Version " + version[0]
else:
print "[!] Found " + elem + " Version ?"
if (item == "themes"):
if (mode == "full"):
print "[!] Enumerating All installed Themes in " + url + "\n"
full = open("doc/themes_full.txt", "r")
cont = full.read()
list = cont.split("\n")
for elem in list:
#print "Test"
#print "[!] Testing"+elem
if (self.fprint.check_if_exist(url +
"/wp-content/themes/" +
elem)):
print "[!] Found " + elem + " Theme"
if (mode == "top"):
print "[!] Enumerating Most Downloaded installed Themes in " + url + "\n"
top = open("doc/themes.txt", "r")
cont = top.read()
list = cont.split("\n")
for elem in list:
#print "[x] Testing : "+elem
if (self.fprint.check_if_exist(url +
"/wp-content/themes/" +
elem)):
print "[!] Found " + elem + " Theme"
class Tester:
""" La classe des tests de vulnirabilites """
def __init__(self):
self.fprint = FingerPrint()
def wp_vulns(self,version):
""" detection Vuln. dans le corps de WP """
tree = xml.etree.ElementTree.parse("doc/wp_vulns.xml")
p = tree.findall("wordpress")
#print p
#p2 = tree.findall("hash/file")
for ele in p:
vrs = ele.attrib["version"]
#print vrs
if (vrs == version):
s = ele.getchildren()
for elem in s:
r = elem.getchildren()
#print "test"
print "Title : "+r[0].text
print "Reference : "+r[1].text
print "Type : "+r[2].text
def wp_plugins_vulns(self,url):
"""detection des vuln. dans les plugins"""
tree = xml.etree.ElementTree.parse("doc/plugin_vulns.xml")
p = tree.findall("plugin")
#cmp = lambda x, y: StrictVersion(x).__cmp__(y)
vregex = re.compile("[\d.]*\d+")
found = 0
for ele in p:
dir = ele.attrib["name"]
if (self.fprint.check_if_exist(url+"/wp-content/plugins/"+dir)):
rdm = self.fprint.get_cont(url+"/wp-content/plugins/"+dir+"/readme.txt")
regex = re.compile('Stable tag: ([\d.]*\d+)')
iversion1 = self.fprint.copy(regex.findall(rdm))
#print iversion1
if (iversion1[0]):
iversion = iversion1[0]
else:
iversion = "?"
#print iversion
s = ele.getchildren()
for elem in s :
r = elem.getchildren()
version = self.fprint.copy(vregex.findall(r[0].text))
#print version
if (version[0]):
v = version[0]
else:
v = "?"
#print v
if (len(r) == 3):
#found = 1
print "[!] Title : "+r[0].text
print "[!] Ref. : "+r[1].text
print "[!] Type : "+r[2].text
if (len(r) == 4):
print "[!] Title : "+r[0].text
print "[!] Ref.1 : "+r[1].text
print "[!] Ref.2 : "+r[2].text
print "[!] Type : "+r[3].text
if ( (v == "?") or (iversion == "?")):
print "[x] You need to check we could not detect the version"
else:
#print StrictVersion(v).__cmp__(iversion)
if ((StrictVersion(v).__cmp__(iversion) == 0) or (StrictVersion(iversion).__cmp__(v) == -1)):
print "[x] Your CMS is infected with this vuln."
found = 1
else :
print "[x] Your CMS is Safe From this vuln."
if (found == 0):
print "[!] No Vuln. Plugin was found !"
def wp_theme_vulns(self,url):
"""detection des vuln. dans les themes"""
tree = xml.etree.ElementTree.parse("doc/theme_vulns.xml")
p = tree.findall("theme")
found = 0
for ele in p:
dir = ele.attrib["name"]
if (self.fprint.check_if_exist(url+"/wp-content/themes/"+dir)):
found = 1
s = ele.getchildren()
for elem in s:
r = elem.getchildren()
print "[!] Title : "+r[0].text
print "[!] Ref. : "+r[1].text
print "[!] Type : "+r[2].text
if (found == 0):
print "[!] No Vlun. Theme Was Found "
