def __runExploits(self,url,headers):
wp_wysija(url,headers,vulnresults)
wp_blaze(url,headers,vulnresults)
wp_catpro(url,headers,vulnresults)
wp_cherry(url,headers,vulnresults)
wp_dm(url,headers,vulnresults)
wp_fromcraft(url,headers,vulnresults)
wp_shop(url,headers,vulnresults)
wp_revslider(url,headers,vulnresults)
wp_adsmanager(url,headers,vulnresults)
wp_inboundiomarketing(url,headers,vulnresults)
wp_levoslideshow(url,headers,vulnresults)
wp_adblockblocker(url,headers,vulnresults)
def detect_cms():
lm = url + '/smiley/1.gif'
lm_content = requests.get(lm,headers).text
lm2 = url + '/rss.xml'
lm2_content = requests.get(lm2,headers).text
content=requests.get(url,headers).text
# try:
############################
# #
# joomla #
# #
############################
#joomla searching content to detect.
if re.search(re.compile(r'<script type=\"text/javascript\" src=\"/media/system/js/mootools.js\"></script>|/media/system/js/|com_content|Joomla!'), content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s %sCMS :%s Joomla' % (good,W,end))
print ('------------------------------------------------')
#webinfo gathering argument
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
if cms == 'version':
print (' %s CMS informations gathering' %(run))
joo_version(url,headers)
print ("-----------------------------------------------")
if cms == 'all':
print (' %s CMS informations gathering' %(run))
joo_version(url,headers)
joo_user(url,headers)
joo_template(url,headers)
print ("-----------------------------------------------")
#port to scan
if scanports:
print (' %s Scanning Ports' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
#joomla_exploits imported from folder[./common/joomla_exploits.py]
if exploit:
print (' %s Check Vulnerability' %(run))
print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W))
joomla_comjce(url,headers,timeout)
joomla_comedia(url,headers,timeout)
joomla_comjdownloads(url,headers,timeout)
joomla_comjdownloads2(url,headers,timeout)
joomla_fabrik2(url,headers,timeout)
joomla_fabrik2_d(url,headers,timeout)
joomla_foxcontact(url,headers,timeout)
############################
# #
# Wordpress #
# #
############################
#wordpress searching content to detect.
elif re.search(re.compile(r'wp-content|wordpress|xmlrpc.php'), content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s %sCMS :%s Wordpress' % (good,W,end))
print ('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
#wp_grab methods info from (folder)[./common/grapwp.py]
if cms == 'version':
print (' %s CMS informations gathering' %(run))
wp_version(url,headers,grabinfo)
print ("-----------------------------------------------")
if cms == 'themes':
print (' %s CMS informations gathering' %(run))
wp_themes(url,headers,grabinfo)
print ("-----------------------------------------------")
if cms == 'user':
print (' %s CMS informations gathering' %(run))
wp_user(url,headers,grabinfo)
print ("-----------------------------------------------")
if cms == 'plugins':
print (' %s CMS informations gathering' %(run))
wp_plugin(url,headers,grabinfo)
print ("-----------------------------------------------")
if cms == 'all':
print (' %s CMS informations gathering' %(run))
wp_version(url,headers,grabinfo)
wp_themes(url,headers,grabinfo)
wp_user(url,headers,grabinfo)
wp_plugin(url,headers,grabinfo)
print ("-----------------------------------------------")
#port to scan
if scanports:
print (' %s Scanning Ports' %(run))
print (""" %sPORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
# vulnx -u http://example.com -e | vulnx -u http://example --exploit
if exploit:
print (' %s Check Vulnerability\n' %(run))
print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W))
#wp_exploit methods from (dolder)[./common/wp_exploits.py]
wp_wysija(url,headers,vulnresults)
wp_blaze(url,headers,vulnresults)
wp_synoptic(url,headers,vulnresults)
wp_catpro(url,headers,vulnresults)
wp_cherry(url,headers,vulnresults)
wp_dm(url,headers,vulnresults)
wp_fromcraft(url,headers,vulnresults)
wp_jobmanager(url,headers,vulnresults)
wp_showbiz(url,headers,vulnresults)
wp_shop(url,headers,vulnresults)
wp_powerzoomer(url,headers,vulnresults)
wp_revslider(url,headers,vulnresults)
wp_adsmanager(url,headers,vulnresults)
wp_inboundiomarketing(url,headers,vulnresults)
wp_adblockblocker(url,headers,vulnresults)
wp_levoslideshow(url,headers,vulnresults)
print ("-----------------------------------------------")
############################
# #
# Drupal #
# #
############################
#drupal searching content to detect.
elif re.search(re.compile(r'Drupal|drupal|sites/all|drupal.org'), content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s CMS : Drupal' % (good))
print ('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
if cms == 'version':
print (' %s CMS informations gathering' %(run))
drupal_version()
if scanports:
print (' %s Scanning Ports\n' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
if exploit:
print (' %s Check Vulnerability\n' %(run))
print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W))
############################
# #
# Prestashop #
# #
############################
#prestashop searching content to detect.
elif re.search(re.compile(r'Prestashop|prestashop'), content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s %sCMS :%s Prestashop' % (good,W,end))
print ('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
if cms == 'version':
print (' %s CMS informations gathering' %(run))
prestashop_version()
if scanports:
print (' %s Scanning Ports\n' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
if exploit:
print (' %s Check Vulnerability\n' %(run))
print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W))
columnadverts(url,headers)
soopabanners(url,headers)
vtslide(url,headers)
simpleslideshow(url,headers)
productpageadverts(url,headers)
productpageadvertsb(url,headers)
jro_homepageadvertise(url,headers)
attributewizardpro(url,headers)
oneattributewizardpro(url,headers)
attributewizardpro_old(url,headers)
attributewizardpro_x(url,headers)
advancedslider(url,headers)
cartabandonmentpro(url,headers)
cartabandonmentpro_old(url,headers)
videostab(url,headers)
wg24themeadministration(url,headers)
fieldvmegamenu(url,headers)
wdoptionpanel(url,headers)
pk_flexmenu(url,headers)
nvn_export_orders(url,headers)
tdpsthemeoptionpanel(url,headers)
masseditproduct(url,headers)
############################
# #
# OpenCart #
# #
############################
#opencart searching content to detect.
elif re.search(re.compile(r'route=product|OpenCart|route=common|catalog/view/theme'), content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s CMS : OpenCart' % (good))
print ('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
if cms == 'version':
print (' %s CMS informations gathering' %(run))
if scanports:
print (' %s Scanning Ports\n' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
if exploit:
print (' %s Check Vulnerability\n' %(run))
print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W))
############################
# #
# Magento #
# #
############################
#magento searching content to detect.
elif re.search(re.compile(r'Log into Magento Admin Page|name=\"dummy\" id=\"dummy\"|Magento'), content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s CMS : Magento' % (good))
print ('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
if cms == 'version':
print (' %s CMS informations gathering' %(run))
if scanports:
print (' %s Scanning Ports\n' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
if exploit:
print (' %s Check Vulnerability' %(run))
print (""" %sNAME %sSTATUS %sSHELL"""%(W,W,W))
############################
# #
# Lokomedia #
# #
############################
#lokomedia searching content to detect.
print (' %s Check Vulnerability' %(run))
elif re.search(re.compile(r'image/gif'), lm_content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s CMS : Lokomedia' % (good))
print ('------------------------------------------------')
if subdomains:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
print ('------------------------------------------------')
if scanports:
print (' %s Scanning Ports\n' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
print (' %s Check Vulnerability' %(run))
elif re.search(re.compile(r'lokomedia'), lm2_content):
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s CMS : Lokomedia' % (good))
print ('------------------------------------------------')
if subdomains:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
if scanports:
print (' %s Scanning Ports\n' %(run))
print (""" %s PORTS %sSTATUS %sPROTO"""%(W,W,W))
portscan(hostd(url))
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")
print (' %s Check Vulnerability' %(run))
############################
# #
# Unknown #
# #
############################
#no cms detect
else:
print ('\n %s[%sTarget%s]%s => %s%s \n '% (bannerblue2,W,bannerblue2, W, url, end))
print ('------------------------------------------------')
print (' %s looking for cms' % (que))
print (' %s CMS : Unknown' % (bad))
print ('------------------------------------------------')
if webinfo:
webhosting_info(hostinfo)
#domain gatherinargument
if domaininfo:
print (' %s Starting searching for Subdomains' %(run))
domain_info(url)
print ("-----------------------------------------------")
if dnsdump:
print (' %s Starting DNS dump ' %(run))
dnsdumper(url)
print ("-----------------------------------------------")