def start(id, url, ua, ga, source, detection_method, headers):
if id == 'umbraco':
cms_version = 0
cmseek.statement('Starting Umbraco DeepScan')
if detection_method == 'source':
# detect if it's false positive
umbraco_url = url + '/umbraco'
test_src = cmseek.getsource(umbraco_url, ua)
if test_src[0] == '1':
# okay we got the source let's test it
if 'var Umbraco' in test_src[1]:
# Umbraco Detected!
# Let's get version
cms_version = umbraco_version_detect.start(headers, url, ua, test_src[1])
else:
falsepositive()
else:
falsepositive()
else:
# detection method was different so we are good and no need to check for false positive i guess
cms_version = umbraco_version_detect.start(headers, url, ua)
cmseek.clearscreen()
cmseek.banner("CMS Scan Results")
sresult.target(url)
sresult.cms('Umbraco',cms_version,'https://umbraco.com')
cmseek.update_log('cms_name', 'Umbraco') # update log
if cms_version != '0' and cms_version != None:
cmseek.update_log('cms_version', cms_version) # update log
cmseek.update_log('cms_url', 'https://umbraco.com') # update log
comptime = round(time.time() - cmseek.cstart, 2)
log_file = os.path.join(cmseek.log_dir, 'cms.json')
sresult.end(str(cmseek.total_requests), str(comptime), log_file)
return
def start():
cmseek.clearscreen()
cmseek.banner("Joomla Bruteforce Module")
url = cmseek.targetinp("") # input('Enter Url: ')
cmseek.info("Checking for Joomla")
bsrc = cmseek.getsource(url, cmseek.randomua('foodislove'))
joomcnf = '0'
if bsrc[0] != '1':
cmseek.error("Could not get target source, CMSeek is quitting")
cmseek.handle_quit()
else:
## Parse generator meta tag
parse_generator = generator.parse(bsrc[1])
ga = parse_generator[0]
ga_content = parse_generator[1]
try1 = generator.scan(ga_content)
if try1[0] == '1' and try1[1] == 'joom':
joomcnf = '1'
else:
try2 = source.check(bsrc[1], url)
if try2[0] == '1' and try2[1] == 'joom':
joomcnf = '1'
else:
try3 = header.check(bsrc[2]) # Headers Check!
if try3[0] == '1' and try3[1] == 'joom':
joomcnf = '1'
else:
joomcnf = '0'
if joomcnf != '1':
cmseek.error('Could not confirm Joomla... CMSeek is quitting')
cmseek.handle_quit()
else:
cmseek.success(
"Joomla Confirmed... Confirming form and getting token...")
joomloginsrc = cmseek.getsource(url + '/administrator/index.php',
cmseek.randomua('thatsprettygay'))
if joomloginsrc[0] == '1' and '<form' in joomloginsrc[1]:
# joomtoken = re.findall(r'type=\"hidden\" name=\"(.*?)\" value=\"1\"', joomloginsrc[1])
# if len(joomtoken) == 0:
# cmseek.error('Unable to get token... CMSeek is quitting!')
# cmseek.handle_quit()
# cmseek.success("Token grabbed successfully: " + cmseek.bold + joomtoken[0] + cmseek.cln)
# token = joomtoken[0]
joomparamuser = []
rawuser = input(
"[~] Enter Usernames with coma as separation without any space (example: cris,harry): "
).split(',')
for rusr in rawuser:
joomparamuser.append(rusr)
joombruteusers = set(
joomparamuser
) ## Strip duplicate usernames in case any smartass didn't read the full thing and entered admin as well
for user in joombruteusers:
passfound = '0'
print('\n')
cmseek.info("Bruteforcing User: "******"wordlist/passwords.txt", "r")
passwords = pwd_file.read().split('\n')
passwords.insert(0, user)
for password in passwords:
if password != '' and password != '\n':
sys.stdout.write('[*] Testing Password: '******'%s\r\r' % password)
sys.stdout.flush()
# print("Testing Pass: "******"Ret URL: " + str(cursrc[3]))
if 'logout' in str(cursrc[1]):
print('\n')
cmseek.success('Password found!')
print(" |\n |--[username]--> " + cmseek.bold +
user + cmseek.cln +
"\n |\n |--[password]--> " + cmseek.bold +
password + cmseek.cln + "\n |")
cmseek.success('Enjoy The Hunt!')
cmseek.savebrute(url,
url + '/administrator/index.php',
user, password)
passfound = '1'
break
else:
continue
break
if passfound == '0':
cmseek.error('\n\nCould Not find Password!')
print('\n\n')
else:
cmseek.error("Couldn't find login form... CMSeeK is quitting")
cmseek.handle_quit()
def main_proc(site, cua):
cmseek.clearscreen()
cmseek.banner("CMS Detection And Deep Scan")
cmseek.info("Scanning Site: " + site)
cmseek.statement("User Agent: " + cua)
cmseek.statement("Collecting Headers and Page Source for Analysis")
init_source = cmseek.getsource(site, cua)
if init_source[0] != '1':
cmseek.error(
"Aborting CMSeek! Couldn't connect to site \n Error: %s" %
init_source[1])
return
else:
scode = init_source[1]
headers = init_source[2]
if site != init_source[3] and site + '/' != init_source[3]:
cmseek.info('Target redirected to: ' + cmseek.bold +
cmseek.fgreen + init_source[3] + cmseek.cln)
follow_redir = input('[#] Set ' + cmseek.bold + cmseek.fgreen +
init_source[3] + cmseek.cln +
' as target? (y/n): ')
if follow_redir.lower() == 'y':
site = init_source[3]
if scode == '':
# silly little check thought it'd come handy
cmseek.error('Aborting detection, source code empty')
return
cmseek.statement("Detection Started")
## init variables
cms = '' # the cms id if detected
cms_detected = '0' # self explanotory
detection_method = '' # ^
ga = '0' # is generator available
if 'generator' in scode or 'Generator' in scode:
ga = '1'
cmseek.statement("Using headers to detect CMS (Stage 1 of 3)")
header_detection = header.check(headers)
if header_detection[0] == '1':
detection_method = 'header'
cms = header_detection[1]
cms_detected = '1'
if cms_detected == '0' and ga == '1':
# cms detection via generator
cmseek.statement(
"Using Generator meta tag to detect CMS (Stage 2 of 3)")
gen_detection = source.generator(scode)
if gen_detection[0] == '1':
detection_method = 'generator'
cms = gen_detection[1]
cms_detected = '1'
else:
# Check cms using source code
cmseek.statement("Using source code to detect CMS (Stage 3 of 3)")
source_check = source.check(scode, site)
if source_check[0] == '1':
detection_method = 'source'
cms = source_check[1]
cms_detected = '1'
if cms_detected == '1':
cmseek.success('CMS Detected, CMS ID: ' + cmseek.bold + cms +
cmseek.cln + ', Detection method: ' + cmseek.bold +
detection_method + cmseek.cln)
cmseek.update_log('detection_param', detection_method)
cmseek.update_log('cms_id', cms) # update log
cmseek.statement('Getting CMS info from databse')
cms_info = getattr(cmsdb, cms)
if cms_info['deeps'] == '1':
# cmseek.success('Starting ' + cmseek.bold + cms_info['name'] + ' deep scan' + cmseek.cln)
advanced.start(cms, site, cua, ga, scode)
return
elif cms_info['vd'] == '1':
cmseek.success('Version detection available')
cms_version = version_detect.start(cms, site, cua, ga, scode)
cmseek.clearscreen()
cmseek.banner("CMS Scan Results")
cmseek.result('Target: ', site)
cmseek.result("Detected CMS: ", cms_info['name'])
cmseek.update_log('cms_name', cms_info['name']) # update log
if cms_version != '0':
cmseek.result("CMS Version: ", cms_version)
cmseek.update_log('cms_version', cms_version) # update log
cmseek.result("CMS URL: ", cms_info['url'])
cmseek.update_log('cms_url', cms_info['url']) # update log
return
else:
# nor version detect neither DeepScan available
cmseek.clearscreen()
cmseek.banner("CMS Scan Results")
cmseek.result('Target: ', site)
cmseek.result("Detected CMS: ", cms_info['name'])
cmseek.update_log('cms_name', cms_info['name']) # update log
cmseek.result("CMS URL: ", cms_info['url'])
cmseek.update_log('cms_url', cms_info['url']) # update log
return
else:
print('\n')
cmseek.error(
'CMS Detection failed, if you know the cms please help me improve CMSeeK by reporting the cms along with the target by creating an issue'
)
print('''
{2}Create issue:{3} https://github.com/Tuhinshubhra/CMSeeK/issues/new
{4}Title:{5} [SUGGESTION] CMS detction failed!
{6}Content:{7}
- CMSeeK Version: {0}
- Target: {1}
- Probable CMS: <name and/or cms url>
N.B: Create issue only if you are sure, please avoid spamming!
'''.format(cmseek.cmseek_version, site, cmseek.bold, cmseek.cln,
cmseek.bold, cmseek.cln, cmseek.bold, cmseek.cln))
return
return
cua = None
if args.googlebot:
cua = 'Googlebot/2.1 (+http://www.google.com/bot.html)'
if args.url is not None:
s = args.url
target = cmseek.process_url(s)
if target != '0':
if cua == None:
cua = cmseek.randomua()
core.main_proc(target, cua)
cmseek.handle_quit()
elif args.list is not None:
sites = args.list
cmseek.clearscreen()
cmseek.banner("CMS Detection And Deep Scan")
sites_list = []
try:
ot = open(sites, 'r')
file_contents = ot.read().replace('\n', '')
sites_list = file_contents.split(',')
except FileNotFoundError:
cmseek.error('Invalid path! CMSeeK is quitting')
cmseek.bye()
if sites_list != []:
if cua == None:
cua = cmseek.randomua()
for s in sites_list:
target = cmseek.process_url(s)
if target != '0':
core.main_proc(target, cua)
def main_proc(site, cua):
cmseek.clearscreen()
cmseek.banner("CMS Detection And Deep Scan")
cmseek.info("Scanning Site: " + site)
cmseek.statement("User Agent: " + cua)
cmseek.statement("Collecting Headers and Page Source for Analysis")
init_source = cmseek.getsource(site, cua)
if init_source[0] != '1':
cmseek.error(
"Aborting CMSeek! Couldn't connect to site \n Error: %s" %
init_source[1])
return
else:
scode = init_source[1]
headers = init_source[2]
if site != init_source[3] and site + '/' != init_source[3]:
cmseek.info('Target redirected to: ' + cmseek.bold +
cmseek.fgreen + init_source[3] + cmseek.cln)
follow_redir = input('[#] Set ' + cmseek.bold + cmseek.fgreen +
init_source[3] + cmseek.cln +
' as target? (y/n): ')
if follow_redir.lower() == 'y':
site = init_source[3]
cmseek.statement(
"Reinitiating Headers and Page Source for Analysis")
tmp_req = cmseek.getsource(site, cua)
scode = tmp_req[1]
headers = tmp_req[2]
if scode == '':
# silly little check thought it'd come handy
cmseek.error('Aborting detection, source code empty')
return
cmseek.statement("Detection Started")
## init variables
cms = '' # the cms id if detected
cms_detected = '0' # self explanotory
detection_method = '' # ^
ga = '0' # is generator available
ga_content = '' # Generator content
## Parse generator meta tag
parse_generator = generator.parse(scode)
ga = parse_generator[0]
ga_content = parse_generator[1]
cmseek.statement("Using headers to detect CMS (Stage 1 of 4)")
header_detection = header.check(headers)
if header_detection[0] == '1':
detection_method = 'header'
cms = header_detection[1]
cms_detected = '1'
if cms_detected == '0' and ga == '1':
# cms detection via generator
cmseek.statement(
"Using Generator meta tag to detect CMS (Stage 2 of 4)")
gen_detection = generator.scan(ga_content)
if gen_detection[0] == '1':
detection_method = 'generator'
cms = gen_detection[1]
cms_detected = '1'
else:
cmseek.statement('Skipping stage 2 of 4: No Generator meta tag found')
if cms_detected == '0':
# Check cms using source code
cmseek.statement("Using source code to detect CMS (Stage 3 of 4)")
source_check = source.check(scode, site)
if source_check[0] == '1':
detection_method = 'source'
cms = source_check[1]
cms_detected = '1'
if cms_detected == '0':
# Check cms using robots.txt
cmseek.statement("Using robots.txt to detect CMS (Stage 4 of 4)")
robots_check = robots.check(site, cua)
if robots_check[0] == '1':
detection_method = 'robots'
cms = robots_check[1]
cms_detected = '1'
if cms_detected == '1':
cmseek.success('CMS Detected, CMS ID: ' + cmseek.bold + cmseek.fgreen +
cms + cmseek.cln + ', Detection method: ' +
cmseek.bold + cmseek.lblue + detection_method +
cmseek.cln)
cmseek.update_log('detection_param', detection_method)
cmseek.update_log('cms_id', cms) # update log
cmseek.statement('Getting CMS info from database') # freaking typo
cms_info = getattr(cmsdb, cms)
if cms_info['deeps'] == '1':
# cmseek.success('Starting ' + cmseek.bold + cms_info['name'] + ' deep scan' + cmseek.cln)
advanced.start(cms, site, cua, ga, scode, ga_content)
return
elif cms_info['vd'] == '1':
cmseek.success('Starting version detection')
cms_version = '0' # Failsafe measure
cms_version = version_detect.start(cms, site, cua, ga, scode,
ga_content)
cmseek.clearscreen()
cmseek.banner("CMS Scan Results")
result.target(site)
result.cms(cms_info['name'], cms_version, cms_info['url'])
cmseek.update_log('cms_name', cms_info['name']) # update log
if cms_version != '0' and cms_version != None:
cmseek.update_log('cms_version', cms_version) # update log
cmseek.update_log('cms_url', cms_info['url']) # update log
comptime = round(time.time() - cmseek.cstart, 2)
log_dir = cmseek.log_dir
if log_dir is not "":
log_file = log_dir + "/cms.json"
result.end(str(cmseek.total_requests), str(comptime), log_file)
'''
cmseek.result('Target: ', site)
cmseek.result("Detected CMS: ", cms_info['name'])
cmseek.update_log('cms_name', cms_info['name']) # update log
if cms_version != '0' and cms_version != None:
cmseek.result("CMS Version: ", cms_version)
cmseek.update_log('cms_version', cms_version) # update log
cmseek.result("CMS URL: ", cms_info['url'])
cmseek.update_log('cms_url', cms_info['url']) # update log
'''
return
else:
# nor version detect neither DeepScan available
cmseek.clearscreen()
cmseek.banner("CMS Scan Results")
result.target(site)
result.cms(cms_info['name'], '0', cms_info['url'])
comptime = round(time.time() - cmseek.cstart, 2)
log_dir = cmseek.log_dir
if log_dir is not "":
log_file = log_dir + "/cms.json"
result.end(str(cmseek.total_requests), str(comptime), log_file)
'''
cmseek.result('Target: ', site)
cmseek.result("Detected CMS: ", cms_info['name'])
cmseek.update_log('cms_name', cms_info['name']) # update log
cmseek.result("CMS URL: ", cms_info['url'])
cmseek.update_log('cms_url', cms_info['url']) # update log
'''
return
else:
print('\n')
cmseek.error(
'CMS Detection failed, if you know the cms please help me improve CMSeeK by reporting the cms along with the target by creating an issue'
)
print('''
{2}Create issue:{3} https://github.com/Tuhinshubhra/CMSeeK/issues/new
{4}Title:{5} [SUGGESTION] CMS detction failed!
{6}Content:{7}
- CMSeeK Version: {0}
- Target: {1}
- Probable CMS: <name and/or cms url>
N.B: Create issue only if you are sure, please avoid spamming!
'''.format(cmseek.cmseek_version, site, cmseek.bold, cmseek.cln,
cmseek.bold, cmseek.cln, cmseek.bold, cmseek.cln))
return
return
def start(id, url, ua, ga, source, detection_method):
'''
id = ID of the cms
url = URL of target
ua = User Agent
ga = [0/1] is GENERATOR meta tag available
source = source code
'''
## Do shits later [update from later: i forgot what shit i had to do ;___;]
if id == "wp":
# referenced before assignment fix
vulnss = version = wpvdbres = result = plugins_found = usernames = usernamesgen = '0'
cmseek.statement('Starting WordPress DeepScan')
# Check if site really is WordPress
if detection_method == 'source':
# well most of the wordpress false positives are from source detections.
cmseek.statement('Checking if the detection is false positive')
temp_domain = re.findall(
'^(?:https?:\/\/)?(?:[^@\n]+@)?(?:www\.)?([^:\/\n\?\=]+)',
url)[0]
wp_match_pattern = temp_domain + '\/wp-(content|include|admin)\/'
if not re.search(wp_match_pattern, source):
cmseek.error(
'Detection was false positive! CMSeeK is quitting!')
cmseek.success(
'Run CMSeeK with {0}{1}{2} argument next time'.format(
cmseek.fgreen, '--ignore-cms wp', cmseek.cln))
#cmseek.handle_quit()
return
# Version detection
version = wordpress_version_detect.start(id, url, ua, ga, source)
## Check for minor stuffs like licesnse readme and some open directory checks
cmseek.statement("Initiating open directory and files check")
## Readme.html
readmesrc = cmseek.getsource(url + '/readme.html', ua)
if readmesrc[
0] != '1': ## something went wrong while getting the source codes
cmseek.statement(
"Couldn't get readme file's source code most likely it's not present"
)
readmefile = '0' # Error Getting Readme file
elif 'Welcome. WordPress is a very special project to me.' in readmesrc[
1]:
readmefile = '1' # Readme file present
else:
readmefile = '2' # Readme file found but most likely it's not of wordpress
## license.txt
licsrc = cmseek.getsource(url + '/license.txt', ua)
if licsrc[0] != '1':
cmseek.statement('license file not found')
licfile = '0'
elif 'WordPress - Web publishing software' in licsrc[1]:
licfile = '1'
else:
licfile = '2'
## wp-content/uploads/ folder
wpupsrc = cmseek.getsource(url + '/wp-content/uploads/', ua)
if wpupsrc[0] != '1':
wpupdir = '0'
elif 'Index of /wp-content/uploads' in wpupsrc[1]:
wpupdir = '1'
else:
wpupdir = '2'
## xmlrpc
xmlrpcsrc = cmseek.getsource(url + '/xmlrpc.php', ua)
if xmlrpcsrc[0] != '1':
cmseek.statement('XML-RPC interface not available')
xmlrpc = '0'
elif 'XML-RPC server accepts POST requests only.' in xmlrpcsrc[1]:
xmlrpc = '1'
else:
xmlrpc = '2'
## Path disclosure
cmseek.statement('Looking for potential path disclosure')
path = path_disclosure.start(url, ua)
if path != "":
cmseek.success('Path disclosure detected, path: ' + cmseek.bold +
path + cmseek.cln)
## Check for user registration
usereg = check_reg.start(url, ua)
reg_found = usereg[0]
reg_url = usereg[1]
## Plugins Enumeration
plug_enum = wp_plugins_enum.start(source)
plugins_found = plug_enum[0]
plugins = plug_enum[1]
## Themes Enumeration
theme_enum = wp_theme_enum.start(source, url, ua)
themes_found = theme_enum[0]
themes = theme_enum[1]
## User enumeration
uenum = wp_user_enum.start(id, url, ua, ga, source)
usernamesgen = uenum[0]
usernames = uenum[1]
## Version Vulnerability Detection
if version != '0':
version_vuln = wp_vuln_scan.start(version, ua)
wpvdbres = version_vuln[0]
result = version_vuln[1]
if wpvdbres != '0' and version != '0':
vulnss = len(result['vulnerabilities'])
vfc = version_vuln[2]
### Deep Scan Results comes here
comptime = round(time.time() - cmseek.cstart, 2)
log_file = os.path.join(cmseek.log_dir, 'cms.json')
cmseek.clearscreen()
cmseek.banner("Deep Scan Results")
sresult.target(url)
sresult.cms('WordPress', version, 'https://wordpress.org')
#cmseek.result("Detected CMS: ", 'WordPress')
cmseek.update_log('cms_name', 'WordPress') # update log
#cmseek.result("CMS URL: ", "https://wordpress.org")
cmseek.update_log('cms_url', "https://wordpress.org") # update log
sresult.menu('[WordPress Deepscan]')
item_initiated = False
item_ended = False
if readmefile == '1':
sresult.init_item("Readme file found: " + cmseek.fgreen + url +
'/readme.html' + cmseek.cln)
cmseek.update_log('wp_readme_file', url + '/readme.html')
item_initiated = True
if licfile == '1':
cmseek.update_log('wp_license', url + '/license.txt')
if item_initiated == False:
sresult.init_item("License file: " + cmseek.fgreen + url +
'/license.txt' + cmseek.cln)
else:
sresult.item("License file: " + cmseek.fgreen + url +
'/license.txt' + cmseek.cln)
if wpvdbres == '1':
if item_initiated == False:
sresult.init_item('Changelog: ' + cmseek.fgreen +
str(result['changelog_url']) + cmseek.cln)
else:
sresult.item('Changelog: ' + cmseek.fgreen +
str(result['changelog_url']) + cmseek.cln)
cmseek.update_log('wp_changelog_file',
str(result['changelog_url']))
if wpupdir == '1':
cmseek.update_log('wp_uploads_directory',
url + '/wp-content/uploads')
if item_initiated == False:
sresult.init_item("Uploads directory has listing enabled: " +
cmseek.fgreen + url + '/wp-content/uploads' +
cmseek.cln)
else:
sresult.item("Uploads directory has listing enabled: " +
cmseek.fgreen + url + '/wp-content/uploads' +
cmseek.cln)
if xmlrpc == '1':
cmseek.update_log('xmlrpc', url + '/xmlrpc.php')
if item_initiated == False:
sresult.init_item("XML-RPC interface: " + cmseek.fgreen + url +
'/xmlrpc.php' + cmseek.cln)
else:
sresult.item("XML-RPC interface: " + cmseek.fgreen + url +
'/xmlrpc.php' + cmseek.cln)
if reg_found == '1':
sresult.item('User registration enabled: ' + cmseek.bold +
cmseek.fgreen + reg_url + cmseek.cln)
cmseek.update_log('user_registration', reg_url)
if path != "":
sresult.item('Path disclosure: ' + cmseek.bold + cmseek.orange +
path + cmseek.cln)
cmseek.update_log('path', path)
if plugins_found != 0:
plugs_count = len(plugins)
sresult.init_item("Plugins Enumerated: " + cmseek.bold +
cmseek.fgreen + str(plugs_count) + cmseek.cln)
wpplugs = ""
for i, plugin in enumerate(plugins):
plug = plugin.split(':')
wpplugs = wpplugs + plug[0] + ' Version ' + plug[1] + ','
if i == 0 and i != plugs_count - 1:
sresult.init_sub('Plugin: ' + cmseek.bold + cmseek.fgreen +
plug[0] + cmseek.cln)
sresult.init_subsub('Version: ' + cmseek.bold +
cmseek.fgreen + plug[1] + cmseek.cln)
sresult.end_subsub('URL: ' + cmseek.fgreen + url +
'/wp-content/plugins/' + plug[0] +
cmseek.cln)
elif i == plugs_count - 1:
sresult.empty_sub()
sresult.end_sub('Plugin: ' + cmseek.bold + cmseek.fgreen +
plug[0] + cmseek.cln)
sresult.init_subsub(
'Version: ' + cmseek.bold + cmseek.fgreen + plug[1] +
cmseek.cln, True, False)
sresult.end_subsub(
'URL: ' + cmseek.fgreen + url +
'/wp-content/plugins/' + plug[0] + cmseek.cln, True,
False)
else:
sresult.empty_sub()
sresult.sub_item('Plugin: ' + cmseek.bold + cmseek.fgreen +
plug[0] + cmseek.cln)
sresult.init_subsub('Version: ' + cmseek.bold +
cmseek.fgreen + plug[1] + cmseek.cln)
sresult.end_subsub('URL: ' + cmseek.fgreen + url +
'/wp-content/plugins/' + plug[0] +
cmseek.cln)
cmseek.update_log('wp_plugins', wpplugs)
sresult.empty_item()
if themes_found != 0:
thms_count = len(themes)
sresult.init_item("Themes Enumerated: " + cmseek.bold +
cmseek.fgreen + str(thms_count) + cmseek.cln)
wpthms = ""
for i, theme in enumerate(themes):
thm = theme.split(':')
thmz = thm[1].split('|')
wpthms = wpthms + thm[0] + ' Version ' + thmz[0] + ','
if i == 0 and i != thms_count - 1:
sresult.init_sub('Theme: ' + cmseek.bold + cmseek.fgreen +
thm[0] + cmseek.cln)
sresult.init_subsub('Version: ' + cmseek.bold +
cmseek.fgreen + thmz[0] + cmseek.cln)
if thmz[1] != '':
sresult.subsub('Theme Zip: ' + cmseek.bold +
cmseek.fgreen + url + thmz[1] +
cmseek.cln)
sresult.end_subsub('URL: ' + cmseek.fgreen + url +
'/wp-content/themes/' + thm[0] +
cmseek.cln)
elif i == thms_count - 1:
sresult.empty_sub(True)
sresult.end_sub('Theme: ' + cmseek.bold + cmseek.fgreen +
thm[0] + cmseek.cln)
sresult.init_subsub(
'Version: ' + cmseek.bold + cmseek.fgreen + thmz[0] +
cmseek.cln, True, False)
if thmz[1] != '':
sresult.subsub(
'Theme Zip: ' + cmseek.bold + cmseek.fgreen + url +
thmz[1] + cmseek.cln, True, False)
sresult.end_subsub(
'URL: ' + cmseek.fgreen + url + '/wp-content/themes/' +
thm[0] + cmseek.cln, True, False)
else:
sresult.sub_item('Theme: ' + cmseek.bold + cmseek.fgreen +
thm[0] + cmseek.cln)
sresult.init_subsub('Version: ' + cmseek.bold +
cmseek.fgreen + thmz[0] + cmseek.cln)
if thmz[1] != '':
sresult.subsub('Theme Zip: ' + cmseek.bold +
cmseek.fgreen + url + thmz[1] +
cmseek.cln)
sresult.end_subsub('URL: ' + cmseek.fgreen + url +
'/wp-content/themes/' + thm[0] +
cmseek.cln)
cmseek.update_log('wp_themes', wpthms)
sresult.empty_item()
if usernamesgen == '1':
user_count = len(usernames)
sresult.init_item("Usernames harvested: " + cmseek.bold +
cmseek.fgreen + str(user_count) + cmseek.cln)
wpunames = ""
for i, u in enumerate(usernames):
wpunames = wpunames + u + ","
if i == 0 and i != user_count - 1:
sresult.init_sub(cmseek.bold + cmseek.fgreen + u +
cmseek.cln)
elif i == user_count - 1:
sresult.end_sub(cmseek.bold + cmseek.fgreen + u +
cmseek.cln)
else:
sresult.sub_item(cmseek.bold + cmseek.fgreen + u +
cmseek.cln)
cmseek.update_log('wp_users', wpunames)
sresult.empty_item()
if version != '0':
# cmseek.result("Version: ", version)
cmseek.update_log('wp_version', version)
if wpvdbres == '1':
sresult.end_item('Version vulnerabilities: ' + cmseek.bold +
cmseek.fgreen + str(vulnss) + cmseek.cln)
cmseek.update_log('wp_vuln_count', str(vulnss))
if vulnss > 0:
for i, vuln in enumerate(result['vulnerabilities']):
if i == 0 and i != vulnss - 1:
sresult.empty_sub(False)
sresult.init_sub(
cmseek.bold + cmseek.fgreen +
str(vuln['title']) + cmseek.cln, False)
sresult.init_subsub(
"Type: " + cmseek.bold + cmseek.fgreen +
str(vuln['vuln_type']) + cmseek.cln, False,
True)
sresult.subsub(
"Link: " + cmseek.bold + cmseek.fgreen +
"http://wpvulndb.com/vulnerabilities/" +
str(vuln['id']) + cmseek.cln, False, True)
strvuln = str(vuln)
if 'cve' in strvuln:
for ref in vuln['references']['cve']:
sresult.subsub(
"CVE: " + cmseek.fgreen +
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+ str(ref) + cmseek.cln, False, True)
if 'exploitdb' in strvuln:
for ref in vuln['references']['exploitdb']:
sresult.subsub(
"ExploitDB Link: " + cmseek.fgreen +
"http://www.exploit-db.com/exploits/" +
str(ref) + cmseek.cln, False, True)
if 'metasploit' in strvuln:
for ref in vuln['references']['metasploit']:
sresult.subsub(
"Metasploit Module: " + cmseek.fgreen +
"http://www.metasploit.com/modules/" +
str(ref) + cmseek.cln, False, True)
if 'osvdb' in strvuln:
for ref in vuln['references']['osvdb']:
sresult.subsub(
"OSVDB Link: " + cmseek.fgreen +
"http://osvdb.org/" + str(ref) +
cmseek.cln, False, True)
if 'secunia' in strvuln:
for ref in vuln['references']['secunia']:
sresult.subsub(
"Secunia Advisory: " + cmseek.fgreen +
"http://secunia.com/advisories/" +
str(ref) + cmseek.cln, False, True)
if 'url' in strvuln:
for ref in vuln['references']['url']:
sresult.subsub(
"Reference: " + cmseek.fgreen +
str(ref) + cmseek.cln, False, True)
sresult.end_subsub(
"Fixed In Version: " + cmseek.bold +
cmseek.fgreen + str(vuln['fixed_in']) +
cmseek.cln, False, True)
elif i == vulnss - 1:
sresult.empty_sub(False)
sresult.end_sub(
cmseek.bold + cmseek.fgreen +
str(vuln['title']) + cmseek.cln, False)
sresult.init_subsub(
"Type: " + cmseek.bold + cmseek.fgreen +
str(vuln['vuln_type']) + cmseek.cln, False,
False)
sresult.subsub(
"Link: " + cmseek.bold + cmseek.fgreen +
"http://wpvulndb.com/vulnerabilities/" +
str(vuln['id']) + cmseek.cln, False, False)
strvuln = str(vuln)
if 'cve' in strvuln:
for ref in vuln['references']['cve']:
sresult.subsub(
"CVE: " + cmseek.fgreen +
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+ str(ref) + cmseek.cln, False, False)
if 'exploitdb' in strvuln:
for ref in vuln['references']['exploitdb']:
sresult.subsub(
"ExploitDB Link: " + cmseek.fgreen +
"http://www.exploit-db.com/exploits/" +
str(ref) + cmseek.cln, False, False)
if 'metasploit' in strvuln:
for ref in vuln['references']['metasploit']:
sresult.subsub(
"Metasploit Module: " + cmseek.fgreen +
"http://www.metasploit.com/modules/" +
str(ref) + cmseek.cln, False, False)
if 'osvdb' in strvuln:
for ref in vuln['references']['osvdb']:
sresult.subsub(
"OSVDB Link: " + cmseek.fgreen +
"http://osvdb.org/" + str(ref) +
cmseek.cln, False, False)
if 'secunia' in strvuln:
for ref in vuln['references']['secunia']:
sresult.subsub(
"Secunia Advisory: " + cmseek.fgreen +
"http://secunia.com/advisories/" +
str(ref) + cmseek.cln, False, False)
if 'url' in strvuln:
for ref in vuln['references']['url']:
sresult.subsub(
"Reference: " + cmseek.fgreen +
str(ref) + cmseek.cln, False, False)
sresult.end_subsub(
"Fixed In Version: " + cmseek.bold +
cmseek.fgreen + str(vuln['fixed_in']) +
cmseek.cln, False, False)
else:
sresult.empty_sub(False)
sresult.sub_item(
cmseek.bold + cmseek.fgreen +
str(vuln['title']) + cmseek.cln, False)
sresult.init_subsub(
"Type: " + cmseek.bold + cmseek.fgreen +
str(vuln['vuln_type']) + cmseek.cln, False,
True)
sresult.subsub(
"Link: " + cmseek.bold + cmseek.fgreen +
"http://wpvulndb.com/vulnerabilities/" +
str(vuln['id']) + cmseek.cln, False, True)
strvuln = str(vuln)
if 'cve' in strvuln:
for ref in vuln['references']['cve']:
sresult.subsub(
"CVE: " + cmseek.fgreen +
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+ str(ref) + cmseek.cln, False, True)
if 'exploitdb' in strvuln:
for ref in vuln['references']['exploitdb']:
sresult.subsub(
"ExploitDB Link: " + cmseek.fgreen +
"http://www.exploit-db.com/exploits/" +
str(ref) + cmseek.cln, False, True)
if 'metasploit' in strvuln:
for ref in vuln['references']['metasploit']:
sresult.subsub(
"Metasploit Module: " + cmseek.fgreen +
"http://www.metasploit.com/modules/" +
str(ref) + cmseek.cln, False, True)
if 'osvdb' in strvuln:
for ref in vuln['references']['osvdb']:
sresult.subsub(
"OSVDB Link: " + cmseek.fgreen +
"http://osvdb.org/" + str(ref) +
cmseek.cln, False, True)
if 'secunia' in strvuln:
for ref in vuln['references']['secunia']:
sresult.subsub(
"Secunia Advisory: " + cmseek.fgreen +
"http://secunia.com/advisories/" +
str(ref) + cmseek.cln, False, True)
if 'url' in strvuln:
for ref in vuln['references']['url']:
sresult.subsub(
"Reference: " + cmseek.fgreen +
str(ref) + cmseek.cln, False, True)
sresult.end_subsub(
"Fixed In Version: " + cmseek.bold +
cmseek.fgreen + str(vuln['fixed_in']) +
cmseek.cln, False, True)
sresult.end(str(cmseek.total_requests), str(comptime), log_file)
return
return
def start(id, url, ua, ga, source):
# init variables
vuln_detection = '0'
vuln_count = 0
joom_vulns = []
# Version Detection
version = version_detect.start(id, url, ua, ga, source)
# Detecting joomla core vulnerabilities
jcv = core_vuln.start(version)
vuln_detection = jcv[0]
vuln_count = jcv[1]
joom_vulns = jcv[2]
# README.txt
readmesrc = cmseek.getsource(url + '/README.txt', ua)
if readmesrc[
0] != '1': ## something went wrong while getting the source codes
cmseek.statement(
"Couldn't get readme file's source code most likely it's not present"
)
readmefile = '0'
elif 'This is a Joomla!' in readmesrc[1]:
cmseek.info('README.txt file found')
readmefile = '1' # Readme file present
else:
readmefile = '2' # Readme file found but most likely it's not of joomla
# Debug Mode
cmseek.info('Checking debug mode status')
debug_mode = check_debug.start(source)
# Check user registration status
cmseek.statement('Checking if user registration is enabled')
registration = user_registration.start(url, ua)
# Find admin url
cmseek.info('Locating admin url')
admin = admin_finder.start(url, ua)
# Backups check
cmseek.info('Checking for common Backups')
backups = backup_finder.start(url, ua)
# Check Potential configuration file leak
cmseek.info('Looking for potential config leak')
configs = config_check.start(url, ua)
# Checking for directory listing
cmseek.statement('Checking for directory listing')
directories = dir_list.start(url, ua)
### THE RESULTS START FROM HERE
cmseek.clearscreen()
cmseek.banner("Deep Scan Results")
cmseek.result('Target: ', url)
cmseek.result("Detected CMS: ", 'Joomla')
cmseek.update_log('cms_name', 'joomla') # update log
cmseek.result("CMS URL: ", "https://joomla.org")
cmseek.update_log('cms_url', "https://joomla.org") # update log
if version != '0':
cmseek.result("Joomla Version: ", version)
cmseek.update_log('joomla_version', version)
if registration[0] == '1':
cmseek.result('User registration enabled: ', registration[1])
cmseek.update_log('user_registration_url', registration[1])
if debug_mode == '1':
cmseek.result('Debug mode enabled', '')
cmseek.update_log('joomla_debug_mode', 'enabled')
else:
cmseek.update_log('joomla_debug_mode', 'disabled')
if readmefile == '1':
cmseek.result('Readme file: ', url + '/README.txt')
cmseek.update_log('joomla_readme_file', url + '/README.txt')
if admin[0] > 0:
cmseek.result('Admin URL: ', url + admin[1][0])
admin_log = ''
for adm in admin[1]:
admin_log += url + '/' + adm + ','
# print(cmseek.bold + cmseek.fgreen + " [B] " + cmseek.cln + url + '/' + adm)
cmseek.update_log('joomla_backup_files', admin_log)
print('\n')
if directories[0] > 0:
cmseek.result('Open directories: ', str(directories[0]))
cmseek.success('Open directory url: ')
dirs = ''
for dir in directories[1]:
dirs += url + '/' + dir + ','
print(cmseek.bold + cmseek.fgreen + " [>] " + cmseek.cln + url +
dir)
cmseek.update_log('directory_listing', dirs)
print('\n')
if backups[0] > 0:
cmseek.result('Found potential backup file: ', str(backups[0]))
cmseek.success('Backup URLs: ')
bkup_log = ''
for backup in backups[1]:
bkup_log += url + '/' + backup + ','
print(cmseek.bold + cmseek.fgreen + " [B] " + cmseek.cln + url +
'/' + backup)
cmseek.update_log('joomla_backup_files', bkup_log)
print('\n')
if configs[0] > 0:
cmseek.result('Found potential Config file: ', str(configs[0]))
cmseek.success('Config URLs: ')
conf_log = ''
for config in configs[1]:
conf_log += url + '/' + config + ','
print(cmseek.bold + cmseek.fgreen + " [c] " + cmseek.cln + url +
'/' + config)
cmseek.update_log('joomla_config_files', conf_log)
print('\n')
if vuln_detection == '1' and vuln_count > 0:
cmseek.result('Total joomla core vulnerabilities: ', str(vuln_count))
cmseek.info('Vulnerabilities found: \n')
for vuln in joom_vulns:
vuln = vuln.replace('\\n', cmseek.cln + '\n ')
print(cmseek.bold + cmseek.red + '[v] ' + vuln)
print('\n')
elif vuln_detection == '2':
cmseek.warning(
'Couldn\'t find core vulnerabilities, No VERSION detected')
elif vuln_detection == '3':
cmseek.error('Core vulnerability database not found!')
else:
cmseek.warning('No core vulnerabilities detected!')
def start(
id, url, ua, ga, source
): ## ({ID of the cms}, {url of target}, {User Agent}, {is Generator Meta tag available [0/1]}, {Source code})
## Do shits later [update from later: i forgot what shit i had to do ;___;]
if id == "wp":
# referenced before assignment fix
version = wpvdbres = result = plugins_found = usernames = usernamesgen = '0'
cmseek.statement('Starting WordPress DeepScan')
# Version detection
version = wordpress_version_detect.start(id, url, ua, ga, source)
## Check for minor stuffs like licesnse readme and some open directory checks
cmseek.statement("Initiating open directory and files check")
## Readme.html
readmesrc = cmseek.getsource(url + '/readme.html', ua)
if readmesrc[
0] != '1': ## something went wrong while getting the source codes
cmseek.statement(
"Couldn't get readme file's source code most likely it's not present"
)
readmefile = '0' # Error Getting Readme file
elif 'Welcome. WordPress is a very special project to me.' in readmesrc[
1]:
readmefile = '1' # Readme file present
else:
readmefile = '2' # Readme file found but most likely it's not of wordpress
## license.txt
licsrc = cmseek.getsource(url + '/license.txt', ua)
if licsrc[0] != '1':
cmseek.statement('license file not found')
licfile = '0'
elif 'WordPress - Web publishing software' in licsrc[1]:
licfile = '1'
else:
licfile = '2'
## wp-content/uploads/ folder
wpupsrc = cmseek.getsource(url + '/wp-content/uploads/', ua)
if wpupsrc[0] != '1':
wpupdir = '0'
elif 'Index of /wp-content/uploads' in wpupsrc[1]:
wpupdir = '1'
else:
wpupdir = '2'
## xmlrpc
xmlrpcsrc = cmseek.getsource(url + '/xmlrpc.php', ua)
if xmlrpcsrc[0] != '1':
cmseek.statement('XML-RPC interface not available')
xmlrpc = '0'
elif 'XML-RPC server accepts POST requests only.' in xmlrpcsrc[1]:
xmlrpc = '1'
else:
xmlrpc = '2'
## Plugins Enumeration
plug_enum = wp_plugins_enum.start(source)
plugins_found = plug_enum[0]
plugins = plug_enum[1]
## Themes Enumeration
theme_enum = wp_theme_enum.start(source)
themes_found = theme_enum[0]
themes = theme_enum[1]
## User enumeration
uenum = wp_user_enum.start(id, url, ua, ga, source)
usernamesgen = uenum[0]
usernames = uenum[1]
## Version Vulnerability Detection
version_vuln = wp_vuln_scan.start(version, ua)
wpvdbres = version_vuln[0]
result = version_vuln[1]
vfc = version_vuln[2]
### Deep Scan Results comes here
cmseek.clearscreen()
cmseek.banner("Deep Scan Results")
cmseek.result("Detected CMS: ", 'WordPress')
cmseek.update_log('cms_name', 'WordPress') # update log
cmseek.result("CMS URL: ", "https://wordpress.org")
cmseek.update_log('cms_url', "https://wordpress.org") # update log
if version != '0':
cmseek.result("Version: ", version)
cmseek.update_log('wp_version', version)
if wpvdbres == '1':
cmseek.result("Changelog URL: ", str(result['changelog_url']))
cmseek.update_log('wp_changelog_file',
str(result['changelog_url']))
if readmefile == '1':
cmseek.result("Readme file found: ", url + '/readme.html')
cmseek.update_log('wp_readme_file', url + '/readme.html')
if licfile == '1':
cmseek.result("License file found: ", url + '/license.txt')
if wpupdir == '1':
cmseek.result("Uploads directory has listing enabled: ",
url + '/wp-content/uploads')
cmseek.update_log('wp_uploads_directory',
url + '/wp-content/uploads')
if xmlrpc == '1':
cmseek.result("XML-RPC interface available: ", url + '/xmlrpc.php')
cmseek.update_log('wp_uploads_directory', url + '/xmlrpc.php')
if plugins_found != 0:
print('\n')
cmseek.result("Plugins Enumerated: ", '')
print(" |")
wpplugs = ""
for plugin in plugins:
plug = plugin.split(':')
wpplugs = wpplugs + plug[0] + ' Version ' + plug[1] + ','
cmseek.success(cmseek.bold + plug[0] + ' Version ' + plug[1] +
cmseek.cln)
cmseek.update_log('wp_plugins', wpplugs)
if themes_found != 0:
print('\n')
cmseek.result("themes Enumerated: ", '')
print(" |")
wpthms = ""
for theme in themes:
thm = theme.split(':')
wpthms = wpthms + thm[0] + ' Version ' + thm[1] + ','
cmseek.success(cmseek.bold + thm[0] + ' Version ' + thm[1] +
cmseek.cln)
cmseek.result('Theme URL: ',
url + '/wp-content/themes/' + thm[0] + '/')
cmseek.update_log('wp_plugins', wpthms)
if usernamesgen == '1':
print('\n')
cmseek.result("Usernames Harvested: ", '')
print(" |")
wpunames = ""
for u in usernames:
wpunames = wpunames + u + ","
cmseek.success(cmseek.bold + u + cmseek.cln)
print('\n')
cmseek.update_log('wp_users', wpunames)
if wpvdbres == '1':
cmseek.result("Vulnerability Count: ",
str(len(result['vulnerabilities'])))
cmseek.update_log('wp_vuln_count',
str(len(result['vulnerabilities'])))
cmseek.update_log('wpvulndb_url',
"https://wpvulndb.com/api/v2/wordpresses/" + vfc)
if len(result['vulnerabilities']) > 0:
cmseek.success("Displaying all the vulnerabilities")
for vuln in result['vulnerabilities']:
print("\n")
cmseek.result("Title: ", str(vuln['title']))
cmseek.result("Type: ", str(vuln['vuln_type']))
cmseek.result("Fixed In Version: ", str(vuln['fixed_in']))
cmseek.result(
"Link: ", "http://wpvulndb.com/vulnerabilities/" +
str(vuln['id']))
strvuln = str(vuln)
if 'cve' in strvuln:
for ref in vuln['references']['cve']:
cmseek.result(
"CVE: ",
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+ str(ref))
if 'exploitdb' in strvuln:
for ref in vuln['references']['exploitdb']:
cmseek.result(
"ExploitDB Link: ",
"http://www.exploit-db.com/exploits/" +
str(ref))
if 'metasploit' in strvuln:
for ref in vuln['references']['metasploit']:
cmseek.result(
"Metasploit Module: ",
"http://www.metasploit.com/modules/" +
str(ref))
if 'osvdb' in strvuln:
for ref in vuln['references']['osvdb']:
cmseek.result("OSVDB Link: ",
"http://osvdb.org/" + str(ref))
if 'secunia' in strvuln:
for ref in vuln['references']['secunia']:
cmseek.result(
"Secunia Advisory: ",
"http://secunia.com/advisories/" + str(ref))
if 'url' in strvuln:
for ref in vuln['references']['url']:
cmseek.result("Reference: ", str(ref))
else:
cmseek.warning(
'No vulnerabilities discovered in this version yet!')
return
else:
cmseek.error("Could not look up version vulnerabilities")
return
return
def start():
cmseek.clearscreen()
cmseek.banner("OpenCart Bruteforce Module")
url = cmseek.targetinp("") # input('Enter Url: ')
cmseek.info("Checking for OpenCart")
bsrc = cmseek.getsource(url, cmseek.randomua('foodislove'))
if bsrc[0] != '1':
cmseek.error("Could not get target source, CMSeek is quitting")
cmseek.handle_quit()
else:
try1 = source.generator(bsrc[1])
if try1[0] == '1' and try1[1] == 'oc':
occnf = '1'
else:
try2 = source.check(bsrc[1], url)
if try2[0] == '1' and try2[1] == 'oc':
occnf = '1'
else:
occnf = '0'
if occnf != '1':
cmseek.error('Could not confirm OpenCart... CMSeek is quitting')
cmseek.handle_quit()
else:
cmseek.success(
"OpenCart Confirmed... Checking for OpenCart login form")
ocloginsrc = cmseek.getsource(url + '/admin/index.php',
cmseek.randomua('thatsprettygay'))
if ocloginsrc[0] == '1' and '<form' in ocloginsrc[
1] and 'route=common/login' in ocloginsrc[1]:
cmseek.success("Login form found!")
ocparamuser = ['']
rawuser = input(
"[~] Enter Usernames with coma as separation without any space (example: cris,harry): "
).split(',')
for rusr in rawuser:
ocparamuser.append(rusr)
ocbruteusers = set(ocparamuser) ## Strip duplicate usernames
for user in ocbruteusers:
if user != '':
passfound = '0'
print('\n')
cmseek.info("Bruteforcing User: "******"wordlist/passwords.txt", "r")
passwords = pwd_file.read().split('\n')
for password in passwords:
if password != '' and password != '\n':
sys.stdout.write('[*] Testing Password: '******'%s\r\r' % password)
sys.stdout.flush()
cursrc = testlogin(url, user, password)
if 'route=common/dashboard&user_token=' in str(
cursrc[3]):
cmseek.success('Password found!')
print(" |\n |--[username]--> " + cmseek.bold +
user + cmseek.cln +
"\n |\n |--[password]--> " +
cmseek.bold + password + cmseek.cln +
"\n |")
cmseek.success('Enjoy The Hunt!')
cmseek.savebrute(url, url + '/admin/index.php',
user, password)
passfound = '1'
break
else:
continue
break
if passfound == '0':
cmseek.error('\n\nCould Not find Password!')
print('\n\n')
else:
cmseek.error("Couldn't find login form... CMSeeK is quitting")
cmseek.handle_quit()
def start():
cmseek.clearscreen()
cmseek.banner("WordPress Bruteforce Module")
url = cmseek.targetinp("") # input('Enter Url: ')
cmseek.info("Checking for WordPress")
bsrc = cmseek.getsource(
url,
cmseek.randomua('thiscanbeanythingasfarasnowletitbewhatilovethemost'))
if bsrc[0] != '1':
# print(bsrc[1])
cmseek.error("Could not get target source, CMSeek is quitting")
cmseek.handle_quit()
else:
## Parse generator meta tag
parse_generator = generator.parse(bsrc[1])
ga = parse_generator[0]
ga_content = parse_generator[1]
try1 = generator.scan(ga_content)
if try1[0] == '1' and try1[1] == 'wp':
wpcnf = '1'
else:
try2 = source.check(bsrc[1], url)
if try2[0] == '1' and try2[1] == 'wp':
wpcnf = '1'
else:
wpcnf = '0'
if wpcnf != '1':
print(bsrc[1])
cmseek.error('Could not confirm WordPress... CMSeek is quitting')
cmseek.handle_quit()
else:
cmseek.success(
"WordPress Confirmed... Checking for WordPress login form")
wploginsrc = cmseek.getsource(url + '/wp-login.php',
cmseek.randomua('thatsprettygay'))
if wploginsrc[0] == '1' and '<form' in wploginsrc[1]:
cmseek.success(
"Login form found.. Detecting Username For Bruteforce")
wpparamuser = []
uenum = wp_user_enum.start('wp', url, cmseek.randomua('r'), '0',
bsrc[1])
usernamesgen = uenum[0]
wpparamuser = uenum[1]
if wpparamuser == []:
customuser = input(
"[~] CMSeek could not enumerate usernames, enter username if you know any: "
)
if customuser == "":
cmseek.error("No user found, CMSeek is quitting")
else:
wpparamuser.append(customuser)
wpbruteusers = set(wpparamuser)
for user in wpbruteusers:
passfound = '0'
print('\n')
cmseek.info("Bruteforcing User: "******"wordlist/passwords.txt", "r")
passwords = pwd_file.read().split('\n')
passwords.insert(0, user)
for password in passwords:
if password != '' and password != '\n':
sys.stdout.write('[*] Testing Password: '******'%s\r\r' % password)
sys.stdout.flush()
cursrc = cmseek.wpbrutesrc(url, user, password)
if 'wp-admin' in str(cursrc[3]):
cmseek.success('Password found!')
print(" |\n |--[username]--> " + cmseek.bold +
user + cmseek.cln +
"\n |\n |--[password]--> " + cmseek.bold +
password + cmseek.cln + "\n |")
cmseek.success('Enjoy The Hunt!')
cmseek.savebrute(url, url + '/wp-login.php', user,
password)
passfound = '1'
break
else:
continue
break
if passfound == '0':
cmseek.error('\n\nCould Not find Password!')
print('\n\n')
else:
cmseek.error("Couldn't find login form... CMSeeK is quitting")
# print(wploginsrc[1])
cmseek.handle_quit()
def start():
cmseek.clearscreen()
cmseek.banner("Drupal Bruteforce Module")
url = cmseek.targetinp("") # input('Enter Url: ')
cmseek.info("Checking for Drupal")
bsrc = cmseek.getsource(url, cmseek.randomua('onceuponatime'))
if bsrc[0] != '1':
cmseek.error("Could not get target source, CMSeek is quitting")
cmseek.handle_quit()
else:
## Parse generator meta tag
parse_generator = generator.parse(bsrc[1])
ga = parse_generator[0]
ga_content = parse_generator[1]
try1 = generator.scan(ga_content)
if try1[0] == '1' and try1[1] == 'dru':
drucnf = '1'
else:
try2 = source.check(
bsrc[1],
url) # Confirming Drupal using other source code checks
if try2[0] == '1' and try2[1] == 'dru':
drucnf = '1'
else:
try3 = header.check(bsrc[2]) # Headers Check!
if try3[0] == '1' and try3[1] == 'dru':
drucnf = '1'
else:
drucnf = '0'
if drucnf != '1':
cmseek.error('Could not confirm Drupal... CMSeek is quitting')
cmseek.handle_quit()
else:
cmseek.success("Drupal Confirmed... Checking for Drupal login form")
druloginsrc = cmseek.getsource(
url + '/user/login/',
cmseek.randomua('therelivedaguynamedkakashi'))
if druloginsrc[0] == '1' and '<form' in druloginsrc[
1] and 'name="form_id" value="' in druloginsrc[1]:
cmseek.success("Login form found! Retriving form id value")
fid = re.findall(r'name="form_id" value="(.*?)"', druloginsrc[1])
if fid == []:
cmseek.error("Could not find form_id, CMSeeK is quitting!")
cmseek.handle_quit()
else:
cmseek.success('form_id found: ' + cmseek.bold + fid[0] +
cmseek.cln)
form_id = fid[0]
druparamuser = ['']
rawuser = input(
"[~] Enter Usernames with coma as separation without any space (example: cris,harry): "
).split(',')
for rusr in rawuser:
druparamuser.append(rusr)
drubruteusers = set(druparamuser) ## Strip duplicate usernames
for user in drubruteusers:
if user != '':
print('\n')
cmseek.info("Bruteforcing User: "******"wordlist/passwords.txt", "r")
passwords = pwd_file.read().split('\n')
passwords.insert(0, user)
passfound = '0'
for password in passwords:
if password != '' and password != '\n':
sys.stdout.write('[*] Testing Password: '******'%s\r\r' % password)
sys.stdout.flush()
cursrc = testlogin(url, user, password, form_id)
# print(cursrc)
if '/user/login/' in str(cursrc):
continue
else:
cmseek.success('Password found! \n\n\n')
# print (cursrc)
cmseek.success('Password found!')
print(" |\n |--[username]--> " + cmseek.bold +
user + cmseek.cln +
"\n |\n |--[password]--> " +
cmseek.bold + password + cmseek.cln +
"\n |")
cmseek.success('Enjoy The Hunt!')
cmseek.savebrute(url, url + '/user/login',
user, password)
passfound = '1'
break
break
if passfound == '0':
cmseek.error('\n\nCould Not find Password!')
print('\n\n')
else:
cmseek.error("Couldn't find login form... CMSeeK is quitting")
cmseek.handle_quit()
'There was an error while creating result index! Some features might not work as intended. Press [ENTER] to continue:'
)
if args.url is not None:
s = args.url
target = cmseek.process_url(s)
if target != '0':
if cua == None:
cua = cmseek.randomua()
core.main_proc(target, cua)
cmseek.handle_quit()
elif args.list is not None:
sites = args.list
cmseek.clearscreen()
cmseek.banner("CMS Detection And Deep Scan")
sites_list = []
try:
ot = open(sites, 'r')
file_contents = ot.read().replace('\n', '')
sites_list = file_contents.split(',')
except FileNotFoundError:
cmseek.error('Invalid path! CMSeeK is quitting')
cmseek.bye()
if sites_list != []:
if cua == None:
cua = cmseek.randomua()
for s in sites_list:
s = s.replace(' ', '')
target = cmseek.process_url(s)
if target != '0':
def main_proc(site,cua):
cmseek.clearscreen()
cmseek.banner("CMS Detection And Deep Scan")
cmseek.info("Scanning Site: " + site)
cmseek.statement("User Agent: " + cua)
cmseek.statement("Collecting Headers and Page Source for Analysis")
init_source = cmseek.getsource(site, cua)
if init_source[0] != '1':
cmseek.error("Aborting CMSeek! Couldn't connect to site \n Error: %s" % init_source[1])
return
else:
scode = init_source[1]
headers = init_source[2]
if site != init_source[3] and site + '/' != init_source[3]:
cmseek.info('Target redirected to: ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln)
follow_redir = input('[#] Set ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln + ' as target? (y/n): ')
if follow_redir.lower() == 'y':
site = init_source[3]
cmseek.statement("Detection Started")
cmseek.statement("Using headers to detect CMS (Stage 1 of 2)")
c1 = header.check(headers)
if c1[0] == "1":
# Do this shit later
cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c1[1])
cmseek.update_log('detection_param','header') # update log
cmseek.update_log('cms_id',c1[1]) # update log
cka = getattr(cmsdb, c1[1])
if cka['deeps'] != '1': # Deep Scan
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
else:
cmseek.statement("CMS Version is detectable, detecting CMS Version")
### Detect version
cms_version = version_detect.start(c1[1], site, cua, '1', scode)
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
if cms_version != '0':
cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
cmseek.update_log('cms_version',cms_version) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
# return
else:
advanced.start(c1[1], site, cua, '2', scode) ## The 2 suggests that generator check has not been performed
else:
cmseek.warning('No luck with headers... Continuing with source code')
cmseek.statement("Checking for generator meta tag in source code")
if 'Generator' in scode or 'generator' in scode:
cmseek.success("Generator meta tag found.. Continuing with detection (2.1 of 2.2)")
ga = "1" ## Generator tag found .. this will come in handy later to save us some milliseconds ;)
c21 = source.generator(scode)
if c21[0] == '1':
cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c21[1])
cmseek.update_log('detection_param','generator') # update log
cmseek.update_log('cms_id',c21[1]) # update log
cka = getattr(cmsdb, c21[1])
if cka['deeps'] != '1': # Deep Scan not available
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
else:
cmseek.statement("CMS Version is detectable, detecting CMS Version")
### Detect version
cms_version = version_detect.start(c21[1], site, cua, '1', scode)
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
if cms_version != '0':
cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
cmseek.update_log('cms_version',cms_version) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
# return
else:
advanced.start(c21[1], site, cua, '1', scode)
elif c21[0] == '2': # Empty Source code
cmseek.error("Source code was empty... exiting CMSeek")
# return
else: ## CMS Detection unsuccessful via generator meta tag
cmseek.warning('Could not detect CMS from the generator meta tag, (Procceeding with scan 2.2 of 2.2)')
c22 = source.check(scode, site)
if c22[0] == '1':
cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c22[1])
cmseek.update_log('detection_param','source') # update log
cmseek.update_log('cms_id',c22[1]) # update log
cka = getattr(cmsdb, c22[1])
if cka['deeps'] != '1': # Deep Scan not available
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
else:
cmseek.statement("CMS Version is detectable, detecting CMS Version")
cms_version = version_detect.start(c22[1], site, cua, '1', scode)
### Detect version
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
if cms_version != '0':
cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
cmseek.update_log('cms_version',cms_version) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
return
else:
advanced.start(c22[1], site, cua, '1', scode)
elif c22[0] == '2': # Empty Source code
cmseek.error("Source code was empty... exiting CMSeek")
return
else:
cmseek.error("Couldn't detect cms... :( \n Sorry master didn't mean to dissapoint but bye for now \n Can't handle this much disappintment \n\n")
return
else:
cmseek.warning("Generator meta tag not found! (Procceeding with scan 2.2 of 2.2)")
ga = '0' ## Generator meta tag not found as i freakin said earlier this will come in handy later
c22 = source.check(scode, site)
if c22[0] == '1':
cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c22[1])
cmseek.update_log('detection_param','source') # update log
cmseek.update_log('cms_id',c22[1]) # update log
cka = getattr(cmsdb, c22[1])
if cka['deeps'] != '1': # Deep Scan not available
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
else:
cmseek.statement("CMS Version is detectable, detecting CMS Version")
cms_version = version_detect.start(c22[1], site, cua, '0', scode)
### Detect version
print('\n')
cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',cka['name']) # update log
if cms_version != '0':
cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
cmseek.update_log('cms_version',cms_version) # update log
cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',cka['url']) # update log
return
else:
advanced.start(c22[1], site, cua, '0', scode)
elif c22[0] == '2': # Empty Source code
cmseek.error("Source code was empty... exiting CMSeek")
return
else:
cmseek.error("Couldn't detect cms... :( \n Sorry master didn't mean to dissapoint but bye for now \n Can't handle this much disappintment \n\n")
return
def deep(
id, url, ua, ga, source
): ## ({ID of the cms}, {url of target}, {User Agent}, {is Generator Meta tag available [0/1]}, {Source code})
## Do shits later [update from later: i forgot what shit i had to do ;___;]
if id == "wp":
cmseek.statement('Starting WordPress DeepScan')
# Version detection
cmseek.statement('Detecting Version and vulnerabilities')
if ga == '1' or ga == '2' or ga == '3': ## something good was going to happen but my sleep messed it up TODO: will fix it later
cmseek.statement(
'Generator Tag Available... Trying version detection using generator meta tag'
)
rr = re.findall(
r'<meta name=\"generator\" content=\"WordPress (.*?)\"',
source)
if rr != []:
version = rr[0]
cmseek.success("Version Detected, WordPress Version %s" %
version)
else:
cmseek.warning(
"Generator tag was a big failure.. looking up /feed/")
fs = cmseek.getsource(url + '/feed/', ua)
if fs[0] != '1': # Something messed up real bad
cmseek.warning("Couldn't get feed source code, Error: %s" %
fs[1])
else:
fv = re.findall(
r'<generator>https://wordpress.org/\?v=(.*?)</generator>',
fs[1])
if fv != []: # Not empty good news xD
version = fv[0]
cmseek.success(
"Version Detected, WordPress Version %s" % version)
else:
cmseek.warning(
"Well even feed was a failure... let's lookup wp-links-opml then"
)
opmls = cmseek.getsource(url + '/wp-links-opml.php',
ua)
if opmls[0] != '1': # Something messed up real bad
cmseek.warning(
"Couldn't get wp-links-links source code, Error: %s"
% opmls[1])
else:
fv = re.findall(r'generator=\"wordpress/(.*?)\"',
opmls[1])
if fv != []: # Not empty good news xD || you can guess it's copied right?
version = fv[0]
cmseek.success(
"Version Detected, WordPress Version %s" %
version)
else:
## new version detection methods will be added in the future updates
cmseek.error(
"Couldn't Detect Version :( Sorry Master")
version = '0'
## Check for minor stuffs like licesnse readme and some open directory checks
cmseek.statement("Initiationg open directory and files check")
## Readme.html
readmesrc = cmseek.getsource(url + '/readme.html', ua)
if readmesrc[
0] != '1': ## something went wrong while getting the source codes
cmseek.warning(
"Couldn't get readme file's source code most likely it's not present"
)
readmefile = '0' # Error Getting Readme file
elif 'Welcome. WordPress is a very special project to me.' in readmesrc[
1]:
readmefile = '1' # Readme file present
else:
readmefile = '2' # Readme file found but most likely it's not of wordpress
## license.txt
licsrc = cmseek.getsource(url + '/license.txt', ua)
if licsrc[0] != '1':
cmseek.warning('license file not found')
licfile = '0'
elif 'WordPress - Web publishing software' in licsrc[1]:
licfile = '1'
else:
licfile = '2'
## wp-content/uploads/ folder
wpupsrc = cmseek.getsource(url + '/wp-content/uploads/', ua)
if wpupsrc[0] != '1':
wpupdir = '0'
elif 'Index of /wp-content/uploads' in wpupsrc[1]:
wpupdir = '1'
else:
wpupdir = '2'
## xmlrpc
xmlrpcsrc = cmseek.getsource(url + '/xmlrpc.php', ua)
if xmlrpcsrc[0] != '1':
cmseek.warning('XML-RPC interface not available')
xmlrpc = '0'
elif 'XML-RPC server accepts POST requests only.' in xmlrpcsrc[1]:
xmlrpc = '1'
else:
xmlrpc = '2'
## User enumeration
cmseek.info("Starting Username Harvest")
# User enumertion via site's json api
cmseek.info('Harvesting usernames from wp-json api')
wpjsonuser = []
wpjsonsrc = cmseek.getsource(url + '/wp-json/wp/v2/users', ua)
if wpjsonsrc[0] != "1" or 'slug' not in wpjsonsrc[1]:
cmseek.warning("Json api method failed trying with next")
else:
for user in json.loads(wpjsonsrc[1]):
wpjsonuser.append(user['slug'])
cmseek.success("Found User: %s" % user['slug'])
# user enumertion vua jetpack api
cmseek.info('Harvesting usernames from jetpack public api')
jpapiuser = []
strippedurl = url.replace('http://', '')
strippedurl = strippedurl.replace(
'https://',
'') # Pretty sure it is an ugly solution but oh well
jpapisrc = cmseek.getsource(
'https://public-api.wordpress.com/rest/v1.1/sites/' +
strippedurl + '/posts?number=100&pretty=true&fields=author',
ua)
if jpapisrc[0] != '1' or 'login' not in jpapisrc[1]:
cmseek.warning(
'No results from jetpack api... maybe the site doesn\'t use jetpack'
)
else:
for user in json.loads(jpapisrc[1])['posts']:
jpapiuser.append(user['author']['login'])
cmseek.success("Found User: %s" % user['author']['login'])
jpapiuser = list(set(
usr.strip()
for usr in jpapiuser)) # Removing duplicate usernames
# the regular way of checking vua user Parameter -- For now just check upto 20 ids
cmseek.info('Harvesting usernames from wordpress author Parameter')
wpparamuser = []
usrrange = range(31)
pool = multiprocessing.Pool()
prepareenum = partial(wpauthorenum, ua, url)
res = pool.map(prepareenum, usrrange)
for r in res:
if r != None:
wpparamuser.append(r)
# Combine all the usernames that we collected
usernames = set(wpjsonuser + jpapiuser + wpparamuser)
if len(usernames) > 0:
usernamesgen = '1' # Some usernames were harvested
cmseek.success(cmseek.bold + str(len(usernames)) +
" Usernames" + cmseek.cln +
" was / were enumerated")
else:
usernamesgen = '0' # Failure
cmseek.warning("Couldn't enumerate usernames :( ")
## Version Vulnerability Detection
if version == "0":
cmseek.warning(
"Skipping version vulnerability scan as WordPress Version wasn't detected"
)
else: ## So we have a version let's scan for vulnerabilities
cmseek.info(
"Checking version vulnerabilities [props to wpvulndb for their awesome api ;)]"
)
vfc = version.replace(
'.', ''
) # NOT IMPORTANT: vfc = version for check well we have to kill all the .s in the version for looking it up on wpvulndb.. kinda weird if you ask me
ws = cmseek.getsource(
"https://wpvulndb.com/api/v2/wordpresses/" + vfc, ua)
print(ws[0])
if ws[0] == "1":
# wjson = json.loads(ws[1]) + vfd + "['release_date']"
wpvdbres = '1' ## We have the wpvulndb results
result = json.loads(ws[1])[version]
else:
wpvdbres = '0'
cmseek.error('Error Retriving data from wpvulndb')
### Deep Scan Results comes here
cmseek.clearscreen()
cmseek.banner("Deep Scan Results")
cmseek.result("Detected CMS: ", 'WordPress')
cmseek.update_log('cms_name', 'WordPress') # update log
cmseek.result("CMS URL: ", "https://wordpress.org")
cmseek.update_log('cms_url', "https://wordpress.org") # update log
if version != '0':
cmseek.result("Version: ", version)
cmseek.update_log('wp_version', version)
if wpvdbres == '1':
cmseek.result("Changelog URL: ", str(result['changelog_url']))
cmseek.update_log('wp_changelog_file',
str(result['changelog_url']))
if readmefile == '1':
cmseek.result("Readme file found: ", url + '/readme.html')
cmseek.update_log('wp_readme_file', url + '/readme.html')
if licfile == '1':
cmseek.result("License file found: ", url + '/license.txt')
if wpupdir == '1':
cmseek.result("Uploads directory has listing enabled: ",
url + '/wp-content/uploads')
cmseek.update_log('wp_uploads_directory',
url + '/wp-content/uploads')
if xmlrpc == '1':
cmseek.result("XML-RPC interface available: ", url + '/xmlrpc.php')
cmseek.update_log('wp_uploads_directory', url + '/xmlrpc.php')
if usernamesgen == '1':
cmseek.result("Usernames Harvested: ", '')
wpunames = ""
for u in usernames:
wpunames = wpunames + u + ","
cmseek.success(cmseek.bold + u + cmseek.cln)
print('\n')
cmseek.update_log('wp_users', wpunames)
if wpvdbres == '1':
cmseek.result("Vulnerability Count: ",
str(len(result['vulnerabilities'])))
cmseek.update_log('wp_vuln_count',
str(len(result['vulnerabilities'])))
cmseek.update_log('wpvulndb_url',
"https://wpvulndb.com/api/v2/wordpresses/" + vfc)
if len(result['vulnerabilities']) > 0:
cmseek.success("Displaying all the vulnerabilities")
for vuln in result['vulnerabilities']:
print("\n")
cmseek.result("Vulnerability Title: ", str(vuln['title']))
cmseek.result("Vulnerability Type: ",
str(vuln['vuln_type']))
cmseek.result("Fixed In Version: ", str(vuln['fixed_in']))
cmseek.result(
"Vulnerability Link: ",
"http://wpvulndb.com/vulnerabilities/" +
str(vuln['id']))
strvuln = str(vuln)
if 'cve' in strvuln:
for ref in vuln['references']['cve']:
cmseek.result(
"Vulnerability CVE: ",
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-"
+ str(ref))
if 'exploitdb' in strvuln:
for ref in vuln['references']['exploitdb']:
cmseek.result(
"ExploitDB Link: ",
"http://www.exploit-db.com/exploits/" +
str(ref))
if 'metasploit' in strvuln:
for ref in vuln['references']['metasploit']:
cmseek.result(
"Metasploit Module: ",
"http://www.metasploit.com/modules/" +
str(ref))
if 'osvdb' in strvuln:
for ref in vuln['references']['osvdb']:
cmseek.result("OSVDB Link: ",
"http://osvdb.org/" + str(ref))
if 'secunia' in strvuln:
for ref in vuln['references']['secunia']:
cmseek.result(
"Secunia Advisory: ",
"http://secunia.com/advisories/" + str(ref))
if 'url' in strvuln:
for ref in vuln['references']['url']:
cmseek.result("Vulnerability Reference: ",
str(ref))
return
else:
cmseek.warning(
"No Vulnerabilities discovered in this version of WordPress as of yet"
)
return
return
print('\n')
cmseek.warning('Invalid URL: ' + cmseek.bold + s + cmseek.cln +
' Skipping to next')
print('\n')
cmseek.result(
'Finished Scanning all targets.. result has been saved under respective target directories',
'')
else:
cmseek.error("No url provided... CMSeeK is exiting")
cmseek.bye()
################################
### THE MAIN MENU ###
################################
cmseek.clearscreen()
cmseek.banner("")
print(" Input Description")
print("======= ==============================")
print(" [1] CMS detection and Deep scan")
print(" [2] Scan Multiple Sites")
print(" [3] Bruteforce CMSs")
print(" [U] Update CMSeeK")
print(" [R] Rebuild Cache (Use only when you add any custom module)")
print(" [0] Exit CMSeeK :( \n")
selone = input("Enter Your Desired Option: ").lower()
if selone == 'r':
cmseek.update_brute_cache()
elif selone == 'u':
cmseek.update()
elif selone == '0':
def main_proc(site, cua):
cmseek.clearscreen()
cmseek.banner("CMS Detection And Deep Scan")
cmseek.info("Scanning Site: " + site)
cmseek.statement("User Agent: " + cua)
cmseek.statement("Collecting Headers and Page Source for Analysis")
try:
ckreq = urllib.request.Request(site,
data=None,
headers={'User-Agent': cua})
with urllib.request.urlopen(ckreq) as response:
scode = response.read().decode()
headers = str(response.info())
except Exception as e:
e = str(e)
cmseek.error(
"Aborting CMSeek! Couldn't connect to site \n Error: %s" %
e) #TODO: remove the error msg later if possible
return
# TODO: The source code enumartion > save to site directory > print done
cmseek.statement("Detection Started")
cmseek.statement("Using headers to detect CMS (Stage 1 of 2)")
c1 = header.check(headers)
if c1[0] == "1":
# Do this shit later
cmseek.success(
"CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
% c1[1])
cmseek.update_log('detection_param', 'header') # update log
cmseek.update_log('cms_id', c1[1]) # update log
cka = getattr(cmsdb, c1[1])
if cka['deeps'] != '1': # Deep Scan
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold + cmseek.fgreen +
cka['name'] + cmseek.cln)
cmseek.update_log('cms_name', cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold + cmseek.fgreen +
cka['url'] + cmseek.cln)
cmseek.update_log('cms_url', cka['url']) # update log
else:
cmseek.statement(
"CMS Version is detectable, detecting CMS Version")
### Detect version
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold + cmseek.fgreen +
cka['name'] + cmseek.cln)
cmseek.update_log('cms_name', cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold + cmseek.fgreen +
cka['url'] + cmseek.cln)
cmseek.update_log('cms_url', cka['url']) # update log
# return
else:
advanced.deep(
c1[1], site, cua, '2', scode
) ## The 2 suggests that generator check has not been performed
else:
cmseek.warning('No luck with headers... Continuing with source code')
cmseek.statement("Checking for generator meta tag in source code")
if 'Generator' in scode or 'generator' in scode:
cmseek.success(
"Generator meta tag found.. Continuing with detection (2.1 of 2.2)"
)
ga = "1" ## Generator tag found .. this will come in handy later to save us some milliseconds ;)
c21 = source.generator(scode)
if c21[0] == '1':
cmseek.success(
"CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
% c21[1])
cmseek.update_log('detection_param', 'generator') # update log
cmseek.update_log('cms_id', c21[1]) # update log
cka = getattr(cmsdb, c21[1])
if cka['deeps'] != '1': # Deep Scan not available
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold + cmseek.fgreen +
cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',
cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold + cmseek.fgreen +
cka['url'] + cmseek.cln)
cmseek.update_log('cms_url', cka['url']) # update log
else:
cmseek.statement(
"CMS Version is detectable, detecting CMS Version")
### Detect version
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold + cmseek.fgreen +
cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',
cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold + cmseek.fgreen +
cka['url'] + cmseek.cln)
cmseek.update_log('cms_url', cka['url']) # update log
# return
else:
advanced.deep(c21[1], site, cua, '1', scode)
elif c21[0] == '2': # Empty Source code
cmseek.error("Source code was empty... exiting CMSeek")
# return
else: ## CMS Detection unsuccessful via generator meta tag
cmseek.warning(
'Could not detect CMS from the generator meta tag, (Procceeding with scan 2.2 of 2.2)'
)
c22 = source.check(scode, site)
if c22[0] == '1':
cmseek.success(
"CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
% c22[1])
cmseek.update_log('detection_param',
'source') # update log
cmseek.update_log('cms_id', c22[1]) # update log
cka = getattr(cmsdb, c22[1])
if cka['deeps'] != '1': # Deep Scan not available
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold +
cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',
cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold +
cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',
cka['url']) # update log
else:
cmseek.statement(
"CMS Version is detectable, detecting CMS Version"
)
### Detect version
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold +
cmseek.fgreen + cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',
cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold +
cmseek.fgreen + cka['url'] + cmseek.cln)
cmseek.update_log('cms_url',
cka['url']) # update log
return
else:
advanced.deep(c22[1], site, cua, '1', scode)
elif c22[0] == '2': # Empty Source code
cmseek.error("Source code was empty... exiting CMSeek")
return
else:
cmseek.error(
"Couldn't detect cms... :( \n Sorry master didn't mean to dissapoint but bye for now \n Can't handle this much disappintment \n\n"
)
return
else:
cmseek.warning(
"Generator meta tag not found! (Procceeding with scan 2.2 of 2.2)"
)
ga = '0' ## Generator meta tag not found as i freakin said earlier this will come in handy later
c22 = source.check(scode, site)
if c22[0] == '1':
cmseek.success(
"CMS Detected, CMS ID: \"%s\" - looking up database for CMS information"
% c22[1])
cmseek.update_log('detection_param', 'source') # update log
cmseek.update_log('cms_id', c22[1]) # update log
cka = getattr(cmsdb, c22[1])
if cka['deeps'] != '1': # Deep Scan not available
if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold + cmseek.fgreen +
cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',
cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold + cmseek.fgreen +
cka['url'] + cmseek.cln)
cmseek.update_log('cms_url', cka['url']) # update log
else:
cmseek.statement(
"CMS Version is detectable, detecting CMS Version")
### Detect version
print('\n')
cmseek.result(
'', "CMS Name: " + cmseek.bold + cmseek.fgreen +
cka['name'] + cmseek.cln)
cmseek.update_log('cms_name',
cka['name']) # update log
cmseek.result(
'', "CMS Link: " + cmseek.bold + cmseek.fgreen +
cka['url'] + cmseek.cln)
cmseek.update_log('cms_url', cka['url']) # update log
return
else:
advanced.deep(c22[1], site, cua, '0', scode)
elif c22[0] == '2': # Empty Source code
cmseek.error("Source code was empty... exiting CMSeek")
return
else:
cmseek.error(
"Couldn't detect cms... :( \n Sorry master didn't mean to dissapoint but bye for now \n Can't handle this much disappintment \n\n"
)
return
