2017-02-18 22:31:11 +00:00
|
|
|
#!/usr/bin/python
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
import requests
|
|
|
|
import argparse
|
2017-02-23 11:00:48 +00:00
|
|
|
from engine.core import *
|
|
|
|
from engine.load_plugins import *
|
|
|
|
from engine.wordpress import *
|
2017-02-24 13:30:20 +00:00
|
|
|
from engine.scan import *
|
2017-06-10 16:14:44 +00:00
|
|
|
from engine.fuzz import *
|
2017-06-10 18:58:40 +00:00
|
|
|
from engine.brute import *
|
2017-06-11 14:48:13 +00:00
|
|
|
from requests.packages.urllib3.exceptions import InsecureRequestWarning
|
2017-02-18 22:31:11 +00:00
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
|
2017-02-25 00:36:59 +00:00
|
|
|
print "_______________________________________________________________ "
|
2017-02-23 11:00:48 +00:00
|
|
|
print " _ _ _ "
|
|
|
|
print "| | | | | | "
|
|
|
|
print "| | | | ___ _ __ __| |_ __ _ __ ___ ___ ___ ___ __ _ _ __ "
|
|
|
|
print "| |/\| |/ _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|/ __/ _` | '_ \ "
|
|
|
|
print "\ /\ / (_) | | | (_| | |_) | | | __/\__ \__ \ (_| (_| | | | |"
|
|
|
|
print " \/ \/ \___/|_| \__,_| .__/|_| \___||___/___/\___\__,_|_| |_|"
|
|
|
|
print " | | "
|
|
|
|
print " |_| "
|
2017-02-27 14:50:11 +00:00
|
|
|
print " WordPress scanner based on wpscan work - @pentest_swissky "
|
2017-02-25 00:36:59 +00:00
|
|
|
print "_______________________________________________________________ "
|
2017-02-23 11:00:48 +00:00
|
|
|
|
|
|
|
parser = argparse.ArgumentParser()
|
|
|
|
parser.add_argument('-u', action ='store', dest='url', help="Wordpress URL")
|
|
|
|
parser.add_argument('--update', action ='store_const', const='update', dest='update', help="Update the database")
|
2017-02-27 14:50:11 +00:00
|
|
|
parser.add_argument('--aggressive', action ='store_const', const='aggressive', dest='aggressive', default=False, help="Update the database")
|
2017-06-10 16:14:44 +00:00
|
|
|
parser.add_argument('--fuzz', action ='store_const', const='fuzz', dest='fuzz', default=False, help="Fuzz the files")
|
2017-06-10 18:58:40 +00:00
|
|
|
parser.add_argument('--brute', action ='store', dest='brute', default=None, help="Bruteforce users and passwords")
|
2017-06-11 12:38:46 +00:00
|
|
|
parser.add_argument('--nocheck', action ='store_const', const='nocheck',dest='nocheck', default=False, help="Check for a Wordpress instance")
|
2017-03-05 15:58:15 +00:00
|
|
|
parser.add_argument('--random-agent', action ='store_const', const='random_agent', dest='random_agent', default=False, help="Random User-Agent")
|
2017-02-23 11:00:48 +00:00
|
|
|
results = parser.parse_args()
|
2017-03-05 17:34:36 +00:00
|
|
|
|
2017-02-23 11:00:48 +00:00
|
|
|
# Check wordpress url
|
|
|
|
if results.url != None:
|
2017-06-11 14:48:13 +00:00
|
|
|
# Disable warning for ssl verify=False
|
|
|
|
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
|
2017-02-25 00:36:59 +00:00
|
|
|
|
2017-06-10 16:14:44 +00:00
|
|
|
# Update scripts
|
|
|
|
if results.update != None:
|
2017-02-23 11:00:48 +00:00
|
|
|
database_update()
|
|
|
|
|
|
|
|
# Build a new wordpress object
|
2017-06-11 12:38:46 +00:00
|
|
|
wp = Wordpress(results.url, results.random_agent, results.nocheck)
|
2017-06-10 16:14:44 +00:00
|
|
|
|
2017-06-10 18:58:40 +00:00
|
|
|
# Launch bruteforce
|
|
|
|
Brute_Engine(wp, results.brute)
|
|
|
|
|
2017-06-10 16:14:44 +00:00
|
|
|
# Launch fuzzing
|
|
|
|
Fuzz_Engine(wp, results.fuzz)
|
|
|
|
|
|
|
|
# Launch scans
|
2017-02-27 14:50:11 +00:00
|
|
|
Scan_Engine(wp, results.aggressive)
|
2017-06-10 16:14:44 +00:00
|
|
|
|
|
|
|
# Load plugins for more functions
|
2017-03-05 17:34:36 +00:00
|
|
|
Load_Plugins(wp)
|
2017-02-18 22:31:11 +00:00
|
|
|
|
2017-02-23 11:00:48 +00:00
|
|
|
else:
|
2017-06-10 16:14:44 +00:00
|
|
|
parser.print_help()
|