swisskyrepo
/
Wordpresscan
mirror of https://github.com/swisskyrepo/Wordpresscan.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUGFIX - nocheck index wasn't set + renamed plugin TY

pull/5/head
Swissky 2017-06-11 16:48:13 +02:00
parent 5d60e74667
commit 142cdc79a8
6 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
engine/brute.py
View File

@ -30,9 +30,9 @@ class Brute_Engine:
print notice("Bruteforcing " + brute) print notice("Bruteforcing " + brute)
print info("User found "+ brute) print info("User found "+ brute)
self.bruteforcing_pass(wordpress, brute) self.bruteforcing_pass(wordpress, brute)
# Exit after the bruteforce # Exit the bruteforce
exit() exit()
""" """
name : bruteforcing_user(self, wordpress) name : bruteforcing_user(self, wordpress)
@ -47,7 +47,7 @@ class Brute_Engine:
for user in data: for user in data:
user = user.strip() user = user.strip()
data = {"log":user, "pwd":"wordpresscan"} data = {"log":user, "pwd":"wordpresscan"}
if not "Invalid username" in requests.post(wordpress.url + "wp-login.php", data=data).text: if not "Invalid username" in requests.post(wordpress.url + "wp-login.php", data=data, verify=False).text:
print info("User found "+ user) print info("User found "+ user)
self.bruteforcing_pass(wordpress, user) self.bruteforcing_pass(wordpress, user)
@ -69,6 +69,6 @@ class Brute_Engine:
print 'Bruteforcing - {}{}\r'.format( percent*"", (100-percent)*'' ) , print 'Bruteforcing - {}{}\r'.format( percent*"", (100-percent)*'' ) ,
if not "The password you entered" in requests.post(wordpress.url + "wp-login.php", data=data).text: if not "The password you entered" in requests.post(wordpress.url + "wp-login.php", data=data, verify=False).text:
print warning("Password found for {} : {}{}".format(user,pwd, ' '*100)) print warning("Password found for {} : {}{}".format(user,pwd, ' '*100))
break break

20
engine/wordpress.py
View File

@ -57,8 +57,8 @@ class Wordpress:
description : detect a WordPress instance description : detect a WordPress instance
""" """
def is_wordpress(self, nocheck): def is_wordpress(self, nocheck):
self.index = requests.get(self.url, headers={"User-Agent":self.agent}, verify=False)
if nocheck == False: if nocheck == False:
self.index = requests.get(self.url, headers={"User-Agent":self.agent})
if not "wp-" in self.index.text: if not "wp-" in self.index.text:
print critical("Not a WordPress !") print critical("Not a WordPress !")
exit() exit()
@ -69,7 +69,7 @@ class Wordpress:
""" """
def is_up_and_installed(self): def is_up_and_installed(self):
try: try:
r = requests.get(self.url, allow_redirects=False, headers={"User-Agent":self.agent} ) r = requests.get(self.url, allow_redirects=False, headers={"User-Agent":self.agent} , verify=False)
if 'location' in r.headers: if 'location' in r.headers:
@ -100,7 +100,7 @@ class Wordpress:
description : get the readme file and extract the version is there is any description : get the readme file and extract the version is there is any
""" """
def is_readme(self): def is_readme(self):
r = requests.get(self.url + 'readme.html', headers={"User-Agent":self.agent}) r = requests.get(self.url + 'readme.html', headers={"User-Agent":self.agent}, verify=False)
if "200" in str(r): if "200" in str(r):
@ -118,7 +118,7 @@ class Wordpress:
description : determine if there is a debug.log file description : determine if there is a debug.log file
""" """
def is_debug_log(self): def is_debug_log(self):
r = requests.get(self.url + 'debug.log', headers={"User-Agent":self.agent}) r = requests.get(self.url + 'debug.log', headers={"User-Agent":self.agent}, verify=False)
if "200" in str(r) and not "404" in r.text : if "200" in str(r) and not "404" in r.text :
print critical( "Debug log file found: %s" % (self.url + 'debug.log') ) print critical( "Debug log file found: %s" % (self.url + 'debug.log') )
@ -130,7 +130,7 @@ class Wordpress:
def is_backup_file(self): def is_backup_file(self):
backup = ['wp-config.php~', 'wp-config.php.save', '.wp-config.php.swp', 'wp-config.php.swp', '.wp-config.php.swp', 'wp-config.php.swp', 'wp-config.php.swo', 'wp-config.php_bak', 'wp-config.bak', 'wp-config.php.bak', 'wp-config.save', 'wp-config.old', 'wp-config.php.old', 'wp-config.php.orig', 'wp-config.orig', 'wp-config.php.original', 'wp-config.original', 'wp-config.txt'] backup = ['wp-config.php~', 'wp-config.php.save', '.wp-config.php.swp', 'wp-config.php.swp', '.wp-config.php.swp', 'wp-config.php.swp', 'wp-config.php.swo', 'wp-config.php_bak', 'wp-config.bak', 'wp-config.php.bak', 'wp-config.save', 'wp-config.old', 'wp-config.php.old', 'wp-config.php.orig', 'wp-config.orig', 'wp-config.php.original', 'wp-config.original', 'wp-config.txt']
for b in backup: for b in backup:
r = requests.get(self.url + b, headers={"User-Agent":self.agent}) r = requests.get(self.url + b, headers={"User-Agent":self.agent}, verify=False)
if "200" in str(r) and not "404" in r.text : if "200" in str(r) and not "404" in r.text :
print critical("A wp-config.php backup file has been found in: %s" % (self.url + b) ) print critical("A wp-config.php backup file has been found in: %s" % (self.url + b) )
@ -140,7 +140,7 @@ class Wordpress:
description : determine if there is an xml rpc interface description : determine if there is an xml rpc interface
""" """
def is_xml_rpc(self): def is_xml_rpc(self):
r = requests.get(self.url + "xmlrpc.php", headers={"User-Agent":self.agent}) r = requests.get(self.url + "xmlrpc.php", headers={"User-Agent":self.agent}, verify=False)
if "200" in str(r) and "404" in r.text : if "200" in str(r) and "404" in r.text :
print info("XML-RPC Interface available under: %s " % (self.url+"xmlrpc.php") ) print info("XML-RPC Interface available under: %s " % (self.url+"xmlrpc.php") )
@ -154,7 +154,7 @@ class Wordpress:
dir_name = ["Uploads", "Includes"] dir_name = ["Uploads", "Includes"]
for directory, name in zip(directories,dir_name): for directory, name in zip(directories,dir_name):
r = requests.get(self.url + directory, headers={"User-Agent":self.agent}) r = requests.get(self.url + directory, headers={"User-Agent":self.agent}, verify=False)
if "Index of" in r.text: if "Index of" in r.text:
print warning("%s directory has directory listing enabled : %s" % (name, self.url + directory)) print warning("%s directory has directory listing enabled : %s" % (name, self.url + directory))
@ -164,7 +164,7 @@ class Wordpress:
description : detect if a robots.txt file description : detect if a robots.txt file
""" """
def is_robots_text(self): def is_robots_text(self):
r = requests.get(self.url + "robots.txt", headers={"User-Agent":self.agent}) r = requests.get(self.url + "robots.txt", headers={"User-Agent":self.agent}, verify=False)
if "200" in str(r) and not "404" in r.text : if "200" in str(r) and not "404" in r.text :
print info("robots.txt available under: %s " % (self.url+"robots.txt") ) print info("robots.txt available under: %s " % (self.url+"robots.txt") )
lines = r.text.split('\n') lines = r.text.split('\n')
@ -178,7 +178,7 @@ class Wordpress:
description : detect a full path disclosure description : detect a full path disclosure
""" """
def full_path_disclosure(self): def full_path_disclosure(self):
r = requests.get(self.url + "wp-includes/rss-functions.php", headers={"User-Agent":self.agent}).text r = requests.get(self.url + "wp-includes/rss-functions.php", headers={"User-Agent":self.agent}, verify=False).text
regex = re.compile("Fatal error:.*? in (.*?) on", re.S) regex = re.compile("Fatal error:.*? in (.*?) on", re.S)
matches = regex.findall(r) matches = regex.findall(r)
@ -191,7 +191,7 @@ class Wordpress:
description : enumerate every users of the wordpress description : enumerate every users of the wordpress
""" """
def enum_wordpress_users(self): def enum_wordpress_users(self):
r = requests.get(self.url + "wp-json/wp/v2/users", headers={"User-Agent":self.agent} ) r = requests.get(self.url + "wp-json/wp/v2/users", headers={"User-Agent":self.agent} , verify=False)
if "200" in str(r): if "200" in str(r):
print notice("Enumerating Wordpress users") print notice("Enumerating Wordpress users")

3
main.py
View File

@ -8,6 +8,7 @@ from engine.wordpress import *
from engine.scan import * from engine.scan import *
from engine.fuzz import * from engine.fuzz import *
from engine.brute import * from engine.brute import *
from requests.packages.urllib3.exceptions import InsecureRequestWarning
if __name__ == "__main__": if __name__ == "__main__":
@ -35,6 +36,8 @@ if __name__ == "__main__":
# Check wordpress url # Check wordpress url
if results.url != None: if results.url != None:
# Disable warning for ssl verify=False
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
# Update scripts # Update scripts
if results.update != None: if results.update != None:

2
plugins/git-files.py
View File

@ -11,7 +11,7 @@ name = "GIT configuration files"
def __init__(wordpress): def __init__(wordpress):
payload = ".git/logs/HEAD" payload = ".git/logs/HEAD"
r = requests.get(wordpress.url + payload, headers={"User-Agent":wordpress.agent}) r = requests.get(wordpress.url + payload, headers={"User-Agent":wordpress.agent}, verify=False)
if "200" in str(r): if "200" in str(r):
print "[+] Wordpress configuration found from GIT !" print "[+] Wordpress configuration found from GIT !"

2
plugins/svn-files.py
View File

@ -11,7 +11,7 @@ name = "SVN configuration files"
def __init__(wordpress): def __init__(wordpress):
payload = ".svn/text-base/wp-config.php.svn-base" payload = ".svn/text-base/wp-config.php.svn-base"
r = requests.get(wordpress.url + payload, headers={"User-Agent":wordpress.agent}) r = requests.get(wordpress.url + payload, headers={"User-Agent":wordpress.agent}, verify=False)
if "200" in str(r): if "200" in str(r):
print "[+] Wordpress configuration found from SVN !" print "[+] Wordpress configuration found from SVN !"

0
plugins/zexample.py → plugins/thank-you.py
View File