BUGFIX - nocheck index wasn't set + renamed plugin TY
Swissky
parent
5d60e74667
commit
142cdc79a8
|
|
@ -31,8 +31,8 @@ class Brute_Engine:
|
|||
print info("User found "+ brute)
|
||||
self.bruteforcing_pass(wordpress, brute)
|
||||
|
||||
# Exit after the bruteforce
|
||||
exit()
|
||||
# Exit the bruteforce
|
||||
exit()
|
||||
|
||||
"""
|
||||
name : bruteforcing_user(self, wordpress)
|
||||
|
|
@ -47,7 +47,7 @@ class Brute_Engine:
|
|||
for user in data:
|
||||
user = user.strip()
|
||||
data = {"log":user, "pwd":"wordpresscan"}
|
||||
if not "Invalid username" in requests.post(wordpress.url + "wp-login.php", data=data).text:
|
||||
if not "Invalid username" in requests.post(wordpress.url + "wp-login.php", data=data, verify=False).text:
|
||||
print info("User found "+ user)
|
||||
self.bruteforcing_pass(wordpress, user)
|
||||
|
||||
|
|
@ -69,6 +69,6 @@ class Brute_Engine:
|
|||
|
||||
print 'Bruteforcing - {}{}\r'.format( percent*"▓", (100-percent)*'░' ) ,
|
||||
|
||||
if not "The password you entered" in requests.post(wordpress.url + "wp-login.php", data=data).text:
|
||||
if not "The password you entered" in requests.post(wordpress.url + "wp-login.php", data=data, verify=False).text:
|
||||
print warning("Password found for {} : {}{}".format(user,pwd, ' '*100))
|
||||
break
|
||||
|
|
|
|||
|
|
@ -57,8 +57,8 @@ class Wordpress:
|
|||
description : detect a WordPress instance
|
||||
"""
|
||||
def is_wordpress(self, nocheck):
|
||||
self.index = requests.get(self.url, headers={"User-Agent":self.agent}, verify=False)
|
||||
if nocheck == False:
|
||||
self.index = requests.get(self.url, headers={"User-Agent":self.agent})
|
||||
if not "wp-" in self.index.text:
|
||||
print critical("Not a WordPress !")
|
||||
exit()
|
||||
|
|
@ -69,7 +69,7 @@ class Wordpress:
|
|||
"""
|
||||
def is_up_and_installed(self):
|
||||
try:
|
||||
r = requests.get(self.url, allow_redirects=False, headers={"User-Agent":self.agent} )
|
||||
r = requests.get(self.url, allow_redirects=False, headers={"User-Agent":self.agent} , verify=False)
|
||||
|
||||
if 'location' in r.headers:
|
||||
|
||||
|
|
@ -100,7 +100,7 @@ class Wordpress:
|
|||
description : get the readme file and extract the version is there is any
|
||||
"""
|
||||
def is_readme(self):
|
||||
r = requests.get(self.url + 'readme.html', headers={"User-Agent":self.agent})
|
||||
r = requests.get(self.url + 'readme.html', headers={"User-Agent":self.agent}, verify=False)
|
||||
|
||||
if "200" in str(r):
|
||||
|
||||
|
|
@ -118,7 +118,7 @@ class Wordpress:
|
|||
description : determine if there is a debug.log file
|
||||
"""
|
||||
def is_debug_log(self):
|
||||
r = requests.get(self.url + 'debug.log', headers={"User-Agent":self.agent})
|
||||
r = requests.get(self.url + 'debug.log', headers={"User-Agent":self.agent}, verify=False)
|
||||
if "200" in str(r) and not "404" in r.text :
|
||||
print critical( "Debug log file found: %s" % (self.url + 'debug.log') )
|
||||
|
||||
|
|
@ -130,7 +130,7 @@ class Wordpress:
|
|||
def is_backup_file(self):
|
||||
backup = ['wp-config.php~', 'wp-config.php.save', '.wp-config.php.swp', 'wp-config.php.swp', '.wp-config.php.swp', 'wp-config.php.swp', 'wp-config.php.swo', 'wp-config.php_bak', 'wp-config.bak', 'wp-config.php.bak', 'wp-config.save', 'wp-config.old', 'wp-config.php.old', 'wp-config.php.orig', 'wp-config.orig', 'wp-config.php.original', 'wp-config.original', 'wp-config.txt']
|
||||
for b in backup:
|
||||
r = requests.get(self.url + b, headers={"User-Agent":self.agent})
|
||||
r = requests.get(self.url + b, headers={"User-Agent":self.agent}, verify=False)
|
||||
if "200" in str(r) and not "404" in r.text :
|
||||
print critical("A wp-config.php backup file has been found in: %s" % (self.url + b) )
|
||||
|
||||
|
|
@ -140,7 +140,7 @@ class Wordpress:
|
|||
description : determine if there is an xml rpc interface
|
||||
"""
|
||||
def is_xml_rpc(self):
|
||||
r = requests.get(self.url + "xmlrpc.php", headers={"User-Agent":self.agent})
|
||||
r = requests.get(self.url + "xmlrpc.php", headers={"User-Agent":self.agent}, verify=False)
|
||||
if "200" in str(r) and "404" in r.text :
|
||||
print info("XML-RPC Interface available under: %s " % (self.url+"xmlrpc.php") )
|
||||
|
||||
|
|
@ -154,7 +154,7 @@ class Wordpress:
|
|||
dir_name = ["Uploads", "Includes"]
|
||||
|
||||
for directory, name in zip(directories,dir_name):
|
||||
r = requests.get(self.url + directory, headers={"User-Agent":self.agent})
|
||||
r = requests.get(self.url + directory, headers={"User-Agent":self.agent}, verify=False)
|
||||
if "Index of" in r.text:
|
||||
print warning("%s directory has directory listing enabled : %s" % (name, self.url + directory))
|
||||
|
||||
|
|
@ -164,7 +164,7 @@ class Wordpress:
|
|||
description : detect if a robots.txt file
|
||||
"""
|
||||
def is_robots_text(self):
|
||||
r = requests.get(self.url + "robots.txt", headers={"User-Agent":self.agent})
|
||||
r = requests.get(self.url + "robots.txt", headers={"User-Agent":self.agent}, verify=False)
|
||||
if "200" in str(r) and not "404" in r.text :
|
||||
print info("robots.txt available under: %s " % (self.url+"robots.txt") )
|
||||
lines = r.text.split('\n')
|
||||
|
|
@ -178,7 +178,7 @@ class Wordpress:
|
|||
description : detect a full path disclosure
|
||||
"""
|
||||
def full_path_disclosure(self):
|
||||
r = requests.get(self.url + "wp-includes/rss-functions.php", headers={"User-Agent":self.agent}).text
|
||||
r = requests.get(self.url + "wp-includes/rss-functions.php", headers={"User-Agent":self.agent}, verify=False).text
|
||||
regex = re.compile("Fatal error:.*? in (.*?) on", re.S)
|
||||
matches = regex.findall(r)
|
||||
|
||||
|
|
@ -191,7 +191,7 @@ class Wordpress:
|
|||
description : enumerate every users of the wordpress
|
||||
"""
|
||||
def enum_wordpress_users(self):
|
||||
r = requests.get(self.url + "wp-json/wp/v2/users", headers={"User-Agent":self.agent} )
|
||||
r = requests.get(self.url + "wp-json/wp/v2/users", headers={"User-Agent":self.agent} , verify=False)
|
||||
|
||||
if "200" in str(r):
|
||||
print notice("Enumerating Wordpress users")
|
||||
|
|
|
|||
3
main.py
3
main.py
|
|
@ -8,6 +8,7 @@ from engine.wordpress import *
|
|||
from engine.scan import *
|
||||
from engine.fuzz import *
|
||||
from engine.brute import *
|
||||
from requests.packages.urllib3.exceptions import InsecureRequestWarning
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
||||
|
|
@ -35,6 +36,8 @@ if __name__ == "__main__":
|
|||
|
||||
# Check wordpress url
|
||||
if results.url != None:
|
||||
# Disable warning for ssl verify=False
|
||||
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
|
||||
|
||||
# Update scripts
|
||||
if results.update != None:
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ name = "GIT configuration files"
|
|||
|
||||
def __init__(wordpress):
|
||||
payload = ".git/logs/HEAD"
|
||||
r = requests.get(wordpress.url + payload, headers={"User-Agent":wordpress.agent})
|
||||
r = requests.get(wordpress.url + payload, headers={"User-Agent":wordpress.agent}, verify=False)
|
||||
|
||||
if "200" in str(r):
|
||||
print "[+] Wordpress configuration found from GIT !"
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ name = "SVN configuration files"
|
|||
|
||||
def __init__(wordpress):
|
||||
payload = ".svn/text-base/wp-config.php.svn-base"
|
||||
r = requests.get(wordpress.url + payload, headers={"User-Agent":wordpress.agent})
|
||||
r = requests.get(wordpress.url + payload, headers={"User-Agent":wordpress.agent}, verify=False)
|
||||
|
||||
if "200" in str(r):
|
||||
print "[+] Wordpress configuration found from SVN !"
|
||||
|
|
|
|||
Loading…
Reference in New Issue