From 2567ba845b2926b4158adc80fd49bd3282d96f6e Mon Sep 17 00:00:00 2001 From: Swissky Date: Sun, 5 Mar 2017 18:34:36 +0100 Subject: [PATCH] Plugin extension added + SVN files plugin --- engine/load_plugins.py | 31 ++++++++++++++++++++++++++++- main.py | 3 ++- plugins/{example.py => __init__.py} | 0 plugins/example-plugin.py | 14 +++++++++++++ plugins/svn-files.py | 17 ++++++++++++++++ 5 files changed, 63 insertions(+), 2 deletions(-) rename plugins/{example.py => __init__.py} (100%) create mode 100644 plugins/example-plugin.py create mode 100644 plugins/svn-files.py diff --git a/engine/load_plugins.py b/engine/load_plugins.py index ec69c5c..2d5ccf6 100644 --- a/engine/load_plugins.py +++ b/engine/load_plugins.py @@ -1,2 +1,31 @@ #!/usr/bin/python -# -*- coding: utf-8 -*- \ No newline at end of file +# -*- coding: utf-8 -*- +import requests +import re +import json +import os +import imp + +from wordpress import * + +class Load_Plugins: + plugin_folder = "./plugins" + + def __init__(self, wordpress): + available_plugins = os.listdir(self.plugin_folder) + + for plugins in available_plugins: + if not ".pyc" in plugins and not "__init__" in plugins: + + # Find and load the package + name = plugins.replace('.py','') + f, file, desc = imp.find_module('plugins', ['.']) + pkg = imp.load_module('plugins', f, file, desc) + + # Find and load the plugin + f, file, desc = imp.find_module(name, pkg.__path__) + loaded = imp.load_module('plugins.' + name, f, file, desc) + + # Run the __init__ + print notice('Plugin %s loaded.' % loaded.name) + loaded.__init__(wordpress) \ No newline at end of file diff --git a/main.py b/main.py index 7ec5b25..65e6335 100644 --- a/main.py +++ b/main.py @@ -27,7 +27,7 @@ if __name__ == "__main__": parser.add_argument('--aggressive', action ='store_const', const='aggressive', dest='aggressive', default=False, help="Update the database") parser.add_argument('--random-agent', action ='store_const', const='random_agent', dest='random_agent', default=False, help="Random User-Agent") results = parser.parse_args() - + # Check wordpress url if results.url != None: @@ -38,6 +38,7 @@ if __name__ == "__main__": # Build a new wordpress object wp = Wordpress(results.url, results.random_agent) Scan_Engine(wp, results.aggressive) + Load_Plugins(wp) else: parser.print_help() \ No newline at end of file diff --git a/plugins/example.py b/plugins/__init__.py similarity index 100% rename from plugins/example.py rename to plugins/__init__.py diff --git a/plugins/example-plugin.py b/plugins/example-plugin.py new file mode 100644 index 0000000..da8b869 --- /dev/null +++ b/plugins/example-plugin.py @@ -0,0 +1,14 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# name : Example Title +# description : Example description +# author : Wordpresscan Team + +import requests + +name = "Example-Plugin" + +def __init__(wordpress): + # INSERT CODE HERE! + return \ No newline at end of file diff --git a/plugins/svn-files.py b/plugins/svn-files.py new file mode 100644 index 0000000..3b2813f --- /dev/null +++ b/plugins/svn-files.py @@ -0,0 +1,17 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# name : SVN configuration files +# description : Check for the file http://blog.domain.com/.svn/text-base/wp-config.php.svn-base +# author : Wordpresscan Team + +import requests + +name = "SVN configuration files" + +def __init__(wordpress): + payload = ".svn/text-base/wp-config.php.svn-base" + r = requests.get(wordpress.url + payload, headers={"User-Agent":wordpress.agent}) + + if "200" in str(r): + print "Wordpress configuration found from SVN !" \ No newline at end of file