Basic Python 3 Conversion

pull/36/head
Robert Putt 2020-10-15 10:41:43 +01:00
parent 7485ef1050
commit f532162745
11 changed files with 99 additions and 104 deletions

View File

@ -6,9 +6,9 @@ import json
import os
import urllib
from core import *
from wordpress import *
from thread_engine import ThreadEngine
from engine.core import *
from engine.wordpress import *
from engine.thread_engine import ThreadEngine
class Brute_Engine:
def __init__(self, wordpress, brute, usernames, users_list, passwords_list):
@ -39,7 +39,7 @@ class Brute_Engine:
print(notice("Bruteforcing detected users: "))
for user in wordpress.users:
print info("User found "+ user['slug'])
print(info("User found "+ user['slug']))
self.bruteforcing_pass(wordpress, user['slug'], passwords_list)

View File

@ -62,14 +62,14 @@ description : download and update the database from wpscan website
warning : user-agents.txt and timthumbs.txt are zip files
"""
def database_update():
print "\033[93mUpdating database\033[92m - Last update: \033[0m" + database_last_date('database/local_vulnerable_files.xml')
print("\033[93mUpdating database\033[92m - Last update: \033[0m" + database_last_date('database/local_vulnerable_files.xml'))
update_url = "https://data.wpscan.org/"
update_files = [ 'local_vulnerable_files.xml', 'local_vulnerable_files.xsd',
'timthumbs.txt', 'user-agents.txt', 'wp_versions.xml', 'wp_versions.xsd',
'wordpresses.json', 'plugins.json', 'themes.json']
for f in update_files:
print "\t\033[93mDownloading \033[0m"+ f +" \033[92mFile updated !\033[0m"
print("\t\033[93mDownloading \033[0m"+ f +" \033[92mFile updated !\033[0m")
download_raw_file(update_url+f, "database/"+f, True)
unzip_file("database/user-agents.txt")
@ -214,26 +214,26 @@ def display_vulnerable_component(name, version, file):
with open('database/' + file + '.json') as data_file:
data = json.load(data_file)
print warning("Name: %s - v%s" % (name, version))
print(warning("Name: %s - v%s" % (name, version)))
if name in data.keys():
# Display the out of date info if the version is lower of the latest version
if is_lower(version, data[name]['latest_version'], False):
print info("The version is out of date, the latest version is %s" % data[name]['latest_version'])
print(info("The version is out of date, the latest version is %s" % data[name]['latest_version']))
# Display the vulnerability if it's not patched version
for vuln in data[name]['vulnerabilities']:
if 'fixed_in' in vuln.keys() and (vuln['fixed_in'] == None or is_lower(version, vuln['fixed_in'], True)):
# Main informations
print "\t",vulnerable("%s : %s - ID:%s" % (vuln['vuln_type'], vuln['title'] , vuln['id']) )
print "\t",display("Fixed in %s"% vuln['fixed_in'])
print("\t",vulnerable("%s : %s - ID:%s" % (vuln['vuln_type'], vuln['title'] , vuln['id']) ))
print("\t",display("Fixed in %s"% vuln['fixed_in']))
# Display references
print "\t",display("References:")
print("\t",display("References:"))
for refkey in vuln['references'].keys():
for ref in vuln['references'][refkey]:
if refkey != 'url':
print "\t\t - %s %s" % (refkey.capitalize(), ref)
print("\t\t - %s %s" % (refkey.capitalize(), ref))
else:
print "\t\t - %s" %ref
print("\t\t - %s" % ref)

View File

@ -5,8 +5,8 @@ import re
import json
from tornado import ioloop, httpclient
from core import *
from wordpress import *
from engine.core import *
from engine.wordpress import *
from lxml import etree
from multiprocessing import Process, Pool
@ -22,7 +22,7 @@ class Fuzz_Engine:
description : fuzz every component used by the wordpress
"""
def fuzzing_component_aggressive(self, wordpress):
print notice("Enumerating components from aggressive fuzzing ...")
print(notice("Enumerating components from aggressive fuzzing ..."))
# Load json file
with open('fuzz/wordpress.fuzz') as data_file:
@ -45,7 +45,7 @@ class Fuzz_Engine:
description : fuzz every themes used by the wordpress
"""
def fuzzing_themes_aggressive(self, wordpress):
print notice("Enumerating themes from aggressive fuzzing ...")
print(notice("Enumerating themes from aggressive fuzzing ..."))
# Load json file
with open('fuzz/wp_themes.fuzz') as data_file:
@ -68,7 +68,7 @@ class Fuzz_Engine:
description : fuzz every plugins used by the wordpress
"""
def fuzzing_plugins_aggressive(self, wordpress):
print notice("Enumerating plugins from aggressive fuzzing ...")
print(notice("Enumerating plugins from aggressive fuzzing ..."))
# Load json file
with open('fuzz/wp_plugins.fuzz') as data_file:
@ -106,9 +106,9 @@ def aggressive_request_themes(response):
def aggressive_request_component(response):
if (response.code) == 200:
if "reauth" in response.effective_url:
print "[i] Authentication Needed: " + response.effective_url+ " - found"
print("[i] Authentication Needed: " + response.effective_url+ " - found")
else:
print "[i] File: " + response.effective_url+ " - found"
print("[i] File: " + response.effective_url+ " - found")
global iter_aggressive
iter_aggressive-= 1

View File

@ -6,7 +6,7 @@ import json
import os
import imp
from wordpress import *
from engine.wordpress import *
class Load_Plugins:
plugin_folder = "./plugins"
@ -14,7 +14,7 @@ class Load_Plugins:
def __init__(self, wordpress):
available_plugins = os.listdir(self.plugin_folder)
for plugins in available_plugins:
if not ".pyc" in plugins and not "__init__" in plugins:
if not ".pyc" in plugins and not "__init__" in plugins and not "__pycache__" in plugins:
# Find and load the package
name = plugins.replace('.py','')
@ -26,5 +26,5 @@ class Load_Plugins:
loaded = imp.load_module('plugins.' + name, f, file, desc)
# Run the __init__
print notice('Plugin %s loaded.' % loaded.name)
print(notice('Plugin %s loaded.' % loaded.name))
loaded.__init__(wordpress)

View File

@ -5,8 +5,8 @@ import re
import json
from tornado import ioloop, httpclient
from core import *
from wordpress import *
from engine.core import *
from engine.wordpress import *
from lxml import etree
from multiprocessing import Process, Pool
@ -30,7 +30,7 @@ class Scan_Engine:
match = regex.findall(wordpress.index.text)
if match != []:
wordpress.version = match[0]
print critical("WordPress version %s identified from advanced fingerprinting" % wordpress.version)
print(critical("WordPress version %s identified from advanced fingerprinting" % wordpress.version))
return True
return False
@ -45,7 +45,7 @@ class Scan_Engine:
match = regex.findall(r)
if match != []:
wordpress.version = match[0]
print critical("WordPress version %s identified from advanced fingerprinting" % wordpress.version)
print(critical("WordPress version %s identified from advanced fingerprinting" % wordpress.version))
return True
return False
@ -79,7 +79,7 @@ class Scan_Engine:
# Detect the version
if ddl_hash == root[i][j].get('md5'):
wordpress.version = root[i][j][0].text
print critical("WordPress version %s identified from advanced fingerprinting" % wordpress.version)
print(critical("WordPress version %s identified from advanced fingerprinting" % wordpress.version))
return
@ -110,7 +110,7 @@ class Scan_Engine:
# This version doesn't exist
if wordpress.version not in data:
print warning("The version %s isn't in the database - Please try the option --update" % (wordpress.version))
print(warning("The version %s isn't in the database - Please try the option --update" % (wordpress.version)))
return
if data[wordpress.version]["vulnerabilities"] == []:
@ -124,20 +124,20 @@ class Scan_Engine:
for vuln in data[version]["vulnerabilities"]:
# Basic infos
print warning("\t%s : %s - ID:%s" % (vuln['vuln_type'], vuln['title'] , vuln['id']) )
print info("\tFixed in %s"% vuln['fixed_in'])
print(warning("\t%s : %s - ID:%s" % (vuln['vuln_type'], vuln['title'] , vuln['id'])))
print(info("\tFixed in %s"% vuln['fixed_in']))
# Display references
print info("\tReferences:")
print(info("\tReferences:"))
for refkey in vuln['references'].keys():
for ref in vuln['references'][refkey]:
if refkey != 'url':
print "\t\t - %s %s" % (refkey.capitalize(), ref)
print("\t\t - %s %s" % (refkey.capitalize(), ref))
else:
print "\t\t - %s" %ref
print("\t\t - %s" % ref)
print ""
print("")
"""
@ -145,7 +145,7 @@ class Scan_Engine:
description : enumerate every theme used by the wordpress
"""
def enumerating_themes_passive(self, wordpress):
print notice("Enumerating themes from passive detection ...")
print(notice("Enumerating themes from passive detection ..."))
# Theme name (css file)
regex = re.compile('wp-content/themes/(.*?)/.*?[css|js].*?ver=([0-9\.]*)')
@ -173,7 +173,7 @@ class Scan_Engine:
description : enumerate every plugins used by the wordpress
"""
def enumerating_plugins_passive(self, wordpress):
print notice("Enumerating plugins from passive detection ...")
print(notice("Enumerating plugins from passive detection ..."))
# Plugin name (js file)
regex = re.compile('wp-content/plugins/(.*?)/.*?[css|js].*?ver=([0-9\.]*)')
@ -201,7 +201,7 @@ class Scan_Engine:
description : enumerate every themes used by the wordpress
"""
def enumerating_themes_aggressive(self, wordpress):
print notice("Enumerating themes from aggressive detection ...")
print(notice("Enumerating themes from aggressive detection ..."))
# Load json file
with open('database/themes.json') as data_file:
@ -222,7 +222,7 @@ class Scan_Engine:
description : enumerate every plugins used by the wordpress
"""
def enumerating_plugins_aggressive(self, wordpress):
print notice("Enumerating plugins from aggressive detection ...")
print(notice("Enumerating plugins from aggressive detection ..."))
# Load json file
with open('database/plugins.json') as data_file:

View File

@ -2,17 +2,17 @@
# -*- coding: utf-8 -*-
from threading import Thread
# from time import sleep
from core import critical, info
from engine.core import critical, info
class ThreadEngine(object):
def __init__(self, max_threads):
if max_threads < 1:
print critical('Threads number must be > 0')
print(critical('Threads number must be > 0'))
exit()
self.max_threads = max_threads
self.threads = []
print info('Start %d threads ...' % self.max_threads)
print(info('Start %d threads ...' % self.max_threads))
def new_task(self, task, args):
""" Try to launch the new task,

View File

@ -4,7 +4,7 @@ import requests
import re
import json
from random import randint
from core import *
from engine.core import *
class Wordpress:
url = "http://wp-example.com"
@ -17,7 +17,7 @@ class Wordpress:
files = set()
def __init__(self, url, user_agent, nocheck, max_threads):
print info("URL: %s" % url)
print(info("URL: %s" % url))
self.url = url
self.agent = user_agent
self.max_threads = int(max_threads)
@ -71,7 +71,7 @@ class Wordpress:
self.index = requests.get(self.url, headers={"User-Agent":self.agent}, verify=False)
if nocheck == False:
if not "wp-" in self.index.text:
print critical("Not a WordPress !")
print(critical("Not a WordPress !"))
exit()
"""
@ -81,28 +81,23 @@ class Wordpress:
def is_up_and_installed(self):
try:
r = requests.get(self.url, allow_redirects=False, headers={"User-Agent":self.agent} , verify=False)
if 'location' in r.headers:
# Install is not complete
if "wp-admin/install.php" in r.headers['location']:
print critical("The Website is not fully configured and currently in install mode. Call it to create a new admin user.")
print(critical("The Website is not fully configured and currently in install mode. Call it to create a new admin user."))
exit()
# Redirect
print notice("The remote host tried to redirect to: %s" % r.headers['location'])
print(notice("The remote host tried to redirect to: %s" % r.headers['location']))
user_input = str(raw_input("[?] Do you want to follow the redirection ? [Y]es [N]o, "))
if user_input.lower() == "y":
self.url = r.headers['location']
else:
print critical("Redirection not followed - End of the scan !")
print(critical("Redirection not followed - End of the scan !"))
exit()
except Exception as e:
print e
print critical("Website down!")
print(e)
print(critical("Website down!"))
exit()
@ -123,7 +118,7 @@ class Wordpress:
if len(matches) > 0 and matches[0] != None and matches[0] != "":
self.version = matches[0]
print critical("The Wordpress '%s' file exposing a version number: %s" % (self.url+'readme.html', matches[0]))
print(critical("The Wordpress '%s' file exposing a version number: %s" % (self.url+'readme.html', matches[0])))
"""
name : is_debug_log()
@ -133,7 +128,7 @@ class Wordpress:
r = requests.get(self.url + 'debug.log', headers={"User-Agent":self.agent}, verify=False)
if "200" in str(r) and not "404" in r.text :
self.files.add('debug.log')
print critical( "Debug log file found: %s" % (self.url + 'debug.log') )
print(critical( "Debug log file found: %s" % (self.url + 'debug.log')))
"""
@ -176,7 +171,7 @@ class Wordpress:
r = requests.get(self.url + b, headers={"User-Agent":self.agent}, verify=False)
if "200" in str(r) and not "404" in r.text :
self.files.add(b)
print critical("A wp-config.php backup file has been found in: %s" % (self.url + b) )
print(critical("A wp-config.php backup file has been found in: %s" % (self.url + b)))
"""
@ -187,7 +182,7 @@ class Wordpress:
r = requests.get(self.url + "xmlrpc.php", headers={"User-Agent":self.agent}, verify=False)
if r.status_code == 405 :
self.files.add("xmlrpc.php")
print info("XML-RPC Interface available under: %s " % (self.url+"xmlrpc.php") )
print(info("XML-RPC Interface available under: %s " % (self.url+"xmlrpc.php")))
"""
@ -202,7 +197,7 @@ class Wordpress:
r = requests.get(self.url + directory, headers={"User-Agent":self.agent}, verify=False)
if "Index of" in r.text:
self.files.add(directory)
print warning("%s directory has directory listing enabled : %s" % (name, self.url + directory))
print(warning("%s directory has directory listing enabled : %s" % (name, self.url + directory)))
"""
@ -213,11 +208,11 @@ class Wordpress:
r = requests.get(self.url + "robots.txt", headers={"User-Agent":self.agent}, verify=False)
if "200" in str(r) and not "404" in r.text :
self.files.add("robots.txt")
print info("robots.txt available under: %s " % (self.url+"robots.txt") )
print(info("robots.txt available under: %s " % (self.url+"robots.txt")))
lines = r.text.split('\n')
for l in lines:
if "Disallow:" in l:
print info("\tInteresting entry from robots.txt: %s" % (l))
print(info("\tInteresting entry from robots.txt: %s" % (l)))
"""
name : is_common_file()
@ -229,7 +224,7 @@ class Wordpress:
r = requests.get(self.url + f, headers={"User-Agent":self.agent}, verify=False)
if "200" in str(r) and not "404" in r.text :
self.files.add(f)
print info("%s available under: %s " % (f, self.url+f) )
print(info("%s available under: %s " % (f, self.url+f)))
"""
name : full_path_disclosure()
@ -241,7 +236,7 @@ class Wordpress:
matches = regex.findall(r)
if matches != []:
print warning("Full Path Disclosure (FPD) in %s exposing %s" % (self.url + "wp-includes/rss-functions.php", matches[0].replace('\n','')) )
print(warning("Full Path Disclosure (FPD) in %s exposing %s" % (self.url + "wp-includes/rss-functions.php", matches[0].replace('\n',''))))
"""
@ -252,10 +247,10 @@ class Wordpress:
r = requests.get(self.url + "wp-json/wp/v2/users", headers={"User-Agent":self.agent} , verify=False)
if "200" in str(r):
print notice("Enumerating Wordpress users")
print(notice("Enumerating Wordpress users"))
users = json.loads(r.text)
for user in users:
print info("\tIdentified the following user : %s, %s, %s" % (user['id'], user['name'], user['slug']) )
print(info("\tIdentified the following user : %s, %s, %s" % (user['id'], user['name'], user['slug'])))
self.users = users
@ -264,12 +259,12 @@ class Wordpress:
description : display a debug view of the object
"""
def to_string(self):
print "--------WORDPRESS----------"
print "URL : %s" % self.url
print "Version : %s" % self.version
print "Plugins : %s" % self.plugins
print "Themes : %s" % self.themes
print "Agent : %s" % self.agent
print "Users : %s" % self.users
print "Files : %s" % self.files
print "---------------------------"
print("--------WORDPRESS----------")
print("URL : %s" % self.url)
print("Version : %s" % self.version)
print("Plugins : %s" % self.plugins)
print("Themes : %s" % self.themes)
print("Agent : %s" % self.agent)
print("Users : %s" % self.users)
print("Files : %s" % self.files)
print("---------------------------")

View File

@ -11,5 +11,5 @@ name = "Thank You"
def __init__(wordpress):
# INSERT CODE HERE!
print "Thank you for using this software :)"
print("Thank you for using this software :)")
return

View File

@ -14,5 +14,5 @@ def __init__(wordpress):
r = requests.get(wordpress.url + payload, headers={"User-Agent":wordpress.agent}, verify=False)
if "200" in str(r):
print "[+] Wordpress configuration found from GIT !"
print "[!] {}".format(wordpress.url + payload)
print("[+] Wordpress configuration found from GIT !")
print("[!] {}".format(wordpress.url + payload))

View File

@ -14,5 +14,5 @@ def __init__(wordpress):
r = requests.get(wordpress.url + payload, headers={"User-Agent":wordpress.agent}, verify=False)
if "200" in str(r):
print "[+] Wordpress configuration found from SVN !"
print "[!] {}".format(wordpress.url + payload)
print("[+] Wordpress configuration found from SVN !")
print("[!] {}".format(wordpress.url + payload))

View File

@ -12,17 +12,17 @@ from engine.brute import *
if __name__ == "__main__":
print "_______________________________________________________________ "
print " _ _ _ "
print "| | | | | | "
print "| | | | ___ _ __ __| |_ __ _ __ ___ ___ ___ ___ __ _ _ __ "
print "| |/\| |/ _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|/ __/ _` | '_ \ "
print "\ /\ / (_) | | | (_| | |_) | | | __/\__ \__ \ (_| (_| | | | |"
print " \/ \/ \___/|_| \__,_| .__/|_| \___||___/___/\___\__,_|_| |_|"
print " | | "
print " |_| "
print " WordPress scanner based on wpscan work - @pentest_swissky "
print "_______________________________________________________________ "
print("_______________________________________________________________ ")
print(" _ _ _ ")
print("| | | | | | ")
print("| | | | ___ _ __ __| |_ __ _ __ ___ ___ ___ ___ __ _ _ __ ")
print("| |/\| |/ _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|/ __/ _` | '_ \ ")
print("\ /\ / (_) | | | (_| | |_) | | | __/\__ \__ \ (_| (_| | | | |")
print(" \/ \/ \___/|_| \__,_| .__/|_| \___||___/___/\___\__,_|_| |_|")
print(" | | ")
print(" |_| ")
print(" WordPress scanner based on wpscan work - @pentest_swissky ")
print("_______________________________________________________________ ")
parser = argparse.ArgumentParser()
parser.add_argument('-u', action ='store', dest='url', help="Wordpress URL")