Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- # Wordpress Detector
- # Coded By : DR-IMAN ( Telegram : @DarkCod3r )
- # List Of Wordpress Vulnerabilities
- use Term::ANSIColor;
- use LWP::UserAgent;
- use HTTP::Request::Common qw(GET);
- use WWW::Mechanize;
- use Socket;
- $mech = WWW::Mechanize->new(autocheck => 0);
- $ag = LWP::UserAgent->new();
- $ag->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
- $ag->timeout(10);
- sub getSites {
- for($count=10;$count<=1000;$count+=10)
- {
- $k++;
- # $url = "http://www.hotbot.com/search/web?pn=$k&q=ip%3A$ip&keyvol=01f9093871a6d24c0d94";
- $url = "https://www.bing.com/search?q=ip%3a$ip&go=Submit+Query&qs=ds&first=$count&FORM=PERE$k";
- # $url = "https://www.bing.com/search?q=ip%3A$ip+&count=50&first=$count";
- $resp = $ag->request(HTTP::Request->new(GET => $url));
- $rrs = $resp->content;
- while($rrs =~ m/<a href=\"?http:\/\/(.*?)\//g)
- {
- $link = $1;
- if ( $link !~ /overture|msn|live|bing|yahoo|duckduckgo|google|yahoo|microsof/)
- {
- if ($link !~ /^http:/)
- {
- $link = 'http://' . "$link" . '/';
- }
- if($link !~ /\"|\?|\=|index\.php/)
- {
- if (! grep (/$link/,@result))
- {
- push(@result,$link);
- }
- }
- }
- }
- }
- $found = $#result + 1;
- print "found $found sites\n";
- }
- sub WPS {
- foreach $site (@result)
- {
- $url = $mech->get("$site");
- $Scont = $mech->content;
- if ($Scont =~ m/<meta name="generator" content="WordPress 4.7.2/ig)
- {
- $license = $site."license.txt";
- $horse = $mech->get("$license");
- if ($horse->is_success)
- {
- $Scont = $mech->content;
- $login = $site."wp-login.php";
- $logUrl = $mech->get("$login");
- if ($Scont =~ m/ver=4.7.2/)
- {
- push @WPS,$site;
- print "$site\n";
- }
- elsif($logUrl->is_success)
- {
- push @WPS,$site;
- print "$site\n";
- }
- }
- }
- }
- }
- sub WPS1 {
- foreach $site (@result)
- {
- if (! grep (/$site/,@WPS))
- {
- $url = $mech->get("$site");
- $Scont = $mech->content;
- if ($Scont =~ m/<meta name="generator" content="WordPress 4.7.1/ig)
- {
- push @JM,$site;
- print "$site\n";
- }
- else
- {
- $admin = "$site/wp-login.php";
- $mech->get("$site");
- $AdminCont = $mech->content;
- if ($AdminCont =~ m/ver=4.7.1/ig)
- {
- push @JM,$site;
- print "$site\n";
- }
- }
- }
- }
- }
- sub WPS2 {
- foreach $site (@result)
- {
- if (! grep (/$site/,@WPS))
- {
- $url = $mech->get("$site");
- $Scont = $mech->content;
- if ($Scont =~ m/<meta name="generator" content="WordPress 4.7/ig)
- {
- push @JM,$site;
- print "$site\n";
- }
- else
- {
- $admin = "$site/wp-login.php";
- $mech->get("$site");
- $AdminCont = $mech->content;
- if ($AdminCont =~ m/ver=4.7/ig)
- {
- push @JM,$site;
- print "$site\n";
- }
- }
- }
- }
- }
- sub WPS3 {
- foreach $site (@result)
- {
- if (! grep (/$site/,@WPS))
- {
- $url = $mech->get("$site");
- $Scont = $mech->content;
- if ($Scont =~ m/<meta name="generator" content="WordPress 3.6/ig)
- {
- push @JM,$site;
- print "$site\n";
- }
- else
- {
- $admin = "$site/wp-login.php";
- $mech->get("$site");
- $AdminCont = $mech->content;
- if ($AdminCont =~ m/ver=3.6/ig)
- {
- push @JM,$site;
- print "$site\n";
- }
- }
- }
- }
- }
- sub WPS4 {
- foreach $site (@result)
- {
- if (! grep (/$site/,@WPS))
- {
- $url = $mech->get("$site");
- $Scont = $mech->content;
- if ($Scont =~ m/<meta name="generator" content="WordPress 4.7.4/ig)
- {
- push @JM,$site;
- print "$site\n";
- }
- else
- {
- $admin = "$site/wp-login.php";
- $mech->get("$site");
- $AdminCont = $mech->content;
- if ($AdminCont =~ m/ver=4.7.4/ig)
- {
- push @JM,$site;
- print "$site\n";
- }
- }
- }
- }
- }
- sub WPS5 {
- foreach $site (@result)
- {
- if (! grep (/$site/,@WPS))
- {
- $url = $mech->get("$site");
- $Scont = $mech->content;
- if ($Scont =~ m/<meta name="generator" content="WordPress 3.6.9/ig)
- {
- push @JM,$site;
- print "$site\n";
- }
- else
- {
- $admin = "$site/wp-login.php";
- $mech->get("$site");
- $AdminCont = $mech->content;
- if ($AdminCont =~ m/ver=3.6.9/ig)
- {
- push @JM,$site;
- print "$site\n";
- }
- }
- }
- }
- }
- sub WPS6 {
- foreach $site (@result)
- {
- if (! grep (/$site/,@WPS))
- {
- $url = $mech->get("$site");
- $Scont = $mech->content;
- if ($Scont =~ m/<meta name="generator" content="WordPress 3.4/ig)
- {
- push @JM,$site;
- print "$site\n";
- }
- else
- {
- $admin = "$site/wp-login.php";
- $mech->get("$site");
- $AdminCont = $mech->content;
- if ($AdminCont =~ m/ver=3.4/ig)
- {
- push @JM,$site;
- print "$site\n";
- }
- }
- }
- }
- }
- sub vuln {
- print" Wordpress Version $input \n";
- }
- sub IP_id {
- print "Enter The Ip of Server or Site Link\n";
- print ">> ";
- $input =<stdin>;
- chomp($input);
- if ($input =~ m/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/)
- {
- $ip = $input;
- print "Pleast wait ... Getting WebSites...\n";
- getSites();
- }
- elsif ($input =~ m/\D/g)
- {
- if ($input =~ m/https:\/\//)
- {
- $source = substr($input,8,length($input));
- print "Site : $source\n";
- print "Getting IP Adress...\n";
- $ip = inet_ntoa(inet_aton($source));
- print "IP: $ip\n";
- print "Pleast wait ... Getting WebSites...\n";
- getSites();
- }
- elsif ($input =~ m/http:\/\//)
- {
- $source = substr($input,7,length($input));
- print "Site : $source\n";
- print "Getting IP Adress...\n";
- $ip = inet_ntoa(inet_aton($source));
- print "IP: $ip\n";
- print "Pleast wait ... Getting WebSites ...\n";
- getSites();
- }
- else
- {
- print "Site : $input\n";
- print "Getting IP Adress...\n";
- $ip = inet_ntoa(inet_aton($input));
- print "IP : $ip\n";
- print "Pleast wait ... Getting WebSites...\n";
- getSites();
- }
- }
- }
- system(($^O eq 'MSWin32') ? 'cls' : 'clear');
- sub Into {
- print"\n";
- print colored (" >> Coded By DR-IMAN << ",'bold yellow'),"\n";
- print qq(
- ,,
- `7MMF' A `7MF' `7MM
- `MA ,MA ,V MM
- VM: ,VVM: ,V ,pW"Wq.`7Mb,od8 ,M""bMM `7MMpdMAo.`7Mb,od8 .gP"Ya ,pP"Ybd ,pP"Ybd
- MM. M' MM. M'6W' `Wb MM' "',AP MM MM `Wb MM' "',M' Yb 8I `" 8I `"
- `MM A' `MM A' 8M M8 MM 8MI MM MM M8 MM 8M"""""" `YMMMa. `YMMMa.
- :MM; :MM; YA. ,A9 MM `Mb MM MM ,AP MM YM. , L. I8 L. I8
- VF VF `Ybmd9'.JMML. `Wbmd"MML. MMbmmd' .JMML. `Mbmmd' M9mmmP' M9mmmP'
- MM
- .JMML.
- `7MM"""Yb. mm mm
- MM `Yb. MM MM
- MM `Mb .gP"Ya mmMMmm .gP"Ya ,p6"bo mmMMmm ,pW"Wq.`7Mb,od8
- MM MM ,M' Yb MM ,M' Yb 6M' OO MM 6W' `Wb MM' "'
- MM ,MP 8M"""""" MM 8M"""""" 8M MM 8M M8 MM
- MM ,dP' YM. , MM YM. , YM. , MM YA. ,A9 MM
- .JMMmmmdP' `Mbmmd' `Mbmo`Mbmmd' YMbmd' `Mbmo`Ybmd9'.JMML.
- );
- #Just Type Name.For Example : WPS or WPS1
- print "
- Choice Method: 1-WPS(4.7.2) , 2-WPS1(4.7.1) , 3-WPS2(4.7) , 4-WPS3(3.6),";
- print "\n
- 5-WPS4(4.7.4) , 6-WPS5(3.6.9) , 7-WPS6(3.4) , 8-List of Wordpress Vulnerabilities(vuln) :";
- $choice1 = <stdin>;
- chomp ($choice1);
- if ($choice1 eq "WPS" or $choice1 eq "wps" or $choice1 eq "" or $choice1 eq "Wps" or $choice1 eq "1")
- {
- print "\nExtract Wordpress 4.7.2 sites...\n";
- print "==============================\n";
- IP_id();
- print "Searching for Wordpress sites\n";
- WPS();
- $n_found = $#WPS;
- print "\t>> Found $n_found Wordpress sites\n\n";
- print "Do you want to save the result (Y\\n): ";
- $save = <stdin>;
- chomp($save);
- if ($save eq "Y" or $save eq "" or $save eq "y")
- {
- open(wp, ">WPS.txt");
- map {$_ = "$_\n"} (@WPS);
- print wp @WPS;
- print "\t>> Saved at WPS.txt\n";
- }
- }
- elsif ($choice1 eq "WPS1" or $choice1 eq "wps1" or $choice1 eq "" or $choice1 eq "Wps1" or $choice1 eq "2")
- {
- print "\nExtract Wordpress 4.7.1 sites...\n";
- print "==============================\n";
- IP_id();
- print "Searching for Wordpress sites\n";
- WPS();
- $n_found = $#WPS1;
- print "\t>> Found $n_found Wordpress(4.7.1) sites\n\n";
- print "Do you want to save the result (Y\\n): ";
- $save = <stdin>;
- chomp($save);
- if ($save eq "Y" or $save eq "" or $save eq "y")
- {
- open(wp, ">WPS1.txt");
- map {$_ = "$_\n"} (@WPS1);
- print wp @WPS1;
- print "\t>> Saved at WPS1.txt\n";
- }
- }
- elsif ($choice1 eq "WPS2" or $choice1 eq "wps2" or $choice1 eq "" or $choice1 eq "Wps2" or $choice1 eq "3")
- {
- print "\nExtract Wordpress 4.7 sites...\n";
- print "==============================\n";
- IP_id();
- print "Searching for Wordpress(4.7) sites\n";
- WPS();
- $n_found = $#WPS2;
- print "\t>> Found $n_found Wordpress sites\n\n";
- print "Do you want to save the result (Y\\n): ";
- $save = <stdin>;
- chomp($save);
- if ($save eq "Y" or $save eq "" or $save eq "y")
- {
- open(wp, ">WPS2.txt");
- map {$_ = "$_\n"} (@WPS2);
- print wp @WPS2;
- print "\t>> Saved at WPS2.txt\n";
- }
- }
- elsif ($choice1 eq "WPS3" or $choice1 eq "wps3" or $choice1 eq "" or $choice1 eq "Wps3" or $choice1 eq "4" )
- {
- print "\nExtract Wordpress 3.6 sites...\n";
- print "==============================\n";
- IP_id();
- print "Searching for Wordpress(3.6) sites\n";
- WPS();
- $n_found = $#WPS3;
- print "\t>> Found $n_found Wordpress sites\n\n";
- print "Do you want to save the result (Y\\n): ";
- $save = <stdin>;
- chomp($save);
- if ($save eq "Y" or $save eq "" or $save eq "y")
- {
- open(wp, ">WPS3.txt");
- map {$_ = "$_\n"} (@WPS3);
- print wp @WPS3;
- print "\t>> Saved at WPS3.txt\n";
- }
- }
- elsif ($choice1 eq "WPS4" or $choice1 eq "wps4" or $choice1 eq "" or $choice1 eq "Wps4" or $choice1 eq "5" )
- {
- print "\nExtract Wordpress 4.7.4 sites...\n";
- print "==============================\n";
- IP_id();
- print "Searching for Wordpress(4.7.4) sites\n";
- WPS();
- $n_found = $#WPS4;
- print "\t>> Found $n_found Wordpress sites\n\n";
- print "Do you want to save the result (Y\\n): ";
- $save = <stdin>;
- chomp($save);
- if ($save eq "Y" or $save eq "" or $save eq "y")
- {
- open(wp, ">WPS4.txt");
- map {$_ = "$_\n"} (@WPS4);
- print wp @WPS4;
- print "\t>> Saved at WPS4.txt\n";
- }
- }
- elsif ($choice1 eq "WPS5" or $choice1 eq "wps5" or $choice1 eq "" or $choice1 eq "Wps5" or $choice1 eq "6" )
- {
- print "\nExtract Wordpress 3.6.9 sites...\n";
- print "==============================\n";
- IP_id();
- print "Searching for Wordpress(3.6.9) sites\n";
- WPS();
- $n_found = $#WPS5;
- print "\t>> Found $n_found Wordpress sites\n\n";
- print "Do you want to save the result (Y\\n): ";
- $save = <stdin>;
- chomp($save);
- if ($save eq "Y" or $save eq "" or $save eq "y")
- {
- open(wp, ">WPS5.txt");
- map {$_ = "$_\n"} (@WPS5);
- print wp @WPS5;
- print "\t>> Saved at WPS5.txt\n";
- }
- }
- elsif ($choice1 eq "WPS6" or $choice1 eq "wps6" or $choice1 eq "" or $choice1 eq "Wps6" or $choice1 eq "7" )
- {
- print "\nExtract Wordpress 3.4 sites...\n";
- print "==============================\n";
- IP_id();
- print "Searching for Wordpress(3.4) sites\n";
- WPS();
- $n_found = $#WPS6;
- print "\t>> Found $n_found Wordpress sites\n\n";
- print "Do you want to save the result (Y\\n): ";
- $save = <stdin>;
- chomp($save);
- if ($save eq "Y" or $save eq "" or $save eq "y")
- {
- open(wp, ">WPS6.txt");
- map {$_ = "$_\n"} (@WPS6);
- print wp @WPS6;
- print "\t>> Saved at WPS6.txt\n";
- }
- }
- elsif ($choice1 eq "vuln" or $choice1 eq "Vuln" or $choice1 eq "" or $choice1 eq "VULN" or $choice1 eq "8" )
- {
- print "\nChoice Version : ( 3.4 , 3.6 , 3.6.9 , 4.7 , 4.7.1 , 4.7.2 , 4.7.4 ) : ";
- $choice1 = <stdin>;
- chomp ($choice1);
- if ($choice1 eq "4.7" )
- {
- print"
- \nWordpress 4.7 Vulnerabilities \n
- Version 4.7 : \n
- 1-Reset API (CVE Details https://goo.gl/pBsQHh ) \n
- 2-bypass intended access restrictions (CVE Details https://goo.gl/6Cch8F ) \n
- 3-widget-editing accessibility-mode feature CSRF (CVE Details https://goo.gl/tHa24Y ) \n
- 4-wp-mail.php bypass intended posting restrictions (CVE Details https://goo.gl/De7xfy ) \n
- 5-theme-name fallback functionality in wp-includes/class-wp-theme.php Xss (CVE Details https://goo.gl/ctebN4 ) \n
- 6-remote hijack the authentication of unspecified victims (CVE Details https://goo.gl/eqjw7V ) \n
- 7-Multiple cross-site scripting (XSS) vulnerabilities (CVE Details https://goo.gl/6B2Zwr ) \n
- 8-REST API implementation (CVE Details https://goo.gl/hLY2PT ) \n ";
- }
- elsif ($choice1 eq "4.7.1" )
- {
- print"
- \nWordpress 4.7.1 Vulnerabilities \n
- Version 4.7.1 : \n
- 1-REST API (CVE Details https://goo.gl/5ThgVN ) \n
- 2-Cross-site scripting (XSS) Vulnerability (CVE Details https://goo.gl/b18rKH) \n
- 3-SQL injection vulnerability in wp-includes/class-wp-query.php (CVE Details https://goo.gl/r298U7 ) \n
- 4-bypass intended access restrictions (CVE Details https://goo.gl/Vr75rt ) \n ";
- }
- elsif ($choice1 eq "4.7.2" )
- {
- print"
- \nWordpress 4.7.2 Vulnerabilities \n
- Version 4.7.2 : \n
- 1-REST API (CVE Details https://goo.gl/z8VHBM ) \n
- 2-CSRF in wp-admin/includes/class-wp-press-this.php (CVE Details https://goo.gl/rgshdK ) \n
- 3-Xss in wp-admin/js/tags-box.js (CVE Details https://goo.gl/59S9JU ) \n
- 4-Xss in wp-includes/embed.php (CVE Details https://goo.gl/mM7KLX ) \n
- 5- files can be deleted by administrators (CVE Details https://goo.gl/fYR2Rs ) \n
- 6-Redirect URL in wp-includes/pluggable.php (CVE Details https://goo.gl/6jB7Vw ) \n
- 7-Xss in wp-includes/media.php (CVE Details https://goo.gl/vSRGsV ) \n";
- }
- elsif ($choice1 eq "4.7.4" )
- {
- print
- "\nWordpress 4.7.4 Vulnerabilities \n
- 1-redirect validation in the HTTP class (CVE Details https://goo.gl/V6RtWV ) \n
- 2-lack of capability checks for post meta data in the XML-RPC API (CVE Details https://goo.gl/65L65N ) \n
- 3-Cross Site Request Forgery (CVE Details https://goo.gl/xnYB5J ) \n
- 4-cross-site scripting (CVE Details https://goo.gl/R1wfLp ) \n
- 5-improper handling of post meta data values in the XML-RPC API (CVE Details https://goo.gl/jY5ZV6 ) \n
- 6-cross-site scripting (CVE Details https://goo.gl/q7aqh4 ) \n
- 7-Host HTTP header for a password-reset e-mail message (CVE Details https://goo.gl/KpYMKr ) \n";
- }
- elsif ($choice1 eq "3.6" )
- {
- print"
- \nWordpress 3.6 Vulnerabilities \n
- 1-denial of service (CPU consumption) via a large document (CVE Details https://goo.gl/sPLZg6 ) \n
- 2-denial of service (memory and CPU consumption) via a crafted XML document (CVE Details https://goo.gl/uJ6Gf1 ) \n
- 3-inject arbitrary web script or HTML, and obtain Super Admin privileges (CVE Details https://goo.gl/1zt29y ) \n
- 4-obtain access via a forged cookie (CVE Details https://goo.gl/Hykwpa ) \n
- 5-remote authenticated users to publish posts by leveraging the Contributor role (CVE Details https://goo.gl/h6kcqo ) \n
- 6-remote authenticated users to conduct cross-site scripting (XSS) (CVE Details https://goo.gl/6EyKz3 ) \n
- 7-cross-site scripting (XSS) (CVE Details https://www.cvedetails.com/cve/CVE-2013-5738/ ) \n
- 8-remote authenticated users to spoof the authorship of a post (CVE Details https://goo.gl/ahiQTG ) \n
- 9-HTTP redirect (CVE Details https://goo.gl/bJFjVD ) \n
- 10-execute arbitrary code by triggering erroneous PHP unserialize operations (CVE Details https://goo.gl/X41fuS ) \n";
- }
- elsif ($choice1 eq "3.4" )
- {
- print"
- \nWordpress 3.4 Vulnerabilities \n
- 1-does not limit the number of elements in an XML document (CVE Details https://goo.gl/WCqhjE ) \n
- 2-denial of service (memory and CPU consumption) (CVE Details https://goo.gl/nWD1Kv ) \n
- 3-obtain access via a forged cookie (CVE Details https://goo.gl/2iF25x ) \n
- 4-send HTTP requests to intranet servers (CVE Details https://goo.gl/L9hmd6 )\n
- 5-remote authenticated users to bypass intended access (CVE Details https://goo.gl/jkbjXL ) \n
- 6-Cross-site scripting (XSS) (CVE Details https://goo.gl/sDHWs7 ) \n";
- }
- elsif ($choice1 eq "3.6.9" )
- {
- print"
- \nWordpress 3.6.9 Vulnerabilities \n
- 1-hijack the authentication of administrators (CVE Details https://goo.gl/ZC31nm ) \n
- 2-bypass intended password-change restrictions (CVE Details https://goo.gl/C9QntR ) \n
- 3-obtain sensitive revision-history information to read a post (CVE Details https://goo.gl/bLeCm1 ) \n
- 4-Open redirect vulnerability in the wp_validate_redirect function (CVE Details https://goo.gl/eZfcR3 ) \n
- 5-Cross-site scripting (XSS) (CVE Details https://goo.gl/zMGSHa ) \n";
- }
- }
- }
- Into();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement