Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import os
- import time
- import random
- import urllib2 as u2
- import argparse as ap
- sub_url = "/components/"
- #------------------------------------------------------
- # Args set
- def add_args():
- p = ap.ArgumentParser()
- p.add_argument("-u", help = "Remote site URL")
- p.add_argument("-f", help = "Joomla components list file")
- p.add_argument("-t", help = "Timeout (sec)")
- p.add_argument("-T", help = "Randomization timeout (from 0 to N)")
- p.add_argument("-p", help = "HTTP Proxy server (PROXY:PORT)(example: 127.0.0.1:1080)")
- return p.parse_args(), p
- #------------------------------------------------------
- #------------------------------------------------------
- # Timeout
- def timeout(args):
- if args.T:
- time.sleep(random.randint(0, int(args.T)))
- elif args.t:
- time.sleep(int(args.t))
- #------------------------------------------------------
- #------------------------------------------------------
- # Scan through HTTP server
- def scan_through_proxy(args, com_name, op):
- try:
- url = args.u + sub_url + com_name
- op.open(url)
- except:
- raise
- return True
- #------------------------------------------------------
- #------------------------------------------------------
- # Scan directly
- def scan(args, com_name):
- try:
- url = args.u + sub_url + com_name
- req = u2.Request(url)
- u2.urlopen(req)
- except:
- raise
- return True
- #------------------------------------------------------
- a, p = add_args()
- if not a.u or not a.f:
- p.print_usage()
- p.exit()
- else:
- if a.u.find("http://") < 0 and a.u.find("HTTP://") < 0:
- a.u = "http://" + a.u
- if not os.access(a.f, os.F_OK):
- print "File {} does not exit or permission denied".format(a.f)
- exit()
- print "[Joomla components scanner by R0nin]\n"
- print "[+] Host:", a.u
- try:
- if not a.p:
- with open(a.f) as com_file:
- for line in com_file:
- line = line.strip("\r\n")
- try:
- scan(a, line)
- except u2.HTTPError as he:
- if he.code == 404:
- print "Component: " + line.ljust(40,' ') + "[Not found]"
- except u2.URLError as ue:
- print "Exception: " + ue.reason
- else:
- print "Component: " + line.ljust(40,' ') + "[OK]"
- timeout(a)
- else:
- if a.p.find("http://") < 0 and a.p.find("HTTP://") < 0:
- a.p = "http://" + a.p
- prx = u2.ProxyHandler({"http":a.p})
- op = u2.build_opener(prx)
- u2.install_opener(op)
- print "[Scan via HTTP proxy {}]\n".format(a.p)
- with open(a.f) as com_file:
- for line in com_file:
- line = line.strip("\r\n")
- try:
- scan_through_proxy(a, line, op)
- except u2.HTTPError as he:
- if he.code == 404:
- print "Component: " + line.ljust(40,' ') + "[Not found]"
- except u2.URLError as ue:
- print "Exception: " + ue.reason
- else:
- print "Component: " + line.ljust(40,' ') + "[OK]"
- timeout(a)
- except KeyboardInterrupt:
- print "\nInterrupted by user (CTRL+C or Delete)"
- exit()
- except:
- print "Uknown exception: exit..."
- exit()
- else:
- print "\n[Sucess]\n"
- exit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement