Advertisement
shor7cut

WPKnife - WordPress Scanner Vulnerabilities (BUG7SEC)

Oct 21st, 2015
1,212
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3. Title  : WPKnife - WordPress Scanner Vulnerabilities
  4. Desc   : WordPress Scanner Vulnerabilities
  5. Author : Shor7cut - http://facebook.com/bug7sec
  6. ----------------------------------------------
  7. (C) BUG7SEC - 2015
  8. ----------------------------------------------
  9. Spesial :
  10. - BUG7SEC team
  11. - Tuban Cyber Team
  12. - Defacer tersakiti team
  13. - IndoXploit Coders
  14. - ISD-Team
  15. - IDCA (Indonesian Cyber Army)
  16. */
  17. error_reporting(0);
  18. session_start();
  19. echo "
  20.  .------------------------------------------------------.
  21.  | WPKnife - WordPress Scanner Vulnerabilities          |
  22.  |                          SHOR7CUT (Bug7sec)          |
  23.  .------------------------------------------------------.
  24. ";
  25. if($argv[1]){
  26.     scan($argv[1]);
  27. }else{
  28. echo '  [Usage] : php '.$argv[0].' http://localhost/';
  29. }
  30.  
  31.  
  32. function scan($url){
  33. echo "\r\n";
  34. $start_vuln=1;
  35. $total_vuln=0;
  36. $wpvuln = array(
  37.     'wp-content/plugins/wp-responsive-thumbnail-slider/'    => 'https://www.exploit-db.com/exploits/37998/',
  38.     'wp-content/plugins/recent-backups/'                    => 'https://www.exploit-db.com/exploits/37752/',
  39.     'wp-content/themes/agritourismo-theme/'                 => 'https://www.exploit-db.com/exploits/29946/',
  40.     'wp-content/themes/bordeaux-theme/'                     => 'https://www.exploit-db.com/exploits/29946/',
  41.     'wp-content/themes/bulteno-theme/'                      => 'https://www.exploit-db.com/exploits/29946/',
  42.     'wp-content/themes/oxygen-theme/'                       => 'https://www.exploit-db.com/exploits/29946/',
  43.     'wp-content/themes/radial-theme/'                       => 'https://www.exploit-db.com/exploits/29946/',
  44.     'wp-content/themes/rayoflight-theme/'                   => 'https://www.exploit-db.com/exploits/29946/',
  45.     'wp-content/themes/reganto-theme/'                      => 'https://www.exploit-db.com/exploits/29946/',
  46.     'wp-content/themes/rockstar-theme/'                     => 'https://www.exploit-db.com/exploits/29946/',
  47.     'wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd'=> 'http://www.vapid.dhs.org/advisory.php?v=154',
  48.     'wp-content/plugins/wp-front-end-repository/js/'        => 'http://www.vapid.dhs.org/advisory.php?v=141',
  49.     'wp-content/plugins/candidate-application-form/'        => 'http://www.vapid.dhs.org/advisory.php?v=142',
  50.     'wp-content/plugins/mp3-jplayer/'                       => 'http://www.vapid.dhs.org/advisory.php?v=149',
  51.     'wp-content/plugins/filedownload/'                      => 'http://www.vapid.dhs.org/advisory.php?v=140',
  52.     'wp-content/plugins/fast-image-adder/'                  => 'http://www.vapid.dhs.org/advisory.php?v=139',
  53.     'wp-content/plugins/mailcwp/'                           => 'http://www.vapid.dhs.org/advisory.php?v=138',
  54.     'wp-content/plugins/ibs-mappro/lib'                     => 'http://www.vapid.dhs.org/advisory.php?v=137',
  55.     'wp-content/plugins/wp-ecommerce-shop-styling/'         => 'http://www.vapid.dhs.org/advisory.php?v=136',
  56.     'wp-content/plugins/wp-swimteam/include'                => 'http://www.vapid.dhs.org/advisory.php?v=134',
  57.     'wp-content/plugins/mdc-youtube-downloader'             => 'http://www.vapid.dhs.org/advisory.php?v=133',
  58.     'wp-content/plugins/image-export/'                      => 'http://www.vapid.dhs.org/advisory.php?v=135',
  59.     'wp-content/plugins/zip-attachments/'                   => 'http://www.vapid.dhs.org/advisory.php?v=126',
  60.     'wp-content/plugins/aviary-image-editor-add-on-for-gravity-forms/' => 'http://www.vapid.dhs.org/advisory.php?v=125',
  61.     'wp-content/plugins/se-html5-album-audio-player/js/'    => 'http://www.vapid.dhs.org/advisory.php?v=124',
  62.     'wp-content/plugins/adsense-click-fraud-monitoring'     => 'http://www.vapid.dhs.org/advisory.php?v=119',
  63.     'wp-content/plugins/videowhisper-video-conference-integration' => 'http://www.vapid.dhs.org/advisory.php?v=116',
  64.     'wp-content/plugins/videowhisper-video-presentation'    => 'http://www.vapid.dhs.org/advisory.php?v=117',
  65.     );
  66. foreach(array_keys($wpvuln) as $patchvuln)
  67. {  
  68.     $ch = curl_init($url.$patchvuln);
  69.     curl_setopt($ch, CURLOPT_NOBODY  , true);
  70.     curl_exec($ch);
  71.     $info = curl_getinfo($ch);
  72. echo "[SCAN] Themes/plugins $start_vuln of ".count($wpvuln)." Vulnerabilities [Http Code : ".$info['http_code']."]\r\n";
  73. if($info['http_code']==200){
  74.     $exploit_url = $wpvuln[$patchvuln];
  75.     $_SESSION[$start_vuln]=$exploit_url;
  76.     $total_vuln++;
  77. }
  78. curl_close($ch);
  79. $start_vuln++;
  80. }
  81. if(!$total_vuln){
  82.     echo "\r\n[REPORT] Ditemukan 0 dari ".count($wpvuln)." Vulnerabilities.\r\n";
  83. }else{
  84.     echo "\r\n[REPORT] Ditemukan $total_vuln dari ".count($wpvuln)." Vulnerabilities.\r\n";
  85.     foreach ($_SESSION as $key => $value) {
  86.     if($value){
  87.         echo "-> ".$value."\r\n";
  88.     }
  89. }
  90. }
  91. session_destroy();
  92. } //akhir func
  93.  
  94.  
  95.  
  96. function status_code($key){
  97.      switch ($key) {
  98.                     case 100: $text = 'Continue'; break;
  99.                     case 101: $text = 'Switching Protocols'; break;
  100.                     case 200: $text = 'OK'; break;
  101.                     case 201: $text = 'Created'; break;
  102.                     case 202: $text = 'Accepted'; break;
  103.                     case 203: $text = 'Non-Authoritative Information'; break;
  104.                     case 204: $text = 'No Content'; break;
  105.                     case 205: $text = 'Reset Content'; break;
  106.                     case 206: $text = 'Partial Content'; break;
  107.                     case 300: $text = 'Multiple Choices'; break;
  108.                     case 301: $text = 'Moved Permanently'; break;
  109.                     case 302: $text = 'Moved Temporarily'; break;
  110.                     case 303: $text = 'See Other'; break;
  111.                     case 304: $text = 'Not Modified'; break;
  112.                     case 305: $text = 'Use Proxy'; break;
  113.                     case 400: $text = 'Bad Request'; break;
  114.                     case 401: $text = 'Unauthorized'; break;
  115.                     case 402: $text = 'Payment Required'; break;
  116.                     case 403: $text = 'Forbidden'; break;
  117.                     case 404: $text = 'Not Found'; break;
  118.                     case 405: $text = 'Method Not Allowed'; break;
  119.                     case 406: $text = 'Not Acceptable'; break;
  120.                     case 407: $text = 'Proxy Authentication Required'; break;
  121.                     case 408: $text = 'Request Time-out'; break;
  122.                     case 409: $text = 'Conflict'; break;
  123.                     case 410: $text = 'Gone'; break;
  124.                     case 411: $text = 'Length Required'; break;
  125.                     case 412: $text = 'Precondition Failed'; break;
  126.                     case 413: $text = 'Request Entity Too Large'; break;
  127.                     case 414: $text = 'Request-URI Too Large'; break;
  128.                     case 415: $text = 'Unsupported Media Type'; break;
  129.                     case 500: $text = 'Internal Server Error'; break;
  130.                     case 501: $text = 'Not Implemented'; break;
  131.                     case 502: $text = 'Bad Gateway'; break;
  132.                     case 503: $text = 'Service Unavailable'; break;
  133.                     case 504: $text = 'Gateway Time-out'; break;
  134.                     case 505: $text = 'HTTP Version not supported'; break;
  135.                     default:
  136.                         exit('Unknown http status code');
  137.                     break;
  138.                 }
  139. return $text;
  140. }
  141. ?>
Advertisement
RAW Paste Data Copied
Advertisement