WPKnife - WordPress Scanner Vulnerabilities (BUG7SEC)

1. <?php
2. /*
3. Title  : WPKnife - WordPress Scanner Vulnerabilities
4. Desc   : WordPress Scanner Vulnerabilities
5. Author : Shor7cut - http://facebook.com/bug7sec
6. ----------------------------------------------
7. (C) BUG7SEC - 2015
8. ----------------------------------------------
9. Spesial :
10. - BUG7SEC team
11. - Tuban Cyber Team
12. - Defacer tersakiti team
13. - IndoXploit Coders
14. - ISD-Team
15. - IDCA (Indonesian Cyber Army)
16. */
17. error_reporting(0);
18. session_start();
19. echo "
20.  .------------------------------------------------------.
21.  | WPKnife - WordPress Scanner Vulnerabilities          |
22.  |                          SHOR7CUT (Bug7sec)          |
23.  .------------------------------------------------------.
24. ";
25. if($argv[1]){
26.     scan($argv[1]);
27. }else{
28. echo '  [Usage] : php '.$argv[0].' http://localhost/';
29. }
30.  
31.  
32. function scan($url){
33. echo "\r\n";
34. $start_vuln=1;
35. $total_vuln=0;
36. $wpvuln = array(
37.     'wp-content/plugins/wp-responsive-thumbnail-slider/'    => 'https://www.exploit-db.com/exploits/37998/',
38.     'wp-content/plugins/recent-backups/'                    => 'https://www.exploit-db.com/exploits/37752/',
39.     'wp-content/themes/agritourismo-theme/'                 => 'https://www.exploit-db.com/exploits/29946/',
40.     'wp-content/themes/bordeaux-theme/'                     => 'https://www.exploit-db.com/exploits/29946/',
41.     'wp-content/themes/bulteno-theme/'                      => 'https://www.exploit-db.com/exploits/29946/',
42.     'wp-content/themes/oxygen-theme/'                       => 'https://www.exploit-db.com/exploits/29946/',
43.     'wp-content/themes/radial-theme/'                       => 'https://www.exploit-db.com/exploits/29946/',
44.     'wp-content/themes/rayoflight-theme/'                   => 'https://www.exploit-db.com/exploits/29946/',
45.     'wp-content/themes/reganto-theme/'                      => 'https://www.exploit-db.com/exploits/29946/',
46.     'wp-content/themes/rockstar-theme/'                     => 'https://www.exploit-db.com/exploits/29946/',
47.     'wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd'=> 'http://www.vapid.dhs.org/advisory.php?v=154',
48.     'wp-content/plugins/wp-front-end-repository/js/'        => 'http://www.vapid.dhs.org/advisory.php?v=141',
49.     'wp-content/plugins/candidate-application-form/'        => 'http://www.vapid.dhs.org/advisory.php?v=142',
50.     'wp-content/plugins/mp3-jplayer/'                       => 'http://www.vapid.dhs.org/advisory.php?v=149',
51.     'wp-content/plugins/filedownload/'                      => 'http://www.vapid.dhs.org/advisory.php?v=140',
52.     'wp-content/plugins/fast-image-adder/'                  => 'http://www.vapid.dhs.org/advisory.php?v=139',
53.     'wp-content/plugins/mailcwp/'                           => 'http://www.vapid.dhs.org/advisory.php?v=138',
54.     'wp-content/plugins/ibs-mappro/lib'                     => 'http://www.vapid.dhs.org/advisory.php?v=137',
55.     'wp-content/plugins/wp-ecommerce-shop-styling/'         => 'http://www.vapid.dhs.org/advisory.php?v=136',
56.     'wp-content/plugins/wp-swimteam/include'                => 'http://www.vapid.dhs.org/advisory.php?v=134',
57.     'wp-content/plugins/mdc-youtube-downloader'             => 'http://www.vapid.dhs.org/advisory.php?v=133',
58.     'wp-content/plugins/image-export/'                      => 'http://www.vapid.dhs.org/advisory.php?v=135',
59.     'wp-content/plugins/zip-attachments/'                   => 'http://www.vapid.dhs.org/advisory.php?v=126',
60.     'wp-content/plugins/aviary-image-editor-add-on-for-gravity-forms/' => 'http://www.vapid.dhs.org/advisory.php?v=125',
61.     'wp-content/plugins/se-html5-album-audio-player/js/'    => 'http://www.vapid.dhs.org/advisory.php?v=124',
62.     'wp-content/plugins/adsense-click-fraud-monitoring'     => 'http://www.vapid.dhs.org/advisory.php?v=119',
63.     'wp-content/plugins/videowhisper-video-conference-integration' => 'http://www.vapid.dhs.org/advisory.php?v=116',
64.     'wp-content/plugins/videowhisper-video-presentation'    => 'http://www.vapid.dhs.org/advisory.php?v=117',
65.     );
66. foreach(array_keys($wpvuln) as $patchvuln)
67. {  
68.     $ch = curl_init($url.$patchvuln);
69.     curl_setopt($ch, CURLOPT_NOBODY  , true);
70.     curl_exec($ch);
71.     $info = curl_getinfo($ch);
72. echo "[SCAN] Themes/plugins $start_vuln of ".count($wpvuln)." Vulnerabilities [Http Code : ".$info['http_code']."]\r\n";
73. if($info['http_code']==200){
74.     $exploit_url = $wpvuln[$patchvuln];
75.     $_SESSION[$start_vuln]=$exploit_url;
76.     $total_vuln++;
77. }
78. curl_close($ch);
79. $start_vuln++;
80. }
81. if(!$total_vuln){
82.     echo "\r\n[REPORT] Ditemukan 0 dari ".count($wpvuln)." Vulnerabilities.\r\n";
83. }else{
84.     echo "\r\n[REPORT] Ditemukan $total_vuln dari ".count($wpvuln)." Vulnerabilities.\r\n";
85.     foreach ($_SESSION as $key => $value) {
86.     if($value){
87.         echo "-> ".$value."\r\n";
88.     }
89. }
90. }
91. session_destroy();
92. } //akhir func
93.  
94.  
95.  
96. function status_code($key){
97.      switch ($key) {
98.                     case 100: $text = 'Continue'; break;
99.                     case 101: $text = 'Switching Protocols'; break;
100.                     case 200: $text = 'OK'; break;
101.                     case 201: $text = 'Created'; break;
102.                     case 202: $text = 'Accepted'; break;
103.                     case 203: $text = 'Non-Authoritative Information'; break;
104.                     case 204: $text = 'No Content'; break;
105.                     case 205: $text = 'Reset Content'; break;
106.                     case 206: $text = 'Partial Content'; break;
107.                     case 300: $text = 'Multiple Choices'; break;
108.                     case 301: $text = 'Moved Permanently'; break;
109.                     case 302: $text = 'Moved Temporarily'; break;
110.                     case 303: $text = 'See Other'; break;
111.                     case 304: $text = 'Not Modified'; break;
112.                     case 305: $text = 'Use Proxy'; break;
113.                     case 400: $text = 'Bad Request'; break;
114.                     case 401: $text = 'Unauthorized'; break;
115.                     case 402: $text = 'Payment Required'; break;
116.                     case 403: $text = 'Forbidden'; break;
117.                     case 404: $text = 'Not Found'; break;
118.                     case 405: $text = 'Method Not Allowed'; break;
119.                     case 406: $text = 'Not Acceptable'; break;
120.                     case 407: $text = 'Proxy Authentication Required'; break;
121.                     case 408: $text = 'Request Time-out'; break;
122.                     case 409: $text = 'Conflict'; break;
123.                     case 410: $text = 'Gone'; break;
124.                     case 411: $text = 'Length Required'; break;
125.                     case 412: $text = 'Precondition Failed'; break;
126.                     case 413: $text = 'Request Entity Too Large'; break;
127.                     case 414: $text = 'Request-URI Too Large'; break;
128.                     case 415: $text = 'Unsupported Media Type'; break;
129.                     case 500: $text = 'Internal Server Error'; break;
130.                     case 501: $text = 'Not Implemented'; break;
131.                     case 502: $text = 'Bad Gateway'; break;
132.                     case 503: $text = 'Service Unavailable'; break;
133.                     case 504: $text = 'Gateway Time-out'; break;
134.                     case 505: $text = 'HTTP Version not supported'; break;
135.                     default:
136.                         exit('Unknown http status code');
137.                     break;
138.                 }
139. return $text;
140. }
141. ?>