Home Explore Help
Register Sign In
Roman
/
HackingScripts
1
0
Fork 0
Files Issues 0 Pull Requests 0
Browse Source

python include fix, web service finder: osticket

Roman Hergenreder 2 years ago
parent
e0e5ce3228
commit
73c9f72561
6 changed files with 37 additions and 10 deletions
Split View Show Diff Stats
  1. 6 1
      __init__.py
  2. 6 3
      fileserver.py
  3. 1 1
      genRevShell.py
  4. 2 2
      git-dumper.py
  5. 1 1
      subdomainFuzz.sh
  6. 21 2
      web_service_finder.py

+ 6 - 1
__init__.py
View File 

@@ -1,3 +1,8 @@
 
-__doc__ = __doc__ or ""
 
+import os
 
+import sys
 
 
+__doc__ = __doc__ or ""
 
 __all__ = ["util","fileserver","xss_handler","genRevShell"]
 
+
 
+inc_dir = os.path.dirname(os.path.realpath(__file__))
 
+sys.path.append(inc_dir)

+ 6 - 3
fileserver.py
View File 

@@ -1,19 +1,22 @@
 
 #!/usr/bin/env python
 
 
-from hackingscripts import util, xss_handler
 
 from http.server import BaseHTTPRequestHandler, HTTPServer
 
 import threading
 
 import requests
 
 import sys
 
 import os
 
 import ssl
 
-# import xss_handler
 
+import util
 
+import xss_handler
 
 
 class FileServerRequestHandler(BaseHTTPRequestHandler):
 
 
     def __init__(self, *args, **kwargs):
 
         super().__init__(*args, **kwargs)
 
 
+    def do_HEAD(self):
 
+        self.do_GET()
 
+
 
     def do_POST(self):
 
         self.do_GET()
 
 
@@ -35,7 +38,7 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
 
             self.send_response(code)
 
             self.end_headers()
 
 
-            if data:
 
+            if data and self.command != "HEAD":
 
                 self.wfile.write(data)
 
         else:
 
             self.send_response(404)

+ 1 - 1
genRevShell.py
View File 

@@ -2,8 +2,8 @@
 
 
 import socket
 
 import sys
 
-import util
 
 import pty
 
+import util
 
 
 def generatePayload(type, local_address, port):

+ 2 - 2
git-dumper.py
View File 

@@ -171,13 +171,13 @@ def process_tasks(initial_tasks, worker, jobs, args=(), tasks_done=None):
 
 class DownloadWorker(Worker):
 
     ''' Download a list of files '''
 
 
-    def init(self, url, directory, retry, timeout, module):
 
+    def init(self, url, directory, retry, timeout, module=None):
 
         self.session = requests.Session()
 
         self.session.verify = False
 
         self.session.mount(url, requests.adapters.HTTPAdapter(max_retries=retry))
 
         self.module = module
 
 
-    def do_task(self, filepath, url, directory, retry, timeout, module):
 
+    def do_task(self, filepath, url, directory, retry, timeout, module=None):
 
         with closing(self.session.get('%s/%s' % (url, filepath),
 
                                       allow_redirects=False,
 
                                       stream=True,

+ 1 - 1
subdomainFuzz.sh
View File 

@@ -31,6 +31,6 @@ charcountIpAddress=$(curl -s -L "${PROTOCOL}://${IP_ADDRESS}" -k | wc -m)
 
 echo "[+] Chars: ${charcountDomain} and ${charcountIpAddress}"
 
 echo "[ ] Fuzzing…"
 
 
-ffuf --fs ${charcountDomain},${charcountIpAddress} --fc 400,500 --mc all \
 
+ffuf --fs ${charcountDomain},${charcountIpAddress} --fc 400 --mc all \
 
   -w /usr/share/wordlists/SecLists/Discovery/Web-Content/raft-large-words-lowercase.txt \
 
   -u "${PROTOCOL}://${IP_ADDRESS}" -H "Host: FUZZ.${DOMAIN}"

+ 21 - 2
web_service_finder.py
View File 

@@ -2,10 +2,11 @@
 
 
 import re
 
 import sys
 
+import json
 
 import argparse
 
 import requests
 
 import urllib.parse
 
-from hackingscripts import util
 
+import util
 
 from bs4 import BeautifulSoup
 
 
 requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
 
@@ -98,6 +99,18 @@ class WebServiceFinder:
 
         self.analyseSitemap()
 
         self.analyseChangelog()
 
         self.checkJoomlaVersion()
 
+        self.checkManifest()
 
+
 
+    def checkManifest(self):
 
+        url = "/static/manifest.json"
 
+        res = self.do_get(url)
 
+        if res.status_code == 200:
 
+            try:
 
+                manifest = json.loads(res.text)
 
+                if "name" in manifest:
 
+                    print("[+] Found manifest name:", manifest["name"])
 
+            except:
 
+                pass
 
 
     def checkJoomlaVersion(self):
 
         url = "/administrator/manifests/files/joomla.xml"
 
@@ -120,7 +133,7 @@ class WebServiceFinder:
 
 
     def printMatch(self, title, match, group=1, version_func=str):
 
         if match:
 
-            version = "Unknown version" if group is None else version_func(match.group(group))
 
+            version = "Unknown version" if group is None or len(match.groups()) <= group else version_func(match.group(group))
 
             print("[+] Found %s: %s" % (title, version))
 
             return True
 
         return False
 
@@ -183,6 +196,12 @@ class WebServiceFinder:
 
             cacti_pattern = re.compile(r"Version ([0-9.]*) .* The Cacti Group")
 
             self.printMatch("Cacti", cacti_pattern.search(content), 1)
 
 
+        poweredBy = soup.find(id="poweredBy")
 
+        if poweredBy:
 
+            content = poweredBy.text.strip()
 
+
 
+            osticket_pattern = re.compile(r"powered by osTicket")
 
+            self.printMatch("OsTicket", osticket_pattern.search(content))
 
 
         moodle_pattern_1 = re.compile(r"^https://download.moodle.org/mobile\?version=(\d+)(&|$)")
 
         moodle_pattern_2 = re.compile(r"^https://docs.moodle.org/(\d+)/")