python include fix, web service finder: osticket
This commit is contained in:
parent
e0e5ce3228
commit
73c9f72561
@ -1,3 +1,8 @@
|
|||||||
__doc__ = __doc__ or ""
|
import os
|
||||||
|
import sys
|
||||||
|
|
||||||
|
__doc__ = __doc__ or ""
|
||||||
__all__ = ["util","fileserver","xss_handler","genRevShell"]
|
__all__ = ["util","fileserver","xss_handler","genRevShell"]
|
||||||
|
|
||||||
|
inc_dir = os.path.dirname(os.path.realpath(__file__))
|
||||||
|
sys.path.append(inc_dir)
|
||||||
|
|||||||
@ -1,19 +1,22 @@
|
|||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
|
|
||||||
from hackingscripts import util, xss_handler
|
|
||||||
from http.server import BaseHTTPRequestHandler, HTTPServer
|
from http.server import BaseHTTPRequestHandler, HTTPServer
|
||||||
import threading
|
import threading
|
||||||
import requests
|
import requests
|
||||||
import sys
|
import sys
|
||||||
import os
|
import os
|
||||||
import ssl
|
import ssl
|
||||||
# import xss_handler
|
import util
|
||||||
|
import xss_handler
|
||||||
|
|
||||||
class FileServerRequestHandler(BaseHTTPRequestHandler):
|
class FileServerRequestHandler(BaseHTTPRequestHandler):
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
super().__init__(*args, **kwargs)
|
super().__init__(*args, **kwargs)
|
||||||
|
|
||||||
|
def do_HEAD(self):
|
||||||
|
self.do_GET()
|
||||||
|
|
||||||
def do_POST(self):
|
def do_POST(self):
|
||||||
self.do_GET()
|
self.do_GET()
|
||||||
|
|
||||||
@ -35,7 +38,7 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
|
|||||||
self.send_response(code)
|
self.send_response(code)
|
||||||
self.end_headers()
|
self.end_headers()
|
||||||
|
|
||||||
if data:
|
if data and self.command != "HEAD":
|
||||||
self.wfile.write(data)
|
self.wfile.write(data)
|
||||||
else:
|
else:
|
||||||
self.send_response(404)
|
self.send_response(404)
|
||||||
|
|||||||
@ -2,8 +2,8 @@
|
|||||||
|
|
||||||
import socket
|
import socket
|
||||||
import sys
|
import sys
|
||||||
import util
|
|
||||||
import pty
|
import pty
|
||||||
|
import util
|
||||||
|
|
||||||
def generatePayload(type, local_address, port):
|
def generatePayload(type, local_address, port):
|
||||||
|
|
||||||
|
|||||||
@ -171,13 +171,13 @@ def process_tasks(initial_tasks, worker, jobs, args=(), tasks_done=None):
|
|||||||
class DownloadWorker(Worker):
|
class DownloadWorker(Worker):
|
||||||
''' Download a list of files '''
|
''' Download a list of files '''
|
||||||
|
|
||||||
def init(self, url, directory, retry, timeout, module):
|
def init(self, url, directory, retry, timeout, module=None):
|
||||||
self.session = requests.Session()
|
self.session = requests.Session()
|
||||||
self.session.verify = False
|
self.session.verify = False
|
||||||
self.session.mount(url, requests.adapters.HTTPAdapter(max_retries=retry))
|
self.session.mount(url, requests.adapters.HTTPAdapter(max_retries=retry))
|
||||||
self.module = module
|
self.module = module
|
||||||
|
|
||||||
def do_task(self, filepath, url, directory, retry, timeout, module):
|
def do_task(self, filepath, url, directory, retry, timeout, module=None):
|
||||||
with closing(self.session.get('%s/%s' % (url, filepath),
|
with closing(self.session.get('%s/%s' % (url, filepath),
|
||||||
allow_redirects=False,
|
allow_redirects=False,
|
||||||
stream=True,
|
stream=True,
|
||||||
|
|||||||
@ -31,6 +31,6 @@ charcountIpAddress=$(curl -s -L "${PROTOCOL}://${IP_ADDRESS}" -k | wc -m)
|
|||||||
echo "[+] Chars: ${charcountDomain} and ${charcountIpAddress}"
|
echo "[+] Chars: ${charcountDomain} and ${charcountIpAddress}"
|
||||||
echo "[ ] Fuzzing…"
|
echo "[ ] Fuzzing…"
|
||||||
|
|
||||||
ffuf --fs ${charcountDomain},${charcountIpAddress} --fc 400,500 --mc all \
|
ffuf --fs ${charcountDomain},${charcountIpAddress} --fc 400 --mc all \
|
||||||
-w /usr/share/wordlists/SecLists/Discovery/Web-Content/raft-large-words-lowercase.txt \
|
-w /usr/share/wordlists/SecLists/Discovery/Web-Content/raft-large-words-lowercase.txt \
|
||||||
-u "${PROTOCOL}://${IP_ADDRESS}" -H "Host: FUZZ.${DOMAIN}"
|
-u "${PROTOCOL}://${IP_ADDRESS}" -H "Host: FUZZ.${DOMAIN}"
|
||||||
|
|||||||
@ -2,10 +2,11 @@
|
|||||||
|
|
||||||
import re
|
import re
|
||||||
import sys
|
import sys
|
||||||
|
import json
|
||||||
import argparse
|
import argparse
|
||||||
import requests
|
import requests
|
||||||
import urllib.parse
|
import urllib.parse
|
||||||
from hackingscripts import util
|
import util
|
||||||
from bs4 import BeautifulSoup
|
from bs4 import BeautifulSoup
|
||||||
|
|
||||||
requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
|
requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
|
||||||
@ -98,6 +99,18 @@ class WebServiceFinder:
|
|||||||
self.analyseSitemap()
|
self.analyseSitemap()
|
||||||
self.analyseChangelog()
|
self.analyseChangelog()
|
||||||
self.checkJoomlaVersion()
|
self.checkJoomlaVersion()
|
||||||
|
self.checkManifest()
|
||||||
|
|
||||||
|
def checkManifest(self):
|
||||||
|
url = "/static/manifest.json"
|
||||||
|
res = self.do_get(url)
|
||||||
|
if res.status_code == 200:
|
||||||
|
try:
|
||||||
|
manifest = json.loads(res.text)
|
||||||
|
if "name" in manifest:
|
||||||
|
print("[+] Found manifest name:", manifest["name"])
|
||||||
|
except:
|
||||||
|
pass
|
||||||
|
|
||||||
def checkJoomlaVersion(self):
|
def checkJoomlaVersion(self):
|
||||||
url = "/administrator/manifests/files/joomla.xml"
|
url = "/administrator/manifests/files/joomla.xml"
|
||||||
@ -120,7 +133,7 @@ class WebServiceFinder:
|
|||||||
|
|
||||||
def printMatch(self, title, match, group=1, version_func=str):
|
def printMatch(self, title, match, group=1, version_func=str):
|
||||||
if match:
|
if match:
|
||||||
version = "Unknown version" if group is None else version_func(match.group(group))
|
version = "Unknown version" if group is None or len(match.groups()) <= group else version_func(match.group(group))
|
||||||
print("[+] Found %s: %s" % (title, version))
|
print("[+] Found %s: %s" % (title, version))
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
@ -183,6 +196,12 @@ class WebServiceFinder:
|
|||||||
cacti_pattern = re.compile(r"Version ([0-9.]*) .* The Cacti Group")
|
cacti_pattern = re.compile(r"Version ([0-9.]*) .* The Cacti Group")
|
||||||
self.printMatch("Cacti", cacti_pattern.search(content), 1)
|
self.printMatch("Cacti", cacti_pattern.search(content), 1)
|
||||||
|
|
||||||
|
poweredBy = soup.find(id="poweredBy")
|
||||||
|
if poweredBy:
|
||||||
|
content = poweredBy.text.strip()
|
||||||
|
|
||||||
|
osticket_pattern = re.compile(r"powered by osTicket")
|
||||||
|
self.printMatch("OsTicket", osticket_pattern.search(content))
|
||||||
|
|
||||||
moodle_pattern_1 = re.compile(r"^https://download.moodle.org/mobile\?version=(\d+)(&|$)")
|
moodle_pattern_1 = re.compile(r"^https://download.moodle.org/mobile\?version=(\d+)(&|$)")
|
||||||
moodle_pattern_2 = re.compile(r"^https://docs.moodle.org/(\d+)/")
|
moodle_pattern_2 = re.compile(r"^https://docs.moodle.org/(\d+)/")
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user