From e0d8808f6437de916dcdd214c441eb8df48c53cd Mon Sep 17 00:00:00 2001 From: hack-tramp <53376845+hack-tramp@users.noreply.github.com> Date: Thu, 29 Aug 2019 15:26:52 +0100 Subject: [PATCH] Add files via upload --- core/header.pl | 226 +++++++++++++++++++++++++----------------------- core/main.pl | 230 ++++++++++++++++++++++++------------------------- core/ver.pl | 142 +++++++++++++++--------------- 3 files changed, 303 insertions(+), 295 deletions(-) diff --git a/core/header.pl b/core/header.pl index e1f6b64..4af5236 100644 --- a/core/header.pl +++ b/core/header.pl @@ -1,109 +1,117 @@ -#!/usr/bin/perl - -use Term::ANSIColor; - -print color("YELLOW"); -print q{ - ____ _____ _____ __ __ ___ ___ __ _ _ - (_ _)( _ )( _ )( \/ )/ __) / __) /__\ ( \( ) - .-_)( )(_)( )(_)( ) ( \__ \( (__ /(__)\ ) ( - \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_) -}; - print color("red") . "\t\t\t(1337.today)" . color("reset"); - print " - - --=[". color("BLUE") . "OWASP JoomScan". color("reset") ." - +---++---==[Version : " - . color("red"). "$version\n". color("reset") . " +---++---==[Update Date : [". color("red") . "$update". color("reset") . "] - +---++---==[Authors : ". color("red") . "$author". color("reset")." - --=[Code name : ". color("red") . "$codename". color("reset")."\n \@OWASP_JoomScan , \@rezesp , \@Ali_Razmjo0 , \@OWASP\n\n"; - -if(!defined $ARGV[0]){ - - print color("cyan"); - printf "\n Usage: - joomscan.pl - joomscan.pl -u http://target.com/joomla - - - Options: - joomscan.pl --help\n\n"; - print color("reset"); - exit(1); -} -$cookie=1; -$proxy=1; -#Start help Function -sub help -{ - print color("cyan"); - printf " - -Help : - -Usage: $0 [options] - ---url | -u | The Joomla URL/domain to scan. ---enumerate-components | -ec | Try to enumerate components. - ---cookie | Set cookie. ---user-agent | -a | Use the specified User-Agent. ---random-agent | -r | Use a random User-Agent. ---timeout | Set timeout. ---proxy=PROXY | Use a proxy to connect to the target URL - Proxy example: --proxy http://127.0.0.1:8080 - https://127.0.0.1:443 - socks://127.0.0.1:414 - ---about | About Author ---update | Update to the latest version. ---help | -h | This help screen. ---version | Output the current version and exit. - -"; - print color("reset"); - exit(1); -} -sub about -{ - print color("cyan"); - printf " - Author : $author - Twitter : \@rezesp , \@Ali_Razmjo0 - Git repository : https://github.com/rezasp/joomscan/ - Issues : https://github.com/rezasp/joomscan/issues - \n\n"; - print color("reset"); - exit(1); -} -sub update -{ - do "$mepath/core/update.pl"; - print color("reset"); - exit(1); -} - - -GetOptions( - 'help|h' => sub { help(0) }, - 'update' => sub { update(0) }, - 'about' => sub { about(0) }, - 'enumerate-components|ec' => sub { $components = 1 }, - 'random-agent|r' => sub { $randomagent = 1 }, - 'user-agent|a=s' => \$agent, - 'timeout=s' => \$timeout, - 'proxy=s' => \$proxy, - 'cookie=s' => \$cookie, - 'u|url=s' => \$target, - 'version' => sub { print "\n\nVersion : $version\n\n";exit; }, - -); -if($target !~ /\S/){ - print color("red"); - print "[+] No target specified!\n\n"; - print color("reset"); - exit (1); -} -if($target !~ /^https?:\/\//) { $target = "http://$target"; }; - -#End help Function +#!/usr/bin/perl + +use Term::ANSIColor; + +print color("YELLOW"); +print q{ + ____ _____ _____ __ __ ___ ___ __ _ _ + (_ _)( _ )( _ )( \/ )/ __) / __) /__\ ( \( ) + .-_)( )(_)( )(_)( ) ( \__ \( (__ /(__)\ ) ( + \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_) +}; + print color("red") . "\t\t\t(1337.today)" . color("reset"); + print " + + --=[". color("BLUE") . "OWASP JoomScan". color("reset") ." + +---++---==[Version : " + . color("red"). "$version\n". color("reset") . " +---++---==[Update Date : [". color("red") . "$update". color("reset") . "] + +---++---==[Authors : ". color("red") . "$author". color("reset")." + --=[Code name : ". color("red") . "$codename". color("reset")."\n \@OWASP_JoomScan , \@rezesp , \@Ali_Razmjo0 , \@OWASP\n\n"; + +if(!defined $ARGV[0]){ + + print color("cyan"); + printf "\n Usage: + joomscan.pl + joomscan.pl -u http://target.com/joomla + joomscan.pl -m targets.txt + + + Options: + joomscan.pl --help\n\n"; + print color("reset"); + exit(1); +} +$cookie=1; +$proxy=1; +#Start help Function +sub help +{ + print color("cyan"); + printf " + +Help : + +Usage: $0 [options] + +--url | -u | The Joomla URL/domain to scan. +--mass | -m | Cycle through URLs provided in txt file +--enumerate-components | -ec | Try to enumerate components. +--joomla-version | -jv | Output target Joomla version and exit without further checks +--no-report | -nr | Do not produce a report + +--cookie | Set cookie. +--user-agent | -a | Use the specified User-Agent. +--random-agent | -r | Use a random User-Agent. +--timeout | Set timeout. +--proxy=PROXY | Use a proxy to connect to the target URL + Proxy example: --proxy http://127.0.0.1:8080 + https://127.0.0.1:443 + socks://127.0.0.1:414 + +--about | About Author +--update | Update to the latest version. +--help | -h | This help screen. +--version | Output the current joomscan version and exit. + + +"; + print color("reset"); + exit(1); +} +sub about +{ + print color("cyan"); + printf " + Author : $author + Twitter : \@rezesp , \@Ali_Razmjo0 + Git repository : https://github.com/rezasp/joomscan/ + Issues : https://github.com/rezasp/joomscan/issues + \n\n"; + print color("reset"); + exit(1); +} +sub update +{ + do "$mepath/core/update.pl"; + print color("reset"); + exit(1); +} + + +GetOptions( + 'help|h' => sub { help(0) }, + 'update' => sub { update(0) }, + 'about' => sub { about(0) }, + 'enumerate-components|ec' => sub { $components = 1 }, + 'no-report|nr' => sub { $noreport = 1 }, + 'joomla-version|jv' => sub { $jversion = 1 }, + 'random-agent|r' => sub { $randomagent = 1 }, + 'user-agent|a=s' => \$agent, + 'timeout=s' => \$timeout, + 'proxy=s' => \$proxy, + 'cookie=s' => \$cookie, + 'u|url=s' => \$target, + 'm|mass=s' => \$urlfile, + 'version' => sub { print "\n\nVersion : $version\n\n";exit; }, + +); +if(($target !~ /\S/)&&($urlfile !~ /\S/)){ + print color("red"); + print "[+] No target specified!\n\n"; + print color("reset"); + exit (1); +} +if($target !~ /^https?:\/\//) { $target = "http://$target"; }; + +#End help Function diff --git a/core/main.pl b/core/main.pl index a86131d..7c5c57a 100644 --- a/core/main.pl +++ b/core/main.pl @@ -1,116 +1,116 @@ -#!/usr/bin/perl - -use utf8; -use open ':std', ':encoding(UTF-8)'; -use Term::ANSIColor; - -my $can_regexp=1; -eval "use Regexp::Common \"URI\""; -if($@) { $can_regexp=0; } - -$ua = LWP::UserAgent->new(); -$ua->protocols_allowed( [ 'http' ] ); -if($target =~ /^https:\/\//) { - my $can_https=1; - eval "use LWP::Protocol::https"; - if($@) { $can_https=0; } - - if ($can_https) { - $ua->ssl_opts( 'verify_hostname' => 0 ); - push @{ $ua->protocols_allowed }, 'https'; - } else { - print color("red"); - print "[+] Target uses HTTPS, but module LWP::Protocol::https is not available!\n\n"; - print color("reset"); - exit (1); - } -} - -print color("blue"); - -$timeout = $timeout || 60; -$ua->timeout($timeout); - -@weekday = ("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"); -($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();; -$year = $year + 1900; -$mon += 1; -$stime="$year-$mon-$mday $hour:$min:$sec $weekday[$wday]"; - - -@uagnt=('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5' -,'Googlebot/2.1 ( http://www.googlebot.com/bot.html)' -,'Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04 Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13' -,'Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)' -,'Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51' -,'Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620' -,'Debian APT-HTTP/1.3 (0.8.10.3)' -,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' -,'Googlebot/2.1 (+http://www.googlebot.com/bot.html)' -,'Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)' -,'YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)' -,'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)' -,'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)' -,'msnbot/1.1 (+http://search.msn.com/msnbot.htm)' -); - -$agent = $agent || 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5'; - -$agent = $uagnt[ rand @uagnt ] if($randomagent==1); - -$ua->agent($agent); - -if($proxy!=1){ - if($proxy =~ /^https?/ or $proxy =~ /^socks?/ or $proxy =~ /^ftp/){ - $ua->proxy([qw(http https)] => $proxy); - } -} - -$ua->cookie_jar({}) if($cookie!=1); -$ua->default_header('Cookie'=> "$cookie") if($cookie!=1); - - -our @dlog;our @tflog; - -our $log=""; -sub dprint{ - my ($in) = @_; - $in =~ s/\/\//\//g; - $in =~ s/http:\//http:\/\//g; - $in =~ s/https:\//https:\/\//g; - $#dlog++; - $dlog[$#dlog]=$in; - $in="\n[+] $in\n"; - $log .= $in; - print color("blue"); - print "$in"; -} -sub tprint{ - my ($in) = @_; - $in =~ s/\/\//\//g; - $in =~ s/http:\//http:\/\//g; - $in =~ s/https:\//https:\/\//g; - $#tflog++; - $tflog[$#tflog]=$in; - $in="[++] $in\n"; - $log .= $in; - print color("yellow"); - print "$in"; - print color("blue"); -} -sub fprint{ - my ($in) = @_; - $in =~ s/\/\//\//g; - $in =~ s/http:\//http:\/\//g; - $in =~ s/https:\//https:\/\//g; - $#tflog++; - $tflog[$#tflog]="1337false$in"; - $in="[++] $in\n"; - $log .= $in; - print color("red"); - print "$in"; - print color("blue"); -} - -print color("blue"); +#!/usr/bin/perl + +use utf8; +use open ':std', ':encoding(UTF-8)'; +use Term::ANSIColor; + +my $can_regexp=1; +eval "use Regexp::Common \"URI\""; +if($@) { $can_regexp=0; } + +$ua = LWP::UserAgent->new(); +$ua->protocols_allowed( [ 'http' ] ); +if($target =~ /^https:\/\//) { + my $can_https=1; + eval "use LWP::Protocol::https"; + if($@) { $can_https=0; } + + if ($can_https) { + $ua->ssl_opts( 'verify_hostname' => 0 ); + push @{ $ua->protocols_allowed }, 'https'; + } else { + print color("red"); + print "[+] Target uses HTTPS, but module LWP::Protocol::https is not available!\n\n"; + print color("reset"); + if (!$urlfile) {exit (1);} else {next;} + } +} + +print color("blue"); + +$timeout = $timeout || 60; +$ua->timeout($timeout); + +@weekday = ("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"); +($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();; +$year = $year + 1900; +$mon += 1; +$stime="$year-$mon-$mday $hour:$min:$sec $weekday[$wday]"; + + +@uagnt=('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5' +,'Googlebot/2.1 ( http://www.googlebot.com/bot.html)' +,'Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04 Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13' +,'Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)' +,'Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51' +,'Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620' +,'Debian APT-HTTP/1.3 (0.8.10.3)' +,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' +,'Googlebot/2.1 (+http://www.googlebot.com/bot.html)' +,'Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)' +,'YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)' +,'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)' +,'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)' +,'msnbot/1.1 (+http://search.msn.com/msnbot.htm)' +); + +$agent = $agent || 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5'; + +$agent = $uagnt[ rand @uagnt ] if($randomagent==1); + +$ua->agent($agent); + +if($proxy!=1){ + if($proxy =~ /^https?/ or $proxy =~ /^socks?/ or $proxy =~ /^ftp/){ + $ua->proxy([qw(http https)] => $proxy); + } +} + +$ua->cookie_jar({}) if($cookie!=1); +$ua->default_header('Cookie'=> "$cookie") if($cookie!=1); + + +our @dlog;our @tflog; + +our $log=""; +sub dprint{ + my ($in) = @_; + $in =~ s/\/\//\//g; + $in =~ s/http:\//http:\/\//g; + $in =~ s/https:\//https:\/\//g; + $#dlog++; + $dlog[$#dlog]=$in; + $in="\n[+] $in\n"; + $log .= $in; + print color("blue"); + print "$in"; +} +sub tprint{ + my ($in) = @_; + $in =~ s/\/\//\//g; + $in =~ s/http:\//http:\/\//g; + $in =~ s/https:\//https:\/\//g; + $#tflog++; + $tflog[$#tflog]=$in; + $in="[++] $in\n"; + $log .= $in; + print color("yellow"); + print "$in"; + print color("blue"); +} +sub fprint{ + my ($in) = @_; + $in =~ s/\/\//\//g; + $in =~ s/http:\//http:\/\//g; + $in =~ s/https:\//https:\/\//g; + $#tflog++; + $tflog[$#tflog]="1337false$in"; + $in="[++] $in\n"; + $log .= $in; + print color("red"); + print "$in"; + print color("blue"); +} + +print color("blue"); print "Processing $target ...\n\n\n"; \ No newline at end of file diff --git a/core/ver.pl b/core/ver.pl index 4c90292..49177e2 100644 --- a/core/ver.pl +++ b/core/ver.pl @@ -1,71 +1,71 @@ -#start Version finder -dprint("Detecting Joomla Version"); - -$ua->timeout(60); - -my $response = $ua->get("$target"); -if (!$response->is_success) { - print color("red"); - print "[++] The target is not alive!\n\n"; - print color("reset"); - exit 0; -} - -$ua->timeout($timeout); - -$source=$ua->get("$target/")->as_string; -if($source =~ /X-Meta-Generator\:(.*?)\n/){ -$ppp=$1; - if($ppp =~ /[0-9]+(\.[0-9]+)+/g){ - $ver="Joomla $&"; - } -} -if($ver !~ m/\./i){ - @vers = ('administrator/manifests/files/joomla.xml','language/en-GB/en-GB.xml','administrator/components/com_content/content.xml','administrator/components/com_plugins/plugins.xml','administrator/components/com_media/media.xml','mambots/content/moscode.xml'); - foreach $verc(@vers){ - $source=$ua->get("$target/$verc")->decoded_content; - if($source =~ /\(.*?)\<\/version\>/){ - $ver="Joomla $1"; - last; - } - } -} -if($ver !~ m/\./i){ - @vers = ('language/en-GB/en-GB.xml','templates/system/css/system.css','media/system/js/mootools-more.js','language/en-GB/en-GB.ini','htaccess.txt','language/en-GB/en-GB.com_media.ini'); - foreach $verc(@vers){ - $source=$ua->get("$target/$verc")->decoded_content; - if($source =~ /system\.css 20196 2011\-01\-09 02\:40\:25Z ian/ or $source =~ /MooTools\.More\=\{version\:\"1\.3\.0\.1\"/ or $source =~ /en-GB\.ini 20196 2011\-01\-09 02\:40\:25Z ian/ or $source =~ /en-GB\.ini 20990 2011\-03\-18 16\:42\:30Z infograf768/ or $source =~ /20196 2011\-01\-09 02\:40\:25Z ian/){ - $ver="Joomla 1.6"; - last; - }elsif($source =~ /system\.css 21322 2011\-05\-11 01\:10\:29Z dextercowley / or $source =~ /MooTools\.More\=\{version\:\"1\.3\.2\.1\"/ or $source =~ /22183 2011\-09\-30 09\:04\:32Z infograf768/ or $source =~ /21660 2011\-06\-23 13\:25\:32Z infograf768/){ - $ver="Joomla 1.7"; - last; - }elsif($source =~ /Joomla! 1.5/ or $source =~ /MooTools\=\{version\:\'1\.12\'\}/ or $source =~ /11391 2009\-01\-04 13\:35\:50Z ian/){ - $ver="Joomla 1.5"; - last; - }elsif($source =~ /Copyright \(C\) 2005 \- 2012 Open Source Matters/ or $source =~ /MooTools.More\=\{version\:\"1\.4\.0\.1\"/){ - $ver="Joomla 2.5"; - last; - }elsif($source =~ /\s+get("$target/README.txt")->decoded_content; - if($source =~ /package to version (.*?)\n/){ - $ver="Joomla $1"; - } -} - -$ver =~ tr/[0-9][a-z][A-Z][\.]\ //cd; -#if( $ver =~ /\d\.\d\.\d+/ and length($ver) > 25) {$ver= "Joomla $&";} - -if($ver !~ m/\./i){fprint("ver 404\n")}else{tprint("$ver");} - -#end Version finder +#start Version finder +dprint("Detecting Joomla Version"); + +$ua->timeout(60); + +my $response = $ua->get("$target"); +if (!$response->is_success) { + print color("red"); + print "[++] The target is not alive!\n\n"; + print color("reset"); + if (!$urlfile) {exit 0;} else {next;} +} + +$ua->timeout($timeout); + +$source=$ua->get("$target/")->as_string; +if($source =~ /X-Meta-Generator\:(.*?)\n/){ +$ppp=$1; + if($ppp =~ /[0-9]+(\.[0-9]+)+/g){ + $ver="Joomla $&"; + } +} +if($ver !~ m/\./i){ + @vers = ('administrator/manifests/files/joomla.xml','language/en-GB/en-GB.xml','administrator/components/com_content/content.xml','administrator/components/com_plugins/plugins.xml','administrator/components/com_media/media.xml','mambots/content/moscode.xml'); + foreach $verc(@vers){ + $source=$ua->get("$target/$verc")->decoded_content; + if($source =~ /\(.*?)\<\/version\>/){ + $ver="Joomla $1"; + last; + } + } +} +if($ver !~ m/\./i){ + @vers = ('language/en-GB/en-GB.xml','templates/system/css/system.css','media/system/js/mootools-more.js','language/en-GB/en-GB.ini','htaccess.txt','language/en-GB/en-GB.com_media.ini'); + foreach $verc(@vers){ + $source=$ua->get("$target/$verc")->decoded_content; + if($source =~ /system\.css 20196 2011\-01\-09 02\:40\:25Z ian/ or $source =~ /MooTools\.More\=\{version\:\"1\.3\.0\.1\"/ or $source =~ /en-GB\.ini 20196 2011\-01\-09 02\:40\:25Z ian/ or $source =~ /en-GB\.ini 20990 2011\-03\-18 16\:42\:30Z infograf768/ or $source =~ /20196 2011\-01\-09 02\:40\:25Z ian/){ + $ver="Joomla 1.6"; + last; + }elsif($source =~ /system\.css 21322 2011\-05\-11 01\:10\:29Z dextercowley / or $source =~ /MooTools\.More\=\{version\:\"1\.3\.2\.1\"/ or $source =~ /22183 2011\-09\-30 09\:04\:32Z infograf768/ or $source =~ /21660 2011\-06\-23 13\:25\:32Z infograf768/){ + $ver="Joomla 1.7"; + last; + }elsif($source =~ /Joomla! 1.5/ or $source =~ /MooTools\=\{version\:\'1\.12\'\}/ or $source =~ /11391 2009\-01\-04 13\:35\:50Z ian/){ + $ver="Joomla 1.5"; + last; + }elsif($source =~ /Copyright \(C\) 2005 \- 2012 Open Source Matters/ or $source =~ /MooTools.More\=\{version\:\"1\.4\.0\.1\"/){ + $ver="Joomla 2.5"; + last; + }elsif($source =~ /\s+get("$target/README.txt")->decoded_content; + if($source =~ /package to version (.*?)\n/){ + $ver="Joomla $1"; + } +} + +$ver =~ tr/[0-9][a-z][A-Z][\.]\ //cd; +#if( $ver =~ /\d\.\d\.\d+/ and length($ver) > 25) {$ver= "Joomla $&";} + +if($ver !~ m/\./i){fprint("ver 404\n")}else{tprint("$ver");} + +#end Version finder