From a780a041440488f925ae9a19b820c59bad576426 Mon Sep 17 00:00:00 2001 From: hack-tramp <53376845+hack-tramp@users.noreply.github.com> Date: Thu, 29 Aug 2019 15:08:51 +0100 Subject: [PATCH 1/6] Added mass scanning Hi I added the following, probably in a messy/hacky way, but it works: --mass | -m | Cycle through URLs provided in txt file --joomla-version | -jv | Output target Joomla version and exit without further checks --no-report | -nr | Do not produce a report --- header.pl | 117 ++++++++++++++++++++++++++++++++++++++++ joomscan.pl | 150 +++++++++++++++++++++++++++++----------------------- main.pl | 116 ++++++++++++++++++++++++++++++++++++++++ ver.pl | 71 +++++++++++++++++++++++++ 4 files changed, 388 insertions(+), 66 deletions(-) create mode 100644 header.pl create mode 100644 main.pl create mode 100644 ver.pl diff --git a/header.pl b/header.pl new file mode 100644 index 0000000..4ab0ecc --- /dev/null +++ b/header.pl @@ -0,0 +1,117 @@ +#!/usr/bin/perl + +use Term::ANSIColor; + +print color("YELLOW"); +print q{ + ____ _____ _____ __ __ ___ ___ __ _ _ + (_ _)( _ )( _ )( \/ )/ __) / __) /__\ ( \( ) + .-_)( )(_)( )(_)( ) ( \__ \( (__ /(__)\ ) ( + \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_) +}; + print color("red") . "\t\t\t(1337.today)" . color("reset"); + print " + + --=[". color("BLUE") . "OWASP JoomScan". color("reset") ." + +---++---==[Version : " + . color("red"). "$version\n". color("reset") . " +---++---==[Update Date : [". color("red") . "$update". color("reset") . "] + +---++---==[Authors : ". color("red") . "$author". color("reset")." + --=[Code name : ". color("red") . "$codename". color("reset")."\n \@OWASP_JoomScan , \@rezesp , \@Ali_Razmjo0 , \@OWASP\n\n"; + +if(!defined $ARGV[0]){ + + print color("cyan"); + printf "\n Usage: + joomscan.pl + joomscan.pl -u http://target.com/joomla + joomscan.pl -m targets.txt + + + Options: + joomscan.pl --help\n\n"; + print color("reset"); + exit(1); +} +$cookie=1; +$proxy=1; +#Start help Function +sub help +{ + print color("cyan"); + printf " + +Help : + +Usage: $0 [options] + +--url | -u | The Joomla URL/domain to scan. +--mass | -m | Cycle through URLs provided in txt file +--enumerate-components | -ec | Try to enumerate components. +--joomla-version | -jv | Outpute target Joomla version and exit without further checks +--no-report | -nr | Do not produce a report + +--cookie | Set cookie. +--user-agent | -a | Use the specified User-Agent. +--random-agent | -r | Use a random User-Agent. +--timeout | Set timeout. +--proxy=PROXY | Use a proxy to connect to the target URL + Proxy example: --proxy http://127.0.0.1:8080 + https://127.0.0.1:443 + socks://127.0.0.1:414 + +--about | About Author +--update | Update to the latest version. +--help | -h | This help screen. +--version | Output the current joomscan version and exit. + + +"; + print color("reset"); + exit(1); +} +sub about +{ + print color("cyan"); + printf " + Author : $author + Twitter : \@rezesp , \@Ali_Razmjo0 + Git repository : https://github.com/rezasp/joomscan/ + Issues : https://github.com/rezasp/joomscan/issues + \n\n"; + print color("reset"); + exit(1); +} +sub update +{ + do "$mepath/core/update.pl"; + print color("reset"); + exit(1); +} + + +GetOptions( + 'help|h' => sub { help(0) }, + 'update' => sub { update(0) }, + 'about' => sub { about(0) }, + 'enumerate-components|ec' => sub { $components = 1 }, + 'no-report|nr' => sub { $noreport = 1 }, + 'joomla-version|jv' => sub { $jversion = 1 }, + 'random-agent|r' => sub { $randomagent = 1 }, + 'user-agent|a=s' => \$agent, + 'timeout=s' => \$timeout, + 'proxy=s' => \$proxy, + 'cookie=s' => \$cookie, + 'u|url=s' => \$target, + 'm|mass=s' => \$urlfile, + 'version' => sub { print "\n\nVersion : $version\n\n";exit; }, + +); +if(($target !~ /\S/)&&($urlfile !~ /\S/)){ + print color("red"); + print "[+] No target specified!\n\n"; + print color("reset"); + exit (1); +} +if($target !~ /^https?:\/\//) { $target = "http://$target"; }; + +#End help Function diff --git a/joomscan.pl b/joomscan.pl index 5838b36..a02fa50 100755 --- a/joomscan.pl +++ b/joomscan.pl @@ -1,66 +1,84 @@ -#!/usr/bin/perl -# -# -------------------------------------------------- -# OWASP JoomScan -# -------------------------------------------------- -# Copyright (C) <2018> -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# - - -$author="Mohammad Reza Espargham , Ali Razmjoo";$author.=""; -$version="0.0.7";$version.=""; -$codename="Self Challenge";$codename.=""; -$update="2018/09/23";$update.=""; -$mmm=0; - -system(($^O eq 'MSWin32') ? 'cls' : 'clear'); -use if $^O eq "MSWin32", Win32::Console::ANSI; -use Term::ANSIColor; -use Getopt::Long; -use LWP; -use LWP::UserAgent; -use LWP::Simple; -use Cwd; -$mepath = Cwd::realpath($0); $mepath =~ s#/[^/\\]*$##; -$SIG{INT} = \&interrupt; -sub interrupt { - fprint("\nShutting Down , Interrupt by user"); - do "$mepath/core/report.pl"; - print color("reset"); - exit 0; -} -do "$mepath/core/header.pl"; -do "$mepath/core/main.pl"; -do "$mepath/modules/waf_detector.pl"; -do "$mepath/exploit/jckeditor.pl"; -do "$mepath/core/ver.pl"; -do "$mepath/exploit/verexploit.pl"; -do "$mepath/exploit/com_lfd.pl"; -do "$mepath/modules/pathdisclure.pl"; -do "$mepath/modules/debugmode.pl"; -do "$mepath/modules/dirlisting.pl"; -do "$mepath/modules/missconfig.pl"; -do "$mepath/modules/cpfinder.pl"; -do "$mepath/modules/robots.pl"; -do "$mepath/modules/backupfinder.pl"; -do "$mepath/modules/errfinder.pl"; -do "$mepath/modules/reg.pl"; -do "$mepath/modules/configfinder.pl"; -do "$mepath/exploit/components.pl" if($components==1); - -do "$mepath/core/report.pl"; -print color("reset"); \ No newline at end of file +#!/usr/bin/perl +# +# -------------------------------------------------- +# OWASP JoomScan +# -------------------------------------------------- +# Copyright (C) <2018> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + + +$author="Mohammad Reza Espargham , Ali Razmjoo";$author.=""; +$version="0.0.7";$version.=""; +$codename="Self Challenge";$codename.=""; +$update="2018/09/23";$update.=""; +$mmm=0; + +system(($^O eq 'MSWin32') ? 'cls' : 'clear'); +use if $^O eq "MSWin32", Win32::Console::ANSI; +use Term::ANSIColor; +use Getopt::Long; +use LWP; +use LWP::UserAgent; +use LWP::Simple; +use Cwd; +$mepath = Cwd::realpath($0); $mepath =~ s#/[^/\\]*$##; +$SIG{INT} = \&interrupt; +sub interrupt { + fprint("\nShutting Down , Interrupt by user"); + do "$mepath/core/report.pl" if($noreport!=1); + print color("reset"); + exit 0; +} + +do "$mepath/core/header.pl"; + +if ($urlfile) { + open(my $ufh, '<:encoding(UTF-8)', $urlfile) + or die "Could not open file '$urlfile' $!"; + + while (my $row = <$ufh>) { + chomp $row; + $target = $row; + run_checks(0); + } +} else { + run_checks(0); +} + +sub run_checks { +do "$mepath/core/main.pl"; +do "$mepath/modules/waf_detector.pl" if($jversion!=1); +do "$mepath/exploit/jckeditor.pl"if($jversion!=1); +do "$mepath/core/ver.pl"; +do "$mepath/exploit/verexploit.pl" if($jversion!=1); +do "$mepath/exploit/com_lfd.pl" if($jversion!=1); +do "$mepath/modules/pathdisclure.pl" if($jversion!=1); +do "$mepath/modules/debugmode.pl" if($jversion!=1); +do "$mepath/modules/dirlisting.pl" if($jversion!=1); +do "$mepath/modules/missconfig.pl" if($jversion!=1); +do "$mepath/modules/cpfinder.pl" if($jversion!=1); +do "$mepath/modules/robots.pl" if($jversion!=1); +do "$mepath/modules/backupfinder.pl" if($jversion!=1); +do "$mepath/modules/errfinder.pl" if($jversion!=1); +do "$mepath/modules/reg.pl" if($jversion!=1); +do "$mepath/modules/configfinder.pl" if($jversion!=1); +do "$mepath/exploit/components.pl" if($components==1); + +do "$mepath/core/report.pl" if($noreport!=1); +print color("reset"); +} + diff --git a/main.pl b/main.pl new file mode 100644 index 0000000..7c5c57a --- /dev/null +++ b/main.pl @@ -0,0 +1,116 @@ +#!/usr/bin/perl + +use utf8; +use open ':std', ':encoding(UTF-8)'; +use Term::ANSIColor; + +my $can_regexp=1; +eval "use Regexp::Common \"URI\""; +if($@) { $can_regexp=0; } + +$ua = LWP::UserAgent->new(); +$ua->protocols_allowed( [ 'http' ] ); +if($target =~ /^https:\/\//) { + my $can_https=1; + eval "use LWP::Protocol::https"; + if($@) { $can_https=0; } + + if ($can_https) { + $ua->ssl_opts( 'verify_hostname' => 0 ); + push @{ $ua->protocols_allowed }, 'https'; + } else { + print color("red"); + print "[+] Target uses HTTPS, but module LWP::Protocol::https is not available!\n\n"; + print color("reset"); + if (!$urlfile) {exit (1);} else {next;} + } +} + +print color("blue"); + +$timeout = $timeout || 60; +$ua->timeout($timeout); + +@weekday = ("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"); +($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();; +$year = $year + 1900; +$mon += 1; +$stime="$year-$mon-$mday $hour:$min:$sec $weekday[$wday]"; + + +@uagnt=('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5' +,'Googlebot/2.1 ( http://www.googlebot.com/bot.html)' +,'Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04 Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13' +,'Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)' +,'Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51' +,'Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620' +,'Debian APT-HTTP/1.3 (0.8.10.3)' +,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' +,'Googlebot/2.1 (+http://www.googlebot.com/bot.html)' +,'Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)' +,'YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)' +,'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)' +,'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)' +,'msnbot/1.1 (+http://search.msn.com/msnbot.htm)' +); + +$agent = $agent || 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5'; + +$agent = $uagnt[ rand @uagnt ] if($randomagent==1); + +$ua->agent($agent); + +if($proxy!=1){ + if($proxy =~ /^https?/ or $proxy =~ /^socks?/ or $proxy =~ /^ftp/){ + $ua->proxy([qw(http https)] => $proxy); + } +} + +$ua->cookie_jar({}) if($cookie!=1); +$ua->default_header('Cookie'=> "$cookie") if($cookie!=1); + + +our @dlog;our @tflog; + +our $log=""; +sub dprint{ + my ($in) = @_; + $in =~ s/\/\//\//g; + $in =~ s/http:\//http:\/\//g; + $in =~ s/https:\//https:\/\//g; + $#dlog++; + $dlog[$#dlog]=$in; + $in="\n[+] $in\n"; + $log .= $in; + print color("blue"); + print "$in"; +} +sub tprint{ + my ($in) = @_; + $in =~ s/\/\//\//g; + $in =~ s/http:\//http:\/\//g; + $in =~ s/https:\//https:\/\//g; + $#tflog++; + $tflog[$#tflog]=$in; + $in="[++] $in\n"; + $log .= $in; + print color("yellow"); + print "$in"; + print color("blue"); +} +sub fprint{ + my ($in) = @_; + $in =~ s/\/\//\//g; + $in =~ s/http:\//http:\/\//g; + $in =~ s/https:\//https:\/\//g; + $#tflog++; + $tflog[$#tflog]="1337false$in"; + $in="[++] $in\n"; + $log .= $in; + print color("red"); + print "$in"; + print color("blue"); +} + +print color("blue"); +print "Processing $target ...\n\n\n"; \ No newline at end of file diff --git a/ver.pl b/ver.pl new file mode 100644 index 0000000..49177e2 --- /dev/null +++ b/ver.pl @@ -0,0 +1,71 @@ +#start Version finder +dprint("Detecting Joomla Version"); + +$ua->timeout(60); + +my $response = $ua->get("$target"); +if (!$response->is_success) { + print color("red"); + print "[++] The target is not alive!\n\n"; + print color("reset"); + if (!$urlfile) {exit 0;} else {next;} +} + +$ua->timeout($timeout); + +$source=$ua->get("$target/")->as_string; +if($source =~ /X-Meta-Generator\:(.*?)\n/){ +$ppp=$1; + if($ppp =~ /[0-9]+(\.[0-9]+)+/g){ + $ver="Joomla $&"; + } +} +if($ver !~ m/\./i){ + @vers = ('administrator/manifests/files/joomla.xml','language/en-GB/en-GB.xml','administrator/components/com_content/content.xml','administrator/components/com_plugins/plugins.xml','administrator/components/com_media/media.xml','mambots/content/moscode.xml'); + foreach $verc(@vers){ + $source=$ua->get("$target/$verc")->decoded_content; + if($source =~ /\(.*?)\<\/version\>/){ + $ver="Joomla $1"; + last; + } + } +} +if($ver !~ m/\./i){ + @vers = ('language/en-GB/en-GB.xml','templates/system/css/system.css','media/system/js/mootools-more.js','language/en-GB/en-GB.ini','htaccess.txt','language/en-GB/en-GB.com_media.ini'); + foreach $verc(@vers){ + $source=$ua->get("$target/$verc")->decoded_content; + if($source =~ /system\.css 20196 2011\-01\-09 02\:40\:25Z ian/ or $source =~ /MooTools\.More\=\{version\:\"1\.3\.0\.1\"/ or $source =~ /en-GB\.ini 20196 2011\-01\-09 02\:40\:25Z ian/ or $source =~ /en-GB\.ini 20990 2011\-03\-18 16\:42\:30Z infograf768/ or $source =~ /20196 2011\-01\-09 02\:40\:25Z ian/){ + $ver="Joomla 1.6"; + last; + }elsif($source =~ /system\.css 21322 2011\-05\-11 01\:10\:29Z dextercowley / or $source =~ /MooTools\.More\=\{version\:\"1\.3\.2\.1\"/ or $source =~ /22183 2011\-09\-30 09\:04\:32Z infograf768/ or $source =~ /21660 2011\-06\-23 13\:25\:32Z infograf768/){ + $ver="Joomla 1.7"; + last; + }elsif($source =~ /Joomla! 1.5/ or $source =~ /MooTools\=\{version\:\'1\.12\'\}/ or $source =~ /11391 2009\-01\-04 13\:35\:50Z ian/){ + $ver="Joomla 1.5"; + last; + }elsif($source =~ /Copyright \(C\) 2005 \- 2012 Open Source Matters/ or $source =~ /MooTools.More\=\{version\:\"1\.4\.0\.1\"/){ + $ver="Joomla 2.5"; + last; + }elsif($source =~ /\s+get("$target/README.txt")->decoded_content; + if($source =~ /package to version (.*?)\n/){ + $ver="Joomla $1"; + } +} + +$ver =~ tr/[0-9][a-z][A-Z][\.]\ //cd; +#if( $ver =~ /\d\.\d\.\d+/ and length($ver) > 25) {$ver= "Joomla $&";} + +if($ver !~ m/\./i){fprint("ver 404\n")}else{tprint("$ver");} + +#end Version finder From ead628c67f8907156c12b8be1cbe3b8cc1f7a3df Mon Sep 17 00:00:00 2001 From: hack-tramp <53376845+hack-tramp@users.noreply.github.com> Date: Thu, 29 Aug 2019 15:24:49 +0100 Subject: [PATCH 2/6] Add files via upload --- joomscan.pl | 48 +++++++++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 19 deletions(-) diff --git a/joomscan.pl b/joomscan.pl index a02fa50..63b6c8f 100755 --- a/joomscan.pl +++ b/joomscan.pl @@ -60,25 +60,35 @@ sub interrupt { } sub run_checks { -do "$mepath/core/main.pl"; -do "$mepath/modules/waf_detector.pl" if($jversion!=1); -do "$mepath/exploit/jckeditor.pl"if($jversion!=1); -do "$mepath/core/ver.pl"; -do "$mepath/exploit/verexploit.pl" if($jversion!=1); -do "$mepath/exploit/com_lfd.pl" if($jversion!=1); -do "$mepath/modules/pathdisclure.pl" if($jversion!=1); -do "$mepath/modules/debugmode.pl" if($jversion!=1); -do "$mepath/modules/dirlisting.pl" if($jversion!=1); -do "$mepath/modules/missconfig.pl" if($jversion!=1); -do "$mepath/modules/cpfinder.pl" if($jversion!=1); -do "$mepath/modules/robots.pl" if($jversion!=1); -do "$mepath/modules/backupfinder.pl" if($jversion!=1); -do "$mepath/modules/errfinder.pl" if($jversion!=1); -do "$mepath/modules/reg.pl" if($jversion!=1); -do "$mepath/modules/configfinder.pl" if($jversion!=1); -do "$mepath/exploit/components.pl" if($components==1); -do "$mepath/core/report.pl" if($noreport!=1); -print color("reset"); + do "$mepath/core/main.pl"; + + if($jversion!=1) { + do "$mepath/modules/waf_detector.pl"; + do "$mepath/exploit/jckeditor.pl"; + } + + do "$mepath/core/ver.pl"; + if($jversion!=1) { + + do "$mepath/exploit/verexploit.pl"; + do "$mepath/exploit/com_lfd.pl"; + do "$mepath/modules/pathdisclure.pl"; + do "$mepath/modules/debugmode.pl"; + do "$mepath/modules/dirlisting.pl"; + do "$mepath/modules/missconfig.pl"; + do "$mepath/modules/cpfinder.pl"; + do "$mepath/modules/robots.pl"; + do "$mepath/modules/backupfinder.pl"; + do "$mepath/modules/errfinder.pl"; + do "$mepath/modules/reg.pl"; + do "$mepath/modules/configfinder.pl"; + do "$mepath/exploit/components.pl" if($components==1); + + } + + do "$mepath/core/report.pl" if($noreport!=1); + print color("reset"); + } From e0d8808f6437de916dcdd214c441eb8df48c53cd Mon Sep 17 00:00:00 2001 From: hack-tramp <53376845+hack-tramp@users.noreply.github.com> Date: Thu, 29 Aug 2019 15:26:52 +0100 Subject: [PATCH 3/6] Add files via upload --- core/header.pl | 226 +++++++++++++++++++++++++----------------------- core/main.pl | 230 ++++++++++++++++++++++++------------------------- core/ver.pl | 142 +++++++++++++++--------------- 3 files changed, 303 insertions(+), 295 deletions(-) diff --git a/core/header.pl b/core/header.pl index e1f6b64..4af5236 100644 --- a/core/header.pl +++ b/core/header.pl @@ -1,109 +1,117 @@ -#!/usr/bin/perl - -use Term::ANSIColor; - -print color("YELLOW"); -print q{ - ____ _____ _____ __ __ ___ ___ __ _ _ - (_ _)( _ )( _ )( \/ )/ __) / __) /__\ ( \( ) - .-_)( )(_)( )(_)( ) ( \__ \( (__ /(__)\ ) ( - \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_) -}; - print color("red") . "\t\t\t(1337.today)" . color("reset"); - print " - - --=[". color("BLUE") . "OWASP JoomScan". color("reset") ." - +---++---==[Version : " - . color("red"). "$version\n". color("reset") . " +---++---==[Update Date : [". color("red") . "$update". color("reset") . "] - +---++---==[Authors : ". color("red") . "$author". color("reset")." - --=[Code name : ". color("red") . "$codename". color("reset")."\n \@OWASP_JoomScan , \@rezesp , \@Ali_Razmjo0 , \@OWASP\n\n"; - -if(!defined $ARGV[0]){ - - print color("cyan"); - printf "\n Usage: - joomscan.pl - joomscan.pl -u http://target.com/joomla - - - Options: - joomscan.pl --help\n\n"; - print color("reset"); - exit(1); -} -$cookie=1; -$proxy=1; -#Start help Function -sub help -{ - print color("cyan"); - printf " - -Help : - -Usage: $0 [options] - ---url | -u | The Joomla URL/domain to scan. ---enumerate-components | -ec | Try to enumerate components. - ---cookie | Set cookie. ---user-agent | -a | Use the specified User-Agent. ---random-agent | -r | Use a random User-Agent. ---timeout | Set timeout. ---proxy=PROXY | Use a proxy to connect to the target URL - Proxy example: --proxy http://127.0.0.1:8080 - https://127.0.0.1:443 - socks://127.0.0.1:414 - ---about | About Author ---update | Update to the latest version. ---help | -h | This help screen. ---version | Output the current version and exit. - -"; - print color("reset"); - exit(1); -} -sub about -{ - print color("cyan"); - printf " - Author : $author - Twitter : \@rezesp , \@Ali_Razmjo0 - Git repository : https://github.com/rezasp/joomscan/ - Issues : https://github.com/rezasp/joomscan/issues - \n\n"; - print color("reset"); - exit(1); -} -sub update -{ - do "$mepath/core/update.pl"; - print color("reset"); - exit(1); -} - - -GetOptions( - 'help|h' => sub { help(0) }, - 'update' => sub { update(0) }, - 'about' => sub { about(0) }, - 'enumerate-components|ec' => sub { $components = 1 }, - 'random-agent|r' => sub { $randomagent = 1 }, - 'user-agent|a=s' => \$agent, - 'timeout=s' => \$timeout, - 'proxy=s' => \$proxy, - 'cookie=s' => \$cookie, - 'u|url=s' => \$target, - 'version' => sub { print "\n\nVersion : $version\n\n";exit; }, - -); -if($target !~ /\S/){ - print color("red"); - print "[+] No target specified!\n\n"; - print color("reset"); - exit (1); -} -if($target !~ /^https?:\/\//) { $target = "http://$target"; }; - -#End help Function +#!/usr/bin/perl + +use Term::ANSIColor; + +print color("YELLOW"); +print q{ + ____ _____ _____ __ __ ___ ___ __ _ _ + (_ _)( _ )( _ )( \/ )/ __) / __) /__\ ( \( ) + .-_)( )(_)( )(_)( ) ( \__ \( (__ /(__)\ ) ( + \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_) +}; + print color("red") . "\t\t\t(1337.today)" . color("reset"); + print " + + --=[". color("BLUE") . "OWASP JoomScan". color("reset") ." + +---++---==[Version : " + . color("red"). "$version\n". color("reset") . " +---++---==[Update Date : [". color("red") . "$update". color("reset") . "] + +---++---==[Authors : ". color("red") . "$author". color("reset")." + --=[Code name : ". color("red") . "$codename". color("reset")."\n \@OWASP_JoomScan , \@rezesp , \@Ali_Razmjo0 , \@OWASP\n\n"; + +if(!defined $ARGV[0]){ + + print color("cyan"); + printf "\n Usage: + joomscan.pl + joomscan.pl -u http://target.com/joomla + joomscan.pl -m targets.txt + + + Options: + joomscan.pl --help\n\n"; + print color("reset"); + exit(1); +} +$cookie=1; +$proxy=1; +#Start help Function +sub help +{ + print color("cyan"); + printf " + +Help : + +Usage: $0 [options] + +--url | -u | The Joomla URL/domain to scan. +--mass | -m | Cycle through URLs provided in txt file +--enumerate-components | -ec | Try to enumerate components. +--joomla-version | -jv | Output target Joomla version and exit without further checks +--no-report | -nr | Do not produce a report + +--cookie | Set cookie. +--user-agent | -a | Use the specified User-Agent. +--random-agent | -r | Use a random User-Agent. +--timeout | Set timeout. +--proxy=PROXY | Use a proxy to connect to the target URL + Proxy example: --proxy http://127.0.0.1:8080 + https://127.0.0.1:443 + socks://127.0.0.1:414 + +--about | About Author +--update | Update to the latest version. +--help | -h | This help screen. +--version | Output the current joomscan version and exit. + + +"; + print color("reset"); + exit(1); +} +sub about +{ + print color("cyan"); + printf " + Author : $author + Twitter : \@rezesp , \@Ali_Razmjo0 + Git repository : https://github.com/rezasp/joomscan/ + Issues : https://github.com/rezasp/joomscan/issues + \n\n"; + print color("reset"); + exit(1); +} +sub update +{ + do "$mepath/core/update.pl"; + print color("reset"); + exit(1); +} + + +GetOptions( + 'help|h' => sub { help(0) }, + 'update' => sub { update(0) }, + 'about' => sub { about(0) }, + 'enumerate-components|ec' => sub { $components = 1 }, + 'no-report|nr' => sub { $noreport = 1 }, + 'joomla-version|jv' => sub { $jversion = 1 }, + 'random-agent|r' => sub { $randomagent = 1 }, + 'user-agent|a=s' => \$agent, + 'timeout=s' => \$timeout, + 'proxy=s' => \$proxy, + 'cookie=s' => \$cookie, + 'u|url=s' => \$target, + 'm|mass=s' => \$urlfile, + 'version' => sub { print "\n\nVersion : $version\n\n";exit; }, + +); +if(($target !~ /\S/)&&($urlfile !~ /\S/)){ + print color("red"); + print "[+] No target specified!\n\n"; + print color("reset"); + exit (1); +} +if($target !~ /^https?:\/\//) { $target = "http://$target"; }; + +#End help Function diff --git a/core/main.pl b/core/main.pl index a86131d..7c5c57a 100644 --- a/core/main.pl +++ b/core/main.pl @@ -1,116 +1,116 @@ -#!/usr/bin/perl - -use utf8; -use open ':std', ':encoding(UTF-8)'; -use Term::ANSIColor; - -my $can_regexp=1; -eval "use Regexp::Common \"URI\""; -if($@) { $can_regexp=0; } - -$ua = LWP::UserAgent->new(); -$ua->protocols_allowed( [ 'http' ] ); -if($target =~ /^https:\/\//) { - my $can_https=1; - eval "use LWP::Protocol::https"; - if($@) { $can_https=0; } - - if ($can_https) { - $ua->ssl_opts( 'verify_hostname' => 0 ); - push @{ $ua->protocols_allowed }, 'https'; - } else { - print color("red"); - print "[+] Target uses HTTPS, but module LWP::Protocol::https is not available!\n\n"; - print color("reset"); - exit (1); - } -} - -print color("blue"); - -$timeout = $timeout || 60; -$ua->timeout($timeout); - -@weekday = ("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"); -($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();; -$year = $year + 1900; -$mon += 1; -$stime="$year-$mon-$mday $hour:$min:$sec $weekday[$wday]"; - - -@uagnt=('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5' -,'Googlebot/2.1 ( http://www.googlebot.com/bot.html)' -,'Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04 Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13' -,'Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)' -,'Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51' -,'Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620' -,'Debian APT-HTTP/1.3 (0.8.10.3)' -,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' -,'Googlebot/2.1 (+http://www.googlebot.com/bot.html)' -,'Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)' -,'YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)' -,'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)' -,'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)' -,'msnbot/1.1 (+http://search.msn.com/msnbot.htm)' -); - -$agent = $agent || 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5'; - -$agent = $uagnt[ rand @uagnt ] if($randomagent==1); - -$ua->agent($agent); - -if($proxy!=1){ - if($proxy =~ /^https?/ or $proxy =~ /^socks?/ or $proxy =~ /^ftp/){ - $ua->proxy([qw(http https)] => $proxy); - } -} - -$ua->cookie_jar({}) if($cookie!=1); -$ua->default_header('Cookie'=> "$cookie") if($cookie!=1); - - -our @dlog;our @tflog; - -our $log=""; -sub dprint{ - my ($in) = @_; - $in =~ s/\/\//\//g; - $in =~ s/http:\//http:\/\//g; - $in =~ s/https:\//https:\/\//g; - $#dlog++; - $dlog[$#dlog]=$in; - $in="\n[+] $in\n"; - $log .= $in; - print color("blue"); - print "$in"; -} -sub tprint{ - my ($in) = @_; - $in =~ s/\/\//\//g; - $in =~ s/http:\//http:\/\//g; - $in =~ s/https:\//https:\/\//g; - $#tflog++; - $tflog[$#tflog]=$in; - $in="[++] $in\n"; - $log .= $in; - print color("yellow"); - print "$in"; - print color("blue"); -} -sub fprint{ - my ($in) = @_; - $in =~ s/\/\//\//g; - $in =~ s/http:\//http:\/\//g; - $in =~ s/https:\//https:\/\//g; - $#tflog++; - $tflog[$#tflog]="1337false$in"; - $in="[++] $in\n"; - $log .= $in; - print color("red"); - print "$in"; - print color("blue"); -} - -print color("blue"); +#!/usr/bin/perl + +use utf8; +use open ':std', ':encoding(UTF-8)'; +use Term::ANSIColor; + +my $can_regexp=1; +eval "use Regexp::Common \"URI\""; +if($@) { $can_regexp=0; } + +$ua = LWP::UserAgent->new(); +$ua->protocols_allowed( [ 'http' ] ); +if($target =~ /^https:\/\//) { + my $can_https=1; + eval "use LWP::Protocol::https"; + if($@) { $can_https=0; } + + if ($can_https) { + $ua->ssl_opts( 'verify_hostname' => 0 ); + push @{ $ua->protocols_allowed }, 'https'; + } else { + print color("red"); + print "[+] Target uses HTTPS, but module LWP::Protocol::https is not available!\n\n"; + print color("reset"); + if (!$urlfile) {exit (1);} else {next;} + } +} + +print color("blue"); + +$timeout = $timeout || 60; +$ua->timeout($timeout); + +@weekday = ("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"); +($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();; +$year = $year + 1900; +$mon += 1; +$stime="$year-$mon-$mday $hour:$min:$sec $weekday[$wday]"; + + +@uagnt=('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5' +,'Googlebot/2.1 ( http://www.googlebot.com/bot.html)' +,'Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04 Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13' +,'Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)' +,'Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51' +,'Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620' +,'Debian APT-HTTP/1.3 (0.8.10.3)' +,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' +,'Googlebot/2.1 (+http://www.googlebot.com/bot.html)' +,'Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)' +,'YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)' +,'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)' +,'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)' +,'msnbot/1.1 (+http://search.msn.com/msnbot.htm)' +); + +$agent = $agent || 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5'; + +$agent = $uagnt[ rand @uagnt ] if($randomagent==1); + +$ua->agent($agent); + +if($proxy!=1){ + if($proxy =~ /^https?/ or $proxy =~ /^socks?/ or $proxy =~ /^ftp/){ + $ua->proxy([qw(http https)] => $proxy); + } +} + +$ua->cookie_jar({}) if($cookie!=1); +$ua->default_header('Cookie'=> "$cookie") if($cookie!=1); + + +our @dlog;our @tflog; + +our $log=""; +sub dprint{ + my ($in) = @_; + $in =~ s/\/\//\//g; + $in =~ s/http:\//http:\/\//g; + $in =~ s/https:\//https:\/\//g; + $#dlog++; + $dlog[$#dlog]=$in; + $in="\n[+] $in\n"; + $log .= $in; + print color("blue"); + print "$in"; +} +sub tprint{ + my ($in) = @_; + $in =~ s/\/\//\//g; + $in =~ s/http:\//http:\/\//g; + $in =~ s/https:\//https:\/\//g; + $#tflog++; + $tflog[$#tflog]=$in; + $in="[++] $in\n"; + $log .= $in; + print color("yellow"); + print "$in"; + print color("blue"); +} +sub fprint{ + my ($in) = @_; + $in =~ s/\/\//\//g; + $in =~ s/http:\//http:\/\//g; + $in =~ s/https:\//https:\/\//g; + $#tflog++; + $tflog[$#tflog]="1337false$in"; + $in="[++] $in\n"; + $log .= $in; + print color("red"); + print "$in"; + print color("blue"); +} + +print color("blue"); print "Processing $target ...\n\n\n"; \ No newline at end of file diff --git a/core/ver.pl b/core/ver.pl index 4c90292..49177e2 100644 --- a/core/ver.pl +++ b/core/ver.pl @@ -1,71 +1,71 @@ -#start Version finder -dprint("Detecting Joomla Version"); - -$ua->timeout(60); - -my $response = $ua->get("$target"); -if (!$response->is_success) { - print color("red"); - print "[++] The target is not alive!\n\n"; - print color("reset"); - exit 0; -} - -$ua->timeout($timeout); - -$source=$ua->get("$target/")->as_string; -if($source =~ /X-Meta-Generator\:(.*?)\n/){ -$ppp=$1; - if($ppp =~ /[0-9]+(\.[0-9]+)+/g){ - $ver="Joomla $&"; - } -} -if($ver !~ m/\./i){ - @vers = ('administrator/manifests/files/joomla.xml','language/en-GB/en-GB.xml','administrator/components/com_content/content.xml','administrator/components/com_plugins/plugins.xml','administrator/components/com_media/media.xml','mambots/content/moscode.xml'); - foreach $verc(@vers){ - $source=$ua->get("$target/$verc")->decoded_content; - if($source =~ /\(.*?)\<\/version\>/){ - $ver="Joomla $1"; - last; - } - } -} -if($ver !~ m/\./i){ - @vers = ('language/en-GB/en-GB.xml','templates/system/css/system.css','media/system/js/mootools-more.js','language/en-GB/en-GB.ini','htaccess.txt','language/en-GB/en-GB.com_media.ini'); - foreach $verc(@vers){ - $source=$ua->get("$target/$verc")->decoded_content; - if($source =~ /system\.css 20196 2011\-01\-09 02\:40\:25Z ian/ or $source =~ /MooTools\.More\=\{version\:\"1\.3\.0\.1\"/ or $source =~ /en-GB\.ini 20196 2011\-01\-09 02\:40\:25Z ian/ or $source =~ /en-GB\.ini 20990 2011\-03\-18 16\:42\:30Z infograf768/ or $source =~ /20196 2011\-01\-09 02\:40\:25Z ian/){ - $ver="Joomla 1.6"; - last; - }elsif($source =~ /system\.css 21322 2011\-05\-11 01\:10\:29Z dextercowley / or $source =~ /MooTools\.More\=\{version\:\"1\.3\.2\.1\"/ or $source =~ /22183 2011\-09\-30 09\:04\:32Z infograf768/ or $source =~ /21660 2011\-06\-23 13\:25\:32Z infograf768/){ - $ver="Joomla 1.7"; - last; - }elsif($source =~ /Joomla! 1.5/ or $source =~ /MooTools\=\{version\:\'1\.12\'\}/ or $source =~ /11391 2009\-01\-04 13\:35\:50Z ian/){ - $ver="Joomla 1.5"; - last; - }elsif($source =~ /Copyright \(C\) 2005 \- 2012 Open Source Matters/ or $source =~ /MooTools.More\=\{version\:\"1\.4\.0\.1\"/){ - $ver="Joomla 2.5"; - last; - }elsif($source =~ /\s+get("$target/README.txt")->decoded_content; - if($source =~ /package to version (.*?)\n/){ - $ver="Joomla $1"; - } -} - -$ver =~ tr/[0-9][a-z][A-Z][\.]\ //cd; -#if( $ver =~ /\d\.\d\.\d+/ and length($ver) > 25) {$ver= "Joomla $&";} - -if($ver !~ m/\./i){fprint("ver 404\n")}else{tprint("$ver");} - -#end Version finder +#start Version finder +dprint("Detecting Joomla Version"); + +$ua->timeout(60); + +my $response = $ua->get("$target"); +if (!$response->is_success) { + print color("red"); + print "[++] The target is not alive!\n\n"; + print color("reset"); + if (!$urlfile) {exit 0;} else {next;} +} + +$ua->timeout($timeout); + +$source=$ua->get("$target/")->as_string; +if($source =~ /X-Meta-Generator\:(.*?)\n/){ +$ppp=$1; + if($ppp =~ /[0-9]+(\.[0-9]+)+/g){ + $ver="Joomla $&"; + } +} +if($ver !~ m/\./i){ + @vers = ('administrator/manifests/files/joomla.xml','language/en-GB/en-GB.xml','administrator/components/com_content/content.xml','administrator/components/com_plugins/plugins.xml','administrator/components/com_media/media.xml','mambots/content/moscode.xml'); + foreach $verc(@vers){ + $source=$ua->get("$target/$verc")->decoded_content; + if($source =~ /\(.*?)\<\/version\>/){ + $ver="Joomla $1"; + last; + } + } +} +if($ver !~ m/\./i){ + @vers = ('language/en-GB/en-GB.xml','templates/system/css/system.css','media/system/js/mootools-more.js','language/en-GB/en-GB.ini','htaccess.txt','language/en-GB/en-GB.com_media.ini'); + foreach $verc(@vers){ + $source=$ua->get("$target/$verc")->decoded_content; + if($source =~ /system\.css 20196 2011\-01\-09 02\:40\:25Z ian/ or $source =~ /MooTools\.More\=\{version\:\"1\.3\.0\.1\"/ or $source =~ /en-GB\.ini 20196 2011\-01\-09 02\:40\:25Z ian/ or $source =~ /en-GB\.ini 20990 2011\-03\-18 16\:42\:30Z infograf768/ or $source =~ /20196 2011\-01\-09 02\:40\:25Z ian/){ + $ver="Joomla 1.6"; + last; + }elsif($source =~ /system\.css 21322 2011\-05\-11 01\:10\:29Z dextercowley / or $source =~ /MooTools\.More\=\{version\:\"1\.3\.2\.1\"/ or $source =~ /22183 2011\-09\-30 09\:04\:32Z infograf768/ or $source =~ /21660 2011\-06\-23 13\:25\:32Z infograf768/){ + $ver="Joomla 1.7"; + last; + }elsif($source =~ /Joomla! 1.5/ or $source =~ /MooTools\=\{version\:\'1\.12\'\}/ or $source =~ /11391 2009\-01\-04 13\:35\:50Z ian/){ + $ver="Joomla 1.5"; + last; + }elsif($source =~ /Copyright \(C\) 2005 \- 2012 Open Source Matters/ or $source =~ /MooTools.More\=\{version\:\"1\.4\.0\.1\"/){ + $ver="Joomla 2.5"; + last; + }elsif($source =~ /\s+get("$target/README.txt")->decoded_content; + if($source =~ /package to version (.*?)\n/){ + $ver="Joomla $1"; + } +} + +$ver =~ tr/[0-9][a-z][A-Z][\.]\ //cd; +#if( $ver =~ /\d\.\d\.\d+/ and length($ver) > 25) {$ver= "Joomla $&";} + +if($ver !~ m/\./i){fprint("ver 404\n")}else{tprint("$ver");} + +#end Version finder From cbbd22b86ef140f5917d441d91519b662a7387ed Mon Sep 17 00:00:00 2001 From: hack-tramp <53376845+hack-tramp@users.noreply.github.com> Date: Thu, 29 Aug 2019 15:27:31 +0100 Subject: [PATCH 4/6] Delete header.pl --- header.pl | 117 ------------------------------------------------------ 1 file changed, 117 deletions(-) delete mode 100644 header.pl diff --git a/header.pl b/header.pl deleted file mode 100644 index 4ab0ecc..0000000 --- a/header.pl +++ /dev/null @@ -1,117 +0,0 @@ -#!/usr/bin/perl - -use Term::ANSIColor; - -print color("YELLOW"); -print q{ - ____ _____ _____ __ __ ___ ___ __ _ _ - (_ _)( _ )( _ )( \/ )/ __) / __) /__\ ( \( ) - .-_)( )(_)( )(_)( ) ( \__ \( (__ /(__)\ ) ( - \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_) -}; - print color("red") . "\t\t\t(1337.today)" . color("reset"); - print " - - --=[". color("BLUE") . "OWASP JoomScan". color("reset") ." - +---++---==[Version : " - . color("red"). "$version\n". color("reset") . " +---++---==[Update Date : [". color("red") . "$update". color("reset") . "] - +---++---==[Authors : ". color("red") . "$author". color("reset")." - --=[Code name : ". color("red") . "$codename". color("reset")."\n \@OWASP_JoomScan , \@rezesp , \@Ali_Razmjo0 , \@OWASP\n\n"; - -if(!defined $ARGV[0]){ - - print color("cyan"); - printf "\n Usage: - joomscan.pl - joomscan.pl -u http://target.com/joomla - joomscan.pl -m targets.txt - - - Options: - joomscan.pl --help\n\n"; - print color("reset"); - exit(1); -} -$cookie=1; -$proxy=1; -#Start help Function -sub help -{ - print color("cyan"); - printf " - -Help : - -Usage: $0 [options] - ---url | -u | The Joomla URL/domain to scan. ---mass | -m | Cycle through URLs provided in txt file ---enumerate-components | -ec | Try to enumerate components. ---joomla-version | -jv | Outpute target Joomla version and exit without further checks ---no-report | -nr | Do not produce a report - ---cookie | Set cookie. ---user-agent | -a | Use the specified User-Agent. ---random-agent | -r | Use a random User-Agent. ---timeout | Set timeout. ---proxy=PROXY | Use a proxy to connect to the target URL - Proxy example: --proxy http://127.0.0.1:8080 - https://127.0.0.1:443 - socks://127.0.0.1:414 - ---about | About Author ---update | Update to the latest version. ---help | -h | This help screen. ---version | Output the current joomscan version and exit. - - -"; - print color("reset"); - exit(1); -} -sub about -{ - print color("cyan"); - printf " - Author : $author - Twitter : \@rezesp , \@Ali_Razmjo0 - Git repository : https://github.com/rezasp/joomscan/ - Issues : https://github.com/rezasp/joomscan/issues - \n\n"; - print color("reset"); - exit(1); -} -sub update -{ - do "$mepath/core/update.pl"; - print color("reset"); - exit(1); -} - - -GetOptions( - 'help|h' => sub { help(0) }, - 'update' => sub { update(0) }, - 'about' => sub { about(0) }, - 'enumerate-components|ec' => sub { $components = 1 }, - 'no-report|nr' => sub { $noreport = 1 }, - 'joomla-version|jv' => sub { $jversion = 1 }, - 'random-agent|r' => sub { $randomagent = 1 }, - 'user-agent|a=s' => \$agent, - 'timeout=s' => \$timeout, - 'proxy=s' => \$proxy, - 'cookie=s' => \$cookie, - 'u|url=s' => \$target, - 'm|mass=s' => \$urlfile, - 'version' => sub { print "\n\nVersion : $version\n\n";exit; }, - -); -if(($target !~ /\S/)&&($urlfile !~ /\S/)){ - print color("red"); - print "[+] No target specified!\n\n"; - print color("reset"); - exit (1); -} -if($target !~ /^https?:\/\//) { $target = "http://$target"; }; - -#End help Function From 256eb9692a5499bd025be5f3cc1d169c8257b747 Mon Sep 17 00:00:00 2001 From: hack-tramp <53376845+hack-tramp@users.noreply.github.com> Date: Thu, 29 Aug 2019 15:27:52 +0100 Subject: [PATCH 5/6] Delete main.pl --- main.pl | 116 -------------------------------------------------------- 1 file changed, 116 deletions(-) delete mode 100644 main.pl diff --git a/main.pl b/main.pl deleted file mode 100644 index 7c5c57a..0000000 --- a/main.pl +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/bin/perl - -use utf8; -use open ':std', ':encoding(UTF-8)'; -use Term::ANSIColor; - -my $can_regexp=1; -eval "use Regexp::Common \"URI\""; -if($@) { $can_regexp=0; } - -$ua = LWP::UserAgent->new(); -$ua->protocols_allowed( [ 'http' ] ); -if($target =~ /^https:\/\//) { - my $can_https=1; - eval "use LWP::Protocol::https"; - if($@) { $can_https=0; } - - if ($can_https) { - $ua->ssl_opts( 'verify_hostname' => 0 ); - push @{ $ua->protocols_allowed }, 'https'; - } else { - print color("red"); - print "[+] Target uses HTTPS, but module LWP::Protocol::https is not available!\n\n"; - print color("reset"); - if (!$urlfile) {exit (1);} else {next;} - } -} - -print color("blue"); - -$timeout = $timeout || 60; -$ua->timeout($timeout); - -@weekday = ("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"); -($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();; -$year = $year + 1900; -$mon += 1; -$stime="$year-$mon-$mday $hour:$min:$sec $weekday[$wday]"; - - -@uagnt=('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5' -,'Googlebot/2.1 ( http://www.googlebot.com/bot.html)' -,'Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04 Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13' -,'Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)' -,'Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51' -,'Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620' -,'Debian APT-HTTP/1.3 (0.8.10.3)' -,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' -,'Googlebot/2.1 (+http://www.googlebot.com/bot.html)' -,'Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)' -,'YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)' -,'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)' -,'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)' -,'msnbot/1.1 (+http://search.msn.com/msnbot.htm)' -); - -$agent = $agent || 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5'; - -$agent = $uagnt[ rand @uagnt ] if($randomagent==1); - -$ua->agent($agent); - -if($proxy!=1){ - if($proxy =~ /^https?/ or $proxy =~ /^socks?/ or $proxy =~ /^ftp/){ - $ua->proxy([qw(http https)] => $proxy); - } -} - -$ua->cookie_jar({}) if($cookie!=1); -$ua->default_header('Cookie'=> "$cookie") if($cookie!=1); - - -our @dlog;our @tflog; - -our $log=""; -sub dprint{ - my ($in) = @_; - $in =~ s/\/\//\//g; - $in =~ s/http:\//http:\/\//g; - $in =~ s/https:\//https:\/\//g; - $#dlog++; - $dlog[$#dlog]=$in; - $in="\n[+] $in\n"; - $log .= $in; - print color("blue"); - print "$in"; -} -sub tprint{ - my ($in) = @_; - $in =~ s/\/\//\//g; - $in =~ s/http:\//http:\/\//g; - $in =~ s/https:\//https:\/\//g; - $#tflog++; - $tflog[$#tflog]=$in; - $in="[++] $in\n"; - $log .= $in; - print color("yellow"); - print "$in"; - print color("blue"); -} -sub fprint{ - my ($in) = @_; - $in =~ s/\/\//\//g; - $in =~ s/http:\//http:\/\//g; - $in =~ s/https:\//https:\/\//g; - $#tflog++; - $tflog[$#tflog]="1337false$in"; - $in="[++] $in\n"; - $log .= $in; - print color("red"); - print "$in"; - print color("blue"); -} - -print color("blue"); -print "Processing $target ...\n\n\n"; \ No newline at end of file From 8359f5b9494dc249e143a7be57b5bfd6fbd09c1e Mon Sep 17 00:00:00 2001 From: hack-tramp <53376845+hack-tramp@users.noreply.github.com> Date: Thu, 29 Aug 2019 15:28:06 +0100 Subject: [PATCH 6/6] Delete ver.pl --- ver.pl | 71 ---------------------------------------------------------- 1 file changed, 71 deletions(-) delete mode 100644 ver.pl diff --git a/ver.pl b/ver.pl deleted file mode 100644 index 49177e2..0000000 --- a/ver.pl +++ /dev/null @@ -1,71 +0,0 @@ -#start Version finder -dprint("Detecting Joomla Version"); - -$ua->timeout(60); - -my $response = $ua->get("$target"); -if (!$response->is_success) { - print color("red"); - print "[++] The target is not alive!\n\n"; - print color("reset"); - if (!$urlfile) {exit 0;} else {next;} -} - -$ua->timeout($timeout); - -$source=$ua->get("$target/")->as_string; -if($source =~ /X-Meta-Generator\:(.*?)\n/){ -$ppp=$1; - if($ppp =~ /[0-9]+(\.[0-9]+)+/g){ - $ver="Joomla $&"; - } -} -if($ver !~ m/\./i){ - @vers = ('administrator/manifests/files/joomla.xml','language/en-GB/en-GB.xml','administrator/components/com_content/content.xml','administrator/components/com_plugins/plugins.xml','administrator/components/com_media/media.xml','mambots/content/moscode.xml'); - foreach $verc(@vers){ - $source=$ua->get("$target/$verc")->decoded_content; - if($source =~ /\(.*?)\<\/version\>/){ - $ver="Joomla $1"; - last; - } - } -} -if($ver !~ m/\./i){ - @vers = ('language/en-GB/en-GB.xml','templates/system/css/system.css','media/system/js/mootools-more.js','language/en-GB/en-GB.ini','htaccess.txt','language/en-GB/en-GB.com_media.ini'); - foreach $verc(@vers){ - $source=$ua->get("$target/$verc")->decoded_content; - if($source =~ /system\.css 20196 2011\-01\-09 02\:40\:25Z ian/ or $source =~ /MooTools\.More\=\{version\:\"1\.3\.0\.1\"/ or $source =~ /en-GB\.ini 20196 2011\-01\-09 02\:40\:25Z ian/ or $source =~ /en-GB\.ini 20990 2011\-03\-18 16\:42\:30Z infograf768/ or $source =~ /20196 2011\-01\-09 02\:40\:25Z ian/){ - $ver="Joomla 1.6"; - last; - }elsif($source =~ /system\.css 21322 2011\-05\-11 01\:10\:29Z dextercowley / or $source =~ /MooTools\.More\=\{version\:\"1\.3\.2\.1\"/ or $source =~ /22183 2011\-09\-30 09\:04\:32Z infograf768/ or $source =~ /21660 2011\-06\-23 13\:25\:32Z infograf768/){ - $ver="Joomla 1.7"; - last; - }elsif($source =~ /Joomla! 1.5/ or $source =~ /MooTools\=\{version\:\'1\.12\'\}/ or $source =~ /11391 2009\-01\-04 13\:35\:50Z ian/){ - $ver="Joomla 1.5"; - last; - }elsif($source =~ /Copyright \(C\) 2005 \- 2012 Open Source Matters/ or $source =~ /MooTools.More\=\{version\:\"1\.4\.0\.1\"/){ - $ver="Joomla 2.5"; - last; - }elsif($source =~ /\s+get("$target/README.txt")->decoded_content; - if($source =~ /package to version (.*?)\n/){ - $ver="Joomla $1"; - } -} - -$ver =~ tr/[0-9][a-z][A-Z][\.]\ //cd; -#if( $ver =~ /\d\.\d\.\d+/ and length($ver) > 25) {$ver= "Joomla $&";} - -if($ver !~ m/\./i){fprint("ver 404\n")}else{tprint("$ver");} - -#end Version finder