Commits

WebBreacher committed b3568fb Merge

Merged LaNMaSteR53/recon-ng into master

Comments (0)

Files changed (4)

 *
 !.gitignore
 !hostnames.txt
+!av_domains.lst

modules/auxiliary/netcraft_history.py

 import re
 import hashlib
 import urllib
+import time
+import random
 
 class Module(framework.module):
 
                     print ''
                 except Exception as e:
                     self.error(e.__str__())
+                if not resp: break
 
             content = resp.text
 
                 history.insert(0, header)
                 self.table(history, True)
             else:
-                self.output('No results found')
+                self.output('No results found')
+
+            if len(hosts) > 1:
+                # sleep script to avoid lock-out
+                if verbose: self.output('Sleeping to Avoid Lock-out...')
+                try: time.sleep(random.randint(5,15))
+                except KeyboardInterrupt:
+                    print ''
+                    break

modules/auxiliary/phpinfo.py

+import framework
+# unique to module
+
+class Module(framework.module):
+
+    def __init__(self, params):
+        framework.module.__init__(self, params)
+        self.register_option('source', 'db', 'yes', 'source of module input')
+        self.register_option('verbose', self.goptions['verbose']['value'], 'yes', self.goptions['verbose']['desc'])
+        self.classify = 'active'
+        self.info = {
+                     'Name': 'phpinfo() Page Checker',
+                     'Author': 'Jay Turla (@shipcod3)',
+                     'Classification': '%s Reconnaissance' % (self.classify.title()),
+                     'Description': 'Checks the hosts for phpinfo() page which outputs information about PHP configuration',
+                     'Comments': [
+                                  'Source options: db, <hostname>, <path/to/infile>',
+                                  'Reference: http://php.net/manual/en/function.phpinfo.php',
+                                  'Google Dorks:',
+                                  '%sinurl:phpinfo.php ext:php' % (self.spacer),
+                                  '%sinurl:test.php intitle:phpinfo() ext:php' % (self.spacer)
+                                  ]
+                     }
+
+    def do_run(self, params):
+        if not self.validate_options(): return
+        # === begin here ===
+        self.check_for_phpinfo()
+    
+    def check_for_phpinfo(self):
+        verbose = self.options['verbose']['value']
+        
+        hosts = self.get_source(self.options['source']['value'], 'SELECT DISTINCT host FROM hosts WHERE host IS NOT NULL ORDER BY host')
+        if not hosts: return
+
+        # check all hosts for phpinfo() page under phpinfo.php and test.php files
+        protocols = ['http', 'https']
+        files = [('phpinfo.php'), ('test.php')]
+        cnt = 0
+        for host in hosts:
+            for proto in protocols:
+                for filename in files:
+                    url = '%s://%s/%s' % (proto, host, filename)
+                    try:
+                        resp = self.request(url, redirect=False)
+                        code = resp.status_code
+                    except KeyboardInterrupt:
+                        print ''
+                        return
+                    except:
+                        code = 'Error'
+                    if code == 200 and 'phpinfo()' in resp.text:
+                        self.alert('%s => %s. phpinfo() page found!' % (url, code))
+                        cnt += 1
+                    else:
+                        if verbose: self.output('%s => %s' % (url, code))
+        self.output('%d phpinfo() pages found' % (cnt))

modules/hosts/netcraft.py

 import urllib
 import re
 import hashlib
+import time
+import random
 
 class Module(framework.module):
 
             content = None
             if verbose: self.output('URL: %s?%s' % (url, urllib.urlencode(payload)))
 
-	    try: content = self.request(url, payload=payload, cookies=cookies)
-	    except KeyboardInterrupt:
-		print ''
-	    except Exception as e:
-		self.error(e.__str__())
-	    if not content: break
-	    
-	    if 'set-cookie' in content.headers:
-		# we have a cookie to set!
-		cookie = content.headers['set-cookie']
-		# this was taken from the netcraft page's JavaScript, no need to use big parsers just for that
-		# grab the cookie sent by the server, hash it and send the response
-		challenge_token = (cookie.split('=')[1].split(';')[0])
-		response = hashlib.sha1(urllib.unquote(challenge_token))
-		cookies = {
-			  'netcraft_js_verification_response': '%s' % response.hexdigest(),
-			  'netcraft_js_verification_challenge': '%s' % challenge_token,
-			  'path' : '/'
-			  }
+            try: content = self.request(url, payload=payload, cookies=cookies)
+            except KeyboardInterrupt:
+                print ''
+            except Exception as e:
+                self.error(e.__str__())
+            if not content: break
+            
+            if 'set-cookie' in content.headers:
+                # we have a cookie to set!
+                cookie = content.headers['set-cookie']
+                # this was taken from the netcraft page's JavaScript, no need to use big parsers just for that
+                # grab the cookie sent by the server, hash it and send the response
+                challenge_token = (cookie.split('=')[1].split(';')[0])
+                response = hashlib.sha1(urllib.unquote(challenge_token))
+                cookies = {
+                      'netcraft_js_verification_response': '%s' % response.hexdigest(),
+                      'netcraft_js_verification_challenge': '%s' % challenge_token,
+                      'path' : '/'
+                      }
 
-		# Now we can request the page again
-		try: content = self.request(url, payload=payload, cookies=cookies)
-		except KeyboardInterrupt:
-		    print ''
-		except Exception as e:
-		    self.error(e.__str__())
+                # Now we can request the page again
+                try: content = self.request(url, payload=payload, cookies=cookies)
+                except KeyboardInterrupt:
+                    print ''
+                except Exception as e:
+                    self.error(e.__str__())
 
             content = content.text
 
                 payload['last'] = link[0][1]
                 payload['from'] = link[1][1]
                 if verbose: self.output('Next page available! Requesting again...' )
+                # sleep script to avoid lock-out
+                if verbose: self.output('Sleeping to Avoid Lock-out...')
+                try: time.sleep(random.randint(5,15))
+                except KeyboardInterrupt:
+                    print ''
+                    break
 
         if verbose: self.output('Final Query String: %s?%s' % (url, urllib.urlencode(payload)))
         self.output('%d total hosts found.' % (len(subs)))
-        if cnt: self.alert('%d NEW hosts found!' % (cnt))
+        if cnt: self.alert('%d NEW hosts found!' % (cnt))
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.