joo_gathering

anouarbensaad · May 26, 2019 · 7bf626e · 7bf626e
1 parent ca2316f
commit 7bf626e
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 40 deletions.
diff --git a/common/grabjoo.py b/common/grabjoo.py
@@ -4,24 +4,40 @@
 import requests
 # Find Joomla version and check it on exploit-db
 def joo_version(url,headers):
-    endpoint = url + "/administrator/manifests/files" + '/joomla.xml'
-    response = requests.get(endpoint,headers).text
-    regex = r'<version>(.+?)</version>'
-    pattern = re.compile(regex)
-    version = re.findall(pattern, response)
-    if version:
-        return print (' %s Version : %s' %(good,version[0]))
+        endpoint = url + "/administrator/manifests/files" + '/joomla.xml'
+        response = requests.get(endpoint,headers).text
+        regex = r'<version>(.+?)</version>'
+        pattern = re.compile(regex)
+        version = re.findall(pattern, response)
+        if version:
+                return print (' %s Version : %s' %(good,version[0]))
 
 def joo_user(url,headers):
-    users = []
-    endpoint = url + '/?format=feed'
-    response = requests.get(endpoint,headers).text
-    regex = r'<author>(.+?) \((.+?)\)</author>'
-    pattern = re.compile(regex)
-    joouser = re.findall(pattern, response)
-    if joouser:
-        joouser = sorted(set(joouser))
+        users = []
+        endpoint = url + '/?format=feed'
+        response = requests.get(endpoint,headers).text
+        regex = r'<author>(.+?) \((.+?)\)</author>'
+        pattern = re.compile(regex)
+        joouser = re.findall(pattern, response)
+        if joouser:
+                joouser = sorted(set(joouser))
         for user in joouser:
-            users.append(user[1])
-            msg = user[1] + ": " + user[0]
-            print(msg)
+                users.append(user[1])
+                msg = user[1] + ": " + user[0]
+                print(msg)
+
+def joo_template(url,headers):
+        main_endpoint = url + '/index.php'
+        responsea = requests.get(main_endpoint,headers).text
+        WebTemplates = re.findall("/templates/(.+?)/", responsea)
+        WebTemplates = sorted(set(WebTemplates))
+        adm_endpoint = url + '/administrator/index.php'
+        responseb = requests.get(adm_endpoint,headers).text
+        AdminTemplates = re.findall("/administrator/templates/(.+?)/", responseb)
+        AdminTemplates = sorted(set(AdminTemplates))
+        if WebTemplates:
+                for WebTemplate in WebTemplates:
+                        return print (' %s WebTemplate : %s' %(good,WebTemplate[0]))
+        if AdminTemplates:
+                for AdminTemplate in AdminTemplates:
+                        return print (' %s AdminTemplate : %s' %(good,AdminTemplate[0]))
diff --git a/common/grabwp.py b/common/grabwp.py
@@ -19,12 +19,13 @@ def wp_themes(url,headers,grabinfo):
     themes_array = []
     getthemes = requests.get(ep,headers).text
     matches = re.findall(re.compile(r'themes/(\w+)?/'),getthemes)
-    #loop for matching themes.
+    #loop for matching themes.)
     if len(matches) > 0:
         for theme in matches:
-            if theme not in themes_array:
-                themes_array.append(theme)
-        print (' %s Themes : %s ' %(good," \n                  ".join(themes_array)))
+                if theme not in themes_array:
+                        themes_array.append(theme)
+        for i in range(len(themes_array)): 
+                print (' %s Themes : %s ' %(good , themes_array[i]))
 #searching for the wordpress user
 def wp_user(url,headers,grabinfo):
     ep = url + '/?author=1'
@@ -42,7 +43,9 @@ def wp_plugin(url,headers,grabinfo):
     getplugin = requests.get(ep,headers).text
     matches = re.findall(re.compile(r'wp-content/plugins/(\w+)?/'),getplugin)
     if len(matches) > 0:
-        for plugs in matches:
-            if plugs not in plugins_array:
-                plugins_array.append(plugs)
-        print (' %s Plugins : %s ' %(good," \n                  ".join(plugins_array)))
+        for plugin in matches:
+                if plugin not in plugins_array:
+                        plugins_array.append(plugin)
+        for i in range(len(plugins_array)): 
+                print (' %s Plugins : %s ' %(good , plugins_array[i]))
+
diff --git a/vulnx.py b/vulnx.py
@@ -28,7 +28,7 @@
 #wp cms informations
 from common.grabwp import (wp_version,wp_plugin,wp_themes,wp_user)
 #joomla cms informations
-from common.grabjoo import (joo_version,joo_user)
+from common.grabjoo import (joo_version,joo_user,joo_template)
 from common.output_wr import writelogs as outlogs
 #dnsdumpster informations gathering
 from common.dnsdumperapi import dnsdumper , domain_info
@@ -159,14 +159,15 @@ def detect_cms():
             domain_info(url)
 
         if cms == 'version':
-            print (' %s Check CMS Info' %(run))
+            print (' %s CMS informations gathering' %(run))
             joo_version(url,headers)
-
+            print ("-----------------------------------------------")
         if cms == 'all':
-            print (' %s Check CMS Info' %(run))
+            print (' %s CMS informations gathering' %(run))
             joo_version(url,headers)
             joo_user(url,headers)
-
+            joo_template(url,headers)
+            print ("-----------------------------------------------")
         #port to scan
         if scanports:
             print (' %s Scanning Ports' %(run))
@@ -208,23 +209,23 @@ def detect_cms():
             domain_info(url)
         #wp_grab methods info from (folder)[./common/grapwp.py]
         if cms == 'version':
-            print (' %s Check CMS Info' %(run))
+            print (' %s CMS informations gathering' %(run))
             wp_version(url,headers,grabinfo)
             print ("-----------------------------------------------")
         if cms == 'themes':
-            print (' %s Check CMS Info' %(run))
+            print (' %s CMS informations gathering' %(run))
             wp_themes(url,headers,grabinfo)
             print ("-----------------------------------------------")
         if cms == 'user':
-            print (' %s Check CMS Info' %(run))
+            print (' %s CMS informations gathering' %(run))
             wp_user(url,headers,grabinfo)
             print ("-----------------------------------------------")
         if cms == 'plugins':
-            print (' %s Check CMS Info' %(run))
+            print (' %s CMS informations gathering' %(run))
             wp_plugin(url,headers,grabinfo)
             print ("-----------------------------------------------")
         if cms == 'all':
-            print (' %s Check CMS Info' %(run))
+            print (' %s CMS informations gathering' %(run))
             wp_version(url,headers,grabinfo)
             wp_themes(url,headers,grabinfo)
             wp_user(url,headers,grabinfo)
@@ -282,7 +283,7 @@ def detect_cms():
             print (' %s Starting searching for Subdomains' %(run))
             domain_info(url)
         if cms == 'version':
-            print (' %s Check CMS Info' %(run))
+            print (' %s CMS informations gathering' %(run))
             drupal_version()
         if scanports:
             print (' %s Scanning Ports\n' %(run))
@@ -316,7 +317,7 @@ def detect_cms():
             print (' %s Starting searching for Subdomains' %(run))
             domain_info(url)
         if cms == 'version':
-            print (' %s Check CMS Info' %(run))
+            print (' %s CMS informations gathering' %(run))
             prestashop_version()
         if scanports:
             print (' %s Scanning Ports\n' %(run))
@@ -350,7 +351,7 @@ def detect_cms():
             print (' %s Starting searching for Subdomains' %(run))
             domain_info(url)
         if cms == 'version':
-            print (' %s Check CMS Info' %(run))
+            print (' %s CMS informations gathering' %(run))
         if scanports:
             print (' %s Scanning Ports\n' %(run))
             print (""" %s     PORTS                     %sSTATUS  %sPROTO"""%(W,W,W))
@@ -383,7 +384,7 @@ def detect_cms():
             print (' %s Starting searching for Subdomains' %(run))
             domain_info(url)
         if cms == 'version':
-            print (' %s Check CMS Info' %(run))
+            print (' %s CMS informations gathering' %(run))
         if scanports:
             print (' %s Scanning Ports\n' %(run))
             print (""" %s     PORTS                     %sSTATUS  %sPROTO"""%(W,W,W))