Skip to content

Commit

Permalink
Merge pull request #1 from hack-tramp/hack-tramp-patch-1
Browse files Browse the repository at this point in the history 
Added mass scanning
  • Loading branch information
@hack-tramp
hack-tramp committed Aug 29, 2019
2 parents b2dad6a + a780a04 commit 9225b3a
Show file tree
Hide file tree
Showing 4 changed files with 388 additions and 66 deletions.
117 changes: 117 additions & 0 deletions header.pl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
#!/usr/bin/perl

use Term::ANSIColor;

print color("YELLOW");
print q{
____ _____ _____ __ __ ___ ___ __ _ _
(_ _)( _ )( _ )( \/ )/ __) / __) /__\ ( \( )
.-_)( )(_)( )(_)( ) ( \__ \( (__ /(__)\ ) (
\____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_)
};
print color("red") . "\t\t\t(1337.today)" . color("reset");
print "
--=[". color("BLUE") . "OWASP JoomScan". color("reset") ."
+---++---==[Version : "
. color("red"). "$version\n". color("reset") . " +---++---==[Update Date : [". color("red") . "$update". color("reset") . "]
+---++---==[Authors : ". color("red") . "$author". color("reset")."
--=[Code name : ". color("red") . "$codename". color("reset")."\n \@OWASP_JoomScan , \@rezesp , \@Ali_Razmjo0 , \@OWASP\n\n";

if(!defined $ARGV[0]){

print color("cyan");
printf "\n Usage:
joomscan.pl <target>
joomscan.pl -u http://target.com/joomla
joomscan.pl -m targets.txt
Options:
joomscan.pl --help\n\n";
print color("reset");
exit(1);
}
$cookie=1;
$proxy=1;
#Start help Function
sub help
{
print color("cyan");
printf "
Help :
Usage: $0 [options]
--url | -u <URL> | The Joomla URL/domain to scan.
--mass | -m <filename> | Cycle through URLs provided in txt file
--enumerate-components | -ec | Try to enumerate components.
--joomla-version | -jv | Outpute target Joomla version and exit without further checks
--no-report | -nr | Do not produce a report
--cookie <String> | Set cookie.
--user-agent | -a <User-Agent> | Use the specified User-Agent.
--random-agent | -r | Use a random User-Agent.
--timeout <Time-Out> | Set timeout.
--proxy=PROXY | Use a proxy to connect to the target URL
Proxy example: --proxy http://127.0.0.1:8080
https://127.0.0.1:443
socks://127.0.0.1:414
--about | About Author
--update | Update to the latest version.
--help | -h | This help screen.
--version | Output the current joomscan version and exit.
";
print color("reset");
exit(1);
}
sub about
{
print color("cyan");
printf "
Author : $author
Twitter : \@rezesp , \@Ali_Razmjo0
Git repository : https://github.com/rezasp/joomscan/
Issues : https://github.com/rezasp/joomscan/issues
\n\n";
print color("reset");
exit(1);
}
sub update
{
do "$mepath/core/update.pl";
print color("reset");
exit(1);
}


GetOptions(
'help|h' => sub { help(0) },
'update' => sub { update(0) },
'about' => sub { about(0) },
'enumerate-components|ec' => sub { $components = 1 },
'no-report|nr' => sub { $noreport = 1 },
'joomla-version|jv' => sub { $jversion = 1 },
'random-agent|r' => sub { $randomagent = 1 },
'user-agent|a=s' => \$agent,
'timeout=s' => \$timeout,
'proxy=s' => \$proxy,
'cookie=s' => \$cookie,
'u|url=s' => \$target,
'm|mass=s' => \$urlfile,
'version' => sub { print "\n\nVersion : $version\n\n";exit; },

);
if(($target !~ /\S/)&&($urlfile !~ /\S/)){
print color("red");
print "[+] No target specified!\n\n";
print color("reset");
exit (1);
}
if($target !~ /^https?:\/\//) { $target = "http://$target"; };

#End help Function
150 changes: 84 additions & 66 deletions joomscan.pl
View file
Original file line number Diff line number Diff line change
@@ -1,66 +1,84 @@
#!/usr/bin/perl
#
# --------------------------------------------------
# OWASP JoomScan
# --------------------------------------------------
# Copyright (C) <2018>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#


$author="Mohammad Reza Espargham , Ali Razmjoo";$author.="";
$version="0.0.7";$version.="";
$codename="Self Challenge";$codename.="";
$update="2018/09/23";$update.="";
$mmm=0;

system(($^O eq 'MSWin32') ? 'cls' : 'clear');
use if $^O eq "MSWin32", Win32::Console::ANSI;
use Term::ANSIColor;
use Getopt::Long;
use LWP;
use LWP::UserAgent;
use LWP::Simple;
use Cwd;
$mepath = Cwd::realpath($0); $mepath =~ s#/[^/\\]*$##;
$SIG{INT} = \&interrupt;
sub interrupt {
fprint("\nShutting Down , Interrupt by user");
do "$mepath/core/report.pl";
print color("reset");
exit 0;
}
do "$mepath/core/header.pl";
do "$mepath/core/main.pl";
do "$mepath/modules/waf_detector.pl";
do "$mepath/exploit/jckeditor.pl";
do "$mepath/core/ver.pl";
do "$mepath/exploit/verexploit.pl";
do "$mepath/exploit/com_lfd.pl";
do "$mepath/modules/pathdisclure.pl";
do "$mepath/modules/debugmode.pl";
do "$mepath/modules/dirlisting.pl";
do "$mepath/modules/missconfig.pl";
do "$mepath/modules/cpfinder.pl";
do "$mepath/modules/robots.pl";
do "$mepath/modules/backupfinder.pl";
do "$mepath/modules/errfinder.pl";
do "$mepath/modules/reg.pl";
do "$mepath/modules/configfinder.pl";
do "$mepath/exploit/components.pl" if($components==1);

do "$mepath/core/report.pl";
print color("reset");
#!/usr/bin/perl
#
# --------------------------------------------------
# OWASP JoomScan
# --------------------------------------------------
# Copyright (C) <2018>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#


$author="Mohammad Reza Espargham , Ali Razmjoo";$author.="";
$version="0.0.7";$version.="";
$codename="Self Challenge";$codename.="";
$update="2018/09/23";$update.="";
$mmm=0;

system(($^O eq 'MSWin32') ? 'cls' : 'clear');
use if $^O eq "MSWin32", Win32::Console::ANSI;
use Term::ANSIColor;
use Getopt::Long;
use LWP;
use LWP::UserAgent;
use LWP::Simple;
use Cwd;
$mepath = Cwd::realpath($0); $mepath =~ s#/[^/\\]*$##;
$SIG{INT} = \&interrupt;
sub interrupt {
fprint("\nShutting Down , Interrupt by user");
do "$mepath/core/report.pl" if($noreport!=1);
print color("reset");
exit 0;
}

do "$mepath/core/header.pl";

if ($urlfile) {
open(my $ufh, '<:encoding(UTF-8)', $urlfile)
or die "Could not open file '$urlfile' $!";

while (my $row = <$ufh>) {
chomp $row;
$target = $row;
run_checks(0);
}
} else {
run_checks(0);
}

sub run_checks {
do "$mepath/core/main.pl";
do "$mepath/modules/waf_detector.pl" if($jversion!=1);
do "$mepath/exploit/jckeditor.pl"if($jversion!=1);
do "$mepath/core/ver.pl";
do "$mepath/exploit/verexploit.pl" if($jversion!=1);
do "$mepath/exploit/com_lfd.pl" if($jversion!=1);
do "$mepath/modules/pathdisclure.pl" if($jversion!=1);
do "$mepath/modules/debugmode.pl" if($jversion!=1);
do "$mepath/modules/dirlisting.pl" if($jversion!=1);
do "$mepath/modules/missconfig.pl" if($jversion!=1);
do "$mepath/modules/cpfinder.pl" if($jversion!=1);
do "$mepath/modules/robots.pl" if($jversion!=1);
do "$mepath/modules/backupfinder.pl" if($jversion!=1);
do "$mepath/modules/errfinder.pl" if($jversion!=1);
do "$mepath/modules/reg.pl" if($jversion!=1);
do "$mepath/modules/configfinder.pl" if($jversion!=1);
do "$mepath/exploit/components.pl" if($components==1);

do "$mepath/core/report.pl" if($noreport!=1);
print color("reset");
}

116 changes: 116 additions & 0 deletions main.pl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
#!/usr/bin/perl

use utf8;
use open ':std', ':encoding(UTF-8)';
use Term::ANSIColor;

my $can_regexp=1;
eval "use Regexp::Common \"URI\"";
if($@) { $can_regexp=0; }

$ua = LWP::UserAgent->new();
$ua->protocols_allowed( [ 'http' ] );
if($target =~ /^https:\/\//) {
my $can_https=1;
eval "use LWP::Protocol::https";
if($@) { $can_https=0; }

if ($can_https) {
$ua->ssl_opts( 'verify_hostname' => 0 );
push @{ $ua->protocols_allowed }, 'https';
} else {
print color("red");
print "[+] Target uses HTTPS, but module LWP::Protocol::https is not available!\n\n";
print color("reset");
if (!$urlfile) {exit (1);} else {next;}
}
}

print color("blue");

$timeout = $timeout || 60;
$ua->timeout($timeout);

@weekday = ("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday");
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();;
$year = $year + 1900;
$mon += 1;
$stime="$year-$mon-$mday $hour:$min:$sec $weekday[$wday]";


@uagnt=('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5'
,'Googlebot/2.1 ( http://www.googlebot.com/bot.html)'
,'Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Ubuntu/10.04 Chromium/9.0.595.0 Chrome/9.0.595.0 Safari/534.13'
,'Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; .NET CLR 2.0.50727)'
,'Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51'
,'Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/webcrawler.html) Gecko/2008032620'
,'Debian APT-HTTP/1.3 (0.8.10.3)'
,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)'
,'Googlebot/2.1 (+http://www.googlebot.com/bot.html)'
,'Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)'
,'YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)'
,'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)'
,'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)'
,'msnbot/1.1 (+http://search.msn.com/msnbot.htm)'
);

$agent = $agent || 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5';

$agent = $uagnt[ rand @uagnt ] if($randomagent==1);

$ua->agent($agent);

if($proxy!=1){
if($proxy =~ /^https?/ or $proxy =~ /^socks?/ or $proxy =~ /^ftp/){
$ua->proxy([qw(http https)] => $proxy);
}
}

$ua->cookie_jar({}) if($cookie!=1);
$ua->default_header('Cookie'=> "$cookie") if($cookie!=1);


our @dlog;our @tflog;

our $log="";
sub dprint{
my ($in) = @_;
$in =~ s/\/\//\//g;
$in =~ s/http:\//http:\/\//g;
$in =~ s/https:\//https:\/\//g;
$#dlog++;
$dlog[$#dlog]=$in;
$in="\n[+] $in\n";
$log .= $in;
print color("blue");
print "$in";
}
sub tprint{
my ($in) = @_;
$in =~ s/\/\//\//g;
$in =~ s/http:\//http:\/\//g;
$in =~ s/https:\//https:\/\//g;
$#tflog++;
$tflog[$#tflog]=$in;
$in="[++] $in\n";
$log .= $in;
print color("yellow");
print "$in";
print color("blue");
}
sub fprint{
my ($in) = @_;
$in =~ s/\/\//\//g;
$in =~ s/http:\//http:\/\//g;
$in =~ s/https:\//https:\/\//g;
$#tflog++;
$tflog[$#tflog]="1337false$in";
$in="[++] $in\n";
$log .= $in;
print color("red");
print "$in";
print color("blue");
}

print color("blue");
print "Processing $target ...\n\n\n";
Loading

0 comments on commit 9225b3a

Please sign in to comment.