renew

alpha1e0 · Dec 24, 2015 · e6b34f2 · e6b34f2
1 parent e990094
commit e6b34f2
Show file tree

Hide file tree

Showing 14 changed files with 162 additions and 144 deletions.
diff --git a/directory/cms/cms_config.txt → directory/cms/cms_config_file.txt b/directory/cms/cms_config.txt → directory/cms/cms_config_file.txt
diff --git a/directory/cms/else/cms_identify.txt → directory/cms/cms_fingerprint.txt b/directory/cms/else/cms_identify.txt → directory/cms/cms_fingerprint.txt
@@ -1,4 +1,4 @@
-/** CMS Identify v1.0
+/** CMS fingerprint v1.0
 /** format: cmsname option url pattern
 /** option: '+': must have, '-': can have
 

diff --git a/directory/cms/convert.py b/directory/cms/convert.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+# coding: UTF-8
+
+'''
+Pentestdb, a database for penetration test.
+Copyright (c) 2014-2015 alpha1e0
+====================================================================================================
+This script convert 'cms_fingerprint.txt' to json format file 'cms_fingerprint.json'.
+The 'pen.py cms' subcommand will use 'cms_fingerprint.json' to identify the cms type.
+'''
+
+
+import json
+from collections import OrderedDict
+
+
+if __name__ == '__main__':
+    source = open("cms_fingerprint.txt", "r")
+    dest = open("cms_fingerprint.json", "w")    
+
+    result = OrderedDict()  
+
+    for line in source:
+        line = line.strip()
+        if line and not line.startswith("/**"):
+            l = line.split()
+            if not result.get(l[0], None):
+                result[l[0]] = []   
+
+            result[l[0]].append({"need":True if l[1]=="+" else False, "path":l[2], "pattern":None if len(l)==3 else l[3]})  
+
+    #print result
+    json.dump(result, dest, indent=4)   
+
+    source.close()
+    dest.close()
diff --git a/directory/cms/else/convert.py b/directory/cms/else/convert.py
diff --git a/pen.py b/pen.py
@@ -12,119 +12,13 @@
 import os
 import poplib
 
+from script.commons import Database, PenError, DictError, WordList
+from script.mail import getMailServers, checkMail
+
 reload(sys)
 sys.setdefaultencoding("utf-8")
 
 
-
-SMALLSIZE = 3000
-NORMALSIZE = 10000
-MAILSERVERS = { '163.com':{'server':"pop3.163.com"},
-                'qq.com':{'server':"pop.qq.com",'ssl':True,'port':995},
-                'foxmail.com':{'server':"pop.qq.com"},
-                'sina.com':{'server':"pop.sina.com"},
-                'vmeti.com':{'server':"vmeti.com"},
-                'netwayer.com':{'server':"netwayer.com"},
-                'ehanlin.com':{'server':"123.108.216.97"},
-                'sootoo.com':{'server':"mail.sootoo.com"},
-            }
-
-
-class PenError(Exception):
-    def __init__(self, errorMsg):
-        self.errorMsg = errorMsg
-
-    def __str__(self):
-        return str(self.errorMsg)
-
-
-class DictError(PenError):
-    def __str__(self):
-        return str(" ".join(["Dict error", self.errorMsg]))
-
-
-def WordList(fileName):
-    result = set()
-    if os.path.exists(fileName):
-        with open(fileName, "r") as fd:
-            for line in fd:
-                if line.strip() and not line.strip().startswith("/**"):
-                    yield line.strip()
-
-
-class Database(object):
-    def __init__(self, dbfile):
-        self.dbfile = dbfile
-        self.list = []
-        self._load()
-
-
-    def _load(self):
-        if not os.path.exists(self.dbfile):
-            return
-        try:
-            with open(self.dbfile, "r") as fd:
-                for line in fd:
-                    if line:
-                        splited = line.strip().split()
-                        self.list.append([splited[0].strip(), int(splited[1])])
-        except IOError as error:
-            print "[!] load database file error, reason:", str(error)
-
-
-    def dump(self):
-        self.list.sort(key=lambda x: x[1], reverse=True)
-        try:
-            with open(self.dbfile, "w") as fd:
-                for line in self.list:
-                    fd.write("{0} {1}\n".format(line[0],line[1]))
-        except IOError:
-            raise DictError()
-
-
-    def generate(self, count):
-        pos = self.dbfile.find(".")
-        prefix = self.dbfile[:pos] if pos!=-1 else self.dbfile
-        wordlistFileName = prefix + "_top_" + str(count) + ".txt"
-
-        fileLen = count if count<len(self.list) else len(self.list)
-        with open(wordlistFileName, "w") as fd:
-            for i in range(fileLen):
-                fd.write(self.list[i][0]+"\n")
-
-
-    def add(self, word):
-        if not self.list:
-            self.list.append([word, 1])
-            return
-        for line in self.list:
-            if word == line[0]:
-                line[1] += 1
-                break
-        else:
-            self.list.append([word, 1])
-
-
-def checkMail(server,user,passwd,ssl=False,port=None):
-    if not port:
-        port = 995 if ssl else 110
-
-    try:
-        pop3 = poplib.POP3_SSL(server, port) if ssl else poplib.POP3(server, port)
-
-        pop3.user(user)
-        auth = pop3.pass_(passwd)
-        pop3.quit()
-    except Exception as error:
-        print "[!] chekcing {0} failed, reason:{1}".format(user, str(error))
-        return False
-
-    if "+OK" in auth:
-        return True
-    else:
-        return False
-
-
 #================================sub commands=====================================
 
 def doDictParse(args):
@@ -133,8 +27,7 @@ def doDictParse(args):
     if args.generate:
         db.generate(args.generate)
     elif args.wordlist:
-        for line in WordList(args.wordlist):
-            db.add(line.strip())
+        db.addWordlist(args.wordlist)
 
         db.dump()
 
@@ -150,6 +43,7 @@ def doGenPicShell(args):
 
 
 def doMailChecks(args):
+    mailServers = getMailServers(os.path.join("script","mail_server.json"))
     for line in WordList(args.file):
         info = line.split()
         if len(info) < 2:
@@ -158,7 +52,7 @@ def doMailChecks(args):
         passwd = info[2].strip() if len(info)==3 else info[1].strip()
 
         serverStr = user.split("@")[1].strip()
-        serverInfo = MAILSERVERS.get(serverStr, None)
+        serverInfo = mailServers.get(serverStr, None)
         server = args.server if args.server else serverInfo['server']
         if not server:
             continue
@@ -170,14 +64,16 @@ def doMailChecks(args):
 
 
 def doMailBrute(args):
+    mailServers = getMailServers(os.path.join("script","mail_server.json"))
+
     users = WordList(args.user[1:]) if args.user.startswith("@") else [args.user]
     passwords = WordList(args.passwd[1:]) if args.passwd.startswith("@") else [args.passwd]
 
     for user in users:
         for password in passwords:
             server = user.split("@")[1].strip()
-            server = MAILSERVERS.get(server, None)
-            ssl = MAILSERVERS.get('ssl', False)
+            server = mailServers.get(server, None)
+            ssl = mailServers.get('ssl', False)
             port = server.get('port',None)
             if not server:
                 continue

diff --git a/script/__init__.pyc b/script/__init__.pyc
diff --git a/script/cms.py b/script/cms.py
@@ -9,9 +9,40 @@
 
 import os
 import json
+import requests as http
 
 
 class CMSIdentify(object):
-    def __init__(self, fingerprintFile=None):
-        self.fpfile = fingerprintFile if fingerprintFile else os.path.join("directory","cms","cms_identify.json")
-        pass
+    def __init__(self, baseURL, fingerprintFile=None, verbose=False):
+        self.baseURL = baseURL.rstrip("/")
+        self.verbose = verbose
+
+        self.fpfile = fingerprintFile if fingerprintFile else os.path.join("script","cms_fingerprint.json")
+        self.fp = json.load(open(self.fpfile, "r"))
+
+
+    def checkPath(self, path):
+        url = self.baseURL + path
+        try:
+            response = http.get(url)
+        except http.exceptions.ConnectionError as error:
+            if self.verbose: print "[!]: check '{0}' failed, connection failed".format(url)
+            return False
+
+        if response.status_code == 200:
+            if self.verbose: print "[+]: check '{0}' success, status code 200.".format(url)
+            return True
+        else:
+            if self.verbose: print "[+]: check '{0}' failed, status code {1}".format(url, response.status_code)
+            return False
+
+
+    def checkCMS(self, cmstype, cmsfp):
+        pass
+
+
+    def identify(self):
+        for key,value in self.fp.iteritems():
+            if self.checkCMS(key, value)
+        else:
+            print "[-]: CMS identify failed!"
diff --git a/directory/cms/cms_identify.json → script/cms_fingerprint.json b/directory/cms/cms_identify.json → script/cms_fingerprint.json
diff --git a/script/commons.py b/script/commons.py
@@ -7,6 +7,9 @@
 '''
 
 
+import os
+
+
 class PenError(Exception):
     def __init__(self, errorMsg):
         self.errorMsg = errorMsg
@@ -70,7 +73,7 @@ def generate(self, count):
                 fd.write(self.list[i][0]+"\n")
 
 
-    def add(self, word):
+    def addWord(self, word):
         if not self.list:
             self.list.append([word, 1])
             return
@@ -79,4 +82,9 @@ def add(self, word):
                 line[1] += 1
                 break
         else:
-            self.list.append([word, 1])
+            self.list.append([word, 1])
+
+
+    def addWordlist(self, dictFile):
+        for line in WordList(dictFile):
+            self.addWord(line.strip())
diff --git a/script/commons.pyc b/script/commons.pyc
diff --git a/script/mail.py b/script/mail.py
@@ -0,0 +1,35 @@
+#!/usr/local/env python
+#coding: UTF-8
+
+'''
+Pentestdb, a database for penetration test.
+Copyright (c) 2014-2015 alpha1e0
+'''
+
+
+import json
+import poplib
+
+
+def getMailServers(mailServersFile):
+    return json.load(open(mailServersFile,"r"))
+
+
+def checkMail(server,user,passwd,ssl=False,port=None):
+    if not port:
+        port = 995 if ssl else 110
+
+    try:
+        pop3 = poplib.POP3_SSL(server, port) if ssl else poplib.POP3(server, port)
+
+        pop3.user(user)
+        auth = pop3.pass_(passwd)
+        pop3.quit()
+    except Exception as error:
+        print "[!] chekcing {0} failed, reason:{1}".format(user, str(error))
+        return False
+
+    if "+OK" in auth:
+        return True
+    else:
+        return False
diff --git a/script/mail.pyc b/script/mail.pyc
diff --git a/script/mail_server.json b/script/mail_server.json
@@ -0,0 +1,16 @@
+{
+    "qq.com": {
+        "ssl": true, 
+        "port": 995, 
+        "server": "pop.qq.com"
+    }, 
+    "163.com": {
+        "server": "pop3.163.com"
+    }, 
+    "sina.com": {
+        "server": "pop.sina.com"
+    }, 
+    "foxmail.com": {
+        "server": "pop.qq.com"
+    }
+}
diff --git a/test.py b/test.py
@@ -0,0 +1,20 @@
+
+from collections import OrderedDict
+import json
+
+MAILSERVERS = { '163.com':{'server':"pop3.163.com"},
+                'qq.com':{'server':"pop.qq.com",'ssl':True,'port':995},
+                'foxmail.com':{'server':"pop.qq.com"},
+                'sina.com':{'server':"pop.sina.com"},
+                'vmeti.com':{'server':"vmeti.com"},
+                'netwayer.com':{'server':"netwayer.com"},
+                'ehanlin.com':{'server':"123.108.216.97"},
+                'sootoo.com':{'server':"mail.sootoo.com"},
+            }
+
+
+mails = OrderedDict(MAILSERVERS)
+
+dest = open("mail_server.json", "w")
+
+json.dump(mails, dest, indent=4)