diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2a9fe83
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.DS_Store
+DB Passwords
\ No newline at end of file
diff --git a/ChromeExtension/background.html b/ChromeExtension/background.html
new file mode 100644
index 0000000..0a8dd59
--- /dev/null
+++ b/ChromeExtension/background.html
@@ -0,0 +1,315 @@
+
+
+
+
+
+
diff --git a/ChromeExtension/contentscript.js b/ChromeExtension/contentscript.js
new file mode 100644
index 0000000..4c0dbe9
--- /dev/null
+++ b/ChromeExtension/contentscript.js
@@ -0,0 +1,3 @@
+var loc = window.location;
+
+chrome.extension.sendRequest(loc);
\ No newline at end of file
diff --git a/ChromeExtension/crosshair.png b/ChromeExtension/crosshair.png
new file mode 100644
index 0000000..e2e2cf4
Binary files /dev/null and b/ChromeExtension/crosshair.png differ
diff --git a/ChromeExtension/icon.png b/ChromeExtension/icon.png
new file mode 100644
index 0000000..67d75a6
Binary files /dev/null and b/ChromeExtension/icon.png differ
diff --git a/ChromeExtension/lib/jquery.js b/ChromeExtension/lib/jquery.js
new file mode 100644
index 0000000..628ed9b
--- /dev/null
+++ b/ChromeExtension/lib/jquery.js
@@ -0,0 +1,4 @@
+/*! jQuery v1.6.4 http://jquery.com/ | http://jquery.org/license */
+(function(a,b){function cu(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cr(a){if(!cg[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"":"")+""),ci.close();d=ci.createElement(a),ci.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ch)}cg[a]=e}return cg[a]}function cq(a,b){var c={};f.each(cm.concat.apply([],cm.slice(0,b)),function(){c[this]=a});return c}function cp(){cn=b}function co(){setTimeout(cp,0);return cn=f.now()}function cf(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ce(){try{return new a.XMLHttpRequest}catch(b){}}function b$(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){c!=="border"&&f.each(e,function(){c||(d-=parseFloat(f.css(a,"padding"+this))||0),c==="margin"?d+=parseFloat(f.css(a,c+this))||0:d-=parseFloat(f.css(a,"border"+this+"Width"))||0});return d+"px"}d=bv(a,b,b);if(d<0||d==null)d=a.style[b]||0;d=parseFloat(d)||0,c&&f.each(e,function(){d+=parseFloat(f.css(a,"padding"+this))||0,c!=="padding"&&(d+=parseFloat(f.css(a,"border"+this+"Width"))||0),c==="margin"&&(d+=parseFloat(f.css(a,c+this))||0)});return d+"px"}function bl(a,b){b.src?f.ajax({url:b.src,async:!1,dataType:"script"}):f.globalEval((b.text||b.textContent||b.innerHTML||"").replace(bd,"/*$0*/")),b.parentNode&&b.parentNode.removeChild(b)}function bk(a){f.nodeName(a,"input")?bj(a):"getElementsByTagName"in a&&f.grep(a.getElementsByTagName("input"),bj)}function bj(a){if(a.type==="checkbox"||a.type==="radio")a.defaultChecked=a.checked}function bi(a){return"getElementsByTagName"in a?a.getElementsByTagName("*"):"querySelectorAll"in a?a.querySelectorAll("*"):[]}function bh(a,b){var c;if(b.nodeType===1){b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase();if(c==="object")b.outerHTML=a.outerHTML;else if(c!=="input"||a.type!=="checkbox"&&a.type!=="radio"){if(c==="option")b.selected=a.defaultSelected;else if(c==="input"||c==="textarea")b.defaultValue=a.defaultValue}else a.checked&&(b.defaultChecked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value);b.removeAttribute(f.expando)}}function bg(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c=f.expando,d=f.data(a),e=f.data(b,d);if(d=d[c]){var g=d.events;e=e[c]=f.extend({},d);if(g){delete e.handle,e.events={};for(var h in g)for(var i=0,j=g[h].length;i=0===c})}function U(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function M(a,b){return(a&&a!=="*"?a+".":"")+b.replace(y,"`").replace(z,"&")}function L(a){var b,c,d,e,g,h,i,j,k,l,m,n,o,p=[],q=[],r=f._data(this,"events");if(!(a.liveFired===this||!r||!r.live||a.target.disabled||a.button&&a.type==="click")){a.namespace&&(n=new RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)")),a.liveFired=this;var s=r.live.slice(0);for(i=0;ic)break;a.currentTarget=e.elem,a.data=e.handleObj.data,a.handleObj=e.handleObj,o=e.handleObj.origHandler.apply(e.elem,arguments);if(o===!1||a.isPropagationStopped()){c=e.level,o===!1&&(b=!1);if(a.isImmediatePropagationStopped())break}}return b}}function J(a,c,d){var e=f.extend({},d[0]);e.type=a,e.originalEvent={},e.liveFired=b,f.event.handle.call(c,e),e.isDefaultPrevented()&&d[0].preventDefault()}function D(){return!0}function C(){return!1}function m(a,c,d){var e=c+"defer",g=c+"queue",h=c+"mark",i=f.data(a,e,b,!0);i&&(d==="queue"||!f.data(a,g,b,!0))&&(d==="mark"||!f.data(a,h,b,!0))&&setTimeout(function(){!f.data(a,g,b,!0)&&!f.data(a,h,b,!0)&&(f.removeData(a,e,!0),i.resolve())},0)}function l(a){for(var b in a)if(b!=="toJSON")return!1;return!0}function k(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(j,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNaN(d)?i.test(d)?f.parseJSON(d):d:parseFloat(d)}catch(g){}f.data(a,c,d)}else d=b}return d}var c=a.document,d=a.navigator,e=a.location,f=function(){function K(){if(!e.isReady){try{c.documentElement.doScroll("left")}catch(a){setTimeout(K,1);return}e.ready()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/\d/,n=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,o=/^[\],:{}\s]*$/,p=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,q=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,r=/(?:^|:|,)(?:\s*\[)+/g,s=/(webkit)[ \/]([\w.]+)/,t=/(opera)(?:.*version)?[ \/]([\w.]+)/,u=/(msie) ([\w.]+)/,v=/(mozilla)(?:.*? rv:([\w.]+))?/,w=/-([a-z]|[0-9])/ig,x=/^-ms-/,y=function(a,b){return(b+"").toUpperCase()},z=d.userAgent,A,B,C,D=Object.prototype.toString,E=Object.prototype.hasOwnProperty,F=Array.prototype.push,G=Array.prototype.slice,H=String.prototype.trim,I=Array.prototype.indexOf,J={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=n.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.6.4",length:0,size:function(){return this.length},toArray:function(){return G.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?F.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),B.done(a);return this},eq:function(a){return a===-1?this.slice(a):this.slice(a,+a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(G.apply(this,arguments),"slice",G.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:F,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;B.resolveWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").unbind("ready")}},bindReady:function(){if(!B){B=e._Deferred();if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",C,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",C),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&K()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNaN:function(a){return a==null||!m.test(a)||isNaN(a)},type:function(a){return a==null?String(a):J[D.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!E.call(a,"constructor")&&!E.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||E.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw a},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(o.test(b.replace(p,"@").replace(q,"]").replace(r,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(x,"ms-").replace(w,y)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?h.call(arguments,0):c,--e||g.resolveWith(g,h.call(b,0))}}var b=arguments,c=0,d=b.length,e=d,g=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred();if(d>1){for(;c
a",d=a.getElementsByTagName("*"),e=a.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=a.getElementsByTagName("input")[0],k={leadingWhitespace:a.firstChild.nodeType===3,tbody:!a.getElementsByTagName("tbody").length,htmlSerialize:!!a.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55$/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:a.className!=="t",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,k.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,k.optDisabled=!h.disabled;try{delete a.test}catch(v){k.deleteExpando=!1}!a.addEventListener&&a.attachEvent&&a.fireEvent&&(a.attachEvent("onclick",function(){k.noCloneEvent=!1}),a.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),k.radioValue=i.value==="t",i.setAttribute("checked","checked"),a.appendChild(i),l=c.createDocumentFragment(),l.appendChild(a.firstChild),k.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,a.innerHTML="",a.style.width=a.style.paddingLeft="1px",m=c.getElementsByTagName("body")[0],o=c.createElement(m?"div":"body"),p={visibility:"hidden",width:0,height:0,border:0,margin:0,background:"none"},m&&f.extend(p,{position:"absolute",left:"-1000px",top:"-1000px"});for(t in p)o.style[t]=p[t];o.appendChild(a),n=m||b,n.insertBefore(o,n.firstChild),k.appendChecked=i.checked,k.boxModel=a.offsetWidth===2,"zoom"in a.style&&(a.style.display="inline",a.style.zoom=1,k.inlineBlockNeedsLayout=a.offsetWidth===2,a.style.display="",a.innerHTML="",k.shrinkWrapBlocks=a.offsetWidth!==2),a.innerHTML="
+
+
\ No newline at end of file
diff --git a/ChromeExtension/manifest.json b/ChromeExtension/manifest.json
new file mode 100644
index 0000000..a895cc1
--- /dev/null
+++ b/ChromeExtension/manifest.json
@@ -0,0 +1,24 @@
+{
+ "name": "CMSpionage",
+ "version": "1.0",
+ "description": "The first extension I've made.",
+ "browser_action": {
+ "default_icon": "icon.png"
+ },
+ "background_page": "background.html",
+ "options_page": "options.html",
+ "content_scripts": [
+ {
+ "matches": ["http://*/*", "https://*/*"],
+ "js": ["contentscript.js"]
+ }
+ ],
+ "permissions": [
+ "tabs",
+ "unlimitedStorage",
+ "chrome://favicon/",
+ "notifications",
+ "http://*/*",
+ "https://*/*"
+ ]
+}
\ No newline at end of file
diff --git a/ChromeExtension/options.html b/ChromeExtension/options.html
new file mode 100644
index 0000000..53e54b1
--- /dev/null
+++ b/ChromeExtension/options.html
@@ -0,0 +1,16 @@
+
+
+
+
+
+
+
CMSpionage
+ Test top 1 million sites
+
+
\ No newline at end of file
diff --git a/ChromeExtension/sites.txt b/ChromeExtension/sites.txt
new file mode 120000
index 0000000..5302d6f
--- /dev/null
+++ b/ChromeExtension/sites.txt
@@ -0,0 +1 @@
+../sites.txt
\ No newline at end of file
diff --git a/MIT-LICENSE.txt b/MIT-LICENSE.txt
new file mode 100644
index 0000000..74d5d47
--- /dev/null
+++ b/MIT-LICENSE.txt
@@ -0,0 +1,7 @@
+Copyright (c) 2011 Feross Aboukhadijeh
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/NodeJS/.gitignore b/NodeJS/.gitignore
new file mode 100644
index 0000000..f4b667a
--- /dev/null
+++ b/NodeJS/.gitignore
@@ -0,0 +1,2 @@
+node_modules
+results
\ No newline at end of file
diff --git a/NodeJS/cmsploit.coffee b/NodeJS/cmsploit.coffee
new file mode 100644
index 0000000..f996210
--- /dev/null
+++ b/NodeJS/cmsploit.coffee
@@ -0,0 +1,274 @@
+http = require('http')
+fs = require('fs')
+path = require('path')
+$ = require('jquery')
+jsdom = require("jsdom")
+
+jsdom.defaultDocumentFeatures =
+ FetchExternalResources : false
+ ProcessExternalResources : false
+ MutationEvents : false
+ QuerySelector : false
+
+settings =
+ windows: false # search for windows temp files (. -> _) (2x slower)
+ swapFiles: false # search for swap files (less useful) (2x slower)
+ verbose: false # prints lots of debug messages
+ maxUrlsPerHost: 10 # how many subdomains and subfolders to try per host
+ numHosts: 30 # how many
+
+ configFiles: [
+ 'config.php' # phpBB, ExpressionEngine
+ 'configuration.php' # Joomla
+ # 'LocalSettings.php' # MediaWiki
+ # 'mt-config.cgi' # Movable Type
+ # 'mt-static/mt-config.cgi' # Movable Type
+ # 'settings.php' # Drupal
+ # 'system/config/config.php' # Contao
+ 'wp-config.php' # Wordpress
+ ]
+
+ # Temp file prefix/suffix is represented by array, where arr[0] is
+ # prefix and arr[1] is suffix.
+ tempExtensions: [
+ # ['', '.save'] # Nano crash file
+ # ['', '.save.1'] # Nano crash file (only saved sometimes)
+ # ['', '.save.2'] # Nano crash file (only saved sometimes)
+ ['%23', '%23'] # Emacs crash file (%23 is urlencoded hash (#))
+ ['', '~'] # Vim backup file and Gedit crash file
+ ['', '.bak'] # Common backup file extension
+ ['', '.old'] # Common backup file extension
+ ]
+
+ # Swap files only contain changes since the last save. Could be useful.
+ swapExtensions: [
+ ['', '.swp'] # Vim
+ ['', '.swo'] # Vim
+ ['.', '.swp'] # Vim (on unix)
+ ['.', '.swp'] # Vim (on unix)
+ ['._', ''] # Mac OS X resource fork file (maybe useful)
+ ]
+
+ # No config file should contain any of these strings
+ # Note: These should be all lowercase
+ nonConfig: [
+ '
+ formats = []
+ $.merge formats, settings.tempExtensions
+ if settings.swapFiles
+ $.merge formats, settings.swapExtensions
+
+ ret = []
+ for format in formats
+ for file in settings.configFiles
+ ret.push format[0] + file + format[1]
+
+ # On windows, vim replaces dots with underscores
+ if settings.windows
+ ret.push file.replace(/\./gi, '_')
+ return ret
+
+
+# Test a given hostname (ex: feross.org) for publicly-visible
+# CMS configuration files.
+testHost = (host, callback) ->
+ settings.verbose and console.log '--------------------------'
+ console.log host
+ settings.verbose and console.log '--------------------------'
+ re = new RegExp "^https?://(?:([0-9a-z.-]+)\.)?" + host.replace('.', '\.') +
+ "/([0-9a-z.~*+,_@!$'()\[\\]\-]+)", "i"
+ objectLength = (obj) ->
+ size = 0
+ for key of obj
+ if obj.hasOwnProperty key then size += 1
+ return size
+
+ urls = {}
+ addUrl = (location) ->
+ if location.path?.length
+ if location.path.indexOf(location.path.length-1) != '/'
+ location.path += '/'
+ else
+ location.path = ''
+
+ if location.subdomain?.length
+ location.subdomain = location.subdomain + '.'
+ else
+ location.subdomain = ''
+
+ key = location.subdomain + location.host + '/' + location.path
+
+ # Don't add both www and non-www versions of the same URL
+ if location.subdomain != ''
+ if location.subdomain == 'www.'
+ return if urls[key.substring(0, 4)]?
+ else
+ return if urls['www.' + key]?
+
+ urls[key] = location
+
+ # We've already searched the root of sites
+ # addUrl host: host
+ # addUrl host: "www.#{host}"
+
+ testUrls = ->
+ locs = []
+ for url, loc of urls
+ locs.push loc
+
+ i = 0
+ testNextUrl = ->
+ if i >= locs.length
+ done && console.log "done with #{host}"
+ callback?()
+ return
+
+ loc = locs[i]
+ settings.verbose && console.log loc
+ i += 1
+ testUrl loc.subdomain + loc.host, loc.path, ->
+ process.nextTick testNextUrl
+
+ testNextUrl()
+
+ try
+ jsdom.env "http://#{host}", (errors, window) ->
+ console.log errors if errors
+ redirectToWWW = /^www\./.exec(window?.location?.hostname)?
+
+ # find urls to test for this host
+ hrefs = (tag.href for tag in window?.document.getElementsByTagName('a'))
+ for href in hrefs
+ if objectLength(urls) >= settings.maxUrlsPerHost then break
+
+ if (result = re.exec(href))?
+ # subdomains
+ subdomain = undefined
+ if (subdomain = result[1])?
+ addUrl
+ subdomain: subdomain
+ host: host
+
+ # subfolders
+ if (path = result[2])? and path.indexOf('.') == -1
+ addUrl
+ subdomain: subdomain ? if redirectToWWW then 'www' else ''
+ host: host
+ path: path
+
+ testUrls()
+
+ catch error
+ settings.verbose && console.log "CAUGHT JSDOM EXCEPTION: #{host} - #{error}"
+ testUrls()
+
+
+testUrl = (host, path, callback) ->
+ get = (options, callback) ->
+ options.port ?= 80
+ options.headers =
+ 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2'
+ http.get(options, (res) ->
+ data = ''
+ res.on 'data', (chunk) ->
+ data += chunk
+ res.on 'end', ->
+ callback?(res, data)
+
+ ).on('error', (e) ->
+ console.log('Get error: ' + e.message)
+ callback?(null, null)
+ )
+
+ checkFile = (i) ->
+ if i > testFiles.length-1
+ callback?()
+ return
+
+ console.log host + '/' + path + testFiles[i]
+ get {
+ host: host
+ port: 80
+ path: '/' + path + testFiles[i]
+ }, (res, data) ->
+ if res?.statusCode == 200
+ pageHead = data.substr(0,100).toLowerCase()
+ return if pageHead.length == 0
+
+ for s in settings.nonConfig
+ return if pageHead.indexOf(s) >= 0
+
+ onFoundFile host, path + testFiles[i], data # Found file!
+
+ i += 1
+ checkFile i
+
+ checkFile 0
+
+
+onFoundFile = (host, path, data) ->
+ fs.writeFileSync 'results/'+host+'__'+path, data
+ console.log '=============================='
+ console.log ' FILE FOUND!!! ' + host + '/' + path
+ console.log '=============================='
+
+
+done = false
+main = do ->
+ sites = fs.readFileSync 'sites.txt'
+ re = /(\d+)\t(.+)/g
+
+ if !path.existsSync 'results'
+ fs.mkdirSync 'results', 0755
+
+ # We track the number of the last site we tested, so that if we restart
+ # the program for some reason, we can skip all the sites we already tested.
+ if path.existsSync 'results/lastNum.txt'
+ lastNum = +fs.readFileSync 'results/lastNum.txt'
+
+ # Skip sites we've already tested
+ while (result = re.exec(sites)) != null
+ num = +result[1]
+ break if num == lastNum
+
+ else
+ lastNum = 0
+
+ testNextSite = ->
+ if (result = re.exec(sites)) == null or done
+ return
+
+ num = result[1]
+ host = result[2]
+
+ fs.writeFileSync 'results/lastNum.txt', num
+
+ testHost host, -> process.nextTick testNextSite
+
+ process.addListener "uncaughtException", (err) ->
+ console.log "Uncaught exception: " + err
+ console.trace()
+ process.nextTick testNextSite
+
+ # process.on 'SIGINT', ->
+ # if done
+ # console.warn 'FORCE QUITTING...'
+ # process.exit(1) # force quit
+ # done = true
+ # console.warn 'Got SIGINT. Shutting down... please wait.'
+ # console.warn 'Press Control-C again to exit immediately.'
+
+ for i in [0...settings.numHosts]
+ process.nextTick testNextSite
+
+
+# testHost 'freetheflash.com'
+
diff --git a/NodeJS/sites.txt b/NodeJS/sites.txt
new file mode 120000
index 0000000..5302d6f
--- /dev/null
+++ b/NodeJS/sites.txt
@@ -0,0 +1 @@
+../sites.txt
\ No newline at end of file
diff --git a/PhantomJS/.gitignore b/PhantomJS/.gitignore
new file mode 100644
index 0000000..484ab7e
--- /dev/null
+++ b/PhantomJS/.gitignore
@@ -0,0 +1 @@
+results/*
diff --git a/PhantomJS/cmsploit.js b/PhantomJS/cmsploit.js
new file mode 100644
index 0000000..7a7c6ca
--- /dev/null
+++ b/PhantomJS/cmsploit.js
@@ -0,0 +1,170 @@
+/* TODO
+ - Search in subdomains and subfolders for CMSes
+*/
+
+phantom.injectJs('lib/jquery.js');
+phantom.injectJs('util.inc.js');
+phantom.injectJs('settings.inc.js');
+
+var fs = require('fs');
+
+/**
+ * Build up an array of all file names to test for.
+ */
+function allTestFiles() {
+ var ret = [];
+
+ var tempFileFormats = $.merge([], backupFileFormat); // clone array
+ if (settings.swapFiles) {
+ $.merge(tempFileFormats, swapFileFormat); // merge arrays
+ }
+
+ $.each(configFiles, function(i, configFile) {
+ $.each(tempFileFormats, function(i, tempFormat) {
+ var file = tempFormat[0] + configFile + tempFormat[1];
+ ret.push(file);
+
+ // On windows, vim replaces dots with underscores in backup file.
+ if (settings.windows) {
+ var windowsFile = file.replace(/\./gi, '_');
+ ret.push(windowsFile);
+ }
+ });
+ });
+
+ return ret;
+}
+var testFiles = allTestFiles();
+
+/**
+ * Test a given hostname (ex: feross.org) for publicly-visible
+ * CMS configuration files.
+ */
+function testHostname(hostname, callback) {
+ if (!hostname) {
+ callback && callback();
+ return;
+ }
+ var origin = 'http://'+hostname+'/';
+
+ var notFoundPages = [];
+
+ function checkFile(i) {
+ if (i > testFiles.length - 1) {
+ callback && callback();
+ return;
+ };
+
+ var url = origin + testFiles[i];
+ $.ajax({
+ url: url,
+ success: function(data, textStatus, jqXHR) {
+ // Data looks the same as a Not Found page, so ignore it
+ var notFound;
+ $.each(notFoundPages, function(i, notFoundPage) {
+ if (data.trunc(100) == notFoundPage.trunc(100)) {
+ notFound = true;
+ }
+ });
+ if (notFound) return;
+
+ // Data that looks like an HTML page
+ var pageHead = data.trunc(100).toLowerCase();
+ if (pageHead.indexOf('").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"":"")+""),ci.close();d=ci.createElement(a),ci.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ch)}cg[a]=e}return cg[a]}function cq(a,b){var c={};f.each(cm.concat.apply([],cm.slice(0,b)),function(){c[this]=a});return c}function cp(){cn=b}function co(){setTimeout(cp,0);return cn=f.now()}function cf(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ce(){try{return new a.XMLHttpRequest}catch(b){}}function b$(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){c!=="border"&&f.each(e,function(){c||(d-=parseFloat(f.css(a,"padding"+this))||0),c==="margin"?d+=parseFloat(f.css(a,c+this))||0:d-=parseFloat(f.css(a,"border"+this+"Width"))||0});return d+"px"}d=bv(a,b,b);if(d<0||d==null)d=a.style[b]||0;d=parseFloat(d)||0,c&&f.each(e,function(){d+=parseFloat(f.css(a,"padding"+this))||0,c!=="padding"&&(d+=parseFloat(f.css(a,"border"+this+"Width"))||0),c==="margin"&&(d+=parseFloat(f.css(a,c+this))||0)});return d+"px"}function bl(a,b){b.src?f.ajax({url:b.src,async:!1,dataType:"script"}):f.globalEval((b.text||b.textContent||b.innerHTML||"").replace(bd,"/*$0*/")),b.parentNode&&b.parentNode.removeChild(b)}function bk(a){f.nodeName(a,"input")?bj(a):"getElementsByTagName"in a&&f.grep(a.getElementsByTagName("input"),bj)}function bj(a){if(a.type==="checkbox"||a.type==="radio")a.defaultChecked=a.checked}function bi(a){return"getElementsByTagName"in a?a.getElementsByTagName("*"):"querySelectorAll"in a?a.querySelectorAll("*"):[]}function bh(a,b){var c;if(b.nodeType===1){b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase();if(c==="object")b.outerHTML=a.outerHTML;else if(c!=="input"||a.type!=="checkbox"&&a.type!=="radio"){if(c==="option")b.selected=a.defaultSelected;else if(c==="input"||c==="textarea")b.defaultValue=a.defaultValue}else a.checked&&(b.defaultChecked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value);b.removeAttribute(f.expando)}}function bg(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c=f.expando,d=f.data(a),e=f.data(b,d);if(d=d[c]){var g=d.events;e=e[c]=f.extend({},d);if(g){delete e.handle,e.events={};for(var h in g)for(var i=0,j=g[h].length;i=0===c})}function U(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function M(a,b){return(a&&a!=="*"?a+".":"")+b.replace(y,"`").replace(z,"&")}function L(a){var b,c,d,e,g,h,i,j,k,l,m,n,o,p=[],q=[],r=f._data(this,"events");if(!(a.liveFired===this||!r||!r.live||a.target.disabled||a.button&&a.type==="click")){a.namespace&&(n=new RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)")),a.liveFired=this;var s=r.live.slice(0);for(i=0;ic)break;a.currentTarget=e.elem,a.data=e.handleObj.data,a.handleObj=e.handleObj,o=e.handleObj.origHandler.apply(e.elem,arguments);if(o===!1||a.isPropagationStopped()){c=e.level,o===!1&&(b=!1);if(a.isImmediatePropagationStopped())break}}return b}}function J(a,c,d){var e=f.extend({},d[0]);e.type=a,e.originalEvent={},e.liveFired=b,f.event.handle.call(c,e),e.isDefaultPrevented()&&d[0].preventDefault()}function D(){return!0}function C(){return!1}function m(a,c,d){var e=c+"defer",g=c+"queue",h=c+"mark",i=f.data(a,e,b,!0);i&&(d==="queue"||!f.data(a,g,b,!0))&&(d==="mark"||!f.data(a,h,b,!0))&&setTimeout(function(){!f.data(a,g,b,!0)&&!f.data(a,h,b,!0)&&(f.removeData(a,e,!0),i.resolve())},0)}function l(a){for(var b in a)if(b!=="toJSON")return!1;return!0}function k(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(j,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNaN(d)?i.test(d)?f.parseJSON(d):d:parseFloat(d)}catch(g){}f.data(a,c,d)}else d=b}return d}var c=a.document,d=a.navigator,e=a.location,f=function(){function K(){if(!e.isReady){try{c.documentElement.doScroll("left")}catch(a){setTimeout(K,1);return}e.ready()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/\d/,n=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,o=/^[\],:{}\s]*$/,p=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,q=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,r=/(?:^|:|,)(?:\s*\[)+/g,s=/(webkit)[ \/]([\w.]+)/,t=/(opera)(?:.*version)?[ \/]([\w.]+)/,u=/(msie) ([\w.]+)/,v=/(mozilla)(?:.*? rv:([\w.]+))?/,w=/-([a-z]|[0-9])/ig,x=/^-ms-/,y=function(a,b){return(b+"").toUpperCase()},z=d.userAgent,A,B,C,D=Object.prototype.toString,E=Object.prototype.hasOwnProperty,F=Array.prototype.push,G=Array.prototype.slice,H=String.prototype.trim,I=Array.prototype.indexOf,J={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=n.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.6.4",length:0,size:function(){return this.length},toArray:function(){return G.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?F.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),B.done(a);return this},eq:function(a){return a===-1?this.slice(a):this.slice(a,+a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(G.apply(this,arguments),"slice",G.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:F,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;B.resolveWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").unbind("ready")}},bindReady:function(){if(!B){B=e._Deferred();if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",C,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",C),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&K()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNaN:function(a){return a==null||!m.test(a)||isNaN(a)},type:function(a){return a==null?String(a):J[D.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!E.call(a,"constructor")&&!E.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||E.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw a},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(o.test(b.replace(p,"@").replace(q,"]").replace(r,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(x,"ms-").replace(w,y)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?h.call(arguments,0):c,--e||g.resolveWith(g,h.call(b,0))}}var b=arguments,c=0,d=b.length,e=d,g=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred();if(d>1){for(;c
a",d=a.getElementsByTagName("*"),e=a.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=a.getElementsByTagName("input")[0],k={leadingWhitespace:a.firstChild.nodeType===3,tbody:!a.getElementsByTagName("tbody").length,htmlSerialize:!!a.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55$/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:a.className!=="t",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,k.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,k.optDisabled=!h.disabled;try{delete a.test}catch(v){k.deleteExpando=!1}!a.addEventListener&&a.attachEvent&&a.fireEvent&&(a.attachEvent("onclick",function(){k.noCloneEvent=!1}),a.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),k.radioValue=i.value==="t",i.setAttribute("checked","checked"),a.appendChild(i),l=c.createDocumentFragment(),l.appendChild(a.firstChild),k.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,a.innerHTML="",a.style.width=a.style.paddingLeft="1px",m=c.getElementsByTagName("body")[0],o=c.createElement(m?"div":"body"),p={visibility:"hidden",width:0,height:0,border:0,margin:0,background:"none"},m&&f.extend(p,{position:"absolute",left:"-1000px",top:"-1000px"});for(t in p)o.style[t]=p[t];o.appendChild(a),n=m||b,n.insertBefore(o,n.firstChild),k.appendChecked=i.checked,k.boxModel=a.offsetWidth===2,"zoom"in a.style&&(a.style.display="inline",a.style.zoom=1,k.inlineBlockNeedsLayout=a.offsetWidth===2,a.style.display="",a.innerHTML="",k.shrinkWrapBlocks=a.offsetWidth!==2),a.innerHTML="