Added code to disable threading when debugging.

Fixed a bug in the namechk module. Updated the GHDB.
lanmaster53 · Sep 19, 2015 · 131c609 · 131c609
1 parent 55c604b
commit 131c609
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 2 deletions.
diff --git a/VERSION b/VERSION
@@ -1,4 +1,4 @@
-__version__ = '4.7.0'
+__version__ = '4.7.1'
 
 # ex. x.y.z
 # x - Incremented for changes requiring migration. (major revision)

diff --git a/data/ghdb.json b/data/ghdb.json
@@ -28662,5 +28662,13 @@
         "querystring": "http://www.google.com/search?q=inurl:\"default.php\" intext:\"website\" \"has been successfully installed on the server!\"", 
         "shortDescription": "inurl:\"default.php\" intext:\"website\" \"has been successfully installed on the server!\"", 
         "textualDescription": "Dork=\u00a0inurl:\"default.php\" intext:\"website\" \"has been successfully installed on the server!\"\nDetails:\u00a0Here is a list of files and directories in your public_html folder, it bypass directory-listening restriction.\n\nSilent_z3r0Pakistan Cyber Army"
+    }, 
+    {
+        "signatureReferenceNumber": "4083", 
+        "link": "https://www.exploit-db.com/ghdb/4083/", 
+        "category": "Files containing juicy info", 
+        "querystring": "http://www.google.com/search?q=site:ws.kik.com | site:ws2.kik.com k=", 
+        "shortDescription": "site:ws.kik.com | site:ws2.kik.com k=", 
+        "textualDescription": "Google Dork: site:ws.kik.com | site:ws2.kik.com k=\nDate: September 16th, 2015\nExploit Author: Matthew Blankenship\nDescription: Shows usernames, emails, and verification tokens for kik messenger accounts."
     }
 ]
diff --git a/modules/recon/profiles-profiles/namechk.py b/modules/recon/profiles-profiles/namechk.py
@@ -34,7 +34,7 @@ def module_run(self, usernames):
         token = ''.join([x.value for x in resp.cookiejar if x.name=='token'])
         # reset url for site requests
         url = 'https://namechk.com/availability/%s'
-        payload = {'z': token}
+        payload = {'x': token}
         # required header for site requests
         headers = {'X-Requested-With': 'XMLHttpRequest', 'Accept': 'application/json'}
         for username in usernames:

diff --git a/recon/mixins/threads.py b/recon/mixins/threads.py
@@ -31,6 +31,13 @@ def _thread_wrapper(self, *args):
     # the likelihood of encountering the race condition.
 
     def thread(self, *args):
+        # disable threading in debug mode
+        if self._global_options['debug']:
+            # call the thread method in serial for each input
+            for item in args[0]:
+                self.module_thread(item, *args[1:])
+            return
+        # begin threading code
         thread_count = self._global_options['threads']
         self.stopped = threading.Event()
         self.exc_info = None