Core Update

Author: Tuhinshubhra

CHANGELOG

@@ -2,6 +2,8 @@ Version 1.0.5 [19-07-2018]
   - version detection for drupal added
   - fixed '/' error in url
   - added a detection method for drupal
+  - Core updated to make it smaller and faster
+  - removed multiprocessing with multithreading now cmseek runs on almost all devices
   - other minor fixes
 Version 1.0.4 [17-07-2018]
   - added joomla deep scan and version detection

cmseekdb/core.py

@@ -1,3 +1,5 @@
+## Core Rev 2, small and sexy
+
 import sys
 import os
 import http.client
@@ -31,144 +33,91 @@ def main_proc(site,cua):
             follow_redir = input('[#] Set ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln + ' as target? (y/n): ')
             if follow_redir.lower() == 'y':
                 site = init_source[3]
+    if scode == '':
+        # silly little check thought it'd come handy
+        cmseek.error('Aborting detection, source code empty')
+        return
+
     cmseek.statement("Detection Started")
-    cmseek.statement("Using headers to detect CMS (Stage 1 of 2)")
-    c1 = header.check(headers)
-    if c1[0] == "1":
-        # Do this shit later
-        cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c1[1])
-        cmseek.update_log('detection_param','header') # update log
-        cmseek.update_log('cms_id',c1[1]) # update log
-        cka = getattr(cmsdb, c1[1])
-        if cka['deeps'] != '1': # Deep Scan
-            if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
-                print('\n')
-                cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
-                cmseek.update_log('cms_name',cka['name']) # update log
-                cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
-                cmseek.update_log('cms_url',cka['url']) # update log
-            else:
-                cmseek.statement("CMS Version is detectable, detecting CMS Version")
-                ### Detect version
-                cms_version = version_detect.start(c1[1], site, cua, '1', scode)
-                print('\n')
-                cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
-                cmseek.update_log('cms_name',cka['name']) # update log
-                if cms_version != '0':
-                    cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
-                    cmseek.update_log('cms_version',cms_version) # update log
-                cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
-                cmseek.update_log('cms_url',cka['url']) # update log
-            # return
-        else:
-            advanced.start(c1[1], site, cua, '2', scode) ## The 2 suggests that generator check has not been performed
+
+    ## init variables
+    cms = '' # the cms id if detected
+    cms_detected = '0' # self explanotory
+    detection_method = '' # ^
+    ga = '0' # is generator available
+    if 'generator' in scode or 'Generator' in scode:
+        ga = '1'
+
+    cmseek.statement("Using headers to detect CMS (Stage 1 of 3)")
+    header_detection = header.check(headers)
+    if header_detection[0] == '1':
+        detection_method = 'header'
+        cms = header_detection[1]
+        cms_detected = '1'
+    if cms_detected == '0' and ga == '1':
+        # cms detection via generator
+        cmseek.statement("Using Generator meta tag to detect CMS (Stage 2 of 3)")
+        gen_detection = source.generator(scode)
+        if gen_detection[0] == '1':
+            detection_method = 'generator'
+            cms = gen_detection[1]
+            cms_detected = '1'
     else:
-        cmseek.warning('No luck with headers... Continuing with source code')
-        cmseek.statement("Checking for generator meta tag in source code")
-        if 'Generator' in scode or 'generator' in scode:
-            cmseek.success("Generator meta tag found.. Continuing with detection (2.1 of 2.2)")
-            ga = "1" ## Generator tag found .. this will come in handy later to save us some milliseconds ;)
-            c21 = source.generator(scode)
-            if c21[0] == '1':
-                cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c21[1])
-                cmseek.update_log('detection_param','generator') # update log
-                cmseek.update_log('cms_id',c21[1]) # update log
-                cka = getattr(cmsdb, c21[1])
-                if cka['deeps'] != '1': # Deep Scan not available
-                    if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
-                        print('\n')
-                        cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
-                        cmseek.update_log('cms_name',cka['name']) # update log
-                        cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
-                        cmseek.update_log('cms_url',cka['url']) # update log
-                    else:
-                        cmseek.statement("CMS Version is detectable, detecting CMS Version")
-                        ### Detect version
-                        cms_version = version_detect.start(c21[1], site, cua, '1', scode)
-                        print('\n')
-                        cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
-                        cmseek.update_log('cms_name',cka['name']) # update log
-                        if cms_version != '0':
-                            cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
-                            cmseek.update_log('cms_version',cms_version) # update log
-                        cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
-                        cmseek.update_log('cms_url',cka['url']) # update log
-                    # return
-                else:
-                    advanced.start(c21[1], site, cua, '1', scode)
-            elif c21[0] == '2': # Empty Source code
-                cmseek.error("Source code was empty... exiting CMSeek")
-                # return
-            else: ## CMS Detection unsuccessful via generator meta tag
-                cmseek.warning('Could not detect CMS from the generator meta tag, (Procceeding with scan 2.2 of 2.2)')
-                c22 = source.check(scode, site)
-                if c22[0] == '1':
-                    cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c22[1])
-                    cmseek.update_log('detection_param','source') # update log
-                    cmseek.update_log('cms_id',c22[1]) # update log
-                    cka = getattr(cmsdb, c22[1])
-                    if cka['deeps'] != '1': # Deep Scan not available
-                        if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
-                            print('\n')
-                            cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
-                            cmseek.update_log('cms_name',cka['name']) # update log
-                            cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
-                            cmseek.update_log('cms_url',cka['url']) # update log
-                        else:
-                            cmseek.statement("CMS Version is detectable, detecting CMS Version")
-                            cms_version = version_detect.start(c22[1], site, cua, '1', scode)
-                            ### Detect version
-                            print('\n')
-                            cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
-                            cmseek.update_log('cms_name',cka['name']) # update log
-                            if cms_version != '0':
-                                cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
-                                cmseek.update_log('cms_version',cms_version) # update log
-                            cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
-                            cmseek.update_log('cms_url',cka['url']) # update log
-                        return
-                    else:
-                        advanced.start(c22[1], site, cua, '1', scode)
-                elif c22[0] == '2': # Empty Source code
-                    cmseek.error("Source code was empty... exiting CMSeek")
-                    return
-                else:
-                    cmseek.error("Couldn't detect cms... :( \n    Sorry master didn't mean to dissapoint but bye for now \n    Can't handle this much disappintment \n\n")
-                    return
+        # Check cms using source code
+        cmseek.statement("Using source code to detect CMS (Stage 3 of 3)")
+        source_check = source.check(scode, site)
+        if source_check[0] == '1':
+            detection_method = 'source'
+            cms = source_check[1]
+            cms_detected = '1'
+
+    if cms_detected == '1':
+        cmseek.success('CMS Detected, CMS ID: ' + cmseek.bold + cms + cmseek.cln + ', Detection method: ' + cmseek.bold + detection_method + cmseek.cln)
+        cmseek.update_log('detection_param', detection_method)
+        cmseek.update_log('cms_id', cms) # update log
+        cmseek.statement('Getting CMS info from databse')
+        cms_info = getattr(cmsdb, cms)
+        if cms_info['deeps'] == '1':
+            # cmseek.success('Starting ' + cmseek.bold + cms_info['name'] + ' deep scan' + cmseek.cln)
+            advanced.start(cms, site, cua, ga, scode)
+            return
+        elif cms_info['vd'] == '1':
+            cmseek.success('Version detection available')
+            cms_version = version_detect.start(cms, site, cua, ga, scode)
+            cmseek.clearscreen()
+            cmseek.banner("CMS Scan Results")
+            cmseek.result('Target: ', site)
+            cmseek.result("Detected CMS: ", cms_info['name'])
+            cmseek.update_log('cms_name', cms_info['name']) # update log
+            if cms_version != '0':
+                cmseek.result("CMS Version: ", cms_version)
+                cmseek.update_log('cms_version', cms_version) # update log
+            cmseek.result("CMS URL: ", cms_info['url'])
+            cmseek.update_log('cms_url', cms_info['url']) # update log
+            return
         else:
-            cmseek.warning("Generator meta tag not found! (Procceeding with scan 2.2 of 2.2)")
-            ga = '0' ## Generator meta tag not found as i freakin said earlier this will come in handy later
-            c22 = source.check(scode, site)
-            if c22[0] == '1':
-                cmseek.success("CMS Detected, CMS ID: \"%s\" - looking up database for CMS information" % c22[1])
-                cmseek.update_log('detection_param','source') # update log
-                cmseek.update_log('cms_id',c22[1]) # update log
-                cka = getattr(cmsdb, c22[1])
-                if cka['deeps'] != '1': # Deep Scan not available
-                    if cka['vd'] != '1': # Version Detection not available for the cms show basic stuff
-                        print('\n')
-                        cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
-                        cmseek.update_log('cms_name',cka['name']) # update log
-                        cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
-                        cmseek.update_log('cms_url',cka['url']) # update log
-                    else:
-                        cmseek.statement("CMS Version is detectable, detecting CMS Version")
-                        cms_version = version_detect.start(c22[1], site, cua, '0', scode)
-                        ### Detect version
-                        print('\n')
-                        cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
-                        cmseek.update_log('cms_name',cka['name']) # update log
-                        if cms_version != '0':
-                            cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
-                            cmseek.update_log('cms_version',cms_version) # update log
-                        cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
-                        cmseek.update_log('cms_url',cka['url']) # update log
-                    return
-                else:
-                    advanced.start(c22[1], site, cua, '0', scode)
-            elif c22[0] == '2': # Empty Source code
-                cmseek.error("Source code was empty... exiting CMSeek")
-                return
-            else:
-                cmseek.error("Couldn't detect cms... :( \n    Sorry master didn't mean to dissapoint but bye for now \n    Can't handle this much disappintment \n\n")
-                return
+            # nor version detect neither DeepScan available
+            cmseek.clearscreen()
+            cmseek.banner("CMS Scan Results")
+            cmseek.result('Target: ', site)
+            cmseek.result("Detected CMS: ", cms_info['name'])
+            cmseek.update_log('cms_name', cms_info['name']) # update log
+            cmseek.result("CMS URL: ", cms_info['url'])
+            cmseek.update_log('cms_url', cms_info['url']) # update log
+            return
+    else:
+        print('\n')
+        cmseek.error('CMS Detection failed, if you know the cms please help me improve CMSeeK by reporting the cms along with the target by creating an issue')
+        print('''
+{2}Create issue:{3} https://github.com/Tuhinshubhra/CMSeeK/issues/new
+
+{4}Title:{5} [SUGGESTION] CMS detction failed!
+{6}Content:{7}
+    - CMSeeK Version: {0}
+    - Target: {1}
+    - Probable CMS: <name and/or cms url>
+
+N.B: Create issue only if you are sure, please avoid spamming!
+        '''.format(cmseek.cmseek_version, site, cmseek.bold, cmseek.cln, cmseek.bold, cmseek.cln, cmseek.bold, cmseek.cln))
+        return
+    return

cmseekdb/sc.py

@@ -140,10 +140,10 @@ def check(s, site): ## Check if no generator meta tag available
             r = ['1', 'dru']
             return r
 
-        elif 'Joomla' in hstring: # Lamest one possible
-            # Obvious Joomla
-            r = ['1','joom']
-            return r
+        # elif 'Joomla' in hstring: # Lamest one possible
+        #     # Obvious Joomla
+        #     r = ['1','joom']
+        #     return r
 
         elif 'Powered By <a href="http://www.opencart.com">OpenCart' in hstring or "catalog/view/javascript/jquery/swiper/css/opencart.css" in hstring or 'index.php?route=' in hstring:
             # OpenCart

deepscans/wp/userenum.py

@@ -1,12 +1,14 @@
 import cmseekdb.basic as cmseek ## Good old module
 import re ## Comes in handy while detecting version
 import json ## For parsing the wpvulndb result
-import multiprocessing ## Let's speed things up a lil bit (actually a hell lot faster) shell we?
-from functools import partial ## needed somewhere :/
+import threading
+
+wpparamuser = []
 
 def wpauthorenum(ua, url, param):
     ## WordPress function for Collecting usernames from author Parameter
     ## Had to create a different function to avoid some pickle issues
+    global wpparamuser
     param = param + 1
     i = str(param)
     # cmseek.statement('Checking for ?author=' + i) # Looks Ugly.. enable if you want over verbose result
@@ -15,12 +17,12 @@ def wpauthorenum(ua, url, param):
         author = re.findall(r'/author/(.*?)/', str(authorsrc[3]))
         if author != []:
             cmseek.success('Found user from redirection: ' + cmseek.fgreen + cmseek.bold + author[0] + cmseek.cln)
-            return author[0]
+            wpparamuser.append(author[0])
     elif authorsrc[0] == '1' and '/author/' in authorsrc[1]:
         author = re.findall(r'/author/(.*?)/', str(authorsrc[1]))
         if author != []:
             cmseek.success('Found user from source code: ' + cmseek.fgreen + cmseek.bold + author[0] + cmseek.cln)
-            return author[0]
+            wpparamuser.append(author[0])
 
 def start(id, url, ua, ga, source):
     cmseek.info("Starting Username Harvest")
@@ -53,15 +55,13 @@ def start(id, url, ua, ga, source):
 
     # the regular way of checking vua user Parameter -- For now just check upto 20 ids
     cmseek.info('Harvesting usernames from wordpress author Parameter')
-    wpparamuser = []
     usrrange = range(31)
-    pool = multiprocessing.Pool()
-    prepareenum = partial(wpauthorenum, ua, url)
-    res  = pool.map(prepareenum,usrrange)
-    for r in res:
-        if r != None:
-            wpparamuser.append(r)
-
+    threads = [threading.Thread(target=wpauthorenum, args=(ua,url,r)) for r in usrrange]
+    for thread in threads:
+        thread.start()
+    for thread in threads:
+        thread.join()
+    global wpparamuser
     # Combine all the usernames that we collected
     usernames = set(wpjsonuser+jpapiuser+wpparamuser)
     if len(usernames) > 0: