Version 1.0.4 Update

Author: Tuhinshubhra

CHANGELOG

@@ -1,3 +1,7 @@
+Version 1.0.4 [17-07-2018]
+  - added joomla deep scan and version detection
+  - minor core update
+  - removed some junk code from wordpress deepscan
 Version 1.0.3 [06-07-2018]
   - clear-result argument added
   - fixed all bruteforce modules

README.md

@@ -1,6 +1,6 @@
 <p align='center'>
   <img src="https://i.imgur.com/n2U6nVH.png" alt="Logo"> <br>
-  <img src="https://img.shields.io/badge/Version-1.0.2%20Beta-brightgreen.svg?style=style=flat-square" alt="version">
+  <img src="https://img.shields.io/badge/Version-1.0.4-brightgreen.svg?style=style=flat-square" alt="version">
   <img src="https://img.shields.io/badge/python-3-orange.svg?style=style=flat-square" alt="Python Version">
   <img src="https://img.shields.io/aur/license/yaourt.svg?style=style=flat-square" alt="License">
 </p>
@@ -10,6 +10,7 @@
 
 ## Release History
 ```
+- Version 1.0.4 [17-07-2018]
 - Version 1.0.3 [06-07-2018]
 - Version 1.0.2 [06-07-2018]
 - Version 1.0.1 [19-06-2018]
@@ -23,6 +24,7 @@
   - Detects Version
   - Detects Users (3 Detection Methods)
   - Looks for Version Vulnerabilities and much more!
+- Advance Joomla Scans
 - Modular bruteforce system
   - Use pre made bruteforce modules or create your own and integrate with it
 

VersionDetect/detect.py

@@ -2,5 +2,9 @@ def start(id, url, ua, ga, source):
     if id == "wp":
         # trust me more will be added soon
         import VersionDetect.wp as wpverdetect
-        wpver = wpverdetect.start(id, url, ua, ga, source):
+        wpver = wpverdetect.start(id, url, ua, ga, source)
         return wpver
+    elif id == 'joom':
+        import VersionDetect.joom as joomverdetect
+        joomver = joomverdetect.start(id, url, ua, ga, source)
+        return joomver

VersionDetect/joom.py

@@ -0,0 +1,96 @@
+## Joomla version detection
+## Rev 1
+
+import cmseekdb.basic as cmseek
+import re
+def start(id, url, ua, ga, source):
+    version = '0'
+    cmseek.info('detecting joomla version')
+
+    # version detection stats here
+    if ga == '1':
+        # Detect version via generator meta tag
+        cmseek.statement('Detecting version using generator meta tag [Method 1 of 4]')
+        regex_1 = re.findall(r'content=(?:\"|\')Joomla! (.*?) - Open Source Content Management(?:\"|\')', source)
+        if regex_1 != []:
+            cmseek.success('Joomla version detected, version: ' + cmseek.bold + regex_1[0] + cmseek.cln)
+            return regex_1[0]
+
+    if version == '0':
+        # Detections using the xml files
+        xml_files = ['administrator/manifests/files/joomla.xml','language/en-GB/en-GB.xml','administrator/components/com_content/content.xml','administrator/components/com_plugins/plugins.xml','administrator/components/com_media/media.xml','mambots/content/moscode.xml']
+        cmseek.statement('Detecting version using xml files [Method 2 of 4]')
+        for xml_file in xml_files:
+            xml_source = cmseek.getsource(url + '/' + xml_file, ua)
+            if xml_source[0] == '1':
+                regex_2 = re.findall(r'<version>(.*?)</version>', xml_source[1])
+                if regex_2 != []:
+                    cmseek.success('Joomla version detected, version: ' + cmseek.bold + regex_2[0] + cmseek.cln)
+                    return regex_2[0]
+
+    # Detection method 3
+    if version == '0':
+        other_files = ['language/en-GB/en-GB.xml','templates/system/css/system.css','media/system/js/mootools-more.js','language/en-GB/en-GB.ini','htaccess.txt','language/en-GB/en-GB.com_media.ini']
+        cmseek.statement('Detecting version using advanced fingerprinting [Method 3 of 4]')
+        for file in other_files:
+            file_source = cmseek.getsource(url + '/' + file, ua)
+            if file_source[0] == '1':
+                # Regex find
+                regex_3 = re.findall(r'<meta name="Keywords" content="(.*?)">', file_source[1])
+                if regex_3 != []:
+                    cmseek.success('Joomla version detected, version: ' + cmseek.bold + regex_3[0] + cmseek.cln)
+                    return regex_3[0]
+
+                # Joomla version 1.6
+                j16 = ['system.css 20196 2011-01-09 02:40:25Z ian','MooTools.More={version:"1.3.0.1"','en-GB.ini 20196 2011-01-09 02:40:25Z ian','en-GB.ini 20990 2011-03-18 16:42:30Z infograf768','20196 2011-01-09 02:40:25Z ian']
+                for j in j16:
+                    rsearch = re.search(j,file_source[1])
+                    if rsearch is not None:
+                        cmseek.success('Joomla version detected, version: ' + cmseek.bold + '1.6' + cmseek.cln)
+                        return '1.6'
+
+                # Joomla version 1.5
+                j15 = ['Joomla! 1.5','MooTools={version:\'1.12\'}','11391 2009-01-04 13:35:50Z ian']
+                for j in j15:
+                    rsearch = re.search(j,file_source[1])
+                    if rsearch is not None:
+                        cmseek.success('Joomla version detected, version: ' + cmseek.bold + '1.5' + cmseek.cln)
+                        return '1.5'
+
+                # Joomla version 1.7
+                j17 = ['system.css 21322 2011-05-11 01:10:29Z dextercowley','MooTools.More={version:"1.3.2.1"','22183 2011-09-30 09:04:32Z infograf768','21660 2011-06-23 13:25:32Z infograf768']
+                for j in j17:
+                    rsearch = re.search(j,file_source[1])
+                    if rsearch is not None:
+                        cmseek.success('Joomla version detected, version: ' + cmseek.bold + '1.7' + cmseek.cln)
+                        return '1.7'
+
+            # Joomla version 1.0
+            j10 = ['(Copyright (C) 2005 - 200(6|7))','47 2005-09-15 02:55:27Z rhuk','423 2005-10-09 18:23:50Z stingrey','1005 2005-11-13 17:33:59Z stingrey','1570 2005-12-29 05:53:33Z eddieajau','2368 2006-02-14 17:40:02Z stingrey','1570 2005-12-29 05:53:33Z eddieajau','4085 2006-06-21 16:03:54Z stingrey','4756 2006-08-25 16:07:11Z stingrey','5973 2006-12-11 01:26:33Z robs','5975 2006-12-11 01:26:33Z robs']
+            for j in j10:
+                rsearch = re.search(j,file_source[1])
+                if rsearch is not None:
+                    cmseek.success('Joomla version detected, version: ' + cmseek.bold + '1.0' + cmseek.cln)
+                    return '1.0'
+
+            # Joomla version 2.5
+            j25 = ['Copyright (C) 2005 - 2012 Open Source Matters','MooTools.More={version:"1.4.0.1"']
+            for j in j25:
+                rsearch = re.search(j,file_source[1])
+                if rsearch is not None:
+                    cmseek.success('Joomla version detected, version: ' + cmseek.bold + '2.5' + cmseek.cln)
+                    return '2.5'
+
+    # Detection using README file
+    if version == '0':
+        cmseek.statement('Detecting version from README file [Method 4 of 4]')
+        readme_file = url + '/README.txt'
+        readme_source = cmseek.getsource(readme_file, ua)
+        if readme_source[0] == '1':
+            regex_4 = re.findall(r'package to version (.*?)', readme_source[1])
+            if regex_4 != []:
+                cmseek.success('Joomla version detected, version: ' + cmseek.bold + regex_4[0] + cmseek.cln)
+                return regex_4[0]
+
+    # if we fail ¯\_(ツ)_/¯
+    return version

VersionDetect/wp.py

@@ -1,3 +1,6 @@
+## WordPress version detection
+## Rev 1
+
 import cmseekdb.basic as cmseek
 import re
 

cmseek.py

@@ -23,7 +23,7 @@
 parser.add_argument('-v', '--verbose', help="increase output verbosity", action="store_true")
 parser.add_argument("--version", help="Show CMSeeK version", action="store_true")
 parser.add_argument("--update", help="Update CMSeeK", action="store_true")
-parser.add_argument("--random-agent", help="Use a random user agent", action="store_true")
+parser.add_argument('-r', "--random-agent", help="Use a random user agent", action="store_true")
 parser.add_argument('--user-agent', help='Specify custom user agent')
 parser.add_argument('-u', '--url', help='Target Url')
 parser.add_argument('--clear-result', action='store_true')

cmseekdb/basic.py

@@ -68,7 +68,7 @@ def banner (txt):
         print(whitebg + black + bold)
         print(" [+]  " + txt + "  [+] " + cln)
     else:
-        print(cln + bold + lbluebg + black + " Author: " + cln + bold + " https://twitter.com/r3dhax0r" + blackbg + white + "\n GitHub: " + cln + bold + " https://github.com/Tuhinshubhra \n" + cln + bold + violetbg + white + " Group : " + cln + bold + " Virtual Unvoid Defensive @virtuallyunvoid" + cln + '\n')
+        print(cln + bold + lbluebg + black + " Author: " + cln + bold + " https://twitter.com/r3dhax0r" + blackbg + white + "\n GitHub: " + cln + bold + " https://github.com/Tuhinshubhra \n" + cln + '\n')
     print(cln + "\n")
     return
 
@@ -102,22 +102,22 @@ def help():
     # The help screen
     print(
     """
-    CMSeeK Version {0}
-    Coded By: @r3dhax0r
-
-    Usage: cmseek.py (for a guided scanning) OR cmseek.py -u <target_url> [...]
-
-    Arguments:
-
-          -u URL, --url URL            Target Url
-          -h, --help                   Show this help message and exit
-          -v, --verbose                Increase output verbosity
-          --version                    Show CMSeeK version and exit
-          --update                     Update CMSeeK (Requires git)
-          --random-agent               Use a random user agent
-          --user-agent USER_AGENT      Specify custom user agent
-          --clear-result               Delete all the scan result
-    """.format(cmseek_version))
+CMSeeK Version {0}
+Coded By:{1} @r3dhax0r {2}
+
+Usage: cmseek.py (for a guided scanning) OR cmseek.py -u <target_url> [...]
+
+Arguments:
+
+      -u URL, --url URL            Target Url
+      -h, --help                   Show this help message and exit
+      -v, --verbose                Increase output verbosity
+      --version                    Show CMSeeK version and exit
+      --update                     Update CMSeeK (Requires git)
+      -r, --random-agent           Use a random user agent
+      --user-agent USER_AGENT      Specify custom user agent
+      --clear-result               Delete all the scan result
+    """.format(cmseek_version,red, cln))
     bye()
 
 def signal_handler(signal, frame):
@@ -146,7 +146,7 @@ def statement(msg):
         print("[+] "  + msg)
 
 def error(msg):
-    print(bold + red + "[❌] " + msg)
+    print(bold + red + "[x] " + msg) # switched to x from ❌ ..
 
 def warning(msg):
     print(bold + yellow + "[!] " + cln + msg)
@@ -433,7 +433,7 @@ def getsource(url, ua): ## (url, useragent) return type: ({0/1/2},{error/source
         )
         cj = CookieJar()
         opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj))
-        with opener.open(ckreq, timeout=4) as response:
+        with opener.open(ckreq, timeout=8) as response:
             scode = response.read().decode()
             headers = str(response.info())
             rurl = response.geturl()
@@ -444,6 +444,16 @@ def getsource(url, ua): ## (url, useragent) return type: ({0/1/2},{error/source
         r = ['2', e, '', ''] ## 'error code', 'error message', 'empty'
         return r
 
+def check_url(url,ua):
+    request = urllib.request.Request(url)
+    request.add_header('User-Agent', ua)
+    request.get_method = lambda: 'HEAD'
+    try:
+        urllib.request.urlopen(request)
+        return '1'
+    except urllib.request.HTTPError:
+        return '0'
+
 def wpbrutesrc(url, user, pwd):
     redirecto = url + '/wp-admin/'
     url = url + '/wp-login.php'

cmseekdb/cmss.py

@@ -153,8 +153,8 @@
 joom = {
     'name':'Joomla',
     'url':'https://joomla.org',
-    'vd':'0',
-    'deeps':'0'
+    'vd':'1',
+    'deeps':'1'
 }
 oc = {
     'name':'OpenCart',

cmseekdb/core.py

@@ -6,6 +6,7 @@
 import importlib
 from datetime import datetime
 
+import VersionDetect.detect as version_detect # Version detection
 import deepscans.core as advanced # Deep scan and Version Detection functions
 import cmseekdb.basic as cmseek # All the basic functions
 import cmseekdb.sc as source # Contains function to detect cms from source code
@@ -49,9 +50,13 @@ def main_proc(site,cua):
             else:
                 cmseek.statement("CMS Version is detectable, detecting CMS Version")
                 ### Detect version
+                cms_version = version_detect.start(c1[1], site, cua, '1', scode)
                 print('\n')
                 cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                 cmseek.update_log('cms_name',cka['name']) # update log
+                if cms_version != '0':
+                    cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
+                    cmseek.update_log('cms_version',cms_version) # update log
                 cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                 cmseek.update_log('cms_url',cka['url']) # update log
             # return
@@ -79,9 +84,13 @@ def main_proc(site,cua):
                     else:
                         cmseek.statement("CMS Version is detectable, detecting CMS Version")
                         ### Detect version
+                        cms_version = version_detect.start(c21[1], site, cua, '1', scode)
                         print('\n')
                         cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                         cmseek.update_log('cms_name',cka['name']) # update log
+                        if cms_version != '0':
+                            cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
+                            cmseek.update_log('cms_version',cms_version) # update log
                         cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                         cmseek.update_log('cms_url',cka['url']) # update log
                     # return
@@ -107,10 +116,14 @@ def main_proc(site,cua):
                             cmseek.update_log('cms_url',cka['url']) # update log
                         else:
                             cmseek.statement("CMS Version is detectable, detecting CMS Version")
+                            cms_version = version_detect.start(c22[1], site, cua, '1', scode)
                             ### Detect version
                             print('\n')
                             cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                             cmseek.update_log('cms_name',cka['name']) # update log
+                            if cms_version != '0':
+                                cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
+                                cmseek.update_log('cms_version',cms_version) # update log
                             cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                             cmseek.update_log('cms_url',cka['url']) # update log
                         return
@@ -139,11 +152,15 @@ def main_proc(site,cua):
                         cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                         cmseek.update_log('cms_url',cka['url']) # update log
                     else:
+                        cms_version = version_detect.start(c22[1], site, cua, '0', scode)
                         cmseek.statement("CMS Version is detectable, detecting CMS Version")
                         ### Detect version
                         print('\n')
                         cmseek.result('',"CMS Name: " + cmseek.bold + cmseek.fgreen + cka['name'] + cmseek.cln)
                         cmseek.update_log('cms_name',cka['name']) # update log
+                        if cms_version != '0':
+                            cmseek.result('',"CMS Version: " + cmseek.bold + cmseek.fgreen + cms_version + cmseek.cln)
+                            cmseek.update_log('cms_version',cms_version) # update log
                         cmseek.result('',"CMS Link: " + cmseek.bold + cmseek.fgreen + cka['url'] + cmseek.cln)
                         cmseek.update_log('cms_url',cka['url']) # update log
                     return

cmseekdb/sc.py

@@ -78,7 +78,7 @@ def generator(s): ## CMS Check using generator meta tags
             # Ametys CMS
             r = ['1','amcms']
             return r
-        elif '<meta name="generator" content="Joomla! - Open Source Content Management' in hstring:
+        elif '<meta name="generator" content="Joomla! - Open Source Content Management' in hstring or '<meta name="description" content="Joomla! - the dynamic portal engine and content management system"' in hstring:
             # Joomla
             r = ['1', 'joom']
             return r

cmseekdb/test.py

@@ -1 +1 @@
-1.0.3
+1.0.4

current_version

@@ -3,3 +3,7 @@ def start(id, url, ua, ga, source):
         # for now this is the only cms... but not for long!
         import deepscans.wp.init as wpscan
         wpscan.start(id, url, ua, ga, source)
+    if id == 'joom':
+        # told ya... not for long
+        import deepscans.joom.init as joomscan
+        joomscan.start(id, url, ua, ga, source)

deepscans/core.py

@@ -0,0 +1,24 @@
+import threading
+import cmseekdb.basic as cmseek
+
+joom_admin_found = 0
+joom_admins = []
+
+def check_admin(url,file,ua):
+    global joom_admin_found, joom_admins
+    file_check = cmseek.check_url(url + '/' + file, ua)
+    if file_check == '1':
+        cmseek.success('Admin login page found: ' + cmseek.bold + cmseek.fgreen + url + '/' + file + cmseek.cln)
+        joom_admin_found += 1
+        joom_admins.append(file)
+
+def start(url, ua):
+    admin_files = ['administrator','admin','panel','webadmin','modir','manage','administration','joomla/administrator','joomla/admin']
+    threads = [threading.Thread(target=check_admin, args=(url, file ,ua)) for file in admin_files]
+    for thread in threads:
+        thread.start()
+    for thread in threads:
+        thread.join()
+
+    global joom_admin_found, joom_admins
+    return [joom_admin_found, joom_admins]