forked from Redshoee/WPSeku
-
Notifications
You must be signed in to change notification settings - Fork 0
/
wpseku.py
187 lines (179 loc) · 6.37 KB
/
wpseku.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# WPSeku: Wordpress Security Scanner
#
# @url: https://github.com/m4ll0k/WPSeku
# @author: Momo Outaadi (M4ll0k)
#
# WPSeku is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation version 3 of the License.
#
# WPSeku is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with WPSeku; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
from lib import wpcolor
from lib import wphttp
from lib import wpprint
import os
import sys
import getopt
import time
import urlparse
from modules.discovery import wpall
from modules.bruteforce import wpxmlrpc
from modules.attack import wpxss
from modules.attack import wpsql
from modules.attack import wplfi
class WPSeku(object):
"""docstring for WPSeku"""
r = wpcolor.wpcolor().red(1)
w = wpcolor.wpcolor().white(0)
y = wpcolor.wpcolor().yellow(4)
e = wpcolor.wpcolor().reset()
xss = False
sql = False
lfi = False
brute = False
agent = ""
proxy = None
redirect = True
cookie = None
user = None
method = None
query = None
wordlist = None
check = wphttp.check()
printf = wpprint.wpprint()
_ = wpall.wpall()
def __init__(self, kwargs):
self.kwargs = kwargs
def Banner(self):
print self.r+r"__ ______ ____ _ "+self.e
print self.r+r"\ \ / / _ \/ ___| ___| | ___ _ "+self.e
print self.r+r" \ \ /\ / /| |_) \___ \ / _ \ |/ / | | |"+self.e
print self.r+r" \ V V / | __/ ___) | __/ <| |_| |"+self.e
print self.r+r" \_/\_/ |_| |____/ \___|_|\_\\__,_|"+self.e
print self.w+" "+self.e
print self.w+"|| WPSeku - Wordpress Security Scanner "+self.e
print self.w+"|| Version 0.2.1 "+self.e
print self.w+"|| Momo Outaadi (M4ll0k) "+self.e
print self.w+"|| %shttps://github.com/m4ll0k/WPSeku%s\n"%(self.y,self.e)
def Usage(self,ext=False):
path = os.path.basename(sys.argv[0])
self.Banner()
print "Usage: ./%s [--target|-t] http://localhost\n"%path
print "\t-t --target\tTarget URL (eg: http://localhost)"
print "\t-x --xss\tTesting XSS vulns"
print "\t-s --sql\tTesting SQL vulns"
print "\t-l --lfi\tTesting LFI vulns"
print "\t-q --query\tTestable parameters (eg: \"id=1&test=1\")"
print "\t-b --brute\tBruteforce login via xmlrpc"
print "\t-u --user\tSet username, default=admin"
print "\t-p --proxy\tSet proxy, (host:port)"
print "\t-m --method\tSet method (GET/POST)"
print "\t-c --cookie\tSet cookies"
print "\t-w --wordlist\tSet wordlist"
print "\t-a --agent\tSet user-agent"
print "\t-r --redirect\tRedirect target url, default=True"
print "\t-h --help\tShow this help and exit\n"
print "Examples:"
print "\t%s --target http://localhost"%path
print "\t%s -t http://localhost/wp-admin/post.php -m GET -q \"post=49&action=edit\" [-x,-s,-l]"%path
print "\t%s --target http://localhost --brute --wordlist dict.txt"%path
print "\t%s --target http://localhost --brute --user test --wordlist dict.txt\n"%path
if ext == True:
sys.exit()
def CheckTarget(self,url):
scheme = urlparse.urlsplit(url).scheme
netloc = urlparse.urlsplit(url).netloc
path = urlparse.urlsplit(url).path
if scheme not in ['http','https','']:
sys.exit(self.printf.erro('Schme %s not supported'%(scheme)))
if netloc == "":
return "http://"+path
else:
return scheme+"://"+netloc+path
def Main(self):
if len(sys.argv) <= 2:
self.Usage(True)
try:
opts,args = getopt.getopt(self.kwargs,"t:x=:s=:l=:b=:h=:q:u:p:m:c:w:a:r:",['target=','xss','sql','lfi','query=',
'brute','user=','proxy=','method=','cookie=','wordlist=','agent=','redirect=','help'])
except getopt.error as error:
pass
for o,a in opts:
if o in ('-t','--target'):
self.target = self.CheckTarget(a)
if o in ('-x','--xss'):
self.xss = True
if o in ('-s','--sql'):
self.sql = True
if o in ('-l','--lfi'):
self.lfi = True
if o in ('-q','--query'):
self.query = a
if o in ('-b','brute'):
self.brute = True
if o in ('-u','--user'):
self.user = a
if o in ('-p','--proxy'):
self.proxy = a
if o in ('-m','--method'):
self.method = a
if o in ('-c','--cookie'):
self.cookie = a
if o in ('-w','--wordlist'):
self.wordlist = a
if o in ('-a','--agent'):
self.agent = a
if o in ('-r','--redirect'):
self.redirect = a
if o in ('-h','--help'):
self.Usage(True)
self.Banner()
self.printf.plus('Target: %s'%self.target)
self.printf.plus('Starting: %s\n'%(time.strftime('%d/%m/%Y %H:%M:%S')))
print self.agent
if not self.agent:self.agent = 'Mozilla/5.0'
if not self.proxy:self.proxy=None
if not self.cookie:self.cookie=None
if not self.redirect:self.redirect=False
if not self.user:self.user="admin"
# xss attack
if self.xss==True:
if not self.method:sys.exit(self.printf.erro('Method not exisits!'))
if not self.query:sys.exit(self.printf.erro('Not found query'))
wpxss.wpxss(self.agent,self.proxy,self.redirect,self.target,self.method,self.query).run()
sys.exit()
# sql attack
if self.sql==True:
if not self.method:sys.exit(self.printf.erro('Method not exisits!'))
if not self.query:sys.exit(self.printf.erro('Not found query'))
wpsql.wpsql(self.agent,self.proxy,self.redirect,self.target,self.method,self.query).run()
sys.exit()
# lfi attack
if self.lfi==True:
if not self.method:sys.exit(self.printf.erro('Method not exisits!'))
if not self.query:sys.exit(self.printf.erro('Not found query'))
wplfi.wplfi(self.agent,self.proxy,self.redirect,self.target,self.method,self.query).run()
sys.exit()
# attack bruteforce
if self.brute==True:
if not self.wordlist:sys.exit(self.printf.erro('Not found wordlist!'))
wpxmlrpc.wpxmlrpc(self.agent,self.proxy,self.redirect,self.target,self.cookie,self.wordlist,self.user).run()
sys.exit()
# discovery
if self.target:
self._.run(self.agent,self.proxy,self.redirect,self.target)
if __name__ == "__main__":
try:
WPSeku(sys.argv[1:]).Main()
except KeyboardInterrupt as error:
sys.exit("[!] Keyboard Interrupt by User")