dash/Typo3Scan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

v0.5.2

Browse Source
This commit is contained in:
whoot
2020-01-25 14:57:04 +01:00
parent 17d9b7b8e6
commit 002d1560ce
9 changed files with 180 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

222
typo3scan.py
View File

@@ -18,7 +18,7 @@
# along with this program. If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
#-------------------------------------------------------------------------------
__version__ = '0.5.1'
__version__ = '0.5.2'
__program__ = 'Typo3Scan'
__description__ = 'Automatic Typo3 enumeration tool'
__author__ = 'https://github.com/whoot'
@@ -29,8 +29,6 @@ import sqlite3
import os.path
import argparse
from lib.domain import Domain
from lib.update import Update
from lib.initdb import DB_Init
from lib.extensions import Extensions
from colorama import Fore, init, deinit, Style
init()
@@ -41,6 +39,88 @@ class Typo3:
self.__path = os.path.dirname(os.path.abspath(__file__))
self.__extensions = []
def run(self):
database = os.path.join(self.__path, 'lib', 'typo3scan.db')
conn = sqlite3.connect(database)
c = conn.cursor()
c.execute('SELECT * FROM UserAgents ORDER BY RANDOM() LIMIT 1;')
user_agent = c.fetchone()[0]
c.close()
config = {'threads': args.threads, 'timeout': args.timeout, 'cookie': args.cookie, 'auth': args.auth, 'User-Agent': user_agent}
json.dump(config, open(os.path.join(self.__path, 'lib', 'config.json'), 'w'))
try:
if args.domain:
for dom in args.domain:
self.__domain_list.append(dom)
elif args.file:
if not os.path.isfile(args.file):
print(Fore.RED + '\n[x] File not found: {}\n | Aborting...'.format(args.file) + Fore.RESET)
sys.exit(-1)
else:
with open(args.file, 'r') as f:
for line in f:
self.__domain_list.append(line.strip())
for domain in self.__domain_list:
print(Fore.CYAN + Style.BRIGHT + '\n\n[ Checking {} ]\n'.format(domain) + '-'* 73 + Fore.RESET + Style.RESET_ALL)
check = Domain(domain)
check.check_root()
default_files = check.check_default_files()
if not default_files:
check_404 = check.check_404()
if not check.is_typo3():
print(Fore.RED + '\n[x] It seems that Typo3 is not used on this domain\n' + Fore.RESET)
else:
# check for typo3 information
print('\n[+] Typo3 Installation')
print('----------------------')
check.search_login()
check.search_typo3_version()
# Search extensions
print('\n [+] Extension Search')
if not self.__extensions:
conn = sqlite3.connect(database)
c = conn.cursor()
if args.vuln:
for row in c.execute('SELECT extensionkey FROM extension_vulns'):
self.__extensions.append(row[0])
self.__extensions = set(self.__extensions)
else:
for row in c.execute('SELECT extensionkey FROM extensions'):
self.__extensions.append(row[0])
conn.close()
print (' \u251c Brute-Forcing {} extensions'.format(len(self.__extensions)))
extensions = Extensions()
ext_list = extensions.search_extension(check.get_path(), self.__extensions, args.threads)
if ext_list:
print ('\n \u251c Found {} extensions'.format(len(ext_list)))
print (' |\n \u251c Brute-Forcing version information'.format(len(self.__extensions)))
ext_list = extensions.search_ext_version(ext_list, args.threads)
extensions.output(ext_list, database)
else:
print ('\n [!] No extensions found.\n')
except KeyboardInterrupt:
print('\nReceived keyboard interrupt.\nQuitting...')
exit(-1)
finally:
deinit()
if __name__ == '__main__':
print('\n' + 73*'=' + Style.BRIGHT)
print(Fore.CYAN)
print('________ ________ _________ '.center(73))
print('\_ _/__ __ ______ _____\_____ \ / _____/ ____ _____ ___ '.center(73))
print(' | | | | |\____ \| _ | _(__ < \_____ \_/ ___\\\\__ \ / \ '.center(73))
print(' | | |___ || |_) | (_) |/ \/ \ \___ / __ \| | \ '.center(73))
print(' |__| / ____|| __/|_____|________/_________/\_____|_____/|__|__/ '.center(73))
print(' \/ |__| '.center(73))
print(Fore.RESET + Style.RESET_ALL)
print(__description__.center(73))
print(('Version ' + __version__).center(73))
print((__author__).center(73))
print(73*'=')
def print_help():
print(
"""\nUsage: python typo3scan.py [options]
@@ -76,118 +156,32 @@ Options:
-r | --reset Reset the database.
""")
def run(self):
parser = argparse.ArgumentParser(add_help=False)
group = parser.add_mutually_exclusive_group()
help = parser.add_mutually_exclusive_group()
group.add_argument('-f', '--file', dest='file')
group.add_argument('-d', '--domain', dest='domain', type=str, nargs='+')
group.add_argument('-u', '--update', dest='update', action='store_true')
group.add_argument('-r', '--reset', dest='reset', action='store_true')
parser.add_argument('--vuln', dest='vuln', action='store_true')
parser.add_argument('--threads', dest='threads', type=int, default=5)
parser.add_argument('--auth', dest='auth', type=str, default='')
parser.add_argument('--cookie', dest='cookie', type=str, default='')
parser.add_argument('--timeout', dest='timeout', type=int, default=10)
help.add_argument( '-h', '--help', action='store_true')
args = parser.parse_args()
parser = argparse.ArgumentParser(add_help=False)
group = parser.add_mutually_exclusive_group()
help = parser.add_mutually_exclusive_group()
group.add_argument('-f', '--file', dest='file')
group.add_argument('-d', '--domain', dest='domain', type=str, nargs='+')
group.add_argument('-u', '--update', dest='update', action='store_true')
group.add_argument('-r', '--reset', dest='reset', action='store_true')
parser.add_argument('--vuln', dest='vuln', action='store_true')
parser.add_argument('--threads', dest='threads', type=int, default=5)
parser.add_argument('--auth', dest='auth', type=str, default='')
parser.add_argument('--cookie', dest='cookie', type=str, default='')
parser.add_argument('--timeout', dest='timeout', type=int, default=10)
help.add_argument( '-h', '--help', action='store_true')
args = parser.parse_args()
if args.help or not len(sys.argv) > 1:
Typo3.print_help()
if args.help or not len(sys.argv) > 1:
print_help()
elif args.reset:
DB_Init()
elif args.reset:
from lib.initdb import DB_Init
DB_Init()
elif args.update:
Update()
elif args.update:
from lib.update import Update
Update()
else:
database = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'lib', 'typo3scan.db')
conn = sqlite3.connect(database)
c = conn.cursor()
c.execute('SELECT * FROM UserAgents ORDER BY RANDOM() LIMIT 1;')
user_agent = c.fetchone()[0]
c.close()
config = {'threads': args.threads, 'timeout': args.timeout, 'cookie': args.cookie, 'auth': args.auth, 'User-Agent': user_agent}
json.dump(config, open(os.path.join(os.path.dirname(os.path.abspath(__file__)), 'lib', 'config.json'), 'w'))
try:
if args.domain:
for dom in args.domain:
self.__domain_list.append(dom)
elif args.file:
if not os.path.isfile(args.file):
print(Fore.RED + '\n[x] File not found: {}\n | Aborting...'.format(args.file) + Fore.RESET)
sys.exit(-1)
else:
with open(args.file, 'r') as f:
for line in f:
self.__domain_list.append(line.strip())
for domain in self.__domain_list:
print(Fore.CYAN + Style.BRIGHT + '\n\n[ Checking {} ]\n'.format(domain) + '-'* 73 + Fore.RESET + Style.RESET_ALL)
check = Domain(domain)
check.check_root()
default_files = check.check_default_files()
if not default_files:
check_404 = check.check_404()
if not check.is_typo3():
print(Fore.RED + '\n[x] It seems that Typo3 is not used on this domain' + Fore.RESET)
else:
# print interesting headers
print('\n[+] Interesting Headers')
for key, value in check.get_interesting_headers().items():
string = ' \u251c {}:'.format(key)
print(string.ljust(30) + value)
# check for typo3 information
print('\n[+] Typo3 Information')
check.search_login()
check.search_typo3_version()
# Search extensions
print('\n [+] Extension Search')
if not self.__extensions:
conn = sqlite3.connect(database)
c = conn.cursor()
if args.vuln:
for row in c.execute('SELECT extensionkey FROM extension_vulns'):
self.__extensions.append(row[0])
self.__extensions = set(self.__extensions)
else:
for row in c.execute('SELECT extensionkey FROM extensions'):
self.__extensions.append(row[0])
conn.close()
print (' \u251c Brute-Forcing {} extensions'.format(len(self.__extensions)))
extensions = Extensions()
ext_list = extensions.search_extension(check.get_path(), self.__extensions, args.threads)
if ext_list:
print ('\n \u251c Found {} extensions'.format(len(ext_list)))
print (' |\n \u251c Brute-Forcing version information'.format(len(self.__extensions)))
ext_list = extensions.search_ext_version(ext_list, args.threads)
extensions.output(ext_list, database)
else:
print ('\n [!] No extensions found.')
except KeyboardInterrupt:
print('\nReceived keyboard interrupt.\nQuitting...')
exit(-1)
finally:
deinit()
print()
if __name__ == '__main__':
print('\n' + 73*'=' + Style.BRIGHT)
print(Fore.CYAN)
print('________ ________ _________ '.center(73))
print('\_ _/__ __ ______ _____\_____ \ / _____/ ____ _____ ___ '.center(73))
print(' | | | | |\____ \| _ | _(__ < \_____ \_/ ___\\\\__ \ / \ '.center(73))
print(' | | |___ || |_) | (_) |/ \/ \ \___ / __ \| | \ '.center(73))
print(' |__| / ____|| __/|_____|________/_________/\_____|_____/|__|__/ '.center(73))
print(' \/ |__| '.center(73))
print(Fore.RESET + Style.RESET_ALL)
print(__description__.center(73))
print(('Version ' + __version__).center(73))
print((__author__).center(73))
print(73*'=')
main = Typo3()
main.run()
else:
main = Typo3()
main.run()