Update to v0.4.1

2015-04-14 00:09:43 +02:00
parent 4246a96399
commit 7672d9c0b0
15 changed files with 5725 additions and 5654 deletions
--- a/README.md
+++ b/README.md
@@ -28,10 +28,7 @@ On Redhat you can install all needed packages with easy_install:
 	easy_install requests
 	easy_install colorama

-If you want to use Typo-Enumerator with TOR, you need the [SocksiPy](http://socksipy.sourceforge.net/) module.
-On Debian/Ubuntu you can install it with apt-get:
-
-	sudo apt-get install python-socksipy
+If you want to use Typo-Enumerator with TOR, you need the [SocksiPy](https://code.google.com/p/socksipy-branch/) module.

 Usage
 ----
--- a/doc/CHANGELOG.md
+++ b/doc/CHANGELOG.md
@@ -1,3 +1,10 @@
+## Version 0.4.1
+
+* Fixed link to socksipy for python 3
+* Fixed bug in versionsearch
+* Fixed TOR issues
+* Fixed some little bugs
+
 ## Version 0.4

 * Using Python 3.x now!
--- a/extensions/all_extensions
+++ b/extensions/all_extensions
--- a/extensions/alpha_extensions
+++ b/extensions/alpha_extensions
--- a/extensions/beta_extensions
+++ b/extensions/beta_extensions
--- a/extensions/experimental_extensions
+++ b/extensions/experimental_extensions
@@ -59,8 +59,8 @@ rhu_excelexplorer
 felib
 eim2mvc
 cherries
-sm_charsethelper
 mvwa_fortune
+sm_charsethelper
 ws_test
 survey
 masi_utf8fs
@@ -94,10 +94,10 @@ test_uploaddependency
 jhe_dam_extender
 dbreplace
 spriteiconoverview
-bb_easyforms
-abcconfig
-ms_fluid
 eventmanagement
+ms_fluid
+abcconfig
+bb_easyforms
 ajax_report
 smu_chc_ext
 ch_flash_carrousel
@@ -109,34 +109,34 @@ pb_rsslaufschrift
 ch_bramacroofsimulator
 european
 p2_langfix_42
-clanbase
 ter_tests
+clanbase
 meta_openoffice
 st_validation_lpl
 rhu_events
 t3info
 ch_bramacproducts
 sort_table
-maja_condrequired
+bonus
 alumnos
 organizacionacademica
-bonus
+maja_condrequired
 hh_multipageform_example
-lz_lp_dm_log_fe
 dsxsyndication
+lz_lp_dm_log_fe
 ba_company
 zitatdt
 svq_ebay
-rm_staticfile
 automator
+rm_staticfile
 contactformgenerator
 rg_links
 audio_conversion
 error
-wow_raid
 mbbrowserid
-mf_trainmanagement
+wow_raid
 rg_usuarios
+mf_trainmanagement
 rg_patrocinio
 sp_newsteaserbox_hookexample
 redirectlog
@@ -147,27 +147,30 @@ belink_syslang
 buildtools
 rg_empresas
 tc_fbconnect
-rf_library
 treppenpfosten_katalog
+rf_library
 ffunews
 dre_besearch
 elnews
 moox_template_free017
-tagger
-dbal_utility
-ft3_empty
-og_base
-ecs_steam
-moox_news_twitter
-femanagerextended
-ter_upload_test
-simplemvc_helloworld
 lo_backendhelper
-tgm_kickstart
-downloads
-visitorlist
-ckeditor
+ter_upload_test
 ctefan_test
 moox_news_geoinfo
+moox_news_twitter
+ckeditor
+air_table
+ft3_empty
+dbal_utility
+og_base
+tgm_kickstart
+tagger
+femanagerextended
+boards
+simplemvc_helloworld
+downloads
+ecs_steam
 jh_extstatus
 jh_pwcomments_plugin
+visitorlist
+xdbmysql
--- a/extensions/outdated_extensions
+++ b/extensions/outdated_extensions
@@ -124,8 +124,8 @@ csh_hk
 csh_br
 dubletfinder
 prototypejs
-hsapp_longerfeusername
 wa_contentrenderinghook
+hsapp_longerfeusername
 de_contentorganizer
 danp_skinsupport
 alt_forms_field_title
@@ -139,14 +139,14 @@ formidabledatetime
 mh_multimedia_ext
 sav_library
 eco_cal
-stucki_cache_imagesizes
 perfectlightboxjquery
+stucki_cache_imagesizes
 csh_pt
 gt_typo3_localization
 csh_hr
 csh_ro
-tmpl_ice_3columns
 csh_fi
+tmpl_ice_3columns
 csh_no
 mhnotifychanger
 doc_ephp_install_fr
@@ -183,8 +183,8 @@ tm_classes
 danp_userlisttemplate
 cobweb_protector
 tebay
-yag_theme_perfectlightbox
 rtehtmlarea_definitionlist
+yag_theme_perfectlightbox
 eco_content
 softwarecenter
 csh_vn
@@ -237,8 +237,8 @@ smile_form_archive
 tagpackprovider
 dfluess
 doc_core_tca
-redirection
 jhe_adventcalender
+redirection
 sav_library_example5
 xliff
 maag_imagerotator
@@ -255,22 +255,22 @@ advancedform
 delete_staticfile_by_3party
 ics_errorhandler
 ods_workspace_mail
-tm_gallery
 extend_dcdgooglemap
+tm_gallery
 ttnews_href_marker
 sav_library_mvc_example0
 doc_tut_editors
 st_metatags
+doc_guide_security
 ics_templavoila_mirgation_tool
 doc_core_skinning
-doc_guide_security
 ttnewscacheexpire
 form4_contentpagination
 realurl_autoconf_autodelete
 paymentlib_dibs
 paymentlib_quickpay_dk
-smile_jumpurl_fix
 tgm_gallery
+smile_jumpurl_fix
 tm_cssfilelinks
 tsincludeorder
 tgmv_gallery
@@ -282,17 +282,18 @@ dialogcentral
 dscentral
 jb_metaexec_doc
 maag_cenoshop
-view
-attachmentdelete
-form4_filecache
-coo_facebook
-filedeletion
-uploadtest
-form4_faq
-browser_tut_map_en
-mm_forum_blog
-external_link_parameter
 wt_spamshield_formhandler
-coreupdate
+mm_forum_blog
 form4_pages_counter
 fluidcontent_fed
+form4_filecache
+uploadtest
+coo_facebook
+browser_tut_map_en
+filedeletion
+coreupdate
+attachmentdelete
+view
+external_link_parameter
+browser_manual_ootb_en
+form4_faq
--- a/extensions/stable_extensions
+++ b/extensions/stable_extensions
--- a/lib/check_installation.py
+++ b/lib/check_installation.py
@@ -43,34 +43,31 @@ class Typo3_Installation:
 	@staticmethod
 	def check(domain):
 		response = Request.get_request(domain.get_name(), '/')
+		Request.interesting_headers(domain, response[1], response[2])
 		try:
-			print(Fore.GREEN + '[!] fe_typo_user:'.ljust(32) + response[2].cookies['fe_typo_user'] + Fore.RESET)
+			regex = re.compile('[Tt][Yy][Pp][Oo]3 (\d{1,2}\.\d{1,2}\.[0-9][0-9]?)')
+			searchVersion = regex.search(response[0])
+			version = searchVersion.groups()
 			domain.set_typo3()
+			domain.set_typo3_version(version[0].split()[0])
+			return True
 		except:
 			try:
-				regex = re.compile('[Tt][Yy][Pp][Oo]3 (\d{1,2}\.\d{1,2}\.[0-9][0-9]?)')
-				searchVersion = regex.search(response[0])
-				version = searchVersion.groups()
+				regex = re.compile('TYPO3 (\d{1,2}\.\d{1,2}) CMS')
+				searchHTML = regex.search(response[0])
+				version = searchHTML.groups()
 				domain.set_typo3()
 				domain.set_typo3_version(version[0].split()[0])
 				return True
 			except:
-				try:
-					regex = re.compile('TYPO3(.*)', re.IGNORECASE)
-					searchHTML = regex.search(response[0])
-					searchHTML.groups()[0]
-					domain.set_typo3()
-					return True
-				except:
-					return False
-
+				return False

 	# Searching Typo3 login page
 	@staticmethod
 	def search_login(domain):
-		response = Request.get_request(domain.get_name(), '/typo3/index.php')
-		Request.interesting_headers(response[1])
 		try:
+			response = Request.get_request(domain.get_name(), '/typo3/index.php')
+			Request.interesting_headers(domain, response[1], response[2])
 			regex = re.compile('<title>(.*)</title>', re.IGNORECASE)
 			searchTitle = regex.search(response[0])
 			title = searchTitle.groups()[0]
--- a/lib/domain.py
+++ b/lib/domain.py
@@ -39,6 +39,7 @@ class Domain(object):
 		self.__extension_config = [ext_state, top]
 		self.__extensions = None
 		self.__installed_extensions = {}
+		self.__interesing_header = {}

 	def get_name(self):
 		return self.__name
@@ -80,4 +81,10 @@ class Domain(object):
 		return self.__login_found

 	def set_login_found(self):
-		self.__login_found = True
+		self.__login_found = True
+
+	def set_interesting_headers(self, header_key, header_value):
+		self.__interesing_header[header_key] = header_value
+
+	def get_interesting_headers(self):
+		return self.__interesing_header
--- a/lib/privoxy_only.py
+++ b/lib/privoxy_only.py
@@ -28,12 +28,13 @@ except:
 	if sys.platform.startswith('linux'):
 		print('Please install it with: sudo apt-get install python-socksipy' + Fore.RESET)
 	else:
-		print('You can download it from http://socksipy.sourceforge.net/' + Fore.RESET)
+		print('You can download it from https://code.google.com/p/socksipy-branch/' + Fore.RESET)
 	sys.exit(-2)

 class Privoxy:
 	def __init__(self, port=8118):
 		self.__port = port
+		Request.timeout = 20

 	def start_daemon(self):
 		if sys.platform.startswith('linux'):
@@ -49,10 +50,11 @@ class Privoxy:
 	def connect(self):
 		print('\nChecking connection...')
 		socks.setdefaultproxy(socks.PROXY_TYPE_HTTP, '127.0.0.1', self.__port, True)
+		socks.socket.setdefaulttimeout(20)
 		socket.socket = socks.socksocket
 		try:
 			request = Request.get_request('https://check.torproject.org/')
-			response = request[1]
+			response = str(request[0])
 		except:
 			print('Failed to connect through Privoxy!')
 			print('Please make sure your configuration is right!\n')
@@ -73,4 +75,4 @@ class Privoxy:
 			os.system('service privoxy stop')
 			print('[ ok ] Stopping privoxy daemon...done.')
 		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('You can close Privoxy now...')
+			print('You can stop Privoxy now...')
--- a/lib/request.py
+++ b/lib/request.py
@@ -24,6 +24,9 @@ from colorama import Fore
 requests.packages.urllib3.disable_warnings()
 from lib.output import Output

+header = {'User-Agent' : "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"}
+timeout = 10
+
 class Request:
 	"""
 	This class is used to make all server requests
@@ -31,8 +34,8 @@ class Request:
 	@staticmethod
 	def get_request(domain_name, path):
 		try:
-			r = requests.get(domain_name + path, timeout=10, headers={'User-Agent' : "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"}, verify=False)
-			httpResponse = r.text
+			r = requests.get(domain_name + path, timeout=timeout, headers=header, verify=False)
+			httpResponse = str((r.text).encode('utf-8'))
 			headers = r.headers
 			cookies = r.cookies
 			status_code = r.status_code
@@ -48,7 +51,7 @@ class Request:
 	@staticmethod
 	def head_request(domain_name, path):
 		try:
-			r = requests.head(domain_name + path, timeout=10, headers={'User-Agent' : "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"}, allow_redirects=False, verify=False)
+			r = requests.head(domain_name + path, timeout=timeout, headers=header, allow_redirects=False, verify=False)
 			status_code = str(r.status_code)
 			if status_code == '405':
 				print("WARNING, (HEAD) method not allowed!!")
@@ -62,19 +65,29 @@ class Request:
 			print(Fore.RED + str(e) + Fore.RESET)

 	@staticmethod
-	def interesting_headers(headers):
+	def interesting_headers(domain, headers, cookies):
 		for header in headers:
 			if header == 'server':
-				Output.interesting_headers('Server', headers.get('server'))
+				domain.set_interesting_headers('Server', headers.get('server'))
 			elif header == 'x-powered-by':
-				Output.interesting_headers('X-Powered-By', headers.get('x-powered-by'))
+				domain.set_interesting_headers('X-Powered-By', headers.get('x-powered-by'))
 			elif header == 'via':
-				Output.interesting_headers('Via', headers.get('via'))
+				domain.set_interesting_headers('Via', headers.get('via'))
+		try:
+			typo_cookie = cookies['be_typo_user']
+			domain.set_interesting_headers('be_typo_user',typo_cookie)
+		except:
+			pass
+		try:
+			typo_cookie = cookies['fe_typo_user']
+			domain.set_interesting_headers('fe_typo_user', typo_cookie)
+		except:
+			pass

 	@staticmethod
 	# not used atm because unreliable
 	def version_information(domain_name, path, regex):
-		r = requests.get(domain_name + path, stream=True, timeout=10, headers={'User-Agent' : "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"}, verify=False)
+		r = requests.get(domain_name + path, stream=True, timeout=timeout, headers=header, verify=False)
 		if r.status_code == 200:
 			for content in r.iter_content(chunk_size=400, decode_unicode=False):
 				regex = re.compile(regex)
--- a/lib/tor_only.py
+++ b/lib/tor_only.py
@@ -31,12 +31,13 @@ except:
 	if sys.platform.startswith('linux'):
 		print('Please install it with: sudo apt-get install python-socksipy' + Fore.RESET)
 	else:
-		print('You can download it from http://socksipy.sourceforge.net/' + Fore.RESET)
+		print('You can download it from https://code.google.com/p/socksipy-branch/' + Fore.RESET)
 	sys.exit(-2)

 class Tor:
-	def __init__(self, port=9050):
+	def __init__(self, port=9150):
 		self.__port = port
+		Request.timeout = 20

 	def start_daemon(self):
 		if sys.platform.startswith('linux'):
@@ -51,12 +52,12 @@ class Tor:
 	def connect(self):
 		print('\nChecking connection...')
 		socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, '127.0.0.1', self.__port, True)
+		socks.socket.setdefaulttimeout(20)
 		socket.socket = socks.socksocket
 		try:
-			request = Request.get_request('https://check.torproject.org/')
-			response = request[1]
-		except Exception, e:
-			print(e)
+			request = Request.get_request('https://check.torproject.org', '/')
+			response = request[0]
+		except:
 			print('Failed to connect through TOR!')
 			print('Please make sure your configuration is right!\n')
 			sys.exit(-2)
@@ -64,12 +65,13 @@ class Tor:
 			regex = re.compile('Congratulations. This browser is configured to use Tor.')
 			searchVersion = regex.search(response)
 			version = searchVersion.groups()
-			pprint('Connection to TOR established')
+			print('Connection to TOR established')
 			regex = re.compile("(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
 			searchIP = regex.search(response)
 			IP = searchIP.groups()[0]
 			print('Your IP is: ', IP)
-		except:
+		except Exception as e:
+			print(e)
 			print('It seems like TOR is not used.\nAborting...\n')
 			sys.exit(-2)

--- a/lib/tor_with_privoxy.py
+++ b/lib/tor_with_privoxy.py
@@ -31,12 +31,13 @@ except:
 	if sys.platform.startswith('linux'):
 		print('Please install it with: sudo apt-get install python-socksipy' + Fore.RESET)
 	else:
-		print('You can download it from http://socksipy.sourceforge.net/' + Fore.RESET)
+		print('You can download it from https://code.google.com/p/socksipy-branch/' + Fore.RESET)
 	sys.exit(-2)

 class Tor_with_Privoxy:
 	def __init__(self, port=8118):
 		self.__port = port
+		Request.timeout = 20

 	def start_daemon(self):
 		if sys.platform.startswith('linux'):
@@ -53,10 +54,11 @@ class Tor_with_Privoxy:
 	def connect(self):
 		print('\nChecking connection...')
 		socks.setdefaultproxy(socks.PROXY_TYPE_HTTP, "127.0.0.1", self.__port, True)
+		socks.socket.setdefaulttimeout(20)
 		socket.socket = socks.socksocket
 		try:
 			request = Request.get_request('https://check.torproject.org/')
-			response = request[1]
+			response = str(request[0])
 		except:
 			print('Failed to connect through Privoxy and/or TOR!')
 			print('Please make sure your configuration is right!\n')
--- a/typo3_enumerator.py
+++ b/typo3_enumerator.py
@@ -18,7 +18,7 @@
 # along with this program.  If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
 #-------------------------------------------------------------------------------

-__version__ = "0.4"
+__version__ = "0.4.1"
 __program__ = "Typo-Enumerator"
 __description__ = 'Automatic Typo3 enumeration tool'
 __author__ = "https://github.com/whoot"
@@ -104,6 +104,8 @@ class Typo3:
 			for domain in self.__domain_list:
 				print('\n\n' + Fore.CYAN + Style.BRIGHT + '[ Checking ' + domain.get_name() + ' ]' + '\n' + "-"* 73  + Fore.RESET + Style.RESET_ALL)
 				Typo3_Installation.run(domain)
+				for key, value in domain.get_interesting_headers().items():
+					Output.interesting_headers(key, value)
 				if not domain.get_typo3():
 					print(Fore.RED + '\n[x] Typo3 is not used on this domain' + Fore.RESET)
 				else:
@@ -120,7 +122,7 @@ class Typo3:
 							ext = Extensions(args.ext_state, args.top)
 							self.__extensions = ext.load_extensions()
 						# copy them in domain object
-						if (domain.get_extensions() is None):	
+						if (domain.get_extensions() is None):
 							domain.set_extensions(self.__extensions)
 						# search
 						print ('\n[ Searching', len(self.__extensions), 'extensions ]')