dash/Typo3Scan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

0.6.3

Browse Source
This commit is contained in:
whoot
2020-09-21 10:45:05 -04:00
parent 1da64224ee
commit 9856c2f35b
6 changed files with 25 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
doc/CHANGELOG.md
View File

@@ -1,6 +1,7 @@
## Version 0.6.3
* Fixed advisory URLs
* Fixed rootCheck
## Version 0.6.2

2
lib/config.json
View File

@@ -1 +1 @@
{"threads": 5, "timeout": 10, "cookie": "", "auth": "", "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2"}
{"threads": 5, "timeout": 10, "cookie": "", "auth": "", "User-Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"}

10
lib/domain.py
View File

@@ -91,9 +91,8 @@ class Domain:
If found, it searches for a Typo3 path reference
in order to determine the Typo3 installation path.
"""
response = request.get_request('{}'.format(self.get_name()))
self.set_name(response['url'][:-1])
full_path = self.get_name()
response = request.get_request('{}'.format(self.get_name()))
if re.search('powered by TYPO3', response['html']):
self.set_typo3()
path = re.search('="(?:{})/?(\S*?)/?(?:typo3temp|typo3conf)/'.format(self.get_name()), response['html'])
@@ -144,7 +143,7 @@ class Domain:
and searches for a specific string in the title or the response.
If the access is forbidden (403), extension search is still possible.
"""
print('[+] Backend Login')
print(' [+] Backend Login')
# maybe /typo3_src/typo3/index.php too?
response = request.get_request('{}/typo3/index.php'.format(self.get_path()))
searchTitle = re.search('<title>(.*)</title>', response['html'])
@@ -185,13 +184,14 @@ class Domain:
}
version = None
version_path = None
for path, regex in files.items():
response = request.version_information('{}/{}'.format(self.get_path(), path), regex)
if response and (version is None or (len(response) > len(version))):
version = response
version_path = path
print(' |\n[+] Version Information')
print(' | \n [+] Version Information')
if version:
print(' \u251c Identified Version: '.ljust(28) + '{}'.format(Style.BRIGHT + Fore.GREEN + version + Style.RESET_ALL))
print(' \u251c Version File: '.ljust(28) + '{}{}'.format(self.get_path(), version_path))
@@ -226,4 +226,4 @@ class Domain:
else:
print(' \u2514 No Known Vulnerabilities')
else:
print(' \u2514', Fore.RED + 'No Version Information Found.' + Fore.RESET)
print(' \u2514', Fore.RED + 'Could not be determined.' + Fore.RESET)

2
lib/extensions.py
View File

@@ -35,7 +35,6 @@ class Extensions:
"""
This method loads the extensions from the database and searches for installed extensions.
/typo3conf/ext/: Local installation path. This is where extensions usually get installed.
/typo3/ext/: Global installation path (not used atm)
/typo3/sysext/: Extensions shipped with core
"""
found_extensions = {}
@@ -43,7 +42,6 @@ class Extensions:
for ext in extensions:
thread_pool.add_job((request.head_request, ('{}/typo3conf/ext/{}/'.format(domain, ext))))
thread_pool.add_job((request.head_request, ('{}/typo3/sysext/{}/'.format(domain, ext))))
#thread_pool.add_job((request.head_request, ('{}/typo3/ext/{}/'.format(domain, ext))))
thread_pool.start(threads)
for installed_extension in thread_pool.get_result():

BIN
lib/typo3scan.db
View File

Binary file not shown.

4
typo3scan.py
View File

@@ -75,8 +75,8 @@ class Typo3:
print(Fore.RED + '\n[x] It seems that Typo3 is not used on this domain\n' + Fore.RESET)
else:
# check for typo3 information
print('\n[+] Typo3 Installation')
print('----------------------')
print('\n [+] Core Information')
print(' --------------------')
check.search_login()
check.search_typo3_version()