0.6.3

doc/CHANGELOG.md

@@ -1,6 +1,7 @@
 ## Version 0.6.3
 
 * Fixed advisory URLs
+* Fixed rootCheck
 
 ## Version 0.6.2
 

lib/config.json

@@ -1 +1 @@
-{"threads": 5, "timeout": 10, "cookie": "", "auth": "", "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2"}
+{"threads": 5, "timeout": 10, "cookie": "", "auth": "", "User-Agent": "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"}

lib/domain.py

@@ -91,9 +91,8 @@ class Domain:
             If found, it searches for a Typo3 path reference
             in order to determine the Typo3 installation path.
         """
-        response = request.get_request('{}'.format(self.get_name()))
-        self.set_name(response['url'][:-1])
         full_path = self.get_name()
+        response = request.get_request('{}'.format(self.get_name()))
         if re.search('powered by TYPO3', response['html']):
             self.set_typo3()
             path = re.search('="(?:{})/?(\S*?)/?(?:typo3temp|typo3conf)/'.format(self.get_name()), response['html'])
@@ -144,19 +143,19 @@ class Domain:
             and searches for a specific string in the title or the response.
             If the access is forbidden (403), extension search is still possible.
         """
-        print('[+] Backend Login')
+        print(' [+] Backend Login')
         # maybe /typo3_src/typo3/index.php too?
         response = request.get_request('{}/typo3/index.php'.format(self.get_path()))
         searchTitle = re.search('<title>(.*)</title>', response['html'])
         if searchTitle and 'Login' in searchTitle.group(0):
-            print(' \u251c {}'.format(Fore.GREEN + '{}/typo3/index.php'.format(self.get_path()) + Fore.RESET))
+            print('  \u251c {}'.format(Fore.GREEN + '{}/typo3/index.php'.format(self.get_path()) + Fore.RESET))
             self.set_backend('{}/typo3/index.php'.format(self.get_path()))
         elif ('Backend access denied: The IP address of your client' in response['html']) or (response['status_code'] == 403):
-            print(' \u251c {}'.format(Fore.GREEN + '{}/typo3/index.php'.format(self.get_path()) + Fore.RESET))
-            print(' \u251c {}'.format(Fore.YELLOW + 'But access is forbidden (IP Address Restriction)' + Fore.RESET))
+            print('  \u251c {}'.format(Fore.GREEN + '{}/typo3/index.php'.format(self.get_path()) + Fore.RESET))
+            print('  \u251c {}'.format(Fore.YELLOW + 'But access is forbidden (IP Address Restriction)' + Fore.RESET))
             self.set_backend('{}/typo3/index.php'.format(self.get_path()))
         else:
-            print(' \u251c {}'.format(Fore.RED + 'Could not be found' + Fore.RESET))
+            print('  \u251c {}'.format(Fore.RED + 'Could not be found' + Fore.RESET))
 
     def search_typo3_version(self):
         """
@@ -185,19 +184,20 @@ class Domain:
                 }
 
         version = None
+        version_path = None
         for path, regex in files.items():
             response = request.version_information('{}/{}'.format(self.get_path(), path), regex)
             if response and (version is None or (len(response) > len(version))):
                 version = response
                 version_path = path
 
-        print(' |\n[+] Version Information')
+        print('  | \n [+] Version Information')
         if version:
-            print(' \u251c Identified Version: '.ljust(28) + '{}'.format(Style.BRIGHT + Fore.GREEN + version + Style.RESET_ALL))
-            print(' \u251c Version File: '.ljust(28) + '{}{}'.format(self.get_path(), version_path))
+            print('  \u251c Identified Version: '.ljust(28) + '{}'.format(Style.BRIGHT + Fore.GREEN + version + Style.RESET_ALL))
+            print('  \u251c Version File: '.ljust(28) + '{}{}'.format(self.get_path(), version_path))
             if len(version) == 3:
-                print(' \u251c Could not identify exact version.')
-                react = input(' \u251c Do you want to print all vulnerabilities for branch {}? (y/n): '.format(version))
+                print('  \u251c Could not identify exact version.')
+                react = input('  \u251c Do you want to print all vulnerabilities for branch {}? (y/n): '.format(version))
                 if react.startswith('y'):
                     version = version + '.0'
                 else:
@@ -216,14 +216,14 @@ class Domain:
                         json_list[vulnerability[0]] = {'Type': vulnerability[1], 'Subcomponent': vulnerability[2], 'Affected': '{} - {}'.format(vulnerability[3], vulnerability[4]), 'Advisory': 'https://typo3.org/security/advisory/{}'.format(vulnerability[0].lower())}
                 if json_list:
                     self.set_typo3_vulns(json_list)
-                    print(' \u2514 Known Vulnerabilities:\n')
+                    print('  \u2514 Known Vulnerabilities:\n')
                     for vulnerability in json_list.keys():
-                        print(Style.BRIGHT + '    [!] {}'.format(Fore.RED + vulnerability + Style.RESET_ALL))
-                        print('     \u251c Vulnerability Type:'.ljust(28) + json_list[vulnerability]['Type'])
-                        print('     \u251c Subcomponent:'.ljust(28) + json_list[vulnerability]['Subcomponent'])
-                        print('     \u251c Affected Versions:'.ljust(28) + json_list[vulnerability]['Affected'])
-                        print('     \u2514 Advisory URL:'.ljust(28) + json_list[vulnerability]['Advisory'] + '\n')
+                        print(Style.BRIGHT + '     [!] {}'.format(Fore.RED + vulnerability + Style.RESET_ALL))
+                        print('      \u251c Vulnerability Type:'.ljust(28) + json_list[vulnerability]['Type'])
+                        print('      \u251c Subcomponent:'.ljust(28) + json_list[vulnerability]['Subcomponent'])
+                        print('      \u251c Affected Versions:'.ljust(28) + json_list[vulnerability]['Affected'])
+                        print('      \u2514 Advisory URL:'.ljust(28) + json_list[vulnerability]['Advisory'] + '\n')
                 else:
-                    print(' \u2514 No Known Vulnerabilities')
+                    print('  \u2514 No Known Vulnerabilities')
         else:
-            print(' \u2514', Fore.RED + 'No Version Information Found.' + Fore.RESET)
+            print('  \u2514', Fore.RED + 'Could not be determined.' + Fore.RESET)

lib/extensions.py

@@ -35,7 +35,6 @@ class Extensions:
         """
             This method loads the extensions from the database and searches for installed extensions.
                 /typo3conf/ext/:        Local installation path. This is where extensions usually get installed.
-                /typo3/ext/:            Global installation path (not used atm)
                 /typo3/sysext/:         Extensions shipped with core
         """
         found_extensions = {}
@@ -43,7 +42,6 @@ class Extensions:
         for ext in extensions:
             thread_pool.add_job((request.head_request, ('{}/typo3conf/ext/{}/'.format(domain, ext))))
             thread_pool.add_job((request.head_request, ('{}/typo3/sysext/{}/'.format(domain, ext))))
-            #thread_pool.add_job((request.head_request, ('{}/typo3/ext/{}/'.format(domain, ext))))
         thread_pool.start(threads)
 
         for installed_extension in thread_pool.get_result():

typo3scan.py

@@ -75,8 +75,8 @@ class Typo3:
                     print(Fore.RED + '\n[x] It seems that Typo3 is not used on this domain\n' + Fore.RESET)
                 else:
                     # check for typo3 information
-                    print('\n[+] Typo3 Installation')
-                    print('----------------------')
+                    print('\n [+] Core Information')
+                    print(' --------------------')
                     check.search_login()
                     check.search_typo3_version()