dash/Typo3Scan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added force mode, so test is done although the code was not able to successfully identify typo3

Browse Source
This commit is contained in:
c0decave
2020-11-10 14:34:00 +01:00
parent bf2be9aa51
commit c053a2e5f7
1 changed files with 48 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
typo3scan.py
View File

@@ -18,7 +18,7 @@
# along with this program. If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/) # along with this program. If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
__version__ = '0.6.3' __version__ = '0.6.2'
__program__ = 'Typo3Scan' __program__ = 'Typo3Scan'
__description__ = 'Automatic Typo3 enumeration tool' __description__ = 'Automatic Typo3 enumeration tool'
__author__ = 'https://github.com/whoot' __author__ = 'https://github.com/whoot'
@@ -39,44 +39,10 @@ class Typo3:
self.__path = os.path.dirname(os.path.abspath(__file__)) self.__path = os.path.dirname(os.path.abspath(__file__))
self.__extensions = [] self.__extensions = []
def run(self): def run_magic(self,check,database,conn):
if (args.user_agent):
user_agent = args.user_agent
else:
database = os.path.join(self.__path, 'lib', 'typo3scan.db')
conn = sqlite3.connect(database)
c = conn.cursor()
c.execute('SELECT * FROM UserAgents ORDER BY RANDOM() LIMIT 1;')
user_agent = c.fetchone()[0]
c.close()
config = {'threads': args.threads, 'timeout': args.timeout, 'cookie': args.cookie, 'auth': args.auth, 'User-Agent': user_agent}
json.dump(config, open(os.path.join(self.__path, 'lib', 'config.json'), 'w'))
try:
if args.domain:
for dom in args.domain:
self.__domain_list.append(dom)
elif args.file:
if not os.path.isfile(args.file):
print(Fore.RED + '\n[x] File not found: {}\n | Aborting...'.format(args.file) + Fore.RESET)
sys.exit(-1)
else:
with open(args.file, 'r') as f:
for line in f:
self.__domain_list.append(line.strip())
for domain in self.__domain_list:
print(Fore.CYAN + Style.BRIGHT + '\n\n[ Checking {} ]\n'.format(domain) + '-'* 73 + Fore.RESET + Style.RESET_ALL)
check = Domain(domain)
check.check_root()
default_files = check.check_default_files()
if not default_files:
check_404 = check.check_404()
if not check.is_typo3():
print(Fore.RED + '\n[x] It seems that Typo3 is not used on this domain\n' + Fore.RESET)
else:
# check for typo3 information # check for typo3 information
print('\n [+] Core Information') print('\n[+] Typo3 Installation')
print(' --------------------') print('----------------------')
check.search_login() check.search_login()
check.search_typo3_version() check.search_typo3_version()
@@ -107,6 +73,53 @@ class Typo3:
json_log = {} json_log = {}
json_log[check.get_name()] = {'Backend': check.get_backend(), 'Version': check.get_typo3_version(), 'Vulnerabilities':check.get_typo3_vulns(), 'Extensions': json_ext} json_log[check.get_name()] = {'Backend': check.get_backend(), 'Version': check.get_typo3_version(), 'Vulnerabilities':check.get_typo3_vulns(), 'Extensions': json_ext}
json.dump(json_log, open('typo3scan.json', 'w')) json.dump(json_log, open('typo3scan.json', 'w'))
def run(self):
# use the force!
mightyForce = args.d4rkf0rce
if (args.user_agent):
user_agent = args.user_agent
else:
database = os.path.join(self.__path, 'lib', 'typo3scan.db')
conn = sqlite3.connect(database)
c = conn.cursor()
c.execute('SELECT * FROM UserAgents ORDER BY RANDOM() LIMIT 1;')
user_agent = c.fetchone()[0]
c.close()
config = {'threads': args.threads, 'timeout': args.timeout, 'cookie': args.cookie, 'auth': args.auth, 'User-Agent': user_agent}
json.dump(config, open(os.path.join(self.__path, 'lib', 'config.json'), 'w'))
try:
if args.domain:
for dom in args.domain:
self.__domain_list.append(dom)
elif args.file:
if not os.path.isfile(args.file):
print(Fore.RED + '\n[x] File not found: {}\n | Aborting...'.format(args.file) + Fore.RESET)
sys.exit(-1)
else:
with open(args.file, 'r') as f:
for line in f:
self.__domain_list.append(line.strip())
for domain in self.__domain_list:
print(Fore.CYAN + Style.BRIGHT + '\n\n[ Checking {} ]\n'.format(domain) + '-'* 73 + Fore.RESET + Style.RESET_ALL)
check = Domain(domain)
check.check_root()
default_files = check.check_default_files()
print(default_files)
if not default_files:
check_404 = check.check_404()
if not check.is_typo3():
print(Fore.RED + '\n[x] It seems that Typo3 is not used on this domain\n' + Fore.RESET)
else:
self.run_magic()
if mightyForce==True:
print(Fore.RED + '\n[!] I don\'t care and know what i do mode! Yeahhhhhh! Force!!!\n' + Fore.RESET)
self.run_magic(check,database,conn)
except KeyboardInterrupt: except KeyboardInterrupt:
print('\nReceived keyboard interrupt.\nQuitting...') print('\nReceived keyboard interrupt.\nQuitting...')
exit(-1) exit(-1)
@@ -159,6 +172,7 @@ Options:
--threads THREADS The number of threads to use for enumerating extensions. --threads THREADS The number of threads to use for enumerating extensions.
Default: 5 Default: 5
--force I know what i do mode. Test for typo3 anyways.
--json Output results to json file --json Output results to json file
General: General:
@@ -179,6 +193,7 @@ Options:
parser.add_argument('--cookie', dest='cookie', type=str, default='') parser.add_argument('--cookie', dest='cookie', type=str, default='')
parser.add_argument('--agent', dest='user_agent', type=str, default='') parser.add_argument('--agent', dest='user_agent', type=str, default='')
parser.add_argument('--timeout', dest='timeout', type=int, default=10) parser.add_argument('--timeout', dest='timeout', type=int, default=10)
parser.add_argument('--force', dest='d4rkf0rce', action="store_true", default=False)
parser.add_argument('--json', dest='json', action='store_true') parser.add_argument('--json', dest='json', action='store_true')
help.add_argument( '-h', '--help', action='store_true') help.add_argument( '-h', '--help', action='store_true')
args = parser.parse_args() args = parser.parse_args()