Update to 0.4.4

lib/config.json

@@ -1 +1 @@
-{"timeout": 10, "threads": 5, "agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"}
+{"timeout": 10, "agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0", "threads": 5}

lib/output.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 #-------------------------------------------------------------------------------
 # Typo3 Enumerator - Automatic Typo3 Enumeration Tool
-# Copyright (c) 2015 Jan Rude
+# Copyright (c) 2016 Jan Rude
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -33,13 +33,12 @@ class Output:
 			Additionally, if the version search was successful, the version and a link to cvedetails is given.
 		"""
 		print('')
-		if domain.get_login_found():
-			print('[+] Typo3 backend login:'.ljust(30) + Fore.GREEN + domain.get_name() + '/typo3/index.php' + Fore.RESET)
-		else:
-			print('[+] Typo3 backend login:'.ljust(30) + Fore.RED + 'not found' + Fore.RESET)
-		print('[+] Typo3 version:'.ljust(30) + Fore.GREEN + domain.get_typo3_version() + Fore.RESET)
+		print('[+] Typo3 backend login:'.ljust(30) + Fore.GREEN + domain.get_name() + '/typo3/index.php' + Fore.RESET)
 		if (domain.get_typo3_version() != 'could not be determined'):
+			print('[+] Typo3 version:'.ljust(30) + Fore.GREEN + domain.get_typo3_version() + Fore.RESET)
 			print(' | known vulnerabilities:'.ljust(30) + Fore.GREEN + 'http://www.cvedetails.com/version-search.php?vendor=&product=Typo3&version=' + domain.get_typo3_version() + Fore.RESET)
+		else:
+			print('[+] Typo3 version:'.ljust(30) + Fore.RED + domain.get_typo3_version() + Fore.RESET)
 		print('')
 
 	def interesting_headers(name, value):

lib/privoxy_only.py

@@ -1,78 +0,0 @@
-#-------------------------------------------------------------------------------
-# Typo3 Enumerator - Automatic Typo3 Enumeration Tool
-# Copyright (c) 2015 Jan Rude
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
-#-------------------------------------------------------------------------------
-
-import socket
-import os, sys
-import re
-from colorama import Fore
-from lib.request import Request
-try:
-	import socks
-except:
-	print(Fore.RED + 'The module \'SocksiPy\' is not installed.')
-	if sys.platform.startswith('linux'):
-		print('Please install it with: sudo apt-get install python-socksipy' + Fore.RESET)
-	else:
-		print('You can download it from https://code.google.com/p/socksipy-branch/' + Fore.RESET)
-	sys.exit(-2)
-
-class Privoxy:
-	def __init__(self, port=8118):
-		self.__port = port
-		Request.timeout = 20
-
-	def start_daemon(self):
-		if sys.platform.startswith('linux'):
-			os.system('service privoxy start')
-			print('[ ok ] Starting privoxy daemon...done.')
-		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('Please make sure Privoxy is running...')
-		else:
-			print('You are using', sys.platform, ', which is not supported (yet).')
-			sys.exit(-2)
-		
-	# Using Privoxy for all connections
-	def connect(self):
-		print('\nChecking connection...')
-		socks.setdefaultproxy(socks.PROXY_TYPE_HTTP, '127.0.0.1', self.__port, True)
-		socks.socket.setdefaulttimeout(20)
-		socket.socket = socks.socksocket
-		try:
-			request = Request.get_request('https://check.torproject.org/')
-			response = str(request[0])
-		except:
-			print('Failed to connect through Privoxy!')
-			print('Please make sure your configuration is right!\n')
-			sys.exit(-2)
-		try:
-			# TODO: Check on privoxy at http://ha.ckers.org/weird/privoxy.html
-			regex = re.compile("(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
-			searchIP = regex.search(response)
-			IP = searchIP.groups()[0]
-			print('Your IP is: ', IP)
-		except:
-			print('It seems like Privoxy is not used.\nAborting...\n')
-			sys.exit(-2)
-
-	def stop(self):
-		print('\n')
-		if sys.platform.startswith('linux'):
-			os.system('service privoxy stop')
-			print('[ ok ] Stopping privoxy daemon...done.')
-		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('You can stop Privoxy now...')

lib/tor_only.py

@@ -1,83 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-#-------------------------------------------------------------------------------
-# Typo3 Enumerator - Automatic Typo3 Enumeration Tool
-# Copyright (c) 2015 Jan Rude
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
-#-------------------------------------------------------------------------------
-
-import socket
-import os, sys
-import re
-from colorama import Fore
-from lib.request import Request
-
-try:
-	import socks
-except:
-	print(Fore.RED + 'The module \'SocksiPy\' is not installed.')
-	if sys.platform.startswith('linux'):
-		print('Please install it with: sudo apt-get install python-socksipy' + Fore.RESET)
-	else:
-		print('You can download it from https://code.google.com/p/socksipy-branch/' + Fore.RESET)
-	sys.exit(-2)
-
-class Tor:
-	def __init__(self, port=9150):
-		self.__port = port
-		Request.timeout = 20
-
-	def start_daemon(self):
-		if sys.platform.startswith('linux'):
-			os.system('service tor start')
-		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('Please make sure TOR is running...')
-		else:
-			print('You are using', sys.platform, ', which is not supported (yet).')
-			sys.exit(-2)
-		
-	# Using TOR for all connections
-	def connect(self):
-		print('\nChecking connection...')
-		socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, '127.0.0.1', self.__port, True)
-		socks.socket.setdefaulttimeout(20)
-		socket.socket = socks.socksocket
-		try:
-			request = Request.get_request('https://check.torproject.org', '/')
-			response = request[0]
-		except:
-			print('Failed to connect through TOR!')
-			print('Please make sure your configuration is right!\n')
-			sys.exit(-2)
-		try:
-			regex = re.compile('Congratulations. This browser is configured to use Tor.')
-			searchVersion = regex.search(response)
-			version = searchVersion.groups()
-			print('Connection to TOR established')
-			regex = re.compile("(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
-			searchIP = regex.search(response)
-			IP = searchIP.groups()[0]
-			print('Your IP is: ', IP)
-		except Exception as e:
-			print(e)
-			print('It seems like TOR is not used.\nAborting...\n')
-			sys.exit(-2)
-
-	def stop(self):
-		print('\n')
-		if sys.platform.startswith('linux'):
-			os.system('service tor stop')
-		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('You can close TOR now...')

lib/tor_with_privoxy.py

@@ -1,86 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-#-------------------------------------------------------------------------------
-# Typo3 Enumerator - Automatic Typo3 Enumeration Tool
-# Copyright (c) 2015 Jan Rude
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
-#-------------------------------------------------------------------------------
-
-import socket
-import requests
-import os, sys
-import re
-from colorama import Fore
-from lib.request import Request
-try:
-	import socks
-except:
-	print(Fore.RED + 'The module \'SocksiPy\' is not installed.')
-	if sys.platform.startswith('linux'):
-		print('Please install it with: sudo apt-get install python-socksipy' + Fore.RESET)
-	else:
-		print('You can download it from https://code.google.com/p/socksipy-branch/' + Fore.RESET)
-	sys.exit(-2)
-
-class Tor_with_Privoxy:
-	def __init__(self, port=8118):
-		self.__port = port
-		Request.timeout = 20
-
-	def start_daemon(self):
-		if sys.platform.startswith('linux'):
-			os.system('service tor start')
-			os.system('service privoxy start')
-			print('[ ok ] Starting privoxy daemon...done.')
-		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('Please make sure TOR and Privoxy are running...')
-		else:
-			print('You are using', sys.platform, ', which is not supported (yet).')
-			sys.exit(-2)
-		
-	# Using Privoxy and TOR for all connections
-	def connect(self):
-		print('\nChecking connection...')
-		socks.setdefaultproxy(socks.PROXY_TYPE_HTTP, "127.0.0.1", self.__port, True)
-		socks.socket.setdefaulttimeout(20)
-		socket.socket = socks.socksocket
-		try:
-			request = Request.get_request('https://check.torproject.org/')
-			response = str(request[0])
-		except:
-			print('Failed to connect through Privoxy and/or TOR!')
-			print('Please make sure your configuration is right!\n')
-			sys.exit(-2)
-		try:
-			regex = re.compile('Congratulations. This browser is configured to use Tor.')
-			searchVersion = regex.search(response)
-			version = searchVersion.groups()
-			print('Connection to TOR established')
-			regex = re.compile("(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
-			searchIP = regex.search(response)
-			IP = searchIP.groups()[0]
-			print('Your IP is: ', IP)
-		except Exception as e:
-			print('It seems like TOR is not used.\nAborting...\n')
-			sys.exit(-2)
-
-	def stop(self):
-		print('\n')
-		if sys.platform.startswith('linux'):
-			os.system('service tor stop')
-			os.system('service privoxy stop')
-			print('[ ok ] Stopping privoxy daemon...done.')
-		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('You can close TOR and Privoxy now...')

lib/update.py

@@ -48,8 +48,9 @@ class Update:
 		"""
 			Download extensions from server and unpack the ZIP
 		"""
-		try:	
-			urllib.request.urlretrieve('http://ter.sitedesign.dk/ter/extensions.xml.gz', 'extensions.gz', reporthook=self.dlProgress)
+		try:
+			# Maybe someday we need to use mirrors: https://repositories.typo3.org/mirrors.xml.gz
+			urllib.request.urlretrieve('https://typo3.org/fileadmin/ter/extensions.xml.gz', 'extensions.gz', reporthook=self.dlProgress)
 			with gzip.open('extensions.gz', 'rb') as f:
 				file_content = f.read()
 			f.close()

lib/version_information.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 #-------------------------------------------------------------------------------
 # Typo3 Enumerator - Automatic Typo3 Enumeration Tool
-# Copyright (c) 2015 Jan Rude
+# Copyright (c) 2016 Jan Rude
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -29,31 +29,20 @@ class VersionInformation:
 		Less specific version information can be found in the NEWS or INSTALL file. 
 	"""
 	def search_typo3_version(self, domain):
-		changelog = {'/typo3_src/ChangeLog':'[Tt][Yy][Pp][Oo]3 (\d{1,2}\.\d{1,2}\.?[0-9]?[0-9]?)',  
-					'/ChangeLog':'[Tt][Yy][Pp][Oo]3 (\d{1,2}\.\d{1,2}\.?[0-9]?[0-9]?)'
-					}
-
-		news = {'/typo3_src/NEWS.txt':'http://wiki.typo3.org/TYPO3_(\d{1,2}\.\d{1,2})', 
+		files = {'/typo3_src/ChangeLog':'[Tt][Yy][Pp][Oo]3 (\d{1,2}\.\d{1,2}\.?[0-9]?[0-9]?)',  
+				'/ChangeLog':'[Tt][Yy][Pp][Oo]3 (\d{1,2}\.\d{1,2}\.?[0-9]?[0-9]?)',
+				'/typo3_src/NEWS.txt':'http://wiki.typo3.org/TYPO3_(\d{1,2}\.\d{1,2})', 
 				'/typo3_src/NEWS.md':'[Tt][Yy][Pp][Oo]3 [Cc][Mm][Ss] (\d{1,2}\.\d{1,2}) - WHAT\'S NEW', 
 				'/NEWS.txt':'http://wiki.typo3.org/TYPO3_(\d{1,2}\.\d{1,2})', 
 				'/NEWS.md':'[Tt][Yy][Pp][Oo]3 [Cc][Mm][Ss] (\d{1,2}\.\d{1,2}) - WHAT\'S NEW',
-				'/INSTALL.md':'[Tt][Yy][Pp][Oo]3 [Cc][Mm][Ss] (\d{1,2}\.\d{1,2}) [Ll][Tt][Ss]'
+				'/INSTALL.md':'[Tt][Yy][Pp][Oo]3 [Cc][Mm][Ss] (\d{1,2}(.\d{1,2})?)'
 				}
 
 		version = 'could not be determined'
-		for path, regex in changelog.items():
+		for path, regex in files.items():
 			response = Request.version_information(domain.get_name(), path, regex)
-			if not (response is None):
-				version = response
-				domain.set_typo3_version(version)
+			if not (response is None) and (len(response) > len(domain.get_typo3_version())):
+				domain.set_typo3_version(response)
 				return True
 
-		if version == 'could not be determined':
-			for path, regex in news.items():
-				response = Request.version_information(domain.get_name(), path, regex)
-				if not (response is None):
-					if len(response) > len(domain.get_typo3_version()):
-						domain.set_typo3_version(version)
-						return True
-
 		domain.set_typo3_version(version)