Update to 0.4.4

README.md

@@ -32,7 +32,7 @@ On Redhat you can install all needed packages with easy_install:
 	easy_install requests
 	easy_install colorama
 
-If you want to use Typo-Enumerator with TOR, you need the [SocksiPy](https://code.google.com/p/socksipy-branch/) module.
+If you want to use Typo-Enumerator with TOR, you need the [SocksiPy](https://sourceforge.net/projects/socksipy/) module.
 
 Usage
 ----
@@ -72,7 +72,7 @@ Links
 
 Typo3 Enumerator - Automatic Typo3 Enumeration Tool
 
-Copyright (c) 2015 Jan Rude
+Copyright (c) 2016 Jan Rude
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

doc/CHANGELOG.md

@@ -1,3 +1,9 @@
+## Version 0.4.4
+
+* Added support for Typo3 version 8
+* Clean-up
+* Updated extension download URL
+
 ## Version 0.4.3
 
 * Added --threads
@@ -31,7 +37,6 @@
 ## Version 0.3.3
 
 * Extensions are now saved into different files, separated by state (experimental | alpha | beta | stable | outdated | all). This makes it possible to check more specific ones.
-* Installed extensions are shown immediately
 
 ## Version 0.3.2
 

extensions/experimental_extensions

@@ -98,34 +98,34 @@ eventmanagement
 bb_easyforms
 abcconfig
 ms_fluid
-smu_chc_ext
 ajax_report
+smu_chc_ext
 ch_flash_carrousel
 tcaobjects_demo
-wsefs
 jr_webmail
+wsefs
 rhu_csvimport
 pb_rsslaufschrift
 ch_bramacroofsimulator
 european
 p2_langfix_42
-clanbase
 ter_tests
+clanbase
 meta_openoffice
 st_validation_lpl
 rhu_events
 t3info
 ch_bramacproducts
 sort_table
-bonus
 alumnos
 maja_condrequired
+bonus
 organizacionacademica
-lz_lp_dm_log_fe
-hh_multipageform_example
 dsxsyndication
-zitatdt
+hh_multipageform_example
+lz_lp_dm_log_fe
 ba_company
+zitatdt
 svq_ebay
 rm_staticfile
 automator
@@ -147,32 +147,32 @@ belink_syslang
 buildtools
 rg_empresas
 tc_fbconnect
-rf_library
 treppenpfosten_katalog
+rf_library
 ffunews
 dre_besearch
 elnews
-xdbmysql
-moox_news_twitter
-ter_upload_test
-air_table
-ctefan_test
-lo_backendhelper
-moox_template_free017
-downloads
-start
-jh_pwcomments_plugin
-tgm_kickstart
-visitorlist
-reint_mailtask_example
-moox_news_geoinfo
-tagger
+mr_base_config
+ft3_empty
 dbal_utility
-ckeditor
-boards
+tagger
+ctefan_test
+ter_upload_test
 femanagerextended
 simplemvc_helloworld
-og_base
-ft3_empty
-jh_extstatus
+jh_pwcomments_plugin
+boards
+ckeditor
 ecs_steam
+contentfce
+lo_backendhelper
+moox_news_twitter
+xdbmysql
+og_base
+visitorlist
+tgm_kickstart
+jh_extstatus
+moox_news_geoinfo
+air_table
+downloads
+reint_mailtask_example

extensions/outdated_extensions

@@ -118,14 +118,14 @@ sg_fenewsedit
 csh_sk
 cobwebphpadsnew
 dynbeedit
-glossarysearch
 csh_gr
+glossarysearch
 csh_hk
 csh_br
 dubletfinder
 prototypejs
-hsapp_longerfeusername
 wa_contentrenderinghook
+hsapp_longerfeusername
 de_contentorganizer
 danp_skinsupport
 alt_forms_field_title
@@ -145,8 +145,8 @@ csh_pt
 gt_typo3_localization
 csh_hr
 csh_ro
-csh_fi
 tmpl_ice_3columns
+csh_fi
 csh_no
 mhnotifychanger
 doc_ephp_install_fr
@@ -181,8 +181,8 @@ sp_betterflex
 localphpinclude
 tm_classes
 danp_userlisttemplate
-tebay
 cobweb_protector
+tebay
 rtehtmlarea_definitionlist
 yag_theme_perfectlightbox
 eco_content
@@ -209,6 +209,7 @@ egovapi
 ts45min_de
 t3blogjquery
 cl_jquery
+googlequery
 extensionlist
 fe_db_browser
 mm_forum_comments
@@ -235,8 +236,8 @@ mpr
 displaycontroller_advanced
 smile_form_archive
 tagpackprovider
-dfluess
 doc_core_tca
+dfluess
 redirection
 jhe_adventcalender
 sav_library_example5
@@ -249,8 +250,8 @@ datadisplay
 form4_doktypes
 st_readmore
 mak_randlistnum
-static_info_tables_ga
 extended_sys_note
+static_info_tables_ga
 delete_staticfile_by_3party
 advancedform
 ods_workspace_mail
@@ -262,8 +263,8 @@ doc_tut_editors
 sav_library_mvc_example0
 st_metatags
 doc_core_skinning
-doc_guide_security
 ics_templavoila_mirgation_tool
+doc_guide_security
 ttnewscacheexpire
 form4_contentpagination
 realurl_autoconf_autodelete
@@ -282,19 +283,29 @@ dialogcentral
 dscentral
 jb_metaexec_doc
 maag_cenoshop
-browser_manual_ootb_en
-form4_pages_counter
-mm_forum_blog
-form4_faq
-uploadtest
-form4_filecache
-browser_tut_map_en
-coo_facebook
-view
-barscheduler
-attachmentdelete
-wt_spamshield_formhandler
-filedeletion
-external_link_parameter
 coreupdate
+dyncss_phpsass
+dyncss_turbine
+external_link_parameter
+wt_spamshield_formhandler
+attachmentdelete
+filedeletion
+form4_tags
+moox_flexisel
+lvrandfiles
+mm_forum_blog
+moox_feusers
+form4_pages_counter
+form4_pages
 fluidcontent_fed
+browser_manual_ootb_en
+form4_faq
+browser_tut_map_en
+layersliderlight
+moox_slider
+coo_facebook
+barscheduler
+form4_filecache
+form4_teaser
+view
+uploadtest

lib/config.json

@@ -1 +1 @@
-{"timeout": 10, "threads": 5, "agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"}
+{"timeout": 10, "agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0", "threads": 5}

lib/output.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 #-------------------------------------------------------------------------------
 # Typo3 Enumerator - Automatic Typo3 Enumeration Tool
-# Copyright (c) 2015 Jan Rude
+# Copyright (c) 2016 Jan Rude
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -33,13 +33,12 @@ class Output:
 			Additionally, if the version search was successful, the version and a link to cvedetails is given.
 		"""
 		print('')
-		if domain.get_login_found():
-			print('[+] Typo3 backend login:'.ljust(30) + Fore.GREEN + domain.get_name() + '/typo3/index.php' + Fore.RESET)
-		else:
-			print('[+] Typo3 backend login:'.ljust(30) + Fore.RED + 'not found' + Fore.RESET)
-		print('[+] Typo3 version:'.ljust(30) + Fore.GREEN + domain.get_typo3_version() + Fore.RESET)
+		print('[+] Typo3 backend login:'.ljust(30) + Fore.GREEN + domain.get_name() + '/typo3/index.php' + Fore.RESET)
 		if (domain.get_typo3_version() != 'could not be determined'):
+			print('[+] Typo3 version:'.ljust(30) + Fore.GREEN + domain.get_typo3_version() + Fore.RESET)
 			print(' | known vulnerabilities:'.ljust(30) + Fore.GREEN + 'http://www.cvedetails.com/version-search.php?vendor=&product=Typo3&version=' + domain.get_typo3_version() + Fore.RESET)
+		else:
+			print('[+] Typo3 version:'.ljust(30) + Fore.RED + domain.get_typo3_version() + Fore.RESET)
 		print('')
 
 	def interesting_headers(name, value):

lib/privoxy_only.py

@@ -1,78 +0,0 @@
-#-------------------------------------------------------------------------------
-# Typo3 Enumerator - Automatic Typo3 Enumeration Tool
-# Copyright (c) 2015 Jan Rude
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
-#-------------------------------------------------------------------------------
-
-import socket
-import os, sys
-import re
-from colorama import Fore
-from lib.request import Request
-try:
-	import socks
-except:
-	print(Fore.RED + 'The module \'SocksiPy\' is not installed.')
-	if sys.platform.startswith('linux'):
-		print('Please install it with: sudo apt-get install python-socksipy' + Fore.RESET)
-	else:
-		print('You can download it from https://code.google.com/p/socksipy-branch/' + Fore.RESET)
-	sys.exit(-2)
-
-class Privoxy:
-	def __init__(self, port=8118):
-		self.__port = port
-		Request.timeout = 20
-
-	def start_daemon(self):
-		if sys.platform.startswith('linux'):
-			os.system('service privoxy start')
-			print('[ ok ] Starting privoxy daemon...done.')
-		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('Please make sure Privoxy is running...')
-		else:
-			print('You are using', sys.platform, ', which is not supported (yet).')
-			sys.exit(-2)
-		
-	# Using Privoxy for all connections
-	def connect(self):
-		print('\nChecking connection...')
-		socks.setdefaultproxy(socks.PROXY_TYPE_HTTP, '127.0.0.1', self.__port, True)
-		socks.socket.setdefaulttimeout(20)
-		socket.socket = socks.socksocket
-		try:
-			request = Request.get_request('https://check.torproject.org/')
-			response = str(request[0])
-		except:
-			print('Failed to connect through Privoxy!')
-			print('Please make sure your configuration is right!\n')
-			sys.exit(-2)
-		try:
-			# TODO: Check on privoxy at http://ha.ckers.org/weird/privoxy.html
-			regex = re.compile("(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
-			searchIP = regex.search(response)
-			IP = searchIP.groups()[0]
-			print('Your IP is: ', IP)
-		except:
-			print('It seems like Privoxy is not used.\nAborting...\n')
-			sys.exit(-2)
-
-	def stop(self):
-		print('\n')
-		if sys.platform.startswith('linux'):
-			os.system('service privoxy stop')
-			print('[ ok ] Stopping privoxy daemon...done.')
-		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('You can stop Privoxy now...')

lib/tor_only.py

@@ -1,83 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-#-------------------------------------------------------------------------------
-# Typo3 Enumerator - Automatic Typo3 Enumeration Tool
-# Copyright (c) 2015 Jan Rude
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
-#-------------------------------------------------------------------------------
-
-import socket
-import os, sys
-import re
-from colorama import Fore
-from lib.request import Request
-
-try:
-	import socks
-except:
-	print(Fore.RED + 'The module \'SocksiPy\' is not installed.')
-	if sys.platform.startswith('linux'):
-		print('Please install it with: sudo apt-get install python-socksipy' + Fore.RESET)
-	else:
-		print('You can download it from https://code.google.com/p/socksipy-branch/' + Fore.RESET)
-	sys.exit(-2)
-
-class Tor:
-	def __init__(self, port=9150):
-		self.__port = port
-		Request.timeout = 20
-
-	def start_daemon(self):
-		if sys.platform.startswith('linux'):
-			os.system('service tor start')
-		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('Please make sure TOR is running...')
-		else:
-			print('You are using', sys.platform, ', which is not supported (yet).')
-			sys.exit(-2)
-		
-	# Using TOR for all connections
-	def connect(self):
-		print('\nChecking connection...')
-		socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, '127.0.0.1', self.__port, True)
-		socks.socket.setdefaulttimeout(20)
-		socket.socket = socks.socksocket
-		try:
-			request = Request.get_request('https://check.torproject.org', '/')
-			response = request[0]
-		except:
-			print('Failed to connect through TOR!')
-			print('Please make sure your configuration is right!\n')
-			sys.exit(-2)
-		try:
-			regex = re.compile('Congratulations. This browser is configured to use Tor.')
-			searchVersion = regex.search(response)
-			version = searchVersion.groups()
-			print('Connection to TOR established')
-			regex = re.compile("(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
-			searchIP = regex.search(response)
-			IP = searchIP.groups()[0]
-			print('Your IP is: ', IP)
-		except Exception as e:
-			print(e)
-			print('It seems like TOR is not used.\nAborting...\n')
-			sys.exit(-2)
-
-	def stop(self):
-		print('\n')
-		if sys.platform.startswith('linux'):
-			os.system('service tor stop')
-		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('You can close TOR now...')

lib/tor_with_privoxy.py

@@ -1,86 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-#-------------------------------------------------------------------------------
-# Typo3 Enumerator - Automatic Typo3 Enumeration Tool
-# Copyright (c) 2015 Jan Rude
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
-#-------------------------------------------------------------------------------
-
-import socket
-import requests
-import os, sys
-import re
-from colorama import Fore
-from lib.request import Request
-try:
-	import socks
-except:
-	print(Fore.RED + 'The module \'SocksiPy\' is not installed.')
-	if sys.platform.startswith('linux'):
-		print('Please install it with: sudo apt-get install python-socksipy' + Fore.RESET)
-	else:
-		print('You can download it from https://code.google.com/p/socksipy-branch/' + Fore.RESET)
-	sys.exit(-2)
-
-class Tor_with_Privoxy:
-	def __init__(self, port=8118):
-		self.__port = port
-		Request.timeout = 20
-
-	def start_daemon(self):
-		if sys.platform.startswith('linux'):
-			os.system('service tor start')
-			os.system('service privoxy start')
-			print('[ ok ] Starting privoxy daemon...done.')
-		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('Please make sure TOR and Privoxy are running...')
-		else:
-			print('You are using', sys.platform, ', which is not supported (yet).')
-			sys.exit(-2)
-		
-	# Using Privoxy and TOR for all connections
-	def connect(self):
-		print('\nChecking connection...')
-		socks.setdefaultproxy(socks.PROXY_TYPE_HTTP, "127.0.0.1", self.__port, True)
-		socks.socket.setdefaulttimeout(20)
-		socket.socket = socks.socksocket
-		try:
-			request = Request.get_request('https://check.torproject.org/')
-			response = str(request[0])
-		except:
-			print('Failed to connect through Privoxy and/or TOR!')
-			print('Please make sure your configuration is right!\n')
-			sys.exit(-2)
-		try:
-			regex = re.compile('Congratulations. This browser is configured to use Tor.')
-			searchVersion = regex.search(response)
-			version = searchVersion.groups()
-			print('Connection to TOR established')
-			regex = re.compile("(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})")
-			searchIP = regex.search(response)
-			IP = searchIP.groups()[0]
-			print('Your IP is: ', IP)
-		except Exception as e:
-			print('It seems like TOR is not used.\nAborting...\n')
-			sys.exit(-2)
-
-	def stop(self):
-		print('\n')
-		if sys.platform.startswith('linux'):
-			os.system('service tor stop')
-			os.system('service privoxy stop')
-			print('[ ok ] Stopping privoxy daemon...done.')
-		elif sys.platform.startswith('win32') or sys.platform.startswith('cygwin'):
-			print('You can close TOR and Privoxy now...')

lib/update.py

@@ -49,7 +49,8 @@ class Update:
 			Download extensions from server and unpack the ZIP
 		"""
 		try:
-			urllib.request.urlretrieve('http://ter.sitedesign.dk/ter/extensions.xml.gz', 'extensions.gz', reporthook=self.dlProgress)
+			# Maybe someday we need to use mirrors: https://repositories.typo3.org/mirrors.xml.gz
+			urllib.request.urlretrieve('https://typo3.org/fileadmin/ter/extensions.xml.gz', 'extensions.gz', reporthook=self.dlProgress)
 			with gzip.open('extensions.gz', 'rb') as f:
 				file_content = f.read()
 			f.close()

lib/version_information.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 #-------------------------------------------------------------------------------
 # Typo3 Enumerator - Automatic Typo3 Enumeration Tool
-# Copyright (c) 2015 Jan Rude
+# Copyright (c) 2016 Jan Rude
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -29,31 +29,20 @@ class VersionInformation:
 		Less specific version information can be found in the NEWS or INSTALL file. 
 	"""
 	def search_typo3_version(self, domain):
-		changelog = {'/typo3_src/ChangeLog':'[Tt][Yy][Pp][Oo]3 (\d{1,2}\.\d{1,2}\.?[0-9]?[0-9]?)',  
-					'/ChangeLog':'[Tt][Yy][Pp][Oo]3 (\d{1,2}\.\d{1,2}\.?[0-9]?[0-9]?)'
-					}
-
-		news = {'/typo3_src/NEWS.txt':'http://wiki.typo3.org/TYPO3_(\d{1,2}\.\d{1,2})', 
+		files = {'/typo3_src/ChangeLog':'[Tt][Yy][Pp][Oo]3 (\d{1,2}\.\d{1,2}\.?[0-9]?[0-9]?)',  
+				'/ChangeLog':'[Tt][Yy][Pp][Oo]3 (\d{1,2}\.\d{1,2}\.?[0-9]?[0-9]?)',
+				'/typo3_src/NEWS.txt':'http://wiki.typo3.org/TYPO3_(\d{1,2}\.\d{1,2})', 
 				'/typo3_src/NEWS.md':'[Tt][Yy][Pp][Oo]3 [Cc][Mm][Ss] (\d{1,2}\.\d{1,2}) - WHAT\'S NEW', 
 				'/NEWS.txt':'http://wiki.typo3.org/TYPO3_(\d{1,2}\.\d{1,2})', 
 				'/NEWS.md':'[Tt][Yy][Pp][Oo]3 [Cc][Mm][Ss] (\d{1,2}\.\d{1,2}) - WHAT\'S NEW',
-				'/INSTALL.md':'[Tt][Yy][Pp][Oo]3 [Cc][Mm][Ss] (\d{1,2}\.\d{1,2}) [Ll][Tt][Ss]'
+				'/INSTALL.md':'[Tt][Yy][Pp][Oo]3 [Cc][Mm][Ss] (\d{1,2}(.\d{1,2})?)'
 				}
 
 		version = 'could not be determined'
-		for path, regex in changelog.items():
+		for path, regex in files.items():
 			response = Request.version_information(domain.get_name(), path, regex)
-			if not (response is None):
-				version = response
-				domain.set_typo3_version(version)
+			if not (response is None) and (len(response) > len(domain.get_typo3_version())):
+				domain.set_typo3_version(response)
 				return True
 
-		if version == 'could not be determined':
-			for path, regex in news.items():
-				response = Request.version_information(domain.get_name(), path, regex)
-				if not (response is None):
-					if len(response) > len(domain.get_typo3_version()):
-						domain.set_typo3_version(version)
-						return True
-
 		domain.set_typo3_version(version)

typo3_enumerator.py

@@ -18,7 +18,7 @@
 # along with this program.  If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
 #-------------------------------------------------------------------------------
 
-__version__ = '0.4.3'
+__version__ = '0.4.4'
 __program__ = 'Typo-Enumerator'
 __description__ = 'Automatic Typo3 enumeration tool'
 __author__ = 'https://github.com/whoot'