exploit-fix/tools/xcms.py at master · pythonone/exploit-fix · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
import re

from exp10it import figlet2file

from exploit import LOG_FOLDER_PATH
from exploit import ModulePath
from exploit import cms_identify

def single_cms_scan(target):
    # 对target根据target的cms类型进行cms识别及相应第三方工具扫描,target可以是主要目标或者是旁站或是子站
    # target要求为http+domain格式
    figlet2file("cms scaning...", 0, True)
    print(target)
    import os
    cms_value = cms_identify(target)
    if cms_value == "unknown":
        return ""

    # 下面相当于cms_scan过程
    if False == os.path.exists(LOG_FOLDER_PATH):
        os.system("mkdir %s" % LOG_FOLDER_PATH)
    if False == os.path.exists(LOG_FOLDER_PATH + "/cms_scan_log"):
        os.system("cd %s && mkdir cms_scan_log" % LOG_FOLDER_PATH)

    if False == os.path.exists(ModulePath + "cms_scan"):
        os.system("mkdir %s" % ModulePath + "cms_scan")

    if cms_value == 'discuz':
        if False == os.path.exists(ModulePath + "log/cms_scan_log/dzscan"):
            os.system("cd %slog/cms_scan_log && mkdir dzscan" % ModulePath)
        cms_scaner_list = os.listdir(ModulePath + "cms_scan")
        if "dzscan" not in cms_scaner_list:
            os.system(
                "cd %scms_scan && git clone https://github.com/code-scan/dzscan.git" % ModulePath)
        log_file = target.split("/")[-1].replace(".","_") + ".log"

        if os.path.exists(ModulePath + "log/cms_scan_log/dzscan/" + log_file):
            pass
        else:
            os.system(
                "cd %scms_scan/dzscan && python dzscan.py --update && python dzscan.py -u %s --log" %
                (ModulePath, target))

        os.system("mv %scms_scan/dzscan/%s %slog/cms_scan_log/dzscan/" %
                  (ModulePath, log_file, ModulePath))

        cms_scan_result=""
        if os.path.exists(ModulePath+"log/cms_scan_log/dzscan/"+log_file)==True:
            with open(ModulePath + "log/cms_scan_log/dzscan/" + log_file, "r+") as f:
                cms_scan_result=f.read()

    if cms_value == 'joomla':
        if False == os.path.exists(ModulePath + "log/cms_scan_log/joomscan"):
            os.system("cd %slog/cms_scan_log && mkdir joomscan" % ModulePath)
        cms_scaner_list=os.listdir(ModulePath + "cms_scan")
        if "joomscan" not in cms_scaner_list:
            os.system("cd %scms_scan && wget \
http://jaist.dl.sourceforge.net/project/joomscan/joomscan/2012-03-10/joomscan-latest.zip \
&& unzip joomscan-latest.zip -d joomscan && rm joomscan-latest.zip" % ModulePath)
        result=get_string_from_command(
            "perl %scms_scan/joomscan/joomscan.pl" % ModulePath)
        if re.search(
            r'you may need to install the Switch module',
                result):
            os.system(
                "sudo apt-get install libswitch-perl && perl -MCPAN -e 'install WWW::Mechanize'")
        log_file="report/%s-joexploit.txt" % target.split("/")[-1]
        if os.path.exists(ModulePath + "log/cms_scan_log/joomscan/" + log_file):
            pass
        else:
            os.system(
                "cd %scms_scan/joomscan && perl joomscan.pl update && perl joomscan.pl -u %s -ot" % (ModulePath, target))

        os.system(
            "mv %scms_scan/joomscan/%s log/cms_scan_log/joomscan/ " % (ModulePath, log_file))
        with open(ModulePath + "log/cms_scan_log/joomscan/" + log_file[7:], "r+") as f:
            cms_scan_result=f.read()

    if cms_value == 'wordpress':
        if False == os.path.exists(ModulePath + "log/cms_scan_log/wpscan"):
            os.system("cd %slog/cms_scan_log && mkdir wpscan" % ModulePath)
        cms_scaner_list=os.listdir(ModulePath + "cms_scan")
        if "wpscan" not in cms_scaner_list:
            os.system(
                "cd %scms_scan && git clone https://github.com/wpscanteam/wpscan.git && cd wpscan && echo y | unzip data.zip" % ModulePath)
        result=get_string_from_command(
            "ruby %scms_scan/wpscan/wpscan.rb" % ModulePath)
        if re.search(r'ERROR', result):
            os.system("sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev \
ruby-dev build-essential libgmp-dev zlib1g-dev")
            os.system("gem install bundler && bundle install")
        log_file="%s.txt" % target.split("/")[-1]
        if os.path.exists(ModulePath + "log/cms_scan_log/wpscan/" + log_file):
            pass
        else:
            os.system(
                "cd %scms_scan/wpscan && ruby wpscan.rb --update && ruby wpscan.rb %s | tee %s" %
                (ModulePath, target, log_file))
            os.system(
                "mv %scms_scan/wpscan/%s %slog/cms_scan_log/wpscan/" % (ModulePath, log_file, ModulePath))
        with open(ModulePath + "log/cms_scan_log/wpscan/" + log_file, "r+") as f:
            cms_scan_result=f.read()

    print(cms_scan_result)
    return cms_scan_result

if __name__=="__main__":
    import sys
    target=sys.argv[1]
    single_cms_scan(target)