updates

gotr00t0day · Jan 6, 2023 · 8909343 · 8909343
1 parent 7375d72
commit 8909343
Show file tree

Hide file tree

Showing 7 changed files with 60 additions and 25 deletions.
diff --git a/gsec.py b/gsec.py
@@ -2,7 +2,7 @@
 from modules import fetch_requests, scan, urltoip
 from utils import portscanner, loginscanner, techscanner, cmsscanner, passive_recon, crawler
 from plugins import phpcheck, optionscheck, shellshock, robots, favicon, auth_tokens
-from vuln_db import hostheader_injection, nuclei_vulns, corsmisconfig, crossdomain, head_vuln, cache_poisoning, path_traversal
+from vuln_db import hostheader_injection, nuclei_vulns, corsmisconfig, crossdomain, head_vuln, cache_poisoning, path_traversal, webservers_vulns
 import argparse
 import os
 import asyncio
@@ -105,15 +105,14 @@ async def main():
             robots.robots_scan(args.target)
             auth_tokens.auth_tokens(args.target)
             favicon.favicon_hash(args.target)
-            nuclei_vulns.nuclei_nginx_scan(args.target)
             nuclei_vulns.nuclei_cve_scan(args.target)
-            nuclei_vulns.nuclei_fuzzing_scan(args.target)
             shellshock.shellshock_scan(args.target)
             corsmisconfig.cors_scan(args.target)
             crossdomain.crossdomain_misconfig(args.target)
             hostheader_injection.host_header_injection(args.target)
             head_vuln.head_auth_bypass(args.target)
             cache_poisoning.cache_dos_scan(args.target)
+            webservers_vulns.Servers_scan(args.target)
             path_traversal.path_traversal_scan(args.target)
             crawler.scan(args.target)
             await loginscanner.main(args.target)

diff --git a/modules/fetch_requests.py b/modules/fetch_requests.py
@@ -31,7 +31,6 @@ def do_requests(url: str) -> str:
                 if "Location" in key or "location" in key:
                     location.append(desc)
             print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} {url} {Fore.RED} seems to be redirecting to {Fore.CYAN}{res.url}")
-            pass
         else:
             print(f"{url} {res.status_code}")
     except requests.exceptions.InvalidSchema:

diff --git a/plugins/phpcheck.py b/plugins/phpcheck.py
@@ -39,6 +39,8 @@ def php_ident(url: str) -> str:
         php_info = sessions.get(f"{url}/phpinfo.php", verify=False, headers=header)
         if php_info.status_code == 200 and "404" not in php_info.text and "PHP Version" in php_info.text:
             print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} Found: {Fore.GREEN} {url}/phpinfo.php")
+        elif php_info.status_code == 200:
+            print(f"{Fore.MAGENTA}[+] {Fore.CYAN}-{Fore.WHITE} Found: {Fore.GREEN} {url}/phpinfo.php")
     else:
         pass
 
diff --git a/utils/cmsscanner.py b/utils/cmsscanner.py
@@ -102,6 +102,7 @@ def Umbraco(url: str) -> str:
         umbraco.append("Umbraco")
     if umbraco:
         CMS.append("Umbraco")
+        vuln_scan.umbraco_vuln_scan(url)
 
 def Jira(url: str) -> str:
     jira = []
@@ -155,6 +156,7 @@ def Magento(url: str) -> str:
         magento.append("Magento")
     if magento or magentodownloader or magentoinstall:
         CMS.append("Magento")
+        vuln_scan.magento_vuln_scan(url)
 
 def PhpBB(url: str) -> str:
     cookies = []
@@ -172,6 +174,7 @@ def PhpBB(url: str) -> str:
         tech.append("phpBB")
     if cookies or source or tech:
         CMS.append("phpBB")
+        vuln_scan.phpbb_vuln_scan(url)
 
 
 def main(url: str) -> str:

diff --git a/vuln_db/cms_vulns.py b/vuln_db/cms_vulns.py
@@ -3,18 +3,25 @@
 
 
 def apache_vuln_scan(url: str):
-    sub_output.subpro_scan(f"nuclei -t ~/nuclei-templates/vulnerabilities/apache/ -u {url} -silent")
+    sub_output.subpro_scan(f"nuclei -u {url} -tags apache -silent")
 
 def joomla_vuln_scan(url: str):
-    sub_output.subpro_scan(f"nuclei -t ~/nuclei-templates/vulnerabilities/joomla/ -u {url} -silent")
+    sub_output.subpro_scan(f"nuclei -u {url} -tags joomla -silent")
 
 def drupal_vuln_scan(url: str):
-    sub_output.subpro_scan(f"nuclei -t ~/nuclei-templates/vulnerabilities/drupal/ -u {url} -silent")
-    sub_output.subpro_scan(f"nuclei -t ~/nuclei-templates/misconfiguration/drupal/ -u {url} -silent")
+    sub_output.subpro_scan(f"nuclei -u {url} -tags drupal -silent")
 
 def jira_vuln_scan(url: str):
-    sub_output.subpro_scan(f"nuclei -t ~/nuclei-templates/vulnerabilities/jira/ -u {url} -silent")
+    sub_output.subpro_scan(f"nuclei -u {url} -tags jira -silent")
 
 def wordpress_vuln_scan(url: str):
-    sub_output.subpro_scan(f"nuclei -t ~/nuclei-templates/vulnerabilities/wordpress/ -u {url} -silent")
-    sub_output.subpro_scan(f"nuclei -t ~/nuclei-templates/fuzzing/wordpress-weak-credentials.yaml -u {url} -silent")
+    sub_output.subpro_scan(f"nuclei -u {url} -tags wordpress -silent")
+
+def umbraco_vuln_scan(url: str):
+    sub_output.subpro_scan(f"nuclei -u {url} -tags umbraco -silent")
+
+def magento_vuln_scan(url: str):
+    sub_output.subpro_scan(f"nuclei -u {url} -tags magentoo -silent")
+
+def phpbb_vuln_scan(url: str):
+    sub_output.subpro_scan(f"nuclei -u {url} -tags phpbb -silent")
diff --git a/vuln_db/nuclei_vulns.py b/vuln_db/nuclei_vulns.py
@@ -1,22 +1,11 @@
 from colorama import Fore
-from modules import scan, sub_output
-import requests
+from modules import sub_output
 
 
-def nuclei_nginx_scan(url: str) -> str:
-    sessions = requests.Session()
-    res = sessions.get(f"{url}", verify=False)
-    for item, value in res.headers.items():
-        if "nginx" in value:
-            scan.commands(f"nuclei -u {url} -t ~/nuclei-templates/misconfiguration/nginx/ -silent")
-
 def nuclei_cve_scan(domain: str) -> str:
-    sub_output.subpro_scan(f"nuclei -u {domain} -tags cve -severity critical,high -silent")
-    sub_output.subpro_scan(f"nuclei -u {domain} -t cves/ -silent")
-    sub_output.subpro_scan(f"nuclei -u {domain} -t vulnerabilities/ -silent")
+    sub_output.subpro_scan(f"nuclei -u {domain} -t cves/ -severity medium,high,critical -silent")
+    sub_output.subpro_scan(f"nuclei -u {domain} -t vulnerabilities/ -severity medium,high,critical -silent")
 
-def nuclei_fuzzing_scan(domain: str) -> str:
-    sub_output.subpro_scan(f"nuclei -u {domain} -t fuzzing/ -silent")
 
 def nuclei_ultimate_scan(domain: str) -> str:
     print(f"{Fore.MAGENTA}[+] {Fore.CYAN}- {Fore.WHITE}Task{Fore.CYAN}:{Fore.LIGHTBLUE_EX} CVE{Fore.WHITE} Status: {Fore.GREEN}Running...")

diff --git a/vuln_db/webservers_vulns.py b/vuln_db/webservers_vulns.py
@@ -0,0 +1,36 @@
+from colorama import Fore
+from plugins import agent_list
+from modules import sub_output
+import requests
+import sys
+
+
+user_agent_ = agent_list.get_useragent()
+header = {"User-Agent": user_agent_}
+
+def Servers_scan(url: str) -> str:
+    sessions = requests.Session()
+    server_output = []
+    r  = sessions.get(url, verify=False, headers=header)
+    try:
+        if r.status_code == 200:
+            for item, value in r.headers.items():
+                if item == "Server":
+                    server_output.append(value)
+        if "Apache" in server_output:
+            sub_output.subpro_scan(f"nuclei -u {url} -tags apache -silent")
+        if "Nginx" in server_output:
+            sub_output.subpro_scan(f"nuclei -u {url} -tags nginx -silent")
+        if "IIS" in server_output:
+            sub_output.subpro_scan(f"nuclei -u {url} -tags iis -silent")
+
+    except requests.exceptions.InvalidSchema:
+        print("Please use https://www.target.com")
+    except requests.exceptions.ConnectionError:
+        print("Check the target URL and try again\n")
+        sys.exit()
+    except requests.exceptions.MissingSchema:
+        print("Invalid URL, please use http:// or https://")
+        sys.exit()
+
+