diff --git a/cmsmap/lib/genericchecks.py b/cmsmap/lib/genericchecks.py index c4a1e78..f178e43 100644 --- a/cmsmap/lib/genericchecks.py +++ b/cmsmap/lib/genericchecks.py @@ -46,10 +46,10 @@ def DirectoryListing(self, relPath): report.verbose(msg) requester.request(self.url + self.relPath, data=None) dirList = re.search("Index of", requester.htmltext, re.IGNORECASE) - if dirList: + if dirList: msg = self.url + self.relPath report.low(msg) - + # Check if website is over HTTPS def HTTPSCheck(self): msg = "Checking if the website is in HTTPS ..." @@ -86,7 +86,7 @@ def HeadersCheck(self): msg = "X-XSS-Protection Disabled" report.high(msg) if not requester.response.info().get('x-frame-options') or ( - requester.response.info().get('x-frame-options').lower() != 'sameorigin' or 'deny'): + requester.response.info().get('x-frame-options').lower() not in ['sameorigin', 'deny']): msg = "X-Frame-Options: Not Enforced" report.low(msg) if not requester.response.info().get('strict-transport-security'): @@ -98,7 +98,7 @@ def HeadersCheck(self): if not requester.response.info().get('x-content-type-options'): msg = "X-Content-Type-Options: Not Enforced" report.info(msg) - + # Check if AutoComplete is set to Off on login pages def AutocompleteOff(self, relPath): msg = "Checking Autocomplete Off on the login page ..." @@ -109,7 +109,7 @@ def AutocompleteOff(self, relPath): if not autoComp: msg = "Autocomplete Off Not Found: " + self.url + self.relPath report.info(msg) - + # Check if robots.txt is available def RobotsTXT(self): msg = "Checking Robots.txt File ..." @@ -121,7 +121,7 @@ def RobotsTXT(self): else: msg = "No Robots.txt Found" report.low(msg) - + # Extract error codes and page length from a not existing web page def NotExistingURL(self): @@ -151,7 +151,7 @@ def CommonFiles(self): # Add all plugins to the queue for commFilesIndex, file in enumerate(self.commFiles): q.put(file + ext) - sys.stdout.write("\r" + str((100 * ((len(self.commFiles) * extIndex) + commFilesIndex) / + sys.stdout.write("\r" + str((100 * ((len(self.commFiles) * extIndex) + commFilesIndex) / (len(self.commFiles) * len(self.commExt)))) + "% " + file + ext + " ") sys.stdout.flush() q.join() diff --git a/cmsmap/lib/wpscan.py b/cmsmap/lib/wpscan.py index c4675db..c030e68 100644 --- a/cmsmap/lib/wpscan.py +++ b/cmsmap/lib/wpscan.py @@ -89,7 +89,7 @@ def WPVersion(self): msg = "Wordpress Version: " + self.currentVer[0] report.info(msg) else: - requester.request(self.url, data=None) + requester.request(self.url, data=None) self.currentVer = re.findall('<meta name="generator" content="WordPress (\d+\.\d+[\.\d+]*)"', requester.htmltext) if self.currentVer: msg = "Wordpress Version: " + self.currentVer[0] @@ -146,7 +146,7 @@ def WPDefaultFiles(self): def WPFeed(self): msg = "Enumerating Wordpress usernames via \"Feed\" ..." report.verbose(msg) - requester.request(self.url + self.feed, data=None) + requester.request(self.url + self.feed, data=None) wpUsers = re.findall("<dc:creator>[<!\[CDATA\[]*(.+?)[\]\]>]*</dc:creator>", requester.htmltext) if wpUsers: @@ -178,18 +178,18 @@ def WPForgottenPassword(self): report.verbose(msg) # Use an invalid, not-existing, not-registered user self.postdata = {"user_login": "N0t3xist!1234"} - requester.request(self.url + self.forgottenPsw, data=self.postdata) + requester.request(self.url + self.forgottenPsw, data=self.postdata) if re.findall(re.compile('Invalid username'), requester.htmltext): msg = "Forgotten Password Allows Username Enumeration: " + self.url + self.forgottenPsw report.info(msg) # Find full path via the default hello plugin def WPHello(self): - requester.request(self.url + "/wp-content/plugins/hello.php", data=None) + requester.request(self.url + "/wp-content/plugins/hello.php", data=None) fullPath = re.findall(re.compile('Fatal error.*>/(.+?/)hello.php'), requester.htmltext) if fullPath: msg = "Wordpress Hello Plugin Full Path Disclosure: " + "/" + fullPath[0] + "hello.php" - report.low(msg) + report.low(msg) # Find directory listing in default directories and plugin directories def WPDirsListing(self): @@ -207,7 +207,7 @@ def WPDirsListing(self): def WPpluginsIndex(self): msg = "Checking WordPress plugins in the index page" report.verbose(msg) - requester.request(self.url, data=None) + requester.request(self.url, data=None) self.pluginsFound = re.findall(re.compile('/wp-content/plugins/(.+?)/'), requester.htmltext) # Find plugins via a dictionary attack @@ -241,7 +241,7 @@ def WPpluginsVersion(self): requester.request(self.url+self.pluginPath+pluginFound+"/readme.txt", data=None) pluginVer = re.findall('Stable tag: (\d+\.\d+[\.\d+]*)', requester.htmltext) # Add plugin version - if pluginVer : + if pluginVer : self.pluginsFoundVers[pluginFound] = pluginVer[0] else: # Match has not been found @@ -303,7 +303,8 @@ def WPXMLRPC_check(self): <param><value><string>ThisIsATest</string></value></param></params></methodCall> ''' requester.request(self.url + '/xmlrpc.php', data = self.postdata) - if re.search('<value><string>XML-RPC services are disabled', requester.htmltext): + if re.search('<value><string>XML-RPC services are disabled', requester.htmltext) or ( + 500 > requester.status_code >= 400): msg = "XML-RPC services are disabled" report.verbose(msg) self.XMLRPCEnable = False