diff --git a/CHANGELOG b/CHANGELOG index 9d7d414..c796f58 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +-- March 19, 2018 -- +* v1.2 +* add compare with ndiff + + -- March 14, 2018 -- * v1.1-rev2 * add vulners diff --git a/core/banner.py b/core/banner.py index 5ad80ae..409d190 100644 --- a/core/banner.py +++ b/core/banner.py @@ -12,7 +12,7 @@ def banner(): /_/ /_/|_|\__/\____/\____/_____/ """+ warna.tutup + """ Author : """ + warna.abuabu + """ Kuburan A.K.A Gembur Ae """+ warna.tutup + """ - Version : """ + warna.abuabu + """ 1.1 """+ warna.tutup + """ + Version : """ + warna.abuabu + """ 1.2 """+ warna.tutup + """ Codename : """ + warna.abuabu + """ Tali Pocong """+ warna.tutup + """ """ + warna.merah + """ ======================================= =======================================""" + warna.tutup + """ diff --git a/core/fungsi.py b/core/fungsi.py index 7f63f57..a019f61 100644 --- a/core/fungsi.py +++ b/core/fungsi.py @@ -29,6 +29,17 @@ def IP(): return local_ip +def check_ndiff(): + ndiff_path = '/data/data/com.termux/files/usr/bin' + if not os.path.isfile("%s/ndiff" % (ndiff_path)): + print(warna.merah + "\n[x] Fatal error" + warna.tutup + " ndiff not found !") + print(warna.kuning + "[!] " + warna.tutup + "you can download ndiff binary at my Brach.") + print(warna.hijau + " https://github.com/kuburan/kuburan.github.io/tree/master/files/dists/termux/external/binary-all" + warna.tutup) + sys.exit() + + else : + return True + def check_proxychains(): proxychains_path = '/data/data/com.termux/files/usr/bin' diff --git a/core/upgrade.py b/core/upgrade.py index f456481..2fd2b0f 100755 --- a/core/upgrade.py +++ b/core/upgrade.py @@ -3,7 +3,8 @@ import os module_dir = '/data/data/com.termux/files/usr/share/txtool/module' core_dir = '/data/data/com.termux/files/usr/share/txtool/core' -os.system("cd %s && rm -f fungsi.py" % (core_dir)) +os.system("cd %s && rm -f banner.py fungsi.py" % (core_dir)) +os.system("cd %s && wget https://raw.githubusercontent.com/kuburan/txtool/master/core/banner.py" % (core_dir)) os.system("cd %s && wget https://raw.githubusercontent.com/kuburan/txtool/master/core/fungsi.py" % (core_dir)) os.system("cd %s && rm -f module1.py module9.py" % (module_dir)) os.system("cd %s && wget https://raw.githubusercontent.com/kuburan/txtool/master/module/module1.py" % (module_dir)) diff --git a/core/version.txt b/core/version.txt index 6deecc3..ef7df68 100644 --- a/core/version.txt +++ b/core/version.txt @@ -1 +1 @@ -version 1.1-rev2 +version 1.2 diff --git a/module/module1.py b/module/module1.py index 9e85cba..a0a1791 100644 --- a/module/module1.py +++ b/module/module1.py @@ -7,7 +7,7 @@ sys.path.append("/data/data/com.termux/files/usr/share/txtool/core") from fungsi import empty, scan_finish, check_vulscan, check_redpoint -from fungsi import IP, check_proxychains, info, warna, check_vulners +from fungsi import IP, check_proxychains, info, warna, check_vulners, check_ndiff import menu as back def menu_utama(): @@ -17,6 +17,7 @@ def menu_utama(): print("\t[" + warna.hijau + "4" + warna.tutup + "]" + warna.abuabu + " SCADA, ICS, PLC Scanning" + warna.tutup) print("\t[" + warna.hijau + "5" + warna.tutup + "]" + warna.abuabu + " Checking Eternalblue Doublepulsar Vulnerability" + warna.tutup) print("\t[" + warna.hijau + "6" + warna.tutup + "]" + warna.abuabu + " Vulners" + warna.tutup) + print("\t[" + warna.hijau + "7" + warna.tutup + "]" + warna.abuabu + " Compare Nmap output files with Ndiff" + warna.tutup) print("\t[" + warna.hijau + "0" + warna.tutup + "]" + warna.abuabu + " Back To Main Menu\n" + warna.tutup) pilih = raw_input(warna.hijau + " tXtool " + warna.tutup + warna.kuning + " ~~>> " + warna.tutup) eksekusi_menu(pilih) @@ -282,6 +283,41 @@ def menu6(): raw_input("\n press <" + warna.hijau + "Enter" + warna.tutup + "> to continue ") menu['menu_utama']() +def menu7(): + check_ndiff() + print(warna.hijau + "\n[*]" + warna.tutup + " Compare two Nmap XML files and display a list of their differences. Differences include host state changes, port state changes, and changes to service and OS detection.") + file_1 = raw_input(warna.biru + "\n[+] " + warna.tutup + "first output file" + warna.kuning + " >> " + warna.tutup) + if file_1 == '': + empty() + menu['menu_utama']() + + if not ".xml" in file_1: + print(warna.merah + "\n[x] Error : " + warna.tutup + "the output file should be in .xml format") + menu['menu_utama']() + + file_2 = raw_input(warna.biru + "\n[+] " + warna.tutup + "second output file to compare" + warna.kuning + " >> " + warna.tutup) + if file_2 == '': + empty() + menu['menu_utama']() + + if not ".xml" in file_2: + print(warna.merah + "\n[x] Error : " + warna.tutup + "the output file should be in .xml format") + menu['menu_utama']() + + print(warna.hijau + '\n[*] ' + warna.tutup + 'if you want to read in xml format, choose "yes". else return text format') + q = raw_input(warna.biru + "[+]" + warna.tutup + " Do you want to read in xml format ?" + warna.kuning + " >> " + warna.tutup) + if q == "yes" or q == "YES" or q == "y" or q == "Y" or q == "ya": + subprocess.Popen("ndiff --xml %s %s " % + (file_1, file_2), shell=True).wait() + scan_finish() + menu['menu_utama']() + + else: + subprocess.Popen("ndiff %s %s " % + (file_1, file_2), shell=True).wait() + scan_finish() + menu['menu_utama']() + def Kembali(): back.menu['menu_utama']() @@ -293,5 +329,6 @@ def Kembali(): '4': menu4, '5': menu5, '6': menu6, + '7': menu7, '0': Kembali, } diff --git a/module/module10.py b/module/module10.py index e3d5026..3d9dfbc 100644 --- a/module/module10.py +++ b/module/module10.py @@ -43,7 +43,14 @@ def menu1(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\n"CakeRoutingException" -site:github.com -site:stackoverflow.com -site:cakephp.org"\ninurl:".php?id=" "You have an error in your SQL syntax"\nintitle:"CGIWrap Error"\n"--- WebView Livescope Http Server Error ---" -git\n"Below is a rendering of the page up to the first error." ext:xml\ninurl:index of driver.php?id=\n""") + filewrite.write(""" +intitle:"Missing Controller" intext:"Cake\Routing\Exception\" -site:"https://sourceforge.net" -site:github.com -site:"stackoverflow.com" -site:"cakephp.org" +inurl:".php?id=" "You have an error in your SQL syntax" +intitle:"CGIWrap Error" +"--- WebView Livescope Http Server Error ---" -git +"Below is a rendering of the page up to the first error." ext:xml +inurl:index of driver.php?id= +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -73,7 +80,14 @@ def menu2(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\nintext:"expects parameter 1 to be resource, boolean given" filetype:php\nintitle:"Struts Problem Report" intext:"development mode is enabled."\ninurl:"id=" & intext:"MySQL Error: 1064" & "Session halted."\nintitle:"DSM Terminator [ ABORT ]" | inurl:"./com.sap.portal.dsm.Terminator"\ninurl:/siteminderagent/ | app:"Error 404: java.io.FileNotFoundException: SRVE0190E: File not found: /siteminderagent/"\ninurl:/smpwservices.fcc | "/lm_private/CkeSetter.aspx"\n""") + filewrite.write(""" +intext:"expects parameter 1 to be resource, boolean given" filetype:php +intitle:"Struts Problem Report" intext:"development mode is enabled." +inurl:"id=" & intext:"MySQL Error: 1064" & "Session halted." +intitle:"DSM Terminator [ ABORT ]" | inurl:"./com.sap.portal.dsm.Terminator" +inurl:/siteminderagent/ | app:"Error 404: java.io.FileNotFoundException: SRVE0190E: File not found: /siteminderagent/" +inurl:/smpwservices.fcc | "/lm_private/CkeSetter.aspx" +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -103,7 +117,14 @@ def menu3(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\ninurl:/console-selfservice/common/scripts/calendar/ipopeng.htm\ninurl:/nesp/app\ninurl:/SAML2/SOAP/ | inurl:/SAML2/POST\ninurl:/uniquesig0/ or inurl:/uniquesig0/InternalSite/\ninurl:index.php?id= intext:"mysql_fetch_array"\nintitle:Content Server Error IdcService=DOC_INFO\n""") + filewrite.write(""" +inurl:/console-selfservice/common/scripts/calendar/ipopeng.htm +inurl:/nesp/app +inurl:/SAML2/SOAP/ | inurl:/SAML2/POST +inurl:/uniquesig0/ or inurl:/uniquesig0/InternalSite/ +inurl:index.php?id= intext:"mysql_fetch_array" +intitle:Content Server Error IdcService=DOC_INFO +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -133,7 +154,14 @@ def menu4(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\nintitle:"Whoops! There was an error."\nintitle:Error-javax.el.ELException+error+xhtml\nintitle:Error Page pageWrapper.jsp?\nintext:"Unexpected Problem Occurred!" ext:aspx\n"[function.getimagesize]: failed to open stream: No such file or directory in"\nintext:"Access denied for" intitle:"Shopping cart"\n""") + filewrite.write(""" +intitle:"Whoops! There was an error." +intitle:Error-javax.el.ELException+error+xhtml +intitle:Error Page pageWrapper.jsp? +intext:"Unexpected Problem Occurred!" ext:aspx +"[function.getimagesize]: failed to open stream: No such file or directory in" +intext:"Access denied for" intitle:"Shopping cart" +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -163,7 +191,14 @@ def menu5(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\ninurl:advsearch.php?module= & intext:sql syntax\nintext:"Fatal error: Class 'Red_Action' not found in"\n"CHARACTER_SETS" "COLLATION_CHARACTER_SET_APPLICABILITY"\ninurl:"*.php?*=*.php" intext:"Warning: include" -inurl:.html -site:"php.net" -site:"stackoverflow.com" -inurl:"*forums*"\ninurl:"index.php?m=content+c=rss+catid=10"\n"plugins/wp-db-backup/wp-db-backup.php"\n""") + filewrite.write(""" +inurl:advsearch.php?module= & intext:sql syntax +intext:"Fatal error: Class 'Red_Action' not found in" +"CHARACTER_SETS" "COLLATION_CHARACTER_SET_APPLICABILITY" +inurl:"*.php?*=*.php" intext:"Warning: include" -inurl:.html -site:"php.net" -site:"stackoverflow.com" -inurl:"*forums*" +inurl:"index.php?m=content+c=rss+catid=10" +"plugins/wp-db-backup/wp-db-backup.php" +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -193,7 +228,14 @@ def menu6(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\nallintext:"fs-admin.php"\nintitle:"Apache Tomcat" "Error Report"\n"Unable to jump to row" "on MySQL result index" "on line"\n"Warning: Bad arguments to (join|implode) () in" "on line" -help -forum\n"Warning:" "failed to open stream: HTTP request failed" "on line"\n"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum\n""") + filewrite.write(""" +allintext:"fs-admin.php" +intitle:"Apache Tomcat" "Error Report" +"Unable to jump to row" "on MySQL result index" "on line" +"Warning: Bad arguments to (join|implode) () in" "on line" -help -forum +"Warning:" "failed to open stream: HTTP request failed" "on line" +"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -223,7 +265,13 @@ def menu7(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\nfiletype:asp + "[ODBC SQL"\n"Warning: Division by zero in" "on line" -forum\n"Warning:" "SAFE MODE Restriction in effect." "The script whose uid is" "is not allowed to access owned by uid 0 in" "on line"\n"Warning: Supplied argument is not a valid File-Handle resource in"\n"There seems to have been a problem with the" " Please try again by clicking the Refresh button in your web browser."\nintitle:"Default PLESK Page"\n""") + filewrite.write(""" +filetype:asp + "[ODBC SQL"\n"Warning: Division by zero in" "on line" -forum +"Warning:" "SAFE MODE Restriction in effect." "The script whose uid is" "is not allowed to access owned by uid 0 in" "on line" +"Warning: Supplied argument is not a valid File-Handle resource in" +"There seems to have been a problem with the" " Please try again by clicking the Refresh button in your web browser." +intitle:"Default PLESK Page" +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -253,7 +301,14 @@ def menu8(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\n"Parse error: parse error, unexpected T_VARIABLE" "on line" filetype:php\n"[SQL Server Driver][SQL Server]Line 1: Incorrect syntax near" -forum -thread -showthread\nNetscape Application Server Error page\nintext:"Error Message : Error loading required libraries."\n"Warning: mysql_query()" "invalid query"\nintitle:Configuration.File inurl:softcart.exe\n""") + filewrite.write(""" +"Parse error: parse error, unexpected T_VARIABLE" "on line" filetype:php +"[SQL Server Driver][SQL Server]Line 1: Incorrect syntax near" -forum -thread -showthread +Netscape Application Server Error page +intext:"Error Message : Error loading required libraries." +"Warning: mysql_query()" "invalid query" +intitle:Configuration.File inurl:softcart.exe +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -283,7 +338,15 @@ def menu9(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\n"The script whose uid is " "is not allowed to access"\nsnitz! forums db path error\n"ASP.NET_SessionId" "data source="\n"ORA-12541: TNS:no listener" intitle:"error occurred"\nfiletype:php inurl:"logging.php" "Discuz" error\n"Internal Server Error" "server at"\nPHP application warnings failing "include_path"\n""") + filewrite.write(""" +"The script whose uid is " "is not allowed to access" +snitz! forums db path error +"ASP.NET_SessionId" "data source=" +"ORA-12541: TNS:no listener" intitle:"error occurred" +filetype:php inurl:"logging.php" "Discuz" error +"Internal Server Error" "server at" +PHP application warnings failing "include_path" +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -313,7 +376,14 @@ def menu10(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\nintext:"Warning: Failed opening" "on line" "include_path"\nht://Dig htsearch error\nintitle:"Error Occurred While Processing Request"\nintitle:"Error using Hypernews" "Server Software"\n"Invision Power Board Database Error"\n"error found handling the request" cocoon filetype:xml\n""") + filewrite.write(""" +intext:"Warning: Failed opening" "on line" "include_path" +ht://Dig htsearch error +intitle:"Error Occurred While Processing Request" +intitle:"Error using Hypernews" "Server Software" +"Invision Power Board Database Error" +"error found handling the request" cocoon filetype:xml +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -343,7 +413,14 @@ def menu11(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\nintitle:"Execution of this script not permitted"\nintitle:"Error Occurred" "The error occurred in" filetype:cfm\nwarning "error on line" php sablotron\n"Fatal error: Call to undefined function" -reply -the -next\nfiletype:asp "Custom Error Message" Category Source\n"Can't connect to local" intitle:warning\n""") + filewrite.write(""" +intitle:"Execution of this script not permitted" +intitle:"Error Occurred" "The error occurred in" filetype:cfm +warning "error on line" php sablotron +"Fatal error: Call to undefined function" -reply -the -next +filetype:asp "Custom Error Message" Category Source +"Can't connect to local" intitle:warning +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -373,7 +450,13 @@ def menu12(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\nintitle:"Under construction" "does not currently have"\n"access denied for user" "using password"\n"Warning: Cannot modify header information - headers already sent"\n"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL"\nAn unexpected token "END-OF-STATEMENT" was found\n""") + filewrite.write(""" +intitle:"Under construction" "does not currently have" +"access denied for user" "using password" +"Warning: Cannot modify header information - headers already sent" +"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL" +An unexpected token "END-OF-STATEMENT" was found +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -403,7 +486,14 @@ def menu13(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\n"detected an internal error [IBM][CLI Driver][DB2/6000]"\n"A syntax error has occurred" filetype:ihtml\n"An illegal character has been found in the statement" -"previous message"\n"Syntax error in query expression " -the\nsupplied argument is not a valid PostgreSQL result\n"PostgreSQL query failed: ERROR: parser: parse error"\n""") + filewrite.write(""" +"detected an internal error [IBM][CLI Driver][DB2/6000]" +"A syntax error has occurred" filetype:ihtml +"An illegal character has been found in the statement" -"previous message" +"Syntax error in query expression " -the +supplied argument is not a valid PostgreSQL result +"PostgreSQL query failed: ERROR: parser: parse error" +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -433,7 +523,14 @@ def menu14(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\n"Incorrect syntax near"\n"Unclosed quotation mark before the character string"\n"ORA-00933: SQL command not properly ended"\nORA-00921: unexpected end of SQL command\nORA-00936: missing expression\n"Supplied argument is not a valid MySQL result resource"\n""") + filewrite.write(""" +"Incorrect syntax near" +"Unclosed quotation mark before the character string" +"ORA-00933: SQL command not properly ended" +ORA-00921: unexpected end of SQL command +ORA-00936: missing expression +"Supplied argument is not a valid MySQL result resource" +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -463,7 +560,13 @@ def menu15(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\nsQL syntax error\nmysql error with query\nInternal Server Error\nIIS web server error messages\nWindows 2000 web server error messages\nIIS 4.0 error messages\n""") + filewrite.write(""" +sQL syntax error\nmysql error with query +Internal Server Error +IIS web server error messages +Windows 2000 web server error messages +IIS 4.0 error messages +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() @@ -493,7 +596,14 @@ def menu16(): else: filewrite = open(txtool_dir + "/dork.txt", "w") - filewrite.write("""\ninurl:sitebuilderpictures\nsitebuilderfiles\nsitebuildercontent\n"Chatologica MetaSearch" "stack tracking\nORA-00921: unexpected end of SQL command\n"supplied argument is not a valid MySQL result resource"\nColdfusion Error Pages\n""") + filewrite.write(""" +inurl:sitebuilderpictures +sitebuilderfiles\nsitebuildercontent +"Chatologica MetaSearch" "stack tracking +ORA-00921: unexpected end of SQL command +"supplied argument is not a valid MySQL result resource" +Coldfusion Error Pages +""") filewrite.close() subprocess.Popen("cd %s && ./inurlbr --no-banner --dork-file %s/dork.txt -q 1,6 -t 1 --sall %s" % (inurl, txtool_dir, output), shell=True).wait() diff --git a/txtool b/txtool index 9c5809e..d985554 100755 --- a/txtool +++ b/txtool @@ -2,7 +2,7 @@ """ Created by : Kuburan_0day A.K.A Gembur Ae - Version : 1.1 + Version : 1.2 Codename : Tali Pocong """