-
Notifications
You must be signed in to change notification settings - Fork 1
/
AdminBuster.py
290 lines (233 loc) · 9.34 KB
/
AdminBuster.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
#!/usr/bin/python
import sys
import requests
import httplib
import time
import json
import re
import socket
from os import name, system
from datetime import datetime
from Queue import Queue
from threading import Thread, ThreadError
system('cls') if name == 'nt' else system('clear')
# Global Variables
ua = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11'}
panels = ["/admin/", "/administrator/", "/webadmin/", "/control/", "/admincp/"]
export_results = []
q = Queue()
# Lets start :D
def banner():
print('''
___ _ _ ______ _
/ _ \ | | (_) | ___ \ | |
/ /_\ \ __| |_ __ ___ _ _ __ | |_/ /_ _ ___| |_ ___ _ __
| _ |/ _` | '_ ` _ \| | '_ \| ___ \ | | / __| __/ _ \ '__|
| | | | (_| | | | | | | | | | | |_/ / |_| \__ \ || __/ |
\_| |_/\__,_|_| |_| |_|_|_| |_\____/ \__,_|___/\__\___|_|
~by Shariq Malik
''')
class counter:
count = 0
class output:
'class to export output to html'
file = open("buster-output.html", 'a')
def __init__(self, target, scanner):
header = "<br/><font face=monospace color=red>Results For <font color=Blue>'%s'</font><br/>Report Time: <font color=blue>%s</font><br/>Reverse Lookup: <font color=blue>%s</font></font><br/>" % (
target, datetime.now().strftime('%Y-%m-%d %H:%M:%S'), scanner)
output.file.write(header)
def data(self, link, respcode, wp):
out = '<font face=monospace>[%s] <a href="%s" target="_blank">%s %s</a></font><br/>' % (
respcode, link, link, wp)
output.file.write(out)
def close(self):
output.file.close()
def urlfix(url):
'Url Fixer'
url = url[:url.rindex('/')] if '/' in url[-1] else url
return url.replace('https://', '').replace('http://', '').replace('/', '')
def exportData(target, scanner):
'Function for Generating Output'
export = output(target, scanner)
for data in export_results:
export.data(*data)
export.close()
def yougetsignal(target):
'Function for Reverse Domain Lookup (YouGetSignal)'
url = "https://domains.yougetsignal.com/domains.php"
postdata = {'remoteAddress': target, 'key': ''}
r = requests.post(url, params=postdata, headers=ua,
timeout=timeOut, proxies=px)
resp = json.loads(r.text)
results = [i[0] for i in resp['domainArray']]
QueueFiller(results)
return [r.status_code, resp['domainCount']]
def hackertarget(target):
'Function for Reverse Domain Lookup (HackerTarget)'
api = "http://api.hackertarget.com/reverseiplookup/?q=%s" %target
request = requests.get(api, headers=ua, timeout=timeOut, proxies=px)
results = request.text.split('\n')
QueueFiller(results)
return [request.status_code, len(results)]
def ViewDns(target):
'Function for Reverse Domain Lookup (ViewDNS)'
url = "http://viewdns.info/reverseip/?t=1&host=%s" %target
request = requests.get(url, headers=ua, timeout=timeOut, proxies=px)
data = request.text
results = re.findall('<td>(.+?\..+?)</td>', data)
del results[0], results[0], results[0]
QueueFiller(results)
return [request.status_code, len(results)]
def ViewDnsApi(target,Key):
'Function for Reverse Domain Lookup (View DNS Using API)'
url = "https://api.viewdns.info/reverseip/?host=%s&apikey=%s&output=json" %(target,Key)
request = requests.get(url, headers=ua, timeout=timeOut, proxies=px)
data = json.loads(request.text)
results = [i['name'] for i in data['response']['domains']]
QueueFiller(results)
return [request.status_code,data['response']['domain_count']]
def QueueFiller(urls):
'Fill up the Queue'
for link in urls:
q.put('http://' + link)
return None
def CheckAdmin(queue):
'Function Checking Admin Panels'
while not queue.empty():
try:
counter.count += 1
sys.stdout.write("Checked '%i' and Remaining '%i'..%s\r" % (
counter.count, len(queue.queue) - 1, ' ' * 8))
sys.stdout.flush()
getlink = queue.get(False)
for adm in panels:
newlink = getlink + adm
try:
# Code Garbage but it works :D
admReq = requests.get(
newlink, headers=ua, timeout=timeOut, proxies=px)
if admReq.status_code != 404 and ('type=' and 'password') in admReq.text:
print("[%s] %s: %s %s " % (admReq.status_code, httplib.responses[admReq.status_code],
newlink, ['', "'WordPress'"]['wp-admin' in admReq.headers['Set-Cookie']]))
export_results.append([newlink, admReq.status_code, [
'', "'WordPress'"]['wp-admin' in admReq.headers['Set-Cookie']]])
break
except KeyboardInterrupt:
print("-" * 35)
print("\n[*]User Interrupted!")
return None
except:
pass
except KeyboardInterrupt:
print("-" * 35)
print("\n[*]User Interrupted!")
return None
except Exception, e:
print("\nError: %s" % e)
return None
queue.task_done()
def action(target, ConnPerSec, lookup,key=None):
'Function Performing Action Task'
target_ip = socket.gethostbyname(target)
if lookup == 1:
Response = yougetsignal(target_ip)
scanner = "YouGetSignal"
elif lookup == 2:
Response = hackertarget(target_ip)
scanner = "HackerTarget"
elif lookup == 3:
Response = ViewDns(target_ip)
scanner = "ViewDNS"
elif lookup == 4:
Response = ViewDnsApi(target_ip,key)
scanner = "ViewDNS (Using API)"
ServerStatus = Response[0]
Domains = Response[1]
print("-" * 35)
print("Server Status : %s" % httplib.responses[ServerStatus])
print("Target IP Addr : %s" % (target_ip))
print("Scanning using : %s" % scanner)
print("Total Domains : %s" % Domains)
print("No of Threads : %s" % ConnPerSec)
print("Timeout Sec : %s sec" % timeOut)
print("Proxy Enabled : %s" % ('Yes' if px else 'No'))
print("-" * 35)
# Threading :D
if ConnPerSec > 0:
try:
for i in xrange(ConnPerSec):
t = Thread(target=CheckAdmin, args=(q,))
t.daemon = True
t.start()
t.join()
except KeyboardInterrupt:
print("-" * 35)
print("[+]Output saved to 'buster-output.html'")
print("\n[*]User Interrupted!")
return None
else:
# Non Threaded :(
CheckAdmin(q)
exportData(target, scanner)
def Main():
'Main Shit'
banner()
try:
global px, timeOut
site = raw_input("Enter Site: ")
site = urlfix(site)
# Check for Custom options :D
if (raw_input("Do you want custom options ('N' for default options) [Y/N]:").lower() == 'y'):
threads = int(input("No Of Threads (0 for non-thread mod): "))
timeOut = int(input("Timeout Seconds: "))
lookup = int(
input("1. yougetsignal\n2. hackertarget\n3. View Dns\n4. View Dns (Using API)\n> "))
if lookup == 4:
ApiKey = raw_input("Enter Your Api Key: ")
else:
ApiKey = None
# proxy input
if (raw_input("Do you want to use proxy? [Y/N]: ").lower() == 'y'):
if (raw_input("Want to use TOR? [Y/N]: ").lower() == 'y'):
Px_proto = 'http'
Px_ip = 'socks5://127.0.0.1'
Px_port = 9050
else:
Px_proto = raw_input("Proxy Protocol: ")
Px_ip = raw_input("Proxy ip: ")
Px_port = int(input("Proxy Port: "))
px = {
Px_proto: "%s:%s" % (Px_ip, Px_port)
}
else:
px = {}
# Default Values (Modify Them as you need)
else:
threads = 2
lookup = 1
timeOut = 2
px = {}
ApiKey = None
t1 = time.time() # startTime
action(site, threads, lookup, ApiKey)
t2 = time.time() # endTime
print('Task Complete..%s' % (' ' * 18))
print("\n[-]Total Found : %s" % len(export_results))
print("[+]Output saved to 'buster-output.html'")
sys.exit("[+]Program Exited in '%s'" %
time.strftime("%M min and %S sec", time.gmtime(t2 - t1)))
except KeyboardInterrupt:
print("-" * 35)
t2 = time.time()
print("\n[*]User Interrupted!")
print("[-]Total Found : %s" % len(export_results))
print("[+]Output saved to 'buster-output.html'")
sys.exit("[+]Program Exited in '%s'" %
time.strftime("%M min and %S sec", time.gmtime(t2 - t1)))
except Exception, e:
t2 = time.time()
print("\nError: %s" % e)
sys.exit("[+]Program Exited in '%s'" %
time.strftime("%M min and %S sec", time.gmtime(t2 - t1)))
if __name__ == '__main__':
Main()