-
Notifications
You must be signed in to change notification settings - Fork 135
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #505 from shraddha761/rpcscan
RPCScan script
- Loading branch information
Showing
5 changed files
with
382 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# RPCScan | ||
|
||
A python tool to automate all the efforts that you put on finding the xmlrpc.php file on all of your targets subdomains and then finding the vulnerable methods and then finding the reports on hackerone and medium writeups. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
from colorama import Fore | ||
import re | ||
import requests | ||
import os | ||
import sys | ||
import urllib3 | ||
|
||
url = sys.argv[1] | ||
urllib3.disable_warnings() | ||
http = urllib3.PoolManager(cert_reqs='CERT_NONE') | ||
|
||
print(f"{Fore.BLUE}[!] Checking if Mod_Security waf is present [!]") | ||
checkxml = """<methodCall> | ||
<methodName>system.listMethods</methodName> | ||
<params></params> | ||
</methodCall>""" | ||
headers = {'Content-Type': 'application/xml'} | ||
url = f"{url}/xmlrpc.php" | ||
postresp = requests.post(url, data=checkxml, headers=headers, verify=False).text | ||
if re.search("Mod_Security", postresp): | ||
print(f"{Fore.RED}[!] Potential: Target is protected by Mod_Security WAF [!]") | ||
print("[!] Interrupting Attack [!]") | ||
sys.exit(0) | ||
else: | ||
print("[!] Mod_Security not found [!]") | ||
print(f"[!] Confidence: 100% [!]") | ||
|
||
print(f"{Fore.BLUE}[!] Checking for DDOS exploit(pingback.ping method) [!]") | ||
if re.search("pingback.ping", postresp): | ||
print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE}Method pingback.ping enabled {Fore.GREEN}[!]") | ||
print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE}Possibly this domain can be used as a botnet in a DDOS attack {Fore.GREEN}[!]") | ||
print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE}Possible internal port scanning. [!]") | ||
else: | ||
print(f"{Fore.GREEN}[!] Method pingback.ping not found [!]") | ||
|
||
print(f"{Fore.BLUE}[!] Checking if Bruteforce is Possible(wp.getUserBlogs) [!]") | ||
if re.search("wp.getUserBlogs", postresp): | ||
print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE}Method wp.getUserBlogs enabled {Fore.GREEN}[!]") | ||
print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE} Accounts can be cracked by taking advantage of this method {Fore.GREEN}[!]") | ||
else: | ||
print(f"{Fore.GREEN}[!] Method wp.getUserBlogs not found [!]") | ||
|
||
inp = input("Do you want to check all the available XMLRPC methods that are allowed? (y/any key) : ") | ||
|
||
if inp=='y': | ||
ask=input("Do you want to save this response in a file for futher testing? (y/any key) : ") | ||
if ask=="y": | ||
filename = input("Enter the filename for output : ") | ||
try: | ||
op = open(filename, "a") | ||
op.write(postresp) | ||
print(postresp) | ||
print(f"\n[I] output saved to {filename} [I]") | ||
except: | ||
print(f"{Fore.RED}[!] Unable to open/create a file in this directory. [!]\nTry:\n\t1. Changing the directory.\n\t2. Run this script as root(if not running).") | ||
else: | ||
print(postresp) | ||
else: | ||
pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
#!/bin/python3 | ||
import os | ||
try: | ||
import requests | ||
except: | ||
os.system("pip3 install requests") | ||
print("Run the setup again to continue.") | ||
exit(0) | ||
import sys | ||
try: | ||
import urllib3 | ||
except: | ||
os.system("pip3 install urllib3") | ||
print("Run the setup again to continue.") | ||
exit(0) | ||
try: | ||
from colorama import Fore | ||
except: | ||
os.system("pip3 install colorama") | ||
print("Run the setup again to continue.") | ||
exit(0) | ||
if len(sys.argv)>1: | ||
if sys.argv[1]=="-r": | ||
print("Repairing...") | ||
command = "rm -r .verified.rc" | ||
try: | ||
open(".verified.rc") | ||
os.system(command) | ||
except: | ||
print("Unable to repair the tool.") | ||
sys.exit(1) | ||
|
||
try: | ||
open(".verified.rc") | ||
print("The tool is already configured!\nrun the command rpcscan -h to see help menu.\nNote: If you are not able to run the tool run the command python3 setup.py -r .") | ||
sys.exit(1) | ||
except: | ||
pass | ||
|
||
currentdir = os.getcwd() | ||
|
||
try: | ||
open("rpcscan.py") | ||
except: | ||
print("[-] rpcscan.py not found [-]") | ||
ask = input("Do you want to download rpcscan.py? (y/n) ") | ||
if ask=="y" or ask=="yes": | ||
print("Downloading....") | ||
file_content = requests.get("https://raw.githubusercontent.com/shraddha761").text | ||
file = open("rpcscan.py", "w") | ||
file.write(file_content) | ||
file.close() | ||
elif ask=="n" or "no": | ||
exit(0) | ||
else: | ||
ask = "Please type y/n : " | ||
if ask=="y" or ask=="yes": | ||
print("Downloading....") | ||
elif ask=="n" or "no": | ||
exit(0) | ||
else: | ||
exit(0) | ||
try: | ||
open("scanner.py") | ||
except: | ||
print("[-] scanner.py not found [-]") | ||
ask = input("Do you want to download scanner.py? (y/n) ") | ||
if ask=="y" or ask=="yes": | ||
print("Downloading....") | ||
file_content = requests.get("https://raw.githubusercontent.com/shraddha761").text | ||
file = open("scanner.py", "w") | ||
file.write(file_content) | ||
print("File has been downloaded now rerun this program to proceed") | ||
file.close() | ||
exit(0) | ||
elif ask=="n" or "no": | ||
exit(0) | ||
else: | ||
ask = "Please type y/n : " | ||
if ask=="y" or ask=="yes": | ||
print("Downloading....") | ||
file_content = requests.get("https://raw.githubusercontent.com/shraddha761").text | ||
file = open("scanner.py", "w") | ||
file.write(file_content) | ||
print("File has been downloaded now rerun this program to proceed") | ||
file.close() | ||
exit(0) | ||
elif ask=="n" or "no": | ||
exit(0) | ||
else: | ||
exit(0) | ||
def verifyintsall(): | ||
command = "echo true >> .verified.rc" | ||
os.system(command) | ||
print("The tool is now successfully installed!\nNow you can use the command rpcscan <websitelist> to find xmlrpc.php files.") | ||
|
||
def install(): | ||
command = "cp rpcscan.py /usr/bin/rpcscan" | ||
try: | ||
os.system(command) | ||
except: | ||
print("Unable to setup the file.\nTry running this script as superuser.") | ||
sys.exit(1) | ||
command = "cp scanner.py /usr/bin/rpcscanner" | ||
try: | ||
os.system(command) | ||
verifyintsall() | ||
except: | ||
print("Unable to setup the file.\nTry running this script as superuser.") | ||
sys.exit(1) | ||
install() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
import os | ||
try: | ||
import requests | ||
except: | ||
os.system("pip3 install requests") | ||
print("Run the setup again to continue.") | ||
exit(0) | ||
import sys | ||
try: | ||
import urllib3 | ||
except: | ||
os.system("pip3 install urllib3") | ||
print("Run the setup again to continue.") | ||
exit(0) | ||
try: | ||
from colorama import Fore | ||
except: | ||
os.system("pip3 install colorama") | ||
print("Run the setup again to continue.") | ||
exit(0) | ||
if len(sys.argv)>1: | ||
if sys.argv[1]=="-r": | ||
print("Repairing...") | ||
command = "rm -r .verified.rc" | ||
try: | ||
open(".verified.rc") | ||
os.system(command) | ||
except: | ||
print("Unable to repair the tool.") | ||
sys.exit(1) | ||
|
||
try: | ||
open(".verified.rc") | ||
print("The tool is already configured!\nrun the command rpcscan -h to see help menu.\nNote: If you are not able to run the tool run the command python3 setup.py -r .") | ||
sys.exit(1) | ||
except: | ||
pass | ||
|
||
currentdir = os.getcwd() | ||
|
||
try: | ||
open("rpcscan.py") | ||
except: | ||
print("[-] rpcscan.py not found [-]") | ||
ask = input("Do you want to download rpcscan.py? (y/n) ") | ||
if ask=="y" or ask=="yes": | ||
print("Downloading....") | ||
file_content = requests.get("https://raw.githubusercontent.com//shraddha761").text | ||
file = open("rpcscan.py", "w") | ||
file.write(file_content) | ||
file.close() | ||
elif ask=="n" or "no": | ||
exit(0) | ||
else: | ||
ask = "Please type y/n : " | ||
if ask=="y" or ask=="yes": | ||
print("Downloading....") | ||
elif ask=="n" or "no": | ||
exit(0) | ||
else: | ||
exit(0) | ||
try: | ||
open("scanner.py") | ||
except: | ||
print("[-] scanner.py not found [-]") | ||
ask = input("Do you want to download scanner.py? (y/n) ") | ||
if ask=="y" or ask=="yes": | ||
print("Downloading....") | ||
file_content = requests.get("https://raw.githubusercontent.com//shraddha761").text | ||
file = open("scanner.py", "w") | ||
file.write(file_content) | ||
print("File has been downloaded now rerun this program to proceed") | ||
file.close() | ||
exit(0) | ||
elif ask=="n" or "no": | ||
exit(0) | ||
else: | ||
ask = "Please type y/n : " | ||
if ask=="y" or ask=="yes": | ||
print("Downloading....") | ||
file_content = requests.get("https://raw.githubusercontent.com//shraddha761").text | ||
file = open("scanner.py", "w") | ||
file.write(file_content) | ||
print("File has been downloaded now rerun this program to proceed") | ||
file.close() | ||
exit(0) | ||
elif ask=="n" or "no": | ||
exit(0) | ||
else: | ||
exit(0) | ||
def verifyintsall(): | ||
command = "echo true >> .verified.rc" | ||
os.system(command) | ||
print("The tool is now successfully installed!\nNow you can use the command rpcscan <websitelist> to find xmlrpc.php files.") | ||
|
||
def install(): | ||
command = "cp rpcscan.py /data/data/com.termux/files/usr/bin/rpcscan" | ||
try: | ||
os.system(command) | ||
except: | ||
print("Unable to setup the file.\nTry running this script as superuser.") | ||
sys.exit(1) | ||
command = "cp scanner.py /data/data/com.termux/files/usr/bin/rpcscanner" | ||
try: | ||
os.system(command) | ||
verifyintsall() | ||
except: | ||
print("Unable to setup the file.\nTry running this script as superuser.") | ||
sys.exit(1) | ||
install() |
Oops, something went wrong.