Merge pull request #505 from shraddha761/rpcscan

RPCScan script

RPCScan/Readme.md

@@ -0,0 +1,3 @@
+# RPCScan
+
+A python tool to automate all the efforts that you put on finding the xmlrpc.php file on all of your targets subdomains and then finding the vulnerable methods and then finding the reports on hackerone and medium writeups.

RPCScan/scanner.py

@@ -0,0 +1,59 @@
+from colorama import Fore
+import re
+import requests
+import os
+import sys
+import urllib3
+
+url = sys.argv[1]
+urllib3.disable_warnings()
+http = urllib3.PoolManager(cert_reqs='CERT_NONE')
+
+print(f"{Fore.BLUE}[!] Checking if Mod_Security waf is present [!]")
+checkxml = """<methodCall>
+<methodName>system.listMethods</methodName>
+<params></params>
+</methodCall>"""
+headers = {'Content-Type': 'application/xml'}
+url = f"{url}/xmlrpc.php"
+postresp = requests.post(url, data=checkxml, headers=headers, verify=False).text
+if re.search("Mod_Security", postresp):
+    print(f"{Fore.RED}[!] Potential: Target is protected by Mod_Security WAF [!]")
+    print("[!] Interrupting Attack [!]")
+    sys.exit(0)
+else:
+    print("[!] Mod_Security not found [!]")
+    print(f"[!] Confidence: 100% [!]")
+
+print(f"{Fore.BLUE}[!] Checking for DDOS exploit(pingback.ping method) [!]")
+if re.search("pingback.ping", postresp):
+    print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE}Method pingback.ping enabled {Fore.GREEN}[!]")
+    print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE}Possibly this domain can be used as a botnet in a DDOS attack {Fore.GREEN}[!]")
+    print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE}Possible internal port scanning. [!]")
+else:
+    print(f"{Fore.GREEN}[!] Method pingback.ping not found [!]")
+
+print(f"{Fore.BLUE}[!] Checking if Bruteforce is Possible(wp.getUserBlogs) [!]")
+if re.search("wp.getUserBlogs", postresp):
+    print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE}Method wp.getUserBlogs enabled {Fore.GREEN}[!]")
+    print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE} Accounts can be cracked by taking advantage of this method {Fore.GREEN}[!]")
+else:
+    print(f"{Fore.GREEN}[!] Method wp.getUserBlogs not found [!]")
+
+inp = input("Do you want to check all the available XMLRPC methods that are allowed? (y/any key) : ")
+
+if inp=='y':
+    ask=input("Do you want to save this response in a file for futher testing? (y/any key) : ")
+    if ask=="y":
+        filename = input("Enter the filename for output : ")
+        try:
+            op = open(filename, "a")
+            op.write(postresp)
+            print(postresp)
+            print(f"\n[I] output saved to {filename} [I]")
+        except:
+            print(f"{Fore.RED}[!] Unable to open/create a file in this directory. [!]\nTry:\n\t1. Changing the directory.\n\t2. Run this script as root(if not running).")
+    else:
+        print(postresp)
+else:
+    pass

RPCScan/setup.py

@@ -0,0 +1,111 @@
+#!/bin/python3
+import os
+try:
+    import requests
+except:
+    os.system("pip3 install requests")
+    print("Run the setup again to continue.")
+    exit(0)
+import sys
+try:
+    import urllib3
+except:
+    os.system("pip3 install urllib3")
+    print("Run the setup again to continue.")
+    exit(0)
+try:
+    from colorama import Fore
+except:
+    os.system("pip3 install colorama")
+    print("Run the setup again to continue.")
+    exit(0)
+if len(sys.argv)>1:
+    if sys.argv[1]=="-r":
+        print("Repairing...")
+        command = "rm -r .verified.rc"
+        try:
+            open(".verified.rc")
+            os.system(command)
+        except:
+            print("Unable to repair the tool.")
+            sys.exit(1)
+
+try:
+    open(".verified.rc")
+    print("The tool is already configured!\nrun the command rpcscan -h to see help menu.\nNote: If you are not able to run the tool run the command python3 setup.py -r .")
+    sys.exit(1)
+except:
+    pass
+
+currentdir = os.getcwd()
+
+try:
+    open("rpcscan.py")
+except:
+    print("[-] rpcscan.py not found [-]")
+    ask = input("Do you want to download rpcscan.py? (y/n) ")
+    if ask=="y" or ask=="yes":
+        print("Downloading....")
+        file_content = requests.get("https://raw.githubusercontent.com/shraddha761").text
+        file = open("rpcscan.py", "w")
+        file.write(file_content)
+        file.close()
+    elif ask=="n" or "no":
+        exit(0)
+    else:
+        ask = "Please type y/n : "
+        if ask=="y" or ask=="yes":
+            print("Downloading....")
+        elif ask=="n" or "no":
+            exit(0)
+        else:
+            exit(0)
+try:
+    open("scanner.py")
+except:
+    print("[-] scanner.py not found [-]")
+    ask = input("Do you want to download scanner.py? (y/n) ")
+    if ask=="y" or ask=="yes":
+        print("Downloading....")
+        file_content = requests.get("https://raw.githubusercontent.com/shraddha761").text
+        file = open("scanner.py", "w")
+        file.write(file_content)
+        print("File has been downloaded now rerun this program to proceed")
+        file.close()
+        exit(0)
+    elif ask=="n" or "no":
+        exit(0)
+    else:
+        ask = "Please type y/n : "
+        if ask=="y" or ask=="yes":
+            print("Downloading....")
+            file_content = requests.get("https://raw.githubusercontent.com/shraddha761").text
+            file = open("scanner.py", "w")
+            file.write(file_content)
+            print("File has been downloaded now rerun this program to proceed")
+            file.close()
+            exit(0)
+        elif ask=="n" or "no":
+            exit(0)
+        else:
+            exit(0)
+def verifyintsall():
+    command = "echo true >> .verified.rc"
+    os.system(command)
+    print("The tool is now successfully installed!\nNow you can use the command rpcscan <websitelist> to find xmlrpc.php files.")
+
+def install():
+    command = "cp rpcscan.py /usr/bin/rpcscan"
+    try:
+        os.system(command)
+    except:
+        print("Unable to setup the file.\nTry running this script as superuser.")
+        sys.exit(1)
+    command = "cp scanner.py /usr/bin/rpcscanner"
+    try:
+        os.system(command)
+        verifyintsall()
+    except:
+        print("Unable to setup the file.\nTry running this script as superuser.")
+        sys.exit(1)
+install()

RPCScan/termux.py

@@ -0,0 +1,110 @@
+import os
+try:
+    import requests
+except:
+    os.system("pip3 install requests")
+    print("Run the setup again to continue.")
+    exit(0)
+import sys
+try:
+    import urllib3
+except:
+    os.system("pip3 install urllib3")
+    print("Run the setup again to continue.")
+    exit(0)
+try:
+    from colorama import Fore
+except:
+    os.system("pip3 install colorama")
+    print("Run the setup again to continue.")
+    exit(0)
+if len(sys.argv)>1:
+    if sys.argv[1]=="-r":
+        print("Repairing...")
+        command = "rm -r .verified.rc"
+        try:
+            open(".verified.rc")
+            os.system(command)
+        except:
+            print("Unable to repair the tool.")
+            sys.exit(1)
+
+try:
+    open(".verified.rc")
+    print("The tool is already configured!\nrun the command rpcscan -h to see help menu.\nNote: If you are not able to run the tool run the command python3 setup.py -r .")
+    sys.exit(1)
+except:
+    pass
+
+currentdir = os.getcwd()
+
+try:
+    open("rpcscan.py")
+except:
+    print("[-] rpcscan.py not found [-]")
+    ask = input("Do you want to download rpcscan.py? (y/n) ")
+    if ask=="y" or ask=="yes":
+        print("Downloading....")
+        file_content = requests.get("https://raw.githubusercontent.com//shraddha761").text
+        file = open("rpcscan.py", "w")
+        file.write(file_content)
+        file.close()
+    elif ask=="n" or "no":
+        exit(0)
+    else:
+        ask = "Please type y/n : "
+        if ask=="y" or ask=="yes":
+            print("Downloading....")
+        elif ask=="n" or "no":
+            exit(0)
+        else:
+            exit(0)
+try:
+    open("scanner.py")
+except:
+    print("[-] scanner.py not found [-]")
+    ask = input("Do you want to download scanner.py? (y/n) ")
+    if ask=="y" or ask=="yes":
+        print("Downloading....")
+        file_content = requests.get("https://raw.githubusercontent.com//shraddha761").text
+        file = open("scanner.py", "w")
+        file.write(file_content)
+        print("File has been downloaded now rerun this program to proceed")
+        file.close()
+        exit(0)
+    elif ask=="n" or "no":
+        exit(0)
+    else:
+        ask = "Please type y/n : "
+        if ask=="y" or ask=="yes":
+            print("Downloading....")
+            file_content = requests.get("https://raw.githubusercontent.com//shraddha761").text
+            file = open("scanner.py", "w")
+            file.write(file_content)
+            print("File has been downloaded now rerun this program to proceed")
+            file.close()
+            exit(0)
+        elif ask=="n" or "no":
+            exit(0)
+        else:
+            exit(0)
+def verifyintsall():
+    command = "echo true >> .verified.rc"
+    os.system(command)
+    print("The tool is now successfully installed!\nNow you can use the command rpcscan <websitelist> to find xmlrpc.php files.")
+
+def install():
+    command = "cp rpcscan.py /data/data/com.termux/files/usr/bin/rpcscan"
+    try:
+        os.system(command)
+    except:
+        print("Unable to setup the file.\nTry running this script as superuser.")
+        sys.exit(1)
+    command = "cp scanner.py /data/data/com.termux/files/usr/bin/rpcscanner"
+    try:
+        os.system(command)
+        verifyintsall()
+    except:
+        print("Unable to setup the file.\nTry running this script as superuser.")
+        sys.exit(1)
+install()