From 058dc20033ebf87b8e20aab624bcaa68577d15fc Mon Sep 17 00:00:00 2001 From: Shraddha Singh Date: Wed, 9 Aug 2023 23:11:25 +0530 Subject: [PATCH] RPCScan script --- RPCScan/Readme.md | 3 ++ RPCScan/scanner.py | 59 ++++++++++++++++++++++++ RPCScan/setup.py | 111 +++++++++++++++++++++++++++++++++++++++++++++ RPCScan/termux.py | 110 ++++++++++++++++++++++++++++++++++++++++++++ SCRIPTS.md | 1 + 5 files changed, 284 insertions(+) create mode 100644 RPCScan/Readme.md create mode 100644 RPCScan/scanner.py create mode 100644 RPCScan/setup.py create mode 100644 RPCScan/termux.py diff --git a/RPCScan/Readme.md b/RPCScan/Readme.md new file mode 100644 index 00000000..2feb3a16 --- /dev/null +++ b/RPCScan/Readme.md @@ -0,0 +1,3 @@ +# RPCScan + +A python tool to automate all the efforts that you put on finding the xmlrpc.php file on all of your targets subdomains and then finding the vulnerable methods and then finding the reports on hackerone and medium writeups. diff --git a/RPCScan/scanner.py b/RPCScan/scanner.py new file mode 100644 index 00000000..7d73d454 --- /dev/null +++ b/RPCScan/scanner.py @@ -0,0 +1,59 @@ +from colorama import Fore +import re +import requests +import os +import sys +import urllib3 + +url = sys.argv[1] +urllib3.disable_warnings() +http = urllib3.PoolManager(cert_reqs='CERT_NONE') + +print(f"{Fore.BLUE}[!] Checking if Mod_Security waf is present [!]") +checkxml = """ +system.listMethods + +""" +headers = {'Content-Type': 'application/xml'} +url = f"{url}/xmlrpc.php" +postresp = requests.post(url, data=checkxml, headers=headers, verify=False).text +if re.search("Mod_Security", postresp): + print(f"{Fore.RED}[!] Potential: Target is protected by Mod_Security WAF [!]") + print("[!] Interrupting Attack [!]") + sys.exit(0) +else: + print("[!] Mod_Security not found [!]") + print(f"[!] Confidence: 100% [!]") + +print(f"{Fore.BLUE}[!] Checking for DDOS exploit(pingback.ping method) [!]") +if re.search("pingback.ping", postresp): + print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE}Method pingback.ping enabled {Fore.GREEN}[!]") + print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE}Possibly this domain can be used as a botnet in a DDOS attack {Fore.GREEN}[!]") + print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE}Possible internal port scanning. [!]") +else: + print(f"{Fore.GREEN}[!] Method pingback.ping not found [!]") + +print(f"{Fore.BLUE}[!] Checking if Bruteforce is Possible(wp.getUserBlogs) [!]") +if re.search("wp.getUserBlogs", postresp): + print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE}Method wp.getUserBlogs enabled {Fore.GREEN}[!]") + print(f"{Fore.GREEN}[!] {Fore.RED}Potential: {Fore.BLUE} Accounts can be cracked by taking advantage of this method {Fore.GREEN}[!]") +else: + print(f"{Fore.GREEN}[!] Method wp.getUserBlogs not found [!]") + +inp = input("Do you want to check all the available XMLRPC methods that are allowed? (y/any key) : ") + +if inp=='y': + ask=input("Do you want to save this response in a file for futher testing? (y/any key) : ") + if ask=="y": + filename = input("Enter the filename for output : ") + try: + op = open(filename, "a") + op.write(postresp) + print(postresp) + print(f"\n[I] output saved to {filename} [I]") + except: + print(f"{Fore.RED}[!] Unable to open/create a file in this directory. [!]\nTry:\n\t1. Changing the directory.\n\t2. Run this script as root(if not running).") + else: + print(postresp) +else: + pass \ No newline at end of file diff --git a/RPCScan/setup.py b/RPCScan/setup.py new file mode 100644 index 00000000..749d8661 --- /dev/null +++ b/RPCScan/setup.py @@ -0,0 +1,111 @@ +#!/bin/python3 +import os +try: + import requests +except: + os.system("pip3 install requests") + print("Run the setup again to continue.") + exit(0) +import sys +try: + import urllib3 +except: + os.system("pip3 install urllib3") + print("Run the setup again to continue.") + exit(0) +try: + from colorama import Fore +except: + os.system("pip3 install colorama") + print("Run the setup again to continue.") + exit(0) +if len(sys.argv)>1: + if sys.argv[1]=="-r": + print("Repairing...") + command = "rm -r .verified.rc" + try: + open(".verified.rc") + os.system(command) + except: + print("Unable to repair the tool.") + sys.exit(1) + +try: + open(".verified.rc") + print("The tool is already configured!\nrun the command rpcscan -h to see help menu.\nNote: If you are not able to run the tool run the command python3 setup.py -r .") + sys.exit(1) +except: + pass + +currentdir = os.getcwd() + +try: + open("rpcscan.py") +except: + print("[-] rpcscan.py not found [-]") + ask = input("Do you want to download rpcscan.py? (y/n) ") + if ask=="y" or ask=="yes": + print("Downloading....") + file_content = requests.get("https://raw.githubusercontent.com/shraddha761").text + file = open("rpcscan.py", "w") + file.write(file_content) + file.close() + elif ask=="n" or "no": + exit(0) + else: + ask = "Please type y/n : " + if ask=="y" or ask=="yes": + print("Downloading....") + elif ask=="n" or "no": + exit(0) + else: + exit(0) +try: + open("scanner.py") +except: + print("[-] scanner.py not found [-]") + ask = input("Do you want to download scanner.py? (y/n) ") + if ask=="y" or ask=="yes": + print("Downloading....") + file_content = requests.get("https://raw.githubusercontent.com/shraddha761").text + file = open("scanner.py", "w") + file.write(file_content) + print("File has been downloaded now rerun this program to proceed") + file.close() + exit(0) + elif ask=="n" or "no": + exit(0) + else: + ask = "Please type y/n : " + if ask=="y" or ask=="yes": + print("Downloading....") + file_content = requests.get("https://raw.githubusercontent.com/shraddha761").text + file = open("scanner.py", "w") + file.write(file_content) + print("File has been downloaded now rerun this program to proceed") + file.close() + exit(0) + elif ask=="n" or "no": + exit(0) + else: + exit(0) +def verifyintsall(): + command = "echo true >> .verified.rc" + os.system(command) + print("The tool is now successfully installed!\nNow you can use the command rpcscan to find xmlrpc.php files.") + +def install(): + command = "cp rpcscan.py /usr/bin/rpcscan" + try: + os.system(command) + except: + print("Unable to setup the file.\nTry running this script as superuser.") + sys.exit(1) + command = "cp scanner.py /usr/bin/rpcscanner" + try: + os.system(command) + verifyintsall() + except: + print("Unable to setup the file.\nTry running this script as superuser.") + sys.exit(1) +install() \ No newline at end of file diff --git a/RPCScan/termux.py b/RPCScan/termux.py new file mode 100644 index 00000000..a87160c2 --- /dev/null +++ b/RPCScan/termux.py @@ -0,0 +1,110 @@ +import os +try: + import requests +except: + os.system("pip3 install requests") + print("Run the setup again to continue.") + exit(0) +import sys +try: + import urllib3 +except: + os.system("pip3 install urllib3") + print("Run the setup again to continue.") + exit(0) +try: + from colorama import Fore +except: + os.system("pip3 install colorama") + print("Run the setup again to continue.") + exit(0) +if len(sys.argv)>1: + if sys.argv[1]=="-r": + print("Repairing...") + command = "rm -r .verified.rc" + try: + open(".verified.rc") + os.system(command) + except: + print("Unable to repair the tool.") + sys.exit(1) + +try: + open(".verified.rc") + print("The tool is already configured!\nrun the command rpcscan -h to see help menu.\nNote: If you are not able to run the tool run the command python3 setup.py -r .") + sys.exit(1) +except: + pass + +currentdir = os.getcwd() + +try: + open("rpcscan.py") +except: + print("[-] rpcscan.py not found [-]") + ask = input("Do you want to download rpcscan.py? (y/n) ") + if ask=="y" or ask=="yes": + print("Downloading....") + file_content = requests.get("https://raw.githubusercontent.com//shraddha761").text + file = open("rpcscan.py", "w") + file.write(file_content) + file.close() + elif ask=="n" or "no": + exit(0) + else: + ask = "Please type y/n : " + if ask=="y" or ask=="yes": + print("Downloading....") + elif ask=="n" or "no": + exit(0) + else: + exit(0) +try: + open("scanner.py") +except: + print("[-] scanner.py not found [-]") + ask = input("Do you want to download scanner.py? (y/n) ") + if ask=="y" or ask=="yes": + print("Downloading....") + file_content = requests.get("https://raw.githubusercontent.com//shraddha761").text + file = open("scanner.py", "w") + file.write(file_content) + print("File has been downloaded now rerun this program to proceed") + file.close() + exit(0) + elif ask=="n" or "no": + exit(0) + else: + ask = "Please type y/n : " + if ask=="y" or ask=="yes": + print("Downloading....") + file_content = requests.get("https://raw.githubusercontent.com//shraddha761").text + file = open("scanner.py", "w") + file.write(file_content) + print("File has been downloaded now rerun this program to proceed") + file.close() + exit(0) + elif ask=="n" or "no": + exit(0) + else: + exit(0) +def verifyintsall(): + command = "echo true >> .verified.rc" + os.system(command) + print("The tool is now successfully installed!\nNow you can use the command rpcscan to find xmlrpc.php files.") + +def install(): + command = "cp rpcscan.py /data/data/com.termux/files/usr/bin/rpcscan" + try: + os.system(command) + except: + print("Unable to setup the file.\nTry running this script as superuser.") + sys.exit(1) + command = "cp scanner.py /data/data/com.termux/files/usr/bin/rpcscanner" + try: + os.system(command) + verifyintsall() + except: + print("Unable to setup the file.\nTry running this script as superuser.") + sys.exit(1) +install() \ No newline at end of file diff --git a/SCRIPTS.md b/SCRIPTS.md index f5da5c6d..a2056883 100644 --- a/SCRIPTS.md +++ b/SCRIPTS.md @@ -98,3 +98,4 @@ | 64\. | RapidScan | The Multi-Tool Web Vulnerability Scanner | [Take me](./RapidScan) | 64\. | CredPhish | CredPhish is a PowerShell script designed to invoke credential prompts and exfiltrate passwords. | [Take me](./CredPhish) | 64\. | WebStor | This script is designed to perform reconnaissance and vulnerability assessment across websites within an organization's networks | [Take me](./WebStor) +| 65\. | RPCScan | A python tool to automate all the efforts that you put on finding the xmlrpc | [Take me](./RPCScan) \ No newline at end of file