forked from interference-security/scripts-tools-shells
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathwp_full_path_disclosure.py
More file actions
71 lines (64 loc) · 5.73 KB
/
wp_full_path_disclosure.py
File metadata and controls
71 lines (64 loc) · 5.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/usr/bin/python
#Python script to perform WordPress FPD check
#Tested on:
#Windows,Linux
#WordPress v4.2.2
try:
from bs4 import BeautifulSoup
import urllib2
import requests
import argparse
import ssl
except Exception,e:
print "[!] Error: "+str(e)
print "[*] Make sure you have the following Python modules installed:\n\tbs4, urllib2, requests, argparse, ssl, lxml"
exit(0)
parser = argparse.ArgumentParser(description='Check for WordPress Full Path Disclosure vulnerability')
parser.add_argument('-t','--target', help='WordPress target', required=True)
parser.add_argument('-v','--verbose', help='Show verbose message', action='store_const', const=True)
parser.add_argument('-o','--outfile', help='Save output in file')
args = parser.parse_args()
target = args.target.encode('utf-8')
if target.endswith("/"):
target = target[:-1]
if hasattr(ssl, '_create_unverified_context'):
ssl._create_default_https_context = ssl._create_unverified_context
def checker(base_path, target_paths):
for i in target_paths:
try:
target_url = target+base_path+str(i)
if args.verbose:
print "[-] Trying: "+target_url
r = requests.get(target_url, verify=False)
sc = r.status_code
if sc != 404 and sc != 500 and sc != 403:
html = urllib2.urlopen(target_url)
soup = BeautifulSoup(html.read(), "lxml")
allb = soup.find_all("b")
#print allb[1]
try:
res = (str(allb[1]).replace("<b>","")).replace("</b>","")
print "[*] Found: " + str(target_url) + " : " + str(res)
if args.outfile:
f = open(args.outfile, "a")
f.write("[*] Found: " + str(target_url) + " : " + str(res) + "\n")
f.close()
except Exception,e:
#print str(e)
pass
except Exception,e:
#print "Exception occurred"
print str(e)
print "[*] Started"
requests.packages.urllib3.disable_warnings()
#wp-includes check
print "[*] Checking in 'wp-includes' directory"
wp_includes_path = "/wp-includes/"
target_paths=["admin-bar.php", "atomlib.php", "author-template.php", "bookmark-template.php", "bookmark.php", "cache.php", "canonical.php", "capabilities.php", "category-template.php", "category.php", "class-IXR.php", "class-feed.php", "class-http.php", "class-json.php", "class-oembed.php", "class-phpass.php", "class-phpmailer.php", "class-pop3.php", "class-simplepie.php", "class-smtp.php", "class-snoopy.php", "class-wp-admin-bar.php", "class-wp-ajax-response.php", "class-wp-customize-control.php", "class-wp-customize-manager.php", "class-wp-customize-panel.php", "class-wp-customize-section.php", "class-wp-customize-setting.php", "class-wp-customize-widgets.php", "class-wp-editor.php", "class-wp-embed.php", "class-wp-error.php", "class-wp-http-ixr-client.php", "class-wp-image-editor-gd.php", "class-wp-image-editor-imagick.php", "class-wp-image-editor.php", "class-wp-theme.php", "class-wp-walker.php", "class-wp-xmlrpc-server.php", "class-wp.php", "class.wp-dependencies.php", "class.wp-scripts.php", "class.wp-styles.php", "comment-template.php", "comment.php", "compat.php", "cron.php", "date.php", "default-constants.php", "default-filters.php", "default-widgets.php", "deprecated.php", "feed-atom-comments.php", "feed-atom.php", "feed-rdf.php", "feed-rss.php", "feed-rss2-comments.php", "feed-rss2.php", "feed.php", "files.txt", "formatting.php", "functions.php", "functions.wp-scripts.php", "functions.wp-styles.php", "general-template.php", "http.php", "kses.php", "l10n.php", "link-template.php", "load.php", "locale.php", "media-template.php", "media.php", "meta.php", "ms-blogs.php", "ms-default-constants.php", "ms-default-filters.php", "ms-deprecated.php", "ms-files.php", "ms-functions.php", "ms-load.php", "ms-settings.php", "nav-menu-template.php", "nav-menu.php", "option.php", "pluggable-deprecated.php", "pluggable.php", "plugin.php", "post-formats.php", "post-template.php", "post-thumbnail-template.php", "post.php", "query.php", "registration-functions.php", "registration.php", "revision.php", "rewrite.php", "rss-functions.php", "rss.php", "script-loader.php", "session.php", "shortcodes.php", "taxonomy.php", "template-loader.php", "template.php", "theme.php", "update.php", "user.php", "vars.php", "version.php", "widgets.php", "wp-db.php", "wp-diff.php"]
checker(wp_includes_path, target_paths)
#wp-admin check
print "[*] Checking in 'wp-admin' directory"
wp_admin_path = "/wp-admin/"
target_paths=["about.php", "admin-ajax.php", "admin-footer.php", "admin-functions.php", "admin-header.php", "admin-post.php", "admin.php", "async-upload.php", "comment.php", "credits.php", "custom-background.php", "custom-header.php", "customize.php", "edit-comments.php", "edit-form-advanced.php", "edit-form-comment.php", "edit-link-form.php", "edit-tag-form.php", "edit-tags.php", "edit.php", "export.php", "freedoms.php", "import.php", "index.php", "install-helper.php", "install.php", "link-add.php", "link-manager.php", "link-parse-opml.php", "link.php", "load-scripts.php", "load-styles.php", "media-new.php", "media-upload.php", "media.php", "menu-header.php", "menu.php", "moderation.php", "ms-admin.php", "ms-delete-site.php", "ms-edit.php", "ms-options.php", "ms-sites.php", "ms-themes.php", "ms-upgrade-network.php", "ms-users.php", "my-sites.php", "nav-menus.php", "network.php", "options-discussion.php", "options-general.php", "options-head.php", "options-media.php", "options-permalink.php", "options-reading.php", "options-writing.php", "options.php", "plugin-editor.php", "plugin-install.php", "plugins.php", "post-new.php", "post.php", "press-this.php", "profile.php", "revision.php", "setup-config.php", "theme-editor.php", "theme-install.php", "themes.php", "tools.php", "update-core.php", "update.php", "upgrade-functions.php", "upgrade.php", "upload.php", "user-edit.php", "user-new.php", "users.php", "widgets.php"]
checker(wp_admin_path, target_paths)
print "[*] Completed"