Skip to content

Instantly share code, notes, and snippets.

@YasserGersy
Last active November 19, 2018 14:57
Show Gist options
  • Save YasserGersy/1e20d29851b1521f9d970fbe68743fa2 to your computer and use it in GitHub Desktop.
Save YasserGersy/1e20d29851b1521f9d970fbe68743fa2 to your computer and use it in GitHub Desktop.
Configuration crawler to scan available sensitive configuration finles
import requests,time,sys,os
requests.adapters.DEFAULT_RETRIES = 2
requests.packages.urllib3.disable_warnings()
from requests.packages.urllib3.util.retry import Retry
from requests.adapters import HTTPAdapter
s = requests.Session()
retries = Retry(total=5,
backoff_factor=0.1,
status_forcelist=[ 500, 502, 503, 504 ])
s.mount('http://', HTTPAdapter(max_retries=retries))
hide_unuseful_data=False
print '''
----------------------
Configuration file finder
----------------------
'''
def spaces(strx,lenx):
while len(strx)<lenx:
strx=strx+' '
return strx
path=''
if len(sys.argv)>1:
path=sys.argv[1]
if os.path.isfile(path) is False:
print path+' not found'
lines=[]
try:
lines=open(path,'r').readlines()
except Exception,e:
print 'Error Reading'
i=0
file_paths=['phpinfo.php','php/phpinfo.php','php/check.php','check.php','server.js','.htaccess']
found=[]
escape_domain=[]
domain_counter=0
print 'Loaded Domains : '+str(len(lines))
for l in lines:
domain_counter=domain_counter+1
i=i+1
ix=str(i)
l=l.strip()
if ' ' in l:
l=ls.plit(' ')[0]
if len(l)<3 or ('.' not in l ):
continue
if l.startswith('https://'):
l=l[8:]
if l in escape_domain:
continue
for p in file_paths:
tries=0
Try_https=False
Sent=False
while Sent is False and tries<3:
Sent=True
tries=tries+1
try:
if l in escape_domain:
break
headers={'Host': l,'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8','Accept-Language': 'en-US,en;q=0.5'}
url=l
if (l.startswith('http://') is False) :
url='http://'+l+'/'+p
if Try_https:
if l.startswith('http://') :
l='https://'+l[7:]
else:
url='https://'+l+'/'+p
r=s.get(url=url,headers=headers,allow_redirects=True,verify=False,timeout=5)
code=str(r.status_code)
bod=r.text.encode('utf-8')
if code.startswith('2'):
print ''
code_desc=str(code)+' '+r.reason
body_banner=' Body-Length'+str(len(bod))+
if '404 Not Found' in bod:
print '\n'+spaces('['+ix+']',5) +spaces(url,70)+' : '+code_desc+body_banner+' 404 message in body',
if '<title>phpinfo()</title></head>' in bod:
print '\n'+spaces('['+ix+']',5) +spaces(url,70)+' : '+code_desc+body_banner+' 99% valid php info file',
else:
print '\n'+spaces('['+ix+']',5) +spaces(url,70)+' : '+code_desc+body_banner+('HTML' if '<html>' in bod else '' ),
if r.status_code==200 and 'not found' not in bod and '<html>' not in bod:
found.append(url)
except Exception,er:
er=str(er)
if ( hide_unuseful_data is False):
if 'HTTPConnectionPool(' in er :
print spaces('\n ['+ix+']',5) +spaces(url,70)+' : Can not connect',
escape_domain.append(l)
elif 'violation of protocol' in er:
print spaces('\n ['+ix+']',5) +spaces(url,70)+' : SSL Error',
Try_https=True
Sent=False
elif 'Max retries' in er:
Sent=True
else:
print spaces('\n ['+ix+']',5) +spaces(url,70)+' : Connection Error '+er,
escape_domain.append(l)
print found
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment