Last active
November 19, 2018 14:57
-
-
Save YasserGersy/1e20d29851b1521f9d970fbe68743fa2 to your computer and use it in GitHub Desktop.
Configuration crawler to scan available sensitive configuration finles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests,time,sys,os | |
requests.adapters.DEFAULT_RETRIES = 2 | |
requests.packages.urllib3.disable_warnings() | |
from requests.packages.urllib3.util.retry import Retry | |
from requests.adapters import HTTPAdapter | |
s = requests.Session() | |
retries = Retry(total=5, | |
backoff_factor=0.1, | |
status_forcelist=[ 500, 502, 503, 504 ]) | |
s.mount('http://', HTTPAdapter(max_retries=retries)) | |
hide_unuseful_data=False | |
print ''' | |
---------------------- | |
Configuration file finder | |
---------------------- | |
''' | |
def spaces(strx,lenx): | |
while len(strx)<lenx: | |
strx=strx+' ' | |
return strx | |
path='' | |
if len(sys.argv)>1: | |
path=sys.argv[1] | |
if os.path.isfile(path) is False: | |
print path+' not found' | |
lines=[] | |
try: | |
lines=open(path,'r').readlines() | |
except Exception,e: | |
print 'Error Reading' | |
i=0 | |
file_paths=['phpinfo.php','php/phpinfo.php','php/check.php','check.php','server.js','.htaccess'] | |
found=[] | |
escape_domain=[] | |
domain_counter=0 | |
print 'Loaded Domains : '+str(len(lines)) | |
for l in lines: | |
domain_counter=domain_counter+1 | |
i=i+1 | |
ix=str(i) | |
l=l.strip() | |
if ' ' in l: | |
l=ls.plit(' ')[0] | |
if len(l)<3 or ('.' not in l ): | |
continue | |
if l.startswith('https://'): | |
l=l[8:] | |
if l in escape_domain: | |
continue | |
for p in file_paths: | |
tries=0 | |
Try_https=False | |
Sent=False | |
while Sent is False and tries<3: | |
Sent=True | |
tries=tries+1 | |
try: | |
if l in escape_domain: | |
break | |
headers={'Host': l,'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8','Accept-Language': 'en-US,en;q=0.5'} | |
url=l | |
if (l.startswith('http://') is False) : | |
url='http://'+l+'/'+p | |
if Try_https: | |
if l.startswith('http://') : | |
l='https://'+l[7:] | |
else: | |
url='https://'+l+'/'+p | |
r=s.get(url=url,headers=headers,allow_redirects=True,verify=False,timeout=5) | |
code=str(r.status_code) | |
bod=r.text.encode('utf-8') | |
if code.startswith('2'): | |
print '' | |
code_desc=str(code)+' '+r.reason | |
body_banner=' Body-Length'+str(len(bod))+ | |
if '404 Not Found' in bod: | |
print '\n'+spaces('['+ix+']',5) +spaces(url,70)+' : '+code_desc+body_banner+' 404 message in body', | |
if '<title>phpinfo()</title></head>' in bod: | |
print '\n'+spaces('['+ix+']',5) +spaces(url,70)+' : '+code_desc+body_banner+' 99% valid php info file', | |
else: | |
print '\n'+spaces('['+ix+']',5) +spaces(url,70)+' : '+code_desc+body_banner+('HTML' if '<html>' in bod else '' ), | |
if r.status_code==200 and 'not found' not in bod and '<html>' not in bod: | |
found.append(url) | |
except Exception,er: | |
er=str(er) | |
if ( hide_unuseful_data is False): | |
if 'HTTPConnectionPool(' in er : | |
print spaces('\n ['+ix+']',5) +spaces(url,70)+' : Can not connect', | |
escape_domain.append(l) | |
elif 'violation of protocol' in er: | |
print spaces('\n ['+ix+']',5) +spaces(url,70)+' : SSL Error', | |
Try_https=True | |
Sent=False | |
elif 'Max retries' in er: | |
Sent=True | |
else: | |
print spaces('\n ['+ix+']',5) +spaces(url,70)+' : Connection Error '+er, | |
escape_domain.append(l) | |
print found |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment