Smcom - Скрипт для поиска установленных компонентов Joomla.
Life-HackJoomla это наверное самый простой из самых распространённых web движков и наверное (от большей части) именно по этому большая часть "новоиспечённых" вебмастеров устанавливают Joomla и начинают свои первые шаги именно с неё.
Разумеется не имея опыта и знаний, но имея желание (а у кого то просто огромное) сделать свой сайт как можно более функциональным и как можно более красивым, практически все новички устанавливают просто кучу различных компонентов, плагинов, модулей, и прочих прелестей (для вебмастера) в свою новенькую Joomla.
Но как я уже сказал "не имея опыта и знаний" большая часть не может правильно их настроить или даже установить, от сюда и появляются уязвимости которыми могут воспользоваться злоумышфленники или "Исследователи"!
Правда бывают и исключения, бывают случаи когда вроде бы и опыт есть, и вроде знания какие-то имеются, но установив какой-то компонент сам того не подозревая вебмастер открывает брешь в своём ресурсе, так как этот самый компонент и имеет какую нибудь уязвимость.
Именно для поиска установленных компонентов и был написан этот скрипт, ведь зная какие компоненты установлены в Joomla можно пройтись по базам уязвимостей (вроде: http://www.cvedetails.com ) и узнать в каком из установленных компонентов есть уязвимость.
Скрипт Show Me components Joomla написан на perl отсюда и его простота.
На данный момент скрипт умеет пробегаться по списку (comdb) компонентов и проверять их наличие на сайте, если есть возможность доступа к файлу с описанием, то выводит версию полное название и описание найденного компонента, при этом имеет возможность использование Proxy при соединении с сервером на котором располагается сайт.
Так же для удобства использования имеет некоторые опции настроек (которые в свою очередь будут добавляться).
Текущая версия скрипта 0.0.3, версия базы компонентов 0.0.2, текущие опции:
-с Вывод только полезной информации, то есть выводит только обнаруженные компоненты. -l Запись результата сканирования в указанный файл. -proxy Для подключение будет использоваться указанный прокси (в случае с использованием tor это socks://localhost:9050)
Пример запуска скрипта:
Сканирование и вывод найденных и не найденных компонентов: perl Smcom.pl -u https://site.en Сканирование с использованием proxy для подключения: perl Smcom.pl -u https://site.en -proxy socks://localhost:9050 Сканирование и вывод только найденных компонентов: perl Smcom.pl -u https://site.en -с Сканирование и запись результата в указанный файл: perl Smcom.pl -u https://site.en -l /root/path/file_for_writen_result.txt
Пример вывода результата работы скрипта:
****************************************** * Show me components Joomla! * * Version: 0.0.3 * * Version Components DB: 0.0.2 * * by Centr * ****************************************** Show me components Joomla! Detected Joomla! version(s) joomla.xml:2.5.11 [+] Read version engine from file README.txt:*Joomla2.5 [+] Read file robots.txt:[+] # If the Joomla site is installed within a folder such as at # e.g. www.example.com/joomla/ the robots.txt file MUST be # moved to the site root at e.g. www.example.com/robots.txt # AND the joomla folder name MUST be prefixed to the disallowed # path, e.g. the Disallow rule for the /administrator/ folder # MUST be changed to read Disallow: /joomla/administrator/ # # For more information about the robots.txt standard, see: # http://www.robotstxt.org/orig.html # # For syntax checking, see: # http://www.sxw.org.uk/computing/robots/check.html User-agent: * Disallow: /administrator/ Disallow: /cache/ Disallow: /cli/ Disallow: /components/ Disallow: /images/ Disallow: /includes/ Disallow: /installation/ Disallow: /language/ Disallow: /libraries/ Disallow: /logs/ Disallow: /media/ Disallow: /modules/ Disallow: /plugins/ Disallow: /templates/ Disallow: /tmp/ Path administrator open.[+] Detected Component Akeeba [+] Detected Version(s): 3.6.12 [+] Description: Akeeba Backup Core - Full Joomla! site backup solution, Core Edition. [+] -------------------------------------------------- Detected Component com_banners [+] Detected Version(s): 2.5.0 [+] Description: COM_BANNERS_XML_DESCRIPTION [+] -------------------------------------------------- Detected Component com_contact [+] Detected Version(s): 2.5.0 [+] Description: COM_CONTACT_XML_DESCRIPTION [+] -------------------------------------------------- Detected Component com_content [+] Detected Version(s): 2.5.0 [+] Description: COM_CONTENT_XML_DESCRIPTION [+] -------------------------------------------------- Detected Component jofacebookgallery [+] Detected Version(s): 4.3 [+] Description: JO Facebook gallery version 4.3 for Joomla 1.6, 1.7, 2.5 installed successfully. This Component connect with facebook allows users manage albums and photos in Facebook embed to their site [+] -------------------------------------------------- Detected Component COM_K2 [+] Detected Version(s): 2.6.6 [+] Description: Thank you for installing K2 by JoomlaWorks, the powerful content extension for Joomla! [+] -------------------------------------------------- Detected Component mailto -------------------------------------------------- Detected Component com_media [+] Detected Version(s): 2.5.0 [+] Description: COM_MEDIA_XML_DESCRIPTION [+] -------------------------------------------------- Detected Component com_newsfeeds [+] Detected Version(s): 2.5.0 [+] Description: COM_NEWSFEEDS_XML_DESCRIPTION [+] -------------------------------------------------- Detected Component com_search [+] Detected Version(s): 2.5.0 [+] Description: COM_SEARCH_XML_DESCRIPTION [+] -------------------------------------------------- Detected Component com_users [+] Detected Version(s): 2.5.0 [+] Description: COM_USERS_XML_DESCRIPTION [+] -------------------------------------------------- Detected Component com_weblinks [+] Detected Version(s): 2.5.0 [+] Description: COM_WEBLINKS_XML_DESCRIPTION [+] -------------------------------------------------- Detected Component wrapper -------------------------------------------------- ======================================= End work!
Smcom.pl:
#!/usr/bin/perl #------------------------------------------- #Show Me components Joomla #Version: 0.0.3 #Version Components DB: 0.0.2 #Description:This script touches on components on the website with Joomla engine according to the list and shows result of search. #Author: Centr #link: https://codeby.net/forum/members/centr.71419/ #___________________________________________ use WWW::UserAgent::Random; use LWP::UserAgent; my $f_base_com='comdb'; chomp @ARGV; $banner=qq{ \n******************************************\n * Show me components Joomla! *\n * Version: 0.0.3 *\n * Version Components DB: 0.0.2 *\n * by Centr *\n ******************************************\n\n }; print $banner; $logs=$banner; unless(@ARGV){ print "\n Usage:perl Smcom.pl -u http://target.no [-c|-l]{-proxy} \n"; print "\nExample: perl Smcom.pl -u http://target.no -c \n"; print "\nExample: perl Smcom.pl -u http://target.no\n"; print "\nExample: perl Smcompl -h \n"; } elsif (@ARGV[0]=~/-h/) { print "\n Usage:perl Smcom.pl -u http://target.no [-s] \n"; print "\nExample: perl Smcom.pl -u http://target.no -c -l /root/com_name_site.txt \n"; print "\nExample: perl Smcom.pl -u http://target.no -c -proxy socks://localhost:9050\n"; print "\nExample: perl Smcom.pl -u http://target.no\n"; print "\nExample: perl Smcom.pl -h \n"; print "\n-----------------------------------------------------------------------\n"; print "\n-c Not write not found component.\n"; print "\n-l Write log in you enter file.\n"; print "\n-proxy Set you proxy.n"; print "\n-h Print this help.\n"; } else { for ($cA=0;$cA<@ARGV;$cA++){ if ($ARGV[$cA] eq "-u"){ $url=$ARGV[$cA+1]; } elsif ($ARGV[$cA] eq "-s"){ $option=1; } elsif ($ARGV[$cA] eq "-l"){ $logfile=$ARGV[$cA+1]; }elsif ($ARGV[$cA] eq "-proxy"){ $proxy=$ARGV[$cA+1]; }elsif ($ARGV[$cA] eq "-c"){ $cls=1; } } if (open(my $fbase, '<:encoding(UTF-8)', $f_base_com)) { $logs=$logs."\n Show me components Joomla!\n"; print "\n Show me components Joomla!\n"; $content=get_page("$url/administrator/manifests/files/joomla.xml","",$proxy); if($content){ @jve=split("<version>",$content); ($jov_j)=split("</version>",$jve[1]); $logs=$logs."\n--------------------------------------------------\n"; $logs=$logs."Detected Joomla! version(s) joomla.xml:$jov_j [+]\n"; print "Detected Joomla! version(s) joomla.xml:$jov_j [+]\n"; } else { print "\n--------------------------------------------------\n"; $logs=$logs."Not found file joomla.xml[!]\n"; print "Not found file joomla.xml[!]\n"; } $content=get_page($url."/README.txt","",$proxy); if($content){ ($jv)=split("version history",$content); @jve=split("www.joomla.org",$jv); $jov_r=$jve[1]; $jov_r=~s/\n//g; $jov_r=~s/ //g; $logs=$logs."Read version engine from file README.txt:$jov_r [+]\n"; print "Read version engine from file README.txt:$jov_r [+]\n"; } else { $logs=$logs."Not found file README.txt[!]\n"; print "Not found file README.txt[!]\n"; } $content=get_page($url."/robots.txt","",$proxy); if($content){ $logs=$logs."Read file robots.txt:[+]\n"; $logs=$logs."$content\n"; print "Read file robots.txt:[+]\n"; print "$content\n"; } else { $logs=$logs."Not found file robots.txt[!]\n"; print "Not found file robots.txt[!]\n"; } $content_host=get_page($url,"",$proxy); $content=get_page($url."/administrator/components/com_cache/cache.xml","",$proxy); if($content ne $content_host){ $logs=$logs."Path administrator open.[+]\n"; print "Path administrator open.[+]\n"; $check_ver_com=1; } else { $logs=$logs."Path administrator closed[!]\n"; print "Path administrator closed[!]\n"; $check_ver_com=0; } while ($com = <$fbase>) { chomp $com; ($tmp,$name_com)=split("com_",$com); unless($cls){ $logs=$logs."Tested: $name_com "; print "Tested: $name_com "; } $content=get_page($url."/components/".$com."/".$name_com.".php","",$proxy); if($content==1){ if ($check_ver_com==1){ $content2=get_page($url."/administrator/components/".$com."/".$name_com.".xml","",$proxy); if($content2){ @cve=split("<version>",$content2); ($comp_version)=split("</version>",@cve[1]); @cname=split("<name>",$content2); ($comp_name)=split("</name>",@cname[1]); @cdescrip=split("<description>",$content2); ($comp_description)=split("</description>",@cdescrip[1]); } } if($comp_name){ $logs=$logs."Detected Component $comp_name [+]\n"; print "Detected Component $comp_name [+]\n"; }else{ $logs=$logs."Detected Component $name_com\n"; print "Detected Component $name_com\n"; } if ($comp_version){ $logs=$logs."Detected Version(s): $comp_version [+] \n"; print "Detected Version(s): $comp_version [+] \n"; } if ($comp_description){ $logs=$logs."Description: $comp_description [+] \n"; print "Description: $comp_description [+] \n"; } $logs=$logs."\n--------------------------------------------------\n"; print "\n--------------------------------------------------\n"; } elsif($content==2) { unless($cls){ $logs=$logs."Not found component[!]\n"; print "Not found component[!]\n"; } } else { $logs=$logs."$content\n"; print "Error $content\n"; } } close $fbase; $logs=$logs."\n\n=======================================\nEnd work!\n"; print "\n\n=======================================\nEnd work!\n"; } else { print "Error open comdb!\n\n";} if($logfile){ if(open(my $flog, '>',$logfile)){ print $flog $logs; close $flog; }else{ print "\nError open file: $logfile\n"; } } } sub get_page() { my $link=$_[0]; my $agent=$_[1]; my $prox=$_[2]; my $ua = new LWP::UserAgent(agent => rand_ua($agent)); if ($prox){$ua->proxy([qw(http https)] => $prox);} my $response = $ua->get($link); if($response->code==200){ $cont=$response->decoded_content; if($cont){return $cont;}else{ return 1;} } elsif($response->code==404){ return 2; }else{ return $response->code,' ', $response->message,"\n";} }
comdb:
com_vikappointments com_5starhotels com_akeeba com_a6mambocredits com_a6mambohelpdesk com_aardvertiser com_ab com_abc com_acajoom com_acctexp com_aceftp com_aclassf com_aclassfb com_aclsfgpl com_acooldebate com_activities com_actualite com_acymailing com_admin com_adsmanager com_advancedpoll com_advert com_affiliatetracker com_agora com_agoragroup com_aicontactsafe com_ajaxchat com_akobook com_akocomment com_akogallery com_alameda com_alberghi com_alfcontact com_alfurqan com_alfurqan15x com_allcinevid com_allhotels com_alphacontent com_alphauserpoints com_altas com_amblog com_amocourse com_annonces com_answers com_appointinator com_artforms com_article com_articleman com_articles com_artist com_artlinks com_artportal com_asortyment com_astatspro com_autartimonial com_availcal com_awd_song com_awdwall com_awesom com_babackup com_banners com_bayesiannaivefilter com_bazaar com_bbs com_bca-rss-syndicator com_be com_beamospetition com_bearleague com_beeheard com_bfquiztrial com_bfsurvey_profree com_biblestudy com_biblioteca com_billyportfolio com_bit com_blog com_blogfactory com_bnf com_bookflip com_bookjoomlas com_booklibrary com_bookmarks com_books com_boss com_br com_breezingforms com_brightweblinks com_bsadv com_bsq com_bsqsitestats com_bt_media com_bulkenquery com_calcbuilder com_calendar com_camelcitydb2 com_camp com_candle com_car com_casino com_casinobase com_catalog com_catalogproduction com_catalogshop com_category com_catfiltering com_cbe com_ccboard com_ccinvoices com_cgtestimonial com_chronoconnectivity com_chronocontact com_cinema com_civicrm com_cjlib com_ckforms com_clan com_clanlist com_clantools com_clasifier com_classifieds com_clickheat com_cloner com_cmimarketplace com_cmotour com_cms com_collector com_colophon com_color com_colorlab com_commedia com_community com_communitypolls com_communityquiz com_communitysurveys com_competitions com_comprofiler com_connect com_contact com_contact_enhanced com_contactformmaker com_contactinfo com_content com_contenthistory com_contentmap com_contushdvideoshare com_cpg com_creativecontactform com_crhotels com_cropimage com_crowdsource com_custompages com_cx com_d3000 com_dadamail com_dailymessage com_dateconverter com_datsogallery com_dbquery com_dcnews com_delicious com_detail com_digifolio com_digistore com_dioneformwizard com_directorix com_directory com_discussions com_djartgallery com_djcatalog com_djiceshoutbox com_dms com_doc com_docman com_docmanpaypal com_donateprocess com_doqment com_downloads com_ds-syndicate com_dshop com_dtregister com_dv com_easy_youtube_gallery com_easybook com_easygb com_ecommercewd com_education com_elite com_elite_experts com_emcomposer com_enmasse com_equipment com_equotes com_esearch com_eshop com_eslamiat com_estateagent com_event com_eventbooking com_eventing com_eventix com_eventlist com_events com_ewriting com_expose com_expshop com_extcalendar com_extended com_extplorer com_extplorer-test1 com_extplorer-test2 com_extplorer-test3 com_extrasearch com_ezautos com_ezine com_ezstore com_fabrik com_facegallery com_facileforms com_fantasytournament com_faq com_fastball com_feederator com_filebase com_filiale com_fireboard com_firmy com_flash com_flashfun com_flashmagazinedeluxe com_flippingbook com_flipwall com_flyspray com_fm com_foevpartners com_foobla_suggestions com_football com_formmaker com_formtool com_forum com_fq com_fss com_full com_fundraiser com_g2bridge com_galeria com_galleria com_gallery com_gallery_wd com_galleryxml com_game com_gameq com_gamesbox com_gameserver com_garyscookbook com_genealogy com_geoboerse com_geocontent com_gigcal com_gk3_photoslide com_gmaps com_gnosis com_golfcourseguid com_golfcourseguide com_googlebase com_goverment com_gpstools com_graphics com_grid com_groovygallery com_gsticketsystem com_guide com_guru com_hashcash com_hbooking com_hbssearch com_hdflvplayer com_hello com_helpdeskpro com_hikasho com_hmcommunity com_hotproperties com_hotproperty com_hotspots com_htmlarea3 com_huruhelpdesk com_hwdvideoshare com_icagenda com_ice com_idoblog com_idvnews com_ignitegallery com_ijoomla com_imagebrowser com_img com_imoti com_informations com_inneradmission com_installer com_inter com_intranet com_ionfiles com_iproperty com_is com_ixxocart com_jabode com_jacomment com_jashowcase com_javoice com_jb2 com_jbpeople com_jbudgetsmagic com_jbusinessdirectory com_jcafe com_jcalpro com_jce com_jcommunity com_jcruisereservation com_jcs com_jd-wiki com_jd-wp com_jdirectory com_jeajaxeventcalendar com_jeauction com_jeauto com_jeawdsong com_jeclassifyads com_jedirectory com_jeemasms com_jefaqpro com_jeformcr com_jegallery com_jegridfolio com_jeguestbook com_jejob com_jek2storymultipleform com_jem com_jemessenger com_jepoll com_jeportfolio com_jepropertyfinder com_jequizmanagement com_jequoteform com_jesectionfinder com_jesubmit com_jeticket com_jetour com_jevideorate com_jfbconnect com_jfuploader com_jgen com_jgrid com_jhotelreservation com_jim com_jimtawl com_jinc com_jjgallery com_jmarket com_jmovies com_jmsfileseller com_jnews com_jnewsletter com_jobgrokapp com_jobline com_jobprofile com_jofacebookgallery com_joltcard com_jombib com_jomdirectory com_jomestate com_jomres com_jomtube com_joobb com_joodb com_jooget com_joom12pic com_joomblog com_joomdle com_joomdoc com_joomdocs com_joomgalaxy com_joominaflileselling com_joomla com_joomla-visites com_joomlaboard com_joomladate com_joomlaflashfun com_joomlalib com_joomlaradiov5 com_joomlaupdate com_joomlavvz com_joomlaxplorer com_joomloads com_joomloc com_joomlub com_joomnik com_joomradio com_joomsport com_joomtouch com_joomtracker com_jooproperty com_joovideo com_jotloader com_journal com_jp_jobs com_jpack com_jpad com_jphone com_jradio com_jreactions com_jreservation com_jreviews com_jscalendar com_jsjobs com_jsplocation com_jstore com_jsubscription com_jsupport com_jtagcalendar com_jtickets com_jumi com_juser com_jvcomment com_jvehicles com_jvideo com_jvideoclip com_jvideodirect com_jvotesystem com_k2 com_k2ajaxsearch com_k2store com_kbase com_knowledgebase com_kochsuite com_komento com_konsultasi com_kp com_ksadvertiser com_kunena com_kunena_google_map_no_geocode com_lead com_letterman com_lexikon com_linkdirectory com_listbingo com_listing com_listoffreeads com_livechat com_liveticker com_lm com_lmo com_lms com_loudmounth com_loudmouth com_lovefactory com_lowcosthotels com_lucygames com_lurm com_macgallery com_machine com_mad4joomla com_madeira com_magicdealsweb com_maian15 com_maianmedia com_maianmusic com_mailarchive com_mailto com_mambatstaff com_mambelfish com_mambospgm com_mambowiki com_maqmahelpdesk com_marketplace com_markt com_matamko com_mcquiz com_mdigg com_media com_mediaslide com_mediqna com_memorix com_mezun com_mgm com_minibb com_misterestate com_mmp com_model com_moodle com_moofaq com_mosets com_mosforms com_mosmedia com_mospray com_mosres com_most com_motor com_movm com_mp3 com_mscomment com_mtree com_multibanners com_muscol com_music com_myalbum com_myblog com_mycar com_mycontent com_mydyngallery com_myform com_mygallery com_myhome com_mymsg com_mysms com_mytube com_n-forms com_na com_neogallery com_neorecruit com_neoreferences com_netinvoice com_news com_newsfeeds com_newsflash com_nfn com_niceajaxpoll com_nicetalk com_nkc com_noticeboard com_noticias com_novasfh com_ob com_obsuggest com_odudeprofile com_omnirealestate com_omphotogallery com_onevote com_ongallery com_ongumatimesheet20 com_onismusic com_onispetitions com_onisquotes com_onlineflashquiz com_ornekek com_osproperty com_osservicesbooking com_ownbiblio com_oziogallery com_oziogallery2 com_pandafminigames com_panoramic com_parcoauto com_paxgallery com_paxxgallery com_payplans com_pbbooking com_pcchess com_pccookbook com_people com_peoplebook com_performs com_philaform com_phocadocumentation com_phocagallery com_phocamaps com_photo com_photomapgallery com_php com_phpshop com_picasa2gallery com_picsell com_pinboard com_pms com_poll com_pollxt com_ponygallery com_portafolio com_portfol com_portfoliogallery com_poweradmin com_prayercenter com_pro com_pro_desk com_prod com_product com_products com_productshowcase com_profile com_profiler com_projectfork com_properties com_propertylab com_puarcade com_publication com_publisher com_qcontacts com_qpersonel com_question com_quiz com_quran com_rand com_rapidrecipe com_rdautos com_realestatemanager com_realtyna com_recly com_record com_redshop com_referenzen com_registrationpro com_rekry com_remository com_reporter com_reservations com_resman com_restaurante com_restaurantguide com_ricette com_rokdownloads com_rokmodule com_rpl com_rsappt_pro2 com_rsappt_pro3 com_rsbook_15 com_rsfiles com_rsgallery com_rsgallery2 com_rss com_rssreader com_rssxt com_rwcards com_s5clanroster com_sanpham com_sar_news com_school com_search com_searchlog com_sebercart com_sectionex com_securityimages com_sef com_seminar com_serverstat com_sexypolling com_seyret com_sg com_showdown com_simple com_simpleboard com_simpledownload com_simplefaq com_simpleimageupload com_simplephotogallery com_simpleshop com_simpleswfupload com_sitemap com_slider com_slideshow com_smartsite com_smf com_sobi2 com_soccerbet com_socialads com_some com_spa com_spidercalendar com_spidercatalog com_spiderfacebook com_spiderfaq com_spielothek com_sponsorwall com_sportspredictions com_staticxt com_store com_surveymanager com_swmenupro com_szallasok com_tag com_team com_teamdisplay com_tech com_techfolio com_thopper com_threate com_thyme com_tickets com_timereturns com_timetrack com_tophotelmodule com_topics com_tour com_tpdugg com_tpjobs com_trade com_treeg com_ttvideo com_turtushout com_uhp com_uhp2 com_ultimateportfolio com_user com_userextranet com_users com_utchat com_vehiclemanager com_versioning com_videodb com_videoflow com_videogallery com_videogallerylite com_vikbooking com_virtuemart com_visa com_volunteer com_vr com_waticketsystem com_wdsubscriptions com_webhosting com_weblinks com_webring com_wire_immogest com_wmt_content_timeline com_wmtgallery com_wmtpic com_wmtportfolio com_worldrates com_wrapper com_x-shop com_xball com_xcloner-backupandrestore com_xcomp com_xevidmegahd com_xewebtv com_xfaq com_xgallery com_xmap com_xmovie com_xsstream-dm com_xvs com_ybggal com_yellowpages com_yjcontactus com_ynews com_youtube com_youtubegallery com_yvcomment com_zcalendar com_zelig com_zina com_zoom com_zoomportfolio com_ztautolink
Текущая версия скрипта 0.1.5, версия базы компонентов 0.0.3, текущие опции:
-с Вывод только полезной информации, то есть выводит только обнаруженные компоненты. -l Запись результата сканирования в указанный файл. -proxy Для подключение будет использоваться указанный прокси (в случае с использованием tor это socks://localhost:9050) -ss Для обладателей Kali-Linux добавлена возможность искать сплоит в локальной базе exploit-db, используется "searchsploit". -secj Поиск компонента на сайтах с базами уязвимостей через ресурс sec.jetlib.com
Пример запуска скрипта:
Сканирование и вывод найденных и не найденных компонентов: perl Smcom.pl -u https://site.en Сканирование с использованием proxy для подключения: perl Smcom.pl -u https://site.en -proxy socks://localhost:9050 Сканирование и вывод только найденных компонентов: perl Smcom.pl -u https://site.en -с Сканирование и запись результата в указанный файл: perl Smcom.pl -u https://site.en -l /root/path/file_for_writen_result.txt Сканирование и поиск компонента среди локальной базы exploit-db используя searchsploit perl Smcom.pl -u https://site.en -ss Сканирование и поиск компонента на сайтах с базами уязвимостей используя ресурс sec.jetlib.com perl Smcom.pl -u https://site.en -secj