dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Land #14419, Update external dev scripts and wordpress wordlists

This commit is contained in:
Spencer McIntyre 2020-11-24 17:48:05 -05:00
parent eeaf795edd f8a51d0445
commit 1151d3dcc7
No known key found for this signature in database
GPG Key ID: 58101BA0D0D9C987
4 changed files with 10967 additions and 1605 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10589
data/wordlists/wp-plugins.txt
View File

File diff suppressed because it is too large Load Diff

1923
data/wordlists/wp-themes.txt
View File

File diff suppressed because it is too large Load Diff

44
tools/dev/check_external_scripts.rb
View File

@ -102,13 +102,16 @@ end
# #
# #
scripts = []
### ###
# Bloodhound/Sharphound files # Bloodhound/Sharphound files
### ###
scripts = []
# https://github.com/BloodHoundAD/BloodHound/commit/b6ab5cd369c70219c6376d9f5c4fcd63f34fb4a0
scripts << { scripts << {
name: 'Sharphound (Bloodhound) ps1', name: 'Sharphound (Bloodhound) ps1',
addr: 'https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1', addr: 'https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Collectors/SharpHound.ps1',
dest: '/data/post/powershell/SharpHound.ps1', dest: '/data/post/powershell/SharpHound.ps1',
subs: [ subs: [
["\t", ' '], # tabs to spaces ["\t", ' '], # tabs to spaces
@ -117,7 +120,7 @@ scripts << {
} }
scripts << { scripts << {
name: 'Sharphound (Bloodhound) exe', name: 'Sharphound (Bloodhound) exe',
addr: 'https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.exe', addr: 'https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Collectors/SharpHound.exe',
dest: '/data/post/SharpHound.exe', dest: '/data/post/SharpHound.exe',
subs: [] subs: []
} }
@ -303,6 +306,41 @@ scripts << {
subs: [] subs: []
} }
###
# CMS Files
###
# https://github.com/rapid7/metasploit-framework/pull/11862#issuecomment-496578367
scripts << {
name: 'WordPress - Plugins List',
addr: 'https://plugins.svn.wordpress.org',
dest: '/data/wordlists/wp-plugins.txt',
subs: [
[/^((?! <li>).)*/, ''], # remove all non-plugin lines
[/ <li><a href="[^"]+">/, ''], # remove beginning
[/\/<\/a><\/li>/,''], # remove end
[/^\s*/,''] # remove empty lines
]
}
scripts << {
name: 'WordPress - Themes List',
addr: 'https://themes.svn.wordpress.org',
dest: '/data/wordlists/wp-themes.txt',
subs: [
[/^((?! <li>).)*/, ''], # remove all non-plugin lines
[/ <li><a href="[^"]+">/, ''], # remove beginning
[/\/<\/a><\/li>/,''], # remove end
[/^\s*/,''] # remove empty lines
]
}
# Joomla's is more complicated. It looks for more than
# just components. Because of that, if you want the
# file updated, see:
# https://github.com/rapid7/metasploit-framework/pull/11199#issue-242415518
# python3 tools/dev/update_joomla_components.py
path = File.expand_path('../../', File.dirname(__FILE__)) path = File.expand_path('../../', File.dirname(__FILE__))
clone_sqlmap_decloak clone_sqlmap_decloak

16
tools/dev/update_joomla_components.py Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/python3
import requests
new_com = requests.get("https://raw.githubusercontent.com/rezasp/joomscan/master/exploit/db/componentslist.txt").text
with open('data/wordlists/joomla.txt', 'r') as j:
old = j.read().splitlines()
for com in new_com.splitlines():
if not 'components/%s/'%(com) in old:
old.append('components/%s/'%(com))
print('[+] Adding: components/%s/'%(com))
old.sort()
with open('data/wordlists/joomla.txt', 'w') as j:
j.write('\n'.join(old))
j.write('\n')