forked from wapiti-scanner/wapiti
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a script to update CMS hash files from a given database
- Loading branch information
1 parent
7118542
commit 058b850
Showing
6 changed files
with
237 additions
and
0 deletions.
There are no files selected for viewing
30 changes: 30 additions & 0 deletions
30
wapitiCore/data/attacks/src_cms_files/list_files_drupal.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
misc/tabledrag.js | ||
misc/tableheader.js | ||
misc/drupal.js | ||
misc/ajax.js | ||
core/misc/drupal.js | ||
core/misc/tabledrag.js | ||
core/misc/tableheader.js | ||
core/misc/ajax.js | ||
CHANGELOG.txt | ||
core/MAINTAINERS.txt | ||
README.txt | ||
core/assets/vendor/ckeditor/skins/moono-lisa/editor_gecko.css | ||
core/modules/system/js/system.date.js | ||
core/scripts/css/compile.js | ||
core/themes/claro/css/theme/media-library.css | ||
core/themes/seven/css/theme/media-library.css | ||
misc/jquery.js | ||
misc/states.js | ||
modules/contextual/contextual.css | ||
core/misc/cspell/dictionary.txt | ||
core/misc/dialog/off-canvas.reset.css | ||
core/profiles/demo_umami/themes/umami/css/components/navigation/tabs/tabs.css | ||
core/INSTALL.txt | ||
core/assets/vendor/ckeditor/build-config.js | ||
core/themes/claro/css/components/views-ui.pcss.css | ||
core/misc/vertical-tabs.js | ||
core/modules/ckeditor5/js/ckeditor5.admin.js | ||
core/misc/dialog/off-canvas.js | ||
core/themes/claro/css/components/views-ui.css | ||
core/themes/claro/css/components/tables.css |
20 changes: 20 additions & 0 deletions
20
wapitiCore/data/attacks/src_cms_files/list_files_joomla-cms.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
LICENSE.txt | ||
administrator/manifests/files/joomla.xml | ||
administrator/templates/isis/js/template.js | ||
libraries/simplepie/README.txt | ||
media/com_finder/js/indexer.js | ||
media/editors/codemirror/addon/search/matchesonscrollbar.js | ||
media/editors/codemirror/keymap/sublime.js | ||
media/plg_system_stats/js/stats.js | ||
media/system/css/calendar-jos.css | ||
media/system/js/helpsite.js | ||
media/system/js/mootools-core.js | ||
media/system/js/mootree-uncompressed.js | ||
media/system/js/tabs.js | ||
media/system/js/validate.js | ||
plugins/finder/content/content.xml | ||
plugins/system/cache/cache.xml | ||
templates/system/css/error.css | ||
templates/system/css/general.css | ||
templates/system/css/offline.css | ||
templates/system/css/system.css |
33 changes: 33 additions & 0 deletions
33
wapitiCore/data/attacks/src_cms_files/list_files_prestashop.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
admin/filemanager/css/style.css | ||
admin/themes/new-theme/js/app/store/index.js | ||
admin/themes/new-theme/js/app/utils/datepicker.js | ||
js/admin.js | ||
js/admin/carrier_wizard.js | ||
js/admin/dashboard.js | ||
js/admin/dnd.js | ||
js/admin/modules-position.js | ||
js/admin/notifications.js | ||
js/cropper/prototype.js | ||
modules/ps_facetedsearch/_dev/back/index.js | ||
modules/ps_linklist/views/public/form.bundle.js | ||
modules/ps_themecusto/views/css/controllers/configuration/back.css | ||
modules/ps_themecusto/views/css/general.css | ||
modules/psgdpr/views/css/back.css | ||
modules/psgdpr/views/css/faq.css | ||
modules/psgdpr/views/js/back.js | ||
modules/psgdpr/views/js/vfs_fonts.js | ||
themes/classic/assets/css/theme.css | ||
admin/themes/new-theme/public/product.css | ||
css/tabpane.css | ||
LICENSES | ||
INSTALL.txt | ||
admin-dev/ajaxfilemanager/jscripts/ajaxfilemanager_c.js | ||
admin-dev/ajaxfilemanager/jscripts/ajaximageeditor.js | ||
admin-dev/filemanager/img/dimension.png | ||
admin-dev/themes/default/css/admin-theme.css | ||
admin-dev/themes/default/css/admin-theme_rtl.css | ||
admin-dev/themes/default/css/schemes/admin-theme-blue.css | ||
admin-dev/themes/default/css/schemes/admin-theme-contrast.css | ||
admin-dev/themes/default/js/bundle/product/form.js | ||
js/jquery-google-reviews.js | ||
js/tools.js |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
ecrire/polices/dustismo-license.txt | ||
ecrire/safehtml/license.txt | ||
ecrire/safehtml/readme-SPIP.txt | ||
ecrire/safehtml/readme.txt | ||
COPYING.txt | ||
htaccess.txt | ||
CHANGELOG.txt | ||
INSTALL.txt | ||
plugins-dist.json | ||
prive/formulaires/dateur/jquery.dateur.js.html | ||
prive/formulaires/selecteur/jquery.picker.js | ||
prive/javascript/SearchHighlight.js | ||
prive/javascript/ajaxCallback.js | ||
prive/javascript/gadgets.js | ||
prive/javascript/jquery.autosave.js | ||
prive/javascript/jquery.form.js | ||
prive/javascript/jquery.js | ||
prive/javascript/layer.js | ||
prive/javascript/login.js | ||
prive/aide_body.css | ||
prive/spip_admin.css | ||
prive/spip_style.css | ||
prive/themes/spip/content.css.html | ||
prive/themes/spip/forms.css.html | ||
ecrire/paquet.xml | ||
prive/objets/liste/articles.html | ||
prive/javascript/ajaxCallback.js |
30 changes: 30 additions & 0 deletions
30
wapitiCore/data/attacks/src_cms_files/list_files_wordpress.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
wp-admin/css/about.min.css | ||
wp-admin/css/common-rtl.css | ||
wp-admin/css/common.css | ||
wp-admin/css/customize-controls.css | ||
wp-admin/css/dashboard.css | ||
wp-admin/css/list-tables-rtl.css | ||
wp-admin/js/customize-controls.js | ||
wp-admin/js/editor.min.js | ||
wp-admin/js/inline-edit-post.min.js | ||
wp-admin/js/media-gallery.min.js | ||
wp-content/themes/twentynineteen/style-rtl.css | ||
wp-content/themes/twentyeleven/style.css | ||
wp-includes/css/dist/block-library/style.min.css | ||
wp-includes/css/editor-rtl.css | ||
wp-includes/css/media-views-rtl.min.css | ||
wp-includes/css/media-views.css | ||
wp-includes/js/dist/a11y.js | ||
wp-includes/js/dist/block-editor.js | ||
wp-includes/js/dist/block-editor.min.js | ||
wp-includes/js/dist/block-library.js | ||
wp-includes/js/dist/components.js | ||
wp-includes/js/dist/core-data.js | ||
wp-includes/js/dist/element.js | ||
wp-includes/js/dist/data.js | ||
wp-includes/js/dist/private-apis.js | ||
wp-includes/js/dist/url.js | ||
wp-includes/js/mce-view.js | ||
wp-includes/js/mce-view.min.js | ||
wp-includes/js/wp-ajax-response.js | ||
wp-includes/theme.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
#!/usr/bin/env python3 | ||
import argparse | ||
import json | ||
import logging | ||
from pathlib import Path | ||
import re | ||
import sqlite3 | ||
|
||
# Set up basic configuration for logging | ||
logging.basicConfig(level=logging.INFO, | ||
format='%(levelname)s - %(message)s') | ||
|
||
parser = argparse.ArgumentParser( | ||
description=( | ||
"To execute this script correctly, ensure the following:\n\n" | ||
"1. The database file must be specified using the '--db' option.\n" | ||
"2. The 'src_cms_files' directory must be specified using the '--source-file' option.\n" | ||
"3. The 'src_cms_files' directory must contain one .txt file per CMS.\n" | ||
"4. Each .txt file must contain specific paths for each CMS, with one path per line.\n" | ||
), | ||
formatter_class=argparse.RawTextHelpFormatter | ||
) | ||
|
||
# Add arguments for database path and source files directory | ||
parser.add_argument('--db', required=True, help="Path to the database file") | ||
parser.add_argument('--source-file', required=True, help="Path to the 'src_cms_files' directory") | ||
|
||
# Parse the arguments | ||
args = parser.parse_args() | ||
|
||
tech_list = [] | ||
file_lists = {} | ||
src_dir = Path(args.source_file) | ||
if not src_dir.is_dir(): | ||
raise FileNotFoundError(f"Directory '{src_dir}' does not exist") | ||
|
||
|
||
txt_pattern = r".*list_files_(.*)\.txt" | ||
pattern = re.compile(txt_pattern) | ||
|
||
with sqlite3.connect(args.db) as conn: | ||
cursor = conn.cursor() | ||
# Extract technology names from the database | ||
sql_tech = "SELECT DISTINCT technology FROM hash;" | ||
cursor.execute(sql_tech) | ||
for row in cursor.fetchall(): | ||
tech = row[0].lower() | ||
if tech not in tech_list: | ||
tech_list.append(tech) | ||
|
||
# Create the list object of the source files | ||
list_files = [file for file in src_dir.glob("list_files_*.txt")] | ||
if not list_files: | ||
raise AssertionError(f"The directory '{src_dir}' is empty or no file match the pattern.") | ||
for file in list_files: | ||
match = re.match(pattern, str(file)) | ||
if match: | ||
tool = match.group(1) | ||
else: | ||
logging.warning(f"Warning! Filename {file} does not match pattern {txt_pattern}.") | ||
continue | ||
file_lists[tool] = [] | ||
# Read the file contents and extract file_names | ||
with open(file, "r") as file_buffer: | ||
for line in file_buffer: | ||
file_lists[tool].append(line.strip()) | ||
|
||
# Create an empty JSON for each technology | ||
json_objects = {} | ||
|
||
# Check if each technology exists in the database | ||
for tech_name in file_lists.keys(): | ||
logging.info(f"Updating {tech_name} :") | ||
if tech_name not in tech_list: | ||
logging.warning(f"Technology '{tech_name}' does not exist in the 'hash' table.") | ||
continue | ||
json_objects[tech_name] = {} | ||
logging.info("DONE!") | ||
|
||
for file_name in file_lists[tech_name]: | ||
cursor = conn.cursor() | ||
# Retrieve data from the hash table for the current file name | ||
cursor.execute("SELECT file, hash, versions FROM hash WHERE file = ? AND UPPER(technology) = UPPER(?)", (file_name, tech_name)) | ||
data = cursor.fetchall() | ||
# Convert data to a list of dictionaries | ||
for row in data: | ||
file_name, hash_value, versions = row | ||
if file_name not in json_objects[tech_name]: | ||
json_objects[tech_name][file_name] = {} | ||
versions_str = json.loads(versions) | ||
versions_json = json.loads(versions_str) | ||
json_objects[tech_name][file_name][hash_value] = versions_json["versions"] | ||
|
||
# Save the JSON data to a file | ||
for key, value in json_objects.items(): | ||
with open(f"{key}_hash_files.json", "w") as json_file: | ||
json.dump(value, json_file, indent=4) |