From a95b4eefc6efdcab199de0c0f645067700a74140 Mon Sep 17 00:00:00 2001 From: Hackzard Date: Sat, 1 Jul 2023 19:12:46 +0300 Subject: [PATCH 1/8] Some new, some modified CMS [new] Tilda CMS [new] Zyro [new] DataLife Engine [new] RoundCube Webmail [mod] MODX [mod] SilverStripe CMS [mod] Quick CMS [mod] Bitrix CMS --- cmseekdb/cmss.py | 26 ++++++++++++++++++++++++++ cmseekdb/generator.py | 1 + cmseekdb/header.py | 1 + cmseekdb/robots.py | 5 ++++- cmseekdb/sc.py | 8 ++++++++ 5 files changed, 40 insertions(+), 1 deletion(-) diff --git a/cmseekdb/cmss.py b/cmseekdb/cmss.py index a5d60144..42288cad 100644 --- a/cmseekdb/cmss.py +++ b/cmseekdb/cmss.py @@ -20,6 +20,13 @@ 'deeps':'1' } +tilda = { + 'name':'Tilda CMS', + 'url':'https://tilda.cc/', + 'vd':'0', + 'deeps':'0' +} + mg = { 'name':'Magento', 'url':'https://magento.com', @@ -83,6 +90,13 @@ 'deeps':'0' } +zyro = { + 'name':'Zyro', + 'url':'https://zyro.com/', + 'vd':'0', + 'deeps':'0' +} + bolt = { 'name':'Bolt', 'url':'https://bolt.com', @@ -285,12 +299,24 @@ 'vd':'0', 'deeps':'0' } +dle = { + 'name':'DataLife Engine', + 'url':'https://dle-news.com', + 'vd':'0', + 'deeps':'0' +} spity = { 'name':'Serendipity', 'url':'https://docs.s9y.org/', 'vd':'1', 'deeps':'0' } +rcube = { + 'name':'RoundCube Webmail', + 'url':'https://roundcube.net/', + 'vd':'0', + 'deeps':'0' +} slcms = { 'name':'SeamlessCMS', 'url':'https://www.seamlesscms.com/', diff --git a/cmseekdb/generator.py b/cmseekdb/generator.py index d2f03fd1..b242d8c8 100644 --- a/cmseekdb/generator.py +++ b/cmseekdb/generator.py @@ -59,6 +59,7 @@ def scan(content): 'tiki wiki cms groupware||http://tiki.org:-tiki', 'snews:-snews', 'silverstripe:-sst', + 'umi:-umi', 'silva:-silva', 'serendipity:-spity', 'seamless.cms.webgui:-slcms', diff --git a/cmseekdb/header.py b/cmseekdb/header.py index a5eeef09..284c7665 100644 --- a/cmseekdb/header.py +++ b/cmseekdb/header.py @@ -37,6 +37,7 @@ def check(hstring): 'X-Powered-By: pimcore:-pcore', 'x-powered-by: PencilBlue:-pblue', 'x-powered-by: Ophal:-ophal', + 'x-powered-by: Zyro.com:-zyro', 'Server: OpenCms:-ocms', 'X-Odoo-:-odoo', 'X-SharePointHealthScore||SPIisLatency||SPRequestGuid||MicrosoftSharePointTeamServices||SPRequestDuration:-share', diff --git a/cmseekdb/robots.py b/cmseekdb/robots.py index d2ea22a7..4d7f5273 100644 --- a/cmseekdb/robots.py +++ b/cmseekdb/robots.py @@ -8,7 +8,7 @@ import re import cmseekdb.basic as cmseek def check(url, ua): - robots = url + '/robots.txt' + robots = url.rstrip('/') + '/robots.txt' robots_source = cmseek.getsource(robots, ua) # print(robots_source[1]) if robots_source[0] == '1' and robots_source[1] != '': @@ -23,6 +23,8 @@ def check(url, ua): 'Disallow: /wp-admin/||Allow: /wp-admin/admin-ajax.php:-wp', 'Disallow: /kernel/::::Disallow: /language/::::Disallow: /templates_c/:-xoops', 'Disallow: /textpattern:-tpc', + 'Disallow: /adminzone/:-umi', + 'Disallow: /tilda:-tilda', 'Disallow: /sitecore||Disallow: /sitecore_files||Disallow: /sitecore modules:-score', 'Disallow: /phpcms||robots.txt for PHPCMS:-phpc', 'Disallow: /*mt-content*||Disallow: /mt-includes/:-moto', @@ -33,6 +35,7 @@ def check(url, ua): 'Disallow: /plus/ad_js.php||Disallow: /plus/erraddsave.php||Disallow: /plus/posttocar.php||Disallow: /plus/disdls.php||Disallow: /plus/mytag_js.php||Disallow: /plus/stow.php:-dede', 'modules/contentbox/themes/:-cbox', 'Disallow: /contao/:-contao', + "Disallow: /bitrix/:-bitrix" 'Disallow: /concrete:-con5', 'Disallow: /auth/cas::::Disallow: /auth/cas/callback:-dscrs', 'uc_client::::uc_server::::forum.php?mod=redirect*:-discuz', diff --git a/cmseekdb/sc.py b/cmseekdb/sc.py index db496032..1f6d651a 100644 --- a/cmseekdb/sc.py +++ b/cmseekdb/sc.py @@ -29,6 +29,7 @@ def check(page_source_code, site): ## Check if no generator meta tag available "css/joomla.css:-joom", "Powered By OpenCart||\"catalog/view/javascript/jquery/swiper/css/opencart.css\"||index.php?route=:-oc", "/xoops.js||xoops_redirect:-xoops", + "tildacdn.com:-tilda", "Wolf Default RSS Feed:-wolf", "/ushahidi.js||alt=\"Ushahidi\":-ushahidi", "getWebguiProperty:-wgui", @@ -46,11 +47,18 @@ def check(page_source_code, site): ## Check if no generator meta tag available "rock-config-trigger||rock-config-cancel-trigger:-rock", "/rcms-f-production.:-rcms", "CMS by Quick.Cms:-quick", + "Powered by Quick.Cart:-quick", + "DataLife Engine:-dle", + "dle_js.js:-dle", + "Roundcube Webmail:-rcube", + "rcube_webmail:-rcube", + "bitrix:-bitrix", # your Captain Obvious "\"pimcore_:-pcore", "xmlns:perc||cm/css/perc_decoration.css:-percms", "PencilBlueController||\"pencilblueApp\":-pblue", "/libraries/ophal.js:-ophal", "Sitefinity/WebsiteTemplates:-sfy", + "assets.zyrosite.com:-zyro", "published by Open Text Web Solutions:-otwsm", "/opencms/export/:-ocms", "odoo.session_info||var odoo =:-odoo", From 4ef98fb2262a4146d8fc1f2ead1a88b29555ff79 Mon Sep 17 00:00:00 2001 From: Hackzard Date: Sat, 1 Jul 2023 19:15:00 +0300 Subject: [PATCH 2/8] New detection method Checks CMS modules directory for strings in the source code of pages --- cmseekdb/core.py | 20 +++++++++++---- cmseekdb/dirscheck.py | 58 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+), 5 deletions(-) create mode 100644 cmseekdb/dirscheck.py diff --git a/cmseekdb/core.py b/cmseekdb/core.py index 1f15ff4d..a01e9256 100644 --- a/cmseekdb/core.py +++ b/cmseekdb/core.py @@ -20,6 +20,7 @@ import cmseekdb.sc as source # Contains function to detect cms from source code import cmseekdb.header as header # Contains function to detect CMS from gathered http headers import cmseekdb.cmss as cmsdb # Contains basic info about the CMSs +import cmseekdb.dirscheck as dirscheck # Containts function to detect CMS by directory checks import cmseekdb.robots as robots import cmseekdb.generator as generator import cmseekdb.result as result @@ -87,7 +88,7 @@ def main_proc(site,cua): ga = parse_generator[0] ga_content = parse_generator[1] - cmseek.statement("Using headers to detect CMS (Stage 1 of 4)") + cmseek.statement("Using headers to detect CMS (Stage 1 of 5)") header_detection = header.check(headers) if header_detection[0] == '1': @@ -98,18 +99,18 @@ def main_proc(site,cua): if cms_detected == '0': if ga == '1': # cms detection via generator - cmseek.statement("Using Generator meta tag to detect CMS (Stage 2 of 4)") + cmseek.statement("Using Generator meta tag to detect CMS (Stage 2 of 5)") gen_detection = generator.scan(ga_content) if gen_detection[0] == '1': detection_method = 'generator' cms = gen_detection[1] cms_detected = '1' else: - cmseek.statement('Skipping stage 2 of 4: No Generator meta tag found') + cmseek.statement('Skipping stage 2 of 5: No Generator meta tag found') if cms_detected == '0': # Check cms using source code - cmseek.statement("Using source code to detect CMS (Stage 3 of 4)") + cmseek.statement("Using source code to detect CMS (Stage 3 of 5)") source_check = source.check(scode, site) if source_check[0] == '1': detection_method = 'source' @@ -118,12 +119,21 @@ def main_proc(site,cua): if cms_detected == '0': # Check cms using robots.txt - cmseek.statement("Using robots.txt to detect CMS (Stage 4 of 4)") + cmseek.statement("Using robots.txt to detect CMS (Stage 4 of 5)") robots_check = robots.check(site, cua) if robots_check[0] == '1': detection_method = 'robots' cms = robots_check[1] cms_detected = '1' + + if cms_detected == '0': + # Check cms using directory checks + cmseek.statement("Using directories to detect CMS (Stage 5 of 5)") + dirs_check = dirscheck.check(site, cua) + if dirs_check[0] == '1': + detection_method = 'dirscheck' + cms = dirs_check[1] + cms_detected = '1' if cms_detected == '1': cmseek.success('CMS Detected, CMS ID: ' + cmseek.bold + cmseek.fgreen + cms + cmseek.cln + ', Detection method: ' + cmseek.bold + cmseek.lblue + detection_method + cmseek.cln) diff --git a/cmseekdb/dirscheck.py b/cmseekdb/dirscheck.py new file mode 100644 index 00000000..28879c31 --- /dev/null +++ b/cmseekdb/dirscheck.py @@ -0,0 +1,58 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# This is a part of CMSeeK, check the LICENSE file for more information +# Copyright (c) 2023 hackzard + +# Detect cms using directory (modules) checks +# Rev 1 +import re +import cmseekdb.basic as cmseek +def check(url, ua): + directories = ["/manager/", "/admin/"] + # check for modules directory + for directory in directories: + directory = url.rstrip('/') + directory + page_source = cmseek.getsource(directory, ua) + if page_source[0] == '1' and page_source[1] != '': + # Check begins here + page_content = page_source[1] + #### START DETECTION FROM HERE + ## || <- if either of it matches cms detected + ## :::: <- all the strings has to match (implemented to decrease false positives) + directory_detection_keys = [ + 'http://modx.com:-modx', + 'MODX CMF Manager Login:-modx', + '/MODxRE/:-modx', + 'SilverStripe:-sst' + ] + for detection_key in directory_detection_keys: + if ':-' in detection_key: + detection_array = detection_key.split(':-') + if '||' in detection_array[0]: + detection_strings = detection_array[0].split('||') + for detection_string in detection_strings: + if detection_string in page_content and detection_array[1] not in cmseek.ignore_cms: + if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: + return ['1', detection_array[1]] + elif '::::' in detection_array[0]: + match_status = '0' # 0 = neutral, 1 = passed, 2 = failed + match_strings = detection_array[0].split('::::') + for match_string in match_strings: + if match_status == '0' or match_status == '1': + if match_string in page_content: + match_status = '1' + else: + match_status = '2' + else: + match_status = '2' + if match_status == '1' and detection_array[1] not in cmseek.ignore_cms: + if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: + return ['1', detection_array[1]] + else: + if detection_array[0] in page_content and detection_array[1] not in cmseek.ignore_cms: + if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: + return ['1', detection_array[1]] + return ['0',''] + else: + cmseek.error('Unable to detect CMS even by directory (modules) checks!') + return ['0',''] From c5c2616aa2703d0b758863f2f647698776bfe78c Mon Sep 17 00:00:00 2001 From: Hackzard Date: Sat, 1 Jul 2023 20:03:49 +0300 Subject: [PATCH 3/8] Typo --- cmseekdb/dirscheck.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cmseekdb/dirscheck.py b/cmseekdb/dirscheck.py index 28879c31..eda60936 100644 --- a/cmseekdb/dirscheck.py +++ b/cmseekdb/dirscheck.py @@ -20,9 +20,7 @@ def check(url, ua): ## || <- if either of it matches cms detected ## :::: <- all the strings has to match (implemented to decrease false positives) directory_detection_keys = [ - 'http://modx.com:-modx', - 'MODX CMF Manager Login:-modx', - '/MODxRE/:-modx', + 'http://modx.com||MODX CMF Manager Login||/MODxRE/:-modx', 'SilverStripe:-sst' ] for detection_key in directory_detection_keys: From d216984c6ea12f956d2200b2e3be1ab64478ab1a Mon Sep 17 00:00:00 2001 From: Hackzard Date: Sat, 1 Jul 2023 20:32:48 +0300 Subject: [PATCH 4/8] Typo again and small fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix wrong Simplébo detection via source code New Bitrix detection via /about/ page --- cmseekdb/core.py | 2 ++ cmseekdb/dirscheck.py | 5 +++-- cmseekdb/sc.py | 7 +++---- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/cmseekdb/core.py b/cmseekdb/core.py index a01e9256..f343f323 100644 --- a/cmseekdb/core.py +++ b/cmseekdb/core.py @@ -82,6 +82,8 @@ def main_proc(site,cua): detection_method = '' # ^ ga = '0' # is generator available ga_content = '' # Generator content + + #print(scode) ## Parse generator meta tag parse_generator = generator.parse(scode) diff --git a/cmseekdb/dirscheck.py b/cmseekdb/dirscheck.py index eda60936..2f326d8b 100644 --- a/cmseekdb/dirscheck.py +++ b/cmseekdb/dirscheck.py @@ -8,7 +8,7 @@ import re import cmseekdb.basic as cmseek def check(url, ua): - directories = ["/manager/", "/admin/"] + directories = ["/manager/", "/admin/", "/about/"] # check for modules directory for directory in directories: directory = url.rstrip('/') + directory @@ -21,7 +21,8 @@ def check(url, ua): ## :::: <- all the strings has to match (implemented to decrease false positives) directory_detection_keys = [ 'http://modx.com||MODX CMF Manager Login||/MODxRE/:-modx', - 'SilverStripe:-sst' + 'SilverStripe:-sst', + 'bitrix||Bitrix:-bitrix' ] for detection_key in directory_detection_keys: if ':-' in detection_key: diff --git a/cmseekdb/sc.py b/cmseekdb/sc.py index 1f6d651a..4995bd0e 100644 --- a/cmseekdb/sc.py +++ b/cmseekdb/sc.py @@ -40,7 +40,7 @@ def check(page_source_code, site): ## Check if no generator meta tag available "content=\"sNews:-snews", "/api/sitecore/:-score", "simsite/:-sim", - "simplebo.net/ ||\"pswp__:-spb", + "simplebo.net/:-spb", "/silvatheme:-silva", "serendipityQuickSearchTermField ||\"serendipity_||serendipity[:-spity", "Published by Seamless.CMS.WebUI:-slcms", @@ -50,9 +50,8 @@ def check(page_source_code, site): ## Check if no generator meta tag available "Powered by Quick.Cart:-quick", "DataLife Engine:-dle", "dle_js.js:-dle", - "Roundcube Webmail:-rcube", - "rcube_webmail:-rcube", - "bitrix:-bitrix", # your Captain Obvious + "Roundcube Webmail||rcube_webmail:-rcube", + "bitrix||Bitrix:-bitrix", # your Captain Obvious "\"pimcore_:-pcore", "xmlns:perc||cm/css/perc_decoration.css:-percms", "PencilBlueController||\"pencilblueApp\":-pblue", From d82b32a4b48abd055234c7b59e4d7d2f2944aca9 Mon Sep 17 00:00:00 2001 From: Hackzard Date: Sat, 1 Jul 2023 22:44:29 +0300 Subject: [PATCH 5/8] Very small optimizations of DLE --- cmseekdb/sc.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cmseekdb/sc.py b/cmseekdb/sc.py index 4995bd0e..e430a1d3 100644 --- a/cmseekdb/sc.py +++ b/cmseekdb/sc.py @@ -48,8 +48,7 @@ def check(page_source_code, site): ## Check if no generator meta tag available "/rcms-f-production.:-rcms", "CMS by Quick.Cms:-quick", "Powered by Quick.Cart:-quick", - "DataLife Engine:-dle", - "dle_js.js:-dle", + "DataLife Engine||dle_js.js:-dle", "Roundcube Webmail||rcube_webmail:-rcube", "bitrix||Bitrix:-bitrix", # your Captain Obvious "\"pimcore_:-pcore", From 356f67bb331f469c2d2bdcb24dabbc55cbb5fb5f Mon Sep 17 00:00:00 2001 From: Hackzard Date: Sun, 2 Jul 2023 18:28:49 +0300 Subject: [PATCH 6/8] New generator tag for DLE --- cmseekdb/generator.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cmseekdb/generator.py b/cmseekdb/generator.py index b242d8c8..8b3472e6 100644 --- a/cmseekdb/generator.py +++ b/cmseekdb/generator.py @@ -95,6 +95,7 @@ def scan(content): 'cotonti:-coton', 'orchard:-orchd', 'contentbox:-cbox', + 'DataLife Engine:-dle', 'contensis cms:-cntsis', 'contenido:-cnido', 'contao:-contao', From 98544e2aaefb3bfdfdcd6a328bbe03a0478b29cf Mon Sep 17 00:00:00 2001 From: Hackzard! Date: Sun, 2 Jul 2023 19:07:50 +0300 Subject: [PATCH 7/8] Typo in robots --- cmseekdb/robots.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmseekdb/robots.py b/cmseekdb/robots.py index 4d7f5273..63514d0e 100644 --- a/cmseekdb/robots.py +++ b/cmseekdb/robots.py @@ -35,7 +35,7 @@ def check(url, ua): 'Disallow: /plus/ad_js.php||Disallow: /plus/erraddsave.php||Disallow: /plus/posttocar.php||Disallow: /plus/disdls.php||Disallow: /plus/mytag_js.php||Disallow: /plus/stow.php:-dede', 'modules/contentbox/themes/:-cbox', 'Disallow: /contao/:-contao', - "Disallow: /bitrix/:-bitrix" + "Disallow: /bitrix/:-bitrix", 'Disallow: /concrete:-con5', 'Disallow: /auth/cas::::Disallow: /auth/cas/callback:-dscrs', 'uc_client::::uc_server::::forum.php?mod=redirect*:-discuz', From bc6665f3287aac151be08c504ab7a327762393b2 Mon Sep 17 00:00:00 2001 From: Hackzard! Date: Sun, 2 Jul 2023 22:53:48 +0300 Subject: [PATCH 8/8] Iterations fix --- cmseekdb/dirscheck.py | 1 - 1 file changed, 1 deletion(-) diff --git a/cmseekdb/dirscheck.py b/cmseekdb/dirscheck.py index 2f326d8b..ece993d1 100644 --- a/cmseekdb/dirscheck.py +++ b/cmseekdb/dirscheck.py @@ -51,7 +51,6 @@ def check(url, ua): if detection_array[0] in page_content and detection_array[1] not in cmseek.ignore_cms: if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: return ['1', detection_array[1]] - return ['0',''] else: cmseek.error('Unable to detect CMS even by directory (modules) checks!') return ['0','']