New parse method & Refactor

cmsbrute/dru.py

@@ -86,8 +86,8 @@ def start():
                 if user != '':
                     print('\n')
                     cmseek.info("Bruteforcing User: " + cmseek.bold + user + cmseek.cln)
-                    pwd_file = open("wordlist/passwords.txt", "r")
-                    passwords = pwd_file.read().split('\n')
+                    with open("wordlist/passwords.txt", "r") as pwd_file:
+                        passwords = pwd_file.read().split('\n')
                     passwords.insert(0, user)
                     passfound = '0'
                     for password in passwords:

cmsbrute/joom.py

@@ -117,8 +117,8 @@ def start():
                 passfound = '0'
                 print('\n')
                 cmseek.info("Bruteforcing User: " + cmseek.bold + user + cmseek.cln)
-                pwd_file = open("wordlist/passwords.txt", "r")
-                passwords = pwd_file.read().split('\n')
+                with open("wordlist/passwords.txt", "r") as pwd_file:
+                    passwords = pwd_file.read().split('\n')
                 passwords.insert(0, user)
                 for password in passwords:
                     if password != '' and password != '\n':

cmsbrute/oc.py

@@ -83,8 +83,8 @@ def start():
                     passfound = '0'
                     print('\n')
                     cmseek.info("Bruteforcing User: " + cmseek.bold + user + cmseek.cln)
-                    pwd_file = open("wordlist/passwords.txt", "r")
-                    passwords = pwd_file.read().split('\n')
+                    with open("wordlist/passwords.txt", "r") as pwd_file:
+                        passwords = pwd_file.read().split('\n')
                     passwords.insert(0, user)
                     for password in passwords:
                         if password != '' and password != '\n':

cmsbrute/wp.py

@@ -66,8 +66,8 @@ def start():
                 passfound = '0'
                 print('\n')
                 cmseek.info("Bruteforcing User: " + cmseek.bold + user + cmseek.cln)
-                pwd_file = open("wordlist/passwords.txt", "r")
-                passwords = pwd_file.read().split('\n')
+                with open("wordlist/passwords.txt", "r") as pwd_file:
+                    passwords = pwd_file.read().split('\n')
                 passwords.insert(0, user)
                 for password in passwords:
                     if password != '' and password != '\n':

cmsbrute/wpxmlrpc.py

@@ -80,8 +80,8 @@ def start():
                 passfound = '0'
                 print('\n')
                 cmseek.info("Bruteforcing User: " + cmseek.bold + user + cmseek.cln)
-                pwd_file = open("wordlist/passwords.txt", "r")
-                passwords = pwd_file.read().split('\n')
+                with open("wordlist/passwords.txt", "r") as pwd_file:
+                    passwords = pwd_file.read().split('\n')
                 passwords.insert(0, user)
                 for password in passwords:
                     if password != '' and password != '\n':

cmseek.py

@@ -122,9 +122,13 @@
     cmseek.banner("CMS Detection And Deep Scan")
     sites_list = []
     try:
-        ot = open(sites, 'r')
-        file_contents = ot.read().replace('\n','')
-        sites_list = file_contents.split(',')
+        with open(sites, 'r') as ot:
+            file_contents = ot.read()
+            if "," in file_contents:  # if comma separated URLs list
+                file_contents = file_contents.replace('\n','')
+                sites_list = file_contents.split(',')
+            else:  # if one per line URLs list
+                sites_list = file_contents.splitlines()
     except FileNotFoundError:
         cmseek.error('Invalid path! CMSeeK is quitting')
         cmseek.bye()
@@ -184,13 +188,17 @@
     cmseek.clearscreen()
     cmseek.banner("CMS Detection And Deep Scan")
     sites_list = []
-    sites = input('Enter comma separated urls(http://1.com,https://2.org) or enter path of file containing URLs (comma separated): ')
-    if 'http' not in sites or '://' not in sites:
+    sites = input('Enter comma separated URLs without spaces (http://site1.com,https://site2.org)\nOr enter path of file containing URLs (comma separated or one-per-line):')
+    if ('http' not in sites or '://' not in sites) and "," not in sites:  # because if comma in Input() then its probably comma-separated list
         cmseek.info('Treating input as path')
         try:
-            ot = open(sites, 'r')
-            file_contents = ot.read().replace('\n','')
-            sites_list = file_contents.split(',')
+            with open(sites, 'r') as ot:
+                file_contents = ot.read()
+                if "," in file_contents:  # if comma separated URLs list
+                    file_contents = file_contents.replace('\n','')
+                    sites_list = file_contents.split(',')
+                else:  # if one per line URLs list
+                    sites_list = file_contents.splitlines()
         except FileNotFoundError:
             cmseek.error('Invalid path! CMSeeK is quitting')
             cmseek.bye()
@@ -229,8 +237,8 @@
     else:
         print ("[#] List of CMSs: \n")
         print (cmseek.bold)
-        read_cache = open(brute_cache, 'r')
-        b_cache = read_cache.read()
+        with open(brute_cache, 'r') as read_cache:
+            b_cache = read_cache.read()
         cache = json.loads(b_cache)
         brute_list = []
         for c in cache:

cmseekdb/basic.py

@@ -111,7 +111,7 @@ def help():
 SPECIFING TARGET:
       -u URL, --url URL            Target Url
       -l LIST, --list LIST         Path of the file containing list of sites
-                                   for multi-site scan (comma separated)
+                                   for multi-site scan (comma separated or one-per-line)
 
 MANIPULATING SCAN:
       -i cms, --ignore--cms cms    Specify which CMS IDs to skip in order to
@@ -265,32 +265,29 @@ def init_result_dir(url):
     if not os.path.isdir(result_dir):
         try:
             os.makedirs(result_dir)
-            f = open(json_log,"w+")
-            f.write("")
-            f.close()
+            with open(json_log,"w+") as f:
+                f.write("")
             # print('directory created')
         except OSError as exc: # Guard against race condition
             if exc.errno != errno.EEXIST:
                 raise
     else:
         # Directory exists, check for json log
         if not os.path.isfile(json_log):
-            f = open(json_log,"w+")
-            f.write("")
-            f.close()
+            with open(json_log,"w+") as f:
+                f.write("")
         else:
             # read log and save it to a variable
-            f = open(json_log,"r")
-            log_cont = f.read()
+            with open(json_log,"r") as f:
+                log_cont = f.read()
             if log_cont != "":
                 try:
                     global log
                     log = log_cont
                 except ValueError:
                     # invalid json file... clear it i guess
-                    f = open(json_log,"w+")
-                    f.write("")
-                    f.close()
+                    with open(json_log,"w+") as f:
+                        f.write("")
     global log_dir
     log_dir = result_dir
     update_log('last_scanned', str(datetime.now()))
@@ -323,12 +320,11 @@ def handle_quit(end_prog = True):
         log_file = os.path.join(log_dir, 'cms.json')
         # print(log_file)
         global log
-        f = open(log_file,"w+")
-        json_l = json.loads(log)
-        log_to_write = json.dumps(json_l, sort_keys=True, indent=4)
-        f.write(log_to_write)
+        with open(log_file,"w+") as f:
+            json_l = json.loads(log)
+            log_to_write = json.dumps(json_l, sort_keys=True, indent=4)
+            f.write(log_to_write)
         # print('written: ' + log)
-        f.close()
         print('\n')
         # info('Log saved in: ' + fgreen + bold + log_file + cln)
     if end_prog == True:
@@ -357,8 +353,8 @@ def update_brute_cache():
     modulen = []
     for f in py_files:
         if f.endswith('.py') and f != '__init__.py':
-            fo = open(os.path.join(brute_dir, f), 'r')
-            mod_cnt = fo.read()
+            with open(os.path.join(brute_dir, f), 'r') as fo:
+                mod_cnt = fo.read()
             if 'cmseekbruteforcemodule' in mod_cnt and 'Bruteforce module' in mod_cnt:
                 n = []
                 n = re.findall(r'\# (.*?) Bruteforce module', mod_cnt)
@@ -370,9 +366,8 @@ def update_brute_cache():
         for index,module in enumerate(modules):
             module = module.replace('.py','')
             cache_json[module] = modulen[index]
-        tuh = open(brute_cache, 'w+')
-        tuh.write(json.dumps(cache_json))
-        tuh.close()
+        with open(brute_cache, 'w+') as tuh:
+            tuh.write(json.dumps(cache_json))
         success('The following modules has been added to the cache: \n')
         for ma in cache_json:
             print('> ' + bold + ma + '.py ' + cln + '--->   ' + bold + cache_json[ma] + cln + ' Bruteforce Module')
@@ -421,8 +416,8 @@ def update():
                         os.remove(lock_file)
                     subprocess.run(("git checkout . && git pull %s HEAD") % GIT_URL, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
                     #os.system("git checkout . && git pull %s HEAD" % GIT_URL)
-                    vt = open('current_version', 'r')
-                    v_test = int(vt.read().replace('\n','').replace('.',''))
+                    with open('current_version', 'r') as vt:
+                        v_test = int(vt.read().replace('\n','').replace('.',''))
                     # print(v_test)
                     # print(serv_version)
                     if v_test == serv_version:
@@ -453,16 +448,14 @@ def savebrute(url,adminurl,username,password):
         print('\n\n') # Pretty sloppy move there ;-;
         if not os.path.isfile(brute_file):
             # No previous bruteforce result file Found
-            f = open(brute_file, 'w+')
-            f.write(brute_result)
-            f.close()
+            with open(brute_file, 'w+') as f:
+                f.write(brute_result)
             success('Credentials stored at: ' + bold + brute_file + cln)
         else:
             os.rename(brute_file, old_file)
             info("Old result file found and moved to: " + old_file)
-            f = open(brute_file, 'w+')
-            f.write(brute_result)
-            f.close()
+            with open(brute_file, 'w+') as f:
+                f.write(brute_result)
             success('New credentials stored at: ' + bold + brute_file + cln)
 
 

cmseekdb/config.py

@@ -11,8 +11,8 @@
 
 # Version thingy
 try:
-    rv = open('current_version', 'r')
-    cver = rv.read().replace('\n','')
+    with open('current_version', 'r') as rv:
+        cver = rv.read().replace('\n','')
     cmseek_version = cver
 except:
     cmseek_version = '1.1.3' # Failsafe measure i guess

cmseekdb/createindex.py

@@ -38,9 +38,8 @@ def init(cmseek_dir, report_dir=""):
                         cmseek.statement('Skipping invalid CMSeeK result: ' + scan_file)
             # Write index
             result_index = {"last_updated":str(datetime.datetime.now()), "results":[result_index]}
-            inf = open(index_file, 'w+')
-            inf.write(json.dumps(result_index, sort_keys=False, indent=4))
-            inf.close()
+            with open(index_file, 'w+') as inf:
+                inf.write(json.dumps(result_index, sort_keys=False, indent=4))
             cmseek.success('Report index updated successfully!')
             cmseek.report_index = result_index
             return ['1', 'Report index updated successfully!']

deepscans/joom/core_vuln.py

@@ -13,8 +13,8 @@ def start(version):
             vuln_detection = '1' # version detection successful and vuln db loaded as well
             vuln_count = 0
             joom_vulns = []
-            f = open(vuln_file, 'r')
-            vuln_db = f.read()
+            with open(vuln_file, 'r') as f:
+                vuln_db = f.read()
             vulns = vuln_db.split('\n')
             for vuln in vulns:
                 if version in vuln: