Moodle community-based vulnerability scanner

Overview

badmoodle

badmoodle

Moodle community-based vulnerability scanner

Description

badmoodle is an unofficial community-based vulnerability scanner for moodle that scans for canonical and non-canonical Moodle vulnerabilities.

badmoodle's purpose is to help penetration testers, bug hunters and security researchers find more vulnerabilities on moodle instances.

Since badmoodle is community-based, it will scan for two different kind of vulnerabilities:

  • Official vulnerabilities: The canonical ones published in Moodle security advisory blog;

  • Community vulnerabilities: The non-canonical ones that are not present in Moodle security advisory blog.

The community vulnerability scan can run in two modes:

  • Check mode: Only checks if the host is vulnerable or not;

  • Exploit mode: If the host is vulnerable, exploit the vulnerabilities.

If not specified, the scan will run in check mode.

Installation

Installing badmoodle is very simple, it can be performed in just a few steps:

  • Clone the repository:

    git clone https://github.com/cyberaz0r/badmoodle
  • Dive into "badmoodle" directory:

    cd badmoodle
  • Install requirements for Python:

    pip3 install -r requirements.txt
  • Give execution permissions to "badmoodle.py":

    chmod +x badmoodle.py
  • Run "badmoodle.py":

    ./badmoodle.py

If you see the badmoodle logo and help with no errors you are good to go :)

Usage

Using badmoodle is also very simple. Once installed you can run it with the following options:

  • -h, --help

    Show logo and help with options and their descriptions, then exit

  • -u TARGET_URL, --url TARGET_URL

    Moodle target URL (required)

  • -a USERNAME:PASSWORD, --auth USERNAME:PASSWORD

    Moodle username and password separated by ":" (default: none)

  • -p PROXY_ADDRESS:PORT, --proxy PROXY_ADDRESS:PORT

    Proxy used for connecting to moodle (default: none)

  • -H HEADER, --header HEADER

    Headers used for HTTP connections

  • -l LEVEL, --level LEVEL

    Level of tests to perform (default: 1)

  • -v LEVEL, --verbose LEVEL

    Verbosity level (default: 1)

  • -r, --random-agent

    Use a random User Agent for HTTP requests (default: Chrome Win10)

  • -e, --exploit

    Enable exploit mode (default: check mode)

  • -s, --scrape

    Scraping mode: scrape all the pages from moodle and save the result in a JSON file (default: disabled)

  • -U, --update

    Update badmoodle vulnerability database by scraping Moodle security advisory blog and retrieving new modules from GitHub repository

Community Vulnerability Modules

Since Moodle is so strict about their vulnerability disclosure program, a lot of vulnerabilities that security researchers discover and share with Moodle end up rejected or put on hold forever.

All these vulnerabilities will never see the light, they will be left unfixed and forgotten by Moodle... but not by badmoodle ;)

You can just add a community vulnerability module with your exploit code and badmoodle will execute it for you :)

badmoodle is modular, which means that you can add a community vulnerability module that will be executed by badmoodle without interfering with the rest of the code.

Adding a community vulnerability module is very simple: just create a .py file inside the "vulns" directory and badmoodle will execute it alongside the other modules.

badmoodle needs only 2 requirements to make your module work:

  • It must have a boolean variable enabled.

    This boolean variable is used to determine wether badmoodle should run the module or not. This allows to enable or disable modules by simply editing this variable without removing it from the "vulns" folder.

  • It must have the functions check(args, sess, version) and exploit(args, sess, version)

    These are the main functions of the module, the ones badmoodle will call in the core. Through these functions badmoodle will pass to the module the script arguments, the request session object of the script (useful for authenticated sessions) and moodle version.

    The check function is a boolean function that only checks whether the host is vulnerable or not, the exploit function instead will exploit that vulnerability.

    If in check mode badmoodle will call only the check function to only determine whether the host is vulnerable or not, if in exploit mode badmoodle will also call the exploit function for exploiting the vulnerability.

There follows a template for a badmoodle community vulnerability module:

'''
@Title:
MODULE_TITLE

@Author:
MODULE_AUTHOR

@Description:
MODULE_DESCRIPTION
'''


enabled = True


def check(args, sess, version):
	#YOUR_CHECK_CODE_HERE
	#return True if the host is vulnerable, False otherwise


def exploit(args, sess, version):
	#YOUR_EXPLOIT_CODE_HERE

badmoodle comes with 2 community vulnerability modules built-in:

  • A module for a Dashboard Stored XSS vulnerability

  • A module for an Atto Editor Stored XSS vulnerability

Contribute

If you wrote a community vulnerability module for badmoodle and want to share it with the community, you can contribute to the badmoodle project.

Pull requests with new community vulnerability modules are very welcome :)

Also, if you want to report a bug, feel free to open an issue or contact me via mail at [email protected]

Credits

badmoodle is coded by Michele 'cyberaz0r' Di Bonaventura.

A special thanks to Panfilo Salutari for the idea of the concept of the tool.

Thanks to moodlescan (https://github.com/inc0d3/moodlescan) for the specific version check technique and its version database.

Issues
  • Added Open Redirect Check

    Added Open Redirect Check

    Hey man! Simply added vulns/open-redirect-bitnami-moodle.py script to check Open Redirect on Bitnami Moodle.

    opened by PierfrancescoConti 0
Releases(v0.1)
Owner
Michele Di Bonaventura
Penetration Tester and Cyber Security Enthusiast, particularly in Red Teaming and OffSec.
Michele Di Bonaventura
Aiminsun 61 Nov 25, 2021
IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

CVE-2021-24086 This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patc

Carry 1 Nov 25, 2021
Js File Scanner This is Js File Scanner

Js File Scanner This is Js File Scanner . Which are scan in js file and find juicy information Toke,Password Etc.

null 87 Nov 9, 2021
Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.

Yuyu Scanner Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets. installation ! run as root

Justakazh 8 Nov 13, 2021
An auxiliary tool for iot vulnerability hunter

firmeye - IoT固件漏洞挖掘工具 firmeye 是一个 IDA 插件,基于敏感函数参数回溯来辅助漏洞挖掘。我们知道,在固件漏洞挖掘中,从敏感/危险函数出发,寻找其参数来源,是一种很有效的漏洞挖掘方法,但程序中调用敏感函数的地方非常多,人工分析耗时费力,通过该插件,可以帮助排除大部分的安全

Firmy Yang 82 Nov 24, 2021
Open source vulnerability DB and triage service.

OSV - Open Source Vulnerabilities OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source

Google 436 Nov 26, 2021
It's a simple tool for test vulnerability shellshock

Shellshock, also known as Bashdoor, is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to execute arbitrary commands and gain unauthorized access to many Internet-facing services, such as web servers, that use Bash to process requests.

Mr. Cl0wn - H4ck1ng C0d3r 80 Nov 17, 2021
Use FOFA automatic vulnerability scanning tool

AutoSRC Use FOFA automatic vulnerability scanning tool Usage python3 autosrc.py -e <FOFA EMAIL> -k <TOKEN> Screenshots License MIT Dev 6613GitHub6613

PwnWiki 43 Nov 18, 2021
A fast tool to scan prototype pollution vulnerability

proto A fast tool to scan prototype pollution vulnerability Syntax python3 proto.py -l alive.txt Requirements Selenium Google Chrome Webdriver Note :

Muhammed Mahdi 4 Aug 31, 2021
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

AnonyminHack5 14 Sep 18, 2021
the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability

CVE-2021-22005-metasploit the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability pr

Taroballz 22 Nov 20, 2021
It's a simple tool for test vulnerability Apache Path Traversal

SimplesApachePathTraversal Simples Apache Path Traversal It's a simple tool for test vulnerability Apache Path Traversal https://blog.mrcl0wn.com/2021

Mr. Cl0wn - H4ck1ng C0d3r 48 Dec 2, 2021
How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'

This bug doesn’t exist on x86: Exploiting an ARM-only race condition How to exploit a double free and get a shell. "Use-After-Free for dummies" In thi

Stephen Tong 1k Nov 24, 2021
Remote control your Greenbone Vulnerability Manager (GVM)

Greenbone Vulnerability Management Tools The Greenbone Vulnerability Management Tools gvm-tools are a collection of tools that help with remote contro

Greenbone 111 Nov 30, 2021
Vulnerability Exploitation Code Collection Repository

Introduction expbox is an exploit code collection repository List CVE-2021-41349 Exchange XSS PoC <= Exchange 2013 update 23 <= Exchange 2016 update 2

0x0021h 172 Nov 24, 2021
Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

GoAhead RCE Exploit Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamic

Francisco Spínola 2 Nov 15, 2021
Ethereum transaction decoder (community version).

EthTx Community Edition Community version of EthTx transaction decoder Local environment For local instance, you need few things: Depending on your di

null 106 Nov 24, 2021