diff --git a/ezscanner.py b/ezscanner.py index f1fb228..f804587 100644 --- a/ezscanner.py +++ b/ezscanner.py @@ -58,7 +58,7 @@ def url(s): return s - except Exception, e: + except Exception as e: raise argparse.ArgumentTypeError('Cannot parse url: {0}'.format(e)) # Modules @@ -84,7 +84,7 @@ def check_ez(url): if valid: logger.info('Your website\'s response doesn\'t seem to include any references to eZ Publish.') - except (requests.ConnectionError, requests.exceptions.ReadTimeout), e: + except (requests.ConnectionError, requests.exceptions.ReadTimeout) as e: logger.error('Connection error on "%s" : %s' % (url, e.message)) def check_defaults(url): @@ -105,7 +105,7 @@ def check_defaults(url): else: logger.warning('Default eZPublish path(s) found: %s\nPlease make sure it is configured as intended for your site.' % ' '.join(found_paths)) - except (requests.ConnectionError, requests.exceptions.ReadTimeout), e: + except (requests.ConnectionError, requests.exceptions.ReadTimeout) as e: logger.error('Connection error on "%s" : %s' % (url, e.message)) def check_paths(url): @@ -128,7 +128,7 @@ def check_paths(url): if '/user/register' in found_paths: logger.warning('Register page found (/user/register). You might want to try to register as an admin with the \'--exploit-register\' option.\nExample: python ezscanner.py -t %s --no-basics --exploit-register \'user:pass:email@mail.com\'' % url) - except (requests.ConnectionError, requests.exceptions.ReadTimeout), e: + except (requests.ConnectionError, requests.exceptions.ReadTimeout) as e: logger.error('Connection error on "%s" : %s' % (url, e.message)) def bruteforce_views(url): @@ -146,7 +146,7 @@ def bruteforce_views(url): logger.warning('Your website allows anonymous viewing on: \'%s%d\' (%s). Please make sure it is configured as intended for your site.' % ('/content/view/full/', i, res_title)) valid = False - except (requests.ConnectionError, requests.exceptions.ReadTimeout), e: + except (requests.ConnectionError, requests.exceptions.ReadTimeout) as e: logger.error('Connection error on "%s" : %s' % (url, e.message)) if valid: logger.info('Your website doesn\'t include any default eZ Publish views.') @@ -193,7 +193,7 @@ def print_hashcat_output(): elif not bruteforce_force and i == 15 and last_valid == -1: break - except (requests.ConnectionError, requests.exceptions.ReadTimeout), e: + except (requests.ConnectionError, requests.exceptions.ReadTimeout) as e: logger.error('Connection error on "%s" : %s' % (url, e.message)) except KeyboardInterrupt: print_hashcat_output() @@ -238,7 +238,7 @@ def exploit_register(url): else: logger.info('Your website doesn\'t seem vulnerable to the register exploit.') - except (requests.ConnectionError, requests.exceptions.ReadTimeout), e: + except (requests.ConnectionError, requests.exceptions.ReadTimeout) as e: logger.error('Connection error on "%s" : %s' % (url, e.message)) LIST_MODULES = OrderedDict([('eZ keywords', check_ez), ('eZ default URLs & sensitive information', check_defaults), ('eZ path disclosure', check_paths), ('eZjscore bruteforcer', bruteforce_ezjscore)]) @@ -336,5 +336,5 @@ def run(self): b.run() except KeyboardInterrupt: - print '' + print ('') logger.info('Exiting on ctrl-c')