Skip to main content

medor is an OSINT tool that enables you to discover a WordPress website IP behind a WAF or behind Onion Services.

Project description

🐕 medor

PyPI Python minimum version Downloads Code style: black License

What medor's master can say about him:

medor is a good dog. Provided you send him far enough, he can come back with a juicy bone 🦴

Medor is an OSINT (Open Source Intelligence) tool that enables you to discover the IP address of a WordPress site, even if it's obscured by a WAF (Web Application Firewall) or located within the darknet (onion services). It requests xmlrpc.php to get the IP behind the WAF thanks to a webhook provider.

It requires several kibbles to work:

  • a WordPress website with an unsecured xmlrpc.php
  • a post from the WordPress website (not a page!)

medor comes with few features:

  • it works with the domain, the website url or a wp post
  • it can find a blog post with WordPress REST API or the feed
  • it updates and rotates user-agents per request
  • a proxy can be used
  • tor support for .onion
  • option to customize the xmlrpc response webhook URL
  • todo : an optional flask server to handle the xmlrpc.php response
  • todo : use list of proxies with random selection per request
  • todo : check an imported list of domains, hosts or url

Installation

Python 3.8+ is required.

pipx (recommended)

pipx install medor

pipenv

pipenv install medor

pip

pip install medor

Usage

Basic usage

The command to find the IP address associated with a particular item is find, followed by the item you want to investigate (such as a domain, a website URL, or a post URL)

medor find website.com
# or
medor find https://www.website.com
# or
medor find https://www.website.com/a-blog-post/

Proxy

With a single proxy

Proxy format should be protocol://user.password@IP:port if you use authentication or protocol://IP:port if not. The optional argument is --proxy=yourproxy or -p yourproxy.

Proxy doesn't work with .onion services as tor is used instead.

Allowed protocols :

  • http
  • https
  • socks5(h). For socks5h:// use socks5:// (httpx[socks] uses socks5h by default)
medor find website.com -p http://user.password@255.255.255.255:8080
# or
medor find https://www.website.com --proxy socks5://user.password@255.255.255.255:6154

Webhook

By default, medor uses a new webhook from webhook.site (see credits) but you can use another service or your own with the option --webhook= or -w followed by the webhook URL.

medor find https://www.website.com -w https://website.com/webhook/kjqh4sfkq4sj5h5f
# or
medor find website.com --webhook https://website.com/webhook/kjqh4sfkq4sj5h5f

Darknet / Onion Services

medor works as well with onion websites. For that, you need tor. There are 2 ways:

  1. Tor Browser running and connected to tor. medor will use it to connect to onion services.
  2. Installing tor on your system. To install tor, see below.
medor find rtfjdnrppk7yj0424wa5i1hc6chq4nj6p3w7tu2q5qh47fmf6pi3.onion
# or
medor find http://rtfjdnrppk7yj0424wa5i1hc3chq4nj6p3w7tu2q5qh47fmf6pi3.onion

Install tor

Windows

  1. Download Tor

Download the Tor Expert Bundle for your Windows architecture from the following link: https://www.torproject.org/download/tor/.

  1. Extract the archive

Extract the tor.exe from the archive to a convenient location on your computer, such as C:\tor\.

  1. Enter the full path of the tor.exe

When prompted during the first search for a .onion website, enter the full path of the tor.exe executable. For example, C:\tor\tor.exe.

You can also set or change the path later by using the command medor tor_path.

Linux and OSX
  1. Setup tor repo and install Tor

To obtain the latest version of Tor, you need to set the Tor package repository. This is important for security reasons.

Instructions for installing Tor can be found here: https://community.torproject.org/onion-services/setup/install/

After installing tor, you can test it by opening a terminal and running the command tor. This should start the tor process and print some log messages to the terminal. Once you have verified that Tor is working correctly, you can close the terminal or stop the tor process by pressing Ctrl+C in the terminal.

  1. Enter the tor command when prompted

When prompted during the first search for a .onion website, enter tor.

You can also set or change the command or path later by using the command medor tor_path.

Known issues

  1. If tor is already running on your system, medor may not be able to launch a new instance of tor. To resolve this issue, you need to kill the tor process. When installing tor on Ubuntu, it will start tor at every boot. You need to kill tor process before using medor or disable tor from starting at boot (sudo systemctl disable tor.service).
  2. If you get a "Timeout" error, especially with onion services, it may be a temporary issue with the Tor network. Try again.

Credits

Strongly inspired by Dan Nemec's post.

Requirements

httpx and httpx[socks]
brotlipy
stem
halo
colorama
docopt
lxml
beautifulsoup4
validators
python-dotenv

External webhook service

https://webhook.site

medor utilizes the excellent webhook service provided by Simon Fredsted's webhook.site. If you require a webhook service with a multitude of features, consider using it.

License

GPLv3

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

medor-0.1.3.tar.gz (16.9 MB view details)

Uploaded Source

Built Distribution

medor-0.1.3-py3-none-any.whl (41.2 kB view details)

Uploaded Python 3

File details

Details for the file medor-0.1.3.tar.gz.

File metadata

  • Download URL: medor-0.1.3.tar.gz
  • Upload date:
  • Size: 16.9 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: python-httpx/0.27.0

File hashes

Hashes for medor-0.1.3.tar.gz
Algorithm Hash digest
SHA256 1a0b9a6c9a952c3239f70f5088c3961dea7358a753b4313536a453312c622b01
MD5 64ea385d065f28ea2f3829e73da2222e
BLAKE2b-256 96932b98f32e6f1c333ee4772822ded11b7bc5342899d34faf5fe03df78ff174

See more details on using hashes here.

File details

Details for the file medor-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: medor-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 41.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: python-httpx/0.27.0

File hashes

Hashes for medor-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 36a76b73c931654020679cc70feb3e0d07cc989e8125e7d7347e9188dec9c74d
MD5 219b29b76efb4df93cbff979bb75cf18
BLAKE2b-256 e9df516808217830f2875286395ffb604aafe0a851d67653dabc83bb070b4161

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page