1.2

README.md

@@ -1,3 +1,10 @@
+# UNSUPPORTED
+Version 1.2 is the final release of Typo3Scan. This software will not get any updates.
+
+Since my initial release a lot changed in Typo3, but especially in version 12 onwards and with composer installations.
+It is not possible anymore to enumerate the Typo3 version and installed extensions (seems like they moved everything to the *vendor/* path, which is forbidden to access) and therefore Typo3Scan is useless for these installations.
+
+
 # Typo3Scan
 
 [![Packaging status](https://repology.org/badge/vertical-allrepos/typo3scan.svg)](https://repology.org/project/typo3scan/versions)

doc/CHANGELOG.md

@@ -1,3 +1,10 @@
+## version 1.2
+
+* Final release
+* Added check for 401 on backend login
+* Updated database
+* Set to public archive
+
 ## Version 1.1.5
 
 * Use python-fake_useragent instead of predefined list in database

lib/domain.py

@@ -117,6 +117,20 @@ def check_404(self):
         if search404:
             self.set_typo3()
 
+    def check_nextGen(self):
+        """
+        This method requests the /typo3 page and searches for a specific string.
+            This is needed for "next gen" Typo3 - meaning everything above version 13.
+        """
+        full_path = self.get_name()
+        response = request.get_request('{}/typo3'.format(self.get_name()), self.__config)
+        if re.search(r'powered by TYPO3', response['html']):
+            self.set_typo3()
+            path = re.search(r'="(?:{})/?(\S*?)/?(?:typo3temp|typo3conf)/'.format(self.get_name()), response['html'])
+            if path and path.group(1) != '':
+                full_path = '{}/{}'.format(self.get_name(), path)
+        self.set_path(full_path)
+
     def search_login(self):
         """
         This method requests the default login page
@@ -133,6 +147,10 @@ def search_login(self):
             print('  \u251c {}'.format(Fore.GREEN + '{}/typo3/index.php'.format(self.get_path()) + Fore.RESET))
             print('  \u251c {}'.format(Fore.YELLOW + 'But access is forbidden (IP Address Restriction)' + Fore.RESET))
             self.set_backend('{}/typo3/index.php'.format(self.get_path()))
+        elif (response['status_code'] == 401):
+            print('  \u251c {}'.format(Fore.GREEN + '{}/typo3/index.php'.format(self.get_path()) + Fore.RESET))
+            print('  \u251c {}'.format(Fore.YELLOW + 'But got \'401 Authentication Required\'' + Fore.RESET))
+            self.set_backend('{}/typo3/index.php'.format(self.get_path()))
         else:
             print('  \u251c {}'.format(Fore.RED + 'Could not be found' + Fore.RESET))
 

typo3scan.py

@@ -18,7 +18,7 @@
 # along with this program. If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
 #-------------------------------------------------------------------------------
 
-__version__ = '1.1.5'
+__version__ = '1.2'
 __program__ = 'Typo3Scan'
 __description__ = 'Automatic Typo3 enumeration tool'
 __author__ = 'https://github.com/whoot'
@@ -71,6 +71,8 @@ def run(self):
                 root = check.check_root()
                 if not root:
                     check_404 = check.check_404()
+                if not check_404:
+                    check_nextGen = check.check_nextGen()
                 if not check.is_typo3() and self.__force is False:
                     print(Fore.RED + '\n[x] It seems that Typo3 is not used on this domain\n' + Fore.RESET)
                 else: