{"id":26753190,"url":"https://github.com/balestek/medor","last_synced_at":"2025-04-15T01:23:15.440Z","repository":{"id":235323870,"uuid":"790480538","full_name":"balestek/medor","owner":"balestek","description":"medor is an OSINT tool that enables you to discover a WordPress website IP behind a WAF or behind Onion Services.","archived":false,"fork":false,"pushed_at":"2024-07-06T21:22:26.000Z","size":274,"stargazers_count":14,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-27T15:05:32.886Z","etag":null,"topics":["darknet","information-gathering","investigation","onion","onion-service","open-source-intelligence","osint","osint-python","osint-tool","osint-tools","pingback","pyhton","wordpress","wordpress-osint","wp-osint","xml-rpc","xmlrpc"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/balestek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-23T00:37:11.000Z","updated_at":"2025-02-27T20:37:30.000Z","dependencies_parsed_at":"2024-04-25T21:32:20.597Z","dependency_job_id":"ffc0c99b-314d-420a-9537-2b702cf196d4","html_url":"https://github.com/balestek/medor","commit_stats":null,"previous_names":["balestek/medor"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balestek%2Fmedor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balestek%2Fmedor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balestek%2Fmedor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/balestek%2Fmedor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/balestek","download_url":"https://codeload.github.com/balestek/medor/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248986587,"owners_count":21194080,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["darknet","information-gathering","investigation","onion","onion-service","open-source-intelligence","osint","osint-python","osint-tool","osint-tools","pingback","pyhton","wordpress","wordpress-osint","wp-osint","xml-rpc","xmlrpc"],"created_at":"2025-03-28T13:18:11.122Z","updated_at":"2025-04-15T01:23:15.421Z","avatar_url":"https://github.com/balestek.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🐕 medor\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/balestek/medor/master/media/medor-logo.png\"\u003e\n\u003c/p\u003e\n\n[![PyPI](https://img.shields.io/pypi/v/medor.svg)](https://pypi.org/project/medor/)\n![Python minimum version](https://img.shields.io/badge/Python-3.8%2B-brightgreen)\n[![Downloads](https://pepy.tech/badge/medor)](https://pepy.tech/project/medor)\n[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)\n[![License](https://img.shields.io/github/license/balestek/medor.svg)](https://github.com/\u003cbalestek\u003e/medor/blob/master/LICENSE)\n\nWhat _medor_'s master can say about him:\n\u003e _medor_ is a good dog. Provided you send him far enough, he can come back with a juicy bone 🦴\n\nMedor is an OSINT (Open Source Intelligence) tool that enables you to discover the IP address of a WordPress site, even if it's obscured by a WAF (Web Application Firewall) or located within the darknet (onion services).\nIt requests xmlrpc.php to get the IP behind the WAF thanks to a webhook provider.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg width=\"600px\" src=\"https://raw.githubusercontent.com/balestek/medor/master/media/medor-screenshot.png\"\u003e\n\u003c/p\u003e\n\nIt requires several kibbles to work:\n+ a WordPress website with an unsecured xmlrpc.php\n+ a post from the WordPress website (not a page!)\n\n_medor_ comes with few features:\n+ [X] it works with the domain, the website url or a wp post\n+ [x] it can find a blog post with WordPress REST API or the feed\n+ [X] it updates and rotates user-agents per request\n+ [x] a proxy can be used\n+ [X] tor support for .onion\n+ [X] option to customize the xmlrpc response webhook URL\n+ [ ] _todo : an optional flask server to handle the xmlrpc.php response_\n+ [ ] _todo : use list of proxies with random selection per request_\n+ [ ] _todo : check an imported list of domains, hosts or url_\n\n## Installation\n\nPython 3.8+ is required.\n\n### pipx (recommended)\n```bash\npipx install medor\n```\n\n### pipenv\n```bash\npipenv install medor\n```\n\n### pip\n```bash\npip install medor\n```\n\n## Usage\n\n### Basic usage\n\nThe command to find the IP address associated with a particular item is `find`, followed by the item you want to investigate (such as a domain, a website URL, or a post URL)\n\n```bash\nmedor find website.com\n# or\nmedor find https://www.website.com\n# or\nmedor find https://www.website.com/a-blog-post/\n```\n### Proxy\n\n#### With a single proxy\n\nProxy format should be protocol://user.password@IP:port if you use authentication or \nprotocol://IP:port if not. The optional argument is `--proxy=yourproxy` or `-p yourproxy`.\n\nProxy doesn't work with .onion services as tor is used instead.\n\nAllowed protocols : \n- http\n- https\n- socks5(h). For socks5h:// use socks5:// (httpx\\[socks] uses socks5h by default)\n\n```bash\nmedor find website.com -p http://user.password@255.255.255.255:8080\n# or\nmedor find https://www.website.com --proxy socks5://user.password@255.255.255.255:6154\n```\n\n### Webhook\n\nBy default, _medor_ uses a new webhook from webhook.site ([see credits](#external-webhook-service)) but you can use another service or your own with the option `--webhook=` or `-w` followed by the webhook URL.\n\n```bash\nmedor find https://www.website.com -w https://website.com/webhook/kjqh4sfkq4sj5h5f\n# or\nmedor find website.com --webhook https://website.com/webhook/kjqh4sfkq4sj5h5f\n```\n\n### Darknet / Onion Services\n\n_medor_ works as well with onion websites. For that, you need tor. There are 2 ways:\n\n1) Tor Browser running and connected to tor. _medor_ will use it to connect to onion services.\n2) Installing tor on your system. To install tor, see below.\n\n```bash\nmedor find rtfjdnrppk7yj0424wa5i1hc6chq4nj6p3w7tu2q5qh47fmf6pi3.onion\n# or\nmedor find http://rtfjdnrppk7yj0424wa5i1hc3chq4nj6p3w7tu2q5qh47fmf6pi3.onion\n```\n\n#### Install tor\n\n#### Windows\n\n1. Download Tor\n\nDownload the Tor Expert Bundle for your Windows architecture from the following link: https://www.torproject.org/download/tor/.\n\n2. Extract the archive\n\nExtract the tor.exe from the archive to a convenient location on your computer, such as `C:\\tor\\`.\n\n3. Enter the full path of the tor.exe\n\nWhen prompted during the first search for a .onion website, enter the full path of the tor.exe executable. For example, `C:\\tor\\tor.exe`.\n\nYou can also set or change the path later by using the command `medor tor_path`. \n\n##### Linux and OSX\n\n1. Setup tor repo and install Tor\n\nTo obtain the latest version of Tor, you need to set the Tor package repository. This is important for security reasons.\n\nInstructions for installing Tor can be found here: \nhttps://community.torproject.org/onion-services/setup/install/\n\nAfter installing tor, you can test it by opening a terminal and running the command `tor`. This should start the tor process and print some log messages to the terminal. Once you have verified that Tor is working correctly, you can close the terminal or stop the tor process by pressing Ctrl+C in the terminal.\n\n2. Enter the tor command when prompted\n\nWhen prompted during the first search for a .onion website, enter `tor`.\n\nYou can also set or change the command or path later by using the command `medor tor_path`.\n\n### Known issues\n\n1) If tor is already running on your system, _medor_ may not be able to launch a new instance of tor. \nTo resolve this issue, you need to kill the tor process. When installing tor on Ubuntu, it will start tor at every boot. You need to kill tor process before using _medor_ or disable tor from starting at boot (`sudo systemctl disable tor.service`).\n2) If you get a \"Timeout\" error, especially with onion services, it may be a temporary issue with the Tor network. Try again.\n\n### Credits\n\nStrongly [inspired by Dan Nemec's post](https://blog.nem.ec/2020/01/22/discover-cloudflare-wordpress-ip/).\n\n#### Requirements\n\n```\nhttpx and httpx[socks]\nbrotlipy\nstem\nhalo\ncolorama\ndocopt\nlxml\nbeautifulsoup4\nvalidators\npython-dotenv\n```\n\n#### External webhook service\n\n[![https://webhook.site](https://raw.githubusercontent.com/balestek/medor/master/media/Webhook.site.png \"https://webhook.site\")](https://webhook.site)\n\n_medor_ utilizes the excellent webhook service provided by [Simon Fredsted's webhook.site](https://webhook.site). If you require a webhook service with a multitude of features, consider using it.\n\n#### License\nGPLv3\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbalestek%2Fmedor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbalestek%2Fmedor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbalestek%2Fmedor/lists"}