Dark Angel Index du Forum
Dark Angel
Hacking and Reverse
 
Dark Angel Index du ForumFAQRechercherS’enregistrerConnexion

:: Ghost Files ::

 
Poster un nouveau sujet   Répondre au sujet    Dark Angel Index du Forum -> Hacking -> Scanners
Sujet précédent :: Sujet suivant  
Auteur Message
Nostradamus
Membre
Membre

Hors ligne

Inscrit le: 26 Nov 2009
Messages: 33

MessagePosté le: Mer 2 Déc - 05:51 (2009)    Sujet du message: Ghost Files Répondre en citant

#!/usr/bin/env python
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# website structure fingerprinting ...the dirty way
# thanks to baltazar/adminfinder for inspiration
#
# darkc0de Crew
# www.darkc0de.com
# code low1z
#
# Greetz to
# d3hydr8, rsauron, baltazar, inkubus, kopele
# and the rest of the Darkc0de members

import urllib2, sys, httplib, threading, sets, socket, time, re

#site = sys.argv[1].replace("http://","").split("/",1)[0]
timeout = 2
socket.setdefaulttimeout(timeout)

threads = []
numthreads = 8
extensions = ['php','asp','aspx','cfm','html','htm']
tmptable = []
found = []
final = []
collected = []
ldm = 'apr-24-09'
version = '0.2'

fuzztable = ['index', 'Index', 'About', 'view', 'access', 'account', 'act_hit', 'activate', 'adclick',
'add_channel', 'addfeed', 'addtestimonial', 'adentry', 'ad_link', 'admin', 'admin_upload', 'adn_count',
'adverclick', 'affi', 'afgb', 'afi', 'agt', 'album', 'albums', 'animation', 'annonces-add', 'announce_detail',
'announcement_content', 'apply', 'apricot', 'ARead', 'art', 'art_desc', 'article', 'article2', 'article_detail_parse',
'ArticleInfo', 'article_read', 'Article_Show', 'article_show_full', 'article_view', 'ArticleView', 'author',
'author_album', 'author_price', 'base', 'basket', 'batch', 'bbs', 'bbs_detail', 'bencandy', 'billboard01', 'b_link',
'blog', 'blogdetails', 'blog-entry', 'bloggermeet', 'blog_groups', 'blogind', 'blog_show', 'blog_story', 'board',
'board1', 'board_detail', 'book', 'bookmark', 'Books', 'browse', 'browse_image', 'BusinessReport',
'button', 'camp_detail', 'candidatedetails', 'cardshow', 'catalog', 'categories', 'category', 'cfidata', 'channel',
'Checkout', 'checkout_shipping', 'clanek_ukaz', 'clap', 'class_04', 'click', 'clickin', 'clickprod', 'CollectionList',
'collegeprice', 'columns', 'comeoncool', 'comment', 'comments', 'Community', 'company', 'company_search', 'contact',
'content', 'Content', 'content_new', 'contestant', 'control', 'coolfreelist', 'countblogstar', 'counter',
'examine_list', 'external', 'ExtLink', 'faculty_profile', 'fair_homepage', 'faq', 'features_show2a', 'file', 'files',
'films', 'form', 'formular', 'forum', 'forumdisplay', 'forumhome', 'forummessage', 'forum_messageDetail', 'forum_posts',
'forum_sub_posts', 'frame', 'fullstory', 'gbook', 'get', 'getInPageTarget', 'GetRelease',
'gocity', 'goodh', 'goods_comment', 'goout', 'goto', 'goto_freetel', 'gp_nl', 'graduate', 'group_page', 'group_topic',
'guest', 'guestbook', 'guestbook_new', 'GuestMagBN', 'heihei', 'help', 'hitlink', 'home', 'hrbclick', 'iboard',
'idevaffiliate', 'iframe', 'Image', 'img', 'include', 'index1', 'index2', 'index4', 'index_fo',
'indexmain', 'indexnew', 'index_u', 'Individual', 'info', 'infoadd', 'infopage', 'infoshow2', 'insert_post',
'institutiondetail', 'international', 'into', 'invitation', 'inviteshow', 'isomil_valentine2_detail', 'item',
'item_detail', 'item_groups', 'j140s', 'Job', '_jobposting', 'jobs', 'join',
'newsmain', 'news_show', 'news_view', 'newthread', 'noscript', 'noticedet', 'notify', 'ocean-tracking', 'ocitview',
'offices-ser_news', 'OpenAd', 'optionmmi', 'original_index', 'out', 'page', 'pages',
'page-sanmin2', 'pageShw', 'parking', 'partydetails', 'permalink', 'PersonalSpace', 'plan', 'play', 'Play', 'player',
'pleasure', 'plugin', 'plugins', 'point', 'poll', 'pollbooth',
'pollsshow', 'post', 'postcard', 'posting', 'price', 'PriceList', 'print',
'pro_def', 'product', 'product_detail', 'ProductDetails', 'product_info', 'products', 'profile',
'profilesdetail', 'programimglist', 'projectdetails', 'projects', 'providepassword', 'psview',
'publicrelationView', 'publisher_titles', 'pub-stats', 'qk_qklx', 'qoblog', 'quickadd', 'quotations', 'rank', 'ranking',
'ranklink', 'read', 'readarticle', 'ReadNews', 'read_user', 'recruit', 'redir', 'redirect',
'regdom', 'regist', 'register', 'report_get', 'req', 'RequestQuote', 'Results', 'ribbon_link', 'rin', 'rsd', 'rss',
'rssFeed_it', 'rwcomments', 'sch', 'schedule', 'scielo', 'search', 'Search', 'search2',
'search_form', 'searchpicsnap', 'searchresults', 'selectintro', 'select_tokucho', 'sendemail', 'sendmessage', 'serve',
'shop', 'shop_fair', 'shopper_new', 'shopping_cart', 'show', 'ShowArtiChannel', 'showarticle',
'showblog', 'showcard', 'showclass', 'showhistory', 'show_miniworld', 'shownews', 'showNews', 'ShowNewsDetail',
'show_oc', 'showpage', 'show_photo', 'showpkn', 'showpost', 'showprofile', 'showquestion', 'showsp', 'showstats',
'showthread', 'showtrackback', 'show_want', 'signup', 'single', 'site', 'sitecome', 'smsmain',
'snapshots', 'soft_detail', 'sondages', 'sort', 'source', 'space', 'spacecp', 'special', 'specials',
'spip', 'spurl', 'start', 'stat', 'statistics', 'statistik', 'stats', 'sub', 'subcate_list', 'subforum',
'submit', 'subscribe', 'subscription', 'support', 'survey', 'tags', 'takeinfo_more', 'tana', 'task', 'tbh_sub',
'tblogread', 'tchinfo', 'teacher', 'tech_details', 'tenders', 'terms', 'T_examinat', 'thread', 'thumbnails', 'tier',
'top', 'topic', 'topicdetail', 'topics', 'topsites', 'tradeinfo', 'training', 'transfer', 'trip_detail',
'trpSupport', 'tr_set', 'tryout_item', 'two', 'type', 'Type', 'ucp', 'user',
'User', 'userblog', 'userinfo', 'user_profile', 'user_register', 'usersettings',
'user_view', 'vanessa_video', 'vbimghost', 'video', 'videoByTag', 'videos', 'View', 'viewad',
'viewall', 'view_all_gallery', 'view_clip', 'viewdoc', 'viewEvent', 'viewfaculty',
'viewforum', 'viewinfo', 'view_inside', 'ViewItem', 'viewmessage', 'viewnews', 'view_news', 'ViewNews', 'viewphotos',
'viewpro', 'viewscat', 'viewstory', 'viewthread', 'viewtop', 'viewtopic', 'viewuser', 'view_video', 'viewwz',
'VIP_showLawyer_article', 'visit', 'vote', 'votealbum', 'voteArticle', 'wall', 'webarticle', 'webarticle2', 'webboard',
'webcounter', 'websearch', 'weekend_news_detail', 'welcome', 'wenji', 'whoischeck', 'worldwide', 'wp-login',
'wp-profile1', 'xiti', 'zoom']

def pContent(url):
try:
request_web = urllib2.Request(url);agent = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)'
request_web.add_header('User-Agent', agent);opener_web = urllib2.build_opener()
text = opener_web.open(request_web).read();strreg = re.compile('(?<=href=")(.*?)(?=")')
names = strreg.findall(text);opener_web.close()
for name in names:
if site in name or '=' in name or name.startswith('/'):
global collected
collected.append(name)
elif site in name and EXT in name:
collected.append(name)
elif 'http://' in name:
collected.append(name)
except:
pass
def Fuzz(entry):
try:
entry = "/" + entry
connection = httplib.HTTPConnection(site)
connection.request("GET",entry)
response = connection.getresponse()
if response.status == 200:
str = 'http://'+site+entry
print "Found : %s " % (str)
found.append(str)
else:
pass
except(KeyboardInterrupt,SystemExit):
raise
except:
pass

if len(sys.argv) <= 1:
print "\tno url - no fuzz\n"
sys.exit(1)
else:
site = sys.argv[1].replace("http://","").split("/",1)[0]

cnt = 1
print " _ _ _____ _ "
print " _| |___ ___| |_|_ _|___ _ _ ___| |_ author : low1z"
print "| . | .'| _| '_| | | | . | | | _| | date :",ldm
print "|___|__,|_| |_,_| |_| |___|___|___|_|_| version :",version
print "\n Website Structure Fingerprinting *beta*"
print "- keep in mind, we only collect = links here -\n"
for val in extensions: print cnt,":", val;cnt += 1
EXTnr = raw_input('\nChoose Server FileExtension [1-5]:')
EXT = extensions[int(EXTnr)-1]

for entry in fuzztable:
tmptable.append(entry+'.'+EXT)
print "\n>> Fuzzing for ."+EXT+" Files....\n"
for entry in tmptable: Fuzz(entry)
for entry in found: pContent(entry)

for entry in collected:
if entry.startswith('/') and EXT in entry and '=' in entry:
final.append('http://'+site+entry)
elif entry.startswith('http://') and site in entry and EXT in entry:
final.append(entry)
else:
pass

if len(final) > 2:
final.sort();lastEntry = final[-1]
for e in range(len(final)-2, -1, -1):
try:
LE = lastEntry.split('?')
fURLS = final[e].split('?')
if LE[0] == fURLS[0]:
del final[e]
else:
lastEntry = final[e]
except(IndexError):
pass

print "\n>> Found :", len(final), "Strings\n"
for entry in final:
print entry


Revenir en haut
Publicité






MessagePosté le: Mer 2 Déc - 05:51 (2009)    Sujet du message: Publicité

PublicitéSupprimer les publicités ?
Revenir en haut
Sebby
Membre
Membre

Hors ligne

Inscrit le: 24 Nov 2009
Messages: 27

MessagePosté le: Mar 8 Déc - 15:18 (2009)    Sujet du message: Ghost Files Répondre en citant

Autre solution: Intellitamper 2.07
IntelliTamper is able to scan a website for unlisted files and folders with a dictionary based scan. All the results are displayed in real time in the window with various other information on the progress.

Just type in the address, let the IntelliTamper spider work and read the pages for you, allowing you to access the files and browse the folders like if they were on your own hard-disk.

Files and folders found are displayed in a friendly mini Windows-Explorer. You can then open links found on pages in your browser, send emails to addresses found on pages, open distant files and save them to your harddisk.





http://www.softpedia.com/get/Internet/Other-Internet-Related/IntelliTamper.…


Revenir en haut
Fwank
Membre
Membre

Hors ligne

Inscrit le: 25 Nov 2009
Messages: 100

MessagePosté le: Mar 15 Déc - 21:50 (2009)    Sujet du message: Ghost Files Répondre en citant

Un autre dictionnaire de repertoires, issu d'un script perl espagnol (Busca Browsing)

NetDynamics
NetDynamic
datos
images
cm
oracle
data
oradata
tmp
lost+found
Agents
publisher
prueba
pruebas
compras
compra
acciones
dato
impreso
ingreso
ingresa
clientes
cuentas
cliente
cuenta
movimientos
test
mail
correo
enviamail
tarjetas
cards
Agentes
agentes
publica
publicar
pub
public
cgi
cgi-bin
applicattions
applicattion
app
cgi-weddico
bin
scripts
jrun
bdata
bdatos
caja
sell
buy
demo
demos
envia
sun
solaris
linux
users
user
usuarios
usuario
bbv
tpv
card
order
orders
logs
log
login
prod
help
search
ayuda
Agent
.htaccess
transito
banco
publico
temporal
imagenes
_vti_cnf
test
tests
bank
libro
doc
tar
compressed
directory
dir
mc-icons
cash
files
services
servicios
home
homepage
es
web
www
dat
db
job
trabajo
jdbc
odbc
ejemplos
samples
sample
ejemplo
boot
root
ftp
htdocs
html
access
acceso
_vti_pvt
message
messaging
netscape
apache
windows
fbsd
idea
ideas
tree
trees
asp
exe
Asp
EXE
java
class
guest
guests
invitado
invitados
cd
cdrom
info
information
informacion
forum
forums
noticias
news
fotos
foto
archive
archivo
archivar
downloads
incoming
subir
Excel
excel
word
msword
Msword
MSword
counter
guestbook
communicator
manual
nl
private
privado
msql
sql
mqseries
services
service
servicio
servicios
conecta
connect
pages
Pages
certificate
cert
certificado
banca
crypto
admin
webadmin
adm
etc


Revenir en haut
Mass Trauma
Membre
Membre

Hors ligne

Inscrit le: 21 Nov 2009
Messages: 96

MessagePosté le: Mer 6 Jan - 16:52 (2010)    Sujet du message: Ghost Files Répondre en citant

Un bout de code Perl pour tester les GhostFiles:

#!/usr/bin/perl
use warnings;
use strict;

# dirbf.pl usage:
# ./dirbf.pl <http://127.0.0.1> -i=<file> -p=<proxy> -e=<ext1:ext2:ext3>
# if -i is set the script will test against the lines in <file>
# if -p is set the script passes traffic thru <proxy>
# if -e is set the script will also look for files ending in extensions specified. You can specify more estensions, use : to seperate them (php:html:txt)

use LWP::UserAgent;
use LWP::ConnCache;
my $a = LWP::UserAgent->new;
$a->conn_cache(LWP::ConnCache->new());  # speed up connection
$a->agent("W3C_Validator/1.432.2.10");  # ...disquise ready
$a->timeout(0);                         # no timeout
my ($proxy, $input, $ext, $url, $res, $d);
my (@dir, @ext);

$url = shift(@ARGV) or die("Usage: $0 <taget> <options>\n");

foreach ( @ARGV ) {
        if ( /-p=(.*)/ ) {
                $proxy = $1;
        } elsif ( /-i=(.*)/ ) {
                $input = $1;
        } elsif ( /-e=(.*)/ ) {
                $ext = $1;
        }
}

if ( $input ) {
        open(FP, $input) or die("Cannot open file <$input>\n");
        @dir = <FP>;
        chomp(@dir);
} else {
        @dir = qw(admin administration administrace backup root login members code src img image images text data hidden css js lib library inc include includes cpanel mpanel log logs);
}

if ( $proxy ) {
        $a->proxy(['http','ftp'], $proxy);
        $a->no_proxy('localhost','127.0.0.1');
}

foreach ( @dir ) {
        $res = $a->get("$url/$_");
        if ( &success( $res ) ) {
                print "$_\n";
        }

        $res = $a->get("$url/_$_");
        if ( &success( $res ) ) {
                print "_$_\n";
        }
}

if ( $ext ) {
        @ext = split(/:/, $ext);
        foreach $d ( @dir ) {
                foreach ( $ext ) {
                        $res = $a->get("$url/$d.$_");
                        if ( &success( $res ) ) {
                                print "$d.$_\n";
                        }
                }
        }
}

$res = $a->get("$url/robots.txt");
if ( $res->is_success ) {
        print "-"x20,"\n",$res->content,"-"x20,"\n";
} else {
        print "No robots.txt file at <$url>\n";
}

sub success {
        my ($res) = @_;
        if ( $res->status_line eq "HTTP/1.x 302 Found" ) {
                return 0;
        } elsif ($res->is_success || $res->status_line eq "403 Forbidden") {
                return 1;
        }
        return 0;
}


Revenir en haut
Contenu Sponsorisé






MessagePosté le: Aujourd’hui à 04:45 (2017)    Sujet du message: Ghost Files

Revenir en haut
Montrer les messages depuis:   
Poster un nouveau sujet   Répondre au sujet    Dark Angel Index du Forum -> Hacking -> Scanners Toutes les heures sont au format GMT + 1 Heure
Page 1 sur 1

 
Sauter vers:  

Index | Panneau d’administration | créer forum | Forum gratuit d’entraide | Annuaire des forums gratuits | Signaler une violation | Conditions générales d'utilisation
HalloweenOclock © theme by larme d'ange 2006
Powered by phpBB © 2001, 2005 phpBB Group
Traduction par : phpBB-fr.com