Jump to content
crs12decoder

Site links scanner

Recommended Posts

Posted

Am facut un mic script php care preia toate link-urile gasite in sursa unei pagini si incearca sa returneze posibile link-uri vulnerabile la SQLI.Asta analizand fiecare link in parte si stabilind daca link-ul respectiv cere sau nu variabile $_GET. Asta ca sa nu se mai caute manual link dupa link pe o anumita pagina web.

Nu e mult dar poate va ajuta.

Update: am facut cateva mici retusuri pentru a ajuta scriptul sa fie mai user friendly.


<?php
session_start();
if(isset($_POST['site'])){
$_SESSION['site'] = $_POST['site'];
}
if(!isset($_SESSION['site'])){
$_SESSION['site']='';
}
$_SESSION['afis'] = array(
1 => '',
2 => '',
3 => ''
);

if(!isset($_POST['afis'])){
$_POST['afis'] = 1;
}
if(is_numeric($_POST['afis']) && $_POST['afis'] <= count($_SESSION['afis'])){
$_SESSION['afis'][$_POST['afis']] = 'CHECKED';
}
?>
<form action="" method="post">
Site: <input type="text" name="site" size="50" value="<?php echo $_SESSION['site'];?>"><br>
<input type="radio" name="afis" value="1" <?php echo $_SESSION['afis'][1]; ?>>Afiseaza toate link-urile<br>
<input type="radio" name="afis" value="2" <?php echo $_SESSION['afis'][2]; ?>>Afiseaza doar link-urile vulnerabile<br>
<input type="radio" name="afis" value="3" <?php echo $_SESSION['afis'][3]; ?>>Afiseaza site-ul asa cum este el<br>
<input type="submit" name="submit" value="submit">
</form>
<?php
//functions
function linkextract($link){
$simbol = substr($link, 0, 1);
if($simbol == '"' || $simbol == "'"){
$str = str_split($link);
$final = false;
for($j=1; $j<count($str); $j++){
if($str[$j] == $simbol){
$final = $j.'<br>';
break;
}
}
if($final){
$link = substr($link, 1, $final-1);
return $link;
}
}
}

function sdlex($site){
$strsite = file_get_contents($site);
$array = array();
$exp = explode('href=',$strsite);
for($i=0; $i<count($exp); $i++){
array_push($array,linkextract($exp[$i]));
}
return $array;
}

function vulnerable($link){
$exp1 = explode("?",$link);
$exp2 = explode("=",$link);
$vuln = false;
if(count($exp1)>1 && count($exp2)>1){
$vuln = true;
}
return $vuln;
}

function inputl($link){
$exp = explode('http://', $link);
if(count($exp)<2){
$link = 'http://'.$link;
}
return $link;
}
//endfunctions

if(isset($_POST['submit'])){
if(!empty($_POST['site'])){
$site = inputl($_POST['site']);
$array = sdlex($site);
?>
<table border="1">
<th>nr.</th>
<th>link</th>
<?php
switch($_POST['afis']){
case 1:
for($i=1; $i<count($array); $i++){
if(vulnerable($array[$i])){
echo '<tr><td><b>'.$i.'</b></td><td><b>'.$array[$i].'</b></td></tr>';
}else{
echo '<tr><td>'.$i.'</td><td>'.$array[$i].'</td></tr>';
}
}
break;

case 2:
for($i=1; $i<count($array); $i++){
if(vulnerable($array[$i])){
echo '<tr><td><b>'.$i.'</b></td><td><b>'.$array[$i].'</b></td></tr>';
}
}
break;
?>
</table>
<?php
case 3:
$site = file($site);
for($i=0; $i<count($site); $i++){
echo $site[$i];
}
break;
}
}else{
echo 'Introduceti o adresa in campul site';
}
}
?>

Posted
Nu merge..

da eroare

offf... e logic ca daca nu introduci site-ul pe care sa-l scaneze, nu are ce sa scaneze... si da eroare... am zis ca o sa-l imbunatatesc maine dar poftim... am dat update la cod ca in cazul in care nu-i dai niciun site sa-ti zica sa-i dai si sa nu-ti mai afiseze eroare....

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...