RFI Scanner [Perl]

[Guest]

#!/usr/bin/perl -w

#

# Remote File Inclusion scanner created by Ironfist

# This will check a directory (& subdirectories) for php scripts, containing an inclusion.

# New in version 2: Code improved, you can set the amount of subdirs to scan, results considered critical displayed in red,

# comments containing inclusion code displayed in grey, all errors filtered out, result file looks way nicer

#

$subdirstoscan = 20;

$resultfile = "results.html"; #Dont forget to add .htm or .html

if(-e "$resultfile"){

unlink("$resultfile");

}

open(DAT,">>$resultfile") || die("Cannot Open File");

print DAT "<html><head><title>Iron's Remote File Inclusion Scanner -> Results</title></head><body><table border=1><td>[b]WHERE[/b]</td><td>[b]Code[/b]</td><tr>";

close(DAT);

print "Directory to read? ";

$input = <stdin>;

chop ($input);

$dir = "/*";

$deep = 0;

while($deep != $subdirstoscan){

@files = <$input$dir>;

foreach $file (@files) {

if(-f $file){

print "Checking: " .$file . "n";

open(MYINPUTFILE, "$file");

while(<MYINPUTFILE>)

{

my($line) = $_;

chomp($line);

if(($line =~ m/include_once $/i) || ($line =~ m/require_once $/i) || ($line =~ m/include_once($/i) || ($line =~ m/require_once($/i) || ($line =~ m/require $/i) || ($line =~ m/require($/i) || ($line =~ m/require $/i) || ($line =~ m/include $/i) || ($line =~ m/include($/i))

{

if(($line =~ /$_GET/) || ($line =~ /$_POST/) || ($line =~ /$_REQUEST/)){ #This could be critical

open(DAT,">>$resultfile") || die("Cannot Open File");

print DAT "<td>$file</td><td>[b]<font color=red>$line[/b]</font></td><tr>";

close(DAT);

} elsif($line =~ /^///){ #This is just a comment, but display it anyway Smile

open(DAT,">>$resultfile") || die("Cannot Open File");

print DAT "<td>$file</td><td><font color=grey>$line</font></td><tr>";

close(DAT);

}

else {

open(DAT,">>$resultfile") || die("Cannot Open File");

print DAT "<td>$file</td><td>$line</td><tr>";

close(DAT);

}

}

}

}

}

$deep++;

$dir .= "/*";

}

open(DAT,">>$resultfile") || die("Cannot Open File");

print DAT "</table>

<center>

[Fatal1ty]

Editeaza postul si bifeaza "Dezactiveazã figurinele în aceastã postare"

[MostWanteD]

perl slbz.pl

Unmatched ( in regex; marked by <-- HERE in m/include_once( <-- HERE $/ at slbz.

wtf ? cum se fol asta ?

[buRn]

Fatal1ty & MostWanteD pot sa va sugerez ceva ?

IMPUSCATI-VA , DACA NU AVETI PISTOALE VORBITI CU SPIRY !

dal draq de RFI .

[MostWanteD]

StreSs ... ai ceva personal ? ca nu-i prima oara

[buRn]

@mostwanted daca vrei un scaner de rfi bun , pune mana si fa tu unu .

si tot degeaba , cum ziceam : dal draq de RFI .

Imediat til filtreaza googleu si iti vine sa te dai cu capu de usi pintre ursuleti de plusi

[cein]

Ai dreptate MostWanteD, se pare ca StreSs are ceva. Mai bine nu-l baga in seama.

[MostWanteD]

StreSs, nu vreau in mod special scanner RFI, nu folosesc metoda aia incat sa am un scanner...am incercat din curiozitate si nu o mers..atata tot

[avkhackteam]

MostWanteD a scris:

StreSs ... ai ceva personal ? ca nu-i prima oara

cred ca are ceva cu toata lumea !!!! srry pt off-topic

[zbeng]

incet dragii mei nenea stress m-ai incet tata

[Fatal1ty]

StreSs ... numele spune totul

probabil stresul a cauzat ierisea

[virusz]

a gresit ...la stress ma refer, speram ca nu se v-a repeta

ps: toti gresec

lasati fratilor ca treaba o rezolva ei in privat....

sry si io

[buRn]

virusz a scris:

a gresit ...la stress ma refer, speram ca nu se v-a repeta

ps: toti gresec

lasati fratilor ca treaba o rezolva ei in privat....

sry si io

Nu am nimic personal , iar mostwanted doar iti spuneam , nu iti sari in cap .

[MostWanteD]

whatsoever

[huliganu]

ceva de ssh nu avetzi?ceva bun?