Guest Posted March 18, 2007 Report Share Posted March 18, 2007 #!/usr/bin/perl -w## Remote File Inclusion scanner created by Ironfist# This will check a directory (& subdirectories) for php scripts, containing an inclusion.# New in version 2: Code improved, you can set the amount of subdirs to scan, results considered critical displayed in red,# comments containing inclusion code displayed in grey, all errors filtered out, result file looks way nicer #$subdirstoscan = 20;$resultfile = "results.html"; #Dont forget to add .htm or .htmlif(-e "$resultfile"){unlink("$resultfile");}open(DAT,">>$resultfile") || die("Cannot Open File");print DAT "<html><head><title>Iron's Remote File Inclusion Scanner -> Results</title></head><body><table border=1><td>[b]WHERE[/b]</td><td>[b]Code[/b]</td><tr>";close(DAT);print "Directory to read? ";$input = <stdin>;chop ($input);$dir = "/*";$deep = 0;while($deep != $subdirstoscan){@files = <$input$dir>;foreach $file (@files) {if(-f $file){print "Checking: " .$file . "n";open(MYINPUTFILE, "$file");while(<MYINPUTFILE>){my($line) = $_;chomp($line);if(($line =~ m/include_once $/i) || ($line =~ m/require_once $/i) || ($line =~ m/include_once($/i) || ($line =~ m/require_once($/i) || ($line =~ m/require $/i) || ($line =~ m/require($/i) || ($line =~ m/require $/i) || ($line =~ m/include $/i) || ($line =~ m/include($/i)){if(($line =~ /$_GET/) || ($line =~ /$_POST/) || ($line =~ /$_REQUEST/)){ #This could be criticalopen(DAT,">>$resultfile") || die("Cannot Open File");print DAT "<td>$file</td><td>[b]<font color=red>$line[/b]</font></td><tr>";close(DAT);} elsif($line =~ /^///){ #This is just a comment, but display it anyway Smileopen(DAT,">>$resultfile") || die("Cannot Open File");print DAT "<td>$file</td><td><font color=grey>$line</font></td><tr>";close(DAT);}else {open(DAT,">>$resultfile") || die("Cannot Open File");print DAT "<td>$file</td><td>$line</td><tr>";close(DAT);}}}}}$deep++;$dir .= "/*";}open(DAT,">>$resultfile") || die("Cannot Open File");print DAT "</table><center> Quote Link to comment Share on other sites More sharing options...
Fatal1ty Posted March 18, 2007 Report Share Posted March 18, 2007 Editeaza postul si bifeaza "Dezactiveazã figurinele în aceastã postare" Quote Link to comment Share on other sites More sharing options...
MostWanteD Posted March 18, 2007 Report Share Posted March 18, 2007 perl slbz.plUnmatched ( in regex; marked by <-- HERE in m/include_once( <-- HERE $/ at slbz.wtf ? cum se fol asta ? Quote Link to comment Share on other sites More sharing options...
buRn Posted March 18, 2007 Report Share Posted March 18, 2007 Fatal1ty & MostWanteD pot sa va sugerez ceva ? IMPUSCATI-VA , DACA NU AVETI PISTOALE VORBITI CU SPIRY ! dal draq de RFI . Quote Link to comment Share on other sites More sharing options...
MostWanteD Posted March 18, 2007 Report Share Posted March 18, 2007 StreSs ... ai ceva personal ? ca nu-i prima oara Quote Link to comment Share on other sites More sharing options...
buRn Posted March 18, 2007 Report Share Posted March 18, 2007 @mostwanted daca vrei un scaner de rfi bun , pune mana si fa tu unu . si tot degeaba , cum ziceam : dal draq de RFI . Imediat til filtreaza googleu si iti vine sa te dai cu capu de usi pintre ursuleti de plusi Quote Link to comment Share on other sites More sharing options...
cein Posted March 18, 2007 Report Share Posted March 18, 2007 Ai dreptate MostWanteD, se pare ca StreSs are ceva. Mai bine nu-l baga in seama. Quote Link to comment Share on other sites More sharing options...
MostWanteD Posted March 18, 2007 Report Share Posted March 18, 2007 StreSs, nu vreau in mod special scanner RFI, nu folosesc metoda aia incat sa am un scanner...am incercat din curiozitate si nu o mers..atata tot Quote Link to comment Share on other sites More sharing options...
avkhackteam Posted March 18, 2007 Report Share Posted March 18, 2007 MostWanteD a scris:StreSs ... ai ceva personal ? ca nu-i prima oaracred ca are ceva cu toata lumea !!!! srry pt off-topic Quote Link to comment Share on other sites More sharing options...
zbeng Posted March 18, 2007 Report Share Posted March 18, 2007 incet dragii mei nenea stress m-ai incet tata Quote Link to comment Share on other sites More sharing options...
Fatal1ty Posted March 18, 2007 Report Share Posted March 18, 2007 StreSs ... numele spune totul probabil stresul a cauzat ierisea Quote Link to comment Share on other sites More sharing options...
virusz Posted March 18, 2007 Report Share Posted March 18, 2007 a gresit ...la stress ma refer, speram ca nu se v-a repeta ps: toti gresec lasati fratilor ca treaba o rezolva ei in privat....sry si io Quote Link to comment Share on other sites More sharing options...
buRn Posted March 18, 2007 Report Share Posted March 18, 2007 virusz a scris:a gresit ...la stress ma refer, speram ca nu se v-a repeta ps: toti gresec lasati fratilor ca treaba o rezolva ei in privat....sry si io Nu am nimic personal , iar mostwanted doar iti spuneam , nu iti sari in cap . Quote Link to comment Share on other sites More sharing options...
MostWanteD Posted March 18, 2007 Report Share Posted March 18, 2007 whatsoever Quote Link to comment Share on other sites More sharing options...
huliganu Posted March 18, 2007 Report Share Posted March 18, 2007 ceva de ssh nu avetzi?ceva bun? Quote Link to comment Share on other sites More sharing options...
