Jump to content
Guest

RFI Scanner [Perl]

Recommended Posts

#!/usr/bin/perl -w

#

# Remote File Inclusion scanner created by Ironfist

# This will check a directory (& subdirectories) for php scripts, containing an inclusion.

# New in version 2: Code improved, you can set the amount of subdirs to scan, results considered critical displayed in red,

# comments containing inclusion code displayed in grey, all errors filtered out, result file looks way nicer ^_^

#

$subdirstoscan = 20;

$resultfile = "results.html"; #Dont forget to add .htm or .html

if(-e "$resultfile"){

unlink("$resultfile");

}

open(DAT,">>$resultfile") || die("Cannot Open File");

print DAT "<html><head><title>Iron's Remote File Inclusion Scanner -> Results</title></head><body><table border=1><td>[b]WHERE[/b]</td><td>[b]Code[/b]</td><tr>";

close(DAT);

print "Directory to read? ";

$input = <stdin>;

chop ($input);

$dir = "/*";

$deep = 0;

while($deep != $subdirstoscan){

@files = <$input$dir>;

foreach $file (@files) {

if(-f $file){

print "Checking: " .$file . "n";

open(MYINPUTFILE, "$file");

while(<MYINPUTFILE>)

{

my($line) = $_;

chomp($line);

if(($line =~ m/include_once $/i) || ($line =~ m/require_once $/i) || ($line =~ m/include_once($/i) || ($line =~ m/require_once($/i) || ($line =~ m/require $/i) || ($line =~ m/require($/i) || ($line =~ m/require $/i) || ($line =~ m/include $/i) || ($line =~ m/include($/i))

{

if(($line =~ /$_GET/) || ($line =~ /$_POST/) || ($line =~ /$_REQUEST/)){ #This could be critical

open(DAT,">>$resultfile") || die("Cannot Open File");

print DAT "<td>$file</td><td>[b]<font color=red>$line[/b]</font></td><tr>";

close(DAT);

} elsif($line =~ /^///){ #This is just a comment, but display it anyway Smile

open(DAT,">>$resultfile") || die("Cannot Open File");

print DAT "<td>$file</td><td><font color=grey>$line</font></td><tr>";

close(DAT);

}

else {

open(DAT,">>$resultfile") || die("Cannot Open File");

print DAT "<td>$file</td><td>$line</td><tr>";

close(DAT);

}

}

}

}

}

$deep++;

$dir .= "/*";

}

open(DAT,">>$resultfile") || die("Cannot Open File");

print DAT "</table>

<center>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...