send
Grupo de Telegram
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

RFI-Scanner

  • 0 Respuestas
  • 1093 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado @ed33x

  • *
  • Underc0der
  • Mensajes: 107
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
    • Email
« en: Enero 27, 2011, 08:53:05 pm »
Código: Perl
  1. /*
  2.    RFI Scanner By DiGitalX (DiGi7alX@Gmail.com)
  3.    Date: 6/4/2007 -- MicroSystem Team
  4. */
  5.  
  6. #define WIN32_LEAN_AND_MEAN
  7. #include <windows.h>
  8. #include <stdio.h>
  9.  
  10. //#define _DEBUG //debug mode (for me :D)
  11. #define DEBUG_ROOT "output"
  12.  
  13. //put the vuln functions here
  14. //functions that if a var is in its arguments then possible RFI occurs
  15. //IMPORTANT: keep this order
  16. char* vuln[] = {
  17.    "include_once", "include", "require_once", "require", NULL
  18. };
  19.  
  20. //global
  21. BOOL bShortDis = FALSE;
  22.  
  23. void usage(char* app)
  24. {
  25.    You are not allowed to view links. Register or Login("usage: [-s] %s <root-directory>\n", app);
  26.    You are not allowed to view links. Register or Login("\t-s\tshort display mode\n");
  27. }
  28.  
  29. void banner(void)
  30. {
  31.    You are not allowed to view links. Register or Login("RFI Scanner By DiGitalX (DiGi7alX@Gmail.com)\n");
  32.    You are not allowed to view links. Register or Login("Date: 6/4/2007 -- MicroSystem Team\n\n");
  33. }
  34.  
  35. //You are not allowed to view links. Register or Login: FALSE if EOF reached, TRUE otherwise
  36. BOOL freadline(FILE* f, char* line, You are not allowed to view links. Register or Login size)
  37. {
  38.    You are not allowed to view links. Register or Login b, i = 0;
  39.  
  40.    //zero line
  41.    memset(line, 0, size);
  42.  
  43.    do {
  44.       //You are not allowed to view links. Register or Login one byte
  45.       b = fgetc(f);
  46.       //check if EOF
  47.       if (b == EOF) You are not allowed to view links. Register or Login FALSE;
  48.       //check if newline cha reached or line is full
  49.       if ((b == '\n') || (i == 1023)) You are not allowed to view links. Register or Login TRUE;
  50.       *line++ = b; //fill line
  51.       i++; //increment counter
  52.    } while (1);
  53.  
  54.    You are not allowed to view links. Register or Login 1; /* unreachable code */
  55. }
  56.  
  57. BOOL php_scanfile(char* file)
  58. {
  59.    char line[1024], line2[1024];
  60.    You are not allowed to view links. Register or Login linenum = 0;
  61.    BOOL notend;
  62.    char* tmp, *tmp2, *x;
  63.  
  64.    //You are not allowed to view links. Register or Login file
  65.    FILE* f = fopen(file, "rb");
  66.    //check
  67.    if (f == NULL)
  68.       You are not allowed to view links. Register or Login FALSE;
  69.  
  70.    do {
  71.       //opened, then You are not allowed to view links. Register or Login line by line
  72.       notend = freadline(f, line, sizeof(line));
  73.       linenum++;
  74.  
  75.       //lower the line
  76.       strcpy(line2, line);
  77.       CharLower(line2);
  78.  
  79.       for (You are not allowed to view links. Register or Login i = 0; vuln[i] != NULL; i++) {
  80.          //now line contains one line of code, search for RFI functions
  81.          //include, include_once, You are not allowed to view links. Register or Login, require_once
  82.          tmp = strstr(line2, vuln[i]);
  83.          if (tmp != NULL) {
  84.             //line contains vuln function maybe RFI.
  85.             //check if function
  86.             tmp += strlen(vuln[i]); //skip function name
  87.             while (*tmp != '(') {
  88.                //check if end of line reached or someother char (not whitespace means not function)
  89.                if (*tmp == '\0') You are not allowed to view links. Register or Login next; //then You are not allowed to view links. Register or Login next vuln function
  90.                //check if there's crap between vuln function and the first '(' reached
  91.               //if so then it'You are not allowed to view links. Register or Login not a vuln function maybe comment or var or string or something else
  92.                if ((*tmp != ' ') && (*tmp != '\t')) You are not allowed to view links. Register or Login next; //just dun bother and You are not allowed to view links. Register or Login next vuln function
  93.                tmp++; //keep incrementing tmp until catching '(' [opening parentheses of the vuln function]
  94.             }
  95.             //check for var inside this function
  96.             tmp2 = tmp; //set tmp2 at begin of include function
  97.             while (*tmp2 != ')') {
  98.                tmp2++; //keep incrementing tmp2 until catching ')' [closing parentheses of the include function]
  99.                //check if end of line reached
  100.                if (*tmp2 == '\0') You are not allowed to view links. Register or Login next; //then You are not allowed to view links. Register or Login next vuln function
  101.             }
  102.             x = tmp; //set x at begin of include function
  103.             while ((*x != '$') && (x < tmp2)) x++; //keep incrementing x until catching a var inside include functino or include function closing parentheses
  104.             //check which condition just holded
  105.             if (*x == '$') {
  106.                //BINGO, possible RFI cought :D
  107.                You are not allowed to view links. Register or Login("possible RFI at line: %u", linenum);
  108.                //if bShortDis then provide filename
  109.                if (bShortDis) You are not allowed to view links. Register or Login(" in \"%s\"\n", file);
  110.                else You are not allowed to view links. Register or Login("\n"); //otherwise just newline
  111.                break; //break off the for loop
  112.             }
  113.          }
  114.          next:
  115.       }
  116.      
  117.       if (!notend) break; //NOT not end == end :D
  118.    } while (1);
  119.  
  120.    fclose(f);
  121.    You are not allowed to view links. Register or Login TRUE;
  122. }
  123.  
  124. void php_search(void) {
  125.    WIN32_FIND_DATA wfd;
  126.    HANDLE fh;
  127.    char lpBuffer[320];
  128.    char *lpFilePart;
  129.  
  130.    fh = FindFirstFile("*.*",&wfd);
  131.    if (fh != INVALID_HANDLE_VALUE) {
  132.       do {
  133.          // skip '.' and '..' dirs
  134.          if (wfd.cFileName[0] == '.') continue;
  135.          // if dir enter it
  136.          if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
  137.             if (SetCurrentDirectory(wfd.cFileName) == TRUE) {
  138.                php_search(); // recursive call
  139.                SetCurrentDirectory("..");
  140.             }
  141.             continue;
  142.          }
  143.          // otherwise carry on our process
  144.          if (GetFullPathName(wfd.cFileName,320,lpBuffer,&lpFilePart) == 0) continue;
  145.          CharLower(lpBuffer);
  146.          // checking if the extension of the file is php
  147.          if (memcmp(&lpBuffer[lstrlen(lpBuffer)-3],"php",3) == 0) {
  148.             //skip if bShortDis is set
  149.             if (!bShortDis) You are not allowed to view links. Register or Login("Scanning %s...\n", lpBuffer);
  150.             php_scanfile(lpBuffer);
  151.          }
  152.       } while (FindNextFile(fh,&wfd) == TRUE);
  153.       FindClose(fh); // closing find handle
  154.    }
  155. }
  156.  
  157. BOOL begin_rfi_scan(char* root)
  158. {
  159.    //first set the root dir as current dir
  160.    if (!SetCurrentDirectory(root))
  161.       You are not allowed to view links. Register or Login FALSE;
  162.  
  163.    //begin the hunting for php files
  164.    You are not allowed to view links. Register or Login("Beginning Hunting RFI Vulnerabilities...\n");
  165.    //if -You are not allowed to view links. Register or Login is given then inform user that mode is activated
  166.    if (bShortDis) You are not allowed to view links. Register or Login("Short Display Mode Activated\n");
  167.    php_search();
  168.    You are not allowed to view links. Register or Login("Finished of Hunting.\n");
  169.  
  170.    You are not allowed to view links. Register or Login TRUE;
  171. }
  172.  
  173. You are not allowed to view links. Register or Login main(You are not allowed to view links. Register or Login argc, char** argv)
  174. {
  175.    You are not allowed to view links. Register or Login You are not allowed to view links. Register or Login = 1; //root position in cmd line
  176.  
  177.    //show banner
  178.    banner();
  179.  
  180.    #ifndef _DEBUG
  181.    //check if root dir is given in the cmd line
  182.    if (argc < 2) {
  183.       //show usage screen and You are not allowed to view links. Register or Login
  184.       usage(argv[0]);
  185.       You are not allowed to view links. Register or Login 1;
  186.    }
  187.    #endif
  188.  
  189.    //-You are not allowed to view links. Register or Login switch is specified
  190.    if (strcmp(argv[1], "-s") == 0) {
  191.       bShortDis = TRUE; //set flag
  192.       You are not allowed to view links. Register or Login = 2; //change root position in cmd line
  193.    }
  194.  
  195.    //root dir is given good, then scan all the files inside this root directory
  196.    #ifndef _DEBUG
  197.    if (!begin_rfi_scan(argv[You are not allowed to view links. Register or Login])) {
  198.    #else
  199.    if (!begin_rfi_scan(DEBUG_ROOT)) {
  200.    #endif
  201.       You are not allowed to view links. Register or Login("Error: initializing RFI Scanner... Try Again");
  202.       You are not allowed to view links. Register or Login 1;
  203.    }
  204.  
  205.    You are not allowed to view links. Register or Login 0;
  206. } [/quote]
  207.  
  208. [quote]Es un simple scanner-RFI que escanea archivos -php o posibles vulnerabilidades como include(),You are not allowed to view links. Register or Login()...etc You are not allowed to view links. Register or Login luego chekea si hay alguna variable en los argumentos de la funcion.
  209. Si la hay muestra el resultado para que tu chekes si hay una RFI/LFI muy feliz xD!
  210.  
  211. *Nota:
  212. Podes poner un monton de scripts php inside a folder You are not allowed to view links. Register or Login cocorrer el scanner contra el mismo.
  213.  
  214. El scaner scanneara todo el directorio root (dentro de la lina cmd) You are not allowed to view links. Register or Login te provera cada pusible funcion bugg junto con la linea You are not allowed to view links. Register or Login nombre del script
  215.  
« Última modificación: Marzo 14, 2015, 09:55:17 am por Expermicid »
Me cambie de messenger ahora es: edeex@live.comYou are not allowed to view links. Register or Login

 

¿Te gustó el post? COMPARTILO!



[Uniscan] Scanner de vulnerabilidades WEB hecho en Perl

Iniciado por tar3kw0rm3d

Respuestas: 0
Vistas: 1473
Último mensaje Junio 02, 2013, 08:01:28 pm
por tar3kw0rm3d
PHP Injection Scanner (Perl Code)

Iniciado por @ed33x

Respuestas: 0
Vistas: 1222
Último mensaje Enero 27, 2011, 08:53:33 pm
por @ed33x
Perl - Wordpress XMLRPC Scanner

Iniciado por ZanGetsu

Respuestas: 0
Vistas: 1799
Último mensaje Septiembre 22, 2014, 11:40:12 pm
por ZanGetsu
[Perl] VirusTotal Scanner 0.1

Iniciado por BigBear

Respuestas: 2
Vistas: 1485
Último mensaje Mayo 16, 2013, 02:31:49 pm
por BigBear
Dork Scanner

Iniciado por [T]Killer

Respuestas: 0
Vistas: 1103
Último mensaje Mayo 31, 2011, 07:11:30 am
por [T]Killer