#!/usr/bin/perl
#
#bY boER
use LWP::UserAgent;
my $ua = LWP::UserAgent->new();
$ua->timeout(10);
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
unless($ARGV[0]){
OUT("#############################################\n");
OUT("\n Usage: perl $0 website\n");
OUT("\n#############################################\n");
exit(0);
}
if($^O =~ /Win/){
system("cls");
}else{
system("clear");
}
OUT("#############################################\n");
OUT(" Scanner Directory!\n");
OUT("#############################################\n");
OUT(" 200 - OK\n");
OUT(" 401 - Authorization Required\n");
OUT(" 403 - Forbidden\n");
OUT(" 500 - Bad Hostname | Internal Server Error\n");
OUT("#############################################\n");
$webcl = clear($ARGV[0]);
OUT("\n# Scanning: $webcl\n\n");
brute($webcl);
OUT("\n# Scanning Finished\n");
sub brute{
$web = shift;
@paths = ("access","active","adm","admin","_admin","administrator",
"administracion","_administracion","~administracion","administer",
"upload","uploads","~adm","~admin","~administrator","~guest","~mail",
"~operator","~root","~sys","~sysadm","~sysadmin","~test","~user","~www",
"~webmaster","admin_upload","admin_uploadpic","editpassword",
"manager_userinfo","manager_tongji","managerenter","incupfile","inc",
"upfile","admin_index","admin_admin","index_admin","index","admindefault",
"default","manage","login","manage_index","index_manage","admin1",
"admin_login","login_admin","ad_login","ad_manage","count","manager",
"adminlogin","adminuserlogin","adm_login","chklogin","adduser","adminuser",
"admin_user","edituser","adminadduser","adminmember","addmember","adminedit",
"admin_edit","up","upfiles","aadmin","admintab","admin_main","fileadmin",
"databases","includeinc","***","app","apacheasp","apps","archive","archives",
"asp","back","backup","back-up","bak","bakup","bak-up","basic","bea","bin",
"binaries","broken","c","cc","connections","ccs","cache","cgi","fcgi",
"cgibin","cgi-win","class","classes","classified","classifieds","code",
"common","credit","creditcards","cv","cvs","customer","customers",
"CYBERDOCS","CYBERDOCS25","CYBERDOCS31","d","dfiles","data","database",
"db","dbase","dbm","dbms","demo","dev","devel","develop","development",
"doc","docs","docs41","docs51","dms","e","email","downloads","ecommerce",
"ebriefs","error","errors","esales","echannel","esupport","etc","exec",
"executable","executables","extra","extranet","examples","exchange",
"fcgi-bin","functions","feedback","file","files","forum","forums","ftp",
"graphics","galeria","gallery","galerias","guestbook","guests","help",
"hidden","hide","home","homes","htm","html","imagen","images","icons",
"incs","include","includes","interactive","internet","intranet","java",
"javascript","js","jsp","keep","kept","ldap","lib","libs","libraries",
"links","log","logfiles","logs","lightbox2","mail","me","members","mine",
"mirror","mirrors","mp3","mp3s","ms","mssql","ms-sql","music","my","new",
"old","online","order","orders","pages","_pages","pass","passes","passwd",
"password","polls","passwords","perl","personal","personals","php","_php",
"phpincludes","pics","pl","pls","plx","press","priv","private","products",
"production","pub","public","removed","reports","root","sales","save",
"saved","scripts","secret","secrets","security","servlet","servlets",
"soap","soapdocs","source","site","sites","SiteServer","sql","src",
"staff","stats","statistics","ssi","stuff","support","temp","temps","test",
"text","texts","tmp","user","users","var","vb","vbs","vbscript","vbscripts",
"weblogic","www","xcache","xsql","zip","zips","W3SVC","W3SVC3","index.php",
"index.html","phpmyadmin","phpMyAdmin",".bash_history","upload.php",
"upload.asp","uploader.php","uploader.asp","phpinfo.php","_banners",
"_adv","468","88","ads","adv","ban","baners","bann","banner","banners",
"bannerz","be","begun","bn","bnr","cnstats","cnt","phpadsnew","server-status",
"server-info",".server-status",".server-info",".passwd","INSTALL","_vti_log",
"admcgi","_notes","_tmp","_temp","panel","_panel","~panel","upFiles","img",
"es","css","socios","Documentation","INSTALLsetup.php","Upfile","cgi-bin",
"content","secure","mysql","4Dbin","trustscn_pdos","trustscn_pdos1","_vti_bin",
"Connections","_mmServerScripts","bot","imag","lobatos","phpmyadm","Phpmyadmin",
"PhpMyAdmin","PhpGAdmin","PhpInclude","PhpIncludes","phpscripts","PhpScripts",
"_vti_txt","cgi-local","cgis","WS_FTP.LOG","User.php","Upload.php","AlbumDB.php",
"add_comment.php","add_photo.php","admin.php","adm.php","adm.asp","admin.asp","main",
"web","global","globals","uploader","logon","sign","signin","example","update",
"readme","client","clients","cmd","logfile","details","shtml","asa","jsa",
"txt","cfm","sav","nsf","bat","com","exe","dll","reg","tar","tar.gz","tgz",
"o","sh","member","auth","login.php","user.php","admin.php~","members.php",
"members.php~","configuration.php~","config.php~","Setting.php~","Settings.php~",
"Settings_bak.php~","Setting_bak.php~","config-bak.php~","member.php","users.php",
"webadmin.php","webadmin","miembro","miembros","administrador","administration",
"config.php.inc","config.php.inc~","configuration.php.inc","configuration.php.inc~",
"DBConnection.inc","includesDBConnection.inc","includesDBConnection.php.inc");
foreach $path(@paths){
chomp($path);
$code = $ua->get($web . $path)->status_line;
check_code($code,$path);
}
}
sub check_code{
$ncode = shift;
$path = shift;
$wp = $webcl . $path;
if($ncode =~ /200/){
OUT("$wp\t=>\t200 OK\n");
}
if($ncode =~ /401/){
OUT("$wp\t=>\t401 Authorization Required\n");
}
if($ncode =~ /403/){
OUT("$wp\t=>\t403 Forbidden\n");
}
if($ncode =~ /500/){
OUT("$wp\t=>\t500 Internal Server Error\n");
}
}
sub clear{
$website = shift;
if($website !~ /^http/){
$website = 'http://' . $website;
}
if($website !~ /\/$/){
$website.='/';
}
return $website;
}
sub OUT{
$msg = shift;
syswrite STDOUT, "$msg";
}